diff --git a/.agents/skills/release-codexbar/SKILL.md b/.agents/skills/release-codexbar/SKILL.md
new file mode 100644
index 000000000..2d823e80d
--- /dev/null
+++ b/.agents/skills/release-codexbar/SKILL.md
@@ -0,0 +1,141 @@
+---
+name: release-codexbar
+description: "CodexBar release: versioning, notarization, appcast, Homebrew, post-release bump."
+---
+
+# CodexBar Release
+
+Use for releasing signed/notarized macOS apps, especially repos with Sparkle appcasts and Homebrew casks.
+
+## Start
+
+1. Work from the app repo unless asked otherwise.
+2. Check repo state, current version, latest tag/release, and release docs/scripts.
+3. Confirm `CHANGELOG.md` is complete, user-facing, deduped, and dated for the release.
+4. Prefer the repo release script; patch small script/test blockers instead of bypassing the release path.
+5. Never print key material. Keep 1Password references and local key paths as references only.
+6. Load `$release-private` if it exists before resolving Peter-owned credential locators.
+
+## Key Material
+
+Use `$one-password` for secret handling. `op` only in tmux/persistent shell; no broad `env`, `set`, `export -p`, or secret scans.
+
+Known App Store Connect shape:
+
+- fields: `private_key_p8`, `key_id`, `issuer_id`
+- keep all three fields from the same 1Password item; do not mix with stale values from `~/.profile`
+- resolve Peter-owned item refs from `$release-private`
+
+Known Sparkle key:
+
+- resolve the private key file from `$release-private`
+- pass as `SPARKLE_PRIVATE_KEY_FILE`
+
+Safe env file pattern:
+
+```text
+APP_STORE_CONNECT_API_KEY_P8=<1Password ref from release-private>
+APP_STORE_CONNECT_KEY_ID=<1Password ref from release-private>
+APP_STORE_CONNECT_ISSUER_ID=<1Password ref from release-private>
+SPARKLE_PRIVATE_KEY_FILE=<path from release-private>
+```
+
+Run with `op run --account my.1password.com --env-file <file> -- <script>`, then delete the temp env file.
+
+## CodexBar
+
+Paths:
+
+- repo: `~/Projects/codexbar`
+- release script: `Scripts/release.sh`
+- signing/notarization: `Scripts/sign-and-notarize.sh`
+- appcast: `Scripts/make_appcast.sh`, `appcast.xml`
+- release assets: `CodexBar-macos-universal-<version>.zip`, `CodexBar-macos-universal-<version>.dSYM.zip`
+- packaged app: `CodexBar.app`
+- version file: `version.env`
+- changelog: `CHANGELOG.md`
+- Homebrew tap: `~/Projects/homebrew-tap`
+- cask: `~/Projects/homebrew-tap/Casks/codexbar.rb`
+- formula: `~/Projects/homebrew-tap/Formula/codexbar.rb`
+- CLI release workflow: `.github/workflows/release-cli.yml`
+
+Normal release:
+
+```bash
+tmux new-session -d -s codexbar-release 'op run --account my.1password.com --env-file /tmp/codexbar-release-op.env -- Scripts/release.sh'
+tmux attach -t codexbar-release
+```
+
+If notarization fails with `401 Unauthenticated`, rerun using all three App Store Connect fields from the 1Password item above. Mismatched `key_id` / `issuer_id` from `~/.profile` can cause this.
+
+If widget metadata generation times out, `CODEXBAR_WIDGET_METADATA_TIMEOUT_SECONDS=600` is a known-good floor.
+
+CodexBar CLI tarballs are not produced by `Scripts/release.sh` itself. The GitHub release event triggers `.github/workflows/release-cli.yml`, which builds and uploads:
+
+- `CodexBarCLI-v<version>-macos-arm64.tar.gz`
+- `CodexBarCLI-v<version>-macos-x86_64.tar.gz`
+- `CodexBarCLI-v<version>-linux-aarch64.tar.gz`
+- `CodexBarCLI-v<version>-linux-x86_64.tar.gz`
+- matching `.sha256` files
+
+If the workflow fails only in `update-homebrew-tap` with GitHub API rate limiting, the CLI assets may already be uploaded. Verify assets live, then update `Formula/codexbar.rb` manually from the tarball checksums.
+
+## Verify
+
+Release is not done until the published chain checks out:
+
+```bash
+gh release view v<VERSION> --json tagName,name,isDraft,isPrerelease,url,assets,body
+Scripts/check-release-assets.sh v<VERSION>
+python3 - <<'PY'
+import xml.etree.ElementTree as ET
+ns={'sparkle':'http://www.andymatuschak.org/xml-namespaces/sparkle'}
+root=ET.parse('appcast.xml').getroot()
+item=root.find('channel').find('item')
+enc=item.find('enclosure')
+print(item.findtext('title'))
+print(item.findtext('sparkle:version', namespaces=ns))
+print(item.findtext('sparkle:shortVersionString', namespaces=ns))
+print(enc.attrib.get('url'))
+print(enc.attrib.get('length'))
+print(bool(enc.attrib.get('{http://www.andymatuschak.org/xml-namespaces/sparkle}edSignature')))
+PY
+codesign --verify --deep --strict --verbose=2 CodexBar.app
+spctl --assess --type execute --verbose CodexBar.app
+```
+
+For Homebrew:
+
+```bash
+shasum -a 256 CodexBar-macos-universal-<VERSION>.zip
+cd /Users/steipete/Projects/homebrew-tap
+python3 .github/scripts/update_formula.py --formula codexbar --tag v<VERSION> --repository steipete/CodexBar --artifact-template 'CodexBarCLI-{tag}-{target}.tar.gz' --target-aliases 'darwin_arm64=macos-arm64,darwin_amd64=macos-x86_64,linux_arm64=linux-aarch64,linux_amd64=linux-x86_64'
+brew fetch --cask --force --retry codexbar
+brew fetch --formula --force --retry steipete/tap/codexbar
+```
+
+Update the cask when app zip assets exist. Update the formula only when standalone CLI tarballs for that version exist.
+
+Tap audit can be noisy from unrelated formulae; keep evidence specific to the app cask.
+
+## Closeout
+
+1. Create/push tag and GitHub release through the release script.
+2. Verify appcast points to the new GitHub release asset with signature and length.
+3. Update/push the Homebrew cask if the app zip changed.
+4. Bump the app repo to next patch `Unreleased`:
+   - `version.env`: next `MARKETING_VERSION`, next `BUILD_NUMBER`
+   - `CHANGELOG.md`: top `## <next> — Unreleased`
+5. Commit, push, then pull `--ff-only`.
+6. Restart the local app from the packaged bundle and verify the running bundle version.
+7. Check no release/notary/op temp sessions or temp env files remain.
+
+CodexBar restart:
+
+```bash
+pkill -x CodexBar || pkill -f CodexBar.app || true
+cd "$(git rev-parse --show-toplevel)"
+open -n CodexBar.app
+/usr/libexec/PlistBuddy -c 'Print :CFBundleShortVersionString' CodexBar.app/Contents/Info.plist
+/usr/libexec/PlistBuddy -c 'Print :CFBundleVersion' CodexBar.app/Contents/Info.plist
+```
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index de2359aca..7407bf2a4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -2,12 +2,17 @@ name: CI
 
 on:
   push:
-    branches: ["*"]
+    branches: ["**"]
   pull_request:
 
+concurrency:
+  group: ci-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   lint-build-test:
-    runs-on: macos-latest
+    runs-on: macos-15-intel
+    timeout-minutes: 70
     steps:
       - uses: actions/checkout@v6
 
@@ -36,9 +41,12 @@ jobs:
         run: ./Scripts/lint.sh lint
 
       - name: Swift Test
-        run: swift test --no-parallel
+        timeout-minutes: 60
+        run: |
+          python3 Scripts/ci_swift_test_by_suite.py --group-size 1 --timeout 120
 
   build-linux-cli:
+    timeout-minutes: 20
     strategy:
       fail-fast: false
       matrix:
@@ -57,11 +65,39 @@ jobs:
           uname -a
           uname -m
 
-      - name: Setup Swift 6.2.1
-        uses: swift-actions/setup-swift@v3
-        with:
-          swift-version: "6.2.1"
-          skip-verify-signature: true
+      - name: Install Swift 6.2.1 via swiftly
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          if ! command -v gpg >/dev/null 2>&1; then
+            sudo apt-get update
+            sudo apt-get install -y ca-certificates gpg
+          fi
+
+          SWIFTLY_ARCH="$(uname -m)"
+          SWIFTLY_HOME_DIR="$HOME/.local/share/swiftly"
+          SWIFTLY_BIN_DIR="$HOME/.local/bin"
+          POST_INSTALL_SCRIPT="$(mktemp)"
+
+          mkdir -p "$SWIFTLY_BIN_DIR"
+          curl -fsSL "https://download.swift.org/swiftly/linux/swiftly-${SWIFTLY_ARCH}.tar.gz" -o /tmp/swiftly.tar.gz
+          tar -xzf /tmp/swiftly.tar.gz -C /tmp
+          /tmp/swiftly init --assume-yes --skip-install
+
+          . "$SWIFTLY_HOME_DIR/env.sh"
+          echo "$SWIFTLY_BIN_DIR" >> "$GITHUB_PATH"
+          echo "SWIFTLY_HOME_DIR=$SWIFTLY_HOME_DIR" >> "$GITHUB_ENV"
+          echo "SWIFTLY_BIN_DIR=$SWIFTLY_BIN_DIR" >> "$GITHUB_ENV"
+
+          swiftly install 6.2.1 --use --assume-yes --post-install-file "$POST_INSTALL_SCRIPT"
+          if [[ -s "$POST_INSTALL_SCRIPT" ]]; then
+            sudo apt-get update
+            sudo bash "$POST_INSTALL_SCRIPT"
+          fi
+
+          hash -r
+          swift --version
 
       - name: Build CodexBarCLI (release, static Swift stdlib)
         run: swift build -c release --product CodexBarCLI --static-swift-stdlib
diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml
index 4546fa83f..b9ad64bdc 100644
--- a/.github/workflows/release-cli.yml
+++ b/.github/workflows/release-cli.yml
@@ -1,41 +1,198 @@
-name: Release Linux CLI
+name: Release CLI
 
 on:
   release:
     types: [published]
   workflow_dispatch:
+    inputs:
+      tag:
+        description: "Release tag/version to package for manual artifact builds; manual runs do not publish."
+        required: false
+        type: string
 
 permissions:
   contents: write
 
 jobs:
-  build-linux-cli:
+  build-cli:
     strategy:
       fail-fast: false
       matrix:
         include:
           - name: linux-x64
             runs-on: ubuntu-24.04
+            platform: linux
+            asset-arch: x86_64
+            build-arch: ""
+            static-swift-stdlib: true
           - name: linux-arm64
             runs-on: ubuntu-24.04-arm
+            platform: linux
+            asset-arch: aarch64
+            build-arch: ""
+            static-swift-stdlib: true
+          - name: macos-arm64
+            runs-on: macos-15
+            platform: macos
+            asset-arch: arm64
+            build-arch: arm64
+            static-swift-stdlib: false
+          - name: macos-x86_64
+            runs-on: macos-15-intel
+            platform: macos
+            asset-arch: x86_64
+            build-arch: x86_64
+            static-swift-stdlib: false
     runs-on: ${{ matrix.runs-on }}
+    env:
+      RELEASE_TAG: ${{ inputs.tag || github.ref_name }}
     steps:
       - uses: actions/checkout@v6
 
+      - name: Select Xcode 26.1.1 (if present) or fallback to default
+        if: matrix.platform == 'macos'
+        run: |
+          set -euo pipefail
+          for candidate in /Applications/Xcode_26.1.1.app /Applications/Xcode_26.1.app /Applications/Xcode.app; do
+            if [[ -d "$candidate" ]]; then
+              sudo xcode-select -s "${candidate}/Contents/Developer"
+              echo "DEVELOPER_DIR=${candidate}/Contents/Developer" >> "$GITHUB_ENV"
+              break
+            fi
+          done
+          /usr/bin/xcodebuild -version
+
       - name: Runner info
         run: |
           set -euo pipefail
           uname -a
           uname -m
+          swift --version
 
-      - name: Setup Swift 6.2.1
-        uses: swift-actions/setup-swift@v3
-        with:
-          swift-version: "6.2.1"
-          skip-verify-signature: true
+      - name: Validate release tag
+        if: github.event_name == 'release' || inputs.tag != ''
+        shell: bash
+        run: |
+          set -euo pipefail
+          if [[ -z "$RELEASE_TAG" ]]; then
+            echo "Missing release tag." >&2
+            exit 1
+          fi
+          if [[ ! "$RELEASE_TAG" =~ ^v[0-9A-Za-z._-]+$ ]]; then
+            echo "Invalid release tag: $RELEASE_TAG" >&2
+            exit 1
+          fi
+
+      - name: Install Swift 6.2.1 via swiftly
+        if: matrix.platform == 'linux'
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          if ! command -v gpg >/dev/null 2>&1; then
+            sudo apt-get update
+            sudo apt-get install -y ca-certificates gpg
+          fi
+
+          SWIFTLY_ARCH="$(uname -m)"
+          SWIFTLY_HOME_DIR="$HOME/.local/share/swiftly"
+          SWIFTLY_BIN_DIR="$HOME/.local/bin"
+          POST_INSTALL_SCRIPT="$(mktemp)"
+
+          mkdir -p "$SWIFTLY_BIN_DIR"
+          curl -fsSL "https://download.swift.org/swiftly/linux/swiftly-${SWIFTLY_ARCH}.tar.gz" -o /tmp/swiftly.tar.gz
+          tar -xzf /tmp/swiftly.tar.gz -C /tmp
+          /tmp/swiftly init --assume-yes --skip-install
+
+          . "$SWIFTLY_HOME_DIR/env.sh"
+          echo "$SWIFTLY_BIN_DIR" >> "$GITHUB_PATH"
+          echo "SWIFTLY_HOME_DIR=$SWIFTLY_HOME_DIR" >> "$GITHUB_ENV"
+          echo "SWIFTLY_BIN_DIR=$SWIFTLY_BIN_DIR" >> "$GITHUB_ENV"
+
+          swiftly install 6.2.1 --use --assume-yes --post-install-file "$POST_INSTALL_SCRIPT"
+          if [[ -s "$POST_INSTALL_SCRIPT" ]]; then
+            sudo apt-get update
+            sudo bash "$POST_INSTALL_SCRIPT"
+          fi
+
+          hash -r
+          swift --version
 
       - name: Build CodexBarCLI (release)
-        run: swift build -c release --product CodexBarCLI --static-swift-stdlib
+        id: build
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          BUILD_ARGS=(swift build -c release --product CodexBarCLI)
+          if [[ -n "${{ matrix.build-arch }}" ]]; then
+            BUILD_ARGS+=(--arch "${{ matrix.build-arch }}")
+          fi
+          if [[ "${{ matrix.static-swift-stdlib }}" == "true" ]]; then
+            BUILD_ARGS+=(--static-swift-stdlib)
+          fi
+          "${BUILD_ARGS[@]}"
+
+          SHOW_BIN_ARGS=(swift build -c release --product CodexBarCLI --show-bin-path)
+          if [[ -n "${{ matrix.build-arch }}" ]]; then
+            SHOW_BIN_ARGS+=(--arch "${{ matrix.build-arch }}")
+          fi
+          if [[ "${{ matrix.static-swift-stdlib }}" == "true" ]]; then
+            SHOW_BIN_ARGS+=(--static-swift-stdlib)
+          fi
+
+          echo "bin_dir=$("${SHOW_BIN_ARGS[@]}")" >> "$GITHUB_OUTPUT"
+
+      - name: Smoke test CodexBarCLI
+        timeout-minutes: 5
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          BIN_DIR="${{ steps.build.outputs.bin_dir }}"
+          BIN="$BIN_DIR/CodexBarCLI"
+          run_with_timeout() {
+            local output="$1"
+            shift
+            "$@" > "$output" &
+            local pid=$!
+            local run_status=
+            for _ in {1..20}; do
+              if ! kill -0 "$pid" 2>/dev/null; then
+                set +e
+                wait "$pid"
+                run_status=$?
+                set -e
+                break
+              fi
+              sleep 1
+            done
+            if [[ -z "$run_status" ]]; then
+              kill "$pid" 2>/dev/null || true
+              wait "$pid" 2>/dev/null || true
+              echo "$* timed out." >&2
+              exit 124
+            fi
+            if [[ "$run_status" -ne 0 ]]; then
+              cat "$output" >&2 || true
+              exit "$run_status"
+            fi
+          }
+
+          echo "BIN=$BIN"
+          file "$BIN"
+          if [[ "${{ matrix.platform }}" == "macos" ]]; then
+            lipo -archs "$BIN" | tr ' ' '\n' | grep -Fx "${{ matrix.asset-arch }}"
+            run_with_timeout "$RUNNER_TEMP/codexbar-cli-smoke-${{ matrix.name }}.txt" "$BIN" config validate --format json
+          else
+            run_with_timeout "$RUNNER_TEMP/codexbar-cli-help-${{ matrix.name }}.txt" "$BIN" --help
+            file "$BIN" | grep -q "${{ matrix.asset-arch }}"
+          fi
+          printf '%s\n' "${RELEASE_TAG#v}" > "$BIN_DIR/VERSION"
+          VERSION_OUTPUT="$RUNNER_TEMP/codexbar-cli-version-${{ matrix.name }}.txt"
+          run_with_timeout "$VERSION_OUTPUT" "$BIN" --version
+          grep -Fx "CodexBar ${RELEASE_TAG#v}" "$VERSION_OUTPUT"
+          rm "$BIN_DIR/VERSION"
 
       - name: Package
         id: pkg
@@ -43,26 +200,26 @@ jobs:
         run: |
           set -euo pipefail
 
-          TAG="${GITHUB_REF_NAME}"
-          if [[ -z "$TAG" ]]; then
-            echo "Missing tag (GITHUB_REF_NAME)." >&2
+          REF_NAME="${RELEASE_TAG}"
+          if [[ -z "$REF_NAME" ]]; then
+            echo "Missing release tag." >&2
             exit 1
           fi
+          SAFE_REF_NAME="${REF_NAME//\//-}"
 
-          ARCH="$(uname -m)"
-          case "$ARCH" in
-            x86_64) ARCH="x86_64" ;;
-            aarch64|arm64) ARCH="aarch64" ;;
-          esac
-
-          BIN_DIR="$(swift build -c release --product CodexBarCLI --static-swift-stdlib --show-bin-path)"
+          BIN_DIR="${{ steps.build.outputs.bin_dir }}"
           OUT_DIR="$(mktemp -d)"
           install -m 0755 "$BIN_DIR/CodexBarCLI" "$OUT_DIR/CodexBarCLI"
           ln -s "CodexBarCLI" "$OUT_DIR/codexbar"
+          printf '%s\n' "${SAFE_REF_NAME#v}" > "$OUT_DIR/VERSION"
 
-          ASSET="CodexBarCLI-${TAG}-linux-${ARCH}.tar.gz"
-          (cd "$OUT_DIR" && tar czf "$ASSET" CodexBarCLI codexbar)
-          sha256sum "$OUT_DIR/$ASSET" > "$OUT_DIR/$ASSET.sha256"
+          ASSET="CodexBarCLI-${SAFE_REF_NAME}-${{ matrix.platform }}-${{ matrix.asset-arch }}.tar.gz"
+          (cd "$OUT_DIR" && tar czf "$ASSET" CodexBarCLI codexbar VERSION)
+          if command -v sha256sum >/dev/null 2>&1; then
+            sha256sum "$OUT_DIR/$ASSET" > "$OUT_DIR/$ASSET.sha256"
+          else
+            shasum -a 256 "$OUT_DIR/$ASSET" > "$OUT_DIR/$ASSET.sha256"
+          fi
 
           echo "out_dir=$OUT_DIR" >> "$GITHUB_OUTPUT"
           echo "asset=$ASSET" >> "$GITHUB_OUTPUT"
@@ -74,16 +231,95 @@ jobs:
         shell: bash
         run: |
           set -euo pipefail
-          TAG="${GITHUB_REF_NAME}"
+          TAG="${RELEASE_TAG}"
           OUT_DIR="${{ steps.pkg.outputs.out_dir }}"
           ASSET="${{ steps.pkg.outputs.asset }}"
           gh release upload "$TAG" "$OUT_DIR/$ASSET" "$OUT_DIR/$ASSET.sha256" --clobber
 
       - name: Upload workflow artifact (manual runs)
-        if: github.event_name != 'release'
+        if: github.event_name == 'workflow_dispatch'
         uses: actions/upload-artifact@v6
         with:
-          name: codexbar-linux-cli-${{ matrix.name }}
+          name: codexbar-cli-${{ matrix.name }}
           path: |
             ${{ steps.pkg.outputs.out_dir }}/${{ steps.pkg.outputs.asset }}
             ${{ steps.pkg.outputs.out_dir }}/${{ steps.pkg.outputs.asset }}.sha256
+
+  update-homebrew-tap:
+    runs-on: ubuntu-latest
+    needs: build-cli
+    if: github.event_name == 'release'
+    steps:
+      - name: Resolve release tag
+        id: release
+        env:
+          RELEASE_TAG: ${{ github.ref_name }}
+        shell: bash
+        run: |
+          set -euo pipefail
+          tag="${RELEASE_TAG}"
+          if [[ -z "$tag" ]]; then
+            echo "Missing release tag." >&2
+            exit 1
+          fi
+          if [[ ! "$tag" =~ ^v[0-9A-Za-z._-]+$ ]]; then
+            echo "Invalid release tag: $tag" >&2
+            exit 1
+          fi
+          echo "tag=$tag" >> "$GITHUB_OUTPUT"
+          echo "request_id=codexbar-${tag}-${GITHUB_RUN_ID}" >> "$GITHUB_OUTPUT"
+
+      - name: Dispatch tap update
+        env:
+          GH_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
+          RELEASE_TAG: ${{ steps.release.outputs.tag }}
+          REQUEST_ID: ${{ steps.release.outputs.request_id }}
+        shell: bash
+        run: |
+          set -euo pipefail
+          test -n "$GH_TOKEN"
+          for attempt in {1..6}; do
+            if gh workflow run update-formula.yml \
+              --repo steipete/homebrew-tap \
+              -f formula=codexbar \
+              -f tag="$RELEASE_TAG" \
+              -f repository=steipete/CodexBar \
+              -f artifact_template='CodexBarCLI-{tag}-{target}.tar.gz' \
+              -f target_aliases='darwin_arm64=macos-arm64,darwin_amd64=macos-x86_64,linux_arm64=linux-aarch64,linux_amd64=linux-x86_64' \
+              -f cask=codexbar \
+              -f cask_artifact='CodexBar-macos-universal-{version}.zip' \
+              -f request_id="$REQUEST_ID"; then
+              exit 0
+            fi
+            if [[ "$attempt" -eq 6 ]]; then
+              echo "Failed to dispatch tap update after ${attempt} attempts." >&2
+              exit 1
+            fi
+            sleep $((attempt * 30))
+          done
+
+      - name: Wait for tap update
+        env:
+          GH_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
+          REQUEST_ID: ${{ steps.release.outputs.request_id }}
+        shell: bash
+        run: |
+          set -euo pipefail
+          for _ in {1..20}; do
+            run_id="$(
+              gh run list \
+                --repo steipete/homebrew-tap \
+                --workflow update-formula.yml \
+                --json databaseId,displayTitle \
+                --jq '.[] | select(.displayTitle | contains(env.REQUEST_ID)) | .databaseId' 2>/tmp/codexbar-tap-run-list.err \
+                | head -n1 || true
+            )"
+            if [[ -n "$run_id" ]]; then
+              gh run watch "$run_id" --repo steipete/homebrew-tap --exit-status
+              exit 0
+            fi
+            cat /tmp/codexbar-tap-run-list.err >&2 || true
+            sleep 5
+          done
+          echo "Timed out waiting for tap workflow to appear." >&2
+          exit 1
diff --git a/.github/workflows/upstream-monitor.yml b/.github/workflows/upstream-monitor.yml
index 04140e8d6..3deb7b70d 100644
--- a/.github/workflows/upstream-monitor.yml
+++ b/.github/workflows/upstream-monitor.yml
@@ -44,21 +44,49 @@ jobs:
       - name: Check for new commits
         id: check
         run: |
+          remote_default_branch() {
+            local remote="$1"
+            local branch=""
+            branch=$(git symbolic-ref -q --short "refs/remotes/${remote}/HEAD" 2>/dev/null | sed "s#^${remote}/##" || true)
+            if [ -z "$branch" ]; then
+              branch=$(git remote show "$remote" 2>/dev/null | awk '/HEAD branch/ {print $NF; exit}' || true)
+            fi
+            if [ -n "$branch" ] && git rev-parse --verify -q "${remote}/${branch}" >/dev/null; then
+              echo "$branch"
+              return 0
+            fi
+            for candidate in main master; do
+              if git rev-parse --verify -q "${remote}/${candidate}" >/dev/null; then
+                echo "$candidate"
+                return 0
+              fi
+            done
+            echo "Could not resolve default branch for ${remote}" >&2
+            exit 1
+          }
+
+          UPSTREAM_BRANCH=$(remote_default_branch upstream)
+          QUOTIO_BRANCH=$(remote_default_branch quotio)
+          UPSTREAM_REF="upstream/${UPSTREAM_BRANCH}"
+          QUOTIO_REF="quotio/${QUOTIO_BRANCH}"
+          echo "upstream_ref=$UPSTREAM_REF" >> $GITHUB_OUTPUT
+          echo "quotio_ref=$QUOTIO_REF" >> $GITHUB_OUTPUT
+
           # Count new commits in upstream
-          UPSTREAM_NEW=$(git log --oneline main..upstream/main --no-merges 2>/dev/null | wc -l | tr -d ' ')
+          UPSTREAM_NEW=$(git log --oneline "main..${UPSTREAM_REF}" --no-merges 2>/dev/null | wc -l | tr -d ' ')
           echo "upstream_commits=$UPSTREAM_NEW" >> $GITHUB_OUTPUT
           
           # Count new commits in quotio (last 7 days)
-          QUOTIO_NEW=$(git log --oneline --all --remotes=quotio/main --since="7 days ago" 2>/dev/null | wc -l | tr -d ' ')
+          QUOTIO_NEW=$(git log --oneline "$QUOTIO_REF" --since="7 days ago" 2>/dev/null | wc -l | tr -d ' ')
           echo "quotio_commits=$QUOTIO_NEW" >> $GITHUB_OUTPUT
           
           # Get commit summaries
           echo "upstream_summary<<EOF" >> $GITHUB_OUTPUT
-          git log --oneline main..upstream/main --no-merges 2>/dev/null | head -10 >> $GITHUB_OUTPUT || echo "No commits" >> $GITHUB_OUTPUT
+          git log --oneline "main..${UPSTREAM_REF}" --no-merges 2>/dev/null | head -10 >> $GITHUB_OUTPUT || echo "No commits" >> $GITHUB_OUTPUT
           echo "EOF" >> $GITHUB_OUTPUT
           
           echo "quotio_summary<<EOF" >> $GITHUB_OUTPUT
-          git log --oneline --remotes=quotio/main --since="7 days ago" 2>/dev/null | head -10 >> $GITHUB_OUTPUT || echo "No commits" >> $GITHUB_OUTPUT
+          git log --oneline "$QUOTIO_REF" --since="7 days ago" 2>/dev/null | head -10 >> $GITHUB_OUTPUT || echo "No commits" >> $GITHUB_OUTPUT
           echo "EOF" >> $GITHUB_OUTPUT
       
       - name: Create or update issue
@@ -68,6 +96,10 @@ jobs:
           script: |
             const upstreamCommits = '${{ steps.check.outputs.upstream_commits }}';
             const quotioCommits = '${{ steps.check.outputs.quotio_commits }}';
+            const upstreamRef = '${{ steps.check.outputs.upstream_ref }}';
+            const quotioRef = '${{ steps.check.outputs.quotio_ref }}';
+            const upstreamBranch = upstreamRef.replace('upstream/', '');
+            const quotioBranch = quotioRef.replace('quotio/', '');
             const upstreamSummary = `${{ steps.check.outputs.upstream_summary }}`;
             const quotioSummary = `${{ steps.check.outputs.quotio_summary }}`;
             
@@ -75,6 +107,7 @@ jobs:
             
             **steipete/CodexBar:** ${upstreamCommits} new commits
             **quotio:** ${quotioCommits} new commits (last 7 days)
+            **Source refs:** ${upstreamRef}, ${quotioRef}
             
             ### steipete/CodexBar Recent Commits
             \`\`\`
@@ -100,13 +133,13 @@ jobs:
             
             **View detailed diffs:**
             \`\`\`bash
-            git diff main..upstream/main
-            git log -p quotio/main --since='7 days ago'
+            git diff main..${upstreamRef}
+            git log -p ${quotioRef} --since='7 days ago'
             \`\`\`
             
             ### 🔗 Links
-            - [steipete commits](https://github.com/steipete/CodexBar/compare/${context.sha}...steipete:CodexBar:main)
-            - [quotio commits](https://github.com/nguyenphutrong/quotio/commits/main)
+            - [steipete commits](https://github.com/steipete/CodexBar/compare/${context.sha}...steipete:CodexBar:${upstreamBranch})
+            - [quotio commits](https://github.com/nguyenphutrong/quotio/commits/${quotioBranch})
             
             ---
             *Auto-generated by upstream-monitor workflow*
@@ -153,4 +186,3 @@ jobs:
           echo "✅ No new upstream changes detected"
           echo "steipete/CodexBar: up to date"
           echo "quotio: no commits in last 7 days"
-
diff --git a/.gitignore b/.gitignore
index d44f986f6..8bb2ec1f8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,6 +32,7 @@ debug_*.swift
 .vscode/
 .codex/environments/
 .swiftpm-cache/
+.tmp-clang/
 
 # Debug/analysis docs
 docs/*-analysis.md
diff --git a/.mac-release.env b/.mac-release.env
new file mode 100644
index 000000000..07a027ed3
--- /dev/null
+++ b/.mac-release.env
@@ -0,0 +1,32 @@
+MAC_RELEASE_APP_NAME=CodexBar
+MAC_RELEASE_REPO=steipete/CodexBar
+MAC_RELEASE_BUNDLE_ID=com.steipete.codexbar
+MAC_RELEASE_VERSION_FILE=version.env
+MAC_RELEASE_APPCAST=appcast.xml
+MAC_RELEASE_SOURCE_FILES='Scripts/release_artifacts.sh'
+MAC_RELEASE_SUPUBLIC_ED_KEY=AGCY8w5vHirVfGGDGc8Szc5iuOqupZSh9pMj/Qs67XI=
+# Older shared AGCY Sparkle key fallback. SPARKLE_PRIVATE_KEY_FILE still wins;
+# Keychain is used when this local file is absent.
+MAC_RELEASE_SIGNING_KEY_FILE='$HOME/Library/CloudStorage/Dropbox/Backup/Sparkle/sparkle-private-key-OBSOLETE-not-for-BlackBar-publickey-AGCY8w5vHirVfGGDGc8Szc5iuOqupZSh9pMj_Qs67XI-2026-05-21.txt'
+
+MAC_RELEASE_APP_ZIP='$(codexbar_app_zip_name "$MARKETING_VERSION" "${ARCHES:-arm64 x86_64}")'
+MAC_RELEASE_DSYM_ZIP='$(codexbar_dsym_zip_name "$MARKETING_VERSION" "${ARCHES:-arm64 x86_64}")'
+MAC_RELEASE_ARTIFACT_PREFIX='CodexBar-macos-[A-Za-z0-9_+-]+-'
+MAC_RELEASE_FEED_URL='https://raw.githubusercontent.com/steipete/CodexBar/main/appcast.xml'
+MAC_RELEASE_DOWNLOAD_URL_PREFIX='https://github.com/steipete/CodexBar/releases/download/v${MARKETING_VERSION}/'
+
+MAC_RELEASE_PRECHECK='swiftformat Sources Tests >/dev/null && swiftlint --strict && swift test --parallel'
+MAC_RELEASE_PACKAGE_CMD='Scripts/sign-and-notarize.sh'
+MAC_RELEASE_TAG_SIGNED=1
+MAC_RELEASE_TAG_FORCE=1
+MAC_RELEASE_GENERATE_APPCAST_ARGS='--maximum-deltas 0'
+MAC_RELEASE_EXTRA_ASSET_WAIT_SECONDS=3600
+MAC_RELEASE_EXTRA_ASSET_WAIT_INTERVAL=30
+MAC_RELEASE_EXTRA_ASSET_PATTERNS='^CodexBarCLI-v${MARKETING_VERSION}-macos-arm64\.tar\.gz$
+^CodexBarCLI-v${MARKETING_VERSION}-macos-arm64\.tar\.gz\.sha256$
+^CodexBarCLI-v${MARKETING_VERSION}-macos-x86_64\.tar\.gz$
+^CodexBarCLI-v${MARKETING_VERSION}-macos-x86_64\.tar\.gz\.sha256$
+^CodexBarCLI-v${MARKETING_VERSION}-linux-aarch64\.tar\.gz$
+^CodexBarCLI-v${MARKETING_VERSION}-linux-aarch64\.tar\.gz\.sha256$
+^CodexBarCLI-v${MARKETING_VERSION}-linux-x86_64\.tar\.gz$
+^CodexBarCLI-v${MARKETING_VERSION}-linux-x86_64\.tar\.gz\.sha256$'
diff --git a/AGENTS.md b/AGENTS.md
index b55bb5e75..b5f6f49d0 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -3,14 +3,14 @@
 ## Project Structure & Modules
 - `Sources/CodexBar`: Swift 6 menu bar app (usage/credits probes, icon renderer, settings). Keep changes small and reuse existing helpers.
 - `Tests/CodexBarTests`: XCTest coverage for usage parsing, status probes, icon patterns; mirror new logic with focused tests.
-- `Scripts`: build/package helpers (`package_app.sh`, `sign-and-notarize.sh`, `make_appcast.sh`, `build_icon.sh`, `compile_and_run.sh`).
+- `Scripts`: build/package helpers (`package_app.sh`, `sign-and-notarize.sh`, `make_appcast.sh`, `build_icon.sh`, `compile_and_run.sh`). Release wrappers call `Scripts/mac-release`, which resolves `MAC_RELEASE_TOOL` or the shared `agent-scripts` checkout.
 - `docs`: release notes and process (`docs/RELEASING.md`, screenshots). Root-level zips/appcast are generated artifacts—avoid editing except during releases.
 
 ## Build, Test, Run
 - Dev loop: `./Scripts/compile_and_run.sh` kills old instances, runs `swift build` + `swift test`, packages, relaunches `CodexBar.app`, and confirms it stays running.
 - Quick build/test: `swift build` (debug) or `swift build -c release`; `swift test` for the full XCTest suite.
 - Package locally: `./Scripts/package_app.sh` to refresh `CodexBar.app`, then restart with `pkill -x CodexBar || pkill -f CodexBar.app || true; cd /Users/steipete/Projects/codexbar && open -n /Users/steipete/Projects/codexbar/CodexBar.app`.
-- Release flow: `./Scripts/sign-and-notarize.sh` (arm64 notarized zip) and `./Scripts/make_appcast.sh <zip> <feed-url>`; follow validation steps in `docs/RELEASING.md`.
+- Release flow: `./Scripts/release.sh`; app metadata lives in `.mac-release.env`, repo build/signing stays in `Scripts/sign-and-notarize.sh`, and validation steps live in `docs/RELEASING.md`.
 
 ## Coding Style & Naming
 - Enforce SwiftFormat/SwiftLint: run `swiftformat Sources Tests` and `swiftlint --strict`. 4-space indent, 120-char lines, explicit `self` is intentional—do not remove.
@@ -18,8 +18,11 @@
 
 ## Testing Guidelines
 - Add/extend XCTest cases under `Tests/CodexBarTests/*Tests.swift` (`FeatureNameTests` with `test_caseDescription` methods).
-- Always run `swift test` (or `./Scripts/compile_and_run.sh`) before handoff; add fixtures for new parsing/formatting scenarios.
-- After any code change, run `pnpm check` and fix all reported format/lint issues before handoff.
+- Always run `swift test` before handoff; add focused filters for parser/provider fixes when possible.
+- After any code change, run `make check` and fix all reported format/lint issues before handoff.
+- Prefer CLI/focused tests over app-bundle live tests when behavior can be verified without relaunching CodexBar.
+- Never run tests/checks or ad-hoc validation that can display macOS Keychain prompts. Live provider probes, browser-cookie imports, `codexbar usage` against real accounts, and real SecItem reads must be explicitly requested; otherwise use parser tests, stubs, test stores, or `KeychainNoUIQuery`.
+- macOS CI is brittle around headless AppKit status/menu tests. Prefer covering menu behavior through stable state/model seams (`MenuDescriptor`, `ProvidersPane`, `CodexAccountsSectionState`, etc.) instead of constructing live `NSStatusBar`/`NSMenu` flows unless the AppKit wiring itself is the thing under test.
 
 ## Commit & PR Guidelines
 - Commit messages: short imperative clauses (e.g., “Improve usage probe”, “Fix icon dimming”); keep commits scoped.
@@ -27,13 +30,14 @@
 
 ## Agent Notes
 - Use the provided scripts and package manager (SwiftPM); avoid adding dependencies or tooling without confirmation.
-- Validate behavior against the freshly built bundle; restart via the pkill+open command above to avoid running stale binaries.
+- Validate UI/runtime behavior against the freshly built bundle; restart via the pkill+open command above to avoid running stale binaries.
 - To guarantee the right bundle is running after a rebuild, use: `pkill -x CodexBar || pkill -f CodexBar.app || true; cd /Users/steipete/Projects/codexbar && open -n /Users/steipete/Projects/codexbar/CodexBar.app`.
-- After any code change that affects the app, always rebuild with `Scripts/package_app.sh` and restart the app using the command above before validating behavior.
-- If you edited code, run `scripts/compile_and_run.sh` before handoff; it kills old instances, builds, tests, packages, relaunches, and verifies the app stays running.
-- Per user request: after every edit (code or docs), rebuild and restart using `./Scripts/compile_and_run.sh` so the running app reflects the latest changes.
+- For CLI-testable provider/parser/settings behavior, use CLI/focused tests instead of `Scripts/package_app.sh` or `./Scripts/compile_and_run.sh`.
+- Run `./Scripts/compile_and_run.sh` only when UI/runtime behavior needs bundle-level validation; it builds, tests, packages, relaunches, and verifies the app stays running.
+- Widget/Tahoe UI issues: use Parallels macOS VM plus screenshots/clicks for autonomous verification.
 - Release script: keep it in the foreground; do not background it—wait until it finishes.
 - Release keys: find in `~/.profile` if missing (Sparkle + App Store Connect).
+- Swift concurrency: treat sibling `async let` tasks as a review red flag when one child is required and another is optional/best-effort. Prefer sequential awaits or a drained `withThrowingTaskGroup` that surfaces required failures and explicitly contains optional failures; crash stacks mentioning `swift_task_dealloc` or `asyncLet_finish_after_task_completion` should trigger an audit of nearby `async let` usage.
 - Prefer modern SwiftUI/Observation macros: use `@Observable` models with `@State` ownership and `@Bindable` in views; avoid `ObservableObject`, `@ObservedObject`, and `@StateObject`.
 - Favor modern macOS 15+ APIs over legacy/deprecated counterparts when refactoring (Observation, new display link APIs, updated menu item styling, etc.).
 - Keep provider data siloed: when rendering usage or account info for a provider (Claude vs Codex), never display identity/plan fields sourced from a different provider.***
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ec7ca75ec..ba14e490b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,58 +1,563 @@
 # Changelog
 
-## Unreleased
+## 0.31.1 — Unreleased
+
+## 0.31.0 — 2026-05-28
+
+### Changed
+- Docs: update the Homebrew install command to use the official `codexbar` cask now that it supports Intel Macs (#1189). Thanks @SSakutaro!
+- Tests: document and audit that routine validation must not trigger macOS Keychain prompts.
+- Localization: localize popup panels and provider settings UI across supported languages (#1181). Thanks @jack24254029!
+- Localization: complete Brazilian Portuguese coverage so pt-BR no longer falls back to English for new UI strings (#1188). Thanks @ManuzimFerreira!
+
+### Added
+- AWS Bedrock: support resolving usage and cost-history credentials from a named AWS profile via the AWS CLI (#1190). Thanks @oleksandr-soldatov!
+- Codex: show Codex Spark model-specific usage as an optional extra quota lane (#1195, fixes #1177). Thanks @LeoLin990405!
+- Localization: add Swedish as a selectable app language (#1186). Thanks @yeager!
+
+### Fixed
+- Cost history: make token-cost JSONL scans cancellation-aware so quitting, forced refreshes, and account switches can stop stale scans sooner.
+- Codex: show Spark 5-hour and weekly usage as separate quota lanes in Codex breakdowns (#1201).
+- Codex: show captured `codex login` output when managed Add Account fails so users can recover from account-selection or OAuth failures (#1199). Thanks @chapati23!
+- Claude: hide the obsolete Design quota lane now that Claude Design shares the main Claude usage limit (#1197).
+- Menu bar: coalesce visible-menu rebuilds and reduce hover highlight work so the dropdown stays responsive on macOS 26.5 (#1196).
+
+## 0.30.1 — 2026-05-28
+
+### Changed
+- CLI: make `codexbar diagnose` use a generic safe provider diagnostic export for all providers, with MiniMax details attached only as provider-specific metadata.
+
+### Fixed
+- Settings: add trailing breathing room to provider-sidebar controls (#1183). Thanks @Yuxin-Qiao!
+- Claude: treat OAuth usage HTTP 429s as rate limits, preserve cached credentials, and back off background retries while still allowing manual refresh (#1179). Thanks @LeoLin990405!
+- Menu bar: stop repeated display-change status-item recreation from corrupting Control Center or confusing menu bar managers (#1176, fixes #1175). Thanks @diazdesandi!
+
+## 0.30.0 — 2026-05-27
+
+### Added
+- MiniMax: add a redacted diagnostic CLI export for safe issue reports (#1128). Thanks @Yuxin-Qiao!
+- Antigravity: show the complete per-model quota breakdown alongside the existing summary lanes (#1139). Thanks @guhyun9454!
+- Widget: show tertiary usage rows for providers that expose a third quota lane (#1160). Thanks @LeoLin990405!
+- DeepSeek: show optional web-session usage and cost summaries alongside the balance card (#1166). Thanks @Yuxin-Qiao!
+- OpenAI: scope Admin API usage to the configured project and keep token accounts from inheriting stale project filters (#1168). Thanks @mstallone!
+
+### Fixed
+- App shutdown: detach status items, close tracked menus, and cancel menu tasks before quit so Dock autohide stays responsive on macOS 26.5 (#1174). Thanks @jskoiz!
+- Widgets: package the macOS widget as a real Xcode app-extension target so WidgetKit descriptors load on macOS 26.5 (#1095). Thanks @jamesjlopez!
+- Menu: render quota-warning markers as subtle inset ticks instead of full-height bars (#1149).
+- Codex: show sign-in guidance when the Codex CLI is logged out instead of reporting a temporary usage outage (#1171, fixes #1170). Thanks @jskoiz!
+- Menu bar: clear stale hidden macOS status-item visibility defaults once before creating CodexBar items (#1169).
+- StepFun: refresh expired Oasis tokens and persist recovered manual sessions. Thanks @LeoLin990405!
+- Release: prevent manual CLI artifact builds from publishing or clobbering release assets (#1154). Thanks @jskoiz!
+- Cost history: route OpenAI and Mistral API spend through the shared cost-history cards, including OpenAI request counts (#1163). Thanks @LeoLin990405!
+- Menu: keep provider switcher Cmd-number and arrow shortcuts working while the open menu is tracking events (#1157, fixes #1156 and #1144). Thanks @anirudhvee!
+- Codex: prevent fork token replay from overcounting corrected cumulative session totals (#1164). Thanks @xx205!
+- Alibaba Token Plan: update usage refreshes to the Bailian subscription-summary endpoint (#1142). Thanks @YanxinXue!
+- Ollama: show pace projections for documented 5-hour session and 7-day weekly usage windows (#1136). Thanks @bdamokos!
+- Localization: polish Simplified Chinese wording and add notification strings (#1165). Thanks @fanfanci!
+- Localization: improve Traditional Chinese wording and localize notification copy (#1158). Thanks @jack24254029!
+- Localization: improve Simplified Chinese visible menu, dashboard, and usage labels (#1145). Thanks @Yuxin-Qiao!
+
+## 0.29.1 — 2026-05-26
+
+### Added
+- Integrations: list the Noctalia/Quickshell Codex usage plugin in the Linux CLI integrations (#1115). Thanks @rayoplateado!
+- Display: add optional workday markers for weekly progress bars (#1102). Thanks @Yuxin-Qiao!
+- Localization: add Traditional Chinese (`zh-Hant`) app strings. Thanks @ilyaliao!
+
+### Fixed
+- Claude: classify Claude CLI 2.1 subscription-only `/usage` output separately and fall back to direct CLI usage when the PTY panel fails to load (#1121, fixes #1116). Thanks @Yuxin-Qiao!
+- Provider switcher: keep multi-row account/provider controls compact so large menus stay within bounds (#1113). Thanks @Yuxin-Qiao!
+- Grok: label usage bars from the actual reset window instead of the remaining reset distance (#1148). Thanks @kiankyars!
+- Config: keep legacy credentials when migrated config changes fail to save so retry can recover them (#1146). Thanks @RajvardhanPatil07!
+- Codex: avoid overcounting forked sessions when parent logs are missing while still counting incremental usage (#1143). Thanks @jskoiz!
+- Groq: show a distinct Groq provider icon instead of reusing the Grok glyph (#1112). Thanks @kiankyars!
+- Claude: normalize OAuth extra-usage spend limits from minor units so Enterprise spend displays as currency instead of 100x too high (#1114, fixes #1111). Thanks @Yuxin-Qiao!
+- Menu bar: preserve status item identity during display-change recovery so menu bar managers do not treat CodexBar as a new hidden item (#1122, fixes #1109). Thanks @lederniermagicien!
+- OpenAI: retry transient Admin API usage failures once before surfacing an access error (#1117).
+- OpenCode Go: read local usage history before falling back to browser-cookie dashboard fetches (#1021). Thanks @sopenlaz0!
+- Menu bar: show extra-usage spend as currency text for Claude and Cursor when that metric is selected (#1107). Thanks @Yuxin-Qiao!
+- Codex: run regular credits and OpenAI dashboard refreshes in the background while coalescing overlapping refresh work (#1078). Thanks @ptstory!
+
+## 0.29.0 — 2026-05-22
+
+### Added
+- Cost history: show Codex standard and fast spend/token splits in model breakdowns (#1070). Thanks @iam-brain!
+- Alibaba Token Plan: add Bailian token-plan quota tracking via browser or manual cookies (#1098). Thanks @YanxinXue!
+- OpenCode: show workspace renewal dates for OpenCode and OpenCode Go usage windows (#1099). Thanks @Yuxin-Qiao!
+
+### Fixed
+- Localization: improve Simplified Chinese settings and menu translations (#1059). Thanks @narallee!
+- Alibaba Token Plan: reject non-HTTPS endpoint overrides and keep the provider building on Linux (#1104). Thanks @YanxinXue!
+- Settings: avoid crashing when API key or cookie settings contain only a single quote character (#1106). Thanks @m1qaweb!
+- Build scripts: derive the local development signing team ID from the certificate OU before falling back to the CN suffix (#1095).
+- Menu bar: keep retrying display-change recovery when macOS leaves status items detached from the current screen (#1077, #1088).
+- Codex: preserve last successful per-account quota snapshots when later network or DNS refreshes fail (#1097, #1101). Thanks @Yuxin-Qiao!
+
+## 0.28.0 — 2026-05-22
+
+### Added
+- Ollama: add API key authentication as an alternative to browser cookies for validating Cloud access (#1044). Thanks @nandorocker!
+- Azure OpenAI: add deployment-status validation via API key, endpoint, and deployment settings (#1045). Thanks @ZenoRewn!
+- Localizations: add Spanish and Catalan language packs and fill missing localization keys (#1041). Thanks @seifreed!
+- Providers: T3 Chat - add web-session usage tracking, can paste a full browser cURL when cookie-only refreshes hit a 429 challenge (#1091). Thanks @Quicksaver!
+
+### Fixed
+- Menu: restore full-width provider switcher quota bars and refresh them while the menu stays open (#1094). Thanks @bcharleson!
+- Codex: accept the first click in the account switcher inside menu popovers (#1079). Thanks @ptstory!
+- Codex/Claude: terminate PTY child process trees during probe cleanup so wrapper-launched CLI descendants do not linger after sessions finish (#1085). Thanks @mickobizzle!
+- MiniMax: exclude explicitly failed billing-history records from token charts and model/method totals (#1089). Thanks @Yuxin-Qiao!
+- OpenAI: parse Wednesday and Saturday dashboard reset lines so rate-limit reset times are not dropped on those days (#1080). Thanks @m1qaweb!
+- Localization: translate provider-detail labels and empty states when Simplified Chinese is selected (#1051). Thanks @wang93wei!
+- Antigravity: discover OAuth credentials from the bundled extension language server in newer IDE builds so Add Account works again (#1076). Thanks @xARSENICx!
+- Menu bar: suppress redundant icon observer work during refresh cycles, reducing icon update passes without changing rendered state (#1081). Thanks @ptstory!
+- Menu bar: wait for display changes to settle before recovering status items and retry if macOS still leaves the icon detached (#1074). Thanks @yipjunkai!
+- Menu: keep lower action rows stable when Refresh is highlighted or pressed (#1071). Thanks @MadanChaollaPark!
+- Linux CLI: avoid linking JetBrains provider parsing against `libxml2.so.2`, improving compatibility with newer distros that ship libxml2 2.15+ (#1046). Thanks @semsemyonoff!
+- Claude: remove the obsolete peak-hours indicator and setting now that Anthropic no longer applies peak-hour limits (#1023). Thanks @rohitjavvadi!
+- Antigravity: verify cloud model lists that report every quota as full against the user quota endpoint before showing remote OAuth usage (#1063). Thanks @devpras22!
+- Codex: avoid recounting repeated local token snapshots when total usage has not changed (#1062). Thanks @BarryYangi!
+- Antigravity: discover OAuth clients from Antigravity 2 app bundles and binary artifacts so Add Account works again (#1053). Thanks @vyctorbrzezowski!
+- Codex: honor the explicit OAuth credits source and keep automatic credits refresh falling back to CLI when OAuth usage has no credits (#1054). Thanks @soumikbhatta!
+- Codex: show missing-CLI installation guidance in app and CLI errors without dropping cached-refresh context (#1030). Thanks @rohitjavvadi!
+- LLM Proxy: parse fractional-second quota reset timestamps from API responses (#1022). Thanks @rohitjavvadi!
+- ElevenLabs: keep progress text legible in light mode (#1055). Thanks @vyctorbrzezowski!
+- Claude: detect loading-only CLI usage screens and give CLI-only auto refreshes one longer retry instead of stalling or reporting a false missing-session error (#1032, fixes #1031). Thanks @rohitjavvadi!
+- OpenAI: avoid serializing the full dashboard DOM during normal web refreshes, reducing CPU and memory churn while preserving account and plan detection (#1034, fixes #1033). Thanks @jb510!
+- Codex: skip macOS-blocked Codex CLI candidates during automatic binary resolution and let CLI auto mode use OAuth before falling back to `codex app-server` (#1038, fixes #1028). Thanks @m-rokai!
+- Codex: wait for explicit Refresh to finish token-cost history before rebuilding open menus, while keeping automatic/menu-open refreshes non-blocking (#1040). Thanks @zhulijin1991!
+- Antigravity: detect the new 2.0 unsuffixed `language_server` process so local IDE usage probing works again (#1049). Thanks @urbanonymous!
+- Claude: prevent headless CLI usage probes from creating Claude Code URL Handler apps in Launchpad (#1047).
+- Codex: invalidate local cost-history caches from the scanner source hash so parser fixes rebuild stale cached rows automatically (#1042). Thanks @hhh2210!
+- Release: update Homebrew automation so CodexBar releases publish both the CLI formula and app cask from the same workflow.
+
+## 0.27.0 — 2026-05-18
+
+### Added
+- Usage charts: reuse the OpenAI API inline dashboard for local Codex/Claude/Vertex/Bedrock cost history, OpenRouter day/week/month spend, z.ai hourly tokens, and Mistral daily spend.
+- Usage history: let OpenAI Admin API charts and local cost-history scans use a configurable 1–365 day window instead of a fixed 30 days (#83).
+- Grok: add xAI Grok provider support with local identity detection and billing decoding for the Grok CLI integration (#965). Thanks @taibaran!
+- ElevenLabs: add API-key usage tracking for subscription credits, reset time, and voice-slot limits.
+- Deepgram: add API-key usage tracking with project discovery and speech/agent usage breakdowns (#1003, fixes #994). Thanks @czjzpz!
+- GroqCloud: add API-key usage tracking for Enterprise Prometheus metrics with request, token, and cache-hit rate summaries (#993).
+- LLM Proxy: add API-key quota-stats support for aggregate proxy usage, key health, spend, provider breakdowns, and reset windows (#264).
+- Claude: add an Anthropic Admin API source and allow `sk-ant-admin...` keys in Claude token accounts for API spend/token tracking (#966).
+- MiniMax: add web-session billing-history summaries with 30-day token charts and top model/method breakdowns (#1007).
+- OpenCode Go: show the optional Zen pay-as-you-go balance from the workspace dashboard alongside subscription windows (#1006).
+- Kiro: add overage-credit and overage-cost menu bar display modes for exhausted plans (#972). Thanks @raflyazf!
+- CLI: add `codexbar config set-api-key` for safely storing provider API keys from stdin.
+- CLI: add `codexbar config providers`, `enable`, and `disable` for scripting the same provider toggles used by Settings.
+- CLI: let `--all-accounts` and `codexbar serve` export every visible Codex account instead of only the selected account (#1019).
+- Permissions: notify when a provider probe detects a macOS/browser permission prompt waiting for user action (#456).
+- Quota warnings: include the triggering account in notification copy when personal info is visible (#973). Thanks @raflyazf!
+- Website: replace provider-letter tiles with brand logos, add light/dark landing-page themes, and collapse OpenCode/OpenCode Go into one company entry (#989). Thanks @pasangimhana!
+- Providers: route app-owned provider HTTP calls through a shared transport seam for cleaner proxy and test support (#892). Thanks @serezha93!
+
+### Fixed
+- Codex: make local cost-history scans faster and more stable for large session archives while preserving fork attribution, priority pricing, and cached history windows.
+- Codex: collapse near-duplicate session and weekly plan-utilization history windows so charts no longer show repeated tabs (#1027). Thanks @ngutman!
+- Multi-account menus: fetch stacked Codex/token-account usage concurrently so account switchers stay responsive with many accounts (#1011).
+- Codex: keep local cost history attributed to the correct model when long or oversized `turn_context` rows precede model-less token events (#1014, fixes #1013). Thanks @hhh2210!
+- Codex: prefer per-event token usage over divergent total counters when scanning local cost history, preventing large false cost spikes (#968). Thanks @Ifan24!
+- Claude: de-duplicate copied fork/resume transcript history by provider response identity so local cost estimates do not overcount repeated rows (#1002). Thanks @Neverdie-2!
+- Codex: improve multi-account switching with quota-aware ordering, workspace grouping, persisted per-account snapshots, health labels, and auth fingerprint matching.
+- Codex: improve managed account login recovery guidance when macOS blocks or moves a stale `codex` CLI to Trash (#977).
+- Codex: show weekly pace reserve details in the menu even when the caller did not precompute pace data (#1009). Thanks @zhulijin1991!
+- Overview: expose provider chart and storage detail submenus from overview rows instead of requiring a provider-tab switch first.
+- Claude: reset stuck CLI sessions after usage probe timeouts, give slow probes longer to render, and keep stale data visible across transient timeouts.
+- Claude: keep the last successful usage card visible across transient probe timeouts while still clearing stale data after Claude auth changes.
+- Claude: keep Team and Personal Max plan-utilization history separate when the same email appears on multiple Claude accounts (#213).
+- Claude: label Extra usage denominators as the monthly cap so recharge balances are not confused with the maximum spend limit (#975).
+- Claude: wait for the CLI usage panel to finish rendering after the Current session label so slow Claude Code builds do not produce false "Missing Current session" errors (#959).
+- Claude: label five-hour session pace as "Projected empty" so it is not confused with the reset countdown (#960).
+- Claude: show Enterprise spend-limit usage in automatic menu bar metrics and expose the Extra usage metric picker when spend data is available (#964).
+- Grok: retry transient web billing timeouts once and allow slower billing RPCs to finish before showing an error.
+- Grok: fall back to grok.com's billing endpoint when `grok agent stdio` omits the xAI billing method (#984). Thanks @bcharleson!
+- OpenAI: shorten the provider label to "OpenAI" so the menu tab no longer clips.
+- OpenAI: accept numeric-string Admin API cost amounts so usage does not fail when `/v1/organization/costs` returns `"amount": { "value": "12.50" }` (#999, #1000). Thanks @SergeyLavrentev!
+- Menu: keep provider switcher buttons centered by moving quota indicators out of the button layout.
+- Menu: rebuild the selected provider content after switching tabs while an overview chart submenu is open.
+- Menu: keep the persistent Refresh row at a fixed height while highlighted or pressed so nearby items no longer jump (#1001).
+- Menu bar: avoid re-reading provider credentials, Codex account state, Claude terminal probe text, and storage footprints on hot menu paths, reducing idle CPU while providers are still loading.
+- Menu bar: skip unchanged split-provider icon redraws and avoid an extra animation-state scan during blink ticks.
+- Menu bar: recover visible status items after the display hosting the menu bar item is unplugged (#998, fixes #997). Thanks @Llldmiao!
+- Menu bar: recreate status items on startup when macOS reports them visible but never attaches a menu bar button/window (#988).
+- MiniMax: show Coding Plan model-remains quotas as used/limit cards and include weekly text-generation quota windows (#970). Thanks @Yuxin-Qiao!
+- Ollama: let automatic session import fall back from Chrome to Safari, Comet, and the rest of the browser import order when Chrome has no Ollama session (#962).
+- Kimi K2: label the legacy provider as unofficial and remove links that presented the legacy endpoint as an official Kimi account surface (#967, fixes #473). Thanks @mturac!
+- CLI: use explicit provider HTTP timeouts so blocked network connections fail instead of leaving usage commands stuck for days (#1005, fixes #1004). Thanks @msmolkin!
+- CLI: reject non-loopback `Host` headers in `codexbar serve` before serving local usage and cost metadata (#995). Thanks @rohitjavvadi!
+- Packaging: skip slow widget App Intents metadata during dev restarts and preserve the previous app bundle if required metadata generation times out.
+- Localization: fall back to English when a bundled localized string is blank instead of rendering empty menu/settings text (#952). Thanks @xiaoqianWX!
+- Settings: localize the provider storage usage toggle in the Advanced pane (#985, fixes #971). Thanks @tanish19078!
+
+## 0.26.1 — 2026-05-15
+
+### Added
+- OpenAI API: show Admin API usage inline with Today/7d/30d summaries, a 30-day spend graph, and an interactive detail chart for daily spend, tokens, and requests.
+- CLI: add `codexbar serve` for localhost JSON access to usage and cost endpoints (#957). Thanks @ThiagoCAltoe!
+
+### Fixed
+- OpenCode Go: block cross-host redirects when fetching usage so imported cookies cannot follow external redirect targets (#969). Thanks @pavbar!
+- Codex: keep background `/status` probes out of Codex Desktop history by using isolated non-persistent CLI storage (#953).
+- Menu: stabilize the Cost submenu by using a native menu item and deferring open-menu rebuilds while tracking (#954). Thanks @getogrand!
+- Localization: add Brazilian Portuguese quota-warning settings strings (#958). Thanks @ThiagoCAltoe!
+
+## 0.26.0 — 2026-05-15
+
+### Added
+- Codex: add tiered long-context and Fast/Priority pricing to local cost history using local app-server priority traces (#917). Thanks @iam-brain!
+- Kiro: show account/auth details, plan labels, credit and bonus-credit balances, overage state, and Kiro-specific menu bar display options (#933, fixes #934). Thanks @solnikhil!
+- Antigravity: add Google OAuth token-account switching with selected-account refresh persistence (#937, fixes #936). Thanks @hhh2210!
+- OpenRouter: show daily and weekly API key spend from `/api/v1/key` in the menu (#685). Thanks @ThiagoCAltoe!
+- Display: add a setting to hide quota-warning tick marks on usage bars while keeping quota warning notifications active (#918, fixes #916). Thanks @ThiagoCAltoe!
+- Menu: add left/right arrow keyboard navigation for the merged provider switcher (#266).
+- Menu: add an opt-in setting for provider changelog links, starting with Codex, Claude Code, and Gemini CLI (#929, fixes #660). Thanks @ThiagoCAltoe!
+- AWS Bedrock: add Cost Explorer usage and monthly budget tracking (#897). Thanks @afalk42!
+- Kilo: add organization selection, scoped organization fetches, and stacked Kilo usage cards (#920). Thanks @NoeFabris!
+- Moonshot / Kimi API: add API-key balance tracking, CLI support, docs, and menu bar balance copy (#899). Thanks @giuseppebisemi!
+- z.ai: add an hourly per-model token usage chart in the menu (#913). Thanks @n1majne3!
+- Localization: add Brazilian Portuguese translations (#902). Thanks @ThiagoCAltoe!
+- Localization: add Simplified Chinese translations for Claude peak-hour labels (#921). Thanks @whtis!
+
+### Fixed
+- Codex: show authenticated plan/account rows as "Limits not available" instead of a red no-rate-limit error when Codex reports profile data but no rate-limit windows yet.
+- Overview: hide provider rows that only contain an error, and avoid showing a one-item Codex System Account submenu.
+- Menu: disable implicit provider-switcher layer animations and reuse the deferred rebuild path so open menus stay stable under pointer movement (#950).
+- Menu: defer account-switcher menu rebuilds so switching Codex or token accounts does not send the open menu into a flicker loop (#946, fixes #944). Thanks @kubahasek!
+- Menu: avoid rebuilding visible menus during background open-menu refreshes so hover submenus stay responsive (#923, fixes #909). Thanks @AmrMohamad!
+- Codex: scope local cost history to the selected managed account's `CODEX_HOME` and label cost cards as local-log estimates (#910).
+- Cost history: label local log totals as API-rate estimates in menu cards, charts, and CLI output (#926). Thanks @yashiels!
+- Cursor: open Add Account in the user's browser and import the resulting browser session instead of trapping login in an embedded web view (#922).
+- Claude: handle Enterprise and organization spend-limit usage across OAuth/web accounts, including null session quota windows, inline spend-limit usage, `extra_usage`-only responses, and token-account Org ID support (#925, #941, fixes #940). Thanks @clintandrewhall!
+- OpenCode Go: let automatic cookie import scan all supported browser sources instead of Chrome only (#665).
+- Copilot: preserve over-quota usage so paid overage can show above 100% instead of clamping to exhausted (#818).
+- Codex: pause background CLI launches after macOS blocks or quarantines `codex`, avoiding repeated "Malware Blocked" prompts (#942).
+- Claude: clarify that local cost/token estimates include cache read/write tokens and may differ from Claude Code `/status` (#781, #787).
+- Updates: make the restart/apply-update menu action use Sparkle's prepared install callback on the first click (#947). Thanks @velvet-shark!
+- Multi-account menus: keep stacked token-account cards capped to current accounts and ignore stale snapshots from removed accounts (#949).
+- Droid: accept pasted Factory `Authorization: Bearer` headers and bearer tokens for manual sessions when cookies alone are insufficient (#914).
+- Menu bar: detect when macOS Tahoe hides CodexBar behind the new Allow in Menu Bar setting and show recovery guidance (#945, fixes #890). Thanks @pdurlej!
+- CLI: route Claude token-account `--source cli` reads through the selected OAuth/session credential so `--all-accounts` no longer relabels ambient CLI usage (#403).
+- Codex: route menu account refreshes through the resolved live-vs-managed account source so matched accounts keep using the stable `CODEX_HOME` (#932, fixes #931). Thanks @ThiagoCAltoe!
+- Gemini: refresh OAuth credentials when the CLI has a refresh token but no cached access token instead of reporting "not logged in" after authentication (#915).
+- Gemini: label OAuth-backed API fetches as `oauth-api` instead of plain `api` (#930). Thanks @ThiagoCAltoe!
+- Codex: keep session and weekly quota-warning marker thresholds independent so usage bars do not duplicate marker lines (#938, fixes #927). Thanks @iam-brain!
+- Codex: coalesce historical pace reset timestamps into 5-minute buckets so dashboard and live reset jitter do not duplicate weekly history windows (#901). Thanks @zhulijin1991!
+- Menu: middle-truncate long account emails in Codex account controls and keep the Codex account switcher visible during merged-menu refreshes with transient account snapshots.
+- Settings: apply the selected app language from packaged SwiftPM resources instead of falling back to English when the `.lproj` directory casing differs (#908).
+- Settings: let stale managed Codex account records be removed even when their stored home path is outside CodexBar's managed-home directory, and keep CLI known-owner tests from writing fixtures into the live app store.
+- ChatGPT credits: restrict purchase links to real HTTPS `chatgpt.com` settings/usage/billing/credits paths and drop query/fragment data (#903). Thanks @ThiagoCAltoe!
+- z.ai: show the MCP quota bucket as monthly instead of a misleading 1-minute window (#904). Thanks @ThiagoCAltoe!
+- Kimi: rebalance provider icon alignment within its viewBox (#912). Thanks @giuseppebisemi!
+- Release: include macOS platform and architecture in notarized app and dSYM asset names (#164).
+- Upstream tooling: resolve remote default branches and tolerate missing upstream remotes in review scripts (#906).
+
+## 0.25.1 — 2026-05-11
+
+### Fixed
+- Settings: avoid packaged-app crashes from SwiftPM localization bundle lookup when opening Settings or About (#896, fixes #891). Thanks @lederniermagicien!
+- CLI: include a VERSION file in standalone release archives so `--version` reports the release tag outside the app bundle (#898). Thanks @ThiagoCAltoe!
+- Pi: rebuild stale session cost caches after cache-version migrations so refreshed cost history reflects current scanner data.
+- Keychain cache: reduce repeated development prompt churn by trusting the bundled helper when writing CodexBar-owned cache items (#888).
+
+## 0.25 — 2026-05-10
+
+### Highlights
+- Localization: add Simplified Chinese app strings and an in-app language selector (#819). Thanks @markhome1!
+- New providers: Manus, MiMo, Qwen, Doubao, Command Code, StepFun, Crof, Venice, and OpenAI API balance support.
+- MiniMax: add multi-service quota cards for text, speech, image, video, and music coding-plan usage (#605). Thanks @XWind18!
+- Notifications: add opt-in quota warning notifications, warning markers, and provider-level thresholds for session and weekly quota windows (#852). Thanks @Alekstodo!
+- Codex: add stacked multi-account switchers and show official Pro 5x/Pro 20x plan labels (#869, #882). Thanks @ajmccall and @xiaoqianWX!
+- Cost history: use live models.dev pricing metadata, preserve tiered pricing boundaries, and keep large Codex/Claude log scans incremental (#863, #884, #886). Thanks @iam-brain!
+- Menu bar: fix hidden/stale status items, keep manual refreshes open, and improve balance-style menu bar text for providers without useful quota percentages (#845, #853, #861). Thanks @OlimjonovOtabek and @willytop8!
+- Accessibility: add VoiceOver labels for status icons, menu rows, provider switcher buttons, and usage charts (#860, fixes #859). Thanks @WadydX!
+
+### Providers & Usage
+- Manus: add browser-cookie provider support for credit balance, monthly credits, and daily refresh tracking (#700). Thanks @hhh2210!
+- MiMo: add browser-cookie provider support for Xiaomi token-plan usage, plan labels, balance fallback, CLI, widget, and docs (#651). Thanks @debpramanik!
+- Qwen and Doubao: add API-key provider support for Alibaba Qwen and Volcengine Ark request-limit tracking (#498). Thanks @LeoLin990405!
+- MiniMax: add multi-service quota cards for text, speech, image, video, and music coding-plan usage (#605). Thanks @XWind18!
+- Antigravity: add OAuth-backed remote usage fetching so quotas can refresh even when the IDE is closed (#635). Thanks @abnormal749!
+- Venice: add API-key balance provider support with DIEM/USD balance display and token-account CLI wiring (#865). Thanks @clawSean!
+- Crof: add API-key provider support with request quota and credit balance tracking (#872). Thanks @baanish!
+- OpenAI API: add optional platform credit-balance tracking from the billing credit-grants endpoint (#877).
+- Command Code: add browser-cookie provider support for monthly USD billing credits (#857). Thanks @sixhobbits!
+- StepFun: add username/password or Oasis-Token provider support for Step Plan rate-limit tracking (#815). Thanks @tevenfeng!
+- Factory/Droid: add token-rate-limit billing windows, Core fallback buckets, and extra usage balance display (#878). Thanks @dantemoon1!
+- OpenRouter, Mistral, and Kimi K2: show balance/spend metrics in menu bar text when quota percentage is not useful (#853). Thanks @willytop8!
+- Usage pace: show session-level pace indicators for Codex and Claude 5-hour windows, and compute pace for any explicit reset window instead of a provider allowlist (#355, #875). Thanks @johnlarkin1 and @ViperThanks!
+- Cost history: add a models.dev pricing metadata parser/cache pipeline and prefer cached models.dev pricing for Codex and Claude before bundled fallback tables (#863, #884). Thanks @iam-brain!
+- Browser cookies: bump SweetCookieKit to 0.4.1 for Comet and Yandex browser discovery, Safari profile cookie stores, and per-browser Chromium Safe Storage keys.
+
+### Menu & Settings
+- Codex: add a stacked multi-account menu layout for account switchers (#869). Thanks @ajmccall!
+- Notifications: add opt-in quota warning notifications, warning markers, and provider-level thresholds for session and weekly quota windows (#852). Thanks @Alekstodo!
+- Accessibility: add VoiceOver labels for status icons, menu rows, provider switcher buttons, and usage charts (#860, fixes #859). Thanks @WadydX!
+- Menu bar: keep status items visible on launch by avoiding macOS autosaved hidden menu-extra state from v0.24 (#861).
+- Menu bar: remove stale split provider status items instead of hiding them, avoiding leftover second-icon slots on macOS 26.4.
+- Menu: keep the status menu open when manually refreshing usage from the menu (#845). Thanks @OlimjonovOtabek!
+- Menu: route provider switcher tab clicks through the parent view's mouse tracking so a sub-provider tab still responds after switching back from the Overview tab (#867). Thanks @Karl-Dai!
+- Menu: keep long Codex account labels from widening the status menu when switching to the Codex tab.
+- Menu: keep Cost and Subscription Utilization submenus stable by deferring parent card rebuilds while hosted submenus are open (#862).
+- Settings: avoid a crash when opening the display overview provider picker.
+
+### Fixes
+- Startup: avoid blocking menu-bar creation on synchronous defaults migration/default seeding when macOS preferences services stall.
+- Codex: honor the legacy `openAIWebAccess` defaults key when importing OpenAI web extras preferences, so existing terminal workarounds no longer get ignored on launch (#794).
+- Codex: restrict OAuth auto fallback to missing/invalid auth so transient API/decode errors do not spawn `codex app-server` and burn tokens (#876, fixes #874). Thanks @ViperThanks!
+- Codex: show official Pro 5x/Pro 20x plan labels instead of Pro Lite/Pro in menu and CLI output (#882). Thanks @xiaoqianWX!
+- Cost history: keep manual refreshes on the incremental scanner cache and drain per-line JSON parse allocations so large Codex/Claude histories do not trigger full local log rescans and CPU/memory spikes.
+- Cost history: preserve cached models.dev pricing when an upstream catalog only changes a pinned snapshot suffix for the same model family (#883). Thanks @iam-brain!
+- Cost history: preserve per-request tiered pricing boundaries when aggregating Claude/Pi daily reports (#886). Thanks @iam-brain!
+- Keychain cache: trust the bundled CodexBarCLI helper when writing CodexBar-owned cache items, reducing repeated "CodexBar Cache" prompts from CLI usage (#679). Thanks @QuarkAssistant!
+- Locale: keep relative timestamps in hardcoded-English UI labels consistently English on non-English macOS systems (#868, fixes #866). Thanks @Karl-Dai!
+- Droid: send the bearer JWT subject as the usage `userId` when Factory omits `userProfile.id`, avoiding false login failures (#626). Thanks @CrystalChen1017!
+- Droid: fall back to token/allowance math when the Factory API reports a zero ratio despite non-zero usage (#864). Thanks @proxynico!
+- Alibaba: point the International Coding Plan dashboard link at the current `coding_plan` route and clarify unsupported API-key quota errors (#612).
+- Claude: allow web/sessionKey token accounts to specify `organizationId` so linked Anthropic emails can target the intended org (#848).
+- DeepSeek: show a positive CNY balance when the API also returns an empty USD balance (#873).
+- Vertex AI: detect service-account ADC files from `GOOGLE_APPLICATION_CREDENTIALS` and use `gcloud` to fetch access tokens (#871).
+- Gemini: retry direct API requests with curl when URLSession times out on hosts where curl succeeds (#826).
+- Gemini: locate Homebrew-installed CLI bundles and parse bundled OAuth client constants so token refresh works with newer `gemini-cli` installs (#695).
+- OpenRouter: keep the menu bar rendering the usage meter instead of falling back to the provider logo when no key limit is configured (#854). Thanks @willytop8!
+- DeepSeek: show balance as plain text instead of a misleading quota-style progress bar (#856). Thanks @jb381!
+- Augment: report the real 1-minute keepalive check/min-refresh intervals in startup logs and docs (#434). Thanks @guglielmofonda!
+- Website: refresh codex.bar with the current canonical domain, structured background, and updated social preview.
+
+## 0.24 — 2026-05-06
+
+### Providers & Usage
+- Windsurf: add provider support with web-session usage fetching and local SQLite-cache fallback (#583). Thanks @Coooolfan!
+- Codebuff: add provider support with credit balance tracking, weekly rate-limit usage, API-token settings, and `codebuff login` credential import (#837). Thanks @anandghegde!
+- Copilot: add multi-account support with GitHub OAuth sign-in, account switching, and per-account usage cards (#637). Thanks @ajmccall!
+- DeepSeek: add provider support with token-account balance tracking, paid vs. granted credit breakdown, and CLI support (#811). Thanks @willytop8!
+- Storage: add an opt-in menu view for local provider storage usage with background scans and copyable path breakdowns (#829). Thanks @fatiheminoge!
+- OpenRouter and DeepSeek: show remaining account balances in the menu bar, while preserving OpenRouter's API-key limit metric when explicitly selected (#832). Thanks @giuseppebisemi!
+- Claude: add a peak-hours menu-card indicator with countdowns and a provider setting to hide it (#611). Thanks @hello-amed!
+- Cost history: show per-model cost details as a compact vertical list when hovering daily bars (#513). Thanks @iam-brain!
+- Copilot: support GitHub Enterprise hosts for the device-flow login and usage API paths (#827). Thanks @ramzesenok!
+- Alibaba: clarify China-region API-key failures when the console endpoint requires a browser session (#628). Thanks @XWind18!
+
+### Fixes
+- Codex: time out hung `codex app-server` RPC reads and cap loading animation runtime so stalled refreshes no longer keep the menu bar redrawing indefinitely (#842, #844). Thanks @hyspacex!
+- Codex: make OpenAI dashboard refreshes handle non-English pages, lazy-loaded credits history, timeout retries, and unrelated Skillusage rows (#825). Thanks @xiaoqianWX!
+- Cursor: show Enterprise/Team usage from personal caps and shared pools instead of reporting 100% remaining (#813). Thanks @fcamus00!
+- Codex: keep same-workspace managed accounts distinct by matching workspace identity with email, so different OpenAI users in one workspace no longer overwrite each other (#796). Thanks @leezhuuuuu!
+- Claude: enable Claude and switch to OAuth after a successful login, clear stale selected-provider state when Claude is disabled, and tolerate OAuth payloads that omit the five-hour window (#816, #726). Thanks @pdurlej and @Brandawg93!
+- Claude: recognize OAuth `subscriptionType` before `rateLimitTier` so Pro accounts with generic Claude Code tiers
+  open the subscription usage dashboard correctly (#836, fixes #824). Thanks @shixy96!
+- Usage: preserve known reset countdowns when a refresh returns current usage without reset metadata (#427). Thanks @Whoaa512!
+- Menu: refresh open usage cards after live data changes so the “Updated” timestamp advances after manual or cadence refreshes (#715). Thanks @cooper-matt!
+- Menu: make the global open-menu shortcut behave as a true toggle when the menu is already open, avoiding queued reopens after repeated key presses (#218).
+- Menu bar: preserve existing status items and assign stable autosave names so provider icon positions survive provider toggles (#538). Thanks @hxy91819!
+- Settings: make the Preferences window 10% wider and taller so dense provider/settings panes have more breathing room.
+- CLI releases: publish macOS arm64 and x86_64 CLI tarballs alongside Linux artifacts, with release-workflow smoke tests and docs (#457, #839). Thanks @androidshu and @mondary!
+- CLI: query only enabled providers by default when three or more providers are enabled instead of expanding to every registered provider (#830). Thanks @lhoBas!
+- CLI: read MiniMax coding-plan tokens from `MINIMAX_CODING_API_KEY`, accept Alibaba Qwen/DashScope API-key aliases, and avoid duplicate generic JSON error rows after provider failures.
+- CLI discovery: prefer known install paths before interactive shell probing so common Claude installs no longer run shell init hooks during binary detection (#775).
+- CLI lookup: drain login-shell probe output and terminate spawned process groups so interactive shell helpers cannot leak after path detection (#822, fixes #821). Thanks @LPFchan!
+- OpenCode Go: open the workspace-specific usage dashboard when a workspace ID is configured (#667). Thanks @RizaSatya!
+- Augment: use the API-provided credits limit when available instead of reconstructing the limit from consumed plus remaining credits (#338). Thanks @bcharleson!
+- MiniMax: ignore login strings embedded in scripts when checking web-session pages for signed-out state (#508). Thanks @qipihen!
+- Accounts: refresh the selected provider data and open menu after switching token accounts, even while a menu-open refresh is running (#799, fixes #798). Thanks @Zeko369!
+- Codex: prefer session turn-context model metadata when calculating local cost history so GPT-5.4 sessions are not bucketed as GPT-5 (#620). Thanks @betive37!
+- Codex: stop falling back from app-server RPC to bare CLI TUI during automatic usage refreshes, preventing unexpected OpenAI auth browser tabs.
+- Menu/keychain: block delayed test-time menu mutations after teardown and enforce no-UI keychain reads more reliably (#381). Thanks @artuskg!
+- Menu bar: fix invisible status item icon on macOS 26.4 by removing remaining RenderBox-triggering SwiftUI compositing modifiers from `UsageProgressBar` (rewritten as a single Canvas) and eliminating ~28 redundant Keychain reads on every launch after the first-run migration (#805). Thanks @willytop8!
+
+## 0.23 — 2026-04-26
+
+### Highlights
+- Mistral: add provider support with monthly spend tracking, browser-cookie import, manual cookies, and CLI/token-account support (#607). Thanks @welcoMattic!
+- Claude: show Designs and Daily Routines usage bars from live Claude OAuth/Web quota data, and restore the Web-mode Sonnet bar (#740). Thanks @AISupplyGuy!
+- Cursor: add an Extra usage menu bar metric for on-demand budgets (#789). Thanks @huiye98!
+- Usage: add an opt-in confetti celebration when weekly limits reset after active use (#785). Thanks @zats!
+- Codex: add GPT-5.5 and GPT-5.5 Pro pricing so local cost scanning recognizes the new models.
+- Copilot: show a clearer GitHub Device Flow hint in Settings when the copied device code needs to be pasted into GitHub (#369). Thanks @amoranio!
+
+### Fixes
+- Droid: preserve Factory session fallbacks, use the current usage endpoint, and clarify browser-login messaging (#792). Thanks @JosephDoUrden for the original stale-session fix!
+- Widgets: package App Intents metadata for the widget extension and use configuration defaults so configurable widgets load correctly in WidgetKit (#783). Thanks @ngutman and @vincentyangch!
+- Menu: keep merged-menu cards, switcher rows, wrapped status text, and hosted chart submenus aligned with the real AppKit menu width so menus no longer grow oversized or show narrower chart submenus after width changes. Thanks @ngutman!
+- Codex: ignore invalid zero-minute subscription history so the utilization submenu no longer shows duplicate Session tabs.
+- CLI: report the app bundle version correctly when the bundled helper is launched through a symlink.
+- Codex/Claude: clean up cached CLI status probes during app shutdown so `codex -s read-only` workers are not orphaned after restart.
+
+## 0.22 — 2026-04-21
+
+### Highlights
+- Codex: restore OpenAI web dashboard fetching on the new analytics route and tighten hidden WebView reuse/expiry.
+- Synthetic: parse live quota payloads for five-hour, weekly, and search limits, including continuous reset/regeneration details (#732). Thanks @baanish!
+- Antigravity: restore account/quota probing across newer localhost endpoint/token layouts and retry paths (#727). Thanks @icey-zhang!
+- Menu: add standard shortcuts for Refresh, Settings, and Quit while the status menu is open (#737). Thanks @anirudhvee!
+- Widgets: migrate app-group sharing to the Team-ID-prefixed container and carry widget state across the move (#701). Thanks @ngutman!
+
+### Providers & Usage
+- Synthetic: parse live five-hour, weekly, and search quota payloads, including continuous reset/regeneration details (#732). Thanks @baanish!
+- Antigravity: restore localhost probing with async TLS challenge handling, extension-token fallback, and best-effort port selection (#727). Thanks @icey-zhang!
+- Gemini: discover OAuth config in fnm/Homebrew/bundled CLI layouts so expired-token refresh keeps working (#723). Thanks @Leechael!
+- Copilot: open the complete device-login verification URL when available so the browser flow carries the user code (#739). Thanks @skhe!
+- Alibaba: update the China mainland Coding Plan endpoint and browser-cookie domain while keeping older domains as fallbacks (#712). Thanks @hezhongtang!
+- Codex: restore OpenAI web dashboard fetching on the new analytics route and tighten hidden WebView reuse/expiry. @ratulsarna
+
+### Menu & Settings
+- Menu: show and handle standard shortcuts for Refresh (⌘R), Settings (⌘,), and Quit (⌘Q) while the status menu is open (#737). Thanks @anirudhvee!
+- Settings: fix provider-sidebar clipping on macOS Tahoe and resize the Preferences window when switching tabs (#580). Thanks @chadneal!
+
+### Fixes
+- Keychain cache: preserve cached credentials when macOS temporarily denies keychain UI after wake, avoiding repeated prompts (#594). Thanks @josepe98!
+
+## 0.21 — 2026-04-18
+
+### Highlights
+- Abacus AI: add a new provider for ChatLLM and RouteLLM credit tracking with browser-cookie import, manual-cookie support, and monthly pace rendering. Thanks @ChrisGVE!
+- Codex: recognize the new Pro $100 plan in OAuth, OpenAI web, menu, and CLI rendering, and preserve CLI fallback when partial OAuth payloads lose the 5-hour session lane (#691, #709). Thanks @ImLukeF!
+- Codex: make OpenAI web extras opt-in for fresh installs, preserve working legacy setups on upgrade, add an OpenAI web battery-saver toggle, and keep account-scoped dashboard state aligned during refreshes and account switches (#529). Thanks @cbrane!
+- Codex: fix local cost scanner overcounting and cross-day undercounting across forked sessions, cold-cache refreshes, and sessions-root changes (#698). Thanks @xx205!
+- z.ai: preserve weekly and 5-hour token quotas together, surface the 5-hour lane correctly across the menu/menu bar, and add regression coverage (#662). Thanks to @takumi3488 for the original fix and investigation.
+- Cursor: fix a crash in the usage fetch path and add regression coverage (#663). Thanks @anirudhvee for the report and validation!
+- Antigravity: restore account and quota probing across newer localhost endpoint/token layouts and API-level retry failures (#693, fixes #692). Thanks @anirudhvee!
+- Menu bar: fix missing icons on affected macOS 26 systems by avoiding RenderBox-triggering SwiftUI effects (#677). Thanks @andrzejchm!
+- Battery / refresh: cut menu redraw churn, skip background work for unavailable providers, and reuse cached OpenAI web views more efficiently (#708).
+- Claude: add Opus 4.7 pricing so local cost scanning and cost breakdowns recognize the new model. Thanks @knivram!
+- Codex: add Microsoft Edge as a browser-cookie import option for the Codex provider while preserving the contributor-branch workflow from the original PR (#694). Thanks @Astro-Han!
+
+### Providers & Usage
+- Abacus AI: add provider support for ChatLLM and RouteLLM monthly compute-credit tracking with cookie import, manual cookie headers, timeout/browser-detection threading, optional billing fallback, and hardened cached-session retry behavior. Thanks @ChrisGVE!
+- Codex: render the new Pro $100 plan consistently across OAuth, OpenAI web, menu, and CLI surfaces, tolerate newer Codex OAuth payload variants like `prolite`, and only fall back to the CLI in auto mode when OAuth decode damage actually drops the session lane (#691, #709).
+- Codex: make OpenAI web extras opt-in by default, preserve legacy implicit-auto cookie setups during upgrade inference, add battery-saver gating for non-forced dashboard refreshes, and preserve provider/dashboard state for enabled providers that are temporarily unavailable.
+- Cost: tighten the local Codex cost scanner around fork inheritance, cold-cache discovery, incremental parsing, and sessions-root changes so replayed sessions no longer overcount or slip usage across day boundaries (#698). Thanks @xx205!
+- z.ai: preserve both weekly and 5-hour token quotas, keep the existing 2-limit behavior unchanged, and render the 5-hour quota as a tertiary row in provider snapshots and CLI/menu cards (#662). Credit to @takumi3488 for the original fix and investigation.
+- Cursor: fix the usage fetch path so failed or cancelled requests no longer crash, and add Linux build and regression test coverage fixes (#663).
+- Antigravity: try both language-server and extension-server endpoint/token combinations, retry after API-level errors, scope insecure localhost trust handling to loopback hosts, and restore local quota/account probing on newer Antigravity builds (#693, fixes #692). Thanks @anirudhvee!
+- Antigravity: prefer `userTier.name` over generic plan info when rendering the account plan so Google AI Ultra and similar tiers show their real subscription name, while still falling back cleanly when the tier label is absent or blank (#303). Thanks @zacklavin11!
+- Ollama: recognize `__Secure-session` cookies during manual cookie entry and browser-cookie import so authenticated usage fetching continues to work with the newer cookie name (#707). Thanks @anirudhvee!
+- OpenCode: enable weekly pace visualization for the app and CLI so weekly bars show reserve percentage, expected-usage markers, and "Lasts until reset" details like Codex and Claude (#639). Thanks @Zachary!
+- Refresh pipeline: skip background work for unavailable providers, clear stale cached state, and show explicit unavailable messages (#708).
+- Codex: support Microsoft Edge in browser-cookie import for the Codex provider while keeping the contributor branch untouched in the superseding integration path (#694). Thanks @Astro-Han!
+- OpenCode / OpenCode Go: treat serialized `_server` auth/account-context failures as invalid credentials so cached browser cookies are cleared and retried instead of surfacing a misleading HTTP 500.
+- OpenAI web: keep cached WebViews across same-account refreshes and clean them up only when accounts or providers go stale (#708).
+- Claude: add Opus 4.7 pricing so local cost usage and breakdowns price the new model correctly. Thanks @knivram!
+- Claude: broaden CLI binary lookup to native installer paths (#731). Thanks @dingtang2008!
+
+### Menu & Settings
+- Menu bar: fix missing icons on affected macOS 26 systems by replacing RenderBox-triggering material/offscreen SwiftUI effects in the provider sidebar and highlighted progress bar (#677). Thanks @andrzejchm!
+- z.ai: fix menu bar selection when both weekly and 5-hour quotas are present (#662).
+- Menu bar: avoid redundant merged-icon redraws and make hosted chart submenus load lazily without losing provider context (#708).
+- Merged menu: when Overview is selected, keep the merged menu bar icon aligned with the first Overview provider in configured order, even while that provider is still loading (#724). Thanks @anirudhvee!
+- Codex: add an OpenAI web battery-saver toggle, keep manual refresh available when battery saver is on, and hide OpenAI web submenus when web extras are disabled.
+
+### Development & Tooling
+- CLI / Debug: add user-facing browser-cookie cache clearing, including provider-scoped CLI clearing that removes managed Codex account cookie caches (#592, fixes #591). Thanks @coygeek!
+- Diagnostics: add lightweight battery instrumentation for menu updates and refresh work (#708).
+- Build script: make CodexBar-owned ad-hoc keychain cleanup opt-in with `--clear-adhoc-keychain`, and extend the explicit reset path to clear both `com.steipete.CodexBar` and `com.steipete.codexbar.cache`. Thanks @magnaprog!
+
+## 0.20 — 2026-04-07
+
 ### Highlights
+- Codex: switch between system accounts/profiles without manually logging out and back in. @ratulsarna
+- Add Perplexity provider support with recurring, bonus, and purchased-credit tracking, Pro/Max plan detection, browser-cookie auto-import, and manual-cookie fallback (#449). Thanks @BeelixGit!
+- Add OpenCode Go as a separate provider with 5-hour, weekly, and monthly web usage tracking, widget integration, and browser-cookie support.
+- Claude: fix token and cost inflation caused by cross-file double counting of subagent JSONL logs, fix streaming chunk deduplication, and add `claude-sonnet-4-6` pricing. Thanks @enzonaute for the investigation!
+- Cost history: include supported pi session usage in Codex/Claude provider history so provider charts reflect those local runs (#653). Thanks @ngutman!
+
+### Providers & Usage
+- Perplexity: add recurring, bonus, and purchased-credit tracking; plan detection for Pro/Max; browser-cookie auto-import; and manual-cookie fallback (#449). Thanks @BeelixGit!
+- OpenCode Go: add a dedicated provider, parse live authenticated workspace Go usage from the web app, keep monthly optional and honor workspace env overrides.
+- Codex: add workspace attribution for account labels and same-email multi-workspace accounts.
+- Codex: reconcile live-system and managed accounts by canonical identity, preserve account-scoped usage/history/dashboard state, allow OAuth CLI fallback, and tighten OpenAI web ownership gating so quota and credits only attach to the matching account. Thanks @monterrr and @Rag30 for the initial effort and ideas!
+- Codex: normalize weekly-only rate limits across OAuth and CLI/RPC so free-plan accounts render as Weekly instead of a fake Session, preserve unknown single-window payloads in the primary lane, hide the empty Session lane in widgets, and accept weekly-only Codex CLI `/status`/RPC data without failing. @ratulsarna
+- Codex: refactor the provider end to end into clearer components and better division of responsibilities.
+- OpenCode: preserve product separation between Zen and Go, improve null/unsupported usage handling, and harden cookie/domain behavior for authenticated web fetches.
+- Cost history: merge supported pi session usage into Codex/Claude provider history (#653). Thanks @ngutman!
+
+### Menu & Settings
+- Codex: add UI for switching the system-level Codex account and promoting a managed account into the live system slot.
+- Codex: hide display-only OpenAI web extras in widgets and fix buy-credits / credits-only presentation regressions.
+- Claude: enable “Avoid Keychain prompts” by default, remove the experimental label, and preserve user-action cooldown clearing plus startup bootstrap when Security.framework fallback is still needed.
+- Fix alignment of menu chart hover coordinates on macOS. Thanks @cuidong233!
+
+## 0.19.0 — 2026-03-23
+### Highlights
+- Add Alibaba Coding Plan provider with region-aware quota fetching, widget integration, and browser-cookie import defaults (#574).
+- Align Cursor usage with the dashboard's Total/Auto/API lanes. (#587). Thanks @Rag30!
+- Add subscription utilization history chart to the menu with DST-safe data point identification (#589). Thanks @maxceem!
+- Refactor the Claude provider end to end into clearer, better-tested components while preserving behavior (#494). @ratulsarna
+- Add reset time display for Codex code review limits (#581). Thanks @Q1CHENL!
+- Add per-model token counts to cost history (#546). Thanks @iam-brain!
+- Fix Antigravity model selection to use stable model-family matching for Claude, Gemini Pro, and Gemini Flash, and preserve fallback lane visibility in the menu bar and icon (#590). Thanks @skainguyen1412!
+- Add GPT-5.4 mini and nano pricing (#561). Thanks @iam-brain!
+
+### Providers & Usage
+- Alibaba: add Coding Plan provider support with region-aware web/API quota fetching, widget integration, and browser-cookie import defaults (#574).
+- Cursor: trust dashboard percent fields for Total/Auto/API usage, preserve on-demand remaining fallback views, and keep scanning imported browser-cookie candidates until a working Cursor session is found (#587, supersedes #579). Thanks @Rag30!
+- Claude: refactor the provider end to end into clearer components, with baseline docs and expanded tests to lock down behavior (#494).
+- Codex: show reset times for code review limits, including Core review reset parsing support (#581). Thanks @Q1CHENL!
+- Cost history: add per-model token counts so token usage is broken out by model (#546). Thanks @iam-brain!
+- Antigravity: replace label-order guessing with stable model-family selection for Claude, Gemini Pro, and Gemini Flash; fix mapping for Claude thinking models and placeholder model IDs; preserve fallback lane visibility in the menu bar and icon when only fallback lanes exist (#590). Thanks @skainguyen1412!
+- Kimi: tolerate API responses without `resetTime` so usage decoding no longer fails on sparse payloads.
+- Codex: add GPT-5.4 mini and nano pricing (#561). Thanks @iam-brain!
+
+### Menu & Settings
+- Menu: add subscription utilization history chart with DST-safe chart point identifiers and per-provider plan utilization tracking (#589). Thanks @maxceem!
+- Menu bar: in Both display mode, fall back to percent when pace data is unavailable so text stays visible for providers without pace metrics (#527). Thanks @Astro-Han!
+- Settings: persist the resolved refresh cadence default to `UserDefaults` on first launch and repair invalid stored values so the setting stays normalized across relaunches (#519). Thanks @Astro-Han!
+- Menu: wrap long status blurbs and preserve wrapped titles for multiline entries (#543). Thanks @zkforge!
+
+## 0.18.0 — 2026-03-15
+### Highlights
+- Add Kilo provider support with API/CLI source modes, widget integration, and pass/credit handling (#454). Built on work by @coreh.
+- Add Ollama provider, including token-account support in Settings and CLI (#380). Thanks @CryptoSageSnr!
+- Add OpenRouter provider for credit-based usage tracking (#396). Thanks @chountalas!
+- Add Codex historical pace with risk forecasting, backfill, and zero-usage-day handling (#482, supersedes #438). Thanks @tristanmanchester!
 - Add a merged-menu Overview tab with configurable providers and row-to-provider navigation (#416). @ratulsarna
 - Add an experimental option to suppress Claude Keychain prompts (#388).
-- Add OpenRouter provider for credit-based usage tracking (#396). Thanks @chountalas!
-- Add Ollama provider, including token-account support in Settings and CLI (#380). Thanks @CryptoSageSnr!
-- Add Kilo provider support with API/CLI source modes, widget integration, and pass/credit handling (#454). Built on work by @coreh.
 - Reduce CPU/energy regressions and JSONL scanner overhead in Codex/web usage paths (#402, #392). Thanks @bald-ai and @asonawalla!
-- Add Codex historical pace with risk forecasting, backfill, and zero-usage-day handling (#482, supersedes #438). Thanks @tristanmanchester!
 
 ### Providers & Usage
-- Claude: surface rate-limit errors from the CLI `/usage` probe with a user-friendly message, and harden “Failed to load usage data” matching against whitespace-collapsed output.
 - Codex: add historical pace risk forecasting and backfill, gate pace computation by display mode, and handle zero-usage days in historical data (#482, supersedes #438). Thanks @tristanmanchester!
-- OpenRouter: add provider support with credit tracking, key-quota popup support, token-account labels, fallback status icons, and updated icon/color (#396). Thanks @chountalas!
-- Ollama: add provider support with token-account support in app/CLI, Chrome-default auto cookie import, and manual-cookie mode (#380). Thanks @CryptoSageSnr!
 - Kilo: add provider support with source-mode fallback, clearer credential/login guidance, auto top-up activity labeling, zero-balance credit handling, and pass parsing/menu rendering (#454). Thanks @coreh!
-- Browser cookie import: match Gecko `*.default*` profile directories case-insensitively so Firefox/Zen cookie detection works with uppercase `.Default` directories (#422). Thanks @bald-ai!
-- MiniMax: make both Settings “Open Coding Plan” actions region-aware so China mainland selection opens `platform.minimaxi.com` instead of the global domain (#426, fixes #378). Thanks @bald-ai!
-- Codex: in percent display mode with “show remaining,” show remaining credits in the menu bar when session or weekly usage is exhausted (#336). Thanks @teron131!
+- Ollama: add provider support with token-account support in app/CLI, Chrome-default auto cookie import, and manual-cookie mode (#380). Thanks @CryptoSageSnr!
+- OpenRouter: add provider support with credit tracking, key-quota popup support, token-account labels, fallback status icons, and updated icon/color (#396). Thanks @chountalas!
+- Gemini: show separate Pro, Flash, and Flash Lite meters by splitting Gemini CLI quota buckets for `gemini-2.5-flash` and `gemini-2.5-flash-lite` (#496). Thanks @aladh
+- Codex: in percent display mode with "show remaining," show remaining credits in the menu bar when session or weekly usage is exhausted (#336). Thanks @teron131!
+- Claude: surface rate-limit errors from the CLI `/usage` probe with a user-friendly message, and harden "Failed to load usage data" matching against whitespace-collapsed output.
+- Claude: restore weekly/Sonnet reset parsing from whitespace-collapsed CLI `/usage` output so reset times and pace details still appear after CLI fallback.
 - Claude: fix extra-usage double conversion so OAuth/Web values stay on a single normalization path (#472, supersedes #463). Thanks @Priyans-hu!
+- Claude: remove root-directory mtime short-circuiting in cost scanning so new session logs inside existing `~/.claude/projects/*` folders are discovered reliably (#462, fixes #411). Thanks @Priyans-hu!
 - Copilot: harden free-plan quota parsing and fallback behavior by treating underdetermined values as unknown, preserving missing metadata as nil (#432, supersedes #393). Thanks @emanuelst!
-- Menu: rebuild the merged provider switcher when “Show usage as used” changes so switcher progress updates immediately (#306). Thanks @Flohhhhh!
-- Update Kiro parsing for `kiro-cli` 1.24+ / Q Developer formats and non-managed plan handling (#288). Thanks @kilhyeonjun!
-- Kimi: in automatic metric mode, prioritize the 5-hour rate-limit window for menu bar and merged highest-usage calculations (#390). Thanks @ajaxjiang96!
 - OpenCode: treat explicit `null` subscription responses as missing usage data, skip POST fallback, and return a clearer workspace-specific error (#412).
 - OpenCode: surface clearer HTTP errors. Thanks @SalimBinYousuf1!
+- Codex: preserve exact GPT-5 model IDs in local cost history, add GPT-5.4 pricing, and label zero-cost `gpt-5.3-codex-spark` sessions as "Research Preview" in cost breakdowns (#511). Thanks @iam-brain!
+- Augment: prevent refresh stalls when `auggie account status` hangs by replacing unbounded CLI waits with timed subprocess execution and fallback handling (#481). Thanks @bryant24hao!
+- Update Kiro parsing for `kiro-cli` 1.24+ / Q Developer formats and non-managed plan handling (#288). Thanks @kilhyeonjun!
+- Kimi: in automatic metric mode, prioritize the 5-hour rate-limit window for menu bar and merged highest-usage calculations (#390). Thanks @ajaxjiang96!
+- Browser cookie import: match Gecko `*.default*` profile directories case-insensitively so Firefox/Zen cookie detection works with uppercase `.Default` directories (#422). Thanks @bald-ai!
+- MiniMax: make both Settings "Open Coding Plan" actions region-aware so China mainland selection opens `platform.minimaxi.com` instead of the global domain (#426, fixes #378). Thanks @bald-ai!
+- Menu: rebuild the merged provider switcher when “Show usage as used” changes so switcher progress updates immediately (#306). Thanks @Flohhhhh!
 - Warp: update API key setup guidance.
-- Claude: update the “not installed” help link to the current Claude Code documentation URL (#431). Thanks @skebby11!
+- Claude: update the "not installed" help link to the current Claude Code documentation URL (#431). Thanks @skebby11!
 - Fix Claude setup message package name (#376). Thanks @daegwang!
 
 ### Menu & Settings
+- Merged menu: keep Merge Icons, the switcher, and Overview tied to user-enabled providers even when some providers are temporarily unavailable, while defaulting menu content and icon state to an available provider when possible (#525). Thanks @Astro-Han!
 - Merged menu: add an Overview switcher tab that shows up to three provider usage rows in provider order (#416).
-- Settings: add “Overview tab providers” controls to choose/deselect Overview providers, with persisted selection reconciliation as enabled providers change (#416).
+- Settings: add "Overview tab providers" controls to choose/deselect Overview providers, with persisted selection reconciliation as enabled providers change (#416).
 - Menu: hide contextual provider actions while Overview is selected and rebuild switcher state when overview availability changes (#416).
 
 ### Claude OAuth & Keychain
-- **Default to `/usr/bin/security` CLI for Claude keychain reads**, eliminating recurring macOS keychain password prompts after rebuilds/updates. Security.framework remains available as a user override.
-- Use a `claude-code/<version>` User-Agent for OAuth usage requests instead of a generic identifier.
-- Rename `.securityCLIExperimental` → `.securityCLI` (now the production default).
+- Add an experimental Claude OAuth Security-CLI reader path and option in settings.
 - Apply stored prompt mode and fallback policy to silent/noninteractive keychain probes.
 - Add cooldown for background OAuth keychain retries.
 - Disable experimental toggle when keychain access is disabled.
+- Use a `claude-code/<version>` User-Agent for OAuth usage requests instead of a generic identifier.
 
 ### Performance & Reliability
 - Codex/OpenAI web: reduce CPU and energy overhead by shortening failed CLI probe windows, capping web retry timeouts, and using adaptive idle blink scheduling (#402). Thanks @bald-ai!
 - Cost usage scanner: optimize JSONL chunk parsing to avoid buffer-front removal overhead on large logs (#392). Thanks @asonawalla!
 - TTY runner: fence shutdown registration to avoid launch/shutdown races, isolate process groups before shutdown rejection, and ensure lingering CLI descendants are cleaned up on app termination (#429). Thanks @uraimo!
 
-### Dev & Tests
-- Run provider fetches and Claude debug OAuth probes off `MainActor`.
-- Split Claude OAuth test overrides and isolate coordinator tests.
-- Docs: explain pace tracking terminology in the UI guide, including "deficit", "reserve", and "on pace" meanings (#421). Thanks @bald-ai!
-
 
 ## 0.18.0-beta.3 — 2026-02-13
 ### Highlights
diff --git a/FORK_STATUS.md b/FORK_STATUS.md
deleted file mode 100644
index cb0a07fdf..000000000
--- a/FORK_STATUS.md
+++ /dev/null
@@ -1,338 +0,0 @@
-# CodexBar Fork - Current Status
-
-**Last Updated:** January 4, 2026
-**Fork Maintainer:** Brandon Charleson
-**Branch:** `feature/augment-integration`
-
----
-
-## ✅ Completed Work
-
-### Phase 1: Fork Identity & Credits ✓
-
-**Commits:**
-1. `da3d13e` - "feat: establish fork identity with dual attribution"
-2. `745293e` - "docs: add fork roadmap and quick start guide"
-3. `8a87473` - "docs: add fork status tracking document"
-4. `df75ae2` - "feat: comprehensive multi-upstream fork management system"
-
-**Changes:**
-- ✅ Updated About section with dual attribution (original + fork)
-- ✅ Updated PreferencesAboutPane with organized sections
-- ✅ Changed app icon click to open fork repository
-- ✅ Updated README with fork notice and enhancements section
-- ✅ Created comprehensive `docs/augment.md` documentation
-- ✅ Created `docs/FORK_ROADMAP.md` with 5-phase plan
-- ✅ Created `docs/FORK_QUICK_START.md` developer guide
-- ✅ Created `FORK_STATUS.md` tracking document
-- ✅ **Implemented complete multi-upstream management system**
-
-**Build Status:** ✅ App builds and runs successfully
-
-### Multi-Upstream Management System ✓
-
-**Automation Scripts:**
-- ✅ `Scripts/check_upstreams.sh` - Monitor both upstreams
-- ✅ `Scripts/review_upstream.sh` - Create review branches
-- ✅ `Scripts/prepare_upstream_pr.sh` - Prepare upstream PRs
-- ✅ `Scripts/analyze_quotio.sh` - Analyze quotio patterns
-
-**GitHub Actions:**
-- ✅ `.github/workflows/upstream-monitor.yml` - Automated monitoring
-
-**Documentation:**
-- ✅ `docs/UPSTREAM_STRATEGY.md` - Complete management guide
-- ✅ `docs/QUOTIO_ANALYSIS.md` - Pattern analysis framework
-- ✅ `docs/FORK_SETUP.md` - One-time setup guide
-
----
-
-## 🎯 Current State
-
-### What Works
-- ✅ Fork identity clearly established
-- ✅ Dual attribution in place (original + fork)
-- ✅ Comprehensive documentation
-- ✅ Clear development roadmap
-- ✅ App builds without errors
-- ✅ All existing functionality preserved
-- ✅ **Multi-upstream management system operational**
-- ✅ **Automated upstream monitoring configured**
-- ✅ **Quotio analysis framework ready**
-
-### Critical Discovery
-- ⚠️ **Upstream (steipete) has REMOVED Augment provider**
-  - 627 lines deleted from `AugmentStatusProbe.swift`
-  - 88 lines deleted from `AugmentStatusProbeTests.swift`
-  - **This validates our fork strategy!**
-  - We preserve Augment support for our users
-  - We can selectively sync other improvements
-
-### Known Issues
-- ⚠️ Augment cookie disconnection (Phase 2 will address)
-- ⚠️ Debug print statements in AugmentStatusProbe.swift (needs proper logging)
-
-### Uncommitted Changes
-- `Sources/CodexBarCore/Providers/Augment/AugmentStatusProbe.swift` has debug print statements
-  - These should be replaced with proper `CodexBarLog` logging in Phase 2
-  - Currently unstaged to keep commits clean
-
----
-
-## 📋 Next Steps
-
-### URGENT: Upstream Sync Decision
-**Before proceeding with Phase 2, decide on upstream sync strategy:**
-
-1. **Review upstream changes:**
-   ```bash
-   ./Scripts/check_upstreams.sh upstream
-   ./Scripts/review_upstream.sh upstream
-   ```
-
-2. **Decide what to sync:**
-   - ✅ Vertex AI improvements (5 commits)
-   - ✅ SwiftFormat/SwiftLint fixes
-   - ❌ Augment provider removal (SKIP!)
-
-3. **Cherry-pick valuable commits:**
-   ```bash
-   git checkout -b upstream-sync/vertex-improvements
-   git cherry-pick 001019c  # style fixes
-   git cherry-pick e4f1e4c  # vertex token cost
-   git cherry-pick 202efde  # vertex fix
-   git cherry-pick 0c2f888  # vertex docs
-   git cherry-pick 3c4ca30  # vertex tracking
-   # Skip Augment removal commits!
-   ```
-
-### Immediate (Phase 2)
-1. **Replace debug prints with proper logging**
-   - Use `CodexBarLog.logger("augment")` pattern
-   - Add structured metadata
-   - Follow Claude/Cursor provider patterns
-
-2. **Enhanced cookie diagnostics**
-   - Log cookie expiration times
-   - Track refresh attempts
-   - Add domain filtering diagnostics
-
-3. **Session keepalive monitoring**
-   - Add keepalive status to debug pane
-   - Log refresh attempts
-   - Add manual "Force Refresh" button
-
-### Short Term (Phases 3-4)
-- **Analyze Quotio features** using `./Scripts/analyze_quotio.sh`
-- **Regular upstream monitoring** (automated via GitHub Actions)
-- **Weekly sync routine** (Monday: upstream, Thursday: quotio)
-
-### Medium Term (Phase 5)
-- Implement multi-account management (inspired by quotio)
-- Start with Augment provider
-- Extend to other providers
-
----
-
-## 📁 Key Files Modified
-
-### Source Code
-- `Sources/CodexBar/About.swift` - Dual attribution
-- `Sources/CodexBar/PreferencesAboutPane.swift` - Organized sections
-- `Sources/CodexBarCore/Providers/Augment/AugmentStatusProbe.swift` - Debug prints (unstaged)
-
-### Documentation
-- `README.md` - Fork notice and enhancements
-- `docs/augment.md` - Augment provider guide (NEW)
-- `docs/FORK_ROADMAP.md` - Development roadmap (NEW)
-- `docs/FORK_QUICK_START.md` - Quick reference (NEW)
-
----
-
-## 🔄 Git Status
-
-```bash
-# Current branch
-feature/augment-integration
-
-# Commits ahead of main
-4 commits:
-- da3d13e: Fork identity with dual attribution
-- 745293e: Roadmap and quick start guide
-- 8a87473: Fork status tracking
-- df75ae2: Multi-upstream management system
-
-# Uncommitted changes
-M Sources/CodexBarCore/Providers/Augment/AugmentStatusProbe.swift (debug prints)
-
-# Git remotes configured
-origin    git@github.com:topoffunnel/CodexBar.git
-upstream  https://github.com/steipete/CodexBar.git (needs to be added)
-quotio    https://github.com/nguyenphutrong/quotio.git (needs to be added)
-```
-
----
-
-## 🚀 How to Continue
-
-### RECOMMENDED: Setup Multi-Upstream System First
-
-```bash
-# 1. Configure git remotes
-git remote add upstream https://github.com/steipete/CodexBar.git
-git remote add quotio https://github.com/nguyenphutrong/quotio.git
-git fetch --all
-
-# 2. Test automation scripts
-./Scripts/check_upstreams.sh
-
-# 3. Review upstream changes (IMPORTANT!)
-./Scripts/review_upstream.sh upstream
-
-# 4. Decide what to sync
-# See "URGENT: Upstream Sync Decision" section above
-
-# 5. Analyze quotio
-./Scripts/analyze_quotio.sh
-```
-
-### Option 1: Sync Upstream First, Then Phase 2
-```bash
-# Discard debug prints (will redo in Phase 2)
-git checkout Sources/CodexBarCore/Providers/Augment/AugmentStatusProbe.swift
-
-# Sync valuable upstream changes
-git checkout -b upstream-sync/vertex-improvements
-# Cherry-pick commits (see URGENT section)
-
-# Merge to main
-git checkout main
-git merge feature/augment-integration
-git merge upstream-sync/vertex-improvements
-
-# Then start Phase 2
-git checkout -b feature/augment-diagnostics
-```
-
-### Option 2: Phase 2 First, Sync Later
-```bash
-# Keep debug prints and enhance them
-git add Sources/CodexBarCore/Providers/Augment/AugmentStatusProbe.swift
-
-# Continue on current branch
-# Replace print() with CodexBarLog.logger("augment")
-# Complete Phase 2
-# Then sync upstream
-```
-
-### Option 3: Merge Current Work, Setup System
-```bash
-# Discard debug prints
-git checkout Sources/CodexBarCore/Providers/Augment/AugmentStatusProbe.swift
-
-# Merge to main
-git checkout main
-git merge feature/augment-integration
-
-# Setup remotes
-git remote add upstream https://github.com/steipete/CodexBar.git
-git remote add quotio https://github.com/nguyenphutrong/quotio.git
-
-# Start using the system
-./Scripts/check_upstreams.sh
-```
-
----
-
-## 📊 Progress Tracking
-
-### Phase 1: Fork Identity ✅ COMPLETE
-- [x] Dual attribution in About
-- [x] Fork notice in README
-- [x] Augment documentation
-- [x] Development roadmap
-- [x] Quick start guide
-
-### Phase 2: Enhanced Diagnostics 🔄 READY TO START
-- [ ] Replace print() with CodexBarLog
-- [ ] Enhanced cookie diagnostics
-- [ ] Session keepalive monitoring
-- [ ] Debug pane improvements
-
-### Phase 3: Quotio Analysis 📋 PLANNED
-- [ ] Feature comparison matrix
-- [ ] Implementation recommendations
-- [ ] Priority ranking
-
-### Phase 4: Upstream Sync 📋 PLANNED
-- [ ] Sync script
-- [ ] Conflict resolution guide
-- [ ] Automated checks
-
-### Phase 5: Multi-Account 📋 PLANNED
-- [ ] Account management UI
-- [ ] Account storage
-- [ ] Account switching
-- [ ] UI enhancements
-
----
-
-## 🎯 Success Criteria
-
-### Phase 1 (Current) ✅
-- [x] Fork identity clearly established
-- [x] Original author properly credited
-- [x] Comprehensive documentation
-- [x] App builds and runs
-- [x] No regressions
-
-### Phase 2 (Next)
-- [ ] Zero cookie disconnection issues
-- [ ] Proper structured logging
-- [ ] Enhanced debug diagnostics
-- [ ] Manual refresh capability
-- [ ] All tests passing
-
----
-
-## 📞 Questions & Decisions Needed
-
-### Before Starting Phase 2
-1. **Logging approach:** Keep debug prints and enhance, or start fresh?
-2. **Branch strategy:** Continue on `feature/augment-integration` or create new branch?
-3. **Merge timing:** Merge Phase 1 to main first, or continue with all phases?
-
-### For Phase 3
-1. **Quotio access:** Do you have access to Quotio source code?
-2. **Feature priority:** Which Quotio features are most important?
-3. **Timeline:** How much time to allocate for analysis?
-
-### For Phase 5
-1. **Account limit:** How many accounts per provider?
-2. **UI design:** Menu bar dropdown or separate window?
-3. **Storage:** Keychain per account or shared?
-
----
-
-## 🔗 Quick Links
-
-- **Roadmap:** `docs/FORK_ROADMAP.md`
-- **Quick Start:** `docs/FORK_QUICK_START.md`
-- **Augment Docs:** `docs/augment.md`
-- **Original Repo:** https://github.com/steipete/CodexBar
-- **Fork Repo:** https://github.com/topoffunnel/CodexBar
-
----
-
-## 💡 Recommendations
-
-1. **Merge Phase 1 to main** - Establish fork identity as baseline
-2. **Create Phase 2 branch** - `feature/augment-diagnostics`
-3. **Start with logging** - Replace prints with proper CodexBarLog
-4. **Test thoroughly** - Ensure no regressions
-5. **Document as you go** - Update docs with findings
-
----
-
-**Ready to proceed with Phase 2?** See `docs/FORK_ROADMAP.md` for detailed tasks.
-
diff --git a/IMPLEMENTATION_SUMMARY.md b/IMPLEMENTATION_SUMMARY.md
deleted file mode 100644
index f5d3c63b0..000000000
--- a/IMPLEMENTATION_SUMMARY.md
+++ /dev/null
@@ -1,298 +0,0 @@
-# CodexBar Fork - Implementation Summary
-
-**Date:** January 4, 2026  
-**Implementer:** Augment AI Assistant  
-**For:** Brandon Charleson (topoffunnel.com)
-
----
-
-## 🎉 What Was Accomplished
-
-### Phase 1: Fork Identity & Credits ✅ COMPLETE
-
-**Objective:** Establish clear fork identity while properly crediting original author
-
-**Deliverables:**
-1. **Dual Attribution System**
-   - Updated `About.swift` with original author + fork maintainer
-   - Updated `PreferencesAboutPane.swift` with organized sections
-   - App icon click now opens fork repository
-   - Clear separation of original vs fork contributions
-
-2. **Documentation Suite**
-   - `docs/augment.md` - Comprehensive Augment provider guide (150+ lines)
-   - `docs/FORK_ROADMAP.md` - 5-phase development plan
-   - `docs/FORK_QUICK_START.md` - Developer quick reference
-   - `FORK_STATUS.md` - Living status tracker
-
-3. **README Updates**
-   - Fork notice at top with link to original
-   - "Fork Enhancements" section documenting improvements
-   - Updated credits with dual attribution
-   - Clear differentiation from original
-
-**Result:** Fork has professional identity, ready for distribution via topoffunnel.com
-
----
-
-### Multi-Upstream Management System ✅ COMPLETE
-
-**Objective:** Monitor and selectively incorporate changes from two upstream repositories
-
-**Deliverables:**
-
-#### 1. Automation Scripts (4 scripts, all executable)
-
-**`Scripts/check_upstreams.sh`**
-- Monitors both upstream and quotio for new commits
-- Shows commit summaries and file changes
-- Color-coded output for easy scanning
-- Usage: `./Scripts/check_upstreams.sh [upstream|quotio|all]`
-
-**`Scripts/review_upstream.sh`**
-- Creates review branch for upstream changes
-- Shows detailed commit log and diffs
-- Generates review log file
-- Usage: `./Scripts/review_upstream.sh [upstream|quotio]`
-
-**`Scripts/prepare_upstream_pr.sh`**
-- Creates clean branch from upstream/main for PR submission
-- Provides guidelines for what to include/exclude
-- Prevents fork branding from going upstream
-- Usage: `./Scripts/prepare_upstream_pr.sh <feature-name>`
-
-**`Scripts/analyze_quotio.sh`**
-- Analyzes quotio repository structure and recent changes
-- Generates analysis report with action items
-- Helps identify patterns to adapt (not copy)
-- Usage: `./Scripts/analyze_quotio.sh [feature-area]`
-
-#### 2. GitHub Actions Workflow
-
-**`.github/workflows/upstream-monitor.yml`**
-- Runs Monday and Thursday at 9 AM UTC
-- Checks both upstreams for new commits
-- Creates/updates GitHub issue with summaries
-- Provides links to review changes
-- Can be triggered manually
-
-#### 3. Comprehensive Documentation (3 guides)
-
-**`docs/UPSTREAM_STRATEGY.md`** (630+ lines)
-- Complete multi-upstream management guide
-- Git repository structure and remote configuration
-- Workflows for monitoring, reviewing, incorporating changes
-- Decision matrix: what to contribute upstream vs keep in fork
-- Commit message strategies and attribution
-- Practical examples and troubleshooting
-- Best practices and success metrics
-
-**`docs/QUOTIO_ANALYSIS.md`** (150+ lines)
-- Framework for learning from quotio patterns
-- Ethical guidelines (adapt patterns, don't copy code)
-- Analysis process and templates
-- Feature comparison matrix
-- Implementation planning
-- Legal and attribution considerations
-
-**`docs/FORK_SETUP.md`** (150+ lines)
-- One-time setup guide for git remotes
-- Script testing and verification
-- Critical discovery documentation
-- Selective sync strategy
-- Regular workflow recommendations
-
----
-
-## 🚨 Critical Discovery
-
-**Upstream (steipete) has REMOVED the Augment provider!**
-
-**Evidence:**
-```
-Files changed in upstream:
- .../Providers/Augment/AugmentStatusProbe.swift     | 627 deletions
- Tests/CodexBarTests/AugmentStatusProbeTests.swift  |  88 deletions
-```
-
-**Impact:**
-- ✅ **Validates fork strategy** - We preserve features important to our users
-- ✅ **Justifies independent development** - Can't rely on upstream for Augment
-- ✅ **Enables selective sync** - Cherry-pick valuable changes, skip Augment removal
-- ✅ **Protects user experience** - Fork users keep Augment functionality
-
-**Action Required:**
-When syncing with upstream, must cherry-pick commits selectively to avoid losing Augment support.
-
----
-
-## 📊 Commits Summary
-
-**Total Commits:** 5
-
-1. `da3d13e` - Fork identity with dual attribution
-2. `745293e` - Roadmap and quick start guide
-3. `8a87473` - Fork status tracking document
-4. `df75ae2` - Multi-upstream management system
-5. `158d00c` - Updated fork status
-
-**Lines Added:** ~2,500+ lines of documentation and automation
-**Files Created:** 11 new files
-**Scripts Created:** 4 executable automation scripts
-**Workflows Created:** 1 GitHub Actions workflow
-
----
-
-## 🎯 Strategic Benefits
-
-### For Fork Development
-1. **Independence** - Can develop features without upstream dependency
-2. **Selective Sync** - Cherry-pick valuable improvements, skip unwanted changes
-3. **Attribution Protection** - Fork-specific commits stay separate
-4. **User Focus** - Preserve features important to your users (Augment)
-
-### For Upstream Relationship
-1. **Contribution Ready** - Clean PR branches for upstream submissions
-2. **Good Citizenship** - Can contribute bug fixes and improvements
-3. **Proper Credit** - Attribution system respects original author
-4. **Flexibility** - Option to contribute or keep changes in fork
-
-### For Learning from Quotio
-1. **Ethical Framework** - Clear guidelines for pattern analysis
-2. **Legal Protection** - Adapt patterns, don't copy code
-3. **Innovation** - Learn from their solutions, implement independently
-4. **Attribution** - Credit inspiration appropriately
-
----
-
-## 📋 Current State
-
-### What's Ready
-- ✅ Fork identity established
-- ✅ Comprehensive documentation
-- ✅ Automation scripts tested and working
-- ✅ GitHub Actions workflow configured
-- ✅ Git remotes documented (need to be added)
-- ✅ Selective sync strategy defined
-- ✅ App builds and runs successfully
-
-### What's Pending
-- ⏳ Git remotes need to be added (one-time setup)
-- ⏳ Upstream sync decision needed (5 new commits available)
-- ⏳ Quotio analysis to be performed
-- ⏳ Phase 2 (Enhanced Augment diagnostics)
-
-### Known Issues
-- ⚠️ Augment cookie disconnection (Phase 2 will address)
-- ⚠️ Debug print statements in AugmentStatusProbe.swift (unstaged)
-
----
-
-## 🚀 Next Steps for You
-
-### Immediate (Before Phase 2)
-
-**1. Setup Git Remotes**
-```bash
-git remote add upstream https://github.com/steipete/CodexBar.git
-git remote add quotio https://github.com/nguyenphutrong/quotio.git
-git fetch --all
-```
-
-**2. Test Automation**
-```bash
-./Scripts/check_upstreams.sh
-./Scripts/review_upstream.sh upstream
-./Scripts/analyze_quotio.sh
-```
-
-**3. Decide on Upstream Sync**
-- Review 5 new upstream commits
-- Cherry-pick valuable changes (Vertex AI improvements)
-- Skip Augment removal commits
-- See `FORK_STATUS.md` for detailed instructions
-
-### Short Term (This Week)
-
-**4. Merge to Main**
-```bash
-git checkout main
-git merge feature/augment-integration
-```
-
-**5. Enable GitHub Actions**
-- Push to your fork
-- Enable Actions in repository settings
-- Verify workflow runs
-
-**6. Start Regular Monitoring**
-- Monday: Check upstream (`./Scripts/check_upstreams.sh upstream`)
-- Thursday: Analyze quotio (`./Scripts/analyze_quotio.sh`)
-
-### Medium Term (Next 2 Weeks)
-
-**7. Complete Phase 2**
-- Enhanced Augment diagnostics
-- Proper logging with CodexBarLog
-- Session keepalive monitoring
-
-**8. Quotio Analysis**
-- Document multi-account patterns
-- Plan implementation
-- Prioritize features
-
----
-
-## 📖 Documentation Index
-
-### Core Documents
-- `README.md` - Main documentation with fork notice
-- `FORK_STATUS.md` - Current status and next steps
-- `IMPLEMENTATION_SUMMARY.md` - This document
-
-### Setup & Strategy
-- `docs/FORK_SETUP.md` - One-time setup guide
-- `docs/FORK_QUICK_START.md` - Developer quick reference
-- `docs/UPSTREAM_STRATEGY.md` - Multi-upstream management
-- `docs/FORK_ROADMAP.md` - 5-phase development plan
-
-### Provider & Analysis
-- `docs/augment.md` - Augment provider guide
-- `docs/QUOTIO_ANALYSIS.md` - Quotio pattern analysis framework
-
-### Scripts
-- `Scripts/check_upstreams.sh` - Monitor upstreams
-- `Scripts/review_upstream.sh` - Review changes
-- `Scripts/prepare_upstream_pr.sh` - Prepare PRs
-- `Scripts/analyze_quotio.sh` - Analyze quotio
-
----
-
-## 💡 Key Insights
-
-1. **Fork Validation** - Upstream removing Augment proves fork was necessary
-2. **Best of Both Worlds** - Can learn from two sources while maintaining independence
-3. **Selective Sync** - Cherry-picking gives control over what changes to adopt
-4. **Attribution Matters** - Separate commits protect your contributions
-5. **Automation Wins** - Scripts and workflows reduce manual effort
-
----
-
-## ✅ Success Criteria Met
-
-- [x] Fork identity clearly established
-- [x] Original author properly credited
-- [x] Comprehensive documentation
-- [x] Multi-upstream monitoring system
-- [x] Automation scripts working
-- [x] GitHub Actions configured
-- [x] Selective sync strategy defined
-- [x] App builds and runs
-- [x] No regressions
-
----
-
-**Status:** Phase 1 COMPLETE + Multi-Upstream System OPERATIONAL  
-**Ready for:** Upstream sync decision + Phase 2 development  
-**Recommendation:** Setup remotes, sync upstream, then proceed to Phase 2
-
diff --git a/Package.resolved b/Package.resolved
index f84c0c217..345845bc6 100644
--- a/Package.resolved
+++ b/Package.resolved
@@ -1,13 +1,13 @@
 {
-  "originHash" : "74bd6f3ab6e0b0cb0c2cddb00f2167c2ab0a1c00cd54ffc1a2899c7ef8c56367",
+  "originHash" : "9daf4612f2543e308a07be34ab3ccf2f4650427ce8086e5943eaed1fa79b64f4",
   "pins" : [
     {
       "identity" : "commander",
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/steipete/Commander",
       "state" : {
-        "revision" : "9e349575c8e3c6745e81fe19e5bb5efa01b078ce",
-        "version" : "0.2.1"
+        "revision" : "ae2ce746b386ff94b26648cfe5625cfa8d02639b",
+        "version" : "0.2.2"
       }
     },
     {
@@ -24,8 +24,8 @@
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/sparkle-project/Sparkle",
       "state" : {
-        "revision" : "5581748cef2bae787496fe6d61139aebe0a451f6",
-        "version" : "2.8.1"
+        "revision" : "066e75a8b3e99962685d6a90cdd5293ebffd9261",
+        "version" : "2.9.1"
       }
     },
     {
@@ -33,8 +33,26 @@
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/steipete/SweetCookieKit",
       "state" : {
-        "revision" : "4d5b71ffbb296937dc5ee8472f64721bca771cf0",
-        "version" : "0.4.0"
+        "revision" : "21bedea672a3e63ccad24d744051e76cdf0462dd",
+        "version" : "0.4.1"
+      }
+    },
+    {
+      "identity" : "swift-asn1",
+      "kind" : "remoteSourceControl",
+      "location" : "https://github.com/apple/swift-asn1.git",
+      "state" : {
+        "revision" : "eb50cbd14606a9161cbc5d452f18797c90ef0bab",
+        "version" : "1.7.0"
+      }
+    },
+    {
+      "identity" : "swift-crypto",
+      "kind" : "remoteSourceControl",
+      "location" : "https://github.com/apple/swift-crypto",
+      "state" : {
+        "revision" : "95ba0316a9b733e92bb6b071255ff46263bbe7dc",
+        "version" : "3.15.1"
       }
     },
     {
@@ -42,8 +60,8 @@
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/apple/swift-log",
       "state" : {
-        "revision" : "2778fd4e5a12a8aaa30a3ee8285f4ce54c5f3181",
-        "version" : "1.9.1"
+        "revision" : "5073617dac96330a486245e4c0179cb0a6fd2256",
+        "version" : "1.12.0"
       }
     },
     {
@@ -54,6 +72,14 @@
         "revision" : "0687f71944021d616d34d922343dcef086855920",
         "version" : "600.0.1"
       }
+    },
+    {
+      "identity" : "vortex",
+      "kind" : "remoteSourceControl",
+      "location" : "https://github.com/zats/Vortex",
+      "state" : {
+        "revision" : "ef5392088d4aeb255c4eee83157dbdafcd31bf07"
+      }
     }
   ],
   "version" : 3
diff --git a/Package.swift b/Package.swift
index 83cbfca65..6864b99b0 100644
--- a/Package.swift
+++ b/Package.swift
@@ -9,19 +9,39 @@ let useLocalSweetCookieKit =
 let sweetCookieKitDependency: Package.Dependency =
     useLocalSweetCookieKit && FileManager.default.fileExists(atPath: sweetCookieKitPath)
     ? .package(path: sweetCookieKitPath)
-    : .package(url: "https://github.com/steipete/SweetCookieKit", from: "0.4.0")
+    : .package(url: "https://github.com/steipete/SweetCookieKit", from: "0.4.1")
 
 let package = Package(
     name: "CodexBar",
+    defaultLocalization: "en",
     platforms: [
         .macOS(.v14),
     ],
+    products: {
+        var products: [Product] = [
+            .library(name: "CodexBarCore", targets: ["CodexBarCore"]),
+            .executable(name: "CodexBarCLI", targets: ["CodexBarCLI"]),
+        ]
+
+        #if os(macOS)
+        products.append(contentsOf: [
+            .executable(name: "CodexBar", targets: ["CodexBar"]),
+            .executable(name: "CodexBarClaudeWatchdog", targets: ["CodexBarClaudeWatchdog"]),
+            .executable(name: "CodexBarWidget", targets: ["CodexBarWidget"]),
+            .executable(name: "CodexBarClaudeWebProbe", targets: ["CodexBarClaudeWebProbe"]),
+        ])
+        #endif
+
+        return products
+    }(),
     dependencies: [
-        .package(url: "https://github.com/sparkle-project/Sparkle", from: "2.8.1"),
+        .package(url: "https://github.com/sparkle-project/Sparkle", from: "2.9.1"),
         .package(url: "https://github.com/steipete/Commander", from: "0.2.1"),
-        .package(url: "https://github.com/apple/swift-log", from: "1.9.1"),
+        .package(url: "https://github.com/apple/swift-crypto.git", from: "3.0.0"),
+        .package(url: "https://github.com/apple/swift-log", from: "1.12.0"),
         .package(url: "https://github.com/apple/swift-syntax", from: "600.0.1"),
         .package(url: "https://github.com/sindresorhus/KeyboardShortcuts", from: "2.4.0"),
+        .package(url: "https://github.com/zats/Vortex", revision: "ef5392088d4aeb255c4eee83157dbdafcd31bf07"),
         sweetCookieKitDependency,
     ],
     targets: {
@@ -30,6 +50,7 @@ let package = Package(
                 name: "CodexBarCore",
                 dependencies: [
                     "CodexBarMacroSupport",
+                    .product(name: "Crypto", package: "swift-crypto"),
                     .product(name: "Logging", package: "swift-log"),
                     .product(name: "SweetCookieKit", package: "SweetCookieKit"),
                 ],
@@ -82,6 +103,7 @@ let package = Package(
                 dependencies: [
                     .product(name: "Sparkle", package: "Sparkle"),
                     .product(name: "KeyboardShortcuts", package: "KeyboardShortcuts"),
+                    .product(name: "Vortex", package: "Vortex"),
                     "CodexBarMacroSupport",
                     "CodexBarCore",
                 ],
@@ -112,8 +134,11 @@ let package = Package(
 
         targets.append(.testTarget(
             name: "CodexBarTests",
-            dependencies: ["CodexBar", "CodexBarCore", "CodexBarCLI"],
+            dependencies: ["CodexBar", "CodexBarCore", "CodexBarCLI", "CodexBarWidget"],
             path: "Tests",
+            resources: [
+                .copy("CodexBarTests/Fixtures"),
+            ],
             swiftSettings: [
                 .enableUpcomingFeature("StrictConcurrency"),
                 .enableExperimentalFeature("SwiftTesting"),
diff --git a/Scripts/analyze_quotio.sh b/Scripts/analyze_quotio.sh
index e3c6e76a1..2a4186e36 100755
--- a/Scripts/analyze_quotio.sh
+++ b/Scripts/analyze_quotio.sh
@@ -1,8 +1,8 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Analyze quotio repository for interesting patterns and features
 # Usage: ./Scripts/analyze_quotio.sh [feature-area]
 
-set -e
+set -euo pipefail
 
 AREA=${1:-all}
 
@@ -19,26 +19,53 @@ git fetch quotio 2>/dev/null || {
     git remote add quotio https://github.com/nguyenphutrong/quotio.git
     git fetch quotio
 }
+remote_default_branch() {
+    local remote=$1
+    local branch=""
+    local candidate
+
+    branch=$(git symbolic-ref -q --short "refs/remotes/${remote}/HEAD" 2>/dev/null | sed "s#^${remote}/##" || true)
+    if [ -z "$branch" ]; then
+        branch=$(git remote show "$remote" 2>/dev/null | awk '/HEAD branch/ {print $NF; exit}' || true)
+    fi
+    if [ -n "$branch" ] && git rev-parse --verify -q "${remote}/${branch}" >/dev/null; then
+        echo "$branch"
+        return 0
+    fi
+
+    for candidate in main master; do
+        if git rev-parse --verify -q "${remote}/${candidate}" >/dev/null; then
+            echo "$candidate"
+            return 0
+        fi
+    done
+
+    echo -e "${RED}Error: Could not resolve default branch for remote '$remote'.${NC}" >&2
+    exit 1
+}
+
+QUOTIO_BRANCH=$(remote_default_branch quotio)
+QUOTIO_REF="quotio/${QUOTIO_BRANCH}"
 
 echo ""
-echo -e "${GREEN}==> Quotio Repository Analysis${NC}"
+echo -e "${GREEN}==> Quotio Repository Analysis (${QUOTIO_REF})${NC}"
 echo ""
 
 # Show recent activity
 echo -e "${BLUE}Recent Activity (last 30 days):${NC}"
-git log --oneline --graph --remotes=quotio/main --since="30 days ago" | head -20
+git log --oneline --graph "$QUOTIO_REF" --since="30 days ago" | head -20 || true
 echo ""
 
 # Analyze file structure
 echo -e "${BLUE}File Structure:${NC}"
-git ls-tree -r --name-only quotio/main | grep -E '\.(swift|md)$' | head -30
+git ls-tree -r --name-only "$QUOTIO_REF" | grep -E '\.(swift|md)$' | head -30 || true
 echo ""
 
 # Find interesting patterns based on area
 case $AREA in
     "providers"|"all")
         echo -e "${BLUE}Provider Implementations:${NC}"
-        git ls-tree -r --name-only quotio/main | grep -i provider | head -20
+        git ls-tree -r --name-only "$QUOTIO_REF" | grep -i provider | head -20 || true
         echo ""
         ;;
 esac
@@ -46,7 +73,7 @@ esac
 case $AREA in
     "ui"|"all")
         echo -e "${BLUE}UI Components:${NC}"
-        git ls-tree -r --name-only quotio/main | grep -iE '(view|ui|menu)' | head -20
+        git ls-tree -r --name-only "$QUOTIO_REF" | grep -iE '(view|ui|menu)' | head -20 || true
         echo ""
         ;;
 esac
@@ -54,14 +81,14 @@ esac
 case $AREA in
     "auth"|"all")
         echo -e "${BLUE}Authentication/Session:${NC}"
-        git ls-tree -r --name-only quotio/main | grep -iE '(auth|session|cookie|login)' | head -20
+        git ls-tree -r --name-only "$QUOTIO_REF" | grep -iE '(auth|session|cookie|login)' | head -20 || true
         echo ""
         ;;
 esac
 
 # Show commit messages for pattern analysis
 echo -e "${BLUE}Recent Commit Messages (for pattern analysis):${NC}"
-git log --oneline quotio/main --since="60 days ago" | head -30
+git log --oneline "$QUOTIO_REF" --since="60 days ago" | head -30 || true
 echo ""
 
 # Create analysis report
@@ -70,20 +97,21 @@ cat > "$REPORT_FILE" << EOF
 # Quotio Analysis Report
 **Date:** $(date +%Y-%m-%d)
 **Purpose:** Identify patterns and features for CodexBar fork inspiration
+**Source ref:** \`$QUOTIO_REF\`
 
 ## Recent Activity
 \`\`\`
-$(git log --oneline --graph --remotes=quotio/main --since="30 days ago" | head -20)
+$(git log --oneline --graph "$QUOTIO_REF" --since="30 days ago" | head -20 || true)
 \`\`\`
 
 ## File Structure
 \`\`\`
-$(git ls-tree -r --name-only quotio/main | grep -E '\.(swift|md)$' | head -50)
+$(git ls-tree -r --name-only "$QUOTIO_REF" | grep -E '\.(swift|md)$' | head -50 || true)
 \`\`\`
 
 ## Recent Commits
 \`\`\`
-$(git log --oneline quotio/main --since="60 days ago" | head -30)
+$(git log --oneline "$QUOTIO_REF" --since="60 days ago" | head -30 || true)
 \`\`\`
 
 ## Areas of Interest
@@ -124,16 +152,15 @@ echo ""
 echo -e "${YELLOW}Next steps:${NC}"
 echo ""
 echo "1. View specific files:"
-echo "   ${GREEN}git show quotio/main:path/to/file${NC}"
+echo "   ${GREEN}git show $QUOTIO_REF:path/to/file${NC}"
 echo ""
 echo "2. Compare implementations:"
-echo "   ${GREEN}git diff main quotio/main -- path/to/similar/file${NC}"
+echo "   ${GREEN}git diff main $QUOTIO_REF -- path/to/similar/file${NC}"
 echo ""
 echo "3. Review commit details:"
-echo "   ${GREEN}git log -p quotio/main --since='30 days ago'${NC}"
+echo "   ${GREEN}git log -p $QUOTIO_REF --since='30 days ago'${NC}"
 echo ""
 echo "4. Document patterns in:"
 echo "   ${GREEN}docs/QUOTIO_ANALYSIS.md${NC}"
 echo ""
 echo -e "${BLUE}Remember: Adapt patterns, don't copy code!${NC}"
-
diff --git a/Scripts/changelog-to-html.sh b/Scripts/changelog-to-html.sh
index 412a759db..9311e6c3f 100755
--- a/Scripts/changelog-to-html.sh
+++ b/Scripts/changelog-to-html.sh
@@ -1,89 +1,4 @@
 #!/usr/bin/env bash
 set -euo pipefail
-
-VERSION=${1:-}
-CHANGELOG_FILE=${2:-}
-
-if [[ -z "$VERSION" ]]; then
-  echo "Usage: $0 <version> [changelog_file]" >&2
-  exit 1
-fi
-
 SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
-if [[ -z "$CHANGELOG_FILE" ]]; then
-  if [[ -f "$SCRIPT_DIR/../CHANGELOG.md" ]]; then
-    CHANGELOG_FILE="$SCRIPT_DIR/../CHANGELOG.md"
-  elif [[ -f "CHANGELOG.md" ]]; then
-    CHANGELOG_FILE="CHANGELOG.md"
-  elif [[ -f "../CHANGELOG.md" ]]; then
-    CHANGELOG_FILE="../CHANGELOG.md"
-  else
-    echo "Error: Could not find CHANGELOG.md" >&2
-    exit 1
-  fi
-fi
-
-if [[ ! -f "$CHANGELOG_FILE" ]]; then
-  echo "Error: Changelog file '$CHANGELOG_FILE' not found" >&2
-  exit 1
-fi
-
-extract_version_section() {
-  local version=$1
-  local file=$2
-  awk -v version="$version" '
-    BEGIN { found=0 }
-    /^## / {
-      if ($0 ~ "^##[[:space:]]+" version "([[:space:]].*|$)") { found=1; next }
-      if (found) { exit }
-    }
-    found { print }
-  ' "$file"
-}
-
-markdown_to_html() {
-  local text=$1
-  text=$(echo "$text" | sed 's/^### \(.*\)$/<h3>\1<\/h3>/')
-  text=$(echo "$text" | sed 's/^## \(.*\)$/<h2>\1<\/h2>/')
-  text=$(echo "$text" | sed 's/^- \*\*\([^*]*\)\*\*\(.*\)$/<li><strong>\1<\/strong>\2<\/li>/')
-  text=$(echo "$text" | sed 's/^- \([^*].*\)$/<li>\1<\/li>/')
-  text=$(echo "$text" | sed 's/\*\*\([^*]*\)\*\*/<strong>\1<\/strong>/g')
-  text=$(echo "$text" | sed 's/`\([^`]*\)`/<code>\1<\/code>/g')
-  text=$(echo "$text" | sed 's/\[\([^]]*\)\](\([^)]*\))/<a href="\2">\1<\/a>/g')
-  echo "$text"
-}
-
-version_content=$(extract_version_section "$VERSION" "$CHANGELOG_FILE")
-if [[ -z "$version_content" ]]; then
-  echo "<h2>CodexBar $VERSION</h2>"
-  echo "<p>Latest CodexBar update.</p>"
-  echo "<p><a href=\"https://github.com/steipete/CodexBar/blob/main/CHANGELOG.md\">View full changelog</a></p>"
-  exit 0
-fi
-
-echo "<h2>CodexBar $VERSION</h2>"
-
-in_list=false
-while IFS= read -r line; do
-  if [[ "$line" =~ ^- ]]; then
-    if [[ "$in_list" == false ]]; then
-      echo "<ul>"
-      in_list=true
-    fi
-    markdown_to_html "$line"
-  else
-    if [[ "$in_list" == true ]]; then
-      echo "</ul>"
-      in_list=false
-    fi
-    if [[ -n "$line" ]]; then
-      markdown_to_html "$line"
-    fi
-  fi
-done <<< "$version_content"
-
-if [[ "$in_list" == true ]]; then
-  echo "</ul>"
-fi
-
-echo "<p><a href=\"https://github.com/steipete/CodexBar/blob/main/CHANGELOG.md\">View full changelog</a></p>"
+exec "$SCRIPT_DIR/mac-release" changelog-html "$@"
diff --git a/Scripts/check-release-assets.sh b/Scripts/check-release-assets.sh
index 4251ef6a2..ffb223732 100755
--- a/Scripts/check-release-assets.sh
+++ b/Scripts/check-release-assets.sh
@@ -1,10 +1,4 @@
 #!/usr/bin/env bash
 set -euo pipefail
-
-ROOT=$(cd "$(dirname "$0")/.." && pwd)
-source "$HOME/Projects/agent-scripts/release/sparkle_lib.sh"
-
-TAG=${1:-$(git describe --tags --abbrev=0)}
-ARTIFACT_PREFIX="CodexBar-"
-
-check_assets "$TAG" "$ARTIFACT_PREFIX"
+SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+exec "$SCRIPT_DIR/mac-release" check-assets "$@"
diff --git a/Scripts/check_upstreams.sh b/Scripts/check_upstreams.sh
index a3ae64ee0..18dac1354 100755
--- a/Scripts/check_upstreams.sh
+++ b/Scripts/check_upstreams.sh
@@ -1,8 +1,8 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Check for new changes in upstream repositories
 # Usage: ./Scripts/check_upstreams.sh [upstream|quotio|all]
 
-set -e
+set -euo pipefail
 
 TARGET=${1:-all}
 DAYS=${2:-7}
@@ -33,19 +33,46 @@ fi
 
 echo ""
 
+remote_default_branch() {
+    local remote=$1
+    local branch=""
+    local candidate
+
+    branch=$(git symbolic-ref -q --short "refs/remotes/${remote}/HEAD" 2>/dev/null | sed "s#^${remote}/##" || true)
+    if [ -z "$branch" ]; then
+        branch=$(git remote show "$remote" 2>/dev/null | awk '/HEAD branch/ {print $NF; exit}' || true)
+    fi
+    if [ -n "$branch" ] && git rev-parse --verify -q "${remote}/${branch}" >/dev/null; then
+        echo "$branch"
+        return 0
+    fi
+
+    for candidate in main master; do
+        if git rev-parse --verify -q "${remote}/${candidate}" >/dev/null; then
+            echo "$candidate"
+            return 0
+        fi
+    done
+
+    echo -e "${RED}Error: Could not resolve default branch for remote '$remote'.${NC}" >&2
+    exit 1
+}
+
 # Check upstream (steipete)
 if [ "$TARGET" = "all" ] || [ "$TARGET" = "upstream" ]; then
     echo -e "${BLUE}==> Upstream (steipete/CodexBar) changes:${NC}"
+    UPSTREAM_BRANCH=$(remote_default_branch upstream)
+    UPSTREAM_REF="upstream/${UPSTREAM_BRANCH}"
     
-    UPSTREAM_COUNT=$(git log --oneline main..upstream/main --no-merges 2>/dev/null | wc -l | tr -d ' ')
+    UPSTREAM_COUNT=$(git log --oneline "main..${UPSTREAM_REF}" --no-merges 2>/dev/null | wc -l | tr -d ' ')
     
     if [ "$UPSTREAM_COUNT" -gt 0 ]; then
         echo -e "${GREEN}Found $UPSTREAM_COUNT new commits${NC}"
         echo ""
-        git log --oneline --graph main..upstream/main --no-merges | head -20
+        git log --oneline --graph "main..${UPSTREAM_REF}" --no-merges | head -20 || true
         echo ""
         echo -e "${YELLOW}Files changed:${NC}"
-        git diff --stat main..upstream/main | tail -20
+        git diff --stat "main..${UPSTREAM_REF}" | tail -20 || true
     else
         echo -e "${GREEN}No new commits (up to date)${NC}"
     fi
@@ -55,17 +82,19 @@ fi
 # Check quotio
 if [ "$TARGET" = "all" ] || [ "$TARGET" = "quotio" ]; then
     echo -e "${BLUE}==> Quotio changes (last $DAYS days):${NC}"
+    QUOTIO_BRANCH=$(remote_default_branch quotio)
+    QUOTIO_REF="quotio/${QUOTIO_BRANCH}"
     
-    QUOTIO_COUNT=$(git log --oneline --all --remotes=quotio/main --since="$DAYS days ago" 2>/dev/null | wc -l | tr -d ' ')
+    QUOTIO_COUNT=$(git log --oneline "$QUOTIO_REF" --since="$DAYS days ago" 2>/dev/null | wc -l | tr -d ' ')
     
     if [ "$QUOTIO_COUNT" -gt 0 ]; then
         echo -e "${GREEN}Found $QUOTIO_COUNT commits in last $DAYS days${NC}"
         echo ""
-        git log --oneline --graph --remotes=quotio/main --since="$DAYS days ago" | head -20
+        git log --oneline --graph "$QUOTIO_REF" --since="$DAYS days ago" | head -20 || true
         echo ""
         echo -e "${YELLOW}Recent file changes:${NC}"
         # Show changes from last 10 commits
-        git diff --stat quotio/main~10..quotio/main 2>/dev/null | tail -20 || echo "Unable to show diff"
+        git diff --stat "${QUOTIO_REF}~10..${QUOTIO_REF}" 2>/dev/null | tail -20 || echo "Unable to show diff"
     else
         echo -e "${GREEN}No new commits in last $DAYS days${NC}"
     fi
@@ -85,6 +114,5 @@ echo ""
 echo -e "${YELLOW}Next steps:${NC}"
 echo "  Review upstream: ./Scripts/review_upstream.sh upstream"
 echo "  Review quotio:   ./Scripts/review_upstream.sh quotio"
-echo "  Detailed diff:   git diff main..upstream/main"
-echo "  View quotio:     git log -p quotio/main~10..quotio/main"
-
+echo "  Detailed diff:   git diff main..<resolved-remote>/<default-branch>"
+echo "  View quotio:     ./Scripts/analyze_quotio.sh"
diff --git a/Scripts/ci_swift_test_by_suite.py b/Scripts/ci_swift_test_by_suite.py
new file mode 100755
index 000000000..55e28ea07
--- /dev/null
+++ b/Scripts/ci_swift_test_by_suite.py
@@ -0,0 +1,129 @@
+#!/usr/bin/env python3
+"""Run SwiftPM tests in suite shards so CI cannot hang inside one aggregate run."""
+
+from __future__ import annotations
+
+import argparse
+import os
+import re
+import signal
+import subprocess
+import sys
+from collections.abc import Iterable
+
+
+def parse_args() -> argparse.Namespace:
+    parser = argparse.ArgumentParser()
+    parser.add_argument("--group-size", type=int, default=12)
+    parser.add_argument("--timeout", type=int, default=180)
+    parser.add_argument("--limit-groups", type=int)
+    parser.add_argument("--list-only", action="store_true")
+    return parser.parse_args()
+
+
+def run_command(command: list[str], timeout: int | None = None) -> int:
+    print(f"+ {' '.join(command)}", flush=True)
+    process = subprocess.Popen(command, start_new_session=True)
+    try:
+        return process.wait(timeout=timeout)
+    except subprocess.TimeoutExpired:
+        print(f"::warning::Command timed out after {timeout}s: {' '.join(command)}", flush=True)
+        os.killpg(process.pid, signal.SIGTERM)
+        try:
+            process.wait(timeout=10)
+        except subprocess.TimeoutExpired:
+            os.killpg(process.pid, signal.SIGKILL)
+            process.wait()
+        return 124
+
+
+def swift_test_list() -> list[str]:
+    result = subprocess.run(["swift", "test", "list"], check=True, capture_output=True, text=True)
+    suites: set[str] = set()
+    for line in result.stdout.splitlines():
+        if "/" not in line:
+            continue
+        suite = line.split("/", 1)[0]
+        if "." not in suite:
+            continue
+        suites.add(suite)
+    return sorted(suites)
+
+
+def chunks(items: list[str], size: int) -> Iterable[list[str]]:
+    for index in range(0, len(items), size):
+        yield items[index : index + size]
+
+
+def prioritized_suites(suites: list[str]) -> list[str]:
+    priority = ["CodexBarTests.CLIEntryTests"]
+    ordered = [suite for suite in priority if suite in suites]
+    ordered.extend(suite for suite in suites if suite not in priority)
+    return ordered
+
+
+def filtered_suites_for_environment(suites: list[str]) -> list[str]:
+    if os.environ.get("GITHUB_ACTIONS") != "true" or sys.platform != "darwin":
+        return suites
+
+    # SwiftPM hangs before suite output for this executable-target suite on the Intel macOS runner.
+    # Linux CI still runs it in the full Swift test lane, and local macOS runs it directly.
+    skipped = {"CodexBarTests.CLIEntryTests"}
+    filtered = [suite for suite in suites if suite not in skipped]
+    if len(filtered) != len(suites):
+        print(f"Skipping macOS CI-only suites: {', '.join(sorted(skipped))}", flush=True)
+    return filtered
+
+
+def filter_for(suites: list[str]) -> str:
+    escaped = [re.escape(suite) for suite in suites]
+    return rf"^({'|'.join(escaped)})/"
+
+
+def run_group(suites: list[str], timeout: int) -> int:
+    return run_command(["swift", "test", "--no-parallel", "--filter", filter_for(suites)], timeout=timeout)
+
+
+def main() -> int:
+    args = parse_args()
+    if args.group_size < 1:
+        print("--group-size must be positive", file=sys.stderr)
+        return 2
+
+    suites = prioritized_suites(filtered_suites_for_environment(swift_test_list()))
+    print(f"Discovered {len(suites)} test suites", flush=True)
+    if args.list_only:
+        for suite in suites:
+            print(suite)
+        return 0
+
+    suite_groups = list(chunks(suites, args.group_size))
+    if args.limit_groups is not None:
+        suite_groups = suite_groups[: args.limit_groups]
+
+    for group_index, group in enumerate(suite_groups, start=1):
+        print(
+            f"::group::Swift test shard {group_index}/{len(suite_groups)} "
+            f"({len(group)} suites)",
+            flush=True,
+        )
+        result = run_group(group, args.timeout)
+        print("::endgroup::", flush=True)
+        if result == 0:
+            continue
+        if result != 124 or len(group) == 1:
+            return result
+
+        print(f"Shard {group_index} timed out; retrying suites one at a time", flush=True)
+        for suite in group:
+            print(f"::group::Swift test retry {suite}", flush=True)
+            retry_result = run_group([suite], args.timeout)
+            print("::endgroup::", flush=True)
+            if retry_result != 0:
+                return retry_result
+
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())
diff --git a/Scripts/compile_and_run.sh b/Scripts/compile_and_run.sh
index ef7858634..d0ecc4078 100755
--- a/Scripts/compile_and_run.sh
+++ b/Scripts/compile_and_run.sh
@@ -16,10 +16,46 @@ RUN_TESTS=0
 DEBUG_LLDB=0
 RELEASE_ARCHES=""
 SIGNING_MODE="${CODEXBAR_SIGNING:-}"
+CLEAR_ADHOC_KEYCHAIN=0
 
 log()  { printf '%s\n' "$*"; }
 fail() { printf 'ERROR: %s\n' "$*" >&2; exit 1; }
 
+delete_keychain_service_items() {
+  local service="$1"
+  security delete-generic-password -s "${service}" >/dev/null 2>&1 || true
+  while security delete-generic-password -s "${service}" >/dev/null 2>&1; do
+    :
+  done
+}
+
+# Ensure Swift >= 5.5 (required for --arch flag in swift build)
+ensure_swift_version() {
+  local swift_output
+  local swift_ver
+  swift_output=$(swift --version 2>&1 || true)
+  if [[ "$swift_output" =~ (Apple[[:space:]]+)?Swift[[:space:]]+version[[:space:]]+([0-9]+)\.([0-9]+)(\.[0-9]+)? ]]; then
+    swift_ver="${BASH_REMATCH[2]}.${BASH_REMATCH[3]}${BASH_REMATCH[4]}"
+  else
+    fail "Swift >= 5.5 required (found ${swift_output:-none}). Install Xcode or update swiftly."
+  fi
+  local major minor
+  major=$(echo "$swift_ver" | cut -d. -f1)
+  minor=$(echo "$swift_ver" | cut -d. -f2)
+  if [[ "${major:-0}" -ge 6 ]] || { [[ "${major:-0}" -eq 5 ]] && [[ "${minor:-0}" -ge 5 ]]; }; then
+    return 0
+  fi
+  # Try Xcode toolchain
+  local xcrun_swift
+  xcrun_swift=$(xcrun --find swift 2>/dev/null || true)
+  if [[ -n "$xcrun_swift" && -x "$xcrun_swift" ]]; then
+    log "WARN: PATH swift is v${swift_ver}; switching to Xcode toolchain at $(dirname "$xcrun_swift")"
+    export PATH="$(dirname "$xcrun_swift"):$PATH"
+    return 0
+  fi
+  fail "Swift >= 5.5 required (found ${swift_ver:-none}). Install Xcode or update swiftly."
+}
+
 has_signing_identity() {
   local identity="${1:-}"
   if [[ -z "${identity}" ]]; then
@@ -28,13 +64,55 @@ has_signing_identity() {
   security find-identity -p codesigning -v 2>/dev/null | grep -F "${identity}" >/dev/null 2>&1
 }
 
+detect_codesigning_identity() {
+  local preferred_prefixes=(
+    "Developer ID Application:"
+    "Apple Development:"
+    "Apple Distribution:"
+  )
+  local prefix
+  local identities
+  identities="$(security find-identity -p codesigning -v 2>/dev/null || true)"
+  for prefix in "${preferred_prefixes[@]}"; do
+    awk -v prefix="${prefix}" '
+      index($0, "\"" prefix) {
+        sub(/^[^\"]*\"/, "")
+        sub(/\".*$/, "")
+        print
+        exit
+      }
+    ' <<<"${identities}"
+  done | sed -n '1p'
+}
+
+export_team_id_from_identity() {
+  local identity="${1:-}"
+  if [[ -n "${APP_TEAM_ID:-}" || -z "${identity}" ]]; then
+    return
+  fi
+  local subject
+  subject="$(security find-certificate -c "${identity}" -p 2>/dev/null \
+    | openssl x509 -noout -subject -nameopt RFC2253 2>/dev/null || true)"
+  if [[ "${subject}" =~ (^|,)OU=([A-Z0-9]{10})(,|$) ]]; then
+    APP_TEAM_ID="${BASH_REMATCH[2]}"
+    export APP_TEAM_ID
+    return
+  fi
+  if [[ "${identity}" =~ \(([A-Z0-9]{10})\)$ ]]; then
+    APP_TEAM_ID="${BASH_REMATCH[1]}"
+    export APP_TEAM_ID
+  fi
+}
+
 resolve_signing_mode() {
   if [[ -n "${SIGNING_MODE}" ]]; then
+    export_team_id_from_identity "${APP_IDENTITY:-}"
     return
   fi
 
   if [[ -n "${APP_IDENTITY:-}" ]]; then
     if has_signing_identity "${APP_IDENTITY}"; then
+      export_team_id_from_identity "${APP_IDENTITY}"
       SIGNING_MODE="identity"
       return
     fi
@@ -43,20 +121,6 @@ resolve_signing_mode() {
     return
   fi
 
-  # Auto-detect any Developer ID Application certificate from the keychain
-  local detected=""
-  detected="$(security find-identity -v -p codesigning 2>/dev/null \
-    | grep -o '"Developer ID Application: [^"]*"' \
-    | head -1 \
-    | tr -d '"' || true)"
-  if [[ -n "${detected}" ]]; then
-    APP_IDENTITY="${detected}"
-    export APP_IDENTITY
-    SIGNING_MODE="identity"
-    return
-  fi
-
-  # Fall back to well-known identities
   local candidate=""
   for candidate in \
     "Developer ID Application: Peter Steinberger (Y5PE65HELJ)" \
@@ -65,11 +129,21 @@ resolve_signing_mode() {
     if has_signing_identity "${candidate}"; then
       APP_IDENTITY="${candidate}"
       export APP_IDENTITY
+      export_team_id_from_identity "${APP_IDENTITY}"
       SIGNING_MODE="identity"
       return
     fi
   done
 
+  candidate="$(detect_codesigning_identity)"
+  if [[ -n "${candidate}" ]]; then
+    APP_IDENTITY="${candidate}"
+    export APP_IDENTITY
+    export_team_id_from_identity "${APP_IDENTITY}"
+    SIGNING_MODE="identity"
+    return
+  fi
+
   SIGNING_MODE="adhoc"
 }
 
@@ -166,10 +240,11 @@ for arg in "$@"; do
     --wait|-w) WAIT_FOR_LOCK=1 ;;
     --test|-t) RUN_TESTS=1 ;;
     --debug-lldb) DEBUG_LLDB=1 ;;
+    --clear-adhoc-keychain) CLEAR_ADHOC_KEYCHAIN=1 ;;
     --release-universal) RELEASE_ARCHES="arm64 x86_64" ;;
     --release-arches=*) RELEASE_ARCHES="${arg#*=}" ;;
     --help|-h)
-      log "Usage: $(basename "$0") [--wait] [--test] [--debug-lldb] [--release-universal] [--release-arches=\"arm64 x86_64\"]"
+      log "Usage: $(basename "$0") [--wait] [--test] [--debug-lldb] [--clear-adhoc-keychain] [--release-universal] [--release-arches=\"arm64 x86_64\"]"
       exit 0
       ;;
     *)
@@ -177,7 +252,11 @@ for arg in "$@"; do
   esac
 done
 
+ensure_swift_version
 resolve_signing_mode
+if [[ "${CLEAR_ADHOC_KEYCHAIN}" == "1" && "${SIGNING_MODE}" != "adhoc" ]]; then
+  fail "--clear-adhoc-keychain is only supported when using adhoc signing."
+fi
 if [[ "${SIGNING_MODE}" == "adhoc" ]]; then
   log "==> Signing: adhoc (set APP_IDENTITY or install a dev cert to avoid keychain prompts)"
 else
@@ -191,15 +270,16 @@ log "==> Killing existing CodexBar instances"
 kill_all_codexbar
 kill_claude_probes
 
-# 2.5) Delete keychain entries to avoid permission prompts with adhoc signing
+# 2.5) Optionally delete keychain entries to avoid permission prompts with adhoc signing
 # (adhoc signature changes on every build, making old keychain entries inaccessible)
-if [[ "${SIGNING_MODE:-adhoc}" == "adhoc" ]]; then
-  log "==> Clearing keychain entries (adhoc signing)"
-  security delete-generic-password -s "com.steipete.CodexBar" 2>/dev/null || true
-  # Clear all keychain items for the app to avoid multiple prompts
-  while security delete-generic-password -s "com.steipete.CodexBar" 2>/dev/null; do
-    :
-  done
+if [[ "${SIGNING_MODE:-adhoc}" == "adhoc" && "${CLEAR_ADHOC_KEYCHAIN}" == "1" ]]; then
+  log "==> Clearing CodexBar keychain entries (adhoc signing)"
+  # Clear both the legacy keychain store and the current cache service when developers explicitly want a clean reset
+  # of CodexBar-owned keychain state for ad-hoc builds.
+  delete_keychain_service_items "com.steipete.CodexBar"
+  delete_keychain_service_items "com.steipete.codexbar.cache"
+elif [[ "${SIGNING_MODE:-adhoc}" == "adhoc" ]]; then
+  log "==> Preserving CodexBar keychain entries (pass --clear-adhoc-keychain to reset adhoc keychain state)"
 fi
 
 # 3) Package (release build happens inside package_app.sh).
@@ -214,13 +294,16 @@ ARCHES_VALUE="${HOST_ARCH}"
 if [[ -n "${RELEASE_ARCHES}" ]]; then
   ARCHES_VALUE="${RELEASE_ARCHES}"
 fi
+PACKAGE_ENV=(
+  ARCHES="${ARCHES_VALUE}"
+)
 if [[ "${DEBUG_LLDB}" == "1" ]]; then
-  run_step "package app" env CODEXBAR_ALLOW_LLDB=1 ARCHES="${ARCHES_VALUE}" "${ROOT_DIR}/Scripts/package_app.sh" debug
+  run_step "package app" env CODEXBAR_ALLOW_LLDB=1 "${PACKAGE_ENV[@]}" "${ROOT_DIR}/Scripts/package_app.sh" debug
 else
   if [[ -n "${SIGNING_MODE}" ]]; then
-    run_step "package app" env CODEXBAR_SIGNING="${SIGNING_MODE}" ARCHES="${ARCHES_VALUE}" "${ROOT_DIR}/Scripts/package_app.sh"
+    run_step "package app" env CODEXBAR_SIGNING="${SIGNING_MODE}" "${PACKAGE_ENV[@]}" "${ROOT_DIR}/Scripts/package_app.sh"
   else
-    run_step "package app" env ARCHES="${ARCHES_VALUE}" "${ROOT_DIR}/Scripts/package_app.sh"
+    run_step "package app" env "${PACKAGE_ENV[@]}" "${ROOT_DIR}/Scripts/package_app.sh"
   fi
 fi
 
diff --git a/Scripts/cost_jsonl_shape_survey.swift b/Scripts/cost_jsonl_shape_survey.swift
new file mode 100755
index 000000000..427360123
--- /dev/null
+++ b/Scripts/cost_jsonl_shape_survey.swift
@@ -0,0 +1,289 @@
+#!/usr/bin/env swift
+
+import Foundation
+
+struct SurveyOptions {
+    var root: URL = FileManager.default.homeDirectoryForCurrentUser
+        .appendingPathComponent(".codex", isDirectory: true)
+        .appendingPathComponent("sessions", isDirectory: true)
+    var days: Double = 30
+}
+
+struct Survey {
+    var files = 0
+    var totalBytes: Int64 = 0
+    var lines = 0
+    var relevantLines = 0
+    var lineLengths: [Int] = []
+    var linesOver32KiB = 0
+    var linesOver256KiB = 0
+    var turnContextLines = 0
+    var turnContextOver32KiB = 0
+    var turnContextOver256KiB = 0
+    var turnContextModelOffsets: [Int] = []
+    var turnContextModelOffsetUnder32KiB = 0
+    var turnContextModelOffsetUnder256KiB = 0
+    var tokenCountLines = 0
+    var tokenCountMissingExplicitModel = 0
+
+    mutating func recordFile(byteCount: Int64) {
+        self.files += 1
+        self.totalBytes += byteCount
+    }
+
+    mutating func recordLine(_ line: Data) {
+        guard !line.isEmpty else { return }
+
+        let length = line.count
+        self.lines += 1
+        self.lineLengths.append(length)
+        if length > 32 * 1024 {
+            self.linesOver32KiB += 1
+        }
+        if length > 256 * 1024 {
+            self.linesOver256KiB += 1
+        }
+
+        let isRelevant = line.contains(Marker.eventMessage)
+            || line.contains(Marker.turnContext)
+            || line.contains(Marker.sessionMetadata)
+        if isRelevant {
+            self.relevantLines += 1
+        }
+
+        if line.contains(Marker.turnContext) {
+            self.turnContextLines += 1
+            if length > 32 * 1024 {
+                self.turnContextOver32KiB += 1
+            }
+            if length > 256 * 1024 {
+                self.turnContextOver256KiB += 1
+            }
+            if let offset = line.firstOffset(of: Marker.modelField)
+                ?? line.firstOffset(of: Marker.modelNameField)
+            {
+                self.turnContextModelOffsets.append(offset)
+                if offset < 32 * 1024 {
+                    self.turnContextModelOffsetUnder32KiB += 1
+                }
+                if offset < 256 * 1024 {
+                    self.turnContextModelOffsetUnder256KiB += 1
+                }
+            }
+        }
+
+        if line.contains(Marker.tokenCount) {
+            self.tokenCountLines += 1
+            if !line.contains(Marker.modelField), !line.contains(Marker.modelNameField) {
+                self.tokenCountMissingExplicitModel += 1
+            }
+        }
+    }
+}
+
+enum Marker {
+    static let eventMessage = Data(#""type":"event_msg""#.utf8)
+    static let turnContext = Data(#""type":"turn_context""#.utf8)
+    static let sessionMetadata = Data(#""type":"session_meta""#.utf8)
+    static let tokenCount = Data(#""token_count""#.utf8)
+    static let modelField = Data(#""model""#.utf8)
+    static let modelNameField = Data(#""model_name""#.utf8)
+}
+
+extension Data {
+    func contains(_ marker: Data) -> Bool {
+        self.range(of: marker) != nil
+    }
+
+    func firstOffset(of marker: Data) -> Int? {
+        guard let range = self.range(of: marker) else { return nil }
+        return self.distance(from: self.startIndex, to: range.lowerBound)
+    }
+}
+
+func parseOptions(arguments: [String]) throws -> SurveyOptions {
+    var options = SurveyOptions()
+    var index = 1
+    while index < arguments.count {
+        switch arguments[index] {
+        case "--root":
+            index += 1
+            guard index < arguments.count else {
+                throw UsageError.message("--root requires a path")
+            }
+            options.root = URL(fileURLWithPath: expandTilde(arguments[index]), isDirectory: true)
+        case "--days":
+            index += 1
+            guard index < arguments.count, let days = Double(arguments[index]) else {
+                throw UsageError.message("--days requires a number")
+            }
+            options.days = days
+        case "--help", "-h":
+            printUsage()
+            Foundation.exit(0)
+        default:
+            throw UsageError.message("unknown argument: \(arguments[index])")
+        }
+        index += 1
+    }
+    return options
+}
+
+func expandTilde(_ path: String) -> String {
+    guard path == "~" || path.hasPrefix("~/") else { return path }
+    let home = FileManager.default.homeDirectoryForCurrentUser.path
+    if path == "~" {
+        return home
+    }
+    return home + String(path.dropFirst())
+}
+
+enum UsageError: Error, CustomStringConvertible {
+    case message(String)
+
+    var description: String {
+        switch self {
+        case let .message(text):
+            text
+        }
+    }
+}
+
+func printUsage() {
+    print(
+        """
+        Usage: Scripts/cost_jsonl_shape_survey.swift [--root PATH] [--days N]
+
+        Scans local Codex JSONL logs and prints aggregate shape only. It does not
+        print prompts, tool payloads, model values, file paths, or raw log lines.
+        """)
+}
+
+func jsonlFiles(root: URL, modifiedSince cutoff: Date) -> [URL] {
+    guard let enumerator = FileManager.default.enumerator(
+        at: root,
+        includingPropertiesForKeys: [.isRegularFileKey, .contentModificationDateKey, .fileSizeKey],
+        options: [.skipsHiddenFiles]) else { return [] }
+
+    var files: [URL] = []
+    for case let fileURL as URL in enumerator {
+        guard fileURL.pathExtension == "jsonl" else { continue }
+        let values = try? fileURL.resourceValues(forKeys: [.isRegularFileKey, .contentModificationDateKey])
+        guard values?.isRegularFile == true else { continue }
+        guard let modifiedAt = values?.contentModificationDate, modifiedAt >= cutoff else { continue }
+        files.append(fileURL)
+    }
+    return files.sorted { $0.path < $1.path }
+}
+
+func validateRoot(_ root: URL) throws {
+    var isDirectory: ObjCBool = false
+    let exists = FileManager.default.fileExists(atPath: root.path, isDirectory: &isDirectory)
+    guard exists, isDirectory.boolValue else {
+        throw UsageError.message("root does not exist or is not a directory")
+    }
+}
+
+func scan(fileURL: URL, into survey: inout Survey) throws {
+    let values = try fileURL.resourceValues(forKeys: [.fileSizeKey])
+    survey.recordFile(byteCount: Int64(values.fileSize ?? 0))
+
+    let handle = try FileHandle(forReadingFrom: fileURL)
+    defer { try? handle.close() }
+
+    var current = Data()
+    current.reserveCapacity(4 * 1024)
+
+    while true {
+        let chunk = try handle.read(upToCount: 256 * 1024) ?? Data()
+        if chunk.isEmpty {
+            survey.recordLine(current)
+            break
+        }
+
+        var segmentStart = chunk.startIndex
+        while let newline = chunk[segmentStart...].firstIndex(of: 0x0A) {
+            current.append(contentsOf: chunk[segmentStart..<newline])
+            survey.recordLine(current)
+            current.removeAll(keepingCapacity: true)
+            segmentStart = chunk.index(after: newline)
+        }
+
+        if segmentStart < chunk.endIndex {
+            current.append(contentsOf: chunk[segmentStart..<chunk.endIndex])
+        }
+    }
+}
+
+func percentile(_ values: [Int], _ percentile: Double) -> Int {
+    guard !values.isEmpty else { return 0 }
+    let sorted = values.sorted()
+    let index = Int((percentile * Double(sorted.count - 1)).rounded())
+    return sorted[max(0, min(index, sorted.count - 1))]
+}
+
+func printSummary(_ survey: Survey, options: SurveyOptions) {
+    print("root: \(redactedRootDescription(options.root))")
+    print("window days: \(Int(options.days))")
+    print("files: \(survey.files)")
+    print("total bytes: \(survey.totalBytes)")
+    print("lines: \(survey.lines)")
+    print("relevant Codex scanner lines: \(survey.relevantLines)")
+    print(
+        "line length p50/p90/p95/p99/max: " +
+            "\(percentile(survey.lineLengths, 0.50)) / " +
+            "\(percentile(survey.lineLengths, 0.90)) / " +
+            "\(percentile(survey.lineLengths, 0.95)) / " +
+            "\(percentile(survey.lineLengths, 0.99)) / " +
+            "\(percentile(survey.lineLengths, 1.00)) bytes")
+    print("lines > 32 KiB: \(survey.linesOver32KiB)")
+    print("lines > 256 KiB: \(survey.linesOver256KiB)")
+    print("turn_context lines: \(survey.turnContextLines)")
+    print("turn_context lines > 32 KiB: \(survey.turnContextOver32KiB)")
+    print("turn_context lines > 256 KiB: \(survey.turnContextOver256KiB)")
+    print(
+        "turn_context model offset p50/p95/max: " +
+            "\(percentile(survey.turnContextModelOffsets, 0.50)) / " +
+            "\(percentile(survey.turnContextModelOffsets, 0.95)) / " +
+            "\(percentile(survey.turnContextModelOffsets, 1.00)) bytes")
+    print(
+        "turn_context model offset < 32 KiB: " +
+            "\(survey.turnContextModelOffsetUnder32KiB) / \(survey.turnContextLines)")
+    print(
+        "turn_context model offset < 256 KiB: " +
+            "\(survey.turnContextModelOffsetUnder256KiB) / \(survey.turnContextLines)")
+    print(
+        "token_count rows missing an explicit model: " +
+            "\(survey.tokenCountMissingExplicitModel) / \(survey.tokenCountLines)")
+}
+
+func redactedRootDescription(_ root: URL) -> String {
+    let defaultRoot = SurveyOptions().root.standardizedFileURL.path
+    let currentRoot = root.standardizedFileURL.path
+    if currentRoot == defaultRoot {
+        return "default Codex sessions"
+    }
+    return "custom root (redacted)"
+}
+
+do {
+    let options = try parseOptions(arguments: CommandLine.arguments)
+    try validateRoot(options.root)
+    let cutoff = Date().addingTimeInterval(-options.days * 24 * 60 * 60)
+    let files = jsonlFiles(root: options.root, modifiedSince: cutoff)
+    guard !files.isEmpty else {
+        throw UsageError.message("no .jsonl files found in the selected time window")
+    }
+    var survey = Survey()
+    for fileURL in files {
+        try scan(fileURL: fileURL, into: &survey)
+    }
+    printSummary(survey, options: options)
+} catch let error as UsageError {
+    fputs("error: \(error.description)\n\n", stderr)
+    printUsage()
+    Foundation.exit(2)
+} catch {
+    fputs("error: \(error.localizedDescription)\n", stderr)
+    Foundation.exit(1)
+}
diff --git a/Scripts/generate-llms.mjs b/Scripts/generate-llms.mjs
new file mode 100755
index 000000000..16390124f
--- /dev/null
+++ b/Scripts/generate-llms.mjs
@@ -0,0 +1,76 @@
+#!/usr/bin/env node
+import fs from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+
+const repoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
+const docsDir = path.join(repoRoot, "docs");
+const cname = fs.readFileSync(path.join(docsDir, "CNAME"), "utf8").trim();
+const origin = "https://" + cname;
+const productName = "CodexBar";
+const productDescription = "CodexBar shows OpenAI Codex and Claude Code usage limits in the macOS menu bar.";
+const source = "https://github.com/steipete/CodexBar";
+
+const pages = allHtml(docsDir)
+  .map((file) => {
+    const rel = path.relative(docsDir, file).replaceAll(path.sep, "/");
+    if (rel === "404.html" || rel === "social.html") return null;
+    const html = fs.readFileSync(file, "utf8");
+    return {
+      rel,
+      title: textContent(html.match(/<title[^>]*>([\s\S]*?)<\/title>/i)?.[1]) || titleize(path.basename(rel, ".html")),
+      description: attr(html.match(/<meta\s+name=["']description["']\s+content=["']([^"']*)["'][^>]*>/i)?.[1] || ""),
+    };
+  })
+  .filter(Boolean)
+  .sort((a, b) => (a.rel === "index.html" ? -1 : b.rel === "index.html" ? 1 : a.rel.localeCompare(b.rel)));
+
+const lines = [
+  "# " + productName,
+  "",
+  productDescription,
+  "",
+  "Canonical documentation:",
+  ...pages.map((page) => "- " + page.title + ": " + pageUrl(page.rel) + (page.description ? " - " + page.description : "")),
+  "",
+  "Source: " + source,
+  "",
+  "Guidance for agents:",
+  "- Prefer the canonical documentation URLs above over README excerpts or package metadata.",
+  "- Fetch only the pages needed for the current task; this is an index, not a full-site corpus.",
+  "",
+];
+
+fs.writeFileSync(path.join(docsDir, "llms.txt"), lines.join("\n"), "utf8");
+console.log("wrote " + path.relative(repoRoot, path.join(docsDir, "llms.txt")));
+
+function allHtml(dir) {
+  return fs.readdirSync(dir, { withFileTypes: true }).flatMap((entry) => {
+    const full = path.join(dir, entry.name);
+    if (entry.name === "node_modules" || entry.name.startsWith(".")) return [];
+    if (entry.isDirectory()) return allHtml(full);
+    return entry.name.endsWith(".html") ? [full] : [];
+  });
+}
+
+function pageUrl(rel) {
+  return rel === "index.html" ? origin + "/" : origin + "/" + rel;
+}
+
+function textContent(value) {
+  return attr(value || "").replace(/<[^>]+>/g, "").replace(/\s+/g, " ").trim();
+}
+
+function attr(value) {
+  return String(value || "")
+    .replace(/&mdash;/g, "-")
+    .replace(/&amp;/g, "&")
+    .replace(/&nbsp;/g, " ")
+    .replace(/&#39;/g, "'")
+    .replace(/&quot;/g, '"')
+    .trim();
+}
+
+function titleize(input) {
+  return input.replaceAll("-", " ").replace(/\b\w/g, (m) => m.toUpperCase());
+}
diff --git a/Scripts/lint.sh b/Scripts/lint.sh
index 748b5517e..e6022264e 100755
--- a/Scripts/lint.sh
+++ b/Scripts/lint.sh
@@ -11,10 +11,15 @@ ensure_tools() {
   "${ROOT_DIR}/Scripts/install_lint_tools.sh"
 }
 
+check_codex_parser_hash() {
+  "${ROOT_DIR}/Scripts/regenerate-codex-parser-hash.sh" --check
+}
+
 cmd="${1:-lint}"
 
 case "$cmd" in
   lint)
+    check_codex_parser_hash
     ensure_tools
     "${BIN_DIR}/swiftformat" Sources Tests --lint
     "${BIN_DIR}/swiftlint" --strict
diff --git a/Scripts/mac-release b/Scripts/mac-release
new file mode 100755
index 000000000..b2a0178e0
--- /dev/null
+++ b/Scripts/mac-release
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+ROOT=$(cd "$SCRIPT_DIR/.." && pwd)
+cd "$ROOT"
+
+if [[ -n "${MAC_RELEASE_TOOL:-}" ]]; then
+  exec "$MAC_RELEASE_TOOL" "$@"
+fi
+
+for candidate in \
+  "$ROOT/../agent-scripts/skills/release-mac-app/scripts/mac-release" \
+  "$HOME/Projects/agent-scripts/skills/release-mac-app/scripts/mac-release"; do
+  if [[ -x "$candidate" ]]; then
+    exec "$candidate" "$@"
+  fi
+done
+
+cat >&2 <<'EOF'
+Missing mac-release helper.
+Clone agent-scripts next to this repo or set MAC_RELEASE_TOOL=/path/to/mac-release.
+EOF
+exit 127
diff --git a/Scripts/make_appcast.sh b/Scripts/make_appcast.sh
index bcf6c06ac..262ec3729 100755
--- a/Scripts/make_appcast.sh
+++ b/Scripts/make_appcast.sh
@@ -1,108 +1,4 @@
 #!/usr/bin/env bash
 set -euo pipefail
-
-ROOT=$(cd "$(dirname "$0")/.." && pwd)
-ZIP=${1:?
-"Usage: $0 CodexBar-<ver>.zip"}
-FEED_URL=${2:-"https://raw.githubusercontent.com/steipete/CodexBar/main/appcast.xml"}
-PRIVATE_KEY_FILE=${SPARKLE_PRIVATE_KEY_FILE:-}
-SPARKLE_CHANNEL=${SPARKLE_CHANNEL:-}
-if [[ -z "$PRIVATE_KEY_FILE" ]]; then
-  echo "Set SPARKLE_PRIVATE_KEY_FILE to your ed25519 private key (Sparkle)." >&2
-  exit 1
-fi
-if [[ ! -f "$ZIP" ]]; then
-  echo "Zip not found: $ZIP" >&2
-  exit 1
-fi
-
-ZIP_DIR=$(cd "$(dirname "$ZIP")" && pwd)
-ZIP_NAME=$(basename "$ZIP")
-ZIP_BASE="${ZIP_NAME%.zip}"
-VERSION=${SPARKLE_RELEASE_VERSION:-}
-if [[ -z "$VERSION" ]]; then
-  if [[ "$ZIP_NAME" =~ ^CodexBar-([0-9]+(\.[0-9]+){1,2}([-.][^.]*)?)\.zip$ ]]; then
-    VERSION="${BASH_REMATCH[1]}"
-  else
-    echo "Could not infer version from $ZIP_NAME; set SPARKLE_RELEASE_VERSION." >&2
-    exit 1
-  fi
-fi
-
-NOTES_HTML="${ZIP_DIR}/${ZIP_BASE}.html"
-KEEP_NOTES=${KEEP_SPARKLE_NOTES:-0}
-if [[ -x "$ROOT/Scripts/changelog-to-html.sh" ]]; then
-  "$ROOT/Scripts/changelog-to-html.sh" "$VERSION" >"$NOTES_HTML"
-else
-  echo "Missing Scripts/changelog-to-html.sh; cannot generate HTML release notes." >&2
-  exit 1
-fi
-cleanup() {
-  if [[ -n "${WORK_DIR:-}" ]]; then
-    rm -rf "$WORK_DIR"
-  fi
-  if [[ "$KEEP_NOTES" != "1" ]]; then
-    rm -f "$NOTES_HTML"
-  fi
-}
-trap cleanup EXIT
-
-DOWNLOAD_URL_PREFIX=${SPARKLE_DOWNLOAD_URL_PREFIX:-"https://github.com/steipete/CodexBar/releases/download/v${VERSION}/"}
-
-# Sparkle provides generate_appcast; ensure it's on PATH (via SwiftPM build of Sparkle's bin) or Xcode dmg
-if ! command -v generate_appcast >/dev/null; then
-  echo "generate_appcast not found in PATH. Install Sparkle tools (see Sparkle docs)." >&2
-  exit 1
-fi
-
-WORK_DIR=$(mktemp -d /tmp/codexbar-appcast.XXXXXX)
-
-cp "$ROOT/appcast.xml" "$WORK_DIR/appcast.xml"
-cp "$ZIP" "$WORK_DIR/$ZIP_NAME"
-cp "$NOTES_HTML" "$WORK_DIR/$ZIP_BASE.html"
-
-pushd "$WORK_DIR" >/dev/null
-generate_appcast \
-  --ed-key-file "$PRIVATE_KEY_FILE" \
-  --download-url-prefix "$DOWNLOAD_URL_PREFIX" \
-  --embed-release-notes \
-  --link "$FEED_URL" \
-  "$WORK_DIR"
-popd >/dev/null
-
-if [[ -n "$SPARKLE_CHANNEL" ]]; then
-  python3 - "$WORK_DIR/appcast.xml" "$VERSION" "$SPARKLE_CHANNEL" <<'PY'
-import re
-import sys
-
-path, version, channel = sys.argv[1], sys.argv[2], sys.argv[3]
-with open(path, "r", encoding="utf-8") as handle:
-    lines = handle.read().splitlines()
-
-target = f"<sparkle:shortVersionString>{version}</sparkle:shortVersionString>"
-try:
-    index = next(i for i, line in enumerate(lines) if target in line)
-except StopIteration as exc:
-    raise SystemExit(f"Could not find {target} in {path}") from exc
-
-for j in range(index, -1, -1):
-    if "<item" in lines[j]:
-        line = lines[j]
-        if "sparkle:channel" in line:
-            line = re.sub(r'sparkle:channel="[^"]*"', f'sparkle:channel="{channel}"', line)
-        else:
-            line = line.replace("<item", f'<item sparkle:channel="{channel}"', 1)
-        lines[j] = line
-        break
-else:
-    raise SystemExit(f"Could not find <item> for version {version} in {path}")
-
-with open(path, "w", encoding="utf-8") as handle:
-    handle.write("\n".join(lines) + "\n")
-PY
-  echo "Tagged ${VERSION} with sparkle:channel=\"${SPARKLE_CHANNEL}\""
-fi
-
-cp "$WORK_DIR/appcast.xml" "$ROOT/appcast.xml"
-
-echo "Appcast generated (appcast.xml). Upload alongside $ZIP at $FEED_URL"
+SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+exec "$SCRIPT_DIR/mac-release" make-appcast "$@"
diff --git a/Scripts/regenerate-codex-parser-hash.sh b/Scripts/regenerate-codex-parser-hash.sh
new file mode 100755
index 000000000..91e4863e7
--- /dev/null
+++ b/Scripts/regenerate-codex-parser-hash.sh
@@ -0,0 +1,83 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+SOURCE_DIR="${ROOT_DIR}/Sources/CodexBarCore/Vendored/CostUsage"
+OUTPUT_FILE="${ROOT_DIR}/Sources/CodexBarCore/Generated/CodexParserHash.generated.swift"
+MODE="${1:-write}"
+
+case "$MODE" in
+  write | --write)
+    CHECK_ONLY=0
+    ;;
+  check | --check)
+    CHECK_ONLY=1
+    ;;
+  *)
+    echo "Usage: $0 [write|--write|check|--check]" >&2
+    exit 2
+    ;;
+esac
+
+if command -v shasum >/dev/null 2>&1; then
+  HASH_CMD=(shasum -a 256)
+elif command -v sha256sum >/dev/null 2>&1; then
+  HASH_CMD=(sha256sum)
+else
+  echo "error: shasum or sha256sum is required" >&2
+  exit 1
+fi
+
+FILE_LIST="$(mktemp)"
+trap 'rm -f "$FILE_LIST"' EXIT
+
+find "$SOURCE_DIR" \
+  -type f \
+  -name '*.swift' \
+  ! -name '*Claude*' \
+  -print |
+  sed "s#^${ROOT_DIR}/##" |
+  LC_ALL=C sort >"$FILE_LIST"
+
+HASH="$(
+  while IFS= read -r file; do
+    printf '== %s ==\n' "$file"
+    cat "${ROOT_DIR}/${file}"
+    printf '\n'
+  done <"$FILE_LIST" | "${HASH_CMD[@]}"
+)"
+HASH="${HASH%% *}"
+SHORT_HASH="${HASH:0:16}"
+
+render_generated() {
+  cat <<SWIFT
+// Generated by Scripts/regenerate-codex-parser-hash.sh. Do not edit by hand.
+
+enum CodexParserHash {
+    static let value = "$SHORT_HASH"
+}
+SWIFT
+}
+
+if [[ "$CHECK_ONLY" -eq 1 ]]; then
+  EXPECTED_FILE="$(mktemp)"
+  trap 'rm -f "$FILE_LIST" "$EXPECTED_FILE"' EXIT
+  render_generated >"$EXPECTED_FILE"
+  if ! cmp -s "$EXPECTED_FILE" "$OUTPUT_FILE"; then
+    echo "error: ${OUTPUT_FILE#${ROOT_DIR}/} is stale. Run Scripts/regenerate-codex-parser-hash.sh and commit the result." >&2
+    if [[ -f "$OUTPUT_FILE" ]]; then
+      diff -u "$OUTPUT_FILE" "$EXPECTED_FILE" >&2 || true
+    else
+      diff -u /dev/null "$EXPECTED_FILE" >&2 || true
+    fi
+    exit 1
+  fi
+  echo "Codex parser hash is current (${SHORT_HASH})"
+  exit 0
+fi
+
+mkdir -p "$(dirname "$OUTPUT_FILE")"
+render_generated >"$OUTPUT_FILE"
+
+echo "Updated ${OUTPUT_FILE#${ROOT_DIR}/} to ${SHORT_HASH}"
diff --git a/Scripts/release.sh b/Scripts/release.sh
index eda66bdc0..4a95fbe49 100755
--- a/Scripts/release.sh
+++ b/Scripts/release.sh
@@ -1,68 +1,4 @@
 #!/usr/bin/env bash
 set -euo pipefail
-
-ROOT=$(cd "$(dirname "$0")/.." && pwd)
-cd "$ROOT"
-
-source "$ROOT/version.env"
-source "$HOME/Projects/agent-scripts/release/sparkle_lib.sh"
-
-APPCAST="$ROOT/appcast.xml"
-APP_NAME="CodexBar"
-ARTIFACT_PREFIX="CodexBar-"
-BUNDLE_ID="com.steipete.codexbar"
-TAG="v${MARKETING_VERSION}"
-
-err() { echo "ERROR: $*" >&2; exit 1; }
-
-require_clean_worktree
-ensure_changelog_finalized "$MARKETING_VERSION"
-ensure_appcast_monotonic "$APPCAST" "$MARKETING_VERSION" "$BUILD_NUMBER"
-
-swiftformat Sources Tests >/dev/null
-swiftlint --strict
-swift test
-
-# Note: run this script in the foreground; do not background it so it waits to completion.
-"$ROOT/Scripts/sign-and-notarize.sh"
-
-KEY_FILE=$(clean_key "$SPARKLE_PRIVATE_KEY_FILE")
-trap 'rm -f "$KEY_FILE"' EXIT
-
-probe_sparkle_key "$KEY_FILE"
-
-clear_sparkle_caches "$BUNDLE_ID"
-
-NOTES_FILE=$(mktemp /tmp/codexbar-notes.XXXXXX.md)
-extract_notes_from_changelog "$MARKETING_VERSION" "$NOTES_FILE"
-trap 'rm -f "$KEY_FILE" "$NOTES_FILE"' EXIT
-
-git tag -f "$TAG"
-git push -f origin "$TAG"
-
-gh release create "$TAG" ${APP_NAME}-${MARKETING_VERSION}.zip ${APP_NAME}-${MARKETING_VERSION}.dSYM.zip \
-  --title "${APP_NAME} ${MARKETING_VERSION}" \
-  --notes-file "$NOTES_FILE"
-
-SPARKLE_PRIVATE_KEY_FILE="$KEY_FILE" \
-  "$ROOT/Scripts/make_appcast.sh" \
-  "${APP_NAME}-${MARKETING_VERSION}.zip" \
-  "https://raw.githubusercontent.com/steipete/CodexBar/main/appcast.xml"
-
-verify_appcast_entry "$APPCAST" "$MARKETING_VERSION" "$KEY_FILE"
-
-git add "$APPCAST"
-git commit -m "docs: update appcast for ${MARKETING_VERSION}"
-git push origin main
-
-if [[ "${RUN_SPARKLE_UPDATE_TEST:-0}" == "1" ]]; then
-  PREV_TAG=$(git tag --sort=-v:refname | sed -n '2p')
-  [[ -z "$PREV_TAG" ]] && err "RUN_SPARKLE_UPDATE_TEST=1 set but no previous tag found"
-  "$ROOT/Scripts/test_live_update.sh" "$PREV_TAG" "v${MARKETING_VERSION}"
-fi
-
-check_assets "$TAG" "$ARTIFACT_PREFIX"
-
-git push origin --tags
-
-echo "Release ${MARKETING_VERSION} complete."
+SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+exec "$SCRIPT_DIR/mac-release" release "$@"
diff --git a/Scripts/release_artifacts.sh b/Scripts/release_artifacts.sh
new file mode 100755
index 000000000..bc065c1de
--- /dev/null
+++ b/Scripts/release_artifacts.sh
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+codexbar_release_arch_label() {
+  local raw="${1:-arm64 x86_64}"
+  local normalized
+  local has_arm64=0
+  local has_x86_64=0
+  local arch
+
+  normalized=$(printf "%s" "$raw" | tr ',' ' ')
+  for arch in $normalized; do
+    case "$arch" in
+      arm64) has_arm64=1 ;;
+      x86_64) has_x86_64=1 ;;
+    esac
+  done
+
+  if [[ "$has_arm64" == "1" && "$has_x86_64" == "1" ]]; then
+    printf "macos-universal"
+    return
+  fi
+  if [[ "$has_arm64" == "1" ]]; then
+    printf "macos-arm64"
+    return
+  fi
+  if [[ "$has_x86_64" == "1" ]]; then
+    printf "macos-x86_64"
+    return
+  fi
+
+  printf "macos-%s" "$(printf "%s" "$normalized" | tr ' ' '+')"
+}
+
+codexbar_app_zip_name() {
+  local version=$1
+  local arches="${2:-arm64 x86_64}"
+  printf "CodexBar-%s-%s.zip" "$(codexbar_release_arch_label "$arches")" "$version"
+}
+
+codexbar_dsym_zip_name() {
+  local version=$1
+  local arches="${2:-arm64 x86_64}"
+  printf "CodexBar-%s-%s.dSYM.zip" "$(codexbar_release_arch_label "$arches")" "$version"
+}
diff --git a/Scripts/review_upstream.sh b/Scripts/review_upstream.sh
index cf1f37688..57b634eb6 100755
--- a/Scripts/review_upstream.sh
+++ b/Scripts/review_upstream.sh
@@ -1,8 +1,8 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Create a review branch for upstream changes
 # Usage: ./Scripts/review_upstream.sh [upstream|quotio]
 
-set -e
+set -euo pipefail
 
 UPSTREAM=${1:-upstream}
 DATE=$(date +%Y%m%d)
@@ -21,20 +21,81 @@ if [ "$UPSTREAM" != "upstream" ] && [ "$UPSTREAM" != "quotio" ]; then
     exit 1
 fi
 
-echo -e "${BLUE}==> Creating review branch for $UPSTREAM...${NC}"
-git checkout main
-git checkout -b "$BRANCH_NAME"
+ensure_remote() {
+    local remote=$1
+    local url=$2
+    local origin_url
+
+    if git remote get-url "$remote" >/dev/null 2>&1; then
+        echo "$remote"
+        return 0
+    fi
+
+    if [ "$remote" = "upstream" ] && git remote get-url origin >/dev/null 2>&1; then
+        origin_url=$(git remote get-url origin)
+        case "$origin_url" in
+            https://github.com/steipete/CodexBar|https://github.com/steipete/CodexBar.git|git@github.com:steipete/CodexBar.git)
+                echo -e "${YELLOW}Remote 'upstream' missing; using origin for steipete/CodexBar.${NC}" >&2
+                echo "origin"
+                return 0
+                ;;
+            *)
+                echo -e "${YELLOW}Remote 'upstream' missing; origin is not steipete/CodexBar, adding upstream.${NC}" >&2
+                ;;
+        esac
+    fi
+
+    echo -e "${YELLOW}Adding $remote remote...${NC}" >&2
+    git remote add "$remote" "$url"
+    echo "$remote"
+}
+
+remote_default_branch() {
+    local remote=$1
+    local branch=""
+    local candidate
+
+    branch=$(git symbolic-ref -q --short "refs/remotes/${remote}/HEAD" 2>/dev/null | sed "s#^${remote}/##" || true)
+    if [ -z "$branch" ]; then
+        branch=$(git remote show "$remote" 2>/dev/null | awk '/HEAD branch/ {print $NF; exit}' || true)
+    fi
+    if [ -n "$branch" ] && git rev-parse --verify -q "${remote}/${branch}" >/dev/null; then
+        echo "$branch"
+        return 0
+    fi
+
+    for candidate in main master; do
+        if git rev-parse --verify -q "${remote}/${candidate}" >/dev/null; then
+            echo "$candidate"
+            return 0
+        fi
+    done
+
+    echo -e "${RED}Error: Could not resolve default branch for remote '$remote'.${NC}" >&2
+    exit 1
+}
+
+case "$UPSTREAM" in
+    upstream) REMOTE=$(ensure_remote upstream "https://github.com/steipete/CodexBar.git") ;;
+    quotio) REMOTE=$(ensure_remote quotio "https://github.com/nguyenphutrong/quotio.git") ;;
+esac
 
 echo -e "${BLUE}==> Fetching latest from $UPSTREAM...${NC}"
-git fetch "$UPSTREAM"
+git fetch "$REMOTE" --prune
+REMOTE_BRANCH=$(remote_default_branch "$REMOTE")
+REMOTE_REF="${REMOTE}/${REMOTE_BRANCH}"
+
+echo -e "${BLUE}==> Creating review branch for $UPSTREAM (${REMOTE_REF})...${NC}"
+git switch main
+git switch -c "$BRANCH_NAME"
 
 echo ""
 echo -e "${GREEN}==> Commits to review:${NC}"
-git log --oneline --graph main.."$UPSTREAM"/main | head -30
+git log --oneline --graph "main..${REMOTE_REF}" | head -30 || true
 
 echo ""
 echo -e "${GREEN}==> File changes summary:${NC}"
-git diff --stat main.."$UPSTREAM"/main
+git diff --stat "main..${REMOTE_REF}"
 
 echo ""
 echo -e "${YELLOW}==> Review branch created: $BRANCH_NAME${NC}"
@@ -42,16 +103,16 @@ echo ""
 echo -e "${BLUE}Next steps:${NC}"
 echo ""
 echo "1. Review commits in detail:"
-echo "   ${GREEN}git log -p main..$UPSTREAM/main${NC}"
+echo "   ${GREEN}git log -p main..$REMOTE_REF${NC}"
 echo ""
 echo "2. View specific files:"
-echo "   ${GREEN}git show $UPSTREAM/main:path/to/file${NC}"
+echo "   ${GREEN}git show $REMOTE_REF:path/to/file${NC}"
 echo ""
 echo "3. Cherry-pick specific commits:"
 echo "   ${GREEN}git cherry-pick <commit-hash>${NC}"
 echo ""
 echo "4. Or merge all changes:"
-echo "   ${GREEN}git merge $UPSTREAM/main${NC}"
+echo "   ${GREEN}git merge $REMOTE_REF${NC}"
 echo ""
 echo "5. Test thoroughly:"
 echo "   ${GREEN}./Scripts/compile_and_run.sh${NC}"
@@ -68,10 +129,9 @@ LOG_FILE="upstream-review-${UPSTREAM}-${DATE}.txt"
 echo "=== Upstream Review: $UPSTREAM @ $DATE ===" > "$LOG_FILE"
 echo "" >> "$LOG_FILE"
 echo "Commits:" >> "$LOG_FILE"
-git log --oneline main.."$UPSTREAM"/main >> "$LOG_FILE"
+git log --oneline "main..${REMOTE_REF}" >> "$LOG_FILE"
 echo "" >> "$LOG_FILE"
 echo "File changes:" >> "$LOG_FILE"
-git diff --stat main.."$UPSTREAM"/main >> "$LOG_FILE"
+git diff --stat "main..${REMOTE_REF}" >> "$LOG_FILE"
 
 echo -e "${GREEN}Review log saved to: $LOG_FILE${NC}"
-
diff --git a/Scripts/verify_appcast.sh b/Scripts/verify_appcast.sh
index fc3735d2d..4e0f20037 100755
--- a/Scripts/verify_appcast.sh
+++ b/Scripts/verify_appcast.sh
@@ -1,92 +1,4 @@
 #!/usr/bin/env bash
 set -euo pipefail
-
-# Verifies that the appcast entry for the given version has a valid ed25519 signature
-# and that the enclosure length matches the downloaded archive.
-#
-# Usage: SPARKLE_PRIVATE_KEY_FILE=/path/to/key ./Scripts/verify_appcast.sh [version]
-
-ROOT=$(cd "$(dirname "$0")/.." && pwd)
-VERSION=${1:-$(source "$ROOT/version.env" && echo "$MARKETING_VERSION")}
-APPCAST="${ROOT}/appcast.xml"
-
-if [[ -z "${SPARKLE_PRIVATE_KEY_FILE:-}" ]]; then
-  echo "SPARKLE_PRIVATE_KEY_FILE is required" >&2
-  exit 1
-fi
-if [[ ! -f "$SPARKLE_PRIVATE_KEY_FILE" ]]; then
-  echo "Sparkle key file not found: $SPARKLE_PRIVATE_KEY_FILE" >&2
-  exit 1
-fi
-if [[ ! -f "$APPCAST" ]]; then
-  echo "appcast.xml not found at $APPCAST" >&2
-  exit 1
-fi
-
-# Clean the key file: strip comments/blank lines and require exactly one line of base64.
-function cleaned_key_path() {
-  local tmp key_lines
-  key_lines=$(grep -v '^[[:space:]]*#' "$SPARKLE_PRIVATE_KEY_FILE" | sed '/^[[:space:]]*$/d')
-  if [[ $(printf "%s\n" "$key_lines" | wc -l) -ne 1 ]]; then
-    echo "Sparkle key file must contain exactly one base64 line (no comments/blank lines)." >&2
-    exit 1
-  fi
-  tmp=$(mktemp)
-  printf "%s" "$key_lines" > "$tmp"
-  echo "$tmp"
-}
-
-KEY_FILE=$(cleaned_key_path)
-trap 'rm -f "$KEY_FILE" "$TMP_ZIP"' EXIT
-
-TMP_ZIP=$(mktemp /tmp/codexbar-enclosure.XXXX.zip)
-
-python3 - "$APPCAST" "$VERSION" >"$TMP_ZIP.meta" <<'PY'
-import sys, xml.etree.ElementTree as ET
-
-appcast = sys.argv[1]
-version = sys.argv[2]
-tree = ET.parse(appcast)
-root = tree.getroot()
-ns = {"sparkle": "http://www.andymatuschak.org/xml-namespaces/sparkle"}
-
-entry = None
-for item in root.findall("./channel/item"):
-    sv = item.findtext("sparkle:shortVersionString", default="", namespaces=ns)
-    if sv == version:
-        entry = item
-        break
-
-if entry is None:
-    sys.exit("No appcast entry found for version {}".format(version))
-
-enclosure = entry.find("enclosure")
-url = enclosure.get("url")
-sig = enclosure.get("{http://www.andymatuschak.org/xml-namespaces/sparkle}edSignature")
-length = enclosure.get("length")
-
-if not all([url, sig, length]):
-    sys.exit("Missing url/signature/length in appcast for version {}".format(version))
-
-print(url)
-print(sig)
-print(length)
-PY
-
-readarray -t META <"$TMP_ZIP.meta"
-URL="${META[0]}"
-SIG="${META[1]}"
-LEN_EXPECTED="${META[2]}"
-
-echo "Downloading enclosure: $URL"
-curl -L -o "$TMP_ZIP" "$URL"
-
-LEN_ACTUAL=$(stat -f%z "$TMP_ZIP")
-if [[ "$LEN_ACTUAL" != "$LEN_EXPECTED" ]]; then
-  echo "Length mismatch: expected $LEN_EXPECTED, got $LEN_ACTUAL" >&2
-  exit 1
-fi
-
-echo "Verifying Sparkle signature…"
-sign_update --verify "$TMP_ZIP" "$SIG" --ed-key-file "$KEY_FILE"
-echo "Appcast entry for $VERSION verified (signature and length match)."
+SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+exec "$SCRIPT_DIR/mac-release" verify-appcast "$@"
diff --git a/Sources/CodexBar/AppNotifications.swift b/Sources/CodexBar/AppNotifications.swift
index 6bd3bc55a..56065dfb5 100644
--- a/Sources/CodexBar/AppNotifications.swift
+++ b/Sources/CodexBar/AppNotifications.swift
@@ -19,7 +19,13 @@ final class AppNotifications {
         _ = self.ensureAuthorizationTask()
     }
 
-    func post(idPrefix: String, title: String, body: String, badge: NSNumber? = nil) {
+    func post(
+        idPrefix: String,
+        title: String,
+        body: String,
+        badge: NSNumber? = nil,
+        soundEnabled: Bool = true)
+    {
         guard !Self.isRunningUnderTests else { return }
         let center = self.centerProvider()
         let logger = self.logger
@@ -34,7 +40,7 @@ final class AppNotifications {
             let content = UNMutableNotificationContent()
             content.title = title
             content.body = body
-            content.sound = .default
+            content.sound = soundEnabled ? .default : nil
             content.badge = badge
 
             let request = UNNotificationRequest(
diff --git a/Sources/CodexBar/ClaudeLoginRunner.swift b/Sources/CodexBar/ClaudeLoginRunner.swift
index dc13fd53b..e9f89934f 100644
--- a/Sources/CodexBar/ClaudeLoginRunner.swift
+++ b/Sources/CodexBar/ClaudeLoginRunner.swift
@@ -3,7 +3,7 @@ import Darwin
 import Foundation
 
 struct ClaudeLoginRunner {
-    enum Phase: Sendable {
+    enum Phase {
         case requesting
         case waitingBrowser
     }
diff --git a/Sources/CodexBar/ClickToCopyOverlay.swift b/Sources/CodexBar/ClickToCopyOverlay.swift
new file mode 100644
index 000000000..114602854
--- /dev/null
+++ b/Sources/CodexBar/ClickToCopyOverlay.swift
@@ -0,0 +1,40 @@
+import AppKit
+import SwiftUI
+
+struct ClickToCopyOverlay: NSViewRepresentable {
+    let copyText: String
+
+    func makeNSView(context: Context) -> ClickToCopyView {
+        ClickToCopyView(copyText: self.copyText)
+    }
+
+    func updateNSView(_ nsView: ClickToCopyView, context: Context) {
+        nsView.copyText = self.copyText
+    }
+}
+
+final class ClickToCopyView: NSView {
+    var copyText: String
+
+    init(copyText: String) {
+        self.copyText = copyText
+        super.init(frame: .zero)
+        self.wantsLayer = false
+    }
+
+    @available(*, unavailable)
+    required init?(coder: NSCoder) {
+        fatalError("init(coder:) has not been implemented")
+    }
+
+    override func acceptsFirstMouse(for event: NSEvent?) -> Bool {
+        true
+    }
+
+    override func mouseDown(with event: NSEvent) {
+        _ = event
+        let pb = NSPasteboard.general
+        pb.clearContents()
+        pb.setString(self.copyText, forType: .string)
+    }
+}
diff --git a/Sources/CodexBar/CodexAccountMenuPresentation.swift b/Sources/CodexBar/CodexAccountMenuPresentation.swift
new file mode 100644
index 000000000..5628ee26e
--- /dev/null
+++ b/Sources/CodexBar/CodexAccountMenuPresentation.swift
@@ -0,0 +1,180 @@
+import CodexBarCore
+import Foundation
+
+enum CodexAccountHealth: Equatable {
+    case ok
+    case needsReauth
+    case workspaceDeactivated
+    case missingAuth
+    case unavailable
+
+    var label: String? {
+        switch self {
+        case .ok:
+            nil
+        case .needsReauth:
+            "Needs re-auth"
+        case .workspaceDeactivated:
+            "Workspace deactivated"
+        case .missingAuth:
+            "Missing auth"
+        case .unavailable:
+            "Unavailable"
+        }
+    }
+
+    static func status(for account: CodexVisibleAccount, error: String?) -> CodexAccountHealth {
+        if let error {
+            return self.status(forError: error)
+        }
+        if account.authenticationHealthLabel != nil {
+            return .missingAuth
+        }
+        return .ok
+    }
+
+    static func status(forError error: String) -> CodexAccountHealth {
+        let normalized = error.lowercased()
+        if normalized.contains("deactivated") {
+            return .workspaceDeactivated
+        }
+        if normalized.contains("expired") ||
+            normalized.contains("revoked") ||
+            normalized.contains("unauthorized") ||
+            normalized.contains("401")
+        {
+            return .needsReauth
+        }
+        if normalized.contains("missing"), normalized.contains("auth") {
+            return .missingAuth
+        }
+        return .unavailable
+    }
+}
+
+enum CodexAccountPresentationOrdering {
+    static func orderedAccounts(
+        _ accounts: [CodexVisibleAccount],
+        snapshots: [CodexAccountUsageSnapshot],
+        activeVisibleAccountID: String?)
+        -> [CodexVisibleAccount]
+    {
+        guard accounts.count > 1 else { return accounts }
+        let snapshotByID = Dictionary(uniqueKeysWithValues: snapshots.map { ($0.id, $0) })
+        let rankedAccounts = accounts.enumerated().map { index, account in
+            RankedAccount(
+                account: account,
+                rank: Rank(
+                    account: account,
+                    snapshot: snapshotByID[account.id],
+                    activeVisibleAccountID: activeVisibleAccountID,
+                    originalIndex: index))
+        }
+        let grouped = Dictionary(grouping: rankedAccounts, by: { Self.workspaceSortKey(for: $0.account) })
+        return grouped.values.sorted { lhs, rhs in
+            (lhs.map(\.rank).min() ?? .last) < (rhs.map(\.rank).min() ?? .last)
+        }.flatMap { group in
+            group.sorted { lhs, rhs in lhs.rank < rhs.rank }.map(\.account)
+        }
+    }
+
+    private struct RankedAccount {
+        let account: CodexVisibleAccount
+        let rank: Rank
+    }
+
+    private struct Rank: Comparable {
+        static let last = Rank(bucket: Int.max, availabilityScore: -.greatestFiniteMagnitude, originalIndex: Int.max)
+
+        let bucket: Int
+        let availabilityScore: Double
+        let displaySort: String
+        let originalIndex: Int
+
+        private init(bucket: Int, availabilityScore: Double, originalIndex: Int) {
+            self.bucket = bucket
+            self.availabilityScore = availabilityScore
+            self.displaySort = ""
+            self.originalIndex = originalIndex
+        }
+
+        init(
+            account: CodexVisibleAccount,
+            snapshot: CodexAccountUsageSnapshot?,
+            activeVisibleAccountID: String?,
+            originalIndex: Int)
+        {
+            self.originalIndex = originalIndex
+            self.displaySort = account.menuDisplayName.lowercased()
+
+            if account.id == activeVisibleAccountID {
+                self.bucket = 0
+            } else {
+                let health = CodexAccountHealth.status(for: account, error: snapshot?.error)
+                if health != .ok {
+                    self.bucket = health == .missingAuth ? 4 : 3
+                } else if let availability = Self.availability(snapshot?.snapshot), availability <= 0 {
+                    self.bucket = 2
+                } else {
+                    self.bucket = 1
+                }
+            }
+            self.availabilityScore = Self.availability(snapshot?.snapshot) ?? -1
+        }
+
+        static func < (lhs: Rank, rhs: Rank) -> Bool {
+            if lhs.bucket != rhs.bucket { return lhs.bucket < rhs.bucket }
+            if lhs.availabilityScore != rhs.availabilityScore {
+                return lhs.availabilityScore > rhs.availabilityScore
+            }
+            if lhs.displaySort != rhs.displaySort { return lhs.displaySort < rhs.displaySort }
+            return lhs.originalIndex < rhs.originalIndex
+        }
+
+        private static func availability(_ snapshot: UsageSnapshot?) -> Double? {
+            guard let snapshot else { return nil }
+            let session = snapshot.primary?.remainingPercent
+            let weekly = snapshot.secondary?.remainingPercent
+            return switch (session, weekly) {
+            case let (.some(session), .some(weekly)):
+                min(session, weekly)
+            case let (.some(session), .none):
+                session
+            case let (.none, .some(weekly)):
+                weekly
+            case (.none, .none):
+                nil
+            }
+        }
+    }
+
+    private static func workspaceSortKey(for account: CodexVisibleAccount) -> String {
+        if let workspaceAccountID = account.workspaceAccountID, !workspaceAccountID.isEmpty {
+            return workspaceAccountID.lowercased()
+        }
+        return account.menuWorkspaceLabel?.lowercased() ?? "personal"
+    }
+}
+
+struct CodexAccountWorkspaceSection: Equatable {
+    let title: String
+    let accounts: [CodexVisibleAccount]
+}
+
+extension [CodexVisibleAccount] {
+    func codexWorkspaceSections() -> [CodexAccountWorkspaceSection] {
+        guard !self.isEmpty else { return [] }
+        var sections: [CodexAccountWorkspaceSection] = []
+        for account in self {
+            let title = account.menuWorkspaceLabel ?? "Personal"
+            if let index = sections.firstIndex(where: { $0.title == title }) {
+                var accounts = sections[index].accounts
+                accounts.append(account)
+                sections[index] = CodexAccountWorkspaceSection(title: title, accounts: accounts)
+            } else {
+                sections.append(CodexAccountWorkspaceSection(title: title, accounts: [account]))
+            }
+        }
+        return sections
+    }
+}
diff --git a/Sources/CodexBar/CodexAccountPromotionCoordinator.swift b/Sources/CodexBar/CodexAccountPromotionCoordinator.swift
new file mode 100644
index 000000000..c22699bef
--- /dev/null
+++ b/Sources/CodexBar/CodexAccountPromotionCoordinator.swift
@@ -0,0 +1,114 @@
+import Foundation
+import Observation
+
+struct CodexSystemAccountPromotionUserFacingError: Error, Equatable {
+    let title: String
+    let message: String
+}
+
+@MainActor
+@Observable
+final class CodexAccountPromotionCoordinator {
+    let service: CodexAccountPromotionService
+    weak var managedAccountCoordinator: ManagedCodexAccountCoordinator?
+    private(set) var isAuthenticatingLiveAccount = false
+    private(set) var isPromotingSystemAccount = false
+    private(set) var userFacingError: CodexSystemAccountPromotionUserFacingError?
+
+    init(
+        service: CodexAccountPromotionService,
+        managedAccountCoordinator: ManagedCodexAccountCoordinator? = nil)
+    {
+        self.service = service
+        self.managedAccountCoordinator = managedAccountCoordinator
+    }
+
+    convenience init(
+        settingsStore: SettingsStore,
+        usageStore: UsageStore,
+        managedAccountCoordinator: ManagedCodexAccountCoordinator? = nil)
+    {
+        self.init(
+            service: CodexAccountPromotionService(settingsStore: settingsStore, usageStore: usageStore),
+            managedAccountCoordinator: managedAccountCoordinator)
+    }
+
+    func promote(managedAccountID: UUID)
+        async -> Result<CodexAccountPromotionResult, CodexSystemAccountPromotionUserFacingError>
+    {
+        self.userFacingError = nil
+
+        guard !self.isInteractionBlocked() else {
+            let error = Self.interactionBlockedError()
+            self.userFacingError = error
+            return .failure(error)
+        }
+
+        self.isPromotingSystemAccount = true
+        defer { self.isPromotingSystemAccount = false }
+
+        do {
+            let result = try await self.service.promoteManagedAccount(id: managedAccountID)
+            return .success(result)
+        } catch {
+            let mapped = Self.mapUserFacingError(error)
+            self.userFacingError = mapped
+            return .failure(mapped)
+        }
+    }
+
+    func clearError() {
+        self.userFacingError = nil
+    }
+
+    func setLiveReauthenticationInProgress(_ isInProgress: Bool) {
+        self.isAuthenticatingLiveAccount = isInProgress
+    }
+
+    func isInteractionBlocked() -> Bool {
+        self.isPromotingSystemAccount ||
+            self.isAuthenticatingLiveAccount ||
+            self.managedAccountCoordinator?.hasConflictingManagedAccountOperationInFlight == true
+    }
+
+    private static func interactionBlockedError() -> CodexSystemAccountPromotionUserFacingError {
+        CodexSystemAccountPromotionUserFacingError(
+            title: L("Could not switch system account"),
+            message: L("Finish the current managed account change before switching the system account."))
+    }
+
+    static func mapUserFacingError(_ error: Error) -> CodexSystemAccountPromotionUserFacingError {
+        let title = L("Could not switch system account")
+
+        if let error = error as? CodexAccountPromotionError {
+            let message = switch error {
+            case .targetManagedAccountNotFound:
+                L("That account is no longer available in CodexBar. Refresh the account list and try again.")
+            case .targetManagedAccountAuthMissing:
+                L("CodexBar could not find saved auth for that account. Re-authenticate it and try again.")
+            case .targetManagedAccountAuthUnreadable:
+                L("CodexBar could not read saved auth for that account. Re-authenticate it and try again.")
+            case .liveAccountUnreadable:
+                L("CodexBar could not read the current system account on this Mac.")
+            case .liveAccountMissingIdentityForPreservation:
+                L("CodexBar could not safely preserve the current system account before switching.")
+            case .liveAccountAPIKeyOnlyUnsupported:
+                L("CodexBar can't replace a system account that is signed in with an API key only setup.")
+            case .displacedLiveManagedAccountConflict:
+                L(
+                    "CodexBar found another managed account that already uses the current system account. " +
+                        "Resolve the duplicate account before switching.")
+            case .displacedLiveImportFailed:
+                L("CodexBar could not save the current system account before switching.")
+            case .managedStoreCommitFailed:
+                L("CodexBar could not update managed account storage.")
+            case .liveAuthSwapFailed:
+                L("CodexBar could not replace the live Codex auth on this Mac.")
+            }
+
+            return CodexSystemAccountPromotionUserFacingError(title: title, message: message)
+        }
+
+        return CodexSystemAccountPromotionUserFacingError(title: title, message: error.localizedDescription)
+    }
+}
diff --git a/Sources/CodexBar/CodexAccountPromotionExecution.swift b/Sources/CodexBar/CodexAccountPromotionExecution.swift
new file mode 100644
index 000000000..7ca58658f
--- /dev/null
+++ b/Sources/CodexBar/CodexAccountPromotionExecution.swift
@@ -0,0 +1,277 @@
+import CodexBarCore
+import Foundation
+
+private struct CodexPreparedImportedAccount {
+    let account: ManagedCodexAccount
+    let homeURL: URL
+}
+
+struct CodexDisplacedLivePreservationExecutionResult: Equatable {
+    let displacedLiveDisposition: CodexAccountPromotionResult.DisplacedLiveDisposition
+}
+
+@MainActor
+struct CodexDisplacedLivePreservationExecutor {
+    private let store: any ManagedCodexAccountStoring
+    private let homeFactory: any ManagedCodexHomeProducing
+    private let fileManager: FileManager
+
+    init(
+        store: any ManagedCodexAccountStoring,
+        homeFactory: any ManagedCodexHomeProducing,
+        fileManager: FileManager = .default)
+    {
+        self.store = store
+        self.homeFactory = homeFactory
+        self.fileManager = fileManager
+    }
+
+    func execute(
+        plan: CodexDisplacedLivePreservationPlan,
+        context: PreparedPromotionContext) throws
+        -> CodexDisplacedLivePreservationExecutionResult
+    {
+        /*
+         Safety contract:
+         - This executor never swaps live auth. The caller must do that only after success.
+         - Import cleanup is best-effort and leaves no orphaned managed home on failure.
+         - Refresh/repair may copy auth before store commit, matching current behavior.
+         */
+        switch plan {
+        case .none:
+            return CodexDisplacedLivePreservationExecutionResult(displacedLiveDisposition: .none)
+
+        case let .reject(reason):
+            throw self.error(for: reason)
+
+        case .importNew:
+            let importedAccount = try self.importDisplacedLiveAccount(from: context)
+            return try self.commitImportedAccount(importedAccount)
+
+        case let .refreshExisting(destination, _),
+             let .repairExisting(destination, _):
+            guard destination.persisted.id != context.target.persisted.id else {
+                throw CodexAccountPromotionError.managedStoreCommitFailed
+            }
+
+            let refreshed = try self.refreshExistingManagedAccount(destination, from: context)
+            return CodexDisplacedLivePreservationExecutionResult(
+                displacedLiveDisposition: .alreadyManaged(managedAccountID: refreshed.id))
+        }
+    }
+
+    private func error(for reason: CodexDisplacedLivePreservationRejectReason) -> CodexAccountPromotionError {
+        switch reason {
+        case .liveUnreadable:
+            .liveAccountUnreadable
+        case .liveAPIKeyOnlyUnsupported:
+            .liveAccountAPIKeyOnlyUnsupported
+        case .liveIdentityMissingForPreservation:
+            .liveAccountMissingIdentityForPreservation
+        case .conflictingReadableManagedHome:
+            .displacedLiveManagedAccountConflict
+        }
+    }
+
+    private func importDisplacedLiveAccount(
+        from context: PreparedPromotionContext) throws
+        -> CodexPreparedImportedAccount
+    {
+        guard case let .readable(liveAuthMaterial) = context.live.homeState else {
+            throw CodexAccountPromotionError.displacedLiveImportFailed
+        }
+
+        let importedHomeURL = self.homeFactory.makeHomeURL()
+        let importedAccountID = Self.accountID(for: importedHomeURL)
+
+        do {
+            try self.fileManager.createDirectory(at: importedHomeURL, withIntermediateDirectories: true)
+            try self.writeManagedAuthData(liveAuthMaterial.rawData, to: importedHomeURL)
+
+            guard let liveAuthIdentity = context.live.authIdentity,
+                  let email = liveAuthIdentity.email,
+                  liveAuthIdentity.identity != .unresolved
+            else {
+                throw CodexAccountPromotionError.liveAccountMissingIdentityForPreservation
+            }
+
+            let now = Date().timeIntervalSince1970
+            return CodexPreparedImportedAccount(
+                account: ManagedCodexAccount(
+                    id: importedAccountID,
+                    email: email,
+                    providerAccountID: liveAuthIdentity.providerAccountID,
+                    workspaceLabel: liveAuthIdentity.workspaceLabel,
+                    workspaceAccountID: liveAuthIdentity.workspaceAccountID,
+                    authFingerprint: CodexAuthFingerprint.fingerprint(data: liveAuthMaterial.rawData),
+                    managedHomePath: importedHomeURL.path,
+                    createdAt: now,
+                    updatedAt: now,
+                    lastAuthenticatedAt: now),
+                homeURL: importedHomeURL)
+        } catch let error as CodexAccountPromotionError {
+            try? self.removeManagedHomeIfSafe(importedHomeURL)
+            throw error
+        } catch {
+            try? self.removeManagedHomeIfSafe(importedHomeURL)
+            throw CodexAccountPromotionError.displacedLiveImportFailed
+        }
+    }
+
+    private func commitImportedAccount(_ importedAccount: CodexPreparedImportedAccount) throws
+        -> CodexDisplacedLivePreservationExecutionResult
+    {
+        do {
+            let latestManagedAccounts = try self.store.loadAccounts()
+            try self.store.storeAccounts(ManagedCodexAccountSet(
+                version: latestManagedAccounts.version,
+                accounts: latestManagedAccounts.accounts + [importedAccount.account]))
+            return try self.resolveImportedAccountAfterCommit(importedAccount)
+        } catch let error as CodexAccountPromotionError {
+            try? self.removeManagedHomeIfSafe(importedAccount.homeURL)
+            throw error
+        } catch {
+            try? self.removeManagedHomeIfSafe(importedAccount.homeURL)
+            throw CodexAccountPromotionError.managedStoreCommitFailed
+        }
+    }
+
+    private func resolveImportedAccountAfterCommit(_ importedAccount: CodexPreparedImportedAccount) throws
+        -> CodexDisplacedLivePreservationExecutionResult
+    {
+        let persistedManagedAccounts = try self.store.loadAccounts()
+        if persistedManagedAccounts.account(id: importedAccount.account.id) != nil {
+            return CodexDisplacedLivePreservationExecutionResult(
+                displacedLiveDisposition: .imported(managedAccountID: importedAccount.account.id))
+        }
+
+        guard let existingManagedAccount = self.repairDestination(
+            in: persistedManagedAccounts,
+            for: importedAccount.account)
+        else {
+            throw CodexAccountPromotionError.managedStoreCommitFailed
+        }
+
+        let repairedManagedAccount = ManagedCodexAccount(
+            id: existingManagedAccount.id,
+            email: importedAccount.account.email,
+            providerAccountID: importedAccount.account.providerAccountID,
+            workspaceLabel: importedAccount.account.workspaceLabel,
+            workspaceAccountID: importedAccount.account.workspaceAccountID,
+            authFingerprint: importedAccount.account.authFingerprint,
+            managedHomePath: importedAccount.homeURL.path,
+            createdAt: existingManagedAccount.createdAt,
+            updatedAt: importedAccount.account.updatedAt,
+            lastAuthenticatedAt: importedAccount.account.lastAuthenticatedAt)
+        try self.store.storeAccounts(ManagedCodexAccountSet(
+            version: persistedManagedAccounts.version,
+            accounts: persistedManagedAccounts.accounts.map { account in
+                guard account.id == existingManagedAccount.id else { return account }
+                return repairedManagedAccount
+            }))
+        if existingManagedAccount.managedHomePath != importedAccount.homeURL.path {
+            try? self.removeManagedHomeIfSafe(
+                URL(fileURLWithPath: existingManagedAccount.managedHomePath, isDirectory: true))
+        }
+
+        return CodexDisplacedLivePreservationExecutionResult(
+            displacedLiveDisposition: .alreadyManaged(managedAccountID: existingManagedAccount.id))
+    }
+
+    private func repairDestination(
+        in persistedManagedAccounts: ManagedCodexAccountSet,
+        for importedAccount: ManagedCodexAccount) -> ManagedCodexAccount?
+    {
+        if let providerAccountID = importedAccount.providerAccountID {
+            return persistedManagedAccounts.account(
+                email: importedAccount.email,
+                providerAccountID: providerAccountID)
+        }
+
+        let normalizedEmail = importedAccount.email
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            .lowercased()
+        return persistedManagedAccounts.accounts.first {
+            $0.email == normalizedEmail && $0.providerAccountID == nil
+        }
+    }
+
+    private func refreshExistingManagedAccount(
+        _ destination: PreparedStoredManagedAccount,
+        from context: PreparedPromotionContext) throws
+        -> ManagedCodexAccount
+    {
+        guard case let .readable(liveAuthMaterial) = context.live.homeState else {
+            throw CodexAccountPromotionError.managedStoreCommitFailed
+        }
+        guard let liveAuthIdentity = context.live.authIdentity else {
+            throw CodexAccountPromotionError.liveAccountMissingIdentityForPreservation
+        }
+
+        do {
+            let latestManagedAccounts = try self.store.loadAccounts()
+            guard let persistedManagedAccount = latestManagedAccounts.account(id: destination.persisted.id) else {
+                throw CodexAccountPromotionError.managedStoreCommitFailed
+            }
+
+            let email = liveAuthIdentity.email
+                ?? (liveAuthIdentity.providerAccountID != nil ? persistedManagedAccount.email : nil)
+            guard let email, liveAuthIdentity.identity != .unresolved else {
+                throw CodexAccountPromotionError.liveAccountMissingIdentityForPreservation
+            }
+
+            let now = Date().timeIntervalSince1970
+            let refreshedManagedAccount = ManagedCodexAccount(
+                id: persistedManagedAccount.id,
+                email: email,
+                providerAccountID: liveAuthIdentity.providerAccountID ?? persistedManagedAccount.providerAccountID,
+                workspaceLabel: liveAuthIdentity.workspaceLabel ?? persistedManagedAccount.workspaceLabel,
+                workspaceAccountID: liveAuthIdentity.workspaceAccountID ?? persistedManagedAccount.workspaceAccountID,
+                authFingerprint: CodexAuthFingerprint.fingerprint(data: liveAuthMaterial.rawData),
+                managedHomePath: persistedManagedAccount.managedHomePath,
+                createdAt: persistedManagedAccount.createdAt,
+                updatedAt: now,
+                lastAuthenticatedAt: now)
+
+            let refreshedHomeURL = URL(fileURLWithPath: persistedManagedAccount.managedHomePath, isDirectory: true)
+            do {
+                try self.homeFactory.validateManagedHomeForDeletion(refreshedHomeURL)
+            } catch {
+                throw CodexAccountPromotionError.displacedLiveImportFailed
+            }
+
+            try self.fileManager.createDirectory(at: refreshedHomeURL, withIntermediateDirectories: true)
+            try self.writeManagedAuthData(liveAuthMaterial.rawData, to: refreshedHomeURL)
+            try self.store.storeAccounts(ManagedCodexAccountSet(
+                version: latestManagedAccounts.version,
+                accounts: latestManagedAccounts.accounts.map { account in
+                    guard account.id == persistedManagedAccount.id else { return account }
+                    return refreshedManagedAccount
+                }))
+            return refreshedManagedAccount
+        } catch let error as CodexAccountPromotionError {
+            throw error
+        } catch {
+            throw CodexAccountPromotionError.managedStoreCommitFailed
+        }
+    }
+
+    private func writeManagedAuthData(_ data: Data, to homeURL: URL) throws {
+        let authFileURL = CodexAccountPromotionService.authFileURL(for: homeURL)
+        try data.write(to: authFileURL, options: .atomic)
+        try self.fileManager.setAttributes(
+            [.posixPermissions: NSNumber(value: Int16(0o600))],
+            ofItemAtPath: authFileURL.path)
+    }
+
+    private func removeManagedHomeIfSafe(_ homeURL: URL) throws {
+        try self.homeFactory.validateManagedHomeForDeletion(homeURL)
+        if self.fileManager.fileExists(atPath: homeURL.path) {
+            try self.fileManager.removeItem(at: homeURL)
+        }
+    }
+
+    private static func accountID(for homeURL: URL) -> UUID {
+        UUID(uuidString: homeURL.lastPathComponent) ?? UUID()
+    }
+}
diff --git a/Sources/CodexBar/CodexAccountPromotionPlanning.swift b/Sources/CodexBar/CodexAccountPromotionPlanning.swift
new file mode 100644
index 000000000..8fd94ea83
--- /dev/null
+++ b/Sources/CodexBar/CodexAccountPromotionPlanning.swift
@@ -0,0 +1,190 @@
+import CodexBarCore
+import Foundation
+
+enum CodexDisplacedLivePreservationNoneReason: Equatable {
+    case liveMissing
+    case targetMatchesLiveAuthIdentity
+}
+
+enum CodexDisplacedLivePreservationRejectReason: Equatable {
+    case liveUnreadable
+    case liveAPIKeyOnlyUnsupported
+    case liveIdentityMissingForPreservation
+    case conflictingReadableManagedHome
+}
+
+enum CodexDisplacedLivePreservationImportReason: Equatable {
+    case noExistingManagedDestination
+}
+
+enum CodexDisplacedLivePreservationRefreshReason: Equatable {
+    case readableHomeIdentityMatch
+    case readableHomeIdentityMatchUsingPersistedEmailFallback
+}
+
+enum CodexDisplacedLivePreservationRepairReason: Equatable {
+    case persistedProviderMatchWithMissingHome
+    case persistedProviderMatchWithUnreadableHome
+    case persistedLegacyEmailMatch
+}
+
+enum CodexDisplacedLivePreservationPlan {
+    case none(reason: CodexDisplacedLivePreservationNoneReason)
+    case reject(reason: CodexDisplacedLivePreservationRejectReason)
+    case importNew(reason: CodexDisplacedLivePreservationImportReason)
+    case refreshExisting(
+        destination: PreparedStoredManagedAccount,
+        reason: CodexDisplacedLivePreservationRefreshReason)
+    case repairExisting(
+        destination: PreparedStoredManagedAccount,
+        reason: CodexDisplacedLivePreservationRepairReason)
+}
+
+struct CodexDisplacedLivePreservationPlanner {
+    func makePlan(context: PreparedPromotionContext) -> CodexDisplacedLivePreservationPlan {
+        switch context.live.homeState {
+        case .missing:
+            return .none(reason: .liveMissing)
+        case .unreadable:
+            return .reject(reason: .liveUnreadable)
+        case .apiKeyOnly:
+            return .reject(reason: .liveAPIKeyOnlyUnsupported)
+        case .readable:
+            break
+        }
+
+        guard let liveAuthIdentity = context.live.authIdentity else {
+            return .reject(reason: .liveIdentityMissingForPreservation)
+        }
+
+        if let targetAuthIdentity = context.target.authIdentity,
+           CodexIdentityMatcher.matches(
+               targetAuthIdentity.identity,
+               lhsEmail: targetAuthIdentity.email,
+               liveAuthIdentity.identity,
+               rhsEmail: liveAuthIdentity.email)
+        {
+            return .none(reason: .targetMatchesLiveAuthIdentity)
+        }
+
+        let candidates = context.storedManagedAccounts.filter { $0.persisted.id != context.target.persisted.id }
+        if let destination = self.findReadableHomeMatch(in: candidates, liveAuthIdentity: liveAuthIdentity) {
+            let reason: CodexDisplacedLivePreservationRefreshReason =
+                if liveAuthIdentity.email == nil {
+                    .readableHomeIdentityMatchUsingPersistedEmailFallback
+                } else {
+                    .readableHomeIdentityMatch
+                }
+            return .refreshExisting(destination: destination, reason: reason)
+        }
+
+        if self.hasConflictingReadableHome(in: candidates, liveAuthIdentity: liveAuthIdentity) {
+            return .reject(reason: .conflictingReadableManagedHome)
+        }
+
+        if let repaired = self.findPersistedRepairMatch(in: candidates, liveAuthIdentity: liveAuthIdentity) {
+            return .repairExisting(destination: repaired.destination, reason: repaired.reason)
+        }
+
+        guard liveAuthIdentity.identity != .unresolved, liveAuthIdentity.email != nil else {
+            return .reject(reason: .liveIdentityMissingForPreservation)
+        }
+
+        return .importNew(reason: .noExistingManagedDestination)
+    }
+
+    private func findReadableHomeMatch(
+        in candidates: [PreparedStoredManagedAccount],
+        liveAuthIdentity: PreparedIdentity)
+        -> PreparedStoredManagedAccount?
+    {
+        candidates.first { candidate in
+            guard let candidateAuthIdentity = candidate.authIdentity else { return false }
+            return CodexIdentityMatcher.matches(
+                candidateAuthIdentity.identity,
+                lhsEmail: candidateAuthIdentity.email,
+                liveAuthIdentity.identity,
+                rhsEmail: liveAuthIdentity.email)
+        }
+    }
+
+    private func findPersistedRepairMatch(
+        in candidates: [PreparedStoredManagedAccount],
+        liveAuthIdentity: PreparedIdentity)
+        -> (destination: PreparedStoredManagedAccount, reason: CodexDisplacedLivePreservationRepairReason)?
+    {
+        switch liveAuthIdentity.identity {
+        case let .providerAccount(id):
+            let providerAccountID = ManagedCodexAccount.normalizeProviderAccountID(id)
+            if let destination = candidates.first(where: {
+                guard $0.persisted.providerAccountID == providerAccountID else { return false }
+                guard let liveEmail = liveAuthIdentity.email else { return true }
+                return $0.persisted.email == liveEmail
+            }),
+                let reason = self.providerRepairReason(for: destination)
+            {
+                return (destination, reason)
+            }
+
+            if let liveEmail = liveAuthIdentity.email,
+               let destination = candidates.first(where: {
+                   $0.persisted.providerAccountID == nil && $0.persisted.email == liveEmail
+               })
+            {
+                return (destination, .persistedLegacyEmailMatch)
+            }
+
+            return nil
+
+        case let .emailOnly(normalizedEmail):
+            guard let destination = candidates.first(where: {
+                $0.persisted.providerAccountID == nil && $0.persisted.email == normalizedEmail
+            }) else {
+                return nil
+            }
+            return (destination, .persistedLegacyEmailMatch)
+
+        case .unresolved:
+            return nil
+        }
+    }
+
+    private func hasConflictingReadableHome(
+        in candidates: [PreparedStoredManagedAccount],
+        liveAuthIdentity: PreparedIdentity)
+        -> Bool
+    {
+        guard case let .providerAccount(id) = liveAuthIdentity.identity else {
+            return false
+        }
+
+        let providerAccountID = ManagedCodexAccount.normalizeProviderAccountID(id)
+        return candidates.contains { candidate in
+            guard candidate.persisted.providerAccountID == providerAccountID else { return false }
+            if let liveEmail = liveAuthIdentity.email, candidate.persisted.email != liveEmail {
+                return false
+            }
+            guard case .readable = candidate.homeState else { return false }
+            guard let candidateAuthIdentity = candidate.authIdentity else { return false }
+            return !CodexIdentityMatcher.matches(
+                candidateAuthIdentity.identity,
+                lhsEmail: candidateAuthIdentity.email,
+                liveAuthIdentity.identity,
+                rhsEmail: liveAuthIdentity.email)
+        }
+    }
+
+    private func providerRepairReason(
+        for destination: PreparedStoredManagedAccount)
+        -> CodexDisplacedLivePreservationRepairReason?
+    {
+        switch destination.homeState {
+        case .missing:
+            .persistedProviderMatchWithMissingHome
+        case .unreadable:
+            .persistedProviderMatchWithUnreadableHome
+        case .readable:
+            nil
+        }
+    }
+}
diff --git a/Sources/CodexBar/CodexAccountPromotionPreparation.swift b/Sources/CodexBar/CodexAccountPromotionPreparation.swift
new file mode 100644
index 000000000..bb686a5c1
--- /dev/null
+++ b/Sources/CodexBar/CodexAccountPromotionPreparation.swift
@@ -0,0 +1,346 @@
+import CodexBarCore
+import Foundation
+
+struct PreparedIdentity: Equatable {
+    let email: String?
+    let identity: CodexIdentity
+    let providerAccountID: String?
+    let workspaceLabel: String?
+    let workspaceAccountID: String?
+}
+
+struct PreparedAuthMaterial {
+    let homeURL: URL
+    let rawData: Data
+    let credentials: CodexOAuthCredentials
+    let runtimeAccount: CodexAuthBackedAccount
+    let authIdentity: PreparedIdentity
+}
+
+enum PreparedManagedHomeState {
+    case readable(PreparedAuthMaterial)
+    case missing(homeURL: URL)
+    case unreadable(homeURL: URL)
+}
+
+struct PreparedStoredManagedAccount {
+    let persisted: ManagedCodexAccount
+    let persistedIdentity: PreparedIdentity
+    let homeState: PreparedManagedHomeState
+
+    var authIdentity: PreparedIdentity? {
+        switch self.homeState {
+        case let .readable(authMaterial):
+            authMaterial.authIdentity
+        case .missing, .unreadable:
+            nil
+        }
+    }
+}
+
+enum PreparedLiveHomeState {
+    case missing(homeURL: URL)
+    case unreadable(homeURL: URL)
+    case apiKeyOnly(PreparedAuthMaterial)
+    case readable(PreparedAuthMaterial)
+}
+
+struct PreparedLiveAccount {
+    let homeState: PreparedLiveHomeState
+
+    var homeURL: URL {
+        switch self.homeState {
+        case let .missing(homeURL), let .unreadable(homeURL):
+            homeURL
+        case let .apiKeyOnly(authMaterial), let .readable(authMaterial):
+            authMaterial.homeURL
+        }
+    }
+
+    var authIdentity: PreparedIdentity? {
+        switch self.homeState {
+        case let .apiKeyOnly(authMaterial), let .readable(authMaterial):
+            authMaterial.authIdentity
+        case .missing, .unreadable:
+            nil
+        }
+    }
+}
+
+struct PreparedPromotionContext {
+    let snapshot: CodexAccountReconciliationSnapshot
+    let managedAccounts: ManagedCodexAccountSet
+    let storedManagedAccounts: [PreparedStoredManagedAccount]
+    let target: PreparedStoredManagedAccount
+    let live: PreparedLiveAccount
+}
+
+@MainActor
+struct PreparedPromotionContextBuilder {
+    private let store: any ManagedCodexAccountStoring
+    private let workspaceResolver: any ManagedCodexWorkspaceResolving
+    private let snapshotLoader: any CodexAccountReconciliationSnapshotLoading
+    private let authMaterialReader: any CodexAuthMaterialReading
+    private let baseEnvironment: [String: String]
+    private let fileManager: FileManager
+
+    init(
+        store: any ManagedCodexAccountStoring,
+        workspaceResolver: any ManagedCodexWorkspaceResolving,
+        snapshotLoader: any CodexAccountReconciliationSnapshotLoading,
+        authMaterialReader: any CodexAuthMaterialReading,
+        baseEnvironment: [String: String] = ProcessInfo.processInfo.environment,
+        fileManager: FileManager = .default)
+    {
+        self.store = store
+        self.workspaceResolver = workspaceResolver
+        self.snapshotLoader = snapshotLoader
+        self.authMaterialReader = authMaterialReader
+        self.baseEnvironment = baseEnvironment
+        self.fileManager = fileManager
+    }
+
+    func build(targetID: UUID) async throws -> PreparedPromotionContext {
+        let snapshot = self.snapshotLoader.loadSnapshot()
+        let managedAccounts = try self.store.loadAccounts()
+        var preparedAccounts: [PreparedStoredManagedAccount] = []
+        preparedAccounts.reserveCapacity(managedAccounts.accounts.count)
+        for account in managedAccounts.accounts {
+            let preparedAccount = try await self.prepareStoredManagedAccount(account)
+            preparedAccounts.append(preparedAccount)
+        }
+
+        guard let target = preparedAccounts.first(where: { $0.persisted.id == targetID }) else {
+            throw CodexAccountPromotionError.targetManagedAccountNotFound
+        }
+
+        let live = await self.prepareLiveAccount()
+        return PreparedPromotionContext(
+            snapshot: snapshot,
+            managedAccounts: managedAccounts,
+            storedManagedAccounts: preparedAccounts,
+            target: target,
+            live: live)
+    }
+
+    private func prepareStoredManagedAccount(
+        _ account: ManagedCodexAccount) async throws
+        -> PreparedStoredManagedAccount
+    {
+        let homeURL = URL(fileURLWithPath: account.managedHomePath, isDirectory: true)
+        let persistedIdentity = Self.persistedIdentity(from: account)
+        let homeState = await self.prepareManagedHomeState(homeURL: homeURL)
+
+        return PreparedStoredManagedAccount(
+            persisted: account,
+            persistedIdentity: persistedIdentity,
+            homeState: homeState)
+    }
+
+    private func prepareManagedHomeState(homeURL: URL) async -> PreparedManagedHomeState {
+        let readResult = self.readAuthData(homeURL: homeURL)
+        switch readResult {
+        case .missing:
+            return .missing(homeURL: homeURL)
+        case .unreadable:
+            return .unreadable(homeURL: homeURL)
+        case let .readable(rawData):
+            guard let authMaterial = await self.inspectAuthMaterial(homeURL: homeURL, rawData: rawData) else {
+                return .unreadable(homeURL: homeURL)
+            }
+            return .readable(authMaterial)
+        }
+    }
+
+    private func prepareLiveAccount() async -> PreparedLiveAccount {
+        let liveHomeURL = self.liveHomeURL()
+        let readResult = self.readAuthData(homeURL: liveHomeURL)
+        switch readResult {
+        case .missing:
+            return PreparedLiveAccount(homeState: .missing(homeURL: liveHomeURL))
+        case .unreadable:
+            return PreparedLiveAccount(homeState: .unreadable(homeURL: liveHomeURL))
+        case let .readable(rawData):
+            guard let authMaterial = await self.inspectAuthMaterial(homeURL: liveHomeURL, rawData: rawData) else {
+                return PreparedLiveAccount(homeState: .unreadable(homeURL: liveHomeURL))
+            }
+            if Self.isAPIKeyOnly(credentials: authMaterial.credentials, rawData: authMaterial.rawData) {
+                return PreparedLiveAccount(homeState: .apiKeyOnly(authMaterial))
+            }
+            return PreparedLiveAccount(homeState: .readable(authMaterial))
+        }
+    }
+
+    private func inspectAuthMaterial(homeURL: URL, rawData: Data) async -> PreparedAuthMaterial? {
+        guard let credentials = try? CodexOAuthCredentialsStore.parse(data: rawData),
+              let runtimeAccount = try? Self.runtimeAccount(from: rawData)
+        else {
+            return nil
+        }
+
+        let authIdentity = await self.derivedIdentity(
+            homePath: homeURL.path,
+            runtimeAccount: runtimeAccount)
+
+        return PreparedAuthMaterial(
+            homeURL: homeURL,
+            rawData: rawData,
+            credentials: credentials,
+            runtimeAccount: runtimeAccount,
+            authIdentity: authIdentity)
+    }
+
+    private func derivedIdentity(homePath: String, runtimeAccount: CodexAuthBackedAccount) async -> PreparedIdentity {
+        let normalizedEmail = Self.normalizeEmail(runtimeAccount.email)
+        let normalizedIdentity = Self.normalizedIdentity(runtimeAccount.identity, email: normalizedEmail)
+        let providerAccountID: String? = switch normalizedIdentity {
+        case let .providerAccount(id):
+            ManagedCodexAccount.normalizeProviderAccountID(id)
+        case .emailOnly, .unresolved:
+            nil
+        }
+        let workspaceIdentity: CodexOpenAIWorkspaceIdentity? = if let providerAccountID {
+            await self.workspaceResolver.resolveWorkspaceIdentity(
+                homePath: homePath,
+                providerAccountID: providerAccountID)
+        } else {
+            nil
+        }
+
+        return PreparedIdentity(
+            email: normalizedEmail,
+            identity: normalizedIdentity,
+            providerAccountID: providerAccountID,
+            workspaceLabel: workspaceIdentity?.workspaceLabel,
+            workspaceAccountID: workspaceIdentity?.workspaceAccountID ?? providerAccountID)
+    }
+
+    private static func persistedIdentity(from account: ManagedCodexAccount) -> PreparedIdentity {
+        let normalizedEmail = Self.normalizeEmail(account.email)
+        let providerAccountID = ManagedCodexAccount.normalizeProviderAccountID(account.providerAccountID)
+        let identity = Self.normalizedIdentity(
+            CodexIdentityResolver.resolve(accountId: providerAccountID, email: normalizedEmail),
+            email: normalizedEmail)
+
+        return PreparedIdentity(
+            email: normalizedEmail,
+            identity: identity,
+            providerAccountID: providerAccountID,
+            workspaceLabel: account.workspaceLabel,
+            workspaceAccountID: account.workspaceAccountID)
+    }
+
+    private func liveHomeURL() -> URL {
+        CodexHomeScope.ambientHomeURL(env: self.baseEnvironment, fileManager: self.fileManager)
+    }
+
+    private func readAuthData(homeURL: URL) -> PreparedAuthReadState {
+        do {
+            let rawData = try self.authMaterialReader.readAuthData(homeURL: homeURL)
+            guard let rawData else {
+                return .missing
+            }
+            return .readable(rawData)
+        } catch {
+            return .unreadable
+        }
+    }
+
+    private static func runtimeAccount(from rawData: Data) throws -> CodexAuthBackedAccount {
+        guard let json = try JSONSerialization.jsonObject(with: rawData) as? [String: Any] else {
+            throw CodexOAuthCredentialsError.decodeFailed("Invalid JSON")
+        }
+
+        let tokens = json["tokens"] as? [String: Any]
+        let idToken = tokens.flatMap {
+            Self.nonEmptyString(in: $0, snakeCaseKey: "id_token", camelCaseKey: "idToken")
+        }
+        let payload = idToken.flatMap(UsageFetcher.parseJWT)
+        let authDict = payload?["https://api.openai.com/auth"] as? [String: Any]
+        let profileDict = payload?["https://api.openai.com/profile"] as? [String: Any]
+
+        let email = Self.normalizeEmail(
+            (payload?["email"] as? String) ?? (profileDict?["email"] as? String))
+        let plan = Self.normalizedField(
+            (authDict?["chatgpt_plan_type"] as? String) ?? (payload?["chatgpt_plan_type"] as? String))
+        let accountID = ManagedCodexAccount.normalizeProviderAccountID(
+            tokens.flatMap {
+                Self.nonEmptyString(in: $0, snakeCaseKey: "account_id", camelCaseKey: "accountId")
+            }
+                ?? (authDict?["chatgpt_account_id"] as? String)
+                ?? (payload?["chatgpt_account_id"] as? String))
+        let identity = Self.normalizedIdentity(
+            CodexIdentityResolver.resolve(accountId: accountID, email: email),
+            email: email)
+
+        return CodexAuthBackedAccount(identity: identity, email: email, plan: plan)
+    }
+
+    private static func normalizedField(_ value: String?) -> String? {
+        guard let value = value?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+        return value
+    }
+
+    private static func normalizeEmail(_ email: String?) -> String? {
+        CodexIdentityResolver.normalizeEmail(email)
+    }
+
+    private static func normalizedIdentity(_ identity: CodexIdentity, email: String?) -> CodexIdentity {
+        guard let email else { return identity }
+        return CodexIdentityMatcher.normalized(identity, fallbackEmail: email)
+    }
+
+    private static func isAPIKeyOnly(credentials: CodexOAuthCredentials, rawData: Data) -> Bool {
+        guard self.hasUsableOAuthTokens(in: rawData) == false else {
+            return false
+        }
+        return credentials.refreshToken.isEmpty
+            && credentials.idToken == nil
+            && credentials.accountId == nil
+            && credentials.lastRefresh == nil
+    }
+
+    private static func hasUsableOAuthTokens(in rawData: Data) -> Bool {
+        guard let json = try? JSONSerialization.jsonObject(with: rawData) as? [String: Any],
+              let tokens = json["tokens"] as? [String: Any]
+        else {
+            return false
+        }
+        let accessToken = self.nonEmptyString(
+            in: tokens,
+            snakeCaseKey: "access_token",
+            camelCaseKey: "accessToken")
+        let refreshToken = self.nonEmptyString(
+            in: tokens,
+            snakeCaseKey: "refresh_token",
+            camelCaseKey: "refreshToken")
+        return accessToken != nil && refreshToken != nil
+    }
+
+    private static func nonEmptyString(
+        in dictionary: [String: Any],
+        snakeCaseKey: String,
+        camelCaseKey: String)
+        -> String?
+    {
+        if let value = dictionary[snakeCaseKey] as? String,
+           value.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty == false
+        {
+            return value
+        }
+        if let value = dictionary[camelCaseKey] as? String,
+           value.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty == false
+        {
+            return value
+        }
+        return nil
+    }
+}
+
+private enum PreparedAuthReadState {
+    case missing
+    case unreadable
+    case readable(Data)
+}
diff --git a/Sources/CodexBar/CodexAccountPromotionService.swift b/Sources/CodexBar/CodexAccountPromotionService.swift
new file mode 100644
index 000000000..c8bf58969
--- /dev/null
+++ b/Sources/CodexBar/CodexAccountPromotionService.swift
@@ -0,0 +1,311 @@
+import CodexBarCore
+import Darwin
+import Foundation
+
+@MainActor
+protocol CodexAccountReconciliationSnapshotLoading {
+    func loadSnapshot() -> CodexAccountReconciliationSnapshot
+}
+
+protocol CodexAuthMaterialReading: Sendable {
+    func readAuthData(homeURL: URL) throws -> Data?
+}
+
+protocol CodexLiveAuthSwapping: Sendable {
+    func swapLiveAuthData(_ data: Data, liveHomeURL: URL) throws
+}
+
+@MainActor
+protocol CodexActiveSourceWriting {
+    func writeCodexActiveSource(_ source: CodexActiveSource)
+}
+
+@MainActor
+protocol CodexAccountScopedRefreshing {
+    func refreshCodexAccountScopedState(allowDisabled: Bool) async
+}
+
+@MainActor
+struct SettingsStoreCodexAccountReconciliationSnapshotLoader: CodexAccountReconciliationSnapshotLoading {
+    private let settingsStore: SettingsStore
+
+    init(settingsStore: SettingsStore) {
+        self.settingsStore = settingsStore
+    }
+
+    func loadSnapshot() -> CodexAccountReconciliationSnapshot {
+        self.settingsStore.codexAccountReconciliationSnapshot
+    }
+}
+
+struct DefaultCodexAuthMaterialReader: CodexAuthMaterialReading {
+    func readAuthData(homeURL: URL) throws -> Data? {
+        let authFileURL = CodexAccountPromotionService.authFileURL(for: homeURL)
+        guard FileManager.default.fileExists(atPath: authFileURL.path) else {
+            return nil
+        }
+        return try Data(contentsOf: authFileURL)
+    }
+}
+
+struct DefaultCodexLiveAuthSwapper: CodexLiveAuthSwapping {
+    func swapLiveAuthData(_ data: Data, liveHomeURL: URL) throws {
+        try FileManager.default.createDirectory(at: liveHomeURL, withIntermediateDirectories: true)
+
+        let liveAuthURL = CodexAccountPromotionService.authFileURL(for: liveHomeURL)
+        let stagedAuthURL = liveHomeURL.appendingPathComponent(
+            "auth.json.codexbar-staged-\(UUID().uuidString)",
+            isDirectory: false)
+
+        do {
+            try data.write(to: stagedAuthURL)
+            try FileManager.default.setAttributes(
+                [.posixPermissions: NSNumber(value: Int16(0o600))],
+                ofItemAtPath: stagedAuthURL.path)
+            try self.renameItem(at: stagedAuthURL, to: liveAuthURL)
+        } catch {
+            try? FileManager.default.removeItem(at: stagedAuthURL)
+            throw error
+        }
+    }
+
+    private func renameItem(at sourceURL: URL, to destinationURL: URL) throws {
+        let sourcePath = sourceURL.path
+        let destinationPath = destinationURL.path
+
+        let result = sourcePath.withCString { sourceFS in
+            destinationPath.withCString { destinationFS in
+                rename(sourceFS, destinationFS)
+            }
+        }
+
+        guard result == 0 else {
+            throw NSError(
+                domain: NSPOSIXErrorDomain,
+                code: Int(errno),
+                userInfo: [NSFilePathErrorKey: destinationPath])
+        }
+    }
+}
+
+@MainActor
+struct SettingsStoreCodexActiveSourceWriter: CodexActiveSourceWriting {
+    private let settingsStore: SettingsStore
+
+    init(settingsStore: SettingsStore) {
+        self.settingsStore = settingsStore
+    }
+
+    func writeCodexActiveSource(_ source: CodexActiveSource) {
+        self.settingsStore.codexActiveSource = source
+    }
+}
+
+@MainActor
+struct UsageStoreCodexAccountScopedRefresher: CodexAccountScopedRefreshing {
+    private let usageStore: UsageStore
+
+    init(usageStore: UsageStore) {
+        self.usageStore = usageStore
+    }
+
+    func refreshCodexAccountScopedState(allowDisabled: Bool) async {
+        await self.usageStore.refreshCodexAccountScopedState(allowDisabled: allowDisabled)
+    }
+}
+
+struct CodexAccountPromotionResult: Equatable {
+    enum Outcome: Equatable {
+        case promoted
+        case convergedNoOp
+    }
+
+    enum DisplacedLiveDisposition: Equatable {
+        case none
+        case alreadyManaged(managedAccountID: UUID)
+        case imported(managedAccountID: UUID)
+    }
+
+    let targetManagedAccountID: UUID
+    let outcome: Outcome
+    let displacedLiveDisposition: DisplacedLiveDisposition
+    let didMutateLiveAuth: Bool
+    let resultingActiveSource: CodexActiveSource
+}
+
+enum CodexAccountPromotionError: Error, Equatable {
+    case targetManagedAccountNotFound
+    case targetManagedAccountAuthMissing
+    case targetManagedAccountAuthUnreadable
+    case liveAccountUnreadable
+    case liveAccountMissingIdentityForPreservation
+    case liveAccountAPIKeyOnlyUnsupported
+    case displacedLiveManagedAccountConflict
+    case displacedLiveImportFailed
+    case managedStoreCommitFailed
+    case liveAuthSwapFailed
+}
+
+@MainActor
+final class CodexAccountPromotionService {
+    private let store: any ManagedCodexAccountStoring
+    private let homeFactory: any ManagedCodexHomeProducing
+    private let identityReader: any ManagedCodexIdentityReading
+    private let workspaceResolver: any ManagedCodexWorkspaceResolving
+    private let snapshotLoader: any CodexAccountReconciliationSnapshotLoading
+    private let authMaterialReader: any CodexAuthMaterialReading
+    private let liveAuthSwapper: any CodexLiveAuthSwapping
+    private let activeSourceWriter: any CodexActiveSourceWriting
+    private let accountScopedRefresher: any CodexAccountScopedRefreshing
+    private let baseEnvironment: [String: String]
+    private let fileManager: FileManager
+
+    init(
+        store: any ManagedCodexAccountStoring,
+        homeFactory: any ManagedCodexHomeProducing,
+        identityReader: any ManagedCodexIdentityReading,
+        workspaceResolver: any ManagedCodexWorkspaceResolving = DefaultManagedCodexWorkspaceResolver(),
+        snapshotLoader: any CodexAccountReconciliationSnapshotLoading,
+        authMaterialReader: any CodexAuthMaterialReading,
+        liveAuthSwapper: any CodexLiveAuthSwapping,
+        activeSourceWriter: any CodexActiveSourceWriting,
+        accountScopedRefresher: any CodexAccountScopedRefreshing,
+        baseEnvironment: [String: String] = ProcessInfo.processInfo.environment,
+        fileManager: FileManager = .default)
+    {
+        self.store = store
+        self.homeFactory = homeFactory
+        self.identityReader = identityReader
+        self.workspaceResolver = workspaceResolver
+        self.snapshotLoader = snapshotLoader
+        self.authMaterialReader = authMaterialReader
+        self.liveAuthSwapper = liveAuthSwapper
+        self.activeSourceWriter = activeSourceWriter
+        self.accountScopedRefresher = accountScopedRefresher
+        self.baseEnvironment = baseEnvironment
+        self.fileManager = fileManager
+    }
+
+    convenience init(
+        settingsStore: SettingsStore,
+        usageStore: UsageStore,
+        baseEnvironment: [String: String] = ProcessInfo.processInfo.environment,
+        fileManager: FileManager = .default)
+    {
+        self.init(
+            store: FileManagedCodexAccountStore(fileManager: fileManager),
+            homeFactory: ManagedCodexHomeFactory(fileManager: fileManager),
+            identityReader: DefaultManagedCodexIdentityReader(),
+            workspaceResolver: DefaultManagedCodexWorkspaceResolver(),
+            snapshotLoader: SettingsStoreCodexAccountReconciliationSnapshotLoader(settingsStore: settingsStore),
+            authMaterialReader: DefaultCodexAuthMaterialReader(),
+            liveAuthSwapper: DefaultCodexLiveAuthSwapper(),
+            activeSourceWriter: SettingsStoreCodexActiveSourceWriter(settingsStore: settingsStore),
+            accountScopedRefresher: UsageStoreCodexAccountScopedRefresher(usageStore: usageStore),
+            baseEnvironment: baseEnvironment,
+            fileManager: fileManager)
+    }
+
+    func promoteManagedAccount(id: UUID) async throws -> CodexAccountPromotionResult {
+        let contextBuilder = PreparedPromotionContextBuilder(
+            store: self.store,
+            workspaceResolver: self.workspaceResolver,
+            snapshotLoader: self.snapshotLoader,
+            authMaterialReader: self.authMaterialReader,
+            baseEnvironment: self.baseEnvironment,
+            fileManager: self.fileManager)
+        let context = try await contextBuilder.build(targetID: id)
+
+        if let resultingActiveSource = self.convergedActiveSource(for: context) {
+            self.activeSourceWriter.writeCodexActiveSource(resultingActiveSource)
+            await self.accountScopedRefresher.refreshCodexAccountScopedState(allowDisabled: true)
+            return CodexAccountPromotionResult(
+                targetManagedAccountID: id,
+                outcome: .convergedNoOp,
+                displacedLiveDisposition: .none,
+                didMutateLiveAuth: false,
+                resultingActiveSource: resultingActiveSource)
+        }
+
+        let targetAuthMaterial = try self.requiredTargetAuthMaterial(from: context.target)
+        let preservationPlan = CodexDisplacedLivePreservationPlanner().makePlan(context: context)
+        let executionResult = try CodexDisplacedLivePreservationExecutor(
+            store: self.store,
+            homeFactory: self.homeFactory,
+            fileManager: self.fileManager)
+            .execute(plan: preservationPlan, context: context)
+
+        do {
+            try self.liveAuthSwapper.swapLiveAuthData(targetAuthMaterial.rawData, liveHomeURL: context.live.homeURL)
+        } catch {
+            throw CodexAccountPromotionError.liveAuthSwapFailed
+        }
+
+        self.activeSourceWriter.writeCodexActiveSource(.liveSystem)
+        await self.accountScopedRefresher.refreshCodexAccountScopedState(allowDisabled: true)
+
+        return CodexAccountPromotionResult(
+            targetManagedAccountID: id,
+            outcome: .promoted,
+            displacedLiveDisposition: executionResult.displacedLiveDisposition,
+            didMutateLiveAuth: true,
+            resultingActiveSource: .liveSystem)
+    }
+
+    nonisolated static func authFileURL(for homeURL: URL) -> URL {
+        homeURL.appendingPathComponent("auth.json", isDirectory: false)
+    }
+
+    private func convergedActiveSource(for context: PreparedPromotionContext) -> CodexActiveSource? {
+        if let liveAuthIdentity = context.live.authIdentity {
+            let targetIdentity = context.target.authIdentity ?? context.target.persistedIdentity
+            guard CodexIdentityMatcher.matches(
+                targetIdentity.identity,
+                lhsEmail: targetIdentity.email,
+                liveAuthIdentity.identity,
+                rhsEmail: liveAuthIdentity.email)
+            else {
+                return nil
+            }
+
+            if liveAuthIdentity.email != nil {
+                return .liveSystem
+            }
+
+            if liveAuthIdentity.providerAccountID != nil {
+                return .managedAccount(id: context.target.persisted.id)
+            }
+
+            return nil
+        }
+
+        guard let liveSystemAccount = context.snapshot.liveSystemAccount else {
+            return nil
+        }
+
+        guard CodexIdentityMatcher.matches(
+            context.snapshot.runtimeIdentity(for: context.target.persisted),
+            lhsEmail: context.snapshot.runtimeEmail(for: context.target.persisted),
+            context.snapshot.runtimeIdentity(for: liveSystemAccount),
+            rhsEmail: liveSystemAccount.email)
+        else {
+            return nil
+        }
+
+        return .liveSystem
+    }
+
+    private func requiredTargetAuthMaterial(from target: PreparedStoredManagedAccount) throws -> PreparedAuthMaterial {
+        switch target.homeState {
+        case let .readable(authMaterial):
+            guard authMaterial.authIdentity.email != nil else {
+                throw CodexAccountPromotionError.targetManagedAccountAuthUnreadable
+            }
+            return authMaterial
+        case .missing:
+            throw CodexAccountPromotionError.targetManagedAccountAuthMissing
+        case .unreadable:
+            throw CodexAccountPromotionError.targetManagedAccountAuthUnreadable
+        }
+    }
+}
diff --git a/Sources/CodexBar/CodexAccountReconciliation.swift b/Sources/CodexBar/CodexAccountReconciliation.swift
new file mode 100644
index 000000000..aacd921e3
--- /dev/null
+++ b/Sources/CodexBar/CodexAccountReconciliation.swift
@@ -0,0 +1,4 @@
+import CodexBarCore
+
+typealias CodexVisibleAccount = CodexBarCore.CodexVisibleAccount
+typealias CodexVisibleAccountProjection = CodexBarCore.CodexVisibleAccountProjection
diff --git a/Sources/CodexBar/CodexAccountUsageSnapshotStore.swift b/Sources/CodexBar/CodexAccountUsageSnapshotStore.swift
new file mode 100644
index 000000000..207ca5b8a
--- /dev/null
+++ b/Sources/CodexBar/CodexAccountUsageSnapshotStore.swift
@@ -0,0 +1,87 @@
+import CodexBarCore
+import Foundation
+
+protocol CodexAccountUsageSnapshotStoring: Sendable {
+    func load(for accounts: [CodexVisibleAccount]) -> [CodexAccountUsageSnapshot]
+    func store(_ snapshots: [CodexAccountUsageSnapshot])
+}
+
+struct FileCodexAccountUsageSnapshotStore: CodexAccountUsageSnapshotStoring, @unchecked Sendable {
+    private struct Payload: Codable {
+        let version: Int
+        let records: [Record]
+    }
+
+    private struct Record: Codable {
+        let id: String
+        let snapshot: UsageSnapshot?
+        let error: String?
+        let sourceLabel: String?
+    }
+
+    private static let currentVersion = 1
+
+    private let fileURL: URL
+    private let fileManager: FileManager
+
+    init(fileURL: URL = Self.defaultURL(), fileManager: FileManager = .default) {
+        self.fileURL = fileURL
+        self.fileManager = fileManager
+    }
+
+    func load(for accounts: [CodexVisibleAccount]) -> [CodexAccountUsageSnapshot] {
+        guard self.fileManager.fileExists(atPath: self.fileURL.path),
+              let data = try? Data(contentsOf: self.fileURL),
+              let payload = try? JSONDecoder().decode(Payload.self, from: data),
+              payload.version == Self.currentVersion
+        else {
+            return []
+        }
+
+        let accountsByID = Dictionary(uniqueKeysWithValues: accounts.map { ($0.id, $0) })
+        return payload.records.compactMap { record in
+            guard let account = accountsByID[record.id] else { return nil }
+            return CodexAccountUsageSnapshot(
+                account: account,
+                snapshot: record.snapshot,
+                error: record.error,
+                sourceLabel: record.sourceLabel)
+        }
+    }
+
+    func store(_ snapshots: [CodexAccountUsageSnapshot]) {
+        let payload = Payload(
+            version: Self.currentVersion,
+            records: snapshots.map { snapshot in
+                Record(
+                    id: snapshot.id,
+                    snapshot: snapshot.snapshot,
+                    error: snapshot.error,
+                    sourceLabel: snapshot.sourceLabel)
+            })
+        let directory = self.fileURL.deletingLastPathComponent()
+        do {
+            if !self.fileManager.fileExists(atPath: directory.path) {
+                try self.fileManager.createDirectory(at: directory, withIntermediateDirectories: true)
+            }
+            let encoder = JSONEncoder()
+            encoder.outputFormatting = [.prettyPrinted, .sortedKeys]
+            try encoder.encode(payload).write(to: self.fileURL, options: [.atomic])
+            #if os(macOS)
+            try self.fileManager.setAttributes([
+                .posixPermissions: NSNumber(value: Int16(0o600)),
+            ], ofItemAtPath: self.fileURL.path)
+            #endif
+        } catch {
+            // Snapshot hydration is best-effort; never make menu refresh fail because disk cache failed.
+        }
+    }
+
+    static func defaultURL() -> URL {
+        let base = FileManager.default.urls(for: .applicationSupportDirectory, in: .userDomainMask).first
+            ?? FileManager.default.homeDirectoryForCurrentUser
+        return base
+            .appendingPathComponent("CodexBar", isDirectory: true)
+            .appendingPathComponent("codex-account-snapshots.json", isDirectory: false)
+    }
+}
diff --git a/Sources/CodexBar/CodexHistoryOwnership.swift b/Sources/CodexBar/CodexHistoryOwnership.swift
new file mode 100644
index 000000000..e9f613fd0
--- /dev/null
+++ b/Sources/CodexBar/CodexHistoryOwnership.swift
@@ -0,0 +1,139 @@
+import CodexBarCore
+import CryptoKit
+import Foundation
+
+enum CodexHistoryPersistedOwner: Equatable {
+    case canonical(String)
+    case legacyEmailHash(String)
+    case legacyOpaqueScoped(String)
+    case legacyUnscoped
+}
+
+enum CodexHistoryOwnership {
+    private static let providerAccountPrefix = "codex:v1:provider-account:"
+    private static let emailHashPrefix = "codex:v1:email-hash:"
+
+    static func canonicalKey(for identity: CodexIdentity) -> String? {
+        switch identity {
+        case let .providerAccount(id):
+            guard let normalized = Self.normalizeScopedValue(id) else { return nil }
+            return "\(Self.providerAccountPrefix)\(normalized)"
+        case let .emailOnly(normalizedEmail):
+            guard let normalized = CodexIdentityResolver.normalizeEmail(normalizedEmail) else { return nil }
+            return self.canonicalEmailHashKey(for: normalized)
+        case .unresolved:
+            return nil
+        }
+    }
+
+    static func canonicalEmailHashKey(for normalizedEmail: String) -> String {
+        "\(self.emailHashPrefix)\(self.legacyEmailHash(normalizedEmail: normalizedEmail))"
+    }
+
+    static func legacyEmailHash(normalizedEmail: String) -> String {
+        guard let normalized = CodexIdentityResolver.normalizeEmail(normalizedEmail) else { return "" }
+        return self.sha256Hex(normalized)
+    }
+
+    static func classifyPersistedKey(
+        _ rawKey: String?,
+        legacyEmailHash: String? = nil) -> CodexHistoryPersistedOwner
+    {
+        guard let normalizedKey = normalizeScopedValue(rawKey) else {
+            return .legacyUnscoped
+        }
+        if self.isCanonicalKey(normalizedKey) {
+            return .canonical(normalizedKey)
+        }
+        if let legacyEmailHash, normalizedKey == legacyEmailHash {
+            return .legacyEmailHash(normalizedKey)
+        }
+        return .legacyOpaqueScoped(normalizedKey)
+    }
+
+    static func belongsToTargetContinuity(
+        _ owner: CodexHistoryPersistedOwner,
+        targetCanonicalKey: String,
+        canonicalEmailHashKey: String?) -> Bool
+    {
+        switch owner {
+        case let .canonical(key):
+            if key == targetCanonicalKey {
+                return true
+            }
+            guard let canonicalEmailHashKey, self.isCanonicalEmailHashKey(canonicalEmailHashKey) else {
+                return false
+            }
+            return key == canonicalEmailHashKey
+        case .legacyEmailHash:
+            guard let canonicalEmailHashKey, self.isCanonicalEmailHashKey(canonicalEmailHashKey) else {
+                return false
+            }
+            return canonicalEmailHashKey == targetCanonicalKey ||
+                targetCanonicalKey.hasPrefix(self.providerAccountPrefix)
+        case .legacyOpaqueScoped, .legacyUnscoped:
+            return false
+        }
+    }
+
+    static func hasStrictSingleAccountContinuity(
+        scopedRawKeys: [String],
+        targetCanonicalKey: String,
+        canonicalEmailHashKey: String?,
+        legacyEmailHash: String?,
+        hasAdjacentMultiAccountVeto: Bool) -> Bool
+    {
+        guard !hasAdjacentMultiAccountVeto else { return false }
+
+        let normalizedCandidates = Set(scopedRawKeys.compactMap { rawKey in
+            let owner = self.classifyPersistedKey(rawKey, legacyEmailHash: legacyEmailHash)
+            if self.belongsToTargetContinuity(
+                owner,
+                targetCanonicalKey: targetCanonicalKey,
+                canonicalEmailHashKey: canonicalEmailHashKey)
+            {
+                return targetCanonicalKey
+            }
+
+            switch owner {
+            case .legacyUnscoped:
+                return nil
+            case let .legacyOpaqueScoped(key):
+                return "legacy-opaque:\(key)"
+            case let .legacyEmailHash(hash):
+                return "legacy-email-hash:\(hash)"
+            case let .canonical(key):
+                return key
+            }
+        })
+
+        guard normalizedCandidates.count == 1, normalizedCandidates.first == targetCanonicalKey else {
+            return false
+        }
+        return true
+    }
+
+    private static func isCanonicalKey(_ rawKey: String) -> Bool {
+        self.isCanonicalProviderAccountKey(rawKey) || self.isCanonicalEmailHashKey(rawKey)
+    }
+
+    static func isCanonicalProviderAccountKey(_ rawKey: String) -> Bool {
+        rawKey.hasPrefix(self.providerAccountPrefix) && rawKey.count > self.providerAccountPrefix.count
+    }
+
+    private static func isCanonicalEmailHashKey(_ rawKey: String) -> Bool {
+        rawKey.hasPrefix(self.emailHashPrefix) && rawKey.count > self.emailHashPrefix.count
+    }
+
+    private static func normalizeScopedValue(_ value: String?) -> String? {
+        guard let trimmed = value?.trimmingCharacters(in: .whitespacesAndNewlines), !trimmed.isEmpty else {
+            return nil
+        }
+        return trimmed
+    }
+
+    private static func sha256Hex(_ input: String) -> String {
+        let digest = SHA256.hash(data: Data(input.utf8))
+        return digest.map { String(format: "%02x", $0) }.joined()
+    }
+}
diff --git a/Sources/CodexBar/CodexLoginAlertPresentation.swift b/Sources/CodexBar/CodexLoginAlertPresentation.swift
new file mode 100644
index 000000000..30702f153
--- /dev/null
+++ b/Sources/CodexBar/CodexLoginAlertPresentation.swift
@@ -0,0 +1,44 @@
+import Foundation
+
+struct CodexLoginAlertInfo: Equatable {
+    let title: String
+    let message: String
+}
+
+enum CodexLoginAlertPresentation {
+    static func alertInfo(for result: CodexLoginRunner.Result) -> CodexLoginAlertInfo? {
+        switch result.outcome {
+        case .success:
+            return nil
+        case .missingBinary:
+            return CodexLoginAlertInfo(
+                title: L("Codex CLI not found"),
+                message: L("Install the Codex CLI (npm i -g @openai/codex) and try again."))
+        case let .launchFailed(message):
+            return CodexLoginAlertInfo(title: L("Could not start codex login"), message: message)
+        case .timedOut:
+            return CodexLoginAlertInfo(
+                title: L("Codex login timed out"),
+                message: self.trimmedOutput(result.output))
+        case let .failed(status):
+            let statusLine = String(format: L("codex login exited with status %d."), status)
+            let message = self.trimmedOutput(result.output.isEmpty ? statusLine : result.output)
+            return CodexLoginAlertInfo(title: L("Codex login failed"), message: message)
+        }
+    }
+
+    static func managedLoginFailureMessage(for result: CodexLoginRunner.Result) -> String {
+        let baseMessage = L("managed_login_failed")
+        guard let info = self.alertInfo(for: result) else { return baseMessage }
+        return "\(baseMessage)\n\n\(L("codex_login_output"))\n\(info.message)"
+    }
+
+    private static func trimmedOutput(_ text: String) -> String {
+        let trimmed = text.trimmingCharacters(in: .whitespacesAndNewlines)
+        let limit = 600
+        if trimmed.isEmpty { return L("No output captured.") }
+        if trimmed.count <= limit { return trimmed }
+        let idx = trimmed.index(trimmed.startIndex, offsetBy: limit)
+        return "\(trimmed[..<idx])…"
+    }
+}
diff --git a/Sources/CodexBar/CodexLoginRunner.swift b/Sources/CodexBar/CodexLoginRunner.swift
index 8f1f654f2..f6734588e 100644
--- a/Sources/CodexBar/CodexLoginRunner.swift
+++ b/Sources/CodexBar/CodexLoginRunner.swift
@@ -3,8 +3,8 @@ import Darwin
 import Foundation
 
 struct CodexLoginRunner {
-    struct Result {
-        enum Outcome {
+    struct Result: Equatable {
+        enum Outcome: Equatable {
             case success
             case timedOut
             case failed(status: Int32)
@@ -16,13 +16,14 @@ struct CodexLoginRunner {
         let output: String
     }
 
-    static func run(timeout: TimeInterval = 120) async -> Result {
+    static func run(homePath: String? = nil, timeout: TimeInterval = 120) async -> Result {
         await Task(priority: .userInitiated) {
             var env = ProcessInfo.processInfo.environment
             env["PATH"] = PathBuilder.effectivePATH(
                 purposes: [.rpc, .tty, .nodeTooling],
                 env: env,
                 loginPATH: LoginShellPathCache.shared.current)
+            env = CodexHomeScope.scopedEnvironment(base: env, codexHome: homePath)
 
             guard let executable = BinaryLocator.resolveCodexBinary(
                 env: env,
@@ -123,7 +124,7 @@ struct CodexLoginRunner {
         }
         let trimmed = merged.trimmingCharacters(in: .whitespacesAndNewlines)
         let limited = trimmed.prefix(4000)
-        return limited.isEmpty ? "No output captured." : String(limited)
+        return limited.isEmpty ? L("No output captured.") : String(limited)
     }
 
     private static func readToEnd(_ pipe: Pipe, timeout: TimeInterval = 3.0) async -> String {
diff --git a/Sources/CodexBar/CodexOwnershipContext.swift b/Sources/CodexBar/CodexOwnershipContext.swift
new file mode 100644
index 000000000..09326cbfd
--- /dev/null
+++ b/Sources/CodexBar/CodexOwnershipContext.swift
@@ -0,0 +1,98 @@
+import CodexBarCore
+import CryptoKit
+import Foundation
+
+struct CodexOwnershipContext {
+    let canonicalKey: String?
+    let canonicalEmailHashKey: String?
+    let historicalLegacyEmailHash: String?
+    let planUtilizationLegacyEmailHash: String?
+    let currentWeeklyResetAt: Date?
+    let hasAdjacentMultiAccountVeto: Bool
+}
+
+extension UsageStore {
+    func codexOwnershipContext(
+        preferredEmail: String? = nil,
+        snapshot: UsageSnapshot? = nil,
+        includeDashboardFallback: Bool = false) -> CodexOwnershipContext
+    {
+        let resolvedIdentity = self.currentCodexRuntimeIdentity(
+            source: self.settings.codexResolvedActiveSource,
+            preferCurrentSnapshot: true,
+            allowLastKnownLiveFallback: true)
+        let activeSourceEmail = self.codexAccountScopedRefreshEmail(
+            preferCurrentSnapshot: true,
+            allowLastKnownLiveFallback: true)
+        let normalizedEmail = CodexIdentityResolver.normalizeEmail(
+            preferredEmail ??
+                activeSourceEmail ??
+                snapshot?.accountEmail(for: .codex) ??
+                self.snapshots[.codex]?.accountEmail(for: .codex) ??
+                (includeDashboardFallback ? self.codexAccountEmailForOpenAIDashboard() : nil))
+        let canonicalIdentity: CodexIdentity = switch resolvedIdentity {
+        case .unresolved:
+            if let normalizedEmail {
+                .emailOnly(normalizedEmail: normalizedEmail)
+            } else {
+                .unresolved
+            }
+        default:
+            resolvedIdentity
+        }
+        let legacyEmailSource: String? = switch canonicalIdentity {
+        case let .emailOnly(normalizedEmail):
+            normalizedEmail
+        case .providerAccount, .unresolved:
+            normalizedEmail
+        }
+        let attachedDashboardSnapshot = includeDashboardFallback
+            ? self.attachedOpenAIDashboardSnapshot
+            : nil
+        let normalizedDashboardSnapshot = attachedDashboardSnapshot?
+            .toUsageSnapshot(provider: .codex, accountEmail: normalizedEmail)
+        let currentWeeklyResetAt = snapshot?.secondary?.resetsAt
+            ?? self.snapshots[.codex]?.secondary?.resetsAt
+            ?? normalizedDashboardSnapshot?.secondary?.resetsAt
+
+        return CodexOwnershipContext(
+            canonicalKey: CodexHistoryOwnership.canonicalKey(for: canonicalIdentity),
+            canonicalEmailHashKey: normalizedEmail.map { CodexHistoryOwnership.canonicalEmailHashKey(for: $0) },
+            historicalLegacyEmailHash: legacyEmailSource.map {
+                CodexHistoryOwnership.legacyEmailHash(normalizedEmail: $0)
+            },
+            planUtilizationLegacyEmailHash: legacyEmailSource.map {
+                Self.codexLegacyPlanUtilizationEmailHashKey(for: $0)
+            },
+            currentWeeklyResetAt: currentWeeklyResetAt,
+            hasAdjacentMultiAccountVeto: self.codexHasAdjacentMultiAccountVeto())
+    }
+
+    func codexHasAdjacentMultiAccountVeto() -> Bool {
+        let snapshot = self.settings.codexAccountReconciliationSnapshot
+        var distinctAccounts: Set<String> = []
+
+        if let activeManagedAccount = self.settings.activeManagedCodexAccount {
+            distinctAccounts.insert(CodexIdentityMatcher.selectionKey(
+                for: snapshot.runtimeIdentity(for: activeManagedAccount),
+                fallbackEmail: snapshot.runtimeEmail(for: activeManagedAccount)))
+        }
+
+        if let liveSystemAccount = snapshot.liveSystemAccount {
+            distinctAccounts.insert(CodexIdentityMatcher.selectionKey(
+                for: snapshot.runtimeIdentity(for: liveSystemAccount),
+                fallbackEmail: liveSystemAccount.email))
+        }
+
+        return distinctAccounts.count > 1
+    }
+
+    nonisolated static func codexLegacyPlanUtilizationEmailHashKey(for normalizedEmail: String) -> String {
+        self.sha256Hex("\(UsageProvider.codex.rawValue):email:\(normalizedEmail)")
+    }
+
+    nonisolated static func sha256Hex(_ input: String) -> String {
+        let digest = SHA256.hash(data: Data(input.utf8))
+        return digest.map { String(format: "%02x", $0) }.joined()
+    }
+}
diff --git a/Sources/CodexBar/CodexbarApp.swift b/Sources/CodexBar/CodexbarApp.swift
index fca4af153..260abc832 100644
--- a/Sources/CodexBar/CodexbarApp.swift
+++ b/Sources/CodexBar/CodexbarApp.swift
@@ -11,6 +11,8 @@ struct CodexBarApp: App {
     @NSApplicationDelegateAdaptor(AppDelegate.self) private var appDelegate
     @State private var settings: SettingsStore
     @State private var store: UsageStore
+    @State private var managedCodexAccountCoordinator: ManagedCodexAccountCoordinator
+    @State private var codexAccountPromotionCoordinator: CodexAccountPromotionCoordinator
     private let preferencesSelection: PreferencesSelection
     private let account: AccountInfo
 
@@ -41,20 +43,35 @@ struct CodexBarApp: App {
 
         let preferencesSelection = PreferencesSelection()
         let settings = SettingsStore()
+        Self.applyLanguagePreference(from: settings)
+        configureUsageFormatterLocalizationProvider()
+        let managedCodexAccountCoordinator = ManagedCodexAccountCoordinator()
+        managedCodexAccountCoordinator.onManagedAccountsDidChange = {
+            _ = settings.persistResolvedCodexActiveSourceCorrectionIfNeeded()
+        }
+        _ = settings.persistResolvedCodexActiveSourceCorrectionIfNeeded()
         let fetcher = UsageFetcher()
         let browserDetection = BrowserDetection(cacheTTL: BrowserDetection.defaultCacheTTL)
         let account = fetcher.loadAccountInfo()
         let store = UsageStore(fetcher: fetcher, browserDetection: browserDetection, settings: settings)
+        let codexAccountPromotionCoordinator = CodexAccountPromotionCoordinator(
+            settingsStore: settings,
+            usageStore: store,
+            managedAccountCoordinator: managedCodexAccountCoordinator)
         self.preferencesSelection = preferencesSelection
         _settings = State(wrappedValue: settings)
         _store = State(wrappedValue: store)
+        _managedCodexAccountCoordinator = State(wrappedValue: managedCodexAccountCoordinator)
+        _codexAccountPromotionCoordinator = State(wrappedValue: codexAccountPromotionCoordinator)
         self.account = account
         CodexBarLog.setLogLevel(settings.debugLogLevel)
-        self.appDelegate.configure(
+        self.appDelegate.configure(.init(
             store: store,
             settings: settings,
             account: account,
-            selection: preferencesSelection)
+            selection: preferencesSelection,
+            managedCodexAccountCoordinator: managedCodexAccountCoordinator,
+            codexAccountPromotionCoordinator: codexAccountPromotionCoordinator))
     }
 
     @SceneBuilder
@@ -72,7 +89,12 @@ struct CodexBarApp: App {
                 settings: self.settings,
                 store: self.store,
                 updater: self.appDelegate.updaterController,
-                selection: self.preferencesSelection)
+                selection: self.preferencesSelection,
+                managedCodexAccountCoordinator: self.managedCodexAccountCoordinator,
+                codexAccountPromotionCoordinator: self.codexAccountPromotionCoordinator,
+                runProviderLoginFlow: { provider in
+                    await self.appDelegate.runProviderLoginFlow(provider)
+                })
         }
         .defaultSize(width: PreferencesTab.general.preferredWidth, height: PreferencesTab.general.preferredHeight)
         .windowResizability(.contentSize)
@@ -83,6 +105,15 @@ struct CodexBarApp: App {
         NSApp.activate(ignoringOtherApps: true)
         _ = NSApp.sendAction(Selector(("showPreferencesWindow:")), to: nil, from: nil)
     }
+
+    private static func applyLanguagePreference(from settings: SettingsStore) {
+        let language = settings.appLanguage
+        if language.isEmpty {
+            UserDefaults.standard.removeObject(forKey: "AppleLanguages")
+        } else {
+            UserDefaults.standard.set([language], forKey: "AppleLanguages")
+        }
+    }
 }
 
 // MARK: - Updater abstraction
@@ -95,6 +126,7 @@ protocol UpdaterProviding: AnyObject {
     var unavailableReason: String? { get }
     var updateStatus: UpdateStatus { get }
     func checkForUpdates(_ sender: Any?)
+    func installUpdate()
 }
 
 /// No-op updater used for debug builds and non-bundled runs to suppress Sparkle dialogs.
@@ -110,6 +142,7 @@ final class DisabledUpdaterController: UpdaterProviding {
     }
 
     func checkForUpdates(_ sender: Any?) {}
+    func installUpdate() {}
 }
 
 @MainActor
@@ -128,12 +161,25 @@ import Sparkle
 
 @MainActor
 final class SparkleUpdaterController: NSObject, UpdaterProviding, SPUUpdaterDelegate {
+    private final class ImmediateInstallHandler: @unchecked Sendable {
+        private let handler: () -> Void
+
+        init(_ handler: @escaping () -> Void) {
+            self.handler = handler
+        }
+
+        func install() {
+            self.handler()
+        }
+    }
+
     private lazy var controller = SPUStandardUpdaterController(
         startingUpdater: false,
         updaterDelegate: self,
         userDriverDelegate: nil)
     let updateStatus = UpdateStatus()
     let unavailableReason: String? = nil
+    private var immediateInstallHandler: ImmediateInstallHandler?
 
     init(savedAutoUpdate: Bool) {
         super.init()
@@ -161,20 +207,59 @@ final class SparkleUpdaterController: NSObject, UpdaterProviding, SPUUpdaterDele
         self.controller.checkForUpdates(sender)
     }
 
-    nonisolated func updater(_ updater: SPUUpdater, didDownloadUpdate item: SUAppcastItem) {
-        Task { @MainActor in
-            self.updateStatus.isUpdateReady = true
+    func installUpdate() {
+        guard let immediateInstallHandler else {
+            self.controller.checkForUpdates(nil)
+            return
         }
+
+        immediateInstallHandler.install()
+    }
+
+    nonisolated func updater(_ updater: SPUUpdater, didDownloadUpdate item: SUAppcastItem) {
+        _ = updater
+        _ = item
     }
 
     nonisolated func updater(_ updater: SPUUpdater, failedToDownloadUpdate item: SUAppcastItem, error: Error) {
+        _ = updater
+        _ = item
+        _ = error
         Task { @MainActor in
+            self.immediateInstallHandler = nil
             self.updateStatus.isUpdateReady = false
         }
     }
 
     nonisolated func userDidCancelDownload(_ updater: SPUUpdater) {
+        _ = updater
+        Task { @MainActor in
+            self.immediateInstallHandler = nil
+            self.updateStatus.isUpdateReady = false
+        }
+    }
+
+    nonisolated func updater(
+        _ updater: SPUUpdater,
+        willInstallUpdateOnQuit item: SUAppcastItem,
+        immediateInstallationBlock immediateInstallHandler: @escaping () -> Void)
+        -> Bool
+    {
+        _ = updater
+        _ = item
+        let installHandler = ImmediateInstallHandler(immediateInstallHandler)
         Task { @MainActor in
+            self.immediateInstallHandler = installHandler
+            self.updateStatus.isUpdateReady = true
+        }
+        return true
+    }
+
+    nonisolated func updater(_ updater: SPUUpdater, didAbortWithError error: Error) {
+        _ = updater
+        _ = error
+        Task { @MainActor in
+            self.immediateInstallHandler = nil
             self.updateStatus.isUpdateReady = false
         }
     }
@@ -189,10 +274,12 @@ final class SparkleUpdaterController: NSObject, UpdaterProviding, SPUUpdaterDele
         Task { @MainActor in
             switch choice {
             case .install, .skip:
+                self.immediateInstallHandler = nil
                 self.updateStatus.isUpdateReady = false
             case .dismiss:
                 self.updateStatus.isUpdateReady = downloaded
             @unknown default:
+                self.immediateInstallHandler = nil
                 self.updateStatus.isUpdateReady = false
             }
         }
@@ -251,18 +338,37 @@ private func makeUpdaterController() -> UpdaterProviding {
 
 @MainActor
 final class AppDelegate: NSObject, NSApplicationDelegate {
+    struct Dependencies {
+        let store: UsageStore
+        let settings: SettingsStore
+        let account: AccountInfo
+        let selection: PreferencesSelection
+        let managedCodexAccountCoordinator: ManagedCodexAccountCoordinator
+        let codexAccountPromotionCoordinator: CodexAccountPromotionCoordinator
+    }
+
     let updaterController: UpdaterProviding = makeUpdaterController()
+    private let confettiOverlayController = ScreenConfettiOverlayController()
+    private let confettiLogger = CodexBarLog.logger(LogCategories.confetti)
     private var statusController: StatusItemControlling?
     private var store: UsageStore?
     private var settings: SettingsStore?
     private var account: AccountInfo?
     private var preferencesSelection: PreferencesSelection?
+    private var managedCodexAccountCoordinator: ManagedCodexAccountCoordinator?
+    private var codexAccountPromotionCoordinator: CodexAccountPromotionCoordinator?
+    private var hasInstalledWeeklyLimitResetObserver = false
+    var terminateActiveProcessesForAppShutdown: () -> Void = {
+        TTYCommandRunner.terminateActiveProcessesForAppShutdown()
+    }
 
-    func configure(store: UsageStore, settings: SettingsStore, account: AccountInfo, selection: PreferencesSelection) {
-        self.store = store
-        self.settings = settings
-        self.account = account
-        self.preferencesSelection = selection
+    func configure(_ dependencies: Dependencies) {
+        self.store = dependencies.store
+        self.settings = dependencies.settings
+        self.account = dependencies.account
+        self.preferencesSelection = dependencies.selection
+        self.managedCodexAccountCoordinator = dependencies.managedCodexAccountCoordinator
+        self.codexAccountPromotionCoordinator = dependencies.codexAccountPromotionCoordinator
     }
 
     func applicationWillFinishLaunching(_ notification: Notification) {
@@ -277,10 +383,41 @@ final class AppDelegate: NSObject, NSApplicationDelegate {
                 self?.statusController?.openMenuFromShortcut()
             }
         }
+        if !self.hasInstalledWeeklyLimitResetObserver {
+            NotificationCenter.default.addObserver(
+                self,
+                selector: #selector(self.handleWeeklyLimitResetNotification(_:)),
+                name: .codexbarWeeklyLimitReset,
+                object: nil)
+            self.hasInstalledWeeklyLimitResetObserver = true
+        }
     }
 
     func applicationWillTerminate(_ notification: Notification) {
-        TTYCommandRunner.terminateActiveProcessesForAppShutdown()
+        self.statusController?.prepareForAppShutdown()
+        self.confettiOverlayController.dismiss()
+        self.dismissAppKitWindowsForShutdown()
+        self.terminateActiveProcessesForAppShutdown()
+    }
+
+    func runProviderLoginFlow(_ provider: UsageProvider) async {
+        self.ensureStatusController()
+        guard let statusController else { return }
+        await statusController.runLoginFlowFromSettings(provider: provider)
+    }
+
+    @objc private func handleWeeklyLimitResetNotification(_ notification: Notification) {
+        guard let event = notification.object as? WeeklyLimitResetEvent else { return }
+        guard self.settings?.confettiOnWeeklyLimitResetsEnabled == true else { return }
+        let origin = self.statusController?.celebrationOriginPoint(for: event.provider)
+        self.confettiLogger.info(
+            "Triggering confetti",
+            metadata: [
+                "provider": event.provider.rawValue,
+                "accountIdentifier": event.accountIdentifier,
+                "originKnown": origin == nil ? "0" : "1",
+            ])
+        self.confettiOverlayController.play(originInScreen: origin)
     }
 
     /// Use the classic (non-Liquid Glass) app icon on macOS versions before 26.
@@ -308,16 +445,31 @@ final class AppDelegate: NSObject, NSApplicationDelegate {
         Bundle.main.url(forResource: "Icon-classic", withExtension: "icns")
     }
 
+    private func dismissAppKitWindowsForShutdown() {
+        guard let app = NSApp else { return }
+        for window in app.windows {
+            window.orderOut(nil)
+        }
+    }
+
     private func ensureStatusController() {
         if self.statusController != nil { return }
 
-        if let store, let settings, let account, let selection = self.preferencesSelection {
+        if let store,
+           let settings,
+           let account,
+           let selection = self.preferencesSelection,
+           let managedCodexAccountCoordinator,
+           let codexAccountPromotionCoordinator
+        {
             self.statusController = StatusItemController.factory(
                 store,
                 settings,
                 account,
                 self.updaterController,
-                selection)
+                selection,
+                managedCodexAccountCoordinator,
+                codexAccountPromotionCoordinator)
             return
         }
 
@@ -330,11 +482,22 @@ final class AppDelegate: NSObject, NSApplicationDelegate {
         let browserDetection = BrowserDetection(cacheTTL: BrowserDetection.defaultCacheTTL)
         let fallbackAccount = fetcher.loadAccountInfo()
         let fallbackStore = UsageStore(fetcher: fetcher, browserDetection: browserDetection, settings: fallbackSettings)
+        let fallbackManagedCodexAccountCoordinator = ManagedCodexAccountCoordinator()
+        let fallbackCodexAccountPromotionCoordinator = CodexAccountPromotionCoordinator(
+            settingsStore: fallbackSettings,
+            usageStore: fallbackStore,
+            managedAccountCoordinator: fallbackManagedCodexAccountCoordinator)
         self.statusController = StatusItemController.factory(
             fallbackStore,
             fallbackSettings,
             fallbackAccount,
             self.updaterController,
-            PreferencesSelection())
+            PreferencesSelection(),
+            fallbackManagedCodexAccountCoordinator,
+            fallbackCodexAccountPromotionCoordinator)
+    }
+
+    deinit {
+        NotificationCenter.default.removeObserver(self)
     }
 }
diff --git a/Sources/CodexBar/Config/CodexBarConfigMigrator.swift b/Sources/CodexBar/Config/CodexBarConfigMigrator.swift
index a34629766..733e4198e 100644
--- a/Sources/CodexBar/Config/CodexBarConfigMigrator.swift
+++ b/Sources/CodexBar/Config/CodexBarConfigMigrator.swift
@@ -20,6 +20,8 @@ struct CodexBarConfigMigrator {
         let tokenAccountStore: any ProviderTokenAccountStoring
     }
 
+    private static let legacyMigrationCompletedKey = "codexbar.legacySecretsMigrationCompleted"
+
     private struct MigrationState {
         var didUpdate = false
         var sawLegacySecrets = false
@@ -36,24 +38,43 @@ struct CodexBarConfigMigrator {
         var config = (existing ?? CodexBarConfig.makeDefault()).normalized()
         var state = MigrationState()
 
-        if existing == nil {
-            self.applyLegacyOrderAndToggles(userDefaults: userDefaults, config: &config, state: &state)
-        }
-
+        // applyLegacyCookieSources reads only UserDefaults — cheap, runs unconditionally so
+        // newly-added cookie-source keys are picked up on every launch.
         self.applyLegacyCookieSources(userDefaults: userDefaults, config: &config, state: &state)
-        self.migrateLegacySecrets(userDefaults: userDefaults, stores: stores, config: &config, state: &state)
-        self.migrateLegacyAccounts(stores: stores, config: &config, state: &state)
 
+        let migrationCompleted = userDefaults.bool(forKey: Self.legacyMigrationCompletedKey)
+        if !migrationCompleted {
+            // Run once: migrate Keychain/file secrets then clear them. Using a completion flag rather
+            // than `existing == nil` ensures a crash between config-save and clearLegacyStores can
+            // finish cleanup on the next launch without re-doing the (already-saved) data migration.
+            if existing == nil {
+                self.applyLegacyOrderAndToggles(userDefaults: userDefaults, config: &config, state: &state)
+            }
+            self.migrateLegacySecrets(userDefaults: userDefaults, stores: stores, config: &config, state: &state)
+            self.migrateLegacyAccounts(stores: stores, config: &config, state: &state)
+        }
+
+        var didPersistUpdates = true
         if state.didUpdate {
             do {
                 try configStore.save(config)
             } catch {
+                didPersistUpdates = false
                 log.error("Failed to persist config: \(error)")
             }
         }
 
+        guard didPersistUpdates else {
+            return config.normalized()
+        }
+
         if state.sawLegacySecrets || state.sawLegacyAccounts {
-            self.clearLegacyStores(stores: stores, sawAccounts: state.sawLegacyAccounts, log: log)
+            let cleared = self.clearLegacyStores(stores: stores, sawAccounts: state.sawLegacyAccounts, log: log)
+            if cleared {
+                userDefaults.set(true, forKey: Self.legacyMigrationCompletedKey)
+            }
+        } else if !migrationCompleted {
+            userDefaults.set(true, forKey: Self.legacyMigrationCompletedKey)
         }
 
         return config.normalized()
@@ -274,11 +295,13 @@ struct CodexBarConfigMigrator {
         return false
     }
 
+    @discardableResult
     private static func clearLegacyStores(
         stores: LegacyStores,
         sawAccounts: Bool,
-        log: CodexBarLogger)
+        log: CodexBarLogger) -> Bool
     {
+        var success = true
         do {
             try stores.zaiTokenStore.storeToken(nil)
             try stores.syntheticTokenStore.storeToken(nil)
@@ -296,6 +319,7 @@ struct CodexBarConfigMigrator {
             try stores.ampCookieStore.storeCookieHeader(nil)
         } catch {
             log.error("Failed to clear legacy secrets: \(error)")
+            success = false
         }
 
         if sawAccounts {
@@ -304,6 +328,8 @@ struct CodexBarConfigMigrator {
                 try? FileManager.default.removeItem(at: legacyURL)
             }
         }
+
+        return success
     }
 
     private static func applyProviderOrder(_ raw: [String], config: CodexBarConfig) -> CodexBarConfig {
diff --git a/Sources/CodexBar/CostHistoryChartMenuView.swift b/Sources/CodexBar/CostHistoryChartMenuView.swift
index 9c77cf4ef..e1a35e28a 100644
--- a/Sources/CodexBar/CostHistoryChartMenuView.swift
+++ b/Sources/CodexBar/CostHistoryChartMenuView.swift
@@ -11,25 +11,54 @@ struct CostHistoryChartMenuView: View {
         let date: Date
         let costUSD: Double
         let totalTokens: Int?
+        let requestCount: Int?
 
-        init(date: Date, costUSD: Double, totalTokens: Int?) {
+        init(date: Date, costUSD: Double, totalTokens: Int?, requestCount: Int?) {
             self.date = date
             self.costUSD = costUSD
             self.totalTokens = totalTokens
+            self.requestCount = requestCount
             self.id = "\(Int(date.timeIntervalSince1970))-\(costUSD)"
         }
     }
 
+    private struct DetailRow: Identifiable {
+        let id: String
+        let title: String
+        let subtitle: String?
+        let modeSubtitle: String?
+        let accentColor: Color
+    }
+
+    private struct DetailContent {
+        let primary: String
+        let rows: [DetailRow]
+    }
+
     private let provider: UsageProvider
     private let daily: [DailyEntry]
     private let totalCostUSD: Double?
+    private let currencyCode: String
+    private let historyDays: Int
+    private let windowLabel: String?
     private let width: CGFloat
     @State private var selectedDateKey: String?
 
-    init(provider: UsageProvider, daily: [DailyEntry], totalCostUSD: Double?, width: CGFloat) {
+    init(
+        provider: UsageProvider,
+        daily: [DailyEntry],
+        totalCostUSD: Double?,
+        currencyCode: String = "USD",
+        historyDays: Int = 30,
+        windowLabel: String? = nil,
+        width: CGFloat)
+    {
         self.provider = provider
         self.daily = daily
         self.totalCostUSD = totalCostUSD
+        self.currencyCode = currencyCode
+        self.historyDays = max(1, min(365, historyDays))
+        self.windowLabel = windowLabel
         self.width = width
     }
 
@@ -37,23 +66,24 @@ struct CostHistoryChartMenuView: View {
         let model = Self.makeModel(provider: self.provider, daily: self.daily)
         VStack(alignment: .leading, spacing: 10) {
             if model.points.isEmpty {
-                Text("No cost history data.")
+                Text(L("No cost history data."))
                     .font(.footnote)
                     .foregroundStyle(.secondary)
+                    .accessibilityLabel(L("No cost history data."))
             } else {
                 Chart {
                     ForEach(model.points) { point in
                         BarMark(
-                            x: .value("Day", point.date, unit: .day),
-                            y: .value("Cost", point.costUSD))
+                            x: .value(L("Day"), point.date, unit: .day),
+                            y: .value(L("Cost"), point.costUSD))
                             .foregroundStyle(model.barColor)
                     }
                     if let peak = Self.peakPoint(model: model) {
                         let capStart = max(peak.costUSD - Self.capHeight(maxValue: model.maxCostUSD), 0)
                         BarMark(
-                            x: .value("Day", peak.date, unit: .day),
-                            yStart: .value("Cap start", capStart),
-                            yEnd: .value("Cap end", peak.costUSD))
+                            x: .value(L("Day"), peak.date, unit: .day),
+                            yStart: .value(L("Cap start"), capStart),
+                            yEnd: .value(L("Cap end"), peak.costUSD))
                             .foregroundStyle(Color(nsColor: .systemYellow))
                     }
                 }
@@ -69,6 +99,11 @@ struct CostHistoryChartMenuView: View {
                 }
                 .chartLegend(.hidden)
                 .frame(height: 130)
+                .accessibilityLabel(L("Cost history chart"))
+                .accessibilityValue(
+                    model.points.isEmpty
+                        ? L("No data")
+                        : String(format: L("%d days of cost data"), model.points.count))
                 .chartOverlay { proxy in
                     GeometryReader { geo in
                         ZStack(alignment: .topLeading) {
@@ -88,28 +123,73 @@ struct CostHistoryChartMenuView: View {
                     }
                 }
 
-                let detail = self.detailLines(model: model)
-                VStack(alignment: .leading, spacing: 0) {
+                let detail = self.detailContent(model: model)
+                VStack(alignment: .leading, spacing: Self.detailSpacing) {
                     Text(detail.primary)
                         .font(.caption)
                         .foregroundStyle(.secondary)
                         .lineLimit(1)
                         .truncationMode(.tail)
-                        .frame(height: 16, alignment: .leading)
-                    Text(detail.secondary ?? " ")
-                        .font(.caption)
-                        .foregroundStyle(.secondary)
-                        .lineLimit(1)
-                        .truncationMode(.tail)
-                        .frame(height: 16, alignment: .leading)
-                        .opacity(detail.secondary == nil ? 0 : 1)
+                        .frame(height: Self.detailPrimaryLineHeight, alignment: .leading)
+                    ForEach(detail.rows) { row in
+                        HStack(alignment: .top, spacing: 8) {
+                            Rectangle()
+                                .fill(row.accentColor)
+                                .frame(
+                                    width: 2,
+                                    height: Self.accentHeight(for: row))
+                                .padding(.top, 1)
+
+                            VStack(alignment: .leading, spacing: 1) {
+                                Text(row.title)
+                                    .font(.caption)
+                                    .foregroundStyle(.secondary)
+                                    .lineLimit(1)
+                                    .truncationMode(.tail)
+                                    .frame(height: Self.detailTitleLineHeight, alignment: .leading)
+                                if let subtitle = row.subtitle {
+                                    Text(subtitle)
+                                        .font(.caption2)
+                                        .foregroundStyle(Color(nsColor: .tertiaryLabelColor))
+                                        .lineLimit(1)
+                                        .truncationMode(.tail)
+                                        .frame(height: Self.detailSubtitleLineHeight, alignment: .leading)
+                                }
+                                if let modeSubtitle = row.modeSubtitle {
+                                    Text(modeSubtitle)
+                                        .font(.caption2)
+                                        .foregroundStyle(Color(nsColor: .tertiaryLabelColor))
+                                        .lineLimit(1)
+                                        .truncationMode(.tail)
+                                        .frame(height: Self.detailSubtitleLineHeight, alignment: .leading)
+                                }
+                            }
+                        }
+                        .frame(height: Self.detailRowHeight(for: row), alignment: .leading)
+                    }
+                    ForEach(0..<max(model.maxRenderedBreakdownRows - detail.rows.count, 0), id: \.self) { _ in
+                        Text(" ")
+                            .font(.caption)
+                            .frame(height: Self.compactDetailRowHeight, alignment: .leading)
+                            .opacity(0)
+                    }
                 }
+                .frame(
+                    height: Self.detailBlockHeight(
+                        maxBreakdownRows: model.maxRenderedBreakdownRows,
+                        maxRowsHeight: model.maxDetailRowsHeight),
+                    alignment: .topLeading)
             }
 
             if let total = self.totalCostUSD {
-                Text("Total (30d): \(UsageFormatter.usdString(total))")
+                Text(String(
+                    format: L("Est. total (%@): %@"),
+                    self.windowLabel ?? Self.windowLabel(days: self.historyDays),
+                    self.costString(total)))
                     .font(.caption)
                     .foregroundStyle(.secondary)
+                    .lineLimit(1)
+                    .truncationMode(.head)
             }
         }
         .padding(.horizontal, 16)
@@ -126,9 +206,37 @@ struct CostHistoryChartMenuView: View {
         let barColor: Color
         let peakKey: String?
         let maxCostUSD: Double
+        let maxRenderedBreakdownRows: Int
+        let maxDetailRowsHeight: CGFloat
     }
 
     private static let selectionBandColor = Color(nsColor: .labelColor).opacity(0.1)
+    private static let maxVisibleDetailLines = 4
+    private static let detailPrimaryLineHeight: CGFloat = 16
+    private static let detailTitleLineHeight: CGFloat = 16
+    private static let detailSubtitleLineHeight: CGFloat = 13
+    private static let compactDetailRowHeight: CGFloat = 36
+    private static let expandedDetailRowHeight: CGFloat = 44
+    private static let detailSpacing: CGFloat = 6
+
+    static func windowLabel(days: Int) -> String {
+        if days == 1 {
+            return L("Today")
+        }
+        return String(format: L("Last %d days"), days)
+    }
+
+    private static func detailRowHeight(for row: DetailRow) -> CGFloat {
+        self.detailRowHeight(hasModeSubtitle: row.modeSubtitle != nil)
+    }
+
+    private static func detailRowHeight(hasModeSubtitle: Bool) -> CGFloat {
+        hasModeSubtitle ? self.expandedDetailRowHeight : self.compactDetailRowHeight
+    }
+
+    private static func accentHeight(for row: DetailRow) -> CGFloat {
+        row.subtitle == nil && row.modeSubtitle == nil ? 14 : self.detailRowHeight(for: row)
+    }
 
     private static func capHeight(maxValue: Double) -> Double {
         maxValue * 0.05
@@ -150,14 +258,23 @@ struct CostHistoryChartMenuView: View {
 
         var peak: (key: String, costUSD: Double)?
         var maxCostUSD: Double = 0
+        var maxRenderedBreakdownRows = 0
+        var detailRowMetrics: [(count: Int, height: CGFloat)] = []
         for entry in sorted {
-            guard let costUSD = entry.costUSD, costUSD > 0 else { continue }
+            guard let costUSD = entry.costUSD, costUSD >= 0 else { continue }
             guard let date = self.dateFromDayKey(entry.date) else { continue }
-            let point = Point(date: date, costUSD: costUSD, totalTokens: entry.totalTokens)
+            let point = Point(
+                date: date,
+                costUSD: costUSD,
+                totalTokens: entry.totalTokens,
+                requestCount: entry.requestCount)
             points.append(point)
             pointsByKey[entry.date] = point
             entriesByKey[entry.date] = entry
             dateKeys.append((entry.date, date))
+            let rowMetric = Self.renderedBreakdownRowsMetric(for: entry)
+            detailRowMetrics.append(rowMetric)
+            maxRenderedBreakdownRows = max(maxRenderedBreakdownRows, rowMetric.count)
             if let cur = peak {
                 if costUSD > cur.costUSD { peak = (entry.date, costUSD) }
             } else {
@@ -173,6 +290,11 @@ struct CostHistoryChartMenuView: View {
         }()
 
         let barColor = Self.barColor(for: provider)
+        let maxDetailRowsHeight = detailRowMetrics.reduce(CGFloat(0)) { currentMax, metric in
+            let fillerRows = max(maxRenderedBreakdownRows - metric.count, 0)
+            let filledHeight = metric.height + (CGFloat(fillerRows) * Self.compactDetailRowHeight)
+            return max(currentMax, filledHeight)
+        }
         return Model(
             points: points,
             pointsByDateKey: pointsByKey,
@@ -180,8 +302,10 @@ struct CostHistoryChartMenuView: View {
             dateKeys: dateKeys,
             axisDates: axisDates,
             barColor: barColor,
-            peakKey: peak?.key,
-            maxCostUSD: maxCostUSD)
+            peakKey: maxCostUSD > 0 ? peak?.key : nil,
+            maxCostUSD: maxCostUSD,
+            maxRenderedBreakdownRows: maxRenderedBreakdownRows,
+            maxDetailRowsHeight: maxDetailRowsHeight)
     }
 
     private static func barColor(for provider: UsageProvider) -> Color {
@@ -211,6 +335,28 @@ struct CostHistoryChartMenuView: View {
         return model.pointsByDateKey[key]
     }
 
+    private static func renderedBreakdownRowsMetric(for entry: DailyEntry) -> (count: Int, height: CGFloat) {
+        guard let breakdown = entry.modelBreakdowns, !breakdown.isEmpty else { return (0, 0) }
+        let renderedRows = Array(
+            self.sortedBreakdown(breakdown)
+                .prefix(self.maxVisibleDetailLines))
+        let height = renderedRows.reduce(CGFloat(0)) { total, item in
+            total + self.detailRowHeight(hasModeSubtitle: Self.hasModeSubtitle(item))
+        }
+        return (renderedRows.count, height)
+    }
+
+    private static func hasModeSubtitle(_ item: CostUsageDailyReport.ModelBreakdown) -> Bool {
+        item.standardCostUSD != nil || item.priorityCostUSD != nil
+    }
+
+    private static func detailBlockHeight(maxBreakdownRows: Int, maxRowsHeight: CGFloat) -> CGFloat {
+        guard maxBreakdownRows > 0 else { return self.detailPrimaryLineHeight }
+        return self.detailPrimaryLineHeight +
+            maxRowsHeight +
+            (CGFloat(maxBreakdownRows) * self.detailSpacing)
+    }
+
     private func selectionBandRect(model: Model, proxy: ChartProxy, geo: GeometryProxy) -> CGRect? {
         guard let key = self.selectedDateKey else { return nil }
         guard let plotAnchor = proxy.plotFrame else { return nil }
@@ -286,41 +432,94 @@ struct CostHistoryChartMenuView: View {
         return best?.key
     }
 
-    private func detailLines(model: Model) -> (primary: String, secondary: String?) {
+    private func detailContent(model: Model) -> DetailContent {
         guard let key = self.selectedDateKey,
               let point = model.pointsByDateKey[key],
               let date = Self.dateFromDayKey(key)
         else {
-            return ("Hover a bar for details", nil)
+            return DetailContent(primary: L("Hover a bar for details"), rows: [])
         }
 
         let dayLabel = date.formatted(.dateTime.month(.abbreviated).day())
-        let cost = UsageFormatter.usdString(point.costUSD)
+        let cost = self.costString(point.costUSD)
+        var parts = [cost]
         if let tokens = point.totalTokens {
-            let primary = "\(dayLabel): \(cost) · \(UsageFormatter.tokenCountString(tokens)) tokens"
-            let secondary = self.topModelsText(key: key, model: model)
-            return (primary, secondary)
+            parts.append("\(UsageFormatter.tokenCountString(tokens)) tokens")
+        }
+        if let requests = point.requestCount {
+            parts.append("\(UsageFormatter.tokenCountString(requests)) requests")
+        }
+        let primary = "\(dayLabel): \(parts.joined(separator: " · "))"
+        return DetailContent(primary: primary, rows: self.breakdownRows(key: key, model: model))
+    }
+
+    private func breakdownRows(key: String, model: Model) -> [DetailRow] {
+        guard let entry = model.entriesByDateKey[key] else { return [] }
+        guard let breakdown = entry.modelBreakdowns, !breakdown.isEmpty else { return [] }
+
+        return Self.sortedBreakdown(breakdown)
+            .prefix(Self.maxVisibleDetailLines)
+            .enumerated()
+            .map { index, item in
+                DetailRow(
+                    id: "\(item.modelName)-\(index)",
+                    title: UsageFormatter.modelDisplayName(item.modelName),
+                    subtitle: self.modelBreakdownTotalSubtitle(item),
+                    modeSubtitle: self.modelBreakdownModeSubtitle(item),
+                    accentColor: model.barColor.opacity(Self.breakdownAccentOpacity(for: index)))
+            }
+    }
+
+    private static func sortedBreakdown(
+        _ breakdown: [CostUsageDailyReport.ModelBreakdown]) -> [CostUsageDailyReport.ModelBreakdown]
+    {
+        breakdown.sorted { lhs, rhs in
+            let lCost = lhs.costUSD ?? -1
+            let rCost = rhs.costUSD ?? -1
+            if lCost != rCost { return lCost > rCost }
+
+            let lTokens = lhs.totalTokens ?? -1
+            let rTokens = rhs.totalTokens ?? -1
+            if lTokens != rTokens { return lTokens > rTokens }
+
+            return lhs.modelName > rhs.modelName
         }
-        let primary = "\(dayLabel): \(cost)"
-        let secondary = self.topModelsText(key: key, model: model)
-        return (primary, secondary)
     }
 
-    private func topModelsText(key: String, model: Model) -> String? {
-        guard let entry = model.entriesByDateKey[key] else { return nil }
-        guard let breakdown = entry.modelBreakdowns, !breakdown.isEmpty else { return nil }
-        let parts = breakdown
-            .compactMap { item -> (name: String, costUSD: Double)? in
-                guard let costUSD = item.costUSD, costUSD > 0 else { return nil }
-                return (UsageFormatter.modelDisplayName(item.modelName), costUSD)
+    private func modelBreakdownTotalSubtitle(_ item: CostUsageDailyReport.ModelBreakdown) -> String? {
+        UsageFormatter.modelCostDetail(
+            item.modelName,
+            costUSD: item.costUSD,
+            totalTokens: item.totalTokens,
+            currencyCode: self.currencyCode)
+    }
+
+    private func modelBreakdownModeSubtitle(_ item: CostUsageDailyReport.ModelBreakdown) -> String? {
+        var parts: [String] = []
+        if let standardCost = item.standardCostUSD {
+            var standardPart = "Std \(self.costString(standardCost))"
+            if let standardTokens = item.standardTokens {
+                standardPart += " · \(UsageFormatter.tokenCountString(standardTokens))"
             }
-            .sorted { lhs, rhs in
-                if lhs.costUSD == rhs.costUSD { return lhs.name < rhs.name }
-                return lhs.costUSD > rhs.costUSD
+            parts.append(standardPart)
+        }
+        if let priorityCost = item.priorityCostUSD {
+            var priorityPart = "Fast \(self.costString(priorityCost))"
+            if let priorityTokens = item.priorityTokens {
+                priorityPart += " · \(UsageFormatter.tokenCountString(priorityTokens))"
             }
-            .prefix(3)
-            .map { "\($0.name) \(UsageFormatter.usdString($0.costUSD))" }
+            parts.append(priorityPart)
+        }
         guard !parts.isEmpty else { return nil }
-        return "Top: \(parts.joined(separator: " · "))"
+        return parts.joined(separator: " / ")
+    }
+
+    private func costString(_ value: Double) -> String {
+        UsageFormatter.currencyString(value, currencyCode: self.currencyCode)
+    }
+
+    private static func breakdownAccentOpacity(for index: Int) -> Double {
+        let opacity = 0.75 - (Double(index) * 0.12)
+        return max(0.3, opacity)
     }
 }
diff --git a/Sources/CodexBar/CreditsHistoryChartMenuView.swift b/Sources/CodexBar/CreditsHistoryChartMenuView.swift
index 9c5ca0b50..e75521eb9 100644
--- a/Sources/CodexBar/CreditsHistoryChartMenuView.swift
+++ b/Sources/CodexBar/CreditsHistoryChartMenuView.swift
@@ -29,23 +29,24 @@ struct CreditsHistoryChartMenuView: View {
         let model = Self.makeModel(from: self.breakdown)
         VStack(alignment: .leading, spacing: 10) {
             if model.points.isEmpty {
-                Text("No credits history data.")
+                Text(L("No credits history data."))
                     .font(.footnote)
                     .foregroundStyle(.secondary)
+                    .accessibilityLabel(L("No credits history data available."))
             } else {
                 Chart {
                     ForEach(model.points) { point in
                         BarMark(
-                            x: .value("Day", point.date, unit: .day),
-                            y: .value("Credits used", point.creditsUsed))
+                            x: .value(L("Day"), point.date, unit: .day),
+                            y: .value(L("Credits used"), point.creditsUsed))
                             .foregroundStyle(Self.barColor)
                     }
                     if let peak = Self.peakPoint(model: model) {
                         let capStart = max(peak.creditsUsed - Self.capHeight(maxValue: model.maxCreditsUsed), 0)
                         BarMark(
-                            x: .value("Day", peak.date, unit: .day),
-                            yStart: .value("Cap start", capStart),
-                            yEnd: .value("Cap end", peak.creditsUsed))
+                            x: .value(L("Day"), peak.date, unit: .day),
+                            yStart: .value(L("Cap start"), capStart),
+                            yEnd: .value(L("Cap end"), peak.creditsUsed))
                             .foregroundStyle(Color(nsColor: .systemYellow))
                     }
                 }
@@ -61,6 +62,11 @@ struct CreditsHistoryChartMenuView: View {
                 }
                 .chartLegend(.hidden)
                 .frame(height: 130)
+                .accessibilityLabel(L("Credits history chart"))
+                .accessibilityValue(
+                    model.points.isEmpty
+                        ? L("No data")
+                        : String(format: L("%d days of credits data"), model.points.count))
                 .chartOverlay { proxy in
                     GeometryReader { geo in
                         ZStack(alignment: .topLeading) {
@@ -98,7 +104,9 @@ struct CreditsHistoryChartMenuView: View {
                 }
 
                 if let total = model.totalCreditsUsed {
-                    Text("Total (30d): \(total.formatted(.number.precision(.fractionLength(0...2)))) credits")
+                    Text(String(
+                        format: L("Total (30d): %@ credits"),
+                        total.formatted(.number.precision(.fractionLength(0...2)))))
                         .font(.caption)
                         .foregroundStyle(.secondary)
                 }
@@ -299,17 +307,17 @@ struct CreditsHistoryChartMenuView: View {
               let day = model.breakdownByDayKey[key],
               let date = Self.dateFromDayKey(key)
         else {
-            return ("Hover a bar for details", nil)
+            return (L("Hover a bar for details"), nil)
         }
 
         let dayLabel = date.formatted(.dateTime.month(.abbreviated).day())
         let total = day.totalCreditsUsed.formatted(.number.precision(.fractionLength(0...2)))
         if day.services.isEmpty {
-            return ("\(dayLabel): \(total) credits", nil)
+            return (String(format: L("%@: %@ credits"), dayLabel, total), nil)
         }
         if day.services.count <= 1, let first = day.services.first {
             let used = first.creditsUsed.formatted(.number.precision(.fractionLength(0...2)))
-            return ("\(dayLabel): \(used) credits", first.service)
+            return (String(format: L("%@: %@ credits"), dayLabel, used), first.service)
         }
 
         let services = day.services
@@ -321,6 +329,6 @@ struct CreditsHistoryChartMenuView: View {
             .map { "\($0.service) \($0.creditsUsed.formatted(.number.precision(.fractionLength(0...2))))" }
             .joined(separator: " · ")
 
-        return ("\(dayLabel): \(total) credits", services)
+        return (String(format: L("%@: %@ credits"), dayLabel, total), services)
     }
 }
diff --git a/Sources/CodexBar/CursorLoginRunner.swift b/Sources/CodexBar/CursorLoginRunner.swift
index 880722539..4e5dbe9f0 100644
--- a/Sources/CodexBar/CursorLoginRunner.swift
+++ b/Sources/CodexBar/CursorLoginRunner.swift
@@ -1,21 +1,19 @@
 import AppKit
 import CodexBarCore
 import Foundation
-import WebKit
 
-/// Handles Cursor login flow using a WebKit-based browser window.
-/// Captures session cookies after successful authentication.
+/// Opens Cursor in the user's browser and waits until the normal browser-cookie importer can read a session.
 @MainActor
-final class CursorLoginRunner: NSObject {
-    enum Phase: Sendable {
+final class CursorLoginRunner {
+    enum Phase {
         case loading
         case waitingLogin
         case success
         case failed(String)
     }
 
-    struct Result: Sendable {
-        enum Outcome: Sendable {
+    struct Result {
+        enum Outcome {
             case success
             case cancelled
             case failed(String)
@@ -25,198 +23,93 @@ final class CursorLoginRunner: NSObject {
         let email: String?
     }
 
-    private let browserDetection: BrowserDetection
-    private var webView: WKWebView?
-    private var window: NSWindow?
-    private var continuation: CheckedContinuation<Result, Never>?
-    private var phaseCallback: ((Phase) -> Void)?
-    private var hasCompletedLogin = false
-    private let logger = CodexBarLog.logger(LogCategories.cursorLogin)
+    typealias SnapshotLoader = @Sendable () async throws -> CursorStatusSnapshot
+    typealias Sleeper = @Sendable (UInt64) async throws -> Void
+    typealias SessionCacheResetter = @Sendable () async -> Void
 
-    private static let dashboardURL = URL(string: "https://cursor.com/dashboard")!
-    private static let loginURLPattern = "authenticator.cursor.sh"
+    private let loadSnapshot: SnapshotLoader
+    private let openURL: @MainActor (URL) -> Bool
+    private let sleeper: Sleeper
+    private let resetSessionCache: SessionCacheResetter
+    private let timeout: TimeInterval
+    private let pollInterval: TimeInterval
+    private let logger = CodexBarLog.logger(LogCategories.cursorLogin)
 
-    init(browserDetection: BrowserDetection) {
-        self.browserDetection = browserDetection
-        super.init()
+    static let authURL = URL(string: "https://authenticator.cursor.sh/")!
+
+    init(
+        browserDetection: BrowserDetection,
+        timeout: TimeInterval = 120,
+        pollInterval: TimeInterval = 2,
+        openURL: @escaping @MainActor (URL) -> Bool = { NSWorkspace.shared.open($0) },
+        loadSnapshot: SnapshotLoader? = nil,
+        sleeper: @escaping Sleeper = { try await Task.sleep(nanoseconds: $0) },
+        resetSessionCache: @escaping SessionCacheResetter = {
+            CookieHeaderCache.clear(provider: .cursor)
+            CursorSessionStore.shared.clearCookies()
+        })
+    {
+        self.timeout = timeout
+        self.pollInterval = pollInterval
+        self.openURL = openURL
+        self.sleeper = sleeper
+        self.resetSessionCache = resetSessionCache
+        self.loadSnapshot = loadSnapshot ?? {
+            let probe = CursorStatusProbe(browserDetection: browserDetection)
+            return try await probe.fetch(allowCachedSessions: false)
+        }
     }
 
-    /// Runs the Cursor login flow in a browser window.
-    /// Returns the result after the user completes login or cancels.
-    func run(onPhaseChange: @escaping @Sendable (Phase) -> Void) async -> Result {
-        // Keep this instance alive during the flow.
-        WebKitTeardown.retain(self)
-        self.phaseCallback = onPhaseChange
+    func run(onPhaseChange: @escaping @MainActor (Phase) -> Void) async -> Result {
         onPhaseChange(.loading)
         self.logger.info("Cursor login started")
+        await self.resetSessionCache()
 
-        return await withCheckedContinuation { continuation in
-            self.continuation = continuation
-            self.setupWindow()
+        guard self.openURL(Self.authURL) else {
+            let message = L("Could not open Cursor login in your browser.")
+            onPhaseChange(.failed(message))
+            self.logger.error("Cursor login browser launch failed")
+            return Result(outcome: .failed(message), email: nil)
         }
-    }
-
-    private func setupWindow() {
-        // Use a non-persistent store for the login flow; cookies are persisted explicitly.
-        let config = WKWebViewConfiguration()
-        config.websiteDataStore = .nonPersistent()
-
-        let webView = WKWebView(frame: NSRect(x: 0, y: 0, width: 480, height: 640), configuration: config)
-        webView.navigationDelegate = self
-        self.webView = webView
 
-        // Create window
-        let window = NSWindow(
-            contentRect: NSRect(x: 0, y: 0, width: 480, height: 640),
-            styleMask: [.titled, .closable, .resizable],
-            backing: .buffered,
-            defer: false)
-        window.isReleasedWhenClosed = false
-        window.title = "Cursor Login"
-        window.contentView = webView
-        window.center()
-        window.delegate = self
-        window.makeKeyAndOrderFront(nil)
-        self.window = window
-        self.logger.info("Cursor login window opened")
-
-        // Navigate to dashboard (will redirect to login if not authenticated)
-        let request = URLRequest(url: Self.dashboardURL)
-        webView.load(request)
-    }
-
-    private func complete(with result: Result) {
-        guard let continuation = self.continuation else { return }
-        self.continuation = nil
-        self.logger.info("Cursor login completed", metadata: ["outcome": "\(result.outcome)"])
-        self.scheduleCleanup()
-        continuation.resume(returning: result)
-    }
-
-    private func scheduleCleanup() {
-        self.logger.info("Cursor login window closing")
-        WebKitTeardown.scheduleCleanup(owner: self, window: self.window, webView: self.webView)
-    }
+        onPhaseChange(.waitingLogin)
+        let deadline = Date().addingTimeInterval(self.timeout)
+        var lastError: Error?
 
-    private func captureSessionCookies() async {
-        guard let webView = self.webView else { return }
-
-        let dataStore = webView.configuration.websiteDataStore
-        let cookies = await dataStore.httpCookieStore.allCookies()
-
-        // Filter for cursor.com cookies
-        let cursorCookies = cookies.filter { cookie in
-            cookie.domain.contains("cursor.com") || cookie.domain.contains("cursor.sh")
-        }
-
-        guard !cursorCookies.isEmpty else {
-            self.phaseCallback?(.failed("No session cookies found"))
-            self.logger.warning("Cursor login failed: no session cookies found")
-            self.complete(with: Result(outcome: .failed("No session cookies found"), email: nil))
-            return
-        }
-
-        // Save cookies to the session store
-        await CursorSessionStore.shared.setCookies(cursorCookies)
-        self.logger.info("Cursor session cookies captured", metadata: ["count": "\(cursorCookies.count)"])
-
-        // Try to get user email
-        let email = await self.fetchUserEmail()
-
-        self.hasCompletedLogin = true
-        self.phaseCallback?(.success)
-        self.complete(with: Result(outcome: .success, email: email))
-    }
-
-    private func fetchUserEmail() async -> String? {
-        do {
-            let probe = CursorStatusProbe(browserDetection: self.browserDetection)
-            let snapshot = try await probe.fetch()
-            return snapshot.accountEmail
-        } catch {
-            return nil
-        }
-    }
-}
-
-// MARK: - WKNavigationDelegate
-
-extension CursorLoginRunner: WKNavigationDelegate {
-    nonisolated func webView(_ webView: WKWebView, didFinish navigation: WKNavigation!) {
-        Task { @MainActor in
-            guard let url = webView.url else { return }
-
-            let urlString = url.absoluteString
-
-            // Check if on login page
-            if urlString.contains(Self.loginURLPattern) {
-                self.phaseCallback?(.waitingLogin)
-                return
-            }
-
-            // Check if on dashboard (login successful)
-            if urlString.contains("cursor.com/dashboard"), !self.hasCompletedLogin {
-                await self.captureSessionCookies()
+        repeat {
+            if Task.isCancelled {
+                self.logger.info("Cursor login cancelled")
+                return Result(outcome: .cancelled, email: nil)
             }
-        }
-    }
-
-    nonisolated func webView(
-        _ webView: WKWebView,
-        didReceiveServerRedirectForProvisionalNavigation navigation: WKNavigation!)
-    {
-        Task { @MainActor in
-            guard let url = webView.url else { return }
-            let urlString = url.absoluteString
 
-            // Detect redirect to dashboard after login
-            if urlString.contains("cursor.com/dashboard"), !self.hasCompletedLogin {
-                // Wait a moment for cookies to be set, then capture
-                try? await Task.sleep(nanoseconds: 500_000_000)
-                await self.captureSessionCookies()
+            do {
+                let snapshot = try await self.loadSnapshot()
+                onPhaseChange(.success)
+                self.logger.info("Cursor login completed", metadata: ["outcome": "success"])
+                return Result(outcome: .success, email: snapshot.accountEmail)
+            } catch {
+                lastError = error
             }
-        }
-    }
 
-    nonisolated func webView(
-        _ webView: WKWebView,
-        didFail navigation: WKNavigation!,
-        withError error: Error)
-    {
-        Task { @MainActor in
-            self.phaseCallback?(.failed(error.localizedDescription))
-            self.logger.error("Cursor login navigation failed", metadata: ["error": error.localizedDescription])
-            self.complete(with: Result(outcome: .failed(error.localizedDescription), email: nil))
-        }
-    }
+            guard Date() < deadline else { break }
+            let delay = UInt64(max(0.1, self.pollInterval) * 1_000_000_000)
+            try? await self.sleeper(delay)
+        } while true
 
-    nonisolated func webView(
-        _ webView: WKWebView,
-        didFailProvisionalNavigation navigation: WKNavigation!,
-        withError error: Error)
-    {
-        Task { @MainActor in
-            // Ignore cancelled navigations (common during redirects)
-            let nsError = error as NSError
-            if nsError.domain == NSURLErrorDomain, nsError.code == NSURLErrorCancelled {
-                return
-            }
-            self.phaseCallback?(.failed(error.localizedDescription))
-            self.logger.error("Cursor login navigation failed", metadata: ["error": error.localizedDescription])
-            self.complete(with: Result(outcome: .failed(error.localizedDescription), email: nil))
-        }
+        let message = Self.timeoutMessage(lastError: lastError)
+        onPhaseChange(.failed(message))
+        self.logger.warning("Cursor login timed out", metadata: ["error": message])
+        return Result(outcome: .failed(message), email: nil)
     }
-}
 
-// MARK: - NSWindowDelegate
-
-extension CursorLoginRunner: NSWindowDelegate {
-    nonisolated func windowWillClose(_ notification: Notification) {
-        Task { @MainActor in
-            if !self.hasCompletedLogin {
-                self.logger.info("Cursor login cancelled")
-                self.complete(with: Result(outcome: .cancelled, email: nil))
-            }
+    private static func timeoutMessage(lastError: Error?) -> String {
+        let hint = L("Sign in to cursor.com in your browser, then refresh Cursor in CodexBar.")
+        guard let lastError else {
+            return String(format: L("Timed out waiting for Cursor login. %@"), hint)
         }
+        return String(
+            format: L("Timed out waiting for Cursor login. %@ Last error: %@"),
+            hint,
+            lastError.localizedDescription)
     }
 }
diff --git a/Sources/CodexBar/Date+RelativeDescription.swift b/Sources/CodexBar/Date+RelativeDescription.swift
index 7356f9671..434137993 100644
--- a/Sources/CodexBar/Date+RelativeDescription.swift
+++ b/Sources/CodexBar/Date+RelativeDescription.swift
@@ -2,11 +2,12 @@ import Foundation
 
 enum RelativeTimeFormatters {
     @MainActor
-    static let full: RelativeDateTimeFormatter = {
+    static func full(locale: Locale) -> RelativeDateTimeFormatter {
         let formatter = RelativeDateTimeFormatter()
+        formatter.locale = locale
         formatter.unitsStyle = .full
         return formatter
-    }()
+    }
 }
 
 extension Date {
@@ -14,8 +15,9 @@ extension Date {
     func relativeDescription(now: Date = .now) -> String {
         let seconds = abs(now.timeIntervalSince(self))
         if seconds < 15 {
-            return "just now"
+            return L("just now")
         }
-        return RelativeTimeFormatters.full.localizedString(for: self, relativeTo: now)
+        let locale = codexBarLocalizedLocale()
+        return RelativeTimeFormatters.full(locale: locale).localizedString(for: self, relativeTo: now)
     }
 }
diff --git a/Sources/CodexBar/HistoricalUsagePace.swift b/Sources/CodexBar/HistoricalUsagePace.swift
index b018a1831..dc8a0ac5c 100644
--- a/Sources/CodexBar/HistoricalUsagePace.swift
+++ b/Sources/CodexBar/HistoricalUsagePace.swift
@@ -1,16 +1,16 @@
 import CodexBarCore
 import Foundation
 
-enum HistoricalUsageWindowKind: String, Codable, Sendable {
+enum HistoricalUsageWindowKind: String, Codable {
     case secondary
 }
 
-enum HistoricalUsageRecordSource: String, Codable, Sendable {
+enum HistoricalUsageRecordSource: String, Codable {
     case live
     case backfill
 }
 
-struct HistoricalUsageRecord: Codable, Sendable {
+struct HistoricalUsageRecord: Codable {
     let v: Int
     let provider: UsageProvider
     let windowKind: HistoricalUsageWindowKind
@@ -57,13 +57,13 @@ struct HistoricalUsageRecord: Codable, Sendable {
     }
 }
 
-struct HistoricalWeekProfile: Sendable {
+struct HistoricalWeekProfile {
     let resetsAt: Date
     let windowMinutes: Int
     let curve: [Double]
 }
 
-struct CodexHistoricalDataset: Sendable {
+struct CodexHistoricalDataset {
     static let gridPointCount = 169
     let weeks: [HistoricalWeekProfile]
 }
@@ -80,7 +80,7 @@ actor HistoricalUsageHistoryStore {
     private static let backfillCalibrationMinimumCredits = 0.001
     private static let backfillSampleFractions: [Double] = (0...14).map { Double($0) / 14.0 }
     private static let coverageTolerance: TimeInterval = 16 * 60 * 60
-    private static let resetBucketSeconds: TimeInterval = 60
+    private static let resetBucketSeconds: TimeInterval = 5 * 60
 
     private let fileURL: URL
     private var records: [HistoricalUsageRecord] = []
@@ -95,6 +95,20 @@ actor HistoricalUsageHistoryStore {
         return self.buildDataset(accountKey: accountKey)
     }
 
+    func loadCodexDataset(
+        canonicalAccountKey: String?,
+        canonicalEmailHashKey: String?,
+        legacyEmailHash: String?,
+        hasAdjacentMultiAccountVeto: Bool) -> CodexHistoricalDataset?
+    {
+        self.ensureLoaded()
+        return self.buildDataset(
+            canonicalAccountKey: canonicalAccountKey,
+            canonicalEmailHashKey: canonicalEmailHashKey,
+            legacyEmailHash: legacyEmailHash,
+            hasAdjacentMultiAccountVeto: hasAdjacentMultiAccountVeto)
+    }
+
     func recordCodexWeekly(
         window: RateWindow,
         sampledAt: Date = .init(),
@@ -155,7 +169,10 @@ actor HistoricalUsageHistoryStore {
 
         let windowStart = resetsAt.addingTimeInterval(-duration)
         let calibrationEnd = Self.clampDate(now, lower: windowStart, upper: resetsAt)
-        let dayUsages = Self.parseDayUsages(from: breakdown, asOf: calibrationEnd)
+        let dayUsages = Self.parseDayUsages(
+            from: breakdown,
+            asOf: calibrationEnd,
+            fillingFrom: windowStart)
         guard !dayUsages.isEmpty else { return existingDataset }
         guard let coverageStart = dayUsages.first?.start, let coverageEnd = dayUsages.last?.end else {
             return existingDataset
@@ -346,21 +363,54 @@ actor HistoricalUsageHistoryStore {
     }
 
     private func buildDataset(accountKey: String?) -> CodexHistoricalDataset? {
+        let scoped = self.records.filter { record in
+            guard Self.isCodexSecondaryRecord(record) else { return false }
+            if let accountKey {
+                return record.accountKey == accountKey
+            }
+            return record.accountKey == nil
+        }
+        return self.buildDataset(from: scoped)
+    }
+
+    private func buildDataset(
+        canonicalAccountKey: String?,
+        canonicalEmailHashKey: String?,
+        legacyEmailHash: String?,
+        hasAdjacentMultiAccountVeto: Bool) -> CodexHistoricalDataset?
+    {
+        guard let canonicalAccountKey else {
+            return self.buildDataset(accountKey: nil)
+        }
+
+        let shouldIncludeUnscoped = CodexHistoryOwnership.hasStrictSingleAccountContinuity(
+            scopedRawKeys: Self.scopedRawKeysRelevantToCodexUnscopedHistory(self.records),
+            targetCanonicalKey: canonicalAccountKey,
+            canonicalEmailHashKey: canonicalEmailHashKey,
+            legacyEmailHash: legacyEmailHash,
+            hasAdjacentMultiAccountVeto: hasAdjacentMultiAccountVeto)
+
+        let scoped = self.records.filter { record in
+            guard Self.isCodexSecondaryRecord(record) else { return false }
+            guard let rawKey = record.accountKey else {
+                return shouldIncludeUnscoped
+            }
+
+            let owner = CodexHistoryOwnership.classifyPersistedKey(rawKey, legacyEmailHash: legacyEmailHash)
+            return CodexHistoryOwnership.belongsToTargetContinuity(
+                owner,
+                targetCanonicalKey: canonicalAccountKey,
+                canonicalEmailHashKey: canonicalEmailHashKey)
+        }
+        return self.buildDataset(from: scoped)
+    }
+
+    private func buildDataset(from scoped: [HistoricalUsageRecord]) -> CodexHistoricalDataset? {
         struct WeekKey: Hashable {
             let resetsAt: Date
             let windowMinutes: Int
         }
 
-        let scoped = self.records
-            .filter { record in
-                guard record.provider == .codex, record.windowKind == .secondary, record.windowMinutes > 0 else {
-                    return false
-                }
-                if let accountKey {
-                    return record.accountKey == accountKey
-                }
-                return record.accountKey == nil
-            }
         if scoped.isEmpty { return nil }
 
         let grouped = Dictionary(grouping: scoped) {
@@ -398,6 +448,10 @@ actor HistoricalUsageHistoryStore {
         return CodexHistoricalDataset(weeks: weeks)
     }
 
+    private nonisolated static func isCodexSecondaryRecord(_ record: HistoricalUsageRecord) -> Bool {
+        record.provider == .codex && record.windowKind == .secondary && record.windowMinutes > 0
+    }
+
     private static func reconstructWeekCurve(
         samples: [HistoricalUsageRecord],
         windowStart: Date,
@@ -501,13 +555,51 @@ actor HistoricalUsageHistoryStore {
         return hasStartCoverage && hasEndCoverage
     }
 
+    private nonisolated static func scopedRawKeysRelevantToCodexUnscopedHistory(
+        _ records: [HistoricalUsageRecord]) -> [String]
+    {
+        let unscopedRecords = records.filter { record in
+            Self.isCodexSecondaryRecord(record) && record.accountKey == nil
+        }
+        guard let continuityWindow = self.historicalContinuityWindow(for: unscopedRecords) else {
+            return []
+        }
+
+        return records.compactMap { record in
+            guard Self.isCodexSecondaryRecord(record),
+                  let accountKey = record.accountKey,
+                  continuityWindow.contains(record.sampledAt)
+            else {
+                return nil
+            }
+            return accountKey
+        }
+    }
+
+    private nonisolated static func historicalContinuityWindow(
+        for records: [HistoricalUsageRecord]) -> ClosedRange<Date>?
+    {
+        let sampledDates = records.map(\.sampledAt)
+        guard let lowerBound = sampledDates.min(),
+              let upperBound = sampledDates.max()
+        else {
+            return nil
+        }
+        let expansion = TimeInterval(records.map(\.windowMinutes).max() ?? 0) * 60
+        return lowerBound.addingTimeInterval(-expansion)...upperBound.addingTimeInterval(expansion)
+    }
+
     private struct DayUsage {
         let start: Date
         let end: Date
         let creditsUsed: Double
     }
 
-    private static func parseDayUsages(from breakdown: [OpenAIDashboardDailyBreakdown], asOf: Date) -> [DayUsage] {
+    private static func parseDayUsages(
+        from breakdown: [OpenAIDashboardDailyBreakdown],
+        asOf: Date,
+        fillingFrom expectedCoverageStart: Date? = nil) -> [DayUsage]
+    {
         var creditsByStart: [Date: Double] = [:]
         creditsByStart.reserveCapacity(breakdown.count)
 
@@ -531,22 +623,34 @@ actor HistoricalUsageHistoryStore {
         }
 
         dayUsages.sort { lhs, rhs in lhs.start < rhs.start }
-        return Self.fillMissingZeroUsageDays(in: dayUsages, through: asOf)
+        return Self.fillMissingZeroUsageDays(
+            in: dayUsages,
+            through: asOf,
+            fillingFrom: expectedCoverageStart)
     }
 
-    private static func fillMissingZeroUsageDays(in dayUsages: [DayUsage], through asOf: Date) -> [DayUsage] {
+    private static func fillMissingZeroUsageDays(
+        in dayUsages: [DayUsage],
+        through asOf: Date,
+        fillingFrom expectedCoverageStart: Date? = nil) -> [DayUsage]
+    {
         guard let firstStart = dayUsages.first?.start else { return [] }
 
         let calendar = Self.gregorianCalendar()
+        let fillStart: Date = if let expectedCoverageStart {
+            min(firstStart, calendar.startOfDay(for: expectedCoverageStart))
+        } else {
+            firstStart
+        }
         let finalDayStart = calendar.startOfDay(for: asOf)
-        guard firstStart <= finalDayStart else { return dayUsages }
+        guard fillStart <= finalDayStart else { return dayUsages }
 
         let creditsByStart = Dictionary(uniqueKeysWithValues: dayUsages.map { ($0.start, $0.creditsUsed) })
-        let daySpan = max(0, calendar.dateComponents([.day], from: firstStart, to: finalDayStart).day ?? 0)
+        let daySpan = max(0, calendar.dateComponents([.day], from: fillStart, to: finalDayStart).day ?? 0)
         var filled: [DayUsage] = []
         filled.reserveCapacity(daySpan + 1)
 
-        var cursor = firstStart
+        var cursor = fillStart
         while cursor <= finalDayStart {
             guard let nominalEnd = calendar.date(byAdding: .day, value: 1, to: cursor) else { break }
             let effectiveEnd: Date = if cursor <= asOf, asOf < nominalEnd {
@@ -658,7 +762,7 @@ enum CodexHistoricalPaceEvaluator {
     static let minimumWeeksForRisk = 5
     private static let recencyTauWeeks: Double = 3
     private static let epsilon: Double = 1e-9
-    private static let resetBucketSeconds: TimeInterval = 60
+    private static let resetBucketSeconds: TimeInterval = 5 * 60
 
     static func evaluate(window: RateWindow, now: Date, dataset: CodexHistoricalDataset?) -> UsagePace? {
         guard let dataset else { return nil }
diff --git a/Sources/CodexBar/IconRemainingResolver.swift b/Sources/CodexBar/IconRemainingResolver.swift
new file mode 100644
index 000000000..6d2b0e2ca
--- /dev/null
+++ b/Sources/CodexBar/IconRemainingResolver.swift
@@ -0,0 +1,91 @@
+import CodexBarCore
+
+enum IconRemainingResolver {
+    private static func codexProjection(snapshot: UsageSnapshot) -> CodexConsumerProjection {
+        CodexConsumerProjection.make(
+            surface: .menuBar,
+            context: CodexConsumerProjection.Context(
+                snapshot: snapshot,
+                rawUsageError: nil,
+                liveCredits: nil,
+                rawCreditsError: nil,
+                liveDashboard: nil,
+                rawDashboardError: nil,
+                dashboardAttachmentAuthorized: false,
+                dashboardRequiresLogin: false,
+                now: snapshot.updatedAt))
+    }
+
+    private static func codexVisibleWindows(snapshot: UsageSnapshot) -> [RateWindow] {
+        let projection = self.codexProjection(snapshot: snapshot)
+        return projection.visibleRateLanes.compactMap { projection.rateWindow(for: $0) }
+    }
+
+    static func resolvedWindows(
+        snapshot: UsageSnapshot,
+        style: IconStyle)
+        -> (primary: RateWindow?, secondary: RateWindow?)
+    {
+        if style == .perplexity {
+            let windows = snapshot.orderedPerplexityDisplayWindows()
+            return (
+                primary: windows.first,
+                secondary: windows.dropFirst().first)
+        }
+        if style == .antigravity {
+            let windows = [snapshot.primary, snapshot.secondary, snapshot.tertiary].compactMap(\.self)
+            return (
+                primary: windows.first,
+                secondary: windows.dropFirst().first)
+        }
+        if style == .codex {
+            let windows = self.codexVisibleWindows(snapshot: snapshot)
+            return (
+                primary: windows.first,
+                secondary: windows.dropFirst().first)
+        }
+        return (
+            primary: snapshot.primary,
+            secondary: snapshot.secondary)
+    }
+
+    static func resolvedRemaining(
+        snapshot: UsageSnapshot,
+        style: IconStyle)
+        -> (primary: Double?, secondary: Double?)
+    {
+        if style == .perplexity {
+            let windows = snapshot.orderedPerplexityDisplayWindows()
+            return (
+                primary: windows.first?.remainingPercent,
+                secondary: windows.dropFirst().first?.remainingPercent)
+        }
+        if style == .antigravity {
+            let windows = [snapshot.primary, snapshot.secondary, snapshot.tertiary].compactMap(\.self)
+            return (
+                primary: windows.first?.remainingPercent,
+                secondary: windows.dropFirst().first?.remainingPercent)
+        }
+        if style == .codex {
+            let windows = self.codexVisibleWindows(snapshot: snapshot)
+            return (
+                primary: windows.first?.remainingPercent,
+                secondary: windows.dropFirst().first?.remainingPercent)
+        }
+        return (
+            primary: snapshot.primary?.remainingPercent,
+            secondary: snapshot.secondary?.remainingPercent)
+    }
+
+    static func resolvedPercents(
+        snapshot: UsageSnapshot,
+        style: IconStyle,
+        showUsed: Bool)
+        -> (primary: Double?, secondary: Double?)
+    {
+        let windows = Self.resolvedWindows(snapshot: snapshot, style: style)
+        return (
+            primary: showUsed ? windows.primary?.usedPercent : windows.primary?.remainingPercent,
+            secondary: showUsed ? windows.secondary?.usedPercent : windows.secondary?.remainingPercent)
+    }
+}
diff --git a/Sources/CodexBar/IconRenderer.swift b/Sources/CodexBar/IconRenderer.swift
index 9631fab49..77803c282 100644
--- a/Sources/CodexBar/IconRenderer.swift
+++ b/Sources/CodexBar/IconRenderer.swift
@@ -10,7 +10,7 @@ enum IconRenderer {
     private static let outputScale: CGFloat = 2
     private static let canvasPx = Int(outputSize.width * outputScale)
 
-    private struct PixelGrid: Sendable {
+    private struct PixelGrid {
         let scale: CGFloat
 
         func pt(_ px: Int) -> CGFloat {
@@ -88,7 +88,7 @@ enum IconRenderer {
         }
     }
 
-    private struct RectPx: Hashable, Sendable {
+    private struct RectPx: Hashable {
         let x: Int
         let y: Int
         let w: Int
@@ -125,8 +125,9 @@ enum IconRenderer {
         let shouldCache = blink <= 0.0001 && wiggle <= 0.0001 && tilt <= 0.0001
         let render = {
             self.renderImage(tintColor: tintColor) {
-                // When a tintColor is provided (macOS 26+), draw shapes directly in that color
-                // so the image is inherently colored. Otherwise use labelColor for template rendering.
+                // When a tintColor is provided (macOS 26+ Liquid Glass), draw shapes directly in that
+                // color so the bitmap has real RGB values. Otherwise use labelColor for template rendering
+                // tinted via the status button's contentTintColor.
                 let baseFill = tintColor ?? NSColor.labelColor
                 let trackFillAlpha: CGFloat = stale ? 0.18 : 0.28
                 let trackStrokeAlpha: CGFloat = stale ? 0.28 : 0.44
@@ -804,17 +805,6 @@ enum IconRenderer {
         self.styleKeyLookup[style] ?? 0
     }
 
-    private static func indicatorKey(_ indicator: ProviderStatusIndicator) -> Int {
-        switch indicator {
-        case .none: 0
-        case .minor: 1
-        case .major: 2
-        case .critical: 3
-        case .maintenance: 4
-        case .unknown: 5
-        }
-    }
-
     private static func tintColorHash(_ color: NSColor?) -> Int {
         guard let color else { return 0 }
         // Quantize to 256 buckets per channel to avoid cache explosion while preserving visual fidelity.
@@ -830,6 +820,17 @@ enum IconRenderer {
         return ri << 24 | gi << 16 | bi << 8 | ai
     }
 
+    private static func indicatorKey(_ indicator: ProviderStatusIndicator) -> Int {
+        switch indicator {
+        case .none: 0
+        case .minor: 1
+        case .major: 2
+        case .critical: 3
+        case .maintenance: 4
+        case .unknown: 5
+        }
+    }
+
     private static func morphCacheKey(progress: Double, style: IconStyle) -> NSNumber {
         let bucket = Int((progress * Double(self.morphBucketCount)).rounded())
         let key = self.styleKey(style) * 1000 + bucket
@@ -1031,13 +1032,16 @@ enum IconRenderer {
                 Self.withScaledContext(draw)
             }
             NSGraphicsContext.restoreGraphicsState()
-        }
-
-        if tintColor != nil {
-            image.isTemplate = false
         } else {
-            image.isTemplate = true
+            // Fallback to legacy focus if the bitmap rep fails for any reason.
+            image.lockFocus()
+            Self.withScaledContext(draw)
+            image.unlockFocus()
         }
+
+        // A colored icon must be non-template so macOS 26 Liquid Glass keeps its RGB pixels
+        // instead of re-rendering it as a monochrome template.
+        image.isTemplate = tintColor == nil
         return image
     }
 }
diff --git a/Sources/CodexBar/IconView.swift b/Sources/CodexBar/IconView.swift
deleted file mode 100644
index 26eb6463f..000000000
--- a/Sources/CodexBar/IconView.swift
+++ /dev/null
@@ -1,122 +0,0 @@
-import CodexBarCore
-import SwiftUI
-
-@MainActor
-struct IconView: View {
-    let snapshot: UsageSnapshot?
-    let creditsRemaining: Double?
-    let isStale: Bool
-    let showLoadingAnimation: Bool
-    let style: IconStyle
-    @State private var phase: CGFloat = 0
-    @State private var displayLink = DisplayLinkDriver()
-    @State private var pattern: LoadingPattern = .knightRider
-    @State private var debugCycle = false
-    @State private var cycleIndex = 0
-    @State private var cycleCounter = 0
-    private let loadingFPS: Double = 12
-    // Advance to next pattern every N ticks when debug cycling.
-    private let cycleIntervalTicks = 20
-    private let patterns = LoadingPattern.allCases
-
-    private var isLoading: Bool {
-        self.showLoadingAnimation && self.snapshot == nil
-    }
-
-    var body: some View {
-        Group {
-            if let snapshot {
-                Image(nsImage: IconRenderer.makeIcon(
-                    primaryRemaining: snapshot.primary?.remainingPercent,
-                    weeklyRemaining: snapshot.secondary?.remainingPercent,
-                    creditsRemaining: self.creditsRemaining,
-                    stale: self.isStale,
-                    style: self.style))
-                    .renderingMode(.original)
-                    .interpolation(.none)
-                    .frame(width: 20, height: 18, alignment: .center)
-                    .padding(.horizontal, 2)
-            } else if self.showLoadingAnimation {
-                // Loading: animate bars with the current pattern until data arrives.
-                Image(nsImage: self.loadingImage)
-                    .renderingMode(.original)
-                    .interpolation(.none)
-                    .frame(width: 20, height: 18, alignment: .center)
-                    .padding(.horizontal, 2)
-                    .onChange(of: self.displayLink.tick) { _, _ in
-                        self.phase += 0.09 // half-speed animation
-                        if self.debugCycle {
-                            self.cycleCounter += 1
-                            if self.cycleCounter >= self.cycleIntervalTicks {
-                                self.cycleCounter = 0
-                                self.cycleIndex = (self.cycleIndex + 1) % self.patterns.count
-                                self.pattern = self.patterns[self.cycleIndex]
-                            }
-                        }
-                    }
-            } else {
-                // No animation when usage/account is unavailable; show empty tracks.
-                Image(nsImage: IconRenderer.makeIcon(
-                    primaryRemaining: nil,
-                    weeklyRemaining: nil,
-                    creditsRemaining: self.creditsRemaining,
-                    stale: self.isStale,
-                    style: self.style))
-                    .renderingMode(.original)
-                    .interpolation(.none)
-                    .frame(width: 20, height: 18, alignment: .center)
-                    .padding(.horizontal, 2)
-            }
-        }
-        .onChange(of: self.isLoading, initial: true) { _, isLoading in
-            if isLoading {
-                self.displayLink.start(fps: self.loadingFPS)
-                if !self.debugCycle {
-                    self.pattern = self.patterns.randomElement() ?? .knightRider
-                }
-            } else {
-                self.displayLink.stop()
-                self.debugCycle = false
-                self.phase = 0
-            }
-        }
-        .onDisappear { self.displayLink.stop() }
-        .onReceive(NotificationCenter.default.publisher(for: .codexbarDebugReplayAllAnimations)) { notification in
-            if let raw = notification.userInfo?["pattern"] as? String,
-               let selected = LoadingPattern(rawValue: raw)
-            {
-                self.debugCycle = false
-                self.pattern = selected
-                self.cycleIndex = self.patterns.firstIndex(of: selected) ?? 0
-            } else {
-                self.debugCycle = true
-                self.cycleIndex = 0
-                self.pattern = self.patterns.first ?? .knightRider
-            }
-            self.cycleCounter = 0
-            self.phase = 0
-        }
-    }
-
-    private var loadingPrimary: Double {
-        self.pattern.value(phase: Double(self.phase))
-    }
-
-    private var loadingSecondary: Double {
-        self.pattern.value(phase: Double(self.phase + self.pattern.secondaryOffset))
-    }
-
-    private var loadingImage: NSImage {
-        if self.pattern == .unbraid {
-            let progress = self.loadingPrimary / 100
-            return IconRenderer.makeMorphIcon(progress: progress, style: self.style)
-        } else {
-            return IconRenderer.makeIcon(
-                primaryRemaining: self.loadingPrimary,
-                weeklyRemaining: self.loadingSecondary,
-                creditsRemaining: nil,
-                stale: false,
-                style: self.style)
-        }
-    }
-}
diff --git a/Sources/CodexBar/InlineUsageDashboardContent.swift b/Sources/CodexBar/InlineUsageDashboardContent.swift
new file mode 100644
index 000000000..0437288b5
--- /dev/null
+++ b/Sources/CodexBar/InlineUsageDashboardContent.swift
@@ -0,0 +1,669 @@
+import CodexBarCore
+import SwiftUI
+
+struct InlineUsageDashboardModel: Equatable {
+    struct KPI: Equatable {
+        let title: String
+        let value: String
+        let emphasis: Bool
+    }
+
+    struct Point: Equatable, Identifiable {
+        let id: String
+        let label: String
+        let value: Double
+        let accessibilityValue: String
+    }
+
+    enum ValueStyle: Equatable {
+        case currencyUSD
+        case currency(symbol: String)
+        case tokens
+    }
+
+    let accessibilityLabel: String
+    let valueStyle: ValueStyle
+    let kpis: [KPI]
+    let points: [Point]
+    let detailLines: [String]
+}
+
+extension UsageMenuCardView.Model {
+    static func apiProviderUsageNotes(input: Input) -> [String]? {
+        if input.provider == .openai,
+           let usage = input.snapshot?.openAIAPIUsage
+        {
+            return self.openAIAPIUsageNotes(usage)
+        }
+
+        if input.provider == .deepgram,
+           let usage = input.snapshot?.deepgramUsage
+        {
+            return usage.displayLines
+        }
+
+        if input.provider == .minimax,
+           input.showOptionalCreditsAndExtraUsage,
+           let billing = input.snapshot?.minimaxUsage?.billingSummary
+        {
+            return [
+                String(format: L("Today: %@ tokens"), UsageFormatter.tokenCountString(billing.todayTokens)),
+                String(
+                    format: L("Last 30 days: %@ tokens"),
+                    UsageFormatter.tokenCountString(billing.last30DaysTokens)),
+            ]
+        }
+
+        if input.provider == .deepseek,
+           input.showOptionalCreditsAndExtraUsage,
+           let usage = input.snapshot?.deepseekUsage
+        {
+            let symbol = usage.currency == "CNY" ? "¥" : "$"
+            let todayCostStr = usage.todayCost.map { "\(symbol)\(String(format: "%.4f", max(0, $0)))" } ?? "—"
+            return [
+                String(
+                    format: L("Today: %@ · %@ tokens"),
+                    todayCostStr,
+                    UsageFormatter.tokenCountString(usage.todayTokens)),
+                String(format: L("This month: %@ tokens"), UsageFormatter.tokenCountString(usage.currentMonthTokens)),
+            ]
+        }
+
+        if input.provider == .ollama,
+           input.snapshot?.identity?.loginMethod == "API key"
+        {
+            return [L("API key verified. Ollama does not expose Cloud quota limits through the API.")]
+        }
+
+        return nil
+    }
+
+    static func openAIAPIUsageNotes(_ usage: OpenAIAPIUsageSnapshot) -> [String] {
+        let today = usage.latestDay
+        let seven = usage.last7Days
+        let thirty = usage.last30Days
+        let historyLabel = usage.historyWindowLabel
+        let todayNote = String(
+            format: L("Today: %@ · %@ tokens"),
+            UsageFormatter.usdString(today.costUSD),
+            UsageFormatter.tokenCountString(today.totalTokens))
+        let sevenDayNote = "7d: \(UsageFormatter.usdString(seven.costUSD)) · " +
+            "\(UsageFormatter.tokenCountString(seven.requests)) \(L("requests"))"
+        let thirtyDayNote =
+            "\(historyLabel): \(UsageFormatter.tokenCountString(thirty.totalTokens)) \(L("tokens")) · " +
+            "\(UsageFormatter.tokenCountString(thirty.requests)) \(L("requests"))"
+        var notes: [String] = [
+            todayNote,
+            sevenDayNote,
+            thirtyDayNote,
+        ]
+        if let topModel = usage.topModels.first {
+            notes.append("\(L("Top model")): \(topModel.name)")
+        }
+        return notes
+    }
+
+    static func inlineUsageDashboard(input: Input) -> InlineUsageDashboardModel? {
+        if self.usesProviderCostHistoryAsPrimaryDashboard(input.provider),
+           let tokenSnapshot = primaryCostHistorySnapshot(input: input),
+           !tokenSnapshot.daily.isEmpty
+        {
+            return self.costHistoryInlineDashboard(provider: input.provider, snapshot: tokenSnapshot)
+        }
+        if input.provider == .claude,
+           let usage = input.snapshot?.claudeAdminAPIUsage
+        {
+            return Self.claudeAdminAPIInlineDashboard(usage)
+        }
+        if input.provider == .openrouter,
+           let usage = input.snapshot?.openRouterUsage
+        {
+            return Self.openRouterInlineDashboard(usage)
+        }
+        if input.provider == .zai,
+           let modelUsage = input.snapshot?.zaiUsage?.modelUsage
+        {
+            return Self.zaiInlineDashboard(modelUsage: modelUsage, now: input.now)
+        }
+        if input.provider == .minimax,
+           input.showOptionalCreditsAndExtraUsage,
+           let billing = input.snapshot?.minimaxUsage?.billingSummary,
+           !billing.daily.isEmpty
+        {
+            return Self.minimaxInlineDashboard(billing)
+        }
+        if input.provider == .deepseek,
+           input.showOptionalCreditsAndExtraUsage,
+           let usage = input.snapshot?.deepseekUsage,
+           !usage.daily.isEmpty
+        {
+            return Self.deepseekInlineDashboard(usage)
+        }
+        if [.codex, .claude, .vertexai, .bedrock].contains(input.provider),
+           input.tokenCostUsageEnabled,
+           let tokenSnapshot = input.tokenSnapshot,
+           !tokenSnapshot.daily.isEmpty
+        {
+            return Self.costHistoryInlineDashboard(provider: input.provider, snapshot: tokenSnapshot)
+        }
+        return nil
+    }
+
+    static func usesProviderCostHistoryAsPrimaryDashboard(_ provider: UsageProvider) -> Bool {
+        provider == .openai || provider == .mistral
+    }
+
+    static func primaryCostHistorySnapshot(input: Input) -> CostUsageTokenSnapshot? {
+        switch input.provider {
+        case .openai:
+            if let projected = input.snapshot?.openAIAPIUsage?.toCostUsageTokenSnapshot() {
+                return projected
+            }
+            return input.snapshot == nil ? input.tokenSnapshot : nil
+        case .mistral:
+            if let projected = input.snapshot?.mistralUsage?.toCostUsageTokenSnapshot() {
+                return projected
+            }
+            return input.snapshot == nil ? input.tokenSnapshot : nil
+        default:
+            return input.tokenSnapshot
+        }
+    }
+
+    private static func costHistoryInlineDashboard(
+        provider: UsageProvider,
+        snapshot: CostUsageTokenSnapshot) -> InlineUsageDashboardModel
+    {
+        let historyDays = max(1, min(365, snapshot.historyDays))
+        let historyTitle = snapshot.historyLabel
+            ?? (historyDays == 1
+                ? L("Today")
+                : historyDays == 30
+                ? L("30d cost")
+                : "\(String(format: L("Last %d days"), historyDays)) \(L("Cost"))")
+        let tokenHistoryTitle = snapshot.historyLabel.map { "\($0) \(L("tokens"))" }
+            ?? (historyDays == 1
+                ? L("Today tokens")
+                : historyDays == 30
+                ? L("30d tokens")
+                : String(format: L("%@ tokens"), String(format: L("Last %d days"), historyDays)))
+        let requestHistoryTitle = snapshot.historyLabel.map { "\($0) \(L("requests"))" }
+            ?? (historyDays == 1
+                ? L("Today requests")
+                : historyDays == 30
+                ? L("30d requests")
+                : String(format: L("%@ requests"), String(format: L("Last %d days"), historyDays)))
+        let periodLabel = snapshot.historyLabel?.lowercased()
+            ?? (historyDays == 1 ? "today" : "\(historyDays) day")
+        let points = snapshot.daily.suffix(historyDays).compactMap { entry -> InlineUsageDashboardModel.Point? in
+            guard let cost = entry.costUSD else { return nil }
+            return InlineUsageDashboardModel.Point(
+                id: entry.date,
+                label: Self.shortDayLabel(entry.date),
+                value: cost,
+                accessibilityValue: "\(entry.date): \(Self.costString(cost, currencyCode: snapshot.currencyCode))")
+        }
+        let latest = snapshot.daily.max { lhs, rhs in lhs.date < rhs.date }
+        var details: [String] = []
+        if let topModel = Self.topCostModel(from: snapshot.daily) {
+            details.append("\(L("Top model")): \(Self.shortModelName(topModel))")
+        }
+        if let requestCount = snapshot.last30DaysRequests {
+            details.append("\(requestHistoryTitle): \(UsageFormatter.tokenCountString(requestCount)) \(L("requests"))")
+        }
+        if let hint = Self.tokenUsageHint(provider: provider) {
+            details.append(hint)
+        } else {
+            details.append(L("cost_estimate_hint"))
+        }
+        let providerName = ProviderDefaults.metadata[provider]?.displayName ?? provider.rawValue
+        return InlineUsageDashboardModel(
+            accessibilityLabel: "\(providerName) \(periodLabel) cost trend",
+            valueStyle: Self.costValueStyle(currencyCode: snapshot.currencyCode),
+            kpis: [
+                .init(
+                    title: provider == .bedrock || provider == .mistral ? L("Latest") : L("Today"),
+                    value: latest?.costUSD.map { Self.costString($0, currencyCode: snapshot.currencyCode) } ?? "—",
+                    emphasis: true),
+                .init(
+                    title: historyTitle,
+                    value: snapshot.last30DaysCostUSD
+                        .map { Self.costString($0, currencyCode: snapshot.currencyCode) } ?? "—",
+                    emphasis: false),
+                .init(
+                    title: tokenHistoryTitle,
+                    value: snapshot.last30DaysTokens.map(UsageFormatter.tokenCountString) ?? "—",
+                    emphasis: false),
+            ] + Self.costHistoryTrailingKPIs(snapshot: snapshot, latest: latest),
+            points: points,
+            detailLines: details)
+    }
+
+    private static func costHistoryTrailingKPIs(
+        snapshot: CostUsageTokenSnapshot,
+        latest: CostUsageDailyReport.Entry?)
+        -> [InlineUsageDashboardModel.KPI]
+    {
+        if let requests = snapshot.last30DaysRequests {
+            return [
+                .init(
+                    title: L("Requests"),
+                    value: UsageFormatter.tokenCountString(requests),
+                    emphasis: false),
+            ]
+        }
+        return [
+            .init(
+                title: L("Latest tokens"),
+                value: latest?.totalTokens.map(UsageFormatter.tokenCountString) ?? "—",
+                emphasis: false),
+        ]
+    }
+
+    fileprivate static func claudeAdminAPIInlineDashboard(_ usage: ClaudeAdminAPIUsageSnapshot)
+        -> InlineUsageDashboardModel
+    {
+        let today = usage.latestDay
+        let last7 = usage.last7Days
+        let last30 = usage.last30Days
+        let points = usage.daily.suffix(30).map {
+            InlineUsageDashboardModel.Point(
+                id: $0.day,
+                label: Self.shortDayLabel($0.day),
+                value: $0.costUSD,
+                accessibilityValue: "\($0.day): \(UsageFormatter.usdString($0.costUSD))")
+        }
+        var details = [
+            "30d: \(UsageFormatter.tokenCountString(last30.totalTokens)) \(L("tokens"))",
+            "\(L("Cache read")): \(UsageFormatter.tokenCountString(last30.cacheReadInputTokens)) \(L("tokens"))",
+        ]
+        if let topModel = usage.topModels.first {
+            details.append("\(L("Top model")): \(Self.shortModelName(topModel.name))")
+        }
+        return InlineUsageDashboardModel(
+            accessibilityLabel: L("Claude Admin API 30 day spend trend"),
+            valueStyle: .currencyUSD,
+            kpis: [
+                .init(title: L("Today"), value: UsageFormatter.usdString(today.costUSD), emphasis: true),
+                .init(title: L("7d spend"), value: UsageFormatter.usdString(last7.costUSD), emphasis: false),
+                .init(
+                    title: L("30d spend"),
+                    value: UsageFormatter.usdString(last30.costUSD),
+                    emphasis: false),
+                .init(
+                    title: L("Today tokens"),
+                    value: UsageFormatter.tokenCountString(today.totalTokens),
+                    emphasis: false),
+            ],
+            points: points,
+            detailLines: details)
+    }
+
+    private static func openRouterInlineDashboard(_ usage: OpenRouterUsageSnapshot) -> InlineUsageDashboardModel? {
+        let periodValues: [(String, String, Double?)] = [
+            ("day", L("Today"), usage.keyUsageDaily),
+            ("week", L("Week"), usage.keyUsageWeekly),
+            ("month", L("Month"), usage.keyUsageMonthly),
+        ]
+        let points = periodValues.compactMap { id, label, value -> InlineUsageDashboardModel.Point? in
+            guard let value else { return nil }
+            return InlineUsageDashboardModel.Point(
+                id: id,
+                label: label,
+                value: value,
+                accessibilityValue: "\(label): \(Self.openRouterCurrencyString(value))")
+        }
+        guard !points.isEmpty else { return nil }
+        var details: [String] = []
+        if let rate = usage.rateLimit {
+            details.append(String(format: L("Rate limit: %d / %@"), rate.requests, rate.interval))
+        }
+        switch usage.keyQuotaStatus {
+        case .available:
+            if let remaining = usage.keyRemaining {
+                details.append("\(L("Key remaining")): \(Self.openRouterCurrencyString(remaining))")
+            }
+        case .noLimitConfigured:
+            details.append(L("No limit set for the API key"))
+        case .unavailable:
+            details.append(L("API key limit unavailable right now"))
+        }
+        return InlineUsageDashboardModel(
+            accessibilityLabel: L("OpenRouter API key spend trend"),
+            valueStyle: .currencyUSD,
+            kpis: [
+                .init(title: L("Balance"), value: Self.openRouterCurrencyString(usage.balance), emphasis: true),
+                .init(
+                    title: L("Today"),
+                    value: usage.keyUsageDaily.map(Self.openRouterCurrencyString) ?? "—",
+                    emphasis: false),
+                .init(
+                    title: L("Week"),
+                    value: usage.keyUsageWeekly.map(Self.openRouterCurrencyString) ?? "—",
+                    emphasis: false),
+                .init(
+                    title: L("Month"),
+                    value: usage.keyUsageMonthly.map(Self.openRouterCurrencyString) ?? "—",
+                    emphasis: false),
+            ],
+            points: points,
+            detailLines: details)
+    }
+
+    private static func zaiInlineDashboard(modelUsage: ZaiModelUsageData, now: Date) -> InlineUsageDashboardModel? {
+        let bars = ZaiHourlyBars.from(modelData: modelUsage, range: .last24h, now: now)
+        guard !bars.isEmpty else { return nil }
+        let total = bars.reduce(0) { $0 + $1.totalTokens }
+        let latest = bars.last
+        let peak = bars.max { $0.totalTokens < $1.totalTokens }
+        let points = bars.enumerated().map { index, bar in
+            InlineUsageDashboardModel.Point(
+                id: "\(index)-\(bar.label)",
+                label: bar.label,
+                value: Double(bar.totalTokens),
+                accessibilityValue: "\(bar.label): \(UsageFormatter.tokenCountString(bar.totalTokens)) \(L("tokens"))")
+        }
+        let topModel = Self.topZaiModel(from: bars)
+        return InlineUsageDashboardModel(
+            accessibilityLabel: L("z.ai hourly token trend"),
+            valueStyle: .tokens,
+            kpis: [
+                .init(title: L("24h tokens"), value: UsageFormatter.tokenCountString(total), emphasis: true),
+                .init(
+                    title: L("Latest hour"),
+                    value: latest.map { UsageFormatter.tokenCountString($0.totalTokens) } ?? "—",
+                    emphasis: false),
+                .init(
+                    title: L("Peak hour"),
+                    value: peak.map { UsageFormatter.tokenCountString($0.totalTokens) } ?? "—",
+                    emphasis: false),
+                .init(title: L("Models"), value: "\(modelUsage.modelNames.count)", emphasis: false),
+            ],
+            points: points,
+            detailLines: topModel.map { ["\(L("Top model")): \(Self.shortModelName($0))"] } ?? [])
+    }
+
+    private static func minimaxInlineDashboard(_ billing: MiniMaxBillingSummary) -> InlineUsageDashboardModel {
+        let points = billing.daily.suffix(30).map {
+            InlineUsageDashboardModel.Point(
+                id: $0.day,
+                label: Self.shortDayLabel($0.day),
+                value: Double($0.tokens),
+                accessibilityValue: "\($0.day): \(UsageFormatter.tokenCountString($0.tokens)) \(L("tokens"))")
+        }
+        var details = [L("30d billing history from MiniMax web session")]
+        if let topModel = billing.topModels.first {
+            details.append("\(L("Top model")): \(Self.shortModelName(topModel.name))")
+        }
+        if let topMethod = billing.topMethods.first {
+            details.append("\(L("Top method")): \(Self.shortModelName(topMethod.name))")
+        }
+        if let cash = billing.last30DaysCash {
+            details.append("\(L("30d cash")): \(Self.minimaxCashString(cash))")
+        }
+        return InlineUsageDashboardModel(
+            accessibilityLabel: L("MiniMax 30 day token usage trend"),
+            valueStyle: .tokens,
+            kpis: [
+                .init(
+                    title: L("Today"),
+                    value: UsageFormatter.tokenCountString(billing.todayTokens),
+                    emphasis: true),
+                .init(
+                    title: L("30d tokens"),
+                    value: UsageFormatter.tokenCountString(billing.last30DaysTokens),
+                    emphasis: false),
+                .init(
+                    title: L("Today cash"),
+                    value: billing.todayCash.map(Self.minimaxCashString) ?? "—",
+                    emphasis: false),
+                .init(
+                    title: L("Models"),
+                    value: "\(billing.topModels.count)",
+                    emphasis: false),
+            ],
+            points: points,
+            detailLines: details)
+    }
+
+    private static func deepseekInlineDashboard(_ usage: DeepSeekUsageSummary) -> InlineUsageDashboardModel {
+        let symbol = usage.currency == "CNY" ? "¥" : "$"
+        let points = usage.daily.suffix(30).map {
+            InlineUsageDashboardModel.Point(
+                id: $0.date,
+                label: Self.shortDayLabel($0.date),
+                value: Double($0.totalTokens),
+                accessibilityValue: "\($0.date): \(UsageFormatter.tokenCountString($0.totalTokens)) \(L("tokens"))")
+        }
+        var details: [String] = []
+        if let topModel = usage.topModel {
+            details.append("\(L("Top model")): \(Self.shortModelName(topModel))")
+        }
+        if let cacheHit = usage.categoryBreakdown.first(where: { $0.category == .promptCacheHitToken }) {
+            details.append("\(L("cache-hit input")): \(UsageFormatter.tokenCountString(cacheHit.tokens))")
+        }
+        if let cacheMiss = usage.categoryBreakdown.first(where: { $0.category == .promptCacheMissToken }) {
+            details.append("\(L("cache-miss input")): \(UsageFormatter.tokenCountString(cacheMiss.tokens))")
+        }
+        if let output = usage.categoryBreakdown.first(where: { $0.category == .responseToken }) {
+            details.append("\(L("output")): \(UsageFormatter.tokenCountString(output.tokens))")
+        }
+        details.append("\(L("requests")): \(usage.currentMonthRequestCount)")
+
+        let todayCostStr = usage.todayCost.map { "\(symbol)\(String(format: "%.4f", max(0, $0)))" } ?? "—"
+        let monthCostStr = usage.currentMonthCost.map { "\(symbol)\(String(format: "%.4f", max(0, $0)))" } ?? "—"
+        let monthTokensStr = UsageFormatter.tokenCountString(usage.currentMonthTokens)
+
+        return InlineUsageDashboardModel(
+            accessibilityLabel: L("DeepSeek 30 day token usage trend"),
+            valueStyle: .tokens,
+            kpis: [
+                .init(
+                    title: L("Today"),
+                    value: "\(todayCostStr) · \(UsageFormatter.tokenCountString(usage.todayTokens))",
+                    emphasis: true),
+                .init(
+                    title: L("This month"),
+                    value: "\(monthCostStr) · \(monthTokensStr)",
+                    emphasis: false),
+                .init(
+                    title: L("Models"),
+                    value: usage.topModel.map { Self.shortModelName($0) } ?? "—",
+                    emphasis: false),
+                .init(
+                    title: L("Requests"),
+                    value: "\(usage.currentMonthRequestCount)",
+                    emphasis: false),
+            ],
+            points: points,
+            detailLines: details)
+    }
+
+    private static func topMistralModel(from entries: [MistralDailyUsageBucket]) -> String? {
+        var tokens: [String: Int] = [:]
+        for entry in entries {
+            for model in entry.models {
+                tokens[model.name, default: 0] += model.totalTokens
+            }
+        }
+        return tokens.max {
+            if $0.value == $1.value { return $0.key > $1.key }
+            return $0.value < $1.value
+        }?.key
+    }
+
+    private static func topZaiModel(from bars: [ZaiHourlyBar]) -> String? {
+        var tokens: [String: Int] = [:]
+        for bar in bars {
+            for segment in bar.segments {
+                tokens[segment.model, default: 0] += segment.tokens
+            }
+        }
+        return tokens.max {
+            if $0.value == $1.value { return $0.key > $1.key }
+            return $0.value < $1.value
+        }?.key
+    }
+
+    private static func openRouterCurrencyString(_ value: Double) -> String {
+        String(format: "$%.2f", value)
+    }
+
+    private static func minimaxCashString(_ value: Double) -> String {
+        String(format: "%.2f", max(0, value))
+    }
+
+    private static func costString(_ value: Double, currencyCode: String) -> String {
+        UsageFormatter.currencyString(value, currencyCode: currencyCode)
+    }
+
+    private static func costValueStyle(currencyCode: String) -> InlineUsageDashboardModel.ValueStyle {
+        if currencyCode == "USD" { return .currencyUSD }
+        let formatter = NumberFormatter()
+        formatter.numberStyle = .currency
+        formatter.currencyCode = currencyCode
+        formatter.locale = Locale(identifier: "en_US")
+        let symbol = formatter.currencySymbol ?? currencyCode
+        return .currency(symbol: symbol)
+    }
+
+    private static func shortDayLabel(_ day: String) -> String {
+        let pieces = day.split(separator: "-")
+        guard pieces.count == 3, let rawDay = Int(pieces[2]) else { return day }
+        return "\(rawDay)"
+    }
+
+    private static func shortModelName(_ name: String) -> String {
+        let trimmed = name.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard trimmed.count > 26 else { return trimmed }
+        return String(trimmed.prefix(25)) + "…"
+    }
+
+    private static func topCostModel(from entries: [CostUsageDailyReport.Entry]) -> String? {
+        var scores: [String: (cost: Double, tokens: Int)] = [:]
+        for entry in entries {
+            for model in entry.modelBreakdowns ?? [] {
+                var score = scores[model.modelName] ?? (0, 0)
+                score.cost += model.costUSD ?? 0
+                score.tokens += model.totalTokens ?? 0
+                scores[model.modelName] = score
+            }
+        }
+        return scores.max {
+            if $0.value.cost == $1.value.cost { return $0.value.tokens < $1.value.tokens }
+            return $0.value.cost < $1.value.cost
+        }?.key
+    }
+}
+
+struct InlineUsageDashboardContent: View {
+    private let model: InlineUsageDashboardModel
+    @Environment(\.menuItemHighlighted) private var isHighlighted
+
+    init(model: InlineUsageDashboardModel) {
+        self.model = model
+    }
+
+    var body: some View {
+        VStack(alignment: .leading, spacing: 10) {
+            self.kpis
+            MiniUsageBars(model: self.model)
+                .frame(height: 58)
+                .accessibilityLabel(self.model.accessibilityLabel)
+            self.detailLines
+        }
+        .frame(maxWidth: .infinity, alignment: .leading)
+    }
+
+    private var kpis: some View {
+        LazyVGrid(
+            columns: [
+                GridItem(.flexible(minimum: 118), alignment: .leading),
+                GridItem(.flexible(minimum: 100), alignment: .leading),
+            ],
+            alignment: .leading,
+            spacing: 6)
+        {
+            ForEach(Array(self.model.kpis.enumerated()), id: \.offset) { _, kpi in
+                KPIBlock(title: kpi.title, value: kpi.value, emphasis: kpi.emphasis)
+            }
+        }
+    }
+
+    private var detailLines: some View {
+        VStack(alignment: .leading, spacing: 3) {
+            ForEach(Array(self.model.detailLines.enumerated()), id: \.offset) { _, line in
+                Text(line)
+                    .font(.caption)
+                    .foregroundStyle(MenuHighlightStyle.secondary(self.isHighlighted))
+                    .lineLimit(1)
+            }
+        }
+    }
+
+    private struct KPIBlock: View {
+        let title: String
+        let value: String
+        let emphasis: Bool
+        @Environment(\.menuItemHighlighted) private var isHighlighted
+
+        var body: some View {
+            VStack(alignment: .leading, spacing: 1) {
+                Text(self.title)
+                    .font(.caption2)
+                    .foregroundStyle(MenuHighlightStyle.secondary(self.isHighlighted))
+                    .lineLimit(1)
+                Text(self.value)
+                    .font(self.emphasis ? .headline : .subheadline)
+                    .fontWeight(.semibold)
+                    .foregroundStyle(MenuHighlightStyle.primary(self.isHighlighted))
+                    .lineLimit(1)
+                    .minimumScaleFactor(0.72)
+            }
+            .frame(maxWidth: .infinity, alignment: .leading)
+        }
+    }
+
+    private struct MiniUsageBars: View {
+        let model: InlineUsageDashboardModel
+        @Environment(\.menuItemHighlighted) private var isHighlighted
+
+        var body: some View {
+            let maxValue = max(self.model.points.map(\.value).max() ?? 0, 1)
+            HStack(alignment: .bottom, spacing: 2) {
+                ForEach(self.model.points) { point in
+                    RoundedRectangle(cornerRadius: 1.5, style: .continuous)
+                        .fill(self.fill(for: point, maxValue: maxValue))
+                        .frame(maxWidth: .infinity)
+                        .frame(height: self.height(for: point, maxValue: maxValue))
+                        .accessibilityLabel(point.accessibilityValue)
+                }
+            }
+            .frame(maxWidth: .infinity, maxHeight: .infinity, alignment: .bottom)
+            .overlay(alignment: .bottomLeading) {
+                Rectangle()
+                    .fill(MenuHighlightStyle.secondary(self.isHighlighted).opacity(0.22))
+                    .frame(height: 1)
+            }
+        }
+
+        private func height(for point: InlineUsageDashboardModel.Point, maxValue: Double) -> CGFloat {
+            let ratio = point.value / maxValue
+            guard ratio > 0 else { return 1 }
+            return CGFloat(max(3, min(58, ratio * 58)))
+        }
+
+        private func fill(for point: InlineUsageDashboardModel.Point, maxValue: Double) -> Color {
+            let ratio = max(0.18, min(1, point.value / maxValue))
+            if self.isHighlighted {
+                return Color.white.opacity(0.55 + ratio * 0.35)
+            }
+            switch self.model.valueStyle {
+            case .currencyUSD, .currency:
+                return Color(red: 0.81, green: 0.56, blue: 0.24).opacity(0.42 + ratio * 0.58)
+            case .tokens:
+                return Color(red: 0.48, green: 0.41, blue: 0.86).opacity(0.42 + ratio * 0.58)
+            }
+        }
+    }
+}
diff --git a/Sources/CodexBar/KeychainMigration.swift b/Sources/CodexBar/KeychainMigration.swift
index edb9fc1ba..51bf840ca 100644
--- a/Sources/CodexBar/KeychainMigration.swift
+++ b/Sources/CodexBar/KeychainMigration.swift
@@ -8,7 +8,7 @@ enum KeychainMigration {
     private static let log = CodexBarLog.logger(LogCategories.keychainMigration)
     private static let migrationKey = "KeychainMigrationV1Completed"
 
-    struct MigrationItem: Hashable, Sendable {
+    struct MigrationItem: Hashable {
         let service: String
         let account: String?
 
diff --git a/Sources/CodexBar/KeychainPromptCoordinator.swift b/Sources/CodexBar/KeychainPromptCoordinator.swift
index a6add39ab..7a4586514 100644
--- a/Sources/CodexBar/KeychainPromptCoordinator.swift
+++ b/Sources/CodexBar/KeychainPromptCoordinator.swift
@@ -2,6 +2,58 @@ import AppKit
 import CodexBarCore
 import SweetCookieKit
 
+private enum KeychainPromptMessage {
+    static let browserCookie =
+        "CodexBar will ask macOS Keychain for “%@” so it can decrypt browser cookies " +
+        "and authenticate your account. Click OK to continue."
+
+    static let claudeOAuth =
+        "CodexBar will ask macOS Keychain for the Claude Code OAuth token " +
+        "so it can fetch your Claude usage. Click OK to continue."
+    static let codexCookie =
+        "CodexBar will ask macOS Keychain for your OpenAI cookie header " +
+        "so it can fetch Codex dashboard extras. Click OK to continue."
+    static let claudeCookie =
+        "CodexBar will ask macOS Keychain for your Claude cookie header " +
+        "so it can fetch Claude web usage. Click OK to continue."
+    static let cursorCookie =
+        "CodexBar will ask macOS Keychain for your Cursor cookie header " +
+        "so it can fetch usage. Click OK to continue."
+    static let openCodeCookie =
+        "CodexBar will ask macOS Keychain for your OpenCode cookie header " +
+        "so it can fetch usage. Click OK to continue."
+    static let factoryCookie =
+        "CodexBar will ask macOS Keychain for your Factory cookie header " +
+        "so it can fetch usage. Click OK to continue."
+    static let zaiToken =
+        "CodexBar will ask macOS Keychain for your z.ai API token " +
+        "so it can fetch usage. Click OK to continue."
+    static let syntheticToken =
+        "CodexBar will ask macOS Keychain for your Synthetic API key " +
+        "so it can fetch usage. Click OK to continue."
+    static let copilotToken =
+        "CodexBar will ask macOS Keychain for your GitHub Copilot token " +
+        "so it can fetch usage. Click OK to continue."
+    static let kimiToken =
+        "CodexBar will ask macOS Keychain for your Kimi auth token " +
+        "so it can fetch usage. Click OK to continue."
+    static let kimiK2Token =
+        "CodexBar will ask macOS Keychain for your Kimi K2 API key " +
+        "so it can fetch usage. Click OK to continue."
+    static let minimaxCookie =
+        "CodexBar will ask macOS Keychain for your MiniMax cookie header " +
+        "so it can fetch usage. Click OK to continue."
+    static let minimaxToken =
+        "CodexBar will ask macOS Keychain for your MiniMax API token " +
+        "so it can fetch usage. Click OK to continue."
+    static let augmentCookie =
+        "CodexBar will ask macOS Keychain for your Augment cookie header " +
+        "so it can fetch usage. Click OK to continue."
+    static let ampCookie =
+        "CodexBar will ask macOS Keychain for your Amp cookie header " +
+        "so it can fetch usage. Click OK to continue."
+}
+
 enum KeychainPromptCoordinator {
     private static let promptLock = NSLock()
     private static let log = CodexBarLog.logger(LogCategories.keychainPrompt)
@@ -22,93 +74,47 @@ enum KeychainPromptCoordinator {
     }
 
     private static func presentBrowserCookiePrompt(_ context: BrowserCookieKeychainPromptContext) {
-        let title = "Keychain Access Required"
-        let message = [
-            "CodexBar will ask macOS Keychain for “\(context.label)” so it can decrypt browser cookies",
-            "and authenticate your account. Click OK to continue.",
-        ].joined(separator: " ")
+        let title = L("Keychain Access Required")
+        let message = L(
+            KeychainPromptMessage.browserCookie,
+            context.label)
         self.log.info("Browser cookie keychain prompt requested", metadata: ["label": context.label])
         self.presentAlert(title: title, message: message)
     }
 
     private static func keychainCopy(for context: KeychainPromptContext) -> (title: String, message: String) {
-        let title = "Keychain Access Required"
+        let title = L("Keychain Access Required")
         switch context.kind {
         case .claudeOAuth:
-            return (title, [
-                "CodexBar will ask macOS Keychain for the Claude Code OAuth token",
-                "so it can fetch your Claude usage. Click OK to continue.",
-            ].joined(separator: " "))
+            return (title, L(KeychainPromptMessage.claudeOAuth))
         case .codexCookie:
-            return (title, [
-                "CodexBar will ask macOS Keychain for your OpenAI cookie header",
-                "so it can fetch Codex dashboard extras. Click OK to continue.",
-            ].joined(separator: " "))
+            return (title, L(KeychainPromptMessage.codexCookie))
         case .claudeCookie:
-            return (title, [
-                "CodexBar will ask macOS Keychain for your Claude cookie header",
-                "so it can fetch Claude web usage. Click OK to continue.",
-            ].joined(separator: " "))
+            return (title, L(KeychainPromptMessage.claudeCookie))
         case .cursorCookie:
-            return (title, [
-                "CodexBar will ask macOS Keychain for your Cursor cookie header",
-                "so it can fetch usage. Click OK to continue.",
-            ].joined(separator: " "))
+            return (title, L(KeychainPromptMessage.cursorCookie))
         case .opencodeCookie:
-            return (title, [
-                "CodexBar will ask macOS Keychain for your OpenCode cookie header",
-                "so it can fetch usage. Click OK to continue.",
-            ].joined(separator: " "))
+            return (title, L(KeychainPromptMessage.openCodeCookie))
         case .factoryCookie:
-            return (title, [
-                "CodexBar will ask macOS Keychain for your Factory cookie header",
-                "so it can fetch usage. Click OK to continue.",
-            ].joined(separator: " "))
+            return (title, L(KeychainPromptMessage.factoryCookie))
         case .zaiToken:
-            return (title, [
-                "CodexBar will ask macOS Keychain for your z.ai API token",
-                "so it can fetch usage. Click OK to continue.",
-            ].joined(separator: " "))
+            return (title, L(KeychainPromptMessage.zaiToken))
         case .syntheticToken:
-            return (title, [
-                "CodexBar will ask macOS Keychain for your Synthetic API key",
-                "so it can fetch usage. Click OK to continue.",
-            ].joined(separator: " "))
+            return (title, L(KeychainPromptMessage.syntheticToken))
         case .copilotToken:
-            return (title, [
-                "CodexBar will ask macOS Keychain for your GitHub Copilot token",
-                "so it can fetch usage. Click OK to continue.",
-            ].joined(separator: " "))
+            return (title, L(KeychainPromptMessage.copilotToken))
         case .kimiToken:
-            return (title, [
-                "CodexBar will ask macOS Keychain for your Kimi auth token",
-                "so it can fetch usage. Click OK to continue.",
-            ].joined(separator: " "))
+            return (title, L(KeychainPromptMessage.kimiToken))
         case .kimiK2Token:
-            return (title, [
-                "CodexBar will ask macOS Keychain for your Kimi K2 API key",
-                "so it can fetch usage. Click OK to continue.",
-            ].joined(separator: " "))
+            return (title, L(KeychainPromptMessage.kimiK2Token))
         case .minimaxCookie:
-            return (title, [
-                "CodexBar will ask macOS Keychain for your MiniMax cookie header",
-                "so it can fetch usage. Click OK to continue.",
-            ].joined(separator: " "))
+            return (title, L(KeychainPromptMessage.minimaxCookie))
         case .minimaxToken:
-            return (title, [
-                "CodexBar will ask macOS Keychain for your MiniMax API token",
-                "so it can fetch usage. Click OK to continue.",
-            ].joined(separator: " "))
+            return (title, L(KeychainPromptMessage.minimaxToken))
         case .augmentCookie:
-            return (title, [
-                "CodexBar will ask macOS Keychain for your Augment cookie header",
-                "so it can fetch usage. Click OK to continue.",
-            ].joined(separator: " "))
+            return (title, L(KeychainPromptMessage.augmentCookie))
         case .ampCookie:
-            return (title, [
-                "CodexBar will ask macOS Keychain for your Amp cookie header",
-                "so it can fetch usage. Click OK to continue.",
-            ].joined(separator: " "))
+            return (title, L(KeychainPromptMessage.ampCookie))
         }
     }
 
@@ -132,9 +138,9 @@ enum KeychainPromptCoordinator {
     @MainActor
     private static func showAlert(title: String, message: String) {
         let alert = NSAlert()
-        alert.messageText = title
-        alert.informativeText = message
-        alert.addButton(withTitle: "OK")
+        alert.messageText = L(title)
+        alert.informativeText = L(message)
+        alert.addButton(withTitle: L("OK"))
         _ = alert.runModal()
     }
 }
diff --git a/Sources/CodexBar/KimiK2TokenStore.swift b/Sources/CodexBar/KimiK2TokenStore.swift
index 9ad23c028..ed3cf55aa 100644
--- a/Sources/CodexBar/KimiK2TokenStore.swift
+++ b/Sources/CodexBar/KimiK2TokenStore.swift
@@ -28,6 +28,10 @@ struct KeychainKimiK2TokenStore: KimiK2TokenStoring {
     private let account = "kimi-k2-api-token"
 
     func loadToken() throws -> String? {
+        guard !KeychainAccessGate.isDisabled else {
+            Self.log.debug("Keychain access disabled; skipping token load")
+            return nil
+        }
         var result: CFTypeRef?
         let query: [String: Any] = [
             kSecClass as String: kSecClassGenericPassword,
@@ -66,6 +70,10 @@ struct KeychainKimiK2TokenStore: KimiK2TokenStoring {
     }
 
     func storeToken(_ token: String?) throws {
+        guard !KeychainAccessGate.isDisabled else {
+            Self.log.debug("Keychain access disabled; skipping token store")
+            return
+        }
         let cleaned = token?.trimmingCharacters(in: .whitespacesAndNewlines)
         if cleaned == nil || cleaned?.isEmpty == true {
             try self.deleteTokenIfPresent()
@@ -104,6 +112,7 @@ struct KeychainKimiK2TokenStore: KimiK2TokenStoring {
     }
 
     private func deleteTokenIfPresent() throws {
+        guard !KeychainAccessGate.isDisabled else { return }
         let query: [String: Any] = [
             kSecClass as String: kSecClassGenericPassword,
             kSecAttrService as String: self.service,
diff --git a/Sources/CodexBar/Localization.swift b/Sources/CodexBar/Localization.swift
new file mode 100644
index 000000000..8fbdf3217
--- /dev/null
+++ b/Sources/CodexBar/Localization.swift
@@ -0,0 +1,152 @@
+import CodexBarCore
+import Foundation
+
+enum CodexBarLocalizationOverride {
+    @TaskLocal static var appLanguage: String?
+}
+
+private func appLanguageDefaults() -> UserDefaults {
+    if Bundle.main.bundleIdentifier != nil {
+        return .standard
+    }
+    if UserDefaults.standard.object(forKey: "appLanguage") != nil {
+        return .standard
+    }
+    // Fallback for running outside a .app bundle (swift run / debug builds)
+    return UserDefaults(suiteName: "CodexBar") ?? .standard
+}
+
+private func isRunningTestsProcess() -> Bool {
+    let env = ProcessInfo.processInfo.environment
+    if env["XCTestConfigurationFilePath"] != nil { return true }
+    if env["TESTING_LIBRARY_VERSION"] != nil { return true }
+    if env["SWIFT_TESTING"] != nil { return true }
+    return NSClassFromString("XCTestCase") != nil
+}
+
+private let standardAppLanguageAtProcessStart = UserDefaults.standard.string(forKey: "appLanguage")
+
+private func resolvedAppLanguage() -> String {
+    if let override = CodexBarLocalizationOverride.appLanguage {
+        return override
+    }
+    if isRunningTestsProcess() {
+        let current = UserDefaults.standard.string(forKey: "appLanguage")
+        return current == standardAppLanguageAtProcessStart ? "en" : current ?? ""
+    }
+    return appLanguageDefaults().string(forKey: "appLanguage") ?? ""
+}
+
+func codexBarLocalizationSignature() -> String {
+    resolvedAppLanguage()
+}
+
+func codexBarLocalizationResourceBundle(
+    mainBundle: Bundle = .main,
+    bundleName: String = "CodexBar_CodexBar") -> Bundle
+{
+    guard mainBundle.bundleURL.pathExtension == "app" else {
+        return Bundle.module
+    }
+
+    if let url = mainBundle.url(forResource: bundleName, withExtension: "bundle"),
+       let bundle = Bundle(url: url)
+    {
+        return bundle
+    }
+
+    if let resourceURL = mainBundle.resourceURL?.absoluteURL,
+       let bundle = Bundle(url: resourceURL.appendingPathComponent("\(bundleName).bundle"))
+    {
+        return bundle
+    }
+
+    return mainBundle
+}
+
+private func localizedBundle() -> Bundle {
+    let resourceBundle = codexBarLocalizationResourceBundle()
+    let language = resolvedAppLanguage()
+    if !language.isEmpty {
+        if let bundle = lprojBundle(named: language, in: resourceBundle) {
+            return bundle
+        }
+    } else {
+        // System mode: follow macOS language preferences
+        if let preferred = resourceBundle.preferredLocalizations.first,
+           let bundle = lprojBundle(named: preferred, in: resourceBundle)
+        {
+            return bundle
+        }
+    }
+    // Fallback to en.lproj
+    if let path = resourceBundle.path(forResource: "en", ofType: "lproj"),
+       let bundle = Bundle(path: path)
+    {
+        return bundle
+    }
+    return resourceBundle
+}
+
+private func lprojBundle(named language: String, in resourceBundle: Bundle) -> Bundle? {
+    let candidates = [language, language.lowercased()]
+    for candidate in candidates where !candidate.isEmpty {
+        if let path = resourceBundle.path(forResource: candidate, ofType: "lproj"),
+           let bundle = Bundle(path: path)
+        {
+            return bundle
+        }
+    }
+    return nil
+}
+
+func L(_ key: String) -> String {
+    let resourceBundle = codexBarLocalizationResourceBundle()
+    return codexBarLocalizedString(key, bundle: localizedBundle(), resourceBundle: resourceBundle)
+}
+
+func L(_ key: String, _ arguments: CVarArg...) -> String {
+    String(format: L(key), arguments: arguments)
+}
+
+func codexBarLocalizedLocale() -> Locale {
+    let language = resolvedAppLanguage()
+    guard !language.isEmpty else { return .current }
+    switch language.lowercased() {
+    case "zh-hans":
+        return Locale(identifier: "zh-Hans")
+    case "zh-hant":
+        return Locale(identifier: "zh-Hant")
+    case "pt-br":
+        return Locale(identifier: "pt-BR")
+    default:
+        return Locale(identifier: language)
+    }
+}
+
+func codexBarLocalizedString(_ key: String, bundle: Bundle, resourceBundle: Bundle) -> String {
+    let value = bundle.localizedString(forKey: key, value: nil, table: nil)
+    let trimmed = value.trimmingCharacters(in: .whitespacesAndNewlines)
+    if !trimmed.isEmpty, value != key {
+        return value
+    }
+
+    guard bundle.bundleURL.lastPathComponent != "en.lproj",
+          let englishBundle = lprojBundle(named: "en", in: resourceBundle)
+    else {
+        return trimmed.isEmpty ? key : value
+    }
+
+    let fallback = englishBundle.localizedString(forKey: key, value: nil, table: nil)
+    return fallback.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty ? key : fallback
+}
+
+func configureUsageFormatterLocalizationProvider() {
+    UsageFormatter.setLocalizationProvider { key in
+        let resourceBundle = codexBarLocalizationResourceBundle()
+        return codexBarLocalizedString(key, bundle: localizedBundle(), resourceBundle: resourceBundle)
+    }
+    UsageFormatter.setLocaleProvider {
+        codexBarLocalizedLocale()
+    }
+}
diff --git a/Sources/CodexBar/ManagedCodexAccountCoordinator.swift b/Sources/CodexBar/ManagedCodexAccountCoordinator.swift
new file mode 100644
index 000000000..066a25532
--- /dev/null
+++ b/Sources/CodexBar/ManagedCodexAccountCoordinator.swift
@@ -0,0 +1,61 @@
+import CodexBarCore
+import Foundation
+import Observation
+
+enum ManagedCodexAccountCoordinatorError: Error, Equatable {
+    case authenticationInProgress
+}
+
+@MainActor
+@Observable
+final class ManagedCodexAccountCoordinator {
+    let service: ManagedCodexAccountService
+    private(set) var isAuthenticatingManagedAccount: Bool = false
+    private(set) var authenticatingManagedAccountID: UUID?
+    private(set) var isRemovingManagedAccount: Bool = false
+    private(set) var removingManagedAccountID: UUID?
+    var onManagedAccountsDidChange: (@MainActor () -> Void)?
+
+    var hasConflictingManagedAccountOperationInFlight: Bool {
+        self.isAuthenticatingManagedAccount || self.isRemovingManagedAccount
+    }
+
+    init(service: ManagedCodexAccountService = ManagedCodexAccountService()) {
+        self.service = service
+    }
+
+    func authenticateManagedAccount(
+        existingAccountID: UUID? = nil,
+        timeout: TimeInterval = 120)
+        async throws -> ManagedCodexAccount
+    {
+        guard self.isAuthenticatingManagedAccount == false else {
+            throw ManagedCodexAccountCoordinatorError.authenticationInProgress
+        }
+
+        self.isAuthenticatingManagedAccount = true
+        self.authenticatingManagedAccountID = existingAccountID
+        defer {
+            self.isAuthenticatingManagedAccount = false
+            self.authenticatingManagedAccountID = nil
+        }
+
+        let account = try await self.service.authenticateManagedAccount(
+            existingAccountID: existingAccountID,
+            timeout: timeout)
+        self.onManagedAccountsDidChange?()
+        return account
+    }
+
+    func removeManagedAccount(id: UUID) async throws {
+        self.isRemovingManagedAccount = true
+        self.removingManagedAccountID = id
+        defer {
+            self.isRemovingManagedAccount = false
+            self.removingManagedAccountID = nil
+        }
+
+        try await self.service.removeManagedAccount(id: id)
+        self.onManagedAccountsDidChange?()
+    }
+}
diff --git a/Sources/CodexBar/ManagedCodexAccountService.swift b/Sources/CodexBar/ManagedCodexAccountService.swift
new file mode 100644
index 000000000..b4ba6cee1
--- /dev/null
+++ b/Sources/CodexBar/ManagedCodexAccountService.swift
@@ -0,0 +1,497 @@
+import AppKit
+import CodexBarCore
+import Foundation
+
+protocol ManagedCodexHomeProducing: Sendable {
+    func makeHomeURL() -> URL
+    func validateManagedHomeForDeletion(_ url: URL) throws
+}
+
+protocol ManagedCodexLoginRunning: Sendable {
+    func run(homePath: String, timeout: TimeInterval) async -> CodexLoginRunner.Result
+}
+
+protocol ManagedCodexIdentityReading: Sendable {
+    func loadAccountIdentity(homePath: String) throws -> CodexAuthBackedAccount
+}
+
+protocol ManagedCodexWorkspaceResolving: Sendable {
+    func resolveWorkspaceIdentity(homePath: String, providerAccountID: String) async -> CodexOpenAIWorkspaceIdentity?
+    func availableWorkspaceIdentities(homePath: String) async -> [CodexOpenAIWorkspaceIdentity]
+}
+
+extension ManagedCodexWorkspaceResolving {
+    func availableWorkspaceIdentities(homePath _: String) async -> [CodexOpenAIWorkspaceIdentity] {
+        []
+    }
+}
+
+protocol ManagedCodexWorkspaceSelecting: Sendable {
+    @MainActor
+    func selectWorkspace(
+        email: String,
+        currentWorkspaceID: String?,
+        workspaces: [CodexOpenAIWorkspaceIdentity]) async -> CodexOpenAIWorkspaceIdentity?
+}
+
+enum ManagedCodexAccountServiceError: Error, Equatable {
+    case loginFailed(CodexLoginRunner.Result)
+    case missingEmail
+    case workspaceSelectionCancelled
+    case unsafeManagedHome(String)
+}
+
+extension ManagedCodexAccountServiceError {
+    var userFacingMessage: String {
+        switch self {
+        case let .loginFailed(result):
+            CodexLoginAlertPresentation.managedLoginFailureMessage(for: result)
+        case .missingEmail:
+            L("managed_login_missing_email")
+        case .workspaceSelectionCancelled:
+            L("workspace_selection_cancelled")
+        case let .unsafeManagedHome(path):
+            String(format: L("unsafe_managed_home"), path)
+        }
+    }
+}
+
+struct ManagedCodexHomeFactory: ManagedCodexHomeProducing {
+    let root: URL
+
+    init(root: URL = Self.defaultRootURL(), fileManager: FileManager = .default) {
+        let standardizedRoot = root.standardizedFileURL
+        if standardizedRoot.path != root.path {
+            self.root = standardizedRoot
+        } else {
+            self.root = root
+        }
+        _ = fileManager
+    }
+
+    func makeHomeURL() -> URL {
+        self.root.appendingPathComponent(UUID().uuidString, isDirectory: true)
+    }
+
+    func validateManagedHomeForDeletion(_ url: URL) throws {
+        let rootPath = self.root.standardizedFileURL.path
+        let targetPath = url.standardizedFileURL.path
+        let rootPrefix = rootPath.hasSuffix("/") ? rootPath : rootPath + "/"
+        guard targetPath.hasPrefix(rootPrefix), targetPath != rootPath else {
+            throw ManagedCodexAccountServiceError.unsafeManagedHome(url.path)
+        }
+    }
+
+    static func defaultRootURL(fileManager: FileManager = .default) -> URL {
+        let base = fileManager.urls(for: .applicationSupportDirectory, in: .userDomainMask).first
+            ?? fileManager.homeDirectoryForCurrentUser
+        return base
+            .appendingPathComponent("CodexBar", isDirectory: true)
+            .appendingPathComponent("managed-codex-homes", isDirectory: true)
+    }
+}
+
+struct DefaultManagedCodexLoginRunner: ManagedCodexLoginRunning {
+    func run(homePath: String, timeout: TimeInterval) async -> CodexLoginRunner.Result {
+        await CodexLoginRunner.run(homePath: homePath, timeout: timeout)
+    }
+}
+
+struct DefaultManagedCodexIdentityReader: ManagedCodexIdentityReading {
+    func loadAccountIdentity(homePath: String) throws -> CodexAuthBackedAccount {
+        let env = CodexHomeScope.scopedEnvironment(
+            base: ProcessInfo.processInfo.environment,
+            codexHome: homePath)
+        return UsageFetcher(environment: env).loadAuthBackedCodexAccount()
+    }
+}
+
+struct DefaultManagedCodexWorkspaceResolver: ManagedCodexWorkspaceResolving {
+    private let workspaceCache: CodexOpenAIWorkspaceIdentityCache
+
+    init(
+        workspaceCache: CodexOpenAIWorkspaceIdentityCache = CodexOpenAIWorkspaceIdentityCache())
+    {
+        self.workspaceCache = workspaceCache
+    }
+
+    func resolveWorkspaceIdentity(homePath: String, providerAccountID: String) async -> CodexOpenAIWorkspaceIdentity? {
+        let normalizedProviderAccountID = ManagedCodexAccount.normalizeProviderAccountID(providerAccountID)
+            ?? providerAccountID
+        let env = CodexHomeScope.scopedEnvironment(
+            base: ProcessInfo.processInfo.environment,
+            codexHome: homePath)
+
+        if let credentials = try? CodexOAuthCredentialsStore.load(env: env),
+           let authoritativeIdentity = try? await CodexOpenAIWorkspaceResolver.resolve(credentials: credentials)
+        {
+            try? self.workspaceCache.store(authoritativeIdentity)
+            return authoritativeIdentity
+        }
+
+        let cachedLabel = self.workspaceCache.workspaceLabel(for: normalizedProviderAccountID)
+        return CodexOpenAIWorkspaceIdentity(
+            workspaceAccountID: normalizedProviderAccountID,
+            workspaceLabel: cachedLabel)
+    }
+
+    func availableWorkspaceIdentities(homePath: String) async -> [CodexOpenAIWorkspaceIdentity] {
+        let env = CodexHomeScope.scopedEnvironment(
+            base: ProcessInfo.processInfo.environment,
+            codexHome: homePath)
+        guard let credentials = try? CodexOAuthCredentialsStore.load(env: env),
+              let identities = try? await CodexOpenAIWorkspaceResolver.listWorkspaces(credentials: credentials)
+        else {
+            return []
+        }
+
+        for identity in identities {
+            try? self.workspaceCache.store(identity)
+        }
+        return identities
+    }
+}
+
+struct CodexWorkspaceAlertSelector: ManagedCodexWorkspaceSelecting {
+    @MainActor
+    func selectWorkspace(
+        email: String,
+        currentWorkspaceID: String?,
+        workspaces: [CodexOpenAIWorkspaceIdentity]) async -> CodexOpenAIWorkspaceIdentity?
+    {
+        guard workspaces.count > 1 else { return workspaces.first }
+
+        let popup = NSPopUpButton(frame: NSRect(x: 0, y: 0, width: 360, height: 26), pullsDown: false)
+        let sortedWorkspaces = workspaces.sorted { lhs, rhs in
+            self.workspaceTitle(lhs) < self.workspaceTitle(rhs)
+        }
+        for workspace in sortedWorkspaces {
+            popup.addItem(withTitle: self.workspaceTitle(workspace))
+            popup.lastItem?.representedObject = workspace.workspaceAccountID
+        }
+        if let currentWorkspaceID,
+           let selectedIndex = sortedWorkspaces.firstIndex(where: { $0.workspaceAccountID == currentWorkspaceID })
+        {
+            popup.selectItem(at: selectedIndex)
+        }
+
+        let alert = NSAlert()
+        alert.messageText = L("Choose Codex workspace")
+        alert.informativeText = String(format: L("multiple_workspaces_found"), email)
+        alert.alertStyle = .informational
+        alert.accessoryView = popup
+        alert.addButton(withTitle: L("Add Workspace"))
+        alert.addButton(withTitle: L("Cancel"))
+
+        guard alert.runModal() == .alertFirstButtonReturn else {
+            return nil
+        }
+        let selectedWorkspaceID = popup.selectedItem?.representedObject as? String
+        return sortedWorkspaces.first { $0.workspaceAccountID == selectedWorkspaceID }
+    }
+
+    private func workspaceTitle(_ workspace: CodexOpenAIWorkspaceIdentity) -> String {
+        workspace.workspaceLabel ?? workspace.workspaceAccountID
+    }
+}
+
+@MainActor
+final class ManagedCodexAccountService {
+    private let store: any ManagedCodexAccountStoring
+    private let homeFactory: any ManagedCodexHomeProducing
+    private let loginRunner: any ManagedCodexLoginRunning
+    private let identityReader: any ManagedCodexIdentityReading
+    private let workspaceResolver: any ManagedCodexWorkspaceResolving
+    private let workspaceSelector: any ManagedCodexWorkspaceSelecting
+    private let fileManager: FileManager
+
+    init(
+        store: any ManagedCodexAccountStoring,
+        homeFactory: any ManagedCodexHomeProducing,
+        loginRunner: any ManagedCodexLoginRunning,
+        identityReader: any ManagedCodexIdentityReading,
+        workspaceResolver: any ManagedCodexWorkspaceResolving = DefaultManagedCodexWorkspaceResolver(),
+        workspaceSelector: any ManagedCodexWorkspaceSelecting = CodexWorkspaceAlertSelector(),
+        fileManager: FileManager = .default)
+    {
+        self.store = store
+        self.homeFactory = homeFactory
+        self.loginRunner = loginRunner
+        self.identityReader = identityReader
+        self.workspaceResolver = workspaceResolver
+        self.workspaceSelector = workspaceSelector
+        self.fileManager = fileManager
+    }
+
+    convenience init(fileManager: FileManager = .default) {
+        self.init(
+            store: FileManagedCodexAccountStore(fileManager: fileManager),
+            homeFactory: ManagedCodexHomeFactory(fileManager: fileManager),
+            loginRunner: DefaultManagedCodexLoginRunner(),
+            identityReader: DefaultManagedCodexIdentityReader(),
+            workspaceResolver: DefaultManagedCodexWorkspaceResolver(),
+            workspaceSelector: CodexWorkspaceAlertSelector(),
+            fileManager: fileManager)
+    }
+
+    func authenticateManagedAccount(
+        existingAccountID: UUID? = nil,
+        timeout: TimeInterval = 120)
+        async throws -> ManagedCodexAccount
+    {
+        let snapshot = try self.store.loadAccounts()
+        let homeURL = self.homeFactory.makeHomeURL()
+        try self.fileManager.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        let account: ManagedCodexAccount
+        let existingHomePathsToDelete: [String]
+
+        do {
+            let result = await self.loginRunner.run(homePath: homeURL.path, timeout: timeout)
+            guard case .success = result.outcome else { throw ManagedCodexAccountServiceError.loginFailed(result) }
+
+            let identity = try self.identityReader.loadAccountIdentity(homePath: homeURL.path)
+            guard let rawEmail = identity.email?.trimmingCharacters(in: .whitespacesAndNewlines),
+                  !rawEmail.isEmpty
+            else {
+                throw ManagedCodexAccountServiceError.missingEmail
+            }
+            let authenticatedProviderAccountID: String? = switch identity.identity {
+            case let .providerAccount(id):
+                ManagedCodexAccount.normalizeProviderAccountID(id)
+            case .emailOnly, .unresolved:
+                nil
+            }
+            let selectedWorkspace = try await self.selectedWorkspaceIdentity(
+                email: rawEmail,
+                homePath: homeURL.path,
+                authenticatedProviderAccountID: authenticatedProviderAccountID)
+            let providerAccountID = selectedWorkspace?.workspaceAccountID ?? authenticatedProviderAccountID
+            let workspaceIdentity: CodexOpenAIWorkspaceIdentity? = if let selectedWorkspace {
+                selectedWorkspace
+            } else {
+                await self.resolvedWorkspaceIdentity(
+                    homePath: homeURL.path,
+                    providerAccountID: providerAccountID)
+            }
+
+            let now = Date().timeIntervalSince1970
+            let existing = self.reconciledExistingAccount(
+                authenticatedEmail: rawEmail,
+                providerAccountID: providerAccountID,
+                existingAccountID: existingAccountID,
+                snapshot: snapshot)
+            let persistedMetadata = self.persistedProviderMetadata(
+                authenticatedProviderAccountID: providerAccountID,
+                resolvedWorkspaceIdentity: workspaceIdentity,
+                existingAccount: existing)
+
+            account = ManagedCodexAccount(
+                id: existing?.id ?? UUID(),
+                email: rawEmail,
+                providerAccountID: persistedMetadata.providerAccountID,
+                workspaceLabel: persistedMetadata.workspaceLabel,
+                workspaceAccountID: persistedMetadata.workspaceAccountID,
+                authFingerprint: CodexAuthFingerprint.fingerprint(
+                    homePath: homeURL.path,
+                    fileManager: self.fileManager),
+                managedHomePath: homeURL.path,
+                createdAt: existing?.createdAt ?? now,
+                updatedAt: now,
+                lastAuthenticatedAt: now)
+            let replacedAccountIDs = self.replacedAccountIDs(
+                authenticatedEmail: rawEmail,
+                providerAccountID: providerAccountID,
+                existingAccountID: existingAccountID,
+                matchedAccountID: existing?.id,
+                snapshot: snapshot)
+            existingHomePathsToDelete = snapshot.accounts
+                .filter { replacedAccountIDs.contains($0.id) }
+                .map(\.managedHomePath)
+
+            let updatedSnapshot = ManagedCodexAccountSet(
+                version: snapshot.version,
+                accounts: snapshot.accounts.filter { replacedAccountIDs.contains($0.id) == false } + [account])
+            try self.store.storeAccounts(updatedSnapshot)
+        } catch {
+            try? self.removeManagedHomeIfSafe(atPath: homeURL.path)
+            throw error
+        }
+
+        for existingHomePathToDelete in existingHomePathsToDelete where existingHomePathToDelete != homeURL.path {
+            try? self.removeManagedHomeIfSafe(atPath: existingHomePathToDelete)
+        }
+        return account
+    }
+
+    func removeManagedAccount(id: UUID) async throws {
+        let snapshot = try self.store.loadAccounts()
+        guard let account = snapshot.account(id: id) else { return }
+
+        let homeURL = URL(fileURLWithPath: account.managedHomePath, isDirectory: true)
+        let canDeleteHome = (try? self.homeFactory.validateManagedHomeForDeletion(homeURL)) != nil
+
+        let remaining = snapshot.accounts.filter { $0.id != id }
+        try self.store.storeAccounts(ManagedCodexAccountSet(
+            version: snapshot.version,
+            accounts: remaining))
+
+        if canDeleteHome, self.fileManager.fileExists(atPath: homeURL.path) {
+            try? self.fileManager.removeItem(at: homeURL)
+        }
+    }
+
+    private func removeManagedHomeIfSafe(atPath path: String) throws {
+        let homeURL = URL(fileURLWithPath: path, isDirectory: true)
+        try self.homeFactory.validateManagedHomeForDeletion(homeURL)
+        if self.fileManager.fileExists(atPath: homeURL.path) {
+            try self.fileManager.removeItem(at: homeURL)
+        }
+    }
+
+    private func selectedWorkspaceIdentity(
+        email: String,
+        homePath: String,
+        authenticatedProviderAccountID: String?) async throws -> CodexOpenAIWorkspaceIdentity?
+    {
+        let workspaces = await self.workspaceResolver.availableWorkspaceIdentities(homePath: homePath)
+        guard workspaces.count > 1 else {
+            return workspaces.first { $0.workspaceAccountID == authenticatedProviderAccountID }
+        }
+        guard let selected = await self.workspaceSelector.selectWorkspace(
+            email: email,
+            currentWorkspaceID: authenticatedProviderAccountID,
+            workspaces: workspaces)
+        else {
+            throw ManagedCodexAccountServiceError.workspaceSelectionCancelled
+        }
+        try self.persistSelectedWorkspaceID(selected.workspaceAccountID, homePath: homePath)
+        return selected
+    }
+
+    private func resolvedWorkspaceIdentity(
+        homePath: String,
+        providerAccountID: String?) async -> CodexOpenAIWorkspaceIdentity?
+    {
+        guard let providerAccountID else { return nil }
+        return await self.workspaceResolver.resolveWorkspaceIdentity(
+            homePath: homePath,
+            providerAccountID: providerAccountID)
+    }
+
+    private func persistSelectedWorkspaceID(_ workspaceID: String, homePath: String) throws {
+        let env = CodexHomeScope.scopedEnvironment(
+            base: ProcessInfo.processInfo.environment,
+            codexHome: homePath)
+        let credentials = try CodexOAuthCredentialsStore.load(env: env)
+        try CodexOAuthCredentialsStore.save(
+            CodexOAuthCredentials(
+                accessToken: credentials.accessToken,
+                refreshToken: credentials.refreshToken,
+                idToken: credentials.idToken,
+                accountId: workspaceID,
+                lastRefresh: credentials.lastRefresh),
+            env: env)
+    }
+
+    private func reconciledExistingAccount(
+        authenticatedEmail: String,
+        providerAccountID: String?,
+        existingAccountID: UUID?,
+        snapshot: ManagedCodexAccountSet)
+        -> ManagedCodexAccount?
+    {
+        if let providerAccountID,
+           let existingByProviderAccountID = snapshot.account(
+               email: authenticatedEmail,
+               providerAccountID: providerAccountID)
+        {
+            return existingByProviderAccountID
+        }
+        if let existingAccountID,
+           let existingByID = snapshot.account(id: existingAccountID),
+           existingByID.email == Self.normalizeEmail(authenticatedEmail),
+           providerAccountID == nil || existingByID.providerAccountID == nil
+        {
+            return existingByID
+        }
+        guard providerAccountID == nil else {
+            return nil
+        }
+        // Email-only reconciliation is a legacy/hardening fallback. Once an auth payload carries a
+        // provider account ID, matching must stay on that ID so same-email workspaces can coexist.
+        return snapshot.account(email: authenticatedEmail)
+    }
+
+    private func replacedAccountIDs(
+        authenticatedEmail: String,
+        providerAccountID: String?,
+        existingAccountID: UUID?,
+        matchedAccountID: UUID?,
+        snapshot: ManagedCodexAccountSet) -> Set<UUID>
+    {
+        var ids: Set<UUID> = []
+        let normalizedEmail = Self.normalizeEmail(authenticatedEmail)
+        if let matchedAccountID {
+            ids.insert(matchedAccountID)
+        }
+
+        if providerAccountID != nil {
+            let legacySameEmailIDs = snapshot.accounts
+                .filter {
+                    $0.id != matchedAccountID &&
+                        $0.providerAccountID == nil &&
+                        $0.email == normalizedEmail
+                }
+                .map(\.id)
+            ids.formUnion(legacySameEmailIDs)
+        }
+
+        guard let existingAccountID,
+              existingAccountID != matchedAccountID,
+              let existingByID = snapshot.account(id: existingAccountID)
+        else {
+            return ids
+        }
+
+        if existingByID.providerAccountID == nil,
+           existingByID.email == normalizedEmail,
+           providerAccountID != nil
+        {
+            ids.insert(existingAccountID)
+        }
+        return ids
+    }
+
+    private static func normalizeEmail(_ email: String) -> String {
+        email.trimmingCharacters(in: .whitespacesAndNewlines).lowercased()
+    }
+
+    private func persistedProviderMetadata(
+        authenticatedProviderAccountID: String?,
+        resolvedWorkspaceIdentity: CodexOpenAIWorkspaceIdentity?,
+        existingAccount: ManagedCodexAccount?) -> (
+        providerAccountID: String?,
+        workspaceLabel: String?,
+        workspaceAccountID: String?)
+    {
+        if let authenticatedProviderAccountID {
+            let isExistingProviderMatch = existingAccount?.providerAccountID == authenticatedProviderAccountID
+            return (
+                providerAccountID: authenticatedProviderAccountID,
+                workspaceLabel: resolvedWorkspaceIdentity?.workspaceLabel
+                    ?? (isExistingProviderMatch ? existingAccount?.workspaceLabel : nil),
+                workspaceAccountID: resolvedWorkspaceIdentity?.workspaceAccountID ??
+                    (isExistingProviderMatch ? existingAccount?.workspaceAccountID : nil) ??
+                    authenticatedProviderAccountID)
+        }
+
+        guard let existingAccount, existingAccount.providerAccountID != nil else {
+            return (providerAccountID: nil, workspaceLabel: nil, workspaceAccountID: nil)
+        }
+
+        return (
+            providerAccountID: existingAccount.providerAccountID,
+            workspaceLabel: existingAccount.workspaceLabel,
+            workspaceAccountID: existingAccount.workspaceAccountID ?? existingAccount.providerAccountID)
+    }
+}
diff --git a/Sources/CodexBar/MenuBarDisplayMode.swift b/Sources/CodexBar/MenuBarDisplayMode.swift
index 0ce22d2ac..484d20969 100644
--- a/Sources/CodexBar/MenuBarDisplayMode.swift
+++ b/Sources/CodexBar/MenuBarDisplayMode.swift
@@ -12,34 +12,17 @@ enum MenuBarDisplayMode: String, CaseIterable, Identifiable {
 
     var label: String {
         switch self {
-        case .percent: "Percent"
-        case .pace: "Pace"
-        case .both: "Both"
+        case .percent: L("display_mode_percent")
+        case .pace: L("display_mode_pace")
+        case .both: L("display_mode_both")
         }
     }
 
     var description: String {
         switch self {
-        case .percent: "Show remaining/used percentage (e.g. 45%)"
-        case .pace: "Show pace indicator (e.g. +5%)"
-        case .both: "Show both percentage and pace (e.g. 45% · +5%)"
-        }
-    }
-}
-
-/// Controls which time window drives the percent and pace values in the menu bar.
-enum MenuBarTimeWindow: String, CaseIterable, Identifiable {
-    case session
-    case weekly
-
-    var id: String {
-        self.rawValue
-    }
-
-    var label: String {
-        switch self {
-        case .session: "Session"
-        case .weekly: "Weekly"
+        case .percent: L("display_mode_percent_desc")
+        case .pace: L("display_mode_pace_desc")
+        case .both: L("display_mode_both_desc")
         }
     }
 }
diff --git a/Sources/CodexBar/MenuBarDisplayText.swift b/Sources/CodexBar/MenuBarDisplayText.swift
index 14c317991..8e8c8f772 100644
--- a/Sources/CodexBar/MenuBarDisplayText.swift
+++ b/Sources/CodexBar/MenuBarDisplayText.swift
@@ -30,8 +30,8 @@ enum MenuBarDisplayText {
             return self.paceText(pace: pace)
         case .both:
             guard let percent = percentText(window: percentWindow, showUsed: showUsed) else { return nil }
-            let paceText: String? = Self.paceText(pace: pace)
-            guard let paceText else { return nil }
+            // Fall back to percent-only when pace is unavailable (e.g. Copilot)
+            guard let paceText = Self.paceText(pace: pace) else { return percent }
             return "\(percent)\(separatorStyle.separator)\(paceText)"
         }
     }
diff --git a/Sources/CodexBar/MenuBarMetricWindowResolver.swift b/Sources/CodexBar/MenuBarMetricWindowResolver.swift
new file mode 100644
index 000000000..520878d4d
--- /dev/null
+++ b/Sources/CodexBar/MenuBarMetricWindowResolver.swift
@@ -0,0 +1,178 @@
+import CodexBarCore
+import Foundation
+
+enum MenuBarMetricWindowResolver {
+    private enum Lane {
+        case primary
+        case secondary
+        case tertiary
+    }
+
+    static func rateWindow(
+        preference: MenuBarMetricPreference,
+        provider: UsageProvider,
+        snapshot: UsageSnapshot?,
+        supportsAverage: Bool)
+        -> RateWindow?
+    {
+        guard let snapshot else { return nil }
+        switch preference {
+        case .extraUsage:
+            return Self.extraUsageWindow(snapshot: snapshot)
+        case .tertiary:
+            return Self.window(in: snapshot, following: Self.tertiaryOrder(for: provider))
+        case .primary:
+            return Self.window(in: snapshot, following: Self.primaryOrder(for: provider))
+        case .secondary:
+            return Self.window(in: snapshot, following: Self.secondaryOrder(for: provider))
+        case .average:
+            return Self.averageWindow(provider: provider, snapshot: snapshot, supportsAverage: supportsAverage)
+        case .automatic:
+            return Self.automaticWindow(provider: provider, snapshot: snapshot)
+        }
+    }
+
+    private static func tertiaryOrder(for provider: UsageProvider) -> [Lane] {
+        if provider == .zai {
+            return [.tertiary, .primary, .secondary]
+        }
+        if provider == .perplexity || provider == .cursor || provider == .antigravity {
+            return [.tertiary, .secondary, .primary]
+        }
+        return [.primary, .secondary]
+    }
+
+    private static func primaryOrder(for provider: UsageProvider) -> [Lane] {
+        if provider == .zai {
+            return [.primary, .tertiary, .secondary]
+        }
+        if provider == .perplexity || provider == .antigravity {
+            return [.primary, .secondary, .tertiary]
+        }
+        return [.primary, .secondary]
+    }
+
+    private static func secondaryOrder(for provider: UsageProvider) -> [Lane] {
+        if provider == .zai || provider == .antigravity {
+            return [.secondary, .primary, .tertiary]
+        }
+        if provider == .perplexity {
+            return [.secondary, .tertiary, .primary]
+        }
+        return [.secondary, .primary]
+    }
+
+    private static func averageWindow(
+        provider: UsageProvider,
+        snapshot: UsageSnapshot,
+        supportsAverage: Bool)
+        -> RateWindow?
+    {
+        guard supportsAverage,
+              let primary = snapshot.primary,
+              let secondary = snapshot.secondary
+        else {
+            if provider == .antigravity {
+                return self.window(in: snapshot, following: [.primary, .secondary, .tertiary])
+            }
+            return snapshot.primary ?? snapshot.secondary
+        }
+
+        let usedPercent = (primary.usedPercent + secondary.usedPercent) / 2
+        return RateWindow(usedPercent: usedPercent, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
+    }
+
+    private static func automaticWindow(provider: UsageProvider, snapshot: UsageSnapshot) -> RateWindow? {
+        if provider == .antigravity {
+            return self.window(in: snapshot, following: [.primary, .secondary, .tertiary])
+        }
+        if provider == .perplexity {
+            return snapshot.automaticPerplexityWindow()
+        }
+        if provider == .zai {
+            return self.mostConstrainedWindow(
+                primary: snapshot.primary,
+                secondary: snapshot.tertiary,
+                tertiary: nil) ?? snapshot.secondary
+        }
+        if provider == .factory || provider == .kimi {
+            return snapshot.secondary ?? snapshot.primary
+        }
+        if provider == .copilot,
+           let primary = snapshot.primary,
+           let secondary = snapshot.secondary
+        {
+            return primary.usedPercent >= secondary.usedPercent ? primary : secondary
+        }
+        if provider == .cursor {
+            return Self.mostConstrainedWindow(
+                primary: snapshot.primary,
+                secondary: snapshot.secondary,
+                tertiary: snapshot.tertiary)
+        }
+        if provider == .claude,
+           Self.shouldUseClaudeSpendLimit(providerCost: snapshot.providerCost, snapshot: snapshot),
+           let extraUsage = Self.extraUsageWindow(snapshot: snapshot)
+        {
+            return extraUsage
+        }
+        return snapshot.primary ?? snapshot.secondary
+    }
+
+    private static func window(in snapshot: UsageSnapshot, following lanes: [Lane]) -> RateWindow? {
+        for lane in lanes {
+            if let window = self.window(in: snapshot, lane: lane) {
+                return window
+            }
+        }
+        return nil
+    }
+
+    private static func window(in snapshot: UsageSnapshot, lane: Lane) -> RateWindow? {
+        switch lane {
+        case .primary:
+            snapshot.primary
+        case .secondary:
+            snapshot.secondary
+        case .tertiary:
+            snapshot.tertiary
+        }
+    }
+
+    private static func mostConstrainedWindow(
+        primary: RateWindow?,
+        secondary: RateWindow?,
+        tertiary: RateWindow?)
+        -> RateWindow?
+    {
+        let windows = [primary, secondary, tertiary].compactMap(\.self)
+        guard !windows.isEmpty else { return nil }
+        return windows.max(by: { $0.usedPercent < $1.usedPercent })
+    }
+
+    private static func shouldUseClaudeSpendLimit(
+        providerCost: ProviderCostSnapshot?,
+        snapshot: UsageSnapshot)
+        -> Bool
+    {
+        guard providerCost?.limit ?? 0 > 0,
+              snapshot.secondary == nil,
+              snapshot.tertiary == nil
+        else { return false }
+        guard let primary = snapshot.primary else { return true }
+        return primary.usedPercent == 0
+            && primary.windowMinutes == 5 * 60
+            && primary.resetsAt == nil
+            && primary.resetDescription == nil
+    }
+
+    private static func extraUsageWindow(snapshot: UsageSnapshot?) -> RateWindow? {
+        guard let cost = snapshot?.providerCost, cost.limit > 0 else { return nil }
+        let usedPercent = max(0, min(100, (cost.used / cost.limit) * 100))
+        return RateWindow(
+            usedPercent: usedPercent,
+            windowMinutes: nil,
+            resetsAt: cost.resetsAt,
+            resetDescription: nil)
+    }
+}
diff --git a/Sources/CodexBar/MenuBarStatusItemDefaultsRepair.swift b/Sources/CodexBar/MenuBarStatusItemDefaultsRepair.swift
new file mode 100644
index 000000000..6e7c6cafd
--- /dev/null
+++ b/Sources/CodexBar/MenuBarStatusItemDefaultsRepair.swift
@@ -0,0 +1,45 @@
+import Foundation
+
+enum MenuBarStatusItemDefaultsRepair {
+    static let didRepairKey = "hasRepairedHiddenStatusItemVisibilityDefaults"
+    private static let visibilityPrefix = "NSStatusItem VisibleCC "
+    private static let legacyAutosavePrefix = "codexbar-"
+
+    static func repairHiddenVisibilityDefaultsIfNeeded(defaults: UserDefaults) -> [String] {
+        guard !defaults.bool(forKey: self.didRepairKey) else { return [] }
+
+        let repairedKeys = defaults.dictionaryRepresentation().keys
+            .filter { key in
+                self.shouldRepair(key: key, value: defaults.object(forKey: key))
+            }
+            .sorted()
+
+        for key in repairedKeys {
+            defaults.removeObject(forKey: key)
+        }
+        defaults.set(true, forKey: self.didRepairKey)
+        return repairedKeys
+    }
+
+    static func shouldRepair(key: String, value: Any?) -> Bool {
+        guard key.hasPrefix(self.visibilityPrefix), self.isFalse(value) else { return false }
+        let itemName = String(key.dropFirst(self.visibilityPrefix.count))
+        return itemName.hasPrefix(self.legacyAutosavePrefix) || self.isDefaultStatusItemName(itemName)
+    }
+
+    private static func isDefaultStatusItemName(_ itemName: String) -> Bool {
+        guard itemName.hasPrefix("Item-") else { return false }
+        return itemName.dropFirst("Item-".count).allSatisfy(\.isNumber)
+    }
+
+    private static func isFalse(_ value: Any?) -> Bool {
+        switch value {
+        case let number as NSNumber:
+            !number.boolValue
+        case let bool as Bool:
+            !bool
+        default:
+            false
+        }
+    }
+}
diff --git a/Sources/CodexBar/MenuBarVisibilityWatcher.swift b/Sources/CodexBar/MenuBarVisibilityWatcher.swift
new file mode 100644
index 000000000..ec4055e29
--- /dev/null
+++ b/Sources/CodexBar/MenuBarVisibilityWatcher.swift
@@ -0,0 +1,344 @@
+import AppKit
+import Foundation
+
+struct StatusItemVisibilitySnapshot: Equatable {
+    let isVisible: Bool
+    let hasButton: Bool
+    let hasWindow: Bool
+    let hasScreen: Bool
+    let isOnCurrentScreen: Bool
+    let buttonWidth: CGFloat
+
+    init(
+        isVisible: Bool,
+        hasButton: Bool,
+        hasWindow: Bool,
+        hasScreen: Bool,
+        isOnCurrentScreen: Bool = true,
+        buttonWidth: CGFloat)
+    {
+        self.isVisible = isVisible
+        self.hasButton = hasButton
+        self.hasWindow = hasWindow
+        self.hasScreen = hasScreen
+        self.isOnCurrentScreen = isOnCurrentScreen
+        self.buttonWidth = buttonWidth
+    }
+}
+
+extension StatusItemVisibilitySnapshot: CustomStringConvertible {
+    var description: String {
+        "visible=\(self.isVisible),button=\(self.hasButton),window=\(self.hasWindow),"
+            + "screen=\(self.hasScreen),currentScreen=\(self.isOnCurrentScreen),"
+            + "width=\(String(format: "%.1f", Double(self.buttonWidth)))"
+    }
+}
+
+@MainActor
+func isStatusItemBlocked(_ item: NSStatusItem) -> Bool {
+    MenuBarVisibilityWatcher.isBlockedSnapshot(snapshot: MenuBarVisibilityWatcher.visibilitySnapshot(item))
+}
+
+enum MenuBarVisibilityWatcher {
+    static let guidanceShownKey = "hasShownTahoeAllowListGuidance"
+    static let guidanceLastShownAtKey = "tahoeAllowListGuidanceLastShownAt"
+    static let guidanceRepeatInterval: TimeInterval = 24 * 60 * 60
+    static let startupFreshnessInterval: TimeInterval = 10
+    static let startupCheckDelay: TimeInterval = 2
+    static let screenChangeCheckDelay: Duration = .milliseconds(750)
+    static let screenChangeFollowUpDelay: Duration = .seconds(2)
+    static let settingsURL = URL(string: "x-apple.systempreferences:com.apple.MenuBarSettings")!
+
+    @MainActor
+    static func visibilitySnapshot(_ item: NSStatusItem) -> StatusItemVisibilitySnapshot {
+        let screen = item.button?.window?.screen
+        return StatusItemVisibilitySnapshot(
+            isVisible: item.isVisible,
+            hasButton: item.button != nil,
+            hasWindow: item.button?.window != nil,
+            hasScreen: screen != nil,
+            isOnCurrentScreen: screen.map(self.isCurrentScreen) ?? false,
+            buttonWidth: item.button?.frame.size.width ?? 0)
+    }
+
+    @MainActor
+    private static func isCurrentScreen(_ screen: NSScreen) -> Bool {
+        let screenNumber = self.screenNumber(screen)
+        return NSScreen.screens.contains { candidate in
+            if let screenNumber, let candidateNumber = self.screenNumber(candidate) {
+                return candidateNumber == screenNumber
+            }
+            return candidate === screen
+        }
+    }
+
+    private static func screenNumber(_ screen: NSScreen) -> NSNumber? {
+        screen.deviceDescription[NSDeviceDescriptionKey("NSScreenNumber")] as? NSNumber
+    }
+
+    static func isBlockedSnapshot(snapshot: StatusItemVisibilitySnapshot) -> Bool {
+        guard snapshot.isVisible else { return false }
+        guard snapshot.hasButton else { return true }
+        // Menu bar managers can park status-item windows off the current screen while preserving the
+        // underlying NSStatusItem. Recreating in that state makes those managers see a new item.
+        return !snapshot.hasWindow || snapshot.buttonWidth <= 0
+    }
+
+    static func isDisplacedSnapshot(snapshot: StatusItemVisibilitySnapshot) -> Bool {
+        guard snapshot.isVisible, snapshot.hasButton, snapshot.hasWindow, snapshot.buttonWidth > 0 else {
+            return false
+        }
+        return !snapshot.hasScreen || !snapshot.isOnCurrentScreen
+    }
+
+    static func hasBlockedVisibleSnapshots(_ snapshots: [StatusItemVisibilitySnapshot]) -> Bool {
+        let visibleItems = snapshots.filter(\.isVisible)
+        guard !visibleItems.isEmpty else { return false }
+        return visibleItems.allSatisfy { snapshot in
+            self.isBlockedSnapshot(snapshot: snapshot)
+        }
+    }
+
+    static func hasAnyBlockedVisibleSnapshot(_ snapshots: [StatusItemVisibilitySnapshot]) -> Bool {
+        snapshots.contains { snapshot in
+            snapshot.isVisible && self.isBlockedSnapshot(snapshot: snapshot)
+        }
+    }
+
+    static func hasAnyDisplacedVisibleSnapshot(_ snapshots: [StatusItemVisibilitySnapshot]) -> Bool {
+        snapshots.contains { snapshot in
+            self.isDisplacedSnapshot(snapshot: snapshot)
+        }
+    }
+
+    @MainActor
+    static func visibilitySnapshots(_ items: [NSStatusItem]) -> [StatusItemVisibilitySnapshot] {
+        items.map { item in
+            self.visibilitySnapshot(item)
+        }
+    }
+
+    @MainActor
+    static func hasBlockedVisibleStatusItems(_ items: [NSStatusItem]) -> Bool {
+        self.hasBlockedVisibleSnapshots(self.visibilitySnapshots(items))
+    }
+
+    static func shouldAttemptStartupRecovery(
+        appLaunchedAt: Date,
+        now: Date = Date(),
+        snapshots: [StatusItemVisibilitySnapshot])
+        -> Bool
+    {
+        guard now.timeIntervalSince(appLaunchedAt) <= self.startupFreshnessInterval else { return false }
+        return self.hasAnyBlockedVisibleSnapshot(snapshots)
+    }
+
+    static func shouldRefreshScreenChangePlacement(
+        previousScreenCount _: Int,
+        currentScreenCount _: Int,
+        snapshots: [StatusItemVisibilitySnapshot])
+        -> Bool
+    {
+        self.hasAnyDisplacedVisibleSnapshot(snapshots)
+    }
+
+    static func shouldAttemptScreenChangeRecovery(snapshots: [StatusItemVisibilitySnapshot]) -> Bool {
+        self.hasAnyBlockedVisibleSnapshot(snapshots)
+    }
+
+    static func shouldShowGuidance(defaults: UserDefaults, now: Date = Date()) -> Bool {
+        guard defaults.bool(forKey: self.guidanceShownKey) else { return true }
+        let lastShownAt = defaults.double(forKey: self.guidanceLastShownAtKey)
+        guard lastShownAt > 0 else { return false }
+        return now.timeIntervalSince1970 - lastShownAt >= self.guidanceRepeatInterval
+    }
+
+    static func markGuidanceShown(defaults: UserDefaults, now: Date = Date()) {
+        defaults.set(true, forKey: self.guidanceShownKey)
+        defaults.set(now.timeIntervalSince1970, forKey: self.guidanceLastShownAtKey)
+    }
+
+    @MainActor
+    static func presentGuidance(
+        defaults: UserDefaults,
+        now: Date = Date(),
+        openURL: (URL) -> Void = { NSWorkspace.shared.open($0) })
+    {
+        self.markGuidanceShown(defaults: defaults, now: now)
+
+        let alert = NSAlert()
+        alert.messageText = L("CodexBar can't show its menu bar icon")
+        alert.informativeText = L(
+            "macOS Tahoe can block menu bar apps in System Settings → Menu Bar → Allow in the Menu Bar. "
+                + "CodexBar is running, but macOS may be hiding its icon. Open Menu Bar settings and turn CodexBar on.")
+        alert.alertStyle = .warning
+        alert.addButton(withTitle: L("Open Menu Bar Settings"))
+        alert.addButton(withTitle: L("Dismiss"))
+
+        if alert.runModal() == .alertFirstButtonReturn {
+            openURL(self.settingsURL)
+        }
+    }
+}
+
+extension StatusItemController {
+    func scheduleStartupStatusItemVisibilityCheck(appLaunchedAt: Date = Date()) {
+        guard !SettingsStore.isRunningTests else { return }
+        DispatchQueue.main.asyncAfter(deadline: .now() + MenuBarVisibilityWatcher.startupCheckDelay) { [weak self] in
+            Task { @MainActor [weak self] in
+                self?.checkStartupStatusItemVisibility(appLaunchedAt: appLaunchedAt)
+            }
+        }
+    }
+
+    private func checkStartupStatusItemVisibility(appLaunchedAt: Date, now: Date = Date()) {
+        let snapshots = MenuBarVisibilityWatcher.visibilitySnapshots(self.startupVisibilityStatusItems)
+        guard MenuBarVisibilityWatcher.shouldAttemptStartupRecovery(
+            appLaunchedAt: appLaunchedAt,
+            now: now,
+            snapshots: snapshots)
+        else {
+            return
+        }
+
+        self.menuLogger.error(
+            "Status item failed to materialize; recreating status items",
+            metadata: ["snapshots": snapshots.map(\.description).joined(separator: " | ")])
+        self.recreateStatusItemsForVisibilityRecovery()
+
+        let recoveredSnapshots = MenuBarVisibilityWatcher.visibilitySnapshots(self.startupVisibilityStatusItems)
+        guard MenuBarVisibilityWatcher.shouldAttemptStartupRecovery(
+            appLaunchedAt: appLaunchedAt,
+            now: now,
+            snapshots: recoveredSnapshots)
+        else {
+            self.menuLogger.info(
+                "Status item materialized after recreation",
+                metadata: ["snapshots": recoveredSnapshots.map(\.description).joined(separator: " | ")])
+            return
+        }
+
+        self.menuLogger.error(
+            "Status item still failed to materialize after recreation",
+            metadata: ["snapshots": recoveredSnapshots.map(\.description).joined(separator: " | ")])
+        guard #available(macOS 26.0, *),
+              MenuBarVisibilityWatcher.shouldShowGuidance(defaults: self.settings.userDefaults, now: now)
+        else {
+            return
+        }
+        MenuBarVisibilityWatcher.presentGuidance(defaults: self.settings.userDefaults, now: now)
+    }
+
+    @objc func handleScreenParametersDidChange(_: Notification) {
+        let previousScreenCount = max(
+            self.pendingScreenChangePreviousCount ?? self.lastKnownScreenCount,
+            self.lastKnownScreenCount)
+        let currentScreenCount = NSScreen.screens.count
+        self.pendingScreenChangePreviousCount = previousScreenCount
+        self.lastKnownScreenCount = currentScreenCount
+        self.scheduleScreenChangeStatusItemVisibilityCheck(
+            previousScreenCount: previousScreenCount,
+            currentScreenCount: currentScreenCount)
+    }
+
+    private func scheduleScreenChangeStatusItemVisibilityCheck(
+        previousScreenCount: Int,
+        currentScreenCount: Int)
+    {
+        guard !SettingsStore.isRunningTests else { return }
+        self.screenChangeVisibilityTask?.cancel()
+        self.screenChangeVisibilityTask = Task { @MainActor [weak self] in
+            do {
+                try await Task.sleep(for: MenuBarVisibilityWatcher.screenChangeCheckDelay)
+            } catch {
+                return
+            }
+            self?.checkScreenChangeStatusItemVisibility(
+                previousScreenCount: previousScreenCount,
+                currentScreenCount: currentScreenCount)
+        }
+    }
+
+    private func checkScreenChangeStatusItemVisibility(previousScreenCount: Int, currentScreenCount: Int) {
+        self.pendingScreenChangePreviousCount = nil
+        let settledCurrentScreenCount = NSScreen.screens.count
+        self.lastKnownScreenCount = settledCurrentScreenCount
+        let snapshots = MenuBarVisibilityWatcher.visibilitySnapshots(self.startupVisibilityStatusItems)
+        if MenuBarVisibilityWatcher.shouldAttemptScreenChangeRecovery(snapshots: snapshots) {
+            self.menuLogger.error(
+                "Display configuration changed; recreating status items",
+                metadata: [
+                    "previousScreenCount": "\(previousScreenCount)",
+                    "currentScreenCount": "\(settledCurrentScreenCount)",
+                    "capturedScreenCount": "\(currentScreenCount)",
+                    "snapshots": snapshots.map(\.description).joined(separator: " | "),
+                ])
+            self.recreateStatusItemsForVisibilityRecovery()
+            self.schedulePostScreenChangeRecoveryVerification(attempt: 1)
+            return
+        }
+
+        guard MenuBarVisibilityWatcher.shouldRefreshScreenChangePlacement(
+            previousScreenCount: previousScreenCount,
+            currentScreenCount: settledCurrentScreenCount,
+            snapshots: snapshots)
+        else {
+            return
+        }
+
+        self.menuLogger.info(
+            "Display configuration changed; refreshing existing status items",
+            metadata: [
+                "previousScreenCount": "\(previousScreenCount)",
+                "currentScreenCount": "\(settledCurrentScreenCount)",
+                "capturedScreenCount": "\(currentScreenCount)",
+                "snapshots": snapshots.map(\.description).joined(separator: " | "),
+            ])
+        self.refreshExistingStatusItemsForVisibilityRecovery()
+    }
+
+    private func schedulePostScreenChangeRecoveryVerification(attempt: Int) {
+        self.screenChangeVisibilityTask = Task { @MainActor [weak self] in
+            do {
+                try await Task.sleep(for: MenuBarVisibilityWatcher.screenChangeFollowUpDelay)
+            } catch {
+                return
+            }
+            self?.verifyScreenChangeRecoveryIfNeeded(attempt: attempt)
+        }
+    }
+
+    private func verifyScreenChangeRecoveryIfNeeded(attempt: Int) {
+        let snapshots = MenuBarVisibilityWatcher.visibilitySnapshots(self.startupVisibilityStatusItems)
+        guard MenuBarVisibilityWatcher.hasAnyBlockedVisibleSnapshot(snapshots) else {
+            self.menuLogger.info(
+                "Status item recovered after display-change recovery",
+                metadata: ["attempt": "\(attempt)", "snapshots": snapshots.map(\.description).joined(separator: " | ")])
+            return
+        }
+
+        self.menuLogger.error(
+            "Status item still blocked after display-change recovery; recreating status items again",
+            metadata: [
+                "attempt": "\(attempt)",
+                "snapshots": snapshots.map(\.description).joined(separator: " | "),
+            ])
+        self.recreateStatusItemsForVisibilityRecovery()
+        // No further async retries: a menu bar manager may park the newly recreated item in a state
+        // that still looks blocked, causing repeated NSStatusItem destruction that corrupts Control Center.
+        // Instead, do one synchronous re-check to surface guidance if macOS itself is blocking the item.
+        let finalSnapshots = MenuBarVisibilityWatcher.visibilitySnapshots(self.startupVisibilityStatusItems)
+        guard MenuBarVisibilityWatcher.hasAnyBlockedVisibleSnapshot(finalSnapshots) else { return }
+        self.menuLogger.error(
+            "Status item still blocked after display-change recovery recreation",
+            metadata: ["snapshots": finalSnapshots.map(\.description).joined(separator: " | ")])
+        guard #available(macOS 26.0, *),
+              MenuBarVisibilityWatcher.shouldShowGuidance(defaults: self.settings.userDefaults)
+        else { return }
+        MenuBarVisibilityWatcher.presentGuidance(defaults: self.settings.userDefaults)
+    }
+
+    private var startupVisibilityStatusItems: [NSStatusItem] {
+        [self.statusItem] + Array(self.statusItems.values)
+    }
+}
diff --git a/Sources/CodexBar/MenuCardQuotaWarningMarkers.swift b/Sources/CodexBar/MenuCardQuotaWarningMarkers.swift
new file mode 100644
index 000000000..abe15e287
--- /dev/null
+++ b/Sources/CodexBar/MenuCardQuotaWarningMarkers.swift
@@ -0,0 +1,80 @@
+import CodexBarCore
+
+extension CodexConsumerProjection.RateLane {
+    var quotaWarningWindow: QuotaWarningWindow {
+        switch self {
+        case .session:
+            .session
+        case .weekly:
+            .weekly
+        }
+    }
+}
+
+extension UsageMenuCardView.Model {
+    static func warningMarkerPercents(thresholds: [Int]?, showUsed: Bool) -> [Double] {
+        guard let thresholds, !thresholds.isEmpty else { return [] }
+        return QuotaWarningThresholds.active(thresholds)
+            .map { showUsed ? 100 - Double($0) : Double($0) }
+            .filter { $0 > 0 && $0 < 100 }
+    }
+
+    /// Merges quota warning markers with optional work-day boundary markers.
+    /// Preserves original warning-marker ordering when workdayMarkers is empty,
+    /// sorts the combined set when workday markers are present.
+    static func mergedMarkerPercents(
+        warningMarkers: [Double],
+        workdayMarkers: [Double]) -> [Double]
+    {
+        let combined = warningMarkers + workdayMarkers
+        return workdayMarkers.isEmpty ? combined : combined.sorted()
+    }
+
+    /// Combines quota warning markers with optional work-day boundary markers
+    /// into a single sorted array. Workday markers are only applied when
+    /// includeWorkdayMarkers is true and windowMinutes == 10080.
+    static func markerPercents(
+        thresholds: [Int]?,
+        showUsed: Bool,
+        workDays: Int?,
+        windowMinutes: Int?,
+        includeWorkdayMarkers: Bool) -> [Double]
+    {
+        let warningMarkers = Self.warningMarkerPercents(thresholds: thresholds, showUsed: showUsed)
+        let workdayMarkers = includeWorkdayMarkers
+            ? workDayMarkerPercents(workDays: workDays, windowMinutes: windowMinutes)
+            : []
+        return Self.mergedMarkerPercents(warningMarkers: warningMarkers, workdayMarkers: workdayMarkers)
+    }
+
+    static func weeklyMarkerPercents(input: Input, windowMinutes: Int?) -> [Double] {
+        UsageMenuCardView.Model.markerPercents(
+            thresholds: input.quotaWarningThresholds[.weekly],
+            showUsed: input.usageBarsShowUsed,
+            workDays: input.workDaysPerWeek,
+            windowMinutes: windowMinutes,
+            includeWorkdayMarkers: true)
+    }
+
+    static func codexLaneMarkerPercents(
+        input: Input,
+        lane: CodexConsumerProjection.RateLane,
+        windowMinutes: Int?) -> [Double]
+    {
+        UsageMenuCardView.Model.markerPercents(
+            thresholds: input.quotaWarningThresholds[lane.quotaWarningWindow],
+            showUsed: input.usageBarsShowUsed,
+            workDays: input.workDaysPerWeek,
+            windowMinutes: windowMinutes,
+            includeWorkdayMarkers: lane == .weekly)
+    }
+}
+
+/// Returns boundary percentages for work day markers on a weekly progress bar.
+/// Only valid when windowMinutes == 10080 (standard 7-day week).
+/// nil workDays means feature is disabled.
+func workDayMarkerPercents(workDays: Int?, windowMinutes: Int?) -> [Double] {
+    guard workDays != nil, windowMinutes == 10080 else { return [] }
+    guard let wd = workDays, wd >= 2, wd <= 7 else { return [] }
+    return (1..<wd).map { Double($0) * 100.0 / Double(wd) }
+}
diff --git a/Sources/CodexBar/MenuCardView+Costs.swift b/Sources/CodexBar/MenuCardView+Costs.swift
new file mode 100644
index 000000000..37973a99a
--- /dev/null
+++ b/Sources/CodexBar/MenuCardView+Costs.swift
@@ -0,0 +1,222 @@
+import CodexBarCore
+import Foundation
+
+extension UsageMenuCardView.Model {
+    static func tokenUsageSnapshot(input: Input) -> CostUsageTokenSnapshot? {
+        if usesProviderCostHistoryAsPrimaryDashboard(input.provider), input.snapshot != nil {
+            return primaryCostHistorySnapshot(input: input)
+        }
+        return input.tokenSnapshot
+    }
+
+    static func creditsLine(
+        metadata: ProviderMetadata,
+        credits: CreditsSnapshot?,
+        error: String?) -> String?
+    {
+        guard metadata.supportsCredits else { return nil }
+        if let credits {
+            return UsageFormatter.creditsString(from: credits.remaining)
+        }
+        if let error, !error.isEmpty {
+            return error.trimmingCharacters(in: .whitespacesAndNewlines)
+        }
+        return L(metadata.creditsHint)
+    }
+
+    static func tokenUsageSection(
+        provider: UsageProvider,
+        enabled: Bool,
+        snapshot: CostUsageTokenSnapshot?,
+        error: String?) -> TokenUsageSection?
+    {
+        guard ProviderDescriptorRegistry.descriptor(for: provider).tokenCost.supportsTokenCost else {
+            return nil
+        }
+        guard enabled else { return nil }
+        guard let snapshot else { return nil }
+
+        let sessionCost = snapshot.sessionCostUSD.map {
+            UsageFormatter.currencyString($0, currencyCode: snapshot.currencyCode)
+        } ?? "—"
+        let sessionTokens = snapshot.sessionTokens.map { UsageFormatter.tokenCountString($0) }
+        let sessionLabel = if provider == .bedrock || provider == .mistral {
+            Self.latestBillingDayLabel(from: snapshot)
+        } else {
+            L("Today")
+        }
+        let sessionLine: String = {
+            if let sessionTokens {
+                return String(format: L("%@: %@ · %@ tokens"), sessionLabel, sessionCost, sessionTokens)
+            }
+            return "\(sessionLabel): \(sessionCost)"
+        }()
+
+        let monthCost = snapshot.last30DaysCostUSD.map {
+            UsageFormatter.currencyString($0, currencyCode: snapshot.currencyCode)
+        } ?? "—"
+        let fallbackTokens = snapshot.daily.compactMap(\.totalTokens).reduce(0, +)
+        let monthTokensValue = snapshot.last30DaysTokens ?? (fallbackTokens > 0 ? fallbackTokens : nil)
+        let monthTokens = monthTokensValue.map { UsageFormatter.tokenCountString($0) }
+        let windowLabel = snapshot.historyLabel ?? Self.costHistoryWindowLabel(days: snapshot.historyDays)
+        let monthLine: String = {
+            if let monthTokens {
+                return String(format: L("%@: %@ · %@ tokens"), windowLabel, monthCost, monthTokens)
+            }
+            return "\(windowLabel): \(monthCost)"
+        }()
+        let err = (error?.isEmpty ?? true) ? nil : error
+        return TokenUsageSection(
+            sessionLine: sessionLine,
+            monthLine: monthLine,
+            hintLine: Self.tokenUsageHint(provider: provider),
+            errorLine: err,
+            errorCopyText: (error?.isEmpty ?? true) ? nil : error)
+    }
+
+    static func tokenUsageHint(provider: UsageProvider) -> String? {
+        switch provider {
+        case .codex:
+            L("Estimated from local Codex logs for the selected account.")
+        case .claude:
+            UsageFormatter.costEstimateHint(provider: provider)
+        case .vertexai:
+            L("cost_estimate_hint")
+        case .bedrock:
+            L("AWS Cost Explorer billing can lag.")
+        case .openai:
+            L("Reported by OpenAI Admin API organization usage.")
+        case .mistral:
+            L("Reported by Mistral billing usage.")
+        default:
+            nil
+        }
+    }
+
+    static func costHistoryWindowLabel(days: Int) -> String {
+        days == 1 ? L("Today") : String(format: L("Last %d days"), days)
+    }
+
+    private static func latestBillingDayLabel(from snapshot: CostUsageTokenSnapshot) -> String {
+        guard let entry = bedrockLatestBillingDay(from: snapshot.daily),
+              let displayDate = bedrockDisplayDate(from: entry.date)
+        else { return L("Latest billing day") }
+        return String(format: L("Latest billing day (%@)"), displayDate)
+    }
+
+    private static func bedrockLatestBillingDay(from entries: [CostUsageDailyReport.Entry])
+        -> CostUsageDailyReport.Entry?
+    {
+        entries.max { lhs, rhs in
+            let lDate = Self.bedrockBillingDate(from: lhs.date) ?? .distantPast
+            let rDate = Self.bedrockBillingDate(from: rhs.date) ?? .distantPast
+            if lDate != rDate { return lDate < rDate }
+            let lCost = lhs.costUSD ?? -1
+            let rCost = rhs.costUSD ?? -1
+            if lCost != rCost { return lCost < rCost }
+            let lTokens = lhs.totalTokens ?? -1
+            let rTokens = rhs.totalTokens ?? -1
+            if lTokens != rTokens { return lTokens < rTokens }
+            return lhs.date < rhs.date
+        }
+    }
+
+    private static func bedrockDisplayDate(from text: String) -> String? {
+        guard let date = bedrockBillingDate(from: text) else { return nil }
+        let formatter = DateFormatter()
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        formatter.timeZone = TimeZone(secondsFromGMT: 0)
+        formatter.dateFormat = "MMM d"
+        return formatter.string(from: date)
+    }
+
+    private static func bedrockBillingDate(from text: String) -> Date? {
+        let formatter = DateFormatter()
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        formatter.timeZone = TimeZone(secondsFromGMT: 0)
+        formatter.dateFormat = "yyyy-MM-dd"
+        return formatter.date(from: text.trimmingCharacters(in: .whitespacesAndNewlines))
+    }
+
+    static func providerCostSection(
+        provider: UsageProvider,
+        cost: ProviderCostSnapshot?) -> ProviderCostSection?
+    {
+        if provider == .manus {
+            return nil
+        }
+        guard let cost else { return nil }
+        guard provider != .synthetic else { return nil }
+
+        if provider == .factory, cost.period == "Extra usage balance" {
+            let balance = UsageFormatter.currencyString(cost.used, currencyCode: cost.currencyCode)
+            return ProviderCostSection(
+                title: L("Extra usage"),
+                percentUsed: nil,
+                spendLine: "\(L("Balance")): \(balance)",
+                percentLine: nil)
+        }
+
+        if provider == .opencodego, cost.period == "Zen balance" {
+            let balance = UsageFormatter.currencyString(cost.used, currencyCode: cost.currencyCode)
+            return ProviderCostSection(
+                title: L("Zen balance"),
+                percentUsed: nil,
+                spendLine: "\(L("Balance")): \(balance)",
+                percentLine: nil)
+        }
+
+        if provider == .openai || provider == .claude, cost.limit <= 0 {
+            let spend = UsageFormatter.currencyString(cost.used, currencyCode: cost.currencyCode)
+            let periodLabel = Self.localizedPeriodLabel(cost.period ?? "Last 30 days")
+            return ProviderCostSection(
+                title: L("API spend"),
+                percentUsed: nil,
+                spendLine: "\(periodLabel): \(spend)",
+                percentLine: nil)
+        }
+
+        guard cost.limit > 0 else { return nil }
+
+        let used: String
+        let limit: String
+        let title: String
+
+        if cost.currencyCode == "Quota" {
+            title = L("Quota usage")
+            used = String(format: "%.0f", cost.used)
+            limit = String(format: "%.0f", cost.limit)
+        } else {
+            title = L("Extra usage")
+            used = UsageFormatter.currencyString(cost.used, currencyCode: cost.currencyCode)
+            limit = UsageFormatter.currencyString(cost.limit, currencyCode: cost.currencyCode)
+        }
+
+        let percentUsed = Self.clamped((cost.used / cost.limit) * 100)
+        let periodLabel = Self.localizedPeriodLabel(cost.period ?? "This month")
+
+        return ProviderCostSection(
+            title: title,
+            percentUsed: percentUsed,
+            spendLine: "\(periodLabel): \(used) / \(limit)",
+            percentLine: String(format: L("%.0f%% used"), min(100, max(0, percentUsed))))
+    }
+
+    private static func localizedPeriodLabel(_ label: String) -> String {
+        let trimmed = label.trimmingCharacters(in: .whitespacesAndNewlines)
+        switch trimmed.lowercased() {
+        case "last 30 days":
+            return L("Last 30 days")
+        case "this month":
+            return L("This month")
+        case "today":
+            return L("Today")
+        default:
+            return L(trimmed)
+        }
+    }
+
+    static func clamped(_ value: Double) -> Double {
+        min(100, max(0, value))
+    }
+}
diff --git a/Sources/CodexBar/MenuCardView+Kiro.swift b/Sources/CodexBar/MenuCardView+Kiro.swift
new file mode 100644
index 000000000..f9f61a9c0
--- /dev/null
+++ b/Sources/CodexBar/MenuCardView+Kiro.swift
@@ -0,0 +1,43 @@
+import CodexBarCore
+import Foundation
+
+extension UsageMenuCardView.Model {
+    static func kiroUsageNotes(input: Input) -> [String] {
+        var notes: [String] = []
+        if let authMethod = input.snapshot?.loginMethod(for: .kiro)?
+            .trimmingCharacters(in: .whitespacesAndNewlines),
+            !authMethod.isEmpty
+        {
+            notes.append("\(L("Auth")): \(authMethod)")
+        }
+        if let overages = input.snapshot?.kiroUsage?.overagesStatus?
+            .trimmingCharacters(in: .whitespacesAndNewlines),
+            !overages.isEmpty
+        {
+            notes.append("\(L("Overages")): \(overages)")
+        }
+        let overagesEnabled = input.snapshot?.kiroUsage?.overagesStatus?
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            .lowercased()
+            .hasPrefix("enabled") == true
+        if overagesEnabled,
+           let overageCreditsUsed = input.snapshot?.kiroUsage?.overageCreditsUsed
+        {
+            notes.append(
+                "\(L("Overage usage")): \(UsageFormatter.kiroCreditNumber(overageCreditsUsed)) \(L("credits"))")
+        }
+        if overagesEnabled,
+           let estimatedOverageCostUSD = input.snapshot?.kiroUsage?.estimatedOverageCostUSD
+        {
+            notes.append("\(L("Overage cost")): \(UsageFormatter.usdString(estimatedOverageCostUSD))")
+        }
+        return notes
+    }
+
+    static func kiroPlan(snapshot: UsageSnapshot?) -> String? {
+        guard let plan = snapshot?.kiroUsage?.displayPlanName,
+              !plan.isEmpty
+        else { return nil }
+        return plan
+    }
+}
diff --git a/Sources/CodexBar/MenuCardView+MiniMax.swift b/Sources/CodexBar/MenuCardView+MiniMax.swift
new file mode 100644
index 000000000..dda62d32f
--- /dev/null
+++ b/Sources/CodexBar/MenuCardView+MiniMax.swift
@@ -0,0 +1,87 @@
+import CodexBarCore
+import Foundation
+
+extension UsageMenuCardView.Model {
+    static func minimaxMetrics(services: [MiniMaxServiceUsage], input: Input) -> [Metric] {
+        let percentStyle: PercentStyle = .used
+        let textGenerationCount = services.count { $0.displayName == "Text Generation" }
+
+        return services.enumerated().map { index, service in
+            let used = service.usage
+            let displayPercent = min(100, max(0, service.percent))
+            let usageLabel = String(
+                format: L("minimax_usage_amount_format"),
+                used.formatted(),
+                service.limit.formatted())
+            let usedLabel = String(
+                format: L("minimax_used_percent_format"),
+                String(format: "%.0f%%", displayPercent))
+            let localizedName = Self.localizedMiniMaxServiceName(service.displayName)
+            let title = if localizedName == L("minimax_service_text_generation"), textGenerationCount > 1 {
+                "\(L("minimax_service_text_generation")) · \(Self.displayWindowBadge(for: service.windowType))"
+            } else {
+                localizedName
+            }
+
+            return Metric(
+                id: "minimax-service-\(index)",
+                title: title,
+                percent: displayPercent,
+                percentStyle: percentStyle,
+                resetText: Self.localizedMiniMaxResetDescription(service.resetDescription),
+                detailText: service.timeRange,
+                detailLeftText: usageLabel,
+                detailRightText: usedLabel,
+                pacePercent: nil,
+                paceOnTop: true,
+                cardStyle: true)
+        }
+    }
+
+    private static func displayWindowBadge(for windowType: String) -> String {
+        let trimmed = windowType.trimmingCharacters(in: .whitespacesAndNewlines)
+        let normalized = trimmed.lowercased()
+
+        if normalized == "weekly" {
+            return L("Weekly")
+        }
+        if normalized == "5 hours" || normalized == "5 hour" || normalized == "5h" {
+            return "5h"
+        }
+        if normalized == "today" {
+            return L("Today")
+        }
+        if normalized == "daily" {
+            return L("Daily")
+        }
+        return trimmed.isEmpty ? windowType : trimmed
+    }
+
+    private static func localizedMiniMaxResetDescription(_ text: String) -> String {
+        let prefix = "Resets in "
+        guard text.hasPrefix(prefix) else { return text }
+        let rest = String(text.dropFirst(prefix.count))
+        return L("Resets in %@", rest)
+    }
+
+    private static func localizedMiniMaxServiceName(_ raw: String) -> String {
+        switch raw {
+        case "Text Generation", "text_generation":
+            L("minimax_service_text_generation")
+        case "Text to Speech", "text_to_speech":
+            L("minimax_service_text_to_speech")
+        case "Music Generation", "music_generation":
+            L("minimax_service_music_generation")
+        case "Image Generation", "image_generation":
+            L("minimax_service_image_generation")
+        case "lyrics_generation":
+            L("minimax_service_lyrics_generation")
+        case "coding-plan-vlm":
+            L("minimax_service_coding_plan_vlm")
+        case "coding-plan-search":
+            L("minimax_service_coding_plan_search")
+        default:
+            raw
+        }
+    }
+}
diff --git a/Sources/CodexBar/MenuCardView+ModelHelpers.swift b/Sources/CodexBar/MenuCardView+ModelHelpers.swift
new file mode 100644
index 000000000..973ef05c1
--- /dev/null
+++ b/Sources/CodexBar/MenuCardView+ModelHelpers.swift
@@ -0,0 +1,327 @@
+import CodexBarCore
+import SwiftUI
+
+extension UsageMenuCardView.Model {
+    struct PaceDetail {
+        let leftLabel: String
+        let rightLabel: String?
+        let pacePercent: Double?
+        let paceOnTop: Bool
+    }
+
+    var isOverviewErrorOnly: Bool {
+        self.subtitleStyle == .error &&
+            self.metrics.isEmpty &&
+            self.usageNotes.isEmpty &&
+            self.openAIAPIUsage == nil &&
+            self.inlineUsageDashboard == nil &&
+            self.creditsRemaining == nil &&
+            self.providerCost == nil &&
+            self.tokenUsage == nil &&
+            self.placeholder == nil
+    }
+
+    var hasUsageContent: Bool {
+        !self.metrics.isEmpty ||
+            !self.usageNotes.isEmpty ||
+            self.openAIAPIUsage != nil ||
+            self.inlineUsageDashboard != nil ||
+            self.placeholder != nil
+    }
+
+    static func progressColor(for provider: UsageProvider) -> Color {
+        if provider == .elevenlabs {
+            return Color(nsColor: .labelColor)
+        }
+
+        let color = ProviderDescriptorRegistry.descriptor(for: provider).branding.color
+        return Color(red: color.red, green: color.green, blue: color.blue)
+    }
+
+    static func resetText(
+        for window: RateWindow,
+        style: ResetTimeDisplayStyle,
+        now: Date) -> String?
+    {
+        UsageFormatter.resetLine(for: window, style: style, now: now)
+    }
+
+    static func placeholder(input: Input) -> String? {
+        if self.shouldShowRateLimitsUnavailablePlaceholder(input: input) {
+            return L("Limits not available")
+        }
+
+        if input.snapshot == nil, !input.isRefreshing, input.lastError == nil {
+            return L("No usage yet")
+        }
+
+        return nil
+    }
+
+    static func lastError(input: Input) -> String? {
+        guard let lastError = input.lastError?.trimmingCharacters(in: .whitespacesAndNewlines),
+              !lastError.isEmpty
+        else {
+            return nil
+        }
+        if self.shouldShowRateLimitsUnavailablePlaceholder(input: input, lastError: lastError) {
+            return nil
+        }
+        return lastError
+    }
+
+    private static func shouldShowRateLimitsUnavailablePlaceholder(input: Input, lastError: String? = nil) -> Bool {
+        let currentError = lastError ?? input.lastError
+        if let currentError = currentError?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !currentError.isEmpty,
+           !UsageError.isNoRateLimitsFoundDescription(currentError)
+        {
+            return false
+        }
+        return self.rateLimitsUnavailable(input: input, lastError: currentError)
+    }
+
+    private static func rateLimitsUnavailable(input: Input, lastError: String? = nil) -> Bool {
+        UsageLimitsAvailability.resolve(
+            provider: input.provider,
+            snapshot: input.snapshot,
+            account: input.account,
+            lastErrorDescription: lastError ?? input.lastError)
+            .isUnavailable
+    }
+
+    static func sessionPaceDetail(
+        provider: UsageProvider,
+        window: RateWindow,
+        now: Date,
+        showUsed: Bool) -> PaceDetail?
+    {
+        guard let detail = UsagePaceText.sessionDetail(provider: provider, window: window, now: now) else { return nil }
+        let expectedUsed = detail.expectedUsedPercent
+        let actualUsed = window.usedPercent
+        let expectedPercent = showUsed ? expectedUsed : (100 - expectedUsed)
+        let actualPercent = showUsed ? actualUsed : (100 - actualUsed)
+        if expectedPercent.isFinite == false || actualPercent.isFinite == false { return nil }
+        let paceOnTop = actualUsed <= expectedUsed
+        let pacePercent: Double? = if detail.stage == .onTrack { nil } else { expectedPercent }
+        return PaceDetail(
+            leftLabel: detail.leftLabel,
+            rightLabel: detail.rightLabel,
+            pacePercent: pacePercent,
+            paceOnTop: paceOnTop)
+    }
+
+    static func weeklyPaceDetail(
+        window: RateWindow,
+        now: Date,
+        pace: UsagePace?,
+        showUsed: Bool) -> PaceDetail?
+    {
+        guard let pace else { return nil }
+        let detail = UsagePaceText.weeklyDetail(pace: pace, now: now)
+        let expectedUsed = detail.expectedUsedPercent
+        let actualUsed = window.usedPercent
+        let expectedPercent = showUsed ? expectedUsed : (100 - expectedUsed)
+        let actualPercent = showUsed ? actualUsed : (100 - actualUsed)
+        if expectedPercent.isFinite == false || actualPercent.isFinite == false { return nil }
+        let paceOnTop = actualUsed <= expectedUsed
+        let pacePercent: Double? = if detail.stage == .onTrack { nil } else { expectedPercent }
+        return PaceDetail(
+            leftLabel: detail.leftLabel,
+            rightLabel: detail.rightLabel,
+            pacePercent: pacePercent,
+            paceOnTop: paceOnTop)
+    }
+
+    static func antigravityMetrics(input: Input, snapshot: UsageSnapshot) -> [Metric] {
+        let percentStyle: PercentStyle = input.usageBarsShowUsed ? .used : .left
+        var metrics = [
+            Self.antigravityMetric(
+                id: "primary",
+                title: L(input.metadata.sessionLabel),
+                window: snapshot.primary,
+                input: input,
+                percentStyle: percentStyle),
+            Self.antigravityMetric(
+                id: "secondary",
+                title: L(input.metadata.weeklyLabel),
+                window: snapshot.secondary,
+                input: input,
+                percentStyle: percentStyle),
+            Self.antigravityMetric(
+                id: "tertiary",
+                title: input.metadata.opusLabel.map(L) ?? L("Gemini Flash"),
+                window: snapshot.tertiary,
+                input: input,
+                percentStyle: percentStyle),
+        ]
+        metrics.append(contentsOf: Self.extraRateWindowMetrics(
+            snapshot: snapshot,
+            input: input,
+            percentStyle: percentStyle))
+        return metrics
+    }
+
+    static func extraRateWindowMetrics(
+        snapshot: UsageSnapshot,
+        input: Input,
+        percentStyle: PercentStyle) -> [Metric]
+    {
+        guard let extraRateWindows = snapshot.extraRateWindows else { return [] }
+        // Codex additional limits (e.g. Codex Spark) are optional extra usage and follow the
+        // "optional credits and extra usage" setting. Other providers' extra windows (Antigravity
+        // per-model quotas, Factory core windows, etc.) are core data and must always render.
+        if input.provider == .codex, !input.showOptionalCreditsAndExtraUsage {
+            return []
+        }
+        return extraRateWindows.map { namedWindow in
+            Metric(
+                id: namedWindow.id,
+                title: namedWindow.title,
+                percent: Self.clamped(
+                    input.usageBarsShowUsed
+                        ? namedWindow.window.usedPercent
+                        : namedWindow.window.remainingPercent),
+                percentStyle: percentStyle,
+                resetText: Self.resetText(
+                    for: namedWindow.window,
+                    style: input.resetTimeDisplayStyle,
+                    now: input.now),
+                detailText: nil,
+                detailLeftText: nil,
+                detailRightText: nil,
+                pacePercent: nil,
+                paceOnTop: true)
+        }
+    }
+
+    static func antigravityMetric(
+        id: String,
+        title: String,
+        window: RateWindow?,
+        input: Input,
+        percentStyle: PercentStyle) -> Metric
+    {
+        guard let window else {
+            let placeholderPercent = input.usageBarsShowUsed ? 100.0 : 0.0
+            return Metric(
+                id: id,
+                title: title,
+                percent: placeholderPercent,
+                percentStyle: percentStyle,
+                statusText: nil,
+                resetText: nil,
+                detailText: nil,
+                detailLeftText: nil,
+                detailRightText: nil,
+                pacePercent: nil,
+                paceOnTop: true)
+        }
+        let percent = input.usageBarsShowUsed ? window.usedPercent : window.remainingPercent
+        return Metric(
+            id: id,
+            title: title,
+            percent: Self.clamped(percent),
+            percentStyle: percentStyle,
+            resetText: Self.resetText(for: window, style: input.resetTimeDisplayStyle, now: input.now),
+            detailText: nil,
+            detailLeftText: nil,
+            detailRightText: nil,
+            pacePercent: nil,
+            paceOnTop: true)
+    }
+
+    static func zaiLimitDetailText(limit: ZaiLimitEntry?) -> String? {
+        guard let limit else { return nil }
+
+        if let currentValue = limit.currentValue,
+           let usage = limit.usage,
+           let remaining = limit.remaining
+        {
+            let currentStr = UsageFormatter.tokenCountString(currentValue)
+            let usageStr = UsageFormatter.tokenCountString(usage)
+            let remainingStr = UsageFormatter.tokenCountString(remaining)
+            return String(format: L("%@ / %@ (%@ remaining)"), currentStr, usageStr, remainingStr)
+        }
+
+        return nil
+    }
+
+    static func openRouterQuotaDetail(provider: UsageProvider, snapshot: UsageSnapshot) -> String? {
+        guard provider == .openrouter,
+              let usage = snapshot.openRouterUsage,
+              usage.hasValidKeyQuota,
+              let keyRemaining = usage.keyRemaining,
+              let keyLimit = usage.keyLimit
+        else {
+            return nil
+        }
+
+        let remaining = UsageFormatter.usdString(keyRemaining)
+        let limit = UsageFormatter.usdString(keyLimit)
+        return String(format: L("%@/%@ left"), remaining, limit)
+    }
+
+    static func syntheticRegenDetail(
+        weekly: RateWindow,
+        cost: ProviderCostSnapshot?,
+        now: Date,
+        showUsed: Bool) -> (resetText: String, pace: PaceDetail)?
+    {
+        guard let cost,
+              cost.limit > 0,
+              let nextRegenAmount = cost.nextRegenAmount,
+              nextRegenAmount > 0,
+              let resetsAt = weekly.resetsAt
+        else { return nil }
+
+        let countdown = UsageFormatter.resetCountdownDescription(from: resetsAt, now: now)
+        let resetText = String(format: L("Regenerates %@"), countdown)
+
+        let nextRegenPercent = (nextRegenAmount / cost.limit) * 100
+        let afterNextRegenRemaining = min(100, weekly.remainingPercent + nextRegenPercent)
+        let afterNextRegen = showUsed ? max(0, 100 - afterNextRegenRemaining) : afterNextRegenRemaining
+        let suffix = showUsed ? L("used after next regen") : L("after next regen")
+        let ticksToFull = max(0, cost.used) / nextRegenAmount
+        let left = String(format: "%.0f%% %@", afterNextRegen, suffix)
+        let right = if ticksToFull <= 0.1 {
+            L("Near full")
+        } else if ticksToFull < 1.5 {
+            L("Full in ~1 regen")
+        } else {
+            String(format: L("Full in ~%.0f regens"), ceil(ticksToFull))
+        }
+        return (resetText, PaceDetail(leftLabel: left, rightLabel: right, pacePercent: nil, paceOnTop: true))
+    }
+
+    static func syntheticRollingRegenDetail(
+        window: RateWindow,
+        now: Date,
+        showUsed: Bool) -> (resetText: String, pace: PaceDetail)?
+    {
+        guard let resetsAt = window.resetsAt,
+              let nextRegenPercent = window.nextRegenPercent,
+              nextRegenPercent > 0
+        else { return nil }
+
+        let countdown = UsageFormatter.resetCountdownDescription(from: resetsAt, now: now)
+        let resetText = String(format: L("Regenerates %@"), countdown)
+
+        let afterNextRegenRemaining = min(100, window.remainingPercent + nextRegenPercent)
+        let afterNextRegen = showUsed ? max(0, 100 - afterNextRegenRemaining) : afterNextRegenRemaining
+        let suffix = showUsed ? L("used after next regen") : L("after next regen")
+        let left = String(format: "%.0f%% %@", afterNextRegen, suffix)
+
+        let missingPercent = max(0, window.usedPercent)
+        let ticksToFull = missingPercent / nextRegenPercent
+        let right = if ticksToFull <= 0.1 {
+            L("Near full")
+        } else if ticksToFull < 1.5 {
+            L("Full in ~1 regen")
+        } else {
+            String(format: L("Full in ~%.0f regens"), ceil(ticksToFull))
+        }
+
+        return (resetText, PaceDetail(leftLabel: left, rightLabel: right, pacePercent: nil, paceOnTop: true))
+    }
+}
diff --git a/Sources/CodexBar/MenuCardView.swift b/Sources/CodexBar/MenuCardView.swift
index cfe4488cf..3c16bb854 100644
--- a/Sources/CodexBar/MenuCardView.swift
+++ b/Sources/CodexBar/MenuCardView.swift
@@ -5,21 +5,21 @@ import SwiftUI
 /// SwiftUI card used inside the NSMenu to mirror Apple's rich menu panels.
 struct UsageMenuCardView: View {
     struct Model {
-        enum PercentStyle: String, Sendable {
+        enum PercentStyle: String {
             case left
             case used
 
             var labelSuffix: String {
                 switch self {
-                case .left: "left"
-                case .used: "used"
+                case .left: L("usage_percent_suffix_left")
+                case .used: L("usage_percent_suffix_used")
                 }
             }
 
             var accessibilityLabel: String {
                 switch self {
-                case .left: "Usage remaining"
-                case .used: "Usage used"
+                case .left: L("Usage remaining")
+                case .used: L("Usage used")
                 }
             }
         }
@@ -29,12 +29,45 @@ struct UsageMenuCardView: View {
             let title: String
             let percent: Double
             let percentStyle: PercentStyle
+            let statusText: String?
             let resetText: String?
             let detailText: String?
             let detailLeftText: String?
             let detailRightText: String?
             let pacePercent: Double?
             let paceOnTop: Bool
+            let warningMarkerPercents: [Double]
+            let cardStyle: Bool
+
+            init(
+                id: String,
+                title: String,
+                percent: Double,
+                percentStyle: PercentStyle,
+                statusText: String? = nil,
+                resetText: String?,
+                detailText: String?,
+                detailLeftText: String?,
+                detailRightText: String?,
+                pacePercent: Double?,
+                paceOnTop: Bool,
+                warningMarkerPercents: [Double] = [],
+                cardStyle: Bool = false)
+            {
+                self.id = id
+                self.title = title
+                self.percent = percent
+                self.percentStyle = percentStyle
+                self.statusText = statusText
+                self.resetText = resetText
+                self.detailText = detailText
+                self.detailLeftText = detailLeftText
+                self.detailRightText = detailRightText
+                self.pacePercent = pacePercent
+                self.paceOnTop = paceOnTop
+                self.warningMarkerPercents = warningMarkerPercents
+                self.cardStyle = cardStyle
+            }
 
             var percentLabel: String {
                 String(format: "%.0f%% %@", self.percent, self.percentStyle.labelSuffix)
@@ -47,7 +80,7 @@ struct UsageMenuCardView: View {
             case error
         }
 
-        struct TokenUsageSection: Sendable {
+        struct TokenUsageSection {
             let sessionLine: String
             let monthLine: String
             let hintLine: String?
@@ -55,10 +88,11 @@ struct UsageMenuCardView: View {
             let errorCopyText: String?
         }
 
-        struct ProviderCostSection: Sendable {
+        struct ProviderCostSection {
             let title: String
-            let percentUsed: Double
+            let percentUsed: Double?
             let spendLine: String
+            let percentLine: String?
         }
 
         let provider: UsageProvider
@@ -69,6 +103,8 @@ struct UsageMenuCardView: View {
         let planText: String?
         let metrics: [Metric]
         let usageNotes: [String]
+        let openAIAPIUsage: OpenAIAPIUsageSnapshot?
+        let inlineUsageDashboard: InlineUsageDashboardModel?
         let creditsText: String?
         let creditsRemaining: Double?
         let creditsHintText: String?
@@ -85,7 +121,7 @@ struct UsageMenuCardView: View {
 
     static func popupMetricTitle(provider: UsageProvider, metric: Model.Metric) -> String {
         if provider == .openrouter, metric.id == "primary" {
-            return "API key limit"
+            return L("API key limit")
         }
         return metric.title
     }
@@ -99,7 +135,9 @@ struct UsageMenuCardView: View {
             }
 
             if self.model.metrics.isEmpty {
-                if !self.model.usageNotes.isEmpty {
+                if let dashboard = self.model.inlineUsageDashboard {
+                    InlineUsageDashboardContent(model: dashboard)
+                } else if !self.model.usageNotes.isEmpty {
                     UsageNotesContent(notes: self.model.usageNotes)
                 } else if let placeholder = self.model.placeholder {
                     Text(placeholder)
@@ -107,7 +145,7 @@ struct UsageMenuCardView: View {
                         .font(.subheadline)
                 }
             } else {
-                let hasUsage = !self.model.metrics.isEmpty || !self.model.usageNotes.isEmpty
+                let hasUsage = self.model.hasUsageContent
                 let hasCredits = self.model.creditsText != nil
                 let hasProviderCost = self.model.providerCost != nil
                 let hasCost = self.model.tokenUsage != nil || hasProviderCost
@@ -121,7 +159,9 @@ struct UsageMenuCardView: View {
                                     title: Self.popupMetricTitle(provider: self.model.provider, metric: metric),
                                     progressColor: self.model.progressColor)
                             }
-                            if !self.model.usageNotes.isEmpty {
+                            if let dashboard = self.model.inlineUsageDashboard {
+                                InlineUsageDashboardContent(model: dashboard)
+                            } else if !self.model.usageNotes.isEmpty {
                                 UsageNotesContent(notes: self.model.usageNotes)
                             }
                         }
@@ -150,7 +190,7 @@ struct UsageMenuCardView: View {
                     }
                     if let tokenUsage = self.model.tokenUsage {
                         VStack(alignment: .leading, spacing: 6) {
-                            Text("Cost")
+                            Text(L("cost_header_estimated"))
                                 .font(.body)
                                 .fontWeight(.medium)
                             Text(tokenUsage.sessionLine)
@@ -187,7 +227,7 @@ struct UsageMenuCardView: View {
     }
 
     private var hasDetails: Bool {
-        !self.model.metrics.isEmpty || !self.model.usageNotes.isEmpty || self.model.placeholder != nil ||
+        self.model.hasUsageContent ||
             self.model.tokenUsage != nil ||
             self.model.providerCost != nil
     }
@@ -200,13 +240,13 @@ private struct UsageMenuCardHeaderView: View {
     var body: some View {
         VStack(alignment: .leading, spacing: 3) {
             HStack(alignment: .firstTextBaseline) {
-                Text(self.model.providerName)
-                    .font(.headline)
+                Text(self.model.providerName).font(.headline)
                     .fontWeight(.semibold)
+                    .lineLimit(1).truncationMode(.tail).layoutPriority(1)
                 Spacer()
-                Text(self.model.email)
-                    .font(.subheadline)
+                Text(self.model.email).font(.subheadline)
                     .foregroundStyle(MenuHighlightStyle.secondary(self.isHighlighted))
+                    .lineLimit(1).truncationMode(.middle)
             }
             let subtitleAlignment: VerticalAlignment = self.model.subtitleStyle == .error ? .top : .firstTextBaseline
             HStack(alignment: subtitleAlignment) {
@@ -283,7 +323,7 @@ private struct CopyIconButton: View {
                 .frame(width: 18, height: 18)
         }
         .buttonStyle(CopyIconButtonStyle(isHighlighted: self.isHighlighted))
-        .accessibilityLabel(self.didCopy ? "Copied" : "Copy error")
+        .accessibilityLabel(self.didCopy ? L("Copied") : L("Copy error"))
     }
 
     private func copyToPasteboard() {
@@ -303,17 +343,21 @@ private struct ProviderCostContent: View {
             Text(self.section.title)
                 .font(.body)
                 .fontWeight(.medium)
-            UsageProgressBar(
-                percent: self.section.percentUsed,
-                tint: self.progressColor,
-                accessibilityLabel: "Extra usage spent")
+            if let percentUsed = self.section.percentUsed {
+                UsageProgressBar(
+                    percent: percentUsed,
+                    tint: self.progressColor,
+                    accessibilityLabel: L("Extra usage spent"))
+            }
             HStack(alignment: .firstTextBaseline) {
                 Text(self.section.spendLine)
                     .font(.footnote)
                 Spacer()
-                Text(String(format: "%.0f%% used", min(100, max(0, self.section.percentUsed))))
-                    .font(.footnote)
-                    .foregroundStyle(MenuHighlightStyle.secondary(self.isHighlighted))
+                if let percentLine = self.section.percentLine {
+                    Text(percentLine)
+                        .font(.footnote)
+                        .foregroundStyle(MenuHighlightStyle.secondary(self.isHighlighted))
+                }
             }
         }
     }
@@ -330,52 +374,63 @@ private struct MetricRow: View {
             Text(self.title)
                 .font(.body)
                 .fontWeight(.medium)
-            UsageProgressBar(
-                percent: self.metric.percent,
-                tint: self.progressColor,
-                accessibilityLabel: self.metric.percentStyle.accessibilityLabel,
-                pacePercent: self.metric.pacePercent,
-                paceOnTop: self.metric.paceOnTop)
-            VStack(alignment: .leading, spacing: 2) {
-                HStack(alignment: .firstTextBaseline) {
-                    Text(self.metric.percentLabel)
-                        .font(.footnote)
-                        .lineLimit(1)
-                    Spacer()
-                    if let rightLabel = self.metric.resetText {
-                        Text(rightLabel)
+            if let statusText = self.metric.statusText {
+                Text(statusText)
+                    .font(.footnote)
+                    .foregroundStyle(MenuHighlightStyle.secondary(self.isHighlighted))
+                    .lineLimit(1)
+            } else {
+                UsageProgressBar(
+                    percent: self.metric.percent,
+                    tint: self.progressColor,
+                    accessibilityLabel: self.metric.percentStyle.accessibilityLabel,
+                    pacePercent: self.metric.pacePercent,
+                    paceOnTop: self.metric.paceOnTop,
+                    warningMarkerPercents: self.metric.warningMarkerPercents)
+                VStack(alignment: .leading, spacing: 2) {
+                    HStack(alignment: .firstTextBaseline) {
+                        Text(self.metric.percentLabel)
                             .font(.footnote)
-                            .foregroundStyle(MenuHighlightStyle.secondary(self.isHighlighted))
                             .lineLimit(1)
-                    }
-                }
-                if self.metric.detailLeftText != nil || self.metric.detailRightText != nil {
-                    HStack(alignment: .firstTextBaseline) {
-                        if let detailLeft = self.metric.detailLeftText {
-                            Text(detailLeft)
-                                .font(.footnote)
-                                .foregroundStyle(MenuHighlightStyle.primary(self.isHighlighted))
-                                .lineLimit(1)
-                        }
                         Spacer()
-                        if let detailRight = self.metric.detailRightText {
-                            Text(detailRight)
+                        if let rightLabel = self.metric.resetText {
+                            Text(rightLabel)
                                 .font(.footnote)
                                 .foregroundStyle(MenuHighlightStyle.secondary(self.isHighlighted))
                                 .lineLimit(1)
                         }
                     }
+                    if self.metric.detailLeftText != nil || self.metric.detailRightText != nil {
+                        HStack(alignment: .firstTextBaseline) {
+                            if let detailLeft = self.metric.detailLeftText {
+                                Text(detailLeft)
+                                    .font(.footnote)
+                                    .foregroundStyle(MenuHighlightStyle.primary(self.isHighlighted))
+                                    .lineLimit(1)
+                            }
+                            Spacer()
+                            if let detailRight = self.metric.detailRightText {
+                                Text(detailRight)
+                                    .font(.footnote)
+                                    .foregroundStyle(MenuHighlightStyle.secondary(self.isHighlighted))
+                                    .lineLimit(1)
+                            }
+                        }
+                    }
+                }
+                .frame(maxWidth: .infinity, alignment: .leading)
+                if let detail = self.metric.detailText {
+                    Text(detail)
+                        .font(.footnote)
+                        .foregroundStyle(MenuHighlightStyle.secondary(self.isHighlighted))
+                        .lineLimit(1)
                 }
-            }
-            .frame(maxWidth: .infinity, alignment: .leading)
-            if let detail = self.metric.detailText {
-                Text(detail)
-                    .font(.footnote)
-                    .foregroundStyle(MenuHighlightStyle.secondary(self.isHighlighted))
-                    .lineLimit(1)
             }
         }
         .frame(maxWidth: .infinity, alignment: .leading)
+        .padding(self.metric.cardStyle ? 10 : 0)
+        .background(self.metric.cardStyle ? Color.secondary.opacity(self.isHighlighted ? 0.2 : 0.08) : Color.clear)
+        .clipShape(RoundedRectangle(cornerRadius: self.metric.cardStyle ? 10 : 0))
     }
 }
 
@@ -427,7 +482,9 @@ struct UsageMenuCardUsageSectionView: View {
     var body: some View {
         VStack(alignment: .leading, spacing: 12) {
             if self.model.metrics.isEmpty {
-                if !self.model.usageNotes.isEmpty {
+                if let dashboard = self.model.inlineUsageDashboard {
+                    InlineUsageDashboardContent(model: dashboard)
+                } else if !self.model.usageNotes.isEmpty {
                     UsageNotesContent(notes: self.model.usageNotes)
                 } else if let placeholder = self.model.placeholder {
                     Text(placeholder)
@@ -441,7 +498,9 @@ struct UsageMenuCardUsageSectionView: View {
                         title: UsageMenuCardView.popupMetricTitle(provider: self.model.provider, metric: metric),
                         progressColor: self.model.progressColor)
                 }
-                if !self.model.usageNotes.isEmpty {
+                if let dashboard = self.model.inlineUsageDashboard {
+                    InlineUsageDashboardContent(model: dashboard)
+                } else if !self.model.usageNotes.isEmpty {
                     UsageNotesContent(notes: self.model.usageNotes)
                 }
             }
@@ -502,19 +561,19 @@ private struct CreditsBarContent: View {
 
     private var scaleText: String {
         let scale = UsageFormatter.tokenCountString(Int(Self.fullScaleTokens))
-        return "\(scale) tokens"
+        return "\(scale) \(L("tokens"))"
     }
 
     var body: some View {
         VStack(alignment: .leading, spacing: 6) {
-            Text("Credits")
+            Text(L("Credits"))
                 .font(.body)
                 .fontWeight(.medium)
             if let percentLeft {
                 UsageProgressBar(
                     percent: percentLeft,
                     tint: self.progressColor,
-                    accessibilityLabel: "Credits remaining")
+                    accessibilityLabel: L("Credits remaining"))
                 HStack(alignment: .firstTextBaseline) {
                     Text(self.creditsText)
                         .font(.caption)
@@ -555,7 +614,7 @@ struct UsageMenuCardCostSectionView: View {
                 VStack(alignment: .leading, spacing: 10) {
                     if let tokenUsage = self.model.tokenUsage {
                         VStack(alignment: .leading, spacing: 6) {
-                            Text("Cost")
+                            Text(L("cost_header_estimated"))
                                 .font(.body)
                                 .fontWeight(.medium)
                             Text(tokenUsage.sessionLine)
@@ -619,6 +678,7 @@ extension UsageMenuCardView.Model {
         let provider: UsageProvider
         let metadata: ProviderMetadata
         let snapshot: UsageSnapshot?
+        let codexProjection: CodexConsumerProjection?
         let credits: CreditsSnapshot?
         let creditsError: String?
         let dashboard: OpenAIDashboardSnapshot?
@@ -636,12 +696,15 @@ extension UsageMenuCardView.Model {
         let kiloAutoMode: Bool
         let hidePersonalInfo: Bool
         let weeklyPace: UsagePace?
+        let quotaWarningThresholds: [QuotaWarningWindow: [Int]]
+        let workDaysPerWeek: Int?
         let now: Date
 
         init(
             provider: UsageProvider,
             metadata: ProviderMetadata,
             snapshot: UsageSnapshot?,
+            codexProjection: CodexConsumerProjection? = nil,
             credits: CreditsSnapshot?,
             creditsError: String?,
             dashboard: OpenAIDashboardSnapshot?,
@@ -659,11 +722,14 @@ extension UsageMenuCardView.Model {
             kiloAutoMode: Bool = false,
             hidePersonalInfo: Bool,
             weeklyPace: UsagePace? = nil,
+            quotaWarningThresholds: [QuotaWarningWindow: [Int]] = [:],
+            workDaysPerWeek: Int? = nil,
             now: Date)
         {
             self.provider = provider
             self.metadata = metadata
             self.snapshot = snapshot
+            self.codexProjection = codexProjection
             self.credits = credits
             self.creditsError = creditsError
             self.dashboard = dashboard
@@ -681,6 +747,8 @@ extension UsageMenuCardView.Model {
             self.kiloAutoMode = kiloAutoMode
             self.hidePersonalInfo = hidePersonalInfo
             self.weeklyPace = weeklyPace
+            self.quotaWarningThresholds = quotaWarningThresholds
+            self.workDaysPerWeek = workDaysPerWeek
             self.now = now
         }
     }
@@ -692,30 +760,42 @@ extension UsageMenuCardView.Model {
             account: input.account,
             metadata: input.metadata)
         let metrics = Self.metrics(input: input)
+        let openAIAPIUsage = input.snapshot?.openAIAPIUsage
+        let inlineUsageDashboard = Self.inlineUsageDashboard(input: input)
         let usageNotes = Self.usageNotes(input: input)
         let creditsText: String? = if input.provider == .openrouter {
             nil
-        } else if input.provider == .codex, !input.showOptionalCreditsAndExtraUsage {
+        } else if input.codexProjection != nil, !input.showOptionalCreditsAndExtraUsage {
             nil
         } else {
             Self.creditsLine(metadata: input.metadata, credits: input.credits, error: input.creditsError)
         }
-        let providerCost: ProviderCostSection? = if input.provider == .claude, !input.showOptionalCreditsAndExtraUsage {
+        let isClaudeAdminAPI = input.provider == .claude &&
+            input.snapshot?.identity?.loginMethod == "Admin API"
+        let hidesOptionalProviderCost = ((input.provider == .claude && !isClaudeAdminAPI) ||
+            input.provider == .factory ||
+            input.provider == .opencodego) &&
+            !input.showOptionalCreditsAndExtraUsage
+        let providerCost: ProviderCostSection? = if hidesOptionalProviderCost ||
+            (input.provider == .openai && openAIAPIUsage != nil)
+        {
             nil
         } else {
             Self.providerCostSection(provider: input.provider, cost: input.snapshot?.providerCost)
         }
+        let tokenUsageSnapshot = Self.tokenUsageSnapshot(input: input)
         let tokenUsage = Self.tokenUsageSection(
             provider: input.provider,
             enabled: input.tokenCostUsageEnabled,
-            snapshot: input.tokenSnapshot,
+            snapshot: tokenUsageSnapshot,
             error: input.tokenError)
         let subtitle = Self.subtitle(
             snapshot: input.snapshot,
             isRefreshing: input.isRefreshing,
-            lastError: input.lastError)
+            lastError: Self.lastError(input: input),
+            now: input.now)
         let redacted = Self.redactedText(input: input, subtitle: subtitle)
-        let placeholder = input.snapshot == nil && !input.isRefreshing && input.lastError == nil ? "No usage yet" : nil
+        let placeholder = Self.placeholder(input: input)
 
         return UsageMenuCardView.Model(
             provider: input.provider,
@@ -726,6 +806,8 @@ extension UsageMenuCardView.Model {
             planText: planText,
             metrics: metrics,
             usageNotes: usageNotes,
+            openAIAPIUsage: openAIAPIUsage,
+            inlineUsageDashboard: inlineUsageDashboard,
             creditsText: creditsText,
             creditsRemaining: input.credits?.remaining,
             creditsHintText: redacted.creditsHintText,
@@ -737,6 +819,10 @@ extension UsageMenuCardView.Model {
     }
 
     private static func usageNotes(input: Input) -> [String] {
+        if input.provider == .kiro {
+            return kiroUsageNotes(input: input)
+        }
+
         if input.provider == .kilo {
             var notes = Self.kiloLoginDetails(snapshot: input.snapshot)
             let resolvedSource = input.sourceLabel?
@@ -746,22 +832,54 @@ extension UsageMenuCardView.Model {
                resolvedSource == "cli",
                !notes.contains(where: { $0.caseInsensitiveCompare("Using CLI fallback") == .orderedSame })
             {
-                notes.append("Using CLI fallback")
+                notes.append(L("Using CLI fallback"))
             }
             return notes
         }
 
+        if input.provider == .mimo, input.snapshot != nil {
+            return [
+                L("Balance updates in near-real time (up to 5 min lag)"),
+                L("Daily billing data finalizes at 07:00 UTC"),
+            ]
+        }
+
+        if let notes = apiProviderUsageNotes(input: input) {
+            return notes
+        }
+
         guard input.provider == .openrouter,
               let openRouter = input.snapshot?.openRouterUsage
         else {
             return []
         }
 
-        return switch openRouter.keyQuotaStatus {
-        case .available: []
-        case .noLimitConfigured: ["No limit set for the API key"]
-        case .unavailable: ["API key limit unavailable right now"]
+        var notes = Self.openRouterSpendNotes(openRouter)
+        switch openRouter.keyQuotaStatus {
+        case .available:
+            break
+        case .noLimitConfigured:
+            notes.append(L("No limit set for the API key"))
+        case .unavailable:
+            notes.append(L("API key limit unavailable right now"))
+        }
+        return notes
+    }
+
+    private static func openRouterSpendNotes(_ usage: OpenRouterUsageSnapshot) -> [String] {
+        var parts: [String] = []
+        if let daily = usage.keyUsageDaily {
+            parts.append("\(L("Today")): \(Self.openRouterCurrencyString(daily))")
         }
+        if let weekly = usage.keyUsageWeekly {
+            parts.append("\(L("This week")): \(Self.openRouterCurrencyString(weekly))")
+        }
+        guard !parts.isEmpty else { return [] }
+        return [parts.joined(separator: " · ")]
+    }
+
+    private static func openRouterCurrencyString(_ value: Double) -> String {
+        String(format: "$%.2f", value)
     }
 
     private static func email(
@@ -785,25 +903,34 @@ extension UsageMenuCardView.Model {
         account: AccountInfo,
         metadata: ProviderMetadata) -> String?
     {
+        if provider == .kiro,
+           let plan = kiroPlan(snapshot: snapshot)
+        {
+            return plan
+        }
         if provider == .kilo {
             guard let pass = self.kiloLoginPass(snapshot: snapshot) else {
                 return nil
             }
-            return self.planDisplay(pass)
+            return self.planDisplay(pass, for: provider)
         }
         if let plan = snapshot?.loginMethod(for: provider), !plan.isEmpty {
-            return self.planDisplay(plan)
+            return self.planDisplay(plan, for: provider)
         }
         if metadata.usesAccountFallback,
            let plan = account.plan, !plan.isEmpty
         {
-            return Self.planDisplay(plan)
+            return Self.planDisplay(plan, for: provider)
         }
         return nil
     }
 
-    private static func planDisplay(_ text: String) -> String {
-        let cleaned = UsageFormatter.cleanPlanName(text)
+    private static func planDisplay(_ text: String, for provider: UsageProvider) -> String {
+        let cleaned = if provider == .codex {
+            CodexPlanFormatting.displayName(text) ?? UsageFormatter.cleanPlanName(text)
+        } else {
+            UsageFormatter.cleanPlanName(text)
+        }
         return cleaned.isEmpty ? text : cleaned
     }
 
@@ -841,21 +968,22 @@ extension UsageMenuCardView.Model {
     private static func subtitle(
         snapshot: UsageSnapshot?,
         isRefreshing: Bool,
-        lastError: String?) -> (text: String, style: SubtitleStyle)
+        lastError: String?,
+        now: Date) -> (text: String, style: SubtitleStyle)
     {
         if let lastError, !lastError.isEmpty {
             return (lastError.trimmingCharacters(in: .whitespacesAndNewlines), .error)
         }
 
         if isRefreshing, snapshot == nil {
-            return ("Refreshing...", .loading)
+            return ("\(L("Refreshing"))…", .loading)
         }
 
         if let updated = snapshot?.updatedAt {
-            return (UsageFormatter.updatedString(from: updated), .info)
+            return (UsageFormatter.updatedString(from: updated, now: now), .info)
         }
 
-        return ("Not fetched yet", .info)
+        return (L("Not fetched yet"), .info)
     }
 
     private struct RedactedText {
@@ -879,7 +1007,7 @@ extension UsageMenuCardView.Model {
         let subtitleText = PersonalInfoRedactor.redactEmails(in: subtitle.text, isEnabled: input.hidePersonalInfo)
             ?? subtitle.text
         let creditsHintText = PersonalInfoRedactor.redactEmails(
-            in: Self.dashboardHint(provider: input.provider, error: input.dashboardError),
+            in: Self.dashboardHint(error: input.dashboardError),
             isEnabled: input.hidePersonalInfo)
         let creditsHintCopyText = Self.creditsHintCopyText(
             dashboardError: input.dashboardError,
@@ -898,83 +1026,80 @@ extension UsageMenuCardView.Model {
 
     private static func metrics(input: Input) -> [Metric] {
         guard let snapshot = input.snapshot else { return [] }
+        if input.provider == .antigravity {
+            return Self.antigravityMetrics(input: input, snapshot: snapshot)
+        }
+        if input.provider == .minimax {
+            if let minimaxUsage = snapshot.minimaxUsage {
+                if let services = minimaxUsage.services, !services.isEmpty {
+                    return Self.minimaxMetrics(services: services, input: input)
+                }
+            }
+        }
         var metrics: [Metric] = []
         let percentStyle: PercentStyle = input.usageBarsShowUsed ? .used : .left
         let zaiUsage = input.provider == .zai ? snapshot.zaiUsage : nil
         let zaiTokenDetail = Self.zaiLimitDetailText(limit: zaiUsage?.tokenLimit)
         let zaiTimeDetail = Self.zaiLimitDetailText(limit: zaiUsage?.timeLimit)
+        let zaiSessionDetail = Self.zaiLimitDetailText(limit: zaiUsage?.sessionTokenLimit)
         let openRouterQuotaDetail = Self.openRouterQuotaDetail(provider: input.provider, snapshot: snapshot)
-        if let primary = snapshot.primary {
-            var primaryDetailText: String? = input.provider == .zai ? zaiTokenDetail : nil
-            var primaryResetText = Self.resetText(for: primary, style: input.resetTimeDisplayStyle, now: input.now)
-            if input.provider == .openrouter,
-               let openRouterQuotaDetail
-            {
-                primaryResetText = openRouterQuotaDetail
-            }
-            if input.provider == .warp || input.provider == .kilo,
-               let detail = primary.resetDescription,
-               !detail.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
-            {
-                primaryDetailText = detail
-            }
-            if input.provider == .warp || input.provider == .kilo, primary.resetsAt == nil {
-                primaryResetText = nil
-            }
-            let sessionPaceDetail = Self.sessionPaceDetail(
-                provider: input.provider,
-                window: primary,
-                now: input.now,
-                showUsed: input.usageBarsShowUsed)
-            metrics.append(Metric(
-                id: "primary",
-                title: input.metadata.sessionLabel,
-                percent: Self.clamped(
-                    input.usageBarsShowUsed ? primary.usedPercent : primary.remainingPercent),
+        let labels = Self.rateWindowLabels(input: input, snapshot: snapshot)
+        if input.provider == .codex, let codexProjection = input.codexProjection {
+            metrics.append(contentsOf: Self.codexRateMetrics(
+                input: input,
+                projection: codexProjection,
+                percentStyle: percentStyle))
+        } else if let primary = snapshot.primary {
+            metrics.append(Self.primaryMetric(
+                input: input,
+                primary: primary,
                 percentStyle: percentStyle,
-                resetText: primaryResetText,
-                detailText: primaryDetailText,
-                detailLeftText: sessionPaceDetail?.leftLabel,
-                detailRightText: sessionPaceDetail?.rightLabel,
-                pacePercent: sessionPaceDetail?.pacePercent,
-                paceOnTop: sessionPaceDetail?.paceOnTop ?? true))
-        }
-        if let weekly = snapshot.secondary {
-            let paceDetail = Self.weeklyPaceDetail(
-                window: weekly,
-                now: input.now,
-                pace: input.weeklyPace,
-                showUsed: input.usageBarsShowUsed)
-            var weeklyResetText = Self.resetText(for: weekly, style: input.resetTimeDisplayStyle, now: input.now)
-            var weeklyDetailText: String? = input.provider == .zai ? zaiTimeDetail : nil
-            if input.provider == .warp,
-               let detail = weekly.resetDescription,
+                title: labels.primary,
+                zaiTokenDetail: zaiTokenDetail,
+                openRouterQuotaDetail: openRouterQuotaDetail))
+        }
+        if input.provider != .codex, let weekly = snapshot.secondary {
+            metrics.append(Self.secondaryMetric(
+                input: input,
+                weekly: weekly,
+                percentStyle: percentStyle,
+                title: labels.secondary,
+                zaiTimeDetail: zaiTimeDetail))
+        }
+        if labels.showsTertiary, let opus = snapshot.tertiary {
+            var tertiaryDetailText: String?
+            if input.provider == .alibaba || input.provider == .alibabatokenplan,
+               let detail = opus.resetDescription,
                !detail.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
             {
-                weeklyResetText = nil
-                weeklyDetailText = detail
+                tertiaryDetailText = detail
             }
-            if input.provider == .kilo,
-               let detail = weekly.resetDescription,
-               !detail.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
-            {
-                weeklyDetailText = detail
-                if weekly.resetsAt == nil {
-                    weeklyResetText = nil
-                }
+            if input.provider == .zai, let detail = zaiSessionDetail {
+                tertiaryDetailText = detail
             }
+            // Perplexity purchased credits don't reset; show balance without "Resets" prefix.
+            let opusResetText: String? = input.provider == .perplexity
+                ? opus.resetDescription?.trimmingCharacters(in: .whitespacesAndNewlines)
+                : Self.resetText(for: opus, style: input.resetTimeDisplayStyle, now: input.now)
             metrics.append(Metric(
-                id: "secondary",
-                title: input.metadata.weeklyLabel,
-                percent: Self.clamped(input.usageBarsShowUsed ? weekly.usedPercent : weekly.remainingPercent),
+                id: "tertiary",
+                title: labels.tertiary,
+                percent: Self.clamped(input.usageBarsShowUsed ? opus.usedPercent : opus.remainingPercent),
                 percentStyle: percentStyle,
-                resetText: weeklyResetText,
-                detailText: weeklyDetailText,
-                detailLeftText: paceDetail?.leftLabel,
-                detailRightText: paceDetail?.rightLabel,
-                pacePercent: paceDetail?.pacePercent,
-                paceOnTop: paceDetail?.paceOnTop ?? true))
+                resetText: opusResetText,
+                detailText: tertiaryDetailText,
+                detailLeftText: nil,
+                detailRightText: nil,
+                pacePercent: nil,
+                paceOnTop: true,
+                warningMarkerPercents: Self.warningMarkerPercents(
+                    thresholds: input.quotaWarningThresholds[.weekly],
+                    showUsed: input.usageBarsShowUsed)))
         }
+        metrics.append(contentsOf: Self.extraRateWindowMetrics(
+            snapshot: snapshot,
+            input: input,
+            percentStyle: percentStyle))
         if input.provider == .kilo,
            metrics.contains(where: { $0.id == "primary" }),
            metrics.contains(where: { $0.id == "secondary" })
@@ -987,28 +1112,21 @@ extension UsageMenuCardView.Model {
                 return (kiloOrder[lhs.id] ?? Int.max) < (kiloOrder[rhs.id] ?? Int.max)
             }
         }
-        if input.metadata.supportsOpus, let opus = snapshot.tertiary {
-            metrics.append(Metric(
-                id: "tertiary",
-                title: input.metadata.opusLabel ?? "Sonnet",
-                percent: Self.clamped(input.usageBarsShowUsed ? opus.usedPercent : opus.remainingPercent),
-                percentStyle: percentStyle,
-                resetText: Self.resetText(for: opus, style: input.resetTimeDisplayStyle, now: input.now),
-                detailText: nil,
-                detailLeftText: nil,
-                detailRightText: nil,
-                pacePercent: nil,
-                paceOnTop: true))
-        }
 
-        if input.provider == .codex, let remaining = input.dashboard?.codeReviewRemainingPercent {
+        if let codexProjection = input.codexProjection,
+           codexProjection.supplementalMetrics.contains(.codeReview),
+           let remaining = codexProjection.remainingPercent(for: .codeReview)
+        {
             let percent = input.usageBarsShowUsed ? (100 - remaining) : remaining
+            let resetText = codexProjection.limitWindow(for: .codeReview).flatMap {
+                Self.resetText(for: $0, style: input.resetTimeDisplayStyle, now: input.now)
+            }
             metrics.append(Metric(
                 id: "code-review",
-                title: "Code review",
+                title: L("Code review"),
                 percent: Self.clamped(percent),
                 percentStyle: percentStyle,
-                resetText: nil,
+                resetText: resetText,
                 detailText: nil,
                 detailLeftText: nil,
                 detailRightText: nil,
@@ -1018,230 +1136,298 @@ extension UsageMenuCardView.Model {
         return metrics
     }
 
-    private static func zaiLimitDetailText(limit: ZaiLimitEntry?) -> String? {
-        guard let limit else { return nil }
-
-        if let currentValue = limit.currentValue,
-           let usage = limit.usage,
-           let remaining = limit.remaining
-        {
-            let currentStr = UsageFormatter.tokenCountString(currentValue)
-            let usageStr = UsageFormatter.tokenCountString(usage)
-            let remainingStr = UsageFormatter.tokenCountString(remaining)
-            return "\(currentStr) / \(usageStr) (\(remainingStr) remaining)"
-        }
-
-        return nil
-    }
-
-    private static func openRouterQuotaDetail(provider: UsageProvider, snapshot: UsageSnapshot) -> String? {
-        guard provider == .openrouter,
-              let usage = snapshot.openRouterUsage,
-              usage.hasValidKeyQuota,
-              let keyRemaining = usage.keyRemaining,
-              let keyLimit = usage.keyLimit
-        else {
-            return nil
-        }
-
-        let remaining = UsageFormatter.usdString(keyRemaining)
-        let limit = UsageFormatter.usdString(keyLimit)
-        return "\(remaining)/\(limit) left"
-    }
-
-    private struct PaceDetail {
-        let leftLabel: String
-        let rightLabel: String?
-        let pacePercent: Double?
-        let paceOnTop: Bool
-    }
-
-    private static func sessionPaceDetail(
-        provider: UsageProvider,
-        window: RateWindow,
-        now: Date,
-        showUsed: Bool) -> PaceDetail?
-    {
-        guard let detail = UsagePaceText.sessionDetail(provider: provider, window: window, now: now) else { return nil }
-        let expectedUsed = detail.expectedUsedPercent
-        let actualUsed = window.usedPercent
-        let expectedPercent = showUsed ? expectedUsed : (100 - expectedUsed)
-        let actualPercent = showUsed ? actualUsed : (100 - actualUsed)
-        if expectedPercent.isFinite == false || actualPercent.isFinite == false { return nil }
-        let paceOnTop = actualUsed <= expectedUsed
-        let pacePercent: Double? = if detail.stage == .onTrack { nil } else { expectedPercent }
-        return PaceDetail(
-            leftLabel: detail.leftLabel,
-            rightLabel: detail.rightLabel,
-            pacePercent: pacePercent,
-            paceOnTop: paceOnTop)
-    }
-
-    private static func weeklyPaceDetail(
-        window: RateWindow,
-        now: Date,
-        pace: UsagePace?,
-        showUsed: Bool) -> PaceDetail?
+    private static func rateWindowLabels(
+        input: Input,
+        snapshot: UsageSnapshot) -> (primary: String, secondary: String, tertiary: String, showsTertiary: Bool)
     {
-        guard let pace else { return nil }
-        let detail = UsagePaceText.weeklyDetail(pace: pace, now: now)
-        let expectedUsed = detail.expectedUsedPercent
-        let actualUsed = window.usedPercent
-        let expectedPercent = showUsed ? expectedUsed : (100 - expectedUsed)
-        let actualPercent = showUsed ? actualUsed : (100 - actualUsed)
-        if expectedPercent.isFinite == false || actualPercent.isFinite == false { return nil }
-        let paceOnTop = actualUsed <= expectedUsed
-        let pacePercent: Double? = if detail.stage == .onTrack { nil } else { expectedPercent }
-        return PaceDetail(
-            leftLabel: detail.leftLabel,
-            rightLabel: detail.rightLabel,
-            pacePercent: pacePercent,
-            paceOnTop: paceOnTop)
+        if input.provider == .factory, snapshot.tertiary != nil {
+            return ("5-hour", L("Weekly"), L("Monthly"), true)
+        }
+        let primaryLabel = input.provider == .grok
+            ? GrokProviderDescriptor.primaryLabel(window: snapshot.primary) ?? input.metadata.sessionLabel
+            : input.metadata.sessionLabel
+        return (
+            L(primaryLabel),
+            L(input.metadata.weeklyLabel),
+            input.metadata.opusLabel.map(L) ?? L("Sonnet"),
+            input.metadata.supportsOpus)
     }
 
-    private static func creditsLine(
-        metadata: ProviderMetadata,
-        credits: CreditsSnapshot?,
-        error: String?) -> String?
+    private static func primaryMetric(
+        input: Input,
+        primary: RateWindow,
+        percentStyle: PercentStyle,
+        title: String? = nil,
+        zaiTokenDetail: String?,
+        openRouterQuotaDetail: String?) -> Metric
     {
-        guard metadata.supportsCredits else { return nil }
-        if let credits {
-            return UsageFormatter.creditsString(from: credits.remaining)
+        var primaryDetailText: String? = input.provider == .zai ? zaiTokenDetail : nil
+        var primaryResetText = Self.resetText(for: primary, style: input.resetTimeDisplayStyle, now: input.now)
+        var primaryDetailLeft: String?
+        var primaryDetailRight: String?
+        if input.provider == .crof,
+           let detail = primary.resetDescription?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !detail.isEmpty
+        {
+            primaryDetailRight = detail
         }
-        if let error, !error.isEmpty {
-            return error.trimmingCharacters(in: .whitespacesAndNewlines)
+        if input.provider == .openrouter,
+           let openRouterQuotaDetail
+        {
+            primaryResetText = openRouterQuotaDetail
         }
-        return metadata.creditsHint
-    }
-
-    private static func dashboardHint(provider: UsageProvider, error: String?) -> String? {
-        guard provider == .codex else { return nil }
-        guard let error, !error.isEmpty else { return nil }
-        return error
-    }
-
-    private static func tokenUsageSection(
-        provider: UsageProvider,
-        enabled: Bool,
-        snapshot: CostUsageTokenSnapshot?,
-        error: String?) -> TokenUsageSection?
-    {
-        guard provider == .codex || provider == .claude || provider == .vertexai else { return nil }
-        guard enabled else { return nil }
-        guard let snapshot else { return nil }
-
-        let sessionCost = snapshot.sessionCostUSD.map { UsageFormatter.usdString($0) } ?? "—"
-        let sessionTokens = snapshot.sessionTokens.map { UsageFormatter.tokenCountString($0) }
-        let sessionLine: String = {
-            if let sessionTokens {
-                return "Today: \(sessionCost) · \(sessionTokens) tokens"
+        if input.provider == .copilot,
+           let detail = primary.resetDescription?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !detail.isEmpty
+        {
+            primaryDetailLeft = detail
+        }
+        if input.provider == .warp || input.provider == .kilo || input.provider == .mimo || input.provider == .deepseek,
+           let detail = primary.resetDescription,
+           !detail.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+        {
+            primaryDetailText = detail
+        }
+        if input.provider == .kiro,
+           let kiroUsage = input.snapshot?.kiroUsage,
+           kiroUsage.creditsTotal > 0
+        {
+            let remaining = UsageFormatter.kiroCreditNumber(kiroUsage.creditsRemaining)
+            let total = UsageFormatter.kiroCreditNumber(kiroUsage.creditsTotal)
+            primaryDetailLeft = String(format: L("%@ of %@ credits left"), remaining, total)
+        }
+        if input.provider == .alibaba || input.provider == .alibabatokenplan || input.provider == .mistral || input
+            .provider == .manus,
+            let detail = primary.resetDescription,
+            !detail.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+        {
+            primaryDetailText = detail
+            if input.provider == .manus { primaryResetText = nil }
+        }
+        if [.warp, .kilo, .mimo, .deepseek].contains(input.provider), primary.resetsAt == nil {
+            primaryResetText = nil
+        }
+        // Abacus: show credits as detail, compute pace on the primary monthly window
+        var primaryPacePercent: Double?
+        var primaryPaceOnTop = true
+        if let paceDetail = Self.sessionPaceDetail(
+            provider: input.provider,
+            window: primary,
+            now: input.now,
+            showUsed: input.usageBarsShowUsed)
+        {
+            primaryDetailLeft = paceDetail.leftLabel
+            primaryDetailRight = paceDetail.rightLabel
+            primaryPacePercent = paceDetail.pacePercent
+            primaryPaceOnTop = paceDetail.paceOnTop
+        }
+        if input.provider == .abacus {
+            if let detail = primary.resetDescription,
+               !detail.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+            {
+                primaryDetailText = detail
+            }
+            if primary.resetsAt == nil {
+                primaryResetText = nil
             }
-            return "Today: \(sessionCost)"
-        }()
-
-        let monthCost = snapshot.last30DaysCostUSD.map { UsageFormatter.usdString($0) } ?? "—"
-        let fallbackTokens = snapshot.daily.compactMap(\.totalTokens).reduce(0, +)
-        let monthTokensValue = snapshot.last30DaysTokens ?? (fallbackTokens > 0 ? fallbackTokens : nil)
-        let monthTokens = monthTokensValue.map { UsageFormatter.tokenCountString($0) }
-        let monthLine: String = {
-            if let monthTokens {
-                return "Last 30 days: \(monthCost) · \(monthTokens) tokens"
+            if let pace = input.weeklyPace {
+                let paceDetail = Self.weeklyPaceDetail(
+                    window: primary,
+                    now: input.now,
+                    pace: pace,
+                    showUsed: input.usageBarsShowUsed)
+                if let paceDetail {
+                    primaryDetailLeft = paceDetail.leftLabel
+                    primaryDetailRight = paceDetail.rightLabel
+                    primaryPacePercent = paceDetail.pacePercent
+                    primaryPaceOnTop = paceDetail.paceOnTop
+                }
             }
-            return "Last 30 days: \(monthCost)"
-        }()
-        let err = (error?.isEmpty ?? true) ? nil : error
-        return TokenUsageSection(
-            sessionLine: sessionLine,
-            monthLine: monthLine,
-            hintLine: nil,
-            errorLine: err,
-            errorCopyText: (error?.isEmpty ?? true) ? nil : error)
+        }
+        if input.provider == .synthetic,
+           let regen = Self.syntheticRollingRegenDetail(
+               window: primary,
+               now: input.now,
+               showUsed: input.usageBarsShowUsed)
+        {
+            primaryResetText = regen.resetText
+            primaryDetailLeft = regen.pace.leftLabel
+            primaryDetailRight = regen.pace.rightLabel
+            primaryPacePercent = regen.pace.pacePercent
+            primaryPaceOnTop = regen.pace.paceOnTop
+        }
+        let primaryStatusText = input.provider == .deepseek ? primaryDetailText : nil
+        if input.provider == .deepseek {
+            primaryDetailText = nil
+        }
+        return Metric(
+            id: "primary",
+            title: title ?? L(input.metadata.sessionLabel),
+            percent: Self.clamped(
+                input.usageBarsShowUsed ? primary.usedPercent : primary.remainingPercent),
+            percentStyle: percentStyle,
+            statusText: primaryStatusText,
+            resetText: primaryResetText,
+            detailText: primaryDetailText,
+            detailLeftText: primaryDetailLeft,
+            detailRightText: primaryDetailRight,
+            pacePercent: primaryPacePercent,
+            paceOnTop: primaryPaceOnTop,
+            warningMarkerPercents: Self.warningMarkerPercents(
+                thresholds: input.quotaWarningThresholds[.session],
+                showUsed: input.usageBarsShowUsed))
     }
 
-    private static func providerCostSection(
-        provider: UsageProvider,
-        cost: ProviderCostSnapshot?) -> ProviderCostSection?
+    private static func secondaryMetric(
+        input: Input,
+        weekly: RateWindow,
+        percentStyle: PercentStyle,
+        title: String? = nil,
+        zaiTimeDetail: String?) -> Metric
     {
-        guard let cost else { return nil }
-        guard cost.limit > 0 else { return nil }
-
-        let used: String
-        let limit: String
-        let title: String
-
-        if cost.currencyCode == "Quota" {
-            title = "Quota usage"
-            used = String(format: "%.0f", cost.used)
-            limit = String(format: "%.0f", cost.limit)
-        } else {
-            title = "Extra usage"
-            used = UsageFormatter.currencyString(cost.used, currencyCode: cost.currencyCode)
-            limit = UsageFormatter.currencyString(cost.limit, currencyCode: cost.currencyCode)
+        var paceDetail = Self.weeklyPaceDetail(
+            window: weekly,
+            now: input.now,
+            pace: input.weeklyPace,
+            showUsed: input.usageBarsShowUsed)
+        var weeklyResetText = Self.resetText(for: weekly, style: input.resetTimeDisplayStyle, now: input.now)
+        var weeklyDetailText: String? = input.provider == .zai ? zaiTimeDetail : nil
+        if input.provider == .warp,
+           let detail = weekly.resetDescription,
+           !detail.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+        {
+            weeklyResetText = nil
+            weeklyDetailText = detail
         }
-
-        let percentUsed = Self.clamped((cost.used / cost.limit) * 100)
-        let periodLabel = cost.period ?? "This month"
-
-        return ProviderCostSection(
-            title: title,
-            percentUsed: percentUsed,
-            spendLine: "\(periodLabel): \(used) / \(limit)")
-    }
-
-    private static func clamped(_ value: Double) -> Double {
-        min(100, max(0, value))
-    }
-
-    private static func progressColor(for provider: UsageProvider) -> Color {
-        let color = ProviderDescriptorRegistry.descriptor(for: provider).branding.color
-        return Color(red: color.red, green: color.green, blue: color.blue)
+        if input.provider == .kilo,
+           let detail = weekly.resetDescription,
+           !detail.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+        {
+            weeklyDetailText = detail
+            if weekly.resetsAt == nil {
+                weeklyResetText = nil
+            }
+        }
+        if input.provider == .kiro,
+           let kiroUsage = input.snapshot?.kiroUsage,
+           let remaining = kiroUsage.bonusCreditsRemaining,
+           let total = kiroUsage.bonusCreditsTotal
+        {
+            let remainingText = UsageFormatter.kiroCreditNumber(remaining)
+            let totalText = UsageFormatter.kiroCreditNumber(total)
+            paceDetail = PaceDetail(
+                leftLabel: String(format: L("%@ of %@ bonus credits left"), remainingText, totalText),
+                rightLabel: nil,
+                pacePercent: nil,
+                paceOnTop: true)
+        }
+        if input.provider == .alibaba || input.provider == .alibabatokenplan,
+           let detail = weekly.resetDescription,
+           !detail.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+        {
+            weeklyDetailText = detail
+        }
+        if input.provider == .manus,
+           let detail = weekly.resetDescription,
+           !detail.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+        {
+            weeklyDetailText = detail
+        }
+        if input.provider == .crof,
+           let detail = weekly.resetDescription?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !detail.isEmpty
+        {
+            weeklyResetText = detail
+        }
+        if input.provider == .copilot,
+           let detail = weekly.resetDescription?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !detail.isEmpty
+        {
+            paceDetail = PaceDetail(leftLabel: detail, rightLabel: nil, pacePercent: nil, paceOnTop: true)
+        }
+        // Perplexity bonus credits don't reset; show balance without "Resets" prefix.
+        if input.provider == .perplexity,
+           let detail = weekly.resetDescription?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !detail.isEmpty
+        {
+            weeklyResetText = detail
+        }
+        if input.provider == .synthetic,
+           let regen = Self.syntheticRegenDetail(
+               weekly: weekly,
+               cost: input.snapshot?.providerCost,
+               now: input.now,
+               showUsed: input.usageBarsShowUsed)
+        {
+            weeklyResetText = regen.resetText
+            paceDetail = regen.pace
+        }
+        return Metric(
+            id: "secondary",
+            title: title ?? L(input.metadata.weeklyLabel),
+            percent: Self.clamped(input.usageBarsShowUsed ? weekly.usedPercent : weekly.remainingPercent),
+            percentStyle: percentStyle,
+            resetText: weeklyResetText,
+            detailText: weeklyDetailText,
+            detailLeftText: paceDetail?.leftLabel,
+            detailRightText: paceDetail?.rightLabel,
+            pacePercent: paceDetail?.pacePercent,
+            paceOnTop: paceDetail?.paceOnTop ?? true,
+            warningMarkerPercents: Self.weeklyMarkerPercents(input: input, windowMinutes: weekly.windowMinutes))
     }
 
-    private static func resetText(
-        for window: RateWindow,
-        style: ResetTimeDisplayStyle,
-        now: Date) -> String?
+    private static func codexRateMetrics(
+        input: Input,
+        projection: CodexConsumerProjection,
+        percentStyle: PercentStyle) -> [Metric]
     {
-        UsageFormatter.resetLine(for: window, style: style, now: now)
-    }
-}
+        projection.visibleRateLanes.compactMap { lane in
+            guard let window = projection.rateWindow(for: lane) else { return nil }
 
-// MARK: - Copy-on-click overlay
-
-private struct ClickToCopyOverlay: NSViewRepresentable {
-    let copyText: String
-
-    func makeNSView(context: Context) -> ClickToCopyView {
-        ClickToCopyView(copyText: self.copyText)
-    }
-
-    func updateNSView(_ nsView: ClickToCopyView, context: Context) {
-        nsView.copyText = self.copyText
-    }
-}
-
-private final class ClickToCopyView: NSView {
-    var copyText: String
-
-    init(copyText: String) {
-        self.copyText = copyText
-        super.init(frame: .zero)
-        self.wantsLayer = false
-    }
-
-    @available(*, unavailable)
-    required init?(coder: NSCoder) {
-        fatalError("init(coder:) has not been implemented")
-    }
+            let title: String
+            let id: String
+            let paceDetail: PaceDetail?
+            switch lane {
+            case .session:
+                title = L(input.metadata.sessionLabel)
+                id = "primary"
+                paceDetail = Self.sessionPaceDetail(
+                    provider: input.provider,
+                    window: window,
+                    now: input.now,
+                    showUsed: input.usageBarsShowUsed)
+            case .weekly:
+                title = L(input.metadata.weeklyLabel)
+                id = "secondary"
+                paceDetail = Self.weeklyPaceDetail(
+                    window: window,
+                    now: input.now,
+                    pace: input.weeklyPace
+                        ?? UsagePace.weekly(window: window, now: input.now, defaultWindowMinutes: 10080)
+                        .flatMap { $0.expectedUsedPercent >= 3 ? $0 : nil },
+                    showUsed: input.usageBarsShowUsed)
+            }
 
-    override func acceptsFirstMouse(for event: NSEvent?) -> Bool {
-        true
+            return Metric(
+                id: id,
+                title: title,
+                percent: Self.clamped(input.usageBarsShowUsed ? window.usedPercent : window.remainingPercent),
+                percentStyle: percentStyle,
+                resetText: Self.resetText(for: window, style: input.resetTimeDisplayStyle, now: input.now),
+                detailText: nil,
+                detailLeftText: paceDetail?.leftLabel,
+                detailRightText: paceDetail?.rightLabel,
+                pacePercent: paceDetail?.pacePercent,
+                paceOnTop: paceDetail?.paceOnTop ?? true,
+                warningMarkerPercents: Self.codexLaneMarkerPercents(
+                    input: input,
+                    lane: lane,
+                    windowMinutes: window.windowMinutes))
+        }
     }
 
-    override func mouseDown(with event: NSEvent) {
-        _ = event
-        let pb = NSPasteboard.general
-        pb.clearContents()
-        pb.setString(self.copyText, forType: .string)
+    private static func dashboardHint(error: String?) -> String? {
+        guard let error, !error.isEmpty else { return nil }
+        return error
     }
 }
diff --git a/Sources/CodexBar/MenuContent.swift b/Sources/CodexBar/MenuContent.swift
index fa41695f5..264eeb1e3 100644
--- a/Sources/CodexBar/MenuContent.swift
+++ b/Sources/CodexBar/MenuContent.swift
@@ -43,10 +43,13 @@ struct MenuContent: View {
             switch style {
             case .headline:
                 Text(text).font(.headline)
+                    .accessibilityLabel(text)
             case .primary:
                 Text(text)
+                    .accessibilityLabel(text)
             case .secondary:
                 Text(text).foregroundStyle(.secondary).font(.footnote)
+                    .accessibilityLabel(text)
             }
         case let .action(title, action):
             Button {
@@ -60,11 +63,40 @@ struct MenuContent: View {
                         Text(title)
                     }
                     .foregroundStyle(.primary)
+                    .accessibilityElement(children: .combine)
+                    .accessibilityLabel(title)
                 } else {
                     Text(title)
+                        .accessibilityLabel(title)
                 }
             }
             .buttonStyle(.plain)
+        case let .submenu(title, systemImageName, submenuItems):
+            VStack(alignment: .leading, spacing: 4) {
+                HStack(spacing: 8) {
+                    if let systemImageName {
+                        Image(systemName: systemImageName)
+                    }
+                    Text(title).font(.headline)
+                }
+                .accessibilityElement(children: .combine)
+                .accessibilityLabel(title)
+                ForEach(Array(submenuItems.enumerated()), id: \.offset) { _, submenuItem in
+                    HStack(spacing: 8) {
+                        if submenuItem.isChecked {
+                            Image(systemName: "checkmark")
+                                .imageScale(.small)
+                                .frame(width: 18, alignment: .center)
+                        } else {
+                            Spacer().frame(width: 18)
+                        }
+                        Text(submenuItem.title)
+                            .foregroundStyle(submenuItem.isEnabled ? .primary : .secondary)
+                    }
+                    .accessibilityElement(children: .combine)
+                    .accessibilityLabel(submenuItem.title)
+                }
+            }
         case .divider:
             Divider()
         }
@@ -86,6 +118,14 @@ struct MenuContent: View {
             self.actions.openDashboard()
         case .statusPage:
             self.actions.openStatusPage()
+        case .changelog:
+            self.actions.openChangelog()
+        case .addCodexAccount:
+            self.actions.addCodexAccount()
+        case .requestCodexSystemPromotion:
+            return
+        case let .addProviderAccount(provider):
+            self.actions.switchAccount(provider)
         case let .switchAccount(provider):
             self.actions.switchAccount(provider)
         case let .openTerminal(command):
@@ -112,6 +152,8 @@ struct MenuActions {
     let refreshAugmentSession: () -> Void
     let openDashboard: () -> Void
     let openStatusPage: () -> Void
+    let openChangelog: () -> Void
+    let addCodexAccount: () -> Void
     let switchAccount: (UsageProvider) -> Void
     let openTerminal: (String) -> Void
     let openSettings: () -> Void
@@ -129,13 +171,48 @@ struct StatusIconView: View {
         Image(nsImage: self.icon)
             .renderingMode(.template)
             .interpolation(.none)
+            .accessibilityLabel(self.accessibilityLabel)
+            .accessibilityValue(self.accessibilityValue)
+    }
+
+    private var accessibilityLabel: String {
+        let descriptor = ProviderDescriptorRegistry.descriptor(for: self.provider)
+        return descriptor.metadata.displayName
+    }
+
+    private var accessibilityValue: String {
+        let snapshot = self.store.snapshot(for: self.provider)
+        guard let snap = snapshot else {
+            return L("No data")
+        }
+        let remaining = IconRemainingResolver.resolvedRemaining(
+            snapshot: snap,
+            style: self.store.style(for: self.provider))
+        let primary = remaining.primary
+        let percent = primary.map { String(format: L("%d percent remaining"), Int($0 * 100)) } ?? L("Unknown")
+        let stale = self.store.isStale(provider: self.provider)
+        return stale ? "\(percent), \(L("stale data"))" : percent
     }
 
     private var icon: NSImage {
-        IconRenderer.makeIcon(
-            primaryRemaining: self.store.snapshot(for: self.provider)?.primary?.remainingPercent,
-            weeklyRemaining: self.store.snapshot(for: self.provider)?.secondary?.remainingPercent,
-            creditsRemaining: self.provider == .codex ? self.store.credits?.remaining : nil,
+        let snapshot = self.store.snapshot(for: self.provider)
+        let remaining = snapshot.map {
+            IconRemainingResolver.resolvedRemaining(snapshot: $0, style: self.store.style(for: self.provider))
+        }
+        let creditsProjection = self.store.codexConsumerProjectionIfNeeded(
+            for: self.provider,
+            surface: .menuBar,
+            snapshotOverride: snapshot,
+            now: snapshot?.updatedAt ?? Date())
+        let creditsRemaining = creditsProjection?.menuBarFallback == .creditsBalance
+            ? self.store.codexMenuBarCreditsRemaining(
+                snapshotOverride: snapshot,
+                now: snapshot?.updatedAt ?? Date())
+            : nil
+        return IconRenderer.makeIcon(
+            primaryRemaining: remaining?.primary,
+            weeklyRemaining: remaining?.secondary,
+            creditsRemaining: creditsRemaining,
             stale: self.store.isStale(provider: self.provider),
             style: self.store.style(for: self.provider),
             statusIndicator: self.store.statusIndicator(for: self.provider))
diff --git a/Sources/CodexBar/MenuDescriptor.swift b/Sources/CodexBar/MenuDescriptor.swift
index 673b266a5..20788c2cb 100644
--- a/Sources/CodexBar/MenuDescriptor.swift
+++ b/Sources/CodexBar/MenuDescriptor.swift
@@ -3,6 +3,20 @@ import Foundation
 
 @MainActor
 struct MenuDescriptor {
+    struct SubmenuItem: Equatable {
+        let title: String
+        let action: MenuAction?
+        let isEnabled: Bool
+        let isChecked: Bool
+
+        init(title: String, action: MenuAction?, isEnabled: Bool = true, isChecked: Bool = false) {
+            self.title = title
+            self.action = action
+            self.isEnabled = isEnabled
+            self.isChecked = isChecked
+        }
+    }
+
     struct Section {
         var entries: [Entry]
     }
@@ -10,6 +24,7 @@ struct MenuDescriptor {
     enum Entry {
         case text(String, TextStyle)
         case action(String, MenuAction)
+        case submenu(String, String?, [SubmenuItem])
         case divider
     }
 
@@ -17,6 +32,9 @@ struct MenuDescriptor {
         case refresh = "arrow.clockwise"
         case dashboard = "chart.bar"
         case statusPage = "waveform.path.ecg"
+        case changelog = "list.bullet.rectangle"
+        case addAccount = "plus"
+        case systemAccount = "person.crop.circle"
         case switchAccount = "key"
         case openTerminal = "terminal"
         case loginToProvider = "arrow.right.square"
@@ -32,12 +50,16 @@ struct MenuDescriptor {
         case secondary
     }
 
-    enum MenuAction {
+    enum MenuAction: Equatable {
         case installUpdate
         case refresh
         case refreshAugmentSession
         case dashboard
         case statusPage
+        case changelog
+        case addCodexAccount
+        case requestCodexSystemPromotion(UUID)
+        case addProviderAccount(UsageProvider)
         case switchAccount(UsageProvider)
         case openTerminal(command: String)
         case loginToProvider(url: String)
@@ -54,18 +76,21 @@ struct MenuDescriptor {
         store: UsageStore,
         settings: SettingsStore,
         account: AccountInfo,
+        managedCodexAccountCoordinator: ManagedCodexAccountCoordinator? = nil,
+        codexAccountPromotionCoordinator: CodexAccountPromotionCoordinator? = nil,
         updateReady: Bool,
         includeContextualActions: Bool = true) -> MenuDescriptor
     {
         var sections: [Section] = []
 
         if let provider {
+            let fallbackAccount = store.accountInfo(for: provider)
             sections.append(Self.usageSection(for: provider, store: store, settings: settings))
             if let accountSection = Self.accountSection(
                 for: provider,
                 store: store,
                 settings: settings,
-                account: account)
+                account: fallbackAccount)
             {
                 sections.append(accountSection)
             }
@@ -78,21 +103,27 @@ struct MenuDescriptor {
             }
             if addedUsage {
                 if let accountProvider = Self.accountProviderForCombined(store: store),
+                   let fallbackAccount = Optional(store.accountInfo(for: accountProvider)),
                    let accountSection = Self.accountSection(
                        for: accountProvider,
                        store: store,
                        settings: settings,
-                       account: account)
+                       account: fallbackAccount)
                 {
                     sections.append(accountSection)
                 }
             } else {
-                sections.append(Section(entries: [.text("No usage configured.", .secondary)]))
+                sections.append(Section(entries: [.text(L("No usage configured."), .secondary)]))
             }
         }
 
         if includeContextualActions {
-            let actions = Self.actionsSection(for: provider, store: store, account: account)
+            let actions = Self.actionsSection(
+                for: provider,
+                store: store,
+                account: account,
+                managedCodexAccountCoordinator: managedCodexAccountCoordinator,
+                codexAccountPromotionCoordinator: codexAccountPromotionCoordinator)
             if !actions.entries.isEmpty {
                 sections.append(actions)
             }
@@ -117,10 +148,14 @@ struct MenuDescriptor {
 
         if let snap = store.snapshot(for: provider) {
             let resetStyle = settings.resetTimeDisplayStyle
+            let labels = Self.rateWindowLabels(provider: provider, metadata: meta, snapshot: snap)
             if let primary = snap.primary {
-                let primaryWindow = if provider == .warp || provider == .kilo {
-                    // Warp/Kilo primary uses resetDescription for non-reset detail (e.g., "Unlimited", "X/Y credits").
-                    // Avoid rendering it as a "Resets ..." line.
+                let primaryWindow = if provider == .warp || provider == .kilo || provider == .mimo || provider ==
+                    .abacus ||
+                    provider == .deepseek || provider == .azureopenai
+                {
+                    // Some providers use resetDescription for non-reset detail
+                    // (e.g., "Unlimited", "X/Y credits"). Avoid rendering it as a "Resets ..." line.
                     RateWindow(
                         usedPercent: primary.usedPercent,
                         windowMinutes: primary.windowMinutes,
@@ -131,23 +166,38 @@ struct MenuDescriptor {
                 }
                 Self.appendRateWindow(
                     entries: &entries,
-                    title: meta.sessionLabel,
+                    title: labels.primary,
                     window: primaryWindow,
                     resetStyle: resetStyle,
                     showUsed: settings.usageBarsShowUsed)
-                if provider == .warp || provider == .kilo,
+                if provider == .warp || provider == .kilo || provider == .mimo || provider == .abacus || provider ==
+                    .deepseek || provider == .azureopenai,
+                    let detail = primary.resetDescription?.trimmingCharacters(in: .whitespacesAndNewlines),
+                    !detail.isEmpty
+                {
+                    entries.append(.text(detail, .secondary))
+                }
+                if provider == .crof,
+                   primary.resetsAt != nil,
                    let detail = primary.resetDescription?.trimmingCharacters(in: .whitespacesAndNewlines),
                    !detail.isEmpty
                 {
                     entries.append(.text(detail, .secondary))
                 }
+                if provider == .abacus,
+                   let pace = store.weeklyPace(provider: provider, window: primary)
+                {
+                    let paceSummary = UsagePaceText.weeklySummary(pace: pace)
+                    entries.append(.text(paceSummary, .secondary))
+                }
                 if let paceSummary = UsagePaceText.sessionSummary(provider: provider, window: primary) {
                     entries.append(.text(paceSummary, .secondary))
                 }
             }
             if let weekly = snap.secondary {
                 let weeklyResetOverride: String? = {
-                    guard provider == .warp || provider == .kilo else { return nil }
+                    guard provider == .warp || provider == .kilo || provider == .perplexity || provider == .crof
+                    else { return nil }
                     let detail = weekly.resetDescription?.trimmingCharacters(in: .whitespacesAndNewlines)
                     guard let detail, !detail.isEmpty else { return nil }
                     if provider == .kilo, weekly.resetsAt != nil {
@@ -157,7 +207,7 @@ struct MenuDescriptor {
                 }()
                 Self.appendRateWindow(
                     entries: &entries,
-                    title: meta.weeklyLabel,
+                    title: labels.secondary,
                     window: weekly,
                     resetStyle: resetStyle,
                     showUsed: settings.usageBarsShowUsed,
@@ -174,24 +224,23 @@ struct MenuDescriptor {
                     entries.append(.text(paceSummary, .secondary))
                 }
             }
-            if meta.supportsOpus, let opus = snap.tertiary {
+            if labels.showsTertiary, let opus = snap.tertiary {
+                // Perplexity purchased credits don't reset; show the balance as plain text.
+                let opusResetOverride: String? = provider == .perplexity
+                    ? opus.resetDescription?.trimmingCharacters(in: .whitespacesAndNewlines)
+                    : nil
                 Self.appendRateWindow(
                     entries: &entries,
-                    title: meta.opusLabel ?? "Sonnet",
+                    title: labels.tertiary,
                     window: opus,
                     resetStyle: resetStyle,
-                    showUsed: settings.usageBarsShowUsed)
+                    showUsed: settings.usageBarsShowUsed,
+                    resetOverride: opusResetOverride)
             }
 
-            if let cost = snap.providerCost {
-                if cost.currencyCode == "Quota" {
-                    let used = String(format: "%.0f", cost.used)
-                    let limit = String(format: "%.0f", cost.limit)
-                    entries.append(.text("Quota: \(used) / \(limit)", .primary))
-                }
-            }
+            Self.appendProviderUsageSummaries(entries: &entries, snapshot: snap)
         } else {
-            entries.append(.text("No usage yet", .secondary))
+            entries.append(.text(L("No usage yet"), .secondary))
         }
 
         let usageContext = ProviderMenuUsageContext(
@@ -206,6 +255,131 @@ struct MenuDescriptor {
         return Section(entries: entries)
     }
 
+    private static func appendProviderUsageSummaries(
+        entries: inout [Entry],
+        snapshot: UsageSnapshot)
+    {
+        if let cost = snapshot.providerCost {
+            if cost.currencyCode == "Quota" {
+                let used = String(format: "%.0f", cost.used)
+                let limit = String(format: "%.0f", cost.limit)
+                entries.append(.text("\(L("Quota")): \(used) / \(limit)", .primary))
+            }
+        }
+        if let openAIAPIUsage = snapshot.openAIAPIUsage {
+            Self.appendOpenAIAPIUsageSummary(entries: &entries, usage: openAIAPIUsage)
+        }
+        if let claudeAdminAPIUsage = snapshot.claudeAdminAPIUsage {
+            Self.appendClaudeAdminAPIUsageSummary(entries: &entries, usage: claudeAdminAPIUsage)
+        }
+        if let openRouterUsage = snapshot.openRouterUsage {
+            Self.appendOpenRouterUsageSummary(entries: &entries, usage: openRouterUsage)
+        }
+        if let mistralUsage = snapshot.mistralUsage, !mistralUsage.daily.isEmpty {
+            Self.appendMistralUsageSummary(entries: &entries, usage: mistralUsage)
+        }
+    }
+
+    private static func appendOpenAIAPIUsageSummary(
+        entries: inout [Entry],
+        usage: OpenAIAPIUsageSnapshot)
+    {
+        let today = usage.latestDay
+        let last7 = usage.last7Days
+        let last30 = usage.last30Days
+        let historyLabel = usage.historyWindowLabel
+
+        entries.append(.text(
+            "\(L("Today")): \(UsageFormatter.usdString(today.costUSD)) · " +
+                "\(UsageFormatter.tokenCountString(today.totalTokens)) \(L("tokens"))",
+            .secondary))
+        entries.append(.text(
+            "7d: \(UsageFormatter.usdString(last7.costUSD)) · " +
+                "\(UsageFormatter.tokenCountString(last7.requests)) \(L("requests"))",
+            .secondary))
+        entries.append(.text(
+            "\(historyLabel): \(UsageFormatter.usdString(last30.costUSD)) · " +
+                "\(UsageFormatter.tokenCountString(last30.requests)) \(L("requests"))",
+            .secondary))
+        if let topModel = usage.topModels.first?.name {
+            entries.append(.text("\(L("Top model")): \(topModel)", .secondary))
+        }
+    }
+
+    private static func appendClaudeAdminAPIUsageSummary(
+        entries: inout [Entry],
+        usage: ClaudeAdminAPIUsageSnapshot)
+    {
+        let today = usage.latestDay
+        let last7 = usage.last7Days
+        let last30 = usage.last30Days
+
+        entries.append(.text(
+            "\(L("Today")): \(UsageFormatter.usdString(today.costUSD)) · " +
+                "\(UsageFormatter.tokenCountString(today.totalTokens)) \(L("tokens"))",
+            .secondary))
+        entries.append(.text(
+            "7d: \(UsageFormatter.usdString(last7.costUSD)) · " +
+                "\(UsageFormatter.tokenCountString(last7.totalTokens)) \(L("tokens"))",
+            .secondary))
+        entries.append(.text(
+            "30d: \(UsageFormatter.usdString(last30.costUSD)) · " +
+                "\(UsageFormatter.tokenCountString(last30.totalTokens)) \(L("tokens"))",
+            .secondary))
+        if let topModel = usage.topModels.first?.name {
+            entries.append(.text("\(L("Top model")): \(topModel)", .secondary))
+        }
+    }
+
+    private static func appendOpenRouterUsageSummary(
+        entries: inout [Entry],
+        usage: OpenRouterUsageSnapshot)
+    {
+        if let daily = usage.keyUsageDaily {
+            entries.append(.text("\(L("Today")): \(UsageFormatter.usdString(daily))", .secondary))
+        }
+        if let weekly = usage.keyUsageWeekly {
+            entries.append(.text("\(L("Week")): \(UsageFormatter.usdString(weekly))", .secondary))
+        }
+        if let monthly = usage.keyUsageMonthly {
+            entries.append(.text("\(L("Month")): \(UsageFormatter.usdString(monthly))", .secondary))
+        }
+    }
+
+    private static func appendMistralUsageSummary(
+        entries: inout [Entry],
+        usage: MistralUsageSnapshot)
+    {
+        let latest = usage.daily.last
+        if let latest {
+            entries.append(.text(
+                "\(L("Latest")): \(usage.currencySymbol)\(String(format: "%.4f", max(0, latest.cost))) · " +
+                    "\(UsageFormatter.tokenCountString(latest.totalTokens)) \(L("tokens"))",
+                .secondary))
+        }
+        let totalTokens = usage.totalInputTokens + usage.totalCachedTokens + usage.totalOutputTokens
+        entries.append(.text(
+            "\(L("Month")): \(usage.currencySymbol)\(String(format: "%.4f", max(0, usage.totalCost))) · " +
+                "\(UsageFormatter.tokenCountString(totalTokens)) \(L("tokens"))",
+            .secondary))
+        if let top = Self.topMistralModel(from: usage.daily) {
+            entries.append(.text("\(L("Top model")): \(top)", .secondary))
+        }
+    }
+
+    private static func topMistralModel(from entries: [MistralDailyUsageBucket]) -> String? {
+        var tokens: [String: Int] = [:]
+        for entry in entries {
+            for model in entry.models {
+                tokens[model.name, default: 0] += model.totalTokens
+            }
+        }
+        return tokens.max {
+            if $0.value == $1.value { return $0.key > $1.key }
+            return $0.value < $1.value
+        }?.key
+    }
+
     private static func accountSection(
         for provider: UsageProvider,
         store: UsageStore,
@@ -239,27 +413,61 @@ struct MenuDescriptor {
         let redactedEmail = PersonalInfoRedactor.redactEmail(emailText, isEnabled: hidePersonalInfo)
 
         if let emailText, !emailText.isEmpty {
-            entries.append(.text("Account: \(redactedEmail)", .secondary))
+            entries.append(.text("\(L("Account")): \(redactedEmail)", .secondary))
         }
-        if provider == .kilo {
+        if provider == .kiro {
+            if let plan = snapshot?.kiroUsage?.displayPlanName,
+               !plan.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+            {
+                entries.append(.text("\(L("Plan")): \(plan)", .secondary))
+            }
+            if let loginMethodText, !loginMethodText.isEmpty {
+                entries.append(.text("\(L("Auth")): \(loginMethodText)", .secondary))
+            }
+            if let overages = snapshot?.kiroUsage?.overagesStatus,
+               !overages.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+            {
+                entries.append(.text("\(L("Overages")): \(overages)", .secondary))
+            }
+        } else if provider == .kilo {
             let kiloLogin = self.kiloLoginParts(loginMethod: loginMethodText)
             if let pass = kiloLogin.pass {
-                entries.append(.text("Plan: \(AccountFormatter.plan(pass))", .secondary))
+                entries.append(.text("\(L("Plan")): \(AccountFormatter.plan(pass, provider: provider))", .secondary))
             }
             for detail in kiloLogin.details {
-                entries.append(.text("Activity: \(detail)", .secondary))
+                entries.append(.text("\(L("Activity")): \(detail)", .secondary))
             }
         } else if let loginMethodText, !loginMethodText.isEmpty {
-            entries.append(.text("Plan: \(AccountFormatter.plan(loginMethodText))", .secondary))
+            if provider == .openrouter || provider == .mimo,
+               loginMethodText.localizedCaseInsensitiveContains("balance:")
+            {
+                let balanceValue = loginMethodText
+                    .replacingOccurrences(
+                        of: #"(?i)^\s*balance:\s*"#,
+                        with: "",
+                        options: [.regularExpression])
+                    .trimmingCharacters(in: .whitespacesAndNewlines)
+                let value = balanceValue.isEmpty ? loginMethodText : balanceValue
+                entries.append(
+                    .text("\(L("Balance")): \(AccountFormatter.plan(value, provider: provider))", .secondary))
+            } else {
+                entries.append(
+                    .text(
+                        "\(L("Plan")): \(AccountFormatter.plan(loginMethodText, provider: provider))",
+                        .secondary))
+            }
         }
 
         if metadata.usesAccountFallback {
             if emailText?.isEmpty ?? true, let fallbackEmail = fallback.email, !fallbackEmail.isEmpty {
                 let redacted = PersonalInfoRedactor.redactEmail(fallbackEmail, isEnabled: hidePersonalInfo)
-                entries.append(.text("Account: \(redacted)", .secondary))
+                entries.append(.text("\(L("Account")): \(redacted)", .secondary))
             }
             if loginMethodText?.isEmpty ?? true, let fallbackPlan = fallback.plan, !fallbackPlan.isEmpty {
-                entries.append(.text("Plan: \(AccountFormatter.plan(fallbackPlan))", .secondary))
+                entries.append(
+                    .text(
+                        "\(L("Plan")): \(AccountFormatter.plan(fallbackPlan, provider: provider))",
+                        .secondary))
             }
         }
 
@@ -305,17 +513,20 @@ struct MenuDescriptor {
     private static func actionsSection(
         for provider: UsageProvider?,
         store: UsageStore,
-        account: AccountInfo) -> Section
+        account: AccountInfo,
+        managedCodexAccountCoordinator: ManagedCodexAccountCoordinator?,
+        codexAccountPromotionCoordinator: CodexAccountPromotionCoordinator?) -> Section
     {
         var entries: [Entry] = []
         let targetProvider = provider ?? store.enabledProviders().first
         let metadata = targetProvider.map { store.metadata(for: $0) }
+        let fallbackAccount = targetProvider.map { store.accountInfo(for: $0) } ?? account
         let loginContext = targetProvider.map {
             ProviderMenuLoginContext(
                 provider: $0,
                 store: store,
                 settings: store.settings,
-                account: account)
+                account: fallbackAccount)
         }
 
         // Show "Add Account" if no account, "Switch Account" if logged in
@@ -329,8 +540,8 @@ struct MenuDescriptor {
                 entries.append(.action(override.label, override.action))
             } else {
                 let loginAction = self.switchAccountTarget(for: provider, store: store)
-                let hasAccount = self.hasAccount(for: provider, store: store, account: account)
-                let accountLabel = hasAccount ? "Switch Account..." : "Add Account..."
+                let hasAccount = self.hasAccount(for: provider, store: store, account: fallbackAccount)
+                let accountLabel = hasAccount ? L("Switch Account...") : L("Add Account...")
                 entries.append(.action(accountLabel, loginAction))
             }
         }
@@ -340,16 +551,21 @@ struct MenuDescriptor {
                 provider: targetProvider,
                 store: store,
                 settings: store.settings,
-                account: account)
+                account: fallbackAccount,
+                managedCodexAccountCoordinator: managedCodexAccountCoordinator,
+                codexAccountPromotionCoordinator: codexAccountPromotionCoordinator)
             ProviderCatalog.implementation(for: targetProvider)?
                 .appendActionMenuEntries(context: actionContext, entries: &entries)
         }
 
         if metadata?.dashboardURL != nil {
-            entries.append(.action("Usage Dashboard", .dashboard))
+            entries.append(.action(L("Usage Dashboard"), .dashboard))
         }
         if metadata?.statusPageURL != nil || metadata?.statusLinkURL != nil {
-            entries.append(.action("Status Page", .statusPage))
+            entries.append(.action(L("Status Page"), .statusPage))
+        }
+        if store.settings.providerChangelogLinksEnabled, metadata?.changelogURL != nil {
+            entries.append(.action(L("Changelog"), .changelog))
         }
 
         if let statusLine = self.statusLine(for: provider, store: store) {
@@ -362,12 +578,13 @@ struct MenuDescriptor {
     private static func metaSection(updateReady: Bool) -> Section {
         var entries: [Entry] = []
         if updateReady {
-            entries.append(.action("Update ready, restart now?", .installUpdate))
+            entries.append(.action(L("Update ready, restart now?"), .installUpdate))
         }
         entries.append(contentsOf: [
-            .action("Settings...", .settings),
-            .action("About CodexBar", .about),
-            .action("Quit", .quit),
+            .action(L("Refresh"), .refresh),
+            .action(L("Settings..."), .settings),
+            .action(L("About CodexBar"), .about),
+            .action(L("Quit"), .quit),
         ])
         return Section(entries: entries)
     }
@@ -410,6 +627,24 @@ struct MenuDescriptor {
         return false
     }
 
+    private static func rateWindowLabels(
+        provider: UsageProvider,
+        metadata: ProviderMetadata,
+        snapshot: UsageSnapshot) -> (primary: String, secondary: String, tertiary: String, showsTertiary: Bool)
+    {
+        if provider == .factory, snapshot.tertiary != nil {
+            return ("5-hour", L("Weekly"), L("Monthly"), true)
+        }
+        let primaryLabel = provider == .grok
+            ? GrokProviderDescriptor.primaryLabel(window: snapshot.primary) ?? metadata.sessionLabel
+            : metadata.sessionLabel
+        return (
+            L(primaryLabel),
+            L(metadata.weeklyLabel),
+            metadata.opusLabel.map(L) ?? L("Sonnet"),
+            metadata.supportsOpus)
+    }
+
     private static func appendRateWindow(
         entries: inout [Entry],
         title: String,
@@ -440,8 +675,12 @@ struct MenuDescriptor {
 }
 
 private enum AccountFormatter {
-    static func plan(_ text: String) -> String {
-        let cleaned = UsageFormatter.cleanPlanName(text)
+    static func plan(_ text: String, provider: UsageProvider) -> String {
+        let cleaned = if provider == .codex {
+            CodexPlanFormatting.displayName(text) ?? UsageFormatter.cleanPlanName(text)
+        } else {
+            UsageFormatter.cleanPlanName(text)
+        }
         return cleaned.isEmpty ? text : cleaned
     }
 
@@ -459,6 +698,10 @@ extension MenuDescriptor.MenuAction {
         case .refreshAugmentSession: MenuDescriptor.MenuActionSystemImage.refresh.rawValue
         case .dashboard: MenuDescriptor.MenuActionSystemImage.dashboard.rawValue
         case .statusPage: MenuDescriptor.MenuActionSystemImage.statusPage.rawValue
+        case .changelog: MenuDescriptor.MenuActionSystemImage.changelog.rawValue
+        case .addCodexAccount, .addProviderAccount: MenuDescriptor.MenuActionSystemImage.addAccount.rawValue
+        case .requestCodexSystemPromotion:
+            nil
         case .switchAccount: MenuDescriptor.MenuActionSystemImage.switchAccount.rawValue
         case .openTerminal: MenuDescriptor.MenuActionSystemImage.openTerminal.rawValue
         case .loginToProvider: MenuDescriptor.MenuActionSystemImage.loginToProvider.rawValue
diff --git a/Sources/CodexBar/MouseLocationReader.swift b/Sources/CodexBar/MouseLocationReader.swift
index 73abc8f08..55a326b91 100644
--- a/Sources/CodexBar/MouseLocationReader.swift
+++ b/Sources/CodexBar/MouseLocationReader.swift
@@ -22,6 +22,10 @@ struct MouseLocationReader: NSViewRepresentable {
         var onMoved: ((CGPoint?) -> Void)?
         private var trackingArea: NSTrackingArea?
 
+        override var isFlipped: Bool {
+            true
+        }
+
         override func viewDidMoveToWindow() {
             super.viewDidMoveToWindow()
             self.window?.acceptsMouseMovedEvents = true
diff --git a/Sources/CodexBar/Notifications+CodexBar.swift b/Sources/CodexBar/Notifications+CodexBar.swift
index 8c0456276..4d8e4b2f9 100644
--- a/Sources/CodexBar/Notifications+CodexBar.swift
+++ b/Sources/CodexBar/Notifications+CodexBar.swift
@@ -1,7 +1,40 @@
+import CodexBarCore
 import Foundation
 
 extension Notification.Name {
     static let codexbarOpenSettings = Notification.Name("codexbarOpenSettings")
     static let codexbarDebugBlinkNow = Notification.Name("codexbarDebugBlinkNow")
+    static let codexbarWeeklyLimitReset = Notification.Name("codexbarWeeklyLimitReset")
     static let codexbarProviderConfigDidChange = Notification.Name("codexbarProviderConfigDidChange")
+    static let codexbarQuotaWarningDidPost = Notification.Name("codexbarQuotaWarningDidPost")
+}
+
+@MainActor
+final class WeeklyLimitResetEvent: NSObject {
+    let provider: UsageProvider
+    let accountIdentifier: String
+    let accountLabel: String?
+    let usedPercent: Double
+
+    init(provider: UsageProvider, accountIdentifier: String, accountLabel: String?, usedPercent: Double) {
+        self.provider = provider
+        self.accountIdentifier = accountIdentifier
+        self.accountLabel = accountLabel
+        self.usedPercent = usedPercent
+    }
+}
+
+@MainActor
+final class QuotaWarningPostedEvent: NSObject {
+    let provider: UsageProvider
+    let window: QuotaWarningWindow
+    let threshold: Int
+    let postedAt: Date
+
+    init(provider: UsageProvider, window: QuotaWarningWindow, threshold: Int, postedAt: Date) {
+        self.provider = provider
+        self.window = window
+        self.threshold = threshold
+        self.postedAt = postedAt
+    }
 }
diff --git a/Sources/CodexBar/PlanUtilizationHistoryChartMenuView.swift b/Sources/CodexBar/PlanUtilizationHistoryChartMenuView.swift
new file mode 100644
index 000000000..ae995cc1b
--- /dev/null
+++ b/Sources/CodexBar/PlanUtilizationHistoryChartMenuView.swift
@@ -0,0 +1,834 @@
+import Charts
+import CodexBarCore
+import SwiftUI
+
+@MainActor
+struct PlanUtilizationHistoryChartMenuView: View {
+    private enum Layout {
+        static let chartHeight: CGFloat = 130
+        static let detailHeight: CGFloat = 16
+        static let emptyStateHeight: CGFloat = chartHeight + detailHeight
+        static let maxPoints = 30
+        static let maxAxisLabels = 4
+        static let barWidth: CGFloat = 6
+    }
+
+    private struct SeriesSelection: Hashable {
+        let name: PlanUtilizationSeriesName
+        let windowMinutes: Int
+
+        var id: String {
+            "\(self.name.rawValue):\(self.windowMinutes)"
+        }
+    }
+
+    private struct VisibleSeries: Identifiable, Equatable {
+        let selection: SeriesSelection
+        let title: String
+        let history: PlanUtilizationSeriesHistory
+
+        var id: String {
+            self.selection.id
+        }
+    }
+
+    private struct EntryPointAccumulator {
+        let effectiveBoundaryDate: Date
+        let displayBoundaryDate: Date
+        let observedAt: Date
+        let usedPercent: Double
+        let hasObservedResetBoundary: Bool
+    }
+
+    private struct ResetBoundaryLattice {
+        let referenceBoundaryDate: Date
+        let windowInterval: TimeInterval
+    }
+
+    private struct Point: Identifiable {
+        let id: Date
+        let index: Int
+        let date: Date
+        let usedPercent: Double
+        let isObserved: Bool
+    }
+
+    private struct Model {
+        let points: [Point]
+        let axisIndexes: [Double]
+        let xDomain: ClosedRange<Double>?
+        let pointsByID: [Date: Point]
+        let pointsByIndex: [Int: Point]
+        let barColor: Color
+        let trackColor: Color
+    }
+
+    private let provider: UsageProvider
+    private let histories: [PlanUtilizationSeriesHistory]
+    private let snapshot: UsageSnapshot?
+    private let width: CGFloat
+
+    @State private var selectedSeriesID: String?
+    @State private var selectedPointID: Date?
+
+    init(
+        provider: UsageProvider,
+        histories: [PlanUtilizationSeriesHistory],
+        snapshot: UsageSnapshot? = nil,
+        width: CGFloat)
+    {
+        self.provider = provider
+        self.histories = histories
+        self.snapshot = snapshot
+        self.width = width
+    }
+
+    var body: some View {
+        let visibleSeries = Self.visibleSeries(
+            histories: self.histories,
+            provider: self.provider,
+            snapshot: self.snapshot)
+        let effectiveSelectedSeries = visibleSeries.first(where: { $0.id == self.selectedSeriesID }) ?? visibleSeries
+            .first
+        let model = Self.makeModel(
+            history: effectiveSelectedSeries?.history,
+            provider: self.provider,
+            referenceDate: Date())
+
+        VStack(alignment: .leading, spacing: 10) {
+            if visibleSeries.count > 1 {
+                Picker(selection: Binding(
+                    get: { effectiveSelectedSeries?.id ?? "" },
+                    set: { newValue in
+                        self.selectedSeriesID = newValue
+                        self.selectedPointID = nil
+                    })) {
+                        ForEach(visibleSeries) { series in
+                            Text(series.title).tag(series.id)
+                        }
+                    } label: {
+                        EmptyView()
+                    }
+                    .labelsHidden()
+                        .pickerStyle(.segmented)
+            }
+
+            if model.points.isEmpty {
+                ZStack {
+                    Text(Self.emptyStateText(title: effectiveSelectedSeries?.title))
+                        .font(.footnote)
+                        .foregroundStyle(.secondary)
+                }
+                .frame(maxWidth: .infinity)
+                .frame(height: Layout.emptyStateHeight)
+            } else {
+                self.utilizationChart(model: model)
+                    .chartYAxis(.hidden)
+                    .chartYScale(domain: 0...100)
+                    .chartXAxis {
+                        AxisMarks(values: model.axisIndexes) { value in
+                            AxisGridLine().foregroundStyle(Color.clear)
+                            AxisTick().foregroundStyle(Color.clear)
+                            AxisValueLabel {
+                                if let raw = value.as(Double.self) {
+                                    let index = Int(raw.rounded())
+                                    if let point = model.pointsByIndex[index] {
+                                        let isTrailingFullChartLabel = index == model.points.last?.index
+                                            && model.points.count == Layout.maxPoints
+                                        Self.axisLabel(
+                                            for: point,
+                                            windowMinutes: effectiveSelectedSeries?.history.windowMinutes ?? 0,
+                                            isTrailingFullChartLabel: isTrailingFullChartLabel)
+                                    }
+                                }
+                            }
+                        }
+                    }
+                    .chartLegend(.hidden)
+                    .frame(height: Layout.chartHeight)
+                    .accessibilityLabel(L("Plan utilization chart"))
+                    .accessibilityValue(
+                        model.points.isEmpty
+                            ? L("No data")
+                            : String(format: L("%d utilization samples"), model.points.count))
+                    .chartOverlay { proxy in
+                        GeometryReader { geo in
+                            MouseLocationReader { location in
+                                self.updateSelection(location: location, model: model, proxy: proxy, geo: geo)
+                            }
+                            .frame(maxWidth: .infinity, maxHeight: .infinity)
+                            .contentShape(Rectangle())
+                        }
+                    }
+
+                Text(self.detailLine(model: model, windowMinutes: effectiveSelectedSeries?.history.windowMinutes ?? 0))
+                    .font(.caption)
+                    .foregroundStyle(.secondary)
+                    .lineLimit(1)
+                    .truncationMode(.tail)
+                    .frame(height: Layout.detailHeight, alignment: .leading)
+            }
+        }
+        .padding(.horizontal, 16)
+        .padding(.vertical, 10)
+        .frame(minWidth: self.width, maxWidth: .infinity, alignment: .topLeading)
+        .task(id: visibleSeries.map(\.id).joined(separator: ",")) {
+            guard let firstVisibleSeries = visibleSeries.first else { return }
+            guard !visibleSeries.contains(where: { $0.id == self.selectedSeriesID }) else { return }
+            self.selectedSeriesID = firstVisibleSeries.id
+            self.selectedPointID = nil
+        }
+    }
+
+    private nonisolated static func visibleSeries(
+        histories: [PlanUtilizationSeriesHistory],
+        provider: UsageProvider,
+        snapshot: UsageSnapshot?) -> [VisibleSeries]
+    {
+        let metadata = ProviderDescriptorRegistry.metadata[provider]
+        let allowedNames = self.visibleSeriesNames(provider: provider, snapshot: snapshot)
+        var historiesBySelection: [SeriesSelection: PlanUtilizationSeriesHistory] = [:]
+        for history in histories {
+            guard !history.entries.isEmpty else { continue }
+            guard history.windowMinutes > 0 else { continue }
+            guard allowedNames?.contains(history.name) ?? true else { continue }
+
+            let canonicalWindowMinutes = history.name.canonicalWindowMinutes(history.windowMinutes)
+            let selection = SeriesSelection(name: history.name, windowMinutes: canonicalWindowMinutes)
+            if let existingHistory = historiesBySelection[selection] {
+                historiesBySelection[selection] = PlanUtilizationSeriesHistory(
+                    name: history.name,
+                    windowMinutes: canonicalWindowMinutes,
+                    entries: Self.mergedEntries(existingHistory.entries + history.entries))
+            } else {
+                historiesBySelection[selection] = PlanUtilizationSeriesHistory(
+                    name: history.name,
+                    windowMinutes: canonicalWindowMinutes,
+                    entries: history.entries)
+            }
+        }
+
+        return historiesBySelection.values
+            .sorted { lhs, rhs in
+                let lhsOrder = self.seriesSortOrder(lhs.name)
+                let rhsOrder = self.seriesSortOrder(rhs.name)
+                if lhsOrder != rhsOrder {
+                    return lhsOrder < rhsOrder
+                }
+                if lhs.windowMinutes != rhs.windowMinutes {
+                    return lhs.windowMinutes < rhs.windowMinutes
+                }
+                return lhs.name.rawValue < rhs.name.rawValue
+            }
+            .map { history in
+                VisibleSeries(
+                    selection: SeriesSelection(name: history.name, windowMinutes: history.windowMinutes),
+                    title: self.seriesTitle(name: history.name, metadata: metadata),
+                    history: history)
+            }
+    }
+
+    private nonisolated static func mergedEntries(
+        _ entries: [PlanUtilizationHistoryEntry]) -> [PlanUtilizationHistoryEntry]
+    {
+        entries.reduce(into: []) { result, entry in
+            guard !result.contains(entry) else { return }
+            result.append(entry)
+        }
+    }
+
+    private nonisolated static func visibleSeriesNames(
+        provider: UsageProvider,
+        snapshot: UsageSnapshot?) -> Set<PlanUtilizationSeriesName>?
+    {
+        guard let snapshot else { return nil }
+
+        var names: Set<PlanUtilizationSeriesName> = []
+        if snapshot.primary != nil {
+            names.insert(.session)
+        }
+        if snapshot.secondary != nil {
+            names.insert(.weekly)
+        }
+
+        if provider == .claude,
+           snapshot.tertiary != nil,
+           ProviderDescriptorRegistry.metadata[provider]?.supportsOpus == true
+        {
+            names.insert(.opus)
+        }
+
+        return names
+    }
+
+    private nonisolated static func makeModel(
+        history: PlanUtilizationSeriesHistory?,
+        provider: UsageProvider,
+        referenceDate: Date) -> Model
+    {
+        guard let history else {
+            return self.emptyModel(provider: provider)
+        }
+
+        var points = self.seriesPoints(history: history, referenceDate: referenceDate)
+        if points.count > Layout.maxPoints {
+            points = Array(points.suffix(Layout.maxPoints))
+        }
+
+        points = points.enumerated().map { offset, point in
+            Point(
+                id: point.id,
+                index: offset,
+                date: point.date,
+                usedPercent: point.usedPercent,
+                isObserved: point.isObserved)
+        }
+
+        let pointsByID = Dictionary(uniqueKeysWithValues: points.map { ($0.id, $0) })
+        let pointsByIndex = Dictionary(uniqueKeysWithValues: points.map { ($0.index, $0) })
+        let color = ProviderDescriptorRegistry.descriptor(for: provider).branding.color
+        let barColor = Color(red: color.red, green: color.green, blue: color.blue)
+        let trackColor = MenuHighlightStyle.progressTrack(false)
+
+        return Model(
+            points: points,
+            axisIndexes: self.axisIndexes(points: points, windowMinutes: history.windowMinutes),
+            xDomain: self.xDomain(points: points),
+            pointsByID: pointsByID,
+            pointsByIndex: pointsByIndex,
+            barColor: barColor,
+            trackColor: trackColor)
+    }
+
+    private nonisolated static func emptyModel(provider: UsageProvider) -> Model {
+        let color = ProviderDescriptorRegistry.descriptor(for: provider).branding.color
+        let barColor = Color(red: color.red, green: color.green, blue: color.blue)
+        let trackColor = MenuHighlightStyle.progressTrack(false)
+        return Model(
+            points: [],
+            axisIndexes: [],
+            xDomain: nil,
+            pointsByID: [:],
+            pointsByIndex: [:],
+            barColor: barColor,
+            trackColor: trackColor)
+    }
+
+    private nonisolated static func seriesPoints(
+        history: PlanUtilizationSeriesHistory,
+        referenceDate: Date) -> [Point]
+    {
+        guard history.windowMinutes > 0 else { return [] }
+        let windowInterval = Double(history.windowMinutes) * 60
+        let resetBoundaryLattice = self.resetBoundaryLattice(
+            entries: history.entries,
+            windowMinutes: history.windowMinutes)
+        var strongestObservedPointByPeriod: [Date: EntryPointAccumulator] = [:]
+
+        for entry in history.entries {
+            let candidate = self.observedPointCandidate(
+                for: entry,
+                windowMinutes: history.windowMinutes,
+                resetBoundaryLattice: resetBoundaryLattice)
+
+            if let existing = strongestObservedPointByPeriod[candidate.effectiveBoundaryDate],
+               !self.shouldPreferObservedPoint(candidate, over: existing)
+            {
+                continue
+            }
+            strongestObservedPointByPeriod[candidate.effectiveBoundaryDate] = candidate
+        }
+
+        guard !strongestObservedPointByPeriod.isEmpty else { return [] }
+
+        let sortedPeriodBoundaryDates = strongestObservedPointByPeriod.keys.sorted()
+        var points: [Point] = []
+        var previousPeriodBoundaryDate: Date?
+
+        for periodBoundaryDate in sortedPeriodBoundaryDates {
+            if let previousPeriodBoundaryDate {
+                var cursor = previousPeriodBoundaryDate.addingTimeInterval(windowInterval)
+                while cursor < periodBoundaryDate {
+                    points.append(Point(
+                        id: cursor,
+                        index: 0,
+                        date: cursor,
+                        usedPercent: 0,
+                        isObserved: false))
+                    cursor = cursor.addingTimeInterval(windowInterval)
+                }
+            }
+
+            if let bucket = strongestObservedPointByPeriod[periodBoundaryDate] {
+                points.append(Point(
+                    id: bucket.effectiveBoundaryDate,
+                    index: 0,
+                    date: bucket.displayBoundaryDate,
+                    usedPercent: bucket.usedPercent,
+                    isObserved: true))
+            }
+            previousPeriodBoundaryDate = periodBoundaryDate
+        }
+
+        if let lastObservedPeriodBoundaryDate = sortedPeriodBoundaryDates.last {
+            let currentPeriodBoundaryDate = self.currentPeriodBoundaryDate(
+                for: referenceDate,
+                windowMinutes: history.windowMinutes,
+                resetBoundaryLattice: resetBoundaryLattice)
+
+            if currentPeriodBoundaryDate > lastObservedPeriodBoundaryDate {
+                var cursor = lastObservedPeriodBoundaryDate.addingTimeInterval(windowInterval)
+                while cursor <= currentPeriodBoundaryDate {
+                    points.append(Point(
+                        id: cursor,
+                        index: 0,
+                        date: cursor,
+                        usedPercent: 0,
+                        isObserved: false))
+                    cursor = cursor.addingTimeInterval(windowInterval)
+                }
+            }
+        }
+
+        return points
+    }
+
+    private nonisolated static func observedPointCandidate(
+        for entry: PlanUtilizationHistoryEntry,
+        windowMinutes: Int,
+        resetBoundaryLattice: ResetBoundaryLattice?) -> EntryPointAccumulator
+    {
+        let rawResetBoundaryDate = entry.resetsAt.map(self.normalizedBoundaryDate)
+        let effectiveBoundaryDate = self.effectivePeriodBoundaryDate(
+            for: entry,
+            windowMinutes: windowMinutes,
+            rawResetBoundaryDate: rawResetBoundaryDate,
+            resetBoundaryLattice: resetBoundaryLattice)
+        return EntryPointAccumulator(
+            effectiveBoundaryDate: effectiveBoundaryDate,
+            displayBoundaryDate: rawResetBoundaryDate ?? effectiveBoundaryDate,
+            observedAt: entry.capturedAt,
+            usedPercent: max(0, min(100, entry.usedPercent)),
+            hasObservedResetBoundary: rawResetBoundaryDate != nil)
+    }
+
+    private nonisolated static func resetBoundaryLattice(
+        entries: [PlanUtilizationHistoryEntry],
+        windowMinutes: Int) -> ResetBoundaryLattice?
+    {
+        guard let latestObservedResetBoundaryDate = entries
+            .compactMap(\.resetsAt)
+            .map(self.normalizedBoundaryDate)
+            .max()
+        else {
+            return nil
+        }
+        return ResetBoundaryLattice(
+            referenceBoundaryDate: latestObservedResetBoundaryDate,
+            windowInterval: Double(windowMinutes) * 60)
+    }
+
+    private nonisolated static func normalizedBoundaryDate(_ date: Date) -> Date {
+        Date(timeIntervalSince1970: floor(date.timeIntervalSince1970))
+    }
+
+    private nonisolated static func effectivePeriodBoundaryDate(
+        for entry: PlanUtilizationHistoryEntry,
+        windowMinutes: Int,
+        rawResetBoundaryDate: Date?,
+        resetBoundaryLattice: ResetBoundaryLattice?) -> Date
+    {
+        if let rawResetBoundaryDate {
+            if let resetBoundaryLattice {
+                return self.closestPeriodBoundaryDate(
+                    to: rawResetBoundaryDate,
+                    resetBoundaryLattice: resetBoundaryLattice)
+            }
+            return rawResetBoundaryDate
+        }
+        if let resetBoundaryLattice {
+            return self.periodBoundaryDate(
+                containing: entry.capturedAt,
+                resetBoundaryLattice: resetBoundaryLattice)
+        }
+        return self.syntheticBoundaryDate(for: entry.capturedAt, windowMinutes: windowMinutes)
+    }
+
+    private nonisolated static func shouldPreferObservedPoint(
+        _ candidate: EntryPointAccumulator,
+        over existing: EntryPointAccumulator) -> Bool
+    {
+        if candidate.usedPercent != existing.usedPercent {
+            return candidate.usedPercent > existing.usedPercent
+        }
+        if candidate.hasObservedResetBoundary != existing.hasObservedResetBoundary {
+            return candidate.hasObservedResetBoundary
+        }
+        if candidate.displayBoundaryDate != existing.displayBoundaryDate {
+            return candidate.displayBoundaryDate > existing.displayBoundaryDate
+        }
+        return candidate.observedAt >= existing.observedAt
+    }
+
+    private nonisolated static func currentPeriodBoundaryDate(
+        for referenceDate: Date,
+        windowMinutes: Int,
+        resetBoundaryLattice: ResetBoundaryLattice?) -> Date
+    {
+        if let resetBoundaryLattice {
+            return self.periodBoundaryDate(
+                containing: referenceDate,
+                resetBoundaryLattice: resetBoundaryLattice)
+        }
+        return self.syntheticBoundaryDate(for: referenceDate, windowMinutes: windowMinutes)
+    }
+
+    private nonisolated static func closestPeriodBoundaryDate(
+        to rawBoundaryDate: Date,
+        resetBoundaryLattice: ResetBoundaryLattice) -> Date
+    {
+        let offset = rawBoundaryDate.timeIntervalSince(resetBoundaryLattice.referenceBoundaryDate)
+        let periodOffset = (offset / resetBoundaryLattice.windowInterval).rounded()
+        return resetBoundaryLattice.referenceBoundaryDate
+            .addingTimeInterval(periodOffset * resetBoundaryLattice.windowInterval)
+    }
+
+    private nonisolated static func periodBoundaryDate(
+        containing capturedAt: Date,
+        resetBoundaryLattice: ResetBoundaryLattice) -> Date
+    {
+        let offset = capturedAt.timeIntervalSince(resetBoundaryLattice.referenceBoundaryDate)
+        let periodOffset = ceil(offset / resetBoundaryLattice.windowInterval)
+        return resetBoundaryLattice.referenceBoundaryDate
+            .addingTimeInterval(periodOffset * resetBoundaryLattice.windowInterval)
+    }
+
+    private nonisolated static func syntheticBoundaryDate(for date: Date, windowMinutes: Int) -> Date {
+        let bucketSeconds = Double(windowMinutes) * 60
+        let bucketIndex = floor(date.timeIntervalSince1970 / bucketSeconds)
+        return Date(timeIntervalSince1970: (bucketIndex + 1) * bucketSeconds)
+    }
+
+    private nonisolated static func xDomain(points: [Point]) -> ClosedRange<Double>? {
+        guard !points.isEmpty else { return nil }
+        return -0.5...(Double(Layout.maxPoints) - 0.5)
+    }
+
+    private nonisolated static func axisIndexes(points: [Point], windowMinutes: Int) -> [Double] {
+        let candidateIndexes = self.axisCandidateIndexes(points: points, windowMinutes: windowMinutes)
+        return self.proportionalAxisIndexes(points: points, candidateIndexes: candidateIndexes)
+    }
+
+    private nonisolated static func axisCandidateIndexes(points: [Point], windowMinutes: Int) -> [Int] {
+        if windowMinutes <= 300 {
+            return self.sessionAxisCandidateIndexes(points: points)
+        }
+        return points.map(\.index)
+    }
+
+    private nonisolated static func sessionAxisCandidateIndexes(points: [Point]) -> [Int] {
+        guard let firstPoint = points.first else { return [] }
+        let calendar = Calendar.current
+        var previousPoint = firstPoint
+        var rawIndexes: [Int] = [firstPoint.index]
+
+        for point in points.dropFirst() {
+            if !calendar.isDate(point.date, inSameDayAs: previousPoint.date) {
+                rawIndexes.append(point.index)
+            }
+            previousPoint = point
+        }
+
+        return rawIndexes
+    }
+
+    private nonisolated static func proportionalAxisIndexes(points: [Point], candidateIndexes: [Int]) -> [Double] {
+        guard !points.isEmpty, !candidateIndexes.isEmpty else { return [] }
+
+        let occupiedFraction = Double(points.count) / Double(Layout.maxPoints)
+        let proportionalBudget = Int(ceil(Double(Layout.maxAxisLabels) * occupiedFraction))
+        let labelBudget = max(1, min(Layout.maxAxisLabels, proportionalBudget, candidateIndexes.count))
+
+        if labelBudget == 1 {
+            return [Double(candidateIndexes[0])]
+        }
+
+        let step = Double(candidateIndexes.count - 1) / Double(labelBudget - 1)
+        var selectedIndexes = (0..<labelBudget).map { position in
+            let candidateOffset = Int((Double(position) * step).rounded())
+            return candidateIndexes[candidateOffset]
+        }
+        selectedIndexes = Array(NSOrderedSet(array: selectedIndexes)) as? [Int] ?? selectedIndexes
+
+        let trailingLabelCutoff = points.first!.index + Int(floor(Double(points.count) * 0.8))
+        if selectedIndexes.count > 1,
+           let lastSelectedIndex = selectedIndexes.last,
+           lastSelectedIndex >= trailingLabelCutoff
+        {
+            selectedIndexes.removeLast()
+        }
+
+        if points.count == Layout.maxPoints,
+           let lastVisibleIndex = points.last?.index,
+           !selectedIndexes.contains(lastVisibleIndex)
+        {
+            selectedIndexes.append(lastVisibleIndex)
+        }
+
+        let deduplicated = Array(NSOrderedSet(array: selectedIndexes)) as? [Int] ?? selectedIndexes
+        return deduplicated.map(Double.init)
+    }
+
+    @ViewBuilder
+    private static func axisLabel(
+        for point: Point,
+        windowMinutes: Int,
+        isTrailingFullChartLabel: Bool) -> some View
+    {
+        let label = Text(point.date.formatted(self.axisFormat(windowMinutes: windowMinutes)))
+            .font(.caption2)
+            .foregroundStyle(Color(nsColor: .tertiaryLabelColor))
+
+        if isTrailingFullChartLabel {
+            label
+                .frame(width: 48, alignment: .trailing)
+                .offset(x: -24)
+        } else {
+            label
+        }
+    }
+
+    private nonisolated static func axisFormat(windowMinutes: Int) -> Date.FormatStyle {
+        if windowMinutes <= 300 {
+            return .dateTime.month(.abbreviated).day()
+        }
+        return .dateTime.month(.abbreviated).day()
+    }
+
+    private nonisolated static func seriesTitle(
+        name: PlanUtilizationSeriesName,
+        metadata: ProviderMetadata?) -> String
+    {
+        switch name {
+        case .session:
+            L(metadata?.sessionLabel ?? "Session")
+        case .weekly:
+            L(metadata?.weeklyLabel ?? "Weekly")
+        case .opus:
+            metadata?.opusLabel ?? "Opus"
+        default:
+            self.fallbackTitle(for: name.rawValue)
+        }
+    }
+
+    private nonisolated static func fallbackTitle(for rawValue: String) -> String {
+        let words = rawValue
+            .replacingOccurrences(of: "([a-z0-9])([A-Z])", with: "$1 $2", options: .regularExpression)
+            .split(separator: " ")
+        return words.map { $0.prefix(1).uppercased() + $0.dropFirst() }.joined(separator: " ")
+    }
+
+    private nonisolated static func seriesSortOrder(_ name: PlanUtilizationSeriesName) -> Int {
+        switch name {
+        case .session:
+            0
+        case .weekly:
+            1
+        case .opus:
+            2
+        default:
+            100
+        }
+    }
+
+    private nonisolated static func emptyStateText(title: String?) -> String {
+        if let title {
+            return String(format: L("No %@ utilization data yet."), title.lowercased())
+        }
+        return L("No utilization data yet.")
+    }
+
+    #if DEBUG
+    struct ModelSnapshot: Equatable {
+        let pointCount: Int
+        let axisIndexes: [Double]
+        let xDomain: ClosedRange<Double>?
+        let selectedSeries: String?
+        let visibleSeries: [String]
+        let usedPercents: [Double]
+        let pointDates: [String]
+    }
+
+    nonisolated static func _modelSnapshotForTesting(
+        selectedSeriesRawValue: String? = nil,
+        histories: [PlanUtilizationSeriesHistory],
+        provider: UsageProvider,
+        snapshot: UsageSnapshot? = nil,
+        referenceDate: Date? = nil) -> ModelSnapshot
+    {
+        let visibleSeries = self.visibleSeries(histories: histories, provider: provider, snapshot: snapshot)
+        let selectedSeries = visibleSeries.first(where: { $0.id == selectedSeriesRawValue }) ?? visibleSeries.first
+        let model = self.makeModel(
+            history: selectedSeries?.history,
+            provider: provider,
+            referenceDate: referenceDate ?? histories.flatMap(\.entries).map(\.capturedAt).max() ?? Date())
+        return ModelSnapshot(
+            pointCount: model.points.count,
+            axisIndexes: model.axisIndexes,
+            xDomain: model.xDomain,
+            selectedSeries: selectedSeries?.id,
+            visibleSeries: visibleSeries.map(\.id),
+            usedPercents: model.points.map(\.usedPercent),
+            pointDates: model.points.map { point in
+                let formatter = DateFormatter()
+                formatter.locale = Locale(identifier: "en_US_POSIX")
+                formatter.timeZone = TimeZone.current
+                formatter.dateFormat = "yyyy-MM-dd HH:mm"
+                return formatter.string(from: point.date)
+            })
+    }
+
+    nonisolated static func _detailLineForTesting(
+        selectedSeriesRawValue: String? = nil,
+        histories: [PlanUtilizationSeriesHistory],
+        provider: UsageProvider,
+        snapshot: UsageSnapshot? = nil,
+        referenceDate: Date? = nil) -> String
+    {
+        let visibleSeries = self.visibleSeries(histories: histories, provider: provider, snapshot: snapshot)
+        let selectedSeries = visibleSeries.first(where: { $0.id == selectedSeriesRawValue }) ?? visibleSeries.first
+        let model = self.makeModel(
+            history: selectedSeries?.history,
+            provider: provider,
+            referenceDate: referenceDate ?? histories.flatMap(\.entries).map(\.capturedAt).max() ?? Date())
+        return self.detailLine(point: model.points.last, windowMinutes: selectedSeries?.history.windowMinutes ?? 0)
+    }
+
+    nonisolated static func _emptyStateTextForTesting(title: String?) -> String {
+        self.emptyStateText(title: title)
+    }
+    #endif
+
+    private func xValue(for index: Int) -> PlottableValue<Double> {
+        .value(L("Series"), Double(index))
+    }
+
+    @ViewBuilder
+    private func utilizationChart(model: Model) -> some View {
+        if let xDomain = model.xDomain {
+            Chart {
+                self.utilizationChartContent(model: model)
+            }
+            .chartXScale(domain: xDomain)
+        } else {
+            Chart {
+                self.utilizationChartContent(model: model)
+            }
+        }
+    }
+
+    @ChartContentBuilder
+    private func utilizationChartContent(model: Model) -> some ChartContent {
+        ForEach(model.points) { point in
+            BarMark(
+                x: self.xValue(for: point.index),
+                yStart: .value(L("Capacity Start"), 0),
+                yEnd: .value(L("Capacity End"), 100),
+                width: .fixed(Layout.barWidth))
+                .foregroundStyle(model.trackColor)
+            BarMark(
+                x: self.xValue(for: point.index),
+                yStart: .value(L("Utilization Start"), 0),
+                yEnd: .value(L("Utilization End"), point.usedPercent),
+                width: .fixed(Layout.barWidth))
+                .foregroundStyle(model.barColor)
+        }
+        if let selected = self.selectedPoint(model: model) {
+            RuleMark(x: self.xValue(for: selected.index))
+                .foregroundStyle(Color(nsColor: .tertiaryLabelColor))
+                .lineStyle(StrokeStyle(lineWidth: 1, dash: [3, 3]))
+        }
+    }
+
+    private func selectedPoint(model: Model) -> Point? {
+        guard let selectedPointID else { return nil }
+        return model.pointsByID[selectedPointID]
+    }
+
+    private func detailLine(model: Model, windowMinutes: Int) -> String {
+        let activePoint = self.selectedPoint(model: model) ?? model.points.last
+        return Self.detailLine(point: activePoint, windowMinutes: windowMinutes)
+    }
+
+    private func updateSelection(
+        location: CGPoint?,
+        model: Model,
+        proxy: ChartProxy,
+        geo: GeometryProxy)
+    {
+        guard let location else {
+            if self.selectedPointID != nil { self.selectedPointID = nil }
+            return
+        }
+
+        guard let plotAnchor = proxy.plotFrame else { return }
+        let plotFrame = geo[plotAnchor]
+        guard plotFrame.contains(location) else {
+            if self.selectedPointID != nil { self.selectedPointID = nil }
+            return
+        }
+
+        let xInPlot = location.x - plotFrame.origin.x
+        guard let xValue: Double = proxy.value(atX: xInPlot) else { return }
+
+        var best: (id: Date, distance: Double)?
+        for point in model.points {
+            let distance = abs(Double(point.index) - xValue)
+            if let current = best {
+                if distance < current.distance {
+                    best = (point.id, distance)
+                }
+            } else {
+                best = (point.id, distance)
+            }
+        }
+
+        if self.selectedPointID != best?.id {
+            self.selectedPointID = best?.id
+        }
+    }
+}
+
+extension PlanUtilizationHistoryChartMenuView {
+    private nonisolated static func detailLine(point: Point?, windowMinutes: Int) -> String {
+        guard let point else {
+            return "-"
+        }
+
+        let dateLabel = self.detailDateLabel(for: point.date, windowMinutes: windowMinutes)
+
+        let used = max(0, min(100, point.usedPercent))
+        if !point.isObserved {
+            return "\(dateLabel): -"
+        }
+        let usedText = used.formatted(.number.precision(.fractionLength(0...1)))
+        return L("%@: %@%% used", dateLabel, usedText)
+    }
+
+    private nonisolated static func detailDateLabel(for date: Date, windowMinutes: Int) -> String {
+        let formatter = DateFormatter()
+        formatter.locale = codexBarLocalizedLocale()
+        formatter.timeZone = TimeZone.current
+        formatter.setLocalizedDateFormatFromTemplate("MMM d, h:mm a")
+        var rendered = formatter.string(from: date).replacingOccurrences(of: "\u{202F}", with: " ")
+        let amSymbol = formatter.amSymbol ?? ""
+        let pmSymbol = formatter.pmSymbol ?? ""
+        if !amSymbol.isEmpty {
+            rendered = rendered.replacingOccurrences(of: amSymbol, with: amSymbol.lowercased())
+        }
+        if !pmSymbol.isEmpty {
+            rendered = rendered.replacingOccurrences(of: pmSymbol, with: pmSymbol.lowercased())
+        }
+        return rendered
+    }
+}
diff --git a/Sources/CodexBar/PlanUtilizationHistoryStore.swift b/Sources/CodexBar/PlanUtilizationHistoryStore.swift
new file mode 100644
index 000000000..13b6b4d97
--- /dev/null
+++ b/Sources/CodexBar/PlanUtilizationHistoryStore.swift
@@ -0,0 +1,269 @@
+import CodexBarCore
+import Foundation
+
+struct PlanUtilizationSeriesName: RawRepresentable, Hashable, Codable, ExpressibleByStringLiteral {
+    let rawValue: String
+
+    init(rawValue: String) {
+        self.rawValue = rawValue
+    }
+
+    init(stringLiteral value: StringLiteralType) {
+        self.rawValue = value
+    }
+
+    static let session: Self = "session"
+    static let weekly: Self = "weekly"
+    static let opus: Self = "opus"
+
+    func canonicalWindowMinutes(_ windowMinutes: Int) -> Int {
+        switch self {
+        case .session where (295...305).contains(windowMinutes):
+            300
+        case .weekly where (10070...10090).contains(windowMinutes):
+            10080
+        default:
+            windowMinutes
+        }
+    }
+}
+
+struct PlanUtilizationHistoryEntry: Codable, Equatable {
+    let capturedAt: Date
+    let usedPercent: Double
+    let resetsAt: Date?
+}
+
+struct PlanUtilizationSeriesHistory: Codable, Equatable {
+    let name: PlanUtilizationSeriesName
+    let windowMinutes: Int
+    let entries: [PlanUtilizationHistoryEntry]
+
+    init(name: PlanUtilizationSeriesName, windowMinutes: Int, entries: [PlanUtilizationHistoryEntry]) {
+        self.name = name
+        self.windowMinutes = windowMinutes
+        self.entries = entries.sorted { lhs, rhs in
+            if lhs.capturedAt != rhs.capturedAt {
+                return lhs.capturedAt < rhs.capturedAt
+            }
+            if lhs.usedPercent != rhs.usedPercent {
+                return lhs.usedPercent < rhs.usedPercent
+            }
+            let lhsReset = lhs.resetsAt?.timeIntervalSince1970 ?? Date.distantPast.timeIntervalSince1970
+            let rhsReset = rhs.resetsAt?.timeIntervalSince1970 ?? Date.distantPast.timeIntervalSince1970
+            return lhsReset < rhsReset
+        }
+    }
+
+    var latestCapturedAt: Date? {
+        self.entries.last?.capturedAt
+    }
+}
+
+struct PlanUtilizationHistoryBuckets: Equatable {
+    var preferredAccountKey: String?
+    var unscoped: [PlanUtilizationSeriesHistory] = []
+    var accounts: [String: [PlanUtilizationSeriesHistory]] = [:]
+
+    func histories(for accountKey: String?) -> [PlanUtilizationSeriesHistory] {
+        guard let accountKey, !accountKey.isEmpty else { return self.unscoped }
+        return self.accounts[accountKey] ?? []
+    }
+
+    mutating func setHistories(_ histories: [PlanUtilizationSeriesHistory], for accountKey: String?) {
+        let sorted = Self.sortedHistories(histories)
+        guard let accountKey, !accountKey.isEmpty else {
+            self.unscoped = sorted
+            return
+        }
+        if sorted.isEmpty {
+            self.accounts.removeValue(forKey: accountKey)
+        } else {
+            self.accounts[accountKey] = sorted
+        }
+    }
+
+    var isEmpty: Bool {
+        self.unscoped.isEmpty && self.accounts.values.allSatisfy(\.isEmpty)
+    }
+
+    private static func sortedHistories(_ histories: [PlanUtilizationSeriesHistory]) -> [PlanUtilizationSeriesHistory] {
+        histories.sorted { lhs, rhs in
+            if lhs.windowMinutes != rhs.windowMinutes {
+                return lhs.windowMinutes < rhs.windowMinutes
+            }
+            return lhs.name.rawValue < rhs.name.rawValue
+        }
+    }
+}
+
+private struct ProviderHistoryFile: Codable {
+    let preferredAccountKey: String?
+    let unscoped: [PlanUtilizationSeriesHistory]
+    let accounts: [String: [PlanUtilizationSeriesHistory]]
+}
+
+private struct ProviderHistoryDocument: Codable {
+    let version: Int
+    let preferredAccountKey: String?
+    let unscoped: [PlanUtilizationSeriesHistory]
+    let accounts: [String: [PlanUtilizationSeriesHistory]]
+}
+
+struct PlanUtilizationHistoryStore {
+    fileprivate static let providerSchemaVersion = 1
+
+    let directoryURL: URL?
+
+    init(directoryURL: URL? = Self.defaultDirectoryURL()) {
+        self.directoryURL = directoryURL
+    }
+
+    static func defaultAppSupport() -> Self {
+        Self()
+    }
+
+    func load() -> [UsageProvider: PlanUtilizationHistoryBuckets] {
+        self.loadProviderFiles()
+    }
+
+    func save(_ providers: [UsageProvider: PlanUtilizationHistoryBuckets]) {
+        guard let directoryURL = self.directoryURL else { return }
+        do {
+            try FileManager.default.createDirectory(
+                at: directoryURL,
+                withIntermediateDirectories: true)
+            let encoder = JSONEncoder()
+            encoder.dateEncodingStrategy = .iso8601
+            encoder.outputFormatting = [.sortedKeys]
+
+            for provider in UsageProvider.allCases {
+                let fileURL = self.providerFileURL(for: provider)
+                let buckets = providers[provider] ?? PlanUtilizationHistoryBuckets()
+                let unscoped = Self.sortedHistories(buckets.unscoped)
+                let accounts = Self.sortedAccounts(buckets.accounts)
+                guard !unscoped.isEmpty || !accounts.isEmpty else {
+                    try? FileManager.default.removeItem(at: fileURL)
+                    continue
+                }
+
+                let payload = ProviderHistoryDocument(
+                    version: Self.providerSchemaVersion,
+                    preferredAccountKey: buckets.preferredAccountKey,
+                    unscoped: unscoped,
+                    accounts: accounts)
+                let data = try encoder.encode(payload)
+                try data.write(to: fileURL, options: Data.WritingOptions.atomic)
+            }
+        } catch {
+            // Best-effort persistence only.
+        }
+    }
+
+    private func loadProviderFiles() -> [UsageProvider: PlanUtilizationHistoryBuckets] {
+        guard self.directoryURL != nil else { return [:] }
+
+        let decoder = JSONDecoder()
+        decoder.dateDecodingStrategy = .iso8601
+
+        var output: [UsageProvider: PlanUtilizationHistoryBuckets] = [:]
+
+        for provider in UsageProvider.allCases {
+            let fileURL = self.providerFileURL(for: provider)
+            guard FileManager.default.fileExists(atPath: fileURL.path) else { continue }
+            guard let data = try? Data(contentsOf: fileURL),
+                  let decoded = try? decoder.decode(ProviderHistoryDocument.self, from: data)
+            else {
+                continue
+            }
+
+            let history = ProviderHistoryFile(
+                preferredAccountKey: decoded.preferredAccountKey,
+                unscoped: decoded.unscoped,
+                accounts: decoded.accounts)
+            output[provider] = Self.decodeProvider(history)
+        }
+
+        return output
+    }
+
+    private static func decodeProviders(
+        _ providers: [String: ProviderHistoryFile]) -> [UsageProvider: PlanUtilizationHistoryBuckets]
+    {
+        var output: [UsageProvider: PlanUtilizationHistoryBuckets] = [:]
+        for (rawProvider, providerHistory) in providers {
+            guard let provider = UsageProvider(rawValue: rawProvider) else { continue }
+            output[provider] = Self.decodeProvider(providerHistory)
+        }
+        return output
+    }
+
+    private static func decodeProvider(_ providerHistory: ProviderHistoryFile) -> PlanUtilizationHistoryBuckets {
+        PlanUtilizationHistoryBuckets(
+            preferredAccountKey: providerHistory.preferredAccountKey,
+            unscoped: self.sortedHistories(providerHistory.unscoped),
+            accounts: Dictionary(
+                uniqueKeysWithValues: providerHistory.accounts.compactMap { accountKey, histories in
+                    let sorted = Self.sortedHistories(histories)
+                    guard !sorted.isEmpty else { return nil }
+                    return (accountKey, sorted)
+                }))
+    }
+
+    private static func sortedAccounts(
+        _ accounts: [String: [PlanUtilizationSeriesHistory]]) -> [String: [PlanUtilizationSeriesHistory]]
+    {
+        Dictionary(
+            uniqueKeysWithValues: accounts.compactMap { accountKey, histories in
+                let sorted = Self.sortedHistories(histories)
+                guard !sorted.isEmpty else { return nil }
+                return (accountKey, sorted)
+            })
+    }
+
+    private static func sortedHistories(_ histories: [PlanUtilizationSeriesHistory]) -> [PlanUtilizationSeriesHistory] {
+        self.sanitizedHistories(histories).sorted { lhs, rhs in
+            if lhs.windowMinutes != rhs.windowMinutes {
+                return lhs.windowMinutes < rhs.windowMinutes
+            }
+            return lhs.name.rawValue < rhs.name.rawValue
+        }
+    }
+
+    private static func sanitizedHistories(_ histories: [PlanUtilizationSeriesHistory])
+    -> [PlanUtilizationSeriesHistory] {
+        histories.filter { history in
+            history.windowMinutes > 0 && !history.entries.isEmpty
+        }
+    }
+
+    private static func defaultDirectoryURL() -> URL? {
+        guard let root = FileManager.default.urls(for: .applicationSupportDirectory, in: .userDomainMask).first else {
+            return nil
+        }
+        let dir = root.appendingPathComponent("com.steipete.codexbar", isDirectory: true)
+        return dir.appendingPathComponent("history", isDirectory: true)
+    }
+
+    private func providerFileURL(for provider: UsageProvider) -> URL {
+        let directoryURL = self.directoryURL ?? URL(fileURLWithPath: "/dev/null", isDirectory: true)
+        return directoryURL.appendingPathComponent("\(provider.rawValue).json", isDirectory: false)
+    }
+}
+
+extension ProviderHistoryDocument {
+    init(from decoder: any Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        let version = try container.decode(Int.self, forKey: .version)
+        guard version == PlanUtilizationHistoryStore.providerSchemaVersion else {
+            throw DecodingError.dataCorruptedError(
+                forKey: .version,
+                in: container,
+                debugDescription: "Unsupported provider history schema version \(version)")
+        }
+        self.version = version
+        self.preferredAccountKey = try container.decodeIfPresent(String.self, forKey: .preferredAccountKey)
+        self.unscoped = try container.decode([PlanUtilizationSeriesHistory].self, forKey: .unscoped)
+        self.accounts = try container.decode([String: [PlanUtilizationSeriesHistory]].self, forKey: .accounts)
+    }
+}
diff --git a/Sources/CodexBar/PreferencesAboutPane.swift b/Sources/CodexBar/PreferencesAboutPane.swift
index 16e27189e..31c3bbe43 100644
--- a/Sources/CodexBar/PreferencesAboutPane.swift
+++ b/Sources/CodexBar/PreferencesAboutPane.swift
@@ -51,14 +51,14 @@ struct AboutPane: View {
             VStack(spacing: 2) {
                 Text("CodexBar")
                     .font(.title3).bold()
-                Text("Version \(self.versionString)")
+                Text(String(format: L("version_format"), self.versionString))
                     .foregroundStyle(.secondary)
                 if let buildTimestamp {
-                    Text("Built \(buildTimestamp)")
+                    Text(String(format: L("built_format"), buildTimestamp))
                         .font(.footnote)
                         .foregroundStyle(.secondary)
                 }
-                Text("May your tokens never run out—keep agent limits in view.")
+                Text(L("about_tagline"))
                     .font(.footnote)
                     .foregroundStyle(.secondary)
             }
@@ -66,11 +66,11 @@ struct AboutPane: View {
             VStack(alignment: .center, spacing: 10) {
                 AboutLinkRow(
                     icon: "chevron.left.slash.chevron.right",
-                    title: "GitHub",
+                    title: L("link_github"),
                     url: "https://github.com/steipete/CodexBar")
-                AboutLinkRow(icon: "globe", title: "Website", url: "https://steipete.me")
-                AboutLinkRow(icon: "bird", title: "Twitter", url: "https://twitter.com/steipete")
-                AboutLinkRow(icon: "envelope", title: "Email", url: "mailto:peter@steipete.me")
+                AboutLinkRow(icon: "globe", title: L("link_website"), url: "https://steipete.me")
+                AboutLinkRow(icon: "bird", title: L("link_twitter"), url: "https://twitter.com/steipete")
+                AboutLinkRow(icon: "envelope", title: L("link_email"), url: "mailto:peter@steipete.me")
             }
             .padding(.top, 8)
             .frame(maxWidth: .infinity)
@@ -80,12 +80,12 @@ struct AboutPane: View {
 
             if self.updater.isAvailable {
                 VStack(spacing: 10) {
-                    Toggle("Check for updates automatically", isOn: self.$autoUpdateEnabled)
+                    Toggle(L("check_updates_auto"), isOn: self.$autoUpdateEnabled)
                         .toggleStyle(.checkbox)
                         .frame(maxWidth: .infinity, alignment: .center)
                     VStack(spacing: 6) {
                         HStack(spacing: 12) {
-                            Text("Update Channel")
+                            Text(L("update_channel"))
                             Spacer()
                             Picker("", selection: self.updateChannelBinding) {
                                 ForEach(UpdateChannel.allCases) { channel in
@@ -102,14 +102,14 @@ struct AboutPane: View {
                             .multilineTextAlignment(.center)
                             .frame(maxWidth: 280)
                     }
-                    Button("Check for Updates…") { self.updater.checkForUpdates(nil) }
+                    Button(L("check_for_updates")) { self.updater.checkForUpdates(nil) }
                 }
             } else {
-                Text(self.updater.unavailableReason ?? "Updates unavailable in this build.")
+                Text(self.updater.unavailableReason ?? L("updates_unavailable"))
                     .foregroundStyle(.secondary)
             }
 
-            Text("© 2025 Peter Steinberger. MIT License.")
+            Text(L("copyright"))
                 .font(.footnote)
                 .foregroundStyle(.secondary)
                 .padding(.top, 4)
diff --git a/Sources/CodexBar/PreferencesAdvancedPane.swift b/Sources/CodexBar/PreferencesAdvancedPane.swift
index b6add144f..86e9da909 100644
--- a/Sources/CodexBar/PreferencesAdvancedPane.swift
+++ b/Sources/CodexBar/PreferencesAdvancedPane.swift
@@ -11,17 +11,17 @@ struct AdvancedPane: View {
         ScrollView(.vertical, showsIndicators: true) {
             VStack(alignment: .leading, spacing: 16) {
                 SettingsSection(contentSpacing: 8) {
-                    Text("Keyboard shortcut")
+                    Text(L("section_keyboard_shortcut"))
                         .font(.caption)
                         .foregroundStyle(.secondary)
                         .textCase(.uppercase)
                     HStack(alignment: .center, spacing: 12) {
-                        Text("Open menu")
+                        Text(L("open_menu_shortcut_title"))
                             .font(.body)
                         Spacer()
                         KeyboardShortcuts.Recorder(for: .openMenu)
                     }
-                    Text("Trigger the menu bar menu from anywhere.")
+                    Text(L("open_menu_shortcut_subtitle"))
                         .font(.footnote)
                         .foregroundStyle(.tertiary)
                 }
@@ -36,7 +36,7 @@ struct AdvancedPane: View {
                             if self.isInstallingCLI {
                                 ProgressView().controlSize(.small)
                             } else {
-                                Text("Install CLI")
+                                Text(L("install_cli"))
                             }
                         }
                         .disabled(self.isInstallingCLI)
@@ -48,7 +48,7 @@ struct AdvancedPane: View {
                                 .lineLimit(2)
                         }
                     }
-                    Text("Symlink CodexBarCLI to /usr/local/bin and /opt/homebrew/bin as codexbar.")
+                    Text(L("install_cli_subtitle"))
                         .font(.footnote)
                         .foregroundStyle(.tertiary)
                 }
@@ -57,41 +57,47 @@ struct AdvancedPane: View {
 
                 SettingsSection(contentSpacing: 10) {
                     PreferenceToggleRow(
-                        title: "Show Debug Settings",
-                        subtitle: "Expose troubleshooting tools in the Debug tab.",
+                        title: L("show_debug_settings_title"),
+                        subtitle: L("show_debug_settings_subtitle"),
                         binding: self.$settings.debugMenuEnabled)
                     PreferenceToggleRow(
-                        title: "Surprise me",
-                        subtitle: "Check if you like your agents having some fun up there.",
+                        title: L("surprise_me_title"),
+                        subtitle: L("surprise_me_subtitle"),
                         binding: self.$settings.randomBlinkEnabled)
                     PreferenceToggleRow(
                         title: "Color-coded icons",
                         subtitle: "Tint menu bar icons green, yellow, or red based on session usage.",
                         binding: self.$settings.colorCodedIcons)
+                    PreferenceToggleRow(
+                        title: L("weekly_limit_confetti_title"),
+                        subtitle: L("weekly_limit_confetti_subtitle"),
+                        binding: self.$settings.confettiOnWeeklyLimitResetsEnabled)
                 }
 
                 Divider()
 
                 SettingsSection(contentSpacing: 10) {
                     PreferenceToggleRow(
-                        title: "Hide personal information",
-                        subtitle: "Obscure email addresses in the menu bar and menu UI.",
+                        title: L("hide_personal_info_title"),
+                        subtitle: L("hide_personal_info_subtitle"),
                         binding: self.$settings.hidePersonalInfo)
+                    PreferenceToggleRow(
+                        title: L("show_provider_storage_usage_title"),
+                        subtitle: L("show_provider_storage_usage_subtitle"),
+                        binding: self.$settings.providerStorageFootprintsEnabled)
                 }
 
                 Divider()
 
                 SettingsSection(
-                    title: "Keychain access",
-                    caption: """
-                    Disable all Keychain reads and writes. Browser cookie import is unavailable; paste Cookie \
-                    headers manually in Providers.
-                    """) {
-                        PreferenceToggleRow(
-                            title: "Disable Keychain access",
-                            subtitle: "Prevents any Keychain access while enabled.",
-                            binding: self.$settings.debugDisableKeychainAccess)
-                    }
+                    title: L("section_keychain_access"),
+                    caption: L("keychain_access_caption"))
+                {
+                    PreferenceToggleRow(
+                        title: L("disable_keychain_access_title"),
+                        subtitle: L("disable_keychain_access_subtitle"),
+                        binding: self.$settings.debugDisableKeychainAccess)
+                }
             }
             .frame(maxWidth: .infinity, alignment: .leading)
             .padding(.horizontal, 20)
@@ -109,7 +115,7 @@ extension AdvancedPane {
         let helperURL = Bundle.main.bundleURL.appendingPathComponent("Contents/Helpers/CodexBarCLI")
         let fm = FileManager.default
         guard fm.fileExists(atPath: helperURL.path) else {
-            self.cliStatus = "CodexBarCLI not found in app bundle."
+            self.cliStatus = L("cli_not_found")
             return
         }
 
@@ -145,7 +151,7 @@ extension AdvancedPane {
         }
 
         self.cliStatus = results.isEmpty
-            ? "No writable bin dirs found."
+            ? L("no_writable_bin_dirs")
             : results.joined(separator: " · ")
     }
 
diff --git a/Sources/CodexBar/PreferencesCodexAccountsSection.swift b/Sources/CodexBar/PreferencesCodexAccountsSection.swift
new file mode 100644
index 000000000..f42be5271
--- /dev/null
+++ b/Sources/CodexBar/PreferencesCodexAccountsSection.swift
@@ -0,0 +1,331 @@
+import Foundation
+import SwiftUI
+
+protocol CodexAmbientLoginRunning: Sendable {
+    func run(timeout: TimeInterval) async -> CodexLoginRunner.Result
+}
+
+struct DefaultCodexAmbientLoginRunner: CodexAmbientLoginRunning {
+    func run(timeout: TimeInterval) async -> CodexLoginRunner.Result {
+        await CodexLoginRunner.run(timeout: timeout)
+    }
+}
+
+struct CodexAccountsSectionNotice: Equatable {
+    enum Tone: Equatable {
+        case secondary
+        case warning
+    }
+
+    let text: String
+    let tone: Tone
+}
+
+struct CodexAccountsSectionState: Equatable {
+    let visibleAccounts: [CodexVisibleAccount]
+    let activeVisibleAccountID: String?
+    let liveVisibleAccountID: String?
+    let hasUnreadableManagedAccountStore: Bool
+    let isAuthenticatingManagedAccount: Bool
+    let authenticatingManagedAccountID: UUID?
+    let isRemovingManagedAccount: Bool
+    let isAuthenticatingLiveAccount: Bool
+    let isPromotingSystemAccount: Bool
+    let notice: CodexAccountsSectionNotice?
+
+    var showsActivePicker: Bool {
+        self.visibleAccounts.count > 1
+    }
+
+    var singleVisibleAccount: CodexVisibleAccount? {
+        self.visibleAccounts.count == 1 ? self.visibleAccounts.first : nil
+    }
+
+    var systemVisibleAccount: CodexVisibleAccount? {
+        guard let liveVisibleAccountID else { return nil }
+        return self.visibleAccounts.first { $0.id == liveVisibleAccountID }
+    }
+
+    var showsSystemPicker: Bool {
+        self.visibleAccounts.count > 1 || (self.liveVisibleAccountID == nil && !self.visibleAccounts.isEmpty)
+    }
+
+    var systemDisplayName: String {
+        self.systemVisibleAccount?.displayName ?? L("No system account")
+    }
+
+    var canAddAccount: Bool {
+        !self.hasUnreadableManagedAccountStore &&
+            !self.isAuthenticatingManagedAccount &&
+            !self.isRemovingManagedAccount &&
+            !self.isAuthenticatingLiveAccount &&
+            !self.isPromotingSystemAccount
+    }
+
+    var addAccountTitle: String {
+        if self.isAuthenticatingManagedAccount, self.authenticatingManagedAccountID == nil {
+            return L("Adding Account…")
+        }
+        return L("Add Account")
+    }
+
+    func showsLiveBadge(for account: CodexVisibleAccount) -> Bool {
+        account.isLive
+    }
+
+    var isSystemSelectionDisabled: Bool {
+        self.hasUnreadableManagedAccountStore ||
+            self.isAuthenticatingManagedAccount ||
+            self.isRemovingManagedAccount ||
+            self.isAuthenticatingLiveAccount ||
+            self.isPromotingSystemAccount
+    }
+
+    func canPromoteToSystem(_ account: CodexVisibleAccount) -> Bool {
+        guard self.isSystemSelectionDisabled == false else { return false }
+        guard account.id != self.liveVisibleAccountID else { return false }
+        return account.storedAccountID != nil
+    }
+
+    func canReauthenticate(_ account: CodexVisibleAccount) -> Bool {
+        guard account.canReauthenticate else { return false }
+        guard self.isAuthenticatingManagedAccount == false else { return false }
+        guard self.isRemovingManagedAccount == false else { return false }
+        guard self.isAuthenticatingLiveAccount == false else { return false }
+        guard self.isPromotingSystemAccount == false else { return false }
+        if account.storedAccountID != nil {
+            return self.hasUnreadableManagedAccountStore == false
+        }
+        return true
+    }
+
+    func canRemove(_ account: CodexVisibleAccount) -> Bool {
+        guard account.canRemove else { return false }
+        guard self.isAuthenticatingManagedAccount == false else { return false }
+        guard self.isRemovingManagedAccount == false else { return false }
+        guard self.isAuthenticatingLiveAccount == false else { return false }
+        guard self.isPromotingSystemAccount == false else { return false }
+        return self.hasUnreadableManagedAccountStore == false
+    }
+
+    func reauthenticateTitle(for account: CodexVisibleAccount) -> String {
+        if let accountID = account.storedAccountID,
+           self.isAuthenticatingManagedAccount,
+           self.authenticatingManagedAccountID == accountID
+        {
+            return L("Re-authenticating…")
+        }
+        if account.storedAccountID == nil, self.isAuthenticatingLiveAccount {
+            return L("Re-authenticating…")
+        }
+        return L("Re-auth")
+    }
+}
+
+@MainActor
+struct CodexAccountsSectionView: View {
+    let state: CodexAccountsSectionState
+    let setActiveVisibleAccount: (String) -> Void
+    let reauthenticateAccount: (CodexVisibleAccount) -> Void
+    let removeAccount: (CodexVisibleAccount) -> Void
+    let requestSystemVisibleAccount: (String) -> Void
+    let addAccount: () -> Void
+
+    var body: some View {
+        ProviderSettingsSection(title: L("Accounts")) {
+            if let selection = self.activeSelectionBinding {
+                VStack(alignment: .leading, spacing: 6) {
+                    HStack(alignment: .firstTextBaseline, spacing: 10) {
+                        Text(L("Active"))
+                            .font(.subheadline.weight(.semibold))
+                            .frame(width: ProviderSettingsMetrics.pickerLabelWidth, alignment: .leading)
+
+                        Picker("", selection: selection) {
+                            ForEach(self.state.visibleAccounts) { account in
+                                Text(account.displayName).tag(account.id)
+                            }
+                        }
+                        .labelsHidden()
+                        .pickerStyle(.menu)
+                        .controlSize(.small)
+
+                        Spacer(minLength: 0)
+                    }
+
+                    Text(L("Choose which Codex account CodexBar should follow."))
+                        .font(.footnote)
+                        .foregroundStyle(.secondary)
+
+                    self.systemRow(selection: self.systemSelectionBinding)
+                }
+                .disabled(
+                    self.state.isAuthenticatingManagedAccount ||
+                        self.state.isRemovingManagedAccount ||
+                        self.state.isAuthenticatingLiveAccount ||
+                        self.state.isPromotingSystemAccount)
+            } else if let account = self.state.singleVisibleAccount {
+                VStack(alignment: .leading, spacing: 6) {
+                    HStack(alignment: .firstTextBaseline, spacing: 10) {
+                        Text(L("Account"))
+                            .font(.subheadline.weight(.semibold))
+                            .frame(width: ProviderSettingsMetrics.pickerLabelWidth, alignment: .leading)
+
+                        Text(account.displayName)
+                            .font(.subheadline)
+
+                        Spacer(minLength: 0)
+                    }
+
+                    self.systemRow(selection: nil)
+                }
+            }
+
+            if self.state.visibleAccounts.isEmpty {
+                Text(L("No Codex accounts detected yet."))
+                    .font(.footnote)
+                    .foregroundStyle(.secondary)
+            } else {
+                VStack(alignment: .leading, spacing: 10) {
+                    ForEach(self.state.visibleAccounts) { account in
+                        CodexAccountsSectionRowView(
+                            account: account,
+                            showsSystemBadge: self.state.showsLiveBadge(for: account),
+                            reauthenticateTitle: self.state.reauthenticateTitle(for: account),
+                            canReauthenticate: self.state.canReauthenticate(account),
+                            canRemove: self.state.canRemove(account),
+                            onReauthenticate: { self.reauthenticateAccount(account) },
+                            onRemove: { self.removeAccount(account) })
+                    }
+                }
+            }
+
+            if let notice = self.state.notice {
+                Text(notice.text)
+                    .font(.footnote)
+                    .foregroundStyle(notice.tone == .warning ? .red : .secondary)
+                    .fixedSize(horizontal: false, vertical: true)
+            }
+
+            Button(self.state.addAccountTitle) {
+                self.addAccount()
+            }
+            .buttonStyle(.bordered)
+            .controlSize(.small)
+            .disabled(self.state.canAddAccount == false)
+        }
+    }
+
+    private var activeSelectionBinding: Binding<String>? {
+        guard self.state.showsActivePicker else { return nil }
+        let fallbackID = self.state.activeVisibleAccountID ?? self.state.visibleAccounts.first?.id
+        guard let fallbackID else { return nil }
+        return Binding(
+            get: { self.state.activeVisibleAccountID ?? fallbackID },
+            set: { self.setActiveVisibleAccount($0) })
+    }
+
+    private var systemSelectionBinding: Binding<String>? {
+        guard self.state.showsSystemPicker else { return nil }
+        guard let liveVisibleAccountID = self.state.liveVisibleAccountID else { return nil }
+        return Binding(
+            get: { self.state.liveVisibleAccountID ?? liveVisibleAccountID },
+            set: { self.requestSystemVisibleAccount($0) })
+    }
+
+    @ViewBuilder
+    private func systemRow(selection: Binding<String>?) -> some View {
+        HStack(alignment: .firstTextBaseline, spacing: 10) {
+            Text(L("System"))
+                .font(.subheadline.weight(.semibold))
+                .frame(width: ProviderSettingsMetrics.pickerLabelWidth, alignment: .leading)
+
+            if let selection {
+                Picker("", selection: selection) {
+                    ForEach(self.state.visibleAccounts) { account in
+                        Text(account.displayName)
+                            .tag(account.id)
+                    }
+                }
+                .labelsHidden()
+                .pickerStyle(.menu)
+                .controlSize(.small)
+                .disabled(self.state.isSystemSelectionDisabled)
+            } else if self.state.showsSystemPicker {
+                Menu {
+                    ForEach(self.state.visibleAccounts) { account in
+                        Button(account.displayName) {
+                            self.requestSystemVisibleAccount(account.id)
+                        }
+                        .disabled(self.state.canPromoteToSystem(account) == false)
+                    }
+                } label: {
+                    Text(self.state.systemDisplayName)
+                        .font(.subheadline)
+                        .foregroundStyle(.secondary)
+                }
+                .disabled(self.state.isSystemSelectionDisabled)
+            } else {
+                Text(self.state.systemDisplayName)
+                    .font(.subheadline)
+                    .foregroundStyle(self.state.systemVisibleAccount == nil ? .secondary : .primary)
+            }
+
+            Spacer(minLength: 0)
+        }
+
+        Text(L("The default Codex account on this Mac."))
+            .font(.footnote)
+            .foregroundStyle(.secondary)
+    }
+}
+
+private struct CodexAccountsSectionRowView: View {
+    let account: CodexVisibleAccount
+    let showsSystemBadge: Bool
+    let reauthenticateTitle: String
+    let canReauthenticate: Bool
+    let canRemove: Bool
+    let onReauthenticate: () -> Void
+    let onRemove: () -> Void
+
+    var body: some View {
+        HStack(alignment: .center, spacing: 12) {
+            VStack(alignment: .leading, spacing: 2) {
+                HStack(alignment: .firstTextBaseline, spacing: 6) {
+                    Text(self.account.displayName)
+                        .font(.subheadline.weight(.semibold))
+                    if self.showsSystemBadge {
+                        Text(L("(System)"))
+                            .font(.caption.weight(.semibold))
+                            .foregroundStyle(.secondary)
+                    }
+                }
+                if let health = self.account.authenticationHealthLabel {
+                    Text(health)
+                        .font(.caption)
+                        .foregroundStyle(.orange)
+                }
+            }
+
+            Spacer(minLength: 8)
+
+            if self.account.canReauthenticate {
+                Button(self.reauthenticateTitle) {
+                    self.onReauthenticate()
+                }
+                .buttonStyle(.bordered)
+                .controlSize(.small)
+                .disabled(self.canReauthenticate == false)
+            }
+
+            if self.account.canRemove {
+                Button(L("Remove")) {
+                    self.onRemove()
+                }
+                .buttonStyle(.bordered)
+                .controlSize(.small)
+                .disabled(self.canRemove == false)
+            }
+        }
+    }
+}
diff --git a/Sources/CodexBar/PreferencesDebugPane.swift b/Sources/CodexBar/PreferencesDebugPane.swift
index c5d4730b4..e5de4da91 100644
--- a/Sources/CodexBar/PreferencesDebugPane.swift
+++ b/Sources/CodexBar/PreferencesDebugPane.swift
@@ -13,6 +13,7 @@ struct DebugPane: View {
     @State private var logText: String = ""
     @State private var isClearingCostCache = false
     @State private var costCacheStatus: String?
+    @State private var cookieCacheStatus: String?
     #if DEBUG
     @State private var currentErrorProvider: UsageProvider = .codex
     @State private var simulatedErrorText: String = """
@@ -26,10 +27,10 @@ struct DebugPane: View {
     var body: some View {
         ScrollView(.vertical, showsIndicators: true) {
             VStack(alignment: .leading, spacing: 20) {
-                SettingsSection(title: "Logging") {
+                SettingsSection(title: L("section_logging")) {
                     PreferenceToggleRow(
-                        title: "Enable file logging",
-                        subtitle: "Write logs to \(self.fileLogPath) for debugging.",
+                        title: L("enable_file_logging"),
+                        subtitle: String(format: L("enable_file_logging_subtitle"), self.fileLogPath),
                         binding: self.$debugFileLoggingEnabled)
                         .onChange(of: self.debugFileLoggingEnabled) { _, newValue in
                             if self.settings.debugFileLoggingEnabled != newValue {
@@ -39,14 +40,14 @@ struct DebugPane: View {
 
                     HStack(alignment: .center, spacing: 12) {
                         VStack(alignment: .leading, spacing: 4) {
-                            Text("Verbosity")
+                            Text(L("verbosity_title"))
                                 .font(.body)
-                            Text("Controls how much detail is logged.")
+                            Text(L("verbosity_subtitle"))
                                 .font(.footnote)
                                 .foregroundStyle(.tertiary)
                         }
                         Spacer()
-                        Picker("Verbosity", selection: self.$settings.debugLogLevel) {
+                        Picker(L("Verbosity"), selection: self.$settings.debugLogLevel) {
                             ForEach(CodexBarLog.Level.allCases) { level in
                                 Text(level.displayName).tag(level)
                             }
@@ -59,31 +60,31 @@ struct DebugPane: View {
                     Button {
                         NSWorkspace.shared.open(CodexBarLog.fileLogURL)
                     } label: {
-                        Label("Open log file", systemImage: "doc.text.magnifyingglass")
+                        Label(L("open_log_file"), systemImage: "doc.text.magnifyingglass")
                     }
                     .controlSize(.small)
                 }
 
                 SettingsSection {
                     PreferenceToggleRow(
-                        title: "Force animation on next refresh",
-                        subtitle: "Temporarily shows the loading animation after the next refresh.",
+                        title: L("force_animation_next_refresh"),
+                        subtitle: L("force_animation_next_refresh_subtitle"),
                         binding: self.$store.debugForceAnimation)
                 }
 
                 SettingsSection(
-                    title: "Loading animations",
-                    caption: "Pick a pattern and replay it in the menu bar. \"Random\" keeps the existing behavior.")
+                    title: L("section_loading_animations"),
+                    caption: L("loading_animations_caption"))
                 {
-                    Picker("Animation pattern", selection: self.animationPatternBinding) {
-                        Text("Random (default)").tag(nil as LoadingPattern?)
+                    Picker(L("Animation pattern"), selection: self.animationPatternBinding) {
+                        Text(L("animation_random_default")).tag(nil as LoadingPattern?)
                         ForEach(LoadingPattern.allCases) { pattern in
                             Text(pattern.displayName).tag(Optional(pattern))
                         }
                     }
                     .pickerStyle(.radioGroup)
 
-                    Button("Replay selected animation") {
+                    Button(L("replay_selected_animation")) {
                         self.replaySelectedAnimation()
                     }
                     .keyboardShortcut(.defaultAction)
@@ -91,16 +92,16 @@ struct DebugPane: View {
                     Button {
                         NotificationCenter.default.post(name: .codexbarDebugBlinkNow, object: nil)
                     } label: {
-                        Label("Blink now", systemImage: "eyes")
+                        Label(L("blink_now"), systemImage: "eyes")
                     }
                     .controlSize(.small)
                 }
 
                 SettingsSection(
-                    title: "Probe logs",
-                    caption: "Fetch the latest probe output for debugging; Copy keeps the full text.")
+                    title: L("section_probe_logs"),
+                    caption: L("probe_logs_caption"))
                 {
-                    Picker("Provider", selection: self.$currentLogProvider) {
+                    Picker(L("Provider"), selection: self.$currentLogProvider) {
                         Text("Codex").tag(UsageProvider.codex)
                         Text("Claude").tag(UsageProvider.claude)
                         Text("Cursor").tag(UsageProvider.cursor)
@@ -113,23 +114,23 @@ struct DebugPane: View {
 
                     HStack(spacing: 12) {
                         Button { self.loadLog(self.currentLogProvider) } label: {
-                            Label("Fetch log", systemImage: "arrow.clockwise")
+                            Label(L("fetch_log"), systemImage: "arrow.clockwise")
                         }
                         .disabled(self.isLoadingLog)
 
                         Button { self.copyToPasteboard(self.logText) } label: {
-                            Label("Copy", systemImage: "doc.on.doc")
+                            Label(L("copy"), systemImage: "doc.on.doc")
                         }
                         .disabled(self.logText.isEmpty)
 
                         Button { self.saveLog(self.currentLogProvider) } label: {
-                            Label("Save to file", systemImage: "externaldrive.badge.plus")
+                            Label(L("save_to_file"), systemImage: "externaldrive.badge.plus")
                         }
                         .disabled(self.isLoadingLog && self.logText.isEmpty)
 
                         if self.currentLogProvider == .claude {
                             Button { self.loadClaudeDump() } label: {
-                                Label("Load parse dump", systemImage: "doc.text.magnifyingglass")
+                                Label(L("load_parse_dump"), systemImage: "doc.text.magnifyingglass")
                             }
                             .disabled(self.isLoadingLog)
                         }
@@ -139,7 +140,7 @@ struct DebugPane: View {
                         self.settings.rerunProviderDetection()
                         self.loadLog(self.currentLogProvider)
                     } label: {
-                        Label("Re-run provider autodetect", systemImage: "dot.radiowaves.left.and.right")
+                        Label(L("rerun_provider_autodetect"), systemImage: "dot.radiowaves.left.and.right")
                     }
                     .controlSize(.small)
 
@@ -165,10 +166,10 @@ struct DebugPane: View {
                 }
 
                 SettingsSection(
-                    title: "Fetch strategy attempts",
-                    caption: "Last fetch pipeline decisions and errors for a provider.")
+                    title: L("section_fetch_strategy"),
+                    caption: L("fetch_strategy_caption"))
                 {
-                    Picker("Provider", selection: self.$currentFetchProvider) {
+                    Picker(L("Provider"), selection: self.$currentFetchProvider) {
                         ForEach(UsageProvider.allCases, id: \.self) { provider in
                             Text(provider.rawValue.capitalized).tag(provider)
                         }
@@ -190,14 +191,14 @@ struct DebugPane: View {
 
                 if !self.settings.debugDisableKeychainAccess {
                     SettingsSection(
-                        title: "OpenAI cookies",
-                        caption: "Cookie import + WebKit scrape logs from the last OpenAI cookies attempt.")
+                        title: L("section_openai_cookies"),
+                        caption: L("openai_cookies_caption"))
                     {
                         HStack(spacing: 12) {
                             Button {
                                 self.copyToPasteboard(self.store.openAIDashboardCookieImportDebugLog ?? "")
                             } label: {
-                                Label("Copy", systemImage: "doc.on.doc")
+                                Label(L("copy"), systemImage: "doc.on.doc")
                             }
                             .disabled((self.store.openAIDashboardCookieImportDebugLog ?? "").isEmpty)
                         }
@@ -206,7 +207,7 @@ struct DebugPane: View {
                             Text(
                                 self.store.openAIDashboardCookieImportDebugLog?.isEmpty == false
                                     ? (self.store.openAIDashboardCookieImportDebugLog ?? "")
-                                    : "No log yet. Update OpenAI cookies in Providers → Codex to run an import.")
+                                    : L("no_log_yet"))
                                 .font(.system(.footnote, design: .monospaced))
                                 .textSelection(.enabled)
                                 .frame(maxWidth: .infinity, alignment: .leading)
@@ -219,8 +220,8 @@ struct DebugPane: View {
                 }
 
                 SettingsSection(
-                    title: "Caches",
-                    caption: "Clear cached cost scan results.")
+                    title: L("section_caches"),
+                    caption: L("caches_caption"))
                 {
                     let isTokenRefreshActive = self.store.isTokenRefreshInFlight(for: .codex)
                         || self.store.isTokenRefreshInFlight(for: .claude)
@@ -229,7 +230,7 @@ struct DebugPane: View {
                         Button {
                             Task { await self.clearCostCache() }
                         } label: {
-                            Label("Clear cost cache", systemImage: "trash")
+                            Label(L("clear_cost_cache"), systemImage: "trash")
                         }
                         .disabled(self.isClearingCostCache || isTokenRefreshActive)
 
@@ -239,13 +240,27 @@ struct DebugPane: View {
                                 .foregroundStyle(.tertiary)
                         }
                     }
+
+                    HStack(spacing: 12) {
+                        Button {
+                            self.clearCookieCache()
+                        } label: {
+                            Label(L("clear_cookie_cache"), systemImage: "trash")
+                        }
+
+                        if let status = self.cookieCacheStatus {
+                            Text(status)
+                                .font(.footnote)
+                                .foregroundStyle(.tertiary)
+                        }
+                    }
                 }
 
                 SettingsSection(
-                    title: "Notifications",
-                    caption: "Trigger test notifications for the 5-hour session window (depleted/restored).")
+                    title: L("section_notifications"),
+                    caption: L("notifications_caption"))
                 {
-                    Picker("Provider", selection: self.$currentLogProvider) {
+                    Picker(L("Provider"), selection: self.$currentLogProvider) {
                         Text("Codex").tag(UsageProvider.codex)
                         Text("Claude").tag(UsageProvider.claude)
                     }
@@ -256,26 +271,26 @@ struct DebugPane: View {
                         Button {
                             self.postSessionNotification(.depleted, provider: self.currentLogProvider)
                         } label: {
-                            Label("Post depleted", systemImage: "bell.badge")
+                            Label(L("post_depleted"), systemImage: "bell.badge")
                         }
                         .controlSize(.small)
 
                         Button {
                             self.postSessionNotification(.restored, provider: self.currentLogProvider)
                         } label: {
-                            Label("Post restored", systemImage: "bell")
+                            Label(L("post_restored"), systemImage: "bell")
                         }
                         .controlSize(.small)
                     }
                 }
 
                 SettingsSection(
-                    title: "CLI sessions",
-                    caption: "Keep Codex/Claude CLI sessions alive after a probe. Default exits once data is captured.")
+                    title: L("section_cli_sessions"),
+                    caption: L("cli_sessions_caption"))
                 {
                     PreferenceToggleRow(
-                        title: "Keep CLI sessions alive",
-                        subtitle: "Skip teardown between probes (debug-only).",
+                        title: L("keep_cli_sessions_alive"),
+                        subtitle: L("keep_cli_sessions_alive_subtitle"),
                         binding: self.$settings.debugKeepCLISessionsAlive)
 
                     Button {
@@ -283,29 +298,30 @@ struct DebugPane: View {
                             await CLIProbeSessionResetter.resetAll()
                         }
                     } label: {
-                        Label("Reset CLI sessions", systemImage: "arrow.counterclockwise")
+                        Label(L("reset_cli_sessions"), systemImage: "arrow.counterclockwise")
                     }
                     .controlSize(.small)
                 }
 
                 #if DEBUG
                 SettingsSection(
-                    title: "Error simulation",
-                    caption: "Inject a fake error message into the menu card for layout testing.")
+                    title: L("section_error_simulation"),
+                    caption: L("error_simulation_caption"))
                 {
-                    Picker("Provider", selection: self.$currentErrorProvider) {
+                    Picker(L("Provider"), selection: self.$currentErrorProvider) {
                         Text("Codex").tag(UsageProvider.codex)
                         Text("Claude").tag(UsageProvider.claude)
                         Text("Gemini").tag(UsageProvider.gemini)
                         Text("Antigravity").tag(UsageProvider.antigravity)
                         Text("Augment").tag(UsageProvider.augment)
                         Text("Amp").tag(UsageProvider.amp)
+                        Text("T3 Chat").tag(UsageProvider.t3chat)
                         Text("Ollama").tag(UsageProvider.ollama)
                     }
                     .pickerStyle(.segmented)
                     .frame(width: 360)
 
-                    TextField("Simulated error text", text: self.$simulatedErrorText, axis: .vertical)
+                    TextField(L("Simulated error text"), text: self.$simulatedErrorText, axis: .vertical)
                         .lineLimit(4)
 
                     HStack(spacing: 12) {
@@ -314,14 +330,14 @@ struct DebugPane: View {
                                 self.simulatedErrorText,
                                 provider: self.currentErrorProvider)
                         } label: {
-                            Label("Set menu error", systemImage: "exclamationmark.triangle")
+                            Label(L("set_menu_error"), systemImage: "exclamationmark.triangle")
                         }
                         .controlSize(.small)
 
                         Button {
                             self.store._setErrorForTesting(nil, provider: self.currentErrorProvider)
                         } label: {
-                            Label("Clear menu error", systemImage: "xmark.circle")
+                            Label(L("clear_menu_error"), systemImage: "xmark.circle")
                         }
                         .controlSize(.small)
                     }
@@ -333,7 +349,7 @@ struct DebugPane: View {
                                 self.simulatedErrorText,
                                 provider: self.currentErrorProvider)
                         } label: {
-                            Label("Set cost error", systemImage: "banknote")
+                            Label(L("set_cost_error"), systemImage: "banknote")
                         }
                         .controlSize(.small)
                         .disabled(!supportsTokenError)
@@ -341,7 +357,7 @@ struct DebugPane: View {
                         Button {
                             self.store._setTokenErrorForTesting(nil, provider: self.currentErrorProvider)
                         } label: {
-                            Label("Clear cost error", systemImage: "xmark.circle")
+                            Label(L("clear_cost_error"), systemImage: "xmark.circle")
                         }
                         .controlSize(.small)
                         .disabled(!supportsTokenError)
@@ -350,19 +366,19 @@ struct DebugPane: View {
                 #endif
 
                 SettingsSection(
-                    title: "CLI paths",
-                    caption: "Resolved Codex binary and PATH layers; startup login PATH capture (short timeout).")
+                    title: L("section_cli_paths"),
+                    caption: L("cli_paths_caption"))
                 {
-                    self.binaryRow(title: "Codex binary", value: self.store.pathDebugInfo.codexBinary)
-                    self.binaryRow(title: "Claude binary", value: self.store.pathDebugInfo.claudeBinary)
+                    self.binaryRow(title: L("codex_binary"), value: self.store.pathDebugInfo.codexBinary)
+                    self.binaryRow(title: L("claude_binary"), value: self.store.pathDebugInfo.claudeBinary)
 
                     VStack(alignment: .leading, spacing: 6) {
-                        Text("Effective PATH")
+                        Text(L("effective_path"))
                             .font(.callout.weight(.semibold))
                         ScrollView {
                             Text(
                                 self.store.pathDebugInfo.effectivePATH.isEmpty
-                                    ? "Unavailable"
+                                    ? L("unavailable")
                                     : self.store.pathDebugInfo.effectivePATH)
                                 .font(.system(.footnote, design: .monospaced))
                                 .textSelection(.enabled)
@@ -376,7 +392,7 @@ struct DebugPane: View {
 
                     if let loginPATH = self.store.pathDebugInfo.loginShellPATH {
                         VStack(alignment: .leading, spacing: 6) {
-                            Text("Login shell PATH (startup capture)")
+                            Text(L("login_shell_path"))
                                 .font(.callout.weight(.semibold))
                             ScrollView {
                                 Text(loginPATH)
@@ -422,7 +438,7 @@ struct DebugPane: View {
 
     private var displayedLog: String {
         if self.logText.isEmpty {
-            return self.isLoadingLog ? "Loading…" : "No log yet. Fetch to load."
+            return self.isLoadingLog ? L("loading") : L("no_log_yet_fetch")
         }
         return self.logText
     }
@@ -430,7 +446,11 @@ struct DebugPane: View {
     private func loadLog(_ provider: UsageProvider) {
         self.isLoadingLog = true
         Task {
-            let text = await self.store.debugLog(for: provider)
+            let text = await ProviderInteractionContext.$current.withValue(.userInitiated) {
+                await ProviderRefreshContext.$current.withValue(.regular) {
+                    await self.store.debugLog(for: provider)
+                }
+            }
             await MainActor.run {
                 self.logText = text
                 self.isLoadingLog = false
@@ -442,11 +462,19 @@ struct DebugPane: View {
         Task {
             if self.logText.isEmpty {
                 self.isLoadingLog = true
-                let text = await self.store.debugLog(for: provider)
+                let text = await ProviderInteractionContext.$current.withValue(.userInitiated) {
+                    await ProviderRefreshContext.$current.withValue(.regular) {
+                        await self.store.debugLog(for: provider)
+                    }
+                }
                 await MainActor.run { self.logText = text }
                 self.isLoadingLog = false
             }
-            _ = await self.store.dumpLog(toFileFor: provider)
+            _ = await ProviderInteractionContext.$current.withValue(.userInitiated) {
+                await ProviderRefreshContext.$current.withValue(.regular) {
+                    await self.store.dumpLog(toFileFor: provider)
+                }
+            }
         }
     }
 
@@ -460,7 +488,7 @@ struct DebugPane: View {
         VStack(alignment: .leading, spacing: 6) {
             Text(title)
                 .font(.callout.weight(.semibold))
-            Text(value ?? "Not found")
+            Text(value ?? L("not_found"))
                 .font(.system(.footnote, design: .monospaced))
                 .foregroundStyle(value == nil ? .secondary : .primary)
         }
@@ -492,12 +520,21 @@ struct DebugPane: View {
             return
         }
 
-        self.costCacheStatus = "Cleared."
+        self.costCacheStatus = L("cleared")
+    }
+
+    private func clearCookieCache() {
+        let cleared = CookieHeaderCache.clearAll()
+        if cleared > 0 {
+            self.cookieCacheStatus = "Cleared \(cleared) provider\(cleared == 1 ? "" : "s")."
+        } else {
+            self.cookieCacheStatus = "No cached cookies found."
+        }
     }
 
     private func fetchAttemptsText(for provider: UsageProvider) -> String {
         let attempts = self.store.fetchAttempts(for: provider)
-        guard !attempts.isEmpty else { return "No fetch attempts yet." }
+        guard !attempts.isEmpty else { return L("no_fetch_attempts") }
         return attempts.map { attempt in
             let kind = Self.fetchKindLabel(attempt.kind)
             var line = "\(attempt.strategyID) (\(kind))"
diff --git a/Sources/CodexBar/PreferencesDisplayPane.swift b/Sources/CodexBar/PreferencesDisplayPane.swift
index 040117e8a..0472195cc 100644
--- a/Sources/CodexBar/PreferencesDisplayPane.swift
+++ b/Sources/CodexBar/PreferencesDisplayPane.swift
@@ -5,6 +5,10 @@ import SwiftUI
 struct DisplayPane: View {
     private static let maxOverviewProviders = SettingsStore.mergedOverviewProviderLimit
 
+    static func overviewProviderLimitText(limit: Int = Self.maxOverviewProviders) -> String {
+        L("overview_choose_providers", String(limit))
+    }
+
     @State private var isOverviewProviderPopoverPresented = false
     @Bindable var settings: SettingsStore
     @Bindable var store: UsageStore
@@ -13,40 +17,40 @@ struct DisplayPane: View {
         ScrollView(.vertical, showsIndicators: true) {
             VStack(alignment: .leading, spacing: 16) {
                 SettingsSection(contentSpacing: 12) {
-                    Text("Menu bar")
+                    Text(L("section_menu_bar"))
                         .font(.caption)
                         .foregroundStyle(.secondary)
                         .textCase(.uppercase)
                     PreferenceToggleRow(
-                        title: "Merge Icons",
-                        subtitle: "Use a single menu bar icon with a provider switcher.",
+                        title: L("merge_icons_title"),
+                        subtitle: L("merge_icons_subtitle"),
                         binding: self.$settings.mergeIcons)
                     PreferenceToggleRow(
-                        title: "Switcher shows icons",
-                        subtitle: "Show provider icons in the switcher (otherwise show a weekly progress line).",
+                        title: L("switcher_shows_icons_title"),
+                        subtitle: L("switcher_shows_icons_subtitle"),
                         binding: self.$settings.switcherShowsIcons)
                         .disabled(!self.settings.mergeIcons)
                         .opacity(self.settings.mergeIcons ? 1 : 0.5)
                     PreferenceToggleRow(
-                        title: "Show most-used provider",
-                        subtitle: "Menu bar auto-shows the provider closest to its rate limit.",
+                        title: L("show_most_used_provider_title"),
+                        subtitle: L("show_most_used_provider_subtitle"),
                         binding: self.$settings.menuBarShowsHighestUsage)
                         .disabled(!self.settings.mergeIcons)
                         .opacity(self.settings.mergeIcons ? 1 : 0.5)
                     PreferenceToggleRow(
-                        title: "Menu bar shows percent",
-                        subtitle: "Replace critter bars with provider branding icons and a percentage.",
+                        title: L("menu_bar_shows_percent_title"),
+                        subtitle: L("menu_bar_shows_percent_subtitle"),
                         binding: self.$settings.menuBarShowsBrandIconWithPercent)
                     HStack(alignment: .top, spacing: 12) {
                         VStack(alignment: .leading, spacing: 4) {
-                            Text("Display mode")
+                            Text(L("display_mode_title"))
                                 .font(.body)
-                            Text("Choose what to show in the menu bar (Pace shows usage vs. expected).")
+                            Text(L("display_mode_subtitle"))
                                 .font(.footnote)
                                 .foregroundStyle(.tertiary)
                         }
                         Spacer()
-                        Picker("Display mode", selection: self.$settings.menuBarDisplayMode) {
+                        Picker(L("Display mode"), selection: self.$settings.menuBarDisplayMode) {
                             ForEach(MenuBarDisplayMode.allCases) { mode in
                                 Text(mode.label).tag(mode)
                             }
@@ -79,76 +83,72 @@ struct DisplayPane: View {
                         self.settings.menuBarDisplayMode != .both)
                     .opacity(self.settings.menuBarShowsBrandIconWithPercent &&
                         self.settings.menuBarDisplayMode == .both ? 1 : 0.5)
-                    VStack(alignment: .leading, spacing: 4) {
-                        Text("Time windows")
-                            .font(.body)
-                        Text("Choose which time window drives the percent and pace values.")
-                            .font(.footnote)
-                            .foregroundStyle(.tertiary)
-                        Grid(alignment: .leading, horizontalSpacing: 8, verticalSpacing: 6) {
-                            GridRow {
-                                Text("Percent:")
-                                    .font(.callout)
-                                Picker(
-                                    "Percent time window",
-                                    selection: self.$settings.menuBarPercentTimeWindow)
-                                {
-                                    ForEach(MenuBarTimeWindow.allCases) { window in
-                                        Text(window.label).tag(window)
-                                    }
-                                }
-                                .labelsHidden()
-                                .pickerStyle(.segmented)
-                                .frame(maxWidth: 160)
-                            }
-                            .disabled(self.settings.menuBarDisplayMode == .pace)
-                            .opacity(self.settings.menuBarDisplayMode == .pace ? 0.5 : 1)
-                            GridRow {
-                                Text("Pace:")
-                                    .font(.callout)
-                                Picker(
-                                    "Pace time window",
-                                    selection: self.$settings.menuBarPaceTimeWindow)
-                                {
-                                    ForEach(MenuBarTimeWindow.allCases) { window in
-                                        Text(window.label).tag(window)
-                                    }
-                                }
-                                .labelsHidden()
-                                .pickerStyle(.segmented)
-                                .frame(maxWidth: 160)
-                            }
-                            .disabled(self.settings.menuBarDisplayMode == .percent)
-                            .opacity(self.settings.menuBarDisplayMode == .percent ? 0.5 : 1)
-                        }
-                    }
-                    .disabled(!self.settings.menuBarShowsBrandIconWithPercent)
-                    .opacity(self.settings.menuBarShowsBrandIconWithPercent ? 1 : 0.5)
                 }
 
                 Divider()
 
                 SettingsSection(contentSpacing: 12) {
-                    Text("Menu content")
+                    Text(L("section_menu_content"))
                         .font(.caption)
                         .foregroundStyle(.secondary)
                         .textCase(.uppercase)
                     PreferenceToggleRow(
-                        title: "Show usage as used",
-                        subtitle: "Progress bars fill as you consume quota (instead of showing remaining).",
+                        title: L("show_usage_as_used_title"),
+                        subtitle: L("show_usage_as_used_subtitle"),
                         binding: self.$settings.usageBarsShowUsed)
                     PreferenceToggleRow(
-                        title: "Show reset time as clock",
-                        subtitle: "Display reset times as absolute clock values instead of countdowns.",
+                        title: L("show_quota_warning_markers_title"),
+                        subtitle: L("show_quota_warning_markers_subtitle"),
+                        binding: self.$settings.quotaWarningMarkersVisible)
+                    HStack(alignment: .top, spacing: 12) {
+                        VStack(alignment: .leading, spacing: 4) {
+                            Text(L("weekly_progress_work_days_title"))
+                                .font(.body)
+                            Text(L("weekly_progress_work_days_subtitle"))
+                                .font(.footnote)
+                                .foregroundStyle(.tertiary)
+                        }
+                        Spacer()
+                        Picker(L("weekly_progress_work_days_title"), selection: self.$settings.weeklyProgressWorkDays) {
+                            Text(L("Off")).tag(nil as Int?)
+                            Text(L("4 days")).tag(4 as Int?)
+                            Text(L("5 days")).tag(5 as Int?)
+                            Text(L("7 days")).tag(7 as Int?)
+                        }
+                        .labelsHidden()
+                        .pickerStyle(.menu)
+                        .frame(maxWidth: 100)
+                    }
+                    PreferenceToggleRow(
+                        title: L("show_reset_time_as_clock_title"),
+                        subtitle: L("show_reset_time_as_clock_subtitle"),
                         binding: self.$settings.resetTimesShowAbsolute)
                     PreferenceToggleRow(
-                        title: "Show credits + extra usage",
-                        subtitle: "Show Codex Credits and Claude Extra usage sections in the menu.",
-                        binding: self.$settings.showOptionalCreditsAndExtraUsage)
+                        title: L("show_provider_changelog_links_title"),
+                        subtitle: L("show_provider_changelog_links_subtitle"),
+                        binding: self.$settings.providerChangelogLinksEnabled)
                     PreferenceToggleRow(
-                        title: "Show all token accounts",
-                        subtitle: "Stack token accounts in the menu (otherwise show an account switcher bar).",
-                        binding: self.$settings.showAllTokenAccountsInMenu)
+                        title: L("show_credits_extra_usage_title"),
+                        subtitle: L("show_credits_extra_usage_subtitle"),
+                        binding: self.$settings.showOptionalCreditsAndExtraUsage)
+                    HStack(alignment: .top, spacing: 12) {
+                        VStack(alignment: .leading, spacing: 4) {
+                            Text(L("multi_account_layout_title"))
+                                .font(.body)
+                            Text(L("multi_account_layout_subtitle"))
+                                .font(.footnote)
+                                .foregroundStyle(.tertiary)
+                        }
+                        Spacer()
+                        Picker(L("multi_account_layout_title"), selection: self.$settings.multiAccountMenuLayout) {
+                            ForEach(MultiAccountMenuLayout.allCases) { layout in
+                                Text(layout.label).tag(layout)
+                            }
+                        }
+                        .labelsHidden()
+                        .pickerStyle(.menu)
+                        .frame(maxWidth: 200)
+                    }
                     self.overviewProviderSelector
                 }
             }
@@ -177,11 +177,11 @@ struct DisplayPane: View {
     private var overviewProviderSelector: some View {
         VStack(alignment: .leading, spacing: 6) {
             HStack(alignment: .center, spacing: 12) {
-                Text("Overview tab providers")
+                Text(L("overview_tab_providers_title"))
                     .font(.body)
                 Spacer(minLength: 0)
                 if self.showsOverviewConfigureButton {
-                    Button("Configure…") {
+                    Button(L("configure")) {
                         self.isOverviewProviderPopoverPresented = true
                     }
                     .offset(y: 1)
@@ -192,11 +192,11 @@ struct DisplayPane: View {
             }
 
             if !self.settings.mergeIcons {
-                Text("Enable Merge Icons to configure Overview tab providers.")
+                Text(L("overview_enable_merge_icons_hint"))
                     .font(.footnote)
                     .foregroundStyle(.tertiary)
             } else if self.activeProvidersInOrder.isEmpty {
-                Text("No enabled providers available for Overview.")
+                Text(L("overview_no_providers_hint"))
                     .font(.footnote)
                     .foregroundStyle(.tertiary)
             } else {
@@ -211,9 +211,9 @@ struct DisplayPane: View {
 
     private var overviewProviderPopover: some View {
         VStack(alignment: .leading, spacing: 10) {
-            Text("Choose up to \(Self.maxOverviewProviders) providers")
+            Text(Self.overviewProviderLimitText())
                 .font(.headline)
-            Text("Overview rows always follow provider order.")
+            Text(L("overview_rows_follow_order"))
                 .font(.footnote)
                 .foregroundStyle(.tertiary)
 
@@ -258,7 +258,7 @@ struct DisplayPane: View {
 
     private var overviewProviderSelectionSummary: String {
         let selectedNames = self.overviewSelectedProviders.map(self.providerDisplayName)
-        guard !selectedNames.isEmpty else { return "No providers selected" }
+        guard !selectedNames.isEmpty else { return L("overview_no_providers_selected") }
         return selectedNames.joined(separator: ", ")
     }
 
diff --git a/Sources/CodexBar/PreferencesGeneralPane.swift b/Sources/CodexBar/PreferencesGeneralPane.swift
index 39a95a55f..181b49633 100644
--- a/Sources/CodexBar/PreferencesGeneralPane.swift
+++ b/Sources/CodexBar/PreferencesGeneralPane.swift
@@ -2,6 +2,34 @@ import AppKit
 import CodexBarCore
 import SwiftUI
 
+enum AppLanguage: String, CaseIterable, Identifiable {
+    case system = ""
+    case english = "en"
+    case spanish = "es"
+    case catalan = "ca"
+    case chineseSimplified = "zh-Hans"
+    case chineseTraditional = "zh-Hant"
+    case portugueseBrazilian = "pt-BR"
+    case swedish = "sv"
+
+    var id: String {
+        self.rawValue
+    }
+
+    var label: String {
+        switch self {
+        case .system: L("language_system")
+        case .english: L("language_english")
+        case .spanish: L("language_spanish")
+        case .catalan: L("language_catalan")
+        case .chineseSimplified: L("language_chinese_simplified")
+        case .chineseTraditional: L("language_chinese_traditional")
+        case .portugueseBrazilian: L("language_portuguese_brazilian")
+        case .swedish: L("language_swedish")
+        }
+    }
+}
+
 @MainActor
 struct GeneralPane: View {
     @Bindable var settings: SettingsStore
@@ -11,20 +39,43 @@ struct GeneralPane: View {
         ScrollView(.vertical, showsIndicators: true) {
             VStack(alignment: .leading, spacing: 16) {
                 SettingsSection(contentSpacing: 12) {
-                    Text("System")
+                    Text(L("section_system"))
                         .font(.caption)
                         .foregroundStyle(.secondary)
                         .textCase(.uppercase)
+
+                    VStack(alignment: .leading, spacing: 6) {
+                        HStack(alignment: .top, spacing: 12) {
+                            VStack(alignment: .leading, spacing: 4) {
+                                Text(L("language_title"))
+                                    .font(.body)
+                                Text(L("language_subtitle"))
+                                    .font(.footnote)
+                                    .foregroundStyle(.tertiary)
+                                    .fixedSize(horizontal: false, vertical: true)
+                            }
+                            Spacer()
+                            Picker(L("language_title"), selection: self.$settings.appLanguage) {
+                                ForEach(AppLanguage.allCases) { option in
+                                    Text(option.label).tag(option.rawValue)
+                                }
+                            }
+                            .labelsHidden()
+                            .pickerStyle(.menu)
+                            .frame(maxWidth: 200)
+                        }
+                    }
+
                     PreferenceToggleRow(
-                        title: "Start at Login",
-                        subtitle: "Automatically opens CodexBar when you start your Mac.",
+                        title: L("start_at_login_title"),
+                        subtitle: L("start_at_login_subtitle"),
                         binding: self.$settings.launchAtLogin)
                 }
 
                 Divider()
 
                 SettingsSection(contentSpacing: 12) {
-                    Text("Usage")
+                    Text(L("section_usage"))
                         .font(.caption)
                         .foregroundStyle(.secondary)
                         .textCase(.uppercase)
@@ -32,18 +83,29 @@ struct GeneralPane: View {
                     VStack(alignment: .leading, spacing: 10) {
                         VStack(alignment: .leading, spacing: 4) {
                             Toggle(isOn: self.$settings.costUsageEnabled) {
-                                Text("Show cost summary")
+                                Text(L("show_cost_summary"))
                                     .font(.body)
                             }
                             .toggleStyle(.checkbox)
 
-                            Text("Reads local usage logs. Shows today + last 30 days cost in the menu.")
+                            Text(L("show_cost_summary_subtitle"))
                                 .font(.footnote)
                                 .foregroundStyle(.tertiary)
                                 .fixedSize(horizontal: false, vertical: true)
 
                             if self.settings.costUsageEnabled {
-                                Text("Auto-refresh: hourly · Timeout: 10m")
+                                Stepper(
+                                    value: self.$settings.costUsageHistoryDays,
+                                    in: 1...365,
+                                    step: 1)
+                                {
+                                    Text(String(
+                                        format: L("cost_history_days_title"),
+                                        self.settings.costUsageHistoryDays))
+                                        .font(.footnote)
+                                }
+
+                                Text(L("cost_auto_refresh_info"))
                                     .font(.footnote)
                                     .foregroundStyle(.tertiary)
 
@@ -57,21 +119,21 @@ struct GeneralPane: View {
                 Divider()
 
                 SettingsSection(contentSpacing: 12) {
-                    Text("Automation")
+                    Text(L("section_automation"))
                         .font(.caption)
                         .foregroundStyle(.secondary)
                         .textCase(.uppercase)
                     VStack(alignment: .leading, spacing: 6) {
                         HStack(alignment: .top, spacing: 12) {
                             VStack(alignment: .leading, spacing: 4) {
-                                Text("Refresh cadence")
+                                Text(L("refresh_cadence_title"))
                                     .font(.body)
-                                Text("How often CodexBar polls providers in the background.")
+                                Text(L("refresh_cadence_subtitle"))
                                     .font(.footnote)
                                     .foregroundStyle(.tertiary)
                             }
                             Spacer()
-                            Picker("Refresh cadence", selection: self.$settings.refreshFrequency) {
+                            Picker(L("Refresh cadence"), selection: self.$settings.refreshFrequency) {
                                 ForEach(RefreshFrequency.allCases) { option in
                                     Text(option.label).tag(option)
                                 }
@@ -81,21 +143,26 @@ struct GeneralPane: View {
                             .frame(maxWidth: 200)
                         }
                         if self.settings.refreshFrequency == .manual {
-                            Text("Auto-refresh is off; use the menu's Refresh command.")
+                            Text(L("manual_refresh_hint"))
                                 .font(.footnote)
                                 .foregroundStyle(.secondary)
                         }
                     }
                     PreferenceToggleRow(
-                        title: "Check provider status",
-                        subtitle: "Polls OpenAI/Claude status pages and Google Workspace for " +
-                            "Gemini/Antigravity, surfacing incidents in the icon and menu.",
+                        title: L("check_provider_status_title"),
+                        subtitle: L("check_provider_status_subtitle"),
                         binding: self.$settings.statusChecksEnabled)
                     PreferenceToggleRow(
-                        title: "Session quota notifications",
-                        subtitle: "Notifies when the 5-hour session quota hits 0% and when it becomes " +
-                            "available again.",
+                        title: L("session_quota_notifications_title"),
+                        subtitle: L("session_quota_notifications_subtitle"),
                         binding: self.$settings.sessionQuotaNotificationsEnabled)
+                    PreferenceToggleRow(
+                        title: L("quota_warning_notifications_title"),
+                        subtitle: L("quota_warning_notifications_subtitle"),
+                        binding: self.$settings.quotaWarningNotificationsEnabled)
+                    if self.settings.quotaWarningNotificationsEnabled {
+                        GlobalQuotaWarningSettingsView(settings: self.settings)
+                    }
                 }
 
                 Divider()
@@ -103,7 +170,7 @@ struct GeneralPane: View {
                 SettingsSection(contentSpacing: 12) {
                     HStack {
                         Spacer()
-                        Button("Quit CodexBar") { NSApp.terminate(nil) }
+                        Button(L("quit_app")) { NSApp.terminate(nil) }
                             .buttonStyle(.borderedProminent)
                             .controlSize(.large)
                     }
@@ -119,7 +186,7 @@ struct GeneralPane: View {
         let name = ProviderDescriptorRegistry.descriptor(for: provider).metadata.displayName
 
         guard provider == .claude || provider == .codex else {
-            return Text("\(name): unsupported")
+            return Text(String(format: L("cost_status_unsupported"), name))
                 .font(.footnote)
                 .foregroundStyle(.tertiary)
         }
@@ -133,32 +200,35 @@ struct GeneralPane: View {
                 formatter.unitsStyle = .abbreviated
                 return formatter.string(from: seconds).map { " (\($0))" } ?? ""
             }()
-            return Text("\(name): fetching…\(elapsed)")
+            return Text(String(format: L("cost_status_fetching"), name, elapsed))
                 .font(.footnote)
                 .foregroundStyle(.tertiary)
         }
         if let snapshot = self.store.tokenSnapshot(for: provider) {
             let updated = UsageFormatter.updatedString(from: snapshot.updatedAt)
-            let cost = snapshot.last30DaysCostUSD.map { UsageFormatter.usdString($0) } ?? "—"
-            return Text("\(name): \(updated) · 30d \(cost)")
+            let cost = snapshot.last30DaysCostUSD
+                .map { UsageFormatter.currencyString($0, currencyCode: snapshot.currencyCode) } ?? "—"
+            let window = snapshot.historyLabel ?? (snapshot.historyDays == 1 ? "today" : "\(snapshot.historyDays)d")
+            return Text(String(format: L("cost_status_snapshot"), name, updated, window, cost))
                 .font(.footnote)
                 .foregroundStyle(.tertiary)
         }
         if let error = self.store.tokenError(for: provider), !error.isEmpty {
             let truncated = UsageFormatter.truncatedSingleLine(error, max: 120)
-            return Text("\(name): \(truncated)")
+            return Text(String(format: L("cost_status_error"), name, truncated))
                 .font(.footnote)
                 .foregroundStyle(.tertiary)
         }
         if let lastAttempt = self.store.tokenLastAttemptAt(for: provider) {
             let rel = RelativeDateTimeFormatter()
+            rel.locale = Locale(identifier: "en_US")
             rel.unitsStyle = .abbreviated
             let when = rel.localizedString(for: lastAttempt, relativeTo: Date())
-            return Text("\(name): last attempt \(when)")
+            return Text(String(format: L("cost_status_last_attempt"), name, when))
                 .font(.footnote)
                 .foregroundStyle(.tertiary)
         }
-        return Text("\(name): no data yet")
+        return Text(String(format: L("cost_status_no_data"), name))
             .font(.footnote)
             .foregroundStyle(.tertiary)
     }
diff --git a/Sources/CodexBar/PreferencesProviderDetailView.swift b/Sources/CodexBar/PreferencesProviderDetailView.swift
index 58a55deb5..36dd0ce6d 100644
--- a/Sources/CodexBar/PreferencesProviderDetailView.swift
+++ b/Sources/CodexBar/PreferencesProviderDetailView.swift
@@ -2,7 +2,7 @@ import CodexBarCore
 import SwiftUI
 
 @MainActor
-struct ProviderDetailView: View {
+struct ProviderDetailView<SupplementaryContent: View>: View {
     let provider: UsageProvider
     @Bindable var store: UsageStore
     @Binding var isEnabled: Bool
@@ -11,14 +11,56 @@ struct ProviderDetailView: View {
     let settingsPickers: [ProviderSettingsPickerDescriptor]
     let settingsToggles: [ProviderSettingsToggleDescriptor]
     let settingsFields: [ProviderSettingsFieldDescriptor]
+    let settingsActions: [ProviderSettingsActionsDescriptor]
     let settingsTokenAccounts: ProviderSettingsTokenAccountsDescriptor?
+    let settingsOrganizations: ProviderSettingsOrganizationsDescriptor?
     let errorDisplay: ProviderErrorDisplay?
     @Binding var isErrorExpanded: Bool
     let onCopyError: (String) -> Void
     let onRefresh: () -> Void
+    let supplementarySettingsContent: SupplementaryContent
+    let showsSupplementarySettingsContent: Bool
+
+    init(
+        provider: UsageProvider,
+        store: UsageStore,
+        isEnabled: Binding<Bool>,
+        subtitle: String,
+        model: UsageMenuCardView.Model,
+        settingsPickers: [ProviderSettingsPickerDescriptor],
+        settingsToggles: [ProviderSettingsToggleDescriptor],
+        settingsFields: [ProviderSettingsFieldDescriptor],
+        settingsActions: [ProviderSettingsActionsDescriptor] = [],
+        settingsTokenAccounts: ProviderSettingsTokenAccountsDescriptor?,
+        settingsOrganizations: ProviderSettingsOrganizationsDescriptor? = nil,
+        errorDisplay: ProviderErrorDisplay?,
+        isErrorExpanded: Binding<Bool>,
+        onCopyError: @escaping (String) -> Void,
+        onRefresh: @escaping () -> Void,
+        showsSupplementarySettingsContent: Bool = false,
+        @ViewBuilder supplementarySettingsContent: () -> SupplementaryContent)
+    {
+        self.provider = provider
+        self.store = store
+        self._isEnabled = isEnabled
+        self.subtitle = subtitle
+        self.model = model
+        self.settingsPickers = settingsPickers
+        self.settingsToggles = settingsToggles
+        self.settingsFields = settingsFields
+        self.settingsActions = settingsActions
+        self.settingsTokenAccounts = settingsTokenAccounts
+        self.settingsOrganizations = settingsOrganizations
+        self.errorDisplay = errorDisplay
+        self._isErrorExpanded = isErrorExpanded
+        self.onCopyError = onCopyError
+        self.onRefresh = onRefresh
+        self.showsSupplementarySettingsContent = showsSupplementarySettingsContent
+        self.supplementarySettingsContent = supplementarySettingsContent()
+    }
 
     static func metricTitle(provider: UsageProvider, metric: UsageMenuCardView.Model.Metric) -> String {
-        UsageMenuCardView.popupMetricTitle(provider: provider, metric: metric)
+        L(UsageMenuCardView.popupMetricTitle(provider: provider, metric: metric))
     }
 
     static func planRow(provider: UsageProvider, planText: String?) -> (label: String, value: String)? {
@@ -27,8 +69,8 @@ struct ProviderDetailView: View {
         else {
             return nil
         }
-        guard provider == .openrouter else {
-            return (label: "Plan", value: rawPlan)
+        guard provider == .openrouter || provider == .mimo || provider == .moonshot else {
+            return (label: L("Plan"), value: rawPlan)
         }
 
         let prefix = "Balance:"
@@ -36,10 +78,10 @@ struct ProviderDetailView: View {
             let valueStart = rawPlan.index(rawPlan.startIndex, offsetBy: prefix.count)
             let trimmedValue = rawPlan[valueStart...].trimmingCharacters(in: .whitespacesAndNewlines)
             if !trimmedValue.isEmpty {
-                return (label: "Balance", value: trimmedValue)
+                return (label: L("Balance"), value: trimmedValue)
             }
         }
-        return (label: "Balance", value: rawPlan)
+        return (label: L("Balance"), value: rawPlan)
     }
 
     var body: some View {
@@ -63,14 +105,16 @@ struct ProviderDetailView: View {
 
                 if let errorDisplay {
                     ProviderErrorView(
-                        title: "Last \(self.store.metadata(for: self.provider).displayName) fetch failed:",
+                        title: String(
+                            format: L("last_fetch_failed_with_provider"),
+                            self.store.metadata(for: self.provider).displayName),
                         display: errorDisplay,
                         isExpanded: self.$isErrorExpanded,
                         onCopy: { self.onCopyError(errorDisplay.full) })
                 }
 
                 if self.hasSettings {
-                    ProviderSettingsSection(title: "Settings") {
+                    ProviderSettingsSection(title: L("Settings")) {
                         ForEach(self.settingsPickers) { picker in
                             ProviderSettingsPickerRowView(picker: picker)
                         }
@@ -82,11 +126,23 @@ struct ProviderDetailView: View {
                         ForEach(self.settingsFields) { field in
                             ProviderSettingsFieldRowView(field: field)
                         }
+                        ForEach(self.settingsActions) { descriptor in
+                            ProviderSettingsActionsRowView(descriptor: descriptor)
+                        }
+                        if let organizations = self.settingsOrganizations {
+                            ProviderSettingsOrganizationsRowView(descriptor: organizations)
+                        }
                     }
                 }
 
+                if self.showsSupplementarySettingsContent {
+                    self.supplementarySettingsContent
+                }
+
+                ProviderQuotaWarningSettingsView(provider: self.provider, settings: self.store.settings)
+
                 if !self.settingsToggles.isEmpty {
-                    ProviderSettingsSection(title: "Options") {
+                    ProviderSettingsSection(title: L("Options")) {
                         ForEach(self.settingsToggles) { toggle in
                             ProviderSettingsToggleRowView(toggle: toggle)
                         }
@@ -103,16 +159,23 @@ struct ProviderDetailView: View {
     private var hasSettings: Bool {
         !self.settingsPickers.isEmpty ||
             !self.settingsFields.isEmpty ||
-            self.settingsTokenAccounts != nil
+            !self.settingsActions.isEmpty ||
+            self.settingsTokenAccounts != nil ||
+            self.settingsOrganizations != nil
     }
 
     private var detailLabelWidth: CGFloat {
-        var infoLabels = ["State", "Source", "Version", "Updated"]
+        var infoLabels = [L("State"), L("Source"), L("Version"), L("Updated")]
         if self.store.status(for: self.provider) != nil {
-            infoLabels.append("Status")
+            infoLabels.append(L("Status"))
         }
         if !self.model.email.isEmpty {
-            infoLabels.append("Account")
+            infoLabels.append(L("Account"))
+        }
+        if self.provider == .kiro,
+           self.model.metrics.isEmpty == false
+        {
+            infoLabels.append(L("Auth"))
         }
         if let planRow = Self.planRow(provider: self.provider, planText: self.model.planText) {
             infoLabels.append(planRow.label)
@@ -122,13 +185,13 @@ struct ProviderDetailView: View {
             Self.metricTitle(provider: self.provider, metric: metric)
         }
         if self.model.creditsText != nil {
-            metricLabels.append("Credits")
+            metricLabels.append(L("Credits"))
         }
         if let providerCost = self.model.providerCost {
             metricLabels.append(providerCost.title)
         }
         if self.model.tokenUsage != nil {
-            metricLabels.append("Cost")
+            metricLabels.append(L("Cost"))
         }
 
         let infoWidth = ProviderSettingsMetrics.labelWidth(
@@ -174,7 +237,7 @@ private struct ProviderDetailHeaderView: View {
                 }
                 .buttonStyle(.bordered)
                 .controlSize(.small)
-                .help("Refresh")
+                .help(L("Refresh"))
 
                 Toggle("", isOn: self.$isEnabled)
                     .labelsHidden()
@@ -234,29 +297,39 @@ private struct ProviderDetailInfoGrid: View {
     var body: some View {
         let status = self.store.status(for: self.provider)
         let source = self.store.sourceLabel(for: self.provider)
-        let version = self.store.version(for: self.provider) ?? "not detected"
+        let version = self.store.version(for: self.provider) ?? L("not detected")
         let updated = self.updatedText
         let email = self.model.email
-        let enabledText = self.isEnabled ? "Enabled" : "Disabled"
+        let enabledText = self.isEnabled ? L("Enabled") : L("Disabled")
 
         Grid(alignment: .leading, horizontalSpacing: 12, verticalSpacing: 6) {
-            ProviderDetailInfoRow(label: "State", value: enabledText, labelWidth: self.labelWidth)
-            ProviderDetailInfoRow(label: "Source", value: source, labelWidth: self.labelWidth)
-            ProviderDetailInfoRow(label: "Version", value: version, labelWidth: self.labelWidth)
-            ProviderDetailInfoRow(label: "Updated", value: updated, labelWidth: self.labelWidth)
+            ProviderDetailInfoRow(label: L("State"), value: enabledText, labelWidth: self.labelWidth)
+            ProviderDetailInfoRow(label: L("Source"), value: source, labelWidth: self.labelWidth)
+            ProviderDetailInfoRow(label: L("Version"), value: version, labelWidth: self.labelWidth)
+            ProviderDetailInfoRow(label: L("Updated"), value: updated, labelWidth: self.labelWidth)
 
             if let status {
                 ProviderDetailInfoRow(
-                    label: "Status",
+                    label: L("Status"),
                     value: status.description ?? status.indicator.label,
                     labelWidth: self.labelWidth)
             }
 
             if !email.isEmpty {
-                ProviderDetailInfoRow(label: "Account", value: email, labelWidth: self.labelWidth)
+                ProviderDetailInfoRow(label: L("Account"), value: email, labelWidth: self.labelWidth)
             }
 
-            if let planRow = ProviderDetailView.planRow(provider: self.provider, planText: self.model.planText) {
+            if self.provider == .kiro,
+               let authMethod = self.store.snapshot(for: self.provider)?.loginMethod(for: .kiro),
+               !authMethod.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+            {
+                ProviderDetailInfoRow(label: L("Auth"), value: authMethod, labelWidth: self.labelWidth)
+            }
+
+            if let planRow = ProviderDetailView<EmptyView>.planRow(
+                provider: self.provider,
+                planText: self.model.planText)
+            {
                 ProviderDetailInfoRow(label: planRow.label, value: planRow.value, labelWidth: self.labelWidth)
             }
         }
@@ -269,9 +342,12 @@ private struct ProviderDetailInfoGrid: View {
             return UsageFormatter.updatedString(from: updated)
         }
         if self.store.refreshingProviders.contains(self.provider) {
-            return "Refreshing"
+            return L("Refreshing")
         }
-        return "Not fetched yet"
+        if self.store.unavailableMessage(for: self.provider) != nil {
+            return L("Unavailable")
+        }
+        return L("Not fetched yet")
     }
 }
 
@@ -304,7 +380,7 @@ struct ProviderMetricsInlineView: View {
         let hasProviderCost = self.model.providerCost != nil
         let hasTokenUsage = self.model.tokenUsage != nil
         ProviderSettingsSection(
-            title: "Usage",
+            title: L("Usage"),
             spacing: 8,
             verticalPadding: 6,
             horizontalPadding: 0)
@@ -317,7 +393,7 @@ struct ProviderMetricsInlineView: View {
                 ForEach(self.model.metrics, id: \.id) { metric in
                     ProviderMetricInlineRow(
                         metric: metric,
-                        title: ProviderDetailView.metricTitle(provider: self.provider, metric: metric),
+                        title: ProviderDetailView<EmptyView>.metricTitle(provider: self.provider, metric: metric),
                         progressColor: self.model.progressColor,
                         labelWidth: self.labelWidth)
                 }
@@ -331,7 +407,7 @@ struct ProviderMetricsInlineView: View {
 
                 if let credits = self.model.creditsText {
                     ProviderMetricInlineTextRow(
-                        title: "Credits",
+                        title: L("Credits"),
                         value: credits,
                         labelWidth: self.labelWidth)
                 }
@@ -345,7 +421,7 @@ struct ProviderMetricsInlineView: View {
 
                 if let tokenUsage = self.model.tokenUsage {
                     ProviderMetricInlineTextRow(
-                        title: "Cost",
+                        title: L("Cost"),
                         value: tokenUsage.sessionLine,
                         labelWidth: self.labelWidth)
                     ProviderMetricInlineTextRow(
@@ -359,9 +435,9 @@ struct ProviderMetricsInlineView: View {
 
     private var placeholderText: String {
         if !self.isEnabled {
-            return "Disabled — no recent data"
+            return L("Disabled — no recent data")
         }
-        return self.model.placeholder ?? "No usage yet"
+        return self.model.placeholder.map(L) ?? L("No usage yet")
     }
 }
 
@@ -384,7 +460,8 @@ private struct ProviderMetricInlineRow: View {
                     tint: self.progressColor,
                     accessibilityLabel: self.metric.percentStyle.accessibilityLabel,
                     pacePercent: self.metric.pacePercent,
-                    paceOnTop: self.metric.paceOnTop)
+                    paceOnTop: self.metric.paceOnTop,
+                    warningMarkerPercents: self.metric.warningMarkerPercents)
                     .frame(minWidth: ProviderSettingsMetrics.metricBarWidth, maxWidth: .infinity)
 
                 HStack(alignment: .firstTextBaseline, spacing: 8) {
@@ -494,17 +571,21 @@ private struct ProviderMetricInlineCostRow: View {
                 .frame(width: self.labelWidth, alignment: .leading)
 
             VStack(alignment: .leading, spacing: 4) {
-                UsageProgressBar(
-                    percent: self.section.percentUsed,
-                    tint: self.progressColor,
-                    accessibilityLabel: "Usage used")
-                    .frame(minWidth: ProviderSettingsMetrics.metricBarWidth, maxWidth: .infinity)
+                if let percentUsed = self.section.percentUsed {
+                    UsageProgressBar(
+                        percent: percentUsed,
+                        tint: self.progressColor,
+                        accessibilityLabel: L("Usage used"))
+                        .frame(minWidth: ProviderSettingsMetrics.metricBarWidth, maxWidth: .infinity)
+                }
 
                 HStack(alignment: .firstTextBaseline, spacing: 8) {
-                    Text(String(format: "%.0f%% used", self.section.percentUsed))
-                        .font(.footnote)
-                        .foregroundStyle(.secondary)
-                        .monospacedDigit()
+                    if let percentLine = self.section.percentLine {
+                        Text(percentLine)
+                            .font(.footnote)
+                            .foregroundStyle(.secondary)
+                            .monospacedDigit()
+                    }
                     Spacer(minLength: 8)
                     Text(self.section.spendLine)
                         .font(.footnote)
diff --git a/Sources/CodexBar/PreferencesProviderErrorView.swift b/Sources/CodexBar/PreferencesProviderErrorView.swift
index 55d45fcbb..156dc6271 100644
--- a/Sources/CodexBar/PreferencesProviderErrorView.swift
+++ b/Sources/CodexBar/PreferencesProviderErrorView.swift
@@ -1,6 +1,6 @@
 import SwiftUI
 
-struct ProviderErrorDisplay: Sendable {
+struct ProviderErrorDisplay {
     let preview: String
     let full: String
 }
@@ -26,7 +26,7 @@ struct ProviderErrorView: View {
                 }
                 .buttonStyle(.plain)
                 .foregroundStyle(.secondary)
-                .help("Copy error")
+                .help(L("Copy error"))
             }
 
             Text(self.display.preview)
@@ -36,7 +36,7 @@ struct ProviderErrorView: View {
                 .fixedSize(horizontal: false, vertical: true)
 
             if self.display.preview != self.display.full {
-                Button(self.isExpanded ? "Hide details" : "Show details") { self.isExpanded.toggle() }
+                Button(self.isExpanded ? L("Hide details") : L("Show details")) { self.isExpanded.toggle() }
                     .buttonStyle(.link)
                     .font(.footnote)
             }
diff --git a/Sources/CodexBar/PreferencesProviderSettingsRows.swift b/Sources/CodexBar/PreferencesProviderSettingsRows.swift
index 414f41c55..5d19dc140 100644
--- a/Sources/CodexBar/PreferencesProviderSettingsRows.swift
+++ b/Sources/CodexBar/PreferencesProviderSettingsRows.swift
@@ -23,7 +23,7 @@ struct ProviderSettingsSection<Content: View>: View {
 
     var body: some View {
         VStack(alignment: .leading, spacing: self.spacing) {
-            Text(self.title)
+            Text(L(self.title))
                 .font(.headline)
             self.content()
         }
@@ -41,9 +41,9 @@ struct ProviderSettingsToggleRowView: View {
         VStack(alignment: .leading, spacing: 8) {
             HStack(alignment: .firstTextBaseline, spacing: 12) {
                 VStack(alignment: .leading, spacing: 4) {
-                    Text(self.toggle.title)
+                    Text(L(self.toggle.title))
                         .font(.subheadline.weight(.semibold))
-                    Text(self.toggle.subtitle)
+                    Text(L(self.toggle.subtitle))
                         .font(.footnote)
                         .foregroundStyle(.secondary)
                         .fixedSize(horizontal: false, vertical: true)
@@ -67,7 +67,7 @@ struct ProviderSettingsToggleRowView: View {
                 if !actions.isEmpty {
                     HStack(spacing: 10) {
                         ForEach(actions) { action in
-                            Button(action.title) {
+                            Button(L(action.title)) {
                                 Task { @MainActor in
                                     await action.perform()
                                 }
@@ -101,13 +101,13 @@ struct ProviderSettingsPickerRowView: View {
         let isEnabled = self.picker.isEnabled?() ?? true
         VStack(alignment: .leading, spacing: 6) {
             HStack(alignment: .firstTextBaseline, spacing: 10) {
-                Text(self.picker.title)
+                Text(L(self.picker.title))
                     .font(.subheadline.weight(.semibold))
                     .frame(width: ProviderSettingsMetrics.pickerLabelWidth, alignment: .leading)
 
                 Picker("", selection: self.picker.binding) {
                     ForEach(self.picker.options) { option in
-                        Text(option.title).tag(option.id)
+                        Text(L(option.title)).tag(option.id)
                     }
                 }
                 .labelsHidden()
@@ -128,7 +128,7 @@ struct ProviderSettingsPickerRowView: View {
 
             let subtitle = self.picker.dynamicSubtitle?() ?? self.picker.subtitle
             if !subtitle.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty {
-                Text(subtitle)
+                Text(L(subtitle))
                     .font(.footnote)
                     .foregroundStyle(.secondary)
                     .fixedSize(horizontal: false, vertical: true)
@@ -157,11 +157,11 @@ struct ProviderSettingsFieldRowView: View {
             if hasHeader {
                 VStack(alignment: .leading, spacing: 4) {
                     if !trimmedTitle.isEmpty {
-                        Text(trimmedTitle)
+                        Text(L(trimmedTitle))
                             .font(.subheadline.weight(.semibold))
                     }
                     if !trimmedSubtitle.isEmpty {
-                        Text(trimmedSubtitle)
+                        Text(L(trimmedSubtitle))
                             .font(.footnote)
                             .foregroundStyle(.secondary)
                             .fixedSize(horizontal: false, vertical: true)
@@ -171,12 +171,12 @@ struct ProviderSettingsFieldRowView: View {
 
             switch self.field.kind {
             case .plain:
-                TextField(self.field.placeholder ?? "", text: self.field.binding)
+                TextField(L(self.field.placeholder ?? ""), text: self.field.binding)
                     .textFieldStyle(.roundedBorder)
                     .font(.footnote)
                     .onTapGesture { self.field.onActivate?() }
             case .secure:
-                SecureField(self.field.placeholder ?? "", text: self.field.binding)
+                SecureField(L(self.field.placeholder ?? ""), text: self.field.binding)
                     .textFieldStyle(.roundedBorder)
                     .font(.footnote)
                     .onTapGesture { self.field.onActivate?() }
@@ -186,7 +186,48 @@ struct ProviderSettingsFieldRowView: View {
             if !actions.isEmpty {
                 HStack(spacing: 10) {
                     ForEach(actions) { action in
-                        Button(action.title) {
+                        Button(L(action.title)) {
+                            Task { @MainActor in
+                                await action.perform()
+                            }
+                        }
+                        .applyProviderSettingsButtonStyle(action.style)
+                        .controlSize(.small)
+                    }
+                }
+            }
+
+            if let footer = self.field.footerText, !footer.isEmpty {
+                Text(L(footer))
+                    .font(.footnote)
+                    .foregroundStyle(.secondary)
+                    .fixedSize(horizontal: false, vertical: true)
+            }
+        }
+    }
+}
+
+@MainActor
+struct ProviderSettingsActionsRowView: View {
+    let descriptor: ProviderSettingsActionsDescriptor
+
+    var body: some View {
+        VStack(alignment: .leading, spacing: 8) {
+            Text(L(self.descriptor.title))
+                .font(.subheadline.weight(.semibold))
+
+            if !self.descriptor.subtitle.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty {
+                Text(L(self.descriptor.subtitle))
+                    .font(.footnote)
+                    .foregroundStyle(.secondary)
+                    .fixedSize(horizontal: false, vertical: true)
+            }
+
+            let actions = self.descriptor.actions.filter { $0.isVisible?() ?? true }
+            if !actions.isEmpty {
+                HStack(spacing: 10) {
+                    ForEach(actions) { action in
+                        Button(L(action.title)) {
                             Task { @MainActor in
                                 await action.perform()
                             }
@@ -205,14 +246,29 @@ struct ProviderSettingsTokenAccountsRowView: View {
     let descriptor: ProviderSettingsTokenAccountsDescriptor
     @State private var newLabel: String = ""
     @State private var newToken: String = ""
+    @State private var newOrgID: String = ""
 
     var body: some View {
-        VStack(alignment: .leading, spacing: 8) {
-            Text(self.descriptor.title)
-                .font(.subheadline.weight(.semibold))
+        VStack(alignment: .leading, spacing: 10) {
+            HStack(alignment: .center, spacing: 12) {
+                Text(L(self.descriptor.title))
+                    .font(.subheadline.weight(.semibold))
+                Spacer(minLength: 8)
+                if let title = self.descriptor.primaryAddActionTitle,
+                   let action = self.descriptor.primaryAddAction
+                {
+                    Button(L(title)) {
+                        Task { @MainActor in
+                            await action()
+                        }
+                    }
+                    .buttonStyle(.bordered)
+                    .controlSize(.small)
+                }
+            }
 
             if !self.descriptor.subtitle.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty {
-                Text(self.descriptor.subtitle)
+                Text(L(self.descriptor.subtitle))
                     .font(.footnote)
                     .foregroundStyle(.secondary)
                     .fixedSize(horizontal: false, vertical: true)
@@ -220,59 +276,90 @@ struct ProviderSettingsTokenAccountsRowView: View {
 
             let accounts = self.descriptor.accounts()
             if accounts.isEmpty {
-                Text("No token accounts yet.")
+                Text(L("No token accounts yet."))
                     .font(.footnote)
                     .foregroundStyle(.secondary)
             } else {
-                let selectedIndex = min(self.descriptor.activeIndex(), max(0, accounts.count - 1))
-                Picker("", selection: Binding(
-                    get: { selectedIndex },
-                    set: { index in self.descriptor.setActiveIndex(index) }))
-                {
-                    ForEach(Array(accounts.enumerated()), id: \.offset) { index, account in
-                        Text(account.displayName).tag(index)
-                    }
-                }
-                .labelsHidden()
-                .pickerStyle(.menu)
-                .controlSize(.small)
+                VStack(alignment: .leading, spacing: 8) {
+                    ForEach(Array(accounts.enumerated()), id: \.element.id) { index, account in
+                        HStack(alignment: .center, spacing: 10) {
+                            Button {
+                                self.descriptor.setActiveIndex(index)
+                            } label: {
+                                HStack(alignment: .center, spacing: 8) {
+                                    Image(systemName: self.isActive(index: index, accountCount: accounts.count) ?
+                                        "checkmark.circle.fill" : "circle")
+                                        .font(.system(size: 13, weight: .medium))
+                                        .foregroundStyle(self.isActive(index: index, accountCount: accounts.count) ?
+                                            Color.accentColor : Color.secondary)
+                                    Text(account.displayName)
+                                        .font(
+                                            .footnote.weight(
+                                                self.isActive(index: index, accountCount: accounts.count) ?
+                                                    .semibold : .regular))
+                                        .foregroundStyle(.primary)
+                                    Spacer(minLength: 0)
+                                }
+                                .contentShape(Rectangle())
+                            }
+                            .buttonStyle(.plain)
 
-                Button("Remove selected account") {
-                    let account = accounts[selectedIndex]
-                    self.descriptor.removeAccount(account.id)
+                            Button(L("Remove")) {
+                                self.descriptor.removeAccount(account.id)
+                            }
+                            .buttonStyle(.bordered)
+                            .controlSize(.small)
+                        }
+                        if index < accounts.count - 1 {
+                            Divider()
+                        }
+                    }
                 }
-                .buttonStyle(.bordered)
-                .controlSize(.small)
             }
 
-            HStack(spacing: 8) {
-                TextField("Label", text: self.$newLabel)
-                    .textFieldStyle(.roundedBorder)
-                    .font(.footnote)
-                SecureField(self.descriptor.placeholder, text: self.$newToken)
-                    .textFieldStyle(.roundedBorder)
-                    .font(.footnote)
-                Button("Add") {
-                    let label = self.newLabel.trimmingCharacters(in: .whitespacesAndNewlines)
-                    let token = self.newToken.trimmingCharacters(in: .whitespacesAndNewlines)
-                    guard !label.isEmpty, !token.isEmpty else { return }
-                    self.descriptor.addAccount(label, token)
-                    self.newLabel = ""
-                    self.newToken = ""
+            if self.descriptor.primaryAddAction == nil {
+                VStack(alignment: .leading, spacing: 6) {
+                    HStack(spacing: 8) {
+                        TextField(L("Label"), text: self.$newLabel)
+                            .textFieldStyle(.roundedBorder)
+                            .font(.footnote)
+                        SecureField(L(self.descriptor.placeholder), text: self.$newToken)
+                            .textFieldStyle(.roundedBorder)
+                            .font(.footnote)
+                        Button(L("Add")) {
+                            let label = self.newLabel.trimmingCharacters(in: .whitespacesAndNewlines)
+                            let token = self.newToken.trimmingCharacters(in: .whitespacesAndNewlines)
+                            guard !label.isEmpty, !token.isEmpty else { return }
+                            let orgID = self.descriptor.showsOrganizationField
+                                ? self.newOrgID.trimmingCharacters(in: .whitespacesAndNewlines)
+                                : ""
+                            self.descriptor.addAccount(label, token, orgID.isEmpty ? nil : orgID)
+                            self.newLabel = ""
+                            self.newToken = ""
+                            self.newOrgID = ""
+                        }
+                        .buttonStyle(.bordered)
+                        .controlSize(.small)
+                        .disabled(self.newLabel.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty ||
+                            self.newToken.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty)
+                    }
+                    if self.descriptor.showsOrganizationField {
+                        TextField(L("Org ID (optional)"), text: self.$newOrgID)
+                            .textFieldStyle(.roundedBorder)
+                            .font(.footnote)
+                            .help(
+                                L("Optional organization ID for accounts linked to multiple Anthropic organizations."))
+                    }
                 }
-                .buttonStyle(.bordered)
-                .controlSize(.small)
-                .disabled(self.newLabel.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty ||
-                    self.newToken.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty)
             }
 
             HStack(spacing: 10) {
-                Button("Open token file") {
+                Button(L("Open token file")) {
                     self.descriptor.openConfigFile()
                 }
                 .buttonStyle(.link)
                 .controlSize(.small)
-                Button("Reload") {
+                Button(L("Reload")) {
                     self.descriptor.reloadFromDisk()
                 }
                 .buttonStyle(.link)
@@ -280,6 +367,12 @@ struct ProviderSettingsTokenAccountsRowView: View {
             }
         }
     }
+
+    private func isActive(index: Int, accountCount: Int) -> Bool {
+        guard accountCount > 0 else { return false }
+        let selectedIndex = min(self.descriptor.activeIndex(), max(0, accountCount - 1))
+        return selectedIndex == index
+    }
 }
 
 extension View {
@@ -293,3 +386,79 @@ extension View {
         }
     }
 }
+
+@MainActor
+struct ProviderSettingsOrganizationsRowView: View {
+    let descriptor: ProviderSettingsOrganizationsDescriptor
+    @State private var errorMessage: String?
+    @State private var isRefreshing = false
+
+    var body: some View {
+        VStack(alignment: .leading, spacing: 10) {
+            HStack(alignment: .center, spacing: 12) {
+                Text(L(self.descriptor.title))
+                    .font(.subheadline.weight(.semibold))
+                Spacer(minLength: 8)
+            }
+
+            if let subtitle = self.descriptor.subtitle,
+               !subtitle.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+            {
+                Text(L(subtitle))
+                    .font(.footnote)
+                    .foregroundStyle(.secondary)
+                    .fixedSize(horizontal: false, vertical: true)
+            }
+
+            let entries = self.descriptor.entries()
+            if entries.allSatisfy(\.isLocked) {
+                Text(L("No organizations loaded. Click Refresh after setting your API key."))
+                    .font(.footnote)
+                    .foregroundStyle(.secondary)
+            } else {
+                VStack(alignment: .leading, spacing: 6) {
+                    ForEach(entries) { entry in
+                        Toggle(isOn: Binding(
+                            get: { entry.isEnabled },
+                            set: { newValue in
+                                self.descriptor.onToggle(entry.id, newValue)
+                            })) {
+                                VStack(alignment: .leading, spacing: 1) {
+                                    Text(entry.localizesTitle ? L(entry.title) : entry.title)
+                                        .font(.footnote)
+                                    if let subtitle = entry.subtitle,
+                                       !subtitle.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+                                    {
+                                        Text(entry.localizesSubtitle ? L(subtitle) : subtitle)
+                                            .font(.caption)
+                                            .foregroundStyle(.secondary)
+                                    }
+                                }
+                            }
+                            .toggleStyle(.checkbox)
+                                .disabled(entry.isLocked)
+                    }
+                }
+            }
+
+            HStack(spacing: 10) {
+                Button(L("Refresh organizations")) {
+                    Task { @MainActor in
+                        self.isRefreshing = true
+                        let result = await self.descriptor.onRefresh()
+                        self.isRefreshing = false
+                        self.errorMessage = result.success ? nil : result.errorMessage
+                    }
+                }
+                .buttonStyle(.bordered)
+                .controlSize(.small)
+                .disabled(!self.descriptor.canRefresh() || self.isRefreshing)
+                if let errorMessage = self.errorMessage, !errorMessage.isEmpty {
+                    Text(errorMessage)
+                        .font(.caption)
+                        .foregroundStyle(.red)
+                }
+            }
+        }
+    }
+}
diff --git a/Sources/CodexBar/PreferencesProviderSidebarView.swift b/Sources/CodexBar/PreferencesProviderSidebarView.swift
index ee34cb3e7..e3f21cf0f 100644
--- a/Sources/CodexBar/PreferencesProviderSidebarView.swift
+++ b/Sources/CodexBar/PreferencesProviderSidebarView.swift
@@ -13,29 +13,39 @@ struct ProviderSidebarListView: View {
     @State private var draggingProvider: UsageProvider?
 
     var body: some View {
-        List(selection: self.$selection) {
-            ForEach(self.providers, id: \.self) { provider in
-                ProviderSidebarRowView(
-                    provider: provider,
-                    store: self.store,
-                    isEnabled: self.isEnabled(provider),
-                    subtitle: self.subtitle(provider),
-                    draggingProvider: self.$draggingProvider)
-                    .tag(provider)
-                    .onDrop(
-                        of: [UTType.plainText],
-                        delegate: ProviderSidebarDropDelegate(
-                            item: provider,
-                            providers: self.providers,
-                            dragging: self.$draggingProvider,
-                            moveProviders: self.moveProviders))
+        ScrollView {
+            VStack(spacing: 0) {
+                ForEach(self.providers, id: \.self) { provider in
+                    ProviderSidebarRowView(
+                        provider: provider,
+                        store: self.store,
+                        isEnabled: self.isEnabled(provider),
+                        subtitle: self.subtitle(provider),
+                        draggingProvider: self.$draggingProvider)
+                        .padding(.horizontal, 8)
+                        .background(
+                            RoundedRectangle(cornerRadius: 6, style: .continuous)
+                                .fill(
+                                    self.selection == provider
+                                        ? Color(nsColor: .selectedContentBackgroundColor)
+                                        : Color.clear)
+                                .padding(.horizontal, 4))
+                        .contentShape(Rectangle())
+                        .onTapGesture { self.selection = provider }
+                        .onDrop(
+                            of: [UTType.plainText],
+                            delegate: ProviderSidebarDropDelegate(
+                                item: provider,
+                                providers: self.providers,
+                                dragging: self.$draggingProvider,
+                                moveProviders: self.moveProviders))
+                }
             }
+            .padding(.vertical, 4)
         }
-        .listStyle(.sidebar)
-        .scrollContentBackground(.hidden)
         .background(
             RoundedRectangle(cornerRadius: ProviderSettingsMetrics.sidebarCornerRadius, style: .continuous)
-                .fill(.regularMaterial))
+                .fill(Color(nsColor: .controlBackgroundColor).opacity(0.8)))
         .overlay(
             RoundedRectangle(cornerRadius: ProviderSettingsMetrics.sidebarCornerRadius, style: .continuous)
                 .stroke(Color(nsColor: .separatorColor).opacity(0.7), lineWidth: 1))
@@ -62,7 +72,7 @@ private struct ProviderSidebarRowView: View {
                 .contentShape(Rectangle())
                 .padding(.vertical, 4)
                 .padding(.horizontal, 2)
-                .help("Drag to reorder")
+                .help(L("Drag to reorder"))
                 .onDrag {
                     self.draggingProvider = self.provider
                     return NSItemProvider(object: self.provider.rawValue as NSString)
@@ -99,6 +109,7 @@ private struct ProviderSidebarRowView: View {
                 .toggleStyle(.checkbox)
                 .controlSize(.small)
         }
+        .padding(.trailing, 6)
         .contentShape(Rectangle())
         .padding(.vertical, 2)
     }
@@ -109,9 +120,9 @@ private struct ProviderSidebarRowView: View {
         if lines.count >= 2 {
             let first = lines[0]
             let rest = lines.dropFirst().joined(separator: "\n")
-            return "Disabled — \(first)\n\(rest)"
+            return "\(L("Disabled")) — \(first)\n\(rest)"
         }
-        return "Disabled — \(self.subtitle)"
+        return "\(L("Disabled")) — \(self.subtitle)"
     }
 }
 
@@ -135,7 +146,7 @@ private struct ProviderSidebarReorderHandle: View {
             width: ProviderSettingsMetrics.reorderHandleSize,
             height: ProviderSettingsMetrics.reorderHandleSize)
         .foregroundStyle(.tertiary)
-        .accessibilityLabel("Reorder")
+        .accessibilityLabel(L("Reorder"))
     }
 }
 
diff --git a/Sources/CodexBar/PreferencesProvidersPane+Testing.swift b/Sources/CodexBar/PreferencesProvidersPane+Testing.swift
index e2dce0a7f..585690c08 100644
--- a/Sources/CodexBar/PreferencesProvidersPane+Testing.swift
+++ b/Sources/CodexBar/PreferencesProvidersPane+Testing.swift
@@ -15,6 +15,50 @@ extension ProvidersPane {
         self.menuBarMetricPicker(for: provider)
     }
 
+    func _test_settingsPickers(for provider: UsageProvider) -> [ProviderSettingsPickerDescriptor] {
+        guard let impl = ProviderCatalog.implementation(for: provider) else { return [] }
+        var statusTextByID: [String: String] = [:]
+        var lastAppActiveRunAtByID: [String: Date] = [:]
+        let context = ProviderSettingsContext(
+            provider: provider,
+            settings: self.settings,
+            store: self.store,
+            boolBinding: { keyPath in
+                Binding(
+                    get: { self.settings[keyPath: keyPath] },
+                    set: { self.settings[keyPath: keyPath] = $0 })
+            },
+            stringBinding: { keyPath in
+                Binding(
+                    get: { self.settings[keyPath: keyPath] },
+                    set: { self.settings[keyPath: keyPath] = $0 })
+            },
+            statusText: { id in
+                statusTextByID[id]
+            },
+            setStatusText: { id, text in
+                if let text {
+                    statusTextByID[id] = text
+                } else {
+                    statusTextByID.removeValue(forKey: id)
+                }
+            },
+            lastAppActiveRunAt: { id in
+                lastAppActiveRunAtByID[id]
+            },
+            setLastAppActiveRunAt: { id, date in
+                if let date {
+                    lastAppActiveRunAtByID[id] = date
+                } else {
+                    lastAppActiveRunAtByID.removeValue(forKey: id)
+                }
+            },
+            requestConfirmation: { _ in },
+            runLoginFlow: {})
+        return impl.settingsPickers(context: context)
+            .filter { $0.isVisible?() ?? true }
+    }
+
     func _test_tokenAccountDescriptor(for provider: UsageProvider) -> ProviderSettingsTokenAccountsDescriptor? {
         self.tokenAccountDescriptor(for: provider)
     }
@@ -22,6 +66,30 @@ extension ProvidersPane {
     func _test_menuCardModel(for provider: UsageProvider) -> UsageMenuCardView.Model {
         self.menuCardModel(for: provider)
     }
+
+    func _test_providerErrorDisplay(for provider: UsageProvider) -> ProviderErrorDisplay? {
+        self.providerErrorDisplay(provider)
+    }
+
+    func _test_codexAccountsSectionState() -> CodexAccountsSectionState? {
+        self.codexAccountsSectionState(for: .codex)
+    }
+
+    func _test_selectCodexVisibleAccount(id: String) async {
+        await self.selectCodexVisibleAccount(id: id)
+    }
+
+    func _test_addManagedCodexAccount() async {
+        await self.addManagedCodexAccount()
+    }
+
+    func _test_reauthenticateCodexAccount(_ account: CodexVisibleAccount) async {
+        await self.reauthenticateCodexAccount(account)
+    }
+
+    func _test_requestCodexSystemVisibleAccount(id: String) async {
+        await self.requestCodexSystemVisibleAccount(id: id)
+    }
 }
 
 @MainActor
@@ -52,6 +120,7 @@ enum ProvidersPaneTestHarness {
         settings.claudeCookieSource = .manual
         settings.cursorCookieSource = .manual
         settings.opencodeCookieSource = .manual
+        settings.opencodegoCookieSource = .manual
         settings.factoryCookieSource = .manual
         settings.minimaxCookieSource = .manual
         settings.augmentCookieSource = .manual
@@ -63,6 +132,7 @@ enum ProvidersPaneTestHarness {
         _ = pane._test_providerSubtitle(.claude)
         _ = pane._test_providerSubtitle(.cursor)
         _ = pane._test_providerSubtitle(.opencode)
+        _ = pane._test_providerSubtitle(.opencodego)
         _ = pane._test_providerSubtitle(.zai)
         _ = pane._test_providerSubtitle(.synthetic)
         _ = pane._test_providerSubtitle(.minimax)
@@ -100,7 +170,13 @@ enum ProvidersPaneTestHarness {
             errorDisplay: ProviderErrorDisplay(preview: "Preview", full: "Full"),
             isErrorExpanded: expandedBinding,
             onCopyError: { _ in },
-            onRefresh: {}).body
+            onRefresh: {},
+            showsSupplementarySettingsContent: true,
+            supplementarySettingsContent: {
+                ProviderSettingsSection(title: "Accounts") {
+                    Text("Supplementary")
+                }
+            }).body
     }
 
     private static func makeDescriptors() -> ProviderListTestDescriptors {
@@ -171,8 +247,11 @@ enum ProvidersPaneTestHarness {
             accounts: { [] },
             activeIndex: { 0 },
             setActiveIndex: { _ in },
-            addAccount: { _, _ in },
+            showsOrganizationField: false,
+            addAccount: { _, _, _ in },
             removeAccount: { _ in },
+            primaryAddActionTitle: nil,
+            primaryAddAction: nil,
             openConfigFile: {},
             reloadFromDisk: {})
 
diff --git a/Sources/CodexBar/PreferencesProvidersPane.swift b/Sources/CodexBar/PreferencesProvidersPane.swift
index 7a040dafd..22423d90a 100644
--- a/Sources/CodexBar/PreferencesProvidersPane.swift
+++ b/Sources/CodexBar/PreferencesProvidersPane.swift
@@ -6,16 +6,42 @@ import SwiftUI
 struct ProvidersPane: View {
     @Bindable var settings: SettingsStore
     @Bindable var store: UsageStore
+    let managedCodexAccountCoordinator: ManagedCodexAccountCoordinator
+    let codexAccountPromotionCoordinator: CodexAccountPromotionCoordinator
+    let codexAmbientLoginRunner: any CodexAmbientLoginRunning
+    let runProviderLoginFlow: @MainActor (UsageProvider) async -> Void
     @State private var expandedErrors: Set<UsageProvider> = []
     @State private var settingsStatusTextByID: [String: String] = [:]
     @State private var settingsLastAppActiveRunAtByID: [String: Date] = [:]
     @State private var activeConfirmation: ProviderSettingsConfirmationState?
+    @State private var codexAccountsNotice: CodexAccountsSectionNotice?
+    @State private var isAuthenticatingLiveCodexAccount = false
     @State private var selectedProvider: UsageProvider?
 
     private var providers: [UsageProvider] {
         self.settings.orderedProviders()
     }
 
+    init(
+        settings: SettingsStore,
+        store: UsageStore,
+        managedCodexAccountCoordinator: ManagedCodexAccountCoordinator = ManagedCodexAccountCoordinator(),
+        codexAccountPromotionCoordinator: CodexAccountPromotionCoordinator? = nil,
+        codexAmbientLoginRunner: any CodexAmbientLoginRunning = DefaultCodexAmbientLoginRunner(),
+        runProviderLoginFlow: @escaping @MainActor (UsageProvider) async -> Void = { _ in })
+    {
+        self.settings = settings
+        self.store = store
+        self.managedCodexAccountCoordinator = managedCodexAccountCoordinator
+        self.codexAccountPromotionCoordinator = codexAccountPromotionCoordinator
+            ?? CodexAccountPromotionCoordinator(
+                settingsStore: settings,
+                usageStore: store,
+                managedAccountCoordinator: managedCodexAccountCoordinator)
+        self.codexAmbientLoginRunner = codexAmbientLoginRunner
+        self.runProviderLoginFlow = runProviderLoginFlow
+    }
+
     var body: some View {
         HStack(alignment: .top, spacing: 16) {
             ProviderSidebarListView(
@@ -38,19 +64,47 @@ struct ProvidersPane: View {
                     settingsPickers: self.extraSettingsPickers(for: provider),
                     settingsToggles: self.extraSettingsToggles(for: provider),
                     settingsFields: self.extraSettingsFields(for: provider),
+                    settingsActions: self.extraSettingsActions(for: provider),
                     settingsTokenAccounts: self.tokenAccountDescriptor(for: provider),
+                    settingsOrganizations: self.extraSettingsOrganizations(for: provider),
                     errorDisplay: self.providerErrorDisplay(provider),
                     isErrorExpanded: self.expandedBinding(for: provider),
                     onCopyError: { text in self.copyToPasteboard(text) },
                     onRefresh: {
-                        Task { @MainActor in
-                            await ProviderInteractionContext.$current.withValue(.userInitiated) {
-                                await self.store.refreshProvider(provider, allowDisabled: true)
-                            }
+                        self.triggerRefresh(for: provider)
+                    },
+                    showsSupplementarySettingsContent: self.codexAccountsSectionState(for: provider) != nil,
+                    supplementarySettingsContent: {
+                        if let state = self.codexAccountsSectionState(for: provider) {
+                            CodexAccountsSectionView(
+                                state: state,
+                                setActiveVisibleAccount: { visibleAccountID in
+                                    Task { @MainActor in
+                                        await self.selectCodexVisibleAccount(id: visibleAccountID)
+                                    }
+                                },
+                                reauthenticateAccount: { account in
+                                    Task { @MainActor in
+                                        await self.reauthenticateCodexAccount(account)
+                                    }
+                                },
+                                removeAccount: { account in
+                                    self.requestManagedCodexAccountRemoval(account)
+                                },
+                                requestSystemVisibleAccount: { visibleAccountID in
+                                    Task { @MainActor in
+                                        await self.requestCodexSystemVisibleAccount(id: visibleAccountID)
+                                    }
+                                },
+                                addAccount: {
+                                    Task { @MainActor in
+                                        await self.addManagedCodexAccount()
+                                    }
+                                })
                         }
                     })
             } else {
-                Text("Select a provider")
+                Text(L("select_a_provider"))
                     .foregroundStyle(.secondary)
                     .frame(maxWidth: .infinity, maxHeight: .infinity, alignment: .center)
             }
@@ -78,7 +132,7 @@ struct ProvidersPane: View {
                         active.onConfirm()
                         self.activeConfirmation = nil
                     }
-                    Button("Cancel", role: .cancel) { self.activeConfirmation = nil }
+                    Button(L("cancel"), role: .cancel) { self.activeConfirmation = nil }
                 }
             },
             message: {
@@ -99,6 +153,18 @@ struct ProvidersPane: View {
         self.selectedProvider = self.providers.first
     }
 
+    private func triggerRefresh(for provider: UsageProvider) {
+        Task { @MainActor in
+            await ProviderInteractionContext.$current.withValue(.userInitiated) {
+                if provider == .codex {
+                    await self.store.refreshCodexAccountScopedState(allowDisabled: true)
+                } else {
+                    await self.store.refreshProvider(provider, allowDisabled: true)
+                }
+            }
+        }
+    }
+
     func binding(for provider: UsageProvider) -> Binding<Bool> {
         let meta = self.store.metadata(for: provider)
         return Binding(
@@ -115,9 +181,9 @@ struct ProvidersPane: View {
             let relative = snapshot.updatedAt.relativeDescription()
             usageText = relative
         } else if self.store.isStale(provider: provider) {
-            usageText = "last fetch failed"
+            usageText = L("last_fetch_failed")
         } else {
-            usageText = "usage not fetched yet"
+            usageText = L("usage_not_fetched_yet")
         }
 
         let presentationContext = ProviderPresentationContext(
@@ -133,11 +199,130 @@ struct ProvidersPane: View {
         return "\(detailLine)\n\(usageText)"
     }
 
-    private func providerErrorDisplay(_ provider: UsageProvider) -> ProviderErrorDisplay? {
-        guard let raw = self.store.error(for: provider), !raw.isEmpty else { return nil }
+    func codexAccountsSectionState(for provider: UsageProvider) -> CodexAccountsSectionState? {
+        guard provider == .codex else { return nil }
+        let projection = self.settings.codexVisibleAccountProjection
+        let degradedNotice: CodexAccountsSectionNotice? = if projection.hasUnreadableAddedAccountStore {
+            CodexAccountsSectionNotice(
+                text: L("managed_account_storage_unreadable"),
+                tone: .warning)
+        } else {
+            nil
+        }
+
+        return CodexAccountsSectionState(
+            visibleAccounts: projection.visibleAccounts,
+            activeVisibleAccountID: projection.activeVisibleAccountID,
+            liveVisibleAccountID: projection.liveVisibleAccountID,
+            hasUnreadableManagedAccountStore: projection.hasUnreadableAddedAccountStore,
+            isAuthenticatingManagedAccount: self.managedCodexAccountCoordinator.isAuthenticatingManagedAccount,
+            authenticatingManagedAccountID: self.managedCodexAccountCoordinator.authenticatingManagedAccountID,
+            isRemovingManagedAccount: self.managedCodexAccountCoordinator.isRemovingManagedAccount,
+            isAuthenticatingLiveAccount: self.isAuthenticatingLiveCodexAccount,
+            isPromotingSystemAccount: self.codexAccountPromotionCoordinator.isPromotingSystemAccount,
+            notice: self.codexAccountsNotice ?? degradedNotice)
+    }
+
+    func selectCodexVisibleAccount(id: String) async {
+        self.codexAccountsNotice = nil
+        guard self.settings.selectCodexVisibleAccount(id: id) else { return }
+        await self.refreshCodexProvider()
+    }
+
+    func requestCodexSystemVisibleAccount(id: String) async {
+        self.codexAccountsNotice = nil
+        guard let account = self.settings.codexVisibleAccountProjection.visibleAccounts.first(where: { $0.id == id }),
+              let managedAccountID = account.storedAccountID
+        else {
+            return
+        }
+
+        let result = await self.codexAccountPromotionCoordinator.promote(managedAccountID: managedAccountID)
+        if case let .failure(error) = result {
+            self.codexAccountsNotice = CodexAccountsSectionNotice(text: error.message, tone: .warning)
+        }
+    }
+
+    func addManagedCodexAccount() async {
+        self.codexAccountsNotice = nil
+        guard let state = self.codexAccountsSectionState(for: .codex), state.canAddAccount else {
+            return
+        }
+
+        do {
+            let account = try await self.managedCodexAccountCoordinator.authenticateManagedAccount()
+            self.selectCodexVisibleAccountForAuthenticatedManagedAccount(account)
+            await self.refreshCodexProvider()
+        } catch {
+            self.codexAccountsNotice = self.codexAccountsNotice(for: error)
+        }
+    }
+
+    func reauthenticateCodexAccount(_ account: CodexVisibleAccount) async {
+        self.codexAccountsNotice = nil
+        if let accountID = account.storedAccountID {
+            guard let state = self.codexAccountsSectionState(for: .codex), state.canReauthenticate(account) else {
+                return
+            }
+            do {
+                _ = try await self.managedCodexAccountCoordinator
+                    .authenticateManagedAccount(existingAccountID: accountID)
+                await self.refreshCodexProvider()
+            } catch {
+                self.codexAccountsNotice = self.codexAccountsNotice(for: error)
+            }
+            return
+        }
+
+        guard let state = self.codexAccountsSectionState(for: .codex), state.canReauthenticate(account) else {
+            return
+        }
+
+        self.isAuthenticatingLiveCodexAccount = true
+        self.codexAccountPromotionCoordinator.setLiveReauthenticationInProgress(true)
+        defer {
+            self.isAuthenticatingLiveCodexAccount = false
+            self.codexAccountPromotionCoordinator.setLiveReauthenticationInProgress(false)
+        }
+
+        let result = await self.codexAmbientLoginRunner.run(timeout: 120)
+        if let info = CodexLoginAlertPresentation.alertInfo(for: result) {
+            self.presentLoginAlert(title: info.title, message: info.message)
+            return
+        }
+
+        await self.refreshCodexProvider()
+    }
+
+    func removeManagedCodexAccount(id: UUID) async {
+        self.codexAccountsNotice = nil
+        do {
+            try await self.managedCodexAccountCoordinator.removeManagedAccount(id: id)
+            await self.refreshCodexProvider()
+        } catch {
+            self.codexAccountsNotice = self.codexAccountsNotice(for: error)
+        }
+    }
+
+    func requestManagedCodexAccountRemoval(_ account: CodexVisibleAccount) {
+        guard let accountID = account.storedAccountID else { return }
+        self.activeConfirmation = ProviderSettingsConfirmationState(
+            title: L("remove_codex_account_title"),
+            message: String(format: L("remove_account_message"), account.email),
+            confirmTitle: L("remove"),
+            onConfirm: {
+                Task { @MainActor in
+                    await self.removeManagedCodexAccount(id: accountID)
+                }
+            })
+    }
+
+    func providerErrorDisplay(_ provider: UsageProvider) -> ProviderErrorDisplay? {
+        guard let full = self.store.error(for: provider), !full.isEmpty else { return nil }
+        let preview = self.store.userFacingError(for: provider) ?? full
         return ProviderErrorDisplay(
-            preview: self.truncated(raw, prefix: ""),
-            full: raw)
+            preview: self.truncated(preview, prefix: ""),
+            full: full)
     }
 
     private func extraSettingsToggles(for provider: UsageProvider) -> [ProviderSettingsToggleDescriptor] {
@@ -165,6 +350,21 @@ struct ProvidersPane: View {
             .filter { $0.isVisible?() ?? true }
     }
 
+    private func extraSettingsActions(for provider: UsageProvider) -> [ProviderSettingsActionsDescriptor] {
+        guard let impl = ProviderCatalog.implementation(for: provider) else { return [] }
+        let context = self.makeSettingsContext(provider: provider)
+        return impl.settingsActions(context: context)
+            .filter { $0.isVisible?() ?? true }
+    }
+
+    private func extraSettingsOrganizations(
+        for provider: UsageProvider) -> ProviderSettingsOrganizationsDescriptor?
+    {
+        guard let impl = ProviderCatalog.implementation(for: provider) else { return nil }
+        let context = self.makeSettingsContext(provider: provider)
+        return impl.settingsOrganizations(context: context)
+    }
+
     func tokenAccountDescriptor(for provider: UsageProvider) -> ProviderSettingsTokenAccountsDescriptor? {
         guard let support = TokenAccountSupportCatalog.support(for: provider) else { return nil }
         let context = self.makeSettingsContext(provider: provider)
@@ -193,8 +393,13 @@ struct ProvidersPane: View {
                     }
                 }
             },
-            addAccount: { label, token in
-                self.settings.addTokenAccount(provider: provider, label: label, token: token)
+            showsOrganizationField: provider == .claude,
+            addAccount: { label, token, organizationID in
+                self.settings.addTokenAccount(
+                    provider: provider,
+                    label: label,
+                    token: token,
+                    organizationID: organizationID)
                 Task { @MainActor in
                     await ProviderInteractionContext.$current.withValue(.userInitiated) {
                         await self.store.refreshProvider(provider, allowDisabled: true)
@@ -209,6 +414,13 @@ struct ProvidersPane: View {
                     }
                 }
             },
+            primaryAddActionTitle: provider == .copilot ? "Add Account" : nil,
+            primaryAddAction: provider == .copilot ? {
+                await CopilotLoginFlow.run(settings: self.settings)
+                await ProviderInteractionContext.$current.withValue(.userInitiated) {
+                    await self.store.refreshProvider(provider, allowDisabled: true)
+                }
+            } : nil,
             openConfigFile: {
                 self.settings.openTokenAccountsFile()
             },
@@ -259,44 +471,76 @@ struct ProvidersPane: View {
             },
             requestConfirmation: { confirmation in
                 self.activeConfirmation = ProviderSettingsConfirmationState(confirmation: confirmation)
+            },
+            runLoginFlow: {
+                await self.runProviderLoginFlow(provider)
             })
     }
 
     func menuBarMetricPicker(for provider: UsageProvider) -> ProviderSettingsPickerDescriptor? {
-        if provider == .zai { return nil }
         let options: [ProviderSettingsPickerOption]
         if provider == .openrouter {
             options = [
-                ProviderSettingsPickerOption(id: MenuBarMetricPreference.automatic.rawValue, title: "Automatic"),
+                ProviderSettingsPickerOption(id: MenuBarMetricPreference.automatic.rawValue, title: L("automatic")),
                 ProviderSettingsPickerOption(
                     id: MenuBarMetricPreference.primary.rawValue,
-                    title: "Primary (API key limit)"),
+                    title: L("primary_api_key_limit")),
+            ]
+        } else if SettingsStore.isBalanceOnlyProvider(provider) {
+            options = [
+                ProviderSettingsPickerOption(id: MenuBarMetricPreference.automatic.rawValue, title: L("Automatic")),
+            ]
+        } else if provider == .abacus {
+            let metadata = self.store.metadata(for: provider)
+            options = [
+                ProviderSettingsPickerOption(id: MenuBarMetricPreference.automatic.rawValue, title: L("automatic")),
+                ProviderSettingsPickerOption(
+                    id: MenuBarMetricPreference.primary.rawValue,
+                    title: String(format: L("metric_primary"), metadata.sessionLabel)),
             ]
         } else {
             let metadata = self.store.metadata(for: provider)
+            let snapshot = self.store.snapshot(for: provider)
             let supportsAverage = self.settings.menuBarMetricSupportsAverage(for: provider)
+            let supportsTertiary = self.settings.menuBarMetricSupportsTertiary(for: provider, snapshot: snapshot)
+            let supportsExtraUsage = self.settings.menuBarMetricSupportsExtraUsage(for: provider, snapshot: snapshot)
             var metricOptions: [ProviderSettingsPickerOption] = [
-                ProviderSettingsPickerOption(id: MenuBarMetricPreference.automatic.rawValue, title: "Automatic"),
+                ProviderSettingsPickerOption(id: MenuBarMetricPreference.automatic.rawValue, title: L("automatic")),
                 ProviderSettingsPickerOption(
                     id: MenuBarMetricPreference.primary.rawValue,
-                    title: "Primary (\(metadata.sessionLabel))"),
+                    title: String(format: L("metric_primary"), metadata.sessionLabel)),
                 ProviderSettingsPickerOption(
                     id: MenuBarMetricPreference.secondary.rawValue,
-                    title: "Secondary (\(metadata.weeklyLabel))"),
+                    title: String(format: L("metric_secondary"), metadata.weeklyLabel)),
             ]
+            if supportsTertiary {
+                let tertiaryTitle = metadata.opusLabel ?? MenuBarMetricPreference.tertiary.label
+                metricOptions.append(ProviderSettingsPickerOption(
+                    id: MenuBarMetricPreference.tertiary.rawValue,
+                    title: String(format: L("metric_tertiary"), tertiaryTitle)))
+            }
+            if supportsExtraUsage {
+                metricOptions.append(ProviderSettingsPickerOption(
+                    id: MenuBarMetricPreference.extraUsage.rawValue,
+                    title: MenuBarMetricPreference.extraUsage.label))
+            }
             if supportsAverage {
                 metricOptions.append(ProviderSettingsPickerOption(
                     id: MenuBarMetricPreference.average.rawValue,
-                    title: "Average (\(metadata.sessionLabel) + \(metadata.weeklyLabel))"))
+                    title: String(format: L("metric_average"), metadata.sessionLabel, metadata.weeklyLabel)))
             }
             options = metricOptions
         }
         return ProviderSettingsPickerDescriptor(
             id: "menuBarMetric",
-            title: "Menu bar metric",
-            subtitle: "Choose which window drives the menu bar percent.",
+            title: L("menu_bar_metric_title"),
+            subtitle: Self.menuBarMetricPickerSubtitle(for: provider),
             binding: Binding(
-                get: { self.settings.menuBarMetricPreference(for: provider).rawValue },
+                get: {
+                    self.settings
+                        .menuBarMetricPreference(for: provider, snapshot: self.store.snapshot(for: provider))
+                        .rawValue
+                },
                 set: { rawValue in
                     guard let preference = MenuBarMetricPreference(rawValue: rawValue) else { return }
                     self.settings.setMenuBarMetricPreference(preference, for: provider)
@@ -306,23 +550,43 @@ struct ProvidersPane: View {
             onChange: nil)
     }
 
+    private static func menuBarMetricPickerSubtitle(for provider: UsageProvider) -> String {
+        switch provider {
+        case .deepseek:
+            L("menu_bar_metric_subtitle_deepseek")
+        case .moonshot:
+            L("menu_bar_metric_subtitle_moonshot")
+        case .mistral:
+            L("menu_bar_metric_subtitle_mistral")
+        case .kimik2:
+            L("menu_bar_metric_subtitle_kimik2")
+        default:
+            L("menu_bar_metric_subtitle")
+        }
+    }
+
     func menuCardModel(for provider: UsageProvider) -> UsageMenuCardView.Model {
         let metadata = self.store.metadata(for: provider)
         let snapshot = self.store.snapshot(for: provider)
+        let now = Date()
+        let codexProjection = self.store.codexConsumerProjectionIfNeeded(
+            for: provider,
+            surface: .liveCard,
+            now: now)
         let credits: CreditsSnapshot?
         let creditsError: String?
         let dashboard: OpenAIDashboardSnapshot?
         let dashboardError: String?
         let tokenSnapshot: CostUsageTokenSnapshot?
         let tokenError: String?
-        if provider == .codex {
-            credits = self.store.credits
-            creditsError = self.store.lastCreditsError
-            dashboard = self.store.openAIDashboardRequiresLogin ? nil : self.store.openAIDashboard
-            dashboardError = self.store.lastOpenAIDashboardError
+        if let codexProjection {
+            credits = codexProjection.credits?.snapshot
+            creditsError = codexProjection.credits?.userFacingError
+            dashboard = nil
+            dashboardError = codexProjection.userFacingErrors.dashboard
             tokenSnapshot = self.store.tokenSnapshot(for: provider)
             tokenError = self.store.tokenError(for: provider)
-        } else if provider == .claude || provider == .vertexai {
+        } else if ProviderDescriptorRegistry.descriptor(for: provider).tokenCost.supportsTokenCost {
             credits = nil
             creditsError = nil
             dashboard = nil
@@ -338,33 +602,88 @@ struct ProvidersPane: View {
             tokenError = nil
         }
 
-        let now = Date()
-        let weeklyPace = snapshot?.secondary.flatMap { window in
-            self.store.weeklyPace(provider: provider, window: window, now: now)
+        // Abacus uses primary for monthly credits (no secondary window)
+        let paceWindow = provider == .abacus ? snapshot?.primary : snapshot?.secondary
+        let weeklyPace = if let codexProjection,
+                            let weekly = codexProjection.rateWindow(for: .weekly)
+        {
+            self.store.weeklyPace(provider: provider, window: weekly, now: now)
+        } else {
+            paceWindow.flatMap { window in
+                self.store.weeklyPace(provider: provider, window: window, now: now)
+            }
         }
         let input = UsageMenuCardView.Model.Input(
             provider: provider,
             metadata: metadata,
             snapshot: snapshot,
+            codexProjection: codexProjection,
             credits: credits,
             creditsError: creditsError,
             dashboard: dashboard,
             dashboardError: dashboardError,
             tokenSnapshot: tokenSnapshot,
             tokenError: tokenError,
-            account: self.store.accountInfo(),
+            account: self.store.accountInfo(for: provider),
             isRefreshing: self.store.refreshingProviders.contains(provider),
-            lastError: self.store.error(for: provider),
+            lastError: codexProjection?.userFacingErrors.usage ?? self.store.userFacingError(for: provider),
             usageBarsShowUsed: self.settings.usageBarsShowUsed,
             resetTimeDisplayStyle: self.settings.resetTimeDisplayStyle,
             tokenCostUsageEnabled: self.settings.isCostUsageEffectivelyEnabled(for: provider),
             showOptionalCreditsAndExtraUsage: self.settings.showOptionalCreditsAndExtraUsage,
             hidePersonalInfo: self.settings.hidePersonalInfo,
             weeklyPace: weeklyPace,
+            quotaWarningThresholds: [
+                .session: self.quotaWarningMarkerThresholds(provider: provider, window: .session),
+                .weekly: self.quotaWarningMarkerThresholds(provider: provider, window: .weekly),
+            ],
+            workDaysPerWeek: self.settings.weeklyProgressWorkDays,
             now: now)
         return UsageMenuCardView.Model.make(input)
     }
 
+    private func quotaWarningMarkerThresholds(provider: UsageProvider, window: QuotaWarningWindow) -> [Int] {
+        guard self.settings.quotaWarningMarkersVisible else { return [] }
+        guard self.settings.quotaWarningEnabled(provider: provider, window: window) else { return [] }
+        return self.settings.resolvedQuotaWarningThresholds(provider: provider, window: window)
+    }
+
+    private func refreshCodexProvider() async {
+        await ProviderInteractionContext.$current.withValue(.userInitiated) {
+            await self.store.refreshCodexAccountScopedState(allowDisabled: true)
+        }
+    }
+
+    private func selectCodexVisibleAccountForAuthenticatedManagedAccount(_ account: ManagedCodexAccount) {
+        self.settings.selectAuthenticatedManagedCodexAccount(account)
+    }
+
+    private func codexAccountsNotice(for error: Error) -> CodexAccountsSectionNotice {
+        if let error = error as? ManagedCodexAccountCoordinatorError,
+           error == .authenticationInProgress
+        {
+            return CodexAccountsSectionNotice(
+                text: L("managed_login_already_running"),
+                tone: .warning)
+        }
+
+        if let error = error as? ManagedCodexAccountServiceError {
+            return CodexAccountsSectionNotice(text: error.userFacingMessage, tone: .warning)
+        }
+
+        return CodexAccountsSectionNotice(
+            text: error.localizedDescription,
+            tone: .warning)
+    }
+
+    private func presentLoginAlert(title: String, message: String) {
+        let alert = NSAlert()
+        alert.messageText = L(title)
+        alert.informativeText = L(message)
+        alert.alertStyle = .warning
+        alert.runModal()
+    }
+
     private func runSettingsDidBecomeActiveHooks() {
         for provider in UsageProvider.allCases {
             for toggle in self.extraSettingsToggles(for: provider) {
@@ -412,10 +731,22 @@ struct ProviderSettingsConfirmationState: Identifiable {
     let confirmTitle: String
     let onConfirm: () -> Void
 
+    init(
+        title: String,
+        message: String,
+        confirmTitle: String,
+        onConfirm: @escaping () -> Void)
+    {
+        self.title = title
+        self.message = message
+        self.confirmTitle = confirmTitle
+        self.onConfirm = onConfirm
+    }
+
     init(confirmation: ProviderSettingsConfirmation) {
-        self.title = confirmation.title
-        self.message = confirmation.message
-        self.confirmTitle = confirmation.confirmTitle
+        self.title = L(confirmation.title)
+        self.message = L(confirmation.message)
+        self.confirmTitle = L(confirmation.confirmTitle)
         self.onConfirm = confirmation.onConfirm
     }
 }
diff --git a/Sources/CodexBar/PreferencesView.swift b/Sources/CodexBar/PreferencesView.swift
index a6f893950..961b1b9b8 100644
--- a/Sources/CodexBar/PreferencesView.swift
+++ b/Sources/CodexBar/PreferencesView.swift
@@ -1,7 +1,8 @@
 import AppKit
+import CodexBarCore
 import SwiftUI
 
-enum PreferencesTab: String, Hashable {
+enum PreferencesTab: String, CaseIterable, Hashable {
     case general
     case providers
     case display
@@ -9,9 +10,20 @@ enum PreferencesTab: String, Hashable {
     case about
     case debug
 
-    static let defaultWidth: CGFloat = 496
-    static let providersWidth: CGFloat = 720
-    static let windowHeight: CGFloat = 580
+    static let defaultWidth: CGFloat = 546
+    static let providersWidth: CGFloat = 792
+    static let windowHeight: CGFloat = 638
+
+    var title: String {
+        switch self {
+        case .general: L("tab_general")
+        case .providers: L("tab_providers")
+        case .display: L("tab_display")
+        case .advanced: L("tab_advanced")
+        case .about: L("tab_about")
+        case .debug: L("tab_debug")
+        }
+    }
 
     var preferredWidth: CGFloat {
         self == .providers ? PreferencesTab.providersWidth : PreferencesTab.defaultWidth
@@ -28,37 +40,68 @@ struct PreferencesView: View {
     @Bindable var store: UsageStore
     let updater: UpdaterProviding
     @Bindable var selection: PreferencesSelection
+    let managedCodexAccountCoordinator: ManagedCodexAccountCoordinator
+    let codexAccountPromotionCoordinator: CodexAccountPromotionCoordinator
+    let runProviderLoginFlow: @MainActor (UsageProvider) async -> Void
     @State private var contentWidth: CGFloat = PreferencesTab.general.preferredWidth
     @State private var contentHeight: CGFloat = PreferencesTab.general.preferredHeight
 
+    init(
+        settings: SettingsStore,
+        store: UsageStore,
+        updater: UpdaterProviding,
+        selection: PreferencesSelection,
+        managedCodexAccountCoordinator: ManagedCodexAccountCoordinator = ManagedCodexAccountCoordinator(),
+        codexAccountPromotionCoordinator: CodexAccountPromotionCoordinator? = nil,
+        runProviderLoginFlow: @escaping @MainActor (UsageProvider) async -> Void = { _ in })
+    {
+        self.settings = settings
+        self.store = store
+        self.updater = updater
+        self.selection = selection
+        self.managedCodexAccountCoordinator = managedCodexAccountCoordinator
+        self.codexAccountPromotionCoordinator = codexAccountPromotionCoordinator
+            ?? CodexAccountPromotionCoordinator(
+                settingsStore: settings,
+                usageStore: store,
+                managedAccountCoordinator: managedCodexAccountCoordinator)
+        self.runProviderLoginFlow = runProviderLoginFlow
+    }
+
     var body: some View {
         TabView(selection: self.$selection.tab) {
             GeneralPane(settings: self.settings, store: self.store)
-                .tabItem { Label("General", systemImage: "gearshape") }
+                .tabItem { Label(L("tab_general"), systemImage: "gearshape") }
                 .tag(PreferencesTab.general)
 
-            ProvidersPane(settings: self.settings, store: self.store)
-                .tabItem { Label("Providers", systemImage: "square.grid.2x2") }
+            ProvidersPane(
+                settings: self.settings,
+                store: self.store,
+                managedCodexAccountCoordinator: self.managedCodexAccountCoordinator,
+                codexAccountPromotionCoordinator: self.codexAccountPromotionCoordinator,
+                runProviderLoginFlow: self.runProviderLoginFlow)
+                .tabItem { Label(L("tab_providers"), systemImage: "square.grid.2x2") }
                 .tag(PreferencesTab.providers)
 
             DisplayPane(settings: self.settings, store: self.store)
-                .tabItem { Label("Display", systemImage: "eye") }
+                .tabItem { Label(L("tab_display"), systemImage: "eye") }
                 .tag(PreferencesTab.display)
 
             AdvancedPane(settings: self.settings)
-                .tabItem { Label("Advanced", systemImage: "slider.horizontal.3") }
+                .tabItem { Label(L("tab_advanced"), systemImage: "slider.horizontal.3") }
                 .tag(PreferencesTab.advanced)
 
             AboutPane(updater: self.updater)
-                .tabItem { Label("About", systemImage: "info.circle") }
+                .tabItem { Label(L("tab_about"), systemImage: "info.circle") }
                 .tag(PreferencesTab.about)
 
             if self.settings.debugMenuEnabled {
                 DebugPane(settings: self.settings, store: self.store)
-                    .tabItem { Label("Debug", systemImage: "ladybug") }
+                    .tabItem { Label(L("tab_debug"), systemImage: "ladybug") }
                     .tag(PreferencesTab.debug)
             }
         }
+        .id(self.settings.appLanguage)
         .padding(.horizontal, 24)
         .padding(.vertical, 16)
         .frame(width: self.contentWidth, height: self.contentHeight)
@@ -84,6 +127,24 @@ struct PreferencesView: View {
         } else {
             change()
         }
+        Self.resizeSettingsWindow(width: tab.preferredWidth, height: tab.preferredHeight, animate: animate)
+    }
+
+    private static let settingsWindowIdentifier = "com_apple_SwiftUI_Settings_window"
+    private static let knownTabTitles = Set(PreferencesTab.allCases.map(\.title))
+
+    private static func resizeSettingsWindow(width: CGFloat, height: CGFloat, animate: Bool) {
+        guard let window = NSApp.windows.first(where: {
+            $0.identifier?.rawValue == settingsWindowIdentifier
+                || knownTabTitles.contains($0.title)
+        }) else { return }
+        let toolbarHeight = window.frame.height - window.contentLayoutRect.height
+        guard toolbarHeight > 0 else { return }
+        let newSize = NSSize(width: width, height: height + toolbarHeight)
+        var frame = window.frame
+        frame.origin.y += frame.size.height - newSize.height
+        frame.size = newSize
+        window.setFrame(frame, display: true, animate: animate)
     }
 
     private func ensureValidTabSelection() {
diff --git a/Sources/CodexBar/ProviderBrandIcon.swift b/Sources/CodexBar/ProviderBrandIcon.swift
index d07477e69..cec160ad9 100644
--- a/Sources/CodexBar/ProviderBrandIcon.swift
+++ b/Sources/CodexBar/ProviderBrandIcon.swift
@@ -18,8 +18,10 @@ enum ProviderBrandIcon {
 
     static func image(for provider: UsageProvider) -> NSImage? {
         let baseName = ProviderDescriptorRegistry.descriptor(for: provider).branding.iconResourceName
-        guard let bundle = self.resourceBundle,
-              let url = bundle.url(forResource: baseName, withExtension: "svg"),
+        guard let bundle = self.resourceBundle else {
+            return nil
+        }
+        guard let url = bundle.url(forResource: baseName, withExtension: "svg"),
               let image = NSImage(contentsOf: url)
         else {
             return nil
diff --git a/Sources/CodexBar/ProviderRegistry.swift b/Sources/CodexBar/ProviderRegistry.swift
index 1e26c4c86..eeeb541b1 100644
--- a/Sources/CodexBar/ProviderRegistry.swift
+++ b/Sources/CodexBar/ProviderRegistry.swift
@@ -23,7 +23,8 @@ struct ProviderRegistry {
         metadata: [UsageProvider: ProviderMetadata],
         codexFetcher: UsageFetcher,
         claudeFetcher: any ClaudeUsageFetching,
-        browserDetection: BrowserDetection) -> [UsageProvider: ProviderSpec]
+        browserDetection: BrowserDetection,
+        environmentBase: [String: String] = ProcessInfo.processInfo.environment) -> [UsageProvider: ProviderSpec]
     {
         var specs: [UsageProvider: ProviderSpec] = [:]
         specs.reserveCapacity(UsageProvider.allCases.count)
@@ -36,28 +37,51 @@ struct ProviderRegistry {
                 isEnabled: { settings.isProviderEnabled(provider: provider, metadata: meta) },
                 descriptor: descriptor,
                 makeFetchContext: {
+                    let account = ProviderTokenAccountSelection.selectedAccount(
+                        provider: provider,
+                        settings: settings,
+                        override: nil)
                     let sourceMode = ProviderCatalog.implementation(for: provider)?
                         .sourceMode(context: ProviderSourceModeContext(provider: provider, settings: settings))
                         ?? .auto
                     let snapshot = Self.makeSettingsSnapshot(settings: settings, tokenOverride: nil)
                     let env = Self.makeEnvironment(
-                        base: ProcessInfo.processInfo.environment,
+                        base: environmentBase,
                         provider: provider,
                         settings: settings,
                         tokenOverride: nil)
+                    let fetcher = Self.makeFetcher(base: codexFetcher, provider: provider, env: env)
                     let verbose = settings.isVerboseLoggingEnabled
                     return ProviderFetchContext(
                         runtime: .app,
                         sourceMode: sourceMode,
                         includeCredits: false,
+                        includeOptionalUsage: settings.showOptionalCreditsAndExtraUsage,
                         webTimeout: 60,
                         webDebugDumpHTML: false,
                         verbose: verbose,
                         env: env,
                         settings: snapshot,
-                        fetcher: codexFetcher,
+                        fetcher: fetcher,
                         claudeFetcher: claudeFetcher,
-                        browserDetection: browserDetection)
+                        browserDetection: browserDetection,
+                        selectedTokenAccountID: account?.id,
+                        tokenAccountTokenUpdater: { provider, accountID, token in
+                            await MainActor.run {
+                                settings.updateTokenAccount(
+                                    provider: provider,
+                                    accountID: accountID,
+                                    token: token)
+                            }
+                        },
+                        providerManualTokenUpdater: { provider, token in
+                            await MainActor.run {
+                                if provider == .stepfun {
+                                    settings.stepfunToken = token
+                                }
+                            }
+                        },
+                        costUsageHistoryDays: settings.costUsageHistoryDays)
                 })
             specs[provider] = spec
         }
@@ -68,13 +92,17 @@ struct ProviderRegistry {
     @MainActor
     static func makeSettingsSnapshot(
         settings: SettingsStore,
-        tokenOverride: TokenAccountOverride?) -> ProviderSettingsSnapshot
+        tokenOverride: TokenAccountOverride?,
+        codexActiveSourceOverride: CodexActiveSource? = nil) -> ProviderSettingsSnapshot
     {
         settings.ensureTokenAccountsLoaded()
         var builder = ProviderSettingsSnapshotBuilder(
             debugMenuEnabled: settings.debugMenuEnabled,
             debugKeepCLISessionsAlive: settings.debugKeepCLISessionsAlive)
-        let context = ProviderSettingsSnapshotContext(settings: settings, tokenOverride: tokenOverride)
+        let context = ProviderSettingsSnapshotContext(
+            settings: settings,
+            tokenOverride: tokenOverride,
+            codexActiveSourceOverride: codexActiveSourceOverride)
         for implementation in ProviderCatalog.all {
             if let contribution = implementation.settingsSnapshot(context: context) {
                 builder.apply(contribution)
@@ -88,25 +116,52 @@ struct ProviderRegistry {
         base: [String: String],
         provider: UsageProvider,
         settings: SettingsStore,
-        tokenOverride: TokenAccountOverride?) -> [String: String]
+        tokenOverride: TokenAccountOverride?,
+        codexActiveSourceOverride: CodexActiveSource? = nil) -> [String: String]
     {
         let account = ProviderTokenAccountSelection.selectedAccount(
             provider: provider,
             settings: settings,
             override: tokenOverride)
-        var env = ProviderConfigEnvironment.applyAPIKeyOverride(
+        var env = ProviderConfigEnvironment.applyProviderConfigOverrides(
             base: base,
             provider: provider,
             config: settings.providerConfig(for: provider))
         // If token account is selected, use its token instead of config's apiKey
-        if let account, let override = TokenAccountSupportCatalog.envOverride(
-            for: provider,
-            token: account.token)
-        {
-            for (key, value) in override {
-                env[key] = value
+        if let account {
+            TokenAccountSupportCatalog.scrubEnvironmentForSelectedAccount(
+                &env,
+                provider: provider,
+                token: account.token)
+            if let override = TokenAccountSupportCatalog.envOverride(
+                for: provider,
+                token: account.token)
+            {
+                for (key, value) in override {
+                    env[key] = value
+                }
+            }
+        }
+        // Managed Codex routing only scopes remote account fetches such as identity, plan,
+        // quotas, and dashboard data, and only when the active source is a managed account.
+        // Token-cost/session history is intentionally not routed through the managed home
+        // because that data is currently treated as provider-level local telemetry from this
+        // Mac's Codex sessions, not as account-owned remote state. If we later want
+        // account-scoped token history in the UI, that needs an explicit product decision and
+        // presentation change so the two concepts are not conflated.
+        if provider == .codex {
+            let codexActiveSource = codexActiveSourceOverride ?? settings.codexResolvedActiveSource
+            if case .managedAccount = codexActiveSource,
+               let managedHomePath = settings.managedCodexRemoteHomePath(forActiveSource: codexActiveSource)
+            {
+                env = CodexHomeScope.scopedEnvironment(base: env, codexHome: managedHomePath)
             }
         }
         return env
     }
+
+    static func makeFetcher(base: UsageFetcher, provider: UsageProvider, env: [String: String]) -> UsageFetcher {
+        guard provider == .codex else { return base }
+        return UsageFetcher(environment: env)
+    }
 }
diff --git a/Sources/CodexBar/ProviderSwitcherButtons.swift b/Sources/CodexBar/ProviderSwitcherButtons.swift
index 05ce53c53..0832e2bb3 100644
--- a/Sources/CodexBar/ProviderSwitcherButtons.swift
+++ b/Sources/CodexBar/ProviderSwitcherButtons.swift
@@ -1,6 +1,8 @@
 import AppKit
 
 final class PaddedToggleButton: NSButton {
+    private var quotaBarReservedHeight: CGFloat = 0
+
     var contentPadding = NSEdgeInsets(top: 4, left: 7, bottom: 4, right: 7) {
         didSet {
             if oldValue.top != self.contentPadding.top ||
@@ -17,16 +19,30 @@ final class PaddedToggleButton: NSButton {
         let size = super.intrinsicContentSize
         return NSSize(
             width: size.width + self.contentPadding.left + self.contentPadding.right,
-            height: size.height + self.contentPadding.top + self.contentPadding.bottom)
+            height: size.height + self.contentPadding.top + self.contentPadding.bottom + self.quotaBarReservedHeight)
+    }
+
+    func setQuotaBarReservedHeight(_ height: CGFloat) {
+        guard self.quotaBarReservedHeight != height else { return }
+        self.quotaBarReservedHeight = height
+        self.invalidateIntrinsicContentSize()
     }
 }
 
+@MainActor
+protocol ProviderSwitcherToggleButton: AnyObject {
+    func setQuotaBarReservedHeight(_ height: CGFloat)
+}
+
+extension PaddedToggleButton: ProviderSwitcherToggleButton {}
+
 final class InlineIconToggleButton: NSButton {
     private let iconView = NSImageView()
     private let titleField = NSTextField(labelWithString: "")
     private let stack = NSStackView()
     private var paddingConstraints: [NSLayoutConstraint] = []
     private var iconSizeConstraints: [NSLayoutConstraint] = []
+    private var quotaBarReservedHeight: CGFloat = 0
     private var isConfiguring = false // Batch invalidation during setup
 
     var contentPadding = NSEdgeInsets(top: 4, left: 7, bottom: 4, right: 7) {
@@ -34,7 +50,8 @@ final class InlineIconToggleButton: NSButton {
             self.paddingConstraints.first { $0.firstAttribute == .top }?.constant = self.contentPadding.top
             self.paddingConstraints.first { $0.firstAttribute == .leading }?.constant = self.contentPadding.left
             self.paddingConstraints.first { $0.firstAttribute == .trailing }?.constant = -self.contentPadding.right
-            self.paddingConstraints.first { $0.firstAttribute == .bottom }?.constant = -(self.contentPadding.bottom + 4)
+            self.paddingConstraints.first { $0.firstAttribute == .bottom }?.constant =
+                -(self.contentPadding.bottom + self.quotaBarReservedHeight)
             if !self.isConfiguring { self.invalidateIntrinsicContentSize() }
         }
     }
@@ -47,6 +64,7 @@ final class InlineIconToggleButton: NSButton {
             super.attributedTitle = NSAttributedString(string: "")
             super.attributedAlternateTitle = NSAttributedString(string: "")
             self.titleField.stringValue = newValue
+            self.setAccessibilityLabel(newValue)
             if !self.isConfiguring { self.invalidateIntrinsicContentSize() }
         }
     }
@@ -70,6 +88,14 @@ final class InlineIconToggleButton: NSButton {
         self.titleField.font = NSFont.systemFont(ofSize: size)
     }
 
+    func setQuotaBarReservedHeight(_ height: CGFloat) {
+        guard self.quotaBarReservedHeight != height else { return }
+        self.quotaBarReservedHeight = height
+        self.paddingConstraints.first { $0.firstAttribute == .bottom }?.constant =
+            -(self.contentPadding.bottom + height)
+        if !self.isConfiguring { self.invalidateIntrinsicContentSize() }
+    }
+
     func setAllowsTwoLineTitle(_ allow: Bool) {
         let hasWhitespace = self.titleField.stringValue.rangeOfCharacter(from: .whitespacesAndNewlines) != nil
         let shouldWrap = allow && hasWhitespace
@@ -82,7 +108,7 @@ final class InlineIconToggleButton: NSButton {
         let size = self.stack.fittingSize
         return NSSize(
             width: size.width + self.contentPadding.left + self.contentPadding.right,
-            height: size.height + self.contentPadding.top + self.contentPadding.bottom)
+            height: size.height + self.contentPadding.top + self.contentPadding.bottom + self.quotaBarReservedHeight)
     }
 
     init(title: String, image: NSImage, target: AnyObject?, action: Selector?) {
@@ -108,6 +134,7 @@ final class InlineIconToggleButton: NSButton {
         self.setButtonType(.toggle)
         self.controlSize = .small
         self.wantsLayer = true
+        self.setAccessibilityRole(.button)
 
         self.iconView.imageScaling = .scaleNone
         self.iconView.translatesAutoresizingMaskIntoConstraints = false
@@ -143,19 +170,22 @@ final class InlineIconToggleButton: NSButton {
         centerX.priority = .defaultHigh
         let bottom = self.stack.bottomAnchor.constraint(
             lessThanOrEqualTo: self.bottomAnchor,
-            constant: -(self.contentPadding.bottom + 4))
+            constant: -self.contentPadding.bottom)
         self.paddingConstraints = [top, leading, trailing, bottom, centerX]
 
         NSLayoutConstraint.activate(self.paddingConstraints + self.iconSizeConstraints)
     }
 }
 
+extension InlineIconToggleButton: ProviderSwitcherToggleButton {}
+
 final class StackedToggleButton: NSButton {
     private let iconView = NSImageView()
     private let titleField = NSTextField(labelWithString: "")
     private let stack = NSStackView()
     private var paddingConstraints: [NSLayoutConstraint] = []
     private var iconSizeConstraints: [NSLayoutConstraint] = []
+    private var quotaBarReservedHeight: CGFloat = 0
     private var isConfiguring = false // Batch invalidation during setup
 
     var contentPadding = NSEdgeInsets(top: 2, left: 4, bottom: 2, right: 4) {
@@ -163,7 +193,8 @@ final class StackedToggleButton: NSButton {
             self.paddingConstraints.first { $0.firstAttribute == .top }?.constant = self.contentPadding.top
             self.paddingConstraints.first { $0.firstAttribute == .leading }?.constant = self.contentPadding.left
             self.paddingConstraints.first { $0.firstAttribute == .trailing }?.constant = -self.contentPadding.right
-            self.paddingConstraints.first { $0.firstAttribute == .bottom }?.constant = -self.contentPadding.bottom
+            self.paddingConstraints.first { $0.firstAttribute == .bottom }?.constant =
+                -(self.contentPadding.bottom + self.quotaBarReservedHeight)
             if !self.isConfiguring { self.invalidateIntrinsicContentSize() }
         }
     }
@@ -176,6 +207,7 @@ final class StackedToggleButton: NSButton {
             super.attributedTitle = NSAttributedString(string: "")
             super.attributedAlternateTitle = NSAttributedString(string: "")
             self.titleField.stringValue = newValue
+            self.setAccessibilityLabel(newValue)
             if !self.isConfiguring { self.invalidateIntrinsicContentSize() }
         }
     }
@@ -199,6 +231,14 @@ final class StackedToggleButton: NSButton {
         self.titleField.font = NSFont.systemFont(ofSize: size)
     }
 
+    func setQuotaBarReservedHeight(_ height: CGFloat) {
+        guard self.quotaBarReservedHeight != height else { return }
+        self.quotaBarReservedHeight = height
+        self.paddingConstraints.first { $0.firstAttribute == .bottom }?.constant =
+            -(self.contentPadding.bottom + height)
+        if !self.isConfiguring { self.invalidateIntrinsicContentSize() }
+    }
+
     func setAllowsTwoLineTitle(_ allow: Bool) {
         let hasWhitespace = self.titleField.stringValue.rangeOfCharacter(from: .whitespacesAndNewlines) != nil
         let shouldWrap = allow && hasWhitespace
@@ -211,7 +251,7 @@ final class StackedToggleButton: NSButton {
         let size = self.stack.fittingSize
         return NSSize(
             width: size.width + self.contentPadding.left + self.contentPadding.right,
-            height: size.height + self.contentPadding.top + self.contentPadding.bottom)
+            height: size.height + self.contentPadding.top + self.contentPadding.bottom + self.quotaBarReservedHeight)
     }
 
     init(title: String, image: NSImage, target: AnyObject?, action: Selector?) {
@@ -237,6 +277,7 @@ final class StackedToggleButton: NSButton {
         self.setButtonType(.toggle)
         self.controlSize = .small
         self.wantsLayer = true
+        self.setAccessibilityRole(.button)
 
         self.iconView.imageScaling = .scaleNone
         self.iconView.translatesAutoresizingMaskIntoConstraints = false
@@ -261,7 +302,6 @@ final class StackedToggleButton: NSButton {
 
         // Avoid subpixel centering: pin from the top so the icon sits on whole-point coordinates.
         // Force an even layout width (button width minus padding) so the icon doesn't land on 0.5pt centers.
-        // Reserve some bottom space for the "weekly remaining" indicator line.
         let top = self.stack.topAnchor.constraint(
             equalTo: self.topAnchor,
             constant: self.contentPadding.top)
@@ -273,9 +313,11 @@ final class StackedToggleButton: NSButton {
             constant: -self.contentPadding.right)
         let bottom = self.stack.bottomAnchor.constraint(
             lessThanOrEqualTo: self.bottomAnchor,
-            constant: -(self.contentPadding.bottom + 4))
+            constant: -self.contentPadding.bottom)
         self.paddingConstraints = [top, leading, trailing, bottom]
 
         NSLayoutConstraint.activate(self.paddingConstraints + self.iconSizeConstraints)
     }
 }
+
+extension StackedToggleButton: ProviderSwitcherToggleButton {}
diff --git a/Sources/CodexBar/Providers/Abacus/AbacusProviderImplementation.swift b/Sources/CodexBar/Providers/Abacus/AbacusProviderImplementation.swift
new file mode 100644
index 000000000..1e0cdeb9f
--- /dev/null
+++ b/Sources/CodexBar/Providers/Abacus/AbacusProviderImplementation.swift
@@ -0,0 +1,100 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+import SwiftUI
+
+@ProviderImplementationRegistration
+struct AbacusProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .abacus
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.abacusCookieSource
+        _ = settings.abacusCookieHeader
+    }
+
+    @MainActor
+    func settingsSnapshot(context: ProviderSettingsSnapshotContext) -> ProviderSettingsSnapshotContribution? {
+        .abacus(context.settings.abacusSettingsSnapshot(tokenOverride: context.tokenOverride))
+    }
+
+    @MainActor
+    func tokenAccountsVisibility(context: ProviderSettingsContext, support: TokenAccountSupport) -> Bool {
+        guard support.requiresManualCookieSource else { return true }
+        if !context.settings.tokenAccounts(for: context.provider).isEmpty { return true }
+        return context.settings.abacusCookieSource == .manual
+    }
+
+    @MainActor
+    func applyTokenAccountCookieSource(settings: SettingsStore) {
+        if settings.abacusCookieSource != .manual {
+            settings.abacusCookieSource = .manual
+        }
+    }
+
+    @MainActor
+    func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        let cookieBinding = Binding(
+            get: { context.settings.abacusCookieSource.rawValue },
+            set: { raw in
+                context.settings.abacusCookieSource = ProviderCookieSource(rawValue: raw) ?? .auto
+            })
+        let cookieOptions = ProviderCookieSourceUI.options(
+            allowsOff: false,
+            keychainDisabled: context.settings.debugDisableKeychainAccess)
+
+        let cookieSubtitle: () -> String? = {
+            ProviderCookieSourceUI.subtitle(
+                source: context.settings.abacusCookieSource,
+                keychainDisabled: context.settings.debugDisableKeychainAccess,
+                auto: "Automatic imports browser cookies.",
+                manual: "Paste a Cookie header or cURL capture from the Abacus AI dashboard.",
+                off: "Abacus AI cookies are disabled.")
+        }
+
+        return [
+            ProviderSettingsPickerDescriptor(
+                id: "abacus-cookie-source",
+                title: "Cookie source",
+                subtitle: "Automatic imports browser cookies.",
+                dynamicSubtitle: cookieSubtitle,
+                binding: cookieBinding,
+                options: cookieOptions,
+                isVisible: nil,
+                onChange: nil,
+                trailingText: {
+                    guard let entry = CookieHeaderCache.load(provider: .abacus) else { return nil }
+                    let when = entry.storedAt.relativeDescription()
+                    return "Cached: \(entry.sourceLabel) • \(when)"
+                }),
+        ]
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "abacus-cookie",
+                title: "",
+                subtitle: "",
+                kind: .secure,
+                placeholder: "Cookie: \u{2026}\n\nor paste a cURL capture from the Abacus AI dashboard",
+                binding: context.stringBinding(\.abacusCookieHeader),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "abacus-open-dashboard",
+                        title: "Open Dashboard",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            if let url = URL(string: "https://apps.abacus.ai/chatllm/admin/compute-points-usage") {
+                                NSWorkspace.shared.open(url)
+                            }
+                        }),
+                ],
+                isVisible: { context.settings.abacusCookieSource == .manual },
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/Abacus/AbacusSettingsStore.swift b/Sources/CodexBar/Providers/Abacus/AbacusSettingsStore.swift
new file mode 100644
index 000000000..d5e5c3e30
--- /dev/null
+++ b/Sources/CodexBar/Providers/Abacus/AbacusSettingsStore.swift
@@ -0,0 +1,61 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var abacusCookieHeader: String {
+        get { self.configSnapshot.providerConfig(for: .abacus)?.sanitizedCookieHeader ?? "" }
+        set {
+            self.updateProviderConfig(provider: .abacus) { entry in
+                entry.cookieHeader = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .abacus, field: "cookieHeader", value: newValue)
+        }
+    }
+
+    var abacusCookieSource: ProviderCookieSource {
+        get { self.resolvedCookieSource(provider: .abacus, fallback: .auto) }
+        set {
+            self.updateProviderConfig(provider: .abacus) { entry in
+                entry.cookieSource = newValue
+            }
+            self.logProviderModeChange(provider: .abacus, field: "cookieSource", value: newValue.rawValue)
+        }
+    }
+}
+
+extension SettingsStore {
+    func abacusSettingsSnapshot(tokenOverride: TokenAccountOverride?) -> ProviderSettingsSnapshot
+    .AbacusProviderSettings {
+        ProviderSettingsSnapshot.AbacusProviderSettings(
+            cookieSource: self.abacusSnapshotCookieSource(tokenOverride: tokenOverride),
+            manualCookieHeader: self.abacusSnapshotCookieHeader(tokenOverride: tokenOverride))
+    }
+
+    private func abacusSnapshotCookieHeader(tokenOverride: TokenAccountOverride?) -> String {
+        let fallback = self.abacusCookieHeader
+        guard let support = TokenAccountSupportCatalog.support(for: .abacus),
+              case .cookieHeader = support.injection
+        else {
+            return fallback
+        }
+        guard let account = ProviderTokenAccountSelection.selectedAccount(
+            provider: .abacus,
+            settings: self,
+            override: tokenOverride)
+        else {
+            return fallback
+        }
+        return TokenAccountSupportCatalog.normalizedCookieHeader(account.token, support: support)
+    }
+
+    private func abacusSnapshotCookieSource(tokenOverride _: TokenAccountOverride?) -> ProviderCookieSource {
+        let fallback = self.abacusCookieSource
+        guard let support = TokenAccountSupportCatalog.support(for: .abacus),
+              support.requiresManualCookieSource
+        else {
+            return fallback
+        }
+        if self.tokenAccounts(for: .abacus).isEmpty { return fallback }
+        return .manual
+    }
+}
diff --git a/Sources/CodexBar/Providers/Alibaba/AlibabaCodingPlanProviderImplementation.swift b/Sources/CodexBar/Providers/Alibaba/AlibabaCodingPlanProviderImplementation.swift
new file mode 100644
index 000000000..eb198478e
--- /dev/null
+++ b/Sources/CodexBar/Providers/Alibaba/AlibabaCodingPlanProviderImplementation.swift
@@ -0,0 +1,132 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+import SwiftUI
+
+@ProviderImplementationRegistration
+struct AlibabaCodingPlanProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .alibaba
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { context in
+            context.store.sourceLabel(for: context.provider)
+        }
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.alibabaCodingPlanAPIToken
+        _ = settings.alibabaCodingPlanCookieSource
+        _ = settings.alibabaCodingPlanCookieHeader
+        _ = settings.alibabaCodingPlanAPIRegion
+    }
+
+    @MainActor
+    func settingsSnapshot(context: ProviderSettingsSnapshotContext) -> ProviderSettingsSnapshotContribution? {
+        _ = context
+        return .alibaba(context.settings.alibabaCodingPlanSettingsSnapshot())
+    }
+
+    @MainActor
+    func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        let binding = Binding(
+            get: { context.settings.alibabaCodingPlanAPIRegion.rawValue },
+            set: { raw in
+                context.settings
+                    .alibabaCodingPlanAPIRegion = AlibabaCodingPlanAPIRegion(rawValue: raw) ?? .international
+            })
+        let options = AlibabaCodingPlanAPIRegion.allCases.map {
+            ProviderSettingsPickerOption(id: $0.rawValue, title: $0.displayName)
+        }
+
+        let cookieBinding = Binding(
+            get: { context.settings.alibabaCodingPlanCookieSource.rawValue },
+            set: { raw in
+                context.settings.alibabaCodingPlanCookieSource = ProviderCookieSource(rawValue: raw) ?? .auto
+            })
+        let cookieOptions = ProviderCookieSourceUI.options(
+            allowsOff: false,
+            keychainDisabled: context.settings.debugDisableKeychainAccess)
+        let cookieSubtitle: () -> String? = {
+            ProviderCookieSourceUI.subtitle(
+                source: context.settings.alibabaCodingPlanCookieSource,
+                keychainDisabled: context.settings.debugDisableKeychainAccess,
+                auto: "Automatic imports browser cookies from Model Studio/Bailian.",
+                manual: "Paste a Cookie header from modelstudio.console.alibabacloud.com.",
+                off: "Alibaba cookies are disabled.")
+        }
+
+        return [
+            ProviderSettingsPickerDescriptor(
+                id: "alibaba-coding-plan-cookie-source",
+                title: "Cookie source",
+                subtitle: "Automatic imports browser cookies from Model Studio/Bailian.",
+                dynamicSubtitle: cookieSubtitle,
+                binding: cookieBinding,
+                options: cookieOptions,
+                isVisible: nil,
+                onChange: nil,
+                trailingText: {
+                    guard let entry = CookieHeaderCache.load(provider: .alibaba) else { return nil }
+                    let when = entry.storedAt.relativeDescription()
+                    return "Cached: \(entry.sourceLabel) • \(when)"
+                }),
+            ProviderSettingsPickerDescriptor(
+                id: "alibaba-coding-plan-region",
+                title: "Gateway region",
+                subtitle: "Use international or China mainland console gateways for quota fetches.",
+                binding: binding,
+                options: options,
+                isVisible: nil,
+                onChange: nil),
+        ]
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "alibaba-coding-plan-api-key",
+                title: "API key",
+                subtitle: "Stored in ~/.codexbar/config.json. Paste your Coding Plan API key from Model Studio.",
+                kind: .secure,
+                placeholder: "cpk-...",
+                binding: context.stringBinding(\.alibabaCodingPlanAPIToken),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "alibaba-coding-plan-open-dashboard",
+                        title: "Open Coding Plan",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            NSWorkspace.shared.open(context.settings.alibabaCodingPlanAPIRegion.dashboardURL)
+                        }),
+                ],
+                isVisible: nil,
+                onActivate: { context.settings.ensureAlibabaCodingPlanAPITokenLoaded() }),
+            ProviderSettingsFieldDescriptor(
+                id: "alibaba-coding-plan-cookie",
+                title: "Cookie header",
+                subtitle: "",
+                kind: .secure,
+                placeholder: "Cookie: ...",
+                binding: context.stringBinding(\.alibabaCodingPlanCookieHeader),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "alibaba-coding-plan-open-dashboard-cookie",
+                        title: "Open Coding Plan",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            NSWorkspace.shared.open(context.settings.alibabaCodingPlanAPIRegion.dashboardURL)
+                        }),
+                ],
+                isVisible: {
+                    context.settings.alibabaCodingPlanCookieSource == .manual
+                },
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/Alibaba/AlibabaCodingPlanSettingsStore.swift b/Sources/CodexBar/Providers/Alibaba/AlibabaCodingPlanSettingsStore.swift
new file mode 100644
index 000000000..61e12ce4e
--- /dev/null
+++ b/Sources/CodexBar/Providers/Alibaba/AlibabaCodingPlanSettingsStore.swift
@@ -0,0 +1,86 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    private static let alibabaAutoEnableAppliedKey = "alibabaCodingPlanAutoEnableApplied"
+
+    var alibabaCodingPlanAPIRegion: AlibabaCodingPlanAPIRegion {
+        get {
+            let raw = self.configSnapshot.providerConfig(for: .alibaba)?.region
+            return AlibabaCodingPlanAPIRegion(rawValue: raw ?? "") ?? .international
+        }
+        set {
+            self.updateProviderConfig(provider: .alibaba) { entry in
+                entry.region = newValue.rawValue
+            }
+        }
+    }
+
+    var alibabaCodingPlanCookieHeader: String {
+        get { self.configSnapshot.providerConfig(for: .alibaba)?.sanitizedCookieHeader ?? "" }
+        set {
+            self.updateProviderConfig(provider: .alibaba) { entry in
+                entry.cookieHeader = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .alibaba, field: "cookieHeader", value: newValue)
+        }
+    }
+
+    var alibabaCodingPlanCookieSource: ProviderCookieSource {
+        get { self.resolvedCookieSource(provider: .alibaba, fallback: .auto) }
+        set {
+            self.updateProviderConfig(provider: .alibaba) { entry in
+                entry.cookieSource = newValue
+            }
+            self.logProviderModeChange(provider: .alibaba, field: "cookieSource", value: newValue.rawValue)
+        }
+    }
+
+    var alibabaCodingPlanAPIToken: String {
+        get { self.configSnapshot.providerConfig(for: .alibaba)?.sanitizedAPIKey ?? "" }
+        set {
+            self.updateProviderConfig(provider: .alibaba) { entry in
+                entry.apiKey = self.normalizedConfigValue(newValue)
+            }
+            let hasToken = !newValue.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+            if hasToken,
+               let metadata = ProviderDescriptorRegistry.metadata[.alibaba],
+               !self.isProviderEnabled(provider: .alibaba, metadata: metadata)
+            {
+                self.setProviderEnabled(provider: .alibaba, metadata: metadata, enabled: true)
+            }
+            self.logSecretUpdate(provider: .alibaba, field: "apiKey", value: newValue)
+        }
+    }
+
+    func ensureAlibabaCodingPlanAPITokenLoaded() {}
+
+    func ensureAlibabaProviderAutoEnabledIfNeeded(
+        environment: [String: String] = ProcessInfo.processInfo.environment)
+    {
+        guard self.userDefaults.bool(forKey: Self.alibabaAutoEnableAppliedKey) == false else { return }
+
+        let hasConfigToken = self.configSnapshot.providerConfig(for: .alibaba)?.sanitizedAPIKey != nil
+        let shouldUseEnvironmentToken = !Self.isRunningTests || self.userDefaults === UserDefaults.standard
+        let hasEnvironmentToken = shouldUseEnvironmentToken &&
+            AlibabaCodingPlanSettingsReader.apiToken(environment: environment) != nil
+        guard hasConfigToken || hasEnvironmentToken else { return }
+
+        if let metadata = ProviderDescriptorRegistry.metadata[.alibaba],
+           !self.isProviderEnabled(provider: .alibaba, metadata: metadata)
+        {
+            self.setProviderEnabled(provider: .alibaba, metadata: metadata, enabled: true)
+        }
+
+        self.userDefaults.set(true, forKey: Self.alibabaAutoEnableAppliedKey)
+    }
+}
+
+extension SettingsStore {
+    func alibabaCodingPlanSettingsSnapshot() -> ProviderSettingsSnapshot.AlibabaCodingPlanProviderSettings {
+        ProviderSettingsSnapshot.AlibabaCodingPlanProviderSettings(
+            cookieSource: self.alibabaCodingPlanCookieSource,
+            manualCookieHeader: self.alibabaCodingPlanCookieHeader,
+            apiRegion: self.alibabaCodingPlanAPIRegion)
+    }
+}
diff --git a/Sources/CodexBar/Providers/Alibaba/AlibabaTokenPlanProviderImplementation.swift b/Sources/CodexBar/Providers/Alibaba/AlibabaTokenPlanProviderImplementation.swift
new file mode 100644
index 000000000..ad62bee57
--- /dev/null
+++ b/Sources/CodexBar/Providers/Alibaba/AlibabaTokenPlanProviderImplementation.swift
@@ -0,0 +1,93 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+import SwiftUI
+
+@ProviderImplementationRegistration
+struct AlibabaTokenPlanProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .alibabatokenplan
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { context in
+            context.store.sourceLabel(for: context.provider)
+        }
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.alibabaTokenPlanCookieSource
+        _ = settings.alibabaTokenPlanCookieHeader
+    }
+
+    @MainActor
+    func settingsSnapshot(context: ProviderSettingsSnapshotContext) -> ProviderSettingsSnapshotContribution? {
+        _ = context
+        return .alibabaTokenPlan(context.settings.alibabaTokenPlanSettingsSnapshot())
+    }
+
+    @MainActor
+    func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        let cookieBinding = Binding(
+            get: { context.settings.alibabaTokenPlanCookieSource.rawValue },
+            set: { raw in
+                context.settings.alibabaTokenPlanCookieSource = ProviderCookieSource(rawValue: raw) ?? .auto
+            })
+        let cookieOptions = ProviderCookieSourceUI.options(
+            allowsOff: false,
+            keychainDisabled: context.settings.debugDisableKeychainAccess)
+        let cookieSubtitle: () -> String? = {
+            ProviderCookieSourceUI.subtitle(
+                source: context.settings.alibabaTokenPlanCookieSource,
+                keychainDisabled: context.settings.debugDisableKeychainAccess,
+                auto: "Automatic imports browser cookies from Bailian.",
+                manual: "Paste a Cookie header from bailian.console.aliyun.com.",
+                off: "Alibaba Token Plan cookies are disabled.")
+        }
+
+        return [
+            ProviderSettingsPickerDescriptor(
+                id: "alibaba-token-plan-cookie-source",
+                title: "Cookie source",
+                subtitle: "Automatic imports browser cookies from Bailian.",
+                dynamicSubtitle: cookieSubtitle,
+                binding: cookieBinding,
+                options: cookieOptions,
+                isVisible: nil,
+                onChange: nil,
+                trailingText: {
+                    guard let entry = CookieHeaderCache.load(provider: .alibabatokenplan) else { return nil }
+                    let when = entry.storedAt.relativeDescription()
+                    return "Cached: \(entry.sourceLabel) • \(when)"
+                }),
+        ]
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "alibaba-token-plan-cookie",
+                title: "Cookie header",
+                subtitle: "",
+                kind: .secure,
+                placeholder: "Cookie: ...",
+                binding: context.stringBinding(\.alibabaTokenPlanCookieHeader),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "alibaba-token-plan-open-dashboard",
+                        title: "Open Token Plan",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            NSWorkspace.shared.open(AlibabaTokenPlanUsageFetcher.dashboardURL)
+                        }),
+                ],
+                isVisible: {
+                    context.settings.alibabaTokenPlanCookieSource == .manual
+                },
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/Alibaba/AlibabaTokenPlanSettingsStore.swift b/Sources/CodexBar/Providers/Alibaba/AlibabaTokenPlanSettingsStore.swift
new file mode 100644
index 000000000..6f2ed187b
--- /dev/null
+++ b/Sources/CodexBar/Providers/Alibaba/AlibabaTokenPlanSettingsStore.swift
@@ -0,0 +1,30 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var alibabaTokenPlanCookieHeader: String {
+        get { self.configSnapshot.providerConfig(for: .alibabatokenplan)?.sanitizedCookieHeader ?? "" }
+        set {
+            self.updateProviderConfig(provider: .alibabatokenplan) { entry in
+                entry.cookieHeader = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .alibabatokenplan, field: "cookieHeader", value: newValue)
+        }
+    }
+
+    var alibabaTokenPlanCookieSource: ProviderCookieSource {
+        get { self.resolvedCookieSource(provider: .alibabatokenplan, fallback: .auto) }
+        set {
+            self.updateProviderConfig(provider: .alibabatokenplan) { entry in
+                entry.cookieSource = newValue
+            }
+            self.logProviderModeChange(provider: .alibabatokenplan, field: "cookieSource", value: newValue.rawValue)
+        }
+    }
+
+    func alibabaTokenPlanSettingsSnapshot() -> ProviderSettingsSnapshot.AlibabaTokenPlanProviderSettings {
+        ProviderSettingsSnapshot.AlibabaTokenPlanProviderSettings(
+            cookieSource: self.alibabaTokenPlanCookieSource,
+            manualCookieHeader: self.alibabaTokenPlanCookieHeader)
+    }
+}
diff --git a/Sources/CodexBar/Providers/Antigravity/AntigravityLoginFlow.swift b/Sources/CodexBar/Providers/Antigravity/AntigravityLoginFlow.swift
index e41aa8fe6..b42790e3e 100644
--- a/Sources/CodexBar/Providers/Antigravity/AntigravityLoginFlow.swift
+++ b/Sources/CodexBar/Providers/Antigravity/AntigravityLoginFlow.swift
@@ -3,9 +3,31 @@ import CodexBarCore
 @MainActor
 extension StatusItemController {
     func runAntigravityLoginFlow() async {
+        let store = self.store
+        let phaseHandler: @Sendable (AntigravityLoginRunner.Phase) -> Void = { [weak self] phase in
+            Task { @MainActor in
+                switch phase {
+                case .waitingBrowser:
+                    self?.loginPhase = .waitingBrowser
+                }
+            }
+        }
+        let result = await AntigravityLoginRunner.run(onPhaseChange: phaseHandler) {
+            Task { @MainActor in
+                if let credentials = try? AntigravityOAuthCredentialsStore().load() {
+                    self.store.settings.upsertAntigravityOAuthAccount(credentials)
+                }
+                await store.refresh()
+                CodexBarLog.logger(LogCategories.login).info("Auto-refreshed after Antigravity auth")
+            }
+        }
+        guard !Task.isCancelled else { return }
         self.loginPhase = .idle
-        self.presentLoginAlert(
-            title: "Antigravity login is managed in the app",
-            message: "Open Antigravity to sign in, then refresh CodexBar.")
+        self.presentAntigravityLoginResult(result)
+        let outcome = self.describe(result.outcome)
+        self.loginLogger.info("Antigravity login", metadata: ["outcome": outcome])
+        if case .success = result.outcome {
+            self.postLoginNotification(for: .antigravity)
+        }
     }
 }
diff --git a/Sources/CodexBar/Providers/Antigravity/AntigravityLoginRunner.swift b/Sources/CodexBar/Providers/Antigravity/AntigravityLoginRunner.swift
new file mode 100644
index 000000000..0ac446c87
--- /dev/null
+++ b/Sources/CodexBar/Providers/Antigravity/AntigravityLoginRunner.swift
@@ -0,0 +1,484 @@
+import AppKit
+import CodexBarCore
+import Darwin
+import Foundation
+import Network
+
+enum AntigravityLoginRunner {
+    enum Phase {
+        case waitingBrowser
+    }
+
+    struct Result {
+        enum Outcome {
+            case success(String?)
+            case cancelled
+            case timedOut
+            case launchFailed(String)
+            case failed(String)
+        }
+
+        let outcome: Outcome
+    }
+
+    static func run(
+        timeout: TimeInterval = 120,
+        onPhaseChange: (@Sendable (Phase) -> Void)? = nil,
+        onCredentialsCreated: (@Sendable () -> Void)? = nil) async -> Result
+    {
+        guard let oauthClient = AntigravityOAuthConfig.resolvedClient() else {
+            return Result(outcome: .failed(AntigravityOAuthConfig.missingCredentialsMessage))
+        }
+
+        let state = UUID().uuidString.replacingOccurrences(of: "-", with: "")
+        let server = AntigravityLoopbackServer(state: state)
+
+        do {
+            let callbackURL = try await server.start()
+            let authURL = try Self.makeAuthorizationURL(
+                redirectURL: callbackURL,
+                state: state,
+                oauthClient: oauthClient)
+            onPhaseChange?(.waitingBrowser)
+
+            let opened = await MainActor.run {
+                NSWorkspace.shared.open(authURL)
+            }
+            guard opened else {
+                server.stop()
+                return Result(outcome: .launchFailed(authURL.absoluteString))
+            }
+
+            let callback = try await withThrowingTaskGroup(of: AntigravityOAuthCallback.self) { group in
+                group.addTask {
+                    try await server.waitForCallback()
+                }
+                group.addTask {
+                    try await Task.sleep(for: .seconds(timeout))
+                    server.cancelCallbackWait(with: AntigravityLoginError.timedOut)
+                    throw AntigravityLoginError.timedOut
+                }
+                defer { group.cancelAll() }
+                return try await group.next().unsafelyUnwrapped
+            }
+            server.stop()
+
+            if let error = callback.error?.trimmingCharacters(in: .whitespacesAndNewlines), !error.isEmpty {
+                if error == "access_denied" {
+                    return Result(outcome: .cancelled)
+                }
+                return Result(outcome: .failed(error))
+            }
+
+            guard callback.returnedState == state else {
+                return Result(outcome: .failed("Google login state mismatch."))
+            }
+            guard let code = callback.code?.trimmingCharacters(in: .whitespacesAndNewlines), !code.isEmpty else {
+                return Result(outcome: .failed("Google login did not return an authorization code."))
+            }
+
+            let tokenResponse = try await Self.exchangeCodeForTokens(
+                code: code,
+                redirectURL: callbackURL,
+                oauthClient: oauthClient)
+            let email = try await Self.fetchUserEmail(accessToken: tokenResponse.accessToken)
+            let credentials = AntigravityOAuthCredentials(
+                accessToken: tokenResponse.accessToken,
+                refreshToken: tokenResponse.refreshToken,
+                expiryDate: Date().addingTimeInterval(TimeInterval(tokenResponse.expiresIn)),
+                idToken: tokenResponse.idToken,
+                email: email,
+                projectID: nil,
+                clientID: oauthClient.clientID,
+                clientSecret: oauthClient.clientSecret)
+            try AntigravityOAuthCredentialsStore().save(credentials)
+            onCredentialsCreated?()
+            return Result(outcome: .success(email))
+        } catch is CancellationError {
+            server.stop()
+            return Result(outcome: .cancelled)
+        } catch AntigravityLoginError.timedOut {
+            server.stop()
+            return Result(outcome: .timedOut)
+        } catch let AntigravityLoginError.launchFailed(message) {
+            server.stop()
+            return Result(outcome: .launchFailed(message))
+        } catch {
+            server.stop()
+            return Result(outcome: .failed(error.localizedDescription))
+        }
+    }
+
+    static func makeAuthorizationURL(
+        redirectURL: URL,
+        state: String,
+        oauthClient: AntigravityOAuthClient) throws -> URL
+    {
+        guard var components = URLComponents(url: AntigravityOAuthConfig.authURL, resolvingAgainstBaseURL: false) else {
+            throw AntigravityLoginError.invalidAuthorizationURL
+        }
+        components.queryItems = [
+            URLQueryItem(name: "client_id", value: oauthClient.clientID),
+            URLQueryItem(name: "redirect_uri", value: redirectURL.absoluteString),
+            URLQueryItem(name: "response_type", value: "code"),
+            URLQueryItem(name: "scope", value: AntigravityOAuthConfig.scopes.joined(separator: " ")),
+            URLQueryItem(name: "access_type", value: "offline"),
+            URLQueryItem(name: "prompt", value: "select_account consent"),
+            URLQueryItem(name: "state", value: state),
+        ]
+        guard let url = components.url else {
+            throw AntigravityLoginError.invalidAuthorizationURL
+        }
+        return url
+    }
+
+    private static func exchangeCodeForTokens(
+        code: String,
+        redirectURL: URL,
+        oauthClient: AntigravityOAuthClient) async throws -> TokenResponse
+    {
+        var request = URLRequest(url: AntigravityOAuthConfig.tokenURL)
+        request.httpMethod = "POST"
+        request.timeoutInterval = 30
+        request.setValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")
+        request.httpBody = Self.formBody([
+            "code": code,
+            "client_id": oauthClient.clientID,
+            "client_secret": oauthClient.clientSecret,
+            "redirect_uri": redirectURL.absoluteString,
+            "grant_type": "authorization_code",
+        ])
+
+        let (data, response) = try await ProviderHTTPClient.shared.data(for: request)
+        guard let httpResponse = response as? HTTPURLResponse else {
+            throw AntigravityLoginError.failed("Invalid token response.")
+        }
+        guard httpResponse.statusCode == 200 else {
+            let message = String(data: data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines)
+                ?? "HTTP \(httpResponse.statusCode)"
+            throw AntigravityLoginError.failed(message)
+        }
+        do {
+            return try JSONDecoder().decode(TokenResponse.self, from: data)
+        } catch {
+            throw AntigravityLoginError.failed("Could not decode token response.")
+        }
+    }
+
+    private static func fetchUserEmail(accessToken: String) async throws -> String? {
+        var request = URLRequest(url: AntigravityOAuthConfig.userInfoURL)
+        request.timeoutInterval = 15
+        request.setValue("Bearer \(accessToken)", forHTTPHeaderField: "Authorization")
+
+        do {
+            let (data, response) = try await ProviderHTTPClient.shared.data(for: request)
+            guard let httpResponse = response as? HTTPURLResponse, httpResponse.statusCode == 200 else {
+                return nil
+            }
+            let userInfo = try JSONDecoder().decode(UserInfoResponse.self, from: data)
+            let email = userInfo.email?.trimmingCharacters(in: .whitespacesAndNewlines)
+            return (email?.isEmpty == false) ? email : nil
+        } catch {
+            return nil
+        }
+    }
+
+    private static func formBody(_ values: [String: String]) -> Data? {
+        values
+            .map { key, value in
+                let encodedKey = key.addingPercentEncoding(withAllowedCharacters: .urlQueryValueAllowed) ?? key
+                let encodedValue = value.addingPercentEncoding(withAllowedCharacters: .urlQueryValueAllowed) ?? value
+                return "\(encodedKey)=\(encodedValue)"
+            }
+            .joined(separator: "&")
+            .data(using: .utf8)
+    }
+}
+
+private enum AntigravityLoginError: LocalizedError {
+    case invalidAuthorizationURL
+    case timedOut
+    case launchFailed(String)
+    case failed(String)
+
+    var errorDescription: String? {
+        switch self {
+        case .invalidAuthorizationURL:
+            "Could not build the Antigravity login URL."
+        case .timedOut:
+            "Antigravity login timed out."
+        case let .launchFailed(message):
+            message
+        case let .failed(message):
+            message
+        }
+    }
+}
+
+private struct TokenResponse: Decodable {
+    let accessToken: String
+    let refreshToken: String?
+    let expiresIn: Int
+    let idToken: String?
+
+    enum CodingKeys: String, CodingKey {
+        case accessToken = "access_token"
+        case refreshToken = "refresh_token"
+        case expiresIn = "expires_in"
+        case idToken = "id_token"
+    }
+}
+
+private struct UserInfoResponse: Decodable {
+    let email: String?
+}
+
+private struct AntigravityOAuthCallback {
+    let code: String?
+    let returnedState: String?
+    let error: String?
+}
+
+private final class AntigravityLoopbackServer: @unchecked Sendable {
+    private let expectedState: String
+    private let queue = DispatchQueue(label: "codexbar.antigravity.oauth")
+    private let lock = NSLock()
+    private var listener: NWListener?
+    private var readyContinuation: CheckedContinuation<URL, Error>?
+    private var callbackContinuation: CheckedContinuation<AntigravityOAuthCallback, Error>?
+    private var pendingCallbackResult: Result<AntigravityOAuthCallback, Error>?
+    private var completed = false
+
+    init(state: String) {
+        self.expectedState = state
+    }
+
+    func start() async throws -> URL {
+        let port = try Self.findAvailablePort()
+        guard let endpointPort = NWEndpoint.Port(rawValue: port) else {
+            throw AntigravityLoginError.failed("Could not reserve a local callback port.")
+        }
+        let listener = try NWListener(using: .tcp, on: endpointPort)
+        self.listener = listener
+        listener.newConnectionHandler = { [weak self] connection in
+            self?.handle(connection)
+        }
+
+        return try await withCheckedThrowingContinuation { continuation in
+            self.readyContinuation = continuation
+            listener.stateUpdateHandler = { [weak self] state in
+                guard let self else { return }
+                switch state {
+                case .ready:
+                    let url = URL(string: "http://127.0.0.1:\(port)/callback")!
+                    self.finishReady(with: .success(url))
+                case let .failed(error):
+                    self.finishReady(with: .failure(error))
+                    self.finishCallback(with: .failure(error))
+                default:
+                    break
+                }
+            }
+            listener.start(queue: self.queue)
+        }
+    }
+
+    func waitForCallback() async throws -> AntigravityOAuthCallback {
+        try await withCheckedThrowingContinuation { continuation in
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            if let pending = self.pendingCallbackResult {
+                self.pendingCallbackResult = nil
+                switch pending {
+                case let .success(callback):
+                    continuation.resume(returning: callback)
+                case let .failure(error):
+                    continuation.resume(throwing: error)
+                }
+                return
+            }
+            self.callbackContinuation = continuation
+        }
+    }
+
+    func stop() {
+        self.listener?.cancel()
+        self.listener = nil
+    }
+
+    func cancelCallbackWait(with error: Error) {
+        self.stop()
+        self.finishCallback(with: .failure(error))
+    }
+
+    private func handle(_ connection: NWConnection) {
+        connection.start(queue: self.queue)
+        self.receive(on: connection, accumulated: Data())
+    }
+
+    private func receive(on connection: NWConnection, accumulated: Data) {
+        connection.receive(minimumIncompleteLength: 1, maximumLength: 65536) { [weak self] data, _, isComplete, error in
+            guard let self else { return }
+            if let error {
+                self.finishCallback(with: .failure(error))
+                connection.cancel()
+                return
+            }
+
+            var buffer = accumulated
+            if let data {
+                buffer.append(data)
+            }
+
+            let headerMarker = Data("\r\n\r\n".utf8)
+            if buffer.range(of: headerMarker) == nil, !isComplete {
+                self.receive(on: connection, accumulated: buffer)
+                return
+            }
+
+            let callback = self.parseCallback(from: buffer)
+            let response = self.httpResponse(for: callback)
+            connection.send(content: response, completion: .contentProcessed { _ in
+                connection.cancel()
+            })
+            self.finishCallback(with: .success(callback))
+        }
+    }
+
+    private func parseCallback(from data: Data) -> AntigravityOAuthCallback {
+        guard let request = String(data: data, encoding: .utf8),
+              let line = request.components(separatedBy: "\r\n").first
+        else {
+            return AntigravityOAuthCallback(code: nil, returnedState: nil, error: "Invalid callback request.")
+        }
+
+        let parts = line.split(separator: " ")
+        guard parts.count >= 2,
+              let url = URL(string: "http://127.0.0.1\(parts[1])"),
+              let components = URLComponents(url: url, resolvingAgainstBaseURL: false)
+        else {
+            return AntigravityOAuthCallback(code: nil, returnedState: nil, error: "Invalid callback URL.")
+        }
+
+        let code = components.queryItems?.first(where: { $0.name == "code" })?.value
+        let returnedState = components.queryItems?.first(where: { $0.name == "state" })?.value
+        let error = components.queryItems?.first(where: { $0.name == "error" })?.value
+
+        guard components.path == "/callback" else {
+            return AntigravityOAuthCallback(code: nil, returnedState: returnedState, error: "Unexpected callback path.")
+        }
+        if let returnedState, returnedState != self.expectedState {
+            return AntigravityOAuthCallback(code: code, returnedState: returnedState, error: "State mismatch.")
+        }
+        return AntigravityOAuthCallback(code: code, returnedState: returnedState, error: error)
+    }
+
+    private func httpResponse(for callback: AntigravityOAuthCallback) -> Data {
+        let success = callback.error == nil && callback.code?.isEmpty == false
+        let status = success ? "200 OK" : "400 Bad Request"
+        let title = success ? "Login Successful" : "Login Failed"
+        let detail = success
+            ? "You can close this window and return to CodexBar."
+            : "You can close this window and try again."
+        let html = """
+        <html>
+          <body style="font-family: -apple-system, BlinkMacSystemFont, sans-serif; padding: 32px; text-align: center;">
+            <h1>\(title)</h1>
+            <p>\(detail)</p>
+          </body>
+        </html>
+        """
+        let body = Data(html.utf8)
+        let header = """
+        HTTP/1.1 \(status)\r
+        Content-Type: text/html; charset=utf-8\r
+        Content-Length: \(body.count)\r
+        Connection: close\r
+        \r
+        """
+        var response = Data(header.utf8)
+        response.append(body)
+        return response
+    }
+
+    private func finishReady(with result: Result<URL, Error>) {
+        self.lock.lock()
+        let continuation = self.readyContinuation
+        self.readyContinuation = nil
+        self.lock.unlock()
+        switch result {
+        case let .success(url):
+            continuation?.resume(returning: url)
+        case let .failure(error):
+            continuation?.resume(throwing: error)
+        }
+    }
+
+    private func finishCallback(with result: Result<AntigravityOAuthCallback, Error>) {
+        self.lock.lock()
+        guard !self.completed else {
+            self.lock.unlock()
+            return
+        }
+        self.completed = true
+        let continuation = self.callbackContinuation
+        self.callbackContinuation = nil
+        if continuation == nil {
+            self.pendingCallbackResult = result
+        }
+        self.lock.unlock()
+        guard let continuation else { return }
+        switch result {
+        case let .success(callback):
+            continuation.resume(returning: callback)
+        case let .failure(error):
+            continuation.resume(throwing: error)
+        }
+    }
+
+    private static func findAvailablePort() throws -> UInt16 {
+        let socketFD = socket(AF_INET, Int32(SOCK_STREAM), 0)
+        guard socketFD >= 0 else {
+            throw AntigravityLoginError.failed("Could not create a local callback socket.")
+        }
+        defer { close(socketFD) }
+
+        var value: Int32 = 1
+        setsockopt(socketFD, SOL_SOCKET, SO_REUSEADDR, &value, socklen_t(MemoryLayout<Int32>.size))
+
+        var address = sockaddr_in()
+        address.sin_len = UInt8(MemoryLayout<sockaddr_in>.stride)
+        address.sin_family = sa_family_t(AF_INET)
+        address.sin_port = in_port_t(0).bigEndian
+        address.sin_addr = in_addr(s_addr: inet_addr("127.0.0.1"))
+
+        let bindResult = withUnsafePointer(to: &address) { pointer in
+            pointer.withMemoryRebound(to: sockaddr.self, capacity: 1) { sockaddrPointer in
+                bind(socketFD, sockaddrPointer, socklen_t(MemoryLayout<sockaddr_in>.stride))
+            }
+        }
+        guard bindResult == 0 else {
+            throw AntigravityLoginError.failed("Could not bind a local callback port.")
+        }
+
+        var boundAddress = sockaddr_in()
+        var length = socklen_t(MemoryLayout<sockaddr_in>.stride)
+        let nameResult = withUnsafeMutablePointer(to: &boundAddress) { pointer in
+            pointer.withMemoryRebound(to: sockaddr.self, capacity: 1) { sockaddrPointer in
+                getsockname(socketFD, sockaddrPointer, &length)
+            }
+        }
+        guard nameResult == 0 else {
+            throw AntigravityLoginError.failed("Could not inspect the callback port.")
+        }
+        return UInt16(bigEndian: boundAddress.sin_port)
+    }
+}
+
+extension CharacterSet {
+    fileprivate static let urlQueryValueAllowed: CharacterSet = {
+        var allowed = CharacterSet.urlQueryAllowed
+        allowed.remove(charactersIn: "+&=")
+        return allowed
+    }()
+}
diff --git a/Sources/CodexBar/Providers/Antigravity/AntigravityProviderImplementation.swift b/Sources/CodexBar/Providers/Antigravity/AntigravityProviderImplementation.swift
index 88492f070..bb3b01070 100644
--- a/Sources/CodexBar/Providers/Antigravity/AntigravityProviderImplementation.swift
+++ b/Sources/CodexBar/Providers/Antigravity/AntigravityProviderImplementation.swift
@@ -1,15 +1,100 @@
 import CodexBarCore
 import CodexBarMacroSupport
 import Foundation
+import SwiftUI
 
 @ProviderImplementationRegistration
 struct AntigravityProviderImplementation: ProviderImplementation {
     let id: UsageProvider = .antigravity
+    let supportsLoginFlow: Bool = true
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.antigravityUsageDataSource
+        _ = settings.tokenAccountsData(for: .antigravity)
+    }
+
+    @MainActor
+    func defaultSourceLabel(context: ProviderSourceLabelContext) -> String? {
+        context.settings.antigravityUsageDataSource.rawValue
+    }
+
+    @MainActor
+    func sourceMode(context: ProviderSourceModeContext) -> ProviderSourceMode {
+        switch context.settings.antigravityUsageDataSource {
+        case .auto: .auto
+        case .oauth: .oauth
+        case .cli: .cli
+        }
+    }
+
+    @MainActor
+    func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        let usageBinding = Binding(
+            get: { context.settings.antigravityUsageDataSource.rawValue },
+            set: { raw in
+                context.settings.antigravityUsageDataSource = AntigravityUsageDataSource(rawValue: raw) ?? .auto
+            })
+        let usageOptions = AntigravityUsageDataSource.allCases.map {
+            ProviderSettingsPickerOption(id: $0.rawValue, title: $0.displayName)
+        }
+        return [
+            ProviderSettingsPickerDescriptor(
+                id: "antigravity-usage-source",
+                title: "Usage source",
+                subtitle: "Auto uses the local IDE API first, then Google OAuth when the IDE is closed.",
+                binding: usageBinding,
+                options: usageOptions,
+                isVisible: nil,
+                onChange: nil,
+                trailingText: {
+                    guard context.settings.antigravityUsageDataSource == .auto else { return nil }
+                    let label = context.store.sourceLabel(for: .antigravity)
+                    return label == "auto" ? nil : label
+                }),
+        ]
+    }
+
+    @MainActor
+    func settingsActions(context: ProviderSettingsContext) -> [ProviderSettingsActionsDescriptor] {
+        let accountCount = context.settings.tokenAccounts(for: .antigravity).count
+        let loginTitle = accountCount > 0 ? "Add Google Account" : "Login with Google"
+        let subtitle = """
+        Stores each signed-in Google account for quick Antigravity switching. \
+        Uses Antigravity.app OAuth when available, \
+        or ANTIGRAVITY_OAUTH_CLIENT_ID and ANTIGRAVITY_OAUTH_CLIENT_SECRET as an override.
+        """
+        return [
+            ProviderSettingsActionsDescriptor(
+                id: "antigravity-oauth",
+                title: "Google OAuth",
+                subtitle: subtitle,
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "antigravity-oauth-login",
+                        title: loginTitle,
+                        style: .bordered,
+                        isVisible: nil,
+                        perform: {
+                            await context.runLoginFlow()
+                        }),
+                ],
+                isVisible: nil),
+        ]
+    }
 
     func detectVersion(context _: ProviderVersionContext) async -> String? {
         await AntigravityStatusProbe.detectVersion()
     }
 
+    @MainActor
+    func appendUsageMenuEntries(context _: ProviderMenuUsageContext, entries _: inout [ProviderMenuEntry]) {}
+
+    @MainActor
+    func loginMenuAction(context _: ProviderMenuLoginContext) -> (label: String, action: MenuDescriptor.MenuAction)? {
+        ("Add Account...", .switchAccount(.antigravity))
+    }
+
     @MainActor
     func runLoginFlow(context: ProviderLoginContext) async -> Bool {
         await context.controller.runAntigravityLoginFlow()
diff --git a/Sources/CodexBar/Providers/Antigravity/AntigravitySettingsStore.swift b/Sources/CodexBar/Providers/Antigravity/AntigravitySettingsStore.swift
new file mode 100644
index 000000000..f32a9443d
--- /dev/null
+++ b/Sources/CodexBar/Providers/Antigravity/AntigravitySettingsStore.swift
@@ -0,0 +1,65 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var antigravityUsageDataSource: AntigravityUsageDataSource {
+        get {
+            let source = self.configSnapshot.providerConfig(for: .antigravity)?.source
+            return Self.antigravityUsageDataSource(from: source)
+        }
+        set {
+            let source: ProviderSourceMode? = switch newValue {
+            case .auto: .auto
+            case .oauth: .oauth
+            case .cli: .cli
+            }
+            self.updateProviderConfig(provider: .antigravity) { entry in
+                entry.source = source
+            }
+            self.logProviderModeChange(provider: .antigravity, field: "usageSource", value: newValue.rawValue)
+        }
+    }
+
+    func upsertAntigravityOAuthAccount(_ credentials: AntigravityOAuthCredentials) {
+        guard let token = try? AntigravityOAuthCredentialsStore.tokenAccountValue(for: credentials) else { return }
+        let trimmedEmail = credentials.email?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let email = (trimmedEmail?.isEmpty == false) ? trimmedEmail : nil
+        let data = self.tokenAccountsData(for: .antigravity)
+        let label = email ?? "Google Account \((data?.accounts.count ?? 0) + 1)"
+        if let email,
+           let data,
+           let index = data.accounts.firstIndex(where: { account in
+               account.externalIdentifier == email
+           })
+        {
+            let account = data.accounts[index]
+            self.updateTokenAccount(
+                provider: .antigravity,
+                accountID: account.id,
+                label: label,
+                token: token,
+                externalIdentifier: .some(email))
+            self.setActiveTokenAccountIndex(index, for: .antigravity)
+        } else {
+            self.addTokenAccount(
+                provider: .antigravity,
+                label: label,
+                token: token,
+                externalIdentifier: email)
+        }
+    }
+}
+
+extension SettingsStore {
+    private static func antigravityUsageDataSource(from source: ProviderSourceMode?) -> AntigravityUsageDataSource {
+        guard let source else { return .auto }
+        switch source {
+        case .auto, .web, .api:
+            return .auto
+        case .oauth:
+            return .oauth
+        case .cli:
+            return .cli
+        }
+    }
+}
diff --git a/Sources/CodexBar/Providers/Augment/AugmentProviderImplementation.swift b/Sources/CodexBar/Providers/Augment/AugmentProviderImplementation.swift
index c1529bd58..bad4a58a0 100644
--- a/Sources/CodexBar/Providers/Augment/AugmentProviderImplementation.swift
+++ b/Sources/CodexBar/Providers/Augment/AugmentProviderImplementation.swift
@@ -83,14 +83,14 @@ struct AugmentProviderImplementation: ProviderImplementation {
 
     @MainActor
     func appendActionMenuEntries(context: ProviderMenuActionContext, entries: inout [ProviderMenuEntry]) {
-        entries.append(.action("Refresh Session", .refreshAugmentSession))
+        entries.append(.action(L("Refresh Session"), .refreshAugmentSession))
 
         if let error = context.store.error(for: .augment) {
             if error.contains("session has expired") ||
                 error.contains("No Augment session cookie found")
             {
                 entries.append(.action(
-                    "Open Augment (Log Out & Back In)",
+                    L("Open Augment (Log Out & Back In)"),
                     .loginToProvider(url: "https://app.augmentcode.com")))
             }
         }
diff --git a/Sources/CodexBar/Providers/AzureOpenAI/AzureOpenAIProviderImplementation.swift b/Sources/CodexBar/Providers/AzureOpenAI/AzureOpenAIProviderImplementation.swift
new file mode 100644
index 000000000..dce3a24f9
--- /dev/null
+++ b/Sources/CodexBar/Providers/AzureOpenAI/AzureOpenAIProviderImplementation.swift
@@ -0,0 +1,69 @@
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderImplementationRegistration
+struct AzureOpenAIProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .azureopenai
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "api" }
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.azureOpenAIAPIKey
+        _ = settings.azureOpenAIEndpoint
+        _ = settings.azureOpenAIDeploymentName
+    }
+
+    @MainActor
+    func isAvailable(context: ProviderAvailabilityContext) -> Bool {
+        let environment = context.environment
+        let hasEnvironmentConfig = AzureOpenAISettingsReader.apiKey(environment: environment) != nil &&
+            AzureOpenAISettingsReader.endpoint(environment: environment) != nil &&
+            AzureOpenAISettingsReader.deploymentName(environment: environment) != nil
+        if hasEnvironmentConfig { return true }
+
+        return !context.settings.azureOpenAIAPIKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty &&
+            AzureOpenAISettingsReader.endpointURL(from: context.settings.azureOpenAIEndpoint) != nil &&
+            !context.settings.azureOpenAIDeploymentName.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "azure-openai-api-key",
+                title: "API key",
+                subtitle: "Stored in ~/.codexbar/config.json. AZURE_OPENAI_API_KEY is also supported.",
+                kind: .secure,
+                placeholder: "Azure OpenAI key",
+                binding: context.stringBinding(\.azureOpenAIAPIKey),
+                actions: [],
+                isVisible: nil,
+                onActivate: nil),
+            ProviderSettingsFieldDescriptor(
+                id: "azure-openai-endpoint",
+                title: "Endpoint",
+                subtitle: "Azure OpenAI resource endpoint. AZURE_OPENAI_ENDPOINT is also supported.",
+                kind: .plain,
+                placeholder: "https://resource.openai.azure.com",
+                binding: context.stringBinding(\.azureOpenAIEndpoint),
+                actions: [],
+                isVisible: nil,
+                onActivate: nil),
+            ProviderSettingsFieldDescriptor(
+                id: "azure-openai-deployment-name",
+                title: "Deployment",
+                subtitle: "Azure OpenAI deployment name. AZURE_OPENAI_DEPLOYMENT_NAME is also supported.",
+                kind: .plain,
+                placeholder: "gpt-4o-mini",
+                binding: context.stringBinding(\.azureOpenAIDeploymentName),
+                actions: [],
+                isVisible: nil,
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/AzureOpenAI/AzureOpenAISettingsStore.swift b/Sources/CodexBar/Providers/AzureOpenAI/AzureOpenAISettingsStore.swift
new file mode 100644
index 000000000..a2740dba0
--- /dev/null
+++ b/Sources/CodexBar/Providers/AzureOpenAI/AzureOpenAISettingsStore.swift
@@ -0,0 +1,32 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var azureOpenAIAPIKey: String {
+        get { self.configSnapshot.providerConfig(for: .azureopenai)?.sanitizedAPIKey ?? "" }
+        set {
+            self.updateProviderConfig(provider: .azureopenai) { entry in
+                entry.apiKey = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .azureopenai, field: "apiKey", value: newValue)
+        }
+    }
+
+    var azureOpenAIEndpoint: String {
+        get { self.configSnapshot.providerConfig(for: .azureopenai)?.sanitizedEnterpriseHost ?? "" }
+        set {
+            self.updateProviderConfig(provider: .azureopenai) { entry in
+                entry.enterpriseHost = self.normalizedConfigValue(newValue)
+            }
+        }
+    }
+
+    var azureOpenAIDeploymentName: String {
+        get { self.configSnapshot.providerConfig(for: .azureopenai)?.sanitizedWorkspaceID ?? "" }
+        set {
+            self.updateProviderConfig(provider: .azureopenai) { entry in
+                entry.workspaceID = self.normalizedConfigValue(newValue)
+            }
+        }
+    }
+}
diff --git a/Sources/CodexBar/Providers/Bedrock/BedrockProviderImplementation.swift b/Sources/CodexBar/Providers/Bedrock/BedrockProviderImplementation.swift
new file mode 100644
index 000000000..ecca9e110
--- /dev/null
+++ b/Sources/CodexBar/Providers/Bedrock/BedrockProviderImplementation.swift
@@ -0,0 +1,100 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+import SwiftUI
+
+@ProviderImplementationRegistration
+struct BedrockProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .bedrock
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "api" }
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.bedrockAuthMode
+        _ = settings.bedrockProfile
+        _ = settings.bedrockAccessKeyID
+        _ = settings.bedrockSecretAccessKey
+        _ = settings.bedrockRegion
+    }
+
+    @MainActor
+    func isAvailable(context: ProviderAvailabilityContext) -> Bool {
+        BedrockSettingsReader.hasCredentials(environment: context.environment)
+    }
+
+    @MainActor
+    func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        let binding = Binding(
+            get: { context.settings.bedrockAuthMode },
+            set: { context.settings.bedrockAuthMode = $0 })
+        let options = [
+            ProviderSettingsPickerOption(id: BedrockAuthMode.keys.rawValue, title: "Access keys"),
+            ProviderSettingsPickerOption(id: BedrockAuthMode.profile.rawValue, title: "AWS profile"),
+        ]
+        return [
+            ProviderSettingsPickerDescriptor(
+                id: "bedrock-auth-mode",
+                title: "Authentication",
+                subtitle: "Use static access keys, or resolve credentials from a named AWS profile "
+                    + "(supports SSO and assume-role via the AWS CLI).",
+                binding: binding,
+                options: options,
+                isVisible: nil,
+                onChange: nil),
+        ]
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        let isKeysMode = { context.settings.bedrockAuthMode != BedrockAuthMode.profile.rawValue }
+        let isProfileMode = { context.settings.bedrockAuthMode == BedrockAuthMode.profile.rawValue }
+        return [
+            ProviderSettingsFieldDescriptor(
+                id: "bedrock-profile",
+                title: "Profile name",
+                subtitle: "Named AWS profile from ~/.aws/config. Can also be set with AWS_PROFILE.",
+                kind: .plain,
+                placeholder: "default",
+                binding: context.stringBinding(\.bedrockProfile),
+                actions: [],
+                isVisible: isProfileMode,
+                onActivate: nil),
+            ProviderSettingsFieldDescriptor(
+                id: "bedrock-access-key-id",
+                title: "Access key ID",
+                subtitle: "AWS access key ID. Can also be set with AWS_ACCESS_KEY_ID.",
+                kind: .secure,
+                placeholder: "AKIA...",
+                binding: context.stringBinding(\.bedrockAccessKeyID),
+                actions: [],
+                isVisible: isKeysMode,
+                onActivate: nil),
+            ProviderSettingsFieldDescriptor(
+                id: "bedrock-secret-access-key",
+                title: "Secret access key",
+                subtitle: "AWS secret access key. Can also be set with AWS_SECRET_ACCESS_KEY.",
+                kind: .secure,
+                placeholder: "",
+                binding: context.stringBinding(\.bedrockSecretAccessKey),
+                actions: [],
+                isVisible: isKeysMode,
+                onActivate: nil),
+            ProviderSettingsFieldDescriptor(
+                id: "bedrock-region",
+                title: "Region",
+                subtitle: "AWS region. Can also be set with AWS_REGION. "
+                    + "In profile mode, leave blank to use the profile's region.",
+                kind: .plain,
+                placeholder: "us-east-1",
+                binding: context.stringBinding(\.bedrockRegion),
+                actions: [],
+                isVisible: nil,
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/Bedrock/BedrockSettingsStore.swift b/Sources/CodexBar/Providers/Bedrock/BedrockSettingsStore.swift
new file mode 100644
index 000000000..f01a57068
--- /dev/null
+++ b/Sources/CodexBar/Providers/Bedrock/BedrockSettingsStore.swift
@@ -0,0 +1,58 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var bedrockAccessKeyID: String {
+        get { self.configSnapshot.providerConfig(for: .bedrock)?.sanitizedAPIKey ?? "" }
+        set {
+            self.updateProviderConfig(provider: .bedrock) { entry in
+                entry.apiKey = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .bedrock, field: "accessKeyID", value: newValue)
+        }
+    }
+
+    var bedrockSecretAccessKey: String {
+        get { self.configSnapshot.providerConfig(for: .bedrock)?.sanitizedSecretKey ?? "" }
+        set {
+            self.updateProviderConfig(provider: .bedrock) { entry in
+                entry.secretKey = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .bedrock, field: "secretAccessKey", value: newValue)
+        }
+    }
+
+    var bedrockRegion: String {
+        get { self.configSnapshot.providerConfig(for: .bedrock)?.region ?? "" }
+        set {
+            self.updateProviderConfig(provider: .bedrock) { entry in
+                entry.region = self.normalizedConfigValue(newValue)
+            }
+            self.logProviderModeChange(provider: .bedrock, field: "region", value: newValue)
+        }
+    }
+
+    var bedrockAuthMode: String {
+        get {
+            self.configSnapshot.providerConfig(for: .bedrock)?.sanitizedAWSAuthMode
+                ?? BedrockAuthMode.keys.rawValue
+        }
+        set {
+            let normalized = BedrockAuthMode(rawValue: newValue)?.rawValue ?? BedrockAuthMode.keys.rawValue
+            self.updateProviderConfig(provider: .bedrock) { entry in
+                entry.awsAuthMode = normalized
+            }
+            self.logProviderModeChange(provider: .bedrock, field: "authMode", value: normalized)
+        }
+    }
+
+    var bedrockProfile: String {
+        get { self.configSnapshot.providerConfig(for: .bedrock)?.awsProfile ?? "" }
+        set {
+            self.updateProviderConfig(provider: .bedrock) { entry in
+                entry.awsProfile = self.normalizedConfigValue(newValue)
+            }
+            self.logProviderModeChange(provider: .bedrock, field: "profile", value: newValue)
+        }
+    }
+}
diff --git a/Sources/CodexBar/Providers/Claude/ClaudeLoginFlow.swift b/Sources/CodexBar/Providers/Claude/ClaudeLoginFlow.swift
index 9550abb05..76002520e 100644
--- a/Sources/CodexBar/Providers/Claude/ClaudeLoginFlow.swift
+++ b/Sources/CodexBar/Providers/Claude/ClaudeLoginFlow.swift
@@ -2,7 +2,7 @@ import CodexBarCore
 
 @MainActor
 extension StatusItemController {
-    func runClaudeLoginFlow() async {
+    func runClaudeLoginFlow() async -> Bool {
         let phaseHandler: @Sendable (ClaudeLoginRunner.Phase) -> Void = { [weak self] phase in
             Task { @MainActor in
                 switch phase {
@@ -12,14 +12,19 @@ extension StatusItemController {
             }
         }
         let result = await ClaudeLoginRunner.run(timeout: 120, onPhaseChange: phaseHandler)
-        guard !Task.isCancelled else { return }
+        guard !Task.isCancelled else { return false }
         self.loginPhase = .idle
         self.presentClaudeLoginResult(result)
         let outcome = self.describe(result.outcome)
         let length = result.output.count
         self.loginLogger.info("Claude login", metadata: ["outcome": outcome, "length": "\(length)"])
         if case .success = result.outcome {
+            let metadata = self.store.metadata(for: .claude)
+            self.settings.setProviderEnabled(provider: .claude, metadata: metadata, enabled: true)
+            self.settings.claudeUsageDataSource = .oauth
             self.postLoginNotification(for: .claude)
+            return true
         }
+        return false
     }
 }
diff --git a/Sources/CodexBar/Providers/Claude/ClaudeProviderImplementation.swift b/Sources/CodexBar/Providers/Claude/ClaudeProviderImplementation.swift
index de1bdffc7..9f7032edb 100644
--- a/Sources/CodexBar/Providers/Claude/ClaudeProviderImplementation.swift
+++ b/Sources/CodexBar/Providers/Claude/ClaudeProviderImplementation.swift
@@ -21,6 +21,7 @@ struct ClaudeProviderImplementation: ProviderImplementation {
     @MainActor
     func observeSettings(_ settings: SettingsStore) {
         _ = settings.claudeUsageDataSource
+        _ = settings.claudeAdminAPIKey
         _ = settings.claudeCookieSource
         _ = settings.claudeCookieHeader
         _ = settings.claudeOAuthKeychainPromptMode
@@ -56,6 +57,7 @@ struct ClaudeProviderImplementation: ProviderImplementation {
     func sourceMode(context: ProviderSourceModeContext) -> ProviderSourceMode {
         switch context.settings.claudeUsageDataSource {
         case .auto: .auto
+        case .api: .api
         case .oauth: .oauth
         case .web: .web
         case .cli: .cli
@@ -80,7 +82,7 @@ struct ClaudeProviderImplementation: ProviderImplementation {
         return [
             ProviderSettingsToggleDescriptor(
                 id: "claude-oauth-prompt-free-credentials",
-                title: "Avoid Keychain prompts (experimental)",
+                title: "Avoid Keychain prompts",
                 subtitle: subtitle,
                 binding: promptFreeBinding,
                 statusText: nil,
@@ -140,7 +142,7 @@ struct ClaudeProviderImplementation: ProviderImplementation {
             if context.settings.debugDisableKeychainAccess {
                 return "Global Keychain access is disabled in Advanced, so this setting is currently inactive."
             }
-            return "Controls Claude OAuth Keychain prompts when experimental reader mode is off. Choosing " +
+            return "Controls Claude OAuth Keychain prompts when the standard reader is active. Choosing " +
                 "\"Never prompt\" can make OAuth unavailable; use Web/CLI when needed."
         }
 
@@ -187,20 +189,29 @@ struct ClaudeProviderImplementation: ProviderImplementation {
 
     @MainActor
     func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
-        _ = context
-        return []
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "claude-admin-api-key",
+                title: "Admin API key",
+                subtitle: "Stored in ~/.codexbar/config.json. Requires an Anthropic Admin API key.",
+                kind: .secure,
+                placeholder: "sk-ant-admin...",
+                binding: context.stringBinding(\.claudeAdminAPIKey),
+                actions: [],
+                isVisible: nil,
+                onActivate: nil),
+        ]
     }
 
     @MainActor
     func runLoginFlow(context: ProviderLoginContext) async -> Bool {
         await context.controller.runClaudeLoginFlow()
-        return true
     }
 
     @MainActor
     func appendUsageMenuEntries(context: ProviderMenuUsageContext, entries: inout [ProviderMenuEntry]) {
         if context.snapshot?.secondary == nil {
-            entries.append(.text("Weekly usage unavailable for this account.", .secondary))
+            entries.append(.text(L("Weekly usage unavailable for this account."), .secondary))
         }
 
         if let cost = context.snapshot?.providerCost,
@@ -209,7 +220,7 @@ struct ClaudeProviderImplementation: ProviderImplementation {
         {
             let used = UsageFormatter.currencyString(cost.used, currencyCode: cost.currencyCode)
             let limit = UsageFormatter.currencyString(cost.limit, currencyCode: cost.currencyCode)
-            entries.append(.text("Extra usage: \(used) / \(limit)", .primary))
+            entries.append(.text(String(format: L("extra_usage_format"), used, limit), .primary))
         }
     }
 
diff --git a/Sources/CodexBar/Providers/Claude/ClaudeSettingsStore.swift b/Sources/CodexBar/Providers/Claude/ClaudeSettingsStore.swift
index f28a47374..0819b7503 100644
--- a/Sources/CodexBar/Providers/Claude/ClaudeSettingsStore.swift
+++ b/Sources/CodexBar/Providers/Claude/ClaudeSettingsStore.swift
@@ -10,6 +10,7 @@ extension SettingsStore {
         set {
             let source: ProviderSourceMode? = switch newValue {
             case .auto: .auto
+            case .api: .api
             case .oauth: .oauth
             case .web: .web
             case .cli: .cli
@@ -45,23 +46,38 @@ extension SettingsStore {
     }
 
     func ensureClaudeCookieLoaded() {}
+
+    var claudeAdminAPIKey: String {
+        get { self.configSnapshot.providerConfig(for: .claude)?.sanitizedAPIKey ?? "" }
+        set {
+            self.updateProviderConfig(provider: .claude) { entry in
+                entry.apiKey = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .claude, field: "apiKey", value: newValue)
+        }
+    }
 }
 
 extension SettingsStore {
     func claudeSettingsSnapshot(tokenOverride: TokenAccountOverride?) -> ProviderSettingsSnapshot
     .ClaudeProviderSettings {
-        ProviderSettingsSnapshot.ClaudeProviderSettings(
+        let account = self.selectedClaudeTokenAccount(tokenOverride: tokenOverride)
+        let routing = self.claudeCredentialRouting(account: account)
+        return ProviderSettingsSnapshot.ClaudeProviderSettings(
             usageDataSource: self.claudeUsageDataSource,
             webExtrasEnabled: self.claudeWebExtrasEnabled,
-            cookieSource: self.claudeSnapshotCookieSource(tokenOverride: tokenOverride),
-            manualCookieHeader: self.claudeSnapshotCookieHeader(tokenOverride: tokenOverride))
+            cookieSource: self.claudeSnapshotCookieSource(tokenOverride: tokenOverride, routing: routing),
+            manualCookieHeader: self.claudeSnapshotCookieHeader(
+                routing: routing,
+                hasSelectedAccount: account != nil),
+            organizationID: account?.sanitizedOrganizationID)
     }
 
     private static func claudeUsageDataSource(from source: ProviderSourceMode?) -> ClaudeUsageDataSource {
         guard let source else { return .auto }
         switch source {
         case .auto, .api:
-            return .auto
+            return source == .api ? .api : .auto
         case .web:
             return .web
         case .cli:
@@ -71,42 +87,53 @@ extension SettingsStore {
         }
     }
 
-    private func claudeSnapshotCookieHeader(tokenOverride: TokenAccountOverride?) -> String {
-        let fallback = self.claudeCookieHeader
-        guard let support = TokenAccountSupportCatalog.support(for: .claude),
-              case .cookieHeader = support.injection
-        else {
-            return fallback
-        }
-        guard let account = ProviderTokenAccountSelection.selectedAccount(
-            provider: .claude,
-            settings: self,
-            override: tokenOverride)
-        else {
-            return fallback
-        }
-        if TokenAccountSupportCatalog.isClaudeOAuthToken(account.token) {
-            return ""
+    private func claudeSnapshotCookieHeader(
+        routing: ClaudeCredentialRouting,
+        hasSelectedAccount: Bool) -> String
+    {
+        switch routing {
+        case .none:
+            hasSelectedAccount ? "" : self.claudeCookieHeader
+        case .oauth:
+            ""
+        case .adminAPIKey:
+            ""
+        case let .webCookie(header):
+            header
         }
-        return TokenAccountSupportCatalog.normalizedCookieHeader(account.token, support: support)
     }
 
-    private func claudeSnapshotCookieSource(tokenOverride: TokenAccountOverride?) -> ProviderCookieSource {
+    private func claudeSnapshotCookieSource(
+        tokenOverride: TokenAccountOverride?,
+        routing: ClaudeCredentialRouting) -> ProviderCookieSource
+    {
         let fallback = self.claudeCookieSource
         guard let support = TokenAccountSupportCatalog.support(for: .claude),
               support.requiresManualCookieSource
         else {
             return fallback
         }
-        if let account = ProviderTokenAccountSelection.selectedAccount(
-            provider: .claude,
-            settings: self,
-            override: tokenOverride),
-            TokenAccountSupportCatalog.isClaudeOAuthToken(account.token)
-        {
+        if routing.isOAuth {
+            return .off
+        }
+        if routing.adminAPIKey != nil {
             return .off
         }
         if self.tokenAccounts(for: .claude).isEmpty { return fallback }
         return .manual
     }
+
+    private func claudeCredentialRouting(account: ProviderTokenAccount?) -> ClaudeCredentialRouting {
+        let manualCookieHeader = account == nil ? self.claudeCookieHeader : nil
+        return ClaudeCredentialRouting.resolve(
+            tokenAccountToken: account?.token,
+            manualCookieHeader: manualCookieHeader)
+    }
+
+    private func selectedClaudeTokenAccount(tokenOverride: TokenAccountOverride?) -> ProviderTokenAccount? {
+        ProviderTokenAccountSelection.selectedAccount(
+            provider: .claude,
+            settings: self,
+            override: tokenOverride)
+    }
 }
diff --git a/Sources/CodexBar/Providers/Codebuff/CodebuffProviderImplementation.swift b/Sources/CodexBar/Providers/Codebuff/CodebuffProviderImplementation.swift
new file mode 100644
index 000000000..6ca91443c
--- /dev/null
+++ b/Sources/CodexBar/Providers/Codebuff/CodebuffProviderImplementation.swift
@@ -0,0 +1,42 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderImplementationRegistration
+struct CodebuffProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .codebuff
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.codebuffAPIToken
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "codebuff-api-key",
+                title: "API key",
+                subtitle: "Stored in ~/.codexbar/config.json. You can also provide CODEBUFF_API_KEY or let " +
+                    "CodexBar read ~/.config/manicode/credentials.json (created by `codebuff login`).",
+                kind: .secure,
+                placeholder: "cb_...",
+                binding: context.stringBinding(\.codebuffAPIToken),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "codebuff-open-dashboard",
+                        title: "Open Codebuff Dashboard",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            if let url = URL(string: "https://www.codebuff.com/usage") {
+                                NSWorkspace.shared.open(url)
+                            }
+                        }),
+                ],
+                isVisible: nil,
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/Codebuff/CodebuffSettingsStore.swift b/Sources/CodexBar/Providers/Codebuff/CodebuffSettingsStore.swift
new file mode 100644
index 000000000..d07c8b3fa
--- /dev/null
+++ b/Sources/CodexBar/Providers/Codebuff/CodebuffSettingsStore.swift
@@ -0,0 +1,14 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var codebuffAPIToken: String {
+        get { self.configSnapshot.providerConfig(for: .codebuff)?.sanitizedAPIKey ?? "" }
+        set {
+            self.updateProviderConfig(provider: .codebuff) { entry in
+                entry.apiKey = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .codebuff, field: "apiKey", value: newValue)
+        }
+    }
+}
diff --git a/Sources/CodexBar/Providers/Codex/CodexConsumerProjection.swift b/Sources/CodexBar/Providers/Codex/CodexConsumerProjection.swift
new file mode 100644
index 000000000..287db61f4
--- /dev/null
+++ b/Sources/CodexBar/Providers/Codex/CodexConsumerProjection.swift
@@ -0,0 +1,433 @@
+import CodexBarCore
+import Foundation
+
+struct CodexUIErrorMapper {
+    private static let codexCLINotSignedInMessage =
+        "Codex CLI is not signed in. Run `codex login --device-auth`, then refresh."
+
+    static func userFacingMessage(_ raw: String?) -> String? {
+        guard let raw, !raw.isEmpty else { return nil }
+        let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return nil }
+
+        let lower = trimmed.lowercased()
+        if self.isAlreadyUserFacing(lower: lower) {
+            return trimmed
+        }
+
+        if let cachedMessage = self.cachedMessage(raw: trimmed, lower: lower) {
+            return cachedMessage
+        }
+
+        if self.looksCodexCLIMissing(lower: lower) {
+            return CodexStatusProbeError.codexNotInstalled.localizedDescription
+        }
+
+        if self.looksCodexCLILoginRequired(lower: lower) {
+            return self.codexCLINotSignedInMessage
+        }
+
+        if self.looksExpired(lower: lower) {
+            return "Codex session expired. Sign in again."
+        }
+
+        if lower.contains("frame load interrupted") {
+            return "OpenAI web refresh was interrupted. Refresh OpenAI cookies and try again."
+        }
+
+        if self.looksOpenAIWebTimeout(lower: lower) {
+            return "OpenAI web refresh timed out. Refresh OpenAI cookies and try again."
+        }
+
+        if self.looksOpenAIWebNetworkError(lower: lower) {
+            return "OpenAI web refresh hit a network error. "
+                + "Check your connection, then refresh OpenAI cookies and try again."
+        }
+
+        if self.looksInternalTransport(lower: lower) {
+            return "Codex usage is temporarily unavailable. Try refreshing."
+        }
+
+        return trimmed
+    }
+
+    private static func cachedMessage(raw: String, lower: String) -> String? {
+        let cachedMarker = " Cached values from "
+        guard let suffixRange = raw.range(of: cachedMarker) else { return nil }
+
+        let suffix = String(raw[suffixRange.lowerBound...]).trimmingCharacters(in: .whitespacesAndNewlines)
+        if lower.hasPrefix("last codex credits refresh failed:"),
+           let base = self.userFacingMessage(String(raw[..<suffixRange.lowerBound]))
+        {
+            return "\(base) \(suffix)"
+        }
+
+        if lower.hasPrefix("last openai dashboard refresh failed:"),
+           let base = self.userFacingMessage(String(raw[..<suffixRange.lowerBound]))
+        {
+            return "\(base) \(suffix)"
+        }
+
+        return nil
+    }
+
+    private static func isAlreadyUserFacing(lower: String) -> Bool {
+        lower.contains("openai cookies are for")
+            || lower.contains("sign in to chatgpt.com")
+            || lower.contains("requires a signed-in chatgpt.com session")
+            || lower.contains("managed codex account data is unavailable")
+            || lower.contains("selected managed codex account is unavailable")
+            || lower.contains("codex credits are still loading")
+            || lower.contains("codex account changed; importing browser cookies")
+            || lower.contains("codex cli is not signed in.")
+            || lower.contains("codex session expired. sign in again.")
+            || lower.contains("openai web refresh timed out. refresh openai cookies and try again.")
+            || lower.contains(
+                "openai web refresh hit a network error. "
+                    + "check your connection, then refresh openai cookies and try again.")
+            || lower.contains("codex usage is temporarily unavailable. try refreshing.")
+    }
+
+    private static func looksCodexCLIMissing(lower: String) -> Bool {
+        lower.contains("codex cli missing")
+            || lower.contains("codex cli not found")
+            || lower.contains("missing cli codex")
+            || lower.contains("missing cli 'codex'")
+            || lower.contains("missing cli \"codex\"")
+            || (lower.contains("binary not found") && lower.contains("codex"))
+    }
+
+    private static func looksCodexCLILoginRequired(lower: String) -> Bool {
+        lower.contains("codex account authentication required")
+            || lower.contains("account authentication required to read rate limits")
+            || lower.contains("requiresopenaiauth")
+    }
+
+    private static func looksExpired(lower: String) -> Bool {
+        lower.contains("token_expired")
+            || lower.contains("authentication token is expired")
+            || lower.contains("oauth token has expired")
+            || lower.contains("provided authentication token is expired")
+            || lower.contains("please try signing in again")
+            || lower.contains("please sign in again")
+            || (lower.contains("401") && lower.contains("unauthorized"))
+    }
+
+    private static func looksInternalTransport(lower: String) -> Bool {
+        lower.contains("codex connection failed")
+            || lower.contains("failed to fetch codex rate limits")
+            || lower.contains("/backend-api/")
+            || lower.contains("content-type=")
+            || lower.contains("body={")
+            || lower.contains("body=")
+            || lower.contains("get https://")
+            || lower.contains("get http://")
+            || lower.contains("returned invalid data")
+    }
+
+    private static func looksOpenAIWebTimeout(lower: String) -> Bool {
+        lower.contains("nsurlerrordomain")
+            && (lower.contains("timed out") || lower.contains("error -1001"))
+    }
+
+    private static func looksOpenAIWebNetworkError(lower: String) -> Bool {
+        lower.contains("nsurlerrordomain")
+    }
+}
+
+struct CodexConsumerProjection {
+    enum Surface {
+        case liveCard
+        case overrideCard
+        case widget
+        case menuBar
+    }
+
+    enum RateLane: String {
+        case session
+        case weekly
+    }
+
+    enum SupplementalMetric: String {
+        case codeReview
+    }
+
+    struct PlanUtilizationLane {
+        let role: PlanUtilizationSeriesName
+        let window: RateWindow
+    }
+
+    enum DashboardVisibility {
+        case hidden
+        case displayOnly
+        case attached
+    }
+
+    struct CreditsProjection {
+        let snapshot: CreditsSnapshot?
+        let userFacingError: String?
+
+        var remaining: Double? {
+            self.snapshot?.remaining
+        }
+    }
+
+    struct UserFacingErrors {
+        let usage: String?
+        let credits: String?
+        let dashboard: String?
+    }
+
+    struct Context {
+        let snapshot: UsageSnapshot?
+        let rawUsageError: String?
+        let liveCredits: CreditsSnapshot?
+        let rawCreditsError: String?
+        let liveDashboard: OpenAIDashboardSnapshot?
+        let rawDashboardError: String?
+        let dashboardAttachmentAuthorized: Bool
+        let dashboardRequiresLogin: Bool
+        let now: Date
+    }
+
+    enum MenuBarFallback {
+        case none
+        case creditsBalance
+    }
+
+    let visibleRateLanes: [RateLane]
+    let supplementalMetrics: [SupplementalMetric]
+    let planUtilizationLanes: [PlanUtilizationLane]
+    let dashboardVisibility: DashboardVisibility
+    let credits: CreditsProjection?
+    let menuBarFallback: MenuBarFallback
+    let userFacingErrors: UserFacingErrors
+    let canShowBuyCredits: Bool
+    let hasUsageBreakdown: Bool
+    let hasCreditsHistory: Bool
+
+    private let rateWindowsByLane: [RateLane: RateWindow]
+    private let codeReviewRemainingPercent: Double?
+    private let codeReviewLimit: RateWindow?
+
+    static func make(surface: Surface, context: Context) -> CodexConsumerProjection {
+        let allowsLiveAdjuncts = surface != .overrideCard
+        let dashboardVisibility = self.dashboardVisibility(surface: surface, context: context)
+        let dashboard = allowsLiveAdjuncts && dashboardVisibility != .hidden ? context.liveDashboard : nil
+
+        let rateWindowsByLane = self.rateWindowsByLane(snapshot: context.snapshot)
+        let visibleRateLanes = self.visibleRateLanes(from: rateWindowsByLane, snapshot: context.snapshot)
+        let planUtilizationLanes = self.planUtilizationLanes(from: rateWindowsByLane)
+
+        let creditsProjection: CreditsProjection? = if allowsLiveAdjuncts,
+                                                       context.liveCredits != nil || context.rawCreditsError != nil
+        {
+            CreditsProjection(
+                snapshot: context.liveCredits,
+                userFacingError: CodexUIErrorMapper.userFacingMessage(context.rawCreditsError))
+        } else {
+            nil
+        }
+
+        let userFacingErrors = UserFacingErrors(
+            usage: CodexUIErrorMapper.userFacingMessage(context.rawUsageError),
+            credits: allowsLiveAdjuncts ? CodexUIErrorMapper.userFacingMessage(context.rawCreditsError) : nil,
+            dashboard: allowsLiveAdjuncts ? CodexUIErrorMapper.userFacingMessage(context.rawDashboardError) : nil)
+
+        let supplementalMetrics: [SupplementalMetric] = if surface == .liveCard,
+                                                           dashboardVisibility == .attached,
+                                                           dashboard?.codeReviewRemainingPercent != nil
+        {
+            [.codeReview]
+        } else {
+            []
+        }
+
+        let displayableUsageBreakdown = OpenAIDashboardDailyBreakdown.removingSkillUsageServices(
+            from: dashboard?.usageBreakdown ?? [])
+        let canShowBuyCredits = surface == .liveCard
+        let hasUsageBreakdown = surface == .liveCard
+            && dashboardVisibility == .attached
+            && !displayableUsageBreakdown.isEmpty
+        let hasCreditsHistory = surface == .liveCard
+            && dashboardVisibility == .attached
+            && !(dashboard?.dailyBreakdown ?? []).isEmpty
+
+        return CodexConsumerProjection(
+            visibleRateLanes: visibleRateLanes,
+            supplementalMetrics: supplementalMetrics,
+            planUtilizationLanes: planUtilizationLanes,
+            dashboardVisibility: dashboardVisibility,
+            credits: creditsProjection,
+            menuBarFallback: self.menuBarFallback(
+                creditsRemaining: creditsProjection?.remaining,
+                rateWindowsByLane: rateWindowsByLane),
+            userFacingErrors: userFacingErrors,
+            canShowBuyCredits: canShowBuyCredits,
+            hasUsageBreakdown: hasUsageBreakdown,
+            hasCreditsHistory: hasCreditsHistory,
+            rateWindowsByLane: rateWindowsByLane,
+            codeReviewRemainingPercent: dashboardVisibility == .attached ? dashboard?.codeReviewRemainingPercent : nil,
+            codeReviewLimit: dashboardVisibility == .attached ? dashboard?.codeReviewLimit : nil)
+    }
+
+    func rateWindow(for lane: RateLane) -> RateWindow? {
+        self.rateWindowsByLane[lane]
+    }
+
+    func remainingPercent(for metric: SupplementalMetric) -> Double? {
+        switch metric {
+        case .codeReview:
+            self.codeReviewRemainingPercent
+        }
+    }
+
+    func limitWindow(for metric: SupplementalMetric) -> RateWindow? {
+        switch metric {
+        case .codeReview:
+            self.codeReviewLimit
+        }
+    }
+
+    private static func dashboardVisibility(surface: Surface, context: Context) -> DashboardVisibility {
+        guard surface != .overrideCard else { return .hidden }
+        guard context.dashboardRequiresLogin == false, context.liveDashboard != nil else { return .hidden }
+        return context.dashboardAttachmentAuthorized ? .attached : .displayOnly
+    }
+
+    private static func rateWindowsByLane(snapshot: UsageSnapshot?) -> [RateLane: RateWindow] {
+        guard let snapshot else { return [:] }
+
+        var windowsByLane: [RateLane: RateWindow] = [:]
+        let slottedWindows: [(RateLane, RateWindow)] = [
+            self.classifyRateWindow(snapshot.primary, slot: .primary),
+            self.classifyRateWindow(snapshot.secondary, slot: .secondary),
+        ].compactMap(\.self)
+
+        for (lane, window) in slottedWindows {
+            windowsByLane[lane] = window
+        }
+        return windowsByLane
+    }
+
+    private static func visibleRateLanes(
+        from rateWindowsByLane: [RateLane: RateWindow],
+        snapshot: UsageSnapshot?) -> [RateLane]
+    {
+        guard let snapshot else { return [] }
+
+        let slottedLanes = [
+            self.classifyRateWindow(snapshot.primary, slot: .primary)?.0,
+            self.classifyRateWindow(snapshot.secondary, slot: .secondary)?.0,
+        ].compactMap(\.self)
+
+        var visible: [RateLane] = []
+        for lane in slottedLanes where rateWindowsByLane[lane] != nil && !visible.contains(lane) {
+            visible.append(lane)
+        }
+        return visible
+    }
+
+    private static func planUtilizationLanes(from rateWindowsByLane: [RateLane: RateWindow]) -> [PlanUtilizationLane] {
+        let semanticOrder: [RateLane] = [.session, .weekly]
+        return semanticOrder.compactMap { lane in
+            guard let window = rateWindowsByLane[lane] else { return nil }
+            return PlanUtilizationLane(role: self.planUtilizationRole(for: lane), window: window)
+        }
+    }
+
+    private static func planUtilizationRole(for lane: RateLane) -> PlanUtilizationSeriesName {
+        switch lane {
+        case .session:
+            .session
+        case .weekly:
+            .weekly
+        }
+    }
+
+    private enum SnapshotSlot {
+        case primary
+        case secondary
+    }
+
+    private static func classifyRateWindow(_ window: RateWindow?, slot: SnapshotSlot) -> (RateLane, RateWindow)? {
+        guard let window else { return nil }
+
+        let lane: RateLane = switch window.windowMinutes {
+        case 300:
+            .session
+        case 10080:
+            .weekly
+        default:
+            switch slot {
+            case .primary:
+                .session
+            case .secondary:
+                .weekly
+            }
+        }
+
+        return (lane, window)
+    }
+
+    private static func menuBarFallback(
+        creditsRemaining: Double?,
+        rateWindowsByLane: [RateLane: RateWindow]) -> MenuBarFallback
+    {
+        guard let creditsRemaining, creditsRemaining > 0 else { return .none }
+        let hasExhaustedLane = rateWindowsByLane.values.contains { $0.remainingPercent <= 0 }
+        let hasNoRateWindows = rateWindowsByLane.isEmpty
+        return (hasExhaustedLane || hasNoRateWindows) ? .creditsBalance : .none
+    }
+
+    var hasExhaustedRateLane: Bool {
+        self.rateWindowsByLane.values.contains { $0.remainingPercent <= 0 }
+    }
+}
+
+extension UsageStore {
+    func codexConsumerProjectionIfNeeded(
+        for provider: UsageProvider,
+        surface: CodexConsumerProjection.Surface,
+        snapshotOverride: UsageSnapshot? = nil,
+        errorOverride: String? = nil,
+        now: Date = Date()) -> CodexConsumerProjection?
+    {
+        guard provider == .codex else { return nil }
+        return self.codexConsumerProjection(
+            surface: surface,
+            snapshotOverride: snapshotOverride,
+            errorOverride: errorOverride,
+            now: now)
+    }
+
+    func codexConsumerProjection(
+        surface: CodexConsumerProjection.Surface,
+        snapshotOverride: UsageSnapshot? = nil,
+        errorOverride: String? = nil,
+        now: Date = Date()) -> CodexConsumerProjection
+    {
+        let snapshot = surface == .overrideCard ? snapshotOverride : snapshotOverride ?? self.snapshots[.codex]
+        let rawUsageError = surface == .overrideCard ? errorOverride : errorOverride ?? self.errors[.codex]
+        let context = CodexConsumerProjection.Context(
+            snapshot: snapshot,
+            rawUsageError: rawUsageError,
+            liveCredits: self.credits,
+            rawCreditsError: self.lastCreditsError,
+            liveDashboard: self.openAIDashboard,
+            rawDashboardError: self.lastOpenAIDashboardError,
+            dashboardAttachmentAuthorized: self.openAIDashboardAttachmentAuthorized,
+            dashboardRequiresLogin: self.openAIDashboardRequiresLogin,
+            now: now)
+        return CodexConsumerProjection.make(surface: surface, context: context)
+    }
+
+    func codexMenuBarCreditsRemaining(snapshotOverride: UsageSnapshot? = nil, now: Date = Date()) -> Double? {
+        let projection = self.codexConsumerProjection(
+            surface: .menuBar,
+            snapshotOverride: snapshotOverride,
+            now: now)
+        guard projection.menuBarFallback == .creditsBalance else { return nil }
+        return projection.credits?.remaining
+    }
+}
diff --git a/Sources/CodexBar/Providers/Codex/CodexLoginFlow.swift b/Sources/CodexBar/Providers/Codex/CodexLoginFlow.swift
index c8847374c..a35c38b4d 100644
--- a/Sources/CodexBar/Providers/Codex/CodexLoginFlow.swift
+++ b/Sources/CodexBar/Providers/Codex/CodexLoginFlow.swift
@@ -3,7 +3,23 @@ import CodexBarCore
 @MainActor
 extension StatusItemController {
     func runCodexLoginFlow() async {
+        // This menu action still follows the ambient Codex login behavior. Managed-account authentication is
+        // implemented separately, but wiring add/switch/re-auth UI through that service needs its own account-aware
+        // flow so this entry point does not silently change what "Switch Account" means for existing users.
+        self.codexAccountPromotionCoordinator.setLiveReauthenticationInProgress(true)
+        defer {
+            self.codexAccountPromotionCoordinator.setLiveReauthenticationInProgress(false)
+        }
+        #if DEBUG
+        let result =
+            if let override = self._test_codexAmbientLoginRunnerOverride {
+                await override(120)
+            } else {
+                await CodexLoginRunner.run(timeout: 120)
+            }
+        #else
         let result = await CodexLoginRunner.run(timeout: 120)
+        #endif
         guard !Task.isCancelled else { return }
         self.loginPhase = .idle
         self.presentCodexLoginResult(result)
diff --git a/Sources/CodexBar/Providers/Codex/CodexProviderImplementation.swift b/Sources/CodexBar/Providers/Codex/CodexProviderImplementation.swift
index 61aa3a501..79e3548ef 100644
--- a/Sources/CodexBar/Providers/Codex/CodexProviderImplementation.swift
+++ b/Sources/CodexBar/Providers/Codex/CodexProviderImplementation.swift
@@ -24,7 +24,9 @@ struct CodexProviderImplementation: ProviderImplementation {
 
     @MainActor
     func settingsSnapshot(context: ProviderSettingsSnapshotContext) -> ProviderSettingsSnapshotContribution? {
-        .codex(context.settings.codexSettingsSnapshot(tokenOverride: context.tokenOverride))
+        .codex(context.settings.codexSettingsSnapshot(
+            tokenOverride: context.tokenOverride,
+            activeSourceOverride: context.codexActiveSourceOverride))
     }
 
     @MainActor
@@ -69,6 +71,7 @@ struct CodexProviderImplementation: ProviderImplementation {
                         for: .codex)
                 }
             })
+        let batterySaverBinding = context.boolBinding(\.openAIWebBatterySaverEnabled)
 
         return [
             ProviderSettingsToggleDescriptor(
@@ -85,7 +88,10 @@ struct CodexProviderImplementation: ProviderImplementation {
             ProviderSettingsToggleDescriptor(
                 id: "codex-openai-web-extras",
                 title: "OpenAI web extras",
-                subtitle: "Show usage breakdown, credits history, and code review via chatgpt.com.",
+                subtitle: [
+                    "Optional.",
+                    "Turn this on to show code review, usage breakdown, and credits history via chatgpt.com.",
+                ].joined(separator: " "),
                 binding: extrasBinding,
                 statusText: nil,
                 actions: [],
@@ -93,6 +99,20 @@ struct CodexProviderImplementation: ProviderImplementation {
                 onChange: nil,
                 onAppDidBecomeActive: nil,
                 onAppearWhenEnabled: nil),
+            ProviderSettingsToggleDescriptor(
+                id: "codex-openai-web-battery-saver",
+                title: "Battery Saver",
+                subtitle: [
+                    "Limits background chatgpt.com refreshes to reduce battery and network usage.",
+                    "Dashboard extras may stay stale until you refresh them manually.",
+                ].joined(separator: " "),
+                binding: batterySaverBinding,
+                statusText: nil,
+                actions: [],
+                isVisible: { context.settings.openAIWebAccessEnabled },
+                onChange: nil,
+                onAppDidBecomeActive: nil,
+                onAppearWhenEnabled: nil),
         ]
     }
 
@@ -181,16 +201,56 @@ struct CodexProviderImplementation: ProviderImplementation {
         else { return }
 
         if let credits = context.store.credits {
-            entries.append(.text("Credits: \(UsageFormatter.creditsString(from: credits.remaining))", .primary))
+            entries.append(.text(
+                String(format: L("credits_remaining"), UsageFormatter.creditsString(from: credits.remaining)),
+                .primary))
             if let latest = credits.events.first {
-                entries.append(.text("Last spend: \(UsageFormatter.creditEventSummary(latest))", .secondary))
+                entries.append(.text(
+                    String(format: L("last_spend"), UsageFormatter.creditEventSummary(latest)),
+                    .secondary))
             }
         } else {
-            let hint = context.store.lastCreditsError ?? context.metadata.creditsHint
+            let hint = context.store.userFacingLastCreditsError ?? context.metadata.creditsHint
             entries.append(.text(hint, .secondary))
         }
     }
 
+    @MainActor
+    func loginMenuAction(context _: ProviderMenuLoginContext)
+        -> (label: String, action: MenuDescriptor.MenuAction)?
+    {
+        ("Add Account...", .addCodexAccount)
+    }
+
+    @MainActor
+    func appendActionMenuEntries(context: ProviderMenuActionContext, entries: inout [ProviderMenuEntry]) {
+        let projection = context.settings.codexVisibleAccountProjection
+        guard !projection.visibleAccounts.isEmpty else { return }
+
+        let isInteractionBlocked = context.codexAccountPromotionCoordinator?.isInteractionBlocked() ?? false
+
+        let submenuItems = projection.visibleAccounts.map { account in
+            let isChecked = account.id == projection.liveVisibleAccountID
+            let isEnabled = !isInteractionBlocked &&
+                !isChecked &&
+                account.storedAccountID != nil
+            let action = account.storedAccountID.map(MenuDescriptor.MenuAction.requestCodexSystemPromotion)
+            return MenuDescriptor.SubmenuItem(
+                title: account.displayName,
+                action: action,
+                isEnabled: isEnabled,
+                isChecked: isChecked)
+        }
+        guard submenuItems.count > 1 || submenuItems.contains(where: { $0.isEnabled && $0.action != nil }) else {
+            return
+        }
+
+        entries.append(.submenu(
+            "System Account",
+            MenuDescriptor.MenuActionSystemImage.systemAccount.rawValue,
+            submenuItems))
+    }
+
     @MainActor
     func runLoginFlow(context: ProviderLoginContext) async -> Bool {
         await context.controller.runCodexLoginFlow()
diff --git a/Sources/CodexBar/Providers/Codex/CodexSettingsStore.swift b/Sources/CodexBar/Providers/Codex/CodexSettingsStore.swift
index 335dbf411..8bfb331fe 100644
--- a/Sources/CodexBar/Providers/Codex/CodexSettingsStore.swift
+++ b/Sources/CodexBar/Providers/Codex/CodexSettingsStore.swift
@@ -2,6 +2,109 @@ import CodexBarCore
 import Foundation
 
 extension SettingsStore {
+    private var codexPersistedActiveSource: CodexActiveSource {
+        self.providerConfig(for: .codex)?.codexActiveSource ?? .liveSystem
+    }
+
+    private enum ManagedCodexAccountStoreState {
+        case none
+        case selected(ManagedCodexAccount)
+        case unreadable
+    }
+
+    private static func failClosedManagedCodexHomePath(fileManager: FileManager = .default) -> String {
+        ManagedCodexHomeFactory.defaultRootURL(fileManager: fileManager)
+            .appendingPathComponent("managed-store-unreadable", isDirectory: true)
+            .path
+    }
+
+    private func loadManagedCodexAccounts() throws -> ManagedCodexAccountSet {
+        #if DEBUG
+        if CodexManagedRemoteHomeTestingOverride.isUnreadable(for: self) {
+            throw CodexManagedRemoteHomeTestingOverrideError.unreadableManagedStore
+        }
+        if let override = CodexManagedRemoteHomeTestingOverride.account(for: self) {
+            return ManagedCodexAccountSet(
+                version: FileManagedCodexAccountStore.currentVersion,
+                accounts: [override])
+        }
+        let store = if let storeURL = CodexManagedRemoteHomeTestingOverride.managedStoreURL(for: self) {
+            FileManagedCodexAccountStore(fileURL: storeURL)
+        } else {
+            FileManagedCodexAccountStore()
+        }
+        #else
+        let store = FileManagedCodexAccountStore()
+        #endif
+
+        return try store.loadAccounts()
+    }
+
+    private func managedCodexAccountStoreState(
+        activeSource: CodexActiveSource? = nil) -> ManagedCodexAccountStoreState
+    {
+        let source = activeSource ?? self.codexResolvedActiveSource
+        guard case let .managedAccount(id) = source else {
+            return .none
+        }
+        do {
+            let accounts = try self.loadManagedCodexAccounts()
+            guard let account = accounts.account(id: id)
+            else {
+                return .none
+            }
+            return .selected(account)
+        } catch {
+            return .unreadable
+        }
+    }
+
+    var activeManagedCodexAccount: ManagedCodexAccount? {
+        guard case let .selected(account) = self.managedCodexAccountStoreState() else {
+            return nil
+        }
+        return account
+    }
+
+    var activeManagedCodexRemoteHomePath: String? {
+        self.managedCodexRemoteHomePath(forActiveSource: self.codexResolvedActiveSource)
+    }
+
+    func managedCodexRemoteHomePath(forActiveSource source: CodexActiveSource) -> String? {
+        guard case let .managedAccount(id) = source else {
+            return nil
+        }
+
+        #if DEBUG
+        if let override = CodexManagedRemoteHomeTestingOverride.homePath(for: self) {
+            return override
+        }
+        #endif
+
+        do {
+            let accounts = try self.loadManagedCodexAccounts()
+            // A selected managed source must never fall back to ambient ~/.codex.
+            return accounts.account(id: id)?.managedHomePath ?? Self.failClosedManagedCodexHomePath()
+        } catch {
+            return Self.failClosedManagedCodexHomePath()
+        }
+    }
+
+    var activeManagedCodexCookieCacheScope: CookieHeaderCache.Scope? {
+        switch self.managedCodexAccountStoreState() {
+        case let .selected(account):
+            .managedAccount(account.id)
+        case .unreadable:
+            .managedStoreUnreadable
+        case .none:
+            nil
+        }
+    }
+
+    var hasUnreadableManagedCodexAccountStore: Bool {
+        self.codexAccountReconciliationSnapshot.hasUnreadableAddedAccountStore
+    }
+
     var codexUsageDataSource: CodexUsageDataSource {
         get {
             let source = self.configSnapshot.providerConfig(for: .codex)?.source
@@ -20,9 +123,38 @@ extension SettingsStore {
         }
     }
 
+    var codexActiveSource: CodexActiveSource {
+        get {
+            self.codexPersistedActiveSource
+        }
+        set {
+            self.updateProviderConfig(provider: .codex) { entry in
+                entry.codexActiveSource = newValue
+            }
+        }
+    }
+
+    var codexResolvedActiveSource: CodexActiveSource {
+        self.codexResolvedActiveSourceState.resolvedSource
+    }
+
+    var codexResolvedActiveSourceState: CodexResolvedActiveSource {
+        CodexActiveSourceResolver.resolve(from: self.codexAccountReconciliationSnapshot)
+    }
+
+    @discardableResult
+    func persistResolvedCodexActiveSourceCorrectionIfNeeded() -> Bool {
+        let resolution = self.codexResolvedActiveSourceState
+        guard resolution.requiresPersistenceCorrection else { return false }
+        self.codexActiveSource = resolution.resolvedSource
+        return true
+    }
+
     var codexCookieHeader: String {
         get { self.configSnapshot.providerConfig(for: .codex)?.sanitizedCookieHeader ?? "" }
         set {
+            // This is intentionally provider-scoped today. A per-managed-account manual cookie override would need
+            // its own storage and UI semantics so editing one account's header does not silently rewrite another's.
             self.updateProviderConfig(provider: .codex) { entry in
                 entry.cookieHeader = self.normalizedConfigValue(newValue)
             }
@@ -48,11 +180,339 @@ extension SettingsStore {
 }
 
 extension SettingsStore {
-    func codexSettingsSnapshot(tokenOverride: TokenAccountOverride?) -> ProviderSettingsSnapshot.CodexProviderSettings {
-        ProviderSettingsSnapshot.CodexProviderSettings(
+    var codexAccountReconciliationSnapshot: CodexAccountReconciliationSnapshot {
+        self.codexAccountReconciliationSnapshot(activeSourceOverride: nil)
+    }
+
+    func codexAccountReconciliationSnapshot(
+        activeSourceOverride: CodexActiveSource?) -> CodexAccountReconciliationSnapshot
+    {
+        self.codexAccountReconciler(
+            activeSource: activeSourceOverride ?? self.codexPersistedActiveSource)
+            .loadSnapshot()
+    }
+
+    var codexVisibleAccountProjection: CodexVisibleAccountProjection {
+        CodexVisibleAccountProjection.make(from: self.codexAccountReconciliationSnapshot)
+    }
+
+    var codexVisibleAccounts: [CodexVisibleAccount] {
+        self.codexVisibleAccountProjection.visibleAccounts
+    }
+
+    @discardableResult
+    func selectCodexVisibleAccount(id: String) -> Bool {
+        guard let source = self.codexSource(forVisibleAccountID: id) else { return false }
+        self.codexActiveSource = source
+        return true
+    }
+
+    func selectDisplayedCodexVisibleAccount(_ account: CodexVisibleAccount) {
+        if self.selectCodexVisibleAccount(id: account.id) {
+            return
+        }
+        // An open menu can preserve a previously rendered account row while the live projection is briefly incomplete.
+        self.codexActiveSource = account.selectionSource
+    }
+
+    func selectAuthenticatedManagedCodexAccount(_ account: ManagedCodexAccount) {
+        if let visibleAccountID = self.codexVisibleAccountProjection.visibleAccounts
+            .first(where: { $0.storedAccountID == account.id })?
+            .id,
+            self.selectCodexVisibleAccount(id: visibleAccountID)
+        {
+            return
+        }
+
+        self.codexActiveSource = .managedAccount(id: account.id)
+        _ = self.persistResolvedCodexActiveSourceCorrectionIfNeeded()
+    }
+
+    func codexSource(forVisibleAccountID id: String) -> CodexActiveSource? {
+        self.codexVisibleAccountProjection.source(forVisibleAccountID: id)
+    }
+
+    private func codexAccountReconciler(activeSource: CodexActiveSource) -> DefaultCodexAccountReconciler {
+        let baseEnvironment = self.codexReconciliationEnvironment()
+        #if DEBUG
+        let liveSystemAccountOverride = CodexManagedRemoteHomeTestingOverride.liveSystemAccount(for: self)
+        let reconciliationEnvironmentOverride = CodexManagedRemoteHomeTestingOverride
+            .reconciliationEnvironment(for: self)
+        let managedAccountOverride = CodexManagedRemoteHomeTestingOverride.account(for: self)
+        let managedStoreURLOverride = CodexManagedRemoteHomeTestingOverride.managedStoreURL(for: self)
+        let unreadableStoreOverride = CodexManagedRemoteHomeTestingOverride.isUnreadable(for: self)
+        guard CodexManagedRemoteHomeTestingOverride.hasAnyOverride(for: self) else {
+            return DefaultCodexAccountReconciler(
+                activeSource: activeSource,
+                baseEnvironment: baseEnvironment,
+                managedEnvironmentBuilder: { environment, account in
+                    CodexHomeScope.scopedEnvironment(base: environment, codexHome: account.managedHomePath)
+                })
+        }
+
+        let storeLoader: @Sendable () throws -> ManagedCodexAccountSet
+        if unreadableStoreOverride {
+            storeLoader = { throw CodexManagedRemoteHomeTestingOverrideError.unreadableManagedStore }
+        } else if let managedAccountOverride {
+            let accounts = ManagedCodexAccountSet(
+                version: FileManagedCodexAccountStore.currentVersion,
+                accounts: [managedAccountOverride])
+            storeLoader = { accounts }
+        } else if let managedStoreURLOverride {
+            let store = FileManagedCodexAccountStore(fileURL: managedStoreURLOverride)
+            storeLoader = { try store.loadAccounts() }
+        } else {
+            let accounts = ManagedCodexAccountSet(
+                version: FileManagedCodexAccountStore.currentVersion,
+                accounts: [])
+            storeLoader = { accounts }
+        }
+
+        return DefaultCodexAccountReconciler(
+            storeLoader: storeLoader,
+            systemObserver: CodexManagedRemoteHomeTestingSystemObserver(
+                overrideAccount: liveSystemAccountOverride,
+                usesInjectedEnvironment: reconciliationEnvironmentOverride != nil),
+            activeSource: activeSource,
+            baseEnvironment: baseEnvironment,
+            managedEnvironmentBuilder: { environment, account in
+                CodexHomeScope.scopedEnvironment(base: environment, codexHome: account.managedHomePath)
+            })
+        #else
+        return DefaultCodexAccountReconciler(
+            activeSource: activeSource,
+            baseEnvironment: baseEnvironment,
+            managedEnvironmentBuilder: { environment, account in
+                CodexHomeScope.scopedEnvironment(base: environment, codexHome: account.managedHomePath)
+            })
+        #endif
+    }
+
+    private func codexReconciliationEnvironment() -> [String: String] {
+        #if DEBUG
+        if let override = CodexManagedRemoteHomeTestingOverride.reconciliationEnvironment(for: self) {
+            return override
+        }
+        #endif
+        return ProcessInfo.processInfo.environment
+    }
+}
+
+#if DEBUG
+private enum CodexManagedRemoteHomeTestingOverride {
+    private struct Override {
+        var account: ManagedCodexAccount?
+        var homePath: String?
+        var unreadableStore: Bool = false
+        var managedStoreURL: URL?
+        var liveSystemAccount: ObservedSystemCodexAccount?
+        var reconciliationEnvironment: [String: String]?
+
+        var isEmpty: Bool {
+            self.account == nil && self.homePath == nil && self.unreadableStore == false && self
+                .managedStoreURL == nil && self.liveSystemAccount == nil && self
+                .reconciliationEnvironment == nil
+        }
+    }
+
+    private final class Entry {
+        weak var settings: SettingsStore?
+        var overrideValue: Override
+
+        init(settings: SettingsStore, overrideValue: Override) {
+            self.settings = settings
+            self.overrideValue = overrideValue
+        }
+    }
+
+    @MainActor
+    private static var values: [ObjectIdentifier: Entry] = [:]
+
+    @MainActor
+    private static func entry(for settings: SettingsStore) -> Entry? {
+        let key = ObjectIdentifier(settings)
+        guard let entry = self.values[key] else { return nil }
+        guard let storedSettings = entry.settings, storedSettings === settings else {
+            self.values.removeValue(forKey: key)
+            return nil
+        }
+        return entry
+    }
+
+    @MainActor
+    static func account(for settings: SettingsStore) -> ManagedCodexAccount? {
+        self.entry(for: settings)?.overrideValue.account
+    }
+
+    @MainActor
+    static func setAccount(_ account: ManagedCodexAccount?, for settings: SettingsStore) {
+        let key = ObjectIdentifier(settings)
+        var override = self.entry(for: settings)?.overrideValue ?? Override()
+        override.account = account
+        if override.isEmpty {
+            self.values.removeValue(forKey: key)
+        } else {
+            self.values[key] = Entry(settings: settings, overrideValue: override)
+        }
+    }
+
+    @MainActor
+    static func homePath(for settings: SettingsStore) -> String? {
+        self.entry(for: settings)?.overrideValue.homePath
+    }
+
+    @MainActor
+    static func setHomePath(_ value: String?, for settings: SettingsStore) {
+        let key = ObjectIdentifier(settings)
+        var override = self.entry(for: settings)?.overrideValue ?? Override()
+        override.homePath = value
+        if override.isEmpty {
+            self.values.removeValue(forKey: key)
+        } else {
+            self.values[key] = Entry(settings: settings, overrideValue: override)
+        }
+    }
+
+    @MainActor
+    static func isUnreadable(for settings: SettingsStore) -> Bool {
+        self.entry(for: settings)?.overrideValue.unreadableStore == true
+    }
+
+    @MainActor
+    static func setUnreadable(_ value: Bool, for settings: SettingsStore) {
+        let key = ObjectIdentifier(settings)
+        var override = self.entry(for: settings)?.overrideValue ?? Override()
+        override.unreadableStore = value
+        if override.isEmpty {
+            self.values.removeValue(forKey: key)
+        } else {
+            self.values[key] = Entry(settings: settings, overrideValue: override)
+        }
+    }
+
+    @MainActor
+    static func liveSystemAccount(for settings: SettingsStore) -> ObservedSystemCodexAccount? {
+        self.entry(for: settings)?.overrideValue.liveSystemAccount
+    }
+
+    @MainActor
+    static func managedStoreURL(for settings: SettingsStore) -> URL? {
+        self.entry(for: settings)?.overrideValue.managedStoreURL
+    }
+
+    @MainActor
+    static func setManagedStoreURL(_ value: URL?, for settings: SettingsStore) {
+        let key = ObjectIdentifier(settings)
+        var override = self.entry(for: settings)?.overrideValue ?? Override()
+        override.managedStoreURL = value
+        if override.isEmpty {
+            self.values.removeValue(forKey: key)
+        } else {
+            self.values[key] = Entry(settings: settings, overrideValue: override)
+        }
+    }
+
+    @MainActor
+    static func setLiveSystemAccount(_ account: ObservedSystemCodexAccount?, for settings: SettingsStore) {
+        let key = ObjectIdentifier(settings)
+        var override = self.entry(for: settings)?.overrideValue ?? Override()
+        override.liveSystemAccount = account
+        if override.isEmpty {
+            self.values.removeValue(forKey: key)
+        } else {
+            self.values[key] = Entry(settings: settings, overrideValue: override)
+        }
+    }
+
+    @MainActor
+    static func reconciliationEnvironment(for settings: SettingsStore) -> [String: String]? {
+        self.entry(for: settings)?.overrideValue.reconciliationEnvironment
+    }
+
+    @MainActor
+    static func setReconciliationEnvironment(_ environment: [String: String]?, for settings: SettingsStore) {
+        let key = ObjectIdentifier(settings)
+        var override = self.entry(for: settings)?.overrideValue ?? Override()
+        override.reconciliationEnvironment = environment
+        if override.isEmpty {
+            self.values.removeValue(forKey: key)
+        } else {
+            self.values[key] = Entry(settings: settings, overrideValue: override)
+        }
+    }
+
+    @MainActor
+    static func hasAnyOverride(for settings: SettingsStore) -> Bool {
+        self.entry(for: settings)?.overrideValue.isEmpty == false
+    }
+}
+
+private enum CodexManagedRemoteHomeTestingOverrideError: Error {
+    case unreadableManagedStore
+}
+
+private struct CodexManagedRemoteHomeTestingSystemObserver: CodexSystemAccountObserving {
+    let overrideAccount: ObservedSystemCodexAccount?
+    let usesInjectedEnvironment: Bool
+
+    func loadSystemAccount(environment: [String: String]) throws -> ObservedSystemCodexAccount? {
+        if let overrideAccount {
+            return overrideAccount
+        }
+        guard self.usesInjectedEnvironment else {
+            return nil
+        }
+        return try DefaultCodexSystemAccountObserver().loadSystemAccount(environment: environment)
+    }
+}
+
+extension SettingsStore {
+    var _test_activeManagedCodexRemoteHomePath: String? {
+        get { CodexManagedRemoteHomeTestingOverride.homePath(for: self) }
+        set { CodexManagedRemoteHomeTestingOverride.setHomePath(newValue, for: self) }
+    }
+
+    var _test_activeManagedCodexAccount: ManagedCodexAccount? {
+        get { CodexManagedRemoteHomeTestingOverride.account(for: self) }
+        set { CodexManagedRemoteHomeTestingOverride.setAccount(newValue, for: self) }
+    }
+
+    var _test_unreadableManagedCodexAccountStore: Bool {
+        get { CodexManagedRemoteHomeTestingOverride.isUnreadable(for: self) }
+        set { CodexManagedRemoteHomeTestingOverride.setUnreadable(newValue, for: self) }
+    }
+
+    var _test_managedCodexAccountStoreURL: URL? {
+        get { CodexManagedRemoteHomeTestingOverride.managedStoreURL(for: self) }
+        set { CodexManagedRemoteHomeTestingOverride.setManagedStoreURL(newValue, for: self) }
+    }
+
+    var _test_liveSystemCodexAccount: ObservedSystemCodexAccount? {
+        get { CodexManagedRemoteHomeTestingOverride.liveSystemAccount(for: self) }
+        set { CodexManagedRemoteHomeTestingOverride.setLiveSystemAccount(newValue, for: self) }
+    }
+
+    var _test_codexReconciliationEnvironment: [String: String]? {
+        get { CodexManagedRemoteHomeTestingOverride.reconciliationEnvironment(for: self) }
+        set { CodexManagedRemoteHomeTestingOverride.setReconciliationEnvironment(newValue, for: self) }
+    }
+}
+#endif
+
+extension SettingsStore {
+    func codexSettingsSnapshot(
+        tokenOverride: TokenAccountOverride?,
+        activeSourceOverride: CodexActiveSource? = nil) -> ProviderSettingsSnapshot.CodexProviderSettings
+    {
+        let reconciliationSnapshot = self.codexAccountReconciliationSnapshot(
+            activeSourceOverride: activeSourceOverride)
+        let resolvedActiveSource = CodexActiveSourceResolver.resolve(from: reconciliationSnapshot)
+        return CodexProviderSettingsBuilder.make(input: CodexProviderSettingsBuilderInput(
             usageDataSource: self.codexUsageDataSource,
             cookieSource: self.codexSnapshotCookieSource(tokenOverride: tokenOverride),
-            manualCookieHeader: self.codexSnapshotCookieHeader(tokenOverride: tokenOverride))
+            manualCookieHeader: self.codexSnapshotCookieHeader(tokenOverride: tokenOverride),
+            reconciliationSnapshot: reconciliationSnapshot,
+            resolvedActiveSource: resolvedActiveSource))
     }
 
     private static func codexUsageDataSource(from source: ProviderSourceMode?) -> CodexUsageDataSource {
diff --git a/Sources/CodexBar/Providers/Codex/UsageStore+CodexAccountState.swift b/Sources/CodexBar/Providers/Codex/UsageStore+CodexAccountState.swift
new file mode 100644
index 000000000..0952a47ae
--- /dev/null
+++ b/Sources/CodexBar/Providers/Codex/UsageStore+CodexAccountState.swift
@@ -0,0 +1,452 @@
+import CodexBarCore
+import Foundation
+
+enum CodexAccountScopedRefreshPhase {
+    case invalidated
+    case usage
+    case credits
+    case dashboard
+    case completed
+}
+
+struct CodexAccountScopedRefreshGuard: Equatable {
+    let source: CodexActiveSource
+    let identity: CodexIdentity
+    let accountKey: String?
+}
+
+@MainActor
+extension UsageStore {
+    func refreshCodexAccountScopedState(
+        allowDisabled: Bool = false,
+        phaseDidChange: (@MainActor (CodexAccountScopedRefreshPhase) -> Void)? = nil)
+        async
+    {
+        let refreshStartedAt = Date()
+        self.prepareRefreshState(for: .codex)
+        if self.prepareCodexAccountScopedRefreshIfNeeded() {
+            phaseDidChange?(.invalidated)
+        }
+
+        await self.refreshProvider(.codex, allowDisabled: allowDisabled)
+        phaseDidChange?(.usage)
+        await self.refreshCreditsIfNeeded(minimumSnapshotUpdatedAt: refreshStartedAt)
+        phaseDidChange?(.credits)
+
+        if self.settings.codexCookieSource.isEnabled {
+            let expectedGuard = self.currentCodexOpenAIWebRefreshGuard()
+            await self.refreshOpenAIDashboardIfNeeded(
+                force: true,
+                expectedGuard: expectedGuard,
+                allowCodexUsageBackfill: true)
+            phaseDidChange?(.dashboard)
+        }
+
+        if self.openAIDashboardRequiresLogin {
+            await self.refreshProvider(.codex, allowDisabled: allowDisabled)
+            phaseDidChange?(.usage)
+            await self.refreshCreditsIfNeeded(minimumSnapshotUpdatedAt: refreshStartedAt)
+            phaseDidChange?(.credits)
+        }
+
+        self.persistWidgetSnapshot(reason: "codex-account-refresh")
+        phaseDidChange?(.completed)
+    }
+
+    @discardableResult
+    func prepareCodexAccountScopedRefreshIfNeeded() -> Bool {
+        let currentGuard = self.currentCodexAccountScopedRefreshGuard(
+            preferCurrentSnapshot: false,
+            allowLastKnownLiveFallback: false)
+        let previousGuard = self.lastCodexAccountScopedRefreshGuard
+        self.lastCodexAccountScopedRefreshGuard = currentGuard
+
+        guard previousGuard != nil, previousGuard != currentGuard else { return false }
+
+        self.snapshots.removeValue(forKey: .codex)
+        self.errors[.codex] = nil
+        self.lastSourceLabels.removeValue(forKey: .codex)
+        self.lastFetchAttempts.removeValue(forKey: .codex)
+        self.accountSnapshots.removeValue(forKey: .codex)
+        self.codexAccountSnapshots = []
+        self.failureGates[.codex]?.reset()
+        self.lastKnownSessionRemaining.removeValue(forKey: .codex)
+        self.lastKnownSessionWindowSource.removeValue(forKey: .codex)
+
+        self.credits = nil
+        self.lastCreditsError = nil
+        self.lastCreditsSnapshot = nil
+        self.lastCreditsSnapshotAccountKey = nil
+        self.lastCreditsSource = .none
+        self.creditsFailureStreak = 0
+
+        self.clearCodexOpenAIWebStateForAccountTransition(targetEmail: self.codexAccountEmailForOpenAIDashboard())
+
+        self.persistWidgetSnapshot(reason: "codex-account-invalidate")
+        return true
+    }
+
+    func seedCodexAccountScopedRefreshGuard(
+        source: CodexActiveSource? = nil,
+        accountEmail: String?)
+    {
+        let resolvedSource = source ?? self.settings.codexResolvedActiveSource
+        let resolvedEmail = Self.normalizeCodexAccountScopedEmail(accountEmail)
+        let currentIdentity = self.currentCodexRuntimeIdentity(
+            source: resolvedSource,
+            preferCurrentSnapshot: false,
+            allowLastKnownLiveFallback: false)
+        let resolvedIdentity = CodexIdentityMatcher.normalized(
+            currentIdentity == .unresolved ? CodexIdentityResolver.resolve(accountId: nil, email: resolvedEmail) :
+                currentIdentity,
+            fallbackEmail: resolvedEmail ?? "")
+        let accountKey = Self.normalizeCodexAccountScopedKey(resolvedEmail ?? Self.email(for: resolvedIdentity))
+        guard resolvedIdentity != .unresolved || accountKey != nil else { return }
+        self.lastCodexAccountScopedRefreshGuard = CodexAccountScopedRefreshGuard(
+            source: resolvedSource,
+            identity: resolvedIdentity,
+            accountKey: accountKey)
+    }
+
+    func currentCodexAccountScopedRefreshGuard(
+        preferCurrentSnapshot: Bool = true,
+        allowLastKnownLiveFallback: Bool = true) -> CodexAccountScopedRefreshGuard
+    {
+        CodexAccountScopedRefreshGuard(
+            source: self.settings.codexResolvedActiveSource,
+            identity: self.currentCodexRuntimeIdentity(
+                source: self.settings.codexResolvedActiveSource,
+                preferCurrentSnapshot: preferCurrentSnapshot,
+                allowLastKnownLiveFallback: allowLastKnownLiveFallback),
+            accountKey: self.codexAccountScopedRefreshKey(
+                preferCurrentSnapshot: preferCurrentSnapshot,
+                allowLastKnownLiveFallback: allowLastKnownLiveFallback))
+    }
+
+    func currentCodexOpenAIWebRefreshGuard() -> CodexAccountScopedRefreshGuard {
+        let source = self.settings.codexResolvedActiveSource
+        let accountKey: String? = switch self.settings.codexResolvedActiveSource {
+        case .liveSystem:
+            Self
+                .normalizeCodexAccountScopedKey(self.settings.codexAccountReconciliationSnapshot.liveSystemAccount?
+                    .email)
+        case .managedAccount:
+            Self.normalizeCodexAccountScopedKey(self.currentManagedCodexRuntimeEmail())
+        }
+        return CodexAccountScopedRefreshGuard(
+            source: source,
+            identity: self.currentCodexOpenAIWebIdentity(source: source),
+            accountKey: accountKey)
+    }
+
+    func shouldApplyCodexUsageResult(
+        expectedGuard: CodexAccountScopedRefreshGuard,
+        usage: UsageSnapshot) -> Bool
+    {
+        let currentGuard = self.currentCodexAccountScopedRefreshGuard()
+        guard currentGuard.source == expectedGuard.source else { return false }
+
+        if expectedGuard.identity != .unresolved {
+            return currentGuard.identity == expectedGuard.identity
+        }
+
+        let resultIdentity = CodexIdentityResolver.resolve(accountId: nil, email: usage.accountEmail(for: .codex))
+        if currentGuard.identity != .unresolved {
+            return resultIdentity == currentGuard.identity
+        }
+
+        switch currentGuard.source {
+        case .liveSystem:
+            return resultIdentity != .unresolved
+        case .managedAccount:
+            return false
+        }
+    }
+
+    func shouldApplyCodexScopedFailure(expectedGuard: CodexAccountScopedRefreshGuard) -> Bool {
+        let currentGuard = self.currentCodexAccountScopedRefreshGuard()
+        guard currentGuard.source == expectedGuard.source else { return false }
+
+        if expectedGuard.identity != .unresolved {
+            return currentGuard.identity == expectedGuard.identity
+        }
+
+        return currentGuard.identity == .unresolved
+    }
+
+    func shouldApplyCodexScopedNonUsageResult(expectedGuard: CodexAccountScopedRefreshGuard) -> Bool {
+        let currentGuard = self.currentCodexAccountScopedRefreshGuard()
+        guard currentGuard.source == expectedGuard.source else { return false }
+        guard expectedGuard.identity != .unresolved else { return false }
+        return currentGuard.identity == expectedGuard.identity
+    }
+
+    func shouldApplyOpenAIDashboardRefreshGuard(
+        expectedGuard: CodexAccountScopedRefreshGuard,
+        routingTargetEmail: String?) -> Bool
+    {
+        let normalizedRoutingTargetEmail = CodexIdentityResolver.normalizeEmail(routingTargetEmail)
+        let currentGuard = self.currentCodexOpenAIWebRefreshGuard()
+        guard currentGuard.source == expectedGuard.source else { return false }
+
+        if expectedGuard.identity != .unresolved {
+            return currentGuard.identity == expectedGuard.identity
+        }
+
+        guard case .liveSystem = expectedGuard.source else { return false }
+        guard currentGuard.identity == .unresolved else { return false }
+        return CodexIdentityResolver.normalizeEmail(
+            self.currentCodexOpenAIWebTargetEmail(
+                allowCurrentSnapshotFallback: true,
+                allowLastKnownLiveFallback: false)) == normalizedRoutingTargetEmail
+    }
+
+    func shouldApplyOpenAIWebNonSuccessResult(
+        expectedGuard: CodexAccountScopedRefreshGuard,
+        routingTargetEmail: String?) -> Bool
+    {
+        self.shouldApplyOpenAIDashboardRefreshGuard(
+            expectedGuard: expectedGuard,
+            routingTargetEmail: routingTargetEmail)
+    }
+
+    func codexDashboardKnownOwnerCandidates() -> [CodexDashboardKnownOwnerCandidate] {
+        CodexKnownOwnerCatalog.candidates(from: self.settings.codexAccountReconciliationSnapshot)
+    }
+
+    func trustedCurrentCodexUsageEmailForDashboardAuthority() -> String? {
+        guard let sourceLabel = self.lastSourceLabels[.codex], sourceLabel != "openai-web" else {
+            return nil
+        }
+        return CodexIdentityResolver.normalizeEmail(self.snapshots[.codex]?.accountEmail(for: .codex))
+    }
+
+    func currentCodexDashboardExpectedScopedEmail() -> String? {
+        switch self.settings.codexResolvedActiveSource {
+        case .liveSystem:
+            CodexIdentityResolver.normalizeEmail(
+                self.settings.codexAccountReconciliationSnapshot.liveSystemAccount?.email)
+        case .managedAccount:
+            CodexIdentityResolver.normalizeEmail(self.currentManagedCodexRuntimeEmail())
+        }
+    }
+
+    func makeCodexDashboardAuthorityInput(
+        dashboard: OpenAIDashboardSnapshot,
+        sourceKind: CodexDashboardSourceKind,
+        routingTargetEmail: String?) -> CodexDashboardAuthorityInput
+    {
+        let source = self.settings.codexResolvedActiveSource
+        return CodexDashboardAuthorityInput(
+            sourceKind: sourceKind,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: self.currentCodexOpenAIWebIdentity(source: source),
+                expectedScopedEmail: self.currentCodexDashboardExpectedScopedEmail(),
+                trustedCurrentUsageEmail: self.trustedCurrentCodexUsageEmailForDashboardAuthority(),
+                dashboardSignedInEmail: dashboard.signedInEmail,
+                knownOwners: self.codexDashboardKnownOwnerCandidates()),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: CodexIdentityResolver.normalizeEmail(routingTargetEmail),
+                lastKnownDashboardRoutingEmail: CodexIdentityResolver.normalizeEmail(
+                    self.lastKnownLiveSystemCodexEmail)))
+    }
+
+    func evaluateCodexDashboardAuthority(
+        dashboard: OpenAIDashboardSnapshot,
+        sourceKind: CodexDashboardSourceKind,
+        routingTargetEmail: String?) -> (input: CodexDashboardAuthorityInput, decision: CodexDashboardAuthorityDecision)
+    {
+        let input = self.makeCodexDashboardAuthorityInput(
+            dashboard: dashboard,
+            sourceKind: sourceKind,
+            routingTargetEmail: routingTargetEmail)
+        return (input, CodexDashboardAuthority.evaluate(input))
+    }
+
+    func codexDashboardAttachmentEmail(from input: CodexDashboardAuthorityInput) -> String? {
+        CodexIdentityResolver.normalizeEmail(
+            input.proof.expectedScopedEmail ??
+                input.proof.trustedCurrentUsageEmail ??
+                input.proof.dashboardSignedInEmail)
+    }
+
+    func rememberLiveSystemCodexEmailIfNeeded(_ email: String?) {
+        guard case .liveSystem = self.settings.codexResolvedActiveSource else { return }
+        guard let normalized = Self.normalizeCodexAccountScopedEmail(email) else { return }
+        self.lastKnownLiveSystemCodexEmail = normalized
+    }
+
+    func codexAccountScopedRefreshKey(
+        preferCurrentSnapshot: Bool = true,
+        allowLastKnownLiveFallback: Bool = true) -> String?
+    {
+        Self.normalizeCodexAccountScopedKey(
+            self.codexAccountScopedRefreshEmail(
+                preferCurrentSnapshot: preferCurrentSnapshot,
+                allowLastKnownLiveFallback: allowLastKnownLiveFallback))
+    }
+
+    func codexAccountScopedRefreshEmail(
+        preferCurrentSnapshot: Bool = true,
+        allowLastKnownLiveFallback: Bool = true) -> String?
+    {
+        switch self.settings.codexResolvedActiveSource {
+        case .liveSystem:
+            let liveSystem = Self.normalizeCodexAccountScopedEmail(
+                self.settings.codexAccountReconciliationSnapshot.liveSystemAccount?.email)
+            if let liveSystem {
+                self.lastKnownLiveSystemCodexEmail = liveSystem
+                return liveSystem
+            }
+
+            if preferCurrentSnapshot,
+               let snapshotEmail = Self
+                   .normalizeCodexAccountScopedEmail(self.snapshots[.codex]?.accountEmail(for: .codex))
+            {
+                self.lastKnownLiveSystemCodexEmail = snapshotEmail
+                return snapshotEmail
+            }
+
+            if allowLastKnownLiveFallback,
+               let lastKnown = Self.normalizeCodexAccountScopedEmail(self.lastKnownLiveSystemCodexEmail)
+            {
+                return lastKnown
+            }
+
+            return nil
+        case .managedAccount:
+            if self.settings.codexSettingsSnapshot(tokenOverride: nil).managedAccountStoreUnreadable {
+                return nil
+            }
+            return self.currentManagedCodexRuntimeEmail()
+        }
+    }
+
+    func currentCodexRuntimeIdentity(
+        source: CodexActiveSource,
+        preferCurrentSnapshot: Bool,
+        allowLastKnownLiveFallback: Bool) -> CodexIdentity
+    {
+        switch source {
+        case .liveSystem:
+            if let liveSystem = self.settings.codexAccountReconciliationSnapshot.liveSystemAccount {
+                return self.settings.codexAccountReconciliationSnapshot.runtimeIdentity(for: liveSystem)
+            }
+
+            if preferCurrentSnapshot,
+               let snapshotEmail = Self
+                   .normalizeCodexAccountScopedEmail(self.snapshots[.codex]?.accountEmail(for: .codex))
+            {
+                self.lastKnownLiveSystemCodexEmail = snapshotEmail
+                return CodexIdentityResolver.resolve(accountId: nil, email: snapshotEmail)
+            }
+
+            if allowLastKnownLiveFallback,
+               let lastKnown = Self.normalizeCodexAccountScopedEmail(self.lastKnownLiveSystemCodexEmail)
+            {
+                return CodexIdentityResolver.resolve(accountId: nil, email: lastKnown)
+            }
+
+            return .unresolved
+        case .managedAccount:
+            guard !self.settings.codexSettingsSnapshot(tokenOverride: nil).managedAccountStoreUnreadable else {
+                return .unresolved
+            }
+            guard let activeStoredAccount = self.settings.codexAccountReconciliationSnapshot.activeStoredAccount else {
+                return .unresolved
+            }
+            return self.settings.codexAccountReconciliationSnapshot.runtimeIdentity(for: activeStoredAccount)
+        }
+    }
+
+    private func currentCodexOpenAIWebIdentity(source: CodexActiveSource) -> CodexIdentity {
+        switch source {
+        case .liveSystem:
+            guard let liveSystem = self.settings.codexAccountReconciliationSnapshot.liveSystemAccount else {
+                return .unresolved
+            }
+            return self.settings.codexAccountReconciliationSnapshot.runtimeIdentity(for: liveSystem)
+        case .managedAccount:
+            guard !self.settings.codexSettingsSnapshot(tokenOverride: nil).managedAccountStoreUnreadable else {
+                return .unresolved
+            }
+            guard let activeStoredAccount = self.settings.codexAccountReconciliationSnapshot.activeStoredAccount else {
+                return .unresolved
+            }
+            return self.settings.codexAccountReconciliationSnapshot.runtimeIdentity(for: activeStoredAccount)
+        }
+    }
+
+    func currentManagedCodexRuntimeEmail() -> String? {
+        guard !self.settings.codexSettingsSnapshot(tokenOverride: nil).managedAccountStoreUnreadable else {
+            return nil
+        }
+        guard let activeStoredAccount = self.settings.codexAccountReconciliationSnapshot.activeStoredAccount else {
+            return nil
+        }
+        return Self.normalizeCodexAccountScopedEmail(
+            self.settings.codexAccountReconciliationSnapshot.runtimeEmail(for: activeStoredAccount))
+    }
+
+    private func clearCodexOpenAIWebStateForAccountTransition(targetEmail: String?) {
+        self.invalidateOpenAIDashboardRefreshTask()
+        if self.settings.codexCookieSource.isEnabled,
+           let normalizedTarget = Self.normalizeCodexAccountScopedEmail(targetEmail)
+        {
+            let previous = self.lastOpenAIDashboardTargetEmail
+            self.lastOpenAIDashboardTargetEmail = normalizedTarget
+            if let previous, !previous.isEmpty, previous != normalizedTarget {
+                self.openAIWebAccountDidChange = true
+                self.openAIDashboardCookieImportStatus = "Codex account changed; importing browser cookies…"
+            } else {
+                self.openAIDashboardCookieImportStatus = nil
+            }
+            self.openAIDashboardRequiresLogin = true
+        } else {
+            self.lastOpenAIDashboardTargetEmail = Self.normalizeCodexAccountScopedEmail(targetEmail)
+            self.openAIWebAccountDidChange = false
+            self.openAIDashboardRequiresLogin = false
+            self.openAIDashboardCookieImportStatus = nil
+        }
+
+        self.openAIDashboard = nil
+        self.openAIDashboardAttachmentAuthorized = false
+        self.lastOpenAIDashboardSnapshot = nil
+        self.lastOpenAIDashboardAttachmentAuthorized = false
+        self.lastOpenAIDashboardError = nil
+        self.openAIDashboardCookieImportDebugLog = nil
+        self.lastOpenAIDashboardCookieImportAttemptAt = nil
+        self.lastOpenAIDashboardCookieImportEmail = nil
+    }
+
+    static func normalizeCodexAccountScopedEmail(_ email: String?) -> String? {
+        guard let trimmed = email?.trimmingCharacters(in: .whitespacesAndNewlines), !trimmed.isEmpty else {
+            return nil
+        }
+        return trimmed
+    }
+
+    static func normalizeCodexAccountScopedKey(_ email: String?) -> String? {
+        self.normalizeCodexAccountScopedEmail(email)?.lowercased()
+    }
+
+    static func codexIdentityGuardKey(_ identity: CodexIdentity) -> String? {
+        switch identity {
+        case let .providerAccount(id):
+            "provider:\(id)"
+        case let .emailOnly(normalizedEmail):
+            "email:\(normalizedEmail)"
+        case .unresolved:
+            nil
+        }
+    }
+
+    private static func email(for identity: CodexIdentity) -> String? {
+        switch identity {
+        case .providerAccount, .unresolved:
+            nil
+        case let .emailOnly(normalizedEmail):
+            normalizedEmail
+        }
+    }
+}
diff --git a/Sources/CodexBar/Providers/Codex/UsageStore+CodexRefresh.swift b/Sources/CodexBar/Providers/Codex/UsageStore+CodexRefresh.swift
new file mode 100644
index 000000000..dc0608017
--- /dev/null
+++ b/Sources/CodexBar/Providers/Codex/UsageStore+CodexRefresh.swift
@@ -0,0 +1,258 @@
+import CodexBarCore
+import Foundation
+
+@MainActor
+extension UsageStore {
+    nonisolated static let codexSnapshotWaitTimeoutSeconds: TimeInterval = 6
+    nonisolated static let codexRefreshStartGraceSeconds: TimeInterval = 0.25
+    nonisolated static let codexSnapshotPollIntervalNanoseconds: UInt64 = 100_000_000
+
+    func codexCreditsFetcher() -> UsageFetcher {
+        // Credits are remote Codex account state, so they need the same managed-home routing as the
+        // primary Codex usage fetch. Local token-cost scanning intentionally stays ambient-system scoped.
+        self.makeFetchContext(provider: .codex, override: nil).fetcher
+    }
+
+    func scheduleCreditsRefreshIfNeeded(minimumSnapshotUpdatedAt: Date? = nil) {
+        let refreshKey = self.codexCreditsRefreshKey(
+            expectedGuard: self.currentCodexAccountScopedRefreshGuard())
+        if let existing = self.creditsRefreshTask,
+           !existing.isCancelled,
+           self.creditsRefreshTaskKey == refreshKey
+        {
+            return
+        }
+
+        self.creditsRefreshTask?.cancel()
+        self.creditsRefreshTaskKey = refreshKey
+        self.creditsRefreshTask = Task(priority: .utility) { @MainActor [weak self] in
+            guard let self else { return }
+            defer {
+                if self.creditsRefreshTaskKey == refreshKey {
+                    self.creditsRefreshTask = nil
+                    self.creditsRefreshTaskKey = nil
+                }
+            }
+            await self.refreshCreditsIfNeeded(minimumSnapshotUpdatedAt: minimumSnapshotUpdatedAt)
+            guard !Task.isCancelled else { return }
+            self.persistWidgetSnapshot(reason: "credits")
+        }
+    }
+
+    func cancelScheduledCreditsRefresh() {
+        self.creditsRefreshTask?.cancel()
+        self.creditsRefreshTask = nil
+        self.creditsRefreshTaskKey = nil
+    }
+
+    func refreshCreditsNow(minimumSnapshotUpdatedAt: Date? = nil) async {
+        self.cancelScheduledCreditsRefresh()
+        await self.refreshCreditsIfNeeded(minimumSnapshotUpdatedAt: minimumSnapshotUpdatedAt)
+    }
+
+    func codexCreditsRefreshKey(expectedGuard: CodexAccountScopedRefreshGuard) -> String {
+        let sourceKey = switch expectedGuard.source {
+        case .liveSystem:
+            "live"
+        case let .managedAccount(id):
+            "managed:\(id.uuidString)"
+        }
+
+        let identityKey = switch expectedGuard.identity {
+        case let .providerAccount(id):
+            "provider:\(id)"
+        case let .emailOnly(normalizedEmail):
+            "email:\(normalizedEmail)"
+        case .unresolved:
+            "unresolved"
+        }
+
+        return [
+            sourceKey,
+            identityKey,
+            expectedGuard.accountKey ?? "account:nil",
+        ].joined(separator: "|")
+    }
+
+    func refreshCreditsIfNeeded(minimumSnapshotUpdatedAt: Date? = nil) async {
+        guard self.isEnabled(.codex) else { return }
+        var expectedGuard = self.currentCodexAccountScopedRefreshGuard()
+        if expectedGuard.identity == .unresolved,
+           let minimumSnapshotUpdatedAt,
+           case .liveSystem = expectedGuard.source
+        {
+            _ = await self.waitForCodexSnapshotOrRefreshCompletion(minimumUpdatedAt: minimumSnapshotUpdatedAt)
+            expectedGuard = self.currentCodexAccountScopedRefreshGuard()
+        }
+        guard expectedGuard.identity != .unresolved,
+              expectedGuard.accountKey != nil
+        else {
+            return
+        }
+        do {
+            let credits = try await self.loadLatestCodexCredits()
+            guard !Task.isCancelled else { return }
+            guard self.shouldApplyCodexScopedNonUsageResult(expectedGuard: expectedGuard) else { return }
+            await MainActor.run {
+                self.credits = credits
+                self.lastCreditsError = nil
+                self.lastCreditsSnapshot = credits
+                self.lastCreditsSnapshotAccountKey = expectedGuard.accountKey
+                self.lastCreditsSource = .api
+                self.creditsFailureStreak = 0
+                self.lastCodexAccountScopedRefreshGuard = expectedGuard
+            }
+            let codexSnapshot = await MainActor.run {
+                self.snapshots[.codex]
+            }
+            if let minimumSnapshotUpdatedAt,
+               codexSnapshot == nil || codexSnapshot?.updatedAt ?? .distantPast < minimumSnapshotUpdatedAt
+            {
+                self.scheduleCodexPlanHistoryBackfill(
+                    minimumSnapshotUpdatedAt: minimumSnapshotUpdatedAt)
+                return
+            }
+
+            self.cancelCodexPlanHistoryBackfill()
+            guard let codexSnapshot else { return }
+            await self.recordPlanUtilizationHistorySample(
+                provider: .codex,
+                snapshot: codexSnapshot,
+                now: codexSnapshot.updatedAt)
+        } catch {
+            guard !Task.isCancelled else { return }
+            let message = error.localizedDescription
+            if message.localizedCaseInsensitiveContains("data not available yet") {
+                guard self.shouldApplyCodexScopedNonUsageResult(expectedGuard: expectedGuard) else { return }
+                await MainActor.run {
+                    if let cached = self.lastCreditsSnapshot,
+                       self.lastCreditsSnapshotAccountKey == expectedGuard.accountKey
+                    {
+                        self.credits = cached
+                        self.lastCreditsError = nil
+                        self.lastCodexAccountScopedRefreshGuard = expectedGuard
+                    } else {
+                        self.credits = nil
+                        self.lastCreditsSource = .none
+                        self.lastCreditsError = "Codex credits are still loading; will retry shortly."
+                    }
+                }
+                return
+            }
+
+            guard self.shouldApplyCodexScopedNonUsageResult(expectedGuard: expectedGuard) else { return }
+            await MainActor.run {
+                self.creditsFailureStreak += 1
+                if let cached = self.lastCreditsSnapshot,
+                   self.lastCreditsSnapshotAccountKey == expectedGuard.accountKey
+                {
+                    self.credits = cached
+                    let stamp = cached.updatedAt.formatted(date: .abbreviated, time: .shortened)
+                    self.lastCreditsError =
+                        "Last Codex credits refresh failed: \(message). Cached values from \(stamp)."
+                    self.lastCodexAccountScopedRefreshGuard = expectedGuard
+                } else {
+                    self.lastCreditsError = message
+                    self.credits = nil
+                    self.lastCreditsSource = .none
+                }
+            }
+        }
+    }
+
+    private func loadLatestCodexCredits() async throws -> CreditsSnapshot {
+        if let override = self._test_codexCreditsLoaderOverride {
+            return try await override()
+        }
+        let descriptor = self.providerSpecs[.codex]?.descriptor ?? ProviderDescriptorRegistry.descriptor(for: .codex)
+        let context = self.makeFetchContext(provider: .codex, override: nil, includeCredits: true)
+        let strategies = await descriptor.fetchPlan.pipeline.resolveStrategies(context)
+        var lastAvailableError: Error?
+
+        for strategy in strategies {
+            guard await strategy.isAvailable(context) else { continue }
+            do {
+                let result = try await strategy.fetch(context)
+                if let credits = result.credits {
+                    return credits
+                }
+                lastAvailableError = UsageError.noRateLimitsFound
+                guard context.sourceMode == .auto else { break }
+            } catch {
+                lastAvailableError = error
+                guard strategy.shouldFallback(on: error, context: context) else { break }
+            }
+        }
+        throw lastAvailableError ?? ProviderFetchError.noAvailableStrategy(.codex)
+    }
+
+    func waitForCodexSnapshot(minimumUpdatedAt: Date) async -> UsageSnapshot? {
+        let deadline = Date().addingTimeInterval(Self.codexSnapshotWaitTimeoutSeconds)
+
+        while Date() < deadline {
+            if Task.isCancelled { return nil }
+            if let snapshot = await MainActor.run(body: { self.snapshots[.codex] }),
+               snapshot.updatedAt >= minimumUpdatedAt
+            {
+                return snapshot
+            }
+            try? await Task.sleep(nanoseconds: Self.codexSnapshotPollIntervalNanoseconds)
+        }
+
+        return nil
+    }
+
+    func waitForCodexSnapshotOrRefreshCompletion(minimumUpdatedAt: Date) async -> UsageSnapshot? {
+        let deadline = Date().addingTimeInterval(Self.codexSnapshotWaitTimeoutSeconds)
+        let refreshStartDeadline = Date().addingTimeInterval(Self.codexRefreshStartGraceSeconds)
+
+        while Date() < deadline {
+            if Task.isCancelled { return nil }
+            let state = await MainActor.run {
+                (
+                    snapshot: self.snapshots[.codex],
+                    isRefreshing: self.refreshingProviders.contains(.codex),
+                    hasAttempts: !(self.lastFetchAttempts[.codex] ?? []).isEmpty,
+                    hasError: self.errors[.codex] != nil)
+            }
+            if let snapshot = state.snapshot, snapshot.updatedAt >= minimumUpdatedAt {
+                return snapshot
+            }
+            if !state.isRefreshing, state.hasAttempts || state.hasError {
+                return nil
+            }
+            if !state.isRefreshing,
+               !state.hasAttempts,
+               !state.hasError,
+               Date() >= refreshStartDeadline
+            {
+                return nil
+            }
+            try? await Task.sleep(nanoseconds: Self.codexSnapshotPollIntervalNanoseconds)
+        }
+
+        return nil
+    }
+
+    func scheduleCodexPlanHistoryBackfill(
+        minimumSnapshotUpdatedAt: Date)
+    {
+        self.cancelCodexPlanHistoryBackfill()
+        self.codexPlanHistoryBackfillTask = Task { @MainActor [weak self] in
+            guard let self else { return }
+            guard let snapshot = await self.waitForCodexSnapshot(minimumUpdatedAt: minimumSnapshotUpdatedAt) else {
+                return
+            }
+            await self.recordPlanUtilizationHistorySample(
+                provider: .codex,
+                snapshot: snapshot,
+                now: snapshot.updatedAt)
+            self.codexPlanHistoryBackfillTask = nil
+        }
+    }
+
+    func cancelCodexPlanHistoryBackfill() {
+        self.codexPlanHistoryBackfillTask?.cancel()
+        self.codexPlanHistoryBackfillTask = nil
+    }
+}
diff --git a/Sources/CodexBar/Providers/CommandCode/CommandCodeProviderImplementation.swift b/Sources/CodexBar/Providers/CommandCode/CommandCodeProviderImplementation.swift
new file mode 100644
index 000000000..4d2e0438a
--- /dev/null
+++ b/Sources/CodexBar/Providers/CommandCode/CommandCodeProviderImplementation.swift
@@ -0,0 +1,81 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+import SwiftUI
+
+@ProviderImplementationRegistration
+struct CommandCodeProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .commandcode
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.commandcodeCookieSource
+        _ = settings.commandcodeCookieHeader
+    }
+
+    @MainActor
+    func settingsSnapshot(context: ProviderSettingsSnapshotContext) -> ProviderSettingsSnapshotContribution? {
+        .commandcode(context.settings.commandcodeSettingsSnapshot(tokenOverride: context.tokenOverride))
+    }
+
+    @MainActor
+    func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        let cookieBinding = Binding(
+            get: { context.settings.commandcodeCookieSource.rawValue },
+            set: { raw in
+                context.settings.commandcodeCookieSource = ProviderCookieSource(rawValue: raw) ?? .auto
+            })
+        let cookieOptions = ProviderCookieSourceUI.options(
+            allowsOff: false,
+            keychainDisabled: context.settings.debugDisableKeychainAccess)
+
+        let cookieSubtitle: () -> String? = {
+            ProviderCookieSourceUI.subtitle(
+                source: context.settings.commandcodeCookieSource,
+                keychainDisabled: context.settings.debugDisableKeychainAccess,
+                auto: "Automatic imports browser cookies.",
+                manual: "Paste a Cookie header or cURL capture from Command Code.",
+                off: "Command Code cookies are disabled.")
+        }
+
+        return [
+            ProviderSettingsPickerDescriptor(
+                id: "commandcode-cookie-source",
+                title: "Cookie source",
+                subtitle: "Automatic imports browser cookies.",
+                dynamicSubtitle: cookieSubtitle,
+                binding: cookieBinding,
+                options: cookieOptions,
+                isVisible: nil,
+                onChange: nil),
+        ]
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "commandcode-cookie",
+                title: "",
+                subtitle: "",
+                kind: .secure,
+                placeholder: "Cookie: …",
+                binding: context.stringBinding(\.commandcodeCookieHeader),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "commandcode-open-settings",
+                        title: "Open Command Code Settings",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            if let url = URL(string: "https://commandcode.ai/studio") {
+                                NSWorkspace.shared.open(url)
+                            }
+                        }),
+                ],
+                isVisible: { context.settings.commandcodeCookieSource == .manual },
+                onActivate: { context.settings.ensureCommandCodeCookieLoaded() }),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/CommandCode/CommandCodeSettingsStore.swift b/Sources/CodexBar/Providers/CommandCode/CommandCodeSettingsStore.swift
new file mode 100644
index 000000000..592dc077d
--- /dev/null
+++ b/Sources/CodexBar/Providers/CommandCode/CommandCodeSettingsStore.swift
@@ -0,0 +1,63 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var commandcodeCookieHeader: String {
+        get { self.configSnapshot.providerConfig(for: .commandcode)?.sanitizedCookieHeader ?? "" }
+        set {
+            self.updateProviderConfig(provider: .commandcode) { entry in
+                entry.cookieHeader = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .commandcode, field: "cookieHeader", value: newValue)
+        }
+    }
+
+    var commandcodeCookieSource: ProviderCookieSource {
+        get { self.resolvedCookieSource(provider: .commandcode, fallback: .auto) }
+        set {
+            self.updateProviderConfig(provider: .commandcode) { entry in
+                entry.cookieSource = newValue
+            }
+            self.logProviderModeChange(provider: .commandcode, field: "cookieSource", value: newValue.rawValue)
+        }
+    }
+
+    func ensureCommandCodeCookieLoaded() {}
+}
+
+extension SettingsStore {
+    func commandcodeSettingsSnapshot(tokenOverride: TokenAccountOverride?) -> ProviderSettingsSnapshot
+    .CommandCodeProviderSettings {
+        ProviderSettingsSnapshot.CommandCodeProviderSettings(
+            cookieSource: self.commandcodeSnapshotCookieSource(tokenOverride: tokenOverride),
+            manualCookieHeader: self.commandcodeSnapshotCookieHeader(tokenOverride: tokenOverride))
+    }
+
+    private func commandcodeSnapshotCookieHeader(tokenOverride: TokenAccountOverride?) -> String {
+        let fallback = self.commandcodeCookieHeader
+        guard let support = TokenAccountSupportCatalog.support(for: .commandcode),
+              case .cookieHeader = support.injection
+        else {
+            return fallback
+        }
+        guard let account = ProviderTokenAccountSelection.selectedAccount(
+            provider: .commandcode,
+            settings: self,
+            override: tokenOverride)
+        else {
+            return fallback
+        }
+        return TokenAccountSupportCatalog.normalizedCookieHeader(account.token, support: support)
+    }
+
+    private func commandcodeSnapshotCookieSource(tokenOverride: TokenAccountOverride?) -> ProviderCookieSource {
+        let fallback = self.commandcodeCookieSource
+        guard let support = TokenAccountSupportCatalog.support(for: .commandcode),
+              support.requiresManualCookieSource
+        else {
+            return fallback
+        }
+        if self.tokenAccounts(for: .commandcode).isEmpty { return fallback }
+        return .manual
+    }
+}
diff --git a/Sources/CodexBar/Providers/Copilot/CopilotLoginFlow.swift b/Sources/CodexBar/Providers/Copilot/CopilotLoginFlow.swift
index 55275ae61..14374c5f2 100644
--- a/Sources/CodexBar/Providers/Copilot/CopilotLoginFlow.swift
+++ b/Sources/CodexBar/Providers/Copilot/CopilotLoginFlow.swift
@@ -5,7 +5,8 @@ import SwiftUI
 @MainActor
 struct CopilotLoginFlow {
     static func run(settings: SettingsStore) async {
-        let flow = CopilotDeviceFlow()
+        let enterpriseHost = settings.copilotEnterpriseHost
+        let flow = CopilotDeviceFlow(enterpriseHost: enterpriseHost.isEmpty ? nil : enterpriseHost)
 
         do {
             let code = try await flow.requestDeviceCode()
@@ -16,21 +17,17 @@ struct CopilotLoginFlow {
             pb.setString(code.userCode, forType: .string)
 
             let alert = NSAlert()
-            alert.messageText = "GitHub Copilot Login"
-            alert.informativeText = """
-            A device code has been copied to your clipboard: \(code.userCode)
-
-            Please verify it at: \(code.verificationUri)
-            """
-            alert.addButton(withTitle: "Open Browser")
-            alert.addButton(withTitle: "Cancel")
+            alert.messageText = L("GitHub Copilot Login")
+            alert.informativeText = String(format: L("copilot_device_code"), code.userCode, code.verificationUri)
+            alert.addButton(withTitle: L("Open Browser"))
+            alert.addButton(withTitle: L("Cancel"))
 
             let response = alert.runModal()
             if response == .alertSecondButtonReturn {
                 return // Cancelled
             }
 
-            if let url = URL(string: code.verificationUri) {
+            if let url = URL(string: code.verificationURLToOpen) {
                 NSWorkspace.shared.open(url)
             }
 
@@ -43,12 +40,9 @@ struct CopilotLoginFlow {
 
             // Let's show a "Waiting" alert that can be cancelled.
             let waitingAlert = NSAlert()
-            waitingAlert.messageText = "Waiting for Authentication..."
-            waitingAlert.informativeText = """
-            Please complete the login in your browser.
-            This window will close automatically when finished.
-            """
-            waitingAlert.addButton(withTitle: "Cancel")
+            waitingAlert.messageText = L("Waiting for Authentication...")
+            waitingAlert.informativeText = L("copilot_waiting_text")
+            waitingAlert.addButton(withTitle: L("Cancel"))
             let parentWindow = Self.resolveWaitingParentWindow()
             let hostWindow = parentWindow ?? Self.makeWaitingHostWindow()
             let shouldCloseHostWindow = parentWindow == nil
@@ -80,14 +74,72 @@ struct CopilotLoginFlow {
 
             switch tokenResult {
             case let .success(token):
-                settings.copilotAPIToken = token
+                // Fetch username for account label.
+                // If accounts already exist, fail closed when identity lookup fails so re-auth cannot create
+                // an anonymous duplicate with stale credentials left on the original account.
+                let existingAccounts = settings.tokenAccounts(for: .copilot)
+                let label: String
+                let identity: CopilotUsageFetcher.GitHubUserIdentity?
+                do {
+                    let resolvedIdentity = try await CopilotUsageFetcher.fetchGitHubIdentity(token: token)
+                    let resolvedUsername = resolvedIdentity.login
+                    let planSuffix: String
+                    do {
+                        let fetcher = CopilotUsageFetcher(
+                            token: token,
+                            enterpriseHost: enterpriseHost.isEmpty ? nil : enterpriseHost)
+                        let usage = try await fetcher.fetch()
+                        let plan = usage.identity(for: .copilot)?.loginMethod ?? ""
+                        planSuffix = plan.isEmpty ? "" : " (\(plan))"
+                    } catch {
+                        planSuffix = ""
+                    }
+                    identity = resolvedIdentity
+                    label = "\(resolvedUsername)\(planSuffix)"
+                } catch {
+                    guard existingAccounts.isEmpty else {
+                        let err = NSAlert()
+                        err.messageText = "Could Not Identify GitHub Account"
+                        err.informativeText = "GitHub login succeeded, but CodexBar could not verify which " +
+                            "account it belongs to. Please try again."
+                        err.runModal()
+                        return
+                    }
+                    identity = nil
+                    label = "Account 1"
+                }
+
+                // Match existing account by stable GitHub user ID. For legacy accounts that pre-date stable
+                // identifiers, also accept login-based externalIdentifier values and resolve stored token identity
+                // before falling back to labels.
+                let matchedExisting = await Self.matchExistingAccount(
+                    existingAccounts: existingAccounts,
+                    identity: identity,
+                    label: label)
+                let externalIdentifier = identity.map(Self.externalIdentifier)
+                let wasRefresh = matchedExisting != nil
+                if let existing = matchedExisting {
+                    settings.updateTokenAccount(
+                        provider: .copilot,
+                        accountID: existing.id,
+                        label: label,
+                        token: token,
+                        externalIdentifier: .some(externalIdentifier))
+                } else {
+                    settings.addTokenAccount(
+                        provider: .copilot,
+                        label: label,
+                        token: token,
+                        externalIdentifier: externalIdentifier)
+                }
                 settings.setProviderEnabled(
                     provider: .copilot,
                     metadata: ProviderRegistry.shared.metadata[.copilot]!,
                     enabled: true)
 
                 let success = NSAlert()
-                success.messageText = "Login Successful"
+                success.messageText = wasRefresh ? "Token Refreshed" : "Account Added"
+                success.informativeText = label
                 success.runModal()
             case let .failure(error):
                 guard !(error is CancellationError) else { return }
@@ -105,6 +157,73 @@ struct CopilotLoginFlow {
         }
     }
 
+    static func matchExistingAccount(
+        existingAccounts: [ProviderTokenAccount],
+        identity: CopilotUsageFetcher.GitHubUserIdentity?,
+        label: String,
+        legacyIdentityResolver: @escaping @Sendable (ProviderTokenAccount) async
+            -> CopilotUsageFetcher.GitHubUserIdentity? = { account in
+                try? await CopilotUsageFetcher.fetchGitHubIdentity(token: account.token)
+            }) async -> ProviderTokenAccount?
+    {
+        guard let identity, !existingAccounts.isEmpty else { return nil }
+        let stableIdentifier = self.externalIdentifier(for: identity)
+        let login = self.normalizedGitHubLogin(identity.login)
+
+        if let byID = existingAccounts.first(where: { account in
+            self.normalizedExternalIdentifier(account.externalIdentifier) == stableIdentifier
+        }) {
+            return byID
+        }
+
+        // Previous PR revisions stored GitHub login in externalIdentifier. Keep matching those
+        // accounts case-insensitively, then write back the stable ID on update.
+        if let byLegacyLogin = existingAccounts.first(where: { account in
+            self.normalizedGitHubLogin(account.externalIdentifier) == login
+        }) {
+            return byLegacyLogin
+        }
+
+        let legacyAccounts = existingAccounts.filter { $0.externalIdentifier == nil }
+        for account in legacyAccounts {
+            guard let resolvedIdentity = await legacyIdentityResolver(account) else { continue }
+            if resolvedIdentity.id == identity.id ||
+                self.normalizedGitHubLogin(resolvedIdentity.login) == login
+            {
+                return account
+            }
+        }
+
+        let usernamePrefix = self.displayLabelPrefix(label)
+        return legacyAccounts.first { account in
+            self.displayLabelPrefix(account.label) == usernamePrefix
+        }
+    }
+
+    static func externalIdentifier(for identity: CopilotUsageFetcher.GitHubUserIdentity) -> String {
+        "github:user:\(identity.id)"
+    }
+
+    private static func normalizedExternalIdentifier(_ identifier: String?) -> String? {
+        let trimmed = identifier?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+        return trimmed.isEmpty ? nil : trimmed.lowercased()
+    }
+
+    private static func normalizedGitHubLogin(_ login: String?) -> String? {
+        let trimmed = login?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+        guard !trimmed.isEmpty else { return nil }
+        // Stable IDs are not valid GitHub logins; do not let a numeric-looking login fallback
+        // match the "github:user:<id>" identifier path accidentally.
+        guard !trimmed.lowercased().hasPrefix("github:user:") else { return nil }
+        return trimmed.lowercased()
+    }
+
+    private static func displayLabelPrefix(_ label: String) -> String {
+        (label.components(separatedBy: " (").first ?? label)
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            .lowercased()
+    }
+
     @MainActor
     private static func presentWaitingAlert(
         _ alert: NSAlert,
diff --git a/Sources/CodexBar/Providers/Copilot/CopilotProviderImplementation.swift b/Sources/CodexBar/Providers/Copilot/CopilotProviderImplementation.swift
index 986d81f2f..660a2d230 100644
--- a/Sources/CodexBar/Providers/Copilot/CopilotProviderImplementation.swift
+++ b/Sources/CodexBar/Providers/Copilot/CopilotProviderImplementation.swift
@@ -16,44 +16,53 @@ struct CopilotProviderImplementation: ProviderImplementation {
     @MainActor
     func observeSettings(_ settings: SettingsStore) {
         _ = settings.copilotAPIToken
+        _ = settings.copilotEnterpriseHost
     }
 
     @MainActor
     func settingsSnapshot(context: ProviderSettingsSnapshotContext) -> ProviderSettingsSnapshotContribution? {
-        _ = context
-        return .copilot(context.settings.copilotSettingsSnapshot())
+        .copilot(context.settings.copilotSettingsSnapshot(tokenOverride: context.tokenOverride))
+    }
+
+    @MainActor
+    func loginMenuAction(context _: ProviderMenuLoginContext)
+        -> (label: String, action: MenuDescriptor.MenuAction)?
+    {
+        ("Add Account...", .addProviderAccount(.copilot))
     }
 
     @MainActor
     func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
         [
             ProviderSettingsFieldDescriptor(
-                id: "copilot-api-token",
+                id: "copilot-enterprise-host",
+                title: "Enterprise host",
+                subtitle: "Optional. Enter your GitHub Enterprise host, for example octocorp.ghe.com. Leave blank for github.com.",
+                kind: .plain,
+                placeholder: "github.com",
+                binding: context.stringBinding(\.copilotEnterpriseHost),
+                actions: [],
+                isVisible: nil,
+                onActivate: nil),
+            ProviderSettingsFieldDescriptor(
+                id: "copilot-add-account",
                 title: "GitHub Login",
-                subtitle: "Requires authentication via GitHub Device Flow.",
-                kind: .secure,
-                placeholder: "Sign in via button below",
-                binding: context.stringBinding(\.copilotAPIToken),
+                subtitle: "Add accounts via GitHub OAuth Device Flow on the selected host.",
+                kind: .plain,
+                placeholder: nil,
+                binding: .constant(""),
                 actions: [
                     ProviderSettingsActionDescriptor(
-                        id: "copilot-login",
-                        title: "Sign in with GitHub",
+                        id: "copilot-add-account-action",
+                        title: "Add Account",
                         style: .bordered,
-                        isVisible: { context.settings.copilotAPIToken.isEmpty },
-                        perform: {
-                            await CopilotLoginFlow.run(settings: context.settings)
-                        }),
-                    ProviderSettingsActionDescriptor(
-                        id: "copilot-relogin",
-                        title: "Sign in again",
-                        style: .link,
-                        isVisible: { !context.settings.copilotAPIToken.isEmpty },
+                        isVisible: { true },
                         perform: {
                             await CopilotLoginFlow.run(settings: context.settings)
                         }),
                 ],
                 isVisible: nil,
-                onActivate: { context.settings.ensureCopilotAPITokenLoaded() }),
+                onActivate: nil),
         ]
     }
 
diff --git a/Sources/CodexBar/Providers/Copilot/CopilotSettingsStore.swift b/Sources/CodexBar/Providers/Copilot/CopilotSettingsStore.swift
index c40a51f3d..38c875e8b 100644
--- a/Sources/CodexBar/Providers/Copilot/CopilotSettingsStore.swift
+++ b/Sources/CodexBar/Providers/Copilot/CopilotSettingsStore.swift
@@ -12,11 +12,30 @@ extension SettingsStore {
         }
     }
 
+    var copilotEnterpriseHost: String {
+        get { self.configSnapshot.providerConfig(for: .copilot)?.sanitizedEnterpriseHost ?? "" }
+        set {
+            self.updateProviderConfig(provider: .copilot) { entry in
+                entry.enterpriseHost = self.normalizedConfigValue(newValue)
+            }
+        }
+    }
+
     func ensureCopilotAPITokenLoaded() {}
 }
 
 extension SettingsStore {
-    func copilotSettingsSnapshot() -> ProviderSettingsSnapshot.CopilotProviderSettings {
-        ProviderSettingsSnapshot.CopilotProviderSettings()
+    func copilotSettingsSnapshot(
+        tokenOverride: TokenAccountOverride?) -> ProviderSettingsSnapshot.CopilotProviderSettings
+    {
+        let account = ProviderTokenAccountSelection.selectedAccount(
+            provider: .copilot,
+            settings: self,
+            override: tokenOverride)
+        let token = account?.token ?? self.copilotAPIToken
+        let host = CopilotDeviceFlow.normalizedHost(self.copilotEnterpriseHost)
+        return ProviderSettingsSnapshot.CopilotProviderSettings(
+            apiToken: self.normalizedConfigValue(token),
+            enterpriseHost: host == CopilotDeviceFlow.defaultHost ? nil : host)
     }
 }
diff --git a/Sources/CodexBar/Providers/Crof/CrofProviderImplementation.swift b/Sources/CodexBar/Providers/Crof/CrofProviderImplementation.swift
new file mode 100644
index 000000000..3e7165080
--- /dev/null
+++ b/Sources/CodexBar/Providers/Crof/CrofProviderImplementation.swift
@@ -0,0 +1,54 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderImplementationRegistration
+struct CrofProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .crof
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "api" }
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.crofAPIToken
+    }
+
+    @MainActor
+    func isAvailable(context: ProviderAvailabilityContext) -> Bool {
+        if CrofSettingsReader.apiKey(environment: context.environment) != nil {
+            return true
+        }
+        return !context.settings.crofAPIToken.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "crof-api-key",
+                title: "API key",
+                subtitle: "Stored in ~/.codexbar/config.json. You can also provide CROF_API_KEY.",
+                kind: .secure,
+                placeholder: "crof_...",
+                binding: context.stringBinding(\.crofAPIToken),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "crof-open-dashboard",
+                        title: "Open Crof dashboard",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            if let url = URL(string: "https://crof.ai/dashboard") {
+                                NSWorkspace.shared.open(url)
+                            }
+                        }),
+                ],
+                isVisible: nil,
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/Crof/CrofSettingsStore.swift b/Sources/CodexBar/Providers/Crof/CrofSettingsStore.swift
new file mode 100644
index 000000000..86c152ea0
--- /dev/null
+++ b/Sources/CodexBar/Providers/Crof/CrofSettingsStore.swift
@@ -0,0 +1,14 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var crofAPIToken: String {
+        get { self.configSnapshot.providerConfig(for: .crof)?.sanitizedAPIKey ?? "" }
+        set {
+            self.updateProviderConfig(provider: .crof) { entry in
+                entry.apiKey = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .crof, field: "apiKey", value: newValue)
+        }
+    }
+}
diff --git a/Sources/CodexBar/Providers/Cursor/CursorLoginFlow.swift b/Sources/CodexBar/Providers/Cursor/CursorLoginFlow.swift
index ff65fb539..04f75022d 100644
--- a/Sources/CodexBar/Providers/Cursor/CursorLoginFlow.swift
+++ b/Sources/CodexBar/Providers/Cursor/CursorLoginFlow.swift
@@ -4,14 +4,12 @@ import CodexBarCore
 extension StatusItemController {
     func runCursorLoginFlow() async {
         let cursorRunner = CursorLoginRunner(browserDetection: self.store.browserDetection)
-        let phaseHandler: @Sendable (CursorLoginRunner.Phase) -> Void = { [weak self] phase in
-            Task { @MainActor in
-                switch phase {
-                case .loading, .waitingLogin:
-                    self?.loginPhase = .waitingBrowser
-                case .success, .failed:
-                    self?.loginPhase = .idle
-                }
+        let phaseHandler: @MainActor (CursorLoginRunner.Phase) -> Void = { [weak self] phase in
+            switch phase {
+            case .loading, .waitingLogin:
+                self?.loginPhase = .waitingBrowser
+            case .success, .failed:
+                self?.loginPhase = .idle
             }
         }
         let result = await cursorRunner.run(onPhaseChange: phaseHandler)
diff --git a/Sources/CodexBar/Providers/Cursor/CursorProviderImplementation.swift b/Sources/CodexBar/Providers/Cursor/CursorProviderImplementation.swift
index 48db614f9..a8638af89 100644
--- a/Sources/CodexBar/Providers/Cursor/CursorProviderImplementation.swift
+++ b/Sources/CodexBar/Providers/Cursor/CursorProviderImplementation.swift
@@ -94,9 +94,9 @@ struct CursorProviderImplementation: ProviderImplementation {
         let used = UsageFormatter.currencyString(cost.used, currencyCode: cost.currencyCode)
         if cost.limit > 0 {
             let limitStr = UsageFormatter.currencyString(cost.limit, currencyCode: cost.currencyCode)
-            entries.append(.text("On-Demand: \(used) / \(limitStr)", .primary))
+            entries.append(.text(String(format: L("cursor_on_demand_with_limit"), used, limitStr), .primary))
         } else {
-            entries.append(.text("On-Demand: \(used)", .primary))
+            entries.append(.text(String(format: L("cursor_on_demand"), used), .primary))
         }
     }
 }
diff --git a/Sources/CodexBar/Providers/DeepSeek/DeepSeekProviderImplementation.swift b/Sources/CodexBar/Providers/DeepSeek/DeepSeekProviderImplementation.swift
new file mode 100644
index 000000000..e72ec76f0
--- /dev/null
+++ b/Sources/CodexBar/Providers/DeepSeek/DeepSeekProviderImplementation.swift
@@ -0,0 +1,29 @@
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderImplementationRegistration
+struct DeepSeekProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .deepseek
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "api" }
+    }
+
+    @MainActor
+    func observeSettings(_: SettingsStore) {}
+
+    @MainActor
+    func isAvailable(context: ProviderAvailabilityContext) -> Bool {
+        if DeepSeekSettingsReader.apiKey(environment: context.environment) != nil {
+            return true
+        }
+        return !context.settings.tokenAccounts(for: .deepseek).isEmpty
+    }
+
+    @MainActor
+    func settingsFields(context _: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        []
+    }
+}
diff --git a/Sources/CodexBar/Providers/Deepgram/DeepgramProviderImplementation.swift b/Sources/CodexBar/Providers/Deepgram/DeepgramProviderImplementation.swift
new file mode 100644
index 000000000..54616537c
--- /dev/null
+++ b/Sources/CodexBar/Providers/Deepgram/DeepgramProviderImplementation.swift
@@ -0,0 +1,53 @@
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderImplementationRegistration
+struct DeepgramProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .deepgram
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "api" }
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.deepgramAPIKey
+        _ = settings.deepgramProjectID
+    }
+
+    @MainActor
+    func isAvailable(context: ProviderAvailabilityContext) -> Bool {
+        if DeepgramSettingsReader.apiKey(environment: context.environment) != nil {
+            return true
+        }
+        return !context.settings.deepgramAPIKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "deepgram-api-key",
+                title: "API key",
+                subtitle: "Stored in ~/.codexbar/config.json. Get your key from console.deepgram.com.",
+                kind: .secure,
+                placeholder: "dg_...",
+                binding: context.stringBinding(\.deepgramAPIKey),
+                actions: [],
+                isVisible: nil,
+                onActivate: nil),
+            ProviderSettingsFieldDescriptor(
+                id: "deepgram-project-id",
+                title: "Project ID",
+                subtitle: "Optional. Leave blank to discover and aggregate projects visible to the API key.",
+                kind: .plain,
+                placeholder: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+                binding: context.stringBinding(\.deepgramProjectID),
+                actions: [],
+                isVisible: nil,
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/Deepgram/DeepgramSettingsStore.swift b/Sources/CodexBar/Providers/Deepgram/DeepgramSettingsStore.swift
new file mode 100644
index 000000000..e3588596d
--- /dev/null
+++ b/Sources/CodexBar/Providers/Deepgram/DeepgramSettingsStore.swift
@@ -0,0 +1,27 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var deepgramAPIKey: String {
+        get {
+            self.configSnapshot.providerConfig(for: .deepgram)?.sanitizedAPIKey ?? ""
+        }
+        set {
+            self.updateProviderConfig(provider: .deepgram) { entry in
+                entry.apiKey = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .deepgram, field: "apiKey", value: newValue)
+        }
+    }
+
+    var deepgramProjectID: String {
+        get {
+            self.configSnapshot.providerConfig(for: .deepgram)?.sanitizedWorkspaceID ?? ""
+        }
+        set {
+            self.updateProviderConfig(provider: .deepgram) { entry in
+                entry.workspaceID = self.normalizedConfigValue(newValue)
+            }
+        }
+    }
+}
diff --git a/Sources/CodexBar/Providers/Doubao/DoubaoProviderImplementation.swift b/Sources/CodexBar/Providers/Doubao/DoubaoProviderImplementation.swift
new file mode 100644
index 000000000..fe974bed8
--- /dev/null
+++ b/Sources/CodexBar/Providers/Doubao/DoubaoProviderImplementation.swift
@@ -0,0 +1,42 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderImplementationRegistration
+struct DoubaoProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .doubao
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.doubaoAPIToken
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "doubao-api-token",
+                title: "API key",
+                subtitle: "Stored in ~/.codexbar/config.json. Get your API key from the Volcengine "
+                    + "Ark console.",
+                kind: .secure,
+                placeholder: "ark-...",
+                binding: context.stringBinding(\.doubaoAPIToken),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "doubao-open-dashboard",
+                        title: "Open Volcengine Ark Console",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            if let url = URL(string: "https://console.volcengine.com/ark/") {
+                                NSWorkspace.shared.open(url)
+                            }
+                        }),
+                ],
+                isVisible: nil,
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/Doubao/DoubaoSettingsStore.swift b/Sources/CodexBar/Providers/Doubao/DoubaoSettingsStore.swift
new file mode 100644
index 000000000..4d69a273f
--- /dev/null
+++ b/Sources/CodexBar/Providers/Doubao/DoubaoSettingsStore.swift
@@ -0,0 +1,14 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var doubaoAPIToken: String {
+        get { self.configSnapshot.providerConfig(for: .doubao)?.sanitizedAPIKey ?? "" }
+        set {
+            self.updateProviderConfig(provider: .doubao) { entry in
+                entry.apiKey = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .doubao, field: "apiKey", value: newValue)
+        }
+    }
+}
diff --git a/Sources/CodexBar/Providers/ElevenLabs/ElevenLabsProviderImplementation.swift b/Sources/CodexBar/Providers/ElevenLabs/ElevenLabsProviderImplementation.swift
new file mode 100644
index 000000000..d6b4c285e
--- /dev/null
+++ b/Sources/CodexBar/Providers/ElevenLabs/ElevenLabsProviderImplementation.swift
@@ -0,0 +1,45 @@
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderImplementationRegistration
+struct ElevenLabsProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .elevenlabs
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "api" }
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.elevenLabsAPIKey
+    }
+
+    @MainActor
+    func isAvailable(context: ProviderAvailabilityContext) -> Bool {
+        if ElevenLabsSettingsReader.apiKey(environment: context.environment) != nil {
+            return true
+        }
+        if !context.settings.elevenLabsAPIKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty {
+            return true
+        }
+        return !context.settings.tokenAccounts(for: .elevenlabs).isEmpty
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "elevenlabs-api-key",
+                title: "API key",
+                subtitle: "Stored in ~/.codexbar/config.json. Get your key from elevenlabs.io/app/settings/api-keys.",
+                kind: .secure,
+                placeholder: "xi-...",
+                binding: context.stringBinding(\.elevenLabsAPIKey),
+                actions: [],
+                isVisible: nil,
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/ElevenLabs/ElevenLabsSettingsStore.swift b/Sources/CodexBar/Providers/ElevenLabs/ElevenLabsSettingsStore.swift
new file mode 100644
index 000000000..4ebdc787f
--- /dev/null
+++ b/Sources/CodexBar/Providers/ElevenLabs/ElevenLabsSettingsStore.swift
@@ -0,0 +1,14 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var elevenLabsAPIKey: String {
+        get { self.configSnapshot.providerConfig(for: .elevenlabs)?.sanitizedAPIKey ?? "" }
+        set {
+            self.updateProviderConfig(provider: .elevenlabs) { entry in
+                entry.apiKey = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .elevenlabs, field: "apiKey", value: newValue)
+        }
+    }
+}
diff --git a/Sources/CodexBar/Providers/Factory/FactoryProviderImplementation.swift b/Sources/CodexBar/Providers/Factory/FactoryProviderImplementation.swift
index d8d2d2024..3df11a941 100644
--- a/Sources/CodexBar/Providers/Factory/FactoryProviderImplementation.swift
+++ b/Sources/CodexBar/Providers/Factory/FactoryProviderImplementation.swift
@@ -49,7 +49,7 @@ struct FactoryProviderImplementation: ProviderImplementation {
                 source: context.settings.factoryCookieSource,
                 keychainDisabled: context.settings.debugDisableKeychainAccess,
                 auto: "Automatic imports browser cookies and WorkOS tokens.",
-                manual: "Paste a Cookie header from app.factory.ai.",
+                manual: "Paste a Cookie or Authorization header from app.factory.ai.",
                 off: "Factory cookies are disabled.")
         }
 
@@ -82,4 +82,22 @@ struct FactoryProviderImplementation: ProviderImplementation {
         await context.controller.runFactoryLoginFlow()
         return true
     }
+
+    @MainActor
+    func loginMenuAction(context _: ProviderMenuLoginContext)
+        -> (label: String, action: MenuDescriptor.MenuAction)?
+    {
+        ("Open Droid in Browser...", .loginToProvider(url: "https://app.factory.ai"))
+    }
+
+    @MainActor
+    func appendUsageMenuEntries(context: ProviderMenuUsageContext, entries: inout [ProviderMenuEntry]) {
+        guard context.settings.showOptionalCreditsAndExtraUsage,
+              let cost = context.snapshot?.providerCost,
+              cost.period == "Extra usage balance"
+        else { return }
+
+        let balance = UsageFormatter.currencyString(cost.used, currencyCode: cost.currencyCode)
+        entries.append(.text(L("Extra usage balance: %@", balance), .primary))
+    }
 }
diff --git a/Sources/CodexBar/Providers/Grok/GrokProviderImplementation.swift b/Sources/CodexBar/Providers/Grok/GrokProviderImplementation.swift
new file mode 100644
index 000000000..e37cd9bb0
--- /dev/null
+++ b/Sources/CodexBar/Providers/Grok/GrokProviderImplementation.swift
@@ -0,0 +1,8 @@
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderImplementationRegistration
+struct GrokProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .grok
+}
diff --git a/Sources/CodexBar/Providers/Groq/GroqProviderImplementation.swift b/Sources/CodexBar/Providers/Groq/GroqProviderImplementation.swift
new file mode 100644
index 000000000..e07a5aa3a
--- /dev/null
+++ b/Sources/CodexBar/Providers/Groq/GroqProviderImplementation.swift
@@ -0,0 +1,40 @@
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderImplementationRegistration
+struct GroqProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .groq
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "metrics" }
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.groqAPIKey
+    }
+
+    @MainActor
+    func isAvailable(context: ProviderAvailabilityContext) -> Bool {
+        ProviderTokenResolver.groqToken(environment: context.environment) != nil ||
+            !context.settings.groqAPIKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "groq-api-key",
+                title: "API key",
+                subtitle: "Stored in ~/.codexbar/config.json. Metrics require Groq Enterprise Prometheus access.",
+                kind: .secure,
+                placeholder: "gsk_...",
+                binding: context.stringBinding(\.groqAPIKey),
+                actions: [],
+                isVisible: nil,
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/Groq/GroqSettingsStore.swift b/Sources/CodexBar/Providers/Groq/GroqSettingsStore.swift
new file mode 100644
index 000000000..61f1113d6
--- /dev/null
+++ b/Sources/CodexBar/Providers/Groq/GroqSettingsStore.swift
@@ -0,0 +1,16 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var groqAPIKey: String {
+        get {
+            self.configSnapshot.providerConfig(for: .groq)?.sanitizedAPIKey ?? ""
+        }
+        set {
+            self.updateProviderConfig(provider: .groq) { entry in
+                entry.apiKey = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .groq, field: "apiKey", value: newValue)
+        }
+    }
+}
diff --git a/Sources/CodexBar/Providers/JetBrains/JetBrainsLoginFlow.swift b/Sources/CodexBar/Providers/JetBrains/JetBrainsLoginFlow.swift
index bfb92438e..e188c04bb 100644
--- a/Sources/CodexBar/Providers/JetBrains/JetBrainsLoginFlow.swift
+++ b/Sources/CodexBar/Providers/JetBrains/JetBrainsLoginFlow.swift
@@ -1,4 +1,5 @@
 import CodexBarCore
+import Foundation
 
 @MainActor
 extension StatusItemController {
@@ -17,10 +18,10 @@ extension StatusItemController {
             let ideNames = detectedIDEs.prefix(3).map(\.displayName).joined(separator: ", ")
             let hasQuotaFile = !JetBrainsIDEDetector.detectInstalledIDEs().isEmpty
             let message = hasQuotaFile
-                ? "Detected: \(ideNames). Select your preferred IDE in Settings, then refresh CodexBar."
-                : "Detected: \(ideNames). Use AI Assistant once to generate quota data, then refresh CodexBar."
+                ? String(format: L("jetbrains_detected_select"), ideNames)
+                : String(format: L("jetbrains_detected_generate"), ideNames)
             self.presentLoginAlert(
-                title: "JetBrains AI is ready",
+                title: L("JetBrains AI is ready"),
                 message: message)
         }
     }
diff --git a/Sources/CodexBar/Providers/Kilo/KiloProviderImplementation.swift b/Sources/CodexBar/Providers/Kilo/KiloProviderImplementation.swift
index e2bdb3cfa..792830fbd 100644
--- a/Sources/CodexBar/Providers/Kilo/KiloProviderImplementation.swift
+++ b/Sources/CodexBar/Providers/Kilo/KiloProviderImplementation.swift
@@ -84,4 +84,86 @@ struct KiloProviderImplementation: ProviderImplementation {
                 onActivate: nil),
         ]
     }
+
+    @MainActor
+    func settingsOrganizations(
+        context: ProviderSettingsContext) -> ProviderSettingsOrganizationsDescriptor?
+    {
+        let settings = context.settings
+        let store = context.store
+        return ProviderSettingsOrganizationsDescriptor(
+            id: "kilo-organizations",
+            title: "Organizations",
+            subtitle: "Show usage for organizations you belong to. Personal account is always shown.",
+            entries: {
+                var entries: [ProviderSettingsOrganizationsDescriptor.Entry] = [
+                    .init(
+                        id: "personal",
+                        title: "Personal account",
+                        subtitle: nil,
+                        isEnabled: true,
+                        isLocked: true),
+                ]
+                for org in settings.kiloKnownOrganizations {
+                    entries.append(
+                        .init(
+                            id: org.id,
+                            title: org.name,
+                            subtitle: org.role,
+                            localizesTitle: false,
+                            localizesSubtitle: false,
+                            isEnabled: settings.kiloIsOrganizationEnabled(org.id),
+                            isLocked: false))
+                }
+                return entries
+            },
+            onToggle: { orgID, enabled in
+                guard orgID != "personal" else { return }
+                settings.setKiloOrganization(orgID, enabled: enabled)
+                Task { @MainActor in
+                    await ProviderInteractionContext.$current.withValue(.userInitiated) {
+                        await store.refreshProvider(.kilo, allowDisabled: true)
+                    }
+                }
+            },
+            onRefresh: { [weak settings] in
+                guard let settings else {
+                    return .init(success: false, errorMessage: "Settings unavailable.")
+                }
+                let resolved: KiloResolvedBearerToken
+                do {
+                    resolved = try KiloBearerTokenResolver.resolve(
+                        source: settings.kiloUsageDataSource,
+                        apiKey: settings.configSnapshot.providerConfig(for: .kilo)?.sanitizedAPIKey)
+                } catch let error as LocalizedError {
+                    return .init(
+                        success: false,
+                        errorMessage: error.errorDescription ?? "Failed to resolve Kilo credentials.")
+                } catch {
+                    return .init(success: false, errorMessage: error.localizedDescription)
+                }
+                do {
+                    let orgs = try await KiloUsageFetcher.fetchOrganizations(apiKey: resolved.token)
+                    await MainActor.run {
+                        settings.setKiloKnownOrganizationsPruningEnabled(orgs)
+                    }
+                    return .init(success: true, errorMessage: nil)
+                } catch let error as LocalizedError {
+                    return .init(
+                        success: false,
+                        errorMessage: error.errorDescription ?? "Failed to load organizations.")
+                } catch {
+                    return .init(success: false, errorMessage: error.localizedDescription)
+                }
+            },
+            canRefresh: {
+                switch settings.kiloUsageDataSource {
+                case .api:
+                    !settings.kiloAPIToken.isEmpty
+                        || !(ProcessInfo.processInfo.environment[KiloSettingsReader.apiTokenKey] ?? "").isEmpty
+                case .cli, .auto:
+                    true
+                }
+            })
+    }
 }
diff --git a/Sources/CodexBar/Providers/Kilo/KiloSettingsStore.swift b/Sources/CodexBar/Providers/Kilo/KiloSettingsStore.swift
index d900bf4dc..50fc27912 100644
--- a/Sources/CodexBar/Providers/Kilo/KiloSettingsStore.swift
+++ b/Sources/CodexBar/Providers/Kilo/KiloSettingsStore.swift
@@ -73,3 +73,70 @@ extension SettingsStore {
         }
     }
 }
+
+extension SettingsStore {
+    var kiloKnownOrganizations: [KiloOrganization] {
+        get { self.configSnapshot.providerConfig(for: .kilo)?.kiloKnownOrganizations ?? [] }
+        set {
+            self.updateProviderConfig(provider: .kilo) { entry in
+                entry.kiloKnownOrganizations = newValue.isEmpty ? nil : newValue
+            }
+        }
+    }
+
+    var kiloEnabledOrganizationIDs: [String] {
+        get { self.configSnapshot.providerConfig(for: .kilo)?.kiloEnabledOrganizationIDs ?? [] }
+        set {
+            let cleaned = Array(KiloOrgIDLinkedHashSet(newValue
+                    .map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
+                    .filter { !$0.isEmpty }))
+            self.updateProviderConfig(provider: .kilo) { entry in
+                entry.kiloEnabledOrganizationIDs = cleaned.isEmpty ? nil : cleaned
+            }
+            self.logProviderModeChange(
+                provider: .kilo,
+                field: "enabledOrganizations",
+                value: cleaned.joined(separator: ","))
+        }
+    }
+
+    func setKiloKnownOrganizationsPruningEnabled(_ orgs: [KiloOrganization]) {
+        self.kiloKnownOrganizations = orgs
+        let validIDs = Set(orgs.map(\.id))
+        let pruned = self.kiloEnabledOrganizationIDs.filter { validIDs.contains($0) }
+        if pruned != self.kiloEnabledOrganizationIDs {
+            self.kiloEnabledOrganizationIDs = pruned
+        }
+    }
+
+    func kiloIsOrganizationEnabled(_ orgID: String) -> Bool {
+        self.kiloEnabledOrganizationIDs.contains(orgID)
+    }
+
+    func setKiloOrganization(_ orgID: String, enabled: Bool) {
+        var current = self.kiloEnabledOrganizationIDs
+        if enabled {
+            guard !current.contains(orgID) else { return }
+            current.append(orgID)
+        } else {
+            current.removeAll { $0 == orgID }
+        }
+        self.kiloEnabledOrganizationIDs = current
+    }
+}
+
+/// Small order-preserving set used to dedupe enabled IDs without sorting.
+private struct KiloOrgIDLinkedHashSet<Element: Hashable>: Sequence {
+    private var seen: Set<Element> = []
+    private var ordered: [Element] = []
+
+    init(_ sequence: some Sequence<Element>) {
+        for element in sequence where self.seen.insert(element).inserted {
+            self.ordered.append(element)
+        }
+    }
+
+    func makeIterator() -> IndexingIterator<[Element]> {
+        self.ordered.makeIterator()
+    }
+}
diff --git a/Sources/CodexBar/Providers/Kilo/UsageStore+KiloOrgRefresh.swift b/Sources/CodexBar/Providers/Kilo/UsageStore+KiloOrgRefresh.swift
new file mode 100644
index 000000000..ed1f7129e
--- /dev/null
+++ b/Sources/CodexBar/Providers/Kilo/UsageStore+KiloOrgRefresh.swift
@@ -0,0 +1,131 @@
+import CodexBarCore
+import Foundation
+
+struct KiloScopeSnapshot: Identifiable, Equatable {
+    let id: String // KiloUsageScope.scopeIdentifier
+    let scope: KiloUsageScope
+    let snapshot: UsageSnapshot?
+    let errorMessage: String?
+    let sourceLabel: String?
+
+    static func == (lhs: KiloScopeSnapshot, rhs: KiloScopeSnapshot) -> Bool {
+        lhs.id == rhs.id
+            && lhs.snapshot?.updatedAt == rhs.snapshot?.updatedAt
+            && lhs.errorMessage == rhs.errorMessage
+            && lhs.sourceLabel == rhs.sourceLabel
+    }
+}
+
+extension UsageStore {
+    var kiloEnabledScopes: [KiloUsageScope] {
+        var scopes: [KiloUsageScope] = [.personal]
+        let enabled = self.settings.kiloEnabledOrganizationIDs
+        guard !enabled.isEmpty else { return scopes }
+        let knownByID = Dictionary(
+            uniqueKeysWithValues: self.settings.kiloKnownOrganizations.map { ($0.id, $0) })
+        for id in enabled {
+            if let org = knownByID[id] {
+                scopes.append(.organization(id: org.id, name: org.name))
+            }
+        }
+        return scopes
+    }
+
+    func shouldFanOutKiloScopes() -> Bool {
+        self.kiloEnabledScopes.count > 1
+    }
+
+    func refreshKiloScopes() async {
+        let scopes = self.kiloEnabledScopes
+        guard scopes.count > 1 else {
+            await MainActor.run { self.kiloScopeSnapshots = [] }
+            return
+        }
+        let env = ProcessInfo.processInfo.environment
+        let resolved: KiloResolvedBearerToken
+        do {
+            resolved = try KiloBearerTokenResolver.resolve(
+                source: self.settings.kiloUsageDataSource,
+                apiKey: self.settings.configSnapshot.providerConfig(for: .kilo)?.sanitizedAPIKey,
+                environment: env)
+        } catch {
+            let message = (error as? LocalizedError)?.errorDescription
+                ?? error.localizedDescription
+            await MainActor.run {
+                self.kiloScopeSnapshots = scopes.map {
+                    KiloScopeSnapshot(
+                        id: $0.scopeIdentifier,
+                        scope: $0,
+                        snapshot: nil,
+                        errorMessage: message,
+                        sourceLabel: nil)
+                }
+            }
+            return
+        }
+
+        let results: [KiloScopeSnapshot] = await withTaskGroup(of: KiloScopeSnapshot.self) { group in
+            for scope in scopes {
+                group.addTask {
+                    do {
+                        let raw = try await KiloUsageFetcher.fetchUsage(
+                            apiKey: resolved.token,
+                            scope: scope,
+                            environment: env)
+                        let snapshot = raw.toUsageSnapshot()
+                            .withAccountOrganization(scope.displayName)
+                        return KiloScopeSnapshot(
+                            id: scope.scopeIdentifier,
+                            scope: scope,
+                            snapshot: snapshot,
+                            errorMessage: nil,
+                            sourceLabel: resolved.sourceLabel)
+                    } catch {
+                        return KiloScopeSnapshot(
+                            id: scope.scopeIdentifier,
+                            scope: scope,
+                            snapshot: nil,
+                            errorMessage: (error as? LocalizedError)?.errorDescription
+                                ?? error.localizedDescription,
+                            sourceLabel: nil)
+                    }
+                }
+            }
+            var collected: [KiloScopeSnapshot] = []
+            for await result in group {
+                collected.append(result)
+            }
+            return collected
+        }
+
+        let resultByID = Dictionary(uniqueKeysWithValues: results.map { ($0.id, $0) })
+        let ordered = scopes.compactMap { resultByID[$0.scopeIdentifier] }
+
+        await MainActor.run {
+            self.kiloScopeSnapshots = ordered
+        }
+    }
+}
+
+extension UsageSnapshot {
+    fileprivate func withAccountOrganization(_ org: String) -> UsageSnapshot {
+        let baseIdentity = self.identity
+        let newIdentity = ProviderIdentitySnapshot(
+            providerID: baseIdentity?.providerID ?? .kilo,
+            accountEmail: baseIdentity?.accountEmail,
+            accountOrganization: org,
+            loginMethod: baseIdentity?.loginMethod)
+        return UsageSnapshot(
+            primary: self.primary,
+            secondary: self.secondary,
+            tertiary: self.tertiary,
+            extraRateWindows: self.extraRateWindows,
+            providerCost: self.providerCost,
+            zaiUsage: self.zaiUsage,
+            minimaxUsage: self.minimaxUsage,
+            openRouterUsage: self.openRouterUsage,
+            cursorRequests: self.cursorRequests,
+            updatedAt: self.updatedAt,
+            identity: newIdentity)
+    }
+}
diff --git a/Sources/CodexBar/Providers/KimiK2/KimiK2ProviderImplementation.swift b/Sources/CodexBar/Providers/KimiK2/KimiK2ProviderImplementation.swift
index 9209bba71..07c643c23 100644
--- a/Sources/CodexBar/Providers/KimiK2/KimiK2ProviderImplementation.swift
+++ b/Sources/CodexBar/Providers/KimiK2/KimiK2ProviderImplementation.swift
@@ -18,18 +18,18 @@ struct KimiK2ProviderImplementation: ProviderImplementation {
             ProviderSettingsFieldDescriptor(
                 id: "kimi-k2-api-token",
                 title: "API key",
-                subtitle: "Stored in ~/.codexbar/config.json. Generate one at kimi-k2.ai.",
+                subtitle: "Stored in ~/.codexbar/config.json. For the official Kimi API, use Moonshot / Kimi API.",
                 kind: .secure,
                 placeholder: "Paste API key…",
                 binding: context.stringBinding(\.kimiK2APIToken),
                 actions: [
                     ProviderSettingsActionDescriptor(
                         id: "kimi-k2-open-api-keys",
-                        title: "Open API Keys",
+                        title: "Open legacy provider docs",
                         style: .link,
                         isVisible: nil,
                         perform: {
-                            if let url = URL(string: "https://kimi-k2.ai/user-center/api-keys") {
+                            if let url = URL(string: "https://github.com/steipete/CodexBar/blob/main/docs/kimi-k2.md") {
                                 NSWorkspace.shared.open(url)
                             }
                         }),
diff --git a/Sources/CodexBar/Providers/Kiro/KiroProviderImplementation.swift b/Sources/CodexBar/Providers/Kiro/KiroProviderImplementation.swift
index e54bc4290..170adeeeb 100644
--- a/Sources/CodexBar/Providers/Kiro/KiroProviderImplementation.swift
+++ b/Sources/CodexBar/Providers/Kiro/KiroProviderImplementation.swift
@@ -1,8 +1,29 @@
 import CodexBarCore
 import CodexBarMacroSupport
 import Foundation
+import SwiftUI
 
 @ProviderImplementationRegistration
 struct KiroProviderImplementation: ProviderImplementation {
     let id: UsageProvider = .kiro
+
+    func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        [
+            ProviderSettingsPickerDescriptor(
+                id: "kiroMenuBarDisplay",
+                title: "Kiro menu bar value",
+                subtitle: "Show or hide Kiro credits, percent, or both next to the menu bar icon.",
+                binding: Binding(
+                    get: { context.settings.kiroMenuBarDisplayMode.rawValue },
+                    set: { rawValue in
+                        guard let mode = KiroMenuBarDisplayMode(rawValue: rawValue) else { return }
+                        context.settings.kiroMenuBarDisplayMode = mode
+                    }),
+                options: KiroMenuBarDisplayMode.allCases.map {
+                    ProviderSettingsPickerOption(id: $0.rawValue, title: $0.label)
+                },
+                isVisible: { true },
+                onChange: nil),
+        ]
+    }
 }
diff --git a/Sources/CodexBar/Providers/LLMProxy/LLMProxyProviderImplementation.swift b/Sources/CodexBar/Providers/LLMProxy/LLMProxyProviderImplementation.swift
new file mode 100644
index 000000000..3d9f386cd
--- /dev/null
+++ b/Sources/CodexBar/Providers/LLMProxy/LLMProxyProviderImplementation.swift
@@ -0,0 +1,51 @@
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderImplementationRegistration
+struct LLMProxyProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .llmproxy
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "api" }
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.llmProxyAPIKey
+        _ = settings.llmProxyBaseURL
+    }
+
+    @MainActor
+    func isAvailable(context: ProviderAvailabilityContext) -> Bool {
+        ProviderTokenResolver.llmProxyToken(environment: context.environment) != nil &&
+            LLMProxySettingsReader.baseURL(environment: context.environment) != nil
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "llmproxy-api-key",
+                title: "API key",
+                subtitle: "Stored in ~/.codexbar/config.json. Used for /v1/quota-stats.",
+                kind: .secure,
+                placeholder: "proxy key…",
+                binding: context.stringBinding(\.llmProxyAPIKey),
+                actions: [],
+                isVisible: nil,
+                onActivate: nil),
+            ProviderSettingsFieldDescriptor(
+                id: "llmproxy-base-url",
+                title: "Base URL",
+                subtitle: "Base URL for the LLM-API-Key-Proxy instance.",
+                kind: .plain,
+                placeholder: "https://proxy.example.com",
+                binding: context.stringBinding(\.llmProxyBaseURL),
+                actions: [],
+                isVisible: nil,
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/LLMProxy/LLMProxySettingsStore.swift b/Sources/CodexBar/Providers/LLMProxy/LLMProxySettingsStore.swift
new file mode 100644
index 000000000..96b52e467
--- /dev/null
+++ b/Sources/CodexBar/Providers/LLMProxy/LLMProxySettingsStore.swift
@@ -0,0 +1,27 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var llmProxyAPIKey: String {
+        get {
+            self.configSnapshot.providerConfig(for: .llmproxy)?.sanitizedAPIKey ?? ""
+        }
+        set {
+            self.updateProviderConfig(provider: .llmproxy) { entry in
+                entry.apiKey = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .llmproxy, field: "apiKey", value: newValue)
+        }
+    }
+
+    var llmProxyBaseURL: String {
+        get {
+            self.configSnapshot.providerConfig(for: .llmproxy)?.sanitizedEnterpriseHost ?? ""
+        }
+        set {
+            self.updateProviderConfig(provider: .llmproxy) { entry in
+                entry.enterpriseHost = self.normalizedConfigValue(newValue)
+            }
+        }
+    }
+}
diff --git a/Sources/CodexBar/Providers/Manus/ManusProviderImplementation.swift b/Sources/CodexBar/Providers/Manus/ManusProviderImplementation.swift
new file mode 100644
index 000000000..873ffca56
--- /dev/null
+++ b/Sources/CodexBar/Providers/Manus/ManusProviderImplementation.swift
@@ -0,0 +1,109 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+import SwiftUI
+
+@ProviderImplementationRegistration
+struct ManusProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .manus
+    let supportsLoginFlow: Bool = true
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "web" }
+    }
+
+    @MainActor
+    func runLoginFlow(context _: ProviderLoginContext) async -> Bool {
+        if let url = URL(string: "https://manus.im") {
+            NSWorkspace.shared.open(url)
+        }
+        return false
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.manusCookieSource
+        _ = settings.manusManualCookieHeader
+    }
+
+    @MainActor
+    func settingsSnapshot(context: ProviderSettingsSnapshotContext) -> ProviderSettingsSnapshotContribution? {
+        .manus(context.settings.manusSettingsSnapshot(tokenOverride: context.tokenOverride))
+    }
+
+    @MainActor
+    func tokenAccountsVisibility(context: ProviderSettingsContext, support: TokenAccountSupport) -> Bool {
+        guard support.requiresManualCookieSource else { return true }
+        if !context.settings.tokenAccounts(for: context.provider).isEmpty { return true }
+        return context.settings.manusCookieSource == .manual
+    }
+
+    @MainActor
+    func applyTokenAccountCookieSource(settings: SettingsStore) {
+        if settings.manusCookieSource != .manual {
+            settings.manusCookieSource = .manual
+        }
+    }
+
+    @MainActor
+    func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        let cookieBinding = Binding(
+            get: { context.settings.manusCookieSource.rawValue },
+            set: { raw in
+                context.settings.manusCookieSource = ProviderCookieSource(rawValue: raw) ?? .auto
+            })
+        let options = ProviderCookieSourceUI.options(
+            allowsOff: true,
+            keychainDisabled: context.settings.debugDisableKeychainAccess)
+
+        let subtitle: () -> String? = {
+            ProviderCookieSourceUI.subtitle(
+                source: context.settings.manusCookieSource,
+                keychainDisabled: context.settings.debugDisableKeychainAccess,
+                auto: "Automatically imports browser session cookies.",
+                manual: "Paste the session_id value or a full Cookie header.",
+                off: "Manus cookies are disabled.")
+        }
+
+        return [
+            ProviderSettingsPickerDescriptor(
+                id: "manus-cookie-source",
+                title: "Cookie source",
+                subtitle: "Automatically imports browser session cookies.",
+                dynamicSubtitle: subtitle,
+                binding: cookieBinding,
+                options: options,
+                isVisible: nil,
+                onChange: nil),
+        ]
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "manus-cookie",
+                title: "",
+                subtitle: "",
+                kind: .secure,
+                placeholder: "session_id=...\n\nor paste just the session_id value",
+                binding: context.stringBinding(\.manusManualCookieHeader),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "manus-open-dashboard",
+                        title: "Open Manus",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            if let url = URL(string: "https://manus.im") {
+                                NSWorkspace.shared.open(url)
+                            }
+                        }),
+                ],
+                isVisible: { context.settings.manusCookieSource == .manual },
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/Manus/ManusSettingsStore.swift b/Sources/CodexBar/Providers/Manus/ManusSettingsStore.swift
new file mode 100644
index 000000000..1b4573a1b
--- /dev/null
+++ b/Sources/CodexBar/Providers/Manus/ManusSettingsStore.swift
@@ -0,0 +1,60 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var manusManualCookieHeader: String {
+        get { self.configSnapshot.providerConfig(for: .manus)?.sanitizedCookieHeader ?? "" }
+        set {
+            self.updateProviderConfig(provider: .manus) { entry in
+                entry.cookieHeader = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .manus, field: "cookieHeader", value: newValue)
+        }
+    }
+
+    var manusCookieSource: ProviderCookieSource {
+        get { self.resolvedCookieSource(provider: .manus, fallback: .auto) }
+        set {
+            self.updateProviderConfig(provider: .manus) { entry in
+                entry.cookieSource = newValue
+            }
+            self.logProviderModeChange(provider: .manus, field: "cookieSource", value: newValue.rawValue)
+        }
+    }
+}
+
+extension SettingsStore {
+    func manusSettingsSnapshot(tokenOverride: TokenAccountOverride?) -> ProviderSettingsSnapshot.ManusProviderSettings {
+        ProviderSettingsSnapshot.ManusProviderSettings(
+            cookieSource: self.manusSnapshotCookieSource(tokenOverride: tokenOverride),
+            manualCookieHeader: self.manusSnapshotCookieHeader(tokenOverride: tokenOverride))
+    }
+
+    private func manusSnapshotCookieHeader(tokenOverride: TokenAccountOverride?) -> String {
+        let fallback = self.manusManualCookieHeader
+        guard let support = TokenAccountSupportCatalog.support(for: .manus),
+              case .cookieHeader = support.injection
+        else {
+            return fallback
+        }
+        guard let account = ProviderTokenAccountSelection.selectedAccount(
+            provider: .manus,
+            settings: self,
+            override: tokenOverride)
+        else {
+            return fallback
+        }
+        return TokenAccountSupportCatalog.normalizedCookieHeader(account.token, support: support)
+    }
+
+    private func manusSnapshotCookieSource(tokenOverride: TokenAccountOverride?) -> ProviderCookieSource {
+        let fallback = self.manusCookieSource
+        guard let support = TokenAccountSupportCatalog.support(for: .manus),
+              support.requiresManualCookieSource
+        else {
+            return fallback
+        }
+        if self.tokenAccounts(for: .manus).isEmpty { return fallback }
+        return .manual
+    }
+}
diff --git a/Sources/CodexBar/Providers/MiMo/MiMoProviderImplementation.swift b/Sources/CodexBar/Providers/MiMo/MiMoProviderImplementation.swift
new file mode 100644
index 000000000..bcb9b68cf
--- /dev/null
+++ b/Sources/CodexBar/Providers/MiMo/MiMoProviderImplementation.swift
@@ -0,0 +1,102 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+import SwiftUI
+
+@ProviderImplementationRegistration
+struct MiMoProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .mimo
+    let supportsLoginFlow: Bool = true
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "web" }
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.miMoCookieSource
+        _ = settings.miMoCookieHeader
+    }
+
+    @MainActor
+    func settingsSnapshot(context: ProviderSettingsSnapshotContext) -> ProviderSettingsSnapshotContribution? {
+        .mimo(context.settings.miMoSettingsSnapshot(tokenOverride: context.tokenOverride))
+    }
+
+    @MainActor
+    func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        let cookieBinding = Binding(
+            get: { context.settings.miMoCookieSource.rawValue },
+            set: { raw in
+                context.settings.miMoCookieSource = ProviderCookieSource(rawValue: raw) ?? .auto
+            })
+        let cookieOptions = ProviderCookieSourceUI.options(
+            allowsOff: false,
+            keychainDisabled: context.settings.debugDisableKeychainAccess)
+        let cookieSubtitle: () -> String? = {
+            ProviderCookieSourceUI.subtitle(
+                source: context.settings.miMoCookieSource,
+                keychainDisabled: context.settings.debugDisableKeychainAccess,
+                auto: "Automatic imports Chrome browser cookies from Xiaomi MiMo.",
+                manual: "Paste a Cookie header from platform.xiaomimimo.com.",
+                off: "Xiaomi MiMo cookies are disabled.")
+        }
+
+        return [
+            ProviderSettingsPickerDescriptor(
+                id: "mimo-cookie-source",
+                title: "Cookie source",
+                subtitle: "Automatic imports Chrome browser cookies from Xiaomi MiMo.",
+                dynamicSubtitle: cookieSubtitle,
+                binding: cookieBinding,
+                options: cookieOptions,
+                isVisible: nil,
+                onChange: nil,
+                trailingText: {
+                    guard let entry = CookieHeaderCache.load(provider: .mimo) else { return nil }
+                    let when = entry.storedAt.relativeDescription()
+                    return "Cached: \(entry.sourceLabel) • \(when)"
+                }),
+        ]
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "mimo-cookie",
+                title: "",
+                subtitle: "",
+                kind: .secure,
+                placeholder: "Cookie: ...",
+                binding: context.stringBinding(\.miMoCookieHeader),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "mimo-open-balance",
+                        title: "Open MiMo Balance",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            guard let url = URL(string: "https://platform.xiaomimimo.com/#/console/balance") else {
+                                return
+                            }
+                            NSWorkspace.shared.open(url)
+                        }),
+                ],
+                isVisible: { context.settings.miMoCookieSource == .manual },
+                onActivate: { context.settings.ensureMiMoCookieLoaded() }),
+        ]
+    }
+
+    @MainActor
+    func runLoginFlow(context _: ProviderLoginContext) async -> Bool {
+        let loginURL = "https://platform.xiaomimimo.com/api/v1/genLoginUrl?currentPath=%2F%23%2Fconsole%2Fbalance"
+        guard let url = URL(string: loginURL) else {
+            return false
+        }
+        NSWorkspace.shared.open(url)
+        return false
+    }
+}
diff --git a/Sources/CodexBar/Providers/MiMo/MiMoSettingsStore.swift b/Sources/CodexBar/Providers/MiMo/MiMoSettingsStore.swift
new file mode 100644
index 000000000..3285a20b3
--- /dev/null
+++ b/Sources/CodexBar/Providers/MiMo/MiMoSettingsStore.swift
@@ -0,0 +1,35 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var miMoCookieHeader: String {
+        get { self.configSnapshot.providerConfig(for: .mimo)?.sanitizedCookieHeader ?? "" }
+        set {
+            self.updateProviderConfig(provider: .mimo) { entry in
+                entry.cookieHeader = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .mimo, field: "cookieHeader", value: newValue)
+        }
+    }
+
+    var miMoCookieSource: ProviderCookieSource {
+        get { self.resolvedCookieSource(provider: .mimo, fallback: .auto) }
+        set {
+            self.updateProviderConfig(provider: .mimo) { entry in
+                entry.cookieSource = newValue
+            }
+            self.logProviderModeChange(provider: .mimo, field: "cookieSource", value: newValue.rawValue)
+        }
+    }
+
+    func ensureMiMoCookieLoaded() {}
+}
+
+extension SettingsStore {
+    func miMoSettingsSnapshot(tokenOverride: TokenAccountOverride?) -> ProviderSettingsSnapshot.MiMoProviderSettings {
+        _ = tokenOverride
+        return ProviderSettingsSnapshot.MiMoProviderSettings(
+            cookieSource: self.miMoCookieSource,
+            manualCookieHeader: self.miMoCookieHeader)
+    }
+}
diff --git a/Sources/CodexBar/Providers/MiniMax/MiniMaxProviderImplementation.swift b/Sources/CodexBar/Providers/MiniMax/MiniMaxProviderImplementation.swift
index 6b7432edc..661441e99 100644
--- a/Sources/CodexBar/Providers/MiniMax/MiniMaxProviderImplementation.swift
+++ b/Sources/CodexBar/Providers/MiniMax/MiniMaxProviderImplementation.swift
@@ -65,7 +65,7 @@ struct MiniMaxProviderImplementation: ProviderImplementation {
                 source: context.settings.minimaxCookieSource,
                 keychainDisabled: context.settings.debugDisableKeychainAccess,
                 auto: "Automatic imports browser cookies and local storage tokens.",
-                manual: "Paste a Cookie header or cURL capture from the Coding Plan page.",
+                manual: "Paste a Cookie header or cURL capture from the Token Plan page.",
                 off: "MiniMax cookies are disabled.")
         }
 
@@ -122,7 +122,7 @@ struct MiniMaxProviderImplementation: ProviderImplementation {
                 actions: [
                     ProviderSettingsActionDescriptor(
                         id: "minimax-open-dashboard",
-                        title: "Open Coding Plan",
+                        title: "Open Token Plan",
                         style: .link,
                         isVisible: nil,
                         perform: {
@@ -141,7 +141,7 @@ struct MiniMaxProviderImplementation: ProviderImplementation {
                 actions: [
                     ProviderSettingsActionDescriptor(
                         id: "minimax-open-dashboard-cookie",
-                        title: "Open Coding Plan",
+                        title: "Open Token Plan",
                         style: .link,
                         isVisible: nil,
                         perform: {
diff --git a/Sources/CodexBar/Providers/Mistral/MistralProviderImplementation.swift b/Sources/CodexBar/Providers/Mistral/MistralProviderImplementation.swift
new file mode 100644
index 000000000..1949d2ed0
--- /dev/null
+++ b/Sources/CodexBar/Providers/Mistral/MistralProviderImplementation.swift
@@ -0,0 +1,106 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+import SwiftUI
+
+@ProviderImplementationRegistration
+struct MistralProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .mistral
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "web" }
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.mistralCookieSource
+        _ = settings.mistralCookieHeader
+    }
+
+    @MainActor
+    func settingsSnapshot(context: ProviderSettingsSnapshotContext) -> ProviderSettingsSnapshotContribution? {
+        .mistral(context.settings.mistralSettingsSnapshot(tokenOverride: context.tokenOverride))
+    }
+
+    @MainActor
+    func tokenAccountsVisibility(context: ProviderSettingsContext, support: TokenAccountSupport) -> Bool {
+        guard support.requiresManualCookieSource else { return true }
+        if !context.settings.tokenAccounts(for: context.provider).isEmpty { return true }
+        return context.settings.mistralCookieSource == .manual
+    }
+
+    @MainActor
+    func applyTokenAccountCookieSource(settings: SettingsStore) {
+        if settings.mistralCookieSource != .manual {
+            settings.mistralCookieSource = .manual
+        }
+    }
+
+    @MainActor
+    func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        let cookieBinding = Binding(
+            get: { context.settings.mistralCookieSource.rawValue },
+            set: { raw in
+                context.settings.mistralCookieSource = ProviderCookieSource(rawValue: raw) ?? .auto
+            })
+        let cookieOptions = ProviderCookieSourceUI.options(
+            allowsOff: false,
+            keychainDisabled: context.settings.debugDisableKeychainAccess)
+
+        let cookieSubtitle: () -> String? = {
+            ProviderCookieSourceUI.subtitle(
+                source: context.settings.mistralCookieSource,
+                keychainDisabled: context.settings.debugDisableKeychainAccess,
+                auto: "Automatic imports browser cookies from admin.mistral.ai.",
+                manual: "Paste a Cookie header captured from the billing page.",
+                off: "Mistral cookies are disabled.")
+        }
+
+        return [
+            ProviderSettingsPickerDescriptor(
+                id: "mistral-cookie-source",
+                title: "Cookie source",
+                subtitle: "Automatic imports browser cookies from admin.mistral.ai.",
+                dynamicSubtitle: cookieSubtitle,
+                binding: cookieBinding,
+                options: cookieOptions,
+                isVisible: nil,
+                onChange: nil,
+                trailingText: {
+                    guard let entry = CookieHeaderCache.load(provider: .mistral) else { return nil }
+                    let when = entry.storedAt.relativeDescription()
+                    return "Cached: \(entry.sourceLabel) • \(when)"
+                }),
+        ]
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "mistral-cookie-header",
+                title: "Cookie header",
+                subtitle: "Paste the Cookie header from a request to admin.mistral.ai. "
+                    + "Must contain an ory_session_* cookie.",
+                kind: .secure,
+                placeholder: "ory_session_…=…; csrftoken=…",
+                binding: context.stringBinding(\.mistralCookieHeader),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "mistral-open-console",
+                        title: "Open Mistral Admin",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            if let url = URL(string: "https://admin.mistral.ai/organization/usage") {
+                                NSWorkspace.shared.open(url)
+                            }
+                        }),
+                ],
+                isVisible: { context.settings.mistralCookieSource == .manual },
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/Mistral/MistralSettingsStore.swift b/Sources/CodexBar/Providers/Mistral/MistralSettingsStore.swift
new file mode 100644
index 000000000..e99485517
--- /dev/null
+++ b/Sources/CodexBar/Providers/Mistral/MistralSettingsStore.swift
@@ -0,0 +1,64 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var mistralCookieHeader: String {
+        get { self.configSnapshot.providerConfig(for: .mistral)?.sanitizedCookieHeader ?? "" }
+        set {
+            self.updateProviderConfig(provider: .mistral) { entry in
+                entry.cookieHeader = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .mistral, field: "cookieHeader", value: newValue)
+        }
+    }
+
+    var mistralCookieSource: ProviderCookieSource {
+        get { self.resolvedCookieSource(provider: .mistral, fallback: .auto) }
+        set {
+            self.updateProviderConfig(provider: .mistral) { entry in
+                entry.cookieSource = newValue
+            }
+            self.logProviderModeChange(provider: .mistral, field: "cookieSource", value: newValue.rawValue)
+        }
+    }
+
+    func ensureMistralCookieLoaded() {}
+}
+
+extension SettingsStore {
+    func mistralSettingsSnapshot(tokenOverride: TokenAccountOverride?) -> ProviderSettingsSnapshot
+        .MistralProviderSettings
+    {
+        ProviderSettingsSnapshot.MistralProviderSettings(
+            cookieSource: self.mistralSnapshotCookieSource(tokenOverride: tokenOverride),
+            manualCookieHeader: self.mistralSnapshotCookieHeader(tokenOverride: tokenOverride))
+    }
+
+    private func mistralSnapshotCookieHeader(tokenOverride: TokenAccountOverride?) -> String {
+        let fallback = self.mistralCookieHeader
+        guard let support = TokenAccountSupportCatalog.support(for: .mistral),
+              case .cookieHeader = support.injection
+        else {
+            return fallback
+        }
+        guard let account = ProviderTokenAccountSelection.selectedAccount(
+            provider: .mistral,
+            settings: self,
+            override: tokenOverride)
+        else {
+            return fallback
+        }
+        return TokenAccountSupportCatalog.normalizedCookieHeader(account.token, support: support)
+    }
+
+    private func mistralSnapshotCookieSource(tokenOverride: TokenAccountOverride?) -> ProviderCookieSource {
+        let fallback = self.mistralCookieSource
+        guard let support = TokenAccountSupportCatalog.support(for: .mistral),
+              support.requiresManualCookieSource
+        else {
+            return fallback
+        }
+        if self.tokenAccounts(for: .mistral).isEmpty { return fallback }
+        return .manual
+    }
+}
diff --git a/Sources/CodexBar/Providers/Moonshot/MoonshotProviderImplementation.swift b/Sources/CodexBar/Providers/Moonshot/MoonshotProviderImplementation.swift
new file mode 100644
index 000000000..67e862c40
--- /dev/null
+++ b/Sources/CodexBar/Providers/Moonshot/MoonshotProviderImplementation.swift
@@ -0,0 +1,88 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+import SwiftUI
+
+@ProviderImplementationRegistration
+struct MoonshotProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .moonshot
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "api" }
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.moonshotAPIToken
+        _ = settings.moonshotRegion
+    }
+
+    @MainActor
+    func settingsSnapshot(context: ProviderSettingsSnapshotContext)
+        -> ProviderSettingsSnapshotContribution?
+    {
+        .moonshot(context.settings.moonshotSettingsSnapshot())
+    }
+
+    @MainActor
+    func isAvailable(context: ProviderAvailabilityContext) -> Bool {
+        if MoonshotSettingsReader.apiKey(environment: context.environment) != nil {
+            return true
+        }
+        context.settings.ensureMoonshotAPITokenLoaded()
+        return !context.settings.moonshotAPIToken.trimmingCharacters(in: .whitespacesAndNewlines)
+            .isEmpty
+    }
+
+    @MainActor
+    func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        let binding = Binding(
+            get: { context.settings.moonshotRegion.rawValue },
+            set: { raw in
+                context.settings.moonshotRegion = MoonshotRegion(rawValue: raw) ?? .international
+            })
+        let options = MoonshotRegion.allCases.map {
+            ProviderSettingsPickerOption(id: $0.rawValue, title: $0.displayName)
+        }
+
+        return [
+            ProviderSettingsPickerDescriptor(
+                id: "moonshot-api-region",
+                title: "API region",
+                subtitle: "Choose the Moonshot/Kimi API host for international or China mainland accounts.",
+                binding: binding,
+                options: options,
+                isVisible: nil,
+                onChange: nil),
+        ]
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "moonshot-api-key",
+                title: "API key",
+                subtitle: "Stored in ~/.codexbar/config.json.",
+                kind: .secure,
+                placeholder: "sk-...",
+                binding: context.stringBinding(\.moonshotAPIToken),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "moonshot-open-dashboard",
+                        title: "Open Moonshot Console",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            if let url = URL(string: "https://platform.moonshot.ai/console/account") {
+                                NSWorkspace.shared.open(url)
+                            }
+                        }),
+                ],
+                isVisible: nil,
+                onActivate: { context.settings.ensureMoonshotAPITokenLoaded() }),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/Moonshot/MoonshotSettingsStore.swift b/Sources/CodexBar/Providers/Moonshot/MoonshotSettingsStore.swift
new file mode 100644
index 000000000..beb808af3
--- /dev/null
+++ b/Sources/CodexBar/Providers/Moonshot/MoonshotSettingsStore.swift
@@ -0,0 +1,44 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var moonshotAPIToken: String {
+        get { self.configSnapshot.providerConfig(for: .moonshot)?.sanitizedAPIKey ?? "" }
+        set {
+            self.updateProviderConfig(provider: .moonshot) { entry in
+                entry.apiKey = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .moonshot, field: "apiKey", value: newValue)
+        }
+    }
+
+    var moonshotRegion: MoonshotRegion {
+        get {
+            let raw = self.configSnapshot.providerConfig(for: .moonshot)?.region
+            return MoonshotRegion(rawValue: raw ?? "") ?? .international
+        }
+        set {
+            self.updateProviderConfig(provider: .moonshot) { entry in
+                entry.region = newValue.rawValue
+            }
+        }
+    }
+
+    func ensureMoonshotAPITokenLoaded() {}
+
+    var configuredMoonshotRegion: MoonshotRegion? {
+        guard let raw = self.configSnapshot.providerConfig(for: .moonshot)?.region?
+            .trimmingCharacters(in: .whitespacesAndNewlines),
+            !raw.isEmpty
+        else {
+            return nil
+        }
+        return MoonshotRegion(rawValue: raw)
+    }
+}
+
+extension SettingsStore {
+    func moonshotSettingsSnapshot() -> ProviderSettingsSnapshot.MoonshotProviderSettings {
+        ProviderSettingsSnapshot.MoonshotProviderSettings(region: self.configuredMoonshotRegion)
+    }
+}
diff --git a/Sources/CodexBar/Providers/Ollama/OllamaProviderImplementation.swift b/Sources/CodexBar/Providers/Ollama/OllamaProviderImplementation.swift
index 99d8582f1..d2b64c362 100644
--- a/Sources/CodexBar/Providers/Ollama/OllamaProviderImplementation.swift
+++ b/Sources/CodexBar/Providers/Ollama/OllamaProviderImplementation.swift
@@ -10,10 +10,29 @@ struct OllamaProviderImplementation: ProviderImplementation {
 
     @MainActor
     func observeSettings(_ settings: SettingsStore) {
+        _ = settings.ollamaUsageDataSource
+        _ = settings.ollamaAPIToken
         _ = settings.ollamaCookieSource
         _ = settings.ollamaCookieHeader
     }
 
+    @MainActor
+    func sourceMode(context: ProviderSourceModeContext) -> ProviderSourceMode {
+        context.settings.ollamaUsageDataSource
+    }
+
+    @MainActor
+    func isAvailable(context: ProviderAvailabilityContext) -> Bool {
+        if OllamaAPISettingsReader.apiKey(environment: context.environment) != nil {
+            return true
+        }
+        context.settings.ensureOllamaAPITokenLoaded()
+        if !context.settings.ollamaAPIToken.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty {
+            return true
+        }
+        return context.settings.ollamaCookieSource != .off
+    }
+
     @MainActor
     func settingsSnapshot(context: ProviderSettingsSnapshotContext) -> ProviderSettingsSnapshotContribution? {
         .ollama(context.settings.ollamaSettingsSnapshot(tokenOverride: context.tokenOverride))
@@ -35,6 +54,16 @@ struct OllamaProviderImplementation: ProviderImplementation {
 
     @MainActor
     func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        let sourceBinding = Binding(
+            get: { context.settings.ollamaUsageDataSource.rawValue },
+            set: { raw in
+                context.settings.ollamaUsageDataSource = ProviderSourceMode(rawValue: raw) ?? .auto
+            })
+        let sourceOptions: [ProviderSettingsPickerOption] = [
+            ProviderSettingsPickerOption(id: ProviderSourceMode.auto.rawValue, title: "Auto"),
+            ProviderSettingsPickerOption(id: ProviderSourceMode.web.rawValue, title: "Browser cookies"),
+            ProviderSettingsPickerOption(id: ProviderSourceMode.api.rawValue, title: "API key"),
+        ]
         let cookieBinding = Binding(
             get: { context.settings.ollamaCookieSource.rawValue },
             set: { raw in
@@ -54,6 +83,14 @@ struct OllamaProviderImplementation: ProviderImplementation {
         }
 
         return [
+            ProviderSettingsPickerDescriptor(
+                id: "ollama-usage-source",
+                title: "Usage source",
+                subtitle: "API key verifies Ollama Cloud access; cookies still expose quota limits.",
+                binding: sourceBinding,
+                options: sourceOptions,
+                isVisible: nil,
+                onChange: nil),
             ProviderSettingsPickerDescriptor(
                 id: "ollama-cookie-source",
                 title: "Cookie source",
@@ -69,6 +106,27 @@ struct OllamaProviderImplementation: ProviderImplementation {
     @MainActor
     func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
         [
+            ProviderSettingsFieldDescriptor(
+                id: "ollama-api-key",
+                title: "API key",
+                subtitle: "Stored in ~/.codexbar/config.json. Get your key from Ollama settings.",
+                kind: .secure,
+                placeholder: "ollama-...",
+                binding: context.stringBinding(\.ollamaAPIToken),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "ollama-open-api-keys",
+                        title: "Open Ollama API Keys",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            if let url = URL(string: "https://ollama.com/settings/keys") {
+                                NSWorkspace.shared.open(url)
+                            }
+                        }),
+                ],
+                isVisible: nil,
+                onActivate: { context.settings.ensureOllamaAPITokenLoaded() }),
             ProviderSettingsFieldDescriptor(
                 id: "ollama-cookie",
                 title: "",
diff --git a/Sources/CodexBar/Providers/Ollama/OllamaSettingsStore.swift b/Sources/CodexBar/Providers/Ollama/OllamaSettingsStore.swift
index 99e0d6504..628d7b7f2 100644
--- a/Sources/CodexBar/Providers/Ollama/OllamaSettingsStore.swift
+++ b/Sources/CodexBar/Providers/Ollama/OllamaSettingsStore.swift
@@ -2,6 +2,29 @@ import CodexBarCore
 import Foundation
 
 extension SettingsStore {
+    var ollamaUsageDataSource: ProviderSourceMode {
+        get {
+            let source = self.configSnapshot.providerConfig(for: .ollama)?.source
+            return source ?? .auto
+        }
+        set {
+            self.updateProviderConfig(provider: .ollama) { entry in
+                entry.source = newValue == .auto ? nil : newValue
+            }
+            self.logProviderModeChange(provider: .ollama, field: "source", value: newValue.rawValue)
+        }
+    }
+
+    var ollamaAPIToken: String {
+        get { self.configSnapshot.providerConfig(for: .ollama)?.sanitizedAPIKey ?? "" }
+        set {
+            self.updateProviderConfig(provider: .ollama) { entry in
+                entry.apiKey = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .ollama, field: "apiKey", value: newValue)
+        }
+    }
+
     var ollamaCookieHeader: String {
         get { self.configSnapshot.providerConfig(for: .ollama)?.sanitizedCookieHeader ?? "" }
         set {
@@ -22,6 +45,8 @@ extension SettingsStore {
         }
     }
 
+    func ensureOllamaAPITokenLoaded() {}
+
     func ensureOllamaCookieLoaded() {}
 }
 
diff --git a/Sources/CodexBar/Providers/OpenAI/OpenAIAPIProviderImplementation.swift b/Sources/CodexBar/Providers/OpenAI/OpenAIAPIProviderImplementation.swift
new file mode 100644
index 000000000..4d13b22be
--- /dev/null
+++ b/Sources/CodexBar/Providers/OpenAI/OpenAIAPIProviderImplementation.swift
@@ -0,0 +1,80 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderImplementationRegistration
+struct OpenAIAPIProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .openai
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "api" }
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.openAIAPIKey
+        _ = settings.openAIAPIProjectID
+    }
+
+    @MainActor
+    func isAvailable(context: ProviderAvailabilityContext) -> Bool {
+        if OpenAIAPISettingsReader.apiKey(environment: context.environment) != nil {
+            return true
+        }
+        return !context.settings.openAIAPIKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "openai-api-key",
+                title: "Admin API key",
+                subtitle: "Stored in ~/.codexbar/config.json. OPENAI_ADMIN_KEY is preferred; " +
+                    "OPENAI_API_KEY still works.",
+                kind: .secure,
+                placeholder: "sk-admin-...",
+                binding: context.stringBinding(\.openAIAPIKey),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "openai-open-billing",
+                        title: "Open billing",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            if let url = URL(
+                                string: "https://platform.openai.com/settings/organization/billing/overview")
+                            {
+                                NSWorkspace.shared.open(url)
+                            }
+                        }),
+                ],
+                isVisible: nil,
+                onActivate: nil),
+            ProviderSettingsFieldDescriptor(
+                id: "openai-project-id",
+                title: "Project ID",
+                subtitle: "Optional. Applies to the configured Admin API key; selected token accounts do not " +
+                    "inherit OPENAI_PROJECT_ID.",
+                kind: .plain,
+                placeholder: "proj_...",
+                binding: context.stringBinding(\.openAIAPIProjectID),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "openai-open-projects",
+                        title: "Open projects",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            if let url = URL(string: "https://platform.openai.com/settings/organization/projects") {
+                                NSWorkspace.shared.open(url)
+                            }
+                        }),
+                ],
+                isVisible: nil,
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/OpenAI/OpenAIAPISettingsStore.swift b/Sources/CodexBar/Providers/OpenAI/OpenAIAPISettingsStore.swift
new file mode 100644
index 000000000..7dfb7edf6
--- /dev/null
+++ b/Sources/CodexBar/Providers/OpenAI/OpenAIAPISettingsStore.swift
@@ -0,0 +1,24 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var openAIAPIKey: String {
+        get { self.configSnapshot.providerConfig(for: .openai)?.sanitizedAPIKey ?? "" }
+        set {
+            self.updateProviderConfig(provider: .openai) { entry in
+                entry.apiKey = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .openai, field: "apiKey", value: newValue)
+        }
+    }
+
+    var openAIAPIProjectID: String {
+        get { self.configSnapshot.providerConfig(for: .openai)?.sanitizedWorkspaceID ?? "" }
+        set {
+            self.updateProviderConfig(provider: .openai) { entry in
+                entry.workspaceID = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .openai, field: "projectID", value: newValue)
+        }
+    }
+}
diff --git a/Sources/CodexBar/Providers/OpenCode/OpenCodeProviderImplementation.swift b/Sources/CodexBar/Providers/OpenCode/OpenCodeProviderImplementation.swift
index 5e069f0a1..5ef145907 100644
--- a/Sources/CodexBar/Providers/OpenCode/OpenCodeProviderImplementation.swift
+++ b/Sources/CodexBar/Providers/OpenCode/OpenCodeProviderImplementation.swift
@@ -70,9 +70,9 @@ struct OpenCodeProviderImplementation: ProviderImplementation {
                 isVisible: nil,
                 onChange: nil,
                 trailingText: {
-                    guard let entry = CookieHeaderCache.load(provider: .opencode) else { return nil }
-                    let when = entry.storedAt.relativeDescription()
-                    return "Cached: \(entry.sourceLabel) • \(when)"
+                    OpenCodeProviderUI.cachedCookieTrailingText(
+                        provider: .opencode,
+                        cookieSource: context.settings.opencodeCookieSource)
                 }),
         ]
     }
diff --git a/Sources/CodexBar/Providers/OpenCode/OpenCodeProviderUI.swift b/Sources/CodexBar/Providers/OpenCode/OpenCodeProviderUI.swift
new file mode 100644
index 000000000..e6646e6c2
--- /dev/null
+++ b/Sources/CodexBar/Providers/OpenCode/OpenCodeProviderUI.swift
@@ -0,0 +1,12 @@
+import CodexBarCore
+import Foundation
+
+enum OpenCodeProviderUI {
+    @MainActor
+    static func cachedCookieTrailingText(provider: UsageProvider, cookieSource: ProviderCookieSource) -> String? {
+        guard cookieSource != .manual else { return nil }
+        guard let entry = CookieHeaderCache.load(provider: provider) else { return nil }
+        let when = entry.storedAt.relativeDescription()
+        return "Cached: \(entry.sourceLabel) • \(when)"
+    }
+}
diff --git a/Sources/CodexBar/Providers/OpenCodeGo/OpenCodeGoProviderImplementation.swift b/Sources/CodexBar/Providers/OpenCodeGo/OpenCodeGoProviderImplementation.swift
new file mode 100644
index 000000000..0c5b1ee08
--- /dev/null
+++ b/Sources/CodexBar/Providers/OpenCodeGo/OpenCodeGoProviderImplementation.swift
@@ -0,0 +1,95 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+import SwiftUI
+
+@ProviderImplementationRegistration
+struct OpenCodeGoProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .opencodego
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "web" }
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.opencodegoCookieSource
+        _ = settings.opencodegoCookieHeader
+        _ = settings.opencodegoWorkspaceID
+    }
+
+    @MainActor
+    func settingsSnapshot(context: ProviderSettingsSnapshotContext) -> ProviderSettingsSnapshotContribution? {
+        .opencodego(context.settings.opencodegoSettingsSnapshot(tokenOverride: context.tokenOverride))
+    }
+
+    @MainActor
+    func tokenAccountsVisibility(context: ProviderSettingsContext, support: TokenAccountSupport) -> Bool {
+        guard support.requiresManualCookieSource else { return true }
+        if !context.settings.tokenAccounts(for: context.provider).isEmpty { return true }
+        return context.settings.opencodegoCookieSource == .manual
+    }
+
+    @MainActor
+    func applyTokenAccountCookieSource(settings: SettingsStore) {
+        if settings.opencodegoCookieSource != .manual {
+            settings.opencodegoCookieSource = .manual
+        }
+    }
+
+    @MainActor
+    func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        let cookieBinding = Binding(
+            get: { context.settings.opencodegoCookieSource.rawValue },
+            set: { raw in
+                context.settings.opencodegoCookieSource = ProviderCookieSource(rawValue: raw) ?? .auto
+            })
+        let cookieOptions = ProviderCookieSourceUI.options(
+            allowsOff: false,
+            keychainDisabled: context.settings.debugDisableKeychainAccess)
+
+        let cookieSubtitle: () -> String? = {
+            ProviderCookieSourceUI.subtitle(
+                source: context.settings.opencodegoCookieSource,
+                keychainDisabled: context.settings.debugDisableKeychainAccess,
+                auto: "Automatic imports browser cookies from opencode.ai.",
+                manual: "Paste a Cookie header captured from the billing page.",
+                off: "OpenCode Go cookies are disabled.")
+        }
+
+        return [
+            ProviderSettingsPickerDescriptor(
+                id: "opencodego-cookie-source",
+                title: "Cookie source",
+                subtitle: "Automatic imports browser cookies from opencode.ai.",
+                dynamicSubtitle: cookieSubtitle,
+                binding: cookieBinding,
+                options: cookieOptions,
+                isVisible: nil,
+                onChange: nil,
+                trailingText: {
+                    OpenCodeProviderUI.cachedCookieTrailingText(
+                        provider: .opencodego,
+                        cookieSource: context.settings.opencodegoCookieSource)
+                }),
+        ]
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "opencodego-workspace-id",
+                title: "Workspace ID",
+                subtitle: "Optional override if workspace lookup fails.",
+                kind: .plain,
+                placeholder: "wrk_…",
+                binding: context.stringBinding(\.opencodegoWorkspaceID),
+                actions: [],
+                isVisible: nil,
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/OpenCodeGo/OpenCodeGoSettingsStore.swift b/Sources/CodexBar/Providers/OpenCodeGo/OpenCodeGoSettingsStore.swift
new file mode 100644
index 000000000..3f77ff2b2
--- /dev/null
+++ b/Sources/CodexBar/Providers/OpenCodeGo/OpenCodeGoSettingsStore.swift
@@ -0,0 +1,88 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var opencodegoWorkspaceID: String {
+        get { self.configSnapshot.providerConfig(for: .opencodego)?.workspaceID ?? "" }
+        set {
+            let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
+            let value = trimmed.isEmpty ? nil : trimmed
+            self.updateProviderConfig(provider: .opencodego) { entry in
+                entry.workspaceID = value
+            }
+        }
+    }
+
+    var opencodegoCookieHeader: String {
+        get { self.configSnapshot.providerConfig(for: .opencodego)?.sanitizedCookieHeader ?? "" }
+        set {
+            self.updateProviderConfig(provider: .opencodego) { entry in
+                entry.cookieHeader = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .opencodego, field: "cookieHeader", value: newValue)
+        }
+    }
+
+    var opencodegoCookieSource: ProviderCookieSource {
+        get { self.resolvedCookieSource(provider: .opencodego, fallback: .auto) }
+        set {
+            self.updateProviderConfig(provider: .opencodego) { entry in
+                entry.cookieSource = newValue
+            }
+            self.logProviderModeChange(provider: .opencodego, field: "cookieSource", value: newValue.rawValue)
+        }
+    }
+
+    var opencodegoDashboardURL: URL {
+        OpenCodeGoUsageFetcher.dashboardURL(workspaceID: self.opencodegoWorkspaceID)
+    }
+
+    func ensureOpenCodeGoCookieLoaded() {}
+}
+
+extension SettingsStore {
+    func opencodegoSettingsSnapshot(tokenOverride: TokenAccountOverride?) -> ProviderSettingsSnapshot
+        .OpenCodeProviderSettings
+    {
+        ProviderSettingsSnapshot.OpenCodeProviderSettings(
+            cookieSource: self.opencodegoSnapshotCookieSource(tokenOverride: tokenOverride),
+            manualCookieHeader: self.opencodegoSnapshotCookieHeader(tokenOverride: tokenOverride),
+            workspaceID: self.opencodegoSnapshotWorkspaceID)
+    }
+
+    private func opencodegoSnapshotCookieHeader(tokenOverride: TokenAccountOverride?) -> String {
+        let fallback = self.opencodegoCookieHeader
+        guard let support = TokenAccountSupportCatalog.support(for: .opencodego),
+              case .cookieHeader = support.injection
+        else {
+            return fallback
+        }
+        guard let account = ProviderTokenAccountSelection.selectedAccount(
+            provider: .opencodego,
+            settings: self,
+            override: tokenOverride)
+        else {
+            return fallback
+        }
+        return TokenAccountSupportCatalog.normalizedCookieHeader(account.token, support: support)
+    }
+
+    private func opencodegoSnapshotCookieSource(tokenOverride: TokenAccountOverride?) -> ProviderCookieSource {
+        let fallback = self.opencodegoCookieSource
+        guard let support = TokenAccountSupportCatalog.support(for: .opencodego),
+              support.requiresManualCookieSource
+        else {
+            return fallback
+        }
+        if self.tokenAccounts(for: .opencodego).isEmpty { return fallback }
+        return .manual
+    }
+
+    private var opencodegoSnapshotWorkspaceID: String? {
+        guard let workspaceID = self.configSnapshot.providerConfig(for: .opencodego)?.workspaceID else {
+            return nil
+        }
+        let trimmed = workspaceID.trimmingCharacters(in: .whitespacesAndNewlines)
+        return trimmed.isEmpty ? nil : trimmed
+    }
+}
diff --git a/Sources/CodexBar/Providers/Perplexity/PerplexityProviderImplementation.swift b/Sources/CodexBar/Providers/Perplexity/PerplexityProviderImplementation.swift
new file mode 100644
index 000000000..770e18c2e
--- /dev/null
+++ b/Sources/CodexBar/Providers/Perplexity/PerplexityProviderImplementation.swift
@@ -0,0 +1,95 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+import SwiftUI
+
+@ProviderImplementationRegistration
+struct PerplexityProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .perplexity
+    let supportsLoginFlow: Bool = true
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "web" }
+    }
+
+    @MainActor
+    func runLoginFlow(context _: ProviderLoginContext) async -> Bool {
+        if let url = URL(string: "https://www.perplexity.ai/") {
+            NSWorkspace.shared.open(url)
+        }
+        return false
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.perplexityCookieSource
+        _ = settings.perplexityManualCookieHeader
+    }
+
+    @MainActor
+    func settingsSnapshot(context: ProviderSettingsSnapshotContext) -> ProviderSettingsSnapshotContribution? {
+        .perplexity(context.settings.perplexitySettingsSnapshot(tokenOverride: context.tokenOverride))
+    }
+
+    @MainActor
+    func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        let cookieBinding = Binding(
+            get: { context.settings.perplexityCookieSource.rawValue },
+            set: { raw in
+                context.settings.perplexityCookieSource = ProviderCookieSource(rawValue: raw) ?? .auto
+            })
+        let options = ProviderCookieSourceUI.options(
+            allowsOff: true,
+            keychainDisabled: context.settings.debugDisableKeychainAccess)
+
+        let subtitle: () -> String? = {
+            ProviderCookieSourceUI.subtitle(
+                source: context.settings.perplexityCookieSource,
+                keychainDisabled: context.settings.debugDisableKeychainAccess,
+                auto: "Automatically imports browser session cookie.",
+                manual: "Paste a full cookie header or the __Secure-next-auth.session-token value.",
+                off: "Perplexity cookies are disabled.")
+        }
+
+        return [
+            ProviderSettingsPickerDescriptor(
+                id: "perplexity-cookie-source",
+                title: "Cookie source",
+                subtitle: "Automatically imports browser session cookie.",
+                dynamicSubtitle: subtitle,
+                binding: cookieBinding,
+                options: options,
+                isVisible: nil,
+                onChange: nil),
+        ]
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "perplexity-cookie",
+                title: "",
+                subtitle: "",
+                kind: .secure,
+                placeholder: "Cookie: \u{2026}\n\nor paste the __Secure-next-auth.session-token value",
+                binding: context.stringBinding(\.perplexityManualCookieHeader),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "perplexity-open-usage",
+                        title: "Open Usage Page",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            if let url = URL(string: "https://www.perplexity.ai/account/usage") {
+                                NSWorkspace.shared.open(url)
+                            }
+                        }),
+                ],
+                isVisible: { context.settings.perplexityCookieSource == .manual },
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/Perplexity/PerplexitySettingsStore.swift b/Sources/CodexBar/Providers/Perplexity/PerplexitySettingsStore.swift
new file mode 100644
index 000000000..6d2d44dfc
--- /dev/null
+++ b/Sources/CodexBar/Providers/Perplexity/PerplexitySettingsStore.swift
@@ -0,0 +1,36 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var perplexityManualCookieHeader: String {
+        get { self.configSnapshot.providerConfig(for: .perplexity)?.sanitizedCookieHeader ?? "" }
+        set {
+            self.updateProviderConfig(provider: .perplexity) { entry in
+                entry.cookieHeader = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .perplexity, field: "cookieHeader", value: newValue)
+        }
+    }
+
+    var perplexityCookieSource: ProviderCookieSource {
+        get { self.resolvedCookieSource(provider: .perplexity, fallback: .auto) }
+        set {
+            self.updateProviderConfig(provider: .perplexity) { entry in
+                entry.cookieSource = newValue
+            }
+            self.logProviderModeChange(provider: .perplexity, field: "cookieSource", value: newValue.rawValue)
+        }
+    }
+}
+
+extension SettingsStore {
+    func perplexitySettingsSnapshot(tokenOverride: TokenAccountOverride?) -> ProviderSettingsSnapshot
+    .PerplexityProviderSettings {
+        // tokenOverride is not used: Perplexity auth is cookie-based, not token-account-based.
+        // Manual cookies are handled via perplexityManualCookieHeader in the settings snapshot below.
+        _ = tokenOverride
+        return ProviderSettingsSnapshot.PerplexityProviderSettings(
+            cookieSource: self.perplexityCookieSource,
+            manualCookieHeader: self.perplexityManualCookieHeader)
+    }
+}
diff --git a/Sources/CodexBar/Providers/Shared/ProviderContext.swift b/Sources/CodexBar/Providers/Shared/ProviderContext.swift
index 8b0069a6a..57493fe86 100644
--- a/Sources/CodexBar/Providers/Shared/ProviderContext.swift
+++ b/Sources/CodexBar/Providers/Shared/ProviderContext.swift
@@ -34,4 +34,15 @@ struct ProviderVersionContext {
 struct ProviderSettingsSnapshotContext {
     let settings: SettingsStore
     let tokenOverride: TokenAccountOverride?
+    let codexActiveSourceOverride: CodexActiveSource?
+
+    init(
+        settings: SettingsStore,
+        tokenOverride: TokenAccountOverride?,
+        codexActiveSourceOverride: CodexActiveSource? = nil)
+    {
+        self.settings = settings
+        self.tokenOverride = tokenOverride
+        self.codexActiveSourceOverride = codexActiveSourceOverride
+    }
 }
diff --git a/Sources/CodexBar/Providers/Shared/ProviderCookieSourceUI.swift b/Sources/CodexBar/Providers/Shared/ProviderCookieSourceUI.swift
index 4964f4df4..7c3fccc72 100644
--- a/Sources/CodexBar/Providers/Shared/ProviderCookieSourceUI.swift
+++ b/Sources/CodexBar/Providers/Shared/ProviderCookieSourceUI.swift
@@ -1,7 +1,7 @@
 import CodexBarCore
 
 enum ProviderCookieSourceUI {
-    static let keychainDisabledPrefix =
+    static let keychainDisabledPrefixKey =
         "Keychain access is disabled in Advanced, so browser cookie import is unavailable."
 
     static func options(allowsOff: Bool, keychainDisabled: Bool) -> [ProviderSettingsPickerOption] {
@@ -29,16 +29,88 @@ enum ProviderCookieSourceUI {
         manual: String,
         off: String) -> String
     {
+        let localizedAuto = self.localizedSubtitle(auto)
+        let localizedManual = self.localizedSubtitle(manual)
+        let localizedOff = self.localizedSubtitle(off)
         if keychainDisabled {
-            return source == .off ? off : "\(self.keychainDisabledPrefix) \(manual)"
+            return source == .off
+                ? localizedOff
+                : "\(L(self.keychainDisabledPrefixKey)) \(localizedManual)"
         }
         switch source {
         case .auto:
-            return auto
+            return localizedAuto
         case .manual:
-            return manual
+            return localizedManual
         case .off:
-            return off
+            return localizedOff
         }
     }
+
+    private static func localizedSubtitle(_ subtitle: String) -> String {
+        let trimmed = subtitle.trimmingCharacters(in: .whitespacesAndNewlines)
+        if let source = trimmed.removing(prefix: "Paste a Cookie header or cURL capture from ", suffix: ".") {
+            return L("Paste a Cookie header or cURL capture from %@.", source)
+        }
+        if let source = trimmed.removing(prefix: "Paste a Cookie header or full cURL capture from ", suffix: ".") {
+            return L("Paste a Cookie header or full cURL capture from %@.", source)
+        }
+        if let source = trimmed.removing(prefix: "Paste a Cookie header captured from ", suffix: ".") {
+            return L("Paste a Cookie header captured from %@.", source)
+        }
+        if let source = trimmed.removing(prefix: "Paste a Cookie header from ", suffix: ".") {
+            return L("Paste a Cookie header from %@.", source)
+        }
+        if let token = trimmed.removing(prefix: "Paste a full cookie header or the ", suffix: " value.") {
+            return L("Paste a full cookie header or the %@ value.", token)
+        }
+        if let source = trimmed.removing(prefix: "Paste a Cookie or Authorization header from ", suffix: ".") {
+            return L("Paste a Cookie or Authorization header from %@.", source)
+        }
+        if let token = trimmed.removing(prefix: "Paste the ", suffix: " value or a full Cookie header.") {
+            return L("Paste the %@ value or a full Cookie header.", token)
+        }
+        if let token = trimmed.removing(prefix: "Manually paste an ", suffix: " from a browser session.") {
+            return L("Manually paste an %@ from a browser session.", token)
+        }
+        if let token = trimmed.removing(
+            prefix: "Uses username + password to login and obtain an ",
+            suffix: " automatically.")
+        {
+            return L("Uses username + password to login and obtain an %@ automatically.", token)
+        }
+        if let parts = trimmed.removingTwoParts(prefix: "Paste the ", separator: " JSON bundle from ", suffix: ".") {
+            return L("Paste the %@ JSON bundle from %@.", parts.0, parts.1)
+        }
+        if let provider = trimmed.removing(prefix: "Disable ", suffix: " dashboard cookie usage.") {
+            return L("Disable %@ dashboard cookie usage.", provider)
+        }
+        if let provider = trimmed.removing(prefix: "", suffix: " cookies are disabled.") {
+            return L("%@ cookies are disabled.", provider)
+        }
+        if let provider = trimmed.removing(prefix: "", suffix: " authentication is disabled.") {
+            return L("%@ authentication is disabled.", provider)
+        }
+        if let provider = trimmed.removing(prefix: "", suffix: " web API access is disabled.") {
+            return L("%@ web API access is disabled.", provider)
+        }
+        return L(trimmed)
+    }
+}
+
+extension String {
+    fileprivate func removing(prefix: String, suffix: String) -> String? {
+        guard self.hasPrefix(prefix), self.hasSuffix(suffix) else { return nil }
+        let start = self.index(self.startIndex, offsetBy: prefix.count)
+        let end = self.index(self.endIndex, offsetBy: -suffix.count)
+        guard start <= end else { return nil }
+        return String(self[start..<end])
+    }
+
+    fileprivate func removingTwoParts(prefix: String, separator: String, suffix: String) -> (String, String)? {
+        guard let value = self.removing(prefix: prefix, suffix: suffix),
+              let range = value.range(of: separator)
+        else { return nil }
+        return (String(value[..<range.lowerBound]), String(value[range.upperBound...]))
+    }
 }
diff --git a/Sources/CodexBar/Providers/Shared/ProviderImplementation.swift b/Sources/CodexBar/Providers/Shared/ProviderImplementation.swift
index 7d5e22bd2..84e709525 100644
--- a/Sources/CodexBar/Providers/Shared/ProviderImplementation.swift
+++ b/Sources/CodexBar/Providers/Shared/ProviderImplementation.swift
@@ -42,10 +42,18 @@ protocol ProviderImplementation: Sendable {
     @MainActor
     func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor]
 
+    /// Optional provider-specific settings action rows to render in the Providers pane.
+    @MainActor
+    func settingsActions(context: ProviderSettingsContext) -> [ProviderSettingsActionsDescriptor]
+
     /// Optional provider-specific settings pickers to render in the Providers pane.
     @MainActor
     func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor]
 
+    /// Optional provider-specific organizations selection rendered in the Providers pane.
+    @MainActor
+    func settingsOrganizations(context: ProviderSettingsContext) -> ProviderSettingsOrganizationsDescriptor?
+
     /// Optional visibility gate for token account settings.
     @MainActor
     func tokenAccountsVisibility(context: ProviderSettingsContext, support: TokenAccountSupport) -> Bool
@@ -129,11 +137,21 @@ extension ProviderImplementation {
         []
     }
 
+    @MainActor
+    func settingsActions(context _: ProviderSettingsContext) -> [ProviderSettingsActionsDescriptor] {
+        []
+    }
+
     @MainActor
     func settingsPickers(context _: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
         []
     }
 
+    @MainActor
+    func settingsOrganizations(context _: ProviderSettingsContext) -> ProviderSettingsOrganizationsDescriptor? {
+        nil
+    }
+
     @MainActor
     func tokenAccountsVisibility(context: ProviderSettingsContext, support: TokenAccountSupport) -> Bool {
         guard support.requiresManualCookieSource else { return true }
diff --git a/Sources/CodexBar/Providers/Shared/ProviderImplementationRegistry.swift b/Sources/CodexBar/Providers/Shared/ProviderImplementationRegistry.swift
index 7938b3d49..ef97d3f06 100644
--- a/Sources/CodexBar/Providers/Shared/ProviderImplementationRegistry.swift
+++ b/Sources/CodexBar/Providers/Shared/ProviderImplementationRegistry.swift
@@ -14,15 +14,21 @@ enum ProviderImplementationRegistry {
     private static func makeImplementation(for provider: UsageProvider) -> (any ProviderImplementation) {
         switch provider {
         case .codex: CodexProviderImplementation()
+        case .openai: OpenAIAPIProviderImplementation()
+        case .azureopenai: AzureOpenAIProviderImplementation()
         case .claude: ClaudeProviderImplementation()
         case .cursor: CursorProviderImplementation()
         case .opencode: OpenCodeProviderImplementation()
+        case .opencodego: OpenCodeGoProviderImplementation()
+        case .alibaba: AlibabaCodingPlanProviderImplementation()
+        case .alibabatokenplan: AlibabaTokenPlanProviderImplementation()
         case .factory: FactoryProviderImplementation()
         case .gemini: GeminiProviderImplementation()
         case .antigravity: AntigravityProviderImplementation()
         case .copilot: CopilotProviderImplementation()
         case .zai: ZaiProviderImplementation()
         case .minimax: MiniMaxProviderImplementation()
+        case .manus: ManusProviderImplementation()
         case .kimi: KimiProviderImplementation()
         case .kilo: KiloProviderImplementation()
         case .kiro: KiroProviderImplementation()
@@ -30,11 +36,31 @@ enum ProviderImplementationRegistry {
         case .augment: AugmentProviderImplementation()
         case .jetbrains: JetBrainsProviderImplementation()
         case .kimik2: KimiK2ProviderImplementation()
+        case .moonshot: MoonshotProviderImplementation()
         case .amp: AmpProviderImplementation()
+        case .t3chat: T3ChatProviderImplementation()
         case .ollama: OllamaProviderImplementation()
         case .synthetic: SyntheticProviderImplementation()
         case .openrouter: OpenRouterProviderImplementation()
+        case .elevenlabs: ElevenLabsProviderImplementation()
         case .warp: WarpProviderImplementation()
+        case .windsurf: WindsurfProviderImplementation()
+        case .perplexity: PerplexityProviderImplementation()
+        case .mimo: MiMoProviderImplementation()
+        case .doubao: DoubaoProviderImplementation()
+        case .abacus: AbacusProviderImplementation()
+        case .mistral: MistralProviderImplementation()
+        case .deepseek: DeepSeekProviderImplementation()
+        case .codebuff: CodebuffProviderImplementation()
+        case .crof: CrofProviderImplementation()
+        case .venice: VeniceProviderImplementation()
+        case .commandcode: CommandCodeProviderImplementation()
+        case .stepfun: StepFunProviderImplementation()
+        case .bedrock: BedrockProviderImplementation()
+        case .grok: GrokProviderImplementation()
+        case .groq: GroqProviderImplementation()
+        case .llmproxy: LLMProxyProviderImplementation()
+        case .deepgram: DeepgramProviderImplementation()
         }
     }
 
diff --git a/Sources/CodexBar/Providers/Shared/ProviderMenuContext.swift b/Sources/CodexBar/Providers/Shared/ProviderMenuContext.swift
index 9161dd835..ac350b05e 100644
--- a/Sources/CodexBar/Providers/Shared/ProviderMenuContext.swift
+++ b/Sources/CodexBar/Providers/Shared/ProviderMenuContext.swift
@@ -16,6 +16,8 @@ struct ProviderMenuActionContext {
     let store: UsageStore
     let settings: SettingsStore
     let account: AccountInfo
+    let managedCodexAccountCoordinator: ManagedCodexAccountCoordinator?
+    let codexAccountPromotionCoordinator: CodexAccountPromotionCoordinator?
 }
 
 struct ProviderMenuLoginContext {
diff --git a/Sources/CodexBar/Providers/Shared/ProviderRuntime.swift b/Sources/CodexBar/Providers/Shared/ProviderRuntime.swift
index bac370d09..188543ed9 100644
--- a/Sources/CodexBar/Providers/Shared/ProviderRuntime.swift
+++ b/Sources/CodexBar/Providers/Shared/ProviderRuntime.swift
@@ -7,7 +7,7 @@ struct ProviderRuntimeContext {
     let store: UsageStore
 }
 
-enum ProviderRuntimeAction: Sendable {
+enum ProviderRuntimeAction {
     case forceSessionRefresh
     case openAIWebAccessToggled(Bool)
 }
diff --git a/Sources/CodexBar/Providers/Shared/ProviderSettingsDescriptors.swift b/Sources/CodexBar/Providers/Shared/ProviderSettingsDescriptors.swift
index d5a85b8f7..5dcefde14 100644
--- a/Sources/CodexBar/Providers/Shared/ProviderSettingsDescriptors.swift
+++ b/Sources/CodexBar/Providers/Shared/ProviderSettingsDescriptors.swift
@@ -25,6 +25,33 @@ struct ProviderSettingsContext {
     let setLastAppActiveRunAt: (String, Date?) -> Void
 
     let requestConfirmation: (ProviderSettingsConfirmation) -> Void
+    let runLoginFlow: () async -> Void
+
+    init(
+        provider: UsageProvider,
+        settings: SettingsStore,
+        store: UsageStore,
+        boolBinding: @escaping (ReferenceWritableKeyPath<SettingsStore, Bool>) -> Binding<Bool>,
+        stringBinding: @escaping (ReferenceWritableKeyPath<SettingsStore, String>) -> Binding<String>,
+        statusText: @escaping (String) -> String?,
+        setStatusText: @escaping (String, String?) -> Void,
+        lastAppActiveRunAt: @escaping (String) -> Date?,
+        setLastAppActiveRunAt: @escaping (String, Date?) -> Void,
+        requestConfirmation: @escaping (ProviderSettingsConfirmation) -> Void,
+        runLoginFlow: @escaping () async -> Void = {})
+    {
+        self.provider = provider
+        self.settings = settings
+        self.store = store
+        self.boolBinding = boolBinding
+        self.stringBinding = stringBinding
+        self.statusText = statusText
+        self.setStatusText = setStatusText
+        self.lastAppActiveRunAt = lastAppActiveRunAt
+        self.setLastAppActiveRunAt = setLastAppActiveRunAt
+        self.requestConfirmation = requestConfirmation
+        self.runLoginFlow = runLoginFlow
+    }
 }
 
 /// Shared confirmation alert descriptor.
@@ -76,6 +103,7 @@ struct ProviderSettingsFieldDescriptor: Identifiable {
     let id: String
     let title: String
     let subtitle: String
+    var footerText: String?
     let kind: Kind
     let placeholder: String?
     let binding: Binding<String>
@@ -84,6 +112,16 @@ struct ProviderSettingsFieldDescriptor: Identifiable {
     let onActivate: (() -> Void)?
 }
 
+/// Shared action row descriptor rendered in the Providers settings pane.
+@MainActor
+struct ProviderSettingsActionsDescriptor: Identifiable {
+    let id: String
+    let title: String
+    let subtitle: String
+    let actions: [ProviderSettingsActionDescriptor]
+    let isVisible: (() -> Bool)?
+}
+
 /// Shared token account descriptor rendered in the Providers settings pane.
 @MainActor
 struct ProviderSettingsTokenAccountsDescriptor: Identifiable {
@@ -96,12 +134,63 @@ struct ProviderSettingsTokenAccountsDescriptor: Identifiable {
     let accounts: () -> [ProviderTokenAccount]
     let activeIndex: () -> Int
     let setActiveIndex: (Int) -> Void
-    let addAccount: (_ label: String, _ token: String) -> Void
+    let showsOrganizationField: Bool
+    let addAccount: (_ label: String, _ token: String, _ organizationID: String?) -> Void
     let removeAccount: (_ accountID: UUID) -> Void
+    let primaryAddActionTitle: String?
+    let primaryAddAction: (() async -> Void)?
     let openConfigFile: () -> Void
     let reloadFromDisk: () -> Void
 }
 
+/// Shared organizations descriptor rendered in the Providers settings pane.
+///
+/// Used by providers that let the user opt in to additional account scopes
+/// (e.g. Kilo organizations) shown alongside the personal account.
+@MainActor
+struct ProviderSettingsOrganizationsDescriptor: Identifiable {
+    struct Entry: Identifiable {
+        let id: String
+        let title: String
+        let subtitle: String?
+        let localizesTitle: Bool
+        let localizesSubtitle: Bool
+        let isEnabled: Bool
+        let isLocked: Bool
+
+        init(
+            id: String,
+            title: String,
+            subtitle: String?,
+            localizesTitle: Bool = true,
+            localizesSubtitle: Bool = true,
+            isEnabled: Bool,
+            isLocked: Bool)
+        {
+            self.id = id
+            self.title = title
+            self.subtitle = subtitle
+            self.localizesTitle = localizesTitle
+            self.localizesSubtitle = localizesSubtitle
+            self.isEnabled = isEnabled
+            self.isLocked = isLocked
+        }
+    }
+
+    struct RefreshOutcome {
+        let success: Bool
+        let errorMessage: String?
+    }
+
+    let id: String
+    let title: String
+    let subtitle: String?
+    let entries: () -> [Entry]
+    let onToggle: (String, Bool) -> Void
+    let onRefresh: () async -> RefreshOutcome
+    let canRefresh: () -> Bool
+}
+
 /// Shared picker descriptor rendered in the Providers settings pane.
 @MainActor
 struct ProviderSettingsPickerDescriptor: Identifiable {
diff --git a/Sources/CodexBar/Providers/Shared/ProviderTokenAccountSelection.swift b/Sources/CodexBar/Providers/Shared/ProviderTokenAccountSelection.swift
index 58c18de55..86c2618ce 100644
--- a/Sources/CodexBar/Providers/Shared/ProviderTokenAccountSelection.swift
+++ b/Sources/CodexBar/Providers/Shared/ProviderTokenAccountSelection.swift
@@ -1,7 +1,7 @@
 import CodexBarCore
 import Foundation
 
-struct TokenAccountOverride: Sendable {
+struct TokenAccountOverride {
     let provider: UsageProvider
     let account: ProviderTokenAccount
 }
diff --git a/Sources/CodexBar/Providers/StepFun/StepFunProviderImplementation.swift b/Sources/CodexBar/Providers/StepFun/StepFunProviderImplementation.swift
new file mode 100644
index 000000000..dec72a8c8
--- /dev/null
+++ b/Sources/CodexBar/Providers/StepFun/StepFunProviderImplementation.swift
@@ -0,0 +1,161 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+import SwiftUI
+
+@ProviderImplementationRegistration
+struct StepFunProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .stepfun
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "web" }
+    }
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.stepfunCookieSource
+        _ = settings.stepfunUsername
+        _ = settings.stepfunPassword
+        _ = settings.stepfunToken
+    }
+
+    @MainActor
+    func isAvailable(context: ProviderAvailabilityContext) -> Bool {
+        // Available if any auth method is configured
+        if !context.settings.stepfunUsername.isEmpty, !context.settings.stepfunPassword.isEmpty {
+            return true
+        }
+        if context.settings.stepfunCookieSource == .manual, !context.settings.stepfunToken.isEmpty {
+            return true
+        }
+        if CookieHeaderCache.load(provider: .stepfun) != nil {
+            return true
+        }
+        if StepFunSettingsReader.username(environment: context.environment) != nil,
+           StepFunSettingsReader.password(environment: context.environment) != nil
+        {
+            return true
+        }
+        if StepFunSettingsReader.token(environment: context.environment) != nil {
+            return true
+        }
+        return false
+    }
+
+    @MainActor
+    func settingsSnapshot(context: ProviderSettingsSnapshotContext) -> ProviderSettingsSnapshotContribution? {
+        .stepfun(context.settings.stepfunSettingsSnapshot(tokenOverride: context.tokenOverride))
+    }
+
+    @MainActor
+    func tokenAccountsVisibility(context: ProviderSettingsContext, support: TokenAccountSupport) -> Bool {
+        guard support.requiresManualCookieSource else { return true }
+        if !context.settings.tokenAccounts(for: context.provider).isEmpty { return true }
+        return context.settings.stepfunCookieSource == .manual
+    }
+
+    @MainActor
+    func applyTokenAccountCookieSource(settings: SettingsStore) {
+        if settings.stepfunCookieSource != .manual {
+            settings.stepfunCookieSource = .manual
+        }
+    }
+
+    // MARK: - Settings Pickers
+
+    @MainActor
+    func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        let cookieBinding = Binding(
+            get: { context.settings.stepfunCookieSource.rawValue },
+            set: { raw in
+                context.settings.stepfunCookieSource = ProviderCookieSource(rawValue: raw) ?? .auto
+            })
+        let cookieOptions = ProviderCookieSourceUI.options(
+            allowsOff: true,
+            keychainDisabled: context.settings.debugDisableKeychainAccess)
+
+        let cookieSubtitle: () -> String? = {
+            ProviderCookieSourceUI.subtitle(
+                source: context.settings.stepfunCookieSource,
+                keychainDisabled: context.settings.debugDisableKeychainAccess,
+                auto: "Uses username + password to login and obtain an Oasis-Token automatically.",
+                manual: "Manually paste an Oasis-Token from a browser session.",
+                off: "StepFun authentication is disabled.")
+        }
+
+        return [
+            ProviderSettingsPickerDescriptor(
+                id: "stepfun-cookie-source",
+                title: "Auth source",
+                subtitle: "Uses username + password to login and obtain an Oasis-Token automatically.",
+                dynamicSubtitle: cookieSubtitle,
+                binding: cookieBinding,
+                options: cookieOptions,
+                isVisible: nil,
+                onChange: nil,
+                trailingText: {
+                    guard let entry = CookieHeaderCache.load(provider: .stepfun) else { return nil }
+                    let when = entry.storedAt.relativeDescription()
+                    return "Cached: \(entry.sourceLabel) • \(when)"
+                }),
+        ]
+    }
+
+    // MARK: - Settings Fields
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        // Auto mode: show username + password fields
+        let autoFields: [ProviderSettingsFieldDescriptor] = [
+            ProviderSettingsFieldDescriptor(
+                id: "stepfun-username",
+                title: "Username",
+                subtitle: "StepFun platform account (phone number or email).",
+                kind: .plain,
+                placeholder: "user@example.com",
+                binding: context.stringBinding(\.stepfunUsername),
+                actions: [],
+                isVisible: { context.settings.stepfunCookieSource != .manual },
+                onActivate: nil),
+            ProviderSettingsFieldDescriptor(
+                id: "stepfun-password",
+                title: "Password",
+                subtitle: "Your StepFun platform password. Used to login and obtain a session token.",
+                kind: .secure,
+                placeholder: "Password",
+                binding: context.stringBinding(\.stepfunPassword),
+                actions: [],
+                isVisible: { context.settings.stepfunCookieSource != .manual },
+                onActivate: nil),
+        ]
+
+        // Manual mode: show token field
+        let manualFields: [ProviderSettingsFieldDescriptor] = [
+            ProviderSettingsFieldDescriptor(
+                id: "stepfun-token",
+                title: "Oasis-Token",
+                subtitle: "Paste the Oasis-Token from a logged-in browser session on platform.stepfun.com.",
+                kind: .secure,
+                placeholder: "Oasis-Token=…",
+                binding: context.stringBinding(\.stepfunToken),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "stepfun-open-platform",
+                        title: "Open StepFun Platform",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            if let url = URL(string: "https://platform.stepfun.com/plan-usage") {
+                                NSWorkspace.shared.open(url)
+                            }
+                        }),
+                ],
+                isVisible: { context.settings.stepfunCookieSource == .manual },
+                onActivate: nil),
+        ]
+
+        return autoFields + manualFields
+    }
+}
diff --git a/Sources/CodexBar/Providers/StepFun/StepFunSettingsStore.swift b/Sources/CodexBar/Providers/StepFun/StepFunSettingsStore.swift
new file mode 100644
index 000000000..d1a533e90
--- /dev/null
+++ b/Sources/CodexBar/Providers/StepFun/StepFunSettingsStore.swift
@@ -0,0 +1,88 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    /// Username for StepFun login — stored in the apiKey config field.
+    var stepfunUsername: String {
+        get { self.configSnapshot.providerConfig(for: .stepfun)?.sanitizedAPIKey ?? "" }
+        set {
+            self.updateProviderConfig(provider: .stepfun) { entry in
+                entry.apiKey = self.normalizedConfigValue(newValue)
+            }
+            self.logProviderModeChange(
+                provider: .stepfun,
+                field: "username",
+                value: newValue.isEmpty ? "(cleared)" : "(updated)")
+        }
+    }
+
+    /// Password for StepFun login — stored in the cookieHeader config field (secure storage).
+    var stepfunPassword: String {
+        get { self.configSnapshot.providerConfig(for: .stepfun)?.sanitizedCookieHeader ?? "" }
+        set {
+            self.updateProviderConfig(provider: .stepfun) { entry in
+                entry.cookieHeader = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .stepfun, field: "password", value: newValue)
+        }
+    }
+
+    /// Manual Oasis-Token — stored in the region config field (repurposed for token).
+    var stepfunToken: String {
+        get { self.configSnapshot.providerConfig(for: .stepfun)?.region ?? "" }
+        set {
+            self.updateProviderConfig(provider: .stepfun) { entry in
+                entry.region = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .stepfun, field: "token", value: newValue)
+        }
+    }
+
+    var stepfunCookieSource: ProviderCookieSource {
+        get { self.resolvedCookieSource(provider: .stepfun, fallback: .auto) }
+        set {
+            self.updateProviderConfig(provider: .stepfun) { entry in
+                entry.cookieSource = newValue
+            }
+            self.logProviderModeChange(provider: .stepfun, field: "cookieSource", value: newValue.rawValue)
+        }
+    }
+
+    func stepfunSettingsSnapshot(tokenOverride: TokenAccountOverride?) -> ProviderSettingsSnapshot
+        .StepFunProviderSettings
+    {
+        ProviderSettingsSnapshot.StepFunProviderSettings(
+            cookieSource: self.stepfunSnapshotCookieSource(tokenOverride: tokenOverride),
+            manualToken: self.stepfunSnapshotToken(tokenOverride: tokenOverride),
+            username: self.stepfunUsername,
+            password: self.stepfunPassword)
+    }
+
+    private func stepfunSnapshotToken(tokenOverride: TokenAccountOverride?) -> String {
+        let fallback = self.stepfunToken
+        guard let support = TokenAccountSupportCatalog.support(for: .stepfun),
+              case .cookieHeader = support.injection
+        else {
+            return fallback
+        }
+        guard let account = ProviderTokenAccountSelection.selectedAccount(
+            provider: .stepfun,
+            settings: self,
+            override: tokenOverride)
+        else {
+            return fallback
+        }
+        return TokenAccountSupportCatalog.normalizedCookieHeader(account.token, support: support)
+    }
+
+    private func stepfunSnapshotCookieSource(tokenOverride: TokenAccountOverride?) -> ProviderCookieSource {
+        let fallback = self.stepfunCookieSource
+        guard let support = TokenAccountSupportCatalog.support(for: .stepfun),
+              support.requiresManualCookieSource
+        else {
+            return fallback
+        }
+        if self.tokenAccounts(for: .stepfun).isEmpty { return fallback }
+        return .manual
+    }
+}
diff --git a/Sources/CodexBar/Providers/T3Chat/T3ChatProviderImplementation.swift b/Sources/CodexBar/Providers/T3Chat/T3ChatProviderImplementation.swift
new file mode 100644
index 000000000..6a1c36463
--- /dev/null
+++ b/Sources/CodexBar/Providers/T3Chat/T3ChatProviderImplementation.swift
@@ -0,0 +1,81 @@
+import AppKit
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+import SwiftUI
+
+@ProviderImplementationRegistration
+struct T3ChatProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .t3chat
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.t3ChatCookieSource
+        _ = settings.t3ChatCookieHeader
+    }
+
+    @MainActor
+    func settingsSnapshot(context: ProviderSettingsSnapshotContext) -> ProviderSettingsSnapshotContribution? {
+        .t3chat(context.settings.t3ChatSettingsSnapshot(tokenOverride: context.tokenOverride))
+    }
+
+    @MainActor
+    func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        let cookieBinding = Binding(
+            get: { context.settings.t3ChatCookieSource.rawValue },
+            set: { raw in
+                context.settings.t3ChatCookieSource = ProviderCookieSource(rawValue: raw) ?? .auto
+            })
+        let cookieOptions = ProviderCookieSourceUI.options(
+            allowsOff: false,
+            keychainDisabled: context.settings.debugDisableKeychainAccess)
+
+        let cookieSubtitle: () -> String? = {
+            ProviderCookieSourceUI.subtitle(
+                source: context.settings.t3ChatCookieSource,
+                keychainDisabled: context.settings.debugDisableKeychainAccess,
+                auto: "Automatically imports browser cookies.",
+                manual: "Paste a Cookie header or cURL capture from T3 Chat settings.",
+                off: "Paste a Cookie header or cURL capture from T3 Chat settings.")
+        }
+
+        return [
+            ProviderSettingsPickerDescriptor(
+                id: "t3chat-cookie-source",
+                title: "Cookie source",
+                subtitle: "Automatically imports browser cookies.",
+                dynamicSubtitle: cookieSubtitle,
+                binding: cookieBinding,
+                options: cookieOptions,
+                isVisible: nil,
+                onChange: nil),
+        ]
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "t3chat-cookie",
+                title: "T3 Chat cookie",
+                subtitle: "Paste a Cookie header or full cURL capture from T3 Chat settings.",
+                kind: .secure,
+                placeholder: "Cookie: ...",
+                binding: context.stringBinding(\.t3ChatCookieHeader),
+                actions: [
+                    ProviderSettingsActionDescriptor(
+                        id: "t3chat-open-settings",
+                        title: "Open T3 Chat Settings",
+                        style: .link,
+                        isVisible: nil,
+                        perform: {
+                            if let url = URL(string: "https://t3.chat/settings/customization") {
+                                NSWorkspace.shared.open(url)
+                            }
+                        }),
+                ],
+                isVisible: { context.settings.t3ChatCookieSource == .manual },
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/T3Chat/T3ChatSettingsStore.swift b/Sources/CodexBar/Providers/T3Chat/T3ChatSettingsStore.swift
new file mode 100644
index 000000000..8f092953c
--- /dev/null
+++ b/Sources/CodexBar/Providers/T3Chat/T3ChatSettingsStore.swift
@@ -0,0 +1,62 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var t3ChatCookieHeader: String {
+        get { self.configSnapshot.providerConfig(for: .t3chat)?.sanitizedCookieHeader ?? "" }
+        set {
+            self.updateProviderConfig(provider: .t3chat) { entry in
+                entry.cookieHeader = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .t3chat, field: "cookieHeader", value: newValue)
+        }
+    }
+
+    var t3ChatCookieSource: ProviderCookieSource {
+        get { self.resolvedCookieSource(provider: .t3chat, fallback: .auto) }
+        set {
+            self.updateProviderConfig(provider: .t3chat) { entry in
+                entry.cookieSource = newValue
+            }
+            self.logProviderModeChange(provider: .t3chat, field: "cookieSource", value: newValue.rawValue)
+        }
+    }
+}
+
+extension SettingsStore {
+    func t3ChatSettingsSnapshot(
+        tokenOverride: TokenAccountOverride?) -> ProviderSettingsSnapshot.T3ChatProviderSettings
+    {
+        ProviderSettingsSnapshot.T3ChatProviderSettings(
+            cookieSource: self.t3ChatSnapshotCookieSource(tokenOverride: tokenOverride),
+            manualCookieHeader: self.t3ChatSnapshotCookieHeader(tokenOverride: tokenOverride))
+    }
+
+    private func t3ChatSnapshotCookieHeader(tokenOverride: TokenAccountOverride?) -> String {
+        let fallback = self.t3ChatCookieHeader
+        guard let support = TokenAccountSupportCatalog.support(for: .t3chat),
+              case .cookieHeader = support.injection
+        else {
+            return fallback
+        }
+        guard let account = ProviderTokenAccountSelection.selectedAccount(
+            provider: .t3chat,
+            settings: self,
+            override: tokenOverride)
+        else {
+            return fallback
+        }
+        return TokenAccountSupportCatalog.normalizedCookieHeader(account.token, support: support)
+    }
+
+    private func t3ChatSnapshotCookieSource(tokenOverride: TokenAccountOverride?) -> ProviderCookieSource {
+        let fallback = self.t3ChatCookieSource
+        guard let support = TokenAccountSupportCatalog.support(for: .t3chat),
+              support.requiresManualCookieSource
+        else {
+            return fallback
+        }
+        if self.tokenAccounts(for: .t3chat).isEmpty { return fallback }
+        return .manual
+    }
+}
diff --git a/Sources/CodexBar/Providers/Venice/VeniceProviderImplementation.swift b/Sources/CodexBar/Providers/Venice/VeniceProviderImplementation.swift
new file mode 100644
index 000000000..d16b84b74
--- /dev/null
+++ b/Sources/CodexBar/Providers/Venice/VeniceProviderImplementation.swift
@@ -0,0 +1,29 @@
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderImplementationRegistration
+struct VeniceProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .venice
+
+    @MainActor
+    func presentation(context _: ProviderPresentationContext) -> ProviderPresentation {
+        ProviderPresentation { _ in "api" }
+    }
+
+    @MainActor
+    func observeSettings(_: SettingsStore) {}
+
+    @MainActor
+    func isAvailable(context: ProviderAvailabilityContext) -> Bool {
+        if VeniceSettingsReader.apiKey(environment: context.environment) != nil {
+            return true
+        }
+        return !context.settings.tokenAccounts(for: .venice).isEmpty
+    }
+
+    @MainActor
+    func settingsFields(context _: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        []
+    }
+}
diff --git a/Sources/CodexBar/Providers/VertexAI/VertexAILoginFlow.swift b/Sources/CodexBar/Providers/VertexAI/VertexAILoginFlow.swift
index 1f8fe5418..2741f091d 100644
--- a/Sources/CodexBar/Providers/VertexAI/VertexAILoginFlow.swift
+++ b/Sources/CodexBar/Providers/VertexAI/VertexAILoginFlow.swift
@@ -7,20 +7,11 @@ extension StatusItemController {
     func runVertexAILoginFlow() async {
         // Show alert with instructions
         let alert = NSAlert()
-        alert.messageText = "Vertex AI Login"
-        alert.informativeText = """
-        To use Vertex AI tracking, you need to authenticate with Google Cloud.
-
-        1. Open Terminal
-        2. Run: gcloud auth application-default login
-        3. Follow the browser prompts to sign in
-        4. Set your project: gcloud config set project PROJECT_ID
-
-        Would you like to open Terminal now?
-        """
+        alert.messageText = L("Vertex AI Login")
+        alert.informativeText = L("vertex_ai_login_instructions")
         alert.alertStyle = .informational
-        alert.addButton(withTitle: "Open Terminal")
-        alert.addButton(withTitle: "Cancel")
+        alert.addButton(withTitle: L("Open Terminal"))
+        alert.addButton(withTitle: L("Cancel"))
 
         let response = alert.runModal()
 
diff --git a/Sources/CodexBar/Providers/Windsurf/WindsurfProviderImplementation.swift b/Sources/CodexBar/Providers/Windsurf/WindsurfProviderImplementation.swift
new file mode 100644
index 000000000..38d290663
--- /dev/null
+++ b/Sources/CodexBar/Providers/Windsurf/WindsurfProviderImplementation.swift
@@ -0,0 +1,106 @@
+import CodexBarCore
+import CodexBarMacroSupport
+import Foundation
+import SwiftUI
+
+@ProviderImplementationRegistration
+struct WindsurfProviderImplementation: ProviderImplementation {
+    let id: UsageProvider = .windsurf
+
+    @MainActor
+    func observeSettings(_ settings: SettingsStore) {
+        _ = settings.windsurfUsageDataSource
+        _ = settings.windsurfCookieSource
+        _ = settings.windsurfCookieHeader
+    }
+
+    @MainActor
+    func settingsSnapshot(context: ProviderSettingsSnapshotContext) -> ProviderSettingsSnapshotContribution? {
+        .windsurf(context.settings.windsurfSettingsSnapshot(tokenOverride: context.tokenOverride))
+    }
+
+    @MainActor
+    func sourceMode(context: ProviderSourceModeContext) -> ProviderSourceMode {
+        switch context.settings.windsurfUsageDataSource {
+        case .auto: .auto
+        case .web: .web
+        case .cli: .cli
+        }
+    }
+
+    @MainActor
+    func settingsPickers(context: ProviderSettingsContext) -> [ProviderSettingsPickerDescriptor] {
+        // Usage source picker
+        let usageBinding = Binding(
+            get: { context.settings.windsurfUsageDataSource.rawValue },
+            set: { raw in
+                context.settings.windsurfUsageDataSource = WindsurfUsageDataSource(rawValue: raw) ?? .auto
+            })
+        let usageOptions = WindsurfUsageDataSource.allCases.map {
+            ProviderSettingsPickerOption(id: $0.rawValue, title: $0.displayName)
+        }
+
+        // Cookie source picker
+        let cookieBinding = Binding(
+            get: { context.settings.windsurfCookieSource.rawValue },
+            set: { raw in
+                context.settings.windsurfCookieSource = ProviderCookieSource(rawValue: raw) ?? .auto
+            })
+        let cookieOptions = ProviderCookieSourceUI.options(
+            allowsOff: true,
+            keychainDisabled: context.settings.debugDisableKeychainAccess)
+
+        let cookieSubtitle: () -> String? = {
+            ProviderCookieSourceUI.subtitle(
+                source: context.settings.windsurfCookieSource,
+                keychainDisabled: context.settings.debugDisableKeychainAccess,
+                auto: "Automatic imports Windsurf session data from Chromium browser localStorage.",
+                manual: "Paste the Windsurf session JSON bundle from localStorage.",
+                off: "Windsurf web API access is disabled.")
+        }
+
+        return [
+            ProviderSettingsPickerDescriptor(
+                id: "windsurf-usage-source",
+                title: "Usage source",
+                subtitle: "Auto falls back to the next source if the preferred one fails.",
+                binding: usageBinding,
+                options: usageOptions,
+                isVisible: nil,
+                onChange: nil,
+                trailingText: {
+                    guard context.settings.windsurfUsageDataSource == .auto else { return nil }
+                    let label = context.store.sourceLabel(for: .windsurf)
+                    return label == "auto" ? nil : label
+                }),
+            ProviderSettingsPickerDescriptor(
+                id: "windsurf-cookie-source",
+                title: "Cookie source",
+                subtitle: "Automatic imports Windsurf session data from Chromium browser localStorage.",
+                dynamicSubtitle: cookieSubtitle,
+                binding: cookieBinding,
+                options: cookieOptions,
+                isVisible: nil,
+                onChange: nil,
+                trailingText: nil),
+        ]
+    }
+
+    @MainActor
+    func settingsFields(context: ProviderSettingsContext) -> [ProviderSettingsFieldDescriptor] {
+        [
+            ProviderSettingsFieldDescriptor(
+                id: "windsurf-cookie-header",
+                title: "",
+                subtitle: "",
+                kind: .secure,
+                placeholder: "Windsurf session JSON bundle",
+                binding: context.stringBinding(\.windsurfCookieHeader),
+                actions: [],
+                isVisible: {
+                    context.settings.windsurfCookieSource == .manual
+                },
+                onActivate: nil),
+        ]
+    }
+}
diff --git a/Sources/CodexBar/Providers/Windsurf/WindsurfSettingsStore.swift b/Sources/CodexBar/Providers/Windsurf/WindsurfSettingsStore.swift
new file mode 100644
index 000000000..683e97c7e
--- /dev/null
+++ b/Sources/CodexBar/Providers/Windsurf/WindsurfSettingsStore.swift
@@ -0,0 +1,93 @@
+import CodexBarCore
+import Foundation
+
+extension SettingsStore {
+    var windsurfUsageDataSource: WindsurfUsageDataSource {
+        get {
+            let source = self.configSnapshot.providerConfig(for: .windsurf)?.source
+            return Self.windsurfUsageDataSource(from: source)
+        }
+        set {
+            let source: ProviderSourceMode? = switch newValue {
+            case .auto: .auto
+            case .web: .web
+            case .cli: .cli
+            }
+            self.updateProviderConfig(provider: .windsurf) { entry in
+                entry.source = source
+            }
+            self.logProviderModeChange(provider: .windsurf, field: "usageSource", value: newValue.rawValue)
+        }
+    }
+
+    var windsurfCookieSource: ProviderCookieSource {
+        get { self.resolvedCookieSource(provider: .windsurf, fallback: .auto) }
+        set {
+            self.updateProviderConfig(provider: .windsurf) { entry in
+                entry.cookieSource = newValue
+            }
+            self.logProviderModeChange(provider: .windsurf, field: "cookieSource", value: newValue.rawValue)
+        }
+    }
+
+    var windsurfCookieHeader: String {
+        get { self.configSnapshot.providerConfig(for: .windsurf)?.sanitizedCookieHeader ?? "" }
+        set {
+            self.updateProviderConfig(provider: .windsurf) { entry in
+                entry.cookieHeader = self.normalizedConfigValue(newValue)
+            }
+            self.logSecretUpdate(provider: .windsurf, field: "cookieHeader", value: newValue)
+        }
+    }
+}
+
+extension SettingsStore {
+    func windsurfSettingsSnapshot(
+        tokenOverride: TokenAccountOverride?) -> ProviderSettingsSnapshot.WindsurfProviderSettings
+    {
+        ProviderSettingsSnapshot.WindsurfProviderSettings(
+            usageDataSource: self.windsurfUsageDataSource,
+            cookieSource: self.windsurfSnapshotCookieSource(tokenOverride: tokenOverride),
+            manualCookieHeader: self.windsurfSnapshotCookieHeader(tokenOverride: tokenOverride))
+    }
+
+    private static func windsurfUsageDataSource(from source: ProviderSourceMode?) -> WindsurfUsageDataSource {
+        guard let source else { return .auto }
+        switch source {
+        case .auto, .oauth, .api:
+            return .auto
+        case .web:
+            return .web
+        case .cli:
+            return .cli
+        }
+    }
+
+    private func windsurfSnapshotCookieHeader(tokenOverride: TokenAccountOverride?) -> String {
+        let fallback = self.windsurfCookieHeader
+        guard let support = TokenAccountSupportCatalog.support(for: .windsurf),
+              case .cookieHeader = support.injection
+        else {
+            return fallback
+        }
+        guard let account = ProviderTokenAccountSelection.selectedAccount(
+            provider: .windsurf,
+            settings: self,
+            override: tokenOverride)
+        else {
+            return fallback
+        }
+        return TokenAccountSupportCatalog.normalizedCookieHeader(account.token, support: support)
+    }
+
+    private func windsurfSnapshotCookieSource(tokenOverride: TokenAccountOverride?) -> ProviderCookieSource {
+        let fallback = self.windsurfCookieSource
+        guard let support = TokenAccountSupportCatalog.support(for: .windsurf),
+              support.requiresManualCookieSource
+        else {
+            return fallback
+        }
+        if self.tokenAccounts(for: .windsurf).isEmpty { return fallback }
+        return .manual
+    }
+}
diff --git a/Sources/CodexBar/QuotaWarningSettingsViews.swift b/Sources/CodexBar/QuotaWarningSettingsViews.swift
new file mode 100644
index 000000000..ce37b40f1
--- /dev/null
+++ b/Sources/CodexBar/QuotaWarningSettingsViews.swift
@@ -0,0 +1,252 @@
+import CodexBarCore
+import SwiftUI
+
+@MainActor
+struct GlobalQuotaWarningSettingsView: View {
+    @Bindable var settings: SettingsStore
+
+    var body: some View {
+        VStack(alignment: .leading, spacing: 10) {
+            HStack(spacing: 16) {
+                Toggle(isOn: Binding(
+                    get: { self.settings.quotaWarningWindowEnabled(.session) },
+                    set: { self.settings.setQuotaWarningWindowEnabled(.session, enabled: $0) }))
+                {
+                    Text(L("quota_warning_session_capitalized"))
+                        .font(.footnote)
+                }
+                .toggleStyle(.checkbox)
+
+                Toggle(isOn: Binding(
+                    get: { self.settings.quotaWarningWindowEnabled(.weekly) },
+                    set: { self.settings.setQuotaWarningWindowEnabled(.weekly, enabled: $0) }))
+                {
+                    Text(L("quota_warning_weekly_capitalized"))
+                        .font(.footnote)
+                }
+                .toggleStyle(.checkbox)
+            }
+
+            self.windowThresholdField(.session)
+            self.windowThresholdField(.weekly)
+
+            Toggle(isOn: self.$settings.quotaWarningSoundEnabled) {
+                Text(L("quota_warning_sound"))
+                    .font(.footnote)
+            }
+            .toggleStyle(.checkbox)
+        }
+        .padding(.leading, 20)
+    }
+
+    private func windowThresholdField(_ window: QuotaWarningWindow) -> some View {
+        QuotaWarningThresholdField(
+            title: String(format: L("quota_warning_window_warn_at"), window.localizedCapitalizedDisplayName),
+            subtitle: L("quota_warning_global_threshold_subtitle"),
+            thresholds: { self.settings.quotaWarningThresholds(window) },
+            setThresholds: { self.settings.setQuotaWarningThresholds(window, thresholds: $0) })
+            .disabled(!self.settings.quotaWarningWindowEnabled(window))
+            .opacity(!self.settings.quotaWarningWindowEnabled(window) ? 0.55 : 1)
+    }
+}
+
+@MainActor
+struct ProviderQuotaWarningSettingsView: View {
+    let provider: UsageProvider
+    @Bindable var settings: SettingsStore
+
+    var body: some View {
+        ProviderSettingsSection(title: L("quota_warnings_title")) {
+            Text(L("quota_warning_provider_inherits"))
+                .font(.footnote)
+                .foregroundStyle(.secondary)
+                .fixedSize(horizontal: false, vertical: true)
+
+            self.windowRow(.session)
+            self.windowRow(.weekly)
+        }
+    }
+
+    private func windowRow(_ window: QuotaWarningWindow) -> some View {
+        VStack(alignment: .leading, spacing: 8) {
+            Toggle(isOn: Binding(
+                get: { self.settings.hasQuotaWarningOverride(provider: self.provider, window: window) },
+                set: { isOn in
+                    if isOn {
+                        self.settings.setQuotaWarningOverride(
+                            provider: self.provider,
+                            window: window,
+                            thresholds: self.settings.quotaWarningThresholds(window),
+                            enabled: self.settings.quotaWarningWindowEnabled(window))
+                    } else {
+                        self.settings.setQuotaWarningOverride(
+                            provider: self.provider,
+                            window: window,
+                            thresholds: nil,
+                            enabled: nil)
+                    }
+                })) {
+                    Text(String(format: L("quota_warning_customize_thresholds"), window.localizedDisplayName))
+                        .font(.subheadline.weight(.semibold))
+                }
+                .toggleStyle(.checkbox)
+
+            if self.settings.hasQuotaWarningOverride(provider: self.provider, window: window) {
+                Toggle(isOn: Binding(
+                    get: { self.settings.quotaWarningEnabled(provider: self.provider, window: window) },
+                    set: {
+                        self.settings.setQuotaWarningWindowEnabled(
+                            provider: self.provider,
+                            window: window,
+                            enabled: $0)
+                    })) {
+                        Text(String(format: L("quota_warning_enable_warnings"), window.localizedDisplayName))
+                            .font(.footnote)
+                    }
+                    .toggleStyle(.checkbox)
+                        .padding(.leading, 20)
+
+                if self.settings.quotaWarningEnabled(provider: self.provider, window: window) {
+                    QuotaWarningThresholdField(
+                        title: String(
+                            format: L("quota_warning_window_warn_at"),
+                            window.localizedCapitalizedDisplayName),
+                        subtitle: "",
+                        thresholds: {
+                            self.settings.resolvedQuotaWarningThresholds(provider: self.provider, window: window)
+                        },
+                        setThresholds: {
+                            self.settings.setQuotaWarningThresholds(
+                                provider: self.provider,
+                                window: window,
+                                thresholds: $0)
+                        })
+                        .padding(.leading, 20)
+                } else {
+                    Text(L("quota_warning_off"))
+                        .font(.footnote)
+                        .foregroundStyle(.secondary)
+                        .padding(.leading, 20)
+                }
+            } else {
+                Text(String(format: L("quota_warning_inherited"), Self.thresholdText(
+                    self.settings.quotaWarningThresholds(window),
+                    enabled: self.settings.quotaWarningWindowEnabled(window))))
+                    .font(.footnote)
+                    .foregroundStyle(.secondary)
+                    .padding(.leading, 20)
+            }
+        }
+    }
+
+    private static func thresholdText(_ thresholds: [Int], enabled: Bool) -> String {
+        guard enabled else { return L("quota_warning_off") }
+        let text = QuotaWarningThresholds.active(thresholds).map { "\($0)%" }.joined(separator: ", ")
+        return text.isEmpty ? L("quota_warning_depleted_only") : text
+    }
+}
+
+extension QuotaWarningWindow {
+    fileprivate var localizedDisplayName: String {
+        switch self {
+        case .session: L("quota_warning_session")
+        case .weekly: L("quota_warning_weekly")
+        }
+    }
+
+    fileprivate var localizedCapitalizedDisplayName: String {
+        switch self {
+        case .session: L("quota_warning_session_capitalized")
+        case .weekly: L("quota_warning_weekly_capitalized")
+        }
+    }
+}
+
+@MainActor
+private struct QuotaWarningThresholdField: View {
+    let title: String
+    let subtitle: String
+    let thresholds: () -> [Int]
+    let setThresholds: ([Int]) -> Void
+
+    @State private var upperText: String = ""
+    @State private var lowerText: String = ""
+
+    var body: some View {
+        VStack(alignment: .leading, spacing: 6) {
+            HStack(alignment: .firstTextBaseline, spacing: 10) {
+                Text(self.title)
+                    .font(.footnote.weight(.semibold))
+                    .frame(width: 110, alignment: .leading)
+
+                Text(L("quota_warning_upper"))
+                    .font(.footnote)
+                    .foregroundStyle(.secondary)
+
+                TextField("50", text: self.$upperText)
+                    .textFieldStyle(.roundedBorder)
+                    .font(.footnote)
+                    .frame(width: 56)
+                    .onChange(of: self.upperText) { _, value in
+                        self.upperText = Self.filteredIntegerText(value)
+                    }
+                    .onSubmit { self.commit() }
+
+                Text(L("quota_warning_lower"))
+                    .font(.footnote)
+                    .foregroundStyle(.secondary)
+
+                TextField("20", text: self.$lowerText)
+                    .textFieldStyle(.roundedBorder)
+                    .font(.footnote)
+                    .frame(width: 56)
+                    .onChange(of: self.lowerText) { _, value in
+                        self.lowerText = Self.filteredIntegerText(value)
+                    }
+                    .onSubmit { self.commit() }
+
+                Button(L("apply")) { self.commit() }
+                    .controlSize(.small)
+            }
+
+            if !self.subtitle.isEmpty {
+                Text(self.subtitle)
+                    .font(.footnote)
+                    .foregroundStyle(.secondary)
+                    .fixedSize(horizontal: false, vertical: true)
+            }
+        }
+        .onAppear { self.updateText(from: self.thresholds()) }
+        .onChange(of: self.thresholds()) { _, value in
+            self.updateText(from: value)
+        }
+    }
+
+    private func commit() {
+        let sanitized = QuotaWarningThresholds.resolved(
+            upper: Self.integer(from: self.upperText),
+            lower: Self.integer(from: self.lowerText))
+        self.updateText(from: sanitized)
+        self.setThresholds(sanitized)
+    }
+
+    private func updateText(from thresholds: [Int]) {
+        let pair = Self.pair(from: thresholds)
+        self.upperText = pair.upper.map(String.init) ?? ""
+        self.lowerText = pair.lower.map(String.init) ?? ""
+    }
+
+    private static func pair(from thresholds: [Int]) -> (upper: Int?, lower: Int?) {
+        let sanitized = QuotaWarningThresholds.sanitized(thresholds)
+        return (sanitized.first, sanitized.dropFirst().first)
+    }
+
+    private static func integer(from text: String) -> Int? {
+        guard !text.isEmpty else { return nil }
+        return Int(text)
+    }
+
+    private static func filteredIntegerText(_ text: String) -> String {
+        String(text.filter(\.isNumber).prefix(2))
+    }
+}
diff --git a/Sources/CodexBar/Resources/ProviderIcon-abacus.svg b/Sources/CodexBar/Resources/ProviderIcon-abacus.svg
new file mode 100644
index 000000000..468bb3dfe
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-abacus.svg
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="100" height="100" viewBox="0 0 100 100" fill="none" xmlns="http://www.w3.org/2000/svg">
+    <!-- Abacus AI logo: stylized vertical lines with dots -->
+    <g transform="translate(15, 10)">
+        <!-- Vertical lines -->
+        <rect x="0" y="0" width="4" height="80" rx="2" fill="white"/>
+        <rect x="17.5" y="0" width="4" height="80" rx="2" fill="white"/>
+        <rect x="35" y="0" width="4" height="80" rx="2" fill="white"/>
+        <rect x="52.5" y="0" width="4" height="80" rx="2" fill="white"/>
+        <rect x="66" y="0" width="4" height="80" rx="2" fill="white"/>
+        <!-- Dots on the lines (beads on an abacus) -->
+        <circle cx="2" cy="20" r="7" fill="white"/>
+        <circle cx="19.5" cy="45" r="7" fill="white"/>
+        <circle cx="37" cy="30" r="7" fill="white"/>
+        <circle cx="54.5" cy="60" r="7" fill="white"/>
+        <circle cx="68" cy="40" r="7" fill="white"/>
+    </g>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-alibaba.svg b/Sources/CodexBar/Resources/ProviderIcon-alibaba.svg
new file mode 100644
index 000000000..dce0fb9da
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-alibaba.svg
@@ -0,0 +1,3 @@
+<svg width="200" height="200" viewBox="0 0 200 200" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path fill-rule="evenodd" clip-rule="evenodd" d="M174.82 108.75L155.38 75L165.64 57.75C166.46 56.31 166.46 54.53 165.64 53.09L155.38 35.84C154.86 34.91 153.87 34.33 152.78 34.33H114.88L106.14 19.03C105.62 18.1 104.63 17.52 103.54 17.52H83.3C82.21 17.52 81.22 18.1 80.7 19.03L61.26 52.77H41.02C39.93 52.77 38.94 53.35 38.42 54.28L28.16 71.53C27.34 72.97 27.34 74.75 28.16 76.19L45.52 107.5L36.78 122.8C35.96 124.24 35.96 126.02 36.78 127.46L47.04 144.71C47.56 145.64 48.55 146.22 49.64 146.22H87.54L96.28 161.52C96.8 162.45 97.79 163.03 98.88 163.03H119.12C120.21 163.03 121.2 162.45 121.72 161.52L141.16 127.78H158.52C159.61 127.78 160.6 127.2 161.12 126.27L171.38 109.02C172.2 107.58 172.2 105.8 171.38 104.36L174.82 108.75ZM127.86 79.83H76.14L101.18 122.11L127.86 79.83Z" fill="#111111"/>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-bedrock.svg b/Sources/CodexBar/Resources/ProviderIcon-bedrock.svg
new file mode 100644
index 000000000..01dd2f59f
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-bedrock.svg
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="100" height="100" viewBox="0 0 100 100" version="1.1" xmlns="http://www.w3.org/2000/svg">
+    <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+        <g transform="scale(2, 2)" fill="#FFFFFF">
+            <path d="M41,20.9998818 C40.448,20.9998818 40,20.5508818 40,19.9998818 C40,19.4488818 40.448,18.9998818 41,18.9998818 C41.552,18.9998818 42,19.4488818 42,19.9998818 C42,20.5508818 41.552,20.9998818 41,20.9998818 L41,20.9998818 Z M16.977,41.8478818 L13.774,40.1018818 L17.515,37.8568818 L16.485,36.1428818 L11.738,38.9908818 L7,36.4058818 L7,30.5658818 L11.515,27.8568818 L10.485,26.1428818 L6,28.8338818 L2,26.4338818 L2,22.6178818 L7.447,19.8948818 L6.553,18.1048818 L2,20.3818818 L2,17.6178818 L6.956,15.1398818 L11,17.5658818 L11,20.3818818 L7.553,22.1048818 L8.447,23.8948818 L12.003,22.1168818 L15.557,23.8768818 L16.443,22.0848818 L13,20.3798818 L13,17.5658818 L17.515,14.8568818 C17.815,14.6768818 18,14.3508818 18,13.9998818 L18,8.99988178 L16,8.99988178 L16,13.4338818 L12,15.8338818 L8,13.4338818 L8,6.58788178 L11,4.92188178 L11,10.9998818 L13,10.9998818 L13,3.81088178 L16.024,2.12988178 L21.002,4.61588178 L21.001,26.4498818 L10.463,33.1558818 L11.537,34.8438818 L21.001,28.8218818 L21,39.4338818 L16.977,41.8478818 Z M38,28.9998818 C38.552,28.9998818 39,29.4488818 39,29.9998818 C39,30.5508818 38.552,30.9998818 38,30.9998818 C37.448,30.9998818 37,30.5508818 37,29.9998818 C37,29.4488818 37.448,28.9998818 38,28.9998818 L38,28.9998818 Z M30,38.9998818 C29.448,38.9998818 29,38.5508818 29,37.9998818 C29,37.4488818 29.448,36.9998818 30,36.9998818 C30.552,36.9998818 31,37.4488818 31,37.9998818 C31,38.5508818 30.552,38.9998818 30,38.9998818 L30,38.9998818 Z M32,5.99988178 C32.552,5.99988178 33,6.44888178 33,6.99988178 C33,7.55088178 32.552,7.99988178 32,7.99988178 C31.448,7.99988178 31,7.55088178 31,6.99988178 C31,6.44888178 31.448,5.99988178 32,5.99988178 L32,5.99988178 Z M41,16.9998818 C39.698,16.9998818 38.598,17.8388818 38.184,18.9998818 L23.001,18.9998818 L23.001,14.9998818 L32,14.9998818 C32.553,14.9998818 33,14.5518818 33,13.9998818 L33,9.81588178 C34.161,9.40188178 35,8.30188178 35,6.99988178 C35,5.34588178 33.654,3.99988178 32,3.99988178 C30.346,3.99988178 29,5.34588178 29,6.99988178 C29,8.30188178 29.839,9.40188178 31,9.81588178 L31,12.9998818 L23.001,12.9998818 L23.002,3.99788178 C23.002,3.61888178 22.788,3.27288178 22.449,3.10388178 L16.447,0.104881781 C16.151,-0.0421182195 15.803,-0.0341182195 15.515,0.125881781 L6.515,5.12588178 C6.197,5.30188178 6,5.63688178 6,5.99988178 L6,13.3818818 L0.553,16.1048818 C0.214,16.2748818 0,16.6208818 0,16.9998818 L0,26.9998818 C0,27.3508818 0.185,27.6768818 0.485,27.8568818 L5,30.5658818 L5,36.9998818 C5,37.3658818 5.2,37.7028818 5.521,37.8778818 L16.521,43.8778818 C16.671,43.9588818 16.835,43.9998818 17,43.9998818 C17.179,43.9998818 17.356,43.9518818 17.515,43.8568818 L22.515,40.8568818 C22.815,40.6768818 23,40.3508818 23,39.9998818 L23,32.9998818 L29,32.9998818 L29,35.1838818 C27.839,35.5978818 27,36.6978818 27,37.9998818 C27,39.6538818 28.346,40.9998818 30,40.9998818 C31.654,40.9998818 33,39.6538818 33,37.9998818 C33,36.6978818 32.161,35.5978818 31,35.1838818 L31,31.9998818 C31,31.4478818 30.553,30.9998818 30,30.9998818 L23,30.9998818 L23.001,26.9998818 L33.586,26.9998818 L35.301,28.7148818 C35.113,29.1058818 35,29.5378818 35,29.9998818 C35,31.6538818 36.346,32.9998818 38,32.9998818 C39.654,32.9998818 41,31.6538818 41,29.9998818 C41,28.3458818 39.654,26.9998818 38,26.9998818 C37.538,26.9998818 37.106,27.1128818 36.715,27.3008818 L34.707,25.2928818 C34.52,25.1048818 34.266,24.9998818 34,24.9998818 L23.001,24.9998818 L23.001,20.9998818 L38.184,20.9998818 C38.598,22.1608818 39.698,22.9998818 41,22.9998818 C42.654,22.9998818 44,21.6538818 44,19.9998818 C44,18.3458818 42.654,16.9998818 41,16.9998818 L41,16.9998818 Z" />
+        </g>
+    </g>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-codebuff.svg b/Sources/CodexBar/Resources/ProviderIcon-codebuff.svg
new file mode 100644
index 000000000..6d5f9e455
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-codebuff.svg
@@ -0,0 +1,4 @@
+<svg width="100" height="100" viewBox="0 0 100 100" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path fill-rule="evenodd" clip-rule="evenodd" d="M50 8L12 28V72L50 92L88 72V28L50 8ZM50 22.5L74 35.25V64.75L50 77.5L26 64.75V35.25L50 22.5Z" fill="#44FF00"/>
+  <path d="M50 40L61 46V54L50 60L39 54V46L50 40Z" fill="#44FF00"/>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-commandcode.svg b/Sources/CodexBar/Resources/ProviderIcon-commandcode.svg
new file mode 100644
index 000000000..eb48c4358
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-commandcode.svg
@@ -0,0 +1,3 @@
+<svg width="100" height="100" viewBox="0 0 100 100" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path d="M38 38H27C20.925 38 16 33.075 16 27C16 20.925 20.925 16 27 16C33.075 16 38 20.925 38 27V73C38 79.075 33.075 84 27 84C20.925 84 16 79.075 16 73C16 66.925 20.925 62 27 62H73C79.075 62 84 66.925 84 73C84 79.075 79.075 84 73 84C66.925 84 62 79.075 62 73V27C62 20.925 66.925 16 73 16C79.075 16 84 20.925 84 27C84 33.075 79.075 38 73 38H38V62" stroke="white" stroke-width="9" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-crof.svg b/Sources/CodexBar/Resources/ProviderIcon-crof.svg
new file mode 100644
index 000000000..fdde018b8
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-crof.svg
@@ -0,0 +1,3 @@
+<svg width="100" height="100" viewBox="0 0 100 100" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path d="M44.2 8.5H82.4C85.6 8.5 88.1 11.1 87.8 14.2C87.7 15.5 87.2 16.7 86.4 17.8L73.3 35.5C69.7 40.3 64.1 43.1 58.1 43.1H28.1L40.2 60.1H68.4C72.8 60.1 76.9 62.1 79.6 65.6L88.2 76.9C89.8 79.1 89.7 82.1 87.8 84.2C86.6 85.5 84.9 86.3 83.1 86.3H45.1C36.5 86.3 28.5 82.1 23.6 75L8.9 53.6C5.2 48.2 5.3 41 9.2 35.7L20.6 20.1C26.1 12.8 34.8 8.5 44.2 8.5ZM28.1 43.1H15.4C13.5 43.1 12.4 45.2 13.5 46.8L27.3 66.9C31.3 72.8 38 76.3 45.1 76.3H75L68.6 68.1C67.2 66.3 65.1 65.2 62.8 65.2H38.6C34.4 65.2 30.5 63.2 28.1 59.8L19.7 48.1C18.2 45.9 19.8 43.1 22.5 43.1H28.1Z" fill="white"/>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-deepgram.svg b/Sources/CodexBar/Resources/ProviderIcon-deepgram.svg
new file mode 100644
index 000000000..a72ab7db1
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-deepgram.svg
@@ -0,0 +1,4 @@
+<svg viewBox="0 0 32 32" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
+  <path d="M6 9h3v14H6V9Zm6-4h3v22h-3V5Zm6 7h3v8h-3v-8Zm6-3h3v14h-3V9Z"/>
+  <path d="M4 26h24v2H4v-2Z" opacity=".35"/>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-deepseek.svg b/Sources/CodexBar/Resources/ProviderIcon-deepseek.svg
new file mode 100644
index 000000000..72020f9ad
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-deepseek.svg
@@ -0,0 +1,3 @@
+<svg viewBox="3.5 5.5 24.8 20" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
+  <path fill-rule="nonzero" d="M27.501 8.46875C27.249 8.3457 27.1406 8.58008 26.9932 8.69922C26.9434 8.73828 26.9004 8.78906 26.8584 8.83398C26.4902 9.22852 26.0605 9.48633 25.5 9.45508C24.6787 9.41016 23.9785 9.66797 23.3594 10.2969C23.2275 9.52148 22.79 9.05859 22.125 8.76172C21.7764 8.60742 21.4238 8.45312 21.1807 8.11719C21.0098 7.87891 20.9639 7.61328 20.8779 7.35156C20.8242 7.19336 20.7695 7.03125 20.5879 7.00391C20.3906 6.97266 20.3135 7.13867 20.2363 7.27734C19.9258 7.84375 19.8066 8.46875 19.8174 9.10156C19.8447 10.5234 20.4453 11.6562 21.6367 12.4629C21.7725 12.5547 21.8076 12.6484 21.7646 12.7832C21.6836 13.0605 21.5869 13.3301 21.501 13.6074C21.4473 13.7852 21.3662 13.8242 21.1768 13.7461C20.5225 13.4727 19.957 13.0684 19.458 12.5781C18.6104 11.7578 17.8438 10.8516 16.8877 10.1426C16.6631 9.97656 16.4395 9.82227 16.207 9.67578C15.2314 8.72656 16.335 7.94727 16.5898 7.85547C16.8574 7.75977 16.6826 7.42773 15.8193 7.43164C14.957 7.43555 14.167 7.72461 13.1611 8.10938C13.0137 8.16797 12.8594 8.21094 12.7002 8.24414C11.7871 8.07227 10.8389 8.0332 9.84766 8.14453C7.98242 8.35352 6.49219 9.23633 5.39648 10.7441C4.08105 12.5547 3.77148 14.6133 4.15039 16.7617C4.54883 19.0234 5.70215 20.8984 7.47559 22.3633C9.31348 23.8809 11.4307 24.625 13.8457 24.4824C15.3125 24.3984 16.9463 24.2012 18.7881 22.6406C19.2529 22.8711 19.7402 22.9629 20.5498 23.0332C21.1729 23.0918 21.7725 23.002 22.2373 22.9062C22.9648 22.752 22.9141 22.0781 22.6514 21.9531C20.5186 20.959 20.9863 21.3633 20.5605 21.0371C21.6445 19.752 23.2783 18.418 23.917 14.0977C23.9668 13.7539 23.9238 13.5391 23.917 13.2598C23.9131 13.0918 23.9512 13.0254 24.1445 13.0059C24.6787 12.9453 25.1973 12.7988 25.6738 12.5352C27.0557 11.7793 27.6123 10.5391 27.7441 9.05078C27.7637 8.82422 27.7402 8.58789 27.501 8.46875ZM15.46 21.8613C13.3926 20.2344 12.3906 19.6992 11.9766 19.7227C11.5898 19.7441 11.6592 20.1875 11.7441 20.4766C11.833 20.7617 11.9492 20.959 12.1123 21.209C12.2246 21.375 12.3018 21.623 12 21.8066C11.334 22.2207 10.1768 21.668 10.1221 21.6406C8.77539 20.8477 7.64941 19.7988 6.85547 18.3652C6.08984 16.9844 5.64453 15.5039 5.57129 13.9238C5.55176 13.541 5.66406 13.4062 6.04297 13.3379C6.54199 13.2461 7.05762 13.2266 7.55664 13.2988C9.66602 13.6074 11.4619 14.5527 12.9668 16.0469C13.8262 16.9004 14.4766 17.918 15.1465 18.9121C15.8584 19.9688 16.625 20.9746 17.6006 21.7988C17.9443 22.0879 18.2197 22.3086 18.4824 22.4707C17.6895 22.5586 16.3652 22.5781 15.46 21.8613ZM16.4502 15.4805C16.4502 15.3105 16.5859 15.1758 16.7568 15.1758C16.7949 15.1758 16.8301 15.1836 16.8613 15.1953C16.9033 15.2109 16.9424 15.2344 16.9727 15.2695C17.0273 15.3223 17.0586 15.4004 17.0586 15.4805C17.0586 15.6504 16.9229 15.7852 16.7529 15.7852C16.582 15.7852 16.4502 15.6504 16.4502 15.4805ZM19.5273 17.0625C19.3301 17.1426 19.1328 17.2129 18.9434 17.2207C18.6494 17.2344 18.3281 17.1152 18.1533 16.9688C17.8828 16.7422 17.6895 16.6152 17.6074 16.2168C17.5732 16.0469 17.5928 15.7852 17.623 15.6348C17.6934 15.3105 17.6152 15.1035 17.3877 14.9141C17.2012 14.7598 16.9658 14.7188 16.7061 14.7188C16.6094 14.7188 16.5205 14.6758 16.4541 14.6406C16.3457 14.5859 16.2568 14.4512 16.3418 14.2852C16.3691 14.2324 16.501 14.1016 16.5322 14.0781C16.8838 13.877 17.29 13.9434 17.666 14.0938C18.0146 14.2363 18.2773 14.498 18.6562 14.8672C19.0439 15.3145 19.1133 15.4395 19.334 15.7734C19.5078 16.0371 19.667 16.3066 19.7754 16.6152C19.8408 16.8066 19.7559 16.9648 19.5273 17.0625Z"/>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-doubao.svg b/Sources/CodexBar/Resources/ProviderIcon-doubao.svg
new file mode 100644
index 000000000..9c20430a1
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-doubao.svg
@@ -0,0 +1 @@
+<svg fill="currentColor" fill-rule="evenodd" height="1em" style="flex:none;line-height:1" viewBox="0 0 24 24" width="1em" xmlns="http://www.w3.org/2000/svg"><title>Doubao</title><path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm0 1.5c4.69 0 8.5 3.81 8.5 8.5s-3.81 8.5-8.5 8.5S3.5 16.69 3.5 12 7.31 3.5 12 3.5zm-3 5a1.5 1.5 0 100 3 1.5 1.5 0 000-3zm6 0a1.5 1.5 0 100 3 1.5 1.5 0 000-3zM8 15a4 4 0 008 0H8z"/></svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-elevenlabs.svg b/Sources/CodexBar/Resources/ProviderIcon-elevenlabs.svg
new file mode 100644
index 000000000..338e42b28
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-elevenlabs.svg
@@ -0,0 +1,4 @@
+<svg viewBox="0 0 32 32" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
+  <path d="M7 6h4v20H7V6Zm7 0h4v20h-4V6Zm7 0h4v20h-4V6Z"/>
+  <path d="M3.5 15h25v2h-25v-2Z" opacity=".35"/>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-grok.svg b/Sources/CodexBar/Resources/ProviderIcon-grok.svg
new file mode 100644
index 000000000..876acc82c
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-grok.svg
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="100" height="100" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg" fill="none">
+    <path fill="#FFFFFF" fill-rule="evenodd" d="M9.27 15.29l7.978-5.897c.391-.29.95-.177 1.137.272.98 2.369.542 5.215-1.41 7.169-1.951 1.954-4.667 2.382-7.149 1.406l-2.711 1.257c3.889 2.661 8.611 2.003 11.562-.953 2.341-2.344 3.066-5.539 2.388-8.42l.006.007c-.983-4.232.242-5.924 2.75-9.383.06-.082.12-.164.179-.248l-3.301 3.305v-.01L9.267 15.292M7.623 16.723c-2.792-2.67-2.31-6.801.071-9.184 1.761-1.763 4.647-2.483 7.166-1.425l2.705-1.25a7.808 7.808 0 00-1.829-1A8.975 8.975 0 005.984 5.83c-2.533 2.536-3.33 6.436-1.962 9.764 1.022 2.487-.653 4.246-2.34 6.022-.599.63-1.199 1.259-1.682 1.925l7.62-6.815"/>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-groq.svg b/Sources/CodexBar/Resources/ProviderIcon-groq.svg
new file mode 100644
index 000000000..4b283c370
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-groq.svg
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="100" height="100" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg" fill="none">
+    <path fill="#FFFFFF" d="M12.036 2c-3.853-.035-7 3-7.036 6.781-.035 3.782 3.055 6.872 6.908 6.907h2.42v-2.566h-2.292c-2.407.028-4.38-1.866-4.408-4.23-.029-2.362 1.901-4.298 4.308-4.326h.1c2.407 0 4.358 1.915 4.365 4.278v6.305c0 2.342-1.944 4.25-4.323 4.279a4.375 4.375 0 01-3.033-1.252l-1.851 1.818A7 7 0 0012.029 22h.092c3.803-.056 6.858-3.083 6.879-6.816v-6.5C18.907 4.963 15.817 2 12.036 2z"/>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-kimi.svg b/Sources/CodexBar/Resources/ProviderIcon-kimi.svg
index 03dee9305..77cba2eac 100644
--- a/Sources/CodexBar/Resources/ProviderIcon-kimi.svg
+++ b/Sources/CodexBar/Resources/ProviderIcon-kimi.svg
@@ -1 +1 @@
-<svg fill="currentColor" fill-rule="evenodd" height="1em" style="flex:none;line-height:1" viewBox="0 0 24 24" width="1em" xmlns="http://www.w3.org/2000/svg"><title>Kimi</title><path d="M21.7202 0.939941C22.9502 0.939941 23.9502 1.93994 23.9502 3.16994C23.9502 4.39994 22.9502 5.39994 21.7202 5.39994H19.7502C19.6002 5.39994 19.4902 5.27994 19.4902 5.13994V3.16994C19.4902 1.93994 20.4902 0.939941 21.7202 0.939941ZM9.39 13.9501L17.82 5.59012C17.98 5.43012 17.89 5.12012 17.68 5.12012H13.14C13.14 5.12012 13.04 5.14012 13 5.18012L3.92 14.1901C3.78 14.3301 3.57 14.2101 3.57 13.9801V5.39012C3.57 5.24012 3.47 5.12012 3.35 5.12012H0.219999C0.0999993 5.12012 0 5.24012 0 5.39012V23.9201C0 24.0701 0.0999993 24.1901 0.219999 24.1901H3.35C3.47 24.1901 3.57 24.0701 3.57 23.9201V20.1401C3.57 20.0601 3.6 19.9801 3.65 19.9301L6.47 17.1401C6.54 17.0701 6.63 17.0601 6.71 17.1101L14.24 22.6501C15.47 23.4801 16.85 23.9901 18.25 24.1401C18.37 24.1501 18.48 24.0301 18.48 23.8701V20.3101C18.48 20.1701 18.4 20.0601 18.29 20.0501C17.47 19.9201 16.66 19.6001 15.94 19.1101L9.42 14.3901C9.28 14.3001 9.27 14.0701 9.39 13.9501Z"/></svg>
+<svg fill="currentColor" fill-rule="evenodd" height="1em" style="flex:none;line-height:1" viewBox="0 0 24 24" width="1em" xmlns="http://www.w3.org/2000/svg"><title>Kimi</title><path transform="translate(0 -0.56)" d="M21.7202 0.939941C22.9502 0.939941 23.9502 1.93994 23.9502 3.16994C23.9502 4.39994 22.9502 5.39994 21.7202 5.39994H19.7502C19.6002 5.39994 19.4902 5.27994 19.4902 5.13994V3.16994C19.4902 1.93994 20.4902 0.939941 21.7202 0.939941ZM9.39 13.9501L17.82 5.59012C17.98 5.43012 17.89 5.12012 17.68 5.12012H13.14C13.14 5.12012 13.04 5.14012 13 5.18012L3.92 14.1901C3.78 14.3301 3.57 14.2101 3.57 13.9801V5.39012C3.57 5.24012 3.47 5.12012 3.35 5.12012H0.219999C0.0999993 5.12012 0 5.24012 0 5.39012V23.9201C0 24.0701 0.0999993 24.1901 0.219999 24.1901H3.35C3.47 24.1901 3.57 24.0701 3.57 23.9201V20.1401C3.57 20.0601 3.6 19.9801 3.65 19.9301L6.47 17.1401C6.54 17.0701 6.63 17.0601 6.71 17.1101L14.24 22.6501C15.47 23.4801 16.85 23.9901 18.25 24.1401C18.37 24.1501 18.48 24.0301 18.48 23.8701V20.3101C18.48 20.1701 18.4 20.0601 18.29 20.0501C17.47 19.9201 16.66 19.6001 15.94 19.1101L9.42 14.3901C9.28 14.3001 9.27 14.0701 9.39 13.9501Z"/></svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-llmproxy.svg b/Sources/CodexBar/Resources/ProviderIcon-llmproxy.svg
new file mode 100644
index 000000000..812831dca
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-llmproxy.svg
@@ -0,0 +1,7 @@
+<svg viewBox="0 0 32 32" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
+  <path d="M7 8.5A5.5 5.5 0 0 1 12.5 3H18v4h-5.5A1.5 1.5 0 0 0 11 8.5V12H7V8.5Z"/>
+  <path d="M25 23.5A5.5 5.5 0 0 1 19.5 29H14v-4h5.5a1.5 1.5 0 0 0 1.5-1.5V20h4v3.5Z"/>
+  <path d="M12 21H8.5A5.5 5.5 0 0 1 3 15.5v-3A5.5 5.5 0 0 1 8.5 7H12v4H8.5A1.5 1.5 0 0 0 7 12.5v3A1.5 1.5 0 0 0 8.5 17H12v4Z"/>
+  <path d="M20 11h3.5A1.5 1.5 0 0 1 25 12.5v3a1.5 1.5 0 0 1-1.5 1.5H20v4h3.5a5.5 5.5 0 0 0 5.5-5.5v-3A5.5 5.5 0 0 0 23.5 7H20v4Z"/>
+  <path d="M10 14h12v4H10v-4Z"/>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-manus.svg b/Sources/CodexBar/Resources/ProviderIcon-manus.svg
new file mode 100644
index 000000000..fcfd81daf
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-manus.svg
@@ -0,0 +1,6 @@
+<svg width="60" height="60" viewBox="0 0 60 60" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M9.40053 8.55905C8.88268 9.6224 9.31868 10.9073 10.3744 11.4289C11.8907 12.1781 13.2065 12.9168 14.5094 14.3964C15.2896 15.2825 16.6353 15.3637 17.515 14.5777C18.3947 13.7918 18.4753 12.4364 17.695 11.5503C15.8385 9.44198 13.9275 8.40713 12.2497 7.57813C11.194 7.05652 9.91838 7.49569 9.40053 8.55905Z" fill="#34322D"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M20.9079 2.3149C19.7672 2.60216 19.0736 3.76651 19.3588 4.91555C19.558 5.71831 19.7438 6.40473 19.9139 7.03309C20.2395 8.23578 20.5075 9.22579 20.7019 10.4119C20.8934 11.5804 21.9892 12.3714 23.1493 12.1785C24.3095 11.9856 25.0947 10.8818 24.9032 9.71326C24.6735 8.31142 24.3157 6.98504 23.9566 5.65374C23.7976 5.06422 23.6383 4.47373 23.4898 3.87529C23.2046 2.72625 22.0487 2.02764 20.9079 2.3149Z" fill="#34322D"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M33.0786 3.63426C32.0734 3.01986 30.7639 3.34265 30.154 4.35522C29.0225 6.23356 28.4277 8.08306 27.8752 10.3089C27.59 11.458 28.2836 12.6223 29.4244 12.9096C30.5651 13.1968 31.7211 12.4982 32.0063 11.3492C32.5183 9.28598 32.9881 7.91866 33.7944 6.58017C34.4044 5.5676 34.0839 4.24867 33.0786 3.63426Z" fill="#34322D"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M43.9331 56.6116C48.0617 53.9731 50.9164 39.8228 50.2884 35.6091C50.2884 35.6091 49.634 33.3469 48.0372 33.3468C46.8137 33.3468 46.1377 34.3415 45.8884 34.8067C45.6728 34.7269 45.4533 34.6547 45.2792 34.5985C45.1853 34.5681 45.0537 34.5263 44.9304 34.4871L44.6964 34.4125C44.5053 34.3512 44.3255 34.2922 44.1561 34.2338L44.1566 34.1738C44.164 32.8061 44.025 30.6718 42.6083 28.4481C42.3816 28.0922 42.1677 27.7741 41.9848 27.5042L41.8701 27.3352C41.734 27.1348 41.6272 26.9775 41.5245 26.8205C41.2723 26.4354 41.2034 26.2871 41.1767 26.2187L41.1755 26.2156C41.1651 26.1891 41.1438 26.1351 41.138 25.9704C41.1309 25.7681 41.1481 25.3852 41.2793 24.7155L41.9612 21.9906L41.9637 21.9766C42.0087 21.7265 42.0491 21.5016 42.0711 21.1356C42.0914 20.7986 42.0956 20.3088 42.01 19.7408C41.8478 18.6648 41.2257 16.6253 39.0332 15.4429C38.4974 15.154 37.8556 14.9811 37.2229 14.8983C36.7976 14.8427 36.229 14.8047 35.5687 14.8557C34.2216 14.9597 32.4539 15.4447 30.8803 16.8875L30.4884 17.2997C29.5737 18.4044 28.6076 19.7723 27.8747 20.9829C25.6495 19.9355 23.0302 18.733 21.2001 18.0864C19.1915 17.3769 16.9497 16.7831 14.843 16.8595C12.5099 16.9441 9.88675 17.9222 8.51344 20.6906C7.94928 21.8279 7.70856 23.1561 7.99827 24.5403C8.27511 25.8631 8.95981 26.8748 9.61373 27.5807C10.8279 28.8914 12.4542 29.7033 13.6004 30.1954C14.478 30.5722 15.3797 30.8857 16.178 31.1395C16.0937 31.2921 16.0092 31.4501 15.9278 31.6103C15.6864 32.085 15.3976 32.7201 15.2075 33.4466C15.0179 34.1711 14.8684 35.2035 15.1387 36.368C15.4161 37.5632 15.965 38.4967 16.6189 39.2106C16.5941 39.5819 16.5848 39.9731 16.5986 40.3779C16.6906 43.0818 18.3417 44.8845 19.7939 45.9067C21.1776 46.8806 22.8071 47.4783 24.1246 47.8802C25.3968 48.2683 26.7402 48.5762 27.8317 48.8265L28.0653 48.88C29.2286 49.1473 30.3783 49.4564 31.5285 49.7657C32.833 50.1165 34.1381 50.4674 35.4641 50.7575C35.8978 50.8524 36.3192 50.9432 36.7069 51.0259L36.8481 51.3939C38.5683 55.7897 40.8651 58.5723 43.9331 56.6116ZM28.2156 38.6202C27.9801 38.5246 27.845 38.4612 27.7251 38.4007C26.6832 37.8586 25.4015 38.2672 24.8596 39.3157C24.3165 40.3662 24.723 41.6619 25.7659 42.2088C25.8514 42.2535 25.9381 42.2955 26.0253 42.3366C26.1714 42.4055 26.3749 42.4973 26.6227 42.598C27.1114 42.7965 27.8062 43.0437 28.5938 43.212C29.9917 43.5107 32.5756 43.7384 34.3274 41.716C35.1684 40.7451 35.5727 39.4694 35.7263 38.2766C35.8845 37.0476 35.8056 35.6995 35.4968 34.3874C34.8887 31.8026 33.2785 28.9743 30.272 27.6329C27.6959 26.4835 25.1502 26.2133 23.0033 26.4557C21.57 26.6176 20.2006 27.0239 19.1006 27.6431V27.5954C16.4105 26.8216 11.0571 25.2818 12.3754 22.6242C13.3748 20.6096 16.1129 20.7761 19.8267 22.0881C21.3351 22.621 23.4312 23.5706 25.4084 24.4966C26.0213 24.7836 26.6228 25.0684 27.1918 25.3378C28.0211 25.7305 29.4076 26.3772 29.4076 26.3772C30.9845 24.471 31.5968 23.4209 32.1372 22.4941C32.5089 21.8566 32.8466 21.2775 33.4408 20.5182C34.2818 19.4434 35.6412 18.7792 37.0357 19.1681C38.0076 19.6922 37.7607 21.0159 37.7607 21.0159L37.0852 23.7151C36.4404 26.8915 37.1541 27.9426 38.3305 29.6751C38.5371 29.9793 38.7581 30.3048 38.9884 30.6663C39.9266 32.139 39.8833 33.5552 39.8479 34.711C39.8251 35.4544 39.8057 36.0901 40.0528 36.5639C40.5618 37.5397 42.4666 38.1448 43.7154 38.5415C44.0155 38.6368 44.2777 38.7201 44.4736 38.7936L44.6074 38.8467C44.4314 39.3965 44.2715 39.9656 44.1117 40.5342C43.4013 43.0628 42.6941 45.5801 40.5854 46.3344C37.9241 47.2863 35.2627 46.3856 35.2627 46.3856C34.783 46.2444 34.2945 46.1351 33.806 46.0257C33.1971 45.8894 32.588 45.7531 31.9952 45.555C31.1691 45.2461 30.0119 44.9805 28.7543 44.692C25.7598 44.005 22.1958 43.1872 21.1752 41.3416C21.0033 41.0306 20.9035 40.6906 20.8908 40.317C20.8331 38.6196 21.4235 37.0999 21.4235 37.0999C21.4235 37.0999 20.5079 37.1038 19.8658 36.4816C19.6264 36.2496 19.4251 35.9307 19.3233 35.4922C19.12 34.6163 19.2946 33.3466 20.3591 32.2743L20.8926 31.7384C21.1621 31.4669 21.961 30.8894 23.4778 30.7181C24.9176 30.5555 26.7 30.7302 28.5474 31.5544C29.9644 32.1867 30.9442 33.6372 31.3534 35.3765C31.5534 36.2265 31.5901 37.0517 31.5034 37.725C31.4121 38.4344 31.211 38.7897 31.1188 38.8962C31.0042 39.0285 30.6006 39.2562 29.4775 39.0163C29.0047 38.9152 28.5556 38.7584 28.2156 38.6202Z" fill="#34322D"/>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-mimo.svg b/Sources/CodexBar/Resources/ProviderIcon-mimo.svg
new file mode 100644
index 000000000..50b1b8e3e
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-mimo.svg
@@ -0,0 +1,4 @@
+<svg width="24" height="24" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg" fill="none">
+<path d="M5 18V11" stroke="currentColor" stroke-width="2.2" stroke-linecap="round" />
+<path d="M5 5L12 12L19 5V18" stroke="currentColor" stroke-width="2.2" stroke-linecap="round" stroke-linejoin="round" />
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-mistral.svg b/Sources/CodexBar/Resources/ProviderIcon-mistral.svg
new file mode 100644
index 000000000..c946b5225
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-mistral.svg
@@ -0,0 +1 @@
+<svg fill="currentColor" fill-rule="evenodd" height="512" style="flex:none;line-height:1" viewBox="0 0 24 24" width="512" xmlns="http://www.w3.org/2000/svg"><title>Mistral</title><path clip-rule="evenodd" d="M3.428 3.4h3.429v3.428h3.429v3.429h-.002 3.431V6.828h3.427V3.4h3.43v13.714H24v3.429H13.714v-3.428h-3.428v-3.429h-3.43v3.428h3.43v3.429H0v-3.429h3.428V3.4zm10.286 13.715h3.428v-3.429h-3.427v3.429z"></path></svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-opencodego.svg b/Sources/CodexBar/Resources/ProviderIcon-opencodego.svg
new file mode 100644
index 000000000..eaebc91bd
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-opencodego.svg
@@ -0,0 +1,3 @@
+<svg width="100" height="100" viewBox="0 0 100 100" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path fill-rule="evenodd" clip-rule="evenodd" d="M80 88H20V12H80V88ZM35 27H65V72H35V27Z" fill="#211E1E"/>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-perplexity.svg b/Sources/CodexBar/Resources/ProviderIcon-perplexity.svg
new file mode 100644
index 000000000..d869791b2
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-perplexity.svg
@@ -0,0 +1 @@
+<svg fill="currentColor" fill-rule="evenodd" height="1em" style="flex:none;line-height:1" viewBox="0 0 100 100" width="1em" xmlns="http://www.w3.org/2000/svg"><title>Perplexity</title><g transform="translate(10 10) scale(3.3333)"><path d="M22.3977 7.0896h-2.3106V.0676l-7.5094 6.3542V.1577h-1.1554v6.1966L4.4904 0v7.0896H1.6023v10.3976h2.8882V24l6.932-6.3591v6.2005h1.1554v-6.0469l6.9318 6.1807v-6.4879h2.8882V7.0896zm-3.4657-4.531v4.531h-5.355l5.355-4.531zm-13.2862.0676 4.8691 4.4634H5.6458V2.6262zM2.7576 16.332V8.245h7.8476l-6.1149 6.1147v1.9723H2.7576zm2.8882 5.0404v-3.8852h.0001v-2.6488l5.7763-5.7764v7.0111l-5.7764 5.2993zm12.7086.0248-5.7766-5.1509V9.0618l5.7766 5.7766v6.5588zm2.8882-5.0652h-1.733v-1.9723L13.3948 8.245h7.8478v8.087z"/></g></svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-stepfun.svg b/Sources/CodexBar/Resources/ProviderIcon-stepfun.svg
new file mode 100644
index 000000000..915c71d2c
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-stepfun.svg
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8"?>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="_图层_2" data-name="图层 2" viewBox="0 0 84.47 84.47">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: url(#_未命名的渐变_64);
+      }
+      .cls-1, .cls-4 {
+        stroke-width: 0px;
+      }
+      .cls-4 {
+        fill: #999999;
+      }
+    </style>
+    <radialGradient id="_未命名的渐变_64" data-name="未命名的渐变 64" cx="25.5" cy="102.67" fx="25.5" fy="102.67" r="51.59" gradientTransform="translate(-112.31 94.12) rotate(-75.81) scale(1 1.32)" gradientUnits="userSpaceOnUse">
+      <stop offset=".4" stop-color="#888888"/>
+      <stop offset=".43" stop-color="#878787" stop-opacity=".92"/>
+      <stop offset=".52" stop-color="#868686" stop-opacity=".68"/>
+      <stop offset=".61" stop-color="#858585" stop-opacity=".47"/>
+      <stop offset=".69" stop-color="#858585" stop-opacity=".3"/>
+      <stop offset=".78" stop-color="#848484" stop-opacity=".17"/>
+      <stop offset=".86" stop-color="#848484" stop-opacity=".08"/>
+      <stop offset=".94" stop-color="#848484" stop-opacity=".02"/>
+      <stop offset="1" stop-color="#848484" stop-opacity="0"/>
+    </radialGradient>
+  </defs>
+  <g id="_图层_1-2" data-name="图层 1">
+    <g>
+      <path class="cls-4" d="m42.23,0C18.91,0,0,18.91,0,42.23s18.91,42.23,42.23,42.23,42.23-18.91,42.23-42.23S65.56,0,42.23,0Zm-11.35,69.03h-15.44v-15.44h15.44v15.44Zm19.07,0h-15.44v-15.44h15.44v15.44Zm0-19.08h-15.44v-15.44h15.44v15.44Zm0-19.07h-15.44v-15.44h15.44v15.44Zm19.07,0h-15.44v-15.44h15.44v15.44Z"/>
+      <path class="cls-1" d="m47.24.3C24.08-2.46,3.07,14.07.3,37.23c-2.76,23.16,13.77,44.17,36.92,46.94,23.16,2.76,44.17-13.77,46.94-36.92C86.93,24.08,70.4,3.07,47.24.3Zm-16.36,68.73h-15.44v-15.44h15.44v15.44Zm19.07,0h-15.44v-15.44h15.44v15.44Zm0-19.08h-15.44v-15.44h15.44v15.44Zm0-19.07h-15.44v-15.44h15.44v15.44Zm19.07,0h-15.44v-15.44h15.44v15.44Z"/>
+    </g>
+  </g>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-t3chat.svg b/Sources/CodexBar/Resources/ProviderIcon-t3chat.svg
new file mode 100644
index 000000000..68a174a69
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-t3chat.svg
@@ -0,0 +1,5 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512">
+  <g transform="translate(0 512) scale(0.1 -0.1)" fill="currentColor" stroke="none">
+    <path d="M1010 5110 c-364 -19 -535 -83 -726 -274 -157 -157 -226 -303 -262 -550 -16 -111 -17 -252 -17 -1721 0 -1691 0 -1707 46 -1889 38 -148 129 -297 253 -414 182 -170 345 -231 671 -252 207 -13 2966 -13 3170 0 179 12 297 32 385 67 256 102 475 345 539 600 45 178 46 200 46 1888 0 1469 -1 1610 -17 1721 -36 247 -105 393 -262 550 -159 158 -317 232 -571 265 -104 14 -3011 22 -3255 9z m1746 -1000 c518 -42 1026 -285 1302 -623 195 -238 285 -474 286 -747 0 -189 -35 -335 -121 -505 -227 -450 -721 -765 -1348 -861 -161 -24 -479 -22 -649 4 l-128 21 -322 -130 c-176 -72 -383 -155 -459 -186 -134 -54 -162 -58 -173 -29 -3 8 17 173 45 367 44 314 48 357 36 385 -7 18 -23 37 -34 43 -30 17 -163 171 -217 254 -134 202 -194 401 -194 638 0 190 36 336 126 509 209 406 656 711 1206 824 206 43 415 54 644 36z"/>
+  </g>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-venice.svg b/Sources/CodexBar/Resources/ProviderIcon-venice.svg
new file mode 100644
index 000000000..31408ddf7
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-venice.svg
@@ -0,0 +1,4 @@
+<svg viewBox="4 4 24 24" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
+  <path d="M6.2 7.2h4.1l4.6 12.7 4.6-12.7h4L15.7 27h-3.3L6.2 7.2Z"/>
+  <path d="M13 18.2h5.9l-1 2.8h-4l-.9-2.8Z" opacity="0.35"/>
+</svg>
diff --git a/Sources/CodexBar/Resources/ProviderIcon-windsurf.svg b/Sources/CodexBar/Resources/ProviderIcon-windsurf.svg
new file mode 100644
index 000000000..3bc424679
--- /dev/null
+++ b/Sources/CodexBar/Resources/ProviderIcon-windsurf.svg
@@ -0,0 +1,3 @@
+<svg width="100" height="100" viewBox="0 0 100 100" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M897.246 286.869H889.819C850.735 286.808 819.017 318.46 819.017 357.539V515.589C819.017 547.15 792.93 572.716 761.882 572.716C743.436 572.716 725.02 563.433 714.093 547.85L552.673 317.304C539.28 298.16 517.486 286.747 493.895 286.747C457.094 286.747 423.976 318.034 423.976 356.657V515.619C423.976 547.181 398.103 572.746 366.842 572.746C348.335 572.746 329.949 563.463 319.021 547.881L138.395 289.882C134.316 284.038 125.154 286.93 125.154 294.052V431.892C125.154 438.862 127.285 445.619 131.272 451.34L309.037 705.2C319.539 720.204 335.033 731.344 352.9 735.392C397.616 745.557 438.77 711.135 438.77 667.278V508.406C438.77 476.845 464.339 451.279 495.904 451.279H495.995C515.02 451.279 532.857 460.562 543.785 476.145L705.235 706.661C718.659 725.835 739.327 737.218 763.983 737.218C801.606 737.218 833.841 705.9 833.841 667.308V508.376C833.841 476.815 859.41 451.249 890.975 451.249H897.276C901.233 451.249 904.43 448.053 904.43 444.097V294.021C904.43 290.065 901.233 286.869 897.276 286.869H897.246Z" fill="white" transform="translate(0 21.1) scale(0.1283) translate(-125.154 -286.747)"/>
+</svg>
diff --git a/Sources/CodexBar/Resources/ca.lproj/Localizable.strings b/Sources/CodexBar/Resources/ca.lproj/Localizable.strings
new file mode 100644
index 000000000..9fc46ba24
--- /dev/null
+++ b/Sources/CodexBar/Resources/ca.lproj/Localizable.strings
@@ -0,0 +1,915 @@
+/* Catalan localization for CodexBar */
+
+" providers" = " proveïdors";
+"(System)" = "(Sistema)";
+"30d" = "30 d";
+"A managed Codex login is already running. Wait for it to finish before adding " = "Ja hi ha un inici de sessió gestionat de Codex en curs. Espera que acabi abans d'afegir ";
+"API key" = "Clau d'API";
+"API region" = "Regió de l'API";
+"API token" = "Testimoni d'API";
+"API tokens" = "Testimonis d'API";
+"About" = "Quant a";
+"Account" = "Compte";
+"Accounts" = "Comptes";
+"Accounts subtitle" = "Subtítol de comptes";
+"Active" = "Actiu";
+"Add" = "Afegeix";
+"Add Workspace" = "Afegeix espai de treball";
+"Advanced" = "Avançat";
+"All" = "Tot";
+"Always allow prompts" = "Permet sempre les sol·licituds";
+"Animation pattern" = "Patró d'animació";
+"Antigravity login is managed in the app" = "L'inici de sessió d'Antigravity es gestiona a l'app";
+"Applies only to the Security.framework OAuth keychain reader." = "Només s'aplica al lector de Clauer OAuth de Security.framework.";
+"Auto falls back to the next source if the preferred one fails." = "Auto recorre a la font següent si la preferida falla.";
+"Auto uses API first, then falls back to CLI on auth failures." = "Auto fa servir primer l'API i recorre a la CLI si falla l'autenticació.";
+"Auto-detect" = "Detecció automàtica";
+"Auto-refresh is off; use the menu's Refresh command." = "L'actualització automàtica està desactivada; fes servir l'ordre Actualitza del menú.";
+"Auto-refresh: hourly · Timeout: 10m" = "Actualització automàtica: cada hora · Temps d'espera: 10 m";
+"Automatic" = "Automàtic";
+"Automatic imports browser cookies and WorkOS tokens." = "El mode automàtic importa galetes del navegador i testimonis de WorkOS.";
+"Automatic imports browser cookies and local storage tokens." = "El mode automàtic importa galetes del navegador i testimonis de l'emmagatzematge local.";
+"Automatic imports browser cookies for dashboard extras." = "El mode automàtic importa galetes del navegador per als extres del tauler.";
+"Automatic imports browser cookies for the web API." = "El mode automàtic importa galetes del navegador per a l'API web.";
+"Automatic imports browser cookies from Model Studio/Bailian." = "El mode automàtic importa galetes del navegador des de Model Studio/Bailian.";
+"Automatic imports browser cookies from admin.mistral.ai." = "El mode automàtic importa galetes del navegador des d'admin.mistral.ai.";
+"Automatic imports browser cookies from opencode.ai." = "El mode automàtic importa galetes del navegador des d'opencode.ai.";
+"Automatic imports browser cookies or stored sessions." = "El mode automàtic importa galetes del navegador o sessions desades.";
+"Automatic imports browser cookies." = "El mode automàtic importa galetes del navegador.";
+"Automatically imports browser session cookie." = "Importa automàticament la galeta de sessió del navegador.";
+"Automatically opens CodexBar when you start your Mac." = "Obre el CodexBar automàticament en iniciar el Mac.";
+"Automation" = "Automatització";
+"Average (\\(label1) + \\(label2))" = "Mitjana (\\(label1) + \\(label2))";
+"Average (\\(metadata.sessionLabel) + \\(metadata.weeklyLabel))" = "Mitjana (\\(metadata.sessionLabel) + \\(metadata.weeklyLabel))";
+"Avoid Keychain prompts" = "Evita les sol·licituds del Clauer";
+"Balance" = "Saldo";
+"Battery Saver" = "Estalvi de bateria";
+"Bordered" = "Amb vora";
+"Build" = "Compilació";
+"Built \\(buildTimestamp)" = "Compilat \\(buildTimestamp)";
+"Buy Credits..." = "Compra crèdits...";
+"Buy Credits…" = "Compra crèdits…";
+"CLI paths" = "Camins de la CLI";
+"CLI sessions" = "Sessions de la CLI";
+"Caches" = "Memòries cau";
+"Cancel" = "Cancel·la";
+"Check for Updates…" = "Cerca actualitzacions…";
+"Check for updates automatically" = "Cerca actualitzacions automàticament";
+"Check if you like your agents having some fun up there." = "Activa-ho si t'agrada que els teus agents es diverteixin allà dalt.";
+"Check provider status" = "Comprova l'estat del proveïdor";
+"Choose Codex workspace" = "Tria l'espai de treball de Codex";
+"Choose the MiniMax host (global .io or China mainland .com)." = "Tria l'amfitrió de MiniMax (global .io o la Xina continental .com).";
+"Choose up to " = "Tria fins a ";
+"Choose up to \\(Self.maxOverviewProviders) providers" = "Tria fins a \\(Self.maxOverviewProviders) proveïdors";
+"Choose up to \\(count) providers" = "Tria fins a \\(count) proveïdors";
+"Choose what to show in the menu bar (Pace shows usage vs. expected)." = "Tria què es mostra a la barra de menús (Ritme mostra l'ús respecte al previst).";
+"Choose which Codex account CodexBar should follow." = "Tria quin compte de Codex ha de seguir el CodexBar.";
+"Choose which window drives the menu bar percent." = "Tria quina finestra determina el percentatge de la barra de menús.";
+"Chrome" = "Chrome";
+"Claude CLI not found" = "No s'ha trobat la CLI de Claude";
+"Claude binary" = "Binari de Claude";
+"Claude cookies" = "Galetes de Claude";
+"Claude login failed" = "L'inici de sessió de Claude ha fallat";
+"Claude login timed out" = "L'inici de sessió de Claude ha esgotat el temps d'espera";
+"Close" = "Tanca";
+"Codex CLI not found" = "No s'ha trobat la CLI de Codex";
+"Codex account login already running" = "Ja hi ha un inici de sessió de compte de Codex en curs";
+"Codex binary" = "Binari de Codex";
+"Codex login failed" = "L'inici de sessió de Codex ha fallat";
+"Codex login timed out" = "L'inici de sessió de Codex ha esgotat el temps d'espera";
+"CodexBar Lifecycle Keepalive" = "Manteniment del cicle de vida del CodexBar";
+"CodexBar can't show its menu bar icon" = "El CodexBar no pot mostrar la seva icona a la barra de menús";
+"CodexBar could not read managed account storage. " = "El CodexBar no ha pogut llegir l'emmagatzematge de comptes gestionats. ";
+"Configure…" = "Configura…";
+"Connected" = "Connectat";
+"Controls how much detail is logged." = "Controla quant detall es registra.";
+"Cookie header" = "Capçalera de galeta";
+"Cookie source" = "Origen de la galeta";
+"Cookie: ..." = "Cookie: ...";
+"Cookie: \\u{2026}\\\n\\\nor paste a cURL capture from the Abacus AI dashboard" = "Cookie: \\u{2026}\\\n\\\no enganxa una captura cURL del tauler d'Abacus AI";
+"Cookie: \\u{2026}\\\n\\\nor paste the __Secure-next-auth.session-token value" = "Cookie: \\u{2026}\\\n\\\no enganxa el valor de __Secure-next-auth.session-token";
+"Cookie: \\u{2026}\\\n\\\nor paste the kimi-auth token value" = "Cookie: \\u{2026}\\\n\\\no enganxa el valor del testimoni kimi-auth";
+"Cookie: …" = "Cookie: …";
+"CopilotDeviceFlow" = "CopilotDeviceFlow";
+"Cost" = "Cost";
+"Could not add Codex account" = "No s'ha pogut afegir el compte de Codex";
+"Could not open Terminal for Gemini" = "No s'ha pogut obrir el Terminal per a Gemini";
+"Could not start claude /login" = "No s'ha pogut iniciar claude /login";
+"Could not start codex login" = "No s'ha pogut iniciar codex login";
+"Could not switch system account" = "No s'ha pogut canviar el compte del sistema";
+"Credits" = "Crèdits";
+"Credits history" = "Historial de crèdits";
+"Cursor login failed" = "L'inici de sessió de Cursor ha fallat";
+"Custom" = "Personalitzat";
+"Custom Path" = "Camí personalitzat";
+"Daily Routines" = "Rutines diàries";
+"Debug" = "Depuració";
+"Default" = "Per defecte";
+"Disable Keychain access" = "Desactiva l'accés al Clauer";
+"Disabled" = "Desactivat";
+"Dismiss" = "Descarta";
+"Disconnected" = "Desconnectat";
+"Display" = "Pantalla";
+"Display mode" = "Mode de visualització";
+"Display reset times as absolute clock values instead of countdowns." = "Mostra les hores de reinici com a valors de rellotge absoluts en comptes de comptes enrere.";
+"Done" = "Fet";
+"Effective PATH" = "PATH efectiu";
+"Email" = "Correu electrònic";
+"Enable Merge Icons to configure Overview tab providers." = "Activa Combina les icones per configurar els proveïdors de la pestanya Resum.";
+"Enable file logging" = "Activa el registre en fitxer";
+"Enabled" = "Activat";
+"Error" = "Error";
+"Error simulation" = "Simulació d'errors";
+"Expose troubleshooting tools in the Debug tab." = "Mostra eines de diagnòstic a la pestanya Depuració.";
+"Failed" = "Ha fallat";
+"False" = "Fals";
+"Fetch strategy attempts" = "Intents d'estratègia d'obtenció";
+"Fetching" = "S'està obtenint";
+"Field" = "Camp";
+"Field subtitle" = "Subtítol del camp";
+"Finish the current managed account change before switching the system account." = "Acaba el canvi de compte gestionat actual abans de canviar el compte del sistema.";
+"Force animation on next refresh" = "Força l'animació a la propera actualització";
+"Gateway region" = "Regió de la passarel·la";
+"Gemini CLI not found" = "No s'ha trobat la CLI de Gemini";
+"Gemini/Antigravity, surfacing incidents in the icon and menu." = "Gemini/Antigravity, mostrant incidències a la icona i al menú.";
+"General" = "General";
+"GitHub" = "GitHub";
+"GitHub Copilot Login" = "Inici de sessió de GitHub Copilot";
+"GitHub Login" = "Inici de sessió de GitHub";
+"Hide details" = "Amaga els detalls";
+"Hide personal information" = "Amaga la informació personal";
+"Historical tracking" = "Seguiment històric";
+"How often CodexBar polls providers in the background." = "Amb quina freqüència el CodexBar consulta els proveïdors en segon pla.";
+"Inactive" = "Inactiu";
+"Install CLI" = "Instal·la la CLI";
+"Install the Claude CLI (npm i -g @anthropic-ai/claude-code) and try again." = "Instal·la la CLI de Claude (npm i -g @anthropic-ai/claude-code) i torna-ho a provar.";
+"Install the Codex CLI (npm i -g @openai/codex) and try again." = "Instal·la la CLI de Codex (npm i -g @openai/codex) i torna-ho a provar.";
+"Install the Gemini CLI (npm i -g @google/gemini-cli) and try again." = "Instal·la la CLI de Gemini (npm i -g @google/gemini-cli) i torna-ho a provar.";
+"JetBrains AI is ready" = "JetBrains AI està a punt";
+"JetBrains IDE" = "IDE de JetBrains";
+"Keep CLI sessions alive" = "Mantén actives les sessions de la CLI";
+"Keyboard shortcut" = "Drecera de teclat";
+"Keychain access" = "Accés al Clauer";
+"Keychain prompt policy" = "Política de sol·licituds del Clauer";
+"Last \\(name) fetch failed:" = "L'última obtenció de \\(name) ha fallat:";
+"Last \\(self.store.metadata(for: self.provider).displayName) fetch failed:" = "L'última obtenció de \\(self.store.metadata(for: self.provider).displayName) ha fallat:";
+"Last attempt" = "Últim intent";
+"Link" = "Enllaç";
+"Loading animations" = "Animacions de càrrega";
+"Loading…" = "S'està carregant…";
+"Local" = "Local";
+"Logging" = "Registre";
+"Login failed" = "L'inici de sessió ha fallat";
+"Login shell PATH (startup capture)" = "PATH del shell d'inici de sessió (captura a l'arrencada)";
+"Login timed out" = "L'inici de sessió ha esgotat el temps d'espera";
+"MCP details" = "Detalls de l'MCP";
+"Managed Codex accounts unavailable" = "Comptes gestionats de Codex no disponibles";
+"Managed account storage is unreadable. Live account access is still available, " = "L'emmagatzematge de comptes gestionats no es pot llegir. L'accés a comptes en directe encara està disponible, ";
+"Manual" = "Manual";
+"May your tokens never run out—keep agent limits in view." = "Que els teus testimonis no s'esgotin mai: mantén els límits dels teus agents a la vista.";
+"Menu bar" = "Barra de menús";
+"Menu bar auto-shows the provider closest to its rate limit." = "La barra de menús mostra automàticament el proveïdor més a prop del seu límit.";
+"Menu bar metric" = "Mètrica de la barra de menús";
+"Menu bar shows percent" = "La barra de menús mostra el percentatge";
+"Menu content" = "Contingut del menú";
+"Merge Icons" = "Combina les icones";
+"Never prompt" = "No ho demanis mai";
+"No" = "No";
+"No Codex accounts detected yet." = "Encara no s'han detectat comptes de Codex.";
+"No JetBrains IDE detected" = "No s'ha detectat cap IDE de JetBrains";
+"No cost history data." = "No hi ha dades d'historial de cost.";
+"No credits history data." = "No hi ha dades d'historial de crèdits.";
+"No data available" = "No hi ha dades disponibles";
+"No data yet" = "Encara no hi ha dades";
+"No enabled providers available for Overview." = "No hi ha proveïdors activats disponibles per al Resum.";
+"No providers selected" = "No hi ha cap proveïdor seleccionat";
+"No token accounts yet." = "Encara no hi ha comptes amb testimoni.";
+"No usage breakdown data." = "No hi ha dades de desglossament d'ús.";
+"None" = "Cap";
+"Notifications" = "Notificacions";
+"Notifies when the 5-hour session quota hits 0% and when it becomes " = "Avisa quan la quota de sessió de 5 hores arriba al 0 % i quan torna a estar ";
+"OK" = "D'acord";
+"Obscure email addresses in the menu bar and menu UI." = "Amaga les adreces de correu a la barra de menús i a la interfície del menú.";
+"Off" = "Desactivat";
+"Offline" = "Sense connexió";
+"On" = "Activat";
+"Online" = "En línia";
+"Only on user action" = "Només en accions de l'usuari";
+"Open" = "Obre";
+"Open API Keys" = "Obre les claus d'API";
+"Open Amp Settings" = "Obre la configuració d'Amp";
+"Open Antigravity to sign in, then refresh CodexBar." = "Obre Antigravity per iniciar la sessió i després actualitza el CodexBar.";
+"Open Browser" = "Obre el navegador";
+"Open Coding Plan" = "Obre el pla de programació";
+"Open Console" = "Obre la Consola";
+"Open Dashboard" = "Obre el tauler";
+"Open Mistral Admin" = "Obre l'administració de Mistral";
+"Open Menu Bar Settings" = "Obre la configuració de la barra de menús";
+"Open Ollama Settings" = "Obre la configuració d'Ollama";
+"Open Terminal" = "Obre el Terminal";
+"Open Usage Page" = "Obre la pàgina d'ús";
+"Open Warp API Key Guide" = "Obre la guia de la clau d'API de Warp";
+"Open menu" = "Obre el menú";
+"Open token file" = "Obre el fitxer de testimoni";
+"OpenAI cookies" = "Galetes d'OpenAI";
+"OpenAI web extras" = "Extres web d'OpenAI";
+"Option A" = "Opció A";
+"Option B" = "Opció B";
+"Optional override if workspace lookup fails." = "Substitució opcional si falla la cerca de l'espai de treball.";
+"Options" = "Opcions";
+"Override auto-detection with a custom IDE base path" = "Substitueix la detecció automàtica amb un camí base d'IDE personalitzat";
+"Overview" = "Resum";
+"Overview rows always follow provider order." = "Les files del Resum sempre segueixen l'ordre dels proveïdors.";
+"Overview tab providers" = "Proveïdors de la pestanya Resum";
+"Paste API key…" = "Enganxa la clau d'API…";
+"Paste API token…" = "Enganxa el testimoni d'API…";
+"Paste key…" = "Enganxa la clau…";
+"Paste sessionKey or OAuth token…" = "Enganxa la sessionKey o el testimoni OAuth…";
+"Paste the Cookie header from a request to admin.mistral.ai. " = "Enganxa la capçalera Cookie d'una petició a admin.mistral.ai. ";
+"Paste token…" = "Enganxa el testimoni…";
+"Personal" = "Personal";
+"Picker" = "Selector";
+"Picker subtitle" = "Subtítol del selector";
+"Placeholder" = "Text de marcador";
+"Plan" = "Pla";
+"Play full-screen confetti when weekly usage resets." = "Mostra confeti a pantalla completa quan es reinicia l'ús setmanal.";
+"Polls OpenAI/Claude status pages and Google Workspace for " = "Consulta les pàgines d'estat d'OpenAI/Claude i Google Workspace per a ";
+"Prevents any Keychain access while enabled." = "Impedeix qualsevol accés al Clauer mentre estigui activat.";
+"Primary (API key limit)" = "Principal (límit de la clau d'API)";
+"Primary (\\(label))" = "Principal (\\(label))";
+"Primary (\\(metadata.sessionLabel))" = "Principal (\\(metadata.sessionLabel))";
+"Probe logs" = "Registres de sondeig";
+"Progress bars fill as you consume quota (instead of showing remaining)." = "Les barres de progrés s'omplen a mesura que consumeixes la quota (en comptes de mostrar el que queda).";
+"Provider" = "Proveïdor";
+"Providers" = "Proveïdors";
+"Quit CodexBar" = "Surt del CodexBar";
+"Random (default)" = "Aleatori (per defecte)";
+"Reads local usage logs. Shows today + last 30 days cost in the menu." = "Llegeix els registres d'ús locals. Mostra el cost d'avui + la finestra d'historial seleccionada al menú.";
+"Refresh" = "Actualitza";
+"Refresh cadence" = "Freqüència d'actualització";
+"Remote" = "Remot";
+"Remove" = "Elimina";
+"Remove Codex account?" = "Vols eliminar el compte de Codex?";
+"Remove \\(account.email) from CodexBar? Its managed Codex home will be deleted." = "Vols eliminar \\(account.email) del CodexBar? El seu directori Codex gestionat s'esborrarà.";
+"Remove \\(email) from CodexBar? Its managed Codex home will be deleted." = "Vols eliminar \\(email) del CodexBar? El seu directori Codex gestionat s'esborrarà.";
+"Remove selected account" = "Elimina el compte seleccionat";
+"Replace critter bars with provider branding icons and a percentage." = "Substitueix les barres de bestioles per icones de marca del proveïdor i un percentatge.";
+"Replay selected animation" = "Reprodueix l'animació seleccionada";
+"Requires authentication via GitHub Device Flow." = "Requereix autenticació mitjançant el flux de dispositiu de GitHub.";
+"Resets: \\(reset)" = "Es reinicia: \\(reset)";
+"Rolling five-hour limit" = "Límit mòbil de cinc hores";
+"Search hourly" = "Cerques per hora";
+"Secondary (\\(label))" = "Secundari (\\(label))";
+"Secondary (\\(metadata.weeklyLabel))" = "Secundari (\\(metadata.weeklyLabel))";
+"Select a provider" = "Selecciona un proveïdor";
+"Select the IDE to monitor" = "Selecciona l'IDE que cal monitorar";
+"Session quota notifications" = "Notificacions de quota de sessió";
+"Session tokens" = "Testimonis de sessió";
+"Settings" = "Configuració";
+"Show Codex Credits and Claude Extra usage sections in the menu." = "Mostra les seccions de Crèdits de Codex i Ús addicional de Claude al menú.";
+"Show Debug Settings" = "Mostra la configuració de depuració";
+"Show all token accounts" = "Mostra tots els comptes amb testimoni";
+"Show cost summary" = "Mostra el resum de cost";
+"Show credits + extra usage" = "Mostra crèdits + ús addicional";
+"Show details" = "Mostra els detalls";
+"Show most-used provider" = "Mostra el proveïdor més utilitzat";
+"Show provider icons in the switcher (otherwise show a weekly progress line)." = "Mostra les icones de proveïdor al selector (si no, mostra una línia de progrés setmanal).";
+"Show reset time as clock" = "Mostra l'hora de reinici com a rellotge";
+"Show usage as used" = "Mostra l'ús com a consumit";
+"Sign in via button below" = "Inicia la sessió amb el botó de sota";
+"Skip teardown between probes (debug-only)." = "Omet el tancament entre sondeigs (només depuració).";
+"Stack token accounts in the menu (otherwise show an account switcher bar)." = "Apila els comptes amb testimoni al menú (si no, mostra una barra de canvi de compte).";
+"Start at Login" = "Obrir en iniciar la sessió";
+"Status" = "Estat";
+"Store Claude sessionKey cookies or OAuth access tokens." = "Desa galetes sessionKey de Claude o testimonis d'accés OAuth.";
+"Store multiple Abacus AI Cookie headers." = "Desa diverses capçaleres Cookie d'Abacus AI.";
+"Store multiple Augment Cookie headers." = "Desa diverses capçaleres Cookie d'Augment.";
+"Store multiple Cursor Cookie headers." = "Desa diverses capçaleres Cookie de Cursor.";
+"Store multiple Factory Cookie headers." = "Desa diverses capçaleres Cookie de Factory.";
+"Store multiple MiniMax Cookie headers." = "Desa diverses capçaleres Cookie de MiniMax.";
+"Store multiple Mistral Cookie headers." = "Desa diverses capçaleres Cookie de Mistral.";
+"Store multiple Ollama Cookie headers." = "Desa diverses capçaleres Cookie d'Ollama.";
+"Store multiple OpenCode Cookie headers." = "Desa diverses capçaleres Cookie d'OpenCode.";
+"Store multiple OpenCode Go Cookie headers." = "Desa diverses capçaleres Cookie d'OpenCode Go.";
+"Stored in the CodexBar config file." = "Desat al fitxer de configuració del CodexBar.";
+"Stored in ~/.codexbar/config.json. " = "Desat a ~/.codexbar/config.json. ";
+"Stored in ~/.codexbar/config.json. Generate one at kimi-k2.ai." = "Desat a ~/.codexbar/config.json. Genera'n una a kimi-k2.ai.";
+"Stored in ~/.codexbar/config.json. Paste the key from the Synthetic dashboard." = "Desat a ~/.codexbar/config.json. Enganxa la clau del tauler de Synthetic.";
+"Stored in ~/.codexbar/config.json. Paste your Coding Plan API key from Model Studio." = "Desat a ~/.codexbar/config.json. Enganxa la clau d'API del teu pla de programació des de Model Studio.";
+"Stored in ~/.codexbar/config.json. Paste your MiniMax API key." = "Desat a ~/.codexbar/config.json. Enganxa la teva clau d'API de MiniMax.";
+"Stored in ~/.codexbar/config.json. You can also provide KILO_API_KEY or " = "Desat a ~/.codexbar/config.json. També pots proporcionar KILO_API_KEY o ";
+"Stores local Codex usage history (8 weeks) to personalize Pace predictions." = "Desa l'historial d'ús local de Codex (8 setmanes) per personalitzar les prediccions de Ritme.";
+"Subscription Utilization" = "Ús de la subscripció";
+"Surprise me" = "Sorprèn-me";
+"Switcher shows icons" = "El selector mostra icones";
+"Symlink CodexBarCLI to /usr/local/bin and /opt/homebrew/bin as codexbar." = "Crea un enllaç simbòlic de CodexBarCLI a /usr/local/bin i /opt/homebrew/bin com a codexbar.";
+"System" = "Sistema";
+"Temporarily shows the loading animation after the next refresh." = "Mostra temporalment l'animació de càrrega després de la propera actualització.";
+"Tertiary (\\(label))" = "Terciari (\\(label))";
+"Tertiary (\\(tertiaryTitle))" = "Terciari (\\(tertiaryTitle))";
+"The default Codex account on this Mac." = "El compte de Codex per defecte en aquest Mac.";
+"Toggle" = "Commutador";
+"Toggle subtitle" = "Subtítol del commutador";
+"Token" = "Testimoni";
+"Trigger the menu bar menu from anywhere." = "Obre el menú de la barra de menús des de qualsevol lloc.";
+"True" = "Cert";
+"Twitter" = "Twitter";
+"Unsupported" = "No compatible";
+"Update Channel" = "Canal d'actualitzacions";
+"Updated" = "Actualitzat";
+"Updates unavailable in this build." = "Actualitzacions no disponibles en aquesta compilació.";
+"Usage" = "Ús";
+"Usage breakdown" = "Desglossament d'ús";
+"Usage history (30 days)" = "Historial d'ús";
+"Usage source" = "Origen de l'ús";
+"Use BigModel for the China mainland endpoints (open.bigmodel.cn)." = "Fes servir BigModel per als endpoints de la Xina continental (open.bigmodel.cn).";
+"Use a single menu bar icon with a provider switcher." = "Fes servir una sola icona a la barra de menús amb un selector de proveïdor.";
+"Use international or China mainland console gateways for quota fetches." = "Fes servir les passarel·les de consola internacionals o de la Xina continental per obtenir la quota.";
+"Version" = "Versió";
+"Version \\(self.versionString)" = "Versió \\(self.versionString)";
+"Version \\(version)" = "Versió \\(version)";
+"Version \\(versionString)" = "Versió \\(versionString)";
+"Vertex AI Login" = "Inici de sessió de Vertex AI";
+"Wait for the current managed Codex login to finish before adding another account." = "Espera que acabi l'inici de sessió gestionat de Codex actual abans d'afegir un altre compte.";
+"Waiting for Authentication..." = "S'està esperant l'autenticació...";
+"Website" = "Lloc web";
+"Weekly limit confetti" = "Confeti del límit setmanal";
+"Weekly token limit" = "Límit setmanal de testimonis";
+"Weekly usage" = "Ús setmanal";
+"Weekly usage unavailable for this account." = "Ús setmanal no disponible per a aquest compte.";
+"Window: \\(window)" = "Finestra: \\(window)";
+"Write logs to \\(self.fileLogPath) for debugging." = "Escriu els registres a \\(self.fileLogPath) per a la depuració.";
+"Yes" = "Sí";
+"\\(detail.modelCode): \\(usage)" = "\\(detail.modelCode): \\(usage)";
+"\\(name): \\(truncated)" = "\\(name): \\(truncated)";
+"\\(name): \\(updated) · 30d \\(cost)" = "\\(name): \\(updated) · 30 d \\(cost)";
+"\\(name): fetching…\\(elapsed)" = "\\(name): s'està obtenint…\\(elapsed)";
+"\\(name): last attempt \\(when)" = "\\(name): últim intent \\(when)";
+"\\(name): no data yet" = "\\(name): encara sense dades";
+"\\(name): unsupported" = "\\(name): no compatible";
+"all browsers" = "tots els navegadors";
+"available again." = "disponible de nou.";
+"built_format" = "Compilació %@";
+"copilot_complete_in_browser" = "Completa l'inici de sessió al teu navegador.";
+"copilot_device_code" = "Codi de dispositiu copiat al porta-retalls: %1$@\n\nVerifica'l a: %2$@";
+"copilot_device_code_copied" = "Codi de dispositiu copiat.";
+"copilot_verify_at" = "Verifica'l a %@";
+"copilot_waiting_text" = "Completa l'inici de sessió al teu navegador.\nAquesta finestra es tanca automàticament quan finalitza l'inici de sessió.";
+"copilot_window_closes_auto" = "Aquesta finestra es tanca automàticament quan finalitza l'inici de sessió.";
+"cost_status_error" = "%1$@: %2$@";
+"cost_status_fetching" = "%1$@: s'està obtenint… %2$@";
+"cost_status_last_attempt" = "%1$@: últim intent %2$@";
+"cost_status_no_data" = "%@: encara sense dades";
+"cost_status_snapshot" = "%1$@: %2$@ · %3$@ %4$@";
+"cost_status_unsupported" = "%@: no compatible";
+"credits_remaining" = "Crèdits: %@";
+"cursor_on_demand" = "Sota demanda: %@";
+"cursor_on_demand_with_limit" = "Sota demanda: %1$@ / %2$@";
+"extra_usage_format" = "Ús addicional: %1$@ / %2$@";
+"jetbrains_detected_generate" = "Detectat: %@. Fes servir l'assistent d'IA una vegada per generar dades de quota i després actualitza el CodexBar.";
+"jetbrains_detected_select" = "Detectat: %@. Selecciona el teu IDE preferit a la configuració i després actualitza el CodexBar.";
+"last_fetch_failed_with_provider" = "L'última obtenció de %@ ha fallat:";
+"last_spend" = "Última despesa: %@";
+"mcp_model_usage" = "%1$@: %2$@";
+"mcp_resets" = "Es reinicia: %@";
+"mcp_window" = "Finestra: %@";
+"metric_average" = "Mitjana (%1$@ + %2$@)";
+"metric_primary" = "Principal (%@)";
+"metric_secondary" = "Secundari (%@)";
+"metric_tertiary" = "Terciari (%@)";
+"multiple_workspaces_found" = "El CodexBar ha trobat diversos espais de treball per a %@. Tria l'espai de treball que vols afegir.";
+"ory_session_…=…; csrftoken=…" = "ory_session_…=…; csrftoken=…";
+"overview_choose_providers" = "Tria fins a %@ proveïdors";
+"remove_account_message" = "Vols eliminar %@ del CodexBar? El seu directori Codex gestionat s'esborrarà.";
+"version_format" = "Versió %@";
+"vertex_ai_login_instructions" = "Per fer un seguiment de l'ús de Vertex AI, autentica't amb Google Cloud.\n\n1. Obre el Terminal\n2. Executa: gcloud auth application-default login\n3. Segueix les indicacions del navegador per iniciar la sessió\n4. Defineix el teu projecte: gcloud config set project PROJECT_ID\n\nVols obrir el Terminal ara?";
+"workspaceID is set but only opencode, opencodego, and deepgram support workspaceID." = "workspaceID està definit, però només opencode, opencodego i deepgram admeten workspaceID.";
+"© 2026 Peter Steinberger. MIT License." = "© 2026 Peter Steinberger. Llicència MIT.";
+
+/* General Pane */
+"section_system" = "Sistema";
+"section_usage" = "Ús";
+"section_automation" = "Automatització";
+"language_title" = "Idioma";
+"language_subtitle" = "Canvia l'idioma de la interfície. Cal reiniciar l'app perquè s'apliqui completament.";
+"language_system" = "Sistema";
+"language_english" = "English";
+"language_spanish" = "Español";
+"language_catalan" = "Català";
+"language_chinese_simplified" = "简体中文";
+"language_chinese_traditional" = "繁體中文";
+"language_portuguese_brazilian" = "Português (Brasil)";
+"start_at_login_title" = "Obrir en iniciar la sessió";
+"start_at_login_subtitle" = "Obre el CodexBar automàticament en iniciar el Mac.";
+"show_cost_summary" = "Mostra el resum de cost";
+"show_cost_summary_subtitle" = "Llegeix els registres d'ús locals. Mostra el cost d'avui + la finestra d'historial seleccionada al menú.";
+"cost_history_days_title" = "Finestra d'historial: %d dies";
+"cost_auto_refresh_info" = "Actualització automàtica: cada hora · Temps d'espera: 10 m";
+"refresh_cadence_title" = "Freqüència d'actualització";
+"refresh_cadence_subtitle" = "Amb quina freqüència el CodexBar consulta els proveïdors en segon pla.";
+"manual_refresh_hint" = "L'actualització automàtica està desactivada; fes servir l'ordre Actualitza del menú.";
+"check_provider_status_title" = "Comprova l'estat del proveïdor";
+"check_provider_status_subtitle" = "Consulta les pàgines d'estat d'OpenAI/Claude i Google Workspace per a Gemini/Antigravity, mostrant incidències a la icona i al menú.";
+"session_quota_notifications_title" = "Notificacions de quota de sessió";
+"session_quota_notifications_subtitle" = "Avisa quan la quota de sessió de 5 hores arriba al 0 % i quan torna a estar disponible.";
+"quota_warning_notifications_title" = "Notificacions d'avís de quota";
+"quota_warning_notifications_subtitle" = "Avisa quan la quota restant de sessió o setmanal supera els llindars configurats.";
+"quota_warnings_title" = "Avisos de quota";
+"quota_warning_session" = "sessió";
+"quota_warning_session_capitalized" = "Sessió";
+"quota_warning_weekly" = "setmanal";
+"quota_warning_weekly_capitalized" = "Setmanal";
+"quota_warning_warn_at" = "Avisa al";
+"quota_warning_global_threshold_subtitle" = "Percentatges restants per a les finestres de sessió i setmanal, llevat que un proveïdor els substitueixi.";
+"quota_warning_sound" = "Reprodueix el so de notificació";
+"quota_warning_provider_inherits" = "Fa servir la configuració global d'avís de quota llevat que es personalitzi una finestra aquí.";
+"quota_warning_customize_thresholds" = "Personalitza els llindars de %@";
+"quota_warning_enable_warnings" = "Activa els avisos de %@";
+"quota_warning_window_warn_at" = "%@ avisa al";
+"quota_warning_off" = "Desactivat";
+"quota_warning_inherited" = "Heretat: %@";
+"quota_warning_depleted_only" = "només esgotat";
+"quota_warning_upper" = "Superior";
+"quota_warning_lower" = "Inferior";
+"apply" = "Aplica";
+"quit_app" = "Surt del CodexBar";
+
+/* Tab titles */
+"tab_general" = "General";
+"tab_providers" = "Proveïdors";
+"tab_display" = "Pantalla";
+"tab_advanced" = "Avançat";
+"tab_about" = "Quant a";
+"tab_debug" = "Depuració";
+
+/* Providers Pane */
+"select_a_provider" = "Selecciona un proveïdor";
+"cancel" = "Cancel·la";
+"last_fetch_failed" = "l'última obtenció ha fallat";
+"usage_not_fetched_yet" = "encara no s'ha obtingut l'ús";
+"managed_account_storage_unreadable" = "L'emmagatzematge de comptes gestionats no es pot llegir. L'accés a comptes en directe encara està disponible, però les accions d'afegir, reautenticar i eliminar comptes gestionats estan desactivades fins que el magatzem es pugui recuperar.";
+"remove_codex_account_title" = "Vols eliminar el compte de Codex?";
+"remove" = "Elimina";
+"managed_login_already_running" = "Ja hi ha un inici de sessió gestionat de Codex en curs. Espera que acabi abans d'afegir o reautenticar un altre compte.";
+"managed_login_failed" = "L'inici de sessió gestionat de Codex no s'ha completat. Comprova que `codex --version` funciona al Terminal. Si macOS ha bloquejat o ha mogut `codex` a la Paperera, elimina les instal·lacions duplicades obsoletes, executa `npm install -g --include=optional @openai/codex@latest` i torna-ho a provar.";
+"codex_login_output" = "Sortida de codex login:";
+"managed_login_missing_email" = "L'inici de sessió de Codex s'ha completat, però no hi havia cap correu de compte disponible. Torna-ho a provar després de confirmar que el compte té la sessió totalment iniciada.";
+"workspace_selection_cancelled" = "El CodexBar ha trobat diversos espais de treball, però no se n'ha seleccionat cap.";
+"unsafe_managed_home" = "El CodexBar s'ha negat a modificar un camí de directori gestionat inesperat: %@";
+"menu_bar_metric_title" = "Mètrica de la barra de menús";
+"menu_bar_metric_subtitle" = "Tria quina finestra determina el percentatge de la barra de menús.";
+"menu_bar_metric_subtitle_deepseek" = "Mostra el saldo de DeepSeek a la barra de menús.";
+"menu_bar_metric_subtitle_moonshot" = "Mostra el saldo de l'API de Moonshot / Kimi a la barra de menús.";
+"menu_bar_metric_subtitle_mistral" = "Mostra la despesa de l'API de Mistral del mes actual a la barra de menús.";
+"menu_bar_metric_subtitle_kimik2" = "Mostra els crèdits de la clau d'API de Kimi K2 a la barra de menús.";
+"automatic" = "Automàtic";
+"primary_api_key_limit" = "Principal (límit de la clau d'API)";
+
+/* Display Pane */
+"section_menu_bar" = "Barra de menús";
+"merge_icons_title" = "Combina les icones";
+"merge_icons_subtitle" = "Fes servir una sola icona a la barra de menús amb un selector de proveïdor.";
+"switcher_shows_icons_title" = "El selector mostra icones";
+"switcher_shows_icons_subtitle" = "Mostra les icones de proveïdor al selector (si no, mostra una línia de progrés setmanal).";
+"show_most_used_provider_title" = "Mostra el proveïdor més utilitzat";
+"show_most_used_provider_subtitle" = "La barra de menús mostra automàticament el proveïdor més a prop del seu límit.";
+"menu_bar_shows_percent_title" = "La barra de menús mostra el percentatge";
+"menu_bar_shows_percent_subtitle" = "Substitueix les barres de bestioles per icones de marca del proveïdor i un percentatge.";
+"display_mode_title" = "Mode de visualització";
+"display_mode_subtitle" = "Tria què es mostra a la barra de menús (Ritme mostra l'ús respecte al previst).";
+"section_menu_content" = "Contingut del menú";
+"show_usage_as_used_title" = "Mostra l'ús com a consumit";
+"show_usage_as_used_subtitle" = "Les barres de progrés s'omplen a mesura que consumeixes la quota (en comptes de mostrar el que queda).";
+"show_quota_warning_markers_title" = "Mostra els marcadors d'avís de quota";
+"show_quota_warning_markers_subtitle" = "Dibuixa marques de llindar a les barres d'ús quan hi ha avisos de quota configurats.";
+"show_reset_time_as_clock_title" = "Mostra l'hora de reinici com a rellotge";
+"show_reset_time_as_clock_subtitle" = "Mostra les hores de reinici com a valors de rellotge absoluts en comptes de comptes enrere.";
+"show_provider_changelog_links_title" = "Mostra els enllaços al registre de canvis del proveïdor";
+"show_provider_changelog_links_subtitle" = "Afegeix al menú enllaços a les notes de versió dels proveïdors compatibles basats en CLI.";
+"show_credits_extra_usage_title" = "Mostra crèdits + ús addicional";
+"show_credits_extra_usage_subtitle" = "Mostra les seccions de Crèdits de Codex i Ús addicional de Claude al menú.";
+"show_all_token_accounts_title" = "Mostra tots els comptes amb testimoni";
+"show_all_token_accounts_subtitle" = "Apila els comptes amb testimoni al menú (si no, mostra una barra de canvi de compte).";
+"multi_account_layout_title" = "Disposició multicompte";
+"multi_account_layout_subtitle" = "Tria el canvi de compte segmentat o targetes de compte apilades.";
+"multi_account_layout_segmented" = "Segmentat";
+"multi_account_layout_stacked" = "Apilat";
+"overview_tab_providers_title" = "Proveïdors de la pestanya Resum";
+"configure" = "Configura…";
+"overview_enable_merge_icons_hint" = "Activa Combina les icones per configurar els proveïdors de la pestanya Resum.";
+"overview_no_providers_hint" = "No hi ha proveïdors activats disponibles per al Resum.";
+"overview_rows_follow_order" = "Les files del Resum sempre segueixen l'ordre dels proveïdors.";
+"overview_no_providers_selected" = "No hi ha cap proveïdor seleccionat";
+
+/* Advanced Pane */
+"section_keyboard_shortcut" = "Drecera de teclat";
+"open_menu_shortcut_title" = "Obre el menú";
+"open_menu_shortcut_subtitle" = "Obre el menú de la barra de menús des de qualsevol lloc.";
+"install_cli" = "Instal·la la CLI";
+"install_cli_subtitle" = "Crea un enllaç simbòlic de CodexBarCLI a /usr/local/bin i /opt/homebrew/bin com a codexbar.";
+"cli_not_found" = "No s'ha trobat CodexBarCLI al paquet de l'app.";
+"no_writable_bin_dirs" = "No s'han trobat directoris bin amb permís d'escriptura.";
+"show_debug_settings_title" = "Mostra la configuració de depuració";
+"show_debug_settings_subtitle" = "Mostra eines de diagnòstic a la pestanya Depuració.";
+"surprise_me_title" = "Sorprèn-me";
+"surprise_me_subtitle" = "Activa-ho si t'agrada que els teus agents es diverteixin allà dalt.";
+"weekly_limit_confetti_title" = "Confeti del límit setmanal";
+"weekly_limit_confetti_subtitle" = "Mostra confeti a pantalla completa quan es reinicia l'ús setmanal.";
+"hide_personal_info_title" = "Amaga la informació personal";
+"hide_personal_info_subtitle" = "Amaga les adreces de correu a la barra de menús i a la interfície del menú.";
+"show_provider_storage_usage_title" = "Mostra l'ús d'emmagatzematge del proveïdor";
+"show_provider_storage_usage_subtitle" = "Mostra l'ús de disc local als menús. Analitza en segon pla els camins coneguts del proveïdor.";
+"section_keychain_access" = "Accés al Clauer";
+"keychain_access_caption" = "Desactiva totes les lectures i escriptures del Clauer. La importació de galetes del navegador no estarà disponible; enganxa les capçaleres Cookie manualment a Proveïdors.";
+"disable_keychain_access_title" = "Desactiva l'accés al Clauer";
+"disable_keychain_access_subtitle" = "Impedeix qualsevol accés al Clauer mentre estigui activat.";
+
+/* About Pane */
+"about_tagline" = "Que els teus testimonis no s'esgotin mai: mantén els límits dels teus agents a la vista.";
+"link_github" = "GitHub";
+"link_website" = "Lloc web";
+"link_twitter" = "Twitter";
+"link_email" = "Correu electrònic";
+"check_updates_auto" = "Cerca actualitzacions automàticament";
+"update_channel" = "Canal d'actualitzacions";
+"check_for_updates" = "Cerca actualitzacions…";
+"updates_unavailable" = "Actualitzacions no disponibles en aquesta compilació.";
+"copyright" = "© 2026 Peter Steinberger. Llicència MIT.";
+
+/* Debug Pane */
+"section_logging" = "Registre";
+"enable_file_logging" = "Activa el registre en fitxer";
+"enable_file_logging_subtitle" = "Escriu els registres a %@ per a la depuració.";
+"verbosity_title" = "Nivell de detall";
+"verbosity_subtitle" = "Controla quant detall es registra.";
+"open_log_file" = "Obre el fitxer de registre";
+"force_animation_next_refresh" = "Força l'animació a la propera actualització";
+"force_animation_next_refresh_subtitle" = "Mostra temporalment l'animació de càrrega després de la propera actualització.";
+"section_loading_animations" = "Animacions de càrrega";
+"loading_animations_caption" = "Tria un patró i reprodueix-lo a la barra de menús. «Aleatori» manté el comportament actual.";
+"animation_random_default" = "Aleatori (per defecte)";
+"replay_selected_animation" = "Reprodueix l'animació seleccionada";
+"blink_now" = "Parpelleja ara";
+"section_probe_logs" = "Registres de sondeig";
+"probe_logs_caption" = "Obté la sortida de sondeig més recent per a la depuració; Copia conserva el text complet.";
+"fetch_log" = "Obtén el registre";
+"copy" = "Copia";
+"save_to_file" = "Desa en un fitxer";
+"load_parse_dump" = "Carrega l'abocament d'anàlisi";
+"rerun_provider_autodetect" = "Torna a executar l'autodetecció de proveïdors";
+"loading" = "S'està carregant…";
+"no_log_yet_fetch" = "Encara no hi ha registre. Obtén per carregar-lo.";
+"section_fetch_strategy" = "Intents d'estratègia d'obtenció";
+"fetch_strategy_caption" = "Últimes decisions i errors del flux d'obtenció d'un proveïdor.";
+"section_openai_cookies" = "Galetes d'OpenAI";
+"openai_cookies_caption" = "Registres d'importació de galetes i extracció amb WebKit de l'últim intent de galetes d'OpenAI.";
+"no_log_yet" = "Encara no hi ha registre. Actualitza les galetes d'OpenAI a Proveïdors → Codex per executar una importació.";
+"section_caches" = "Memòries cau";
+"caches_caption" = "Esborra els resultats d'anàlisi de cost a la memòria cau o les memòries cau de galetes del navegador.";
+"clear_cookie_cache" = "Esborra la memòria cau de galetes";
+"clear_cost_cache" = "Esborra la memòria cau de cost";
+"section_notifications" = "Notificacions";
+"notifications_caption" = "Llança notificacions de prova per a la finestra de sessió de 5 hores (esgotada/restaurada).";
+"post_depleted" = "Envia esgotada";
+"post_restored" = "Envia restaurada";
+"section_cli_sessions" = "Sessions de la CLI";
+"cli_sessions_caption" = "Mantén actives les sessions de la CLI de Codex/Claude després d'un sondeig. Per defecte es tanquen quan es capturen les dades.";
+"keep_cli_sessions_alive" = "Mantén actives les sessions de la CLI";
+"keep_cli_sessions_alive_subtitle" = "Omet el tancament entre sondeigs (només depuració).";
+"reset_cli_sessions" = "Reinicia les sessions de la CLI";
+"section_error_simulation" = "Simulació d'errors";
+"error_simulation_caption" = "Injecta un missatge d'error fals a la targeta del menú per provar la disposició.";
+"set_menu_error" = "Estableix l'error de menú";
+"clear_menu_error" = "Esborra l'error de menú";
+"set_cost_error" = "Estableix l'error de cost";
+"clear_cost_error" = "Esborra l'error de cost";
+"section_cli_paths" = "Camins de la CLI";
+"cli_paths_caption" = "Binari de Codex resolt i capes de PATH; captura del PATH d'inici de sessió a l'arrencada (temps d'espera curt).";
+"codex_binary" = "Binari de Codex";
+"claude_binary" = "Binari de Claude";
+"effective_path" = "PATH efectiu";
+"unavailable" = "No disponible";
+"login_shell_path" = "PATH del shell d'inici de sessió (captura a l'arrencada)";
+"cleared" = "Esborrat.";
+"no_fetch_attempts" = "Encara no hi ha intents d'obtenció.";
+"macOS Tahoe can block menu bar apps in System Settings → Menu Bar → Allow in the Menu Bar. CodexBar is running, but macOS may be hiding its icon. Open Menu Bar settings and turn CodexBar on." = "macOS Tahoe pot bloquejar les apps de la barra de menús a Configuració del Sistema → Barra de menús → Permet a la barra de menús. El CodexBar s'està executant, però macOS podria estar amagant-ne la icona. Obre la configuració de la barra de menús i activa el CodexBar.";
+
+/* Metric preferences */
+"metric_pref_automatic" = "Automàtic";
+"metric_pref_primary" = "Principal";
+"metric_pref_secondary" = "Secundari";
+"metric_pref_tertiary" = "Terciari";
+"metric_pref_extra_usage" = "Ús addicional";
+"metric_pref_average" = "Mitjana";
+
+/* Display modes */
+"display_mode_percent" = "Percentatge";
+"display_mode_pace" = "Ritme";
+"display_mode_both" = "Tots dos";
+"display_mode_percent_desc" = "Mostra el percentatge restant/usat (p. ex. 45 %)";
+"display_mode_pace_desc" = "Mostra l'indicador de ritme (p. ex. +5 %)";
+"display_mode_both_desc" = "Mostra el percentatge i el ritme (p. ex. 45 % · +5 %)";
+
+/* Provider status */
+"status_operational" = "Operatiu";
+"status_partial_outage" = "Interrupció parcial";
+"status_major_outage" = "Interrupció greu";
+"status_critical_issue" = "Problema crític";
+"status_maintenance" = "Manteniment";
+"status_unknown" = "Estat desconegut";
+
+/* Refresh frequency */
+"refresh_manual" = "Manual";
+"refresh_1min" = "1 min";
+"refresh_2min" = "2 min";
+"refresh_5min" = "5 min";
+"refresh_15min" = "15 min";
+"refresh_30min" = "30 min";
+
+/* Additional keys */
+"not_found" = "No trobat";
+
+/* Cost estimation */
+"cost_header_estimated" = "Cost (estimat)";
+"cost_estimate_hint" = "Estimat a partir de registres locals · pot diferir de la teva factura";
+
+/* Popup panels */
+"No usage configured." = "No hi ha cap ús configurat.";
+"Quota" = "Quota";
+"tokens" = "tokens";
+"requests" = "sol·licituds";
+"Latest" = "Més recent";
+"Monthly" = "Mensual";
+"Sonnet" = "Sonnet";
+"Auth" = "Autenticació";
+"Overages" = "Excedents";
+"Activity" = "Activitat";
+"Copied" = "Copiat";
+"Copy error" = "Error en copiar";
+"Copy path" = "Copia el camí";
+"Extra usage spent" = "Despesa d'ús addicional";
+"Credits remaining" = "Crèdits restants";
+"Using CLI fallback" = "S'està utilitzant l'alternativa de la CLI";
+"Balance updates in near-real time (up to 5 min lag)" = "El saldo s'actualitza gairebé en temps real (fins a 5 min de retard)";
+"Daily billing data finalizes at 07:00 UTC" = "Les dades diàries de facturació es tanquen a les 07:00 UTC";
+"%@ of %@ credits left" = "Queden %@ de %@ crèdits";
+"%@ of %@ bonus credits left" = "Queden %@ de %@ crèdits de bonificació";
+"%@ / %@ (%@ remaining)" = "%@ / %@ (%@ restants)";
+"%@/%@ left" = "%@/%@ restant";
+"Gemini Flash" = "Gemini Flash";
+"Regenerates %@" = "Es regenera %@";
+"used after next regen" = "usat després de la propera regeneració";
+"after next regen" = "després de la propera regeneració";
+"Near full" = "Gairebé ple";
+"Full in ~1 regen" = "Ple en ~1 regeneració";
+"Full in ~%.0f regens" = "Ple en ~%.0f regeneracions";
+"Overage usage" = "Ús excedent";
+"Overage cost" = "Cost excedent";
+"credits" = "crèdits";
+"Zen balance" = "Saldo Zen";
+"API spend" = "Despesa d'API";
+"Extra usage" = "Ús addicional";
+"Quota usage" = "Ús de quota";
+"%.0f%% used" = "%.0f%% usat";
+"Usage history (today)" = "Historial d'ús (avui)";
+"Usage history (%d days)" = "Historial d'ús (%d dies)";
+"%d percent remaining" = "%d%% restant";
+"Unknown" = "Desconegut";
+"stale data" = "dades obsoletes";
+"No credits history data available." = "No hi ha dades d'historial de crèdits disponibles.";
+"Credits history chart" = "Gràfic d'historial de crèdits";
+"%d days of credits data" = "%d dies de dades de crèdits";
+"Usage breakdown chart" = "Gràfic de desglossament d'ús";
+"%d days of usage data across %d services" = "%d dies de dades d'ús en %d serveis";
+"Cost history chart" = "Gràfic d'historial de costos";
+"%d days of cost data" = "%d dies de dades de costos";
+"Plan utilization chart" = "Gràfic d'utilització del pla";
+"%d utilization samples" = "%d mostres d'utilització";
+"Hourly Usage" = "Ús per hora";
+"Usage remaining" = "Ús restant";
+"Usage used" = "Ús utilitzat";
+"API key verified. Ollama does not expose Cloud quota limits through the API." = "Clau d'API verificada. Ollama no exposa els límits de quota de Cloud a través de l'API.";
+"Last 30 days: %@ tokens" = "Últims 30 dies: %@ tokens";
+"7d spend" = "Despesa 7 d";
+"30d spend" = "Despesa 30 d";
+"Cache read" = "Lectura de memòria cau";
+"Claude Admin API 30 day spend trend" = "Tendència de despesa de 30 dies de Claude Admin API";
+"OpenRouter API key spend trend" = "Tendència de despesa de la clau API d'OpenRouter";
+"z.ai hourly token trend" = "Tendència horària de tokens de z.ai";
+"MiniMax 30 day token usage trend" = "Tendència d'ús de tokens de 30 dies de MiniMax";
+"Today cash" = "Efectiu d'avui";
+"DeepSeek 30 day token usage trend" = "Tendència d'ús de tokens de 30 dies de DeepSeek";
+"cache-hit input" = "entrada amb encert de memòria cau";
+"cache-miss input" = "entrada sense encert de memòria cau";
+"output" = "sortida";
+"Requests" = "Sol·licituds";
+"Reported by OpenAI Admin API organization usage." = "Informat per l'ús de l'organització a OpenAI Admin API.";
+"Reported by Mistral billing usage." = "Informat per l'ús de facturació de Mistral.";
+"Today" = "Avui";
+"Today tokens" = "Tokens d'avui";
+"30d cost" = "Cost 30 d";
+"30d tokens" = "Tokens 30 d";
+"Latest tokens" = "Tokens recents";
+"Top model" = "Model principal";
+"Storage" = "Emmagatzematge";
+"No data" = "Sense dades";
+"Last %d days" = "Últims %d dies";
+"%@ tokens" = "%@ tokens";
+"Latest billing day" = "Últim dia de facturació";
+"Latest billing day (%@)" = "Últim dia de facturació (%@)";
+"This week" = "Aquesta setmana";
+"This month" = "Aquest mes";
+"Week" = "Setmana";
+"Month" = "Mes";
+"Models" = "Models";
+"24h tokens" = "Tokens 24 h";
+"Latest hour" = "Última hora";
+"Peak hour" = "Hora punta";
+"Top method" = "Mètode principal";
+"30d cash" = "Efectiu 30 d";
+"30d billing history from MiniMax web session" = "Historial de facturació de 30 dies de la sessió web de MiniMax";
+"AWS Cost Explorer billing can lag." = "La facturació d'AWS Cost Explorer pot endarrerir-se.";
+"Rate limit: %d / %@" = "Límit de taxa: %d / %@";
+"Key remaining" = "Restant de la clau";
+"No limit set for the API key" = "No hi ha cap límit configurat per a la clau API";
+"API key limit unavailable right now" = "El límit de la clau API no està disponible ara mateix";
+"Today: %@ · %@ tokens" = "Avui: %@ · %@ tokens";
+"Today: %@" = "Avui: %@";
+"Today: %@ tokens" = "Avui: %@ tokens";
+"This month: %@ tokens" = "Aquest mes: %@ tokens";
+"API key limit" = "Límit de la clau API";
+"Limits not available" = "Límits no disponibles";
+"No usage yet" = "Encara no hi ha ús";
+"Not fetched yet" = "Encara no obtingut";
+"Code review" = "Revisió de codi";
+
+/* Additional provider settings and alerts */
+"%@ is waiting for permission" = "%@ espera permís";
+"%@ requests" = "%@ sol·licituds";
+"%@: %@ credits" = "%@: %@ crèdits";
+"30d requests" = "Sol·licituds de 30 d";
+"4 days" = "4 dies";
+"5 days" = "5 dies";
+"7 days" = "7 dies";
+"API key verifies Ollama Cloud access; cookies still expose quota limits." = "La clau API verifica l'accés a Ollama Cloud; les galetes encara exposen els límits de quota.";
+"AWS access key ID. Can also be set with AWS_ACCESS_KEY_ID." = "ID de clau d'accés d'AWS. També es pot definir amb AWS_ACCESS_KEY_ID.";
+"AWS region. Can also be set with AWS_REGION." = "Regió d'AWS. També es pot definir amb AWS_REGION.";
+"AWS secret access key. Can also be set with AWS_SECRET_ACCESS_KEY." = "Clau secreta d'accés d'AWS. També es pot definir amb AWS_SECRET_ACCESS_KEY.";
+"Access key ID" = "ID de clau d'accés";
+"Add Account" = "Afegeix compte";
+"Adding Account…" = "S'està afegint el compte…";
+"Antigravity login failed" = "L'inici de sessió d'Antigravity ha fallat";
+"Antigravity login timed out" = "L'inici de sessió d'Antigravity ha esgotat el temps";
+"Auth source" = "Font d'autenticació";
+"Automatic imports Chrome browser cookies from Xiaomi MiMo." = "Importa automàticament les galetes de Chrome de Xiaomi MiMo.";
+"Automatic imports Windsurf session data from Chromium browser localStorage." = "Importa automàticament dades de sessió de Windsurf del localStorage de Chromium.";
+"Automatic imports browser cookies from Bailian." = "Importa automàticament galetes del navegador de Bailian.";
+"Automatically imports browser cookies." = "Importa automàticament galetes del navegador.";
+"Automatically imports browser session cookies." = "Importa automàticament galetes de sessió del navegador.";
+"Azure OpenAI deployment name. AZURE_OPENAI_DEPLOYMENT_NAME is also supported." = "Nom del desplegament d'Azure OpenAI. També s'admet AZURE_OPENAI_DEPLOYMENT_NAME.";
+"Azure OpenAI key" = "Clau d'Azure OpenAI";
+"Azure OpenAI resource endpoint. AZURE_OPENAI_ENDPOINT is also supported." = "Endpoint del recurs Azure OpenAI. També s'admet AZURE_OPENAI_ENDPOINT.";
+"Base URL" = "URL base";
+"Base URL for the LLM-API-Key-Proxy instance." = "URL base de la instància LLM-API-Key-Proxy.";
+"Browser cookies" = "Galetes del navegador";
+"Cap end" = "Final del límit";
+"Cap start" = "Inici del límit";
+"Capacity End" = "Final de capacitat";
+"Capacity Start" = "Inici de capacitat";
+"Changelog" = "Registre de canvis";
+"Choose the Moonshot/Kimi API host for international or China mainland accounts." = "Tria el host de l'API Moonshot/Kimi per a comptes internacionals o de la Xina continental.";
+"CodexBar can't replace a system account that is signed in with an API key only setup." = "CodexBar no pot substituir un compte del sistema iniciat només amb una clau API.";
+"CodexBar could not find saved auth for that account. Re-authenticate it and try again." = "CodexBar no ha trobat autenticació desada per a aquest compte. Torna'l a autenticar i prova-ho de nou.";
+"CodexBar could not read managed account storage. Recover the store before adding another account." = "CodexBar no ha pogut llegir l'emmagatzematge de comptes gestionats. Recupera'l abans d'afegir un altre compte.";
+"CodexBar could not read saved auth for that account. Re-authenticate it and try again." = "CodexBar no ha pogut llegir l'autenticació desada per a aquest compte. Torna'l a autenticar i prova-ho de nou.";
+"CodexBar could not read the current system account on this Mac." = "CodexBar no ha pogut llegir el compte del sistema actual en aquest Mac.";
+"CodexBar could not replace the live Codex auth on this Mac." = "CodexBar no ha pogut substituir l'autenticació activa de Codex en aquest Mac.";
+"CodexBar could not safely preserve the current system account before switching." = "CodexBar no ha pogut preservar de manera segura el compte del sistema actual abans de canviar.";
+"CodexBar could not save the current system account before switching." = "CodexBar no ha pogut desar el compte del sistema actual abans de canviar.";
+"CodexBar could not update managed account storage." = "CodexBar no ha pogut actualitzar l'emmagatzematge de comptes gestionats.";
+"CodexBar found another managed account that already uses the current system account. Resolve the duplicate account before switching." = "CodexBar ha trobat un altre compte gestionat que ja utilitza el compte del sistema actual. Resol el compte duplicat abans de canviar.";
+"CodexBar will ask macOS Keychain for “%@” so it can decrypt browser cookies and authenticate your account. Click OK to continue." = "CodexBar demanarà a Clauers de macOS “%@” per desxifrar galetes del navegador i autenticar el compte. Fes clic a OK per continuar.";
+"CodexBar will ask macOS Keychain for the Claude Code OAuth token so it can fetch your Claude usage. Click OK to continue." = "CodexBar demanarà a Clauers de macOS el token OAuth de Claude Code per obtenir l'ús de Claude. Fes clic a OK per continuar.";
+"CodexBar will ask macOS Keychain for your Amp cookie header so it can fetch usage. Click OK to continue." = "CodexBar demanarà a Clauers de macOS la capçalera Cookie d'Amp per obtenir l'ús. Fes clic a OK per continuar.";
+"CodexBar will ask macOS Keychain for your Augment cookie header so it can fetch usage. Click OK to continue." = "CodexBar demanarà a Clauers de macOS la capçalera Cookie d'Augment per obtenir l'ús. Fes clic a OK per continuar.";
+"CodexBar will ask macOS Keychain for your Claude cookie header so it can fetch Claude web usage. Click OK to continue." = "CodexBar demanarà a Clauers de macOS la capçalera Cookie de Claude per obtenir l'ús web de Claude. Fes clic a OK per continuar.";
+"CodexBar will ask macOS Keychain for your Cursor cookie header so it can fetch usage. Click OK to continue." = "CodexBar demanarà a Clauers de macOS la capçalera Cookie de Cursor per obtenir l'ús. Fes clic a OK per continuar.";
+"CodexBar will ask macOS Keychain for your Factory cookie header so it can fetch usage. Click OK to continue." = "CodexBar demanarà a Clauers de macOS la capçalera Cookie de Factory per obtenir l'ús. Fes clic a OK per continuar.";
+"CodexBar will ask macOS Keychain for your GitHub Copilot token so it can fetch usage. Click OK to continue." = "CodexBar demanarà a Clauers de macOS el token de GitHub Copilot per obtenir l'ús. Fes clic a OK per continuar.";
+"CodexBar will ask macOS Keychain for your Kimi K2 API key so it can fetch usage. Click OK to continue." = "CodexBar demanarà a Clauers de macOS la clau API de Kimi K2 per obtenir l'ús. Fes clic a OK per continuar.";
+"CodexBar will ask macOS Keychain for your Kimi auth token so it can fetch usage. Click OK to continue." = "CodexBar demanarà a Clauers de macOS el token d'autenticació de Kimi per obtenir l'ús. Fes clic a OK per continuar.";
+"CodexBar will ask macOS Keychain for your MiniMax API token so it can fetch usage. Click OK to continue." = "CodexBar demanarà a Clauers de macOS el token API de MiniMax per obtenir l'ús. Fes clic a OK per continuar.";
+"CodexBar will ask macOS Keychain for your MiniMax cookie header so it can fetch usage. Click OK to continue." = "CodexBar demanarà a Clauers de macOS la capçalera Cookie de MiniMax per obtenir l'ús. Fes clic a OK per continuar.";
+"CodexBar will ask macOS Keychain for your OpenAI cookie header so it can fetch Codex dashboard extras. Click OK to continue." = "CodexBar demanarà a Clauers de macOS la capçalera Cookie d'OpenAI per obtenir extres del tauler de Codex. Fes clic a OK per continuar.";
+"CodexBar will ask macOS Keychain for your OpenCode cookie header so it can fetch usage. Click OK to continue." = "CodexBar demanarà a Clauers de macOS la capçalera Cookie d'OpenCode per obtenir l'ús. Fes clic a OK per continuar.";
+"CodexBar will ask macOS Keychain for your Synthetic API key so it can fetch usage. Click OK to continue." = "CodexBar demanarà a Clauers de macOS la clau API de Synthetic per obtenir l'ús. Fes clic a OK per continuar.";
+"CodexBar will ask macOS Keychain for your z.ai API token so it can fetch usage. Click OK to continue." = "CodexBar demanarà a Clauers de macOS el token API de z.ai per obtenir l'ús. Fes clic a OK per continuar.";
+"Could not open Cursor login in your browser." = "No s'ha pogut obrir l'inici de sessió de Cursor al navegador.";
+"Could not open browser for Antigravity" = "No s'ha pogut obrir el navegador per a Antigravity";
+"Credits used" = "Crèdits usats";
+"Day" = "Dia";
+"Deployment" = "Desplegament";
+"Drag to reorder" = "Arrossega per reordenar";
+"Endpoint" = "Endpoint";
+"Enterprise host" = "Host Enterprise";
+"Extra usage balance: %@" = "Saldo d'ús extra: %@";
+"Keychain Access Required" = "Cal accés a Clauers";
+"Kiro menu bar value" = "Valor de Kiro a la barra de menús";
+"Label" = "Etiqueta";
+"No organizations loaded. Click Refresh after setting your API key." = "No hi ha organitzacions carregades. Fes clic a Actualitza després de configurar la clau API.";
+"No output captured." = "No s'ha capturat cap sortida.";
+"No system account" = "Sense compte del sistema";
+"Oasis-Token" = "Oasis-Token";
+"Open Augment (Log Out & Back In)" = "Obre Augment (tanca sessió i torna a entrar)";
+"Open Codebuff Dashboard" = "Obre el tauler de Codebuff";
+"Open Command Code Settings" = "Obre la configuració de Command Code";
+"Open Crof dashboard" = "Obre el tauler de Crof";
+"Open Manus" = "Obre Manus";
+"Open MiMo Balance" = "Obre el saldo de MiMo";
+"Open Moonshot Console" = "Obre la consola de Moonshot";
+"Open Ollama API Keys" = "Obre les claus API d'Ollama";
+"Open StepFun Platform" = "Obre la plataforma StepFun";
+"Open T3 Chat Settings" = "Obre la configuració de T3 Chat";
+"Open Volcengine Ark Console" = "Obre la consola Volcengine Ark";
+"Open legacy provider docs" = "Obre la documentació del proveïdor heretat";
+"Open projects" = "Obre projectes";
+"Open this URL manually to continue login:\n\n%@" = "Obre aquesta URL manualment per continuar l'inici de sessió:\n\n%@";
+"Optional organization ID for accounts linked to multiple Anthropic organizations." = "ID d'organització opcional per a comptes vinculats a diverses organitzacions d'Anthropic.";
+"Optional. Applies to the configured Admin API key; selected token accounts do not inherit OPENAI_PROJECT_ID." = "Opcional. S'aplica a la clau Admin API configurada; els comptes de token seleccionats no hereten OPENAI_PROJECT_ID.";
+"Optional. Enter your GitHub Enterprise host, for example octocorp.ghe.com. Leave blank for github.com." = "Opcional. Introdueix el host de GitHub Enterprise, per exemple octocorp.ghe.com. Deixa-ho en blanc per a github.com.";
+"Optional. Leave blank to discover and aggregate projects visible to the API key." = "Opcional. Deixa-ho en blanc per descobrir i agregar projectes visibles per a la clau API.";
+"Org ID (optional)" = "ID d'org. (opcional)";
+"Organizations" = "Organitzacions";
+"Password" = "Contrasenya";
+"%@ authentication is disabled." = "L'autenticació de %@ està desactivada.";
+"%@ cookies are disabled." = "Les galetes de %@ estan desactivades.";
+"%@ web API access is disabled." = "L'accés a l'API web de %@ està desactivat.";
+"Disable %@ dashboard cookie usage." = "Desactiva l'ús de galetes del tauler de %@.";
+"Keychain access is disabled in Advanced, so browser cookie import is unavailable." = "L'accés al clauer està desactivat a Avançat, així que la importació de galetes del navegador no està disponible.";
+"Manually paste an %@ from a browser session." = "Enganxa manualment un %@ d'una sessió del navegador.";
+"Paste a Cookie header captured from %@." = "Enganxa una capçalera Cookie capturada de %@.";
+"Paste a Cookie header from %@." = "Enganxa una capçalera Cookie de %@.";
+"Paste a Cookie header or cURL capture from %@." = "Enganxa una capçalera Cookie o una captura cURL de %@.";
+"Paste a Cookie header or full cURL capture from %@." = "Enganxa una capçalera Cookie o una captura cURL completa de %@.";
+"Paste a Cookie or Authorization header from %@." = "Enganxa una capçalera Cookie o Authorization de %@.";
+"Paste a full cookie header or the %@ value." = "Enganxa una capçalera de galetes completa o el valor %@.";
+"Paste a Cookie header or full cURL capture from T3 Chat settings." = "Enganxa una capçalera Cookie o una captura cURL completa de la configuració de T3 Chat.";
+"Paste the Cookie header from a request to admin.mistral.ai. Must contain an ory_session_* cookie." = "Enganxa la capçalera Cookie d'una sol·licitud a admin.mistral.ai. Ha de contenir una galeta ory_session_*.";
+"Paste the Oasis-Token from a logged-in browser session on platform.stepfun.com." = "Enganxa l'Oasis-Token d'una sessió iniciada a platform.stepfun.com.";
+"Paste the %@ JSON bundle from %@." = "Enganxa el paquet JSON %@ de %@.";
+"Paste the %@ value or a full Cookie header." = "Enganxa el valor %@ o una capçalera Cookie completa.";
+"Personal account" = "Compte personal";
+"Project ID" = "ID de projecte";
+"Re-auth" = "Reautentica";
+"Re-authenticating…" = "S'està reautenticant…";
+"Refresh Session" = "Actualitza la sessió";
+"Refresh organizations" = "Actualitza organitzacions";
+"Region" = "Regió";
+"Reload" = "Recarrega";
+"Reorder" = "Reordena";
+"Secret access key" = "Clau secreta d'accés";
+"Series" = "Sèrie";
+"Service" = "Servei";
+"Show or hide Kiro credits, percent, or both next to the menu bar icon." = "Mostra o amaga crèdits de Kiro, percentatge o tots dos al costat de la icona de la barra de menús.";
+"Show usage for organizations you belong to. Personal account is always shown." = "Mostra l'ús de les organitzacions a què pertanys. El compte personal sempre es mostra.";
+"Sign in to cursor.com in your browser, then refresh Cursor in CodexBar." = "Inicia sessió a cursor.com al navegador i després actualitza Cursor a CodexBar.";
+"Simulated error text" = "Text d'error simulat";
+"StepFun platform account (phone number or email)." = "Compte de la plataforma StepFun (telèfon o correu).";
+"Stored in ~/.codexbar/config.json." = "Desat a ~/.codexbar/config.json.";
+"Stored in ~/.codexbar/config.json. AZURE_OPENAI_API_KEY is also supported." = "Desat a ~/.codexbar/config.json. També s'admet AZURE_OPENAI_API_KEY.";
+"Stored in ~/.codexbar/config.json. For the official Kimi API, use Moonshot / Kimi API." = "Desat a ~/.codexbar/config.json. Per a l'API oficial de Kimi, usa Moonshot / Kimi API.";
+"Stored in ~/.codexbar/config.json. Get your API key from the Volcengine Ark console." = "Desat a ~/.codexbar/config.json. Obtén la clau API a la consola Volcengine Ark.";
+"Stored in ~/.codexbar/config.json. Get your key from Ollama settings." = "Desat a ~/.codexbar/config.json. Obtén la clau a la configuració d'Ollama.";
+"Stored in ~/.codexbar/config.json. Get your key from console.deepgram.com." = "Desat a ~/.codexbar/config.json. Obtén la clau a console.deepgram.com.";
+"Stored in ~/.codexbar/config.json. Get your key from elevenlabs.io/app/settings/api-keys." = "Desat a ~/.codexbar/config.json. Obtén la clau a elevenlabs.io/app/settings/api-keys.";
+"Stored in ~/.codexbar/config.json. Get your key from openrouter.ai/settings/keys and set a key spending limit there to enable API key quota tracking." = "Desat a ~/.codexbar/config.json. Obtén la clau a openrouter.ai/settings/keys i defineix-hi un límit de despesa per activar el seguiment de quota.";
+"Stored in ~/.codexbar/config.json. In Warp, open Settings > Platform > API Keys, then create one." = "Desat a ~/.codexbar/config.json. A Warp, obre Settings > Platform > API Keys i crea'n una.";
+"Stored in ~/.codexbar/config.json. Metrics require Groq Enterprise Prometheus access." = "Desat a ~/.codexbar/config.json. Les mètriques requereixen accés a Groq Enterprise Prometheus.";
+"Stored in ~/.codexbar/config.json. OPENAI_ADMIN_KEY is preferred; OPENAI_API_KEY still works." = "Desat a ~/.codexbar/config.json. Es prefereix OPENAI_ADMIN_KEY; OPENAI_API_KEY encara funciona.";
+"Stored in ~/.codexbar/config.json. Requires an Anthropic Admin API key." = "Desat a ~/.codexbar/config.json. Requereix una clau Anthropic Admin API.";
+"Stored in ~/.codexbar/config.json. Used for /v1/quota-stats." = "Desat a ~/.codexbar/config.json. S'usa per a /v1/quota-stats.";
+"Stored in ~/.codexbar/config.json. You can also provide CODEBUFF_API_KEY or let CodexBar read ~/.config/manicode/credentials.json (created by `codebuff login`)." = "Desat a ~/.codexbar/config.json. També pots proporcionar CODEBUFF_API_KEY o deixar que CodexBar llegeixi ~/.config/manicode/credentials.json (creat per `codebuff login`).";
+"Stored in ~/.codexbar/config.json. You can also provide CROF_API_KEY." = "Desat a ~/.codexbar/config.json. També pots proporcionar CROF_API_KEY.";
+"Stored in ~/.codexbar/config.json. You can also provide KILO_API_KEY or ~/.local/share/kilo/auth.json (kilo.access)." = "Desat a ~/.codexbar/config.json. També pots proporcionar KILO_API_KEY o ~/.local/share/kilo/auth.json (kilo.access).";
+"T3 Chat cookie" = "Galeta de T3 Chat";
+"That account is no longer available in CodexBar. Refresh the account list and try again." = "Aquest compte ja no està disponible a CodexBar. Actualitza la llista de comptes i torna-ho a provar.";
+"The browser login did not complete in time. Try Antigravity login again." = "L'inici de sessió del navegador no s'ha completat a temps. Torna a provar l'inici de sessió d'Antigravity.";
+"Timed out waiting for Cursor login. %@" = "S'ha esgotat el temps esperant l'inici de sessió de Cursor. %@";
+"Timed out waiting for Cursor login. %@ Last error: %@" = "S'ha esgotat el temps esperant l'inici de sessió de Cursor. %@ Últim error: %@";
+"Today requests" = "Sol·licituds d'avui";
+"Total (30d): %@ credits" = "Total (30 d): %@ crèdits";
+"Username" = "Nom d'usuari";
+"Uses username + password to login and obtain an Oasis-Token automatically." = "Usa nom d'usuari i contrasenya per iniciar sessió i obtenir un Oasis-Token automàticament.";
+"Uses username + password to login and obtain an %@ automatically." = "Usa nom d'usuari i contrasenya per iniciar sessió i obtenir un %@ automàticament.";
+"Utilization End" = "Final d'utilització";
+"Utilization Start" = "Inici d'utilització";
+"Verbosity" = "Detall";
+"Windsurf session JSON bundle" = "Paquet JSON de sessió de Windsurf";
+"Workspace ID" = "ID d'espai de treball";
+"Your StepFun platform password. Used to login and obtain a session token." = "La contrasenya de la plataforma StepFun. S'usa per iniciar sessió i obtenir un token de sessió.";
+"claude /login exited with status %d." = "claude /login ha sortit amb estat %d.";
+"codex login exited with status %d." = "codex login ha sortit amb estat %d.";
+"Cookie: …\n\nor paste a cURL capture from the Abacus AI dashboard" = "Cookie: …\n\no enganxa una captura cURL del tauler d'Abacus AI";
+"Cookie: …\n\nor paste the __Secure-next-auth.session-token value" = "Cookie: …\n\no enganxa el valor de __Secure-next-auth.session-token";
+"Cookie: …\n\nor paste the kimi-auth token value" = "Cookie: …\n\no enganxa el valor del token kimi-auth";
+"session_id=...\n\nor paste just the session_id value" = "session_id=...\n\no enganxa només el valor de session_id";
diff --git a/Sources/CodexBar/Resources/en.lproj/Localizable.strings b/Sources/CodexBar/Resources/en.lproj/Localizable.strings
new file mode 100644
index 000000000..324589f44
--- /dev/null
+++ b/Sources/CodexBar/Resources/en.lproj/Localizable.strings
@@ -0,0 +1,1059 @@
+/* English localization for CodexBar (base/fallback) */
+
+" providers" = " providers";
+"(System)" = "(System)";
+"30d" = "30d";
+"A managed Codex login is already running. Wait for it to finish before adding " = "A managed Codex login is already running. Wait for it to finish before adding ";
+"API key" = "API key";
+"API region" = "API region";
+"API token" = "API token";
+"API tokens" = "API tokens";
+"About" = "About";
+"Account" = "Account";
+"Accounts" = "Accounts";
+"Accounts subtitle" = "Accounts subtitle";
+"Active" = "Active";
+"Add" = "Add";
+"Add Workspace" = "Add Workspace";
+"Advanced" = "Advanced";
+"All" = "All";
+"Always allow prompts" = "Always allow prompts";
+"Animation pattern" = "Animation pattern";
+"Antigravity login is managed in the app" = "Antigravity login is managed in the app";
+"Applies only to the Security.framework OAuth keychain reader." = "Applies only to the Security.framework OAuth keychain reader.";
+"Auto falls back to the next source if the preferred one fails." = "Auto falls back to the next source if the preferred one fails.";
+"Auto uses API first, then falls back to CLI on auth failures." = "Auto uses API first, then falls back to CLI on auth failures.";
+"Auto-detect" = "Auto-detect";
+"Auto-refresh is off; use the menu's Refresh command." = "Auto-refresh is off; use the menu's Refresh command.";
+"Auto-refresh: hourly · Timeout: 10m" = "Auto-refresh: hourly · Timeout: 10m";
+"Automatic" = "Automatic";
+"Automatic imports browser cookies and WorkOS tokens." = "Automatic imports browser cookies and WorkOS tokens.";
+"Automatic imports browser cookies and local storage tokens." = "Automatic imports browser cookies and local storage tokens.";
+"Automatic imports browser cookies for dashboard extras." = "Automatic imports browser cookies for dashboard extras.";
+"Automatic imports browser cookies for the web API." = "Automatic imports browser cookies for the web API.";
+"Automatic imports browser cookies from Model Studio/Bailian." = "Automatic imports browser cookies from Model Studio/Bailian.";
+"Automatic imports browser cookies from admin.mistral.ai." = "Automatic imports browser cookies from admin.mistral.ai.";
+"Automatic imports browser cookies from opencode.ai." = "Automatic imports browser cookies from opencode.ai.";
+"Automatic imports browser cookies or stored sessions." = "Automatic imports browser cookies or stored sessions.";
+"Automatic imports browser cookies." = "Automatic imports browser cookies.";
+"Automatically imports browser session cookie." = "Automatically imports browser session cookie.";
+"Automatically opens CodexBar when you start your Mac." = "Automatically opens CodexBar when you start your Mac.";
+"Automation" = "Automation";
+"Average (\\(label1) + \\(label2))" = "Average (\\(label1) + \\(label2))";
+"Average (\\(metadata.sessionLabel) + \\(metadata.weeklyLabel))" = "Average (\\(metadata.sessionLabel) + \\(metadata.weeklyLabel))";
+"Avoid Keychain prompts" = "Avoid Keychain prompts";
+"Balance" = "Balance";
+"Battery Saver" = "Battery Saver";
+"Bordered" = "Bordered";
+"Build" = "Build";
+"Built \\(buildTimestamp)" = "Built \\(buildTimestamp)";
+"Buy Credits..." = "Buy Credits...";
+"Buy Credits…" = "Buy Credits…";
+"CLI paths" = "CLI paths";
+"CLI sessions" = "CLI sessions";
+"Caches" = "Caches";
+"Cancel" = "Cancel";
+"Check for Updates…" = "Check for Updates…";
+"Check for updates automatically" = "Check for updates automatically";
+"Check if you like your agents having some fun up there." = "Check if you like your agents having some fun up there.";
+"Check provider status" = "Check provider status";
+"Choose Codex workspace" = "Choose Codex workspace";
+"Choose the MiniMax host (global .io or China mainland .com)." = "Choose the MiniMax host (global .io or China mainland .com).";
+"Choose up to " = "Choose up to ";
+"Choose up to \\(Self.maxOverviewProviders) providers" = "Choose up to \\(Self.maxOverviewProviders) providers";
+"Choose up to \\(count) providers" = "Choose up to \\(count) providers";
+"Choose what to show in the menu bar (Pace shows usage vs. expected)." = "Choose what to show in the menu bar (Pace shows usage vs. expected).";
+"Choose which Codex account CodexBar should follow." = "Choose which Codex account CodexBar should follow.";
+"Choose which window drives the menu bar percent." = "Choose which window drives the menu bar percent.";
+"Chrome" = "Chrome";
+"Claude CLI not found" = "Claude CLI not found";
+"Claude binary" = "Claude binary";
+"Claude cookies" = "Claude cookies";
+"Claude login failed" = "Claude login failed";
+"Claude login timed out" = "Claude login timed out";
+"Close" = "Close";
+"Code review" = "Code review";
+"Codex CLI not found" = "Codex CLI not found";
+"Codex account login already running" = "Codex account login already running";
+"Codex binary" = "Codex binary";
+"Codex login failed" = "Codex login failed";
+"Codex login timed out" = "Codex login timed out";
+"CodexBar Lifecycle Keepalive" = "CodexBar Lifecycle Keepalive";
+"CodexBar can't show its menu bar icon" = "CodexBar can't show its menu bar icon";
+"CodexBar could not read managed account storage. " = "CodexBar could not read managed account storage. ";
+"Configure…" = "Configure…";
+"Connected" = "Connected";
+"Controls how much detail is logged." = "Controls how much detail is logged.";
+"Cookie header" = "Cookie header";
+"Cookie source" = "Cookie source";
+"Cookie: ..." = "Cookie: ...";
+"Cookie: \\u{2026}\\\n\\\nor paste a cURL capture from the Abacus AI dashboard" = "Cookie: \\u{2026}\\\n\\\nor paste a cURL capture from the Abacus AI dashboard";
+"Cookie: \\u{2026}\\\n\\\nor paste the __Secure-next-auth.session-token value" = "Cookie: \\u{2026}\\\n\\\nor paste the __Secure-next-auth.session-token value";
+"Cookie: \\u{2026}\\\n\\\nor paste the kimi-auth token value" = "Cookie: \\u{2026}\\\n\\\nor paste the kimi-auth token value";
+"Cookie: …" = "Cookie: …";
+"CopilotDeviceFlow" = "CopilotDeviceFlow";
+"Cost" = "Cost";
+"Could not add Codex account" = "Could not add Codex account";
+"Could not open Terminal for Gemini" = "Could not open Terminal for Gemini";
+"Could not start claude /login" = "Could not start claude /login";
+"Could not start codex login" = "Could not start codex login";
+"Could not switch system account" = "Could not switch system account";
+"Credits" = "Credits";
+"Credits history" = "Credits history";
+"Cursor login failed" = "Cursor login failed";
+"Custom" = "Custom";
+"Custom Path" = "Custom Path";
+"Daily Routines" = "Daily Routines";
+"Debug" = "Debug";
+"Default" = "Default";
+"Disable Keychain access" = "Disable Keychain access";
+"Disabled" = "Disabled";
+"Dismiss" = "Dismiss";
+"Disconnected" = "Disconnected";
+"Display" = "Display";
+"Display mode" = "Display mode";
+"Display reset times as absolute clock values instead of countdowns." = "Display reset times as absolute clock values instead of countdowns.";
+"Done" = "Done";
+"Effective PATH" = "Effective PATH";
+"Email" = "Email";
+"Enable Merge Icons to configure Overview tab providers." = "Enable Merge Icons to configure Overview tab providers.";
+"Enable file logging" = "Enable file logging";
+"Enabled" = "Enabled";
+"Error" = "Error";
+"Error simulation" = "Error simulation";
+"Expose troubleshooting tools in the Debug tab." = "Expose troubleshooting tools in the Debug tab.";
+"Failed" = "Failed";
+"False" = "False";
+"Fetch strategy attempts" = "Fetch strategy attempts";
+"Fetching" = "Fetching";
+"Field" = "Field";
+"Field subtitle" = "Field subtitle";
+"Finish the current managed account change before switching the system account." = "Finish the current managed account change before switching the system account.";
+"Force animation on next refresh" = "Force animation on next refresh";
+"Gateway region" = "Gateway region";
+"Gemini CLI not found" = "Gemini CLI not found";
+"Gemini/Antigravity, surfacing incidents in the icon and menu." = "Gemini/Antigravity, surfacing incidents in the icon and menu.";
+"General" = "General";
+"GitHub" = "GitHub";
+"GitHub Copilot Login" = "GitHub Copilot Login";
+"GitHub Login" = "GitHub Login";
+"Hide details" = "Hide details";
+"Hide personal information" = "Hide personal information";
+"Historical tracking" = "Historical tracking";
+"How often CodexBar polls providers in the background." = "How often CodexBar polls providers in the background.";
+"Inactive" = "Inactive";
+"Install CLI" = "Install CLI";
+"Install the Claude CLI (npm i -g @anthropic-ai/claude-code) and try again." = "Install the Claude CLI (npm i -g @anthropic-ai/claude-code) and try again.";
+"Install the Codex CLI (npm i -g @openai/codex) and try again." = "Install the Codex CLI (npm i -g @openai/codex) and try again.";
+"Install the Gemini CLI (npm i -g @google/gemini-cli) and try again." = "Install the Gemini CLI (npm i -g @google/gemini-cli) and try again.";
+"JetBrains AI is ready" = "JetBrains AI is ready";
+"JetBrains IDE" = "JetBrains IDE";
+"Keep CLI sessions alive" = "Keep CLI sessions alive";
+"Keyboard shortcut" = "Keyboard shortcut";
+"Keychain access" = "Keychain access";
+"Keychain prompt policy" = "Keychain prompt policy";
+"Last \\(name) fetch failed:" = "Last \\(name) fetch failed:";
+"Last \\(self.store.metadata(for: self.provider).displayName) fetch failed:" = "Last \\(self.store.metadata(for: self.provider).displayName) fetch failed:";
+"Last attempt" = "Last attempt";
+"Link" = "Link";
+"Loading animations" = "Loading animations";
+"Loading…" = "Loading…";
+"Local" = "Local";
+"Logging" = "Logging";
+"Login failed" = "Login failed";
+"Login shell PATH (startup capture)" = "Login shell PATH (startup capture)";
+"Login timed out" = "Login timed out";
+"MCP details" = "MCP details";
+"Managed Codex accounts unavailable" = "Managed Codex accounts unavailable";
+"Managed account storage is unreadable. Live account access is still available, " = "Managed account storage is unreadable. Live account access is still available, ";
+"Manual" = "Manual";
+"May your tokens never run out—keep agent limits in view." = "May your tokens never run out—keep agent limits in view.";
+"Menu bar" = "Menu bar";
+"Menu bar auto-shows the provider closest to its rate limit." = "Menu bar auto-shows the provider closest to its rate limit.";
+"Menu bar metric" = "Menu bar metric";
+"Menu bar shows percent" = "Menu bar shows percent";
+"Menu content" = "Menu content";
+"Merge Icons" = "Merge Icons";
+"Never prompt" = "Never prompt";
+"No" = "No";
+"No Codex accounts detected yet." = "No Codex accounts detected yet.";
+"No JetBrains IDE detected" = "No JetBrains IDE detected";
+"No cost history data." = "No cost history data.";
+"No data available" = "No data available";
+"No data yet" = "No data yet";
+"No enabled providers available for Overview." = "No enabled providers available for Overview.";
+"No providers selected" = "No providers selected";
+"No token accounts yet." = "No token accounts yet.";
+"No usage breakdown data." = "No usage breakdown data.";
+"None" = "None";
+"Notifications" = "Notifications";
+"Notifies when the 5-hour session quota hits 0% and when it becomes " = "Notifies when the 5-hour session quota hits 0% and when it becomes ";
+"OK" = "OK";
+"Obscure email addresses in the menu bar and menu UI." = "Obscure email addresses in the menu bar and menu UI.";
+"Off" = "Off";
+"Offline" = "Offline";
+"On" = "On";
+"Online" = "Online";
+"Only on user action" = "Only on user action";
+"Open" = "Open";
+"Open API Keys" = "Open API Keys";
+"Open Amp Settings" = "Open Amp Settings";
+"Open Antigravity to sign in, then refresh CodexBar." = "Open Antigravity to sign in, then refresh CodexBar.";
+"Open Browser" = "Open Browser";
+"Open Coding Plan" = "Open Coding Plan";
+"Open Console" = "Open Console";
+"Open Dashboard" = "Open Dashboard";
+"Open Mistral Admin" = "Open Mistral Admin";
+"Open Menu Bar Settings" = "Open Menu Bar Settings";
+"Open Ollama Settings" = "Open Ollama Settings";
+"Open Terminal" = "Open Terminal";
+"Open Usage Page" = "Open Usage Page";
+"Open Warp API Key Guide" = "Open Warp API Key Guide";
+"Open menu" = "Open menu";
+"Open token file" = "Open token file";
+"OpenAI cookies" = "OpenAI cookies";
+"OpenAI web extras" = "OpenAI web extras";
+"Option A" = "Option A";
+"Option B" = "Option B";
+"Optional override if workspace lookup fails." = "Optional override if workspace lookup fails.";
+"Options" = "Options";
+"Override auto-detection with a custom IDE base path" = "Override auto-detection with a custom IDE base path";
+"Overview" = "Overview";
+"Overview rows always follow provider order." = "Overview rows always follow provider order.";
+"Overview tab providers" = "Overview tab providers";
+"Paste API key…" = "Paste API key…";
+"Paste API token…" = "Paste API token…";
+"Paste key…" = "Paste key…";
+"Paste sessionKey or OAuth token…" = "Paste sessionKey or OAuth token…";
+"Paste the Cookie header from a request to admin.mistral.ai. " = "Paste the Cookie header from a request to admin.mistral.ai. ";
+"Paste token…" = "Paste token…";
+"Personal" = "Personal";
+"Picker" = "Picker";
+"Picker subtitle" = "Picker subtitle";
+"Placeholder" = "Placeholder";
+"Plan" = "Plan";
+"Play full-screen confetti when weekly usage resets." = "Play full-screen confetti when weekly usage resets.";
+"Polls OpenAI/Claude status pages and Google Workspace for " = "Polls OpenAI/Claude status pages and Google Workspace for ";
+"Prevents any Keychain access while enabled." = "Prevents any Keychain access while enabled.";
+"Primary (API key limit)" = "Primary (API key limit)";
+"Primary (\\(label))" = "Primary (\\(label))";
+"Primary (\\(metadata.sessionLabel))" = "Primary (\\(metadata.sessionLabel))";
+"Probe logs" = "Probe logs";
+"Progress bars fill as you consume quota (instead of showing remaining)." = "Progress bars fill as you consume quota (instead of showing remaining).";
+"Provider" = "Provider";
+"Providers" = "Providers";
+"Quit CodexBar" = "Quit CodexBar";
+"Random (default)" = "Random (default)";
+"Reads local usage logs. Shows today + last 30 days cost in the menu." = "Reads local usage logs. Shows today + the selected history window in the menu.";
+"Refresh" = "Refresh";
+"Refresh cadence" = "Refresh cadence";
+"Remote" = "Remote";
+"Remove" = "Remove";
+"Remove Codex account?" = "Remove Codex account?";
+"Remove \\(account.email) from CodexBar? Its managed Codex home will be deleted." = "Remove \\(account.email) from CodexBar? Its managed Codex home will be deleted.";
+"Remove \\(email) from CodexBar? Its managed Codex home will be deleted." = "Remove \\(email) from CodexBar? Its managed Codex home will be deleted.";
+"Remove selected account" = "Remove selected account";
+"Replace critter bars with provider branding icons and a percentage." = "Replace critter bars with provider branding icons and a percentage.";
+"Replay selected animation" = "Replay selected animation";
+"Requires authentication via GitHub Device Flow." = "Requires authentication via GitHub Device Flow.";
+"Resets: \\(reset)" = "Resets: \\(reset)";
+"Rolling five-hour limit" = "Rolling five-hour limit";
+"Search hourly" = "Search hourly";
+"Secondary (\\(label))" = "Secondary (\\(label))";
+"Secondary (\\(metadata.weeklyLabel))" = "Secondary (\\(metadata.weeklyLabel))";
+"Select a provider" = "Select a provider";
+"Select the IDE to monitor" = "Select the IDE to monitor";
+"Session quota notifications" = "Session quota notifications";
+"Session tokens" = "Session tokens";
+"Settings" = "Settings";
+"Show Codex Credits and Claude Extra usage sections in the menu." = "Show Codex Credits and Claude Extra usage sections in the menu.";
+"Show Debug Settings" = "Show Debug Settings";
+"Show all token accounts" = "Show all token accounts";
+"Show cost summary" = "Show cost summary";
+"Show credits + extra usage" = "Show credits + extra usage";
+"Show details" = "Show details";
+"Show most-used provider" = "Show most-used provider";
+"Show provider icons in the switcher (otherwise show a weekly progress line)." = "Show provider icons in the switcher (otherwise show a weekly progress line).";
+"Show reset time as clock" = "Show reset time as clock";
+"Show usage as used" = "Show usage as used";
+"Sign in via button below" = "Sign in via button below";
+"Skip teardown between probes (debug-only)." = "Skip teardown between probes (debug-only).";
+"Stack token accounts in the menu (otherwise show an account switcher bar)." = "Stack token accounts in the menu (otherwise show an account switcher bar).";
+"Start at Login" = "Start at Login";
+"Status" = "Status";
+"Store Claude sessionKey cookies or OAuth access tokens." = "Store Claude sessionKey cookies or OAuth access tokens.";
+"Store multiple Abacus AI Cookie headers." = "Store multiple Abacus AI Cookie headers.";
+"Store multiple Augment Cookie headers." = "Store multiple Augment Cookie headers.";
+"Store multiple Cursor Cookie headers." = "Store multiple Cursor Cookie headers.";
+"Store multiple Factory Cookie headers." = "Store multiple Factory Cookie headers.";
+"Store multiple MiniMax Cookie headers." = "Store multiple MiniMax Cookie headers.";
+"Store multiple Mistral Cookie headers." = "Store multiple Mistral Cookie headers.";
+"Store multiple Ollama Cookie headers." = "Store multiple Ollama Cookie headers.";
+"Store multiple OpenCode Cookie headers." = "Store multiple OpenCode Cookie headers.";
+"Store multiple OpenCode Go Cookie headers." = "Store multiple OpenCode Go Cookie headers.";
+"Stored in the CodexBar config file." = "Stored in the CodexBar config file.";
+"Stored in ~/.codexbar/config.json. " = "Stored in ~/.codexbar/config.json. ";
+"Stored in ~/.codexbar/config.json. Generate one at kimi-k2.ai." = "Stored in ~/.codexbar/config.json. Generate one at kimi-k2.ai.";
+"Stored in ~/.codexbar/config.json. Paste the key from the Synthetic dashboard." = "Stored in ~/.codexbar/config.json. Paste the key from the Synthetic dashboard.";
+"Stored in ~/.codexbar/config.json. Paste your Coding Plan API key from Model Studio." = "Stored in ~/.codexbar/config.json. Paste your Coding Plan API key from Model Studio.";
+"Stored in ~/.codexbar/config.json. Paste your MiniMax API key." = "Stored in ~/.codexbar/config.json. Paste your MiniMax API key.";
+"Stored in ~/.codexbar/config.json. You can also provide KILO_API_KEY or " = "Stored in ~/.codexbar/config.json. You can also provide KILO_API_KEY or ";
+"Stores local Codex usage history (8 weeks) to personalize Pace predictions." = "Stores local Codex usage history (8 weeks) to personalize Pace predictions.";
+"Subscription Utilization" = "Subscription Utilization";
+"Surprise me" = "Surprise me";
+"Switcher shows icons" = "Switcher shows icons";
+"Symlink CodexBarCLI to /usr/local/bin and /opt/homebrew/bin as codexbar." = "Symlink CodexBarCLI to /usr/local/bin and /opt/homebrew/bin as codexbar.";
+"System" = "System";
+"Temporarily shows the loading animation after the next refresh." = "Temporarily shows the loading animation after the next refresh.";
+"Tertiary (\\(label))" = "Tertiary (\\(label))";
+"Tertiary (\\(tertiaryTitle))" = "Tertiary (\\(tertiaryTitle))";
+"The default Codex account on this Mac." = "The default Codex account on this Mac.";
+"Toggle" = "Toggle";
+"Toggle subtitle" = "Toggle subtitle";
+"Token" = "Token";
+"Trigger the menu bar menu from anywhere." = "Trigger the menu bar menu from anywhere.";
+"True" = "True";
+"Twitter" = "Twitter";
+"Unsupported" = "Unsupported";
+"Update Channel" = "Update Channel";
+"Updated" = "Updated";
+"Updates unavailable in this build." = "Updates unavailable in this build.";
+"Usage" = "Usage";
+"Usage breakdown" = "Usage breakdown";
+"Usage history (30 days)" = "Usage history";
+"Usage source" = "Usage source";
+"Use BigModel for the China mainland endpoints (open.bigmodel.cn)." = "Use BigModel for the China mainland endpoints (open.bigmodel.cn).";
+"Use a single menu bar icon with a provider switcher." = "Use a single menu bar icon with a provider switcher.";
+"Use international or China mainland console gateways for quota fetches." = "Use international or China mainland console gateways for quota fetches.";
+"Version" = "Version";
+"Version \\(self.versionString)" = "Version \\(self.versionString)";
+"Version \\(version)" = "Version \\(version)";
+"Version \\(versionString)" = "Version \\(versionString)";
+"Vertex AI Login" = "Vertex AI Login";
+"Wait for the current managed Codex login to finish before adding another account." = "Wait for the current managed Codex login to finish before adding another account.";
+"Waiting for Authentication..." = "Waiting for Authentication...";
+"Website" = "Website";
+"Weekly limit confetti" = "Weekly limit confetti";
+"Weekly token limit" = "Weekly token limit";
+"Weekly usage" = "Weekly usage";
+"Weekly usage unavailable for this account." = "Weekly usage unavailable for this account.";
+"Window: \\(window)" = "Window: \\(window)";
+"Write logs to \\(self.fileLogPath) for debugging." = "Write logs to \\(self.fileLogPath) for debugging.";
+"Yes" = "Yes";
+"\\(detail.modelCode): \\(usage)" = "\\(detail.modelCode): \\(usage)";
+"\\(name): \\(truncated)" = "\\(name): \\(truncated)";
+"\\(name): \\(updated) · 30d \\(cost)" = "\\(name): \\(updated) · 30d \\(cost)";
+"\\(name): fetching…\\(elapsed)" = "\\(name): fetching…\\(elapsed)";
+"\\(name): last attempt \\(when)" = "\\(name): last attempt \\(when)";
+"\\(name): no data yet" = "\\(name): no data yet";
+"\\(name): unsupported" = "\\(name): unsupported";
+"all browsers" = "all browsers";
+"available again." = "available again.";
+"built_format" = "Built %@";
+"copilot_complete_in_browser" = "Complete sign in in your browser.";
+"copilot_device_code" = "Device code copied to clipboard: %1$@\n\nVerify at: %2$@";
+"copilot_device_code_copied" = "Device code copied.";
+"copilot_verify_at" = "Verify at %@";
+"copilot_waiting_text" = "Complete sign in in your browser.\nThis window closes automatically when sign-in completes.";
+"copilot_window_closes_auto" = "This window closes automatically when sign-in completes.";
+"cost_status_error" = "%1$@: %2$@";
+"cost_status_fetching" = "%1$@: fetching… %2$@";
+"cost_status_last_attempt" = "%1$@: last attempt %2$@";
+"cost_status_no_data" = "%@: no data yet";
+"cost_status_snapshot" = "%1$@: %2$@ · %3$@ %4$@";
+"cost_status_unsupported" = "%@: unsupported";
+"credits_remaining" = "Credits: %@";
+"cursor_on_demand" = "On-demand: %@";
+"cursor_on_demand_with_limit" = "On-demand: %1$@ / %2$@";
+"extra_usage_format" = "Extra usage: %1$@ / %2$@";
+"jetbrains_detected_generate" = "Detected: %@. Use the AI assistant once to generate quota data, then refresh CodexBar.";
+"jetbrains_detected_select" = "Detected: %@. Select your preferred IDE in Settings, then refresh CodexBar.";
+"last_fetch_failed_with_provider" = "Last %@ fetch failed:";
+"last_spend" = "Last spend: %@";
+"mcp_model_usage" = "%1$@: %2$@";
+"mcp_resets" = "Resets: %@";
+"mcp_window" = "Window: %@";
+"metric_average" = "Average (%1$@ + %2$@)";
+"metric_primary" = "Primary (%@)";
+"metric_secondary" = "Secondary (%@)";
+"metric_tertiary" = "Tertiary (%@)";
+"multiple_workspaces_found" = "CodexBar found multiple workspaces for %@. Please choose the workspace to add.";
+"ory_session_…=…; csrftoken=…" = "ory_session_…=…; csrftoken=…";
+"overview_choose_providers" = "Choose up to %@ providers";
+"remove_account_message" = "Remove %@ from CodexBar? Its managed Codex home will be deleted.";
+"version_format" = "Version %@";
+"vertex_ai_login_instructions" = "To track Vertex AI usage, authenticate with Google Cloud.\n\n1. Open Terminal\n2. Run: gcloud auth application-default login\n3. Follow the browser prompts to sign in\n4. Set your project: gcloud config set project PROJECT_ID\n\nOpen Terminal now?";
+"workspaceID is set but only opencode, opencodego, and deepgram support workspaceID." = "workspaceID is set but only opencode, opencodego, and deepgram support workspaceID.";
+"© 2026 Peter Steinberger. MIT License." = "© 2026 Peter Steinberger. MIT License.";
+
+/* General Pane */
+"section_system" = "System";
+"section_usage" = "Usage";
+"section_automation" = "Automation";
+"language_title" = "Language";
+"language_subtitle" = "Change the display language. Requires app restart to take full effect.";
+"language_system" = "System";
+"language_english" = "English";
+"language_spanish" = "Español";
+"language_catalan" = "Català";
+"language_chinese_simplified" = "简体中文";
+"language_chinese_traditional" = "繁體中文";
+"language_portuguese_brazilian" = "Português (Brasil)";
+"language_swedish" = "Svenska";
+"start_at_login_title" = "Start at Login";
+"start_at_login_subtitle" = "Automatically opens CodexBar when you start your Mac.";
+"show_cost_summary" = "Show cost summary";
+"show_cost_summary_subtitle" = "Reads local usage logs. Shows today + the selected history window in the menu.";
+"cost_history_days_title" = "History window: %d days";
+"cost_auto_refresh_info" = "Auto-refresh: hourly · Timeout: 10m";
+"refresh_cadence_title" = "Refresh cadence";
+"refresh_cadence_subtitle" = "How often CodexBar polls providers in the background.";
+"manual_refresh_hint" = "Auto-refresh is off; use the menu's Refresh command.";
+"check_provider_status_title" = "Check provider status";
+"check_provider_status_subtitle" = "Polls OpenAI/Claude status pages and Google Workspace for Gemini/Antigravity, surfacing incidents in the icon and menu.";
+"session_quota_notifications_title" = "Session quota notifications";
+"session_quota_notifications_subtitle" = "Notifies when the 5-hour session quota hits 0% and when it becomes available again.";
+"quota_warning_notifications_title" = "Quota warning notifications";
+"quota_warning_notifications_subtitle" = "Warns when session or weekly quota remaining crosses configured thresholds.";
+"quota_warnings_title" = "Quota warnings";
+"quota_warning_session" = "session";
+"quota_warning_session_capitalized" = "Session";
+"quota_warning_weekly" = "weekly";
+"quota_warning_weekly_capitalized" = "Weekly";
+"quota_warning_notification_title" = "%1$@ %2$@ quota low";
+"quota_warning_notification_body" = "%1$@ left. Reached your %2$d%% %3$@ warning threshold.";
+"quota_warning_notification_body_with_account" = "Account %1$@. %2$@ left. Reached your %3$d%% %4$@ warning threshold.";
+"session_depleted_notification_title" = "%@ session depleted";
+"session_depleted_notification_body" = "0% left. Will notify when it's available again.";
+"session_restored_notification_title" = "%@ session restored";
+"session_restored_notification_body" = "Session quota is available again.";
+"quota_warning_warn_at" = "Warn at";
+"quota_warning_global_threshold_subtitle" = "Remaining percentages for session and weekly windows unless a provider overrides them.";
+"quota_warning_sound" = "Play notification sound";
+"quota_warning_provider_inherits" = "Uses the global quota warning settings unless a window is customized here.";
+"quota_warning_customize_thresholds" = "Customize %@ thresholds";
+"quota_warning_enable_warnings" = "Enable %@ warnings";
+"quota_warning_window_warn_at" = "%@ warn at";
+"quota_warning_off" = "Off";
+"quota_warning_inherited" = "Inherited: %@";
+"quota_warning_depleted_only" = "depleted only";
+"quota_warning_upper" = "Upper";
+"quota_warning_lower" = "Lower";
+"apply" = "Apply";
+"quit_app" = "Quit CodexBar";
+
+/* Tab titles */
+"tab_general" = "General";
+"tab_providers" = "Providers";
+"tab_display" = "Display";
+"tab_advanced" = "Advanced";
+"tab_about" = "About";
+"tab_debug" = "Debug";
+
+/* Providers Pane */
+"select_a_provider" = "Select a provider";
+"cancel" = "Cancel";
+"last_fetch_failed" = "last fetch failed";
+"usage_not_fetched_yet" = "usage not fetched yet";
+"managed_account_storage_unreadable" = "Managed account storage is unreadable. Live account access is still available, but managed add, re-auth, and remove actions are disabled until the store is recoverable.";
+"remove_codex_account_title" = "Remove Codex account?";
+"remove" = "Remove";
+"managed_login_already_running" = "A managed Codex login is already running. Wait for it to finish before adding or re-authenticating another account.";
+"managed_login_failed" = "Managed Codex login did not complete. Verify that `codex --version` works in Terminal. If macOS blocked or moved `codex` to Trash, remove stale duplicate installs, run `npm install -g --include=optional @openai/codex@latest`, then try again.";
+"codex_login_output" = "codex login output:";
+"managed_login_missing_email" = "Codex login completed, but no account email was available. Try again after confirming the account is fully signed in.";
+"login_success_notification_title" = "%@ login successful";
+"login_success_notification_body" = "You can return to the app; authentication finished.";
+"workspace_selection_cancelled" = "CodexBar found multiple workspaces, but no workspace was selected.";
+"unsafe_managed_home" = "CodexBar refused to modify an unexpected managed home path: %@";
+"menu_bar_metric_title" = "Menu bar metric";
+"menu_bar_metric_subtitle" = "Choose which window drives the menu bar percent.";
+"menu_bar_metric_subtitle_deepseek" = "Shows the DeepSeek balance in the menu bar.";
+"menu_bar_metric_subtitle_moonshot" = "Shows the Moonshot / Kimi API balance in the menu bar.";
+"menu_bar_metric_subtitle_mistral" = "Shows current-month Mistral API spend in the menu bar.";
+"menu_bar_metric_subtitle_kimik2" = "Shows Kimi K2 API-key credits in the menu bar.";
+"automatic" = "Automatic";
+"primary_api_key_limit" = "Primary (API key limit)";
+
+/* Display Pane */
+"section_menu_bar" = "Menu bar";
+"merge_icons_title" = "Merge Icons";
+"merge_icons_subtitle" = "Use a single menu bar icon with a provider switcher.";
+"switcher_shows_icons_title" = "Switcher shows icons";
+"switcher_shows_icons_subtitle" = "Show provider icons in the switcher (otherwise show a weekly progress line).";
+"show_most_used_provider_title" = "Show most-used provider";
+"show_most_used_provider_subtitle" = "Menu bar auto-shows the provider closest to its rate limit.";
+"menu_bar_shows_percent_title" = "Menu bar shows percent";
+"menu_bar_shows_percent_subtitle" = "Replace critter bars with provider branding icons and a percentage.";
+"display_mode_title" = "Display mode";
+"display_mode_subtitle" = "Choose what to show in the menu bar (Pace shows usage vs. expected).";
+"section_menu_content" = "Menu content";
+"show_usage_as_used_title" = "Show usage as used";
+"show_usage_as_used_subtitle" = "Progress bars fill as you consume quota (instead of showing remaining).";
+"show_quota_warning_markers_title" = "Show quota warning markers";
+"show_quota_warning_markers_subtitle" = "Draw threshold tick marks on usage bars when quota warnings are configured.";
+"weekly_progress_work_days_title" = "Weekly progress work days";
+"weekly_progress_work_days_subtitle" = "Draw day-boundary tick marks on weekly usage bars.";
+"show_reset_time_as_clock_title" = "Show reset time as clock";
+"show_reset_time_as_clock_subtitle" = "Display reset times as absolute clock values instead of countdowns.";
+"show_provider_changelog_links_title" = "Show provider changelog links";
+"show_provider_changelog_links_subtitle" = "Adds release-notes links for supported CLI-backed providers to the menu.";
+"show_credits_extra_usage_title" = "Show credits + extra usage";
+"show_credits_extra_usage_subtitle" = "Show Codex Credits and Claude Extra usage sections in the menu.";
+"show_all_token_accounts_title" = "Show all token accounts";
+"show_all_token_accounts_subtitle" = "Stack token accounts in the menu (otherwise show an account switcher bar).";
+"multi_account_layout_title" = "Multi-account layout";
+"multi_account_layout_subtitle" = "Choose segmented account switching or stacked account cards.";
+"multi_account_layout_segmented" = "Segmented";
+"multi_account_layout_stacked" = "Stacked";
+"overview_tab_providers_title" = "Overview tab providers";
+"configure" = "Configure…";
+"overview_enable_merge_icons_hint" = "Enable Merge Icons to configure Overview tab providers.";
+"overview_no_providers_hint" = "No enabled providers available for Overview.";
+"overview_rows_follow_order" = "Overview rows always follow provider order.";
+"overview_no_providers_selected" = "No providers selected";
+
+/* Advanced Pane */
+"section_keyboard_shortcut" = "Keyboard shortcut";
+"open_menu_shortcut_title" = "Open menu";
+"open_menu_shortcut_subtitle" = "Trigger the menu bar menu from anywhere.";
+"install_cli" = "Install CLI";
+"install_cli_subtitle" = "Symlink CodexBarCLI to /usr/local/bin and /opt/homebrew/bin as codexbar.";
+"cli_not_found" = "CodexBarCLI not found in app bundle.";
+"no_writable_bin_dirs" = "No writable bin dirs found.";
+"show_debug_settings_title" = "Show Debug Settings";
+"show_debug_settings_subtitle" = "Expose troubleshooting tools in the Debug tab.";
+"surprise_me_title" = "Surprise me";
+"surprise_me_subtitle" = "Check if you like your agents having some fun up there.";
+"weekly_limit_confetti_title" = "Weekly limit confetti";
+"weekly_limit_confetti_subtitle" = "Play full-screen confetti when weekly usage resets.";
+"hide_personal_info_title" = "Hide personal information";
+"hide_personal_info_subtitle" = "Obscure email addresses in the menu bar and menu UI.";
+"show_provider_storage_usage_title" = "Show provider storage usage";
+"show_provider_storage_usage_subtitle" = "Show local disk usage in menus. Scans known provider-owned paths in the background.";
+"section_keychain_access" = "Keychain access";
+"keychain_access_caption" = "Disable all Keychain reads and writes. Use this if macOS keeps prompting for 'Chrome/Brave/Edge Safe Storage' even after clicking Always Allow. Browser cookie import is unavailable while enabled; paste Cookie headers manually in Providers. Claude/Codex OAuth via the CLI still works.";
+"disable_keychain_access_title" = "Disable Keychain access";
+"disable_keychain_access_subtitle" = "Prevents any Keychain access while enabled.";
+
+/* About Pane */
+"about_tagline" = "May your tokens never run out—keep agent limits in view.";
+"link_github" = "GitHub";
+"link_website" = "Website";
+"link_twitter" = "Twitter";
+"link_email" = "Email";
+"check_updates_auto" = "Check for updates automatically";
+"update_channel" = "Update Channel";
+"check_for_updates" = "Check for Updates…";
+"updates_unavailable" = "Updates unavailable in this build.";
+"copyright" = "© 2026 Peter Steinberger. MIT License.";
+
+/* Debug Pane */
+"section_logging" = "Logging";
+"enable_file_logging" = "Enable file logging";
+"enable_file_logging_subtitle" = "Write logs to %@ for debugging.";
+"verbosity_title" = "Verbosity";
+"verbosity_subtitle" = "Controls how much detail is logged.";
+"open_log_file" = "Open log file";
+"force_animation_next_refresh" = "Force animation on next refresh";
+"force_animation_next_refresh_subtitle" = "Temporarily shows the loading animation after the next refresh.";
+"section_loading_animations" = "Loading animations";
+"loading_animations_caption" = "Pick a pattern and replay it in the menu bar. \"Random\" keeps the existing behavior.";
+"animation_random_default" = "Random (default)";
+"replay_selected_animation" = "Replay selected animation";
+"blink_now" = "Blink now";
+"section_probe_logs" = "Probe logs";
+"probe_logs_caption" = "Fetch the latest probe output for debugging; Copy keeps the full text.";
+"fetch_log" = "Fetch log";
+"copy" = "Copy";
+"save_to_file" = "Save to file";
+"load_parse_dump" = "Load parse dump";
+"rerun_provider_autodetect" = "Re-run provider autodetect";
+"loading" = "Loading…";
+"no_log_yet_fetch" = "No log yet. Fetch to load.";
+"section_fetch_strategy" = "Fetch strategy attempts";
+"fetch_strategy_caption" = "Last fetch pipeline decisions and errors for a provider.";
+"section_openai_cookies" = "OpenAI cookies";
+"openai_cookies_caption" = "Cookie import + WebKit scrape logs from the last OpenAI cookies attempt.";
+"no_log_yet" = "No log yet. Update OpenAI cookies in Providers → Codex to run an import.";
+"section_caches" = "Caches";
+"caches_caption" = "Clear cached cost scan results or browser cookie caches.";
+"clear_cookie_cache" = "Clear cookie cache";
+"clear_cost_cache" = "Clear cost cache";
+"section_notifications" = "Notifications";
+"notifications_caption" = "Trigger test notifications for the 5-hour session window (depleted/restored).";
+"post_depleted" = "Post depleted";
+"post_restored" = "Post restored";
+"section_cli_sessions" = "CLI sessions";
+"cli_sessions_caption" = "Keep Codex/Claude CLI sessions alive after a probe. Default exits once data is captured.";
+"keep_cli_sessions_alive" = "Keep CLI sessions alive";
+"keep_cli_sessions_alive_subtitle" = "Skip teardown between probes (debug-only).";
+"reset_cli_sessions" = "Reset CLI sessions";
+"section_error_simulation" = "Error simulation";
+"error_simulation_caption" = "Inject a fake error message into the menu card for layout testing.";
+"set_menu_error" = "Set menu error";
+"clear_menu_error" = "Clear menu error";
+"set_cost_error" = "Set cost error";
+"clear_cost_error" = "Clear cost error";
+"section_cli_paths" = "CLI paths";
+"cli_paths_caption" = "Resolved Codex binary and PATH layers; startup login PATH capture (short timeout).";
+"codex_binary" = "Codex binary";
+"claude_binary" = "Claude binary";
+"effective_path" = "Effective PATH";
+"unavailable" = "Unavailable";
+"login_shell_path" = "Login shell PATH (startup capture)";
+"cleared" = "Cleared.";
+"no_fetch_attempts" = "No fetch attempts yet.";
+"macOS Tahoe can block menu bar apps in System Settings → Menu Bar → Allow in the Menu Bar. CodexBar is running, but macOS may be hiding its icon. Open Menu Bar settings and turn CodexBar on." = "macOS Tahoe can block menu bar apps in System Settings → Menu Bar → Allow in the Menu Bar. CodexBar is running, but macOS may be hiding its icon. Open Menu Bar settings and turn CodexBar on.";
+
+/* Metric preferences */
+"metric_pref_automatic" = "Automatic";
+"metric_pref_primary" = "Primary";
+"metric_pref_secondary" = "Secondary";
+"metric_pref_tertiary" = "Tertiary";
+"metric_pref_extra_usage" = "Extra usage";
+"metric_pref_average" = "Average";
+
+/* Display modes */
+"display_mode_percent" = "Percent";
+"display_mode_pace" = "Pace";
+"display_mode_both" = "Both";
+"display_mode_percent_desc" = "Show remaining/used percentage (e.g. 45%)";
+"display_mode_pace_desc" = "Show pace indicator (e.g. +5%)";
+"display_mode_both_desc" = "Show both percentage and pace (e.g. 45% · +5%)";
+
+/* Provider status */
+"status_operational" = "Operational";
+"status_partial_outage" = "Partial outage";
+"status_major_outage" = "Major outage";
+"status_critical_issue" = "Critical issue";
+"status_maintenance" = "Maintenance";
+"status_unknown" = "Status unknown";
+
+/* Refresh frequency */
+"refresh_manual" = "Manual";
+"refresh_1min" = "1 min";
+"refresh_2min" = "2 min";
+"refresh_5min" = "5 min";
+"refresh_15min" = "15 min";
+"refresh_30min" = "30 min";
+
+/* Additional keys */
+"not_found" = "Not found";
+
+/* Cost estimation */
+"cost_header_estimated" = "Cost (estimated)";
+"cost_estimate_hint" = "Estimated from local logs · may differ from your bill";
+"No JetBrains IDE with AI Assistant detected. Install a JetBrains IDE and enable AI Assistant." = "No JetBrains IDE with AI Assistant detected. Install a JetBrains IDE and enable AI Assistant.";
+"OpenRouter API token not configured. Set OPENROUTER_API_KEY environment variable or configure in Settings." = "OpenRouter API token not configured. Set OPENROUTER_API_KEY environment variable or configure in Settings.";
+"z.ai API token not found. Set apiKey in ~/.codexbar/config.json or Z_AI_API_KEY." = "z.ai API token not found. Set apiKey in ~/.codexbar/config.json or Z_AI_API_KEY.";
+"Missing DeepSeek API key." = "Missing DeepSeek API key.";
+"%@ is unavailable in the current environment." = "%@ is unavailable in the current environment.";
+"All Systems Operational" = "All Systems Operational";
+"Last 30 days" = "Last 30 days";
+"Last 30 days:" = "Last 30 days:";
+"This month" = "This month";
+"Store multiple OpenAI API keys." = "Store multiple OpenAI API keys.";
+"Admin API key" = "Admin API key";
+"Open billing" = "Open billing";
+"Google accounts" = "Google accounts";
+"Store multiple Antigravity Google OAuth accounts for quick switching." = "Store multiple Antigravity Google OAuth accounts for quick switching.";
+"Add Google Account" = "Add Google Account";
+"Open Token Plan" = "Open Token Plan";
+"Text Generation" = "Text Generation";
+"Text to Speech" = "Text to Speech";
+"Music Generation" = "Music Generation";
+"Image Generation" = "Image Generation";
+"No local data found" = "No local data found";
+"Credits unavailable; keep Codex running to refresh." = "Credits unavailable; keep Codex running to refresh.";
+"No available fetch strategy for minimax." = "No available fetch strategy for minimax.";
+"No Cursor session found. Please log in to cursor.com in Safari, Chrome, Microsoft Edge, Brave, Arc, Dia, ChatGPT Atlas, Chromium, Helium, Vivaldi, Yandex Browser, Firefox, Zen, Colibri, Sidekick, Opera, Opera GX, or Edge Canary. If you use Safari, grant CodexBar Full Disk Access in System Settings ▸ Privacy & Security. You can also sign in to Cursor from the CodexBar menu (Add / switch account)." = "No Cursor session found. Please log in to cursor.com in Safari, Chrome, Microsoft Edge, Brave, Arc, Dia, ChatGPT Atlas, Chromium, Helium, Vivaldi, Yandex Browser, Firefox, Zen, Colibri, Sidekick, Opera, Opera GX, or Edge Canary. If you use Safari, grant CodexBar Full Disk Access in System Settings ▸ Privacy & Security. You can also sign in to Cursor from the CodexBar menu (Add / switch account).";
+"No OpenCode session cookies found in browsers." = "No OpenCode session cookies found in browsers.";
+"No available fetch strategy for %@." = "No available fetch strategy for %@.";
+"Today" = "Today";
+"Today tokens" = "Today tokens";
+"30d cost" = "30d cost";
+"30d tokens" = "30d tokens";
+"Latest tokens" = "Latest tokens";
+"Top model" = "Top model";
+"Storage" = "Storage";
+"Add Account..." = "Add Account...";
+"Usage Dashboard" = "Usage Dashboard";
+"Status Page" = "Status Page";
+"Settings..." = "Settings...";
+"About CodexBar" = "About CodexBar";
+"Quit" = "Quit";
+"Last %d day" = "Last %d day";
+"Last %d days" = "Last %d days";
+"%@ tokens" = "%@ tokens";
+"Latest billing day" = "Latest billing day";
+"Latest billing day (%@)" = "Latest billing day (%@)";
+"%@ left" = "%@ left";
+"Resets %@" = "Resets %@";
+"Resets in %@" = "Resets in %@";
+"Resets now" = "Resets now";
+"Lasts until reset" = "Lasts until reset";
+"Updated %@" = "Updated %@";
+"Updated %@h ago" = "Updated %@h ago";
+"Updated %@m ago" = "Updated %@m ago";
+"Updated just now" = "Updated just now";
+"Projected empty in %@" = "Projected empty in %@";
+"Runs out in %@" = "Runs out in %@";
+"Pace: %@" = "Pace: %@";
+"Pace: %@ · %@" = "Pace: %@ · %@";
+"%@ · %@" = "%@ · %@";
+"≈ %d%% run-out risk" = "≈ %d%% run-out risk";
+"%d%% in deficit" = "%d%% in deficit";
+"%d%% in reserve" = "%d%% in reserve";
+"usage_percent_suffix_left" = "left";
+"usage_percent_suffix_used" = "used";
+"Store multiple DeepSeek API keys." = "Store multiple DeepSeek API keys.";
+"This week" = "This week";
+"Week" = "Week";
+"Month" = "Month";
+"Models" = "Models";
+"24h tokens" = "24h tokens";
+"Latest hour" = "Latest hour";
+"Peak hour" = "Peak hour";
+"Top method" = "Top method";
+"30d cash" = "30d cash";
+"30d billing history from MiniMax web session" = "30d billing history from MiniMax web session";
+"AWS Cost Explorer billing can lag." = "AWS Cost Explorer billing can lag.";
+"Rate limit: %d / %@" = "Rate limit: %d / %@";
+"Key remaining" = "Key remaining";
+"No limit set for the API key" = "No limit set for the API key";
+"API key limit unavailable right now" = "API key limit unavailable right now";
+"This month: %@ tokens" = "This month: %@ tokens";
+"No utilization data yet." = "No utilization data yet.";
+"No %@ utilization data yet." = "No %@ utilization data yet.";
+"%@: %@%% used" = "%@: %@%% used";
+"%dd" = "%dd";
+"today" = "today";
+"just now" = "just now";
+"On pace" = "On pace";
+"Runs out now" = "Runs out now";
+"Projected empty now" = "Projected empty now";
+"Switch Account..." = "Switch Account...";
+"Update ready, restart now?" = "Update ready, restart now?";
+"Daily" = "Daily";
+"Hourly Tokens" = "Hourly Tokens";
+"No data" = "No data";
+"No usage breakdown data available." = "No usage breakdown data available.";
+
+"Today: %@ · %@ tokens" = "Today: %@ · %@ tokens";
+"Today: %@" = "Today: %@";
+"Today: %@ tokens" = "Today: %@ tokens";
+"Last 30 days: %@ · %@ tokens" = "Last 30 days: %@ · %@ tokens";
+"Last 30 days: %@" = "Last 30 days: %@";
+"Est. total (30d): %@" = "Est. total (30d): %@";
+"Est. total (%@): %@" = "Est. total (%@): %@";
+"Hover a bar for details" = "Hover a bar for details";
+"%@: %@ · %@ tokens" = "%@: %@ · %@ tokens";
+"No providers selected for Overview." = "No providers selected for Overview.";
+"No overview data available." = "No overview data available.";
+"Auto uses the local IDE API first, then Google OAuth when the IDE is closed." = "Auto uses the local IDE API first, then Google OAuth when the IDE is closed.";
+"Login with Google" = "Login with Google";
+
+/* Popup panels */
+"No usage configured." = "No usage configured.";
+"Quota" = "Quota";
+"tokens" = "tokens";
+"requests" = "requests";
+"Latest" = "Latest";
+"Monthly" = "Monthly";
+"Sonnet" = "Sonnet";
+"Overages" = "Overages";
+"Activity" = "Activity";
+"Copied" = "Copied";
+"Copy error" = "Copy error";
+"Copy path" = "Copy path";
+"Extra usage spent" = "Extra usage spent";
+"Credits remaining" = "Credits remaining";
+"Using CLI fallback" = "Using CLI fallback";
+"Balance updates in near-real time (up to 5 min lag)" = "Balance updates in near-real time (up to 5 min lag)";
+"Daily billing data finalizes at 07:00 UTC" = "Daily billing data finalizes at 07:00 UTC";
+"%@ of %@ credits left" = "%@ of %@ credits left";
+"%@ of %@ bonus credits left" = "%@ of %@ bonus credits left";
+"%@ / %@ (%@ remaining)" = "%@ / %@ (%@ remaining)";
+"%@/%@ left" = "%@/%@ left";
+"Gemini Flash" = "Gemini Flash";
+"Regenerates %@" = "Regenerates %@";
+"used after next regen" = "used after next regen";
+"after next regen" = "after next regen";
+"Near full" = "Near full";
+"Full in ~1 regen" = "Full in ~1 regen";
+"Full in ~%.0f regens" = "Full in ~%.0f regens";
+"Overage usage" = "Overage usage";
+"Overage cost" = "Overage cost";
+"credits" = "credits";
+"Zen balance" = "Zen balance";
+"API spend" = "API spend";
+"Extra usage" = "Extra usage";
+"Quota usage" = "Quota usage";
+"%.0f%% used" = "%.0f%% used";
+"Usage history (today)" = "Usage history (today)";
+"Usage history (%d days)" = "Usage history (%d days)";
+"%d percent remaining" = "%d percent remaining";
+"Unknown" = "Unknown";
+"stale data" = "stale data";
+"No credits history data." = "No credits history data.";
+"No credits history data available." = "No credits history data available.";
+"Credits history chart" = "Credits history chart";
+"%d days of credits data" = "%d days of credits data";
+"Usage breakdown chart" = "Usage breakdown chart";
+"%d days of usage data across %d services" = "%d days of usage data across %d services";
+"Cost history chart" = "Cost history chart";
+"%d days of cost data" = "%d days of cost data";
+"Plan utilization chart" = "Plan utilization chart";
+"%d utilization samples" = "%d utilization samples";
+"Hourly Usage" = "Hourly Usage";
+"Usage remaining" = "Usage remaining";
+"Usage used" = "Usage used";
+"API key verified. Ollama does not expose Cloud quota limits through the API." = "API key verified. Ollama does not expose Cloud quota limits through the API.";
+"Last 30 days: %@ tokens" = "Last 30 days: %@ tokens";
+"7d spend" = "7d spend";
+"30d spend" = "30d spend";
+"Cache read" = "Cache read";
+"Claude Admin API 30 day spend trend" = "Claude Admin API 30 day spend trend";
+"OpenRouter API key spend trend" = "OpenRouter API key spend trend";
+"z.ai hourly token trend" = "z.ai hourly token trend";
+"MiniMax 30 day token usage trend" = "MiniMax 30 day token usage trend";
+"Today cash" = "Today cash";
+"DeepSeek 30 day token usage trend" = "DeepSeek 30 day token usage trend";
+"cache-hit input" = "cache-hit input";
+"cache-miss input" = "cache-miss input";
+"output" = "output";
+"Requests" = "Requests";
+"Reported by OpenAI Admin API organization usage." = "Reported by OpenAI Admin API organization usage.";
+"Reported by Mistral billing usage." = "Reported by Mistral billing usage.";
+"Google OAuth" = "Google OAuth";
+"Add accounts via GitHub OAuth Device Flow on the selected host." = "Add accounts via GitHub OAuth Device Flow on the selected host.";
+"Stores each signed-in Google account for quick Antigravity switching. Uses Antigravity.app OAuth when available, or ANTIGRAVITY_OAUTH_CLIENT_ID and ANTIGRAVITY_OAUTH_CLIENT_SECRET as an override." = "Stores each signed-in Google account for quick Antigravity switching. Uses Antigravity.app OAuth when available, or ANTIGRAVITY_OAUTH_CLIENT_ID and ANTIGRAVITY_OAUTH_CLIENT_SECRET as an override.";
+"Manual cleanup: past sessions" = "Manual cleanup: past sessions";
+"Clearing removes past resume, continue, and rewind history." = "Clearing removes past resume, continue, and rewind history.";
+"Manual cleanup: file checkpoints" = "Manual cleanup: file checkpoints";
+"Clearing removes checkpoint restore data for previous edits." = "Clearing removes checkpoint restore data for previous edits.";
+"Manual cleanup: saved plans" = "Manual cleanup: saved plans";
+"Clearing removes old plan-mode files." = "Clearing removes old plan-mode files.";
+"Manual cleanup: debug logs" = "Manual cleanup: debug logs";
+"Clearing removes past debug logs." = "Clearing removes past debug logs.";
+"Manual cleanup: attachment cache" = "Manual cleanup: attachment cache";
+"Clearing removes cached large pastes or attached images." = "Clearing removes cached large pastes or attached images.";
+"Manual cleanup: session metadata" = "Manual cleanup: session metadata";
+"Clearing removes per-session environment metadata." = "Clearing removes per-session environment metadata.";
+"Manual cleanup: shell snapshots" = "Manual cleanup: shell snapshots";
+"Clearing removes leftover runtime shell snapshot files." = "Clearing removes leftover runtime shell snapshot files.";
+"Manual cleanup: legacy todos" = "Manual cleanup: legacy todos";
+"Clearing removes legacy per-session task lists." = "Clearing removes legacy per-session task lists.";
+"Manual cleanup: sessions" = "Manual cleanup: sessions";
+"Clearing removes past Codex session history." = "Clearing removes past Codex session history.";
+"Manual cleanup: archived sessions" = "Manual cleanup: archived sessions";
+"Clearing removes archived Codex session history." = "Clearing removes archived Codex session history.";
+"Manual cleanup: cache" = "Manual cleanup: cache";
+"Clearing removes provider-owned cached data." = "Clearing removes provider-owned cached data.";
+"Manual cleanup: logs" = "Manual cleanup: logs";
+"Clearing removes local diagnostic logs." = "Clearing removes local diagnostic logs.";
+"Manual cleanup: file history" = "Manual cleanup: file history";
+"Clearing removes local edit checkpoint history." = "Clearing removes local edit checkpoint history.";
+"Manual cleanup: temporary data" = "Manual cleanup: temporary data";
+"Clearing removes local temporary provider data." = "Clearing removes local temporary provider data.";
+"Total: %@" = "Total: %@";
+"%d more items" = "%d more items";
+"Cleanup ideas" = "Cleanup ideas";
+"%d unreadable item(s) skipped" = "%d unreadable item(s) skipped";
+
+"API key limit" = "API key limit";
+"Auth" = "Auth";
+"Auto" = "Auto";
+"Disabled — no recent data" = "Disabled — no recent data";
+"Limits not available" = "Limits not available";
+"No usage yet" = "No usage yet";
+"Not fetched yet" = "Not fetched yet";
+"Refreshing" = "Refreshing";
+"Session" = "Session";
+"Source" = "Source";
+"State" = "State";
+"Unavailable" = "Unavailable";
+"Weekly" = "Weekly";
+"not detected" = "not detected";
+"Estimated from local Codex logs for the selected account." = "Estimated from local Codex logs for the selected account.";
+"minimax_usage_amount_format" = "Usage: %@ / %@";
+"minimax_used_percent_format" = "Used %@";
+"minimax_service_text_generation" = "Text Generation";
+"minimax_service_text_to_speech" = "Text to Speech";
+"minimax_service_music_generation" = "Music Generation";
+"minimax_service_image_generation" = "Image Generation";
+"minimax_service_lyrics_generation" = "Lyrics generation";
+"minimax_service_coding_plan_vlm" = "Coding plan VLM";
+"minimax_service_coding_plan_search" = "Coding plan search";
+
+/* Additional provider settings and alerts */
+"%@ is waiting for permission" = "%@ is waiting for permission";
+"%@ requests" = "%@ requests";
+"%@: %@ credits" = "%@: %@ credits";
+"30d requests" = "30d requests";
+"4 days" = "4 days";
+"5 days" = "5 days";
+"7 days" = "7 days";
+"API key verifies Ollama Cloud access; cookies still expose quota limits." = "API key verifies Ollama Cloud access; cookies still expose quota limits.";
+"AWS access key ID. Can also be set with AWS_ACCESS_KEY_ID." = "AWS access key ID. Can also be set with AWS_ACCESS_KEY_ID.";
+"AWS region. Can also be set with AWS_REGION." = "AWS region. Can also be set with AWS_REGION.";
+"AWS secret access key. Can also be set with AWS_SECRET_ACCESS_KEY." = "AWS secret access key. Can also be set with AWS_SECRET_ACCESS_KEY.";
+"Access key ID" = "Access key ID";
+"Add Account" = "Add Account";
+"Adding Account…" = "Adding Account…";
+"Antigravity login failed" = "Antigravity login failed";
+"Antigravity login timed out" = "Antigravity login timed out";
+"Auth source" = "Auth source";
+"Automatic imports Chrome browser cookies from Xiaomi MiMo." = "Automatic imports Chrome browser cookies from Xiaomi MiMo.";
+"Automatic imports Windsurf session data from Chromium browser localStorage." = "Automatic imports Windsurf session data from Chromium browser localStorage.";
+"Automatic imports browser cookies from Bailian." = "Automatic imports browser cookies from Bailian.";
+"Automatically imports browser cookies." = "Automatically imports browser cookies.";
+"Automatically imports browser session cookies." = "Automatically imports browser session cookies.";
+"Azure OpenAI deployment name. AZURE_OPENAI_DEPLOYMENT_NAME is also supported." = "Azure OpenAI deployment name. AZURE_OPENAI_DEPLOYMENT_NAME is also supported.";
+"Azure OpenAI key" = "Azure OpenAI key";
+"Azure OpenAI resource endpoint. AZURE_OPENAI_ENDPOINT is also supported." = "Azure OpenAI resource endpoint. AZURE_OPENAI_ENDPOINT is also supported.";
+"Base URL" = "Base URL";
+"Base URL for the LLM-API-Key-Proxy instance." = "Base URL for the LLM-API-Key-Proxy instance.";
+"Browser cookies" = "Browser cookies";
+"Cap end" = "Cap end";
+"Cap start" = "Cap start";
+"Capacity End" = "Capacity End";
+"Capacity Start" = "Capacity Start";
+"Changelog" = "Changelog";
+"Choose the Moonshot/Kimi API host for international or China mainland accounts." = "Choose the Moonshot/Kimi API host for international or China mainland accounts.";
+"CodexBar can't replace a system account that is signed in with an API key only setup." = "CodexBar can't replace a system account that is signed in with an API key only setup.";
+"CodexBar could not find saved auth for that account. Re-authenticate it and try again." = "CodexBar could not find saved auth for that account. Re-authenticate it and try again.";
+"CodexBar could not read managed account storage. Recover the store before adding another account." = "CodexBar could not read managed account storage. Recover the store before adding another account.";
+"CodexBar could not read saved auth for that account. Re-authenticate it and try again." = "CodexBar could not read saved auth for that account. Re-authenticate it and try again.";
+"CodexBar could not read the current system account on this Mac." = "CodexBar could not read the current system account on this Mac.";
+"CodexBar could not replace the live Codex auth on this Mac." = "CodexBar could not replace the live Codex auth on this Mac.";
+"CodexBar could not safely preserve the current system account before switching." = "CodexBar could not safely preserve the current system account before switching.";
+"CodexBar could not save the current system account before switching." = "CodexBar could not save the current system account before switching.";
+"CodexBar could not update managed account storage." = "CodexBar could not update managed account storage.";
+"CodexBar found another managed account that already uses the current system account. Resolve the duplicate account before switching." = "CodexBar found another managed account that already uses the current system account. Resolve the duplicate account before switching.";
+"CodexBar will ask macOS Keychain for “%@” so it can decrypt browser cookies and authenticate your account. Click OK to continue." = "CodexBar will ask macOS Keychain for “%@” so it can decrypt browser cookies and authenticate your account. Click OK to continue.";
+"CodexBar will ask macOS Keychain for the Claude Code OAuth token so it can fetch your Claude usage. Click OK to continue." = "CodexBar will ask macOS Keychain for the Claude Code OAuth token so it can fetch your Claude usage. Click OK to continue.";
+"CodexBar will ask macOS Keychain for your Amp cookie header so it can fetch usage. Click OK to continue." = "CodexBar will ask macOS Keychain for your Amp cookie header so it can fetch usage. Click OK to continue.";
+"CodexBar will ask macOS Keychain for your Augment cookie header so it can fetch usage. Click OK to continue." = "CodexBar will ask macOS Keychain for your Augment cookie header so it can fetch usage. Click OK to continue.";
+"CodexBar will ask macOS Keychain for your Claude cookie header so it can fetch Claude web usage. Click OK to continue." = "CodexBar will ask macOS Keychain for your Claude cookie header so it can fetch Claude web usage. Click OK to continue.";
+"CodexBar will ask macOS Keychain for your Cursor cookie header so it can fetch usage. Click OK to continue." = "CodexBar will ask macOS Keychain for your Cursor cookie header so it can fetch usage. Click OK to continue.";
+"CodexBar will ask macOS Keychain for your Factory cookie header so it can fetch usage. Click OK to continue." = "CodexBar will ask macOS Keychain for your Factory cookie header so it can fetch usage. Click OK to continue.";
+"CodexBar will ask macOS Keychain for your GitHub Copilot token so it can fetch usage. Click OK to continue." = "CodexBar will ask macOS Keychain for your GitHub Copilot token so it can fetch usage. Click OK to continue.";
+"CodexBar will ask macOS Keychain for your Kimi K2 API key so it can fetch usage. Click OK to continue." = "CodexBar will ask macOS Keychain for your Kimi K2 API key so it can fetch usage. Click OK to continue.";
+"CodexBar will ask macOS Keychain for your Kimi auth token so it can fetch usage. Click OK to continue." = "CodexBar will ask macOS Keychain for your Kimi auth token so it can fetch usage. Click OK to continue.";
+"CodexBar will ask macOS Keychain for your MiniMax API token so it can fetch usage. Click OK to continue." = "CodexBar will ask macOS Keychain for your MiniMax API token so it can fetch usage. Click OK to continue.";
+"CodexBar will ask macOS Keychain for your MiniMax cookie header so it can fetch usage. Click OK to continue." = "CodexBar will ask macOS Keychain for your MiniMax cookie header so it can fetch usage. Click OK to continue.";
+"CodexBar will ask macOS Keychain for your OpenAI cookie header so it can fetch Codex dashboard extras. Click OK to continue." = "CodexBar will ask macOS Keychain for your OpenAI cookie header so it can fetch Codex dashboard extras. Click OK to continue.";
+"CodexBar will ask macOS Keychain for your OpenCode cookie header so it can fetch usage. Click OK to continue." = "CodexBar will ask macOS Keychain for your OpenCode cookie header so it can fetch usage. Click OK to continue.";
+"CodexBar will ask macOS Keychain for your Synthetic API key so it can fetch usage. Click OK to continue." = "CodexBar will ask macOS Keychain for your Synthetic API key so it can fetch usage. Click OK to continue.";
+"CodexBar will ask macOS Keychain for your z.ai API token so it can fetch usage. Click OK to continue." = "CodexBar will ask macOS Keychain for your z.ai API token so it can fetch usage. Click OK to continue.";
+"Could not open Cursor login in your browser." = "Could not open Cursor login in your browser.";
+"Could not open browser for Antigravity" = "Could not open browser for Antigravity";
+"Credits used" = "Credits used";
+"Day" = "Day";
+"Deployment" = "Deployment";
+"Drag to reorder" = "Drag to reorder";
+"Endpoint" = "Endpoint";
+"Enterprise host" = "Enterprise host";
+"Extra usage balance: %@" = "Extra usage balance: %@";
+"Keychain Access Required" = "Keychain Access Required";
+"Kiro menu bar value" = "Kiro menu bar value";
+"Label" = "Label";
+"No organizations loaded. Click Refresh after setting your API key." = "No organizations loaded. Click Refresh after setting your API key.";
+"No output captured." = "No output captured.";
+"No system account" = "No system account";
+"Oasis-Token" = "Oasis-Token";
+"Open Augment (Log Out & Back In)" = "Open Augment (Log Out & Back In)";
+"Open Codebuff Dashboard" = "Open Codebuff Dashboard";
+"Open Command Code Settings" = "Open Command Code Settings";
+"Open Crof dashboard" = "Open Crof dashboard";
+"Open Manus" = "Open Manus";
+"Open MiMo Balance" = "Open MiMo Balance";
+"Open Moonshot Console" = "Open Moonshot Console";
+"Open Ollama API Keys" = "Open Ollama API Keys";
+"Open StepFun Platform" = "Open StepFun Platform";
+"Open T3 Chat Settings" = "Open T3 Chat Settings";
+"Open Volcengine Ark Console" = "Open Volcengine Ark Console";
+"Open legacy provider docs" = "Open legacy provider docs";
+"Open projects" = "Open projects";
+"Open this URL manually to continue login:\n\n%@" = "Open this URL manually to continue login:\n\n%@";
+"Optional organization ID for accounts linked to multiple Anthropic organizations." = "Optional organization ID for accounts linked to multiple Anthropic organizations.";
+"Optional. Applies to the configured Admin API key; selected token accounts do not inherit OPENAI_PROJECT_ID." = "Optional. Applies to the configured Admin API key; selected token accounts do not inherit OPENAI_PROJECT_ID.";
+"Optional. Enter your GitHub Enterprise host, for example octocorp.ghe.com. Leave blank for github.com." = "Optional. Enter your GitHub Enterprise host, for example octocorp.ghe.com. Leave blank for github.com.";
+"Optional. Leave blank to discover and aggregate projects visible to the API key." = "Optional. Leave blank to discover and aggregate projects visible to the API key.";
+"Org ID (optional)" = "Org ID (optional)";
+"Organizations" = "Organizations";
+"Password" = "Password";
+"%@ authentication is disabled." = "%@ authentication is disabled.";
+"%@ cookies are disabled." = "%@ cookies are disabled.";
+"%@ web API access is disabled." = "%@ web API access is disabled.";
+"Disable %@ dashboard cookie usage." = "Disable %@ dashboard cookie usage.";
+"Keychain access is disabled in Advanced, so browser cookie import is unavailable." = "Keychain access is disabled in Advanced, so browser cookie import is unavailable.";
+"Manually paste an %@ from a browser session." = "Manually paste an %@ from a browser session.";
+"Paste a Cookie header captured from %@." = "Paste a Cookie header captured from %@.";
+"Paste a Cookie header from %@." = "Paste a Cookie header from %@.";
+"Paste a Cookie header or cURL capture from %@." = "Paste a Cookie header or cURL capture from %@.";
+"Paste a Cookie header or full cURL capture from %@." = "Paste a Cookie header or full cURL capture from %@.";
+"Paste a Cookie or Authorization header from %@." = "Paste a Cookie or Authorization header from %@.";
+"Paste a full cookie header or the %@ value." = "Paste a full cookie header or the %@ value.";
+"Paste a Cookie header or full cURL capture from T3 Chat settings." = "Paste a Cookie header or full cURL capture from T3 Chat settings.";
+"Paste the Cookie header from a request to admin.mistral.ai. Must contain an ory_session_* cookie." = "Paste the Cookie header from a request to admin.mistral.ai. Must contain an ory_session_* cookie.";
+"Paste the Oasis-Token from a logged-in browser session on platform.stepfun.com." = "Paste the Oasis-Token from a logged-in browser session on platform.stepfun.com.";
+"Paste the %@ JSON bundle from %@." = "Paste the %@ JSON bundle from %@.";
+"Paste the %@ value or a full Cookie header." = "Paste the %@ value or a full Cookie header.";
+"Personal account" = "Personal account";
+"Project ID" = "Project ID";
+"Re-auth" = "Re-auth";
+"Re-authenticating…" = "Re-authenticating…";
+"Refresh Session" = "Refresh Session";
+"Refresh organizations" = "Refresh organizations";
+"Region" = "Region";
+"Reload" = "Reload";
+"Reorder" = "Reorder";
+"Secret access key" = "Secret access key";
+"Series" = "Series";
+"Service" = "Service";
+"Show or hide Kiro credits, percent, or both next to the menu bar icon." = "Show or hide Kiro credits, percent, or both next to the menu bar icon.";
+"Show usage for organizations you belong to. Personal account is always shown." = "Show usage for organizations you belong to. Personal account is always shown.";
+"Sign in to cursor.com in your browser, then refresh Cursor in CodexBar." = "Sign in to cursor.com in your browser, then refresh Cursor in CodexBar.";
+"Simulated error text" = "Simulated error text";
+"StepFun platform account (phone number or email)." = "StepFun platform account (phone number or email).";
+"Stored in ~/.codexbar/config.json." = "Stored in ~/.codexbar/config.json.";
+"Stored in ~/.codexbar/config.json. AZURE_OPENAI_API_KEY is also supported." = "Stored in ~/.codexbar/config.json. AZURE_OPENAI_API_KEY is also supported.";
+"Stored in ~/.codexbar/config.json. For the official Kimi API, use Moonshot / Kimi API." = "Stored in ~/.codexbar/config.json. For the official Kimi API, use Moonshot / Kimi API.";
+"Stored in ~/.codexbar/config.json. Get your API key from the Volcengine Ark console." = "Stored in ~/.codexbar/config.json. Get your API key from the Volcengine Ark console.";
+"Stored in ~/.codexbar/config.json. Get your key from Ollama settings." = "Stored in ~/.codexbar/config.json. Get your key from Ollama settings.";
+"Stored in ~/.codexbar/config.json. Get your key from console.deepgram.com." = "Stored in ~/.codexbar/config.json. Get your key from console.deepgram.com.";
+"Stored in ~/.codexbar/config.json. Get your key from elevenlabs.io/app/settings/api-keys." = "Stored in ~/.codexbar/config.json. Get your key from elevenlabs.io/app/settings/api-keys.";
+"Stored in ~/.codexbar/config.json. Get your key from openrouter.ai/settings/keys and set a key spending limit there to enable API key quota tracking." = "Stored in ~/.codexbar/config.json. Get your key from openrouter.ai/settings/keys and set a key spending limit there to enable API key quota tracking.";
+"Stored in ~/.codexbar/config.json. In Warp, open Settings > Platform > API Keys, then create one." = "Stored in ~/.codexbar/config.json. In Warp, open Settings > Platform > API Keys, then create one.";
+"Stored in ~/.codexbar/config.json. Metrics require Groq Enterprise Prometheus access." = "Stored in ~/.codexbar/config.json. Metrics require Groq Enterprise Prometheus access.";
+"Stored in ~/.codexbar/config.json. OPENAI_ADMIN_KEY is preferred; OPENAI_API_KEY still works." = "Stored in ~/.codexbar/config.json. OPENAI_ADMIN_KEY is preferred; OPENAI_API_KEY still works.";
+"Stored in ~/.codexbar/config.json. Requires an Anthropic Admin API key." = "Stored in ~/.codexbar/config.json. Requires an Anthropic Admin API key.";
+"Stored in ~/.codexbar/config.json. Used for /v1/quota-stats." = "Stored in ~/.codexbar/config.json. Used for /v1/quota-stats.";
+"Stored in ~/.codexbar/config.json. You can also provide CODEBUFF_API_KEY or let CodexBar read ~/.config/manicode/credentials.json (created by `codebuff login`)." = "Stored in ~/.codexbar/config.json. You can also provide CODEBUFF_API_KEY or let CodexBar read ~/.config/manicode/credentials.json (created by `codebuff login`).";
+"Stored in ~/.codexbar/config.json. You can also provide CROF_API_KEY." = "Stored in ~/.codexbar/config.json. You can also provide CROF_API_KEY.";
+"Stored in ~/.codexbar/config.json. You can also provide KILO_API_KEY or ~/.local/share/kilo/auth.json (kilo.access)." = "Stored in ~/.codexbar/config.json. You can also provide KILO_API_KEY or ~/.local/share/kilo/auth.json (kilo.access).";
+"T3 Chat cookie" = "T3 Chat cookie";
+"That account is no longer available in CodexBar. Refresh the account list and try again." = "That account is no longer available in CodexBar. Refresh the account list and try again.";
+"The browser login did not complete in time. Try Antigravity login again." = "The browser login did not complete in time. Try Antigravity login again.";
+"Timed out waiting for Cursor login. %@" = "Timed out waiting for Cursor login. %@";
+"Timed out waiting for Cursor login. %@ Last error: %@" = "Timed out waiting for Cursor login. %@ Last error: %@";
+"Today requests" = "Today requests";
+"Total (30d): %@ credits" = "Total (30d): %@ credits";
+"Username" = "Username";
+"Uses username + password to login and obtain an Oasis-Token automatically." = "Uses username + password to login and obtain an Oasis-Token automatically.";
+"Uses username + password to login and obtain an %@ automatically." = "Uses username + password to login and obtain an %@ automatically.";
+"Utilization End" = "Utilization End";
+"Utilization Start" = "Utilization Start";
+"Verbosity" = "Verbosity";
+"Windsurf session JSON bundle" = "Windsurf session JSON bundle";
+"Workspace ID" = "Workspace ID";
+"Your StepFun platform password. Used to login and obtain a session token." = "Your StepFun platform password. Used to login and obtain a session token.";
+"claude /login exited with status %d." = "claude /login exited with status %d.";
+"codex login exited with status %d." = "codex login exited with status %d.";
+"Cookie: …\n\nor paste a cURL capture from the Abacus AI dashboard" = "Cookie: …\n\nor paste a cURL capture from the Abacus AI dashboard";
+"Cookie: …\n\nor paste the __Secure-next-auth.session-token value" = "Cookie: …\n\nor paste the __Secure-next-auth.session-token value";
+"Cookie: …\n\nor paste the kimi-auth token value" = "Cookie: …\n\nor paste the kimi-auth token value";
+"session_id=...\n\nor paste just the session_id value" = "session_id=...\n\nor paste just the session_id value";
diff --git a/Sources/CodexBar/Resources/es.lproj/Localizable.strings b/Sources/CodexBar/Resources/es.lproj/Localizable.strings
new file mode 100644
index 000000000..958bd89db
--- /dev/null
+++ b/Sources/CodexBar/Resources/es.lproj/Localizable.strings
@@ -0,0 +1,915 @@
+/* Spanish localization for CodexBar */
+
+" providers" = " proveedores";
+"(System)" = "(Sistema)";
+"30d" = "30 d";
+"A managed Codex login is already running. Wait for it to finish before adding " = "Ya hay un inicio de sesión gestionado de Codex en curso. Espera a que termine antes de añadir ";
+"API key" = "Clave de API";
+"API region" = "Región de API";
+"API token" = "Token de API";
+"API tokens" = "Tokens de API";
+"About" = "Acerca de";
+"Account" = "Cuenta";
+"Accounts" = "Cuentas";
+"Accounts subtitle" = "Subtítulo de cuentas";
+"Active" = "Activo";
+"Add" = "Añadir";
+"Add Workspace" = "Añadir espacio de trabajo";
+"Advanced" = "Avanzado";
+"All" = "Todo";
+"Always allow prompts" = "Permitir siempre las solicitudes";
+"Animation pattern" = "Patrón de animación";
+"Antigravity login is managed in the app" = "El inicio de sesión de Antigravity se gestiona en la app";
+"Applies only to the Security.framework OAuth keychain reader." = "Solo se aplica al lector de Llavero OAuth de Security.framework.";
+"Auto falls back to the next source if the preferred one fails." = "Auto recurre a la siguiente fuente si la preferida falla.";
+"Auto uses API first, then falls back to CLI on auth failures." = "Auto usa primero la API y recurre a la CLI si falla la autenticación.";
+"Auto-detect" = "Detección automática";
+"Auto-refresh is off; use the menu's Refresh command." = "La actualización automática está desactivada; usa el comando Actualizar del menú.";
+"Auto-refresh: hourly · Timeout: 10m" = "Actualización automática: cada hora · Tiempo de espera: 10 m";
+"Automatic" = "Automático";
+"Automatic imports browser cookies and WorkOS tokens." = "El modo automático importa cookies del navegador y tokens de WorkOS.";
+"Automatic imports browser cookies and local storage tokens." = "El modo automático importa cookies del navegador y tokens del almacenamiento local.";
+"Automatic imports browser cookies for dashboard extras." = "El modo automático importa cookies del navegador para los extras del panel.";
+"Automatic imports browser cookies for the web API." = "El modo automático importa cookies del navegador para la API web.";
+"Automatic imports browser cookies from Model Studio/Bailian." = "El modo automático importa cookies del navegador desde Model Studio/Bailian.";
+"Automatic imports browser cookies from admin.mistral.ai." = "El modo automático importa cookies del navegador desde admin.mistral.ai.";
+"Automatic imports browser cookies from opencode.ai." = "El modo automático importa cookies del navegador desde opencode.ai.";
+"Automatic imports browser cookies or stored sessions." = "El modo automático importa cookies del navegador o sesiones guardadas.";
+"Automatic imports browser cookies." = "El modo automático importa cookies del navegador.";
+"Automatically imports browser session cookie." = "Importa automáticamente la cookie de sesión del navegador.";
+"Automatically opens CodexBar when you start your Mac." = "Abre CodexBar automáticamente al iniciar tu Mac.";
+"Automation" = "Automatización";
+"Average (\\(label1) + \\(label2))" = "Promedio (\\(label1) + \\(label2))";
+"Average (\\(metadata.sessionLabel) + \\(metadata.weeklyLabel))" = "Promedio (\\(metadata.sessionLabel) + \\(metadata.weeklyLabel))";
+"Avoid Keychain prompts" = "Evitar solicitudes del Llavero";
+"Balance" = "Saldo";
+"Battery Saver" = "Ahorro de batería";
+"Bordered" = "Con borde";
+"Build" = "Compilación";
+"Built \\(buildTimestamp)" = "Compilado \\(buildTimestamp)";
+"Buy Credits..." = "Comprar créditos...";
+"Buy Credits…" = "Comprar créditos…";
+"CLI paths" = "Rutas de la CLI";
+"CLI sessions" = "Sesiones de la CLI";
+"Caches" = "Cachés";
+"Cancel" = "Cancelar";
+"Check for Updates…" = "Buscar actualizaciones…";
+"Check for updates automatically" = "Buscar actualizaciones automáticamente";
+"Check if you like your agents having some fun up there." = "Actívalo si te gusta que tus agentes se diviertan ahí arriba.";
+"Check provider status" = "Comprobar estado del proveedor";
+"Choose Codex workspace" = "Elegir espacio de trabajo de Codex";
+"Choose the MiniMax host (global .io or China mainland .com)." = "Elige el host de MiniMax (global .io o China continental .com).";
+"Choose up to " = "Elige hasta ";
+"Choose up to \\(Self.maxOverviewProviders) providers" = "Elige hasta \\(Self.maxOverviewProviders) proveedores";
+"Choose up to \\(count) providers" = "Elige hasta \\(count) proveedores";
+"Choose what to show in the menu bar (Pace shows usage vs. expected)." = "Elige qué mostrar en la barra de menús (Ritmo muestra el uso frente al previsto).";
+"Choose which Codex account CodexBar should follow." = "Elige qué cuenta de Codex debe seguir CodexBar.";
+"Choose which window drives the menu bar percent." = "Elige qué ventana determina el porcentaje de la barra de menús.";
+"Chrome" = "Chrome";
+"Claude CLI not found" = "No se encontró la CLI de Claude";
+"Claude binary" = "Binario de Claude";
+"Claude cookies" = "Cookies de Claude";
+"Claude login failed" = "El inicio de sesión de Claude falló";
+"Claude login timed out" = "El inicio de sesión de Claude agotó el tiempo de espera";
+"Close" = "Cerrar";
+"Codex CLI not found" = "No se encontró la CLI de Codex";
+"Codex account login already running" = "Ya hay un inicio de sesión de cuenta de Codex en curso";
+"Codex binary" = "Binario de Codex";
+"Codex login failed" = "El inicio de sesión de Codex falló";
+"Codex login timed out" = "El inicio de sesión de Codex agotó el tiempo de espera";
+"CodexBar Lifecycle Keepalive" = "Mantenimiento del ciclo de vida de CodexBar";
+"CodexBar can't show its menu bar icon" = "CodexBar no puede mostrar su icono en la barra de menús";
+"CodexBar could not read managed account storage. " = "CodexBar no pudo leer el almacenamiento de cuentas gestionadas. ";
+"Configure…" = "Configurar…";
+"Connected" = "Conectado";
+"Controls how much detail is logged." = "Controla cuánto detalle se registra.";
+"Cookie header" = "Cabecera de cookie";
+"Cookie source" = "Origen de la cookie";
+"Cookie: ..." = "Cookie: ...";
+"Cookie: \\u{2026}\\\n\\\nor paste a cURL capture from the Abacus AI dashboard" = "Cookie: \\u{2026}\\\n\\\no pega una captura cURL del panel de Abacus AI";
+"Cookie: \\u{2026}\\\n\\\nor paste the __Secure-next-auth.session-token value" = "Cookie: \\u{2026}\\\n\\\no pega el valor de __Secure-next-auth.session-token";
+"Cookie: \\u{2026}\\\n\\\nor paste the kimi-auth token value" = "Cookie: \\u{2026}\\\n\\\no pega el valor del token kimi-auth";
+"Cookie: …" = "Cookie: …";
+"CopilotDeviceFlow" = "CopilotDeviceFlow";
+"Cost" = "Coste";
+"Could not add Codex account" = "No se pudo añadir la cuenta de Codex";
+"Could not open Terminal for Gemini" = "No se pudo abrir la Terminal para Gemini";
+"Could not start claude /login" = "No se pudo iniciar claude /login";
+"Could not start codex login" = "No se pudo iniciar codex login";
+"Could not switch system account" = "No se pudo cambiar la cuenta del sistema";
+"Credits" = "Créditos";
+"Credits history" = "Historial de créditos";
+"Cursor login failed" = "El inicio de sesión de Cursor falló";
+"Custom" = "Personalizado";
+"Custom Path" = "Ruta personalizada";
+"Daily Routines" = "Rutinas diarias";
+"Debug" = "Depuración";
+"Default" = "Predeterminado";
+"Disable Keychain access" = "Desactivar el acceso al Llavero";
+"Disabled" = "Desactivado";
+"Dismiss" = "Descartar";
+"Disconnected" = "Desconectado";
+"Display" = "Pantalla";
+"Display mode" = "Modo de visualización";
+"Display reset times as absolute clock values instead of countdowns." = "Mostrar las horas de reinicio como valores de reloj absolutos en lugar de cuentas atrás.";
+"Done" = "Listo";
+"Effective PATH" = "PATH efectivo";
+"Email" = "Correo electrónico";
+"Enable Merge Icons to configure Overview tab providers." = "Activa Combinar iconos para configurar los proveedores de la pestaña Resumen.";
+"Enable file logging" = "Activar registro en archivo";
+"Enabled" = "Activado";
+"Error" = "Error";
+"Error simulation" = "Simulación de errores";
+"Expose troubleshooting tools in the Debug tab." = "Muestra herramientas de diagnóstico en la pestaña Depuración.";
+"Failed" = "Falló";
+"False" = "Falso";
+"Fetch strategy attempts" = "Intentos de estrategia de obtención";
+"Fetching" = "Obteniendo";
+"Field" = "Campo";
+"Field subtitle" = "Subtítulo del campo";
+"Finish the current managed account change before switching the system account." = "Termina el cambio de cuenta gestionada actual antes de cambiar la cuenta del sistema.";
+"Force animation on next refresh" = "Forzar animación en la próxima actualización";
+"Gateway region" = "Región de la pasarela";
+"Gemini CLI not found" = "No se encontró la CLI de Gemini";
+"Gemini/Antigravity, surfacing incidents in the icon and menu." = "Gemini/Antigravity, mostrando incidencias en el icono y el menú.";
+"General" = "General";
+"GitHub" = "GitHub";
+"GitHub Copilot Login" = "Inicio de sesión de GitHub Copilot";
+"GitHub Login" = "Inicio de sesión de GitHub";
+"Hide details" = "Ocultar detalles";
+"Hide personal information" = "Ocultar información personal";
+"Historical tracking" = "Seguimiento histórico";
+"How often CodexBar polls providers in the background." = "Con qué frecuencia CodexBar consulta a los proveedores en segundo plano.";
+"Inactive" = "Inactivo";
+"Install CLI" = "Instalar CLI";
+"Install the Claude CLI (npm i -g @anthropic-ai/claude-code) and try again." = "Instala la CLI de Claude (npm i -g @anthropic-ai/claude-code) e inténtalo de nuevo.";
+"Install the Codex CLI (npm i -g @openai/codex) and try again." = "Instala la CLI de Codex (npm i -g @openai/codex) e inténtalo de nuevo.";
+"Install the Gemini CLI (npm i -g @google/gemini-cli) and try again." = "Instala la CLI de Gemini (npm i -g @google/gemini-cli) e inténtalo de nuevo.";
+"JetBrains AI is ready" = "JetBrains AI está listo";
+"JetBrains IDE" = "IDE de JetBrains";
+"Keep CLI sessions alive" = "Mantener activas las sesiones de la CLI";
+"Keyboard shortcut" = "Atajo de teclado";
+"Keychain access" = "Acceso al Llavero";
+"Keychain prompt policy" = "Política de solicitudes del Llavero";
+"Last \\(name) fetch failed:" = "La última obtención de \\(name) falló:";
+"Last \\(self.store.metadata(for: self.provider).displayName) fetch failed:" = "La última obtención de \\(self.store.metadata(for: self.provider).displayName) falló:";
+"Last attempt" = "Último intento";
+"Link" = "Enlace";
+"Loading animations" = "Animaciones de carga";
+"Loading…" = "Cargando…";
+"Local" = "Local";
+"Logging" = "Registro";
+"Login failed" = "El inicio de sesión falló";
+"Login shell PATH (startup capture)" = "PATH del shell de inicio (captura al arrancar)";
+"Login timed out" = "El inicio de sesión agotó el tiempo de espera";
+"MCP details" = "Detalles de MCP";
+"Managed Codex accounts unavailable" = "Cuentas gestionadas de Codex no disponibles";
+"Managed account storage is unreadable. Live account access is still available, " = "El almacenamiento de cuentas gestionadas no se puede leer. El acceso a cuentas en vivo sigue disponible, ";
+"Manual" = "Manual";
+"May your tokens never run out—keep agent limits in view." = "Que tus tokens nunca se agoten: mantén los límites de tus agentes a la vista.";
+"Menu bar" = "Barra de menús";
+"Menu bar auto-shows the provider closest to its rate limit." = "La barra de menús muestra automáticamente el proveedor más cercano a su límite.";
+"Menu bar metric" = "Métrica de la barra de menús";
+"Menu bar shows percent" = "La barra de menús muestra el porcentaje";
+"Menu content" = "Contenido del menú";
+"Merge Icons" = "Combinar iconos";
+"Never prompt" = "No solicitar nunca";
+"No" = "No";
+"No Codex accounts detected yet." = "Aún no se han detectado cuentas de Codex.";
+"No JetBrains IDE detected" = "No se detectó ningún IDE de JetBrains";
+"No cost history data." = "No hay datos de historial de coste.";
+"No credits history data." = "No hay datos de historial de créditos.";
+"No data available" = "No hay datos disponibles";
+"No data yet" = "Aún no hay datos";
+"No enabled providers available for Overview." = "No hay proveedores activados disponibles para Resumen.";
+"No providers selected" = "No hay proveedores seleccionados";
+"No token accounts yet." = "Aún no hay cuentas con token.";
+"No usage breakdown data." = "No hay datos de desglose de uso.";
+"None" = "Ninguno";
+"Notifications" = "Notificaciones";
+"Notifies when the 5-hour session quota hits 0% and when it becomes " = "Avisa cuando la cuota de sesión de 5 horas llega al 0 % y cuando vuelve a estar ";
+"OK" = "Aceptar";
+"Obscure email addresses in the menu bar and menu UI." = "Oculta las direcciones de correo en la barra de menús y la interfaz del menú.";
+"Off" = "Desactivado";
+"Offline" = "Sin conexión";
+"On" = "Activado";
+"Online" = "En línea";
+"Only on user action" = "Solo en acciones del usuario";
+"Open" = "Abrir";
+"Open API Keys" = "Abrir claves de API";
+"Open Amp Settings" = "Abrir ajustes de Amp";
+"Open Antigravity to sign in, then refresh CodexBar." = "Abre Antigravity para iniciar sesión y luego actualiza CodexBar.";
+"Open Browser" = "Abrir navegador";
+"Open Coding Plan" = "Abrir plan de programación";
+"Open Console" = "Abrir Consola";
+"Open Dashboard" = "Abrir panel";
+"Open Mistral Admin" = "Abrir administración de Mistral";
+"Open Menu Bar Settings" = "Abrir ajustes de la barra de menús";
+"Open Ollama Settings" = "Abrir ajustes de Ollama";
+"Open Terminal" = "Abrir Terminal";
+"Open Usage Page" = "Abrir página de uso";
+"Open Warp API Key Guide" = "Abrir la guía de la clave de API de Warp";
+"Open menu" = "Abrir menú";
+"Open token file" = "Abrir archivo de token";
+"OpenAI cookies" = "Cookies de OpenAI";
+"OpenAI web extras" = "Extras web de OpenAI";
+"Option A" = "Opción A";
+"Option B" = "Opción B";
+"Optional override if workspace lookup fails." = "Anulación opcional si falla la búsqueda del espacio de trabajo.";
+"Options" = "Opciones";
+"Override auto-detection with a custom IDE base path" = "Anular la detección automática con una ruta base de IDE personalizada";
+"Overview" = "Resumen";
+"Overview rows always follow provider order." = "Las filas de Resumen siempre siguen el orden de los proveedores.";
+"Overview tab providers" = "Proveedores de la pestaña Resumen";
+"Paste API key…" = "Pega la clave de API…";
+"Paste API token…" = "Pega el token de API…";
+"Paste key…" = "Pega la clave…";
+"Paste sessionKey or OAuth token…" = "Pega la sessionKey o el token OAuth…";
+"Paste the Cookie header from a request to admin.mistral.ai. " = "Pega la cabecera Cookie de una petición a admin.mistral.ai. ";
+"Paste token…" = "Pega el token…";
+"Personal" = "Personal";
+"Picker" = "Selector";
+"Picker subtitle" = "Subtítulo del selector";
+"Placeholder" = "Marcador de posición";
+"Plan" = "Plan";
+"Play full-screen confetti when weekly usage resets." = "Mostrar confeti a pantalla completa cuando se reinicia el uso semanal.";
+"Polls OpenAI/Claude status pages and Google Workspace for " = "Consulta las páginas de estado de OpenAI/Claude y Google Workspace para ";
+"Prevents any Keychain access while enabled." = "Impide cualquier acceso al Llavero mientras esté activado.";
+"Primary (API key limit)" = "Principal (límite de la clave de API)";
+"Primary (\\(label))" = "Principal (\\(label))";
+"Primary (\\(metadata.sessionLabel))" = "Principal (\\(metadata.sessionLabel))";
+"Probe logs" = "Registros de sondeo";
+"Progress bars fill as you consume quota (instead of showing remaining)." = "Las barras de progreso se llenan a medida que consumes la cuota (en lugar de mostrar lo restante).";
+"Provider" = "Proveedor";
+"Providers" = "Proveedores";
+"Quit CodexBar" = "Salir de CodexBar";
+"Random (default)" = "Aleatorio (predeterminado)";
+"Reads local usage logs. Shows today + last 30 days cost in the menu." = "Lee los registros de uso locales. Muestra el coste de hoy + la ventana de historial seleccionada en el menú.";
+"Refresh" = "Actualizar";
+"Refresh cadence" = "Frecuencia de actualización";
+"Remote" = "Remoto";
+"Remove" = "Eliminar";
+"Remove Codex account?" = "¿Eliminar la cuenta de Codex?";
+"Remove \\(account.email) from CodexBar? Its managed Codex home will be deleted." = "¿Eliminar \\(account.email) de CodexBar? Su directorio Codex gestionado se borrará.";
+"Remove \\(email) from CodexBar? Its managed Codex home will be deleted." = "¿Eliminar \\(email) de CodexBar? Su directorio Codex gestionado se borrará.";
+"Remove selected account" = "Eliminar la cuenta seleccionada";
+"Replace critter bars with provider branding icons and a percentage." = "Sustituir las barras de bichitos por iconos de marca del proveedor y un porcentaje.";
+"Replay selected animation" = "Reproducir la animación seleccionada";
+"Requires authentication via GitHub Device Flow." = "Requiere autenticación mediante el flujo de dispositivo de GitHub.";
+"Resets: \\(reset)" = "Se reinicia: \\(reset)";
+"Rolling five-hour limit" = "Límite móvil de cinco horas";
+"Search hourly" = "Búsquedas por hora";
+"Secondary (\\(label))" = "Secundario (\\(label))";
+"Secondary (\\(metadata.weeklyLabel))" = "Secundario (\\(metadata.weeklyLabel))";
+"Select a provider" = "Selecciona un proveedor";
+"Select the IDE to monitor" = "Selecciona el IDE a monitorizar";
+"Session quota notifications" = "Notificaciones de cuota de sesión";
+"Session tokens" = "Tokens de sesión";
+"Settings" = "Ajustes";
+"Show Codex Credits and Claude Extra usage sections in the menu." = "Mostrar las secciones de Créditos de Codex y Uso adicional de Claude en el menú.";
+"Show Debug Settings" = "Mostrar ajustes de depuración";
+"Show all token accounts" = "Mostrar todas las cuentas con token";
+"Show cost summary" = "Mostrar resumen de coste";
+"Show credits + extra usage" = "Mostrar créditos + uso adicional";
+"Show details" = "Mostrar detalles";
+"Show most-used provider" = "Mostrar el proveedor más usado";
+"Show provider icons in the switcher (otherwise show a weekly progress line)." = "Mostrar los iconos de proveedor en el selector (de lo contrario, mostrar una línea de progreso semanal).";
+"Show reset time as clock" = "Mostrar la hora de reinicio como reloj";
+"Show usage as used" = "Mostrar el uso como consumido";
+"Sign in via button below" = "Inicia sesión con el botón de abajo";
+"Skip teardown between probes (debug-only)." = "Omitir el cierre entre sondeos (solo depuración).";
+"Stack token accounts in the menu (otherwise show an account switcher bar)." = "Apilar las cuentas con token en el menú (de lo contrario, mostrar una barra de cambio de cuenta).";
+"Start at Login" = "Abrir al iniciar sesión";
+"Status" = "Estado";
+"Store Claude sessionKey cookies or OAuth access tokens." = "Almacena cookies sessionKey de Claude o tokens de acceso OAuth.";
+"Store multiple Abacus AI Cookie headers." = "Almacena varias cabeceras Cookie de Abacus AI.";
+"Store multiple Augment Cookie headers." = "Almacena varias cabeceras Cookie de Augment.";
+"Store multiple Cursor Cookie headers." = "Almacena varias cabeceras Cookie de Cursor.";
+"Store multiple Factory Cookie headers." = "Almacena varias cabeceras Cookie de Factory.";
+"Store multiple MiniMax Cookie headers." = "Almacena varias cabeceras Cookie de MiniMax.";
+"Store multiple Mistral Cookie headers." = "Almacena varias cabeceras Cookie de Mistral.";
+"Store multiple Ollama Cookie headers." = "Almacena varias cabeceras Cookie de Ollama.";
+"Store multiple OpenCode Cookie headers." = "Almacena varias cabeceras Cookie de OpenCode.";
+"Store multiple OpenCode Go Cookie headers." = "Almacena varias cabeceras Cookie de OpenCode Go.";
+"Stored in the CodexBar config file." = "Almacenado en el archivo de configuración de CodexBar.";
+"Stored in ~/.codexbar/config.json. " = "Almacenado en ~/.codexbar/config.json. ";
+"Stored in ~/.codexbar/config.json. Generate one at kimi-k2.ai." = "Almacenado en ~/.codexbar/config.json. Genera una en kimi-k2.ai.";
+"Stored in ~/.codexbar/config.json. Paste the key from the Synthetic dashboard." = "Almacenado en ~/.codexbar/config.json. Pega la clave del panel de Synthetic.";
+"Stored in ~/.codexbar/config.json. Paste your Coding Plan API key from Model Studio." = "Almacenado en ~/.codexbar/config.json. Pega tu clave de API del plan de programación desde Model Studio.";
+"Stored in ~/.codexbar/config.json. Paste your MiniMax API key." = "Almacenado en ~/.codexbar/config.json. Pega tu clave de API de MiniMax.";
+"Stored in ~/.codexbar/config.json. You can also provide KILO_API_KEY or " = "Almacenado en ~/.codexbar/config.json. También puedes proporcionar KILO_API_KEY o ";
+"Stores local Codex usage history (8 weeks) to personalize Pace predictions." = "Almacena el historial de uso local de Codex (8 semanas) para personalizar las predicciones de Ritmo.";
+"Subscription Utilization" = "Uso de la suscripción";
+"Surprise me" = "Sorpréndeme";
+"Switcher shows icons" = "El selector muestra iconos";
+"Symlink CodexBarCLI to /usr/local/bin and /opt/homebrew/bin as codexbar." = "Crear un enlace simbólico de CodexBarCLI en /usr/local/bin y /opt/homebrew/bin como codexbar.";
+"System" = "Sistema";
+"Temporarily shows the loading animation after the next refresh." = "Muestra temporalmente la animación de carga tras la próxima actualización.";
+"Tertiary (\\(label))" = "Terciario (\\(label))";
+"Tertiary (\\(tertiaryTitle))" = "Terciario (\\(tertiaryTitle))";
+"The default Codex account on this Mac." = "La cuenta de Codex predeterminada en este Mac.";
+"Toggle" = "Interruptor";
+"Toggle subtitle" = "Subtítulo del interruptor";
+"Token" = "Token";
+"Trigger the menu bar menu from anywhere." = "Abrir el menú de la barra de menús desde cualquier lugar.";
+"True" = "Verdadero";
+"Twitter" = "Twitter";
+"Unsupported" = "No compatible";
+"Update Channel" = "Canal de actualizaciones";
+"Updated" = "Actualizado";
+"Updates unavailable in this build." = "Actualizaciones no disponibles en esta compilación.";
+"Usage" = "Uso";
+"Usage breakdown" = "Desglose de uso";
+"Usage history (30 days)" = "Historial de uso";
+"Usage source" = "Origen del uso";
+"Use BigModel for the China mainland endpoints (open.bigmodel.cn)." = "Usar BigModel para los endpoints de China continental (open.bigmodel.cn).";
+"Use a single menu bar icon with a provider switcher." = "Usar un único icono en la barra de menús con un selector de proveedor.";
+"Use international or China mainland console gateways for quota fetches." = "Usar las pasarelas de consola internacionales o de China continental para obtener la cuota.";
+"Version" = "Versión";
+"Version \\(self.versionString)" = "Versión \\(self.versionString)";
+"Version \\(version)" = "Versión \\(version)";
+"Version \\(versionString)" = "Versión \\(versionString)";
+"Vertex AI Login" = "Inicio de sesión de Vertex AI";
+"Wait for the current managed Codex login to finish before adding another account." = "Espera a que termine el inicio de sesión gestionado de Codex actual antes de añadir otra cuenta.";
+"Waiting for Authentication..." = "Esperando la autenticación...";
+"Website" = "Sitio web";
+"Weekly limit confetti" = "Confeti del límite semanal";
+"Weekly token limit" = "Límite semanal de tokens";
+"Weekly usage" = "Uso semanal";
+"Weekly usage unavailable for this account." = "Uso semanal no disponible para esta cuenta.";
+"Window: \\(window)" = "Ventana: \\(window)";
+"Write logs to \\(self.fileLogPath) for debugging." = "Escribir registros en \\(self.fileLogPath) para depuración.";
+"Yes" = "Sí";
+"\\(detail.modelCode): \\(usage)" = "\\(detail.modelCode): \\(usage)";
+"\\(name): \\(truncated)" = "\\(name): \\(truncated)";
+"\\(name): \\(updated) · 30d \\(cost)" = "\\(name): \\(updated) · 30 d \\(cost)";
+"\\(name): fetching…\\(elapsed)" = "\\(name): obteniendo…\\(elapsed)";
+"\\(name): last attempt \\(when)" = "\\(name): último intento \\(when)";
+"\\(name): no data yet" = "\\(name): aún sin datos";
+"\\(name): unsupported" = "\\(name): no compatible";
+"all browsers" = "todos los navegadores";
+"available again." = "disponible de nuevo.";
+"built_format" = "Compilación %@";
+"copilot_complete_in_browser" = "Completa el inicio de sesión en tu navegador.";
+"copilot_device_code" = "Código de dispositivo copiado al portapapeles: %1$@\n\nVerifícalo en: %2$@";
+"copilot_device_code_copied" = "Código de dispositivo copiado.";
+"copilot_verify_at" = "Verifícalo en %@";
+"copilot_waiting_text" = "Completa el inicio de sesión en tu navegador.\nEsta ventana se cierra automáticamente cuando finaliza el inicio de sesión.";
+"copilot_window_closes_auto" = "Esta ventana se cierra automáticamente cuando finaliza el inicio de sesión.";
+"cost_status_error" = "%1$@: %2$@";
+"cost_status_fetching" = "%1$@: obteniendo… %2$@";
+"cost_status_last_attempt" = "%1$@: último intento %2$@";
+"cost_status_no_data" = "%@: aún sin datos";
+"cost_status_snapshot" = "%1$@: %2$@ · %3$@ %4$@";
+"cost_status_unsupported" = "%@: no compatible";
+"credits_remaining" = "Créditos: %@";
+"cursor_on_demand" = "Bajo demanda: %@";
+"cursor_on_demand_with_limit" = "Bajo demanda: %1$@ / %2$@";
+"extra_usage_format" = "Uso adicional: %1$@ / %2$@";
+"jetbrains_detected_generate" = "Detectado: %@. Usa el asistente de IA una vez para generar datos de cuota y luego actualiza CodexBar.";
+"jetbrains_detected_select" = "Detectado: %@. Selecciona tu IDE preferido en Ajustes y luego actualiza CodexBar.";
+"last_fetch_failed_with_provider" = "La última obtención de %@ falló:";
+"last_spend" = "Último gasto: %@";
+"mcp_model_usage" = "%1$@: %2$@";
+"mcp_resets" = "Se reinicia: %@";
+"mcp_window" = "Ventana: %@";
+"metric_average" = "Promedio (%1$@ + %2$@)";
+"metric_primary" = "Principal (%@)";
+"metric_secondary" = "Secundario (%@)";
+"metric_tertiary" = "Terciario (%@)";
+"multiple_workspaces_found" = "CodexBar encontró varios espacios de trabajo para %@. Elige el espacio de trabajo que añadir.";
+"ory_session_…=…; csrftoken=…" = "ory_session_…=…; csrftoken=…";
+"overview_choose_providers" = "Elige hasta %@ proveedores";
+"remove_account_message" = "¿Eliminar %@ de CodexBar? Su directorio Codex gestionado se borrará.";
+"version_format" = "Versión %@";
+"vertex_ai_login_instructions" = "Para hacer seguimiento del uso de Vertex AI, autentícate con Google Cloud.\n\n1. Abre la Terminal\n2. Ejecuta: gcloud auth application-default login\n3. Sigue las indicaciones del navegador para iniciar sesión\n4. Define tu proyecto: gcloud config set project PROJECT_ID\n\n¿Abrir la Terminal ahora?";
+"workspaceID is set but only opencode, opencodego, and deepgram support workspaceID." = "workspaceID está definido, pero solo opencode, opencodego y deepgram admiten workspaceID.";
+"© 2026 Peter Steinberger. MIT License." = "© 2026 Peter Steinberger. Licencia MIT.";
+
+/* General Pane */
+"section_system" = "Sistema";
+"section_usage" = "Uso";
+"section_automation" = "Automatización";
+"language_title" = "Idioma";
+"language_subtitle" = "Cambia el idioma de la interfaz. Requiere reiniciar la app para aplicarse por completo.";
+"language_system" = "Sistema";
+"language_english" = "English";
+"language_spanish" = "Español";
+"language_catalan" = "Català";
+"language_chinese_simplified" = "简体中文";
+"language_chinese_traditional" = "繁體中文";
+"language_portuguese_brazilian" = "Português (Brasil)";
+"start_at_login_title" = "Abrir al iniciar sesión";
+"start_at_login_subtitle" = "Abre CodexBar automáticamente al iniciar tu Mac.";
+"show_cost_summary" = "Mostrar resumen de coste";
+"show_cost_summary_subtitle" = "Lee los registros de uso locales. Muestra el coste de hoy + la ventana de historial seleccionada en el menú.";
+"cost_history_days_title" = "Ventana de historial: %d días";
+"cost_auto_refresh_info" = "Actualización automática: cada hora · Tiempo de espera: 10 m";
+"refresh_cadence_title" = "Frecuencia de actualización";
+"refresh_cadence_subtitle" = "Con qué frecuencia CodexBar consulta a los proveedores en segundo plano.";
+"manual_refresh_hint" = "La actualización automática está desactivada; usa el comando Actualizar del menú.";
+"check_provider_status_title" = "Comprobar estado del proveedor";
+"check_provider_status_subtitle" = "Consulta las páginas de estado de OpenAI/Claude y Google Workspace para Gemini/Antigravity, mostrando incidencias en el icono y el menú.";
+"session_quota_notifications_title" = "Notificaciones de cuota de sesión";
+"session_quota_notifications_subtitle" = "Avisa cuando la cuota de sesión de 5 horas llega al 0 % y cuando vuelve a estar disponible.";
+"quota_warning_notifications_title" = "Notificaciones de aviso de cuota";
+"quota_warning_notifications_subtitle" = "Avisa cuando la cuota restante de sesión o semanal cruza los umbrales configurados.";
+"quota_warnings_title" = "Avisos de cuota";
+"quota_warning_session" = "sesión";
+"quota_warning_session_capitalized" = "Sesión";
+"quota_warning_weekly" = "semanal";
+"quota_warning_weekly_capitalized" = "Semanal";
+"quota_warning_warn_at" = "Avisar al";
+"quota_warning_global_threshold_subtitle" = "Porcentajes restantes para las ventanas de sesión y semanal, salvo que un proveedor los anule.";
+"quota_warning_sound" = "Reproducir sonido de notificación";
+"quota_warning_provider_inherits" = "Usa los ajustes globales de aviso de cuota salvo que se personalice una ventana aquí.";
+"quota_warning_customize_thresholds" = "Personalizar umbrales de %@";
+"quota_warning_enable_warnings" = "Activar avisos de %@";
+"quota_warning_window_warn_at" = "%@ avisar al";
+"quota_warning_off" = "Desactivado";
+"quota_warning_inherited" = "Heredado: %@";
+"quota_warning_depleted_only" = "solo agotado";
+"quota_warning_upper" = "Superior";
+"quota_warning_lower" = "Inferior";
+"apply" = "Aplicar";
+"quit_app" = "Salir de CodexBar";
+
+/* Tab titles */
+"tab_general" = "General";
+"tab_providers" = "Proveedores";
+"tab_display" = "Pantalla";
+"tab_advanced" = "Avanzado";
+"tab_about" = "Acerca de";
+"tab_debug" = "Depuración";
+
+/* Providers Pane */
+"select_a_provider" = "Selecciona un proveedor";
+"cancel" = "Cancelar";
+"last_fetch_failed" = "la última obtención falló";
+"usage_not_fetched_yet" = "uso aún no obtenido";
+"managed_account_storage_unreadable" = "El almacenamiento de cuentas gestionadas no se puede leer. El acceso a cuentas en vivo sigue disponible, pero las acciones de añadir, reautenticar y eliminar cuentas gestionadas están desactivadas hasta que el almacén se pueda recuperar.";
+"remove_codex_account_title" = "¿Eliminar la cuenta de Codex?";
+"remove" = "Eliminar";
+"managed_login_already_running" = "Ya hay un inicio de sesión gestionado de Codex en curso. Espera a que termine antes de añadir o reautenticar otra cuenta.";
+"managed_login_failed" = "El inicio de sesión gestionado de Codex no se completó. Comprueba que `codex --version` funciona en la Terminal. Si macOS bloqueó o movió `codex` a la Papelera, elimina instalaciones duplicadas obsoletas, ejecuta `npm install -g --include=optional @openai/codex@latest` y vuelve a intentarlo.";
+"codex_login_output" = "Salida de codex login:";
+"managed_login_missing_email" = "El inicio de sesión de Codex se completó, pero no había ningún correo de cuenta disponible. Inténtalo de nuevo tras confirmar que la cuenta tiene la sesión totalmente iniciada.";
+"workspace_selection_cancelled" = "CodexBar encontró varios espacios de trabajo, pero no se seleccionó ninguno.";
+"unsafe_managed_home" = "CodexBar se negó a modificar una ruta de directorio gestionado inesperada: %@";
+"menu_bar_metric_title" = "Métrica de la barra de menús";
+"menu_bar_metric_subtitle" = "Elige qué ventana determina el porcentaje de la barra de menús.";
+"menu_bar_metric_subtitle_deepseek" = "Muestra el saldo de DeepSeek en la barra de menús.";
+"menu_bar_metric_subtitle_moonshot" = "Muestra el saldo de la API de Moonshot / Kimi en la barra de menús.";
+"menu_bar_metric_subtitle_mistral" = "Muestra el gasto de la API de Mistral del mes actual en la barra de menús.";
+"menu_bar_metric_subtitle_kimik2" = "Muestra los créditos de la clave de API de Kimi K2 en la barra de menús.";
+"automatic" = "Automático";
+"primary_api_key_limit" = "Principal (límite de la clave de API)";
+
+/* Display Pane */
+"section_menu_bar" = "Barra de menús";
+"merge_icons_title" = "Combinar iconos";
+"merge_icons_subtitle" = "Usar un único icono en la barra de menús con un selector de proveedor.";
+"switcher_shows_icons_title" = "El selector muestra iconos";
+"switcher_shows_icons_subtitle" = "Mostrar los iconos de proveedor en el selector (de lo contrario, mostrar una línea de progreso semanal).";
+"show_most_used_provider_title" = "Mostrar el proveedor más usado";
+"show_most_used_provider_subtitle" = "La barra de menús muestra automáticamente el proveedor más cercano a su límite.";
+"menu_bar_shows_percent_title" = "La barra de menús muestra el porcentaje";
+"menu_bar_shows_percent_subtitle" = "Sustituir las barras de bichitos por iconos de marca del proveedor y un porcentaje.";
+"display_mode_title" = "Modo de visualización";
+"display_mode_subtitle" = "Elige qué mostrar en la barra de menús (Ritmo muestra el uso frente al previsto).";
+"section_menu_content" = "Contenido del menú";
+"show_usage_as_used_title" = "Mostrar el uso como consumido";
+"show_usage_as_used_subtitle" = "Las barras de progreso se llenan a medida que consumes la cuota (en lugar de mostrar lo restante).";
+"show_quota_warning_markers_title" = "Mostrar marcadores de aviso de cuota";
+"show_quota_warning_markers_subtitle" = "Dibuja marcas de umbral en las barras de uso cuando hay avisos de cuota configurados.";
+"show_reset_time_as_clock_title" = "Mostrar la hora de reinicio como reloj";
+"show_reset_time_as_clock_subtitle" = "Mostrar las horas de reinicio como valores de reloj absolutos en lugar de cuentas atrás.";
+"show_provider_changelog_links_title" = "Mostrar enlaces al registro de cambios del proveedor";
+"show_provider_changelog_links_subtitle" = "Añade al menú enlaces a las notas de versión de los proveedores compatibles basados en CLI.";
+"show_credits_extra_usage_title" = "Mostrar créditos + uso adicional";
+"show_credits_extra_usage_subtitle" = "Mostrar las secciones de Créditos de Codex y Uso adicional de Claude en el menú.";
+"show_all_token_accounts_title" = "Mostrar todas las cuentas con token";
+"show_all_token_accounts_subtitle" = "Apilar las cuentas con token en el menú (de lo contrario, mostrar una barra de cambio de cuenta).";
+"multi_account_layout_title" = "Diseño multicuenta";
+"multi_account_layout_subtitle" = "Elige cambio de cuenta segmentado o tarjetas de cuenta apiladas.";
+"multi_account_layout_segmented" = "Segmentado";
+"multi_account_layout_stacked" = "Apilado";
+"overview_tab_providers_title" = "Proveedores de la pestaña Resumen";
+"configure" = "Configurar…";
+"overview_enable_merge_icons_hint" = "Activa Combinar iconos para configurar los proveedores de la pestaña Resumen.";
+"overview_no_providers_hint" = "No hay proveedores activados disponibles para Resumen.";
+"overview_rows_follow_order" = "Las filas de Resumen siempre siguen el orden de los proveedores.";
+"overview_no_providers_selected" = "No hay proveedores seleccionados";
+
+/* Advanced Pane */
+"section_keyboard_shortcut" = "Atajo de teclado";
+"open_menu_shortcut_title" = "Abrir menú";
+"open_menu_shortcut_subtitle" = "Abrir el menú de la barra de menús desde cualquier lugar.";
+"install_cli" = "Instalar CLI";
+"install_cli_subtitle" = "Crear un enlace simbólico de CodexBarCLI en /usr/local/bin y /opt/homebrew/bin como codexbar.";
+"cli_not_found" = "No se encontró CodexBarCLI en el paquete de la app.";
+"no_writable_bin_dirs" = "No se encontraron directorios bin con permiso de escritura.";
+"show_debug_settings_title" = "Mostrar ajustes de depuración";
+"show_debug_settings_subtitle" = "Muestra herramientas de diagnóstico en la pestaña Depuración.";
+"surprise_me_title" = "Sorpréndeme";
+"surprise_me_subtitle" = "Actívalo si te gusta que tus agentes se diviertan ahí arriba.";
+"weekly_limit_confetti_title" = "Confeti del límite semanal";
+"weekly_limit_confetti_subtitle" = "Mostrar confeti a pantalla completa cuando se reinicia el uso semanal.";
+"hide_personal_info_title" = "Ocultar información personal";
+"hide_personal_info_subtitle" = "Oculta las direcciones de correo en la barra de menús y la interfaz del menú.";
+"show_provider_storage_usage_title" = "Mostrar uso de almacenamiento del proveedor";
+"show_provider_storage_usage_subtitle" = "Muestra el uso de disco local en los menús. Analiza en segundo plano las rutas conocidas del proveedor.";
+"section_keychain_access" = "Acceso al Llavero";
+"keychain_access_caption" = "Desactiva todas las lecturas y escrituras del Llavero. La importación de cookies del navegador no estará disponible; pega las cabeceras Cookie manualmente en Proveedores.";
+"disable_keychain_access_title" = "Desactivar el acceso al Llavero";
+"disable_keychain_access_subtitle" = "Impide cualquier acceso al Llavero mientras esté activado.";
+
+/* About Pane */
+"about_tagline" = "Que tus tokens nunca se agoten: mantén los límites de tus agentes a la vista.";
+"link_github" = "GitHub";
+"link_website" = "Sitio web";
+"link_twitter" = "Twitter";
+"link_email" = "Correo electrónico";
+"check_updates_auto" = "Buscar actualizaciones automáticamente";
+"update_channel" = "Canal de actualizaciones";
+"check_for_updates" = "Buscar actualizaciones…";
+"updates_unavailable" = "Actualizaciones no disponibles en esta compilación.";
+"copyright" = "© 2026 Peter Steinberger. Licencia MIT.";
+
+/* Debug Pane */
+"section_logging" = "Registro";
+"enable_file_logging" = "Activar registro en archivo";
+"enable_file_logging_subtitle" = "Escribir registros en %@ para depuración.";
+"verbosity_title" = "Nivel de detalle";
+"verbosity_subtitle" = "Controla cuánto detalle se registra.";
+"open_log_file" = "Abrir archivo de registro";
+"force_animation_next_refresh" = "Forzar animación en la próxima actualización";
+"force_animation_next_refresh_subtitle" = "Muestra temporalmente la animación de carga tras la próxima actualización.";
+"section_loading_animations" = "Animaciones de carga";
+"loading_animations_caption" = "Elige un patrón y reprodúcelo en la barra de menús. «Aleatorio» mantiene el comportamiento actual.";
+"animation_random_default" = "Aleatorio (predeterminado)";
+"replay_selected_animation" = "Reproducir la animación seleccionada";
+"blink_now" = "Parpadear ahora";
+"section_probe_logs" = "Registros de sondeo";
+"probe_logs_caption" = "Obtén la salida de sondeo más reciente para depuración; Copiar conserva el texto completo.";
+"fetch_log" = "Obtener registro";
+"copy" = "Copiar";
+"save_to_file" = "Guardar en archivo";
+"load_parse_dump" = "Cargar volcado de análisis";
+"rerun_provider_autodetect" = "Reejecutar la autodetección de proveedores";
+"loading" = "Cargando…";
+"no_log_yet_fetch" = "Aún no hay registro. Obtén para cargar.";
+"section_fetch_strategy" = "Intentos de estrategia de obtención";
+"fetch_strategy_caption" = "Últimas decisiones y errores del flujo de obtención de un proveedor.";
+"section_openai_cookies" = "Cookies de OpenAI";
+"openai_cookies_caption" = "Registros de importación de cookies y extracción con WebKit del último intento de cookies de OpenAI.";
+"no_log_yet" = "Aún no hay registro. Actualiza las cookies de OpenAI en Proveedores → Codex para ejecutar una importación.";
+"section_caches" = "Cachés";
+"caches_caption" = "Borra los resultados de análisis de coste en caché o las cachés de cookies del navegador.";
+"clear_cookie_cache" = "Borrar caché de cookies";
+"clear_cost_cache" = "Borrar caché de coste";
+"section_notifications" = "Notificaciones";
+"notifications_caption" = "Lanza notificaciones de prueba para la ventana de sesión de 5 horas (agotada/restaurada).";
+"post_depleted" = "Enviar agotada";
+"post_restored" = "Enviar restaurada";
+"section_cli_sessions" = "Sesiones de la CLI";
+"cli_sessions_caption" = "Mantén activas las sesiones de la CLI de Codex/Claude tras un sondeo. Por defecto se cierran cuando se capturan los datos.";
+"keep_cli_sessions_alive" = "Mantener activas las sesiones de la CLI";
+"keep_cli_sessions_alive_subtitle" = "Omitir el cierre entre sondeos (solo depuración).";
+"reset_cli_sessions" = "Reiniciar sesiones de la CLI";
+"section_error_simulation" = "Simulación de errores";
+"error_simulation_caption" = "Inyecta un mensaje de error falso en la tarjeta del menú para probar el diseño.";
+"set_menu_error" = "Establecer error de menú";
+"clear_menu_error" = "Borrar error de menú";
+"set_cost_error" = "Establecer error de coste";
+"clear_cost_error" = "Borrar error de coste";
+"section_cli_paths" = "Rutas de la CLI";
+"cli_paths_caption" = "Binario de Codex resuelto y capas de PATH; captura del PATH de inicio de sesión al arrancar (tiempo de espera corto).";
+"codex_binary" = "Binario de Codex";
+"claude_binary" = "Binario de Claude";
+"effective_path" = "PATH efectivo";
+"unavailable" = "No disponible";
+"login_shell_path" = "PATH del shell de inicio (captura al arrancar)";
+"cleared" = "Borrado.";
+"no_fetch_attempts" = "Aún no hay intentos de obtención.";
+"macOS Tahoe can block menu bar apps in System Settings → Menu Bar → Allow in the Menu Bar. CodexBar is running, but macOS may be hiding its icon. Open Menu Bar settings and turn CodexBar on." = "macOS Tahoe puede bloquear apps de la barra de menús en Ajustes del Sistema → Barra de menús → Permitir en la barra de menús. CodexBar está en ejecución, pero macOS podría estar ocultando su icono. Abre los ajustes de la barra de menús y activa CodexBar.";
+
+/* Metric preferences */
+"metric_pref_automatic" = "Automático";
+"metric_pref_primary" = "Principal";
+"metric_pref_secondary" = "Secundario";
+"metric_pref_tertiary" = "Terciario";
+"metric_pref_extra_usage" = "Uso adicional";
+"metric_pref_average" = "Promedio";
+
+/* Display modes */
+"display_mode_percent" = "Porcentaje";
+"display_mode_pace" = "Ritmo";
+"display_mode_both" = "Ambos";
+"display_mode_percent_desc" = "Mostrar el porcentaje restante/usado (p. ej. 45 %)";
+"display_mode_pace_desc" = "Mostrar el indicador de ritmo (p. ej. +5 %)";
+"display_mode_both_desc" = "Mostrar porcentaje y ritmo (p. ej. 45 % · +5 %)";
+
+/* Provider status */
+"status_operational" = "Operativo";
+"status_partial_outage" = "Interrupción parcial";
+"status_major_outage" = "Interrupción grave";
+"status_critical_issue" = "Problema crítico";
+"status_maintenance" = "Mantenimiento";
+"status_unknown" = "Estado desconocido";
+
+/* Refresh frequency */
+"refresh_manual" = "Manual";
+"refresh_1min" = "1 min";
+"refresh_2min" = "2 min";
+"refresh_5min" = "5 min";
+"refresh_15min" = "15 min";
+"refresh_30min" = "30 min";
+
+/* Additional keys */
+"not_found" = "No encontrado";
+
+/* Cost estimation */
+"cost_header_estimated" = "Coste (estimado)";
+"cost_estimate_hint" = "Estimado a partir de registros locales · puede diferir de tu factura";
+
+/* Popup panels */
+"No usage configured." = "No hay uso configurado.";
+"Quota" = "Cuota";
+"tokens" = "tokens";
+"requests" = "solicitudes";
+"Latest" = "Último";
+"Monthly" = "Mensual";
+"Sonnet" = "Sonnet";
+"Auth" = "Autenticación";
+"Overages" = "Excesos";
+"Activity" = "Actividad";
+"Copied" = "Copiado";
+"Copy error" = "Error al copiar";
+"Copy path" = "Copiar ruta";
+"Extra usage spent" = "Gasto de uso adicional";
+"Credits remaining" = "Créditos restantes";
+"Using CLI fallback" = "Usando alternativa de CLI";
+"Balance updates in near-real time (up to 5 min lag)" = "El saldo se actualiza casi en tiempo real (hasta 5 min de retraso)";
+"Daily billing data finalizes at 07:00 UTC" = "Los datos diarios de facturación se cierran a las 07:00 UTC";
+"%@ of %@ credits left" = "Quedan %@ de %@ créditos";
+"%@ of %@ bonus credits left" = "Quedan %@ de %@ créditos de bonificación";
+"%@ / %@ (%@ remaining)" = "%@ / %@ (%@ restante)";
+"%@/%@ left" = "%@/%@ restante";
+"Gemini Flash" = "Gemini Flash";
+"Regenerates %@" = "Se regenera %@";
+"used after next regen" = "usado tras la próxima regeneración";
+"after next regen" = "tras la próxima regeneración";
+"Near full" = "Casi lleno";
+"Full in ~1 regen" = "Lleno en ~1 regeneración";
+"Full in ~%.0f regens" = "Lleno en ~%.0f regeneraciones";
+"Overage usage" = "Uso excedente";
+"Overage cost" = "Coste excedente";
+"credits" = "créditos";
+"Zen balance" = "Saldo Zen";
+"API spend" = "Gasto de API";
+"Extra usage" = "Uso adicional";
+"Quota usage" = "Uso de cuota";
+"%.0f%% used" = "%.0f%% usado";
+"Usage history (today)" = "Historial de uso (hoy)";
+"Usage history (%d days)" = "Historial de uso (%d días)";
+"%d percent remaining" = "%d%% restante";
+"Unknown" = "Desconocido";
+"stale data" = "datos obsoletos";
+"No credits history data available." = "No hay datos de historial de créditos disponibles.";
+"Credits history chart" = "Gráfico de historial de créditos";
+"%d days of credits data" = "%d días de datos de créditos";
+"Usage breakdown chart" = "Gráfico de desglose de uso";
+"%d days of usage data across %d services" = "%d días de datos de uso en %d servicios";
+"Cost history chart" = "Gráfico de historial de costes";
+"%d days of cost data" = "%d días de datos de costes";
+"Plan utilization chart" = "Gráfico de uso del plan";
+"%d utilization samples" = "%d muestras de uso";
+"Hourly Usage" = "Uso por hora";
+"Usage remaining" = "Uso restante";
+"Usage used" = "Uso utilizado";
+"API key verified. Ollama does not expose Cloud quota limits through the API." = "Clave de API verificada. Ollama no expone los límites de cuota de Cloud mediante la API.";
+"Last 30 days: %@ tokens" = "Últimos 30 días: %@ tokens";
+"7d spend" = "Gasto 7 d";
+"30d spend" = "Gasto 30 d";
+"Cache read" = "Lectura de caché";
+"Claude Admin API 30 day spend trend" = "Tendencia de gasto de 30 días de Claude Admin API";
+"OpenRouter API key spend trend" = "Tendencia de gasto de la clave API de OpenRouter";
+"z.ai hourly token trend" = "Tendencia horaria de tokens de z.ai";
+"MiniMax 30 day token usage trend" = "Tendencia de uso de tokens de 30 días de MiniMax";
+"Today cash" = "Efectivo de hoy";
+"DeepSeek 30 day token usage trend" = "Tendencia de uso de tokens de 30 días de DeepSeek";
+"cache-hit input" = "entrada con acierto de caché";
+"cache-miss input" = "entrada sin acierto de caché";
+"output" = "salida";
+"Requests" = "Solicitudes";
+"Reported by OpenAI Admin API organization usage." = "Informado por el uso de la organización en OpenAI Admin API.";
+"Reported by Mistral billing usage." = "Informado por el uso de facturación de Mistral.";
+"Today" = "Hoy";
+"Today tokens" = "Tokens de hoy";
+"30d cost" = "Coste 30 d";
+"30d tokens" = "Tokens 30 d";
+"Latest tokens" = "Tokens recientes";
+"Top model" = "Modelo principal";
+"Storage" = "Almacenamiento";
+"No data" = "Sin datos";
+"Last %d days" = "Últimos %d días";
+"%@ tokens" = "%@ tokens";
+"Latest billing day" = "Último día de facturación";
+"Latest billing day (%@)" = "Último día de facturación (%@)";
+"This week" = "Esta semana";
+"This month" = "Este mes";
+"Week" = "Semana";
+"Month" = "Mes";
+"Models" = "Modelos";
+"24h tokens" = "Tokens 24 h";
+"Latest hour" = "Última hora";
+"Peak hour" = "Hora pico";
+"Top method" = "Método principal";
+"30d cash" = "Efectivo 30 d";
+"30d billing history from MiniMax web session" = "Historial de facturación de 30 días de la sesión web de MiniMax";
+"AWS Cost Explorer billing can lag." = "La facturación de AWS Cost Explorer puede retrasarse.";
+"Rate limit: %d / %@" = "Límite de tasa: %d / %@";
+"Key remaining" = "Clave restante";
+"No limit set for the API key" = "No hay límite configurado para la clave API";
+"API key limit unavailable right now" = "El límite de la clave API no está disponible ahora";
+"Today: %@ · %@ tokens" = "Hoy: %@ · %@ tokens";
+"Today: %@" = "Hoy: %@";
+"Today: %@ tokens" = "Hoy: %@ tokens";
+"This month: %@ tokens" = "Este mes: %@ tokens";
+"API key limit" = "Límite de clave API";
+"Limits not available" = "Límites no disponibles";
+"No usage yet" = "Aún no hay uso";
+"Not fetched yet" = "Aún no obtenido";
+"Code review" = "Revisión de código";
+
+/* Additional provider settings and alerts */
+"%@ is waiting for permission" = "%@ espera permiso";
+"%@ requests" = "%@ solicitudes";
+"%@: %@ credits" = "%@: %@ créditos";
+"30d requests" = "Solicitudes de 30 d";
+"4 days" = "4 días";
+"5 days" = "5 días";
+"7 days" = "7 días";
+"API key verifies Ollama Cloud access; cookies still expose quota limits." = "La clave API verifica el acceso a Ollama Cloud; las cookies aún muestran los límites de cuota.";
+"AWS access key ID. Can also be set with AWS_ACCESS_KEY_ID." = "ID de clave de acceso de AWS. También puede definirse con AWS_ACCESS_KEY_ID.";
+"AWS region. Can also be set with AWS_REGION." = "Región de AWS. También puede definirse con AWS_REGION.";
+"AWS secret access key. Can also be set with AWS_SECRET_ACCESS_KEY." = "Clave secreta de AWS. También puede definirse con AWS_SECRET_ACCESS_KEY.";
+"Access key ID" = "ID de clave de acceso";
+"Add Account" = "Añadir cuenta";
+"Adding Account…" = "Añadiendo cuenta…";
+"Antigravity login failed" = "Error al iniciar sesión en Antigravity";
+"Antigravity login timed out" = "El inicio de sesión en Antigravity agotó el tiempo";
+"Auth source" = "Fuente de autenticación";
+"Automatic imports Chrome browser cookies from Xiaomi MiMo." = "Importa automáticamente las cookies de Chrome desde Xiaomi MiMo.";
+"Automatic imports Windsurf session data from Chromium browser localStorage." = "Importa automáticamente datos de sesión de Windsurf desde localStorage de Chromium.";
+"Automatic imports browser cookies from Bailian." = "Importa automáticamente cookies del navegador desde Bailian.";
+"Automatically imports browser cookies." = "Importa automáticamente cookies del navegador.";
+"Automatically imports browser session cookies." = "Importa automáticamente cookies de sesión del navegador.";
+"Azure OpenAI deployment name. AZURE_OPENAI_DEPLOYMENT_NAME is also supported." = "Nombre de despliegue de Azure OpenAI. También se admite AZURE_OPENAI_DEPLOYMENT_NAME.";
+"Azure OpenAI key" = "Clave de Azure OpenAI";
+"Azure OpenAI resource endpoint. AZURE_OPENAI_ENDPOINT is also supported." = "Endpoint del recurso de Azure OpenAI. También se admite AZURE_OPENAI_ENDPOINT.";
+"Base URL" = "URL base";
+"Base URL for the LLM-API-Key-Proxy instance." = "URL base de la instancia de LLM-API-Key-Proxy.";
+"Browser cookies" = "Cookies del navegador";
+"Cap end" = "Fin del límite";
+"Cap start" = "Inicio del límite";
+"Capacity End" = "Fin de capacidad";
+"Capacity Start" = "Inicio de capacidad";
+"Changelog" = "Registro de cambios";
+"Choose the Moonshot/Kimi API host for international or China mainland accounts." = "Elige el host de la API Moonshot/Kimi para cuentas internacionales o de China continental.";
+"CodexBar can't replace a system account that is signed in with an API key only setup." = "CodexBar no puede reemplazar una cuenta del sistema iniciada solo con una clave API.";
+"CodexBar could not find saved auth for that account. Re-authenticate it and try again." = "CodexBar no encontró autenticación guardada para esa cuenta. Vuelve a autenticarla e inténtalo de nuevo.";
+"CodexBar could not read managed account storage. Recover the store before adding another account." = "CodexBar no pudo leer el almacenamiento de cuentas gestionadas. Recupera el almacén antes de añadir otra cuenta.";
+"CodexBar could not read saved auth for that account. Re-authenticate it and try again." = "CodexBar no pudo leer la autenticación guardada para esa cuenta. Vuelve a autenticarla e inténtalo de nuevo.";
+"CodexBar could not read the current system account on this Mac." = "CodexBar no pudo leer la cuenta del sistema actual en este Mac.";
+"CodexBar could not replace the live Codex auth on this Mac." = "CodexBar no pudo reemplazar la autenticación activa de Codex en este Mac.";
+"CodexBar could not safely preserve the current system account before switching." = "CodexBar no pudo preservar con seguridad la cuenta del sistema actual antes de cambiar.";
+"CodexBar could not save the current system account before switching." = "CodexBar no pudo guardar la cuenta del sistema actual antes de cambiar.";
+"CodexBar could not update managed account storage." = "CodexBar no pudo actualizar el almacenamiento de cuentas gestionadas.";
+"CodexBar found another managed account that already uses the current system account. Resolve the duplicate account before switching." = "CodexBar encontró otra cuenta gestionada que ya usa la cuenta del sistema actual. Resuelve la cuenta duplicada antes de cambiar.";
+"CodexBar will ask macOS Keychain for “%@” so it can decrypt browser cookies and authenticate your account. Click OK to continue." = "CodexBar pedirá a Llaveros de macOS “%@” para descifrar cookies del navegador y autenticar tu cuenta. Haz clic en OK para continuar.";
+"CodexBar will ask macOS Keychain for the Claude Code OAuth token so it can fetch your Claude usage. Click OK to continue." = "CodexBar pedirá a Llaveros de macOS el token OAuth de Claude Code para obtener tu uso de Claude. Haz clic en OK para continuar.";
+"CodexBar will ask macOS Keychain for your Amp cookie header so it can fetch usage. Click OK to continue." = "CodexBar pedirá a Llaveros de macOS tu cabecera Cookie de Amp para obtener el uso. Haz clic en OK para continuar.";
+"CodexBar will ask macOS Keychain for your Augment cookie header so it can fetch usage. Click OK to continue." = "CodexBar pedirá a Llaveros de macOS tu cabecera Cookie de Augment para obtener el uso. Haz clic en OK para continuar.";
+"CodexBar will ask macOS Keychain for your Claude cookie header so it can fetch Claude web usage. Click OK to continue." = "CodexBar pedirá a Llaveros de macOS tu cabecera Cookie de Claude para obtener el uso web de Claude. Haz clic en OK para continuar.";
+"CodexBar will ask macOS Keychain for your Cursor cookie header so it can fetch usage. Click OK to continue." = "CodexBar pedirá a Llaveros de macOS tu cabecera Cookie de Cursor para obtener el uso. Haz clic en OK para continuar.";
+"CodexBar will ask macOS Keychain for your Factory cookie header so it can fetch usage. Click OK to continue." = "CodexBar pedirá a Llaveros de macOS tu cabecera Cookie de Factory para obtener el uso. Haz clic en OK para continuar.";
+"CodexBar will ask macOS Keychain for your GitHub Copilot token so it can fetch usage. Click OK to continue." = "CodexBar pedirá a Llaveros de macOS tu token de GitHub Copilot para obtener el uso. Haz clic en OK para continuar.";
+"CodexBar will ask macOS Keychain for your Kimi K2 API key so it can fetch usage. Click OK to continue." = "CodexBar pedirá a Llaveros de macOS tu clave API de Kimi K2 para obtener el uso. Haz clic en OK para continuar.";
+"CodexBar will ask macOS Keychain for your Kimi auth token so it can fetch usage. Click OK to continue." = "CodexBar pedirá a Llaveros de macOS tu token de autenticación de Kimi para obtener el uso. Haz clic en OK para continuar.";
+"CodexBar will ask macOS Keychain for your MiniMax API token so it can fetch usage. Click OK to continue." = "CodexBar pedirá a Llaveros de macOS tu token API de MiniMax para obtener el uso. Haz clic en OK para continuar.";
+"CodexBar will ask macOS Keychain for your MiniMax cookie header so it can fetch usage. Click OK to continue." = "CodexBar pedirá a Llaveros de macOS tu cabecera Cookie de MiniMax para obtener el uso. Haz clic en OK para continuar.";
+"CodexBar will ask macOS Keychain for your OpenAI cookie header so it can fetch Codex dashboard extras. Click OK to continue." = "CodexBar pedirá a Llaveros de macOS tu cabecera Cookie de OpenAI para obtener extras del panel de Codex. Haz clic en OK para continuar.";
+"CodexBar will ask macOS Keychain for your OpenCode cookie header so it can fetch usage. Click OK to continue." = "CodexBar pedirá a Llaveros de macOS tu cabecera Cookie de OpenCode para obtener el uso. Haz clic en OK para continuar.";
+"CodexBar will ask macOS Keychain for your Synthetic API key so it can fetch usage. Click OK to continue." = "CodexBar pedirá a Llaveros de macOS tu clave API de Synthetic para obtener el uso. Haz clic en OK para continuar.";
+"CodexBar will ask macOS Keychain for your z.ai API token so it can fetch usage. Click OK to continue." = "CodexBar pedirá a Llaveros de macOS tu token API de z.ai para obtener el uso. Haz clic en OK para continuar.";
+"Could not open Cursor login in your browser." = "No se pudo abrir el inicio de sesión de Cursor en el navegador.";
+"Could not open browser for Antigravity" = "No se pudo abrir el navegador para Antigravity";
+"Credits used" = "Créditos usados";
+"Day" = "Día";
+"Deployment" = "Despliegue";
+"Drag to reorder" = "Arrastra para reordenar";
+"Endpoint" = "Endpoint";
+"Enterprise host" = "Host Enterprise";
+"Extra usage balance: %@" = "Saldo de uso extra: %@";
+"Keychain Access Required" = "Se requiere acceso a Llaveros";
+"Kiro menu bar value" = "Valor de Kiro en la barra de menús";
+"Label" = "Etiqueta";
+"No organizations loaded. Click Refresh after setting your API key." = "No hay organizaciones cargadas. Haz clic en Actualizar después de configurar tu clave API.";
+"No output captured." = "No se capturó salida.";
+"No system account" = "Sin cuenta del sistema";
+"Oasis-Token" = "Oasis-Token";
+"Open Augment (Log Out & Back In)" = "Abrir Augment (cerrar sesión y volver a entrar)";
+"Open Codebuff Dashboard" = "Abrir panel de Codebuff";
+"Open Command Code Settings" = "Abrir ajustes de Command Code";
+"Open Crof dashboard" = "Abrir panel de Crof";
+"Open Manus" = "Abrir Manus";
+"Open MiMo Balance" = "Abrir saldo de MiMo";
+"Open Moonshot Console" = "Abrir consola de Moonshot";
+"Open Ollama API Keys" = "Abrir claves API de Ollama";
+"Open StepFun Platform" = "Abrir plataforma StepFun";
+"Open T3 Chat Settings" = "Abrir ajustes de T3 Chat";
+"Open Volcengine Ark Console" = "Abrir consola Volcengine Ark";
+"Open legacy provider docs" = "Abrir documentación del proveedor heredado";
+"Open projects" = "Abrir proyectos";
+"Open this URL manually to continue login:\n\n%@" = "Abre esta URL manualmente para continuar el inicio de sesión:\n\n%@";
+"Optional organization ID for accounts linked to multiple Anthropic organizations." = "ID de organización opcional para cuentas vinculadas a varias organizaciones de Anthropic.";
+"Optional. Applies to the configured Admin API key; selected token accounts do not inherit OPENAI_PROJECT_ID." = "Opcional. Se aplica a la clave Admin API configurada; las cuentas de token seleccionadas no heredan OPENAI_PROJECT_ID.";
+"Optional. Enter your GitHub Enterprise host, for example octocorp.ghe.com. Leave blank for github.com." = "Opcional. Introduce tu host de GitHub Enterprise, por ejemplo octocorp.ghe.com. Déjalo vacío para github.com.";
+"Optional. Leave blank to discover and aggregate projects visible to the API key." = "Opcional. Déjalo vacío para descubrir y agregar proyectos visibles para la clave API.";
+"Org ID (optional)" = "ID de org. (opcional)";
+"Organizations" = "Organizaciones";
+"Password" = "Contraseña";
+"%@ authentication is disabled." = "La autenticación de %@ está desactivada.";
+"%@ cookies are disabled." = "Las cookies de %@ están desactivadas.";
+"%@ web API access is disabled." = "El acceso a la API web de %@ está desactivado.";
+"Disable %@ dashboard cookie usage." = "Desactiva el uso de cookies del panel de %@.";
+"Keychain access is disabled in Advanced, so browser cookie import is unavailable." = "El acceso al llavero está desactivado en Avanzado, así que la importación de cookies del navegador no está disponible.";
+"Manually paste an %@ from a browser session." = "Pega manualmente un %@ de una sesión del navegador.";
+"Paste a Cookie header captured from %@." = "Pega una cabecera Cookie capturada desde %@.";
+"Paste a Cookie header from %@." = "Pega una cabecera Cookie de %@.";
+"Paste a Cookie header or cURL capture from %@." = "Pega una cabecera Cookie o una captura cURL de %@.";
+"Paste a Cookie header or full cURL capture from %@." = "Pega una cabecera Cookie o una captura cURL completa de %@.";
+"Paste a Cookie or Authorization header from %@." = "Pega una cabecera Cookie o Authorization de %@.";
+"Paste a full cookie header or the %@ value." = "Pega una cabecera de cookies completa o el valor %@.";
+"Paste a Cookie header or full cURL capture from T3 Chat settings." = "Pega una cabecera Cookie o una captura cURL completa desde los ajustes de T3 Chat.";
+"Paste the Cookie header from a request to admin.mistral.ai. Must contain an ory_session_* cookie." = "Pega la cabecera Cookie de una solicitud a admin.mistral.ai. Debe contener una cookie ory_session_*.";
+"Paste the Oasis-Token from a logged-in browser session on platform.stepfun.com." = "Pega el Oasis-Token de una sesión iniciada en platform.stepfun.com.";
+"Paste the %@ JSON bundle from %@." = "Pega el paquete JSON %@ de %@.";
+"Paste the %@ value or a full Cookie header." = "Pega el valor %@ o una cabecera Cookie completa.";
+"Personal account" = "Cuenta personal";
+"Project ID" = "ID de proyecto";
+"Re-auth" = "Reautenticar";
+"Re-authenticating…" = "Reautenticando…";
+"Refresh Session" = "Actualizar sesión";
+"Refresh organizations" = "Actualizar organizaciones";
+"Region" = "Región";
+"Reload" = "Recargar";
+"Reorder" = "Reordenar";
+"Secret access key" = "Clave de acceso secreta";
+"Series" = "Serie";
+"Service" = "Servicio";
+"Show or hide Kiro credits, percent, or both next to the menu bar icon." = "Muestra u oculta créditos de Kiro, porcentaje o ambos junto al icono de la barra de menús.";
+"Show usage for organizations you belong to. Personal account is always shown." = "Muestra el uso de las organizaciones a las que perteneces. La cuenta personal siempre se muestra.";
+"Sign in to cursor.com in your browser, then refresh Cursor in CodexBar." = "Inicia sesión en cursor.com en el navegador y luego actualiza Cursor en CodexBar.";
+"Simulated error text" = "Texto de error simulado";
+"StepFun platform account (phone number or email)." = "Cuenta de la plataforma StepFun (teléfono o correo).";
+"Stored in ~/.codexbar/config.json." = "Guardado en ~/.codexbar/config.json.";
+"Stored in ~/.codexbar/config.json. AZURE_OPENAI_API_KEY is also supported." = "Guardado en ~/.codexbar/config.json. También se admite AZURE_OPENAI_API_KEY.";
+"Stored in ~/.codexbar/config.json. For the official Kimi API, use Moonshot / Kimi API." = "Guardado en ~/.codexbar/config.json. Para la API oficial de Kimi, usa Moonshot / Kimi API.";
+"Stored in ~/.codexbar/config.json. Get your API key from the Volcengine Ark console." = "Guardado en ~/.codexbar/config.json. Obtén tu clave API en la consola Volcengine Ark.";
+"Stored in ~/.codexbar/config.json. Get your key from Ollama settings." = "Guardado en ~/.codexbar/config.json. Obtén tu clave en los ajustes de Ollama.";
+"Stored in ~/.codexbar/config.json. Get your key from console.deepgram.com." = "Guardado en ~/.codexbar/config.json. Obtén tu clave en console.deepgram.com.";
+"Stored in ~/.codexbar/config.json. Get your key from elevenlabs.io/app/settings/api-keys." = "Guardado en ~/.codexbar/config.json. Obtén tu clave en elevenlabs.io/app/settings/api-keys.";
+"Stored in ~/.codexbar/config.json. Get your key from openrouter.ai/settings/keys and set a key spending limit there to enable API key quota tracking." = "Guardado en ~/.codexbar/config.json. Obtén tu clave en openrouter.ai/settings/keys y define allí un límite de gasto para activar el seguimiento de cuota.";
+"Stored in ~/.codexbar/config.json. In Warp, open Settings > Platform > API Keys, then create one." = "Guardado en ~/.codexbar/config.json. En Warp, abre Settings > Platform > API Keys y crea una.";
+"Stored in ~/.codexbar/config.json. Metrics require Groq Enterprise Prometheus access." = "Guardado en ~/.codexbar/config.json. Las métricas requieren acceso a Groq Enterprise Prometheus.";
+"Stored in ~/.codexbar/config.json. OPENAI_ADMIN_KEY is preferred; OPENAI_API_KEY still works." = "Guardado en ~/.codexbar/config.json. Se prefiere OPENAI_ADMIN_KEY; OPENAI_API_KEY también funciona.";
+"Stored in ~/.codexbar/config.json. Requires an Anthropic Admin API key." = "Guardado en ~/.codexbar/config.json. Requiere una clave Anthropic Admin API.";
+"Stored in ~/.codexbar/config.json. Used for /v1/quota-stats." = "Guardado en ~/.codexbar/config.json. Se usa para /v1/quota-stats.";
+"Stored in ~/.codexbar/config.json. You can also provide CODEBUFF_API_KEY or let CodexBar read ~/.config/manicode/credentials.json (created by `codebuff login`)." = "Guardado en ~/.codexbar/config.json. También puedes proporcionar CODEBUFF_API_KEY o dejar que CodexBar lea ~/.config/manicode/credentials.json (creado por `codebuff login`).";
+"Stored in ~/.codexbar/config.json. You can also provide CROF_API_KEY." = "Guardado en ~/.codexbar/config.json. También puedes proporcionar CROF_API_KEY.";
+"Stored in ~/.codexbar/config.json. You can also provide KILO_API_KEY or ~/.local/share/kilo/auth.json (kilo.access)." = "Guardado en ~/.codexbar/config.json. También puedes proporcionar KILO_API_KEY o ~/.local/share/kilo/auth.json (kilo.access).";
+"T3 Chat cookie" = "Cookie de T3 Chat";
+"That account is no longer available in CodexBar. Refresh the account list and try again." = "Esa cuenta ya no está disponible en CodexBar. Actualiza la lista de cuentas e inténtalo de nuevo.";
+"The browser login did not complete in time. Try Antigravity login again." = "El inicio de sesión del navegador no terminó a tiempo. Intenta iniciar sesión en Antigravity de nuevo.";
+"Timed out waiting for Cursor login. %@" = "Se agotó el tiempo esperando el inicio de sesión de Cursor. %@";
+"Timed out waiting for Cursor login. %@ Last error: %@" = "Se agotó el tiempo esperando el inicio de sesión de Cursor. %@ Último error: %@";
+"Today requests" = "Solicitudes de hoy";
+"Total (30d): %@ credits" = "Total (30 d): %@ créditos";
+"Username" = "Usuario";
+"Uses username + password to login and obtain an Oasis-Token automatically." = "Usa usuario y contraseña para iniciar sesión y obtener un Oasis-Token automáticamente.";
+"Uses username + password to login and obtain an %@ automatically." = "Usa usuario y contraseña para iniciar sesión y obtener un %@ automáticamente.";
+"Utilization End" = "Fin de utilización";
+"Utilization Start" = "Inicio de utilización";
+"Verbosity" = "Detalle";
+"Windsurf session JSON bundle" = "Paquete JSON de sesión de Windsurf";
+"Workspace ID" = "ID de espacio de trabajo";
+"Your StepFun platform password. Used to login and obtain a session token." = "Tu contraseña de la plataforma StepFun. Se usa para iniciar sesión y obtener un token de sesión.";
+"claude /login exited with status %d." = "claude /login salió con estado %d.";
+"codex login exited with status %d." = "codex login salió con estado %d.";
+"Cookie: …\n\nor paste a cURL capture from the Abacus AI dashboard" = "Cookie: …\n\no pega una captura cURL del panel de Abacus AI";
+"Cookie: …\n\nor paste the __Secure-next-auth.session-token value" = "Cookie: …\n\no pega el valor de __Secure-next-auth.session-token";
+"Cookie: …\n\nor paste the kimi-auth token value" = "Cookie: …\n\no pega el valor del token kimi-auth";
+"session_id=...\n\nor paste just the session_id value" = "session_id=...\n\no pega solo el valor de session_id";
diff --git a/Sources/CodexBar/Resources/pt-BR.lproj/Localizable.strings b/Sources/CodexBar/Resources/pt-BR.lproj/Localizable.strings
new file mode 100644
index 000000000..5210e0c6e
--- /dev/null
+++ b/Sources/CodexBar/Resources/pt-BR.lproj/Localizable.strings
@@ -0,0 +1,1058 @@
+/* Brazilian Portuguese localization for CodexBar */
+
+" providers" = " provedores";
+"(System)" = "(Sistema)";
+"30d" = "30d";
+"A managed Codex login is already running. Wait for it to finish before adding " = "Um login gerenciado do Codex já está em andamento. Aguarde terminar antes de adicionar ";
+"API key" = "Chave de API";
+"API region" = "Região da API";
+"API token" = "Token da API";
+"API tokens" = "Tokens de API";
+"About" = "Sobre";
+"Account" = "Conta";
+"Accounts" = "Contas";
+"Accounts subtitle" = "Subtítulo de contas";
+"Active" = "Ativo";
+"Add" = "Adicionar";
+"Add Workspace" = "Adicionar workspace";
+"Advanced" = "Avançado";
+"All" = "Todos";
+"Always allow prompts" = "Sempre permitir prompts";
+"Animation pattern" = "Padrão de animação";
+"Antigravity login is managed in the app" = "O login do Antigravity é gerenciado no app";
+"Applies only to the Security.framework OAuth keychain reader." = "Aplica-se apenas ao leitor de chaves OAuth Security.framework.";
+"Auto falls back to the next source if the preferred one fails." = "Automático usa a próxima fonte se a preferida falhar.";
+"Auto uses API first, then falls back to CLI on auth failures." = "Automático usa a API primeiro e recorre à CLI em falhas de autenticação.";
+"Auto-detect" = "Detectar automaticamente";
+"Auto-refresh is off; use the menu's Refresh command." = "A atualização automática está desativada; use Atualizar no menu.";
+"Auto-refresh: hourly · Timeout: 10m" = "Atualização automática: a cada hora · Timeout: 10 min";
+"Automatic" = "Automático";
+"Automatic imports browser cookies and WorkOS tokens." = "Importa automaticamente cookies do navegador e tokens WorkOS.";
+"Automatic imports browser cookies and local storage tokens." = "Importa automaticamente cookies do navegador e tokens do armazenamento local.";
+"Automatic imports browser cookies for dashboard extras." = "Importa automaticamente cookies do navegador para extras do dashboard.";
+"Automatic imports browser cookies for the web API." = "Importa automaticamente cookies do navegador para a API web.";
+"Automatic imports browser cookies from Model Studio/Bailian." = "Importa automaticamente cookies do navegador do Model Studio/Bailian.";
+"Automatic imports browser cookies from admin.mistral.ai." = "Importa automaticamente cookies do navegador de admin.mistral.ai.";
+"Automatic imports browser cookies from opencode.ai." = "Importa automaticamente cookies do navegador de opencode.ai.";
+"Automatic imports browser cookies or stored sessions." = "Importa automaticamente cookies do navegador ou sessões salvas.";
+"Automatic imports browser cookies." = "Importa cookies do navegador automaticamente.";
+"Automatically imports browser session cookie." = "Importa automaticamente o cookie de sessão do navegador.";
+"Automatically opens CodexBar when you start your Mac." = "Abre o CodexBar automaticamente ao iniciar o Mac.";
+"Automation" = "Automação";
+"Average (\\(label1) + \\(label2))" = "Média (\\(label1) + \\(label2))";
+"Average (\\(metadata.sessionLabel) + \\(metadata.weeklyLabel))" = "Média (\\(metadata.sessionLabel) + \\(metadata.weeklyLabel))";
+"Avoid Keychain prompts" = "Evitar prompts do Keychain";
+"Balance" = "Saldo";
+"Battery Saver" = "Economia de bateria";
+"Bordered" = "Com borda";
+"Build" = "Build";
+"Built \\(buildTimestamp)" = "Build \\(buildTimestamp)";
+"Buy Credits..." = "Comprar créditos...";
+"Buy Credits…" = "Comprar créditos…";
+"CLI paths" = "Caminhos da CLI";
+"CLI sessions" = "Sessões da CLI";
+"Caches" = "Caches";
+"Cancel" = "Cancelar";
+"Check for Updates…" = "Buscar atualizações…";
+"Check for updates automatically" = "Buscar atualizações automaticamente";
+"Check if you like your agents having some fun up there." = "Veja se você gosta dos seus agentes se divertindo ali em cima.";
+"Check provider status" = "Verificar status dos provedores";
+"Choose Codex workspace" = "Escolher workspace do Codex";
+"Choose the MiniMax host (global .io or China mainland .com)." = "Escolha o host MiniMax (global .io ou China continental .com).";
+"Choose up to " = "Escolha até ";
+"Choose up to \\(Self.maxOverviewProviders) providers" = "Escolha até \\(Self.maxOverviewProviders) provedores";
+"Choose up to \\(count) providers" = "Escolha até \\(count) provedores";
+"Choose what to show in the menu bar (Pace shows usage vs. expected)." = "Escolha o que mostrar na barra de menus (Ritmo mostra uso vs. esperado).";
+"Choose which Codex account CodexBar should follow." = "Escolha qual conta Codex o CodexBar deve acompanhar.";
+"Choose which window drives the menu bar percent." = "Escolha qual janela define a porcentagem da barra de menus.";
+"Chrome" = "Chrome";
+"Claude CLI not found" = "CLI do Claude não encontrada";
+"Claude binary" = "Binário do Claude";
+"Claude cookies" = "Cookies do Claude";
+"Claude login failed" = "Falha no login do Claude";
+"Claude login timed out" = "Tempo esgotado no login do Claude";
+"Close" = "Fechar";
+"Code review" = "Revisão de código";
+"Codex CLI not found" = "CLI do Codex não encontrada";
+"Codex account login already running" = "Login de conta Codex já em andamento";
+"Codex binary" = "Binário do Codex";
+"Codex login failed" = "Falha no login do Codex";
+"Codex login timed out" = "Tempo esgotado no login do Codex";
+"CodexBar Lifecycle Keepalive" = "Keepalive do ciclo de vida do CodexBar";
+"CodexBar can't show its menu bar icon" = "O CodexBar não consegue mostrar o ícone na barra de menus";
+"CodexBar could not read managed account storage. " = "O CodexBar não conseguiu ler o armazenamento de contas gerenciadas. ";
+"Configure…" = "Configurar…";
+"Connected" = "Conectado";
+"Controls how much detail is logged." = "Controla o nível de detalhe dos logs.";
+"Cookie header" = "Cabeçalho Cookie";
+"Cookie source" = "Fonte do cookie";
+"Cookie: ..." = "Cookie: ...";
+"Cookie: \\u{2026}\\\n\\\nor paste a cURL capture from the Abacus AI dashboard" = "Cookie: \\u{2026}\\\n\\\nou cole uma captura cURL do dashboard do Abacus AI";
+"Cookie: \\u{2026}\\\n\\\nor paste the __Secure-next-auth.session-token value" = "Cookie: \\u{2026}\\\n\\\nou cole o valor de __Secure-next-auth.session-token";
+"Cookie: \\u{2026}\\\n\\\nor paste the kimi-auth token value" = "Cookie: \\u{2026}\\\n\\\nou cole o valor do token kimi-auth";
+"Cookie: …" = "Cookie: …";
+"CopilotDeviceFlow" = "CopilotDeviceFlow";
+"Cost" = "Custo";
+"Could not add Codex account" = "Não foi possível adicionar a conta Codex";
+"Could not open Terminal for Gemini" = "Não foi possível abrir o Terminal para Gemini";
+"Could not start claude /login" = "Não foi possível iniciar claude /login";
+"Could not start codex login" = "Não foi possível iniciar o login do Codex";
+"Could not switch system account" = "Não foi possível trocar a conta do sistema";
+"Credits" = "Créditos";
+"Credits history" = "Histórico de créditos";
+"Cursor login failed" = "Falha no login do Cursor";
+"Custom" = "Personalizado";
+"Custom Path" = "Caminho personalizado";
+"Daily Routines" = "Rotinas diárias";
+"Debug" = "Depuração";
+"Default" = "Padrão";
+"Disable Keychain access" = "Desativar acesso ao Keychain";
+"Disabled" = "Desativado";
+"Dismiss" = "Dispensar";
+"Disconnected" = "Desconectado";
+"Display" = "Exibição";
+"Display mode" = "Modo de exibição";
+"Display reset times as absolute clock values instead of countdowns." = "Mostra horários de renovação como horas absolutas, em vez de contagens regressivas.";
+"Done" = "Concluído";
+"Effective PATH" = "PATH efetivo";
+"Email" = "E-mail";
+"Enable Merge Icons to configure Overview tab providers." = "Ative Mesclar Ícones para configurar provedores da aba Visão geral.";
+"Enable file logging" = "Ativar logs em arquivo";
+"Enabled" = "Ativado";
+"Error" = "Erro";
+"Error simulation" = "Simulação de erro";
+"Expose troubleshooting tools in the Debug tab." = "Exibe ferramentas de diagnóstico na aba Depuração.";
+"Failed" = "Falhou";
+"False" = "Falso";
+"Fetch strategy attempts" = "Tentativas da estratégia de busca";
+"Fetching" = "Buscando";
+"Field" = "Campo";
+"Field subtitle" = "Subtítulo do campo";
+"Finish the current managed account change before switching the system account." = "Conclua a alteração de conta gerenciada atual antes de trocar a conta do sistema.";
+"Force animation on next refresh" = "Forçar animação na próxima atualização";
+"Gateway region" = "Região do gateway";
+"Gemini CLI not found" = "CLI do Gemini não encontrada";
+"Gemini/Antigravity, surfacing incidents in the icon and menu." = "Gemini/Antigravity, exibindo incidentes no ícone e no menu.";
+"General" = "Geral";
+"GitHub" = "GitHub";
+"GitHub Copilot Login" = "Login do GitHub Copilot";
+"GitHub Login" = "Login do GitHub";
+"Hide details" = "Ocultar detalhes";
+"Hide personal information" = "Ocultar informações pessoais";
+"Historical tracking" = "Acompanhamento histórico";
+"How often CodexBar polls providers in the background." = "Frequência com que o CodexBar consulta provedores em segundo plano.";
+"Inactive" = "Inativo";
+"Install CLI" = "Instalar CLI";
+"Install the Claude CLI (npm i -g @anthropic-ai/claude-code) and try again." = "Instale a CLI do Claude (npm i -g @anthropic-ai/claude-code) e tente novamente.";
+"Install the Codex CLI (npm i -g @openai/codex) and try again." = "Instale a CLI do Codex (npm i -g @openai/codex) e tente novamente.";
+"Install the Gemini CLI (npm i -g @google/gemini-cli) and try again." = "Instale a CLI do Gemini (npm i -g @google/gemini-cli) e tente novamente.";
+"JetBrains AI is ready" = "JetBrains AI está pronto";
+"JetBrains IDE" = "IDE JetBrains";
+"Keep CLI sessions alive" = "Manter sessões da CLI ativas";
+"Keyboard shortcut" = "Atalho de teclado";
+"Keychain access" = "Acesso ao Keychain";
+"Keychain prompt policy" = "Política de prompts do Keychain";
+"Last \\(name) fetch failed:" = "Última busca de \\(name) falhou:";
+"Last \\(self.store.metadata(for: self.provider).displayName) fetch failed:" = "Última busca de \\(self.store.metadata(for: self.provider).displayName) falhou:";
+"Last attempt" = "Última tentativa";
+"Link" = "Link";
+"Loading animations" = "Animações de carregamento";
+"Loading…" = "Carregando…";
+"Local" = "Local";
+"Logging" = "Logs";
+"Login failed" = "Falha no login";
+"Login shell PATH (startup capture)" = "PATH do shell de login (captura na inicialização)";
+"Login timed out" = "Tempo esgotado no login";
+"MCP details" = "Detalhes MCP";
+"Managed Codex accounts unavailable" = "Contas Codex gerenciadas indisponíveis";
+"Managed account storage is unreadable. Live account access is still available, " = "O armazenamento de contas gerenciadas está ilegível. O acesso à conta ativa ainda está disponível, ";
+"Manual" = "Manual";
+"May your tokens never run out—keep agent limits in view." = "Que seus tokens nunca acabem — mantenha os limites dos agentes à vista.";
+"Menu bar" = "Barra de menus";
+"Menu bar auto-shows the provider closest to its rate limit." = "A barra de menus mostra automaticamente o provedor mais próximo do limite de taxa.";
+"Menu bar metric" = "Métrica da barra de menus";
+"Menu bar shows percent" = "Barra de menus mostra porcentagem";
+"Menu content" = "Conteúdo do menu";
+"Merge Icons" = "Mesclar Ícones";
+"Never prompt" = "Nunca perguntar";
+"No" = "Não";
+"No Codex accounts detected yet." = "Nenhuma conta Codex detectada ainda.";
+"No JetBrains IDE detected" = "Nenhuma IDE JetBrains detectada";
+"No cost history data." = "Sem dados de histórico de custos.";
+"No data available" = "Nenhum dado disponível";
+"No data yet" = "Ainda sem dados";
+"No enabled providers available for Overview." = "Nenhum provedor ativado disponível para Visão geral.";
+"No providers selected" = "Nenhum provedor selecionado";
+"No token accounts yet." = "Ainda sem contas de token.";
+"No usage breakdown data." = "Sem dados de detalhamento de uso.";
+"None" = "Nenhum";
+"Notifications" = "Notificações";
+"Notifies when the 5-hour session quota hits 0% and when it becomes " = "Notifica quando a cota de sessão de 5 horas chega a 0% e quando fica ";
+"OK" = "OK";
+"Obscure email addresses in the menu bar and menu UI." = "Oculta endereços de e-mail na barra de menus e na UI do menu.";
+"Off" = "Desligado";
+"Offline" = "Offline";
+"On" = "Ligado";
+"Online" = "Online";
+"Only on user action" = "Somente por ação do usuário";
+"Open" = "Abrir";
+"Open API Keys" = "Abrir chaves de API";
+"Open Amp Settings" = "Abrir ajustes do Amp";
+"Open Antigravity to sign in, then refresh CodexBar." = "Abra o Antigravity para entrar e depois atualize o CodexBar.";
+"Open Browser" = "Abrir navegador";
+"Open Coding Plan" = "Abrir Coding Plan";
+"Open Console" = "Abrir console";
+"Open Dashboard" = "Abrir dashboard";
+"Open Mistral Admin" = "Abrir Mistral Admin";
+"Open Menu Bar Settings" = "Abrir ajustes da barra de menus";
+"Open Ollama Settings" = "Abrir ajustes do Ollama";
+"Open Terminal" = "Abrir Terminal";
+"Open Usage Page" = "Abrir página de uso";
+"Open Warp API Key Guide" = "Abrir guia de chave de API do Warp";
+"Open menu" = "Abrir menu";
+"Open token file" = "Abrir arquivo de token";
+"OpenAI cookies" = "Cookies da OpenAI";
+"OpenAI web extras" = "Extras web da OpenAI";
+"Option A" = "Opção A";
+"Option B" = "Opção B";
+"Optional override if workspace lookup fails." = "Substituição opcional se a busca do workspace falhar.";
+"Options" = "Opções";
+"Override auto-detection with a custom IDE base path" = "Substituir detecção automática por um caminho base personalizado da IDE";
+"Overview" = "Visão geral";
+"Overview rows always follow provider order." = "As linhas da Visão geral sempre seguem a ordem dos provedores.";
+"Overview tab providers" = "Provedores da aba Visão geral";
+"Paste API key…" = "Cole a chave de API…";
+"Paste API token…" = "Cole o token da API…";
+"Paste key…" = "Cole a chave…";
+"Paste sessionKey or OAuth token…" = "Cole sessionKey ou token OAuth…";
+"Paste the Cookie header from a request to admin.mistral.ai. " = "Cole o cabeçalho Cookie de uma requisição para admin.mistral.ai. ";
+"Paste token…" = "Cole o token…";
+"Personal" = "Pessoal";
+"Picker" = "Seletor";
+"Picker subtitle" = "Subtítulo do seletor";
+"Placeholder" = "Texto de exemplo";
+"Plan" = "Plano";
+"Play full-screen confetti when weekly usage resets." = "Mostra confete em tela cheia quando o uso semanal for renovado.";
+"Polls OpenAI/Claude status pages and Google Workspace for " = "Consulta as páginas de status da OpenAI/Claude e o Google Workspace para ";
+"Prevents any Keychain access while enabled." = "Impede qualquer acesso ao Keychain quando ativado.";
+"Primary (API key limit)" = "Primário (limite da chave de API)";
+"Primary (\\(label))" = "Primário (\\(label))";
+"Primary (\\(metadata.sessionLabel))" = "Primário (\\(metadata.sessionLabel))";
+"Probe logs" = "Logs de verificação";
+"Progress bars fill as you consume quota (instead of showing remaining)." = "As barras de progresso preenchem conforme você consome a cota (em vez de mostrar o restante).";
+"Provider" = "Provedor";
+"Providers" = "Provedores";
+"Quit CodexBar" = "Encerrar CodexBar";
+"Random (default)" = "Aleatório (padrão)";
+"Reads local usage logs. Shows today + last 30 days cost in the menu." = "Lê logs de uso locais. Mostra o custo de hoje + a janela de histórico selecionada no menu.";
+"Refresh" = "Atualizar";
+"Refresh cadence" = "Cadência de atualização";
+"Remote" = "Remoto";
+"Remove" = "Remover";
+"Remove Codex account?" = "Remover conta Codex?";
+"Remove \\(account.email) from CodexBar? Its managed Codex home will be deleted." = "Remover \\(account.email) do CodexBar? O diretório Codex gerenciado será apagado.";
+"Remove \\(email) from CodexBar? Its managed Codex home will be deleted." = "Remover \\(email) do CodexBar? O diretório Codex gerenciado será apagado.";
+"Remove selected account" = "Remover conta selecionada";
+"Replace critter bars with provider branding icons and a percentage." = "Substitui barras de bichinhos por ícones da marca do provedor e uma porcentagem.";
+"Replay selected animation" = "Reproduzir animação selecionada";
+"Requires authentication via GitHub Device Flow." = "Requer autenticação via GitHub Device Flow.";
+"Resets: \\(reset)" = "Renova em: \\(reset)";
+"Rolling five-hour limit" = "Limite móvel de cinco horas";
+"Search hourly" = "Buscar a cada hora";
+"Secondary (\\(label))" = "Secundário (\\(label))";
+"Secondary (\\(metadata.weeklyLabel))" = "Secundário (\\(metadata.weeklyLabel))";
+"Select a provider" = "Selecione um provedor";
+"Select the IDE to monitor" = "Selecione a IDE para monitorar";
+"Session quota notifications" = "Notificações de cota de sessão";
+"Session tokens" = "Tokens de sessão";
+"Settings" = "Ajustes";
+"Show Codex Credits and Claude Extra usage sections in the menu." = "Mostra as seções de créditos do Codex e uso extra do Claude no menu.";
+"Show Debug Settings" = "Mostrar ajustes de depuração";
+"Show all token accounts" = "Mostrar todas as contas de token";
+"Show cost summary" = "Mostrar resumo de custos";
+"Show credits + extra usage" = "Mostrar créditos + uso extra";
+"Show details" = "Mostrar detalhes";
+"Show most-used provider" = "Mostrar provedor mais usado";
+"Show provider icons in the switcher (otherwise show a weekly progress line)." = "Mostra ícones dos provedores no alternador (caso contrário, mostra uma linha de progresso semanal).";
+"Show reset time as clock" = "Mostrar renovação como horário";
+"Show usage as used" = "Mostrar uso como consumido";
+"Sign in via button below" = "Entre pelo botão abaixo";
+"Skip teardown between probes (debug-only)." = "Não encerra entre verificações (somente depuração).";
+"Stack token accounts in the menu (otherwise show an account switcher bar)." = "Empilha contas de token no menu (caso contrário, mostra uma barra de alternância de contas).";
+"Start at Login" = "Iniciar ao fazer login";
+"Status" = "Status";
+"Store Claude sessionKey cookies or OAuth access tokens." = "Armazena cookies sessionKey ou tokens de acesso OAuth do Claude.";
+"Store multiple Abacus AI Cookie headers." = "Armazena vários cabeçalhos Cookie do Abacus AI.";
+"Store multiple Augment Cookie headers." = "Armazena vários cabeçalhos Cookie do Augment.";
+"Store multiple Cursor Cookie headers." = "Armazena vários cabeçalhos Cookie do Cursor.";
+"Store multiple Factory Cookie headers." = "Armazena vários cabeçalhos Cookie do Factory.";
+"Store multiple MiniMax Cookie headers." = "Armazena vários cabeçalhos Cookie do MiniMax.";
+"Store multiple Mistral Cookie headers." = "Armazena vários cabeçalhos Cookie do Mistral.";
+"Store multiple Ollama Cookie headers." = "Armazena vários cabeçalhos Cookie do Ollama.";
+"Store multiple OpenCode Cookie headers." = "Armazena vários cabeçalhos Cookie do OpenCode.";
+"Store multiple OpenCode Go Cookie headers." = "Armazena vários cabeçalhos Cookie do OpenCode Go.";
+"Stored in the CodexBar config file." = "Armazenado no arquivo de configuração do CodexBar.";
+"Stored in ~/.codexbar/config.json. " = "Armazenado em ~/.codexbar/config.json. ";
+"Stored in ~/.codexbar/config.json. Generate one at kimi-k2.ai." = "Armazenado em ~/.codexbar/config.json. Gere um em kimi-k2.ai.";
+"Stored in ~/.codexbar/config.json. Paste the key from the Synthetic dashboard." = "Armazenado em ~/.codexbar/config.json. Cole a chave do dashboard Synthetic.";
+"Stored in ~/.codexbar/config.json. Paste your Coding Plan API key from Model Studio." = "Armazenado em ~/.codexbar/config.json. Cole sua chave de API do Coding Plan do Model Studio.";
+"Stored in ~/.codexbar/config.json. Paste your MiniMax API key." = "Armazenado em ~/.codexbar/config.json. Cole sua chave de API do MiniMax.";
+"Stored in ~/.codexbar/config.json. You can also provide KILO_API_KEY or " = "Armazenado em ~/.codexbar/config.json. Você também pode informar KILO_API_KEY ou ";
+"Stores local Codex usage history (8 weeks) to personalize Pace predictions." = "Armazena histórico local de uso do Codex (8 semanas) para personalizar previsões de Ritmo.";
+"Subscription Utilization" = "Uso da assinatura";
+"Surprise me" = "Surpreenda-me";
+"Switcher shows icons" = "Alternador mostra ícones";
+"Symlink CodexBarCLI to /usr/local/bin and /opt/homebrew/bin as codexbar." = "Cria symlink de CodexBarCLI em /usr/local/bin e /opt/homebrew/bin como codexbar.";
+"System" = "Sistema";
+"Temporarily shows the loading animation after the next refresh." = "Mostra temporariamente a animação de carregamento após a próxima atualização.";
+"Tertiary (\\(label))" = "Terciário (\\(label))";
+"Tertiary (\\(tertiaryTitle))" = "Terciário (\\(tertiaryTitle))";
+"The default Codex account on this Mac." = "A conta Codex padrão deste Mac.";
+"Toggle" = "Alternar";
+"Toggle subtitle" = "Subtítulo do alternador";
+"Token" = "Token";
+"Trigger the menu bar menu from anywhere." = "Aciona o menu da barra de menus de qualquer lugar.";
+"True" = "Verdadeiro";
+"Twitter" = "Twitter";
+"Unsupported" = "Não suportado";
+"Update Channel" = "Canal de atualização";
+"Updated" = "Atualizado";
+"Updates unavailable in this build." = "Atualizações indisponíveis nesta build.";
+"Usage" = "Uso";
+"Usage breakdown" = "Detalhamento de uso";
+"Usage history (30 days)" = "Histórico de uso";
+"Usage source" = "Fonte de uso";
+"Use BigModel for the China mainland endpoints (open.bigmodel.cn)." = "Usa BigModel para endpoints da China continental (open.bigmodel.cn).";
+"Use a single menu bar icon with a provider switcher." = "Usa um único ícone na barra de menus com alternador de provedores.";
+"Use international or China mainland console gateways for quota fetches." = "Usa gateways de console internacionais ou da China continental para buscar cotas.";
+"Version" = "Versão";
+"Version \\(self.versionString)" = "Versão \\(self.versionString)";
+"Version \\(version)" = "Versão \\(version)";
+"Version \\(versionString)" = "Versão \\(versionString)";
+"Vertex AI Login" = "Login do Vertex AI";
+"Wait for the current managed Codex login to finish before adding another account." = "Aguarde o login gerenciado atual do Codex terminar antes de adicionar outra conta.";
+"Waiting for Authentication..." = "Aguardando autenticação...";
+"Website" = "Site";
+"Weekly limit confetti" = "Confete do limite semanal";
+"Weekly token limit" = "Limite semanal de tokens";
+"Weekly usage" = "Uso semanal";
+"Weekly usage unavailable for this account." = "Uso semanal indisponível para esta conta.";
+"Window: \\(window)" = "Janela: \\(window)";
+"Write logs to \\(self.fileLogPath) for debugging." = "Grava logs em \\(self.fileLogPath) para depuração.";
+"Yes" = "Sim";
+"\\(detail.modelCode): \\(usage)" = "\\(detail.modelCode): \\(usage)";
+"\\(name): \\(truncated)" = "\\(name): \\(truncated)";
+"\\(name): \\(updated) · 30d \\(cost)" = "\\(name): \\(updated) · 30d \\(cost)";
+"\\(name): fetching…\\(elapsed)" = "\\(name): buscando…\\(elapsed)";
+"\\(name): last attempt \\(when)" = "\\(name): última tentativa \\(when)";
+"\\(name): no data yet" = "\\(name): ainda sem dados";
+"\\(name): unsupported" = "\\(name): não suportado";
+"all browsers" = "todos os navegadores";
+"available again." = "disponível novamente.";
+"built_format" = "Build %@";
+"copilot_complete_in_browser" = "Conclua o login no navegador.";
+"copilot_device_code" = "Código do dispositivo copiado para a área de transferência: %1$@\n\nVerifique em: %2$@";
+"copilot_device_code_copied" = "Código do dispositivo copiado.";
+"copilot_verify_at" = "Verifique em %@";
+"copilot_waiting_text" = "Conclua o login no navegador.\nEsta janela fecha automaticamente quando o login for concluído.";
+"copilot_window_closes_auto" = "Esta janela fecha automaticamente quando o login for concluído.";
+"cost_status_error" = "%1$@: %2$@";
+"cost_status_fetching" = "%1$@: buscando… %2$@";
+"cost_status_last_attempt" = "%1$@: última tentativa %2$@";
+"cost_status_no_data" = "%@: ainda sem dados";
+"cost_status_snapshot" = "%1$@: %2$@ · %3$@ %4$@";
+"cost_status_unsupported" = "%@: não suportado";
+"credits_remaining" = "Créditos: %@";
+"cursor_on_demand" = "Sob demanda: %@";
+"cursor_on_demand_with_limit" = "Sob demanda: %1$@ / %2$@";
+"extra_usage_format" = "Uso extra: %1$@ / %2$@";
+"jetbrains_detected_generate" = "Detectado: %@. Use o assistente de IA uma vez para gerar dados de cota e atualize o CodexBar.";
+"jetbrains_detected_select" = "Detectado: %@. Selecione sua IDE preferida em Ajustes e atualize o CodexBar.";
+"last_fetch_failed_with_provider" = "Última busca de %@ falhou:";
+"last_spend" = "Último gasto: %@";
+"mcp_model_usage" = "%1$@: %2$@";
+"mcp_resets" = "Renova em: %@";
+"mcp_window" = "Janela: %@";
+"metric_average" = "Média (%1$@ + %2$@)";
+"metric_primary" = "Primário (%@)";
+"metric_secondary" = "Secundário (%@)";
+"metric_tertiary" = "Terciário (%@)";
+"multiple_workspaces_found" = "O CodexBar encontrou vários workspaces para %@. Escolha o workspace para adicionar.";
+"ory_session_…=…; csrftoken=…" = "ory_session_…=…; csrftoken=…";
+"overview_choose_providers" = "Escolha até %@ provedores";
+"remove_account_message" = "Remover %@ do CodexBar? O diretório Codex gerenciado será apagado.";
+"version_format" = "Versão %@";
+"vertex_ai_login_instructions" = "Para acompanhar o uso do Vertex AI, autentique-se no Google Cloud.\n\n1. Abra o Terminal\n2. Execute: gcloud auth application-default login\n3. Siga os prompts no navegador para entrar\n4. Defina seu projeto: gcloud config set project PROJECT_ID\n\nAbrir o Terminal agora?";
+"workspaceID is set but only opencode, opencodego, and deepgram support workspaceID." = "workspaceID está definido, mas somente opencode, opencodego e deepgram oferecem suporte a workspaceID.";
+"© 2026 Peter Steinberger. MIT License." = "© 2026 Peter Steinberger. Licença MIT.";
+
+/* General Pane */
+"section_system" = "Sistema";
+"section_usage" = "Uso";
+"section_automation" = "Automação";
+"language_title" = "Idioma";
+"language_subtitle" = "Altera o idioma de exibição. Requer reiniciar o app para ter efeito completo.";
+"language_system" = "Sistema";
+"language_english" = "Inglês";
+"language_spanish" = "Espanhol";
+"language_catalan" = "Catalão";
+"language_chinese_simplified" = "Chinês simplificado";
+"language_chinese_traditional" = "Chinês tradicional";
+"language_portuguese_brazilian" = "Português (Brasil)";
+"start_at_login_title" = "Iniciar ao fazer login";
+"start_at_login_subtitle" = "Abre o CodexBar automaticamente ao iniciar o Mac.";
+"show_cost_summary" = "Mostrar resumo de custos";
+"show_cost_summary_subtitle" = "Lê logs de uso locais. Mostra o custo de hoje + janela selecionada no menu.";
+"cost_history_days_title" = "Janela do histórico: %d dias";
+"cost_auto_refresh_info" = "Atualização automática: a cada hora · Timeout: 10 min";
+"refresh_cadence_title" = "Cadência de atualização";
+"refresh_cadence_subtitle" = "Frequência com que o CodexBar consulta provedores em segundo plano.";
+"manual_refresh_hint" = "A atualização automática está desativada; use Atualizar no menu.";
+"check_provider_status_title" = "Verificar status dos provedores";
+"check_provider_status_subtitle" = "Consulta páginas de status da OpenAI/Claude e o Google Workspace para Gemini/Antigravity, exibindo incidentes no ícone e no menu.";
+"session_quota_notifications_title" = "Notificações de cota de sessão";
+"session_quota_notifications_subtitle" = "Notifica quando a cota de sessão de 5 horas chega a 0% e quando fica disponível novamente.";
+"quota_warning_notifications_title" = "Notificações de alerta de cota";
+"quota_warning_notifications_subtitle" = "Avisa quando a cota restante da sessão ou da semana fica abaixo dos limites configurados.";
+"quota_warnings_title" = "Alertas de cota";
+"quota_warning_session" = "sessão";
+"quota_warning_session_capitalized" = "Sessão";
+"quota_warning_weekly" = "semanal";
+"quota_warning_weekly_capitalized" = "Semanal";
+"quota_warning_notification_title" = "%1$@: cota baixa (%2$@)";
+"quota_warning_notification_body" = "%1$@ restante. Você atingiu o limite de alerta de %2$d%% (%3$@).";
+"quota_warning_notification_body_with_account" = "Conta %1$@. %2$@ restante. Você atingiu o limite de alerta de %3$d%% (%4$@).";
+"session_depleted_notification_title" = "Sessão do %@ esgotada";
+"session_depleted_notification_body" = "0% restante. Avisaremos quando estiver disponível novamente.";
+"session_restored_notification_title" = "Sessão do %@ restaurada";
+"session_restored_notification_body" = "A cota de sessão está disponível novamente.";
+"quota_warning_warn_at" = "Alertar em";
+"quota_warning_global_threshold_subtitle" = "Percentuais restantes para as janelas de sessão e semanal, a menos que um provedor defina valores próprios.";
+"quota_warning_sound" = "Reproduzir som de notificação";
+"quota_warning_provider_inherits" = "Usa as configurações globais de alerta de cota, a menos que uma janela seja personalizada aqui.";
+"quota_warning_customize_thresholds" = "Personalizar limites de %@";
+"quota_warning_enable_warnings" = "Ativar alertas de %@";
+"quota_warning_window_warn_at" = "%@: alertar em";
+"quota_warning_off" = "Desativado";
+"quota_warning_inherited" = "Usando global: %@";
+"quota_warning_depleted_only" = "somente ao esgotar";
+"quota_warning_upper" = "Limite superior";
+"quota_warning_lower" = "Limite inferior";
+"apply" = "Aplicar";
+"quit_app" = "Encerrar CodexBar";
+
+/* Tab titles */
+"tab_general" = "Geral";
+"tab_providers" = "Provedores";
+"tab_display" = "Exibição";
+"tab_advanced" = "Avançado";
+"tab_about" = "Sobre";
+"tab_debug" = "Depuração";
+
+/* Providers Pane */
+"select_a_provider" = "Selecione um provedor";
+"cancel" = "Cancelar";
+"last_fetch_failed" = "última busca falhou";
+"usage_not_fetched_yet" = "uso ainda não buscado";
+"managed_account_storage_unreadable" = "O armazenamento de contas gerenciadas está ilegível. O acesso à conta ativa ainda está disponível, mas adicionar, reautenticar e remover contas gerenciadas ficam desativados até o armazenamento ser recuperável.";
+"remove_codex_account_title" = "Remover conta Codex?";
+"remove" = "Remover";
+"managed_login_already_running" = "Um login gerenciado do Codex já está em andamento. Aguarde terminar antes de adicionar ou reautenticar outra conta.";
+"managed_login_failed" = "O login gerenciado do Codex não foi concluído. Verifique se `codex --version` funciona no Terminal. Se o macOS bloqueou ou moveu `codex` para o Lixo, remova instalações duplicadas antigas, execute `npm install -g --include=optional @openai/codex@latest` e tente novamente.";
+"codex_login_output" = "Saída do codex login:";
+"managed_login_missing_email" = "O login do Codex foi concluído, mas nenhum e-mail da conta estava disponível. Tente novamente após confirmar que a conta está totalmente conectada.";
+"login_success_notification_title" = "Login do %@ bem-sucedido";
+"login_success_notification_body" = "Você pode voltar ao app; a autenticação foi concluída.";
+"workspace_selection_cancelled" = "O CodexBar encontrou vários workspaces, mas nenhum foi selecionado.";
+"unsafe_managed_home" = "O CodexBar se recusou a modificar um caminho de diretório gerenciado inesperado: %@";
+"menu_bar_metric_title" = "Métrica da barra de menus";
+"menu_bar_metric_subtitle" = "Escolha qual janela define a porcentagem da barra de menus.";
+"menu_bar_metric_subtitle_deepseek" = "Mostra o saldo do DeepSeek na barra de menus.";
+"menu_bar_metric_subtitle_moonshot" = "Mostra o saldo da API Moonshot / Kimi na barra de menus.";
+"menu_bar_metric_subtitle_mistral" = "Mostra o gasto da API Mistral no mês atual na barra de menus.";
+"menu_bar_metric_subtitle_kimik2" = "Mostra os créditos da chave de API do Kimi K2 na barra de menus.";
+"automatic" = "Automático";
+"primary_api_key_limit" = "Primário (limite da chave de API)";
+
+/* Display Pane */
+"section_menu_bar" = "Barra de menus";
+"merge_icons_title" = "Mesclar Ícones";
+"merge_icons_subtitle" = "Usa um único ícone na barra de menus com alternador de provedores.";
+"switcher_shows_icons_title" = "Alternador mostra ícones";
+"switcher_shows_icons_subtitle" = "Mostra ícones dos provedores no alternador (caso contrário, mostra uma linha de progresso semanal).";
+"show_most_used_provider_title" = "Mostrar provedor mais usado";
+"show_most_used_provider_subtitle" = "A barra de menus mostra automaticamente o provedor mais próximo do limite de taxa.";
+"menu_bar_shows_percent_title" = "Barra de menus mostra porcentagem";
+"menu_bar_shows_percent_subtitle" = "Substitui barras de bichinhos por ícones da marca do provedor e uma porcentagem.";
+"display_mode_title" = "Modo de exibição";
+"display_mode_subtitle" = "Escolha o que mostrar na barra de menus (Ritmo mostra uso vs. esperado).";
+"section_menu_content" = "Conteúdo do menu";
+"show_usage_as_used_title" = "Mostrar uso como consumido";
+"show_usage_as_used_subtitle" = "As barras de progresso preenchem conforme você consome a cota (em vez de mostrar o restante).";
+"show_quota_warning_markers_title" = "Mostrar marcadores de alerta de cota";
+"show_quota_warning_markers_subtitle" = "Desenha marcas de limite nas barras de uso quando os alertas de cota estão configurados.";
+"weekly_progress_work_days_title" = "Dias úteis no progresso semanal";
+"weekly_progress_work_days_subtitle" = "Desenha marcas de limite de dia nas barras de uso semanal.";
+"show_reset_time_as_clock_title" = "Mostrar renovação como horário";
+"show_reset_time_as_clock_subtitle" = "Mostra horários de renovação como horas absolutas, em vez de contagens regressivas.";
+"show_provider_changelog_links_title" = "Mostrar links de changelog dos provedores";
+"show_provider_changelog_links_subtitle" = "Adiciona links de notas de versão para provedores baseados em CLI compatíveis no menu.";
+"show_credits_extra_usage_title" = "Mostrar créditos + uso extra";
+"show_credits_extra_usage_subtitle" = "Mostra as seções de créditos do Codex e uso extra do Claude no menu.";
+"show_all_token_accounts_title" = "Mostrar todas as contas de token";
+"show_all_token_accounts_subtitle" = "Empilha contas de token no menu (caso contrário, mostra uma barra de alternância de contas).";
+"multi_account_layout_title" = "Layout de múltiplas contas";
+"multi_account_layout_subtitle" = "Escolha alternância segmentada de contas ou cartões de contas empilhados.";
+"multi_account_layout_segmented" = "Segmentado";
+"multi_account_layout_stacked" = "Empilhado";
+"overview_tab_providers_title" = "Provedores da aba Visão geral";
+"configure" = "Configurar…";
+"overview_enable_merge_icons_hint" = "Ative Mesclar Ícones para configurar provedores da aba Visão geral.";
+"overview_no_providers_hint" = "Nenhum provedor ativado disponível para Visão geral.";
+"overview_rows_follow_order" = "As linhas da Visão geral sempre seguem a ordem dos provedores.";
+"overview_no_providers_selected" = "Nenhum provedor selecionado";
+
+/* Advanced Pane */
+"section_keyboard_shortcut" = "Atalho de teclado";
+"open_menu_shortcut_title" = "Abrir menu";
+"open_menu_shortcut_subtitle" = "Aciona o menu da barra de menus de qualquer lugar.";
+"install_cli" = "Instalar CLI";
+"install_cli_subtitle" = "Cria symlink de CodexBarCLI em /usr/local/bin e /opt/homebrew/bin como codexbar.";
+"cli_not_found" = "CodexBarCLI não encontrado no pacote do app.";
+"no_writable_bin_dirs" = "Nenhum diretório bin gravável encontrado.";
+"show_debug_settings_title" = "Mostrar ajustes de depuração";
+"show_debug_settings_subtitle" = "Exibe ferramentas de diagnóstico na aba Depuração.";
+"surprise_me_title" = "Surpreenda-me";
+"surprise_me_subtitle" = "Veja se você gosta dos seus agentes se divertindo ali em cima.";
+"weekly_limit_confetti_title" = "Confete do limite semanal";
+"weekly_limit_confetti_subtitle" = "Mostra confete em tela cheia quando o uso semanal for renovado.";
+"hide_personal_info_title" = "Ocultar informações pessoais";
+"hide_personal_info_subtitle" = "Oculta endereços de e-mail na barra de menus e na UI do menu.";
+"show_provider_storage_usage_title" = "Mostrar uso de armazenamento dos provedores";
+"show_provider_storage_usage_subtitle" = "Mostra o uso de disco local nos menus. Verifica em segundo plano caminhos conhecidos pertencentes aos provedores.";
+"section_keychain_access" = "Acesso ao Keychain";
+"keychain_access_caption" = "Desativa todas as leituras e gravações do Keychain. A importação de cookies do navegador fica indisponível; cole cabeçalhos Cookie manualmente em Provedores.";
+"disable_keychain_access_title" = "Desativar acesso ao Keychain";
+"disable_keychain_access_subtitle" = "Impede qualquer acesso ao Keychain quando ativado.";
+
+/* About Pane */
+"about_tagline" = "Que seus tokens nunca acabem — mantenha os limites dos agentes à vista.";
+"link_github" = "GitHub";
+"link_website" = "Site";
+"link_twitter" = "Twitter";
+"link_email" = "E-mail";
+"check_updates_auto" = "Buscar atualizações automaticamente";
+"update_channel" = "Canal de atualização";
+"check_for_updates" = "Buscar atualizações…";
+"updates_unavailable" = "Atualizações indisponíveis nesta build.";
+"copyright" = "© 2026 Peter Steinberger. Licença MIT.";
+
+/* Debug Pane */
+"section_logging" = "Logs";
+"enable_file_logging" = "Ativar logs em arquivo";
+"enable_file_logging_subtitle" = "Grava logs em %@ para depuração.";
+"verbosity_title" = "Verbosidade";
+"verbosity_subtitle" = "Controla o nível de detalhe dos logs.";
+"open_log_file" = "Abrir arquivo de log";
+"force_animation_next_refresh" = "Forçar animação na próxima atualização";
+"force_animation_next_refresh_subtitle" = "Mostra temporariamente a animação de carregamento após a próxima atualização.";
+"section_loading_animations" = "Animações de carregamento";
+"loading_animations_caption" = "Escolha um padrão e reproduza na barra de menus. \"Aleatório\" mantém o comportamento atual.";
+"animation_random_default" = "Aleatório (padrão)";
+"replay_selected_animation" = "Reproduzir animação selecionada";
+"blink_now" = "Piscar agora";
+"section_probe_logs" = "Logs de verificação";
+"probe_logs_caption" = "Busca a saída mais recente da verificação para depuração; Copiar mantém o texto completo.";
+"fetch_log" = "Buscar log";
+"copy" = "Copiar";
+"save_to_file" = "Salvar em arquivo";
+"load_parse_dump" = "Carregar dump de análise";
+"rerun_provider_autodetect" = "Executar novamente a detecção automática de provedores";
+"loading" = "Carregando…";
+"no_log_yet_fetch" = "Ainda sem log. Busque para carregar.";
+"section_fetch_strategy" = "Tentativas da estratégia de busca";
+"fetch_strategy_caption" = "Últimas decisões e erros do pipeline de busca de um provedor.";
+"section_openai_cookies" = "Cookies da OpenAI";
+"openai_cookies_caption" = "Logs de importação de cookies + scraping WebKit da última tentativa de cookies da OpenAI.";
+"no_log_yet" = "Ainda sem log. Atualize os cookies da OpenAI em Provedores → Codex para executar uma importação.";
+"section_caches" = "Caches";
+"caches_caption" = "Limpa resultados de varredura de custo em cache ou caches de cookies do navegador.";
+"clear_cookie_cache" = "Limpar cache de cookies";
+"clear_cost_cache" = "Limpar cache de custos";
+"section_notifications" = "Notificações";
+"notifications_caption" = "Aciona notificações de teste para a janela de sessão de 5 horas (esgotada/restaurada).";
+"post_depleted" = "Notificar esgotamento";
+"post_restored" = "Notificar restauração";
+"section_cli_sessions" = "Sessões da CLI";
+"cli_sessions_caption" = "Mantém sessões da CLI Codex/Claude ativas após uma verificação. Por padrão, sai assim que os dados são capturados.";
+"keep_cli_sessions_alive" = "Manter sessões da CLI ativas";
+"keep_cli_sessions_alive_subtitle" = "Não encerra entre verificações (somente depuração).";
+"reset_cli_sessions" = "Reiniciar sessões da CLI";
+"section_error_simulation" = "Simulação de erro";
+"error_simulation_caption" = "Insere uma mensagem de erro falsa no card do menu para testar o layout.";
+"set_menu_error" = "Definir erro do menu";
+"clear_menu_error" = "Limpar erro do menu";
+"set_cost_error" = "Definir erro de custo";
+"clear_cost_error" = "Limpar erro de custo";
+"section_cli_paths" = "Caminhos da CLI";
+"cli_paths_caption" = "Binário do Codex e camadas de PATH resolvidos; captura do PATH de login na inicialização (timeout curto).";
+"codex_binary" = "Binário do Codex";
+"claude_binary" = "Binário do Claude";
+"effective_path" = "PATH efetivo";
+"unavailable" = "Indisponível";
+"login_shell_path" = "PATH do shell de login (captura na inicialização)";
+"cleared" = "Limpo.";
+"no_fetch_attempts" = "Ainda sem tentativas de busca.";
+"macOS Tahoe can block menu bar apps in System Settings → Menu Bar → Allow in the Menu Bar. CodexBar is running, but macOS may be hiding its icon. Open Menu Bar settings and turn CodexBar on." = "O macOS Tahoe pode bloquear apps da barra de menus em Ajustes do Sistema → Barra de Menus → Permitir na Barra de Menus. O CodexBar está em execução, mas o macOS pode estar ocultando seu ícone. Abra os ajustes da Barra de Menus e ative o CodexBar.";
+
+/* Metric preferences */
+"metric_pref_automatic" = "Automático";
+"metric_pref_primary" = "Primário";
+"metric_pref_secondary" = "Secundário";
+"metric_pref_tertiary" = "Terciário";
+"metric_pref_extra_usage" = "Uso extra";
+"metric_pref_average" = "Média";
+
+/* Display modes */
+"display_mode_percent" = "Porcentagem";
+"display_mode_pace" = "Ritmo";
+"display_mode_both" = "Ambos";
+"display_mode_percent_desc" = "Mostra a porcentagem restante/usada (ex.: 45%)";
+"display_mode_pace_desc" = "Mostra o indicador de ritmo (ex.: +5%)";
+"display_mode_both_desc" = "Mostra porcentagem e ritmo (ex.: 45% · +5%)";
+
+/* Provider status */
+"status_operational" = "Operacional";
+"status_partial_outage" = "Falha parcial";
+"status_major_outage" = "Falha geral";
+"status_critical_issue" = "Problema crítico";
+"status_maintenance" = "Manutenção";
+"status_unknown" = "Status desconhecido";
+
+/* Refresh frequency */
+"refresh_manual" = "Manual";
+"refresh_1min" = "1 min";
+"refresh_2min" = "2 min";
+"refresh_5min" = "5 min";
+"refresh_15min" = "15 min";
+"refresh_30min" = "30 min";
+
+/* Additional keys */
+"not_found" = "Não encontrado";
+
+/* Cost estimation */
+"cost_header_estimated" = "Custo (estimado)";
+"cost_estimate_hint" = "Estimado a partir de logs locais · pode diferir da sua fatura";
+"No JetBrains IDE with AI Assistant detected. Install a JetBrains IDE and enable AI Assistant." = "Nenhuma IDE JetBrains com AI Assistant detectada. Instale uma IDE JetBrains e ative o AI Assistant.";
+"OpenRouter API token not configured. Set OPENROUTER_API_KEY environment variable or configure in Settings." = "Token de API do OpenRouter não configurado. Defina a variável de ambiente OPENROUTER_API_KEY ou configure em Ajustes.";
+"z.ai API token not found. Set apiKey in ~/.codexbar/config.json or Z_AI_API_KEY." = "Token de API do z.ai não encontrado. Defina apiKey em ~/.codexbar/config.json ou Z_AI_API_KEY.";
+"Missing DeepSeek API key." = "Chave de API do DeepSeek ausente.";
+"%@ is unavailable in the current environment." = "%@ está indisponível no ambiente atual.";
+"All Systems Operational" = "Todos os sistemas operacionais";
+"Last 30 days" = "Últimos 30 dias";
+"Last 30 days:" = "Últimos 30 dias:";
+"This month" = "Este mês";
+"Store multiple OpenAI API keys." = "Armazena várias chaves de API da OpenAI.";
+"Admin API key" = "Chave de API admin";
+"Open billing" = "Abrir faturamento";
+"Google accounts" = "Contas Google";
+"Store multiple Antigravity Google OAuth accounts for quick switching." = "Armazena várias contas Google OAuth do Antigravity para troca rápida.";
+"Add Google Account" = "Adicionar conta Google";
+"Open Token Plan" = "Abrir Token Plan";
+"Text Generation" = "Geração de texto";
+"Text to Speech" = "Texto para fala";
+"Music Generation" = "Geração de música";
+"Image Generation" = "Geração de imagem";
+"No local data found" = "Nenhum dado local encontrado";
+"Credits unavailable; keep Codex running to refresh." = "Créditos indisponíveis; mantenha o Codex em execução para atualizar.";
+"No available fetch strategy for minimax." = "Nenhuma estratégia de busca disponível para o minimax.";
+"No Cursor session found. Please log in to cursor.com in Safari, Chrome, Microsoft Edge, Brave, Arc, Dia, ChatGPT Atlas, Chromium, Helium, Vivaldi, Yandex Browser, Firefox, Zen, Colibri, Sidekick, Opera, Opera GX, or Edge Canary. If you use Safari, grant CodexBar Full Disk Access in System Settings ▸ Privacy & Security. You can also sign in to Cursor from the CodexBar menu (Add / switch account)." = "Nenhuma sessão do Cursor encontrada. Faça login em cursor.com no Safari, Chrome, Microsoft Edge, Brave, Arc, Dia, ChatGPT Atlas, Chromium, Helium, Vivaldi, Yandex Browser, Firefox, Zen, Colibri, Sidekick, Opera, Opera GX ou Edge Canary. Se você usa o Safari, conceda Acesso Total ao Disco ao CodexBar em Ajustes do Sistema ▸ Privacidade e Segurança. Você também pode entrar no Cursor pelo menu do CodexBar (Adicionar / trocar conta).";
+"No OpenCode session cookies found in browsers." = "Nenhum cookie de sessão do OpenCode encontrado nos navegadores.";
+"No available fetch strategy for %@." = "Nenhuma estratégia de busca disponível para %@.";
+"Today" = "Hoje";
+"Today tokens" = "Tokens de hoje";
+"30d cost" = "Custo 30 d";
+"30d tokens" = "Tokens 30 d";
+"Latest tokens" = "Tokens recentes";
+"Top model" = "Modelo principal";
+"Storage" = "Armazenamento";
+"Add Account..." = "Adicionar conta...";
+"Usage Dashboard" = "Dashboard de uso";
+"Status Page" = "Página de status";
+"Settings..." = "Ajustes...";
+"About CodexBar" = "Sobre o CodexBar";
+"Quit" = "Encerrar";
+"Last %d day" = "Último %d dia";
+"Last %d days" = "Últimos %d dias";
+"%@ tokens" = "%@ tokens";
+"Latest billing day" = "Último dia de cobrança";
+"Latest billing day (%@)" = "Último dia de cobrança (%@)";
+"%@ left" = "%@ restante";
+"Resets %@" = "Renova %@";
+"Resets in %@" = "Renova em %@";
+"Resets now" = "Renova agora";
+"Lasts until reset" = "Dura até a renovação";
+"Updated %@" = "Atualizado %@";
+"Updated %@h ago" = "Atualizado há %@h";
+"Updated %@m ago" = "Atualizado há %@m";
+"Updated just now" = "Atualizado agora mesmo";
+"Projected empty in %@" = "Esgotamento previsto em %@";
+"Runs out in %@" = "Esgota em %@";
+"Pace: %@" = "Ritmo: %@";
+"Pace: %@ · %@" = "Ritmo: %@ · %@";
+"%@ · %@" = "%@ · %@";
+"≈ %d%% run-out risk" = "≈ %d%% de risco de esgotar";
+"%d%% in deficit" = "%d%% em déficit";
+"%d%% in reserve" = "%d%% em reserva";
+"usage_percent_suffix_left" = "restante";
+"usage_percent_suffix_used" = "usado";
+"Store multiple DeepSeek API keys." = "Armazena várias chaves de API do DeepSeek.";
+"This week" = "Esta semana";
+"Week" = "Semana";
+"Month" = "Mês";
+"Models" = "Modelos";
+"24h tokens" = "Tokens 24 h";
+"Latest hour" = "Última hora";
+"Peak hour" = "Hora de pico";
+"Top method" = "Método principal";
+"30d cash" = "Dinheiro 30 d";
+"30d billing history from MiniMax web session" = "Histórico de cobrança de 30 dias da sessão web da MiniMax";
+"AWS Cost Explorer billing can lag." = "A cobrança do AWS Cost Explorer pode atrasar.";
+"Rate limit: %d / %@" = "Limite de taxa: %d / %@";
+"Key remaining" = "Restante da chave";
+"No limit set for the API key" = "Nenhum limite configurado para a chave API";
+"API key limit unavailable right now" = "O limite da chave API está indisponível no momento";
+"This month: %@ tokens" = "Este mês: %@ tokens";
+"No utilization data yet." = "Ainda sem dados de uso.";
+"No %@ utilization data yet." = "Ainda sem dados de uso de %@.";
+"%@: %@%% used" = "%@: %@%% usado";
+"%dd" = "%dd";
+"today" = "hoje";
+"just now" = "agora mesmo";
+"On pace" = "No ritmo";
+"Runs out now" = "Esgota agora";
+"Projected empty now" = "Esgotamento previsto agora";
+"Switch Account..." = "Trocar conta...";
+"Update ready, restart now?" = "Atualização pronta, reiniciar agora?";
+"Daily" = "Diário";
+"Hourly Tokens" = "Tokens por hora";
+"No data" = "Sem dados";
+"No usage breakdown data available." = "Nenhum dado de detalhamento de uso disponível.";
+
+"Today: %@ · %@ tokens" = "Hoje: %@ · %@ tokens";
+"Today: %@" = "Hoje: %@";
+"Today: %@ tokens" = "Hoje: %@ tokens";
+"Last 30 days: %@ · %@ tokens" = "Últimos 30 dias: %@ · %@ tokens";
+"Last 30 days: %@" = "Últimos 30 dias: %@";
+"Est. total (30d): %@" = "Total est. (30d): %@";
+"Est. total (%@): %@" = "Total est. (%@): %@";
+"Hover a bar for details" = "Passe o mouse sobre uma barra para ver detalhes";
+"%@: %@ · %@ tokens" = "%@: %@ · %@ tokens";
+"No providers selected for Overview." = "Nenhum provedor selecionado para a Visão geral.";
+"No overview data available." = "Nenhum dado de visão geral disponível.";
+"Auto uses the local IDE API first, then Google OAuth when the IDE is closed." = "Automático usa primeiro a API local da IDE e depois o Google OAuth quando a IDE está fechada.";
+"Login with Google" = "Entrar com o Google";
+
+/* Popup panels */
+"No usage configured." = "Nenhum uso configurado.";
+"Quota" = "Cota";
+"tokens" = "tokens";
+"requests" = "requisições";
+"Latest" = "Mais recente";
+"Monthly" = "Mensal";
+"Sonnet" = "Sonnet";
+"Overages" = "Excedentes";
+"Activity" = "Atividade";
+"Copied" = "Copiado";
+"Copy error" = "Erro ao copiar";
+"Copy path" = "Copiar caminho";
+"Extra usage spent" = "Gasto de uso extra";
+"Credits remaining" = "Créditos restantes";
+"Using CLI fallback" = "Usando fallback da CLI";
+"Balance updates in near-real time (up to 5 min lag)" = "O saldo atualiza quase em tempo real (até 5 min de atraso)";
+"Daily billing data finalizes at 07:00 UTC" = "Os dados diários de cobrança fecham às 07:00 UTC";
+"%@ of %@ credits left" = "Restam %@ de %@ créditos";
+"%@ of %@ bonus credits left" = "Restam %@ de %@ créditos bônus";
+"%@ / %@ (%@ remaining)" = "%@ / %@ (%@ restante)";
+"%@/%@ left" = "%@/%@ restante";
+"Gemini Flash" = "Gemini Flash";
+"Regenerates %@" = "Regenera %@";
+"used after next regen" = "usado após a próxima regeneração";
+"after next regen" = "após a próxima regeneração";
+"Near full" = "Quase cheio";
+"Full in ~1 regen" = "Cheio em ~1 regeneração";
+"Full in ~%.0f regens" = "Cheio em ~%.0f regenerações";
+"Overage usage" = "Uso excedente";
+"Overage cost" = "Custo excedente";
+"credits" = "créditos";
+"Zen balance" = "Saldo Zen";
+"API spend" = "Gasto de API";
+"Extra usage" = "Uso extra";
+"Quota usage" = "Uso da cota";
+"%.0f%% used" = "%.0f%% usado";
+"Usage history (today)" = "Histórico de uso (hoje)";
+"Usage history (%d days)" = "Histórico de uso (%d dias)";
+"%d percent remaining" = "%d%% restante";
+"Unknown" = "Desconhecido";
+"stale data" = "dados desatualizados";
+"No credits history data." = "Sem dados de histórico de créditos.";
+"No credits history data available." = "Nenhum dado de histórico de créditos disponível.";
+"Credits history chart" = "Gráfico de histórico de créditos";
+"%d days of credits data" = "%d dias de dados de créditos";
+"Usage breakdown chart" = "Gráfico de detalhamento de uso";
+"%d days of usage data across %d services" = "%d dias de dados de uso em %d serviços";
+"Cost history chart" = "Gráfico de histórico de custos";
+"%d days of cost data" = "%d dias de dados de custos";
+"Plan utilization chart" = "Gráfico de utilização do plano";
+"%d utilization samples" = "%d amostras de utilização";
+"Hourly Usage" = "Uso por hora";
+"Usage remaining" = "Uso restante";
+"Usage used" = "Uso usado";
+"API key verified. Ollama does not expose Cloud quota limits through the API." = "Chave de API verificada. O Ollama não expõe limites de cota do Cloud pela API.";
+"Last 30 days: %@ tokens" = "Últimos 30 dias: %@ tokens";
+"7d spend" = "Gasto 7 d";
+"30d spend" = "Gasto 30 d";
+"Cache read" = "Leitura de cache";
+"Claude Admin API 30 day spend trend" = "Tendência de gasto de 30 dias da Claude Admin API";
+"OpenRouter API key spend trend" = "Tendência de gasto da chave API do OpenRouter";
+"z.ai hourly token trend" = "Tendência horária de tokens da z.ai";
+"MiniMax 30 day token usage trend" = "Tendência de uso de tokens de 30 dias da MiniMax";
+"Today cash" = "Dinheiro de hoje";
+"DeepSeek 30 day token usage trend" = "Tendência de uso de tokens de 30 dias da DeepSeek";
+"cache-hit input" = "entrada com acerto de cache";
+"cache-miss input" = "entrada sem acerto de cache";
+"output" = "saída";
+"Requests" = "Requisições";
+"Reported by OpenAI Admin API organization usage." = "Reportado pelo uso da organização na OpenAI Admin API.";
+"Reported by Mistral billing usage." = "Reportado pelo uso de cobrança da Mistral.";
+"Google OAuth" = "Google OAuth";
+"Add accounts via GitHub OAuth Device Flow on the selected host." = "Adiciona contas via GitHub OAuth Device Flow no host selecionado.";
+"Stores each signed-in Google account for quick Antigravity switching. Uses Antigravity.app OAuth when available, or ANTIGRAVITY_OAUTH_CLIENT_ID and ANTIGRAVITY_OAUTH_CLIENT_SECRET as an override." = "Armazena cada conta Google conectada para troca rápida no Antigravity. Usa o OAuth do Antigravity.app quando disponível, ou ANTIGRAVITY_OAUTH_CLIENT_ID e ANTIGRAVITY_OAUTH_CLIENT_SECRET como substituição.";
+"Manual cleanup: past sessions" = "Limpeza manual: sessões anteriores";
+"Clearing removes past resume, continue, and rewind history." = "A limpeza remove o histórico de retomar, continuar e voltar.";
+"Manual cleanup: file checkpoints" = "Limpeza manual: checkpoints de arquivo";
+"Clearing removes checkpoint restore data for previous edits." = "A limpeza remove os dados de restauração de checkpoint de edições anteriores.";
+"Manual cleanup: saved plans" = "Limpeza manual: planos salvos";
+"Clearing removes old plan-mode files." = "A limpeza remove arquivos antigos do modo de planejamento.";
+"Manual cleanup: debug logs" = "Limpeza manual: logs de depuração";
+"Clearing removes past debug logs." = "A limpeza remove logs de depuração anteriores.";
+"Manual cleanup: attachment cache" = "Limpeza manual: cache de anexos";
+"Clearing removes cached large pastes or attached images." = "A limpeza remove colagens grandes ou imagens anexadas em cache.";
+"Manual cleanup: session metadata" = "Limpeza manual: metadados de sessão";
+"Clearing removes per-session environment metadata." = "A limpeza remove os metadados de ambiente por sessão.";
+"Manual cleanup: shell snapshots" = "Limpeza manual: snapshots de shell";
+"Clearing removes leftover runtime shell snapshot files." = "A limpeza remove arquivos de snapshot de shell de runtime remanescentes.";
+"Manual cleanup: legacy todos" = "Limpeza manual: tarefas legadas";
+"Clearing removes legacy per-session task lists." = "A limpeza remove listas de tarefas legadas por sessão.";
+"Manual cleanup: sessions" = "Limpeza manual: sessões";
+"Clearing removes past Codex session history." = "A limpeza remove o histórico de sessões anteriores do Codex.";
+"Manual cleanup: archived sessions" = "Limpeza manual: sessões arquivadas";
+"Clearing removes archived Codex session history." = "A limpeza remove o histórico de sessões arquivadas do Codex.";
+"Manual cleanup: cache" = "Limpeza manual: cache";
+"Clearing removes provider-owned cached data." = "A limpeza remove dados em cache pertencentes ao provedor.";
+"Manual cleanup: logs" = "Limpeza manual: logs";
+"Clearing removes local diagnostic logs." = "A limpeza remove logs de diagnóstico locais.";
+"Manual cleanup: file history" = "Limpeza manual: histórico de arquivos";
+"Clearing removes local edit checkpoint history." = "A limpeza remove o histórico local de checkpoints de edição.";
+"Manual cleanup: temporary data" = "Limpeza manual: dados temporários";
+"Clearing removes local temporary provider data." = "A limpeza remove dados temporários locais do provedor.";
+"Total: %@" = "Total: %@";
+"%d more items" = "Mais %d itens";
+"Cleanup ideas" = "Ideias de limpeza";
+"%d unreadable item(s) skipped" = "%d item(ns) ilegível(is) ignorado(s)";
+
+"API key limit" = "Limite da chave API";
+"Auth" = "Autenticação";
+"Auto" = "Automático";
+"Disabled — no recent data" = "Desativado — sem dados recentes";
+"Limits not available" = "Limites indisponíveis";
+"No usage yet" = "Ainda sem uso";
+"Not fetched yet" = "Ainda não buscado";
+"Refreshing" = "Atualizando";
+"Session" = "Sessão";
+"Source" = "Fonte";
+"State" = "Estado";
+"Unavailable" = "Indisponível";
+"Weekly" = "Semanal";
+"not detected" = "não detectado";
+"Estimated from local Codex logs for the selected account." = "Estimado a partir de logs locais do Codex para a conta selecionada.";
+"minimax_usage_amount_format" = "Uso: %@ / %@";
+"minimax_used_percent_format" = "Usado %@";
+"minimax_service_text_generation" = "Geração de texto";
+"minimax_service_text_to_speech" = "Texto para fala";
+"minimax_service_music_generation" = "Geração de música";
+"minimax_service_image_generation" = "Geração de imagem";
+"minimax_service_lyrics_generation" = "Geração de letras";
+"minimax_service_coding_plan_vlm" = "VLM do Coding Plan";
+"minimax_service_coding_plan_search" = "Busca do Coding Plan";
+
+/* Additional provider settings and alerts */
+"%@ is waiting for permission" = "%@ está aguardando permissão";
+"%@ requests" = "%@ solicitações";
+"%@: %@ credits" = "%@: %@ créditos";
+"30d requests" = "Solicitações de 30 dias";
+"4 days" = "4 dias";
+"5 days" = "5 dias";
+"7 days" = "7 dias";
+"API key verifies Ollama Cloud access; cookies still expose quota limits." = "A chave de API verifica o acesso ao Ollama Cloud; os cookies ainda expõem limites de cota.";
+"AWS access key ID. Can also be set with AWS_ACCESS_KEY_ID." = "ID da chave de acesso da AWS. Também pode ser definido com AWS_ACCESS_KEY_ID.";
+"AWS region. Can also be set with AWS_REGION." = "Região da AWS. Também pode ser definida com AWS_REGION.";
+"AWS secret access key. Can also be set with AWS_SECRET_ACCESS_KEY." = "Chave secreta de acesso da AWS. Também pode ser definida com AWS_SECRET_ACCESS_KEY.";
+"Access key ID" = "ID da chave de acesso";
+"Add Account" = "Adicionar conta";
+"Adding Account…" = "Adicionando conta…";
+"Antigravity login failed" = "Falha no login do Antigravity";
+"Antigravity login timed out" = "Tempo esgotado no login do Antigravity";
+"Auth source" = "Fonte de autenticação";
+"Automatic imports Chrome browser cookies from Xiaomi MiMo." = "Importa automaticamente cookies do Chrome do Xiaomi MiMo.";
+"Automatic imports Windsurf session data from Chromium browser localStorage." = "Importa automaticamente dados de sessão do Windsurf do localStorage do Chromium.";
+"Automatic imports browser cookies from Bailian." = "Importa automaticamente cookies do navegador do Bailian.";
+"Automatically imports browser cookies." = "Importa automaticamente cookies do navegador.";
+"Automatically imports browser session cookies." = "Importa automaticamente cookies de sessão do navegador.";
+"Azure OpenAI deployment name. AZURE_OPENAI_DEPLOYMENT_NAME is also supported." = "Nome do deployment do Azure OpenAI. AZURE_OPENAI_DEPLOYMENT_NAME também é aceito.";
+"Azure OpenAI key" = "Chave do Azure OpenAI";
+"Azure OpenAI resource endpoint. AZURE_OPENAI_ENDPOINT is also supported." = "Endpoint do recurso Azure OpenAI. AZURE_OPENAI_ENDPOINT também é aceito.";
+"Base URL" = "URL base";
+"Base URL for the LLM-API-Key-Proxy instance." = "URL base da instância LLM-API-Key-Proxy.";
+"Browser cookies" = "Cookies do navegador";
+"Cap end" = "Fim do limite";
+"Cap start" = "Início do limite";
+"Capacity End" = "Fim da capacidade";
+"Capacity Start" = "Início da capacidade";
+"Changelog" = "Registro de alterações";
+"Choose the Moonshot/Kimi API host for international or China mainland accounts." = "Escolha o host da API Moonshot/Kimi para contas internacionais ou da China continental.";
+"CodexBar can't replace a system account that is signed in with an API key only setup." = "O CodexBar não pode substituir uma conta do sistema conectada apenas com chave de API.";
+"CodexBar could not find saved auth for that account. Re-authenticate it and try again." = "O CodexBar não encontrou autenticação salva para essa conta. Reautentique e tente novamente.";
+"CodexBar could not read managed account storage. Recover the store before adding another account." = "O CodexBar não conseguiu ler o armazenamento de contas gerenciadas. Recupere o armazenamento antes de adicionar outra conta.";
+"CodexBar could not read saved auth for that account. Re-authenticate it and try again." = "O CodexBar não conseguiu ler a autenticação salva dessa conta. Reautentique e tente novamente.";
+"CodexBar could not read the current system account on this Mac." = "O CodexBar não conseguiu ler a conta do sistema atual neste Mac.";
+"CodexBar could not replace the live Codex auth on this Mac." = "O CodexBar não conseguiu substituir a autenticação ativa do Codex neste Mac.";
+"CodexBar could not safely preserve the current system account before switching." = "O CodexBar não conseguiu preservar com segurança a conta do sistema atual antes da troca.";
+"CodexBar could not save the current system account before switching." = "O CodexBar não conseguiu salvar a conta do sistema atual antes da troca.";
+"CodexBar could not update managed account storage." = "O CodexBar não conseguiu atualizar o armazenamento de contas gerenciadas.";
+"CodexBar found another managed account that already uses the current system account. Resolve the duplicate account before switching." = "O CodexBar encontrou outra conta gerenciada que já usa a conta do sistema atual. Resolva a conta duplicada antes de trocar.";
+"CodexBar will ask macOS Keychain for “%@” so it can decrypt browser cookies and authenticate your account. Click OK to continue." = "O CodexBar pedirá ao Chaves do macOS “%@” para descriptografar cookies do navegador e autenticar sua conta. Clique em OK para continuar.";
+"CodexBar will ask macOS Keychain for the Claude Code OAuth token so it can fetch your Claude usage. Click OK to continue." = "O CodexBar pedirá ao Chaves do macOS o token OAuth do Claude Code para buscar seu uso do Claude. Clique em OK para continuar.";
+"CodexBar will ask macOS Keychain for your Amp cookie header so it can fetch usage. Click OK to continue." = "O CodexBar pedirá ao Chaves do macOS o cabeçalho Cookie do Amp para buscar uso. Clique em OK para continuar.";
+"CodexBar will ask macOS Keychain for your Augment cookie header so it can fetch usage. Click OK to continue." = "O CodexBar pedirá ao Chaves do macOS o cabeçalho Cookie do Augment para buscar uso. Clique em OK para continuar.";
+"CodexBar will ask macOS Keychain for your Claude cookie header so it can fetch Claude web usage. Click OK to continue." = "O CodexBar pedirá ao Chaves do macOS o cabeçalho Cookie do Claude para buscar uso web do Claude. Clique em OK para continuar.";
+"CodexBar will ask macOS Keychain for your Cursor cookie header so it can fetch usage. Click OK to continue." = "O CodexBar pedirá ao Chaves do macOS o cabeçalho Cookie do Cursor para buscar uso. Clique em OK para continuar.";
+"CodexBar will ask macOS Keychain for your Factory cookie header so it can fetch usage. Click OK to continue." = "O CodexBar pedirá ao Chaves do macOS o cabeçalho Cookie do Factory para buscar uso. Clique em OK para continuar.";
+"CodexBar will ask macOS Keychain for your GitHub Copilot token so it can fetch usage. Click OK to continue." = "O CodexBar pedirá ao Chaves do macOS o token do GitHub Copilot para buscar uso. Clique em OK para continuar.";
+"CodexBar will ask macOS Keychain for your Kimi K2 API key so it can fetch usage. Click OK to continue." = "O CodexBar pedirá ao Chaves do macOS a chave API do Kimi K2 para buscar uso. Clique em OK para continuar.";
+"CodexBar will ask macOS Keychain for your Kimi auth token so it can fetch usage. Click OK to continue." = "O CodexBar pedirá ao Chaves do macOS o token de autenticação do Kimi para buscar uso. Clique em OK para continuar.";
+"CodexBar will ask macOS Keychain for your MiniMax API token so it can fetch usage. Click OK to continue." = "O CodexBar pedirá ao Chaves do macOS o token API do MiniMax para buscar uso. Clique em OK para continuar.";
+"CodexBar will ask macOS Keychain for your MiniMax cookie header so it can fetch usage. Click OK to continue." = "O CodexBar pedirá ao Chaves do macOS o cabeçalho Cookie do MiniMax para buscar uso. Clique em OK para continuar.";
+"CodexBar will ask macOS Keychain for your OpenAI cookie header so it can fetch Codex dashboard extras. Click OK to continue." = "O CodexBar pedirá ao Chaves do macOS o cabeçalho Cookie da OpenAI para buscar extras do painel Codex. Clique em OK para continuar.";
+"CodexBar will ask macOS Keychain for your OpenCode cookie header so it can fetch usage. Click OK to continue." = "O CodexBar pedirá ao Chaves do macOS o cabeçalho Cookie do OpenCode para buscar uso. Clique em OK para continuar.";
+"CodexBar will ask macOS Keychain for your Synthetic API key so it can fetch usage. Click OK to continue." = "O CodexBar pedirá ao Chaves do macOS a chave API do Synthetic para buscar uso. Clique em OK para continuar.";
+"CodexBar will ask macOS Keychain for your z.ai API token so it can fetch usage. Click OK to continue." = "O CodexBar pedirá ao Chaves do macOS o token API do z.ai para buscar uso. Clique em OK para continuar.";
+"Could not open Cursor login in your browser." = "Não foi possível abrir o login do Cursor no navegador.";
+"Could not open browser for Antigravity" = "Não foi possível abrir o navegador para Antigravity";
+"Credits used" = "Créditos usados";
+"Day" = "Dia";
+"Deployment" = "Deployment";
+"Drag to reorder" = "Arraste para reordenar";
+"Endpoint" = "Endpoint";
+"Enterprise host" = "Host Enterprise";
+"Extra usage balance: %@" = "Saldo de uso extra: %@";
+"Keychain Access Required" = "Acesso ao Chaves necessário";
+"Kiro menu bar value" = "Valor do Kiro na barra de menu";
+"Label" = "Rótulo";
+"No organizations loaded. Click Refresh after setting your API key." = "Nenhuma organização carregada. Clique em Atualizar depois de definir sua chave API.";
+"No output captured." = "Nenhuma saída capturada.";
+"No system account" = "Sem conta do sistema";
+"Oasis-Token" = "Oasis-Token";
+"Open Augment (Log Out & Back In)" = "Abrir Augment (sair e entrar novamente)";
+"Open Codebuff Dashboard" = "Abrir painel do Codebuff";
+"Open Command Code Settings" = "Abrir configurações do Command Code";
+"Open Crof dashboard" = "Abrir painel do Crof";
+"Open Manus" = "Abrir Manus";
+"Open MiMo Balance" = "Abrir saldo do MiMo";
+"Open Moonshot Console" = "Abrir console do Moonshot";
+"Open Ollama API Keys" = "Abrir chaves API do Ollama";
+"Open StepFun Platform" = "Abrir plataforma StepFun";
+"Open T3 Chat Settings" = "Abrir configurações do T3 Chat";
+"Open Volcengine Ark Console" = "Abrir console Volcengine Ark";
+"Open legacy provider docs" = "Abrir docs do provedor legado";
+"Open projects" = "Abrir projetos";
+"Open this URL manually to continue login:\n\n%@" = "Abra esta URL manualmente para continuar o login:\n\n%@";
+"Optional organization ID for accounts linked to multiple Anthropic organizations." = "ID de organização opcional para contas vinculadas a várias organizações Anthropic.";
+"Optional. Applies to the configured Admin API key; selected token accounts do not inherit OPENAI_PROJECT_ID." = "Opcional. Aplica-se à chave Admin API configurada; contas de token selecionadas não herdam OPENAI_PROJECT_ID.";
+"Optional. Enter your GitHub Enterprise host, for example octocorp.ghe.com. Leave blank for github.com." = "Opcional. Informe seu host GitHub Enterprise, por exemplo octocorp.ghe.com. Deixe em branco para github.com.";
+"Optional. Leave blank to discover and aggregate projects visible to the API key." = "Opcional. Deixe em branco para descobrir e agregar projetos visíveis à chave API.";
+"Org ID (optional)" = "ID da org. (opcional)";
+"Organizations" = "Organizações";
+"Password" = "Senha";
+"%@ authentication is disabled." = "A autenticação de %@ está desativada.";
+"%@ cookies are disabled." = "Os cookies de %@ estão desativados.";
+"%@ web API access is disabled." = "O acesso à API web de %@ está desativado.";
+"Disable %@ dashboard cookie usage." = "Desativar o uso de cookies do painel de %@.";
+"Keychain access is disabled in Advanced, so browser cookie import is unavailable." = "O acesso ao Chaves está desativado em Avançado, então a importação de cookies do navegador está indisponível.";
+"Manually paste an %@ from a browser session." = "Cole manualmente um %@ de uma sessão do navegador.";
+"Paste a Cookie header captured from %@." = "Cole um cabeçalho Cookie capturado de %@.";
+"Paste a Cookie header from %@." = "Cole um cabeçalho Cookie de %@.";
+"Paste a Cookie header or cURL capture from %@." = "Cole um cabeçalho Cookie ou captura cURL de %@.";
+"Paste a Cookie header or full cURL capture from %@." = "Cole um cabeçalho Cookie ou captura cURL completa de %@.";
+"Paste a Cookie or Authorization header from %@." = "Cole um cabeçalho Cookie ou Authorization de %@.";
+"Paste a full cookie header or the %@ value." = "Cole um cabeçalho de cookies completo ou o valor %@.";
+"Paste a Cookie header or full cURL capture from T3 Chat settings." = "Cole um cabeçalho Cookie ou captura cURL completa das configurações do T3 Chat.";
+"Paste the Cookie header from a request to admin.mistral.ai. Must contain an ory_session_* cookie." = "Cole o cabeçalho Cookie de uma solicitação a admin.mistral.ai. Deve conter um cookie ory_session_*.";
+"Paste the Oasis-Token from a logged-in browser session on platform.stepfun.com." = "Cole o Oasis-Token de uma sessão conectada em platform.stepfun.com.";
+"Paste the %@ JSON bundle from %@." = "Cole o pacote JSON %@ de %@.";
+"Paste the %@ value or a full Cookie header." = "Cole o valor %@ ou um cabeçalho Cookie completo.";
+"Personal account" = "Conta pessoal";
+"Project ID" = "ID do projeto";
+"Re-auth" = "Reautenticar";
+"Re-authenticating…" = "Reautenticando…";
+"Refresh Session" = "Atualizar sessão";
+"Refresh organizations" = "Atualizar organizações";
+"Region" = "Região";
+"Reload" = "Recarregar";
+"Reorder" = "Reordenar";
+"Secret access key" = "Chave secreta de acesso";
+"Series" = "Série";
+"Service" = "Serviço";
+"Show or hide Kiro credits, percent, or both next to the menu bar icon." = "Mostra ou oculta créditos Kiro, porcentagem ou ambos ao lado do ícone da barra de menu.";
+"Show usage for organizations you belong to. Personal account is always shown." = "Mostra o uso das organizações às quais você pertence. A conta pessoal sempre é exibida.";
+"Sign in to cursor.com in your browser, then refresh Cursor in CodexBar." = "Entre em cursor.com no navegador e atualize Cursor no CodexBar.";
+"Simulated error text" = "Texto de erro simulado";
+"StepFun platform account (phone number or email)." = "Conta da plataforma StepFun (telefone ou email).";
+"Stored in ~/.codexbar/config.json." = "Armazenado em ~/.codexbar/config.json.";
+"Stored in ~/.codexbar/config.json. AZURE_OPENAI_API_KEY is also supported." = "Armazenado em ~/.codexbar/config.json. AZURE_OPENAI_API_KEY também é aceito.";
+"Stored in ~/.codexbar/config.json. For the official Kimi API, use Moonshot / Kimi API." = "Armazenado em ~/.codexbar/config.json. Para a API oficial do Kimi, use Moonshot / Kimi API.";
+"Stored in ~/.codexbar/config.json. Get your API key from the Volcengine Ark console." = "Armazenado em ~/.codexbar/config.json. Obtenha sua chave API no console Volcengine Ark.";
+"Stored in ~/.codexbar/config.json. Get your key from Ollama settings." = "Armazenado em ~/.codexbar/config.json. Obtenha sua chave nas configurações do Ollama.";
+"Stored in ~/.codexbar/config.json. Get your key from console.deepgram.com." = "Armazenado em ~/.codexbar/config.json. Obtenha sua chave em console.deepgram.com.";
+"Stored in ~/.codexbar/config.json. Get your key from elevenlabs.io/app/settings/api-keys." = "Armazenado em ~/.codexbar/config.json. Obtenha sua chave em elevenlabs.io/app/settings/api-keys.";
+"Stored in ~/.codexbar/config.json. Get your key from openrouter.ai/settings/keys and set a key spending limit there to enable API key quota tracking." = "Armazenado em ~/.codexbar/config.json. Obtenha sua chave em openrouter.ai/settings/keys e defina um limite de gasto para ativar o rastreamento de cota.";
+"Stored in ~/.codexbar/config.json. In Warp, open Settings > Platform > API Keys, then create one." = "Armazenado em ~/.codexbar/config.json. No Warp, abra Settings > Platform > API Keys e crie uma.";
+"Stored in ~/.codexbar/config.json. Metrics require Groq Enterprise Prometheus access." = "Armazenado em ~/.codexbar/config.json. As métricas exigem acesso ao Groq Enterprise Prometheus.";
+"Stored in ~/.codexbar/config.json. OPENAI_ADMIN_KEY is preferred; OPENAI_API_KEY still works." = "Armazenado em ~/.codexbar/config.json. OPENAI_ADMIN_KEY é preferida; OPENAI_API_KEY ainda funciona.";
+"Stored in ~/.codexbar/config.json. Requires an Anthropic Admin API key." = "Armazenado em ~/.codexbar/config.json. Requer uma chave Anthropic Admin API.";
+"Stored in ~/.codexbar/config.json. Used for /v1/quota-stats." = "Armazenado em ~/.codexbar/config.json. Usado para /v1/quota-stats.";
+"Stored in ~/.codexbar/config.json. You can also provide CODEBUFF_API_KEY or let CodexBar read ~/.config/manicode/credentials.json (created by `codebuff login`)." = "Armazenado em ~/.codexbar/config.json. Você também pode fornecer CODEBUFF_API_KEY ou permitir que o CodexBar leia ~/.config/manicode/credentials.json (criado por `codebuff login`).";
+"Stored in ~/.codexbar/config.json. You can also provide CROF_API_KEY." = "Armazenado em ~/.codexbar/config.json. Você também pode fornecer CROF_API_KEY.";
+"Stored in ~/.codexbar/config.json. You can also provide KILO_API_KEY or ~/.local/share/kilo/auth.json (kilo.access)." = "Armazenado em ~/.codexbar/config.json. Você também pode fornecer KILO_API_KEY ou ~/.local/share/kilo/auth.json (kilo.access).";
+"T3 Chat cookie" = "Cookie do T3 Chat";
+"That account is no longer available in CodexBar. Refresh the account list and try again." = "Essa conta não está mais disponível no CodexBar. Atualize a lista de contas e tente novamente.";
+"The browser login did not complete in time. Try Antigravity login again." = "O login no navegador não foi concluído a tempo. Tente o login do Antigravity novamente.";
+"Timed out waiting for Cursor login. %@" = "Tempo esgotado aguardando o login do Cursor. %@";
+"Timed out waiting for Cursor login. %@ Last error: %@" = "Tempo esgotado aguardando o login do Cursor. %@ Último erro: %@";
+"Today requests" = "Solicitações de hoje";
+"Total (30d): %@ credits" = "Total (30 dias): %@ créditos";
+"Username" = "Nome de usuário";
+"Uses username + password to login and obtain an Oasis-Token automatically." = "Usa nome de usuário e senha para entrar e obter um Oasis-Token automaticamente.";
+"Uses username + password to login and obtain an %@ automatically." = "Usa nome de usuário e senha para entrar e obter um %@ automaticamente.";
+"Utilization End" = "Fim da utilização";
+"Utilization Start" = "Início da utilização";
+"Verbosity" = "Detalhamento";
+"Windsurf session JSON bundle" = "Pacote JSON de sessão do Windsurf";
+"Workspace ID" = "ID do workspace";
+"Your StepFun platform password. Used to login and obtain a session token." = "Sua senha da plataforma StepFun. Usada para entrar e obter um token de sessão.";
+"claude /login exited with status %d." = "claude /login saiu com status %d.";
+"codex login exited with status %d." = "codex login saiu com status %d.";
+"Cookie: …\n\nor paste a cURL capture from the Abacus AI dashboard" = "Cookie: …\n\nou cole uma captura cURL do painel Abacus AI";
+"Cookie: …\n\nor paste the __Secure-next-auth.session-token value" = "Cookie: …\n\nou cole o valor de __Secure-next-auth.session-token";
+"Cookie: …\n\nor paste the kimi-auth token value" = "Cookie: …\n\nou cole o valor do token kimi-auth";
+"session_id=...\n\nor paste just the session_id value" = "session_id=...\n\nou cole apenas o valor de session_id";
diff --git a/Sources/CodexBar/Resources/sv.lproj/Localizable.strings b/Sources/CodexBar/Resources/sv.lproj/Localizable.strings
new file mode 100644
index 000000000..ecd338138
--- /dev/null
+++ b/Sources/CodexBar/Resources/sv.lproj/Localizable.strings
@@ -0,0 +1,1057 @@
+/* Swedish localization for CodexBar */
+
+" providers" = " leverantörer";
+"(System)" = "(System)";
+"30d" = "30 d";
+"A managed Codex login is already running. Wait for it to finish before adding " = "En hanterad Codex-inloggning körs redan. Vänta tills den är klar innan du lägger till ";
+"API key" = "API-nyckel";
+"API region" = "API-region";
+"API token" = "API-token";
+"API tokens" = "API-token";
+"About" = "Om";
+"Account" = "Konto";
+"Accounts" = "Konton";
+"Accounts subtitle" = "Kontounderrubrik";
+"Active" = "Aktiv";
+"Add" = "Lägg till";
+"Add Workspace" = "Lägg till arbetsyta";
+"Advanced" = "Avancerat";
+"All" = "Alla";
+"Always allow prompts" = "Tillåt alltid uppmaningar";
+"Animation pattern" = "Animationsmönster";
+"Antigravity login is managed in the app" = "Antigravity-inloggning hanteras i appen";
+"Applies only to the Security.framework OAuth keychain reader." = "Gäller bara OAuth-läsaren för Nyckelring via Security.framework.";
+"Auto falls back to the next source if the preferred one fails." = "Auto går vidare till nästa källa om den föredragna misslyckas.";
+"Auto uses API first, then falls back to CLI on auth failures." = "Auto använder API först och går sedan över till CLI vid autentiseringsfel.";
+"Auto-detect" = "Identifiera automatiskt";
+"Auto-refresh is off; use the menu's Refresh command." = "Automatisk uppdatering är avstängd. Använd Uppdatera i menyn.";
+"Auto-refresh: hourly · Timeout: 10m" = "Automatisk uppdatering: varje timme · Timeout: 10 min";
+"Automatic" = "Automatiskt";
+"Automatic imports browser cookies and WorkOS tokens." = "Importerar webbläsarcookies och WorkOS-token automatiskt.";
+"Automatic imports browser cookies and local storage tokens." = "Importerar webbläsarcookies och token från lokal lagring automatiskt.";
+"Automatic imports browser cookies for dashboard extras." = "Importerar webbläsarcookies automatiskt för extra instrumentpanelsdata.";
+"Automatic imports browser cookies for the web API." = "Importerar webbläsarcookies automatiskt för webb-API:t.";
+"Automatic imports browser cookies from Model Studio/Bailian." = "Importerar webbläsarcookies automatiskt från Model Studio/Bailian.";
+"Automatic imports browser cookies from admin.mistral.ai." = "Importerar webbläsarcookies automatiskt från admin.mistral.ai.";
+"Automatic imports browser cookies from opencode.ai." = "Importerar webbläsarcookies automatiskt från opencode.ai.";
+"Automatic imports browser cookies or stored sessions." = "Importerar webbläsarcookies eller sparade sessioner automatiskt.";
+"Automatic imports browser cookies." = "Importerar webbläsarcookies automatiskt.";
+"Automatically imports browser session cookie." = "Importerar webbläsarens sessionscookie automatiskt.";
+"Automatically opens CodexBar when you start your Mac." = "Öppnar CodexBar automatiskt när du startar din Mac.";
+"Automation" = "Automatisering";
+"Average (\\(label1) + \\(label2))" = "Genomsnitt (\\(label1) + \\(label2))";
+"Average (\\(metadata.sessionLabel) + \\(metadata.weeklyLabel))" = "Genomsnitt (\\(metadata.sessionLabel) + \\(metadata.weeklyLabel))";
+"Avoid Keychain prompts" = "Undvik frågor från Nyckelring";
+"Balance" = "Saldo";
+"Battery Saver" = "Batterisparläge";
+"Bordered" = "Med ram";
+"Build" = "Bygge";
+"Built \\(buildTimestamp)" = "Byggd \\(buildTimestamp)";
+"Buy Credits..." = "Köp krediter...";
+"Buy Credits…" = "Köp krediter…";
+"CLI paths" = "CLI-sökvägar";
+"CLI sessions" = "CLI-sessioner";
+"Caches" = "Cachar";
+"Cancel" = "Avbryt";
+"Check for Updates…" = "Sök efter uppdateringar…";
+"Check for updates automatically" = "Sök efter uppdateringar automatiskt";
+"Check if you like your agents having some fun up there." = "Kontrollera om du vill att agenterna ska få leka lite där uppe.";
+"Check provider status" = "Kontrollera leverantörsstatus";
+"Choose Codex workspace" = "Välj Codex-arbetsyta";
+"Choose the MiniMax host (global .io or China mainland .com)." = "Välj MiniMax-värd (global .io eller Fastlandskina .com).";
+"Choose up to " = "Välj upp till ";
+"Choose up to \\(Self.maxOverviewProviders) providers" = "Välj upp till \\(Self.maxOverviewProviders) leverantörer";
+"Choose up to \\(count) providers" = "Välj upp till \\(count) leverantörer";
+"Choose what to show in the menu bar (Pace shows usage vs. expected)." = "Välj vad som ska visas i menyraden (takt visar användning mot förväntat).";
+"Choose which Codex account CodexBar should follow." = "Välj vilket Codex-konto CodexBar ska följa.";
+"Choose which window drives the menu bar percent." = "Välj vilket fönster som styr procenttalet i menyraden.";
+"Chrome" = "Chrome";
+"Claude CLI not found" = "Claude CLI hittades inte";
+"Claude binary" = "Claude-binär";
+"Claude cookies" = "Claude-cookies";
+"Claude login failed" = "Claude-inloggning misslyckades";
+"Claude login timed out" = "Claude-inloggning tog för lång tid";
+"Close" = "Stäng";
+"Code review" = "Kodgranskning";
+"Codex CLI not found" = "Codex CLI hittades inte";
+"Codex account login already running" = "Codex-kontoinloggning körs redan";
+"Codex binary" = "Codex-binär";
+"Codex login failed" = "Codex-inloggning misslyckades";
+"Codex login timed out" = "Codex-inloggning tog för lång tid";
+"CodexBar Lifecycle Keepalive" = "CodexBar livscykel-keepalive";
+"CodexBar can't show its menu bar icon" = "CodexBar kan inte visa sin menyradsikon";
+"CodexBar could not read managed account storage. " = "CodexBar kunde inte läsa hanterad kontolagring. ";
+"Configure…" = "Konfigurera…";
+"Connected" = "Ansluten";
+"Controls how much detail is logged." = "Styr hur detaljerad loggningen är.";
+"Cookie header" = "Cookie-header";
+"Cookie source" = "Cookie-källa";
+"Cookie: ..." = "Cookie: ...";
+"Cookie: \\u{2026}\\\n\\\nor paste a cURL capture from the Abacus AI dashboard" = "Cookie: \\u{2026}\\\n\\\neller klistra in en cURL-fångst från Abacus AI-instrumentpanelen";
+"Cookie: \\u{2026}\\\n\\\nor paste the __Secure-next-auth.session-token value" = "Cookie: \\u{2026}\\\n\\\neller klistra in värdet för __Secure-next-auth.session-token";
+"Cookie: \\u{2026}\\\n\\\nor paste the kimi-auth token value" = "Cookie: \\u{2026}\\\n\\\neller klistra in värdet för kimi-auth-token";
+"Cookie: …" = "Cookie: …";
+"CopilotDeviceFlow" = "CopilotDeviceFlow";
+"Cost" = "Kostnad";
+"Could not add Codex account" = "Kunde inte lägga till Codex-konto";
+"Could not open Terminal for Gemini" = "Kunde inte öppna Terminal för Gemini";
+"Could not start claude /login" = "Kunde inte starta claude /login";
+"Could not start codex login" = "Kunde inte starta codex login";
+"Could not switch system account" = "Kunde inte byta systemkonto";
+"Credits" = "Krediter";
+"Credits history" = "Kredithistorik";
+"Cursor login failed" = "Cursor-inloggning misslyckades";
+"Custom" = "Anpassat";
+"Custom Path" = "Anpassad sökväg";
+"Daily Routines" = "Dagliga rutiner";
+"Debug" = "Felsök";
+"Default" = "Standard";
+"Disable Keychain access" = "Inaktivera åtkomst till Nyckelring";
+"Disabled" = "Inaktiverad";
+"Dismiss" = "Stäng";
+"Disconnected" = "Frånkopplad";
+"Display" = "Visning";
+"Display mode" = "Visningsläge";
+"Display reset times as absolute clock values instead of countdowns." = "Visa återställningstider som klockslag i stället för nedräkningar.";
+"Done" = "Klar";
+"Effective PATH" = "Effektiv PATH";
+"Email" = "E-post";
+"Enable Merge Icons to configure Overview tab providers." = "Aktivera Slå ihop ikoner för att konfigurera leverantörer på översiktsfliken.";
+"Enable file logging" = "Aktivera filloggning";
+"Enabled" = "Aktiverad";
+"Error" = "Fel";
+"Error simulation" = "Felsimulering";
+"Expose troubleshooting tools in the Debug tab." = "Visa felsökningsverktyg på fliken Felsök.";
+"Failed" = "Misslyckades";
+"False" = "Falskt";
+"Fetch strategy attempts" = "Försök med hämtningsstrategi";
+"Fetching" = "Hämtar";
+"Field" = "Fält";
+"Field subtitle" = "Fältunderrubrik";
+"Finish the current managed account change before switching the system account." = "Slutför den pågående hanterade kontoändringen innan du byter systemkonto.";
+"Force animation on next refresh" = "Tvinga animation vid nästa uppdatering";
+"Gateway region" = "Gateway-region";
+"Gemini CLI not found" = "Gemini CLI hittades inte";
+"Gemini/Antigravity, surfacing incidents in the icon and menu." = "Gemini/Antigravity och visar incidenter i ikonen och menyn.";
+"General" = "Allmänt";
+"GitHub" = "GitHub";
+"GitHub Copilot Login" = "GitHub Copilot-inloggning";
+"GitHub Login" = "GitHub-inloggning";
+"Hide details" = "Dölj detaljer";
+"Hide personal information" = "Dölj personuppgifter";
+"Historical tracking" = "Historisk spårning";
+"How often CodexBar polls providers in the background." = "Hur ofta CodexBar kontrollerar leverantörer i bakgrunden.";
+"Inactive" = "Inaktiv";
+"Install CLI" = "Installera CLI";
+"Install the Claude CLI (npm i -g @anthropic-ai/claude-code) and try again." = "Installera Claude CLI (npm i -g @anthropic-ai/claude-code) och försök igen.";
+"Install the Codex CLI (npm i -g @openai/codex) and try again." = "Installera Codex CLI (npm i -g @openai/codex) och försök igen.";
+"Install the Gemini CLI (npm i -g @google/gemini-cli) and try again." = "Installera Gemini CLI (npm i -g @google/gemini-cli) och försök igen.";
+"JetBrains AI is ready" = "JetBrains AI är redo";
+"JetBrains IDE" = "JetBrains IDE";
+"Keep CLI sessions alive" = "Håll CLI-sessioner vid liv";
+"Keyboard shortcut" = "Kortkommando";
+"Keychain access" = "Åtkomst till Nyckelring";
+"Keychain prompt policy" = "Policy för frågor från Nyckelring";
+"Last \\(name) fetch failed:" = "Senaste hämtningen för \\(name) misslyckades:";
+"Last \\(self.store.metadata(for: self.provider).displayName) fetch failed:" = "Senaste hämtningen för \\(self.store.metadata(for: self.provider).displayName) misslyckades:";
+"Last attempt" = "Senaste försök";
+"Link" = "Länk";
+"Loading animations" = "Laddningsanimationer";
+"Loading…" = "Läser in…";
+"Local" = "Lokal";
+"Logging" = "Loggning";
+"Login failed" = "Inloggningen misslyckades";
+"Login shell PATH (startup capture)" = "Inloggningsskalets PATH (fångad vid start)";
+"Login timed out" = "Inloggningen tog för lång tid";
+"MCP details" = "MCP-detaljer";
+"Managed Codex accounts unavailable" = "Hanterade Codex-konton är inte tillgängliga";
+"Managed account storage is unreadable. Live account access is still available, " = "Hanterad kontolagring går inte att läsa. Direkt kontoåtkomst är fortfarande tillgänglig, ";
+"Manual" = "Manuellt";
+"May your tokens never run out—keep agent limits in view." = "Må dina token aldrig ta slut – håll agentgränserna synliga.";
+"Menu bar" = "Menyrad";
+"Menu bar auto-shows the provider closest to its rate limit." = "Menyraden visar automatiskt leverantören som ligger närmast sin gräns.";
+"Menu bar metric" = "Menyradsmått";
+"Menu bar shows percent" = "Menyraden visar procent";
+"Menu content" = "Menyinnehåll";
+"Merge Icons" = "Slå ihop ikoner";
+"Never prompt" = "Fråga aldrig";
+"No" = "Nej";
+"No Codex accounts detected yet." = "Inga Codex-konton har hittats än.";
+"No JetBrains IDE detected" = "Ingen JetBrains IDE hittades";
+"No cost history data." = "Ingen kostnadshistorik.";
+"No credits history data." = "Ingen kredithistorik.";
+"No data available" = "Inga data tillgängliga";
+"No data yet" = "Inga data än";
+"No enabled providers available for Overview." = "Inga aktiverade leverantörer är tillgängliga för översikten.";
+"No providers selected" = "Inga leverantörer valda";
+"No token accounts yet." = "Inga tokenkonton än.";
+"No usage breakdown data." = "Ingen användningsuppdelning.";
+"None" = "Ingen";
+"Notifications" = "Aviseringar";
+"Notifies when the 5-hour session quota hits 0% and when it becomes " = "Aviserar när femtimmarssessionens kvot når 0 % och när den blir ";
+"OK" = "OK";
+"Obscure email addresses in the menu bar and menu UI." = "Maskera e-postadresser i menyraden och menygränssnittet.";
+"Off" = "Av";
+"Offline" = "Offline";
+"On" = "På";
+"Online" = "Online";
+"Only on user action" = "Bara vid användaråtgärd";
+"Open" = "Öppna";
+"Open API Keys" = "Öppna API-nycklar";
+"Open Amp Settings" = "Öppna Amp-inställningar";
+"Open Antigravity to sign in, then refresh CodexBar." = "Öppna Antigravity för att logga in och uppdatera sedan CodexBar.";
+"Open Browser" = "Öppna webbläsare";
+"Open Coding Plan" = "Öppna Coding Plan";
+"Open Console" = "Öppna konsol";
+"Open Dashboard" = "Öppna instrumentpanel";
+"Open Mistral Admin" = "Öppna Mistral Admin";
+"Open Menu Bar Settings" = "Öppna inställningar för menyraden";
+"Open Ollama Settings" = "Öppna Ollama-inställningar";
+"Open Terminal" = "Öppna Terminal";
+"Open Usage Page" = "Öppna användningssida";
+"Open Warp API Key Guide" = "Öppna guide för Warp API-nyckel";
+"Open menu" = "Öppna meny";
+"Open token file" = "Öppna tokenfil";
+"OpenAI cookies" = "OpenAI-cookies";
+"OpenAI web extras" = "OpenAI-webbtillägg";
+"Option A" = "Alternativ A";
+"Option B" = "Alternativ B";
+"Optional override if workspace lookup fails." = "Valfri ersättning om sökning efter arbetsyta misslyckas.";
+"Options" = "Alternativ";
+"Override auto-detection with a custom IDE base path" = "Ersätt automatisk identifiering med en anpassad bas-sökväg till IDE:n";
+"Overview" = "Översikt";
+"Overview rows always follow provider order." = "Översiktsrader följer alltid leverantörsordningen.";
+"Overview tab providers" = "Leverantörer på översiktsfliken";
+"Paste API key…" = "Klistra in API-nyckel…";
+"Paste API token…" = "Klistra in API-token…";
+"Paste key…" = "Klistra in nyckel…";
+"Paste sessionKey or OAuth token…" = "Klistra in sessionKey eller OAuth-token…";
+"Paste the Cookie header from a request to admin.mistral.ai. " = "Klistra in Cookie-headern från en förfrågan till admin.mistral.ai. ";
+"Paste token…" = "Klistra in token…";
+"Personal" = "Personligt";
+"Picker" = "Väljare";
+"Picker subtitle" = "Väljarunderrubrik";
+"Placeholder" = "Platshållare";
+"Plan" = "Plan";
+"Play full-screen confetti when weekly usage resets." = "Spela konfetti i helskärm när veckoförbrukningen återställs.";
+"Polls OpenAI/Claude status pages and Google Workspace for " = "Kontrollerar OpenAI/Claude-statussidor och Google Workspace för ";
+"Prevents any Keychain access while enabled." = "Förhindrar all åtkomst till Nyckelring när det är aktiverat.";
+"Primary (API key limit)" = "Primär (API-nyckelgräns)";
+"Primary (\\(label))" = "Primär (\\(label))";
+"Primary (\\(metadata.sessionLabel))" = "Primär (\\(metadata.sessionLabel))";
+"Probe logs" = "Probloggar";
+"Progress bars fill as you consume quota (instead of showing remaining)." = "Förloppsstaplar fylls när du förbrukar kvot i stället för att visa återstående.";
+"Provider" = "Leverantör";
+"Providers" = "Leverantörer";
+"Quit CodexBar" = "Avsluta CodexBar";
+"Random (default)" = "Slumpmässig (standard)";
+"Reads local usage logs. Shows today + last 30 days cost in the menu." = "Läser lokala användningsloggar. Visar idag och valt historikfönster i menyn.";
+"Refresh" = "Uppdatera";
+"Refresh cadence" = "Uppdateringsintervall";
+"Remote" = "Fjärr";
+"Remove" = "Ta bort";
+"Remove Codex account?" = "Ta bort Codex-konto?";
+"Remove \\(account.email) from CodexBar? Its managed Codex home will be deleted." = "Ta bort \\(account.email) från CodexBar? Dess hanterade Codex-hem tas bort.";
+"Remove \\(email) from CodexBar? Its managed Codex home will be deleted." = "Ta bort \\(email) från CodexBar? Dess hanterade Codex-hem tas bort.";
+"Remove selected account" = "Ta bort valt konto";
+"Replace critter bars with provider branding icons and a percentage." = "Ersätt figurstaplar med leverantörsikoner och ett procenttal.";
+"Replay selected animation" = "Spela vald animation igen";
+"Requires authentication via GitHub Device Flow." = "Kräver autentisering via GitHub Device Flow.";
+"Resets: \\(reset)" = "Återställs: \\(reset)";
+"Rolling five-hour limit" = "Rullande femtimmarsgräns";
+"Search hourly" = "Sökning per timme";
+"Secondary (\\(label))" = "Sekundär (\\(label))";
+"Secondary (\\(metadata.weeklyLabel))" = "Sekundär (\\(metadata.weeklyLabel))";
+"Select a provider" = "Välj en leverantör";
+"Select the IDE to monitor" = "Välj IDE att övervaka";
+"Session quota notifications" = "Aviseringar för sessionskvot";
+"Session tokens" = "Sessionstoken";
+"Settings" = "Inställningar";
+"Show Codex Credits and Claude Extra usage sections in the menu." = "Visa avsnitt för Codex-krediter och Claude Extra-användning i menyn.";
+"Show Debug Settings" = "Visa felsökningsinställningar";
+"Show all token accounts" = "Visa alla tokenkonton";
+"Show cost summary" = "Visa kostnadssammanfattning";
+"Show credits + extra usage" = "Visa krediter och extra användning";
+"Show details" = "Visa detaljer";
+"Show most-used provider" = "Visa mest använda leverantör";
+"Show provider icons in the switcher (otherwise show a weekly progress line)." = "Visa leverantörsikoner i växlaren (annars visas en veckoförloppslinje).";
+"Show reset time as clock" = "Visa återställningstid som klockslag";
+"Show usage as used" = "Visa användning som förbrukad";
+"Sign in via button below" = "Logga in med knappen nedan";
+"Skip teardown between probes (debug-only)." = "Hoppa över nedstängning mellan prober (endast felsökning).";
+"Stack token accounts in the menu (otherwise show an account switcher bar)." = "Stapla tokenkonton i menyn (annars visas en kontoväxlare).";
+"Start at Login" = "Starta vid inloggning";
+"Status" = "Status";
+"Store Claude sessionKey cookies or OAuth access tokens." = "Spara Claude-sessionKey-cookies eller OAuth-åtkomsttoken.";
+"Store multiple Abacus AI Cookie headers." = "Spara flera Cookie-headers för Abacus AI.";
+"Store multiple Augment Cookie headers." = "Spara flera Cookie-headers för Augment.";
+"Store multiple Cursor Cookie headers." = "Spara flera Cookie-headers för Cursor.";
+"Store multiple Factory Cookie headers." = "Spara flera Cookie-headers för Factory.";
+"Store multiple MiniMax Cookie headers." = "Spara flera Cookie-headers för MiniMax.";
+"Store multiple Mistral Cookie headers." = "Spara flera Cookie-headers för Mistral.";
+"Store multiple Ollama Cookie headers." = "Spara flera Cookie-headers för Ollama.";
+"Store multiple OpenCode Cookie headers." = "Spara flera Cookie-headers för OpenCode.";
+"Store multiple OpenCode Go Cookie headers." = "Spara flera Cookie-headers för OpenCode Go.";
+"Stored in the CodexBar config file." = "Sparas i CodexBars konfigurationsfil.";
+"Stored in ~/.codexbar/config.json. " = "Sparas i ~/.codexbar/config.json. ";
+"Stored in ~/.codexbar/config.json. Generate one at kimi-k2.ai." = "Sparas i ~/.codexbar/config.json. Skapa en på kimi-k2.ai.";
+"Stored in ~/.codexbar/config.json. Paste the key from the Synthetic dashboard." = "Sparas i ~/.codexbar/config.json. Klistra in nyckeln från Synthetic-instrumentpanelen.";
+"Stored in ~/.codexbar/config.json. Paste your Coding Plan API key from Model Studio." = "Sparas i ~/.codexbar/config.json. Klistra in din Coding Plan-API-nyckel från Model Studio.";
+"Stored in ~/.codexbar/config.json. Paste your MiniMax API key." = "Sparas i ~/.codexbar/config.json. Klistra in din MiniMax-API-nyckel.";
+"Stored in ~/.codexbar/config.json. You can also provide KILO_API_KEY or " = "Sparas i ~/.codexbar/config.json. Du kan också ange KILO_API_KEY eller ";
+"Stores local Codex usage history (8 weeks) to personalize Pace predictions." = "Sparar lokal Codex-användningshistorik (8 veckor) för att anpassa taktprognoser.";
+"Subscription Utilization" = "Abonnemangsutnyttjande";
+"Surprise me" = "Överraska mig";
+"Switcher shows icons" = "Växlaren visar ikoner";
+"Symlink CodexBarCLI to /usr/local/bin and /opt/homebrew/bin as codexbar." = "Symlänka CodexBarCLI till /usr/local/bin och /opt/homebrew/bin som codexbar.";
+"System" = "System";
+"Temporarily shows the loading animation after the next refresh." = "Visar tillfälligt laddningsanimationen efter nästa uppdatering.";
+"Tertiary (\\(label))" = "Tertiär (\\(label))";
+"Tertiary (\\(tertiaryTitle))" = "Tertiär (\\(tertiaryTitle))";
+"The default Codex account on this Mac." = "Standardkontot för Codex på den här Macen.";
+"Toggle" = "Växla";
+"Toggle subtitle" = "Växlingsunderrubrik";
+"Token" = "Token";
+"Trigger the menu bar menu from anywhere." = "Öppna menyradsmenyn var du än är.";
+"True" = "Sant";
+"Twitter" = "Twitter";
+"Unsupported" = "Stöds inte";
+"Update Channel" = "Uppdateringskanal";
+"Updated" = "Uppdaterad";
+"Updates unavailable in this build." = "Uppdateringar är inte tillgängliga i det här bygget.";
+"Usage" = "Användning";
+"Usage breakdown" = "Användningsuppdelning";
+"Usage history (30 days)" = "Användningshistorik";
+"Usage source" = "Användningskälla";
+"Use BigModel for the China mainland endpoints (open.bigmodel.cn)." = "Använd BigModel för slutpunkterna i Fastlandskina (open.bigmodel.cn).";
+"Use a single menu bar icon with a provider switcher." = "Använd en enda menyradsikon med leverantörsväxlare.";
+"Use international or China mainland console gateways for quota fetches." = "Använd internationella gatewayar eller gatewayar för Fastlandskina vid kvothämtning.";
+"Version" = "Version";
+"Version \\(self.versionString)" = "Version \\(self.versionString)";
+"Version \\(version)" = "Version \\(version)";
+"Version \\(versionString)" = "Version \\(versionString)";
+"Vertex AI Login" = "Vertex AI-inloggning";
+"Wait for the current managed Codex login to finish before adding another account." = "Vänta tills den pågående hanterade Codex-inloggningen är klar innan du lägger till ett konto till.";
+"Waiting for Authentication..." = "Väntar på autentisering...";
+"Website" = "Webbplats";
+"Weekly limit confetti" = "Veckogränskonfetti";
+"Weekly token limit" = "Veckogräns för token";
+"Weekly usage" = "Veckoanvändning";
+"Weekly usage unavailable for this account." = "Veckoanvändning är inte tillgänglig för det här kontot.";
+"Window: \\(window)" = "Fönster: \\(window)";
+"Write logs to \\(self.fileLogPath) for debugging." = "Skriv loggar till \\(self.fileLogPath) för felsökning.";
+"Yes" = "Ja";
+"\\(detail.modelCode): \\(usage)" = "\\(detail.modelCode): \\(usage)";
+"\\(name): \\(truncated)" = "\\(name): \\(truncated)";
+"\\(name): \\(updated) · 30d \\(cost)" = "\\(name): \\(updated) · 30 d \\(cost)";
+"\\(name): fetching…\\(elapsed)" = "\\(name): hämtar…\\(elapsed)";
+"\\(name): last attempt \\(when)" = "\\(name): senaste försök \\(when)";
+"\\(name): no data yet" = "\\(name): inga data än";
+"\\(name): unsupported" = "\\(name): stöds inte";
+"all browsers" = "alla webbläsare";
+"available again." = "tillgänglig igen.";
+"built_format" = "Byggd %@";
+"copilot_complete_in_browser" = "Slutför inloggningen i webbläsaren.";
+"copilot_device_code" = "Enhetskoden kopierades till urklipp: %1$@\n\nVerifiera på: %2$@";
+"copilot_device_code_copied" = "Enhetskoden kopierades.";
+"copilot_verify_at" = "Verifiera på %@";
+"copilot_waiting_text" = "Slutför inloggningen i webbläsaren.\nDet här fönstret stängs automatiskt när inloggningen är klar.";
+"copilot_window_closes_auto" = "Det här fönstret stängs automatiskt när inloggningen är klar.";
+"cost_status_error" = "%1$@: %2$@";
+"cost_status_fetching" = "%1$@: hämtar… %2$@";
+"cost_status_last_attempt" = "%1$@: senaste försök %2$@";
+"cost_status_no_data" = "%@: inga data än";
+"cost_status_snapshot" = "%1$@: %2$@ · %3$@ %4$@";
+"cost_status_unsupported" = "%@: stöds inte";
+"credits_remaining" = "Krediter: %@";
+"cursor_on_demand" = "Vid behov: %@";
+"cursor_on_demand_with_limit" = "Vid behov: %1$@ / %2$@";
+"extra_usage_format" = "Extra användning: %1$@ / %2$@";
+"jetbrains_detected_generate" = "Hittade: %@. Använd AI-assistenten en gång för att skapa kvotdata och uppdatera sedan CodexBar.";
+"jetbrains_detected_select" = "Hittade: %@. Välj önskad IDE i Inställningar och uppdatera sedan CodexBar.";
+"last_fetch_failed_with_provider" = "Senaste hämtningen för %@ misslyckades:";
+"last_spend" = "Senaste utgift: %@";
+"mcp_model_usage" = "%1$@: %2$@";
+"mcp_resets" = "Återställs: %@";
+"mcp_window" = "Fönster: %@";
+"metric_average" = "Genomsnitt (%1$@ + %2$@)";
+"metric_primary" = "Primär (%@)";
+"metric_secondary" = "Sekundär (%@)";
+"metric_tertiary" = "Tertiär (%@)";
+"multiple_workspaces_found" = "CodexBar hittade flera arbetsytor för %@. Välj arbetsytan som ska läggas till.";
+"ory_session_…=…; csrftoken=…" = "ory_session_…=…; csrftoken=…";
+"overview_choose_providers" = "Välj upp till %@ leverantörer";
+"remove_account_message" = "Ta bort %@ från CodexBar? Dess hanterade Codex-hem tas bort.";
+"version_format" = "Version %@";
+"vertex_ai_login_instructions" = "Autentisera med Google Cloud för att följa Vertex AI-användning.\n\n1. Öppna Terminal\n2. Kör: gcloud auth application-default login\n3. Följ anvisningarna i webbläsaren för att logga in\n4. Ange ditt projekt: gcloud config set project PROJECT_ID\n\nÖppna Terminal nu?";
+"workspaceID is set but only opencode, opencodego, and deepgram support workspaceID." = "workspaceID är angivet, men bara opencode, opencodego och deepgram stöder workspaceID.";
+"© 2026 Peter Steinberger. MIT License." = "© 2026 Peter Steinberger. MIT-licens.";
+
+/* General Pane */
+"section_system" = "System";
+"section_usage" = "Användning";
+"section_automation" = "Automatisering";
+"language_title" = "Språk";
+"language_subtitle" = "Byt visningsspråk. Appen behöver startas om för att ändringen ska slå igenom helt.";
+"language_system" = "System";
+"language_english" = "English";
+"language_spanish" = "Español";
+"language_catalan" = "Català";
+"language_chinese_simplified" = "简体中文";
+"language_chinese_traditional" = "繁體中文";
+"language_portuguese_brazilian" = "Português (Brasil)";
+"language_swedish" = "Svenska";
+"start_at_login_title" = "Starta vid inloggning";
+"start_at_login_subtitle" = "Öppnar CodexBar automatiskt när du startar din Mac.";
+"show_cost_summary" = "Visa kostnadssammanfattning";
+"show_cost_summary_subtitle" = "Läser lokala användningsloggar. Visar idag och valt historikfönster i menyn.";
+"cost_history_days_title" = "Historikfönster: %d dagar";
+"cost_auto_refresh_info" = "Automatisk uppdatering: varje timme · Timeout: 10 min";
+"refresh_cadence_title" = "Uppdateringsintervall";
+"refresh_cadence_subtitle" = "Hur ofta CodexBar kontrollerar leverantörer i bakgrunden.";
+"manual_refresh_hint" = "Automatisk uppdatering är avstängd. Använd Uppdatera i menyn.";
+"check_provider_status_title" = "Kontrollera leverantörsstatus";
+"check_provider_status_subtitle" = "Kontrollerar OpenAI/Claude-statussidor och Google Workspace för Gemini/Antigravity och visar incidenter i ikonen och menyn.";
+"session_quota_notifications_title" = "Aviseringar för sessionskvot";
+"session_quota_notifications_subtitle" = "Aviserar när femtimmarssessionens kvot når 0 % och när den blir tillgänglig igen.";
+"quota_warning_notifications_title" = "Kvotvarningsaviseringar";
+"quota_warning_notifications_subtitle" = "Varnar när återstående sessions- eller veckokvot passerar inställda trösklar.";
+"quota_warnings_title" = "Kvotvarningar";
+"quota_warning_session" = "session";
+"quota_warning_session_capitalized" = "Session";
+"quota_warning_weekly" = "veckokvot";
+"quota_warning_weekly_capitalized" = "Veckokvot";
+"quota_warning_notification_title" = "%1$@ %2$@-kvot låg";
+"quota_warning_notification_body" = "%1$@ kvar. Din varningströskel på %2$d %% för %3$@ har nåtts.";
+"quota_warning_notification_body_with_account" = "Konto %1$@. %2$@ kvar. Din varningströskel på %3$d %% för %4$@ har nåtts.";
+"session_depleted_notification_title" = "%@-sessionen är slut";
+"session_depleted_notification_body" = "0 % kvar. Du får en avisering när den är tillgänglig igen.";
+"session_restored_notification_title" = "%@-sessionen är återställd";
+"session_restored_notification_body" = "Sessionskvoten är tillgänglig igen.";
+"quota_warning_warn_at" = "Varna vid";
+"quota_warning_global_threshold_subtitle" = "Återstående procent för sessions- och veckofönster, om inte en leverantör åsidosätter dem.";
+"quota_warning_sound" = "Spela aviseringsljud";
+"quota_warning_provider_inherits" = "Använder de globala kvotvarningsinställningarna om inte ett fönster anpassas här.";
+"quota_warning_customize_thresholds" = "Anpassa trösklar för %@";
+"quota_warning_enable_warnings" = "Aktivera varningar för %@";
+"quota_warning_window_warn_at" = "Varna vid för %@";
+"quota_warning_off" = "Av";
+"quota_warning_inherited" = "Ärvd: %@";
+"quota_warning_depleted_only" = "bara slut";
+"quota_warning_upper" = "Övre";
+"quota_warning_lower" = "Nedre";
+"apply" = "Tillämpa";
+"quit_app" = "Avsluta CodexBar";
+
+/* Tab titles */
+"tab_general" = "Allmänt";
+"tab_providers" = "Leverantörer";
+"tab_display" = "Visning";
+"tab_advanced" = "Avancerat";
+"tab_about" = "Om";
+"tab_debug" = "Felsök";
+
+/* Providers Pane */
+"select_a_provider" = "Välj en leverantör";
+"cancel" = "Avbryt";
+"last_fetch_failed" = "senaste hämtningen misslyckades";
+"usage_not_fetched_yet" = "användning har inte hämtats än";
+"managed_account_storage_unreadable" = "Hanterad kontolagring går inte att läsa. Direkt kontoåtkomst är fortfarande tillgänglig, men hanterade åtgärder för att lägga till, autentisera om och ta bort är inaktiverade tills lagringen kan återställas.";
+"remove_codex_account_title" = "Ta bort Codex-konto?";
+"remove" = "Ta bort";
+"managed_login_already_running" = "En hanterad Codex-inloggning körs redan. Vänta tills den är klar innan du lägger till eller autentiserar om ett annat konto.";
+"managed_login_failed" = "Den hanterade Codex-inloggningen slutfördes inte. Kontrollera att `codex --version` fungerar i Terminal. Om macOS blockerade eller flyttade `codex` till papperskorgen tar du bort gamla dubblettinstallationer, kör `npm install -g --include=optional @openai/codex@latest` och försöker igen.";
+"managed_login_missing_email" = "Codex-inloggningen slutfördes, men ingen e-postadress för kontot var tillgänglig. Försök igen när du har kontrollerat att kontot är helt inloggat.";
+"login_success_notification_title" = "%@-inloggning lyckades";
+"login_success_notification_body" = "Du kan återgå till appen. Autentiseringen är klar.";
+"workspace_selection_cancelled" = "CodexBar hittade flera arbetsytor, men ingen arbetsyta valdes.";
+"unsafe_managed_home" = "CodexBar vägrade ändra en oväntad hanterad hem-sökväg: %@";
+"menu_bar_metric_title" = "Menyradsmått";
+"menu_bar_metric_subtitle" = "Välj vilket fönster som styr procenttalet i menyraden.";
+"menu_bar_metric_subtitle_deepseek" = "Visar DeepSeek-saldot i menyraden.";
+"menu_bar_metric_subtitle_moonshot" = "Visar saldot för Moonshot/Kimi API i menyraden.";
+"menu_bar_metric_subtitle_mistral" = "Visar den aktuella månadens Mistral API-utgift i menyraden.";
+"menu_bar_metric_subtitle_kimik2" = "Visar Kimi K2-API-nyckelkrediter i menyraden.";
+"automatic" = "Automatiskt";
+"primary_api_key_limit" = "Primär (API-nyckelgräns)";
+
+/* Display Pane */
+"section_menu_bar" = "Menyrad";
+"merge_icons_title" = "Slå ihop ikoner";
+"merge_icons_subtitle" = "Använd en enda menyradsikon med leverantörsväxlare.";
+"switcher_shows_icons_title" = "Växlaren visar ikoner";
+"switcher_shows_icons_subtitle" = "Visa leverantörsikoner i växlaren (annars visas en veckoförloppslinje).";
+"show_most_used_provider_title" = "Visa mest använda leverantör";
+"show_most_used_provider_subtitle" = "Menyraden visar automatiskt leverantören som ligger närmast sin gräns.";
+"menu_bar_shows_percent_title" = "Menyraden visar procent";
+"menu_bar_shows_percent_subtitle" = "Ersätt figurstaplar med leverantörsikoner och ett procenttal.";
+"display_mode_title" = "Visningsläge";
+"display_mode_subtitle" = "Välj vad som ska visas i menyraden (takt visar användning mot förväntat).";
+"section_menu_content" = "Menyinnehåll";
+"show_usage_as_used_title" = "Visa användning som förbrukad";
+"show_usage_as_used_subtitle" = "Förloppsstaplar fylls när du förbrukar kvot i stället för att visa återstående.";
+"show_quota_warning_markers_title" = "Visa kvotvarningsmarkörer";
+"show_quota_warning_markers_subtitle" = "Rita tröskelmarkeringar på användningsstaplar när kvotvarningar är konfigurerade.";
+"weekly_progress_work_days_title" = "Arbetsdagar i veckoförlopp";
+"weekly_progress_work_days_subtitle" = "Rita dagsgränsmarkeringar på veckostaplar.";
+"show_reset_time_as_clock_title" = "Visa återställningstid som klockslag";
+"show_reset_time_as_clock_subtitle" = "Visa återställningstider som klockslag i stället för nedräkningar.";
+"show_provider_changelog_links_title" = "Visa länkar till leverantörers ändringsloggar";
+"show_provider_changelog_links_subtitle" = "Lägger till länkar till utgåvekommentarer för stödda CLI-baserade leverantörer i menyn.";
+"show_credits_extra_usage_title" = "Visa krediter och extra användning";
+"show_credits_extra_usage_subtitle" = "Visa avsnitt för Codex-krediter och Claude Extra-användning i menyn.";
+"show_all_token_accounts_title" = "Visa alla tokenkonton";
+"show_all_token_accounts_subtitle" = "Stapla tokenkonton i menyn (annars visas en kontoväxlare).";
+"multi_account_layout_title" = "Layout för flera konton";
+"multi_account_layout_subtitle" = "Välj segmenterad kontoväxling eller staplade kontokort.";
+"multi_account_layout_segmented" = "Segmenterad";
+"multi_account_layout_stacked" = "Staplad";
+"overview_tab_providers_title" = "Leverantörer på översiktsfliken";
+"configure" = "Konfigurera…";
+"overview_enable_merge_icons_hint" = "Aktivera Slå ihop ikoner för att konfigurera leverantörer på översiktsfliken.";
+"overview_no_providers_hint" = "Inga aktiverade leverantörer är tillgängliga för översikten.";
+"overview_rows_follow_order" = "Översiktsrader följer alltid leverantörsordningen.";
+"overview_no_providers_selected" = "Inga leverantörer valda";
+
+/* Advanced Pane */
+"section_keyboard_shortcut" = "Kortkommando";
+"open_menu_shortcut_title" = "Öppna meny";
+"open_menu_shortcut_subtitle" = "Öppna menyradsmenyn var du än är.";
+"install_cli" = "Installera CLI";
+"install_cli_subtitle" = "Symlänka CodexBarCLI till /usr/local/bin och /opt/homebrew/bin som codexbar.";
+"cli_not_found" = "CodexBarCLI hittades inte i apppaketet.";
+"no_writable_bin_dirs" = "Inga skrivbara bin-kataloger hittades.";
+"show_debug_settings_title" = "Visa felsökningsinställningar";
+"show_debug_settings_subtitle" = "Visa felsökningsverktyg på fliken Felsök.";
+"surprise_me_title" = "Överraska mig";
+"surprise_me_subtitle" = "Kontrollera om du vill att agenterna ska få leka lite där uppe.";
+"weekly_limit_confetti_title" = "Veckogränskonfetti";
+"weekly_limit_confetti_subtitle" = "Spela konfetti i helskärm när veckoförbrukningen återställs.";
+"hide_personal_info_title" = "Dölj personuppgifter";
+"hide_personal_info_subtitle" = "Maskera e-postadresser i menyraden och menygränssnittet.";
+"show_provider_storage_usage_title" = "Visa leverantörers lagringsanvändning";
+"show_provider_storage_usage_subtitle" = "Visa lokal diskanvändning i menyer. Söker igenom kända leverantörsägda sökvägar i bakgrunden.";
+"section_keychain_access" = "Åtkomst till Nyckelring";
+"keychain_access_caption" = "Inaktivera all läsning och skrivning i Nyckelring. Använd detta om macOS fortsätter fråga om 'Chrome/Brave/Edge Safe Storage' även efter att du klickat på Tillåt alltid. Import av webbläsarcookies är inte tillgänglig när detta är aktiverat. Klistra in Cookie-headers manuellt under Leverantörer. Claude/Codex OAuth via CLI fungerar fortfarande.";
+"disable_keychain_access_title" = "Inaktivera åtkomst till Nyckelring";
+"disable_keychain_access_subtitle" = "Förhindrar all åtkomst till Nyckelring när det är aktiverat.";
+
+/* About Pane */
+"about_tagline" = "Må dina token aldrig ta slut – håll agentgränserna synliga.";
+"link_github" = "GitHub";
+"link_website" = "Webbplats";
+"link_twitter" = "Twitter";
+"link_email" = "E-post";
+"check_updates_auto" = "Sök efter uppdateringar automatiskt";
+"update_channel" = "Uppdateringskanal";
+"check_for_updates" = "Sök efter uppdateringar…";
+"updates_unavailable" = "Uppdateringar är inte tillgängliga i det här bygget.";
+"copyright" = "© 2026 Peter Steinberger. MIT-licens.";
+
+/* Debug Pane */
+"section_logging" = "Loggning";
+"enable_file_logging" = "Aktivera filloggning";
+"enable_file_logging_subtitle" = "Skriv loggar till %@ för felsökning.";
+"verbosity_title" = "Detaljnivå";
+"verbosity_subtitle" = "Styr hur detaljerad loggningen är.";
+"open_log_file" = "Öppna loggfil";
+"force_animation_next_refresh" = "Tvinga animation vid nästa uppdatering";
+"force_animation_next_refresh_subtitle" = "Visar tillfälligt laddningsanimationen efter nästa uppdatering.";
+"section_loading_animations" = "Laddningsanimationer";
+"loading_animations_caption" = "Välj ett mönster och spela upp det i menyraden. \"Slumpmässig\" behåller nuvarande beteende.";
+"animation_random_default" = "Slumpmässig (standard)";
+"replay_selected_animation" = "Spela vald animation igen";
+"blink_now" = "Blinka nu";
+"section_probe_logs" = "Probloggar";
+"probe_logs_caption" = "Hämta senaste probutdata för felsökning. Kopiera behåller hela texten.";
+"fetch_log" = "Hämta logg";
+"copy" = "Kopiera";
+"save_to_file" = "Spara till fil";
+"load_parse_dump" = "Läs in tolkningsdump";
+"rerun_provider_autodetect" = "Kör automatisk leverantörsidentifiering igen";
+"loading" = "Läser in…";
+"no_log_yet_fetch" = "Ingen logg än. Hämta för att läsa in.";
+"section_fetch_strategy" = "Försök med hämtningsstrategi";
+"fetch_strategy_caption" = "Senaste hämtningskedjans beslut och fel för en leverantör.";
+"section_openai_cookies" = "OpenAI-cookies";
+"openai_cookies_caption" = "Loggar för cookieimport och WebKit-skrapning från senaste OpenAI-cookieförsöket.";
+"no_log_yet" = "Ingen logg än. Uppdatera OpenAI-cookies under Leverantörer → Codex för att köra en import.";
+"section_caches" = "Cachar";
+"caches_caption" = "Rensa cachade resultat från kostnadsskanningar eller webbläsarcookiecachar.";
+"clear_cookie_cache" = "Rensa cookiecache";
+"clear_cost_cache" = "Rensa kostnadscache";
+"section_notifications" = "Aviseringar";
+"notifications_caption" = "Skicka testaviseringar för femtimmarsfönstret (slut/återställt).";
+"post_depleted" = "Skicka slut";
+"post_restored" = "Skicka återställd";
+"section_cli_sessions" = "CLI-sessioner";
+"cli_sessions_caption" = "Håll Codex/Claude-CLI-sessioner vid liv efter en prob. Standard är att avsluta när data har fångats.";
+"keep_cli_sessions_alive" = "Håll CLI-sessioner vid liv";
+"keep_cli_sessions_alive_subtitle" = "Hoppa över nedstängning mellan prober (endast felsökning).";
+"reset_cli_sessions" = "Återställ CLI-sessioner";
+"section_error_simulation" = "Felsimulering";
+"error_simulation_caption" = "Infoga ett falskt felmeddelande i menykortet för layouttestning.";
+"set_menu_error" = "Sätt menyfel";
+"clear_menu_error" = "Rensa menyfel";
+"set_cost_error" = "Sätt kostnadsfel";
+"clear_cost_error" = "Rensa kostnadsfel";
+"section_cli_paths" = "CLI-sökvägar";
+"cli_paths_caption" = "Löst Codex-binär och PATH-lager. Inloggningsskalets PATH fångas vid start (kort timeout).";
+"codex_binary" = "Codex-binär";
+"claude_binary" = "Claude-binär";
+"effective_path" = "Effektiv PATH";
+"unavailable" = "Inte tillgänglig";
+"login_shell_path" = "Inloggningsskalets PATH (fångad vid start)";
+"cleared" = "Rensat.";
+"no_fetch_attempts" = "Inga hämtningsförsök än.";
+"macOS Tahoe can block menu bar apps in System Settings → Menu Bar → Allow in the Menu Bar. CodexBar is running, but macOS may be hiding its icon. Open Menu Bar settings and turn CodexBar on." = "macOS Tahoe kan blockera menyradsappar i Systeminställningar → Menyrad → Tillåt i menyraden. CodexBar körs, men macOS kan dölja ikonen. Öppna menyradsinställningarna och slå på CodexBar.";
+
+/* Metric preferences */
+"metric_pref_automatic" = "Automatiskt";
+"metric_pref_primary" = "Primär";
+"metric_pref_secondary" = "Sekundär";
+"metric_pref_tertiary" = "Tertiär";
+"metric_pref_extra_usage" = "Extra användning";
+"metric_pref_average" = "Genomsnitt";
+
+/* Display modes */
+"display_mode_percent" = "Procent";
+"display_mode_pace" = "Takt";
+"display_mode_both" = "Båda";
+"display_mode_percent_desc" = "Visa återstående/förbrukad procent (t.ex. 45 %)";
+"display_mode_pace_desc" = "Visa taktindikator (t.ex. +5 %)";
+"display_mode_both_desc" = "Visa både procent och takt (t.ex. 45 % · +5 %)";
+
+/* Provider status */
+"status_operational" = "Fungerar normalt";
+"status_partial_outage" = "Delvis avbrott";
+"status_major_outage" = "Större avbrott";
+"status_critical_issue" = "Kritiskt problem";
+"status_maintenance" = "Underhåll";
+"status_unknown" = "Okänd status";
+
+/* Refresh frequency */
+"refresh_manual" = "Manuellt";
+"refresh_1min" = "1 min";
+"refresh_2min" = "2 min";
+"refresh_5min" = "5 min";
+"refresh_15min" = "15 min";
+"refresh_30min" = "30 min";
+
+/* Additional keys */
+"not_found" = "Hittades inte";
+
+/* Cost estimation */
+"cost_header_estimated" = "Kostnad (uppskattad)";
+"cost_estimate_hint" = "Uppskattat från lokala loggar · kan skilja sig från din faktura";
+"No JetBrains IDE with AI Assistant detected. Install a JetBrains IDE and enable AI Assistant." = "Ingen JetBrains IDE med AI Assistant hittades. Installera en JetBrains IDE och aktivera AI Assistant.";
+"OpenRouter API token not configured. Set OPENROUTER_API_KEY environment variable or configure in Settings." = "OpenRouter-API-token är inte konfigurerad. Ange miljövariabeln OPENROUTER_API_KEY eller konfigurera i Inställningar.";
+"z.ai API token not found. Set apiKey in ~/.codexbar/config.json or Z_AI_API_KEY." = "z.ai-API-token hittades inte. Ange apiKey i ~/.codexbar/config.json eller Z_AI_API_KEY.";
+"Missing DeepSeek API key." = "DeepSeek-API-nyckel saknas.";
+"%@ is unavailable in the current environment." = "%@ är inte tillgänglig i den aktuella miljön.";
+"All Systems Operational" = "Alla system fungerar";
+"Last 30 days" = "Senaste 30 dagarna";
+"Last 30 days:" = "Senaste 30 dagarna:";
+"This month" = "Den här månaden";
+"Store multiple OpenAI API keys." = "Spara flera OpenAI-API-nycklar.";
+"Admin API key" = "Admin-API-nyckel";
+"Open billing" = "Öppna fakturering";
+"Google accounts" = "Google-konton";
+"Store multiple Antigravity Google OAuth accounts for quick switching." = "Spara flera Google OAuth-konton för Antigravity så att du snabbt kan växla.";
+"Add Google Account" = "Lägg till Google-konto";
+"Open Token Plan" = "Öppna tokenplan";
+"Text Generation" = "Textgenerering";
+"Text to Speech" = "Text till tal";
+"Music Generation" = "Musikgenerering";
+"Image Generation" = "Bildgenerering";
+"No local data found" = "Inga lokala data hittades";
+"Credits unavailable; keep Codex running to refresh." = "Krediter är inte tillgängliga. Håll Codex igång för att uppdatera.";
+"No available fetch strategy for minimax." = "Ingen tillgänglig hämtningsstrategi för minimax.";
+"No Cursor session found. Please log in to cursor.com in Safari, Chrome, Microsoft Edge, Brave, Arc, Dia, ChatGPT Atlas, Chromium, Helium, Vivaldi, Yandex Browser, Firefox, Zen, Colibri, Sidekick, Opera, Opera GX, or Edge Canary. If you use Safari, grant CodexBar Full Disk Access in System Settings ▸ Privacy & Security. You can also sign in to Cursor from the CodexBar menu (Add / switch account)." = "Ingen Cursor-session hittades. Logga in på cursor.com i Safari, Chrome, Microsoft Edge, Brave, Arc, Dia, ChatGPT Atlas, Chromium, Helium, Vivaldi, Yandex Browser, Firefox, Zen, Colibri, Sidekick, Opera, Opera GX eller Edge Canary. Om du använder Safari ger du CodexBar Fullständig skivåtkomst i Systeminställningar ▸ Integritet och säkerhet. Du kan också logga in på Cursor från CodexBar-menyn (lägg till/byt konto).";
+"No OpenCode session cookies found in browsers." = "Inga OpenCode-sessionscookies hittades i webbläsare.";
+"No available fetch strategy for %@." = "Ingen tillgänglig hämtningsstrategi för %@.";
+"Today" = "Idag";
+"Today tokens" = "Token idag";
+"30d cost" = "Kostnad 30 d";
+"30d tokens" = "Token 30 d";
+"Latest tokens" = "Senaste token";
+"Top model" = "Toppmodell";
+"Storage" = "Lagring";
+"Add Account..." = "Lägg till konto...";
+"Usage Dashboard" = "Användningsinstrumentpanel";
+"Status Page" = "Statussida";
+"Settings..." = "Inställningar...";
+"About CodexBar" = "Om CodexBar";
+"Quit" = "Avsluta";
+"Last %d day" = "Senaste %d dagen";
+"Last %d days" = "Senaste %d dagarna";
+"%@ tokens" = "%@ token";
+"Latest billing day" = "Senaste faktureringsdag";
+"Latest billing day (%@)" = "Senaste faktureringsdag (%@)";
+"%@ left" = "%@ kvar";
+"Resets %@" = "Återställs %@";
+"Resets in %@" = "Återställs om %@";
+"Resets now" = "Återställs nu";
+"Lasts until reset" = "Räcker till återställning";
+"Updated %@" = "Uppdaterad %@";
+"Updated %@h ago" = "Uppdaterad för %@ h sedan";
+"Updated %@m ago" = "Uppdaterad för %@ min sedan";
+"Updated just now" = "Uppdaterad nyss";
+"Projected empty in %@" = "Beräknas ta slut om %@";
+"Runs out in %@" = "Tar slut om %@";
+"Pace: %@" = "Takt: %@";
+"Pace: %@ · %@" = "Takt: %@ · %@";
+"%@ · %@" = "%@ · %@";
+"≈ %d%% run-out risk" = "≈ %d %% risk att ta slut";
+"%d%% in deficit" = "%d %% underskott";
+"%d%% in reserve" = "%d %% reserv";
+"usage_percent_suffix_left" = "kvar";
+"usage_percent_suffix_used" = "förbrukat";
+"Store multiple DeepSeek API keys." = "Spara flera DeepSeek-API-nycklar.";
+"This week" = "Den här veckan";
+"Week" = "Vecka";
+"Month" = "Månad";
+"Models" = "Modeller";
+"24h tokens" = "Token 24 h";
+"Latest hour" = "Senaste timmen";
+"Peak hour" = "Topptimme";
+"Top method" = "Toppmetod";
+"30d cash" = "Pengar 30 d";
+"30d billing history from MiniMax web session" = "Faktureringshistorik 30 d från MiniMax-webbsession";
+"AWS Cost Explorer billing can lag." = "AWS Cost Explorer-fakturering kan släpa efter.";
+"Rate limit: %d / %@" = "Gräns: %d / %@";
+"Key remaining" = "Nyckel återstår";
+"No limit set for the API key" = "Ingen gräns är satt för API-nyckeln";
+"API key limit unavailable right now" = "API-nyckelgränsen är inte tillgänglig just nu";
+"This month: %@ tokens" = "Den här månaden: %@ token";
+"No utilization data yet." = "Inga utnyttjandedata än.";
+"No %@ utilization data yet." = "Inga utnyttjandedata för %@ än.";
+"%@: %@%% used" = "%@: %@ %% förbrukat";
+"%dd" = "%d d";
+"today" = "idag";
+"just now" = "nyss";
+"On pace" = "I takt";
+"Runs out now" = "Tar slut nu";
+"Projected empty now" = "Beräknas vara slut nu";
+"Switch Account..." = "Byt konto...";
+"Update ready, restart now?" = "Uppdatering redo. Starta om nu?";
+"Daily" = "Dagligen";
+"Hourly Tokens" = "Token per timme";
+"No data" = "Inga data";
+"No usage breakdown data available." = "Ingen användningsuppdelning tillgänglig.";
+
+"Today: %@ · %@ tokens" = "Idag: %@ · %@ token";
+"Today: %@" = "Idag: %@";
+"Today: %@ tokens" = "Idag: %@ token";
+"Last 30 days: %@ · %@ tokens" = "Senaste 30 dagarna: %@ · %@ token";
+"Last 30 days: %@" = "Senaste 30 dagarna: %@";
+"Est. total (30d): %@" = "Uppsk. totalt (30 d): %@";
+"Est. total (%@): %@" = "Uppsk. totalt (%@): %@";
+"Hover a bar for details" = "Håll pekaren över en stapel för detaljer";
+"%@: %@ · %@ tokens" = "%@: %@ · %@ token";
+"No providers selected for Overview." = "Inga leverantörer valda för översikten.";
+"No overview data available." = "Inga översiktsdata tillgängliga.";
+"Auto uses the local IDE API first, then Google OAuth when the IDE is closed." = "Auto använder det lokala IDE-API:t först och sedan Google OAuth när IDE:n är stängd.";
+"Login with Google" = "Logga in med Google";
+"Google OAuth" = "Google OAuth";
+"Add accounts via GitHub OAuth Device Flow on the selected host." = "Lägg till konton via GitHub OAuth Device Flow på vald värd.";
+"Stores each signed-in Google account for quick Antigravity switching. Uses Antigravity.app OAuth when available, or ANTIGRAVITY_OAUTH_CLIENT_ID and ANTIGRAVITY_OAUTH_CLIENT_SECRET as an override." = "Sparar varje inloggat Google-konto för snabb växling i Antigravity. Använder Antigravity.app OAuth när det finns, eller ANTIGRAVITY_OAUTH_CLIENT_ID och ANTIGRAVITY_OAUTH_CLIENT_SECRET som ersättning.";
+"Manual cleanup: past sessions" = "Manuell rensning: tidigare sessioner";
+"Clearing removes past resume, continue, and rewind history." = "Rensning tar bort historik för tidigare återuppta, fortsätt och spola tillbaka.";
+"Manual cleanup: file checkpoints" = "Manuell rensning: filkontrollpunkter";
+"Clearing removes checkpoint restore data for previous edits." = "Rensning tar bort återställningsdata från kontrollpunkter för tidigare ändringar.";
+"Manual cleanup: saved plans" = "Manuell rensning: sparade planer";
+"Clearing removes old plan-mode files." = "Rensning tar bort gamla planlägesfiler.";
+"Manual cleanup: debug logs" = "Manuell rensning: felsökningsloggar";
+"Clearing removes past debug logs." = "Rensning tar bort tidigare felsökningsloggar.";
+"Manual cleanup: attachment cache" = "Manuell rensning: cache för bilagor";
+"Clearing removes cached large pastes or attached images." = "Rensning tar bort cachade stora inklistringar eller bifogade bilder.";
+"Manual cleanup: session metadata" = "Manuell rensning: sessionsmetadata";
+"Clearing removes per-session environment metadata." = "Rensning tar bort miljömetadata per session.";
+"Manual cleanup: shell snapshots" = "Manuell rensning: skalögonblicksbilder";
+"Clearing removes leftover runtime shell snapshot files." = "Rensning tar bort kvarvarande skalögonblicksbilder från körtid.";
+"Manual cleanup: legacy todos" = "Manuell rensning: äldre att göra-listor";
+"Clearing removes legacy per-session task lists." = "Rensning tar bort äldre uppgiftslistor per session.";
+"Manual cleanup: sessions" = "Manuell rensning: sessioner";
+"Clearing removes past Codex session history." = "Rensning tar bort tidigare Codex-sessionshistorik.";
+"Manual cleanup: archived sessions" = "Manuell rensning: arkiverade sessioner";
+"Clearing removes archived Codex session history." = "Rensning tar bort arkiverad Codex-sessionshistorik.";
+"Manual cleanup: cache" = "Manuell rensning: cache";
+"Clearing removes provider-owned cached data." = "Rensning tar bort leverantörsägda cachade data.";
+"Manual cleanup: logs" = "Manuell rensning: loggar";
+"Clearing removes local diagnostic logs." = "Rensning tar bort lokala diagnostikloggar.";
+"Manual cleanup: file history" = "Manuell rensning: filhistorik";
+"Clearing removes local edit checkpoint history." = "Rensning tar bort lokal redigeringshistorik från kontrollpunkter.";
+"Manual cleanup: temporary data" = "Manuell rensning: tillfälliga data";
+"Clearing removes local temporary provider data." = "Rensning tar bort tillfälliga lokala leverantörsdata.";
+"Total: %@" = "Totalt: %@";
+"%d more items" = "%d objekt till";
+"Cleanup ideas" = "Rensningsförslag";
+"%d unreadable item(s) skipped" = "%d oläsbara objekt hoppades över";
+
+"API key limit" = "API-nyckelgräns";
+"Auth" = "Autentisering";
+"Auto" = "Auto";
+"Disabled — no recent data" = "Inaktiverad – inga färska data";
+"Limits not available" = "Gränser är inte tillgängliga";
+"No usage yet" = "Ingen användning än";
+"Not fetched yet" = "Inte hämtat än";
+"Refreshing" = "Uppdaterar";
+"Session" = "Session";
+"Source" = "Källa";
+"State" = "Tillstånd";
+"Unavailable" = "Inte tillgänglig";
+"Weekly" = "Vecka";
+"not detected" = "inte hittad";
+"Estimated from local Codex logs for the selected account." = "Uppskattat från lokala Codex-loggar för valt konto.";
+"minimax_usage_amount_format" = "Användning: %@ / %@";
+"minimax_used_percent_format" = "Förbrukat %@";
+"minimax_service_text_generation" = "Textgenerering";
+"minimax_service_text_to_speech" = "Text till tal";
+"minimax_service_music_generation" = "Musikgenerering";
+"minimax_service_image_generation" = "Bildgenerering";
+"minimax_service_lyrics_generation" = "Låttextgenerering";
+"minimax_service_coding_plan_vlm" = "Coding plan VLM";
+"minimax_service_coding_plan_search" = "Coding plan-sökning";
+
+/* Added after rebasing Swedish localization on current main. */
+"Open MiMo Balance" = "Öppna MiMo-saldo";
+"Stored in ~/.codexbar/config.json. Metrics require Groq Enterprise Prometheus access." = "Sparas i ~/.codexbar/config.json. Mätvärden kräver åtkomst till Groq Enterprise Prometheus.";
+"API spend" = "API-kostnad";
+"Open Command Code Settings" = "Öppna Command Code-inställningar";
+"Plan utilization chart" = "Diagram över plananvändning";
+"The browser login did not complete in time. Try Antigravity login again." = "Webbläsarinloggningen blev inte klar i tid. Försök logga in i Antigravity igen.";
+"Organizations" = "Organisationer";
+"Your StepFun platform password. Used to login and obtain a session token." = "Ditt lösenord för StepFun-plattformen. Används för att logga in och hämta en sessionstoken.";
+"Open this URL manually to continue login:\n\n%@" = "Öppna denna URL manuellt för att fortsätta inloggningen:\n\n%@";
+"CodexBar could not replace the live Codex auth on this Mac." = "CodexBar kunde inte ersätta aktiv Codex-autentisering på den här Mac-datorn.";
+"Stored in ~/.codexbar/config.json. Used for /v1/quota-stats." = "Sparas i ~/.codexbar/config.json. Används för /v1/quota-stats.";
+"CodexBar could not safely preserve the current system account before switching." = "CodexBar kunde inte spara det aktuella systemkontot säkert före bytet.";
+"Oasis-Token" = "Oasis-Token";
+"Open Crof dashboard" = "Öppna Crof-översikt";
+"Sonnet" = "Sonnet";
+"No credits history data available." = "Ingen kredithistorik finns tillgänglig.";
+"4 days" = "4 dagar";
+"AWS secret access key. Can also be set with AWS_SECRET_ACCESS_KEY." = "Hemlig AWS-åtkomstnyckel. Kan även anges med AWS_SECRET_ACCESS_KEY.";
+"Paste a Cookie header or cURL capture from %@." = "Klistra in en Cookie-header eller cURL-fångst från %@.";
+"Show or hide Kiro credits, percent, or both next to the menu bar icon." = "Visa eller dölj Kiro-krediter, procent eller båda bredvid menyradsikonen.";
+"credits" = "krediter";
+"CodexBar will ask macOS Keychain for “%@” so it can decrypt browser cookies and authenticate your account. Click OK to continue." = "CodexBar kommer att be macOS Nyckelring om ”%@” så att webbläsarcookies kan dekrypteras och ditt konto autentiseras. Klicka på OK för att fortsätta.";
+"StepFun platform account (phone number or email)." = "StepFun-plattformskonto (telefonnummer eller e-post).";
+"Timed out waiting for Cursor login. %@" = "Tidsgränsen nåddes i väntan på Cursor-inloggning. %@";
+"CodexBar will ask macOS Keychain for your Amp cookie header so it can fetch usage. Click OK to continue." = "CodexBar kommer att be macOS Nyckelring om din Amp-cookie-header så att användning kan hämtas. Klicka på OK för att fortsätta.";
+"Stored in ~/.codexbar/config.json." = "Sparas i ~/.codexbar/config.json.";
+"Reported by Mistral billing usage." = "Rapporteras av Mistrals debiteringsanvändning.";
+"Usage remaining" = "Användning kvar";
+"Usage used" = "Användning förbrukad";
+"Cookie: …\n\nor paste the __Secure-next-auth.session-token value" = "Cookie: …\n\neller klistra in värdet för __Secure-next-auth.session-token";
+"Password" = "Lösenord";
+"Stored in ~/.codexbar/config.json. In Warp, open Settings > Platform > API Keys, then create one." = "Sparas i ~/.codexbar/config.json. Öppna Settings > Platform > API Keys i Warp och skapa en nyckel.";
+"%d percent remaining" = "%d procent kvar";
+"Open Manus" = "Öppna Manus";
+"Unknown" = "Okänt";
+"Open Ollama API Keys" = "Öppna Ollama-API-nycklar";
+"Hourly Usage" = "Användning per timme";
+"Requests" = "Förfrågningar";
+"Antigravity login timed out" = "Antigravity-inloggning tog för lång tid";
+"%@ requests" = "%@ förfrågningar";
+"Open StepFun Platform" = "Öppna StepFun-plattformen";
+"CodexBar will ask macOS Keychain for your OpenCode cookie header so it can fetch usage. Click OK to continue." = "CodexBar kommer att be macOS Nyckelring om din OpenCode-cookie-header så att användning kan hämtas. Klicka på OK för att fortsätta.";
+"Endpoint" = "Slutpunkt";
+"Paste the %@ JSON bundle from %@." = "Klistra in %@-JSON-paketet från %@.";
+"Uses username + password to login and obtain an %@ automatically." = "Använder användarnamn och lösenord för att logga in och hämta ett %@ automatiskt.";
+"Capacity Start" = "Kapacitetsstart";
+"Paste the Oasis-Token from a logged-in browser session on platform.stepfun.com." = "Klistra in Oasis-Token från en inloggad webbläsarsession på platform.stepfun.com.";
+"Claude Admin API 30 day spend trend" = "30-dagars kostnadstrend för Claude Admin API";
+"%@/%@ left" = "%@/%@ kvar";
+"Monthly" = "Månadsvis";
+"Gemini Flash" = "Gemini Flash";
+"Cost history chart" = "Diagram över kostnadshistorik";
+"Today requests" = "Dagens förfrågningar";
+"Kiro menu bar value" = "Kiro-värde i menyraden";
+"CodexBar could not read managed account storage. Recover the store before adding another account." = "CodexBar kunde inte läsa hanterad kontolagring. Återställ lagringen innan du lägger till ett konto till.";
+"Using CLI fallback" = "Använder CLI-reserv";
+"%@ web API access is disabled." = "%@-åtkomst till webb-API är inaktiverad.";
+"tokens" = "token";
+"%@ / %@ (%@ remaining)" = "%@ / %@ (%@ kvar)";
+"Zen balance" = "Zen-saldo";
+"Daily billing data finalizes at 07:00 UTC" = "Dagliga debiteringsdata fastställs kl. 07.00 UTC";
+"Add Account" = "Lägg till konto";
+"CodexBar found another managed account that already uses the current system account. Resolve the duplicate account before switching." = "CodexBar hittade ett annat hanterat konto som redan använder det aktuella systemkontot. Lös dubbletten innan du byter.";
+"codex login exited with status %d." = "codex login avslutades med status %d.";
+"CodexBar could not read saved auth for that account. Re-authenticate it and try again." = "CodexBar kunde inte läsa sparad autentisering för kontot. Autentisera det igen och försök igen.";
+"Cookie: …\n\nor paste the kimi-auth token value" = "Cookie: …\n\neller klistra in värdet för kimi-auth-token";
+"Optional organization ID for accounts linked to multiple Anthropic organizations." = "Valfritt organisations-ID för konton som är kopplade till flera Anthropic-organisationer.";
+"Manually paste an %@ from a browser session." = "Klistra in ett %@ manuellt från en webbläsarsession.";
+"MiniMax 30 day token usage trend" = "30-dagars tokenanvändningstrend för MiniMax";
+"Choose the Moonshot/Kimi API host for international or China mainland accounts." = "Välj Moonshot/Kimi API-värd för internationella konton eller konton i Fastlandskina.";
+"Stored in ~/.codexbar/config.json. Get your key from openrouter.ai/settings/keys and set a key spending limit there to enable API key quota tracking." = "Sparas i ~/.codexbar/config.json. Hämta nyckeln från openrouter.ai/settings/keys och ange en köpgräns för nyckeln för att aktivera spårning av API-nyckelkvot.";
+"Uses username + password to login and obtain an Oasis-Token automatically." = "Använder användarnamn och lösenord för att logga in och hämta en Oasis-Token automatiskt.";
+"OpenRouter API key spend trend" = "Kostnadstrend för OpenRouter-API-nyckel";
+"Workspace ID" = "Arbetsyte-ID";
+"Refresh Session" = "Uppdatera session";
+"Today cash" = "Dagens kontanter";
+"Sign in to cursor.com in your browser, then refresh Cursor in CodexBar." = "Logga in på cursor.com i webbläsaren och uppdatera sedan Cursor i CodexBar.";
+"Extra usage spent" = "Extra användning förbrukad";
+"5 days" = "5 dagar";
+"T3 Chat cookie" = "T3 Chat-cookie";
+"Full in ~1 regen" = "Full om cirka 1 regenerering";
+"DeepSeek 30 day token usage trend" = "30-dagars tokenanvändningstrend för DeepSeek";
+"Reorder" = "Ändra ordning";
+"Changelog" = "Ändringslogg";
+"Deployment" = "Distribution";
+"Quota usage" = "Kvotanvändning";
+"No system account" = "Inget systemkonto";
+"Stored in ~/.codexbar/config.json. Requires an Anthropic Admin API key." = "Sparas i ~/.codexbar/config.json. Kräver en Anthropic Admin API-nyckel.";
+"AWS region. Can also be set with AWS_REGION." = "AWS-region. Kan även anges med AWS_REGION.";
+"CodexBar will ask macOS Keychain for your Claude cookie header so it can fetch Claude web usage. Click OK to continue." = "CodexBar kommer att be macOS Nyckelring om din Claude-cookie-header så att Claude-webbanvändning kan hämtas. Klicka på OK för att fortsätta.";
+"CodexBar will ask macOS Keychain for your z.ai API token so it can fetch usage. Click OK to continue." = "CodexBar kommer att be macOS Nyckelring om din z.ai-API-token så att användning kan hämtas. Klicka på OK för att fortsätta.";
+"Show usage for organizations you belong to. Personal account is always shown." = "Visa användning för organisationer du tillhör. Personligt konto visas alltid.";
+"%@ of %@ credits left" = "%@ av %@ krediter kvar";
+"Stored in ~/.codexbar/config.json. You can also provide CODEBUFF_API_KEY or let CodexBar read ~/.config/manicode/credentials.json (created by `codebuff login`)." = "Sparas i ~/.codexbar/config.json. Du kan också ange CODEBUFF_API_KEY eller låta CodexBar läsa ~/.config/manicode/credentials.json (skapas av `codebuff login`).";
+"Automatic imports Windsurf session data from Chromium browser localStorage." = "Importerar Windsurf-sessionsdata från Chromium-webbläsarens localStorage automatiskt.";
+"Full in ~%.0f regens" = "Full om cirka %.0f regenereringar";
+"Verbosity" = "Detaljnivå";
+"%d days of usage data across %d services" = "%d dagar med användningsdata för %d tjänster";
+"Stored in ~/.codexbar/config.json. You can also provide KILO_API_KEY or ~/.local/share/kilo/auth.json (kilo.access)." = "Sparas i ~/.codexbar/config.json. Du kan också ange KILO_API_KEY eller ~/.local/share/kilo/auth.json (kilo.access).";
+"Windsurf session JSON bundle" = "Windsurf-sessionspaket i JSON";
+"CodexBar will ask macOS Keychain for your Cursor cookie header so it can fetch usage. Click OK to continue." = "CodexBar kommer att be macOS Nyckelring om din Cursor-cookie-header så att användning kan hämtas. Klicka på OK för att fortsätta.";
+"Drag to reorder" = "Dra för att ändra ordning";
+"cache-hit input" = "cacheträff-indata";
+"Automatically imports browser cookies." = "Importerar webbläsarcookies automatiskt.";
+"Open Volcengine Ark Console" = "Öppna Volcengine Ark-konsol";
+"Antigravity login failed" = "Antigravity-inloggning misslyckades";
+"Keychain access is disabled in Advanced, so browser cookie import is unavailable." = "Åtkomst till Nyckelring är inaktiverad under Avancerat, så import av webbläsarcookies är inte tillgänglig.";
+"Browser cookies" = "Webbläsarcookies";
+"Usage history (%d days)" = "Användningshistorik (%d dagar)";
+"Cache read" = "Cacheläsning";
+"Copied" = "Kopierat";
+"Disable %@ dashboard cookie usage." = "Inaktivera cookie-användning för %@-översikten.";
+"30d requests" = "30 d förfrågningar";
+"Adding Account…" = "Lägger till konto…";
+"Base URL" = "Bas-URL";
+"Utilization End" = "Användningsslut";
+"7d spend" = "7 d kostnad";
+"CodexBar could not read the current system account on this Mac." = "CodexBar kunde inte läsa det aktuella systemkontot på den här Mac-datorn.";
+"%@ of %@ bonus credits left" = "%@ av %@ bonuskrediter kvar";
+"Overage usage" = "Överförbrukning";
+"AWS access key ID. Can also be set with AWS_ACCESS_KEY_ID." = "AWS-åtkomstnyckel-ID. Kan även anges med AWS_ACCESS_KEY_ID.";
+"CodexBar could not find saved auth for that account. Re-authenticate it and try again." = "CodexBar kunde inte hitta sparad autentisering för kontot. Autentisera det igen och försök igen.";
+"Capacity End" = "Kapacitetsslut";
+"Paste the %@ value or a full Cookie header." = "Klistra in %@-värdet eller en fullständig Cookie-header.";
+"CodexBar will ask macOS Keychain for your Factory cookie header so it can fetch usage. Click OK to continue." = "CodexBar kommer att be macOS Nyckelring om din Factory-cookie-header så att användning kan hämtas. Klicka på OK för att fortsätta.";
+"Paste a Cookie header or full cURL capture from %@." = "Klistra in en Cookie-header eller fullständig cURL-fångst från %@.";
+"Paste the Cookie header from a request to admin.mistral.ai. Must contain an ory_session_* cookie." = "Klistra in Cookie-headern från en förfrågan till admin.mistral.ai. Den måste innehålla en ory_session_*-cookie.";
+"Copy error" = "Kopieringsfel";
+"CodexBar will ask macOS Keychain for your MiniMax API token so it can fetch usage. Click OK to continue." = "CodexBar kommer att be macOS Nyckelring om din MiniMax-API-token så att användning kan hämtas. Klicka på OK för att fortsätta.";
+"Project ID" = "Projekt-ID";
+"Timed out waiting for Cursor login. %@ Last error: %@" = "Tidsgränsen nåddes i väntan på Cursor-inloggning. %@ Senaste fel: %@";
+"codex_login_output" = "utdata från codex login:";
+"Stored in ~/.codexbar/config.json. Get your API key from the Volcengine Ark console." = "Sparas i ~/.codexbar/config.json. Hämta API-nyckeln från Volcengine Ark-konsolen.";
+"Overage cost" = "Kostnad för överförbrukning";
+"CodexBar can't replace a system account that is signed in with an API key only setup." = "CodexBar kan inte ersätta ett systemkonto som är inloggat med en konfiguration som bara använder API-nyckel.";
+"Utilization Start" = "Användningsstart";
+"API key verifies Ollama Cloud access; cookies still expose quota limits." = "API-nyckeln verifierar åtkomst till Ollama Cloud. Cookies visar fortfarande kvotgränser.";
+"Credits remaining" = "Krediter kvar";
+"Activity" = "Aktivitet";
+"Stored in ~/.codexbar/config.json. Get your key from console.deepgram.com." = "Sparas i ~/.codexbar/config.json. Hämta nyckeln från console.deepgram.com.";
+"Azure OpenAI deployment name. AZURE_OPENAI_DEPLOYMENT_NAME is also supported." = "Azure OpenAI-distributionens namn. AZURE_OPENAI_DEPLOYMENT_NAME stöds också.";
+"Extra usage balance: %@" = "Saldo för extra användning: %@";
+"requests" = "förfrågningar";
+"CodexBar could not save the current system account before switching." = "CodexBar kunde inte spara det aktuella systemkontot före bytet.";
+"Stored in ~/.codexbar/config.json. For the official Kimi API, use Moonshot / Kimi API." = "Sparas i ~/.codexbar/config.json. För det officiella Kimi-API:t använder du Moonshot / Kimi API.";
+"Cookie: …\n\nor paste a cURL capture from the Abacus AI dashboard" = "Cookie: …\n\neller klistra in en cURL-fångst från Abacus AI-översikten";
+"Last 30 days: %@ tokens" = "Senaste 30 dagarna: %@ token";
+"%@ authentication is disabled." = "%@-autentisering är inaktiverad.";
+"CodexBar will ask macOS Keychain for your GitHub Copilot token so it can fetch usage. Click OK to continue." = "CodexBar kommer att be macOS Nyckelring om din GitHub Copilot-token så att användning kan hämtas. Klicka på OK för att fortsätta.";
+"z.ai hourly token trend" = "Token-trend per timme för z.ai";
+"Near full" = "Nästan full";
+"Open Moonshot Console" = "Öppna Moonshot-konsol";
+"Open T3 Chat Settings" = "Öppna T3 Chat-inställningar";
+"after next regen" = "efter nästa regenerering";
+"%.0f%% used" = "%.0f%% använt";
+"claude /login exited with status %d." = "claude /login avslutades med status %d.";
+"%d days of cost data" = "%d dagar med kostnadsdata";
+"Open legacy provider docs" = "Öppna äldre leverantörsdokumentation";
+"Secret access key" = "Hemlig åtkomstnyckel";
+"Region" = "Region";
+"Paste a Cookie header captured from %@." = "Klistra in en Cookie-header fångad från %@.";
+"Credits history chart" = "Diagram över kredithistorik";
+"Re-authenticating…" = "Autentiserar igen…";
+"Paste a full cookie header or the %@ value." = "Klistra in en fullständig cookie-header eller %@-värdet.";
+"Reload" = "Läs in igen";
+"Stored in ~/.codexbar/config.json. OPENAI_ADMIN_KEY is preferred; OPENAI_API_KEY still works." = "Sparas i ~/.codexbar/config.json. OPENAI_ADMIN_KEY föredras, men OPENAI_API_KEY fungerar fortfarande.";
+"Access key ID" = "Åtkomstnyckel-ID";
+"No output captured." = "Ingen utdata fångades.";
+"Refresh organizations" = "Uppdatera organisationer";
+"session_id=...\n\nor paste just the session_id value" = "session_id=...\n\neller klistra bara in session_id-värdet";
+"Open Codebuff Dashboard" = "Öppna Codebuff-översikt";
+"7 days" = "7 dagar";
+"output" = "utdata";
+"Simulated error text" = "Simulerad feltext";
+"Regenerates %@" = "Regenererar %@";
+"Usage history (today)" = "Användningshistorik (i dag)";
+"Optional. Leave blank to discover and aggregate projects visible to the API key." = "Valfritt. Lämna tomt för att hitta och slå ihop projekt som är synliga för API-nyckeln.";
+"Stored in ~/.codexbar/config.json. Get your key from elevenlabs.io/app/settings/api-keys." = "Sparas i ~/.codexbar/config.json. Hämta nyckeln från elevenlabs.io/app/settings/api-keys.";
+"Automatic imports browser cookies from Bailian." = "Importerar webbläsarcookies från Bailian automatiskt.";
+"Enterprise host" = "Enterprise-värd";
+"Optional. Enter your GitHub Enterprise host, for example octocorp.ghe.com. Leave blank for github.com." = "Valfritt. Ange din GitHub Enterprise-värd, till exempel octocorp.ghe.com. Lämna tomt för github.com.";
+"%d utilization samples" = "%d användningsmätningar";
+"Cap start" = "Gränsstart";
+"Credits used" = "Använda krediter";
+"CodexBar will ask macOS Keychain for your OpenAI cookie header so it can fetch Codex dashboard extras. Click OK to continue." = "CodexBar kommer att be macOS Nyckelring om din OpenAI-cookie-header så att extra Codex-översiktsdata kan hämtas. Klicka på OK för att fortsätta.";
+"Re-auth" = "Autentisera igen";
+"cache-miss input" = "cachemiss-indata";
+"Day" = "Dag";
+"Optional. Applies to the configured Admin API key; selected token accounts do not inherit OPENAI_PROJECT_ID." = "Valfritt. Gäller den konfigurerade Admin API-nyckeln. Valda tokenkonton ärver inte OPENAI_PROJECT_ID.";
+"Balance updates in near-real time (up to 5 min lag)" = "Saldot uppdateras nästan i realtid (upp till 5 min fördröjning)";
+"Cap end" = "Gränsslut";
+"Personal account" = "Personligt konto";
+"Automatically imports browser session cookies." = "Importerar webbläsarens sessionscookies automatiskt.";
+"Label" = "Etikett";
+"Stored in ~/.codexbar/config.json. Get your key from Ollama settings." = "Sparas i ~/.codexbar/config.json. Hämta nyckeln från Ollama-inställningarna.";
+"Open Augment (Log Out & Back In)" = "Öppna Augment (logga ut och in igen)";
+"Overages" = "Överförbrukning";
+"Open projects" = "Öppna projekt";
+"Reported by OpenAI Admin API organization usage." = "Rapporteras av OpenAI Admin API:s organisationsanvändning.";
+"%@: %@ credits" = "%@: %@ krediter";
+"CodexBar will ask macOS Keychain for your Kimi auth token so it can fetch usage. Click OK to continue." = "CodexBar kommer att be macOS Nyckelring om din Kimi-autentiseringstoken så att användning kan hämtas. Klicka på OK för att fortsätta.";
+"Keychain Access Required" = "Åtkomst till Nyckelring krävs";
+"Username" = "Användarnamn";
+"CodexBar will ask macOS Keychain for your MiniMax cookie header so it can fetch usage. Click OK to continue." = "CodexBar kommer att be macOS Nyckelring om din MiniMax-cookie-header så att användning kan hämtas. Klicka på OK för att fortsätta.";
+"30d spend" = "30 d kostnad";
+"API key verified. Ollama does not expose Cloud quota limits through the API." = "API-nyckeln har verifierats. Ollama exponerar inte Cloud-kvotgränser via API:t.";
+"Series" = "Serie";
+"Total (30d): %@ credits" = "Totalt (30 d): %@ krediter";
+"Paste a Cookie header or full cURL capture from T3 Chat settings." = "Klistra in en Cookie-header eller fullständig cURL-fångst från T3 Chat-inställningarna.";
+"%d days of credits data" = "%d dagar med kreditdata";
+"used after next regen" = "använt efter nästa regenerering";
+"CodexBar will ask macOS Keychain for your Kimi K2 API key so it can fetch usage. Click OK to continue." = "CodexBar kommer att be macOS Nyckelring om din Kimi K2-API-nyckel så att användning kan hämtas. Klicka på OK för att fortsätta.";
+"Usage breakdown chart" = "Diagram över användningsfördelning";
+"Could not open browser for Antigravity" = "Kunde inte öppna webbläsare för Antigravity";
+"Stored in ~/.codexbar/config.json. AZURE_OPENAI_API_KEY is also supported." = "Sparas i ~/.codexbar/config.json. AZURE_OPENAI_API_KEY stöds också.";
+"Could not open Cursor login in your browser." = "Kunde inte öppna Cursor-inloggning i webbläsaren.";
+"Latest" = "Senaste";
+"Azure OpenAI resource endpoint. AZURE_OPENAI_ENDPOINT is also supported." = "Azure OpenAI-resursens slutpunkt. AZURE_OPENAI_ENDPOINT stöds också.";
+"No organizations loaded. Click Refresh after setting your API key." = "Inga organisationer har lästs in. Klicka på Uppdatera efter att du har angett API-nyckeln.";
+"Copy path" = "Kopiera sökväg";
+"Paste a Cookie header from %@." = "Klistra in en Cookie-header från %@.";
+"CodexBar will ask macOS Keychain for the Claude Code OAuth token so it can fetch your Claude usage. Click OK to continue." = "CodexBar kommer att be macOS Nyckelring om OAuth-token för Claude Code så att din Claude-användning kan hämtas. Klicka på OK för att fortsätta.";
+"Base URL for the LLM-API-Key-Proxy instance." = "Bas-URL för LLM-API-Key-Proxy-instansen.";
+"Paste a Cookie or Authorization header from %@." = "Klistra in en Cookie- eller Authorization-header från %@.";
+"stale data" = "inaktuella data";
+"Quota" = "Kvot";
+"Auth source" = "Autentiseringskälla";
+"Automatic imports Chrome browser cookies from Xiaomi MiMo." = "Importerar Chrome-cookies från Xiaomi MiMo automatiskt.";
+"No usage configured." = "Ingen användning konfigurerad.";
+"Extra usage" = "Extra användning";
+"That account is no longer available in CodexBar. Refresh the account list and try again." = "Kontot finns inte längre i CodexBar. Uppdatera kontolistan och försök igen.";
+"%@ is waiting for permission" = "%@ väntar på behörighet";
+"Org ID (optional)" = "Org-ID (valfritt)";
+"Service" = "Tjänst";
+"Azure OpenAI key" = "Azure OpenAI-nyckel";
+"%@ cookies are disabled." = "%@-cookies är inaktiverade.";
+"Stored in ~/.codexbar/config.json. You can also provide CROF_API_KEY." = "Sparas i ~/.codexbar/config.json. Du kan också ange CROF_API_KEY.";
+"CodexBar will ask macOS Keychain for your Synthetic API key so it can fetch usage. Click OK to continue." = "CodexBar kommer att be macOS Nyckelring om din Synthetic-API-nyckel så att användning kan hämtas. Klicka på OK för att fortsätta.";
+"CodexBar could not update managed account storage." = "CodexBar kunde inte uppdatera hanterad kontolagring.";
+"CodexBar will ask macOS Keychain for your Augment cookie header so it can fetch usage. Click OK to continue." = "CodexBar kommer att be macOS Nyckelring om din Augment-cookie-header så att användning kan hämtas. Klicka på OK för att fortsätta.";
diff --git a/Sources/CodexBar/Resources/zh-Hans.lproj/Localizable.strings b/Sources/CodexBar/Resources/zh-Hans.lproj/Localizable.strings
new file mode 100644
index 000000000..c0319f329
--- /dev/null
+++ b/Sources/CodexBar/Resources/zh-Hans.lproj/Localizable.strings
@@ -0,0 +1,1032 @@
+/* Chinese (Simplified) localization for CodexBar */
+
+" providers" = " 提供商";
+"(System)" = "（System）";
+"30d" = "30 天";
+"A managed Codex login is already running. Wait for it to finish before adding " = "托管 Codex 登录已在运行。请等待其完成后再添加 ";
+"API key" = "API 密钥";
+"API key limit" = "API 密钥限制";
+"API region" = "API 区域";
+"API token" = "API 令牌";
+"API tokens" = "API 令牌";
+"About" = "关于";
+"Account" = "账户";
+"Accounts" = "账户";
+"Accounts subtitle" = "账户副标题";
+"Active" = "活跃";
+"Add" = "添加";
+"Add Workspace" = "添加工作区";
+"Advanced" = "高级";
+"All" = "全部";
+"Always allow prompts" = "始终允许提示";
+"Animation pattern" = "动画模式";
+"Antigravity login is managed in the app" = "Antigravity 登录由应用管理";
+"Applies only to the Security.framework OAuth keychain reader." = "仅适用于 Security.framework OAuth 钥匙串读取器。";
+"Auth" = "认证";
+"Auto" = "自动";
+"Auto falls back to the next source if the preferred one fails." = "如果首选来源失败，自动回退到下一个来源。";
+"Auto uses API first, then falls back to CLI on auth failures." = "自动优先使用 API，认证失败时回退到 CLI。";
+"Auto-detect" = "自动检测";
+"Auto-refresh is off; use the menu's Refresh command." = "自动刷新已关闭；请使用菜单中的“刷新”命令。";
+"Auto-refresh: hourly · Timeout: 10m" = "自动刷新：每小时 · 超时：10 分钟";
+"Automatic" = "自动";
+"Automatic imports browser cookies and WorkOS tokens." = "自动导入浏览器 Cookie 和 WorkOS 令牌。";
+"Automatic imports browser cookies and local storage tokens." = "自动导入浏览器 Cookie 和本地存储令牌。";
+"Automatic imports browser cookies for dashboard extras." = "自动导入用于仪表盘附加功能的浏览器 Cookie。";
+"Automatic imports browser cookies for the web API." = "自动导入用于 Web API 的浏览器 Cookie。";
+"Automatic imports browser cookies from Model Studio/Bailian." = "自动从 Model Studio/百炼导入浏览器 Cookie。";
+"Automatic imports browser cookies from admin.mistral.ai." = "自动从 admin.mistral.ai 导入浏览器 Cookie。";
+"Automatic imports browser cookies from opencode.ai." = "自动从 opencode.ai 导入浏览器 Cookie。";
+"Automatic imports browser cookies or stored sessions." = "自动导入浏览器 Cookie 或已存储的会话。";
+"Automatic imports browser cookies." = "自动导入浏览器 Cookie。";
+"Automatically imports browser session cookie." = "自动导入浏览器会话 Cookie。";
+"Automatically opens CodexBar when you start your Mac." = "启动 Mac 时自动打开 CodexBar。";
+"Automation" = "自动化";
+"Average (\\(label1) + \\(label2))" = "平均（\\(label1) + \\(label2)）";
+"Average (\\(metadata.sessionLabel) + \\(metadata.weeklyLabel))" = "平均（\\(metadata.sessionLabel) + \\(metadata.weeklyLabel)）";
+"Avoid Keychain prompts" = "避免钥匙串提示";
+"Balance" = "余额";
+"Battery Saver" = "省电模式";
+"Bordered" = "带边框";
+"Build" = "构建";
+"Built \\(buildTimestamp)" = "构建于 \\(buildTimestamp)";
+"Buy Credits..." = "购买额度…";
+"Buy Credits…" = "购买额度…";
+"CLI paths" = "CLI 路径";
+"CLI sessions" = "CLI 会话";
+"Caches" = "缓存";
+"Cancel" = "取消";
+"Check for Updates…" = "检查更新…";
+"Check for updates automatically" = "自动检查更新";
+"Check if you like your agents having some fun up there." = "看看你是否喜欢你的智能体在上面找点乐子。";
+"Check provider status" = "检查提供商状态";
+"Choose Codex workspace" = "选择 Codex 工作区";
+"Choose the MiniMax host (global .io or China mainland .com)." = "选择 MiniMax 主机（全球 .io 或中国大陆 .com）。";
+"Choose up to " = "选择至多 ";
+"Choose up to \\(Self.maxOverviewProviders) providers" = "选择至多 \\(Self.maxOverviewProviders) 个提供商";
+"Choose up to \\(count) providers" = "选择至多 \\(count) 个提供商";
+"Choose what to show in the menu bar (Pace shows usage vs. expected)." = "选择菜单栏中显示的内容（进度会显示实际用量与预期的对比）。";
+"Choose which Codex account CodexBar should follow." = "选择 CodexBar 要跟随的 Codex 账户。";
+"Choose which window drives the menu bar percent." = "选择用于驱动菜单栏百分比的窗口。";
+"Chrome" = "Chrome";
+"Claude CLI not found" = "未找到 Claude CLI";
+"Claude binary" = "Claude 二进制文件";
+"Claude cookies" = "Claude Cookie";
+"Claude login failed" = "Claude 登录失败";
+"Claude login timed out" = "Claude 登录超时";
+"Close" = "关闭";
+"Code review" = "代码审查";
+"Codex CLI not found" = "未找到 Codex CLI";
+"Codex account login already running" = "Codex 账户登录已在运行";
+"Codex binary" = "Codex 二进制文件";
+"Codex login failed" = "Codex 登录失败";
+"Codex login timed out" = "Codex 登录超时";
+"CodexBar Lifecycle Keepalive" = "CodexBar 生命周期保活";
+"CodexBar could not read managed account storage. " = "CodexBar 无法读取托管账户存储。";
+"Configure…" = "配置…";
+"Connected" = "已连接";
+"Controls how much detail is logged." = "控制日志记录的详细程度。";
+"Cookie header" = "Cookie 标头";
+"Cookie source" = "Cookie 来源";
+"Cookie: ..." = "Cookie：...";
+"Cookie: \\u{2026}\\\n\\\nor paste a cURL capture from the Abacus AI dashboard" = "Cookie：\\u{2026}\\\n\\\n或粘贴来自 Abacus AI 仪表盘的 cURL 捕获内容";
+"Cookie: \\u{2026}\\\n\\\nor paste the __Secure-next-auth.session-token value" = "Cookie：\\u{2026}\\\n\\\n或粘贴 __Secure-next-auth.session-token 的值";
+"Cookie: \\u{2026}\\\n\\\nor paste the kimi-auth token value" = "Cookie：\\u{2026}\\\n\\\n或粘贴 kimi-auth 令牌值";
+"Cookie: …" = "Cookie：…";
+"CopilotDeviceFlow" = "Copilot 设备流程";
+"Cost" = "费用";
+"Could not add Codex account" = "无法添加 Codex 账户";
+"Could not open Terminal for Gemini" = "无法为 Gemini 打开终端";
+"Could not start claude /login" = "无法启动 claude /login";
+"Could not start codex login" = "无法启动 codex login";
+"Could not switch system account" = "无法切换系统账户";
+"Credits" = "额度";
+"Credits history" = "额度记录";
+"Cursor login failed" = "Cursor 登录失败";
+"Custom" = "自定义";
+"Custom Path" = "自定义路径";
+"Daily Routines" = "日常任务";
+"Debug" = "调试";
+"Default" = "默认";
+"Disable Keychain access" = "禁用钥匙串访问";
+"Disabled" = "已禁用";
+"Disabled — no recent data" = "已禁用 — 无近期数据";
+"Disconnected" = "已断开连接";
+"Display" = "显示";
+"Display mode" = "显示模式";
+"Display reset times as absolute clock values instead of countdowns." = "将重置时间显示为绝对时钟值，而不是倒计时。";
+"Done" = "完成";
+"Effective PATH" = "有效 PATH";
+"Email" = "电子邮件";
+"Enable Merge Icons to configure Overview tab providers." = "启用“合并图标”以配置“概览”标签中的提供商。";
+"Enable file logging" = "启用文件日志";
+"Enabled" = "已启用";
+"Error" = "错误";
+"Error simulation" = "错误模拟";
+"Expose troubleshooting tools in the Debug tab." = "在“调试”标签中显示故障排除工具。";
+"Failed" = "失败";
+"False" = "假";
+"Fetch strategy attempts" = "获取策略尝试";
+"Fetching" = "获取中";
+"Field" = "字段";
+"Field subtitle" = "字段副标题";
+"Finish the current managed account change before switching the system account." = "请先完成当前托管账户变更，再切换系统账户。";
+"Force animation on next refresh" = "下次刷新时强制动画";
+"Gateway region" = "网关区域";
+"Gemini CLI not found" = "未找到 Gemini CLI";
+"Gemini/Antigravity, surfacing incidents in the icon and menu." = "Gemini/Antigravity，并在图标和菜单中显示故障事件。";
+"General" = "通用";
+"GitHub" = "GitHub";
+"GitHub Copilot Login" = "GitHub Copilot 登录";
+"GitHub Login" = "GitHub 登录";
+"Hide details" = "隐藏详情";
+"Hide personal information" = "隐藏个人信息";
+"Historical tracking" = "历史跟踪";
+"How often CodexBar polls providers in the background." = "CodexBar 在后台轮询提供商的频率。";
+"Inactive" = "非活跃";
+"Install CLI" = "安装 CLI";
+"Install the Claude CLI (npm i -g @anthropic-ai/claude-code) and try again." = "安装 Claude CLI（npm i -g @anthropic-ai/claude-code）后重试。";
+"Install the Codex CLI (npm i -g @openai/codex) and try again." = "安装 Codex CLI（npm i -g @openai/codex）后重试。";
+"Install the Gemini CLI (npm i -g @google/gemini-cli) and try again." = "安装 Gemini CLI（npm i -g @google/gemini-cli）后重试。";
+"JetBrains AI is ready" = "JetBrains AI 已就绪";
+"JetBrains IDE" = "JetBrains IDE";
+"Keep CLI sessions alive" = "保持 CLI 会话存活";
+"Keyboard shortcut" = "快捷键";
+"Keychain access" = "钥匙串访问";
+"Keychain prompt policy" = "钥匙串提示策略";
+"Last \\(name) fetch failed:" = "上次获取 \\(name) 失败：";
+"Last \\(self.store.metadata(for: self.provider).displayName) fetch failed:" = "上次获取 \\(self.store.metadata(for: self.provider).displayName) 失败：";
+"Last attempt" = "上次尝试";
+"Limits not available" = "限制不可用";
+"Link" = "链接";
+"Loading animations" = "加载动画";
+"Loading…" = "加载中…";
+"Local" = "本地";
+"Logging" = "日志";
+"Login failed" = "登录失败";
+"Login shell PATH (startup capture)" = "登录 shell PATH（启动时捕获）";
+"Login timed out" = "登录超时";
+"MCP details" = "MCP 详情";
+"Managed Codex accounts unavailable" = "托管 Codex 账户不可用";
+"Managed account storage is unreadable. Live account access is still available, " = "托管账户存储不可读。实时账户访问仍可用，";
+"Manual" = "手动";
+"May your tokens never run out—keep agent limits in view." = "愿你的 token 永不耗尽——随时关注智能体额度。";
+"Menu bar" = "菜单栏";
+"Menu bar auto-shows the provider closest to its rate limit." = "菜单栏会自动显示最接近速率限制的提供商。";
+"Menu bar metric" = "菜单栏指标";
+"Menu bar shows percent" = "菜单栏显示百分比";
+"Menu content" = "菜单内容";
+"Merge Icons" = "合并图标";
+"Never prompt" = "从不提示";
+"No" = "否";
+"No Codex accounts detected yet." = "未检测到 Codex 账户。";
+"No JetBrains IDE detected" = "未检测到 JetBrains IDE";
+"No cost history data." = "暂无费用历史数据。";
+"No usage yet" = "尚无用量";
+"Not fetched yet" = "尚未获取";
+"No credits history data." = "暂无额度记录。";
+"No data available" = "无可用数据";
+"No data yet" = "暂无数据";
+"No enabled providers available for Overview." = "“概览”中没有可用的已启用提供商。";
+"No providers selected" = "未选择提供商";
+"No token accounts yet." = "尚无令牌账户。";
+"No usage breakdown data." = "暂无用量明细数据。";
+"None" = "无";
+"Notifications" = "通知";
+"Notifies when the 5-hour session quota hits 0% and when it becomes " = "当 5 小时会话配额降至 0% 以及重新";
+"OK" = "确定";
+"Obscure email addresses in the menu bar and menu UI." = "在菜单栏和菜单界面中隐藏电子邮件地址。";
+"Off" = "关闭";
+"Offline" = "离线";
+"On" = "开启";
+"Online" = "在线";
+"Only on user action" = "仅在用户操作时";
+"Open" = "打开";
+"Open API Keys" = "打开 API 密钥";
+"Open Amp Settings" = "打开 Amp 设置";
+"Open Antigravity to sign in, then refresh CodexBar." = "打开 Antigravity 登录，然后刷新 CodexBar。";
+"Open Browser" = "打开浏览器";
+"Open Coding Plan" = "打开 Coding Plan";
+"Open Console" = "打开控制台";
+"Open Dashboard" = "打开仪表盘";
+"Open Mistral Admin" = "打开 Mistral 管理后台";
+"Open Ollama Settings" = "打开 Ollama 设置";
+"Open Terminal" = "打开终端";
+"Open Usage Page" = "打开用量页面";
+"Open Warp API Key Guide" = "打开 Warp API 密钥指南";
+"Open menu" = "打开菜单";
+"Open token file" = "打开令牌文件";
+"OpenAI cookies" = "OpenAI Cookie";
+"OpenAI web extras" = "OpenAI Web 附加功能";
+"Option A" = "选项 A";
+"Option B" = "选项 B";
+"Optional override if workspace lookup fails." = "工作区查找失败时可选的覆盖项。";
+"Options" = "选项";
+"Override auto-detection with a custom IDE base path" = "使用自定义 IDE 基础路径覆盖自动检测";
+"Overview" = "概览";
+"Overview rows always follow provider order." = "概览行始终遵循提供商顺序。";
+"Overview tab providers" = "概览标签提供商";
+"Paste API key…" = "粘贴 API 密钥…";
+"Paste API token…" = "粘贴 API 令牌…";
+"Paste key…" = "粘贴密钥…";
+"Paste sessionKey or OAuth token…" = "粘贴 sessionKey 或 OAuth 令牌…";
+"Paste the Cookie header from a request to admin.mistral.ai. " = "粘贴发往 admin.mistral.ai 请求中的 Cookie 标头。";
+"Paste token…" = "粘贴令牌…";
+"Personal" = "个人";
+"Picker" = "选择器";
+"Picker subtitle" = "选择器副标题";
+"Placeholder" = "占位符";
+"Plan" = "套餐";
+"Play full-screen confetti when weekly usage resets." = "当每周用量重置时播放全屏彩纸。";
+"Polls OpenAI/Claude status pages and Google Workspace for " = "轮询 OpenAI/Claude 状态页面和 Google Workspace，以检查";
+"Prevents any Keychain access while enabled." = "启用时阻止任何钥匙串访问。";
+"Primary (API key limit)" = "主要（API 密钥限制）";
+"Primary (\\(label))" = "主要（\\(label)）";
+"Primary (\\(metadata.sessionLabel))" = "主要（\\(metadata.sessionLabel)）";
+"Probe logs" = "探测日志";
+"Progress bars fill as you consume quota (instead of showing remaining)." = "进度条会随配额消耗而填充（而不是显示剩余量）。";
+"Provider" = "提供商";
+"Providers" = "提供商";
+"Quit CodexBar" = "退出 CodexBar";
+"Random (default)" = "随机（默认）";
+"Reads local usage logs. Shows today + last 30 days cost in the menu." = "读取本地用量日志。在菜单中显示今天及所选历史窗口的费用。";
+"Refresh" = "刷新";
+"Refreshing" = "正在刷新";
+"Refresh cadence" = "刷新频率";
+"Remote" = "远程";
+"Remove" = "移除";
+"Remove Codex account?" = "移除 Codex 账户？";
+"Remove \\(account.email) from CodexBar? Its managed Codex home will be deleted." = "要从 CodexBar 中移除 \\(account.email) 吗？其托管的 Codex 主目录将被删除。";
+"Remove \\(email) from CodexBar? Its managed Codex home will be deleted." = "要从 CodexBar 中移除 \\(email) 吗？其托管的 Codex 主目录将被删除。";
+"Remove selected account" = "移除所选账户";
+"Replace critter bars with provider branding icons and a percentage." = "将小动物进度条替换为提供商品牌图标和百分比。";
+"Replay selected animation" = "重放选中的动画";
+"Requires authentication via GitHub Device Flow." = "需要通过 GitHub 设备流程进行认证。";
+"Resets: \\(reset)" = "重置：\\(reset)";
+"Rolling five-hour limit" = "滚动 5 小时限制";
+"Search hourly" = "每小时搜索";
+"Secondary (\\(label))" = "次要（\\(label)）";
+"Secondary (\\(metadata.weeklyLabel))" = "次要（\\(metadata.weeklyLabel)）";
+"Select a provider" = "选择一个提供商";
+"Select the IDE to monitor" = "选择要监控的 IDE";
+"Session" = "会话";
+"Session quota notifications" = "会话配额通知";
+"Session tokens" = "会话令牌";
+"Settings" = "设置";
+"Show Codex Credits and Claude Extra usage sections in the menu." = "在菜单中显示 Codex 额度和 Claude 额外用量部分。";
+"Show Debug Settings" = "显示调试设置";
+"Show all token accounts" = "显示所有令牌账户";
+"Show cost summary" = "显示费用摘要";
+"Show credits + extra usage" = "显示额度 + 额外用量";
+"Show details" = "显示详情";
+"Show most-used provider" = "显示用量最高的提供商";
+"Show provider icons in the switcher (otherwise show a weekly progress line)." = "在切换器中显示提供商图标（否则显示每周进度线）。";
+"Show reset time as clock" = "将重置时间显示为时钟";
+"Show usage as used" = "显示已使用用量";
+"Sign in via button below" = "通过下方按钮登录";
+"Skip teardown between probes (debug-only)." = "探测之间跳过清理（仅限调试）。";
+"Source" = "来源";
+"Stack token accounts in the menu (otherwise show an account switcher bar)." = "在菜单中堆叠令牌账户（否则显示账户切换栏）。";
+"Start at Login" = "开机启动";
+"State" = "状态";
+"Status" = "状态";
+"Store Claude sessionKey cookies or OAuth access tokens." = "存储 Claude sessionKey Cookie 或 OAuth 访问令牌。";
+"Store multiple Abacus AI Cookie headers." = "存储多个 Abacus AI Cookie 标头。";
+"Store multiple Augment Cookie headers." = "存储多个 Augment Cookie 标头。";
+"Store multiple Cursor Cookie headers." = "存储多个 Cursor Cookie 标头。";
+"Store multiple Factory Cookie headers." = "存储多个 Factory Cookie 标头。";
+"Store multiple MiniMax Cookie headers." = "存储多个 MiniMax Cookie 标头。";
+"Store multiple Mistral Cookie headers." = "存储多个 Mistral Cookie 标头。";
+"Store multiple Ollama Cookie headers." = "存储多个 Ollama Cookie 标头。";
+"Store multiple OpenCode Cookie headers." = "存储多个 OpenCode Cookie 标头。";
+"Store multiple OpenCode Go Cookie headers." = "存储多个 OpenCode Go Cookie 标头。";
+"Stored in the CodexBar config file." = "存储在 CodexBar 配置文件中。";
+"Stored in ~/.codexbar/config.json. " = "存储在 ~/.codexbar/config.json 中。";
+"Stored in ~/.codexbar/config.json. Generate one at kimi-k2.ai." = "存储在 ~/.codexbar/config.json 中。可在 kimi-k2.ai 生成。";
+"Stored in ~/.codexbar/config.json. Paste the key from the Synthetic dashboard." = "存储在 ~/.codexbar/config.json 中。请粘贴来自 Synthetic 仪表盘的密钥。";
+"Stored in ~/.codexbar/config.json. Paste your Coding Plan API key from Model Studio." = "存储在 ~/.codexbar/config.json 中。请粘贴来自 Model Studio 的 Coding Plan API 密钥。";
+"Stored in ~/.codexbar/config.json. Paste your MiniMax API key." = "存储在 ~/.codexbar/config.json 中。请粘贴你的 MiniMax API 密钥。";
+"Stored in ~/.codexbar/config.json. You can also provide KILO_API_KEY or " = "存储在 ~/.codexbar/config.json 中。你也可以提供 KILO_API_KEY 或";
+"Stores local Codex usage history (8 weeks) to personalize Pace predictions." = "存储本地 Codex 用量历史（8 周），用于个性化进度预测。";
+"Subscription Utilization" = "订阅使用率";
+"Surprise me" = "给我惊喜";
+"Switcher shows icons" = "切换器显示图标";
+"Symlink CodexBarCLI to /usr/local/bin and /opt/homebrew/bin as codexbar." = "将 CodexBarCLI 作为 codexbar 符号链接到 /usr/local/bin 和 /opt/homebrew/bin。";
+"System" = "系统";
+"Temporarily shows the loading animation after the next refresh." = "下次刷新后临时显示加载动画。";
+"Tertiary (\\(label))" = "第三（\\(label)）";
+"Tertiary (\\(tertiaryTitle))" = "第三（\\(tertiaryTitle)）";
+"The default Codex account on this Mac." = "此 Mac 上的默认 Codex 账户。";
+"Toggle" = "切换";
+"Toggle subtitle" = "切换副标题";
+"Token" = "token";
+"Trigger the menu bar menu from anywhere." = "从任意位置触发菜单栏菜单。";
+"True" = "真";
+"Twitter" = "Twitter";
+"Unsupported" = "不支持";
+"Unavailable" = "不可用";
+"Update Channel" = "更新频道";
+"Updated" = "已更新";
+"Updates unavailable in this build." = "此构建中更新不可用。";
+"Usage" = "用量";
+"Usage breakdown" = "用量明细";
+"Usage history (30 days)" = "用量历史";
+"Usage source" = "用量来源";
+"Use BigModel for the China mainland endpoints (open.bigmodel.cn)." = "中国大陆端点使用 BigModel（open.bigmodel.cn）。";
+"Use a single menu bar icon with a provider switcher." = "使用单个菜单栏图标并带提供商切换器。";
+"Use international or China mainland console gateways for quota fetches." = "使用国际或中国大陆控制台网关获取配额。";
+"Version" = "版本";
+"Version \\(self.versionString)" = "版本 \\(self.versionString)";
+"Version \\(version)" = "版本 \\(version)";
+"Version \\(versionString)" = "版本 \\(versionString)";
+"Vertex AI Login" = "Vertex AI 登录";
+"Wait for the current managed Codex login to finish before adding another account." = "请等待当前托管 Codex 登录完成后再添加其他账户。";
+"Waiting for Authentication..." = "等待认证…";
+"Website" = "网站";
+"Weekly" = "每周";
+"Weekly limit confetti" = "每周限制彩纸";
+"Weekly token limit" = "每周 token 限制";
+"Weekly usage" = "每周用量";
+"Weekly usage unavailable for this account." = "此账户的每周用量不可用。";
+"Window: \\(window)" = "窗口：\\(window)";
+"Write logs to \\(self.fileLogPath) for debugging." = "将日志写入 \\(self.fileLogPath) 以进行调试。";
+"Yes" = "是";
+"not detected" = "未检测到";
+"\\(detail.modelCode): \\(usage)" = "\\(detail.modelCode)：\\(usage)";
+"\\(name): \\(truncated)" = "\\(name)：\\(truncated)";
+"\\(name): \\(updated) · 30d \\(cost)" = "\\(name)：\\(updated) · 30 天 \\(cost)";
+"\\(name): fetching…\\(elapsed)" = "\\(name)：获取中…\\(elapsed)";
+"\\(name): last attempt \\(when)" = "\\(name)：上次尝试 \\(when)";
+"\\(name): no data yet" = "\\(name)：暂无数据";
+"\\(name): unsupported" = "\\(name)：不支持";
+"all browsers" = "所有浏览器";
+"available again." = "可用时发送通知。";
+"built_format" = "构建于 %@";
+"copilot_complete_in_browser" = "请在浏览器中完成登录。";
+"copilot_device_code_copied" = "设备代码已复制。";
+"copilot_verify_at" = "请在 %@ 验证";
+"copilot_window_closes_auto" = "登录完成后，此窗口会自动关闭。";
+"cost_status_error" = "%1$@：%2$@";
+"cost_status_fetching" = "%1$@：获取中… %2$@";
+"cost_status_last_attempt" = "%1$@：上次尝试 %2$@";
+"cost_status_no_data" = "%@：暂无数据";
+"cost_status_snapshot" = "%1$@：%2$@ · %3$@ %4$@";
+"cost_status_unsupported" = "%@：不支持";
+"credits_remaining" = "额度：%@";
+"cursor_on_demand" = "按需计费：%@";
+"cursor_on_demand_with_limit" = "按需计费：%1$@ / %2$@";
+"extra_usage_format" = "额外用量：%1$@ / %2$@";
+"jetbrains_detected_generate" = "检测到：%@。使用一次 AI 助手以生成配额数据，然后刷新 CodexBar。";
+"jetbrains_detected_select" = "检测到：%@。在设置中选择你偏好的 IDE，然后刷新 CodexBar。";
+"last_fetch_failed_with_provider" = "上次获取 %@ 失败：";
+"last_spend" = "上次支出：%@";
+"mcp_model_usage" = "%1$@：%2$@";
+"mcp_resets" = "重置：%@";
+"mcp_window" = "窗口：%@";
+"metric_average" = "平均（%1$@ + %2$@）";
+"metric_primary" = "主要（%@）";
+"metric_secondary" = "次要（%@）";
+"metric_tertiary" = "第三（%@）";
+"multiple_workspaces_found" = "CodexBar 发现 %@ 有多个工作区。请选择要添加的工作区。";
+"ory_session_…=…; csrftoken=…" = "ory_session_…=…; csrftoken=…";
+"overview_choose_providers" = "最多选择 %@ 个提供商";
+"remove_account_message" = "要从 CodexBar 中移除 %@ 吗？其托管的 Codex 主目录将被删除。";
+"version_format" = "版本 %@";
+"workspaceID is set but only opencode, opencodego, and deepgram support workspaceID." = "已设置 workspaceID，但只有 opencode、opencodego 和 deepgram 支持 workspaceID。";
+"© 2026 Peter Steinberger. MIT License." = "© 2026 Peter Steinberger。MIT 许可证。";
+"section_system" = "系统";
+"section_usage" = "用量";
+"section_automation" = "自动化";
+"language_title" = "语言";
+"language_subtitle" = "更改显示语言。需要重启应用才能完全生效。";
+"language_system" = "跟随系统";
+"language_english" = "English";
+"language_spanish" = "Español";
+"language_catalan" = "Català";
+"language_chinese_simplified" = "简体中文";
+"language_chinese_traditional" = "繁體中文";
+"language_portuguese_brazilian" = "Português (Brasil)";
+"start_at_login_title" = "开机启动";
+"start_at_login_subtitle" = "启动 Mac 时自动打开 CodexBar。";
+"show_cost_summary" = "显示费用摘要";
+"show_cost_summary_subtitle" = "读取本地用量日志。在菜单中显示今天及所选历史窗口的费用。";
+"cost_history_days_title" = "历史窗口：%d 天";
+"cost_auto_refresh_info" = "自动刷新：每小时 · 超时：10 分钟";
+"refresh_cadence_title" = "刷新频率";
+"refresh_cadence_subtitle" = "CodexBar 在后台轮询提供商的频率。";
+"manual_refresh_hint" = "自动刷新已关闭；请使用菜单中的“刷新”命令。";
+"check_provider_status_title" = "检查提供商状态";
+"check_provider_status_subtitle" = "轮询 OpenAI/Claude 状态页面和 Google Workspace 的 Gemini/Antigravity，在图标和菜单中显示故障信息。";
+"session_quota_notifications_title" = "会话配额通知";
+"session_quota_notifications_subtitle" = "当 5 小时会话配额用完及恢复时发送通知。";
+"quota_warning_notifications_title" = "配额预警通知";
+"quota_warning_notifications_subtitle" = "当会话或每周剩余配额低于设置的阈值时提醒。";
+"quota_warnings_title" = "配额预警";
+"quota_warning_session" = "会话";
+"quota_warning_session_capitalized" = "会话";
+"quota_warning_weekly" = "每周";
+"quota_warning_weekly_capitalized" = "每周";
+"quota_warning_warn_at" = "预警阈值";
+"quota_warning_global_threshold_subtitle" = "会话和每周窗口的剩余百分比，除非提供商单独覆盖。";
+"quota_warning_sound" = "播放通知声音";
+"quota_warning_provider_inherits" = "默认使用全局配额预警设置，除非在这里自定义窗口。";
+"quota_warning_customize_thresholds" = "自定义 %@ 阈值";
+"quota_warning_enable_warnings" = "启用 %@ 预警";
+"quota_warning_window_warn_at" = "%@ 预警阈值";
+"quota_warning_off" = "关闭";
+"quota_warning_inherited" = "继承：%@";
+"quota_warning_depleted_only" = "仅耗尽时";
+"quota_warning_upper" = "上限";
+"quota_warning_lower" = "下限";
+"apply" = "应用";
+"quit_app" = "退出 CodexBar";
+"tab_general" = "通用";
+"tab_providers" = "提供商";
+"tab_display" = "显示";
+"tab_advanced" = "高级";
+"tab_about" = "关于";
+"tab_debug" = "调试";
+"select_a_provider" = "选择一个提供商";
+"cancel" = "取消";
+"last_fetch_failed" = "上次获取失败";
+"usage_not_fetched_yet" = "尚未获取用量";
+"managed_account_storage_unreadable" = "托管账户存储不可读。实时账户访问仍可用，但托管添加、重新认证和移除操作已被禁用，直到存储恢复。";
+"remove_codex_account_title" = "移除 Codex 账户？";
+"remove" = "移除";
+"managed_login_already_running" = "托管 Codex 登录已在运行。请等待完成后再添加或重新认证其他账户。";
+"managed_login_failed" = "托管 Codex 登录未完成。请先在终端确认 `codex --version` 可以运行。如果 macOS 阻止了 `codex` 或将它移到废纸篓，请移除旧的重复安装，运行 `npm install -g --include=optional @openai/codex@latest`，然后重试。";
+"codex_login_output" = "codex login 输出：";
+"managed_login_missing_email" = "Codex 登录已完成，但无法获取账户邮箱。请在确认账户已完全登录后重试。";
+"workspace_selection_cancelled" = "CodexBar 发现多个工作区，但未选择任何工作区。";
+"unsafe_managed_home" = "CodexBar 拒绝修改意外的托管主目录路径：%@";
+"menu_bar_metric_title" = "菜单栏指标";
+"menu_bar_metric_subtitle" = "选择哪个窗口驱动菜单栏百分比。";
+"menu_bar_metric_subtitle_deepseek" = "在菜单栏显示 DeepSeek 余额。";
+"menu_bar_metric_subtitle_moonshot" = "在菜单栏显示 Moonshot / Kimi API 余额。";
+"menu_bar_metric_subtitle_mistral" = "在菜单栏显示 Mistral API 本月支出。";
+"menu_bar_metric_subtitle_kimik2" = "在菜单栏显示 Kimi K2 API 密钥额度。";
+"automatic" = "自动";
+"primary_api_key_limit" = "主要（API 密钥限制）";
+"section_menu_bar" = "菜单栏";
+"merge_icons_title" = "合并图标";
+"merge_icons_subtitle" = "使用单个菜单栏图标并带提供商切换器。";
+"switcher_shows_icons_title" = "切换器显示图标";
+"switcher_shows_icons_subtitle" = "在切换器中显示提供商图标（否则显示每周进度线）。";
+"show_most_used_provider_title" = "显示用量最高的提供商";
+"show_most_used_provider_subtitle" = "菜单栏会自动显示最接近速率限制的提供商。";
+"menu_bar_shows_percent_title" = "菜单栏显示百分比";
+"menu_bar_shows_percent_subtitle" = "将小动物进度条替换为提供商品牌图标和百分比。";
+"display_mode_title" = "显示模式";
+"display_mode_subtitle" = "选择菜单栏中显示的内容（进度会显示实际用量与预期的对比）。";
+"section_menu_content" = "菜单内容";
+"show_usage_as_used_title" = "显示已使用用量";
+"show_usage_as_used_subtitle" = "进度条会随配额消耗而填充（而不是显示剩余量）。";
+"show_quota_warning_markers_title" = "显示配额预警标记";
+"show_quota_warning_markers_subtitle" = "配置配额预警后，在用量条上绘制阈值刻度标记。";
+"show_reset_time_as_clock_title" = "将重置时间显示为时钟";
+"show_reset_time_as_clock_subtitle" = "将重置时间显示为绝对时钟值，而不是倒计时。";
+"show_provider_changelog_links_title" = "显示提供商变更日志链接";
+"show_provider_changelog_links_subtitle" = "在菜单中为支持的 CLI 提供商添加发布说明链接。";
+"show_credits_extra_usage_title" = "显示额度 + 额外用量";
+"show_credits_extra_usage_subtitle" = "在菜单中显示 Codex 额度和 Claude 额外用量部分。";
+"show_all_token_accounts_title" = "显示所有令牌账户";
+"show_all_token_accounts_subtitle" = "在菜单中堆叠令牌账户（否则显示账户切换栏）。";
+"multi_account_layout_title" = "多账户布局";
+"multi_account_layout_subtitle" = "选择分段账户切换或堆叠账户卡片。";
+"multi_account_layout_segmented" = "分段";
+"multi_account_layout_stacked" = "堆叠";
+"overview_tab_providers_title" = "概览标签提供商";
+"configure" = "配置…";
+"overview_enable_merge_icons_hint" = "启用“合并图标”以配置“概览”标签中的提供商。";
+"overview_no_providers_hint" = "“概览”中没有可用的已启用提供商。";
+"overview_rows_follow_order" = "概览行始终遵循提供商顺序。";
+"overview_no_providers_selected" = "未选择提供商";
+"section_keyboard_shortcut" = "快捷键";
+"open_menu_shortcut_title" = "打开菜单";
+"open_menu_shortcut_subtitle" = "从任意位置触发菜单栏菜单。";
+"install_cli" = "安装 CLI";
+"install_cli_subtitle" = "将 CodexBarCLI 作为 codexbar 符号链接到 /usr/local/bin 和 /opt/homebrew/bin。";
+"cli_not_found" = "在应用包中未找到 CodexBarCLI。";
+"no_writable_bin_dirs" = "未找到可写的 bin 目录。";
+"show_debug_settings_title" = "显示调试设置";
+"show_debug_settings_subtitle" = "在“调试”标签中显示故障排除工具。";
+"surprise_me_title" = "给我惊喜";
+"surprise_me_subtitle" = "看看你是否喜欢你的智能体在上面找点乐子。";
+"weekly_limit_confetti_title" = "每周限制彩纸";
+"weekly_limit_confetti_subtitle" = "当每周用量重置时播放全屏彩纸。";
+"hide_personal_info_title" = "隐藏个人信息";
+"hide_personal_info_subtitle" = "在菜单栏和菜单界面中隐藏电子邮件地址。";
+"show_provider_storage_usage_title" = "显示提供商存储用量";
+"show_provider_storage_usage_subtitle" = "在菜单中显示本地磁盘用量。会在后台扫描已知的提供商自有路径。";
+"section_keychain_access" = "钥匙串访问";
+"keychain_access_caption" = "禁用所有钥匙串读写。浏览器 Cookie 导入不可用；请在“提供商”中手动粘贴 Cookie 标头。";
+"disable_keychain_access_title" = "禁用钥匙串访问";
+"disable_keychain_access_subtitle" = "启用时阻止任何钥匙串访问。";
+"about_tagline" = "愿你的 token 永不耗尽——随时关注智能体额度。";
+"link_github" = "GitHub";
+"link_website" = "网站";
+"link_twitter" = "Twitter";
+"link_email" = "电子邮件";
+"check_updates_auto" = "自动检查更新";
+"update_channel" = "更新频道";
+"check_for_updates" = "检查更新…";
+"updates_unavailable" = "此构建中更新不可用。";
+"copyright" = "© 2026 Peter Steinberger。MIT 许可证。";
+"section_logging" = "日志";
+"enable_file_logging" = "启用文件日志";
+"enable_file_logging_subtitle" = "将日志写入 %@ 以进行调试。";
+"verbosity_title" = "详细程度";
+"verbosity_subtitle" = "控制日志记录的详细程度。";
+"open_log_file" = "打开日志文件";
+"force_animation_next_refresh" = "下次刷新时强制动画";
+"force_animation_next_refresh_subtitle" = "下次刷新后临时显示加载动画。";
+"section_loading_animations" = "加载动画";
+"loading_animations_caption" = "选择一个模式并在菜单栏中重放。“随机”保持现有行为。";
+"animation_random_default" = "随机（默认）";
+"replay_selected_animation" = "重放选中的动画";
+"blink_now" = "立即闪烁";
+"section_probe_logs" = "探测日志";
+"probe_logs_caption" = "获取最新的探测输出以进行调试；复制会保留完整文本。";
+"fetch_log" = "获取日志";
+"copy" = "复制";
+"save_to_file" = "保存到文件";
+"load_parse_dump" = "加载解析转储";
+"rerun_provider_autodetect" = "重新运行提供商自动检测";
+"loading" = "加载中…";
+"no_log_yet_fetch" = "尚无日志。获取后加载。";
+"section_fetch_strategy" = "获取策略尝试";
+"fetch_strategy_caption" = "提供商上次获取流程中的决策和错误。";
+"section_openai_cookies" = "OpenAI Cookie";
+"openai_cookies_caption" = "上次 OpenAI Cookie 尝试中的 Cookie 导入和 WebKit 抓取日志。";
+"no_log_yet" = "尚无日志。请在“提供商”→“Codex”中更新 OpenAI Cookie 以运行导入。";
+"section_caches" = "缓存";
+"caches_caption" = "清除缓存的费用扫描结果或浏览器 Cookie 缓存。";
+"clear_cookie_cache" = "清除 Cookie 缓存";
+"clear_cost_cache" = "清除费用缓存";
+"section_notifications" = "通知";
+"notifications_caption" = "触发 5 小时会话窗口的测试通知（耗尽/恢复）。";
+"post_depleted" = "发布耗尽通知";
+"post_restored" = "发布恢复通知";
+"section_cli_sessions" = "CLI 会话";
+"cli_sessions_caption" = "探测后保持 Codex/Claude CLI 会话存活。默认在捕获数据后退出。";
+"keep_cli_sessions_alive" = "保持 CLI 会话存活";
+"keep_cli_sessions_alive_subtitle" = "探测之间跳过清理（仅限调试）。";
+"reset_cli_sessions" = "重置 CLI 会话";
+"section_error_simulation" = "错误模拟";
+"error_simulation_caption" = "将模拟错误消息注入菜单卡片以进行布局测试。";
+"set_menu_error" = "设置菜单错误";
+"clear_menu_error" = "清除菜单错误";
+"set_cost_error" = "设置费用错误";
+"clear_cost_error" = "清除费用错误";
+"section_cli_paths" = "CLI 路径";
+"cli_paths_caption" = "解析到的 Codex 二进制文件和 PATH 层；启动时捕获登录 PATH（短超时）。";
+"codex_binary" = "Codex 二进制文件";
+"claude_binary" = "Claude 二进制文件";
+"effective_path" = "有效 PATH";
+"unavailable" = "不可用";
+"login_shell_path" = "登录 shell PATH（启动时捕获）";
+"cleared" = "已清除。";
+"no_fetch_attempts" = "尚无获取尝试。";
+"metric_pref_automatic" = "自动";
+"metric_pref_primary" = "主要";
+"metric_pref_secondary" = "次要";
+"metric_pref_tertiary" = "第三";
+"metric_pref_extra_usage" = "额外用量";
+"metric_pref_average" = "平均";
+"display_mode_percent" = "百分比";
+"display_mode_pace" = "进度";
+"display_mode_both" = "两者";
+"display_mode_percent_desc" = "显示剩余/已使用百分比（例如 45%）";
+"display_mode_pace_desc" = "显示进度指示器（例如 +5%）";
+"display_mode_both_desc" = "同时显示百分比和进度（例如 45% · +5%）";
+"status_operational" = "正常运行";
+"status_partial_outage" = "部分中断";
+"status_major_outage" = "重大中断";
+"status_critical_issue" = "严重问题";
+"status_maintenance" = "维护中";
+"status_unknown" = "状态未知";
+"refresh_manual" = "手动";
+"refresh_1min" = "1 分钟";
+"refresh_2min" = "2 分钟";
+"refresh_5min" = "5 分钟";
+"refresh_15min" = "15 分钟";
+"refresh_30min" = "30 分钟";
+"not_found" = "未找到";
+"CodexBar can't show its menu bar icon" = "CodexBar 无法显示菜单栏图标";
+"Dismiss" = "关闭";
+"Open Menu Bar Settings" = "打开菜单栏设置";
+"macOS Tahoe can block menu bar apps in System Settings → Menu Bar → Allow in the Menu Bar. CodexBar is running, but macOS may be hiding its icon. Open Menu Bar settings and turn CodexBar on." = "macOS Tahoe 可能会在“系统设置”→“菜单栏”→“允许显示在菜单栏”中阻止菜单栏应用。CodexBar 正在运行，但 macOS 可能隐藏了它的图标。请打开菜单栏设置并启用 CodexBar。";
+"cost_header_estimated" = "费用（估算）";
+"cost_estimate_hint" = "根据本地日志估算 · 可能与账单不同";
+"Estimated from local Codex logs for the selected account." = "根据所选账户的本地 Codex 日志估算。";
+"No JetBrains IDE with AI Assistant detected. Install a JetBrains IDE and enable AI Assistant." = "未检测到启用 AI Assistant 的 JetBrains IDE。请安装 JetBrains IDE 并启用 AI Assistant。";
+"OpenRouter API token not configured. Set OPENROUTER_API_KEY environment variable or configure in Settings." = "未配置 OpenRouter API 令牌。请设置 OPENROUTER_API_KEY 环境变量，或在“设置”中配置。";
+"z.ai API token not found. Set apiKey in ~/.codexbar/config.json or Z_AI_API_KEY." = "未找到 z.ai API 令牌。请在 ~/.codexbar/config.json 中设置 apiKey，或设置 Z_AI_API_KEY。";
+"Missing DeepSeek API key." = "缺少 DeepSeek API 密钥。";
+"%@ is unavailable in the current environment." = "%@ 在当前环境不可用。";
+"All Systems Operational" = "系统全部正常";
+"Last 30 days" = "近 30 天";
+"Last 30 days:" = "近 30 天：";
+"This month" = "本月";
+"Store multiple OpenAI API keys." = "存储多个 OpenAI API 密钥。";
+"Admin API key" = "管理员 API 密钥";
+"Open billing" = "打开账单";
+"Google accounts" = "Google 账户";
+"Store multiple Antigravity Google OAuth accounts for quick switching." = "存储多个 Antigravity Google OAuth 账户以便快速切换。";
+"Stores each signed-in Google account for quick Antigravity switching. Uses Antigravity.app OAuth when available, or ANTIGRAVITY_OAUTH_CLIENT_ID and ANTIGRAVITY_OAUTH_CLIENT_SECRET as an override." = "保存每个已登录的 Google 账户，便于快速切换 Antigravity。优先使用 Antigravity.app OAuth；也可使用 ANTIGRAVITY_OAUTH_CLIENT_ID 和 ANTIGRAVITY_OAUTH_CLIENT_SECRET 作为覆盖。";
+"Add Google Account" = "添加 Google 账户";
+"Open Token Plan" = "打开 Token 套餐页";
+"Text Generation" = "文本生成";
+"Text to Speech" = "文本转语音";
+"Music Generation" = "音乐生成";
+"Image Generation" = "图像生成";
+"No local data found" = "未找到本地数据";
+"Credits unavailable; keep Codex running to refresh." = "额度暂不可用；请保持 Codex 运行后再刷新。";
+"No available fetch strategy for minimax." = "没有可用的 MiniMax 抓取策略。";
+"No Cursor session found. Please log in to cursor.com in Safari, Chrome, Microsoft Edge, Brave, Arc, Dia, ChatGPT Atlas, Chromium, Helium, Vivaldi, Yandex Browser, Firefox, Zen, Colibri, Sidekick, Opera, Opera GX, or Edge Canary. If you use Safari, grant CodexBar Full Disk Access in System Settings ▸ Privacy & Security. You can also sign in to Cursor from the CodexBar menu (Add / switch account)." = "未找到 Cursor 会话。请在 Safari、Chrome、Microsoft Edge、Brave、Arc、Dia、ChatGPT Atlas、Chromium、Helium、Vivaldi、Yandex Browser、Firefox、Zen、Colibri、Sidekick、Opera、Opera GX 或 Edge Canary 中登录 cursor.com。若使用 Safari，请在“系统设置 ▸ 隐私与安全性”中授予 CodexBar“完全磁盘访问权限”。你也可以在 CodexBar 菜单中登录 Cursor（添加/切换账户）。";
+"No OpenCode session cookies found in browsers." = "在浏览器中未找到 OpenCode 会话 Cookie。";
+"No available fetch strategy for %@." = "%@ 暂无可用的获取策略。";
+"Today" = "今日";
+"Today tokens" = "今日 token 用量";
+"30d cost" = "近 30 天费用";
+"30d tokens" = "近 30 天 token 用量";
+"Latest tokens" = "最近 token 用量";
+"Top model" = "最常用模型";
+"Storage" = "存储";
+"Add Account..." = "添加账户…";
+"Usage Dashboard" = "用量仪表盘";
+"Status Page" = "状态页";
+"Settings..." = "设置…";
+"About CodexBar" = "关于 CodexBar";
+"Quit" = "退出";
+"Last %d day" = "近 %d 天";
+"Last %d days" = "近 %d 天";
+"%@ tokens" = "%@ token 用量";
+"Latest billing day" = "最近结算日";
+"Latest billing day (%@)" = "最近结算日（%@）";
+"%@ left" = "%@ 剩余";
+"Resets %@" = "重置于 %@";
+"Resets in %@" = "%@后重置";
+"Resets now" = "立即重置";
+"Lasts until reset" = "持续到重置";
+"Updated %@" = "更新于 %@";
+"Updated %@h ago" = "%@ 小时前更新";
+"Updated %@m ago" = "%@ 分钟前更新";
+"Updated just now" = "刚刚更新";
+"Projected empty in %@" = "预计 %@ 后耗尽";
+"Runs out in %@" = "预计 %@ 后耗尽";
+"Pace: %@" = "节奏：%@";
+"Pace: %@ · %@" = "节奏：%@ · %@";
+"%@ · %@" = "%@ · %@";
+"≈ %d%% run-out risk" = "≈ %d%% 耗尽风险";
+"%d%% in deficit" = "超额 %d%%";
+"%d%% in reserve" = "余量 %d%%";
+"usage_percent_suffix_left" = "剩余";
+"usage_percent_suffix_used" = "已使用";
+"Store multiple DeepSeek API keys." = "存储多个 DeepSeek API 密钥。";
+"This week" = "本周";
+"Week" = "本周";
+"Month" = "本月";
+"Models" = "模型数";
+"24h tokens" = "24 小时 token 用量";
+"Latest hour" = "最近 1 小时";
+"Peak hour" = "峰值小时";
+"Top method" = "主要方法";
+"30d cash" = "近 30 天费用";
+"30d billing history from MiniMax web session" = "来自 MiniMax Web 会话的近 30 天账单历史";
+"AWS Cost Explorer billing can lag." = "AWS Cost Explorer 账单数据可能延迟。";
+"Rate limit: %d / %@" = "速率限制：%d / %@";
+"Key remaining" = "密钥剩余额度";
+"No limit set for the API key" = "该 API 密钥未设置上限";
+"API key limit unavailable right now" = "当前无法获取 API 密钥上限";
+"This month: %@ tokens" = "本月：%@ token";
+"No utilization data yet." = "暂无使用率数据。";
+"No %@ utilization data yet." = "暂无 %@ 使用率数据。";
+"%@: %@%% used" = "%@：已用 %@%%";
+"%dd" = "%d 天";
+"today" = "今天";
+"just now" = "刚刚";
+"On pace" = "节奏正常";
+"Runs out now" = "即将耗尽";
+"Projected empty now" = "即将耗尽";
+"Switch Account..." = "切换账户…";
+"Update ready, restart now?" = "更新已就绪，是否立即重启？";
+"Daily" = "每日";
+"Hourly Tokens" = "每小时 token 用量";
+"No data" = "暂无数据";
+"No usage breakdown data available." = "暂无可用用量明细数据。";
+"Today: %@ · %@ tokens" = "今日：%@ · %@ token";
+"Today: %@" = "今日：%@";
+"Today: %@ tokens" = "今日：%@ token";
+"Last 30 days: %@ · %@ tokens" = "近 30 天：%@ · %@ token";
+"Last 30 days: %@" = "近 30 天：%@";
+"Est. total (30d): %@" = "近 30 天估算总计：%@";
+"Est. total (%@): %@" = "估算总计（%@）：%@";
+"Hover a bar for details" = "悬停在柱形图上查看详情";
+"%@: %@ · %@ tokens" = "%@：%@ · %@ token";
+"No providers selected for Overview." = "概览中尚未选择提供商。";
+"No overview data available." = "概览暂无可用数据。";
+"Auto uses the local IDE API first, then Google OAuth when the IDE is closed." = "自动模式会优先使用本地 IDE API；当 IDE 关闭时再使用 Google OAuth。";
+"Login with Google" = "使用 Google 登录";
+"Google OAuth" = "Google OAuth";
+"Add accounts via GitHub OAuth Device Flow on the selected host." = "通过所选主机的 GitHub OAuth 设备流程添加账户。";
+"Manual cleanup: past sessions" = "手动清理：历史会话";
+"Clearing removes past resume, continue, and rewind history." = "清理后将移除历史恢复、继续和回退记录。";
+"Manual cleanup: file checkpoints" = "手动清理：文件检查点";
+
+/* Popup panels */
+"No usage configured." = "尚未配置用量。";
+"Quota" = "配额";
+"tokens" = "token";
+"requests" = "请求";
+"Latest" = "最新";
+"Monthly" = "每月";
+"Sonnet" = "Sonnet";
+"Overages" = "超额";
+"Activity" = "活动";
+"Copied" = "已复制";
+"Copy error" = "复制错误";
+"Copy path" = "复制路径";
+"Extra usage spent" = "额外用量支出";
+"Credits remaining" = "剩余额度";
+"Using CLI fallback" = "使用 CLI 回退";
+"Balance updates in near-real time (up to 5 min lag)" = "余额接近实时更新（最多延迟 5 分钟）";
+"Daily billing data finalizes at 07:00 UTC" = "每日账单数据会在 UTC 07:00 完成结算";
+"%@ of %@ credits left" = "剩余 %@ / %@ 点额度";
+"%@ of %@ bonus credits left" = "剩余 %@ / %@ 点奖励额度";
+"%@ / %@ (%@ remaining)" = "%@ / %@（剩余 %@）";
+"%@/%@ left" = "剩余 %@ / %@";
+"Gemini Flash" = "Gemini Flash";
+"Regenerates %@" = "%@后恢复";
+"used after next regen" = "下次恢复后已使用";
+"after next regen" = "下次恢复后";
+"Near full" = "接近全满";
+"Full in ~1 regen" = "约 1 次恢复后全满";
+"Full in ~%.0f regens" = "约 %.0f 次恢复后全满";
+"Overage usage" = "超额用量";
+"Overage cost" = "超额费用";
+"credits" = "额度";
+"Zen balance" = "Zen 余额";
+"API spend" = "API 支出";
+"Extra usage" = "额外用量";
+"Quota usage" = "配额用量";
+"%.0f%% used" = "已使用 %.0f%%";
+"Usage history (today)" = "用量记录（今天）";
+"Usage history (%d days)" = "用量记录（%d 天）";
+"%d percent remaining" = "剩余 %d%%";
+"Unknown" = "未知";
+"stale data" = "数据过旧";
+"No credits history data available." = "暂无可用额度记录数据。";
+"Credits history chart" = "额度记录图表";
+"%d days of credits data" = "%d 天额度数据";
+"Usage breakdown chart" = "用量明细图表";
+"%d days of usage data across %d services" = "%d 天用量数据，涵盖 %d 个服务";
+"Cost history chart" = "费用记录图表";
+"%d days of cost data" = "%d 天费用数据";
+"Plan utilization chart" = "套餐使用率图表";
+"%d utilization samples" = "%d 条使用率样本";
+"Hourly Usage" = "每小时用量";
+"Usage remaining" = "剩余用量";
+"Usage used" = "已使用用量";
+"API key verified. Ollama does not expose Cloud quota limits through the API." = "API 密钥已验证。Ollama 不会通过 API 暴露 Cloud 配额限制。";
+"Last 30 days: %@ tokens" = "近 30 天：%@ token";
+"7d spend" = "7 天支出";
+"30d spend" = "30 天支出";
+"Cache read" = "缓存读取";
+"Claude Admin API 30 day spend trend" = "Claude Admin API 30 天支出趋势";
+"OpenRouter API key spend trend" = "OpenRouter API 密钥支出趋势";
+"z.ai hourly token trend" = "z.ai 每小时 token 趋势";
+"MiniMax 30 day token usage trend" = "MiniMax 30 天 token 用量趋势";
+"Today cash" = "今日现金";
+"DeepSeek 30 day token usage trend" = "DeepSeek 30 天 token 用量趋势";
+"cache-hit input" = "缓存命中输入";
+"cache-miss input" = "缓存未命中输入";
+"output" = "输出";
+"Requests" = "请求";
+"Reported by OpenAI Admin API organization usage." = "由 OpenAI Admin API 组织用量报告。";
+"Reported by Mistral billing usage." = "由 Mistral 账单用量报告。";
+"Clearing removes checkpoint restore data for previous edits." = "清理后将移除以往编辑的检查点恢复数据。";
+"Manual cleanup: saved plans" = "手动清理：已保存计划";
+"Clearing removes old plan-mode files." = "清理后将移除旧的计划模式文件。";
+"Manual cleanup: debug logs" = "手动清理：调试日志";
+"Clearing removes past debug logs." = "清理后会移除历史调试日志。";
+"Manual cleanup: attachment cache" = "手动清理：附件缓存";
+"Clearing removes cached large pastes or attached images." = "清理后会移除缓存的大段粘贴内容或附件图片。";
+"Manual cleanup: session metadata" = "手动清理：会话元数据";
+"Clearing removes per-session environment metadata." = "清理后会移除每个会话的环境元数据。";
+"Manual cleanup: shell snapshots" = "手动清理：Shell 快照";
+"Clearing removes leftover runtime shell snapshot files." = "清理后会移除遗留的运行时 Shell 快照文件。";
+"Manual cleanup: legacy todos" = "手动清理：旧版待办";
+"Clearing removes legacy per-session task lists." = "清理后会移除旧版的每会话任务列表。";
+"Manual cleanup: sessions" = "手动清理：会话";
+"Clearing removes past Codex session history." = "清理后将移除历史 Codex 会话记录。";
+"Manual cleanup: archived sessions" = "手动清理：归档会话";
+"Clearing removes archived Codex session history." = "清理后会移除已归档的 Codex 会话记录。";
+"Manual cleanup: cache" = "手动清理：缓存";
+"Clearing removes provider-owned cached data." = "清理后将移除提供商缓存数据。";
+"Manual cleanup: logs" = "手动清理：日志";
+"Clearing removes local diagnostic logs." = "清理后将移除本地诊断日志。";
+"Manual cleanup: file history" = "手动清理：文件历史";
+"Clearing removes local edit checkpoint history." = "清理后会移除本地编辑检查点历史。";
+"Manual cleanup: temporary data" = "手动清理：临时数据";
+"Clearing removes local temporary provider data." = "清理后会移除本地临时提供商数据。";
+"Total: %@" = "总计：%@";
+"%d more items" = "另有 %d 项";
+"Cleanup ideas" = "清理建议";
+"%d unreadable item(s) skipped" = "已跳过 %d 个不可读项目";
+"weekly_progress_work_days_title" = "工作日刻度线";
+"weekly_progress_work_days_subtitle" = "在每周用量条上显示按天分隔的刻度线。";
+"copilot_device_code" = "设备代码已复制到剪贴板：%1$@\n\n请在以下地址验证：%2$@";
+"copilot_waiting_text" = "请在浏览器中完成登录。\n登录完成后，此窗口会自动关闭。";
+"vertex_ai_login_instructions" = "要跟踪 Vertex AI 用量，请通过 Google Cloud 进行认证。\n\n1. 打开终端\n2. 运行：gcloud auth application-default login\n3. 按照浏览器提示登录\n4. 设置你的项目：gcloud config set project PROJECT_ID\n\n是否现在打开终端？";
+"minimax_usage_amount_format" = "用量：%@ / %@";
+"minimax_used_percent_format" = "已使用 %@";
+"minimax_service_text_generation" = "文本生成";
+"minimax_service_text_to_speech" = "文本转语音";
+"minimax_service_music_generation" = "音乐生成";
+"minimax_service_image_generation" = "图像生成";
+"minimax_service_lyrics_generation" = "歌词生成";
+"minimax_service_coding_plan_vlm" = "视觉编码计划";
+"minimax_service_coding_plan_search" = "搜索编码计划";
+
+/* Notification strings */
+"login_success_notification_title" = "%@ 登录成功";
+"login_success_notification_body" = "可以返回应用了，认证已完成。";
+"session_depleted_notification_title" = "%@ 会话额度已用尽";
+"session_depleted_notification_body" = "剩余 0%。可用时会通知你。";
+"session_restored_notification_title" = "%@ 会话已恢复";
+"session_restored_notification_body" = "会话额度已重新可用。";
+"quota_warning_notification_title" = "%1$@ 的 %2$@ 额度偏低";
+"quota_warning_notification_body" = "剩余 %1$@。已达到 %2$d%% 的 %3$@ 预警阈值。";
+"quota_warning_notification_body_with_account" = "账户 %1$@。剩余 %2$@。已达到 %3$d%% 的 %4$@ 预警阈值。";
+
+/* Additional provider settings and alerts */
+"%@ is waiting for permission" = "%@ 正在等待权限";
+"%@ requests" = "%@ 个请求";
+"%@: %@ credits" = "%@：%@ 额度";
+"30d requests" = "近 30 天请求";
+"4 days" = "4 天";
+"5 days" = "5 天";
+"7 days" = "7 天";
+"API key verifies Ollama Cloud access; cookies still expose quota limits." = "API 密钥会验证 Ollama Cloud 访问权限；Cookie 仍会提供配额限制。";
+"AWS access key ID. Can also be set with AWS_ACCESS_KEY_ID." = "AWS 访问密钥 ID。也可以用 AWS_ACCESS_KEY_ID 设置。";
+"AWS region. Can also be set with AWS_REGION." = "AWS 区域。也可以用 AWS_REGION 设置。";
+"AWS secret access key. Can also be set with AWS_SECRET_ACCESS_KEY." = "AWS 秘密访问密钥。也可以用 AWS_SECRET_ACCESS_KEY 设置。";
+"Access key ID" = "访问密钥 ID";
+"Add Account" = "添加账号";
+"Adding Account…" = "正在添加账号…";
+"Antigravity login failed" = "Antigravity 登录失败";
+"Antigravity login timed out" = "Antigravity 登录超时";
+"Auth source" = "认证来源";
+"Automatic imports Chrome browser cookies from Xiaomi MiMo." = "自动导入 Xiaomi MiMo 的 Chrome 浏览器 Cookie。";
+"Automatic imports Windsurf session data from Chromium browser localStorage." = "自动从 Chromium 浏览器 localStorage 导入 Windsurf 会话数据。";
+"Automatic imports browser cookies from Bailian." = "自动导入 Bailian 的浏览器 Cookie。";
+"Automatically imports browser cookies." = "自动导入浏览器 Cookie。";
+"Automatically imports browser session cookies." = "自动导入浏览器会话 Cookie。";
+"Azure OpenAI deployment name. AZURE_OPENAI_DEPLOYMENT_NAME is also supported." = "Azure OpenAI 部署名称。也支持 AZURE_OPENAI_DEPLOYMENT_NAME。";
+"Azure OpenAI key" = "Azure OpenAI 密钥";
+"Azure OpenAI resource endpoint. AZURE_OPENAI_ENDPOINT is also supported." = "Azure OpenAI 资源端点。也支持 AZURE_OPENAI_ENDPOINT。";
+"Base URL" = "Base URL";
+"Base URL for the LLM-API-Key-Proxy instance." = "LLM-API-Key-Proxy 实例的 Base URL。";
+"Browser cookies" = "浏览器 Cookie";
+"Cap end" = "上限终点";
+"Cap start" = "上限起点";
+"Capacity End" = "容量终点";
+"Capacity Start" = "容量起点";
+"Changelog" = "变更记录";
+"Choose the Moonshot/Kimi API host for international or China mainland accounts." = "选择国际或中国大陆账号使用的 Moonshot/Kimi API 主机。";
+"CodexBar can't replace a system account that is signed in with an API key only setup." = "CodexBar 无法替换仅使用 API 密钥登录设置的系统账号。";
+"CodexBar could not find saved auth for that account. Re-authenticate it and try again." = "CodexBar 找不到该账号已保存的认证。请重新认证后再试。";
+"CodexBar could not read managed account storage. Recover the store before adding another account." = "CodexBar 无法读取托管账号存储区。请先修复存储区，再添加其他账号。";
+"CodexBar could not read saved auth for that account. Re-authenticate it and try again." = "CodexBar 无法读取该账号已保存的认证。请重新认证后再试。";
+"CodexBar could not read the current system account on this Mac." = "CodexBar 无法读取此 Mac 上当前的系统账号。";
+"CodexBar could not replace the live Codex auth on this Mac." = "CodexBar 无法替换此 Mac 上当前的 Codex 认证。";
+"CodexBar could not safely preserve the current system account before switching." = "CodexBar 无法在切换前安全保留当前的系统账号。";
+"CodexBar could not save the current system account before switching." = "CodexBar 无法在切换前保存当前的系统账号。";
+"CodexBar could not update managed account storage." = "CodexBar 无法更新托管账号存储区。";
+"CodexBar found another managed account that already uses the current system account. Resolve the duplicate account before switching." = "CodexBar 发现另一个托管账号已使用当前的系统账号。请先解决重复账号，再进行切换。";
+"CodexBar will ask macOS Keychain for “%@” so it can decrypt browser cookies and authenticate your account. Click OK to continue." = "CodexBar 将向 macOS 钥匙串请求“%@”，以解密浏览器 Cookie 并认证你的账号。点击“确定”继续。";
+"CodexBar will ask macOS Keychain for the Claude Code OAuth token so it can fetch your Claude usage. Click OK to continue." = "CodexBar 将向 macOS 钥匙串请求 Claude Code OAuth token，以获取你的 Claude 用量。点击“确定”继续。";
+"CodexBar will ask macOS Keychain for your Amp cookie header so it can fetch usage. Click OK to continue." = "CodexBar 将向 macOS 钥匙串请求你的 Amp Cookie 标头，以获取用量。点击“确定”继续。";
+"CodexBar will ask macOS Keychain for your Augment cookie header so it can fetch usage. Click OK to continue." = "CodexBar 将向 macOS 钥匙串请求你的 Augment Cookie 标头，以获取用量。点击“确定”继续。";
+"CodexBar will ask macOS Keychain for your Claude cookie header so it can fetch Claude web usage. Click OK to continue." = "CodexBar 将向 macOS 钥匙串请求你的 Claude Cookie 标头，以获取 Claude 网页用量。点击“确定”继续。";
+"CodexBar will ask macOS Keychain for your Cursor cookie header so it can fetch usage. Click OK to continue." = "CodexBar 将向 macOS 钥匙串请求你的 Cursor Cookie 标头，以获取用量。点击“确定”继续。";
+"CodexBar will ask macOS Keychain for your Factory cookie header so it can fetch usage. Click OK to continue." = "CodexBar 将向 macOS 钥匙串请求你的 Factory Cookie 标头，以获取用量。点击“确定”继续。";
+"CodexBar will ask macOS Keychain for your GitHub Copilot token so it can fetch usage. Click OK to continue." = "CodexBar 将向 macOS 钥匙串请求你的 GitHub Copilot token，以获取用量。点击“确定”继续。";
+"CodexBar will ask macOS Keychain for your Kimi K2 API key so it can fetch usage. Click OK to continue." = "CodexBar 将向 macOS 钥匙串请求你的 Kimi K2 API 密钥，以获取用量。点击“确定”继续。";
+"CodexBar will ask macOS Keychain for your Kimi auth token so it can fetch usage. Click OK to continue." = "CodexBar 将向 macOS 钥匙串请求你的 Kimi 认证 token，以获取用量。点击“确定”继续。";
+"CodexBar will ask macOS Keychain for your MiniMax API token so it can fetch usage. Click OK to continue." = "CodexBar 将向 macOS 钥匙串请求你的 MiniMax API token，以获取用量。点击“确定”继续。";
+"CodexBar will ask macOS Keychain for your MiniMax cookie header so it can fetch usage. Click OK to continue." = "CodexBar 将向 macOS 钥匙串请求你的 MiniMax Cookie 标头，以获取用量。点击“确定”继续。";
+"CodexBar will ask macOS Keychain for your OpenAI cookie header so it can fetch Codex dashboard extras. Click OK to continue." = "CodexBar 将向 macOS 钥匙串请求你的 OpenAI Cookie 标头，以获取 Codex 仪表盘额外数据。点击“确定”继续。";
+"CodexBar will ask macOS Keychain for your OpenCode cookie header so it can fetch usage. Click OK to continue." = "CodexBar 将向 macOS 钥匙串请求你的 OpenCode Cookie 标头，以获取用量。点击“确定”继续。";
+"CodexBar will ask macOS Keychain for your Synthetic API key so it can fetch usage. Click OK to continue." = "CodexBar 将向 macOS 钥匙串请求你的 Synthetic API 密钥，以获取用量。点击“确定”继续。";
+"CodexBar will ask macOS Keychain for your z.ai API token so it can fetch usage. Click OK to continue." = "CodexBar 将向 macOS 钥匙串请求你的 z.ai API token，以获取用量。点击“确定”继续。";
+"Could not open Cursor login in your browser." = "无法在浏览器中打开 Cursor 登录。";
+"Could not open browser for Antigravity" = "无法为 Antigravity 打开浏览器";
+"Credits used" = "已用额度";
+"Day" = "日期";
+"Deployment" = "部署";
+"Drag to reorder" = "拖动以重新排序";
+"Endpoint" = "端点";
+"Enterprise host" = "Enterprise 主机";
+"Extra usage balance: %@" = "额外使用量余额：%@";
+"Keychain Access Required" = "需要钥匙串访问权限";
+"Kiro menu bar value" = "Kiro 菜单栏数值";
+"Label" = "标签";
+"No organizations loaded. Click Refresh after setting your API key." = "尚未加载组织。设置 API 密钥后点击“刷新”。";
+"No output captured." = "未捕获到输出。";
+"No system account" = "没有系统账号";
+"Oasis-Token" = "Oasis-Token";
+"Open Augment (Log Out & Back In)" = "打开 Augment（退出后重新登录）";
+"Open Codebuff Dashboard" = "打开 Codebuff 仪表盘";
+"Open Command Code Settings" = "打开 Command Code 设置";
+"Open Crof dashboard" = "打开 Crof 仪表盘";
+"Open Manus" = "打开 Manus";
+"Open MiMo Balance" = "打开 MiMo 余额";
+"Open Moonshot Console" = "打开 Moonshot 控制台";
+"Open Ollama API Keys" = "打开 Ollama API 密钥";
+"Open StepFun Platform" = "打开 StepFun 平台";
+"Open T3 Chat Settings" = "打开 T3 Chat 设置";
+"Open Volcengine Ark Console" = "打开 Volcengine Ark 控制台";
+"Open legacy provider docs" = "打开旧版提供商文档";
+"Open projects" = "打开项目";
+"Open this URL manually to continue login:\n\n%@" = "手动打开此 URL 以继续登录：\n\n%@";
+"Optional organization ID for accounts linked to multiple Anthropic organizations." = "适用于关联多个 Anthropic 组织的账号，可选填组织 ID。";
+"Optional. Applies to the configured Admin API key; selected token accounts do not inherit OPENAI_PROJECT_ID." = "选填。应用到已设置的 Admin API 密钥；选中的 token 账号不会继承 OPENAI_PROJECT_ID。";
+"Optional. Enter your GitHub Enterprise host, for example octocorp.ghe.com. Leave blank for github.com." = "选填。输入你的 GitHub Enterprise 主机，例如 octocorp.ghe.com。留空则使用 github.com。";
+"Optional. Leave blank to discover and aggregate projects visible to the API key." = "选填。留空会发现并汇总 API 密钥可见的项目。";
+"Org ID (optional)" = "组织 ID（选填）";
+"Organizations" = "组织";
+"Password" = "密码";
+"%@ authentication is disabled." = "%@ 认证已禁用。";
+"%@ cookies are disabled." = "%@ Cookie 已禁用。";
+"%@ web API access is disabled." = "%@ Web API 访问已禁用。";
+"Disable %@ dashboard cookie usage." = "禁用 %@ 仪表盘 Cookie 用法。";
+"Keychain access is disabled in Advanced, so browser cookie import is unavailable." = "高级设置中已禁用钥匙串访问，因此无法导入浏览器 Cookie。";
+"Manually paste an %@ from a browser session." = "从浏览器会话中手动粘贴 %@。";
+"Paste a Cookie header captured from %@." = "粘贴从 %@ 捕获的 Cookie 标头。";
+"Paste a Cookie header from %@." = "粘贴来自 %@ 的 Cookie 标头。";
+"Paste a Cookie header or cURL capture from %@." = "粘贴来自 %@ 的 Cookie 标头或 cURL 捕获内容。";
+"Paste a Cookie header or full cURL capture from %@." = "粘贴来自 %@ 的 Cookie 标头或完整 cURL 捕获内容。";
+"Paste a Cookie or Authorization header from %@." = "粘贴来自 %@ 的 Cookie 或 Authorization 标头。";
+"Paste a full cookie header or the %@ value." = "粘贴完整 Cookie 标头或 %@ 值。";
+"Paste a Cookie header or full cURL capture from T3 Chat settings." = "粘贴 T3 Chat 设置中的 Cookie 标头或完整 cURL 捕获内容。";
+"Paste the Cookie header from a request to admin.mistral.ai. Must contain an ory_session_* cookie." = "粘贴发往 admin.mistral.ai 请求中的 Cookie 标头。必须包含 ory_session_* Cookie。";
+"Paste the Oasis-Token from a logged-in browser session on platform.stepfun.com." = "粘贴 platform.stepfun.com 已登录浏览器会话中的 Oasis-Token。";
+"Paste the %@ JSON bundle from %@." = "粘贴来自 %2$@ 的 %1$@ JSON 包。";
+"Paste the %@ value or a full Cookie header." = "粘贴 %@ 值或完整 Cookie 标头。";
+"Personal account" = "个人账号";
+"Project ID" = "项目 ID";
+"Re-auth" = "重新认证";
+"Re-authenticating…" = "正在重新认证…";
+"Refresh Session" = "刷新会话";
+"Refresh organizations" = "刷新组织";
+"Region" = "区域";
+"Reload" = "重新加载";
+"Reorder" = "重新排序";
+"Secret access key" = "秘密访问密钥";
+"Series" = "序列";
+"Service" = "服务";
+"Show or hide Kiro credits, percent, or both next to the menu bar icon." = "在菜单栏图标旁显示或隐藏 Kiro 额度、百分比，或两者都显示。";
+"Show usage for organizations you belong to. Personal account is always shown." = "显示你所属组织的用量。个人账号始终显示。";
+"Sign in to cursor.com in your browser, then refresh Cursor in CodexBar." = "请在浏览器中登录 cursor.com，然后在 CodexBar 刷新 Cursor。";
+"Simulated error text" = "模拟错误文字";
+"StepFun platform account (phone number or email)." = "StepFun 平台账号（手机号或电子邮件）。";
+"Stored in ~/.codexbar/config.json." = "存储在 ~/.codexbar/config.json 中。";
+"Stored in ~/.codexbar/config.json. AZURE_OPENAI_API_KEY is also supported." = "存储在 ~/.codexbar/config.json 中。也支持 AZURE_OPENAI_API_KEY。";
+"Stored in ~/.codexbar/config.json. For the official Kimi API, use Moonshot / Kimi API." = "存储在 ~/.codexbar/config.json 中。官方 Kimi API 请使用 Moonshot / Kimi API。";
+"Stored in ~/.codexbar/config.json. Get your API key from the Volcengine Ark console." = "存储在 ~/.codexbar/config.json 中。请从 Volcengine Ark 控制台获取 API 密钥。";
+"Stored in ~/.codexbar/config.json. Get your key from Ollama settings." = "存储在 ~/.codexbar/config.json 中。请从 Ollama 设置获取密钥。";
+"Stored in ~/.codexbar/config.json. Get your key from console.deepgram.com." = "存储在 ~/.codexbar/config.json 中。请从 console.deepgram.com 获取密钥。";
+"Stored in ~/.codexbar/config.json. Get your key from elevenlabs.io/app/settings/api-keys." = "存储在 ~/.codexbar/config.json 中。请从 elevenlabs.io/app/settings/api-keys 获取密钥。";
+"Stored in ~/.codexbar/config.json. Get your key from openrouter.ai/settings/keys and set a key spending limit there to enable API key quota tracking." = "存储在 ~/.codexbar/config.json 中。请从 openrouter.ai/settings/keys 获取密钥，并在那里设置密钥支出上限以启用 API 密钥配额跟踪。";
+"Stored in ~/.codexbar/config.json. In Warp, open Settings > Platform > API Keys, then create one." = "存储在 ~/.codexbar/config.json 中。在 Warp 中打开 Settings > Platform > API Keys，然后创建一个。";
+"Stored in ~/.codexbar/config.json. Metrics require Groq Enterprise Prometheus access." = "存储在 ~/.codexbar/config.json 中。指标需要 Groq Enterprise Prometheus 访问权限。";
+"Stored in ~/.codexbar/config.json. OPENAI_ADMIN_KEY is preferred; OPENAI_API_KEY still works." = "存储在 ~/.codexbar/config.json 中。优先使用 OPENAI_ADMIN_KEY；OPENAI_API_KEY 仍可使用。";
+"Stored in ~/.codexbar/config.json. Requires an Anthropic Admin API key." = "存储在 ~/.codexbar/config.json 中。需要 Anthropic Admin API 密钥。";
+"Stored in ~/.codexbar/config.json. Used for /v1/quota-stats." = "存储在 ~/.codexbar/config.json 中。用于 /v1/quota-stats。";
+"Stored in ~/.codexbar/config.json. You can also provide CODEBUFF_API_KEY or let CodexBar read ~/.config/manicode/credentials.json (created by `codebuff login`)." = "存储在 ~/.codexbar/config.json 中。你也可以提供 CODEBUFF_API_KEY，或让 CodexBar 读取由 `codebuff login` 创建的 ~/.config/manicode/credentials.json。";
+"Stored in ~/.codexbar/config.json. You can also provide CROF_API_KEY." = "存储在 ~/.codexbar/config.json 中。你也可以提供 CROF_API_KEY。";
+"Stored in ~/.codexbar/config.json. You can also provide KILO_API_KEY or ~/.local/share/kilo/auth.json (kilo.access)." = "存储在 ~/.codexbar/config.json 中。你也可以提供 KILO_API_KEY 或 ~/.local/share/kilo/auth.json（kilo.access）。";
+"T3 Chat cookie" = "T3 Chat Cookie";
+"That account is no longer available in CodexBar. Refresh the account list and try again." = "该账号已无法在 CodexBar 中使用。请刷新账号列表后再试。";
+"The browser login did not complete in time. Try Antigravity login again." = "浏览器登录未在时限内完成。请再次尝试 Antigravity 登录。";
+"Timed out waiting for Cursor login. %@" = "等待 Cursor 登录超时。%@";
+"Timed out waiting for Cursor login. %@ Last error: %@" = "等待 Cursor 登录超时。%@ 最后错误：%@";
+"Today requests" = "今日请求";
+"Total (30d): %@ credits" = "总计（30 天）：%@ 额度";
+"Username" = "用户名";
+"Uses username + password to login and obtain an Oasis-Token automatically." = "使用用户名与密码登录，并自动获取 Oasis-Token。";
+"Uses username + password to login and obtain an %@ automatically." = "使用用户名与密码登录，并自动获取 %@。";
+"Utilization End" = "使用率终点";
+"Utilization Start" = "使用率起点";
+"Verbosity" = "详细程度";
+"Windsurf session JSON bundle" = "Windsurf 会话 JSON 包";
+"Workspace ID" = "工作区 ID";
+"Your StepFun platform password. Used to login and obtain a session token." = "你的 StepFun 平台密码。用于登录并获取会话 token。";
+"claude /login exited with status %d." = "claude /login 以状态 %d 结束。";
+"codex login exited with status %d." = "codex login 以状态 %d 结束。";
+"Cookie: …\n\nor paste a cURL capture from the Abacus AI dashboard" = "Cookie: …\n\n或粘贴 Abacus AI 仪表盘的 cURL 捕获内容";
+"Cookie: …\n\nor paste the __Secure-next-auth.session-token value" = "Cookie: …\n\n或粘贴 __Secure-next-auth.session-token 值";
+"Cookie: …\n\nor paste the kimi-auth token value" = "Cookie: …\n\n或粘贴 kimi-auth token 值";
+"session_id=...\n\nor paste just the session_id value" = "session_id=...\n\n或只粘贴 session_id 值";
diff --git a/Sources/CodexBar/Resources/zh-Hant.lproj/Localizable.strings b/Sources/CodexBar/Resources/zh-Hant.lproj/Localizable.strings
new file mode 100644
index 000000000..f87b1583d
--- /dev/null
+++ b/Sources/CodexBar/Resources/zh-Hant.lproj/Localizable.strings
@@ -0,0 +1,928 @@
+/* Chinese (Traditional) localization for CodexBar */
+
+" providers" = " 提供者";
+"(System)" = "(System)";
+"30d" = "30 天";
+"A managed Codex login is already running. Wait for it to finish before adding " = "託管 Codex 登入已在執行。請等待其完成後再新增 ";
+"API key" = "API 金鑰";
+"API key limit" = "API 金鑰限制";
+"API region" = "API 區域";
+"API token" = "API token";
+"API tokens" = "API token";
+"About" = "關於";
+"Account" = "帳號";
+"Accounts" = "帳號";
+"Accounts subtitle" = "帳號副標題";
+"Active" = "作用中";
+"Add" = "新增";
+"Add Workspace" = "新增工作區";
+"Advanced" = "進階";
+"All" = "全部";
+"Always allow prompts" = "一律允許提示";
+"Animation pattern" = "動畫模式";
+"Antigravity login is managed in the app" = "Antigravity 登入由 App 管理";
+"Applies only to the Security.framework OAuth keychain reader." = "僅適用於 Security.framework OAuth 鑰匙圈讀取器。";
+"Auth" = "認證";
+"Auto" = "自動";
+"Auto falls back to the next source if the preferred one fails." = "如果偏好的來源失敗，自動改用下一個來源。";
+"Auto uses API first, then falls back to CLI on auth failures." = "自動優先使用 API，認證失敗時改用 CLI。";
+"Auto-detect" = "自動偵測";
+"Auto-refresh is off; use the menu's Refresh command." = "自動重新整理已關閉；請使用選單中的「重新整理」指令。";
+"Auto-refresh: hourly · Timeout: 10m" = "自動重新整理：每小時 · 逾時：10 分鐘";
+"Automatic" = "自動";
+"Automatic imports browser cookies and WorkOS tokens." = "自動匯入瀏覽器 Cookie 和 WorkOS token。";
+"Automatic imports browser cookies and local storage tokens." = "自動匯入瀏覽器 Cookie 和本機儲存 token。";
+"Automatic imports browser cookies for dashboard extras." = "自動匯入用於儀表板附加功能的瀏覽器 Cookie。";
+"Automatic imports browser cookies for the web API." = "自動匯入用於 Web API 的瀏覽器 Cookie。";
+"Automatic imports browser cookies from Model Studio/Bailian." = "自動從 Model Studio/Bailian 匯入瀏覽器 Cookie。";
+"Automatic imports browser cookies from admin.mistral.ai." = "自動從 admin.mistral.ai 匯入瀏覽器 Cookie。";
+"Automatic imports browser cookies from opencode.ai." = "自動從 opencode.ai 匯入瀏覽器 Cookie。";
+"Automatic imports browser cookies or stored sessions." = "自動匯入瀏覽器 Cookie 或已儲存的工作階段。";
+"Automatic imports browser cookies." = "自動匯入瀏覽器 Cookie。";
+"Automatically imports browser session cookie." = "自動匯入瀏覽器工作階段 Cookie。";
+"Automatically opens CodexBar when you start your Mac." = "登入 Mac 時自動開啟 CodexBar。";
+"Automation" = "自動化";
+"Average (\\(label1) + \\(label2))" = "平均（\\(label1) + \\(label2)）";
+"Average (\\(metadata.sessionLabel) + \\(metadata.weeklyLabel))" = "平均（\\(metadata.sessionLabel) + \\(metadata.weeklyLabel)）";
+"Avoid Keychain prompts" = "避免鑰匙圈提示";
+"Balance" = "餘額";
+"Battery Saver" = "省電模式";
+"Bordered" = "有邊框";
+"Build" = "建置";
+"Built \\(buildTimestamp)" = "建置於 \\(buildTimestamp)";
+"Buy Credits..." = "購買額度...";
+"Buy Credits…" = "購買額度…";
+"CLI paths" = "CLI 路徑";
+"CLI sessions" = "CLI 工作階段";
+"Caches" = "快取";
+"Cancel" = "取消";
+"Check for Updates…" = "檢查更新…";
+"Check for updates automatically" = "自動檢查更新";
+"Check if you like your agents having some fun up there." = "讓選單列上的 Agent 多一點變化。";
+"Check provider status" = "檢查提供者狀態";
+"Choose Codex workspace" = "選擇 Codex 工作區";
+"Choose the MiniMax host (global .io or China mainland .com)." = "選擇 MiniMax 主機（全球 .io 或中國大陸 .com）。";
+"Choose up to " = "選擇最多 ";
+"Choose up to \\(Self.maxOverviewProviders) providers" = "選擇最多 \\(Self.maxOverviewProviders) 個提供者";
+"Choose up to \\(count) providers" = "選擇最多 \\(count) 個提供者";
+"Choose what to show in the menu bar (Pace shows usage vs. expected)." = "選擇選單列中顯示的內容（進度會比較實際與預期使用量）。";
+"Choose which Codex account CodexBar should follow." = "選擇 CodexBar 要追蹤的 Codex 帳號。";
+"Choose which window drives the menu bar percent." = "選擇用於驅動選單列百分比的時段。";
+"Chrome" = "Chrome";
+"Claude CLI not found" = "找不到 Claude CLI";
+"Claude binary" = "Claude 二進位檔案";
+"Claude cookies" = "Claude Cookie";
+"Claude login failed" = "Claude 登入失敗";
+"Claude login timed out" = "Claude 登入逾時";
+"Close" = "關閉";
+"Code review" = "程式碼審查";
+"Codex CLI not found" = "找不到 Codex CLI";
+"Codex account login already running" = "Codex 帳號登入已在執行";
+"Codex binary" = "Codex 二進位檔案";
+"Codex login failed" = "Codex 登入失敗";
+"Codex login timed out" = "Codex 登入逾時";
+"CodexBar Lifecycle Keepalive" = "CodexBar 生命週期維持";
+"CodexBar could not read managed account storage. " = "CodexBar 無法讀取託管帳號儲存。";
+"Configure…" = "設定…";
+"Connected" = "已連線";
+"Controls how much detail is logged." = "控制記錄詳細程度。";
+"Cookie header" = "Cookie 標頭";
+"Cookie source" = "Cookie 來源";
+"Cookie: ..." = "Cookie：...";
+"Cookie: \\u{2026}\\\n\\\nor paste a cURL capture from the Abacus AI dashboard" = "Cookie：\\u{2026}\\\n\\\n或貼上來自 Abacus AI 儀表板的 cURL 擷取內容";
+"Cookie: \\u{2026}\\\n\\\nor paste the __Secure-next-auth.session-token value" = "Cookie：\\u{2026}\\\n\\\n或貼上 __Secure-next-auth.session-token 的值";
+"Cookie: \\u{2026}\\\n\\\nor paste the kimi-auth token value" = "Cookie：\\u{2026}\\\n\\\n或貼上 kimi-auth token 值";
+"Cookie: …" = "Cookie：…";
+"CopilotDeviceFlow" = "Copilot 裝置流程";
+"Cost" = "費用";
+"Could not add Codex account" = "無法新增 Codex 帳號";
+"Could not open Terminal for Gemini" = "無法為 Gemini 開啟終端";
+"Could not start claude /login" = "無法啟動 claude /login";
+"Could not start codex login" = "無法啟動 codex login";
+"Could not switch system account" = "無法切換系統帳號";
+"Credits" = "額度";
+"Credits history" = "額度歷史";
+"Cursor login failed" = "Cursor 登入失敗";
+"Custom" = "自訂";
+"Custom Path" = "自訂路徑";
+"Daily Routines" = "每日例行工作";
+"Debug" = "除錯";
+"Default" = "預設";
+"Disable Keychain access" = "停用鑰匙圈存取";
+"Disabled" = "已停用";
+"Disabled — no recent data" = "已停用 — 無近期資料";
+"Disconnected" = "已中斷連線";
+"Display" = "顯示";
+"Display mode" = "顯示模式";
+"Display reset times as absolute clock values instead of countdowns." = "將重置時間顯示為絕對時鐘值，而不是倒數計時。";
+"Done" = "完成";
+"Effective PATH" = "有效 PATH";
+"Email" = "電子郵件";
+"Enable Merge Icons to configure Overview tab providers." = "啟用「合併圖示」以設定「概覽」標籤中的提供者。";
+"Enable file logging" = "啟用檔案記錄";
+"Enabled" = "已啟用";
+"Error" = "錯誤";
+"Error simulation" = "錯誤模擬";
+"Expose troubleshooting tools in the Debug tab." = "在「除錯」標籤中顯示疑難排解工具。";
+"Failed" = "失敗";
+"False" = "假";
+"Fetch strategy attempts" = "取得策略嘗試";
+"Fetching" = "取得中";
+"Field" = "欄位";
+"Field subtitle" = "欄位副標題";
+"Finish the current managed account change before switching the system account." = "請先完成目前託管帳號變更，再切換系統帳號。";
+"Force animation on next refresh" = "下次重新整理時強制動畫";
+"Gateway region" = "閘道區域";
+"Gemini CLI not found" = "找不到 Gemini CLI";
+"Gemini/Antigravity, surfacing incidents in the icon and menu." = "Gemini/Antigravity，並在圖示和選單中顯示服務異常。";
+"General" = "一般";
+"GitHub" = "GitHub";
+"GitHub Copilot Login" = "GitHub Copilot 登入";
+"GitHub Login" = "GitHub 登入";
+"Hide details" = "隱藏詳細資訊";
+"Hide personal information" = "隱藏個人資訊";
+"Historical tracking" = "歷史追蹤";
+"How often CodexBar polls providers in the background." = "CodexBar 在背景輪詢提供者的頻率。";
+"Inactive" = "非作用中";
+"Install CLI" = "安裝 CLI";
+"Install the Claude CLI (npm i -g @anthropic-ai/claude-code) and try again." = "安裝 Claude CLI（npm i -g @anthropic-ai/claude-code）後重試。";
+"Install the Codex CLI (npm i -g @openai/codex) and try again." = "安裝 Codex CLI（npm i -g @openai/codex）後重試。";
+"Install the Gemini CLI (npm i -g @google/gemini-cli) and try again." = "安裝 Gemini CLI（npm i -g @google/gemini-cli）後重試。";
+"JetBrains AI is ready" = "JetBrains AI 已就緒";
+"JetBrains IDE" = "JetBrains IDE";
+"Keep CLI sessions alive" = "保持 CLI 工作階段存活";
+"Keyboard shortcut" = "快速鍵";
+"Keychain access" = "鑰匙圈存取";
+"Keychain prompt policy" = "鑰匙圈提示策略";
+"Last \\(name) fetch failed:" = "上次取得 \\(name) 失敗：";
+"Last \\(self.store.metadata(for: self.provider).displayName) fetch failed:" = "上次取得 \\(self.store.metadata(for: self.provider).displayName) 失敗：";
+"Last attempt" = "上次嘗試";
+"Limits not available" = "無法取得限制資料";
+"Link" = "連結";
+"Loading animations" = "載入動畫";
+"Loading…" = "載入中…";
+"Local" = "本機";
+"Logging" = "記錄";
+"Login failed" = "登入失敗";
+"Login shell PATH (startup capture)" = "登入 shell PATH（啟動時擷取）";
+"Login timed out" = "登入逾時";
+"MCP details" = "MCP 詳細資訊";
+"Managed Codex accounts unavailable" = "無法使用託管 Codex 帳號";
+"Managed account storage is unreadable. Live account access is still available, " = "託管帳號儲存區無法讀取。即時帳號仍可存取，";
+"Manual" = "手動";
+"May your tokens never run out—keep agent limits in view." = "願你的 token 永不用完，隨時掌握 Agent 限制。";
+"Menu bar" = "選單列";
+"Menu bar auto-shows the provider closest to its rate limit." = "選單列會自動顯示最接近速率限制的提供者。";
+"Menu bar metric" = "選單列指標";
+"Menu bar shows percent" = "選單列顯示百分比";
+"Menu content" = "選單內容";
+"Merge Icons" = "合併圖示";
+"Never prompt" = "永不提示";
+"No" = "否";
+"No Codex accounts detected yet." = "未偵測到 Codex 帳號。";
+"No JetBrains IDE detected" = "未偵測到 JetBrains IDE";
+"No cost history data." = "尚無費用歷史資料。";
+"No usage yet" = "尚無使用量";
+"Not fetched yet" = "尚未取得";
+"No credits history data." = "尚無額度歷史資料。";
+"No data available" = "沒有可用資料";
+"No data yet" = "尚無資料";
+"No enabled providers available for Overview." = "「概覽」中沒有可用的已啟用提供者。";
+"No providers selected" = "未選擇提供者";
+"No token accounts yet." = "尚無 token 帳號。";
+"No usage breakdown data." = "尚無使用量明細資料。";
+"None" = "無";
+"Notifications" = "通知";
+"Notifies when the 5-hour session quota hits 0% and when it becomes " = "當 5 小時工作階段配額降至 0% 或";
+"OK" = "好";
+"Obscure email addresses in the menu bar and menu UI." = "在選單列和選單介面中隱藏電子郵件地址。";
+"Off" = "關閉";
+"Offline" = "離線";
+"On" = "開啟";
+"Online" = "線上";
+"Only on user action" = "僅在使用者操作時";
+"Open" = "開啟";
+"Open API Keys" = "開啟 API 金鑰";
+"Open Amp Settings" = "開啟 Amp 設定";
+"Open Antigravity to sign in, then refresh CodexBar." = "開啟 Antigravity 登入，然後重新整理 CodexBar。";
+"Open Browser" = "開啟瀏覽器";
+"Open Coding Plan" = "開啟 Coding Plan";
+"Open Console" = "開啟主控台";
+"Open Dashboard" = "開啟儀表板";
+"Open Mistral Admin" = "開啟 Mistral 管理頁面";
+"Open Ollama Settings" = "開啟 Ollama 設定";
+"Open Terminal" = "開啟終端";
+"Open Usage Page" = "開啟使用量頁面";
+"Open Warp API Key Guide" = "開啟 Warp API 金鑰指南";
+"Open menu" = "開啟選單";
+"Open token file" = "開啟 token 檔案";
+"OpenAI cookies" = "OpenAI Cookie";
+"OpenAI web extras" = "OpenAI Web 附加功能";
+"Option A" = "選項 A";
+"Option B" = "選項 B";
+"Optional override if workspace lookup fails." = "找不到工作區時可選的覆寫值。";
+"Options" = "選項";
+"Override auto-detection with a custom IDE base path" = "使用自訂 IDE 基礎路徑覆蓋自動偵測";
+"Overview" = "概覽";
+"Overview rows always follow provider order." = "概覽列一律依提供者順序排列。";
+"Overview tab providers" = "概覽標籤提供者";
+"Paste API key…" = "貼上 API 金鑰…";
+"Paste API token…" = "貼上 API token…";
+"Paste key…" = "貼上金鑰…";
+"Paste sessionKey or OAuth token…" = "貼上 sessionKey 或 OAuth token…";
+"Paste the Cookie header from a request to admin.mistral.ai. " = "貼上發往 admin.mistral.ai 請求中的 Cookie 標頭。";
+"Paste token…" = "貼上 token…";
+"Personal" = "個人";
+"Picker" = "選擇器";
+"Picker subtitle" = "選擇器副標題";
+"Placeholder" = "預留位置";
+"Plan" = "方案";
+"Play full-screen confetti when weekly usage resets." = "每週使用量重置時播放全螢幕慶祝動畫。";
+"Polls OpenAI/Claude status pages and Google Workspace for " = "輪詢 OpenAI/Claude 狀態頁面和 Google Workspace，以檢查";
+"Prevents any Keychain access while enabled." = "啟用時封鎖任何鑰匙圈存取。";
+"Primary (API key limit)" = "主要（API 金鑰限制）";
+"Primary (\\(label))" = "主要（\\(label)）";
+"Primary (\\(metadata.sessionLabel))" = "主要（\\(metadata.sessionLabel)）";
+"Probe logs" = "探測記錄";
+"Progress bars fill as you consume quota (instead of showing remaining)." = "進度條會隨配額消耗而填滿（而不是顯示剩餘量）。";
+"Provider" = "提供者";
+"Providers" = "提供者";
+"Quit CodexBar" = "結束 CodexBar";
+"Random (default)" = "隨機（預設）";
+"Reads local usage logs. Shows today + last 30 days cost in the menu." = "讀取本機使用量記錄。在選單中顯示今天及所選歷史時段的費用。";
+"Refresh" = "重新整理";
+"Refreshing" = "正在重新整理";
+"Refresh cadence" = "重新整理頻率";
+"Remote" = "遠端";
+"Remove" = "移除";
+"Remove Codex account?" = "移除 Codex 帳號？";
+"Remove \\(account.email) from CodexBar? Its managed Codex home will be deleted." = "要從 CodexBar 中移除 \\(account.email) 嗎？其託管的 Codex 主目錄將被刪除。";
+"Remove \\(email) from CodexBar? Its managed Codex home will be deleted." = "要從 CodexBar 中移除 \\(email) 嗎？其託管的 Codex 主目錄將被刪除。";
+"Remove selected account" = "移除所選帳號";
+"Replace critter bars with provider branding icons and a percentage." = "將小動物進度條替換為提供者品牌圖示和百分比。";
+"Replay selected animation" = "重播選取的動畫";
+"Requires authentication via GitHub Device Flow." = "需要透過 GitHub 裝置流程進行認證。";
+"Resets: \\(reset)" = "重置：\\(reset)";
+"Rolling five-hour limit" = "滾動式 5 小時限制";
+"Search hourly" = "每小時搜尋";
+"Secondary (\\(label))" = "次要（\\(label)）";
+"Secondary (\\(metadata.weeklyLabel))" = "次要（\\(metadata.weeklyLabel)）";
+"Select a provider" = "選擇提供者";
+"Select the IDE to monitor" = "選擇要監控的 IDE";
+"Session" = "工作階段";
+"Session quota notifications" = "工作階段配額通知";
+"Session tokens" = "工作階段 token";
+"Settings" = "設定";
+"Show Codex Credits and Claude Extra usage sections in the menu." = "在選單中顯示 Codex 額度和 Claude 額外使用量部分。";
+"Show Debug Settings" = "顯示除錯設定";
+"Show all token accounts" = "顯示所有 token 帳號";
+"Show cost summary" = "顯示費用摘要";
+"Show credits + extra usage" = "顯示額度 + 額外使用量";
+"Show details" = "顯示詳細資訊";
+"Show most-used provider" = "顯示使用量最高的提供者";
+"Show provider icons in the switcher (otherwise show a weekly progress line)." = "在切換器中顯示提供者圖示（否則顯示每週進度線）。";
+"Show reset time as clock" = "以時鐘時間顯示重置時間";
+"Show usage as used" = "以已用量顯示";
+"Sign in via button below" = "透過下方按鈕登入";
+"Skip teardown between probes (debug-only)." = "探測之間跳過清理（僅限除錯）。";
+"Source" = "來源";
+"Stack token accounts in the menu (otherwise show an account switcher bar)." = "在選單中堆疊 token 帳號（否則顯示帳號切換欄）。";
+"Start at Login" = "登入時啟動";
+"State" = "狀態";
+"Status" = "狀態";
+"Store Claude sessionKey cookies or OAuth access tokens." = "儲存 Claude sessionKey Cookie 或 OAuth 存取 token。";
+"Store multiple Abacus AI Cookie headers." = "儲存多個 Abacus AI Cookie 標頭。";
+"Store multiple Augment Cookie headers." = "儲存多個 Augment Cookie 標頭。";
+"Store multiple Cursor Cookie headers." = "儲存多個 Cursor Cookie 標頭。";
+"Store multiple Factory Cookie headers." = "儲存多個 Factory Cookie 標頭。";
+"Store multiple MiniMax Cookie headers." = "儲存多個 MiniMax Cookie 標頭。";
+"Store multiple Mistral Cookie headers." = "儲存多個 Mistral Cookie 標頭。";
+"Store multiple Ollama Cookie headers." = "儲存多個 Ollama Cookie 標頭。";
+"Store multiple OpenCode Cookie headers." = "儲存多個 OpenCode Cookie 標頭。";
+"Store multiple OpenCode Go Cookie headers." = "儲存多個 OpenCode Go Cookie 標頭。";
+"Stored in the CodexBar config file." = "儲存在 CodexBar 設定檔中。";
+"Stored in ~/.codexbar/config.json. " = "儲存在 ~/.codexbar/config.json 中。";
+"Stored in ~/.codexbar/config.json. Generate one at kimi-k2.ai." = "儲存在 ~/.codexbar/config.json 中。可在 kimi-k2.ai 產生。";
+"Stored in ~/.codexbar/config.json. Paste the key from the Synthetic dashboard." = "儲存在 ~/.codexbar/config.json 中。請貼上來自 Synthetic 儀表板的金鑰。";
+"Stored in ~/.codexbar/config.json. Paste your Coding Plan API key from Model Studio." = "儲存在 ~/.codexbar/config.json 中。請貼上來自 Model Studio 的 Coding Plan API 金鑰。";
+"Stored in ~/.codexbar/config.json. Paste your MiniMax API key." = "儲存在 ~/.codexbar/config.json 中。請貼上你的 MiniMax API 金鑰。";
+"Stored in ~/.codexbar/config.json. You can also provide KILO_API_KEY or " = "儲存在 ~/.codexbar/config.json 中。你也可以提供 KILO_API_KEY 或";
+"Stores local Codex usage history (8 weeks) to personalize Pace predictions." = "儲存本機 Codex 使用量歷史（8 週），用於個人化進度預測。";
+"Subscription Utilization" = "訂閱使用率";
+"Surprise me" = "給我驚喜";
+"Switcher shows icons" = "切換器顯示圖示";
+"Symlink CodexBarCLI to /usr/local/bin and /opt/homebrew/bin as codexbar." = "將 CodexBarCLI 作為 codexbar 符號連結到 /usr/local/bin 和 /opt/homebrew/bin。";
+"System" = "系統";
+"Temporarily shows the loading animation after the next refresh." = "下次重新整理後暫時顯示載入動畫。";
+"Tertiary (\\(label))" = "第三（\\(label)）";
+"Tertiary (\\(tertiaryTitle))" = "第三（\\(tertiaryTitle)）";
+"The default Codex account on this Mac." = "此 Mac 上的預設 Codex 帳號。";
+"Toggle" = "切換";
+"Toggle subtitle" = "切換副標題";
+"Token" = "token";
+"Trigger the menu bar menu from anywhere." = "可從任何位置開啟選單列選單。";
+"True" = "真";
+"Twitter" = "Twitter";
+"Unsupported" = "不支援";
+"Unavailable" = "無法使用";
+"Update Channel" = "更新頻道";
+"Updated" = "已更新";
+"Updates unavailable in this build." = "此建置無法使用更新功能。";
+"Usage" = "使用量";
+"Usage breakdown" = "使用量明細";
+"Usage history (30 days)" = "使用量歷史";
+"Usage source" = "使用量來源";
+"Use BigModel for the China mainland endpoints (open.bigmodel.cn)." = "中國大陸端點使用 BigModel（open.bigmodel.cn）。";
+"Use a single menu bar icon with a provider switcher." = "使用單一選單列圖示並帶提供者切換器。";
+"Use international or China mainland console gateways for quota fetches." = "使用國際或中國大陸主控台閘道取得配額資料。";
+"Version" = "版本";
+"Version \\(self.versionString)" = "版本 \\(self.versionString)";
+"Version \\(version)" = "版本 \\(version)";
+"Version \\(versionString)" = "版本 \\(versionString)";
+"Vertex AI Login" = "Vertex AI 登入";
+"Wait for the current managed Codex login to finish before adding another account." = "請等待目前託管 Codex 登入完成後再新增其他帳號。";
+"Waiting for Authentication..." = "等待認證…";
+"Website" = "網站";
+"Weekly" = "每週";
+"Weekly limit confetti" = "每週重置慶祝動畫";
+"Weekly token limit" = "每週 token 限制";
+"Weekly usage" = "每週使用量";
+"Weekly usage unavailable for this account." = "此帳號無法取得每週使用量。";
+"Window: \\(window)" = "時段：\\(window)";
+"Write logs to \\(self.fileLogPath) for debugging." = "將記錄寫入 \\(self.fileLogPath) 以進行除錯。";
+"Yes" = "是";
+"not detected" = "未偵測到";
+"\\(detail.modelCode): \\(usage)" = "\\(detail.modelCode)：\\(usage)";
+"\\(name): \\(truncated)" = "\\(name)：\\(truncated)";
+"\\(name): \\(updated) · 30d \\(cost)" = "\\(name)：\\(updated) · 30 天 \\(cost)";
+"\\(name): fetching…\\(elapsed)" = "\\(name)：取得中…\\(elapsed)";
+"\\(name): last attempt \\(when)" = "\\(name)：上次嘗試 \\(when)";
+"\\(name): no data yet" = "\\(name)：尚無資料";
+"\\(name): unsupported" = "\\(name)：不支援";
+"all browsers" = "所有瀏覽器";
+"available again." = "恢復可用時傳送通知。";
+"built_format" = "建置於 %@";
+"copilot_complete_in_browser" = "請在瀏覽器中完成登入。";
+"copilot_device_code_copied" = "裝置代碼已複製。";
+"copilot_verify_at" = "請在 %@ 驗證";
+"copilot_window_closes_auto" = "登入完成後，此視窗會自動關閉。";
+"cost_status_error" = "%1$@：%2$@";
+"cost_status_fetching" = "%1$@：取得中… %2$@";
+"cost_status_last_attempt" = "%1$@：上次嘗試 %2$@";
+"cost_status_no_data" = "%@：尚無資料";
+"cost_status_snapshot" = "%1$@：%2$@ · %3$@ %4$@";
+"cost_status_unsupported" = "%@：不支援";
+"credits_remaining" = "額度：%@";
+"cursor_on_demand" = "隨用隨付：%@";
+"cursor_on_demand_with_limit" = "隨用隨付：%1$@ / %2$@";
+"extra_usage_format" = "額外使用量：%1$@ / %2$@";
+"jetbrains_detected_generate" = "偵測到：%@。使用一次 AI 助手以產生配額資料，然後重新整理 CodexBar。";
+"jetbrains_detected_select" = "偵測到：%@。在設定中選擇你偏好的 IDE，然後重新整理 CodexBar。";
+"last_fetch_failed_with_provider" = "上次取得 %@ 失敗：";
+"last_spend" = "上次支出：%@";
+"mcp_model_usage" = "%1$@：%2$@";
+"mcp_resets" = "重置：%@";
+"mcp_window" = "時段：%@";
+"metric_average" = "平均（%1$@ + %2$@）";
+"metric_primary" = "主要（%@）";
+"metric_secondary" = "次要（%@）";
+"metric_tertiary" = "第三（%@）";
+"multiple_workspaces_found" = "CodexBar 發現 %@ 有多個工作區。請選擇要新增的工作區。";
+"ory_session_…=…; csrftoken=…" = "ory_session_…=…; csrftoken=…";
+"overview_choose_providers" = "最多選擇 %@ 個提供者";
+"remove_account_message" = "要從 CodexBar 中移除 %@ 嗎？其託管的 Codex 主目錄將被刪除。";
+"version_format" = "版本 %@";
+"workspaceID is set but only opencode, opencodego, and deepgram support workspaceID." = "已設定 workspaceID，但只有 opencode、opencodego 和 deepgram 支援 workspaceID。";
+"© 2026 Peter Steinberger. MIT License." = "© 2026 Peter Steinberger。MIT 許可證。";
+"section_system" = "系統";
+"section_usage" = "使用量";
+"section_automation" = "自動化";
+"language_title" = "語言";
+"language_subtitle" = "更改顯示語言。需要重新啟動 App 才會完全生效。";
+"language_system" = "依照系統";
+"language_english" = "English";
+"language_spanish" = "Español";
+"language_catalan" = "Català";
+"language_chinese_simplified" = "简体中文";
+"language_chinese_traditional" = "繁體中文";
+"language_portuguese_brazilian" = "Português (Brasil)";
+"start_at_login_title" = "登入時啟動";
+"start_at_login_subtitle" = "登入 Mac 時自動開啟 CodexBar。";
+"show_cost_summary" = "顯示費用摘要";
+"show_cost_summary_subtitle" = "讀取本機使用量記錄。在選單中顯示今天及所選歷史時段的費用。";
+"cost_history_days_title" = "歷史時段：%d 天";
+"cost_auto_refresh_info" = "自動重新整理：每小時 · 逾時：10 分鐘";
+"refresh_cadence_title" = "重新整理頻率";
+"refresh_cadence_subtitle" = "CodexBar 在背景輪詢提供者的頻率。";
+"manual_refresh_hint" = "自動重新整理已關閉；請使用選單中的「重新整理」指令。";
+"check_provider_status_title" = "檢查提供者狀態";
+"check_provider_status_subtitle" = "輪詢 OpenAI/Claude 狀態頁面和 Google Workspace 的 Gemini/Antigravity，並在圖示和選單中顯示服務異常資訊。";
+"session_quota_notifications_title" = "工作階段配額通知";
+"session_quota_notifications_subtitle" = "當 5 小時工作階段配額用完或恢復可用時傳送通知。";
+"quota_warning_notifications_title" = "配額提醒通知";
+"quota_warning_notifications_subtitle" = "當工作階段或每週剩餘配額達到設定門檻時提醒。";
+"quota_warnings_title" = "配額提醒";
+"quota_warning_session" = "工作階段";
+"quota_warning_session_capitalized" = "工作階段";
+"quota_warning_weekly" = "每週";
+"quota_warning_weekly_capitalized" = "每週";
+"quota_warning_notification_title" = "%1$@ %2$@配額偏低";
+"quota_warning_notification_body" = "剩餘 %1$@。已達到 %2$d%% %3$@提醒門檻。";
+"quota_warning_notification_body_with_account" = "帳號 %1$@。剩餘 %2$@。已達到 %3$d%% %4$@提醒門檻。";
+"session_depleted_notification_title" = "%@ 工作階段已用完";
+"session_depleted_notification_body" = "剩餘 0%。恢復可用時會再通知。";
+"session_restored_notification_title" = "%@ 工作階段已恢復";
+"session_restored_notification_body" = "工作階段配額已恢復可用。";
+"quota_warning_warn_at" = "提醒門檻";
+"quota_warning_global_threshold_subtitle" = "工作階段和每週時段的剩餘百分比，除非提供者另有設定。";
+"quota_warning_sound" = "播放通知音效";
+"quota_warning_provider_inherits" = "預設使用全域配額提醒設定，除非在此自訂時段。";
+"quota_warning_customize_thresholds" = "自訂 %@ 門檻";
+"quota_warning_enable_warnings" = "啟用 %@ 提醒";
+"quota_warning_window_warn_at" = "%@ 提醒門檻";
+"quota_warning_off" = "關閉";
+"quota_warning_inherited" = "繼承：%@";
+"quota_warning_depleted_only" = "僅用完時";
+"quota_warning_upper" = "上限";
+"quota_warning_lower" = "下限";
+"apply" = "套用";
+"quit_app" = "結束 CodexBar";
+"tab_general" = "一般";
+"tab_providers" = "提供者";
+"tab_display" = "顯示";
+"tab_advanced" = "進階";
+"tab_about" = "關於";
+"tab_debug" = "除錯";
+"select_a_provider" = "選擇提供者";
+"cancel" = "取消";
+"last_fetch_failed" = "上次取得失敗";
+"usage_not_fetched_yet" = "尚未取得使用量";
+"managed_account_storage_unreadable" = "託管帳號儲存區無法讀取。即時帳號仍可存取，但託管新增、重新認證和移除操作已被停用，直到儲存區恢復。";
+"remove_codex_account_title" = "移除 Codex 帳號？";
+"remove" = "移除";
+"managed_login_already_running" = "託管 Codex 登入已在執行。請等待完成後再新增或重新認證其他帳號。";
+"managed_login_failed" = "託管 Codex 登入未完成。請先在終端確認 `codex --version` 可以執行。如果 macOS 封鎖了 `codex` 或將它移到垃圾桶，請移除舊的重複安裝，執行 `npm install -g --include=optional @openai/codex@latest`，然後重試。";
+"codex_login_output" = "codex login 輸出：";
+"managed_login_missing_email" = "Codex 登入已完成，但無法取得帳號電子郵件。請在確認帳號已完全登入後重試。";
+"login_success_notification_title" = "%@ 登入成功";
+"login_success_notification_body" = "你可以回到 App；認證已完成。";
+"workspace_selection_cancelled" = "CodexBar 發現多個工作區，但未選擇任何工作區。";
+"unsafe_managed_home" = "CodexBar 拒絕修改意外的託管主目錄路徑：%@";
+"menu_bar_metric_title" = "選單列指標";
+"menu_bar_metric_subtitle" = "選擇哪個時段驅動選單列百分比。";
+"menu_bar_metric_subtitle_deepseek" = "在選單列顯示 DeepSeek 餘額。";
+"menu_bar_metric_subtitle_moonshot" = "在選單列顯示 Moonshot / Kimi API 餘額。";
+"menu_bar_metric_subtitle_mistral" = "在選單列顯示 Mistral API 本月支出。";
+"menu_bar_metric_subtitle_kimik2" = "在選單列顯示 Kimi K2 API 金鑰額度。";
+"automatic" = "自動";
+"primary_api_key_limit" = "主要（API 金鑰限制）";
+"section_menu_bar" = "選單列";
+"merge_icons_title" = "合併圖示";
+"merge_icons_subtitle" = "使用單一選單列圖示並帶提供者切換器。";
+"switcher_shows_icons_title" = "切換器顯示圖示";
+"switcher_shows_icons_subtitle" = "在切換器中顯示提供者圖示（否則顯示每週進度線）。";
+"show_most_used_provider_title" = "顯示使用量最高的提供者";
+"show_most_used_provider_subtitle" = "選單列會自動顯示最接近速率限制的提供者。";
+"menu_bar_shows_percent_title" = "選單列顯示百分比";
+"menu_bar_shows_percent_subtitle" = "將小動物進度條替換為提供者品牌圖示和百分比。";
+"display_mode_title" = "顯示模式";
+"display_mode_subtitle" = "選擇選單列中顯示的內容（進度會比較實際與預期使用量）。";
+"section_menu_content" = "選單內容";
+"show_usage_as_used_title" = "以已用量顯示";
+"show_usage_as_used_subtitle" = "進度條會隨配額消耗而填滿（而不是顯示剩餘量）。";
+"show_quota_warning_markers_title" = "顯示配額提醒標記";
+"show_quota_warning_markers_subtitle" = "設定配額提醒後，在使用量條上繪製門檻刻度標記。";
+"weekly_progress_work_days_title" = "每週進度工作日標記";
+"weekly_progress_work_days_subtitle" = "在每週使用量條上繪製日期邊界刻度標記。";
+"show_reset_time_as_clock_title" = "以時鐘時間顯示重置時間";
+"show_reset_time_as_clock_subtitle" = "將重置時間顯示為絕對時鐘值，而不是倒數計時。";
+"show_provider_changelog_links_title" = "顯示提供者版本資訊連結";
+"show_provider_changelog_links_subtitle" = "在選單中為支援的 CLI 提供者新增發行說明連結。";
+"show_credits_extra_usage_title" = "顯示額度 + 額外使用量";
+"show_credits_extra_usage_subtitle" = "在選單中顯示 Codex 額度和 Claude 額外使用量部分。";
+"show_all_token_accounts_title" = "顯示所有 token 帳號";
+"show_all_token_accounts_subtitle" = "在選單中堆疊 token 帳號（否則顯示帳號切換欄）。";
+"multi_account_layout_title" = "多帳號版面配置";
+"multi_account_layout_subtitle" = "選擇分段帳號切換或堆疊帳號卡片。";
+"multi_account_layout_segmented" = "分段";
+"multi_account_layout_stacked" = "堆疊";
+"overview_tab_providers_title" = "概覽標籤提供者";
+"configure" = "設定…";
+"overview_enable_merge_icons_hint" = "啟用「合併圖示」以設定「概覽」標籤中的提供者。";
+"overview_no_providers_hint" = "「概覽」中沒有可用的已啟用提供者。";
+"overview_rows_follow_order" = "概覽列一律依提供者順序排列。";
+"overview_no_providers_selected" = "未選擇提供者";
+"section_keyboard_shortcut" = "快速鍵";
+"open_menu_shortcut_title" = "開啟選單";
+"open_menu_shortcut_subtitle" = "從任意位置觸發選單列選單。";
+"install_cli" = "安裝 CLI";
+"install_cli_subtitle" = "將 CodexBarCLI 作為 codexbar 符號連結到 /usr/local/bin 和 /opt/homebrew/bin。";
+"cli_not_found" = "在 App 套件中找不到 CodexBarCLI。";
+"no_writable_bin_dirs" = "找不到可寫的 bin 目錄。";
+"show_debug_settings_title" = "顯示除錯設定";
+"show_debug_settings_subtitle" = "在「除錯」標籤中顯示疑難排解工具。";
+"surprise_me_title" = "給我驚喜";
+"surprise_me_subtitle" = "讓選單列上的 Agent 多一點變化。";
+"weekly_limit_confetti_title" = "每週重置慶祝動畫";
+"weekly_limit_confetti_subtitle" = "每週使用量重置時播放全螢幕慶祝動畫。";
+"hide_personal_info_title" = "隱藏個人資訊";
+"hide_personal_info_subtitle" = "在選單列和選單介面中隱藏電子郵件地址。";
+"show_provider_storage_usage_title" = "顯示提供者儲存使用量";
+"show_provider_storage_usage_subtitle" = "在選單中顯示本機磁碟使用量。會在背景掃描已知的提供者自有路徑。";
+"section_keychain_access" = "鑰匙圈存取";
+"keychain_access_caption" = "停用所有鑰匙圈讀寫。如果 macOS 在你按下一律允許後仍持續要求存取「Chrome/Brave/Edge Safe Storage」，可使用此選項。啟用時無法匯入瀏覽器 Cookie；請在「提供者」中手動貼上 Cookie 標頭。透過 CLI 的 Claude/Codex OAuth 仍可使用。";
+"disable_keychain_access_title" = "停用鑰匙圈存取";
+"disable_keychain_access_subtitle" = "啟用時封鎖任何鑰匙圈存取。";
+"about_tagline" = "願你的 token 永不用完，隨時掌握 Agent 限制。";
+"link_github" = "GitHub";
+"link_website" = "網站";
+"link_twitter" = "Twitter";
+"link_email" = "電子郵件";
+"check_updates_auto" = "自動檢查更新";
+"update_channel" = "更新頻道";
+"check_for_updates" = "檢查更新…";
+"updates_unavailable" = "此建置無法使用更新功能。";
+"copyright" = "© 2026 Peter Steinberger。MIT 許可證。";
+"section_logging" = "記錄";
+"enable_file_logging" = "啟用檔案記錄";
+"enable_file_logging_subtitle" = "將記錄寫入 %@ 以進行除錯。";
+"verbosity_title" = "詳細程度";
+"verbosity_subtitle" = "控制記錄詳細程度。";
+"open_log_file" = "開啟記錄檔";
+"force_animation_next_refresh" = "下次重新整理時強制動畫";
+"force_animation_next_refresh_subtitle" = "下次重新整理後暫時顯示載入動畫。";
+"section_loading_animations" = "載入動畫";
+"loading_animations_caption" = "選擇一個模式並在選單列中重播。「隨機」保持現有行為。";
+"animation_random_default" = "隨機（預設）";
+"replay_selected_animation" = "重播選取的動畫";
+"blink_now" = "立即閃爍";
+"section_probe_logs" = "探測記錄";
+"probe_logs_caption" = "取得最新的探測輸出以進行除錯；複製會保留完整文字。";
+"fetch_log" = "取得記錄";
+"copy" = "複製";
+"save_to_file" = "儲存到檔案";
+"load_parse_dump" = "載入解析 dump";
+"rerun_provider_autodetect" = "重新執行提供者自動偵測";
+"loading" = "載入中…";
+"no_log_yet_fetch" = "尚無記錄。取得後載入。";
+"section_fetch_strategy" = "取得策略嘗試";
+"fetch_strategy_caption" = "提供者上次取得流程中的決策和錯誤。";
+"section_openai_cookies" = "OpenAI Cookie";
+"openai_cookies_caption" = "上次 OpenAI Cookie 嘗試中的 Cookie 匯入和 WebKit 抓取記錄。";
+"no_log_yet" = "尚無記錄。請在「提供者」→「Codex」中更新 OpenAI Cookie 以執行匯入。";
+"section_caches" = "快取";
+"caches_caption" = "清除快取的費用掃描結果或瀏覽器 Cookie 快取。";
+"clear_cookie_cache" = "清除 Cookie 快取";
+"clear_cost_cache" = "清除費用快取";
+"section_notifications" = "通知";
+"notifications_caption" = "觸發 5 小時工作階段時段的測試通知（用完/恢復）。";
+"post_depleted" = "傳送用完通知";
+"post_restored" = "傳送恢復通知";
+"section_cli_sessions" = "CLI 工作階段";
+"cli_sessions_caption" = "探測後保持 Codex/Claude CLI 工作階段存活。預設在擷取資料後結束。";
+"keep_cli_sessions_alive" = "保持 CLI 工作階段存活";
+"keep_cli_sessions_alive_subtitle" = "探測之間跳過關閉流程（僅限除錯）。";
+"reset_cli_sessions" = "重置 CLI 工作階段";
+"section_error_simulation" = "錯誤模擬";
+"error_simulation_caption" = "將模擬錯誤訊息注入選單卡片以進行版面配置測試。";
+"set_menu_error" = "設定選單錯誤";
+"clear_menu_error" = "清除選單錯誤";
+"set_cost_error" = "設定費用錯誤";
+"clear_cost_error" = "清除費用錯誤";
+"section_cli_paths" = "CLI 路徑";
+"cli_paths_caption" = "解析到的 Codex 二進位檔案和 PATH 層；啟動時擷取登入 PATH（短逾時）。";
+"codex_binary" = "Codex 二進位檔案";
+"claude_binary" = "Claude 二進位檔案";
+"effective_path" = "有效 PATH";
+"unavailable" = "無法使用";
+"login_shell_path" = "登入 shell PATH（啟動時擷取）";
+"cleared" = "已清除。";
+"no_fetch_attempts" = "尚無取得嘗試。";
+"metric_pref_automatic" = "自動";
+"metric_pref_primary" = "主要";
+"metric_pref_secondary" = "次要";
+"metric_pref_tertiary" = "第三";
+"metric_pref_extra_usage" = "額外使用量";
+"metric_pref_average" = "平均";
+"display_mode_percent" = "百分比";
+"display_mode_pace" = "進度";
+"display_mode_both" = "兩者";
+"display_mode_percent_desc" = "顯示剩餘/已使用百分比（例如 45%）";
+"display_mode_pace_desc" = "顯示進度指示器（例如 +5%）";
+"display_mode_both_desc" = "同時顯示百分比和進度（例如 45% · +5%）";
+"status_operational" = "運作正常";
+"status_partial_outage" = "部分服務中斷";
+"status_major_outage" = "重大服務中斷";
+"status_critical_issue" = "嚴重問題";
+"status_maintenance" = "維護中";
+"status_unknown" = "狀態未知";
+"refresh_manual" = "手動";
+"refresh_1min" = "1 分鐘";
+"refresh_2min" = "2 分鐘";
+"refresh_5min" = "5 分鐘";
+"refresh_15min" = "15 分鐘";
+"refresh_30min" = "30 分鐘";
+"not_found" = "找不到";
+"CodexBar can't show its menu bar icon" = "CodexBar 無法顯示選單列圖示";
+"Dismiss" = "關閉";
+"Open Menu Bar Settings" = "開啟選單列設定";
+"macOS Tahoe can block menu bar apps in System Settings → Menu Bar → Allow in the Menu Bar. CodexBar is running, but macOS may be hiding its icon. Open Menu Bar settings and turn CodexBar on." = "macOS Tahoe 可能會在「系統設定」→「選單列」→「允許顯示在選單列」中封鎖選單列 App。CodexBar 正在執行，但 macOS 可能隱藏了它的圖示。請開啟選單列設定並啟用 CodexBar。";
+"cost_header_estimated" = "費用（估算）";
+"cost_estimate_hint" = "根據本機記錄估算 · 可能與帳單不同";
+"copilot_device_code" = "裝置代碼已複製到剪貼簿：%1$@\n\n請到以下網址驗證：%2$@";
+"copilot_waiting_text" = "請在瀏覽器中完成登入。\n登入完成後，此視窗會自動關閉。";
+"vertex_ai_login_instructions" = "要追蹤 Vertex AI 使用量，請透過 Google Cloud 進行認證。\n\n1. 開啟終端\n2. 執行：gcloud auth application-default login\n3. 依照瀏覽器提示登入\n4. 設定你的專案：gcloud config set project PROJECT_ID\n\n要現在開啟終端嗎？";
+
+/* Popup panels */
+"No usage configured." = "尚未設定使用量。";
+"Quota" = "配額";
+"tokens" = "token";
+"requests" = "請求";
+"Latest" = "最新";
+"Monthly" = "每月";
+"Sonnet" = "Sonnet";
+"Overages" = "超額";
+"Activity" = "活動";
+"Copied" = "已複製";
+"Copy error" = "複製錯誤";
+"Copy path" = "複製路徑";
+"Extra usage spent" = "額外使用量支出";
+"Credits remaining" = "剩餘額度";
+"Using CLI fallback" = "使用 CLI 備援";
+"Balance updates in near-real time (up to 5 min lag)" = "餘額接近即時更新（最多延遲 5 分鐘）";
+"Daily billing data finalizes at 07:00 UTC" = "每日帳單資料會在 UTC 07:00 完成結算";
+"%@ of %@ credits left" = "剩餘 %@ / %@ 點額度";
+"%@ of %@ bonus credits left" = "剩餘 %@ / %@ 點獎勵額度";
+"%@ / %@ (%@ remaining)" = "%@ / %@（剩餘 %@）";
+"%@/%@ left" = "剩餘 %@ / %@";
+"Gemini Flash" = "Gemini Flash";
+"Regenerates %@" = "%@後恢復";
+"used after next regen" = "下次恢復後已使用";
+"after next regen" = "下次恢復後";
+"Near full" = "接近全滿";
+"Full in ~1 regen" = "約 1 次恢復後全滿";
+"Full in ~%.0f regens" = "約 %.0f 次恢復後全滿";
+"Overage usage" = "超額使用量";
+"Overage cost" = "超額費用";
+"credits" = "額度";
+"Zen balance" = "Zen 餘額";
+"API spend" = "API 支出";
+"Extra usage" = "額外使用量";
+"Quota usage" = "配額使用量";
+"%.0f%% used" = "已使用 %.0f%%";
+"Usage history (today)" = "使用量記錄（今天）";
+"Usage history (%d days)" = "使用量記錄（%d 天）";
+"%d percent remaining" = "剩餘 %d%%";
+"Unknown" = "未知";
+"stale data" = "資料過舊";
+"No credits history data available." = "尚無可用的額度記錄資料。";
+"Credits history chart" = "額度記錄圖表";
+"%d days of credits data" = "%d 天額度資料";
+"Usage breakdown chart" = "使用量明細圖表";
+"%d days of usage data across %d services" = "%d 天使用量資料，涵蓋 %d 個服務";
+"Cost history chart" = "費用記錄圖表";
+"%d days of cost data" = "%d 天費用資料";
+"Plan utilization chart" = "方案使用率圖表";
+"%d utilization samples" = "%d 筆使用率樣本";
+"Hourly Usage" = "每小時使用量";
+"Usage remaining" = "剩餘使用量";
+"Usage used" = "已使用使用量";
+"API key verified. Ollama does not expose Cloud quota limits through the API." = "API 金鑰已驗證。Ollama 不會透過 API 暴露 Cloud 配額限制。";
+"Last 30 days: %@ tokens" = "近 30 天：%@ token";
+"7d spend" = "7 天支出";
+"30d spend" = "30 天支出";
+"Cache read" = "快取讀取";
+"Claude Admin API 30 day spend trend" = "Claude Admin API 30 天支出趨勢";
+"OpenRouter API key spend trend" = "OpenRouter API 金鑰支出趨勢";
+"z.ai hourly token trend" = "z.ai 每小時 token 趨勢";
+"MiniMax 30 day token usage trend" = "MiniMax 30 天 token 使用量趨勢";
+"Today cash" = "今日現金";
+"DeepSeek 30 day token usage trend" = "DeepSeek 30 天 token 使用量趨勢";
+"cache-hit input" = "快取命中輸入";
+"cache-miss input" = "快取未命中輸入";
+"output" = "輸出";
+"Requests" = "請求";
+"Reported by OpenAI Admin API organization usage." = "由 OpenAI Admin API 組織使用量回報。";
+"Reported by Mistral billing usage." = "由 Mistral 帳單使用量回報。";
+"Today" = "今天";
+"Today tokens" = "今日 token";
+"30d cost" = "近 30 天費用";
+"30d tokens" = "近 30 天 token";
+"Latest tokens" = "最新 token";
+"Top model" = "主要模型";
+"Storage" = "儲存空間";
+"Add Account..." = "新增帳號…";
+"Usage Dashboard" = "使用量儀表板";
+"Status Page" = "狀態頁";
+"Settings..." = "設定…";
+"About CodexBar" = "關於 CodexBar";
+"Quit" = "結束";
+"Last %d day" = "近 %d 天";
+"Last %d days" = "近 %d 天";
+"%@ tokens" = "%@ token";
+"Latest billing day" = "最新帳單日";
+"Latest billing day (%@)" = "最新帳單日（%@）";
+"This week" = "本週";
+"Week" = "週";
+"Month" = "月";
+"Models" = "模型數";
+"24h tokens" = "24 小時 token";
+"Latest hour" = "最新小時";
+"Peak hour" = "尖峰小時";
+"Top method" = "主要方法";
+"30d cash" = "30 天現金";
+"30d billing history from MiniMax web session" = "來自 MiniMax 網頁工作階段的 30 天帳單記錄";
+"AWS Cost Explorer billing can lag." = "AWS Cost Explorer 帳單資料可能延遲。";
+"Rate limit: %d / %@" = "速率限制: %d / %@";
+"Key remaining" = "金鑰剩餘額度";
+"No limit set for the API key" = "此 API 金鑰未設定限制";
+"API key limit unavailable right now" = "目前無法取得 API 金鑰限制";
+"This month: %@ tokens" = "本月：%@ token";
+"Switch Account..." = "切換帳號…";
+"Update ready, restart now?" = "更新已就緒，要立即重新啟動嗎？";
+"Daily" = "每日";
+"Hourly Tokens" = "每小時 token";
+"No data" = "無資料";
+"No usage breakdown data available." = "尚無可用的使用量明細資料。";
+"Today: %@ · %@ tokens" = "今天：%@ · %@ token";
+"Today: %@" = "今天：%@";
+"Today: %@ tokens" = "今天：%@ token";
+"Last 30 days: %@ · %@ tokens" = "近 30 天：%@ · %@ token";
+"Last 30 days: %@" = "近 30 天：%@";
+"Est. total (30d): %@" = "估計總計（30 天）：%@";
+"Est. total (%@): %@" = "估計總計（%@）：%@";
+"Hover a bar for details" = "停留在長條上查看詳細資料";
+"%@: %@ · %@ tokens" = "%@：%@ · %@ token";
+"No providers selected for Overview." = "概覽尚未選擇提供者。";
+"No overview data available." = "概覽尚無可用資料。";
+
+/* Additional provider settings and alerts */
+"%@ is waiting for permission" = "%@ 正在等待權限";
+"%@ requests" = "%@ 個請求";
+"%@: %@ credits" = "%@：%@ 額度";
+"30d requests" = "近 30 天請求";
+"4 days" = "4 天";
+"5 days" = "5 天";
+"7 days" = "7 天";
+"API key verifies Ollama Cloud access; cookies still expose quota limits." = "API 金鑰會驗證 Ollama Cloud 存取；Cookie 仍會提供配額限制。";
+"AWS access key ID. Can also be set with AWS_ACCESS_KEY_ID." = "AWS 存取金鑰 ID。也可以用 AWS_ACCESS_KEY_ID 設定。";
+"AWS region. Can also be set with AWS_REGION." = "AWS 區域。也可以用 AWS_REGION 設定。";
+"AWS secret access key. Can also be set with AWS_SECRET_ACCESS_KEY." = "AWS 秘密存取金鑰。也可以用 AWS_SECRET_ACCESS_KEY 設定。";
+"Access key ID" = "存取金鑰 ID";
+"Add Account" = "新增帳號";
+"Adding Account…" = "正在新增帳號…";
+"Antigravity login failed" = "Antigravity 登入失敗";
+"Antigravity login timed out" = "Antigravity 登入逾時";
+"Auth source" = "認證來源";
+"Automatic imports Chrome browser cookies from Xiaomi MiMo." = "自動匯入 Xiaomi MiMo 的 Chrome 瀏覽器 Cookie。";
+"Automatic imports Windsurf session data from Chromium browser localStorage." = "自動從 Chromium 瀏覽器 localStorage 匯入 Windsurf 工作階段資料。";
+"Automatic imports browser cookies from Bailian." = "自動匯入 Bailian 的瀏覽器 Cookie。";
+"Automatically imports browser cookies." = "自動匯入瀏覽器 Cookie。";
+"Automatically imports browser session cookies." = "自動匯入瀏覽器工作階段 Cookie。";
+"Azure OpenAI deployment name. AZURE_OPENAI_DEPLOYMENT_NAME is also supported." = "Azure OpenAI 部署名稱。也支援 AZURE_OPENAI_DEPLOYMENT_NAME。";
+"Azure OpenAI key" = "Azure OpenAI 金鑰";
+"Azure OpenAI resource endpoint. AZURE_OPENAI_ENDPOINT is also supported." = "Azure OpenAI 資源端點。也支援 AZURE_OPENAI_ENDPOINT。";
+"Base URL" = "Base URL";
+"Base URL for the LLM-API-Key-Proxy instance." = "LLM-API-Key-Proxy 實例的 Base URL。";
+"Browser cookies" = "瀏覽器 Cookie";
+"Cap end" = "上限終點";
+"Cap start" = "上限起點";
+"Capacity End" = "容量終點";
+"Capacity Start" = "容量起點";
+"Changelog" = "變更記錄";
+"Choose the Moonshot/Kimi API host for international or China mainland accounts." = "選擇國際或中國大陸帳號使用的 Moonshot/Kimi API 主機。";
+"CodexBar can't replace a system account that is signed in with an API key only setup." = "CodexBar 無法取代僅使用 API 金鑰登入設定的系統帳號。";
+"CodexBar could not find saved auth for that account. Re-authenticate it and try again." = "CodexBar 找不到該帳號已儲存的認證。請重新認證後再試。";
+"CodexBar could not read managed account storage. Recover the store before adding another account." = "CodexBar 無法讀取受管理帳號儲存區。請先修復儲存區，再新增其他帳號。";
+"CodexBar could not read saved auth for that account. Re-authenticate it and try again." = "CodexBar 無法讀取該帳號已儲存的認證。請重新認證後再試。";
+"CodexBar could not read the current system account on this Mac." = "CodexBar 無法讀取此 Mac 上目前的系統帳號。";
+"CodexBar could not replace the live Codex auth on this Mac." = "CodexBar 無法取代此 Mac 上的目前 Codex 認證。";
+"CodexBar could not safely preserve the current system account before switching." = "CodexBar 無法在切換前安全保留目前的系統帳號。";
+"CodexBar could not save the current system account before switching." = "CodexBar 無法在切換前儲存目前的系統帳號。";
+"CodexBar could not update managed account storage." = "CodexBar 無法更新受管理帳號儲存區。";
+"CodexBar found another managed account that already uses the current system account. Resolve the duplicate account before switching." = "CodexBar 發現另一個受管理帳號已使用目前的系統帳號。請先解決重複帳號，再進行切換。";
+"CodexBar will ask macOS Keychain for “%@” so it can decrypt browser cookies and authenticate your account. Click OK to continue." = "CodexBar 將向 macOS 鑰匙圈要求「%@」，以解密瀏覽器 Cookie 並認證你的帳號。按一下「確定」繼續。";
+"CodexBar will ask macOS Keychain for the Claude Code OAuth token so it can fetch your Claude usage. Click OK to continue." = "CodexBar 將向 macOS 鑰匙圈要求 Claude Code OAuth token，以取得你的 Claude 使用量。按一下「確定」繼續。";
+"CodexBar will ask macOS Keychain for your Amp cookie header so it can fetch usage. Click OK to continue." = "CodexBar 將向 macOS 鑰匙圈要求你的 Amp Cookie 標頭，以取得使用量。按一下「確定」繼續。";
+"CodexBar will ask macOS Keychain for your Augment cookie header so it can fetch usage. Click OK to continue." = "CodexBar 將向 macOS 鑰匙圈要求你的 Augment Cookie 標頭，以取得使用量。按一下「確定」繼續。";
+"CodexBar will ask macOS Keychain for your Claude cookie header so it can fetch Claude web usage. Click OK to continue." = "CodexBar 將向 macOS 鑰匙圈要求你的 Claude Cookie 標頭，以取得 Claude 網頁使用量。按一下「確定」繼續。";
+"CodexBar will ask macOS Keychain for your Cursor cookie header so it can fetch usage. Click OK to continue." = "CodexBar 將向 macOS 鑰匙圈要求你的 Cursor Cookie 標頭，以取得使用量。按一下「確定」繼續。";
+"CodexBar will ask macOS Keychain for your Factory cookie header so it can fetch usage. Click OK to continue." = "CodexBar 將向 macOS 鑰匙圈要求你的 Factory Cookie 標頭，以取得使用量。按一下「確定」繼續。";
+"CodexBar will ask macOS Keychain for your GitHub Copilot token so it can fetch usage. Click OK to continue." = "CodexBar 將向 macOS 鑰匙圈要求你的 GitHub Copilot token，以取得使用量。按一下「確定」繼續。";
+"CodexBar will ask macOS Keychain for your Kimi K2 API key so it can fetch usage. Click OK to continue." = "CodexBar 將向 macOS 鑰匙圈要求你的 Kimi K2 API 金鑰，以取得使用量。按一下「確定」繼續。";
+"CodexBar will ask macOS Keychain for your Kimi auth token so it can fetch usage. Click OK to continue." = "CodexBar 將向 macOS 鑰匙圈要求你的 Kimi 認證 token，以取得使用量。按一下「確定」繼續。";
+"CodexBar will ask macOS Keychain for your MiniMax API token so it can fetch usage. Click OK to continue." = "CodexBar 將向 macOS 鑰匙圈要求你的 MiniMax API token，以取得使用量。按一下「確定」繼續。";
+"CodexBar will ask macOS Keychain for your MiniMax cookie header so it can fetch usage. Click OK to continue." = "CodexBar 將向 macOS 鑰匙圈要求你的 MiniMax Cookie 標頭，以取得使用量。按一下「確定」繼續。";
+"CodexBar will ask macOS Keychain for your OpenAI cookie header so it can fetch Codex dashboard extras. Click OK to continue." = "CodexBar 將向 macOS 鑰匙圈要求你的 OpenAI Cookie 標頭，以取得 Codex 儀表板額外資料。按一下「確定」繼續。";
+"CodexBar will ask macOS Keychain for your OpenCode cookie header so it can fetch usage. Click OK to continue." = "CodexBar 將向 macOS 鑰匙圈要求你的 OpenCode Cookie 標頭，以取得使用量。按一下「確定」繼續。";
+"CodexBar will ask macOS Keychain for your Synthetic API key so it can fetch usage. Click OK to continue." = "CodexBar 將向 macOS 鑰匙圈要求你的 Synthetic API 金鑰，以取得使用量。按一下「確定」繼續。";
+"CodexBar will ask macOS Keychain for your z.ai API token so it can fetch usage. Click OK to continue." = "CodexBar 將向 macOS 鑰匙圈要求你的 z.ai API token，以取得使用量。按一下「確定」繼續。";
+"Could not open Cursor login in your browser." = "無法在瀏覽器中開啟 Cursor 登入。";
+"Could not open browser for Antigravity" = "無法為 Antigravity 開啟瀏覽器";
+"Credits used" = "已用額度";
+"Day" = "日期";
+"Deployment" = "部署";
+"Drag to reorder" = "拖曳以重新排序";
+"Endpoint" = "端點";
+"Enterprise host" = "Enterprise 主機";
+"Extra usage balance: %@" = "額外使用量餘額：%@";
+"Keychain Access Required" = "需要鑰匙圈存取權";
+"Kiro menu bar value" = "Kiro 選單列數值";
+"Label" = "標籤";
+"No organizations loaded. Click Refresh after setting your API key." = "尚未載入組織。設定 API 金鑰後按一下「重新整理」。";
+"No output captured." = "未擷取到輸出。";
+"No system account" = "沒有系統帳號";
+"Oasis-Token" = "Oasis-Token";
+"Open Augment (Log Out & Back In)" = "開啟 Augment（登出後重新登入）";
+"Open Codebuff Dashboard" = "開啟 Codebuff 儀表板";
+"Open Command Code Settings" = "開啟 Command Code 設定";
+"Open Crof dashboard" = "開啟 Crof 儀表板";
+"Open Manus" = "開啟 Manus";
+"Open MiMo Balance" = "開啟 MiMo 餘額";
+"Open Moonshot Console" = "開啟 Moonshot 主控台";
+"Open Ollama API Keys" = "開啟 Ollama API 金鑰";
+"Open StepFun Platform" = "開啟 StepFun 平台";
+"Open T3 Chat Settings" = "開啟 T3 Chat 設定";
+"Open Volcengine Ark Console" = "開啟 Volcengine Ark 主控台";
+"Open legacy provider docs" = "開啟舊版提供者文件";
+"Open projects" = "開啟專案";
+"Open this URL manually to continue login:\n\n%@" = "手動開啟此 URL 以繼續登入：\n\n%@";
+"Optional organization ID for accounts linked to multiple Anthropic organizations." = "適用於連結多個 Anthropic 組織的帳號，可選填組織 ID。";
+"Optional. Applies to the configured Admin API key; selected token accounts do not inherit OPENAI_PROJECT_ID." = "選填。套用到已設定的 Admin API 金鑰；選取的 token 帳號不會繼承 OPENAI_PROJECT_ID。";
+"Optional. Enter your GitHub Enterprise host, for example octocorp.ghe.com. Leave blank for github.com." = "選填。輸入你的 GitHub Enterprise 主機，例如 octocorp.ghe.com。留空則使用 github.com。";
+"Optional. Leave blank to discover and aggregate projects visible to the API key." = "選填。留空會探索並彙總 API 金鑰可見的專案。";
+"Org ID (optional)" = "組織 ID（選填）";
+"Organizations" = "組織";
+"Password" = "密碼";
+"%@ authentication is disabled." = "%@ 認證已停用。";
+"%@ cookies are disabled." = "%@ Cookie 已停用。";
+"%@ web API access is disabled." = "%@ Web API 存取已停用。";
+"Disable %@ dashboard cookie usage." = "停用 %@ 儀表板 Cookie 用法。";
+"Keychain access is disabled in Advanced, so browser cookie import is unavailable." = "進階設定中已停用鑰匙圈存取，因此無法匯入瀏覽器 Cookie。";
+"Manually paste an %@ from a browser session." = "從瀏覽器工作階段中手動貼上 %@。";
+"Paste a Cookie header captured from %@." = "貼上從 %@ 擷取的 Cookie 標頭。";
+"Paste a Cookie header from %@." = "貼上來自 %@ 的 Cookie 標頭。";
+"Paste a Cookie header or cURL capture from %@." = "貼上來自 %@ 的 Cookie 標頭或 cURL 擷取內容。";
+"Paste a Cookie header or full cURL capture from %@." = "貼上來自 %@ 的 Cookie 標頭或完整 cURL 擷取內容。";
+"Paste a Cookie or Authorization header from %@." = "貼上來自 %@ 的 Cookie 或 Authorization 標頭。";
+"Paste a full cookie header or the %@ value." = "貼上完整 Cookie 標頭或 %@ 值。";
+"Paste a Cookie header or full cURL capture from T3 Chat settings." = "貼上 T3 Chat 設定中的 Cookie 標頭或完整 cURL 擷取內容。";
+"Paste the Cookie header from a request to admin.mistral.ai. Must contain an ory_session_* cookie." = "貼上發往 admin.mistral.ai 請求中的 Cookie 標頭。必須包含 ory_session_* Cookie。";
+"Paste the Oasis-Token from a logged-in browser session on platform.stepfun.com." = "貼上 platform.stepfun.com 已登入瀏覽器工作階段中的 Oasis-Token。";
+"Paste the %@ JSON bundle from %@." = "貼上來自 %2$@ 的 %1$@ JSON 組合。";
+"Paste the %@ value or a full Cookie header." = "貼上 %@ 值或完整 Cookie 標頭。";
+"Personal account" = "個人帳號";
+"Project ID" = "專案 ID";
+"Re-auth" = "重新認證";
+"Re-authenticating…" = "正在重新認證…";
+"Refresh Session" = "重新整理工作階段";
+"Refresh organizations" = "重新整理組織";
+"Region" = "區域";
+"Reload" = "重新載入";
+"Reorder" = "重新排序";
+"Secret access key" = "秘密存取金鑰";
+"Series" = "序列";
+"Service" = "服務";
+"Show or hide Kiro credits, percent, or both next to the menu bar icon." = "在選單列圖示旁顯示或隱藏 Kiro 額度、百分比，或兩者都顯示。";
+"Show usage for organizations you belong to. Personal account is always shown." = "顯示你所屬組織的使用量。個人帳號一律顯示。";
+"Sign in to cursor.com in your browser, then refresh Cursor in CodexBar." = "請在瀏覽器中登入 cursor.com，然後在 CodexBar 重新整理 Cursor。";
+"Simulated error text" = "模擬錯誤文字";
+"StepFun platform account (phone number or email)." = "StepFun 平台帳號（電話號碼或電子郵件）。";
+"Stored in ~/.codexbar/config.json." = "儲存在 ~/.codexbar/config.json 中。";
+"Stored in ~/.codexbar/config.json. AZURE_OPENAI_API_KEY is also supported." = "儲存在 ~/.codexbar/config.json 中。也支援 AZURE_OPENAI_API_KEY。";
+"Stored in ~/.codexbar/config.json. For the official Kimi API, use Moonshot / Kimi API." = "儲存在 ~/.codexbar/config.json 中。官方 Kimi API 請使用 Moonshot / Kimi API。";
+"Stored in ~/.codexbar/config.json. Get your API key from the Volcengine Ark console." = "儲存在 ~/.codexbar/config.json 中。請從 Volcengine Ark 主控台取得 API 金鑰。";
+"Stored in ~/.codexbar/config.json. Get your key from Ollama settings." = "儲存在 ~/.codexbar/config.json 中。請從 Ollama 設定取得金鑰。";
+"Stored in ~/.codexbar/config.json. Get your key from console.deepgram.com." = "儲存在 ~/.codexbar/config.json 中。請從 console.deepgram.com 取得金鑰。";
+"Stored in ~/.codexbar/config.json. Get your key from elevenlabs.io/app/settings/api-keys." = "儲存在 ~/.codexbar/config.json 中。請從 elevenlabs.io/app/settings/api-keys 取得金鑰。";
+"Stored in ~/.codexbar/config.json. Get your key from openrouter.ai/settings/keys and set a key spending limit there to enable API key quota tracking." = "儲存在 ~/.codexbar/config.json 中。請從 openrouter.ai/settings/keys 取得金鑰，並在該處設定金鑰支出上限以啟用 API 金鑰配額追蹤。";
+"Stored in ~/.codexbar/config.json. In Warp, open Settings > Platform > API Keys, then create one." = "儲存在 ~/.codexbar/config.json 中。在 Warp 中開啟 Settings > Platform > API Keys，然後建立金鑰。";
+"Stored in ~/.codexbar/config.json. Metrics require Groq Enterprise Prometheus access." = "儲存在 ~/.codexbar/config.json 中。指標需要 Groq Enterprise Prometheus 存取權。";
+"Stored in ~/.codexbar/config.json. OPENAI_ADMIN_KEY is preferred; OPENAI_API_KEY still works." = "儲存在 ~/.codexbar/config.json 中。優先使用 OPENAI_ADMIN_KEY；OPENAI_API_KEY 仍可使用。";
+"Stored in ~/.codexbar/config.json. Requires an Anthropic Admin API key." = "儲存在 ~/.codexbar/config.json 中。需要 Anthropic Admin API 金鑰。";
+"Stored in ~/.codexbar/config.json. Used for /v1/quota-stats." = "儲存在 ~/.codexbar/config.json 中。用於 /v1/quota-stats。";
+"Stored in ~/.codexbar/config.json. You can also provide CODEBUFF_API_KEY or let CodexBar read ~/.config/manicode/credentials.json (created by `codebuff login`)." = "儲存在 ~/.codexbar/config.json 中。你也可以提供 CODEBUFF_API_KEY，或讓 CodexBar 讀取 `codebuff login` 建立的 ~/.config/manicode/credentials.json。";
+"Stored in ~/.codexbar/config.json. You can also provide CROF_API_KEY." = "儲存在 ~/.codexbar/config.json 中。你也可以提供 CROF_API_KEY。";
+"Stored in ~/.codexbar/config.json. You can also provide KILO_API_KEY or ~/.local/share/kilo/auth.json (kilo.access)." = "儲存在 ~/.codexbar/config.json 中。你也可以提供 KILO_API_KEY 或 ~/.local/share/kilo/auth.json（kilo.access）。";
+"T3 Chat cookie" = "T3 Chat Cookie";
+"That account is no longer available in CodexBar. Refresh the account list and try again." = "該帳號已無法在 CodexBar 中使用。請重新整理帳號列表後再試。";
+"The browser login did not complete in time. Try Antigravity login again." = "瀏覽器登入未在時限內完成。請再次嘗試 Antigravity 登入。";
+"Timed out waiting for Cursor login. %@" = "等待 Cursor 登入逾時。%@";
+"Timed out waiting for Cursor login. %@ Last error: %@" = "等待 Cursor 登入逾時。%@ 最後錯誤：%@";
+"Today requests" = "今日請求";
+"Total (30d): %@ credits" = "總計（30 天）：%@ 額度";
+"Username" = "使用者名稱";
+"Uses username + password to login and obtain an Oasis-Token automatically." = "使用使用者名稱與密碼登入，並自動取得 Oasis-Token。";
+"Uses username + password to login and obtain an %@ automatically." = "使用使用者名稱與密碼登入，並自動取得 %@。";
+"Utilization End" = "使用率終點";
+"Utilization Start" = "使用率起點";
+"Verbosity" = "詳細程度";
+"Windsurf session JSON bundle" = "Windsurf 工作階段 JSON 組合";
+"Workspace ID" = "工作區 ID";
+"Your StepFun platform password. Used to login and obtain a session token." = "你的 StepFun 平台密碼。用於登入並取得工作階段 token。";
+"claude /login exited with status %d." = "claude /login 以狀態 %d 結束。";
+"codex login exited with status %d." = "codex login 以狀態 %d 結束。";
+"Cookie: …\n\nor paste a cURL capture from the Abacus AI dashboard" = "Cookie: …\n\n或貼上 Abacus AI 儀表板的 cURL 擷取內容";
+"Cookie: …\n\nor paste the __Secure-next-auth.session-token value" = "Cookie: …\n\n或貼上 __Secure-next-auth.session-token 值";
+"Cookie: …\n\nor paste the kimi-auth token value" = "Cookie: …\n\n或貼上 kimi-auth token 值";
+"session_id=...\n\nor paste just the session_id value" = "session_id=...\n\n或只貼上 session_id 值";
diff --git a/Sources/CodexBar/ScreenConfettiOverlayController.swift b/Sources/CodexBar/ScreenConfettiOverlayController.swift
new file mode 100644
index 000000000..acacceb5e
--- /dev/null
+++ b/Sources/CodexBar/ScreenConfettiOverlayController.swift
@@ -0,0 +1,290 @@
+import AppKit
+import CodexBarCore
+import SwiftUI
+import Vortex
+
+@MainActor
+final class ScreenConfettiOverlayController {
+    private static let overlayLifetime: TimeInterval = 5
+
+    private let logger = CodexBarLog.logger(LogCategories.confetti)
+    private var windows: [NSWindow] = []
+    private var dismissalTask: Task<Void, Never>?
+
+    func play(originInScreen origin: CGPoint?) {
+        guard self.windows.isEmpty else {
+            self.logger.debug("Ignoring confetti trigger while overlay is already active")
+            return
+        }
+
+        let screens = NSScreen.screens
+        guard !screens.isEmpty else {
+            self.logger.error("Cannot present confetti overlay because no screens were found")
+            return
+        }
+
+        let palette = Self.randomPalette()
+        self.windows = screens.map { screen in
+            let frame = screen.frame
+            let localOrigin = Self.localOrigin(in: frame, from: origin)
+            let contentView = ScreenConfettiOverlayView(origin: localOrigin, colors: palette)
+                .allowsHitTesting(false)
+            let hostingView = NSHostingView(rootView: contentView)
+            hostingView.wantsLayer = true
+            hostingView.layer?.backgroundColor = NSColor.clear.cgColor
+
+            let window = ClickThroughOverlayPanel(
+                contentRect: frame,
+                styleMask: [.borderless, .nonactivatingPanel],
+                backing: .buffered,
+                defer: false,
+                screen: screen)
+            window.contentView = hostingView
+            window.level = .statusBar
+            window.collectionBehavior = [.canJoinAllSpaces, .fullScreenAuxiliary, .ignoresCycle, .stationary]
+            window.backgroundColor = .clear
+            window.isOpaque = false
+            window.hasShadow = false
+            window.ignoresMouseEvents = true
+            window.acceptsMouseMovedEvents = false
+            window.isMovable = false
+            window.isReleasedWhenClosed = false
+            window.canHide = false
+            window.hidesOnDeactivate = false
+            window.becomesKeyOnlyIfNeeded = false
+            window.isExcludedFromWindowsMenu = true
+            window.setFrame(frame, display: false)
+            return window
+        }
+
+        self.logger.info(
+            "Presenting confetti overlay",
+            metadata: [
+                "screenCount": "\(self.windows.count)",
+                "originKnown": origin == nil ? "0" : "1",
+            ])
+
+        for window in self.windows {
+            window.orderFrontRegardless()
+        }
+
+        self.dismissalTask = Task { @MainActor [weak self] in
+            try? await Task.sleep(for: .seconds(Self.overlayLifetime))
+            self?.dismiss()
+        }
+    }
+
+    func dismiss() {
+        self.dismissalTask?.cancel()
+        self.dismissalTask = nil
+
+        guard !self.windows.isEmpty else { return }
+        for window in self.windows {
+            window.orderOut(nil)
+            window.close()
+        }
+        self.windows.removeAll(keepingCapacity: true)
+    }
+
+    private static func localOrigin(in screenFrame: CGRect, from globalOrigin: CGPoint?) -> CGPoint {
+        let fallback = CGPoint(x: screenFrame.maxX - 28, y: screenFrame.maxY - 8)
+        let resolved: CGPoint = if let globalOrigin, screenFrame.contains(globalOrigin) {
+            globalOrigin
+        } else {
+            fallback
+        }
+
+        let insetFrame = screenFrame.insetBy(dx: 8, dy: 8)
+        return CGPoint(
+            x: min(max(resolved.x, insetFrame.minX), insetFrame.maxX) - screenFrame.minX,
+            y: min(max(resolved.y, insetFrame.minY), insetFrame.maxY) - screenFrame.minY)
+    }
+
+    private static func randomPalette() -> [Color] {
+        let hue = Double.random(in: 0...1)
+        let hueOffsets = [0.0, 0.08, 0.16, 0.5, 0.66, 0.83]
+        return hueOffsets.map { offset in
+            Color(
+                hue: (hue + offset).truncatingRemainder(dividingBy: 1),
+                saturation: Double.random(in: 0.55...0.95),
+                brightness: Double.random(in: 0.85...1))
+        }
+    }
+}
+
+private final class ClickThroughOverlayPanel: NSPanel {
+    override var canBecomeKey: Bool {
+        false
+    }
+
+    override var canBecomeMain: Bool {
+        false
+    }
+
+    override var acceptsFirstResponder: Bool {
+        false
+    }
+}
+
+private struct ScreenConfettiOverlayView: View {
+    private static let clockwiseRotationAngles: [Double] = [270, 234, 198, 162, 126, 90]
+    private static let counterclockwiseRotationAngles: [Double] = [90, 126, 162, 198, 234, 270]
+
+    let origin: CGPoint
+    let colors: [Color]
+
+    @Environment(\.self) private var environment
+    @State private var visiblePhaseCount = 0
+
+    var body: some View {
+        GeometryReader { proxy in
+            let clockwiseAngles = Array(Self.clockwiseRotationAngles.prefix(self.visiblePhaseCount).enumerated())
+            let counterclockwiseAngles = Array(
+                Self.counterclockwiseRotationAngles.prefix(self.visiblePhaseCount).enumerated())
+            ZStack {
+                ForEach(clockwiseAngles, id: \.offset) { index, angle in
+                    VortexView(self.makeFireworkConfettiSystem(
+                        in: proxy.size,
+                        launchAngle: angle,
+                        phaseIndex: index,
+                        lateralOffset: -12))
+                    {
+                        RoundedRectangle(cornerRadius: 2, style: .continuous)
+                            .fill(.white)
+                            .frame(width: 10, height: 20)
+                            .tag("confetti-bar")
+
+                        Circle()
+                            .fill(.white)
+                            .frame(width: 9, height: 9)
+                            .tag("confetti-dot")
+
+                        Capsule(style: .continuous)
+                            .fill(.white)
+                            .frame(width: 8, height: 16)
+                            .rotationEffect(.degrees(30))
+                            .tag("confetti-pill")
+
+                        Circle()
+                            .fill(.white)
+                            .frame(width: 6, height: 6)
+                            .blur(radius: 1)
+                            .tag("confetti-tracer")
+                    }
+                }
+
+                ForEach(counterclockwiseAngles, id: \.offset) { index, angle in
+                    VortexView(self.makeFireworkConfettiSystem(
+                        in: proxy.size,
+                        launchAngle: angle,
+                        phaseIndex: index,
+                        lateralOffset: 12))
+                    {
+                        RoundedRectangle(cornerRadius: 2, style: .continuous)
+                            .fill(.white)
+                            .frame(width: 10, height: 20)
+                            .tag("confetti-bar")
+
+                        Circle()
+                            .fill(.white)
+                            .frame(width: 9, height: 9)
+                            .tag("confetti-dot")
+
+                        Capsule(style: .continuous)
+                            .fill(.white)
+                            .frame(width: 8, height: 16)
+                            .rotationEffect(.degrees(30))
+                            .tag("confetti-pill")
+
+                        Circle()
+                            .fill(.white)
+                            .frame(width: 6, height: 6)
+                            .blur(radius: 1)
+                            .tag("confetti-tracer")
+                    }
+                }
+            }
+            .ignoresSafeArea()
+            .allowsHitTesting(false)
+            .task {
+                self.visiblePhaseCount = 1
+                for phaseCount in 2...Self.clockwiseRotationAngles.count {
+                    try? await Task.sleep(for: .milliseconds(60))
+                    self.visiblePhaseCount = phaseCount
+                }
+            }
+        }
+    }
+
+    private func makeFireworkConfettiSystem(
+        in size: CGSize,
+        launchAngle: Double,
+        phaseIndex: Int,
+        lateralOffset: CGFloat)
+        -> VortexSystem
+    {
+        let canvasOrigin = self.canvasOrigin(in: size, lateralOffset: lateralOffset)
+        let normalizedX = size.width > 0 ? canvasOrigin.x / size.width : 1
+        let normalizedY = size.height > 0 ? canvasOrigin.y / size.height : 0
+        let resolvedColors = self.colors.map { color -> VortexSystem.Color in
+            let components = color.resolve(in: self.environment)
+            return VortexSystem.Color(
+                red: Double(components.red),
+                green: Double(components.green),
+                blue: Double(components.blue),
+                opacity: Double(components.opacity))
+        }
+
+        let explosion = VortexSystem(
+            tags: ["confetti-bar", "confetti-dot", "confetti-pill"],
+            spawnOccasion: .onDeath,
+            shape: .point,
+            birthRate: 24000,
+            emissionLimit: 42,
+            emissionDuration: 0.08,
+            idleDuration: 10,
+            lifespan: 4.2,
+            speed: 0.72,
+            speedVariation: 0.44,
+            angleRange: .degrees(360),
+            acceleration: [0, 0.32],
+            dampingFactor: 0.18,
+            angularSpeed: [0, 0, 3],
+            angularSpeedVariation: [2, 2, 14],
+            colors: .random(resolvedColors),
+            size: 0.74,
+            sizeVariation: 0.26,
+            sizeMultiplierAtDeath: 0.94,
+            stretchFactor: 0.82)
+
+        return VortexSystem(
+            tags: ["confetti-tracer"],
+            secondarySystems: [explosion],
+            position: [normalizedX, normalizedY],
+            shape: .point,
+            birthRate: 18,
+            emissionLimit: 4,
+            emissionDuration: 0.22,
+            idleDuration: 10,
+            lifespan: 0.58 + (Double(phaseIndex) * 0.03),
+            speed: 1.36 + (Double(phaseIndex) * 0.04),
+            speedVariation: 0.12,
+            angle: .degrees(launchAngle),
+            angleRange: .degrees(12),
+            acceleration: [0, 0.12],
+            dampingFactor: 0.06,
+            angularSpeed: [0, 0, 6],
+            angularSpeedVariation: [1, 1, 8],
+            colors: .single(.white),
+            size: 0.34,
+            sizeVariation: 0.08,
+            sizeMultiplierAtDeath: 0.4,
+            stretchFactor: 1.3)
+    }
+
+    private func canvasOrigin(in size: CGSize, lateralOffset: CGFloat = 0) -> CGPoint {
+        CGPoint(
+            x: min(max(self.origin.x + lateralOffset, 0), size.width),
+            y: min(max(size.height - self.origin.y + 18, 0), size.height))
+    }
+}
diff --git a/Sources/CodexBar/SessionQuotaNotifications.swift b/Sources/CodexBar/SessionQuotaNotifications.swift
index 5b0ed851c..3ea0ada27 100644
--- a/Sources/CodexBar/SessionQuotaNotifications.swift
+++ b/Sources/CodexBar/SessionQuotaNotifications.swift
@@ -1,13 +1,33 @@
+import AppKit
 import CodexBarCore
 import Foundation
 @preconcurrency import UserNotifications
 
-enum SessionQuotaTransition: Equatable, Sendable {
+enum SessionQuotaTransition: Equatable {
     case none
     case depleted
     case restored
 }
 
+struct QuotaWarningEvent: Equatable {
+    let window: QuotaWarningWindow
+    let threshold: Int
+    let currentRemaining: Double
+    let accountDisplayName: String?
+
+    init(
+        window: QuotaWarningWindow,
+        threshold: Int,
+        currentRemaining: Double,
+        accountDisplayName: String? = nil)
+    {
+        self.window = window
+        self.threshold = threshold
+        self.currentRemaining = currentRemaining
+        self.accountDisplayName = accountDisplayName
+    }
+}
+
 enum SessionQuotaNotificationLogic {
     static let depletedThreshold: Double = 0.0001
 
@@ -27,11 +47,91 @@ enum SessionQuotaNotificationLogic {
         if wasDepleted, !isDepleted { return .restored }
         return .none
     }
+
+    static func notificationCopy(
+        transition: SessionQuotaTransition,
+        providerName: String) -> (title: String, body: String)
+    {
+        switch transition {
+        case .none:
+            ("", "")
+        case .depleted:
+            (
+                L("session_depleted_notification_title", providerName),
+                L("session_depleted_notification_body"))
+        case .restored:
+            (
+                L("session_restored_notification_title", providerName),
+                L("session_restored_notification_body"))
+        }
+    }
+}
+
+enum QuotaWarningNotificationLogic {
+    static func notificationCopy(
+        providerName: String,
+        window: QuotaWarningWindow,
+        threshold: Int,
+        currentRemaining: Double,
+        accountDisplayName: String? = nil) -> (title: String, body: String)
+    {
+        let windowLabel = window.localizedNotificationDisplayName
+        let remainingText = Self.percentText(currentRemaining)
+        let title = L("quota_warning_notification_title", providerName, windowLabel)
+        let body = if let accountDisplayName {
+            L(
+                "quota_warning_notification_body_with_account",
+                accountDisplayName,
+                remainingText,
+                threshold,
+                windowLabel)
+        } else {
+            L(
+                "quota_warning_notification_body",
+                remainingText,
+                threshold,
+                windowLabel)
+        }
+        return (title, body)
+    }
+
+    static func crossedThreshold(
+        previousRemaining: Double?,
+        currentRemaining: Double,
+        thresholds: [Int],
+        alreadyFired: Set<Int>) -> Int?
+    {
+        let sanitized = QuotaWarningThresholds.active(thresholds)
+        let eligible = sanitized.filter { threshold in
+            currentRemaining <= Double(threshold) && !alreadyFired.contains(threshold)
+        }
+        guard !eligible.isEmpty else { return nil }
+
+        if let previousRemaining {
+            let crossed = eligible.filter { previousRemaining > Double($0) }
+            return crossed.min()
+        }
+
+        return eligible.min()
+    }
+
+    static func firedThresholdsAfterWarning(threshold: Int, thresholds: [Int]) -> Set<Int> {
+        Set(QuotaWarningThresholds.active(thresholds).filter { $0 >= threshold })
+    }
+
+    static func thresholdsToClear(currentRemaining: Double, alreadyFired: Set<Int>) -> Set<Int> {
+        Set(alreadyFired.filter { currentRemaining > Double($0) })
+    }
+
+    private static func percentText(_ value: Double) -> String {
+        "\(Int(min(100, max(0, value)).rounded()))%"
+    }
 }
 
 @MainActor
 protocol SessionQuotaNotifying: AnyObject {
     func post(transition: SessionQuotaTransition, provider: UsageProvider, badge: NSNumber?)
+    func postQuotaWarning(event: QuotaWarningEvent, provider: UsageProvider, soundEnabled: Bool)
 }
 
 @MainActor
@@ -45,14 +145,9 @@ final class SessionQuotaNotifier: SessionQuotaNotifying {
 
         let providerName = ProviderDescriptorRegistry.descriptor(for: provider).metadata.displayName
 
-        let (title, body) = switch transition {
-        case .none:
-            ("", "")
-        case .depleted:
-            ("\(providerName) session depleted", "0% left. Will notify when it's available again.")
-        case .restored:
-            ("\(providerName) session restored", "Session quota is available again.")
-        }
+        let (title, body) = SessionQuotaNotificationLogic.notificationCopy(
+            transition: transition,
+            providerName: providerName)
 
         let providerText = provider.rawValue
         let transitionText = String(describing: transition)
@@ -60,4 +155,37 @@ final class SessionQuotaNotifier: SessionQuotaNotifying {
         self.logger.info("enqueuing", metadata: ["prefix": idPrefix])
         AppNotifications.shared.post(idPrefix: idPrefix, title: title, body: body, badge: badge)
     }
+
+    func postQuotaWarning(event: QuotaWarningEvent, provider: UsageProvider, soundEnabled: Bool = true) {
+        let providerName = ProviderDescriptorRegistry.descriptor(for: provider).metadata.displayName
+        let threshold = event.threshold
+        let copy = QuotaWarningNotificationLogic.notificationCopy(
+            providerName: providerName,
+            window: event.window,
+            threshold: threshold,
+            currentRemaining: event.currentRemaining,
+            accountDisplayName: event.accountDisplayName)
+        let idPrefix = "quota-warning-\(provider.rawValue)-\(event.window.rawValue)-\(threshold)"
+        self.logger.info("enqueuing", metadata: ["prefix": idPrefix])
+        if soundEnabled {
+            (NSSound(named: "Glass") ?? NSSound(named: "Ping"))?.play()
+        }
+        NotificationCenter.default.post(
+            name: .codexbarQuotaWarningDidPost,
+            object: QuotaWarningPostedEvent(
+                provider: provider,
+                window: event.window,
+                threshold: threshold,
+                postedAt: Date()))
+        AppNotifications.shared.post(idPrefix: idPrefix, title: copy.title, body: copy.body, soundEnabled: false)
+    }
+}
+
+extension QuotaWarningWindow {
+    fileprivate var localizedNotificationDisplayName: String {
+        switch self {
+        case .session: L("quota_warning_session")
+        case .weekly: L("quota_warning_weekly")
+        }
+    }
 }
diff --git a/Sources/CodexBar/SettingsStore+Config.swift b/Sources/CodexBar/SettingsStore+Config.swift
index 8195200e0..e4ef5d2aa 100644
--- a/Sources/CodexBar/SettingsStore+Config.swift
+++ b/Sources/CodexBar/SettingsStore+Config.swift
@@ -6,6 +6,84 @@ extension SettingsStore {
         self.configSnapshot.providerConfig(for: provider)
     }
 
+    func quotaWarningConfig(for provider: UsageProvider) -> QuotaWarningConfig {
+        self.configSnapshot.providerConfig(for: provider)?.quotaWarnings ?? QuotaWarningConfig()
+    }
+
+    func resolvedQuotaWarningThresholds(provider: UsageProvider, window: QuotaWarningWindow) -> [Int] {
+        self.quotaWarningConfig(for: provider).thresholds(
+            for: window,
+            global: self.quotaWarningThresholds(window))
+    }
+
+    func quotaWarningEnabled(provider: UsageProvider, window: QuotaWarningWindow) -> Bool {
+        self.quotaWarningConfig(for: provider).isEnabled(
+            for: window,
+            global: self.quotaWarningWindowEnabled(window))
+    }
+
+    func hasQuotaWarningOverride(provider: UsageProvider, window: QuotaWarningWindow) -> Bool {
+        self.quotaWarningConfig(for: provider).hasOverride(for: window)
+    }
+
+    func setQuotaWarningThresholds(provider: UsageProvider, window: QuotaWarningWindow, thresholds: [Int]?) {
+        self.updateProviderConfig(provider: provider) { entry in
+            var config = entry.quotaWarnings ?? QuotaWarningConfig()
+            switch window {
+            case .session:
+                var windowConfig = config.session ?? QuotaWarningWindowConfig()
+                windowConfig.thresholds = thresholds.map(QuotaWarningThresholds.sanitized)
+                config.session = windowConfig.hasOverride ? windowConfig : nil
+            case .weekly:
+                var windowConfig = config.weekly ?? QuotaWarningWindowConfig()
+                windowConfig.thresholds = thresholds.map(QuotaWarningThresholds.sanitized)
+                config.weekly = windowConfig.hasOverride ? windowConfig : nil
+            }
+            entry.quotaWarnings = config.isEmpty ? nil : config
+        }
+    }
+
+    func setQuotaWarningOverride(
+        provider: UsageProvider,
+        window: QuotaWarningWindow,
+        thresholds: [Int]?,
+        enabled: Bool?)
+    {
+        self.updateProviderConfig(provider: provider) { entry in
+            var config = entry.quotaWarnings ?? QuotaWarningConfig()
+            switch window {
+            case .session:
+                var windowConfig = config.session ?? QuotaWarningWindowConfig()
+                windowConfig.thresholds = thresholds.map(QuotaWarningThresholds.sanitized)
+                windowConfig.enabled = enabled
+                config.session = windowConfig.hasOverride ? windowConfig : nil
+            case .weekly:
+                var windowConfig = config.weekly ?? QuotaWarningWindowConfig()
+                windowConfig.thresholds = thresholds.map(QuotaWarningThresholds.sanitized)
+                windowConfig.enabled = enabled
+                config.weekly = windowConfig.hasOverride ? windowConfig : nil
+            }
+            entry.quotaWarnings = config.isEmpty ? nil : config
+        }
+    }
+
+    func setQuotaWarningWindowEnabled(provider: UsageProvider, window: QuotaWarningWindow, enabled: Bool?) {
+        self.updateProviderConfig(provider: provider) { entry in
+            var config = entry.quotaWarnings ?? QuotaWarningConfig()
+            switch window {
+            case .session:
+                var windowConfig = config.session ?? QuotaWarningWindowConfig()
+                windowConfig.enabled = enabled
+                config.session = windowConfig.hasOverride ? windowConfig : nil
+            case .weekly:
+                var windowConfig = config.weekly ?? QuotaWarningWindowConfig()
+                windowConfig.enabled = enabled
+                config.weekly = windowConfig.hasOverride ? windowConfig : nil
+            }
+            entry.quotaWarnings = config.isEmpty ? nil : config
+        }
+    }
+
     var tokenAccountsByProvider: [UsageProvider: ProviderTokenAccountData] {
         get {
             Dictionary(uniqueKeysWithValues: self.configSnapshot.providers.compactMap { entry in
diff --git a/Sources/CodexBar/SettingsStore+Defaults.swift b/Sources/CodexBar/SettingsStore+Defaults.swift
index 963e78ed1..a73e6c05e 100644
--- a/Sources/CodexBar/SettingsStore+Defaults.swift
+++ b/Sources/CodexBar/SettingsStore+Defaults.swift
@@ -35,7 +35,9 @@ extension SettingsStore {
         set {
             self.defaultsState.debugDisableKeychainAccess = newValue
             self.userDefaults.set(newValue, forKey: "debugDisableKeychainAccess")
-            Self.sharedDefaults?.set(newValue, forKey: "debugDisableKeychainAccess")
+            if Self.shouldBridgeSharedDefaults(for: self.userDefaults) {
+                Self.sharedDefaults?.set(newValue, forKey: "debugDisableKeychainAccess")
+            }
             KeychainAccessGate.isDisabled = newValue
         }
     }
@@ -101,6 +103,96 @@ extension SettingsStore {
         }
     }
 
+    var quotaWarningNotificationsEnabled: Bool {
+        get { self.defaultsState.quotaWarningNotificationsEnabled }
+        set {
+            self.defaultsState.quotaWarningNotificationsEnabled = newValue
+            self.userDefaults.set(newValue, forKey: "quotaWarningNotificationsEnabled")
+        }
+    }
+
+    var quotaWarningThresholds: [Int] {
+        get { QuotaWarningThresholds.sanitized(self.defaultsState.quotaWarningThresholdsRaw) }
+        set {
+            let sanitized = QuotaWarningThresholds.sanitized(newValue)
+            self.defaultsState.quotaWarningThresholdsRaw = sanitized
+            self.defaultsState.quotaWarningSessionThresholdsRaw = sanitized
+            self.defaultsState.quotaWarningWeeklyThresholdsRaw = sanitized
+            self.userDefaults.set(sanitized, forKey: "quotaWarningThresholds")
+            self.userDefaults.set(sanitized, forKey: "quotaWarningSessionThresholds")
+            self.userDefaults.set(sanitized, forKey: "quotaWarningWeeklyThresholds")
+        }
+    }
+
+    func quotaWarningThresholds(_ window: QuotaWarningWindow) -> [Int] {
+        switch window {
+        case .session:
+            QuotaWarningThresholds.sanitized(self.defaultsState.quotaWarningSessionThresholdsRaw)
+        case .weekly:
+            QuotaWarningThresholds.sanitized(self.defaultsState.quotaWarningWeeklyThresholdsRaw)
+        }
+    }
+
+    func setQuotaWarningThresholds(_ window: QuotaWarningWindow, thresholds: [Int]) {
+        let sanitized = QuotaWarningThresholds.sanitized(thresholds)
+        switch window {
+        case .session:
+            self.defaultsState.quotaWarningSessionThresholdsRaw = sanitized
+            self.userDefaults.set(sanitized, forKey: "quotaWarningSessionThresholds")
+        case .weekly:
+            self.defaultsState.quotaWarningWeeklyThresholdsRaw = sanitized
+            self.userDefaults.set(sanitized, forKey: "quotaWarningWeeklyThresholds")
+        }
+    }
+
+    func quotaWarningWindowEnabled(_ window: QuotaWarningWindow) -> Bool {
+        switch window {
+        case .session:
+            self.defaultsState.quotaWarningSessionEnabled
+        case .weekly:
+            self.defaultsState.quotaWarningWeeklyEnabled
+        }
+    }
+
+    func setQuotaWarningWindowEnabled(_ window: QuotaWarningWindow, enabled: Bool) {
+        switch window {
+        case .session:
+            self.defaultsState.quotaWarningSessionEnabled = enabled
+            self.userDefaults.set(enabled, forKey: "quotaWarningSessionEnabled")
+        case .weekly:
+            self.defaultsState.quotaWarningWeeklyEnabled = enabled
+            self.userDefaults.set(enabled, forKey: "quotaWarningWeeklyEnabled")
+        }
+    }
+
+    var quotaWarningSoundEnabled: Bool {
+        get { self.defaultsState.quotaWarningSoundEnabled }
+        set {
+            self.defaultsState.quotaWarningSoundEnabled = newValue
+            self.userDefaults.set(newValue, forKey: "quotaWarningSoundEnabled")
+        }
+    }
+
+    var quotaWarningMarkersVisible: Bool {
+        get { self.defaultsState.quotaWarningMarkersVisible }
+        set {
+            self.defaultsState.quotaWarningMarkersVisible = newValue
+            self.userDefaults.set(newValue, forKey: "quotaWarningMarkersVisible")
+        }
+    }
+
+    var weeklyProgressWorkDays: Int? {
+        get { self.defaultsState.weeklyProgressWorkDays }
+        set {
+            self.defaultsState.weeklyProgressWorkDays = newValue
+            if let newValue {
+                self.userDefaults.set(newValue, forKey: "weeklyProgressWorkDays")
+            } else {
+                self.userDefaults.removeObject(forKey: "weeklyProgressWorkDays")
+            }
+        }
+    }
+
     var usageBarsShowUsed: Bool {
         get { self.defaultsState.usageBarsShowUsed }
         set {
@@ -117,6 +209,14 @@ extension SettingsStore {
         }
     }
 
+    var providerChangelogLinksEnabled: Bool {
+        get { self.defaultsState.providerChangelogLinksEnabled }
+        set {
+            self.defaultsState.providerChangelogLinksEnabled = newValue
+            self.userDefaults.set(newValue, forKey: "providerChangelogLinksEnabled")
+        }
+    }
+
     var menuBarShowsBrandIconWithPercent: Bool {
         get { self.defaultsState.menuBarShowsBrandIconWithPercent }
         set {
@@ -159,46 +259,34 @@ extension SettingsStore {
         set { self.menuBarSeparatorStyleRaw = newValue.rawValue }
     }
 
-    private var menuBarPercentTimeWindowRaw: String? {
-        get { self.defaultsState.menuBarPercentTimeWindowRaw }
+    private var kiroMenuBarDisplayModeRaw: String? {
+        get { self.defaultsState.kiroMenuBarDisplayModeRaw }
         set {
-            self.defaultsState.menuBarPercentTimeWindowRaw = newValue
+            self.defaultsState.kiroMenuBarDisplayModeRaw = newValue
             if let raw = newValue {
-                self.userDefaults.set(raw, forKey: "menuBarPercentTimeWindow")
+                self.userDefaults.set(raw, forKey: "kiroMenuBarDisplayMode")
             } else {
-                self.userDefaults.removeObject(forKey: "menuBarPercentTimeWindow")
+                self.userDefaults.removeObject(forKey: "kiroMenuBarDisplayMode")
             }
         }
     }
 
-    var menuBarPercentTimeWindow: MenuBarTimeWindow {
-        get { MenuBarTimeWindow(rawValue: self.menuBarPercentTimeWindowRaw ?? "") ?? .session }
-        set { self.menuBarPercentTimeWindowRaw = newValue.rawValue }
+    var kiroMenuBarDisplayMode: KiroMenuBarDisplayMode {
+        get { KiroMenuBarDisplayMode(rawValue: self.kiroMenuBarDisplayModeRaw ?? "") ?? .automatic }
+        set { self.kiroMenuBarDisplayModeRaw = newValue.rawValue }
     }
 
-    private var menuBarPaceTimeWindowRaw: String? {
-        get { self.defaultsState.menuBarPaceTimeWindowRaw }
+    var multiAccountMenuLayout: MultiAccountMenuLayout {
+        get { MultiAccountMenuLayout(rawValue: self.defaultsState.multiAccountMenuLayoutRaw) ?? .segmented }
         set {
-            self.defaultsState.menuBarPaceTimeWindowRaw = newValue
-            if let raw = newValue {
-                self.userDefaults.set(raw, forKey: "menuBarPaceTimeWindow")
-            } else {
-                self.userDefaults.removeObject(forKey: "menuBarPaceTimeWindow")
-            }
+            self.defaultsState.multiAccountMenuLayoutRaw = newValue.rawValue
+            self.userDefaults.set(newValue.rawValue, forKey: "multiAccountMenuLayout")
         }
     }
 
-    var menuBarPaceTimeWindow: MenuBarTimeWindow {
-        get { MenuBarTimeWindow(rawValue: self.menuBarPaceTimeWindowRaw ?? "") ?? .weekly }
-        set { self.menuBarPaceTimeWindowRaw = newValue.rawValue }
-    }
-
     var showAllTokenAccountsInMenu: Bool {
-        get { self.defaultsState.showAllTokenAccountsInMenu }
-        set {
-            self.defaultsState.showAllTokenAccountsInMenu = newValue
-            self.userDefaults.set(newValue, forKey: "showAllTokenAccountsInMenu")
-        }
+        get { self.multiAccountMenuLayout == .stacked }
+        set { self.multiAccountMenuLayout = newValue ? .stacked : .segmented }
     }
 
     var historicalTrackingEnabled: Bool {
@@ -225,6 +313,15 @@ extension SettingsStore {
         }
     }
 
+    var costUsageHistoryDays: Int {
+        get { self.defaultsState.costUsageHistoryDays }
+        set {
+            let clamped = max(1, min(365, newValue))
+            self.defaultsState.costUsageHistoryDays = clamped
+            self.userDefaults.set(clamped, forKey: "tokenCostUsageHistoryDays")
+        }
+    }
+
     var hidePersonalInfo: Bool {
         get { self.defaultsState.hidePersonalInfo }
         set {
@@ -241,6 +338,14 @@ extension SettingsStore {
         }
     }
 
+    var confettiOnWeeklyLimitResetsEnabled: Bool {
+        get { self.defaultsState.confettiOnWeeklyLimitResetsEnabled }
+        set {
+            self.defaultsState.confettiOnWeeklyLimitResetsEnabled = newValue
+            self.userDefaults.set(newValue, forKey: "confettiOnWeeklyLimitResetsEnabled")
+        }
+    }
+
     var menuBarShowsHighestUsage: Bool {
         get { self.defaultsState.menuBarShowsHighestUsage }
         set {
@@ -262,8 +367,10 @@ extension SettingsStore {
 
     var claudeOAuthKeychainReadStrategy: ClaudeOAuthKeychainReadStrategy {
         get {
-            let raw = self.defaultsState.claudeOAuthKeychainReadStrategyRaw
-            return ClaudeOAuthKeychainReadStrategy(rawValue: raw ?? "") ?? .securityCLI
+            guard let raw = self.defaultsState.claudeOAuthKeychainReadStrategyRaw else {
+                return .securityCLIExperimental
+            }
+            return ClaudeOAuthKeychainReadStrategy(rawValue: raw) ?? .securityFramework
         }
         set {
             self.defaultsState.claudeOAuthKeychainReadStrategyRaw = newValue.rawValue
@@ -272,10 +379,10 @@ extension SettingsStore {
     }
 
     var claudeOAuthPromptFreeCredentialsEnabled: Bool {
-        get { self.claudeOAuthKeychainReadStrategy == .securityCLI }
+        get { self.claudeOAuthKeychainReadStrategy == .securityCLIExperimental }
         set {
             self.claudeOAuthKeychainReadStrategy = newValue
-                ? .securityCLI
+                ? .securityCLIExperimental
                 : .securityFramework
         }
     }
@@ -315,6 +422,28 @@ extension SettingsStore {
         }
     }
 
+    var openAIWebBatterySaverEnabled: Bool {
+        get { self.defaultsState.openAIWebBatterySaverEnabled }
+        set {
+            self.defaultsState.openAIWebBatterySaverEnabled = newValue
+            self.userDefaults.set(newValue, forKey: "openAIWebBatterySaverEnabled")
+            CodexBarLog.logger(LogCategories.settings).info(
+                "OpenAI web battery saver updated",
+                metadata: ["enabled": newValue ? "1" : "0"])
+        }
+    }
+
+    var providerStorageFootprintsEnabled: Bool {
+        get { self.defaultsState.providerStorageFootprintsEnabled }
+        set {
+            self.defaultsState.providerStorageFootprintsEnabled = newValue
+            self.userDefaults.set(newValue, forKey: "providerStorageFootprintsEnabled")
+            CodexBarLog.logger(LogCategories.settings).info(
+                "Provider storage footprints updated",
+                metadata: ["enabled": newValue ? "1" : "0"])
+        }
+    }
+
     var jetbrainsIDEBasePath: String {
         get { self.defaultsState.jetbrainsIDEBasePath }
         set {
@@ -533,6 +662,27 @@ extension SettingsStore {
         }
     }
 
+    var appLanguage: String {
+        get { self.defaultsState.appLanguageRaw ?? "" }
+        set {
+            let stored = newValue.isEmpty ? nil : newValue
+            self.defaultsState.appLanguageRaw = stored
+            if let stored {
+                self.userDefaults.set(stored, forKey: "appLanguage")
+                if self.userDefaults !== UserDefaults.standard {
+                    UserDefaults.standard.set(stored, forKey: "appLanguage")
+                }
+                UserDefaults.standard.set([stored], forKey: "AppleLanguages")
+            } else {
+                self.userDefaults.removeObject(forKey: "appLanguage")
+                if self.userDefaults !== UserDefaults.standard {
+                    UserDefaults.standard.removeObject(forKey: "appLanguage")
+                }
+                UserDefaults.standard.removeObject(forKey: "AppleLanguages")
+            }
+        }
+    }
+
     var debugLoadingPattern: LoadingPattern? {
         get { self.debugLoadingPatternRaw.flatMap(LoadingPattern.init(rawValue:)) }
         set { self.debugLoadingPatternRaw = newValue?.rawValue }
diff --git a/Sources/CodexBar/SettingsStore+MenuObservation.swift b/Sources/CodexBar/SettingsStore+MenuObservation.swift
index a38d5cf35..b459a3011 100644
--- a/Sources/CodexBar/SettingsStore+MenuObservation.swift
+++ b/Sources/CodexBar/SettingsStore+MenuObservation.swift
@@ -11,25 +11,40 @@ extension SettingsStore {
         _ = self.debugKeepCLISessionsAlive
         _ = self.statusChecksEnabled
         _ = self.sessionQuotaNotificationsEnabled
+        _ = self.quotaWarningNotificationsEnabled
+        _ = self.quotaWarningThresholds
+        _ = self.quotaWarningThresholds(.session)
+        _ = self.quotaWarningThresholds(.weekly)
+        _ = self.quotaWarningWindowEnabled(.session)
+        _ = self.quotaWarningWindowEnabled(.weekly)
+        _ = self.quotaWarningSoundEnabled
+        _ = self.quotaWarningMarkersVisible
+        _ = self.weeklyProgressWorkDays
         _ = self.usageBarsShowUsed
         _ = self.resetTimesShowAbsolute
+        _ = self.providerChangelogLinksEnabled
         _ = self.menuBarShowsBrandIconWithPercent
         _ = self.menuBarShowsHighestUsage
         _ = self.menuBarDisplayMode
-        _ = self.menuBarPercentTimeWindow
-        _ = self.menuBarPaceTimeWindow
+        _ = self.kiroMenuBarDisplayMode
         _ = self.historicalTrackingEnabled
-        _ = self.showAllTokenAccountsInMenu
+        _ = self.multiAccountMenuLayout
         _ = self.menuBarMetricPreferencesRaw
         _ = self.costUsageEnabled
+        _ = self.costUsageHistoryDays
+        _ = self.appLanguage
         _ = self.hidePersonalInfo
         _ = self.randomBlinkEnabled
+        _ = self.confettiOnWeeklyLimitResetsEnabled
         _ = self.claudeOAuthKeychainPromptMode
         _ = self.claudeOAuthKeychainReadStrategy
         _ = self.claudeWebExtrasEnabled
         _ = self.showOptionalCreditsAndExtraUsage
         _ = self.openAIWebAccessEnabled
+        _ = self.openAIWebBatterySaverEnabled
+        _ = self.providerStorageFootprintsEnabled
         _ = self.codexUsageDataSource
+        _ = self.codexActiveSource
         _ = self.claudeUsageDataSource
         _ = self.kiloUsageDataSource
         _ = self.kiloExtrasEnabled
@@ -37,14 +52,16 @@ extension SettingsStore {
         _ = self.claudeCookieSource
         _ = self.cursorCookieSource
         _ = self.opencodeCookieSource
+        _ = self.opencodegoCookieSource
         _ = self.factoryCookieSource
         _ = self.minimaxCookieSource
         _ = self.minimaxAPIRegion
         _ = self.kimiCookieSource
         _ = self.augmentCookieSource
         _ = self.ampCookieSource
-        _ = self.colorCodedIcons
+        _ = self.t3ChatCookieSource
         _ = self.ollamaCookieSource
+        _ = self.colorCodedIcons
         _ = self.mergeIcons
         _ = self.switcherShowsIcons
         _ = self.mergedMenuLastSelectedWasOverview
@@ -56,6 +73,8 @@ extension SettingsStore {
         _ = self.cursorCookieHeader
         _ = self.opencodeCookieHeader
         _ = self.opencodeWorkspaceID
+        _ = self.opencodegoCookieHeader
+        _ = self.opencodegoWorkspaceID
         _ = self.factoryCookieHeader
         _ = self.minimaxCookieHeader
         _ = self.minimaxAPIToken
@@ -64,6 +83,7 @@ extension SettingsStore {
         _ = self.kiloAPIToken
         _ = self.augmentCookieHeader
         _ = self.ampCookieHeader
+        _ = self.t3ChatCookieHeader
         _ = self.ollamaCookieHeader
         _ = self.copilotAPIToken
         _ = self.warpAPIToken
diff --git a/Sources/CodexBar/SettingsStore+MenuPreferences.swift b/Sources/CodexBar/SettingsStore+MenuPreferences.swift
index 210a286d4..ce8dacf45 100644
--- a/Sources/CodexBar/SettingsStore+MenuPreferences.swift
+++ b/Sources/CodexBar/SettingsStore+MenuPreferences.swift
@@ -3,14 +3,16 @@ import Foundation
 
 extension SettingsStore {
     func menuBarMetricPreference(for provider: UsageProvider) -> MenuBarMetricPreference {
-        if provider == .zai { return .primary }
+        if Self.isBalanceOnlyProvider(provider) {
+            return .automatic
+        }
         if provider == .openrouter {
             let raw = self.menuBarMetricPreferencesRaw[provider.rawValue] ?? ""
             let preference = MenuBarMetricPreference(rawValue: raw) ?? .automatic
             switch preference {
             case .automatic, .primary:
                 return preference
-            case .secondary, .average:
+            case .secondary, .average, .tertiary, .extraUsage:
                 return .automatic
             }
         }
@@ -19,23 +21,37 @@ extension SettingsStore {
         if preference == .average, !self.menuBarMetricSupportsAverage(for: provider) {
             return .automatic
         }
+        if preference == .tertiary, !self.menuBarMetricSupportsTertiary(for: provider) {
+            return .automatic
+        }
+        if preference == .extraUsage, !self.menuBarMetricSupportsExtraUsage(for: provider) {
+            return .automatic
+        }
         return preference
     }
 
     func setMenuBarMetricPreference(_ preference: MenuBarMetricPreference, for provider: UsageProvider) {
-        if provider == .zai {
-            self.menuBarMetricPreferencesRaw[provider.rawValue] = MenuBarMetricPreference.primary.rawValue
+        if Self.isBalanceOnlyProvider(provider) {
+            self.menuBarMetricPreferencesRaw[provider.rawValue] = MenuBarMetricPreference.automatic.rawValue
             return
         }
         if provider == .openrouter {
             switch preference {
             case .automatic, .primary:
                 self.menuBarMetricPreferencesRaw[provider.rawValue] = preference.rawValue
-            case .secondary, .average:
+            case .secondary, .average, .tertiary, .extraUsage:
                 self.menuBarMetricPreferencesRaw[provider.rawValue] = MenuBarMetricPreference.automatic.rawValue
             }
             return
         }
+        if preference == .tertiary, !self.menuBarMetricSupportsTertiary(for: provider) {
+            self.menuBarMetricPreferencesRaw[provider.rawValue] = MenuBarMetricPreference.automatic.rawValue
+            return
+        }
+        if preference == .extraUsage, !self.menuBarMetricSupportsExtraUsage(for: provider) {
+            self.menuBarMetricPreferencesRaw[provider.rawValue] = MenuBarMetricPreference.automatic.rawValue
+            return
+        }
         self.menuBarMetricPreferencesRaw[provider.rawValue] = preference.rawValue
     }
 
@@ -43,6 +59,42 @@ extension SettingsStore {
         provider == .gemini
     }
 
+    func menuBarMetricSupportsTertiary(for provider: UsageProvider) -> Bool {
+        provider == .cursor || provider == .perplexity || provider == .zai
+    }
+
+    func menuBarMetricSupportsTertiary(for provider: UsageProvider, snapshot: UsageSnapshot?) -> Bool {
+        if provider == .cursor || provider == .zai {
+            return snapshot?.tertiary != nil
+        }
+        return self.menuBarMetricSupportsTertiary(for: provider)
+    }
+
+    func menuBarMetricSupportsExtraUsage(for provider: UsageProvider) -> Bool {
+        provider == .cursor || provider == .claude
+    }
+
+    func menuBarMetricSupportsExtraUsage(for provider: UsageProvider, snapshot: UsageSnapshot?) -> Bool {
+        guard self.menuBarMetricSupportsExtraUsage(for: provider) else { return false }
+        guard let cost = snapshot?.providerCost else { return false }
+        return cost.limit > 0
+    }
+
+    func menuBarMetricPreference(for provider: UsageProvider, snapshot: UsageSnapshot?) -> MenuBarMetricPreference {
+        let preference = self.menuBarMetricPreference(for: provider)
+        if preference == .tertiary,
+           !self.menuBarMetricSupportsTertiary(for: provider, snapshot: snapshot)
+        {
+            return .automatic
+        }
+        if preference == .extraUsage,
+           !self.menuBarMetricSupportsExtraUsage(for: provider, snapshot: snapshot)
+        {
+            return .automatic
+        }
+        return preference
+    }
+
     func isCostUsageEffectivelyEnabled(for provider: UsageProvider) -> Bool {
         self.costUsageEnabled
             && ProviderDescriptorRegistry.descriptor(for: provider).tokenCost.supportsTokenCost
@@ -51,4 +103,13 @@ extension SettingsStore {
     var resetTimeDisplayStyle: ResetTimeDisplayStyle {
         self.resetTimesShowAbsolute ? .absolute : .countdown
     }
+
+    static func isBalanceOnlyProvider(_ provider: UsageProvider) -> Bool {
+        switch provider {
+        case .deepseek, .mistral, .kimik2, .moonshot:
+            true
+        default:
+            false
+        }
+    }
 }
diff --git a/Sources/CodexBar/SettingsStore+ProviderDetection.swift b/Sources/CodexBar/SettingsStore+ProviderDetection.swift
index b8534276c..d4efded24 100644
--- a/Sources/CodexBar/SettingsStore+ProviderDetection.swift
+++ b/Sources/CodexBar/SettingsStore+ProviderDetection.swift
@@ -17,14 +17,17 @@ extension SettingsStore {
         let claudeInstalled = BinaryLocator.resolveClaudeBinary() != nil
         let geminiInstalled = BinaryLocator.resolveGeminiBinary() != nil
         let antigravityRunning = await AntigravityStatusProbe.isRunning()
+        let antigravityLoggedIn = FileManager.default.fileExists(
+            atPath: AntigravityOAuthCredentialsStore().fileURL.path)
         let logger = CodexBarLog.logger(LogCategories.providerDetection)
 
         // If none installed, keep Codex enabled to match previous behavior.
-        let noneInstalled = !codexInstalled && !claudeInstalled && !geminiInstalled && !antigravityRunning
+        let noneInstalled = !codexInstalled && !claudeInstalled && !geminiInstalled && !antigravityRunning &&
+            !antigravityLoggedIn
         let enableCodex = codexInstalled || noneInstalled
         let enableClaude = claudeInstalled
         let enableGemini = geminiInstalled
-        let enableAntigravity = antigravityRunning
+        let enableAntigravity = antigravityRunning || antigravityLoggedIn
 
         logger.info(
             "Provider detection results",
@@ -33,6 +36,7 @@ extension SettingsStore {
                 "claudeInstalled": claudeInstalled ? "1" : "0",
                 "geminiInstalled": geminiInstalled ? "1" : "0",
                 "antigravityRunning": antigravityRunning ? "1" : "0",
+                "antigravityLoggedIn": antigravityLoggedIn ? "1" : "0",
             ])
         logger.info(
             "Provider detection enablement",
diff --git a/Sources/CodexBar/SettingsStore+TokenAccounts.swift b/Sources/CodexBar/SettingsStore+TokenAccounts.swift
index 1f8a0277b..01c1387c7 100644
--- a/Sources/CodexBar/SettingsStore+TokenAccounts.swift
+++ b/Sources/CodexBar/SettingsStore+TokenAccounts.swift
@@ -36,11 +36,21 @@ extension SettingsStore {
             ])
     }
 
-    func addTokenAccount(provider: UsageProvider, label: String, token: String) {
+    func addTokenAccount(
+        provider: UsageProvider,
+        label: String,
+        token: String,
+        externalIdentifier: String? = nil,
+        organizationID: String? = nil)
+    {
         guard TokenAccountSupportCatalog.support(for: provider) != nil else { return }
         let trimmedToken = token.trimmingCharacters(in: .whitespacesAndNewlines)
         guard !trimmedToken.isEmpty else { return }
         let trimmedLabel = label.trimmingCharacters(in: .whitespacesAndNewlines)
+        let trimmedIdentifier = externalIdentifier?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let normalisedIdentifier = (trimmedIdentifier?.isEmpty ?? true) ? nil : trimmedIdentifier
+        let trimmedOrganizationID = organizationID?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let normalisedOrganizationID = (trimmedOrganizationID?.isEmpty ?? true) ? nil : trimmedOrganizationID
         let existing = self.tokenAccountsData(for: provider)
         let accounts = existing?.accounts ?? []
         let fallbackLabel = trimmedLabel.isEmpty ? "Account \(accounts.count + 1)" : trimmedLabel
@@ -49,13 +59,18 @@ extension SettingsStore {
             label: fallbackLabel,
             token: trimmedToken,
             addedAt: Date().timeIntervalSince1970,
-            lastUsed: nil)
+            lastUsed: nil,
+            externalIdentifier: normalisedIdentifier,
+            organizationID: normalisedOrganizationID)
         let updated = ProviderTokenAccountData(
             version: existing?.version ?? 1,
             accounts: accounts + [account],
             activeIndex: accounts.count)
         self.updateProviderConfig(provider: provider) { entry in
             entry.tokenAccounts = updated
+            if provider == .copilot {
+                entry.apiKey = nil
+            }
         }
         self.applyTokenAccountCookieSourceIfNeeded(provider: provider)
         CodexBarLog.logger(LogCategories.tokenAccounts).info(
@@ -66,18 +81,89 @@ extension SettingsStore {
             ])
     }
 
+    func updateTokenAccount(
+        provider: UsageProvider,
+        accountID: UUID,
+        label: String? = nil,
+        token: String? = nil,
+        externalIdentifier: String?? = nil,
+        organizationID: String?? = nil)
+    {
+        guard let data = self.tokenAccountsData(for: provider), !data.accounts.isEmpty else { return }
+        guard let index = data.accounts.firstIndex(where: { $0.id == accountID }) else { return }
+
+        let trimmedLabel = label?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let trimmedToken = token?.trimmingCharacters(in: .whitespacesAndNewlines)
+        if let trimmedToken, trimmedToken.isEmpty { return }
+
+        let existing = data.accounts[index]
+        let resolvedIdentifier: String?
+        if let externalIdentifier {
+            let trimmed = externalIdentifier?.trimmingCharacters(in: .whitespacesAndNewlines)
+            resolvedIdentifier = (trimmed?.isEmpty ?? true) ? nil : trimmed
+        } else {
+            resolvedIdentifier = existing.externalIdentifier
+        }
+        let resolvedOrganizationID: String?
+        if let organizationID {
+            let trimmed = organizationID?.trimmingCharacters(in: .whitespacesAndNewlines)
+            resolvedOrganizationID = (trimmed?.isEmpty ?? true) ? nil : trimmed
+        } else {
+            resolvedOrganizationID = existing.organizationID
+        }
+        let updatedAccount = ProviderTokenAccount(
+            id: existing.id,
+            label: (trimmedLabel?.isEmpty == false) ? trimmedLabel! : existing.label,
+            token: trimmedToken ?? existing.token,
+            addedAt: existing.addedAt,
+            lastUsed: existing.lastUsed,
+            externalIdentifier: resolvedIdentifier,
+            organizationID: resolvedOrganizationID)
+
+        var accounts = data.accounts
+        accounts[index] = updatedAccount
+        let updated = ProviderTokenAccountData(
+            version: data.version,
+            accounts: accounts,
+            activeIndex: data.clampedActiveIndex())
+        self.updateProviderConfig(provider: provider) { entry in
+            entry.tokenAccounts = updated
+            if provider == .copilot {
+                entry.apiKey = nil
+            }
+        }
+        self.applyTokenAccountCookieSourceIfNeeded(provider: provider)
+        CodexBarLog.logger(LogCategories.tokenAccounts).info(
+            "Token account updated",
+            metadata: [
+                "provider": provider.rawValue,
+                "count": "\(updated.accounts.count)",
+            ])
+    }
+
     func removeTokenAccount(provider: UsageProvider, accountID: UUID) {
         guard let data = self.tokenAccountsData(for: provider), !data.accounts.isEmpty else { return }
+        let activeAccountID = data.accounts[data.clampedActiveIndex()].id
+        guard let removedIndex = data.accounts.firstIndex(where: { $0.id == accountID }) else { return }
         let filtered = data.accounts.filter { $0.id != accountID }
         self.updateProviderConfig(provider: provider) { entry in
             if filtered.isEmpty {
                 entry.tokenAccounts = nil
             } else {
-                let clamped = min(max(data.activeIndex, 0), filtered.count - 1)
+                let nextActiveIndex = if activeAccountID != accountID,
+                                         let preservedIndex = filtered.firstIndex(where: { $0.id == activeAccountID })
+                {
+                    preservedIndex
+                } else {
+                    min(removedIndex, filtered.count - 1)
+                }
                 entry.tokenAccounts = ProviderTokenAccountData(
                     version: data.version,
                     accounts: filtered,
-                    activeIndex: clamped)
+                    activeIndex: nextActiveIndex)
+            }
+            if provider == .copilot {
+                entry.apiKey = nil
             }
         }
         CodexBarLog.logger(LogCategories.tokenAccounts).info(
diff --git a/Sources/CodexBar/SettingsStore.swift b/Sources/CodexBar/SettingsStore.swift
index 65680ffeb..b6e270408 100644
--- a/Sources/CodexBar/SettingsStore.swift
+++ b/Sources/CodexBar/SettingsStore.swift
@@ -28,12 +28,12 @@ enum RefreshFrequency: String, CaseIterable, Identifiable {
 
     var label: String {
         switch self {
-        case .manual: "Manual"
-        case .oneMinute: "1 min"
-        case .twoMinutes: "2 min"
-        case .fiveMinutes: "5 min"
-        case .fifteenMinutes: "15 min"
-        case .thirtyMinutes: "30 min"
+        case .manual: L("refresh_manual")
+        case .oneMinute: L("refresh_1min")
+        case .twoMinutes: L("refresh_2min")
+        case .fiveMinutes: L("refresh_5min")
+        case .fifteenMinutes: L("refresh_15min")
+        case .thirtyMinutes: L("refresh_30min")
         }
     }
 }
@@ -42,18 +42,68 @@ enum MenuBarMetricPreference: String, CaseIterable, Identifiable {
     case automatic
     case primary
     case secondary
+    case tertiary
+    case extraUsage
     case average
 
     var id: String {
         self.rawValue
     }
 
+    var label: String {
+        switch self {
+        case .automatic: L("metric_pref_automatic")
+        case .primary: L("metric_pref_primary")
+        case .secondary: L("metric_pref_secondary")
+        case .tertiary: L("metric_pref_tertiary")
+        case .extraUsage: L("metric_pref_extra_usage")
+        case .average: L("metric_pref_average")
+        }
+    }
+}
+
+enum KiroMenuBarDisplayMode: String, CaseIterable, Identifiable {
+    case automatic
+    case hidden
+    case creditsLeft
+    case percentLeft
+    case creditsAndPercent
+    case usedAndTotal
+    case overageCreditsWhenExhausted
+    case overageCostWhenExhausted
+    case overageCreditsAndCostWhenExhausted
+
+    var id: String {
+        self.rawValue
+    }
+
     var label: String {
         switch self {
         case .automatic: "Automatic"
-        case .primary: "Primary"
-        case .secondary: "Secondary"
-        case .average: "Average"
+        case .hidden: "Hidden"
+        case .creditsLeft: "Credits left"
+        case .percentLeft: "Percent left"
+        case .creditsAndPercent: "Credits + percent"
+        case .usedAndTotal: "Used / total"
+        case .overageCreditsWhenExhausted: "Overage credits at zero"
+        case .overageCostWhenExhausted: "Overage cost at zero"
+        case .overageCreditsAndCostWhenExhausted: "Overage credits + cost at zero"
+        }
+    }
+}
+
+enum MultiAccountMenuLayout: String, CaseIterable, Identifiable {
+    case segmented
+    case stacked
+
+    var id: String {
+        self.rawValue
+    }
+
+    var label: String {
+        switch self {
+        case .segmented: L("multi_account_layout_segmented")
+        case .stacked: L("multi_account_layout_stacked")
         }
     }
 }
@@ -61,7 +111,7 @@ enum MenuBarMetricPreference: String, CaseIterable, Identifiable {
 @MainActor
 @Observable
 final class SettingsStore {
-    static let sharedDefaults = UserDefaults(suiteName: "group.com.steipete.codexbar")
+    static let sharedDefaults = AppGroupSupport.sharedDefaults()
     static let mergedOverviewProviderLimit = 3
     static let isRunningTests: Bool = {
         let env = ProcessInfo.processInfo.environment
@@ -82,6 +132,13 @@ final class SettingsStore {
     var providerOrder: [UsageProvider] = []
     var providerEnablement: [UsageProvider: Bool] = [:]
 
+    static func shouldBridgeSharedDefaults(for userDefaults: UserDefaults) -> Bool {
+        if !self.isRunningTests { return true }
+        if userDefaults === UserDefaults.standard { return true }
+        if let shared = sharedDefaults, userDefaults === shared { return true }
+        return false
+    }
+
     init(
         userDefaults: UserDefaults = .standard,
         configStore: CodexBarConfigStore = CodexBarConfigStore(),
@@ -115,6 +172,34 @@ final class SettingsStore {
         copilotTokenStore: any CopilotTokenStoring = KeychainCopilotTokenStore(),
         tokenAccountStore: any ProviderTokenAccountStoring = FileTokenAccountStore())
     {
+        let appGroupID = AppGroupSupport.currentGroupID()
+        let appGroupMigration: AppGroupSupport.MigrationResult
+        if Self.isRunningTests {
+            appGroupMigration = AppGroupSupport.migrateLegacyDataIfNeeded(standardDefaults: userDefaults)
+        } else {
+            Self.scheduleAppGroupMigration()
+            appGroupMigration = AppGroupSupport.MigrationResult(status: .targetUnavailable)
+        }
+        let sharedDefaultsAvailable = Self.sharedDefaults != nil
+        if !Self.isRunningTests {
+            CodexBarLog.logger(LogCategories.settings).info(
+                "App group resolved",
+                metadata: [
+                    "groupID": appGroupID,
+                    "sharedDefaultsAvailable": sharedDefaultsAvailable ? "1" : "0",
+                    "migrationStatus": appGroupMigration.status.rawValue,
+                    "migratedSnapshot": appGroupMigration.copiedSnapshot ? "1" : "0",
+                    "migratedDefaults": "\(appGroupMigration.copiedDefaults)",
+                ])
+        }
+
+        if userDefaults.object(forKey: "openAIWebAccessEnabled") == nil,
+           let legacyOpenAIWebAccess = userDefaults.object(forKey: "openAIWebAccess") as? Bool
+        {
+            userDefaults.set(legacyOpenAIWebAccess, forKey: "openAIWebAccessEnabled")
+        }
+        let hasStoredOpenAIWebAccessPreference = userDefaults.object(forKey: "openAIWebAccessEnabled") != nil
+        let hadExistingConfig = (try? configStore.load()) != nil
         let legacyStores = CodexBarConfigMigrator.LegacyStores(
             zaiTokenStore: zaiTokenStore,
             syntheticTokenStore: syntheticTokenStore,
@@ -147,33 +232,82 @@ final class SettingsStore {
         userDefaults.removeObject(forKey: "showClaudeUsage")
         LaunchAtLoginManager.setEnabled(self.launchAtLogin)
         self.runInitialProviderDetectionIfNeeded()
+        self.ensureAlibabaProviderAutoEnabledIfNeeded()
         self.applyTokenCostDefaultIfNeeded()
-        if self.claudeUsageDataSource != .cli { self.claudeWebExtrasEnabled = false }
-        self.openAIWebAccessEnabled = self.codexCookieSource.isEnabled
-        Self.sharedDefaults?.set(self.debugDisableKeychainAccess, forKey: "debugDisableKeychainAccess")
+        if self.claudeUsageDataSource != .cli {
+            if Self.isRunningTests {
+                self.claudeWebExtrasEnabled = false
+            } else {
+                self.defaultsState.claudeWebExtrasEnabledRaw = false
+            }
+        }
+        let resolvedOpenAIWebAccessEnabled = if hasStoredOpenAIWebAccessPreference {
+            self.defaultsState.openAIWebAccessEnabled
+        } else {
+            Self.inferredInitialOpenAIWebAccessEnabled(
+                config: config,
+                hadExistingConfig: hadExistingConfig)
+        }
+        if Self.isRunningTests {
+            self.openAIWebAccessEnabled = resolvedOpenAIWebAccessEnabled
+        } else {
+            self.defaultsState.openAIWebAccessEnabled = resolvedOpenAIWebAccessEnabled
+        }
         KeychainAccessGate.isDisabled = self.debugDisableKeychainAccess
     }
 }
 
 extension SettingsStore {
+    private static func scheduleAppGroupMigration() {
+        Task.detached(priority: .utility) {
+            let result = AppGroupSupport.migrateLegacyDataIfNeeded()
+            CodexBarLog.logger(LogCategories.settings).info(
+                "App group migration completed",
+                metadata: [
+                    "migrationStatus": result.status.rawValue,
+                    "migratedSnapshot": result.copiedSnapshot ? "1" : "0",
+                    "migratedDefaults": "\(result.copiedDefaults)",
+                ])
+        }
+    }
+
+    private static func inferredInitialOpenAIWebAccessEnabled(
+        config: CodexBarConfig,
+        hadExistingConfig: Bool) -> Bool
+    {
+        guard let codex = config.providerConfig(for: .codex) else { return false }
+        if let cookieSource = codex.cookieSource { return cookieSource.isEnabled }
+        if codex.sanitizedCookieHeader != nil { return true }
+        return hadExistingConfig
+    }
+
+    // swiftlint:disable:next function_body_length
     private static func loadDefaultsState(userDefaults: UserDefaults) -> SettingsDefaultsState {
-        let refreshRaw = userDefaults.string(forKey: "refreshFrequency") ?? RefreshFrequency.fiveMinutes.rawValue
-        let refreshFrequency = RefreshFrequency(rawValue: refreshRaw) ?? .fiveMinutes
+        let refreshDefault = userDefaults.string(forKey: "refreshFrequency")
+            .flatMap(RefreshFrequency.init(rawValue:))
+        let refreshFrequency = refreshDefault ?? .fiveMinutes
+        if Self.isRunningTests, refreshDefault == nil {
+            userDefaults.set(refreshFrequency.rawValue, forKey: "refreshFrequency")
+        }
         let launchAtLogin = userDefaults.object(forKey: "launchAtLogin") as? Bool ?? false
         let debugMenuEnabled = userDefaults.object(forKey: "debugMenuEnabled") as? Bool ?? false
         let debugDisableKeychainAccess: Bool = {
             if let stored = userDefaults.object(forKey: "debugDisableKeychainAccess") as? Bool {
                 return stored
             }
-            if let shared = Self.sharedDefaults?.object(forKey: "debugDisableKeychainAccess") as? Bool {
-                userDefaults.set(shared, forKey: "debugDisableKeychainAccess")
+            if Self.shouldBridgeSharedDefaults(for: userDefaults),
+               let shared = Self.sharedDefaults?.object(forKey: "debugDisableKeychainAccess") as? Bool
+            {
+                if Self.isRunningTests {
+                    userDefaults.set(shared, forKey: "debugDisableKeychainAccess")
+                }
                 return shared
             }
             return false
         }()
         let debugFileLoggingEnabled = userDefaults.object(forKey: "debugFileLoggingEnabled") as? Bool ?? false
         let debugLogLevelRaw = userDefaults.string(forKey: "debugLogLevel") ?? CodexBarLog.Level.verbose.rawValue
-        if userDefaults.string(forKey: "debugLogLevel") == nil {
+        if Self.isRunningTests, userDefaults.string(forKey: "debugLogLevel") == nil {
             userDefaults.set(debugLogLevelRaw, forKey: "debugLogLevel")
         }
         let debugLoadingPatternRaw = userDefaults.string(forKey: "debugLoadingPattern")
@@ -181,45 +315,65 @@ extension SettingsStore {
         let statusChecksEnabled = userDefaults.object(forKey: "statusChecksEnabled") as? Bool ?? true
         let sessionQuotaDefault = userDefaults.object(forKey: "sessionQuotaNotificationsEnabled") as? Bool
         let sessionQuotaNotificationsEnabled = sessionQuotaDefault ?? true
-        if sessionQuotaDefault == nil {
+        if Self.isRunningTests, sessionQuotaDefault == nil {
             userDefaults.set(true, forKey: "sessionQuotaNotificationsEnabled")
         }
+        let quotaWarnings = Self.loadQuotaWarningDefaults(userDefaults: userDefaults)
+        let quotaWarningMarkersVisibleDefault = userDefaults.object(forKey: "quotaWarningMarkersVisible") as? Bool
+        let quotaWarningMarkersVisible = quotaWarningMarkersVisibleDefault ?? true
+        if Self.isRunningTests, quotaWarningMarkersVisibleDefault == nil {
+            userDefaults.set(true, forKey: "quotaWarningMarkersVisible")
+        }
+        let weeklyProgressWorkDays = userDefaults.object(forKey: "weeklyProgressWorkDays") as? Int
         let usageBarsShowUsed = userDefaults.object(forKey: "usageBarsShowUsed") as? Bool ?? false
         let resetTimesShowAbsolute = userDefaults.object(forKey: "resetTimesShowAbsolute") as? Bool ?? false
+        let providerChangelogLinksEnabled = userDefaults.object(
+            forKey: "providerChangelogLinksEnabled") as? Bool ?? false
         let menuBarShowsBrandIconWithPercent = userDefaults.object(
             forKey: "menuBarShowsBrandIconWithPercent") as? Bool ?? false
         let menuBarDisplayModeRaw = userDefaults.string(forKey: "menuBarDisplayMode")
             ?? MenuBarDisplayMode.percent.rawValue
         let menuBarSeparatorStyleRaw = userDefaults.string(forKey: "menuBarSeparatorStyle")
             ?? MenuBarSeparatorStyle.dot.rawValue
-        let menuBarPercentTimeWindowRaw = userDefaults.string(forKey: "menuBarPercentTimeWindow")
-            ?? MenuBarTimeWindow.session.rawValue
-        let menuBarPaceTimeWindowRaw = userDefaults.string(forKey: "menuBarPaceTimeWindow")
-            ?? MenuBarTimeWindow.weekly.rawValue
+        let kiroMenuBarDisplayModeRaw = userDefaults.string(forKey: "kiroMenuBarDisplayMode")
+            ?? KiroMenuBarDisplayMode.automatic.rawValue
         let historicalTrackingEnabled = userDefaults.object(forKey: "historicalTrackingEnabled") as? Bool ?? false
-        let showAllTokenAccountsInMenu = userDefaults.object(forKey: "showAllTokenAccountsInMenu") as? Bool ?? false
-        let storedPreferences = userDefaults.dictionary(forKey: "menuBarMetricPreferences") as? [String: String] ?? [:]
-        var resolvedPreferences = storedPreferences
-        if resolvedPreferences.isEmpty,
-           let menuBarMetricRaw = userDefaults.string(forKey: "menuBarMetricPreference"),
-           let legacyPreference = MenuBarMetricPreference(rawValue: menuBarMetricRaw)
-        {
-            resolvedPreferences = Dictionary(
-                uniqueKeysWithValues: UsageProvider.allCases.map { ($0.rawValue, legacyPreference.rawValue) })
-        }
+        let multiAccountMenuLayoutRaw = userDefaults.string(forKey: "multiAccountMenuLayout") ?? {
+            let legacyShowAll = userDefaults.object(forKey: "showAllTokenAccountsInMenu") as? Bool ?? false
+            return legacyShowAll ? MultiAccountMenuLayout.stacked.rawValue : MultiAccountMenuLayout.segmented.rawValue
+        }()
+        let resolvedPreferences = Self.loadMenuBarMetricPreferences(userDefaults: userDefaults)
         let costUsageEnabled = userDefaults.object(forKey: "tokenCostUsageEnabled") as? Bool ?? false
+        let rawCostUsageHistoryDays = userDefaults.object(forKey: "tokenCostUsageHistoryDays") as? Int ?? 30
+        let costUsageHistoryDays = max(1, min(365, rawCostUsageHistoryDays))
         let hidePersonalInfo = userDefaults.object(forKey: "hidePersonalInfo") as? Bool ?? false
         let randomBlinkEnabled = userDefaults.object(forKey: "randomBlinkEnabled") as? Bool ?? false
+        let confettiOnWeeklyLimitResetsEnabled = userDefaults.object(
+            forKey: "confettiOnWeeklyLimitResetsEnabled") as? Bool ?? false
         let menuBarShowsHighestUsage = userDefaults.object(forKey: "menuBarShowsHighestUsage") as? Bool ?? false
         let claudeOAuthKeychainPromptModeRaw = userDefaults.string(forKey: "claudeOAuthKeychainPromptMode")
         let claudeOAuthKeychainReadStrategyRaw = userDefaults.string(forKey: "claudeOAuthKeychainReadStrategy")
         let claudeWebExtrasEnabledRaw = userDefaults.object(forKey: "claudeWebExtrasEnabled") as? Bool ?? false
         let creditsExtrasDefault = userDefaults.object(forKey: "showOptionalCreditsAndExtraUsage") as? Bool
         let showOptionalCreditsAndExtraUsage = creditsExtrasDefault ?? true
-        if creditsExtrasDefault == nil { userDefaults.set(true, forKey: "showOptionalCreditsAndExtraUsage") }
+        if Self.isRunningTests, creditsExtrasDefault == nil {
+            userDefaults.set(true, forKey: "showOptionalCreditsAndExtraUsage")
+        }
         let openAIWebAccessDefault = userDefaults.object(forKey: "openAIWebAccessEnabled") as? Bool
-        let openAIWebAccessEnabled = openAIWebAccessDefault ?? true
-        if openAIWebAccessDefault == nil { userDefaults.set(true, forKey: "openAIWebAccessEnabled") }
+        let openAIWebAccessEnabled = openAIWebAccessDefault ?? false
+        if Self.isRunningTests, openAIWebAccessDefault == nil {
+            userDefaults.set(false, forKey: "openAIWebAccessEnabled")
+        }
+        let openAIWebBatterySaverDefault = userDefaults.object(forKey: "openAIWebBatterySaverEnabled") as? Bool
+        let openAIWebBatterySaverEnabled = openAIWebBatterySaverDefault ?? false
+        if Self.isRunningTests, openAIWebBatterySaverDefault == nil {
+            userDefaults.set(false, forKey: "openAIWebBatterySaverEnabled")
+        }
+        let providerStorageFootprintsDefault = userDefaults.object(forKey: "providerStorageFootprintsEnabled") as? Bool
+        let providerStorageFootprintsEnabled = providerStorageFootprintsDefault ?? false
+        if Self.isRunningTests, providerStorageFootprintsDefault == nil {
+            userDefaults.set(false, forKey: "providerStorageFootprintsEnabled")
+        }
         let jetbrainsIDEBasePath = userDefaults.string(forKey: "jetbrainsIDEBasePath") ?? ""
         let colorCodedIcons = userDefaults.object(forKey: "colorCodedIcons") as? Bool ?? true
         let mergeIcons = userDefaults.object(forKey: "mergeIcons") as? Bool ?? true
@@ -230,6 +384,7 @@ extension SettingsStore {
             forKey: "mergedOverviewSelectedProviders") as? [String] ?? []
         let selectedMenuProviderRaw = userDefaults.string(forKey: "selectedMenuProvider")
         let providerDetectionCompleted = userDefaults.object(forKey: "providerDetectionCompleted") as? Bool ?? false
+        let appLanguageRaw = userDefaults.string(forKey: "appLanguage")
 
         return SettingsDefaultsState(
             refreshFrequency: refreshFrequency,
@@ -242,25 +397,38 @@ extension SettingsStore {
             debugKeepCLISessionsAlive: debugKeepCLISessionsAlive,
             statusChecksEnabled: statusChecksEnabled,
             sessionQuotaNotificationsEnabled: sessionQuotaNotificationsEnabled,
+            quotaWarningNotificationsEnabled: quotaWarnings.notificationsEnabled,
+            quotaWarningThresholdsRaw: quotaWarnings.thresholdsRaw,
+            quotaWarningSessionThresholdsRaw: quotaWarnings.sessionThresholdsRaw,
+            quotaWarningWeeklyThresholdsRaw: quotaWarnings.weeklyThresholdsRaw,
+            quotaWarningSessionEnabled: quotaWarnings.sessionEnabled,
+            quotaWarningWeeklyEnabled: quotaWarnings.weeklyEnabled,
+            quotaWarningSoundEnabled: quotaWarnings.soundEnabled,
+            quotaWarningMarkersVisible: quotaWarningMarkersVisible,
+            weeklyProgressWorkDays: weeklyProgressWorkDays,
             usageBarsShowUsed: usageBarsShowUsed,
             resetTimesShowAbsolute: resetTimesShowAbsolute,
+            providerChangelogLinksEnabled: providerChangelogLinksEnabled,
             menuBarShowsBrandIconWithPercent: menuBarShowsBrandIconWithPercent,
             menuBarDisplayModeRaw: menuBarDisplayModeRaw,
             menuBarSeparatorStyleRaw: menuBarSeparatorStyleRaw,
-            menuBarPercentTimeWindowRaw: menuBarPercentTimeWindowRaw,
-            menuBarPaceTimeWindowRaw: menuBarPaceTimeWindowRaw,
+            kiroMenuBarDisplayModeRaw: kiroMenuBarDisplayModeRaw,
             historicalTrackingEnabled: historicalTrackingEnabled,
-            showAllTokenAccountsInMenu: showAllTokenAccountsInMenu,
+            multiAccountMenuLayoutRaw: multiAccountMenuLayoutRaw,
             menuBarMetricPreferencesRaw: resolvedPreferences,
             costUsageEnabled: costUsageEnabled,
+            costUsageHistoryDays: costUsageHistoryDays,
             hidePersonalInfo: hidePersonalInfo,
             randomBlinkEnabled: randomBlinkEnabled,
+            confettiOnWeeklyLimitResetsEnabled: confettiOnWeeklyLimitResetsEnabled,
             menuBarShowsHighestUsage: menuBarShowsHighestUsage,
             claudeOAuthKeychainPromptModeRaw: claudeOAuthKeychainPromptModeRaw,
             claudeOAuthKeychainReadStrategyRaw: claudeOAuthKeychainReadStrategyRaw,
             claudeWebExtrasEnabledRaw: claudeWebExtrasEnabledRaw,
             showOptionalCreditsAndExtraUsage: showOptionalCreditsAndExtraUsage,
             openAIWebAccessEnabled: openAIWebAccessEnabled,
+            openAIWebBatterySaverEnabled: openAIWebBatterySaverEnabled,
+            providerStorageFootprintsEnabled: providerStorageFootprintsEnabled,
             jetbrainsIDEBasePath: jetbrainsIDEBasePath,
             colorCodedIcons: colorCodedIcons,
             mergeIcons: mergeIcons,
@@ -268,7 +436,75 @@ extension SettingsStore {
             mergedMenuLastSelectedWasOverview: mergedMenuLastSelectedWasOverview,
             mergedOverviewSelectedProvidersRaw: mergedOverviewSelectedProvidersRaw,
             selectedMenuProviderRaw: selectedMenuProviderRaw,
-            providerDetectionCompleted: providerDetectionCompleted)
+            providerDetectionCompleted: providerDetectionCompleted,
+            appLanguageRaw: appLanguageRaw)
+    }
+
+    private static func loadMenuBarMetricPreferences(userDefaults: UserDefaults) -> [String: String] {
+        let storedPreferences = userDefaults.dictionary(forKey: "menuBarMetricPreferences") as? [String: String] ?? [:]
+        if !storedPreferences.isEmpty {
+            return storedPreferences
+        }
+        guard let menuBarMetricRaw = userDefaults.string(forKey: "menuBarMetricPreference"),
+              let legacyPreference = MenuBarMetricPreference(rawValue: menuBarMetricRaw)
+        else { return [:] }
+        return Dictionary(uniqueKeysWithValues: UsageProvider.allCases.map { ($0.rawValue, legacyPreference.rawValue) })
+    }
+
+    private struct LoadedQuotaWarningDefaults {
+        var notificationsEnabled: Bool
+        var thresholdsRaw: [Int]
+        var sessionThresholdsRaw: [Int]
+        var weeklyThresholdsRaw: [Int]
+        var sessionEnabled: Bool
+        var weeklyEnabled: Bool
+        var soundEnabled: Bool
+    }
+
+    private static func loadQuotaWarningDefaults(userDefaults: UserDefaults) -> LoadedQuotaWarningDefaults {
+        let notificationsEnabled = userDefaults.object(forKey: "quotaWarningNotificationsEnabled") as? Bool ?? false
+        let rawThresholds = userDefaults.array(forKey: "quotaWarningThresholds") as? [Int]
+        let thresholdsRaw = QuotaWarningThresholds.sanitized(rawThresholds ?? QuotaWarningThresholds.defaults)
+        if Self.isRunningTests, rawThresholds != thresholdsRaw {
+            userDefaults.set(thresholdsRaw, forKey: "quotaWarningThresholds")
+        }
+        let rawSessionThresholds = userDefaults.array(forKey: "quotaWarningSessionThresholds") as? [Int]
+        let sessionThresholdsRaw = QuotaWarningThresholds.sanitized(rawSessionThresholds ?? thresholdsRaw)
+        if Self.isRunningTests, rawSessionThresholds != sessionThresholdsRaw {
+            userDefaults.set(sessionThresholdsRaw, forKey: "quotaWarningSessionThresholds")
+        }
+        let rawWeeklyThresholds = userDefaults.array(forKey: "quotaWarningWeeklyThresholds") as? [Int]
+        let weeklyThresholdsRaw = QuotaWarningThresholds.sanitized(rawWeeklyThresholds ?? thresholdsRaw)
+        if Self.isRunningTests, rawWeeklyThresholds != weeklyThresholdsRaw {
+            userDefaults.set(weeklyThresholdsRaw, forKey: "quotaWarningWeeklyThresholds")
+        }
+
+        let sessionDefault = userDefaults.object(forKey: "quotaWarningSessionEnabled") as? Bool
+        let sessionEnabled = sessionDefault ?? true
+        if Self.isRunningTests, sessionDefault == nil {
+            userDefaults.set(true, forKey: "quotaWarningSessionEnabled")
+        }
+
+        let weeklyDefault = userDefaults.object(forKey: "quotaWarningWeeklyEnabled") as? Bool
+        let weeklyEnabled = weeklyDefault ?? true
+        if Self.isRunningTests, weeklyDefault == nil {
+            userDefaults.set(true, forKey: "quotaWarningWeeklyEnabled")
+        }
+
+        let soundDefault = userDefaults.object(forKey: "quotaWarningSoundEnabled") as? Bool
+        let soundEnabled = soundDefault ?? true
+        if Self.isRunningTests, soundDefault == nil {
+            userDefaults.set(true, forKey: "quotaWarningSoundEnabled")
+        }
+
+        return LoadedQuotaWarningDefaults(
+            notificationsEnabled: notificationsEnabled,
+            thresholdsRaw: thresholdsRaw,
+            sessionThresholdsRaw: sessionThresholdsRaw,
+            weeklyThresholdsRaw: weeklyThresholdsRaw,
+            sessionEnabled: sessionEnabled,
+            weeklyEnabled: weeklyEnabled,
+            soundEnabled: soundEnabled)
     }
 }
 
@@ -328,6 +564,9 @@ extension SettingsStore {
         self.updateProviderConfig(provider: provider) { entry in
             entry.enabled = enabled
         }
+        if !enabled, self.selectedMenuProvider == provider {
+            self.selectedMenuProvider = nil
+        }
     }
 
     func rerunProviderDetection() {
diff --git a/Sources/CodexBar/SettingsStoreState.swift b/Sources/CodexBar/SettingsStoreState.swift
index 564f49c41..4765c1145 100644
--- a/Sources/CodexBar/SettingsStoreState.swift
+++ b/Sources/CodexBar/SettingsStoreState.swift
@@ -1,6 +1,6 @@
 import Foundation
 
-struct SettingsDefaultsState: Sendable {
+struct SettingsDefaultsState {
     var refreshFrequency: RefreshFrequency
     var launchAtLogin: Bool
     var debugMenuEnabled: Bool
@@ -11,25 +11,38 @@ struct SettingsDefaultsState: Sendable {
     var debugKeepCLISessionsAlive: Bool
     var statusChecksEnabled: Bool
     var sessionQuotaNotificationsEnabled: Bool
+    var quotaWarningNotificationsEnabled: Bool
+    var quotaWarningThresholdsRaw: [Int]
+    var quotaWarningSessionThresholdsRaw: [Int]
+    var quotaWarningWeeklyThresholdsRaw: [Int]
+    var quotaWarningSessionEnabled: Bool
+    var quotaWarningWeeklyEnabled: Bool
+    var quotaWarningSoundEnabled: Bool
+    var quotaWarningMarkersVisible: Bool
+    var weeklyProgressWorkDays: Int?
     var usageBarsShowUsed: Bool
     var resetTimesShowAbsolute: Bool
+    var providerChangelogLinksEnabled: Bool
     var menuBarShowsBrandIconWithPercent: Bool
     var menuBarDisplayModeRaw: String?
     var menuBarSeparatorStyleRaw: String?
-    var menuBarPercentTimeWindowRaw: String?
-    var menuBarPaceTimeWindowRaw: String?
+    var kiroMenuBarDisplayModeRaw: String?
     var historicalTrackingEnabled: Bool
-    var showAllTokenAccountsInMenu: Bool
+    var multiAccountMenuLayoutRaw: String
     var menuBarMetricPreferencesRaw: [String: String]
     var costUsageEnabled: Bool
+    var costUsageHistoryDays: Int
     var hidePersonalInfo: Bool
     var randomBlinkEnabled: Bool
+    var confettiOnWeeklyLimitResetsEnabled: Bool
     var menuBarShowsHighestUsage: Bool
     var claudeOAuthKeychainPromptModeRaw: String?
     var claudeOAuthKeychainReadStrategyRaw: String?
     var claudeWebExtrasEnabledRaw: Bool
     var showOptionalCreditsAndExtraUsage: Bool
     var openAIWebAccessEnabled: Bool
+    var openAIWebBatterySaverEnabled: Bool
+    var providerStorageFootprintsEnabled: Bool
     var jetbrainsIDEBasePath: String
     var colorCodedIcons: Bool
     var mergeIcons: Bool
@@ -38,4 +51,5 @@ struct SettingsDefaultsState: Sendable {
     var mergedOverviewSelectedProvidersRaw: [String]
     var selectedMenuProviderRaw: String?
     var providerDetectionCompleted: Bool
+    var appLanguageRaw: String?
 }
diff --git a/Sources/CodexBar/StatusItemController+AccountMenuDisplay.swift b/Sources/CodexBar/StatusItemController+AccountMenuDisplay.swift
new file mode 100644
index 000000000..ea0bb9d2d
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+AccountMenuDisplay.swift
@@ -0,0 +1,75 @@
+import AppKit
+import CodexBarCore
+
+extension StatusItemController {
+    func tokenAccountMenuDisplay(for provider: UsageProvider) -> TokenAccountMenuDisplay? {
+        guard TokenAccountSupportCatalog.support(for: provider) != nil else { return nil }
+        let accounts = self.settings.tokenAccounts(for: provider)
+        guard accounts.count > 1 else { return nil }
+        let activeIndex = self.settings.tokenAccountsData(for: provider)?.clampedActiveIndex() ?? 0
+        let showAll = self.settings.multiAccountMenuLayout == .stacked
+        let displayAccounts = showAll
+            ? self.store.limitedTokenAccounts(accounts, selected: self.settings.selectedTokenAccount(for: provider))
+            : accounts
+        let snapshots = showAll
+            ? self.tokenAccountSnapshots(for: provider, matching: displayAccounts)
+            : []
+        return TokenAccountMenuDisplay(
+            provider: provider,
+            accounts: displayAccounts,
+            snapshots: snapshots,
+            activeIndex: activeIndex,
+            layout: showAll ? .stacked : .segmented)
+    }
+
+    private func tokenAccountSnapshots(
+        for provider: UsageProvider,
+        matching accounts: [ProviderTokenAccount]) -> [TokenAccountUsageSnapshot]
+    {
+        var snapshotsByID: [UUID: TokenAccountUsageSnapshot] = [:]
+        for snapshot in self.store.accountSnapshots[provider] ?? [] {
+            snapshotsByID[snapshot.account.id] = snapshot
+        }
+        return accounts.compactMap { snapshotsByID[$0.id] }
+    }
+
+    func codexAccountMenuDisplay(for provider: UsageProvider) -> CodexAccountMenuDisplay? {
+        guard provider == .codex else { return nil }
+        let projection = self.settings.codexVisibleAccountProjection
+        guard projection.visibleAccounts.count > 1 else { return nil }
+        let showAll = self.settings.multiAccountMenuLayout == .stacked
+        let accounts = showAll
+            ? self.store.limitedCodexVisibleAccounts(
+                projection.visibleAccounts,
+                snapshots: self.store.codexAccountSnapshots,
+                activeVisibleAccountID: projection.activeVisibleAccountID)
+            : projection.visibleAccounts
+        let snapshots = showAll ? self.codexAccountSnapshots(matching: accounts) : []
+        return CodexAccountMenuDisplay(
+            accounts: accounts,
+            snapshots: snapshots,
+            activeVisibleAccountID: projection.activeVisibleAccountID,
+            layout: showAll ? .stacked : .segmented)
+    }
+
+    private func codexAccountSnapshots(matching accounts: [CodexVisibleAccount]) -> [CodexAccountUsageSnapshot] {
+        var snapshotsByID: [String: CodexAccountUsageSnapshot] = [:]
+        for snapshot in self.store.codexAccountSnapshots {
+            snapshotsByID[snapshot.id] = snapshot
+        }
+        return accounts.compactMap { snapshotsByID[$0.id] }
+    }
+
+    func stableCodexAccountMenuDisplay(
+        _ display: CodexAccountMenuDisplay?,
+        menu: NSMenu,
+        provider: UsageProvider) -> CodexAccountMenuDisplay?
+    {
+        guard provider == .codex else { return display }
+        guard display == nil else { return display }
+        guard self.openMenus[ObjectIdentifier(menu)] != nil else { return display }
+        guard menu.items.contains(where: { $0.view is CodexAccountSwitcherView }) else { return display }
+        guard let previous = self.lastCodexAccountMenuDisplay, previous.showSwitcher else { return display }
+        return previous
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+Actions.swift b/Sources/CodexBar/StatusItemController+Actions.swift
index efe63ffd8..fbb4ebcde 100644
--- a/Sources/CodexBar/StatusItemController+Actions.swift
+++ b/Sources/CodexBar/StatusItemController+Actions.swift
@@ -1,21 +1,67 @@
 import AppKit
 import CodexBarCore
 
-extension StatusItemController {
+enum LoginNotificationLogic {
+    static func notificationCopy(providerName: String) -> (title: String, body: String) {
+        (
+            L("login_success_notification_title", providerName),
+            L("login_success_notification_body"))
+    }
+}
+
+extension StatusItemController: StatusItemMenuPersistentActionDelegate {
     // MARK: - Actions reachable from menus
 
-    func refreshStore(forceTokenUsage: Bool) {
+    func refreshStore(forceTokenUsage: Bool, refreshOpenMenusWhenComplete: Bool = true) {
         Task {
             await ProviderInteractionContext.$current.withValue(.userInitiated) {
                 await self.store.refresh(forceTokenUsage: forceTokenUsage)
+                self.store.scheduleStorageFootprintRefreshForOverview(force: true)
+                if refreshOpenMenusWhenComplete {
+                    self.refreshOpenMenusAfterExplicitStoreAction()
+                } else {
+                    self.invalidateMenus()
+                }
             }
         }
     }
 
+    func refreshOpenMenusAfterExplicitStoreAction() {
+        self.invalidateMenus(refreshOpenMenus: true)
+    }
+
     @objc func refreshNow() {
         self.refreshStore(forceTokenUsage: true)
     }
 
+    nonisolated func performPersistentRefreshAction() {
+        Task { @MainActor [weak self] in
+            self?.refreshNow()
+        }
+    }
+
+    nonisolated func performPersistentSettingsAction() {
+        Task { @MainActor [weak self] in
+            guard let self else { return }
+            self.closeOpenMenusFromShortcutIfNeeded()
+            self.showSettingsGeneral()
+        }
+    }
+
+    nonisolated func performPersistentQuitAction() {
+        Task { @MainActor [weak self] in
+            guard let self else { return }
+            self.closeOpenMenusFromShortcutIfNeeded()
+            self.quit()
+        }
+    }
+
+    nonisolated func performProviderNavigation(_ direction: StatusItemMenuProviderNavigationDirection) {
+        Task { @MainActor [weak self] in
+            self?.navigateProviderSwitcher(direction)
+        }
+    }
+
     @objc func refreshAugmentSession() {
         Task {
             await self.store.forceRefreshAugmentSession()
@@ -23,11 +69,12 @@ extension StatusItemController {
             await ProviderInteractionContext.$current.withValue(.userInitiated) {
                 await self.store.refresh(forceTokenUsage: false)
             }
+            self.refreshOpenMenusAfterExplicitStoreAction()
         }
     }
 
     @objc func installUpdate() {
-        self.updater.checkForUpdates(nil)
+        self.updater.installUpdate()
     }
 
     @objc func openDashboard() {
@@ -35,17 +82,31 @@ extension StatusItemController {
             ?? (self.store.isEnabled(.codex) ? .codex : self.store.enabledProviders().first)
 
         let provider = preferred ?? .codex
-        let meta = self.store.metadata(for: provider)
+        guard let url = self.dashboardURL(for: provider) else { return }
+        NSWorkspace.shared.open(url)
+    }
+
+    func dashboardURL(for provider: UsageProvider) -> URL? {
+        if provider == .alibaba {
+            return self.settings.alibabaCodingPlanAPIRegion.dashboardURL
+        }
+        if provider == .minimax {
+            return self.settings.minimaxAPIRegion.dashboardURL
+        }
+
+        if provider == .opencodego {
+            return self.settings.opencodegoDashboardURL
+        }
 
-        // For Claude, route subscription users to claude.ai/settings/usage instead of console billing
+        let meta = self.store.metadata(for: provider)
         let urlString: String? = if provider == .claude, self.store.isClaudeSubscription() {
             meta.subscriptionDashboardURL ?? meta.dashboardURL
         } else {
             meta.dashboardURL
         }
 
-        guard let urlString, let url = URL(string: urlString) else { return }
-        NSWorkspace.shared.open(url)
+        guard let urlString else { return nil }
+        return URL(string: urlString)
     }
 
     @objc func openCreditsPurchase() {
@@ -67,13 +128,22 @@ extension StatusItemController {
         self.creditsPurchaseWindow = controller
     }
 
-    private static func sanitizedCreditsPurchaseURL(_ raw: String?) -> String? {
+    static func sanitizedCreditsPurchaseURL(_ raw: String?) -> String? {
         guard let raw, let url = URL(string: raw) else { return nil }
-        guard let host = url.host?.lowercased(), host.contains("chatgpt.com") else { return nil }
-        let path = url.path.lowercased()
+        guard Self.isAllowedChatGPTPurchaseHost(url) else { return nil }
+        let pathComponents = url.pathComponents.map { $0.lowercased() }
         let allowed = ["settings", "usage", "billing", "credits"]
-        guard allowed.contains(where: { path.contains($0) }) else { return nil }
-        return url.absoluteString
+        guard pathComponents.contains(where: { allowed.contains($0) }) else { return nil }
+        var components = URLComponents(url: url, resolvingAgainstBaseURL: false)
+        components?.query = nil
+        components?.fragment = nil
+        return components?.url?.absoluteString ?? url.absoluteString
+    }
+
+    private static func isAllowedChatGPTPurchaseHost(_ url: URL) -> Bool {
+        guard url.scheme?.lowercased() == "https" else { return false }
+        guard let host = url.host?.lowercased() else { return false }
+        return host == "chatgpt.com" || host.hasSuffix(".chatgpt.com")
     }
 
     @objc func openStatusPage() {
@@ -87,6 +157,16 @@ extension StatusItemController {
         NSWorkspace.shared.open(url)
     }
 
+    @objc func openChangelog() {
+        let preferred = self.lastMenuProvider
+            ?? (self.store.isEnabled(.codex) ? .codex : self.store.enabledProviders().first)
+
+        let provider = preferred ?? .codex
+        let meta = self.store.metadata(for: provider)
+        guard let urlString = meta.changelogURL, let url = URL(string: urlString) else { return }
+        NSWorkspace.shared.open(url)
+    }
+
     @objc func openTerminalCommand(_ sender: NSMenuItem) {
         let command = sender.representedObject as? String ?? "claude"
         Self.openTerminal(command: command)
@@ -98,6 +178,50 @@ extension StatusItemController {
         NSWorkspace.shared.open(url)
     }
 
+    @objc func addManagedCodexAccountFromMenu(_: NSMenuItem) {
+        guard self.codexAccountPromotionCoordinator.isInteractionBlocked() == false else {
+            self.loginLogger.info("Add Account tap ignored: Codex account change already in-flight")
+            return
+        }
+        guard self.settings.hasUnreadableManagedCodexAccountStore == false else {
+            self.presentLoginAlert(
+                title: L("Managed Codex accounts unavailable"),
+                message: L(
+                    "CodexBar could not read managed account storage. " +
+                        "Recover the store before adding another account."))
+            return
+        }
+
+        Task { @MainActor [weak self] in
+            guard let self else { return }
+            do {
+                let account = try await self.managedCodexAccountCoordinator.authenticateManagedAccount()
+                self.settings.selectAuthenticatedManagedCodexAccount(account)
+                await ProviderInteractionContext.$current.withValue(.userInitiated) {
+                    await self.store.refreshCodexAccountScopedState(allowDisabled: true)
+                }
+            } catch {
+                self.presentManagedCodexAccountError(error)
+            }
+        }
+    }
+
+    @objc func requestCodexSystemPromotionFromMenu(_ sender: NSMenuItem) {
+        guard let rawManagedAccountID = sender.representedObject as? String,
+              let managedAccountID = UUID(uuidString: rawManagedAccountID)
+        else {
+            return
+        }
+
+        Task { @MainActor [weak self] in
+            guard let self else { return }
+            let result = await self.codexAccountPromotionCoordinator.promote(managedAccountID: managedAccountID)
+            if case let .failure(error) = result {
+                self.presentLoginAlert(title: error.title, message: error.message)
+            }
+        }
+    }
+
     @objc func runSwitchAccount(_ sender: NSMenuItem) {
         if self.loginTask != nil {
             self.loginLogger.info("Switch Account tap ignored: login already in-flight")
@@ -107,25 +231,18 @@ extension StatusItemController {
         let rawProvider = sender.representedObject as? String
         let provider = rawProvider.flatMap(UsageProvider.init(rawValue:)) ?? self.lastMenuProvider ?? .codex
         self.loginLogger.info("Switch Account tapped", metadata: ["provider": provider.rawValue])
+        self.startLoginFlow(provider: provider)
+    }
 
-        self.loginTask = Task { @MainActor [weak self] in
-            guard let self else { return }
-            defer {
-                self.activeLoginProvider = nil
-                self.loginTask = nil
-            }
-            self.activeLoginProvider = provider
-            self.loginPhase = .requesting
-            self.loginLogger.info("Starting login task", metadata: ["provider": provider.rawValue])
-
-            let shouldRefresh = await self.runLoginFlow(provider: provider)
-            if shouldRefresh {
-                await ProviderInteractionContext.$current.withValue(.userInitiated) {
-                    await self.store.refresh()
-                }
-                self.loginLogger.info("Triggered refresh after login", metadata: ["provider": provider.rawValue])
-            }
+    func runLoginFlowFromSettings(provider: UsageProvider) async {
+        guard self.loginTask == nil else {
+            self.loginLogger.info(
+                "Settings login tap ignored: login already in-flight",
+                metadata: ["provider": provider.rawValue])
+            return
         }
+        self.startLoginFlow(provider: provider)
+        await self.loginTask?.value
     }
 
     @objc func showSettingsGeneral() {
@@ -137,6 +254,10 @@ extension StatusItemController {
     }
 
     func openMenuFromShortcut() {
+        if self.closeOpenMenusFromShortcutIfNeeded() {
+            return
+        }
+
         if self.shouldMergeIcons {
             self.statusItem.button?.performClick(nil)
             return
@@ -148,6 +269,38 @@ extension StatusItemController {
         item.button?.performClick(nil)
     }
 
+    @discardableResult
+    func closeOpenMenusFromShortcutIfNeeded() -> Bool {
+        guard !self.openMenus.isEmpty else { return false }
+
+        let menus = Array(self.openMenus.values)
+        for menu in menus {
+            menu.cancelTrackingWithoutAnimation()
+            self.forgetClosedMenu(menu)
+        }
+        return true
+    }
+
+    func celebrationOriginPoint(for provider: UsageProvider?) -> CGPoint? {
+        let item: NSStatusItem = if self.shouldMergeIcons {
+            self.statusItem
+        } else if let provider, let existing = self.statusItems[provider], existing.isVisible {
+            existing
+        } else {
+            self.lazyStatusItem(for: provider ?? .codex)
+        }
+
+        guard let button = item.button,
+              let window = button.window
+        else {
+            return nil
+        }
+
+        let buttonFrameInWindow = button.convert(button.bounds, to: nil)
+        let screenFrame = window.convertToScreen(buttonFrameInWindow)
+        return CGPoint(x: screenFrame.midX, y: screenFrame.midY)
+    }
+
     private func openSettings(tab: PreferencesTab) {
         DispatchQueue.main.async {
             self.preferencesSelection.tab = tab
@@ -202,25 +355,46 @@ extension StatusItemController {
         return .codex
     }
 
+    private func startLoginFlow(provider: UsageProvider) {
+        self.loginTask = Task { @MainActor [weak self] in
+            guard let self else { return }
+            defer {
+                self.activeLoginProvider = nil
+                self.loginTask = nil
+            }
+            self.activeLoginProvider = provider
+            self.loginPhase = .requesting
+            self.loginLogger.info("Starting login task", metadata: ["provider": provider.rawValue])
+
+            let shouldRefresh = await self.runLoginFlow(provider: provider)
+            if shouldRefresh {
+                await ProviderInteractionContext.$current.withValue(.userInitiated) {
+                    await self.store.refresh()
+                }
+                self.loginLogger.info("Triggered refresh after login", metadata: ["provider": provider.rawValue])
+            }
+        }
+    }
+
     func presentCodexLoginResult(_ result: CodexLoginRunner.Result) {
-        switch result.outcome {
-        case .success:
-            return
-        case .missingBinary:
-            self.presentLoginAlert(
-                title: "Codex CLI not found",
-                message: "Install the Codex CLI (npm i -g @openai/codex) and try again.")
-        case let .launchFailed(message):
-            self.presentLoginAlert(title: "Could not start codex login", message: message)
-        case .timedOut:
-            self.presentLoginAlert(
-                title: "Codex login timed out",
-                message: self.trimmedLoginOutput(result.output))
-        case let .failed(status):
-            let statusLine = "codex login exited with status \(status)."
-            let message = self.trimmedLoginOutput(result.output.isEmpty ? statusLine : result.output)
-            self.presentLoginAlert(title: "Codex login failed", message: message)
+        guard let info = CodexLoginAlertPresentation.alertInfo(for: result) else { return }
+        self.presentLoginAlert(title: info.title, message: info.message)
+    }
+
+    private func presentManagedCodexAccountError(_ error: Error) {
+        let info = if let error = error as? ManagedCodexAccountCoordinatorError,
+                      error == .authenticationInProgress
+        {
+            LoginAlertInfo(
+                title: L("Codex account login already running"),
+                message: L("Wait for the current managed Codex login to finish before adding another account."))
+        } else if let error = error as? ManagedCodexAccountServiceError {
+            LoginAlertInfo(title: L("Could not add Codex account"), message: error.userFacingMessage)
+        } else {
+            LoginAlertInfo(title: L("Could not add Codex account"), message: error.localizedDescription)
         }
+
+        self.presentLoginAlert(title: info.title, message: info.message)
     }
 
     func presentClaudeLoginResult(_ result: ClaudeLoginRunner.Result) {
@@ -229,18 +403,18 @@ extension StatusItemController {
             return
         case .missingBinary:
             self.presentLoginAlert(
-                title: "Claude CLI not found",
-                message: "Install the Claude CLI (npm i -g @anthropic-ai/claude-code) and try again.")
+                title: L("Claude CLI not found"),
+                message: L("Install the Claude CLI (npm i -g @anthropic-ai/claude-code) and try again."))
         case let .launchFailed(message):
-            self.presentLoginAlert(title: "Could not start claude /login", message: message)
+            self.presentLoginAlert(title: L("Could not start claude /login"), message: message)
         case .timedOut:
             self.presentLoginAlert(
-                title: "Claude login timed out",
+                title: L("Claude login timed out"),
                 message: self.trimmedLoginOutput(result.output))
         case let .failed(status):
-            let statusLine = "claude /login exited with status \(status)."
+            let statusLine = String(format: L("claude /login exited with status %d."), status)
             let message = self.trimmedLoginOutput(result.output.isEmpty ? statusLine : result.output)
-            self.presentLoginAlert(title: "Claude login failed", message: message)
+            self.presentLoginAlert(title: L("Claude login failed"), message: message)
         }
     }
 
@@ -272,12 +446,32 @@ extension StatusItemController {
         }
     }
 
+    func describe(_ outcome: AntigravityLoginRunner.Result.Outcome) -> String {
+        switch outcome {
+        case let .success(email):
+            "success(email: \(email ?? "nil"))"
+        case .cancelled:
+            "cancelled"
+        case .timedOut:
+            "timedOut"
+        case let .launchFailed(message):
+            "launchFailed(\(message))"
+        case let .failed(message):
+            "failed(\(message))"
+        }
+    }
+
     func presentGeminiLoginResult(_ result: GeminiLoginRunner.Result) {
         guard let info = Self.geminiLoginAlertInfo(for: result) else { return }
         self.presentLoginAlert(title: info.title, message: info.message)
     }
 
-    struct LoginAlertInfo: Equatable, Sendable {
+    func presentAntigravityLoginResult(_ result: AntigravityLoginRunner.Result) {
+        guard let info = Self.antigravityLoginAlertInfo(for: result) else { return }
+        self.presentLoginAlert(title: info.title, message: info.message)
+    }
+
+    struct LoginAlertInfo: Equatable {
         let title: String
         let message: String
     }
@@ -288,17 +482,34 @@ extension StatusItemController {
             nil
         case .missingBinary:
             LoginAlertInfo(
-                title: "Gemini CLI not found",
-                message: "Install the Gemini CLI (npm i -g @google/gemini-cli) and try again.")
+                title: L("Gemini CLI not found"),
+                message: L("Install the Gemini CLI (npm i -g @google/gemini-cli) and try again."))
         case let .launchFailed(message):
-            LoginAlertInfo(title: "Could not open Terminal for Gemini", message: message)
+            LoginAlertInfo(title: L("Could not open Terminal for Gemini"), message: message)
+        }
+    }
+
+    nonisolated static func antigravityLoginAlertInfo(for result: AntigravityLoginRunner.Result) -> LoginAlertInfo? {
+        switch result.outcome {
+        case .success, .cancelled:
+            nil
+        case .timedOut:
+            LoginAlertInfo(
+                title: L("Antigravity login timed out"),
+                message: L("The browser login did not complete in time. Try Antigravity login again."))
+        case let .launchFailed(message):
+            LoginAlertInfo(
+                title: L("Could not open browser for Antigravity"),
+                message: String(format: L("Open this URL manually to continue login:\n\n%@"), message))
+        case let .failed(message):
+            LoginAlertInfo(title: L("Antigravity login failed"), message: message)
         }
     }
 
     func presentLoginAlert(title: String, message: String) {
         let alert = NSAlert()
-        alert.messageText = title
-        alert.informativeText = message
+        alert.messageText = L(title)
+        alert.informativeText = L(message)
         alert.alertStyle = .warning
         alert.runModal()
     }
@@ -306,7 +517,7 @@ extension StatusItemController {
     private func trimmedLoginOutput(_ text: String) -> String {
         let trimmed = text.trimmingCharacters(in: .whitespacesAndNewlines)
         let limit = 600
-        if trimmed.isEmpty { return "No output captured." }
+        if trimmed.isEmpty { return L("No output captured.") }
         if trimmed.count <= limit { return trimmed }
         let idx = trimmed.index(trimmed.startIndex, offsetBy: limit)
         return "\(trimmed[..<idx])…"
@@ -314,8 +525,7 @@ extension StatusItemController {
 
     func postLoginNotification(for provider: UsageProvider) {
         let name = ProviderDescriptorRegistry.descriptor(for: provider).metadata.displayName
-        let title = "\(name) login successful"
-        let body = "You can return to the app; authentication finished."
+        let (title, body) = LoginNotificationLogic.notificationCopy(providerName: name)
         AppNotifications.shared.post(idPrefix: "login-\(provider.rawValue)", title: title, body: body)
     }
 
@@ -327,7 +537,7 @@ extension StatusItemController {
             // User closed the window; no alert needed
             return
         case let .failed(message):
-            self.presentLoginAlert(title: "Cursor login failed", message: message)
+            self.presentLoginAlert(title: L("Cursor login failed"), message: message)
         }
     }
 
diff --git a/Sources/CodexBar/StatusItemController+Animation.swift b/Sources/CodexBar/StatusItemController+Animation.swift
index 38839724e..80d79b07b 100644
--- a/Sources/CodexBar/StatusItemController+Animation.swift
+++ b/Sources/CodexBar/StatusItemController+Animation.swift
@@ -6,6 +6,10 @@ extension StatusItemController {
     private static let loadingPercentEpsilon = 0.0001
     private static let blinkActiveTickInterval: Duration = .milliseconds(75)
     private static let blinkIdleFallbackInterval: Duration = .seconds(1)
+    static let loadingAnimationFPS: Double = 30.0
+    static let loadingAnimationPhaseIncrement: Double =
+        2.7 / StatusItemController.loadingAnimationFPS
+    private static let loadingAnimationMaxContinuousDuration: TimeInterval = 30.0
 
     func needsMenuBarIconAnimation() -> Bool {
         if self.shouldMergeIcons {
@@ -16,6 +20,9 @@ extension StatusItemController {
     }
 
     func updateBlinkingState() {
+        #if DEBUG
+        guard !self.isReleasedForTesting else { return }
+        #endif
         // During the loading animation, blink ticks can overwrite the animated menu bar icon and cause flicker.
         if self.needsMenuBarIconAnimation() {
             self.stopBlinking()
@@ -23,11 +30,11 @@ extension StatusItemController {
         }
 
         let blinkingEnabled = self.isBlinkingAllowed()
-        // Cache enabled providers to avoid repeated enablement lookups.
-        let enabledProviders = self.store.enabledProviders()
-        let anyEnabled = !enabledProviders.isEmpty || self.store.debugForceAnimation
+        // Use display list so merged-mode visibility stays consistent with shouldMergeIcons.
+        let displayProviders = self.store.enabledProvidersForDisplay()
+        let anyEnabled = !displayProviders.isEmpty || self.store.debugForceAnimation
         let anyVisible = UsageProvider.allCases.contains { self.isVisible($0) }
-        let mergeIcons = self.settings.mergeIcons && enabledProviders.count > 1
+        let mergeIcons = self.shouldMergeIcons
         let shouldBlink = mergeIcons ? anyEnabled : anyVisible
         if blinkingEnabled, shouldBlink {
             if self.blinkTask == nil {
@@ -35,7 +42,8 @@ extension StatusItemController {
                 self.blinkTask = Task { [weak self] in
                     while !Task.isCancelled {
                         let delay = await MainActor.run {
-                            self?.blinkTickSleepDuration(now: Date()) ?? Self.blinkIdleFallbackInterval
+                            self?.blinkTickSleepDuration(now: Date())
+                                ?? Self.blinkIdleFallbackInterval
                         }
                         try? await Task.sleep(for: delay)
                         await MainActor.run { self?.tickBlink() }
@@ -50,7 +58,8 @@ extension StatusItemController {
     private func seedBlinkStatesIfNeeded() {
         let now = Date()
         for provider in UsageProvider.allCases where self.blinkStates[provider] == nil {
-            self.blinkStates[provider] = BlinkState(nextBlink: now.addingTimeInterval(BlinkState.randomDelay()))
+            self.blinkStates[provider] = BlinkState(
+                nextBlink: now.addingTimeInterval(BlinkState.randomDelay()))
         }
     }
 
@@ -74,10 +83,13 @@ extension StatusItemController {
 
         for provider in UsageProvider.allCases {
             let shouldRender = mergeIcons ? self.isEnabled(provider) : self.isVisible(provider)
-            guard shouldRender, !self.shouldAnimate(provider: provider, mergeIcons: mergeIcons) else { continue }
+            guard shouldRender, !self.shouldAnimate(provider: provider, mergeIcons: mergeIcons)
+            else { continue }
 
-            let state = self
-                .blinkStates[provider] ?? BlinkState(nextBlink: now.addingTimeInterval(BlinkState.randomDelay()))
+            let state =
+                self
+                    .blinkStates[provider]
+                    ?? BlinkState(nextBlink: now.addingTimeInterval(BlinkState.randomDelay()))
             if state.blinkStart != nil {
                 return Self.blinkActiveTickInterval
             }
@@ -112,13 +124,16 @@ extension StatusItemController {
 
         for provider in UsageProvider.allCases {
             let shouldRender = mergeIcons ? self.isEnabled(provider) : self.isVisible(provider)
-            guard shouldRender, !self.shouldAnimate(provider: provider, mergeIcons: mergeIcons) else {
+            guard shouldRender, !self.shouldAnimate(provider: provider, mergeIcons: mergeIcons)
+            else {
                 self.clearMotion(for: provider)
                 continue
             }
 
-            var state = self
-                .blinkStates[provider] ?? BlinkState(nextBlink: now.addingTimeInterval(BlinkState.randomDelay()))
+            var state =
+                self
+                    .blinkStates[provider]
+                    ?? BlinkState(nextBlink: now.addingTimeInterval(BlinkState.randomDelay()))
 
             if let pendingSecond = state.pendingSecondStart, now >= pendingSecond {
                 state.blinkStart = now
@@ -146,7 +161,8 @@ extension StatusItemController {
                 state.blinkStart = now
                 state.effect = self.randomEffect(for: provider)
                 if state.effect == .blink, Double.random(in: 0...1) < doubleBlinkChance {
-                    state.pendingSecondStart = now.addingTimeInterval(Double.random(in: doubleDelayRange))
+                    state.pendingSecondStart = now.addingTimeInterval(
+                        Double.random(in: doubleDelayRange))
                 }
                 self.clearMotion(for: provider)
             } else {
@@ -159,8 +175,7 @@ extension StatusItemController {
             }
         }
         if mergeIcons {
-            let phase: Double? = self.needsMenuBarIconAnimation() ? self.animationPhase : nil
-            self.applyIcon(phase: phase)
+            self.applyIcon(phase: nil)
         }
     }
 
@@ -217,19 +232,27 @@ extension StatusItemController {
         return false
     }
 
-    func applyIcon(phase: Double?) {
-        guard let button = self.statusItem.button else { return }
+    @discardableResult
+    func applyIcon(phase: Double?) -> Bool { // swiftlint:disable:this function_body_length
+        guard let button = self.statusItem.button else { return false }
 
         let style = self.store.iconStyle
         let showUsed = self.settings.usageBarsShowUsed
         let showBrandPercent = self.settings.menuBarShowsBrandIconWithPercent
         let primaryProvider = self.primaryProviderForUnifiedIcon()
         let snapshot = self.store.snapshot(for: primaryProvider)
+        let warningFlash = self.quotaWarningFlashActive(provider: primaryProvider)
 
         // IconRenderer treats these values as a left-to-right "progress fill" percentage; depending on the
         // user setting we pass either "percent left" or "percent used".
-        var primary = showUsed ? snapshot?.primary?.usedPercent : snapshot?.primary?.remainingPercent
-        var weekly = showUsed ? snapshot?.secondary?.usedPercent : snapshot?.secondary?.remainingPercent
+        let resolved = snapshot.map {
+            IconRemainingResolver.resolvedPercents(
+                snapshot: $0,
+                style: style,
+                showUsed: showUsed)
+        }
+        var primary = resolved?.primary
+        var weekly = resolved?.secondary
         if showUsed,
            primaryProvider == .warp,
            let remaining = snapshot?.secondary?.remainingPercent,
@@ -247,7 +270,17 @@ extension StatusItemController {
             // In show-used mode, `0` means "unused", not "missing". Keep the weekly lane present.
             weekly = Self.loadingPercentEpsilon
         }
-        var credits: Double? = primaryProvider == .codex ? self.store.credits?.remaining : nil
+        let codexProjection = self.store.codexConsumerProjectionIfNeeded(
+            for: primaryProvider,
+            surface: .menuBar,
+            snapshotOverride: snapshot,
+            now: snapshot?.updatedAt ?? Date())
+        var credits: Double? =
+            codexProjection?.menuBarFallback == .creditsBalance
+                ? self.store.codexMenuBarCreditsRemaining(
+                    snapshotOverride: snapshot,
+                    now: snapshot?.updatedAt ?? Date())
+                : nil
         var stale = self.store.isStale(provider: primaryProvider)
         var morphProgress: Double?
 
@@ -267,7 +300,9 @@ extension StatusItemController {
                 // Keep loading animation layout stable: IconRenderer uses `weeklyRemaining > 0` to switch layouts,
                 // so hitting an exact 0 would flip between "normal" and "weekly exhausted" rendering.
                 primary = max(pattern.value(phase: phase), Self.loadingPercentEpsilon)
-                weekly = max(pattern.value(phase: phase + pattern.secondaryOffset), Self.loadingPercentEpsilon)
+                weekly = max(
+                    pattern.value(phase: phase + pattern.secondaryOffset),
+                    Self.loadingPercentEpsilon)
                 credits = nil
                 stale = false
             }
@@ -275,10 +310,11 @@ extension StatusItemController {
 
         let blink: CGFloat = style == .combined ? 0 : self.blinkAmount(for: primaryProvider)
         let wiggle: CGFloat = style == .combined ? 0 : self.wiggleAmount(for: primaryProvider)
-        let tilt: CGFloat = style == .combined ? 0 : self.tiltAmount(for: primaryProvider) * .pi / 28
+        let tilt: CGFloat =
+            style == .combined ? 0 : self.tiltAmount(for: primaryProvider) * .pi / 28
 
         let statusIndicator: ProviderStatusIndicator = {
-            for provider in self.store.enabledProviders() {
+            for provider in self.store.enabledProvidersForDisplay() {
                 let indicator = self.store.statusIndicator(for: provider)
                 if indicator.hasIssue { return indicator }
             }
@@ -289,135 +325,174 @@ extension StatusItemController {
             guard self.settings.colorCodedIcons, !needsAnimation else { return nil }
             return UsageColorLevel.tintColor(for: snapshot?.primary?.usedPercent)
         }()
+        let tintSignature = usageColor == nil
+            ? "nil"
+            : Self.iconSignatureValue(snapshot?.primary?.usedPercent)
 
         if showBrandPercent,
            let brand = ProviderBrandIcon.image(for: primaryProvider)
         {
             let displayText = self.menuBarDisplayText(for: primaryProvider, snapshot: snapshot)
-            if #available(macOS 26, *) {
-                let tinted = Self.tintedBrandImage(brand, color: usageColor)
-                self.setButtonImage(tinted, for: button)
-                self.setButtonTintColor(nil, for: button)
-            } else {
-                self.setButtonImage(brand, for: button)
-                self.setButtonTintColor(usageColor, for: button)
+            let signature = [
+                "mode=brandPercent",
+                "provider=\(primaryProvider.rawValue)",
+                "style=\(String(describing: style))",
+                "primary=\(Self.iconSignatureValue(primary))",
+                "weekly=\(Self.iconSignatureValue(weekly))",
+                "credits=\(Self.iconSignatureValue(credits))",
+                "stale=\(stale ? "1" : "0")",
+                "status=\(statusIndicator.rawValue)",
+                "text=\(displayText ?? "nil")",
+                "tint=\(tintSignature)",
+                "warningFlash=\(warningFlash ? "1" : "0")",
+                "anim=\(needsAnimation ? "1" : "0")",
+            ].joined(separator: "|")
+            if self.shouldSkipMergedIconRender(signature) {
+                self.noteIconPerfRender(skipped: true)
+                return true
             }
-            self.setButtonTitle(displayText, for: button)
-            return
-        }
-
-        if Self.shouldUseOpenRouterBrandFallback(provider: primaryProvider, snapshot: snapshot),
-           let brand = ProviderBrandIcon.image(for: primaryProvider)
-        {
-            self.setButtonTitle(nil, for: button)
             self.setButtonImage(
-                Self.brandImageWithStatusOverlay(brand: brand, statusIndicator: statusIndicator),
-                for: button)
-            return
-        }
-
-        if Self.shouldUseOpenRouterBrandFallback(provider: primaryProvider, snapshot: snapshot),
-           let brand = ProviderBrandIcon.image(for: primaryProvider)
-        {
-            self.setButtonTitle(nil, for: button)
-            self.setButtonImage(
-                Self.brandImageWithStatusOverlay(brand: brand, statusIndicator: statusIndicator),
-                for: button)
-            return
+                warningFlash ? Self.quotaWarningFlashImage(base: brand) : brand, for: button)
+            self.setButtonTitle(displayText, for: button)
+            self.setButtonTintColor(usageColor, for: button)
+            self.noteIconPerfRender(skipped: false)
+            return false
         }
 
         self.setButtonTitle(nil, for: button)
         if let morphProgress {
+            let signature = [
+                "mode=morph",
+                "provider=\(primaryProvider.rawValue)",
+                "style=\(String(describing: style))",
+                "morph=\(Self.iconSignatureValue(morphProgress))",
+                "status=\(statusIndicator.rawValue)",
+                "warningFlash=\(warningFlash ? "1" : "0")",
+                "anim=\(needsAnimation ? "1" : "0")",
+            ].joined(separator: "|")
+            if self.shouldSkipMergedIconRender(signature) {
+                self.noteIconPerfRender(skipped: true)
+                return true
+            }
             let image = IconRenderer.makeMorphIcon(progress: morphProgress, style: style)
-            self.setButtonImage(image, for: button)
+            self.setButtonImage(
+                warningFlash ? Self.quotaWarningFlashImage(base: image) : image, for: button)
             self.setButtonTintColor(nil, for: button)
         } else {
-            if #available(macOS 26, *) {
-                let image = IconRenderer.makeIcon(
-                    primaryRemaining: primary,
-                    weeklyRemaining: weekly,
-                    creditsRemaining: credits,
-                    stale: stale,
-                    style: style,
-                    blink: blink,
-                    wiggle: wiggle,
-                    tilt: tilt,
-                    statusIndicator: statusIndicator,
-                    tintColor: usageColor)
-                self.setButtonImage(image, for: button)
-                self.setButtonTintColor(nil, for: button)
-            } else {
-                let image = IconRenderer.makeIcon(
-                    primaryRemaining: primary,
-                    weeklyRemaining: weekly,
-                    creditsRemaining: credits,
-                    stale: stale,
-                    style: style,
-                    blink: blink,
-                    wiggle: wiggle,
-                    tilt: tilt,
-                    statusIndicator: statusIndicator)
-                self.setButtonImage(image, for: button)
-                self.setButtonTintColor(usageColor, for: button)
+            let signature = [
+                "mode=icon",
+                "provider=\(primaryProvider.rawValue)",
+                "style=\(String(describing: style))",
+                "primary=\(Self.iconSignatureValue(primary))",
+                "weekly=\(Self.iconSignatureValue(weekly))",
+                "credits=\(Self.iconSignatureValue(credits))",
+                "stale=\(stale ? "1" : "0")",
+                "status=\(statusIndicator.rawValue)",
+                "blink=\(Self.iconSignatureValue(Double(blink)))",
+                "wiggle=\(Self.iconSignatureValue(Double(wiggle)))",
+                "tilt=\(Self.iconSignatureValue(Double(tilt)))",
+                "tint=\(tintSignature)",
+                "warningFlash=\(warningFlash ? "1" : "0")",
+                "anim=\(needsAnimation ? "1" : "0")",
+            ].joined(separator: "|")
+            if self.shouldSkipMergedIconRender(signature) {
+                self.noteIconPerfRender(skipped: true)
+                return true
             }
+            let image = IconRenderer.makeIcon(
+                primaryRemaining: primary,
+                weeklyRemaining: weekly,
+                creditsRemaining: credits,
+                stale: stale,
+                style: style,
+                blink: blink,
+                wiggle: wiggle,
+                tilt: tilt,
+                statusIndicator: statusIndicator,
+                tintColor: usageColor)
+            self.setButtonImage(
+                warningFlash ? Self.quotaWarningFlashImage(base: image) : image, for: button)
+            self.setButtonTintColor(usageColor, for: button)
         }
+        self.noteIconPerfRender(skipped: false)
+        return false
     }
 
-    func applyIcon(for provider: UsageProvider, phase: Double?) {
-        guard let button = self.statusItems[provider]?.button else { return }
+    private func shouldSkipMergedIconRender(_ signature: String) -> Bool {
+        guard self.shouldMergeIcons else {
+            self.lastAppliedMergedIconRenderSignature = signature
+            return false
+        }
+        if self.lastAppliedMergedIconRenderSignature == signature {
+            return true
+        }
+        self.lastAppliedMergedIconRenderSignature = signature
+        return false
+    }
+
+    private func shouldSkipProviderIconRender(provider: UsageProvider, signature: String) -> Bool {
+        if self.lastAppliedProviderIconRenderSignatures[provider] == signature {
+            return true
+        }
+        self.lastAppliedProviderIconRenderSignatures[provider] = signature
+        return false
+    }
+
+    @discardableResult
+    func applyIcon(for provider: UsageProvider, phase: Double?) -> Bool { // swiftlint:disable:this function_body_length
+        guard let button = self.statusItems[provider]?.button else { return false }
         let snapshot = self.store.snapshot(for: provider)
         // IconRenderer treats these values as a left-to-right "progress fill" percentage; depending on the
         // user setting we pass either "percent left" or "percent used".
         let showUsed = self.settings.usageBarsShowUsed
         let showBrandPercent = self.settings.menuBarShowsBrandIconWithPercent
-        let isAnimating = phase != nil && self.shouldAnimate(provider: provider)
+        let style: IconStyle = self.store.style(for: provider)
+        let warningFlash = self.quotaWarningFlashActive(provider: provider)
 
+        let isAnimatingForColor = phase != nil && self.shouldAnimate(provider: provider)
         let usageColor: NSColor? = {
-            guard self.settings.colorCodedIcons, !isAnimating else { return nil }
+            guard self.settings.colorCodedIcons, !isAnimatingForColor else { return nil }
             return UsageColorLevel.tintColor(for: snapshot?.primary?.usedPercent)
         }()
+        let tintSignature = usageColor == nil
+            ? "nil"
+            : Self.iconSignatureValue(snapshot?.primary?.usedPercent)
 
         if showBrandPercent,
            let brand = ProviderBrandIcon.image(for: provider)
         {
             let displayText = self.menuBarDisplayText(for: provider, snapshot: snapshot)
-            if #available(macOS 26, *) {
-                let tinted = Self.tintedBrandImage(brand, color: usageColor)
-                self.setButtonImage(tinted, for: button)
-                self.setButtonTintColor(nil, for: button)
-            } else {
-                self.setButtonImage(brand, for: button)
-                self.setButtonTintColor(usageColor, for: button)
+            let signature = [
+                "mode=brandPercent",
+                "provider=\(provider.rawValue)",
+                "style=\(String(describing: style))",
+                "text=\(displayText ?? "nil")",
+                "tint=\(tintSignature)",
+                "warningFlash=\(warningFlash ? "1" : "0")",
+            ].joined(separator: "|")
+            if self.shouldSkipProviderIconRender(provider: provider, signature: signature) {
+                self.noteIconPerfRender(skipped: true)
+                return true
             }
+            self.setButtonImage(
+                warningFlash ? Self.quotaWarningFlashImage(base: brand) : brand, for: button)
             self.setButtonTitle(displayText, for: button)
-            return
+            self.setButtonTintColor(usageColor, for: button)
+            self.noteIconPerfRender(skipped: false)
+            return false
         }
 
-        if Self.shouldUseOpenRouterBrandFallback(provider: provider, snapshot: snapshot),
-           let brand = ProviderBrandIcon.image(for: provider)
-        {
-            self.setButtonTitle(nil, for: button)
-            self.setButtonImage(
-                Self.brandImageWithStatusOverlay(
-                    brand: brand,
-                    statusIndicator: self.store.statusIndicator(for: provider)),
-                for: button)
-            return
-        }
+        self.setButtonTitle(nil, for: button)
 
-        if Self.shouldUseOpenRouterBrandFallback(provider: provider, snapshot: snapshot),
-           let brand = ProviderBrandIcon.image(for: provider)
-        {
-            self.setButtonTitle(nil, for: button)
-            self.setButtonImage(
-                Self.brandImageWithStatusOverlay(
-                    brand: brand,
-                    statusIndicator: self.store.statusIndicator(for: provider)),
-                for: button)
-            return
+        // OpenRouter always gets a meter here — the brand-logo fallback was removed on purpose.
+        let resolved = snapshot.map {
+            IconRemainingResolver.resolvedPercents(
+                snapshot: $0,
+                style: style,
+                showUsed: showUsed)
         }
-        var primary = showUsed ? snapshot?.primary?.usedPercent : snapshot?.primary?.remainingPercent
-        var weekly = showUsed ? snapshot?.secondary?.usedPercent : snapshot?.secondary?.remainingPercent
+        var primary = resolved?.primary
+        var weekly = resolved?.secondary
         if showUsed,
            provider == .warp,
            let remaining = snapshot?.secondary?.remainingPercent,
@@ -435,31 +510,42 @@ extension StatusItemController {
             // In show-used mode, `0` means "unused", not "missing". Keep the weekly lane present.
             weekly = Self.loadingPercentEpsilon
         }
-        var credits: Double? = provider == .codex ? self.store.credits?.remaining : nil
+        let codexProjection = self.store.codexConsumerProjectionIfNeeded(
+            for: provider,
+            surface: .menuBar,
+            snapshotOverride: snapshot,
+            now: snapshot?.updatedAt ?? Date())
+        var credits: Double? =
+            codexProjection?.menuBarFallback == .creditsBalance
+                ? self.store.codexMenuBarCreditsRemaining(
+                    snapshotOverride: snapshot,
+                    now: snapshot?.updatedAt ?? Date())
+                : nil
         var stale = self.store.isStale(provider: provider)
         var morphProgress: Double?
 
-        if isAnimating {
+        if let phase, self.shouldAnimate(provider: provider) {
             var pattern = self.animationPattern
             if provider == .claude, pattern == .unbraid {
                 pattern = .cylon
             }
             if pattern == .unbraid {
-                morphProgress = pattern.value(phase: phase!) / 100
+                morphProgress = pattern.value(phase: phase) / 100
                 primary = nil
                 weekly = nil
                 credits = nil
                 stale = false
             } else {
                 // Keep loading animation layout stable: IconRenderer switches layouts at `weeklyRemaining == 0`.
-                primary = max(pattern.value(phase: phase!), Self.loadingPercentEpsilon)
-                weekly = max(pattern.value(phase: phase! + pattern.secondaryOffset), Self.loadingPercentEpsilon)
+                primary = max(pattern.value(phase: phase), Self.loadingPercentEpsilon)
+                weekly = max(
+                    pattern.value(phase: phase + pattern.secondaryOffset),
+                    Self.loadingPercentEpsilon)
                 credits = nil
                 stale = false
             }
         }
 
-        let style: IconStyle = self.store.style(for: provider)
         let isLoading = phase != nil && self.shouldAnimate(provider: provider)
         let blink: CGFloat = {
             guard isLoading, style == .warp, let phase else {
@@ -470,41 +556,91 @@ extension StatusItemController {
         }()
         let wiggle = self.wiggleAmount(for: provider)
         let tilt = self.tiltAmount(for: provider) * .pi / 28 // limit to ~6.4°
+        let statusIndicator = self.store.statusIndicator(for: provider)
         if let morphProgress {
+            let signature = [
+                "mode=morph",
+                "provider=\(provider.rawValue)",
+                "style=\(String(describing: style))",
+                "morph=\(Self.iconSignatureValue(morphProgress))",
+                "status=\(statusIndicator.rawValue)",
+                "warningFlash=\(warningFlash ? "1" : "0")",
+                "loading=\(isLoading ? "1" : "0")",
+            ].joined(separator: "|")
+            if self.shouldSkipProviderIconRender(provider: provider, signature: signature) {
+                self.noteIconPerfRender(skipped: true)
+                return true
+            }
             let image = IconRenderer.makeMorphIcon(progress: morphProgress, style: style)
-            self.setButtonImage(image, for: button)
+            self.setButtonImage(
+                warningFlash ? Self.quotaWarningFlashImage(base: image) : image, for: button)
             self.setButtonTintColor(nil, for: button)
         } else {
-            self.setButtonTitle(nil, for: button)
-            if #available(macOS 26, *) {
-                let image = IconRenderer.makeIcon(
-                    primaryRemaining: primary,
-                    weeklyRemaining: weekly,
-                    creditsRemaining: credits,
-                    stale: stale,
-                    style: style,
-                    blink: blink,
-                    wiggle: wiggle,
-                    tilt: tilt,
-                    statusIndicator: self.store.statusIndicator(for: provider),
-                    tintColor: usageColor)
-                self.setButtonImage(image, for: button)
-                self.setButtonTintColor(nil, for: button)
-            } else {
-                let image = IconRenderer.makeIcon(
-                    primaryRemaining: primary,
-                    weeklyRemaining: weekly,
-                    creditsRemaining: credits,
-                    stale: stale,
-                    style: style,
-                    blink: blink,
-                    wiggle: wiggle,
-                    tilt: tilt,
-                    statusIndicator: self.store.statusIndicator(for: provider))
-                self.setButtonImage(image, for: button)
-                self.setButtonTintColor(usageColor, for: button)
+            let signature = [
+                "mode=icon",
+                "provider=\(provider.rawValue)",
+                "style=\(String(describing: style))",
+                "primary=\(Self.iconSignatureValue(primary))",
+                "weekly=\(Self.iconSignatureValue(weekly))",
+                "credits=\(Self.iconSignatureValue(credits))",
+                "stale=\(stale ? "1" : "0")",
+                "status=\(statusIndicator.rawValue)",
+                "blink=\(Self.iconSignatureValue(Double(blink)))",
+                "wiggle=\(Self.iconSignatureValue(Double(wiggle)))",
+                "tilt=\(Self.iconSignatureValue(Double(tilt)))",
+                "tint=\(tintSignature)",
+                "warningFlash=\(warningFlash ? "1" : "0")",
+                "loading=\(isLoading ? "1" : "0")",
+            ].joined(separator: "|")
+            if self.shouldSkipProviderIconRender(provider: provider, signature: signature) {
+                self.noteIconPerfRender(skipped: true)
+                return true
             }
+            let image = IconRenderer.makeIcon(
+                primaryRemaining: primary,
+                weeklyRemaining: weekly,
+                creditsRemaining: credits,
+                stale: stale,
+                style: style,
+                blink: blink,
+                wiggle: wiggle,
+                tilt: tilt,
+                statusIndicator: statusIndicator,
+                tintColor: usageColor)
+            self.setButtonImage(
+                warningFlash ? Self.quotaWarningFlashImage(base: image) : image, for: button)
+            self.setButtonTintColor(usageColor, for: button)
         }
+        self.noteIconPerfRender(skipped: false)
+        return false
+    }
+
+    private static func iconSignatureValue(_ value: Double?) -> String {
+        guard let value else { return "nil" }
+        return String(format: "%.3f", value)
+    }
+
+    func quotaWarningFlashActive(provider: UsageProvider, now: Date = Date()) -> Bool {
+        guard let until = self.quotaWarningFlashUntil[provider] else { return false }
+        if until > now { return true }
+        self.quotaWarningFlashUntil.removeValue(forKey: provider)
+        self.quotaWarningFlashTasks[provider]?.cancel()
+        self.quotaWarningFlashTasks.removeValue(forKey: provider)
+        return false
+    }
+
+    static func quotaWarningFlashImage(base: NSImage) -> NSImage {
+        let image = NSImage(size: base.size)
+        image.lockFocus()
+        let rect = NSRect(origin: .zero, size: base.size)
+        NSColor.systemRed.withAlphaComponent(0.22).setFill()
+        NSBezierPath(roundedRect: rect.insetBy(dx: 1, dy: 1), xRadius: 4, yRadius: 4).fill()
+        base.draw(in: rect, from: .zero, operation: .sourceOver, fraction: 1)
+        NSColor.systemRed.withAlphaComponent(0.28).setFill()
+        NSBezierPath(rect: rect).fill()
+        image.unlockFocus()
+        image.isTemplate = false
+        return image
     }
 
     private func setButtonImage(_ image: NSImage, for button: NSStatusBarButton) {
@@ -518,7 +654,7 @@ extension StatusItemController {
     }
 
     private func setButtonTitle(_ title: String?, for button: NSStatusBarButton) {
-        let value = title ?? ""
+        let value = Self.buttonTitle(title, hasImage: button.image != nil)
         if button.title != value {
             button.title = value
         }
@@ -528,26 +664,69 @@ extension StatusItemController {
         }
     }
 
+    nonisolated static func buttonTitle(_ title: String?, hasImage: Bool) -> String {
+        guard let title, !title.isEmpty else { return "" }
+        return hasImage ? " \(title)" : title
+    }
+
     func menuBarDisplayText(for provider: UsageProvider, snapshot: UsageSnapshot?) -> String? {
-        let percentWindow: RateWindow? = switch self.settings.menuBarPercentTimeWindow {
-        case .session:
-            self.menuBarPercentWindow(for: provider, snapshot: snapshot)
-        case .weekly:
-            snapshot?.secondary ?? self.menuBarPercentWindow(for: provider, snapshot: snapshot)
+        if provider == .openrouter,
+           self.settings.menuBarMetricPreference(for: provider, snapshot: snapshot) == .automatic,
+           let balance = snapshot?.openRouterUsage?.balance
+        {
+            return UsageFormatter.usdString(balance)
         }
+        if provider == .deepseek,
+           let balance = Self.deepSeekBalanceDisplayText(snapshot: snapshot)
+        {
+            return balance
+        }
+        if provider == .moonshot,
+           let balance = Self.moonshotBalanceDisplayText(snapshot: snapshot)
+        {
+            return balance
+        }
+        if provider == .mistral,
+           let spend = Self.mistralSpendDisplayText(snapshot: snapshot)
+        {
+            return spend
+        }
+        if provider == .kimik2,
+           let credits = Self.kimiK2CreditsDisplayText(snapshot: snapshot)
+        {
+            return credits
+        }
+        if provider == .kiro {
+            return Self.kiroDisplayText(
+                snapshot: snapshot,
+                mode: self.settings.kiroMenuBarDisplayMode,
+                showUsed: self.settings.usageBarsShowUsed)
+        }
+        if self.settings.menuBarMetricPreference(for: provider, snapshot: snapshot) == .extraUsage,
+           let spend = Self.extraUsageSpendDisplayText(snapshot: snapshot)
+        {
+            return spend
+        }
+
+        let percentWindow = self.menuBarPercentWindow(for: provider, snapshot: snapshot)
         let mode = self.settings.menuBarDisplayMode
         let now = Date()
-        let paceWindow: RateWindow? = switch self.settings.menuBarPaceTimeWindow {
-        case .session:
-            snapshot?.primary ?? snapshot?.secondary
-        case .weekly:
-            snapshot?.secondary ?? snapshot?.primary
-        }
-        let pace: UsagePace? = switch mode {
+        let codexProjection = self.store.codexConsumerProjectionIfNeeded(
+            for: provider,
+            surface: .menuBar,
+            snapshotOverride: snapshot,
+            now: now)
+        let pace: UsagePace?
+        switch mode {
         case .percent:
-            nil
+            pace = nil
         case .pace, .both:
-            paceWindow.flatMap { window in
+            let weeklyWindow =
+                codexProjection?.rateWindow(for: .weekly)
+                ?? snapshot?.secondary
+                // Abacus has no secondary window; pace is computed on primary monthly credits
+                ?? (provider == .abacus ? snapshot?.primary : nil)
+            pace = weeklyWindow.flatMap { window in
                 self.store.weeklyPace(provider: provider, window: window, now: now)
             }
         }
@@ -558,25 +737,194 @@ extension StatusItemController {
             showUsed: self.settings.usageBarsShowUsed,
             separatorStyle: self.settings.menuBarSeparatorStyle)
 
-        let sessionExhausted = (snapshot?.primary?.remainingPercent ?? 100) <= 0
-        let weeklyExhausted = (snapshot?.secondary?.remainingPercent ?? 100) <= 0
-
-        if provider == .codex,
-           mode == .percent,
+        if mode == .percent,
            !self.settings.usageBarsShowUsed,
-           sessionExhausted || weeklyExhausted,
-           let creditsRemaining = self.store.credits?.remaining,
+           codexProjection?.menuBarFallback == .creditsBalance,
+           let creditsRemaining = codexProjection?.credits?.remaining,
            creditsRemaining > 0
         {
-            return UsageFormatter
-                .creditsString(from: creditsRemaining)
-                .replacingOccurrences(of: " left", with: "")
+            return
+                UsageFormatter
+                    .creditsString(from: creditsRemaining)
+                    .replacingOccurrences(of: " left", with: "")
         }
 
         return displayText
     }
 
-    private func menuBarPercentWindow(for provider: UsageProvider, snapshot: UsageSnapshot?) -> RateWindow? {
+    nonisolated static func deepSeekBalanceDisplayText(snapshot: UsageSnapshot?) -> String? {
+        guard
+            let rawValue = snapshot?.primary?.resetDescription?
+                .trimmingCharacters(in: .whitespacesAndNewlines),
+                !rawValue.isEmpty,
+                rawValue.hasPrefix("$") || rawValue.hasPrefix("¥")
+        else {
+            return nil
+        }
+
+        let balance = rawValue.split(separator: " ", maxSplits: 1).first
+        return balance.map(String.init)
+    }
+
+    nonisolated static func moonshotBalanceDisplayText(snapshot: UsageSnapshot?) -> String? {
+        self.displayValue(
+            from: snapshot?.loginMethod(for: .moonshot),
+            prefix: "Balance:",
+            removingSuffix: "")
+            .flatMap { value in
+                value
+                    .split(separator: "·", maxSplits: 1)
+                    .first?
+                    .trimmingCharacters(in: .whitespacesAndNewlines)
+            }
+    }
+
+    nonisolated static func mistralSpendDisplayText(snapshot: UsageSnapshot?) -> String? {
+        self.displayValue(
+            from: snapshot?.identity?.loginMethod,
+            prefix: "API spend:",
+            removingSuffix: " this month")
+    }
+
+    nonisolated static func kimiK2CreditsDisplayText(snapshot: UsageSnapshot?) -> String? {
+        self.displayValue(
+            from: snapshot?.identity?.loginMethod,
+            prefix: "Credits:",
+            removingSuffix: " left")
+    }
+
+    nonisolated static func extraUsageSpendDisplayText(snapshot: UsageSnapshot?) -> String? {
+        guard let cost = snapshot?.providerCost,
+              cost.limit > 0,
+              cost.used >= 0
+        else {
+            return nil
+        }
+        return UsageFormatter.currencyString(cost.used, currencyCode: cost.currencyCode)
+    }
+
+    nonisolated static func kiroDisplayText(
+        snapshot: UsageSnapshot?,
+        mode: KiroMenuBarDisplayMode,
+        showUsed: Bool)
+        -> String?
+    {
+        guard mode != .hidden else { return nil }
+        guard let usage = snapshot?.kiroUsage else {
+            return MenuBarDisplayText.percentText(window: snapshot?.primary, showUsed: showUsed)
+        }
+        let percentText = MenuBarDisplayText.percentText(
+            window: snapshot?.primary,
+            showUsed: showUsed)
+        let creditsLeft = UsageFormatter.kiroCreditNumber(usage.creditsRemaining)
+        let usedTotal = [
+            UsageFormatter.kiroCreditNumber(usage.creditsUsed),
+            UsageFormatter.kiroCreditNumber(usage.creditsTotal),
+        ].joined(separator: " / ")
+
+        switch mode {
+        case .automatic, .creditsLeft:
+            if usage.creditsTotal > 0 {
+                return creditsLeft
+            }
+            return percentText
+        case .hidden:
+            return nil
+        case .percentLeft:
+            return MenuBarDisplayText.percentText(window: snapshot?.primary, showUsed: false)
+        case .creditsAndPercent:
+            guard usage.creditsTotal > 0 else { return percentText }
+            guard let percentText else { return creditsLeft }
+            return "\(creditsLeft) · \(percentText)"
+        case .usedAndTotal:
+            guard usage.creditsTotal > 0 else { return percentText }
+            return usedTotal
+        case .overageCreditsWhenExhausted:
+            return self.kiroOverageDisplayText(
+                usage: usage,
+                format: .credits,
+                fallback: creditsLeft,
+                percentFallback: percentText)
+        case .overageCostWhenExhausted:
+            return self.kiroOverageDisplayText(
+                usage: usage,
+                format: .cost,
+                fallback: creditsLeft,
+                percentFallback: percentText)
+        case .overageCreditsAndCostWhenExhausted:
+            return self.kiroOverageDisplayText(
+                usage: usage,
+                format: .creditsAndCost,
+                fallback: creditsLeft,
+                percentFallback: percentText)
+        }
+    }
+
+    private enum KiroOverageDisplayFormat {
+        case credits
+        case cost
+        case creditsAndCost
+    }
+
+    private nonisolated static func kiroOverageDisplayText(
+        usage: KiroUsageDetails,
+        format: KiroOverageDisplayFormat,
+        fallback: String,
+        percentFallback: String?)
+        -> String?
+    {
+        guard usage.creditsTotal > 0 else { return percentFallback }
+        guard usage.creditsRemaining <= 0 else { return fallback }
+        guard
+            usage.overagesStatus?
+                .trimmingCharacters(in: .whitespacesAndNewlines)
+                .lowercased()
+                .hasPrefix("enabled") == true
+        else {
+            return fallback
+        }
+
+        let credits = usage.overageCreditsUsed.map { "\(UsageFormatter.kiroCreditNumber($0)) over" }
+        let cost = usage.estimatedOverageCostUSD.map { "\(UsageFormatter.usdString($0)) over" }
+
+        switch format {
+        case .credits:
+            return credits ?? cost ?? fallback
+        case .cost:
+            return cost ?? credits ?? fallback
+        case .creditsAndCost:
+            if let credits, let cost {
+                let creditsValue = credits.replacingOccurrences(of: " over", with: "")
+                let costValue = cost.replacingOccurrences(of: " over", with: "")
+                return "\(creditsValue) · \(costValue)"
+            }
+            return credits ?? cost ?? fallback
+        }
+    }
+
+    private nonisolated static func displayValue(
+        from text: String?,
+        prefix: String,
+        removingSuffix suffix: String)
+        -> String?
+    {
+        guard let rawValue = text?.trimmingCharacters(in: .whitespacesAndNewlines),
+              rawValue.hasPrefix(prefix)
+        else {
+            return nil
+        }
+        let valueStart = rawValue.index(rawValue.startIndex, offsetBy: prefix.count)
+        var value = rawValue[valueStart...].trimmingCharacters(in: .whitespacesAndNewlines)
+        if !suffix.isEmpty, value.hasSuffix(suffix) {
+            value = String(value.dropLast(suffix.count)).trimmingCharacters(
+                in: .whitespacesAndNewlines)
+        }
+        return value.isEmpty ? nil : value
+    }
+
+    private func menuBarPercentWindow(for provider: UsageProvider, snapshot: UsageSnapshot?)
+        -> RateWindow?
+    {
         self.menuBarMetricWindow(for: provider, snapshot: snapshot)
     }
 
@@ -588,6 +936,15 @@ extension StatusItemController {
         {
             return highest.provider
         }
+        if self.shouldMergeIcons, self.settings.mergedMenuLastSelectedWasOverview {
+            let enabledProviders = self.store.enabledProvidersForDisplay()
+            let overviewProviders = self.settings.resolvedMergedOverviewProviders(
+                activeProviders: enabledProviders,
+                maxVisibleProviders: SettingsStore.mergedOverviewProviderLimit)
+            if let provider = overviewProviders.first(where: { self.store.isEnabled($0) }) {
+                return provider
+            }
+        }
         if self.shouldMergeIcons,
            let selected = self.selectedMenuProvider,
            self.store.isEnabled(selected)
@@ -599,6 +956,8 @@ extension StatusItemController {
                 return provider
             }
         }
+        // Use availability-filtered list: fallback must pick a provider that can
+        // actually animate, otherwise shouldAnimate() fails on credential-less providers.
         if let enabled = self.store.enabledProviders().first {
             return enabled
         }
@@ -606,6 +965,9 @@ extension StatusItemController {
     }
 
     @objc func handleDebugBlinkNotification() {
+        #if DEBUG
+        guard !self.isReleasedForTesting else { return }
+        #endif
         self.forceBlinkNow()
     }
 
@@ -615,10 +977,13 @@ extension StatusItemController {
         self.seedBlinkStatesIfNeeded()
 
         for provider in UsageProvider.allCases {
-            let shouldBlink = self.shouldMergeIcons ? self.isEnabled(provider) : self.isVisible(provider)
+            let shouldBlink =
+                self.shouldMergeIcons ? self.isEnabled(provider) : self.isVisible(provider)
             guard shouldBlink, !self.shouldAnimate(provider: provider) else { continue }
-            var state = self
-                .blinkStates[provider] ?? BlinkState(nextBlink: now.addingTimeInterval(BlinkState.randomDelay()))
+            var state =
+                self
+                    .blinkStates[provider]
+                    ?? BlinkState(nextBlink: now.addingTimeInterval(BlinkState.randomDelay()))
             state.blinkStart = now
             state.pendingSecondStart = nil
             state.effect = self.randomEffect(for: provider)
@@ -666,46 +1031,51 @@ extension StatusItemController {
                     self.animationPattern = .knightRider
                 }
                 self.animationPhase = 0
+                self.animationStartedAt = Date()
                 let driver = DisplayLinkDriver(onTick: { [weak self] in
                     self?.updateAnimationFrame()
                 })
                 self.animationDriver = driver
-                driver.start(fps: 60)
-            } else if let forced = self.settings.debugLoadingPattern, forced != self.animationPattern {
+                driver.start(fps: Self.loadingAnimationFPS)
+            } else if let forced = self.settings.debugLoadingPattern,
+                      forced != self.animationPattern
+            {
                 self.animationPattern = forced
                 self.animationPhase = 0
             }
         } else {
-            self.animationDriver?.stop()
-            self.animationDriver = nil
-            self.animationPhase = 0
-            if self.shouldMergeIcons {
-                self.applyIcon(phase: nil)
-            } else {
-                UsageProvider.allCases.forEach { self.applyIcon(for: $0, phase: nil) }
-            }
+            self.stopLoadingAnimation()
         }
     }
 
-    private func updateAnimationFrame() {
-        self.animationPhase += 0.045 // half-speed animation
+    private func stopLoadingAnimation() {
+        self.animationDriver?.stop()
+        self.animationDriver = nil
+        self.animationPhase = 0
+        self.animationStartedAt = nil
         if self.shouldMergeIcons {
-            self.applyIcon(phase: self.animationPhase)
+            self.applyIcon(phase: nil)
         } else {
-            UsageProvider.allCases.forEach { self.applyIcon(for: $0, phase: self.animationPhase) }
+            UsageProvider.allCases.forEach { self.applyIcon(for: $0, phase: nil) }
         }
     }
 
-    nonisolated static func shouldUseOpenRouterBrandFallback(
-        provider: UsageProvider,
-        snapshot: UsageSnapshot?) -> Bool
-    {
-        guard provider == .openrouter,
-              let openRouterUsage = snapshot?.openRouterUsage
-        else {
-            return false
+    private func updateAnimationFrame() {
+        #if DEBUG
+        guard !self.isReleasedForTesting else { return }
+        #endif
+        if let startedAt = self.animationStartedAt,
+           Date().timeIntervalSince(startedAt) > Self.loadingAnimationMaxContinuousDuration
+        {
+            self.stopLoadingAnimation()
+            return
+        }
+        self.animationPhase += Self.loadingAnimationPhaseIncrement
+        if self.shouldMergeIcons {
+            self.applyIcon(phase: self.animationPhase)
+        } else {
+            UsageProvider.allCases.forEach { self.applyIcon(for: $0, phase: self.animationPhase) }
         }
-        return openRouterUsage.keyQuotaStatus == .noLimitConfigured
     }
 
     nonisolated static func brandImageWithStatusOverlay(
@@ -714,38 +1084,22 @@ extension StatusItemController {
     {
         guard statusIndicator.hasIssue else { return brand }
 
-        let image = NSImage(size: brand.size, flipped: false) { rect in
-            brand.draw(
-                at: .zero,
-                from: rect,
-                operation: .sourceOver,
-                fraction: 1.0)
-            Self.drawBrandStatusOverlay(indicator: statusIndicator, size: brand.size)
-            return true
-        }
+        let image = NSImage(size: brand.size)
+        image.lockFocus()
+        brand.draw(
+            at: .zero,
+            from: NSRect(origin: .zero, size: brand.size),
+            operation: .sourceOver,
+            fraction: 1.0)
+        Self.drawBrandStatusOverlay(indicator: statusIndicator, size: brand.size)
+        image.unlockFocus()
         image.isTemplate = brand.isTemplate
         return image
     }
 
-    /// Composites a tint color onto a brand image using sourceIn blending, producing a non-template image
-    /// suitable for macOS 26 Liquid Glass where `contentTintColor` is ignored on template images.
-    nonisolated static func tintedBrandImage(_ brand: NSImage, color: NSColor?) -> NSImage {
-        guard let color else { return brand }
-        let image = NSImage(size: brand.size, flipped: false) { rect in
-            brand.draw(in: rect, from: rect, operation: .sourceOver, fraction: 1.0)
-            guard let ctx = NSGraphicsContext.current?.cgContext else { return true }
-            ctx.saveGState()
-            ctx.setBlendMode(.sourceIn)
-            color.setFill()
-            ctx.fill(rect)
-            ctx.restoreGState()
-            return true
-        }
-        image.isTemplate = false
-        return image
-    }
-
-    private nonisolated static func drawBrandStatusOverlay(indicator: ProviderStatusIndicator, size: NSSize) {
+    private nonisolated static func drawBrandStatusOverlay(
+        indicator: ProviderStatusIndicator, size: NSSize)
+    {
         guard indicator.hasIssue else { return }
 
         let color = NSColor.labelColor
@@ -777,6 +1131,9 @@ extension StatusItemController {
     }
 
     @objc func handleDebugReplayNotification(_ notification: Notification) {
+        #if DEBUG
+        guard !self.isReleasedForTesting else { return }
+        #endif
         if let raw = notification.userInfo?["pattern"] as? String,
            let selected = LoadingPattern(rawValue: raw)
         {
diff --git a/Sources/CodexBar/StatusItemController+CodexStackedMenu.swift b/Sources/CodexBar/StatusItemController+CodexStackedMenu.swift
new file mode 100644
index 000000000..c26f9aa85
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+CodexStackedMenu.swift
@@ -0,0 +1,69 @@
+import AppKit
+
+extension StatusItemController {
+    func addStackedCodexMenuCards(
+        _ display: CodexAccountMenuDisplay,
+        to menu: NSMenu,
+        context: MenuCardContext)
+    {
+        let snapshotsByAccountID = Dictionary(uniqueKeysWithValues: display.snapshots.map {
+            ($0.account.id, $0)
+        })
+        var cardIndex = 0
+        let sections = display.showsWorkspaceGroups ? display.workspaceSections : [
+            CodexAccountWorkspaceSection(title: "", accounts: display.accounts),
+        ]
+
+        for (sectionIndex, section) in sections.enumerated() {
+            if display.showsWorkspaceGroups {
+                self.addCodexWorkspaceHeader(section.title, index: sectionIndex, to: menu)
+            }
+
+            for account in section.accounts {
+                let accountSnapshot = snapshotsByAccountID[account.id]
+                let health = CodexAccountHealth.status(for: account, error: accountSnapshot?.error)
+                let model = self.menuCardModel(
+                    for: .codex,
+                    snapshotOverride: accountSnapshot?.snapshot,
+                    errorOverride: health.label,
+                    forceOverrideCard: accountSnapshot == nil,
+                    accountOverride: self.accountInfo(for: account))
+                guard let model else { continue }
+                menu.addItem(self.makeMenuCardItem(
+                    UsageMenuCardView(model: model, width: context.menuWidth),
+                    id: "menuCard-\(cardIndex)",
+                    width: context.menuWidth))
+                cardIndex += 1
+                if account.id != section.accounts.last?.id {
+                    menu.addItem(.separator())
+                }
+            }
+
+            if sectionIndex < sections.count - 1 {
+                menu.addItem(.separator())
+            }
+        }
+
+        if cardIndex == 0, let model = self.menuCardModel(for: context.selectedProvider) {
+            menu.addItem(self.makeMenuCardItem(
+                UsageMenuCardView(model: model, width: context.menuWidth),
+                id: "menuCard",
+                width: context.menuWidth))
+        }
+        menu.addItem(.separator())
+        if self.addStorageMenuCardSection(to: menu, provider: context.currentProvider, width: context.menuWidth) {
+            menu.addItem(.separator())
+        }
+    }
+
+    private func addCodexWorkspaceHeader(_ title: String, index: Int, to menu: NSMenu) {
+        let header = NSMenuItem(title: title, action: nil, keyEquivalent: "")
+        header.isEnabled = false
+        header.representedObject = "codexWorkspace-\(index)"
+        let font = NSFont.systemFont(ofSize: NSFont.smallSystemFontSize, weight: .semibold)
+        header.attributedTitle = NSAttributedString(
+            string: title,
+            attributes: [.font: font, .foregroundColor: NSColor.secondaryLabelColor])
+        menu.addItem(header)
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+CostMenuCard.swift b/Sources/CodexBar/StatusItemController+CostMenuCard.swift
new file mode 100644
index 000000000..a0bf47939
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+CostMenuCard.swift
@@ -0,0 +1,66 @@
+import AppKit
+
+extension StatusItemController {
+    static var costMenuTitle: String {
+        L("Cost")
+    }
+
+    func makeCostMenuCardItem(model: UsageMenuCardView.Model, submenu: NSMenu?) -> NSMenuItem {
+        let tooltipLines = Self.costMenuTooltipLines(tokenUsage: model.tokenUsage)
+        let visibleDetailLines = Self.costMenuVisibleDetailLines(tokenUsage: model.tokenUsage)
+        let item = NSMenuItem(title: Self.costMenuTitle, action: nil, keyEquivalent: "")
+        item.isEnabled = true
+        item.representedObject = "menuCardCost"
+        item.submenu = submenu
+        item.toolTip = tooltipLines.joined(separator: "\n")
+        if #available(macOS 14.4, *) {
+            item.subtitle = visibleDetailLines.joined(separator: "\n")
+        } else if !visibleDetailLines.isEmpty {
+            item.attributedTitle = Self.costMenuFallbackAttributedTitle(visibleDetailLines: visibleDetailLines)
+        }
+        return item
+    }
+
+    static func costMenuTooltipLines(tokenUsage: UsageMenuCardView.Model.TokenUsageSection?) -> [String] {
+        [
+            tokenUsage?.sessionLine,
+            tokenUsage?.monthLine,
+            tokenUsage?.hintLine,
+            tokenUsage?.errorLine,
+        ]
+            .compactMap(\.self)
+            .filter { !$0.isEmpty }
+    }
+
+    static func costMenuVisibleDetailLines(tokenUsage: UsageMenuCardView.Model.TokenUsageSection?) -> [String] {
+        let primaryLines = [
+            tokenUsage?.sessionLine,
+            tokenUsage?.monthLine,
+            tokenUsage?.errorLine,
+        ]
+            .compactMap(\.self)
+            .filter { !$0.isEmpty }
+        guard primaryLines.isEmpty else { return primaryLines }
+        return [tokenUsage?.hintLine]
+            .compactMap(\.self)
+            .filter { !$0.isEmpty }
+    }
+
+    static func costMenuFallbackAttributedTitle(visibleDetailLines: [String]) -> NSAttributedString {
+        let detailText = visibleDetailLines.joined(separator: " | ")
+        let title = detailText.isEmpty ? self.costMenuTitle : "\(self.costMenuTitle)  \(detailText)"
+        let attributedTitle = NSMutableAttributedString(
+            string: title,
+            attributes: [.font: NSFont.menuFont(ofSize: NSFont.systemFontSize)])
+        guard !detailText.isEmpty else { return attributedTitle }
+
+        let detailRange = (title as NSString).range(of: detailText)
+        attributedTitle.addAttributes(
+            [
+                .font: NSFont.menuFont(ofSize: NSFont.smallSystemFontSize),
+                .foregroundColor: NSColor.secondaryLabelColor,
+            ],
+            range: detailRange)
+        return attributedTitle
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+HostedSubmenus.swift b/Sources/CodexBar/StatusItemController+HostedSubmenus.swift
new file mode 100644
index 000000000..65bad39dd
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+HostedSubmenus.swift
@@ -0,0 +1,270 @@
+import AppKit
+import CodexBarCore
+import SwiftUI
+
+extension StatusItemController {
+    func isHostedSubviewMenu(_ menu: NSMenu) -> Bool {
+        let ids: Set = [
+            Self.usageBreakdownChartID,
+            Self.creditsHistoryChartID,
+            Self.costHistoryChartID,
+            Self.usageHistoryChartID,
+            Self.storageBreakdownID,
+            Self.zaiHourlyUsageChartID,
+        ]
+        return menu.items.contains { item in
+            guard let id = item.representedObject as? String else { return false }
+            return ids.contains(id)
+        }
+    }
+
+    func makeHostedSubviewPlaceholderMenu(
+        chartID: String,
+        provider: UsageProvider? = nil,
+        width: CGFloat? = nil) -> NSMenu
+    {
+        let submenu = NSMenu()
+        submenu.autoenablesItems = false
+        if let width {
+            submenu.minimumWidth = width
+        }
+        submenu.delegate = self
+        let chartItem = NSMenuItem()
+        chartItem.isEnabled = true
+        chartItem.representedObject = chartID
+        chartItem.toolTip = provider?.rawValue
+        submenu.addItem(chartItem)
+        return submenu
+    }
+
+    func hydrateHostedSubviewMenuIfNeeded(_ menu: NSMenu, width requestedWidth: CGFloat? = nil) {
+        guard let placeholder = menu.items.first,
+              menu.items.count == 1,
+              placeholder.view == nil,
+              let chartID = placeholder.representedObject as? String
+        else {
+            return
+        }
+
+        let width = requestedWidth ?? self.renderedMenuWidth(for: menu.supermenu ?? menu)
+        menu.removeAllItems()
+
+        let didHydrate: Bool = switch chartID {
+        case Self.usageBreakdownChartID:
+            self.appendUsageBreakdownChartItem(to: menu, width: width)
+        case Self.creditsHistoryChartID:
+            self.appendCreditsHistoryChartItem(to: menu, width: width)
+        case Self.costHistoryChartID:
+            if let providerRawValue = placeholder.toolTip,
+               let provider = UsageProvider(rawValue: providerRawValue)
+            {
+                self.appendCostHistoryChartItem(to: menu, provider: provider, width: width)
+            } else {
+                false
+            }
+        case Self.usageHistoryChartID:
+            if let providerRawValue = placeholder.toolTip,
+               let provider = UsageProvider(rawValue: providerRawValue)
+            {
+                self.appendUsageHistoryChartItem(to: menu, provider: provider, width: width)
+            } else {
+                false
+            }
+        case Self.storageBreakdownID:
+            if let providerRawValue = placeholder.toolTip,
+               let provider = UsageProvider(rawValue: providerRawValue)
+            {
+                self.appendStorageBreakdownItem(to: menu, provider: provider, width: width)
+            } else {
+                false
+            }
+        case Self.zaiHourlyUsageChartID:
+            if let providerRawValue = placeholder.toolTip,
+               let provider = UsageProvider(rawValue: providerRawValue)
+            {
+                self.appendZaiHourlyUsageChartItem(to: menu, provider: provider, width: width)
+            } else {
+                false
+            }
+        default:
+            false
+        }
+
+        guard !didHydrate else { return }
+
+        let unavailableItem = NSMenuItem(title: L("No data available"), action: nil, keyEquivalent: "")
+        unavailableItem.isEnabled = false
+        unavailableItem.representedObject = chartID
+        unavailableItem.toolTip = placeholder.toolTip
+        menu.addItem(unavailableItem)
+    }
+
+    @discardableResult
+    func appendUsageBreakdownChartItem(to submenu: NSMenu, width: CGFloat) -> Bool {
+        let breakdown = OpenAIDashboardDailyBreakdown.removingSkillUsageServices(
+            from: self.store.openAIDashboard?.usageBreakdown ?? [])
+        guard !breakdown.isEmpty else { return false }
+
+        if !Self.menuCardRenderingEnabled {
+            let chartItem = NSMenuItem()
+            chartItem.isEnabled = true
+            chartItem.representedObject = Self.usageBreakdownChartID
+            submenu.addItem(chartItem)
+            return true
+        }
+
+        let chartView = UsageBreakdownChartMenuView(breakdown: breakdown, width: width)
+        let hosting = MenuHostingView(rootView: chartView)
+        let controller = NSHostingController(rootView: chartView)
+        let size = controller.sizeThatFits(in: CGSize(width: width, height: .greatestFiniteMagnitude))
+        hosting.frame = NSRect(origin: .zero, size: NSSize(width: width, height: size.height))
+
+        let chartItem = NSMenuItem()
+        chartItem.view = hosting
+        chartItem.isEnabled = true
+        chartItem.representedObject = Self.usageBreakdownChartID
+        submenu.addItem(chartItem)
+        return true
+    }
+
+    @discardableResult
+    func appendCreditsHistoryChartItem(to submenu: NSMenu, width: CGFloat) -> Bool {
+        let breakdown = self.store.openAIDashboard?.dailyBreakdown ?? []
+        guard !breakdown.isEmpty else { return false }
+
+        if !Self.menuCardRenderingEnabled {
+            let chartItem = NSMenuItem()
+            chartItem.isEnabled = true
+            chartItem.representedObject = Self.creditsHistoryChartID
+            submenu.addItem(chartItem)
+            return true
+        }
+
+        let chartView = CreditsHistoryChartMenuView(breakdown: breakdown, width: width)
+        let hosting = MenuHostingView(rootView: chartView)
+        let controller = NSHostingController(rootView: chartView)
+        let size = controller.sizeThatFits(in: CGSize(width: width, height: .greatestFiniteMagnitude))
+        hosting.frame = NSRect(origin: .zero, size: NSSize(width: width, height: size.height))
+
+        let chartItem = NSMenuItem()
+        chartItem.view = hosting
+        chartItem.isEnabled = true
+        chartItem.representedObject = Self.creditsHistoryChartID
+        submenu.addItem(chartItem)
+        return true
+    }
+
+    @discardableResult
+    func appendCostHistoryChartItem(
+        to submenu: NSMenu,
+        provider: UsageProvider,
+        width: CGFloat) -> Bool
+    {
+        guard let tokenSnapshot = self.tokenSnapshotForCostHistorySubmenu(provider: provider) else { return false }
+        guard !tokenSnapshot.daily.isEmpty else { return false }
+
+        if !Self.menuCardRenderingEnabled {
+            let chartItem = NSMenuItem()
+            chartItem.isEnabled = true
+            chartItem.representedObject = Self.costHistoryChartID
+            submenu.addItem(chartItem)
+            return true
+        }
+
+        let chartView = CostHistoryChartMenuView(
+            provider: provider,
+            daily: tokenSnapshot.daily,
+            totalCostUSD: tokenSnapshot.last30DaysCostUSD,
+            currencyCode: tokenSnapshot.currencyCode,
+            historyDays: tokenSnapshot.historyDays,
+            windowLabel: tokenSnapshot.historyLabel,
+            width: width)
+        let hosting = MenuHostingView(rootView: chartView)
+        let controller = NSHostingController(rootView: chartView)
+        let size = controller.sizeThatFits(in: CGSize(width: width, height: .greatestFiniteMagnitude))
+        hosting.frame = NSRect(origin: .zero, size: NSSize(width: width, height: size.height))
+
+        let chartItem = NSMenuItem()
+        chartItem.view = hosting
+        chartItem.isEnabled = true
+        chartItem.representedObject = Self.costHistoryChartID
+        submenu.addItem(chartItem)
+        return true
+    }
+
+    @discardableResult
+    func appendStorageBreakdownItem(
+        to submenu: NSMenu,
+        provider: UsageProvider,
+        width: CGFloat)
+        -> Bool
+    {
+        guard let footprint = self.store.storageFootprint(for: provider),
+              !footprint.components.isEmpty
+        else { return false }
+
+        if !Self.menuCardRenderingEnabled {
+            let item = NSMenuItem()
+            item.isEnabled = true
+            item.representedObject = Self.storageBreakdownID
+            item.toolTip = provider.rawValue
+            submenu.addItem(item)
+            return true
+        }
+
+        let maxHeight = self.storageBreakdownMenuMaxHeight()
+        let view = StorageBreakdownMenuView(footprint: footprint, width: width, maxHeight: maxHeight)
+        let hosting = MenuHostingView(rootView: view)
+        let controller = NSHostingController(rootView: view)
+        let size = controller.sizeThatFits(in: CGSize(width: width, height: maxHeight))
+        hosting.frame = NSRect(origin: .zero, size: NSSize(width: width, height: size.height))
+
+        let item = NSMenuItem()
+        item.view = hosting
+        item.isEnabled = true
+        item.representedObject = Self.storageBreakdownID
+        item.toolTip = provider.rawValue
+        submenu.addItem(item)
+        return true
+    }
+
+    private func storageBreakdownMenuMaxHeight() -> CGFloat {
+        let visibleHeight = NSScreen.main?.visibleFrame.height ?? 900
+        return min(620, max(360, floor(visibleHeight * 0.72)))
+    }
+
+    @discardableResult
+    func appendZaiHourlyUsageChartItem(
+        to submenu: NSMenu,
+        provider: UsageProvider,
+        width: CGFloat) -> Bool
+    {
+        guard provider == .zai,
+              let snapshot = self.store.snapshot(for: provider),
+              let modelUsage = snapshot.zaiUsage?.modelUsage
+        else { return false }
+
+        if !Self.menuCardRenderingEnabled {
+            let chartItem = NSMenuItem()
+            chartItem.isEnabled = false
+            chartItem.representedObject = Self.zaiHourlyUsageChartID
+            chartItem.toolTip = provider.rawValue
+            submenu.addItem(chartItem)
+            return true
+        }
+
+        let chartView = ZaiHourlyUsageChartMenuView(modelUsage: modelUsage, width: width)
+        let hosting = MenuHostingView(rootView: chartView)
+        let controller = NSHostingController(rootView: chartView)
+        let size = controller.sizeThatFits(in: CGSize(width: width, height: .greatestFiniteMagnitude))
+        hosting.frame = NSRect(origin: .zero, size: NSSize(width: width, height: size.height))
+
+        let chartItem = NSMenuItem()
+        chartItem.view = hosting
+        chartItem.isEnabled = false
+        chartItem.representedObject = Self.zaiHourlyUsageChartID
+        chartItem.toolTip = provider.rawValue
+        submenu.addItem(chartItem)
+        return true
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+IconPerf.swift b/Sources/CodexBar/StatusItemController+IconPerf.swift
new file mode 100644
index 000000000..80ed9b0db
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+IconPerf.swift
@@ -0,0 +1,69 @@
+import Observation
+
+struct IconPerfRefreshCycleMetrics {
+    var updateIconsCalls = 0
+    var renderedCalls = 0
+    var skippedCalls = 0
+}
+
+extension StatusItemController {
+    func observeIconPerfRefreshCycleChanges() {
+        withObservationTracking {
+            _ = self.store.isRefreshing
+            _ = self.settings.debugLogLevel
+        } onChange: { [weak self] in
+            Task { @MainActor [weak self] in
+                guard let self else { return }
+                self.observeIconPerfRefreshCycleChanges()
+                self.handleIconPerfRefreshCycleChange()
+            }
+        }
+        self.handleIconPerfRefreshCycleChange()
+    }
+
+    func handleIconPerfRefreshCycleChange() {
+        guard self.settings.isVerboseLoggingEnabled else {
+            self.iconPerfRefreshCycleMetrics = nil
+            self.iconPerfUpdatePassActive = false
+            return
+        }
+        guard !self.store.isRefreshing else { return }
+        self.logIconPerfRefreshCycleIfNeeded()
+    }
+
+    func beginIconPerfUpdatePass() {
+        self.iconPerfUpdatePassActive = false
+        guard self.settings.isVerboseLoggingEnabled, self.store.isRefreshing else { return }
+        if self.iconPerfRefreshCycleMetrics == nil {
+            self.iconPerfRefreshCycleMetrics = IconPerfRefreshCycleMetrics()
+        }
+        self.iconPerfRefreshCycleMetrics?.updateIconsCalls += 1
+        self.iconPerfUpdatePassActive = true
+    }
+
+    func endIconPerfUpdatePass() {
+        self.iconPerfUpdatePassActive = false
+    }
+
+    func noteIconPerfRender(skipped: Bool) {
+        guard self.iconPerfUpdatePassActive else { return }
+        if skipped {
+            self.iconPerfRefreshCycleMetrics?.skippedCalls += 1
+        } else {
+            self.iconPerfRefreshCycleMetrics?.renderedCalls += 1
+        }
+    }
+
+    func logIconPerfRefreshCycleIfNeeded() {
+        guard let metrics = self.iconPerfRefreshCycleMetrics,
+              metrics.updateIconsCalls > 0
+        else {
+            self.iconPerfRefreshCycleMetrics = nil
+            return
+        }
+        let message = "[perf] refresh cycle: updateIcons() called \(metrics.updateIconsCalls) times "
+            + "(\(metrics.renderedCalls) rendered, \(metrics.skippedCalls) skipped)"
+        self.menuLogger.verbose(message)
+        self.iconPerfRefreshCycleMetrics = nil
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+Menu.swift b/Sources/CodexBar/StatusItemController+Menu.swift
index d7d18a8cd..f3926a932 100644
--- a/Sources/CodexBar/StatusItemController+Menu.swift
+++ b/Sources/CodexBar/StatusItemController+Menu.swift
@@ -4,87 +4,86 @@ import Observation
 import QuartzCore
 import SwiftUI
 
-extension ProviderSwitcherSelection {
-    fileprivate var provider: UsageProvider? {
-        switch self {
-        case .overview:
-            nil
-        case let .provider(provider):
-            provider
-        }
+// MARK: - NSMenu construction
+
+extension StatusItemController {
+    static let menuCardBaseWidth: CGFloat = 310
+    private static let maxOverviewProviders = SettingsStore.mergedOverviewProviderLimit
+    private static let overviewRowIdentifierPrefix = "overviewRow-"
+    private static let defaultMenuOpenRefreshDelay: Duration = .seconds(1.2)
+    #if DEBUG
+    private static var menuOpenRefreshDelayForTesting: Duration = .seconds(1.2)
+    static func setMenuOpenRefreshDelayForTesting(_ delay: Duration) {
+        self.menuOpenRefreshDelayForTesting = delay
     }
-}
 
-private struct OverviewMenuCardRowView: View {
-    let model: UsageMenuCardView.Model
-    let width: CGFloat
-
-    var body: some View {
-        VStack(alignment: .leading, spacing: 0) {
-            UsageMenuCardHeaderSectionView(
-                model: self.model,
-                showDivider: self.hasUsageBlock,
-                width: self.width)
-            if self.hasUsageBlock {
-                UsageMenuCardUsageSectionView(
-                    model: self.model,
-                    showBottomDivider: false,
-                    bottomPadding: 6,
-                    width: self.width)
-            }
-        }
-        .frame(width: self.width, alignment: .leading)
+    static func resetMenuOpenRefreshDelayForTesting() {
+        self.menuOpenRefreshDelayForTesting = self.defaultMenuOpenRefreshDelay
     }
+    #endif
 
-    private var hasUsageBlock: Bool {
-        !self.model.metrics.isEmpty || !self.model.usageNotes.isEmpty || self.model.placeholder != nil
+    private static var menuOpenRefreshDelay: Duration {
+        #if DEBUG
+        menuOpenRefreshDelayForTesting
+        #else
+        defaultMenuOpenRefreshDelay
+        #endif
     }
-}
 
-// MARK: - NSMenu construction
+    static let usageBreakdownChartID = "usageBreakdownChart"
+    static let creditsHistoryChartID = "creditsHistoryChart"
+    static let costHistoryChartID = "costHistoryChart"
+    static let usageHistoryChartID = "usageHistoryChart"
+    static let storageBreakdownID = "storageBreakdown"
 
-extension StatusItemController {
-    private static let menuCardBaseWidth: CGFloat = 310
-    private static let maxOverviewProviders = SettingsStore.mergedOverviewProviderLimit
-    private static let overviewRowIdentifierPrefix = "overviewRow-"
-    private static let menuOpenRefreshDelay: Duration = .seconds(1.2)
-    private struct OpenAIWebMenuItems {
-        let hasUsageBreakdown: Bool
-        let hasCreditsHistory: Bool
-        let hasCostHistory: Bool
+    private func shortcut(for action: MenuDescriptor.MenuAction) -> (key: String, modifiers: NSEvent.ModifierFlags)? {
+        switch action {
+        case .refresh:
+            ("r", [.command])
+        case .settings:
+            (",", [.command])
+        case .quit:
+            ("q", [.command])
+        default:
+            nil
+        }
     }
 
-    private struct TokenAccountMenuDisplay {
-        let provider: UsageProvider
-        let accounts: [ProviderTokenAccount]
-        let snapshots: [TokenAccountUsageSnapshot]
-        let activeIndex: Int
-        let showAll: Bool
-        let showSwitcher: Bool
+    private func menuCardWidth(
+        for providers: [UsageProvider],
+        sections: [MenuDescriptor.Section]) -> CGFloat
+    {
+        _ = providers
+        let baselineWidth = Self.menuCardBaseWidth
+        return max(baselineWidth, self.measuredStandardMenuWidth(for: sections, baseWidth: baselineWidth))
     }
 
-    private func menuCardWidth(for providers: [UsageProvider], menu: NSMenu? = nil) -> CGFloat {
-        _ = menu
-        return Self.menuCardBaseWidth
+    private func measuredStandardMenuWidth(for sections: [MenuDescriptor.Section], baseWidth: CGFloat) -> CGFloat {
+        let measuringMenu = NSMenu()
+        measuringMenu.autoenablesItems = false
+        self.addActionableSections(sections, to: measuringMenu, width: baseWidth)
+        return ceil(measuringMenu.size.width)
     }
 
     func makeMenu() -> NSMenu {
         guard self.shouldMergeIcons else {
             return self.makeMenu(for: nil)
         }
-        let menu = NSMenu()
-        menu.autoenablesItems = false
-        menu.delegate = self
-        return menu
+        return self.makeBaseMenu()
     }
 
     func menuWillOpen(_ menu: NSMenu) {
         if self.isHostedSubviewMenu(menu) {
+            self.hydrateHostedSubviewMenuIfNeeded(menu)
             self.refreshHostedSubviewHeights(in: menu)
             if Self.menuRefreshEnabled, self.isOpenAIWebSubviewMenu(menu) {
                 self.store.requestOpenAIDashboardRefreshIfStale(reason: "submenu open")
             }
-            self.openMenus[ObjectIdentifier(menu)] = menu
+            if Self.menuRefreshEnabled {
+                // Intentionally skip open-menu tracking when refresh is disabled (tests).
+                // If refresh is re-enabled while this menu stays open, it will not be backfilled until next open.
+                self.openMenus[ObjectIdentifier(menu)] = menu
+            }
             // Removed redundant async refresh - single pass is sufficient after initial layout
             return
         }
@@ -99,10 +98,10 @@ extension StatusItemController {
                 self.lastMenuProvider = menuProvider
                 provider = menuProvider
             } else if menu === self.fallbackMenu {
-                self.lastMenuProvider = self.store.enabledProviders().first ?? .codex
+                self.lastMenuProvider = self.store.enabledProvidersForDisplay().first ?? .codex
                 provider = nil
             } else {
-                let resolved = self.store.enabledProviders().first ?? .codex
+                let resolved = self.store.enabledProvidersForDisplay().first ?? .codex
                 self.lastMenuProvider = resolved
                 provider = resolved
             }
@@ -114,18 +113,39 @@ extension StatusItemController {
             self.markMenuFresh(menu)
             // Heights are already set during populateMenu, no need to remeasure
         }
-        self.openMenus[ObjectIdentifier(menu)] = menu
-        // Only schedule refresh after menu is registered as open - refreshNow is called async
         if Self.menuRefreshEnabled {
+            // Intentionally skip open-menu tracking when refresh is disabled (tests).
+            // If refresh is re-enabled while this menu stays open, it will not be backfilled until next open.
+            self.openMenus[ObjectIdentifier(menu)] = menu
+            self.installProviderSwitcherShortcutMonitorIfNeeded(for: menu)
+            // Only schedule refresh after menu is registered as open - refreshNow is called async
             self.scheduleOpenMenuRefresh(for: menu)
         }
     }
 
     func menuDidClose(_ menu: NSMenu) {
+        let wasHostedSubviewMenu = self.isHostedSubviewMenu(menu)
+        self.forgetClosedMenu(menu)
+        if wasHostedSubviewMenu {
+            self.refreshOpenMenusIfNeeded()
+        }
+    }
+
+    func forgetClosedMenu(_ menu: NSMenu) {
         let key = ObjectIdentifier(menu)
 
+        if key == self.providerSwitcherShortcutMenuID {
+            self.removeProviderSwitcherShortcutMonitor()
+        }
+
         self.openMenus.removeValue(forKey: key)
         self.menuRefreshTasks.removeValue(forKey: key)?.cancel()
+        self.openMenuRebuildTasks.removeValue(forKey: key)?.cancel()
+        self.openMenuRebuildTokens.removeValue(forKey: key)
+        self.openMenuRebuildsClosingHostedSubviewMenus.remove(key)
+        if let highlightedView = self.highlightedMenuItems.removeValue(forKey: key)?.view {
+            (highlightedView as? MenuCardHighlighting)?.setHighlighted(false)
+        }
 
         let isPersistentMenu = menu === self.mergedMenu ||
             menu === self.fallbackMenu ||
@@ -134,20 +154,27 @@ extension StatusItemController {
             self.menuProviders.removeValue(forKey: key)
             self.menuVersions.removeValue(forKey: key)
         }
-        for menuItem in menu.items {
-            (menuItem.view as? MenuCardHighlighting)?.setHighlighted(false)
-        }
     }
 
     func menu(_ menu: NSMenu, willHighlight item: NSMenuItem?) {
-        for menuItem in menu.items {
-            let highlighted = menuItem == item && menuItem.isEnabled
-            (menuItem.view as? MenuCardHighlighting)?.setHighlighted(highlighted)
+        let key = ObjectIdentifier(menu)
+        let previous = self.highlightedMenuItems[key]
+        guard previous !== item else { return }
+
+        if let previous {
+            (previous.view as? MenuCardHighlighting)?.setHighlighted(false)
+        }
+
+        if let item, item.isEnabled {
+            self.highlightedMenuItems[key] = item
+            (item.view as? MenuCardHighlighting)?.setHighlighted(true)
+        } else {
+            self.highlightedMenuItems.removeValue(forKey: key)
         }
     }
 
-    private func populateMenu(_ menu: NSMenu, provider: UsageProvider?) {
-        let enabledProviders = self.store.enabledProviders()
+    func populateMenu(_ menu: NSMenu, provider: UsageProvider?) {
+        let enabledProviders = self.store.enabledProvidersForDisplay()
         let includesOverview = self.includesOverviewTab(enabledProviders: enabledProviders)
         let switcherSelection = self.shouldMergeIcons && enabledProviders.count > 1
             ? self.resolvedSwitcherSelection(
@@ -160,19 +187,50 @@ extension StatusItemController {
         } else {
             switcherSelection?.provider ?? provider
         }
-        let menuWidth = self.menuCardWidth(for: enabledProviders, menu: menu)
         let currentProvider = selectedProvider ?? enabledProviders.first ?? .codex
+        let rawCodexAccountDisplay = isOverviewSelected ? nil : self.codexAccountMenuDisplay(for: currentProvider)
+        let codexAccountDisplay = isOverviewSelected
+            ? nil
+            : self.stableCodexAccountMenuDisplay(
+                rawCodexAccountDisplay,
+                menu: menu,
+                provider: currentProvider)
         let tokenAccountDisplay = isOverviewSelected ? nil : self.tokenAccountMenuDisplay(for: currentProvider)
-        let showAllTokenAccounts = tokenAccountDisplay?.showAll ?? false
+        let showAllAccounts = (tokenAccountDisplay?.showAll ?? false) || (codexAccountDisplay?.showAll ?? false)
         let openAIContext = self.openAIWebContext(
             currentProvider: currentProvider,
-            showAllTokenAccounts: showAllTokenAccounts)
+            showAllAccounts: showAllAccounts)
+        let descriptor = MenuDescriptor.build(
+            provider: selectedProvider,
+            store: self.store,
+            settings: self.settings,
+            account: self.account,
+            managedCodexAccountCoordinator: self.managedCodexAccountCoordinator,
+            codexAccountPromotionCoordinator: self.codexAccountPromotionCoordinator,
+            updateReady: self.updater.updateStatus.isUpdateReady,
+            includeContextualActions: !isOverviewSelected)
+        let menuWidth = self.menuCardWidth(for: enabledProviders, sections: descriptor.sections)
 
-        let hasTokenAccountSwitcher = menu.items.contains { $0.view is TokenAccountSwitcherView }
+        let hasTokenSwitcher = menu.items.contains { $0.view is TokenAccountSwitcherView }
+        let hasCodexSwitcher = menu.items.contains { $0.view is CodexAccountSwitcherView }
         let switcherProvidersMatch = enabledProviders == self.lastSwitcherProviders
         let switcherUsageBarsShowUsedMatch = self.settings.usageBarsShowUsed == self.lastSwitcherUsageBarsShowUsed
         let switcherSelectionMatches = switcherSelection == self.lastMergedSwitcherSelection
         let switcherOverviewAvailabilityMatches = includesOverview == self.lastSwitcherIncludesOverview
+        let menuLocalizationMatches = self.menuLocalizationSignature() == self.lastMenuLocalizationSignature
+        let tokenSwitcherCompatible = tokenAccountDisplay == self.lastTokenAccountMenuDisplay &&
+            ((tokenAccountDisplay?.showSwitcher == true && hasTokenSwitcher) ||
+                (tokenAccountDisplay?.showSwitcher != true && !hasTokenSwitcher))
+        let codexSwitcherCompatible = codexAccountDisplay == self.lastCodexAccountMenuDisplay &&
+            ((codexAccountDisplay?.showSwitcher == true && hasCodexSwitcher) ||
+                (codexAccountDisplay?.showSwitcher != true && !hasCodexSwitcher))
+        let reusableRowWidthsMatch = self.reusableFixedWidthRows(in: menu).allSatisfy { item in
+            guard let view = item.view else { return false }
+            return abs(view.frame.width - menuWidth) <= 0.5
+        }
+        let providerSwitcherWidthMatches = (menu.items.first?.view as? ProviderSwitcherView).map { view in
+            abs(view.frame.width - menuWidth) <= 0.5
+        } ?? false
         let canSmartUpdate = self.shouldMergeIcons &&
             enabledProviders.count > 1 &&
             !isOverviewSelected &&
@@ -180,153 +238,238 @@ extension StatusItemController {
             switcherUsageBarsShowUsedMatch &&
             switcherSelectionMatches &&
             switcherOverviewAvailabilityMatches &&
-            tokenAccountDisplay == nil &&
-            !hasTokenAccountSwitcher &&
+            menuLocalizationMatches &&
+            tokenSwitcherCompatible &&
+            codexSwitcherCompatible &&
+            reusableRowWidthsMatch &&
             !menu.items.isEmpty &&
             menu.items.first?.view is ProviderSwitcherView
 
+        #if DEBUG
+        if self.openMenus[ObjectIdentifier(menu)] != nil {
+            self.menuLogger.debug(
+                "populateMenu(open): provider=\(String(describing: provider)) " +
+                    "display=\(enabledProviders.map(\.rawValue)) " +
+                    "available=\(self.store.enabledProviders().map(\.rawValue)) " +
+                    "selection=\(String(describing: switcherSelection)) " +
+                    "last=\(String(describing: self.lastMergedSwitcherSelection)) " +
+                    "smart=\(canSmartUpdate)")
+        }
+        #endif
+
         if canSmartUpdate {
-            self.updateMenuContent(
+            self.updateMenuContentPreservingSwitcher(
                 menu,
-                provider: selectedProvider,
-                currentProvider: currentProvider,
-                menuWidth: menuWidth,
-                openAIContext: openAIContext)
+                context: MenuUpdateContext(
+                    provider: selectedProvider,
+                    currentProvider: currentProvider,
+                    switcherSelection: switcherSelection ?? .provider(currentProvider),
+                    menuWidth: menuWidth,
+                    codexAccountDisplay: codexAccountDisplay,
+                    tokenAccountDisplay: tokenAccountDisplay,
+                    openAIContext: openAIContext))
             return
         }
 
-        menu.removeAllItems()
+        let canPreserveProviderSwitcher = self.shouldMergeIcons &&
+            enabledProviders.count > 1 &&
+            switcherProvidersMatch &&
+            switcherUsageBarsShowUsedMatch &&
+            switcherOverviewAvailabilityMatches &&
+            menuLocalizationMatches &&
+            providerSwitcherWidthMatches &&
+            !menu.items.isEmpty &&
+            menu.items.first?.view is ProviderSwitcherView
+
+        #if DEBUG
+        if self.openMenus[ObjectIdentifier(menu)] != nil {
+            self.menuLogger.debug(
+                "populateMenu(open): preserveSwitcher=\(canPreserveProviderSwitcher) " +
+                    "widthMatch=\(providerSwitcherWidthMatches)")
+        }
+        #endif
 
-        let descriptor = MenuDescriptor.build(
-            provider: selectedProvider,
-            store: self.store,
-            settings: self.settings,
-            account: self.account,
-            updateReady: self.updater.updateStatus.isUpdateReady,
-            includeContextualActions: !isOverviewSelected)
+        if canPreserveProviderSwitcher {
+            self.updateMenuContentPreservingSwitcher(
+                menu,
+                context: MenuUpdateContext(
+                    provider: selectedProvider,
+                    currentProvider: currentProvider,
+                    switcherSelection: switcherSelection ?? .provider(currentProvider),
+                    menuWidth: menuWidth,
+                    codexAccountDisplay: codexAccountDisplay,
+                    tokenAccountDisplay: tokenAccountDisplay,
+                    openAIContext: openAIContext))
+            return
+        }
 
-        self.addProviderSwitcherIfNeeded(
-            to: menu,
-            enabledProviders: enabledProviders,
-            includesOverview: includesOverview,
-            selection: switcherSelection ?? .provider(currentProvider))
-        // Track which providers the switcher was built with for smart update detection
-        if self.shouldMergeIcons, enabledProviders.count > 1 {
-            self.lastSwitcherProviders = enabledProviders
-            self.lastSwitcherUsageBarsShowUsed = self.settings.usageBarsShowUsed
-            self.lastMergedSwitcherSelection = switcherSelection
-            self.lastSwitcherIncludesOverview = includesOverview
-        }
-        self.addTokenAccountSwitcherIfNeeded(to: menu, display: tokenAccountDisplay)
-        let menuContext = MenuCardContext(
-            currentProvider: currentProvider,
-            selectedProvider: selectedProvider,
-            menuWidth: menuWidth,
-            tokenAccountDisplay: tokenAccountDisplay,
-            openAIContext: openAIContext)
-        if isOverviewSelected {
-            if self.addOverviewRows(
-                to: menu,
+        #if DEBUG
+        if self.openMenus[ObjectIdentifier(menu)] != nil, menu.items.first?.view is ProviderSwitcherView {
+            self.menuLogger.debug("populateMenu(open): rebuilding whole menu and replacing provider switcher")
+        }
+        #endif
+        self.rebuildMenuContent(
+            menu,
+            context: MenuRebuildContext(
                 enabledProviders: enabledProviders,
-                menuWidth: menuWidth)
-            {
-                menu.addItem(.separator())
-            } else {
-                self.addOverviewEmptyState(to: menu, enabledProviders: enabledProviders)
-                menu.addItem(.separator())
-            }
-        } else {
-            let addedOpenAIWebItems = self.addMenuCards(to: menu, context: menuContext)
-            self.addOpenAIWebItemsIfNeeded(
-                to: menu,
+                includesOverview: includesOverview,
+                switcherSelection: switcherSelection,
                 currentProvider: currentProvider,
-                context: openAIContext,
-                addedOpenAIWebItems: addedOpenAIWebItems)
-        }
-        self.addActionableSections(descriptor.sections, to: menu)
+                selectedProvider: selectedProvider,
+                menuWidth: menuWidth,
+                codexAccountDisplay: codexAccountDisplay,
+                tokenAccountDisplay: tokenAccountDisplay,
+                openAIContext: openAIContext,
+                descriptor: descriptor))
     }
 
-    /// Smart update: only rebuild content sections when switching providers (keep the switcher intact).
-    private func updateMenuContent(
-        _ menu: NSMenu,
-        provider: UsageProvider?,
-        currentProvider: UsageProvider,
-        menuWidth: CGFloat,
-        openAIContext: OpenAIWebContext)
-    {
-        // Batch menu updates to prevent visual flickering during provider switch.
-        CATransaction.begin()
-        CATransaction.setDisableActions(true)
-        defer { CATransaction.commit() }
+    private func reusableFixedWidthRows(in menu: NSMenu) -> [NSMenuItem] {
+        guard !menu.items.isEmpty else { return [] }
 
-        var contentStartIndex = 0
-        if menu.items.first?.view is ProviderSwitcherView {
-            contentStartIndex = 2
+        var reusableRows: [NSMenuItem] = []
+        var index = self.providerSwitcherContentStartIndex(in: menu)
+        if index > 0 {
+            reusableRows.append(menu.items[0])
         }
-        if menu.items.count > contentStartIndex,
-           menu.items[contentStartIndex].view is TokenAccountSwitcherView
+        if menu.items.count > index,
+           menu.items[index].view is CodexAccountSwitcherView
         {
-            contentStartIndex += 2
+            reusableRows.append(menu.items[index])
+            index += 2
         }
-        while menu.items.count > contentStartIndex {
-            menu.removeItem(at: contentStartIndex)
+        if menu.items.count > index,
+           menu.items[index].view is TokenAccountSwitcherView
+        {
+            reusableRows.append(menu.items[index])
         }
-
-        let descriptor = MenuDescriptor.build(
-            provider: provider,
-            store: self.store,
-            settings: self.settings,
-            account: self.account,
-            updateReady: self.updater.updateStatus.isUpdateReady)
-
-        let menuContext = MenuCardContext(
-            currentProvider: currentProvider,
-            selectedProvider: provider,
-            menuWidth: menuWidth,
-            tokenAccountDisplay: nil,
-            openAIContext: openAIContext)
-        let addedOpenAIWebItems = self.addMenuCards(to: menu, context: menuContext)
-        self.addOpenAIWebItemsIfNeeded(
-            to: menu,
-            currentProvider: currentProvider,
-            context: openAIContext,
-            addedOpenAIWebItems: addedOpenAIWebItems)
-        self.addActionableSections(descriptor.sections, to: menu)
-    }
-
-    private struct OpenAIWebContext {
-        let hasUsageBreakdown: Bool
-        let hasCreditsHistory: Bool
-        let hasCostHistory: Bool
-        let hasOpenAIWebMenuItems: Bool
+        return reusableRows
     }
 
-    private struct MenuCardContext {
+    /// Smart update: rebuild everything below the provider switcher while keeping the switcher view intact.
+    private struct MenuUpdateContext {
+        let provider: UsageProvider?
         let currentProvider: UsageProvider
-        let selectedProvider: UsageProvider?
+        let switcherSelection: ProviderSwitcherSelection
         let menuWidth: CGFloat
+        let codexAccountDisplay: CodexAccountMenuDisplay?
         let tokenAccountDisplay: TokenAccountMenuDisplay?
         let openAIContext: OpenAIWebContext
     }
 
+    /// Smart update: rebuild everything below the provider switcher while keeping the switcher view intact.
+    private func updateMenuContentPreservingSwitcher(
+        _ menu: NSMenu,
+        context: MenuUpdateContext)
+    {
+        self.performMenuMutationWithoutAnimation {
+            let contentStartIndex = self.providerSwitcherContentStartIndex(in: menu)
+            if let switcherView = menu.items.first?.view as? ProviderSwitcherView {
+                switcherView.updateSelection(context.switcherSelection)
+                switcherView.updateQuotaIndicators()
+            }
+            while menu.items.count > contentStartIndex {
+                menu.removeItem(at: contentStartIndex)
+            }
+
+            let enabledProviders = self.store.enabledProvidersForDisplay()
+            self.rememberMergedSwitcherState(enabledProviders, context.switcherSelection)
+            self.addCodexAccountSwitcherIfNeeded(
+                to: menu,
+                display: context.codexAccountDisplay,
+                width: context.menuWidth)
+            self.lastCodexAccountMenuDisplay = context.codexAccountDisplay
+            self.addTokenAccountSwitcherIfNeeded(
+                to: menu,
+                display: context.tokenAccountDisplay,
+                width: context.menuWidth)
+            self.lastTokenAccountMenuDisplay = context.tokenAccountDisplay
+
+            let descriptor = MenuDescriptor.build(
+                provider: context.provider,
+                store: self.store,
+                settings: self.settings,
+                account: self.account,
+                managedCodexAccountCoordinator: self.managedCodexAccountCoordinator,
+                codexAccountPromotionCoordinator: self.codexAccountPromotionCoordinator,
+                updateReady: self.updater.updateStatus.isUpdateReady,
+                includeContextualActions: context.switcherSelection != .overview)
+
+            let menuContext = MenuCardContext(
+                currentProvider: context.currentProvider,
+                selectedProvider: context.provider,
+                menuWidth: context.menuWidth,
+                codexAccountDisplay: context.codexAccountDisplay,
+                tokenAccountDisplay: context.tokenAccountDisplay,
+                openAIContext: context.openAIContext)
+            self.addPrimaryMenuContent(to: menu, context: menuContext, switcherSelection: context.switcherSelection)
+            self.addActionableSections(descriptor.sections, to: menu, width: context.menuWidth)
+        }
+    }
+
+    private func rebuildMenuContent(
+        _ menu: NSMenu,
+        context: MenuRebuildContext)
+    {
+        self.performMenuMutationWithoutAnimation {
+            menu.removeAllItems()
+            self.addProviderSwitcherIfNeeded(
+                to: menu,
+                enabledProviders: context.enabledProviders,
+                includesOverview: context.includesOverview,
+                selection: context.switcherSelection ?? .provider(context.currentProvider),
+                width: context.menuWidth)
+            // Track which providers the switcher was built with for smart update detection
+            if self.shouldMergeIcons, context.enabledProviders.count > 1 {
+                self.rememberMergedSwitcherState(
+                    context.enabledProviders,
+                    context.switcherSelection,
+                    context.includesOverview)
+            }
+            self.addCodexAccountSwitcherIfNeeded(
+                to: menu,
+                display: context.codexAccountDisplay,
+                width: context.menuWidth)
+            self.lastCodexAccountMenuDisplay = context.codexAccountDisplay
+            self.addTokenAccountSwitcherIfNeeded(
+                to: menu,
+                display: context.tokenAccountDisplay,
+                width: context.menuWidth)
+            self.lastTokenAccountMenuDisplay = context.tokenAccountDisplay
+            let menuContext = MenuCardContext(
+                currentProvider: context.currentProvider,
+                selectedProvider: context.selectedProvider,
+                menuWidth: context.menuWidth,
+                codexAccountDisplay: context.codexAccountDisplay,
+                tokenAccountDisplay: context.tokenAccountDisplay,
+                openAIContext: context.openAIContext)
+            self.addPrimaryMenuContent(
+                to: menu,
+                context: menuContext,
+                switcherSelection: context.switcherSelection ?? .provider(context.currentProvider))
+            self.addActionableSections(context.descriptor.sections, to: menu, width: context.menuWidth)
+        }
+    }
+
     private func openAIWebContext(
         currentProvider: UsageProvider,
-        showAllTokenAccounts: Bool) -> OpenAIWebContext
+        showAllAccounts: Bool) -> OpenAIWebContext
     {
-        let dashboard = self.store.openAIDashboard
-        let openAIWebEligible = currentProvider == .codex &&
-            self.store.openAIDashboardRequiresLogin == false &&
-            dashboard != nil
-        let hasCreditsHistory = openAIWebEligible && !(dashboard?.dailyBreakdown ?? []).isEmpty
-        let hasUsageBreakdown = openAIWebEligible && !(dashboard?.usageBreakdown ?? []).isEmpty
+        let codexProjection = self.store.codexConsumerProjectionIfNeeded(
+            for: currentProvider,
+            surface: .liveCard)
+        let hasCreditsHistory = codexProjection?.hasCreditsHistory == true
+        let hasUsageBreakdown = codexProjection?.hasUsageBreakdown == true
         let hasCostHistory = self.settings.isCostUsageEffectivelyEnabled(for: currentProvider) &&
             (self.store.tokenSnapshot(for: currentProvider)?.daily.isEmpty == false)
-        let hasOpenAIWebMenuItems = !showAllTokenAccounts &&
+        let canShowBuyCredits = self.settings.showOptionalCreditsAndExtraUsage &&
+            codexProjection?.canShowBuyCredits == true
+        let hasOpenAIWebMenuItems = !showAllAccounts &&
             (hasCreditsHistory || hasUsageBreakdown || hasCostHistory)
         return OpenAIWebContext(
             hasUsageBreakdown: hasUsageBreakdown,
             hasCreditsHistory: hasCreditsHistory,
             hasCostHistory: hasCostHistory,
+            canShowBuyCredits: canShowBuyCredits,
             hasOpenAIWebMenuItems: hasOpenAIWebMenuItems)
     }
 
@@ -334,21 +477,30 @@ extension StatusItemController {
         to menu: NSMenu,
         enabledProviders: [UsageProvider],
         includesOverview: Bool,
-        selection: ProviderSwitcherSelection)
+        selection: ProviderSwitcherSelection,
+        width: CGFloat)
     {
         guard self.shouldMergeIcons, enabledProviders.count > 1 else { return }
         let switcherItem = self.makeProviderSwitcherItem(
             providers: enabledProviders,
             includesOverview: includesOverview,
             selected: selection,
-            menu: menu)
+            menu: menu,
+            width: width)
+        menu.addItem(switcherItem)
+        menu.addItem(.separator())
+    }
+
+    private func addTokenAccountSwitcherIfNeeded(to menu: NSMenu, display: TokenAccountMenuDisplay?, width: CGFloat) {
+        guard let display, display.showSwitcher else { return }
+        let switcherItem = self.makeTokenAccountSwitcherItem(display: display, menu: menu, width: width)
         menu.addItem(switcherItem)
         menu.addItem(.separator())
     }
 
-    private func addTokenAccountSwitcherIfNeeded(to menu: NSMenu, display: TokenAccountMenuDisplay?) {
+    private func addCodexAccountSwitcherIfNeeded(to menu: NSMenu, display: CodexAccountMenuDisplay?, width: CGFloat) {
         guard let display, display.showSwitcher else { return }
-        let switcherItem = self.makeTokenAccountSwitcherItem(display: display, menu: menu)
+        let switcherItem = self.makeCodexAccountSwitcherItem(display: display, menu: menu, width: width)
         menu.addItem(switcherItem)
         menu.addItem(.separator())
     }
@@ -364,16 +516,23 @@ extension StatusItemController {
         let rows: [(provider: UsageProvider, model: UsageMenuCardView.Model)] = overviewProviders
             .compactMap { provider in
                 guard let model = self.menuCardModel(for: provider) else { return nil }
+                guard !model.isOverviewErrorOnly else { return nil }
                 return (provider: provider, model: model)
             }
         guard !rows.isEmpty else { return false }
 
         for (index, row) in rows.enumerated() {
             let identifier = "\(Self.overviewRowIdentifierPrefix)\(row.provider.rawValue)"
+            let storageText = self.store.storageFootprintText(for: row.provider)
+            let submenu = self.makeOverviewRowSubmenu(
+                provider: row.provider,
+                model: row.model,
+                width: menuWidth)
             let item = self.makeMenuCardItem(
-                OverviewMenuCardRowView(model: row.model, width: menuWidth),
+                OverviewMenuCardRowView(model: row.model, storageText: storageText, width: menuWidth),
                 id: identifier,
                 width: menuWidth,
+                submenu: submenu,
                 onClick: { [weak self, weak menu] in
                     guard let self, let menu else { return }
                     self.selectOverviewProvider(row.provider, menu: menu)
@@ -393,11 +552,9 @@ extension StatusItemController {
         let resolvedProviders = self.settings.resolvedMergedOverviewProviders(
             activeProviders: enabledProviders,
             maxVisibleProviders: Self.maxOverviewProviders)
-        let message = if resolvedProviders.isEmpty {
-            "No providers selected for Overview."
-        } else {
-            "No overview data available."
-        }
+        let message = resolvedProviders.isEmpty
+            ? L("No providers selected for Overview.")
+            : L("No overview data available.")
         let item = NSMenuItem(title: message, action: nil, keyEquivalent: "")
         item.isEnabled = false
         item.representedObject = "overviewEmptyState"
@@ -405,6 +562,11 @@ extension StatusItemController {
     }
 
     private func addMenuCards(to menu: NSMenu, context: MenuCardContext) -> Bool {
+        if let codexAccountDisplay = context.codexAccountDisplay, codexAccountDisplay.showAll {
+            self.addStackedCodexMenuCards(codexAccountDisplay, to: menu, context: context)
+            return false
+        }
+
         if let tokenAccountDisplay = context.tokenAccountDisplay, tokenAccountDisplay.showAll {
             let accountSnapshots = tokenAccountDisplay.snapshots
             let cards = accountSnapshots.isEmpty
@@ -415,42 +577,37 @@ extension StatusItemController {
                         snapshotOverride: accountSnapshot.snapshot,
                         errorOverride: accountSnapshot.error)
                 }
-            if cards.isEmpty, let model = self.menuCardModel(for: context.selectedProvider) {
-                menu.addItem(self.makeMenuCardItem(
-                    UsageMenuCardView(model: model, width: context.menuWidth),
-                    id: "menuCard",
-                    width: context.menuWidth))
-                menu.addItem(.separator())
-            } else {
-                for (index, model) in cards.enumerated() {
-                    menu.addItem(self.makeMenuCardItem(
-                        UsageMenuCardView(model: model, width: context.menuWidth),
-                        id: "menuCard-\(index)",
-                        width: context.menuWidth))
-                    if index < cards.count - 1 {
-                        menu.addItem(.separator())
-                    }
-                }
-                if !cards.isEmpty {
-                    menu.addItem(.separator())
-                }
+            self.addStackedMenuCards(cards, to: menu, context: context)
+            return false
+        }
+
+        if context.currentProvider == .kilo, self.store.kiloScopeSnapshots.count > 1 {
+            let cards = self.store.kiloScopeSnapshots.compactMap { scope in
+                self.menuCardModel(
+                    for: .kilo,
+                    snapshotOverride: scope.snapshot,
+                    errorOverride: scope.errorMessage,
+                    forceOverrideCard: scope.snapshot == nil)
             }
+            self.addStackedMenuCards(cards, to: menu, context: context)
             return false
         }
 
         guard let model = self.menuCardModel(for: context.selectedProvider) else { return false }
-        if context.openAIContext.hasOpenAIWebMenuItems {
+        if context.openAIContext.hasOpenAIWebMenuItems || self
+            .hasOpenAIAPIUsageSubmenu(provider: context.currentProvider)
+        {
             let webItems = OpenAIWebMenuItems(
                 hasUsageBreakdown: context.openAIContext.hasUsageBreakdown,
                 hasCreditsHistory: context.openAIContext.hasCreditsHistory,
-                hasCostHistory: context.openAIContext.hasCostHistory)
+                hasCostHistory: context.openAIContext.hasCostHistory,
+                canShowBuyCredits: context.openAIContext.canShowBuyCredits)
             self.addMenuCardSections(
                 to: menu,
                 model: model,
                 provider: context.currentProvider,
                 width: context.menuWidth,
                 webItems: webItems)
-            _ = self.addWeeklyProjectionSubmenu(to: menu, provider: context.currentProvider)
             return true
         }
 
@@ -458,14 +615,46 @@ extension StatusItemController {
             UsageMenuCardView(model: model, width: context.menuWidth),
             id: "menuCard",
             width: context.menuWidth))
-        if context.currentProvider == .codex, model.creditsText != nil {
+        if self.addStorageMenuCardSection(to: menu, provider: context.currentProvider, width: context.menuWidth) {
+            menu.addItem(.separator())
+        }
+        if context.openAIContext.canShowBuyCredits {
             menu.addItem(self.makeBuyCreditsItem())
         }
-        _ = self.addWeeklyProjectionSubmenu(to: menu, provider: context.currentProvider)
         menu.addItem(.separator())
         return false
     }
 
+    private func addStackedMenuCards(
+        _ cards: [UsageMenuCardView.Model],
+        to menu: NSMenu,
+        context: MenuCardContext)
+    {
+        if cards.isEmpty, let model = self.menuCardModel(for: context.selectedProvider) {
+            menu.addItem(self.makeMenuCardItem(
+                UsageMenuCardView(model: model, width: context.menuWidth),
+                id: "menuCard",
+                width: context.menuWidth))
+            menu.addItem(.separator())
+        } else {
+            for (index, model) in cards.enumerated() {
+                menu.addItem(self.makeMenuCardItem(
+                    UsageMenuCardView(model: model, width: context.menuWidth),
+                    id: "menuCard-\(index)",
+                    width: context.menuWidth))
+                if index < cards.count - 1 {
+                    menu.addItem(.separator())
+                }
+            }
+            if !cards.isEmpty {
+                menu.addItem(.separator())
+            }
+        }
+        if self.addStorageMenuCardSection(to: menu, provider: context.currentProvider, width: context.menuWidth) {
+            menu.addItem(.separator())
+        }
+    }
+
     private func addOpenAIWebItemsIfNeeded(
         to menu: NSMenu,
         currentProvider: UsageProvider,
@@ -484,15 +673,57 @@ extension StatusItemController {
             if context.hasCostHistory {
                 _ = self.addCostHistorySubmenu(to: menu, provider: currentProvider)
             }
-            _ = self.addWeeklyProjectionSubmenu(to: menu, provider: currentProvider)
         }
         menu.addItem(.separator())
     }
 
-    private func addActionableSections(_ sections: [MenuDescriptor.Section], to menu: NSMenu) {
+    private func addPrimaryMenuContent(
+        to menu: NSMenu,
+        context: MenuCardContext,
+        switcherSelection: ProviderSwitcherSelection)
+    {
+        self.store.refreshStorageFootprintsForOverview()
+        if switcherSelection == .overview {
+            let enabledProviders = self.store.enabledProvidersForDisplay()
+            if self.addOverviewRows(
+                to: menu,
+                enabledProviders: enabledProviders,
+                menuWidth: context.menuWidth)
+            {
+                menu.addItem(.separator())
+            } else {
+                self.addOverviewEmptyState(to: menu, enabledProviders: enabledProviders)
+                menu.addItem(.separator())
+            }
+        } else {
+            let addedOpenAIWebItems = self.addMenuCards(to: menu, context: context)
+            self.addOpenAIWebItemsIfNeeded(
+                to: menu,
+                currentProvider: context.currentProvider,
+                context: context.openAIContext,
+                addedOpenAIWebItems: addedOpenAIWebItems)
+            if self.addUsageHistoryMenuItemIfNeeded(
+                to: menu,
+                provider: context.currentProvider,
+                width: context.menuWidth)
+            {
+                menu.addItem(.separator())
+            }
+            if self.addZaiHourlyUsageMenuItemIfNeeded(
+                to: menu,
+                provider: context.currentProvider,
+                width: context.menuWidth)
+            {
+                menu.addItem(.separator())
+            }
+        }
+    }
+
+    private func addActionableSections(_ sections: [MenuDescriptor.Section], to menu: NSMenu, width: CGFloat) {
         let actionableSections = sections.filter { section in
             section.entries.contains { entry in
                 if case .action = entry { return true }
+                if case .submenu = entry { return true }
                 return false
             }
         }
@@ -500,6 +731,10 @@ extension StatusItemController {
             for entry in section.entries {
                 switch entry {
                 case let .text(text, style):
+                    if style == .secondary {
+                        menu.addItem(self.makeWrappedSecondaryTextItem(text: text, width: width))
+                        continue
+                    }
                     let item = NSMenuItem(title: text, action: nil, keyEquivalent: "")
                     item.isEnabled = false
                     if style == .headline {
@@ -513,10 +748,24 @@ extension StatusItemController {
                     }
                     menu.addItem(item)
                 case let .action(title, action):
+                    let localizedTitle = L(title)
+                    if self.usesPersistentMenuActionItem(for: action) {
+                        menu.addItem(self.makePersistentMenuActionItem(
+                            title: localizedTitle,
+                            action: action,
+                            menu: menu,
+                            width: width))
+                        continue
+                    }
+
                     let (selector, represented) = self.selector(for: action)
-                    let item = NSMenuItem(title: title, action: selector, keyEquivalent: "")
+                    let item = NSMenuItem(title: localizedTitle, action: selector, keyEquivalent: "")
                     item.target = self
                     item.representedObject = represented
+                    if let shortcut = self.shortcut(for: action) {
+                        item.keyEquivalent = shortcut.key
+                        item.keyEquivalentModifierMask = shortcut.modifiers
+                    }
                     if let iconName = action.systemImageName,
                        let image = NSImage(systemSymbolName: iconName, accessibilityDescription: nil)
                     {
@@ -528,8 +777,38 @@ extension StatusItemController {
                        let subtitle = self.switchAccountSubtitle(for: targetProvider)
                     {
                         item.isEnabled = false
-                        self.applySubtitle(subtitle, to: item, title: title)
+                        self.applySubtitle(subtitle, to: item, title: localizedTitle)
+                    } else if case .addCodexAccount = action,
+                              let subtitle = self.codexAddAccountSubtitle()
+                    {
+                        item.isEnabled = false
+                        self.applySubtitle(subtitle, to: item, title: localizedTitle)
+                    }
+                    menu.addItem(item)
+                case let .submenu(title, systemImageName, submenuItems):
+                    let item = NSMenuItem(title: title, action: nil, keyEquivalent: "")
+                    if let systemImageName,
+                       let image = NSImage(systemSymbolName: systemImageName, accessibilityDescription: nil)
+                    {
+                        image.isTemplate = true
+                        image.size = NSSize(width: 16, height: 16)
+                        item.image = image
+                    }
+                    let submenu = NSMenu(title: title)
+                    submenu.autoenablesItems = false
+                    for submenuItem in submenuItems {
+                        let child = NSMenuItem(title: submenuItem.title, action: nil, keyEquivalent: "")
+                        child.state = submenuItem.isChecked ? .on : .off
+                        child.isEnabled = submenuItem.isEnabled
+                        if let action = submenuItem.action {
+                            let (selector, represented) = self.selector(for: action)
+                            child.action = selector
+                            child.target = self
+                            child.representedObject = represented
+                        }
+                        submenu.addItem(child)
                     }
+                    item.submenu = submenu
                     menu.addItem(item)
                 case .divider:
                     menu.addItem(.separator())
@@ -541,27 +820,122 @@ extension StatusItemController {
         }
     }
 
+    private func makePersistentMenuActionItem(
+        title: String,
+        action: MenuDescriptor.MenuAction,
+        menu: NSMenu,
+        width: CGFloat) -> NSMenuItem
+    {
+        let shortcut = self.shortcut(for: action)
+        let row = PersistentMenuActionItemView(
+            title: title,
+            systemImageName: self.persistentMenuActionSystemImageName(for: action),
+            shortcutText: shortcut.map { self.shortcutLabel(for: $0) },
+            width: width,
+            onClick: { [weak self, weak menu] in
+                self?.performPersistentMenuAction(action, in: menu)
+            })
+
+        let item = NSMenuItem(title: title, action: nil, keyEquivalent: shortcut?.key ?? "")
+        item.keyEquivalentModifierMask = shortcut?.modifiers ?? NSEvent.ModifierFlags()
+        item.isEnabled = true
+        item.view = row
+        item.toolTip = title
+        if action != .refresh {
+            let (selector, represented) = self.selector(for: action)
+            item.action = selector
+            item.target = self
+            item.representedObject = represented
+        }
+        return item
+    }
+
+    private func shortcutLabel(for shortcut: (key: String, modifiers: NSEvent.ModifierFlags)) -> String {
+        var label = ""
+        if shortcut.modifiers.contains(.control) {
+            label += "^"
+        }
+        if shortcut.modifiers.contains(.option) {
+            label += "⌥"
+        }
+        if shortcut.modifiers.contains(.shift) {
+            label += "⇧"
+        }
+        if shortcut.modifiers.contains(.command) {
+            label += "⌘"
+        }
+        label += shortcut.key.uppercased()
+        return label
+    }
+
+    private func makeWrappedSecondaryTextItem(text: String, width: CGFloat) -> NSMenuItem {
+        let item = NSMenuItem(title: "", action: nil, keyEquivalent: "")
+        let view = self.makeWrappedSecondaryTextView(text: text)
+        let height = self.menuTextItemHeight(for: view, width: width)
+        view.frame = NSRect(origin: .zero, size: NSSize(width: width, height: height))
+        item.view = view
+        item.isEnabled = false
+        item.toolTip = text
+        return item
+    }
+
+    private func makeWrappedSecondaryTextView(text: String) -> NSView {
+        let container = NSView()
+        container.translatesAutoresizingMaskIntoConstraints = false
+
+        let textField = NSTextField(wrappingLabelWithString: text)
+        textField.font = NSFont.menuFont(ofSize: NSFont.smallSystemFontSize)
+        textField.textColor = NSColor.secondaryLabelColor
+        textField.lineBreakMode = .byWordWrapping
+        textField.maximumNumberOfLines = 0
+        textField.setContentCompressionResistancePriority(.defaultLow, for: .horizontal)
+        textField.translatesAutoresizingMaskIntoConstraints = false
+
+        container.addSubview(textField)
+        NSLayoutConstraint.activate([
+            textField.leadingAnchor.constraint(equalTo: container.leadingAnchor, constant: 18),
+            textField.trailingAnchor.constraint(equalTo: container.trailingAnchor, constant: -10),
+            textField.topAnchor.constraint(equalTo: container.topAnchor, constant: 2),
+            textField.bottomAnchor.constraint(equalTo: container.bottomAnchor, constant: -2),
+        ])
+
+        return container
+    }
+
+    private func menuTextItemHeight(for view: NSView, width: CGFloat) -> CGFloat {
+        view.frame = NSRect(origin: .zero, size: NSSize(width: width, height: 1))
+        view.layoutSubtreeIfNeeded()
+        return max(1, ceil(view.fittingSize.height))
+    }
+
     func makeMenu(for provider: UsageProvider?) -> NSMenu {
-        let menu = NSMenu()
-        menu.autoenablesItems = false
-        menu.delegate = self
+        let menu = self.makeBaseMenu()
         if let provider {
             self.menuProviders[ObjectIdentifier(menu)] = provider
         }
         return menu
     }
 
+    private func makeBaseMenu() -> NSMenu {
+        let menu = StatusItemMenu()
+        menu.autoenablesItems = false
+        menu.delegate = self
+        menu.persistentActionDelegate = self
+        return menu
+    }
+
     private func makeProviderSwitcherItem(
         providers: [UsageProvider],
         includesOverview: Bool,
         selected: ProviderSwitcherSelection,
-        menu: NSMenu) -> NSMenuItem
+        menu: NSMenu,
+        width: CGFloat) -> NSMenuItem
     {
         let view = ProviderSwitcherView(
             providers: providers,
             selected: selected,
             includesOverview: includesOverview,
-            width: self.menuCardWidth(for: providers, menu: menu),
+            width: width,
             showsIcons: self.settings.switcherShowsIcons,
             iconProvider: { [weak self] provider in
                 self?.switcherIcon(for: provider) ?? NSImage()
@@ -571,22 +945,24 @@ extension StatusItemController {
             },
             onSelect: { [weak self, weak menu] selection in
                 guard let self, let menu else { return }
+                let provider: UsageProvider?
                 switch selection {
                 case .overview:
                     self.settings.mergedMenuLastSelectedWasOverview = true
-                    self.lastMergedSwitcherSelection = .overview
-                    let provider = self.resolvedMenuProvider()
+                    provider = self.resolvedMenuProvider()
+                case let .provider(selectedProvider):
+                    self.settings.mergedMenuLastSelectedWasOverview = false
+                    self.selectedMenuProvider = selectedProvider
+                    provider = selectedProvider
+                }
+                switch selection {
+                case .overview:
                     self.lastMenuProvider = provider ?? .codex
-                    self.populateMenu(menu, provider: provider)
                 case let .provider(provider):
-                    self.settings.mergedMenuLastSelectedWasOverview = false
-                    self.lastMergedSwitcherSelection = .provider(provider)
-                    self.selectedMenuProvider = provider
                     self.lastMenuProvider = provider
-                    self.populateMenu(menu, provider: provider)
                 }
-                self.markMenuFresh(menu)
-                self.applyIcon(phase: nil)
+                self.lastMergedSwitcherSelection = selection
+                self.deferSwitcherMenuRebuildIfStillVisible(menu, provider: provider)
             })
         let item = NSMenuItem()
         item.view = view
@@ -596,23 +972,26 @@ extension StatusItemController {
 
     private func makeTokenAccountSwitcherItem(
         display: TokenAccountMenuDisplay,
-        menu: NSMenu) -> NSMenuItem
+        menu: NSMenu,
+        width: CGFloat) -> NSMenuItem
     {
         let view = TokenAccountSwitcherView(
             accounts: display.accounts,
             selectedIndex: display.activeIndex,
-            width: self.menuCardWidth(for: self.store.enabledProviders(), menu: menu),
-            onSelect: { [weak self, weak menu] index in
-                guard let self, let menu else { return }
+            width: width,
+            onSelect: { [weak self, weak menu] index -> Task<Void, Never>? in
+                guard let self, let menu else { return nil }
                 self.settings.setActiveTokenAccountIndex(index, for: display.provider)
-                Task { @MainActor in
+                self.applyIcon(phase: nil)
+                self.deferSwitcherMenuRebuildIfStillVisible(menu, provider: display.provider)
+                return Task { @MainActor [weak self, weak menu] in
+                    guard let self else { return }
                     await ProviderInteractionContext.$current.withValue(.userInitiated) {
-                        await self.store.refresh()
+                        await self.store.refreshProvider(display.provider)
                     }
+                    guard let menu else { return }
+                    self.refreshOpenMenuIfStillVisible(menu, provider: display.provider)
                 }
-                self.populateMenu(menu, provider: display.provider)
-                self.markMenuFresh(menu)
-                self.applyIcon(phase: nil)
             })
         let item = NSMenuItem()
         item.view = view
@@ -620,13 +999,58 @@ extension StatusItemController {
         return item
     }
 
+    private func makeCodexAccountSwitcherItem(
+        display: CodexAccountMenuDisplay,
+        menu: NSMenu,
+        width: CGFloat) -> NSMenuItem
+    {
+        let view = CodexAccountSwitcherView(
+            accounts: display.accounts,
+            selectedAccountID: display.activeVisibleAccountID,
+            width: width,
+            onSelect: { [weak self, weak menu] account in
+                guard let self else { return }
+                self.handleCodexVisibleAccountSelection(account, menu: menu)
+            })
+        let item = NSMenuItem()
+        item.view = view
+        item.isEnabled = false
+        return item
+    }
+
+    @discardableResult
+    private func handleCodexVisibleAccountSelection(_ account: CodexVisibleAccount, menu: NSMenu?) -> Bool {
+        let visibleAccountID = account.id
+        self.settings.selectDisplayedCodexVisibleAccount(account)
+        if self.store.prepareCodexAccountScopedRefreshIfNeeded(), let menu {
+            self.deferSwitcherMenuRebuildIfStillVisible(menu, provider: .codex)
+        }
+        Task { @MainActor in
+            await ProviderInteractionContext.$current.withValue(.userInitiated) {
+                await self.store.refreshCodexAccountScopedState(
+                    allowDisabled: true,
+                    phaseDidChange: { [weak self, weak menu] _ in
+                        guard let self, let menu else { return }
+                        guard self.settings.codexVisibleAccountProjection.activeVisibleAccountID == visibleAccountID
+                        else {
+                            return
+                        }
+                        self.refreshOpenMenuIfStillVisible(menu, provider: .codex)
+                    })
+            }
+        }
+        return true
+    }
+
     private func resolvedMenuProvider(enabledProviders: [UsageProvider]? = nil) -> UsageProvider? {
-        let enabled = enabledProviders ?? self.store.enabledProviders()
+        let enabled = enabledProviders ?? self.store.enabledProvidersForDisplay()
         if enabled.isEmpty { return .codex }
         if let selected = self.selectedMenuProvider, enabled.contains(selected) {
             return selected
         }
-        return enabled.first
+        // Prefer an available provider so the default menu content matches the status icon.
+        // Falls back to first display provider when all lack credentials.
+        return enabled.first(where: { self.store.isProviderAvailable($0) }) ?? enabled.first
     }
 
     private func includesOverviewTab(enabledProviders: [UsageProvider]) -> Bool {
@@ -645,59 +1069,17 @@ extension StatusItemController {
         return .provider(self.resolvedMenuProvider(enabledProviders: enabledProviders) ?? .codex)
     }
 
-    private func tokenAccountMenuDisplay(for provider: UsageProvider) -> TokenAccountMenuDisplay? {
-        guard TokenAccountSupportCatalog.support(for: provider) != nil else { return nil }
-        let accounts = self.settings.tokenAccounts(for: provider)
-        guard accounts.count > 1 else { return nil }
-        let activeIndex = self.settings.tokenAccountsData(for: provider)?.clampedActiveIndex() ?? 0
-        let showAll = self.settings.showAllTokenAccountsInMenu
-        let snapshots = showAll ? (self.store.accountSnapshots[provider] ?? []) : []
-        return TokenAccountMenuDisplay(
-            provider: provider,
-            accounts: accounts,
-            snapshots: snapshots,
-            activeIndex: activeIndex,
-            showAll: showAll,
-            showSwitcher: !showAll)
-    }
-
-    private func menuNeedsRefresh(_ menu: NSMenu) -> Bool {
+    func menuNeedsRefresh(_ menu: NSMenu) -> Bool {
         let key = ObjectIdentifier(menu)
         return self.menuVersions[key] != self.menuContentVersion
     }
 
-    private func markMenuFresh(_ menu: NSMenu) {
+    func markMenuFresh(_ menu: NSMenu) {
         let key = ObjectIdentifier(menu)
         self.menuVersions[key] = self.menuContentVersion
     }
 
-    func refreshOpenMenusIfNeeded() {
-        guard !self.openMenus.isEmpty else { return }
-        for (key, menu) in self.openMenus {
-            guard key == ObjectIdentifier(menu) else {
-                // Clean up orphaned menu entries from all tracking dictionaries
-                self.openMenus.removeValue(forKey: key)
-                self.menuRefreshTasks.removeValue(forKey: key)?.cancel()
-                self.menuProviders.removeValue(forKey: key)
-                self.menuVersions.removeValue(forKey: key)
-                continue
-            }
-
-            if self.isHostedSubviewMenu(menu) {
-                self.refreshHostedSubviewHeights(in: menu)
-                continue
-            }
-
-            if self.menuNeedsRefresh(menu) {
-                let provider = self.menuProvider(for: menu)
-                self.populateMenu(menu, provider: provider)
-                self.markMenuFresh(menu)
-                // Heights are already set during populateMenu, no need to remeasure
-            }
-        }
-    }
-
-    private func menuProvider(for menu: NSMenu) -> UsageProvider? {
+    func menuProvider(for menu: NSMenu) -> UsageProvider? {
         if self.shouldMergeIcons {
             return self.resolvedMenuProvider()
         }
@@ -707,14 +1089,33 @@ extension StatusItemController {
         if menu === self.fallbackMenu {
             return nil
         }
-        return self.store.enabledProviders().first ?? .codex
+        return self.store.enabledProvidersForDisplay().first ?? .codex
+    }
+
+    func hasOpenHostedSubviewMenu() -> Bool {
+        self.openMenus.values.contains { self.isHostedSubviewMenu($0) }
+    }
+
+    func refreshOpenMenuIfStillVisible(_ menu: NSMenu, provider: UsageProvider?) {
+        self.scheduleOpenMenuRebuildIfStillVisible(menu, provider: provider)
+    }
+
+    func rebuildOpenMenuIfStillVisible(_ menu: NSMenu, provider: UsageProvider?) {
+        guard self.openMenus[ObjectIdentifier(menu)] != nil else { return }
+        guard self.isHostedSubviewMenu(menu) || !self.hasOpenHostedSubviewMenu() else { return }
+        self.populateMenu(menu, provider: provider)
+        self.markMenuFresh(menu)
+        self.applyIcon(phase: nil)
+        #if DEBUG
+        self._test_openMenuRebuildObserver?(menu)
+        #endif
     }
 
     private func scheduleOpenMenuRefresh(for menu: NSMenu) {
-        // Kick off a user-initiated refresh on open (non-forced) and re-check after a delay.
+        // Kick off a refresh on open (non-forced) and re-check after a delay.
         // NEVER block menu opening with network requests.
         if !self.store.isRefreshing {
-            self.refreshStore(forceTokenUsage: false)
+            self.refreshStore(forceTokenUsage: false, refreshOpenMenusWhenComplete: false)
         }
         let key = ObjectIdentifier(menu)
         self.menuRefreshTasks[key]?.cancel()
@@ -722,10 +1123,18 @@ extension StatusItemController {
             guard let self, let menu else { return }
             try? await Task.sleep(for: Self.menuOpenRefreshDelay)
             guard !Task.isCancelled else { return }
+            guard Self.menuRefreshEnabled else { return }
+            #if DEBUG
+            self.onDelayedMenuRefreshAttemptForTesting?()
+            #endif
             guard self.openMenus[ObjectIdentifier(menu)] != nil else { return }
             guard !self.store.isRefreshing else { return }
-            guard self.menuNeedsDelayedRefreshRetry(for: menu) else { return }
-            self.refreshStore(forceTokenUsage: false)
+            let retryProviders = self.delayedRefreshRetryProviders(for: menu)
+            let retryStaleProviderCount = retryProviders.count { self.store.isStale(provider: $0) }
+            let retryMissingSnapshotCount = retryProviders.count { self.store.snapshot(for: $0) == nil }
+            let willRetryRefresh = retryStaleProviderCount > 0 || retryMissingSnapshotCount > 0
+            guard willRetryRefresh else { return }
+            self.refreshStore(forceTokenUsage: false, refreshOpenMenusWhenComplete: false)
         }
     }
 
@@ -738,7 +1147,7 @@ extension StatusItemController {
     }
 
     private func delayedRefreshRetryProviders(for menu: NSMenu) -> [UsageProvider] {
-        let enabledProviders = self.store.enabledProviders()
+        let enabledProviders = self.store.enabledProvidersForDisplay()
         guard !enabledProviders.isEmpty else { return [] }
         let includesOverview = self.includesOverviewTab(enabledProviders: enabledProviders)
 
@@ -769,7 +1178,7 @@ extension StatusItemController {
         }
         for item in cardItems {
             guard let view = item.view else { continue }
-            let width = self.menuCardWidth(for: self.store.enabledProviders(), menu: menu)
+            let width = self.renderedMenuWidth(for: menu)
             let height = self.menuCardHeight(for: view, width: width)
             view.frame = NSRect(
                 origin: .zero,
@@ -777,11 +1186,13 @@ extension StatusItemController {
         }
     }
 
-    private func makeMenuCardItem(
+    func makeMenuCardItem(
         _ view: some View,
         id: String,
         width: CGFloat,
         submenu: NSMenu? = nil,
+        submenuIndicatorAlignment: Alignment = .topTrailing,
+        submenuIndicatorTopPadding: CGFloat = 8,
         onClick: (() -> Void)? = nil) -> NSMenuItem
     {
         if !Self.menuCardRenderingEnabled {
@@ -799,7 +1210,9 @@ extension StatusItemController {
         let highlightState = MenuCardHighlightState()
         let wrapped = MenuCardSectionContainerView(
             highlightState: highlightState,
-            showsSubmenuIndicator: submenu != nil)
+            showsSubmenuIndicator: submenu != nil,
+            submenuIndicatorAlignment: submenuIndicatorAlignment,
+            submenuIndicatorTopPadding: submenuIndicatorTopPadding)
         {
             view
         }
@@ -844,39 +1257,46 @@ extension StatusItemController {
         width: CGFloat,
         webItems: OpenAIWebMenuItems)
     {
-        let hasUsageBlock = !model.metrics.isEmpty || model.placeholder != nil
+        let hasUsageBlock = model.hasUsageContent
         let hasCredits = model.creditsText != nil
         let hasExtraUsage = model.providerCost != nil
         let hasCost = model.tokenUsage != nil
+        let hasStorage = self.store.storageFootprintText(for: provider) != nil
         let bottomPadding = CGFloat(hasCredits ? 4 : 6)
         let sectionSpacing = CGFloat(6)
         let usageBottomPadding = bottomPadding
         let creditsBottomPadding = bottomPadding
 
-        let headerView = UsageMenuCardHeaderSectionView(
-            model: model,
-            showDivider: hasUsageBlock,
-            width: width)
-        menu.addItem(self.makeMenuCardItem(headerView, id: "menuCardHeader", width: width))
-
         if hasUsageBlock {
-            let usageView = UsageMenuCardUsageSectionView(
+            let usageView = UsageMenuCardHeaderAndUsageSectionView(
                 model: model,
-                showBottomDivider: false,
                 bottomPadding: usageBottomPadding,
                 width: width)
             let usageSubmenu = self.makeUsageSubmenu(
                 provider: provider,
                 snapshot: self.store.snapshot(for: provider),
-                webItems: webItems)
+                webItems: webItems,
+                width: width)
             menu.addItem(self.makeMenuCardItem(
                 usageView,
                 id: "menuCardUsage",
                 width: width,
                 submenu: usageSubmenu))
+        } else {
+            let headerView = UsageMenuCardHeaderSectionView(
+                model: model,
+                showDivider: false,
+                width: width)
+            menu.addItem(self.makeMenuCardItem(headerView, id: "menuCardHeader", width: width))
         }
 
-        if hasCredits || hasExtraUsage || hasCost {
+        if hasStorage || hasCredits || hasExtraUsage || hasCost {
+            menu.addItem(.separator())
+        }
+
+        if self.addStorageMenuCardSection(to: menu, provider: provider, width: width),
+           hasCredits || hasExtraUsage || hasCost
+        {
             menu.addItem(.separator())
         }
 
@@ -890,13 +1310,13 @@ extension StatusItemController {
                 topPadding: sectionSpacing,
                 bottomPadding: creditsBottomPadding,
                 width: width)
-            let creditsSubmenu = webItems.hasCreditsHistory ? self.makeCreditsHistorySubmenu() : nil
+            let creditsSubmenu = webItems.hasCreditsHistory ? self.makeCreditsHistorySubmenu(width: width) : nil
             menu.addItem(self.makeMenuCardItem(
                 creditsView,
                 id: "menuCardCredits",
                 width: width,
                 submenu: creditsSubmenu))
-            if provider == .codex {
+            if webItems.canShowBuyCredits {
                 menu.addItem(self.makeBuyCreditsItem())
             }
         }
@@ -904,6 +1324,7 @@ extension StatusItemController {
             if hasCredits {
                 menu.addItem(.separator())
             }
+            let extraUsageSubmenu = self.makeOpenAIAPIUsageSubmenu(provider: provider, width: width)
             let extraUsageView = UsageMenuCardExtraUsageSectionView(
                 model: model,
                 topPadding: sectionSpacing,
@@ -912,26 +1333,36 @@ extension StatusItemController {
             menu.addItem(self.makeMenuCardItem(
                 extraUsageView,
                 id: "menuCardExtraUsage",
-                width: width))
+                width: width,
+                submenu: extraUsageSubmenu))
         }
         if hasCost {
             if hasCredits || hasExtraUsage {
                 menu.addItem(.separator())
             }
-            let costView = UsageMenuCardCostSectionView(
-                model: model,
-                topPadding: sectionSpacing,
-                bottomPadding: bottomPadding,
-                width: width)
-            let costSubmenu = webItems.hasCostHistory ? self.makeCostHistorySubmenu(provider: provider) : nil
-            menu.addItem(self.makeMenuCardItem(
-                costView,
-                id: "menuCardCost",
-                width: width,
-                submenu: costSubmenu))
+            let costSubmenu = webItems.hasCostHistory ? self
+                .makeCostHistorySubmenu(provider: provider, width: width) : nil
+            menu.addItem(self.makeCostMenuCardItem(model: model, submenu: costSubmenu))
         }
     }
 
+    @discardableResult
+    func addStorageMenuCardSection(to menu: NSMenu, provider: UsageProvider, width: CGFloat) -> Bool {
+        guard let storageText = self.store.storageFootprintText(for: provider) else { return false }
+        let storageView = StorageMenuCardSectionView(
+            storageText: storageText,
+            topPadding: 6,
+            bottomPadding: 6,
+            width: width)
+        let storageSubmenu = self.makeStorageBreakdownSubmenu(provider: provider, width: width)
+        menu.addItem(self.makeMenuCardItem(
+            storageView,
+            id: "menuCardStorage",
+            width: width,
+            submenu: storageSubmenu))
+        return true
+    }
+
     private func switcherIcon(for provider: UsageProvider) -> NSImage {
         if let brand = ProviderBrandIcon.image(for: provider) {
             return brand
@@ -940,8 +1371,15 @@ extension StatusItemController {
         // Fallback to the dynamic icon renderer if resources are missing (e.g. dev bundle mismatch).
         let snapshot = self.store.snapshot(for: provider)
         let showUsed = self.settings.usageBarsShowUsed
-        let primary = showUsed ? snapshot?.primary?.usedPercent : snapshot?.primary?.remainingPercent
-        var weekly = showUsed ? snapshot?.secondary?.usedPercent : snapshot?.secondary?.remainingPercent
+        let style = self.store.style(for: provider)
+        let resolved = snapshot.map {
+            IconRemainingResolver.resolvedPercents(
+                snapshot: $0,
+                style: style,
+                showUsed: showUsed)
+        }
+        let primary = resolved?.primary
+        var weekly = resolved?.secondary
         if showUsed,
            provider == .warp,
            let remaining = snapshot?.secondary?.remainingPercent,
@@ -959,9 +1397,17 @@ extension StatusItemController {
             // In show-used mode, `0` means "unused", not "missing". Keep the weekly lane present.
             weekly = 0.0001
         }
-        let credits = provider == .codex ? self.store.credits?.remaining : nil
+        let creditsProjection = self.store.codexConsumerProjectionIfNeeded(
+            for: provider,
+            surface: .menuBar,
+            snapshotOverride: snapshot,
+            now: snapshot?.updatedAt ?? Date())
+        let credits = creditsProjection?.menuBarFallback == .creditsBalance
+            ? self.store.codexMenuBarCreditsRemaining(
+                snapshotOverride: snapshot,
+                now: snapshot?.updatedAt ?? Date())
+            : nil
         let stale = self.store.isStale(provider: provider)
-        let style = self.store.style(for: provider)
         let indicator = self.store.statusIndicator(for: provider)
         let image = IconRenderer.makeIcon(
             primaryRemaining: primary,
@@ -977,161 +1423,11 @@ extension StatusItemController {
         return image
     }
 
-    nonisolated static func switcherWeeklyMetricPercent(
-        for provider: UsageProvider,
-        snapshot: UsageSnapshot?,
-        showUsed: Bool) -> Double?
-    {
-        let window = snapshot?.switcherWeeklyWindow(for: provider, showUsed: showUsed)
-        guard let window else { return nil }
-        return showUsed ? window.usedPercent : window.remainingPercent
-    }
-
-    private func switcherWeeklyRemaining(for provider: UsageProvider) -> Double? {
-        Self.switcherWeeklyMetricPercent(
-            for: provider,
-            snapshot: self.store.snapshot(for: provider),
-            showUsed: self.settings.usageBarsShowUsed)
-    }
-
-    private func selector(for action: MenuDescriptor.MenuAction) -> (Selector, Any?) {
-        switch action {
-        case .installUpdate: (#selector(self.installUpdate), nil)
-        case .refresh: (#selector(self.refreshNow), nil)
-        case .refreshAugmentSession: (#selector(self.refreshAugmentSession), nil)
-        case .dashboard: (#selector(self.openDashboard), nil)
-        case .statusPage: (#selector(self.openStatusPage), nil)
-        case let .switchAccount(provider): (#selector(self.runSwitchAccount(_:)), provider.rawValue)
-        case let .openTerminal(command): (#selector(self.openTerminalCommand(_:)), command)
-        case let .loginToProvider(url): (#selector(self.openLoginToProvider(_:)), url)
-        case .settings: (#selector(self.showSettingsGeneral), nil)
-        case .about: (#selector(self.showSettingsAbout), nil)
-        case .quit: (#selector(self.quit), nil)
-        case let .copyError(message): (#selector(self.copyError(_:)), message)
-        }
-    }
-
-    @MainActor
-    private protocol MenuCardHighlighting: AnyObject {
-        func setHighlighted(_ highlighted: Bool)
-    }
-
-    @MainActor
-    private protocol MenuCardMeasuring: AnyObject {
-        func measuredHeight(width: CGFloat) -> CGFloat
-    }
-
-    @MainActor
-    @Observable
-    fileprivate final class MenuCardHighlightState {
-        var isHighlighted = false
-    }
-
-    private final class MenuHostingView<Content: View>: NSHostingView<Content> {
-        override var allowsVibrancy: Bool {
-            true
-        }
-    }
-
-    @MainActor
-    private final class MenuCardItemHostingView<Content: View>: NSHostingView<Content>, MenuCardHighlighting,
-    MenuCardMeasuring {
-        private let highlightState: MenuCardHighlightState
-        private let onClick: (() -> Void)?
-        override var allowsVibrancy: Bool {
-            true
-        }
-
-        override var intrinsicContentSize: NSSize {
-            let size = super.intrinsicContentSize
-            guard self.frame.width > 0 else { return size }
-            return NSSize(width: self.frame.width, height: size.height)
-        }
-
-        init(rootView: Content, highlightState: MenuCardHighlightState, onClick: (() -> Void)? = nil) {
-            self.highlightState = highlightState
-            self.onClick = onClick
-            super.init(rootView: rootView)
-            if onClick != nil {
-                let recognizer = NSClickGestureRecognizer(target: self, action: #selector(self.handlePrimaryClick(_:)))
-                recognizer.buttonMask = 0x1
-                self.addGestureRecognizer(recognizer)
-            }
-        }
-
-        required init(rootView: Content) {
-            self.highlightState = MenuCardHighlightState()
-            self.onClick = nil
-            super.init(rootView: rootView)
-        }
-
-        @available(*, unavailable)
-        required init?(coder: NSCoder) {
-            fatalError("init(coder:) has not been implemented")
-        }
-
-        override func acceptsFirstMouse(for event: NSEvent?) -> Bool {
-            true
-        }
-
-        @objc private func handlePrimaryClick(_ recognizer: NSClickGestureRecognizer) {
-            guard recognizer.state == .ended else { return }
-            self.onClick?()
-        }
-
-        func measuredHeight(width: CGFloat) -> CGFloat {
-            let controller = NSHostingController(rootView: self.rootView)
-            let measured = controller.sizeThatFits(in: CGSize(width: width, height: .greatestFiniteMagnitude))
-            return measured.height
-        }
-
-        func setHighlighted(_ highlighted: Bool) {
-            guard self.highlightState.isHighlighted != highlighted else { return }
-            self.highlightState.isHighlighted = highlighted
-        }
-    }
-
-    private struct MenuCardSectionContainerView<Content: View>: View {
-        @Bindable var highlightState: MenuCardHighlightState
-        let showsSubmenuIndicator: Bool
-        let content: Content
-
-        init(
-            highlightState: MenuCardHighlightState,
-            showsSubmenuIndicator: Bool,
-            @ViewBuilder content: () -> Content)
-        {
-            self.highlightState = highlightState
-            self.showsSubmenuIndicator = showsSubmenuIndicator
-            self.content = content()
-        }
-
-        var body: some View {
-            self.content
-                .environment(\.menuItemHighlighted, self.highlightState.isHighlighted)
-                .foregroundStyle(MenuHighlightStyle.primary(self.highlightState.isHighlighted))
-                .background(alignment: .topLeading) {
-                    if self.highlightState.isHighlighted {
-                        RoundedRectangle(cornerRadius: 6, style: .continuous)
-                            .fill(MenuHighlightStyle.selectionBackground(true))
-                            .padding(.horizontal, 6)
-                            .padding(.vertical, 2)
-                    }
-                }
-                .overlay(alignment: .topTrailing) {
-                    if self.showsSubmenuIndicator {
-                        Image(systemName: "chevron.right")
-                            .font(.caption2.weight(.semibold))
-                            .foregroundStyle(MenuHighlightStyle.secondary(self.highlightState.isHighlighted))
-                            .padding(.top, 8)
-                            .padding(.trailing, 10)
-                    }
-                }
-        }
-    }
-
     private func makeBuyCreditsItem() -> NSMenuItem {
-        let item = NSMenuItem(title: "Buy Credits...", action: #selector(self.openCreditsPurchase), keyEquivalent: "")
+        let item = NSMenuItem(
+            title: L("Buy Credits..."),
+            action: #selector(self.openCreditsPurchase),
+            keyEquivalent: "")
         item.target = self
         if let image = NSImage(systemSymbolName: "plus.circle", accessibilityDescription: nil) {
             image.isTemplate = true
@@ -1143,8 +1439,9 @@ extension StatusItemController {
 
     @discardableResult
     private func addCreditsHistorySubmenu(to menu: NSMenu) -> Bool {
-        guard let submenu = self.makeCreditsHistorySubmenu() else { return false }
-        let item = NSMenuItem(title: "Credits history", action: nil, keyEquivalent: "")
+        guard let submenu = self.makeCreditsHistorySubmenu(width: self.renderedMenuWidth(for: menu))
+        else { return false }
+        let item = NSMenuItem(title: L("Credits history"), action: nil, keyEquivalent: "")
         item.isEnabled = true
         item.submenu = submenu
         menu.addItem(item)
@@ -1153,8 +1450,9 @@ extension StatusItemController {
 
     @discardableResult
     private func addUsageBreakdownSubmenu(to menu: NSMenu) -> Bool {
-        guard let submenu = self.makeUsageBreakdownSubmenu() else { return false }
-        let item = NSMenuItem(title: "Usage breakdown", action: nil, keyEquivalent: "")
+        guard let submenu = self.makeUsageBreakdownSubmenu(width: self.renderedMenuWidth(for: menu))
+        else { return false }
+        let item = NSMenuItem(title: L("Usage breakdown"), action: nil, keyEquivalent: "")
         item.isEnabled = true
         item.submenu = submenu
         menu.addItem(item)
@@ -1163,8 +1461,11 @@ extension StatusItemController {
 
     @discardableResult
     private func addCostHistorySubmenu(to menu: NSMenu, provider: UsageProvider) -> Bool {
-        guard let submenu = self.makeCostHistorySubmenu(provider: provider) else { return false }
-        let item = NSMenuItem(title: "Usage history (30 days)", action: nil, keyEquivalent: "")
+        guard let submenu = self.makeCostHistorySubmenu(provider: provider, width: self.renderedMenuWidth(for: menu))
+        else { return false }
+        let days = self.store.settings.costUsageHistoryDays
+        let title = days == 1 ? L("Usage history (today)") : String(format: L("Usage history (%d days)"), days)
+        let item = NSMenuItem(title: title, action: nil, keyEquivalent: "")
         item.isEnabled = true
         item.submenu = submenu
         menu.addItem(item)
@@ -1174,10 +1475,14 @@ extension StatusItemController {
     private func makeUsageSubmenu(
         provider: UsageProvider,
         snapshot: UsageSnapshot?,
-        webItems: OpenAIWebMenuItems) -> NSMenu?
+        webItems: OpenAIWebMenuItems,
+        width: CGFloat? = nil) -> NSMenu?
     {
-        if provider == .codex, webItems.hasUsageBreakdown {
-            return self.makeUsageBreakdownSubmenu()
+        if webItems.hasUsageBreakdown {
+            return self.makeUsageBreakdownSubmenu(width: width)
+        }
+        if provider == .openai {
+            return self.makeOpenAIAPIUsageSubmenu(provider: provider, width: width)
         }
         if provider == .zai {
             return self.makeZaiUsageDetailsSubmenu(snapshot: snapshot)
@@ -1185,18 +1490,18 @@ extension StatusItemController {
         return nil
     }
 
-    private func makeZaiUsageDetailsSubmenu(snapshot: UsageSnapshot?) -> NSMenu? {
+    func makeZaiUsageDetailsSubmenu(snapshot: UsageSnapshot?) -> NSMenu? {
         guard let timeLimit = snapshot?.zaiUsage?.timeLimit else { return nil }
         guard !timeLimit.usageDetails.isEmpty else { return nil }
 
         let submenu = NSMenu()
         submenu.delegate = self
-        let titleItem = NSMenuItem(title: "MCP details", action: nil, keyEquivalent: "")
+        let titleItem = NSMenuItem(title: L("MCP details"), action: nil, keyEquivalent: "")
         titleItem.isEnabled = false
         submenu.addItem(titleItem)
 
         if let window = timeLimit.windowLabel {
-            let item = NSMenuItem(title: "Window: \(window)", action: nil, keyEquivalent: "")
+            let item = NSMenuItem(title: String(format: L("mcp_window"), window), action: nil, keyEquivalent: "")
             item.isEnabled = false
             submenu.addItem(item)
         }
@@ -1204,7 +1509,7 @@ extension StatusItemController {
             let reset = self.settings.resetTimeDisplayStyle == .absolute
                 ? UsageFormatter.resetDescription(from: resetTime)
                 : UsageFormatter.resetCountdownDescription(from: resetTime)
-            let item = NSMenuItem(title: "Resets: \(reset)", action: nil, keyEquivalent: "")
+            let item = NSMenuItem(title: String(format: L("mcp_resets"), reset), action: nil, keyEquivalent: "")
             item.isEnabled = false
             submenu.addItem(item)
         }
@@ -1215,186 +1520,79 @@ extension StatusItemController {
         }
         for detail in sortedDetails {
             let usage = UsageFormatter.tokenCountString(detail.usage)
-            let item = NSMenuItem(title: "\(detail.modelCode): \(usage)", action: nil, keyEquivalent: "")
+            let item = NSMenuItem(
+                title: String(format: L("mcp_model_usage"), detail.modelCode, usage),
+                action: nil,
+                keyEquivalent: "")
             submenu.addItem(item)
         }
         return submenu
     }
 
-    private func makeUsageBreakdownSubmenu() -> NSMenu? {
-        let breakdown = self.store.openAIDashboard?.usageBreakdown ?? []
-        let width = Self.menuCardBaseWidth
+    private func makeUsageBreakdownSubmenu(width: CGFloat? = nil) -> NSMenu? {
+        let breakdown = OpenAIDashboardDailyBreakdown.removingSkillUsageServices(
+            from: self.store.openAIDashboard?.usageBreakdown ?? [])
         guard !breakdown.isEmpty else { return nil }
-
-        if !Self.menuCardRenderingEnabled {
-            let submenu = NSMenu()
-            submenu.delegate = self
-            let chartItem = NSMenuItem()
-            chartItem.isEnabled = false
-            chartItem.representedObject = "usageBreakdownChart"
-            submenu.addItem(chartItem)
-            return submenu
+        if let width {
+            return self.makeHostedSubviewPlaceholderMenu(chartID: Self.usageBreakdownChartID, width: width)
         }
-
-        let submenu = NSMenu()
-        submenu.delegate = self
-        let chartView = UsageBreakdownChartMenuView(breakdown: breakdown, width: width)
-        let hosting = MenuHostingView(rootView: chartView)
-        // Use NSHostingController for efficient size calculation without multiple layout passes
-        let controller = NSHostingController(rootView: chartView)
-        let size = controller.sizeThatFits(in: CGSize(width: width, height: .greatestFiniteMagnitude))
-        hosting.frame = NSRect(origin: .zero, size: NSSize(width: width, height: size.height))
-
-        let chartItem = NSMenuItem()
-        chartItem.view = hosting
-        chartItem.isEnabled = false
-        chartItem.representedObject = "usageBreakdownChart"
-        submenu.addItem(chartItem)
-        return submenu
+        return self.makeHostedSubviewPlaceholderMenu(chartID: Self.usageBreakdownChartID)
     }
 
-    private func makeCreditsHistorySubmenu() -> NSMenu? {
-        let breakdown = self.store.openAIDashboard?.dailyBreakdown ?? []
-        let width = Self.menuCardBaseWidth
-        guard !breakdown.isEmpty else { return nil }
-
-        if !Self.menuCardRenderingEnabled {
-            let submenu = NSMenu()
-            submenu.delegate = self
-            let chartItem = NSMenuItem()
-            chartItem.isEnabled = false
-            chartItem.representedObject = "creditsHistoryChart"
-            submenu.addItem(chartItem)
-            return submenu
+    private func makeCreditsHistorySubmenu(width: CGFloat? = nil) -> NSMenu? {
+        guard !(self.store.openAIDashboard?.dailyBreakdown ?? []).isEmpty else { return nil }
+        if let width {
+            return self.makeHostedSubviewPlaceholderMenu(chartID: Self.creditsHistoryChartID, width: width)
         }
-
-        let submenu = NSMenu()
-        submenu.delegate = self
-        let chartView = CreditsHistoryChartMenuView(breakdown: breakdown, width: width)
-        let hosting = MenuHostingView(rootView: chartView)
-        // Use NSHostingController for efficient size calculation without multiple layout passes
-        let controller = NSHostingController(rootView: chartView)
-        let size = controller.sizeThatFits(in: CGSize(width: width, height: .greatestFiniteMagnitude))
-        hosting.frame = NSRect(origin: .zero, size: NSSize(width: width, height: size.height))
-
-        let chartItem = NSMenuItem()
-        chartItem.view = hosting
-        chartItem.isEnabled = false
-        chartItem.representedObject = "creditsHistoryChart"
-        submenu.addItem(chartItem)
-        return submenu
+        return self.makeHostedSubviewPlaceholderMenu(chartID: Self.creditsHistoryChartID)
     }
 
-    private func makeCostHistorySubmenu(provider: UsageProvider) -> NSMenu? {
-        guard provider == .codex || provider == .claude || provider == .vertexai else { return nil }
-        let width = Self.menuCardBaseWidth
-        guard let tokenSnapshot = self.store.tokenSnapshot(for: provider) else { return nil }
-        guard !tokenSnapshot.daily.isEmpty else { return nil }
-
-        if !Self.menuCardRenderingEnabled {
-            let submenu = NSMenu()
-            submenu.delegate = self
-            let chartItem = NSMenuItem()
-            chartItem.isEnabled = false
-            chartItem.representedObject = "costHistoryChart"
-            submenu.addItem(chartItem)
-            return submenu
+    func makeCostHistorySubmenu(provider: UsageProvider, width: CGFloat? = nil) -> NSMenu? {
+        guard ProviderDescriptorRegistry.descriptor(for: provider).tokenCost.supportsTokenCost else { return nil }
+        guard self.tokenSnapshotForCostHistorySubmenu(provider: provider)?.daily.isEmpty == false else { return nil }
+        if let width {
+            return self.makeHostedSubviewPlaceholderMenu(
+                chartID: Self.costHistoryChartID,
+                provider: provider,
+                width: width)
         }
-
-        let submenu = NSMenu()
-        submenu.delegate = self
-        let chartView = CostHistoryChartMenuView(
-            provider: provider,
-            daily: tokenSnapshot.daily,
-            totalCostUSD: tokenSnapshot.last30DaysCostUSD,
-            width: width)
-        let hosting = MenuHostingView(rootView: chartView)
-        // Use NSHostingController for efficient size calculation without multiple layout passes
-        let controller = NSHostingController(rootView: chartView)
-        let size = controller.sizeThatFits(in: CGSize(width: width, height: .greatestFiniteMagnitude))
-        hosting.frame = NSRect(origin: .zero, size: NSSize(width: width, height: size.height))
-
-        let chartItem = NSMenuItem()
-        chartItem.view = hosting
-        chartItem.isEnabled = false
-        chartItem.representedObject = "costHistoryChart"
-        submenu.addItem(chartItem)
-        return submenu
+        return self.makeHostedSubviewPlaceholderMenu(chartID: Self.costHistoryChartID, provider: provider)
     }
 
-    @discardableResult
-    private func addWeeklyProjectionSubmenu(to menu: NSMenu, provider: UsageProvider) -> Bool {
-        guard let submenu = self.makeWeeklyProjectionSubmenu(provider: provider) else { return false }
-        let item = NSMenuItem(title: "Weekly projection", action: nil, keyEquivalent: "")
-        item.isEnabled = true
-        item.submenu = submenu
-        menu.addItem(item)
-        return true
+    func tokenSnapshotForCostHistorySubmenu(provider: UsageProvider) -> CostUsageTokenSnapshot? {
+        let projected = self.store.tokenSnapshot(
+            fromProviderSnapshot: self.store.snapshot(for: provider),
+            provider: provider)
+        if UsageStore.tokenCostRequiresProviderSnapshot(provider) {
+            return projected
+        }
+        return projected ?? self.store.tokenSnapshot(for: provider)
     }
 
-    private func makeWeeklyProjectionSubmenu(provider: UsageProvider) -> NSMenu? {
-        let width = Self.menuCardBaseWidth
-        let report = WeeklyUsageHistoryStore.load(provider: provider)
-        guard let report else { return nil }
-
-        let now = Date()
-        let currentWeek = report.currentWeek(now: now)
-        let previousWeek = report.previousWeek(now: now)
-
-        // Need at least some data to show the chart
-        guard !currentWeek.isEmpty || !previousWeek.isEmpty else { return nil }
-
-        let projection = WeeklyProjection.compute(
-            currentWeek: currentWeek,
-            previousWeek: previousWeek,
-            now: now)
-
-        if !Self.menuCardRenderingEnabled {
-            let submenu = NSMenu()
-            submenu.delegate = self
-            let chartItem = NSMenuItem()
-            chartItem.isEnabled = false
-            chartItem.representedObject = "weeklyProjectionChart"
-            submenu.addItem(chartItem)
-            return submenu
-        }
+    func makeOpenAIAPIUsageSubmenu(provider: UsageProvider, width: CGFloat? = nil) -> NSMenu? {
+        guard self.hasOpenAIAPIUsageSubmenu(provider: provider) else { return nil }
+        return self.makeCostHistorySubmenu(provider: provider, width: width)
+    }
 
-        let submenu = NSMenu()
-        submenu.delegate = self
-        let chartView = WeeklyProjectionChartMenuView(
-            provider: provider,
-            projection: projection,
-            width: width)
-        let hosting = MenuHostingView(rootView: chartView)
-        let controller = NSHostingController(rootView: chartView)
-        let size = controller.sizeThatFits(in: CGSize(width: width, height: .greatestFiniteMagnitude))
-        hosting.frame = NSRect(origin: .zero, size: NSSize(width: width, height: size.height))
-
-        let chartItem = NSMenuItem()
-        chartItem.view = hosting
-        chartItem.isEnabled = false
-        chartItem.representedObject = "weeklyProjectionChart"
-        submenu.addItem(chartItem)
-        return submenu
+    private func hasOpenAIAPIUsageSubmenu(provider: UsageProvider) -> Bool {
+        provider == .openai && self.tokenSnapshotForCostHistorySubmenu(provider: provider)?.daily.isEmpty == false
     }
 
-    private func isHostedSubviewMenu(_ menu: NSMenu) -> Bool {
-        let ids: Set<String> = [
-            "usageBreakdownChart",
-            "creditsHistoryChart",
-            "costHistoryChart",
-            "weeklyProjectionChart",
-        ]
-        return menu.items.contains { item in
-            guard let id = item.representedObject as? String else { return false }
-            return ids.contains(id)
+    func makeStorageBreakdownSubmenu(provider: UsageProvider, width: CGFloat? = nil) -> NSMenu? {
+        guard self.store.storageFootprint(for: provider)?.components.isEmpty == false else { return nil }
+        if let width {
+            return self.makeHostedSubviewPlaceholderMenu(
+                chartID: Self.storageBreakdownID,
+                provider: provider,
+                width: width)
         }
+        return self.makeHostedSubviewPlaceholderMenu(chartID: Self.storageBreakdownID, provider: provider)
     }
 
     private func isOpenAIWebSubviewMenu(_ menu: NSMenu) -> Bool {
-        let ids: Set<String> = [
-            "usageBreakdownChart",
-            "creditsHistoryChart",
+        let ids: Set = [
+            Self.usageBreakdownChartID,
+            Self.creditsHistoryChartID,
         ]
         return menu.items.contains { item in
             guard let id = item.representedObject as? String else { return false }
@@ -1402,9 +1600,8 @@ extension StatusItemController {
         }
     }
 
-    private func refreshHostedSubviewHeights(in menu: NSMenu) {
-        let enabledProviders = self.store.enabledProviders()
-        let width = self.menuCardWidth(for: enabledProviders, menu: menu)
+    func refreshHostedSubviewHeights(in menu: NSMenu) {
+        let width = self.renderedMenuWidth(for: menu)
 
         for item in menu.items {
             guard let view = item.view else { continue }
@@ -1415,75 +1612,6 @@ extension StatusItemController {
         }
     }
 
-    private func menuCardModel(
-        for provider: UsageProvider?,
-        snapshotOverride: UsageSnapshot? = nil,
-        errorOverride: String? = nil) -> UsageMenuCardView.Model?
-    {
-        let target = provider ?? self.store.enabledProviders().first ?? .codex
-        let metadata = self.store.metadata(for: target)
-
-        let snapshot = snapshotOverride ?? self.store.snapshot(for: target)
-        let credits: CreditsSnapshot?
-        let creditsError: String?
-        let dashboard: OpenAIDashboardSnapshot?
-        let dashboardError: String?
-        let tokenSnapshot: CostUsageTokenSnapshot?
-        let tokenError: String?
-        if target == .codex, snapshotOverride == nil {
-            credits = self.store.credits
-            creditsError = self.store.lastCreditsError
-            dashboard = self.store.openAIDashboardRequiresLogin ? nil : self.store.openAIDashboard
-            dashboardError = self.store.lastOpenAIDashboardError
-            tokenSnapshot = self.store.tokenSnapshot(for: target)
-            tokenError = self.store.tokenError(for: target)
-        } else if target == .claude || target == .vertexai, snapshotOverride == nil {
-            credits = nil
-            creditsError = nil
-            dashboard = nil
-            dashboardError = nil
-            tokenSnapshot = self.store.tokenSnapshot(for: target)
-            tokenError = self.store.tokenError(for: target)
-        } else {
-            credits = nil
-            creditsError = nil
-            dashboard = nil
-            dashboardError = nil
-            tokenSnapshot = nil
-            tokenError = nil
-        }
-
-        let sourceLabel = snapshotOverride == nil ? self.store.sourceLabel(for: target) : nil
-        let kiloAutoMode = target == .kilo && self.settings.kiloUsageDataSource == .auto
-        let now = Date()
-        let weeklyPace = snapshot?.secondary.flatMap { window in
-            self.store.weeklyPace(provider: target, window: window, now: now)
-        }
-        let input = UsageMenuCardView.Model.Input(
-            provider: target,
-            metadata: metadata,
-            snapshot: snapshot,
-            credits: credits,
-            creditsError: creditsError,
-            dashboard: dashboard,
-            dashboardError: dashboardError,
-            tokenSnapshot: tokenSnapshot,
-            tokenError: tokenError,
-            account: self.account,
-            isRefreshing: self.store.isRefreshing,
-            lastError: errorOverride ?? self.store.error(for: target),
-            usageBarsShowUsed: self.settings.usageBarsShowUsed,
-            resetTimeDisplayStyle: self.settings.resetTimeDisplayStyle,
-            tokenCostUsageEnabled: self.settings.isCostUsageEffectivelyEnabled(for: target),
-            showOptionalCreditsAndExtraUsage: self.settings.showOptionalCreditsAndExtraUsage,
-            sourceLabel: sourceLabel,
-            kiloAutoMode: kiloAutoMode,
-            hidePersonalInfo: self.settings.hidePersonalInfo,
-            weeklyPace: weeklyPace,
-            now: now)
-        return UsageMenuCardView.Model.make(input)
-    }
-
     @objc private func menuCardNoOp(_ sender: NSMenuItem) {
         _ = sender
     }
@@ -1514,50 +1642,4 @@ extension StatusItemController {
         self.markMenuFresh(menu)
         self.applyIcon(phase: nil)
     }
-
-    private func applySubtitle(_ subtitle: String, to item: NSMenuItem, title: String) {
-        if #available(macOS 14.4, *) {
-            // NSMenuItem.subtitle is only available on macOS 14.4+.
-            item.subtitle = subtitle
-        } else {
-            item.view = self.makeMenuSubtitleView(title: title, subtitle: subtitle, isEnabled: item.isEnabled)
-            item.toolTip = "\(title) — \(subtitle)"
-        }
-    }
-
-    private func makeMenuSubtitleView(title: String, subtitle: String, isEnabled: Bool) -> NSView {
-        let container = NSView()
-        container.translatesAutoresizingMaskIntoConstraints = false
-        container.alphaValue = isEnabled ? 1.0 : 0.7
-
-        let titleField = NSTextField(labelWithString: title)
-        titleField.font = NSFont.menuFont(ofSize: NSFont.systemFontSize)
-        titleField.textColor = NSColor.labelColor
-        titleField.lineBreakMode = .byTruncatingTail
-        titleField.maximumNumberOfLines = 1
-        titleField.setContentCompressionResistancePriority(.defaultLow, for: .horizontal)
-
-        let subtitleField = NSTextField(labelWithString: subtitle)
-        subtitleField.font = NSFont.menuFont(ofSize: NSFont.smallSystemFontSize)
-        subtitleField.textColor = NSColor.secondaryLabelColor
-        subtitleField.lineBreakMode = .byTruncatingTail
-        subtitleField.maximumNumberOfLines = 1
-        subtitleField.setContentCompressionResistancePriority(.defaultLow, for: .horizontal)
-
-        let stack = NSStackView(views: [titleField, subtitleField])
-        stack.orientation = .vertical
-        stack.alignment = .leading
-        stack.spacing = 1
-        stack.translatesAutoresizingMaskIntoConstraints = false
-        container.addSubview(stack)
-
-        NSLayoutConstraint.activate([
-            stack.leadingAnchor.constraint(equalTo: container.leadingAnchor, constant: 18),
-            stack.trailingAnchor.constraint(equalTo: container.trailingAnchor, constant: -10),
-            stack.topAnchor.constraint(equalTo: container.topAnchor, constant: 2),
-            stack.bottomAnchor.constraint(equalTo: container.bottomAnchor, constant: -2),
-        ])
-
-        return container
-    }
 }
diff --git a/Sources/CodexBar/StatusItemController+MenuActionMapping.swift b/Sources/CodexBar/StatusItemController+MenuActionMapping.swift
new file mode 100644
index 000000000..c4becbc97
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+MenuActionMapping.swift
@@ -0,0 +1,33 @@
+import AppKit
+
+extension StatusItemController {
+    func selector(for action: MenuDescriptor.MenuAction) -> (Selector, Any?) {
+        switch action {
+        case .installUpdate: (#selector(self.installUpdate), nil)
+        case .refresh: (#selector(self.refreshNow), nil)
+        case .refreshAugmentSession: (#selector(self.refreshAugmentSession), nil)
+        case .dashboard: (#selector(self.openDashboard), nil)
+        case .statusPage: (#selector(self.openStatusPage), nil)
+        case .changelog: (#selector(self.openChangelog), nil)
+        case .addCodexAccount: (#selector(self.addManagedCodexAccountFromMenu(_:)), nil)
+        case let .addProviderAccount(provider): (#selector(self.runSwitchAccount(_:)), provider.rawValue)
+        case let .requestCodexSystemPromotion(managedAccountID):
+            (#selector(self.requestCodexSystemPromotionFromMenu(_:)), managedAccountID.uuidString)
+        case let .switchAccount(provider): (#selector(self.runSwitchAccount(_:)), provider.rawValue)
+        case let .openTerminal(command): (#selector(self.openTerminalCommand(_:)), command)
+        case let .loginToProvider(url): (#selector(self.openLoginToProvider(_:)), url)
+        case .settings: (#selector(self.showSettingsGeneral), nil)
+        case .about: (#selector(self.showSettingsAbout), nil)
+        case .quit: (#selector(self.quit), nil)
+        case let .copyError(message): (#selector(self.copyError(_:)), message)
+        }
+    }
+
+    func codexAddAccountSubtitle() -> String? {
+        if self.settings.hasUnreadableManagedCodexAccountStore {
+            return "Managed account storage unavailable"
+        }
+        guard self.managedCodexAccountCoordinator.isAuthenticatingManagedAccount else { return nil }
+        return "Managed Codex login in progress…"
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+MenuCardModel.swift b/Sources/CodexBar/StatusItemController+MenuCardModel.swift
new file mode 100644
index 000000000..1518d1223
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+MenuCardModel.swift
@@ -0,0 +1,130 @@
+import CodexBarCore
+import Foundation
+
+extension StatusItemController {
+    func menuCardModel(
+        for provider: UsageProvider?,
+        snapshotOverride: UsageSnapshot? = nil,
+        errorOverride: String? = nil,
+        forceOverrideCard: Bool = false,
+        accountOverride: AccountInfo? = nil) -> UsageMenuCardView.Model?
+    {
+        let target = provider ?? self.store.enabledProvidersForDisplay().first ?? .codex
+        let metadata = self.store.metadata(for: target)
+
+        let usesOverrideCard = forceOverrideCard || snapshotOverride != nil || errorOverride != nil
+        let surface: CodexConsumerProjection.Surface = if usesOverrideCard {
+            .overrideCard
+        } else {
+            .liveCard
+        }
+        // Override cards belong to a specific account/context. Never fall back to
+        // provider-level live data here; that can belong to a different account.
+        let snapshot: UsageSnapshot? = if surface == .overrideCard {
+            snapshotOverride
+        } else {
+            snapshotOverride ?? self.store.snapshot(for: target)
+        }
+        let projectedTokenSnapshot = self.store.tokenSnapshot(fromProviderSnapshot: snapshot, provider: target)
+        let storedTokenSnapshot = UsageStore.tokenCostRequiresProviderSnapshot(target)
+            ? nil
+            : self.store.tokenSnapshot(for: target)
+        let now = Date()
+        let codexProjection = self.store.codexConsumerProjectionIfNeeded(
+            for: target,
+            surface: surface,
+            snapshotOverride: snapshotOverride,
+            errorOverride: errorOverride,
+            now: now)
+        let credits: CreditsSnapshot?
+        let creditsError: String?
+        let dashboard: OpenAIDashboardSnapshot?
+        let dashboardError: String?
+        let tokenSnapshot: CostUsageTokenSnapshot?
+        let tokenError: String?
+        if let codexProjection {
+            credits = codexProjection.credits?.snapshot
+            creditsError = codexProjection.credits?.userFacingError
+            dashboard = nil
+            dashboardError = codexProjection.userFacingErrors.dashboard
+            if surface == .liveCard {
+                tokenSnapshot = projectedTokenSnapshot ?? storedTokenSnapshot
+                tokenError = self.store.tokenError(for: target)
+            } else {
+                tokenSnapshot = projectedTokenSnapshot
+                tokenError = nil
+            }
+        } else if ProviderDescriptorRegistry.descriptor(for: target).tokenCost.supportsTokenCost,
+                  snapshotOverride == nil
+        {
+            credits = nil
+            creditsError = nil
+            dashboard = nil
+            dashboardError = nil
+            tokenSnapshot = projectedTokenSnapshot ?? storedTokenSnapshot
+            tokenError = self.store.tokenError(for: target)
+        } else {
+            credits = nil
+            creditsError = nil
+            dashboard = nil
+            dashboardError = nil
+            tokenSnapshot = projectedTokenSnapshot
+            tokenError = nil
+        }
+
+        let sourceLabel = snapshotOverride == nil ? self.store.sourceLabel(for: target) : nil
+        let kiloAutoMode = target == .kilo && self.settings.kiloUsageDataSource == .auto
+        // Abacus uses primary for monthly credits (no secondary window)
+        let paceWindow = target == .abacus ? snapshot?.primary : snapshot?.secondary
+        let weeklyPace = if let codexProjection,
+                            let weekly = codexProjection.rateWindow(for: .weekly)
+        {
+            self.store.weeklyPace(provider: target, window: weekly, now: now)
+        } else {
+            paceWindow.flatMap { window in
+                self.store.weeklyPace(provider: target, window: window, now: now)
+            }
+        }
+        let input = UsageMenuCardView.Model.Input(
+            provider: target,
+            metadata: metadata,
+            snapshot: snapshot,
+            codexProjection: codexProjection,
+            credits: credits,
+            creditsError: creditsError,
+            dashboard: dashboard,
+            dashboardError: dashboardError,
+            tokenSnapshot: tokenSnapshot,
+            tokenError: tokenError,
+            account: accountOverride ?? self.store.accountInfo(for: target),
+            isRefreshing: self.store.shouldShowRefreshingMenuCard(for: target),
+            lastError: errorOverride
+                ?? codexProjection?.userFacingErrors.usage
+                ?? self.store.userFacingError(for: target),
+            usageBarsShowUsed: self.settings.usageBarsShowUsed,
+            resetTimeDisplayStyle: self.settings.resetTimeDisplayStyle,
+            tokenCostUsageEnabled: self.settings.isCostUsageEffectivelyEnabled(for: target),
+            showOptionalCreditsAndExtraUsage: self.settings.showOptionalCreditsAndExtraUsage,
+            sourceLabel: sourceLabel,
+            kiloAutoMode: kiloAutoMode,
+            hidePersonalInfo: self.settings.hidePersonalInfo,
+            weeklyPace: weeklyPace,
+            quotaWarningThresholds: [
+                .session: self.quotaWarningMarkerThresholds(provider: target, window: .session),
+                .weekly: self.quotaWarningMarkerThresholds(provider: target, window: .weekly),
+            ],
+            workDaysPerWeek: self.settings.weeklyProgressWorkDays,
+            now: now)
+        return UsageMenuCardView.Model.make(input)
+    }
+
+    func accountInfo(for account: CodexVisibleAccount) -> AccountInfo {
+        AccountInfo(email: account.email, plan: account.workspaceLabel)
+    }
+
+    private func quotaWarningMarkerThresholds(provider: UsageProvider, window: QuotaWarningWindow) -> [Int] {
+        guard self.settings.quotaWarningMarkersVisible else { return [] }
+        guard self.settings.quotaWarningEnabled(provider: provider, window: window) else { return [] }
+        return self.settings.resolvedQuotaWarningThresholds(provider: provider, window: window)
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+MenuContexts.swift b/Sources/CodexBar/StatusItemController+MenuContexts.swift
new file mode 100644
index 000000000..109137428
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+MenuContexts.swift
@@ -0,0 +1,34 @@
+import AppKit
+import CodexBarCore
+
+extension StatusItemController {
+    struct OpenAIWebContext {
+        let hasUsageBreakdown: Bool
+        let hasCreditsHistory: Bool
+        let hasCostHistory: Bool
+        let canShowBuyCredits: Bool
+        let hasOpenAIWebMenuItems: Bool
+    }
+
+    struct MenuCardContext {
+        let currentProvider: UsageProvider
+        let selectedProvider: UsageProvider?
+        let menuWidth: CGFloat
+        let codexAccountDisplay: CodexAccountMenuDisplay?
+        let tokenAccountDisplay: TokenAccountMenuDisplay?
+        let openAIContext: OpenAIWebContext
+    }
+
+    struct MenuRebuildContext {
+        let enabledProviders: [UsageProvider]
+        let includesOverview: Bool
+        let switcherSelection: ProviderSwitcherSelection?
+        let currentProvider: UsageProvider
+        let selectedProvider: UsageProvider?
+        let menuWidth: CGFloat
+        let codexAccountDisplay: CodexAccountMenuDisplay?
+        let tokenAccountDisplay: TokenAccountMenuDisplay?
+        let openAIContext: OpenAIWebContext
+        let descriptor: MenuDescriptor
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+MenuLocalization.swift b/Sources/CodexBar/StatusItemController+MenuLocalization.swift
new file mode 100644
index 000000000..52944810f
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+MenuLocalization.swift
@@ -0,0 +1,36 @@
+import CodexBarCore
+
+extension StatusItemController {
+    func menuLocalizationSignature() -> String {
+        [
+            codexBarLocalizationSignature(),
+            L("Overview"),
+            L("Cost"),
+        ].joined(separator: "|")
+    }
+
+    func rememberMergedSwitcherState(_ providers: [UsageProvider], _ selection: ProviderSwitcherSelection?) {
+        self.rememberMergedSwitcherState(
+            providers,
+            selection,
+            self.includesOverviewTab(for: providers))
+    }
+
+    func rememberMergedSwitcherState(
+        _ providers: [UsageProvider],
+        _ selection: ProviderSwitcherSelection?,
+        _ includesOverview: Bool)
+    {
+        self.lastSwitcherProviders = providers
+        self.lastSwitcherUsageBarsShowUsed = self.settings.usageBarsShowUsed
+        self.lastMergedSwitcherSelection = selection
+        self.lastSwitcherIncludesOverview = includesOverview
+        self.lastMenuLocalizationSignature = self.menuLocalizationSignature()
+    }
+
+    private func includesOverviewTab(for providers: [UsageProvider]) -> Bool {
+        !self.settings.resolvedMergedOverviewProviders(
+            activeProviders: providers,
+            maxVisibleProviders: SettingsStore.mergedOverviewProviderLimit).isEmpty
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+MenuPresentation.swift b/Sources/CodexBar/StatusItemController+MenuPresentation.swift
new file mode 100644
index 000000000..f1097a50b
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+MenuPresentation.swift
@@ -0,0 +1,290 @@
+import AppKit
+import CodexBarCore
+import Observation
+import SwiftUI
+
+extension StatusItemController {
+    func switcherWeeklyRemaining(for provider: UsageProvider) -> Double? {
+        Self.switcherWeeklyMetricPercent(
+            for: provider,
+            snapshot: self.store.snapshot(for: provider),
+            showUsed: self.settings.usageBarsShowUsed)
+    }
+
+    func applySubtitle(_ subtitle: String, to item: NSMenuItem, title: String) {
+        if #available(macOS 14.4, *) {
+            // NSMenuItem.subtitle is only available on macOS 14.4+.
+            item.subtitle = subtitle
+        } else {
+            item.view = self.makeMenuSubtitleView(title: title, subtitle: subtitle, isEnabled: item.isEnabled)
+            item.toolTip = "\(title) — \(subtitle)"
+        }
+    }
+
+    func makeMenuSubtitleView(title: String, subtitle: String, isEnabled: Bool) -> NSView {
+        let container = NSView()
+        container.translatesAutoresizingMaskIntoConstraints = false
+        container.alphaValue = isEnabled ? 1.0 : 0.7
+
+        let titleField = NSTextField(labelWithString: title)
+        titleField.font = NSFont.menuFont(ofSize: NSFont.systemFontSize)
+        titleField.textColor = NSColor.labelColor
+        titleField.lineBreakMode = .byTruncatingTail
+        titleField.maximumNumberOfLines = 1
+        titleField.setContentCompressionResistancePriority(.defaultLow, for: .horizontal)
+
+        let subtitleField = NSTextField(labelWithString: subtitle)
+        subtitleField.font = NSFont.menuFont(ofSize: NSFont.smallSystemFontSize)
+        subtitleField.textColor = NSColor.secondaryLabelColor
+        subtitleField.lineBreakMode = .byTruncatingTail
+        subtitleField.maximumNumberOfLines = 1
+        subtitleField.setContentCompressionResistancePriority(.defaultLow, for: .horizontal)
+
+        let stack = NSStackView(views: [titleField, subtitleField])
+        stack.orientation = .vertical
+        stack.alignment = .leading
+        stack.spacing = 1
+        stack.translatesAutoresizingMaskIntoConstraints = false
+        container.addSubview(stack)
+
+        NSLayoutConstraint.activate([
+            stack.leadingAnchor.constraint(equalTo: container.leadingAnchor, constant: 18),
+            stack.trailingAnchor.constraint(equalTo: container.trailingAnchor, constant: -10),
+            stack.topAnchor.constraint(equalTo: container.topAnchor, constant: 2),
+            stack.bottomAnchor.constraint(equalTo: container.bottomAnchor, constant: -2),
+        ])
+
+        return container
+    }
+}
+
+@MainActor
+protocol MenuCardHighlighting: AnyObject {
+    func setHighlighted(_ highlighted: Bool)
+}
+
+@MainActor
+protocol MenuCardMeasuring: AnyObject {
+    func measuredHeight(width: CGFloat) -> CGFloat
+}
+
+@MainActor
+@Observable
+final class MenuCardHighlightState {
+    var isHighlighted = false
+}
+
+final class MenuHostingView<Content: View>: NSHostingView<Content> {
+    override var allowsVibrancy: Bool {
+        true
+    }
+}
+
+@MainActor
+final class MenuCardItemHostingView<Content: View>: NSHostingView<Content>, MenuCardHighlighting, MenuCardMeasuring {
+    private let highlightState: MenuCardHighlightState
+    private let onClick: (() -> Void)?
+
+    override var allowsVibrancy: Bool {
+        true
+    }
+
+    override var intrinsicContentSize: NSSize {
+        let size = super.intrinsicContentSize
+        guard self.frame.width > 0 else { return size }
+        return NSSize(width: self.frame.width, height: size.height)
+    }
+
+    init(rootView: Content, highlightState: MenuCardHighlightState, onClick: (() -> Void)? = nil) {
+        self.highlightState = highlightState
+        self.onClick = onClick
+        super.init(rootView: rootView)
+        if onClick != nil {
+            let recognizer = NSClickGestureRecognizer(target: self, action: #selector(self.handlePrimaryClick(_:)))
+            recognizer.buttonMask = 0x1
+            self.addGestureRecognizer(recognizer)
+        }
+    }
+
+    required init(rootView: Content) {
+        self.highlightState = MenuCardHighlightState()
+        self.onClick = nil
+        super.init(rootView: rootView)
+    }
+
+    @available(*, unavailable)
+    required init?(coder: NSCoder) {
+        fatalError("init(coder:) has not been implemented")
+    }
+
+    override func acceptsFirstMouse(for event: NSEvent?) -> Bool {
+        true
+    }
+
+    @objc private func handlePrimaryClick(_ recognizer: NSClickGestureRecognizer) {
+        guard recognizer.state == .ended else { return }
+        self.onClick?()
+    }
+
+    func measuredHeight(width: CGFloat) -> CGFloat {
+        let controller = NSHostingController(rootView: self.rootView)
+        let measured = controller.sizeThatFits(in: CGSize(width: width, height: .greatestFiniteMagnitude))
+        return measured.height
+    }
+
+    func setHighlighted(_ highlighted: Bool) {
+        guard self.highlightState.isHighlighted != highlighted else { return }
+        self.highlightState.isHighlighted = highlighted
+    }
+}
+
+struct MenuCardSectionContainerView<Content: View>: View {
+    @Bindable var highlightState: MenuCardHighlightState
+    let showsSubmenuIndicator: Bool
+    let submenuIndicatorAlignment: Alignment
+    let submenuIndicatorTopPadding: CGFloat
+    @ViewBuilder let content: () -> Content
+
+    var body: some View {
+        self.content()
+            .environment(\.menuItemHighlighted, self.highlightState.isHighlighted)
+            .foregroundStyle(MenuHighlightStyle.primary(self.highlightState.isHighlighted))
+            .background(alignment: .topLeading) {
+                if self.highlightState.isHighlighted {
+                    RoundedRectangle(cornerRadius: 6, style: .continuous)
+                        .fill(MenuHighlightStyle.selectionBackground(true))
+                        .padding(.horizontal, 6)
+                        .padding(.vertical, 2)
+                }
+            }
+            .overlay(alignment: self.submenuIndicatorAlignment) {
+                if self.showsSubmenuIndicator {
+                    Image(systemName: "chevron.right")
+                        .font(.caption2.weight(.semibold))
+                        .foregroundStyle(MenuHighlightStyle.secondary(self.highlightState.isHighlighted))
+                        .padding(.top, self.submenuIndicatorTopPadding)
+                        .padding(.trailing, 10)
+                }
+            }
+    }
+}
+
+@MainActor
+final class PersistentMenuActionItemView: NSView, MenuCardHighlighting {
+    static let rowHeight: CGFloat = 28
+
+    private let backgroundView = NSView()
+    private let imageView = NSImageView()
+    private let titleField: NSTextField
+    private let shortcutField: NSTextField
+    private let onClick: () -> Void
+
+    override var intrinsicContentSize: NSSize {
+        NSSize(width: self.frame.width > 0 ? self.frame.width : NSView.noIntrinsicMetric, height: Self.rowHeight)
+    }
+
+    override var fittingSize: NSSize {
+        NSSize(width: self.frame.width, height: Self.rowHeight)
+    }
+
+    override func setFrameSize(_ newSize: NSSize) {
+        super.setFrameSize(NSSize(width: newSize.width, height: Self.rowHeight))
+    }
+
+    init(
+        title: String,
+        systemImageName: String?,
+        shortcutText: String?,
+        width: CGFloat,
+        onClick: @escaping () -> Void)
+    {
+        self.titleField = NSTextField(labelWithString: title)
+        self.shortcutField = NSTextField(labelWithString: shortcutText ?? "")
+        self.onClick = onClick
+        super.init(frame: NSRect(origin: .zero, size: NSSize(width: width, height: Self.rowHeight)))
+        self.setupView(systemImageName: systemImageName)
+        self.setHighlighted(false)
+    }
+
+    @available(*, unavailable)
+    required init?(coder: NSCoder) {
+        fatalError("init(coder:) has not been implemented")
+    }
+
+    override func acceptsFirstMouse(for event: NSEvent?) -> Bool {
+        true
+    }
+
+    override func mouseUp(with event: NSEvent) {
+        guard event.type == .leftMouseUp else { return }
+        self.onClick()
+    }
+
+    func setHighlighted(_ highlighted: Bool) {
+        let primaryColor = highlighted ? NSColor.selectedMenuItemTextColor : NSColor.controlTextColor
+        let secondaryColor = highlighted ? NSColor.selectedMenuItemTextColor : NSColor.secondaryLabelColor
+        self.backgroundView.isHidden = !highlighted
+        self.titleField.textColor = primaryColor
+        self.shortcutField.textColor = secondaryColor
+        self.imageView.contentTintColor = primaryColor
+    }
+
+    private func setupView(systemImageName: String?) {
+        self.backgroundView.wantsLayer = true
+        self.backgroundView.layer?.cornerRadius = 6
+        self.backgroundView.layer?.backgroundColor = NSColor.selectedContentBackgroundColor.cgColor
+        self.backgroundView.translatesAutoresizingMaskIntoConstraints = false
+        self.addSubview(self.backgroundView)
+
+        if let systemImageName,
+           let image = NSImage(systemSymbolName: systemImageName, accessibilityDescription: nil)
+        {
+            image.isTemplate = true
+            image.size = NSSize(width: 16, height: 16)
+            self.imageView.image = image
+        }
+        self.imageView.translatesAutoresizingMaskIntoConstraints = false
+
+        self.titleField.font = NSFont.menuFont(ofSize: NSFont.systemFontSize)
+        self.titleField.lineBreakMode = .byTruncatingTail
+        self.titleField.setContentCompressionResistancePriority(.defaultLow, for: .horizontal)
+        self.titleField.translatesAutoresizingMaskIntoConstraints = false
+
+        self.shortcutField.font = NSFont.menuFont(ofSize: NSFont.smallSystemFontSize)
+        self.shortcutField.alignment = .right
+        self.shortcutField.lineBreakMode = .byTruncatingTail
+        self.shortcutField.setContentHuggingPriority(.required, for: .horizontal)
+        self.shortcutField.setContentCompressionResistancePriority(.required, for: .horizontal)
+        self.shortcutField.translatesAutoresizingMaskIntoConstraints = false
+
+        let spacer = NSView()
+        spacer.translatesAutoresizingMaskIntoConstraints = false
+        spacer.setContentHuggingPriority(.defaultLow, for: .horizontal)
+
+        let stack = NSStackView()
+        stack.orientation = .horizontal
+        stack.alignment = .centerY
+        stack.spacing = 8
+        stack.translatesAutoresizingMaskIntoConstraints = false
+        stack.addArrangedSubview(self.imageView)
+        stack.addArrangedSubview(self.titleField)
+        stack.addArrangedSubview(spacer)
+        stack.addArrangedSubview(self.shortcutField)
+        self.addSubview(stack)
+
+        NSLayoutConstraint.activate([
+            self.backgroundView.leadingAnchor.constraint(equalTo: self.leadingAnchor, constant: 6),
+            self.backgroundView.trailingAnchor.constraint(equalTo: self.trailingAnchor, constant: -6),
+            self.backgroundView.topAnchor.constraint(equalTo: self.topAnchor, constant: 2),
+            self.backgroundView.bottomAnchor.constraint(equalTo: self.bottomAnchor, constant: -2),
+
+            self.imageView.widthAnchor.constraint(equalToConstant: 18),
+            self.imageView.heightAnchor.constraint(equalToConstant: 18),
+            self.shortcutField.widthAnchor.constraint(equalToConstant: 38),
+
+            stack.leadingAnchor.constraint(equalTo: self.leadingAnchor, constant: 12),
+            stack.trailingAnchor.constraint(equalTo: self.trailingAnchor, constant: -12),
+            stack.centerYAnchor.constraint(equalTo: self.centerYAnchor),
+        ])
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+MenuRefreshScheduling.swift b/Sources/CodexBar/StatusItemController+MenuRefreshScheduling.swift
new file mode 100644
index 000000000..594aa483d
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+MenuRefreshScheduling.swift
@@ -0,0 +1,77 @@
+import AppKit
+import CodexBarCore
+import QuartzCore
+
+extension StatusItemController {
+    func performMenuMutationWithoutAnimation(_ updates: () -> Void) {
+        CATransaction.begin()
+        CATransaction.setDisableActions(true)
+        defer { CATransaction.commit() }
+        updates()
+    }
+
+    func deferSwitcherMenuRebuildIfStillVisible(_ menu: NSMenu, provider: UsageProvider?) {
+        self.providerSwitcherUpdateToken &+= 1
+        let updateToken = self.providerSwitcherUpdateToken
+        self.scheduleOpenMenuRebuildIfStillVisible(
+            menu,
+            provider: provider,
+            closeHostedSubviewMenusBeforeRebuild: true)
+        { [weak self] in
+            guard let self else { return false }
+            return self.providerSwitcherUpdateToken == updateToken
+        }
+    }
+
+    func scheduleOpenMenuRebuildIfStillVisible(
+        _ menu: NSMenu,
+        provider: UsageProvider?,
+        closeHostedSubviewMenusBeforeRebuild: Bool = false,
+        beforeRebuild: (@MainActor () -> Bool)? = nil)
+    {
+        let key = ObjectIdentifier(menu)
+        if closeHostedSubviewMenusBeforeRebuild {
+            self.openMenuRebuildsClosingHostedSubviewMenus.insert(key)
+        }
+        let shouldCloseHostedSubviewMenus = self.openMenuRebuildsClosingHostedSubviewMenus.contains(key)
+        self.openMenuRebuildTokenCounter &+= 1
+        let rebuildToken = self.openMenuRebuildTokenCounter
+        self.openMenuRebuildTokens[key] = rebuildToken
+        self.openMenuRebuildTasks[key]?.cancel()
+        self.openMenuRebuildTasks[key] = Task { @MainActor [weak self, weak menu] in
+            guard let self, let menu else { return }
+            #if DEBUG
+            if let override = self._test_openMenuRefreshYieldOverride {
+                await override()
+            } else {
+                await Task.yield()
+            }
+            #else
+            await Task.yield()
+            #endif
+            guard !Task.isCancelled else { return }
+            guard self.openMenuRebuildTokens[key] == rebuildToken else { return }
+            defer {
+                if self.openMenuRebuildTokens[key] == rebuildToken {
+                    self.openMenuRebuildTasks.removeValue(forKey: key)
+                    self.openMenuRebuildTokens.removeValue(forKey: key)
+                    self.openMenuRebuildsClosingHostedSubviewMenus.remove(key)
+                }
+            }
+            guard self.openMenus[key] != nil else { return }
+            guard beforeRebuild?() ?? true else { return }
+            if shouldCloseHostedSubviewMenus {
+                self.closeHostedSubviewMenusForParentSwitch()
+            }
+            self.rebuildOpenMenuIfStillVisible(menu, provider: provider)
+        }
+    }
+
+    private func closeHostedSubviewMenusForParentSwitch() {
+        let hostedMenus = self.openMenus.values.filter { self.isHostedSubviewMenu($0) }
+        for hostedMenu in hostedMenus {
+            hostedMenu.cancelTrackingWithoutAnimation()
+            self.forgetClosedMenu(hostedMenu)
+        }
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+MenuTracking.swift b/Sources/CodexBar/StatusItemController+MenuTracking.swift
new file mode 100644
index 000000000..d210bff62
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+MenuTracking.swift
@@ -0,0 +1,66 @@
+import AppKit
+
+extension StatusItemController {
+    func renderedMenuWidth(for menu: NSMenu) -> CGFloat {
+        let measuredWidth = ceil(menu.size.width)
+        return max(measuredWidth, Self.menuCardBaseWidth)
+    }
+
+    func refreshOpenMenusIfNeeded() {
+        guard Self.menuRefreshEnabled else { return }
+        guard !self.openMenus.isEmpty else { return }
+        self.refreshOpenMenusIfNeeded(allowsParentRebuild: false)
+    }
+
+    func refreshOpenMenusForStructureChange() {
+        self.refreshOpenMenusAllowingParentRebuild()
+    }
+
+    func refreshOpenMenusAllowingParentRebuild() {
+        guard Self.menuRefreshEnabled else { return }
+        guard !self.openMenus.isEmpty else { return }
+        self.refreshOpenMenusIfNeeded(allowsParentRebuild: true)
+    }
+
+    private func refreshOpenMenusIfNeeded(allowsParentRebuild: Bool) {
+        var orphanedKeys: [ObjectIdentifier] = []
+        let hasOpenHostedSubviewMenu = self.hasOpenHostedSubviewMenu()
+        for (key, menu) in self.openMenus {
+            guard key == ObjectIdentifier(menu) else {
+                orphanedKeys.append(key)
+                continue
+            }
+            self.refreshOpenMenuIfNeeded(
+                menu,
+                allowsParentRebuild: allowsParentRebuild,
+                hasOpenHostedSubviewMenu: hasOpenHostedSubviewMenu)
+        }
+        self.removeOrphanedOpenMenuEntries(orphanedKeys)
+    }
+
+    private func refreshOpenMenuIfNeeded(
+        _ menu: NSMenu,
+        allowsParentRebuild: Bool,
+        hasOpenHostedSubviewMenu: Bool)
+    {
+        if self.isHostedSubviewMenu(menu) {
+            self.refreshHostedSubviewHeights(in: menu)
+            return
+        }
+        guard allowsParentRebuild else { return }
+        guard !hasOpenHostedSubviewMenu else { return }
+        guard self.menuNeedsRefresh(menu) else { return }
+
+        let provider = self.menuProvider(for: menu)
+        self.scheduleOpenMenuRebuildIfStillVisible(menu, provider: provider)
+    }
+
+    private func removeOrphanedOpenMenuEntries(_ keys: [ObjectIdentifier]) {
+        for key in keys {
+            self.openMenus.removeValue(forKey: key)
+            self.menuRefreshTasks.removeValue(forKey: key)?.cancel()
+            self.menuProviders.removeValue(forKey: key)
+            self.menuVersions.removeValue(forKey: key)
+        }
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+MenuTypes.swift b/Sources/CodexBar/StatusItemController+MenuTypes.swift
new file mode 100644
index 000000000..7c0f3b1b2
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+MenuTypes.swift
@@ -0,0 +1,170 @@
+import AppKit
+import CodexBarCore
+import SwiftUI
+
+extension ProviderSwitcherSelection {
+    var provider: UsageProvider? {
+        switch self {
+        case .overview:
+            nil
+        case let .provider(provider):
+            provider
+        }
+    }
+}
+
+struct OverviewMenuCardRowView: View {
+    let model: UsageMenuCardView.Model
+    let storageText: String?
+    let width: CGFloat
+    @Environment(\.menuItemHighlighted) private var isHighlighted
+
+    var body: some View {
+        VStack(alignment: .leading, spacing: 0) {
+            UsageMenuCardHeaderSectionView(
+                model: self.model,
+                showDivider: self.hasUsageBlock,
+                width: self.width)
+            if self.hasUsageBlock {
+                UsageMenuCardUsageSectionView(
+                    model: self.model,
+                    showBottomDivider: false,
+                    bottomPadding: 6,
+                    width: self.width)
+            }
+            if let storageText {
+                HStack(alignment: .firstTextBaseline, spacing: 4) {
+                    Text("\(L("Storage")):")
+                        .font(.footnote)
+                        .foregroundStyle(MenuHighlightStyle.secondary(self.isHighlighted))
+                    Text(storageText)
+                        .font(.footnote)
+                        .foregroundStyle(MenuHighlightStyle.secondary(self.isHighlighted))
+                        .lineLimit(1)
+                    Spacer()
+                }
+                .padding(.horizontal, 16)
+                .padding(.top, self.hasUsageBlock ? 0 : 8)
+                .padding(.bottom, 6)
+                .frame(width: self.width, alignment: .leading)
+            }
+        }
+        .frame(width: self.width, alignment: .leading)
+    }
+
+    private var hasUsageBlock: Bool {
+        self.model.hasUsageContent
+    }
+}
+
+struct OpenAIWebMenuItems {
+    let hasUsageBreakdown: Bool
+    let hasCreditsHistory: Bool
+    let hasCostHistory: Bool
+    let canShowBuyCredits: Bool
+}
+
+struct TokenAccountMenuDisplay: Equatable {
+    let provider: UsageProvider
+    let accounts: [ProviderTokenAccount]
+    let snapshots: [TokenAccountUsageSnapshot]
+    let activeIndex: Int
+    let layout: MultiAccountMenuLayout
+
+    var showAll: Bool {
+        self.layout == .stacked
+    }
+
+    var showSwitcher: Bool {
+        self.layout == .segmented
+    }
+
+    static func == (lhs: TokenAccountMenuDisplay, rhs: TokenAccountMenuDisplay) -> Bool {
+        lhs.provider == rhs.provider &&
+            lhs.accountIdentity == rhs.accountIdentity &&
+            lhs.activeIndex == rhs.activeIndex &&
+            lhs.layout == rhs.layout &&
+            lhs.snapshotIdentity == rhs.snapshotIdentity
+    }
+
+    private var accountIdentity: [AccountIdentity] {
+        self.accounts.map { account in
+            AccountIdentity(
+                id: account.id,
+                label: account.label,
+                externalIdentifier: account.externalIdentifier,
+                organizationID: account.organizationID)
+        }
+    }
+
+    private var snapshotIdentity: [SnapshotIdentity] {
+        self.snapshots.map { snapshot in
+            SnapshotIdentity(
+                id: snapshot.id,
+                hasSnapshot: snapshot.snapshot != nil,
+                error: snapshot.error,
+                sourceLabel: snapshot.sourceLabel)
+        }
+    }
+
+    private struct AccountIdentity: Equatable {
+        let id: UUID
+        let label: String
+        let externalIdentifier: String?
+        let organizationID: String?
+    }
+
+    private struct SnapshotIdentity: Equatable {
+        let id: UUID
+        let hasSnapshot: Bool
+        let error: String?
+        let sourceLabel: String?
+    }
+}
+
+struct CodexAccountMenuDisplay: Equatable {
+    let accounts: [CodexVisibleAccount]
+    let snapshots: [CodexAccountUsageSnapshot]
+    let activeVisibleAccountID: String?
+    let layout: MultiAccountMenuLayout
+
+    var showAll: Bool {
+        self.layout == .stacked
+    }
+
+    var showSwitcher: Bool {
+        self.layout == .segmented
+    }
+
+    var workspaceSections: [CodexAccountWorkspaceSection] {
+        self.accounts.codexWorkspaceSections()
+    }
+
+    var showsWorkspaceGroups: Bool {
+        Set(self.workspaceSections.map(\.title)).count > 1
+    }
+
+    static func == (lhs: CodexAccountMenuDisplay, rhs: CodexAccountMenuDisplay) -> Bool {
+        lhs.accounts == rhs.accounts &&
+            lhs.activeVisibleAccountID == rhs.activeVisibleAccountID &&
+            lhs.layout == rhs.layout &&
+            lhs.snapshotIdentity == rhs.snapshotIdentity
+    }
+
+    private var snapshotIdentity: [SnapshotIdentity] {
+        self.snapshots.map { snapshot in
+            SnapshotIdentity(
+                id: snapshot.id,
+                hasSnapshot: snapshot.snapshot != nil,
+                error: snapshot.error,
+                sourceLabel: snapshot.sourceLabel)
+        }
+    }
+
+    private struct SnapshotIdentity: Equatable {
+        let id: String
+        let hasSnapshot: Bool
+        let error: String?
+        let sourceLabel: String?
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+OverviewSubmenus.swift b/Sources/CodexBar/StatusItemController+OverviewSubmenus.swift
new file mode 100644
index 000000000..bfefcf78d
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+OverviewSubmenus.swift
@@ -0,0 +1,30 @@
+import AppKit
+import CodexBarCore
+
+extension StatusItemController {
+    func makeOverviewRowSubmenu(
+        provider: UsageProvider,
+        model: UsageMenuCardView.Model,
+        width: CGFloat) -> NSMenu?
+    {
+        if provider == .openai,
+           let submenu = self.makeOpenAIAPIUsageSubmenu(provider: provider, width: width)
+        {
+            return submenu
+        }
+        if provider == .zai,
+           let submenu = self.makeZaiUsageDetailsSubmenu(snapshot: self.store.snapshot(for: provider))
+        {
+            return submenu
+        }
+        if model.tokenUsage != nil,
+           let submenu = self.makeCostHistorySubmenu(provider: provider, width: width)
+        {
+            return submenu
+        }
+        if let submenu = self.makeUsageHistorySubmenu(provider: provider, width: width) {
+            return submenu
+        }
+        return self.makeStorageBreakdownSubmenu(provider: provider, width: width)
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+PersistentMenuActions.swift b/Sources/CodexBar/StatusItemController+PersistentMenuActions.swift
new file mode 100644
index 000000000..6037bc432
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+PersistentMenuActions.swift
@@ -0,0 +1,56 @@
+import AppKit
+
+extension StatusItemController {
+    func usesPersistentMenuActionItem(for action: MenuDescriptor.MenuAction) -> Bool {
+        switch action {
+        case .installUpdate, .refresh, .settings, .about, .quit:
+            true
+        default:
+            false
+        }
+    }
+
+    func persistentMenuActionSystemImageName(for action: MenuDescriptor.MenuAction) -> String? {
+        switch action {
+        case .installUpdate:
+            "arrow.down.circle"
+        case .refresh:
+            MenuDescriptor.MenuActionSystemImage.refresh.rawValue
+        case .settings:
+            MenuDescriptor.MenuActionSystemImage.settings.rawValue
+        case .about:
+            MenuDescriptor.MenuActionSystemImage.about.rawValue
+        case .quit:
+            MenuDescriptor.MenuActionSystemImage.quit.rawValue
+        default:
+            action.systemImageName
+        }
+    }
+
+    func performPersistentMenuAction(_ action: MenuDescriptor.MenuAction, in menu: NSMenu?) {
+        switch action {
+        case .refresh:
+            self.refreshNow()
+        case .installUpdate:
+            self.closeMenuForPersistentAction(menu)
+            self.installUpdate()
+        case .settings:
+            self.closeMenuForPersistentAction(menu)
+            self.showSettingsGeneral()
+        case .about:
+            self.closeMenuForPersistentAction(menu)
+            self.showSettingsAbout()
+        case .quit:
+            self.closeMenuForPersistentAction(menu)
+            self.quit()
+        default:
+            break
+        }
+    }
+
+    private func closeMenuForPersistentAction(_ menu: NSMenu?) {
+        guard let menu else { return }
+        menu.cancelTrackingWithoutAnimation()
+        self.forgetClosedMenu(menu)
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+ProviderNavigation.swift b/Sources/CodexBar/StatusItemController+ProviderNavigation.swift
new file mode 100644
index 000000000..8a1091938
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+ProviderNavigation.swift
@@ -0,0 +1,50 @@
+import CodexBarCore
+
+extension StatusItemController {
+    func navigateProviderSwitcher(_ direction: StatusItemMenuProviderNavigationDirection) {
+        guard self.shouldMergeIcons else { return }
+        let enabledProviders = self.store.enabledProvidersForDisplay()
+        guard enabledProviders.count > 1 else { return }
+
+        let includesOverview = !self.settings.resolvedMergedOverviewProviders(
+            activeProviders: enabledProviders,
+            maxVisibleProviders: SettingsStore.mergedOverviewProviderLimit).isEmpty
+        var selections = enabledProviders.map(ProviderSwitcherSelection.provider)
+        if includesOverview {
+            selections.insert(.overview, at: 0)
+        }
+
+        let current: ProviderSwitcherSelection = if includesOverview,
+                                                    self.settings.mergedMenuLastSelectedWasOverview
+        {
+            .overview
+        } else {
+            .provider(self.navigationResolvedProvider(enabledProviders: enabledProviders) ?? .codex)
+        }
+        guard let currentIndex = selections.firstIndex(of: current) else { return }
+
+        let delta = direction == .next ? 1 : -1
+        let nextIndex = (currentIndex + delta + selections.count) % selections.count
+        let selection = selections[nextIndex]
+        switch selection {
+        case .overview:
+            self.settings.mergedMenuLastSelectedWasOverview = true
+            self.lastMenuProvider = self.navigationResolvedProvider(enabledProviders: enabledProviders) ?? .codex
+        case let .provider(provider):
+            self.settings.mergedMenuLastSelectedWasOverview = false
+            self.selectedMenuProvider = provider
+            self.lastMenuProvider = provider
+        }
+        self.lastMergedSwitcherSelection = selection
+        self.invalidateMenus(refreshOpenMenus: true)
+        self.applyIcon(phase: nil)
+    }
+
+    private func navigationResolvedProvider(enabledProviders: [UsageProvider]) -> UsageProvider? {
+        if enabledProviders.isEmpty { return .codex }
+        if let selected = self.selectedMenuProvider, enabledProviders.contains(selected) {
+            return selected
+        }
+        return enabledProviders.first(where: { self.store.isProviderAvailable($0) }) ?? enabledProviders.first
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+ProviderSwitcher.swift b/Sources/CodexBar/StatusItemController+ProviderSwitcher.swift
new file mode 100644
index 000000000..3b0f68735
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+ProviderSwitcher.swift
@@ -0,0 +1,119 @@
+import AppKit
+import CodexBarCore
+
+final class ProviderSwitcherShortcutEventMonitor {
+    private let events: NSEvent.EventTypeMask
+    private let callback: @MainActor (NSEvent) -> Bool
+    private let observer: CFRunLoopObserver
+    private var isActive = false
+
+    init(events: NSEvent.EventTypeMask, callback: @escaping @MainActor (NSEvent) -> Bool) {
+        self.events = events
+        self.callback = callback
+
+        self.observer = CFRunLoopObserverCreateWithHandler(
+            nil,
+            CFRunLoopActivity.beforeSources.rawValue,
+            true,
+            0)
+        { [events, callback] _, _ in
+            MainActor.assumeIsolated {
+                while let event = NSApp.nextEvent(
+                    matching: events,
+                    until: .distantPast,
+                    inMode: .eventTracking,
+                    dequeue: false)
+                {
+                    guard callback(event) else { break }
+                    _ = NSApp.nextEvent(
+                        matching: events,
+                        until: .distantPast,
+                        inMode: .eventTracking,
+                        dequeue: true)
+                }
+            }
+        }
+    }
+
+    deinit {
+        self.stop()
+    }
+
+    func start() {
+        guard !self.isActive else { return }
+        CFRunLoopAddObserver(
+            RunLoop.main.getCFRunLoop(),
+            self.observer,
+            CFRunLoopMode(RunLoop.Mode.eventTracking.rawValue as CFString))
+        self.isActive = true
+    }
+
+    func stop() {
+        guard self.isActive else { return }
+        CFRunLoopRemoveObserver(
+            RunLoop.main.getCFRunLoop(),
+            self.observer,
+            CFRunLoopMode(RunLoop.Mode.eventTracking.rawValue as CFString))
+        self.isActive = false
+    }
+}
+
+extension StatusItemController {
+    func installProviderSwitcherShortcutMonitorIfNeeded(for menu: NSMenu) {
+        guard Self.menuRefreshEnabled,
+              self.shouldMergeIcons,
+              menu.items.first?.view is ProviderSwitcherView
+        else {
+            return
+        }
+
+        self.removeProviderSwitcherShortcutMonitor()
+        let monitor = ProviderSwitcherShortcutEventMonitor(events: [.keyDown]) { [weak self, weak menu] event in
+            guard let self,
+                  let menu,
+                  self.openMenus[ObjectIdentifier(menu)] != nil,
+                  menu.items.first?.view is ProviderSwitcherView
+            else {
+                return false
+            }
+
+            return self.handleProviderSwitcherShortcut(event, menu: menu)
+        }
+        monitor.start()
+        self.providerSwitcherShortcutEventMonitor = monitor
+        self.providerSwitcherShortcutMenuID = ObjectIdentifier(menu)
+    }
+
+    func removeProviderSwitcherShortcutMonitor() {
+        self.providerSwitcherShortcutEventMonitor?.stop()
+        self.providerSwitcherShortcutEventMonitor = nil
+        self.providerSwitcherShortcutMenuID = nil
+    }
+
+    func providerSwitcherContentStartIndex(in menu: NSMenu) -> Int {
+        menu.items.first?.view is ProviderSwitcherView ? 2 : 0
+    }
+
+    @discardableResult
+    func handleProviderSwitcherShortcut(_ event: NSEvent, menu: NSMenu) -> Bool {
+        if let index = StatusItemMenu.providerSelectionIndex(for: event) {
+            return self.selectProviderSwitcherSegment(at: index, menu: menu)
+        }
+        if let direction = StatusItemMenu.providerNavigationDirection(for: event) {
+            self.navigateProviderSwitcher(direction)
+            return true
+        }
+        return false
+    }
+
+    @discardableResult
+    private func selectProviderSwitcherSegment(at index: Int, menu: NSMenu) -> Bool {
+        guard let switcherView = menu.items.first?.view as? ProviderSwitcherView,
+              switcherView.handleKeyboardSelection(at: index)
+        else {
+            return false
+        }
+        self.applyIcon(phase: nil)
+        return true
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+Shutdown.swift b/Sources/CodexBar/StatusItemController+Shutdown.swift
new file mode 100644
index 000000000..7dcfdcff8
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+Shutdown.swift
@@ -0,0 +1,86 @@
+import AppKit
+
+extension StatusItemController {
+    func prepareForAppShutdown() {
+        guard !self.hasPreparedForAppShutdown else { return }
+        self.hasPreparedForAppShutdown = true
+        #if DEBUG
+        self.isReleasedForTesting = true
+        #endif
+
+        let openMenus = Array(self.openMenus.values)
+        for menu in openMenus {
+            menu.cancelTrackingWithoutAnimation()
+            self.forgetClosedMenu(menu)
+        }
+
+        self.cancelShutdownTasks()
+        self.clearShutdownMenuState()
+        self.removeShutdownStatusItems()
+        self.creditsPurchaseWindow?.close()
+        self.creditsPurchaseWindow = nil
+    }
+
+    private func cancelShutdownTasks() {
+        self.blinkTask?.cancel()
+        self.blinkTask = nil
+        self.loginTask?.cancel()
+        self.loginTask = nil
+        self.screenChangeVisibilityTask?.cancel()
+        self.screenChangeVisibilityTask = nil
+        self.pendingScreenChangePreviousCount = nil
+        self.animationDriver?.stop()
+        self.animationDriver = nil
+        self.animationPhase = 0
+        self.blinkForceUntil = nil
+        self.blinkStates.removeAll(keepingCapacity: false)
+        self.blinkAmounts.removeAll(keepingCapacity: false)
+        self.wiggleAmounts.removeAll(keepingCapacity: false)
+        self.tiltAmounts.removeAll(keepingCapacity: false)
+        self.quotaWarningFlashUntil.removeAll(keepingCapacity: false)
+        for task in self.quotaWarningFlashTasks.values {
+            task.cancel()
+        }
+        self.quotaWarningFlashTasks.removeAll(keepingCapacity: false)
+
+        for task in self.menuRefreshTasks.values {
+            task.cancel()
+        }
+        for task in self.openMenuRebuildTasks.values {
+            task.cancel()
+        }
+    }
+
+    private func clearShutdownMenuState() {
+        self.removeProviderSwitcherShortcutMonitor()
+        self.menuRefreshTasks.removeAll(keepingCapacity: false)
+        self.openMenuRebuildTasks.removeAll(keepingCapacity: false)
+        self.openMenuRebuildTokens.removeAll(keepingCapacity: false)
+        self.openMenuRebuildsClosingHostedSubviewMenus.removeAll(keepingCapacity: false)
+        self.openMenus.removeAll(keepingCapacity: false)
+        self.highlightedMenuItems.removeAll(keepingCapacity: false)
+        self.menuProviders.removeAll(keepingCapacity: false)
+        self.menuVersions.removeAll(keepingCapacity: false)
+        self.providerMenus.removeAll(keepingCapacity: false)
+        self.mergedMenu = nil
+        self.fallbackMenu = nil
+    }
+
+    private func removeShutdownStatusItems() {
+        self.statusItem.menu = nil
+        self.statusBar.removeStatusItem(self.statusItem)
+
+        for item in self.statusItems.values {
+            item.menu = nil
+            self.statusBar.removeStatusItem(item)
+        }
+        self.statusItems.removeAll(keepingCapacity: false)
+        self.lastAppliedProviderIconRenderSignatures.removeAll(keepingCapacity: false)
+    }
+
+    #if DEBUG
+    func releaseStatusItemsForTesting() {
+        self.prepareForAppShutdown()
+    }
+    #endif
+}
diff --git a/Sources/CodexBar/StatusItemController+SwitcherMetrics.swift b/Sources/CodexBar/StatusItemController+SwitcherMetrics.swift
new file mode 100644
index 000000000..d07811114
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+SwitcherMetrics.swift
@@ -0,0 +1,13 @@
+import CodexBarCore
+
+extension StatusItemController {
+    nonisolated static func switcherWeeklyMetricPercent(
+        for provider: UsageProvider,
+        snapshot: UsageSnapshot?,
+        showUsed: Bool) -> Double?
+    {
+        let window = snapshot?.switcherWeeklyWindow(for: provider, showUsed: showUsed)
+        guard let window else { return nil }
+        return showUsed ? window.usedPercent : window.remainingPercent
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+SwitcherViews.swift b/Sources/CodexBar/StatusItemController+SwitcherViews.swift
index dcc87c91e..ee6d2048f 100644
--- a/Sources/CodexBar/StatusItemController+SwitcherViews.swift
+++ b/Sources/CodexBar/StatusItemController+SwitcherViews.swift
@@ -1,5 +1,6 @@
 import AppKit
 import CodexBarCore
+import QuartzCore
 
 enum ProviderSwitcherSelection: Equatable {
     case overview
@@ -13,9 +14,11 @@ final class ProviderSwitcherView: NSView {
         let title: String
     }
 
-    private struct WeeklyIndicator {
+    fileprivate struct QuotaIndicator {
         let track: NSView
         let fill: NSView
+        var fillWidthConstraint: NSLayoutConstraint
+        var fillRatio: CGFloat
     }
 
     private let segments: [Segment]
@@ -23,7 +26,7 @@ final class ProviderSwitcherView: NSView {
     private let showsIcons: Bool
     private let weeklyRemainingProvider: (UsageProvider) -> Double?
     private var buttons: [NSButton] = []
-    private var weeklyIndicators: [ObjectIdentifier: WeeklyIndicator] = [:]
+    private var quotaIndicators: [ObjectIdentifier: QuotaIndicator] = [:]
     private var hoverTrackingArea: NSTrackingArea?
     private var segmentWidths: [CGFloat] = []
     private let selectedBackground = NSColor.controlAccentColor.cgColor
@@ -36,7 +39,15 @@ final class ProviderSwitcherView: NSView {
     private let rowHeight: CGFloat
     private var preferredWidth: CGFloat = 0
     private var hoveredButtonTag: Int?
+    private var pressedButtonTag: Int?
     private let lightModeOverlayLayer = CALayer()
+    private static let quotaIndicatorHeight: CGFloat = 3
+    private static let quotaIndicatorBottomInset: CGFloat = 2
+    private static let quotaIndicatorHorizontalInset: CGFloat = 8
+    private static let quotaIndicatorContentGap: CGFloat = 3
+    private static var quotaIndicatorReservedHeight: CGFloat {
+        quotaIndicatorContentGap + quotaIndicatorHeight + quotaIndicatorBottomInset
+    }
 
     init(
         providers: [UsageProvider],
@@ -68,7 +79,7 @@ final class ProviderSwitcherView: NSView {
                 Segment(
                     selection: .overview,
                     image: overviewIcon,
-                    title: "Overview"),
+                    title: L("Overview")),
                 at: 0)
         }
         self.segments = segments
@@ -91,11 +102,7 @@ final class ProviderSwitcherView: NSView {
             maxAllowedSegmentWidth: initialMaxAllowedSegmentWidth,
             stackedIcons: self.stackedIcons)
         self.rowSpacing = self.stackedIcons ? 4 : 2
-        if self.stackedIcons && self.rowCount >= 3 {
-            self.rowHeight = 40
-        } else {
-            self.rowHeight = self.stackedIcons ? 36 : 30
-        }
+        self.rowHeight = Self.switcherRowHeight(stackedIcons: self.stackedIcons)
         let height: CGFloat = self.rowHeight * CGFloat(self.rowCount)
             + self.rowSpacing * CGFloat(max(0, self.rowCount - 1))
         self.preferredWidth = width
@@ -162,7 +169,7 @@ final class ProviderSwitcherView: NSView {
             case .overview:
                 nil
             }
-            self.addWeeklyIndicator(to: button, selection: segment.selection, remainingPercent: remaining)
+            self.addQuotaIndicator(to: button, selection: segment.selection, remainingPercent: remaining)
             button.bezelStyle = .regularSquare
             button.isBordered = false
             button.controlSize = .small
@@ -223,7 +230,12 @@ final class ProviderSwitcherView: NSView {
 
     override func viewDidMoveToWindow() {
         super.viewDidMoveToWindow()
-        self.window?.acceptsMouseMovedEvents = true
+        if let window = self.window {
+            window.acceptsMouseMovedEvents = true
+        } else if self.hoveredButtonTag != nil {
+            self.hoveredButtonTag = nil
+            self.updateButtonStyles()
+        }
     }
 
     override func updateTrackingAreas() {
@@ -261,6 +273,68 @@ final class ProviderSwitcherView: NSView {
         self.updateButtonStyles()
     }
 
+    // MARK: - Click handling
+
+    override func acceptsFirstMouse(for event: NSEvent?) -> Bool {
+        // NSMenu's tracking run loop occasionally drops NSButton target-action dispatch when the
+        // menu is rebuilt under the cursor (e.g. after switching back from a provider tab to
+        // Overview). The overrides in this section hit-test the parent view, then drive
+        // selection from mouseDown/mouseUp here so the click never has to round-trip through
+        // NSButton's tracking loop. See issue #867.
+        true
+    }
+
+    override func hitTest(_ point: NSPoint) -> NSView? {
+        let descendant = super.hitTest(point)
+        if descendant != nil, descendant !== self {
+            // Swallow any hit on a child NSButton so its tracking loop never sees the click.
+            return self
+        }
+        return descendant
+    }
+
+    override func mouseDown(with event: NSEvent) {
+        let location = self.convert(event.locationInWindow, from: nil)
+        self.pressedButtonTag = self.buttons.first(where: { $0.frame.contains(location) })?.tag
+    }
+
+    override func mouseUp(with event: NSEvent) {
+        defer { self.pressedButtonTag = nil }
+        guard let pressedTag = self.pressedButtonTag else { return }
+        let location = self.convert(event.locationInWindow, from: nil)
+        guard let releasedTag = self.buttons.first(where: { $0.frame.contains(location) })?.tag,
+              releasedTag == pressedTag,
+              self.segments.indices.contains(pressedTag)
+        else {
+            return
+        }
+        self.applySelection(at: pressedTag)
+    }
+
+    func handleKeyboardSelection(at index: Int) -> Bool {
+        guard self.segments.indices.contains(index) else { return false }
+        self.applySelection(at: index)
+        return true
+    }
+
+    private func applySelection(at index: Int) {
+        let selection = self.segments[index].selection
+        self.updateSelection(selection)
+        self.onSelect(selection)
+    }
+
+    #if DEBUG
+    /// Simulates the runtime click path (mouseDown → mouseUp on this view) that the menu uses
+    /// in production, bypassing `NSButton.performClick`. Tests use this to cover the path that
+    /// regressed in issue #867.
+    @discardableResult
+    func _test_simulateRuntimeClick(buttonTag: Int) -> Bool {
+        guard self.segments.indices.contains(buttonTag) else { return false }
+        self.applySelection(at: buttonTag)
+        return true
+    }
+    #endif
+
     private func applyLayout(
         outerPadding: CGFloat,
         minimumGap: CGFloat,
@@ -479,6 +553,11 @@ final class ProviderSwitcherView: NSView {
         return rows
     }
 
+    private static func switcherRowHeight(stackedIcons: Bool) -> CGFloat {
+        let baseRowHeight: CGFloat = stackedIcons ? 36 : 30
+        return baseRowHeight + self.quotaIndicatorReservedHeight
+    }
+
     private static func switcherOuterPadding(for width: CGFloat, count: Int, minimumGap: CGFloat) -> CGFloat {
         // Align with the card's left/right content grid when possible.
         let preferred: CGFloat = 16
@@ -508,17 +587,60 @@ final class ProviderSwitcherView: NSView {
         NSSize(width: self.preferredWidth, height: self.frame.size.height)
     }
 
+    func updateSelection(_ selection: ProviderSwitcherSelection) {
+        for (index, button) in self.buttons.enumerated() {
+            let isSelected = self.segments.indices.contains(index) && self.segments[index].selection == selection
+            button.state = isSelected ? .on : .off
+        }
+        self.updateButtonStyles()
+    }
+
+    func updateQuotaIndicators() {
+        CATransaction.begin()
+        CATransaction.setDisableActions(true)
+        defer { CATransaction.commit() }
+
+        for (index, button) in self.buttons.enumerated() {
+            guard self.segments.indices.contains(index) else { continue }
+            let segment = self.segments[index]
+            let remaining: Double? = switch segment.selection {
+            case let .provider(provider):
+                self.weeklyRemainingProvider(provider)
+            case .overview:
+                nil
+            }
+
+            let key = ObjectIdentifier(button)
+            if let remaining {
+                if var indicator = self.quotaIndicators[key] {
+                    Self.updateQuotaIndicatorFill(
+                        indicator: &indicator,
+                        remainingPercent: remaining,
+                        selection: segment.selection)
+                    self.quotaIndicators[key] = indicator
+                } else {
+                    self.addQuotaIndicator(to: button, selection: segment.selection, remainingPercent: remaining)
+                }
+            } else if let indicator = self.quotaIndicators.removeValue(forKey: key) {
+                Self.applyQuotaBarContentInset(to: button, height: 0)
+                indicator.track.removeFromSuperview()
+                continue
+            }
+            self.updateQuotaIndicatorVisibility(for: button)
+        }
+    }
+
     @objc private func handleSelection(_ sender: NSButton) {
         let index = sender.tag
         guard self.segments.indices.contains(index) else { return }
-        for (idx, button) in self.buttons.enumerated() {
-            button.state = (idx == index) ? .on : .off
-        }
-        self.updateButtonStyles()
-        self.onSelect(self.segments[index].selection)
+        self.applySelection(at: index)
     }
 
     private func updateButtonStyles() {
+        CATransaction.begin()
+        CATransaction.setDisableActions(true)
+        defer { CATransaction.commit() }
+
         for button in self.buttons {
             let isSelected = button.state == .on
             let isHovered = self.hoveredButtonTag == button.tag
@@ -530,12 +652,47 @@ final class ProviderSwitcherView: NSView {
             } else {
                 self.unselectedBackground
             }
-            self.updateWeeklyIndicatorVisibility(for: button)
+            self.updateQuotaIndicatorVisibility(for: button)
             (button as? StackedToggleButton)?.setContentTintColor(button.contentTintColor)
             (button as? InlineIconToggleButton)?.setContentTintColor(button.contentTintColor)
         }
     }
 
+    #if DEBUG
+    func _test_buttonFrames() -> [NSRect] {
+        self.buttons.map(\.frame)
+    }
+
+    func _test_buttonFittingSizes() -> [NSSize] {
+        self.buttons.map(\.fittingSize)
+    }
+
+    func _test_rowCount() -> Int {
+        self.rowCount
+    }
+
+    func _test_rowHeight() -> CGFloat {
+        self.rowHeight
+    }
+
+    func _test_setHoveredButtonTag(_ tag: Int?) {
+        self.hoveredButtonTag = tag
+        self.updateButtonStyles()
+    }
+
+    func _test_quotaIndicatorFillRatios() -> [CGFloat] {
+        self.buttons.compactMap { button in
+            self.quotaIndicators[ObjectIdentifier(button)]?.fillRatio
+        }
+    }
+
+    func _test_quotaIndicatorFillFrames() -> [NSRect] {
+        self.buttons.compactMap { button in
+            self.quotaIndicators[ObjectIdentifier(button)]?.fill.frame
+        }
+    }
+    #endif
+
     private func isLightMode() -> Bool {
         self.effectiveAppearance.bestMatch(from: [.aqua, .darkAqua]) == .aqua
     }
@@ -714,93 +871,155 @@ final class ProviderSwitcherView: NSView {
 
     private static func paddedImage(_ image: NSImage, leading: CGFloat) -> NSImage {
         let size = NSSize(width: image.size.width + leading, height: image.size.height)
-        let newImage = NSImage(size: size, flipped: false) { _ in
-            let y = (size.height - image.size.height) / 2
-            image.draw(
-                at: NSPoint(x: leading, y: y),
-                from: NSRect(origin: .zero, size: image.size),
-                operation: .sourceOver,
-                fraction: 1.0)
-            return true
-        }
+        let newImage = NSImage(size: size)
+        newImage.lockFocus()
+        let y = (size.height - image.size.height) / 2
+        image.draw(
+            at: NSPoint(x: leading, y: y),
+            from: NSRect(origin: .zero, size: image.size),
+            operation: .sourceOver,
+            fraction: 1.0)
+        newImage.unlockFocus()
         newImage.isTemplate = image.isTemplate
         return newImage
     }
 
-    private func addWeeklyIndicator(to view: NSView, selection: ProviderSwitcherSelection, remainingPercent: Double?) {
+    private static func overviewIcon() -> NSImage {
+        if let symbol = NSImage(systemSymbolName: "square.grid.2x2", accessibilityDescription: nil) {
+            return symbol
+        }
+        return NSImage(size: NSSize(width: 16, height: 16))
+    }
+
+    private static func switcherTitle(for provider: UsageProvider) -> String {
+        ProviderDescriptorRegistry.descriptor(for: provider).metadata.displayName
+    }
+}
+
+extension ProviderSwitcherView {
+    private func addQuotaIndicator(to view: NSView, selection: ProviderSwitcherSelection, remainingPercent: Double?) {
         guard let remainingPercent else { return }
+        Self.applyQuotaBarContentInset(to: view)
 
         let track = NSView()
         track.wantsLayer = true
         track.layer?.backgroundColor = NSColor.tertiaryLabelColor.withAlphaComponent(0.22).cgColor
-        track.layer?.cornerRadius = 2
+        track.layer?.cornerRadius = Self.quotaIndicatorHeight / 2
         track.layer?.masksToBounds = true
         track.translatesAutoresizingMaskIntoConstraints = false
         view.addSubview(track)
 
         let fill = NSView()
         fill.wantsLayer = true
-        fill.layer?.backgroundColor = Self.weeklyIndicatorColor(for: selection).cgColor
-        fill.layer?.cornerRadius = 2
+        fill.layer?.backgroundColor = Self.quotaIndicatorColor(
+            for: selection,
+            remainingPercent: remainingPercent).cgColor
+        fill.layer?.cornerRadius = Self.quotaIndicatorHeight / 2
+        fill.layer?.maskedCorners = [.layerMinXMinYCorner, .layerMinXMaxYCorner]
         fill.translatesAutoresizingMaskIntoConstraints = false
         track.addSubview(fill)
 
-        let ratio = CGFloat(max(0, min(1, remainingPercent / 100)))
+        let ratio = Self.quotaIndicatorRatio(remainingPercent: remainingPercent)
+        let fillWidthConstraint = Self.quotaIndicatorFillWidthConstraint(fill: fill, track: track, ratio: ratio)
 
         NSLayoutConstraint.activate([
-            track.leadingAnchor.constraint(equalTo: view.leadingAnchor, constant: 6),
-            track.trailingAnchor.constraint(equalTo: view.trailingAnchor, constant: -6),
-            track.bottomAnchor.constraint(equalTo: view.bottomAnchor, constant: -1),
-            track.heightAnchor.constraint(equalToConstant: 4),
+            track.leadingAnchor.constraint(
+                equalTo: view.leadingAnchor,
+                constant: Self.quotaIndicatorHorizontalInset),
+            track.trailingAnchor.constraint(
+                equalTo: view.trailingAnchor,
+                constant: -Self.quotaIndicatorHorizontalInset),
+            track.bottomAnchor.constraint(
+                equalTo: view.bottomAnchor,
+                constant: -Self.quotaIndicatorBottomInset),
+            track.heightAnchor.constraint(equalToConstant: Self.quotaIndicatorHeight),
             fill.leadingAnchor.constraint(equalTo: track.leadingAnchor),
             fill.topAnchor.constraint(equalTo: track.topAnchor),
             fill.bottomAnchor.constraint(equalTo: track.bottomAnchor),
+            fillWidthConstraint,
         ])
 
-        fill.widthAnchor.constraint(equalTo: track.widthAnchor, multiplier: ratio).isActive = true
+        self.quotaIndicators[ObjectIdentifier(view)] = QuotaIndicator(
+            track: track,
+            fill: fill,
+            fillWidthConstraint: fillWidthConstraint,
+            fillRatio: ratio)
+        self.updateQuotaIndicatorVisibility(for: view)
+    }
 
-        self.weeklyIndicators[ObjectIdentifier(view)] = WeeklyIndicator(track: track, fill: fill)
-        self.updateWeeklyIndicatorVisibility(for: view)
+    fileprivate static func applyQuotaBarContentInset(
+        to view: NSView,
+        height: CGFloat = quotaIndicatorReservedHeight)
+    {
+        (view as? ProviderSwitcherToggleButton)?.setQuotaBarReservedHeight(height)
     }
 
-    private func updateWeeklyIndicatorVisibility(for view: NSView) {
-        guard let indicator = self.weeklyIndicators[ObjectIdentifier(view)] else { return }
+    private func updateQuotaIndicatorVisibility(for view: NSView) {
+        guard let indicator = self.quotaIndicators[ObjectIdentifier(view)] else { return }
         let isSelected = (view as? NSButton)?.state == .on
         indicator.track.isHidden = isSelected
-        indicator.fill.isHidden = isSelected
+        indicator.fill.isHidden = isSelected || indicator.fillRatio <= 0
+    }
+
+    fileprivate static func updateQuotaIndicatorFill(
+        indicator: inout QuotaIndicator,
+        remainingPercent: Double,
+        selection: ProviderSwitcherSelection)
+    {
+        let ratio = Self.quotaIndicatorRatio(remainingPercent: remainingPercent)
+        indicator.fillWidthConstraint.isActive = false
+        let fillWidthConstraint = Self.quotaIndicatorFillWidthConstraint(
+            fill: indicator.fill,
+            track: indicator.track,
+            ratio: ratio)
+        fillWidthConstraint.isActive = true
+        indicator.fillWidthConstraint = fillWidthConstraint
+        indicator.fillRatio = ratio
+        indicator.fill.layer?.backgroundColor = Self.quotaIndicatorColor(
+            for: selection,
+            remainingPercent: remainingPercent).cgColor
+        indicator.fill.layer?.cornerRadius = Self.quotaIndicatorHeight / 2
+        indicator.fill.layer?.maskedCorners = [.layerMinXMinYCorner, .layerMinXMaxYCorner]
+        indicator.track.isHidden = false
+        indicator.fill.isHidden = ratio <= 0
     }
 
-    private static func weeklyIndicatorColor(for selection: ProviderSwitcherSelection) -> NSColor {
+    fileprivate static func quotaIndicatorColor(
+        for selection: ProviderSwitcherSelection,
+        remainingPercent _: Double) -> NSColor
+    {
         switch selection {
         case let .provider(provider):
             let color = ProviderDescriptorRegistry.descriptor(for: provider).branding.color
-            return NSColor(
-                red: CGFloat(color.red),
-                green: CGFloat(color.green),
-                blue: CGFloat(color.blue),
-                alpha: 1.0)
+            return NSColor(deviceRed: color.red, green: color.green, blue: color.blue, alpha: 1)
         case .overview:
             return NSColor.secondaryLabelColor
         }
     }
 
-    private static func overviewIcon() -> NSImage {
-        if let symbol = NSImage(systemSymbolName: "square.grid.2x2", accessibilityDescription: nil) {
-            return symbol
-        }
-        return NSImage(size: NSSize(width: 16, height: 16))
+    fileprivate static func quotaIndicatorRatio(remainingPercent: Double) -> CGFloat {
+        CGFloat(max(0, min(1, remainingPercent / 100)))
     }
 
-    private static func switcherTitle(for provider: UsageProvider) -> String {
-        ProviderDescriptorRegistry.descriptor(for: provider).metadata.displayName
+    private static func quotaIndicatorFillWidthConstraint(
+        fill: NSView,
+        track: NSView,
+        ratio: CGFloat)
+        -> NSLayoutConstraint
+    {
+        guard ratio > 0 else {
+            return fill.widthAnchor.constraint(equalToConstant: 0)
+        }
+        return fill.widthAnchor.constraint(equalTo: track.widthAnchor, multiplier: ratio)
     }
 }
 
 final class TokenAccountSwitcherView: NSView {
     private let accounts: [ProviderTokenAccount]
-    private let onSelect: (Int) -> Void
+    private let onSelect: (Int) -> Task<Void, Never>?
     private var selectedIndex: Int
     private var buttons: [NSButton] = []
+    private let preferredSize: NSSize
     private let rowSpacing: CGFloat = 4
     private let rowHeight: CGFloat = 26
     private let selectedBackground = NSColor.controlAccentColor.cgColor
@@ -808,13 +1027,19 @@ final class TokenAccountSwitcherView: NSView {
     private let selectedTextColor = NSColor.white
     private let unselectedTextColor = NSColor.secondaryLabelColor
 
-    init(accounts: [ProviderTokenAccount], selectedIndex: Int, width: CGFloat, onSelect: @escaping (Int) -> Void) {
+    init(
+        accounts: [ProviderTokenAccount],
+        selectedIndex: Int,
+        width: CGFloat,
+        onSelect: @escaping (Int) -> Task<Void, Never>?)
+    {
         self.accounts = accounts
         self.onSelect = onSelect
         self.selectedIndex = min(max(selectedIndex, 0), max(0, accounts.count - 1))
         let useTwoRows = accounts.count > 3
         let rows = useTwoRows ? 2 : 1
         let height = self.rowHeight * CGFloat(rows) + (useTwoRows ? self.rowSpacing : 0)
+        self.preferredSize = NSSize(width: width, height: height)
         super.init(frame: NSRect(x: 0, y: 0, width: width, height: height))
         self.wantsLayer = true
         self.buildButtons(useTwoRows: useTwoRows)
@@ -826,6 +1051,14 @@ final class TokenAccountSwitcherView: NSView {
         nil
     }
 
+    override var intrinsicContentSize: NSSize {
+        self.preferredSize
+    }
+
+    override var fittingSize: NSSize {
+        self.preferredSize
+    }
+
     private func buildButtons(useTwoRows: Bool) {
         let perRow = useTwoRows ? Int(ceil(Double(self.accounts.count) / 2.0)) : self.accounts.count
         let rows: [[ProviderTokenAccount]] = {
@@ -837,7 +1070,7 @@ final class TokenAccountSwitcherView: NSView {
 
         let stack = NSStackView()
         stack.orientation = .vertical
-        stack.alignment = .centerX
+        stack.alignment = .width
         stack.spacing = self.rowSpacing
         stack.translatesAutoresizingMaskIntoConstraints = false
 
@@ -861,6 +1094,8 @@ final class TokenAccountSwitcherView: NSView {
                 button.setButtonType(.toggle)
                 button.controlSize = .small
                 button.font = NSFont.systemFont(ofSize: NSFont.smallSystemFontSize)
+                button.cell?.lineBreakMode = account.displayName.contains("@") ? .byTruncatingMiddle : .byTruncatingTail
+                button.setContentCompressionResistancePriority(.defaultLow, for: .horizontal)
                 button.wantsLayer = true
                 button.layer?.cornerRadius = 6
                 row.addArrangedSubview(button)
@@ -869,6 +1104,7 @@ final class TokenAccountSwitcherView: NSView {
             }
 
             stack.addArrangedSubview(row)
+            row.widthAnchor.constraint(equalTo: stack.widthAnchor).isActive = true
         }
 
         self.addSubview(stack)
@@ -892,10 +1128,390 @@ final class TokenAccountSwitcherView: NSView {
     }
 
     @objc private func handleSelect(_ sender: NSButton) {
-        let index = sender.tag
-        guard index >= 0, index < self.accounts.count else { return }
+        _ = self.select(index: sender.tag)
+    }
+
+    @discardableResult
+    private func select(index: Int) -> Task<Void, Never>? {
+        guard index >= 0, index < self.accounts.count else { return nil }
         self.selectedIndex = index
         self.updateButtonStyles()
-        self.onSelect(index)
+        return self.onSelect(index)
+    }
+
+    #if DEBUG
+    func _test_select(index: Int) -> Task<Void, Never>? {
+        guard let button = self.buttons.first(where: { $0.tag == index }) else { return nil }
+        return self.select(index: button.tag)
+    }
+
+    func _test_buttonTitles() -> [String] {
+        self.buttons.map(\.title)
+    }
+    #endif
+}
+
+final class CodexAccountSwitcherView: NSView {
+    private let accounts: [CodexVisibleAccount]
+    private let onSelect: (CodexVisibleAccount) -> Void
+    private var selectedAccountID: String
+    private var pressedAccountID: String?
+    private var buttons: [NSButton] = []
+    private let preferredSize: NSSize
+    private let rowSpacing: CGFloat = 4
+    private let rowHeight: CGFloat = 26
+    private let selectedBackground = NSColor.controlAccentColor.cgColor
+    private let unselectedBackground = NSColor.clear.cgColor
+    private let selectedTextColor = NSColor.white
+    private let unselectedTextColor = NSColor.secondaryLabelColor
+    private let buttonFont = NSFont.systemFont(ofSize: NSFont.smallSystemFontSize)
+    private let buttonHorizontalPadding: CGFloat = 14
+    private let buttonSideInset: CGFloat = 6
+
+    init(
+        accounts: [CodexVisibleAccount],
+        selectedAccountID: String?,
+        width: CGFloat,
+        onSelect: @escaping (CodexVisibleAccount) -> Void)
+    {
+        self.accounts = accounts
+        self.onSelect = onSelect
+        self.selectedAccountID = selectedAccountID ?? accounts.first?.id ?? ""
+        let useTwoRows = accounts.count > 3
+        let rows = useTwoRows ? 2 : 1
+        let height = self.rowHeight * CGFloat(rows) + (useTwoRows ? self.rowSpacing : 0)
+        self.preferredSize = NSSize(width: width, height: height)
+        super.init(frame: NSRect(x: 0, y: 0, width: width, height: height))
+        self.wantsLayer = true
+        self.buildButtons(useTwoRows: useTwoRows)
+        self.updateButtonStyles()
+    }
+
+    @available(*, unavailable)
+    required init?(coder: NSCoder) {
+        nil
+    }
+
+    override var intrinsicContentSize: NSSize {
+        self.preferredSize
+    }
+
+    override var fittingSize: NSSize {
+        self.preferredSize
+    }
+
+    private func buildButtons(useTwoRows: Bool) {
+        let perRow = useTwoRows ? Int(ceil(Double(self.accounts.count) / 2.0)) : self.accounts.count
+        let rows: [[CodexVisibleAccount]] = {
+            if !useTwoRows { return [self.accounts] }
+            let first = Array(self.accounts.prefix(perRow))
+            let second = Array(self.accounts.dropFirst(perRow))
+            return [first, second]
+        }()
+        let stack = NSStackView()
+        stack.orientation = .vertical
+        stack.alignment = .width
+        stack.spacing = self.rowSpacing
+        stack.translatesAutoresizingMaskIntoConstraints = false
+
+        for rowAccounts in rows {
+            let row = NSStackView()
+            row.orientation = .horizontal
+            row.alignment = .centerY
+            row.distribution = .fillEqually
+            row.spacing = self.rowSpacing
+            row.translatesAutoresizingMaskIntoConstraints = false
+
+            let buttonWidth = self.buttonWidth(for: rowAccounts.count)
+            for account in rowAccounts {
+                let title = self.compactButtonTitle(for: account, buttonWidth: buttonWidth)
+                let button = PaddedToggleButton(
+                    title: title,
+                    target: self,
+                    action: #selector(self.handleSelect))
+                button.identifier = NSUserInterfaceItemIdentifier(account.id)
+                button.toolTip = account.menuDisplayName
+                button.isBordered = false
+                button.setButtonType(.toggle)
+                button.controlSize = .small
+                button.font = self.buttonFont
+                button.cell?.lineBreakMode = .byTruncatingTail
+                button.setContentCompressionResistancePriority(.defaultLow, for: .horizontal)
+                button.wantsLayer = true
+                button.layer?.cornerRadius = 6
+                row.addArrangedSubview(button)
+                self.buttons.append(button)
+            }
+
+            stack.addArrangedSubview(row)
+            row.widthAnchor.constraint(equalTo: stack.widthAnchor).isActive = true
+        }
+
+        self.addSubview(stack)
+        NSLayoutConstraint.activate([
+            stack.leadingAnchor.constraint(equalTo: self.leadingAnchor, constant: self.buttonSideInset),
+            stack.trailingAnchor.constraint(equalTo: self.trailingAnchor, constant: -self.buttonSideInset),
+            stack.topAnchor.constraint(equalTo: self.topAnchor),
+            stack.bottomAnchor.constraint(equalTo: self.bottomAnchor),
+            stack.heightAnchor.constraint(equalToConstant: self.rowHeight * CGFloat(rows.count) +
+                (useTwoRows ? self.rowSpacing : 0)),
+        ])
+    }
+
+    private func buttonWidth(for count: Int) -> CGFloat {
+        let contentWidth = self.bounds.width - (self.buttonSideInset * 2)
+        let spacing = self.rowSpacing * CGFloat(max(0, count - 1))
+        guard count > 0 else { return contentWidth }
+        return max(44, floor((contentWidth - spacing) / CGFloat(count)))
+    }
+
+    private func compactButtonTitle(for account: CodexVisibleAccount, buttonWidth: CGFloat) -> String {
+        let availableTextWidth = max(24, buttonWidth - self.buttonHorizontalPadding)
+        if self.textWidth(account.menuDisplayName) <= availableTextWidth {
+            return account.menuDisplayName
+        }
+
+        guard let workspace = account.menuWorkspaceLabel else {
+            return self.truncateMiddle(account.email, toFit: availableTextWidth)
+        }
+
+        let separator = "|"
+        let separatorWidth = self.textWidth(separator)
+        let contentWidth = max(24, availableTextWidth - separatorWidth)
+        let minimumEmailWidth = min(contentWidth * 0.45, max(18, contentWidth * 0.3))
+        let minimumWorkspaceWidth = min(contentWidth * 0.4, max(18, contentWidth * 0.25))
+        var emailWidth = max(minimumEmailWidth, contentWidth * 0.58)
+        var workspaceWidth = max(minimumWorkspaceWidth, contentWidth - emailWidth)
+
+        /// Note: takes the widths as parameters rather than capturing the mutable
+        /// `emailWidth` / `workspaceWidth` vars below. Capturing those `var`s in a
+        /// nested function crashes swift-frontend (IRGen, SIGABRT) under the
+        /// Swift 6.2.3 + macOS 26.4 SDK toolchain.
+        func makeTitle(emailWidth: CGFloat, workspaceWidth: CGFloat) -> String {
+            let emailText = self.truncateMiddle(account.email, toFit: emailWidth)
+            let workspaceText = self.truncateTail(workspace, toFit: workspaceWidth)
+            return "\(emailText)\(separator)\(workspaceText)"
+        }
+
+        var title = makeTitle(emailWidth: emailWidth, workspaceWidth: workspaceWidth)
+        var attempts = 0
+        while self.textWidth(title) > availableTextWidth, attempts < 16 {
+            let emailText = self.truncateMiddle(account.email, toFit: emailWidth)
+            let workspaceText = self.truncateTail(workspace, toFit: workspaceWidth)
+            let emailRenderedWidth = self.textWidth(emailText)
+            let workspaceRenderedWidth = self.textWidth(workspaceText)
+
+            if emailRenderedWidth >= workspaceRenderedWidth, emailWidth > minimumEmailWidth {
+                emailWidth = max(minimumEmailWidth, emailWidth - 6)
+            } else if workspaceWidth > minimumWorkspaceWidth {
+                workspaceWidth = max(minimumWorkspaceWidth, workspaceWidth - 6)
+            } else {
+                break
+            }
+
+            title = makeTitle(emailWidth: emailWidth, workspaceWidth: workspaceWidth)
+            attempts += 1
+        }
+
+        return title
+    }
+
+    private func truncateTail(_ text: String, toFit width: CGFloat) -> String {
+        let trimmed = text.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return text }
+        if self.textWidth(trimmed) <= width {
+            return trimmed
+        }
+
+        let ellipsis = "…"
+        let ellipsisWidth = self.textWidth(ellipsis)
+        guard ellipsisWidth < width else { return ellipsis }
+
+        var candidate = ""
+        for character in trimmed {
+            let next = candidate + String(character)
+            if self.textWidth(next + ellipsis) > width {
+                break
+            }
+            candidate = next
+        }
+
+        if candidate.isEmpty {
+            return ellipsis
+        }
+        return candidate + ellipsis
+    }
+
+    private func truncateMiddle(_ text: String, toFit width: CGFloat) -> String {
+        let trimmed = text.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return text }
+        if self.textWidth(trimmed) <= width {
+            return trimmed
+        }
+
+        let ellipsis = "…"
+        let ellipsisWidth = self.textWidth(ellipsis)
+        guard ellipsisWidth < width else { return ellipsis }
+
+        var prefix = ""
+        var suffix = ""
+        var prefixIndex = trimmed.startIndex
+        var suffixIndex = trimmed.endIndex
+        var best = ellipsis
+        var takeSuffixNext = true
+
+        while prefixIndex < suffixIndex {
+            let nextPrefix: String
+            let nextSuffix: String
+            if takeSuffixNext {
+                let previousIndex = trimmed.index(before: suffixIndex)
+                nextPrefix = prefix
+                nextSuffix = String(trimmed[previousIndex]) + suffix
+                suffixIndex = previousIndex
+            } else {
+                nextPrefix = prefix + String(trimmed[prefixIndex])
+                nextSuffix = suffix
+                prefixIndex = trimmed.index(after: prefixIndex)
+            }
+
+            let candidate = nextPrefix + ellipsis + nextSuffix
+            if self.textWidth(candidate) > width {
+                break
+            }
+
+            prefix = nextPrefix
+            suffix = nextSuffix
+            best = candidate
+            takeSuffixNext.toggle()
+        }
+
+        return best
+    }
+
+    private func textWidth(_ text: String) -> CGFloat {
+        let attributes: [NSAttributedString.Key: Any] = [.font: self.buttonFont]
+        return ceil((text as NSString).size(withAttributes: attributes).width)
+    }
+
+    private func updateButtonStyles() {
+        for button in self.buttons {
+            let selected = button.identifier?.rawValue == self.selectedAccountID
+            button.state = selected ? .on : .off
+            button.layer?.backgroundColor = selected ? self.selectedBackground : self.unselectedBackground
+            button.contentTintColor = selected ? self.selectedTextColor : self.unselectedTextColor
+        }
+    }
+
+    override func acceptsFirstMouse(for event: NSEvent?) -> Bool {
+        true
+    }
+
+    override func hitTest(_ point: NSPoint) -> NSView? {
+        let descendant = super.hitTest(point)
+        if descendant != nil, descendant !== self {
+            self.toolTip = (descendant as? NSButton)?.toolTip
+            return self
+        }
+        self.toolTip = nil
+        return descendant
+    }
+
+    override func mouseDown(with event: NSEvent) {
+        let location = self.convert(event.locationInWindow, from: nil)
+        self.pressedAccountID = self.accountID(at: location)
+    }
+
+    override func mouseUp(with event: NSEvent) {
+        defer { self.pressedAccountID = nil }
+        guard let pressedAccountID = self.pressedAccountID else { return }
+        let location = self.convert(event.locationInWindow, from: nil)
+        guard let releasedAccountID = self.accountID(at: location),
+              releasedAccountID == pressedAccountID,
+              let account = self.accounts.first(where: { $0.id == pressedAccountID })
+        else {
+            return
+        }
+        self.applySelection(account)
+    }
+
+    private func accountID(at pointInSelf: NSPoint) -> String? {
+        self.buttons.first(where: { self.convert($0.bounds, from: $0).contains(pointInSelf) })?.identifier?.rawValue
+    }
+
+    @objc private func handleSelect(_ sender: NSButton) {
+        guard let accountID = sender.identifier?.rawValue,
+              let account = self.accounts.first(where: { $0.id == accountID }) else { return }
+        self.applySelection(account)
+    }
+
+    private func applySelection(_ account: CodexVisibleAccount) {
+        self.selectedAccountID = account.id
+        self.updateButtonStyles()
+        self.onSelect(account)
+    }
+
+    #if DEBUG
+    func _test_buttonTitles() -> [String] {
+        self.buttons.map(\.title)
+    }
+
+    func _test_buttonToolTips() -> [String?] {
+        self.buttons.map(\.toolTip)
+    }
+
+    func _test_selectAccount(id: String) {
+        guard let account = self.accounts.first(where: { $0.id == id }) else { return }
+        self.applySelection(account)
+    }
+
+    func _test_simulateRuntimeClick(id: String) -> Bool {
+        guard let button = self.buttons.first(where: { $0.identifier?.rawValue == id }) else { return false }
+        self.updateConstraintsForSubtreeIfNeeded()
+        self.layoutSubtreeIfNeeded()
+        let point = self.convert(NSPoint(x: button.bounds.midX, y: button.bounds.midY), from: button)
+        guard let mouseDownEvent = NSEvent.mouseEvent(
+            with: .leftMouseDown,
+            location: point,
+            modifierFlags: [],
+            timestamp: 0,
+            windowNumber: 0,
+            context: nil,
+            eventNumber: 1,
+            clickCount: 1,
+            pressure: 1),
+            let mouseUpEvent = NSEvent.mouseEvent(
+                with: .leftMouseUp,
+                location: point,
+                modifierFlags: [],
+                timestamp: 0,
+                windowNumber: 0,
+                context: nil,
+                eventNumber: 2,
+                clickCount: 1,
+                pressure: 0)
+        else {
+            return false
+        }
+        self.mouseDown(with: mouseDownEvent)
+        self.mouseUp(with: mouseUpEvent)
+        return self.selectedAccountID == id
+    }
+
+    func _test_hitTestSwallowsChildButton(id: String) -> Bool {
+        guard let button = self.buttons.first(where: { $0.identifier?.rawValue == id }) else { return false }
+        self.updateConstraintsForSubtreeIfNeeded()
+        self.layoutSubtreeIfNeeded()
+        let point = self.convert(NSPoint(x: button.bounds.midX, y: button.bounds.midY), from: button)
+        return self.hitTest(point) === self
+    }
+
+    func _test_toolTipAfterHitTest(id: String) -> String? {
+        guard let button = self.buttons.first(where: { $0.identifier?.rawValue == id }) else { return nil }
+        self.updateConstraintsForSubtreeIfNeeded()
+        self.layoutSubtreeIfNeeded()
+        let point = self.convert(NSPoint(x: button.bounds.midX, y: button.bounds.midY), from: button)
+        _ = self.hitTest(point)
+        return self.toolTip
     }
+    #endif
 }
diff --git a/Sources/CodexBar/StatusItemController+UsageHistoryMenu.swift b/Sources/CodexBar/StatusItemController+UsageHistoryMenu.swift
new file mode 100644
index 000000000..97908cfee
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+UsageHistoryMenu.swift
@@ -0,0 +1,79 @@
+import AppKit
+import CodexBarCore
+import SwiftUI
+
+private final class UsageHistoryMenuHostingView<Content: View>: NSHostingView<Content> {
+    override var allowsVibrancy: Bool {
+        true
+    }
+}
+
+extension StatusItemController {
+    @discardableResult
+    func addUsageHistoryMenuItemIfNeeded(to menu: NSMenu, provider: UsageProvider, width: CGFloat) -> Bool {
+        guard let submenu = self.makeUsageHistorySubmenu(provider: provider, width: width) else { return false }
+        let item = self.makeMenuCardItem(
+            HStack(spacing: 0) {
+                Text(L("Subscription Utilization"))
+                    .font(.system(size: NSFont.menuFont(ofSize: 0).pointSize))
+                    .lineLimit(1)
+                    .frame(maxWidth: .infinity, alignment: .leading)
+                    .padding(.leading, 14)
+                    .padding(.trailing, 28)
+                    .padding(.vertical, 8)
+            },
+            id: "usageHistorySubmenu",
+            width: width,
+            submenu: submenu,
+            submenuIndicatorAlignment: .trailing,
+            submenuIndicatorTopPadding: 0)
+        menu.addItem(item)
+        return true
+    }
+
+    func makeUsageHistorySubmenu(provider: UsageProvider, width: CGFloat? = nil) -> NSMenu? {
+        guard self.store.supportsPlanUtilizationHistory(for: provider) else { return nil }
+        guard !self.store.shouldHidePlanUtilizationMenuItem(for: provider) else { return nil }
+        if let width {
+            return self.makeHostedSubviewPlaceholderMenu(
+                chartID: Self.usageHistoryChartID,
+                provider: provider,
+                width: width)
+        }
+        return self.makeHostedSubviewPlaceholderMenu(chartID: Self.usageHistoryChartID, provider: provider)
+    }
+
+    func appendUsageHistoryChartItem(
+        to submenu: NSMenu,
+        provider: UsageProvider,
+        width: CGFloat) -> Bool
+    {
+        let histories = self.store.planUtilizationHistory(for: provider)
+        let snapshot = self.store.snapshot(for: provider)
+
+        if !Self.menuCardRenderingEnabled {
+            let chartItem = NSMenuItem()
+            chartItem.isEnabled = true
+            chartItem.representedObject = Self.usageHistoryChartID
+            submenu.addItem(chartItem)
+            return true
+        }
+
+        let chartView = PlanUtilizationHistoryChartMenuView(
+            provider: provider,
+            histories: histories,
+            snapshot: snapshot,
+            width: width)
+        let hosting = UsageHistoryMenuHostingView(rootView: chartView)
+        let controller = NSHostingController(rootView: chartView)
+        let size = controller.sizeThatFits(in: CGSize(width: width, height: .greatestFiniteMagnitude))
+        hosting.frame = NSRect(origin: .zero, size: NSSize(width: width, height: size.height))
+
+        let chartItem = NSMenuItem()
+        chartItem.view = hosting
+        chartItem.isEnabled = true
+        chartItem.representedObject = Self.usageHistoryChartID
+        submenu.addItem(chartItem)
+        return true
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController+ZaiHourlyChartMenu.swift b/Sources/CodexBar/StatusItemController+ZaiHourlyChartMenu.swift
new file mode 100644
index 000000000..3751e1c61
--- /dev/null
+++ b/Sources/CodexBar/StatusItemController+ZaiHourlyChartMenu.swift
@@ -0,0 +1,33 @@
+import AppKit
+import CodexBarCore
+import SwiftUI
+
+extension StatusItemController {
+    static let zaiHourlyUsageChartID = "zaiHourlyUsageChart"
+
+    @discardableResult
+    func addZaiHourlyUsageMenuItemIfNeeded(to menu: NSMenu, provider: UsageProvider, width: CGFloat) -> Bool {
+        guard provider == .zai else { return false }
+        guard let snapshot = self.store.snapshot(for: provider),
+              snapshot.zaiUsage?.modelUsage != nil
+        else { return false }
+        let submenu = self.makeHostedSubviewPlaceholderMenu(chartID: Self.zaiHourlyUsageChartID, provider: provider)
+        let item = self.makeMenuCardItem(
+            HStack(spacing: 0) {
+                Text(L("Hourly Usage"))
+                    .font(.system(size: NSFont.menuFont(ofSize: 0).pointSize))
+                    .lineLimit(1)
+                    .frame(maxWidth: .infinity, alignment: .leading)
+                    .padding(.leading, 14)
+                    .padding(.trailing, 28)
+                    .padding(.vertical, 8)
+            },
+            id: "zaiHourlyUsageSubmenu",
+            width: width,
+            submenu: submenu,
+            submenuIndicatorAlignment: .trailing,
+            submenuIndicatorTopPadding: 0)
+        menu.addItem(item)
+        return true
+    }
+}
diff --git a/Sources/CodexBar/StatusItemController.swift b/Sources/CodexBar/StatusItemController.swift
index 9471254c2..d3acd360c 100644
--- a/Sources/CodexBar/StatusItemController.swift
+++ b/Sources/CodexBar/StatusItemController.swift
@@ -2,38 +2,100 @@ import AppKit
 import CodexBarCore
 import Observation
 import QuartzCore
-import SwiftUI
 
 // MARK: - Status item controller (AppKit-hosted icons, SwiftUI popovers)
 
 @MainActor
 protocol StatusItemControlling: AnyObject {
     func openMenuFromShortcut()
+    func runLoginFlowFromSettings(provider: UsageProvider) async
+    func celebrationOriginPoint(for provider: UsageProvider?) -> CGPoint?
+    func prepareForAppShutdown()
+}
+
+extension StatusItemControlling {
+    func celebrationOriginPoint(for provider: UsageProvider?) -> CGPoint? {
+        nil
+    }
+
+    func prepareForAppShutdown() {}
 }
 
 @MainActor
 final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControlling {
     // Disable SwiftUI menu cards + menu refresh work in tests to avoid swiftpm-testing-helper crashes.
     static var menuCardRenderingEnabled = !SettingsStore.isRunningTests
-    static var menuRefreshEnabled = !SettingsStore.isRunningTests
-    typealias Factory = (UsageStore, SettingsStore, AccountInfo, UpdaterProviding, PreferencesSelection)
+    private static let defaultMenuRefreshEnabled = !SettingsStore.isRunningTests
+    private(set) static var menuRefreshEnabled = !SettingsStore.isRunningTests
+    static let quotaWarningFlashDuration: TimeInterval = 60
+    private nonisolated static let statusItemAccessibilityTitle = "CodexBar"
+    private nonisolated static let statusItemAccessibilityIdentifierPrefix = "CodexBar.StatusItem"
+
+    private enum StatusItemIdentity {
+        case merged
+        case provider(UsageProvider)
+
+        var accessibilityIdentifier: String {
+            switch self {
+            case .merged:
+                StatusItemController.statusItemAccessibilityIdentifierPrefix
+            case let .provider(provider):
+                "\(StatusItemController.statusItemAccessibilityIdentifierPrefix).\(provider.rawValue)"
+            }
+        }
+    }
+
+    #if DEBUG
+    static func setMenuRefreshEnabledForTesting(_ enabled: Bool) {
+        self.menuRefreshEnabled = enabled
+    }
+
+    static func resetMenuRefreshEnabledForTesting() {
+        self.menuRefreshEnabled = self.defaultMenuRefreshEnabled
+    }
+    #endif
+    typealias Factory =
+        @MainActor (
+            UsageStore,
+            SettingsStore,
+            AccountInfo,
+            UpdaterProviding,
+            PreferencesSelection,
+            ManagedCodexAccountCoordinator,
+            CodexAccountPromotionCoordinator)
+        -> StatusItemControlling
+    // swiftlint:disable:next function_parameter_count
+    static func makeDefaultController(
+        store: UsageStore,
+        settings: SettingsStore,
+        account: AccountInfo,
+        updater: UpdaterProviding,
+        selection: PreferencesSelection,
+        managedCodexAccountCoordinator: ManagedCodexAccountCoordinator,
+        codexAccountPromotionCoordinator: CodexAccountPromotionCoordinator)
         -> StatusItemControlling
-    static let defaultFactory: Factory = { store, settings, account, updater, selection in
+    {
         StatusItemController(
             store: store,
             settings: settings,
             account: account,
             updater: updater,
-            preferencesSelection: selection)
+            preferencesSelection: selection,
+            managedCodexAccountCoordinator: managedCodexAccountCoordinator,
+            codexAccountPromotionCoordinator: codexAccountPromotionCoordinator)
     }
 
+    static let defaultFactory: Factory = StatusItemController.makeDefaultController
+
     static var factory: Factory = StatusItemController.defaultFactory
 
     let store: UsageStore
     let settings: SettingsStore
     let account: AccountInfo
     let updater: UpdaterProviding
-    private let statusBar: NSStatusBar
+    let managedCodexAccountCoordinator: ManagedCodexAccountCoordinator
+    let codexAccountPromotionCoordinator: CodexAccountPromotionCoordinator
+    let statusBar: NSStatusBar
     var statusItem: NSStatusItem
     var statusItems: [UsageProvider: NSStatusItem] = [:]
     var lastMenuProvider: UsageProvider?
@@ -45,6 +107,22 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
     var fallbackMenu: NSMenu?
     var openMenus: [ObjectIdentifier: NSMenu] = [:]
     var menuRefreshTasks: [ObjectIdentifier: Task<Void, Never>] = [:]
+    var openMenuRebuildTasks: [ObjectIdentifier: Task<Void, Never>] = [:]
+    var openMenuRebuildTokens: [ObjectIdentifier: Int] = [:]
+    var openMenuRebuildTokenCounter = 0
+    var openMenuRebuildsClosingHostedSubviewMenus: Set<ObjectIdentifier> = []
+    var highlightedMenuItems: [ObjectIdentifier: NSMenuItem] = [:]
+    var providerSwitcherShortcutEventMonitor: ProviderSwitcherShortcutEventMonitor?
+    var providerSwitcherShortcutMenuID: ObjectIdentifier?
+    var hasPreparedForAppShutdown = false
+    #if DEBUG
+    var onDelayedMenuRefreshAttemptForTesting: (() -> Void)?
+    var isReleasedForTesting = false
+    var _test_openMenuRefreshYieldOverride: (@MainActor () async -> Void)?
+    var _test_openMenuRebuildObserver: (@MainActor (NSMenu) -> Void)?
+    var _test_codexAmbientLoginRunnerOverride:
+        (@MainActor (TimeInterval) async -> CodexLoginRunner.Result)?
+    #endif
     var blinkTask: Task<Void, Never>?
     var loginTask: Task<Void, Never>? {
         didSet { self.refreshMenusForLoginStateChange() }
@@ -64,6 +142,8 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
     var blinkAmounts: [UsageProvider: CGFloat] = [:]
     var wiggleAmounts: [UsageProvider: CGFloat] = [:]
     var tiltAmounts: [UsageProvider: CGFloat] = [:]
+    var quotaWarningFlashUntil: [UsageProvider: Date] = [:]
+    var quotaWarningFlashTasks: [UsageProvider: Task<Void, Never>] = [:]
     var blinkForceUntil: Date?
     var loginPhase: LoginPhase = .idle {
         didSet {
@@ -77,6 +157,7 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
     var animationDriver: DisplayLinkDriver?
     var animationPhase: Double = 0
     var animationPattern: LoadingPattern = .knightRider
+    var animationStartedAt: Date?
     private var lastConfigRevision: Int
     private var lastProviderOrder: [UsageProvider]
     private var lastMergeIcons: Bool
@@ -88,17 +169,47 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
     /// Tracks whether the merged-menu switcher was built with the Overview tab visible.
     /// Used to force switcher rebuilds when Overview availability toggles.
     var lastSwitcherIncludesOverview: Bool = false
+    /// Tracks localization-sensitive labels used by the merged menu.
+    /// Used to force menu rebuilds when app language changes.
+    var lastMenuLocalizationSignature: String = ""
     /// Tracks which providers the merged menu's switcher was built with, to detect when it needs full rebuild.
     var lastSwitcherProviders: [UsageProvider] = []
     /// Tracks which switcher tab state was used for the current merged-menu switcher instance.
     var lastMergedSwitcherSelection: ProviderSwitcherSelection?
+    /// Tracks the visible Codex account switcher contents for merged-menu smart updates.
+    var lastCodexAccountMenuDisplay: CodexAccountMenuDisplay?
+    /// Tracks the visible token account switcher contents for merged-menu smart updates.
+    var lastTokenAccountMenuDisplay: TokenAccountMenuDisplay?
+    /// Monotonic token used to ignore stale deferred provider-switcher menu rebuilds.
+    var providerSwitcherUpdateToken = 0
+    var lastAppliedMergedIconRenderSignature: String?
+    var lastAppliedProviderIconRenderSignatures: [UsageProvider: String] = [:]
+    var lastObservedStoreIconWorkSignature: String?
+    var iconPerfRefreshCycleMetrics: IconPerfRefreshCycleMetrics?
+    var iconPerfUpdatePassActive = false
+    var lastKnownScreenCount: Int
+    var pendingScreenChangePreviousCount: Int?
+    var screenChangeVisibilityTask: Task<Void, Never>?
     private var appearanceObservation: NSKeyValueObservation?
     let loginLogger = CodexBarLog.logger(LogCategories.login)
+    let menuLogger = CodexBarLog.logger(LogCategories.app)
     var selectedMenuProvider: UsageProvider? {
         get { self.settings.selectedMenuProvider }
         set { self.settings.selectedMenuProvider = newValue }
     }
 
+    private static func makeStatusItem(statusBar: NSStatusBar, identity: StatusItemIdentity) -> NSStatusItem {
+        let item = statusBar.statusItem(withLength: NSStatusItem.variableLength)
+        if let button = item.button {
+            // Ensure the icon is rendered at 1:1 without resampling (crisper edges for template images).
+            button.imageScaling = .scaleNone
+            button.setAccessibilityIdentifier(identity.accessibilityIdentifier)
+            button.setAccessibilityTitle(self.statusItemAccessibilityTitle)
+            button.toolTip = self.statusItemAccessibilityTitle
+        }
+        return item
+    }
+
     struct BlinkState {
         var nextBlink: Date
         var blinkStart: Date?
@@ -123,29 +234,52 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
     }
 
     func menuBarMetricWindow(for provider: UsageProvider, snapshot: UsageSnapshot?) -> RateWindow? {
-        switch self.settings.menuBarMetricPreference(for: provider) {
-        case .primary:
-            return snapshot?.primary ?? snapshot?.secondary
-        case .secondary:
-            return snapshot?.secondary ?? snapshot?.primary
+        if provider == .codex {
+            return self.codexMenuBarMetricWindow(snapshot: snapshot)
+        }
+        return MenuBarMetricWindowResolver.rateWindow(
+            preference: self.settings.menuBarMetricPreference(for: provider, snapshot: snapshot),
+            provider: provider,
+            snapshot: snapshot,
+            supportsAverage: self.settings.menuBarMetricSupportsAverage(for: provider))
+    }
+
+    private func codexMenuBarMetricWindow(snapshot: UsageSnapshot?) -> RateWindow? {
+        guard let snapshot else { return nil }
+        let projection = CodexConsumerProjection.make(
+            surface: .menuBar,
+            context: CodexConsumerProjection.Context(
+                snapshot: snapshot,
+                rawUsageError: nil,
+                liveCredits: self.store.credits,
+                rawCreditsError: self.store.lastCreditsError,
+                liveDashboard: self.store.openAIDashboard,
+                rawDashboardError: self.store.lastOpenAIDashboardError,
+                dashboardAttachmentAuthorized: self.store.openAIDashboardAttachmentAuthorized,
+                dashboardRequiresLogin: self.store.openAIDashboardRequiresLogin,
+                now: snapshot.updatedAt))
+        let lanes = projection.visibleRateLanes
+        let first = lanes.first.flatMap { projection.rateWindow(for: $0) }
+        let second = lanes.dropFirst().first.flatMap { projection.rateWindow(for: $0) }
+        let preference = self.settings.menuBarMetricPreference(for: .codex, snapshot: snapshot)
+
+        switch preference {
+        case .secondary, .tertiary:
+            return second ?? first
+        case .extraUsage:
+            return first
         case .average:
-            guard let primary = snapshot?.primary, let secondary = snapshot?.secondary else {
-                return snapshot?.primary ?? snapshot?.secondary
+            guard self.settings.menuBarMetricSupportsAverage(for: .codex),
+                  let primary = first,
+                  let secondary = second
+            else {
+                return first
             }
             let usedPercent = (primary.usedPercent + secondary.usedPercent) / 2
-            return RateWindow(usedPercent: usedPercent, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
-        case .automatic:
-            if provider == .factory || provider == .kimi {
-                return snapshot?.secondary ?? snapshot?.primary
-            }
-            if provider == .copilot,
-               let primary = snapshot?.primary,
-               let secondary = snapshot?.secondary
-            {
-                // Copilot can expose chat + completions quotas; show the more constrained one by default.
-                return primary.usedPercent >= secondary.usedPercent ? primary : secondary
-            }
-            return snapshot?.primary ?? snapshot?.secondary
+            return RateWindow(
+                usedPercent: usedPercent, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
+        case .automatic, .primary:
+            return first
         }
     }
 
@@ -155,7 +289,11 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
         account: AccountInfo,
         updater: UpdaterProviding,
         preferencesSelection: PreferencesSelection,
-        statusBar: NSStatusBar = .system)
+        managedCodexAccountCoordinator: ManagedCodexAccountCoordinator =
+            ManagedCodexAccountCoordinator(),
+        codexAccountPromotionCoordinator: CodexAccountPromotionCoordinator? = nil,
+        statusBar: NSStatusBar = .system,
+        observeProviderConfigNotifications: Bool = !SettingsStore.isRunningTests)
     {
         if SettingsStore.isRunningTests {
             _ = NSApplication.shared
@@ -165,22 +303,35 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
         self.account = account
         self.updater = updater
         self.preferencesSelection = preferencesSelection
+        self.managedCodexAccountCoordinator = managedCodexAccountCoordinator
+        self.codexAccountPromotionCoordinator =
+            codexAccountPromotionCoordinator
+                ?? CodexAccountPromotionCoordinator(
+                    settingsStore: settings,
+                    usageStore: store,
+                    managedAccountCoordinator: managedCodexAccountCoordinator)
         self.lastConfigRevision = settings.configRevision
         self.lastProviderOrder = settings.providerOrder
         self.lastMergeIcons = settings.mergeIcons
         self.lastSwitcherShowsIcons = settings.switcherShowsIcons
         self.lastObservedUsageBarsShowUsed = settings.usageBarsShowUsed
         self.lastSwitcherUsageBarsShowUsed = settings.usageBarsShowUsed
+        let repairedStatusItemVisibilityKeys = MenuBarStatusItemDefaultsRepair
+            .repairHiddenVisibilityDefaultsIfNeeded(defaults: settings.userDefaults)
         self.statusBar = statusBar
-        let item = statusBar.statusItem(withLength: NSStatusItem.variableLength)
-        // Ensure the icon is rendered at 1:1 without resampling (crisper edges for template images).
-        item.button?.imageScaling = .scaleNone
-        self.statusItem = item
+        self.statusItem = Self.makeStatusItem(statusBar: statusBar, identity: .merged)
+        self.lastKnownScreenCount = NSScreen.screens.count
         // Status items for individual providers are now created lazily in updateVisibility()
         super.init()
+        if !repairedStatusItemVisibilityKeys.isEmpty {
+            self.menuLogger.info(
+                "Repaired hidden macOS status-item visibility defaults",
+                metadata: ["keys": repairedStatusItemVisibilityKeys.joined(separator: ",")])
+        }
         self.wireBindings()
-        self.updateIcons()
         self.updateVisibility()
+        self.updateIcons()
+        self.scheduleStartupStatusItemVisibilityCheck()
         NotificationCenter.default.addObserver(
             self,
             selector: #selector(self.handleDebugReplayNotification(_:)),
@@ -193,8 +344,20 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
             object: nil)
         NotificationCenter.default.addObserver(
             self,
-            selector: #selector(self.handleProviderConfigDidChange),
-            name: .codexbarProviderConfigDidChange,
+            selector: #selector(self.handleQuotaWarningPosted(_:)),
+            name: .codexbarQuotaWarningDidPost,
+            object: nil)
+        if observeProviderConfigNotifications {
+            NotificationCenter.default.addObserver(
+                self,
+                selector: #selector(self.handleProviderConfigDidChange),
+                name: .codexbarProviderConfigDidChange,
+                object: nil)
+        }
+        NotificationCenter.default.addObserver(
+            self,
+            selector: #selector(self.handleScreenParametersDidChange(_:)),
+            name: NSApplication.didChangeScreenParametersNotification,
             object: nil)
 
         // On macOS 26+, usage colors are baked into non-template images. Re-render when the system
@@ -206,11 +369,35 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
         }
     }
 
+    convenience init(
+        store: UsageStore,
+        settings: SettingsStore,
+        account: AccountInfo,
+        updater: UpdaterProviding,
+        preferencesSelection: PreferencesSelection,
+        statusBar: NSStatusBar = .system,
+        observeProviderConfigNotifications: Bool = !SettingsStore.isRunningTests)
+    {
+        self.init(
+            store: store,
+            settings: settings,
+            account: account,
+            updater: updater,
+            preferencesSelection: preferencesSelection,
+            managedCodexAccountCoordinator: ManagedCodexAccountCoordinator(),
+            codexAccountPromotionCoordinator: nil,
+            statusBar: statusBar,
+            observeProviderConfigNotifications: observeProviderConfigNotifications)
+    }
+
     private func wireBindings() {
         self.observeStoreChanges()
+        self.observeStoreIconChanges()
+        self.observeIconPerfRefreshCycleChanges()
         self.observeDebugForceAnimation()
         self.observeSettingsChanges()
         self.observeUpdaterChanges()
+        self.observeManagedCodexCoordinatorChanges()
     }
 
     private func observeStoreChanges() {
@@ -221,12 +408,70 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
                 guard let self else { return }
                 self.observeStoreChanges()
                 self.invalidateMenus()
+            }
+        }
+    }
+
+    private func observeStoreIconChanges() {
+        withObservationTracking {
+            _ = self.store.iconObservationToken
+        } onChange: { [weak self] in
+            Task { @MainActor [weak self] in
+                guard let self else { return }
+                self.observeStoreIconChanges()
+                let signature = self.storeIconObservationSignature()
+                guard signature != self.lastObservedStoreIconWorkSignature else { return }
+                self.lastObservedStoreIconWorkSignature = signature
                 self.updateIcons()
-                self.updateBlinkingState()
             }
         }
     }
 
+    func storeIconObservationSignature() -> String {
+        let showBrandPercent = self.settings.menuBarShowsBrandIconWithPercent
+        let mergeIcons = self.shouldMergeIcons
+        let needsAnimation = self.needsMenuBarIconAnimation()
+        let providerSignatures = UsageProvider.allCases.map {
+            self.providerStoreIconObservationSignature(for: $0, showBrandPercent: showBrandPercent)
+        }.joined(separator: "||")
+        let visibleProviders = self.store.enabledProvidersForDisplay().map(\.rawValue).sorted().joined(separator: ",")
+        return [
+            "merge=\(mergeIcons ? "1" : "0")",
+            "visible=\(visibleProviders)",
+            "iconStyle=\(String(describing: self.store.iconStyle))",
+            "brandPercent=\(showBrandPercent ? "1" : "0")",
+            "needsAnimation=\(needsAnimation ? "1" : "0")",
+            providerSignatures,
+        ].joined(separator: "|")
+    }
+
+    private func providerStoreIconObservationSignature(for provider: UsageProvider, showBrandPercent: Bool) -> String {
+        let snapshot = self.store.snapshot(for: provider)
+        let stale = self.store.isStale(provider: provider)
+        let status = self.store.statusIndicator(for: provider).rawValue
+        let isVisibleForAnimation = self.shouldMergeIcons ? self.isEnabled(provider) : self.isVisible(provider)
+        let isAnimating = isVisibleForAnimation && !stale && snapshot == nil
+        let isRefreshingWarpPlaceholder = self.store.refreshingProviders.contains(provider)
+        let creditsRemaining = provider == .codex
+            ? self.store.codexMenuBarCreditsRemaining(
+                snapshotOverride: snapshot,
+                now: snapshot?.updatedAt ?? Date())
+            : nil
+        let displayText = showBrandPercent ? self.menuBarDisplayText(for: provider, snapshot: snapshot) : nil
+
+        return [
+            provider.rawValue,
+            "style=\(String(describing: self.store.style(for: provider)))",
+            "snapshot=\(String(describing: snapshot))",
+            "stale=\(stale ? "1" : "0")",
+            "status=\(status)",
+            "anim=\(isAnimating ? "1" : "0")",
+            "refreshing=\(isRefreshingWarpPlaceholder ? "1" : "0")",
+            "credits=\(String(describing: creditsRemaining))",
+            "text=\(displayText ?? "nil")",
+        ].joined(separator: "|")
+    }
+
     private func observeDebugForceAnimation() {
         withObservationTracking {
             _ = self.store.debugForceAnimation
@@ -257,6 +502,9 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
     }
 
     @objc private func handleProviderConfigDidChange(_ notification: Notification) {
+        #if DEBUG
+        guard !self.isReleasedForTesting else { return }
+        #endif
         let reason = notification.userInfo?["reason"] as? String ?? "unknown"
         if let source = notification.object as? SettingsStore,
            source !== self.settings
@@ -270,6 +518,31 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
         self.handleProviderConfigChange(reason: "notification:\(reason)")
     }
 
+    @objc private func handleQuotaWarningPosted(_ notification: Notification) {
+        guard let event = notification.object as? QuotaWarningPostedEvent else { return }
+        self.startQuotaWarningFlash(provider: event.provider, postedAt: event.postedAt)
+    }
+
+    func startQuotaWarningFlash(provider: UsageProvider, postedAt: Date = Date()) {
+        let until = postedAt.addingTimeInterval(Self.quotaWarningFlashDuration)
+        self.quotaWarningFlashUntil[provider] = until
+        self.quotaWarningFlashTasks[provider]?.cancel()
+        self.updateIcons()
+        self.quotaWarningFlashTasks[provider] = Task { [weak self] in
+            try? await Task.sleep(for: .seconds(Self.quotaWarningFlashDuration))
+            await MainActor.run { [weak self] in
+                guard let self else { return }
+                if let currentUntil = self.quotaWarningFlashUntil[provider],
+                   currentUntil <= Date()
+                {
+                    self.quotaWarningFlashUntil.removeValue(forKey: provider)
+                    self.quotaWarningFlashTasks.removeValue(forKey: provider)
+                    self.updateIcons()
+                }
+            }
+        }
+    }
+
     private func observeUpdaterChanges() {
         withObservationTracking {
             _ = self.updater.updateStatus.isUpdateReady
@@ -282,13 +555,43 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
         }
     }
 
-    private func invalidateMenus() {
+    private func observeManagedCodexCoordinatorChanges() {
+        withObservationTracking {
+            _ = self.managedCodexAccountCoordinator.isAuthenticatingManagedAccount
+            _ = self.managedCodexAccountCoordinator.authenticatingManagedAccountID
+            _ = self.managedCodexAccountCoordinator.isRemovingManagedAccount
+            _ = self.managedCodexAccountCoordinator.removingManagedAccountID
+            _ = self.codexAccountPromotionCoordinator.isAuthenticatingLiveAccount
+            _ = self.codexAccountPromotionCoordinator.isPromotingSystemAccount
+        } onChange: { [weak self] in
+            Task { @MainActor [weak self] in
+                guard let self else { return }
+                self.observeManagedCodexCoordinatorChanges()
+                self.refreshMenusForLoginStateChange()
+            }
+        }
+    }
+
+    func invalidateMenus(refreshOpenMenus: Bool = false) {
+        #if DEBUG
+        guard !self.isReleasedForTesting else { return }
+        #endif
         self.menuContentVersion &+= 1
-        // Don't refresh menus while they're open - wait until they close and reopen
-        // This prevents expensive rebuilds while user is navigating the menu
-        guard self.openMenus.isEmpty else { return }
+        guard Self.menuRefreshEnabled else { return }
+        if !self.openMenus.isEmpty {
+            guard refreshOpenMenus else { return }
+            self.refreshOpenMenusAllowingParentRebuild()
+            Task { @MainActor [weak self] in
+                guard let self else { return }
+                // AppKit can ignore menu mutations while tracking; retry on the next run loop.
+                await Task.yield()
+                self.refreshOpenMenusAllowingParentRebuild()
+            }
+            return
+        }
         self.refreshOpenMenusIfNeeded()
-        Task { @MainActor in
+        Task { @MainActor [weak self] in
+            guard let self else { return }
             // AppKit can ignore menu mutations while tracking; retry on the next run loop.
             await Task.yield()
             guard self.openMenus.isEmpty else { return }
@@ -323,10 +626,16 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
             self.lastObservedUsageBarsShowUsed = usageBarsShowUsed
             shouldRefresh = true
         }
+        if self.menuLocalizationSignature() != self.lastMenuLocalizationSignature {
+            shouldRefresh = true
+        }
         return shouldRefresh
     }
 
     private func handleSettingsChange(reason: String) {
+        #if DEBUG
+        guard !self.isReleasedForTesting else { return }
+        #endif
         let configChanged = self.settings.configRevision != self.lastConfigRevision
         let orderChanged = self.settings.providerOrder != self.lastProviderOrder
         let shouldRefreshOpenMenus = self.shouldRefreshOpenMenusForProviderSwitcher()
@@ -337,16 +646,33 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
         self.updateVisibility()
         self.updateIcons()
         if shouldRefreshOpenMenus {
-            self.refreshOpenMenusIfNeeded()
+            self.refreshOpenMenusForStructureChange()
         }
     }
 
     private func updateIcons() {
+        #if DEBUG
+        guard !self.isReleasedForTesting else { return }
+        #endif
+        self.lastObservedStoreIconWorkSignature = self.storeIconObservationSignature()
+        self.beginIconPerfUpdatePass()
+        defer { self.endIconPerfUpdatePass() }
         // Avoid flicker: when an animation driver is active, store updates can call `updateIcons()` and
         // briefly overwrite the animated frame with the static (phase=nil) icon.
         let phase: Double? = self.needsMenuBarIconAnimation() ? self.animationPhase : nil
         if self.shouldMergeIcons {
-            self.applyIcon(phase: phase)
+            let skippedMergedRender = self.applyIcon(phase: phase)
+            if skippedMergedRender,
+               let mergedMenu = self.mergedMenu,
+               self.statusItem.menu === mergedMenu
+            {
+                return
+            }
+            guard !self.isMergedMenuOpen else {
+                self.updateAnimationState()
+                self.updateBlinkingState()
+                return
+            }
             self.attachMenus()
         } else {
             UsageProvider.allCases.forEach { self.applyIcon(for: $0, phase: phase) }
@@ -356,38 +682,61 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
         self.updateBlinkingState()
     }
 
+    var isMergedMenuOpen: Bool {
+        guard let mergedMenu else { return false }
+        return self.openMenus[ObjectIdentifier(mergedMenu)] != nil
+    }
+
     /// Lazily retrieves or creates a status item for the given provider
     func lazyStatusItem(for provider: UsageProvider) -> NSStatusItem {
         if let existing = self.statusItems[provider] {
             return existing
         }
-        let item = self.statusBar.statusItem(withLength: NSStatusItem.variableLength)
-        item.button?.imageScaling = .scaleNone
+        let item = Self.makeStatusItem(statusBar: self.statusBar, identity: .provider(provider))
         self.statusItems[provider] = item
         return item
     }
 
+    func recreateStatusItemsForVisibilityRecovery() {
+        #if DEBUG
+        guard !self.isReleasedForTesting else { return }
+        #endif
+        self.statusItem.menu = nil
+        self.statusBar.removeStatusItem(self.statusItem)
+        self.statusItem = Self.makeStatusItem(statusBar: self.statusBar, identity: .merged)
+        for provider in Array(self.statusItems.keys) {
+            self.removeProviderStatusItem(for: provider)
+        }
+        self.lastAppliedMergedIconRenderSignature = nil
+        self.lastAppliedProviderIconRenderSignatures.removeAll()
+        self.updateVisibility()
+        self.updateIcons()
+    }
+
     private func updateVisibility() {
-        let anyEnabled = !self.store.enabledProviders().isEmpty
+        #if DEBUG
+        guard !self.isReleasedForTesting else { return }
+        #endif
+        let anyEnabled = !self.store.enabledProvidersForDisplay().isEmpty
         let force = self.store.debugForceAnimation
         let mergeIcons = self.shouldMergeIcons
         if mergeIcons {
             self.statusItem.isVisible = anyEnabled || force
-            for item in self.statusItems.values {
-                item.isVisible = false
+            for provider in Array(self.statusItems.keys) {
+                self.removeProviderStatusItem(for: provider)
             }
             self.attachMenus()
         } else {
             self.statusItem.isVisible = false
             let fallback = self.fallbackProvider
-            for provider in UsageProvider.allCases {
+            for provider in self.settings.orderedProviders() {
                 let isEnabled = self.isEnabled(provider)
                 let shouldBeVisible = isEnabled || fallback == provider || force
                 if shouldBeVisible {
                     let item = self.lazyStatusItem(for: provider)
                     item.isVisible = true
-                } else if let item = self.statusItems[provider] {
-                    item.isVisible = false
+                } else {
+                    self.removeProviderStatusItem(for: provider)
                 }
             }
             self.attachMenus(fallback: fallback)
@@ -397,6 +746,8 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
     }
 
     var fallbackProvider: UsageProvider? {
+        // Intentionally uses availability-filtered list: fallback activates when no provider
+        // can actually work, ensuring at least a codex icon is always visible.
         self.store.enabledProviders().isEmpty ? .codex : nil
     }
 
@@ -405,8 +756,12 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
     }
 
     private func refreshMenusForLoginStateChange() {
+        #if DEBUG
+        guard !self.isReleasedForTesting else { return }
+        #endif
         self.invalidateMenus()
         if self.shouldMergeIcons {
+            guard !self.isMergedMenuOpen else { return }
             self.attachMenus()
         } else {
             self.attachMenus(fallback: self.fallbackProvider)
@@ -447,37 +802,60 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
                     }
                 }
             } else if let item = self.statusItems[provider] {
-                // Item exists but is no longer needed - clear its menu
-                if item.menu != nil {
-                    item.menu = nil
-                }
+                item.menu = nil
             }
         }
     }
 
     private func rebuildProviderStatusItems() {
-        for item in self.statusItems.values {
-            self.statusBar.removeStatusItem(item)
+        #if DEBUG
+        guard !self.isReleasedForTesting else { return }
+        #endif
+        let ordered = self.settings.orderedProviders()
+        let desired = Set(ordered)
+        for provider in Array(self.statusItems.keys) where !desired.contains(provider) {
+            self.removeProviderStatusItem(for: provider)
         }
-        self.statusItems.removeAll(keepingCapacity: true)
 
-        for provider in self.settings.orderedProviders() {
-            let item = self.statusBar.statusItem(withLength: NSStatusItem.variableLength)
-            item.button?.imageScaling = .scaleNone
-            self.statusItems[provider] = item
+        guard !self.shouldMergeIcons else { return }
+        let fallback = self.fallbackProvider
+        let force = self.store.debugForceAnimation
+        for provider in ordered where self.isEnabled(provider) || fallback == provider || force {
+            _ = self.lazyStatusItem(for: provider)
         }
     }
 
+    private func removeProviderStatusItem(for provider: UsageProvider) {
+        if let menu = self.providerMenus.removeValue(forKey: provider) {
+            let menuID = ObjectIdentifier(menu)
+            self.menuProviders.removeValue(forKey: menuID)
+            self.menuVersions.removeValue(forKey: menuID)
+            self.openMenus.removeValue(forKey: menuID)
+            self.menuRefreshTasks.removeValue(forKey: menuID)?.cancel()
+            self.openMenuRebuildTasks.removeValue(forKey: menuID)?.cancel()
+            self.openMenuRebuildTokens.removeValue(forKey: menuID)
+            self.openMenuRebuildsClosingHostedSubviewMenus.remove(menuID)
+            self.highlightedMenuItems.removeValue(forKey: menuID)
+        }
+
+        guard let item = self.statusItems.removeValue(forKey: provider) else { return }
+        item.menu = nil
+        self.lastAppliedProviderIconRenderSignatures.removeValue(forKey: provider)
+        self.statusBar.removeStatusItem(item)
+    }
+
     func isVisible(_ provider: UsageProvider) -> Bool {
-        self.store.debugForceAnimation || self.isEnabled(provider) || self.fallbackProvider == provider
+        self.store.debugForceAnimation || self.isEnabled(provider)
+            || self.fallbackProvider == provider
     }
 
     var shouldMergeIcons: Bool {
-        self.settings.mergeIcons && self.store.enabledProviders().count > 1
+        self.settings.mergeIcons && self.store.enabledProvidersForDisplay().count > 1
     }
 
     func switchAccountSubtitle(for target: UsageProvider) -> String? {
-        guard self.loginTask != nil, let provider = self.activeLoginProvider, provider == target else { return nil }
+        guard self.loginTask != nil, let provider = self.activeLoginProvider, provider == target
+        else { return nil }
         let base: String
         switch self.loginPhase {
         case .idle: return nil
@@ -489,8 +867,31 @@ final class StatusItemController: NSObject, NSMenuDelegate, StatusItemControllin
     }
 
     deinit {
+        let animationDriver = self.animationDriver
+        Task { @MainActor in
+            animationDriver?.stop()
+        }
         self.blinkTask?.cancel()
         self.loginTask?.cancel()
+        self.screenChangeVisibilityTask?.cancel()
+        self.pendingScreenChangePreviousCount = nil
         NotificationCenter.default.removeObserver(self)
     }
 }
+
+extension StatusItemController {
+    func refreshExistingStatusItemsForVisibilityRecovery() {
+        #if DEBUG
+        guard !self.isReleasedForTesting else { return }
+        #endif
+        let visibleItems = ([self.statusItem] + Array(self.statusItems.values)).filter(\.isVisible)
+        for item in visibleItems {
+            item.isVisible = false
+        }
+        for item in visibleItems {
+            item.isVisible = true
+        }
+        self.updateVisibility()
+        self.updateIcons()
+    }
+}
diff --git a/Sources/CodexBar/StatusItemMenu.swift b/Sources/CodexBar/StatusItemMenu.swift
new file mode 100644
index 000000000..be8a7b0d7
--- /dev/null
+++ b/Sources/CodexBar/StatusItemMenu.swift
@@ -0,0 +1,93 @@
+import AppKit
+
+enum StatusItemMenuProviderNavigationDirection {
+    case previous
+    case next
+}
+
+protocol StatusItemMenuPersistentActionDelegate: AnyObject {
+    func performPersistentRefreshAction()
+    func performPersistentSettingsAction()
+    func performPersistentQuitAction()
+    func performProviderNavigation(_ direction: StatusItemMenuProviderNavigationDirection)
+}
+
+final class StatusItemMenu: NSMenu {
+    weak var persistentActionDelegate: StatusItemMenuPersistentActionDelegate?
+
+    override func performKeyEquivalent(with event: NSEvent) -> Bool {
+        if let action = Self.persistentAction(for: event) {
+            switch action {
+            case .refresh:
+                self.persistentActionDelegate?.performPersistentRefreshAction()
+            case .settings:
+                self.persistentActionDelegate?.performPersistentSettingsAction()
+            case .quit:
+                self.persistentActionDelegate?.performPersistentQuitAction()
+            }
+            return true
+        }
+        if let direction = Self.providerNavigationDirection(for: event),
+           self.items.first?.view is ProviderSwitcherView
+        {
+            self.persistentActionDelegate?.performProviderNavigation(direction)
+            return true
+        }
+
+        return super.performKeyEquivalent(with: event)
+    }
+
+    private enum PersistentAction {
+        case refresh
+        case settings
+        case quit
+    }
+
+    private nonisolated static func persistentAction(for event: NSEvent) -> PersistentAction? {
+        guard event.type == .keyDown else { return nil }
+
+        let relevantModifiers = event.modifierFlags.intersection([.command, .option, .control, .shift])
+        guard relevantModifiers == .command else { return nil }
+
+        switch event.charactersIgnoringModifiers?.lowercased() {
+        case "r":
+            return .refresh
+        case ",":
+            return .settings
+        case "q":
+            return .quit
+        default:
+            return nil
+        }
+    }
+
+    nonisolated static func providerNavigationDirection(
+        for event: NSEvent) -> StatusItemMenuProviderNavigationDirection?
+    {
+        guard event.type == .keyDown else { return nil }
+        let relevantModifiers = event.modifierFlags.intersection([.command, .option, .control, .shift])
+        guard relevantModifiers.isEmpty else { return nil }
+        switch event.keyCode {
+        case 123:
+            return .previous
+        case 124:
+            return .next
+        default:
+            return nil
+        }
+    }
+
+    nonisolated static func providerSelectionIndex(for event: NSEvent) -> Int? {
+        guard event.type == .keyDown else { return nil }
+        let relevantModifiers = event.modifierFlags.intersection([.command, .option, .control, .shift])
+        guard relevantModifiers == .command,
+              let characters = event.charactersIgnoringModifiers,
+              characters.count == 1,
+              let number = Int(characters),
+              (1...9).contains(number)
+        else {
+            return nil
+        }
+        return number - 1
+    }
+}
diff --git a/Sources/CodexBar/StorageBreakdownMenuView.swift b/Sources/CodexBar/StorageBreakdownMenuView.swift
new file mode 100644
index 000000000..276a5365c
--- /dev/null
+++ b/Sources/CodexBar/StorageBreakdownMenuView.swift
@@ -0,0 +1,222 @@
+import AppKit
+import CodexBarCore
+import SwiftUI
+
+struct StorageMenuCardSectionView: View {
+    let storageText: String
+    let topPadding: CGFloat
+    let bottomPadding: CGFloat
+    let width: CGFloat
+
+    var body: some View {
+        VStack(alignment: .leading, spacing: 6) {
+            Text(L("Storage"))
+                .font(.body)
+                .fontWeight(.medium)
+            Text(self.storageText)
+                .font(.caption)
+        }
+        .padding(.horizontal, 16)
+        .padding(.top, self.topPadding)
+        .padding(.bottom, self.bottomPadding)
+        .frame(width: self.width, alignment: .leading)
+    }
+}
+
+struct StorageBreakdownMenuView: View {
+    let footprint: ProviderStorageFootprint
+    let width: CGFloat
+    let maxHeight: CGFloat
+
+    init(footprint: ProviderStorageFootprint, width: CGFloat, maxHeight: CGFloat = 560) {
+        self.footprint = footprint
+        self.width = width
+        self.maxHeight = maxHeight
+    }
+
+    var cleanupRecommendations: [ProviderStorageRecommendation] {
+        self.footprint.cleanupRecommendations
+    }
+
+    var copyablePaths: [String] {
+        let recommendationPaths = self.cleanupRecommendations.map(\.path)
+        return self.visibleComponents.map(\.path) + recommendationPaths
+    }
+
+    private var visibleComponents: [ProviderStorageFootprint.Component] {
+        Array(self.footprint.components.prefix(8))
+    }
+
+    private var maxBytes: Int64 {
+        max(self.visibleComponents.map(\.totalBytes).max() ?? 0, 1)
+    }
+
+    var body: some View {
+        ScrollView(.vertical) {
+            self.content
+        }
+        .scrollIndicators(.visible)
+        .frame(
+            minWidth: self.width,
+            idealWidth: self.width,
+            maxWidth: self.width,
+            maxHeight: self.maxHeight,
+            alignment: .topLeading)
+    }
+
+    private var content: some View {
+        VStack(alignment: .leading, spacing: 10) {
+            VStack(alignment: .leading, spacing: 3) {
+                Text(L("Storage"))
+                    .font(.body)
+                    .fontWeight(.medium)
+                Text(String(format: L("Total: %@"), UsageFormatter.byteCountString(self.footprint.totalBytes)))
+                    .font(.caption)
+                    .foregroundStyle(.secondary)
+            }
+
+            if self.visibleComponents.isEmpty {
+                Text(L("No local data found"))
+                    .font(.footnote)
+                    .foregroundStyle(.secondary)
+            } else {
+                VStack(alignment: .leading, spacing: 8) {
+                    ForEach(self.visibleComponents) { component in
+                        self.componentRow(component)
+                    }
+                }
+            }
+
+            if self.footprint.components.count > self.visibleComponents.count {
+                Text(String(format: L("%d more items"), self.footprint.components.count - self.visibleComponents.count))
+                    .font(.caption)
+                    .foregroundStyle(.secondary)
+            }
+            if !self.cleanupRecommendations.isEmpty {
+                Divider()
+                    .padding(.vertical, 2)
+                VStack(alignment: .leading, spacing: 8) {
+                    Text(L("Cleanup ideas"))
+                        .font(.body)
+                        .fontWeight(.medium)
+                    ForEach(self.cleanupRecommendations) { recommendation in
+                        self.recommendationRow(recommendation)
+                    }
+                }
+            }
+            if !self.footprint.unreadablePaths.isEmpty {
+                Text(String(format: L("%d unreadable item(s) skipped"), self.footprint.unreadablePaths.count))
+                    .font(.caption)
+                    .foregroundStyle(.secondary)
+            }
+        }
+        .padding(.horizontal, 16)
+        .padding(.vertical, 10)
+        .frame(width: self.width, alignment: .leading)
+    }
+
+    private func componentRow(_ component: ProviderStorageFootprint.Component) -> some View {
+        let fraction = CGFloat(max(0, min(1, Double(component.totalBytes) / Double(self.maxBytes))))
+        return VStack(alignment: .leading, spacing: 4) {
+            HStack(alignment: .firstTextBaseline) {
+                Text(component.path)
+                    .font(.caption)
+                    .lineLimit(1)
+                    .truncationMode(.middle)
+                    .help(component.path)
+                    .layoutPriority(1)
+                Spacer()
+                StoragePathCopyButton(path: component.path)
+                Text(UsageFormatter.byteCountString(component.totalBytes))
+                    .font(.caption)
+                    .foregroundStyle(.secondary)
+                    .lineLimit(1)
+            }
+            GeometryReader { proxy in
+                ZStack(alignment: .leading) {
+                    Capsule()
+                        .fill(Color(nsColor: .quaternaryLabelColor))
+                    Capsule()
+                        .fill(self.providerColor)
+                        .frame(width: max(2, proxy.size.width * fraction))
+                }
+            }
+            .frame(height: 5)
+        }
+    }
+
+    private func recommendationRow(_ recommendation: ProviderStorageRecommendation) -> some View {
+        VStack(alignment: .leading, spacing: 3) {
+            HStack(alignment: .firstTextBaseline) {
+                Text(L(recommendation.title))
+                    .font(.caption)
+                    .fontWeight(.medium)
+                    .lineLimit(1)
+                Spacer()
+                Text(UsageFormatter.byteCountString(recommendation.bytes))
+                    .font(.caption)
+                    .foregroundStyle(.secondary)
+                    .lineLimit(1)
+            }
+            HStack(spacing: 4) {
+                Text(recommendation.path)
+                    .font(.caption)
+                    .foregroundStyle(.secondary)
+                    .lineLimit(1)
+                    .truncationMode(.middle)
+                    .help(recommendation.path)
+                    .layoutPriority(1)
+                Spacer()
+                StoragePathCopyButton(path: recommendation.path)
+            }
+            Text(L(recommendation.consequence))
+                .font(.caption)
+                .foregroundStyle(.secondary)
+                .lineLimit(3)
+                .fixedSize(horizontal: false, vertical: true)
+        }
+    }
+
+    private var providerColor: Color {
+        let color = ProviderDescriptorRegistry.descriptor(for: self.footprint.provider).branding.color
+        return Color(red: color.red, green: color.green, blue: color.blue)
+    }
+}
+
+struct StoragePathCopyButton: View {
+    let path: String
+
+    @State private var didCopy = false
+    @State private var resetTask: Task<Void, Never>?
+
+    var body: some View {
+        Button {
+            Self.copyToPasteboard(self.path)
+            withAnimation(.easeOut(duration: 0.12)) {
+                self.didCopy = true
+            }
+            self.resetTask?.cancel()
+            self.resetTask = Task { @MainActor in
+                try? await Task.sleep(for: .seconds(0.9))
+                withAnimation(.easeOut(duration: 0.2)) {
+                    self.didCopy = false
+                }
+            }
+        } label: {
+            Image(systemName: self.didCopy ? "checkmark" : "doc.on.doc")
+                .font(.caption2.weight(.semibold))
+                .foregroundStyle(.secondary)
+                .frame(width: 18, height: 18)
+                .contentShape(Rectangle())
+        }
+        .buttonStyle(.plain)
+        .help(self.didCopy ? L("Copied") : L("Copy path"))
+        .accessibilityLabel(self.didCopy ? L("Copied") : L("Copy path"))
+    }
+
+    static func copyToPasteboard(_ path: String) {
+        let pasteboard = NSPasteboard.general
+        pasteboard.clearContents()
+        pasteboard.setString(path, forType: .string)
+    }
+}
diff --git a/Sources/CodexBar/UpdateChannel.swift b/Sources/CodexBar/UpdateChannel.swift
index d2b0a74df..aabf87bc6 100644
--- a/Sources/CodexBar/UpdateChannel.swift
+++ b/Sources/CodexBar/UpdateChannel.swift
@@ -1,6 +1,6 @@
 import Foundation
 
-enum UpdateChannel: String, CaseIterable, Codable, Sendable {
+enum UpdateChannel: String, CaseIterable, Codable {
     case stable
     case beta
 
diff --git a/Sources/CodexBar/UsageBreakdownChartMenuView.swift b/Sources/CodexBar/UsageBreakdownChartMenuView.swift
index ee0ccaa65..0b1ca524d 100644
--- a/Sources/CodexBar/UsageBreakdownChartMenuView.swift
+++ b/Sources/CodexBar/UsageBreakdownChartMenuView.swift
@@ -31,23 +31,24 @@ struct UsageBreakdownChartMenuView: View {
         let model = Self.makeModel(from: self.breakdown)
         VStack(alignment: .leading, spacing: 10) {
             if model.points.isEmpty {
-                Text("No usage breakdown data.")
+                Text(L("No usage breakdown data."))
                     .font(.footnote)
                     .foregroundStyle(.secondary)
+                    .accessibilityLabel(L("No usage breakdown data available."))
             } else {
                 Chart {
                     ForEach(model.points) { point in
                         BarMark(
-                            x: .value("Day", point.date, unit: .day),
-                            y: .value("Credits used", point.creditsUsed))
-                            .foregroundStyle(by: .value("Service", point.service))
+                            x: .value(L("Day"), point.date, unit: .day),
+                            y: .value(L("Credits used"), point.creditsUsed))
+                            .foregroundStyle(by: .value(L("Service"), point.service))
                     }
                     if let peak = model.peakPoint {
                         let capStart = max(peak.creditsUsed - Self.capHeight(maxValue: model.maxCreditsUsed), 0)
                         BarMark(
-                            x: .value("Day", peak.date, unit: .day),
-                            yStart: .value("Cap start", capStart),
-                            yEnd: .value("Cap end", peak.creditsUsed))
+                            x: .value(L("Day"), peak.date, unit: .day),
+                            yStart: .value(L("Cap start"), capStart),
+                            yEnd: .value(L("Cap end"), peak.creditsUsed))
                             .foregroundStyle(Color(nsColor: .systemYellow))
                     }
                 }
@@ -64,6 +65,14 @@ struct UsageBreakdownChartMenuView: View {
                 }
                 .chartLegend(.hidden)
                 .frame(height: 130)
+                .accessibilityLabel(L("Usage breakdown chart"))
+                .accessibilityValue(
+                    model.points.isEmpty
+                        ? L("No data")
+                        : String(
+                            format: L("%d days of usage data across %d services"),
+                            model.points.count,
+                            model.services.count))
                 .chartOverlay { proxy in
                     GeometryReader { geo in
                         ZStack(alignment: .topLeading) {
@@ -146,7 +155,7 @@ struct UsageBreakdownChartMenuView: View {
     private static let selectionBandColor = Color(nsColor: .labelColor).opacity(0.1)
 
     private static func makeModel(from breakdown: [OpenAIDashboardDailyBreakdown]) -> Model {
-        let sorted = breakdown
+        let sorted = OpenAIDashboardDailyBreakdown.removingSkillUsageServices(from: breakdown)
             .sorted { lhs, rhs in lhs.day < rhs.day }
 
         var points: [Point] = []
@@ -362,7 +371,7 @@ struct UsageBreakdownChartMenuView: View {
               let day = model.breakdownByDayKey[key],
               let date = Self.dateFromDayKey(key)
         else {
-            return ("Hover a bar for details", nil)
+            return (L("Hover a bar for details"), nil)
         }
 
         let dayLabel = date.formatted(.dateTime.month(.abbreviated).day())
diff --git a/Sources/CodexBar/UsageMenuCardHeaderAndUsageSectionView.swift b/Sources/CodexBar/UsageMenuCardHeaderAndUsageSectionView.swift
new file mode 100644
index 000000000..66a9edf27
--- /dev/null
+++ b/Sources/CodexBar/UsageMenuCardHeaderAndUsageSectionView.swift
@@ -0,0 +1,22 @@
+import SwiftUI
+
+struct UsageMenuCardHeaderAndUsageSectionView: View {
+    let model: UsageMenuCardView.Model
+    let bottomPadding: CGFloat
+    let width: CGFloat
+
+    var body: some View {
+        VStack(alignment: .leading, spacing: 0) {
+            UsageMenuCardHeaderSectionView(
+                model: self.model,
+                showDivider: true,
+                width: self.width)
+            UsageMenuCardUsageSectionView(
+                model: self.model,
+                showBottomDivider: false,
+                bottomPadding: self.bottomPadding,
+                width: self.width)
+        }
+        .frame(width: self.width, alignment: .leading)
+    }
+}
diff --git a/Sources/CodexBar/UsagePaceText.swift b/Sources/CodexBar/UsagePaceText.swift
index fea9d637c..fb5af32d7 100644
--- a/Sources/CodexBar/UsagePaceText.swift
+++ b/Sources/CodexBar/UsagePaceText.swift
@@ -2,27 +2,30 @@ import CodexBarCore
 import Foundation
 
 enum UsagePaceText {
-    private static let minimumExpectedPercent: Double = 3
-
-    struct WeeklyDetail: Sendable {
+    struct WeeklyDetail {
         let leftLabel: String
         let rightLabel: String?
         let expectedUsedPercent: Double
         let stage: UsagePace.Stage
     }
 
+    private enum DetailContext {
+        case session
+        case weekly
+    }
+
     static func weeklySummary(pace: UsagePace, now: Date = .init()) -> String {
         let detail = self.weeklyDetail(pace: pace, now: now)
         if let rightLabel = detail.rightLabel {
-            return "Pace: \(detail.leftLabel) · \(rightLabel)"
+            return L("Pace: %@ · %@", detail.leftLabel, rightLabel)
         }
-        return "Pace: \(detail.leftLabel)"
+        return L("Pace: %@", detail.leftLabel)
     }
 
     static func weeklyDetail(pace: UsagePace, now: Date = .init()) -> WeeklyDetail {
         WeeklyDetail(
             leftLabel: self.detailLeftLabel(for: pace),
-            rightLabel: self.detailRightLabel(for: pace, now: now),
+            rightLabel: self.detailRightLabel(for: pace, context: .weekly, now: now),
             expectedUsedPercent: pace.expectedUsedPercent,
             stage: pace.stage)
     }
@@ -31,30 +34,34 @@ enum UsagePaceText {
         let deltaValue = Int(abs(pace.deltaPercent).rounded())
         switch pace.stage {
         case .onTrack:
-            return "On pace"
+            return L("On pace")
         case .slightlyAhead, .ahead, .farAhead:
-            return "\(deltaValue)% in deficit"
+            return L("%d%% in deficit", deltaValue)
         case .slightlyBehind, .behind, .farBehind:
-            return "\(deltaValue)% in reserve"
+            return L("%d%% in reserve", deltaValue)
         }
     }
 
-    private static func detailRightLabel(for pace: UsagePace, now: Date) -> String? {
+    private static func detailRightLabel(for pace: UsagePace, context: DetailContext, now: Date) -> String? {
         let etaLabel: String?
         if pace.willLastToReset {
-            etaLabel = "Lasts until reset"
+            etaLabel = L("Lasts until reset")
         } else if let etaSeconds = pace.etaSeconds {
             let etaText = Self.durationText(seconds: etaSeconds, now: now)
-            etaLabel = etaText == "now" ? "Runs out now" : "Runs out in \(etaText)"
+            if context == .session {
+                etaLabel = etaText == "now" ? L("Projected empty now") : L("Projected empty in %@", etaText)
+            } else {
+                etaLabel = etaText == "now" ? L("Runs out now") : L("Runs out in %@", etaText)
+            }
         } else {
             etaLabel = nil
         }
 
         guard let runOutProbability = pace.runOutProbability else { return etaLabel }
         let roundedRisk = self.roundedRiskPercent(runOutProbability)
-        let riskLabel = "≈ \(roundedRisk)% run-out risk"
+        let riskLabel = L("≈ %d%% run-out risk", roundedRisk)
         if let etaLabel {
-            return "\(etaLabel) · \(riskLabel)"
+            return L("%@ · %@", etaLabel, riskLabel)
         }
         return riskLabel
     }
@@ -74,14 +81,19 @@ enum UsagePaceText {
     }
 
     static func sessionPace(provider: UsageProvider, window: RateWindow, now: Date) -> UsagePace? {
-        self.pace(provider: provider, window: window, now: now, defaultWindowMinutes: 300)
+        guard provider == .codex || provider == .claude || provider == .ollama else { return nil }
+        if provider == .ollama, window.windowMinutes == nil { return nil }
+        guard window.remainingPercent > 0 else { return nil }
+        guard let pace = UsagePace.weekly(window: window, now: now, defaultWindowMinutes: 300) else { return nil }
+        guard pace.expectedUsedPercent >= 3 else { return nil }
+        return pace
     }
 
     static func sessionDetail(provider: UsageProvider, window: RateWindow, now: Date = .init()) -> WeeklyDetail? {
         guard let pace = sessionPace(provider: provider, window: window, now: now) else { return nil }
         return WeeklyDetail(
             leftLabel: Self.detailLeftLabel(for: pace),
-            rightLabel: Self.detailRightLabel(for: pace, now: now),
+            rightLabel: Self.detailRightLabel(for: pace, context: .session, now: now),
             expectedUsedPercent: pace.expectedUsedPercent,
             stage: pace.stage)
     }
@@ -89,27 +101,8 @@ enum UsagePaceText {
     static func sessionSummary(provider: UsageProvider, window: RateWindow, now: Date = .init()) -> String? {
         guard let detail = sessionDetail(provider: provider, window: window, now: now) else { return nil }
         if let rightLabel = detail.rightLabel {
-            return "Pace: \(detail.leftLabel) · \(rightLabel)"
-        }
-        return "Pace: \(detail.leftLabel)"
-    }
-
-    static func weeklyPace(provider: UsageProvider, window: RateWindow, now: Date) -> UsagePace? {
-        self.pace(provider: provider, window: window, now: now, defaultWindowMinutes: 10080)
-    }
-
-    private static func pace(
-        provider: UsageProvider,
-        window: RateWindow,
-        now: Date,
-        defaultWindowMinutes: Int) -> UsagePace?
-    {
-        guard provider == .codex || provider == .claude else { return nil }
-        guard window.remainingPercent > 0 else { return nil }
-        guard let pace = UsagePace.weekly(window: window, now: now, defaultWindowMinutes: defaultWindowMinutes) else {
-            return nil
+            return L("Pace: %@ · %@", detail.leftLabel, rightLabel)
         }
-        guard pace.expectedUsedPercent >= Self.minimumExpectedPercent else { return nil }
-        return pace
+        return L("Pace: %@", detail.leftLabel)
     }
 }
diff --git a/Sources/CodexBar/UsageProgressBar.swift b/Sources/CodexBar/UsageProgressBar.swift
index 28b467b86..63bdc6826 100644
--- a/Sources/CodexBar/UsageProgressBar.swift
+++ b/Sources/CodexBar/UsageProgressBar.swift
@@ -17,6 +17,7 @@ struct UsageProgressBar: View {
     let accessibilityLabel: String
     let pacePercent: Double?
     let paceOnTop: Bool
+    let warningMarkerPercents: [Double]
     @Environment(\.menuItemHighlighted) private var isHighlighted
     @Environment(\.displayScale) private var displayScale
 
@@ -25,13 +26,15 @@ struct UsageProgressBar: View {
         tint: Color,
         accessibilityLabel: String,
         pacePercent: Double? = nil,
-        paceOnTop: Bool = true)
+        paceOnTop: Bool = true,
+        warningMarkerPercents: [Double] = [])
     {
         self.percent = percent
         self.tint = tint
         self.accessibilityLabel = accessibilityLabel
         self.pacePercent = pacePercent
         self.paceOnTop = paceOnTop
+        self.warningMarkerPercents = warningMarkerPercents
     }
 
     private var clamped: Double {
@@ -39,81 +42,83 @@ struct UsageProgressBar: View {
     }
 
     var body: some View {
-        GeometryReader { proxy in
+        // Draw the entire progress bar — track, fill, and pace-tip punch-out — in a single Canvas.
+        // A single Canvas uses Core Graphics internally and avoids the SwiftUI compositing modifiers
+        // (.compositingGroup, .blendMode) that trigger Metal/RenderBox shader compilation on macOS 26.x,
+        // which caused the status item icon to disappear (issue #805).
+        Canvas { context, size in
             let scale = max(self.displayScale, 1)
-            let fillWidth = proxy.size.width * self.clamped / 100
-            let paceWidth = proxy.size.width * Self.clampedPercent(self.pacePercent) / 100
-            let tipWidth = max(25, proxy.size.height * 6.5)
+            let fillWidth = size.width * self.clamped / 100
+            let paceWidth = size.width * Self.clampedPercent(self.pacePercent) / 100
+            let tipWidth = max(25, size.height * 6.5)
             let stripeInset = 1 / scale
             let tipOffset = paceWidth - tipWidth + (Self.paceStripeSpan(for: scale) / 2) + stripeInset
             let showTip = self.pacePercent != nil && tipWidth > 0.5
-            let needsPunchCompositing = showTip
-            let bar = ZStack(alignment: .leading) {
-                Capsule()
-                    .fill(MenuHighlightStyle.progressTrack(self.isHighlighted))
-                self.actualBar(width: fillWidth)
-                if showTip {
-                    self.paceTip(width: tipWidth)
-                        .offset(x: tipOffset)
-                }
-            }
-            .clipped()
-            if self.isHighlighted {
-                bar
-                    .compositingGroup()
-                    .drawingGroup()
-            } else if needsPunchCompositing {
-                bar
-                    .compositingGroup()
-            } else {
-                bar
-            }
-        }
-        .frame(height: 6)
-        .accessibilityLabel(self.accessibilityLabel)
-        .accessibilityValue("\(Int(self.clamped)) percent")
-    }
+            let markerPercents = self.warningMarkerPercents
+                .map(Self.clampedPercent)
+                .filter { $0 > 0 && $0 < 100 }
 
-    private func actualBar(width: CGFloat) -> some View {
-        Capsule()
-            .fill(MenuHighlightStyle.progressTint(self.isHighlighted, fallback: self.tint))
-            .frame(width: width)
-            .contentShape(Rectangle())
-            .allowsHitTesting(false)
-    }
-
-    private func paceTip(width: CGFloat) -> some View {
-        let isDeficit = self.paceOnTop == false
-        let useDeficitRed = isDeficit && self.isHighlighted == false
-        return GeometryReader { proxy in
-            let size = proxy.size
+            let cornerRadius = size.height / 2
+            let cornerSize = CGSize(width: cornerRadius, height: cornerRadius)
             let rect = CGRect(origin: .zero, size: size)
-            let scale = max(self.displayScale, 1)
-            let stripes = Self.paceStripePaths(size: size, scale: scale)
-            let stripeColor: Color = if self.isHighlighted {
-                .white
-            } else if useDeficitRed {
-                .red
-            } else {
-                .green
+
+            context.clip(to: Path(rect))
+
+            // Track
+            let trackPath = Path { p in p.addRoundedRect(in: rect, cornerSize: cornerSize) }
+            context.fill(trackPath, with: .color(MenuHighlightStyle.progressTrack(self.isHighlighted)))
+
+            // Fill
+            if fillWidth > 0 {
+                let fillRect = CGRect(x: 0, y: 0, width: min(fillWidth, size.width), height: size.height)
+                let fillPath = Path { p in p.addRoundedRect(in: fillRect, cornerSize: cornerSize) }
+                context.fill(
+                    fillPath,
+                    with: .color(MenuHighlightStyle.progressTint(self.isHighlighted, fallback: self.tint)))
             }
 
-            ZStack {
-                Canvas { context, _ in
-                    context.clip(to: Path(rect))
-                    context.fill(stripes.punched, with: .color(.white.opacity(0.9)))
+            if !markerPercents.isEmpty {
+                let markerColor = Self.warningMarkerColor(isHighlighted: self.isHighlighted)
+                for markerPercent in markerPercents {
+                    let x = size.width * markerPercent / 100
+                    let markerRect = Self.warningMarkerRect(x: x, size: size, scale: scale)
+                    let markerPath = Path { p in
+                        p.addRoundedRect(
+                            in: markerRect,
+                            cornerSize: CGSize(width: markerRect.width / 2, height: markerRect.width / 2))
+                    }
+                    context.fill(markerPath, with: .color(markerColor))
                 }
-                .blendMode(.destinationOut)
+            }
 
-                Canvas { context, _ in
-                    context.clip(to: Path(rect))
-                    context.fill(stripes.center, with: .color(stripeColor))
+            // Pace tip: punch-out + center stripe drawn within the canvas context using Core Graphics
+            // blend modes so no SwiftUI compositing modifier (.blendMode, .compositingGroup) is needed.
+            if showTip {
+                let isDeficit = self.paceOnTop == false
+                let useDeficitRed = isDeficit && self.isHighlighted == false
+                let stripeColor: Color = if self.isHighlighted {
+                    .white
+                } else if useDeficitRed {
+                    .red
+                } else {
+                    .green
                 }
+
+                let tipSize = CGSize(width: tipWidth, height: size.height)
+                let stripes = Self.paceStripePaths(size: tipSize, scale: scale)
+                let shift = CGAffineTransform(translationX: tipOffset, y: 0)
+
+                // Punch out of the accumulated track+fill pixels.
+                context.blendMode = .destinationOut
+                context.fill(stripes.punched.applying(shift), with: .color(.white.opacity(0.9)))
+                context.blendMode = .normal
+
+                context.fill(stripes.center.applying(shift), with: .color(stripeColor))
             }
         }
-        .frame(width: width)
-        .contentShape(Rectangle())
-        .allowsHitTesting(false)
+        .frame(height: 6)
+        .accessibilityLabel(self.accessibilityLabel)
+        .accessibilityValue("\(Int(self.clamped)) percent")
     }
 
     private static func paceStripePaths(size: CGSize, scale: CGFloat) -> (punched: Path, center: Path) {
@@ -164,6 +169,25 @@ struct UsageProgressBar: View {
         return (punchedStripe, centerStripe)
     }
 
+    nonisolated static func warningMarkerRect(x: CGFloat, size: CGSize, scale rawScale: CGFloat) -> CGRect {
+        let scale = max(rawScale, 1)
+        let width = max(1 / scale, 1)
+        let height = min(size.height, max(1 / scale, size.height * 0.55))
+        let align: (CGFloat) -> CGFloat = { value in
+            (value * scale).rounded() / scale
+        }
+
+        return CGRect(
+            x: align(x - width / 2),
+            y: align((size.height - height) / 2),
+            width: width,
+            height: align(height))
+    }
+
+    nonisolated static func warningMarkerColor(isHighlighted: Bool) -> Color {
+        isHighlighted ? .white.opacity(0.72) : .primary.opacity(0.32)
+    }
+
     private static func clampedPercent(_ value: Double?) -> Double {
         guard let value else { return 0 }
         return min(100, max(0, value))
diff --git a/Sources/CodexBar/UsageStore+Accessors.swift b/Sources/CodexBar/UsageStore+Accessors.swift
index 98d77c6d8..4224e8d72 100644
--- a/Sources/CodexBar/UsageStore+Accessors.swift
+++ b/Sources/CodexBar/UsageStore+Accessors.swift
@@ -14,6 +14,18 @@ extension UsageStore {
         self.errors[.codex]
     }
 
+    var userFacingLastCodexError: String? {
+        self.userFacingError(for: .codex)
+    }
+
+    var userFacingLastCreditsError: String? {
+        CodexUIErrorMapper.userFacingMessage(self.lastCreditsError)
+    }
+
+    var userFacingLastOpenAIDashboardError: String? {
+        CodexUIErrorMapper.userFacingMessage(self.lastOpenAIDashboardError)
+    }
+
     var lastClaudeError: String? {
         self.errors[.claude]
     }
@@ -22,6 +34,45 @@ extension UsageStore {
         self.errors[provider]
     }
 
+    func userFacingError(for provider: UsageProvider) -> String? {
+        if let raw = self.errors[provider] {
+            guard provider == .codex else { return raw }
+            return CodexUIErrorMapper.userFacingMessage(raw)
+        }
+        return self.unavailableMessage(for: provider)
+    }
+
+    func unavailableMessage(for provider: UsageProvider) -> String? {
+        guard self.enabledProvidersForDisplay().contains(provider),
+              !self.isProviderAvailable(provider)
+        else {
+            return nil
+        }
+
+        switch provider {
+        case .synthetic:
+            return SyntheticSettingsError.missingToken.errorDescription
+        case .zai:
+            return ZaiSettingsError.missingToken.errorDescription
+        case .openrouter:
+            return OpenRouterSettingsError.missingToken.errorDescription
+        case .azureopenai:
+            return AzureOpenAISettingsError.missingAPIKey.errorDescription
+        case .elevenlabs:
+            return ElevenLabsUsageError.missingCredentials.errorDescription
+        case .deepseek:
+            return DeepSeekUsageError.missingCredentials.errorDescription
+        case .perplexity:
+            return PerplexityAPIError.missingToken.errorDescription
+        case .minimax:
+            return MiniMaxAPISettingsError.missingToken.errorDescription
+        case .kimi:
+            return KimiAPIError.missingToken.errorDescription
+        default:
+            return "\(self.metadata(for: provider).displayName) is unavailable in the current environment."
+        }
+    }
+
     func status(for provider: UsageProvider) -> ProviderStatus? {
         guard self.statusChecksEnabled else { return nil }
         return self.statuses[provider]
@@ -31,7 +82,16 @@ extension UsageStore {
         self.status(for: provider)?.indicator ?? .none
     }
 
-    func accountInfo() -> AccountInfo {
-        self.codexFetcher.loadAccountInfo()
+    func accountInfo(for provider: UsageProvider) -> AccountInfo {
+        guard provider == .codex else {
+            return self.codexFetcher.loadAccountInfo()
+        }
+        let env = ProviderRegistry.makeEnvironment(
+            base: self.environmentBase,
+            provider: .codex,
+            settings: self.settings,
+            tokenOverride: nil)
+        let fetcher = ProviderRegistry.makeFetcher(base: self.codexFetcher, provider: .codex, env: env)
+        return fetcher.loadAccountInfo()
     }
 }
diff --git a/Sources/CodexBar/UsageStore+BackgroundRefresh.swift b/Sources/CodexBar/UsageStore+BackgroundRefresh.swift
new file mode 100644
index 000000000..b892b0b5a
--- /dev/null
+++ b/Sources/CodexBar/UsageStore+BackgroundRefresh.swift
@@ -0,0 +1,38 @@
+import CodexBarCore
+import Foundation
+
+@MainActor
+extension UsageStore {
+    private func clearProviderState(_ provider: UsageProvider) {
+        self.refreshingProviders.remove(provider)
+        self.snapshots.removeValue(forKey: provider)
+        self.errors[provider] = nil
+        self.lastSourceLabels.removeValue(forKey: provider)
+        self.lastFetchAttempts.removeValue(forKey: provider)
+        self.accountSnapshots.removeValue(forKey: provider)
+        self.tokenSnapshots.removeValue(forKey: provider)
+        self.tokenErrors[provider] = nil
+        self.providerStorageFootprints.removeValue(forKey: provider)
+        self.failureGates[provider]?.reset()
+        self.tokenFailureGates[provider]?.reset()
+        self.statuses.removeValue(forKey: provider)
+        self.lastKnownSessionRemaining.removeValue(forKey: provider)
+        self.lastKnownSessionWindowSource.removeValue(forKey: provider)
+        self.lastTokenFetchAt.removeValue(forKey: provider)
+    }
+
+    func clearDisabledProviderState(enabledProviders: Set<UsageProvider>) {
+        for provider in UsageProvider.allCases where !enabledProviders.contains(provider) {
+            self.clearProviderState(provider)
+        }
+    }
+
+    func clearUnavailableProviderState(
+        displayEnabledProviders: Set<UsageProvider>,
+        availableProviders: Set<UsageProvider>)
+    {
+        for provider in displayEnabledProviders where !availableProviders.contains(provider) {
+            self.clearProviderState(provider)
+        }
+    }
+}
diff --git a/Sources/CodexBar/UsageStore+ClaudeDebug.swift b/Sources/CodexBar/UsageStore+ClaudeDebug.swift
new file mode 100644
index 000000000..f836953fa
--- /dev/null
+++ b/Sources/CodexBar/UsageStore+ClaudeDebug.swift
@@ -0,0 +1,174 @@
+import CodexBarCore
+import Foundation
+import SweetCookieKit
+
+@MainActor
+extension UsageStore {
+    func debugClaudeDump() async -> String {
+        await ClaudeStatusProbe.latestDumps()
+    }
+}
+
+extension UsageStore {
+    struct ClaudeDebugLogConfiguration {
+        let runtime: CodexBarCore.ProviderRuntime
+        let sourceMode: ProviderSourceMode
+        let environment: [String: String]
+        let webExtrasEnabled: Bool
+        let usageDataSource: ClaudeUsageDataSource
+        let cookieSource: ProviderCookieSource
+        let cookieHeader: String
+        let keepCLISessionsAlive: Bool
+    }
+
+    static func debugClaudeLog(
+        browserDetection: BrowserDetection,
+        configuration: ClaudeDebugLogConfiguration) async -> String
+    {
+        struct OAuthDebugProbe: Sendable {
+            let hasCredentials: Bool
+            let ownerRawValue: String
+            let sourceRawValue: String
+            let isExpired: Bool
+        }
+
+        return await runWithTimeout(seconds: 15) {
+            var lines: [String] = []
+            let manualHeader = configuration.cookieSource == .manual
+                ? CookieHeaderNormalizer.normalize(configuration.cookieHeader)
+                : nil
+            let hasKey = if configuration.cookieSource == .off {
+                false
+            } else if let manualHeader {
+                ClaudeWebAPIFetcher.hasSessionKey(cookieHeader: manualHeader)
+            } else {
+                ClaudeWebAPIFetcher.hasSessionKey(browserDetection: browserDetection) { msg in lines.append(msg) }
+            }
+            let oauthProbe = await withTaskGroup(of: OAuthDebugProbe.self) { group in
+                // Preserve task-local test overrides while keeping the keychain read off the calling task.
+                group.addTask(priority: .utility) {
+                    let oauthRecord = try? ClaudeOAuthCredentialsStore.loadRecord(
+                        environment: configuration.environment,
+                        allowKeychainPrompt: false,
+                        respectKeychainPromptCooldown: true,
+                        allowClaudeKeychainRepairWithoutPrompt: false)
+                    return OAuthDebugProbe(
+                        hasCredentials: oauthRecord?.credentials.scopes.contains("user:profile") == true,
+                        ownerRawValue: oauthRecord?.owner.rawValue ?? "none",
+                        sourceRawValue: oauthRecord?.source.rawValue ?? "none",
+                        isExpired: oauthRecord?.credentials.isExpired ?? false)
+                }
+                return await group.next() ?? OAuthDebugProbe(
+                    hasCredentials: false,
+                    ownerRawValue: "none",
+                    sourceRawValue: "none",
+                    isExpired: false)
+            }
+            let hasOAuthCredentials = ClaudeOAuthPlanningAvailability.isAvailable(
+                runtime: configuration.runtime,
+                sourceMode: configuration.sourceMode,
+                environment: configuration.environment)
+            let hasClaudeBinary = ClaudeCLIResolver.isAvailable(environment: configuration.environment)
+            let delegatedCooldownSeconds = ClaudeOAuthDelegatedRefreshCoordinator.cooldownRemainingSeconds()
+            let planningInput = ClaudeSourcePlanningInput(
+                runtime: configuration.runtime,
+                selectedDataSource: configuration.usageDataSource,
+                webExtrasEnabled: configuration.webExtrasEnabled,
+                hasWebSession: hasKey,
+                hasCLI: hasClaudeBinary,
+                hasOAuthCredentials: hasOAuthCredentials)
+            let plan = ClaudeSourcePlanner.resolve(input: planningInput)
+            let strategy = plan.compatibilityStrategy
+
+            lines.append(contentsOf: plan.debugLines())
+            lines.append("hasSessionKey=\(hasKey)")
+            lines.append("hasOAuthCredentials=\(hasOAuthCredentials)")
+            lines.append("oauthCredentialOwner=\(oauthProbe.ownerRawValue)")
+            lines.append("oauthCredentialSource=\(oauthProbe.sourceRawValue)")
+            lines.append("oauthCredentialExpired=\(oauthProbe.isExpired)")
+            lines.append("delegatedRefreshCLIAvailable=\(hasClaudeBinary)")
+            lines.append("delegatedRefreshCooldownActive=\(delegatedCooldownSeconds != nil)")
+            if let delegatedCooldownSeconds {
+                lines.append("delegatedRefreshCooldownSeconds=\(delegatedCooldownSeconds)")
+            }
+            lines.append("hasClaudeBinary=\(hasClaudeBinary)")
+            if strategy?.useWebExtras == true {
+                lines.append("web_extras=enabled")
+            }
+            lines.append("")
+
+            guard let strategy else {
+                lines.append("No planner-selected Claude source.")
+                return lines.joined(separator: "\n")
+            }
+
+            switch strategy.dataSource {
+            case .auto:
+                lines.append("Auto source selected.")
+                return lines.joined(separator: "\n")
+            case .api:
+                let hasAdminKey = ProviderTokenResolver.claudeAdminAPIToken(
+                    environment: configuration.environment) != nil
+                lines.append("Admin API source selected.")
+                lines.append("hasAdminAPIKey=\(hasAdminKey)")
+                return lines.joined(separator: "\n")
+            case .web:
+                do {
+                    let web: ClaudeWebAPIFetcher.WebUsageData =
+                        if let manualHeader {
+                            try await ClaudeWebAPIFetcher.fetchUsage(cookieHeader: manualHeader) { msg in
+                                lines.append(msg)
+                            }
+                        } else {
+                            try await ClaudeWebAPIFetcher.fetchUsage(browserDetection: browserDetection) { msg in
+                                lines.append(msg)
+                            }
+                        }
+                    lines.append("")
+                    lines.append("Web API summary:")
+
+                    let sessionReset = web.sessionResetsAt?.description ?? "nil"
+                    lines.append("session_used=\(web.sessionPercentUsed)% resetsAt=\(sessionReset)")
+
+                    if let weekly = web.weeklyPercentUsed {
+                        let weeklyReset = web.weeklyResetsAt?.description ?? "nil"
+                        lines.append("weekly_used=\(weekly)% resetsAt=\(weeklyReset)")
+                    } else {
+                        lines.append("weekly_used=nil")
+                    }
+
+                    lines.append("opus_used=\(web.opusPercentUsed?.description ?? "nil")")
+
+                    if let extra = web.extraUsageCost {
+                        let resetsAt = extra.resetsAt?.description ?? "nil"
+                        let period = extra.period ?? "nil"
+                        let line =
+                            "extra_usage used=\(extra.used) limit=\(extra.limit) " +
+                            "currency=\(extra.currencyCode) period=\(period) resetsAt=\(resetsAt)"
+                        lines.append(line)
+                    } else {
+                        lines.append("extra_usage=nil")
+                    }
+
+                    return lines.joined(separator: "\n")
+                } catch {
+                    lines.append("Web API failed: \(error.localizedDescription)")
+                    return lines.joined(separator: "\n")
+                }
+            case .cli:
+                let fetcher = ClaudeUsageFetcher(
+                    browserDetection: browserDetection,
+                    environment: configuration.environment,
+                    runtime: configuration.runtime,
+                    dataSource: configuration.usageDataSource,
+                    keepCLISessionsAlive: configuration.keepCLISessionsAlive)
+                let cli = await fetcher.debugRawProbe(model: "sonnet")
+                lines.append(cli)
+                return lines.joined(separator: "\n")
+            case .oauth:
+                lines.append("OAuth source selected.")
+                return lines.joined(separator: "\n")
+            }
+        }
+    }
+}
diff --git a/Sources/CodexBar/UsageStore+HighestUsage.swift b/Sources/CodexBar/UsageStore+HighestUsage.swift
index 2a46df393..9a2d730e3 100644
--- a/Sources/CodexBar/UsageStore+HighestUsage.swift
+++ b/Sources/CodexBar/UsageStore+HighestUsage.swift
@@ -26,30 +26,11 @@ extension UsageStore {
     }
 
     private func menuBarMetricWindowForHighestUsage(provider: UsageProvider, snapshot: UsageSnapshot) -> RateWindow? {
-        switch self.settings.menuBarMetricPreference(for: provider) {
-        case .primary:
-            return snapshot.primary ?? snapshot.secondary
-        case .secondary:
-            return snapshot.secondary ?? snapshot.primary
-        case .average:
-            guard let primary = snapshot.primary, let secondary = snapshot.secondary else {
-                return snapshot.primary ?? snapshot.secondary
-            }
-            let usedPercent = (primary.usedPercent + secondary.usedPercent) / 2
-            return RateWindow(usedPercent: usedPercent, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
-        case .automatic:
-            if provider == .factory || provider == .kimi {
-                return snapshot.secondary ?? snapshot.primary
-            }
-            if provider == .copilot,
-               let primary = snapshot.primary,
-               let secondary = snapshot.secondary
-            {
-                // Copilot can expose chat + completions quotas; rank by the more constrained one.
-                return primary.usedPercent >= secondary.usedPercent ? primary : secondary
-            }
-            return snapshot.primary ?? snapshot.secondary
-        }
+        MenuBarMetricWindowResolver.rateWindow(
+            preference: self.settings.menuBarMetricPreference(for: provider, snapshot: snapshot),
+            provider: provider,
+            snapshot: snapshot,
+            supportsAverage: self.settings.menuBarMetricSupportsAverage(for: provider))
     }
 
     private func shouldExcludeFromHighestUsage(
@@ -58,15 +39,27 @@ extension UsageStore {
         metricPercent: Double)
         -> Bool
     {
+        let effectivePreference = self.settings.menuBarMetricPreference(for: provider, snapshot: snapshot)
         guard metricPercent >= 100 else { return false }
         if provider == .copilot,
-           self.settings.menuBarMetricPreference(for: provider) == .automatic,
+           effectivePreference == .automatic,
            let primary = snapshot.primary,
            let secondary = snapshot.secondary
         {
             // In automatic mode Copilot can have one depleted lane while another still has quota.
             return primary.usedPercent >= 100 && secondary.usedPercent >= 100
         }
+        if provider == .cursor,
+           effectivePreference == .automatic
+        {
+            let percents = [
+                snapshot.primary?.usedPercent,
+                snapshot.secondary?.usedPercent,
+                snapshot.tertiary?.usedPercent,
+            ].compactMap(\.self)
+            guard !percents.isEmpty else { return true }
+            return percents.allSatisfy { $0 >= 100 }
+        }
         return true
     }
 }
diff --git a/Sources/CodexBar/UsageStore+HistoricalPace.swift b/Sources/CodexBar/UsageStore+HistoricalPace.swift
index e228025f3..c8443008b 100644
--- a/Sources/CodexBar/UsageStore+HistoricalPace.swift
+++ b/Sources/CodexBar/UsageStore+HistoricalPace.swift
@@ -1,5 +1,4 @@
 import CodexBarCore
-import CryptoKit
 import Foundation
 
 @MainActor
@@ -8,11 +7,13 @@ extension UsageStore {
     private static let backfillMaxTimestampMismatch: TimeInterval = 5 * 60
 
     func weeklyPace(provider: UsageProvider, window: RateWindow, now: Date = .init()) -> UsagePace? {
-        guard provider == .codex || provider == .claude else { return nil }
         guard window.remainingPercent > 0 else { return nil }
         let resolved: UsagePace?
+        // Codex can refine pace with historical samples because its dashboard exposes enough weekly history to build
+        // an account-scoped usage curve. Other providers should not need a hard-coded allowlist: if their RateWindow
+        // includes a reset time and window duration, the generic linear pace calculation is already defensible.
         if provider == .codex, self.settings.historicalTrackingEnabled {
-            let codexAccountKey = self.codexHistoricalAccountKey()
+            let codexAccountKey = self.codexOwnershipContext().canonicalKey
             if self.codexHistoricalDatasetAccountKey == codexAccountKey,
                let historical = CodexHistoricalPaceEvaluator.evaluate(
                    window: window,
@@ -24,6 +25,10 @@ extension UsageStore {
                 resolved = UsagePace.weekly(window: window, now: now, defaultWindowMinutes: 10080)
             }
         } else {
+            // Generic providers must carry an explicit window duration. Using the 10080-minute fallback for
+            // windows without windowMinutes would fabricate a weekly pace for non-weekly windows
+            // (e.g. Factory monthly with only resetsAt).
+            guard window.windowMinutes != nil else { return nil }
             resolved = UsagePace.weekly(window: window, now: now, defaultWindowMinutes: 10080)
         }
 
@@ -34,18 +39,27 @@ extension UsageStore {
 
     func recordCodexHistoricalSampleIfNeeded(snapshot: UsageSnapshot) {
         guard self.settings.historicalTrackingEnabled else { return }
-        guard let weekly = snapshot.secondary else { return }
+        let projection = self.codexConsumerProjection(
+            surface: .liveCard,
+            snapshotOverride: snapshot,
+            now: snapshot.updatedAt)
+        guard let weekly = projection.rateWindow(for: .weekly) else { return }
 
         let sampledAt = snapshot.updatedAt
-        let accountKey = self.codexHistoricalAccountKey(preferredEmail: snapshot.accountEmail(for: .codex))
+        let ownership = self.codexOwnershipContext(preferredEmail: snapshot.accountEmail(for: .codex))
         let historyStore = self.historicalUsageHistoryStore
         Task.detached(priority: .utility) { [weak self] in
-            let dataset = await historyStore.recordCodexWeekly(
+            _ = await historyStore.recordCodexWeekly(
                 window: weekly,
                 sampledAt: sampledAt,
-                accountKey: accountKey)
+                accountKey: ownership.canonicalKey)
+            let dataset = await historyStore.loadCodexDataset(
+                canonicalAccountKey: ownership.canonicalKey,
+                canonicalEmailHashKey: ownership.canonicalEmailHashKey,
+                legacyEmailHash: ownership.historicalLegacyEmailHash,
+                hasAdjacentMultiAccountVeto: ownership.hasAdjacentMultiAccountVeto)
             await MainActor.run { [weak self] in
-                self?.setCodexHistoricalDataset(dataset, accountKey: accountKey)
+                self?.setCodexHistoricalDataset(dataset, accountKey: ownership.canonicalKey)
             }
         }
     }
@@ -55,28 +69,55 @@ extension UsageStore {
             self.setCodexHistoricalDataset(nil, accountKey: nil)
             return
         }
-        let accountKey = self.codexHistoricalAccountKey(dashboard: self.openAIDashboard)
-        let dataset = await self.historicalUsageHistoryStore.loadCodexDataset(accountKey: accountKey)
-        self.setCodexHistoricalDataset(dataset, accountKey: accountKey)
+        let ownership = self.codexOwnershipContext()
+        let dataset = await self.historicalUsageHistoryStore.loadCodexDataset(
+            canonicalAccountKey: ownership.canonicalKey,
+            canonicalEmailHashKey: ownership.canonicalEmailHashKey,
+            legacyEmailHash: ownership.historicalLegacyEmailHash,
+            hasAdjacentMultiAccountVeto: ownership.hasAdjacentMultiAccountVeto)
+        self.setCodexHistoricalDataset(dataset, accountKey: ownership.canonicalKey)
         if let dashboard = self.openAIDashboard {
-            self.backfillCodexHistoricalFromDashboardIfNeeded(dashboard)
+            let authority = self.evaluateCodexDashboardAuthority(
+                dashboard: dashboard,
+                sourceKind: .liveWeb,
+                routingTargetEmail: self.lastOpenAIDashboardTargetEmail)
+            self.backfillCodexHistoricalFromDashboardIfNeeded(
+                dashboard,
+                authorityDecision: authority.decision,
+                attachedAccountEmail: self.codexDashboardAttachmentEmail(from: authority.input))
         }
     }
 
-    func backfillCodexHistoricalFromDashboardIfNeeded(_ dashboard: OpenAIDashboardSnapshot) {
+    func backfillCodexHistoricalFromDashboardIfNeeded(
+        _ dashboard: OpenAIDashboardSnapshot,
+        authorityDecision: CodexDashboardAuthorityDecision,
+        attachedAccountEmail: String?)
+    {
         guard self.settings.historicalTrackingEnabled else { return }
-        guard !dashboard.usageBreakdown.isEmpty else { return }
+        guard authorityDecision.allowedEffects.contains(.historicalBackfill) else { return }
+        let usageBreakdown = OpenAIDashboardDailyBreakdown.removingSkillUsageServices(
+            from: dashboard.usageBreakdown)
+        guard !usageBreakdown.isEmpty else { return }
 
         let codexSnapshot = self.snapshots[.codex]
-        let accountKey = self.codexHistoricalAccountKey(
-            preferredEmail: codexSnapshot?.accountEmail(for: .codex),
-            dashboard: dashboard)
+        let ownership = self.codexOwnershipContext(preferredEmail: attachedAccountEmail)
         let referenceWindow: RateWindow
         let calibrationAt: Date
-        if let dashboardWeekly = dashboard.secondaryLimit {
+        if let dashboardWeekly = CodexReconciledState.fromAttachedDashboard(
+            snapshot: dashboard,
+            provider: .codex,
+            accountEmail: attachedAccountEmail,
+            accountPlan: nil)?
+            .weekly
+        {
             referenceWindow = dashboardWeekly
             calibrationAt = dashboard.updatedAt
-        } else if let codexSnapshot, let snapshotWeekly = codexSnapshot.secondary {
+        } else if let codexSnapshot,
+                  let snapshotWeekly = self.codexConsumerProjection(
+                      surface: .liveCard,
+                      snapshotOverride: codexSnapshot,
+                      now: codexSnapshot.updatedAt).rateWindow(for: .weekly)
+        {
             let mismatch = abs(codexSnapshot.updatedAt.timeIntervalSince(dashboard.updatedAt))
             guard mismatch <= Self.backfillMaxTimestampMismatch else { return }
             referenceWindow = snapshotWeekly
@@ -86,15 +127,19 @@ extension UsageStore {
         }
 
         let historyStore = self.historicalUsageHistoryStore
-        let usageBreakdown = dashboard.usageBreakdown
         Task.detached(priority: .utility) { [weak self] in
-            let dataset = await historyStore.backfillCodexWeeklyFromUsageBreakdown(
+            _ = await historyStore.backfillCodexWeeklyFromUsageBreakdown(
                 usageBreakdown,
                 referenceWindow: referenceWindow,
                 now: calibrationAt,
-                accountKey: accountKey)
+                accountKey: ownership.canonicalKey)
+            let dataset = await historyStore.loadCodexDataset(
+                canonicalAccountKey: ownership.canonicalKey,
+                canonicalEmailHashKey: ownership.canonicalEmailHashKey,
+                legacyEmailHash: ownership.historicalLegacyEmailHash,
+                hasAdjacentMultiAccountVeto: ownership.hasAdjacentMultiAccountVeto)
             await MainActor.run { [weak self] in
-                self?.setCodexHistoricalDataset(dataset, accountKey: accountKey)
+                self?.setCodexHistoricalDataset(dataset, accountKey: ownership.canonicalKey)
             }
         }
     }
@@ -104,25 +149,4 @@ extension UsageStore {
         self.codexHistoricalDatasetAccountKey = accountKey
         self.historicalPaceRevision += 1
     }
-
-    private func codexHistoricalAccountKey(
-        preferredEmail: String? = nil,
-        dashboard: OpenAIDashboardSnapshot? = nil) -> String?
-    {
-        let sourceEmail = preferredEmail ??
-            self.snapshots[.codex]?.accountEmail(for: .codex) ??
-            dashboard?.signedInEmail ??
-            self.codexAccountEmailForOpenAIDashboard()
-        guard let sourceEmail else { return nil }
-        let normalized = sourceEmail
-            .trimmingCharacters(in: .whitespacesAndNewlines)
-            .lowercased()
-        guard !normalized.isEmpty else { return nil }
-        return Self.sha256Hex(normalized)
-    }
-
-    private static func sha256Hex(_ input: String) -> String {
-        let digest = SHA256.hash(data: Data(input.utf8))
-        return digest.map { String(format: "%02x", $0) }.joined()
-    }
 }
diff --git a/Sources/CodexBar/UsageStore+Logging.swift b/Sources/CodexBar/UsageStore+Logging.swift
index a598da99a..7b4ff0826 100644
--- a/Sources/CodexBar/UsageStore+Logging.swift
+++ b/Sources/CodexBar/UsageStore+Logging.swift
@@ -10,13 +10,16 @@ extension UsageStore {
             "claudeCookieSource": self.settings.claudeCookieSource.rawValue,
             "cursorCookieSource": self.settings.cursorCookieSource.rawValue,
             "opencodeCookieSource": self.settings.opencodeCookieSource.rawValue,
+            "opencodegoCookieSource": self.settings.opencodegoCookieSource.rawValue,
             "factoryCookieSource": self.settings.factoryCookieSource.rawValue,
             "minimaxCookieSource": self.settings.minimaxCookieSource.rawValue,
             "kimiCookieSource": self.settings.kimiCookieSource.rawValue,
             "augmentCookieSource": self.settings.augmentCookieSource.rawValue,
             "ampCookieSource": self.settings.ampCookieSource.rawValue,
+            "t3ChatCookieSource": self.settings.t3ChatCookieSource.rawValue,
             "ollamaCookieSource": self.settings.ollamaCookieSource.rawValue,
             "openAIWebAccess": self.settings.openAIWebAccessEnabled ? "1" : "0",
+            "openAIWebBatterySaver": self.settings.openAIWebBatterySaverEnabled ? "1" : "0",
             "claudeWebExtras": self.settings.claudeWebExtrasEnabled ? "1" : "0",
             "kiloExtras": self.settings.kiloExtrasEnabled ? "1" : "0",
         ]
diff --git a/Sources/CodexBar/UsageStore+OpenAIWeb.swift b/Sources/CodexBar/UsageStore+OpenAIWeb.swift
index af164cc62..3b75b446c 100644
--- a/Sources/CodexBar/UsageStore+OpenAIWeb.swift
+++ b/Sources/CodexBar/UsageStore+OpenAIWeb.swift
@@ -1,8 +1,1327 @@
+import CodexBarCore
 import Foundation
 
+struct OpenAIWebRefreshGateContext {
+    let force: Bool
+    let accountDidChange: Bool
+    let lastError: String?
+    let lastSnapshotAt: Date?
+    let lastAttemptAt: Date?
+    let now: Date
+    let refreshInterval: TimeInterval
+}
+
+struct OpenAIWebRefreshPolicyContext {
+    let accessEnabled: Bool
+    let batterySaverEnabled: Bool
+    let force: Bool
+}
+
+// MARK: - OpenAI web lifecycle
+
+extension UsageStore {
+    private struct OpenAIDashboardRefreshContext {
+        let targetEmail: String?
+        let allowCurrentSnapshotFallback: Bool
+        let expectedGuard: CodexAccountScopedRefreshGuard?
+        let refreshTaskToken: UUID
+        let allowCodexUsageBackfill: Bool
+    }
+
+    private struct OpenAIDashboardCookieImportRequest {
+        let normalizedTarget: String?
+        let allowAnyAccount: Bool
+        let cookieSource: ProviderCookieSource
+        let cacheScope: CookieHeaderCache.Scope?
+        let preferCachedCookieHeader: Bool?
+        let force: Bool
+    }
+
+    private static let openAIWebRefreshMultiplier: TimeInterval = 5
+    private static let openAIWebPrimaryFetchTimeout: TimeInterval = 25
+    private static let openAIWebRetryFetchTimeout: TimeInterval = 8
+    private static let openAIWebPostImportFetchTimeout: TimeInterval = 25
+
+    static func openAIWebDashboardFetchTimeout(didImportCookies: Bool) -> TimeInterval {
+        didImportCookies ? self.openAIWebPostImportFetchTimeout : self.openAIWebPrimaryFetchTimeout
+    }
+
+    static func openAIWebRetryDashboardFetchTimeout(afterCookieImport: Bool) -> TimeInterval {
+        afterCookieImport ? self.openAIWebPostImportFetchTimeout : self.openAIWebRetryFetchTimeout
+    }
+
+    private func openAIWebRefreshIntervalSeconds() -> TimeInterval {
+        let base = max(self.settings.refreshFrequency.seconds ?? 0, 120)
+        return base * Self.openAIWebRefreshMultiplier
+    }
+
+    func requestOpenAIDashboardRefreshIfStale(reason: String) {
+        guard self.isEnabled(.codex),
+              self.settings.openAIWebAccessEnabled,
+              self.settings.codexCookieSource.isEnabled
+        else { return }
+        let now = Date()
+        let refreshInterval = self.openAIWebRefreshIntervalSeconds()
+        let lastUpdatedAt = self.openAIDashboard?.updatedAt ?? self.lastOpenAIDashboardSnapshot?.updatedAt
+        if let lastUpdatedAt, now.timeIntervalSince(lastUpdatedAt) < refreshInterval { return }
+        let stamp = now.formatted(date: .abbreviated, time: .shortened)
+        self.logOpenAIWeb("[\(stamp)] OpenAI web refresh request: \(reason)")
+        let forceRefresh = Self.forceOpenAIWebRefreshForStaleRequest(
+            batterySaverEnabled: self.settings.openAIWebBatterySaverEnabled)
+        self.openAIWebLogger.debug(
+            "OpenAI web stale refresh gate",
+            metadata: [
+                "reason": reason,
+                "force": forceRefresh ? "1" : "0",
+                "batterySaverEnabled": self.settings.openAIWebBatterySaverEnabled ? "1" : "0",
+                "interaction": ProviderInteractionContext.current == .userInitiated ? "user" : "background",
+            ])
+        let expectedGuard = self.currentCodexOpenAIWebRefreshGuard()
+        Task { await self.refreshOpenAIDashboardIfNeeded(force: forceRefresh, expectedGuard: expectedGuard) }
+    }
+
+    func applyOpenAIDashboard(
+        _ dash: OpenAIDashboardSnapshot,
+        targetEmail: String?,
+        expectedGuard: CodexAccountScopedRefreshGuard? = nil,
+        refreshTaskToken: UUID? = nil,
+        allowCodexUsageBackfill: Bool = true) async
+    {
+        guard self.shouldApplyOpenAIDashboardRefreshTask(token: refreshTaskToken) else { return }
+        if let expectedGuard,
+           !self.shouldApplyOpenAIDashboardRefreshGuard(
+               expectedGuard: expectedGuard,
+               routingTargetEmail: targetEmail)
+        {
+            return
+        }
+
+        let authority = self.evaluateCodexDashboardAuthority(
+            dashboard: dash,
+            sourceKind: .liveWeb,
+            routingTargetEmail: targetEmail)
+        let attachedAccountEmail = self.codexDashboardAttachmentEmail(from: authority.input)
+
+        await self.applyOpenAIDashboardAuthorityDecision(
+            authority.decision,
+            dashboard: dash,
+            authorityInput: authority.input,
+            attachedAccountEmail: attachedAccountEmail,
+            allowCodexUsageBackfill: allowCodexUsageBackfill)
+    }
+
+    func applyOpenAIDashboardFailure(
+        message: String,
+        expectedGuard: CodexAccountScopedRefreshGuard? = nil,
+        refreshTaskToken: UUID? = nil,
+        routingTargetEmail: String? = nil) async
+    {
+        guard self.shouldApplyOpenAIDashboardRefreshTask(token: refreshTaskToken) else { return }
+        if let expectedGuard,
+           !self.shouldApplyOpenAIWebNonSuccessResult(
+               expectedGuard: expectedGuard,
+               routingTargetEmail: routingTargetEmail)
+        {
+            return
+        }
+        if self.openAIWebManagedTargetStoreIsUnreadable() {
+            await self.failClosedRefreshForUnreadableManagedCodexStore()
+            return
+        }
+        if self.openAIWebManagedTargetIsMissing() {
+            await self.failClosedRefreshForMissingManagedCodexTarget()
+            return
+        }
+
+        OpenAIDashboardFetcher.evictAllCachedWebViews()
+        await MainActor.run {
+            if let cached = self.lastOpenAIDashboardSnapshot {
+                self.openAIDashboard = cached
+                self.openAIDashboardAttachmentAuthorized = self.lastOpenAIDashboardAttachmentAuthorized
+                let stamp = cached.updatedAt.formatted(date: .abbreviated, time: .shortened)
+                self.lastOpenAIDashboardError =
+                    "Last OpenAI dashboard refresh failed: \(message). Cached values from \(stamp)."
+            } else {
+                self.lastOpenAIDashboardError = message
+                self.openAIDashboard = nil
+                self.openAIDashboardAttachmentAuthorized = false
+            }
+        }
+    }
+
+    func applyOpenAIDashboardLoginRequiredFailure(
+        expectedGuard: CodexAccountScopedRefreshGuard? = nil,
+        refreshTaskToken: UUID? = nil,
+        routingTargetEmail: String? = nil) async
+    {
+        guard self.shouldApplyOpenAIDashboardRefreshTask(token: refreshTaskToken) else { return }
+        if let expectedGuard,
+           !self.shouldApplyOpenAIWebNonSuccessResult(
+               expectedGuard: expectedGuard,
+               routingTargetEmail: routingTargetEmail)
+        {
+            return
+        }
+        if self.openAIWebManagedTargetStoreIsUnreadable() {
+            await self.failClosedRefreshForUnreadableManagedCodexStore()
+            return
+        }
+        if self.openAIWebManagedTargetIsMissing() {
+            await self.failClosedRefreshForMissingManagedCodexTarget()
+            return
+        }
+
+        OpenAIDashboardFetcher.evictAllCachedWebViews()
+        await MainActor.run {
+            self.lastOpenAIDashboardError = [
+                "OpenAI web access requires a signed-in chatgpt.com session.",
+                "Sign in using \(self.codexBrowserCookieOrder.loginHint), " +
+                    "then update OpenAI cookies in Providers → Codex.",
+            ].joined(separator: " ")
+            self.openAIDashboard = self.lastOpenAIDashboardSnapshot
+            self.openAIDashboardAttachmentAuthorized = self.lastOpenAIDashboardAttachmentAuthorized
+            self.openAIDashboardRequiresLogin = true
+        }
+    }
+
+    private func failClosedOpenAIDashboardSnapshot() {
+        self.applyOpenAIDashboardCleanup(Set(CodexDashboardCleanup.allCases), preserveVisibleDashboard: false)
+        self.openAIDashboardRequiresLogin = true
+    }
+
+    private func applyOpenAIDashboardAuthorityDecision(
+        _ decision: CodexDashboardAuthorityDecision,
+        dashboard: OpenAIDashboardSnapshot,
+        authorityInput: CodexDashboardAuthorityInput,
+        attachedAccountEmail: String?,
+        allowCodexUsageBackfill: Bool) async
+    {
+        switch decision.disposition {
+        case .attach:
+            self.openAIDashboard = dashboard
+            self.openAIDashboardAttachmentAuthorized = true
+            self.lastOpenAIDashboardSnapshot = dashboard
+            self.lastOpenAIDashboardAttachmentAuthorized = true
+            self.lastOpenAIDashboardError = nil
+            self.openAIDashboardRequiresLogin = false
+
+            if decision.allowedEffects.contains(.usageBackfill),
+               allowCodexUsageBackfill,
+               self.snapshots[.codex] == nil,
+               let usage = dashboard.toUsageSnapshot(provider: .codex, accountEmail: attachedAccountEmail)
+            {
+                self.snapshots[.codex] = usage
+                self.errors[.codex] = nil
+                self.failureGates[.codex]?.recordSuccess()
+                self.lastSourceLabels[.codex] = "openai-web"
+            }
+
+            if decision.allowedEffects.contains(.creditsAttachment),
+               self.credits == nil,
+               let credits = dashboard.toCreditsSnapshot()
+            {
+                self.credits = credits
+                self.lastCreditsSnapshot = credits
+                self.lastCreditsSnapshotAccountKey = Self.normalizeCodexAccountScopedKey(attachedAccountEmail)
+                self.lastCreditsSource = .dashboardWeb
+                self.lastCreditsError = nil
+                self.creditsFailureStreak = 0
+            }
+
+            if decision.allowedEffects.contains(.refreshGuardSeed) {
+                self.seedCodexAccountScopedRefreshGuard(accountEmail: attachedAccountEmail)
+            }
+
+            if let attachedAccountEmail, !attachedAccountEmail.isEmpty {
+                OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+                    accountEmail: attachedAccountEmail,
+                    snapshot: dashboard))
+            }
+
+            if decision.allowedEffects.contains(.historicalBackfill) {
+                self.backfillCodexHistoricalFromDashboardIfNeeded(
+                    dashboard,
+                    authorityDecision: decision,
+                    attachedAccountEmail: attachedAccountEmail)
+            }
+
+        case .displayOnly:
+            self.applyOpenAIDashboardCleanup(decision.cleanup, preserveVisibleDashboard: true)
+            self.openAIDashboard = dashboard
+            self.openAIDashboardAttachmentAuthorized = false
+            self.lastOpenAIDashboardSnapshot = dashboard
+            self.lastOpenAIDashboardAttachmentAuthorized = false
+            self.lastOpenAIDashboardError = nil
+            self.openAIDashboardRequiresLogin = false
+
+        case .failClosed:
+            self.applyOpenAIDashboardCleanup(decision.cleanup, preserveVisibleDashboard: false)
+            self.lastOpenAIDashboardError = self.openAIDashboardPolicyFailureMessage(
+                for: decision,
+                authorityInput: authorityInput)
+            self.openAIDashboardRequiresLogin = true
+        }
+    }
+
+    private func applyOpenAIDashboardCleanup(
+        _ cleanup: Set<CodexDashboardCleanup>,
+        preserveVisibleDashboard: Bool)
+    {
+        if cleanup.contains(.dashboardDerivedUsage) {
+            self.clearDashboardDerivedCodexUsageIfNeeded()
+        }
+        if cleanup.contains(.dashboardDerivedCredits) {
+            self.clearDashboardDerivedCreditsIfNeeded()
+        }
+        if cleanup.contains(.dashboardRefreshGuardSeed) {
+            self.clearDashboardRefreshGuardSeedIfNeeded()
+        }
+        if cleanup.contains(.dashboardCache) {
+            OpenAIDashboardCacheStore.clear()
+        }
+        if cleanup.contains(.dashboardSnapshot), !preserveVisibleDashboard {
+            self.openAIDashboard = nil
+            self.openAIDashboardAttachmentAuthorized = false
+            self.lastOpenAIDashboardSnapshot = nil
+            self.lastOpenAIDashboardAttachmentAuthorized = false
+        }
+    }
+
+    private func clearDashboardDerivedCodexUsageIfNeeded() {
+        guard self.lastSourceLabels[.codex] == "openai-web" else { return }
+        self.snapshots.removeValue(forKey: .codex)
+        self.errors[.codex] = nil
+        self.lastSourceLabels.removeValue(forKey: .codex)
+        self.lastFetchAttempts.removeValue(forKey: .codex)
+        self.accountSnapshots.removeValue(forKey: .codex)
+        self.codexAccountSnapshots = []
+        self.failureGates[.codex]?.reset()
+        self.lastKnownSessionRemaining.removeValue(forKey: .codex)
+        self.lastKnownSessionWindowSource.removeValue(forKey: .codex)
+    }
+
+    private func clearDashboardDerivedCreditsIfNeeded() {
+        guard self.lastCreditsSource == .dashboardWeb else { return }
+        self.credits = nil
+        self.lastCreditsError = nil
+        self.lastCreditsSnapshot = nil
+        self.lastCreditsSnapshotAccountKey = nil
+        self.lastCreditsSource = .none
+        self.creditsFailureStreak = 0
+    }
+
+    private func clearDashboardRefreshGuardSeedIfNeeded() {
+        self.lastCodexAccountScopedRefreshGuard = self.currentCodexAccountScopedRefreshGuard(
+            preferCurrentSnapshot: false,
+            allowLastKnownLiveFallback: false)
+    }
+
+    private func openAIDashboardPolicyFailureMessage(
+        for decision: CodexDashboardAuthorityDecision,
+        authorityInput: CodexDashboardAuthorityInput) -> String
+    {
+        switch decision.reason {
+        case let .wrongEmail(expected, actual):
+            [
+                "OpenAI dashboard signed in as \(actual ?? "unknown"), but Codex uses \(expected ?? "unknown").",
+                "Switch accounts in your browser and update OpenAI cookies in Providers → Codex.",
+            ].joined(separator: " ")
+        case let .sameEmailAmbiguity(email):
+            "OpenAI dashboard ownership is ambiguous for \(email); Codex will not attach dashboard data."
+        case .missingDashboardSignedInEmail:
+            "OpenAI dashboard did not report a signed-in account. Refresh OpenAI cookies and try again."
+        case .unresolvedWithoutTrustedEvidence:
+            "OpenAI dashboard ownership could not be verified for the active Codex account."
+        case .providerAccountMissingScopedEmail:
+            "Codex account ownership could not be verified because the scoped email is unavailable."
+        case .providerAccountLacksExactOwnershipProof:
+            [
+                "OpenAI dashboard ownership could not be matched to the active Codex account.",
+                "Refresh Codex account data, then retry OpenAI web access.",
+            ].joined(separator: " ")
+        case .exactProviderAccountMatch,
+             .trustedEmailMatchNoCompetingOwner,
+             .trustedContinuityNoCompetingOwner:
+            "OpenAI dashboard ownership policy blocked this dashboard."
+        }
+    }
+
+    func refreshOpenAIDashboardIfNeeded(
+        force: Bool = false,
+        expectedGuard: CodexAccountScopedRefreshGuard? = nil,
+        bypassCoalescing: Bool = false,
+        allowCodexUsageBackfill: Bool = true) async
+    {
+        self.syncOpenAIWebState()
+        guard self.isEnabled(.codex),
+              self.settings.openAIWebAccessEnabled,
+              self.settings.codexCookieSource.isEnabled
+        else { return }
+        if self.openAIWebManagedTargetStoreIsUnreadable() {
+            await self.failClosedRefreshForUnreadableManagedCodexStore()
+            return
+        }
+        if self.openAIWebManagedTargetIsMissing() {
+            await self.failClosedRefreshForMissingManagedCodexTarget()
+            return
+        }
+
+        let allowCurrentSnapshotFallback = expectedGuard?.source == .liveSystem && expectedGuard?
+            .identity == .unresolved
+        let targetEmail = self.currentCodexOpenAIWebTargetEmail(
+            allowCurrentSnapshotFallback: allowCurrentSnapshotFallback,
+            allowLastKnownLiveFallback: expectedGuard?.identity != .unresolved)
+        let refreshKey = self.openAIDashboardRefreshKey(targetEmail: targetEmail, expectedGuard: expectedGuard)
+        if !bypassCoalescing,
+           let task = self.openAIDashboardRefreshTask,
+           self.openAIDashboardRefreshTaskKey == refreshKey
+        {
+            await task.value
+            return
+        }
+        self.handleOpenAIWebTargetEmailChangeIfNeeded(targetEmail: targetEmail)
+
+        let now = Date()
+        let minInterval = self.openAIWebRefreshIntervalSeconds()
+        let refreshGate = OpenAIWebRefreshGateContext(
+            force: force,
+            accountDidChange: self.openAIWebAccountDidChange,
+            lastError: self.lastOpenAIDashboardError,
+            lastSnapshotAt: self.lastOpenAIDashboardSnapshot?.updatedAt,
+            lastAttemptAt: self.lastOpenAIDashboardAttemptAt,
+            now: now,
+            refreshInterval: minInterval)
+        if Self.shouldSkipOpenAIWebRefresh(refreshGate) {
+            return
+        }
+        self.lastOpenAIDashboardAttemptAt = now
+
+        let taskToken = UUID()
+        let context = OpenAIDashboardRefreshContext(
+            targetEmail: targetEmail,
+            allowCurrentSnapshotFallback: allowCurrentSnapshotFallback,
+            expectedGuard: expectedGuard,
+            refreshTaskToken: taskToken,
+            allowCodexUsageBackfill: allowCodexUsageBackfill)
+        let task = Task { [weak self] in
+            guard let self else { return }
+            await self.performOpenAIDashboardRefreshIfNeeded(context)
+        }
+        self.openAIDashboardRefreshTask = task
+        self.openAIDashboardRefreshTaskKey = refreshKey
+        self.openAIDashboardRefreshTaskToken = taskToken
+        await task.value
+        if self.openAIDashboardRefreshTaskToken == taskToken {
+            self.openAIDashboardRefreshTask = nil
+            self.openAIDashboardRefreshTaskKey = nil
+            self.openAIDashboardRefreshTaskToken = nil
+        }
+    }
+
+    func scheduleOpenAIDashboardRefreshIfNeeded(expectedGuard: CodexAccountScopedRefreshGuard? = nil) {
+        self.syncOpenAIWebState()
+        let allowCurrentSnapshotFallback = expectedGuard?.source == .liveSystem && expectedGuard?
+            .identity == .unresolved
+        let targetEmail = self.currentCodexOpenAIWebTargetEmail(
+            allowCurrentSnapshotFallback: allowCurrentSnapshotFallback,
+            allowLastKnownLiveFallback: expectedGuard?.identity != .unresolved)
+        let refreshKey = self.openAIDashboardRefreshKey(targetEmail: targetEmail, expectedGuard: expectedGuard)
+        if let task = self.openAIDashboardBackgroundRefreshTask,
+           !task.isCancelled,
+           self.openAIDashboardBackgroundRefreshTaskKey == refreshKey
+        {
+            return
+        }
+
+        if self.openAIDashboardBackgroundRefreshTaskKey != nil,
+           self.openAIDashboardBackgroundRefreshTaskKey != refreshKey
+        {
+            self.invalidateOpenAIDashboardRefreshTask()
+        }
+        self.openAIDashboardBackgroundRefreshTask?.cancel()
+        self.openAIDashboardBackgroundRefreshTaskKey = refreshKey
+        self.openAIDashboardBackgroundRefreshTask = Task(priority: .utility) { @MainActor [weak self] in
+            guard let self else { return }
+            defer {
+                if self.openAIDashboardBackgroundRefreshTaskKey == refreshKey {
+                    self.openAIDashboardBackgroundRefreshTask = nil
+                    self.openAIDashboardBackgroundRefreshTaskKey = nil
+                }
+            }
+
+            await self.refreshOpenAIDashboardIfNeeded(force: false, expectedGuard: expectedGuard)
+            guard !Task.isCancelled else { return }
+            self.persistWidgetSnapshot(reason: "dashboard")
+        }
+    }
+
+    private func performOpenAIDashboardRefreshIfNeeded(_ context: OpenAIDashboardRefreshContext) async {
+        guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+        self.openAIDashboardCookieImportStatus = nil
+        var latestCookieImportStatus: String?
+        if self.openAIWebDebugLines.isEmpty {
+            self.resetOpenAIWebDebugLog(context: "refresh")
+        } else {
+            let stamp = Date().formatted(date: .abbreviated, time: .shortened)
+            self.logOpenAIWeb("[\(stamp)] OpenAI web refresh start")
+        }
+        let log: (String) -> Void = { [weak self] line in
+            guard let self else { return }
+            self.logOpenAIWeb(line)
+        }
+
+        do {
+            let normalized = context.targetEmail?
+                .trimmingCharacters(in: .whitespacesAndNewlines)
+                .lowercased()
+            var effectiveEmail = context.targetEmail
+
+            // Use a per-email persistent `WKWebsiteDataStore` so multiple dashboard sessions can coexist.
+            // Strategy:
+            // - Try the existing per-email WebKit cookie store first (fast; avoids Keychain prompts).
+            // - On login-required or account mismatch, import cookies from the configured browser order and retry once.
+            var didImportCookiesForRefresh = false
+            if self.openAIWebAccountDidChange, let targetEmail = context.targetEmail, !targetEmail.isEmpty {
+                // On account switches, proactively re-import cookies so we don't show stale data from the previous
+                // user.
+                let imported = await self.importOpenAIDashboardCookiesIfNeeded(
+                    targetEmail: targetEmail,
+                    force: true)
+                guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+                didImportCookiesForRefresh = true
+                latestCookieImportStatus = self.currentOpenAIDashboardCookieImportStatus()
+                if await self.abortOpenAIDashboardRetryAfterImportFailure(
+                    importedEmail: imported,
+                    targetEmail: targetEmail,
+                    expectedGuard: context.expectedGuard,
+                    cookieImportStatus: latestCookieImportStatus,
+                    refreshTaskToken: context.refreshTaskToken)
+                {
+                    self.openAIWebAccountDidChange = false
+                    return
+                }
+                if let imported {
+                    effectiveEmail = imported
+                }
+                self.openAIWebAccountDidChange = false
+            }
+
+            var dash = try await self.loadLatestOpenAIDashboard(
+                accountEmail: effectiveEmail,
+                logger: log,
+                timeout: Self.openAIWebDashboardFetchTimeout(didImportCookies: didImportCookiesForRefresh))
+            guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+
+            if self.dashboardEmailMismatch(expected: normalized, actual: dash.signedInEmail) {
+                if let imported = await self.importOpenAIDashboardCookiesIfNeeded(
+                    targetEmail: context.targetEmail,
+                    force: true)
+                {
+                    guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+                    effectiveEmail = imported
+                }
+                latestCookieImportStatus = self.currentOpenAIDashboardCookieImportStatus()
+                dash = try await self.loadLatestOpenAIDashboard(
+                    accountEmail: effectiveEmail,
+                    logger: log,
+                    timeout: Self.openAIWebRetryDashboardFetchTimeout(afterCookieImport: true))
+                guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+            }
+
+            await self.applyOpenAIDashboard(
+                dash,
+                targetEmail: effectiveEmail,
+                expectedGuard: context.expectedGuard,
+                refreshTaskToken: context.refreshTaskToken,
+                allowCodexUsageBackfill: context.allowCodexUsageBackfill)
+        } catch let OpenAIDashboardFetcher.FetchError.noDashboardData(body) {
+            guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+            await self.retryOpenAIDashboardAfterNoData(
+                body: body,
+                context: context,
+                latestCookieImportStatus: &latestCookieImportStatus,
+                logger: log)
+        } catch OpenAIDashboardFetcher.FetchError.loginRequired {
+            guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+            await self.retryOpenAIDashboardAfterLoginRequired(
+                context: context,
+                latestCookieImportStatus: &latestCookieImportStatus,
+                logger: log)
+        } catch {
+            guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+            if Self.isOpenAIDashboardTimeout(error) {
+                await self.retryOpenAIDashboardAfterTimeout(
+                    context: context,
+                    latestCookieImportStatus: &latestCookieImportStatus,
+                    logger: log)
+                return
+            }
+            let message = self.preferredOpenAIDashboardFailureMessage(
+                error: error,
+                targetEmail: context.targetEmail,
+                cookieImportStatus: latestCookieImportStatus)
+            await self.applyOpenAIDashboardFailure(
+                message: message,
+                expectedGuard: context.expectedGuard,
+                refreshTaskToken: context.refreshTaskToken,
+                routingTargetEmail: context.targetEmail)
+        }
+    }
+
+    private func retryOpenAIDashboardAfterTimeout(
+        context: OpenAIDashboardRefreshContext,
+        latestCookieImportStatus: inout String?,
+        logger: @escaping (String) -> Void) async
+    {
+        let targetEmail = self.currentCodexOpenAIWebTargetEmail(
+            allowCurrentSnapshotFallback: context.allowCurrentSnapshotFallback,
+            allowLastKnownLiveFallback: context.expectedGuard?.identity != .unresolved)
+        var effectiveEmail = targetEmail
+        let imported = await self.importOpenAIDashboardCookiesIfNeeded(
+            targetEmail: targetEmail,
+            force: true,
+            preferCachedCookieHeader: true)
+        guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+        latestCookieImportStatus = self.currentOpenAIDashboardCookieImportStatus()
+        if await self.abortOpenAIDashboardRetryAfterImportFailure(
+            importedEmail: imported,
+            targetEmail: targetEmail,
+            expectedGuard: context.expectedGuard,
+            cookieImportStatus: latestCookieImportStatus,
+            refreshTaskToken: context.refreshTaskToken)
+        {
+            return
+        }
+        if let imported {
+            effectiveEmail = imported
+        }
+        do {
+            let dash = try await self.loadLatestOpenAIDashboard(
+                accountEmail: effectiveEmail,
+                logger: logger,
+                timeout: Self.openAIWebRetryDashboardFetchTimeout(afterCookieImport: true))
+            guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+            await self.applyOpenAIDashboard(
+                dash,
+                targetEmail: effectiveEmail,
+                expectedGuard: context.expectedGuard,
+                refreshTaskToken: context.refreshTaskToken,
+                allowCodexUsageBackfill: context.allowCodexUsageBackfill)
+        } catch {
+            guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+            let message = self.preferredOpenAIDashboardFailureMessage(
+                error: error,
+                targetEmail: targetEmail,
+                cookieImportStatus: latestCookieImportStatus)
+            await self.applyOpenAIDashboardFailure(
+                message: message,
+                expectedGuard: context.expectedGuard,
+                refreshTaskToken: context.refreshTaskToken,
+                routingTargetEmail: targetEmail)
+        }
+    }
+
+    private func retryOpenAIDashboardAfterNoData(
+        body: String,
+        context: OpenAIDashboardRefreshContext,
+        latestCookieImportStatus: inout String?,
+        logger: @escaping (String) -> Void) async
+    {
+        let targetEmail = self.currentCodexOpenAIWebTargetEmail(
+            allowCurrentSnapshotFallback: context.allowCurrentSnapshotFallback,
+            allowLastKnownLiveFallback: context.expectedGuard?.identity != .unresolved)
+        var effectiveEmail = targetEmail
+        let imported = await self.importOpenAIDashboardCookiesIfNeeded(targetEmail: targetEmail, force: true)
+        guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+        latestCookieImportStatus = self.currentOpenAIDashboardCookieImportStatus()
+        if await self.abortOpenAIDashboardRetryAfterImportFailure(
+            importedEmail: imported,
+            targetEmail: targetEmail,
+            expectedGuard: context.expectedGuard,
+            cookieImportStatus: latestCookieImportStatus,
+            refreshTaskToken: context.refreshTaskToken)
+        {
+            return
+        }
+        if let imported {
+            effectiveEmail = imported
+        }
+        do {
+            let dash = try await self.loadLatestOpenAIDashboard(
+                accountEmail: effectiveEmail,
+                logger: logger,
+                timeout: Self.openAIWebRetryDashboardFetchTimeout(afterCookieImport: true))
+            guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+            await self.applyOpenAIDashboard(
+                dash,
+                targetEmail: effectiveEmail,
+                expectedGuard: context.expectedGuard,
+                refreshTaskToken: context.refreshTaskToken,
+                allowCodexUsageBackfill: context.allowCodexUsageBackfill)
+        } catch let OpenAIDashboardFetcher.FetchError.noDashboardData(retryBody) {
+            guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+            let finalBody = retryBody.isEmpty ? body : retryBody
+            let message = self.openAIDashboardFriendlyError(
+                body: finalBody,
+                targetEmail: targetEmail,
+                cookieImportStatus: latestCookieImportStatus)
+                ?? OpenAIDashboardFetcher.FetchError.noDashboardData(body: finalBody).localizedDescription
+            await self.applyOpenAIDashboardFailure(
+                message: message,
+                expectedGuard: context.expectedGuard,
+                refreshTaskToken: context.refreshTaskToken,
+                routingTargetEmail: targetEmail)
+        } catch {
+            guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+            let message = self.preferredOpenAIDashboardFailureMessage(
+                error: error,
+                targetEmail: targetEmail,
+                cookieImportStatus: latestCookieImportStatus)
+            await self.applyOpenAIDashboardFailure(
+                message: message,
+                expectedGuard: context.expectedGuard,
+                refreshTaskToken: context.refreshTaskToken,
+                routingTargetEmail: targetEmail)
+        }
+    }
+
+    private func retryOpenAIDashboardAfterLoginRequired(
+        context: OpenAIDashboardRefreshContext,
+        latestCookieImportStatus: inout String?,
+        logger: @escaping (String) -> Void) async
+    {
+        let targetEmail = self.currentCodexOpenAIWebTargetEmail(
+            allowCurrentSnapshotFallback: context.allowCurrentSnapshotFallback,
+            allowLastKnownLiveFallback: context.expectedGuard?.identity != .unresolved)
+        var effectiveEmail = targetEmail
+        let imported = await self.importOpenAIDashboardCookiesIfNeeded(targetEmail: targetEmail, force: true)
+        guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+        latestCookieImportStatus = self.currentOpenAIDashboardCookieImportStatus()
+        if await self.abortOpenAIDashboardRetryAfterImportFailure(
+            importedEmail: imported,
+            targetEmail: targetEmail,
+            expectedGuard: context.expectedGuard,
+            cookieImportStatus: latestCookieImportStatus,
+            refreshTaskToken: context.refreshTaskToken)
+        {
+            return
+        }
+        if let imported {
+            effectiveEmail = imported
+        }
+        do {
+            let dash = try await self.loadLatestOpenAIDashboard(
+                accountEmail: effectiveEmail,
+                logger: logger,
+                timeout: Self.openAIWebRetryDashboardFetchTimeout(afterCookieImport: true))
+            guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+            await self.applyOpenAIDashboard(
+                dash,
+                targetEmail: effectiveEmail,
+                expectedGuard: context.expectedGuard,
+                refreshTaskToken: context.refreshTaskToken,
+                allowCodexUsageBackfill: context.allowCodexUsageBackfill)
+        } catch OpenAIDashboardFetcher.FetchError.loginRequired {
+            guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+            await self.applyOpenAIDashboardLoginRequiredFailure(
+                expectedGuard: context.expectedGuard,
+                refreshTaskToken: context.refreshTaskToken,
+                routingTargetEmail: targetEmail)
+        } catch {
+            guard self.shouldContinueOpenAIDashboardRefresh(token: context.refreshTaskToken) else { return }
+            let message = self.preferredOpenAIDashboardFailureMessage(
+                error: error,
+                targetEmail: targetEmail,
+                cookieImportStatus: latestCookieImportStatus)
+            await self.applyOpenAIDashboardFailure(
+                message: message,
+                expectedGuard: context.expectedGuard,
+                refreshTaskToken: context.refreshTaskToken,
+                routingTargetEmail: targetEmail)
+        }
+    }
+
+    // MARK: - OpenAI web account switching
+
+    /// Detect Codex account email changes and clear stale OpenAI web state so the UI can't show the wrong user.
+    /// This does not delete other per-email WebKit cookie stores (we keep multiple accounts around).
+    func handleOpenAIWebTargetEmailChangeIfNeeded(targetEmail: String?) {
+        let normalized = targetEmail?
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            .lowercased()
+
+        guard let normalized, !normalized.isEmpty else { return }
+
+        let previous = self.lastOpenAIDashboardTargetEmail
+        self.lastOpenAIDashboardTargetEmail = normalized
+
+        if let previous,
+           !previous.isEmpty,
+           previous != normalized
+        {
+            let stamp = Date().formatted(date: .abbreviated, time: .shortened)
+            self.logOpenAIWeb(
+                "[\(stamp)] Codex account changed: \(previous) → \(normalized); " +
+                    "clearing OpenAI web snapshot")
+            self.openAIWebAccountDidChange = true
+            self.openAIDashboard = nil
+            self.openAIDashboardAttachmentAuthorized = false
+            self.lastOpenAIDashboardSnapshot = nil
+            self.lastOpenAIDashboardAttachmentAuthorized = false
+            self.lastOpenAIDashboardError = nil
+            self.lastOpenAIDashboardAttemptAt = nil
+            self.openAIDashboardRequiresLogin = true
+            self.openAIDashboardCookieImportStatus = "Codex account changed; importing browser cookies…"
+            self.lastOpenAIDashboardCookieImportAttemptAt = nil
+            self.lastOpenAIDashboardCookieImportEmail = nil
+        }
+    }
+
+    func importOpenAIDashboardBrowserCookiesNow() async {
+        self.resetOpenAIWebDebugLog(context: "manual import")
+        let targetEmail = self.currentCodexOpenAIWebTargetEmail(
+            allowCurrentSnapshotFallback: true,
+            allowLastKnownLiveFallback: false)
+        _ = await self.importOpenAIDashboardCookiesIfNeeded(targetEmail: targetEmail, force: true)
+        let expectedGuard = self.currentCodexOpenAIWebRefreshGuard()
+        await self.refreshOpenAIDashboardIfNeeded(
+            force: true,
+            expectedGuard: expectedGuard,
+            bypassCoalescing: true)
+    }
+
+    func currentCodexOpenAIWebTargetEmail(
+        allowCurrentSnapshotFallback: Bool,
+        allowLastKnownLiveFallback: Bool) -> String?
+    {
+        switch self.settings.codexResolvedActiveSource {
+        case .liveSystem:
+            let liveSystem = self.settings.codexAccountReconciliationSnapshot.liveSystemAccount?.email
+                .trimmingCharacters(in: .whitespacesAndNewlines)
+            if let liveSystem, !liveSystem.isEmpty {
+                self.lastKnownLiveSystemCodexEmail = liveSystem
+                return liveSystem
+            }
+
+            if allowCurrentSnapshotFallback,
+               let snapshotEmail = self.snapshots[.codex]?.accountEmail(for: .codex)?
+                   .trimmingCharacters(in: .whitespacesAndNewlines),
+                   !snapshotEmail.isEmpty
+            {
+                self.lastKnownLiveSystemCodexEmail = snapshotEmail
+                return snapshotEmail
+            }
+
+            if allowLastKnownLiveFallback {
+                let lastKnown = self.lastKnownLiveSystemCodexEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
+                if let lastKnown, !lastKnown.isEmpty { return lastKnown }
+            }
+            return nil
+        case .managedAccount:
+            return self.codexAccountEmailForOpenAIDashboard()
+        }
+    }
+
+    private func openAIDashboardRefreshKey(
+        targetEmail: String?,
+        expectedGuard: CodexAccountScopedRefreshGuard?) -> String
+    {
+        let source = String(describing: expectedGuard?.source ?? self.settings.codexResolvedActiveSource)
+        let identityKey = Self.codexIdentityGuardKey(expectedGuard?.identity ?? .unresolved) ?? "unresolved"
+        let accountKey = Self.normalizeCodexAccountScopedKey(targetEmail) ?? "unknown"
+        return "\(source)|\(identityKey)|\(accountKey)"
+    }
+
+    private func actionableOpenAIDashboardImportFailure(targetEmail: String?) -> String? {
+        self.actionableOpenAIDashboardImportFailure(
+            targetEmail: targetEmail,
+            cookieImportStatus: self.openAIDashboardCookieImportStatus)
+    }
+
+    private func actionableOpenAIDashboardImportFailure(
+        targetEmail: String?,
+        cookieImportStatus: String?) -> String?
+    {
+        let status = cookieImportStatus?.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard let status, !status.isEmpty else { return nil }
+
+        if status.localizedCaseInsensitiveContains("openai cookies are for") {
+            return "\(status) Switch chatgpt.com account, then refresh OpenAI cookies."
+        }
+        if status.localizedCaseInsensitiveContains("no signed-in openai web session found")
+            || status.localizedCaseInsensitiveContains("no matching openai web session found")
+        {
+            let targetLabel = targetEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
+            let accountLabel = (targetLabel?.isEmpty == false) ? targetLabel! : "your OpenAI account"
+            return "\(status) Sign in to chatgpt.com as \(accountLabel), then refresh OpenAI cookies."
+        }
+        if status.localizedCaseInsensitiveContains("openai cookie import failed")
+            || status.localizedCaseInsensitiveContains("browser cookie import failed")
+        {
+            return status
+        }
+        return nil
+    }
+
+    private func preferredOpenAIDashboardFailureMessage(
+        error: Error,
+        targetEmail: String?,
+        cookieImportStatus: String?) -> String
+    {
+        if let actionable = self.actionableOpenAIDashboardImportFailure(
+            targetEmail: targetEmail,
+            cookieImportStatus: cookieImportStatus)
+        {
+            return actionable
+        }
+        return error.localizedDescription
+    }
+
+    private static func isOpenAIDashboardTimeout(_ error: Error) -> Bool {
+        let nsError = error as NSError
+        return nsError.domain == NSURLErrorDomain && nsError.code == NSURLErrorTimedOut
+    }
+
+    private func abortOpenAIDashboardRetryAfterImportFailure(
+        importedEmail: String?,
+        targetEmail: String?,
+        expectedGuard: CodexAccountScopedRefreshGuard?,
+        cookieImportStatus: String?,
+        refreshTaskToken: UUID) async -> Bool
+    {
+        guard importedEmail == nil,
+              let message = self.actionableOpenAIDashboardImportFailure(
+                  targetEmail: targetEmail,
+                  cookieImportStatus: cookieImportStatus)
+        else {
+            return false
+        }
+        await self.applyOpenAIDashboardFailure(
+            message: message,
+            expectedGuard: expectedGuard,
+            refreshTaskToken: refreshTaskToken,
+            routingTargetEmail: targetEmail)
+        return true
+    }
+
+    private func shouldApplyOpenAIDashboardRefreshTask(token: UUID?) -> Bool {
+        guard let token else { return true }
+        return self.openAIDashboardRefreshTaskToken == token
+    }
+
+    private func shouldContinueOpenAIDashboardRefresh(token: UUID?) -> Bool {
+        !Task.isCancelled && self.shouldApplyOpenAIDashboardRefreshTask(token: token)
+    }
+
+    func invalidateOpenAIDashboardRefreshTask() {
+        self.openAIDashboardRefreshTask?.cancel()
+        self.openAIDashboardRefreshTask = nil
+        self.openAIDashboardRefreshTaskKey = nil
+        self.openAIDashboardRefreshTaskToken = nil
+    }
+
+    private func currentOpenAIDashboardCookieImportStatus() -> String? {
+        self.openAIDashboardCookieImportStatus
+    }
+
+    private func loadLatestOpenAIDashboard(
+        accountEmail: String?,
+        logger: @escaping (String) -> Void,
+        timeout: TimeInterval) async throws -> OpenAIDashboardSnapshot
+    {
+        if let override = self._test_openAIDashboardLoaderOverride {
+            return try await override(accountEmail, logger, timeout)
+        }
+        return try await OpenAIDashboardFetcher().loadLatestDashboard(
+            accountEmail: accountEmail,
+            logger: logger,
+            debugDumpHTML: timeout != Self.openAIWebPrimaryFetchTimeout,
+            timeout: timeout)
+    }
+
+    private func failClosedForUnreadableManagedCodexStore() async -> String? {
+        self.applyOpenAIDashboardCleanup(Set(CodexDashboardCleanup.allCases), preserveVisibleDashboard: false)
+        self.openAIDashboardRequiresLogin = true
+        self.openAIDashboardCookieImportStatus = [
+            "Managed Codex account data is unavailable.",
+            "Fix the managed account store before importing OpenAI cookies.",
+        ].joined(separator: " ")
+        return nil
+    }
+
+    private func failClosedRefreshForUnreadableManagedCodexStore() async {
+        self.applyOpenAIDashboardCleanup(Set(CodexDashboardCleanup.allCases), preserveVisibleDashboard: false)
+        self.openAIDashboardRequiresLogin = true
+        self.lastOpenAIDashboardError = [
+            "Managed Codex account data is unavailable.",
+            "Fix the managed account store before refreshing OpenAI web data.",
+        ].joined(separator: " ")
+    }
+
+    private func failClosedForMissingManagedCodexTarget() async -> String? {
+        self.applyOpenAIDashboardCleanup(Set(CodexDashboardCleanup.allCases), preserveVisibleDashboard: false)
+        self.openAIDashboardRequiresLogin = true
+        self.openAIDashboardCookieImportStatus = [
+            "The selected managed Codex account is unavailable.",
+            "Pick another Codex account before importing OpenAI cookies.",
+        ].joined(separator: " ")
+        return nil
+    }
+
+    private func failClosedRefreshForMissingManagedCodexTarget() async {
+        self.applyOpenAIDashboardCleanup(Set(CodexDashboardCleanup.allCases), preserveVisibleDashboard: false)
+        self.openAIDashboardRequiresLogin = true
+        self.lastOpenAIDashboardError = [
+            "The selected managed Codex account is unavailable.",
+            "Pick another Codex account before refreshing OpenAI web data.",
+        ].joined(separator: " ")
+    }
+
+    private func openAIWebCookieImportShouldFailClosed() async -> Bool {
+        if self.openAIWebManagedTargetStoreIsUnreadable() {
+            _ = await self.failClosedForUnreadableManagedCodexStore()
+            return true
+        }
+        if self.openAIWebManagedTargetIsMissing() {
+            _ = await self.failClosedForMissingManagedCodexTarget()
+            return true
+        }
+        return false
+    }
+
+    private func openAIDashboardCookieImportResult(
+        request: OpenAIDashboardCookieImportRequest,
+        logger: @escaping (String) -> Void) async throws -> OpenAIDashboardBrowserCookieImporter.ImportResult
+    {
+        if let override = self._test_openAIDashboardCookieImportOverride {
+            return try await override(
+                request.normalizedTarget,
+                request.allowAnyAccount,
+                request.cookieSource,
+                request.cacheScope,
+                logger)
+        }
+
+        let importer = OpenAIDashboardBrowserCookieImporter(browserDetection: self.browserDetection)
+        switch request.cookieSource {
+        case .manual:
+            self.settings.ensureCodexCookieLoaded()
+            // Manual OpenAI cookies still come from one provider-level setting. Auto-imported cookies are
+            // isolated per managed account, but a manual header is an explicit override owned by settings,
+            // so switching managed accounts does not currently swap it underneath the user.
+            let manualHeader = self.settings.codexCookieHeader
+            guard CookieHeaderNormalizer.normalize(manualHeader) != nil else {
+                throw OpenAIDashboardBrowserCookieImporter.ImportError.manualCookieHeaderInvalid
+            }
+            return try await importer.importManualCookies(
+                cookieHeader: manualHeader,
+                intoAccountEmail: request.normalizedTarget,
+                allowAnyAccount: request.allowAnyAccount,
+                cacheScope: request.cacheScope,
+                logger: logger)
+        case .auto:
+            return try await importer.importBestCookies(
+                intoAccountEmail: request.normalizedTarget,
+                allowAnyAccount: request.allowAnyAccount,
+                preferCachedCookieHeader: request.preferCachedCookieHeader ?? !request.force,
+                cacheScope: request.cacheScope,
+                logger: logger)
+        case .off:
+            return OpenAIDashboardBrowserCookieImporter.ImportResult(
+                sourceLabel: "Off",
+                cookieCount: 0,
+                signedInEmail: request.normalizedTarget,
+                matchesCodexEmail: true)
+        }
+    }
+
+    func importOpenAIDashboardCookiesIfNeeded(
+        targetEmail: String?,
+        force: Bool,
+        preferCachedCookieHeader: Bool? = nil) async -> String?
+    {
+        guard !Task.isCancelled else { return nil }
+        if await self.openAIWebCookieImportShouldFailClosed() {
+            return nil
+        }
+        guard !Task.isCancelled else { return nil }
+
+        let normalizedTarget = targetEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let allowAnyAccount = normalizedTarget == nil || normalizedTarget?.isEmpty == true
+        let cookieSource = self.settings.codexCookieSource
+        let cacheScope = self.codexCookieCacheScopeForOpenAIWeb()
+
+        let now = Date()
+        let lastEmail = self.lastOpenAIDashboardCookieImportEmail
+        let lastAttempt = self.lastOpenAIDashboardCookieImportAttemptAt ?? .distantPast
+
+        let shouldAttempt: Bool = if force {
+            true
+        } else {
+            if allowAnyAccount {
+                now.timeIntervalSince(lastAttempt) > 300
+            } else {
+                self.openAIDashboardRequiresLogin &&
+                    (
+                        lastEmail?.lowercased() != normalizedTarget?.lowercased() || now
+                            .timeIntervalSince(lastAttempt) > 300)
+            }
+        }
+
+        guard shouldAttempt else { return normalizedTarget }
+        self.lastOpenAIDashboardCookieImportEmail = normalizedTarget
+        self.lastOpenAIDashboardCookieImportAttemptAt = now
+
+        let stamp = now.formatted(date: .abbreviated, time: .shortened)
+        let targetLabel = normalizedTarget ?? "unknown"
+        self.logOpenAIWeb("[\(stamp)] import start (target=\(targetLabel))")
+
+        do {
+            let log: (String) -> Void = { [weak self] message in
+                guard let self else { return }
+                self.logOpenAIWeb(message)
+            }
+
+            let request = OpenAIDashboardCookieImportRequest(
+                normalizedTarget: normalizedTarget,
+                allowAnyAccount: allowAnyAccount,
+                cookieSource: cookieSource,
+                cacheScope: cacheScope,
+                preferCachedCookieHeader: preferCachedCookieHeader,
+                force: force)
+            let result = try await self.openAIDashboardCookieImportResult(
+                request: request,
+                logger: log)
+            guard !Task.isCancelled else { return nil }
+            let effectiveEmail = result.signedInEmail?
+                .trimmingCharacters(in: .whitespacesAndNewlines)
+                .isEmpty == false
+                ? result.signedInEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
+                : normalizedTarget
+            self.lastOpenAIDashboardCookieImportEmail = effectiveEmail ?? normalizedTarget
+            await MainActor.run {
+                let signed = result.signedInEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
+                let matchText = result.matchesCodexEmail ? "matches Codex" : "does not match Codex"
+                let sourceLabel = switch cookieSource {
+                case .manual:
+                    "Manual cookie header"
+                case .auto:
+                    "\(result.sourceLabel) cookies"
+                case .off:
+                    "OpenAI cookies disabled"
+                }
+                if let signed, !signed.isEmpty {
+                    self.openAIDashboardCookieImportStatus =
+                        allowAnyAccount
+                            ? [
+                                "Using \(sourceLabel) (\(result.cookieCount)).",
+                                "Signed in as \(signed).",
+                            ].joined(separator: " ")
+                            : [
+                                "Using \(sourceLabel) (\(result.cookieCount)).",
+                                "Signed in as \(signed) (\(matchText)).",
+                            ].joined(separator: " ")
+                } else {
+                    self.openAIDashboardCookieImportStatus =
+                        "Using \(sourceLabel) (\(result.cookieCount))."
+                }
+            }
+            return effectiveEmail
+        } catch let err as OpenAIDashboardBrowserCookieImporter.ImportError {
+            guard !Task.isCancelled else { return nil }
+            switch err {
+            case let .noMatchingAccount(found):
+                let foundText: String = if found.isEmpty {
+                    "no signed-in session detected in \(self.codexBrowserCookieOrder.loginHint)"
+                } else {
+                    found
+                        .sorted { lhs, rhs in
+                            if lhs.sourceLabel == rhs.sourceLabel { return lhs.email < rhs.email }
+                            return lhs.sourceLabel < rhs.sourceLabel
+                        }
+                        .map { "\($0.sourceLabel): \($0.email)" }
+                        .joined(separator: " • ")
+                }
+                self.logOpenAIWeb("[\(stamp)] import mismatch: \(foundText)")
+                await MainActor.run {
+                    self.openAIDashboardCookieImportStatus = allowAnyAccount
+                        ? [
+                            "No signed-in OpenAI web session found.",
+                            "Found \(foundText).",
+                        ].joined(separator: " ")
+                        : Self.conciseOpenAICookieMismatchStatus(
+                            found: found.map(\.email),
+                            targetEmail: normalizedTarget)
+                    self.failClosedOpenAIDashboardSnapshot()
+                }
+            case .noCookiesFound,
+                 .browserAccessDenied,
+                 .dashboardStillRequiresLogin,
+                 .manualCookieHeaderInvalid:
+                self.logOpenAIWeb("[\(stamp)] import failed: \(err.localizedDescription)")
+                await MainActor.run {
+                    self.openAIDashboardCookieImportStatus =
+                        "OpenAI cookie import failed: \(err.localizedDescription)"
+                    self.openAIDashboardRequiresLogin = true
+                }
+            }
+        } catch {
+            guard !Task.isCancelled else { return nil }
+            self.logOpenAIWeb("[\(stamp)] import failed: \(error.localizedDescription)")
+            await MainActor.run {
+                self.openAIDashboardCookieImportStatus =
+                    "Browser cookie import failed: \(error.localizedDescription)"
+            }
+        }
+        return nil
+    }
+
+    private func resetOpenAIWebDebugLog(context: String) {
+        let stamp = Date().formatted(date: .abbreviated, time: .shortened)
+        self.openAIWebDebugLines.removeAll(keepingCapacity: true)
+        self.openAIDashboardCookieImportDebugLog = nil
+        self.logOpenAIWeb("[\(stamp)] OpenAI web \(context) start")
+    }
+
+    private func logOpenAIWeb(_ message: String) {
+        let safeMessage = LogRedactor.redact(message)
+        self.openAIWebLogger.debug(safeMessage)
+        self.openAIWebDebugLines.append(safeMessage)
+        if self.openAIWebDebugLines.count > 240 {
+            self.openAIWebDebugLines.removeFirst(self.openAIWebDebugLines.count - 240)
+        }
+        self.openAIDashboardCookieImportDebugLog = self.openAIWebDebugLines.joined(separator: "\n")
+    }
+
+    func resetOpenAIWebState() {
+        self.invalidateOpenAIDashboardRefreshTask()
+        OpenAIDashboardFetcher.evictAllCachedWebViews()
+        self.openAIDashboard = nil
+        self.openAIDashboardAttachmentAuthorized = false
+        self.lastOpenAIDashboardError = nil
+        self.lastOpenAIDashboardSnapshot = nil
+        self.lastOpenAIDashboardAttachmentAuthorized = false
+        self.lastOpenAIDashboardTargetEmail = nil
+        self.lastOpenAIDashboardAttemptAt = nil
+        self.openAIDashboardRequiresLogin = false
+        self.openAIDashboardCookieImportStatus = nil
+        self.openAIDashboardCookieImportDebugLog = nil
+        self.lastOpenAIDashboardCookieImportAttemptAt = nil
+        self.lastOpenAIDashboardCookieImportEmail = nil
+        self.lastKnownLiveSystemCodexEmail = nil
+    }
+
+    /// Routing-only optimization: this detects whether the fetched browser session appears to be for a
+    /// different account than the route target, so we can retry after cookie import. Ownership proof
+    /// happens exclusively through CodexDashboardAuthority.
+    private func dashboardEmailMismatch(expected: String?, actual: String?) -> Bool {
+        guard let expected, !expected.isEmpty else { return false }
+        guard let raw = actual?.trimmingCharacters(in: .whitespacesAndNewlines), !raw.isEmpty else { return false }
+        return raw.lowercased() != expected.lowercased()
+    }
+
+    private func openAIWebManagedTargetStoreIsUnreadable() -> Bool {
+        guard case .managedAccount = self.settings.codexResolvedActiveSource else {
+            return false
+        }
+        return self.settings.codexSettingsSnapshot(tokenOverride: nil).managedAccountStoreUnreadable
+    }
+
+    private func openAIWebManagedTargetIsMissing() -> Bool {
+        guard case .managedAccount = self.settings.codexResolvedActiveSource else {
+            return false
+        }
+        return self.selectedManagedCodexAccountForOpenAIWeb() == nil
+    }
+
+    private func selectedManagedCodexAccountForOpenAIWeb() -> ManagedCodexAccount? {
+        guard case let .managedAccount(id) = self.settings.codexResolvedActiveSource else {
+            return nil
+        }
+
+        let snapshot = self.settings.codexAccountReconciliationSnapshot
+        return snapshot.storedAccounts.first { $0.id == id }
+    }
+
+    func codexAccountEmailForOpenAIDashboard(allowLastKnownLiveFallback: Bool = true) -> String? {
+        switch self.settings.codexResolvedActiveSource {
+        case .liveSystem:
+            let liveSystem = self.settings.codexAccountReconciliationSnapshot.liveSystemAccount?.email
+                .trimmingCharacters(in: .whitespacesAndNewlines)
+            if let liveSystem, !liveSystem.isEmpty {
+                self.lastKnownLiveSystemCodexEmail = liveSystem
+                return liveSystem
+            }
+
+            guard allowLastKnownLiveFallback else { return nil }
+            let lastKnown = self.lastKnownLiveSystemCodexEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
+            if let lastKnown, !lastKnown.isEmpty { return lastKnown }
+            return nil
+        case .managedAccount:
+            if self.openAIWebManagedTargetStoreIsUnreadable() {
+                return nil
+            }
+
+            let managed = self.currentManagedCodexRuntimeEmail()?
+                .trimmingCharacters(in: .whitespacesAndNewlines)
+            if let managed, !managed.isEmpty { return managed }
+            return nil
+        }
+    }
+
+    func codexCookieCacheScopeForOpenAIWeb() -> CookieHeaderCache.Scope? {
+        switch self.settings.codexResolvedActiveSource {
+        case .liveSystem:
+            nil
+        case let .managedAccount(id):
+            self.openAIWebManagedTargetStoreIsUnreadable() ? .managedStoreUnreadable : .managedAccount(id)
+        }
+    }
+}
+
 // MARK: - OpenAI web error messaging
 
 extension UsageStore {
+    nonisolated static func shouldRunOpenAIWebRefresh(_ context: OpenAIWebRefreshPolicyContext) -> Bool {
+        guard context.accessEnabled else { return false }
+        return context.force || !context.batterySaverEnabled
+    }
+
+    nonisolated static func forceOpenAIWebRefreshForStaleRequest(batterySaverEnabled: Bool) -> Bool {
+        !batterySaverEnabled
+    }
+
+    nonisolated static func shouldSkipOpenAIWebRefresh(_ context: OpenAIWebRefreshGateContext) -> Bool {
+        if context.force || context.accountDidChange { return false }
+        if let lastAttemptAt = context.lastAttemptAt,
+           context.now.timeIntervalSince(lastAttemptAt) < context.refreshInterval
+        {
+            return true
+        }
+        if context.lastError == nil,
+           let lastSnapshotAt = context.lastSnapshotAt,
+           context.now.timeIntervalSince(lastSnapshotAt) < context.refreshInterval
+        {
+            return true
+        }
+        return false
+    }
+
+    func syncOpenAIWebState() {
+        guard self.isEnabled(.codex),
+              self.settings.openAIWebAccessEnabled,
+              self.settings.codexCookieSource.isEnabled
+        else {
+            self.resetOpenAIWebState()
+            return
+        }
+
+        let targetEmail = self.currentCodexOpenAIWebTargetEmail(
+            allowCurrentSnapshotFallback: true,
+            allowLastKnownLiveFallback: true)
+        self.handleOpenAIWebTargetEmailChangeIfNeeded(targetEmail: targetEmail)
+    }
+
     func openAIDashboardFriendlyError(
         body: String,
         targetEmail: String?,
@@ -32,12 +1351,10 @@ extension UsageStore {
         let targetLabel = (emailLabel?.isEmpty == false) ? emailLabel! : "your OpenAI account"
         if let status, !status.isEmpty {
             if status.contains("cookies do not match Codex account")
+                || status.localizedCaseInsensitiveContains("openai cookies are for")
                 || status.localizedCaseInsensitiveContains("cookie import failed")
             {
-                return [
-                    status,
-                    "Sign in to chatgpt.com as \(targetLabel), then update OpenAI cookies in Providers → Codex.",
-                ].joined(separator: " ")
+                return "\(status) Switch chatgpt.com account, then refresh OpenAI cookies."
             }
         }
         return [
@@ -45,4 +1362,39 @@ extension UsageStore {
             "Sign in to chatgpt.com as \(targetLabel), then update OpenAI cookies in Providers → Codex.",
         ].joined(separator: " ")
     }
+
+    private static func conciseOpenAICookieMismatchStatus(
+        found: [String],
+        targetEmail: String?)
+        -> String
+    {
+        let normalizedFound = Array(Set(
+            found
+                .map { $0.trimmingCharacters(in: .whitespacesAndNewlines).lowercased() }
+                .filter { !$0.isEmpty }))
+            .sorted()
+
+        let foundLabel: String = switch normalizedFound.count {
+        case 0:
+            ""
+        case 1:
+            normalizedFound[0]
+        case 2:
+            "\(normalizedFound[0]) or \(normalizedFound[1])"
+        default:
+            "\(normalizedFound[0]) or \(normalizedFound.count - 1) other accounts"
+        }
+
+        let targetLabel = targetEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
+        if normalizedFound.isEmpty {
+            guard let targetLabel, !targetLabel.isEmpty else {
+                return "No matching OpenAI web session found."
+            }
+            return "No matching OpenAI web session found for \(targetLabel)."
+        }
+        guard let targetLabel, !targetLabel.isEmpty else {
+            return "OpenAI cookies are for \(foundLabel)."
+        }
+        return "OpenAI cookies are for \(foundLabel), not \(targetLabel)."
+    }
 }
diff --git a/Sources/CodexBar/UsageStore+PlanUtilization.swift b/Sources/CodexBar/UsageStore+PlanUtilization.swift
new file mode 100644
index 000000000..82b81708b
--- /dev/null
+++ b/Sources/CodexBar/UsageStore+PlanUtilization.swift
@@ -0,0 +1,1108 @@
+import CodexBarCore
+import Foundation
+
+extension UsageStore {
+    private nonisolated static let weeklyLimitResetThreshold = 1.0
+    private nonisolated static let weeklyLimitResetDetectorDefaultsKey = "weeklyLimitResetDetectorStates"
+    private nonisolated static let weeklyWindowMinutes = 7 * 24 * 60
+
+    struct WeeklyLimitResetDetectorState: Codable, Equatable {
+        let wasAboveThreshold: Bool
+        let lastObservedAt: Date
+    }
+
+    func supportsPlanUtilizationHistory(for provider: UsageProvider) -> Bool {
+        switch provider {
+        case .codex, .claude:
+            true
+        default:
+            false
+        }
+    }
+
+    private nonisolated static let planUtilizationMinSampleIntervalSeconds: TimeInterval = 60 * 60
+    private nonisolated static let planUtilizationResetEquivalenceToleranceSeconds: TimeInterval = 2 * 60
+    private nonisolated static let planUtilizationMaxSamples: Int = 24 * 730
+
+    private struct PlanUtilizationSeriesKey: Hashable {
+        let name: PlanUtilizationSeriesName
+        let windowMinutes: Int
+    }
+
+    private struct PlanUtilizationSeriesSample {
+        let name: PlanUtilizationSeriesName
+        let windowMinutes: Int
+        let entry: PlanUtilizationHistoryEntry
+    }
+
+    func planUtilizationHistory(for provider: UsageProvider) -> [PlanUtilizationSeriesHistory] {
+        var providerBuckets = self.planUtilizationHistory[provider] ?? PlanUtilizationHistoryBuckets()
+        let originalProviderBuckets = providerBuckets
+        let accountKey = self.resolvePlanUtilizationAccountKey(
+            provider: provider,
+            snapshot: self.snapshots[provider],
+            preferredAccount: nil,
+            providerBuckets: &providerBuckets)
+        self.planUtilizationHistory[provider] = providerBuckets
+        if providerBuckets != originalProviderBuckets {
+            let snapshotToPersist = self.planUtilizationHistory
+            Task {
+                await self.planUtilizationPersistenceCoordinator.enqueue(snapshotToPersist)
+            }
+        }
+        return providerBuckets.histories(for: accountKey)
+    }
+
+    func shouldShowRefreshingMenuCard(for provider: UsageProvider) -> Bool {
+        let isRefreshing = self.isRefreshing || self.refreshingProviders.contains(provider)
+        return isRefreshing
+            && self.snapshots[provider] == nil
+            && self.error(for: provider) == nil
+    }
+
+    func shouldHidePlanUtilizationMenuItem(for provider: UsageProvider) -> Bool {
+        guard self.supportsPlanUtilizationHistory(for: provider) else { return true }
+        return self.shouldShowRefreshingMenuCard(for: provider)
+    }
+
+    func recordPlanUtilizationHistorySample(
+        provider: UsageProvider,
+        snapshot: UsageSnapshot,
+        account: ProviderTokenAccount? = nil,
+        shouldUpdatePreferredAccountKey: Bool = true,
+        shouldAdoptUnscopedHistory: Bool = true,
+        now: Date = Date())
+        async
+    {
+        let samples = self.planUtilizationSeriesSamples(provider: provider, snapshot: snapshot, capturedAt: now)
+        guard !samples.isEmpty else { return }
+
+        let detectorAccountKey = self.planUtilizationAccountKey(
+            for: provider,
+            snapshot: snapshot,
+            preferredAccount: account)
+        await MainActor.run {
+            self.postWeeklyLimitResetCelebrationIfNeeded(
+                provider: provider,
+                account: account,
+                snapshot: snapshot,
+                accountKey: detectorAccountKey,
+                samples: samples)
+        }
+
+        guard self.supportsPlanUtilizationHistory(for: provider) else { return }
+        guard !self.shouldDeferClaudePlanUtilizationHistory(provider: provider) else { return }
+
+        var snapshotToPersist: [UsageProvider: PlanUtilizationHistoryBuckets]?
+        await MainActor.run {
+            var providerBuckets = self.planUtilizationHistory[provider] ?? PlanUtilizationHistoryBuckets()
+            let preferredAccount = account ?? self.settings.selectedTokenAccount(for: provider)
+            let accountKey = self.resolvePlanUtilizationAccountKey(
+                provider: provider,
+                snapshot: snapshot,
+                preferredAccount: preferredAccount,
+                shouldUpdatePreferredAccountKey: shouldUpdatePreferredAccountKey,
+                shouldAdoptUnscopedHistory: shouldAdoptUnscopedHistory,
+                providerBuckets: &providerBuckets)
+            let histories = providerBuckets.histories(for: accountKey)
+
+            guard let updatedHistories = Self.updatedPlanUtilizationHistories(
+                existingHistories: histories,
+                samples: samples)
+            else {
+                return
+            }
+
+            providerBuckets.setHistories(updatedHistories, for: accountKey)
+            self.planUtilizationHistory[provider] = providerBuckets
+            snapshotToPersist = self.planUtilizationHistory
+        }
+
+        guard let snapshotToPersist else { return }
+        await self.planUtilizationPersistenceCoordinator.enqueue(snapshotToPersist)
+    }
+
+    private nonisolated static func updatedPlanUtilizationHistories(
+        existingHistories: [PlanUtilizationSeriesHistory],
+        samples: [PlanUtilizationSeriesSample]) -> [PlanUtilizationSeriesHistory]?
+    {
+        guard !samples.isEmpty else { return nil }
+
+        var historiesByKey: [PlanUtilizationSeriesKey: PlanUtilizationSeriesHistory] = [:]
+        var didChange = false
+        for history in existingHistories {
+            let canonicalWindowMinutes = history.name.canonicalWindowMinutes(history.windowMinutes)
+            let key = PlanUtilizationSeriesKey(name: history.name, windowMinutes: canonicalWindowMinutes)
+            let canonicalHistory = PlanUtilizationSeriesHistory(
+                name: history.name,
+                windowMinutes: canonicalWindowMinutes,
+                entries: history.entries)
+            if let existingHistory = historiesByKey[key] {
+                historiesByKey[key] = PlanUtilizationSeriesHistory(
+                    name: history.name,
+                    windowMinutes: canonicalWindowMinutes,
+                    entries: self.mergedPlanUtilizationEntries(existingHistory.entries + canonicalHistory.entries))
+                didChange = true
+            } else {
+                historiesByKey[key] = canonicalHistory
+                didChange = didChange || canonicalWindowMinutes != history.windowMinutes
+            }
+        }
+
+        for sample in samples {
+            let canonicalWindowMinutes = sample.name.canonicalWindowMinutes(sample.windowMinutes)
+            let key = PlanUtilizationSeriesKey(name: sample.name, windowMinutes: canonicalWindowMinutes)
+            if let existingHistory = historiesByKey[key] {
+                guard let updatedEntries = self.updatedPlanUtilizationEntries(
+                    existingEntries: existingHistory.entries,
+                    entry: sample.entry)
+                else {
+                    continue
+                }
+                historiesByKey[key] = PlanUtilizationSeriesHistory(
+                    name: sample.name,
+                    windowMinutes: canonicalWindowMinutes,
+                    entries: updatedEntries)
+            } else {
+                historiesByKey[key] = PlanUtilizationSeriesHistory(
+                    name: sample.name,
+                    windowMinutes: canonicalWindowMinutes,
+                    entries: [sample.entry])
+            }
+            didChange = true
+        }
+
+        guard didChange else { return nil }
+        return historiesByKey.values.sorted { lhs, rhs in
+            if lhs.windowMinutes != rhs.windowMinutes {
+                return lhs.windowMinutes < rhs.windowMinutes
+            }
+            return lhs.name.rawValue < rhs.name.rawValue
+        }
+    }
+
+    private nonisolated static func mergedPlanUtilizationEntries(
+        _ entries: [PlanUtilizationHistoryEntry]) -> [PlanUtilizationHistoryEntry]
+    {
+        entries.reduce(into: []) { result, entry in
+            guard !result.contains(entry) else { return }
+            result.append(entry)
+        }
+    }
+
+    private nonisolated static func updatedPlanUtilizationEntries(
+        existingEntries: [PlanUtilizationHistoryEntry],
+        entry: PlanUtilizationHistoryEntry) -> [PlanUtilizationHistoryEntry]?
+    {
+        var entries = existingEntries
+        let insertionIndex = entries.firstIndex(where: { $0.capturedAt > entry.capturedAt }) ?? entries.endIndex
+        let sampleHourBucket = self.planUtilizationHourBucket(for: entry.capturedAt)
+        let sameHourRange = self.planUtilizationHourRange(
+            entries: entries,
+            insertionIndex: insertionIndex,
+            hourBucket: sampleHourBucket)
+        let existingHourEntries = Array(entries[sameHourRange])
+        let canonicalHourEntries = self.canonicalPlanUtilizationHourEntries(
+            existingHourEntries: existingHourEntries,
+            incomingEntry: entry)
+
+        guard canonicalHourEntries != existingHourEntries else { return nil }
+        entries.replaceSubrange(sameHourRange, with: canonicalHourEntries)
+
+        if entries.count > self.planUtilizationMaxSamples {
+            entries.removeFirst(entries.count - self.planUtilizationMaxSamples)
+        }
+        return entries
+    }
+
+    #if DEBUG
+    nonisolated static func _updatedPlanUtilizationEntriesForTesting(
+        existingEntries: [PlanUtilizationHistoryEntry],
+        entry: PlanUtilizationHistoryEntry) -> [PlanUtilizationHistoryEntry]?
+    {
+        self.updatedPlanUtilizationEntries(existingEntries: existingEntries, entry: entry)
+    }
+
+    nonisolated static func _updatedPlanUtilizationHistoriesForTesting(
+        existingHistories: [PlanUtilizationSeriesHistory],
+        samples: [PlanUtilizationSeriesHistory]) -> [PlanUtilizationSeriesHistory]?
+    {
+        let normalized = samples.flatMap { history in
+            history.entries.map { entry in
+                PlanUtilizationSeriesSample(name: history.name, windowMinutes: history.windowMinutes, entry: entry)
+            }
+        }
+        return self.updatedPlanUtilizationHistories(existingHistories: existingHistories, samples: normalized)
+    }
+
+    nonisolated static var _planUtilizationMaxSamplesForTesting: Int {
+        self.planUtilizationMaxSamples
+    }
+    #endif
+
+    private nonisolated static func clampedPercent(_ value: Double?) -> Double? {
+        guard let value else { return nil }
+        return max(0, min(100, value))
+    }
+
+    private func postWeeklyLimitResetCelebrationIfNeeded(
+        provider: UsageProvider,
+        account: ProviderTokenAccount?,
+        snapshot: UsageSnapshot,
+        accountKey: String?,
+        samples: [PlanUtilizationSeriesSample])
+    {
+        guard let weeklySample = samples.last(where: { $0.name == .weekly }) else { return }
+
+        let accountIdentifier = self.weeklyLimitResetAccountIdentifier(
+            provider: provider,
+            account: account,
+            snapshot: snapshot,
+            accountKey: accountKey)
+        let detectorKey = Self.weeklyLimitResetDetectorStateKey(
+            provider: provider,
+            accountIdentifier: accountIdentifier)
+        let currentUsed = weeklySample.entry.usedPercent
+        let currentObservedAt = weeklySample.entry.capturedAt
+        let wasAboveThreshold = currentUsed > Self.weeklyLimitResetThreshold
+        if let existingState = self.weeklyLimitResetDetectorStates[detectorKey],
+           currentObservedAt <= existingState.lastObservedAt
+        {
+            return
+        }
+
+        let shouldPost = self.weeklyLimitResetDetectorStates[detectorKey]?.wasAboveThreshold == true
+            && !wasAboveThreshold
+        self.weeklyLimitResetDetectorStates[detectorKey] = WeeklyLimitResetDetectorState(
+            wasAboveThreshold: wasAboveThreshold,
+            lastObservedAt: currentObservedAt)
+        self.persistWeeklyLimitResetDetectorStates()
+
+        guard shouldPost else { return }
+        let accountLabel = self.weeklyLimitResetAccountLabel(
+            provider: provider,
+            account: account,
+            snapshot: snapshot)
+        let event = WeeklyLimitResetEvent(
+            provider: provider,
+            accountIdentifier: accountIdentifier,
+            accountLabel: accountLabel,
+            usedPercent: currentUsed)
+
+        CodexBarLog.logger(LogCategories.confetti).info(
+            "Weekly limit reset",
+            metadata: [
+                "provider": provider.rawValue,
+                "accountIdentifier": accountIdentifier,
+                "accountLabel": accountLabel ?? "",
+                "usedPercent": String(format: "%.2f", currentUsed),
+                "observedAt": String(format: "%.0f", currentObservedAt.timeIntervalSince1970),
+            ])
+        NotificationCenter.default.post(name: .codexbarWeeklyLimitReset, object: event)
+    }
+
+    private func planUtilizationSeriesSamples(
+        provider: UsageProvider,
+        snapshot: UsageSnapshot,
+        capturedAt: Date) -> [PlanUtilizationSeriesSample]
+    {
+        var samplesByKey: [PlanUtilizationSeriesKey: PlanUtilizationSeriesSample] = [:]
+
+        func appendWindow(_ window: RateWindow?, name: PlanUtilizationSeriesName?) {
+            guard let name,
+                  let window,
+                  let windowMinutes = window.windowMinutes,
+                  windowMinutes > 0,
+                  let usedPercent = Self.clampedPercent(window.usedPercent)
+            else {
+                return
+            }
+
+            let canonicalWindowMinutes = name.canonicalWindowMinutes(windowMinutes)
+            let key = PlanUtilizationSeriesKey(name: name, windowMinutes: canonicalWindowMinutes)
+            samplesByKey[key] = PlanUtilizationSeriesSample(
+                name: name,
+                windowMinutes: canonicalWindowMinutes,
+                entry: PlanUtilizationHistoryEntry(
+                    capturedAt: capturedAt,
+                    usedPercent: usedPercent,
+                    resetsAt: window.resetsAt))
+        }
+
+        switch provider {
+        case .codex:
+            let projection = self.codexConsumerProjection(
+                surface: .liveCard,
+                snapshotOverride: snapshot,
+                now: capturedAt)
+            for lane in projection.planUtilizationLanes {
+                appendWindow(lane.window, name: lane.role)
+            }
+        case .claude:
+            appendWindow(snapshot.primary, name: .session)
+            appendWindow(snapshot.secondary, name: .weekly)
+            appendWindow(snapshot.tertiary, name: .opus)
+        default:
+            for window in [snapshot.primary, snapshot.secondary, snapshot.tertiary] {
+                guard let window, window.windowMinutes == Self.weeklyWindowMinutes else { continue }
+                appendWindow(window, name: .weekly)
+            }
+        }
+
+        return samplesByKey.values.sorted { lhs, rhs in
+            if lhs.windowMinutes != rhs.windowMinutes {
+                return lhs.windowMinutes < rhs.windowMinutes
+            }
+            return lhs.name.rawValue < rhs.name.rawValue
+        }
+    }
+
+    private nonisolated static func planUtilizationHourBucket(for date: Date) -> Int64 {
+        Int64(floor(date.timeIntervalSince1970 / self.planUtilizationMinSampleIntervalSeconds))
+    }
+
+    private nonisolated static func planUtilizationHourRange(
+        entries: [PlanUtilizationHistoryEntry],
+        insertionIndex: Int,
+        hourBucket: Int64) -> Range<Int>
+    {
+        var lowerBound = insertionIndex
+        while lowerBound > entries.startIndex {
+            let previousIndex = lowerBound - 1
+            let previousHourBucket = self.planUtilizationHourBucket(for: entries[previousIndex].capturedAt)
+            guard previousHourBucket == hourBucket else { break }
+            lowerBound = previousIndex
+        }
+
+        var upperBound = insertionIndex
+        while upperBound < entries.endIndex {
+            let currentHourBucket = self.planUtilizationHourBucket(for: entries[upperBound].capturedAt)
+            guard currentHourBucket == hourBucket else { break }
+            upperBound += 1
+        }
+
+        return lowerBound..<upperBound
+    }
+
+    private nonisolated static func canonicalPlanUtilizationHourEntries(
+        existingHourEntries: [PlanUtilizationHistoryEntry],
+        incomingEntry: PlanUtilizationHistoryEntry) -> [PlanUtilizationHistoryEntry]
+    {
+        let hourlyObservations = (existingHourEntries + [incomingEntry]).sorted { lhs, rhs in
+            if lhs.capturedAt != rhs.capturedAt {
+                return lhs.capturedAt < rhs.capturedAt
+            }
+            if lhs.usedPercent != rhs.usedPercent {
+                return lhs.usedPercent < rhs.usedPercent
+            }
+            let lhsReset = lhs.resetsAt?.timeIntervalSince1970 ?? Date.distantPast.timeIntervalSince1970
+            let rhsReset = rhs.resetsAt?.timeIntervalSince1970 ?? Date.distantPast.timeIntervalSince1970
+            return lhsReset < rhsReset
+        }
+        guard var activeSegmentPeak = hourlyObservations.first else { return [] }
+
+        var peakBeforeLatestReset: PlanUtilizationHistoryEntry?
+
+        for observation in hourlyObservations.dropFirst() {
+            if self.startsNewPlanUtilizationResetSegment(
+                activeSegmentPeak: activeSegmentPeak,
+                observation: observation)
+            {
+                if peakBeforeLatestReset == nil {
+                    peakBeforeLatestReset = activeSegmentPeak
+                }
+                activeSegmentPeak = observation
+                continue
+            }
+
+            activeSegmentPeak = self.segmentPeakEntry(
+                existingPeak: activeSegmentPeak,
+                observation: observation)
+        }
+
+        if let peakBeforeLatestReset {
+            return [peakBeforeLatestReset, activeSegmentPeak]
+        }
+        return [activeSegmentPeak]
+    }
+
+    private nonisolated static func startsNewPlanUtilizationResetSegment(
+        activeSegmentPeak: PlanUtilizationHistoryEntry,
+        observation: PlanUtilizationHistoryEntry) -> Bool
+    {
+        self.haveMeaningfullyDifferentResetBoundaries(
+            activeSegmentPeak.resetsAt,
+            observation.resetsAt)
+    }
+
+    private nonisolated static func segmentPeakEntry(
+        existingPeak: PlanUtilizationHistoryEntry,
+        observation: PlanUtilizationHistoryEntry) -> PlanUtilizationHistoryEntry
+    {
+        if existingPeak.resetsAt == nil, observation.resetsAt != nil {
+            return observation
+        }
+
+        let hasHigherUsage = observation.usedPercent > existingPeak.usedPercent
+        let tiesUsageAndIsMoreRecent = observation.usedPercent == existingPeak.usedPercent
+            && observation.capturedAt >= existingPeak.capturedAt
+        let observationShouldReplacePeak = hasHigherUsage || tiesUsageAndIsMoreRecent
+        let peakSource = observationShouldReplacePeak ? observation : existingPeak
+        let preferObservationMetadata = observation.capturedAt >= existingPeak.capturedAt
+
+        return PlanUtilizationHistoryEntry(
+            capturedAt: peakSource.capturedAt,
+            usedPercent: peakSource.usedPercent,
+            resetsAt: self.preferredResetBoundary(
+                existing: existingPeak.resetsAt,
+                incoming: observation.resetsAt,
+                preferIncoming: preferObservationMetadata))
+    }
+
+    private nonisolated static func haveMeaningfullyDifferentResetBoundaries(_ lhs: Date?, _ rhs: Date?) -> Bool {
+        switch (lhs, rhs) {
+        case let (lhs?, rhs?):
+            abs(lhs.timeIntervalSince(rhs)) >= self.planUtilizationResetEquivalenceToleranceSeconds
+        case (.none, .none):
+            false
+        default:
+            false
+        }
+    }
+
+    private nonisolated static func preferredResetBoundary(
+        existing: Date?,
+        incoming: Date?,
+        preferIncoming: Bool) -> Date?
+    {
+        if preferIncoming {
+            return incoming ?? existing
+        }
+        return existing ?? incoming
+    }
+
+    private func planUtilizationAccountKey(
+        for provider: UsageProvider,
+        snapshot: UsageSnapshot? = nil,
+        preferredAccount: ProviderTokenAccount? = nil) -> String?
+    {
+        let account = preferredAccount ?? self.settings.selectedTokenAccount(for: provider)
+        let accountKey = Self.planUtilizationAccountKey(provider: provider, account: account)
+        if let accountKey {
+            return accountKey
+        }
+        let resolvedSnapshot = snapshot ?? self.snapshots[provider]
+        return resolvedSnapshot.flatMap { Self.planUtilizationIdentityAccountKey(provider: provider, snapshot: $0) }
+    }
+
+    private nonisolated static func planUtilizationAccountKey(
+        provider: UsageProvider,
+        account: ProviderTokenAccount?) -> String?
+    {
+        guard let account else { return nil }
+        return self.sha256Hex("\(provider.rawValue):token-account:\(account.id.uuidString.lowercased())")
+    }
+
+    private nonisolated static func planUtilizationIdentityAccountKey(
+        provider: UsageProvider,
+        snapshot: UsageSnapshot) -> String?
+    {
+        guard let identity = snapshot.identity(for: provider) else { return nil }
+
+        let normalizedEmail = identity.accountEmail?
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            .lowercased()
+        if let normalizedEmail, !normalizedEmail.isEmpty {
+            if provider == .codex {
+                return CodexHistoryOwnership.canonicalEmailHashKey(for: normalizedEmail)
+            }
+            if provider == .claude {
+                let normalizedOrganization = identity.accountOrganization?
+                    .trimmingCharacters(in: .whitespacesAndNewlines)
+                    .lowercased()
+                let normalizedLoginMethod = identity.loginMethod?
+                    .trimmingCharacters(in: .whitespacesAndNewlines)
+                    .lowercased()
+                let normalizedPlan = ClaudePlan.fromCompatibilityLoginMethod(identity.loginMethod)?.rawValue
+                let organizationDiscriminator: String? =
+                    if let normalizedOrganization, !normalizedOrganization.isEmpty {
+                        "org:\(normalizedOrganization)"
+                    } else {
+                        nil
+                    }
+                let planDiscriminator = normalizedPlan.map { "plan:\($0)" }
+                let loginMethodDiscriminator: String? =
+                    if let normalizedLoginMethod, !normalizedLoginMethod.isEmpty {
+                        "plan:\(normalizedLoginMethod)"
+                    } else {
+                        nil
+                    }
+                let discriminator = organizationDiscriminator ?? planDiscriminator ?? loginMethodDiscriminator
+                guard let discriminator else {
+                    return self.sha256Hex("claude:email:\(normalizedEmail)")
+                }
+                return self.sha256Hex("\(provider.rawValue):email:\(normalizedEmail):\(discriminator)")
+            }
+            return self.sha256Hex("\(provider.rawValue):email:\(normalizedEmail)")
+        }
+
+        if provider == .claude {
+            return nil
+        }
+
+        let normalizedOrganization = identity.accountOrganization?
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            .lowercased()
+        if let normalizedOrganization, !normalizedOrganization.isEmpty {
+            return self.sha256Hex("\(provider.rawValue):organization:\(normalizedOrganization)")
+        }
+
+        return nil
+    }
+
+    private nonisolated static func legacyClaudePlanUtilizationEmailAccountKey(snapshot: UsageSnapshot) -> String? {
+        guard let identity = snapshot.identity(for: .claude) else { return nil }
+        let normalizedEmail = identity.accountEmail?
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            .lowercased()
+        guard let normalizedEmail, !normalizedEmail.isEmpty else { return nil }
+        return self.sha256Hex("claude:email:\(normalizedEmail)")
+    }
+
+    private func shouldDeferClaudePlanUtilizationHistory(provider: UsageProvider) -> Bool {
+        provider == .claude && self.shouldHidePlanUtilizationMenuItem(for: .claude)
+    }
+
+    private func weeklyLimitResetAccountIdentifier(
+        provider: UsageProvider,
+        account: ProviderTokenAccount?,
+        snapshot: UsageSnapshot,
+        accountKey: String?) -> String
+    {
+        let identity = snapshot.identity(for: provider)
+        return account?.id.uuidString.lowercased()
+            ?? accountKey
+            ?? identity?.accountEmail
+            ?? identity?.accountOrganization
+            ?? provider.rawValue
+    }
+
+    private func weeklyLimitResetAccountLabel(
+        provider: UsageProvider,
+        account: ProviderTokenAccount?,
+        snapshot: UsageSnapshot) -> String?
+    {
+        let identity = snapshot.identity(for: provider)
+        return account?.label
+            ?? identity?.accountEmail
+            ?? identity?.accountOrganization
+    }
+
+    private nonisolated static func weeklyLimitResetDetectorStateKey(
+        provider: UsageProvider,
+        accountIdentifier: String) -> String
+    {
+        "\(provider.rawValue):\(accountIdentifier)"
+    }
+
+    nonisolated static func loadWeeklyLimitResetDetectorStates(from userDefaults: UserDefaults)
+        -> [String: WeeklyLimitResetDetectorState]
+    {
+        guard let data = userDefaults.data(forKey: self.weeklyLimitResetDetectorDefaultsKey) else { return [:] }
+        do {
+            return try JSONDecoder().decode([String: WeeklyLimitResetDetectorState].self, from: data)
+        } catch {
+            CodexBarLog.logger(LogCategories.confetti).error(
+                "Failed to decode weekly limit reset detector state",
+                metadata: ["error": String(describing: error)])
+            return [:]
+        }
+    }
+
+    private func persistWeeklyLimitResetDetectorStates() {
+        do {
+            let data = try JSONEncoder().encode(self.weeklyLimitResetDetectorStates)
+            self.settings.userDefaults.set(data, forKey: Self.weeklyLimitResetDetectorDefaultsKey)
+        } catch {
+            CodexBarLog.logger(LogCategories.confetti).error(
+                "Failed to encode weekly limit reset detector state",
+                metadata: ["error": String(describing: error)])
+        }
+    }
+
+    private func resolvePlanUtilizationAccountKey(
+        provider: UsageProvider,
+        snapshot: UsageSnapshot?,
+        preferredAccount: ProviderTokenAccount?,
+        shouldUpdatePreferredAccountKey: Bool = true,
+        shouldAdoptUnscopedHistory: Bool = true,
+        providerBuckets: inout PlanUtilizationHistoryBuckets) -> String?
+    {
+        if provider == .codex {
+            return self.resolveCodexPlanUtilizationAccountKey(
+                snapshot: snapshot,
+                shouldUpdatePreferredAccountKey: shouldUpdatePreferredAccountKey,
+                shouldAdoptUnscopedHistory: shouldAdoptUnscopedHistory,
+                providerBuckets: &providerBuckets)
+        }
+
+        let resolvedAccount = preferredAccount ?? self.settings.selectedTokenAccount(for: provider)
+        if let tokenAccountKey = Self.planUtilizationAccountKey(provider: provider, account: resolvedAccount) {
+            if shouldUpdatePreferredAccountKey {
+                providerBuckets.preferredAccountKey = tokenAccountKey
+            }
+            if shouldAdoptUnscopedHistory {
+                self.adoptPlanUtilizationUnscopedHistoryIfNeeded(
+                    into: tokenAccountKey,
+                    provider: provider,
+                    providerBuckets: &providerBuckets)
+            }
+            return tokenAccountKey
+        }
+
+        if let snapshot,
+           let identityAccountKey = Self.planUtilizationIdentityAccountKey(provider: provider, snapshot: snapshot)
+        {
+            let resolvedIdentityAccountKey = self.materializeLegacyClaudePlanUtilizationHistoryIfNeeded(
+                into: identityAccountKey,
+                provider: provider,
+                snapshot: snapshot,
+                providerBuckets: &providerBuckets)
+            if shouldUpdatePreferredAccountKey {
+                providerBuckets.preferredAccountKey = resolvedIdentityAccountKey
+            }
+            if shouldAdoptUnscopedHistory {
+                self.adoptPlanUtilizationUnscopedHistoryIfNeeded(
+                    into: resolvedIdentityAccountKey,
+                    provider: provider,
+                    providerBuckets: &providerBuckets)
+            }
+            return resolvedIdentityAccountKey
+        }
+
+        if let stickyAccountKey = self.stickyPlanUtilizationAccountKey(providerBuckets: providerBuckets) {
+            return stickyAccountKey
+        }
+
+        return nil
+    }
+
+    private func resolveCodexPlanUtilizationAccountKey(
+        snapshot: UsageSnapshot?,
+        shouldUpdatePreferredAccountKey: Bool,
+        shouldAdoptUnscopedHistory: Bool,
+        providerBuckets: inout PlanUtilizationHistoryBuckets) -> String?
+    {
+        let ownership = self.codexOwnershipContext(snapshot: snapshot, includeDashboardFallback: true)
+        if let canonicalKey = ownership.canonicalKey {
+            let resolvedAccountKey = self.materializeCodexPlanUtilizationHistoryIfNeeded(
+                into: canonicalKey,
+                ownership: ownership,
+                shouldAdoptUnscopedHistory: shouldAdoptUnscopedHistory,
+                providerBuckets: &providerBuckets)
+            if shouldUpdatePreferredAccountKey {
+                providerBuckets.preferredAccountKey = resolvedAccountKey
+            }
+            return resolvedAccountKey
+        }
+
+        if let stickyAccountKey = self.stickyPlanUtilizationAccountKey(providerBuckets: providerBuckets) {
+            return stickyAccountKey
+        }
+
+        return nil
+    }
+
+    private func materializeCodexPlanUtilizationHistoryIfNeeded(
+        into canonicalKey: String,
+        ownership: CodexOwnershipContext,
+        shouldAdoptUnscopedHistory: Bool,
+        providerBuckets: inout PlanUtilizationHistoryBuckets) -> String
+    {
+        var historiesToMerge: [[PlanUtilizationSeriesHistory]] = []
+        let scopedRawKeys = Array(providerBuckets.accounts.keys)
+        var legacyRawKeysToRemove: [String] = []
+
+        for rawKey in scopedRawKeys {
+            let owner = CodexHistoryOwnership.classifyPersistedKey(
+                rawKey,
+                legacyEmailHash: ownership.planUtilizationLegacyEmailHash)
+            let matchesTargetContinuity = CodexHistoryOwnership.belongsToTargetContinuity(
+                owner,
+                targetCanonicalKey: canonicalKey,
+                canonicalEmailHashKey: ownership.canonicalEmailHashKey)
+            if matchesTargetContinuity,
+               let accountHistories = providerBuckets.accounts[rawKey],
+               !accountHistories.isEmpty
+            {
+                historiesToMerge.append(accountHistories)
+                if rawKey != canonicalKey {
+                    legacyRawKeysToRemove.append(rawKey)
+                }
+            }
+        }
+
+        if let recoverableOpaqueRawKey = self.recoverableCodexOpaquePlanHistoryRawKey(
+            targetCanonicalKey: canonicalKey,
+            ownership: ownership,
+            providerBuckets: providerBuckets),
+            let opaqueHistories = providerBuckets.accounts[recoverableOpaqueRawKey],
+            !opaqueHistories.isEmpty
+        {
+            historiesToMerge.append(opaqueHistories)
+            legacyRawKeysToRemove.append(recoverableOpaqueRawKey)
+        }
+
+        if shouldAdoptUnscopedHistory,
+           !providerBuckets.unscoped.isEmpty,
+           CodexHistoryOwnership.hasStrictSingleAccountContinuity(
+               scopedRawKeys: Self.scopedRawKeysRelevantToCodexUnscopedPlanHistory(providerBuckets),
+               targetCanonicalKey: canonicalKey,
+               canonicalEmailHashKey: ownership.canonicalEmailHashKey,
+               legacyEmailHash: ownership.planUtilizationLegacyEmailHash,
+               hasAdjacentMultiAccountVeto: ownership.hasAdjacentMultiAccountVeto)
+        {
+            historiesToMerge.append(providerBuckets.unscoped)
+            providerBuckets.unscoped = []
+        }
+
+        guard !historiesToMerge.isEmpty else { return canonicalKey }
+        for rawKey in legacyRawKeysToRemove {
+            providerBuckets.accounts.removeValue(forKey: rawKey)
+        }
+        let mergedHistory = Self.mergedPlanUtilizationHistories(provider: .codex, histories: historiesToMerge)
+        providerBuckets.setHistories(mergedHistory, for: canonicalKey)
+        return canonicalKey
+    }
+
+    private func materializeLegacyClaudePlanUtilizationHistoryIfNeeded(
+        into accountKey: String,
+        provider: UsageProvider,
+        snapshot: UsageSnapshot,
+        providerBuckets: inout PlanUtilizationHistoryBuckets) -> String
+    {
+        guard provider == .claude,
+              let legacyAccountKey = Self.legacyClaudePlanUtilizationEmailAccountKey(snapshot: snapshot),
+              legacyAccountKey != accountKey,
+              let legacyHistories = providerBuckets.accounts[legacyAccountKey],
+              !legacyHistories.isEmpty
+        else {
+            return accountKey
+        }
+
+        let existingHistories = providerBuckets.accounts[accountKey] ?? []
+        let mergedHistory = Self.mergedPlanUtilizationHistories(provider: provider, histories: [
+            existingHistories,
+            legacyHistories,
+        ])
+        providerBuckets.accounts.removeValue(forKey: legacyAccountKey)
+        providerBuckets.setHistories(mergedHistory, for: accountKey)
+        if providerBuckets.preferredAccountKey == legacyAccountKey {
+            providerBuckets.preferredAccountKey = accountKey
+        }
+        return accountKey
+    }
+
+    private func adoptPlanUtilizationUnscopedHistoryIfNeeded(
+        into accountKey: String,
+        provider: UsageProvider,
+        providerBuckets: inout PlanUtilizationHistoryBuckets)
+    {
+        guard !providerBuckets.unscoped.isEmpty else { return }
+
+        let existingHistory = providerBuckets.accounts[accountKey] ?? []
+        let mergedHistory = Self.mergedPlanUtilizationHistories(provider: provider, histories: [
+            existingHistory,
+            providerBuckets.unscoped,
+        ])
+        providerBuckets.setHistories(mergedHistory, for: accountKey)
+        providerBuckets.setHistories([], for: nil)
+    }
+
+    private func stickyPlanUtilizationAccountKey(
+        providerBuckets: PlanUtilizationHistoryBuckets) -> String?
+    {
+        let knownAccountKeys = self.knownPlanUtilizationAccountKeys(providerBuckets: providerBuckets)
+        guard !knownAccountKeys.isEmpty else { return nil }
+
+        if let preferredAccountKey = providerBuckets.preferredAccountKey,
+           knownAccountKeys.contains(preferredAccountKey)
+        {
+            return preferredAccountKey
+        }
+
+        if knownAccountKeys.count == 1 {
+            return knownAccountKeys[0]
+        }
+
+        return knownAccountKeys.max { lhs, rhs in
+            let lhsDate = providerBuckets.accounts[lhs]?.compactMap(\.latestCapturedAt).max() ?? .distantPast
+            let rhsDate = providerBuckets.accounts[rhs]?.compactMap(\.latestCapturedAt).max() ?? .distantPast
+            if lhsDate == rhsDate {
+                return lhs > rhs
+            }
+            return lhsDate < rhsDate
+        }
+    }
+
+    private func knownPlanUtilizationAccountKeys(providerBuckets: PlanUtilizationHistoryBuckets) -> [String] {
+        providerBuckets.accounts.keys
+            .sorted()
+    }
+
+    private func recoverableCodexOpaquePlanHistoryRawKey(
+        targetCanonicalKey: String,
+        ownership: CodexOwnershipContext,
+        providerBuckets: PlanUtilizationHistoryBuckets) -> String?
+    {
+        guard !ownership.hasAdjacentMultiAccountVeto,
+              let targetWeeklyResetAt = ownership.currentWeeklyResetAt
+        else {
+            return nil
+        }
+
+        let candidates = providerBuckets.accounts.compactMap { rawKey, histories -> String? in
+            let owner = CodexHistoryOwnership.classifyPersistedKey(
+                rawKey,
+                legacyEmailHash: ownership.planUtilizationLegacyEmailHash)
+            guard case .legacyOpaqueScoped = owner else { return nil }
+            guard Self.isRecoverableCodexOpaquePlanHistory(
+                histories,
+                targetWeeklyResetAt: targetWeeklyResetAt)
+            else {
+                return nil
+            }
+            return rawKey
+        }
+
+        guard candidates.count == 1,
+              let recoverableRawKey = candidates.first,
+              let targetWeeklyResetAt = ownership.currentWeeklyResetAt
+        else {
+            return nil
+        }
+
+        guard !Self.hasConflictingScopedCodexPlanHistory(
+            recoverableRawKey: recoverableRawKey,
+            targetWeeklyResetAt: targetWeeklyResetAt,
+            targetCanonicalKey: targetCanonicalKey,
+            ownership: ownership,
+            providerBuckets: providerBuckets)
+        else {
+            return nil
+        }
+
+        return recoverableRawKey
+    }
+
+    private nonisolated static func isRecoverableCodexOpaquePlanHistory(
+        _ histories: [PlanUtilizationSeriesHistory],
+        targetWeeklyResetAt: Date) -> Bool
+    {
+        guard let weekly = histories.first(where: { $0.name == .weekly && $0.windowMinutes == 10080 }),
+              let session = histories.first(where: { $0.name == .session && $0.windowMinutes == 300 }),
+              !session.entries.isEmpty
+        else {
+            return false
+        }
+
+        let distinctWeeklyResets = Set(weekly.entries.compactMap(\.resetsAt))
+        guard distinctWeeklyResets.count >= 2 else { return false }
+        guard weekly.entries.contains(where: { entry in
+            Self.areEquivalentPlanUtilizationResetBoundaries(entry.resetsAt, targetWeeklyResetAt)
+        }) else {
+            return false
+        }
+        guard weekly.entries.contains(where: { entry in
+            guard let reset = entry.resetsAt else { return false }
+            return !Self.areEquivalentPlanUtilizationResetBoundaries(reset, targetWeeklyResetAt)
+        }) else {
+            return false
+        }
+        return true
+    }
+
+    private nonisolated static func areEquivalentPlanUtilizationResetBoundaries(_ lhs: Date?, _ rhs: Date?) -> Bool {
+        guard let lhs, let rhs else { return false }
+        return abs(lhs.timeIntervalSince(rhs)) < self.planUtilizationResetEquivalenceToleranceSeconds
+    }
+
+    private nonisolated static func scopedRawKeysRelevantToCodexUnscopedPlanHistory(
+        _ providerBuckets: PlanUtilizationHistoryBuckets) -> [String]
+    {
+        guard let continuityWindow = self.planUtilizationContinuityWindow(for: providerBuckets) else {
+            return []
+        }
+
+        return providerBuckets.accounts.compactMap { rawKey, histories in
+            guard self.planUtilizationHistories(histories, overlap: continuityWindow) else {
+                return nil
+            }
+            return rawKey
+        }
+    }
+
+    private nonisolated static func planUtilizationContinuityWindow(
+        for providerBuckets: PlanUtilizationHistoryBuckets) -> ClosedRange<Date>?
+    {
+        let capturedDates = providerBuckets.unscoped.flatMap(\.entries).map(\.capturedAt)
+        guard let lowerBound = capturedDates.min(),
+              let upperBound = capturedDates.max()
+        else {
+            return nil
+        }
+        let allHistories = providerBuckets.unscoped + providerBuckets.accounts.values.flatMap(\.self)
+        let expansionMinutes = allHistories.map(\.windowMinutes).max() ?? 0
+        let expansion = TimeInterval(expansionMinutes) * 60
+        return lowerBound.addingTimeInterval(-expansion)...upperBound.addingTimeInterval(expansion)
+    }
+
+    private nonisolated static func planUtilizationHistories(
+        _ histories: [PlanUtilizationSeriesHistory],
+        overlap continuityWindow: ClosedRange<Date>) -> Bool
+    {
+        histories.contains { history in
+            history.entries.contains { continuityWindow.contains($0.capturedAt) }
+        }
+    }
+
+    private nonisolated static func hasConflictingScopedCodexPlanHistory(
+        recoverableRawKey: String,
+        targetWeeklyResetAt: Date,
+        targetCanonicalKey: String,
+        ownership: CodexOwnershipContext,
+        providerBuckets: PlanUtilizationHistoryBuckets) -> Bool
+    {
+        providerBuckets.accounts.contains { rawKey, histories in
+            guard rawKey != recoverableRawKey else { return false }
+            guard self.historiesContainEquivalentWeeklyResetBoundary(
+                histories,
+                targetWeeklyResetAt: targetWeeklyResetAt)
+            else {
+                return false
+            }
+
+            let owner = CodexHistoryOwnership.classifyPersistedKey(
+                rawKey,
+                legacyEmailHash: ownership.planUtilizationLegacyEmailHash)
+            switch owner {
+            case .legacyOpaqueScoped:
+                return false
+            case .canonical, .legacyEmailHash:
+                return !CodexHistoryOwnership.belongsToTargetContinuity(
+                    owner,
+                    targetCanonicalKey: targetCanonicalKey,
+                    canonicalEmailHashKey: ownership.canonicalEmailHashKey)
+            case .legacyUnscoped:
+                return false
+            }
+        }
+    }
+
+    private nonisolated static func historiesContainEquivalentWeeklyResetBoundary(
+        _ histories: [PlanUtilizationSeriesHistory],
+        targetWeeklyResetAt: Date) -> Bool
+    {
+        histories.contains { history in
+            history.entries.contains { entry in
+                self.areEquivalentPlanUtilizationResetBoundaries(entry.resetsAt, targetWeeklyResetAt)
+            }
+        }
+    }
+
+    private nonisolated static func mergedPlanUtilizationHistories(
+        provider _: UsageProvider,
+        histories: [[PlanUtilizationSeriesHistory]]) -> [PlanUtilizationSeriesHistory]
+    {
+        var mergedByKey: [PlanUtilizationSeriesKey: PlanUtilizationSeriesHistory] = [:]
+
+        for historyGroup in histories {
+            for history in historyGroup {
+                let key = PlanUtilizationSeriesKey(name: history.name, windowMinutes: history.windowMinutes)
+                let existingEntries = mergedByKey[key]?.entries ?? []
+                var mergedEntries = existingEntries
+                for entry in history.entries.sorted(by: { $0.capturedAt < $1.capturedAt }) {
+                    if let updatedEntries = self.updatedPlanUtilizationEntries(
+                        existingEntries: mergedEntries,
+                        entry: entry)
+                    {
+                        mergedEntries = updatedEntries
+                    }
+                }
+                mergedByKey[key] = PlanUtilizationSeriesHistory(
+                    name: history.name,
+                    windowMinutes: history.windowMinutes,
+                    entries: mergedEntries)
+            }
+        }
+
+        return mergedByKey.values.sorted { lhs, rhs in
+            if lhs.windowMinutes != rhs.windowMinutes {
+                return lhs.windowMinutes < rhs.windowMinutes
+            }
+            return lhs.name.rawValue < rhs.name.rawValue
+        }
+    }
+
+    #if DEBUG
+    nonisolated static func _planUtilizationAccountKeyForTesting(
+        provider: UsageProvider,
+        snapshot: UsageSnapshot) -> String?
+    {
+        self.planUtilizationIdentityAccountKey(provider: provider, snapshot: snapshot)
+    }
+
+    nonisolated static func _planUtilizationTokenAccountKeyForTesting(
+        provider: UsageProvider,
+        account: ProviderTokenAccount) -> String?
+    {
+        self.planUtilizationAccountKey(provider: provider, account: account)
+    }
+
+    nonisolated static func _legacyClaudePlanUtilizationEmailAccountKeyForTesting(snapshot: UsageSnapshot) -> String? {
+        self.legacyClaudePlanUtilizationEmailAccountKey(snapshot: snapshot)
+    }
+
+    nonisolated static func _codexLegacyPlanUtilizationEmailHashKeyForTesting(
+        normalizedEmail: String) -> String
+    {
+        self.codexLegacyPlanUtilizationEmailHashKey(for: normalizedEmail)
+    }
+    #endif
+}
+
+actor PlanUtilizationHistoryPersistenceCoordinator {
+    private let store: PlanUtilizationHistoryStore
+    private var pendingSnapshot: [UsageProvider: PlanUtilizationHistoryBuckets]?
+    private var isPersisting: Bool = false
+
+    init(store: PlanUtilizationHistoryStore) {
+        self.store = store
+    }
+
+    func enqueue(_ snapshot: [UsageProvider: PlanUtilizationHistoryBuckets]) {
+        self.pendingSnapshot = snapshot
+        guard !self.isPersisting else { return }
+        self.isPersisting = true
+
+        Task(priority: .utility) {
+            await self.persistLoop()
+        }
+    }
+
+    private func persistLoop() async {
+        while let nextSnapshot = self.pendingSnapshot {
+            self.pendingSnapshot = nil
+            await self.saveAsync(nextSnapshot)
+        }
+
+        self.isPersisting = false
+    }
+
+    private func saveAsync(_ snapshot: [UsageProvider: PlanUtilizationHistoryBuckets]) async {
+        let store = self.store
+        await Task.detached(priority: .utility) {
+            store.save(snapshot)
+        }.value
+    }
+}
diff --git a/Sources/CodexBar/UsageStore+ProviderStorage.swift b/Sources/CodexBar/UsageStore+ProviderStorage.swift
new file mode 100644
index 000000000..3e5197eb5
--- /dev/null
+++ b/Sources/CodexBar/UsageStore+ProviderStorage.swift
@@ -0,0 +1,208 @@
+import CodexBarCore
+import Foundation
+
+@MainActor
+extension UsageStore {
+    private struct StorageRefreshRequest {
+        let providers: [UsageProvider]
+        let candidatePathsByProvider: [UsageProvider: [String]]
+        let signature: String
+    }
+
+    private static let automaticStorageRefreshInterval: TimeInterval = 5 * 60
+
+    var isStorageRefreshInFlight: Bool {
+        self.storageRefreshTask != nil
+    }
+
+    func storageFootprint(for provider: UsageProvider) -> ProviderStorageFootprint? {
+        guard self.settings.providerStorageFootprintsEnabled else { return nil }
+        return self.providerStorageFootprints[provider]
+    }
+
+    func storageFootprintText(for provider: UsageProvider) -> String? {
+        guard let footprint = self.storageFootprint(for: provider) else { return nil }
+        if footprint.hasLocalData {
+            return UsageFormatter.byteCountString(footprint.totalBytes)
+        }
+        return "No local data found"
+    }
+
+    func refreshStorageFootprintsForOverview() {
+        self.scheduleStorageFootprintRefresh(for: self.enabledProvidersForDisplay())
+    }
+
+    func refreshStorageFootprintsForOverviewNow() async {
+        await self.refreshStorageFootprintsNow(for: self.enabledProvidersForDisplay())
+    }
+
+    func scheduleStorageFootprintRefreshForOverview(force: Bool = false) {
+        self.scheduleStorageFootprintRefresh(for: self.enabledProvidersForDisplay(), force: force)
+    }
+
+    func refreshStorageFootprintsNow(for providers: [UsageProvider]) async {
+        guard self.settings.providerStorageFootprintsEnabled else {
+            self.clearStorageFootprints()
+            return
+        }
+        guard let request = self.makeStorageRefreshRequest(for: providers) else {
+            self.clearStorageFootprints()
+            return
+        }
+
+        self.storageRefreshTask?.cancel()
+        self.storageRefreshGeneration &+= 1
+        let generation = self.storageRefreshGeneration
+        self.storageRefreshInFlightSignature = request.signature
+
+        let footprints = await Task.detached(priority: .utility) {
+            Self.scanStorageFootprints(candidatePathsByProvider: request.candidatePathsByProvider)
+        }.value
+
+        guard generation == self.storageRefreshGeneration else { return }
+        self.applyStorageFootprints(
+            footprints,
+            providers: request.providers,
+            signature: request.signature,
+            updatedAt: Date())
+        self.storageRefreshTask = nil
+        self.storageRefreshInFlightSignature = nil
+    }
+
+    func scheduleStorageFootprintRefresh(for providers: [UsageProvider], force: Bool = false) {
+        guard self.settings.providerStorageFootprintsEnabled else {
+            self.clearStorageFootprints()
+            return
+        }
+        guard let request = self.makeStorageRefreshRequest(for: providers) else {
+            self.clearStorageFootprints()
+            return
+        }
+
+        let now = Date()
+        if self.storageRefreshTask != nil,
+           self.storageRefreshInFlightSignature == request.signature
+        {
+            return
+        }
+        if !force {
+            if self.lastStorageRefreshSignature == request.signature,
+               let lastStorageRefreshAt,
+               now.timeIntervalSince(lastStorageRefreshAt) < Self.automaticStorageRefreshInterval
+            {
+                return
+            }
+        }
+
+        self.storageRefreshTask?.cancel()
+        self.storageRefreshGeneration &+= 1
+        let generation = self.storageRefreshGeneration
+        self.storageRefreshInFlightSignature = request.signature
+
+        self.storageRefreshTask = Task.detached(priority: .utility) { [weak self] in
+            let footprints = Self.scanStorageFootprints(candidatePathsByProvider: request.candidatePathsByProvider)
+
+            await MainActor.run { [weak self] in
+                guard let self,
+                      !Task.isCancelled,
+                      generation == self.storageRefreshGeneration
+                else { return }
+
+                self.applyStorageFootprints(
+                    footprints,
+                    providers: request.providers,
+                    signature: request.signature,
+                    updatedAt: Date())
+                self.storageRefreshTask = nil
+                self.storageRefreshInFlightSignature = nil
+            }
+        }
+    }
+
+    private func clearStorageFootprints() {
+        self.storageRefreshTask?.cancel()
+        self.storageRefreshTask = nil
+        self.storageRefreshInFlightSignature = nil
+        self.lastStorageRefreshSignature = nil
+        self.lastStorageRefreshAt = nil
+        self.providerStorageFootprints.removeAll()
+    }
+
+    private func applyStorageFootprints(
+        _ footprints: [UsageProvider: ProviderStorageFootprint],
+        providers: [UsageProvider],
+        signature: String,
+        updatedAt: Date)
+    {
+        let providerSet = Set(providers)
+        self.providerStorageFootprints = self.providerStorageFootprints.filter { !providerSet.contains($0.key) }
+        for provider in providers {
+            self.providerStorageFootprints[provider] = footprints[provider]
+        }
+        self.lastStorageRefreshSignature = signature
+        self.lastStorageRefreshAt = updatedAt
+    }
+
+    private func makeStorageRefreshRequest(for providers: [UsageProvider]) -> StorageRefreshRequest? {
+        let uniqueProviders = Array(Set(providers)).sorted { $0.rawValue < $1.rawValue }
+        guard !uniqueProviders.isEmpty else { return nil }
+
+        let environment = self.environmentBase
+        let managedAccounts = self.loadManagedCodexAccountsForStorage()
+        var candidatePathsByProvider: [UsageProvider: [String]] = [:]
+
+        for provider in uniqueProviders {
+            let candidatePaths = ProviderStoragePathCatalog.candidatePaths(
+                for: provider,
+                environment: environment,
+                managedCodexAccounts: managedAccounts)
+            guard !candidatePaths.isEmpty else { continue }
+            candidatePathsByProvider[provider] = candidatePaths
+        }
+
+        let providersWithPaths = uniqueProviders.filter { candidatePathsByProvider[$0] != nil }
+        guard !providersWithPaths.isEmpty else { return nil }
+
+        let signature = providersWithPaths
+            .map { provider in
+                let paths = candidatePathsByProvider[provider]?.joined(separator: "\u{1f}") ?? ""
+                return "\(provider.rawValue)=\(paths)"
+            }
+            .joined(separator: "\u{1e}")
+        return StorageRefreshRequest(
+            providers: providersWithPaths,
+            candidatePathsByProvider: candidatePathsByProvider,
+            signature: signature)
+    }
+
+    private func loadManagedCodexAccountsForStorage() -> [ManagedCodexAccount] {
+        if let managedCodexAccountsForStorageOverride {
+            return managedCodexAccountsForStorageOverride
+        }
+        return (try? FileManagedCodexAccountStore().loadAccounts().accounts) ?? []
+    }
+
+    private nonisolated static func scanStorageFootprints(
+        candidatePathsByProvider: [UsageProvider: [String]])
+        -> [UsageProvider: ProviderStorageFootprint]
+    {
+        let scanner = ProviderStorageScanner()
+        var footprints: [UsageProvider: ProviderStorageFootprint] = [:]
+        var pathCache: [String: ProviderStorageFootprint] = [:]
+
+        for provider in candidatePathsByProvider.keys.sorted(by: { $0.rawValue < $1.rawValue }) {
+            if Task.isCancelled { return footprints }
+            guard let candidatePaths = candidatePathsByProvider[provider] else { continue }
+            let pathKey = candidatePaths.joined(separator: "\u{1f}")
+            if let cached = pathCache[pathKey] {
+                footprints[provider] = cached.replacingProvider(provider)
+                continue
+            }
+            let footprint = scanner.scan(provider: provider, candidatePaths: candidatePaths)
+            pathCache[pathKey] = footprint
+            footprints[provider] = footprint
+        }
+
+        return footprints
+    }
+}
diff --git a/Sources/CodexBar/UsageStore+Refresh.swift b/Sources/CodexBar/UsageStore+Refresh.swift
index 1e60dfb37..db3c9d2e2 100644
--- a/Sources/CodexBar/UsageStore+Refresh.swift
+++ b/Sources/CodexBar/UsageStore+Refresh.swift
@@ -2,37 +2,53 @@ import CodexBarCore
 import Foundation
 
 extension UsageStore {
+    func prepareRefreshState(for provider: UsageProvider? = nil) {
+        guard provider == nil || provider == .codex else { return }
+        _ = self.settings.persistResolvedCodexActiveSourceCorrectionIfNeeded()
+    }
+
     /// Force refresh Augment session (called from UI button)
     func forceRefreshAugmentSession() async {
         await self.performRuntimeAction(.forceSessionRefresh, for: .augment)
     }
 
+    private func providerRefreshSpec(_ provider: UsageProvider) async -> ProviderSpec? {
+        if let override = self._test_providerRefreshOverride {
+            await override(provider)
+            return nil
+        }
+        return self.providerSpecs[provider]
+    }
+
     func refreshProvider(_ provider: UsageProvider, allowDisabled: Bool = false) async {
-        guard let spec = self.providerSpecs[provider] else { return }
+        self.prepareRefreshState(for: provider)
+        guard let spec = await self.providerRefreshSpec(provider) else { return }
+        let codexExpectedGuard = provider == .codex ? self.currentCodexAccountScopedRefreshGuard() : nil
 
         if !spec.isEnabled(), !allowDisabled {
-            self.refreshingProviders.remove(provider)
-            await MainActor.run {
-                self.snapshots.removeValue(forKey: provider)
-                self.errors[provider] = nil
-                self.lastSourceLabels.removeValue(forKey: provider)
-                self.lastFetchAttempts.removeValue(forKey: provider)
-                self.accountSnapshots.removeValue(forKey: provider)
-                self.tokenSnapshots.removeValue(forKey: provider)
-                self.tokenErrors[provider] = nil
-                self.failureGates[provider]?.reset()
-                self.tokenFailureGates[provider]?.reset()
-                self.statuses.removeValue(forKey: provider)
-                self.lastKnownSessionRemaining.removeValue(forKey: provider)
-                self.lastKnownSessionWindowSource.removeValue(forKey: provider)
-                self.lastTokenFetchAt.removeValue(forKey: provider)
-            }
+            await self.clearDisabledProviderRefreshState(provider)
             return
         }
 
         self.refreshingProviders.insert(provider)
         defer { self.refreshingProviders.remove(provider) }
 
+        if provider == .codex, self.shouldFetchAllCodexVisibleAccounts() {
+            await self.refreshCodexVisibleAccountsForMenu()
+            return
+        } else if provider == .codex {
+            self.codexAccountSnapshots = []
+        }
+
+        if provider == .kilo, self.shouldFanOutKiloScopes() {
+            await self.refreshKiloScopes()
+            // Continue to also fetch the personal snapshot through the regular path
+            // so the existing single-card render keeps working when only personal is shown.
+            // The presence of multi-element kiloScopeSnapshots triggers stacked rendering.
+        } else if provider == .kilo {
+            await MainActor.run { self.kiloScopeSnapshots = [] }
+        }
+
         let tokenAccounts = self.tokenAccounts(for: provider)
         if self.shouldFetchAllTokenAccounts(provider: provider, accounts: tokenAccounts) {
             await self.refreshTokenAccounts(provider: provider, accounts: tokenAccounts)
@@ -43,6 +59,9 @@ extension UsageStore {
             }
         }
 
+        let claudeAuthStateBeforeFetch = provider == .claude
+            ? await Self.captureClaudeRefreshAuthState(invalidateCredentialsFile: true)
+            : nil
         let fetchContext = spec.makeFetchContext()
         let descriptor = spec.descriptor
         // Keep provider fetch work off MainActor so slow keychain/process reads don't stall menu/UI responsiveness.
@@ -55,22 +74,20 @@ extension UsageStore {
             }
             return await group.next()!
         }
-        if provider == .claude,
-           ClaudeOAuthCredentialsStore.invalidateCacheIfCredentialsFileChanged()
-        {
-            await MainActor.run {
-                self.snapshots.removeValue(forKey: .claude)
-                self.errors[.claude] = nil
-                self.lastSourceLabels.removeValue(forKey: .claude)
-                self.lastFetchAttempts.removeValue(forKey: .claude)
-                self.accountSnapshots.removeValue(forKey: .claude)
-                self.tokenSnapshots.removeValue(forKey: .claude)
-                self.tokenErrors[.claude] = nil
-                self.failureGates[.claude]?.reset()
-                self.tokenFailureGates[.claude]?.reset()
-                self.lastTokenFetchAt.removeValue(forKey: .claude)
-            }
-        }
+        let claudeAuthFingerprintAfterFetch = provider == .claude
+            ? await Self.captureClaudeAuthFingerprintToken()
+            : nil
+        let claudeAuthChangedDuringFetch = Self.claudeAuthChangedDuringFetch(
+            provider: provider,
+            beforeFetch: claudeAuthStateBeforeFetch,
+            afterFetchFingerprintToken: claudeAuthFingerprintAfterFetch)
+        await Self.invalidateClaudeCredentialsFileCacheIfNeeded(changedDuringFetch: claudeAuthChangedDuringFetch)
+        let claudeCredentialsChanged = Self.claudeCredentialsChanged(
+            beforeFetch: claudeAuthStateBeforeFetch,
+            changedDuringFetch: claudeAuthChangedDuringFetch)
+        let shouldConsumeClaudeKeychainFingerprint = Self.shouldConsumeClaudeKeychainFingerprintChange(
+            beforeFetch: claudeAuthStateBeforeFetch,
+            changedDuringFetch: claudeAuthChangedDuringFetch)
         await MainActor.run {
             self.lastFetchAttempts[provider] = outcome.attempts
         }
@@ -78,39 +95,295 @@ extension UsageStore {
         switch outcome.result {
         case let .success(result):
             let scoped = result.usage.scoped(to: provider)
-            await MainActor.run {
-                self.handleSessionQuotaTransition(provider: provider, snapshot: scoped)
-                self.snapshots[provider] = scoped
+            if provider == .codex,
+               let codexExpectedGuard,
+               !self.shouldApplyCodexUsageResult(expectedGuard: codexExpectedGuard, usage: scoped)
+            {
+                return
+            }
+            let backfilled = await MainActor.run {
+                if claudeCredentialsChanged {
+                    self.clearClaudeCredentialDerivedStateForCredentialSwapNow()
+                }
+                let backfilled = scoped.backfillingResetTimes(from: self.lastKnownResetSnapshots[provider])
+                self.handleQuotaWarningTransitions(provider: provider, snapshot: backfilled)
+                self.handleSessionQuotaTransition(provider: provider, snapshot: backfilled)
+                self.lastKnownResetSnapshots[provider] = backfilled
+                self.snapshots[provider] = backfilled
+                if let tokenSnapshot = self.tokenSnapshot(fromProviderSnapshot: backfilled, provider: provider) {
+                    self.tokenSnapshots[provider] = tokenSnapshot
+                    self.tokenErrors[provider] = nil
+                    self.tokenFailureGates[provider]?.recordSuccess()
+                } else if Self.tokenCostRequiresProviderSnapshot(provider) {
+                    self.tokenSnapshots.removeValue(forKey: provider)
+                    self.tokenErrors[provider] = nil
+                }
                 self.lastSourceLabels[provider] = result.sourceLabel
                 self.errors[provider] = nil
                 self.failureGates[provider]?.recordSuccess()
+                if provider == .codex {
+                    self.rememberLiveSystemCodexEmailIfNeeded(scoped.accountEmail(for: .codex))
+                    self.seedCodexAccountScopedRefreshGuard(accountEmail: scoped.accountEmail(for: .codex))
+                }
+                return backfilled
+            }
+            if shouldConsumeClaudeKeychainFingerprint {
+                _ = await Self.consumeClaudeKeychainFingerprintChangeWithoutPrompt()
             }
+            await self.recordPlanUtilizationHistorySample(
+                provider: provider,
+                snapshot: backfilled)
             if let runtime = self.providerRuntimes[provider] {
                 let context = ProviderRuntimeContext(
                     provider: provider, settings: self.settings, store: self)
                 runtime.providerDidRefresh(context: context, provider: provider)
             }
             if provider == .codex {
-                self.recordCodexHistoricalSampleIfNeeded(snapshot: scoped)
+                self.recordCodexHistoricalSampleIfNeeded(snapshot: backfilled)
             }
         case let .failure(error):
-            await MainActor.run {
-                let hadPriorData = self.snapshots[provider] != nil
-                let shouldSurface =
-                    self.failureGates[provider]?
-                        .shouldSurfaceError(onFailureWithPriorData: hadPriorData) ?? true
-                if shouldSurface {
-                    self.errors[provider] = error.localizedDescription
+            if provider == .codex,
+               let codexExpectedGuard,
+               !self.shouldApplyCodexScopedFailure(expectedGuard: codexExpectedGuard)
+            {
+                return
+            }
+            if claudeCredentialsChanged {
+                await self.clearClaudeCredentialDerivedStateForCredentialSwap()
+            }
+            if shouldConsumeClaudeKeychainFingerprint {
+                _ = await Self.consumeClaudeKeychainFingerprintChangeWithoutPrompt()
+            }
+            await self.handleProviderFetchFailure(provider: provider, error: error)
+        }
+    }
+
+    private func clearDisabledProviderRefreshState(_ provider: UsageProvider) async {
+        self.refreshingProviders.remove(provider)
+        await MainActor.run {
+            self.snapshots.removeValue(forKey: provider)
+            self.lastKnownResetSnapshots.removeValue(forKey: provider)
+            self.errors[provider] = nil
+            self.lastSourceLabels.removeValue(forKey: provider)
+            self.lastFetchAttempts.removeValue(forKey: provider)
+            self.accountSnapshots.removeValue(forKey: provider)
+            if provider == .codex {
+                self.codexAccountSnapshots = []
+            }
+            if provider == .kilo {
+                self.kiloScopeSnapshots = []
+            }
+            self.tokenSnapshots.removeValue(forKey: provider)
+            self.tokenErrors[provider] = nil
+            self.failureGates[provider]?.reset()
+            self.tokenFailureGates[provider]?.reset()
+            self.statuses.removeValue(forKey: provider)
+            self.lastKnownSessionRemaining.removeValue(forKey: provider)
+            self.lastKnownSessionWindowSource.removeValue(forKey: provider)
+            self.quotaWarningState = self.quotaWarningState.filter { $0.key.provider != provider }
+            self.lastTokenFetchAt.removeValue(forKey: provider)
+        }
+    }
+
+    private struct ClaudeRefreshAuthState {
+        let fingerprintToken: String
+        let credentialsFileChanged: Bool
+        let keychainFingerprintChanged: Bool
+    }
+
+    private nonisolated static func claudeCredentialsChanged(
+        beforeFetch: ClaudeRefreshAuthState?,
+        changedDuringFetch: Bool) -> Bool
+    {
+        beforeFetch?.credentialsFileChanged == true ||
+            beforeFetch?.keychainFingerprintChanged == true ||
+            changedDuringFetch
+    }
+
+    private nonisolated static func shouldConsumeClaudeKeychainFingerprintChange(
+        beforeFetch: ClaudeRefreshAuthState?,
+        changedDuringFetch: Bool) -> Bool
+    {
+        beforeFetch?.keychainFingerprintChanged == true || changedDuringFetch
+    }
+
+    private nonisolated static func claudeAuthChangedDuringFetch(
+        provider: UsageProvider,
+        beforeFetch: ClaudeRefreshAuthState?,
+        afterFetchFingerprintToken: String?) -> Bool
+    {
+        provider == .claude && afterFetchFingerprintToken != beforeFetch?.fingerprintToken
+    }
+
+    private nonisolated static func captureClaudeRefreshAuthState(
+        invalidateCredentialsFile: Bool) async -> ClaudeRefreshAuthState
+    {
+        await withTaskGroup(of: ClaudeRefreshAuthState.self, returning: ClaudeRefreshAuthState.self) { group in
+            group.addTask {
+                let fingerprintToken = ClaudeOAuthCredentialsStore.authFingerprintToken()
+                let credentialsFileChanged = invalidateCredentialsFile
+                    ? ClaudeOAuthCredentialsStore.invalidateCacheIfCredentialsFileChanged()
+                    : false
+                let keychainFingerprintChanged = ClaudeOAuthCredentialsStore
+                    .claudeKeychainFingerprintChangedWithoutConsuming()
+                return ClaudeRefreshAuthState(
+                    fingerprintToken: fingerprintToken,
+                    credentialsFileChanged: credentialsFileChanged,
+                    keychainFingerprintChanged: keychainFingerprintChanged)
+            }
+            return await group.next()!
+        }
+    }
+
+    private nonisolated static func captureClaudeAuthFingerprintToken() async -> String {
+        await withTaskGroup(of: String.self, returning: String.self) { group in
+            group.addTask {
+                ClaudeOAuthCredentialsStore.authFingerprintToken()
+            }
+            return await group.next()!
+        }
+    }
+
+    private nonisolated static func invalidateClaudeCredentialsFileCacheIfChanged() async -> Bool {
+        await withTaskGroup(of: Bool.self, returning: Bool.self) { group in
+            group.addTask {
+                ClaudeOAuthCredentialsStore.invalidateCacheIfCredentialsFileChanged()
+            }
+            return await group.next()!
+        }
+    }
+
+    private nonisolated static func invalidateClaudeCredentialsFileCacheIfNeeded(changedDuringFetch: Bool) async {
+        guard changedDuringFetch else { return }
+        _ = await self.invalidateClaudeCredentialsFileCacheIfChanged()
+    }
+
+    private nonisolated static func consumeClaudeKeychainFingerprintChangeWithoutPrompt() async -> Bool {
+        await withTaskGroup(of: Bool.self, returning: Bool.self) { group in
+            group.addTask {
+                ClaudeOAuthCredentialsStore.consumeClaudeKeychainFingerprintChangeWithoutPrompt()
+            }
+            return await group.next()!
+        }
+    }
+
+    private func clearClaudeCredentialDerivedStateForCredentialSwap() async {
+        await MainActor.run {
+            self.clearClaudeCredentialDerivedStateForCredentialSwapNow()
+        }
+    }
+
+    private func clearClaudeCredentialDerivedStateForCredentialSwapNow() {
+        self.snapshots.removeValue(forKey: .claude)
+        self.lastKnownResetSnapshots.removeValue(forKey: .claude)
+        self.errors[.claude] = nil
+        self.lastSourceLabels.removeValue(forKey: .claude)
+        self.accountSnapshots.removeValue(forKey: .claude)
+        self.tokenSnapshots.removeValue(forKey: .claude)
+        self.tokenErrors[.claude] = nil
+        self.failureGates[.claude]?.reset()
+        self.tokenFailureGates[.claude]?.reset()
+        self.lastKnownSessionRemaining.removeValue(forKey: .claude)
+        self.lastKnownSessionWindowSource.removeValue(forKey: .claude)
+        self.quotaWarningState = self.quotaWarningState.filter { $0.key.provider != .claude }
+        self.lastTokenFetchAt.removeValue(forKey: .claude)
+    }
+
+    private func handleProviderFetchFailure(provider: UsageProvider, error: Error) async {
+        let shouldNotifyPermissionPrompt = Self.isPermissionPromptWaiting(error)
+        await MainActor.run {
+            let hadPriorData = self.snapshots[provider] != nil
+            let preservesPriorData = Self.shouldPreservePriorSnapshot(
+                after: error,
+                hadPriorData: hadPriorData)
+            let shouldSurface =
+                self.failureGates[provider]?
+                    .shouldSurfaceError(onFailureWithPriorData: hadPriorData) ?? true
+            if provider == .claude,
+               preservesPriorData,
+               Self.isClaudeUsageProbeTimeout(error)
+            {
+                self.errors[provider] = nil
+                return
+            }
+            if preservesPriorData, !shouldSurface {
+                self.errors[provider] = nil
+                return
+            }
+            if shouldSurface {
+                self.errors[provider] = error.localizedDescription
+                if !preservesPriorData {
                     self.snapshots.removeValue(forKey: provider)
-                } else {
-                    self.errors[provider] = nil
                 }
+            } else {
+                self.errors[provider] = nil
             }
-            if let runtime = self.providerRuntimes[provider] {
-                let context = ProviderRuntimeContext(
-                    provider: provider, settings: self.settings, store: self)
-                runtime.providerDidFail(context: context, provider: provider, error: error)
+            if shouldNotifyPermissionPrompt {
+                self.postPermissionPromptNotificationIfNeeded(provider: provider, error: error)
             }
         }
+        if let runtime = self.providerRuntimes[provider] {
+            let context = ProviderRuntimeContext(
+                provider: provider, settings: self.settings, store: self)
+            runtime.providerDidFail(context: context, provider: provider, error: error)
+        }
+    }
+
+    private static func shouldPreservePriorSnapshot(after error: Error, hadPriorData: Bool) -> Bool {
+        guard hadPriorData else { return false }
+        if error is CancellationError { return true }
+        if self.isPreservableNetworkTransportError(error) { return true }
+
+        let message = error.localizedDescription.lowercased()
+        return message.contains("timed out") ||
+            message.contains("timeout") ||
+            message.contains("cancelled") ||
+            message.contains("network connection was lost") ||
+            message.contains("not connected to the internet")
+    }
+
+    static func isPreservableNetworkTransportError(_ error: Error) -> Bool {
+        let nsError = error as NSError
+        guard nsError.domain == NSURLErrorDomain else { return false }
+        switch nsError.code {
+        case NSURLErrorTimedOut,
+             NSURLErrorCancelled,
+             NSURLErrorNetworkConnectionLost,
+             NSURLErrorNotConnectedToInternet,
+             NSURLErrorCannotFindHost,
+             NSURLErrorCannotConnectToHost,
+             NSURLErrorDNSLookupFailed:
+            return true
+        default:
+            return false
+        }
+    }
+
+    private static func isClaudeUsageProbeTimeout(_ error: Error) -> Bool {
+        if case ClaudeStatusProbeError.timedOut = error { return true }
+        return error.localizedDescription == ClaudeStatusProbeError.timedOut.localizedDescription
+    }
+
+    nonisolated static func isPermissionPromptWaiting(_ error: Error) -> Bool {
+        let message = error.localizedDescription.lowercased()
+        return (message.contains("prompt") && message.contains("waiting")) ||
+            message.contains("permission prompt") ||
+            message.contains("folder trust prompt")
+    }
+
+    private func postPermissionPromptNotificationIfNeeded(provider: UsageProvider, error: Error) {
+        let now = Date()
+        if let last = self.lastPermissionPromptNotificationAt[provider],
+           now.timeIntervalSince(last) < 10 * 60
+        {
+            return
+        }
+        self.lastPermissionPromptNotificationAt[provider] = now
+        let providerName = ProviderDescriptorRegistry.descriptor(for: provider).metadata.displayName
+        AppNotifications.shared.post(
+            idPrefix: "permission-prompt-\(provider.rawValue)",
+            title: L("%@ is waiting for permission", providerName),
+            body: error.localizedDescription,
+            soundEnabled: false)
     }
 }
diff --git a/Sources/CodexBar/UsageStore+Status.swift b/Sources/CodexBar/UsageStore+Status.swift
index abf7aee47..4d1b85e4d 100644
--- a/Sources/CodexBar/UsageStore+Status.swift
+++ b/Sources/CodexBar/UsageStore+Status.swift
@@ -1,12 +1,17 @@
+import CodexBarCore
 import Foundation
 
 extension UsageStore {
-    static func fetchStatus(from baseURL: URL) async throws -> ProviderStatus {
+    static func fetchStatus(
+        from baseURL: URL,
+        transport: any ProviderHTTPTransport = ProviderHTTPClient.shared)
+        async throws -> ProviderStatus
+    {
         let apiURL = baseURL.appendingPathComponent("api/v2/status.json")
         var request = URLRequest(url: apiURL)
         request.timeoutInterval = 10
 
-        let (data, _) = try await URLSession.shared.data(for: request, delegate: nil)
+        let (data, _) = try await transport.data(for: request)
 
         struct Response: Decodable {
             struct Status: Decodable {
@@ -46,13 +51,17 @@ extension UsageStore {
             updatedAt: response.page?.updatedAt)
     }
 
-    static func fetchWorkspaceStatus(productID: String) async throws -> ProviderStatus {
+    static func fetchWorkspaceStatus(
+        productID: String,
+        transport: any ProviderHTTPTransport = ProviderHTTPClient.shared)
+        async throws -> ProviderStatus
+    {
         guard let url = URL(string: "https://www.google.com/appsstatus/dashboard/incidents.json") else {
             throw URLError(.badURL)
         }
         var request = URLRequest(url: url)
         request.timeoutInterval = 10
-        let (data, _) = try await URLSession.shared.data(for: request, delegate: nil)
+        let (data, _) = try await transport.data(for: request)
         return try Self.parseGoogleWorkspaceStatus(data: data, productID: productID)
     }
 
diff --git a/Sources/CodexBar/UsageStore+Timeout.swift b/Sources/CodexBar/UsageStore+Timeout.swift
new file mode 100644
index 000000000..ac81d04bc
--- /dev/null
+++ b/Sources/CodexBar/UsageStore+Timeout.swift
@@ -0,0 +1,19 @@
+import Foundation
+
+extension UsageStore {
+    nonisolated static func runWithTimeout(
+        seconds: Double,
+        operation: @escaping @Sendable () async -> String) async -> String
+    {
+        await withTaskGroup(of: String?.self) { group -> String in
+            group.addTask { await operation() }
+            group.addTask {
+                try? await Task.sleep(nanoseconds: UInt64(seconds * 1_000_000_000))
+                return nil
+            }
+            let result = await group.next()?.flatMap(\.self)
+            group.cancelAll()
+            return result ?? "Probe timed out after \(Int(seconds))s"
+        }
+    }
+}
diff --git a/Sources/CodexBar/UsageStore+TokenAccounts.swift b/Sources/CodexBar/UsageStore+TokenAccounts.swift
index 3e55ffa9f..4a5a96d4e 100644
--- a/Sources/CodexBar/UsageStore+TokenAccounts.swift
+++ b/Sources/CodexBar/UsageStore+TokenAccounts.swift
@@ -1,7 +1,7 @@
 import CodexBarCore
 import Foundation
 
-struct TokenAccountUsageSnapshot: Identifiable, Sendable {
+struct TokenAccountUsageSnapshot: Identifiable {
     let id: UUID
     let account: ProviderTokenAccount
     let snapshot: UsageSnapshot?
@@ -17,7 +17,37 @@ struct TokenAccountUsageSnapshot: Identifiable, Sendable {
     }
 }
 
+struct CodexAccountUsageSnapshot: Identifiable {
+    let id: String
+    let account: CodexVisibleAccount
+    let snapshot: UsageSnapshot?
+    let error: String?
+    let sourceLabel: String?
+
+    init(account: CodexVisibleAccount, snapshot: UsageSnapshot?, error: String?, sourceLabel: String?) {
+        self.id = account.id
+        self.account = account
+        self.snapshot = snapshot
+        self.error = error
+        self.sourceLabel = sourceLabel
+    }
+}
+
+private struct TokenAccountFetchResult {
+    let index: Int
+    let account: ProviderTokenAccount
+    let outcome: ProviderFetchOutcome
+}
+
+private struct CodexAccountFetchResult {
+    let index: Int
+    let account: CodexVisibleAccount
+    let outcome: ProviderFetchOutcome
+}
+
 extension UsageStore {
+    static let tokenAccountMenuSnapshotLimit = 6
+
     func tokenAccounts(for provider: UsageProvider) -> [ProviderTokenAccount] {
         guard TokenAccountSupportCatalog.support(for: provider) != nil else { return [] }
         return self.settings.tokenAccounts(for: provider)
@@ -25,30 +55,140 @@ extension UsageStore {
 
     func shouldFetchAllTokenAccounts(provider: UsageProvider, accounts: [ProviderTokenAccount]) -> Bool {
         guard TokenAccountSupportCatalog.support(for: provider) != nil else { return false }
-        return self.settings.showAllTokenAccountsInMenu && accounts.count > 1
+        return self.settings.multiAccountMenuLayout == .stacked && accounts.count > 1
+    }
+
+    func shouldFetchAllCodexVisibleAccounts() -> Bool {
+        self.settings.multiAccountMenuLayout == .stacked &&
+            self.settings.codexVisibleAccountProjection.visibleAccounts.count > 1
+    }
+
+    func refreshCodexVisibleAccountsForMenu() async {
+        let projection = self.settings.codexVisibleAccountProjection
+        let accounts = self.limitedCodexVisibleAccounts(
+            projection.visibleAccounts,
+            snapshots: self.codexAccountSnapshots,
+            activeVisibleAccountID: projection.activeVisibleAccountID)
+        guard accounts.count > 1 else {
+            self.codexAccountSnapshots = []
+            return
+        }
+
+        let originalVisibleAccountID = projection.activeVisibleAccountID
+        let originalSelectionSource = originalVisibleAccountID.flatMap {
+            projection.source(forVisibleAccountID: $0)
+        }
+        let priorByAccountID = Dictionary(uniqueKeysWithValues: self.codexAccountSnapshots.map { ($0.id, $0) })
+        var snapshots: [CodexAccountUsageSnapshot] = []
+        var selectedOutcome: ProviderFetchOutcome?
+        var selectedSnapshot: UsageSnapshot?
+        var selectedSourceLabel: String?
+        var sawAnyNonCancellationOutcome = false
+
+        let results = await self.fetchCodexVisibleAccountOutcomes(accounts)
+        for result in results {
+            let account = result.account
+            let outcome = result.outcome
+            let isCancellation = Self.outcomeIsCancellation(outcome)
+            if !isCancellation {
+                sawAnyNonCancellationOutcome = true
+            }
+            let resolved = self.resolveCodexAccountOutcome(
+                outcome,
+                account: account,
+                priorSnapshot: priorByAccountID[account.id])
+            if let snapshot = resolved.snapshot {
+                snapshots.append(snapshot)
+            }
+            if account.id == originalVisibleAccountID {
+                selectedOutcome = outcome
+                selectedSnapshot = resolved.usage
+                selectedSourceLabel = resolved.sourceLabel
+            }
+        }
+
+        let shouldPreservePriorState = !sawAnyNonCancellationOutcome &&
+            snapshots.allSatisfy { $0.snapshot == nil }
+        if !shouldPreservePriorState {
+            self.codexAccountSnapshots = snapshots
+            self.codexAccountUsageSnapshotStore?.store(snapshots)
+        }
+
+        let selectionStillMatches = self.codexVisibleSelectionStillMatches(
+            originalVisibleAccountID: originalVisibleAccountID,
+            originalSelectionSource: originalSelectionSource)
+        if let selectedOutcome, selectionStillMatches {
+            await self.applySelectedCodexVisibleAccountOutcome(
+                selectedOutcome,
+                snapshot: selectedSnapshot,
+                sourceLabel: selectedSourceLabel)
+        }
+    }
+
+    func codexVisibleSelectionStillMatches(
+        originalVisibleAccountID: String?,
+        originalSelectionSource: CodexActiveSource?) -> Bool
+    {
+        let currentProjection = self.settings.codexVisibleAccountProjection
+        let currentSelectionSource = originalVisibleAccountID.flatMap {
+            currentProjection.source(forVisibleAccountID: $0)
+        }
+        return currentProjection.activeVisibleAccountID == originalVisibleAccountID &&
+            currentSelectionSource == originalSelectionSource
     }
 
     func refreshTokenAccounts(provider: UsageProvider, accounts: [ProviderTokenAccount]) async {
         let selectedAccount = self.settings.selectedTokenAccount(for: provider)
         let limitedAccounts = self.limitedTokenAccounts(accounts, selected: selectedAccount)
         let effectiveSelected = selectedAccount ?? limitedAccounts.first
+
+        // Capture the prior per-account snapshot state so we can preserve last-good
+        // data when an in-flight refresh is cancelled (e.g. menu tab switches). Without
+        // this, cancellation produces empty/error snapshots and the menu briefly shows
+        // misleading cards for accounts that previously had valid data.
+        let priorSnapshots = await MainActor.run { self.accountSnapshots[provider] ?? [] }
+        let priorByAccountID = Dictionary(uniqueKeysWithValues: priorSnapshots.map { ($0.account.id, $0) })
+
         var snapshots: [TokenAccountUsageSnapshot] = []
+        var historySamples: [(account: ProviderTokenAccount, snapshot: UsageSnapshot)] = []
         var selectedOutcome: ProviderFetchOutcome?
         var selectedSnapshot: UsageSnapshot?
+        var sawAnyNonCancellationOutcome = false
 
-        for account in limitedAccounts {
-            let override = TokenAccountOverride(provider: provider, account: account)
-            let outcome = await self.fetchOutcome(provider: provider, override: override)
-            let resolved = self.resolveAccountOutcome(outcome, provider: provider, account: account)
-            snapshots.append(resolved.snapshot)
+        let results = await self.fetchTokenAccountOutcomes(provider: provider, accounts: limitedAccounts)
+        for result in results {
+            let account = result.account
+            let outcome = result.outcome
+            let isCancellation = Self.outcomeIsCancellation(outcome)
+            if !isCancellation {
+                sawAnyNonCancellationOutcome = true
+            }
+            let resolved = self.resolveAccountOutcome(
+                outcome,
+                provider: provider,
+                account: account,
+                priorSnapshot: priorByAccountID[account.id])
+            if let snapshot = resolved.snapshot {
+                snapshots.append(snapshot)
+            }
+            if let usage = resolved.usage {
+                historySamples.append((account: account, snapshot: usage))
+            }
             if account.id == effectiveSelected?.id {
                 selectedOutcome = outcome
                 selectedSnapshot = resolved.usage
             }
         }
 
-        await MainActor.run {
-            self.accountSnapshots[provider] = snapshots
+        // If every fetch was cancelled (e.g. the user closed/reopened the menu mid-flight)
+        // and we have no usable snapshots, leave the prior per-account state alone.
+        // Wiping it would produce a menu of useless "cancelled" placeholders.
+        let shouldPreservePriorState = !sawAnyNonCancellationOutcome &&
+            snapshots.allSatisfy { $0.snapshot == nil }
+        if !shouldPreservePriorState {
+            await MainActor.run {
+                self.accountSnapshots[provider] = snapshots
+            }
         }
 
         if let selectedOutcome {
@@ -58,13 +198,43 @@ extension UsageStore {
                 account: effectiveSelected,
                 fallbackSnapshot: selectedSnapshot)
         }
+
+        await self.recordFetchedTokenAccountPlanUtilizationHistory(
+            provider: provider,
+            samples: historySamples,
+            selectedAccount: effectiveSelected)
+    }
+
+    private static func outcomeIsCancellation(_ outcome: ProviderFetchOutcome) -> Bool {
+        if case let .failure(error) = outcome.result, error is CancellationError {
+            return true
+        }
+        if case let .failure(error) = outcome.result {
+            return self.errorIsCancellation(error)
+        }
+        return false
+    }
+
+    private static func errorIsCancellation(_ error: any Error) -> Bool {
+        if error is CancellationError {
+            return true
+        }
+        if let urlError = error as? URLError, urlError.code == .cancelled {
+            return true
+        }
+        let message = error.localizedDescription
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            .lowercased()
+        return message == "cancelled" ||
+            message.contains("cancellationerror") ||
+            message.contains("cancelled")
     }
 
     func limitedTokenAccounts(
         _ accounts: [ProviderTokenAccount],
         selected: ProviderTokenAccount?) -> [ProviderTokenAccount]
     {
-        let limit = 6
+        let limit = Self.tokenAccountMenuSnapshotLimit
         if accounts.count <= limit { return accounts }
         var limited = Array(accounts.prefix(limit))
         if let selected, !limited.contains(where: { $0.id == selected.id }) {
@@ -74,32 +244,175 @@ extension UsageStore {
         return limited
     }
 
+    func limitedCodexVisibleAccounts(
+        _ accounts: [CodexVisibleAccount],
+        snapshots: [CodexAccountUsageSnapshot] = [],
+        activeVisibleAccountID: String?) -> [CodexVisibleAccount]
+    {
+        let accounts = CodexAccountPresentationOrdering.orderedAccounts(
+            accounts,
+            snapshots: snapshots,
+            activeVisibleAccountID: activeVisibleAccountID)
+        let limit = Self.tokenAccountMenuSnapshotLimit
+        if accounts.count <= limit { return accounts }
+        var limited = Array(accounts.prefix(limit))
+        if let activeVisibleAccountID,
+           let active = accounts.first(where: { $0.id == activeVisibleAccountID }),
+           !limited.contains(where: { $0.id == activeVisibleAccountID })
+        {
+            limited.removeLast()
+            limited.append(active)
+        }
+        return limited
+    }
+
     func fetchOutcome(
         provider: UsageProvider,
-        override: TokenAccountOverride?) async -> ProviderFetchOutcome
+        override: TokenAccountOverride?,
+        codexActiveSourceOverride: CodexActiveSource? = nil) async -> ProviderFetchOutcome
     {
-        let descriptor = ProviderDescriptorRegistry.descriptor(for: provider)
+        let descriptor = self.providerSpecs[provider]?.descriptor ?? ProviderDescriptorRegistry
+            .descriptor(for: provider)
+        let context = self.makeFetchContext(
+            provider: provider,
+            override: override,
+            codexActiveSourceOverride: codexActiveSourceOverride)
+        return await descriptor.fetchOutcome(context: context)
+    }
+
+    private func fetchTokenAccountOutcomes(
+        provider: UsageProvider,
+        accounts: [ProviderTokenAccount]) async -> [TokenAccountFetchResult]
+    {
+        let requests: [(
+            index: Int,
+            account: ProviderTokenAccount,
+            descriptor: ProviderDescriptor,
+            context: ProviderFetchContext)] =
+            accounts.enumerated().map { index, account in
+                let override = TokenAccountOverride(provider: provider, account: account)
+                let descriptor = self.providerSpecs[provider]?.descriptor ?? ProviderDescriptorRegistry
+                    .descriptor(for: provider)
+                let context = self.makeFetchContext(provider: provider, override: override)
+                return (index, account, descriptor, context)
+            }
+
+        return await withTaskGroup(
+            of: TokenAccountFetchResult.self,
+            returning: [TokenAccountFetchResult].self)
+        { group in
+            for request in requests {
+                group.addTask {
+                    let outcome = await request.descriptor.fetchOutcome(context: request.context)
+                    return TokenAccountFetchResult(
+                        index: request.index,
+                        account: request.account,
+                        outcome: outcome)
+                }
+            }
+
+            var results: [TokenAccountFetchResult] = []
+            results.reserveCapacity(requests.count)
+            for await result in group {
+                results.append(result)
+            }
+            return results.sorted { $0.index < $1.index }
+        }
+    }
+
+    private func fetchCodexVisibleAccountOutcomes(_ accounts: [CodexVisibleAccount]) async
+    -> [CodexAccountFetchResult] {
+        let requests: [(
+            index: Int,
+            account: CodexVisibleAccount,
+            descriptor: ProviderDescriptor,
+            context: ProviderFetchContext)] =
+            accounts.enumerated().map { index, account in
+                let descriptor = self.providerSpecs[.codex]?.descriptor ?? ProviderDescriptorRegistry
+                    .descriptor(for: .codex)
+                let context = self.makeFetchContext(
+                    provider: .codex,
+                    override: nil,
+                    codexActiveSourceOverride: account.selectionSource)
+                return (index, account, descriptor, context)
+            }
+
+        return await withTaskGroup(
+            of: CodexAccountFetchResult.self,
+            returning: [CodexAccountFetchResult].self)
+        { group in
+            for request in requests {
+                group.addTask {
+                    let outcome = await request.descriptor.fetchOutcome(context: request.context)
+                    return CodexAccountFetchResult(
+                        index: request.index,
+                        account: request.account,
+                        outcome: outcome)
+                }
+            }
+
+            var results: [CodexAccountFetchResult] = []
+            results.reserveCapacity(requests.count)
+            for await result in group {
+                results.append(result)
+            }
+            return results.sorted { $0.index < $1.index }
+        }
+    }
+
+    func makeFetchContext(
+        provider: UsageProvider,
+        override: TokenAccountOverride?,
+        codexActiveSourceOverride: CodexActiveSource? = nil,
+        includeCredits: Bool = false) -> ProviderFetchContext
+    {
+        let account = ProviderTokenAccountSelection.selectedAccount(
+            provider: provider,
+            settings: self.settings,
+            override: override)
         let sourceMode = self.sourceMode(for: provider)
-        let snapshot = ProviderRegistry.makeSettingsSnapshot(settings: self.settings, tokenOverride: override)
+        let snapshot = ProviderRegistry.makeSettingsSnapshot(
+            settings: self.settings,
+            tokenOverride: override,
+            codexActiveSourceOverride: codexActiveSourceOverride)
         let env = ProviderRegistry.makeEnvironment(
-            base: ProcessInfo.processInfo.environment,
+            base: self.environmentBase,
             provider: provider,
             settings: self.settings,
-            tokenOverride: override)
+            tokenOverride: override,
+            codexActiveSourceOverride: codexActiveSourceOverride)
+        let fetcher = ProviderRegistry.makeFetcher(base: self.codexFetcher, provider: provider, env: env)
         let verbose = self.settings.isVerboseLoggingEnabled
-        let context = ProviderFetchContext(
+        return ProviderFetchContext(
             runtime: .app,
             sourceMode: sourceMode,
-            includeCredits: false,
+            includeCredits: includeCredits,
+            includeOptionalUsage: self.settings.showOptionalCreditsAndExtraUsage,
             webTimeout: 60,
             webDebugDumpHTML: false,
             verbose: verbose,
             env: env,
             settings: snapshot,
-            fetcher: self.codexFetcher,
+            fetcher: fetcher,
             claudeFetcher: self.claudeFetcher,
-            browserDetection: self.browserDetection)
-        return await descriptor.fetchOutcome(context: context)
+            browserDetection: self.browserDetection,
+            selectedTokenAccountID: account?.id,
+            tokenAccountTokenUpdater: { [weak settings = self.settings] provider, accountID, token in
+                await MainActor.run {
+                    settings?.updateTokenAccount(
+                        provider: provider,
+                        accountID: accountID,
+                        token: token)
+                }
+            },
+            providerManualTokenUpdater: { [weak settings = self.settings] provider, token in
+                await MainActor.run {
+                    if provider == .stepfun {
+                        settings?.stepfunToken = token
+                    }
+                }
+            },
+            costUsageHistoryDays: self.settings.costUsageHistoryDays)
     }
 
     func sourceMode(for provider: UsageProvider) -> ProviderSourceMode {
@@ -109,14 +422,49 @@ extension UsageStore {
     }
 
     private struct ResolvedAccountOutcome {
-        let snapshot: TokenAccountUsageSnapshot
+        let snapshot: TokenAccountUsageSnapshot?
         let usage: UsageSnapshot?
     }
 
+    private struct ResolvedCodexAccountOutcome {
+        let snapshot: CodexAccountUsageSnapshot?
+        let usage: UsageSnapshot?
+        let sourceLabel: String?
+    }
+
+    func tokenAccountErrorMessage(_ error: any Error) -> String? {
+        guard !Self.errorIsCancellation(error) else { return nil }
+        let message = error.localizedDescription.trimmingCharacters(in: .whitespacesAndNewlines)
+        return message.isEmpty ? nil : message
+    }
+
+    /// Per-account snapshot error text. Cancellation is handled before this path so
+    /// transient menu refresh cancellation does not render as a user-facing error.
+    func tokenAccountSnapshotErrorMessage(_ error: any Error) -> String {
+        let message = error.localizedDescription.trimmingCharacters(in: .whitespacesAndNewlines)
+        return message.isEmpty ? "Refresh failed" : message
+    }
+
+    func recordFetchedTokenAccountPlanUtilizationHistory(
+        provider: UsageProvider,
+        samples: [(account: ProviderTokenAccount, snapshot: UsageSnapshot)],
+        selectedAccount: ProviderTokenAccount?) async
+    {
+        for sample in samples where sample.account.id != selectedAccount?.id {
+            await self.recordPlanUtilizationHistorySample(
+                provider: provider,
+                snapshot: sample.snapshot,
+                account: sample.account,
+                shouldUpdatePreferredAccountKey: false,
+                shouldAdoptUnscopedHistory: false)
+        }
+    }
+
     private func resolveAccountOutcome(
         _ outcome: ProviderFetchOutcome,
         provider: UsageProvider,
-        account: ProviderTokenAccount) -> ResolvedAccountOutcome
+        account: ProviderTokenAccount,
+        priorSnapshot: TokenAccountUsageSnapshot? = nil) -> ResolvedAccountOutcome
     {
         switch outcome.result {
         case let .success(result):
@@ -129,15 +477,136 @@ extension UsageStore {
                 sourceLabel: result.sourceLabel)
             return ResolvedAccountOutcome(snapshot: snapshot, usage: labeled)
         case let .failure(error):
+            // Preserve the last-good snapshot when the refresh was cancelled (e.g. the
+            // user switched menu tabs mid-flight). Without this the per-account list
+            // would briefly render error chips for accounts that already had data.
+            if Self.errorIsCancellation(error) {
+                if let priorSnapshot, priorSnapshot.snapshot != nil {
+                    return ResolvedAccountOutcome(snapshot: priorSnapshot, usage: priorSnapshot.snapshot)
+                }
+                // No usable prior data: skip this row entirely. The caller will
+                // either preserve the existing per-account state or fall back to
+                // the single live card. Rendering a "cancelled" placeholder here
+                // produces visually duplicate cards with no useful data.
+                return ResolvedAccountOutcome(snapshot: nil, usage: nil)
+            }
             let snapshot = TokenAccountUsageSnapshot(
                 account: account,
                 snapshot: nil,
-                error: error.localizedDescription,
+                error: self.tokenAccountSnapshotErrorMessage(error),
                 sourceLabel: nil)
             return ResolvedAccountOutcome(snapshot: snapshot, usage: nil)
         }
     }
 
+    private func resolveCodexAccountOutcome(
+        _ outcome: ProviderFetchOutcome,
+        account: CodexVisibleAccount,
+        priorSnapshot: CodexAccountUsageSnapshot? = nil) -> ResolvedCodexAccountOutcome
+    {
+        switch outcome.result {
+        case let .success(result):
+            let scoped = result.usage.scoped(to: .codex)
+            let labeled = self.applyCodexVisibleAccountLabel(scoped, account: account)
+            let snapshot = CodexAccountUsageSnapshot(
+                account: account,
+                snapshot: labeled,
+                error: nil,
+                sourceLabel: result.sourceLabel)
+            return ResolvedCodexAccountOutcome(
+                snapshot: snapshot,
+                usage: labeled,
+                sourceLabel: result.sourceLabel)
+        case let .failure(error):
+            if Self.errorIsCancellation(error) {
+                if let priorSnapshot, priorSnapshot.snapshot != nil {
+                    return ResolvedCodexAccountOutcome(
+                        snapshot: priorSnapshot,
+                        usage: priorSnapshot.snapshot,
+                        sourceLabel: priorSnapshot.sourceLabel)
+                }
+                return ResolvedCodexAccountOutcome(snapshot: nil, usage: nil, sourceLabel: nil)
+            }
+            let errorMessage = self.tokenAccountSnapshotErrorMessage(error)
+            if Self.shouldPreserveCodexAccountSnapshotOnFailure(errorMessage),
+               let priorSnapshot,
+               let priorUsage = priorSnapshot.snapshot
+            {
+                let snapshot = CodexAccountUsageSnapshot(
+                    account: account,
+                    snapshot: priorUsage,
+                    error: errorMessage,
+                    sourceLabel: priorSnapshot.sourceLabel)
+                return ResolvedCodexAccountOutcome(
+                    snapshot: snapshot,
+                    usage: priorUsage,
+                    sourceLabel: priorSnapshot.sourceLabel)
+            }
+            let snapshot = CodexAccountUsageSnapshot(
+                account: account,
+                snapshot: nil,
+                error: errorMessage,
+                sourceLabel: nil)
+            return ResolvedCodexAccountOutcome(snapshot: snapshot, usage: nil, sourceLabel: nil)
+        }
+    }
+
+    private static func shouldPreserveCodexAccountSnapshotOnFailure(_ message: String) -> Bool {
+        guard CodexAccountHealth.status(forError: message) == .unavailable else { return false }
+        let normalized = message.lowercased()
+        return normalized.contains("network") ||
+            normalized.contains("internet connection") ||
+            normalized.contains("offline") ||
+            normalized.contains("timed out") ||
+            normalized.contains("timeout") ||
+            normalized.contains("connection was lost") ||
+            normalized.contains("could not connect") ||
+            normalized.contains("not connected") ||
+            normalized.contains("hostname") ||
+            normalized.contains("dns") ||
+            normalized.contains("temporarily unavailable")
+    }
+
+    func applySelectedCodexVisibleAccountOutcome(
+        _ outcome: ProviderFetchOutcome,
+        snapshot: UsageSnapshot?,
+        sourceLabel: String?) async
+    {
+        self.lastFetchAttempts[.codex] = outcome.attempts
+        switch outcome.result {
+        case .success:
+            guard let snapshot else { return }
+            let backfilled = snapshot.backfillingResetTimes(from: self.lastKnownResetSnapshots[.codex])
+            self.handleSessionQuotaTransition(provider: .codex, snapshot: backfilled)
+            self.lastKnownResetSnapshots[.codex] = backfilled
+            self.snapshots[.codex] = backfilled
+            if let sourceLabel {
+                self.lastSourceLabels[.codex] = sourceLabel
+            }
+            self.errors[.codex] = nil
+            self.failureGates[.codex]?.recordSuccess()
+            self.rememberLiveSystemCodexEmailIfNeeded(backfilled.accountEmail(for: .codex))
+            self.seedCodexAccountScopedRefreshGuard(accountEmail: backfilled.accountEmail(for: .codex))
+            await self.recordPlanUtilizationHistorySample(provider: .codex, snapshot: backfilled)
+            self.recordCodexHistoricalSampleIfNeeded(snapshot: backfilled)
+        case let .failure(error):
+            guard let message = self.tokenAccountErrorMessage(error) else {
+                self.errors[.codex] = nil
+                return
+            }
+            let hadPriorData = self.snapshots[.codex] != nil
+            let shouldSurface =
+                self.failureGates[.codex]?
+                    .shouldSurfaceError(onFailureWithPriorData: hadPriorData) ?? true
+            if shouldSurface {
+                self.errors[.codex] = message
+                self.snapshots.removeValue(forKey: .codex)
+            } else {
+                self.errors[.codex] = nil
+            }
+        }
+    }
+
     func applySelectedOutcome(
         _ outcome: ProviderFetchOutcome,
         provider: UsageProvider,
@@ -155,20 +624,32 @@ extension UsageStore {
             } else {
                 scoped
             }
-            await MainActor.run {
-                self.handleSessionQuotaTransition(provider: provider, snapshot: labeled)
-                self.snapshots[provider] = labeled
+            let backfilled = await MainActor.run {
+                let backfilled = labeled.backfillingResetTimes(from: self.lastKnownResetSnapshots[provider])
+                self.handleQuotaWarningTransitions(provider: provider, snapshot: backfilled)
+                self.handleSessionQuotaTransition(provider: provider, snapshot: backfilled)
+                self.lastKnownResetSnapshots[provider] = backfilled
+                self.snapshots[provider] = backfilled
                 self.lastSourceLabels[provider] = result.sourceLabel
                 self.errors[provider] = nil
                 self.failureGates[provider]?.recordSuccess()
+                return backfilled
             }
+            await self.recordPlanUtilizationHistorySample(
+                provider: provider,
+                snapshot: backfilled,
+                account: account)
         case let .failure(error):
             await MainActor.run {
+                guard let message = self.tokenAccountErrorMessage(error) else {
+                    self.errors[provider] = nil
+                    return
+                }
                 let hadPriorData = self.snapshots[provider] != nil || fallbackSnapshot != nil
                 let shouldSurface = self.failureGates[provider]?
                     .shouldSurfaceError(onFailureWithPriorData: hadPriorData) ?? true
                 if shouldSurface {
-                    self.errors[provider] = error.localizedDescription
+                    self.errors[provider] = message
                     self.snapshots.removeValue(forKey: provider)
                 } else {
                     self.errors[provider] = nil
@@ -194,4 +675,17 @@ extension UsageStore {
             loginMethod: existing?.loginMethod)
         return snapshot.withIdentity(identity)
     }
+
+    func applyCodexVisibleAccountLabel(_ snapshot: UsageSnapshot, account: CodexVisibleAccount) -> UsageSnapshot {
+        let existing = snapshot.identity(for: .codex)
+        let email = existing?.accountEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let resolvedEmail = (email?.isEmpty ?? true) ? account.email : email
+        let loginMethod = existing?.loginMethod ?? account.workspaceLabel
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: resolvedEmail,
+            accountOrganization: existing?.accountOrganization,
+            loginMethod: loginMethod)
+        return snapshot.withIdentity(identity)
+    }
 }
diff --git a/Sources/CodexBar/UsageStore+TokenCost.swift b/Sources/CodexBar/UsageStore+TokenCost.swift
index f00f14504..13c162ed9 100644
--- a/Sources/CodexBar/UsageStore+TokenCost.swift
+++ b/Sources/CodexBar/UsageStore+TokenCost.swift
@@ -18,6 +18,42 @@ extension UsageStore {
         self.tokenRefreshInFlight.contains(provider)
     }
 
+    func tokenCostScope(for provider: UsageProvider) -> (codexHomePath: String?, signature: String) {
+        guard provider == .codex else {
+            return (nil, provider.rawValue)
+        }
+        let homePath = self.settings.activeManagedCodexRemoteHomePath?
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+        guard let homePath, !homePath.isEmpty else {
+            return (nil, "codex:ambient")
+        }
+        return (homePath, "codex:managed:\(homePath)")
+    }
+
+    func tokenSnapshot(
+        fromProviderSnapshot snapshot: UsageSnapshot?,
+        provider: UsageProvider)
+        -> CostUsageTokenSnapshot?
+    {
+        switch provider {
+        case .openai:
+            snapshot?.openAIAPIUsage?.toCostUsageTokenSnapshot()
+        case .mistral:
+            snapshot?.mistralUsage?.toCostUsageTokenSnapshot(historyDays: self.settings.costUsageHistoryDays)
+        default:
+            nil
+        }
+    }
+
+    nonisolated static func tokenCostRequiresProviderSnapshot(_ provider: UsageProvider) -> Bool {
+        switch provider {
+        case .mistral, .openai:
+            true
+        default:
+            false
+        }
+    }
+
     nonisolated static func costUsageCacheDirectory(
         fileManager: FileManager = .default) -> URL
     {
diff --git a/Sources/CodexBar/UsageStore+WeeklyHistory.swift b/Sources/CodexBar/UsageStore+WeeklyHistory.swift
deleted file mode 100644
index ba9dbd9c7..000000000
--- a/Sources/CodexBar/UsageStore+WeeklyHistory.swift
+++ /dev/null
@@ -1,79 +0,0 @@
-import CodexBarCore
-import Foundation
-
-extension UsageStore {
-    private static let historyWriteMinInterval: TimeInterval = 15 * 60 // 15 minutes
-    private static let pruneCheckInterval: TimeInterval = 24 * 60 * 60 // 24 hours
-
-    func recordWeeklyHistoryIfNeeded() {
-        let now = Date()
-        for provider in self.enabledProviders() {
-            self.recordWeeklyHistorySnapshot(for: provider, now: now)
-        }
-        self.pruneWeeklyHistoryIfNeeded(now: now)
-    }
-
-    private func recordWeeklyHistorySnapshot(for provider: UsageProvider, now: Date) {
-        // Debounce: at most once per 15 minutes per provider
-        let key = "weeklyHistory-\(provider.rawValue)"
-        if let lastWrite = self.weeklyHistoryLastWrite[key],
-           now.timeIntervalSince(lastWrite) < Self.historyWriteMinInterval
-        {
-            return
-        }
-
-        let snapshot = self.snapshots[provider]
-        let tokenSnapshot = self.tokenSnapshots[provider]
-
-        // Need at least some data to record
-        guard snapshot?.secondary != nil || tokenSnapshot != nil else { return }
-
-        var cal = Calendar(identifier: .iso8601)
-        cal.timeZone = TimeZone.current
-        let dayFormatter = DateFormatter()
-        dayFormatter.locale = Locale(identifier: "en_US_POSIX")
-        dayFormatter.timeZone = TimeZone.current
-        dayFormatter.dateFormat = "yyyy-MM-dd"
-        let dayKey = dayFormatter.string(from: now)
-
-        let weekNumber = cal.component(.weekOfYear, from: now)
-        let weekYear = cal.component(.yearForWeekOfYear, from: now)
-        let weekday = cal.component(.weekday, from: now)
-        // Convert from Calendar weekday (1=Sun...7=Sat) to ISO 8601 (1=Mon...7=Sun)
-        let isoDayOfWeek = weekday == 1 ? 7 : weekday - 1
-
-        // Extract today's token data from the daily entries
-        let todayEntry = tokenSnapshot?.daily.first { $0.date == dayKey }
-
-        let record = WeeklyUsageRecord(
-            dayKey: dayKey,
-            provider: provider,
-            weekNumber: weekNumber,
-            weekYear: weekYear,
-            dayOfWeek: isoDayOfWeek,
-            weeklyUsedPercent: snapshot?.secondary?.usedPercent,
-            sessionUsedPercent: snapshot?.primary?.usedPercent,
-            weeklyResetsAt: snapshot?.secondary?.resetsAt,
-            totalTokens: todayEntry?.totalTokens,
-            inputTokens: todayEntry?.inputTokens,
-            outputTokens: todayEntry?.outputTokens,
-            costUSD: todayEntry?.costUSD,
-            recordedAt: now)
-
-        WeeklyUsageHistoryStore.save(record: record)
-        self.weeklyHistoryLastWrite[key] = now
-    }
-
-    private func pruneWeeklyHistoryIfNeeded(now: Date) {
-        if let lastPrune = self.weeklyHistoryLastPrune,
-           now.timeIntervalSince(lastPrune) < Self.pruneCheckInterval
-        {
-            return
-        }
-        self.weeklyHistoryLastPrune = now
-
-        for provider in UsageProvider.allCases {
-            WeeklyUsageHistoryStore.prune(provider: provider)
-        }
-    }
-}
diff --git a/Sources/CodexBar/UsageStore+WidgetSnapshot.swift b/Sources/CodexBar/UsageStore+WidgetSnapshot.swift
index f8699128d..e8befc321 100644
--- a/Sources/CodexBar/UsageStore+WidgetSnapshot.swift
+++ b/Sources/CodexBar/UsageStore+WidgetSnapshot.swift
@@ -7,12 +7,20 @@ import WidgetKit
 extension UsageStore {
     func persistWidgetSnapshot(reason: String) {
         let snapshot = self.makeWidgetSnapshot()
-        Task.detached(priority: .utility) {
-            WidgetSnapshotStore.save(snapshot)
-            #if canImport(WidgetKit)
-            await MainActor.run {
-                WidgetCenter.shared.reloadAllTimelines()
+        let previousTask = self.widgetSnapshotPersistTask
+        self.widgetSnapshotPersistTask = Task { @MainActor in
+            _ = await previousTask?.result
+
+            if let override = self._test_widgetSnapshotSaveOverride {
+                await override(snapshot)
+                return
             }
+
+            await Task.detached(priority: .utility) {
+                WidgetSnapshotStore.save(snapshot)
+            }.value
+            #if canImport(WidgetKit)
+            WidgetCenter.shared.reloadAllTimelines()
             #endif
         }
     }
@@ -28,7 +36,8 @@ extension UsageStore {
     private func makeWidgetEntry(for provider: UsageProvider) -> WidgetSnapshot.ProviderEntry? {
         guard let snapshot = self.snapshots[provider] else { return nil }
 
-        let tokenSnapshot = self.tokenSnapshots[provider]
+        let tokenSnapshot = self.tokenSnapshot(fromProviderSnapshot: snapshot, provider: provider) ?? self
+            .tokenSnapshots[provider]
         let dailyUsage = tokenSnapshot?.daily.map { entry in
             WidgetSnapshot.DailyUsagePoint(
                 dayKey: entry.date,
@@ -36,9 +45,23 @@ extension UsageStore {
                 costUSD: entry.costUSD)
         } ?? []
 
-        let tokenUsage = Self.widgetTokenUsageSummary(from: tokenSnapshot)
-        let creditsRemaining = provider == .codex ? self.credits?.remaining : nil
-        let codeReviewRemaining = provider == .codex ? self.openAIDashboard?.codeReviewRemainingPercent : nil
+        let tokenUsage = Self.widgetTokenUsageSummary(from: tokenSnapshot, provider: provider)
+        let usageRows = self.widgetUsageRows(provider: provider, snapshot: snapshot)
+
+        let creditsRemaining: Double?
+        let codeReviewRemaining: Double?
+        if provider == .codex {
+            let projection = self.codexConsumerProjection(
+                surface: .widget,
+                snapshotOverride: snapshot,
+                now: snapshot.updatedAt)
+            let displayOnlyExtrasHidden = projection.dashboardVisibility == .displayOnly
+            creditsRemaining = displayOnlyExtrasHidden ? nil : projection.credits?.remaining
+            codeReviewRemaining = displayOnlyExtrasHidden ? nil : projection.remainingPercent(for: .codeReview)
+        } else {
+            creditsRemaining = nil
+            codeReviewRemaining = nil
+        }
 
         return WidgetSnapshot.ProviderEntry(
             provider: provider,
@@ -46,6 +69,7 @@ extension UsageStore {
             primary: snapshot.primary,
             secondary: snapshot.secondary,
             tertiary: snapshot.tertiary,
+            usageRows: usageRows,
             creditsRemaining: creditsRemaining,
             codeReviewRemainingPercent: codeReviewRemaining,
             tokenUsage: tokenUsage,
@@ -53,15 +77,74 @@ extension UsageStore {
     }
 
     private nonisolated static func widgetTokenUsageSummary(
-        from snapshot: CostUsageTokenSnapshot?) -> WidgetSnapshot.TokenUsageSummary?
+        from snapshot: CostUsageTokenSnapshot?,
+        provider: UsageProvider) -> WidgetSnapshot.TokenUsageSummary?
     {
         guard let snapshot else { return nil }
         let fallbackTokens = snapshot.daily.compactMap(\.totalTokens).reduce(0, +)
         let monthTokensValue = snapshot.last30DaysTokens ?? (fallbackTokens > 0 ? fallbackTokens : nil)
+        let sessionLabel = provider == .bedrock || provider == .mistral ? "Latest billing day" : "Today"
+        let monthLabel = snapshot.historyLabel ?? (snapshot.historyDays == 1 ? "Today" : "\(snapshot.historyDays)d")
         return WidgetSnapshot.TokenUsageSummary(
             sessionCostUSD: snapshot.sessionCostUSD,
             sessionTokens: snapshot.sessionTokens,
             last30DaysCostUSD: snapshot.last30DaysCostUSD,
-            last30DaysTokens: monthTokensValue)
+            last30DaysTokens: monthTokensValue,
+            currencyCode: snapshot.currencyCode,
+            sessionLabel: sessionLabel,
+            last30DaysLabel: monthLabel)
+    }
+
+    private func widgetUsageRows(
+        provider: UsageProvider,
+        snapshot: UsageSnapshot) -> [WidgetSnapshot.WidgetUsageRowSnapshot]
+    {
+        let metadata = ProviderDefaults.metadata[provider]
+        if provider == .codex {
+            let projection = self.codexConsumerProjection(
+                surface: .widget,
+                snapshotOverride: snapshot,
+                now: snapshot.updatedAt)
+            return projection.visibleRateLanes.compactMap { lane in
+                guard let window = projection.rateWindow(for: lane) else { return nil }
+                let title = switch lane {
+                case .session:
+                    metadata?.sessionLabel ?? "Session"
+                case .weekly:
+                    metadata?.weeklyLabel ?? "Weekly"
+                }
+                return WidgetSnapshot.WidgetUsageRowSnapshot(
+                    id: lane.rawValue,
+                    title: title,
+                    percentLeft: window.remainingPercent)
+            }
+        }
+
+        let primaryTitle: String = {
+            if provider == .grok,
+               let dyn = GrokProviderDescriptor.primaryLabel(window: snapshot.primary)
+            {
+                return dyn
+            }
+            return metadata?.sessionLabel ?? "Session"
+        }()
+
+        var rows: [WidgetSnapshot.WidgetUsageRowSnapshot] = [
+            WidgetSnapshot.WidgetUsageRowSnapshot(
+                id: "primary",
+                title: primaryTitle,
+                percentLeft: snapshot.primary?.remainingPercent),
+            WidgetSnapshot.WidgetUsageRowSnapshot(
+                id: "secondary",
+                title: metadata?.weeklyLabel ?? "Weekly",
+                percentLeft: snapshot.secondary?.remainingPercent),
+        ]
+        if metadata?.supportsOpus == true {
+            rows.append(WidgetSnapshot.WidgetUsageRowSnapshot(
+                id: "tertiary",
+                title: metadata?.opusLabel ?? "Opus",
+                percentLeft: snapshot.tertiary?.remainingPercent))
+        }
+        return rows.filter { $0.percentLeft != nil }
     }
 }
diff --git a/Sources/CodexBar/UsageStore.swift b/Sources/CodexBar/UsageStore.swift
index 60e1e4a31..d2c35695d 100644
--- a/Sources/CodexBar/UsageStore.swift
+++ b/Sources/CodexBar/UsageStore.swift
@@ -14,6 +14,8 @@ extension UsageStore {
         _ = self.lastSourceLabels
         _ = self.lastFetchAttempts
         _ = self.accountSnapshots
+        _ = self.codexAccountSnapshots
+        _ = self.kiloScopeSnapshots
         _ = self.tokenSnapshots
         _ = self.tokenErrors
         _ = self.tokenRefreshInFlight
@@ -22,8 +24,6 @@ extension UsageStore {
         _ = self.openAIDashboard
         _ = self.lastOpenAIDashboardError
         _ = self.openAIDashboardRequiresLogin
-        _ = self.openAIDashboardCookieImportStatus
-        _ = self.openAIDashboardCookieImportDebugLog
         _ = self.versions
         _ = self.isRefreshing
         _ = self.refreshingProviders
@@ -31,6 +31,21 @@ extension UsageStore {
         _ = self.statuses
         _ = self.probeLogs
         _ = self.historicalPaceRevision
+        _ = self.providerStorageFootprints
+        return 0
+    }
+
+    var iconObservationToken: Int {
+        _ = self.snapshots
+        _ = self.errors
+        _ = self.credits
+        _ = self.lastCreditsError
+        _ = self.openAIDashboard
+        _ = self.lastOpenAIDashboardError
+        _ = self.openAIDashboardRequiresLogin
+        _ = self.refreshingProviders
+        _ = self.statuses
+        _ = self.historicalPaceRevision
         return 0
     }
 
@@ -39,24 +54,33 @@ extension UsageStore {
             _ = self.settings.refreshFrequency
             _ = self.settings.statusChecksEnabled
             _ = self.settings.sessionQuotaNotificationsEnabled
+            _ = self.settings.quotaWarningNotificationsEnabled
+            _ = self.settings.quotaWarningThresholds
+            _ = self.settings.quotaWarningThresholds(.session)
+            _ = self.settings.quotaWarningThresholds(.weekly)
+            _ = self.settings.quotaWarningSoundEnabled
             _ = self.settings.usageBarsShowUsed
             _ = self.settings.costUsageEnabled
+            _ = self.settings.costUsageHistoryDays
             _ = self.settings.randomBlinkEnabled
             _ = self.settings.configRevision
             for implementation in ProviderCatalog.all {
                 implementation.observeSettings(self.settings)
             }
-            _ = self.settings.showAllTokenAccountsInMenu
+            _ = self.settings.multiAccountMenuLayout
             _ = self.settings.tokenAccountsByProvider
             _ = self.settings.mergeIcons
             _ = self.settings.selectedMenuProvider
             _ = self.settings.debugLoadingPattern
             _ = self.settings.debugKeepCLISessionsAlive
             _ = self.settings.historicalTrackingEnabled
+            _ = self.settings.providerStorageFootprintsEnabled
         } onChange: { [weak self] in
             Task { @MainActor [weak self] in
                 guard let self else { return }
                 self.observeSettingsChanges()
+                self.invalidateProviderAvailabilityCache()
+                self.probeLogs = [:]
                 guard self.startupBehavior.automaticallyStartsBackgroundWork else { return }
                 self.startTimer()
                 self.updateProviderRuntimes()
@@ -65,12 +89,33 @@ extension UsageStore {
             }
         }
     }
+
+    var attachedOpenAIDashboardSnapshot: OpenAIDashboardSnapshot? {
+        guard self.openAIDashboardAttachmentAuthorized else { return nil }
+        return self.openAIDashboard
+    }
 }
 
 @MainActor
 @Observable
 final class UsageStore {
-    enum StartupBehavior: Sendable {
+    private struct ProviderAvailabilityCacheEntry {
+        let available: Bool
+        let configRevision: Int
+        let expiresAt: Date
+
+        func isValid(now: Date, configRevision: Int) -> Bool {
+            self.configRevision == configRevision && self.expiresAt > now
+        }
+    }
+
+    enum CodexCreditsSource {
+        case none
+        case api
+        case dashboardWeb
+    }
+
+    enum StartupBehavior {
         case automatic
         case full
         case testing
@@ -99,6 +144,8 @@ final class UsageStore {
     var lastSourceLabels: [UsageProvider: String] = [:]
     var lastFetchAttempts: [UsageProvider: [ProviderFetchAttempt]] = [:]
     var accountSnapshots: [UsageProvider: [TokenAccountUsageSnapshot]] = [:]
+    var codexAccountSnapshots: [CodexAccountUsageSnapshot] = []
+    var kiloScopeSnapshots: [KiloScopeSnapshot] = []
     var tokenSnapshots: [UsageProvider: CostUsageTokenSnapshot] = [:]
     var tokenErrors: [UsageProvider: String] = [:]
     var tokenRefreshInFlight: Set<UsageProvider> = []
@@ -117,13 +164,43 @@ final class UsageStore {
     var statuses: [UsageProvider: ProviderStatus] = [:]
     var probeLogs: [UsageProvider: String] = [:]
     var historicalPaceRevision: Int = 0
-    @ObservationIgnored private var lastCreditsSnapshot: CreditsSnapshot?
-    @ObservationIgnored private var creditsFailureStreak: Int = 0
-    @ObservationIgnored private var lastOpenAIDashboardSnapshot: OpenAIDashboardSnapshot?
-    @ObservationIgnored private var lastOpenAIDashboardTargetEmail: String?
-    @ObservationIgnored private var lastOpenAIDashboardCookieImportAttemptAt: Date?
-    @ObservationIgnored private var lastOpenAIDashboardCookieImportEmail: String?
-    @ObservationIgnored private var openAIWebAccountDidChange: Bool = false
+    var providerStorageFootprints: [UsageProvider: ProviderStorageFootprint] = [:]
+    @ObservationIgnored var lastCreditsSnapshot: CreditsSnapshot?
+    @ObservationIgnored var lastCreditsSnapshotAccountKey: String?
+    @ObservationIgnored var lastCreditsSource: CodexCreditsSource = .none
+    @ObservationIgnored var creditsFailureStreak: Int = 0
+    @ObservationIgnored var openAIDashboardAttachmentAuthorized: Bool = false
+    @ObservationIgnored var lastOpenAIDashboardSnapshot: OpenAIDashboardSnapshot?
+    @ObservationIgnored var lastOpenAIDashboardAttachmentAuthorized: Bool = false
+    @ObservationIgnored var lastOpenAIDashboardTargetEmail: String?
+    @ObservationIgnored var lastOpenAIDashboardAttemptAt: Date?
+    @ObservationIgnored var lastOpenAIDashboardCookieImportAttemptAt: Date?
+    @ObservationIgnored var lastOpenAIDashboardCookieImportEmail: String?
+    @ObservationIgnored var lastCodexAccountScopedRefreshGuard: CodexAccountScopedRefreshGuard?
+    @ObservationIgnored var lastKnownLiveSystemCodexEmail: String?
+    @ObservationIgnored var openAIWebAccountDidChange: Bool = false
+    @ObservationIgnored var creditsRefreshTask: Task<Void, Never>?
+    @ObservationIgnored var creditsRefreshTaskKey: String?
+    @ObservationIgnored var openAIDashboardBackgroundRefreshTask: Task<Void, Never>?
+    @ObservationIgnored var openAIDashboardBackgroundRefreshTaskKey: String?
+    @ObservationIgnored var openAIDashboardRefreshTask: Task<Void, Never>?
+    @ObservationIgnored var openAIDashboardRefreshTaskKey: String?
+    @ObservationIgnored var openAIDashboardRefreshTaskToken: UUID?
+    @ObservationIgnored var _test_openAIDashboardCookieImportOverride: (@MainActor (
+        String?,
+        Bool,
+        ProviderCookieSource,
+        CookieHeaderCache.Scope?,
+        @escaping (String) -> Void) async throws -> OpenAIDashboardBrowserCookieImporter.ImportResult)?
+    @ObservationIgnored var _test_openAIDashboardLoaderOverride: (@MainActor (
+        String?,
+        @escaping (String) -> Void,
+        TimeInterval) async throws -> OpenAIDashboardSnapshot)?
+    @ObservationIgnored var _test_codexCreditsLoaderOverride: (@MainActor () async throws -> CreditsSnapshot)?
+    @ObservationIgnored var _test_widgetSnapshotSaveOverride: (@MainActor (WidgetSnapshot) async -> Void)?
+    @ObservationIgnored var _test_providerRefreshOverride: (@MainActor (UsageProvider) async -> Void)?
+    @ObservationIgnored var _test_tokenUsageRefreshOverride: (@MainActor (UsageProvider, Bool) async -> Void)?
+    @ObservationIgnored var widgetSnapshotPersistTask: Task<Void, Never>?
 
     @ObservationIgnored let codexFetcher: UsageFetcher
     @ObservationIgnored let claudeFetcher: any ClaudeUsageFetching
@@ -131,34 +208,51 @@ final class UsageStore {
     @ObservationIgnored let browserDetection: BrowserDetection
     @ObservationIgnored private let registry: ProviderRegistry
     @ObservationIgnored let settings: SettingsStore
+    @ObservationIgnored let environmentBase: [String: String]
     @ObservationIgnored private let sessionQuotaNotifier: any SessionQuotaNotifying
     @ObservationIgnored private let sessionQuotaLogger = CodexBarLog.logger(LogCategories.sessionQuota)
-    @ObservationIgnored private let openAIWebLogger = CodexBarLog.logger(LogCategories.openAIWeb)
+    @ObservationIgnored let openAIWebLogger = CodexBarLog.logger(LogCategories.openAIWeb)
     @ObservationIgnored private let tokenCostLogger = CodexBarLog.logger(LogCategories.tokenCost)
     @ObservationIgnored let augmentLogger = CodexBarLog.logger(LogCategories.augment)
     @ObservationIgnored let providerLogger = CodexBarLog.logger(LogCategories.providers)
-    @ObservationIgnored private var openAIWebDebugLines: [String] = []
+    @ObservationIgnored var openAIWebDebugLines: [String] = []
     @ObservationIgnored var failureGates: [UsageProvider: ConsecutiveFailureGate] = [:]
     @ObservationIgnored var tokenFailureGates: [UsageProvider: ConsecutiveFailureGate] = [:]
     @ObservationIgnored var providerSpecs: [UsageProvider: ProviderSpec] = [:]
     @ObservationIgnored let providerMetadata: [UsageProvider: ProviderMetadata]
     @ObservationIgnored var providerRuntimes: [UsageProvider: any ProviderRuntime] = [:]
+    @ObservationIgnored private var providerAvailabilityCache: [UsageProvider: ProviderAvailabilityCacheEntry] = [:]
     @ObservationIgnored private var timerTask: Task<Void, Never>?
     @ObservationIgnored private var tokenTimerTask: Task<Void, Never>?
     @ObservationIgnored private var tokenRefreshSequenceTask: Task<Void, Never>?
+    @ObservationIgnored var storageRefreshTask: Task<Void, Never>?
+    @ObservationIgnored var storageRefreshGeneration: UInt64 = 0
+    @ObservationIgnored var storageRefreshInFlightSignature: String?
+    @ObservationIgnored var lastStorageRefreshSignature: String?
+    @ObservationIgnored var lastStorageRefreshAt: Date?
+    @ObservationIgnored var managedCodexAccountsForStorageOverride: [ManagedCodexAccount]?
     @ObservationIgnored private var pathDebugRefreshTask: Task<Void, Never>?
+    @ObservationIgnored var codexPlanHistoryBackfillTask: Task<Void, Never>?
     @ObservationIgnored let historicalUsageHistoryStore: HistoricalUsageHistoryStore
+    @ObservationIgnored let planUtilizationHistoryStore: PlanUtilizationHistoryStore
+    @ObservationIgnored let codexAccountUsageSnapshotStore: (any CodexAccountUsageSnapshotStoring)?
     @ObservationIgnored var codexHistoricalDataset: CodexHistoricalDataset?
     @ObservationIgnored var codexHistoricalDatasetAccountKey: String?
+    @ObservationIgnored var lastKnownResetSnapshots: [UsageProvider: UsageSnapshot] = [:]
     @ObservationIgnored var lastKnownSessionRemaining: [UsageProvider: Double] = [:]
     @ObservationIgnored var lastKnownSessionWindowSource: [UsageProvider: SessionQuotaWindowSource] = [:]
+    @ObservationIgnored var quotaWarningState: [QuotaWarningStateKey: QuotaWarningState] = [:]
+    @ObservationIgnored var lastPermissionPromptNotificationAt: [UsageProvider: Date] = [:]
     @ObservationIgnored var lastTokenFetchAt: [UsageProvider: Date] = [:]
+    @ObservationIgnored var lastTokenFetchScope: [UsageProvider: String] = [:]
+    @ObservationIgnored var planUtilizationHistory: [UsageProvider: PlanUtilizationHistoryBuckets] = [:]
+    @ObservationIgnored var weeklyLimitResetDetectorStates: [String: WeeklyLimitResetDetectorState] = [:]
     @ObservationIgnored private var hasCompletedInitialRefresh: Bool = false
+    @ObservationIgnored private let providerAvailabilityCacheTTL: TimeInterval = 1
     @ObservationIgnored private let tokenFetchTTL: TimeInterval = 60 * 60
     @ObservationIgnored private let tokenFetchTimeout: TimeInterval = 10 * 60
-    @ObservationIgnored var weeklyHistoryLastWrite: [String: Date] = [:]
-    @ObservationIgnored var weeklyHistoryLastPrune: Date?
     @ObservationIgnored private let startupBehavior: StartupBehavior
+    @ObservationIgnored let planUtilizationPersistenceCoordinator: PlanUtilizationHistoryPersistenceCoordinator
 
     init(
         fetcher: UsageFetcher,
@@ -168,8 +262,11 @@ final class UsageStore {
         settings: SettingsStore,
         registry: ProviderRegistry = .shared,
         historicalUsageHistoryStore: HistoricalUsageHistoryStore = HistoricalUsageHistoryStore(),
+        planUtilizationHistoryStore: PlanUtilizationHistoryStore = .defaultAppSupport(),
+        codexAccountUsageSnapshotStore: (any CodexAccountUsageSnapshotStoring)? = nil,
         sessionQuotaNotifier: any SessionQuotaNotifying = SessionQuotaNotifier(),
-        startupBehavior: StartupBehavior = .automatic)
+        startupBehavior: StartupBehavior = .automatic,
+        environmentBase: [String: String] = ProcessInfo.processInfo.environment)
     {
         self.codexFetcher = fetcher
         self.browserDetection = browserDetection
@@ -177,9 +274,15 @@ final class UsageStore {
         self.costUsageFetcher = costUsageFetcher
         self.settings = settings
         self.registry = registry
+        self.environmentBase = environmentBase
         self.historicalUsageHistoryStore = historicalUsageHistoryStore
+        self.planUtilizationHistoryStore = planUtilizationHistoryStore
         self.sessionQuotaNotifier = sessionQuotaNotifier
         self.startupBehavior = startupBehavior.resolved(isRunningTests: Self.isRunningTestsProcess())
+        self.codexAccountUsageSnapshotStore = codexAccountUsageSnapshotStore ??
+            (self.startupBehavior.automaticallyStartsBackgroundWork ? FileCodexAccountUsageSnapshotStore() : nil)
+        self.planUtilizationPersistenceCoordinator = PlanUtilizationHistoryPersistenceCoordinator(
+            store: planUtilizationHistoryStore)
         self.providerMetadata = registry.metadata
         self
             .failureGates = Dictionary(
@@ -193,10 +296,17 @@ final class UsageStore {
             metadata: self.providerMetadata,
             codexFetcher: fetcher,
             claudeFetcher: self.claudeFetcher,
-            browserDetection: browserDetection)
+            browserDetection: browserDetection,
+            environmentBase: environmentBase)
         self.providerRuntimes = Dictionary(uniqueKeysWithValues: ProviderCatalog.all.compactMap { implementation in
             implementation.makeRuntime().map { (implementation.id, $0) }
         })
+        self.planUtilizationHistory = planUtilizationHistoryStore.load()
+        self.weeklyLimitResetDetectorStates = Self.loadWeeklyLimitResetDetectorStates(from: settings.userDefaults)
+        if let codexAccountUsageSnapshotStore = self.codexAccountUsageSnapshotStore {
+            self.codexAccountSnapshots = codexAccountUsageSnapshotStore.load(
+                for: settings.codexVisibleAccountProjection.visibleAccounts)
+        }
         self.logStartupState()
         self.bindSettings()
         self.pathDebugInfo = PathDebugSnapshot(
@@ -248,11 +358,7 @@ final class UsageStore {
     /// Determines if a login method string indicates a Claude subscription plan.
     /// Known subscription indicators: Max, Pro, Ultra, Team (case-insensitive).
     nonisolated static func isSubscriptionPlan(_ loginMethod: String?) -> Bool {
-        guard let method = loginMethod?.lowercased(), !method.isEmpty else {
-            return false
-        }
-        let subscriptionIndicators = ["max", "pro", "ultra", "team"]
-        return subscriptionIndicators.contains { method.contains($0) }
+        ClaudePlan.isSubscriptionLoginMethod(loginMethod)
     }
 
     func version(for provider: UsageProvider) -> String? {
@@ -285,7 +391,18 @@ final class UsageStore {
     func enabledProviders() -> [UsageProvider] {
         // Use cached enablement to avoid repeated UserDefaults lookups in animation ticks.
         let enabled = self.settings.enabledProvidersOrdered(metadataByProvider: self.providerMetadata)
-        return enabled.filter { self.isProviderAvailable($0) }
+        let now = Date()
+        return enabled.filter { self.isProviderAvailable($0, now: now) }
+    }
+
+    /// Enabled providers without availability filtering. Used for display (switcher, merge-icons).
+    func enabledProvidersForDisplay() -> [UsageProvider] {
+        self.settings.enabledProvidersOrdered(metadataByProvider: self.providerMetadata)
+    }
+
+    /// Providers that should actually participate in background refresh/status/token work.
+    func enabledProvidersForBackgroundWork() -> [UsageProvider] {
+        self.enabledProviders()
     }
 
     var statusChecksEnabled: Bool {
@@ -296,7 +413,7 @@ final class UsageStore {
         self.providerMetadata[provider]!
     }
 
-    private var codexBrowserCookieOrder: BrowserCookieImportOrder {
+    var codexBrowserCookieOrder: BrowserCookieImportOrder {
         self.metadata(for: .codex).browserCookieOrder ?? Browser.defaultImportOrder
     }
 
@@ -354,11 +471,24 @@ final class UsageStore {
     }
 
     func isProviderAvailable(_ provider: UsageProvider) -> Bool {
+        self.isProviderAvailable(provider, now: Date())
+    }
+
+    private func isProviderAvailable(_ provider: UsageProvider, now: Date) -> Bool {
+        guard provider != .codex else { return true }
+
+        let configRevision = self.settings.configRevision
+        if let cached = self.providerAvailabilityCache[provider],
+           cached.isValid(now: now, configRevision: configRevision)
+        {
+            return cached.available
+        }
+
         // Availability should mirror the effective fetch environment, including token-account overrides.
         // Otherwise providers (notably token-account-backed API providers) can fetch successfully but be
         // hidden from the menu because their credentials are not in ProcessInfo's environment.
         let environment = ProviderRegistry.makeEnvironment(
-            base: ProcessInfo.processInfo.environment,
+            base: self.environmentBase,
             provider: provider,
             settings: self.settings,
             tokenOverride: nil)
@@ -366,9 +496,18 @@ final class UsageStore {
             provider: provider,
             settings: self.settings,
             environment: environment)
-        return ProviderCatalog.implementation(for: provider)?
+        let available = ProviderCatalog.implementation(for: provider)?
             .isAvailable(context: context)
             ?? true
+        self.providerAvailabilityCache[provider] = ProviderAvailabilityCacheEntry(
+            available: available,
+            configRevision: configRevision,
+            expiresAt: now.addingTimeInterval(self.providerAvailabilityCacheTTL))
+        return available
+    }
+
+    private func invalidateProviderAvailabilityCache() {
+        self.providerAvailabilityCache.removeAll(keepingCapacity: true)
     }
 
     func performRuntimeAction(_ action: ProviderRuntimeAction, for provider: UsageProvider) async {
@@ -391,7 +530,13 @@ final class UsageStore {
 
     func refresh(forceTokenUsage: Bool = false) async {
         guard !self.isRefreshing else { return }
+        self.prepareRefreshState()
         let refreshPhase: ProviderRefreshPhase = self.hasCompletedInitialRefresh ? .regular : .startup
+        let displayEnabledProviders = self.enabledProvidersForDisplay()
+        let enabledProviderSet = Set(displayEnabledProviders)
+        let refreshProviders = self.enabledProvidersForBackgroundWork()
+        let availableRefreshProviders = Set(self.enabledProviders())
+        let refreshStartedAt = Date()
 
         await ProviderRefreshContext.$current.withValue(refreshPhase) {
             self.isRefreshing = true
@@ -400,28 +545,72 @@ final class UsageStore {
                 self.hasCompletedInitialRefresh = true
             }
 
+            self.clearDisabledProviderState(enabledProviders: enabledProviderSet)
+            self.clearUnavailableProviderState(
+                displayEnabledProviders: enabledProviderSet,
+                availableProviders: availableRefreshProviders)
+            self.scheduleStorageFootprintRefresh(for: displayEnabledProviders)
+
             await withTaskGroup(of: Void.self) { group in
-                for provider in UsageProvider.allCases {
+                for provider in refreshProviders {
                     group.addTask { await self.refreshProvider(provider) }
-                    group.addTask { await self.refreshStatus(provider) }
+                    if availableRefreshProviders.contains(provider) {
+                        group.addTask { await self.refreshStatus(provider) }
+                    }
+                }
+                if forceTokenUsage {
+                    group.addTask { await self.refreshCreditsNow(minimumSnapshotUpdatedAt: refreshStartedAt) }
                 }
-                group.addTask { await self.refreshCreditsIfNeeded() }
             }
 
-            // Token-cost usage can be slow; run it outside the refresh group so we don't block menu updates.
-            self.scheduleTokenRefresh(force: forceTokenUsage)
+            if !forceTokenUsage {
+                self.scheduleCreditsRefreshIfNeeded(minimumSnapshotUpdatedAt: refreshStartedAt)
+            }
+
+            if forceTokenUsage {
+                await self.refreshTokenUsageSequenceNow(force: true)
+            } else {
+                // Token-cost usage can be slow; run it outside regular/menu-open refreshes so we don't block UI.
+                self.scheduleTokenRefresh(force: false)
+            }
 
             // OpenAI web scrape depends on the current Codex account email (which can change after login/account
             // switch). Run this after Codex usage refresh so we don't accidentally scrape with stale credentials.
-            await self.refreshOpenAIDashboardIfNeeded(force: forceTokenUsage)
+            self.syncOpenAIWebState()
+            let refreshPolicy = OpenAIWebRefreshPolicyContext(
+                accessEnabled: self.isEnabled(.codex) &&
+                    self.settings.openAIWebAccessEnabled &&
+                    self.settings.codexCookieSource.isEnabled,
+                batterySaverEnabled: self.settings.openAIWebBatterySaverEnabled,
+                force: forceTokenUsage)
+            let shouldRefreshOpenAIWeb = Self.shouldRunOpenAIWebRefresh(refreshPolicy)
+            self.openAIWebLogger.debug(
+                "OpenAI web refresh gate",
+                metadata: [
+                    "allowed": shouldRefreshOpenAIWeb ? "1" : "0",
+                    "accessEnabled": refreshPolicy.accessEnabled ? "1" : "0",
+                    "batterySaverEnabled": refreshPolicy.batterySaverEnabled ? "1" : "0",
+                    "force": refreshPolicy.force ? "1" : "0",
+                    "interaction": ProviderInteractionContext.current == .userInitiated ? "user" : "background",
+                    "phase": refreshPhase == .startup ? "startup" : "regular",
+                ])
+            if shouldRefreshOpenAIWeb {
+                let codexDashboardGuard = self.currentCodexOpenAIWebRefreshGuard()
+                if forceTokenUsage {
+                    await self.refreshOpenAIDashboardIfNeeded(
+                        force: true,
+                        expectedGuard: codexDashboardGuard)
+                } else {
+                    self.scheduleOpenAIDashboardRefreshIfNeeded(expectedGuard: codexDashboardGuard)
+                }
+            }
 
-            if self.openAIDashboardRequiresLogin {
+            if forceTokenUsage, self.openAIDashboardRequiresLogin {
                 await self.refreshProvider(.codex)
-                await self.refreshCreditsIfNeeded()
+                await self.refreshCreditsNow(minimumSnapshotUpdatedAt: refreshStartedAt)
             }
 
             self.persistWidgetSnapshot(reason: "refresh")
-            self.recordWeeklyHistoryIfNeeded()
         }
     }
 
@@ -484,10 +673,24 @@ final class UsageStore {
                     self?.tokenRefreshSequenceTask = nil
                 }
             }
-            for provider in UsageProvider.allCases {
-                if Task.isCancelled { break }
-                await self.refreshTokenUsage(provider, force: force)
-            }
+            await self.refreshTokenUsageSequence(force: force)
+        }
+    }
+
+    private func refreshTokenUsageSequenceNow(force: Bool) async {
+        if force, let existing = self.tokenRefreshSequenceTask {
+            existing.cancel()
+            await existing.value
+            self.tokenRefreshSequenceTask = nil
+        }
+
+        await self.refreshTokenUsageSequence(force: force)
+    }
+
+    private func refreshTokenUsageSequence(force: Bool) async {
+        for provider in self.enabledProvidersForBackgroundWork() {
+            if Task.isCancelled { break }
+            await self.refreshTokenUsage(provider, force: force)
         }
     }
 
@@ -495,6 +698,8 @@ final class UsageStore {
         self.timerTask?.cancel()
         self.tokenTimerTask?.cancel()
         self.tokenRefreshSequenceTask?.cancel()
+        self.storageRefreshTask?.cancel()
+        self.codexPlanHistoryBackfillTask?.cancel()
     }
 
     enum SessionQuotaWindowSource: String {
@@ -502,11 +707,21 @@ final class UsageStore {
         case copilotSecondaryFallback
     }
 
+    struct QuotaWarningStateKey: Hashable {
+        let provider: UsageProvider
+        let window: QuotaWarningWindow
+    }
+
+    struct QuotaWarningState {
+        var lastRemaining: Double?
+        var firedThresholds: Set<Int> = []
+    }
+
     private func sessionQuotaWindow(
         provider: UsageProvider,
         snapshot: UsageSnapshot) -> (window: RateWindow, source: SessionQuotaWindowSource)?
     {
-        if let primary = snapshot.primary {
+        if let primary = snapshot.primary, Self.isSessionWindow(primary) {
             return (primary, .primary)
         }
         if provider == .copilot, let secondary = snapshot.secondary {
@@ -515,6 +730,11 @@ final class UsageStore {
         return nil
     }
 
+    private static func isSessionWindow(_ window: RateWindow) -> Bool {
+        guard let minutes = window.windowMinutes else { return true }
+        return minutes <= 6 * 60
+    }
+
     func handleSessionQuotaTransition(provider: UsageProvider, snapshot: UsageSnapshot) {
         // Session quota notifications are tied to the primary session window. Copilot free plans can
         // expose only chat quota, so allow Copilot to fall back to secondary for transition tracking.
@@ -592,6 +812,77 @@ final class UsageStore {
         self.sessionQuotaNotifier.post(transition: transition, provider: provider, badge: nil)
     }
 
+    func handleQuotaWarningTransitions(provider: UsageProvider, snapshot: UsageSnapshot) {
+        guard self.settings.quotaWarningNotificationsEnabled else { return }
+
+        let accountDisplayName = self.quotaWarningAccountDisplayName(provider: provider, snapshot: snapshot)
+        self.handleQuotaWarningTransition(
+            provider: provider,
+            window: .session,
+            rateWindow: snapshot.primary,
+            accountDisplayName: accountDisplayName)
+        self.handleQuotaWarningTransition(
+            provider: provider,
+            window: .weekly,
+            rateWindow: snapshot.secondary,
+            accountDisplayName: accountDisplayName)
+    }
+
+    private func handleQuotaWarningTransition(
+        provider: UsageProvider,
+        window: QuotaWarningWindow,
+        rateWindow: RateWindow?,
+        accountDisplayName: String?)
+    {
+        let key = QuotaWarningStateKey(provider: provider, window: window)
+        guard self.settings.quotaWarningEnabled(provider: provider, window: window) else {
+            self.quotaWarningState.removeValue(forKey: key)
+            return
+        }
+        guard let rateWindow else {
+            self.quotaWarningState.removeValue(forKey: key)
+            return
+        }
+
+        let thresholds = self.settings.resolvedQuotaWarningThresholds(provider: provider, window: window)
+        let currentRemaining = rateWindow.remainingPercent
+        var state = self.quotaWarningState[key] ?? QuotaWarningState()
+        let cleared = QuotaWarningNotificationLogic.thresholdsToClear(
+            currentRemaining: currentRemaining,
+            alreadyFired: state.firedThresholds)
+        state.firedThresholds.subtract(cleared)
+
+        if let threshold = QuotaWarningNotificationLogic.crossedThreshold(
+            previousRemaining: state.lastRemaining,
+            currentRemaining: currentRemaining,
+            thresholds: thresholds,
+            alreadyFired: state.firedThresholds)
+        {
+            state.firedThresholds.formUnion(QuotaWarningNotificationLogic.firedThresholdsAfterWarning(
+                threshold: threshold,
+                thresholds: thresholds))
+            self.sessionQuotaNotifier.postQuotaWarning(
+                event: QuotaWarningEvent(
+                    window: window,
+                    threshold: threshold,
+                    currentRemaining: currentRemaining,
+                    accountDisplayName: accountDisplayName),
+                provider: provider,
+                soundEnabled: self.settings.quotaWarningSoundEnabled)
+        }
+
+        state.lastRemaining = currentRemaining
+        self.quotaWarningState[key] = state
+    }
+
+    private func quotaWarningAccountDisplayName(provider: UsageProvider, snapshot: UsageSnapshot) -> String? {
+        guard !self.settings.hidePersonalInfo else { return nil }
+        let account = snapshot.accountEmail(for: provider)?
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+        guard let account, !account.isEmpty else { return nil }
+        return account
+    }
+
     private func refreshStatus(_ provider: UsageProvider) async {
         guard self.settings.statusChecksEnabled else { return }
         guard let meta = self.providerMetadata[provider] else { return }
@@ -618,490 +909,6 @@ final class UsageStore {
             }
         }
     }
-
-    private func refreshCreditsIfNeeded() async {
-        guard self.isEnabled(.codex) else { return }
-        do {
-            let credits = try await self.codexFetcher.loadLatestCredits(
-                keepCLISessionsAlive: self.settings.debugKeepCLISessionsAlive)
-            await MainActor.run {
-                self.credits = credits
-                self.lastCreditsError = nil
-                self.lastCreditsSnapshot = credits
-                self.creditsFailureStreak = 0
-            }
-        } catch {
-            let message = error.localizedDescription
-            if message.localizedCaseInsensitiveContains("data not available yet") {
-                await MainActor.run {
-                    if let cached = self.lastCreditsSnapshot {
-                        self.credits = cached
-                        self.lastCreditsError = nil
-                    } else {
-                        self.credits = nil
-                        self.lastCreditsError = "Codex credits are still loading; will retry shortly."
-                    }
-                }
-                return
-            }
-
-            await MainActor.run {
-                self.creditsFailureStreak += 1
-                if let cached = self.lastCreditsSnapshot {
-                    self.credits = cached
-                    let stamp = cached.updatedAt.formatted(date: .abbreviated, time: .shortened)
-                    self.lastCreditsError =
-                        "Last Codex credits refresh failed: \(message). Cached values from \(stamp)."
-                } else {
-                    self.lastCreditsError = message
-                    self.credits = nil
-                }
-            }
-        }
-    }
-}
-
-extension UsageStore {
-    private static let openAIWebRefreshMultiplier: TimeInterval = 5
-    private static let openAIWebPrimaryFetchTimeout: TimeInterval = 15
-    private static let openAIWebRetryFetchTimeout: TimeInterval = 8
-
-    private func openAIWebRefreshIntervalSeconds() -> TimeInterval {
-        let base = max(self.settings.refreshFrequency.seconds ?? 0, 120)
-        return base * Self.openAIWebRefreshMultiplier
-    }
-
-    func requestOpenAIDashboardRefreshIfStale(reason: String) {
-        guard self.isEnabled(.codex), self.settings.codexCookieSource.isEnabled else { return }
-        let now = Date()
-        let refreshInterval = self.openAIWebRefreshIntervalSeconds()
-        let lastUpdatedAt = self.openAIDashboard?.updatedAt ?? self.lastOpenAIDashboardSnapshot?.updatedAt
-        if let lastUpdatedAt, now.timeIntervalSince(lastUpdatedAt) < refreshInterval { return }
-        let stamp = now.formatted(date: .abbreviated, time: .shortened)
-        self.logOpenAIWeb("[\(stamp)] OpenAI web refresh request: \(reason)")
-        Task { await self.refreshOpenAIDashboardIfNeeded(force: true) }
-    }
-
-    private func applyOpenAIDashboard(_ dash: OpenAIDashboardSnapshot, targetEmail: String?) async {
-        await MainActor.run {
-            self.openAIDashboard = dash
-            self.lastOpenAIDashboardError = nil
-            self.lastOpenAIDashboardSnapshot = dash
-            self.openAIDashboardRequiresLogin = false
-            // Only fill gaps; OAuth/CLI remain the primary sources for usage + credits.
-            if self.snapshots[.codex] == nil,
-               let usage = dash.toUsageSnapshot(provider: .codex, accountEmail: targetEmail)
-            {
-                self.snapshots[.codex] = usage
-                self.errors[.codex] = nil
-                self.failureGates[.codex]?.recordSuccess()
-                self.lastSourceLabels[.codex] = "openai-web"
-            }
-            if self.credits == nil, let credits = dash.toCreditsSnapshot() {
-                self.credits = credits
-                self.lastCreditsSnapshot = credits
-                self.lastCreditsError = nil
-                self.creditsFailureStreak = 0
-            }
-        }
-
-        if let email = targetEmail, !email.isEmpty {
-            OpenAIDashboardCacheStore.save(OpenAIDashboardCache(accountEmail: email, snapshot: dash))
-        }
-        self.backfillCodexHistoricalFromDashboardIfNeeded(dash)
-    }
-
-    private func applyOpenAIDashboardFailure(message: String) async {
-        await MainActor.run {
-            if let cached = self.lastOpenAIDashboardSnapshot {
-                self.openAIDashboard = cached
-                let stamp = cached.updatedAt.formatted(date: .abbreviated, time: .shortened)
-                self.lastOpenAIDashboardError =
-                    "Last OpenAI dashboard refresh failed: \(message). Cached values from \(stamp)."
-            } else {
-                self.lastOpenAIDashboardError = message
-                self.openAIDashboard = nil
-            }
-        }
-    }
-
-    private func refreshOpenAIDashboardIfNeeded(force: Bool = false) async {
-        guard self.isEnabled(.codex), self.settings.codexCookieSource.isEnabled else {
-            self.resetOpenAIWebState()
-            return
-        }
-
-        let targetEmail = self.codexAccountEmailForOpenAIDashboard()
-        self.handleOpenAIWebTargetEmailChangeIfNeeded(targetEmail: targetEmail)
-
-        let now = Date()
-        let minInterval = self.openAIWebRefreshIntervalSeconds()
-        if !force,
-           !self.openAIWebAccountDidChange,
-           self.lastOpenAIDashboardError == nil,
-           let snapshot = self.lastOpenAIDashboardSnapshot,
-           now.timeIntervalSince(snapshot.updatedAt) < minInterval
-        {
-            return
-        }
-
-        if self.openAIWebDebugLines.isEmpty {
-            self.resetOpenAIWebDebugLog(context: "refresh")
-        } else {
-            let stamp = Date().formatted(date: .abbreviated, time: .shortened)
-            self.logOpenAIWeb("[\(stamp)] OpenAI web refresh start")
-        }
-        let log: (String) -> Void = { [weak self] line in
-            guard let self else { return }
-            self.logOpenAIWeb(line)
-        }
-
-        do {
-            let normalized = targetEmail?
-                .trimmingCharacters(in: .whitespacesAndNewlines)
-                .lowercased()
-            var effectiveEmail = targetEmail
-
-            // Use a per-email persistent `WKWebsiteDataStore` so multiple dashboard sessions can coexist.
-            // Strategy:
-            // - Try the existing per-email WebKit cookie store first (fast; avoids Keychain prompts).
-            // - On login-required or account mismatch, import cookies from the configured browser order and retry once.
-            if self.openAIWebAccountDidChange, let targetEmail, !targetEmail.isEmpty {
-                // On account switches, proactively re-import cookies so we don't show stale data from the previous
-                // user.
-                if let imported = await self.importOpenAIDashboardCookiesIfNeeded(
-                    targetEmail: targetEmail,
-                    force: true)
-                {
-                    effectiveEmail = imported
-                }
-                self.openAIWebAccountDidChange = false
-            }
-
-            var dash = try await OpenAIDashboardFetcher().loadLatestDashboard(
-                accountEmail: effectiveEmail,
-                logger: log,
-                debugDumpHTML: false,
-                timeout: Self.openAIWebPrimaryFetchTimeout)
-
-            if self.dashboardEmailMismatch(expected: normalized, actual: dash.signedInEmail) {
-                if let imported = await self.importOpenAIDashboardCookiesIfNeeded(
-                    targetEmail: targetEmail,
-                    force: true)
-                {
-                    effectiveEmail = imported
-                }
-                dash = try await OpenAIDashboardFetcher().loadLatestDashboard(
-                    accountEmail: effectiveEmail,
-                    logger: log,
-                    debugDumpHTML: false,
-                    timeout: Self.openAIWebRetryFetchTimeout)
-            }
-
-            if self.dashboardEmailMismatch(expected: normalized, actual: dash.signedInEmail) {
-                let signedIn = dash.signedInEmail?.trimmingCharacters(in: .whitespacesAndNewlines) ?? "unknown"
-                await MainActor.run {
-                    self.openAIDashboard = nil
-                    self.lastOpenAIDashboardError = [
-                        "OpenAI dashboard signed in as \(signedIn), but Codex uses \(normalized ?? "unknown").",
-                        "Switch accounts in your browser and update OpenAI cookies in Providers → Codex.",
-                    ].joined(separator: " ")
-                    self.openAIDashboardRequiresLogin = true
-                }
-                return
-            }
-
-            await self.applyOpenAIDashboard(dash, targetEmail: effectiveEmail)
-        } catch let OpenAIDashboardFetcher.FetchError.noDashboardData(body) {
-            // Often indicates a missing/stale session without an obvious login prompt. Retry once after
-            // importing cookies from the user's browser.
-            let targetEmail = self.codexAccountEmailForOpenAIDashboard()
-            var effectiveEmail = targetEmail
-            if let imported = await self.importOpenAIDashboardCookiesIfNeeded(targetEmail: targetEmail, force: true) {
-                effectiveEmail = imported
-            }
-            do {
-                let dash = try await OpenAIDashboardFetcher().loadLatestDashboard(
-                    accountEmail: effectiveEmail,
-                    logger: log,
-                    debugDumpHTML: true,
-                    timeout: Self.openAIWebRetryFetchTimeout)
-                await self.applyOpenAIDashboard(dash, targetEmail: effectiveEmail)
-            } catch let OpenAIDashboardFetcher.FetchError.noDashboardData(retryBody) {
-                let finalBody = retryBody.isEmpty ? body : retryBody
-                let message = self.openAIDashboardFriendlyError(
-                    body: finalBody,
-                    targetEmail: targetEmail,
-                    cookieImportStatus: self.openAIDashboardCookieImportStatus)
-                    ?? OpenAIDashboardFetcher.FetchError.noDashboardData(body: finalBody).localizedDescription
-                await self.applyOpenAIDashboardFailure(message: message)
-            } catch {
-                await self.applyOpenAIDashboardFailure(message: error.localizedDescription)
-            }
-        } catch OpenAIDashboardFetcher.FetchError.loginRequired {
-            let targetEmail = self.codexAccountEmailForOpenAIDashboard()
-            var effectiveEmail = targetEmail
-            if let imported = await self.importOpenAIDashboardCookiesIfNeeded(targetEmail: targetEmail, force: true) {
-                effectiveEmail = imported
-            }
-            do {
-                let dash = try await OpenAIDashboardFetcher().loadLatestDashboard(
-                    accountEmail: effectiveEmail,
-                    logger: log,
-                    debugDumpHTML: true,
-                    timeout: Self.openAIWebRetryFetchTimeout)
-                await self.applyOpenAIDashboard(dash, targetEmail: effectiveEmail)
-            } catch OpenAIDashboardFetcher.FetchError.loginRequired {
-                await MainActor.run {
-                    self.lastOpenAIDashboardError = [
-                        "OpenAI web access requires a signed-in chatgpt.com session.",
-                        "Sign in using \(self.codexBrowserCookieOrder.loginHint), " +
-                            "then update OpenAI cookies in Providers → Codex.",
-                    ].joined(separator: " ")
-                    self.openAIDashboard = self.lastOpenAIDashboardSnapshot
-                    self.openAIDashboardRequiresLogin = true
-                }
-            } catch {
-                await self.applyOpenAIDashboardFailure(message: error.localizedDescription)
-            }
-        } catch {
-            await self.applyOpenAIDashboardFailure(message: error.localizedDescription)
-        }
-    }
-
-    // MARK: - OpenAI web account switching
-
-    /// Detect Codex account email changes and clear stale OpenAI web state so the UI can't show the wrong user.
-    /// This does not delete other per-email WebKit cookie stores (we keep multiple accounts around).
-    func handleOpenAIWebTargetEmailChangeIfNeeded(targetEmail: String?) {
-        let normalized = targetEmail?
-            .trimmingCharacters(in: .whitespacesAndNewlines)
-            .lowercased()
-
-        guard let normalized, !normalized.isEmpty else { return }
-
-        let previous = self.lastOpenAIDashboardTargetEmail
-        self.lastOpenAIDashboardTargetEmail = normalized
-
-        if let previous,
-           !previous.isEmpty,
-           previous != normalized
-        {
-            let stamp = Date().formatted(date: .abbreviated, time: .shortened)
-            self.logOpenAIWeb(
-                "[\(stamp)] Codex account changed: \(previous) → \(normalized); " +
-                    "clearing OpenAI web snapshot")
-            self.openAIWebAccountDidChange = true
-            self.openAIDashboard = nil
-            self.lastOpenAIDashboardSnapshot = nil
-            self.lastOpenAIDashboardError = nil
-            self.openAIDashboardRequiresLogin = true
-            self.openAIDashboardCookieImportStatus = "Codex account changed; importing browser cookies…"
-            self.lastOpenAIDashboardCookieImportAttemptAt = nil
-            self.lastOpenAIDashboardCookieImportEmail = nil
-        }
-    }
-
-    func importOpenAIDashboardBrowserCookiesNow() async {
-        self.resetOpenAIWebDebugLog(context: "manual import")
-        let targetEmail = self.codexAccountEmailForOpenAIDashboard()
-        _ = await self.importOpenAIDashboardCookiesIfNeeded(targetEmail: targetEmail, force: true)
-        await self.refreshOpenAIDashboardIfNeeded(force: true)
-    }
-
-    private func importOpenAIDashboardCookiesIfNeeded(targetEmail: String?, force: Bool) async -> String? {
-        let normalizedTarget = targetEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
-        let allowAnyAccount = normalizedTarget == nil || normalizedTarget?.isEmpty == true
-        let cookieSource = self.settings.codexCookieSource
-
-        let now = Date()
-        let lastEmail = self.lastOpenAIDashboardCookieImportEmail
-        let lastAttempt = self.lastOpenAIDashboardCookieImportAttemptAt ?? .distantPast
-
-        let shouldAttempt: Bool = if force {
-            true
-        } else {
-            if allowAnyAccount {
-                now.timeIntervalSince(lastAttempt) > 300
-            } else {
-                self.openAIDashboardRequiresLogin &&
-                    (
-                        lastEmail?.lowercased() != normalizedTarget?.lowercased() || now
-                            .timeIntervalSince(lastAttempt) > 300)
-            }
-        }
-
-        guard shouldAttempt else { return normalizedTarget }
-        self.lastOpenAIDashboardCookieImportEmail = normalizedTarget
-        self.lastOpenAIDashboardCookieImportAttemptAt = now
-
-        let stamp = now.formatted(date: .abbreviated, time: .shortened)
-        let targetLabel = normalizedTarget ?? "unknown"
-        self.logOpenAIWeb("[\(stamp)] import start (target=\(targetLabel))")
-
-        do {
-            let log: (String) -> Void = { [weak self] message in
-                guard let self else { return }
-                self.logOpenAIWeb(message)
-            }
-
-            let importer = OpenAIDashboardBrowserCookieImporter(browserDetection: self.browserDetection)
-            let result: OpenAIDashboardBrowserCookieImporter.ImportResult
-            switch cookieSource {
-            case .manual:
-                self.settings.ensureCodexCookieLoaded()
-                let manualHeader = self.settings.codexCookieHeader
-                guard CookieHeaderNormalizer.normalize(manualHeader) != nil else {
-                    throw OpenAIDashboardBrowserCookieImporter.ImportError.manualCookieHeaderInvalid
-                }
-                result = try await importer.importManualCookies(
-                    cookieHeader: manualHeader,
-                    intoAccountEmail: normalizedTarget,
-                    allowAnyAccount: allowAnyAccount,
-                    logger: log)
-            case .auto:
-                result = try await importer.importBestCookies(
-                    intoAccountEmail: normalizedTarget,
-                    allowAnyAccount: allowAnyAccount,
-                    logger: log)
-            case .off:
-                result = OpenAIDashboardBrowserCookieImporter.ImportResult(
-                    sourceLabel: "Off",
-                    cookieCount: 0,
-                    signedInEmail: normalizedTarget,
-                    matchesCodexEmail: true)
-            }
-            let effectiveEmail = result.signedInEmail?
-                .trimmingCharacters(in: .whitespacesAndNewlines)
-                .isEmpty == false
-                ? result.signedInEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
-                : normalizedTarget
-            self.lastOpenAIDashboardCookieImportEmail = effectiveEmail ?? normalizedTarget
-            await MainActor.run {
-                let signed = result.signedInEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
-                let matchText = result.matchesCodexEmail ? "matches Codex" : "does not match Codex"
-                let sourceLabel = switch cookieSource {
-                case .manual:
-                    "Manual cookie header"
-                case .auto:
-                    "\(result.sourceLabel) cookies"
-                case .off:
-                    "OpenAI cookies disabled"
-                }
-                if let signed, !signed.isEmpty {
-                    self.openAIDashboardCookieImportStatus =
-                        allowAnyAccount
-                            ? [
-                                "Using \(sourceLabel) (\(result.cookieCount)).",
-                                "Signed in as \(signed).",
-                            ].joined(separator: " ")
-                            : [
-                                "Using \(sourceLabel) (\(result.cookieCount)).",
-                                "Signed in as \(signed) (\(matchText)).",
-                            ].joined(separator: " ")
-                } else {
-                    self.openAIDashboardCookieImportStatus =
-                        "Using \(sourceLabel) (\(result.cookieCount))."
-                }
-            }
-            return effectiveEmail
-        } catch let err as OpenAIDashboardBrowserCookieImporter.ImportError {
-            switch err {
-            case let .noMatchingAccount(found):
-                let foundText: String = if found.isEmpty {
-                    "no signed-in session detected in \(self.codexBrowserCookieOrder.loginHint)"
-                } else {
-                    found
-                        .sorted { lhs, rhs in
-                            if lhs.sourceLabel == rhs.sourceLabel { return lhs.email < rhs.email }
-                            return lhs.sourceLabel < rhs.sourceLabel
-                        }
-                        .map { "\($0.sourceLabel): \($0.email)" }
-                        .joined(separator: " • ")
-                }
-                self.logOpenAIWeb("[\(stamp)] import mismatch: \(foundText)")
-                await MainActor.run {
-                    self.openAIDashboardCookieImportStatus = allowAnyAccount
-                        ? [
-                            "No signed-in OpenAI web session found.",
-                            "Found \(foundText).",
-                        ].joined(separator: " ")
-                        : [
-                            "Browser cookies do not match Codex account (\(normalizedTarget ?? "unknown")).",
-                            "Found \(foundText).",
-                        ].joined(separator: " ")
-                    // Treat mismatch like "not logged in" for the current Codex account.
-                    self.openAIDashboardRequiresLogin = true
-                    self.openAIDashboard = nil
-                }
-            case .noCookiesFound,
-                 .browserAccessDenied,
-                 .dashboardStillRequiresLogin,
-                 .manualCookieHeaderInvalid:
-                self.logOpenAIWeb("[\(stamp)] import failed: \(err.localizedDescription)")
-                await MainActor.run {
-                    self.openAIDashboardCookieImportStatus =
-                        "OpenAI cookie import failed: \(err.localizedDescription)"
-                    self.openAIDashboardRequiresLogin = true
-                }
-            }
-        } catch {
-            self.logOpenAIWeb("[\(stamp)] import failed: \(error.localizedDescription)")
-            await MainActor.run {
-                self.openAIDashboardCookieImportStatus =
-                    "Browser cookie import failed: \(error.localizedDescription)"
-            }
-        }
-        return nil
-    }
-
-    private func resetOpenAIWebDebugLog(context: String) {
-        let stamp = Date().formatted(date: .abbreviated, time: .shortened)
-        self.openAIWebDebugLines.removeAll(keepingCapacity: true)
-        self.openAIDashboardCookieImportDebugLog = nil
-        self.logOpenAIWeb("[\(stamp)] OpenAI web \(context) start")
-    }
-
-    private func logOpenAIWeb(_ message: String) {
-        let safeMessage = LogRedactor.redact(message)
-        self.openAIWebLogger.debug(safeMessage)
-        self.openAIWebDebugLines.append(safeMessage)
-        if self.openAIWebDebugLines.count > 240 {
-            self.openAIWebDebugLines.removeFirst(self.openAIWebDebugLines.count - 240)
-        }
-        self.openAIDashboardCookieImportDebugLog = self.openAIWebDebugLines.joined(separator: "\n")
-    }
-
-    func resetOpenAIWebState() {
-        self.openAIDashboard = nil
-        self.lastOpenAIDashboardError = nil
-        self.lastOpenAIDashboardSnapshot = nil
-        self.lastOpenAIDashboardTargetEmail = nil
-        self.openAIDashboardRequiresLogin = false
-        self.openAIDashboardCookieImportStatus = nil
-        self.openAIDashboardCookieImportDebugLog = nil
-        self.lastOpenAIDashboardCookieImportAttemptAt = nil
-        self.lastOpenAIDashboardCookieImportEmail = nil
-    }
-
-    private func dashboardEmailMismatch(expected: String?, actual: String?) -> Bool {
-        guard let expected, !expected.isEmpty else { return false }
-        guard let raw = actual?.trimmingCharacters(in: .whitespacesAndNewlines), !raw.isEmpty else { return false }
-        return raw.lowercased() != expected.lowercased()
-    }
-
-    func codexAccountEmailForOpenAIDashboard() -> String? {
-        let direct = self.snapshots[.codex]?.accountEmail(for: .codex)?
-            .trimmingCharacters(in: .whitespacesAndNewlines)
-        if let direct, !direct.isEmpty { return direct }
-        let fallback = self.codexFetcher.loadAccountInfo().email?.trimmingCharacters(in: .whitespacesAndNewlines)
-        if let fallback, !fallback.isEmpty { return fallback }
-        let cached = self.openAIDashboard?.signedInEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
-        if let cached, !cached.isEmpty { return cached }
-        let imported = self.lastOpenAIDashboardCookieImportEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
-        if let imported, !imported.isEmpty { return imported }
-        return nil
-    }
 }
 
 extension UsageStore {
@@ -1135,14 +942,11 @@ extension UsageStore {
         }
     }
 
-    func debugClaudeDump() async -> String {
-        await ClaudeStatusProbe.latestDumps()
-    }
-
     func debugAugmentDump() async -> String {
         await AugmentStatusProbe.latestDumps()
     }
 
+    // swiftlint:disable:next function_body_length
     func debugLog(for provider: UsageProvider) async -> String {
         if let cached = self.probeLogs[provider], !cached.isEmpty {
             return cached
@@ -1152,239 +956,369 @@ extension UsageStore {
         let claudeUsageDataSource = self.settings.claudeUsageDataSource
         let claudeCookieSource = self.settings.claudeCookieSource
         let claudeCookieHeader = self.settings.claudeCookieHeader
-        let keepCLISessionsAlive = self.settings.debugKeepCLISessionsAlive
+        let claudeDebugConfiguration: ClaudeDebugLogConfiguration? = if provider == .claude {
+            await self.makeClaudeDebugConfiguration(
+                fallbackUsageDataSource: claudeUsageDataSource,
+                fallbackWebExtrasEnabled: claudeWebExtrasEnabled,
+                fallbackCookieSource: claudeCookieSource,
+                fallbackCookieHeader: claudeCookieHeader)
+        } else {
+            nil
+        }
         let cursorCookieSource = self.settings.cursorCookieSource
         let cursorCookieHeader = self.settings.cursorCookieHeader
         let ampCookieSource = self.settings.ampCookieSource
         let ampCookieHeader = self.settings.ampCookieHeader
         let ollamaCookieSource = self.settings.ollamaCookieSource
         let ollamaCookieHeader = self.settings.ollamaCookieHeader
-        let processEnvironment = ProcessInfo.processInfo.environment
-        let openRouterConfigToken = self.settings.providerConfig(for: .openrouter)?.sanitizedAPIKey
-        let openRouterHasConfigToken = !(openRouterConfigToken?.trimmingCharacters(in: .whitespacesAndNewlines)
-            .isEmpty ?? true)
-        let openRouterHasEnvToken = OpenRouterSettingsReader.apiToken(environment: processEnvironment) != nil
-        let openRouterEnvironment = ProviderConfigEnvironment.applyAPIKeyOverride(
+        let processEnvironment = self.environmentBase
+        let openAIDebugContext = self.openAIAPIKeyDebugContext(processEnvironment: processEnvironment)
+        let azureOpenAIDebugContext = self.azureOpenAIAPIKeyDebugContext(processEnvironment: processEnvironment)
+        let openRouterDebugContext = self.openRouterAPIKeyDebugContext(processEnvironment: processEnvironment)
+        let elevenLabsDebugContext = self.elevenLabsAPIKeyDebugContext(processEnvironment: processEnvironment)
+        let deepSeekHasEnvToken = DeepSeekSettingsReader.apiKey(environment: processEnvironment) != nil
+        let deepSeekHasTokenAccount = self.settings.selectedTokenAccount(for: .deepseek) != nil
+        let deepSeekEnvironment = ProviderRegistry.makeEnvironment(
             base: processEnvironment,
-            provider: .openrouter,
-            config: self.settings.providerConfig(for: .openrouter))
-        return await Task.detached(priority: .utility) { () -> String in
+            provider: .deepseek,
+            settings: self.settings,
+            tokenOverride: nil)
+        let codexFetcher = self.codexFetcher
+        let browserDetection = self.browserDetection
+        let claudeDebugExecutionContext = self.currentClaudeDebugExecutionContext()
+        let text = await Task.detached(priority: .utility) { () -> String in
             let unimplementedDebugLogMessages: [UsageProvider: String] = [
                 .gemini: "Gemini debug log not yet implemented",
                 .antigravity: "Antigravity debug log not yet implemented",
                 .opencode: "OpenCode debug log not yet implemented",
+                .alibaba: "Alibaba Coding Plan debug log not yet implemented",
+                .alibabatokenplan: "Alibaba Token Plan debug log not yet implemented",
                 .factory: "Droid debug log not yet implemented",
                 .copilot: "Copilot debug log not yet implemented",
+                .manus: "Manus debug log not yet implemented",
                 .vertexai: "Vertex AI debug log not yet implemented",
                 .kilo: "Kilo debug log not yet implemented",
                 .kiro: "Kiro debug log not yet implemented",
                 .kimi: "Kimi debug log not yet implemented",
                 .kimik2: "Kimi K2 debug log not yet implemented",
                 .jetbrains: "JetBrains AI debug log not yet implemented",
+                .mimo: "Xiaomi MiMo debug log not yet implemented",
+                .doubao: "Doubao debug log not yet implemented",
+                .venice: "Venice debug log not yet implemented",
+                .commandcode: "Command Code debug log not yet implemented",
+                .stepfun: "StepFun debug log not yet implemented",
+                .bedrock: "Bedrock debug log not yet implemented",
+                .grok: "Grok debug log not yet implemented",
+                .groq: "Groq debug log not yet implemented",
+                .t3chat: "T3 Chat debug log not yet implemented",
+                .llmproxy: "LLM Proxy debug log not yet implemented",
+                .deepgram: "Deepgram debug log not yet implemented",
             ]
-            let text: String
-            switch provider {
-            case .codex:
-                text = await self.codexFetcher.debugRawRateLimits()
-            case .claude:
-                text = await self.debugClaudeLog(
-                    claudeWebExtrasEnabled: claudeWebExtrasEnabled,
-                    claudeUsageDataSource: claudeUsageDataSource,
-                    claudeCookieSource: claudeCookieSource,
-                    claudeCookieHeader: claudeCookieHeader,
-                    keepCLISessionsAlive: keepCLISessionsAlive)
-            case .zai:
-                let resolution = ProviderTokenResolver.zaiResolution()
-                let hasAny = resolution != nil
-                let source = resolution?.source.rawValue ?? "none"
-                text = "Z_AI_API_KEY=\(hasAny ? "present" : "missing") source=\(source)"
-            case .synthetic:
-                let resolution = ProviderTokenResolver.syntheticResolution()
-                let hasAny = resolution != nil
-                let source = resolution?.source.rawValue ?? "none"
-                text = "SYNTHETIC_API_KEY=\(hasAny ? "present" : "missing") source=\(source)"
-            case .cursor:
-                text = await self.debugCursorLog(
-                    cursorCookieSource: cursorCookieSource,
-                    cursorCookieHeader: cursorCookieHeader)
-            case .minimax:
-                let tokenResolution = ProviderTokenResolver.minimaxTokenResolution()
-                let cookieResolution = ProviderTokenResolver.minimaxCookieResolution()
-                let tokenSource = tokenResolution?.source.rawValue ?? "none"
-                let cookieSource = cookieResolution?.source.rawValue ?? "none"
-                text = "MINIMAX_API_KEY=\(tokenResolution == nil ? "missing" : "present") " +
-                    "source=\(tokenSource) MINIMAX_COOKIE=\(cookieResolution == nil ? "missing" : "present") " +
-                    "source=\(cookieSource)"
-            case .augment:
-                text = await self.debugAugmentLog()
-            case .amp:
-                text = await self.debugAmpLog(
-                    ampCookieSource: ampCookieSource,
-                    ampCookieHeader: ampCookieHeader)
-            case .ollama:
-                text = await self.debugOllamaLog(
-                    ollamaCookieSource: ollamaCookieSource,
-                    ollamaCookieHeader: ollamaCookieHeader)
-            case .openrouter:
-                let resolution = ProviderTokenResolver.openRouterResolution(environment: openRouterEnvironment)
-                let hasAny = resolution != nil
-                let source: String = if resolution == nil {
-                    "none"
-                } else if openRouterHasConfigToken, openRouterHasEnvToken {
-                    "settings-config (overrides env)"
-                } else if openRouterHasConfigToken {
-                    "settings-config"
-                } else {
-                    resolution?.source.rawValue ?? "environment"
+            let buildText = {
+                switch provider {
+                case .codex:
+                    return await codexFetcher.debugRawRateLimits()
+                case .openai:
+                    return Self.apiKeyDebugLine(openAIDebugContext)
+                case .azureopenai:
+                    return Self.apiKeyDebugLine(azureOpenAIDebugContext)
+                case .claude:
+                    guard let claudeDebugConfiguration else {
+                        return "Claude debug log configuration unavailable"
+                    }
+                    return await claudeDebugExecutionContext.apply {
+                        await Self.debugClaudeLog(
+                            browserDetection: browserDetection,
+                            configuration: claudeDebugConfiguration)
+                    }
+                case .zai:
+                    let resolution = ProviderTokenResolver.zaiResolution()
+                    let hasAny = resolution != nil
+                    let source = resolution?.source.rawValue ?? "none"
+                    return "Z_AI_API_KEY=\(hasAny ? "present" : "missing") source=\(source)"
+                case .synthetic:
+                    let resolution = ProviderTokenResolver.syntheticResolution()
+                    let hasAny = resolution != nil
+                    let source = resolution?.source.rawValue ?? "none"
+                    return "SYNTHETIC_API_KEY=\(hasAny ? "present" : "missing") source=\(source)"
+                case .cursor:
+                    return await Self.debugCursorLog(
+                        browserDetection: browserDetection,
+                        cursorCookieSource: cursorCookieSource,
+                        cursorCookieHeader: cursorCookieHeader)
+                case .minimax:
+                    let tokenResolution = ProviderTokenResolver.minimaxTokenResolution()
+                    let cookieResolution = ProviderTokenResolver.minimaxCookieResolution()
+                    let tokenSource = tokenResolution?.source.rawValue ?? "none"
+                    let cookieSource = cookieResolution?.source.rawValue ?? "none"
+                    return "MINIMAX_API_KEY=\(tokenResolution == nil ? "missing" : "present") " +
+                        "source=\(tokenSource) MINIMAX_COOKIE=\(cookieResolution == nil ? "missing" : "present") " +
+                        "source=\(cookieSource)"
+                case .alibaba:
+                    let resolution = ProviderTokenResolver.alibabaTokenResolution()
+                    let hasAny = resolution != nil
+                    let source = resolution?.source.rawValue ?? "none"
+                    return "ALIBABA_CODING_PLAN_API_KEY=\(hasAny ? "present" : "missing") source=\(source)"
+                case .augment:
+                    return await Self.debugAugmentLog()
+                case .amp:
+                    return await Self.debugAmpLog(
+                        browserDetection: browserDetection,
+                        ampCookieSource: ampCookieSource,
+                        ampCookieHeader: ampCookieHeader)
+                case .ollama:
+                    return await Self.debugOllamaLog(
+                        browserDetection: browserDetection,
+                        ollamaCookieSource: ollamaCookieSource,
+                        ollamaCookieHeader: ollamaCookieHeader)
+                case .openrouter:
+                    return Self.apiKeyDebugLine(openRouterDebugContext)
+                case .elevenlabs:
+                    return Self.apiKeyDebugLine(elevenLabsDebugContext)
+                case .warp:
+                    let resolution = ProviderTokenResolver.warpResolution()
+                    let hasAny = resolution != nil
+                    let source = resolution?.source.rawValue ?? "none"
+                    return "WARP_API_KEY=\(hasAny ? "present" : "missing") source=\(source)"
+                case .deepseek:
+                    return Self.apiKeyDebugLine(
+                        label: "DEEPSEEK_API_KEY",
+                        resolution: ProviderTokenResolver.deepseekResolution(environment: deepSeekEnvironment),
+                        configToken: nil,
+                        hasEnvToken: deepSeekHasEnvToken,
+                        hasTokenAccount: deepSeekHasTokenAccount)
+                case .gemini, .antigravity, .opencode, .opencodego, .alibabatokenplan, .factory, .copilot,
+                     .vertexai, .kilo, .kiro, .kimi, .kimik2, .moonshot, .jetbrains, .perplexity, .mimo, .doubao,
+                     .abacus, .mistral, .codebuff, .crof, .windsurf, .venice, .manus, .commandcode, .stepfun, .bedrock,
+                     .grok, .groq, .t3chat, .llmproxy, .deepgram:
+                    return unimplementedDebugLogMessages[provider] ?? "Debug log not yet implemented"
                 }
-                text = "OPENROUTER_API_KEY=\(hasAny ? "present" : "missing") source=\(source)"
-            case .warp:
-                let resolution = ProviderTokenResolver.warpResolution()
-                let hasAny = resolution != nil
-                let source = resolution?.source.rawValue ?? "none"
-                text = "WARP_API_KEY=\(hasAny ? "present" : "missing") source=\(source)"
-            case .gemini, .antigravity, .opencode, .factory, .copilot, .vertexai, .kilo, .kiro, .kimi, .kimik2,
-                 .jetbrains:
-                text = unimplementedDebugLogMessages[provider] ?? "Debug log not yet implemented"
             }
-
-            await MainActor.run { self.probeLogs[provider] = text }
-            return text
+            return await claudeDebugExecutionContext.apply {
+                await buildText()
+            }
         }.value
+        self.probeLogs[provider] = text
+        return text
     }
 
-    private func debugClaudeLog(
-        claudeWebExtrasEnabled: Bool,
-        claudeUsageDataSource: ClaudeUsageDataSource,
-        claudeCookieSource: ProviderCookieSource,
-        claudeCookieHeader: String,
-        keepCLISessionsAlive: Bool) async -> String
+    private func makeClaudeDebugConfiguration(
+        fallbackUsageDataSource: ClaudeUsageDataSource,
+        fallbackWebExtrasEnabled: Bool,
+        fallbackCookieSource: ProviderCookieSource,
+        fallbackCookieHeader: String) async -> ClaudeDebugLogConfiguration
     {
-        struct OAuthDebugProbe: Sendable {
-            let hasCredentials: Bool
-            let ownerRawValue: String
-            let sourceRawValue: String
-            let isExpired: Bool
+        await MainActor.run {
+            let sourceMode = self.sourceMode(for: .claude)
+            let snapshot = ProviderRegistry.makeSettingsSnapshot(settings: self.settings, tokenOverride: nil)
+            let environment = ProviderRegistry.makeEnvironment(
+                base: self.environmentBase,
+                provider: .claude,
+                settings: self.settings,
+                tokenOverride: nil)
+            let claudeSettings = snapshot.claude ?? ProviderSettingsSnapshot.ClaudeProviderSettings(
+                usageDataSource: fallbackUsageDataSource,
+                webExtrasEnabled: fallbackWebExtrasEnabled,
+                cookieSource: fallbackCookieSource,
+                manualCookieHeader: fallbackCookieHeader)
+            return ClaudeDebugLogConfiguration(
+                runtime: CodexBarCore.ProviderRuntime.app,
+                sourceMode: sourceMode,
+                environment: environment,
+                webExtrasEnabled: claudeSettings.webExtrasEnabled,
+                usageDataSource: claudeSettings.usageDataSource,
+                cookieSource: claudeSettings.cookieSource,
+                cookieHeader: claudeSettings.manualCookieHeader ?? "",
+                keepCLISessionsAlive: snapshot.debugKeepCLISessionsAlive)
         }
+    }
 
-        return await self.runWithTimeout(seconds: 15) {
-            var lines: [String] = []
-            let manualHeader = claudeCookieSource == .manual
-                ? CookieHeaderNormalizer.normalize(claudeCookieHeader)
-                : nil
-            let hasKey = if let manualHeader {
-                ClaudeWebAPIFetcher.hasSessionKey(cookieHeader: manualHeader)
-            } else {
-                ClaudeWebAPIFetcher.hasSessionKey(browserDetection: self.browserDetection) { msg in lines.append(msg) }
-            }
-            // Run potentially blocking keychain probes off MainActor so debug dumps don't stall UI rendering.
-            let oauthProbe = await Task.detached(priority: .utility) {
-                // Don't prompt for keychain access during debug dump.
-                let oauthRecord = try? ClaudeOAuthCredentialsStore.loadRecord(
-                    allowKeychainPrompt: false,
-                    respectKeychainPromptCooldown: true,
-                    allowClaudeKeychainRepairWithoutPrompt: false)
-                return OAuthDebugProbe(
-                    hasCredentials: oauthRecord?.credentials.scopes.contains("user:profile") == true,
-                    ownerRawValue: oauthRecord?.owner.rawValue ?? "none",
-                    sourceRawValue: oauthRecord?.source.rawValue ?? "none",
-                    isExpired: oauthRecord?.credentials.isExpired ?? false)
-            }.value
-            let hasOAuthCredentials = oauthProbe.hasCredentials
-            let hasClaudeBinary = ClaudeOAuthDelegatedRefreshCoordinator.isClaudeCLIAvailable()
-            let delegatedCooldownSeconds = ClaudeOAuthDelegatedRefreshCoordinator.cooldownRemainingSeconds()
-
-            let strategy = ClaudeProviderDescriptor.resolveUsageStrategy(
-                selectedDataSource: claudeUsageDataSource,
-                webExtrasEnabled: claudeWebExtrasEnabled,
-                hasWebSession: hasKey,
-                hasCLI: hasClaudeBinary,
-                hasOAuthCredentials: hasOAuthCredentials)
-
-            if claudeUsageDataSource == .auto {
-                lines.append("pipeline_order=oauth→cli→web")
-                lines.append("auto_heuristic=\(strategy.dataSource.rawValue)")
-            } else {
-                lines.append("strategy=\(strategy.dataSource.rawValue)")
-            }
-            lines.append("hasSessionKey=\(hasKey)")
-            lines.append("hasOAuthCredentials=\(hasOAuthCredentials)")
-            lines.append("oauthCredentialOwner=\(oauthProbe.ownerRawValue)")
-            lines.append("oauthCredentialSource=\(oauthProbe.sourceRawValue)")
-            lines.append("oauthCredentialExpired=\(oauthProbe.isExpired)")
-            lines.append("delegatedRefreshCLIAvailable=\(hasClaudeBinary)")
-            lines.append("delegatedRefreshCooldownActive=\(delegatedCooldownSeconds != nil)")
-            if let delegatedCooldownSeconds {
-                lines.append("delegatedRefreshCooldownSeconds=\(delegatedCooldownSeconds)")
-            }
-            lines.append("hasClaudeBinary=\(hasClaudeBinary)")
-            if strategy.useWebExtras {
-                lines.append("web_extras=enabled")
-            }
-            lines.append("")
-
-            switch strategy.dataSource {
-            case .auto:
-                lines.append("Auto source selected.")
-                return lines.joined(separator: "\n")
-            case .web:
-                do {
-                    let web = try await ClaudeWebAPIFetcher
-                        .fetchUsage(browserDetection: self.browserDetection) { msg in lines.append(msg) }
-                    lines.append("")
-                    lines.append("Web API summary:")
-
-                    let sessionReset = web.sessionResetsAt?.description ?? "nil"
-                    lines.append("session_used=\(web.sessionPercentUsed)% resetsAt=\(sessionReset)")
-
-                    if let weekly = web.weeklyPercentUsed {
-                        let weeklyReset = web.weeklyResetsAt?.description ?? "nil"
-                        lines.append("weekly_used=\(weekly)% resetsAt=\(weeklyReset)")
-                    } else {
-                        lines.append("weekly_used=nil")
-                    }
-
-                    lines.append("opus_used=\(web.opusPercentUsed?.description ?? "nil")")
-
-                    if let extra = web.extraUsageCost {
-                        let resetsAt = extra.resetsAt?.description ?? "nil"
-                        let period = extra.period ?? "nil"
-                        let line =
-                            "extra_usage used=\(extra.used) limit=\(extra.limit) " +
-                            "currency=\(extra.currencyCode) period=\(period) resetsAt=\(resetsAt)"
-                        lines.append(line)
-                    } else {
-                        lines.append("extra_usage=nil")
+    private struct ClaudeDebugExecutionContext {
+        let interaction: ProviderInteraction
+        let refreshPhase: ProviderRefreshPhase
+        #if DEBUG
+        let keychainServiceOverride: String?
+        let credentialsURLOverride: URL?
+        let testingOverrides: ClaudeOAuthCredentialsStore.TestingOverridesSnapshot
+        let keychainDeniedUntilStoreOverride: ClaudeOAuthKeychainAccessGate.DeniedUntilStore?
+        let keychainPromptModeOverride: ClaudeOAuthKeychainPromptMode?
+        let keychainReadStrategyOverride: ClaudeOAuthKeychainReadStrategy?
+        let cliPathOverride: String?
+        let statusFetchOverride: ClaudeStatusProbe.FetchOverride?
+        #endif
+
+        func apply<T>(_ operation: () async -> T) async -> T {
+            await ProviderInteractionContext.$current.withValue(self.interaction) {
+                await ProviderRefreshContext.$current.withValue(self.refreshPhase) {
+                    #if DEBUG
+                    return await KeychainCacheStore.withServiceOverrideForTesting(self.keychainServiceOverride) {
+                        await ClaudeOAuthCredentialsStore
+                            .withCredentialsURLOverrideForTesting(self.credentialsURLOverride) {
+                                await ClaudeOAuthCredentialsStore
+                                    .withTestingOverridesSnapshotForTask(self.testingOverrides) {
+                                        await ClaudeOAuthKeychainAccessGate
+                                            .withDeniedUntilStoreOverrideForTesting(self
+                                                .keychainDeniedUntilStoreOverride)
+                                            {
+                                                await ClaudeOAuthKeychainPromptPreference
+                                                    .withTaskOverrideForTesting(self.keychainPromptModeOverride) {
+                                                        await ClaudeOAuthKeychainReadStrategyPreference
+                                                            .withTaskOverrideForTesting(self
+                                                                .keychainReadStrategyOverride)
+                                                            {
+                                                                await ClaudeCLIResolver
+                                                                    .withResolvedBinaryPathOverrideForTesting(self
+                                                                        .cliPathOverride)
+                                                                    {
+                                                                        await ClaudeStatusProbe
+                                                                            .withFetchOverrideForTesting(self
+                                                                                .statusFetchOverride)
+                                                                            {
+                                                                                await operation()
+                                                                            }
+                                                                    }
+                                                            }
+                                                    }
+                                            }
+                                    }
+                            }
                     }
-
-                    return lines.joined(separator: "\n")
-                } catch {
-                    lines.append("Web API failed: \(error.localizedDescription)")
-                    return lines.joined(separator: "\n")
+                    #else
+                    return await operation()
+                    #endif
                 }
-            case .cli:
-                let fetcher = ClaudeUsageFetcher(
-                    browserDetection: self.browserDetection,
-                    keepCLISessionsAlive: keepCLISessionsAlive)
-                let cli = await fetcher.debugRawProbe(model: "sonnet")
-                lines.append(cli)
-                return lines.joined(separator: "\n")
-            case .oauth:
-                lines.append("OAuth source selected.")
-                return lines.joined(separator: "\n")
             }
         }
     }
 
-    private func debugCursorLog(
+    private func currentClaudeDebugExecutionContext() -> ClaudeDebugExecutionContext {
+        #if DEBUG
+        ClaudeDebugExecutionContext(
+            interaction: ProviderInteractionContext.current,
+            refreshPhase: ProviderRefreshContext.current,
+            keychainServiceOverride: KeychainCacheStore.currentServiceOverrideForTesting,
+            credentialsURLOverride: ClaudeOAuthCredentialsStore.currentCredentialsURLOverrideForTesting,
+            testingOverrides: ClaudeOAuthCredentialsStore.currentTestingOverridesSnapshotForTask,
+            keychainDeniedUntilStoreOverride: ClaudeOAuthKeychainAccessGate.currentDeniedUntilStoreOverrideForTesting,
+            keychainPromptModeOverride: ClaudeOAuthKeychainPromptPreference.currentTaskOverrideForTesting,
+            keychainReadStrategyOverride: ClaudeOAuthKeychainReadStrategyPreference.currentTaskOverrideForTesting,
+            cliPathOverride: ClaudeCLIResolver.currentResolvedBinaryPathOverrideForTesting,
+            statusFetchOverride: ClaudeStatusProbe.currentFetchOverrideForTesting)
+        #else
+        ClaudeDebugExecutionContext(
+            interaction: ProviderInteractionContext.current,
+            refreshPhase: ProviderRefreshContext.current)
+        #endif
+    }
+
+    private struct APIKeyDebugContext {
+        let label: String
+        let resolution: ProviderTokenResolution?
+        let configToken: String?
+        let hasEnvToken: Bool
+        let hasTokenAccount: Bool
+    }
+
+    private func openAIAPIKeyDebugContext(processEnvironment: [String: String]) -> APIKeyDebugContext {
+        let config = self.settings.providerConfig(for: .openai)
+        let environment = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: processEnvironment,
+            provider: .openai,
+            config: config)
+        return APIKeyDebugContext(
+            label: "OPENAI_API_KEY",
+            resolution: ProviderTokenResolver.openAIAPIResolution(environment: environment),
+            configToken: config?.sanitizedAPIKey,
+            hasEnvToken: OpenAIAPISettingsReader.apiKey(environment: processEnvironment) != nil,
+            hasTokenAccount: false)
+    }
+
+    private func azureOpenAIAPIKeyDebugContext(processEnvironment: [String: String]) -> APIKeyDebugContext {
+        let config = self.settings.providerConfig(for: .azureopenai)
+        let environment = ProviderConfigEnvironment.applyProviderConfigOverrides(
+            base: processEnvironment,
+            provider: .azureopenai,
+            config: config)
+        return APIKeyDebugContext(
+            label: "AZURE_OPENAI_API_KEY",
+            resolution: ProviderTokenResolver.azureOpenAIResolution(environment: environment),
+            configToken: config?.sanitizedAPIKey,
+            hasEnvToken: AzureOpenAISettingsReader.apiKey(environment: processEnvironment) != nil,
+            hasTokenAccount: false)
+    }
+
+    private func openRouterAPIKeyDebugContext(processEnvironment: [String: String]) -> APIKeyDebugContext {
+        let config = self.settings.providerConfig(for: .openrouter)
+        let environment = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: processEnvironment,
+            provider: .openrouter,
+            config: config)
+        return APIKeyDebugContext(
+            label: "OPENROUTER_API_KEY",
+            resolution: ProviderTokenResolver.openRouterResolution(environment: environment),
+            configToken: config?.sanitizedAPIKey,
+            hasEnvToken: OpenRouterSettingsReader.apiToken(environment: processEnvironment) != nil,
+            hasTokenAccount: false)
+    }
+
+    private func elevenLabsAPIKeyDebugContext(processEnvironment: [String: String]) -> APIKeyDebugContext {
+        let config = self.settings.providerConfig(for: .elevenlabs)
+        let environment = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: processEnvironment,
+            provider: .elevenlabs,
+            config: config)
+        return APIKeyDebugContext(
+            label: "ELEVENLABS_API_KEY",
+            resolution: ProviderTokenResolver.elevenLabsResolution(environment: environment),
+            configToken: config?.sanitizedAPIKey,
+            hasEnvToken: ElevenLabsSettingsReader.apiKey(environment: processEnvironment) != nil,
+            hasTokenAccount: false)
+    }
+
+    private nonisolated static func apiKeyDebugLine(_ context: APIKeyDebugContext) -> String {
+        self.apiKeyDebugLine(
+            label: context.label,
+            resolution: context.resolution,
+            configToken: context.configToken,
+            hasEnvToken: context.hasEnvToken,
+            hasTokenAccount: context.hasTokenAccount)
+    }
+
+    private nonisolated static func apiKeyDebugLine(
+        label: String,
+        resolution: ProviderTokenResolution?,
+        configToken: String?,
+        hasEnvToken: Bool,
+        hasTokenAccount: Bool = false) -> String
+    {
+        let hasAny = resolution != nil
+        let hasConfigToken = !(configToken?.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty ?? true)
+        let source: String = if resolution == nil {
+            "none"
+        } else if hasTokenAccount, hasEnvToken {
+            "settings-token-account (overrides env)"
+        } else if hasTokenAccount {
+            "settings-token-account"
+        } else if hasConfigToken, hasEnvToken {
+            "settings-config (overrides env)"
+        } else if hasConfigToken {
+            "settings-config"
+        } else {
+            resolution?.source.rawValue ?? "environment"
+        }
+        return "\(label)=\(hasAny ? "present" : "missing") source=\(source)"
+    }
+
+    private static func debugCursorLog(
+        browserDetection: BrowserDetection,
         cursorCookieSource: ProviderCookieSource,
         cursorCookieHeader: String) async -> String
     {
-        await self.runWithTimeout(seconds: 15) {
+        await runWithTimeout(seconds: 15) {
             var lines: [String] = []
 
             do {
-                let probe = CursorStatusProbe(browserDetection: self.browserDetection)
+                let probe = CursorStatusProbe(browserDetection: browserDetection)
                 let snapshot: CursorStatusSnapshot = if cursorCookieSource == .manual,
                                                         let normalizedHeader = CookieHeaderNormalizer
                                                             .normalize(cursorCookieHeader)
@@ -1426,19 +1360,20 @@ extension UsageStore {
         }
     }
 
-    private func debugAugmentLog() async -> String {
-        await self.runWithTimeout(seconds: 15) {
+    private static func debugAugmentLog() async -> String {
+        await runWithTimeout(seconds: 15) {
             let probe = AugmentStatusProbe()
             return await probe.debugRawProbe()
         }
     }
 
-    private func debugAmpLog(
+    private static func debugAmpLog(
+        browserDetection: BrowserDetection,
         ampCookieSource: ProviderCookieSource,
         ampCookieHeader: String) async -> String
     {
-        await self.runWithTimeout(seconds: 15) {
-            let fetcher = AmpUsageFetcher(browserDetection: self.browserDetection)
+        await runWithTimeout(seconds: 15) {
+            let fetcher = AmpUsageFetcher(browserDetection: browserDetection)
             let manualHeader = ampCookieSource == .manual
                 ? CookieHeaderNormalizer.normalize(ampCookieHeader)
                 : nil
@@ -1446,12 +1381,13 @@ extension UsageStore {
         }
     }
 
-    private func debugOllamaLog(
+    private static func debugOllamaLog(
+        browserDetection: BrowserDetection,
         ollamaCookieSource: ProviderCookieSource,
         ollamaCookieHeader: String) async -> String
     {
-        await self.runWithTimeout(seconds: 15) {
-            let fetcher = OllamaUsageFetcher(browserDetection: self.browserDetection)
+        await runWithTimeout(seconds: 15) {
+            let fetcher = OllamaUsageFetcher(browserDetection: browserDetection)
             let manualHeader = ollamaCookieSource == .manual
                 ? CookieHeaderNormalizer.normalize(ollamaCookieHeader)
                 : nil
@@ -1461,19 +1397,6 @@ extension UsageStore {
         }
     }
 
-    private func runWithTimeout(seconds: Double, operation: @escaping @Sendable () async -> String) async -> String {
-        await withTaskGroup(of: String?.self) { group -> String in
-            group.addTask { await operation() }
-            group.addTask {
-                try? await Task.sleep(nanoseconds: UInt64(seconds * 1_000_000_000))
-                return nil
-            }
-            let result = await group.next()?.flatMap(\.self)
-            group.cancelAll()
-            return result ?? "Probe timed out after \(Int(seconds))s"
-        }
-    }
-
     private func detectVersions() {
         let implementations = ProviderCatalog.all
         let browserDetection = self.browserDetection
@@ -1551,17 +1474,38 @@ extension UsageStore {
         self.tokenSnapshots.removeAll()
         self.tokenErrors.removeAll()
         self.lastTokenFetchAt.removeAll()
+        self.lastTokenFetchScope.removeAll()
         self.tokenFailureGates[.codex]?.reset()
         self.tokenFailureGates[.claude]?.reset()
         return nil
     }
 
     private func refreshTokenUsage(_ provider: UsageProvider, force: Bool) async {
-        guard provider == .codex || provider == .claude || provider == .vertexai else {
+        guard ProviderDescriptorRegistry.descriptor(for: provider).tokenCost.supportsTokenCost else {
             self.tokenSnapshots.removeValue(forKey: provider)
             self.tokenErrors[provider] = nil
             self.tokenFailureGates[provider]?.reset()
             self.lastTokenFetchAt.removeValue(forKey: provider)
+            self.lastTokenFetchScope.removeValue(forKey: provider)
+            return
+        }
+
+        if let override = self._test_tokenUsageRefreshOverride {
+            await override(provider, force)
+            return
+        }
+
+        if Self.tokenCostRequiresProviderSnapshot(provider) {
+            if let snapshot = self.tokenSnapshot(fromProviderSnapshot: self.snapshots[provider], provider: provider) {
+                self.tokenSnapshots[provider] = snapshot
+                self.tokenErrors[provider] = nil
+                self.tokenFailureGates[provider]?.recordSuccess()
+                self.persistWidgetSnapshot(reason: "token-usage")
+            } else {
+                self.tokenSnapshots.removeValue(forKey: provider)
+                self.tokenErrors[provider] = nil
+                self.tokenFailureGates[provider]?.reset()
+            }
             return
         }
 
@@ -1570,6 +1514,7 @@ extension UsageStore {
             self.tokenErrors[provider] = nil
             self.tokenFailureGates[provider]?.reset()
             self.lastTokenFetchAt.removeValue(forKey: provider)
+            self.lastTokenFetchScope.removeValue(forKey: provider)
             return
         }
 
@@ -1578,19 +1523,25 @@ extension UsageStore {
             self.tokenErrors[provider] = nil
             self.tokenFailureGates[provider]?.reset()
             self.lastTokenFetchAt.removeValue(forKey: provider)
+            self.lastTokenFetchScope.removeValue(forKey: provider)
             return
         }
 
         guard !self.tokenRefreshInFlight.contains(provider) else { return }
 
         let now = Date()
+        let historyDays = self.settings.costUsageHistoryDays
+        let costScope = self.tokenCostScope(for: provider)
+        let costScopeSignature = "\(costScope.signature)|historyDays=\(historyDays)"
         if !force,
            let last = self.lastTokenFetchAt[provider],
+           self.lastTokenFetchScope[provider] == costScopeSignature,
            now.timeIntervalSince(last) < self.tokenFetchTTL
         {
             return
         }
         self.lastTokenFetchAt[provider] = now
+        self.lastTokenFetchScope[provider] = costScopeSignature
         self.tokenRefreshInFlight.insert(provider)
         defer { self.tokenRefreshInFlight.remove(provider) }
 
@@ -1602,13 +1553,28 @@ extension UsageStore {
         do {
             let fetcher = self.costUsageFetcher
             let timeoutSeconds = self.tokenFetchTimeout
+            let environment = provider == .bedrock
+                ? ProviderRegistry.makeEnvironment(
+                    base: self.environmentBase,
+                    provider: provider,
+                    settings: self.settings,
+                    tokenOverride: nil)
+                : self.environmentBase
+            // Codex cost usage scans local session logs from this machine. That data is
+            // intentionally presented as provider-level local telemetry rather than managed-account
+            // remote state, so managed Codex account selection does not retarget that fetch.
+            // If the UI later needs account-scoped token history, it should label and source that
+            // separately instead of silently changing the meaning of this section.
             let snapshot = try await withThrowingTaskGroup(of: CostUsageTokenSnapshot.self) { group in
                 group.addTask(priority: .utility) {
                     try await fetcher.loadTokenSnapshot(
                         provider: provider,
+                        environment: environment,
                         now: now,
                         forceRefresh: force,
-                        allowVertexClaudeFallback: !self.isEnabled(.claude))
+                        allowVertexClaudeFallback: !self.isEnabled(.claude),
+                        codexHomePath: costScope.codexHomePath,
+                        historyDays: historyDays)
                 }
                 group.addTask {
                     try await Task.sleep(nanoseconds: UInt64(timeoutSeconds * 1_000_000_000))
@@ -1626,14 +1592,16 @@ extension UsageStore {
                 return
             }
             let duration = Date().timeIntervalSince(startedAt)
-            let sessionCost = snapshot.sessionCostUSD.map(UsageFormatter.usdString) ?? "—"
-            let monthCost = snapshot.last30DaysCostUSD.map(UsageFormatter.usdString) ?? "—"
+            let sessionCost = snapshot.sessionCostUSD
+                .map { UsageFormatter.currencyString($0, currencyCode: snapshot.currencyCode) } ?? "—"
+            let monthCost = snapshot.last30DaysCostUSD
+                .map { UsageFormatter.currencyString($0, currencyCode: snapshot.currencyCode) } ?? "—"
             let durationText = String(format: "%.2f", duration)
             let message =
                 "cost usage success provider=\(providerText) " +
                 "duration=\(durationText)s " +
                 "today=\(sessionCost) " +
-                "30d=\(monthCost)"
+                "historyDays=\(historyDays) windowCost=\(monthCost)"
             self.tokenCostLogger.info(message)
             self.tokenSnapshots[provider] = snapshot
             self.tokenErrors[provider] = nil
diff --git a/Sources/CodexBar/UsageStoreSupport.swift b/Sources/CodexBar/UsageStoreSupport.swift
index 522416898..3ac92fc59 100644
--- a/Sources/CodexBar/UsageStoreSupport.swift
+++ b/Sources/CodexBar/UsageStoreSupport.swift
@@ -18,12 +18,12 @@ enum ProviderStatusIndicator: String {
 
     var label: String {
         switch self {
-        case .none: "Operational"
-        case .minor: "Partial outage"
-        case .major: "Major outage"
-        case .critical: "Critical issue"
-        case .maintenance: "Maintenance"
-        case .unknown: "Status unknown"
+        case .none: L("status_operational")
+        case .minor: L("status_partial_outage")
+        case .major: L("status_major_outage")
+        case .critical: L("status_critical_issue")
+        case .maintenance: L("status_maintenance")
+        case .unknown: L("status_unknown")
         }
     }
 }
diff --git a/Sources/CodexBar/WeeklyProjectionChartMenuView.swift b/Sources/CodexBar/WeeklyProjectionChartMenuView.swift
deleted file mode 100644
index 82eccbfd3..000000000
--- a/Sources/CodexBar/WeeklyProjectionChartMenuView.swift
+++ /dev/null
@@ -1,243 +0,0 @@
-import Charts
-import CodexBarCore
-import SwiftUI
-
-@MainActor
-struct WeeklyProjectionChartMenuView: View {
-    private let provider: UsageProvider
-    private let projection: WeeklyProjection
-    private let width: CGFloat
-    @State private var selectedDay: Int?
-
-    init(provider: UsageProvider, projection: WeeklyProjection, width: CGFloat) {
-        self.provider = provider
-        self.projection = projection
-        self.width = width
-    }
-
-    var body: some View {
-        VStack(alignment: .leading, spacing: 10) {
-            if self.projection.points.isEmpty {
-                Text("Previous week data will appear after one week of use.")
-                    .font(.footnote)
-                    .foregroundStyle(.secondary)
-            } else {
-                Chart {
-                    // Last week's trajectory (dashed)
-                    ForEach(self.lastWeekSeries, id: \.dayOfWeek) { point in
-                        LineMark(
-                            x: .value("Day", point.dayOfWeek),
-                            y: .value("Value", point.value))
-                            .foregroundStyle(self.mutedColor)
-                            .lineStyle(StrokeStyle(lineWidth: 1.5, dash: [4, 3]))
-                            .symbol(Circle())
-                            .symbolSize(16)
-                    }
-                    .accessibilityLabel("Last week")
-
-                    // This week's actual data (solid)
-                    ForEach(self.thisWeekSeries, id: \.dayOfWeek) { point in
-                        LineMark(
-                            x: .value("Day", point.dayOfWeek),
-                            y: .value("Value", point.value))
-                            .foregroundStyle(self.brandColor)
-                            .lineStyle(StrokeStyle(lineWidth: 2))
-                            .symbol(Circle())
-                            .symbolSize(20)
-
-                        AreaMark(
-                            x: .value("Day", point.dayOfWeek),
-                            y: .value("Value", point.value))
-                            .foregroundStyle(self.brandColor.opacity(0.1))
-                    }
-                    .accessibilityLabel("This week")
-
-                    // Projection (dotted, future days)
-                    ForEach(self.projectedSeries, id: \.dayOfWeek) { point in
-                        LineMark(
-                            x: .value("Day", point.dayOfWeek),
-                            y: .value("Value", point.value))
-                            .foregroundStyle(self.brandColor.opacity(0.5))
-                            .lineStyle(StrokeStyle(lineWidth: 1.5, dash: [2, 2]))
-                            .symbol {
-                                Circle()
-                                    .strokeBorder(self.brandColor.opacity(0.5), lineWidth: 1)
-                                    .frame(width: 5, height: 5)
-                            }
-                    }
-                    .accessibilityLabel("Projected")
-                }
-                .chartXAxis {
-                    AxisMarks(values: Array(1...7)) { value in
-                        AxisGridLine().foregroundStyle(Color.clear)
-                        AxisTick().foregroundStyle(Color.clear)
-                        AxisValueLabel {
-                            if let day = value.as(Int.self), day >= 1, day <= 7 {
-                                Text(Self.dayLabels[day - 1])
-                                    .font(.caption2)
-                                    .foregroundStyle(Color(nsColor: .tertiaryLabelColor))
-                            }
-                        }
-                    }
-                }
-                .chartYAxis(.hidden)
-                .chartLegend(.hidden)
-                .frame(height: 130)
-                .chartOverlay { proxy in
-                    GeometryReader { geo in
-                        MouseLocationReader { location in
-                            self.updateSelection(location: location, proxy: proxy, geo: geo)
-                        }
-                        .frame(maxWidth: .infinity, maxHeight: .infinity)
-                        .contentShape(Rectangle())
-                    }
-                }
-
-                VStack(alignment: .leading, spacing: 0) {
-                    Text(self.detailPrimary)
-                        .font(.caption)
-                        .foregroundStyle(.secondary)
-                        .lineLimit(1)
-                        .truncationMode(.tail)
-                        .frame(height: 16, alignment: .leading)
-                    Text(self.detailSecondary)
-                        .font(.caption)
-                        .foregroundStyle(.secondary)
-                        .lineLimit(1)
-                        .truncationMode(.tail)
-                        .frame(height: 16, alignment: .leading)
-                }
-            }
-        }
-        .padding(.horizontal, 16)
-        .padding(.vertical, 10)
-        .frame(minWidth: self.width, maxWidth: .infinity, alignment: .leading)
-    }
-
-    // MARK: - Series
-
-    private struct SeriesPoint {
-        let dayOfWeek: Int
-        let value: Double
-    }
-
-    private var thisWeekSeries: [SeriesPoint] {
-        self.projection.points.compactMap { point in
-            guard let value = point.thisWeekValue else { return nil }
-            return SeriesPoint(dayOfWeek: point.dayOfWeek, value: value)
-        }
-    }
-
-    private var lastWeekSeries: [SeriesPoint] {
-        self.projection.points.compactMap { point in
-            guard let value = point.lastWeekValue else { return nil }
-            return SeriesPoint(dayOfWeek: point.dayOfWeek, value: value)
-        }
-    }
-
-    private var projectedSeries: [SeriesPoint] {
-        // Include the last actual data point as the start of the projection line
-        var series: [SeriesPoint] = []
-        let lastActual = self.thisWeekSeries.last
-        if let lastActual {
-            series.append(lastActual)
-        }
-        for point in self.projection.points {
-            guard let value = point.projectedValue else { continue }
-            series.append(SeriesPoint(dayOfWeek: point.dayOfWeek, value: value))
-        }
-        return series
-    }
-
-    // MARK: - Colors
-
-    private var brandColor: Color {
-        let color = ProviderDescriptorRegistry.descriptor(for: self.provider).branding.color
-        return Color(red: color.red, green: color.green, blue: color.blue)
-    }
-
-    private var mutedColor: Color {
-        self.brandColor.opacity(0.35)
-    }
-
-    // MARK: - Detail text
-
-    private static let dayLabels = ["Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"]
-
-    private var detailPrimary: String {
-        if let day = self.selectedDay, day >= 1, day <= 7 {
-            let point = self.projection.points[day - 1]
-            let label = Self.dayLabels[day - 1]
-            let thisWeek = point.thisWeekValue.map { Self.formatValue($0, metric: self.projection.metric) } ?? "—"
-            let lastWeek = point.lastWeekValue.map { Self.formatValue($0, metric: self.projection.metric) } ?? "—"
-            if point.projectedValue != nil {
-                let projected = Self.formatValue(point.projectedValue!, metric: self.projection.metric)
-                return "\(label): projected \(projected) (last week: \(lastWeek))"
-            }
-            return "\(label): \(thisWeek) (last week: \(lastWeek))"
-        }
-        return self.summaryText
-    }
-
-    private var detailSecondary: String {
-        if self.selectedDay != nil {
-            return " "
-        }
-        return self.projectionSummaryText
-    }
-
-    private var summaryText: String {
-        let thisWeek = self.projection.thisWeekTotal.map {
-            Self.formatValue($0, metric: self.projection.metric)
-        } ?? "—"
-        let lastWeek = self.projection.lastWeekTotal.map {
-            Self.formatValue($0, metric: self.projection.metric)
-        } ?? "—"
-        let changeText = if let change = self.projection.changePercent {
-            String(format: " (%+.0f%%)", change)
-        } else {
-            ""
-        }
-        return "This week: \(thisWeek) vs last week: \(lastWeek)\(changeText)"
-    }
-
-    private var projectionSummaryText: String {
-        guard let projected = self.projection.projectedEndOfWeek else {
-            return "Hover for day details"
-        }
-        let formatted = Self.formatValue(projected, metric: self.projection.metric)
-        return "Projected end of week: \(formatted)"
-    }
-
-    private static func formatValue(_ value: Double, metric: WeeklyProjection.Metric) -> String {
-        switch metric {
-        case .percentage:
-            String(format: "%.0f%%", value)
-        case .tokens:
-            UsageFormatter.tokenCountString(Int(value))
-        case .cost:
-            UsageFormatter.usdString(value)
-        }
-    }
-
-    // MARK: - Hover
-
-    private func updateSelection(location: CGPoint?, proxy: ChartProxy, geo: GeometryProxy) {
-        guard let location else {
-            if self.selectedDay != nil { self.selectedDay = nil }
-            return
-        }
-
-        guard let plotAnchor = proxy.plotFrame else { return }
-        let plotFrame = geo[plotAnchor]
-        guard plotFrame.contains(location) else { return }
-
-        let xInPlot = location.x - plotFrame.origin.x
-        guard let rawDay: Int = proxy.value(atX: xInPlot) else { return }
-        let day = max(1, min(7, rawDay))
-
-        if self.selectedDay != day {
-            self.selectedDay = day
-        }
-    }
-}
diff --git a/Sources/CodexBar/ZaiHourlyUsageChartMenuView.swift b/Sources/CodexBar/ZaiHourlyUsageChartMenuView.swift
new file mode 100644
index 000000000..4e1ec437c
--- /dev/null
+++ b/Sources/CodexBar/ZaiHourlyUsageChartMenuView.swift
@@ -0,0 +1,251 @@
+import CodexBarCore
+import SwiftUI
+
+@MainActor
+struct ZaiHourlyUsageChartMenuView: View {
+    private let modelUsage: ZaiModelUsageData
+    private let width: CGFloat
+
+    @State private var selectedRange: RangeOption = .today
+    @State private var isExpanded = true
+    @State private var hoveredBarIndex: Int?
+
+    private enum RangeOption: Int, CaseIterable {
+        case today = 0
+        case last24h = 1
+    }
+
+    private let barHeight: CGFloat = 60
+    private let barGap: CGFloat = 2
+    private let maxLabelCount = 5
+
+    private let colorPalette: [Color] = [
+        Color(red: 10 / 255, green: 132 / 255, blue: 1),
+        Color(red: 255 / 255, green: 159 / 255, blue: 10 / 255),
+        Color(red: 48 / 255, green: 209 / 255, blue: 88 / 255),
+        Color(red: 94 / 255, green: 92 / 255, blue: 230 / 255),
+        Color(red: 100 / 255, green: 210 / 255, blue: 255 / 255),
+        Color(red: 255 / 255, green: 55 / 255, blue: 95 / 255),
+    ]
+
+    init(modelUsage: ZaiModelUsageData, width: CGFloat) {
+        self.modelUsage = modelUsage
+        self.width = width
+    }
+
+    private var range: ZaiHourlyRange {
+        switch self.selectedRange {
+        case .today: .today(referenceDate: Date())
+        case .last24h: .last24h
+        }
+    }
+
+    private var bars: [ZaiHourlyBar] {
+        ZaiHourlyBars.from(modelData: self.modelUsage, range: self.range)
+    }
+
+    private var modelNames: [String] {
+        self.modelUsage.modelNames
+    }
+
+    var body: some View {
+        VStack(alignment: .leading, spacing: 0) {
+            HStack(spacing: 4) {
+                Button(
+                    action: { withAnimation(.easeInOut(duration: 0.2)) { self.isExpanded.toggle() } },
+                    label: {
+                        Image(systemName: self.isExpanded ? "chevron.down" : "chevron.right")
+                            .font(.system(size: 8))
+                            .foregroundColor(.secondary)
+                            .frame(width: 10)
+                    })
+                    .buttonStyle(.plain)
+
+                Text(L("Hourly Tokens"))
+                    .font(.system(size: 11, weight: .semibold))
+                    .foregroundColor(.primary)
+
+                Spacer()
+
+                if self.isExpanded {
+                    self.rangeToggle
+                }
+            }
+
+            if self.isExpanded {
+                VStack(alignment: .leading, spacing: 4) {
+                    if self.bars.isEmpty {
+                        Text(L("No data"))
+                            .font(.system(size: 10))
+                            .foregroundColor(.secondary)
+                            .frame(maxWidth: .infinity, alignment: .center)
+                            .padding(.vertical, 16)
+                    } else {
+                        GeometryReader { geometry in
+                            let barWidth = max(
+                                (geometry.size.width - self.barGap * CGFloat(max(self.bars.count - 1, 0)))
+                                    / CGFloat(self.bars.count),
+                                2)
+                            HStack(alignment: .bottom, spacing: self.barGap) {
+                                ForEach(Array(self.bars.enumerated()), id: \.offset) { index, bar in
+                                    VStack(spacing: 0) {
+                                        Spacer(minLength: 0)
+                                        self.barStack(bar: bar, barWidth: barWidth, maxTotal: self.maxTotal)
+                                    }
+                                    .frame(width: barWidth, height: self.barHeight)
+                                    .contentShape(Rectangle())
+                                    .onHover { hovering in
+                                        self.hoveredBarIndex = hovering ? index : nil
+                                    }
+                                    .overlay(alignment: .bottom) {
+                                        if self.hoveredBarIndex == index {
+                                            self.tooltipOverlay(bar: bar)
+                                        }
+                                    }
+                                }
+                            }
+                            .frame(height: self.barHeight)
+                        }
+                        .frame(height: self.barHeight)
+
+                        self.legend
+                        self.xAxisLabels
+                    }
+                }
+                .padding(.top, 6)
+                .transition(.opacity.combined(with: .move(edge: .top)))
+            }
+        }
+        .padding(.horizontal, 16)
+        .padding(.vertical, 10)
+        .frame(minWidth: self.width, maxWidth: .infinity, alignment: .topLeading)
+        .animation(.easeInOut(duration: 0.2), value: self.isExpanded)
+    }
+
+    private var maxTotal: Int {
+        self.bars.map(\.totalTokens).max() ?? 1
+    }
+
+    private var rangeToggle: some View {
+        Picker("", selection: Binding(
+            get: { self.selectedRange.rawValue },
+            set: { self.selectedRange = RangeOption(rawValue: $0) ?? .today }))
+        {
+            Text(L("Today")).tag(RangeOption.today.rawValue)
+            Text("24h").tag(RangeOption.last24h.rawValue)
+        }
+        .pickerStyle(.segmented)
+        .frame(width: 100)
+        .scaleEffect(0.8)
+        .frame(width: 80, height: 16)
+    }
+
+    @ViewBuilder
+    private func barStack(bar: ZaiHourlyBar, barWidth: CGFloat, maxTotal: Int) -> some View {
+        let scaleFactor = CGFloat(bar.totalTokens) / CGFloat(max(maxTotal, 1))
+
+        VStack(spacing: 0) {
+            ForEach(Array(bar.segments.enumerated()), id: \.offset) { segIndex, segment in
+                let segFraction = CGFloat(segment.tokens) / CGFloat(max(bar.totalTokens, 1))
+                let segHeight = max(
+                    self.barHeight * scaleFactor * segFraction,
+                    segment.tokens > 0 ? 1 : 0)
+                RoundedRectangle(cornerRadius: segIndex == bar.segments.count - 1 ? 2 : 0)
+                    .fill(self.colorForModel(segment.model))
+                    .frame(height: segHeight)
+            }
+        }
+        .clipShape(RoundedRectangle(cornerRadius: 2))
+    }
+
+    private func tooltipOverlay(bar: ZaiHourlyBar) -> some View {
+        VStack(alignment: .leading, spacing: 1) {
+            Text(bar.label + ":00")
+                .font(.system(size: 10, weight: .semibold))
+                .foregroundColor(.primary)
+            ForEach(Array(bar.segments.enumerated()), id: \.offset) { _, segment in
+                HStack(spacing: 3) {
+                    Circle()
+                        .fill(self.colorForModel(segment.model))
+                        .frame(width: 5, height: 5)
+                    Text(segment.model)
+                        .font(.system(size: 9))
+                        .foregroundColor(.primary)
+                        .lineLimit(1)
+                        .layoutPriority(1)
+                    Text(self.formatTokenCount(segment.tokens))
+                        .font(.system(size: 9, weight: .medium))
+                        .foregroundColor(.primary)
+                }
+            }
+            Divider()
+                .background(Color.primary.opacity(0.15))
+            Text(self.formatTokenCount(bar.totalTokens))
+                .font(.system(size: 10, weight: .bold))
+                .foregroundColor(.primary)
+        }
+        .padding(6)
+        .frame(minWidth: 90, maxWidth: 140)
+        .background(Color(nsColor: .controlBackgroundColor).opacity(0.95))
+        .background(.ultraThinMaterial)
+        .cornerRadius(6)
+        .shadow(color: .black.opacity(0.2), radius: 4, y: 2)
+        .offset(y: -self.barHeight - 8)
+    }
+
+    private var legend: some View {
+        ScrollView(.horizontal, showsIndicators: false) {
+            HStack(spacing: 8) {
+                ForEach(self.modelNames, id: \.self) { name in
+                    HStack(spacing: 2) {
+                        Circle()
+                            .fill(self.colorForModel(name))
+                            .frame(width: 6, height: 6)
+                        Text(name)
+                            .font(.system(size: 9))
+                            .foregroundColor(.secondary)
+                            .lineLimit(1)
+                    }
+                }
+            }
+        }
+    }
+
+    private var xAxisLabels: some View {
+        HStack(spacing: 0) {
+            ForEach(Array(self.labelIndices.enumerated()), id: \.offset) { _, index in
+                if index < self.bars.count {
+                    Text(self.bars[index].label)
+                        .font(.system(size: 9))
+                        .foregroundColor(.secondary)
+                        .frame(maxWidth: .infinity)
+                }
+            }
+        }
+    }
+
+    private var labelIndices: [Int] {
+        guard self.bars.count > self.maxLabelCount else { return Array(0..<self.bars.count) }
+        let step = max(1, self.bars.count / (self.maxLabelCount - 1))
+        var indices = stride(from: 0, to: self.bars.count, by: step).map(\.self)
+        if indices.last != self.bars.count - 1 {
+            indices.append(self.bars.count - 1)
+        }
+        return indices
+    }
+
+    private func colorForModel(_ name: String) -> Color {
+        let index = self.modelNames.firstIndex(of: name) ?? 0
+        return self.colorPalette[index % self.colorPalette.count]
+    }
+
+    private func formatTokenCount(_ count: Int) -> String {
+        if count >= 1_000_000 {
+            String(format: "%.1fM", Double(count) / 1_000_000)
+        } else if count >= 1000 {
+            String(format: "%.1fk", Double(count) / 1000)
+        } else {
+            "\(count)"
+        }
+    }
+}
diff --git a/Sources/CodexBarCLI/CLICacheCommand.swift b/Sources/CodexBarCLI/CLICacheCommand.swift
new file mode 100644
index 000000000..4fe11aecd
--- /dev/null
+++ b/Sources/CodexBarCLI/CLICacheCommand.swift
@@ -0,0 +1,142 @@
+import CodexBarCore
+import Commander
+import Foundation
+
+extension CodexBarCLI {
+    static func runCacheClear(_ values: ParsedValues) {
+        let output = CLIOutputPreferences.from(values: values)
+        let cookies = values.flags.contains("cookies")
+        let cost = values.flags.contains("cost")
+        let all = values.flags.contains("all")
+        let rawProvider = values.options["provider"]?.last
+
+        let clearCookies = cookies || all
+        let clearCost = cost || all
+
+        if !clearCookies, !clearCost {
+            Self.exit(
+                code: .failure,
+                message: "Specify --cookies, --cost, or --all.",
+                output: output,
+                kind: .args)
+        }
+        if let error = Self.cacheClearProviderScopeError(rawProvider: rawProvider, clearCost: clearCost) {
+            Self.exit(code: .failure, message: error, output: output, kind: .args)
+        }
+
+        var results: [CacheClearResult] = []
+
+        if clearCookies {
+            if let rawProvider {
+                if let provider = ProviderDescriptorRegistry.cliNameMap[rawProvider.lowercased()] {
+                    let cleared = CookieHeaderCache.clearAllScopes(provider: provider)
+                    results.append(CacheClearResult(
+                        cache: "cookies",
+                        provider: provider.rawValue,
+                        cleared: cleared))
+                } else {
+                    Self.exit(
+                        code: .failure,
+                        message: "Unknown provider: \(rawProvider)",
+                        output: output,
+                        kind: .args)
+                }
+            } else {
+                let cleared = CookieHeaderCache.clearAll()
+                results.append(CacheClearResult(cache: "cookies", provider: nil, cleared: cleared))
+            }
+        }
+
+        if clearCost {
+            let fm = FileManager.default
+            let cacheDir = Self.costUsageCacheDirectory(fileManager: fm)
+            var cleared = 0
+            var costError: String?
+            if fm.fileExists(atPath: cacheDir.path) {
+                do {
+                    try fm.removeItem(at: cacheDir)
+                    cleared = 1
+                } catch {
+                    costError = error.localizedDescription
+                }
+            }
+            results.append(CacheClearResult(cache: "cost", provider: nil, cleared: cleared, error: costError))
+        }
+
+        switch output.format {
+        case .text:
+            for result in results {
+                let scope = result.provider ?? "all providers"
+                if let error = result.error {
+                    print("\(result.cache): failed to clear (\(scope)) - \(error)")
+                } else if result.cleared > 0 {
+                    print("\(result.cache): cleared (\(scope))")
+                } else {
+                    print("\(result.cache): nothing to clear (\(scope))")
+                }
+            }
+        case .json:
+            Self.printJSON(results, pretty: output.pretty)
+        }
+
+        let hasErrors = results.contains(where: { $0.error != nil })
+        Self.exit(code: hasErrors ? .failure : .success, output: output, kind: .runtime)
+    }
+
+    static func cacheClearProviderScopeError(rawProvider: String?, clearCost: Bool) -> String? {
+        guard rawProvider != nil, clearCost else { return nil }
+        return "--provider only scopes cookie caches. Use --cookies --provider <name>, or omit --provider."
+    }
+}
+
+struct CacheOptions: CommanderParsable {
+    @Flag(names: [.short("v"), .long("verbose")], help: "Enable verbose logging")
+    var verbose: Bool = false
+
+    @Flag(name: .long("json-output"), help: "Emit machine-readable logs")
+    var jsonOutput: Bool = false
+
+    @Option(name: .long("log-level"), help: "Set log level (trace|verbose|debug|info|warning|error|critical)")
+    var logLevel: String?
+
+    @Option(name: .long("format"), help: "Output format: text | json")
+    var format: OutputFormat?
+
+    @Flag(name: .long("json"), help: "")
+    var jsonShortcut: Bool = false
+
+    @Flag(name: .long("json-only"), help: "Emit JSON only (suppress non-JSON output)")
+    var jsonOnly: Bool = false
+
+    @Flag(name: .long("pretty"), help: "Pretty-print JSON output")
+    var pretty: Bool = false
+
+    @Flag(name: .long("cookies"), help: "Clear browser cookie caches")
+    var cookies: Bool = false
+
+    @Flag(name: .long("cost"), help: "Clear cost usage caches")
+    var cost: Bool = false
+
+    @Flag(name: .long("all"), help: "Clear all caches")
+    var all: Bool = false
+
+    @Option(name: .long("provider"), help: "Clear cache for a specific provider only")
+    var provider: String?
+}
+
+private struct CacheClearResult: Encodable {
+    let cache: String
+    let provider: String?
+    let cleared: Int
+    var error: String?
+}
+
+extension CodexBarCLI {
+    /// Mirrors the cost usage cache directory used by the app (UsageStore.costUsageCacheDirectory).
+    static func costUsageCacheDirectory(fileManager: FileManager = .default) -> URL {
+        let root = fileManager.urls(for: .cachesDirectory, in: .userDomainMask).first!
+        return root
+            .appendingPathComponent("CodexBar", isDirectory: true)
+            .appendingPathComponent("cost-usage", isDirectory: true)
+    }
+}
diff --git a/Sources/CodexBarCLI/CLIConfigCommand.swift b/Sources/CodexBarCLI/CLIConfigCommand.swift
index edc013874..380dc8bde 100644
--- a/Sources/CodexBarCLI/CLIConfigCommand.swift
+++ b/Sources/CodexBarCLI/CLIConfigCommand.swift
@@ -35,6 +35,197 @@ extension CodexBarCLI {
         Self.printJSON(config, pretty: output.pretty)
         Self.exit(code: .success, output: output, kind: .config)
     }
+
+    static func runConfigProviders(_ values: ParsedValues) {
+        let output = CLIOutputPreferences.from(values: values)
+        let config = Self.loadConfig(output: output)
+        let results = Self.configProviderStatuses(config)
+
+        switch output.format {
+        case .text:
+            for result in results {
+                let state = result.enabled ? "enabled" : "disabled"
+                let marker = result.defaultEnabled ? " default" : ""
+                print("\(result.provider): \(state)\(marker) (\(result.displayName))")
+            }
+        case .json:
+            Self.printJSON(results, pretty: output.pretty)
+        }
+
+        Self.exit(code: .success, output: output, kind: .config)
+    }
+
+    static func runConfigSetProviderEnabled(_ values: ParsedValues, enabled: Bool) {
+        let output = CLIOutputPreferences.from(values: values)
+        guard let rawProvider = values.options["provider"]?.last,
+              let provider = ProviderDescriptorRegistry.cliNameMap[rawProvider.lowercased()]
+        else {
+            Self.exit(
+                code: .failure,
+                message: "Unknown or missing provider. Use --provider <name>.",
+                output: output,
+                kind: .args)
+        }
+
+        let store = CodexBarConfigStore()
+        var config = Self.loadConfig(output: output)
+        config = Self.configSettingProviderEnabled(config, provider: provider, enabled: enabled)
+
+        do {
+            try store.save(config)
+        } catch {
+            Self.exit(code: .failure, message: error.localizedDescription, output: output, kind: .config)
+        }
+
+        let metadata = ProviderDescriptorRegistry.descriptor(for: provider).metadata
+        let result = ConfigProviderToggleResult(
+            provider: provider.rawValue,
+            displayName: metadata.displayName,
+            enabled: enabled,
+            configPath: store.fileURL.path)
+
+        switch output.format {
+        case .text:
+            let state = enabled ? "enabled" : "disabled"
+            print("Config: \(state) \(metadata.displayName)")
+        case .json:
+            Self.printJSON(result, pretty: output.pretty)
+        }
+
+        Self.exit(code: .success, output: output, kind: .config)
+    }
+
+    static func runConfigSetAPIKey(_ values: ParsedValues) {
+        let output = CLIOutputPreferences.from(values: values)
+
+        guard let rawProvider = values.options["provider"]?.last,
+              let provider = ProviderDescriptorRegistry.cliNameMap[rawProvider.lowercased()]
+        else {
+            Self.exit(
+                code: .failure,
+                message: "Unknown or missing provider. Use --provider <name>.",
+                output: output,
+                kind: .args)
+        }
+        guard ProviderConfigEnvironment.supportsAPIKeyOverride(for: provider) else {
+            Self.exit(
+                code: .failure,
+                message: "\(rawProvider) does not support config API keys.",
+                output: output,
+                kind: .args)
+        }
+
+        let apiKey: String
+        do {
+            apiKey = try Self.resolveConfigAPIKeyInput(
+                apiKey: values.options["apiKey"]?.last,
+                readFromStdin: values.flags.contains("stdin"))
+        } catch {
+            Self.exit(code: .failure, message: error.localizedDescription, output: output, kind: .args)
+        }
+
+        let enableProvider = !values.flags.contains("noEnable")
+        let store = CodexBarConfigStore()
+        var config = Self.loadConfig(output: output)
+        config = Self.configSettingAPIKey(
+            config,
+            provider: provider,
+            apiKey: apiKey,
+            enableProvider: enableProvider)
+
+        do {
+            try store.save(config)
+        } catch {
+            Self.exit(code: .failure, message: error.localizedDescription, output: output, kind: .config)
+        }
+
+        let result = ConfigSetAPIKeyResult(
+            provider: provider.rawValue,
+            enabled: config.providerConfig(for: provider)?.enabled ?? false,
+            configPath: store.fileURL.path)
+
+        switch output.format {
+        case .text:
+            let name = ProviderDescriptorRegistry.descriptor(for: provider).metadata.displayName
+            let suffix = result.enabled ? " and enabled" : ""
+            print("Config: stored API key for \(name)\(suffix)")
+        case .json:
+            Self.printJSON(result, pretty: output.pretty)
+        }
+
+        Self.exit(code: .success, output: output, kind: .config)
+    }
+
+    static func resolveConfigAPIKeyInput(apiKey: String?, readFromStdin: Bool) throws -> String {
+        if apiKey != nil, readFromStdin {
+            throw CLIArgumentError("Use either --api-key or --stdin, not both.")
+        }
+
+        let raw: String? = if readFromStdin {
+            String(data: FileHandle.standardInput.readDataToEndOfFile(), encoding: .utf8)
+        } else {
+            apiKey
+        }
+
+        guard let value = Self.cleanConfigSecret(raw) else {
+            throw CLIArgumentError("Missing API key. Pass --api-key <key> or pipe it with --stdin.")
+        }
+        return value
+    }
+
+    static func configSettingAPIKey(
+        _ config: CodexBarConfig,
+        provider: UsageProvider,
+        apiKey: String,
+        enableProvider: Bool) -> CodexBarConfig
+    {
+        var updated = config.normalized()
+        var providerConfig = updated.providerConfig(for: provider) ?? ProviderConfig(id: provider)
+        providerConfig.apiKey = apiKey
+        if enableProvider {
+            providerConfig.enabled = true
+        }
+        updated.setProviderConfig(providerConfig)
+        return updated
+    }
+
+    static func configSettingProviderEnabled(
+        _ config: CodexBarConfig,
+        provider: UsageProvider,
+        enabled: Bool) -> CodexBarConfig
+    {
+        var updated = config.normalized()
+        var providerConfig = updated.providerConfig(for: provider) ?? ProviderConfig(id: provider)
+        providerConfig.enabled = enabled
+        updated.setProviderConfig(providerConfig)
+        return updated
+    }
+
+    static func configProviderStatuses(_ config: CodexBarConfig) -> [ConfigProviderStatusResult] {
+        let metadata = ProviderDescriptorRegistry.metadata
+        return config.normalized().providers.map { providerConfig in
+            let meta = metadata[providerConfig.id]
+            let defaultEnabled = meta?.defaultEnabled ?? false
+            return ConfigProviderStatusResult(
+                provider: providerConfig.id.rawValue,
+                displayName: meta?.displayName ?? providerConfig.id.rawValue,
+                enabled: providerConfig.enabled ?? defaultEnabled,
+                defaultEnabled: defaultEnabled)
+        }
+    }
+
+    private static func cleanConfigSecret(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+        value = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : value
+    }
 }
 
 struct ConfigOptions: CommanderParsable {
@@ -59,3 +250,84 @@ struct ConfigOptions: CommanderParsable {
     @Flag(name: .long("pretty"), help: "Pretty-print JSON output")
     var pretty: Bool = false
 }
+
+struct ConfigSetAPIKeyOptions: CommanderParsable {
+    @Flag(names: [.short("v"), .long("verbose")], help: "Enable verbose logging")
+    var verbose: Bool = false
+
+    @Flag(name: .long("json-output"), help: "Emit machine-readable logs")
+    var jsonOutput: Bool = false
+
+    @Option(name: .long("log-level"), help: "Set log level (trace|verbose|debug|info|warning|error|critical)")
+    var logLevel: String?
+
+    @Option(name: .long("format"), help: "Output format: text | json")
+    var format: OutputFormat?
+
+    @Flag(name: .long("json"), help: "")
+    var jsonShortcut: Bool = false
+
+    @Flag(name: .long("json-only"), help: "Emit JSON only (suppress non-JSON output)")
+    var jsonOnly: Bool = false
+
+    @Flag(name: .long("pretty"), help: "Pretty-print JSON output")
+    var pretty: Bool = false
+
+    @Option(name: .long("provider"), help: ProviderHelp.optionHelp)
+    var provider: String?
+
+    @Option(name: .long("api-key"), help: "API key to store")
+    var apiKey: String?
+
+    @Flag(name: .long("stdin"), help: "Read API key from stdin")
+    var stdin: Bool = false
+
+    @Flag(name: .long("no-enable"), help: "Store the key without enabling the provider")
+    var noEnable: Bool = false
+}
+
+struct ConfigProviderToggleOptions: CommanderParsable {
+    @Flag(names: [.short("v"), .long("verbose")], help: "Enable verbose logging")
+    var verbose: Bool = false
+
+    @Flag(name: .long("json-output"), help: "Emit machine-readable logs")
+    var jsonOutput: Bool = false
+
+    @Option(name: .long("log-level"), help: "Set log level (trace|verbose|debug|info|warning|error|critical)")
+    var logLevel: String?
+
+    @Option(name: .long("format"), help: "Output format: text | json")
+    var format: OutputFormat?
+
+    @Flag(name: .long("json"), help: "")
+    var jsonShortcut: Bool = false
+
+    @Flag(name: .long("json-only"), help: "Emit JSON only (suppress non-JSON output)")
+    var jsonOnly: Bool = false
+
+    @Flag(name: .long("pretty"), help: "Pretty-print JSON output")
+    var pretty: Bool = false
+
+    @Option(name: .long("provider"), help: ProviderHelp.optionHelp)
+    var provider: String?
+}
+
+private struct ConfigSetAPIKeyResult: Encodable {
+    let provider: String
+    let enabled: Bool
+    let configPath: String
+}
+
+struct ConfigProviderStatusResult: Encodable, Equatable {
+    let provider: String
+    let displayName: String
+    let enabled: Bool
+    let defaultEnabled: Bool
+}
+
+private struct ConfigProviderToggleResult: Encodable {
+    let provider: String
+    let displayName: String
+    let enabled: Bool
+    let configPath: String
+}
diff --git a/Sources/CodexBarCLI/CLICostCommand.swift b/Sources/CodexBarCLI/CLICostCommand.swift
index 665f0977d..7f63b2412 100644
--- a/Sources/CodexBarCLI/CLICostCommand.swift
+++ b/Sources/CodexBarCLI/CLICostCommand.swift
@@ -31,6 +31,7 @@ extension CodexBarCLI {
         let format = output.format
         let forceRefresh = values.flags.contains("refresh")
         let useColor = Self.shouldUseColor(noColor: values.flags.contains("noColor"), format: format)
+        let historyDays = Self.decodeCostHistoryDays(from: values)
 
         let fetcher = CostUsageFetcher()
         var sections: [String] = []
@@ -42,7 +43,9 @@ extension CodexBarCLI {
                 // Cost usage is local-only; it does not require web/CLI provider fetches.
                 let snapshot = try await fetcher.loadTokenSnapshot(
                     provider: provider,
-                    forceRefresh: forceRefresh)
+                    forceRefresh: forceRefresh,
+                    historyDays: historyDays,
+                    refreshPricingInBackground: false)
                 switch format {
                 case .text:
                     sections.append(Self.renderCostText(provider: provider, snapshot: snapshot, useColor: useColor))
@@ -79,17 +82,24 @@ extension CodexBarCLI {
         useColor: Bool) -> String
     {
         let name = ProviderDescriptorRegistry.descriptor(for: provider).metadata.displayName
-        let header = Self.costHeaderLine("\(name) Cost (local)", useColor: useColor)
+        let header = Self.costHeaderLine("\(name) Cost (API-rate estimate)", useColor: useColor)
 
-        let todayCost = snapshot.sessionCostUSD.map { UsageFormatter.usdString($0) } ?? "—"
+        let todayCost = snapshot.sessionCostUSD
+            .map { UsageFormatter.currencyString($0, currencyCode: snapshot.currencyCode) } ?? "—"
         let todayTokens = snapshot.sessionTokens.map { UsageFormatter.tokenCountString($0) }
         let todayLine = todayTokens.map { "Today: \(todayCost) · \($0) tokens" } ?? "Today: \(todayCost)"
 
-        let monthCost = snapshot.last30DaysCostUSD.map { UsageFormatter.usdString($0) } ?? "—"
+        let monthCost = snapshot.last30DaysCostUSD
+            .map { UsageFormatter.currencyString($0, currencyCode: snapshot.currencyCode) } ?? "—"
         let monthTokens = snapshot.last30DaysTokens.map { UsageFormatter.tokenCountString($0) }
-        let monthLine = monthTokens.map { "Last 30 days: \(monthCost) · \($0) tokens" } ?? "Last 30 days: \(monthCost)"
-
-        return [header, todayLine, monthLine].joined(separator: "\n")
+        let historyLabel = snapshot.historyLabel
+            ?? (snapshot.historyDays == 1 ? "Today" : "Last \(snapshot.historyDays) days")
+        let monthLine = monthTokens.map {
+            "\(historyLabel): \(monthCost) · \($0) tokens"
+        } ?? "\(historyLabel): \(monthCost)"
+
+        let hintLine = UsageFormatter.costEstimateHint(provider: provider)
+        return [header, todayLine, monthLine, hintLine].joined(separator: "\n")
     }
 
     private static func costHeaderLine(_ header: String, useColor: Bool) -> String {
@@ -97,11 +107,11 @@ extension CodexBarCLI {
         return "\u{001B}[1;36m\(header)\u{001B}[0m"
     }
 
-    private static func costProviders(from selection: ProviderSelection) -> [UsageProvider] {
+    static func costProviders(from selection: ProviderSelection) -> [UsageProvider] {
         selection.asList.filter { Self.costSupportedProviders.contains($0) }
     }
 
-    private static func makeCostPayload(
+    static func makeCostPayload(
         provider: UsageProvider,
         snapshot: CostUsageTokenSnapshot?,
         error: Error?) -> CostPayload
@@ -117,7 +127,10 @@ extension CodexBarCLI {
                 costUSD: entry.costUSD,
                 modelsUsed: entry.modelsUsed,
                 modelBreakdowns: entry.modelBreakdowns?.map { breakdown in
-                    CostModelBreakdownPayload(modelName: breakdown.modelName, costUSD: breakdown.costUSD)
+                    CostModelBreakdownPayload(
+                        modelName: breakdown.modelName,
+                        costUSD: breakdown.costUSD,
+                        totalTokens: breakdown.totalTokens)
                 })
         } ?? []
 
@@ -125,8 +138,10 @@ extension CodexBarCLI {
             provider: provider.rawValue,
             source: "local",
             updatedAt: snapshot?.updatedAt ?? (error == nil ? nil : Date()),
+            currencyCode: snapshot?.currencyCode,
             sessionTokens: snapshot?.sessionTokens,
             sessionCostUSD: snapshot?.sessionCostUSD,
+            historyDays: snapshot?.historyDays,
             last30DaysTokens: snapshot?.last30DaysTokens,
             last30DaysCostUSD: snapshot?.last30DaysCostUSD,
             daily: daily,
@@ -196,6 +211,13 @@ extension CodexBarCLI {
             totalTokens: sawTokens ? totalTokens : snapshot.last30DaysTokens,
             totalCostUSD: sawCost ? totalCost : snapshot.last30DaysCostUSD)
     }
+
+    private static func decodeCostHistoryDays(from values: ParsedValues) -> Int {
+        guard let raw = values.options["days"]?.last,
+              let parsed = Int(raw)
+        else { return 30 }
+        return max(1, min(365, parsed))
+    }
 }
 
 struct CostOptions: CommanderParsable {
@@ -230,19 +252,52 @@ struct CostOptions: CommanderParsable {
 
     @Flag(name: .long("refresh"), help: "Force refresh by ignoring cached scans")
     var refresh: Bool = false
+
+    @Option(name: .long("days"), help: "Cost history window in days (1...365)")
+    var days: Int?
 }
 
 struct CostPayload: Encodable {
     let provider: String
     let source: String
     let updatedAt: Date?
+    let currencyCode: String?
     let sessionTokens: Int?
     let sessionCostUSD: Double?
+    let historyDays: Int?
     let last30DaysTokens: Int?
     let last30DaysCostUSD: Double?
     let daily: [CostDailyEntryPayload]
     let totals: CostTotalsPayload?
     let error: ProviderErrorPayload?
+
+    init(
+        provider: String,
+        source: String,
+        updatedAt: Date?,
+        currencyCode: String? = nil,
+        sessionTokens: Int?,
+        sessionCostUSD: Double?,
+        historyDays: Int?,
+        last30DaysTokens: Int?,
+        last30DaysCostUSD: Double?,
+        daily: [CostDailyEntryPayload],
+        totals: CostTotalsPayload?,
+        error: ProviderErrorPayload?)
+    {
+        self.provider = provider
+        self.source = source
+        self.updatedAt = updatedAt
+        self.currencyCode = currencyCode
+        self.sessionTokens = sessionTokens
+        self.sessionCostUSD = sessionCostUSD
+        self.historyDays = historyDays
+        self.last30DaysTokens = last30DaysTokens
+        self.last30DaysCostUSD = last30DaysCostUSD
+        self.daily = daily
+        self.totals = totals
+        self.error = error
+    }
 }
 
 struct CostDailyEntryPayload: Encodable {
@@ -272,10 +327,12 @@ struct CostDailyEntryPayload: Encodable {
 struct CostModelBreakdownPayload: Encodable {
     let modelName: String
     let costUSD: Double?
+    let totalTokens: Int?
 
     private enum CodingKeys: String, CodingKey {
         case modelName
         case costUSD = "cost"
+        case totalTokens
     }
 }
 
diff --git a/Sources/CodexBarCLI/CLIDiagnoseCommand.swift b/Sources/CodexBarCLI/CLIDiagnoseCommand.swift
new file mode 100644
index 000000000..9725f2d10
--- /dev/null
+++ b/Sources/CodexBarCLI/CLIDiagnoseCommand.swift
@@ -0,0 +1,312 @@
+import CodexBarCore
+import Commander
+import Foundation
+
+extension CodexBarCLI {
+    static func runDiagnose(_ values: ParsedValues) async {
+        let output = CLIOutputPreferences.from(values: values)
+        let config = Self.loadConfig(output: output)
+
+        let format = Self.decodeFormat(from: values)
+        guard format == .json else {
+            Self.exit(
+                code: .failure,
+                message: "Error: only JSON format is supported for diagnose",
+                output: output,
+                kind: .args)
+        }
+
+        let providerSelection: ProviderSelection
+        if let rawProvider = values.options["provider"]?.last {
+            guard let parsed = ProviderSelection(argument: rawProvider) else {
+                Self.exit(
+                    code: .failure,
+                    message: "Error: unknown provider '\(rawProvider)'",
+                    output: output,
+                    kind: .args)
+            }
+            providerSelection = parsed
+        } else {
+            providerSelection = Self.providerSelection(rawOverride: nil, enabled: config.enabledProviders())
+        }
+
+        let providers = providerSelection.asList
+        let pretty = values.flags.contains("pretty")
+        let verbose = values.flags.contains("verbose")
+        let browserDetection = BrowserDetection()
+        let baseFetcher = UsageFetcher()
+
+        let tokenSelection = TokenAccountCLISelection(label: nil, index: nil, allAccounts: false)
+        let tokenContext: TokenAccountCLIContext
+        do {
+            tokenContext = try TokenAccountCLIContext(
+                selection: tokenSelection,
+                config: config,
+                verbose: verbose)
+        } catch {
+            Self.exit(code: .failure, message: "Error: \(error.localizedDescription)", output: output, kind: .config)
+        }
+
+        var diagnostics: [ProviderDiagnosticExport] = []
+        diagnostics.reserveCapacity(providers.count)
+        for provider in providers {
+            await diagnostics.append(Self.makeDiagnosticExport(
+                provider: provider,
+                tokenContext: tokenContext,
+                baseFetcher: baseFetcher,
+                browserDetection: browserDetection,
+                verbose: verbose))
+        }
+
+        let encoder = JSONEncoder()
+        encoder.dateEncodingStrategy = .iso8601
+        encoder.outputFormatting = pretty ? [.prettyPrinted, .sortedKeys] : .sortedKeys
+
+        do {
+            let data: Data = if diagnostics.count == 1, let diagnostic = diagnostics.first {
+                try encoder.encode(diagnostic)
+            } else {
+                try encoder.encode(ProviderDiagnosticBatchExport(
+                    timestamp: Date(),
+                    diagnostics: diagnostics))
+            }
+            var jsonString = String(data: data, encoding: .utf8) ?? "{}"
+            jsonString = LogRedactor.redact(jsonString)
+            print(jsonString)
+        } catch {
+            Self.exit(
+                code: .failure,
+                message: "Error encoding diagnostic: \(error.localizedDescription)",
+                output: output,
+                kind: .runtime)
+        }
+
+        Self.exit(code: .success, output: output, kind: .runtime)
+    }
+}
+
+extension CodexBarCLI {
+    private static func makeDiagnosticExport(
+        provider: UsageProvider,
+        tokenContext: TokenAccountCLIContext,
+        baseFetcher: UsageFetcher,
+        browserDetection: BrowserDetection,
+        verbose: Bool) async -> ProviderDiagnosticExport
+    {
+        let account = ((try? tokenContext.resolvedAccounts(for: provider)) ?? []).first
+        let env = tokenContext.environment(
+            base: ProcessInfo.processInfo.environment,
+            provider: provider,
+            account: account,
+            codexActiveSourceOverride: nil)
+        let settings = tokenContext.settingsSnapshot(
+            for: provider,
+            account: account,
+            codexActiveSourceOverride: nil)
+        let preferredSourceMode = tokenContext.preferredSourceMode(for: provider)
+        let sourceMode = tokenContext.effectiveSourceMode(
+            base: preferredSourceMode,
+            provider: provider,
+            account: account)
+        let fetcher = tokenContext.fetcher(base: baseFetcher, provider: provider, env: env)
+        let fetchContext = ProviderFetchContext(
+            runtime: .cli,
+            sourceMode: sourceMode,
+            includeCredits: true,
+            includeOptionalUsage: true,
+            webTimeout: 60,
+            webDebugDumpHTML: false,
+            verbose: verbose,
+            env: env,
+            settings: settings,
+            fetcher: fetcher,
+            claudeFetcher: ClaudeUsageFetcher(browserDetection: browserDetection),
+            browserDetection: browserDetection,
+            selectedTokenAccountID: account?.id,
+            tokenAccountTokenUpdater: tokenContext.tokenUpdater(for: account),
+            providerManualTokenUpdater: tokenContext.manualTokenUpdater())
+        let descriptor = ProviderDescriptorRegistry.descriptor(for: provider)
+        let outcome = await Self.fetchProviderUsage(provider: provider, context: fetchContext)
+        return ProviderDiagnosticExportBuilder.build(.init(
+            provider: provider,
+            descriptor: descriptor,
+            outcome: outcome,
+            sourceMode: sourceMode,
+            settings: settings,
+            auth: Self.diagnosticAuthSummary(
+                provider: provider,
+                account: account,
+                config: tokenContext.config.providerConfig(for: provider),
+                environment: env,
+                settings: settings)))
+    }
+
+    static func diagnosticAuthSummary(
+        provider: UsageProvider,
+        account: ProviderTokenAccount?,
+        config: ProviderConfig?,
+        environment: [String: String],
+        settings: ProviderSettingsSnapshot?) -> ProviderDiagnosticAuthSummary
+    {
+        if provider == .minimax {
+            let authMode = self.resolveMiniMaxAuthMode(environment: environment, settings: settings)
+            return ProviderDiagnosticAuthSummary(
+                configured: authMode.usesAPIToken || authMode.usesCookie,
+                modes: authMode == .none ? [] : [authMode.description])
+        }
+
+        var modes: [String] = []
+        if account != nil {
+            modes.append("tokenAccount")
+        }
+        let hasConfigAPIAuth = if provider == .bedrock {
+            config?.sanitizedAPIKey != nil && config?.sanitizedSecretKey != nil
+        } else {
+            config?.sanitizedAPIKey != nil || config?.sanitizedSecretKey != nil
+        }
+        if hasConfigAPIAuth {
+            modes.append("api")
+        }
+        if Self.environmentAPIAuthConfigured(provider: provider, environment: environment), !modes.contains("api") {
+            modes.append("api")
+        }
+        if config?.sanitizedCookieHeader != nil {
+            modes.append("web")
+        }
+        if Self.environmentWebAuthConfigured(provider: provider, environment: environment), !modes.contains("web") {
+            modes.append("web")
+        }
+        return ProviderDiagnosticAuthSummary(
+            configured: !modes.isEmpty,
+            modes: modes)
+    }
+
+    private static func environmentAPIAuthConfigured(
+        provider: UsageProvider,
+        environment: [String: String]) -> Bool
+    {
+        self.environmentCoreAPIAuthConfigured(provider: provider, environment: environment) ||
+            self.environmentExtendedAPIAuthConfigured(provider: provider, environment: environment)
+    }
+
+    private static func environmentCoreAPIAuthConfigured(
+        provider: UsageProvider,
+        environment: [String: String]) -> Bool
+    {
+        switch provider {
+        case .alibaba:
+            AlibabaCodingPlanSettingsReader.apiToken(environment: environment) != nil
+        case .azureopenai:
+            AzureOpenAISettingsReader.apiKey(environment: environment) != nil
+        case .bedrock:
+            BedrockSettingsReader.hasCredentials(environment: environment)
+        case .claude:
+            ClaudeAdminAPISettingsReader.apiKey(environment: environment) != nil
+        case .codebuff:
+            CodebuffSettingsReader.apiKey(environment: environment) != nil
+        case .crof:
+            CrofSettingsReader.apiKey(environment: environment) != nil
+        case .deepgram:
+            DeepgramSettingsReader.apiKey(environment: environment) != nil
+        case .deepseek:
+            DeepSeekSettingsReader.apiKey(environment: environment) != nil
+        case .doubao:
+            DoubaoSettingsReader.apiKey(environment: environment) != nil
+        case .elevenlabs:
+            ElevenLabsSettingsReader.apiKey(environment: environment) != nil
+        case .groq:
+            GroqSettingsReader.apiKey(environment: environment) != nil
+        case .kilo:
+            KiloSettingsReader.apiKey(environment: environment) != nil
+        default:
+            false
+        }
+    }
+
+    private static func environmentExtendedAPIAuthConfigured(
+        provider: UsageProvider,
+        environment: [String: String]) -> Bool
+    {
+        switch provider {
+        case .kimik2:
+            KimiK2SettingsReader.apiKey(environment: environment) != nil
+        case .llmproxy:
+            LLMProxySettingsReader.apiKey(environment: environment) != nil
+        case .moonshot:
+            MoonshotSettingsReader.apiKey(environment: environment) != nil
+        case .ollama:
+            OllamaAPISettingsReader.apiKey(environment: environment) != nil
+        case .openai:
+            OpenAIAPISettingsReader.apiKey(environment: environment) != nil
+        case .openrouter:
+            OpenRouterSettingsReader.apiToken(environment: environment) != nil
+        case .stepfun:
+            StepFunSettingsReader.token(environment: environment) != nil
+        case .synthetic:
+            SyntheticSettingsReader.apiKey(environment: environment) != nil
+        case .venice:
+            VeniceSettingsReader.apiKey(environment: environment) != nil
+        case .warp:
+            WarpSettingsReader.apiKey(environment: environment) != nil
+        case .zai:
+            ZaiSettingsReader.apiToken(environment: environment) != nil
+        default:
+            false
+        }
+    }
+
+    private static func environmentWebAuthConfigured(
+        provider: UsageProvider,
+        environment: [String: String]) -> Bool
+    {
+        switch provider {
+        case .alibabatokenplan:
+            AlibabaTokenPlanSettingsReader.cookieHeader(environment: environment) != nil
+        case .kimi:
+            KimiSettingsReader.authToken(environment: environment) != nil
+        case .manus:
+            ManusSettingsReader.sessionToken(environment: environment) != nil
+        case .perplexity:
+            PerplexitySettingsReader.sessionToken(environment: environment) != nil
+        default:
+            false
+        }
+    }
+
+    static func resolveMiniMaxAuthMode(
+        environment: [String: String],
+        settings: ProviderSettingsSnapshot?) -> MiniMaxAuthMode
+    {
+        let apiToken = ProviderTokenResolver.minimaxToken(environment: environment)
+        let envCookieHeader = ProviderTokenResolver.minimaxCookie(environment: environment)
+        let settingsCookieHeader = CookieHeaderNormalizer.normalize(settings?.minimax?.manualCookieHeader)
+        let cookieHeader = envCookieHeader ?? settingsCookieHeader
+        return MiniMaxAuthMode.resolve(apiToken: apiToken, cookieHeader: cookieHeader)
+    }
+}
+
+#if DEBUG
+extension CodexBarCLI {
+    static func _diagnosticAuthSummaryForTesting(
+        provider: UsageProvider,
+        account: ProviderTokenAccount?,
+        config: ProviderConfig?,
+        environment: [String: String],
+        settings: ProviderSettingsSnapshot?) -> ProviderDiagnosticAuthSummary
+    {
+        self.diagnosticAuthSummary(
+            provider: provider,
+            account: account,
+            config: config,
+            environment: environment,
+            settings: settings)
+    }
+
+    static func _resolveMiniMaxAuthModeForTesting(
+        environment: [String: String],
+        settings: ProviderSettingsSnapshot?) -> MiniMaxAuthMode
+    {
+        self.resolveMiniMaxAuthMode(environment: environment, settings: settings)
+    }
+}
+#endif
diff --git a/Sources/CodexBarCLI/CLIEntry.swift b/Sources/CodexBarCLI/CLIEntry.swift
index 42957f717..35eb55b2b 100644
--- a/Sources/CodexBarCLI/CLIEntry.swift
+++ b/Sources/CodexBarCLI/CLIEntry.swift
@@ -1,8 +1,5 @@
 import CodexBarCore
 import Commander
-#if canImport(AppKit)
-import AppKit
-#endif
 #if canImport(Darwin)
 import Darwin
 #else
@@ -33,16 +30,30 @@ enum CodexBarCLI {
 
         do {
             let invocation = try program.resolve(argv: argv)
-            Self.bootstrapLogging(values: invocation.parsedValues)
+            Self.bootstrapLogging(path: invocation.path, values: invocation.parsedValues)
             switch invocation.path {
             case ["usage"]:
                 await self.runUsage(invocation.parsedValues)
             case ["cost"]:
                 await self.runCost(invocation.parsedValues)
+            case ["serve"]:
+                await self.runServe(invocation.parsedValues)
             case ["config", "validate"]:
                 self.runConfigValidate(invocation.parsedValues)
             case ["config", "dump"]:
                 self.runConfigDump(invocation.parsedValues)
+            case ["config", "providers"]:
+                self.runConfigProviders(invocation.parsedValues)
+            case ["config", "enable"]:
+                self.runConfigSetProviderEnabled(invocation.parsedValues, enabled: true)
+            case ["config", "disable"]:
+                self.runConfigSetProviderEnabled(invocation.parsedValues, enabled: false)
+            case ["config", "set-api-key"]:
+                self.runConfigSetAPIKey(invocation.parsedValues)
+            case ["cache", "clear"]:
+                self.runCacheClear(invocation.parsedValues)
+            case ["diagnose"]:
+                await self.runDiagnose(invocation.parsedValues)
             default:
                 Self.exit(
                     code: .failure,
@@ -60,7 +71,12 @@ enum CodexBarCLI {
     private static func commandDescriptors() -> [CommandDescriptor] {
         let usageSignature = CommandSignature.describe(UsageOptions())
         let costSignature = CommandSignature.describe(CostOptions())
+        let serveSignature = CommandSignature.describe(ServeOptions())
         let configSignature = CommandSignature.describe(ConfigOptions())
+        let configProviderToggleSignature = CommandSignature.describe(ConfigProviderToggleOptions())
+        let configSetAPIKeySignature = CommandSignature.describe(ConfigSetAPIKeyOptions())
+        let cacheSignature = CommandSignature.describe(CacheOptions())
+        let diagnoseSignature = CommandSignature.describe(DiagnoseOptions())
 
         return [
             CommandDescriptor(
@@ -73,6 +89,11 @@ enum CodexBarCLI {
                 abstract: "Print local cost usage as text or JSON",
                 discussion: nil,
                 signature: costSignature),
+            CommandDescriptor(
+                name: "serve",
+                abstract: "Serve usage and cost JSON over localhost HTTP",
+                discussion: nil,
+                signature: serveSignature),
             CommandDescriptor(
                 name: "config",
                 abstract: "Config utilities",
@@ -89,19 +110,62 @@ enum CodexBarCLI {
                         abstract: "Print normalized config JSON",
                         discussion: nil,
                         signature: configSignature),
+                    CommandDescriptor(
+                        name: "providers",
+                        abstract: "List provider enablement",
+                        discussion: nil,
+                        signature: configSignature),
+                    CommandDescriptor(
+                        name: "enable",
+                        abstract: "Enable a provider",
+                        discussion: nil,
+                        signature: configProviderToggleSignature),
+                    CommandDescriptor(
+                        name: "disable",
+                        abstract: "Disable a provider",
+                        discussion: nil,
+                        signature: configProviderToggleSignature),
+                    CommandDescriptor(
+                        name: "set-api-key",
+                        abstract: "Store a provider API key",
+                        discussion: nil,
+                        signature: configSetAPIKeySignature),
                 ],
                 defaultSubcommandName: "validate"),
+            CommandDescriptor(
+                name: "cache",
+                abstract: "Cache management",
+                discussion: nil,
+                signature: CommandSignature(),
+                subcommands: [
+                    CommandDescriptor(
+                        name: "clear",
+                        abstract: "Clear cached data (cookies, cost, or all)",
+                        discussion: nil,
+                        signature: cacheSignature),
+                ],
+                defaultSubcommandName: "clear"),
+            CommandDescriptor(
+                name: "diagnose",
+                abstract: "Run provider diagnostic and emit safe JSON export",
+                discussion: nil,
+                signature: diagnoseSignature),
         ]
     }
 
     // MARK: - Helpers
 
-    private static func bootstrapLogging(values: ParsedValues) {
+    private static func bootstrapLogging(path: [String], values: ParsedValues) {
+        CodexBarLog.bootstrapIfNeeded(self.loggingConfiguration(path: path, values: values))
+    }
+
+    static func loggingConfiguration(path: [String], values: ParsedValues) -> CodexBarLog.Configuration {
         let isJSON = values.flags.contains("jsonOutput") || values.flags.contains("jsonOnly")
         let verbose = values.flags.contains("verbose")
         let rawLevel = values.options["logLevel"]?.last
         let level = Self.resolvedLogLevel(verbose: verbose, rawLevel: rawLevel)
-        CodexBarLog.bootstrapIfNeeded(.init(destination: .stderr, level: level, json: isJSON))
+        let destination: CodexBarLog.Destination = path == ["diagnose"] ? .discard : .stderr
+        return .init(destination: destination, level: level, json: isJSON)
     }
 
     static func resolvedLogLevel(verbose: Bool, rawLevel: String?) -> CodexBarLog.Level {
diff --git a/Sources/CodexBarCLI/CLIErrorReporting.swift b/Sources/CodexBarCLI/CLIErrorReporting.swift
index f3599e037..954e11174 100644
--- a/Sources/CodexBarCLI/CLIErrorReporting.swift
+++ b/Sources/CodexBarCLI/CLIErrorReporting.swift
@@ -87,10 +87,10 @@ extension CodexBarCLI {
         output: CLIOutputPreferences? = nil,
         kind: CLIErrorKind = .runtime) -> Never
     {
-        if code != .success {
+        if self.shouldPrintExitError(code: code, message: message) {
             if let output, output.usesJSONOutput {
                 let payload = self.makeCLIErrorPayload(
-                    message: message ?? "Error",
+                    message: message ?? "",
                     code: code,
                     kind: kind,
                     pretty: output.pretty)
@@ -104,6 +104,10 @@ extension CodexBarCLI {
         platformExit(code.rawValue)
     }
 
+    static func shouldPrintExitError(code: ExitCode, message: String?) -> Bool {
+        code != .success && message != nil
+    }
+
     static func printError(_ error: Error, output: CLIOutputPreferences, kind: CLIErrorKind = .runtime) {
         if output.usesJSONOutput {
             let payload = ProviderPayload(
diff --git a/Sources/CodexBarCLI/CLIExitCode.swift b/Sources/CodexBarCLI/CLIExitCode.swift
index c8ca4a925..d658552d4 100644
--- a/Sources/CodexBarCLI/CLIExitCode.swift
+++ b/Sources/CodexBarCLI/CLIExitCode.swift
@@ -1,4 +1,4 @@
-enum ExitCode: Int32, Sendable {
+enum ExitCode: Int32 {
     case success = 0
     case failure = 1
     case binaryNotFound = 2
diff --git a/Sources/CodexBarCLI/CLIHelp.swift b/Sources/CodexBarCLI/CLIHelp.swift
index 41ba92675..27e705524 100644
--- a/Sources/CodexBarCLI/CLIHelp.swift
+++ b/Sources/CodexBarCLI/CLIHelp.swift
@@ -27,7 +27,8 @@ extension CodexBarCLI {
           - Kilo: app.kilo.ai API.
             Auto falls back to Kilo CLI when API credentials are missing or unauthorized.
           Token accounts are loaded from ~/.codexbar/config.json.
-          Use --account or --account-index to select a specific token account, or --all-accounts to fetch all.
+          Use --account or --account-index to select a specific token account.
+          Use --all-accounts to fetch every token account, or every visible Codex account for Codex.
           Account selection requires a single provider.
 
         Global flags:
@@ -62,8 +63,8 @@ extension CodexBarCLI {
                        [--no-color] [--pretty] [--refresh]
 
         Description:
-          Print local token cost usage from Claude/Codex JSONL logs. This does not require web or CLI access.
-          Uses cached scan results unless --refresh is provided.
+          Print local token cost usage from Claude/Codex native logs plus supported pi sessions.
+          This does not require web or CLI access and uses cached scan results unless --refresh is provided.
 
         Examples:
           codexbar cost
@@ -71,6 +72,34 @@ extension CodexBarCLI {
         """
     }
 
+    static func serveHelp(version: String) -> String {
+        """
+        CodexBar \(version)
+
+        Usage:
+          codexbar serve [--port <port>] [--refresh-interval <seconds>]
+                         [--json-output] [--log-level <trace|verbose|debug|info|warning|error|critical>]
+                         [-v|--verbose]
+
+        Description:
+          Start a foreground localhost-only HTTP server that exposes existing CLI JSON payloads.
+          The server binds to 127.0.0.1 only in this initial version.
+
+        Endpoints:
+          GET /health
+          GET /usage
+          GET /usage?provider=claude
+          GET /usage?provider=all
+          GET /cost
+          GET /cost?provider=codex
+
+        Examples:
+          codexbar serve
+          codexbar serve --port 8080 --refresh-interval 60
+          curl http://127.0.0.1:8080/usage?provider=all
+        """
+    }
+
     static func configHelp(version: String) -> String {
         """
         CodexBar \(version)
@@ -88,13 +117,76 @@ extension CodexBarCLI {
                              [--json-output] [--log-level <trace|verbose|debug|info|warning|error|critical>]
                              [-v|--verbose]
                              [--pretty]
+          codexbar config providers [--format text|json] [--json] [--json-only] [--pretty]
+          codexbar config enable --provider <name> [--format text|json] [--json] [--json-only] [--pretty]
+          codexbar config disable --provider <name> [--format text|json] [--json] [--json-only] [--pretty]
+          codexbar config set-api-key --provider <name> (--api-key <key>|--stdin)
+                                    [--no-enable]
+                                    [--format text|json] [--json] [--json-only] [--pretty]
 
         Description:
           Validate or print the CodexBar config file (default: validate).
+          providers lists persistent provider enablement.
+          enable/disable updates the same provider toggle used by Settings.
+          set-api-key stores a provider API key in ~/.codexbar/config.json and enables that provider by default.
 
         Examples:
           codexbar config validate --format json --pretty
           codexbar config dump --pretty
+          codexbar config providers
+          codexbar config enable --provider grok
+          codexbar config disable --provider cursor
+          printf '%s' "$ELEVENLABS_API_KEY" | codexbar config set-api-key --provider elevenlabs --stdin
+        """
+    }
+
+    static func cacheHelp(version: String) -> String {
+        """
+        CodexBar \(version)
+
+        Usage:
+          codexbar cache clear <--cookies|--cost|--all>
+                              [--provider <name>]
+                              [--format text|json]
+                              [--json]
+                              [--json-only]
+                              [--json-output] [--log-level <trace|verbose|debug|info|warning|error|critical>]
+                              [-v|--verbose]
+                              [--pretty]
+
+        Description:
+          Clear cached data. Use --cookies to clear browser cookie caches (stored in Keychain),
+          --cost to clear cost usage scan caches, or --all for both.
+          Optionally specify --provider with --cookies to clear cookies for a single provider only.
+
+        Examples:
+          codexbar cache clear --cookies
+          codexbar cache clear --cookies --provider claude
+          codexbar cache clear --cost
+          codexbar cache clear --all
+          codexbar cache clear --all --format json --pretty
+        """
+    }
+
+    static func diagnoseHelp(version: String) -> String {
+        """
+        CodexBar \(version)
+
+        Usage:
+          codexbar diagnose --provider <name|all> --format json
+                           [--json-output] [--log-level <trace|verbose|debug|info|warning|error|critical>]
+                           [-v|--verbose]
+                           [--pretty]
+
+        Description:
+          Run provider diagnostic fetches and print a safe JSON export for issue reporting.
+          The export is redacted and omits raw API tokens, cookies, auth headers, emails,
+          account IDs, org IDs, raw responses, and billing-history records.
+
+        Examples:
+          codexbar diagnose --provider minimax --format json --pretty
+          codexbar diagnose --provider claude --format json --pretty
+          codexbar diagnose --provider all --format json
         """
     }
 
@@ -116,12 +208,19 @@ extension CodexBarCLI {
                        [--json-only]
                        [--json-output] [--log-level <trace|verbose|debug|info|warning|error|critical>] [-v|--verbose]
                        [--provider \(ProviderHelp.list)] [--no-color] [--pretty] [--refresh]
-          codexbar config <validate|dump> [--format text|json]
+          codexbar serve [--port <port>] [--refresh-interval <seconds>]
+                       [--json-output] [--log-level <trace|verbose|debug|info|warning|error|critical>] [-v|--verbose]
+          codexbar config <validate|dump|providers> [--format text|json]
                                         [--json]
                                         [--json-only]
                                         [--json-output] [--log-level <trace|verbose|debug|info|warning|error|critical>]
                                         [-v|--verbose]
                                         [--pretty]
+          codexbar config enable --provider <name>
+          codexbar config disable --provider <name>
+          codexbar config set-api-key --provider <name> (--api-key <key>|--stdin)
+          codexbar cache clear <--cookies|--cost|--all> [--provider <name>]
+          codexbar diagnose --provider <name|all> --format json [--pretty]
 
         Global flags:
           -h, --help      Show help
@@ -137,7 +236,13 @@ extension CodexBarCLI {
           codexbar --provider all --json
           codexbar --provider gemini
           codexbar cost --provider claude --format json --pretty
+          codexbar serve --port 8080
           codexbar config validate --format json --pretty
+          codexbar config enable --provider grok
+          codexbar config set-api-key --provider elevenlabs --stdin
+          codexbar cache clear --cookies
+          codexbar diagnose --provider minimax --format json --pretty
+          codexbar diagnose --provider all --format json
         """
     }
 }
diff --git a/Sources/CodexBarCLI/CLIHelpers.swift b/Sources/CodexBarCLI/CLIHelpers.swift
index 4edfd7c64..3ec5f3e9e 100644
--- a/Sources/CodexBarCLI/CLIHelpers.swift
+++ b/Sources/CodexBarCLI/CLIHelpers.swift
@@ -17,7 +17,6 @@ extension CodexBarCLI {
         if let rawOverride, let parsed = ProviderSelection(argument: rawOverride) {
             return parsed
         }
-        if enabled.count >= 3 { return .all }
         if enabled.count == 2 {
             let enabledSet = Set(enabled)
             let primary = Set(ProviderDescriptorRegistry.all.filter(\ .metadata.isPrimaryProvider).map(\ .id))
@@ -26,8 +25,9 @@ extension CodexBarCLI {
             }
             return .custom(enabled)
         }
+        if enabled.count >= 3 { return .custom(enabled) }
         if let first = enabled.first { return ProviderSelection(provider: first) }
-        return .single(.codex)
+        return .custom([])
     }
 
     static func decodeFormat(from values: ParsedValues) -> OutputFormat {
@@ -195,17 +195,17 @@ extension CodexBarCLI {
 
     static func loadOpenAIDashboardIfAvailable(
         usage: UsageSnapshot,
-        fetcher: UsageFetcher) -> OpenAIDashboardSnapshot?
+        sourceLabel: String,
+        context: ProviderFetchContext) -> OpenAIDashboardSnapshot?
     {
         guard let cache = OpenAIDashboardCacheStore.load() else { return nil }
-        let codexEmail = (usage.accountEmail(for: .codex) ?? fetcher.loadAccountInfo().email)?
-            .trimmingCharacters(in: .whitespacesAndNewlines)
-        guard let codexEmail, !codexEmail.isEmpty else { return nil }
-        if cache.accountEmail.lowercased() != codexEmail.lowercased() { return nil }
-        if cache.snapshot.dailyBreakdown.isEmpty, !cache.snapshot.creditEvents.isEmpty {
-            return OpenAIDashboardSnapshot(
+        let snapshot: OpenAIDashboardSnapshot = if cache.snapshot.dailyBreakdown.isEmpty,
+                                                   !cache.snapshot.creditEvents.isEmpty
+        {
+            OpenAIDashboardSnapshot(
                 signedInEmail: cache.snapshot.signedInEmail,
                 codeReviewRemainingPercent: cache.snapshot.codeReviewRemainingPercent,
+                codeReviewLimit: cache.snapshot.codeReviewLimit,
                 creditEvents: cache.snapshot.creditEvents,
                 dailyBreakdown: OpenAIDashboardSnapshot.makeDailyBreakdown(
                     from: cache.snapshot.creditEvents,
@@ -213,8 +213,24 @@ extension CodexBarCLI {
                 usageBreakdown: cache.snapshot.usageBreakdown,
                 creditsPurchaseURL: cache.snapshot.creditsPurchaseURL,
                 updatedAt: cache.snapshot.updatedAt)
+        } else {
+            cache.snapshot
+        }
+
+        let input = CodexCLIDashboardAuthorityContext.makeCachedDashboardInput(
+            dashboard: snapshot,
+            cachedAccountEmail: cache.accountEmail,
+            usage: usage,
+            sourceLabel: sourceLabel,
+            context: context)
+        let decision = CodexDashboardAuthority.evaluate(input)
+        if decision.allowedEffects.contains(.cachedDashboardReuse) {
+            return snapshot
+        }
+        if decision.cleanup.contains(.dashboardCache) {
+            OpenAIDashboardCacheStore.clear()
         }
-        return cache.snapshot
+        return nil
     }
 
     static func decodeWebTimeout(from values: ParsedValues) -> TimeInterval? {
@@ -239,7 +255,13 @@ extension CodexBarCLI {
         }
         if let remaining = dash.codeReviewRemainingPercent {
             let percent = Int(remaining.rounded())
-            lines.append("Code review: \(percent)% remaining")
+            if let limit = dash.codeReviewLimit,
+               let reset = UsageFormatter.resetLine(for: limit, style: .countdown)
+            {
+                lines.append("Code review: \(percent)% remaining (\(reset))")
+            } else {
+                lines.append("Code review: \(percent)% remaining")
+            }
         }
         if let first = dash.creditEvents.first {
             let day = first.date.formatted(date: .abbreviated, time: .omitted)
@@ -340,6 +362,22 @@ extension CodexBarCLI {
         CommandSignature.describe(CostOptions())
     }
 
+    static func _cacheSignatureForTesting() -> CommandSignature {
+        CommandSignature.describe(CacheOptions())
+    }
+
+    static func _diagnoseSignatureForTesting() -> CommandSignature {
+        CommandSignature.describe(DiagnoseOptions())
+    }
+
+    static func _configSetAPIKeySignatureForTesting() -> CommandSignature {
+        CommandSignature.describe(ConfigSetAPIKeyOptions())
+    }
+
+    static func _configProviderToggleSignatureForTesting() -> CommandSignature {
+        CommandSignature.describe(ConfigProviderToggleOptions())
+    }
+
     static func _decodeFormatForTesting(from values: ParsedValues) -> OutputFormat {
         self.decodeFormat(from: values)
     }
diff --git a/Sources/CodexBarCLI/CLIIO.swift b/Sources/CodexBarCLI/CLIIO.swift
index fe42751cb..1e371fd1b 100644
--- a/Sources/CodexBarCLI/CLIIO.swift
+++ b/Sources/CodexBarCLI/CLIIO.swift
@@ -12,7 +12,7 @@ extension CodexBarCLI {
     }
 
     static func printVersion() -> Never {
-        if let version = Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String {
+        if let version = currentVersion() {
             print("CodexBar \(version)")
         } else {
             print("CodexBar")
@@ -21,20 +21,94 @@ extension CodexBarCLI {
     }
 
     static func printHelp(for command: String?) -> Never {
-        let version = Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String ?? "unknown"
+        let version = self.currentVersion() ?? "unknown"
         switch command {
         case "usage":
             print(Self.usageHelp(version: version))
         case "cost":
             print(Self.costHelp(version: version))
+        case "serve":
+            print(Self.serveHelp(version: version))
         case "config", "validate", "dump":
             print(Self.configHelp(version: version))
+        case "cache", "clear":
+            print(Self.cacheHelp(version: version))
+        case "diagnose":
+            print(Self.diagnoseHelp(version: version))
         default:
             print(Self.rootHelp(version: version))
         }
         Self.platformExit(0)
     }
 
+    static func currentVersion(
+        bundle: Bundle = .main,
+        executablePath: String? = CommandLine.arguments.first) -> String?
+    {
+        if let version = self.currentVersion(bundleVersion: nil, executablePath: executablePath) {
+            return version
+        }
+        return self.currentVersion(
+            bundleVersion: bundle.infoDictionary?["CFBundleShortVersionString"] as? String,
+            executablePath: nil)
+    }
+
+    static func currentVersion(bundleVersion: String?, executablePath: String?) -> String? {
+        if let executablePath, !executablePath.isEmpty {
+            let executableURL = URL(fileURLWithPath: executablePath).resolvingSymlinksInPath()
+            if let version = Self.adjacentVersionFileVersion(for: executableURL) {
+                return version
+            }
+            if let version = Self.containingAppVersion(for: executableURL) {
+                return version
+            }
+        }
+        return Self.normalizedBundleVersion(bundleVersion)
+    }
+
+    static func containingAppVersion(for executableURL: URL) -> String? {
+        var currentURL = executableURL.deletingLastPathComponent()
+        let fileManager = FileManager.default
+
+        while currentURL.path != currentURL.deletingLastPathComponent().path {
+            if currentURL.pathExtension == "app" {
+                let infoURL = currentURL
+                    .appendingPathComponent("Contents")
+                    .appendingPathComponent("Info.plist")
+                guard let data = fileManager.contents(atPath: infoURL.path),
+                      let plist = try? PropertyListSerialization.propertyList(from: data, format: nil) as? [String: Any]
+                else { return nil }
+                return plist["CFBundleShortVersionString"] as? String
+            }
+            currentURL.deleteLastPathComponent()
+        }
+
+        return nil
+    }
+
+    static func adjacentVersionFileVersion(for executableURL: URL) -> String? {
+        let versionURL = executableURL
+            .deletingLastPathComponent()
+            .appendingPathComponent("VERSION")
+        guard let raw = try? String(contentsOf: versionURL, encoding: .utf8) else {
+            return nil
+        }
+        let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return nil }
+        if trimmed.hasPrefix("v"), trimmed.dropFirst().first?.isNumber == true {
+            return String(trimmed.dropFirst())
+        }
+        return trimmed
+    }
+
+    static func normalizedBundleVersion(_ raw: String?) -> String? {
+        guard let trimmed = raw?.trimmingCharacters(in: .whitespacesAndNewlines),
+              !trimmed.isEmpty,
+              trimmed != "CodexBar"
+        else { return nil }
+        return trimmed
+    }
+
     static func platformExit(_ code: Int32) -> Never {
         #if canImport(Darwin)
         Darwin.exit(code)
diff --git a/Sources/CodexBarCLI/CLILocalHTTPServer.swift b/Sources/CodexBarCLI/CLILocalHTTPServer.swift
new file mode 100644
index 000000000..65a486db4
--- /dev/null
+++ b/Sources/CodexBarCLI/CLILocalHTTPServer.swift
@@ -0,0 +1,361 @@
+import Foundation
+#if canImport(Darwin)
+import Darwin
+#else
+import Glibc
+#endif
+
+private let requestReadTimeoutMilliseconds: Int32 = 5000
+
+struct CLILocalHTTPRequest {
+    let method: String
+    let target: String
+    let host: String
+    let path: String
+    let queryItems: [String: String]
+
+    static func parse(_ data: Data) -> Result<CLILocalHTTPRequest, CLILocalHTTPRequestParseError> {
+        guard let raw = String(data: data, encoding: .utf8),
+              let firstLine = raw.components(separatedBy: "\r\n").first
+        else {
+            return .failure(.invalidRequest)
+        }
+
+        let parts = firstLine.split(separator: " ")
+        guard parts.count >= 3 else { return .failure(.invalidRequest) }
+
+        let method = String(parts[0]).uppercased()
+        let target = String(parts[1])
+        guard target.hasPrefix("/") else { return .failure(.invalidRequest) }
+
+        let headerResult = Self.parseHeaders(raw)
+        let host: String
+        switch headerResult {
+        case let .success(headers):
+            let hosts = headers.compactMap { name, value in
+                name.lowercased() == "host" ? value : nil
+            }
+            guard let candidate = hosts.first else { return .failure(.missingHost) }
+            guard hosts.count == 1 else { return .failure(.duplicateHost) }
+            guard Self.isAllowedLoopbackHost(candidate) else { return .failure(.disallowedHost) }
+            host = candidate
+        case let .failure(error):
+            return .failure(error)
+        }
+
+        let components = URLComponents(string: "http://localhost\(target)")
+        let path = components?.path ?? target
+        var queryItems: [String: String] = [:]
+        for item in components?.queryItems ?? [] {
+            if let value = item.value {
+                queryItems[item.name] = value
+            }
+        }
+
+        return .success(CLILocalHTTPRequest(
+            method: method,
+            target: target,
+            host: host,
+            path: path,
+            queryItems: queryItems))
+    }
+
+    private static func parseHeaders(_ raw: String) -> Result<[(String, String)], CLILocalHTTPRequestParseError> {
+        let lines = raw.components(separatedBy: "\r\n")
+        var headers: [(String, String)] = []
+
+        for line in lines.dropFirst() {
+            if line.isEmpty { break }
+            guard let separator = line.firstIndex(of: ":") else {
+                return .failure(.invalidRequest)
+            }
+            let name = String(line[..<separator]).trimmingCharacters(in: .whitespacesAndNewlines)
+            let value = String(line[line.index(after: separator)...]).trimmingCharacters(in: .whitespacesAndNewlines)
+            guard !name.isEmpty else { return .failure(.invalidRequest) }
+            headers.append((name, value))
+        }
+
+        return .success(headers)
+    }
+
+    private static func isAllowedLoopbackHost(_ host: String) -> Bool {
+        let trimmed = host.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty, !trimmed.contains(",") else { return false }
+
+        let hostWithoutPort: String
+        if trimmed.hasPrefix("[") {
+            guard let closingBracket = trimmed.firstIndex(of: "]") else { return false }
+            hostWithoutPort = String(trimmed[...closingBracket])
+            let remainder = trimmed[trimmed.index(after: closingBracket)...]
+            guard remainder.isEmpty || Self.isValidPortSuffix(String(remainder)) else { return false }
+        } else {
+            let segments = trimmed.split(separator: ":", omittingEmptySubsequences: false)
+            switch segments.count {
+            case 1:
+                hostWithoutPort = String(segments[0])
+            case 2:
+                guard Self.isValidPort(String(segments[1])) else { return false }
+                hostWithoutPort = String(segments[0])
+            default:
+                return false
+            }
+        }
+
+        switch hostWithoutPort.lowercased() {
+        case "127.0.0.1", "localhost", "localhost.", "[::1]":
+            return true
+        default:
+            return false
+        }
+    }
+
+    private static func isValidPortSuffix(_ raw: String) -> Bool {
+        guard raw.hasPrefix(":") else { return false }
+        return self.isValidPort(String(raw.dropFirst()))
+    }
+
+    private static func isValidPort(_ raw: String) -> Bool {
+        guard let port = Int(raw), port > 0, port <= Int(UInt16.max) else { return false }
+        return true
+    }
+}
+
+enum CLILocalHTTPRequestParseError: Error, Equatable {
+    case invalidRequest
+    case missingHost
+    case duplicateHost
+    case disallowedHost
+}
+
+enum CLIHTTPStatus {
+    case ok
+    case badRequest
+    case forbidden
+    case notFound
+    case methodNotAllowed
+    case internalServerError
+
+    var code: Int {
+        switch self {
+        case .ok: 200
+        case .badRequest: 400
+        case .forbidden: 403
+        case .notFound: 404
+        case .methodNotAllowed: 405
+        case .internalServerError: 500
+        }
+    }
+
+    var reason: String {
+        switch self {
+        case .ok: "OK"
+        case .badRequest: "Bad Request"
+        case .forbidden: "Forbidden"
+        case .notFound: "Not Found"
+        case .methodNotAllowed: "Method Not Allowed"
+        case .internalServerError: "Internal Server Error"
+        }
+    }
+}
+
+struct CLILocalHTTPResponse {
+    let status: CLIHTTPStatus
+    let body: Data
+    let contentType: String
+
+    init(status: CLIHTTPStatus, body: Data, contentType: String = "application/json; charset=utf-8") {
+        self.status = status
+        self.body = body
+        self.contentType = contentType
+    }
+
+    var serialized: Data {
+        var headers = "HTTP/1.1 \(self.status.code) \(self.status.reason)\r\n"
+        headers += "Content-Type: \(self.contentType)\r\n"
+        headers += "Content-Length: \(self.body.count)\r\n"
+        headers += "Connection: close\r\n"
+        headers += "\r\n"
+
+        var data = Data(headers.utf8)
+        data.append(self.body)
+        return data
+    }
+}
+
+final class CLILocalHTTPServer {
+    typealias Handler = @Sendable (CLILocalHTTPRequest) async -> CLILocalHTTPResponse
+
+    private let host: String
+    private let port: UInt16
+    private let handler: Handler
+
+    init(host: String, port: UInt16, handler: @escaping Handler) {
+        self.host = host
+        self.port = port
+        self.handler = handler
+    }
+
+    func run(onListening: @Sendable () -> Void = {}) async throws {
+        ignoreSIGPIPE()
+
+        #if canImport(Darwin)
+        let streamType = SOCK_STREAM
+        #else
+        let streamType = Int32(SOCK_STREAM.rawValue)
+        #endif
+
+        let serverFD = socket(AF_INET, streamType, 0)
+        guard serverFD >= 0 else {
+            throw POSIXError(POSIXErrorCode(rawValue: errno) ?? .EIO)
+        }
+        defer { closeSocket(serverFD) }
+
+        var reuse: Int32 = 1
+        setsockopt(
+            serverFD,
+            SOL_SOCKET,
+            SO_REUSEADDR,
+            &reuse,
+            socklen_t(MemoryLayout<Int32>.size))
+
+        var address = sockaddr_in()
+        #if canImport(Darwin)
+        address.sin_len = UInt8(MemoryLayout<sockaddr_in>.size)
+        #endif
+        address.sin_family = sa_family_t(AF_INET)
+        address.sin_port = self.port.bigEndian
+        guard inet_pton(AF_INET, self.host, &address.sin_addr) == 1 else {
+            throw POSIXError(.EADDRNOTAVAIL)
+        }
+
+        let bound = withUnsafePointer(to: &address) { pointer in
+            pointer.withMemoryRebound(to: sockaddr.self, capacity: 1) { socketAddress in
+                bind(serverFD, socketAddress, socklen_t(MemoryLayout<sockaddr_in>.size))
+            }
+        }
+        guard bound == 0 else {
+            throw POSIXError(POSIXErrorCode(rawValue: errno) ?? .EIO)
+        }
+
+        guard listen(serverFD, 16) == 0 else {
+            throw POSIXError(POSIXErrorCode(rawValue: errno) ?? .EIO)
+        }
+        onListening()
+
+        while true {
+            var clientAddress = sockaddr()
+            var clientLength = socklen_t(MemoryLayout<sockaddr>.size)
+            let clientFD = accept(serverFD, &clientAddress, &clientLength)
+            guard clientFD >= 0 else { continue }
+            let handler = self.handler
+            Task {
+                defer { closeSocket(clientFD) }
+                await handleClient(clientFD, handler: handler)
+            }
+        }
+    }
+}
+
+private func handleClient(
+    _ clientFD: Int32,
+    handler: @Sendable (CLILocalHTTPRequest) async -> CLILocalHTTPResponse) async
+{
+    let request: CLILocalHTTPRequest
+    switch readRequest(clientFD) {
+    case let .success(parsedRequest):
+        request = parsedRequest
+    case .failure(.disallowedHost):
+        sendResponse(
+            CLILocalHTTPResponse(
+                status: .forbidden,
+                body: Data(#"{"error":"forbidden host"}"#.utf8)),
+            to: clientFD)
+        return
+    case .failure:
+        sendResponse(
+            CLILocalHTTPResponse(
+                status: .badRequest,
+                body: Data(#"{"error":"invalid request"}"#.utf8)),
+            to: clientFD)
+        return
+    }
+
+    let response = await handler(request)
+    sendResponse(response, to: clientFD)
+}
+
+private func readRequest(_ fd: Int32) -> Result<CLILocalHTTPRequest, CLILocalHTTPRequestParseError> {
+    var data = Data()
+    var buffer = [UInt8](repeating: 0, count: 4096)
+    let bufferSize = buffer.count
+    var sawHeaderEnd = false
+
+    while data.count < 16384 {
+        guard waitForReadable(fd, timeoutMilliseconds: requestReadTimeoutMilliseconds) else {
+            return .failure(.invalidRequest)
+        }
+        let count = buffer.withUnsafeMutableBytes { rawBuffer in
+            recv(fd, rawBuffer.baseAddress, bufferSize, 0)
+        }
+        guard count > 0 else { break }
+        data.append(buffer, count: count)
+        if data.range(of: Data("\r\n\r\n".utf8)) != nil {
+            sawHeaderEnd = true
+            break
+        }
+    }
+
+    guard sawHeaderEnd else { return .failure(.invalidRequest) }
+    return CLILocalHTTPRequest.parse(data)
+}
+
+private func sendResponse(_ response: CLILocalHTTPResponse, to fd: Int32) {
+    let data = response.serialized
+    data.withUnsafeBytes { rawBuffer in
+        guard let base = rawBuffer.baseAddress else { return }
+        var sent = 0
+        while sent < data.count {
+            let count = send(fd, base.advanced(by: sent), data.count - sent, sendNoSignalFlags())
+            guard count > 0 else { break }
+            sent += count
+        }
+    }
+}
+
+private func waitForReadable(_ fd: Int32, timeoutMilliseconds: Int32) -> Bool {
+    var pollFD = pollfd(fd: fd, events: Int16(POLLIN), revents: 0)
+    while true {
+        let result = poll(&pollFD, 1, timeoutMilliseconds)
+        if result > 0 {
+            return (pollFD.revents & Int16(POLLIN)) != 0
+        }
+        if result == -1, errno == EINTR {
+            continue
+        }
+        return false
+    }
+}
+
+private func sendNoSignalFlags() -> Int32 {
+    #if canImport(Darwin)
+    0
+    #else
+    Int32(MSG_NOSIGNAL)
+    #endif
+}
+
+private func ignoreSIGPIPE() {
+    #if canImport(Darwin)
+    _ = Darwin.signal(SIGPIPE, SIG_IGN)
+    #else
+    _ = Glibc.signal(SIGPIPE, SIG_IGN)
+    #endif
+}
+
+private func closeSocket(_ fd: Int32) {
+    #if canImport(Darwin)
+    Darwin.close(fd)
+    #else
+    Glibc.close(fd)
+    #endif
+}
diff --git a/Sources/CodexBarCLI/CLIOptions.swift b/Sources/CodexBarCLI/CLIOptions.swift
index ae057cf7b..bfd4076fd 100644
--- a/Sources/CodexBarCLI/CLIOptions.swift
+++ b/Sources/CodexBarCLI/CLIOptions.swift
@@ -33,7 +33,7 @@ struct UsageOptions: CommanderParsable {
     @Option(name: .long("account-index"), help: "Token account index (1-based)")
     var accountIndex: Int?
 
-    @Flag(name: .long("all-accounts"), help: "Fetch all token accounts for the provider")
+    @Flag(name: .long("all-accounts"), help: "Fetch all token accounts, or all visible Codex accounts")
     var allAccounts: Bool = false
 
     @Option(name: .long("format"), help: "Output format: text | json")
@@ -76,7 +76,7 @@ struct UsageOptions: CommanderParsable {
     var augmentDebug: Bool = false
 }
 
-enum ProviderSelection: Sendable, ExpressibleFromArgument {
+enum ProviderSelection: ExpressibleFromArgument {
     case single(UsageProvider)
     case both
     case all
@@ -120,7 +120,7 @@ enum ProviderSelection: Sendable, ExpressibleFromArgument {
     }
 }
 
-enum OutputFormat: String, Sendable, ExpressibleFromArgument {
+enum OutputFormat: String, ExpressibleFromArgument {
     case text
     case json
 
diff --git a/Sources/CodexBarCLI/CLIOutputPreferences.swift b/Sources/CodexBarCLI/CLIOutputPreferences.swift
index e1e517319..50f8bdd1d 100644
--- a/Sources/CodexBarCLI/CLIOutputPreferences.swift
+++ b/Sources/CodexBarCLI/CLIOutputPreferences.swift
@@ -1,7 +1,7 @@
 import Commander
 import Foundation
 
-struct CLIOutputPreferences: Sendable {
+struct CLIOutputPreferences {
     let format: OutputFormat
     let jsonOnly: Bool
     let pretty: Bool
diff --git a/Sources/CodexBarCLI/CLIRenderer.swift b/Sources/CodexBarCLI/CLIRenderer.swift
index 357c815bc..ddc43514f 100644
--- a/Sources/CodexBarCLI/CLIRenderer.swift
+++ b/Sources/CodexBarCLI/CLIRenderer.swift
@@ -15,24 +15,31 @@ enum CLIRenderer {
         context: RenderContext) -> String
     {
         let meta = ProviderDescriptorRegistry.descriptor(for: provider).metadata
+        let labels = self.rateWindowLabels(provider: provider, metadata: meta, snapshot: snapshot)
         let now = Date()
         var lines: [String] = []
         lines.append(self.headerLine(context.header, useColor: context.useColor))
         self.appendPrimaryLines(
             provider: provider,
             snapshot: snapshot,
-            metadata: meta,
+            labels: labels,
             context: context,
             now: now,
             lines: &lines)
         self.appendSecondaryLines(
             provider: provider,
             snapshot: snapshot,
-            metadata: meta,
+            labels: labels,
             context: context,
             now: now,
             lines: &lines)
-        self.appendTertiaryLines(snapshot: snapshot, metadata: meta, context: context, now: now, lines: &lines)
+        self.appendTertiaryLines(snapshot: snapshot, labels: labels, context: context, now: now, lines: &lines)
+        self.appendDeepgramLines(snapshot: snapshot, useColor: context.useColor, lines: &lines)
+        self.appendLimitsUnavailableLine(
+            provider: provider,
+            snapshot: snapshot,
+            useColor: context.useColor,
+            lines: &lines)
         self.appendCreditsLine(provider: provider, credits: credits, useColor: context.useColor, lines: &lines)
         self.appendIdentityAndNotes(
             provider: provider,
@@ -62,7 +69,7 @@ enum CLIRenderer {
     private static func appendPrimaryLines(
         provider: UsageProvider,
         snapshot: UsageSnapshot,
-        metadata: ProviderMetadata,
+        labels: RateWindowLabels,
         context: RenderContext,
         now: Date,
         lines: inout [String])
@@ -70,7 +77,7 @@ enum CLIRenderer {
         if let primary = snapshot.primary {
             self.appendRateWindowLines(
                 provider: provider,
-                title: metadata.sessionLabel,
+                title: labels.primary,
                 window: primary,
                 includePace: false,
                 context: context,
@@ -90,7 +97,7 @@ enum CLIRenderer {
     private static func appendSecondaryLines(
         provider: UsageProvider,
         snapshot: UsageSnapshot,
-        metadata: ProviderMetadata,
+        labels: RateWindowLabels,
         context: RenderContext,
         now: Date,
         lines: inout [String])
@@ -98,7 +105,7 @@ enum CLIRenderer {
         guard let weekly = snapshot.secondary else { return }
         self.appendRateWindowLines(
             provider: provider,
-            title: metadata.weeklyLabel,
+            title: labels.secondary,
             window: weekly,
             includePace: true,
             context: context,
@@ -108,18 +115,67 @@ enum CLIRenderer {
 
     private static func appendTertiaryLines(
         snapshot: UsageSnapshot,
-        metadata: ProviderMetadata,
+        labels: RateWindowLabels,
         context: RenderContext,
         now: Date,
         lines: inout [String])
     {
-        guard metadata.supportsOpus, let opus = snapshot.tertiary else { return }
-        lines.append(self.rateLine(title: metadata.opusLabel ?? "Sonnet", window: opus, useColor: context.useColor))
+        guard labels.showsTertiary, let opus = snapshot.tertiary else { return }
+        lines.append(self.rateLine(title: labels.tertiary, window: opus, useColor: context.useColor))
         if let reset = self.resetLine(for: opus, style: context.resetStyle, now: now) {
             lines.append(self.subtleLine(reset, useColor: context.useColor))
         }
     }
 
+    private static func appendDeepgramLines(
+        snapshot: UsageSnapshot,
+        useColor: Bool,
+        lines: inout [String])
+    {
+        guard let usage = snapshot.deepgramUsage else { return }
+        for line in usage.displayLines {
+            let parts = line.split(separator: ":", maxSplits: 1).map(String.init)
+            if parts.count == 2 {
+                lines.append(self.labelValueLine(
+                    parts[0].trimmingCharacters(in: .whitespacesAndNewlines),
+                    value: parts[1].trimmingCharacters(in: .whitespacesAndNewlines),
+                    useColor: useColor))
+            } else {
+                lines.append(self.labelValueLine("Usage", value: line, useColor: useColor))
+            }
+        }
+    }
+
+    private struct RateWindowLabels {
+        let primary: String
+        let secondary: String
+        let tertiary: String
+        let showsTertiary: Bool
+    }
+
+    private static func rateWindowLabels(
+        provider: UsageProvider,
+        metadata: ProviderMetadata,
+        snapshot: UsageSnapshot) -> RateWindowLabels
+    {
+        if provider == .factory, snapshot.tertiary != nil {
+            return RateWindowLabels(
+                primary: "5-hour",
+                secondary: "Weekly",
+                tertiary: "Monthly",
+                showsTertiary: true)
+        }
+
+        let primaryLabel = provider == .grok
+            ? GrokProviderDescriptor.primaryLabel(window: snapshot.primary) ?? metadata.sessionLabel
+            : metadata.sessionLabel
+        return RateWindowLabels(
+            primary: primaryLabel,
+            secondary: metadata.weeklyLabel,
+            tertiary: metadata.opusLabel ?? "Sonnet",
+            showsTertiary: metadata.supportsOpus)
+    }
+
     private static func appendCreditsLine(
         provider: UsageProvider,
         credits: CreditsSnapshot?,
@@ -133,6 +189,16 @@ enum CLIRenderer {
             useColor: useColor))
     }
 
+    private static func appendLimitsUnavailableLine(
+        provider: UsageProvider,
+        snapshot: UsageSnapshot,
+        useColor: Bool,
+        lines: inout [String])
+    {
+        guard snapshot.rateLimitsUnavailable(for: provider) else { return }
+        lines.append(self.labelValueLine("Limits", value: "not available", useColor: useColor))
+    }
+
     private static func appendIdentityAndNotes(
         provider: UsageProvider,
         snapshot: UsageSnapshot,
@@ -153,7 +219,12 @@ enum CLIRenderer {
                 lines.append(self.labelValueLine("Activity", value: detail, useColor: context.useColor))
             }
         } else if let plan = snapshot.loginMethod(for: provider), !plan.isEmpty {
-            lines.append(self.labelValueLine("Plan", value: plan.capitalized, useColor: context.useColor))
+            let displayPlan = if provider == .codex {
+                CodexPlanFormatting.displayName(plan) ?? plan
+            } else {
+                plan.capitalized
+            }
+            lines.append(self.labelValueLine("Plan", value: displayPlan, useColor: context.useColor))
         }
 
         for note in context.notes {
@@ -194,7 +265,9 @@ enum CLIRenderer {
         now: Date,
         lines: inout [String])
     {
-        if provider == .warp || provider == .kilo {
+        if provider == .warp || provider == .kilo || provider == .mistral || provider == .deepseek ||
+            provider == .crof
+        {
             if let reset = self.resetLineForDetailBackedWindow(window: window, style: context.resetStyle, now: now) {
                 lines.append(self.subtleLine(reset, useColor: context.useColor))
             }
@@ -218,7 +291,7 @@ enum CLIRenderer {
         style: ResetTimeDisplayStyle,
         now: Date) -> String?
     {
-        // Warp/Kilo use resetDescription for non-reset detail.
+        // Some provider snapshots use resetDescription for non-reset detail.
         // Only render "Resets ..." when a concrete reset date exists.
         guard window.resetsAt != nil else { return nil }
         let resetOnlyWindow = RateWindow(
@@ -295,7 +368,10 @@ enum CLIRenderer {
         useColor: Bool,
         now: Date) -> String?
     {
-        guard provider == .codex || provider == .claude else { return nil }
+        guard provider == .codex || provider == .claude || provider == .opencode || provider == .ollama else {
+            return nil
+        }
+        if provider == .ollama, window.windowMinutes == nil { return nil }
         guard window.remainingPercent > 0 else { return nil }
         guard let pace = UsagePace.weekly(window: window, now: now, defaultWindowMinutes: 10080) else { return nil }
         guard pace.expectedUsedPercent >= Self.paceMinimumExpectedPercent else { return nil }
diff --git a/Sources/CodexBarCLI/CLIServeCommand.swift b/Sources/CodexBarCLI/CLIServeCommand.swift
new file mode 100644
index 000000000..569780b41
--- /dev/null
+++ b/Sources/CodexBarCLI/CLIServeCommand.swift
@@ -0,0 +1,343 @@
+import CodexBarCore
+import Commander
+import Foundation
+
+struct ServeOptions: CommanderParsable {
+    @Flag(names: [.short("v"), .long("verbose")], help: "Enable verbose logging")
+    var verbose: Bool = false
+
+    @Flag(name: .long("json-output"), help: "Emit machine-readable logs")
+    var jsonOutput: Bool = false
+
+    @Option(name: .long("log-level"), help: "Set log level (trace|verbose|debug|info|warning|error|critical)")
+    var logLevel: String?
+
+    @Option(name: .long("port"), help: "Local HTTP port (default: 8080)")
+    var port: Int?
+
+    @Option(name: .long("refresh-interval"), help: "Response cache TTL in seconds (default: 60)")
+    var refreshInterval: Double?
+}
+
+enum CLIServeRoute: Equatable {
+    case health
+    case usage(provider: String?)
+    case cost(provider: String?)
+}
+
+enum CLIServeRouteError: Error, Equatable {
+    case methodNotAllowed
+    case notFound
+}
+
+enum CLIServeRouter {
+    static func route(method: String, path: String, queryItems: [String: String]) throws -> CLIServeRoute {
+        guard method.uppercased() == "GET" else {
+            throw CLIServeRouteError.methodNotAllowed
+        }
+
+        let provider = queryItems["provider"]?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let normalizedProvider = provider?.isEmpty == false ? provider : nil
+
+        switch path {
+        case "/health":
+            return .health
+        case "/usage":
+            return .usage(provider: normalizedProvider)
+        case "/cost":
+            return .cost(provider: normalizedProvider)
+        default:
+            throw CLIServeRouteError.notFound
+        }
+    }
+}
+
+private struct ServeErrorPayload: Encodable {
+    let error: String
+}
+
+private struct ServeHealthPayload: Encodable {
+    let status: String
+}
+
+private actor CLIServeResponseCache {
+    private struct Entry {
+        let expiresAt: Date
+        let response: CLILocalHTTPResponse
+    }
+
+    private var entries: [String: Entry] = [:]
+
+    func response(for key: String, now: Date) -> CLILocalHTTPResponse? {
+        guard let entry = self.entries[key] else { return nil }
+        guard entry.expiresAt > now else {
+            self.entries[key] = nil
+            return nil
+        }
+        return entry.response
+    }
+
+    func store(_ response: CLILocalHTTPResponse, for key: String, ttl: TimeInterval, now: Date) {
+        guard ttl > 0, response.status == .ok else { return }
+        self.entries[key] = Entry(expiresAt: now.addingTimeInterval(ttl), response: response)
+    }
+}
+
+private enum CLIServeArgumentError: LocalizedError {
+    case invalidPort
+    case invalidRefreshInterval
+    case invalidProvider(String)
+
+    var errorDescription: String? {
+        switch self {
+        case .invalidPort:
+            "--port must be between 1 and 65535."
+        case .invalidRefreshInterval:
+            "--refresh-interval must be zero or greater."
+        case let .invalidProvider(provider):
+            "Unknown provider '\(provider)'."
+        }
+    }
+}
+
+extension CodexBarCLI {
+    static func runServe(_ values: ParsedValues) async {
+        let output = CLIOutputPreferences(format: .json, jsonOnly: true, pretty: false)
+        let port = Self.decodeServePort(from: values)
+        let refreshInterval = Self.decodeServeRefreshInterval(from: values)
+
+        guard let port else {
+            Self.exit(
+                code: .failure,
+                message: CLIServeArgumentError.invalidPort.localizedDescription,
+                output: output,
+                kind: .args)
+        }
+
+        guard let refreshInterval else {
+            Self.exit(
+                code: .failure,
+                message: CLIServeArgumentError.invalidRefreshInterval.localizedDescription,
+                output: output,
+                kind: .args)
+        }
+
+        let config = Self.loadConfig(output: output)
+        let cache = CLIServeResponseCache()
+        let server = CLILocalHTTPServer(host: "127.0.0.1", port: port) { request in
+            await Self.handleServeRequest(
+                request,
+                config: config,
+                cache: cache,
+                refreshInterval: refreshInterval)
+        }
+
+        do {
+            try await server.run {
+                Self.writeStderr("CodexBar server listening on http://127.0.0.1:\(port)\n")
+            }
+        } catch {
+            Self.exit(code: .failure, message: error.localizedDescription, output: output, kind: .runtime)
+        }
+    }
+
+    static func decodeServePort(from values: ParsedValues) -> UInt16? {
+        let raw = values.options["port"]?.last
+        let parsed: Int
+        if let raw {
+            guard let value = Int(raw) else { return nil }
+            parsed = value
+        } else {
+            parsed = 8080
+        }
+        guard parsed > 0, parsed <= Int(UInt16.max) else { return nil }
+        return UInt16(parsed)
+    }
+
+    static func decodeServeRefreshInterval(from values: ParsedValues) -> TimeInterval? {
+        let raw = values.options["refreshInterval"]?.last
+        let parsed: Double
+        if let raw {
+            guard let value = Double(raw) else { return nil }
+            parsed = value
+        } else {
+            parsed = 60
+        }
+        guard parsed >= 0 else { return nil }
+        return parsed
+    }
+
+    private static func handleServeRequest(
+        _ request: CLILocalHTTPRequest,
+        config: CodexBarConfig,
+        cache: CLIServeResponseCache,
+        refreshInterval: TimeInterval) async -> CLILocalHTTPResponse
+    {
+        let route: CLIServeRoute
+        do {
+            route = try CLIServeRouter.route(
+                method: request.method,
+                path: request.path,
+                queryItems: request.queryItems)
+        } catch CLIServeRouteError.methodNotAllowed {
+            return Self.serveError(status: .methodNotAllowed, message: "method not allowed")
+        } catch {
+            return Self.serveError(status: .notFound, message: "not found")
+        }
+
+        switch route {
+        case .health:
+            return Self.serveJSON(ServeHealthPayload(status: "ok"))
+        case let .usage(provider):
+            return await Self.cachedServeResponse(
+                key: "usage:\(provider ?? "")",
+                cache: cache,
+                refreshInterval: refreshInterval)
+            {
+                await Self.serveUsage(provider: provider, config: config)
+            }
+        case let .cost(provider):
+            return await Self.cachedServeResponse(
+                key: "cost:\(provider ?? "")",
+                cache: cache,
+                refreshInterval: refreshInterval)
+            {
+                await Self.serveCost(provider: provider, config: config)
+            }
+        }
+    }
+
+    private static func cachedServeResponse(
+        key: String,
+        cache: CLIServeResponseCache,
+        refreshInterval: TimeInterval,
+        makeResponse: () async -> CLILocalHTTPResponse) async -> CLILocalHTTPResponse
+    {
+        let now = Date()
+        if let cached = await cache.response(for: key, now: now) {
+            return cached
+        }
+
+        let response = await makeResponse()
+        if Self.shouldCacheServeResponse(response) {
+            await cache.store(response, for: key, ttl: refreshInterval, now: now)
+        }
+        return response
+    }
+
+    static func shouldCacheServeResponse(_ response: CLILocalHTTPResponse) -> Bool {
+        guard response.status == .ok else { return false }
+        guard let payload = try? JSONSerialization.jsonObject(with: response.body) as? [[String: Any]] else {
+            return true
+        }
+        return !payload.contains { item in
+            guard let error = item["error"] else { return false }
+            return !(error is NSNull)
+        }
+    }
+
+    private static func serveUsage(
+        provider rawProvider: String?,
+        config: CodexBarConfig) async -> CLILocalHTTPResponse
+    {
+        let selection: ProviderSelection
+        do {
+            selection = try Self.serveProviderSelection(rawProvider: rawProvider, config: config)
+        } catch {
+            return Self.serveError(status: .badRequest, message: error.localizedDescription)
+        }
+
+        let tokenContext: TokenAccountCLIContext
+        do {
+            tokenContext = try TokenAccountCLIContext(
+                selection: TokenAccountCLISelection(label: nil, index: nil, allAccounts: false),
+                config: config,
+                verbose: false)
+        } catch {
+            return Self.serveError(status: .internalServerError, message: error.localizedDescription)
+        }
+
+        let browserDetection = BrowserDetection()
+        let command = UsageCommandContext(
+            format: .json,
+            includeCredits: true,
+            sourceModeOverride: nil,
+            antigravityPlanDebug: false,
+            augmentDebug: false,
+            webDebugDumpHTML: false,
+            webTimeout: 60,
+            verbose: false,
+            useColor: false,
+            resetStyle: Self.resetTimeDisplayStyleFromDefaults(),
+            jsonOnly: true,
+            includeAllCodexAccounts: true,
+            fetcher: UsageFetcher(),
+            claudeFetcher: ClaudeUsageFetcher(browserDetection: browserDetection),
+            browserDetection: browserDetection)
+
+        var output = UsageCommandOutput()
+        for provider in selection.asList {
+            let providerOutput = await ProviderInteractionContext.$current.withValue(.background) {
+                await Self.fetchUsageOutputs(
+                    provider: provider,
+                    status: nil,
+                    tokenContext: tokenContext,
+                    command: command)
+            }
+            output.merge(providerOutput)
+        }
+
+        return Self.serveJSON(output.payload)
+    }
+
+    private static func serveCost(provider rawProvider: String?, config: CodexBarConfig) async -> CLILocalHTTPResponse {
+        let selection: ProviderSelection
+        do {
+            selection = try Self.serveProviderSelection(rawProvider: rawProvider, config: config)
+        } catch {
+            return Self.serveError(status: .badRequest, message: error.localizedDescription)
+        }
+
+        let providers = Self.costProviders(from: selection)
+        guard !providers.isEmpty else {
+            return Self.serveError(status: .badRequest, message: "cost is only supported for Claude and Codex")
+        }
+
+        let fetcher = CostUsageFetcher()
+        var payload: [CostPayload] = []
+        for provider in providers {
+            do {
+                let snapshot = try await fetcher.loadTokenSnapshot(
+                    provider: provider,
+                    forceRefresh: false)
+                payload.append(Self.makeCostPayload(provider: provider, snapshot: snapshot, error: nil))
+            } catch {
+                payload.append(Self.makeCostPayload(provider: provider, snapshot: nil, error: error))
+            }
+        }
+
+        return Self.serveJSON(payload)
+    }
+
+    private static func serveProviderSelection(
+        rawProvider: String?,
+        config: CodexBarConfig) throws -> ProviderSelection
+    {
+        guard let rawProvider, !rawProvider.isEmpty else {
+            return providerSelection(rawOverride: nil, enabled: config.enabledProviders())
+        }
+        guard let selection = ProviderSelection(argument: rawProvider) else {
+            throw CLIServeArgumentError.invalidProvider(rawProvider)
+        }
+        return selection
+    }
+
+    private static func serveJSON(_ payload: some Encodable, status: CLIHTTPStatus = .ok) -> CLILocalHTTPResponse {
+        let json = Self.encodeJSON(payload, pretty: false) ?? "{}"
+        return CLILocalHTTPResponse(status: status, body: Data(json.utf8))
+    }
+
+    private static func serveError(status: CLIHTTPStatus, message: String) -> CLILocalHTTPResponse {
+        self.serveJSON(ServeErrorPayload(error: message), status: status)
+    }
+}
diff --git a/Sources/CodexBarCLI/CLIUsageCommand.swift b/Sources/CodexBarCLI/CLIUsageCommand.swift
index 491ad5024..42506cef3 100644
--- a/Sources/CodexBarCLI/CLIUsageCommand.swift
+++ b/Sources/CodexBarCLI/CLIUsageCommand.swift
@@ -14,6 +14,7 @@ struct UsageCommandContext {
     let useColor: Bool
     let resetStyle: ResetTimeDisplayStyle
     let jsonOnly: Bool
+    let includeAllCodexAccounts: Bool
     let fetcher: UsageFetcher
     let claudeFetcher: ClaudeUsageFetcher
     let browserDetection: BrowserDetection
@@ -85,7 +86,11 @@ extension CodexBarCLI {
                     output: output,
                     kind: .args)
             }
-            guard TokenAccountSupportCatalog.support(for: providerList[0]) != nil else {
+            let supportsAllCodexAccounts = providerList[0] == .codex
+                && tokenSelection.allAccounts
+                && tokenSelection.label == nil
+                && tokenSelection.index == nil
+            guard supportsAllCodexAccounts || TokenAccountSupportCatalog.support(for: providerList[0]) != nil else {
                 Self.exit(
                     code: .failure,
                     message: "Error: \(providerList[0].rawValue) does not support token accounts.",
@@ -94,21 +99,6 @@ extension CodexBarCLI {
             }
         }
 
-        #if !os(macOS)
-        if let parsedSourceMode {
-            let requiresWeb = providerList.contains { selectedProvider in
-                Self.sourceModeRequiresWebSupport(parsedSourceMode, provider: selectedProvider)
-            }
-            if requiresWeb {
-                Self.exit(
-                    code: .failure,
-                    message: "Error: selected source requires web support and is only supported on macOS.",
-                    output: output,
-                    kind: .runtime)
-            }
-        }
-        #endif
-
         let browserDetection = BrowserDetection()
         let fetcher = UsageFetcher()
         let claudeFetcher = ClaudeUsageFetcher(browserDetection: browserDetection)
@@ -137,6 +127,7 @@ extension CodexBarCLI {
             useColor: useColor,
             resetStyle: resetStyle,
             jsonOnly: output.jsonOnly,
+            includeAllCodexAccounts: tokenSelection.allAccounts && providerList == [.codex],
             fetcher: fetcher,
             claudeFetcher: claudeFetcher,
             browserDetection: browserDetection)
@@ -164,9 +155,7 @@ extension CodexBarCLI {
                 print(sections.joined(separator: "\n\n"))
             }
         case .json:
-            if !payload.isEmpty {
-                Self.printJSON(payload, pretty: output.pretty)
-            }
+            Self.printJSON(payload, pretty: output.pretty)
         }
 
         Self.exit(code: exitCode, output: output, kind: exitCode == .success ? .runtime : .provider)
@@ -178,6 +167,23 @@ extension CodexBarCLI {
         tokenContext: TokenAccountCLIContext,
         command: UsageCommandContext) async -> UsageCommandOutput
     {
+        if provider == .codex, command.includeAllCodexAccounts {
+            var output = UsageCommandOutput()
+            let accounts = tokenContext.visibleCodexAccounts().visibleAccounts
+            let selections: [CodexVisibleAccount?] = accounts.isEmpty ? [nil] : accounts.map { Optional($0) }
+            for visibleAccount in selections {
+                let result = await Self.fetchUsageOutput(
+                    provider: provider,
+                    account: nil,
+                    codexVisibleAccount: visibleAccount,
+                    status: status,
+                    tokenContext: tokenContext,
+                    command: command)
+                output.merge(result)
+            }
+            return output
+        }
+
         let accounts: [ProviderTokenAccount]
         do {
             accounts = try tokenContext.resolvedAccounts(for: provider)
@@ -233,6 +239,7 @@ extension CodexBarCLI {
     private static func fetchUsageOutput(
         provider: UsageProvider,
         account: ProviderTokenAccount?,
+        codexVisibleAccount: CodexVisibleAccount? = nil,
         status: ProviderStatusPayload?,
         tokenContext: TokenAccountCLIContext,
         command: UsageCommandContext) async -> UsageCommandOutput
@@ -241,8 +248,12 @@ extension CodexBarCLI {
         let env = tokenContext.environment(
             base: ProcessInfo.processInfo.environment,
             provider: provider,
-            account: account)
-        let settings = tokenContext.settingsSnapshot(for: provider, account: account)
+            account: account,
+            codexActiveSourceOverride: codexVisibleAccount?.selectionSource)
+        let settings = tokenContext.settingsSnapshot(
+            for: provider,
+            account: account,
+            codexActiveSourceOverride: codexVisibleAccount?.selectionSource)
         let configSource = tokenContext.preferredSourceMode(for: provider)
         let baseSource = command.sourceModeOverride ?? configSource
         let effectiveSourceMode = tokenContext.effectiveSourceMode(
@@ -251,10 +262,15 @@ extension CodexBarCLI {
             account: account)
 
         #if !os(macOS)
-        if Self.sourceModeRequiresWebSupport(effectiveSourceMode, provider: provider) {
+        if Self.sourceModeRequiresWebSupport(
+            effectiveSourceMode,
+            provider: provider,
+            environment: env,
+            settings: settings)
+        {
             return Self.webSourceUnsupportedOutput(
                 provider: provider,
-                account: account,
+                account: account?.label ?? codexVisibleAccount?.menuDisplayName,
                 source: effectiveSourceMode.rawValue,
                 status: status,
                 command: command)
@@ -270,9 +286,12 @@ extension CodexBarCLI {
             verbose: command.verbose,
             env: env,
             settings: settings,
-            fetcher: command.fetcher,
+            fetcher: tokenContext.fetcher(base: command.fetcher, provider: provider, env: env),
             claudeFetcher: command.claudeFetcher,
-            browserDetection: command.browserDetection)
+            browserDetection: command.browserDetection,
+            selectedTokenAccountID: account?.id,
+            tokenAccountTokenUpdater: tokenContext.tokenUpdater(for: account),
+            providerManualTokenUpdater: tokenContext.manualTokenUpdater())
         let outcome = await Self.fetchProviderUsage(
             provider: provider,
             context: fetchContext)
@@ -290,11 +309,16 @@ extension CodexBarCLI {
             var usage = result.usage.scoped(to: provider)
             if let account {
                 usage = tokenContext.applyAccountLabel(usage, provider: provider, account: account)
+            } else if let codexVisibleAccount {
+                usage = tokenContext.applyCodexVisibleAccountLabel(usage, account: codexVisibleAccount)
             }
 
             var dashboard = result.dashboard
             if dashboard == nil, command.format == .json, provider == .codex {
-                dashboard = Self.loadOpenAIDashboardIfAvailable(usage: usage, fetcher: command.fetcher)
+                dashboard = Self.loadOpenAIDashboardIfAvailable(
+                    usage: usage,
+                    sourceLabel: result.sourceLabel,
+                    context: fetchContext)
             }
 
             let descriptor = ProviderDescriptorRegistry.descriptor(for: provider)
@@ -330,7 +354,7 @@ extension CodexBarCLI {
             case .json:
                 output.payload.append(ProviderPayload(
                     provider: provider,
-                    account: account?.label,
+                    account: account?.label ?? codexVisibleAccount?.menuDisplayName,
                     version: version,
                     source: source,
                     status: status,
@@ -345,15 +369,15 @@ extension CodexBarCLI {
             if command.format == .json {
                 output.payload.append(Self.makeProviderErrorPayload(
                     provider: provider,
-                    account: account?.label,
+                    account: account?.label ?? codexVisibleAccount?.menuDisplayName,
                     source: effectiveSourceMode.rawValue,
                     status: status,
                     error: error,
                     kind: .provider))
             } else if !command.jsonOnly {
-                if let account {
+                if let accountLabel = account?.label ?? codexVisibleAccount?.menuDisplayName {
                     Self.writeStderr(
-                        "Error (\(provider.rawValue) - \(account.label)): \(error.localizedDescription)\n")
+                        "Error (\(provider.rawValue) - \(accountLabel)): \(error.localizedDescription)\n")
                 } else {
                     Self.writeStderr("Error: \(error.localizedDescription)\n")
                 }
@@ -402,7 +426,7 @@ extension CodexBarCLI {
 
     private static func webSourceUnsupportedOutput(
         provider: UsageProvider,
-        account: ProviderTokenAccount?,
+        account: String?,
         source: String,
         status: ProviderStatusPayload?,
         command: UsageCommandContext) -> UsageCommandOutput
@@ -417,7 +441,7 @@ extension CodexBarCLI {
         if command.format == .json {
             output.payload.append(Self.makeProviderErrorPayload(
                 provider: provider,
-                account: account?.label,
+                account: account,
                 source: source,
                 status: status,
                 error: error,
@@ -428,8 +452,23 @@ extension CodexBarCLI {
         return output
     }
 
-    static func sourceModeRequiresWebSupport(_ sourceMode: ProviderSourceMode, provider: UsageProvider) -> Bool {
-        switch sourceMode {
+    static func sourceModeRequiresWebSupport(
+        _ sourceMode: ProviderSourceMode,
+        provider: UsageProvider,
+        environment: [String: String]? = nil,
+        settings: ProviderSettingsSnapshot? = nil) -> Bool
+    {
+        guard provider != .grok else {
+            return false
+        }
+        if provider == .ollama,
+           sourceMode == .auto,
+           settings?.ollama?.cookieSource == .off
+           || environment.map({ ProviderTokenResolver.ollamaToken(environment: $0) != nil }) == true
+        {
+            return false
+        }
+        return switch sourceMode {
         case .web:
             true
         case .auto:
diff --git a/Sources/CodexBarCLI/DiagnoseOptions.swift b/Sources/CodexBarCLI/DiagnoseOptions.swift
new file mode 100644
index 000000000..6a1653da5
--- /dev/null
+++ b/Sources/CodexBarCLI/DiagnoseOptions.swift
@@ -0,0 +1,23 @@
+import CodexBarCore
+import Commander
+import Foundation
+
+struct DiagnoseOptions: CommanderParsable {
+    @Flag(names: [.short("v"), .long("verbose")], help: "Enable verbose logging")
+    var verbose: Bool = false
+
+    @Flag(name: .long("json-output"), help: "Emit machine-readable logs")
+    var jsonOutput: Bool = false
+
+    @Option(name: .long("log-level"), help: "Set log level (trace|verbose|debug|info|warning|error|critical)")
+    var logLevel: String?
+
+    @Option(name: .long("provider"), help: ProviderHelp.optionHelp)
+    var provider: String?
+
+    @Option(name: .long("format"), help: "Output format: json")
+    var format: String?
+
+    @Flag(name: .long("pretty"), help: "Pretty-print JSON output")
+    var pretty: Bool = false
+}
diff --git a/Sources/CodexBarCLI/TokenAccountCLI.swift b/Sources/CodexBarCLI/TokenAccountCLI.swift
index 7324fa837..84dad7645 100644
--- a/Sources/CodexBarCLI/TokenAccountCLI.swift
+++ b/Sources/CodexBarCLI/TokenAccountCLI.swift
@@ -2,7 +2,7 @@ import CodexBarCore
 import Commander
 import Foundation
 
-struct TokenAccountCLISelection: Sendable {
+struct TokenAccountCLISelection {
     let label: String?
     let index: Int?
     let allAccounts: Bool
@@ -33,10 +33,20 @@ struct TokenAccountCLIContext {
     let selection: TokenAccountCLISelection
     let config: CodexBarConfig
     let accountsByProvider: [UsageProvider: ProviderTokenAccountData]
+    private let baseEnvironment: [String: String]
+    private let managedCodexAccountStoreURL: URL?
 
-    init(selection: TokenAccountCLISelection, config: CodexBarConfig, verbose _: Bool) throws {
+    init(
+        selection: TokenAccountCLISelection,
+        config: CodexBarConfig,
+        verbose _: Bool,
+        baseEnvironment: [String: String] = ProcessInfo.processInfo.environment,
+        managedCodexAccountStoreURL: URL? = nil) throws
+    {
         self.selection = selection
         self.config = config
+        self.baseEnvironment = baseEnvironment
+        self.managedCodexAccountStoreURL = managedCodexAccountStoreURL
         self.accountsByProvider = Dictionary(uniqueKeysWithValues: config.providers.compactMap { provider in
             guard let accounts = provider.tokenAccounts else { return nil }
             return (provider.id, accounts)
@@ -75,34 +85,70 @@ struct TokenAccountCLIContext {
         return [data.accounts[clamped]]
     }
 
-    func settingsSnapshot(for provider: UsageProvider, account: ProviderTokenAccount?) -> ProviderSettingsSnapshot? {
+    func settingsSnapshot(
+        for provider: UsageProvider,
+        account: ProviderTokenAccount?,
+        codexActiveSourceOverride: CodexActiveSource? = nil) -> ProviderSettingsSnapshot?
+    {
         let config = self.providerConfig(for: provider)
-        let cookieHeader = self.manualCookieHeader(provider: provider, account: account, config: config)
-        let cookieSource = self.cookieSource(provider: provider, account: account, config: config)
+        if let snapshot = self.makeCookieBackedSnapshot(provider: provider, account: account, config: config) {
+            return snapshot
+        }
 
         switch provider {
         case .codex:
-            return self.makeSnapshot(
-                codex: ProviderSettingsSnapshot.CodexProviderSettings(
-                    usageDataSource: .auto,
-                    cookieSource: cookieSource,
-                    manualCookieHeader: cookieHeader))
+            return self.makeSnapshot(codex: self.makeCodexSettingsSnapshot(
+                account: account,
+                codexActiveSourceOverride: codexActiveSourceOverride))
         case .claude:
-            let claudeSource: ClaudeUsageDataSource = if provider == .claude,
-                                                         let account,
-                                                         TokenAccountSupportCatalog.isClaudeOAuthToken(account.token)
-            {
+            let routing = self.claudeCredentialRouting(account: account, config: config)
+            let claudeSource: ClaudeUsageDataSource = if routing.adminAPIKey != nil {
+                .api
+            } else if routing.isOAuth {
                 .oauth
             } else {
                 .auto
             }
-            let effectiveSource = (claudeSource == .oauth) ? ProviderCookieSource.off : cookieSource
+            let cookieSource = routing.isOAuth || routing.adminAPIKey != nil
+                ? ProviderCookieSource.off
+                : self.cookieSource(provider: provider, account: account, config: config)
             return self.makeSnapshot(
                 claude: ProviderSettingsSnapshot.ClaudeProviderSettings(
                     usageDataSource: claudeSource,
                     webExtrasEnabled: false,
-                    cookieSource: effectiveSource,
-                    manualCookieHeader: claudeSource == .oauth ? nil : cookieHeader))
+                    cookieSource: cookieSource,
+                    manualCookieHeader: routing.manualCookieHeader,
+                    organizationID: account?.sanitizedOrganizationID))
+        case .zai:
+            return self.makeSnapshot(
+                zai: ProviderSettingsSnapshot.ZaiProviderSettings(apiRegion: self.resolveZaiRegion(config)))
+        case .moonshot:
+            return self.makeSnapshot(
+                moonshot: ProviderSettingsSnapshot.MoonshotProviderSettings(
+                    region: self.resolveMoonshotRegion(config)))
+        case .kilo:
+            return self.makeSnapshot(
+                kilo: ProviderSettingsSnapshot.KiloProviderSettings(
+                    usageDataSource: Self.kiloUsageDataSource(from: config?.source),
+                    extrasEnabled: Self.kiloExtrasEnabled(from: config)))
+        case .jetbrains:
+            return self.makeSnapshot(
+                jetbrains: ProviderSettingsSnapshot.JetBrainsProviderSettings(
+                    ideBasePath: nil))
+        default:
+            return nil
+        }
+    }
+
+    private func makeCookieBackedSnapshot(
+        provider: UsageProvider,
+        account: ProviderTokenAccount?,
+        config: ProviderConfig?) -> ProviderSettingsSnapshot?
+    {
+        let cookieHeader = self.manualCookieHeader(provider: provider, account: account, config: config)
+        let cookieSource = self.cookieSource(provider: provider, account: account, config: config)
+
+        switch provider {
         case .cursor:
             return self.makeSnapshot(
                 cursor: ProviderSettingsSnapshot.CursorProviderSettings(
@@ -114,6 +160,23 @@ struct TokenAccountCLIContext {
                     cookieSource: cookieSource,
                     manualCookieHeader: cookieHeader,
                     workspaceID: config?.workspaceID))
+        case .opencodego:
+            return self.makeSnapshot(
+                opencodego: ProviderSettingsSnapshot.OpenCodeProviderSettings(
+                    cookieSource: cookieSource,
+                    manualCookieHeader: cookieHeader,
+                    workspaceID: config?.workspaceID))
+        case .alibaba:
+            return self.makeSnapshot(
+                alibaba: ProviderSettingsSnapshot.AlibabaCodingPlanProviderSettings(
+                    cookieSource: cookieSource,
+                    manualCookieHeader: cookieHeader,
+                    apiRegion: self.resolveAlibabaCodingPlanRegion(config)))
+        case .alibabatokenplan:
+            return self.makeSnapshot(
+                alibabaTokenPlan: ProviderSettingsSnapshot.AlibabaTokenPlanProviderSettings(
+                    cookieSource: cookieSource,
+                    manualCookieHeader: cookieHeader))
         case .factory:
             return self.makeSnapshot(
                 factory: ProviderSettingsSnapshot.FactoryProviderSettings(
@@ -125,6 +188,11 @@ struct TokenAccountCLIContext {
                     cookieSource: cookieSource,
                     manualCookieHeader: cookieHeader,
                     apiRegion: self.resolveMiniMaxRegion(config)))
+        case .manus:
+            return self.makeSnapshot(
+                manus: ProviderSettingsSnapshot.ManusProviderSettings(
+                    cookieSource: cookieSource,
+                    manualCookieHeader: cookieHeader))
         case .augment:
             return self.makeSnapshot(
                 augment: ProviderSettingsSnapshot.AugmentProviderSettings(
@@ -145,19 +213,36 @@ struct TokenAccountCLIContext {
                 kimi: ProviderSettingsSnapshot.KimiProviderSettings(
                     cookieSource: cookieSource,
                     manualCookieHeader: cookieHeader))
-        case .zai:
+        case .perplexity:
             return self.makeSnapshot(
-                zai: ProviderSettingsSnapshot.ZaiProviderSettings(apiRegion: self.resolveZaiRegion(config)))
-        case .kilo:
+                perplexity: ProviderSettingsSnapshot.PerplexityProviderSettings(
+                    cookieSource: cookieSource,
+                    manualCookieHeader: cookieHeader))
+        case .mimo:
             return self.makeSnapshot(
-                kilo: ProviderSettingsSnapshot.KiloProviderSettings(
-                    usageDataSource: Self.kiloUsageDataSource(from: config?.source),
-                    extrasEnabled: Self.kiloExtrasEnabled(from: config)))
-        case .jetbrains:
+                mimo: ProviderSettingsSnapshot.MiMoProviderSettings(
+                    cookieSource: cookieSource,
+                    manualCookieHeader: cookieHeader))
+        case .doubao:
+            return nil
+        case .abacus:
             return self.makeSnapshot(
-                jetbrains: ProviderSettingsSnapshot.JetBrainsProviderSettings(
-                    ideBasePath: nil))
-        case .gemini, .antigravity, .copilot, .kiro, .vertexai, .kimik2, .synthetic, .openrouter, .warp:
+                abacus: ProviderSettingsSnapshot.AbacusProviderSettings(
+                    cookieSource: cookieSource,
+                    manualCookieHeader: cookieHeader))
+        case .mistral:
+            return self.makeSnapshot(
+                mistral: ProviderSettingsSnapshot.MistralProviderSettings(
+                    cookieSource: cookieSource,
+                    manualCookieHeader: cookieHeader))
+        case .stepfun:
+            return self.makeSnapshot(
+                stepfun: ProviderSettingsSnapshot.StepFunProviderSettings(
+                    cookieSource: cookieSource,
+                    manualToken: self.stepfunManualToken(account: account, config: config),
+                    username: config?.sanitizedAPIKey ?? "",
+                    password: ""))
+        default:
             return nil
         }
     }
@@ -167,36 +252,74 @@ struct TokenAccountCLIContext {
         claude: ProviderSettingsSnapshot.ClaudeProviderSettings? = nil,
         cursor: ProviderSettingsSnapshot.CursorProviderSettings? = nil,
         opencode: ProviderSettingsSnapshot.OpenCodeProviderSettings? = nil,
+        opencodego: ProviderSettingsSnapshot.OpenCodeProviderSettings? = nil,
+        alibaba: ProviderSettingsSnapshot.AlibabaCodingPlanProviderSettings? = nil,
+        alibabaTokenPlan: ProviderSettingsSnapshot.AlibabaTokenPlanProviderSettings? = nil,
         factory: ProviderSettingsSnapshot.FactoryProviderSettings? = nil,
         minimax: ProviderSettingsSnapshot.MiniMaxProviderSettings? = nil,
+        manus: ProviderSettingsSnapshot.ManusProviderSettings? = nil,
         zai: ProviderSettingsSnapshot.ZaiProviderSettings? = nil,
+        moonshot: ProviderSettingsSnapshot.MoonshotProviderSettings? = nil,
         kilo: ProviderSettingsSnapshot.KiloProviderSettings? = nil,
         kimi: ProviderSettingsSnapshot.KimiProviderSettings? = nil,
         augment: ProviderSettingsSnapshot.AugmentProviderSettings? = nil,
         amp: ProviderSettingsSnapshot.AmpProviderSettings? = nil,
         ollama: ProviderSettingsSnapshot.OllamaProviderSettings? = nil,
-        jetbrains: ProviderSettingsSnapshot.JetBrainsProviderSettings? = nil) -> ProviderSettingsSnapshot
+        jetbrains: ProviderSettingsSnapshot.JetBrainsProviderSettings? = nil,
+        perplexity: ProviderSettingsSnapshot.PerplexityProviderSettings? = nil,
+        mimo: ProviderSettingsSnapshot.MiMoProviderSettings? = nil,
+        abacus: ProviderSettingsSnapshot.AbacusProviderSettings? = nil,
+        mistral: ProviderSettingsSnapshot.MistralProviderSettings? = nil,
+        stepfun: ProviderSettingsSnapshot.StepFunProviderSettings? = nil) -> ProviderSettingsSnapshot
     {
         ProviderSettingsSnapshot.make(
             codex: codex,
             claude: claude,
             cursor: cursor,
             opencode: opencode,
+            opencodego: opencodego,
+            alibaba: alibaba,
+            alibabaTokenPlan: alibabaTokenPlan,
             factory: factory,
             minimax: minimax,
+            manus: manus,
             zai: zai,
             kilo: kilo,
             kimi: kimi,
             augment: augment,
+            moonshot: moonshot,
             amp: amp,
             ollama: ollama,
-            jetbrains: jetbrains)
+            jetbrains: jetbrains,
+            perplexity: perplexity,
+            mimo: mimo,
+            abacus: abacus,
+            mistral: mistral,
+            stepfun: stepfun)
+    }
+
+    private func makeCodexSettingsSnapshot(
+        account: ProviderTokenAccount?,
+        codexActiveSourceOverride: CodexActiveSource? = nil) ->
+        ProviderSettingsSnapshot.CodexProviderSettings
+    {
+        let config = self.providerConfig(for: .codex)
+        let reconciliationSnapshot = self.codexAccountReconciler(
+            activeSource: codexActiveSourceOverride).loadSnapshot()
+        let resolvedActiveSource = CodexActiveSourceResolver.resolve(from: reconciliationSnapshot)
+        return CodexProviderSettingsBuilder.make(input: CodexProviderSettingsBuilderInput(
+            usageDataSource: .auto,
+            cookieSource: self.cookieSource(provider: .codex, account: account, config: config),
+            manualCookieHeader: self.manualCookieHeader(provider: .codex, account: account, config: config),
+            reconciliationSnapshot: reconciliationSnapshot,
+            resolvedActiveSource: resolvedActiveSource))
     }
 
     func environment(
         base: [String: String],
         provider: UsageProvider,
-        account: ProviderTokenAccount?) -> [String: String]
+        account: ProviderTokenAccount?,
+        codexActiveSourceOverride: CodexActiveSource? = nil) -> [String: String]
     {
         let providerConfig = self.providerConfig(for: provider)
         var env = ProviderConfigEnvironment.applyAPIKeyOverride(
@@ -204,16 +327,96 @@ struct TokenAccountCLIContext {
             provider: provider,
             config: providerConfig)
         // If token account is selected, use its token instead of config's apiKey
-        if let account,
-           let override = TokenAccountSupportCatalog.envOverride(for: provider, token: account.token)
-        {
-            for (key, value) in override {
-                env[key] = value
+        if let account {
+            TokenAccountSupportCatalog.scrubEnvironmentForSelectedAccount(
+                &env,
+                provider: provider,
+                token: account.token)
+            if let override = TokenAccountSupportCatalog.envOverride(for: provider, token: account.token) {
+                for (key, value) in override {
+                    env[key] = value
+                }
             }
         }
+        if provider == .codex,
+           let managedAccount = self.managedCodexAccount(for: codexActiveSourceOverride)
+        {
+            env = CodexHomeScope.scopedEnvironment(base: env, codexHome: managedAccount.managedHomePath)
+        }
         return env
     }
 
+    func tokenUpdater(for account: ProviderTokenAccount?) -> ProviderFetchContext.TokenAccountTokenUpdater? {
+        guard let account else { return nil }
+        return { provider, accountID, token in
+            guard accountID == account.id else { return }
+            try? Self.updateStoredTokenAccount(provider: provider, accountID: accountID, token: token)
+        }
+    }
+
+    func manualTokenUpdater() -> ProviderFetchContext.ProviderManualTokenUpdater {
+        { provider, token in
+            try? Self.updateStoredManualToken(provider: provider, token: token)
+        }
+    }
+
+    private static func updateStoredManualToken(provider: UsageProvider, token: String) throws {
+        guard provider == .stepfun else { return }
+        let trimmed = token.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return }
+
+        let store = CodexBarConfigStore()
+        var config = try store.load() ?? .makeDefault()
+        var providerConfig = config.providerConfig(for: provider) ?? ProviderConfig(id: provider)
+        providerConfig.region = trimmed
+        config.setProviderConfig(providerConfig)
+        try store.save(config)
+    }
+
+    private static func updateStoredTokenAccount(
+        provider: UsageProvider,
+        accountID: UUID,
+        token: String) throws
+    {
+        let trimmed = token.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return }
+
+        let store = CodexBarConfigStore()
+        guard var config = try store.load() else { return }
+        guard var providerConfig = config.providerConfig(for: provider),
+              let data = providerConfig.tokenAccounts,
+              let index = data.accounts.firstIndex(where: { $0.id == accountID })
+        else {
+            return
+        }
+
+        let existing = data.accounts[index]
+        var accounts = data.accounts
+        accounts[index] = ProviderTokenAccount(
+            id: existing.id,
+            label: existing.label,
+            token: trimmed,
+            addedAt: existing.addedAt,
+            lastUsed: existing.lastUsed,
+            externalIdentifier: existing.externalIdentifier,
+            organizationID: existing.organizationID)
+        providerConfig.tokenAccounts = ProviderTokenAccountData(
+            version: data.version,
+            accounts: accounts,
+            activeIndex: data.clampedActiveIndex())
+        config.setProviderConfig(providerConfig)
+        try store.save(config)
+    }
+
+    func fetcher(base: UsageFetcher, provider: UsageProvider, env: [String: String]) -> UsageFetcher {
+        guard provider == .codex else { return base }
+        return UsageFetcher(environment: env)
+    }
+
+    func visibleCodexAccounts() -> CodexVisibleAccountProjection {
+        self.codexAccountReconciler().loadVisibleAccounts()
+    }
+
     func applyAccountLabel(
         _ snapshot: UsageSnapshot,
         provider: UsageProvider,
@@ -232,19 +435,49 @@ struct TokenAccountCLIContext {
         return snapshot.withIdentity(identity)
     }
 
+    func applyCodexVisibleAccountLabel(_ snapshot: UsageSnapshot, account: CodexVisibleAccount) -> UsageSnapshot {
+        let existing = snapshot.identity(for: .codex)
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: account.email,
+            accountOrganization: account.workspaceLabel ?? existing?.accountOrganization,
+            loginMethod: existing?.loginMethod)
+        return snapshot.withIdentity(identity)
+    }
+
     func effectiveSourceMode(
         base: ProviderSourceMode,
         provider: UsageProvider,
         account: ProviderTokenAccount?) -> ProviderSourceMode
     {
-        guard base == .auto,
-              provider == .claude,
-              let account,
-              TokenAccountSupportCatalog.isClaudeOAuthToken(account.token)
-        else {
+        guard provider == .claude else {
+            return base
+        }
+        let config = self.providerConfig(for: provider)
+        let routing = self.claudeCredentialRouting(account: account, config: config)
+
+        if base == .auto {
+            if routing.adminAPIKey != nil { return .api }
+            return routing.isOAuth ? .oauth : base
+        }
+
+        guard base == .cli, account != nil else {
+            return base
+        }
+
+        // Claude CLI usage is ambient to the active local CLI profile, so per-token-account
+        // CLI reads can be mislabeled as separate accounts. Use the selected account's
+        // routable credential instead.
+        switch routing {
+        case .adminAPIKey:
+            return .api
+        case .oauth:
+            return .oauth
+        case .webCookie:
+            return .web
+        case .none:
             return base
         }
-        return .oauth
     }
 
     func preferredSourceMode(for provider: UsageProvider) -> ProviderSourceMode {
@@ -256,6 +489,42 @@ struct TokenAccountCLIContext {
         self.config.providerConfig(for: provider)
     }
 
+    private func codexAccountReconciler(activeSource: CodexActiveSource? = nil) -> DefaultCodexAccountReconciler {
+        let storeLoader: @Sendable () throws -> ManagedCodexAccountSet = if let managedCodexAccountStoreURL {
+            {
+                try FileManagedCodexAccountStore(fileURL: managedCodexAccountStoreURL).loadAccounts()
+            }
+        } else {
+            {
+                try FileManagedCodexAccountStore().loadAccounts()
+            }
+        }
+        return DefaultCodexAccountReconciler(
+            storeLoader: storeLoader,
+            activeSource: activeSource ?? self.providerConfig(for: .codex)?.codexActiveSource ?? .liveSystem,
+            baseEnvironment: self.baseEnvironment,
+            managedEnvironmentBuilder: { environment, account in
+                CodexHomeScope.scopedEnvironment(base: environment, codexHome: account.managedHomePath)
+            })
+    }
+
+    private func managedCodexAccount(for activeSourceOverride: CodexActiveSource?) -> ManagedCodexAccount? {
+        let activeSource: CodexActiveSource = if let activeSourceOverride {
+            activeSourceOverride
+        } else {
+            CodexActiveSourceResolver.resolve(from: self.codexAccountReconciler().loadSnapshot())
+                .resolvedSource
+        }
+
+        guard case let .managedAccount(id) = activeSource else { return nil }
+        let accounts: ManagedCodexAccountSet? = if let managedCodexAccountStoreURL {
+            try? FileManagedCodexAccountStore(fileURL: managedCodexAccountStoreURL).loadAccounts()
+        } else {
+            try? FileManagedCodexAccountStore().loadAccounts()
+        }
+        return accounts?.account(id: id)
+    }
+
     private func manualCookieHeader(
         provider: UsageProvider,
         account: ProviderTokenAccount?,
@@ -265,9 +534,6 @@ struct TokenAccountCLIContext {
            let support = TokenAccountSupportCatalog.support(for: provider),
            case .cookieHeader = support.injection
         {
-            if provider == .claude, TokenAccountSupportCatalog.isClaudeOAuthToken(account.token) {
-                return nil
-            }
             let header = TokenAccountSupportCatalog.normalizedCookieHeader(account.token, support: support)
             return header.isEmpty ? nil : header
         }
@@ -279,19 +545,28 @@ struct TokenAccountCLIContext {
         account: ProviderTokenAccount?,
         config: ProviderConfig?) -> ProviderCookieSource
     {
-        if let account, TokenAccountSupportCatalog.support(for: provider)?.requiresManualCookieSource == true {
-            if provider == .claude, TokenAccountSupportCatalog.isClaudeOAuthToken(account.token) {
-                return .off
-            }
+        if account != nil, TokenAccountSupportCatalog.support(for: provider)?.requiresManualCookieSource == true {
             return .manual
         }
         if let override = config?.cookieSource { return override }
+        if provider == .stepfun, config?.sanitizedRegion != nil {
+            return .manual
+        }
         if config?.sanitizedCookieHeader != nil {
             return .manual
         }
         return .auto
     }
 
+    private func stepfunManualToken(account: ProviderTokenAccount?, config: ProviderConfig?) -> String {
+        if let account,
+           let support = TokenAccountSupportCatalog.support(for: .stepfun)
+        {
+            return TokenAccountSupportCatalog.normalizedCookieHeader(account.token, support: support)
+        }
+        return config?.sanitizedRegion ?? config?.sanitizedCookieHeader ?? ""
+    }
+
     private func resolveZaiRegion(_ config: ProviderConfig?) -> ZaiAPIRegion {
         guard let raw = config?.region?.trimmingCharacters(in: .whitespacesAndNewlines),
               !raw.isEmpty
@@ -310,6 +585,24 @@ struct TokenAccountCLIContext {
         return MiniMaxAPIRegion(rawValue: raw) ?? .global
     }
 
+    private func resolveMoonshotRegion(_ config: ProviderConfig?) -> MoonshotRegion? {
+        guard let raw = config?.region?.trimmingCharacters(in: .whitespacesAndNewlines),
+              !raw.isEmpty
+        else {
+            return nil
+        }
+        return MoonshotRegion(rawValue: raw) ?? .international
+    }
+
+    private func resolveAlibabaCodingPlanRegion(_ config: ProviderConfig?) -> AlibabaCodingPlanAPIRegion {
+        guard let raw = config?.region?.trimmingCharacters(in: .whitespacesAndNewlines),
+              !raw.isEmpty
+        else {
+            return .international
+        }
+        return AlibabaCodingPlanAPIRegion(rawValue: raw) ?? .international
+    }
+
     private static func kiloUsageDataSource(from source: ProviderSourceMode?) -> KiloUsageDataSource {
         guard let source else { return .auto }
         switch source {
@@ -326,4 +619,14 @@ struct TokenAccountCLIContext {
         guard self.kiloUsageDataSource(from: config?.source) == .auto else { return false }
         return config?.extrasEnabled ?? false
     }
+
+    private func claudeCredentialRouting(
+        account: ProviderTokenAccount?,
+        config: ProviderConfig?) -> ClaudeCredentialRouting
+    {
+        let manualCookieHeader = account == nil ? config?.sanitizedCookieHeader : nil
+        return ClaudeCredentialRouting.resolve(
+            tokenAccountToken: account?.token,
+            manualCookieHeader: manualCookieHeader)
+    }
 }
diff --git a/Sources/CodexBarClaudeWebProbe/main.swift b/Sources/CodexBarClaudeWebProbe/ClaudeWebProbeEntry.swift
similarity index 100%
rename from Sources/CodexBarClaudeWebProbe/main.swift
rename to Sources/CodexBarClaudeWebProbe/ClaudeWebProbeEntry.swift
diff --git a/Sources/CodexBarCore/AppGroupSupport.swift b/Sources/CodexBarCore/AppGroupSupport.swift
new file mode 100644
index 000000000..b1b346d34
--- /dev/null
+++ b/Sources/CodexBarCore/AppGroupSupport.swift
@@ -0,0 +1,247 @@
+import Foundation
+#if os(macOS)
+import Security
+#endif
+
+public enum AppGroupSupport {
+    public static let defaultTeamID = "Y5PE65HELJ"
+    public static let teamIDInfoKey = "CodexBarTeamID"
+    public static let legacyReleaseGroupID = "group.com.steipete.codexbar"
+    public static let legacyDebugGroupID = "group.com.steipete.codexbar.debug"
+    public static let widgetSnapshotFilename = "widget-snapshot.json"
+    public static let migrationVersion = 1
+    public static let migrationVersionKey = "appGroupMigrationVersion"
+    private static let sharedDefaultsMigrationKeys = [
+        "debugDisableKeychainAccess",
+        "widgetSelectedProvider",
+    ]
+
+    public struct MigrationResult: Sendable {
+        public enum Status: String, Sendable {
+            case alreadyCompleted
+            case targetUnavailable
+            case noChangesNeeded
+            case migrated
+        }
+
+        public let status: Status
+        public let copiedSnapshot: Bool
+        public let copiedDefaults: Int
+
+        public init(status: Status, copiedSnapshot: Bool = false, copiedDefaults: Int = 0) {
+            self.status = status
+            self.copiedSnapshot = copiedSnapshot
+            self.copiedDefaults = copiedDefaults
+        }
+    }
+
+    public static func currentGroupID(for bundleID: String? = Bundle.main.bundleIdentifier) -> String {
+        self.currentGroupID(teamID: self.resolvedTeamID(), bundleID: bundleID)
+    }
+
+    static func currentGroupID(teamID: String, bundleID: String?) -> String {
+        let base = "\(teamID).com.steipete.codexbar"
+        return self.isDebugBundleID(bundleID) ? "\(base).debug" : base
+    }
+
+    public static func resolvedTeamID(bundle: Bundle = .main) -> String {
+        self.resolvedTeamID(
+            infoDictionaryOverride: bundle.infoDictionary,
+            bundleURLOverride: bundle.bundleURL)
+    }
+
+    static func resolvedTeamID(
+        infoDictionaryOverride: [String: Any]?,
+        bundleURLOverride: URL?) -> String
+    {
+        if let teamID = self.codeSignatureTeamID(bundleURL: bundleURLOverride) {
+            return teamID
+        }
+        if let teamID = infoDictionaryOverride?[self.teamIDInfoKey] as? String,
+           !teamID.isEmpty
+        {
+            return teamID
+        }
+        return self.defaultTeamID
+    }
+
+    public static func legacyGroupID(for bundleID: String? = Bundle.main.bundleIdentifier) -> String {
+        self.isDebugBundleID(bundleID) ? self.legacyDebugGroupID : self.legacyReleaseGroupID
+    }
+
+    public static func sharedDefaults(
+        bundleID: String? = Bundle.main.bundleIdentifier,
+        fileManager: FileManager = .default)
+        -> UserDefaults?
+    {
+        guard self.currentContainerURL(bundleID: bundleID, fileManager: fileManager) != nil else { return nil }
+        return UserDefaults(suiteName: self.currentGroupID(for: bundleID))
+    }
+
+    public static func currentContainerURL(
+        bundleID: String? = Bundle.main.bundleIdentifier,
+        fileManager: FileManager = .default)
+        -> URL?
+    {
+        #if os(macOS)
+        fileManager.containerURL(forSecurityApplicationGroupIdentifier: self.currentGroupID(for: bundleID))
+        #else
+        nil
+        #endif
+    }
+
+    public static func snapshotURL(
+        bundleID: String? = Bundle.main.bundleIdentifier,
+        fileManager: FileManager = .default,
+        homeDirectory: URL = FileManager.default.homeDirectoryForCurrentUser)
+        -> URL
+    {
+        if let container = self.currentContainerURL(bundleID: bundleID, fileManager: fileManager) {
+            return container.appendingPathComponent(self.widgetSnapshotFilename, isDirectory: false)
+        }
+
+        let directory = self.localFallbackDirectory(fileManager: fileManager, homeDirectory: homeDirectory)
+        return directory.appendingPathComponent(self.widgetSnapshotFilename, isDirectory: false)
+    }
+
+    public static func localFallbackDirectory(
+        fileManager: FileManager = .default,
+        homeDirectory _: URL = FileManager.default.homeDirectoryForCurrentUser)
+        -> URL
+    {
+        let base = fileManager.urls(for: .applicationSupportDirectory, in: .userDomainMask).first
+            ?? fileManager.temporaryDirectory
+        let directory = base.appendingPathComponent("CodexBar", isDirectory: true)
+        try? fileManager.createDirectory(at: directory, withIntermediateDirectories: true)
+        return directory
+    }
+
+    public static func legacyContainerCandidateURL(
+        bundleID: String? = Bundle.main.bundleIdentifier,
+        homeDirectory: URL = FileManager.default.homeDirectoryForCurrentUser)
+        -> URL
+    {
+        homeDirectory
+            .appendingPathComponent("Library", isDirectory: true)
+            .appendingPathComponent("Group Containers", isDirectory: true)
+            .appendingPathComponent(self.legacyGroupID(for: bundleID), isDirectory: true)
+    }
+
+    public static func migrateLegacyDataIfNeeded(
+        bundleID: String? = Bundle.main.bundleIdentifier,
+        standardDefaults: UserDefaults = .standard,
+        fileManager: FileManager = .default,
+        homeDirectory: URL = FileManager.default.homeDirectoryForCurrentUser,
+        currentDefaultsOverride: UserDefaults? = nil,
+        legacyDefaultsOverride: UserDefaults? = nil,
+        currentSnapshotURLOverride: URL? = nil,
+        legacySnapshotURLOverride: URL? = nil)
+        -> MigrationResult
+    {
+        if standardDefaults.integer(forKey: self.migrationVersionKey) >= self.migrationVersion {
+            return MigrationResult(status: .alreadyCompleted)
+        }
+
+        guard let currentDefaults = currentDefaultsOverride ?? self.sharedDefaults(
+            bundleID: bundleID,
+            fileManager: fileManager)
+        else {
+            return MigrationResult(status: .targetUnavailable)
+        }
+
+        let legacyDefaults = legacyDefaultsOverride ?? UserDefaults(suiteName: self.legacyGroupID(for: bundleID))
+        let currentSnapshotURL = currentSnapshotURLOverride
+            ?? self.currentContainerURL(bundleID: bundleID, fileManager: fileManager)?
+            .appendingPathComponent(self.widgetSnapshotFilename, isDirectory: false)
+        let legacySnapshotURL = legacySnapshotURLOverride
+            ?? self.legacyContainerCandidateURL(bundleID: bundleID, homeDirectory: homeDirectory)
+            .appendingPathComponent(self.widgetSnapshotFilename, isDirectory: false)
+
+        let copiedSnapshot = {
+            guard let currentSnapshotURL else { return false }
+            guard !fileManager.fileExists(atPath: currentSnapshotURL.path),
+                  fileManager.fileExists(atPath: legacySnapshotURL.path)
+            else {
+                return false
+            }
+            do {
+                try fileManager.createDirectory(
+                    at: currentSnapshotURL.deletingLastPathComponent(),
+                    withIntermediateDirectories: true)
+                try fileManager.copyItem(at: legacySnapshotURL, to: currentSnapshotURL)
+                return true
+            } catch {
+                return false
+            }
+        }()
+
+        let copiedDefaults = self.copyLegacySharedDefaults(
+            from: legacyDefaults,
+            to: currentDefaults)
+
+        let result = if copiedSnapshot || copiedDefaults > 0 {
+            MigrationResult(
+                status: .migrated,
+                copiedSnapshot: copiedSnapshot,
+                copiedDefaults: copiedDefaults)
+        } else {
+            MigrationResult(status: .noChangesNeeded)
+        }
+
+        standardDefaults.set(self.migrationVersion, forKey: self.migrationVersionKey)
+        return result
+    }
+
+    private static func copyLegacySharedDefaults(
+        from legacyDefaults: UserDefaults?,
+        to currentDefaults: UserDefaults) -> Int
+    {
+        guard let legacyDefaults else { return 0 }
+
+        var copied = 0
+        for key in self.sharedDefaultsMigrationKeys {
+            guard currentDefaults.object(forKey: key) == nil,
+                  let legacyValue = legacyDefaults.object(forKey: key)
+            else {
+                continue
+            }
+            currentDefaults.set(legacyValue, forKey: key)
+            copied += 1
+        }
+        return copied
+    }
+
+    private static func isDebugBundleID(_ bundleID: String?) -> Bool {
+        guard let bundleID, !bundleID.isEmpty else { return false }
+        return bundleID.contains(".debug")
+    }
+
+    private static func codeSignatureTeamID(bundleURL: URL?) -> String? {
+        #if os(macOS)
+        guard let bundleURL else { return nil }
+
+        var staticCode: SecStaticCode?
+        guard SecStaticCodeCreateWithPath(bundleURL as CFURL, SecCSFlags(), &staticCode) == errSecSuccess,
+              let code = staticCode
+        else {
+            return nil
+        }
+
+        var infoCF: CFDictionary?
+        guard SecCodeCopySigningInformation(
+            code,
+            SecCSFlags(rawValue: kSecCSSigningInformation),
+            &infoCF) == errSecSuccess,
+            let info = infoCF as? [String: Any],
+            let teamID = info[kSecCodeInfoTeamIdentifier as String] as? String,
+            !teamID.isEmpty
+        else {
+            return nil
+        }
+        return teamID
+        #else
+        _ = bundleURL
+        return nil
+        #endif
+    }
+}
diff --git a/Sources/CodexBarCore/AutoreleasePoolCompat.swift b/Sources/CodexBarCore/AutoreleasePoolCompat.swift
new file mode 100644
index 000000000..7d0d32c4d
--- /dev/null
+++ b/Sources/CodexBarCore/AutoreleasePoolCompat.swift
@@ -0,0 +1,8 @@
+import Foundation
+
+#if os(Linux)
+@discardableResult
+func autoreleasepool<Result>(_ work: () throws -> Result) rethrows -> Result {
+    try work()
+}
+#endif
diff --git a/Sources/CodexBarCore/BrowserCookieAccessGate.swift b/Sources/CodexBarCore/BrowserCookieAccessGate.swift
index db0de16b6..9c7ea0e12 100644
--- a/Sources/CodexBarCore/BrowserCookieAccessGate.swift
+++ b/Sources/CodexBarCore/BrowserCookieAccessGate.swift
@@ -18,7 +18,7 @@ public enum BrowserCookieAccessGate {
     public static func shouldAttempt(_ browser: Browser, now: Date = Date()) -> Bool {
         guard browser.usesKeychainForCookieDecryption else { return true }
         guard !KeychainAccessGate.isDisabled else { return false }
-        return self.lock.withLock { state in
+        let shouldCheckKeychain = self.lock.withLock { state in
             self.loadIfNeeded(&state)
             if let blockedUntil = state.deniedUntilByBrowser[browser.rawValue] {
                 if blockedUntil > now {
@@ -30,7 +30,14 @@ public enum BrowserCookieAccessGate {
                 state.deniedUntilByBrowser.removeValue(forKey: browser.rawValue)
                 self.persist(state)
             }
-            if self.chromiumKeychainRequiresInteraction() {
+            return true
+        }
+        guard shouldCheckKeychain else { return false }
+
+        let requiresInteraction = self.chromiumKeychainRequiresInteraction()
+        return self.lock.withLock { state in
+            self.loadIfNeeded(&state)
+            if requiresInteraction {
                 state.deniedUntilByBrowser[browser.rawValue] = now.addingTimeInterval(self.cooldownInterval)
                 self.persist(state)
                 self.log.info(
@@ -104,6 +111,17 @@ public enum BrowserCookieAccessGate {
         UserDefaults.standard.set(raw, forKey: self.defaultsKey)
     }
 }
+
+extension BrowserCookieClient {
+    public func codexBarRecords(
+        matching query: BrowserCookieQuery,
+        in browser: Browser,
+        logger: ((String) -> Void)? = nil) throws -> [BrowserCookieStoreRecords]
+    {
+        guard BrowserCookieAccessGate.shouldAttempt(browser) else { return [] }
+        return try self.records(matching: query, in: browser, logger: logger)
+    }
+}
 #else
 public enum BrowserCookieAccessGate {
     public static func shouldAttempt(_ browser: Browser, now: Date = Date()) -> Bool {
diff --git a/Sources/CodexBarCore/BrowserCookieImportOrder.swift b/Sources/CodexBarCore/BrowserCookieImportOrder.swift
index 32549a13b..d1081f81f 100644
--- a/Sources/CodexBarCore/BrowserCookieImportOrder.swift
+++ b/Sources/CodexBarCore/BrowserCookieImportOrder.swift
@@ -44,7 +44,9 @@ extension Browser {
              .edge, .edgeBeta, .edgeCanary,
              .helium,
              .vivaldi,
-             .dia:
+             .dia,
+             .yandex,
+             .comet:
             return true
         @unknown default:
             return true
diff --git a/Sources/CodexBarCore/BrowserDetection.swift b/Sources/CodexBarCore/BrowserDetection.swift
index 4cd2721ac..74828cd5d 100644
--- a/Sources/CodexBarCore/BrowserDetection.swift
+++ b/Sources/CodexBarCore/BrowserDetection.swift
@@ -22,13 +22,13 @@ public final class BrowserDetection: Sendable {
         let timestamp: Date
     }
 
-    private enum ProbeKind: Int, Hashable, Sendable {
+    private enum ProbeKind: Int, Hashable {
         case appInstalled
         case usableProfileData
         case usableCookieStore
     }
 
-    private struct CacheKey: Hashable, Sendable {
+    private struct CacheKey: Hashable {
         let browser: Browser
         let kind: ProbeKind
     }
diff --git a/Sources/CodexBarCore/CodexHomeScope.swift b/Sources/CodexBarCore/CodexHomeScope.swift
new file mode 100644
index 000000000..5da3d65eb
--- /dev/null
+++ b/Sources/CodexBarCore/CodexHomeScope.swift
@@ -0,0 +1,21 @@
+import Foundation
+
+public enum CodexHomeScope {
+    public static func ambientHomeURL(
+        env: [String: String],
+        fileManager: FileManager = .default)
+        -> URL
+    {
+        if let raw = env["CODEX_HOME"]?.trimmingCharacters(in: .whitespacesAndNewlines), !raw.isEmpty {
+            return URL(fileURLWithPath: raw, isDirectory: true)
+        }
+        return fileManager.homeDirectoryForCurrentUser.appendingPathComponent(".codex", isDirectory: true)
+    }
+
+    public static func scopedEnvironment(base: [String: String], codexHome: String?) -> [String: String] {
+        guard let codexHome, !codexHome.isEmpty else { return base }
+        var env = base
+        env["CODEX_HOME"] = codexHome
+        return env
+    }
+}
diff --git a/Sources/CodexBarCore/CodexManagedAccounts.swift b/Sources/CodexBarCore/CodexManagedAccounts.swift
new file mode 100644
index 000000000..f9190d22b
--- /dev/null
+++ b/Sources/CodexBarCore/CodexManagedAccounts.swift
@@ -0,0 +1,169 @@
+import Crypto
+import Foundation
+
+public struct ManagedCodexAccount: Codable, Identifiable, Sendable {
+    public let id: UUID
+    public let email: String
+    public let providerAccountID: String?
+    public let workspaceLabel: String?
+    public let workspaceAccountID: String?
+    public let authFingerprint: String?
+    public let managedHomePath: String
+    public let createdAt: TimeInterval
+    public let updatedAt: TimeInterval
+    public let lastAuthenticatedAt: TimeInterval?
+
+    public init(
+        id: UUID,
+        email: String,
+        providerAccountID: String? = nil,
+        workspaceLabel: String? = nil,
+        workspaceAccountID: String? = nil,
+        authFingerprint: String? = nil,
+        managedHomePath: String,
+        createdAt: TimeInterval,
+        updatedAt: TimeInterval,
+        lastAuthenticatedAt: TimeInterval?)
+    {
+        self.id = id
+        self.email = Self.normalizeEmail(email)
+        self.providerAccountID = Self.normalizeProviderAccountID(providerAccountID)
+        self.workspaceLabel = Self.normalizeWorkspaceLabel(workspaceLabel)
+        self.workspaceAccountID = Self.normalizeWorkspaceAccountID(workspaceAccountID)
+        self.authFingerprint = CodexAuthFingerprint.normalize(authFingerprint)
+        self.managedHomePath = managedHomePath
+        self.createdAt = createdAt
+        self.updatedAt = updatedAt
+        self.lastAuthenticatedAt = lastAuthenticatedAt
+    }
+
+    static func normalizeEmail(_ email: String) -> String {
+        email.trimmingCharacters(in: .whitespacesAndNewlines).lowercased()
+    }
+
+    public static func normalizeProviderAccountID(_ providerAccountID: String?) -> String? {
+        CodexIdentityResolver.normalizeAccountID(providerAccountID)
+    }
+
+    public static func normalizeWorkspaceLabel(_ workspaceLabel: String?) -> String? {
+        guard let trimmed = workspaceLabel?.trimmingCharacters(in: .whitespacesAndNewlines), !trimmed.isEmpty else {
+            return nil
+        }
+        return trimmed
+    }
+
+    public static func normalizeWorkspaceAccountID(_ workspaceAccountID: String?) -> String? {
+        guard let trimmed = workspaceAccountID?.trimmingCharacters(in: .whitespacesAndNewlines), !trimmed.isEmpty else {
+            return nil
+        }
+        return trimmed.lowercased()
+    }
+
+    public init(from decoder: any Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        try self.init(
+            id: container.decode(UUID.self, forKey: .id),
+            email: container.decode(String.self, forKey: .email),
+            providerAccountID: container.decodeIfPresent(String.self, forKey: .providerAccountID),
+            workspaceLabel: container.decodeIfPresent(String.self, forKey: .workspaceLabel),
+            workspaceAccountID: container.decodeIfPresent(String.self, forKey: .workspaceAccountID),
+            authFingerprint: container.decodeIfPresent(String.self, forKey: .authFingerprint),
+            managedHomePath: container.decode(String.self, forKey: .managedHomePath),
+            createdAt: container.decode(TimeInterval.self, forKey: .createdAt),
+            updatedAt: container.decode(TimeInterval.self, forKey: .updatedAt),
+            lastAuthenticatedAt: container.decodeIfPresent(TimeInterval.self, forKey: .lastAuthenticatedAt))
+    }
+}
+
+public enum CodexAuthFingerprint {
+    public static func authFileURL(homePath: String) -> URL {
+        URL(fileURLWithPath: homePath, isDirectory: true)
+            .appendingPathComponent("auth.json", isDirectory: false)
+    }
+
+    public static func fingerprint(homePath: String, fileManager: FileManager = .default) -> String? {
+        let url = self.authFileURL(homePath: homePath)
+        guard fileManager.fileExists(atPath: url.path),
+              let data = try? Data(contentsOf: url)
+        else {
+            return nil
+        }
+        return self.fingerprint(data: data)
+    }
+
+    public static func fingerprint(env: [String: String], fileManager: FileManager = .default) -> String? {
+        self.fingerprint(
+            homePath: CodexHomeScope.ambientHomeURL(env: env, fileManager: fileManager).path,
+            fileManager: fileManager)
+    }
+
+    public static func fingerprint(data: Data) -> String {
+        SHA256.hash(data: data).map { String(format: "%02x", $0) }.joined()
+    }
+
+    public static func normalize(_ fingerprint: String?) -> String? {
+        guard let trimmed = fingerprint?.trimmingCharacters(in: .whitespacesAndNewlines).lowercased(),
+              !trimmed.isEmpty
+        else {
+            return nil
+        }
+        return trimmed
+    }
+}
+
+public struct ManagedCodexAccountSet: Codable, Sendable {
+    public let version: Int
+    public let accounts: [ManagedCodexAccount]
+
+    public init(version: Int, accounts: [ManagedCodexAccount]) {
+        self.version = version
+        self.accounts = Self.sanitizedAccounts(accounts)
+    }
+
+    public func account(id: UUID) -> ManagedCodexAccount? {
+        self.accounts.first { $0.id == id }
+    }
+
+    public func account(email: String, providerAccountID: String? = nil) -> ManagedCodexAccount? {
+        let normalizedEmail = ManagedCodexAccount.normalizeEmail(email)
+        if let normalizedProviderAccountID = ManagedCodexAccount.normalizeProviderAccountID(providerAccountID),
+           let exactMatch = self.accounts.first(where: {
+               $0.email == normalizedEmail && $0.providerAccountID == normalizedProviderAccountID
+           })
+        {
+            return exactMatch
+        }
+        if providerAccountID != nil {
+            return self.accounts.first { $0.email == normalizedEmail && $0.providerAccountID == nil }
+        }
+        return self.accounts.first { $0.email == normalizedEmail }
+    }
+
+    public init(from decoder: any Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.version = try container.decode(Int.self, forKey: .version)
+        self.accounts = try container.decode([ManagedCodexAccount].self, forKey: .accounts)
+    }
+
+    private static func sanitizedAccounts(_ accounts: [ManagedCodexAccount]) -> [ManagedCodexAccount] {
+        var seenIDs: Set<UUID> = []
+        var seenProviderAccountKeys: Set<String> = []
+        var seenLegacyEmails: Set<String> = []
+        var sanitized: [ManagedCodexAccount] = []
+        sanitized.reserveCapacity(accounts.count)
+
+        for account in accounts {
+            guard seenIDs.insert(account.id).inserted else { continue }
+            if let providerAccountID = account.providerAccountID {
+                guard seenProviderAccountKeys.insert("\(account.email)\u{0}\(providerAccountID)").inserted else {
+                    continue
+                }
+            } else {
+                guard seenLegacyEmails.insert(account.email).inserted else { continue }
+            }
+            sanitized.append(account)
+        }
+
+        return sanitized
+    }
+}
diff --git a/Sources/CodexBarCore/Config/CodexActiveSource.swift b/Sources/CodexBarCore/Config/CodexActiveSource.swift
new file mode 100644
index 000000000..e009e0d84
--- /dev/null
+++ b/Sources/CodexBarCore/Config/CodexActiveSource.swift
@@ -0,0 +1,38 @@
+import Foundation
+
+public enum CodexActiveSource: Codable, Equatable, Sendable {
+    case liveSystem
+    case managedAccount(id: UUID)
+
+    private enum CodingKeys: String, CodingKey {
+        case kind
+        case accountID
+    }
+
+    private enum Kind: String, Codable {
+        case liveSystem
+        case managedAccount
+    }
+
+    public init(from decoder: any Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        switch try container.decode(Kind.self, forKey: .kind) {
+        case .liveSystem:
+            self = .liveSystem
+        case .managedAccount:
+            let id = try container.decode(UUID.self, forKey: .accountID)
+            self = .managedAccount(id: id)
+        }
+    }
+
+    public func encode(to encoder: any Encoder) throws {
+        var container = encoder.container(keyedBy: CodingKeys.self)
+        switch self {
+        case .liveSystem:
+            try container.encode(Kind.liveSystem, forKey: .kind)
+        case let .managedAccount(id):
+            try container.encode(Kind.managedAccount, forKey: .kind)
+            try container.encode(id, forKey: .accountID)
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Config/CodexBarConfig.swift b/Sources/CodexBarCore/Config/CodexBarConfig.swift
index 04c85409d..4c1910bd6 100644
--- a/Sources/CodexBarCore/Config/CodexBarConfig.swift
+++ b/Sources/CodexBarCore/Config/CodexBarConfig.swift
@@ -78,11 +78,19 @@ public struct ProviderConfig: Codable, Sendable, Identifiable {
     public var source: ProviderSourceMode?
     public var extrasEnabled: Bool?
     public var apiKey: String?
+    public var secretKey: String?
     public var cookieHeader: String?
     public var cookieSource: ProviderCookieSource?
     public var region: String?
     public var workspaceID: String?
+    public var enterpriseHost: String?
     public var tokenAccounts: ProviderTokenAccountData?
+    public var codexActiveSource: CodexActiveSource?
+    public var quotaWarnings: QuotaWarningConfig?
+    public var kiloKnownOrganizations: [KiloOrganization]?
+    public var kiloEnabledOrganizationIDs: [String]?
+    public var awsProfile: String?
+    public var awsAuthMode: String?
 
     public init(
         id: UsageProvider,
@@ -90,32 +98,72 @@ public struct ProviderConfig: Codable, Sendable, Identifiable {
         source: ProviderSourceMode? = nil,
         extrasEnabled: Bool? = nil,
         apiKey: String? = nil,
+        secretKey: String? = nil,
         cookieHeader: String? = nil,
         cookieSource: ProviderCookieSource? = nil,
         region: String? = nil,
         workspaceID: String? = nil,
-        tokenAccounts: ProviderTokenAccountData? = nil)
+        enterpriseHost: String? = nil,
+        tokenAccounts: ProviderTokenAccountData? = nil,
+        codexActiveSource: CodexActiveSource? = nil,
+        quotaWarnings: QuotaWarningConfig? = nil,
+        kiloKnownOrganizations: [KiloOrganization]? = nil,
+        kiloEnabledOrganizationIDs: [String]? = nil,
+        awsProfile: String? = nil,
+        awsAuthMode: String? = nil)
     {
         self.id = id
         self.enabled = enabled
         self.source = source
         self.extrasEnabled = extrasEnabled
         self.apiKey = apiKey
+        self.secretKey = secretKey
         self.cookieHeader = cookieHeader
         self.cookieSource = cookieSource
         self.region = region
         self.workspaceID = workspaceID
+        self.enterpriseHost = enterpriseHost
         self.tokenAccounts = tokenAccounts
+        self.codexActiveSource = codexActiveSource
+        self.quotaWarnings = quotaWarnings
+        self.kiloKnownOrganizations = kiloKnownOrganizations
+        self.kiloEnabledOrganizationIDs = kiloEnabledOrganizationIDs
+        self.awsProfile = awsProfile
+        self.awsAuthMode = awsAuthMode
     }
 
     public var sanitizedAPIKey: String? {
         Self.clean(self.apiKey)
     }
 
+    public var sanitizedSecretKey: String? {
+        Self.clean(self.secretKey)
+    }
+
     public var sanitizedCookieHeader: String? {
         Self.clean(self.cookieHeader)
     }
 
+    public var sanitizedRegion: String? {
+        Self.clean(self.region)
+    }
+
+    public var sanitizedWorkspaceID: String? {
+        Self.clean(self.workspaceID)
+    }
+
+    public var sanitizedEnterpriseHost: String? {
+        Self.clean(self.enterpriseHost)
+    }
+
+    public var sanitizedAWSProfile: String? {
+        Self.clean(self.awsProfile)
+    }
+
+    public var sanitizedAWSAuthMode: String? {
+        Self.clean(self.awsAuthMode)
+    }
+
     private static func clean(_ raw: String?) -> String? {
         guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
             return nil
@@ -123,10 +171,115 @@ public struct ProviderConfig: Codable, Sendable, Identifiable {
         if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
             (value.hasPrefix("'") && value.hasSuffix("'"))
         {
-            value.removeFirst()
-            value.removeLast()
+            value = String(value.dropFirst().dropLast())
         }
         value = value.trimmingCharacters(in: .whitespacesAndNewlines)
         return value.isEmpty ? nil : value
     }
 }
+
+public enum QuotaWarningWindow: String, Codable, Sendable, CaseIterable {
+    case session
+    case weekly
+
+    public var displayName: String {
+        switch self {
+        case .session:
+            "session"
+        case .weekly:
+            "weekly"
+        }
+    }
+}
+
+public struct QuotaWarningWindowConfig: Codable, Sendable, Equatable {
+    public var thresholds: [Int]?
+    public var enabled: Bool?
+
+    public init(thresholds: [Int]? = nil, enabled: Bool? = nil) {
+        self.thresholds = thresholds.map(QuotaWarningThresholds.sanitized)
+        self.enabled = enabled
+    }
+
+    public var hasOverride: Bool {
+        self.thresholds != nil || self.enabled != nil
+    }
+
+    public func isEnabled(global: Bool) -> Bool {
+        self.enabled ?? (self.thresholds != nil ? true : global)
+    }
+}
+
+public struct QuotaWarningConfig: Codable, Sendable, Equatable {
+    public var session: QuotaWarningWindowConfig?
+    public var weekly: QuotaWarningWindowConfig?
+
+    public init(
+        session: QuotaWarningWindowConfig? = nil,
+        weekly: QuotaWarningWindowConfig? = nil)
+    {
+        self.session = session
+        self.weekly = weekly
+    }
+
+    public func thresholds(for window: QuotaWarningWindow, global: [Int]) -> [Int] {
+        switch window {
+        case .session:
+            QuotaWarningThresholds.sanitized(self.session?.thresholds ?? global)
+        case .weekly:
+            QuotaWarningThresholds.sanitized(self.weekly?.thresholds ?? global)
+        }
+    }
+
+    public func isEnabled(for window: QuotaWarningWindow, global: Bool) -> Bool {
+        switch window {
+        case .session:
+            self.session?.isEnabled(global: global) ?? global
+        case .weekly:
+            self.weekly?.isEnabled(global: global) ?? global
+        }
+    }
+
+    public func hasOverride(for window: QuotaWarningWindow) -> Bool {
+        switch window {
+        case .session:
+            self.session?.hasOverride ?? false
+        case .weekly:
+            self.weekly?.hasOverride ?? false
+        }
+    }
+
+    public var isEmpty: Bool {
+        self.session?.hasOverride != true && self.weekly?.hasOverride != true
+    }
+}
+
+public enum QuotaWarningThresholds {
+    public static let defaults = [50, 20]
+    public static let allowedRange = 0...99
+
+    public static func sanitized(_ raw: [Int]) -> [Int] {
+        guard !raw.isEmpty else { return self.defaults }
+
+        let unique = Set(raw.map(self.clamped))
+        let sorted = unique.sorted(by: >)
+        return sorted.isEmpty ? self.defaults : sorted
+    }
+
+    public static func active(_ raw: [Int]) -> [Int] {
+        self.sanitized(raw).filter { $0 > 0 }
+    }
+
+    public static func resolved(upper: Int?, lower: Int?) -> [Int] {
+        guard upper != nil || lower != nil else { return self.defaults }
+
+        let resolvedUpper = self.clamped(upper ?? self.defaults[0])
+        let lowerDefault = resolvedUpper < self.defaults[1] ? 0 : self.defaults[1]
+        let resolvedLower = self.clamped(lower ?? lowerDefault)
+        return self.sanitized([resolvedUpper, resolvedLower])
+    }
+
+    public static func clamped(_ value: Int) -> Int {
+        min(max(value, self.allowedRange.lowerBound), self.allowedRange.upperBound)
+    }
+}
diff --git a/Sources/CodexBarCore/Config/CodexBarConfigStore.swift b/Sources/CodexBarCore/Config/CodexBarConfigStore.swift
index e22c974a6..1662e17d9 100644
--- a/Sources/CodexBarCore/Config/CodexBarConfigStore.swift
+++ b/Sources/CodexBarCore/Config/CodexBarConfigStore.swift
@@ -18,6 +18,8 @@ public enum CodexBarConfigStoreError: LocalizedError {
 }
 
 public struct CodexBarConfigStore: @unchecked Sendable {
+    public static let pathEnvironmentKey = "CODEXBAR_CONFIG"
+
     public let fileURL: URL
     private let fileManager: FileManager
 
@@ -70,8 +72,17 @@ public struct CodexBarConfigStore: @unchecked Sendable {
         try self.fileManager.removeItem(at: self.fileURL)
     }
 
-    public static func defaultURL(home: URL = FileManager.default.homeDirectoryForCurrentUser) -> URL {
-        home
+    public static func defaultURL(
+        home: URL = FileManager.default.homeDirectoryForCurrentUser,
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> URL
+    {
+        if let override = environment[pathEnvironmentKey]?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !override.isEmpty
+        {
+            let expanded = (override as NSString).expandingTildeInPath
+            return URL(fileURLWithPath: expanded)
+        }
+        return home
             .appendingPathComponent(".codexbar", isDirectory: true)
             .appendingPathComponent("config.json")
     }
diff --git a/Sources/CodexBarCore/Config/CodexBarConfigValidation.swift b/Sources/CodexBarCore/Config/CodexBarConfigValidation.swift
index d435a28f6..dd692011d 100644
--- a/Sources/CodexBarCore/Config/CodexBarConfigValidation.swift
+++ b/Sources/CodexBarCore/Config/CodexBarConfigValidation.swift
@@ -28,6 +28,14 @@ public struct CodexBarConfigIssue: Codable, Sendable, Equatable {
 }
 
 public enum CodexBarConfigValidator {
+    private static let workspaceIDProviders: [UsageProvider] = [
+        .azureopenai,
+        .openai,
+        .opencode,
+        .opencodego,
+        .deepgram,
+    ]
+
     public static func validate(_ config: CodexBarConfig) -> [CodexBarConfigIssue] {
         var issues: [CodexBarConfigIssue] = []
 
@@ -125,46 +133,32 @@ public enum CodexBarConfigValidator {
                 message: "cookieSource manual is set but cookieHeader is missing for \(provider.rawValue)."))
         }
 
-        if let region = entry.region, !region.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty {
-            switch provider {
-            case .minimax:
-                if MiniMaxAPIRegion(rawValue: region) == nil {
-                    issues.append(CodexBarConfigIssue(
-                        severity: .error,
-                        provider: provider,
-                        field: "region",
-                        code: "invalid_region",
-                        message: "Region \(region) is not a valid MiniMax region."))
-                }
-            case .zai:
-                if ZaiAPIRegion(rawValue: region) == nil {
-                    issues.append(CodexBarConfigIssue(
-                        severity: .error,
-                        provider: provider,
-                        field: "region",
-                        code: "invalid_region",
-                        message: "Region \(region) is not a valid z.ai region."))
-                }
-            default:
-                issues.append(CodexBarConfigIssue(
-                    severity: .warning,
-                    provider: provider,
-                    field: "region",
-                    code: "region_unused",
-                    message: "region is set but \(provider.rawValue) does not use regions."))
-            }
-        }
+        self.validateSecretKey(entry, issues: &issues)
+
+        self.validateRegion(entry, issues: &issues)
 
         if let workspaceID = entry.workspaceID,
            !workspaceID.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty,
-           provider != .opencode
+           !self.providerSupportsWorkspaceID(provider)
         {
             issues.append(CodexBarConfigIssue(
                 severity: .warning,
                 provider: provider,
                 field: "workspaceID",
                 code: "workspace_unused",
-                message: "workspaceID is set but only opencode supports workspaceID."))
+                message: "workspaceID is set but only \(self.workspaceIDProviderList) support workspaceID."))
+        }
+
+        if let enterpriseHost = entry.enterpriseHost,
+           !enterpriseHost.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty,
+           !self.providerSupportsEnterpriseHost(provider)
+        {
+            issues.append(CodexBarConfigIssue(
+                severity: .warning,
+                provider: provider,
+                field: "enterpriseHost",
+                code: "enterprise_host_unused",
+                message: "enterpriseHost is set but only azureopenai, copilot, and llmproxy support enterpriseHost."))
         }
 
         if let tokenAccounts = entry.tokenAccounts, !tokenAccounts.accounts.isEmpty,
@@ -178,4 +172,109 @@ public enum CodexBarConfigValidator {
                 message: "tokenAccounts are set but \(provider.rawValue) does not support token accounts."))
         }
     }
+
+    private static func validateSecretKey(_ entry: ProviderConfig, issues: inout [CodexBarConfigIssue]) {
+        guard let secretKey = entry.secretKey,
+              !secretKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty,
+              entry.id != .bedrock
+        else {
+            return
+        }
+
+        issues.append(CodexBarConfigIssue(
+            severity: .warning,
+            provider: entry.id,
+            field: "secretKey",
+            code: "secret_key_unused",
+            message: "secretKey is set but only bedrock uses secretKey."))
+    }
+
+    private static func providerSupportsWorkspaceID(_ provider: UsageProvider) -> Bool {
+        self.workspaceIDProviders.contains(provider)
+    }
+
+    private static var workspaceIDProviderList: String {
+        self.formattedProviderList(self.workspaceIDProviders)
+    }
+
+    private static func formattedProviderList(_ providers: [UsageProvider]) -> String {
+        let names = providers.map(\.rawValue)
+        guard let last = names.last else { return "" }
+        guard names.count > 1 else { return last }
+        return "\(names.dropLast().joined(separator: ", ")), and \(last)"
+    }
+
+    private static func providerSupportsEnterpriseHost(_ provider: UsageProvider) -> Bool {
+        switch provider {
+        case .azureopenai, .copilot, .llmproxy:
+            true
+        default:
+            false
+        }
+    }
+
+    private static func validateRegion(_ entry: ProviderConfig, issues: inout [CodexBarConfigIssue]) {
+        let provider = entry.id
+        guard let region = entry.region?.trimmingCharacters(in: .whitespacesAndNewlines),
+              !region.isEmpty
+        else {
+            return
+        }
+
+        switch provider {
+        case .minimax:
+            self.validateKnownRegion(
+                region,
+                provider: provider,
+                isValid: MiniMaxAPIRegion(rawValue: region) != nil,
+                displayName: "MiniMax",
+                issues: &issues)
+        case .zai:
+            self.validateKnownRegion(
+                region,
+                provider: provider,
+                isValid: ZaiAPIRegion(rawValue: region) != nil,
+                displayName: "z.ai",
+                issues: &issues)
+        case .alibaba:
+            self.validateKnownRegion(
+                region,
+                provider: provider,
+                isValid: AlibabaCodingPlanAPIRegion(rawValue: region) != nil,
+                displayName: "Alibaba Coding Plan",
+                issues: &issues)
+        case .moonshot:
+            self.validateKnownRegion(
+                region,
+                provider: provider,
+                isValid: MoonshotRegion(rawValue: region) != nil,
+                displayName: "Moonshot",
+                issues: &issues)
+        case .bedrock:
+            break
+        default:
+            issues.append(CodexBarConfigIssue(
+                severity: .warning,
+                provider: provider,
+                field: "region",
+                code: "region_unused",
+                message: "region is set but \(provider.rawValue) does not use regions."))
+        }
+    }
+
+    private static func validateKnownRegion(
+        _ region: String,
+        provider: UsageProvider,
+        isValid: Bool,
+        displayName: String,
+        issues: inout [CodexBarConfigIssue])
+    {
+        guard !isValid else { return }
+        issues.append(CodexBarConfigIssue(
+            severity: .error,
+            provider: provider,
+            field: "region",
+            code: "invalid_region",
+            message: "Region \(region) is not a valid \(displayName) region."))
+    }
 }
diff --git a/Sources/CodexBarCore/Config/ProviderConfigEnvironment.swift b/Sources/CodexBarCore/Config/ProviderConfigEnvironment.swift
index 9fabc4b80..896a47ef4 100644
--- a/Sources/CodexBarCore/Config/ProviderConfigEnvironment.swift
+++ b/Sources/CodexBarCore/Config/ProviderConfigEnvironment.swift
@@ -6,32 +6,241 @@ public enum ProviderConfigEnvironment {
         provider: UsageProvider,
         config: ProviderConfig?) -> [String: String]
     {
+        if provider == .openai {
+            return self.applyOpenAIOverrides(base: base, config: config)
+        }
+        if provider == .bedrock {
+            return self.applyBedrockOverrides(base: base, config: config)
+        }
+        if provider == .deepgram {
+            return self.applyDeepgramOverrides(base: base, config: config)
+        }
+        if provider == .llmproxy {
+            return self.applyLLMProxyOverrides(base: base, config: config)
+        }
+        if provider == .azureopenai {
+            return self.applyAzureOpenAIOverrides(base: base, config: config)
+        }
         guard let apiKey = config?.sanitizedAPIKey, !apiKey.isEmpty else { return base }
         var env = base
+        if let key = self.directAPIKeyEnvironmentKey(for: provider) {
+            env[key] = apiKey
+            return env
+        }
+
         switch provider {
-        case .zai:
-            env[ZaiSettingsReader.apiTokenKey] = apiKey
         case .copilot:
             env["COPILOT_API_TOKEN"] = apiKey
-        case .minimax:
-            env[MiniMaxAPISettingsReader.apiTokenKey] = apiKey
-        case .kilo:
-            env[KiloSettingsReader.apiTokenKey] = apiKey
         case .kimik2:
             if let key = KimiK2SettingsReader.apiKeyEnvironmentKeys.first {
                 env[key] = apiKey
             }
-        case .synthetic:
-            env[SyntheticSettingsReader.apiKeyKey] = apiKey
         case .warp:
             if let key = WarpSettingsReader.apiKeyEnvironmentKeys.first {
                 env[key] = apiKey
             }
-        case .openrouter:
-            env[OpenRouterSettingsReader.envKey] = apiKey
+        case .codebuff:
+            // Preserve a token already present in the process environment so that
+            // runtime/CI overrides win over a key saved in Settings (matches the
+            // precedence used by `ProviderTokenResolver.codebuffResolution`).
+            if CodebuffSettingsReader.apiKey(environment: base) == nil {
+                env[CodebuffSettingsReader.apiTokenKey] = apiKey
+            }
+        case .crof:
+            if CrofSettingsReader.apiKey(environment: base) == nil,
+               let key = CrofSettingsReader.apiKeyEnvironmentKeys.first
+            {
+                env[key] = apiKey
+            }
+        case .doubao:
+            if let key = DoubaoSettingsReader.apiKeyEnvironmentKeys.first {
+                env[key] = apiKey
+            }
         default:
             break
         }
         return env
     }
+
+    public static func supportsAPIKeyOverride(for provider: UsageProvider) -> Bool {
+        if self.directAPIKeyEnvironmentKey(for: provider) != nil { return true }
+        switch provider {
+        case .copilot, .kimik2, .warp, .codebuff, .crof, .doubao:
+            return true
+        case .azureopenai:
+            return true
+        default:
+            return false
+        }
+    }
+
+    private static func directAPIKeyEnvironmentKey(for provider: UsageProvider) -> String? {
+        switch provider {
+        case .openai:
+            OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey
+        case .azureopenai:
+            AzureOpenAISettingsReader.apiKeyEnvironmentKey
+        case .claude:
+            ClaudeAdminAPISettingsReader.adminAPIKeyEnvironmentKey
+        case .zai:
+            ZaiSettingsReader.apiTokenKey
+        case .minimax:
+            MiniMaxAPISettingsReader.apiTokenKey
+        case .alibaba:
+            AlibabaCodingPlanSettingsReader.apiTokenKey
+        case .kilo:
+            KiloSettingsReader.apiTokenKey
+        case .synthetic:
+            SyntheticSettingsReader.apiKeyKey
+        case .openrouter:
+            OpenRouterSettingsReader.envKey
+        case .elevenlabs:
+            ElevenLabsSettingsReader.apiKeyEnvironmentKey
+        case .moonshot:
+            MoonshotSettingsReader.apiKeyEnvironmentKeys.first
+        case .ollama:
+            OllamaAPISettingsReader.apiKeyEnvironmentKeys.first
+        case .venice:
+            VeniceSettingsReader.apiKeyEnvironmentKey
+        case .deepgram:
+            DeepgramSettingsReader.apiKeyEnvironmentKey
+        case .groq:
+            GroqSettingsReader.apiKeyEnvironmentKey
+        case .llmproxy:
+            LLMProxySettingsReader.apiKeyEnvironmentKey
+        default:
+            nil
+        }
+    }
+
+    private static func applyOpenAIOverrides(
+        base: [String: String],
+        config: ProviderConfig?) -> [String: String]
+    {
+        guard let config else { return base }
+        var env = base
+        if let apiKey = config.sanitizedAPIKey {
+            env[OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey] = apiKey
+        }
+        if let projectID = config.sanitizedWorkspaceID {
+            env[OpenAIAPISettingsReader.projectIDEnvironmentKey] = projectID
+        }
+        return env
+    }
+
+    private static func applyBedrockOverrides(
+        base: [String: String],
+        config: ProviderConfig?) -> [String: String]
+    {
+        guard let config else { return base }
+        var env = base
+
+        // Only project an explicit auth-mode selection. When the config does not
+        // specify one, leave the base environment untouched so an env-driven setup
+        // (AWS_PROFILE or CODEXBAR_BEDROCK_AUTH_MODE from the launch environment) is
+        // still inferred by BedrockSettingsReader instead of being forced to `keys`.
+        let configMode = config.sanitizedAWSAuthMode.flatMap(BedrockAuthMode.init(rawValue:))
+        if let configMode {
+            env[BedrockSettingsReader.authModeKey] = configMode.rawValue
+        }
+        let baseMode = BedrockSettingsReader
+            .cleaned(base[BedrockSettingsReader.authModeKey])
+            .flatMap { BedrockAuthMode(rawValue: $0.lowercased()) }
+
+        let mergedAccessKey = config.sanitizedAPIKey ?? BedrockSettingsReader.accessKeyID(environment: base)
+        let mergedSecretKey = config.sanitizedSecretKey ?? BedrockSettingsReader.secretAccessKey(environment: base)
+        let hasMergedStaticKeys = mergedAccessKey != nil && mergedSecretKey != nil
+        let effectiveMode: BedrockAuthMode = if let configMode {
+            configMode
+        } else if let baseMode {
+            baseMode
+        } else if hasMergedStaticKeys {
+            // Upgrade path: a config saved before auth modes existed keeps using
+            // static credentials (including env+config layering) even if AWS_PROFILE
+            // is present in the base environment, so existing users are never
+            // silently switched to a profile/account.
+            .keys
+        } else {
+            BedrockSettingsReader.authMode(environment: base)
+        }
+
+        switch effectiveMode {
+        case .profile:
+            if let profile = config.sanitizedAWSProfile {
+                env[BedrockSettingsReader.profileKey] = profile
+            }
+        case .keys:
+            if let accessKeyID = config.sanitizedAPIKey {
+                env[BedrockSettingsReader.accessKeyIDKey] = accessKeyID
+            }
+            if let secretAccessKey = config.sanitizedSecretKey {
+                env[BedrockSettingsReader.secretAccessKeyKey] = secretAccessKey
+            }
+        }
+
+        if let region = config.sanitizedRegion {
+            env[BedrockSettingsReader.regionKeys[0]] = region
+        }
+
+        return env
+    }
+
+    private static func applyDeepgramOverrides(
+        base: [String: String],
+        config: ProviderConfig?) -> [String: String]
+    {
+        guard let config else { return base }
+
+        var env = base
+
+        if let apiKey = config.sanitizedAPIKey {
+            env[DeepgramSettingsReader.apiKeyEnvironmentKey] = apiKey
+        }
+
+        if let projectID = config.sanitizedWorkspaceID {
+            env[DeepgramSettingsReader.projectIDEnvironmentKey] = projectID
+        }
+
+        return env
+    }
+
+    private static func applyLLMProxyOverrides(
+        base: [String: String],
+        config: ProviderConfig?) -> [String: String]
+    {
+        var env = base
+        if let apiKey = config?.sanitizedAPIKey {
+            env[LLMProxySettingsReader.apiKeyEnvironmentKey] = apiKey
+        }
+        if let baseURL = config?.sanitizedEnterpriseHost {
+            env[LLMProxySettingsReader.baseURLEnvironmentKey] = baseURL
+        }
+        return env
+    }
+
+    private static func applyAzureOpenAIOverrides(
+        base: [String: String],
+        config: ProviderConfig?) -> [String: String]
+    {
+        guard let config else { return base }
+        var env = base
+        if let apiKey = config.sanitizedAPIKey {
+            env[AzureOpenAISettingsReader.apiKeyEnvironmentKey] = apiKey
+        }
+        if let endpoint = config.sanitizedEnterpriseHost {
+            env[AzureOpenAISettingsReader.endpointEnvironmentKey] = endpoint
+        }
+        if let deploymentName = config.sanitizedWorkspaceID {
+            env[AzureOpenAISettingsReader.deploymentNameEnvironmentKey] = deploymentName
+        }
+        return env
+    }
+
+    public static func applyProviderConfigOverrides(
+        base: [String: String],
+        provider: UsageProvider,
+        config: ProviderConfig?) -> [String: String]
+    {
+        self.applyAPIKeyOverride(base: base, provider: provider, config: config)
+    }
 }
diff --git a/Sources/CodexBarCore/CookieHeaderCache.swift b/Sources/CodexBarCore/CookieHeaderCache.swift
index c00610070..722c49d13 100644
--- a/Sources/CodexBarCore/CookieHeaderCache.swift
+++ b/Sources/CodexBarCore/CookieHeaderCache.swift
@@ -1,6 +1,20 @@
 import Foundation
 
 public enum CookieHeaderCache {
+    public enum Scope: Sendable, Equatable {
+        case managedAccount(UUID)
+        case managedStoreUnreadable
+
+        fileprivate var keychainIdentifier: String {
+            switch self {
+            case let .managedAccount(accountID):
+                "managed.\(accountID.uuidString.lowercased())"
+            case .managedStoreUnreadable:
+                "managed-store-unreadable"
+            }
+        }
+    }
+
     public struct Entry: Codable, Sendable {
         public let cookieHeader: String
         public let storedAt: Date
@@ -16,12 +30,15 @@ public enum CookieHeaderCache {
     private static let log = CodexBarLog.logger(LogCategories.cookieCache)
     private nonisolated(unsafe) static var legacyBaseURLOverride: URL?
 
-    public static func load(provider: UsageProvider) -> Entry? {
-        let key = KeychainCacheStore.Key.cookie(provider: provider)
+    public static func load(provider: UsageProvider, scope: Scope? = nil) -> Entry? {
+        let key = self.key(for: provider, scope: scope)
         switch KeychainCacheStore.load(key: key, as: Entry.self) {
         case let .found(entry):
             self.log.debug("Cookie cache hit", metadata: ["provider": provider.rawValue])
             return entry
+        case .temporarilyUnavailable:
+            self.log.debug("Cookie cache temporarily unavailable", metadata: ["provider": provider.rawValue])
+            return nil
         case .invalid:
             self.log.warning("Cookie cache invalid; clearing", metadata: ["provider": provider.rawValue])
             KeychainCacheStore.clear(key: key)
@@ -29,6 +46,7 @@ public enum CookieHeaderCache {
             self.log.debug("Cookie cache miss", metadata: ["provider": provider.rawValue])
         }
 
+        guard scope == nil else { return nil }
         guard let legacy = self.loadLegacyEntry(for: provider) else { return nil }
         KeychainCacheStore.store(key: key, entry: legacy)
         self.removeLegacyEntry(for: provider)
@@ -38,27 +56,88 @@ public enum CookieHeaderCache {
 
     public static func store(
         provider: UsageProvider,
+        scope: Scope? = nil,
         cookieHeader: String,
         sourceLabel: String,
         now: Date = Date())
     {
         let trimmed = cookieHeader.trimmingCharacters(in: .whitespacesAndNewlines)
         guard let normalized = CookieHeaderNormalizer.normalize(trimmed), !normalized.isEmpty else {
-            self.clear(provider: provider)
+            self.clear(provider: provider, scope: scope)
             return
         }
         let entry = Entry(cookieHeader: normalized, storedAt: now, sourceLabel: sourceLabel)
-        let key = KeychainCacheStore.Key.cookie(provider: provider)
+        let key = self.key(for: provider, scope: scope)
         KeychainCacheStore.store(key: key, entry: entry)
-        self.removeLegacyEntry(for: provider)
+        if scope == nil {
+            self.removeLegacyEntry(for: provider)
+        }
         self.log.debug("Cookie cache stored", metadata: ["provider": provider.rawValue, "source": sourceLabel])
     }
 
-    public static func clear(provider: UsageProvider) {
-        let key = KeychainCacheStore.Key.cookie(provider: provider)
-        KeychainCacheStore.clear(key: key)
-        self.removeLegacyEntry(for: provider)
+    @discardableResult
+    public static func clear(provider: UsageProvider, scope: Scope? = nil) -> Int {
+        let key = self.key(for: provider, scope: scope)
+        var cleared = KeychainCacheStore.clear(key: key) ? 1 : 0
+        if scope == nil, self.removeLegacyEntry(for: provider) {
+            cleared += 1
+        }
         self.log.debug("Cookie cache cleared", metadata: ["provider": provider.rawValue])
+        return cleared
+    }
+
+    /// Clears all cookie cache scopes for one provider, including managed Codex account scopes.
+    /// Returns the number of keychain or legacy-file entries removed.
+    @discardableResult
+    public static func clearAllScopes(provider: UsageProvider) -> Int {
+        let keys = self.cookieKeys(for: provider)
+        var cleared = 0
+        for key in keys where KeychainCacheStore.clear(key: key) {
+            cleared += 1
+        }
+        if self.removeLegacyEntry(for: provider) {
+            cleared += 1
+        }
+        self.log.debug("Cookie cache clearAllScopes completed", metadata: [
+            "provider": provider.rawValue,
+            "cleared": "\(cleared)",
+        ])
+        return cleared
+    }
+
+    /// Clears cookie caches for all providers, including corrupt/invalid entries.
+    /// Returns the number of keychain or legacy-file entries removed.
+    @discardableResult
+    public static func clearAll() -> Int {
+        var cleared = 0
+        for key in KeychainCacheStore.keys(category: "cookie") where KeychainCacheStore.clear(key: key) {
+            cleared += 1
+        }
+        for provider in UsageProvider.allCases where self.removeLegacyEntry(for: provider) {
+            cleared += 1
+        }
+        self.log.debug("Cookie cache clearAll completed", metadata: ["cleared": "\(cleared)"])
+        return cleared
+    }
+
+    private static func cookieKeys(for provider: UsageProvider) -> [KeychainCacheStore.Key] {
+        let exactIdentifier = provider.rawValue
+        let scopedPrefix = "\(provider.rawValue)."
+        var seen = Set<KeychainCacheStore.Key>()
+        var keys: [KeychainCacheStore.Key] = []
+        for key in KeychainCacheStore.keys(category: "cookie") {
+            guard key.identifier == exactIdentifier || key.identifier.hasPrefix(scopedPrefix) else {
+                continue
+            }
+            if seen.insert(key).inserted {
+                keys.append(key)
+            }
+        }
+        let global = self.key(for: provider, scope: nil)
+        if seen.insert(global).inserted {
+            keys.append(global)
+        }
+        return keys
     }
 
     static func load(from url: URL) -> Entry? {
@@ -85,21 +164,47 @@ public enum CookieHeaderCache {
         self.legacyBaseURLOverride = url
     }
 
-    private static func loadLegacyEntry(for provider: UsageProvider) -> Entry? {
-        self.load(from: self.legacyURL(for: provider))
+    static func hasLegacyEntryForTesting(provider: UsageProvider) -> Bool {
+        self.loadLegacyEntry(for: provider) != nil
     }
 
-    private static func removeLegacyEntry(for provider: UsageProvider) {
+    static func legacyURLForTesting(provider: UsageProvider) -> URL {
+        self.legacyURL(for: provider)
+    }
+
+    private static func hasKeychainEntry(provider: UsageProvider, scope: Scope?) -> Bool {
+        let key = self.key(for: provider, scope: scope)
+        switch KeychainCacheStore.load(key: key, as: Entry.self) {
+        case .found, .invalid:
+            return true
+        case .missing, .temporarilyUnavailable:
+            return false
+        }
+    }
+
+    static func hasKeychainEntryForTesting(provider: UsageProvider, scope: Scope? = nil) -> Bool {
+        self.hasKeychainEntry(provider: provider, scope: scope)
+    }
+
+    @discardableResult
+    private static func removeLegacyEntry(for provider: UsageProvider) -> Bool {
         let url = self.legacyURL(for: provider)
+        let existed = FileManager.default.fileExists(atPath: url.path)
         do {
             try FileManager.default.removeItem(at: url)
+            return existed
         } catch {
             if (error as NSError).code != NSFileNoSuchFileError {
                 Self.log.error("Failed to remove cookie cache (\(provider.rawValue)): \(error)")
             }
+            return false
         }
     }
 
+    private static func loadLegacyEntry(for provider: UsageProvider) -> Entry? {
+        self.load(from: self.legacyURL(for: provider))
+    }
+
     private static func legacyURL(for provider: UsageProvider) -> URL {
         if let override = self.legacyBaseURLOverride {
             return override.appendingPathComponent("\(provider.rawValue)-cookie.json")
@@ -110,4 +215,8 @@ public enum CookieHeaderCache {
         return base.appendingPathComponent("CodexBar", isDirectory: true)
             .appendingPathComponent("\(provider.rawValue)-cookie.json")
     }
+
+    private static func key(for provider: UsageProvider, scope: Scope?) -> KeychainCacheStore.Key {
+        KeychainCacheStore.Key.cookie(provider: provider, scopeIdentifier: scope?.keychainIdentifier)
+    }
 }
diff --git a/Sources/CodexBarCore/CookieHeaderNormalizer.swift b/Sources/CodexBarCore/CookieHeaderNormalizer.swift
index c984eb2b6..c84251fb4 100644
--- a/Sources/CodexBarCore/CookieHeaderNormalizer.swift
+++ b/Sources/CodexBarCore/CookieHeaderNormalizer.swift
@@ -7,9 +7,10 @@ public enum CookieHeaderNormalizer {
         #"(?i)\bcookie:\s*'([^']+)'"#,
         #"(?i)\bcookie:\s*\"([^\"]+)\""#,
         #"(?i)\bcookie:\s*([^\r\n]+)"#,
-        #"(?i)(?:--cookie|-b)\s*'([^']+)'"#,
-        #"(?i)(?:--cookie|-b)\s*\"([^\"]+)\""#,
-        #"(?i)(?:--cookie|-b)\s*([^\s]+)"#,
+        #"(?i)(?:^|\s)(?:--cookie|-b)\s*'([^']+)'"#,
+        #"(?i)(?:^|\s)(?:--cookie|-b)\s*\"([^\"]+)\""#,
+        #"(?i)(?:^|\s)-b([^\s=]+=[^\s]+)"#,
+        #"(?i)(?:^|\s)(?:--cookie|-b)\s+([^\s]+)"#,
     ]
 
     public static func normalize(_ raw: String?) -> String? {
@@ -50,6 +51,12 @@ public enum CookieHeaderNormalizer {
         return results
     }
 
+    public static func filteredHeader(from raw: String?, allowedNames: Set<String>) -> String? {
+        let filtered = self.pairs(from: raw ?? "").filter { allowedNames.contains($0.name) }
+        guard !filtered.isEmpty else { return nil }
+        return filtered.map { "\($0.name)=\($0.value)" }.joined(separator: "; ")
+    }
+
     private static func extractHeader(from raw: String) -> String? {
         for pattern in self.headerPatterns {
             guard let regex = try? NSRegularExpression(pattern: pattern, options: []) else { continue }
diff --git a/Sources/CodexBarCore/CopilotUsageModels.swift b/Sources/CodexBarCore/CopilotUsageModels.swift
index fef52b64c..d845624b9 100644
--- a/Sources/CodexBarCore/CopilotUsageModels.swift
+++ b/Sources/CodexBarCore/CopilotUsageModels.swift
@@ -22,6 +22,14 @@ public struct CopilotUsageResponse: Sendable, Decodable {
         public let percentRemaining: Double
         public let quotaId: String
         public let hasPercentRemaining: Bool
+        public var usedPercent: Double {
+            max(0, 100 - self.percentRemaining)
+        }
+
+        public var overQuotaUsedPercent: Double? {
+            self.usedPercent > 100 ? self.usedPercent : nil
+        }
+
         public var isPlaceholder: Bool {
             self.entitlement == 0 && self.remaining == 0 && self.percentRemaining == 0 && self.quotaId.isEmpty
         }
@@ -55,14 +63,14 @@ public struct CopilotUsageResponse: Sendable, Decodable {
             self.remaining = decodedRemaining ?? 0
             let decodedPercent = Self.decodeNumberIfPresent(container: container, key: .percentRemaining)
             if let decodedPercent {
-                self.percentRemaining = max(0, min(100, decodedPercent))
+                self.percentRemaining = decodedPercent
                 self.hasPercentRemaining = true
             } else if let entitlement = decodedEntitlement,
                       entitlement > 0,
                       let remaining = decodedRemaining
             {
                 let derived = (remaining / entitlement) * 100
-                self.percentRemaining = max(0, min(100, derived))
+                self.percentRemaining = derived
                 self.hasPercentRemaining = true
             } else {
                 // Without percent_remaining and both inputs for derivation, the percent is unknown.
diff --git a/Sources/CodexBarCore/CostUsageFetcher.swift b/Sources/CodexBarCore/CostUsageFetcher.swift
index 2243d5218..fa30ac9d4 100644
--- a/Sources/CodexBarCore/CostUsageFetcher.swift
+++ b/Sources/CodexBarCore/CostUsageFetcher.swift
@@ -22,19 +22,74 @@ public struct CostUsageFetcher: Sendable {
 
     public func loadTokenSnapshot(
         provider: UsageProvider,
+        environment: [String: String] = ProcessInfo.processInfo.environment,
         now: Date = Date(),
         forceRefresh: Bool = false,
-        allowVertexClaudeFallback: Bool = false) async throws -> CostUsageTokenSnapshot
+        allowVertexClaudeFallback: Bool = false,
+        codexHomePath: String? = nil,
+        historyDays: Int = 30,
+        refreshPricingInBackground: Bool = true) async throws -> CostUsageTokenSnapshot
     {
-        guard provider == .codex || provider == .claude || provider == .vertexai else {
+        try await Self.loadTokenSnapshot(
+            provider: provider,
+            environment: environment,
+            now: now,
+            forceRefresh: forceRefresh,
+            allowVertexClaudeFallback: allowVertexClaudeFallback,
+            codexHomePath: codexHomePath,
+            historyDays: historyDays,
+            refreshPricingInBackground: refreshPricingInBackground)
+    }
+
+    static func loadTokenSnapshot(
+        provider: UsageProvider,
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        now: Date = Date(),
+        forceRefresh: Bool = false,
+        allowVertexClaudeFallback: Bool = false,
+        codexHomePath: String? = nil,
+        historyDays: Int = 30,
+        refreshPricingInBackground: Bool = true,
+        scannerOptions overrideScannerOptions: CostUsageScanner.Options? = nil,
+        piScannerOptions overridePiScannerOptions: PiSessionCostScanner
+            .Options? = nil) async throws -> CostUsageTokenSnapshot
+    {
+        guard provider == .codex || provider == .claude || provider == .vertexai || provider == .bedrock else {
             throw CostUsageError.unsupportedProvider(provider)
         }
 
         let until = now
-        // Rolling window: last 30 days (inclusive). Use -29 for inclusive boundaries.
-        let since = Calendar.current.date(byAdding: .day, value: -29, to: now) ?? now
+        let clampedHistoryDays = max(1, min(365, historyDays))
+        // Rolling window is inclusive, so a 30-day display starts 29 days before `now`.
+        let since = Calendar.current.date(byAdding: .day, value: -(clampedHistoryDays - 1), to: now) ?? now
+
+        if provider == .bedrock {
+            let daily = try await Self.loadBedrockDailyReport(
+                environment: environment,
+                since: since,
+                until: until)
+            return Self.tokenSnapshot(from: daily, now: now, historyDays: clampedHistoryDays)
+        }
+
+        var options = overrideScannerOptions ?? CostUsageScanner.Options()
+        if provider == .codex,
+           let codexHomePath = codexHomePath?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !codexHomePath.isEmpty
+        {
+            options.codexSessionsRoot = URL(fileURLWithPath: codexHomePath, isDirectory: true)
+                .appendingPathComponent("sessions", isDirectory: true)
+        }
+        if provider == .codex || provider == .claude {
+            let pricingCacheRoot = options.cacheRoot
+            if refreshPricingInBackground {
+                Task.detached(priority: .utility) {
+                    await ModelsDevPricingPipeline.refreshIfNeeded(now: now, cacheRoot: pricingCacheRoot)
+                }
+            } else {
+                await ModelsDevPricingPipeline.refreshIfNeeded(now: now, cacheRoot: pricingCacheRoot)
+            }
+        }
 
-        var options = CostUsageScanner.Options()
         if provider == .vertexai {
             options.claudeLogProviderFilter = allowVertexClaudeFallback ? .all : .vertexAIOnly
         } else if provider == .claude {
@@ -42,14 +97,19 @@ public struct CostUsageFetcher: Sendable {
         }
         if forceRefresh {
             options.refreshMinIntervalSeconds = 0
-            options.forceRescan = true
         }
-        var daily = CostUsageScanner.loadDailyReport(
+        let checkCancellation: CostUsageScanner.CancellationCheck = {
+            try Task.checkCancellation()
+        }
+        try Task.checkCancellation()
+        var daily = try CostUsageScanner.loadDailyReportCancellable(
             provider: provider,
             since: since,
             until: until,
             now: now,
-            options: options)
+            options: options,
+            checkCancellation: checkCancellation)
+        try Task.checkCancellation()
 
         if provider == .vertexai,
            !allowVertexClaudeFallback,
@@ -58,18 +118,56 @@ public struct CostUsageFetcher: Sendable {
         {
             var fallback = options
             fallback.claudeLogProviderFilter = .all
-            daily = CostUsageScanner.loadDailyReport(
+            daily = try CostUsageScanner.loadDailyReportCancellable(
                 provider: provider,
                 since: since,
                 until: until,
                 now: now,
-                options: fallback)
+                options: fallback,
+                checkCancellation: checkCancellation)
+            try Task.checkCancellation()
         }
 
-        return Self.tokenSnapshot(from: daily, now: now)
+        if provider == .codex || provider == .claude {
+            var piOptions = overridePiScannerOptions ?? PiSessionCostScanner.Options()
+            if piOptions.cacheRoot == nil {
+                piOptions.cacheRoot = options.cacheRoot
+            }
+            if forceRefresh {
+                piOptions.refreshMinIntervalSeconds = 0
+            }
+            let piReport = try PiSessionCostScanner.loadDailyReportCancellable(
+                provider: provider,
+                since: since,
+                until: until,
+                now: now,
+                options: piOptions,
+                checkCancellation: checkCancellation)
+            try Task.checkCancellation()
+            daily = CostUsageDailyReport.merged([daily, piReport])
+        }
+
+        return Self.tokenSnapshot(from: daily, now: now, historyDays: clampedHistoryDays)
     }
 
-    static func tokenSnapshot(from daily: CostUsageDailyReport, now: Date) -> CostUsageTokenSnapshot {
+    private static func loadBedrockDailyReport(
+        environment: [String: String],
+        since: Date,
+        until: Date) async throws -> CostUsageDailyReport
+    {
+        let resolved = try await BedrockCredentialResolver.resolve(environment: environment)
+        return try await BedrockUsageFetcher.fetchDailyReport(
+            credentials: resolved.credentials,
+            since: since,
+            until: until,
+            environment: environment)
+    }
+
+    static func tokenSnapshot(
+        from daily: CostUsageDailyReport,
+        now: Date,
+        historyDays: Int = 30) -> CostUsageTokenSnapshot
+    {
         // Pick the most recent day; break ties by cost/tokens to keep a stable "session" row.
         let currentDay = daily.data.max { lhs, rhs in
             let lDate = CostUsageDateParser.parse(lhs.date) ?? .distantPast
@@ -96,6 +194,7 @@ public struct CostUsageFetcher: Sendable {
             sessionCostUSD: currentDay?.costUSD,
             last30DaysTokens: last30DaysTokens,
             last30DaysCostUSD: last30DaysCostUSD,
+            historyDays: historyDays,
             daily: daily.data,
             updatedAt: now)
     }
diff --git a/Sources/CodexBarCore/CostUsageModels.swift b/Sources/CodexBarCore/CostUsageModels.swift
index 60f5e7598..0a891b34f 100644
--- a/Sources/CodexBarCore/CostUsageModels.swift
+++ b/Sources/CodexBarCore/CostUsageModels.swift
@@ -3,23 +3,40 @@ import Foundation
 public struct CostUsageTokenSnapshot: Sendable, Equatable {
     public let sessionTokens: Int?
     public let sessionCostUSD: Double?
+    public let sessionRequests: Int?
     public let last30DaysTokens: Int?
     public let last30DaysCostUSD: Double?
+    public let last30DaysRequests: Int?
+    public let currencyCode: String
+    public let historyDays: Int
+    public let historyLabel: String?
     public let daily: [CostUsageDailyReport.Entry]
     public let updatedAt: Date
 
     public init(
         sessionTokens: Int?,
         sessionCostUSD: Double?,
+        sessionRequests: Int? = nil,
         last30DaysTokens: Int?,
         last30DaysCostUSD: Double?,
+        last30DaysRequests: Int? = nil,
+        currencyCode: String = "USD",
+        historyDays: Int = 30,
+        historyLabel: String? = nil,
         daily: [CostUsageDailyReport.Entry],
         updatedAt: Date)
     {
         self.sessionTokens = sessionTokens
         self.sessionCostUSD = sessionCostUSD
+        self.sessionRequests = sessionRequests
         self.last30DaysTokens = last30DaysTokens
         self.last30DaysCostUSD = last30DaysCostUSD
+        self.last30DaysRequests = last30DaysRequests
+        self.currencyCode = currencyCode.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+            ? "USD"
+            : currencyCode.trimmingCharacters(in: .whitespacesAndNewlines).uppercased()
+        self.historyDays = historyDays
+        self.historyLabel = historyLabel
         self.daily = daily
         self.updatedAt = updatedAt
     }
@@ -29,11 +46,24 @@ public struct CostUsageDailyReport: Sendable, Decodable {
     public struct ModelBreakdown: Sendable, Decodable, Equatable {
         public let modelName: String
         public let costUSD: Double?
+        public let totalTokens: Int?
+        public let requestCount: Int?
+        public let standardCostUSD: Double?
+        public let priorityCostUSD: Double?
+        public let standardTokens: Int?
+        public let priorityTokens: Int?
 
         private enum CodingKeys: String, CodingKey {
             case modelName
             case costUSD
             case cost
+            case totalTokens
+            case requestCount
+            case requests
+            case standardCostUSD
+            case priorityCostUSD
+            case standardTokens
+            case priorityTokens
         }
 
         public init(from decoder: Decoder) throws {
@@ -42,11 +72,34 @@ public struct CostUsageDailyReport: Sendable, Decodable {
             self.costUSD =
                 try container.decodeIfPresent(Double.self, forKey: .costUSD)
                 ?? container.decodeIfPresent(Double.self, forKey: .cost)
+            self.totalTokens = try container.decodeIfPresent(Int.self, forKey: .totalTokens)
+            self.requestCount =
+                try container.decodeIfPresent(Int.self, forKey: .requestCount)
+                ?? container.decodeIfPresent(Int.self, forKey: .requests)
+            self.standardCostUSD = try container.decodeIfPresent(Double.self, forKey: .standardCostUSD)
+            self.priorityCostUSD = try container.decodeIfPresent(Double.self, forKey: .priorityCostUSD)
+            self.standardTokens = try container.decodeIfPresent(Int.self, forKey: .standardTokens)
+            self.priorityTokens = try container.decodeIfPresent(Int.self, forKey: .priorityTokens)
         }
 
-        public init(modelName: String, costUSD: Double?) {
+        public init(
+            modelName: String,
+            costUSD: Double?,
+            totalTokens: Int? = nil,
+            requestCount: Int? = nil,
+            standardCostUSD: Double? = nil,
+            priorityCostUSD: Double? = nil,
+            standardTokens: Int? = nil,
+            priorityTokens: Int? = nil)
+        {
             self.modelName = modelName
             self.costUSD = costUSD
+            self.totalTokens = totalTokens
+            self.requestCount = requestCount
+            self.standardCostUSD = standardCostUSD
+            self.priorityCostUSD = priorityCostUSD
+            self.standardTokens = standardTokens
+            self.priorityTokens = priorityTokens
         }
     }
 
@@ -57,6 +110,7 @@ public struct CostUsageDailyReport: Sendable, Decodable {
         public let cacheCreationTokens: Int?
         public let outputTokens: Int?
         public let totalTokens: Int?
+        public let requestCount: Int?
         public let costUSD: Double?
         public let modelsUsed: [String]?
         public let modelBreakdowns: [ModelBreakdown]?
@@ -70,6 +124,8 @@ public struct CostUsageDailyReport: Sendable, Decodable {
             case cacheCreationInputTokens
             case outputTokens
             case totalTokens
+            case requestCount
+            case requests
             case costUSD
             case totalCost
             case modelsUsed
@@ -89,6 +145,9 @@ public struct CostUsageDailyReport: Sendable, Decodable {
                 ?? container.decodeIfPresent(Int.self, forKey: .cacheCreationInputTokens)
             self.outputTokens = try container.decodeIfPresent(Int.self, forKey: .outputTokens)
             self.totalTokens = try container.decodeIfPresent(Int.self, forKey: .totalTokens)
+            self.requestCount =
+                try container.decodeIfPresent(Int.self, forKey: .requestCount)
+                ?? container.decodeIfPresent(Int.self, forKey: .requests)
             self.costUSD =
                 try container.decodeIfPresent(Double.self, forKey: .costUSD)
                 ?? container.decodeIfPresent(Double.self, forKey: .totalCost)
@@ -103,6 +162,7 @@ public struct CostUsageDailyReport: Sendable, Decodable {
             cacheReadTokens: Int? = nil,
             cacheCreationTokens: Int? = nil,
             totalTokens: Int?,
+            requestCount: Int? = nil,
             costUSD: Double?,
             modelsUsed: [String]?,
             modelBreakdowns: [ModelBreakdown]?)
@@ -113,6 +173,7 @@ public struct CostUsageDailyReport: Sendable, Decodable {
             self.cacheReadTokens = cacheReadTokens
             self.cacheCreationTokens = cacheCreationTokens
             self.totalTokens = totalTokens
+            self.requestCount = requestCount
             self.costUSD = costUSD
             self.modelsUsed = modelsUsed
             self.modelBreakdowns = modelBreakdowns
@@ -231,6 +292,252 @@ public struct CostUsageDailyReport: Sendable, Decodable {
     }
 }
 
+extension CostUsageDailyReport {
+    private struct BreakdownAccumulator {
+        var totalTokens: Int = 0
+        var sawTotalTokens = false
+        var costUSD: Double = 0
+        var sawCost = false
+        var standardCostUSD: Double = 0
+        var sawStandardCost = false
+        var priorityCostUSD: Double = 0
+        var sawPriorityCost = false
+        var standardTokens: Int = 0
+        var sawStandardTokens = false
+        var priorityTokens: Int = 0
+        var sawPriorityTokens = false
+
+        mutating func add(_ breakdown: ModelBreakdown) {
+            if let totalTokens = breakdown.totalTokens {
+                self.totalTokens += totalTokens
+                self.sawTotalTokens = true
+            }
+            if let costUSD = breakdown.costUSD {
+                self.costUSD += costUSD
+                self.sawCost = true
+            }
+            if let standardCostUSD = breakdown.standardCostUSD {
+                self.standardCostUSD += standardCostUSD
+                self.sawStandardCost = true
+            }
+            if let priorityCostUSD = breakdown.priorityCostUSD {
+                self.priorityCostUSD += priorityCostUSD
+                self.sawPriorityCost = true
+            }
+            if let standardTokens = breakdown.standardTokens {
+                self.standardTokens += standardTokens
+                self.sawStandardTokens = true
+            }
+            if let priorityTokens = breakdown.priorityTokens {
+                self.priorityTokens += priorityTokens
+                self.sawPriorityTokens = true
+            }
+        }
+
+        func build(modelName: String) -> ModelBreakdown {
+            ModelBreakdown(
+                modelName: modelName,
+                costUSD: self.sawCost ? self.costUSD : nil,
+                totalTokens: self.sawTotalTokens ? self.totalTokens : nil,
+                standardCostUSD: self.sawStandardCost ? self.standardCostUSD : nil,
+                priorityCostUSD: self.sawPriorityCost ? self.priorityCostUSD : nil,
+                standardTokens: self.sawStandardTokens ? self.standardTokens : nil,
+                priorityTokens: self.sawPriorityTokens ? self.priorityTokens : nil)
+        }
+    }
+
+    private struct EntryAccumulator {
+        var inputTokens: Int = 0
+        var sawInputTokens = false
+        var cacheReadTokens: Int = 0
+        var sawCacheReadTokens = false
+        var cacheCreationTokens: Int = 0
+        var sawCacheCreationTokens = false
+        var outputTokens: Int = 0
+        var sawOutputTokens = false
+        var totalTokens: Int = 0
+        var sawTotalTokens = false
+        var derivedTotalTokensWithoutExplicitTotal: Int = 0
+        var costUSD: Double = 0
+        var sawCost = false
+        var modelsUsed: Set<String> = []
+        var breakdowns: [String: BreakdownAccumulator] = [:]
+
+        mutating func add(_ entry: Entry) {
+            let entryDerivedTotalTokens = (entry.inputTokens ?? 0)
+                + (entry.cacheReadTokens ?? 0)
+                + (entry.cacheCreationTokens ?? 0)
+                + (entry.outputTokens ?? 0)
+            if let inputTokens = entry.inputTokens {
+                self.inputTokens += inputTokens
+                self.sawInputTokens = true
+            }
+            if let cacheReadTokens = entry.cacheReadTokens {
+                self.cacheReadTokens += cacheReadTokens
+                self.sawCacheReadTokens = true
+            }
+            if let cacheCreationTokens = entry.cacheCreationTokens {
+                self.cacheCreationTokens += cacheCreationTokens
+                self.sawCacheCreationTokens = true
+            }
+            if let outputTokens = entry.outputTokens {
+                self.outputTokens += outputTokens
+                self.sawOutputTokens = true
+            }
+            if let totalTokens = entry.totalTokens {
+                self.totalTokens += totalTokens
+                self.sawTotalTokens = true
+            } else if entryDerivedTotalTokens > 0 {
+                self.derivedTotalTokensWithoutExplicitTotal += entryDerivedTotalTokens
+            }
+            if let costUSD = entry.costUSD {
+                self.costUSD += costUSD
+                self.sawCost = true
+            }
+            if let modelsUsed = entry.modelsUsed {
+                self.modelsUsed.formUnion(modelsUsed)
+            }
+            if let modelBreakdowns = entry.modelBreakdowns {
+                for breakdown in modelBreakdowns {
+                    var accumulator = self.breakdowns[breakdown.modelName] ?? BreakdownAccumulator()
+                    accumulator.add(breakdown)
+                    self.breakdowns[breakdown.modelName] = accumulator
+                    self.modelsUsed.insert(breakdown.modelName)
+                }
+            }
+        }
+
+        func build(date: String) -> Entry {
+            let derivedTotalTokens = self.inputTokens
+                + self.cacheReadTokens
+                + self.cacheCreationTokens
+                + self.outputTokens
+            let totalTokens: Int? = if self.sawTotalTokens {
+                self.totalTokens + self.derivedTotalTokensWithoutExplicitTotal
+            } else if derivedTotalTokens > 0 {
+                derivedTotalTokens
+            } else {
+                nil
+            }
+            let modelBreakdowns: [ModelBreakdown]? = {
+                guard !self.breakdowns.isEmpty else { return nil }
+                return CostUsageDailyReport.sortedModelBreakdowns(
+                    self.breakdowns
+                        .map { modelName, accumulator in
+                            accumulator.build(modelName: modelName)
+                        })
+            }()
+            let modelsUsed = self.modelsUsed.isEmpty ? nil : self.modelsUsed.sorted()
+            return Entry(
+                date: date,
+                inputTokens: self.sawInputTokens ? self.inputTokens : nil,
+                outputTokens: self.sawOutputTokens ? self.outputTokens : nil,
+                cacheReadTokens: self.sawCacheReadTokens ? self.cacheReadTokens : nil,
+                cacheCreationTokens: self.sawCacheCreationTokens ? self.cacheCreationTokens : nil,
+                totalTokens: totalTokens,
+                costUSD: self.sawCost ? self.costUSD : nil,
+                modelsUsed: modelsUsed,
+                modelBreakdowns: modelBreakdowns)
+        }
+    }
+
+    public func merged(with other: CostUsageDailyReport) -> CostUsageDailyReport {
+        Self.merged([self, other])
+    }
+
+    public static func merged(_ reports: [CostUsageDailyReport]) -> CostUsageDailyReport {
+        let entries = self.mergedEntries(from: reports)
+        guard !entries.isEmpty else { return CostUsageDailyReport(data: [], summary: nil) }
+        return CostUsageDailyReport(data: entries, summary: self.mergedSummary(from: entries))
+    }
+
+    private static func mergedEntries(from reports: [CostUsageDailyReport]) -> [Entry] {
+        var dayAccumulators: [String: EntryAccumulator] = [:]
+        for report in reports {
+            for entry in report.data {
+                var accumulator = dayAccumulators[entry.date] ?? EntryAccumulator()
+                accumulator.add(entry)
+                dayAccumulators[entry.date] = accumulator
+            }
+        }
+
+        return dayAccumulators
+            .keys
+            .sorted()
+            .map { date in
+                dayAccumulators[date, default: EntryAccumulator()].build(date: date)
+            }
+    }
+
+    private static func mergedSummary(from entries: [Entry]) -> Summary {
+        var totalInputTokens = 0
+        var sawTotalInputTokens = false
+        var totalOutputTokens = 0
+        var sawTotalOutputTokens = false
+        var totalCacheReadTokens = 0
+        var sawTotalCacheReadTokens = false
+        var totalCacheCreationTokens = 0
+        var sawTotalCacheCreationTokens = false
+        var totalTokens = 0
+        var sawTotalTokens = false
+        var totalCostUSD = 0.0
+        var sawTotalCostUSD = false
+
+        for entry in entries {
+            if let inputTokens = entry.inputTokens {
+                totalInputTokens += inputTokens
+                sawTotalInputTokens = true
+            }
+            if let outputTokens = entry.outputTokens {
+                totalOutputTokens += outputTokens
+                sawTotalOutputTokens = true
+            }
+            if let cacheReadTokens = entry.cacheReadTokens {
+                totalCacheReadTokens += cacheReadTokens
+                sawTotalCacheReadTokens = true
+            }
+            if let cacheCreationTokens = entry.cacheCreationTokens {
+                totalCacheCreationTokens += cacheCreationTokens
+                sawTotalCacheCreationTokens = true
+            }
+            if let entryTotalTokens = entry.totalTokens {
+                totalTokens += entryTotalTokens
+                sawTotalTokens = true
+            }
+            if let costUSD = entry.costUSD {
+                totalCostUSD += costUSD
+                sawTotalCostUSD = true
+            }
+        }
+
+        return Summary(
+            totalInputTokens: sawTotalInputTokens ? totalInputTokens : nil,
+            totalOutputTokens: sawTotalOutputTokens ? totalOutputTokens : nil,
+            cacheReadTokens: sawTotalCacheReadTokens ? totalCacheReadTokens : nil,
+            cacheCreationTokens: sawTotalCacheCreationTokens ? totalCacheCreationTokens : nil,
+            totalTokens: sawTotalTokens ? totalTokens : nil,
+            totalCostUSD: sawTotalCostUSD ? totalCostUSD : nil)
+    }
+
+    private static func sortedModelBreakdowns(_ breakdowns: [ModelBreakdown]) -> [ModelBreakdown] {
+        breakdowns.sorted { lhs, rhs in
+            let lhsCost = lhs.costUSD ?? -1
+            let rhsCost = rhs.costUSD ?? -1
+            if lhsCost != rhsCost {
+                return lhsCost > rhsCost
+            }
+
+            let lhsTokens = lhs.totalTokens ?? -1
+            let rhsTokens = rhs.totalTokens ?? -1
+            if lhsTokens != rhsTokens {
+                return lhsTokens > rhsTokens
+            }
+
+            return lhs.modelName > rhs.modelName
+        }
+    }
+}
+
 public struct CostUsageSessionReport: Sendable, Decodable {
     public struct Entry: Sendable, Decodable, Equatable {
         public let session: String
@@ -377,7 +684,7 @@ public struct CostUsageMonthlyReport: Sendable, Decodable {
     }
 }
 
-private struct CostUsageLegacyTotals: Sendable, Decodable {
+private struct CostUsageLegacyTotals: Decodable {
     let totalInputTokens: Int?
     let totalOutputTokens: Int?
     let cacheReadTokens: Int?
diff --git a/Sources/CodexBarCore/Generated/CodexParserHash.generated.swift b/Sources/CodexBarCore/Generated/CodexParserHash.generated.swift
new file mode 100644
index 000000000..aecdf43dd
--- /dev/null
+++ b/Sources/CodexBarCore/Generated/CodexParserHash.generated.swift
@@ -0,0 +1,5 @@
+// Generated by Scripts/regenerate-codex-parser-hash.sh. Do not edit by hand.
+
+enum CodexParserHash {
+    static let value = "0d6c12b99dd77d4e"
+}
diff --git a/Sources/CodexBarCore/Host/PTY/TTYCommandRunner.swift b/Sources/CodexBarCore/Host/PTY/TTYCommandRunner.swift
index 7208cfb13..90356cfae 100644
--- a/Sources/CodexBarCore/Host/PTY/TTYCommandRunner.swift
+++ b/Sources/CodexBarCore/Host/PTY/TTYCommandRunner.swift
@@ -77,6 +77,62 @@ private enum TTYCommandRunnerActiveProcessRegistry {
     }
 }
 
+enum TTYProcessTreeTerminator {
+    static func descendantPIDs(
+        of rootPID: pid_t,
+        childResolver: (pid_t) -> [pid_t] = Self.currentChildPIDs(of:)) -> [pid_t]
+    {
+        guard rootPID > 0 else { return [] }
+
+        var seen: Set<pid_t> = [rootPID]
+        var pending = childResolver(rootPID)
+        var descendants: [pid_t] = []
+
+        while let pid = pending.popLast() {
+            guard pid > 0, seen.insert(pid).inserted else { continue }
+            descendants.append(pid)
+            pending.append(contentsOf: childResolver(pid))
+        }
+
+        return descendants
+    }
+
+    static func currentChildPIDs(of parentPID: pid_t) -> [pid_t] {
+        guard parentPID > 0 else { return [] }
+
+        #if canImport(Darwin)
+        var pids = [pid_t](repeating: 0, count: 128)
+        let byteCount = Int32(pids.count * MemoryLayout<pid_t>.stride)
+        let childCount = proc_listchildpids(parentPID, &pids, byteCount)
+        guard childCount > 0 else { return [] }
+        return Array(pids.prefix(min(Int(childCount), pids.count))).filter { $0 > 0 }
+        #else
+        return []
+        #endif
+    }
+
+    static func terminateProcessTree(
+        rootPID: pid_t,
+        processGroup: pid_t?,
+        signal: Int32,
+        knownDescendants: [pid_t] = [],
+        childResolver: (pid_t) -> [pid_t] = Self.currentChildPIDs(of:),
+        signalSender: (pid_t, Int32) -> Void = { kill($0, $1) })
+    {
+        guard rootPID > 0 else { return }
+
+        var seen: Set<pid_t> = [rootPID]
+        let descendants = knownDescendants + self.descendantPIDs(of: rootPID, childResolver: childResolver)
+        for pid in descendants where pid > 0 && seen.insert(pid).inserted {
+            signalSender(pid, signal)
+        }
+        if let processGroup {
+            signalSender(-processGroup, signal)
+        }
+        signalSender(rootPID, signal)
+    }
+}
+
 /// Executes an interactive CLI inside a pseudo-terminal and returns all captured text.
 /// Keeps it minimal so we can reuse for Codex and Claude without tmux.
 public struct TTYCommandRunner {
@@ -95,12 +151,15 @@ public struct TTYCommandRunner {
         public var idleTimeout: TimeInterval?
         public var workingDirectory: URL?
         public var extraArgs: [String] = []
+        public var baseEnvironment: [String: String]?
         public var initialDelay: TimeInterval = 0.4
         public var sendEnterEvery: TimeInterval?
         public var sendOnSubstrings: [String: String]
         public var stopOnURL: Bool
         public var stopOnSubstrings: [String]
         public var settleAfterStop: TimeInterval
+        public var forceCodexStatusMode: Bool
+        public var useClaudeProbeWorkingDirectory: Bool
 
         public init(
             rows: UInt16 = 50,
@@ -109,12 +168,15 @@ public struct TTYCommandRunner {
             idleTimeout: TimeInterval? = nil,
             workingDirectory: URL? = nil,
             extraArgs: [String] = [],
+            baseEnvironment: [String: String]? = nil,
             initialDelay: TimeInterval = 0.4,
             sendEnterEvery: TimeInterval? = nil,
             sendOnSubstrings: [String: String] = [:],
             stopOnURL: Bool = false,
             stopOnSubstrings: [String] = [],
-            settleAfterStop: TimeInterval = 0.25)
+            settleAfterStop: TimeInterval = 0.25,
+            forceCodexStatusMode: Bool = false,
+            useClaudeProbeWorkingDirectory: Bool = false)
         {
             self.rows = rows
             self.cols = cols
@@ -122,12 +184,15 @@ public struct TTYCommandRunner {
             self.idleTimeout = idleTimeout
             self.workingDirectory = workingDirectory
             self.extraArgs = extraArgs
+            self.baseEnvironment = baseEnvironment
             self.initialDelay = initialDelay
             self.sendEnterEvery = sendEnterEvery
             self.sendOnSubstrings = sendOnSubstrings
             self.stopOnURL = stopOnURL
             self.stopOnSubstrings = stopOnSubstrings
             self.settleAfterStop = settleAfterStop
+            self.forceCodexStatusMode = forceCodexStatusMode
+            self.useClaudeProbeWorkingDirectory = useClaudeProbeWorkingDirectory
         }
     }
 
@@ -158,20 +223,33 @@ public struct TTYCommandRunner {
             groupResolver: { getpgid($0) })
 
         for target in resolvedTargets where target.pid > 0 {
-            if let pgid = target.processGroup {
-                kill(-pgid, SIGTERM)
-            }
-            kill(target.pid, SIGTERM)
+            TTYProcessTreeTerminator.terminateProcessTree(
+                rootPID: target.pid,
+                processGroup: target.processGroup,
+                signal: SIGTERM)
         }
 
         for target in resolvedTargets where target.pid > 0 {
-            if let pgid = target.processGroup {
-                kill(-pgid, SIGKILL)
-            }
-            kill(target.pid, SIGKILL)
+            TTYProcessTreeTerminator.terminateProcessTree(
+                rootPID: target.pid,
+                processGroup: target.processGroup,
+                signal: SIGKILL)
         }
     }
 
+    @discardableResult
+    static func registerActiveProcessForAppShutdown(pid: pid_t, binary: String) -> Bool {
+        TTYCommandRunnerActiveProcessRegistry.register(pid: pid, binary: binary)
+    }
+
+    static func updateActiveProcessGroupForAppShutdown(pid: pid_t, processGroup: pid_t?) {
+        TTYCommandRunnerActiveProcessRegistry.updateProcessGroup(pid: pid, processGroup: processGroup)
+    }
+
+    static func unregisterActiveProcessForAppShutdown(pid: pid_t) {
+        TTYCommandRunnerActiveProcessRegistry.unregister(pid: pid)
+    }
+
     private static func resolveShutdownTargets(
         _ targets: [(pid: pid_t, binary: String, processGroup: pid_t?)],
         hostProcessGroup: pid_t,
@@ -196,7 +274,7 @@ public struct TTYCommandRunner {
         return resolvedTargets
     }
 
-    struct RollingBuffer: Sendable {
+    struct RollingBuffer {
         private let maxNeedle: Int
         private var tail = Data()
 
@@ -230,6 +308,12 @@ public struct TTYCommandRunner {
         }
     }
 
+    enum DrainReadResult {
+        case data(Data)
+        case wouldBlock
+        case closed
+    }
+
     static func lowercasedASCII(_ data: Data) -> Data {
         guard !data.isEmpty else { return data }
         var out = Data(count: data.count)
@@ -247,6 +331,43 @@ public struct TTYCommandRunner {
         return out
     }
 
+    static func drainRemainingOutput(
+        until drainDeadline: Date,
+        readChunk: () -> DrainReadResult,
+        processChunk: (Data) -> Void,
+        sleep: (UInt32) -> Void = { usleep($0) })
+    {
+        while Date() < drainDeadline {
+            switch readChunk() {
+            case let .data(newData):
+                processChunk(newData)
+            case .wouldBlock:
+                sleep(20000)
+            case .closed:
+                return
+            }
+        }
+    }
+
+    static func drainReadResult(for data: Data, terminalRead: Int, errno err: Int32) -> DrainReadResult {
+        if !data.isEmpty { return .data(data) }
+
+        if terminalRead == 0 {
+            return .closed
+        }
+
+        if terminalRead < 0 {
+            if err == EAGAIN || err == EWOULDBLOCK || err == EINTR {
+                return .wouldBlock
+            }
+            if err == EIO {
+                return .closed
+            }
+        }
+
+        return .closed
+    }
+
     static func locateBundledHelper(_ name: String) -> String? {
         let fm = FileManager.default
 
@@ -359,9 +480,11 @@ public struct TTYCommandRunner {
             }
         }
 
+        let baseEnv = options.baseEnvironment ?? ProcessInfo.processInfo.environment
         let proc = Process()
         let resolvedURL = URL(fileURLWithPath: resolved)
-        if resolvedURL.lastPathComponent == "claude",
+        let isClaudeCLI = Self.isClaudeBinary(requested: binary, resolved: resolved, environment: baseEnv)
+        if isClaudeCLI,
            let watchdog = Self.locateBundledHelper("CodexBarClaudeWatchdog")
         {
             proc.executableURL = URL(fileURLWithPath: watchdog)
@@ -375,8 +498,12 @@ public struct TTYCommandRunner {
         proc.standardError = secondaryHandle
         // Use login-shell PATH when available, but keep the caller’s environment (HOME, LANG, etc.) so
         // the CLIs can find their auth/config files.
-        var env = Self.enrichedEnvironment()
-        if let workingDirectory = options.workingDirectory {
+        var env = Self.enrichedEnvironment(baseEnv: baseEnv, home: baseEnv["HOME"] ?? NSHomeDirectory())
+        let workingDirectory = options.workingDirectory
+            ?? (options.useClaudeProbeWorkingDirectory && isClaudeCLI
+                ? ClaudeStatusProbe.preparedProbeWorkingDirectoryURL()
+                : nil)
+        if let workingDirectory {
             proc.currentDirectoryURL = workingDirectory
             env["PWD"] = workingDirectory.path
         }
@@ -401,21 +528,29 @@ public struct TTYCommandRunner {
 
             guard didLaunch else { return }
 
+            let descendants = TTYProcessTreeTerminator.descendantPIDs(of: proc.processIdentifier)
             if proc.isRunning {
                 proc.terminate()
             }
-            if let pgid = processGroup {
-                kill(-pgid, SIGTERM)
-            }
+            TTYProcessTreeTerminator.terminateProcessTree(
+                rootPID: proc.processIdentifier,
+                processGroup: processGroup,
+                signal: SIGTERM,
+                knownDescendants: descendants)
             let waitDeadline = Date().addingTimeInterval(2.0)
             while proc.isRunning, Date() < waitDeadline {
                 usleep(100_000)
             }
             if proc.isRunning {
-                if let pgid = processGroup {
-                    kill(-pgid, SIGKILL)
+                TTYProcessTreeTerminator.terminateProcessTree(
+                    rootPID: proc.processIdentifier,
+                    processGroup: processGroup,
+                    signal: SIGKILL,
+                    knownDescendants: descendants)
+            } else {
+                for pid in descendants where pid > 0 {
+                    kill(pid, SIGKILL)
                 }
-                kill(proc.processIdentifier, SIGKILL)
             }
             if didLaunch {
                 proc.waitUntilExit()
@@ -463,14 +598,17 @@ public struct TTYCommandRunner {
 
         let deadline = Date().addingTimeInterval(options.timeout)
         let trimmed = script.trimmingCharacters(in: .whitespacesAndNewlines)
-        let isCodex = (binaryName == "codex")
+        let isCodex = (binaryName == "codex") || options.forceCodexStatusMode
         let isCodexStatus = isCodex && trimmed == "/status"
 
         var buffer = Data()
-        func readChunk() -> Data {
+        func readChunkResult() -> (data: Data, terminalRead: Int, errno: Int32) {
             var appended = Data()
+            var terminalRead = 0
+            var terminalErrno: Int32 = 0
             while true {
                 var tmp = [UInt8](repeating: 0, count: 8192)
+                errno = 0
                 let n = read(primaryFD, &tmp, tmp.count)
                 if n > 0 {
                     let slice = tmp.prefix(n)
@@ -478,9 +616,20 @@ public struct TTYCommandRunner {
                     appended.append(contentsOf: slice)
                     continue
                 }
+                terminalRead = Int(n)
+                terminalErrno = errno
                 break
             }
-            return appended
+            return (appended, terminalRead, terminalErrno)
+        }
+
+        func readChunk() -> Data {
+            readChunkResult().data
+        }
+
+        func readDrainChunk() -> DrainReadResult {
+            let result = readChunkResult()
+            return Self.drainReadResult(for: result.data, terminalRead: result.terminalRead, errno: result.errno)
         }
 
         func firstLink(in data: Data) -> String? {
@@ -532,27 +681,26 @@ public struct TTYCommandRunner {
             var recentText = ""
             var lastOutputAt = Date()
 
-            while Date() < deadline {
-                let newData = readChunk()
-                if !newData.isEmpty {
-                    lastOutputAt = Date()
-                    if let chunkText = String(bytes: newData, encoding: .utf8) {
-                        recentText += chunkText
-                        if recentText.count > 8192 {
-                            recentText.removeFirst(recentText.count - 8192)
-                        }
+            func processNonCodexChunk(_ newData: Data, allowSends: Bool, allowStop: Bool) -> Bool {
+                guard !newData.isEmpty else { return false }
+
+                lastOutputAt = Date()
+                if let chunkText = String(bytes: newData, encoding: .utf8) {
+                    recentText += chunkText
+                    if recentText.count > 8192 {
+                        recentText.removeFirst(recentText.count - 8192)
                     }
                 }
+
                 let scanData = scanBuffer.append(newData)
                 if Date() >= nextCursorCheckAt,
-                   !scanData.isEmpty,
                    scanData.range(of: cursorQuery) != nil
                 {
                     try? send("\u{1b}[1;1R")
                     nextCursorCheckAt = Date().addingTimeInterval(1.0)
                 }
 
-                if !sendNeedles.isEmpty {
+                if allowSends, !sendNeedles.isEmpty {
                     let recentTextCollapsed = recentText.replacingOccurrences(of: "\r", with: "")
                     for item in sendNeedles where !triggeredSends.contains(item.needle) {
                         let matched = scanData.range(of: item.needle) != nil ||
@@ -570,16 +718,31 @@ public struct TTYCommandRunner {
                 }
 
                 if urlNeedles.contains(where: { scanData.range(of: $0) != nil }) {
-                    urlSeen = true
-                    if urlSeen {
+                    if !urlSeen {
+                        urlSeen = true
                         onURLDetected?()
                     }
-                    if options.stopOnURL {
-                        stoppedEarly = true
-                        break
+                    if allowStop, options.stopOnURL {
+                        return true
                     }
                 }
-                if !stopNeedles.isEmpty, stopNeedles.contains(where: { scanData.range(of: $0) != nil }) {
+
+                if allowStop, !stopNeedles.isEmpty, stopNeedles.contains(where: { scanData.range(of: $0) != nil }) {
+                    return true
+                }
+
+                return false
+            }
+
+            while Date() < deadline {
+                let readResult = readDrainChunk()
+                let newData = switch readResult {
+                case let .data(data):
+                    data
+                case .wouldBlock, .closed:
+                    Data()
+                }
+                if processNonCodexChunk(newData, allowSends: true, allowStop: true) {
                     stoppedEarly = true
                     break
                 }
@@ -596,6 +759,7 @@ public struct TTYCommandRunner {
                     lastEnter = Date()
                 }
 
+                if case .closed = readResult, !proc.isRunning { break }
                 if !proc.isRunning { break }
                 usleep(60000)
             }
@@ -617,6 +781,16 @@ public struct TTYCommandRunner {
                         usleep(50000)
                     }
                 }
+            } else if !proc.isRunning {
+                // PTY-backed scripts can exit before their final echo becomes readable on the parent side.
+                // Give the kernel a brief non-blocking drain window so we don't lose the last line of output.
+                let drainFor = max(0, min(0.2, deadline.timeIntervalSinceNow))
+                if drainFor > 0 {
+                    Self.drainRemainingOutput(
+                        until: Date().addingTimeInterval(drainFor),
+                        readChunk: readDrainChunk,
+                        processChunk: { _ = processNonCodexChunk($0, allowSends: false, allowStop: false) })
+                }
             }
 
             let text = String(data: buffer, encoding: .utf8) ?? ""
@@ -777,6 +951,31 @@ public struct TTYCommandRunner {
         return self.runWhich(tool)
     }
 
+    private static func isClaudeBinary(requested: String, resolved: String, environment: [String: String]) -> Bool {
+        let requestedName = URL(fileURLWithPath: requested).lastPathComponent
+        let resolvedName = URL(fileURLWithPath: resolved).lastPathComponent
+        if requested == "claude" || requestedName == "claude" || resolvedName == "claude" {
+            return true
+        }
+
+        guard let override = environment["CLAUDE_CLI_PATH"], !override.isEmpty else { return false }
+        let normalizedOverride = self.normalizedExecutablePath(override)
+        return self.normalizedExecutablePath(resolved) == normalizedOverride
+            || self.normalizedExecutablePath(requested) == normalizedOverride
+    }
+
+    private static func normalizedExecutablePath(_ path: String) -> String {
+        let expanded = NSString(string: path).expandingTildeInPath
+        var buffer = [CChar](repeating: 0, count: Int(PATH_MAX))
+        if realpath(expanded, &buffer) != nil {
+            return buffer.withUnsafeBufferPointer { rawBuffer in
+                guard let baseAddress = rawBuffer.baseAddress else { return expanded }
+                return String(cString: baseAddress)
+            }
+        }
+        return URL(fileURLWithPath: expanded).standardizedFileURL.path
+    }
+
     private static func runWhich(_ tool: String) -> String? {
         let proc = Process()
         proc.executableURL = URL(fileURLWithPath: "/usr/bin/which")
@@ -831,7 +1030,9 @@ public struct TTYCommandRunner {
         }
         return env
     }
+}
 
+extension TTYCommandRunner {
     static func _test_resetTrackedProcesses() {
         TTYCommandRunnerActiveProcessRegistry.reset()
     }
diff --git a/Sources/CodexBarCore/Host/Process/SubprocessRunner.swift b/Sources/CodexBarCore/Host/Process/SubprocessRunner.swift
index 19bf47639..b2278c255 100644
--- a/Sources/CodexBarCore/Host/Process/SubprocessRunner.swift
+++ b/Sources/CodexBarCore/Host/Process/SubprocessRunner.swift
@@ -36,12 +36,130 @@ public struct SubprocessResult: Sendable {
 
 public enum SubprocessRunner {
     private static let log = CodexBarLog.logger(LogCategories.subprocess)
+    private static let timeoutQueue = DispatchQueue(
+        label: "com.steipete.codexbar.subprocess.timeout",
+        qos: .userInitiated,
+        attributes: .concurrent)
+
+    /// Thread-safe flag for communicating between concurrent tasks (e.g. timeout → caller).
+    private final class KillFlag: @unchecked Sendable {
+        private let lock = NSLock()
+        private var value = false
+
+        func set() {
+            self.lock.withLock { self.value = true }
+        }
+
+        var isSet: Bool {
+            self.lock.withLock { self.value }
+        }
+    }
+
+    private final class TimeoutTimer: @unchecked Sendable {
+        private let timer: any DispatchSourceTimer
+
+        init(timer: any DispatchSourceTimer) {
+            self.timer = timer
+        }
+
+        func cancel() {
+            self.timer.cancel()
+        }
+    }
+
+    private static func timeoutInterval(_ timeout: TimeInterval) -> DispatchTimeInterval {
+        guard timeout.isFinite else {
+            return .seconds(Int.max)
+        }
+        let nanoseconds = max(0, min(timeout * 1_000_000_000, Double(Int.max)))
+        return .nanoseconds(Int(nanoseconds))
+    }
+
+    private final class ProcessTermination: @unchecked Sendable {
+        private let lock = NSLock()
+        private var status: Int32?
+        private var continuation: CheckedContinuation<Int32, Never>?
+
+        func resolve(_ status: Int32) {
+            let continuation: CheckedContinuation<Int32, Never>?
+            self.lock.lock()
+            self.status = status
+            continuation = self.continuation
+            self.continuation = nil
+            self.lock.unlock()
+            continuation?.resume(returning: status)
+        }
+
+        func wait() async -> Int32 {
+            await withCheckedContinuation { continuation in
+                let status: Int32?
+                self.lock.lock()
+                status = self.status
+                if status == nil {
+                    self.continuation = continuation
+                }
+                self.lock.unlock()
+
+                if let status {
+                    continuation.resume(returning: status)
+                }
+            }
+        }
+    }
+
+    // MARK: - Helpers to move blocking calls off the cooperative thread pool
+
+    /// Reads pipe data on a GCD thread so it does not block the Swift cooperative pool.
+    private static func readDataOffPool(_ fileHandle: FileHandle) async -> Data {
+        await withCheckedContinuation { continuation in
+            DispatchQueue.global().async {
+                var output = Data()
+                while true {
+                    do {
+                        guard let data = try fileHandle.read(upToCount: 64 * 1024), data.isEmpty == false else {
+                            break
+                        }
+                        output.append(data)
+                    } catch {
+                        break
+                    }
+                }
+                continuation.resume(returning: output)
+            }
+        }
+    }
+
+    /// Terminates a process and its process group, escalating from SIGTERM to SIGKILL.
+    /// Returns `true` if the process was actually killed, `false` if it had already exited.
+    @discardableResult
+    private static func terminateProcess(_ process: Process, processGroup: pid_t?) -> Bool {
+        guard process.isRunning else { return false }
+        process.terminate()
+        if let pgid = processGroup {
+            kill(-pgid, SIGTERM)
+        }
+        let killDeadline = Date().addingTimeInterval(0.4)
+        while process.isRunning, Date() < killDeadline {
+            usleep(50000)
+        }
+        if process.isRunning {
+            if let pgid = processGroup {
+                kill(-pgid, SIGKILL)
+            }
+            kill(process.processIdentifier, SIGKILL)
+        }
+        return true
+    }
+
+    // MARK: - Public API
 
     public static func run(
         binary: String,
         arguments: [String],
         environment: [String: String],
         timeout: TimeInterval,
+        standardInput: Any? = nil,
+        currentDirectoryURL: URL? = nil,
         label: String) async throws -> SubprocessResult
     {
         guard FileManager.default.isExecutableFile(atPath: binary) else {
@@ -58,51 +176,82 @@ public enum SubprocessRunner {
         process.executableURL = URL(fileURLWithPath: binary)
         process.arguments = arguments
         process.environment = environment
+        process.currentDirectoryURL = currentDirectoryURL
 
         let stdoutPipe = Pipe()
         let stderrPipe = Pipe()
         process.standardOutput = stdoutPipe
         process.standardError = stderrPipe
-        process.standardInput = nil
+        process.standardInput = standardInput
 
-        let stdoutTask = Task<Data, Never> {
-            stdoutPipe.fileHandleForReading.readDataToEndOfFile()
-        }
-        let stderrTask = Task<Data, Never> {
-            stderrPipe.fileHandleForReading.readDataToEndOfFile()
+        let termination = ProcessTermination()
+        process.terminationHandler = { process in
+            termination.resolve(process.terminationStatus)
         }
 
         do {
             try process.run()
         } catch {
-            stdoutTask.cancel()
-            stderrTask.cancel()
+            process.terminationHandler = nil
             stdoutPipe.fileHandleForReading.closeFile()
+            stdoutPipe.fileHandleForWriting.closeFile()
             stderrPipe.fileHandleForReading.closeFile()
+            stderrPipe.fileHandleForWriting.closeFile()
             throw SubprocessRunnerError.launchFailed(error.localizedDescription)
         }
 
-        var processGroup: pid_t?
         let pid = process.processIdentifier
-        if setpgid(pid, pid) == 0 {
-            processGroup = pid
+        let processGroup: pid_t? = setpgid(pid, pid) == 0 ? pid : nil
+
+        let stdoutTask = Task<Data, Never> {
+            await self.readDataOffPool(stdoutPipe.fileHandleForReading)
+        }
+        let stderrTask = Task<Data, Never> {
+            await self.readDataOffPool(stderrPipe.fileHandleForReading)
         }
 
         let exitCodeTask = Task<Int32, Never> {
-            process.waitUntilExit()
-            return process.terminationStatus
+            await termination.wait()
+        }
+
+        let killedByTimeout = KillFlag()
+        let timeoutTimer = DispatchSource.makeTimerSource(queue: self.timeoutQueue)
+        timeoutTimer.schedule(deadline: .now() + self.timeoutInterval(timeout))
+        timeoutTimer.setEventHandler {
+            guard process.isRunning else { return }
+            killedByTimeout.set()
+            self.terminateProcess(process, processGroup: processGroup)
         }
+        timeoutTimer.resume()
+        let timeoutTimerBox = TimeoutTimer(timer: timeoutTimer)
 
         do {
-            let exitCode = try await withThrowingTaskGroup(of: Int32.self) { group in
-                group.addTask { await exitCodeTask.value }
-                group.addTask {
-                    try await Task.sleep(for: .seconds(timeout))
-                    throw SubprocessRunnerError.timedOut(label)
-                }
-                let code = try await group.next()!
-                group.cancelAll()
+            let exitCode = try await withTaskCancellationHandler {
+                try Task.checkCancellation()
+                let code = await exitCodeTask.value
+                try Task.checkCancellation()
                 return code
+            } onCancel: {
+                timeoutTimerBox.cancel()
+                self.terminateProcess(process, processGroup: processGroup)
+            }
+            timeoutTimerBox.cancel()
+
+            let duration = Date().timeIntervalSince(start)
+            // Race guard: the timeout timer may kill the process just before the
+            // exit code arrives. Key off the explicit kill flag so a completed
+            // process is not misclassified when the awaiting task resumes late.
+            if killedByTimeout.isSet {
+                self.log.warning(
+                    "Subprocess timed out",
+                    metadata: [
+                        "label": label,
+                        "binary": binaryName,
+                        "duration_ms": "\(Int(duration * 1000))",
+                    ])
+                stdoutTask.cancel()
+                stderrTask.cancel()
+                throw SubprocessRunnerError.timedOut(label)
             }
 
             let stdoutData = await stdoutTask.value
@@ -123,7 +272,6 @@ public enum SubprocessRunner {
                 throw SubprocessRunnerError.nonZeroExit(code: exitCode, stderr: stderr)
             }
 
-            let duration = Date().timeIntervalSince(start)
             self.log.debug(
                 "Subprocess exit",
                 metadata: [
@@ -142,27 +290,11 @@ public enum SubprocessRunner {
                     "binary": binaryName,
                     "duration_ms": "\(Int(duration * 1000))",
                 ])
-            if process.isRunning {
-                process.terminate()
-                if let pgid = processGroup {
-                    kill(-pgid, SIGTERM)
-                }
-                let killDeadline = Date().addingTimeInterval(0.4)
-                while process.isRunning, Date() < killDeadline {
-                    usleep(50000)
-                }
-                if process.isRunning {
-                    if let pgid = processGroup {
-                        kill(-pgid, SIGKILL)
-                    }
-                    kill(process.processIdentifier, SIGKILL)
-                }
-            }
+            // Safety net: ensure the process is dead (may already be killed by timeout timer).
+            self.terminateProcess(process, processGroup: processGroup)
             exitCodeTask.cancel()
             stdoutTask.cancel()
             stderrTask.cancel()
-            stdoutPipe.fileHandleForReading.closeFile()
-            stderrPipe.fileHandleForReading.closeFile()
             throw error
         }
     }
diff --git a/Sources/CodexBarCore/KeychainAccessGate.swift b/Sources/CodexBarCore/KeychainAccessGate.swift
index 6984d6280..86451a75d 100644
--- a/Sources/CodexBarCore/KeychainAccessGate.swift
+++ b/Sources/CodexBarCore/KeychainAccessGate.swift
@@ -5,18 +5,20 @@ import SweetCookieKit
 
 public enum KeychainAccessGate {
     private static let flagKey = "debugDisableKeychainAccess"
-    private static let appGroupID = "group.com.steipete.codexbar"
     @TaskLocal private static var taskOverrideValue: Bool?
     private nonisolated(unsafe) static var overrideValue: Bool?
 
     public nonisolated(unsafe) static var isDisabled: Bool {
         get {
             if let taskOverrideValue { return taskOverrideValue }
+            #if DEBUG
+            if Self.forcesDisabledUnderTests {
+                return true
+            }
+            #endif
             if let overrideValue { return overrideValue }
             if UserDefaults.standard.bool(forKey: Self.flagKey) { return true }
-            if let shared = UserDefaults(suiteName: Self.appGroupID),
-               shared.bool(forKey: Self.flagKey)
-            {
+            if let shared = AppGroupSupport.sharedDefaults(), shared.bool(forKey: Self.flagKey) {
                 return true
             }
             return false
@@ -24,11 +26,25 @@ public enum KeychainAccessGate {
         set {
             overrideValue = newValue
             #if os(macOS) && canImport(SweetCookieKit)
-            BrowserCookieKeychainAccessGate.isDisabled = newValue
+            BrowserCookieKeychainAccessGate.isDisabled = self.isDisabled
             #endif
         }
     }
 
+    #if DEBUG
+    private nonisolated(unsafe) static var forcesDisabledUnderTests: Bool {
+        self.isRunningUnderTests
+            && ProcessInfo.processInfo.environment["CODEXBAR_ALLOW_TEST_KEYCHAIN_ACCESS"] != "1"
+    }
+
+    private nonisolated(unsafe) static var isRunningUnderTests: Bool {
+        let processName = ProcessInfo.processInfo.processName
+        return processName == "swiftpm-testing-helper"
+            || processName.hasSuffix("PackageTests")
+            || ProcessInfo.processInfo.environment["XCTestConfigurationFilePath"] != nil
+    }
+    #endif
+
     static func withTaskOverrideForTesting<T>(
         _ disabled: Bool?,
         operation: () throws -> T) rethrows -> T
@@ -46,4 +62,17 @@ public enum KeychainAccessGate {
             try await operation()
         }
     }
+
+    static var currentOverrideForTesting: Bool? {
+        self.taskOverrideValue ?? self.overrideValue
+    }
+
+    #if DEBUG
+    static func resetOverrideForTesting() {
+        self.overrideValue = nil
+        #if os(macOS) && canImport(SweetCookieKit)
+        BrowserCookieKeychainAccessGate.isDisabled = self.isDisabled
+        #endif
+    }
+    #endif
 }
diff --git a/Sources/CodexBarCore/KeychainAccessPreflight.swift b/Sources/CodexBarCore/KeychainAccessPreflight.swift
index 0ca26604e..9c335d76c 100644
--- a/Sources/CodexBarCore/KeychainAccessPreflight.swift
+++ b/Sources/CodexBarCore/KeychainAccessPreflight.swift
@@ -134,19 +134,7 @@ public enum KeychainAccessPreflight {
         }
         #endif
         guard !KeychainAccessGate.isDisabled else { return .notFound }
-        var query: [String: Any] = [
-            kSecClass as String: kSecClassGenericPassword,
-            kSecAttrService as String: service,
-            kSecMatchLimit as String: kSecMatchLimitOne,
-            // Preflight should never trigger UI. Avoid requesting the secret payload (`kSecReturnData`) because
-            // some macOS configurations have been observed to show the legacy keychain prompt even when
-            // `kSecUseAuthenticationUIFail` is set.
-            kSecReturnAttributes as String: true,
-        ]
-        KeychainNoUIQuery.apply(to: &query)
-        if let account {
-            query[kSecAttrAccount as String] = account
-        }
+        let query = self.makeGenericPasswordPreflightQuery(service: service, account: account)
 
         var result: AnyObject?
         let status = SecItemCopyMatching(query as CFDictionary, &result)
@@ -174,4 +162,23 @@ public enum KeychainAccessPreflight {
         return .notFound
         #endif
     }
+
+    #if os(macOS)
+    static func makeGenericPasswordPreflightQuery(service: String, account: String?) -> [String: Any] {
+        var query: [String: Any] = [
+            kSecClass as String: kSecClassGenericPassword,
+            kSecAttrService as String: service,
+            kSecMatchLimit as String: kSecMatchLimitOne,
+            // Preflight should never trigger UI. Avoid requesting the secret payload (`kSecReturnData`) because
+            // some macOS configurations have been observed to show the legacy keychain prompt unless the query
+            // is strictly non-interactive.
+            kSecReturnAttributes as String: true,
+        ]
+        KeychainNoUIQuery.apply(to: &query)
+        if let account {
+            query[kSecAttrAccount as String] = account
+        }
+        return query
+    }
+    #endif
 }
diff --git a/Sources/CodexBarCore/KeychainCacheStore.swift b/Sources/CodexBarCore/KeychainCacheStore.swift
index 563e07343..405199c06 100644
--- a/Sources/CodexBarCore/KeychainCacheStore.swift
+++ b/Sources/CodexBarCore/KeychainCacheStore.swift
@@ -1,5 +1,6 @@
 import Foundation
 #if os(macOS)
+import Darwin
 import Security
 #endif
 
@@ -21,6 +22,7 @@ public enum KeychainCacheStore {
     public enum LoadResult<Entry> {
         case found(Entry)
         case missing
+        case temporarilyUnavailable
         case invalid
     }
 
@@ -29,6 +31,9 @@ public enum KeychainCacheStore {
     private static let cacheLabel = "CodexBar Cache"
     private nonisolated(unsafe) static var globalServiceOverride: String?
     @TaskLocal private static var serviceOverride: String?
+    #if DEBUG && os(macOS)
+    @TaskLocal private static var loadFailureStatusOverride: OSStatus?
+    #endif
     private static let testStoreLock = NSLock()
     private struct TestStoreKey: Hashable {
         let service: String
@@ -36,23 +41,31 @@ public enum KeychainCacheStore {
     }
 
     private nonisolated(unsafe) static var testStore: [TestStoreKey: Data]?
+    private nonisolated(unsafe) static var implicitTestStore: [TestStoreKey: Data] = [:]
     private nonisolated(unsafe) static var testStoreRefCount = 0
 
     public static func load<Entry: Codable>(
         key: Key,
         as type: Entry.Type = Entry.self) -> LoadResult<Entry>
     {
+        #if DEBUG && os(macOS)
+        if let status = self.loadFailureStatusOverride {
+            return self.loadResultForKeychainReadFailure(status: status, key: key)
+        }
+        #endif
         if let testResult = loadFromTestStore(key: key, as: type) {
             return testResult
         }
+        guard self.canUseRealKeychain else { return .missing }
         #if os(macOS)
-        let query: [String: Any] = [
+        var query: [String: Any] = [
             kSecClass as String: kSecClassGenericPassword,
             kSecAttrService as String: self.serviceName,
             kSecAttrAccount as String: key.account,
             kSecMatchLimit as String: kSecMatchLimitOne,
             kSecReturnData as String: true,
         ]
+        KeychainNoUIQuery.apply(to: &query)
 
         var result: AnyObject?
         let status = SecItemCopyMatching(query as CFDictionary, &result)
@@ -68,11 +81,8 @@ public enum KeychainCacheStore {
                 return .invalid
             }
             return .found(decoded)
-        case errSecItemNotFound:
-            return .missing
         default:
-            self.log.error("Keychain cache read failed (\(key.account)): \(status)")
-            return .invalid
+            return self.loadResultForKeychainReadFailure(status: status, key: key)
         }
         #else
         return .missing
@@ -83,6 +93,7 @@ public enum KeychainCacheStore {
         if self.storeInTestStore(key: key, entry: entry) {
             return
         }
+        guard self.canUseRealKeychain else { return }
         #if os(macOS)
         let encoder = Self.makeEncoder()
         guard let data = try? encoder.encode(entry) else {
@@ -95,11 +106,10 @@ public enum KeychainCacheStore {
             kSecAttrService as String: self.serviceName,
             kSecAttrAccount as String: key.account,
         ]
-        let updateAttrs: [String: Any] = [
-            kSecValueData as String: data,
-        ]
 
-        let updateStatus = SecItemUpdate(query as CFDictionary, updateAttrs as CFDictionary)
+        let updateStatus = SecItemUpdate(
+            query as CFDictionary,
+            [kSecValueData as String: data] as CFDictionary)
         if updateStatus == errSecSuccess {
             return
         }
@@ -112,6 +122,9 @@ public enum KeychainCacheStore {
         addQuery[kSecValueData as String] = data
         addQuery[kSecAttrLabel as String] = self.cacheLabel
         addQuery[kSecAttrAccessible as String] = kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
+        if let access = self.cacheAccessControl() {
+            addQuery[kSecAttrAccess as String] = access
+        }
 
         let addStatus = SecItemAdd(addQuery as CFDictionary, nil)
         if addStatus != errSecSuccess {
@@ -120,10 +133,12 @@ public enum KeychainCacheStore {
         #endif
     }
 
-    public static func clear(key: Key) {
-        if self.clearTestStore(key: key) {
-            return
+    @discardableResult
+    public static func clear(key: Key) -> Bool {
+        if let removed = self.clearTestStore(key: key) {
+            return removed
         }
+        guard self.canUseRealKeychain else { return false }
         #if os(macOS)
         let query: [String: Any] = [
             kSecClass as String: kSecClassGenericPassword,
@@ -131,17 +146,58 @@ public enum KeychainCacheStore {
             kSecAttrAccount as String: key.account,
         ]
         let status = SecItemDelete(query as CFDictionary)
-        if status != errSecSuccess, status != errSecItemNotFound {
+        if status == errSecSuccess {
+            return true
+        }
+        if status != errSecItemNotFound {
             self.log.error("Keychain cache delete failed (\(key.account)): \(status)")
         }
         #endif
+        return false
+    }
+
+    public static func keys(category: String) -> [Key] {
+        if let keys = self.keysFromTestStore(category: category) {
+            return keys
+        }
+        guard self.canUseRealKeychain else { return [] }
+        #if os(macOS)
+        var query: [String: Any] = [
+            kSecClass as String: kSecClassGenericPassword,
+            kSecAttrService as String: self.serviceName,
+            kSecMatchLimit as String: kSecMatchLimitAll,
+            kSecReturnAttributes as String: true,
+        ]
+        KeychainNoUIQuery.apply(to: &query)
+
+        var result: AnyObject?
+        let status = SecItemCopyMatching(query as CFDictionary, &result)
+        switch status {
+        case errSecSuccess:
+            guard let rows = result as? [[String: Any]] else { return [] }
+            return rows.compactMap { row in
+                guard let account = row[kSecAttrAccount as String] as? String else { return nil }
+                return self.key(fromAccount: account, category: category)
+            }
+        case errSecItemNotFound:
+            return []
+        case errSecInteractionNotAllowed:
+            self.log.info("Keychain cache keys temporarily unavailable (\(category))")
+            return []
+        default:
+            self.log.error("Keychain cache key listing failed (\(category)): \(status)")
+            return []
+        }
+        #else
+        return []
+        #endif
     }
 
     static func setServiceOverrideForTesting(_ service: String?) {
         self.globalServiceOverride = service
     }
 
-    static func withServiceOverrideForTesting<T>(
+    public static func withServiceOverrideForTesting<T>(
         _ service: String?,
         operation: () throws -> T) rethrows -> T
     {
@@ -150,7 +206,7 @@ public enum KeychainCacheStore {
         }
     }
 
-    static func withServiceOverrideForTesting<T>(
+    public static func withServiceOverrideForTesting<T>(
         _ service: String?,
         operation: () async throws -> T) async rethrows -> T
     {
@@ -159,6 +215,34 @@ public enum KeychainCacheStore {
         }
     }
 
+    public static func withCurrentServiceOverrideForTesting<T>(
+        operation: () async throws -> T) async rethrows -> T
+    {
+        let service = self.serviceOverride
+        return try await self.$serviceOverride.withValue(service) {
+            try await operation()
+        }
+    }
+
+    public static var currentServiceOverrideForTesting: String? {
+        self.serviceOverride
+    }
+
+    static var canUseRealKeychainForTesting: Bool {
+        self.canUseRealKeychain
+    }
+
+    #if DEBUG && os(macOS)
+    public static func withLoadFailureStatusOverrideForTesting<T>(
+        _ status: OSStatus?,
+        operation: () throws -> T) rethrows -> T
+    {
+        try self.$loadFailureStatusOverride.withValue(status) {
+            try operation()
+        }
+    }
+    #endif
+
     static func setTestStoreForTesting(_ enabled: Bool) {
         self.testStoreLock.lock()
         defer { self.testStoreLock.unlock() }
@@ -179,6 +263,27 @@ public enum KeychainCacheStore {
         serviceOverride ?? self.globalServiceOverride ?? self.cacheService
     }
 
+    private static var canUseRealKeychain: Bool {
+        !KeychainAccessGate.isDisabled
+    }
+
+    #if DEBUG
+    private static var shouldUseImplicitTestStore: Bool {
+        self.isRunningUnderTests && !self.canUseRealKeychain
+    }
+
+    private static var isRunningUnderTests: Bool {
+        let processName = ProcessInfo.processInfo.processName
+        return processName == "swiftpm-testing-helper"
+            || processName.hasSuffix("PackageTests")
+            || ProcessInfo.processInfo.environment["XCTestConfigurationFilePath"] != nil
+    }
+    #else
+    private static var shouldUseImplicitTestStore: Bool {
+        false
+    }
+    #endif
+
     private static func makeEncoder() -> JSONEncoder {
         let encoder = JSONEncoder()
         encoder.dateEncodingStrategy = .iso8601
@@ -191,13 +296,132 @@ public enum KeychainCacheStore {
         return decoder
     }
 
+    #if os(macOS)
+    static func loadResultForKeychainReadFailure<Entry>(
+        status: OSStatus,
+        key: Key) -> LoadResult<Entry>
+    {
+        switch status {
+        case errSecItemNotFound:
+            return .missing
+        case errSecInteractionNotAllowed:
+            // Keychain is temporarily locked, e.g. immediately after wake from sleep.
+            self.log.info("Keychain cache temporarily locked (\(key.account)), will retry on next access")
+            return .temporarilyUnavailable
+        default:
+            self.log.error("Keychain cache read failed (\(key.account)): \(status)")
+            return .invalid
+        }
+    }
+
+    static func trustedApplicationPathsForCacheAccess(
+        bundleURL: URL = Bundle.main.bundleURL,
+        executableURL: URL? = Bundle.main.executableURL,
+        fileExists: (String) -> Bool = { FileManager.default.fileExists(atPath: $0) }) -> [String]
+    {
+        var paths: [String] = []
+        func append(_ path: String) {
+            guard !path.isEmpty, fileExists(path), !paths.contains(path) else { return }
+            paths.append(path)
+        }
+
+        let appBundle = self.appBundleURL(containing: bundleURL)
+            ?? executableURL.flatMap(self.appBundleURL(containing:))
+        if let appBundle {
+            append(appBundle.path)
+            append(appBundle.appendingPathComponent("Contents/Helpers/CodexBarCLI").path)
+        }
+        if let executableURL {
+            append(executableURL.path)
+        }
+        return paths
+    }
+
+    private static func appBundleURL(containing url: URL) -> URL? {
+        var current = url.standardizedFileURL
+        while current.path != "/" {
+            if current.pathExtension == "app" {
+                return current
+            }
+            current.deleteLastPathComponent()
+        }
+        return nil
+    }
+
+    private static func cacheAccessControl() -> SecAccess? {
+        let trustedPaths = self.trustedApplicationPathsForCacheAccess()
+        guard !trustedPaths.isEmpty else { return nil }
+
+        var trustedApplications: [SecTrustedApplication] = []
+        for path in trustedPaths {
+            let (status, application) = self.createTrustedApplication(path: path)
+            if status == errSecSuccess, let application {
+                trustedApplications.append(application)
+            } else {
+                self.log.error("Keychain cache trusted app creation failed (\(path)): \(status)")
+            }
+        }
+        guard !trustedApplications.isEmpty else { return nil }
+
+        let (status, access) = self.createAccessControl(trustedApplications: trustedApplications)
+        if status != errSecSuccess {
+            self.log.error("Keychain cache access control creation failed: \(status)")
+            return nil
+        }
+        return access
+    }
+
+    private typealias SecTrustedApplicationCreateFromPathFunction = @convention(c) (
+        UnsafePointer<CChar>?,
+        UnsafeMutablePointer<SecTrustedApplication?>?) -> OSStatus
+    private typealias SecAccessCreateFunction = @convention(c) (
+        CFString,
+        CFArray,
+        UnsafeMutablePointer<SecAccess?>?) -> OSStatus
+
+    private static func createTrustedApplication(path: String) -> (OSStatus, SecTrustedApplication?) {
+        guard let symbol = self.securitySymbol(named: "SecTrustedApplicationCreateFromPath") else {
+            return (errSecInternalComponent, nil)
+        }
+        let function = unsafeBitCast(symbol, to: SecTrustedApplicationCreateFromPathFunction.self)
+        var application: SecTrustedApplication?
+        let status = path.withCString { cPath in
+            function(cPath, &application)
+        }
+        return (status, application)
+    }
+
+    private static func createAccessControl(trustedApplications: [SecTrustedApplication]) -> (OSStatus, SecAccess?) {
+        guard let symbol = self.securitySymbol(named: "SecAccessCreate") else {
+            return (errSecInternalComponent, nil)
+        }
+        let function = unsafeBitCast(symbol, to: SecAccessCreateFunction.self)
+        var access: SecAccess?
+        let status = function(self.cacheLabel as CFString, trustedApplications as CFArray, &access)
+        return (status, access)
+    }
+
+    private nonisolated(unsafe) static let securityFrameworkHandle: UnsafeMutableRawPointer? = {
+        let securityPath = "/System/Library/Frameworks/Security.framework/Security"
+        return dlopen(securityPath, RTLD_NOW)
+    }()
+
+    private static func securitySymbol(named name: String) -> UnsafeMutableRawPointer? {
+        // Resolve deprecated SecKeychain ACL helpers at runtime so release builds stay warning-free
+        // while still granting the app bundle and bundled CLI prompt-free access to cache entries.
+        guard let securityFrameworkHandle else { return nil }
+        return dlsym(securityFrameworkHandle, name)
+    }
+    #endif
+
     private static func loadFromTestStore<Entry: Codable>(
         key: Key,
         as type: Entry.Type) -> LoadResult<Entry>?
     {
         self.testStoreLock.lock()
         defer { self.testStoreLock.unlock() }
-        guard let store = self.testStore else { return nil }
+        guard let store = self.testStore ?? (self.shouldUseImplicitTestStore ? self.implicitTestStore : nil)
+        else { return nil }
         let testKey = TestStoreKey(service: self.serviceName, account: key.account)
         guard let data = store[testKey] else { return .missing }
         let decoder = Self.makeDecoder()
@@ -210,29 +434,64 @@ public enum KeychainCacheStore {
     private static func storeInTestStore(key: Key, entry: some Codable) -> Bool {
         self.testStoreLock.lock()
         defer { self.testStoreLock.unlock() }
-        guard var store = self.testStore else { return false }
         let encoder = Self.makeEncoder()
         guard let data = try? encoder.encode(entry) else { return true }
         let testKey = TestStoreKey(service: self.serviceName, account: key.account)
-        store[testKey] = data
-        self.testStore = store
-        return true
+        if var store = self.testStore {
+            store[testKey] = data
+            self.testStore = store
+            return true
+        }
+        if self.shouldUseImplicitTestStore {
+            self.implicitTestStore[testKey] = data
+            return true
+        }
+        return false
     }
 
-    private static func clearTestStore(key: Key) -> Bool {
+    private static func clearTestStore(key: Key) -> Bool? {
         self.testStoreLock.lock()
         defer { self.testStoreLock.unlock() }
-        guard var store = self.testStore else { return false }
         let testKey = TestStoreKey(service: self.serviceName, account: key.account)
-        store.removeValue(forKey: testKey)
-        self.testStore = store
-        return true
+        if var store = self.testStore {
+            let removed = store.removeValue(forKey: testKey) != nil
+            self.testStore = store
+            return removed
+        }
+        if self.shouldUseImplicitTestStore {
+            return self.implicitTestStore.removeValue(forKey: testKey) != nil
+        }
+        return nil
+    }
+
+    private static func keysFromTestStore(category: String) -> [Key]? {
+        self.testStoreLock.lock()
+        defer { self.testStoreLock.unlock() }
+        guard let store = self.testStore ?? (self.shouldUseImplicitTestStore ? self.implicitTestStore : nil)
+        else { return nil }
+        return store.keys
+            .filter { $0.service == self.serviceName }
+            .compactMap { self.key(fromAccount: $0.account, category: category) }
+            .sorted { $0.identifier < $1.identifier }
+    }
+
+    private static func key(fromAccount account: String, category: String) -> Key? {
+        let prefix = "\(category)."
+        guard account.hasPrefix(prefix) else { return nil }
+        let identifier = String(account.dropFirst(prefix.count))
+        guard !identifier.isEmpty else { return nil }
+        return Key(category: category, identifier: identifier)
     }
 }
 
 extension KeychainCacheStore.Key {
-    public static func cookie(provider: UsageProvider) -> Self {
-        Self(category: "cookie", identifier: provider.rawValue)
+    public static func cookie(provider: UsageProvider, scopeIdentifier: String? = nil) -> Self {
+        let identifier: String = if let scopeIdentifier, !scopeIdentifier.isEmpty {
+            "\(provider.rawValue).\(scopeIdentifier)"
+        } else {
+            provider.rawValue
+        }
+        return Self(category: "cookie", identifier: identifier)
     }
 
     public static func oauth(provider: UsageProvider) -> Self {
diff --git a/Sources/CodexBarCore/KeychainNoUIQuery.swift b/Sources/CodexBarCore/KeychainNoUIQuery.swift
index 29ef456a7..58df3e085 100644
--- a/Sources/CodexBarCore/KeychainNoUIQuery.swift
+++ b/Sources/CodexBarCore/KeychainNoUIQuery.swift
@@ -1,19 +1,41 @@
 import Foundation
 
 #if os(macOS)
+import Darwin
 import LocalAuthentication
 import Security
 
 enum KeychainNoUIQuery {
+    private static let uiFailPolicy = KeychainNoUIQuery.resolveUIFailPolicy()
+
     static func apply(to query: inout [String: Any]) {
         let context = LAContext()
         context.interactionNotAllowed = true
         query[kSecUseAuthenticationContext as String] = context
 
-        // NOTE: While Apple recommends using LAContext.interactionNotAllowed, that alone is not sufficient to
-        // prevent the legacy keychain "Allow/Deny" prompt on some configurations. We also set the UI policy to fail
-        // so SecItemCopyMatching returns errSecInteractionNotAllowed instead of showing UI.
-        query[kSecUseAuthenticationUI as String] = kSecUseAuthenticationUIFail
+        // Keep explicit UI-fail policy for legacy keychain behavior on macOS where
+        // `interactionNotAllowed` alone can still surface Allow/Deny prompts.
+        query[kSecUseAuthenticationUI as String] = self.uiFailPolicy as CFString
+    }
+
+    static func uiFailPolicyForTesting() -> String {
+        self.uiFailPolicy
+    }
+
+    private static func resolveUIFailPolicy() -> String {
+        // Resolve the Security symbol at runtime to preserve the true constant value
+        // without directly referencing deprecated API at compile time.
+        let securityPath = "/System/Library/Frameworks/Security.framework/Security"
+        guard let handle = dlopen(securityPath, RTLD_NOW) else {
+            return "u_AuthUIF"
+        }
+        defer { dlclose(handle) }
+
+        guard let symbol = dlsym(handle, "kSecUseAuthenticationUIFail") else {
+            return "u_AuthUIF"
+        }
+        let valuePointer = symbol.assumingMemoryBound(to: CFString?.self)
+        return (valuePointer.pointee as String?) ?? "u_AuthUIF"
     }
 }
 #endif
diff --git a/Sources/CodexBarCore/Logging/CodexBarLog.swift b/Sources/CodexBarCore/Logging/CodexBarLog.swift
index 2f9db069c..7a64eb328 100644
--- a/Sources/CodexBarCore/Logging/CodexBarLog.swift
+++ b/Sources/CodexBarCore/Logging/CodexBarLog.swift
@@ -4,6 +4,7 @@ import Logging
 public enum CodexBarLog {
     public enum Destination: Sendable {
         case stderr
+        case discard
         case oslog(subsystem: String)
     }
 
@@ -85,6 +86,8 @@ public enum CodexBarLog {
             case .stderr:
                 if config.json { return JSONStderrLogHandler(label: label) }
                 return StreamLogHandler.standardError(label: label)
+            case .discard:
+                return DiscardLogHandler()
             case let .oslog(subsystem):
                 #if canImport(os)
                 return OSLogLogHandler(label: label, subsystem: subsystem)
@@ -154,6 +157,18 @@ public enum CodexBarLog {
     }
 }
 
+private struct DiscardLogHandler: LogHandler {
+    var metadata: Logger.Metadata = [:]
+    var logLevel: Logger.Level = .critical
+
+    subscript(metadataKey metadataKey: String) -> Logger.Metadata.Value? {
+        get { self.metadata[metadataKey] }
+        set { self.metadata[metadataKey] = newValue }
+    }
+
+    func log(event _: LogEvent) {}
+}
+
 public struct CodexBarLogger: Sendable {
     private let logFn: @Sendable (CodexBarLog.Level, String, [String: String]?) -> Void
 
diff --git a/Sources/CodexBarCore/Logging/CompositeLogHandler.swift b/Sources/CodexBarCore/Logging/CompositeLogHandler.swift
index f86aebc1c..51f989ea1 100644
--- a/Sources/CodexBarCore/Logging/CompositeLogHandler.swift
+++ b/Sources/CodexBarCore/Logging/CompositeLogHandler.swift
@@ -33,31 +33,8 @@ struct CompositeLogHandler: LogHandler {
         }
     }
 
-    // swiftlint:disable:next function_parameter_count
-    func log(
-        level: Logger.Level,
-        message: Logger.Message,
-        metadata: Logger.Metadata?,
-        source: String,
-        file: String,
-        function: String,
-        line: UInt)
-    {
-        self.primary.log(
-            level: level,
-            message: message,
-            metadata: metadata,
-            source: source,
-            file: file,
-            function: function,
-            line: line)
-        self.secondary.log(
-            level: level,
-            message: message,
-            metadata: metadata,
-            source: source,
-            file: file,
-            function: function,
-            line: line)
+    func log(event: LogEvent) {
+        self.primary.log(event: event)
+        self.secondary.log(event: event)
     }
 }
diff --git a/Sources/CodexBarCore/Logging/FileLogHandler.swift b/Sources/CodexBarCore/Logging/FileLogHandler.swift
index effe9ff5c..e43211626 100644
--- a/Sources/CodexBarCore/Logging/FileLogHandler.swift
+++ b/Sources/CodexBarCore/Logging/FileLogHandler.swift
@@ -103,19 +103,10 @@ struct FileLogHandler: LogHandler {
         set { self.metadata[metadataKey] = newValue }
     }
 
-    // swiftlint:disable:next function_parameter_count
-    func log(
-        level: Logger.Level,
-        message: Logger.Message,
-        metadata: Logger.Metadata?,
-        source: String,
-        file: String,
-        function: String,
-        line: UInt)
-    {
+    func log(event: LogEvent) {
         let ts = Self.timestamp()
         var combined = self.metadata
-        if let metadata { combined.merge(metadata, uniquingKeysWith: { _, new in new }) }
+        if let metadata = event.metadata { combined.merge(metadata, uniquingKeysWith: { _, new in new }) }
         var metaText = ""
         if !combined.isEmpty {
             let pairs = combined
@@ -128,12 +119,12 @@ struct FileLogHandler: LogHandler {
                 .joined(separator: " ")
             metaText = " \(pairs)"
         }
-        let safeMessage = LogRedactor.redact("\(message)")
-        let lineText = "[\(ts)] [\(level.rawValue.uppercased())] \(self.label): \(safeMessage)\(metaText)\n"
-        _ = source
-        _ = file
-        _ = function
-        _ = line
+        let safeMessage = LogRedactor.redact("\(event.message)")
+        let lineText = "[\(ts)] [\(event.level.rawValue.uppercased())] \(self.label): \(safeMessage)\(metaText)\n"
+        _ = event.source
+        _ = event.file
+        _ = event.function
+        _ = event.line
         self.sink.write(lineText)
     }
 
diff --git a/Sources/CodexBarCore/Logging/JSONStderrLogHandler.swift b/Sources/CodexBarCore/Logging/JSONStderrLogHandler.swift
index 6c02e745e..4d5c5d394 100644
--- a/Sources/CodexBarCore/Logging/JSONStderrLogHandler.swift
+++ b/Sources/CodexBarCore/Logging/JSONStderrLogHandler.swift
@@ -25,29 +25,20 @@ struct JSONStderrLogHandler: LogHandler {
         set { self.metadata[metadataKey] = newValue }
     }
 
-    // swiftlint:disable:next function_parameter_count
-    func log(
-        level: Logger.Level,
-        message: Logger.Message,
-        metadata: Logger.Metadata?,
-        source: String,
-        file: String,
-        function: String,
-        line: UInt)
-    {
+    func log(event: LogEvent) {
         let ts = Date()
         var combined = self.metadata
-        if let metadata { combined.merge(metadata, uniquingKeysWith: { _, new in new }) }
+        if let metadata = event.metadata { combined.merge(metadata, uniquingKeysWith: { _, new in new }) }
 
         let payload = JSONLogLine(
             timestamp: ts,
-            level: level.rawValue,
+            level: event.level.rawValue,
             label: self.label,
-            message: message.description,
-            source: source,
-            file: file,
-            function: function,
-            line: line,
+            message: event.message.description,
+            source: event.source,
+            file: event.file,
+            function: event.function,
+            line: event.line,
             metadata: combined.isEmpty ? nil : combined.mapValues(\.description))
 
         guard let data = try? self.encoder.encode(payload),
diff --git a/Sources/CodexBarCore/Logging/LogCategories.swift b/Sources/CodexBarCore/Logging/LogCategories.swift
index 37a7726ef..2119ec261 100644
--- a/Sources/CodexBarCore/Logging/LogCategories.swift
+++ b/Sources/CodexBarCore/Logging/LogCategories.swift
@@ -1,23 +1,35 @@
 public enum LogCategories {
+    public static let abacusCookie = "abacus-cookie"
+    public static let abacusUsage = "abacus-usage"
     public static let amp = "amp"
     public static let antigravity = "antigravity"
     public static let app = "app"
     public static let auggieCLI = "auggie-cli"
     public static let augment = "augment"
     public static let augmentKeepalive = "augment-keepalive"
+    public static let bedrockUsage = "bedrock-usage"
     public static let browserCookieGate = "browser-cookie-gate"
     public static let claudeCLI = "claude-cli"
     public static let claudeProbe = "claude-probe"
     public static let claudeUsage = "claude-usage"
     public static let codexRPC = "codex-rpc"
+    public static let commandcodeCookie = "commandcode-cookie"
+    public static let commandcodeUsage = "commandcode-usage"
     public static let configMigration = "config-migration"
     public static let configStore = "config-store"
+    public static let confetti = "confetti"
     public static let cookieCache = "cookie-cache"
     public static let cookieHeaderStore = "cookie-header-store"
     public static let copilotTokenStore = "copilot-token-store"
     public static let creditsPurchase = "creditsPurchase"
     public static let cursorLogin = "cursor-login"
+    public static let deepSeekSettings = "deepseek-settings"
+    public static let deepSeekUsage = "deepseek-usage"
+    public static let deepgramUsage = "deepgram-usage"
+    public static let doubaoUsage = "doubao-usage"
+    public static let elevenLabsUsage = "elevenlabs-usage"
     public static let geminiProbe = "gemini-probe"
+    public static let grok = "grok"
     public static let keychainCache = "keychain-cache"
     public static let keychainMigration = "keychain-migration"
     public static let keychainPreflight = "keychain-preflight"
@@ -32,33 +44,45 @@ public enum LogCategories {
     public static let launchAtLogin = "launch-at-login"
     public static let login = "login"
     public static let logging = "logging"
+    public static let manusAPI = "manus-api"
+    public static let manusCookie = "manus-cookie"
+    public static let manusWeb = "manus-web"
     public static let minimaxAPITokenStore = "minimax-api-token-store"
     public static let minimaxCookie = "minimax-cookie"
     public static let minimaxCookieStore = "minimax-cookie-store"
     public static let minimaxUsage = "minimax-usage"
     public static let minimaxWeb = "minimax-web"
+    public static let moonshotUsage = "moonshot-usage"
     public static let notifications = "notifications"
     public static let openAIWeb = "openai-web"
     public static let openAIWebview = "openai-webview"
     public static let ollama = "ollama"
     public static let opencodeUsage = "opencode-usage"
+    public static let opencodeGoUsage = "opencode-go-usage"
     public static let openRouterUsage = "openrouter-usage"
+    public static let perplexityAPI = "perplexity-api"
+    public static let perplexityCookie = "perplexity-cookie"
+    public static let perplexityWeb = "perplexity-web"
     public static let providerDetection = "provider-detection"
     public static let providers = "providers"
+    public static let quotaWarningNotifications = "quotaWarningNotifications"
     public static let sessionQuota = "sessionQuota"
     public static let sessionQuotaNotifications = "sessionQuotaNotifications"
     public static let settings = "settings"
     public static let subprocess = "subprocess"
     public static let syntheticTokenStore = "synthetic-token-store"
     public static let syntheticUsage = "synthetic-usage"
+    public static let t3chat = "t3chat"
     public static let terminal = "terminal"
     public static let tokenAccounts = "token-accounts"
     public static let tokenCost = "token-cost"
     public static let ttyRunner = "tty-runner"
+    public static let veniceUsage = "venice-usage"
     public static let vertexAIFetcher = "vertexai-fetcher"
     public static let warpUsage = "warp-usage"
     public static let webkitTeardown = "webkit-teardown"
     public static let zaiSettings = "zai-settings"
     public static let zaiTokenStore = "zai-token-store"
     public static let zaiUsage = "zai-usage"
+    public static let stepfunUsage = "stepfun-usage"
 }
diff --git a/Sources/CodexBarCore/Logging/LogRedactor.swift b/Sources/CodexBarCore/Logging/LogRedactor.swift
index 02cf42c40..d664fd7f8 100644
--- a/Sources/CodexBarCore/Logging/LogRedactor.swift
+++ b/Sources/CodexBarCore/Logging/LogRedactor.swift
@@ -18,13 +18,23 @@ public enum LogRedactor {
         pattern: #"(?i)(authorization\s*:\s*)([^\r\n]+)"#)
     private static let bearerRegex = Self.makeRegex(
         pattern: #"(?i)\bbearer\s+[a-z0-9._\-]+=*\b"#)
+    private static let minimaxCodingPlanTokenRegex = Self.makeRegex(
+        pattern: #"sk-cp-[^\s"'`;,)>\]]+"#)
+    private static let minimaxApiTokenRegex = Self.makeRegex(
+        pattern: #"sk-api-[^\s"'`;,)>\]]+"#)
 
     public static func redact(_ text: String) -> String {
         var output = text
+        // Email is broad and safe first
         output = self.replace(self.emailRegex, in: output, with: "<redacted-email>")
+        // MiniMax tokens before broader rules catch them
+        output = self.replace(self.minimaxCodingPlanTokenRegex, in: output, with: "<redacted-minimax-token>")
+        output = self.replace(self.minimaxApiTokenRegex, in: output, with: "<redacted-minimax-token>")
+        // Bearer catches "bearer <token>" before authorization wraps it
+        output = self.replace(self.bearerRegex, in: output, with: "Bearer <redacted>")
+        // Authorization catches the rest (already-redacted content)
         output = self.replace(self.cookieHeaderRegex, in: output, with: "$1<redacted>")
         output = self.replace(self.authorizationRegex, in: output, with: "$1<redacted>")
-        output = self.replace(self.bearerRegex, in: output, with: "Bearer <redacted>")
         return output
     }
 
diff --git a/Sources/CodexBarCore/Logging/OSLogLogHandler.swift b/Sources/CodexBarCore/Logging/OSLogLogHandler.swift
index 3a1b28754..be0dc2509 100644
--- a/Sources/CodexBarCore/Logging/OSLogLogHandler.swift
+++ b/Sources/CodexBarCore/Logging/OSLogLogHandler.swift
@@ -23,24 +23,15 @@ struct OSLogLogHandler: LogHandler {
         set { self.metadata[metadataKey] = newValue }
     }
 
-    // swiftlint:disable:next function_parameter_count
-    func log(
-        level: Logging.Logger.Level,
-        message: Logging.Logger.Message,
-        metadata: Logging.Logger.Metadata?,
-        source: String,
-        file: String,
-        function: String,
-        line: UInt)
-    {
+    func log(event: LogEvent) {
         let msg = Self.decorate(
-            message: message.description,
+            message: event.message.description,
             label: self.label,
             subsystem: self.subsystem,
             metadata: self.metadata,
-            extraMetadata: metadata)
+            extraMetadata: event.metadata)
 
-        switch level {
+        switch event.level {
         case .trace:
             self.logger.debug("\(msg, privacy: .public)")
         case .debug:
diff --git a/Sources/CodexBarCore/ManagedCodexAccountStore.swift b/Sources/CodexBarCore/ManagedCodexAccountStore.swift
new file mode 100644
index 000000000..060b303f4
--- /dev/null
+++ b/Sources/CodexBarCore/ManagedCodexAccountStore.swift
@@ -0,0 +1,115 @@
+import Foundation
+
+public enum FileManagedCodexAccountStoreError: Error, Equatable, Sendable {
+    case unsupportedVersion(Int)
+}
+
+public protocol ManagedCodexAccountStoring: Sendable {
+    func loadAccounts() throws -> ManagedCodexAccountSet
+    func storeAccounts(_ accounts: ManagedCodexAccountSet) throws
+    func ensureFileExists() throws -> URL
+}
+
+public struct FileManagedCodexAccountStore: ManagedCodexAccountStoring, @unchecked Sendable {
+    public static let currentVersion = 3
+
+    private let fileURL: URL
+    private let fileManager: FileManager
+
+    public init(fileURL: URL = Self.defaultURL(), fileManager: FileManager = .default) {
+        self.fileURL = fileURL
+        self.fileManager = fileManager
+    }
+
+    public func loadAccounts() throws -> ManagedCodexAccountSet {
+        guard self.fileManager.fileExists(atPath: self.fileURL.path) else {
+            return Self.emptyAccountSet()
+        }
+
+        let data = try Data(contentsOf: self.fileURL)
+        let decoder = JSONDecoder()
+        let accounts = try decoder.decode(ManagedCodexAccountSet.self, from: data)
+        guard (1...Self.currentVersion).contains(accounts.version) else {
+            throw FileManagedCodexAccountStoreError.unsupportedVersion(accounts.version)
+        }
+        if accounts.version == Self.currentVersion {
+            return ManagedCodexAccountSet(version: Self.currentVersion, accounts: accounts.accounts)
+        }
+        return self.migrateLegacyAccounts(accounts)
+    }
+
+    public func storeAccounts(_ accounts: ManagedCodexAccountSet) throws {
+        let normalizedAccounts = ManagedCodexAccountSet(
+            version: Self.currentVersion,
+            accounts: accounts.accounts)
+        let encoder = JSONEncoder()
+        encoder.outputFormatting = [.prettyPrinted, .sortedKeys]
+        let data = try encoder.encode(normalizedAccounts)
+        let directory = self.fileURL.deletingLastPathComponent()
+        if !self.fileManager.fileExists(atPath: directory.path) {
+            try self.fileManager.createDirectory(at: directory, withIntermediateDirectories: true)
+        }
+        try data.write(to: self.fileURL, options: [.atomic])
+        try self.applySecurePermissionsIfNeeded()
+    }
+
+    public func ensureFileExists() throws -> URL {
+        if self.fileManager.fileExists(atPath: self.fileURL.path) { return self.fileURL }
+        try self.storeAccounts(Self.emptyAccountSet())
+        return self.fileURL
+    }
+
+    private func applySecurePermissionsIfNeeded() throws {
+        #if os(macOS)
+        try self.fileManager.setAttributes([
+            .posixPermissions: NSNumber(value: Int16(0o600)),
+        ], ofItemAtPath: self.fileURL.path)
+        #endif
+    }
+
+    private static func emptyAccountSet() -> ManagedCodexAccountSet {
+        ManagedCodexAccountSet(version: self.currentVersion, accounts: [])
+    }
+
+    private func migrateLegacyAccounts(_ accounts: ManagedCodexAccountSet) -> ManagedCodexAccountSet {
+        let migratedAccounts = accounts.accounts.map { account in
+            let hydratedProviderAccountID = account.providerAccountID ?? self.hydrateProviderAccountID(for: account)
+            return ManagedCodexAccount(
+                id: account.id,
+                email: account.email,
+                providerAccountID: hydratedProviderAccountID,
+                workspaceLabel: account.workspaceLabel,
+                workspaceAccountID: account.workspaceAccountID,
+                authFingerprint: account.authFingerprint ?? CodexAuthFingerprint.fingerprint(
+                    homePath: account.managedHomePath,
+                    fileManager: self.fileManager),
+                managedHomePath: account.managedHomePath,
+                createdAt: account.createdAt,
+                updatedAt: account.updatedAt,
+                lastAuthenticatedAt: account.lastAuthenticatedAt)
+        }
+        return ManagedCodexAccountSet(version: Self.currentVersion, accounts: migratedAccounts)
+    }
+
+    private func hydrateProviderAccountID(for account: ManagedCodexAccount) -> String? {
+        guard let credentials = try? CodexOAuthCredentialsStore.load(
+            env: ["CODEX_HOME": account.managedHomePath])
+        else {
+            return nil
+        }
+        let payload = credentials.idToken.flatMap(UsageFetcher.parseJWT)
+        let authDict = payload?["https://api.openai.com/auth"] as? [String: Any]
+        let providerAccountID = credentials.accountId
+            ?? (authDict?["chatgpt_account_id"] as? String)
+            ?? (payload?["chatgpt_account_id"] as? String)
+        return ManagedCodexAccount.normalizeProviderAccountID(providerAccountID)
+    }
+
+    public static func defaultURL() -> URL {
+        let base = FileManager.default.urls(for: .applicationSupportDirectory, in: .userDomainMask).first
+            ?? FileManager.default.homeDirectoryForCurrentUser
+        return base
+            .appendingPathComponent("CodexBar", isDirectory: true)
+            .appendingPathComponent("managed-codex-accounts.json")
+    }
+}
diff --git a/Sources/CodexBarCore/OpenAIDashboardModels.swift b/Sources/CodexBarCore/OpenAIDashboardModels.swift
index 367223a96..266e548a1 100644
--- a/Sources/CodexBarCore/OpenAIDashboardModels.swift
+++ b/Sources/CodexBarCore/OpenAIDashboardModels.swift
@@ -3,6 +3,7 @@ import Foundation
 public struct OpenAIDashboardSnapshot: Codable, Equatable, Sendable {
     public let signedInEmail: String?
     public let codeReviewRemainingPercent: Double?
+    public let codeReviewLimit: RateWindow?
     public let creditEvents: [CreditEvent]
     public let dailyBreakdown: [OpenAIDashboardDailyBreakdown]
     /// Usage breakdown time series from the Codex dashboard chart ("Usage breakdown", 30 days).
@@ -12,6 +13,9 @@ public struct OpenAIDashboardSnapshot: Codable, Equatable, Sendable {
     public let creditsPurchaseURL: String?
     public let primaryLimit: RateWindow?
     public let secondaryLimit: RateWindow?
+    /// Named model-specific limits (e.g. Codex Spark) decoded from the dashboard
+    /// `wham/usage` response's `additional_rate_limits` array.
+    public let extraRateWindows: [NamedRateWindow]?
     public let creditsRemaining: Double?
     public let accountPlan: String?
     public let updatedAt: Date
@@ -19,24 +23,28 @@ public struct OpenAIDashboardSnapshot: Codable, Equatable, Sendable {
     public init(
         signedInEmail: String?,
         codeReviewRemainingPercent: Double?,
+        codeReviewLimit: RateWindow? = nil,
         creditEvents: [CreditEvent],
         dailyBreakdown: [OpenAIDashboardDailyBreakdown],
         usageBreakdown: [OpenAIDashboardDailyBreakdown],
         creditsPurchaseURL: String?,
         primaryLimit: RateWindow? = nil,
         secondaryLimit: RateWindow? = nil,
+        extraRateWindows: [NamedRateWindow]? = nil,
         creditsRemaining: Double? = nil,
         accountPlan: String? = nil,
         updatedAt: Date)
     {
         self.signedInEmail = signedInEmail
         self.codeReviewRemainingPercent = codeReviewRemainingPercent
+        self.codeReviewLimit = codeReviewLimit
         self.creditEvents = creditEvents
         self.dailyBreakdown = dailyBreakdown
-        self.usageBreakdown = usageBreakdown
+        self.usageBreakdown = OpenAIDashboardDailyBreakdown.removingSkillUsageServices(from: usageBreakdown)
         self.creditsPurchaseURL = creditsPurchaseURL
         self.primaryLimit = primaryLimit
         self.secondaryLimit = secondaryLimit
+        self.extraRateWindows = extraRateWindows
         self.creditsRemaining = creditsRemaining
         self.accountPlan = accountPlan
         self.updatedAt = updatedAt
@@ -45,12 +53,14 @@ public struct OpenAIDashboardSnapshot: Codable, Equatable, Sendable {
     private enum CodingKeys: String, CodingKey {
         case signedInEmail
         case codeReviewRemainingPercent
+        case codeReviewLimit
         case creditEvents
         case dailyBreakdown
         case usageBreakdown
         case creditsPurchaseURL
         case primaryLimit
         case secondaryLimit
+        case extraRateWindows
         case creditsRemaining
         case accountPlan
         case updatedAt
@@ -62,17 +72,24 @@ public struct OpenAIDashboardSnapshot: Codable, Equatable, Sendable {
         self.codeReviewRemainingPercent = try container.decodeIfPresent(
             Double.self,
             forKey: .codeReviewRemainingPercent)
+        self.codeReviewLimit = try container.decodeIfPresent(RateWindow.self, forKey: .codeReviewLimit)
         self.creditEvents = try container.decodeIfPresent([CreditEvent].self, forKey: .creditEvents) ?? []
         self.dailyBreakdown = try container.decodeIfPresent(
             [OpenAIDashboardDailyBreakdown].self,
             forKey: .dailyBreakdown)
             ?? Self.makeDailyBreakdown(from: self.creditEvents, maxDays: 30)
-        self.usageBreakdown = try container.decodeIfPresent(
+        let decodedUsageBreakdown = try container.decodeIfPresent(
             [OpenAIDashboardDailyBreakdown].self,
             forKey: .usageBreakdown) ?? []
+        self.usageBreakdown = OpenAIDashboardDailyBreakdown.removingSkillUsageServices(
+            from: decodedUsageBreakdown)
         self.creditsPurchaseURL = try container.decodeIfPresent(String.self, forKey: .creditsPurchaseURL)
         self.primaryLimit = try container.decodeIfPresent(RateWindow.self, forKey: .primaryLimit)
         self.secondaryLimit = try container.decodeIfPresent(RateWindow.self, forKey: .secondaryLimit)
+        // Backward-compatible: older cached snapshots simply lack the key and decode to nil.
+        self.extraRateWindows = try container.decodeIfPresent(
+            [NamedRateWindow].self,
+            forKey: .extraRateWindows)
         self.creditsRemaining = try container.decodeIfPresent(Double.self, forKey: .creditsRemaining)
         self.accountPlan = try container.decodeIfPresent(String.self, forKey: .accountPlan)
         self.updatedAt = try container.decode(Date.self, forKey: .updatedAt)
@@ -115,21 +132,12 @@ extension OpenAIDashboardSnapshot {
         accountEmail: String? = nil,
         accountPlan: String? = nil) -> UsageSnapshot?
     {
-        guard let primaryLimit else { return nil }
-        let resolvedEmail = accountEmail ?? self.signedInEmail
-        let resolvedPlan = accountPlan ?? self.accountPlan
-        let identity = ProviderIdentitySnapshot(
-            providerID: provider,
-            accountEmail: resolvedEmail,
-            accountOrganization: nil,
-            loginMethod: resolvedPlan)
-        return UsageSnapshot(
-            primary: primaryLimit,
-            secondary: self.secondaryLimit,
-            tertiary: nil,
-            providerCost: nil,
-            updatedAt: self.updatedAt,
-            identity: identity)
+        CodexReconciledState.fromAttachedDashboard(
+            snapshot: self,
+            provider: provider,
+            accountEmail: accountEmail,
+            accountPlan: accountPlan)?
+            .toUsageSnapshot()
     }
 
     public func toCreditsSnapshot() -> CreditsSnapshot? {
@@ -149,6 +157,33 @@ public struct OpenAIDashboardDailyBreakdown: Codable, Equatable, Sendable {
         self.services = services
         self.totalCreditsUsed = totalCreditsUsed
     }
+
+    public static func isSkillUsageService(_ service: String) -> Bool {
+        service
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            .lowercased()
+            .hasPrefix("skillusage:")
+    }
+
+    public static func removingSkillUsageServices(
+        from breakdown: [OpenAIDashboardDailyBreakdown])
+        -> [OpenAIDashboardDailyBreakdown]
+    {
+        breakdown.compactMap { day in
+            guard !day.services.isEmpty else {
+                return day.totalCreditsUsed > 0 ? day : nil
+            }
+
+            let services = day.services.filter { !self.isSkillUsageService($0.service) }
+            guard !services.isEmpty else { return nil }
+
+            let total = services.reduce(0) { $0 + $1.creditsUsed }
+            return OpenAIDashboardDailyBreakdown(
+                day: day.day,
+                services: services,
+                totalCreditsUsed: total)
+        }
+    }
 }
 
 public struct OpenAIDashboardServiceUsage: Codable, Equatable, Sendable {
diff --git a/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardBrowserCookieImporter.swift b/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardBrowserCookieImporter.swift
index 8f211c5c3..bf36e53cf 100644
--- a/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardBrowserCookieImporter.swift
+++ b/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardBrowserCookieImporter.swift
@@ -71,6 +71,11 @@ public struct OpenAIDashboardBrowserCookieImporter {
 
     private let browserDetection: BrowserDetection
 
+    nonisolated static func shouldTrustVerifiedSession(afterPersistFailure error: Error) -> Bool {
+        let nsError = error as NSError
+        return nsError.domain == NSURLErrorDomain && nsError.code == NSURLErrorTimedOut
+    }
+
     private struct ImportDiagnostics {
         var mismatches: [FoundAccount] = []
         var foundAnyCookies: Bool = false
@@ -78,6 +83,12 @@ public struct OpenAIDashboardBrowserCookieImporter {
         var accessDeniedHints: [String] = []
     }
 
+    private struct ImportContext {
+        let targetEmail: String?
+        let allowAnyAccount: Bool
+        let cacheScope: CookieHeaderCache.Scope?
+    }
+
     private static let cookieDomains = ["chatgpt.com", "openai.com"]
     private static let cookieClient = BrowserCookieClient()
     private static let cookieImportOrder: BrowserCookieImportOrder =
@@ -94,6 +105,8 @@ public struct OpenAIDashboardBrowserCookieImporter {
     public func importBestCookies(
         intoAccountEmail targetEmail: String?,
         allowAnyAccount: Bool = false,
+        preferCachedCookieHeader: Bool = true,
+        cacheScope: CookieHeaderCache.Scope? = nil,
         logger: ((String) -> Void)? = nil) async throws -> ImportResult
     {
         let log: (String) -> Void = { message in
@@ -102,11 +115,15 @@ public struct OpenAIDashboardBrowserCookieImporter {
 
         let targetEmail = targetEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
         let normalizedTarget = targetEmail?.isEmpty == false ? targetEmail : nil
+        let context = ImportContext(
+            targetEmail: normalizedTarget,
+            allowAnyAccount: allowAnyAccount,
+            cacheScope: cacheScope)
 
         if normalizedTarget != nil {
             log("Codex email known; matching required.")
         } else {
-            guard allowAnyAccount else {
+            guard context.allowAnyAccount else {
                 throw ImportError.noCookiesFound
             }
             log("Codex email unknown; importing any signed-in session.")
@@ -114,26 +131,31 @@ public struct OpenAIDashboardBrowserCookieImporter {
 
         var diagnostics = ImportDiagnostics()
 
-        if let cached = CookieHeaderCache.load(provider: .codex),
-           !cached.cookieHeader.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
-        {
-            log("Using cached cookie header from \(cached.sourceLabel)")
-            do {
-                return try await self.importManualCookies(
-                    cookieHeader: cached.cookieHeader,
-                    intoAccountEmail: normalizedTarget,
-                    allowAnyAccount: allowAnyAccount,
-                    logger: log)
-            } catch let error as ImportError {
-                switch error {
-                case .manualCookieHeaderInvalid, .noMatchingAccount, .dashboardStillRequiresLogin:
-                    CookieHeaderCache.clear(provider: .codex)
-                default:
+        if preferCachedCookieHeader {
+            if let cached = CookieHeaderCache.load(provider: .codex, scope: cacheScope),
+               !cached.cookieHeader.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+            {
+                log("Using cached cookie header from \(cached.sourceLabel)")
+                do {
+                    return try await self.importManualCookies(
+                        cookieHeader: cached.cookieHeader,
+                        intoAccountEmail: context.targetEmail,
+                        allowAnyAccount: context.allowAnyAccount,
+                        cacheScope: cacheScope,
+                        logger: log)
+                } catch let error as ImportError {
+                    switch error {
+                    case .manualCookieHeaderInvalid, .noMatchingAccount, .dashboardStillRequiresLogin:
+                        CookieHeaderCache.clear(provider: .codex, scope: cacheScope)
+                    default:
+                        throw error
+                    }
+                } catch {
                     throw error
                 }
-            } catch {
-                throw error
             }
+        } else {
+            log("Skipping cached cookie header; forcing fresh browser import")
         }
 
         // Filter to cookie-eligible browsers to avoid unnecessary keychain prompts
@@ -141,8 +163,7 @@ public struct OpenAIDashboardBrowserCookieImporter {
         for browserSource in installedBrowsers {
             if let match = await self.trySource(
                 browserSource,
-                targetEmail: normalizedTarget,
-                allowAnyAccount: allowAnyAccount,
+                context: context,
                 log: log,
                 diagnostics: &diagnostics)
             {
@@ -177,6 +198,7 @@ public struct OpenAIDashboardBrowserCookieImporter {
         cookieHeader: String,
         intoAccountEmail targetEmail: String?,
         allowAnyAccount: Bool = false,
+        cacheScope _: CookieHeaderCache.Scope? = nil,
         logger: ((String) -> Void)? = nil) async throws -> ImportResult
     {
         let log: (String) -> Void = { message in
@@ -201,9 +223,17 @@ public struct OpenAIDashboardBrowserCookieImporter {
             log: log)
         {
         case let .match(_, signedInEmail):
-            return try await self.persist(candidate: candidate, targetEmail: signedInEmail, logger: log)
+            return try await self.persistVerifiedCandidate(
+                candidate: candidate,
+                targetEmail: signedInEmail,
+                verifiedSignedInEmail: signedInEmail,
+                logger: log)
         case let .loggedIn(_, signedInEmail):
-            return try await self.persist(candidate: candidate, targetEmail: signedInEmail, logger: log)
+            return try await self.persistVerifiedCandidate(
+                candidate: candidate,
+                targetEmail: signedInEmail,
+                verifiedSignedInEmail: signedInEmail,
+                logger: log)
         case let .mismatch(_, signedInEmail):
             throw ImportError.noMatchingAccount(found: [FoundAccount(sourceLabel: "Manual", email: signedInEmail)])
         case .unknown:
@@ -217,15 +247,14 @@ public struct OpenAIDashboardBrowserCookieImporter {
     }
 
     private func trySafari(
-        targetEmail: String?,
-        allowAnyAccount: Bool,
+        context: ImportContext,
         log: @escaping (String) -> Void,
         diagnostics: inout ImportDiagnostics) async -> ImportResult?
     {
         // Safari first: avoids touching Keychain ("Chrome Safe Storage") when Safari already matches.
         do {
             let query = BrowserCookieQuery(domains: Self.cookieDomains)
-            let sources = try Self.cookieClient.records(
+            let sources = try Self.cookieClient.codexBarRecords(
                 matching: query,
                 in: .safari,
                 logger: log)
@@ -245,8 +274,7 @@ public struct OpenAIDashboardBrowserCookieImporter {
                 let candidate = Candidate(label: source.label, cookies: cookies)
                 if let match = await self.applyCandidate(
                     candidate,
-                    targetEmail: targetEmail,
-                    allowAnyAccount: allowAnyAccount,
+                    context: context,
                     log: log,
                     diagnostics: &diagnostics)
                 {
@@ -267,66 +295,26 @@ public struct OpenAIDashboardBrowserCookieImporter {
         }
     }
 
-    private func tryChrome(
-        targetEmail: String?,
-        allowAnyAccount: Bool,
+    /// Generic cookie loader for any non-Safari browser (Chrome, Edge, Firefox, Brave, Arc, etc.).
+    /// SweetCookieKit handles engine-specific decryption internally.
+    private func tryBrowser(
+        _ browser: Browser,
+        context: ImportContext,
         log: @escaping (String) -> Void,
         diagnostics: inout ImportDiagnostics) async -> ImportResult?
     {
-        // Chrome fallback: may trigger Keychain prompt. Only do this if Safari didn't match.
         do {
             let query = BrowserCookieQuery(domains: Self.cookieDomains)
-            let chromeSources = try Self.cookieClient.records(
+            let sources = try Self.cookieClient.codexBarRecords(
                 matching: query,
-                in: .chrome)
-            for source in chromeSources {
-                let cookies = BrowserCookieClient.makeHTTPCookies(source.records, origin: query.origin)
-                if cookies.isEmpty {
-                    log("\(source.label) produced 0 HTTPCookies.")
-                    continue
-                }
-                diagnostics.foundAnyCookies = true
-                log("Loaded \(cookies.count) cookies from \(source.label) (\(self.cookieSummary(cookies)))")
-                let candidate = Candidate(label: source.label, cookies: cookies)
-                if let match = await self.applyCandidate(
-                    candidate,
-                    targetEmail: targetEmail,
-                    allowAnyAccount: allowAnyAccount,
-                    log: log,
-                    diagnostics: &diagnostics)
-                {
-                    return match
-                }
-            }
-            return nil
-        } catch let error as BrowserCookieError {
-            BrowserCookieAccessGate.recordIfNeeded(error)
-            if let hint = error.accessDeniedHint {
-                diagnostics.accessDeniedHints.append(hint)
+                in: browser)
+            guard !sources.isEmpty else {
+                log("\(browser.displayName) contained 0 matching records.")
+                return nil
             }
-            log("Chrome cookie load failed: \(error.localizedDescription)")
-            return nil
-        } catch {
-            log("Chrome cookie load failed: \(error.localizedDescription)")
-            return nil
-        }
-    }
-
-    private func tryFirefox(
-        targetEmail: String?,
-        allowAnyAccount: Bool,
-        log: @escaping (String) -> Void,
-        diagnostics: inout ImportDiagnostics) async -> ImportResult?
-    {
-        // Firefox fallback: no Keychain, but still only after Safari/Chrome.
-        do {
-            let query = BrowserCookieQuery(domains: Self.cookieDomains)
-            let firefoxSources = try Self.cookieClient.records(
-                matching: query,
-                in: .firefox)
-            for source in firefoxSources {
+            for source in sources {
                 let cookies = BrowserCookieClient.makeHTTPCookies(source.records, origin: query.origin)
-                if cookies.isEmpty {
+                guard !cookies.isEmpty else {
                     log("\(source.label) produced 0 HTTPCookies.")
                     continue
                 }
@@ -335,8 +323,7 @@ public struct OpenAIDashboardBrowserCookieImporter {
                 let candidate = Candidate(label: source.label, cookies: cookies)
                 if let match = await self.applyCandidate(
                     candidate,
-                    targetEmail: targetEmail,
-                    allowAnyAccount: allowAnyAccount,
+                    context: context,
                     log: log,
                     diagnostics: &diagnostics)
                 {
@@ -349,63 +336,59 @@ public struct OpenAIDashboardBrowserCookieImporter {
             if let hint = error.accessDeniedHint {
                 diagnostics.accessDeniedHints.append(hint)
             }
-            log("Firefox cookie load failed: \(error.localizedDescription)")
+            log("\(browser.displayName) cookie load failed: \(error.localizedDescription)")
             return nil
         } catch {
-            log("Firefox cookie load failed: \(error.localizedDescription)")
+            log("\(browser.displayName) cookie load failed: \(error.localizedDescription)")
             return nil
         }
     }
 
     private func trySource(
         _ source: Browser,
-        targetEmail: String?,
-        allowAnyAccount: Bool,
+        context: ImportContext,
         log: @escaping (String) -> Void,
         diagnostics: inout ImportDiagnostics) async -> ImportResult?
     {
         switch source {
         case .safari:
             await self.trySafari(
-                targetEmail: targetEmail,
-                allowAnyAccount: allowAnyAccount,
-                log: log,
-                diagnostics: &diagnostics)
-        case .chrome:
-            await self.tryChrome(
-                targetEmail: targetEmail,
-                allowAnyAccount: allowAnyAccount,
+                context: context,
                 log: log,
                 diagnostics: &diagnostics)
-        case .firefox:
-            await self.tryFirefox(
-                targetEmail: targetEmail,
-                allowAnyAccount: allowAnyAccount,
+        default:
+            // All non-Safari browsers (Chrome, Edge, Firefox, Brave, Arc, etc.)
+            // share the same cookie loading path via SweetCookieKit.
+            await self.tryBrowser(
+                source,
+                context: context,
                 log: log,
                 diagnostics: &diagnostics)
-        default:
-            nil
         }
     }
 
     private func applyCandidate(
         _ candidate: Candidate,
-        targetEmail: String?,
-        allowAnyAccount: Bool,
+        context: ImportContext,
         log: @escaping (String) -> Void,
         diagnostics: inout ImportDiagnostics) async -> ImportResult?
     {
         switch await self.evaluateCandidate(
             candidate,
-            targetEmail: targetEmail,
-            allowAnyAccount: allowAnyAccount,
+            targetEmail: context.targetEmail,
+            allowAnyAccount: context.allowAnyAccount,
             log: log)
         {
         case let .match(candidate, signedInEmail):
             log("Selected \(candidate.label) (matches Codex: \(signedInEmail))")
-            guard let targetEmail else { return nil }
-            if let result = try? await self.persist(candidate: candidate, targetEmail: targetEmail, logger: log) {
-                self.cacheCookies(candidate: candidate)
+            guard let targetEmail = context.targetEmail else { return nil }
+            if let result = try? await self.persistVerifiedCandidate(
+                candidate: candidate,
+                targetEmail: targetEmail,
+                verifiedSignedInEmail: signedInEmail,
+                logger: log)
+            {
+                self.cacheCookies(candidate: candidate, scope: context.cacheScope)
                 return result
             }
             return nil
@@ -418,16 +401,21 @@ public struct OpenAIDashboardBrowserCookieImporter {
             return nil
         case let .loggedIn(candidate, signedInEmail):
             log("Selected \(candidate.label) (signed in: \(signedInEmail))")
-            if let result = try? await self.persist(candidate: candidate, targetEmail: signedInEmail, logger: log) {
-                self.cacheCookies(candidate: candidate)
+            if let result = try? await self.persistVerifiedCandidate(
+                candidate: candidate,
+                targetEmail: signedInEmail,
+                verifiedSignedInEmail: signedInEmail,
+                logger: log)
+            {
+                self.cacheCookies(candidate: candidate, scope: context.cacheScope)
                 return result
             }
             return nil
         case .unknown:
-            if allowAnyAccount {
+            if context.allowAnyAccount {
                 log("Selected \(candidate.label) (signed in: unknown)")
                 if let result = try? await self.persistToDefaultStore(candidate: candidate, logger: log) {
-                    self.cacheCookies(candidate: candidate)
+                    self.cacheCookies(candidate: candidate, scope: context.cacheScope)
                     return result
                 }
                 return nil
@@ -587,6 +575,31 @@ public struct OpenAIDashboardBrowserCookieImporter {
         return nil
     }
 
+    private func persistVerifiedCandidate(
+        candidate: Candidate,
+        targetEmail: String,
+        verifiedSignedInEmail: String,
+        logger: @escaping (String) -> Void) async throws -> ImportResult
+    {
+        do {
+            return try await self.persist(candidate: candidate, targetEmail: targetEmail, logger: logger)
+        } catch {
+            guard Self.shouldTrustVerifiedSession(afterPersistFailure: error) else {
+                throw error
+            }
+
+            let signedInEmail = verifiedSignedInEmail.trimmingCharacters(in: .whitespacesAndNewlines)
+            logger(
+                "Persistent validation timed out after session verification; " +
+                    "keeping \(candidate.label) cookies for \(signedInEmail).")
+            return ImportResult(
+                sourceLabel: candidate.label,
+                cookieCount: candidate.cookies.count,
+                signedInEmail: signedInEmail,
+                matchesCodexEmail: signedInEmail.lowercased() == targetEmail.lowercased())
+        }
+    }
+
     private func persist(
         candidate: Candidate,
         targetEmail: String,
@@ -601,7 +614,8 @@ public struct OpenAIDashboardBrowserCookieImporter {
             let probe = try await OpenAIDashboardFetcher().probeUsagePage(
                 websiteDataStore: persistent,
                 logger: logger,
-                timeout: 20)
+                timeout: 20,
+                preserveLoadedPageForReuse: true)
             let signed = probe.signedInEmail?.trimmingCharacters(in: CharacterSet.whitespacesAndNewlines)
             let matches = signed?.lowercased() == targetEmail.lowercased()
             logger("Persistent session signed in as: \(signed ?? "unknown")")
@@ -617,8 +631,12 @@ public struct OpenAIDashboardBrowserCookieImporter {
                 signedInEmail: signed,
                 matchesCodexEmail: matches)
         } catch OpenAIDashboardFetcher.FetchError.loginRequired {
+            OpenAIDashboardWebViewCache.shared.evict(websiteDataStore: persistent)
             logger("Selected \(candidate.label) but dashboard still requires login.")
             throw ImportError.dashboardStillRequiresLogin
+        } catch {
+            OpenAIDashboardWebViewCache.shared.evict(websiteDataStore: persistent)
+            throw error
         }
     }
 
@@ -634,7 +652,8 @@ public struct OpenAIDashboardBrowserCookieImporter {
             let probe = try await OpenAIDashboardFetcher().probeUsagePage(
                 websiteDataStore: persistent,
                 logger: logger,
-                timeout: 20)
+                timeout: 20,
+                preserveLoadedPageForReuse: true)
             let signed = probe.signedInEmail?.trimmingCharacters(in: CharacterSet.whitespacesAndNewlines)
             logger("Persistent session signed in as: \(signed ?? "unknown")")
             return ImportResult(
@@ -643,8 +662,12 @@ public struct OpenAIDashboardBrowserCookieImporter {
                 signedInEmail: signed,
                 matchesCodexEmail: false)
         } catch OpenAIDashboardFetcher.FetchError.loginRequired {
+            OpenAIDashboardWebViewCache.shared.evict(websiteDataStore: persistent)
             logger("Selected \(candidate.label) but dashboard still requires login.")
             throw ImportError.dashboardStillRequiresLogin
+        } catch {
+            OpenAIDashboardWebViewCache.shared.evict(websiteDataStore: persistent)
+            throw error
         }
     }
 
@@ -669,17 +692,17 @@ public struct OpenAIDashboardBrowserCookieImporter {
         return cookies
     }
 
-    private func cacheCookies(candidate: Candidate) {
+    private func cacheCookies(candidate: Candidate, scope: CookieHeaderCache.Scope?) {
         let header = self.cookieHeader(from: candidate.cookies)
         guard !header.isEmpty else { return }
-        CookieHeaderCache.store(provider: .codex, cookieHeader: header, sourceLabel: candidate.label)
+        CookieHeaderCache.store(provider: .codex, scope: scope, cookieHeader: header, sourceLabel: candidate.label)
     }
 
     private func cookieHeader(from cookies: [HTTPCookie]) -> String {
         cookies.map { "\($0.name)=\($0.value)" }.joined(separator: "; ")
     }
 
-    private struct Candidate: Sendable {
+    private struct Candidate {
         let label: String
         let cookies: [HTTPCookie]
     }
@@ -798,6 +821,8 @@ public struct OpenAIDashboardBrowserCookieImporter {
     public func importBestCookies(
         intoAccountEmail _: String?,
         allowAnyAccount _: Bool = false,
+        preferCachedCookieHeader _: Bool = true,
+        cacheScope _: CookieHeaderCache.Scope? = nil,
         logger _: ((String) -> Void)? = nil) async throws -> ImportResult
     {
         throw ImportError.browserAccessDenied(details: "OpenAI web cookie import is only supported on macOS.")
@@ -807,6 +832,7 @@ public struct OpenAIDashboardBrowserCookieImporter {
         cookieHeader _: String,
         intoAccountEmail _: String?,
         allowAnyAccount _: Bool = false,
+        cacheScope _: CookieHeaderCache.Scope? = nil,
         logger _: ((String) -> Void)? = nil) async throws -> ImportResult
     {
         throw ImportError.browserAccessDenied(details: "OpenAI web cookie import is only supported on macOS.")
diff --git a/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardFetcher.swift b/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardFetcher.swift
index 04cdca243..58bb04dbf 100644
--- a/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardFetcher.swift
+++ b/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardFetcher.swift
@@ -19,7 +19,9 @@ public struct OpenAIDashboardFetcher {
         }
     }
 
-    private let usageURL = URL(string: "https://chatgpt.com/codex/settings/usage")!
+    private let usageURL = URL(string: "https://chatgpt.com/codex/cloud/settings/analytics#usage")!
+    private nonisolated static let dashboardAcceptLanguage = "en-US,en;q=0.9"
+    private nonisolated static let dashboardUsageAPIURL = URL(string: "https://chatgpt.com/backend-api/wham/usage")!
 
     public init() {}
 
@@ -42,6 +44,119 @@ public struct OpenAIDashboardFetcher {
         0.001
     }
 
+    private struct DashboardSnapshotComponents {
+        let signedInEmail: String?
+        let scrape: ScrapeResult
+        let codeReview: Double?
+        let codeReviewLimit: RateWindow?
+        let events: [CreditEvent]
+        let breakdown: [OpenAIDashboardDailyBreakdown]
+        let usageBreakdown: [OpenAIDashboardDailyBreakdown]
+        let rateLimits: (primary: RateWindow?, secondary: RateWindow?)
+        let extraRateWindows: [NamedRateWindow]
+        let creditsRemaining: Double?
+        let accountPlan: String?
+    }
+
+    private struct DashboardScrapeData {
+        let signedInEmail: String?
+        let codeReview: Double?
+        let codeReviewLimit: RateWindow?
+        let events: [CreditEvent]
+        let breakdown: [OpenAIDashboardDailyBreakdown]
+        let usageBreakdown: [OpenAIDashboardDailyBreakdown]
+        let rateLimits: (primary: RateWindow?, secondary: RateWindow?)
+        let extraRateWindows: [NamedRateWindow]
+        let creditsRemaining: Double?
+        let accountPlan: String?
+        let hasDashboardPageSignal: Bool
+        let hasReturnableData: Bool
+    }
+
+    private nonisolated static func makeDashboardSnapshot(_ components: DashboardSnapshotComponents)
+        -> OpenAIDashboardSnapshot
+    {
+        OpenAIDashboardSnapshot(
+            signedInEmail: components.signedInEmail,
+            codeReviewRemainingPercent: components.codeReview,
+            codeReviewLimit: components.codeReviewLimit,
+            creditEvents: components.events,
+            dailyBreakdown: components.breakdown,
+            usageBreakdown: components.usageBreakdown,
+            creditsPurchaseURL: components.scrape.creditsPurchaseURL,
+            primaryLimit: components.rateLimits.primary,
+            secondaryLimit: components.rateLimits.secondary,
+            extraRateWindows: components.extraRateWindows.isEmpty ? nil : components.extraRateWindows,
+            creditsRemaining: components.creditsRemaining,
+            accountPlan: components.accountPlan,
+            updatedAt: Date())
+    }
+
+    private static func parseDashboardScrape(
+        _ scrape: ScrapeResult,
+        apiData: DashboardAPIData?,
+        verifiedSignedInEmail: String?) -> DashboardScrapeData
+    {
+        let bodyText = scrape.bodyText ?? ""
+        let codeReview = OpenAIDashboardParser.parseCodeReviewRemainingPercent(bodyText: bodyText)
+        let events = OpenAIDashboardParser.parseCreditEvents(rows: scrape.rows)
+        let breakdown = OpenAIDashboardSnapshot.makeDailyBreakdown(from: events, maxDays: 30)
+        let usageBreakdown = scrape.usageBreakdown
+        let parsedRateLimits = OpenAIDashboardParser.parseRateLimits(bodyText: bodyText)
+        let rateLimits = (
+            primary: apiData?.primaryLimit ?? parsedRateLimits.primary,
+            secondary: apiData?.secondaryLimit ?? parsedRateLimits.secondary)
+        let codeReviewLimit = OpenAIDashboardParser.parseCodeReviewLimit(bodyText: bodyText)
+        let parsedCreditsRemaining = OpenAIDashboardParser.parseCreditsRemaining(bodyText: bodyText)
+        let creditsRemaining = apiData?.creditsRemaining ?? parsedCreditsRemaining
+        let accountPlan = scrape.accountPlan ?? apiData?.accountPlan
+        let hasParsedUsageLimits = parsedRateLimits.primary != nil || parsedRateLimits.secondary != nil
+        let hasUsageLimits = rateLimits.primary != nil || rateLimits.secondary != nil
+        let hasDashboardPageData = self.hasReturnableDashboardData(
+            codeReview: codeReview,
+            events: events,
+            usageBreakdown: usageBreakdown,
+            hasUsageLimits: hasParsedUsageLimits,
+            creditsRemaining: parsedCreditsRemaining)
+        let hasReturnableData = self.hasReturnableDashboardData(
+            codeReview: codeReview,
+            events: events,
+            usageBreakdown: usageBreakdown,
+            hasUsageLimits: hasUsageLimits,
+            creditsRemaining: creditsRemaining)
+
+        // Codex `additional_rate_limits` (e.g. Codex Spark) only ship over the JSON usage API, so the
+        // dashboard HTML scrape never contributes here; we just forward what the apiData decoded.
+        let extraRateWindows = apiData?.extraRateWindows ?? []
+        return DashboardScrapeData(
+            signedInEmail: self.firstNonEmpty(scrape.signedInEmail, verifiedSignedInEmail),
+            codeReview: codeReview,
+            codeReviewLimit: codeReviewLimit,
+            events: events,
+            breakdown: breakdown,
+            usageBreakdown: usageBreakdown,
+            rateLimits: rateLimits,
+            extraRateWindows: extraRateWindows,
+            creditsRemaining: creditsRemaining,
+            accountPlan: accountPlan,
+            hasDashboardPageSignal: self.hasAnyDashboardSignal(
+                hasReturnableData: hasDashboardPageData,
+                creditsHeaderPresent: scrape.creditsHeaderPresent),
+            hasReturnableData: hasReturnableData)
+    }
+
+    struct DashboardAPIData {
+        let primaryLimit: RateWindow?
+        let secondaryLimit: RateWindow?
+        let extraRateWindows: [NamedRateWindow]
+        let creditsRemaining: Double?
+        let accountPlan: String?
+
+        var hasUsageData: Bool {
+            self.primaryLimit != nil || self.secondaryLimit != nil || self.creditsRemaining != nil
+        }
+    }
+
     public struct ProbeResult: Sendable {
         public let href: String?
         public let loginRequired: Bool
@@ -67,6 +182,22 @@ public struct OpenAIDashboardFetcher {
         }
     }
 
+    nonisolated static func shouldPreserveLoadedPageAfterProbe(_ result: ProbeResult) -> Bool {
+        guard !result.loginRequired, !result.workspacePicker, !result.cloudflareInterstitial else {
+            return false
+        }
+
+        guard self.isUsageRoute(result.href) else { return false }
+
+        guard let signedInEmail = result.signedInEmail?.trimmingCharacters(in: .whitespacesAndNewlines),
+              !signedInEmail.isEmpty
+        else {
+            return false
+        }
+
+        return true
+    }
+
     public func loadLatestDashboard(
         accountEmail: String?,
         logger: ((String) -> Void)? = nil,
@@ -88,6 +219,12 @@ public struct OpenAIDashboardFetcher {
         timeout: TimeInterval = 60) async throws -> OpenAIDashboardSnapshot
     {
         let deadline = Self.deadline(startingAt: Date(), timeout: timeout)
+        let preflight = await Self.fetchDashboardAPIPreflight(
+            websiteDataStore: websiteDataStore,
+            logger: { logger?($0) })
+        let apiData = preflight.apiData
+        let verifiedSignedInEmail = preflight.verifiedSignedInEmail
+
         let lease = try await self.makeWebView(
             websiteDataStore: websiteDataStore,
             logger: logger,
@@ -97,19 +234,18 @@ public struct OpenAIDashboardFetcher {
         let log = lease.log
 
         var lastBody: String?
-        var lastHTML: String?
         var lastHref: String?
         var lastFlags: (loginRequired: Bool, workspacePicker: Bool, cloudflare: Bool)?
         var codeReviewFirstSeenAt: Date?
         var anyDashboardSignalAt: Date?
         var creditsHeaderVisibleAt: Date?
+        var usageBreakdownErrorFirstSeenAt: Date?
         var lastUsageBreakdownDebug: String?
+        var lastUsageBreakdownError: String?
         var lastCreditsPurchaseURL: String?
-
         while Date() < deadline {
             let scrape = try await self.scrape(webView: webView)
             lastBody = scrape.bodyText ?? lastBody
-            lastHTML = scrape.bodyHTML ?? lastHTML
 
             if scrape.href != lastHref
                 || lastFlags?.loginRequired != scrape.loginRequired
@@ -130,41 +266,32 @@ public struct OpenAIDashboardFetcher {
             }
 
             // The page is a SPA and can land on ChatGPT UI or other routes; keep forcing the usage URL.
-            if let href = scrape.href, !href.contains("/codex/settings/usage") {
-                _ = webView.load(URLRequest(url: self.usageURL))
+            if let href = scrape.href, !Self.isUsageRoute(href) {
+                _ = webView.load(Self.usageURLRequest(url: self.usageURL))
                 try? await Task.sleep(for: .milliseconds(500))
                 continue
             }
 
-            if scrape.loginRequired {
-                if debugDumpHTML, let html = scrape.bodyHTML {
-                    Self.writeDebugArtifacts(html: html, bodyText: scrape.bodyText, logger: log)
-                }
-                throw FetchError.loginRequired
-            }
-
-            if scrape.cloudflareInterstitial {
-                if debugDumpHTML, let html = scrape.bodyHTML {
-                    Self.writeDebugArtifacts(html: html, bodyText: scrape.bodyText, logger: log)
-                }
-                throw FetchError.noDashboardData(body: "Cloudflare challenge detected in WebView.")
+            if debugDumpHTML,
+               scrape.loginRequired || scrape.cloudflareInterstitial,
+               let html = try? await self.fetchDebugHTML(webView: webView)
+            {
+                Self.writeDebugArtifacts(html: html, bodyText: scrape.bodyText, logger: log)
             }
-
-            let bodyText = scrape.bodyText ?? ""
-            let codeReview = OpenAIDashboardParser.parseCodeReviewRemainingPercent(bodyText: bodyText)
-            let events = OpenAIDashboardParser.parseCreditEvents(rows: scrape.rows)
-            let breakdown = OpenAIDashboardSnapshot.makeDailyBreakdown(from: events, maxDays: 30)
-            let usageBreakdown = scrape.usageBreakdown
-            let rateLimits = OpenAIDashboardParser.parseRateLimits(bodyText: bodyText)
-            let creditsRemaining = OpenAIDashboardParser.parseCreditsRemaining(bodyText: bodyText)
-            let accountPlan = scrape.bodyHTML.flatMap(OpenAIDashboardParser.parsePlanFromHTML)
-            let hasUsageLimits = rateLimits.primary != nil || rateLimits.secondary != nil
+            try Self.throwIfBlockingScrapeState(scrape)
+
+            let dashboardData = Self.parseDashboardScrape(
+                scrape,
+                apiData: apiData,
+                verifiedSignedInEmail: verifiedSignedInEmail)
+            let codeReview = dashboardData.codeReview
+            let events = dashboardData.events
+            let usageBreakdown = dashboardData.usageBreakdown
+            let hasDashboardPageSignal = dashboardData.hasDashboardPageSignal
+            let hasReturnableData = dashboardData.hasReturnableData
 
             if codeReview != nil, codeReviewFirstSeenAt == nil { codeReviewFirstSeenAt = Date() }
-            if anyDashboardSignalAt == nil,
-               codeReview != nil || !usageBreakdown.isEmpty || scrape.creditsHeaderPresent ||
-               hasUsageLimits || creditsRemaining != nil
-            {
+            if anyDashboardSignalAt == nil, hasDashboardPageSignal {
                 anyDashboardSignalAt = Date()
             }
             if codeReview != nil, usageBreakdown.isEmpty,
@@ -174,12 +301,19 @@ public struct OpenAIDashboardFetcher {
                 lastUsageBreakdownDebug = debug
                 log("usage breakdown debug: \(debug)")
             }
+            Self.updateUsageBreakdownErrorState(
+                usageBreakdown: usageBreakdown,
+                error: scrape.usageBreakdownError,
+                firstSeenAt: &usageBreakdownErrorFirstSeenAt,
+                lastError: &lastUsageBreakdownError,
+                logger: log)
             if let purchaseURL = scrape.creditsPurchaseURL, purchaseURL != lastCreditsPurchaseURL {
                 lastCreditsPurchaseURL = purchaseURL
                 log("credits purchase url: \(purchaseURL)")
             }
             if events.isEmpty,
-               codeReview != nil || !usageBreakdown.isEmpty || hasUsageLimits || creditsRemaining != nil
+               hasReturnableData,
+               hasDashboardPageSignal
             {
                 log(
                     "credits header present=\(scrape.creditsHeaderPresent) " +
@@ -209,9 +343,17 @@ public struct OpenAIDashboardFetcher {
                 }
             }
 
-            if codeReview != nil || !events.isEmpty || !usageBreakdown
-                .isEmpty || hasUsageLimits || creditsRemaining != nil
-            {
+            if hasReturnableData, hasDashboardPageSignal {
+                if usageBreakdown.isEmpty,
+                   let error = scrape.usageBreakdownError, !error.isEmpty,
+                   Self.shouldWaitForUsageBreakdownRecovery(.init(
+                       now: Date(),
+                       errorFirstSeenAt: usageBreakdownErrorFirstSeenAt))
+                {
+                    try? await Task.sleep(for: .milliseconds(400))
+                    continue
+                }
+
                 // The usage breakdown chart is hydrated asynchronously. When code review is already present,
                 // give it a moment to populate so the menu can show it.
                 if codeReview != nil, usageBreakdown.isEmpty {
@@ -221,55 +363,44 @@ public struct OpenAIDashboardFetcher {
                         continue
                     }
                 }
-                return OpenAIDashboardSnapshot(
-                    signedInEmail: scrape.signedInEmail,
-                    codeReviewRemainingPercent: codeReview,
-                    creditEvents: events,
-                    dailyBreakdown: breakdown,
+                return Self.makeDashboardSnapshot(.init(
+                    signedInEmail: dashboardData.signedInEmail,
+                    scrape: scrape,
+                    codeReview: codeReview,
+                    codeReviewLimit: dashboardData.codeReviewLimit,
+                    events: events,
+                    breakdown: dashboardData.breakdown,
                     usageBreakdown: usageBreakdown,
-                    creditsPurchaseURL: scrape.creditsPurchaseURL,
-                    primaryLimit: rateLimits.primary,
-                    secondaryLimit: rateLimits.secondary,
-                    creditsRemaining: creditsRemaining,
-                    accountPlan: accountPlan,
-                    updatedAt: Date())
+                    rateLimits: dashboardData.rateLimits,
+                    extraRateWindows: dashboardData.extraRateWindows,
+                    creditsRemaining: dashboardData.creditsRemaining,
+                    accountPlan: dashboardData.accountPlan))
             }
 
             try? await Task.sleep(for: .milliseconds(500))
         }
 
-        if debugDumpHTML, let html = lastHTML {
+        if debugDumpHTML, let html = try? await self.fetchDebugHTML(webView: webView) {
             Self.writeDebugArtifacts(html: html, bodyText: lastBody, logger: log)
         }
-        throw FetchError.noDashboardData(body: lastBody ?? "")
+        throw FetchError.noDashboardData(body: lastUsageBreakdownError ?? lastBody ?? "")
     }
 
-    struct CreditsHistoryWaitContext: Sendable {
-        let now: Date
-        let anyDashboardSignalAt: Date?
-        let creditsHeaderVisibleAt: Date?
-        let creditsHeaderPresent: Bool
-        let creditsHeaderInViewport: Bool
-        let didScrollToCredits: Bool
+    nonisolated static func hasReturnableDashboardData(
+        codeReview: Double?,
+        events: [CreditEvent],
+        usageBreakdown: [OpenAIDashboardDailyBreakdown],
+        hasUsageLimits: Bool,
+        creditsRemaining: Double?) -> Bool
+    {
+        codeReview != nil || !events.isEmpty || !usageBreakdown.isEmpty || hasUsageLimits || creditsRemaining != nil
     }
 
-    nonisolated static func shouldWaitForCreditsHistory(_ context: CreditsHistoryWaitContext) -> Bool {
-        if context.didScrollToCredits { return true }
-
-        // When the header is visible but rows are still empty, wait briefly for the table to render.
-        if context.creditsHeaderPresent, context.creditsHeaderInViewport {
-            if let creditsHeaderVisibleAt = context.creditsHeaderVisibleAt {
-                return context.now.timeIntervalSince(creditsHeaderVisibleAt) < 2.5
-            }
-            return true
-        }
-
-        // Header not in view yet: allow a short grace period after we first detect any dashboard signal so
-        // a scroll (or hydration) can bring the credits section into the DOM.
-        if let anyDashboardSignalAt = context.anyDashboardSignalAt {
-            return context.now.timeIntervalSince(anyDashboardSignalAt) < 6.5
-        }
-        return false
+    nonisolated static func hasAnyDashboardSignal(
+        hasReturnableData: Bool,
+        creditsHeaderPresent: Bool) -> Bool
+    {
+        hasReturnableData || creditsHeaderPresent
     }
 
     public func clearSessionData(accountEmail: String?) async {
@@ -278,22 +409,30 @@ public struct OpenAIDashboardFetcher {
         await OpenAIDashboardWebsiteDataStore.clearStore(forAccountEmail: accountEmail)
     }
 
+    public static func evictAllCachedWebViews() {
+        OpenAIDashboardWebViewCache.shared.evictAll()
+    }
+
     public func probeUsagePage(
         websiteDataStore: WKWebsiteDataStore,
         logger: ((String) -> Void)? = nil,
-        timeout: TimeInterval = 30) async throws -> ProbeResult
+        timeout: TimeInterval = 30,
+        preserveLoadedPageForReuse: Bool = false) async throws -> ProbeResult
     {
         let deadline = Self.deadline(startingAt: Date(), timeout: timeout)
         let lease = try await self.makeWebView(
             websiteDataStore: websiteDataStore,
             logger: logger,
-            timeout: Self.remainingTimeout(until: deadline))
+            timeout: Self.remainingTimeout(until: deadline),
+            preserveLoadedPageOnRelease: preserveLoadedPageForReuse)
         defer { lease.release() }
         let webView = lease.webView
         let log = lease.log
 
         var lastBody: String?
         var lastHref: String?
+        var usageRouteSeenAt: Date?
+        var dashboardSignalSeenAt: Date?
 
         while Date() < deadline {
             let scrape = try await self.scrape(webView: webView)
@@ -305,8 +444,10 @@ public struct OpenAIDashboardFetcher {
                 continue
             }
 
-            if let href = scrape.href, !href.contains("/codex/settings/usage") {
-                _ = webView.load(URLRequest(url: self.usageURL))
+            if let href = scrape.href, !Self.isUsageRoute(href) {
+                usageRouteSeenAt = nil
+                dashboardSignalSeenAt = nil
+                _ = webView.load(Self.usageURLRequest(url: self.usageURL))
                 try? await Task.sleep(for: .milliseconds(500))
                 continue
             }
@@ -316,23 +457,57 @@ public struct OpenAIDashboardFetcher {
                 throw FetchError.noDashboardData(body: "Cloudflare challenge detected in WebView.")
             }
 
-            return ProbeResult(
+            let normalizedEmail = scrape.signedInEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
+            let bodyText = scrape.bodyText ?? ""
+            let rateLimits = OpenAIDashboardParser.parseRateLimits(bodyText: bodyText)
+            let hasDashboardSignal = normalizedEmail?.isEmpty == false ||
+                !scrape.rows.isEmpty ||
+                !scrape.usageBreakdown.isEmpty ||
+                scrape.creditsHeaderPresent ||
+                OpenAIDashboardParser.parseCodeReviewRemainingPercent(bodyText: bodyText) != nil ||
+                OpenAIDashboardParser.parseCreditsRemaining(bodyText: bodyText) != nil ||
+                rateLimits.primary != nil ||
+                rateLimits.secondary != nil
+
+            if usageRouteSeenAt == nil {
+                usageRouteSeenAt = Date()
+            }
+            if hasDashboardSignal, dashboardSignalSeenAt == nil {
+                dashboardSignalSeenAt = Date()
+            }
+            if Self.shouldWaitForProbeReadiness(.init(
+                now: Date(),
+                usageRouteSeenAt: usageRouteSeenAt,
+                dashboardSignalSeenAt: dashboardSignalSeenAt,
+                signedInEmail: normalizedEmail,
+                hasDashboardSignal: hasDashboardSignal))
+            {
+                try? await Task.sleep(for: .milliseconds(400))
+                continue
+            }
+
+            let result = ProbeResult(
                 href: scrape.href,
                 loginRequired: scrape.loginRequired,
                 workspacePicker: scrape.workspacePicker,
                 cloudflareInterstitial: scrape.cloudflareInterstitial,
-                signedInEmail: scrape.signedInEmail?.trimmingCharacters(in: .whitespacesAndNewlines),
+                signedInEmail: normalizedEmail,
                 bodyText: scrape.bodyText)
+            lease.setPreserveLoadedPageOnRelease(
+                preserveLoadedPageForReuse && Self.shouldPreserveLoadedPageAfterProbe(result))
+            return result
         }
 
         log("Probe timed out (href=\(lastHref ?? "nil"))")
-        return ProbeResult(
+        let result = ProbeResult(
             href: lastHref,
             loginRequired: false,
             workspacePicker: false,
             cloudflareInterstitial: false,
             signedInEmail: nil,
             bodyText: lastBody)
+        lease.setPreserveLoadedPageOnRelease(false)
+        return result
     }
 
     // MARK: - JS scrape
@@ -343,12 +518,14 @@ public struct OpenAIDashboardFetcher {
         let cloudflareInterstitial: Bool
         let href: String?
         let bodyText: String?
-        let bodyHTML: String?
         let signedInEmail: String?
+        let authStatus: String?
+        let accountPlan: String?
         let creditsPurchaseURL: String?
         let rows: [[String]]
         let usageBreakdown: [OpenAIDashboardDailyBreakdown]
         let usageBreakdownDebug: String?
+        let usageBreakdownError: String?
         let scrollY: Double
         let scrollHeight: Double
         let viewportHeight: Double
@@ -366,12 +543,14 @@ public struct OpenAIDashboardFetcher {
                 cloudflareInterstitial: false,
                 href: nil,
                 bodyText: nil,
-                bodyHTML: nil,
                 signedInEmail: nil,
+                authStatus: nil,
+                accountPlan: nil,
                 creditsPurchaseURL: nil,
                 rows: [],
                 usageBreakdown: [],
                 usageBreakdownDebug: nil,
+                usageBreakdownError: nil,
                 scrollY: 0,
                 scrollHeight: 0,
                 viewportHeight: 0,
@@ -384,14 +563,15 @@ public struct OpenAIDashboardFetcher {
         let workspacePicker = (dict["workspacePicker"] as? Bool) ?? false
         let cloudflareInterstitial = (dict["cloudflareInterstitial"] as? Bool) ?? false
         let rows = (dict["rows"] as? [[String]]) ?? []
-        let bodyHTML = dict["bodyHTML"] as? String
 
         var usageBreakdown: [OpenAIDashboardDailyBreakdown] = []
         let usageBreakdownDebug = dict["usageBreakdownDebug"] as? String
+        let usageBreakdownError = dict["usageBreakdownError"] as? String
         if let raw = dict["usageBreakdownJSON"] as? String, !raw.isEmpty {
             do {
                 let decoder = JSONDecoder()
-                usageBreakdown = try decoder.decode([OpenAIDashboardDailyBreakdown].self, from: Data(raw.utf8))
+                let decoded = try decoder.decode([OpenAIDashboardDailyBreakdown].self, from: Data(raw.utf8))
+                usageBreakdown = OpenAIDashboardDailyBreakdown.removingSkillUsageServices(from: decoded)
             } catch {
                 // Best-effort parse; ignore errors to avoid blocking other dashboard data.
                 usageBreakdown = []
@@ -399,18 +579,14 @@ public struct OpenAIDashboardFetcher {
         }
 
         var signedInEmail = dict["signedInEmail"] as? String
-        if let bodyHTML,
-           signedInEmail == nil || signedInEmail?.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty == true
-        {
-            signedInEmail = OpenAIDashboardParser.parseSignedInEmailFromClientBootstrap(html: bodyHTML)
-        }
-
-        if let bodyHTML, let authStatus = OpenAIDashboardParser.parseAuthStatusFromClientBootstrap(html: bodyHTML) {
-            if authStatus.lowercased() != "logged_in" {
-                // When logged out, the SPA can render a generic landing shell without obvious auth inputs,
-                // so treat it as login-required and let the caller retry cookie import.
-                loginRequired = true
-            }
+        signedInEmail = signedInEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let authStatus = (dict["authStatus"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let accountPlan = (dict["accountPlan"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines)
+
+        if let authStatus, !authStatus.isEmpty, authStatus.lowercased() != "logged_in" {
+            // When logged out, the SPA can render a generic landing shell without obvious auth inputs,
+            // so treat it as login-required and let the caller retry cookie import.
+            loginRequired = true
         }
 
         return ScrapeResult(
@@ -419,12 +595,14 @@ public struct OpenAIDashboardFetcher {
             cloudflareInterstitial: cloudflareInterstitial,
             href: dict["href"] as? String,
             bodyText: dict["bodyText"] as? String,
-            bodyHTML: bodyHTML,
             signedInEmail: signedInEmail,
+            authStatus: authStatus,
+            accountPlan: accountPlan,
             creditsPurchaseURL: dict["creditsPurchaseURL"] as? String,
             rows: rows,
             usageBreakdown: usageBreakdown,
             usageBreakdownDebug: usageBreakdownDebug,
+            usageBreakdownError: usageBreakdownError,
             scrollY: (dict["scrollY"] as? NSNumber)?.doubleValue ?? 0,
             scrollHeight: (dict["scrollHeight"] as? NSNumber)?.doubleValue ?? 0,
             viewportHeight: (dict["viewportHeight"] as? NSNumber)?.doubleValue ?? 0,
@@ -433,16 +611,33 @@ public struct OpenAIDashboardFetcher {
             didScrollToCredits: (dict["didScrollToCredits"] as? Bool) ?? false)
     }
 
+    private static func throwIfBlockingScrapeState(_ scrape: ScrapeResult) throws {
+        if scrape.loginRequired {
+            throw FetchError.loginRequired
+        }
+
+        if scrape.cloudflareInterstitial {
+            throw FetchError.noDashboardData(body: "Cloudflare challenge detected in WebView.")
+        }
+    }
+
+    private func fetchDebugHTML(webView: WKWebView) async throws -> String? {
+        try await webView.evaluateJavaScript(
+            "document.documentElement ? String(document.documentElement.outerHTML || '') : ''") as? String
+    }
+
     private func makeWebView(
         websiteDataStore: WKWebsiteDataStore,
         logger: ((String) -> Void)?,
-        timeout: TimeInterval) async throws -> OpenAIDashboardWebViewLease
+        timeout: TimeInterval,
+        preserveLoadedPageOnRelease: Bool = false) async throws -> OpenAIDashboardWebViewLease
     {
         try await OpenAIDashboardWebViewCache.shared.acquire(
             websiteDataStore: websiteDataStore,
             usageURL: self.usageURL,
             logger: logger,
-            navigationTimeout: timeout)
+            navigationTimeout: timeout,
+            preserveLoadedPageOnRelease: preserveLoadedPageOnRelease)
     }
 
     nonisolated static func sanitizedTimeout(_ timeout: TimeInterval) -> TimeInterval {
@@ -458,6 +653,192 @@ public struct OpenAIDashboardFetcher {
         max(0, deadline.timeIntervalSince(now))
     }
 
+    nonisolated static func isUsageRoute(_ href: String?) -> Bool {
+        guard let href, !href.isEmpty else { return false }
+        let path = (URL(string: href)?.path ?? href)
+            .trimmingCharacters(in: CharacterSet(charactersIn: "/"))
+        return path.hasSuffix("codex/settings/usage")
+            || path.hasSuffix("codex/cloud/settings/usage")
+            || path.hasSuffix("codex/settings/analytics")
+            || path.hasSuffix("codex/cloud/settings/analytics")
+    }
+
+    nonisolated static func usageURLRequest(url: URL) -> URLRequest {
+        var request = URLRequest(url: url)
+        request.setValue(Self.dashboardAcceptLanguage, forHTTPHeaderField: "Accept-Language")
+        return request
+    }
+
+    nonisolated static func dashboardUsageAPIRequest(cookieHeader: String) -> URLRequest {
+        var request = URLRequest(url: Self.dashboardUsageAPIURL)
+        request.httpMethod = "GET"
+        request.timeoutInterval = 4
+        request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.setValue(Self.dashboardAcceptLanguage, forHTTPHeaderField: "Accept-Language")
+        request.setValue("CodexBar", forHTTPHeaderField: "User-Agent")
+        return request
+    }
+
+    nonisolated static func dashboardIdentityAPIRequest(url: URL, cookieHeader: String) -> URLRequest {
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.timeoutInterval = 2
+        request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.setValue(Self.dashboardAcceptLanguage, forHTTPHeaderField: "Accept-Language")
+        request.setValue("CodexBar", forHTTPHeaderField: "User-Agent")
+        return request
+    }
+
+    nonisolated static func dashboardAPIData(from response: CodexUsageResponse) -> DashboardAPIData {
+        DashboardAPIData(
+            primaryLimit: self.rateWindow(from: response.rateLimit?.primaryWindow),
+            secondaryLimit: self.rateWindow(from: response.rateLimit?.secondaryWindow),
+            extraRateWindows: CodexAdditionalRateLimitMapper.extraRateWindows(
+                from: response.additionalRateLimits),
+            creditsRemaining: response.credits?.balance,
+            accountPlan: response.planType?.rawValue)
+    }
+
+    private static func fetchDashboardAPIPreflight(
+        websiteDataStore: WKWebsiteDataStore,
+        logger: @escaping (String) -> Void)
+        async -> (apiData: DashboardAPIData?, verifiedSignedInEmail: String?)
+    {
+        let cookieHeader = await self.chatGPTCookieHeader(in: websiteDataStore)
+        let apiData = await self.fetchDashboardUsageAPI(cookieHeader: cookieHeader, logger: logger)
+        let verifiedEmail: String? = if apiData?.hasUsageData == true {
+            await self.fetchSignedInEmailFromAPI(cookieHeader: cookieHeader, logger: logger)
+        } else {
+            nil
+        }
+
+        if apiData?.hasUsageData == true, verifiedEmail != nil {
+            logger("usage api supplied verified dashboard data; continuing WebView scrape")
+        }
+        return (apiData, verifiedEmail)
+    }
+
+    private static func fetchDashboardUsageAPI(
+        websiteDataStore: WKWebsiteDataStore,
+        logger: @escaping (String) -> Void) async -> DashboardAPIData?
+    {
+        let cookieHeader = await self.chatGPTCookieHeader(in: websiteDataStore)
+        return await self.fetchDashboardUsageAPI(cookieHeader: cookieHeader, logger: logger)
+    }
+
+    private static func fetchDashboardUsageAPI(
+        cookieHeader: String,
+        logger: @escaping (String) -> Void) async -> DashboardAPIData?
+    {
+        guard !cookieHeader.isEmpty else { return nil }
+
+        do {
+            let (data, response) = try await URLSession.shared.data(
+                for: self.dashboardUsageAPIRequest(cookieHeader: cookieHeader))
+            let status = (response as? HTTPURLResponse)?.statusCode ?? -1
+            logger("usage api status=\(status)")
+            guard status >= 200, status < 300 else { return nil }
+            let decoded = try JSONDecoder().decode(CodexUsageResponse.self, from: data)
+            let result = self.dashboardAPIData(from: decoded)
+            if result.hasUsageData {
+                logger("usage api supplied language-independent rate/credit data")
+            }
+            return result
+        } catch {
+            logger("usage api unavailable: \(error.localizedDescription)")
+            return nil
+        }
+    }
+
+    private static func fetchSignedInEmailFromAPI(
+        cookieHeader: String,
+        logger: @escaping (String) -> Void) async -> String?
+    {
+        guard !cookieHeader.isEmpty else { return nil }
+
+        let endpoints = [
+            URL(string: "https://chatgpt.com/backend-api/me"),
+            URL(string: "https://chatgpt.com/api/auth/session"),
+        ].compactMap(\.self)
+
+        for url in endpoints {
+            do {
+                let (data, response) = try await URLSession.shared.data(
+                    for: self.dashboardIdentityAPIRequest(url: url, cookieHeader: cookieHeader))
+                let status = (response as? HTTPURLResponse)?.statusCode ?? -1
+                logger("identity api \(url.path) status=\(status)")
+                guard status >= 200, status < 300 else { continue }
+                if let email = self.findFirstEmail(inJSONData: data) {
+                    return email.trimmingCharacters(in: .whitespacesAndNewlines)
+                }
+            } catch {
+                logger("identity api \(url.path) unavailable: \(error.localizedDescription)")
+            }
+        }
+
+        return nil
+    }
+
+    private static func chatGPTCookieHeader(in store: WKWebsiteDataStore) async -> String {
+        let cookies = await withCheckedContinuation { continuation in
+            store.httpCookieStore.getAllCookies { cookies in
+                continuation.resume(returning: cookies)
+            }
+        }
+
+        return cookies
+            .filter { $0.domain.lowercased().contains("chatgpt.com") }
+            .map { "\($0.name)=\($0.value)" }
+            .joined(separator: "; ")
+    }
+
+    nonisolated static func findFirstEmail(inJSONData data: Data) -> String? {
+        guard let json = try? JSONSerialization.jsonObject(with: data, options: []) else { return nil }
+        var queue: [Any] = [json]
+        var seen = 0
+        while !queue.isEmpty, seen < 2000 {
+            let current = queue.removeFirst()
+            seen += 1
+            if let string = current as? String, string.contains("@") {
+                return string
+            }
+            if let dictionary = current as? [String: Any] {
+                for (key, value) in dictionary {
+                    if key.lowercased() == "email",
+                       let string = value as? String,
+                       string.contains("@")
+                    {
+                        return string
+                    }
+                    queue.append(value)
+                }
+            } else if let array = current as? [Any] {
+                queue.append(contentsOf: array)
+            }
+        }
+        return nil
+    }
+
+    private nonisolated static func rateWindow(from window: CodexUsageResponse.WindowSnapshot?) -> RateWindow? {
+        guard let window else { return nil }
+        let resetDate = Date(timeIntervalSince1970: TimeInterval(window.resetAt))
+        return RateWindow(
+            usedPercent: Double(window.usedPercent),
+            windowMinutes: window.limitWindowSeconds / 60,
+            resetsAt: resetDate,
+            resetDescription: UsageFormatter.resetDescription(from: resetDate))
+    }
+
+    private nonisolated static func firstNonEmpty(_ candidates: String?...) -> String? {
+        for candidate in candidates {
+            let trimmed = candidate?.trimmingCharacters(in: .whitespacesAndNewlines)
+            if trimmed?.isEmpty == false { return trimmed }
+        }
+        return nil
+    }
+
     private static func writeDebugArtifacts(html: String, bodyText: String?, logger: (String) -> Void) {
         let stamp = Int(Date().timeIntervalSince1970)
         let dir = URL(fileURLWithPath: NSTemporaryDirectory(), isDirectory: true)
@@ -480,6 +861,93 @@ public struct OpenAIDashboardFetcher {
         }
     }
 }
+
+extension OpenAIDashboardFetcher {
+    struct CreditsHistoryWaitContext {
+        let now: Date
+        let anyDashboardSignalAt: Date?
+        let creditsHeaderVisibleAt: Date?
+        let creditsHeaderPresent: Bool
+        let creditsHeaderInViewport: Bool
+        let didScrollToCredits: Bool
+    }
+
+    nonisolated static func shouldWaitForCreditsHistory(_ context: CreditsHistoryWaitContext) -> Bool {
+        if context.didScrollToCredits { return true }
+
+        // When the header is visible but rows are still empty, wait briefly for the table to render.
+        if context.creditsHeaderPresent, context.creditsHeaderInViewport {
+            if let creditsHeaderVisibleAt = context.creditsHeaderVisibleAt {
+                return context.now.timeIntervalSince(creditsHeaderVisibleAt) < 2.5
+            }
+            return true
+        }
+
+        // Header not in view yet: allow a short grace period after we first detect any dashboard signal so
+        // a scroll (or hydration) can bring the credits section into the DOM.
+        if let anyDashboardSignalAt = context.anyDashboardSignalAt {
+            return context.now.timeIntervalSince(anyDashboardSignalAt) < 6.5
+        }
+        return false
+    }
+
+    struct ProbeReadinessContext {
+        let now: Date
+        let usageRouteSeenAt: Date?
+        let dashboardSignalSeenAt: Date?
+        let signedInEmail: String?
+        let hasDashboardSignal: Bool
+    }
+
+    struct UsageBreakdownRecoveryContext {
+        let now: Date
+        let errorFirstSeenAt: Date?
+    }
+
+    nonisolated static func shouldWaitForUsageBreakdownRecovery(_ context: UsageBreakdownRecoveryContext) -> Bool {
+        guard let errorFirstSeenAt = context.errorFirstSeenAt else { return true }
+        return context.now.timeIntervalSince(errorFirstSeenAt) < 4.0
+    }
+
+    nonisolated static func shouldWaitForProbeReadiness(_ context: ProbeReadinessContext) -> Bool {
+        if let signedInEmail = context.signedInEmail?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !signedInEmail.isEmpty
+        {
+            return false
+        }
+
+        if context.hasDashboardSignal {
+            if let dashboardSignalSeenAt = context.dashboardSignalSeenAt {
+                return context.now.timeIntervalSince(dashboardSignalSeenAt) < 2.0
+            }
+            return true
+        }
+
+        if let usageRouteSeenAt = context.usageRouteSeenAt {
+            return context.now.timeIntervalSince(usageRouteSeenAt) < 2.0
+        }
+
+        return false
+    }
+
+    nonisolated static func updateUsageBreakdownErrorState(
+        usageBreakdown: [OpenAIDashboardDailyBreakdown],
+        error: String?,
+        firstSeenAt: inout Date?,
+        lastError: inout String?,
+        now: Date = Date(),
+        logger: (String) -> Void)
+    {
+        guard usageBreakdown.isEmpty, let error, !error.isEmpty else {
+            firstSeenAt = nil
+            return
+        }
+        if firstSeenAt == nil { firstSeenAt = now }
+        guard error != lastError else { return }
+        lastError = error
+        logger("usage breakdown error: \(error)")
+    }
+}
 #else
 import Foundation
 
diff --git a/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardNavigationDelegate.swift b/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardNavigationDelegate.swift
index cc7d93709..59f3f1ef8 100644
--- a/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardNavigationDelegate.swift
+++ b/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardNavigationDelegate.swift
@@ -8,27 +8,43 @@ import WebKit
 final class NavigationDelegate: NSObject, WKNavigationDelegate {
     private let completion: (Result<Void, Error>) -> Void
     private var hasCompleted: Bool = false
-    private var timeoutTask: Task<Void, Never>?
+    private var timeoutWorkItem: DispatchWorkItem?
+    private var postCommitWorkItem: DispatchWorkItem?
     static var associationKey: UInt8 = 0
+    nonisolated static let postCommitSuccessDelay: TimeInterval = 0.75
 
     init(completion: @escaping (Result<Void, Error>) -> Void) {
         self.completion = completion
     }
 
     func armTimeout(seconds: TimeInterval) {
-        self.timeoutTask?.cancel()
-        self.timeoutTask = Task { @MainActor [weak self] in
-            guard let self else { return }
-            let nanoseconds = UInt64(max(seconds, 0) * 1_000_000_000)
-            try? await Task.sleep(nanoseconds: nanoseconds)
-            self.completeOnce(.failure(URLError(.timedOut)))
+        self.timeoutWorkItem?.cancel()
+        let delay = max(seconds, 0)
+        let workItem = DispatchWorkItem { [weak self] in
+            MainActor.assumeIsolated {
+                self?.completeOnce(.failure(URLError(.timedOut)))
+            }
         }
+        self.timeoutWorkItem = workItem
+        DispatchQueue.main.asyncAfter(deadline: .now() + delay, execute: workItem)
     }
 
     func webView(_ webView: WKWebView, didFinish navigation: WKNavigation!) {
         self.completeOnce(.success(()))
     }
 
+    func webView(_ webView: WKWebView, didCommit navigation: WKNavigation!) {
+        guard !self.hasCompleted else { return }
+        self.postCommitWorkItem?.cancel()
+        let workItem = DispatchWorkItem { [weak self] in
+            MainActor.assumeIsolated {
+                self?.completeOnce(.success(()))
+            }
+        }
+        self.postCommitWorkItem = workItem
+        DispatchQueue.main.asyncAfter(deadline: .now() + Self.postCommitSuccessDelay, execute: workItem)
+    }
+
     func webView(_ webView: WKWebView, didFail navigation: WKNavigation!, withError error: Error) {
         if Self.shouldIgnoreNavigationError(error) { return }
         self.completeOnce(.failure(error))
@@ -41,14 +57,24 @@ final class NavigationDelegate: NSObject, WKNavigationDelegate {
 
     nonisolated static func shouldIgnoreNavigationError(_ error: Error) -> Bool {
         let nsError = error as NSError
-        return nsError.domain == NSURLErrorDomain && nsError.code == NSURLErrorCancelled
+        if nsError.domain == NSURLErrorDomain, nsError.code == NSURLErrorCancelled {
+            return true
+        }
+
+        if nsError.domain == "WebKitErrorDomain", nsError.code == 102 {
+            return true
+        }
+
+        return false
     }
 
     private func completeOnce(_ result: Result<Void, Error>) {
         guard !self.hasCompleted else { return }
         self.hasCompleted = true
-        self.timeoutTask?.cancel()
-        self.timeoutTask = nil
+        self.timeoutWorkItem?.cancel()
+        self.timeoutWorkItem = nil
+        self.postCommitWorkItem?.cancel()
+        self.postCommitWorkItem = nil
         self.completion(result)
     }
 }
diff --git a/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardParser.swift b/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardParser.swift
index 88f9373e3..b2137f170 100644
--- a/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardParser.swift
+++ b/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardParser.swift
@@ -109,6 +109,20 @@ public enum OpenAIDashboardParser {
         return (primary, secondary)
     }
 
+    public static func parseCodeReviewLimit(bodyText: String, now: Date = .init()) -> RateWindow? {
+        let cleaned = bodyText.replacingOccurrences(of: "\r", with: "\n")
+        let lines = cleaned
+            .split(whereSeparator: \.isNewline)
+            .map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
+            .filter { !$0.isEmpty }
+
+        return self.parseRateWindow(
+            lines: lines,
+            match: self.isCodeReviewLimitLine,
+            windowMinutes: nil,
+            now: now)
+    }
+
     public static func parsePlanFromHTML(html: String) -> String? {
         if let data = self.clientBootstrapJSONData(fromHTML: html),
            let plan = self.findPlan(in: data)
@@ -139,11 +153,49 @@ public enum OpenAIDashboardParser {
     }
 
     private static func parseCreditsUsed(_ text: String) -> Double {
-        let cleaned = text
-            .replacingOccurrences(of: ",", with: "")
-            .replacingOccurrences(of: "credits", with: "", options: .caseInsensitive)
-            .trimmingCharacters(in: .whitespacesAndNewlines)
-        return Double(cleaned) ?? 0
+        guard let raw = self.firstNumberToken(in: text) else { return 0 }
+        let token = raw
+            .replacingOccurrences(of: "\u{00A0}", with: "")
+            .replacingOccurrences(of: "\u{202F}", with: "")
+            .replacingOccurrences(of: " ", with: "")
+        let hasComma = token.contains(",")
+        let hasDot = token.contains(".")
+        if hasComma, hasDot {
+            return TextParsing.firstNumber(pattern: #"([0-9][0-9.,\s\p{Zs}]*)"#, text: token) ?? 0
+        }
+        if hasComma {
+            if self.usesLocalizedDecimalCommaCreditLabel(text) {
+                return Double(token.replacingOccurrences(of: ",", with: ".")) ?? 0
+            }
+            if token.range(of: #"^\d{1,3}(,\d{3})+$"#, options: .regularExpression) != nil {
+                return Double(token.replacingOccurrences(of: ",", with: "")) ?? 0
+            }
+            return Double(token.replacingOccurrences(of: ",", with: ".")) ?? 0
+        }
+        return Double(token) ?? 0
+    }
+
+    private static func usesLocalizedDecimalCommaCreditLabel(_ text: String) -> Bool {
+        text
+            .lowercased()
+            .contains("crédit")
+    }
+
+    private static func firstNumberToken(in text: String) -> String? {
+        guard let regex = try? NSRegularExpression(
+            pattern: #"([0-9][0-9.,\s\p{Zs}]*)"#,
+            options: [])
+        else {
+            return nil
+        }
+        let range = NSRange(text.startIndex..<text.endIndex, in: text)
+        guard let match = regex.firstMatch(in: text, options: [], range: range),
+              match.numberOfRanges >= 2,
+              let tokenRange = Range(match.range(at: 1), in: text)
+        else {
+            return nil
+        }
+        return String(text[tokenRange])
     }
 
     // MARK: - Private
@@ -233,36 +285,38 @@ public enum OpenAIDashboardParser {
     private static func parseRateWindow(
         lines: [String],
         match: (String) -> Bool,
-        windowMinutes: Int,
+        windowMinutes: Int?,
         now: Date) -> RateWindow?
     {
-        guard let idx = lines.firstIndex(where: match) else { return nil }
-        let end = min(lines.count - 1, idx + 5)
-        let windowLines = Array(lines[idx...end])
-
-        var percentValue: Double?
-        var isRemaining = true
-        for line in windowLines {
-            if let percent = self.parsePercent(from: line) {
-                percentValue = percent.value
-                isRemaining = percent.isRemaining
-                break
+        for idx in lines.indices where match(lines[idx]) {
+            let end = min(lines.count - 1, idx + 5)
+            let windowLines = Array(lines[idx...end])
+
+            var percentValue: Double?
+            var isRemaining = true
+            for line in windowLines {
+                if let percent = self.parsePercent(from: line) {
+                    percentValue = percent.value
+                    isRemaining = percent.isRemaining
+                    break
+                }
             }
-        }
 
-        guard let percentValue else { return nil }
-        let usedPercent = isRemaining ? max(0, min(100, 100 - percentValue)) : max(0, min(100, percentValue))
+            guard let percentValue else { continue }
+            let usedPercent = isRemaining ? max(0, min(100, 100 - percentValue)) : max(0, min(100, percentValue))
 
-        let resetLine = windowLines.first { $0.localizedCaseInsensitiveContains("reset") }
-        let resetDescription = resetLine?.trimmingCharacters(in: .whitespacesAndNewlines)
-        let resetsAt = resetLine.flatMap { self.parseResetDate(from: $0, now: now) }
-        let fallbackDescription = resetsAt.map { UsageFormatter.resetDescription(from: $0) }
+            let resetLine = windowLines.first { $0.localizedCaseInsensitiveContains("reset") }
+            let resetDescription = resetLine?.trimmingCharacters(in: .whitespacesAndNewlines)
+            let resetsAt = resetLine.flatMap { self.parseResetDate(from: $0, now: now) }
+            let fallbackDescription = resetsAt.map { UsageFormatter.resetDescription(from: $0) }
 
-        return RateWindow(
-            usedPercent: usedPercent,
-            windowMinutes: windowMinutes,
-            resetsAt: resetsAt,
-            resetDescription: resetDescription ?? fallbackDescription)
+            return RateWindow(
+                usedPercent: usedPercent,
+                windowMinutes: windowMinutes,
+                resetsAt: resetsAt,
+                resetDescription: resetDescription ?? fallbackDescription)
+        }
+        return nil
     }
 
     private static func parsePercent(from line: String) -> (value: Double, isRemaining: Bool)? {
@@ -278,6 +332,7 @@ public enum OpenAIDashboardParser {
     private static func isFiveHourLimitLine(_ line: String) -> Bool {
         let lower = line.lowercased()
         if lower.contains("5h") { return true }
+        if lower.range(of: #"\b5\s*h\b"#, options: .regularExpression) != nil { return true }
         if lower.contains("5-hour") { return true }
         if lower.contains("5 hour") { return true }
         return false
@@ -289,9 +344,17 @@ public enum OpenAIDashboardParser {
         if lower.contains("7-day") { return true }
         if lower.contains("7 day") { return true }
         if lower.contains("7d") { return true }
+        if lower.range(of: #"\b7\s*d\b"#, options: .regularExpression) != nil { return true }
         return false
     }
 
+    private static func isCodeReviewLimitLine(_ line: String) -> Bool {
+        let lower = line.lowercased()
+        guard lower.contains("code review") || lower.contains("core review") else { return false }
+        if lower.contains("github code review") { return false }
+        return true
+    }
+
     private static func parseResetDate(from line: String, now: Date) -> Date? {
         var raw = line.trimmingCharacters(in: .whitespacesAndNewlines)
         raw = raw.replacingOccurrences(of: #"(?i)^resets?:?\s*"#, with: "", options: .regularExpression)
@@ -380,7 +443,12 @@ public enum OpenAIDashboardParser {
     }
 
     private static func weekdayMatch(in text: String) -> WeekdayMatch? {
-        let pattern = #"\b(mon|tue|tues|wed|thu|thur|thurs|fri|sat|sun)(day)?\b"#
+        // The optional "(day)?" suffix requires each alternative to be long enough that
+        // adding "day" reproduces the full weekday name. "wed"+"day"="wedday" and
+        // "sat"+"day"="satday", so the longer prefixes "wednes" and "satur" are needed
+        // to cover the full "Wednesday" and "Saturday" forms — mirroring how the existing
+        // "tue|tues" and "thu|thur|thurs" alternatives layer up to "tuesday"/"thursday".
+        let pattern = #"\b(mon|tue|tues|wed|wednes|thu|thur|thurs|fri|sat|satur|sun)(day)?\b"#
         guard let regex = try? NSRegularExpression(pattern: pattern, options: [.caseInsensitive]) else { return nil }
         let range = NSRange(text.startIndex..<text.endIndex, in: text)
         guard let match = regex.firstMatch(in: text, options: [], range: range),
@@ -469,7 +537,7 @@ public enum OpenAIDashboardParser {
             "essential",
         ]
         guard allowed.contains(where: { lower.contains($0) }) else { return nil }
-        return UsageFormatter.cleanPlanName(trimmed)
+        return CodexPlanFormatting.displayName(trimmed) ?? UsageFormatter.cleanPlanName(trimmed)
     }
 }
 
diff --git a/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardScrapeScript.swift b/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardScrapeScript.swift
index 25f32a456..b45d573c8 100644
--- a/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardScrapeScript.swift
+++ b/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardScrapeScript.swift
@@ -175,6 +175,105 @@ let openAIDashboardScrapeScript = """
         const normalized = normalizeHref(anchorHref || dataHref || propHref);
         return normalized && isLikelyCreditsURL(normalized) ? normalized : null;
       };
+      const cleanPlanName = (raw) => String(raw || '')
+        .replace(/\\b(claude|codex|account|plan)\\b/gi, ' ')
+        .replace(/_/g, ' ')
+        .replace(/-/g, ' ')
+        .replace(/\\s+/g, ' ')
+        .trim();
+      const codexPlanDisplayName = (raw) => {
+        const trimmed = String(raw || '').trim();
+        if (!trimmed) return null;
+        const lower = trimmed.toLowerCase();
+        const exact = {
+          pro: 'Pro 20x',
+          prolite: 'Pro 5x',
+          'pro_lite': 'Pro 5x',
+          'pro-lite': 'Pro 5x',
+          'pro lite': 'Pro 5x'
+        };
+        if (exact[lower]) return exact[lower];
+        const cleaned = cleanPlanName(trimmed);
+        if (!cleaned) return trimmed;
+        if (exact[cleaned.toLowerCase()]) return exact[cleaned.toLowerCase()];
+        return cleaned.split(' ')
+          .filter(Boolean)
+          .map(word => {
+            const wordLower = word.toLowerCase();
+            if (wordLower === 'cbp' || wordLower === 'k12') return wordLower.toUpperCase();
+            if (word === word.toUpperCase() && /[a-z]/i.test(word)) return word;
+            return word.charAt(0).toUpperCase() + word.slice(1);
+          })
+          .join(' ') || cleaned;
+      };
+      const normalizePlanValue = (value) => {
+        const trimmed = String(value || '').trim();
+        if (!trimmed) return null;
+        const lower = trimmed.toLowerCase();
+        const allowed = [
+          'free',
+          'plus',
+          'pro',
+          'team',
+          'enterprise',
+          'business',
+          'edu',
+          'education',
+          'gov',
+          'premium',
+          'essential'
+        ];
+        if (!allowed.some(token => lower.includes(token))) return null;
+        return codexPlanDisplayName(trimmed) || cleanPlanName(trimmed);
+      };
+      const planCandidate = (key, value) => {
+        const lower = String(key || '').toLowerCase();
+        if (!lower.includes('plan') && !lower.includes('tier') && !lower.includes('subscription')) return null;
+        if (typeof value === 'string') return normalizePlanValue(value);
+        if (value && typeof value === 'object' && !Array.isArray(value)) {
+          return normalizePlanValue(value.name) ||
+            normalizePlanValue(value.displayName) ||
+            normalizePlanValue(value.tier);
+        }
+        return null;
+      };
+      const findPlan = (root) => {
+        if (!root || typeof root !== 'object') return null;
+        const queue = [root];
+        const seenObjects = typeof WeakSet !== 'undefined' ? new WeakSet() : null;
+        let index = 0;
+        let seen = 0;
+        while (index < queue.length && seen < 6000) {
+          const cur = queue[index++];
+          seen++;
+          if (!cur || typeof cur !== 'object') continue;
+          if (seenObjects) {
+            if (seenObjects.has(cur)) continue;
+            seenObjects.add(cur);
+          }
+          if (Array.isArray(cur)) {
+            for (const v of cur) {
+              if (v && typeof v === 'object') queue.push(v);
+            }
+            continue;
+          }
+          for (const [k, v] of Object.entries(cur)) {
+            const plan = planCandidate(k, v);
+            if (plan) return plan;
+            if (v && typeof v === 'object') queue.push(v);
+          }
+        }
+        return null;
+      };
+      const parseJSONScript = (id) => {
+        try {
+          const node = document.getElementById(id);
+          const raw = node && node.textContent ? String(node.textContent) : '';
+          return raw ? JSON.parse(raw) : null;
+        } catch {
+          return null;
+        }
+      };
       const pickLikelyPurchaseButton = (buttons) => {
         if (!buttons || buttons.length === 0) return null;
         const labeled = buttons.find(btn => {
@@ -203,6 +302,12 @@ let openAIDashboardScrapeScript = """
       };
       const dayKeyFromPayload = (payload) => {
         if (!payload || typeof payload !== 'object') return null;
+        const localDayKeyForDate = (date) => {
+          const year = date.getFullYear();
+          const month = String(date.getMonth() + 1).padStart(2, '0');
+          const day = String(date.getDate()).padStart(2, '0');
+          return `${year}-${month}-${day}`;
+        };
         const keys = ['day', 'date', 'name', 'label', 'x', 'time', 'timestamp'];
         for (const k of keys) {
           const v = payload[k];
@@ -215,15 +320,20 @@ let openAIDashboardScrapeScript = """
           if (typeof v === 'number' && Number.isFinite(v) && (k === 'timestamp' || k === 'time' || k === 'x')) {
             try {
               const d = new Date(v);
-              if (!isNaN(d.getTime())) return d.toISOString().slice(0, 10);
+              if (!isNaN(d.getTime())) return localDayKeyForDate(d);
             } catch {}
           }
         }
         return null;
       };
+      const isSkillUsageServiceKey = (raw) => {
+        const key = raw === null || raw === undefined ? '' : String(raw).trim().toLowerCase();
+        return key.startsWith('skillusage:');
+      };
       const displayNameForUsageServiceKey = (raw) => {
         const key = raw === null || raw === undefined ? '' : String(raw).trim();
         if (!key) return key;
+        if (isSkillUsageServiceKey(key)) return null;
         if (key.toUpperCase() === key && key.length <= 6) return key;
         const lower = key.toLowerCase();
         if (lower === 'cli') return 'CLI';
@@ -231,20 +341,136 @@ let openAIDashboardScrapeScript = """
         const words = lower.replace(/[_-]+/g, ' ').split(' ').filter(Boolean);
         return words.map(w => w.length <= 2 ? w.toUpperCase() : w.charAt(0).toUpperCase() + w.slice(1)).join(' ');
       };
-      const usageBreakdownJSON = (() => {
+      const isLikelyCodexUsageService = (raw) => {
+        const service = raw === null || raw === undefined ? '' : String(raw).trim().toLowerCase();
+        return (
+          service === 'cli' ||
+          service === 'desktop' ||
+          service === 'desktop app' ||
+          service === 'vscode' ||
+          service === 'vs code' ||
+          service === 'unknown' ||
+          (service.includes('github') && service.includes('review'))
+        );
+      };
+      const usageChartRootForPath = (path) => {
+        if (!path || !path.closest) return null;
+        return (
+          path.closest('.recharts-wrapper') ||
+          path.closest('svg.recharts-surface') ||
+          path.closest('section') ||
+          path.parentElement ||
+          null
+        );
+      };
+      const uniqueUsageChartRoots = (paths) => {
+        const roots = [];
+        for (const path of paths) {
+          const root = usageChartRootForPath(path);
+          if (root && !roots.includes(root)) roots.push(root);
+        }
+        return roots;
+      };
+      const usageBreakdownTitleScore = (title) => {
+        const lower = String(title || '').trim().toLowerCase().replace(/\\s+/g, ' ');
+        if (!lower) return 0;
+        if (lower === 'usage breakdown') return 1000000;
+        if (lower.includes('usage breakdown')) return 900000;
+        if (lower === 'personal usage') return 800000;
+        if (lower.includes('threads') ||
+          lower.includes('turns') ||
+          lower.includes('client') ||
+          lower.includes('skill') ||
+          lower.includes('invocation')) return -1000000;
+        return 0;
+      };
+      const titleLikeElements = (scope) => {
         try {
-          if (window.__codexbarUsageBreakdownJSON) return window.__codexbarUsageBreakdownJSON;
-
-          const sections = Array.from(document.querySelectorAll('section'));
-          const usageSection = sections.find(s => {
-            const h2 = s.querySelector('h2');
-            return h2 && textOf(h2).toLowerCase().startsWith('usage breakdown');
-          });
-          if (!usageSection) return null;
+          return Array.from(scope.querySelectorAll('h1,h2,h3,[role=\"heading\"],div,span,p'))
+            .filter(el => {
+              const title = textOf(el);
+              const lower = title.toLowerCase();
+              const tag = el.tagName ? el.tagName.toLowerCase() : '';
+              const isHeading = tag === 'h1' ||
+                tag === 'h2' ||
+                tag === 'h3' ||
+                String(el.getAttribute('role') || '').toLowerCase() === 'heading';
+              return title.length > 0 &&
+                title.length <= 80 &&
+                (
+                  isHeading ||
+                  usageBreakdownTitleScore(title) !== 0 ||
+                  lower.includes('usage breakdown') ||
+                  lower.includes('threads') ||
+                  lower.includes('turns') ||
+                  lower.includes('client') ||
+                  lower.includes('skill') ||
+                  lower.includes('invocation')
+                );
+            });
+        } catch {
+          return [];
+        }
+      };
+      const titleNodePrecedesRoot = (titleNode, root) => {
+        if (!titleNode || titleNode === root || root.contains(titleNode) || titleNode.contains(root)) return false;
+        const relation = titleNode.compareDocumentPosition(root);
+        return Boolean(relation & Node.DOCUMENT_POSITION_FOLLOWING);
+      };
+      const nearestScoredChartTitleInScope = (scope, root) => {
+        let best = null;
+        for (const titleNode of titleLikeElements(scope)) {
+          if (!titleNodePrecedesRoot(titleNode, root)) continue;
+          const title = textOf(titleNode);
+          const score = usageBreakdownTitleScore(title);
+          if (score === 0) continue;
+          if (!best || score >= best.score) best = { title, score };
+        }
+        return best ? best.title : '';
+      };
+      const chartTitleBoundaryForRoot = (root) => {
+        if (!root) return null;
+        try {
+          return root.closest('section,[role=\"region\"],article') || root.parentElement || null;
+        } catch {
+          return root.parentElement || null;
+        }
+      };
+      const nearestTitleTextInScope = (scope, root) => {
+        if (!scope) return '';
+        let nearest = null;
+        for (const titleNode of titleLikeElements(scope)) {
+          if (titleNodePrecedesRoot(titleNode, root)) nearest = titleNode;
+        }
+        return textOf(nearest);
+      };
+      const nearestChartTitleTextForRoot = (root) => {
+        if (!root) return '';
+        try {
+          const boundary = chartTitleBoundaryForRoot(root) || root.parentElement || null;
+          let ancestor = root.parentElement || null;
+          for (let i = 0; i < 8 && ancestor; i++) {
+            const scoredTitle = nearestScoredChartTitleInScope(ancestor, root);
+            if (scoredTitle) return scoredTitle;
+            if (ancestor === boundary) break;
+            ancestor = ancestor.parentElement || null;
+          }
 
-          const legendMap = {};
+          return nearestTitleTextInScope(boundary, root);
+        } catch {
+          return '';
+        }
+      };
+      const legendMapForUsageChartRoot = (root) => {
+        const legendMap = {};
+        const scopes = [
+          root,
+          root && root.parentElement,
+          root && root.closest ? root.closest('section') : null
+        ].filter(Boolean);
+        for (const scope of scopes) {
           try {
-            const legendItems = Array.from(usageSection.querySelectorAll('div[title]'));
+            const legendItems = Array.from(scope.querySelectorAll('div[title]'));
             for (const item of legendItems) {
               const title = item.getAttribute('title') ? String(item.getAttribute('title')).trim() : '';
               const square = item.querySelector('div[style*=\"background-color\"]');
@@ -255,11 +481,92 @@ let openAIDashboardScrapeScript = """
               if (title && hex) legendMap[hex] = title;
             }
           } catch {}
+          if (Object.keys(legendMap).length > 0) break;
+        }
+        return legendMap;
+      };
+      const parseUsageBreakdownFromChartPaths = (paths, legendMap) => {
+        const totalsByDay = {}; // day -> service -> value
+        const addValue = (day, service, value) => {
+          if (!day || !service || isSkillUsageServiceKey(service)) return false;
+          if (typeof value !== 'number' || !Number.isFinite(value) || value <= 0) return false;
+          if (!totalsByDay[day]) totalsByDay[day] = {};
+          totalsByDay[day][service] = (totalsByDay[day][service] || 0) + value;
+          return true;
+        };
+        let pointCount = 0;
+        for (const path of paths) {
+          const meta = barMetaFromElement(path) || barMetaFromElement(path.parentElement) || null;
+          if (!meta) continue;
+
+          const payload = meta.payload || null;
+          const day = dayKeyFromPayload(payload);
+          if (!day) continue;
+
+          const valuesObj = (payload && payload.values && typeof payload.values === 'object') ? payload.values : null;
+          if (valuesObj) {
+            for (const [k, v] of Object.entries(valuesObj)) {
+              const service = displayNameForUsageServiceKey(k);
+              if (addValue(day, service, v)) pointCount++;
+            }
+            continue;
+          }
 
-          const totalsByDay = {}; // day -> service -> value
-          const paths = Array.from(usageSection.querySelectorAll('g.recharts-bar-rectangle path.recharts-rectangle'));
+          let value = null;
+          if (typeof meta.value === 'number' && Number.isFinite(meta.value)) value = meta.value;
+          if (value === null && typeof meta.value === 'string') {
+            const v = parseFloat(meta.value.replace(/,/g, ''));
+            if (Number.isFinite(v)) value = v;
+          }
+          if (value === null) continue;
+
+          const fill = parseHexColor(meta.fill || path.getAttribute('fill'));
+          const service =
+            (fill && legendMap[fill]) ||
+            (typeof meta.name === 'string' && meta.name) ||
+            null;
+          if (addValue(day, service, value)) pointCount++;
+        }
+
+        const dayKeys = Object.keys(totalsByDay)
+          .filter(day => Object.keys(totalsByDay[day] || {}).length > 0)
+          .sort((a, b) => b.localeCompare(a))
+          .slice(0, 30);
+        const breakdown = dayKeys.map(day => {
+          const servicesMap = totalsByDay[day] || {};
+          const services = Object.keys(servicesMap).map(service => ({
+            service,
+            creditsUsed: servicesMap[service]
+          })).sort((a, b) => {
+            if (a.creditsUsed === b.creditsUsed) return a.service.localeCompare(b.service);
+            return b.creditsUsed - a.creditsUsed;
+          });
+          const totalCreditsUsed = services.reduce((sum, s) => sum + (Number(s.creditsUsed) || 0), 0);
+          return { day, services, totalCreditsUsed };
+        });
+        const services = Array.from(new Set(breakdown.flatMap(day => day.services.map(service => service.service))));
+        const totalCreditsUsed = breakdown.reduce((sum, day) => sum + (Number(day.totalCreditsUsed) || 0), 0);
+        const likelyCodexServiceCount = services.filter(isLikelyCodexUsageService).length;
+        return {
+          breakdown,
+          pointCount,
+          services,
+          totalCreditsUsed,
+          likelyCodexServiceCount,
+          score: likelyCodexServiceCount * 1000 + services.length * 100 + pointCount + totalCreditsUsed / 1000
+        };
+      };
+      const usageBreakdownJSON = (() => {
+        try {
+          if (window.__codexbarUsageBreakdownJSON) return window.__codexbarUsageBreakdownJSON;
+
+          const paths = Array.from(document.querySelectorAll('g.recharts-bar-rectangle path.recharts-rectangle'));
           let debug = {
             pathCount: paths.length,
+            chartCount: 0,
+            eligibleCandidateCount: 0,
+            selectedCandidateTitle: null,
+            candidateSummaries: [],
             sampleReactKeys: null,
             sampleMetaKeys: null,
             samplePayloadKeys: null,
@@ -286,59 +593,51 @@ let openAIDashboardScrapeScript = """
               }
             }
           } catch {}
-          for (const path of paths) {
-            const meta = barMetaFromElement(path) || barMetaFromElement(path.parentElement) || null;
-            if (!meta) continue;
-
-            const payload = meta.payload || null;
-            const day = dayKeyFromPayload(payload);
-            if (!day) continue;
 
-            const valuesObj = (payload && payload.values && typeof payload.values === 'object') ? payload.values : null;
-            if (valuesObj) {
-              if (!totalsByDay[day]) totalsByDay[day] = {};
-              for (const [k, v] of Object.entries(valuesObj)) {
-                if (typeof v !== 'number' || !Number.isFinite(v) || v <= 0) continue;
-                const service = displayNameForUsageServiceKey(k);
-                if (!service) continue;
-                totalsByDay[day][service] = (totalsByDay[day][service] || 0) + v;
-              }
-              continue;
+          const roots = uniqueUsageChartRoots(paths);
+          debug.chartCount = roots.length;
+          const candidates = roots.map(root => {
+            const chartPaths = paths.filter(path => usageChartRootForPath(path) === root);
+            const title = nearestChartTitleTextForRoot(root);
+            const titleScore = usageBreakdownTitleScore(title);
+            const parsed = parseUsageBreakdownFromChartPaths(chartPaths, legendMapForUsageChartRoot(root));
+            return {
+              root,
+              title,
+              titleScore,
+              pathCount: chartPaths.length,
+              ...parsed,
+              score: titleScore + parsed.score
+            };
+          }).filter(candidate => candidate.breakdown.length > 0);
+          const rejectedTitleCandidates = candidates.filter(candidate => candidate.titleScore < 0);
+          const titledCandidates = candidates.filter(candidate => candidate.titleScore > 0);
+          const unknownTitleCandidates = candidates.filter(candidate => candidate.titleScore === 0);
+          const eligibleCandidates = titledCandidates;
+          eligibleCandidates.sort((a, b) => b.score - a.score);
+          debug.eligibleCandidateCount = eligibleCandidates.length;
+          debug.selectedCandidateTitle = eligibleCandidates[0] ? eligibleCandidates[0].title : null;
+          if (eligibleCandidates.length === 0 && candidates.length > 0) {
+            if (unknownTitleCandidates.length > 0) {
+              debug.error = 'No English usage breakdown chart title found. Candidate titles: ' +
+                candidates.map(candidate => candidate.title || 'Untitled chart').join(', ');
+            } else if (rejectedTitleCandidates.length > 0) {
+              debug.error = 'Only non-usage chart candidates found: ' +
+                rejectedTitleCandidates.map(candidate => candidate.title || 'Untitled chart').join(', ');
             }
-
-            let value = null;
-            if (typeof meta.value === 'number' && Number.isFinite(meta.value)) value = meta.value;
-            if (value === null && typeof meta.value === 'string') {
-              const v = parseFloat(meta.value.replace(/,/g, ''));
-              if (Number.isFinite(v)) value = v;
-            }
-            if (value === null) continue;
-
-            const fill = parseHexColor(meta.fill || path.getAttribute('fill'));
-            const service =
-              (fill && legendMap[fill]) ||
-              (typeof meta.name === 'string' && meta.name) ||
-              null;
-            if (!service) continue;
-
-            if (!totalsByDay[day]) totalsByDay[day] = {};
-            totalsByDay[day][service] = (totalsByDay[day][service] || 0) + value;
           }
+          debug.candidateSummaries = candidates.slice(0, 6).map(candidate => ({
+            title: candidate.title,
+            titleScore: candidate.titleScore,
+            pathCount: candidate.pathCount,
+            dayCount: candidate.breakdown.length,
+            pointCount: candidate.pointCount,
+            serviceCount: candidate.services.length,
+            likelyCodexServiceCount: candidate.likelyCodexServiceCount,
+            services: candidate.services.slice(0, 8)
+          }));
 
-          const dayKeys = Object.keys(totalsByDay).sort((a, b) => b.localeCompare(a)).slice(0, 30);
-          const breakdown = dayKeys.map(day => {
-            const servicesMap = totalsByDay[day] || {};
-            const services = Object.keys(servicesMap).map(service => ({
-              service,
-              creditsUsed: servicesMap[service]
-            })).sort((a, b) => {
-              if (a.creditsUsed === b.creditsUsed) return a.service.localeCompare(b.service);
-              return b.creditsUsed - a.creditsUsed;
-            });
-            const totalCreditsUsed = services.reduce((sum, s) => sum + (Number(s.creditsUsed) || 0), 0);
-            return { day, services, totalCreditsUsed };
-          });
-
+          const breakdown = eligibleCandidates[0] ? eligibleCandidates[0].breakdown : [];
           const json = (breakdown.length > 0) ? JSON.stringify(breakdown) : null;
           window.__codexbarUsageBreakdownJSON = json;
           window.__codexbarUsageBreakdownDebug = json ? null : JSON.stringify(debug);
@@ -354,6 +653,15 @@ let openAIDashboardScrapeScript = """
           return null;
         }
       })();
+      const usageBreakdownError = (() => {
+        try {
+          if (!usageBreakdownDebug) return null;
+          const parsed = JSON.parse(usageBreakdownDebug);
+          return parsed && parsed.error ? String(parsed.error) : null;
+        } catch {
+          return null;
+        }
+      })();
       const bodyText = document.body ? String(document.body.innerText || '').trim() : '';
       const href = window.location ? String(window.location.href || '') : '';
       const workspacePicker = bodyText.includes('Select a workspace');
@@ -389,6 +697,16 @@ let openAIDashboardScrapeScript = """
       let didScrollToCredits = false;
       let rows = [];
       try {
+        const looksLikeCreditsEventRow = (cells) => {
+          if (!cells || cells.length < 3) return false;
+          const first = String(cells[0] || '');
+          const amount = String(cells[2] || '');
+          return /\\d{4}|\\d{1,2}[\\/.\\-]\\d{1,2}/.test(first) && /\\d/.test(amount);
+        };
+        const allTableRows = () => Array.from(document.querySelectorAll('tbody tr')).map(tr => {
+          const cells = Array.from(tr.querySelectorAll('td')).map(td => textOf(td));
+          return cells;
+        }).filter(looksLikeCreditsEventRow);
         const headings = Array.from(document.querySelectorAll('h1,h2,h3'));
         const header = headings.find(h => textOf(h).toLowerCase() === 'credits usage history');
         if (header) {
@@ -405,6 +723,9 @@ let openAIDashboardScrapeScript = """
             const cells = Array.from(tr.querySelectorAll('td')).map(td => textOf(td));
             return cells;
           }).filter(r => r.length >= 3);
+          if (rows.length === 0) {
+            rows = allTableRows();
+          }
           if (rows.length === 0 && !window.__codexbarDidScrollToCredits) {
             window.__codexbarDidScrollToCredits = true;
             // If the table is virtualized/lazy-loaded, we need to scroll to trigger rendering even if the
@@ -416,6 +737,13 @@ let openAIDashboardScrapeScript = """
             didScrollToCredits = true;
           }
         } else if (rows.length === 0 && !window.__codexbarDidScrollToCredits && scrollHeight > viewportHeight * 1.5) {
+          rows = allTableRows();
+          if (rows.length > 0) {
+            creditsHeaderPresent = true;
+            creditsHeaderInViewport = true;
+          }
+        }
+        if (rows.length === 0 && !window.__codexbarDidScrollToCredits && scrollHeight > viewportHeight * 1.5) {
           // The credits history section often isn't part of the DOM until you scroll down. Nudge the page
           // once so subsequent scrapes can find the header and rows.
           window.__codexbarDidScrollToCredits = true;
@@ -458,6 +786,8 @@ let openAIDashboardScrapeScript = """
       } catch {}
 
       let signedInEmail = null;
+      let authStatus = null;
+      let accountPlan = null;
       try {
         const next = window.__NEXT_DATA__ || null;
         const props = (next && next.props && next.props.pageProps) ? next.props.pageProps : null;
@@ -466,12 +796,29 @@ let openAIDashboardScrapeScript = """
         signedInEmail = userEmail || sessionEmail || null;
       } catch {}
 
+      const clientBootstrap = parseJSONScript('client-bootstrap');
+      if (clientBootstrap) {
+        try {
+          authStatus = typeof clientBootstrap.authStatus === 'string' ? clientBootstrap.authStatus : null;
+          if (!signedInEmail) {
+            const session = clientBootstrap.session || null;
+            const user = (session && session.user) || clientBootstrap.user || null;
+            const email = user && typeof user.email === 'string' ? user.email : null;
+            if (email && email.includes('@')) signedInEmail = email;
+          }
+          if (!accountPlan) accountPlan = findPlan(clientBootstrap);
+        } catch {}
+      }
+      if (!accountPlan) {
+        try {
+          accountPlan = findPlan(window.__NEXT_DATA__ || parseJSONScript('__NEXT_DATA__'));
+        } catch {}
+      }
+
       if (!signedInEmail) {
         try {
-          const node = document.getElementById('__NEXT_DATA__');
-          const raw = node && node.textContent ? String(node.textContent) : '';
-          if (raw) {
-            const obj = JSON.parse(raw);
+          const obj = parseJSONScript('__NEXT_DATA__');
+          if (obj) {
             const queue = [obj];
             let seen = 0;
             while (queue.length && seen < 2000 && !signedInEmail) {
@@ -539,12 +886,14 @@ let openAIDashboardScrapeScript = """
         cloudflareInterstitial,
         href,
         bodyText,
-        bodyHTML: document.documentElement ? String(document.documentElement.outerHTML || '') : '',
         signedInEmail,
+        authStatus,
+        accountPlan,
         creditsPurchaseURL,
         rows,
         usageBreakdownJSON,
         usageBreakdownDebug,
+        usageBreakdownError,
         scrollY,
         scrollHeight,
         viewportHeight,
diff --git a/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardWebViewCache.swift b/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardWebViewCache.swift
index 49e6a9280..1e9a91d3d 100644
--- a/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardWebViewCache.swift
+++ b/Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardWebViewCache.swift
@@ -6,6 +6,7 @@ import WebKit
 struct OpenAIDashboardWebViewLease {
     let webView: WKWebView
     let log: (String) -> Void
+    let setPreserveLoadedPageOnRelease: (Bool) -> Void
     let release: () -> Void
 }
 
@@ -14,22 +15,137 @@ final class OpenAIDashboardWebViewCache {
     static let shared = OpenAIDashboardWebViewCache()
     fileprivate static let log = CodexBarLog.logger(LogCategories.openAIWebview)
 
+    private final class ReleaseState {
+        var preserveLoadedPageOnRelease: Bool
+
+        init(preserveLoadedPageOnRelease: Bool) {
+            self.preserveLoadedPageOnRelease = preserveLoadedPageOnRelease
+        }
+    }
+
+    private struct AcquireOptions {
+        let allowTimeoutRetry: Bool
+        let preserveLoadedPageOnRelease: Bool
+    }
+
     private final class Entry {
         let webView: WKWebView
         let host: OffscreenWebViewHost
         var lastUsedAt: Date
         var isBusy: Bool
+        var preservedPageExpiresAt: Date?
+        var preservedPageExpiryWorkItem: DispatchWorkItem?
 
-        init(webView: WKWebView, host: OffscreenWebViewHost, lastUsedAt: Date, isBusy: Bool) {
+        init(
+            webView: WKWebView,
+            host: OffscreenWebViewHost,
+            lastUsedAt: Date,
+            isBusy: Bool,
+            preservedPageExpiresAt: Date? = nil)
+        {
             self.webView = webView
             self.host = host
             self.lastUsedAt = lastUsedAt
             self.isBusy = isBusy
+            self.preservedPageExpiresAt = preservedPageExpiresAt
+        }
+
+        func armPreservedPage(until expiry: Date) {
+            self.preservedPageExpiresAt = expiry
+        }
+
+        func setPreservedPageExpiryWorkItem(_ workItem: DispatchWorkItem?) {
+            self.preservedPageExpiryWorkItem?.cancel()
+            self.preservedPageExpiryWorkItem = workItem
+        }
+
+        func clearPreservedPage() {
+            self.preservedPageExpiresAt = nil
+            self.preservedPageExpiryWorkItem?.cancel()
+            self.preservedPageExpiryWorkItem = nil
+        }
+
+        func consumePreservedPageReuseIfAvailable(now: Date) -> Bool {
+            guard let preservedPageExpiresAt else { return false }
+            self.preservedPageExpiresAt = nil
+            self.preservedPageExpiryWorkItem?.cancel()
+            self.preservedPageExpiryWorkItem = nil
+            return preservedPageExpiresAt > now
+        }
+
+        func hasExpiredPreservedPage(now: Date) -> Bool {
+            guard let preservedPageExpiresAt else { return false }
+            return preservedPageExpiresAt <= now
         }
     }
 
     private var entries: [ObjectIdentifier: Entry] = [:]
-    private let idleTimeout: TimeInterval = 10 * 60
+    /// Keep the WebView alive only long enough for immediate retries/menu reopens.
+    /// Long-lived hidden ChatGPT tabs still consume noticeable energy on some setups.
+    private let idleTimeout: TimeInterval = 60
+    /// Reuse the validated analytics page only for the immediate next handoff.
+    private let preservedPageHandoffTimeout: TimeInterval = 5
+    private let blankURL = URL(string: "about:blank")!
+    private let idlePageClearScript = """
+    (() => {
+      try {
+        document.documentElement.innerHTML = '';
+        return true;
+      } catch {
+        return false;
+      }
+    })();
+    """
+    private let reusablePageResetScript = """
+    (() => {
+      try {
+        delete window.__codexbarDidScrollToCredits;
+        delete window.__codexbarUsageBreakdownJSON;
+        delete window.__codexbarUsageBreakdownDebug;
+        return true;
+      } catch {
+        return false;
+      }
+    })();
+    """
+    private let preferredLanguageScript = """
+    (() => {
+      const define = (target, name, value) => {
+        try {
+          Object.defineProperty(target, name, {
+            get: () => value,
+            configurable: true
+          });
+        } catch {}
+      };
+      define(Navigator.prototype, 'language', 'en-US');
+      define(Navigator.prototype, 'languages', ['en-US', 'en']);
+      define(navigator, 'language', 'en-US');
+      define(navigator, 'languages', ['en-US', 'en']);
+    })();
+    """
+
+    private func releaseCachedEntry(_ entry: Entry, preserveLoadedPage: Bool) {
+        entry.isBusy = false
+        entry.lastUsedAt = Date()
+        self.updatePreservedPageState(for: entry, preserveLoadedPage: preserveLoadedPage)
+        self.prepareCachedWebViewForIdle(
+            entry.webView,
+            host: entry.host,
+            preserveLoadedPage: preserveLoadedPage)
+        self.prune(now: Date())
+    }
+
+    private func releaseNewEntry(_ entry: Entry, webView: WKWebView, preserveLoadedPage: Bool) {
+        entry.isBusy = false
+        entry.lastUsedAt = Date()
+        self.updatePreservedPageState(for: entry, preserveLoadedPage: preserveLoadedPage)
+        self.prepareCachedWebViewForIdle(
+            webView,
+            host: entry.host,
+            preserveLoadedPage: preserveLoadedPage)
+        self.prune(now: Date())
+    }
 
     // MARK: - Testing support
 
@@ -50,20 +166,96 @@ final class OpenAIDashboardWebViewCache {
         self.prune(now: now)
     }
 
+    var idleTimeoutForTesting: TimeInterval {
+        self.idleTimeout
+    }
+
+    var preservedPageHandoffTimeoutForTesting: TimeInterval {
+        self.preservedPageHandoffTimeout
+    }
+
+    func hasPreservedPageForTesting(for websiteDataStore: WKWebsiteDataStore) -> Bool {
+        let key = ObjectIdentifier(websiteDataStore)
+        return self.entries[key]?.preservedPageExpiresAt != nil
+    }
+
+    func markPreservedPageForTesting(
+        websiteDataStore: WKWebsiteDataStore,
+        expiresAt: Date = .init().addingTimeInterval(5))
+    {
+        let key = ObjectIdentifier(websiteDataStore)
+        guard let entry = self.entries[key] else { return }
+        entry.armPreservedPage(until: expiresAt)
+        self.schedulePreservedPageExpiry(for: key, entry: entry, expiresAt: expiresAt)
+    }
+
+    func consumePreservedPageForTesting(websiteDataStore: WKWebsiteDataStore, now: Date = Date()) -> Bool {
+        let key = ObjectIdentifier(websiteDataStore)
+        guard let entry = self.entries[key] else { return false }
+        return entry.consumePreservedPageReuseIfAvailable(now: now)
+    }
+
+    /// Seed a cached entry without navigating a real page (for test stability).
+    @discardableResult
+    func cacheEntryForTesting(
+        websiteDataStore: WKWebsiteDataStore,
+        lastUsedAt: Date = Date(),
+        isBusy: Bool = false) -> WKWebView
+    {
+        let key = ObjectIdentifier(websiteDataStore)
+        if let existing = self.entries.removeValue(forKey: key) {
+            existing.host.close()
+        }
+
+        let (webView, host) = self.makeWebView(websiteDataStore: websiteDataStore)
+        let entry = Entry(webView: webView, host: host, lastUsedAt: lastUsedAt, isBusy: isBusy)
+        self.entries[key] = entry
+        if isBusy {
+            host.show()
+        } else {
+            host.hide()
+        }
+        return webView
+    }
+
     /// Clear all cached entries (for test isolation).
     func clearAllForTesting() {
         for (_, entry) in self.entries {
+            entry.clearPreservedPage()
             entry.host.close()
         }
         self.entries.removeAll()
     }
+
+    func resetReusablePageStateForTesting(_ webView: WKWebView) async -> Bool {
+        await self.resetReusablePageState(webView)
+    }
     #endif
 
     func acquire(
         websiteDataStore: WKWebsiteDataStore,
         usageURL: URL,
         logger: ((String) -> Void)?,
-        navigationTimeout: TimeInterval = 15) async throws -> OpenAIDashboardWebViewLease
+        navigationTimeout: TimeInterval = 15,
+        preserveLoadedPageOnRelease: Bool = false) async throws -> OpenAIDashboardWebViewLease
+    {
+        let deadline = Date().addingTimeInterval(max(navigationTimeout, 1))
+        return try await self.acquire(
+            websiteDataStore: websiteDataStore,
+            usageURL: usageURL,
+            logger: logger,
+            deadline: deadline,
+            options: .init(
+                allowTimeoutRetry: true,
+                preserveLoadedPageOnRelease: preserveLoadedPageOnRelease))
+    }
+
+    private func acquire(
+        websiteDataStore: WKWebsiteDataStore,
+        usageURL: URL,
+        logger: ((String) -> Void)?,
+        deadline: Date,
+        options: AcquireOptions) async throws -> OpenAIDashboardWebViewLease
     {
         let now = Date()
         self.prune(now: now)
@@ -72,6 +264,7 @@ final class OpenAIDashboardWebViewCache {
             logger?("[webview] \(message)")
         }
         let key = ObjectIdentifier(websiteDataStore)
+        let remainingTimeout = max(0.5, deadline.timeIntervalSince(now))
 
         if let entry = self.entries[key] {
             if entry.isBusy {
@@ -79,25 +272,62 @@ final class OpenAIDashboardWebViewCache {
                 let (webView, host) = self.makeWebView(websiteDataStore: websiteDataStore)
                 host.show()
                 do {
-                    try await self.prepareWebView(webView, usageURL: usageURL, timeout: navigationTimeout)
+                    try await self.prepareWebView(
+                        webView,
+                        usageURL: usageURL,
+                        timeout: remainingTimeout,
+                        canReuseLoadedPage: false)
                 } catch {
+                    if options.allowTimeoutRetry, Self.isPrepareTimeout(error) {
+                        host.close()
+                        log("Temporary OpenAI WebView timed out; retrying with a fresh WebView.")
+                        return try await self.acquireTemporaryWebView(
+                            websiteDataStore: websiteDataStore,
+                            usageURL: usageURL,
+                            log: log,
+                            deadline: deadline)
+                    }
                     host.close()
                     throw error
                 }
                 return OpenAIDashboardWebViewLease(
                     webView: webView,
                     log: log,
+                    setPreserveLoadedPageOnRelease: { _ in },
                     release: { host.close() })
             }
 
             entry.isBusy = true
             entry.lastUsedAt = now
+            let canReuseLoadedPage = entry.consumePreservedPageReuseIfAvailable(now: now)
+            let releaseState = ReleaseState(preserveLoadedPageOnRelease: options.preserveLoadedPageOnRelease)
             entry.host.show()
             do {
-                try await self.prepareWebView(entry.webView, usageURL: usageURL, timeout: navigationTimeout)
+                try await self.prepareWebView(
+                    entry.webView,
+                    usageURL: usageURL,
+                    timeout: remainingTimeout,
+                    canReuseLoadedPage: canReuseLoadedPage)
             } catch {
+                if options.allowTimeoutRetry, Self.isPrepareTimeout(error) {
+                    entry.isBusy = false
+                    entry.lastUsedAt = Date()
+                    entry.clearPreservedPage()
+                    entry.host.close()
+                    self.entries.removeValue(forKey: key)
+                    log("Cached OpenAI WebView timed out; recreating it.")
+                    return try await self.acquire(
+                        websiteDataStore: websiteDataStore,
+                        usageURL: usageURL,
+                        logger: logger,
+                        deadline: deadline,
+                        options: .init(
+                            allowTimeoutRetry: false,
+                            preserveLoadedPageOnRelease: options.preserveLoadedPageOnRelease))
+                }
                 entry.isBusy = false
                 entry.lastUsedAt = Date()
+                entry.clearPreservedPage()
                 entry.host.close()
                 self.entries.removeValue(forKey: key)
                 Self.log.warning("OpenAI webview prepare failed")
@@ -107,15 +337,14 @@ final class OpenAIDashboardWebViewCache {
             return OpenAIDashboardWebViewLease(
                 webView: entry.webView,
                 log: log,
+                setPreserveLoadedPageOnRelease: { preserveLoadedPageOnRelease in
+                    releaseState.preserveLoadedPageOnRelease = preserveLoadedPageOnRelease
+                },
                 release: { [weak self, weak entry] in
                     guard let self, let entry else { return }
-                    entry.isBusy = false
-                    entry.lastUsedAt = Date()
-                    // Hide instead of close - keep WebView cached for reuse.
-                    // This avoids re-downloading the ChatGPT SPA bundle on every refresh,
-                    // saving significant network bandwidth. See GitHub issues #269, #251.
-                    entry.host.hide()
-                    self.prune(now: Date())
+                    self.releaseCachedEntry(
+                        entry,
+                        preserveLoadedPage: releaseState.preserveLoadedPageOnRelease)
                 })
         }
 
@@ -123,10 +352,28 @@ final class OpenAIDashboardWebViewCache {
         let entry = Entry(webView: webView, host: host, lastUsedAt: now, isBusy: true)
         self.entries[key] = entry
         host.show()
+        let releaseState = ReleaseState(preserveLoadedPageOnRelease: options.preserveLoadedPageOnRelease)
 
         do {
-            try await self.prepareWebView(webView, usageURL: usageURL, timeout: navigationTimeout)
+            try await self.prepareWebView(
+                webView,
+                usageURL: usageURL,
+                timeout: remainingTimeout,
+                canReuseLoadedPage: false)
         } catch {
+            if options.allowTimeoutRetry, Self.isPrepareTimeout(error) {
+                self.entries.removeValue(forKey: key)
+                host.close()
+                log("OpenAI WebView timed out during prepare; retrying once.")
+                return try await self.acquire(
+                    websiteDataStore: websiteDataStore,
+                    usageURL: usageURL,
+                    logger: logger,
+                    deadline: deadline,
+                    options: .init(
+                        allowTimeoutRetry: false,
+                        preserveLoadedPageOnRelease: options.preserveLoadedPageOnRelease))
+            }
             self.entries.removeValue(forKey: key)
             host.close()
             Self.log.warning("OpenAI webview prepare failed")
@@ -136,26 +383,68 @@ final class OpenAIDashboardWebViewCache {
         return OpenAIDashboardWebViewLease(
             webView: webView,
             log: log,
+            setPreserveLoadedPageOnRelease: { preserveLoadedPageOnRelease in
+                releaseState.preserveLoadedPageOnRelease = preserveLoadedPageOnRelease
+            },
             release: { [weak self, weak entry] in
                 guard let self, let entry else { return }
-                entry.isBusy = false
-                entry.lastUsedAt = Date()
-                // Hide instead of close - keep WebView cached for reuse.
-                // This avoids re-downloading the ChatGPT SPA bundle on every refresh,
-                // saving significant network bandwidth. See GitHub issues #269, #251.
-                entry.host.hide()
-                self.prune(now: Date())
+                self.releaseNewEntry(
+                    entry,
+                    webView: webView,
+                    preserveLoadedPage: releaseState.preserveLoadedPageOnRelease)
             })
     }
 
     func evict(websiteDataStore: WKWebsiteDataStore) {
         let key = ObjectIdentifier(websiteDataStore)
         guard let entry = self.entries.removeValue(forKey: key) else { return }
+        entry.clearPreservedPage()
         Self.log.debug("OpenAI webview evicted")
         entry.host.close()
     }
 
+    func evictAll() {
+        let existing = self.entries
+        self.entries.removeAll()
+        for (_, entry) in existing {
+            entry.clearPreservedPage()
+            entry.host.close()
+        }
+        if !existing.isEmpty {
+            Self.log.debug("OpenAI webview evicted all")
+        }
+    }
+
+    private func prepareCachedWebViewForIdle(
+        _ webView: WKWebView,
+        host: OffscreenWebViewHost,
+        preserveLoadedPage: Bool)
+    {
+        webView.navigationDelegate = nil
+        webView.codexNavigationDelegate = nil
+        if preserveLoadedPage {
+            host.hide()
+            return
+        }
+
+        // Detach the heavyweight ChatGPT SPA as soon as a scrape completes. Keeping the WebView object around
+        // still helps with immediate reuse, but letting chatgpt.com remain the active document is too expensive.
+        webView.stopLoading()
+        webView.evaluateJavaScript(self.idlePageClearScript, completionHandler: nil)
+        _ = webView.load(URLRequest(url: self.blankURL))
+        host.hide()
+    }
+
     private func prune(now: Date) {
+        for entry in self.entries.values where !entry.isBusy && entry.hasExpiredPreservedPage(now: now) {
+            entry.clearPreservedPage()
+            self.prepareCachedWebViewForIdle(
+                entry.webView,
+                host: entry.host,
+                preserveLoadedPage: false)
+            Self.log.debug("OpenAI webview preserved page expired")
+        }
+
         let expired = self.entries.filter { _, entry in
             !entry.isBusy && now.timeIntervalSince(entry.lastUsedAt) > self.idleTimeout
         }
@@ -169,6 +458,12 @@ final class OpenAIDashboardWebViewCache {
     private func makeWebView(websiteDataStore: WKWebsiteDataStore) -> (WKWebView, OffscreenWebViewHost) {
         let config = WKWebViewConfiguration()
         config.websiteDataStore = websiteDataStore
+        let userContentController = WKUserContentController()
+        userContentController.addUserScript(WKUserScript(
+            source: self.preferredLanguageScript,
+            injectionTime: .atDocumentStart,
+            forMainFrameOnly: false))
+        config.userContentController = userContentController
         if #available(macOS 14.0, *) {
             config.preferences.inactiveSchedulingPolicy = .suspend
         }
@@ -178,7 +473,30 @@ final class OpenAIDashboardWebViewCache {
         return (webView, host)
     }
 
-    private func prepareWebView(_ webView: WKWebView, usageURL: URL, timeout: TimeInterval) async throws {
+    private func prepareWebView(
+        _ webView: WKWebView,
+        usageURL: URL,
+        timeout: TimeInterval,
+        canReuseLoadedPage: Bool) async throws
+    {
+        #if DEBUG
+        if usageURL.absoluteString == "about:blank" {
+            _ = webView.loadHTMLString("", baseURL: nil)
+            return
+        }
+        #endif
+
+        if canReuseLoadedPage,
+           let currentURL = webView.url?.absoluteString,
+           OpenAIDashboardFetcher.isUsageRoute(currentURL)
+        {
+            if await self.resetReusablePageState(webView) {
+                return
+            }
+
+            Self.log.debug("OpenAI preserved page reset failed; reloading usage URL")
+        }
+
         try await withCheckedThrowingContinuation { (cont: CheckedContinuation<Void, Error>) in
             let delegate = NavigationDelegate { result in
                 cont.resume(with: result)
@@ -186,7 +504,93 @@ final class OpenAIDashboardWebViewCache {
             webView.navigationDelegate = delegate
             webView.codexNavigationDelegate = delegate
             delegate.armTimeout(seconds: timeout)
-            _ = webView.load(URLRequest(url: usageURL))
+            _ = webView.load(OpenAIDashboardFetcher.usageURLRequest(url: usageURL))
+        }
+    }
+
+    private func acquireTemporaryWebView(
+        websiteDataStore: WKWebsiteDataStore,
+        usageURL: URL,
+        log: @escaping (String) -> Void,
+        deadline: Date) async throws -> OpenAIDashboardWebViewLease
+    {
+        let remainingTimeout = max(0.5, deadline.timeIntervalSinceNow)
+        let (webView, host) = self.makeWebView(websiteDataStore: websiteDataStore)
+        host.show()
+        do {
+            try await self.prepareWebView(
+                webView,
+                usageURL: usageURL,
+                timeout: remainingTimeout,
+                canReuseLoadedPage: false)
+        } catch {
+            host.close()
+            throw error
+        }
+        return OpenAIDashboardWebViewLease(
+            webView: webView,
+            log: log,
+            setPreserveLoadedPageOnRelease: { _ in },
+            release: { host.close() })
+    }
+
+    private static func isPrepareTimeout(_ error: Error) -> Bool {
+        let nsError = error as NSError
+        return nsError.domain == NSURLErrorDomain && nsError.code == NSURLErrorTimedOut
+    }
+
+    private func updatePreservedPageState(for entry: Entry, preserveLoadedPage: Bool) {
+        if preserveLoadedPage {
+            let expiresAt = Date().addingTimeInterval(self.preservedPageHandoffTimeout)
+            entry.armPreservedPage(until: expiresAt)
+            if let key = self.entries.first(where: { $0.value === entry })?.key {
+                self.schedulePreservedPageExpiry(for: key, entry: entry, expiresAt: expiresAt)
+            }
+        } else {
+            entry.clearPreservedPage()
+        }
+    }
+
+    private func schedulePreservedPageExpiry(
+        for key: ObjectIdentifier,
+        entry: Entry,
+        expiresAt: Date)
+    {
+        let delay = max(0, expiresAt.timeIntervalSinceNow)
+        let workItem = DispatchWorkItem { [weak self] in
+            MainActor.assumeIsolated {
+                self?.expirePreservedPageIfNeeded(for: key, expectedExpiry: expiresAt)
+            }
+        }
+        entry.setPreservedPageExpiryWorkItem(workItem)
+        DispatchQueue.main.asyncAfter(deadline: .now() + delay, execute: workItem)
+    }
+
+    private func expirePreservedPageIfNeeded(for key: ObjectIdentifier, expectedExpiry: Date) {
+        guard let entry = self.entries[key],
+              !entry.isBusy,
+              let preservedPageExpiresAt = entry.preservedPageExpiresAt,
+              preservedPageExpiresAt == expectedExpiry,
+              preservedPageExpiresAt <= Date()
+        else {
+            return
+        }
+
+        entry.clearPreservedPage()
+        self.prepareCachedWebViewForIdle(
+            entry.webView,
+            host: entry.host,
+            preserveLoadedPage: false)
+        Self.log.debug("OpenAI webview preserved page expired")
+        self.prune(now: Date())
+    }
+
+    private func resetReusablePageState(_ webView: WKWebView) async -> Bool {
+        do {
+            let any = try await webView.evaluateJavaScript(self.reusablePageResetScript)
+            return (any as? Bool) ?? true
+        } catch {
+            return false
         }
     }
 }
diff --git a/Sources/CodexBarCore/PathEnvironment.swift b/Sources/CodexBarCore/PathEnvironment.swift
index ece93eda2..05f99cb46 100644
--- a/Sources/CodexBarCore/PathEnvironment.swift
+++ b/Sources/CodexBarCore/PathEnvironment.swift
@@ -1,4 +1,9 @@
 import Foundation
+#if canImport(Darwin)
+import Darwin
+#else
+import Glibc
+#endif
 
 public enum PathPurpose: Hashable, Sendable {
     case rpc
@@ -52,16 +57,33 @@ public enum BinaryLocator {
             loginPATH: loginPATH,
             commandV: commandV,
             aliasResolver: aliasResolver,
+            wellKnownPaths: self.claudeWellKnownPaths(home: home),
             fileManager: fileManager,
             home: home)
     }
 
+    /// Well-known installation paths for the Claude CLI binary.
+    /// Covers Anthropic's native installer (`~/.local/bin`), the `claude migrate-installer`
+    /// self-updating location (`~/.claude/local`), the legacy per-user installer
+    /// (`~/.claude/bin`), Homebrew, and the macOS Terminal installer (cmux.app).
+    static func claudeWellKnownPaths(home: String) -> [String] {
+        [
+            "\(home)/.local/bin/claude",
+            "\(home)/.claude/local/claude",
+            "\(home)/.claude/bin/claude",
+            "/opt/homebrew/bin/claude",
+            "/usr/local/bin/claude",
+            "/Applications/cmux.app/Contents/Resources/bin/claude",
+        ]
+    }
+
     public static func resolveCodexBinary(
         env: [String: String] = ProcessInfo.processInfo.environment,
         loginPATH: [String]? = LoginShellPathCache.shared.current,
         commandV: (String, String?, TimeInterval, FileManager) -> String? = ShellCommandLocator.commandV,
         aliasResolver: (String, String?, TimeInterval, FileManager, String) -> String? = ShellCommandLocator
             .resolveAlias,
+        launchCandidateFilter: (String, FileManager) -> Bool = CodexLaunchPreflight.isLaunchCandidateAllowed,
         fileManager: FileManager = .default,
         home: String = NSHomeDirectory()) -> String?
     {
@@ -72,10 +94,25 @@ public enum BinaryLocator {
             loginPATH: loginPATH,
             commandV: commandV,
             aliasResolver: aliasResolver,
+            wellKnownPaths: self.codexWellKnownPaths(home: home),
+            launchCandidateFilter: launchCandidateFilter,
             fileManager: fileManager,
             home: home)
     }
 
+    /// Well-known installation paths for the signed Codex desktop app CLI.
+    /// Keep these after PATH lookups, but use them as a safe fallback when a PATH shim is blocked.
+    static func codexWellKnownPaths(home: String) -> [String] {
+        #if os(macOS)
+        [
+            "\(home)/Applications/Codex.app/Contents/Resources/codex",
+            "/Applications/Codex.app/Contents/Resources/codex",
+        ]
+        #else
+        []
+        #endif
+    }
+
     public static func resolveGeminiBinary(
         env: [String: String] = ProcessInfo.processInfo.environment,
         loginPATH: [String]? = LoginShellPathCache.shared.current,
@@ -96,6 +133,70 @@ public enum BinaryLocator {
             home: home)
     }
 
+    public static func resolveGrokBinary(
+        env: [String: String] = ProcessInfo.processInfo.environment,
+        loginPATH: [String]? = LoginShellPathCache.shared.current,
+        commandV: (String, String?, TimeInterval, FileManager) -> String? = ShellCommandLocator.commandV,
+        aliasResolver: (String, String?, TimeInterval, FileManager, String) -> String? = ShellCommandLocator
+            .resolveAlias,
+        fileManager: FileManager = .default,
+        home: String = NSHomeDirectory()) -> String?
+    {
+        self.resolveBinary(
+            name: "grok",
+            overrideKey: "GROK_CLI_PATH",
+            env: env,
+            loginPATH: loginPATH,
+            commandV: commandV,
+            aliasResolver: aliasResolver,
+            wellKnownPaths: self.grokWellKnownPaths(home: home),
+            fileManager: fileManager,
+            home: home)
+    }
+
+    /// Well-known install locations for the Grok Build CLI binary.
+    /// Covers the installer's default (`~/.grok/bin/grok`) and the symlinks it sometimes
+    /// creates into `~/.local/bin` and `/usr/local/bin`.
+    static func grokWellKnownPaths(home: String) -> [String] {
+        [
+            "\(home)/.grok/bin/grok",
+            "\(home)/.local/bin/grok",
+            "/usr/local/bin/grok",
+            "/opt/homebrew/bin/grok",
+        ]
+    }
+
+    public static func resolveAWSBinary(
+        env: [String: String] = ProcessInfo.processInfo.environment,
+        loginPATH: [String]? = LoginShellPathCache.shared.current,
+        commandV: (String, String?, TimeInterval, FileManager) -> String? = ShellCommandLocator.commandV,
+        aliasResolver: (String, String?, TimeInterval, FileManager, String) -> String? = ShellCommandLocator
+            .resolveAlias,
+        fileManager: FileManager = .default,
+        home: String = NSHomeDirectory()) -> String?
+    {
+        self.resolveBinary(
+            name: "aws",
+            overrideKey: "AWS_CLI_PATH",
+            env: env,
+            loginPATH: loginPATH,
+            commandV: commandV,
+            aliasResolver: aliasResolver,
+            wellKnownPaths: self.awsWellKnownPaths(home: home),
+            fileManager: fileManager,
+            home: home)
+    }
+
+    /// Well-known install locations for the AWS CLI v2 (`aws`).
+    /// Covers Homebrew (Apple Silicon + Intel) and the per-user pip/uv install path.
+    static func awsWellKnownPaths(home: String) -> [String] {
+        [
+            "/opt/homebrew/bin/aws",
+            "/usr/local/bin/aws",
+            "\(home)/.local/bin/aws",
+        ]
+    }
+
     public static func resolveAuggieBinary(
         env: [String: String] = ProcessInfo.processInfo.environment,
         loginPATH: [String]? = LoginShellPathCache.shared.current,
@@ -124,6 +225,8 @@ public enum BinaryLocator {
         loginPATH: [String]?,
         commandV: (String, String?, TimeInterval, FileManager) -> String?,
         aliasResolver: (String, String?, TimeInterval, FileManager, String) -> String?,
+        wellKnownPaths: [String] = [],
+        launchCandidateFilter: (String, FileManager) -> Bool = { _, _ in true },
         fileManager: FileManager,
         home: String) -> String?
     {
@@ -135,7 +238,11 @@ public enum BinaryLocator {
 
         // 2) Login-shell PATH (captured once per launch)
         if let loginPATH,
-           let pathHit = self.find(name, in: loginPATH, fileManager: fileManager)
+           let pathHit = self.find(
+               name,
+               in: loginPATH,
+               fileManager: fileManager,
+               launchCandidateFilter: launchCandidateFilter)
         {
             return pathHit
         }
@@ -145,38 +252,59 @@ public enum BinaryLocator {
            let pathHit = self.find(
                name,
                in: existingPATH.split(separator: ":").map(String.init),
-               fileManager: fileManager)
+               fileManager: fileManager,
+               launchCandidateFilter: launchCandidateFilter)
         {
             return pathHit
         }
 
-        // 4) Interactive login shell lookup (captures nvm/fnm/mise paths from .zshrc/.bashrc)
+        // 4) Well-known installation paths (e.g. Homebrew, cmux.app bundle, ~/.claude/bin).
+        // Prefer these before shell probing to avoid running interactive shell init for common installs.
+        for candidate in wellKnownPaths
+            where fileManager.isExecutableFile(atPath: candidate) && launchCandidateFilter(candidate, fileManager)
+        {
+            return candidate
+        }
+
+        // 5) Interactive login shell lookup (captures nvm/fnm/mise paths from .zshrc/.bashrc)
         if let shellHit = commandV(name, env["SHELL"], 2.0, fileManager),
-           fileManager.isExecutableFile(atPath: shellHit)
+           fileManager.isExecutableFile(atPath: shellHit),
+           launchCandidateFilter(shellHit, fileManager)
         {
             return shellHit
         }
 
-        // 4b) Alias fallback (login shell); only attempt after all standard lookups fail.
+        // 5b) Alias fallback (login shell); only attempt after all standard lookups fail.
         if let aliasHit = aliasResolver(name, env["SHELL"], 2.0, fileManager, home),
-           fileManager.isExecutableFile(atPath: aliasHit)
+           fileManager.isExecutableFile(atPath: aliasHit),
+           launchCandidateFilter(aliasHit, fileManager)
         {
             return aliasHit
         }
 
-        // 5) Minimal fallback
+        // 6) Minimal fallback
         let fallback = ["/usr/bin", "/bin", "/usr/sbin", "/sbin"]
-        if let pathHit = self.find(name, in: fallback, fileManager: fileManager) {
+        if let pathHit = self.find(
+            name,
+            in: fallback,
+            fileManager: fileManager,
+            launchCandidateFilter: launchCandidateFilter)
+        {
             return pathHit
         }
 
         return nil
     }
 
-    private static func find(_ binary: String, in paths: [String], fileManager: FileManager) -> String? {
+    private static func find(
+        _ binary: String,
+        in paths: [String],
+        fileManager: FileManager,
+        launchCandidateFilter: (String, FileManager) -> Bool = { _, _ in true }) -> String?
+    {
         for path in paths where !path.isEmpty {
             let candidate = "\(path.hasSuffix("/") ? String(path.dropLast()) : path)/\(binary)"
-            if fileManager.isExecutableFile(atPath: candidate) {
+            if fileManager.isExecutableFile(atPath: candidate), launchCandidateFilter(candidate, fileManager) {
                 return candidate
             }
         }
@@ -184,7 +312,188 @@ public enum BinaryLocator {
     }
 }
 
+public enum CodexLaunchPreflight {
+    public static func isLaunchCandidateAllowed(path: String, fileManager: FileManager = .default) -> Bool {
+        #if os(macOS)
+        self.isLaunchCandidateAllowed(
+            path: path,
+            fileManager: fileManager,
+            hasExtendedAttribute: self.hasExtendedAttribute,
+            spctlAssessment: { self.spctlAssessment(path: $0) },
+            isMachOExecutable: self.isMachOExecutable)
+        #else
+        _ = path
+        _ = fileManager
+        return true
+        #endif
+    }
+
+    #if os(macOS)
+    static func isLaunchCandidateAllowed(
+        path: String,
+        fileManager: FileManager,
+        hasExtendedAttribute: (String, String) -> Bool,
+        spctlAssessment: (String) -> String?,
+        isMachOExecutable: (String) -> Bool) -> Bool
+    {
+        let realPath = URL(fileURLWithPath: path).resolvingSymlinksInPath().path
+        let pathsToCheck = [path, realPath] + self.nativeCodexExecutableCandidates(
+            for: realPath,
+            fileManager: fileManager)
+
+        for candidate in Set(pathsToCheck) where hasExtendedAttribute(candidate, "com.apple.malware") {
+            return false
+        }
+
+        let hasQuarantine = Set(pathsToCheck).contains { hasExtendedAttribute($0, "com.apple.quarantine") }
+        guard let native = pathsToCheck.first(where: isMachOExecutable) else {
+            return !hasQuarantine
+        }
+
+        guard let assessment = spctlAssessment(native)
+        else {
+            return !hasQuarantine
+        }
+
+        return !self.isExplicitlyBlockedAssessment(assessment, path: native)
+    }
+
+    private static func nativeCodexExecutableCandidates(for path: String, fileManager: FileManager) -> [String] {
+        let url = URL(fileURLWithPath: path)
+        guard url.lastPathComponent == "codex.js" else { return [] }
+
+        let packageRoot = url.deletingLastPathComponent().deletingLastPathComponent()
+        return self.npmNativeCodexCandidates(packageRoot: packageRoot)
+            .map(\.path)
+            .filter { fileManager.isExecutableFile(atPath: $0) }
+    }
+
+    private static func npmNativeCodexCandidates(packageRoot: URL) -> [URL] {
+        guard let target = self.darwinCodexTarget else { return [] }
+        let optionalPackage = packageRoot
+            .appendingPathComponent("node_modules")
+            .appendingPathComponent("@openai")
+            .appendingPathComponent(target.packageName)
+
+        return [
+            optionalPackage,
+            packageRoot,
+        ].map {
+            $0.appendingPathComponent("vendor")
+                .appendingPathComponent(target.triple)
+                .appendingPathComponent("codex")
+                .appendingPathComponent("codex")
+        }
+    }
+
+    private static var darwinCodexTarget: (packageName: String, triple: String)? {
+        #if arch(arm64)
+        ("codex-darwin-arm64", "aarch64-apple-darwin")
+        #elseif arch(x86_64)
+        ("codex-darwin-x64", "x86_64-apple-darwin")
+        #else
+        nil
+        #endif
+    }
+
+    private static func hasExtendedAttribute(path: String, name: String) -> Bool {
+        path.withCString { pathPointer in
+            name.withCString { namePointer in
+                getxattr(pathPointer, namePointer, nil, 0, 0, 0) >= 0
+            }
+        }
+    }
+
+    private static func isMachOExecutable(path: String) -> Bool {
+        guard let handle = try? FileHandle(forReadingFrom: URL(fileURLWithPath: path)) else { return false }
+        defer { try? handle.close() }
+
+        guard let data = try? handle.read(upToCount: 4), data.count == 4 else { return false }
+        let bytes = [UInt8](data)
+        return bytes == [0xFE, 0xED, 0xFA, 0xCE] ||
+            bytes == [0xCE, 0xFA, 0xED, 0xFE] ||
+            bytes == [0xFE, 0xED, 0xFA, 0xCF] ||
+            bytes == [0xCF, 0xFA, 0xED, 0xFE] ||
+            bytes == [0xCA, 0xFE, 0xBA, 0xBE] ||
+            bytes == [0xCA, 0xFE, 0xBA, 0xBF]
+    }
+
+    private static func spctlAssessment(path: String, timeout: TimeInterval = 2.0) -> String? {
+        let spctlPath = "/usr/sbin/spctl"
+        guard FileManager.default.isExecutableFile(atPath: spctlPath) else { return nil }
+
+        let process = Process()
+        process.executableURL = URL(fileURLWithPath: spctlPath)
+        process.arguments = ["--assess", "--type", "execute", "--verbose=4", path]
+
+        let output = Pipe()
+        process.standardOutput = output
+        process.standardError = output
+
+        let finished = DispatchSemaphore(value: 0)
+        process.terminationHandler = { _ in finished.signal() }
+
+        do {
+            try process.run()
+        } catch {
+            return nil
+        }
+
+        if finished.wait(timeout: .now() + timeout) != .success {
+            process.terminate()
+            return nil
+        }
+
+        let data = output.fileHandleForReading.readDataToEndOfFile()
+        return String(data: data, encoding: .utf8)
+    }
+
+    private static func isExplicitlyBlockedAssessment(_ assessment: String, path: String) -> Bool {
+        let lower = self.assessmentDiagnosticText(assessment, path: path).lowercased()
+        if lower.contains("denied") ||
+            lower.contains("cssmerr_tp_cert_revoked") ||
+            lower.contains("revoked") ||
+            lower.contains("malware") ||
+            lower.contains("quarantine")
+        {
+            return true
+        }
+        if lower.contains("rejected") {
+            return !lower.contains("code is valid but does not seem to be an app")
+        }
+        return false
+    }
+
+    private static func assessmentDiagnosticText(_ assessment: String, path: String) -> String {
+        assessment
+            .split(whereSeparator: \.isNewline)
+            .enumerated()
+            .compactMap { offset, line -> String? in
+                var text = line.trimmingCharacters(in: .whitespacesAndNewlines)
+                if offset == 0, text.hasPrefix("\(path):") {
+                    text = String(text.dropFirst(path.count + 1))
+                        .trimmingCharacters(in: .whitespacesAndNewlines)
+                }
+                let lower = text.lowercased()
+                guard !lower.hasPrefix("source="), !lower.hasPrefix("origin=") else {
+                    return nil
+                }
+                return text
+            }
+            .joined(separator: "\n")
+    }
+    #endif
+}
+
 public enum ShellCommandLocator {
+    static func test_runShellCommand(
+        shell: String,
+        arguments: [String],
+        timeout: TimeInterval) -> Data?
+    {
+        self.runShellCommand(shell: shell, arguments: arguments, timeout: timeout)
+    }
+
     public static func commandV(
         _ tool: String,
         _ shell: String?,
@@ -232,34 +541,242 @@ public enum ShellCommandLocator {
         return nil
     }
 
-    private static func runShellCapture(_ shell: String?, _ timeout: TimeInterval, _ command: String) -> String? {
-        let shellPath = (shell?.isEmpty == false) ? shell! : "/bin/zsh"
-        let isCI = ["1", "true"].contains(ProcessInfo.processInfo.environment["CI"]?.lowercased())
-        let process = Process()
-        process.executableURL = URL(fileURLWithPath: shellPath)
-        // Interactive login shell to pick up PATH mutations from shell init (nvm/fnm/mise).
-        // CI runners can have shell init hooks that emit missing CLI errors; avoid them in CI.
-        process.arguments = isCI ? ["-c", command] : ["-l", "-i", "-c", command]
-        let stdout = Pipe()
-        process.standardOutput = stdout
-        process.standardError = Pipe()
-        do {
-            try process.run()
-        } catch {
+    /// Thread-safe buffer for collecting pipe output from a readability handler.
+    private final class CapturedData: @unchecked Sendable {
+        private let lock = NSLock()
+        private var data = Data()
+
+        func append(_ other: Data) {
+            self.lock.lock()
+            self.data.append(other)
+            self.lock.unlock()
+        }
+
+        func drain() -> Data {
+            self.lock.lock()
+            let result = self.data
+            self.lock.unlock()
+            return result
+        }
+    }
+
+    /// Idempotent one-shot flag — `fire()` returns true exactly once.
+    /// Used to make `DispatchGroup.leave()` safe to attempt from multiple paths.
+    private final class OnceFlag: @unchecked Sendable {
+        private let lock = NSLock()
+        private var fired = false
+
+        func fire() -> Bool {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            if self.fired { return false }
+            self.fired = true
+            return true
+        }
+    }
+
+    // swiftlint:disable cyclomatic_complexity
+    /// Runs a shell command, draining both stdout and stderr concurrently so that
+    /// verbose shell init scripts (oh-my-zsh, nvm, pyenv, etc.) cannot deadlock on
+    /// a full pipe buffer.  The child is launched via `posix_spawn` with
+    /// `POSIX_SPAWN_SETPGROUP` so it becomes its own process-group leader *before*
+    /// `exec`, which guarantees that subsequent `kill(-pgid, ...)` calls reach any
+    /// background helpers spawned by shell init, on both the timeout-kill path and
+    /// after normal completion.
+    fileprivate static func runShellCommand(
+        shell: String,
+        arguments: [String],
+        timeout: TimeInterval) -> Data?
+    {
+        // Pipes for stdout/stderr.  stdin is redirected from /dev/null in the child
+        // via posix_spawn_file_actions_addopen below.
+        var stdoutFds: (read: Int32, write: Int32) = (-1, -1)
+        var stderrFds: (read: Int32, write: Int32) = (-1, -1)
+        guard withUnsafeMutablePointer(to: &stdoutFds, {
+            $0.withMemoryRebound(to: Int32.self, capacity: 2) { pipe($0) == 0 }
+        }) else { return nil }
+        guard withUnsafeMutablePointer(to: &stderrFds, {
+            $0.withMemoryRebound(to: Int32.self, capacity: 2) { pipe($0) == 0 }
+        }) else {
+            close(stdoutFds.read); close(stdoutFds.write)
             return nil
         }
 
-        let deadline = Date().addingTimeInterval(timeout)
-        while process.isRunning, Date() < deadline {
-            Thread.sleep(forTimeInterval: 0.05)
+        // Build file actions: redirect stdin from /dev/null, dup pipe write ends to
+        // fds 1 and 2, and close every pipe fd in the child.  The init pattern
+        // differs between platforms because the typedef is an opaque pointer on
+        // Darwin and a struct on Glibc.
+        #if canImport(Darwin)
+        var fileActions: posix_spawn_file_actions_t?
+        #else
+        var fileActions = posix_spawn_file_actions_t()
+        #endif
+        guard posix_spawn_file_actions_init(&fileActions) == 0 else {
+            close(stdoutFds.read); close(stdoutFds.write)
+            close(stderrFds.read); close(stderrFds.write)
+            return nil
+        }
+        defer { posix_spawn_file_actions_destroy(&fileActions) }
+        posix_spawn_file_actions_addopen(&fileActions, 0, "/dev/null", O_RDONLY, 0)
+        posix_spawn_file_actions_adddup2(&fileActions, stdoutFds.write, 1)
+        posix_spawn_file_actions_adddup2(&fileActions, stderrFds.write, 2)
+        posix_spawn_file_actions_addclose(&fileActions, stdoutFds.read)
+        posix_spawn_file_actions_addclose(&fileActions, stdoutFds.write)
+        posix_spawn_file_actions_addclose(&fileActions, stderrFds.read)
+        posix_spawn_file_actions_addclose(&fileActions, stderrFds.write)
+
+        // Build attributes: set the child's process group to itself in the child,
+        // before exec, eliminating the race that an after-launch setpgid(2) has.
+        #if canImport(Darwin)
+        var attr: posix_spawnattr_t?
+        #else
+        var attr = posix_spawnattr_t()
+        #endif
+        guard posix_spawnattr_init(&attr) == 0 else {
+            close(stdoutFds.read); close(stdoutFds.write)
+            close(stderrFds.read); close(stderrFds.write)
+            return nil
+        }
+        defer { posix_spawnattr_destroy(&attr) }
+        posix_spawnattr_setflags(&attr, Int16(POSIX_SPAWN_SETPGROUP))
+        posix_spawnattr_setpgroup(&attr, 0) // 0 = child becomes its own pgid leader
+
+        // Build argv (argv[0] is conventionally the executable path).
+        var cArgs: [UnsafeMutablePointer<CChar>?] = []
+        cArgs.append(strdup(shell))
+        for arg in arguments {
+            cArgs.append(strdup(arg))
+        }
+        cArgs.append(nil)
+        defer {
+            for p in cArgs {
+                if let p {
+                    free(p)
+                }
+            }
         }
 
-        if process.isRunning {
-            process.terminate()
+        // Inherit the parent environment.  Build a NULL-terminated `KEY=VALUE`
+        // array since `extern char **environ` isn't directly visible from Swift.
+        var cEnv: [UnsafeMutablePointer<CChar>?] = []
+        for (key, value) in ProcessInfo.processInfo.environment {
+            cEnv.append(strdup("\(key)=\(value)"))
+        }
+        cEnv.append(nil)
+        defer {
+            for p in cEnv {
+                if let p {
+                    free(p)
+                }
+            }
+        }
+
+        var pid: pid_t = 0
+        let spawnResult = shell.withCString { execPath in
+            posix_spawn(&pid, execPath, &fileActions, &attr, cArgs, cEnv)
+        }
+
+        // Close the write ends in the parent so EOF will arrive on the read ends
+        // once every descendant in the process group also closes them.
+        close(stdoutFds.write)
+        close(stderrFds.write)
+
+        guard spawnResult == 0 else {
+            close(stdoutFds.read); close(stderrFds.read)
+            return nil
+        }
+
+        // POSIX_SPAWN_SETPGROUP with pgroup=0 guarantees the child's pgid == its pid.
+        let pgid: pid_t = pid
+
+        // Track EOF on each pipe so we can wait for full drain instead of sleeping.
+        // The readability handler fires with empty data when every writer end is
+        // closed (i.e. the child *and* any inheriting background helpers are gone).
+        let drainGroup = DispatchGroup()
+        drainGroup.enter()
+        drainGroup.enter()
+        let stdoutDone = OnceFlag()
+        let stderrDone = OnceFlag()
+
+        let stdoutCollector = CapturedData()
+        let stdoutHandle = FileHandle(fileDescriptor: stdoutFds.read, closeOnDealloc: true)
+        stdoutHandle.readabilityHandler = { handle in
+            let data = handle.availableData
+            if data.isEmpty {
+                handle.readabilityHandler = nil
+                if stdoutDone.fire() { drainGroup.leave() }
+            } else {
+                stdoutCollector.append(data)
+            }
+        }
+
+        let stderrHandle = FileHandle(fileDescriptor: stderrFds.read, closeOnDealloc: true)
+        stderrHandle.readabilityHandler = { handle in
+            let data = handle.availableData
+            if data.isEmpty {
+                handle.readabilityHandler = nil
+                if stderrDone.fire() { drainGroup.leave() }
+            }
+        }
+
+        // Reap the child on a background queue and signal a semaphore on exit.
+        let exitSemaphore = DispatchSemaphore(value: 0)
+        let waitPid = pid
+        DispatchQueue.global(qos: .userInitiated).async {
+            var status: Int32 = 0
+            while waitpid(waitPid, &status, 0) == -1, errno == EINTR {
+                // retry
+            }
+            exitSemaphore.signal()
+        }
+
+        let finishedInTime = exitSemaphore.wait(timeout: .now() + timeout) == .success
+
+        if !finishedInTime {
+            kill(-pgid, SIGTERM)
+            kill(pid, SIGTERM)
+            if exitSemaphore.wait(timeout: .now() + 0.4) != .success {
+                kill(-pgid, SIGKILL)
+                kill(pid, SIGKILL)
+                _ = exitSemaphore.wait(timeout: .now() + 1.0)
+            }
+            stdoutHandle.readabilityHandler = nil
+            stderrHandle.readabilityHandler = nil
+            if stdoutDone.fire() { drainGroup.leave() }
+            if stderrDone.fire() { drainGroup.leave() }
             return nil
         }
 
-        let data = stdout.fileHandleForReading.readDataToEndOfFile()
+        // Normal completion — clean up any background children spawned by shell init.
+        // Without this, helpers that inherited stdout/stderr keep the pipe write ends
+        // open and we never see EOF on the read ends.
+        kill(-pgid, SIGTERM)
+
+        // Wait for both pipes to deliver EOF so no buffered bytes are lost.
+        // Bounded so a stuck handler can't hang the caller indefinitely.
+        if drainGroup.wait(timeout: .now() + 0.4) != .success {
+            kill(-pgid, SIGKILL)
+        }
+        if drainGroup.wait(timeout: .now() + 0.6) != .success {
+            stdoutHandle.readabilityHandler = nil
+            stderrHandle.readabilityHandler = nil
+            if stdoutDone.fire() { drainGroup.leave() }
+            if stderrDone.fire() { drainGroup.leave() }
+        }
+        return stdoutCollector.drain()
+    }
+
+    // swiftlint:enable cyclomatic_complexity
+
+    private static func runShellCapture(_ shell: String?, _ timeout: TimeInterval, _ command: String) -> String? {
+        let shellPath = (shell?.isEmpty == false) ? shell! : "/bin/zsh"
+        let isCI = ["1", "true"].contains(ProcessInfo.processInfo.environment["CI"]?.lowercased())
+        // Interactive login shell to pick up PATH mutations from shell init (nvm/fnm/mise).
+        // CI runners can have shell init hooks that emit missing CLI errors; avoid them in CI.
+        let args = isCI ? ["-c", command] : ["-l", "-i", "-c", command]
+        guard let data = runShellCommand(shell: shellPath, arguments: args, timeout: timeout) else {
+            return nil
+        }
         return String(data: data, encoding: .utf8)
     }
 
@@ -395,34 +912,17 @@ enum LoginShellPathCapturer {
         let shellPath = (shell?.isEmpty == false) ? shell! : "/bin/zsh"
         let isCI = ["1", "true"].contains(ProcessInfo.processInfo.environment["CI"]?.lowercased())
         let marker = "__CODEXBAR_PATH__"
-        let process = Process()
-        process.executableURL = URL(fileURLWithPath: shellPath)
         // Skip interactive login shells in CI to avoid noisy init hooks.
-        process.arguments = isCI
+        let args = isCI
             ? ["-c", "printf '\(marker)%s\(marker)' \"$PATH\""]
             : ["-l", "-i", "-c", "printf '\(marker)%s\(marker)' \"$PATH\""]
-        let stdout = Pipe()
-        process.standardOutput = stdout
-        process.standardError = Pipe()
-        do {
-            try process.run()
-        } catch {
-            return nil
-        }
-
-        let deadline = Date().addingTimeInterval(timeout)
-        while process.isRunning, Date() < deadline {
-            Thread.sleep(forTimeInterval: 0.05)
-        }
-
-        if process.isRunning {
-            process.terminate()
-            return nil
-        }
-
-        let data = stdout.fileHandleForReading.readDataToEndOfFile()
-        guard let raw = String(data: data, encoding: .utf8),
-              !raw.isEmpty else { return nil }
+        guard let data = ShellCommandLocator.runShellCommand(
+            shell: shellPath,
+            arguments: args,
+            timeout: timeout),
+            let raw = String(data: data, encoding: .utf8),
+            !raw.isEmpty
+        else { return nil }
 
         let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
         let extracted = if let start = trimmed.range(of: marker),
diff --git a/Sources/CodexBarCore/PiSessionCostCache.swift b/Sources/CodexBarCore/PiSessionCostCache.swift
new file mode 100644
index 000000000..a5946c2ef
--- /dev/null
+++ b/Sources/CodexBarCore/PiSessionCostCache.swift
@@ -0,0 +1,91 @@
+import Foundation
+
+enum PiSessionCostCacheIO {
+    private static let artifactVersion = 2
+
+    private static func defaultCacheRoot() -> URL {
+        let root = FileManager.default.urls(for: .cachesDirectory, in: .userDomainMask).first!
+        return root.appendingPathComponent("CodexBar", isDirectory: true)
+    }
+
+    static func cacheFileURL(cacheRoot: URL? = nil) -> URL {
+        let root = cacheRoot ?? self.defaultCacheRoot()
+        return root
+            .appendingPathComponent("cost-usage", isDirectory: true)
+            .appendingPathComponent("pi-sessions-v\(Self.artifactVersion).json", isDirectory: false)
+    }
+
+    static func load(cacheRoot: URL? = nil) -> PiSessionCostCache {
+        let url = self.cacheFileURL(cacheRoot: cacheRoot)
+        guard let data = try? Data(contentsOf: url),
+              let decoded = try? JSONDecoder().decode(PiSessionCostCache.self, from: data),
+              decoded.version == Self.artifactVersion
+        else {
+            return PiSessionCostCache(version: Self.artifactVersion)
+        }
+        return decoded
+    }
+
+    static func save(cache: PiSessionCostCache, cacheRoot: URL? = nil) {
+        let url = self.cacheFileURL(cacheRoot: cacheRoot)
+        let dir = url.deletingLastPathComponent()
+        try? FileManager.default.createDirectory(at: dir, withIntermediateDirectories: true)
+
+        let tmp = dir.appendingPathComponent(".tmp-\(UUID().uuidString).json", isDirectory: false)
+        let data = (try? JSONEncoder().encode(cache)) ?? Data()
+        do {
+            try data.write(to: tmp, options: [.atomic])
+            _ = try FileManager.default.replaceItemAt(url, withItemAt: tmp)
+        } catch {
+            try? FileManager.default.removeItem(at: tmp)
+        }
+    }
+}
+
+struct PiSessionCostCache: Codable {
+    var version: Int
+    var lastScanUnixMs: Int64 = 0
+    var scanSinceKey: String?
+    var scanUntilKey: String?
+    var daysByProvider: [String: [String: [String: PiPackedUsage]]] = [:]
+    var files: [String: PiSessionFileUsage] = [:]
+
+    init(version: Int = 2) {
+        self.version = version
+    }
+}
+
+struct PiSessionFileUsage: Codable {
+    var mtimeUnixMs: Int64
+    var size: Int64
+    var parsedBytes: Int64
+    var lastModelContext: PiModelContext?
+    var contributions: [String: [String: [String: PiPackedUsage]]]
+}
+
+struct PiModelContext: Codable, Equatable {
+    var providerRawValue: String
+    var modelName: String
+}
+
+struct PiPackedUsage: Codable, Equatable {
+    var inputTokens: Int = 0
+    var cacheReadTokens: Int = 0
+    var cacheWriteTokens: Int = 0
+    var outputTokens: Int = 0
+    var totalTokens: Int = 0
+    var costNanos: Int64 = 0
+    var costSampleCount: Int = 0
+    var usageSampleCount: Int?
+
+    var isZero: Bool {
+        self.inputTokens == 0
+            && self.cacheReadTokens == 0
+            && self.cacheWriteTokens == 0
+            && self.outputTokens == 0
+            && self.totalTokens == 0
+            && self.costNanos == 0
+            && self.costSampleCount == 0
+            && (self.usageSampleCount ?? 0) == 0
+    }
+}
diff --git a/Sources/CodexBarCore/PiSessionCostScanner.swift b/Sources/CodexBarCore/PiSessionCostScanner.swift
new file mode 100644
index 000000000..d6d9f1e84
--- /dev/null
+++ b/Sources/CodexBarCore/PiSessionCostScanner.swift
@@ -0,0 +1,854 @@
+import Foundation
+
+enum PiSessionCostScanner {
+    struct Options {
+        var piSessionsRoot: URL?
+        var cacheRoot: URL?
+        var refreshMinIntervalSeconds: TimeInterval = 60
+        var forceRescan: Bool = false
+
+        init(
+            piSessionsRoot: URL? = nil,
+            cacheRoot: URL? = nil,
+            refreshMinIntervalSeconds: TimeInterval = 60,
+            forceRescan: Bool = false)
+        {
+            self.piSessionsRoot = piSessionsRoot
+            self.cacheRoot = cacheRoot
+            self.refreshMinIntervalSeconds = refreshMinIntervalSeconds
+            self.forceRescan = forceRescan
+        }
+    }
+
+    private struct ParseResult {
+        let contributions: [String: [String: [String: PiPackedUsage]]]
+        let parsedBytes: Int64
+        let lastModelContext: PiModelContext?
+    }
+
+    private struct AssistantIdentity {
+        let provider: UsageProvider
+        let modelName: String
+    }
+
+    private struct ModelsDevPricingContext {
+        let catalog: ModelsDevCatalog?
+        let cacheRoot: URL?
+    }
+
+    private struct ScanContext {
+        let range: CostUsageScanner.CostUsageDayRange
+        let forceRescan: Bool
+        let pricingContext: ModelsDevPricingContext
+        let checkCancellation: CostUsageScanner.CancellationCheck?
+    }
+
+    private static let costScale = 1_000_000_000.0
+    private static let maxLineBytes = 16 * 1024 * 1024
+    private static let maxSafeRoundedInt = Double(Int.max) - 1
+
+    static func loadDailyReport(
+        provider: UsageProvider,
+        since: Date,
+        until: Date,
+        now: Date = Date(),
+        options: Options = Options()) -> CostUsageDailyReport
+    {
+        (
+            try? self.loadDailyReportCancellable(
+                provider: provider,
+                since: since,
+                until: until,
+                now: now,
+                options: options,
+                checkCancellation: nil)) ?? CostUsageDailyReport(data: [], summary: nil)
+    }
+
+    static func loadDailyReportCancellable(
+        provider: UsageProvider,
+        since: Date,
+        until: Date,
+        now: Date = Date(),
+        options: Options = Options(),
+        checkCancellation: CostUsageScanner.CancellationCheck?) throws -> CostUsageDailyReport
+    {
+        guard provider == .codex || provider == .claude else {
+            return CostUsageDailyReport(data: [], summary: nil)
+        }
+
+        let range = CostUsageScanner.CostUsageDayRange(since: since, until: until)
+        var cache = PiSessionCostCacheIO.load(cacheRoot: options.cacheRoot)
+        let nowMs = Int64(now.timeIntervalSince1970 * 1000)
+        let refreshMs = Int64(max(0, options.refreshMinIntervalSeconds) * 1000)
+        let pricingContext = ModelsDevPricingContext(
+            catalog: CostUsagePricing.modelsDevCatalog(now: now, cacheRoot: options.cacheRoot),
+            cacheRoot: options.cacheRoot)
+        let windowExpanded = self.requestedWindowExpandsCache(range: range, cache: cache)
+        let shouldRefresh = options.forceRescan
+            || windowExpanded
+            || refreshMs == 0
+            || cache.lastScanUnixMs == 0
+            || nowMs - cache.lastScanUnixMs > refreshMs
+
+        if shouldRefresh {
+            try checkCancellation?()
+            let root = self.defaultPiSessionsRoot(options: options)
+            let startCutoff = self.dateFromDayKey(range.scanSinceKey) ?? since
+            let files = self.listPiSessionFiles(root: root, startCutoffLocal: startCutoff)
+            let filePathsInScan = Set(files.map(\.path))
+
+            for fileURL in files {
+                try self.scanPiSessionFile(
+                    fileURL: fileURL,
+                    cache: &cache,
+                    context: ScanContext(
+                        range: range,
+                        forceRescan: options.forceRescan || windowExpanded,
+                        pricingContext: pricingContext,
+                        checkCancellation: checkCancellation))
+            }
+            try checkCancellation?()
+
+            for key in cache.files.keys where !filePathsInScan.contains(key) {
+                if let old = cache.files[key] {
+                    self.applyContributions(
+                        daysByProvider: &cache.daysByProvider,
+                        contributions: old.contributions,
+                        sign: -1)
+                }
+                cache.files.removeValue(forKey: key)
+            }
+
+            cache.scanSinceKey = range.scanSinceKey
+            cache.scanUntilKey = range.scanUntilKey
+            cache.lastScanUnixMs = nowMs
+            try checkCancellation?()
+            PiSessionCostCacheIO.save(cache: cache, cacheRoot: options.cacheRoot)
+        }
+
+        return self.buildReport(
+            provider: provider,
+            cache: cache,
+            range: range,
+            pricingContext: pricingContext)
+    }
+
+    private static func requestedWindowExpandsCache(
+        range: CostUsageScanner.CostUsageDayRange,
+        cache: PiSessionCostCache) -> Bool
+    {
+        guard let cachedSince = cache.scanSinceKey,
+              let cachedUntil = cache.scanUntilKey
+        else {
+            return true
+        }
+
+        if range.scanSinceKey < cachedSince {
+            return true
+        }
+        if range.scanUntilKey > cachedUntil {
+            return true
+        }
+        return false
+    }
+
+    private static func defaultPiSessionsRoot(options: Options) -> URL {
+        if let override = options.piSessionsRoot { return override }
+        return FileManager.default.homeDirectoryForCurrentUser
+            .appendingPathComponent(".pi", isDirectory: true)
+            .appendingPathComponent("agent", isDirectory: true)
+            .appendingPathComponent("sessions", isDirectory: true)
+    }
+
+    private static func listPiSessionFiles(root: URL, startCutoffLocal: Date) -> [URL] {
+        guard FileManager.default.fileExists(atPath: root.path) else { return [] }
+
+        let keys: Set<URLResourceKey> = [.isRegularFileKey, .contentModificationDateKey]
+        guard let enumerator = FileManager.default.enumerator(
+            at: root,
+            includingPropertiesForKeys: Array(keys),
+            options: [.skipsHiddenFiles])
+        else {
+            return []
+        }
+
+        var output: [URL] = []
+        while let item = enumerator.nextObject() as? URL {
+            guard item.pathExtension.lowercased() == "jsonl" else { continue }
+            let values = try? item.resourceValues(forKeys: keys)
+            guard values?.isRegularFile == true else { continue }
+
+            let startedAt = self.parseSessionStartFromFilename(item.lastPathComponent)
+            let modifiedAt = values?.contentModificationDate
+            if self
+                .shouldIncludeFile(startedAt: startedAt, modifiedAt: modifiedAt, startCutoffLocal: startCutoffLocal)
+            {
+                output.append(item)
+            }
+        }
+
+        return output.sorted(by: { $0.path < $1.path })
+    }
+
+    private static func shouldIncludeFile(
+        startedAt: Date?,
+        modifiedAt: Date?,
+        startCutoffLocal: Date) -> Bool
+    {
+        if let modifiedAt, self.localMidnight(modifiedAt) >= startCutoffLocal {
+            return true
+        }
+        if let startedAt, self.localMidnight(startedAt) >= startCutoffLocal {
+            return true
+        }
+        return false
+    }
+
+    private static func scanPiSessionFile(
+        fileURL: URL,
+        cache: inout PiSessionCostCache,
+        context: ScanContext)
+        throws
+    {
+        try context.checkCancellation?()
+        let path = fileURL.path
+        let attrs = (try? FileManager.default.attributesOfItem(atPath: path)) ?? [:]
+        let mtime = (attrs[.modificationDate] as? Date)?.timeIntervalSince1970 ?? 0
+        let size = (attrs[.size] as? NSNumber)?.int64Value ?? 0
+        let mtimeMs = Int64(mtime * 1000)
+
+        func storeFileUsage(_ usage: PiSessionFileUsage) {
+            cache.files[path] = usage
+        }
+
+        let cached = cache.files[path]
+        if !context.forceRescan,
+           let cached,
+           cached.mtimeUnixMs == mtimeMs,
+           cached.size == size
+        {
+            return
+        }
+
+        if !context.forceRescan,
+           let cached,
+           size > cached.size,
+           cached.parsedBytes > 0,
+           cached.parsedBytes <= size
+        {
+            let delta = try self.parsePiSessionFile(
+                fileURL: fileURL,
+                range: context.range,
+                startOffset: cached.parsedBytes,
+                initialModelContext: cached.lastModelContext,
+                pricingContext: context.pricingContext,
+                checkCancellation: context.checkCancellation)
+            if !delta.contributions.isEmpty {
+                self.applyContributions(
+                    daysByProvider: &cache.daysByProvider,
+                    contributions: delta.contributions,
+                    sign: 1)
+            }
+            let merged = self.mergedContributions(existing: cached.contributions, delta: delta.contributions)
+            storeFileUsage(PiSessionFileUsage(
+                mtimeUnixMs: mtimeMs,
+                size: size,
+                parsedBytes: delta.parsedBytes,
+                lastModelContext: delta.lastModelContext,
+                contributions: merged))
+            return
+        }
+
+        if let cached {
+            self.applyContributions(
+                daysByProvider: &cache.daysByProvider,
+                contributions: cached.contributions,
+                sign: -1)
+        }
+
+        let parsed = try self.parsePiSessionFile(
+            fileURL: fileURL,
+            range: context.range,
+            pricingContext: context.pricingContext,
+            checkCancellation: context.checkCancellation)
+        if !parsed.contributions.isEmpty {
+            self.applyContributions(daysByProvider: &cache.daysByProvider, contributions: parsed.contributions, sign: 1)
+        }
+
+        storeFileUsage(PiSessionFileUsage(
+            mtimeUnixMs: mtimeMs,
+            size: size,
+            parsedBytes: parsed.parsedBytes,
+            lastModelContext: parsed.lastModelContext,
+            contributions: parsed.contributions))
+    }
+
+    private static func parsePiSessionFile(
+        fileURL: URL,
+        range: CostUsageScanner.CostUsageDayRange,
+        startOffset: Int64 = 0,
+        initialModelContext: PiModelContext? = nil,
+        pricingContext: ModelsDevPricingContext? = nil,
+        checkCancellation: CostUsageScanner.CancellationCheck? = nil) throws -> ParseResult
+    {
+        var currentModelContext = initialModelContext
+        var contributions: [String: [String: [String: PiPackedUsage]]] = [:]
+
+        func add(provider: UsageProvider, dayKey: String, modelName: String, usage: PiPackedUsage) {
+            guard !usage.isZero else { return }
+            guard CostUsageScanner.CostUsageDayRange.isInRange(
+                dayKey: dayKey,
+                since: range.scanSinceKey,
+                until: range.scanUntilKey)
+            else {
+                return
+            }
+
+            let providerKey = provider.rawValue
+            var providerDays = contributions[providerKey] ?? [:]
+            var dayModels = providerDays[dayKey] ?? [:]
+            let merged = self.addPacked(a: dayModels[modelName] ?? PiPackedUsage(), b: usage, sign: 1)
+            if merged.isZero {
+                dayModels.removeValue(forKey: modelName)
+            } else {
+                dayModels[modelName] = merged
+            }
+            if dayModels.isEmpty {
+                providerDays.removeValue(forKey: dayKey)
+            } else {
+                providerDays[dayKey] = dayModels
+            }
+            if providerDays.isEmpty {
+                contributions.removeValue(forKey: providerKey)
+            } else {
+                contributions[providerKey] = providerDays
+            }
+        }
+
+        let parsedBytes: Int64
+        do {
+            parsedBytes = try CostUsageJsonl.scan(
+                fileURL: fileURL,
+                offset: startOffset,
+                maxLineBytes: Self.maxLineBytes,
+                prefixBytes: Self.maxLineBytes,
+                checkCancellation: checkCancellation,
+                onLine: { line in
+                    guard !line.bytes.isEmpty, !line.wasTruncated else { return }
+                    autoreleasepool {
+                        guard let object = (try? JSONSerialization.jsonObject(with: line.bytes)) as? [String: Any]
+                        else { return }
+                        guard let type = object["type"] as? String else { return }
+
+                        if type == "model_change" {
+                            currentModelContext = self.modelContext(from: object)
+                            return
+                        }
+
+                        guard type == "message", let message = object["message"] as? [String: Any] else { return }
+                        guard (message["role"] as? String) == "assistant" else { return }
+
+                        let identity = self.resolveAssistantIdentity(
+                            entry: object,
+                            message: message,
+                            fallback: currentModelContext)
+                        guard let identity else { return }
+                        guard let date = self.timestampDate(entry: object, message: message) else { return }
+                        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: date)
+                        let usage = self.extractUsage(
+                            provider: identity.provider,
+                            modelName: identity.modelName,
+                            message: message,
+                            pricingContext: pricingContext)
+                        add(provider: identity.provider, dayKey: dayKey, modelName: identity.modelName, usage: usage)
+                    }
+                })
+        } catch is CancellationError {
+            throw CancellationError()
+        } catch {
+            parsedBytes = startOffset
+        }
+
+        return ParseResult(
+            contributions: contributions,
+            parsedBytes: parsedBytes,
+            lastModelContext: currentModelContext)
+    }
+
+    private static func modelContext(from object: [String: Any]) -> PiModelContext? {
+        guard let providerText = object["provider"] as? String,
+              let provider = self.mappedProvider(fromPiProvider: providerText)
+        else {
+            return nil
+        }
+        let rawModelName = (object["modelId"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+        guard let modelName = self.normalizeModelName(rawModelName, provider: provider) else { return nil }
+        return PiModelContext(providerRawValue: provider.rawValue, modelName: modelName)
+    }
+
+    private static func resolveAssistantIdentity(
+        entry: [String: Any],
+        message: [String: Any],
+        fallback: PiModelContext?) -> AssistantIdentity?
+    {
+        let explicitProviderText = self.extractProviderText(entry: entry, message: message)
+        let explicitProvider = explicitProviderText.flatMap(self.mappedProvider(fromPiProvider:))
+        let explicitModelText = self.extractModelText(entry: entry, message: message)
+
+        if explicitProviderText != nil, explicitProvider == nil {
+            return nil
+        }
+
+        if let explicitProvider,
+           let explicitModelText,
+           let explicitModel = self.normalizeModelName(explicitModelText, provider: explicitProvider)
+        {
+            return AssistantIdentity(provider: explicitProvider, modelName: explicitModel)
+        }
+
+        if let explicitProvider,
+           let fallback,
+           fallback.providerRawValue == explicitProvider.rawValue
+        {
+            return AssistantIdentity(provider: explicitProvider, modelName: fallback.modelName)
+        }
+
+        if explicitProviderText == nil,
+           let explicitModelText,
+           let fallbackProvider = fallback.flatMap({ UsageProvider(rawValue: $0.providerRawValue) }),
+           let explicitModel = self.normalizeModelName(explicitModelText, provider: fallbackProvider)
+        {
+            return AssistantIdentity(provider: fallbackProvider, modelName: explicitModel)
+        }
+
+        if explicitProviderText == nil,
+           let fallback,
+           let provider = UsageProvider(rawValue: fallback.providerRawValue)
+        {
+            return AssistantIdentity(provider: provider, modelName: fallback.modelName)
+        }
+
+        return nil
+    }
+
+    private static func extractProviderText(entry: [String: Any], message: [String: Any]) -> String? {
+        if let provider = (message["provider"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !provider.isEmpty
+        {
+            return provider
+        }
+        if let provider = (entry["provider"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !provider.isEmpty
+        {
+            return provider
+        }
+        return nil
+    }
+
+    private static func extractModelText(entry: [String: Any], message: [String: Any]) -> String? {
+        for value in [message["model"], entry["model"], message["modelId"], entry["modelId"]] {
+            if let model = (value as? String)?.trimmingCharacters(in: .whitespacesAndNewlines), !model.isEmpty {
+                return model
+            }
+        }
+        return nil
+    }
+
+    private static func normalizeModelName(_ raw: String, provider: UsageProvider) -> String? {
+        let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return nil }
+        return switch provider {
+        case .codex:
+            CostUsagePricing.normalizeCodexModel(trimmed)
+        case .claude:
+            CostUsagePricing.normalizeClaudeModel(trimmed)
+        default:
+            trimmed
+        }
+    }
+
+    private static func timestampDate(entry: [String: Any], message: [String: Any]) -> Date? {
+        self.parseTimestampValue(message["timestamp"])
+            ?? self.parseTimestampValue(entry["timestamp"])
+    }
+
+    private static func parseTimestampValue(_ value: Any?) -> Date? {
+        if let number = value as? NSNumber {
+            let raw = number.doubleValue
+            guard raw.isFinite else { return nil }
+            if raw > 1_000_000_000_000 {
+                return Date(timeIntervalSince1970: raw / 1000)
+            }
+            return Date(timeIntervalSince1970: raw)
+        }
+
+        if let string = value as? String {
+            if let numeric = Double(string), numeric.isFinite {
+                if numeric > 1_000_000_000_000 {
+                    return Date(timeIntervalSince1970: numeric / 1000)
+                }
+                return Date(timeIntervalSince1970: numeric)
+            }
+            return self.parseISO(string)
+        }
+
+        return nil
+    }
+
+    private static func extractUsage(
+        provider: UsageProvider,
+        modelName: String,
+        message: [String: Any],
+        pricingContext: ModelsDevPricingContext? = nil) -> PiPackedUsage
+    {
+        let usage = (message["usage"] as? [String: Any]) ?? [:]
+        let input = self.readNonNegativeInt(
+            usage["input"]
+                ?? usage["inputTokens"]
+                ?? usage["input_tokens"]
+                ?? usage["promptTokens"]
+                ?? usage["prompt_tokens"])
+        let cacheRead = self.readNonNegativeInt(
+            usage["cacheRead"]
+                ?? usage["cacheReadTokens"]
+                ?? usage["cache_read"]
+                ?? usage["cache_read_tokens"]
+                ?? usage["cacheReadInputTokens"]
+                ?? usage["cache_read_input_tokens"])
+        let cacheWrite = self.readNonNegativeInt(
+            usage["cacheWrite"]
+                ?? usage["cacheWriteTokens"]
+                ?? usage["cache_write"]
+                ?? usage["cache_write_tokens"]
+                ?? usage["cacheCreationTokens"]
+                ?? usage["cache_creation_tokens"]
+                ?? usage["cacheCreationInputTokens"]
+                ?? usage["cache_creation_input_tokens"])
+        let output = self.readNonNegativeInt(
+            usage["output"]
+                ?? usage["outputTokens"]
+                ?? usage["output_tokens"]
+                ?? usage["completionTokens"]
+                ?? usage["completion_tokens"])
+
+        let directTotal = self.readNonNegativeInt(
+            usage["totalTokens"]
+                ?? usage["total_tokens"]
+                ?? usage["tokenCount"]
+                ?? usage["token_count"]
+                ?? usage["tokens"])
+        let derivedTotal = input + cacheRead + cacheWrite + output
+        let totalTokens = max(directTotal, derivedTotal)
+
+        let rawUsage = PiPackedUsage(
+            inputTokens: input,
+            cacheReadTokens: cacheRead,
+            cacheWriteTokens: cacheWrite,
+            outputTokens: output,
+            totalTokens: totalTokens)
+        let costUSD = self.computedCostUSD(
+            provider: provider,
+            modelName: modelName,
+            usage: rawUsage,
+            pricingContext: pricingContext)
+        let costNanos = costUSD.map { Int64(($0 * self.costScale).rounded()) } ?? 0
+
+        return PiPackedUsage(
+            inputTokens: rawUsage.inputTokens,
+            cacheReadTokens: rawUsage.cacheReadTokens,
+            cacheWriteTokens: rawUsage.cacheWriteTokens,
+            outputTokens: rawUsage.outputTokens,
+            totalTokens: rawUsage.totalTokens,
+            costNanos: costNanos,
+            costSampleCount: costUSD == nil ? 0 : 1,
+            usageSampleCount: 1)
+    }
+
+    private static func computedCostUSD(
+        provider: UsageProvider,
+        modelName: String,
+        usage: PiPackedUsage,
+        pricingContext: ModelsDevPricingContext? = nil) -> Double?
+    {
+        switch provider {
+        case .codex:
+            CostUsagePricing.codexCostUSD(
+                model: modelName,
+                inputTokens: usage.inputTokens + usage.cacheReadTokens + usage.cacheWriteTokens,
+                cachedInputTokens: usage.cacheReadTokens,
+                outputTokens: usage.outputTokens,
+                modelsDevCatalog: pricingContext?.catalog,
+                modelsDevCacheRoot: pricingContext?.cacheRoot)
+        case .claude:
+            CostUsagePricing.claudeCostUSD(
+                model: modelName,
+                inputTokens: usage.inputTokens,
+                cacheReadInputTokens: usage.cacheReadTokens,
+                cacheCreationInputTokens: usage.cacheWriteTokens,
+                outputTokens: usage.outputTokens,
+                modelsDevCatalog: pricingContext?.catalog,
+                modelsDevCacheRoot: pricingContext?.cacheRoot)
+        default:
+            nil
+        }
+    }
+
+    private static func readNonNegativeInt(_ value: Any?) -> Int {
+        if let number = value as? NSNumber {
+            let numeric = number.doubleValue
+            guard numeric.isFinite, numeric >= 0, numeric <= self.maxSafeRoundedInt else { return 0 }
+            return Int(numeric.rounded())
+        }
+        if let string = value as? String,
+           let numeric = Double(string),
+           numeric.isFinite,
+           numeric >= 0,
+           numeric <= self.maxSafeRoundedInt
+        {
+            return Int(numeric.rounded())
+        }
+        return 0
+    }
+
+    private static func mappedProvider(fromPiProvider provider: String) -> UsageProvider? {
+        switch provider.lowercased() {
+        case "openai-codex":
+            .codex
+        case "anthropic":
+            .claude
+        default:
+            nil
+        }
+    }
+
+    private static func buildReport(
+        provider: UsageProvider,
+        cache: PiSessionCostCache,
+        range: CostUsageScanner.CostUsageDayRange,
+        pricingContext: ModelsDevPricingContext? = nil) -> CostUsageDailyReport
+    {
+        guard let providerDays = cache.daysByProvider[provider.rawValue] else {
+            return CostUsageDailyReport(data: [], summary: nil)
+        }
+
+        let dayKeys = providerDays.keys.sorted().filter {
+            CostUsageScanner.CostUsageDayRange.isInRange(dayKey: $0, since: range.sinceKey, until: range.untilKey)
+        }
+
+        var entries: [CostUsageDailyReport.Entry] = []
+        var totalInput = 0
+        var totalOutput = 0
+        var totalCacheRead = 0
+        var totalCacheWrite = 0
+        var totalTokens = 0
+        var totalCostNanos: Int64 = 0
+        var totalCostSamples = 0
+
+        for dayKey in dayKeys {
+            guard let models = providerDays[dayKey] else { continue }
+            let modelNames = models.keys.sorted()
+
+            var dayInput = 0
+            var dayOutput = 0
+            var dayCacheRead = 0
+            var dayCacheWrite = 0
+            var dayTotalTokens = 0
+            var dayCostNanos: Int64 = 0
+            var dayCostSamples = 0
+            var breakdown: [CostUsageDailyReport.ModelBreakdown] = []
+
+            for modelName in modelNames {
+                let packed = models[modelName] ?? PiPackedUsage()
+                let modelTotalTokens = max(
+                    packed.totalTokens,
+                    packed.inputTokens + packed.cacheReadTokens + packed.cacheWriteTokens + packed.outputTokens)
+                let currentPricingCost = self.computedCostUSD(
+                    provider: provider,
+                    modelName: modelName,
+                    usage: packed,
+                    pricingContext: pricingContext)
+                let usageSampleCount = packed.usageSampleCount
+                let hasCompleteCachedCost = (usageSampleCount ?? 0) > 0
+                    && packed.costSampleCount == usageSampleCount
+                // Cached costs are accumulated per message, which preserves Claude long-context threshold boundaries.
+                let costNanos = hasCompleteCachedCost
+                    ? packed.costNanos
+                    : currentPricingCost.map { Int64(($0 * self.costScale).rounded()) }
+                breakdown.append(CostUsageDailyReport.ModelBreakdown(
+                    modelName: modelName,
+                    costUSD: costNanos.map { Double($0) / Self.costScale },
+                    totalTokens: modelTotalTokens > 0 ? modelTotalTokens : nil))
+                dayInput += packed.inputTokens
+                dayOutput += packed.outputTokens
+                dayCacheRead += packed.cacheReadTokens
+                dayCacheWrite += packed.cacheWriteTokens
+                dayTotalTokens += modelTotalTokens
+                if let costNanos {
+                    dayCostNanos += costNanos
+                    dayCostSamples += 1
+                }
+            }
+
+            let sortedBreakdown = self.sortedModelBreakdowns(breakdown)
+            entries.append(CostUsageDailyReport.Entry(
+                date: dayKey,
+                inputTokens: dayInput > 0 ? dayInput : nil,
+                outputTokens: dayOutput > 0 ? dayOutput : nil,
+                cacheReadTokens: dayCacheRead > 0 ? dayCacheRead : nil,
+                cacheCreationTokens: dayCacheWrite > 0 ? dayCacheWrite : nil,
+                totalTokens: dayTotalTokens > 0 ? dayTotalTokens : nil,
+                costUSD: dayCostSamples > 0 ? Double(dayCostNanos) / Self.costScale : nil,
+                modelsUsed: modelNames,
+                modelBreakdowns: sortedBreakdown))
+
+            totalInput += dayInput
+            totalOutput += dayOutput
+            totalCacheRead += dayCacheRead
+            totalCacheWrite += dayCacheWrite
+            totalTokens += dayTotalTokens
+            totalCostNanos += dayCostNanos
+            totalCostSamples += dayCostSamples
+        }
+
+        guard !entries.isEmpty else { return CostUsageDailyReport(data: [], summary: nil) }
+        return CostUsageDailyReport(
+            data: entries,
+            summary: CostUsageDailyReport.Summary(
+                totalInputTokens: totalInput > 0 ? totalInput : nil,
+                totalOutputTokens: totalOutput > 0 ? totalOutput : nil,
+                cacheReadTokens: totalCacheRead > 0 ? totalCacheRead : nil,
+                cacheCreationTokens: totalCacheWrite > 0 ? totalCacheWrite : nil,
+                totalTokens: totalTokens > 0 ? totalTokens : nil,
+                totalCostUSD: totalCostSamples > 0 ? Double(totalCostNanos) / Self.costScale : nil))
+    }
+
+    private static func mergedContributions(
+        existing: [String: [String: [String: PiPackedUsage]]],
+        delta: [String: [String: [String: PiPackedUsage]]]) -> [String: [String: [String: PiPackedUsage]]]
+    {
+        var merged = existing
+        self.applyContributions(daysByProvider: &merged, contributions: delta, sign: 1)
+        return merged
+    }
+
+    private static func applyContributions(
+        daysByProvider: inout [String: [String: [String: PiPackedUsage]]],
+        contributions: [String: [String: [String: PiPackedUsage]]],
+        sign: Int)
+    {
+        for (providerKey, providerDays) in contributions {
+            var mergedProviderDays = daysByProvider[providerKey] ?? [:]
+            for (dayKey, dayModels) in providerDays {
+                var mergedDayModels = mergedProviderDays[dayKey] ?? [:]
+                for (modelName, packed) in dayModels {
+                    let updated = self.addPacked(
+                        a: mergedDayModels[modelName] ?? PiPackedUsage(),
+                        b: packed,
+                        sign: sign)
+                    if updated.isZero {
+                        mergedDayModels.removeValue(forKey: modelName)
+                    } else {
+                        mergedDayModels[modelName] = updated
+                    }
+                }
+                if mergedDayModels.isEmpty {
+                    mergedProviderDays.removeValue(forKey: dayKey)
+                } else {
+                    mergedProviderDays[dayKey] = mergedDayModels
+                }
+            }
+            if mergedProviderDays.isEmpty {
+                daysByProvider.removeValue(forKey: providerKey)
+            } else {
+                daysByProvider[providerKey] = mergedProviderDays
+            }
+        }
+    }
+
+    private static func addPacked(a: PiPackedUsage, b: PiPackedUsage, sign: Int) -> PiPackedUsage {
+        let aUsageSampleCount = a.usageSampleCount ?? (a.isZero ? 0 : nil)
+        let bUsageSampleCount = b.usageSampleCount ?? (b.isZero ? 0 : nil)
+        let usageSampleCount: Int? = if let aCount = aUsageSampleCount, let bCount = bUsageSampleCount {
+            max(0, aCount + sign * bCount)
+        } else {
+            nil
+        }
+
+        return PiPackedUsage(
+            inputTokens: max(0, a.inputTokens + sign * b.inputTokens),
+            cacheReadTokens: max(0, a.cacheReadTokens + sign * b.cacheReadTokens),
+            cacheWriteTokens: max(0, a.cacheWriteTokens + sign * b.cacheWriteTokens),
+            outputTokens: max(0, a.outputTokens + sign * b.outputTokens),
+            totalTokens: max(0, a.totalTokens + sign * b.totalTokens),
+            costNanos: max(0, a.costNanos + Int64(sign) * b.costNanos),
+            costSampleCount: max(0, a.costSampleCount + sign * b.costSampleCount),
+            usageSampleCount: usageSampleCount)
+    }
+
+    private static func parseSessionStartFromFilename(_ filename: String) -> Date? {
+        let pattern = "^(\\d{4}-\\d{2}-\\d{2})T(\\d{2})-(\\d{2})-(\\d{2})-(\\d{3})Z_"
+        guard let regex = try? NSRegularExpression(pattern: pattern) else { return nil }
+        let range = NSRange(filename.startIndex..<filename.endIndex, in: filename)
+        guard let match = regex.firstMatch(in: filename, range: range) else { return nil }
+        guard (1...5).allSatisfy({ Range(match.range(at: $0), in: filename) != nil }) else { return nil }
+        let date = String(filename[Range(match.range(at: 1), in: filename)!])
+        let hour = String(filename[Range(match.range(at: 2), in: filename)!])
+        let minute = String(filename[Range(match.range(at: 3), in: filename)!])
+        let second = String(filename[Range(match.range(at: 4), in: filename)!])
+        let millis = String(filename[Range(match.range(at: 5), in: filename)!])
+        return self.parseISO("\(date)T\(hour):\(minute):\(second).\(millis)Z")
+    }
+
+    private static func parseISO(_ text: String) -> Date? {
+        let withFractional = ISO8601DateFormatter()
+        withFractional.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        if let date = withFractional.date(from: text) {
+            return date
+        }
+        let plain = ISO8601DateFormatter()
+        plain.formatOptions = [.withInternetDateTime]
+        return plain.date(from: text)
+    }
+
+    private static func localMidnight(_ date: Date) -> Date {
+        let components = Calendar.current.dateComponents([.year, .month, .day], from: date)
+        return Calendar.current.date(from: components) ?? date
+    }
+
+    private static func dateFromDayKey(_ key: String) -> Date? {
+        let parts = key.split(separator: "-")
+        guard parts.count == 3,
+              let year = Int(parts[0]),
+              let month = Int(parts[1]),
+              let day = Int(parts[2]) else { return nil }
+
+        var components = DateComponents()
+        components.calendar = Calendar.current
+        components.timeZone = TimeZone.current
+        components.year = year
+        components.month = month
+        components.day = day
+        components.hour = 0
+        return components.date
+    }
+
+    private static func sortedModelBreakdowns(_ breakdowns: [CostUsageDailyReport.ModelBreakdown])
+        -> [CostUsageDailyReport.ModelBreakdown]
+    {
+        breakdowns.sorted { lhs, rhs in
+            let lhsCost = lhs.costUSD ?? -1
+            let rhsCost = rhs.costUSD ?? -1
+            if lhsCost != rhsCost {
+                return lhsCost > rhsCost
+            }
+
+            let lhsTokens = lhs.totalTokens ?? -1
+            let rhsTokens = rhs.totalTokens ?? -1
+            if lhsTokens != rhsTokens {
+                return lhsTokens > rhsTokens
+            }
+
+            return lhs.modelName > rhs.modelName
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/ProviderCostSnapshot.swift b/Sources/CodexBarCore/ProviderCostSnapshot.swift
index c3d25af49..7941fb540 100644
--- a/Sources/CodexBarCore/ProviderCostSnapshot.swift
+++ b/Sources/CodexBarCore/ProviderCostSnapshot.swift
@@ -9,6 +9,8 @@ public struct ProviderCostSnapshot: Equatable, Codable, Sendable {
     public let period: String?
     /// Optional renewal/reset timestamp for the period.
     public let resetsAt: Date?
+    /// Optional amount restored on the next regeneration tick for providers with rolling credit recovery.
+    public let nextRegenAmount: Double?
     public let updatedAt: Date
 
     public init(
@@ -17,6 +19,7 @@ public struct ProviderCostSnapshot: Equatable, Codable, Sendable {
         currencyCode: String,
         period: String? = nil,
         resetsAt: Date? = nil,
+        nextRegenAmount: Double? = nil,
         updatedAt: Date)
     {
         self.used = used
@@ -24,6 +27,7 @@ public struct ProviderCostSnapshot: Equatable, Codable, Sendable {
         self.currencyCode = currencyCode
         self.period = period
         self.resetsAt = resetsAt
+        self.nextRegenAmount = nextRegenAmount
         self.updatedAt = updatedAt
     }
 }
diff --git a/Sources/CodexBarCore/ProviderHTTPClient.swift b/Sources/CodexBarCore/ProviderHTTPClient.swift
new file mode 100644
index 000000000..f5ea38a4c
--- /dev/null
+++ b/Sources/CodexBarCore/ProviderHTTPClient.swift
@@ -0,0 +1,209 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public protocol ProviderHTTPTransport: Sendable {
+    func data(for request: URLRequest) async throws -> (Data, URLResponse)
+}
+
+#if !os(Linux)
+extension URLSession: ProviderHTTPTransport {}
+#endif
+
+extension URLSession {
+    public func response(for request: URLRequest) async throws -> ProviderHTTPResponse {
+        let (data, response) = try await self.data(for: request)
+        guard let httpResponse = response as? HTTPURLResponse else {
+            throw URLError(.badServerResponse)
+        }
+        return ProviderHTTPResponse(data: data, response: httpResponse)
+    }
+}
+
+public struct ProviderHTTPResponse: Sendable {
+    public let data: Data
+    public let response: HTTPURLResponse
+
+    public init(data: Data, response: HTTPURLResponse) {
+        self.data = data
+        self.response = response
+    }
+
+    public var statusCode: Int {
+        self.response.statusCode
+    }
+}
+
+public struct ProviderHTTPRetryPolicy: Sendable {
+    public let maxRetries: Int
+    public let retryableStatusCodes: Set<Int>
+    public let retryableURLErrorCodes: Set<URLError.Code>
+    public let retryableMethods: Set<String>
+    public let baseDelaySeconds: TimeInterval
+    public let maxDelaySeconds: TimeInterval
+
+    public init(
+        maxRetries: Int,
+        retryableStatusCodes: Set<Int> = [408, 429, 500, 502, 503, 504],
+        retryableURLErrorCodes: Set<URLError.Code> = [
+            .timedOut,
+            .networkConnectionLost,
+            .cannotConnectToHost,
+            .cannotFindHost,
+            .dnsLookupFailed,
+        ],
+        retryableMethods: Set<String> = ["GET", "HEAD", "OPTIONS"],
+        baseDelaySeconds: TimeInterval = 1,
+        maxDelaySeconds: TimeInterval = 10)
+    {
+        self.maxRetries = max(0, maxRetries)
+        self.retryableStatusCodes = retryableStatusCodes
+        self.retryableURLErrorCodes = retryableURLErrorCodes
+        self.retryableMethods = retryableMethods
+        self.baseDelaySeconds = max(0, baseDelaySeconds)
+        self.maxDelaySeconds = max(0, maxDelaySeconds)
+    }
+
+    public static let disabled = ProviderHTTPRetryPolicy(
+        maxRetries: 0,
+        retryableStatusCodes: [],
+        retryableURLErrorCodes: [],
+        baseDelaySeconds: 0,
+        maxDelaySeconds: 0)
+
+    public static let transientIdempotent = ProviderHTTPRetryPolicy(maxRetries: 1)
+
+    func shouldRetry(request: URLRequest, attempt: Int, statusCode: Int) -> Bool {
+        self.canRetry(request: request, attempt: attempt)
+            && self.retryableStatusCodes.contains(statusCode)
+    }
+
+    func shouldRetry(request: URLRequest, attempt: Int, error: Error) -> Bool {
+        guard self.canRetry(request: request, attempt: attempt) else { return false }
+        guard let urlError = error as? URLError else { return false }
+        return self.retryableURLErrorCodes.contains(urlError.code)
+    }
+
+    func delaySeconds(attempt: Int, response: HTTPURLResponse?) -> TimeInterval {
+        if let retryAfter = response?.value(forHTTPHeaderField: "Retry-After"),
+           let seconds = TimeInterval(retryAfter.trimmingCharacters(in: .whitespacesAndNewlines)),
+           seconds >= 0
+        {
+            return min(seconds, self.maxDelaySeconds)
+        }
+
+        guard self.baseDelaySeconds > 0 else { return 0 }
+        let multiplier = pow(2, Double(max(0, attempt)))
+        return min(self.baseDelaySeconds * multiplier, self.maxDelaySeconds)
+    }
+
+    private func canRetry(request: URLRequest, attempt: Int) -> Bool {
+        guard attempt < self.maxRetries else { return false }
+        let method = request.httpMethod?.uppercased() ?? "GET"
+        return self.retryableMethods.contains(method)
+    }
+}
+
+public struct ProviderHTTPTransportHandler: ProviderHTTPTransport {
+    private let handler: @Sendable (URLRequest) async throws -> (Data, URLResponse)
+
+    public init(_ handler: @escaping @Sendable (URLRequest) async throws -> (Data, URLResponse)) {
+        self.handler = handler
+    }
+
+    public func data(for request: URLRequest) async throws -> (Data, URLResponse) {
+        try await self.handler(request)
+    }
+}
+
+extension ProviderHTTPTransport {
+    public func response(for request: URLRequest) async throws -> ProviderHTTPResponse {
+        try await self.response(for: request, retryPolicy: .disabled)
+    }
+
+    public func response(
+        for request: URLRequest,
+        retryPolicy: ProviderHTTPRetryPolicy) async throws -> ProviderHTTPResponse
+    {
+        var attempt = 0
+
+        while true {
+            do {
+                let (data, response) = try await self.data(for: request)
+                guard let httpResponse = response as? HTTPURLResponse else {
+                    throw URLError(.badServerResponse)
+                }
+                let providerResponse = ProviderHTTPResponse(data: data, response: httpResponse)
+                guard retryPolicy.shouldRetry(
+                    request: request,
+                    attempt: attempt,
+                    statusCode: providerResponse.statusCode)
+                else {
+                    return providerResponse
+                }
+                try await Self.sleepBeforeRetry(policy: retryPolicy, attempt: attempt, response: httpResponse)
+                attempt += 1
+            } catch {
+                guard retryPolicy.shouldRetry(request: request, attempt: attempt, error: error) else {
+                    throw error
+                }
+                try await Self.sleepBeforeRetry(policy: retryPolicy, attempt: attempt, response: nil)
+                attempt += 1
+            }
+        }
+    }
+
+    private static func sleepBeforeRetry(
+        policy: ProviderHTTPRetryPolicy,
+        attempt: Int,
+        response: HTTPURLResponse?) async throws
+    {
+        let delay = policy.delaySeconds(attempt: attempt, response: response)
+        guard delay > 0 else { return }
+        try await Task.sleep(nanoseconds: UInt64(delay * 1_000_000_000))
+    }
+}
+
+public final class ProviderHTTPClient: ProviderHTTPTransport, @unchecked Sendable {
+    public static let shared = ProviderHTTPClient(session: ProviderHTTPClient.sharedSession())
+
+    private let session: URLSession
+
+    public init(session: URLSession? = nil) {
+        self.session = session ?? URLSession(configuration: Self.defaultConfiguration())
+    }
+
+    static func defaultConfiguration() -> URLSessionConfiguration {
+        let configuration = URLSessionConfiguration.default
+        configuration.timeoutIntervalForRequest = 30
+        configuration.timeoutIntervalForResource = 90
+        #if !os(Linux)
+        configuration.waitsForConnectivity = false
+        #endif
+        return configuration
+    }
+
+    private static func sharedSession() -> URLSession {
+        if self.isRunningTests {
+            // XCTest URLProtocol.registerClass stubs only intercept URLSession.shared on macOS.
+            return .shared
+        }
+        return URLSession(configuration: self.defaultConfiguration())
+    }
+
+    private static var isRunningTests: Bool {
+        let environment = ProcessInfo.processInfo.environment
+        if environment["XCTestConfigurationFilePath"] != nil || environment["XCTestBundlePath"] != nil {
+            return true
+        }
+        if ProcessInfo.processInfo.processName.lowercased().contains("xctest") {
+            return true
+        }
+        return CommandLine.arguments.contains { $0.lowercased().contains(".xctest") }
+    }
+
+    public func data(for request: URLRequest) async throws -> (Data, URLResponse) {
+        try await self.session.data(for: request)
+    }
+}
diff --git a/Sources/CodexBarCore/ProviderStorageFootprint.swift b/Sources/CodexBarCore/ProviderStorageFootprint.swift
new file mode 100644
index 000000000..ea5e62dd7
--- /dev/null
+++ b/Sources/CodexBarCore/ProviderStorageFootprint.swift
@@ -0,0 +1,520 @@
+import Foundation
+
+public struct ProviderStorageFootprint: Sendable, Equatable {
+    public struct Component: Sendable, Equatable, Identifiable {
+        public let id: String
+        public let path: String
+        public let totalBytes: Int64
+
+        public init(path: String, totalBytes: Int64) {
+            self.id = path
+            self.path = path
+            self.totalBytes = totalBytes
+        }
+
+        public var name: String {
+            let url = URL(fileURLWithPath: self.path)
+            let last = url.lastPathComponent
+            if last.isEmpty { return self.path }
+            return last
+        }
+    }
+
+    public let provider: UsageProvider
+    public let totalBytes: Int64
+    public let paths: [String]
+    public let missingPaths: [String]
+    public let unreadablePaths: [String]
+    public let components: [Component]
+    public let updatedAt: Date
+
+    public init(
+        provider: UsageProvider,
+        totalBytes: Int64,
+        paths: [String],
+        missingPaths: [String],
+        unreadablePaths: [String],
+        components: [Component] = [],
+        updatedAt: Date)
+    {
+        self.provider = provider
+        self.totalBytes = totalBytes
+        self.paths = paths
+        self.missingPaths = missingPaths
+        self.unreadablePaths = unreadablePaths
+        self.components = components
+        self.updatedAt = updatedAt
+    }
+
+    public var hasLocalData: Bool {
+        self.totalBytes > 0
+    }
+
+    public var cleanupRecommendations: [ProviderStorageRecommendation] {
+        ProviderStorageRecommendation.recommendations(for: self)
+    }
+
+    public func replacingProvider(_ provider: UsageProvider) -> ProviderStorageFootprint {
+        ProviderStorageFootprint(
+            provider: provider,
+            totalBytes: self.totalBytes,
+            paths: self.paths,
+            missingPaths: self.missingPaths,
+            unreadablePaths: self.unreadablePaths,
+            components: self.components,
+            updatedAt: self.updatedAt)
+    }
+}
+
+public struct ProviderStorageRecommendation: Sendable, Equatable, Identifiable {
+    public enum RiskLevel: String, Sendable {
+        case informational
+        case manualCleanup
+    }
+
+    public let id: String
+    public let provider: UsageProvider
+    public let path: String
+    public let bytes: Int64
+    public let title: String
+    public let riskLevel: RiskLevel
+    public let consequence: String
+    public let sortPriority: Int
+
+    public init(
+        provider: UsageProvider,
+        path: String,
+        bytes: Int64,
+        title: String,
+        riskLevel: RiskLevel,
+        consequence: String,
+        sortPriority: Int)
+    {
+        self.id = path
+        self.provider = provider
+        self.path = path
+        self.bytes = bytes
+        self.title = title
+        self.riskLevel = riskLevel
+        self.consequence = consequence
+        self.sortPriority = sortPriority
+    }
+
+    public static func recommendations(for footprint: ProviderStorageFootprint) -> [ProviderStorageRecommendation] {
+        let candidates: [ProviderStorageRecommendation] = footprint.components.compactMap { component in
+            switch footprint.provider {
+            case .claude:
+                self.claudeRecommendation(for: component)
+            case .codex:
+                self.codexRecommendation(for: component, roots: footprint.paths)
+            default:
+                nil
+            }
+        }
+
+        return candidates.sorted { lhs, rhs in
+            if lhs.sortPriority == rhs.sortPriority {
+                if lhs.bytes == rhs.bytes {
+                    return lhs.path.localizedCaseInsensitiveCompare(rhs.path) == .orderedAscending
+                }
+                return lhs.bytes > rhs.bytes
+            }
+            return lhs.sortPriority < rhs.sortPriority
+        }
+    }
+
+    private static func claudeRecommendation(
+        for component: ProviderStorageFootprint.Component)
+        -> ProviderStorageRecommendation?
+    {
+        switch component.name {
+        case "projects":
+            self.make(
+                provider: .claude,
+                component: component,
+                title: "Manual cleanup: past sessions",
+                consequence: "Clearing removes past resume, continue, and rewind history.",
+                priority: 10)
+        case "file-history":
+            self.make(
+                provider: .claude,
+                component: component,
+                title: "Manual cleanup: file checkpoints",
+                consequence: "Clearing removes checkpoint restore data for previous edits.",
+                priority: 20)
+        case "plans":
+            self.make(
+                provider: .claude,
+                component: component,
+                title: "Manual cleanup: saved plans",
+                consequence: "Clearing removes old plan-mode files.",
+                priority: 30)
+        case "debug":
+            self.make(
+                provider: .claude,
+                component: component,
+                title: "Manual cleanup: debug logs",
+                consequence: "Clearing removes past debug logs.",
+                priority: 40)
+        case "paste-cache", "image-cache":
+            self.make(
+                provider: .claude,
+                component: component,
+                title: "Manual cleanup: attachment cache",
+                consequence: "Clearing removes cached large pastes or attached images.",
+                priority: 50)
+        case "session-env":
+            self.make(
+                provider: .claude,
+                component: component,
+                title: "Manual cleanup: session metadata",
+                consequence: "Clearing removes per-session environment metadata.",
+                priority: 60)
+        case "shell-snapshots":
+            self.make(
+                provider: .claude,
+                component: component,
+                title: "Manual cleanup: shell snapshots",
+                consequence: "Clearing removes leftover runtime shell snapshot files.",
+                priority: 70)
+        case "todos":
+            self.make(
+                provider: .claude,
+                component: component,
+                title: "Manual cleanup: legacy todos",
+                consequence: "Clearing removes legacy per-session task lists.",
+                priority: 80)
+        default:
+            nil
+        }
+    }
+
+    private static func codexRecommendation(
+        for component: ProviderStorageFootprint.Component,
+        roots: [String])
+        -> ProviderStorageRecommendation?
+    {
+        guard self.path(component.path, isContainedIn: roots) else { return nil }
+
+        return switch component.name {
+        case "sessions":
+            self.make(
+                provider: .codex,
+                component: component,
+                title: "Manual cleanup: sessions",
+                consequence: "Clearing removes past Codex session history.",
+                priority: 10)
+        case "archived_sessions":
+            self.make(
+                provider: .codex,
+                component: component,
+                title: "Manual cleanup: archived sessions",
+                consequence: "Clearing removes archived Codex session history.",
+                priority: 20)
+        case "cache", "caches", "Cache", "Caches":
+            self.make(
+                provider: .codex,
+                component: component,
+                title: "Manual cleanup: cache",
+                consequence: "Clearing removes provider-owned cached data.",
+                priority: 30)
+        case "log", "logs", "debug":
+            self.make(
+                provider: .codex,
+                component: component,
+                title: "Manual cleanup: logs",
+                consequence: "Clearing removes local diagnostic logs.",
+                priority: 40)
+        case let name where name.hasPrefix("logs_") && name.hasSuffix(".sqlite"):
+            self.make(
+                provider: .codex,
+                component: component,
+                title: "Manual cleanup: logs",
+                consequence: "Clearing removes local diagnostic logs.",
+                priority: 40)
+        case "file-history":
+            self.make(
+                provider: .codex,
+                component: component,
+                title: "Manual cleanup: file history",
+                consequence: "Clearing removes local edit checkpoint history.",
+                priority: 50)
+        case "paste-cache", "image-cache", "session-env", "shell-snapshots", "shell_snapshots", "tmp", "temp", ".tmp":
+            self.make(
+                provider: .codex,
+                component: component,
+                title: "Manual cleanup: temporary data",
+                consequence: "Clearing removes local temporary provider data.",
+                priority: 60)
+        default:
+            nil
+        }
+    }
+
+    private static func make(
+        provider: UsageProvider,
+        component: ProviderStorageFootprint.Component,
+        title: String,
+        consequence: String,
+        priority: Int)
+        -> ProviderStorageRecommendation
+    {
+        ProviderStorageRecommendation(
+            provider: provider,
+            path: component.path,
+            bytes: component.totalBytes,
+            title: title,
+            riskLevel: .manualCleanup,
+            consequence: consequence,
+            sortPriority: priority)
+    }
+
+    private static func path(_ path: String, isContainedIn roots: [String]) -> Bool {
+        let standardizedPath = URL(fileURLWithPath: path).standardizedFileURL.path
+        return roots.contains { root in
+            let standardizedRoot = URL(fileURLWithPath: root, isDirectory: true).standardizedFileURL.path
+            return standardizedPath == standardizedRoot || standardizedPath.hasPrefix(standardizedRoot + "/")
+        }
+    }
+}
+
+public enum ProviderStoragePathCatalog {
+    public static func candidatePaths(
+        for provider: UsageProvider,
+        environment: [String: String],
+        managedCodexAccounts: [ManagedCodexAccount] = [],
+        fileManager: FileManager = .default)
+        -> [String]
+    {
+        let home = fileManager.homeDirectoryForCurrentUser
+
+        func homePath(_ relativePath: String) -> String {
+            home.appendingPathComponent(relativePath, isDirectory: true).path
+        }
+
+        let candidates: [String] = switch provider {
+        case .codex:
+            [CodexHomeScope.ambientHomeURL(env: environment, fileManager: fileManager).path] +
+                managedCodexAccounts.map(\.managedHomePath)
+        case .claude:
+            [
+                homePath(".claude"),
+                homePath(".config/claude"),
+                home
+                    .appendingPathComponent("Library/Application Support/CodexBar/ClaudeProbe", isDirectory: true)
+                    .path,
+            ]
+        case .gemini:
+            [
+                homePath(".gemini"),
+                homePath(".config/gemini"),
+            ]
+        case .opencode, .opencodego:
+            [
+                homePath(".config/opencode"),
+            ]
+        case .copilot:
+            [
+                homePath(".config/github-copilot"),
+            ]
+        default:
+            []
+        }
+
+        return Self.uniqueStandardizedPaths(candidates)
+    }
+
+    private static func uniqueStandardizedPaths(_ paths: [String]) -> [String] {
+        var seen: Set<String> = []
+        var result: [String] = []
+        for path in paths {
+            let trimmed = path.trimmingCharacters(in: .whitespacesAndNewlines)
+            guard !trimmed.isEmpty else { continue }
+            let standardized = URL(fileURLWithPath: trimmed, isDirectory: true).standardizedFileURL.path
+            guard seen.insert(standardized).inserted else { continue }
+            result.append(standardized)
+        }
+        return result
+    }
+}
+
+public struct ProviderStorageScanner: @unchecked Sendable {
+    private struct DirectoryScanResult {
+        var bytes: Int64 = 0
+        var unreadablePaths: [String] = []
+        var componentBytes: [String: Int64] = [:]
+    }
+
+    private let fileManager: FileManager
+
+    public init(fileManager: FileManager = .default) {
+        self.fileManager = fileManager
+    }
+
+    public func scan(
+        provider: UsageProvider,
+        candidatePaths: [String],
+        now: Date = Date())
+        -> ProviderStorageFootprint
+    {
+        var totalBytes: Int64 = 0
+        var existingPaths: [String] = []
+        var missingPaths: [String] = []
+        var unreadablePaths: [String] = []
+        var components: [ProviderStorageFootprint.Component] = []
+
+        for path in candidatePaths {
+            if Task.isCancelled { break }
+            var isDirectory: ObjCBool = false
+            guard self.fileManager.fileExists(atPath: path, isDirectory: &isDirectory) else {
+                missingPaths.append(path)
+                continue
+            }
+
+            existingPaths.append(path)
+            let url = URL(fileURLWithPath: path, isDirectory: isDirectory.boolValue)
+            if self.isSymbolicLink(at: url) {
+                continue
+            }
+            if isDirectory.boolValue {
+                let result = self.scanDirectory(at: url)
+                if Task.isCancelled { break }
+                totalBytes += result.bytes
+                unreadablePaths.append(contentsOf: result.unreadablePaths)
+                components.append(contentsOf: result.componentBytes.map {
+                    ProviderStorageFootprint.Component(path: $0.key, totalBytes: $0.value)
+                })
+            } else {
+                let result = self.sizeOfFile(at: url)
+                totalBytes += result.bytes
+                unreadablePaths.append(contentsOf: result.unreadablePaths)
+                if result.bytes > 0 {
+                    components.append(.init(path: url.path, totalBytes: result.bytes))
+                }
+            }
+        }
+
+        return ProviderStorageFootprint(
+            provider: provider,
+            totalBytes: totalBytes,
+            paths: existingPaths,
+            missingPaths: missingPaths,
+            unreadablePaths: unreadablePaths,
+            components: components.sorted { lhs, rhs in
+                if lhs.totalBytes == rhs.totalBytes {
+                    return lhs.path.localizedCaseInsensitiveCompare(rhs.path) == .orderedAscending
+                }
+                return lhs.totalBytes > rhs.totalBytes
+            },
+            updatedAt: now)
+    }
+
+    private func isSymbolicLink(at url: URL) -> Bool {
+        (try? url.resourceValues(forKeys: [.isSymbolicLinkKey]).isSymbolicLink) == true
+    }
+
+    private func sizeOfFile(at url: URL) -> (bytes: Int64, unreadablePaths: [String]) {
+        if Task.isCancelled { return (0, []) }
+        let keys: Set<URLResourceKey> = [
+            .isRegularFileKey,
+            .isSymbolicLinkKey,
+            .fileSizeKey,
+        ]
+
+        guard let values = try? url.resourceValues(forKeys: keys) else {
+            return (0, [url.path])
+        }
+
+        if values.isSymbolicLink == true {
+            return (0, [])
+        }
+
+        if values.isRegularFile == true {
+            return (Int64(values.fileSize ?? 0), [])
+        }
+
+        return (0, [])
+    }
+
+    private func scanDirectory(at url: URL) -> DirectoryScanResult {
+        if Task.isCancelled { return DirectoryScanResult() }
+        let keys: Set<URLResourceKey> = [
+            .isDirectoryKey,
+            .isRegularFileKey,
+            .isSymbolicLinkKey,
+            .fileSizeKey,
+        ]
+
+        let unreadableCollector = ProviderStorageUnreadablePathCollector()
+        guard let enumerator = self.fileManager.enumerator(
+            at: url,
+            includingPropertiesForKeys: Array(keys),
+            options: [.skipsPackageDescendants],
+            errorHandler: { url, _ in
+                unreadableCollector.append(url.path)
+                return true
+            })
+        else {
+            return DirectoryScanResult(unreadablePaths: [url.path])
+        }
+
+        var result = DirectoryScanResult()
+        let rootPath = url.standardizedFileURL.path
+        for case let itemURL as URL in enumerator {
+            if Task.isCancelled {
+                enumerator.skipDescendants()
+                break
+            }
+            guard let itemValues = try? itemURL.resourceValues(forKeys: keys) else {
+                unreadableCollector.append(itemURL.path)
+                continue
+            }
+            if itemValues.isSymbolicLink == true {
+                if itemValues.isDirectory == true {
+                    enumerator.skipDescendants()
+                }
+                continue
+            }
+            if itemValues.isRegularFile == true {
+                let bytes = Int64(itemValues.fileSize ?? 0)
+                result.bytes += bytes
+                if bytes > 0, let componentPath = self.topLevelComponentPath(for: itemURL, rootPath: rootPath) {
+                    result.componentBytes[componentPath, default: 0] += bytes
+                }
+            }
+        }
+        result.unreadablePaths = unreadableCollector.paths
+        return result
+    }
+
+    private func topLevelComponentPath(for url: URL, rootPath: String) -> String? {
+        let itemPath = url.standardizedFileURL.path
+        let pathPrefix = rootPath.hasSuffix("/") ? rootPath : "\(rootPath)/"
+        guard itemPath.hasPrefix(pathPrefix) else { return nil }
+        let suffix = itemPath.dropFirst(pathPrefix.count)
+        let relative = suffix.drop { $0 == "/" }
+        guard let first = relative.split(separator: "/", maxSplits: 1, omittingEmptySubsequences: true).first else {
+            return nil
+        }
+        return URL(fileURLWithPath: rootPath, isDirectory: true)
+            .appendingPathComponent(String(first))
+            .path
+    }
+}
+
+private final class ProviderStorageUnreadablePathCollector: @unchecked Sendable {
+    private let lock = NSLock()
+    private var storage: [String] = []
+
+    var paths: [String] {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        return self.storage
+    }
+
+    func append(_ path: String) {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        self.storage.append(path)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Abacus/AbacusCookieImporter.swift b/Sources/CodexBarCore/Providers/Abacus/AbacusCookieImporter.swift
new file mode 100644
index 000000000..c32c8bbb3
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Abacus/AbacusCookieImporter.swift
@@ -0,0 +1,134 @@
+import Foundation
+
+#if os(macOS)
+import SweetCookieKit
+
+// MARK: - Abacus Cookie Importer
+
+public enum AbacusCookieImporter {
+    private static let log = CodexBarLog.logger(LogCategories.abacusCookie)
+    private static let cookieClient = BrowserCookieClient()
+    private static let cookieDomains = ["abacus.ai", "apps.abacus.ai"]
+    private static let cookieImportOrder: BrowserCookieImportOrder =
+        ProviderDefaults.metadata[.abacus]?.browserCookieOrder ?? Browser.defaultImportOrder
+
+    /// Exact cookie names known to carry Abacus session state.
+    /// CSRF tokens are deliberately excluded — they are present in anonymous
+    /// jars and do not indicate an authenticated session.
+    private static let knownSessionCookieNames: Set<String> = [
+        "sessionid", "session_id", "session_token",
+        "auth_token", "access_token",
+    ]
+
+    /// Substrings that indicate a session or auth cookie (applied only when
+    /// no exact-name match is found). Deliberately excludes overly broad
+    /// patterns like "id" and "token" that match analytics/CSRF cookies.
+    private static let sessionCookieSubstrings = ["session", "auth", "sid", "jwt"]
+
+    /// Cookie name prefixes that indicate a non-session cookie even when a
+    /// substring match would otherwise accept it (e.g. "csrftoken").
+    private static let excludedCookiePrefixes = ["csrf", "_ga", "_gid", "tracking", "analytics"]
+
+    public struct SessionInfo: Sendable {
+        public let cookies: [HTTPCookie]
+        public let sourceLabel: String
+
+        public init(cookies: [HTTPCookie], sourceLabel: String) {
+            self.cookies = cookies
+            self.sourceLabel = sourceLabel
+        }
+
+        public var cookieHeader: String {
+            self.cookies.map { "\($0.name)=\($0.value)" }.joined(separator: "; ")
+        }
+    }
+
+    /// Returns all candidate sessions across browsers/profiles, ordered by
+    /// import priority.  Callers should try each in turn so that a stale
+    /// session in the first source doesn't block a valid one further down.
+    ///
+    /// Defaults to Chrome-only per AGENTS.md guideline. Pass an empty
+    /// `preferredBrowsers` list to fall back to the full descriptor-defined
+    /// import order (Safari, Firefox, etc.) when Chrome has no cookies.
+    public static func importSessions(
+        browserDetection: BrowserDetection = BrowserDetection(),
+        preferredBrowsers: [Browser] = [.chrome],
+        logger: ((String) -> Void)? = nil) throws -> [SessionInfo]
+    {
+        var candidates: [SessionInfo] = []
+        let installedBrowsers = preferredBrowsers.isEmpty
+            ? self.cookieImportOrder.cookieImportCandidates(using: browserDetection)
+            : preferredBrowsers.cookieImportCandidates(using: browserDetection)
+
+        for browserSource in installedBrowsers {
+            do {
+                let query = BrowserCookieQuery(domains: self.cookieDomains)
+                let sources = try Self.cookieClient.codexBarRecords(
+                    matching: query,
+                    in: browserSource,
+                    logger: { msg in self.emit(msg, logger: logger) })
+                for source in sources where !source.records.isEmpty {
+                    let httpCookies = BrowserCookieClient.makeHTTPCookies(source.records, origin: query.origin)
+                    guard !httpCookies.isEmpty else { continue }
+
+                    guard Self.containsSessionCookie(httpCookies) else {
+                        self.emit(
+                            "Skipping \(source.label): no session cookie found",
+                            logger: logger)
+                        continue
+                    }
+
+                    self.emit(
+                        "Found \(httpCookies.count) session cookies in \(source.label)",
+                        logger: logger)
+                    candidates.append(SessionInfo(cookies: httpCookies, sourceLabel: source.label))
+                }
+            } catch {
+                BrowserCookieAccessGate.recordIfNeeded(error)
+                self.emit(
+                    "\(browserSource.displayName) cookie import failed: \(error.localizedDescription)",
+                    logger: logger)
+            }
+        }
+
+        guard !candidates.isEmpty else {
+            throw AbacusUsageError.noSessionCookie
+        }
+        return candidates
+    }
+
+    /// Cheap check for whether any browser has an Abacus session cookie,
+    /// used by the fetch strategy's `isAvailable()`.
+    public static func hasSession(
+        browserDetection: BrowserDetection = BrowserDetection(),
+        preferredBrowsers: [Browser] = [.chrome],
+        logger: ((String) -> Void)? = nil) -> Bool
+    {
+        do {
+            return try !self.importSessions(
+                browserDetection: browserDetection,
+                preferredBrowsers: preferredBrowsers,
+                logger: logger).isEmpty
+        } catch {
+            return false
+        }
+    }
+
+    /// Returns `true` if the cookie set contains at least one cookie whose name
+    /// indicates session or authentication state.  Checks exact known names
+    /// first, then falls back to conservative substring matching.
+    private static func containsSessionCookie(_ cookies: [HTTPCookie]) -> Bool {
+        cookies.contains { cookie in
+            let lower = cookie.name.lowercased()
+            if self.knownSessionCookieNames.contains(lower) { return true }
+            if self.excludedCookiePrefixes.contains(where: { lower.hasPrefix($0) }) { return false }
+            return self.sessionCookieSubstrings.contains { lower.contains($0) }
+        }
+    }
+
+    private static func emit(_ message: String, logger: ((String) -> Void)?) {
+        logger?("[abacus-cookie] \(message)")
+        self.log.debug(message)
+    }
+}
+#endif
diff --git a/Sources/CodexBarCore/Providers/Abacus/AbacusProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Abacus/AbacusProviderDescriptor.swift
new file mode 100644
index 000000000..35f5b63bf
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Abacus/AbacusProviderDescriptor.swift
@@ -0,0 +1,92 @@
+import CodexBarMacroSupport
+import Foundation
+
+#if os(macOS)
+import SweetCookieKit
+#endif
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum AbacusProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .abacus,
+            metadata: ProviderMetadata(
+                id: .abacus,
+                displayName: "Abacus AI",
+                sessionLabel: "Credits",
+                weeklyLabel: "Weekly",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show Abacus AI usage",
+                cliName: "abacusai",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: ProviderBrowserCookieDefaults.defaultImportOrder,
+                dashboardURL: "https://apps.abacus.ai/chatllm/admin/compute-points-usage",
+                statusPageURL: nil,
+                statusLinkURL: nil),
+            branding: ProviderBranding(
+                iconStyle: .abacus,
+                iconResourceName: "ProviderIcon-abacus",
+                color: ProviderColor(red: 56 / 255, green: 189 / 255, blue: 248 / 255)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "Abacus AI cost summary is not supported." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .web],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in
+                    [AbacusWebFetchStrategy()]
+                })),
+            cli: ProviderCLIConfig(
+                name: "abacusai",
+                aliases: ["abacus-ai"],
+                versionDetector: nil))
+    }
+}
+
+// MARK: - Fetch Strategy
+
+struct AbacusWebFetchStrategy: ProviderFetchStrategy {
+    let id: String = "abacus.web"
+    let kind: ProviderFetchKind = .web
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        context.settings?.abacus?.cookieSource != .off
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let manual: String?
+        if context.settings?.abacus?.cookieSource == .manual {
+            guard let header = Self.manualCookieHeader(from: context) else {
+                throw AbacusUsageError.noSessionCookie
+            }
+            manual = header
+        } else {
+            manual = nil
+        }
+        let logger: ((String) -> Void)? = context.verbose
+            ? { msg in CodexBarLog.logger(LogCategories.abacusUsage).verbose(msg) }
+            : nil
+        let snap = try await AbacusUsageFetcher.fetchUsage(
+            cookieHeaderOverride: manual,
+            browserDetection: context.browserDetection,
+            timeout: context.webTimeout,
+            logger: logger)
+        return self.makeResult(
+            usage: snap.toUsageSnapshot(),
+            sourceLabel: "web")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    private static func manualCookieHeader(from context: ProviderFetchContext) -> String? {
+        guard context.settings?.abacus?.cookieSource == .manual else { return nil }
+        return CookieHeaderNormalizer.normalize(context.settings?.abacus?.manualCookieHeader)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Abacus/AbacusUsageError.swift b/Sources/CodexBarCore/Providers/Abacus/AbacusUsageError.swift
new file mode 100644
index 000000000..0f5c6cc53
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Abacus/AbacusUsageError.swift
@@ -0,0 +1,67 @@
+import Foundation
+
+// MARK: - Abacus Usage Error
+
+public enum AbacusUsageError: LocalizedError, Sendable, Equatable {
+    case noSessionCookie
+    case sessionExpired
+    case networkError(String)
+    case parseFailed(String)
+    case unauthorized
+
+    /// Whether this error indicates an authentication/session problem that
+    /// should trigger cache eviction.
+    public var isRecoverable: Bool {
+        switch self {
+        case .unauthorized, .sessionExpired: true
+        default: false
+        }
+    }
+
+    public var isAuthRelated: Bool {
+        self.isRecoverable
+    }
+
+    /// Whether browser-import scanning should continue to later sessions after
+    /// this failure. Imported sessions can differ by profile/browser, so we keep
+    /// scanning on per-session fetch failures and surface the first one only if
+    /// every candidate is exhausted.
+    var shouldTryNextImportedSession: Bool {
+        switch self {
+        case .unauthorized, .sessionExpired, .networkError, .parseFailed: true
+        case .noSessionCookie: false
+        }
+    }
+
+    /// Whether a cached cookie header should be evicted before falling back to
+    /// a fresh browser import. Parse/auth failures usually indicate that the
+    /// cached session is stale or no longer accepted.
+    var shouldClearCachedCookie: Bool {
+        switch self {
+        case .unauthorized, .sessionExpired, .parseFailed: true
+        case .networkError, .noSessionCookie: false
+        }
+    }
+
+    public var errorDescription: String? {
+        switch self {
+        case .noSessionCookie:
+            "No Abacus AI session found. Please log in to apps.abacus.ai in your browser "
+                + "or paste a Cookie header in manual mode."
+        case .sessionExpired:
+            "Abacus AI session expired. Please log in again."
+        case let .networkError(msg):
+            "Abacus AI API error: \(msg)"
+        case let .parseFailed(msg):
+            "Could not parse Abacus AI usage: \(msg)"
+        case .unauthorized:
+            "Unauthorized. Please log in to Abacus AI."
+        }
+    }
+}
+
+#if !os(macOS)
+extension AbacusUsageError {
+    public static let notSupported = AbacusUsageError.networkError("Abacus AI is only supported on macOS.")
+}
+#endif
diff --git a/Sources/CodexBarCore/Providers/Abacus/AbacusUsageFetcher.swift b/Sources/CodexBarCore/Providers/Abacus/AbacusUsageFetcher.swift
new file mode 100644
index 000000000..1c449d4fa
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Abacus/AbacusUsageFetcher.swift
@@ -0,0 +1,336 @@
+import Foundation
+
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+#if os(macOS)
+import SweetCookieKit
+
+// MARK: - Abacus Usage Fetcher
+
+public enum AbacusUsageFetcher {
+    private struct BrowserFetchRequest {
+        let browserDetection: BrowserDetection
+        let preferredBrowsers: [Browser]
+        let label: String
+        let timeout: TimeInterval
+        let logger: ((String) -> Void)?
+    }
+
+    /// Parsed JSON dictionaries are treated as immutable snapshots here and are
+    /// only moved between sibling fetch tasks before being consumed locally.
+    private struct JSONDictionaryBox: @unchecked Sendable {
+        let value: [String: Any]
+    }
+
+    private static let log = CodexBarLog.logger(LogCategories.abacusUsage)
+    private static let computePointsURL =
+        URL(string: "https://apps.abacus.ai/api/_getOrganizationComputePoints")!
+    private static let billingInfoURL =
+        URL(string: "https://apps.abacus.ai/api/_getBillingInfo")!
+
+    public static func fetchUsage(
+        cookieHeaderOverride: String? = nil,
+        browserDetection: BrowserDetection = BrowserDetection(),
+        timeout: TimeInterval = 15.0,
+        logger: ((String) -> Void)? = nil) async throws -> AbacusUsageSnapshot
+    {
+        // Manual cookie header — no fallback, errors propagate directly
+        if let override = CookieHeaderNormalizer.normalize(cookieHeaderOverride) {
+            self.emit("Using manual cookie header", logger: logger)
+            return try await self.fetchWithCookieHeader(override, timeout: timeout, logger: logger)
+        }
+
+        // Cached cookie header — fall back to a fresh browser import when the
+        // cached session is rejected or looks stale.
+        if let cached = CookieHeaderCache.load(provider: .abacus),
+           !cached.cookieHeader.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+        {
+            self.emit("Using cached cookie header from \(cached.sourceLabel)", logger: logger)
+            do {
+                return try await self.fetchWithCookieHeader(
+                    cached.cookieHeader, timeout: timeout, logger: logger)
+            } catch let error as AbacusUsageError where error.shouldTryNextImportedSession {
+                if error.shouldClearCachedCookie {
+                    CookieHeaderCache.clear(provider: .abacus)
+                    self.emit(
+                        "Cached cookie failed (\(error.localizedDescription)); cleared, trying fresh import",
+                        logger: logger)
+                } else {
+                    self.emit(
+                        "Cached cookie failed (\(error.localizedDescription)); trying fresh import",
+                        logger: logger)
+                }
+            }
+        }
+
+        // Fresh browser import — try Chrome first (AGENTS.md default), then broaden
+        // to all browsers if Chrome has no sessions OR if every imported Chrome
+        // session is exhausted without a successful fetch.
+        var lastError: AbacusUsageError = .noSessionCookie
+        if let snapshot = try await self.tryFetchFromBrowsers(
+            BrowserFetchRequest(
+                browserDetection: browserDetection,
+                preferredBrowsers: [.chrome],
+                label: "Chrome",
+                timeout: timeout,
+                logger: logger),
+            lastError: &lastError)
+        {
+            return snapshot
+        }
+
+        self.emit("Chrome sessions exhausted; falling back to all browsers", logger: logger)
+        if let snapshot = try await self.tryFetchFromBrowsers(
+            BrowserFetchRequest(
+                browserDetection: browserDetection,
+                preferredBrowsers: [],
+                label: "all browsers",
+                timeout: timeout,
+                logger: logger),
+            lastError: &lastError)
+        {
+            return snapshot
+        }
+
+        throw lastError
+    }
+
+    /// Tries to import sessions from `preferredBrowsers` and fetch usage. Returns
+    /// the snapshot on success, nil if no sessions were available or every
+    /// imported session was exhausted without success.
+    private static func tryFetchFromBrowsers(
+        _ request: BrowserFetchRequest,
+        lastError: inout AbacusUsageError) async throws -> AbacusUsageSnapshot?
+    {
+        let sessions: [AbacusCookieImporter.SessionInfo]
+        do {
+            sessions = try AbacusCookieImporter.importSessions(
+                browserDetection: request.browserDetection,
+                preferredBrowsers: request.preferredBrowsers,
+                logger: request.logger)
+        } catch {
+            BrowserCookieAccessGate.recordIfNeeded(error)
+            self.emit(
+                "\(request.label) cookie import failed: \(error.localizedDescription)",
+                logger: request.logger)
+            return nil
+        }
+
+        for session in sessions {
+            self.emit("Trying cookies from \(session.sourceLabel)", logger: request.logger)
+            do {
+                let snapshot = try await self.fetchWithCookieHeader(
+                    session.cookieHeader,
+                    timeout: request.timeout,
+                    logger: request.logger)
+                CookieHeaderCache.store(
+                    provider: .abacus,
+                    cookieHeader: session.cookieHeader,
+                    sourceLabel: session.sourceLabel)
+                return snapshot
+            } catch let error as AbacusUsageError where error.shouldTryNextImportedSession {
+                self.emit(
+                    "\(session.sourceLabel): \(error.localizedDescription), trying next source",
+                    logger: request.logger)
+                lastError = error
+                continue
+            } catch {
+                self.emit(
+                    "\(session.sourceLabel): \(error.localizedDescription), trying next source",
+                    logger: request.logger)
+                lastError = .networkError(error.localizedDescription)
+                continue
+            }
+        }
+        return nil
+    }
+
+    // MARK: - API Requests
+
+    private static func fetchWithCookieHeader(
+        _ cookieHeader: String,
+        timeout: TimeInterval,
+        logger: ((String) -> Void)? = nil) async throws -> AbacusUsageSnapshot
+    {
+        enum FetchPart: Sendable {
+            case computePoints(JSONDictionaryBox)
+            case billingInfoSuccess(JSONDictionaryBox)
+            case billingInfoFailure(String)
+        }
+
+        // Fetch compute points (required, full timeout) and billing info
+        // (optional, shorter budget) concurrently. Billing is bounded so a
+        // slow/flaky billing endpoint can't delay credit rendering.
+        let billingBudget = min(timeout, 5.0)
+
+        var computePointsResult: [String: Any]?
+        var billingInfoResult: [String: Any] = [:]
+
+        try await withThrowingTaskGroup(of: FetchPart.self) { group in
+            group.addTask {
+                let result = try await self.fetchJSON(
+                    url: self.computePointsURL,
+                    method: "GET",
+                    cookieHeader: cookieHeader,
+                    timeout: timeout)
+                return .computePoints(JSONDictionaryBox(value: result))
+            }
+            group.addTask {
+                do {
+                    let result = try await self.fetchJSON(
+                        url: self.billingInfoURL,
+                        method: "POST",
+                        cookieHeader: cookieHeader,
+                        timeout: billingBudget)
+                    return .billingInfoSuccess(JSONDictionaryBox(value: result))
+                } catch {
+                    return .billingInfoFailure(error.localizedDescription)
+                }
+            }
+
+            while let result = try await group.next() {
+                switch result {
+                case let .computePoints(value):
+                    computePointsResult = value.value
+                case let .billingInfoSuccess(value):
+                    billingInfoResult = value.value
+                case let .billingInfoFailure(message):
+                    self.emit(
+                        "Billing info fetch failed: \(message); credits shown without plan/reset",
+                        logger: logger)
+                }
+            }
+        }
+
+        guard let computePointsResult else {
+            throw AbacusUsageError.networkError("Abacus compute points fetch did not complete")
+        }
+
+        return try self.parseResults(computePoints: computePointsResult, billingInfo: billingInfoResult)
+    }
+
+    private static func fetchJSON(
+        url: URL, method: String, cookieHeader: String, timeout: TimeInterval) async throws -> [String: Any]
+    {
+        var request = URLRequest(url: url)
+        request.httpMethod = method
+        request.timeoutInterval = timeout
+        request.setValue("application/json", forHTTPHeaderField: "Content-Type")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
+        if method == "POST" {
+            request.httpBody = Data("{}".utf8)
+        }
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        let statusCode = response.statusCode
+
+        if statusCode == 401 || statusCode == 403 {
+            throw AbacusUsageError.unauthorized
+        }
+
+        guard statusCode == 200 else {
+            let body = String(data: data.prefix(200), encoding: .utf8) ?? ""
+            throw AbacusUsageError.networkError("HTTP \(statusCode): \(body)")
+        }
+
+        let parsed: Any
+        do {
+            parsed = try JSONSerialization.jsonObject(with: data)
+        } catch {
+            let preview = String(data: data.prefix(200), encoding: .utf8) ?? "<non-UTF8>"
+            throw AbacusUsageError.parseFailed(
+                "\(url.lastPathComponent): \(error.localizedDescription) — preview: \(preview)")
+        }
+
+        guard let root = parsed as? [String: Any] else {
+            throw AbacusUsageError.parseFailed("\(url.lastPathComponent): top-level JSON is not a dictionary")
+        }
+
+        guard root["success"] as? Bool == true,
+              let result = root["result"] as? [String: Any]
+        else {
+            let errorMsg = (root["error"] as? String ?? "Unknown error").lowercased()
+            if errorMsg.contains("expired") || errorMsg.contains("session")
+                || errorMsg.contains("login") || errorMsg.contains("authenticate")
+                || errorMsg.contains("unauthorized") || errorMsg.contains("unauthenticated")
+                || errorMsg.contains("forbidden")
+            {
+                throw AbacusUsageError.unauthorized
+            }
+            throw AbacusUsageError.parseFailed("\(url.lastPathComponent): \(errorMsg)")
+        }
+
+        return result
+    }
+
+    // MARK: - Parsing
+
+    private static func parseResults(
+        computePoints: [String: Any], billingInfo: [String: Any]) throws -> AbacusUsageSnapshot
+    {
+        let totalCredits = self.double(from: computePoints["totalComputePoints"])
+        let creditsLeft = self.double(from: computePoints["computePointsLeft"])
+
+        guard let totalCredits, let creditsLeft else {
+            let keys = computePoints.keys.sorted().joined(separator: ", ")
+            throw AbacusUsageError.parseFailed(
+                "Missing credit fields in compute points response. Keys: [\(keys)]")
+        }
+
+        let creditsUsed = totalCredits - creditsLeft
+
+        let nextBillingDate = billingInfo["nextBillingDate"] as? String
+        let currentTier = billingInfo["currentTier"] as? String
+        let resetsAt = self.parseDate(nextBillingDate)
+
+        return AbacusUsageSnapshot(
+            creditsUsed: creditsUsed,
+            creditsTotal: totalCredits,
+            resetsAt: resetsAt,
+            planName: currentTier)
+    }
+
+    private static func double(from value: Any?) -> Double? {
+        if let d = value as? Double { return d }
+        if let i = value as? Int { return Double(i) }
+        if let n = value as? NSNumber { return n.doubleValue }
+        return nil
+    }
+
+    private static func parseDate(_ isoString: String?) -> Date? {
+        guard let isoString else { return nil }
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        if let date = formatter.date(from: isoString) { return date }
+        formatter.formatOptions = [.withInternetDateTime]
+        return formatter.date(from: isoString)
+    }
+
+    // MARK: - Logging
+
+    private static func emit(_ message: String, logger: ((String) -> Void)?) {
+        logger?("[abacus] \(message)")
+        self.log.debug(message)
+    }
+}
+
+#else
+
+// MARK: - Abacus (Unsupported)
+
+public enum AbacusUsageFetcher {
+    public static func fetchUsage(
+        cookieHeaderOverride _: String? = nil,
+        browserDetection _: BrowserDetection = BrowserDetection(),
+        timeout _: TimeInterval = 15.0,
+        logger _: ((String) -> Void)? = nil) async throws -> AbacusUsageSnapshot
+    {
+        throw AbacusUsageError.notSupported
+    }
+}
+
+#endif
diff --git a/Sources/CodexBarCore/Providers/Abacus/AbacusUsageSnapshot.swift b/Sources/CodexBarCore/Providers/Abacus/AbacusUsageSnapshot.swift
new file mode 100644
index 000000000..018684487
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Abacus/AbacusUsageSnapshot.swift
@@ -0,0 +1,77 @@
+import Foundation
+
+// MARK: - Abacus Usage Snapshot
+
+public struct AbacusUsageSnapshot: Sendable {
+    public let creditsUsed: Double?
+    public let creditsTotal: Double?
+    public let resetsAt: Date?
+    public let planName: String?
+
+    public init(
+        creditsUsed: Double? = nil,
+        creditsTotal: Double? = nil,
+        resetsAt: Date? = nil,
+        planName: String? = nil)
+    {
+        self.creditsUsed = creditsUsed
+        self.creditsTotal = creditsTotal
+        self.resetsAt = resetsAt
+        self.planName = planName
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let percentUsed: Double = if let used = self.creditsUsed, let total = self.creditsTotal, total > 0 {
+            (used / total) * 100.0
+        } else {
+            0
+        }
+
+        let resetDesc: String? = if let used = self.creditsUsed, let total = self.creditsTotal {
+            "\(Self.formatCredits(used)) / \(Self.formatCredits(total)) credits"
+        } else {
+            nil
+        }
+
+        // Derive window from actual billing cycle when possible.
+        // Assume the cycle started one calendar month before resetsAt.
+        let windowMinutes: Int = if let resetDate = self.resetsAt,
+                                    let cycleStart = Calendar.current.date(byAdding: .month, value: -1, to: resetDate)
+        {
+            max(1, Int(resetDate.timeIntervalSince(cycleStart) / 60))
+        } else {
+            30 * 24 * 60
+        }
+
+        let primary = RateWindow(
+            usedPercent: percentUsed,
+            windowMinutes: windowMinutes,
+            resetsAt: self.resetsAt,
+            resetDescription: resetDesc)
+
+        let identity = ProviderIdentitySnapshot(
+            providerID: .abacus,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: self.planName)
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: nil,
+            tertiary: nil,
+            providerCost: nil,
+            updatedAt: Date(),
+            identity: identity)
+    }
+
+    // MARK: - Formatting
+
+    /// Thread-safe credit formatting — allocates per call to avoid shared mutable state.
+    private static func formatCredits(_ value: Double) -> String {
+        let formatter = NumberFormatter()
+        formatter.numberStyle = .decimal
+        formatter.locale = Locale(identifier: "en_US")
+        formatter.maximumFractionDigits = value >= 1000 ? 0 : 1
+        return formatter.string(from: NSNumber(value: value)) ?? String(format: "%.0f", value)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanAPIRegion.swift b/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanAPIRegion.swift
new file mode 100644
index 000000000..d86585a1f
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanAPIRegion.swift
@@ -0,0 +1,133 @@
+import Foundation
+
+public enum AlibabaCodingPlanAPIRegion: String, CaseIterable, Sendable {
+    case international = "intl"
+    case chinaMainland = "cn"
+
+    private static let endpointPath = "data/api.json"
+
+    public var displayName: String {
+        switch self {
+        case .international:
+            "International (modelstudio.console.alibabacloud.com)"
+        case .chinaMainland:
+            "China mainland (bailian.console.aliyun.com)"
+        }
+    }
+
+    public var gatewayBaseURLString: String {
+        switch self {
+        case .international:
+            "https://modelstudio.console.alibabacloud.com"
+        case .chinaMainland:
+            "https://bailian.console.aliyun.com"
+        }
+    }
+
+    public var dashboardURL: URL {
+        switch self {
+        case .international:
+            URL(
+                string: "https://modelstudio.console.alibabacloud.com/ap-southeast-1/?tab=coding-plan#/efm/coding_plan")!
+        case .chinaMainland:
+            URL(string: "https://bailian.console.aliyun.com/cn-beijing/?tab=model#/efm/coding_plan")!
+        }
+    }
+
+    public var consoleDomain: String {
+        switch self {
+        case .international:
+            "modelstudio.console.alibabacloud.com"
+        case .chinaMainland:
+            "bailian.console.aliyun.com"
+        }
+    }
+
+    public var consoleSite: String {
+        switch self {
+        case .international:
+            "MODELSTUDIO_ALIBABACLOUD"
+        case .chinaMainland:
+            "BAILIAN_ALIYUN"
+        }
+    }
+
+    public var consoleRefererURL: URL {
+        switch self {
+        case .international:
+            URL(string: "https://modelstudio.console.alibabacloud.com/ap-southeast-1/?tab=coding-plan")!
+        case .chinaMainland:
+            URL(string: "https://bailian.console.aliyun.com/cn-beijing/?tab=model")!
+        }
+    }
+
+    public var quotaURL: URL {
+        var components = URLComponents(string: self.gatewayBaseURLString)!
+        components.path = "/" + Self.endpointPath
+        components.queryItems = [
+            URLQueryItem(
+                name: "action",
+                value: "zeldaEasy.broadscope-bailian.codingPlan.queryCodingPlanInstanceInfoV2"),
+            URLQueryItem(name: "product", value: "broadscope-bailian"),
+            URLQueryItem(name: "api", value: "queryCodingPlanInstanceInfoV2"),
+            URLQueryItem(name: "currentRegionId", value: self.currentRegionID),
+        ]
+        return components.url!
+    }
+
+    public var consoleRPCBaseURLString: String {
+        switch self {
+        case .international:
+            "https://bailian-singapore-cs.alibabacloud.com"
+        case .chinaMainland:
+            "https://bailian-cs.console.aliyun.com"
+        }
+    }
+
+    public var consoleRPCURL: URL {
+        var components = URLComponents(string: self.consoleRPCBaseURLString)!
+        components.path = "/" + Self.endpointPath
+        components.queryItems = [
+            URLQueryItem(name: "action", value: self.consoleRPCAction),
+            URLQueryItem(name: "product", value: self.consoleRPCProduct),
+            URLQueryItem(name: "api", value: self.consoleQuotaAPIName),
+            URLQueryItem(name: "_v", value: "undefined"),
+        ]
+        return components.url!
+    }
+
+    public var consoleRPCAction: String {
+        switch self {
+        case .international:
+            "IntlBroadScopeAspnGateway"
+        case .chinaMainland:
+            "BroadScopeAspnGateway"
+        }
+    }
+
+    public var consoleRPCProduct: String {
+        "sfm_bailian"
+    }
+
+    public var consoleQuotaAPIName: String {
+        "zeldaEasy.broadscope-bailian.codingPlan.queryCodingPlanInstanceInfoV2"
+    }
+
+    public var commodityCode: String {
+        switch self {
+        case .international:
+            "sfm_codingplan_public_intl"
+        case .chinaMainland:
+            "sfm_codingplan_public_cn"
+        }
+    }
+
+    public var currentRegionID: String {
+        switch self {
+        case .international:
+            "ap-southeast-1"
+        case .chinaMainland:
+            "cn-beijing"
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanCookieImporter.swift b/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanCookieImporter.swift
new file mode 100644
index 000000000..9d8f9e27b
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanCookieImporter.swift
@@ -0,0 +1,504 @@
+import Foundation
+
+#if os(macOS)
+import CommonCrypto
+import Security
+import SQLite3
+import SweetCookieKit
+
+private let alibabaCookieImportOrder: BrowserCookieImportOrder =
+    ProviderDefaults.metadata[.alibaba]?.browserCookieOrder ?? Browser.defaultImportOrder
+
+public enum AlibabaCodingPlanCookieImporter {
+    private static let cookieClient = BrowserCookieClient()
+    private static let cookieDomains = [
+        "bailian-singapore-cs.alibabacloud.com",
+        "bailian-cs.console.aliyun.com",
+        "bailian-beijing-cs.aliyuncs.com",
+        "modelstudio.console.alibabacloud.com",
+        "bailian.console.aliyun.com",
+        "free.aliyun.com",
+        "account.aliyun.com",
+        "signin.aliyun.com",
+        "passport.alibabacloud.com",
+        "console.alibabacloud.com",
+        "console.aliyun.com",
+        "alibabacloud.com",
+        "aliyun.com",
+    ]
+
+    public struct SessionInfo: Sendable {
+        public let cookies: [HTTPCookie]
+        public let sourceLabel: String
+
+        public init(cookies: [HTTPCookie], sourceLabel: String) {
+            self.cookies = cookies
+            self.sourceLabel = sourceLabel
+        }
+
+        public var cookieHeader: String {
+            var byName: [String: HTTPCookie] = [:]
+            byName.reserveCapacity(self.cookies.count)
+
+            for cookie in self.cookies {
+                if let expiry = cookie.expiresDate, expiry < Date() {
+                    continue
+                }
+                guard !cookie.value.isEmpty else { continue }
+                if let existing = byName[cookie.name] {
+                    let existingExpiry = existing.expiresDate ?? .distantPast
+                    let candidateExpiry = cookie.expiresDate ?? .distantPast
+                    if candidateExpiry >= existingExpiry {
+                        byName[cookie.name] = cookie
+                    }
+                } else {
+                    byName[cookie.name] = cookie
+                }
+            }
+
+            return byName.keys.sorted().compactMap { name in
+                guard let cookie = byName[name] else { return nil }
+                return "\(cookie.name)=\(cookie.value)"
+            }.joined(separator: "; ")
+        }
+    }
+
+    nonisolated(unsafe) static var importSessionOverrideForTesting:
+        ((BrowserDetection, ((String) -> Void)?) throws -> SessionInfo)?
+
+    public static func importSession(
+        browserDetection: BrowserDetection,
+        logger: ((String) -> Void)? = nil) throws -> SessionInfo
+    {
+        if let override = self.importSessionOverrideForTesting {
+            return try override(browserDetection, logger)
+        }
+        let log: (String) -> Void = { msg in logger?("[alibaba-cookie] \(msg)") }
+        var accessDeniedHints: [String] = []
+        var failureDetails: [String] = []
+        let installedBrowsers = self.cookieImportCandidates(browserDetection: browserDetection)
+        log("Cookie import candidates: \(installedBrowsers.map(\.displayName).joined(separator: ", "))")
+
+        for browserSource in installedBrowsers {
+            do {
+                log("Checking \(browserSource.displayName)")
+                let query = BrowserCookieQuery(domains: self.cookieDomains)
+                let sources = try Self.cookieClient.codexBarRecords(
+                    matching: query,
+                    in: browserSource,
+                    logger: log)
+                if sources.isEmpty {
+                    log("No matching cookie records in \(browserSource.displayName)")
+                    if let fallbackSession = try Self.importChromiumFallbackSession(
+                        browser: browserSource,
+                        logger: log)
+                    {
+                        return fallbackSession
+                    }
+                }
+                for source in sources where !source.records.isEmpty {
+                    let httpCookies = BrowserCookieClient.makeHTTPCookies(source.records, origin: query.origin)
+                    if self.isAuthenticatedSession(cookies: httpCookies) {
+                        log("Found \(httpCookies.count) Alibaba cookies in \(source.label)")
+                        return SessionInfo(cookies: httpCookies, sourceLabel: source.label)
+                    }
+                    let cookieNames = Set(httpCookies.map(\.name))
+                    let hasTicket = cookieNames.contains("login_aliyunid_ticket")
+                    let hasAccount =
+                        cookieNames.contains("login_aliyunid_pk") ||
+                        cookieNames.contains("login_current_pk") ||
+                        cookieNames.contains("login_aliyunid")
+                    log("Skipping \(source.label): missing auth cookies (ticket=\(hasTicket), account=\(hasAccount))")
+                }
+                if let fallbackSession = try Self.importChromiumFallbackSession(browser: browserSource, logger: log) {
+                    return fallbackSession
+                }
+            } catch let error as BrowserCookieError {
+                BrowserCookieAccessGate.recordIfNeeded(error)
+                if let hint = error.accessDeniedHint {
+                    accessDeniedHints.append(hint)
+                }
+                failureDetails.append("\(browserSource.displayName): \(error.localizedDescription)")
+                log("\(browserSource.displayName) cookie import failed: \(error.localizedDescription)")
+            } catch {
+                failureDetails.append("\(browserSource.displayName): \(error.localizedDescription)")
+                log("\(browserSource.displayName) cookie import failed: \(error.localizedDescription)")
+            }
+        }
+
+        let details = (Array(Set(accessDeniedHints)).sorted() + Array(Set(failureDetails)).sorted())
+            .joined(separator: " ")
+        throw AlibabaCodingPlanSettingsError.missingCookie(details: details.isEmpty ? nil : details)
+    }
+
+    private static func isAuthenticatedSession(cookies: [HTTPCookie]) -> Bool {
+        guard !cookies.isEmpty else { return false }
+        let names = Set(cookies.map(\.name))
+        let hasTicket = names.contains("login_aliyunid_ticket")
+        let hasAccount =
+            names.contains("login_aliyunid_pk") ||
+            names.contains("login_current_pk") ||
+            names.contains("login_aliyunid")
+        return hasTicket && hasAccount
+    }
+
+    public static func hasSession(
+        browserDetection: BrowserDetection,
+        logger: ((String) -> Void)? = nil) -> Bool
+    {
+        do {
+            _ = try self.importSession(browserDetection: browserDetection, logger: logger)
+            return true
+        } catch {
+            return false
+        }
+    }
+
+    private static func importChromiumFallbackSession(
+        browser: Browser,
+        logger: ((String) -> Void)? = nil) throws -> SessionInfo?
+    {
+        guard browser.usesChromiumProfileStore else { return nil }
+        return try AlibabaChromiumCookieFallbackImporter.importSession(
+            browser: browser,
+            domains: self.cookieDomains,
+            logger: logger)
+    }
+
+    static func cookieImportCandidates(
+        browserDetection: BrowserDetection,
+        importOrder: BrowserCookieImportOrder = alibabaCookieImportOrder) -> [Browser]
+    {
+        importOrder.cookieImportCandidates(using: browserDetection)
+    }
+
+    static func matchesCookieDomain(_ domain: String, patterns: [String] = Self.cookieDomains) -> Bool {
+        let normalized = self.normalizeCookieDomain(domain)
+        return patterns.contains { pattern in
+            let normalizedPattern = self.normalizeCookieDomain(pattern)
+            return normalized == normalizedPattern || normalized.hasSuffix(".\(normalizedPattern)")
+        }
+    }
+
+    static func normalizeCookieDomain(_ domain: String) -> String {
+        let trimmed = domain.trimmingCharacters(in: .whitespacesAndNewlines)
+        let normalized = trimmed.hasPrefix(".") ? String(trimmed.dropFirst()) : trimmed
+        return normalized.lowercased()
+    }
+}
+
+private enum AlibabaChromiumCookieFallbackImporter {
+    private struct ChromiumCookieRecord {
+        let domain: String
+        let name: String
+        let path: String
+        let value: String
+        let expires: Date?
+        let isSecure: Bool
+    }
+
+    enum ImportError: LocalizedError {
+        case keyUnavailable(browser: Browser)
+        case keychainDenied(browser: Browser)
+        case sqliteFailed(label: String, details: String)
+
+        var errorDescription: String? {
+            switch self {
+            case let .keyUnavailable(browser):
+                "\(browser.displayName) Safe Storage key not found."
+            case let .keychainDenied(browser):
+                "macOS Keychain denied access to \(browser.displayName) Safe Storage."
+            case let .sqliteFailed(label, details):
+                "\(label) cookie fallback failed: \(details)"
+            }
+        }
+    }
+
+    static func importSession(
+        browser: Browser,
+        domains: [String],
+        logger: ((String) -> Void)? = nil) throws -> AlibabaCodingPlanCookieImporter.SessionInfo?
+    {
+        let stores = BrowserCookieClient().stores(for: browser).filter { $0.databaseURL != nil }
+        guard !stores.isEmpty else { return nil }
+
+        logger?("[alibaba-cookie] Trying \(browser.displayName) Chromium fallback")
+        let keys = try self.derivedKeys(for: browser)
+        for store in stores {
+            let cookies = try self.loadCookies(from: store, domains: domains, keys: keys)
+            guard !cookies.isEmpty else { continue }
+            if self.isAuthenticatedSession(cookies) {
+                logger?("[alibaba-cookie] Found \(cookies.count) Alibaba cookies via \(store.label) fallback")
+                return AlibabaCodingPlanCookieImporter.SessionInfo(cookies: cookies, sourceLabel: store.label)
+            }
+        }
+        return nil
+    }
+
+    private static func isAuthenticatedSession(_ cookies: [HTTPCookie]) -> Bool {
+        let names = Set(cookies.map(\.name))
+        let hasTicket = names.contains("login_aliyunid_ticket")
+        let hasAccount =
+            names.contains("login_aliyunid_pk") ||
+            names.contains("login_current_pk") ||
+            names.contains("login_aliyunid")
+        return hasTicket && hasAccount
+    }
+
+    private static func loadCookies(
+        from store: BrowserCookieStore,
+        domains: [String],
+        keys: [Data]) throws -> [HTTPCookie]
+    {
+        guard let sourceDB = store.databaseURL else { return [] }
+        let records = try self.readCookiesFromLockedDB(
+            sourceDB: sourceDB,
+            domains: domains,
+            keys: keys,
+            label: store.label)
+        return records.compactMap(self.makeCookie)
+    }
+
+    private static func readCookiesFromLockedDB(
+        sourceDB: URL,
+        domains: [String],
+        keys: [Data],
+        label: String) throws -> [ChromiumCookieRecord]
+    {
+        let tempDir = FileManager.default.temporaryDirectory
+            .appendingPathComponent("alibaba-chromium-cookies-\(UUID().uuidString)", isDirectory: true)
+        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+
+        let copiedDB = tempDir.appendingPathComponent("Cookies")
+        try FileManager.default.copyItem(at: sourceDB, to: copiedDB)
+        for suffix in ["-wal", "-shm"] {
+            let src = URL(fileURLWithPath: sourceDB.path + suffix)
+            if FileManager.default.fileExists(atPath: src.path) {
+                let dst = URL(fileURLWithPath: copiedDB.path + suffix)
+                try? FileManager.default.copyItem(at: src, to: dst)
+            }
+        }
+        defer { try? FileManager.default.removeItem(at: tempDir) }
+
+        return try self.readCookies(fromDB: copiedDB.path, domains: domains, keys: keys, label: label)
+    }
+
+    private static func readCookies(
+        fromDB path: String,
+        domains: [String],
+        keys: [Data],
+        label: String) throws -> [ChromiumCookieRecord]
+    {
+        var db: OpaquePointer?
+        guard sqlite3_open_v2(path, &db, SQLITE_OPEN_READONLY, nil) == SQLITE_OK else {
+            throw ImportError.sqliteFailed(label: label, details: String(cString: sqlite3_errmsg(db)))
+        }
+        defer { sqlite3_close(db) }
+
+        let sql = "SELECT host_key, name, path, expires_utc, is_secure, value, encrypted_value FROM cookies"
+        var stmt: OpaquePointer?
+        guard sqlite3_prepare_v2(db, sql, -1, &stmt, nil) == SQLITE_OK else {
+            throw ImportError.sqliteFailed(label: label, details: String(cString: sqlite3_errmsg(db)))
+        }
+        defer { sqlite3_finalize(stmt) }
+
+        var records: [ChromiumCookieRecord] = []
+        while sqlite3_step(stmt) == SQLITE_ROW {
+            guard let hostKey = self.readText(stmt, index: 0), self.matches(domain: hostKey, patterns: domains) else {
+                continue
+            }
+            guard let name = self.readText(stmt, index: 1), let path = self.readText(stmt, index: 2) else {
+                continue
+            }
+
+            let value: String? = if let plain = self.readText(stmt, index: 5), !plain.isEmpty {
+                plain
+            } else if let encrypted = self.readBlob(stmt, index: 6) {
+                self.decrypt(encrypted, usingAnyOf: keys)
+            } else {
+                nil
+            }
+            guard let value, !value.isEmpty else { continue }
+
+            records.append(ChromiumCookieRecord(
+                domain: AlibabaCodingPlanCookieImporter.normalizeCookieDomain(hostKey),
+                name: name,
+                path: path,
+                value: value,
+                expires: self.chromiumExpiry(sqlite3_column_int64(stmt, 3)),
+                isSecure: sqlite3_column_int(stmt, 4) != 0))
+        }
+
+        return records.filter { record in
+            guard let expires = record.expires else { return true }
+            return expires >= Date()
+        }
+    }
+
+    private static func derivedKeys(for browser: Browser) throws -> [Data] {
+        var keys: [Data] = []
+        var sawDenied = false
+
+        for label in browser.safeStorageLabels {
+            switch KeychainAccessPreflight.checkGenericPassword(service: label.service, account: label.account) {
+            case .interactionRequired:
+                sawDenied = true
+                continue
+            case .allowed, .notFound, .failure:
+                break
+            }
+
+            if let password = self.safeStoragePassword(service: label.service, account: label.account) {
+                keys.append(self.deriveKey(from: password))
+            }
+        }
+
+        if !keys.isEmpty {
+            return keys
+        }
+        if sawDenied {
+            throw ImportError.keychainDenied(browser: browser)
+        }
+        throw ImportError.keyUnavailable(browser: browser)
+    }
+
+    private static func safeStoragePassword(service: String, account: String) -> String? {
+        let query: [String: Any] = [
+            kSecClass as String: kSecClassGenericPassword,
+            kSecAttrService as String: service,
+            kSecAttrAccount as String: account,
+            kSecMatchLimit as String: kSecMatchLimitOne,
+            kSecReturnData as String: true,
+        ]
+
+        var result: AnyObject?
+        let status = SecItemCopyMatching(query as CFDictionary, &result)
+        guard status == errSecSuccess, let data = result as? Data else { return nil }
+        return String(data: data, encoding: .utf8)
+    }
+
+    private static func deriveKey(from password: String) -> Data {
+        let salt = Data("saltysalt".utf8)
+        var key = Data(count: kCCKeySizeAES128)
+        let keyLength = key.count
+        _ = key.withUnsafeMutableBytes { keyBytes in
+            password.utf8CString.withUnsafeBytes { passBytes in
+                salt.withUnsafeBytes { saltBytes in
+                    CCKeyDerivationPBKDF(
+                        CCPBKDFAlgorithm(kCCPBKDF2),
+                        passBytes.bindMemory(to: Int8.self).baseAddress,
+                        passBytes.count - 1,
+                        saltBytes.bindMemory(to: UInt8.self).baseAddress,
+                        salt.count,
+                        CCPseudoRandomAlgorithm(kCCPRFHmacAlgSHA1),
+                        1003,
+                        keyBytes.bindMemory(to: UInt8.self).baseAddress,
+                        keyLength)
+                }
+            }
+        }
+        return key
+    }
+
+    private static func decrypt(_ encryptedValue: Data, usingAnyOf keys: [Data]) -> String? {
+        for key in keys {
+            if let value = self.decrypt(encryptedValue, key: key) {
+                return value
+            }
+        }
+        return nil
+    }
+
+    private static func decrypt(_ encryptedValue: Data, key: Data) -> String? {
+        guard encryptedValue.count > 3 else { return nil }
+        let prefix = String(data: encryptedValue.prefix(3), encoding: .utf8)
+        guard prefix == "v10" else { return nil }
+
+        let payload = Data(encryptedValue.dropFirst(3))
+        let iv = Data(repeating: 0x20, count: kCCBlockSizeAES128)
+        var outLength = 0
+        var out = Data(count: payload.count + kCCBlockSizeAES128)
+        let outCapacity = out.count
+
+        let status = out.withUnsafeMutableBytes { outBytes in
+            payload.withUnsafeBytes { payloadBytes in
+                key.withUnsafeBytes { keyBytes in
+                    iv.withUnsafeBytes { ivBytes in
+                        CCCrypt(
+                            CCOperation(kCCDecrypt),
+                            CCAlgorithm(kCCAlgorithmAES),
+                            CCOptions(kCCOptionPKCS7Padding),
+                            keyBytes.baseAddress,
+                            key.count,
+                            ivBytes.baseAddress,
+                            payloadBytes.baseAddress,
+                            payload.count,
+                            outBytes.baseAddress,
+                            outCapacity,
+                            &outLength)
+                    }
+                }
+            }
+        }
+
+        guard status == kCCSuccess else { return nil }
+        out.count = outLength
+
+        if let value = String(data: out, encoding: .utf8), !value.isEmpty {
+            return value
+        }
+        if out.count > 32 {
+            let trimmed = out.dropFirst(32)
+            if let value = String(data: trimmed, encoding: .utf8), !value.isEmpty {
+                return value
+            }
+        }
+        return nil
+    }
+
+    private static func makeCookie(from record: ChromiumCookieRecord) -> HTTPCookie? {
+        var properties: [HTTPCookiePropertyKey: Any] = [
+            .domain: record.domain,
+            .path: record.path,
+            .name: record.name,
+            .value: record.value,
+        ]
+        if record.isSecure {
+            properties[.secure] = true
+        }
+        if let expires = record.expires {
+            properties[.expires] = expires
+        }
+        return HTTPCookie(properties: properties)
+    }
+
+    private static func readText(_ stmt: OpaquePointer?, index: Int32) -> String? {
+        guard sqlite3_column_type(stmt, index) != SQLITE_NULL,
+              let value = sqlite3_column_text(stmt, index)
+        else {
+            return nil
+        }
+        return String(cString: value)
+    }
+
+    private static func readBlob(_ stmt: OpaquePointer?, index: Int32) -> Data? {
+        guard sqlite3_column_type(stmt, index) != SQLITE_NULL,
+              let bytes = sqlite3_column_blob(stmt, index)
+        else {
+            return nil
+        }
+        return Data(bytes: bytes, count: Int(sqlite3_column_bytes(stmt, index)))
+    }
+
+    private static func matches(domain: String, patterns: [String]) -> Bool {
+        AlibabaCodingPlanCookieImporter.matchesCookieDomain(domain, patterns: patterns)
+    }
+
+    private static func chromiumExpiry(_ expiresUTC: Int64) -> Date? {
+        guard expiresUTC > 0 else { return nil }
+        let seconds = (Double(expiresUTC) / 1_000_000.0) - 11_644_473_600.0
+        guard seconds > 0 else { return nil }
+        return Date(timeIntervalSince1970: seconds)
+    }
+}
+#endif
diff --git a/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanProviderDescriptor.swift
new file mode 100644
index 000000000..b30863bd0
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanProviderDescriptor.swift
@@ -0,0 +1,267 @@
+import CodexBarMacroSupport
+import Foundation
+
+#if os(macOS)
+import SweetCookieKit
+#endif
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum AlibabaCodingPlanProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        #if os(macOS)
+        let browserOrder: BrowserCookieImportOrder = [
+            .chrome,
+            .chromeBeta,
+            .brave,
+            .edge,
+            .arc,
+            .firefox,
+            .safari,
+        ]
+        #else
+        let browserOrder: BrowserCookieImportOrder? = nil
+        #endif
+
+        return ProviderDescriptor(
+            id: .alibaba,
+            metadata: ProviderMetadata(
+                id: .alibaba,
+                displayName: "Alibaba",
+                sessionLabel: "5-hour",
+                weeklyLabel: "Weekly",
+                opusLabel: "Monthly",
+                supportsOpus: true,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show Alibaba usage",
+                cliName: "alibaba-coding-plan",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: browserOrder,
+                dashboardURL: AlibabaCodingPlanAPIRegion.international.dashboardURL.absoluteString,
+                statusPageURL: nil,
+                statusLinkURL: "https://status.aliyun.com"),
+            branding: ProviderBranding(
+                iconStyle: .alibaba,
+                iconResourceName: "ProviderIcon-alibaba",
+                color: ProviderColor(red: 1.0, green: 106 / 255, blue: 0)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "Alibaba Coding Plan cost summary is not supported." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .web, .api],
+                pipeline: ProviderFetchPipeline(resolveStrategies: self.resolveStrategies)),
+            cli: ProviderCLIConfig(
+                name: "alibaba-coding-plan",
+                aliases: ["alibaba", "bailian"],
+                versionDetector: nil))
+    }
+
+    private static func resolveStrategies(context: ProviderFetchContext) async -> [any ProviderFetchStrategy] {
+        switch context.sourceMode {
+        case .web:
+            return [AlibabaCodingPlanWebFetchStrategy()]
+        case .api:
+            return [AlibabaCodingPlanAPIFetchStrategy()]
+        case .cli, .oauth:
+            return []
+        case .auto:
+            break
+        }
+
+        if context.settings?.alibaba?.cookieSource == .off {
+            return [AlibabaCodingPlanAPIFetchStrategy()]
+        }
+
+        return [AlibabaCodingPlanWebFetchStrategy(), AlibabaCodingPlanAPIFetchStrategy()]
+    }
+}
+
+struct AlibabaCodingPlanWebFetchStrategy: ProviderFetchStrategy {
+    let id: String = "alibaba-coding-plan.web"
+    let kind: ProviderFetchKind = .web
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        guard context.settings?.alibaba?.cookieSource != .off else { return false }
+
+        if AlibabaCodingPlanSettingsReader.cookieHeader(environment: context.env) != nil {
+            return true
+        }
+
+        if let settings = context.settings?.alibaba,
+           settings.cookieSource == .manual
+        {
+            return CookieHeaderNormalizer.normalize(settings.manualCookieHeader) != nil
+        }
+
+        #if os(macOS)
+        if let cached = CookieHeaderCache.load(provider: .alibaba),
+           !cached.cookieHeader.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+        {
+            return true
+        }
+        if AlibabaCodingPlanCookieImporter.hasSession(browserDetection: context.browserDetection) {
+            return true
+        }
+        return false
+        #else
+        return false
+        #endif
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let cookieSource = context.settings?.alibaba?.cookieSource ?? .auto
+        let cookieHeader = try Self.resolveCookieHeader(context: context, allowCached: true)
+        do {
+            let region = context.settings?.alibaba?.apiRegion ?? .international
+            let usage = try await AlibabaCodingPlanUsageFetcher.fetchUsage(
+                cookieHeader: cookieHeader,
+                region: region,
+                environment: context.env)
+            return self.makeResult(usage: usage.toUsageSnapshot(), sourceLabel: "web")
+        } catch let error as AlibabaCodingPlanUsageError
+            where (error == .invalidCredentials || error == .loginRequired) && cookieSource != .manual
+        {
+            #if os(macOS)
+            CookieHeaderCache.clear(provider: .alibaba)
+            let refreshedHeader = try Self.resolveCookieHeader(context: context, allowCached: false)
+            let region = context.settings?.alibaba?.apiRegion ?? .international
+            let usage = try await AlibabaCodingPlanUsageFetcher.fetchUsage(
+                cookieHeader: refreshedHeader,
+                region: region,
+                environment: context.env)
+            return self.makeResult(usage: usage.toUsageSnapshot(), sourceLabel: "web")
+            #else
+            throw AlibabaCodingPlanUsageError.invalidCredentials
+            #endif
+        }
+    }
+
+    func shouldFallback(on error: Error, context: ProviderFetchContext) -> Bool {
+        guard context.sourceMode == .auto else { return false }
+
+        if let urlError = error as? URLError {
+            switch urlError.code {
+            case .timedOut,
+                 .cannotFindHost,
+                 .cannotConnectToHost,
+                 .networkConnectionLost,
+                 .dnsLookupFailed,
+                 .secureConnectionFailed,
+                 .serverCertificateHasBadDate,
+                 .serverCertificateUntrusted,
+                 .serverCertificateHasUnknownRoot,
+                 .serverCertificateNotYetValid,
+                 .clientCertificateRejected,
+                 .clientCertificateRequired,
+                 .cannotLoadFromNetwork,
+                 .internationalRoamingOff,
+                 .callIsActive,
+                 .dataNotAllowed,
+                 .requestBodyStreamExhausted,
+                 .resourceUnavailable,
+                 .notConnectedToInternet:
+                return true
+            default:
+                break
+            }
+        }
+
+        if let settingsError = error as? AlibabaCodingPlanSettingsError {
+            switch settingsError {
+            case .missingCookie, .invalidCookie:
+                return true
+            case .missingToken:
+                return false
+            }
+        }
+
+        guard let alibabaError = error as? AlibabaCodingPlanUsageError else { return false }
+        switch alibabaError {
+        case .loginRequired:
+            return true
+        case .invalidCredentials:
+            return true
+        case .apiKeyUnavailableInRegion:
+            return false
+        case let .apiError(message):
+            return message.contains("HTTP 404") || message.contains("HTTP 403")
+        case .networkError:
+            return true
+        case .parseFailed:
+            return false
+        }
+    }
+
+    static func resolveCookieHeader(context: ProviderFetchContext, allowCached: Bool) throws -> String {
+        if let settings = context.settings?.alibaba,
+           settings.cookieSource == .manual
+        {
+            guard let header = CookieHeaderNormalizer.normalize(settings.manualCookieHeader) else {
+                throw AlibabaCodingPlanSettingsError.invalidCookie
+            }
+            return header
+        }
+
+        if let envCookie = AlibabaCodingPlanSettingsReader.cookieHeader(environment: context.env),
+           let normalized = CookieHeaderNormalizer.normalize(envCookie)
+        {
+            return normalized
+        }
+
+        #if os(macOS)
+        if allowCached,
+           let cached = CookieHeaderCache.load(provider: .alibaba),
+           !cached.cookieHeader.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+        {
+            return cached.cookieHeader
+        }
+
+        do {
+            let session = try AlibabaCodingPlanCookieImporter.importSession(browserDetection: context.browserDetection)
+            CookieHeaderCache.store(
+                provider: .alibaba,
+                cookieHeader: session.cookieHeader,
+                sourceLabel: session.sourceLabel)
+            return session.cookieHeader
+        } catch {
+            throw error
+        }
+        #else
+        throw AlibabaCodingPlanSettingsError.missingCookie()
+        #endif
+    }
+}
+
+struct AlibabaCodingPlanAPIFetchStrategy: ProviderFetchStrategy {
+    let id: String = "alibaba-coding-plan.api"
+    let kind: ProviderFetchKind = .apiToken
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        Self.resolveToken(environment: context.env) != nil
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard let apiKey = Self.resolveToken(environment: context.env) else {
+            throw AlibabaCodingPlanSettingsError.missingToken
+        }
+        let region = context.settings?.alibaba?.apiRegion ?? .international
+        let usage = try await AlibabaCodingPlanUsageFetcher.fetchUsage(
+            apiKey: apiKey,
+            region: region,
+            environment: context.env)
+        return self.makeResult(
+            usage: usage.toUsageSnapshot(),
+            sourceLabel: "api")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    private static func resolveToken(environment: [String: String]) -> String? {
+        ProviderTokenResolver.alibabaToken(environment: environment)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanSettingsReader.swift b/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanSettingsReader.swift
new file mode 100644
index 000000000..54d2493aa
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanSettingsReader.swift
@@ -0,0 +1,83 @@
+import Foundation
+
+public struct AlibabaCodingPlanSettingsReader: Sendable {
+    public static let apiTokenKey = "ALIBABA_CODING_PLAN_API_KEY"
+    public static let qwenAPITokenKey = "ALIBABA_QWEN_API_KEY"
+    public static let dashScopeAPITokenKey = "DASHSCOPE_API_KEY"
+    public static let apiTokenEnvironmentKeys = [
+        Self.apiTokenKey,
+        Self.qwenAPITokenKey,
+        Self.dashScopeAPITokenKey,
+    ]
+    public static let cookieHeaderKey = "ALIBABA_CODING_PLAN_COOKIE"
+    public static let hostKey = "ALIBABA_CODING_PLAN_HOST"
+    public static let quotaURLKey = "ALIBABA_CODING_PLAN_QUOTA_URL"
+
+    public static func apiToken(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        for key in self.apiTokenEnvironmentKeys {
+            if let token = self.cleaned(environment[key]) { return token }
+        }
+        return nil
+    }
+
+    public static func hostOverride(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.cleaned(environment[self.hostKey])
+    }
+
+    public static func cookieHeader(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.cleaned(environment[self.cookieHeaderKey])
+    }
+
+    public static func quotaURL(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> URL?
+    {
+        guard let raw = self.cleaned(environment[self.quotaURLKey]) else { return nil }
+        if let url = URL(string: raw), url.scheme != nil {
+            return url
+        }
+        return URL(string: "https://\(raw)")
+    }
+
+    static func cleaned(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+
+        value = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : value
+    }
+}
+
+public enum AlibabaCodingPlanSettingsError: LocalizedError, Sendable {
+    case missingToken
+    case missingCookie(details: String? = nil)
+    case invalidCookie
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingToken:
+            return "Alibaba Coding Plan API key not found. " +
+                "Set apiKey in ~/.codexbar/config.json, ALIBABA_CODING_PLAN_API_KEY, " +
+                "ALIBABA_QWEN_API_KEY, or DASHSCOPE_API_KEY."
+        case let .missingCookie(details):
+            let base = "No Alibaba Coding Plan session cookies found in browsers. " +
+                "If you use Safari, enable Full Disk Access for CodexBar/Terminal or paste a manual Cookie header."
+            guard let details, !details.isEmpty else { return base }
+            return "\(base) \(details)"
+        case .invalidCookie:
+            return "Alibaba Coding Plan cookie header is invalid."
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanUsageFetcher.swift b/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanUsageFetcher.swift
new file mode 100644
index 000000000..4eeaa2e5a
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanUsageFetcher.swift
@@ -0,0 +1,1117 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+// swiftlint:disable type_body_length
+public struct AlibabaCodingPlanUsageFetcher: Sendable {
+    private static let log = CodexBarLog.logger("alibaba-coding-plan")
+    private static let browserLikeUserAgent =
+        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) " +
+        "AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
+    private static let safariLikeUserAgent =
+        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) " +
+        "AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.3 Safari/605.1.15"
+
+    enum AuthMode {
+        case apiKey
+        case webSession
+    }
+
+    public static func fetchUsage(
+        apiKey: String,
+        region: AlibabaCodingPlanAPIRegion = .international,
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        now: Date = Date()) async throws -> AlibabaCodingPlanUsageSnapshot
+    {
+        let cleanedKey = apiKey.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !cleanedKey.isEmpty else {
+            throw AlibabaCodingPlanUsageError.invalidCredentials
+        }
+
+        if region != .international {
+            return try await self.fetchUsageOnce(
+                apiKey: cleanedKey,
+                region: region,
+                environment: environment,
+                now: now)
+        }
+
+        do {
+            return try await self.fetchUsageOnce(
+                apiKey: cleanedKey,
+                region: .international,
+                environment: environment,
+                now: now)
+        } catch let error as AlibabaCodingPlanUsageError {
+            guard error.shouldRetryOnAlternateRegion else { throw error }
+            Self.log.debug("Alibaba Coding Plan request failed on intl host; retrying cn host")
+            return try await self.fetchUsageOnce(
+                apiKey: cleanedKey,
+                region: .chinaMainland,
+                environment: environment,
+                now: now)
+        }
+    }
+
+    public static func fetchUsage(
+        cookieHeader: String,
+        region: AlibabaCodingPlanAPIRegion = .international,
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        now: Date = Date()) async throws -> AlibabaCodingPlanUsageSnapshot
+    {
+        guard let normalizedCookie = CookieHeaderNormalizer.normalize(cookieHeader) else {
+            throw AlibabaCodingPlanSettingsError.invalidCookie
+        }
+
+        if region != .international {
+            return try await self.fetchUsageOnce(
+                cookieHeader: normalizedCookie,
+                region: region,
+                environment: environment,
+                now: now)
+        }
+
+        do {
+            return try await self.fetchUsageOnce(
+                cookieHeader: normalizedCookie,
+                region: .international,
+                environment: environment,
+                now: now)
+        } catch let error as AlibabaCodingPlanUsageError {
+            guard error.shouldRetryOnAlternateRegion else { throw error }
+            Self.log.debug("Alibaba Coding Plan cookie request failed on intl host; retrying cn host")
+            return try await self.fetchUsageOnce(
+                cookieHeader: normalizedCookie,
+                region: .chinaMainland,
+                environment: environment,
+                now: now)
+        }
+    }
+
+    private static func fetchUsageOnce(
+        apiKey: String,
+        region: AlibabaCodingPlanAPIRegion,
+        environment: [String: String],
+        now: Date) async throws -> AlibabaCodingPlanUsageSnapshot
+    {
+        let url = self.resolveQuotaURL(region: region, environment: environment)
+        var request = URLRequest(url: url)
+        request.httpMethod = "POST"
+        request.httpBody = self.queryCodingPlanAPIRequestBody(region: region)
+        request.setValue("application/json", forHTTPHeaderField: "Content-Type")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue(apiKey, forHTTPHeaderField: "x-api-key")
+        request.setValue(apiKey, forHTTPHeaderField: "X-DashScope-API-Key")
+        request.setValue(Self.browserLikeUserAgent, forHTTPHeaderField: "User-Agent")
+        request.setValue(region.gatewayBaseURLString, forHTTPHeaderField: "Origin")
+        request.setValue(region.dashboardURL.absoluteString, forHTTPHeaderField: "Referer")
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
+            if response.statusCode == 401 || response.statusCode == 403 {
+                throw AlibabaCodingPlanUsageError.invalidCredentials
+            }
+            let body = String(data: data, encoding: .utf8) ?? ""
+            Self.log.error("Alibaba Coding Plan returned \(response.statusCode): \(body)")
+            throw AlibabaCodingPlanUsageError.apiError("HTTP \(response.statusCode)")
+        }
+
+        return try self.parseUsageSnapshot(from: data, now: now, authMode: .apiKey)
+    }
+
+    private static func fetchUsageOnce(
+        cookieHeader: String,
+        region: AlibabaCodingPlanAPIRegion,
+        environment: [String: String],
+        now: Date) async throws -> AlibabaCodingPlanUsageSnapshot
+    {
+        let url = self.resolveConsoleQuotaURL(region: region, environment: environment)
+        let secToken = try await self.resolveConsoleSECToken(
+            cookieHeader: cookieHeader,
+            region: region,
+            environment: environment)
+        let anonymousID = self.extractCookieValue(name: "cna", from: cookieHeader)
+
+        var request = URLRequest(url: url)
+        request.httpMethod = "POST"
+        request.httpBody = self.queryCodingPlanConsoleRequestBody(
+            region: region,
+            secToken: secToken,
+            anonymousID: anonymousID)
+        request.setValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")
+        request.setValue("*/*", forHTTPHeaderField: "Accept")
+        request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
+        if let csrf = self.extractCookieValue(name: "login_aliyunid_csrf", from: cookieHeader) ??
+            self.extractCookieValue(name: "csrf", from: cookieHeader)
+        {
+            request.setValue(csrf, forHTTPHeaderField: "x-xsrf-token")
+            request.setValue(csrf, forHTTPHeaderField: "x-csrf-token")
+        }
+        request.setValue("XMLHttpRequest", forHTTPHeaderField: "X-Requested-With")
+        request.setValue(Self.browserLikeUserAgent, forHTTPHeaderField: "User-Agent")
+        request.setValue(region.gatewayBaseURLString, forHTTPHeaderField: "Origin")
+        request.setValue(region.consoleRefererURL.absoluteString, forHTTPHeaderField: "Referer")
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
+            if response.statusCode == 401 || response.statusCode == 403 {
+                throw AlibabaCodingPlanUsageError.loginRequired
+            }
+            let body = String(data: data, encoding: .utf8) ?? ""
+            Self.log.error("Alibaba Coding Plan returned \(response.statusCode): \(body)")
+            throw AlibabaCodingPlanUsageError.apiError("HTTP \(response.statusCode)")
+        }
+
+        return try self.parseUsageSnapshot(from: data, now: now, authMode: .webSession)
+    }
+
+    private static func queryCodingPlanAPIRequestBody(region: AlibabaCodingPlanAPIRegion) -> Data {
+        let payload: [String: Any] = [
+            "queryCodingPlanInstanceInfoRequest": [
+                "commodityCode": region.commodityCode,
+            ],
+        ]
+        return (try? JSONSerialization.data(withJSONObject: payload, options: [])) ?? Data("{}".utf8)
+    }
+
+    private static func queryCodingPlanConsoleRequestBody(
+        region: AlibabaCodingPlanAPIRegion,
+        secToken: String,
+        anonymousID: String?) -> Data
+    {
+        let traceID = UUID().uuidString.lowercased()
+        var cornerstoneParam: [String: Any] = [
+            "feTraceId": traceID,
+            "feURL": region.dashboardURL.absoluteString,
+            "protocol": "V2",
+            "console": "ONE_CONSOLE",
+            "productCode": "p_efm",
+            "domain": region.consoleDomain,
+            "consoleSite": region.consoleSite,
+            "userNickName": "",
+            "userPrincipalName": "",
+            "xsp_lang": "en-US",
+        ]
+        if let anonymousID, !anonymousID.isEmpty {
+            cornerstoneParam["X-Anonymous-Id"] = anonymousID
+        }
+
+        let paramsObject: [String: Any] = [
+            "Api": region.consoleQuotaAPIName,
+            "V": "1.0",
+            "Data": [
+                "queryCodingPlanInstanceInfoRequest": [
+                    "commodityCode": region.commodityCode,
+                    "onlyLatestOne": true,
+                ],
+                "cornerstoneParam": cornerstoneParam,
+            ],
+        ]
+
+        guard let paramsData = try? JSONSerialization.data(withJSONObject: paramsObject, options: []),
+              let paramsString = String(data: paramsData, encoding: .utf8)
+        else {
+            return Data()
+        }
+
+        var components = URLComponents()
+        components.queryItems = [
+            URLQueryItem(name: "params", value: paramsString),
+            URLQueryItem(name: "region", value: region.currentRegionID),
+            URLQueryItem(name: "sec_token", value: secToken),
+        ]
+        return Data((components.percentEncodedQuery ?? "").utf8)
+    }
+
+    static func resolveConsoleQuotaURL(
+        region: AlibabaCodingPlanAPIRegion,
+        environment: [String: String]) -> URL
+    {
+        if let override = AlibabaCodingPlanSettingsReader.quotaURL(environment: environment) {
+            return override
+        }
+        if let host = AlibabaCodingPlanSettingsReader.hostOverride(environment: environment),
+           let hostURL = self.consoleURL(from: host, region: region)
+        {
+            return hostURL
+        }
+        return region.consoleRPCURL
+    }
+
+    static func resolveQuotaURL(
+        region: AlibabaCodingPlanAPIRegion,
+        environment: [String: String]) -> URL
+    {
+        if let override = AlibabaCodingPlanSettingsReader.quotaURL(environment: environment) {
+            return override
+        }
+        if let host = AlibabaCodingPlanSettingsReader.hostOverride(environment: environment),
+           let hostURL = self.url(from: host, region: region)
+        {
+            return hostURL
+        }
+        return region.quotaURL
+    }
+
+    static func resolveConsoleDashboardURL(
+        region: AlibabaCodingPlanAPIRegion,
+        environment: [String: String]) -> URL
+    {
+        if let override = AlibabaCodingPlanSettingsReader.hostOverride(environment: environment),
+           let hostURL = self.dashboardURL(from: override, region: region)
+        {
+            return hostURL
+        }
+        return region.dashboardURL
+    }
+
+    static func url(from rawHost: String, region: AlibabaCodingPlanAPIRegion) -> URL? {
+        let cleaned = AlibabaCodingPlanSettingsReader.cleaned(rawHost)
+        guard let cleaned else { return nil }
+
+        let base: URL? = if let url = URL(string: cleaned), url.scheme != nil {
+            url
+        } else {
+            URL(string: "https://\(cleaned)")
+        }
+        guard let base else { return nil }
+
+        var components = URLComponents(url: base, resolvingAgainstBaseURL: false)
+        components?.path = "/data/api.json"
+        components?.queryItems = [
+            URLQueryItem(
+                name: "action",
+                value: "zeldaEasy.broadscope-bailian.codingPlan.queryCodingPlanInstanceInfoV2"),
+            URLQueryItem(name: "product", value: "broadscope-bailian"),
+            URLQueryItem(name: "api", value: "queryCodingPlanInstanceInfoV2"),
+            URLQueryItem(name: "currentRegionId", value: region.currentRegionID),
+        ]
+        return components?.url
+    }
+
+    static func consoleURL(from rawHost: String, region: AlibabaCodingPlanAPIRegion) -> URL? {
+        let cleaned = AlibabaCodingPlanSettingsReader.cleaned(rawHost)
+        guard let cleaned else { return nil }
+
+        let base: URL? = if let url = URL(string: cleaned), url.scheme != nil {
+            url
+        } else {
+            URL(string: "https://\(cleaned)")
+        }
+        guard let base else { return nil }
+
+        var components = URLComponents(url: base, resolvingAgainstBaseURL: false)
+        components?.path = "/data/api.json"
+        components?.queryItems = [
+            URLQueryItem(name: "action", value: region.consoleRPCAction),
+            URLQueryItem(name: "product", value: region.consoleRPCProduct),
+            URLQueryItem(name: "api", value: region.consoleQuotaAPIName),
+            URLQueryItem(name: "_v", value: "undefined"),
+        ]
+        return components?.url
+    }
+
+    private static func resolveConsoleSECToken(
+        cookieHeader: String,
+        region: AlibabaCodingPlanAPIRegion,
+        environment: [String: String]) async throws -> String
+    {
+        let cookieSECToken = self.extractCookieValue(name: "sec_token", from: cookieHeader)
+
+        let dashboardURL = self.resolveConsoleDashboardURL(region: region, environment: environment)
+
+        var request = URLRequest(url: dashboardURL)
+        request.httpMethod = "GET"
+        request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
+        request.setValue(Self.safariLikeUserAgent, forHTTPHeaderField: "User-Agent")
+        request.setValue(
+            "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
+            forHTTPHeaderField: "Accept")
+
+        if let response = try? await ProviderHTTPClient.shared.response(for: request),
+           response.statusCode == 200,
+           let html = String(data: response.data, encoding: .utf8),
+           let token = self.extractConsoleSECToken(from: html),
+           !token.isEmpty
+        {
+            return token
+        }
+
+        if let token = try? await self.fetchSECTokenFromUserInfo(
+            cookieHeader: cookieHeader,
+            region: region,
+            environment: environment)
+        {
+            return token
+        }
+
+        if let cookieSECToken, !cookieSECToken.isEmpty {
+            return cookieSECToken
+        }
+
+        throw AlibabaCodingPlanUsageError.loginRequired
+    }
+
+    static func dashboardURL(from rawHost: String, region: AlibabaCodingPlanAPIRegion) -> URL? {
+        let cleaned = AlibabaCodingPlanSettingsReader.cleaned(rawHost)
+        guard let cleaned else { return nil }
+
+        let base: URL? = if let url = URL(string: cleaned), url.scheme != nil {
+            url
+        } else {
+            URL(string: "https://\(cleaned)")
+        }
+        guard let base else { return nil }
+
+        guard var components = URLComponents(url: base, resolvingAgainstBaseURL: false),
+              let dashboardComponents = URLComponents(
+                  url: region.dashboardURL,
+                  resolvingAgainstBaseURL: false)
+        else {
+            return nil
+        }
+
+        components.path = dashboardComponents.path
+        components.percentEncodedQuery = dashboardComponents.percentEncodedQuery
+        components.fragment = dashboardComponents.fragment
+        return components.url
+    }
+
+    private static func fetchSECTokenFromUserInfo(
+        cookieHeader: String,
+        region: AlibabaCodingPlanAPIRegion,
+        environment: [String: String]) async throws -> String?
+    {
+        let gatewayBaseURL = self.resolveConsoleGatewayBaseURL(region: region, environment: environment)
+        let userInfoURL = gatewayBaseURL.appendingPathComponent("tool/user/info.json")
+        var request = URLRequest(url: userInfoURL)
+        request.httpMethod = "GET"
+        request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
+        request.setValue(Self.safariLikeUserAgent, forHTTPHeaderField: "User-Agent")
+        request.setValue("application/json, text/plain, */*", forHTTPHeaderField: "Accept")
+        let referer = gatewayBaseURL.absoluteString.hasSuffix("/") ? gatewayBaseURL.absoluteString : gatewayBaseURL
+            .absoluteString + "/"
+        request.setValue(referer, forHTTPHeaderField: "Referer")
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        guard response.statusCode == 200 else {
+            return nil
+        }
+
+        let object = try JSONSerialization.jsonObject(with: response.data, options: [])
+        let expanded = self.expandedJSON(object)
+        return self.findFirstString(forKeys: ["secToken", "sec_token"], in: expanded)
+    }
+
+    private static func resolveConsoleGatewayBaseURL(
+        region: AlibabaCodingPlanAPIRegion,
+        environment: [String: String]) -> URL
+    {
+        if let host = AlibabaCodingPlanSettingsReader.hostOverride(environment: environment),
+           let hostURL = self.baseURL(from: host)
+        {
+            return hostURL
+        }
+        return URL(string: region.gatewayBaseURLString)!
+    }
+
+    private static func baseURL(from rawHost: String) -> URL? {
+        let cleaned = AlibabaCodingPlanSettingsReader.cleaned(rawHost)
+        guard let cleaned else { return nil }
+
+        let base: URL? = if let url = URL(string: cleaned), url.scheme != nil {
+            url
+        } else {
+            URL(string: "https://\(cleaned)")
+        }
+        guard let base else { return nil }
+
+        guard var components = URLComponents(url: base, resolvingAgainstBaseURL: false) else {
+            return nil
+        }
+        components.path = ""
+        components.query = nil
+        components.fragment = nil
+        return components.url
+    }
+
+    static func parseUsageSnapshot(
+        from data: Data,
+        now: Date = Date(),
+        authMode: AuthMode = .webSession) throws -> AlibabaCodingPlanUsageSnapshot
+    {
+        guard !data.isEmpty else {
+            throw AlibabaCodingPlanUsageError.parseFailed("Empty response body")
+        }
+
+        let object = try JSONSerialization.jsonObject(with: data, options: [])
+        let expanded = self.expandedJSON(object)
+        guard let dictionary = expanded as? [String: Any] else {
+            throw AlibabaCodingPlanUsageError.parseFailed("Unexpected payload")
+        }
+
+        if let statusCode = self.findFirstInt(forKeys: ["statusCode", "status_code", "code"], in: dictionary),
+           statusCode != 0,
+           statusCode != 200
+        {
+            let message = self.findFirstString(
+                forKeys: ["statusMessage", "status_msg", "message", "msg"],
+                in: dictionary)
+                ?? "status code \(statusCode)"
+            let lower = message.lowercased()
+            if statusCode == 401 || statusCode == 403 || lower.contains("api key") || lower.contains("unauthorized") {
+                throw AlibabaCodingPlanUsageError.invalidCredentials
+            }
+            throw AlibabaCodingPlanUsageError.apiError(message)
+        }
+
+        if let codeText = self.findFirstString(forKeys: ["code", "status", "statusCode"], in: dictionary) {
+            let normalizedCode = codeText.lowercased()
+            if normalizedCode.contains("needlogin") || normalizedCode.contains("login") {
+                if authMode == .apiKey {
+                    throw AlibabaCodingPlanUsageError.apiKeyUnavailableInRegion
+                }
+                throw AlibabaCodingPlanUsageError.loginRequired
+            }
+        }
+        if let messageText = self.findFirstString(forKeys: ["message", "msg", "statusMessage"], in: dictionary) {
+            let normalizedMessage = messageText.lowercased()
+            if normalizedMessage.contains("log in") || normalizedMessage.contains("login") {
+                if authMode == .apiKey {
+                    throw AlibabaCodingPlanUsageError.apiKeyUnavailableInRegion
+                }
+                throw AlibabaCodingPlanUsageError.loginRequired
+            }
+            if authMode == .apiKey,
+               normalizedMessage.contains("console session") ||
+               normalizedMessage.contains("api key mode may be unavailable")
+            {
+                throw AlibabaCodingPlanUsageError.apiKeyUnavailableInRegion
+            }
+        }
+
+        let instanceInfo = self.findActiveInstanceInfo(in: dictionary, now: now)
+        let instanceCount = self.findFirstArray(
+            forKeys: ["codingPlanInstanceInfos", "coding_plan_instance_infos"],
+            in: dictionary)?
+            .compactMap { $0 as? [String: Any] }
+            .count ?? 0
+        let shouldScopeQuotaToSelectedInstance =
+            instanceCount > 1 &&
+            (instanceInfo.map { self.activeSignalScore(in: $0, now: now) > 0 } ?? false)
+        let quota = if shouldScopeQuotaToSelectedInstance, let instanceInfo {
+            self.findQuotaInfo(in: instanceInfo)
+        } else {
+            self.findQuotaInfo(in: instanceInfo ?? [:]) ?? self.findQuotaInfo(in: dictionary)
+        }
+        guard let quota else {
+            if let fallback = self.parsePlanVisibleActiveFallback(
+                payload: dictionary,
+                instanceInfo: instanceInfo,
+                now: now)
+            {
+                return fallback
+            }
+            let diagnostics = self.payloadDiagnostics(payload: dictionary)
+            Self.log.error("Alibaba coding plan quota payload missing expected fields: \(diagnostics)")
+            throw AlibabaCodingPlanUsageError.parseFailed("Missing coding plan quota data (\(diagnostics))")
+        }
+
+        let planName = self.findPlanName(in: instanceInfo ?? [:]) ?? self.findPlanName(in: dictionary)
+
+        let snapshot = AlibabaCodingPlanUsageSnapshot(
+            planName: planName,
+            fiveHourUsedQuota: self.anyInt(for: ["per5HourUsedQuota", "perFiveHourUsedQuota"], in: quota),
+            fiveHourTotalQuota: self.anyInt(for: ["per5HourTotalQuota", "perFiveHourTotalQuota"], in: quota),
+            fiveHourNextRefreshTime: self.anyDate(
+                for: ["per5HourQuotaNextRefreshTime", "perFiveHourQuotaNextRefreshTime"],
+                in: quota),
+            weeklyUsedQuota: self.anyInt(for: ["perWeekUsedQuota"], in: quota),
+            weeklyTotalQuota: self.anyInt(for: ["perWeekTotalQuota"], in: quota),
+            weeklyNextRefreshTime: self.anyDate(for: ["perWeekQuotaNextRefreshTime"], in: quota),
+            monthlyUsedQuota: self.anyInt(for: ["perBillMonthUsedQuota", "perMonthUsedQuota"], in: quota),
+            monthlyTotalQuota: self.anyInt(for: ["perBillMonthTotalQuota", "perMonthTotalQuota"], in: quota),
+            monthlyNextRefreshTime: self.anyDate(
+                for: ["perBillMonthQuotaNextRefreshTime", "perMonthQuotaNextRefreshTime"],
+                in: quota),
+            updatedAt: now)
+
+        if snapshot.fiveHourTotalQuota == nil,
+           snapshot.weeklyTotalQuota == nil,
+           snapshot.monthlyTotalQuota == nil
+        {
+            if let fallback = self.parsePlanVisibleActiveFallback(
+                payload: dictionary,
+                instanceInfo: instanceInfo,
+                now: now)
+            {
+                return fallback
+            }
+            let diagnostics = self.payloadDiagnostics(payload: dictionary)
+            Self.log.error("Alibaba coding plan payload had no usable windows: \(diagnostics)")
+            throw AlibabaCodingPlanUsageError.parseFailed("No quota windows found in payload (\(diagnostics))")
+        }
+
+        return snapshot
+    }
+
+    private static func findPlanName(in payload: [String: Any]) -> String? {
+        if let infos = self.findFirstArray(
+            forKeys: ["codingPlanInstanceInfos", "coding_plan_instance_infos"],
+            in: payload)
+        {
+            for item in infos {
+                guard let info = item as? [String: Any] else { continue }
+                let candidates = [
+                    self.anyString(for: ["planName", "plan_name"], in: info),
+                    self.anyString(for: ["instanceName", "instance_name"], in: info),
+                    self.anyString(for: ["packageName", "package_name"], in: info),
+                ]
+                for candidate in candidates {
+                    if let candidate, !candidate.isEmpty {
+                        return candidate
+                    }
+                }
+            }
+        }
+        return self.findFirstString(forKeys: ["planName", "plan_name", "packageName", "package_name"], in: payload)
+    }
+
+    private static func findActiveInstanceInfo(in payload: [String: Any], now: Date = Date()) -> [String: Any]? {
+        guard let infos = self.findFirstArray(
+            forKeys: ["codingPlanInstanceInfos", "coding_plan_instance_infos"],
+            in: payload)
+        else {
+            return nil
+        }
+
+        var first: [String: Any]?
+        var best: [String: Any]?
+        var bestScore = Int.min
+        for item in infos {
+            guard let info = item as? [String: Any] else { continue }
+            first = first ?? info
+            let score = self.activeSignalScore(in: info, now: now)
+            if score > bestScore {
+                best = info
+                bestScore = score
+            }
+        }
+        if bestScore > 0 {
+            return best
+        }
+        return first
+    }
+
+    private static func parsePlanVisibleActiveFallback(
+        payload: [String: Any],
+        instanceInfo: [String: Any]?,
+        now: Date) -> AlibabaCodingPlanUsageSnapshot?
+    {
+        let source = instanceInfo ?? payload
+        guard self.hasPositiveActivePlanSignal(in: source, payload: payload, now: now),
+              let planName = self.findPlanName(in: source) ?? self.findPlanName(in: payload)
+        else {
+            return nil
+        }
+
+        return AlibabaCodingPlanUsageSnapshot(
+            planName: planName,
+            fiveHourUsedQuota: nil,
+            fiveHourTotalQuota: nil,
+            fiveHourNextRefreshTime: nil,
+            weeklyUsedQuota: nil,
+            weeklyTotalQuota: nil,
+            weeklyNextRefreshTime: nil,
+            monthlyUsedQuota: nil,
+            monthlyTotalQuota: nil,
+            monthlyNextRefreshTime: nil,
+            updatedAt: now)
+    }
+
+    private static func hasPositiveActivePlanSignal(
+        in source: [String: Any],
+        payload: [String: Any],
+        now: Date) -> Bool
+    {
+        if self.containsPlanInstances(in: payload) {
+            return self.activeSignalScore(in: source, now: now) > 0
+        }
+        return self.activeSignalScore(in: source, now: now) > 0 || self.activeSignalScore(in: payload, now: now) > 0
+    }
+
+    private static func containsPlanInstances(in payload: [String: Any]) -> Bool {
+        guard let infos = self.findFirstArray(
+            forKeys: ["codingPlanInstanceInfos", "coding_plan_instance_infos"],
+            in: payload)
+        else {
+            return false
+        }
+        return infos.contains { $0 is [String: Any] }
+    }
+
+    private static func activeSignalScore(in source: [String: Any], now: Date) -> Int {
+        if let status = self.anyString(for: ["status", "instanceStatus"], in: source)?.uppercased() {
+            if ["VALID", "ACTIVE"].contains(status) {
+                return 3
+            }
+            if ["EXPIRED", "INVALID", "INACTIVE", "DISABLED", "TERMINATED", "STOPPED"].contains(status) {
+                return -1
+            }
+        }
+
+        if let isActive = self.anyBool(for: ["isActive", "active"], in: source) {
+            return isActive ? 3 : -1
+        }
+
+        if let expiry = self.anyDate(for: ["endTime", "periodEndTime", "expireTime", "expirationTime"], in: source),
+           expiry.timeIntervalSince(now) > 0
+        {
+            return 1
+        }
+
+        return 0
+    }
+
+    private static func payloadDiagnostics(payload: [String: Any]) -> String {
+        let topKeys = payload.keys.sorted()
+        let dataDict = self.findFirstDictionary(forKeys: ["data", "successResponse", "success_response"], in: payload)
+        let dataKeys = dataDict?.keys.sorted() ?? []
+        let instanceInfo = self.findActiveInstanceInfo(in: payload)
+        let instanceKeys = instanceInfo?.keys.sorted() ?? []
+        let hasQuota = self.findQuotaInfo(in: payload) != nil
+        let planUsage =
+            self.anyString(for: ["planUsage", "usageRate", "usage", "usageValue"], in: instanceInfo ?? [:]) ??
+            self.findFirstString(forKeys: ["planUsage", "usageRate", "usage", "usageValue"], in: payload)
+        let compactPlanUsage = planUsage?.replacingOccurrences(of: "\n", with: " ") ?? "none"
+        let status = self.anyString(for: ["status", "instanceStatus"], in: instanceInfo ?? [:]) ?? "none"
+
+        return "topKeys=\(topKeys.joined(separator: ",")) dataKeys=\(dataKeys.joined(separator: ",")) " +
+            "instanceKeys=\(instanceKeys.joined(separator: ",")) hasQuota=\(hasQuota ? "1" : "0") " +
+            "status=\(status) planUsage=\(compactPlanUsage)"
+    }
+
+    private static func findQuotaInfo(in payload: [String: Any]) -> [String: Any]? {
+        if let direct = self.findFirstDictionary(
+            forKeys: ["codingPlanQuotaInfo", "coding_plan_quota_info"],
+            in: payload)
+        {
+            return direct
+        }
+        return self.findFirstDictionary(
+            matchingAnyKey: [
+                "per5HourUsedQuota",
+                "per5HourTotalQuota",
+                "perWeekUsedQuota",
+                "perWeekTotalQuota",
+                "perBillMonthUsedQuota",
+                "perBillMonthTotalQuota",
+            ],
+            in: payload)
+    }
+
+    private static func findFirstDictionary(forKeys keys: [String], in value: Any) -> [String: Any]? {
+        guard let dict = value as? [String: Any] else { return nil }
+        for key in keys {
+            if let nested = dict[key] as? [String: Any] {
+                return nested
+            }
+        }
+        for nestedValue in dict.values {
+            if let nested = self.findFirstDictionary(forKeys: keys, in: nestedValue) {
+                return nested
+            }
+        }
+        if let array = value as? [Any] {
+            for item in array {
+                if let nested = self.findFirstDictionary(forKeys: keys, in: item) {
+                    return nested
+                }
+            }
+        }
+        return nil
+    }
+
+    private static func findFirstDictionary(matchingAnyKey keys: [String], in value: Any) -> [String: Any]? {
+        if let dict = value as? [String: Any] {
+            if keys.contains(where: { dict[$0] != nil }) {
+                return dict
+            }
+            for nestedValue in dict.values {
+                if let nested = self.findFirstDictionary(matchingAnyKey: keys, in: nestedValue) {
+                    return nested
+                }
+            }
+            return nil
+        }
+        if let array = value as? [Any] {
+            for item in array {
+                if let nested = self.findFirstDictionary(matchingAnyKey: keys, in: item) {
+                    return nested
+                }
+            }
+        }
+        return nil
+    }
+
+    private static func findFirstArray(forKeys keys: [String], in value: Any) -> [Any]? {
+        guard let dict = value as? [String: Any] else {
+            if let array = value as? [Any] {
+                for item in array {
+                    if let found = self.findFirstArray(forKeys: keys, in: item) {
+                        return found
+                    }
+                }
+            }
+            return nil
+        }
+        for key in keys {
+            if let array = dict[key] as? [Any] {
+                return array
+            }
+        }
+        for nested in dict.values {
+            if let found = self.findFirstArray(forKeys: keys, in: nested) {
+                return found
+            }
+        }
+        return nil
+    }
+
+    private static func findFirstInt(forKeys keys: [String], in value: Any) -> Int? {
+        if let dict = value as? [String: Any] {
+            for key in keys {
+                if let parsed = self.parseInt(dict[key]) {
+                    return parsed
+                }
+            }
+            for nested in dict.values {
+                if let parsed = self.findFirstInt(forKeys: keys, in: nested) {
+                    return parsed
+                }
+            }
+            return nil
+        }
+        if let array = value as? [Any] {
+            for item in array {
+                if let parsed = self.findFirstInt(forKeys: keys, in: item) {
+                    return parsed
+                }
+            }
+        }
+        return nil
+    }
+
+    private static func findFirstString(forKeys keys: [String], in value: Any) -> String? {
+        if let dict = value as? [String: Any] {
+            for key in keys {
+                if let parsed = self.parseString(dict[key]) {
+                    return parsed
+                }
+            }
+            for nested in dict.values {
+                if let parsed = self.findFirstString(forKeys: keys, in: nested) {
+                    return parsed
+                }
+            }
+            return nil
+        }
+        if let array = value as? [Any] {
+            for item in array {
+                if let parsed = self.findFirstString(forKeys: keys, in: item) {
+                    return parsed
+                }
+            }
+        }
+        return nil
+    }
+
+    private static func findFirstDate(forKeys keys: [String], in value: Any) -> Date? {
+        if let dict = value as? [String: Any] {
+            for key in keys {
+                if let parsed = self.parseDate(dict[key]) {
+                    return parsed
+                }
+            }
+            for nested in dict.values {
+                if let parsed = self.findFirstDate(forKeys: keys, in: nested) {
+                    return parsed
+                }
+            }
+            return nil
+        }
+        if let array = value as? [Any] {
+            for item in array {
+                if let parsed = self.findFirstDate(forKeys: keys, in: item) {
+                    return parsed
+                }
+            }
+        }
+        return nil
+    }
+
+    private static func expandedJSON(_ value: Any) -> Any {
+        if let dict = value as? [String: Any] {
+            var expanded: [String: Any] = [:]
+            expanded.reserveCapacity(dict.count)
+            for (key, nested) in dict {
+                expanded[key] = self.expandedJSON(nested)
+            }
+            return expanded
+        }
+        if let array = value as? [Any] {
+            return array.map { self.expandedJSON($0) }
+        }
+        if let string = value as? String,
+           let data = string.data(using: .utf8),
+           let nested = try? JSONSerialization.jsonObject(with: data, options: []),
+           nested is [String: Any] || nested is [Any]
+        {
+            return self.expandedJSON(nested)
+        }
+        return value
+    }
+
+    private static func anyInt(for keys: [String], in dict: [String: Any]) -> Int? {
+        for key in keys {
+            if let value = self.parseInt(dict[key]) {
+                return value
+            }
+        }
+        return nil
+    }
+
+    private static func anyString(for keys: [String], in dict: [String: Any]) -> String? {
+        for key in keys {
+            if let value = self.parseString(dict[key]) {
+                return value
+            }
+        }
+        return nil
+    }
+
+    private static func anyDate(for keys: [String], in dict: [String: Any]) -> Date? {
+        for key in keys {
+            if let value = self.parseDate(dict[key]) {
+                return value
+            }
+        }
+        return nil
+    }
+
+    private static func anyPercent(for keys: [String], in dict: [String: Any]) -> Double? {
+        for key in keys {
+            if let value = self.parsePercent(dict[key]) {
+                return value
+            }
+        }
+        return nil
+    }
+
+    private static func anyBool(for keys: [String], in dict: [String: Any]) -> Bool? {
+        for key in keys {
+            if let value = self.parseBool(dict[key]) {
+                return value
+            }
+        }
+        return nil
+    }
+
+    private static func findFirstPercent(forKeys keys: [String], in value: Any) -> Double? {
+        if let dict = value as? [String: Any] {
+            for key in keys {
+                if let parsed = self.parsePercent(dict[key]) {
+                    return parsed
+                }
+            }
+            for nested in dict.values {
+                if let parsed = self.findFirstPercent(forKeys: keys, in: nested) {
+                    return parsed
+                }
+            }
+            return nil
+        }
+        if let array = value as? [Any] {
+            for item in array {
+                if let parsed = self.findFirstPercent(forKeys: keys, in: item) {
+                    return parsed
+                }
+            }
+        }
+        return nil
+    }
+
+    private static func parseDate(_ raw: Any?) -> Date? {
+        if let intValue = self.parseInt(raw) {
+            if intValue > 1_000_000_000_000 {
+                return Date(timeIntervalSince1970: TimeInterval(intValue) / 1000)
+            }
+            if intValue > 1_000_000_000 {
+                return Date(timeIntervalSince1970: TimeInterval(intValue))
+            }
+        }
+        if let string = self.parseString(raw) {
+            let formatter = ISO8601DateFormatter()
+            if let date = formatter.date(from: string) {
+                return date
+            }
+            let dateFormatter = DateFormatter()
+            dateFormatter.locale = Locale(identifier: "en_US_POSIX")
+            for format in ["yyyy-MM-dd HH:mm", "yyyy-MM-dd HH:mm:ss"] {
+                dateFormatter.dateFormat = format
+                if let date = dateFormatter.date(from: string) {
+                    return date
+                }
+            }
+        }
+        return nil
+    }
+
+    private static func parseInt(_ raw: Any?) -> Int? {
+        if let value = raw as? Int { return value }
+        if let value = raw as? Int64 { return Int(value) }
+        if let value = raw as? Double { return Int(value) }
+        if let value = raw as? NSNumber { return value.intValue }
+        if let value = raw as? String {
+            let trimmed = value.trimmingCharacters(in: .whitespacesAndNewlines)
+            return Int(trimmed)
+        }
+        return nil
+    }
+
+    private static func parseString(_ raw: Any?) -> String? {
+        guard let value = raw as? String else { return nil }
+        let trimmed = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return trimmed.isEmpty ? nil : trimmed
+    }
+
+    private static func parsePercent(_ raw: Any?) -> Double? {
+        if let intValue = self.parseInt(raw) {
+            return max(0, min(Double(intValue), 100))
+        }
+        guard let rawString = self.parseString(raw) else { return nil }
+        let cleaned = rawString
+            .replacingOccurrences(of: "%", with: "")
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+        guard let parsed = Double(cleaned) else { return nil }
+        return max(0, min(parsed, 100))
+    }
+
+    private static func parseBool(_ raw: Any?) -> Bool? {
+        if let value = raw as? Bool {
+            return value
+        }
+        if let number = raw as? NSNumber {
+            return number.boolValue
+        }
+        guard let string = self.parseString(raw)?.lowercased() else { return nil }
+        switch string {
+        case "true", "1", "yes", "active", "valid":
+            return true
+        case "false", "0", "no", "inactive", "invalid", "expired":
+            return false
+        default:
+            return nil
+        }
+    }
+
+    private static func matchFirstGroup(pattern: String, in text: String) -> String? {
+        guard let regex = try? NSRegularExpression(pattern: pattern, options: []) else {
+            return nil
+        }
+        let range = NSRange(text.startIndex..<text.endIndex, in: text)
+        guard let match = regex.firstMatch(in: text, options: [], range: range),
+              match.numberOfRanges > 1,
+              let valueRange = Range(match.range(at: 1), in: text)
+        else {
+            return nil
+        }
+        let value = text[valueRange].trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : String(value)
+    }
+
+    private static func extractConsoleSECToken(from html: String) -> String? {
+        let patterns = [
+            #"SEC_TOKEN\s*:\s*\"([^\"]+)\""#,
+            #"SEC_TOKEN\s*:\s*'([^']+)'"#,
+            #"secToken\s*:\s*\"([^\"]+)\""#,
+            #"sec_token\s*:\s*\"([^\"]+)\""#,
+            #"sec_token\s*:\s*'([^']+)'"#,
+            #"\"SEC_TOKEN\"\s*:\s*\"([^\"]+)\""#,
+            #"\"sec_token\"\s*:\s*\"([^\"]+)\""#,
+        ]
+
+        for pattern in patterns {
+            if let token = self.matchFirstGroup(pattern: pattern, in: html), !token.isEmpty {
+                return token
+            }
+        }
+        return nil
+    }
+
+    private static func extractCookieValue(name: String, from cookieHeader: String) -> String? {
+        let segments = cookieHeader.split(separator: ";")
+        for segment in segments {
+            let part = segment.trimmingCharacters(in: .whitespacesAndNewlines)
+            guard let index = part.firstIndex(of: "=") else { continue }
+            let key = String(part[..<index]).trimmingCharacters(in: .whitespacesAndNewlines)
+            if key == name {
+                let value = String(part[part.index(after: index)...]).trimmingCharacters(in: .whitespacesAndNewlines)
+                return value.isEmpty ? nil : value
+            }
+        }
+        return nil
+    }
+}
+
+public enum AlibabaCodingPlanUsageError: LocalizedError, Sendable, Equatable {
+    case loginRequired
+    case invalidCredentials
+    case networkError(String)
+    case apiError(String)
+    case parseFailed(String)
+    case apiKeyUnavailableInRegion
+
+    var shouldRetryOnAlternateRegion: Bool {
+        switch self {
+        case .loginRequired:
+            true
+        case .invalidCredentials:
+            true
+        case .apiKeyUnavailableInRegion:
+            false
+        case let .apiError(message):
+            message.contains("HTTP 404") || message.contains("HTTP 403")
+        case let .parseFailed(message):
+            message.contains("Missing coding plan quota data") || message.contains("No quota windows found")
+        case .networkError:
+            false
+        }
+    }
+
+    public var errorDescription: String? {
+        switch self {
+        case .loginRequired:
+            "Alibaba Coding Plan console login is required. " +
+                "Sign in to Model Studio/Bailian in a supported browser or paste a Cookie header."
+        case .invalidCredentials:
+            "Alibaba Coding Plan API credentials are invalid or expired."
+        case .apiKeyUnavailableInRegion:
+            "Alibaba Coding Plan quota is not available through Coding Plan API keys for this account/region. " +
+                "Use cookie authentication in Settings -> Providers -> Alibaba if the Alibaba console exposes a " +
+                "compatible session, or switch regions if quota API access is available there."
+        case let .networkError(message):
+            "Alibaba Coding Plan network error: \(message)"
+        case let .apiError(message):
+            "Alibaba Coding Plan API error: \(message)"
+        case let .parseFailed(message):
+            "Failed to parse Alibaba Coding Plan response: \(message)"
+        }
+    }
+}
+
+// swiftlint:enable type_body_length
diff --git a/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanUsageSnapshot.swift b/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanUsageSnapshot.swift
new file mode 100644
index 000000000..2385b9b7d
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanUsageSnapshot.swift
@@ -0,0 +1,126 @@
+import Foundation
+
+public struct AlibabaCodingPlanUsageSnapshot: Sendable {
+    public let planName: String?
+    public let fiveHourUsedQuota: Int?
+    public let fiveHourTotalQuota: Int?
+    public let fiveHourNextRefreshTime: Date?
+    public let weeklyUsedQuota: Int?
+    public let weeklyTotalQuota: Int?
+    public let weeklyNextRefreshTime: Date?
+    public let monthlyUsedQuota: Int?
+    public let monthlyTotalQuota: Int?
+    public let monthlyNextRefreshTime: Date?
+    public let updatedAt: Date
+
+    public init(
+        planName: String?,
+        fiveHourUsedQuota: Int?,
+        fiveHourTotalQuota: Int?,
+        fiveHourNextRefreshTime: Date?,
+        weeklyUsedQuota: Int?,
+        weeklyTotalQuota: Int?,
+        weeklyNextRefreshTime: Date?,
+        monthlyUsedQuota: Int?,
+        monthlyTotalQuota: Int?,
+        monthlyNextRefreshTime: Date?,
+        updatedAt: Date)
+    {
+        self.planName = planName
+        self.fiveHourUsedQuota = fiveHourUsedQuota
+        self.fiveHourTotalQuota = fiveHourTotalQuota
+        self.fiveHourNextRefreshTime = fiveHourNextRefreshTime
+        self.weeklyUsedQuota = weeklyUsedQuota
+        self.weeklyTotalQuota = weeklyTotalQuota
+        self.weeklyNextRefreshTime = weeklyNextRefreshTime
+        self.monthlyUsedQuota = monthlyUsedQuota
+        self.monthlyTotalQuota = monthlyTotalQuota
+        self.monthlyNextRefreshTime = monthlyNextRefreshTime
+        self.updatedAt = updatedAt
+    }
+}
+
+extension AlibabaCodingPlanUsageSnapshot {
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let primaryPercent = Self.usedPercent(used: self.fiveHourUsedQuota, total: self.fiveHourTotalQuota)
+        let secondaryPercent = Self.usedPercent(used: self.weeklyUsedQuota, total: self.weeklyTotalQuota)
+        let tertiaryPercent = Self.usedPercent(used: self.monthlyUsedQuota, total: self.monthlyTotalQuota)
+
+        let primary: RateWindow? = if let primaryPercent {
+            RateWindow(
+                usedPercent: primaryPercent,
+                windowMinutes: 5 * 60,
+                resetsAt: Self.normalizedFiveHourReset(
+                    self.fiveHourNextRefreshTime,
+                    updatedAt: self.updatedAt),
+                resetDescription: Self.usageDetail(used: self.fiveHourUsedQuota, total: self.fiveHourTotalQuota))
+        } else {
+            nil
+        }
+
+        let secondary: RateWindow? = if let secondaryPercent {
+            RateWindow(
+                usedPercent: secondaryPercent,
+                windowMinutes: 7 * 24 * 60,
+                resetsAt: self.weeklyNextRefreshTime,
+                resetDescription: Self.usageDetail(used: self.weeklyUsedQuota, total: self.weeklyTotalQuota))
+        } else {
+            nil
+        }
+
+        let tertiary: RateWindow? = if let tertiaryPercent {
+            RateWindow(
+                usedPercent: tertiaryPercent,
+                windowMinutes: 30 * 24 * 60,
+                resetsAt: self.monthlyNextRefreshTime,
+                resetDescription: Self.usageDetail(used: self.monthlyUsedQuota, total: self.monthlyTotalQuota))
+        } else {
+            nil
+        }
+
+        let loginMethod = self.planName?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let identity = ProviderIdentitySnapshot(
+            providerID: .alibaba,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: loginMethod)
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: secondary,
+            tertiary: tertiary,
+            providerCost: nil,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+
+    private static func usedPercent(used: Int?, total: Int?) -> Double? {
+        guard let used, let total, total > 0 else { return nil }
+        let normalizedUsed = max(0, min(used, total))
+        return Double(normalizedUsed) / Double(total) * 100
+    }
+
+    private static func limitDescription(total: Int?, label: String) -> String? {
+        guard let total, total > 0 else { return nil }
+        return "\(total) requests / \(label)"
+    }
+
+    private static func usageDetail(used: Int?, total: Int?) -> String? {
+        guard let used, let total, total > 0 else { return nil }
+        return "\(used) / \(total) used"
+    }
+
+    private static func normalizedFiveHourReset(_ raw: Date?, updatedAt: Date) -> Date? {
+        guard let raw else { return nil }
+        if raw.timeIntervalSince(updatedAt) >= 60 {
+            return raw
+        }
+
+        let shifted = raw.addingTimeInterval(TimeInterval(5 * 60 * 60))
+        if shifted.timeIntervalSince(updatedAt) >= 60 {
+            return shifted
+        }
+
+        return updatedAt.addingTimeInterval(TimeInterval(5 * 60 * 60))
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Alibaba/AlibabaTokenPlanCookieHeader.swift b/Sources/CodexBarCore/Providers/Alibaba/AlibabaTokenPlanCookieHeader.swift
new file mode 100644
index 000000000..11f515028
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Alibaba/AlibabaTokenPlanCookieHeader.swift
@@ -0,0 +1,162 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+struct AlibabaTokenPlanCookieHeaders {
+    private static let cachedAPIHeaderName = "__codexbar_alibaba_token_plan_api"
+    private static let cachedDashboardHeaderName = "__codexbar_alibaba_token_plan_dashboard"
+
+    let apiCookieHeader: String
+    let dashboardCookieHeader: String
+
+    init(apiCookieHeader: String, dashboardCookieHeader: String) {
+        self.apiCookieHeader = apiCookieHeader
+        self.dashboardCookieHeader = dashboardCookieHeader
+    }
+
+    init?(singleHeader raw: String?) {
+        guard let normalized = CookieHeaderNormalizer.normalize(raw) else { return nil }
+        self.apiCookieHeader = normalized
+        self.dashboardCookieHeader = normalized
+    }
+
+    init?(cachedHeader raw: String?) {
+        var valuesByName: [String: String] = [:]
+        for pair in CookieHeaderNormalizer.pairs(from: raw ?? "") {
+            valuesByName[pair.name] = pair.value
+        }
+        if let encodedAPI = valuesByName[Self.cachedAPIHeaderName],
+           let encodedDashboard = valuesByName[Self.cachedDashboardHeaderName],
+           let apiHeader = Self.decodeCachedHeader(encodedAPI),
+           let dashboardHeader = Self.decodeCachedHeader(encodedDashboard),
+           let normalizedAPI = CookieHeaderNormalizer.normalize(apiHeader),
+           let normalizedDashboard = CookieHeaderNormalizer.normalize(dashboardHeader)
+        {
+            self.init(apiCookieHeader: normalizedAPI, dashboardCookieHeader: normalizedDashboard)
+            return
+        }
+
+        self.init(singleHeader: raw)
+    }
+
+    var cacheCookieHeader: String {
+        [
+            "\(Self.cachedAPIHeaderName)=\(Self.encodeCachedHeader(self.apiCookieHeader))",
+            "\(Self.cachedDashboardHeaderName)=\(Self.encodeCachedHeader(self.dashboardCookieHeader))",
+        ].joined(separator: "; ")
+    }
+
+    var apiCookieNames: [String] {
+        Self.cookieNames(from: self.apiCookieHeader)
+    }
+
+    var dashboardCookieNames: [String] {
+        Self.cookieNames(from: self.dashboardCookieHeader)
+    }
+
+    func hasCookie(named name: String) -> Bool {
+        Self.cookieNames(from: self.apiCookieHeader).contains(name) ||
+            Self.cookieNames(from: self.dashboardCookieHeader).contains(name)
+    }
+
+    private static func cookieNames(from header: String) -> [String] {
+        CookieHeaderNormalizer.pairs(from: header)
+            .map(\.name)
+            .filter { !$0.isEmpty }
+            .uniquedSorted()
+    }
+
+    private static func encodeCachedHeader(_ header: String) -> String {
+        Data(header.utf8).base64EncodedString()
+    }
+
+    private static func decodeCachedHeader(_ encoded: String) -> String? {
+        guard let data = Data(base64Encoded: encoded) else { return nil }
+        return String(data: data, encoding: .utf8)
+    }
+}
+
+enum AlibabaTokenPlanCookieHeader {
+    static func headers(
+        from cookies: [HTTPCookie],
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> AlibabaTokenPlanCookieHeaders?
+    {
+        guard let apiHeader = self.header(
+            from: cookies,
+            targetURL: AlibabaTokenPlanUsageFetcher.resolveQuotaURL(environment: environment)),
+            let dashboardHeader = self.header(
+                from: cookies,
+                targetURL: AlibabaTokenPlanUsageFetcher.dashboardURL(environment: environment))
+        else {
+            return nil
+        }
+        return AlibabaTokenPlanCookieHeaders(apiCookieHeader: apiHeader, dashboardCookieHeader: dashboardHeader)
+    }
+
+    static func header(from cookies: [HTTPCookie], targetURL: URL) -> String? {
+        var byName: [String: HTTPCookie] = [:]
+        for cookie in cookies {
+            guard !cookie.name.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty else { continue }
+            guard !cookie.value.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty else { continue }
+            if let expiry = cookie.expiresDate, expiry < Date() { continue }
+            guard self.matchesRequestURL(cookie: cookie, url: targetURL) else { continue }
+
+            if let existing = byName[cookie.name] {
+                if self.cookieSortKey(for: cookie) >= self.cookieSortKey(for: existing) {
+                    byName[cookie.name] = cookie
+                }
+            } else {
+                byName[cookie.name] = cookie
+            }
+        }
+
+        guard !byName.isEmpty else { return nil }
+        return byName.keys.sorted().compactMap { name in
+            guard let cookie = byName[name] else { return nil }
+            return "\(cookie.name)=\(cookie.value)"
+        }.joined(separator: "; ")
+    }
+
+    private static func matchesRequestURL(cookie: HTTPCookie, url: URL) -> Bool {
+        guard let host = url.host?.lowercased() else { return false }
+        let normalizedDomain = cookie.domain.lowercased().trimmingCharacters(in: CharacterSet(charactersIn: "."))
+        guard !normalizedDomain.isEmpty else { return false }
+        guard host == normalizedDomain || host.hasSuffix(".\(normalizedDomain)") else { return false }
+
+        let cookiePath = cookie.path.isEmpty ? "/" : cookie.path
+        let requestPath = url.path.isEmpty ? "/" : url.path
+        if requestPath == cookiePath {
+            return true
+        }
+        guard requestPath.hasPrefix(cookiePath) else { return false }
+        guard cookiePath != "/" else { return true }
+        if cookiePath.hasSuffix("/") {
+            return true
+        }
+        guard
+            let boundaryIndex = requestPath.index(
+                requestPath.startIndex,
+                offsetBy: cookiePath.count,
+                limitedBy: requestPath.endIndex),
+            boundaryIndex < requestPath.endIndex
+        else {
+            return true
+        }
+        return requestPath[boundaryIndex] == "/"
+    }
+
+    private static func cookieSortKey(for cookie: HTTPCookie) -> (Int, Int, Date) {
+        let pathLength = cookie.path.count
+        let normalizedDomain = cookie.domain.lowercased().trimmingCharacters(in: CharacterSet(charactersIn: "."))
+        let domainLength = normalizedDomain.count
+        let expiry = cookie.expiresDate ?? .distantPast
+        return (pathLength, domainLength, expiry)
+    }
+}
+
+extension [String] {
+    fileprivate func uniquedSorted() -> [String] {
+        Array(Set(self)).sorted()
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Alibaba/AlibabaTokenPlanProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Alibaba/AlibabaTokenPlanProviderDescriptor.swift
new file mode 100644
index 000000000..83f04da4c
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Alibaba/AlibabaTokenPlanProviderDescriptor.swift
@@ -0,0 +1,257 @@
+import CodexBarMacroSupport
+import Foundation
+
+#if os(macOS)
+import SweetCookieKit
+#endif
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum AlibabaTokenPlanProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        #if os(macOS)
+        let browserOrder: BrowserCookieImportOrder = [
+            .chrome,
+            .chromeBeta,
+            .brave,
+            .edge,
+            .arc,
+            .firefox,
+            .safari,
+        ]
+        #else
+        let browserOrder: BrowserCookieImportOrder? = nil
+        #endif
+
+        return ProviderDescriptor(
+            id: .alibabatokenplan,
+            metadata: ProviderMetadata(
+                id: .alibabatokenplan,
+                displayName: "Alibaba Token Plan",
+                sessionLabel: "Credits",
+                weeklyLabel: "Usage",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show Alibaba Token Plan usage",
+                cliName: "alibaba-token-plan",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: browserOrder,
+                dashboardURL: AlibabaTokenPlanUsageFetcher.dashboardURL.absoluteString,
+                statusPageURL: nil,
+                statusLinkURL: "https://status.aliyun.com"),
+            branding: ProviderBranding(
+                iconStyle: .alibaba,
+                iconResourceName: "ProviderIcon-alibaba",
+                color: ProviderColor(red: 1.0, green: 106 / 255, blue: 0)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "Alibaba Token Plan cost summary is not supported." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .web],
+                pipeline: ProviderFetchPipeline(resolveStrategies: self.resolveStrategies)),
+            cli: ProviderCLIConfig(
+                name: "alibaba-token-plan",
+                aliases: ["alibaba-token", "bailian-token-plan"],
+                versionDetector: nil))
+    }
+
+    private static func resolveStrategies(context: ProviderFetchContext) async -> [any ProviderFetchStrategy] {
+        guard context.settings?.alibabaTokenPlan?.cookieSource != .off else { return [] }
+        switch context.sourceMode {
+        case .auto, .web:
+            return [AlibabaTokenPlanWebFetchStrategy()]
+        case .api, .cli, .oauth:
+            return []
+        }
+    }
+}
+
+struct AlibabaTokenPlanWebFetchStrategy: ProviderFetchStrategy {
+    private static let log = CodexBarLog.logger("alibaba-token-plan")
+
+    let id: String = "alibaba-token-plan.web"
+    let kind: ProviderFetchKind = .web
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        guard context.settings?.alibabaTokenPlan?.cookieSource != .off else { return false }
+
+        if AlibabaTokenPlanSettingsReader.cookieHeader(environment: context.env) != nil {
+            return true
+        }
+
+        if let settings = context.settings?.alibabaTokenPlan,
+           settings.cookieSource == .manual
+        {
+            return CookieHeaderNormalizer.normalize(settings.manualCookieHeader) != nil
+        }
+
+        #if os(macOS)
+        if let cached = CookieHeaderCache.load(provider: .alibabatokenplan),
+           !cached.cookieHeader.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+        {
+            return true
+        }
+        return true
+        #else
+        return false
+        #endif
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let cookieSource = context.settings?.alibabaTokenPlan?.cookieSource ?? .auto
+        let cookieHeaders = try Self.resolveCookieHeaders(context: context, allowCached: true)
+        do {
+            let usage = try await AlibabaTokenPlanUsageFetcher.fetchUsage(
+                apiCookieHeader: cookieHeaders.apiCookieHeader,
+                dashboardCookieHeader: cookieHeaders.dashboardCookieHeader,
+                environment: context.env)
+            return self.makeResult(usage: usage.toUsageSnapshot(), sourceLabel: "web")
+        } catch let error as AlibabaTokenPlanUsageError
+            where error.isCredentialFailure && cookieSource != .manual
+        {
+            #if os(macOS)
+            CookieHeaderCache.clear(provider: .alibabatokenplan)
+            let refreshedHeaders = try Self.resolveCookieHeaders(context: context, allowCached: false)
+            let usage = try await AlibabaTokenPlanUsageFetcher.fetchUsage(
+                apiCookieHeader: refreshedHeaders.apiCookieHeader,
+                dashboardCookieHeader: refreshedHeaders.dashboardCookieHeader,
+                environment: context.env)
+            return self.makeResult(usage: usage.toUsageSnapshot(), sourceLabel: "web")
+            #else
+            throw error
+            #endif
+        }
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    static func resolveCookieHeader(context: ProviderFetchContext, allowCached: Bool) throws -> String {
+        try self.resolveCookieHeaders(context: context, allowCached: allowCached).apiCookieHeader
+    }
+
+    static func resolveCookieHeaders(
+        context: ProviderFetchContext,
+        allowCached: Bool) throws -> AlibabaTokenPlanCookieHeaders
+    {
+        if let settings = context.settings?.alibabaTokenPlan,
+           settings.cookieSource == .manual
+        {
+            guard let headers = AlibabaTokenPlanCookieHeaders(singleHeader: settings.manualCookieHeader) else {
+                self.log.warning("Alibaba Token Plan manual cookie header is invalid")
+                throw AlibabaTokenPlanSettingsError.invalidCookie
+            }
+            Self.log.info(
+                "Alibaba Token Plan using manual cookie header",
+                metadata: [
+                    "apiCookieNames": headers.apiCookieNames.joined(separator: ","),
+                    "dashboardCookieNames": headers.dashboardCookieNames.joined(separator: ","),
+                    "hasSecToken": headers.hasCookie(named: "sec_token") ? "1" : "0",
+                ])
+            return headers
+        }
+
+        if let envCookie = AlibabaTokenPlanSettingsReader.cookieHeader(environment: context.env),
+           let headers = AlibabaTokenPlanCookieHeaders(singleHeader: envCookie)
+        {
+            Self.log.info(
+                "Alibaba Token Plan using environment cookie header",
+                metadata: [
+                    "apiCookieNames": headers.apiCookieNames.joined(separator: ","),
+                    "dashboardCookieNames": headers.dashboardCookieNames.joined(separator: ","),
+                    "hasSecToken": headers.hasCookie(named: "sec_token") ? "1" : "0",
+                ])
+            return headers
+        }
+
+        #if os(macOS)
+        if allowCached,
+           let cached = CookieHeaderCache.load(provider: .alibabatokenplan),
+           let headers = AlibabaTokenPlanCookieHeaders(cachedHeader: cached.cookieHeader)
+        {
+            Self.log.info(
+                "Alibaba Token Plan using cached browser cookie header",
+                metadata: [
+                    "source": cached.sourceLabel,
+                    "apiCookieNames": headers.apiCookieNames.joined(separator: ","),
+                    "dashboardCookieNames": headers.dashboardCookieNames.joined(separator: ","),
+                    "hasSecToken": headers.hasCookie(named: "sec_token") ? "1" : "0",
+                ])
+            return headers
+        }
+
+        do {
+            var importLog: [String] = []
+            let session = try AlibabaCodingPlanCookieImporter.importSession(
+                browserDetection: context.browserDetection,
+                logger: { importLog.append($0) })
+            let rawCookieNames = session.cookies.map(\.name).filter { !$0.isEmpty }.uniquedSorted()
+            guard let headers = AlibabaTokenPlanCookieHeader.headers(
+                from: session.cookies,
+                environment: context.env)
+            else {
+                Self.log.warning(
+                    "Alibaba Token Plan browser cookie header was empty",
+                    metadata: [
+                        "source": session.sourceLabel,
+                        "rawCookieNames": rawCookieNames.joined(separator: ","),
+                    ])
+                throw AlibabaTokenPlanSettingsError.missingCookie(
+                    details: "No Alibaba Token Plan browser cookies were available after import.")
+            }
+            CookieHeaderCache.store(
+                provider: .alibabatokenplan,
+                cookieHeader: headers.cacheCookieHeader,
+                sourceLabel: session.sourceLabel)
+            Self.log.info(
+                "Alibaba Token Plan imported browser cookies",
+                metadata: [
+                    "source": session.sourceLabel,
+                    "rawCookieNames": rawCookieNames.joined(separator: ","),
+                    "apiCookieNames": headers.apiCookieNames.joined(separator: ","),
+                    "dashboardCookieNames": headers.dashboardCookieNames.joined(separator: ","),
+                    "hasSecToken": headers.hasCookie(named: "sec_token") ? "1" : "0",
+                    "importLogLines": "\(importLog.count)",
+                ])
+            return headers
+        } catch {
+            Self.log.warning(
+                "Alibaba Token Plan cookie resolution failed",
+                metadata: ["error": error.localizedDescription])
+            throw AlibabaTokenPlanSettingsError.missingCookie(details: Self.missingCookieDetails(from: error))
+        }
+        #else
+        throw AlibabaTokenPlanSettingsError.missingCookie()
+        #endif
+    }
+
+    private static func missingCookieDetails(from error: Error) -> String? {
+        if case let AlibabaCodingPlanSettingsError.missingCookie(details) = error {
+            return details
+        }
+        let message = error.localizedDescription.trimmingCharacters(in: .whitespacesAndNewlines)
+        return message.isEmpty ? nil : message
+    }
+}
+
+extension [String] {
+    fileprivate func uniquedSorted() -> [String] {
+        Array(Set(self)).sorted()
+    }
+}
+
+extension AlibabaTokenPlanUsageError {
+    fileprivate var isCredentialFailure: Bool {
+        switch self {
+        case .loginRequired, .invalidCredentials:
+            true
+        case .apiError, .networkError, .parseFailed:
+            false
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Alibaba/AlibabaTokenPlanSettingsReader.swift b/Sources/CodexBarCore/Providers/Alibaba/AlibabaTokenPlanSettingsReader.swift
new file mode 100644
index 000000000..8a0f6c1da
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Alibaba/AlibabaTokenPlanSettingsReader.swift
@@ -0,0 +1,64 @@
+import Foundation
+
+public struct AlibabaTokenPlanSettingsReader: Sendable {
+    public static let cookieHeaderKey = "ALIBABA_TOKEN_PLAN_COOKIE"
+    public static let hostKey = "ALIBABA_TOKEN_PLAN_HOST"
+    public static let quotaURLKey = "ALIBABA_TOKEN_PLAN_QUOTA_URL"
+
+    public static func cookieHeader(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.cleaned(environment[self.cookieHeaderKey])
+    }
+
+    public static func hostOverride(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        guard let raw = self.cleaned(environment[self.hostKey]) else { return nil }
+        if let scheme = URL(string: raw)?.scheme {
+            return scheme.lowercased() == "https" ? raw : nil
+        }
+        return raw
+    }
+
+    public static func quotaURL(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> URL?
+    {
+        guard let raw = self.cleaned(environment[self.quotaURLKey]) else { return nil }
+        if let url = URL(string: raw), let scheme = url.scheme {
+            return scheme.lowercased() == "https" ? url : nil
+        }
+        return URL(string: "https://\(raw)")
+    }
+
+    static func cleaned(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+        value = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : value
+    }
+}
+
+public enum AlibabaTokenPlanSettingsError: LocalizedError, Sendable {
+    case missingCookie(details: String? = nil)
+    case invalidCookie
+
+    public var errorDescription: String? {
+        switch self {
+        case let .missingCookie(details):
+            let base = "No Alibaba Token Plan session cookies found in browsers. " +
+                "Sign in to Bailian in Chrome, allow CodexBar to access Chrome Safe Storage in Keychain Access, " +
+                "or paste a manual Cookie header."
+            guard let details, !details.isEmpty else { return base }
+            return "\(base) \(details)"
+        case .invalidCookie:
+            return "Alibaba Token Plan cookie header is invalid."
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Alibaba/AlibabaTokenPlanUsageFetcher.swift b/Sources/CodexBarCore/Providers/Alibaba/AlibabaTokenPlanUsageFetcher.swift
new file mode 100644
index 000000000..e59e90a81
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Alibaba/AlibabaTokenPlanUsageFetcher.swift
@@ -0,0 +1,894 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public enum AlibabaTokenPlanUsageError: LocalizedError, Sendable, Equatable {
+    case loginRequired
+    case invalidCredentials
+    case apiError(String)
+    case networkError(String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .loginRequired:
+            "Alibaba Token Plan login required."
+        case .invalidCredentials:
+            "Alibaba Token Plan credentials are invalid."
+        case let .apiError(message):
+            "Alibaba Token Plan API error: \(message)"
+        case let .networkError(message):
+            "Alibaba Token Plan network error: \(message)"
+        case let .parseFailed(message):
+            "Could not parse Alibaba Token Plan usage: \(message)"
+        }
+    }
+}
+
+public struct AlibabaTokenPlanUsageFetcher: Sendable {
+    private static let log = CodexBarLog.logger("alibaba-token-plan")
+    private static let gatewayBaseURLString = "https://bailian.console.aliyun.com"
+    private static let dashboardOriginURLString = "https://bailian.console.aliyun.com"
+    private static let currentRegionID = "cn-beijing"
+    private static let bssServiceCode = "BssOpenAPI-V3"
+    private static let subscriptionSummaryAction = "GetSubscriptionSummary"
+    private static let tokenPlanProductCode = "sfm_tokenplanteams_dp_cn"
+    private static let browserLikeUserAgent =
+        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) " +
+        "AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
+    private static let safariLikeUserAgent =
+        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) " +
+        "AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.3 Safari/605.1.15"
+
+    public static var dashboardURL: URL {
+        URL(string: "https://bailian.console.aliyun.com/cn-beijing?tab=plan#/efm/subscription/token-plan")!
+    }
+
+    public static func fetchUsage(
+        cookieHeader: String,
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        now: Date = Date()) async throws -> AlibabaTokenPlanUsageSnapshot
+    {
+        guard let headers = AlibabaTokenPlanCookieHeaders(singleHeader: cookieHeader) else {
+            throw AlibabaTokenPlanSettingsError.invalidCookie
+        }
+        return try await self.fetchUsage(
+            apiCookieHeader: headers.apiCookieHeader,
+            dashboardCookieHeader: headers.dashboardCookieHeader,
+            environment: environment,
+            now: now)
+    }
+
+    static func fetchUsage(
+        apiCookieHeader: String,
+        dashboardCookieHeader: String,
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        now: Date = Date(),
+        session overrideSession: URLSession? = nil) async throws -> AlibabaTokenPlanUsageSnapshot
+    {
+        guard let normalizedAPIHeader = CookieHeaderNormalizer.normalize(apiCookieHeader),
+              let normalizedDashboardHeader = CookieHeaderNormalizer.normalize(dashboardCookieHeader)
+        else {
+            throw AlibabaTokenPlanSettingsError.invalidCookie
+        }
+
+        let url = self.resolveQuotaURL(environment: environment)
+        let apiRedirectDiagnostics = RedirectDiagnostics(cookieHeader: normalizedAPIHeader)
+        let dashboardRedirectDiagnostics: RedirectDiagnostics?
+        let apiSession: URLSession
+        let dashboardSession: URLSession
+        if let overrideSession {
+            apiSession = overrideSession
+            dashboardSession = overrideSession
+            dashboardRedirectDiagnostics = nil
+        } else {
+            let dashboardDiagnostics = RedirectDiagnostics(cookieHeader: normalizedDashboardHeader)
+            apiSession = URLSession(
+                configuration: .default,
+                delegate: apiRedirectDiagnostics,
+                delegateQueue: nil)
+            dashboardSession = URLSession(
+                configuration: .default,
+                delegate: dashboardDiagnostics,
+                delegateQueue: nil)
+            dashboardRedirectDiagnostics = dashboardDiagnostics
+        }
+        defer {
+            if overrideSession == nil {
+                apiSession.invalidateAndCancel()
+                dashboardSession.invalidateAndCancel()
+            }
+        }
+        let secToken = await self.resolveSECToken(
+            dashboardCookieHeader: normalizedDashboardHeader,
+            apiCookieHeader: normalizedAPIHeader,
+            environment: environment,
+            session: dashboardSession)
+        Self.log.info(
+            "Fetching Alibaba Token Plan usage",
+            metadata: [
+                "apiHost": url.host ?? "unknown",
+                "apiCookieNames": self.cookieNamesDescription(from: normalizedAPIHeader),
+                "dashboardCookieNames": self.cookieNamesDescription(from: normalizedDashboardHeader),
+                "hasCSRF": self.hasCSRF(in: normalizedAPIHeader) ? "1" : "0",
+                "secTokenSource": secToken == nil ? "missing" : "resolved",
+            ])
+
+        var request = URLRequest(url: url)
+        request.httpMethod = "POST"
+        request.timeoutInterval = 20
+        request.httpBody = self.subscriptionSummaryRequestBody(secToken: secToken)
+        request.setValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")
+        request.setValue("*/*", forHTTPHeaderField: "Accept")
+        request.setValue(normalizedAPIHeader, forHTTPHeaderField: "Cookie")
+        if let csrf = self.extractCookieValue(name: "login_aliyunid_csrf", from: normalizedAPIHeader) ??
+            self.extractCookieValue(name: "csrf", from: normalizedAPIHeader)
+        {
+            request.setValue(csrf, forHTTPHeaderField: "x-xsrf-token")
+            request.setValue(csrf, forHTTPHeaderField: "x-csrf-token")
+        }
+        request.setValue("XMLHttpRequest", forHTTPHeaderField: "X-Requested-With")
+        request.setValue(Self.browserLikeUserAgent, forHTTPHeaderField: "User-Agent")
+        request.setValue(Self.dashboardOriginURLString, forHTTPHeaderField: "Origin")
+        request.setValue(Self.dashboardURL.absoluteString, forHTTPHeaderField: "Referer")
+
+        let data: Data
+        let response: URLResponse
+        do {
+            (data, response) = try await apiSession.data(for: request)
+        } catch {
+            Self.log.error(
+                "Alibaba Token Plan request failed",
+                metadata: [
+                    "apiHost": url.host ?? "unknown",
+                    "error": error.localizedDescription,
+                ])
+            throw AlibabaTokenPlanUsageError.networkError(error.localizedDescription)
+        }
+        if let dashboardRedirectDiagnostics, !dashboardRedirectDiagnostics.redirects.isEmpty {
+            Self.log.info(
+                "Alibaba Token Plan dashboard redirects",
+                metadata: [
+                    "count": "\(dashboardRedirectDiagnostics.redirects.count)",
+                    "items": dashboardRedirectDiagnostics.redirects.joined(separator: " | "),
+                ])
+        }
+        if !apiRedirectDiagnostics.redirects.isEmpty {
+            Self.log.info(
+                "Alibaba Token Plan redirects",
+                metadata: [
+                    "count": "\(apiRedirectDiagnostics.redirects.count)",
+                    "items": apiRedirectDiagnostics.redirects.joined(separator: " | "),
+                ])
+        }
+        guard let httpResponse = response as? HTTPURLResponse else {
+            Self.log.error("Alibaba Token Plan response was not HTTP")
+            throw AlibabaTokenPlanUsageError.networkError("Invalid response")
+        }
+        Self.log.info(
+            "Alibaba Token Plan HTTP response",
+            metadata: [
+                "status": "\(httpResponse.statusCode)",
+                "bodyBytes": "\(data.count)",
+                "contentType": httpResponse.value(forHTTPHeaderField: "Content-Type") ?? "none",
+            ])
+        guard httpResponse.statusCode == 200 else {
+            if httpResponse.statusCode == 401 || httpResponse.statusCode == 403 {
+                throw AlibabaTokenPlanUsageError.loginRequired
+            }
+            Self.log.error("Alibaba Token Plan returned HTTP \(httpResponse.statusCode)")
+            throw AlibabaTokenPlanUsageError.apiError("HTTP \(httpResponse.statusCode)")
+        }
+
+        return try self.parseUsageSnapshot(from: data, now: now)
+    }
+
+    static func resolveQuotaURL(environment: [String: String]) -> URL {
+        if let override = AlibabaTokenPlanSettingsReader.quotaURL(environment: environment) {
+            return override
+        }
+        if let host = AlibabaTokenPlanSettingsReader.hostOverride(environment: environment),
+           let hostURL = self.quotaURL(from: host)
+        {
+            return hostURL
+        }
+        return self.defaultQuotaURL
+    }
+
+    static var defaultQuotaURL: URL {
+        var components = URLComponents(string: Self.gatewayBaseURLString)!
+        components.path = "/data/api.json"
+        components.queryItems = [
+            URLQueryItem(name: "action", value: Self.subscriptionSummaryAction),
+            URLQueryItem(name: "product", value: Self.bssServiceCode),
+            URLQueryItem(name: "_tag", value: ""),
+        ]
+        return components.url!
+    }
+
+    static func parseUsageSnapshot(from data: Data, now: Date = Date()) throws -> AlibabaTokenPlanUsageSnapshot {
+        guard !data.isEmpty else {
+            throw AlibabaTokenPlanUsageError.parseFailed("Empty response body")
+        }
+
+        let object: Any
+        do {
+            object = try JSONSerialization.jsonObject(with: data, options: [])
+        } catch {
+            if self.isLikelyLoginHTML(data) {
+                throw AlibabaTokenPlanUsageError.loginRequired
+            }
+            throw AlibabaTokenPlanUsageError.parseFailed("Invalid JSON response")
+        }
+        let expanded = self.expandedJSON(object)
+        guard let dictionary = expanded as? [String: Any] else {
+            throw AlibabaTokenPlanUsageError.parseFailed("Unexpected payload")
+        }
+
+        try self.throwIfErrorPayload(dictionary)
+
+        let summary = self.findSubscriptionSummary(in: dictionary) ?? dictionary
+        let total = self.anyDouble(for: Self.totalQuotaKeys, in: summary)
+        let remaining = self.anyDouble(for: Self.remainingQuotaKeys, in: summary)
+        let used = self.anyDouble(for: Self.usedQuotaKeys, in: summary) ??
+            total.flatMap { total in remaining.map { max(0, total - $0) } }
+        let resetsAt = self.findResetDate(in: summary) ?? self.findResetDate(in: dictionary)
+        let totalCount = self.anyDouble(for: Self.subscriptionCountKeys, in: summary)
+        let planName = self.findPlanName(in: summary) ?? ((totalCount ?? 0) > 0 || total != nil ? "TOKEN PLAN" : nil)
+
+        if planName == nil, total == nil, used == nil, remaining == nil, totalCount == nil {
+            let diagnostics = self.payloadDiagnostics(payload: dictionary)
+            Self.log.error("Alibaba Token Plan payload missing expected fields: \(diagnostics)")
+            throw AlibabaTokenPlanUsageError.parseFailed("Missing token plan data (\(diagnostics))")
+        }
+
+        return AlibabaTokenPlanUsageSnapshot(
+            planName: planName,
+            usedQuota: used,
+            totalQuota: total,
+            remainingQuota: remaining,
+            resetsAt: resetsAt,
+            updatedAt: now)
+    }
+
+    private static func subscriptionSummaryRequestBody(secToken: String?) -> Data {
+        let paramsObject = ["ProductCode": Self.tokenPlanProductCode]
+        guard let paramsData = try? JSONSerialization.data(withJSONObject: paramsObject, options: []),
+              let paramsString = String(data: paramsData, encoding: .utf8)
+        else {
+            return Data()
+        }
+
+        var components = URLComponents()
+        var queryItems = [
+            URLQueryItem(name: "product", value: Self.bssServiceCode),
+            URLQueryItem(name: "action", value: Self.subscriptionSummaryAction),
+            URLQueryItem(name: "params", value: paramsString),
+            URLQueryItem(name: "region", value: Self.currentRegionID),
+        ]
+        if let secToken, !secToken.isEmpty {
+            queryItems.append(URLQueryItem(name: "sec_token", value: secToken))
+        }
+        components.queryItems = queryItems
+        return Data((components.percentEncodedQuery ?? "").utf8)
+    }
+
+    private static func resolveSECToken(
+        dashboardCookieHeader: String,
+        apiCookieHeader: String,
+        environment: [String: String],
+        session: URLSession) async -> String?
+    {
+        let cookieSECToken = self.extractCookieValue(name: "sec_token", from: dashboardCookieHeader) ??
+            self.extractCookieValue(name: "sec_token", from: apiCookieHeader)
+        var request = URLRequest(url: self.dashboardURL(environment: environment))
+        request.httpMethod = "GET"
+        request.timeoutInterval = 10
+        request.setValue(dashboardCookieHeader, forHTTPHeaderField: "Cookie")
+        request.setValue(Self.safariLikeUserAgent, forHTTPHeaderField: "User-Agent")
+        request.setValue(
+            "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
+            forHTTPHeaderField: "Accept")
+
+        if let (data, response) = try? await session.data(for: request),
+           let httpResponse = response as? HTTPURLResponse,
+           httpResponse.statusCode == 200,
+           let html = String(data: data, encoding: .utf8),
+           let token = self.extractSECToken(from: html)
+        {
+            Self.log.info(
+                "Resolved Alibaba Token Plan sec_token from dashboard HTML",
+                metadata: [
+                    "dashboardHost": request.url?.host ?? "unknown",
+                    "htmlBytes": "\(data.count)",
+                ])
+            return token
+        }
+
+        if let cookieSECToken, !cookieSECToken.isEmpty {
+            Self.log.info("Resolved Alibaba Token Plan sec_token from cookies")
+            return cookieSECToken
+        }
+
+        Self.log.info(
+            "Alibaba Token Plan sec_token missing; continuing with cookie-only request",
+            metadata: [
+                "dashboardCookieNames": self.cookieNamesDescription(from: dashboardCookieHeader),
+                "apiCookieNames": self.cookieNamesDescription(from: apiCookieHeader),
+            ])
+        return nil
+    }
+
+    private static func quotaURL(from rawHost: String) -> URL? {
+        let cleaned = AlibabaTokenPlanSettingsReader.cleaned(rawHost)
+        guard let cleaned else { return nil }
+        let base = URL(string: cleaned)?.scheme == nil ? URL(string: "https://\(cleaned)") : URL(string: cleaned)
+        guard let base else { return nil }
+        var components = URLComponents(url: base, resolvingAgainstBaseURL: false)
+        let defaultComponents = URLComponents(url: Self.defaultQuotaURL, resolvingAgainstBaseURL: false)
+        components?.path = "/data/api.json"
+        components?.queryItems = defaultComponents?.queryItems
+        return components?.url
+    }
+
+    static func dashboardURL(environment: [String: String]) -> URL {
+        if let host = AlibabaTokenPlanSettingsReader.hostOverride(environment: environment),
+           let base = URL(string: host)?.scheme == nil ? URL(string: "https://\(host)") : URL(string: host),
+           var components = URLComponents(url: base, resolvingAgainstBaseURL: false),
+           let dashboardComponents = URLComponents(url: dashboardURL, resolvingAgainstBaseURL: false)
+        {
+            components.path = dashboardComponents.path
+            components.percentEncodedQuery = dashboardComponents.percentEncodedQuery
+            components.fragment = dashboardComponents.fragment
+            return components.url ?? self.dashboardURL
+        }
+        return Self.dashboardURL
+    }
+
+    private final class RedirectDiagnostics: NSObject, URLSessionTaskDelegate, @unchecked Sendable {
+        private let cookieHeader: String
+        var redirects: [String] = []
+
+        init(cookieHeader: String) {
+            self.cookieHeader = cookieHeader
+        }
+
+        func urlSession(
+            _: URLSession,
+            task _: URLSessionTask,
+            willPerformHTTPRedirection response: HTTPURLResponse,
+            newRequest request: URLRequest,
+            completionHandler: @escaping (URLRequest?) -> Void)
+        {
+            let from = AlibabaTokenPlanUsageFetcher.redactedURLDescription(response.url)
+            let to = AlibabaTokenPlanUsageFetcher.redactedURLDescription(request.url)
+            self.redirects.append("\(response.statusCode) \(from) -> \(to)")
+
+            completionHandler(AlibabaTokenPlanUsageFetcher.redirectedRequest(
+                response: response,
+                request: request,
+                cookieHeader: self.cookieHeader))
+        }
+    }
+
+    private static func redactedURLDescription(_ url: URL?) -> String {
+        guard let url else { return "unknown" }
+        var components = URLComponents(url: url, resolvingAgainstBaseURL: false)
+        components?.query = nil
+        components?.fragment = nil
+        return components?.string ?? "\(url.scheme ?? "unknown")://\(url.host ?? "unknown")"
+    }
+
+    static func redirectedRequest(
+        response: HTTPURLResponse,
+        request: URLRequest,
+        cookieHeader: String) -> URLRequest?
+    {
+        guard request.url?.scheme?.lowercased() == "https" else {
+            return nil
+        }
+
+        var updated = request
+        if self.shouldForwardRedirectCookies(from: response.url, to: request.url) {
+            updated.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
+        } else {
+            updated.setValue(nil, forHTTPHeaderField: "Cookie")
+        }
+        return updated
+    }
+
+    private static func shouldForwardRedirectCookies(from sourceURL: URL?, to targetURL: URL?) -> Bool {
+        guard let sourceHost = sourceURL?.host?.lowercased(),
+              let targetHost = targetURL?.host?.lowercased()
+        else {
+            return false
+        }
+        return sourceHost == targetHost
+    }
+
+    private static func throwIfErrorPayload(_ dictionary: [String: Any]) throws {
+        if self.findBoolValues(forKeys: ["Success", "success"], in: dictionary).contains(false) {
+            let message = self.findFirstString(forKeys: ["Message", "message", "msg", "Code", "code"], in: dictionary)
+                ?? "request was not successful"
+            let lowered = message.lowercased()
+            if lowered.contains("needlogin") || lowered.contains("login") {
+                throw AlibabaTokenPlanUsageError.loginRequired
+            }
+            throw AlibabaTokenPlanUsageError.apiError(message)
+        }
+
+        if let statusCode = self.findFirstInt(forKeys: ["statusCode", "status_code", "code"], in: dictionary),
+           statusCode != 0,
+           statusCode != 200
+        {
+            let message = self.findFirstString(
+                forKeys: ["statusMessage", "status_msg", "message", "msg"],
+                in: dictionary)
+                ?? "status code \(statusCode)"
+            if statusCode == 401 || statusCode == 403 {
+                throw AlibabaTokenPlanUsageError.invalidCredentials
+            }
+            throw AlibabaTokenPlanUsageError.apiError(message)
+        }
+
+        let codeText = self.findFirstString(forKeys: ["code", "status", "statusCode"], in: dictionary)?.lowercased()
+        let messageText = self.findFirstString(forKeys: ["message", "msg", "statusMessage"], in: dictionary)?
+            .lowercased()
+        if codeText?.contains("needlogin") == true ||
+            codeText?.contains("login") == true ||
+            messageText?.contains("log in") == true ||
+            messageText?.contains("login") == true
+        {
+            throw AlibabaTokenPlanUsageError.loginRequired
+        }
+    }
+
+    private static let planNameKeys = [
+        "planName",
+        "plan_name",
+        "packageName",
+        "package_name",
+        "commodityName",
+        "commodity_name",
+        "instanceName",
+        "instance_name",
+        "displayName",
+        "display_name",
+        "ProductName",
+        "productName",
+        "name",
+        "title",
+        "planType",
+        "plan_type",
+    ]
+    private static let usedQuotaKeys = [
+        "usedQuota",
+        "used_quota",
+        "usedCredits",
+        "usedCredit",
+        "consumedCredits",
+        "usage",
+        "used",
+        "usedAmount",
+        "consumeAmount",
+        "usedValue",
+        "UsedValue",
+        "consumedValue",
+        "ConsumedValue",
+    ]
+    private static let totalQuotaKeys = [
+        "totalQuota",
+        "total_quota",
+        "totalCredits",
+        "totalCredit",
+        "quota",
+        "creditLimit",
+        "creditsTotal",
+        "monthlyTotalQuota",
+        "amount",
+        "totalValue",
+        "TotalValue",
+    ]
+    private static let remainingQuotaKeys = [
+        "remainingQuota",
+        "remainQuota",
+        "remainingCredits",
+        "remainingCredit",
+        "availableCredits",
+        "balance",
+        "remaining",
+        "availableAmount",
+        "remainAmount",
+        "totalSurplusValue",
+        "TotalSurplusValue",
+        "surplusValue",
+        "SurplusValue",
+    ]
+    private static let subscriptionCountKeys = [
+        "totalCount",
+        "TotalCount",
+        "subscriptionTotalNumber",
+        "SubscriptionTotalNumber",
+    ]
+    private static let resetDateKeys = [
+        "nextRefreshTime",
+        "resetTime",
+        "periodEndTime",
+        "billingCycleEnd",
+        "billCycleEndTime",
+        "expireTime",
+        "expirationTime",
+        "endTime",
+        "validEndTime",
+        "instanceEndTime",
+        "nearestExpireDate",
+        "NearestExpireDate",
+    ]
+
+    private static func findSubscriptionSummary(in payload: [String: Any]) -> [String: Any]? {
+        if let data = self.findFirstDictionary(
+            forKeys: ["Data", "data", "successResponse", "success_response"],
+            in: payload),
+            self.containsSubscriptionSummaryFields(data)
+        {
+            return data
+        }
+        return self.findFirstDictionary(
+            matchingAnyKey: Self.usedQuotaKeys + Self.totalQuotaKeys + Self.remainingQuotaKeys +
+                Self.subscriptionCountKeys,
+            in: payload)
+    }
+
+    private static func containsSubscriptionSummaryFields(_ payload: [String: Any]) -> Bool {
+        let keys = self.usedQuotaKeys + self.totalQuotaKeys + self.remainingQuotaKeys + self.subscriptionCountKeys
+        return keys.contains { payload[$0] != nil }
+    }
+
+    private static func findPlanName(in payload: [String: Any]) -> String? {
+        self.anyString(for: self.planNameKeys, in: payload) ??
+            self.findFirstString(forKeys: self.planNameKeys, in: payload)
+    }
+
+    private static func findResetDate(in payload: [String: Any]) -> Date? {
+        self.anyDate(for: self.resetDateKeys, in: payload) ??
+            self.findFirstDate(forKeys: self.resetDateKeys, in: payload)
+    }
+
+    private static func payloadDiagnostics(payload: [String: Any]) -> String {
+        let topKeys = payload.keys.sorted()
+        let dataDict = self.findFirstDictionary(
+            forKeys: ["Data", "data", "successResponse", "success_response"],
+            in: payload)
+        let dataKeys = dataDict?.keys.sorted() ?? []
+        return "topKeys=\(topKeys.joined(separator: ",")) dataKeys=\(dataKeys.joined(separator: ","))"
+    }
+
+    private static func isLikelyLoginHTML(_ data: Data) -> Bool {
+        guard let text = String(data: data, encoding: .utf8)?.lowercased() else { return false }
+        return text.contains("<html") &&
+            (text.contains("login") || text.contains("sign in") || text.contains("signin"))
+    }
+
+    private static func findFirstDictionary(forKeys keys: [String], in value: Any) -> [String: Any]? {
+        if let dict = value as? [String: Any] {
+            for key in keys {
+                if let nested = dict[key] as? [String: Any] {
+                    return nested
+                }
+            }
+            for nestedValue in dict.values {
+                if let nested = self.findFirstDictionary(forKeys: keys, in: nestedValue) {
+                    return nested
+                }
+            }
+            return nil
+        }
+        if let array = value as? [Any] {
+            for item in array {
+                if let nested = self.findFirstDictionary(forKeys: keys, in: item) {
+                    return nested
+                }
+            }
+        }
+        return nil
+    }
+
+    private static func findFirstDictionary(matchingAnyKey keys: [String], in value: Any) -> [String: Any]? {
+        if let dict = value as? [String: Any] {
+            if keys.contains(where: { dict[$0] != nil }) {
+                return dict
+            }
+            for nestedValue in dict.values {
+                if let nested = self.findFirstDictionary(matchingAnyKey: keys, in: nestedValue) {
+                    return nested
+                }
+            }
+            return nil
+        }
+        if let array = value as? [Any] {
+            for item in array {
+                if let nested = self.findFirstDictionary(matchingAnyKey: keys, in: item) {
+                    return nested
+                }
+            }
+        }
+        return nil
+    }
+
+    private static func findFirstString(forKeys keys: [String], in value: Any) -> String? {
+        if let dict = value as? [String: Any] {
+            for key in keys {
+                if let parsed = self.parseString(dict[key]) {
+                    return parsed
+                }
+            }
+            for nestedValue in dict.values {
+                if let parsed = self.findFirstString(forKeys: keys, in: nestedValue) {
+                    return parsed
+                }
+            }
+            return nil
+        }
+        if let array = value as? [Any] {
+            for item in array {
+                if let parsed = self.findFirstString(forKeys: keys, in: item) {
+                    return parsed
+                }
+            }
+        }
+        return nil
+    }
+
+    private static func findBoolValues(forKeys keys: [String], in value: Any) -> [Bool] {
+        if let dict = value as? [String: Any] {
+            let directValues = keys.compactMap { self.parseBool(dict[$0]) }
+            let nestedValues = dict.values.flatMap { self.findBoolValues(forKeys: keys, in: $0) }
+            return directValues + nestedValues
+        }
+        if let array = value as? [Any] {
+            return array.flatMap { self.findBoolValues(forKeys: keys, in: $0) }
+        }
+        return []
+    }
+
+    private static func findFirstInt(forKeys keys: [String], in value: Any) -> Int? {
+        if let dict = value as? [String: Any] {
+            for key in keys {
+                if let parsed = self.parseInt(dict[key]) {
+                    return parsed
+                }
+            }
+            for nestedValue in dict.values {
+                if let parsed = self.findFirstInt(forKeys: keys, in: nestedValue) {
+                    return parsed
+                }
+            }
+            return nil
+        }
+        if let array = value as? [Any] {
+            for item in array {
+                if let parsed = self.findFirstInt(forKeys: keys, in: item) {
+                    return parsed
+                }
+            }
+        }
+        return nil
+    }
+
+    private static func findFirstDate(forKeys keys: [String], in value: Any) -> Date? {
+        if let dict = value as? [String: Any] {
+            for key in keys {
+                if let parsed = self.parseDate(dict[key]) {
+                    return parsed
+                }
+            }
+            for nestedValue in dict.values {
+                if let parsed = self.findFirstDate(forKeys: keys, in: nestedValue) {
+                    return parsed
+                }
+            }
+            return nil
+        }
+        if let array = value as? [Any] {
+            for item in array {
+                if let parsed = self.findFirstDate(forKeys: keys, in: item) {
+                    return parsed
+                }
+            }
+        }
+        return nil
+    }
+
+    private static func expandedJSON(_ value: Any) -> Any {
+        if let dict = value as? [String: Any] {
+            var expanded: [String: Any] = [:]
+            expanded.reserveCapacity(dict.count)
+            for (key, nested) in dict {
+                expanded[key] = self.expandedJSON(nested)
+            }
+            return expanded
+        }
+        if let array = value as? [Any] {
+            return array.map { self.expandedJSON($0) }
+        }
+        if let string = value as? String,
+           let data = string.data(using: .utf8),
+           let nested = try? JSONSerialization.jsonObject(with: data, options: []),
+           nested is [String: Any] || nested is [Any]
+        {
+            return self.expandedJSON(nested)
+        }
+        return value
+    }
+
+    private static func anyString(for keys: [String], in dict: [String: Any]) -> String? {
+        for key in keys {
+            if let value = self.parseString(dict[key]) {
+                return value
+            }
+        }
+        return nil
+    }
+
+    private static func anyDouble(for keys: [String], in dict: [String: Any]) -> Double? {
+        for key in keys {
+            if let value = self.parseDouble(dict[key]) {
+                return value
+            }
+        }
+        return nil
+    }
+
+    private static func anyDate(for keys: [String], in dict: [String: Any]) -> Date? {
+        for key in keys {
+            if let value = self.parseDate(dict[key]) {
+                return value
+            }
+        }
+        return nil
+    }
+
+    private static func anyBool(for keys: [String], in dict: [String: Any]) -> Bool? {
+        for key in keys {
+            if let value = self.parseBool(dict[key]) {
+                return value
+            }
+        }
+        return nil
+    }
+
+    private static func parseInt(_ raw: Any?) -> Int? {
+        if let value = raw as? Int { return value }
+        if let value = raw as? Int64 { return Int(value) }
+        if let value = raw as? Double { return Int(value) }
+        if let value = raw as? NSNumber { return value.intValue }
+        if let value = self.parseString(raw) { return Int(value) }
+        return nil
+    }
+
+    private static func parseDouble(_ raw: Any?) -> Double? {
+        if let value = raw as? Double { return value }
+        if let value = raw as? Int { return Double(value) }
+        if let value = raw as? Int64 { return Double(value) }
+        if let value = raw as? NSNumber { return value.doubleValue }
+        if let value = self.parseString(raw) {
+            let cleaned = value.replacingOccurrences(of: ",", with: "")
+            return Double(cleaned)
+        }
+        return nil
+    }
+
+    private static func parseString(_ raw: Any?) -> String? {
+        guard let value = raw as? String else { return nil }
+        let trimmed = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return trimmed.isEmpty ? nil : trimmed
+    }
+
+    private static func parseDate(_ raw: Any?) -> Date? {
+        if let intValue = self.parseInt(raw) {
+            if intValue > 1_000_000_000_000 {
+                return Date(timeIntervalSince1970: TimeInterval(intValue) / 1000)
+            }
+            if intValue > 1_000_000_000 {
+                return Date(timeIntervalSince1970: TimeInterval(intValue))
+            }
+        }
+        if let string = self.parseString(raw) {
+            let formatter = ISO8601DateFormatter()
+            if let date = formatter.date(from: string) {
+                return date
+            }
+            let dateFormatter = DateFormatter()
+            dateFormatter.locale = Locale(identifier: "en_US_POSIX")
+            for format in ["yyyy-MM-dd", "yyyy-MM-dd HH:mm", "yyyy-MM-dd HH:mm:ss"] {
+                dateFormatter.dateFormat = format
+                if let date = dateFormatter.date(from: string) {
+                    return date
+                }
+            }
+        }
+        return nil
+    }
+
+    private static func parseBool(_ raw: Any?) -> Bool? {
+        if let value = raw as? Bool { return value }
+        if let number = raw as? NSNumber { return number.boolValue }
+        guard let string = self.parseString(raw)?.lowercased() else { return nil }
+        switch string {
+        case "true", "1", "yes", "active", "valid", "normal":
+            return true
+        case "false", "0", "no", "inactive", "invalid", "expired":
+            return false
+        default:
+            return nil
+        }
+    }
+
+    private static func extractCookieValue(name: String, from cookieHeader: String) -> String? {
+        cookieHeader
+            .split(separator: ";")
+            .compactMap { part -> (String, String)? in
+                let pieces = part.split(separator: "=", maxSplits: 1).map {
+                    $0.trimmingCharacters(in: .whitespacesAndNewlines)
+                }
+                guard pieces.count == 2 else { return nil }
+                return (pieces[0], pieces[1])
+            }
+            .first { $0.0 == name }?
+            .1
+    }
+
+    private static func hasCSRF(in cookieHeader: String) -> Bool {
+        self.extractCookieValue(name: "login_aliyunid_csrf", from: cookieHeader) != nil ||
+            self.extractCookieValue(name: "csrf", from: cookieHeader) != nil
+    }
+
+    static func cookieNames(from cookieHeader: String) -> [String] {
+        CookieHeaderNormalizer.pairs(from: cookieHeader)
+            .map(\.name)
+            .filter { !$0.isEmpty }
+            .uniquedSorted()
+    }
+
+    static func cookieNamesDescription(from cookieHeader: String) -> String {
+        let names = self.cookieNames(from: cookieHeader)
+        return names.isEmpty ? "none" : names.joined(separator: ",")
+    }
+
+    private static func extractSECToken(from html: String) -> String? {
+        let patterns = [
+            #""secToken"\s*:\s*"([^"]+)""#,
+            #""sec_token"\s*:\s*"([^"]+)""#,
+            #"secToken['"]?\s*[:=]\s*['"]([^'"]+)['"]"#,
+            #"sec_token['"]?\s*[:=]\s*['"]([^'"]+)['"]"#,
+        ]
+        for pattern in patterns {
+            if let token = self.matchFirstGroup(pattern: pattern, in: html), !token.isEmpty {
+                return token
+            }
+        }
+        return nil
+    }
+
+    private static func matchFirstGroup(pattern: String, in text: String) -> String? {
+        guard let regex = try? NSRegularExpression(pattern: pattern, options: []) else {
+            return nil
+        }
+        let range = NSRange(text.startIndex..<text.endIndex, in: text)
+        guard let match = regex.firstMatch(in: text, options: [], range: range),
+              match.numberOfRanges > 1,
+              let valueRange = Range(match.range(at: 1), in: text)
+        else {
+            return nil
+        }
+        let value = text[valueRange].trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : String(value)
+    }
+}
+
+extension [String] {
+    fileprivate func uniquedSorted() -> [String] {
+        Array(Set(self)).sorted()
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Alibaba/AlibabaTokenPlanUsageSnapshot.swift b/Sources/CodexBarCore/Providers/Alibaba/AlibabaTokenPlanUsageSnapshot.swift
new file mode 100644
index 000000000..36cee2a2b
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Alibaba/AlibabaTokenPlanUsageSnapshot.swift
@@ -0,0 +1,96 @@
+import Foundation
+
+public struct AlibabaTokenPlanUsageSnapshot: Sendable {
+    public let planName: String?
+    public let usedQuota: Double?
+    public let totalQuota: Double?
+    public let remainingQuota: Double?
+    public let resetsAt: Date?
+    public let updatedAt: Date
+
+    public init(
+        planName: String?,
+        usedQuota: Double?,
+        totalQuota: Double?,
+        remainingQuota: Double?,
+        resetsAt: Date?,
+        updatedAt: Date)
+    {
+        self.planName = planName
+        self.usedQuota = usedQuota
+        self.totalQuota = totalQuota
+        self.remainingQuota = remainingQuota
+        self.resetsAt = resetsAt
+        self.updatedAt = updatedAt
+    }
+}
+
+extension AlibabaTokenPlanUsageSnapshot {
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let primary: RateWindow? = Self.usedPercent(
+            used: self.usedQuota,
+            total: self.totalQuota,
+            remaining: self.remainingQuota).map {
+            RateWindow(
+                usedPercent: $0,
+                windowMinutes: 30 * 24 * 60,
+                resetsAt: self.resetsAt,
+                resetDescription: Self.quotaDetail(
+                    used: self.usedQuota,
+                    total: self.totalQuota,
+                    remaining: self.remainingQuota))
+        }
+
+        let planName = self.planName?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let loginMethod = (planName?.isEmpty ?? true) ? nil : planName
+        let identity = ProviderIdentitySnapshot(
+            providerID: .alibabatokenplan,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: loginMethod)
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: nil,
+            tertiary: nil,
+            providerCost: nil,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+
+    private static func usedPercent(used: Double?, total: Double?, remaining: Double?) -> Double? {
+        guard let total, total > 0 else { return nil }
+        let usedValue: Double? = if let used {
+            used
+        } else if let remaining {
+            total - remaining
+        } else {
+            nil
+        }
+        guard let usedValue else { return nil }
+        let normalizedUsed = max(0, min(usedValue, total))
+        return normalizedUsed / total * 100
+    }
+
+    private static func quotaDetail(used: Double?, total: Double?, remaining: Double?) -> String? {
+        if let used, let total, total > 0 {
+            return "\(self.format(used)) / \(self.format(total)) credits used"
+        }
+        if let remaining, let total, total > 0 {
+            return "\(Self.format(remaining)) / \(Self.format(total)) credits left"
+        }
+        if let remaining {
+            return "\(Self.format(remaining)) credits left"
+        }
+        return nil
+    }
+
+    private static func format(_ value: Double) -> String {
+        let formatter = NumberFormatter()
+        formatter.numberStyle = .decimal
+        formatter.usesGroupingSeparator = true
+        formatter.maximumFractionDigits = value.rounded() == value ? 0 : 2
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        return formatter.string(from: NSNumber(value: value)) ?? String(format: "%.2f", value)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Amp/AmpUsageFetcher.swift b/Sources/CodexBarCore/Providers/Amp/AmpUsageFetcher.swift
index 3ef31c4cb..dbe39d4c8 100644
--- a/Sources/CodexBarCore/Providers/Amp/AmpUsageFetcher.swift
+++ b/Sources/CodexBarCore/Providers/Amp/AmpUsageFetcher.swift
@@ -65,7 +65,7 @@ public enum AmpCookieImporter {
         for browserSource in installed {
             do {
                 let query = BrowserCookieQuery(domains: self.cookieDomains)
-                let sources = try Self.cookieClient.records(
+                let sources = try Self.cookieClient.codexBarRecords(
                     matching: query,
                     in: browserSource,
                     logger: log)
@@ -249,13 +249,10 @@ public struct AmpUsageFetcher: Sendable {
         request.setValue(Self.settingsURL.absoluteString, forHTTPHeaderField: "referer")
 
         let session = URLSession(configuration: .ephemeral, delegate: diagnostics, delegateQueue: nil)
-        let (data, response) = try await session.data(for: request)
-        guard let httpResponse = response as? HTTPURLResponse else {
-            throw AmpUsageError.networkError("Invalid response")
-        }
+        let httpResponse = try await session.response(for: request)
         let responseInfo = ResponseInfo(
             statusCode: httpResponse.statusCode,
-            url: httpResponse.url?.absoluteString ?? "unknown")
+            url: httpResponse.response.url?.absoluteString ?? "unknown")
 
         guard httpResponse.statusCode == 200 else {
             if httpResponse.statusCode == 401 || httpResponse.statusCode == 403 {
@@ -267,7 +264,7 @@ public struct AmpUsageFetcher: Sendable {
             throw AmpUsageError.networkError("HTTP \(httpResponse.statusCode)")
         }
 
-        let html = String(data: data, encoding: .utf8) ?? ""
+        let html = String(data: httpResponse.data, encoding: .utf8) ?? ""
         return (html, responseInfo)
     }
 
@@ -323,7 +320,7 @@ public struct AmpUsageFetcher: Sendable {
         }
     }
 
-    private struct ResponseInfo: Sendable {
+    private struct ResponseInfo {
         let statusCode: Int
         let url: String
     }
diff --git a/Sources/CodexBarCore/Providers/Amp/AmpUsageParser.swift b/Sources/CodexBarCore/Providers/Amp/AmpUsageParser.swift
index d0a68fca3..69cf0bb48 100644
--- a/Sources/CodexBarCore/Providers/Amp/AmpUsageParser.swift
+++ b/Sources/CodexBarCore/Providers/Amp/AmpUsageParser.swift
@@ -17,7 +17,7 @@ enum AmpUsageParser {
             updatedAt: now)
     }
 
-    private struct FreeTierUsage: Sendable {
+    private struct FreeTierUsage {
         let quota: Double
         let used: Double
         let hourlyReplenishment: Double
diff --git a/Sources/CodexBarCore/Providers/Antigravity/AntigravityOAuthCredentialsStore.swift b/Sources/CodexBarCore/Providers/Antigravity/AntigravityOAuthCredentialsStore.swift
new file mode 100644
index 000000000..c108148f6
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Antigravity/AntigravityOAuthCredentialsStore.swift
@@ -0,0 +1,460 @@
+import Foundation
+
+public struct AntigravityOAuthCredentials: Codable, Sendable, Equatable {
+    public var accessToken: String?
+    public var refreshToken: String?
+    public var expiryDateMilliseconds: Double?
+    public var idToken: String?
+    public var email: String?
+    public var projectID: String?
+    public var clientID: String?
+    public var clientSecret: String?
+
+    public init(
+        accessToken: String?,
+        refreshToken: String?,
+        expiryDate: Date?,
+        idToken: String? = nil,
+        email: String? = nil,
+        projectID: String? = nil,
+        clientID: String? = nil,
+        clientSecret: String? = nil)
+    {
+        self.accessToken = accessToken
+        self.refreshToken = refreshToken
+        self.expiryDateMilliseconds = expiryDate.map { $0.timeIntervalSince1970 * 1000 }
+        self.idToken = idToken
+        self.email = email
+        self.projectID = projectID
+        self.clientID = clientID
+        self.clientSecret = clientSecret
+    }
+
+    public var expiryDate: Date? {
+        guard let expiryDateMilliseconds else { return nil }
+        return Date(timeIntervalSince1970: expiryDateMilliseconds / 1000)
+    }
+
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.accessToken =
+            try container.decodeIfPresent(String.self, forKey: .accessTokenSnake)
+            ?? container.decodeIfPresent(String.self, forKey: .accessTokenCamel)
+        self.refreshToken =
+            try container.decodeIfPresent(String.self, forKey: .refreshTokenSnake)
+            ?? container.decodeIfPresent(String.self, forKey: .refreshTokenCamel)
+        self.idToken =
+            try container.decodeIfPresent(String.self, forKey: .idTokenSnake)
+            ?? container.decodeIfPresent(String.self, forKey: .idTokenCamel)
+        self.email = try container.decodeIfPresent(String.self, forKey: .email)
+        self.projectID =
+            try container.decodeIfPresent(String.self, forKey: .projectIDSnake)
+            ?? container.decodeIfPresent(String.self, forKey: .projectIDCamel)
+        self.clientID =
+            try container.decodeIfPresent(String.self, forKey: .clientIDSnake)
+            ?? container.decodeIfPresent(String.self, forKey: .clientIDCamel)
+        self.clientSecret =
+            try container.decodeIfPresent(String.self, forKey: .clientSecretSnake)
+            ?? container.decodeIfPresent(String.self, forKey: .clientSecretCamel)
+
+        if let expiryDateMilliseconds = try container.decodeIfPresent(Double.self, forKey: .expiryDateSnake)
+            ?? container.decodeIfPresent(Double.self, forKey: .expiresAtCamel)
+        {
+            self.expiryDateMilliseconds = expiryDateMilliseconds
+        } else if let expiryDateMilliseconds = try container.decodeIfPresent(Int.self, forKey: .expiryDateSnake)
+            ?? container.decodeIfPresent(Int.self, forKey: .expiresAtCamel)
+        {
+            self.expiryDateMilliseconds = Double(expiryDateMilliseconds)
+        } else {
+            self.expiryDateMilliseconds = nil
+        }
+    }
+
+    public func encode(to encoder: Encoder) throws {
+        var container = encoder.container(keyedBy: CodingKeys.self)
+        try container.encodeIfPresent(self.accessToken, forKey: .accessTokenSnake)
+        try container.encodeIfPresent(self.refreshToken, forKey: .refreshTokenSnake)
+        try container.encodeIfPresent(self.expiryDateMilliseconds, forKey: .expiryDateSnake)
+        try container.encodeIfPresent(self.idToken, forKey: .idTokenSnake)
+        try container.encodeIfPresent(self.email, forKey: .email)
+        try container.encodeIfPresent(self.projectID, forKey: .projectIDSnake)
+        try container.encodeIfPresent(self.clientID, forKey: .clientIDSnake)
+        try container.encodeIfPresent(self.clientSecret, forKey: .clientSecretSnake)
+    }
+
+    enum CodingKeys: String, CodingKey {
+        case accessTokenSnake = "access_token"
+        case accessTokenCamel = "accessToken"
+        case refreshTokenSnake = "refresh_token"
+        case refreshTokenCamel = "refreshToken"
+        case expiryDateSnake = "expiry_date"
+        case expiresAtCamel = "expiresAt"
+        case idTokenSnake = "id_token"
+        case idTokenCamel = "idToken"
+        case email
+        case projectIDSnake = "project_id"
+        case projectIDCamel = "projectId"
+        case clientIDSnake = "client_id"
+        case clientIDCamel = "clientId"
+        case clientSecretSnake = "client_secret"
+        case clientSecretCamel = "clientSecret"
+    }
+}
+
+public struct AntigravityOAuthClient: Sendable, Equatable {
+    public let clientID: String
+    public let clientSecret: String
+
+    public init(clientID: String, clientSecret: String) {
+        self.clientID = clientID
+        self.clientSecret = clientSecret
+    }
+}
+
+public enum AntigravityOAuthConfig {
+    public static var configuredClientID: String? {
+        let value = ProcessInfo.processInfo.environment["ANTIGRAVITY_OAUTH_CLIENT_ID"]
+        return value?.trimmingCharacters(in: .whitespacesAndNewlines).nilIfEmpty
+    }
+
+    public static var configuredClientSecret: String? {
+        let value = ProcessInfo.processInfo.environment["ANTIGRAVITY_OAUTH_CLIENT_SECRET"]
+        return value?.trimmingCharacters(in: .whitespacesAndNewlines).nilIfEmpty
+    }
+
+    public static let authURL = URL(string: "https://accounts.google.com/o/oauth2/v2/auth")!
+    public static let tokenURL = URL(string: "https://oauth2.googleapis.com/token")!
+    public static let userInfoURL = URL(string: "https://www.googleapis.com/oauth2/v2/userinfo")!
+    public static let scopes = [
+        "https://www.googleapis.com/auth/cloud-platform",
+        "https://www.googleapis.com/auth/userinfo.email",
+    ]
+
+    public static let missingCredentialsMessage =
+        """
+        Antigravity OAuth client is not configured. Install Antigravity.app or set \
+        ANTIGRAVITY_OAUTH_CLIENT_ID and ANTIGRAVITY_OAUTH_CLIENT_SECRET before logging in.
+        """
+
+    public static func resolvedClient() -> AntigravityOAuthClient? {
+        if let client = environmentClient() {
+            return client
+        }
+        return Self.discoverClientFromInstalledApp()
+    }
+
+    private static func environmentClient() -> AntigravityOAuthClient? {
+        guard let clientID = configuredClientID,
+              let clientSecret = configuredClientSecret
+        else {
+            return nil
+        }
+        return AntigravityOAuthClient(clientID: clientID, clientSecret: clientSecret)
+    }
+
+    static func discoverClientFromInstalledApp(
+        applicationRoots: [URL]? = nil,
+        fileManager: FileManager = .default) -> AntigravityOAuthClient?
+    {
+        for url in self.candidateOAuthClientArtifactURLs(
+            applicationRoots: applicationRoots,
+            fileManager: fileManager)
+            where fileManager.fileExists(atPath: url.path)
+        {
+            guard let data = try? Data(contentsOf: url),
+                  let client = Self.parseClient(fromInstalledArtifactData: data)
+            else {
+                continue
+            }
+            return client
+        }
+        return nil
+    }
+
+    static func candidateOAuthClientArtifactURLs(
+        applicationRoots: [URL]? = nil,
+        fileManager: FileManager = .default) -> [URL]
+    {
+        let roots = [
+            URL(fileURLWithPath: "/Applications", isDirectory: true),
+            fileManager.homeDirectoryForCurrentUser.appendingPathComponent("Applications", isDirectory: true),
+        ]
+        let applicationRoots = applicationRoots ?? roots
+        let appBundleURLs = self.candidateAntigravityAppBundleURLs(
+            applicationRoots: applicationRoots,
+            fileManager: fileManager)
+        let relativePaths = [
+            "Contents/Resources/app/extensions/antigravity/bin/language_server_macos_arm",
+            "Contents/Resources/app/extensions/antigravity/bin/language_server_macos_x64",
+            "Contents/Resources/app/extensions/antigravity/bin/language_server_macos",
+            "Contents/Resources/app/out/main.js",
+            "Contents/Resources/bin/language_server",
+            "Contents/Resources/bin/language_server_macos",
+        ]
+        return appBundleURLs.flatMap { bundleURL in
+            relativePaths.map { bundleURL.appendingPathComponent($0) }
+        }
+    }
+
+    private static func candidateAntigravityAppBundleURLs(
+        applicationRoots: [URL],
+        fileManager: FileManager) -> [URL]
+    {
+        var urls: [URL] = []
+
+        for root in applicationRoots {
+            urls.append(root.appendingPathComponent("Antigravity.app", isDirectory: true))
+
+            let appURLs = (try? fileManager.contentsOfDirectory(
+                at: root,
+                includingPropertiesForKeys: [.isDirectoryKey],
+                options: [.skipsHiddenFiles])) ?? []
+            for appURL in appURLs where appURL.pathExtension == "app" {
+                guard self.isAntigravityAppBundle(appURL) else { continue }
+                urls.append(appURL)
+            }
+        }
+
+        var seen = Set<String>()
+        return urls.filter { url in
+            let key = url.standardizedFileURL.path
+            guard !seen.contains(key) else { return false }
+            seen.insert(key)
+            return true
+        }
+    }
+
+    private static func isAntigravityAppBundle(_ url: URL) -> Bool {
+        switch Bundle(url: url)?.bundleIdentifier {
+        case "com.google.antigravity", "com.google.antigravity-ide":
+            true
+        default:
+            false
+        }
+    }
+
+    static func parseClient(fromInstalledArtifactData data: Data) -> AntigravityOAuthClient? {
+        if let content = String(data: data, encoding: .utf8),
+           let client = parseClient(fromInstalledArtifactText: content)
+        {
+            return client
+        }
+
+        let clientIDs = Self.clientIDs(in: data)
+        let clientSecrets = Self.clientSecrets(in: data)
+        guard let client = Self.preferredBinaryClient(
+            clientIDs: clientIDs,
+            clientSecrets: clientSecrets)
+        else {
+            return nil
+        }
+
+        return client
+    }
+
+    static func parseClient(fromInstalledArtifactText content: String) -> AntigravityOAuthClient? {
+        let marker = "vs/platform/cloudCode/common/oauthClient.js"
+        let searchStart = content.range(of: marker)?.lowerBound ?? content.startIndex
+        let searchEnd = content.index(searchStart, offsetBy: 4000, limitedBy: content.endIndex) ?? content.endIndex
+        let haystack = String(content[searchStart..<searchEnd])
+
+        guard let clientID = Self.firstMatch(
+            pattern: #"[0-9]+-[A-Za-z0-9_-]+\.apps\.googleusercontent\.com"#,
+            in: haystack),
+            let clientSecret = Self.firstMatch(
+                pattern: #"GOCSPX-[A-Za-z0-9_-]{28}"#,
+                in: haystack)
+        else {
+            return nil
+        }
+
+        return AntigravityOAuthClient(clientID: clientID, clientSecret: clientSecret)
+    }
+
+    private static func clientIDs(in data: Data) -> [String] {
+        let suffix = Data(".apps.googleusercontent.com".utf8)
+        var searchRange = data.startIndex..<data.endIndex
+        var values: [String] = []
+
+        while let range = data.range(of: suffix, options: [], in: searchRange) {
+            var start = range.lowerBound
+            while start > data.startIndex {
+                let previous = data.index(before: start)
+                guard Self.isOAuthClientIDPrefixByte(data[previous]) else { break }
+                start = previous
+            }
+
+            let candidateData = Data(data[start..<range.upperBound])
+            if let candidate = String(data: candidateData, encoding: .ascii),
+               let clientID = Self.firstMatch(
+                   pattern: #"[0-9]+-[A-Za-z0-9_-]+\.apps\.googleusercontent\.com"#,
+                   in: candidate)
+            {
+                values.append(clientID)
+            }
+
+            searchRange = range.upperBound..<data.endIndex
+        }
+
+        return self.unique(values)
+    }
+
+    private static func clientSecrets(in data: Data) -> [String] {
+        let prefix = Data("GOCSPX-".utf8)
+        let secretLength = 35
+        var searchRange = data.startIndex..<data.endIndex
+        var values: [String] = []
+
+        while let range = data.range(of: prefix, options: [], in: searchRange) {
+            let end = range.lowerBound + secretLength
+            if end <= data.endIndex {
+                let candidateData = Data(data[range.lowerBound..<end])
+                if candidateData.dropFirst(prefix.count).allSatisfy(Self.isOAuthClientSecretByte),
+                   let candidate = String(data: candidateData, encoding: .ascii)
+                {
+                    values.append(candidate)
+                }
+            }
+
+            searchRange = range.upperBound..<data.endIndex
+        }
+
+        return self.unique(values)
+    }
+
+    private static func preferredBinaryClient(
+        clientIDs: [String],
+        clientSecrets: [String]) -> AntigravityOAuthClient?
+    {
+        guard !clientIDs.isEmpty,
+              !clientSecrets.isEmpty
+        else {
+            return nil
+        }
+
+        if clientSecrets.count == 1, clientIDs.count > 1 {
+            return AntigravityOAuthClient(clientID: clientIDs[clientIDs.count - 1], clientSecret: clientSecrets[0])
+        }
+
+        let clientSecret: String = if clientSecrets.count == clientIDs.count, clientSecrets.count > 1 {
+            // Antigravity 2's language_server binary stores the secret table before the client id table.
+            clientSecrets[clientSecrets.count - 1]
+        } else {
+            clientSecrets[0]
+        }
+
+        return AntigravityOAuthClient(clientID: clientIDs[0], clientSecret: clientSecret)
+    }
+
+    private static func isOAuthClientIDPrefixByte(_ byte: UInt8) -> Bool {
+        (byte >= 48 && byte <= 57)
+            || (byte >= 65 && byte <= 90)
+            || (byte >= 97 && byte <= 122)
+            || byte == 45
+            || byte == 95
+    }
+
+    private static func isOAuthClientSecretByte(_ byte: UInt8) -> Bool {
+        self.isOAuthClientIDPrefixByte(byte)
+    }
+
+    private static func firstMatch(pattern: String, in text: String) -> String? {
+        guard let regex = try? NSRegularExpression(pattern: pattern) else { return nil }
+        let range = NSRange(text.startIndex..<text.endIndex, in: text)
+        guard let match = regex.firstMatch(in: text, range: range),
+              let swiftRange = Range(match.range, in: text)
+        else {
+            return nil
+        }
+        return String(text[swiftRange])
+    }
+
+    private static func unique(_ values: [String]) -> [String] {
+        var seen = Set<String>()
+        return values.filter { value in
+            guard !seen.contains(value) else { return false }
+            seen.insert(value)
+            return true
+        }
+    }
+}
+
+public struct AntigravityOAuthCredentialsStore: @unchecked Sendable {
+    public static let environmentCredentialsKey = "ANTIGRAVITY_OAUTH_CREDENTIALS_JSON"
+
+    public let fileURL: URL
+    private let fileManager: FileManager
+
+    public init(fileURL: URL = Self.defaultURL(), fileManager: FileManager = .default) {
+        self.fileURL = fileURL
+        self.fileManager = fileManager
+    }
+
+    public func load() throws -> AntigravityOAuthCredentials? {
+        guard self.fileManager.fileExists(atPath: self.fileURL.path) else { return nil }
+        let data = try Data(contentsOf: self.fileURL)
+        return try JSONDecoder().decode(AntigravityOAuthCredentials.self, from: data)
+    }
+
+    public func save(_ credentials: AntigravityOAuthCredentials) throws {
+        let data = try JSONEncoder.antigravityCredentials.encode(credentials)
+        let directory = self.fileURL.deletingLastPathComponent()
+        if !self.fileManager.fileExists(atPath: directory.path) {
+            try self.fileManager.createDirectory(at: directory, withIntermediateDirectories: true)
+        }
+        try data.write(to: self.fileURL, options: [.atomic])
+        try self.applySecurePermissionsIfNeeded()
+    }
+
+    public func deleteIfPresent() throws {
+        guard self.fileManager.fileExists(atPath: self.fileURL.path) else { return }
+        try self.fileManager.removeItem(at: self.fileURL)
+    }
+
+    public static func defaultDirectoryURL(home: URL = FileManager.default.homeDirectoryForCurrentUser) -> URL {
+        home
+            .appendingPathComponent(".codexbar", isDirectory: true)
+            .appendingPathComponent("antigravity", isDirectory: true)
+    }
+
+    public static func defaultURL(home: URL = FileManager.default.homeDirectoryForCurrentUser) -> URL {
+        self.defaultDirectoryURL(home: home)
+            .appendingPathComponent("oauth_creds.json")
+    }
+
+    public static func tokenAccountValue(for credentials: AntigravityOAuthCredentials) throws -> String {
+        let data = try JSONEncoder.antigravityCredentials.encode(credentials)
+        guard let value = String(data: data, encoding: .utf8) else {
+            throw CocoaError(.coderInvalidValue)
+        }
+        return value
+    }
+
+    public static func credentials(fromTokenAccountValue value: String) -> AntigravityOAuthCredentials? {
+        let trimmed = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty, let data = trimmed.data(using: .utf8) else { return nil }
+        return try? JSONDecoder().decode(AntigravityOAuthCredentials.self, from: data)
+    }
+
+    private func applySecurePermissionsIfNeeded() throws {
+        #if os(macOS) || os(Linux)
+        try self.fileManager.setAttributes([
+            .posixPermissions: NSNumber(value: Int16(0o600)),
+        ], ofItemAtPath: self.fileURL.path)
+        #endif
+    }
+}
+
+extension JSONEncoder {
+    fileprivate static let antigravityCredentials: JSONEncoder = {
+        let encoder = JSONEncoder()
+        encoder.outputFormatting = [.prettyPrinted, .sortedKeys]
+        return encoder
+    }()
+}
+
+extension String {
+    fileprivate var nilIfEmpty: String? {
+        self.isEmpty ? nil : self
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Antigravity/AntigravityProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Antigravity/AntigravityProviderDescriptor.swift
index 1e59964b0..27aeb8100 100644
--- a/Sources/CodexBarCore/Providers/Antigravity/AntigravityProviderDescriptor.swift
+++ b/Sources/CodexBarCore/Providers/Antigravity/AntigravityProviderDescriptor.swift
@@ -33,12 +33,28 @@ public enum AntigravityProviderDescriptor {
                 supportsTokenCost: false,
                 noDataMessage: { "Antigravity cost summary is not supported." }),
             fetchPlan: ProviderFetchPlan(
-                sourceModes: [.auto, .cli],
-                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [AntigravityStatusFetchStrategy()] })),
+                sourceModes: [.auto, .cli, .oauth],
+                pipeline: ProviderFetchPipeline(resolveStrategies: self.resolveStrategies)),
             cli: ProviderCLIConfig(
                 name: "antigravity",
                 versionDetector: nil))
     }
+
+    private static func resolveStrategies(context: ProviderFetchContext) async -> [any ProviderFetchStrategy] {
+        let local = AntigravityStatusFetchStrategy()
+        let oauth = AntigravityOAuthFetchStrategy()
+
+        switch context.sourceMode {
+        case .cli:
+            return [local]
+        case .oauth:
+            return [oauth]
+        case .auto:
+            return [local, oauth]
+        case .web, .api:
+            return []
+        }
+    }
 }
 
 struct AntigravityStatusFetchStrategy: ProviderFetchStrategy {
@@ -58,6 +74,51 @@ struct AntigravityStatusFetchStrategy: ProviderFetchStrategy {
             sourceLabel: "local")
     }
 
+    func shouldFallback(on _: Error, context: ProviderFetchContext) -> Bool {
+        context.sourceMode == .auto
+    }
+}
+
+struct AntigravityOAuthFetchStrategy: ProviderFetchStrategy {
+    let id: String = "antigravity.oauth"
+    let kind: ProviderFetchKind = .oauth
+
+    func isAvailable(_: ProviderFetchContext) async -> Bool {
+        true
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let fetcher = AntigravityRemoteUsageFetcher(
+            environment: context.env,
+            credentialsUpdateHandler: { credentials in
+                guard let accountID = context.selectedTokenAccountID,
+                      let updater = context.tokenAccountTokenUpdater
+                else {
+                    return
+                }
+                let token = try AntigravityOAuthCredentialsStore.tokenAccountValue(for: credentials)
+                await updater(.antigravity, accountID, token)
+            })
+        let snapshot = try await fetcher.fetch()
+        let usage = if snapshot.modelQuotas.isEmpty {
+            UsageSnapshot(
+                primary: nil,
+                secondary: nil,
+                tertiary: nil,
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .antigravity,
+                    accountEmail: snapshot.accountEmail,
+                    accountOrganization: nil,
+                    loginMethod: snapshot.accountPlan))
+        } else {
+            try snapshot.toUsageSnapshot()
+        }
+        return self.makeResult(
+            usage: usage,
+            sourceLabel: "oauth")
+    }
+
     func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
         false
     }
diff --git a/Sources/CodexBarCore/Providers/Antigravity/AntigravityRemoteUsageFetcher.swift b/Sources/CodexBarCore/Providers/Antigravity/AntigravityRemoteUsageFetcher.swift
new file mode 100644
index 000000000..cb1dadadb
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Antigravity/AntigravityRemoteUsageFetcher.swift
@@ -0,0 +1,775 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public enum AntigravityRemoteFetchError: LocalizedError, Sendable, Equatable {
+    case notLoggedIn
+    case permissionDenied(String)
+    case apiError(String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .notLoggedIn:
+            "Antigravity Google auth not found. Use Antigravity login to authenticate."
+        case let .permissionDenied(message):
+            "Antigravity remote API permission denied: \(message)"
+        case let .apiError(message):
+            "Antigravity remote API error: \(message)"
+        case let .parseFailed(message):
+            "Could not parse Antigravity remote usage: \(message)"
+        }
+    }
+}
+
+public struct AntigravityRemoteUsageFetcher: Sendable {
+    public var timeout: TimeInterval = 10.0
+    public var homeDirectory: String
+    public var environment: [String: String]
+    public var dataLoader: @Sendable (URLRequest) async throws -> (Data, URLResponse)
+    public var oauthClientResolver: @Sendable () -> AntigravityOAuthClient?
+    public var credentialsUpdateHandler: @Sendable (AntigravityOAuthCredentials) async throws -> Void
+
+    private static let log = CodexBarLog.logger(LogCategories.antigravity)
+    private static let userAgent = "antigravity"
+    private static let baseURL = "https://cloudcode-pa.googleapis.com"
+    private static let loadCodeAssistEndpoint = "\(baseURL)/v1internal:loadCodeAssist"
+    private static let onboardUserEndpoint = "\(baseURL)/v1internal:onboardUser"
+    private static let fetchAvailableModelsEndpoint = "\(baseURL)/v1internal:fetchAvailableModels"
+    private static let retrieveUserQuotaEndpoint = "\(baseURL)/v1internal:retrieveUserQuota"
+    private static let refreshSafetyWindow: TimeInterval = 60
+
+    private struct FetchContext {
+        let timeout: TimeInterval
+        let store: AntigravityOAuthCredentialsStore?
+        let dataLoader: @Sendable (URLRequest) async throws -> (Data, URLResponse)
+        let oauthClientResolver: @Sendable () -> AntigravityOAuthClient?
+        let credentialsUpdateHandler: @Sendable (AntigravityOAuthCredentials) async throws -> Void
+
+        func persistCredentials(_ credentials: AntigravityOAuthCredentials) async throws {
+            if let store {
+                try store.save(credentials)
+            } else {
+                try await self.credentialsUpdateHandler(credentials)
+            }
+        }
+    }
+
+    public init(
+        timeout: TimeInterval = 10.0,
+        homeDirectory: String = NSHomeDirectory(),
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        dataLoader: @escaping @Sendable (URLRequest) async throws -> (Data, URLResponse) = { request in
+            try await ProviderHTTPClient.shared.data(for: request)
+        },
+        oauthClientResolver: @escaping @Sendable () -> AntigravityOAuthClient? = {
+            AntigravityOAuthConfig.resolvedClient()
+        },
+        credentialsUpdateHandler: @escaping @Sendable (AntigravityOAuthCredentials) async throws -> Void = { _ in })
+    {
+        self.timeout = timeout
+        self.homeDirectory = homeDirectory
+        self.environment = environment
+        self.dataLoader = dataLoader
+        self.oauthClientResolver = oauthClientResolver
+        self.credentialsUpdateHandler = credentialsUpdateHandler
+    }
+
+    public func fetch() async throws -> AntigravityStatusSnapshot {
+        let source = try Self.resolveCredentialSource(homeDirectory: self.homeDirectory, environment: self.environment)
+        guard let credentials = source.credentials else {
+            throw AntigravityRemoteFetchError.notLoggedIn
+        }
+        return try await self.fetchSnapshot(
+            using: credentials,
+            store: source.store)
+    }
+
+    private func fetchSnapshot(
+        using initialCredentials: AntigravityOAuthCredentials,
+        store: AntigravityOAuthCredentialsStore?) async throws
+        -> AntigravityStatusSnapshot
+    {
+        guard let storedAccessToken = initialCredentials.accessToken?.trimmedNonEmpty else {
+            throw AntigravityRemoteFetchError.notLoggedIn
+        }
+
+        var credentials = initialCredentials
+        var accessToken = storedAccessToken
+        let context = FetchContext(
+            timeout: self.timeout,
+            store: store,
+            dataLoader: self.dataLoader,
+            oauthClientResolver: self.oauthClientResolver,
+            credentialsUpdateHandler: self.credentialsUpdateHandler)
+        if Self.shouldRefresh(expiryDate: credentials.expiryDate, now: Date()) {
+            guard let refreshToken = credentials.refreshToken?.trimmedNonEmpty else {
+                throw AntigravityRemoteFetchError.notLoggedIn
+            }
+            let refreshed = try await Self.refreshAccessToken(
+                credentials: credentials,
+                refreshToken: refreshToken,
+                context: context)
+            accessToken = refreshed.accessToken
+            credentials = refreshed.credentials
+            if let store {
+                credentials = try store.load() ?? credentials
+            }
+            credentials.accessToken = credentials.accessToken?.trimmedNonEmpty ?? accessToken
+        }
+
+        let claims = Self.extractClaims(from: credentials)
+        let codeAssist = try await Self.loadCodeAssist(
+            accessToken: accessToken,
+            timeout: self.timeout,
+            dataLoader: self.dataLoader)
+        let projectId = try await Self.resolveProjectID(
+            accessToken: accessToken,
+            storedProjectID: credentials.projectID?.trimmedNonEmpty,
+            initialResponse: codeAssist,
+            context: context)
+        if let projectId, credentials.projectID?.trimmedNonEmpty != projectId {
+            credentials.projectID = projectId
+            do {
+                try await context.persistCredentials(credentials)
+            } catch {
+                Self.log.warning("Could not persist Antigravity project ID: \(error.localizedDescription)")
+            }
+        }
+        let models = try await Self.fetchModelQuotas(
+            accessToken: accessToken,
+            projectId: projectId,
+            timeout: self.timeout,
+            dataLoader: self.dataLoader)
+
+        return AntigravityStatusSnapshot(
+            modelQuotas: models,
+            accountEmail: claims.email,
+            accountPlan: Self.resolvePlan(response: codeAssist, claims: claims))
+    }
+
+    private static func shouldRefresh(expiryDate: Date?, now: Date) -> Bool {
+        guard let expiryDate else { return false }
+        return expiryDate.timeIntervalSince(now) <= Self.refreshSafetyWindow
+    }
+
+    private static func loadCodeAssist(
+        accessToken: String,
+        timeout: TimeInterval,
+        dataLoader: @escaping @Sendable (URLRequest) async throws -> (Data, URLResponse)) async throws
+        -> CodeAssistResponse
+    {
+        let body = [
+            "metadata": [
+                "ideType": "ANTIGRAVITY",
+                "platform": "PLATFORM_UNSPECIFIED",
+                "pluginType": "GEMINI",
+            ],
+        ]
+        return try await Self.sendRequest(
+            endpoint: Self.loadCodeAssistEndpoint,
+            accessToken: accessToken,
+            body: body,
+            timeout: timeout,
+            dataLoader: dataLoader)
+    }
+
+    private static func fetchAvailableModels(
+        accessToken: String,
+        projectId: String?,
+        timeout: TimeInterval,
+        dataLoader: @escaping @Sendable (URLRequest) async throws -> (Data, URLResponse)) async throws
+        -> FetchAvailableModelsResponse
+    {
+        let body: [String: Any] = if let projectId = projectId?.trimmedNonEmpty {
+            ["project": projectId]
+        } else {
+            [:]
+        }
+        return try await Self.sendRequest(
+            endpoint: Self.fetchAvailableModelsEndpoint,
+            accessToken: accessToken,
+            body: body,
+            timeout: timeout,
+            dataLoader: dataLoader)
+    }
+
+    private static func fetchModelQuotas(
+        accessToken: String,
+        projectId: String?,
+        timeout: TimeInterval,
+        dataLoader: @escaping @Sendable (URLRequest) async throws -> (Data, URLResponse)) async throws
+        -> [AntigravityModelQuota]
+    {
+        do {
+            let response = try await Self.fetchAvailableModels(
+                accessToken: accessToken,
+                projectId: projectId,
+                timeout: timeout,
+                dataLoader: dataLoader)
+            let modelQuotas = try Self.parseModelQuotas(response)
+            if Self.shouldVerifyFullRemoteQuotas(modelQuotas),
+               let quotaBuckets = try? await Self.fetchQuotaBucketsIfPermitted(
+                   accessToken: accessToken,
+                   projectId: projectId,
+                   timeout: timeout,
+                   dataLoader: dataLoader),
+               Self.hasConsumedQuota(quotaBuckets)
+            {
+                return Self.mergeVerifiedQuotas(modelQuotas: modelQuotas, verifiedQuotas: quotaBuckets)
+            }
+            return modelQuotas
+        } catch let error as AntigravityRemoteFetchError {
+            guard case .permissionDenied = error else {
+                throw error
+            }
+            Self.log.info("Falling back to retrieveUserQuota for Antigravity remote usage")
+            return try await Self.fetchQuotaBucketsIfPermitted(
+                accessToken: accessToken,
+                projectId: projectId,
+                timeout: timeout,
+                dataLoader: dataLoader) ?? []
+        }
+    }
+
+    private static func mergeVerifiedQuotas(
+        modelQuotas: [AntigravityModelQuota],
+        verifiedQuotas: [AntigravityModelQuota]) -> [AntigravityModelQuota]
+    {
+        var verifiedByModelID = Dictionary(
+            uniqueKeysWithValues: verifiedQuotas.map { (Self.quotaKey($0), $0) })
+        var merged = modelQuotas.map { modelQuota in
+            guard let verifiedQuota = verifiedByModelID.removeValue(forKey: Self.quotaKey(modelQuota)) else {
+                return modelQuota
+            }
+            let resetTime = verifiedQuota.resetTime ?? modelQuota.resetTime
+            return AntigravityModelQuota(
+                label: modelQuota.label,
+                modelId: modelQuota.modelId,
+                remainingFraction: verifiedQuota.remainingFraction ?? modelQuota.remainingFraction,
+                resetTime: resetTime,
+                resetDescription: resetTime.map { UsageFormatter.resetDescription(from: $0) })
+        }
+        let unmatchedVerifiedQuotas = verifiedByModelID.values
+            .filter { $0.remainingFraction != nil }
+            .sorted { lhs, rhs in
+                lhs.modelId.localizedCaseInsensitiveCompare(rhs.modelId) == .orderedAscending
+            }
+        merged.append(contentsOf: unmatchedVerifiedQuotas)
+        return merged
+    }
+
+    private static func quotaKey(_ quota: AntigravityModelQuota) -> String {
+        quota.modelId.trimmingCharacters(in: .whitespacesAndNewlines).lowercased()
+    }
+
+    private static func shouldVerifyFullRemoteQuotas(_ quotas: [AntigravityModelQuota]) -> Bool {
+        guard !quotas.isEmpty else { return false }
+        return quotas.allSatisfy { quota in
+            guard let remaining = quota.remainingFraction else { return false }
+            return remaining >= 0.999
+        }
+    }
+
+    private static func hasConsumedQuota(_ quotas: [AntigravityModelQuota]) -> Bool {
+        quotas.contains { quota in
+            guard let remaining = quota.remainingFraction else { return false }
+            return remaining < 0.999
+        }
+    }
+
+    private static func fetchQuotaBucketsIfPermitted(
+        accessToken: String,
+        projectId: String?,
+        timeout: TimeInterval,
+        dataLoader: @escaping @Sendable (URLRequest) async throws -> (Data, URLResponse)) async throws
+        -> [AntigravityModelQuota]?
+    {
+        do {
+            let response = try await Self.retrieveUserQuota(
+                accessToken: accessToken,
+                projectId: projectId,
+                timeout: timeout,
+                dataLoader: dataLoader)
+            return try Self.parseQuotaBuckets(response)
+        } catch let quotaError as AntigravityRemoteFetchError {
+            guard case .permissionDenied = quotaError else {
+                throw quotaError
+            }
+            Self.log.info("Antigravity remote quota endpoint is not permitted for this account")
+            return nil
+        }
+    }
+
+    private static func retrieveUserQuota(
+        accessToken: String,
+        projectId: String?,
+        timeout: TimeInterval,
+        dataLoader: @escaping @Sendable (URLRequest) async throws -> (Data, URLResponse)) async throws
+        -> RetrieveUserQuotaResponse
+    {
+        let body: [String: Any] = if let projectId = projectId?.trimmedNonEmpty {
+            ["project": projectId]
+        } else {
+            [:]
+        }
+        return try await Self.sendRequest(
+            endpoint: Self.retrieveUserQuotaEndpoint,
+            accessToken: accessToken,
+            body: body,
+            timeout: timeout,
+            dataLoader: dataLoader)
+    }
+
+    private static func resolveProjectID(
+        accessToken: String,
+        storedProjectID: String?,
+        initialResponse: CodeAssistResponse,
+        context: FetchContext) async throws
+        -> String?
+    {
+        if let storedProjectID {
+            return storedProjectID
+        }
+
+        if let projectID = initialResponse.projectID {
+            return projectID
+        }
+
+        guard let tierID = Self.pickOnboardTier(from: initialResponse) else {
+            return nil
+        }
+
+        let onboardBody: [String: Any] = [
+            "tierId": tierID,
+            "metadata": [
+                "ideType": "ANTIGRAVITY",
+                "platform": "PLATFORM_UNSPECIFIED",
+                "pluginType": "GEMINI",
+            ],
+        ]
+
+        do {
+            let onboardResponse: OnboardResponse = try await Self.sendRequest(
+                endpoint: Self.onboardUserEndpoint,
+                accessToken: accessToken,
+                body: onboardBody,
+                timeout: context.timeout,
+                dataLoader: context.dataLoader)
+            if let projectID = onboardResponse.projectID {
+                return projectID
+            }
+        } catch {
+            Self.log.warning("Antigravity onboarding request failed", metadata: [
+                "error": "\(error.localizedDescription)",
+            ])
+        }
+
+        for _ in 0..<5 {
+            try? await Task.sleep(for: .milliseconds(2000))
+            let refreshed = try await Self.loadCodeAssist(
+                accessToken: accessToken,
+                timeout: context.timeout,
+                dataLoader: context.dataLoader)
+            if let projectID = refreshed.projectID {
+                return projectID
+            }
+        }
+
+        return nil
+    }
+
+    private static func sendRequest<Response: Decodable>(
+        endpoint: String,
+        accessToken: String,
+        body: [String: Any],
+        timeout: TimeInterval,
+        dataLoader: @escaping @Sendable (URLRequest) async throws -> (Data, URLResponse)) async throws
+        -> Response
+    {
+        guard let url = URL(string: endpoint) else {
+            throw AntigravityRemoteFetchError.apiError("Invalid endpoint URL")
+        }
+
+        var request = URLRequest(url: url)
+        request.httpMethod = "POST"
+        request.timeoutInterval = timeout
+        request.setValue("Bearer \(accessToken)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Content-Type")
+        request.setValue(Self.userAgent, forHTTPHeaderField: "User-Agent")
+        request.httpBody = try JSONSerialization.data(withJSONObject: body)
+
+        let httpResponse = try await ProviderHTTPTransportHandler(dataLoader).response(for: request)
+
+        switch httpResponse.statusCode {
+        case 200:
+            break
+        case 401:
+            throw AntigravityRemoteFetchError.notLoggedIn
+        case 403:
+            let message = String(data: httpResponse.data, encoding: .utf8)?.trimmedNonEmpty ?? "HTTP 403"
+            throw AntigravityRemoteFetchError.permissionDenied(message)
+        default:
+            let message = String(data: httpResponse.data, encoding: .utf8)?.trimmedNonEmpty
+                ?? "HTTP \(httpResponse.statusCode)"
+            throw AntigravityRemoteFetchError.apiError("HTTP \(httpResponse.statusCode): \(message)")
+        }
+
+        do {
+            return try JSONDecoder().decode(Response.self, from: httpResponse.data)
+        } catch {
+            throw AntigravityRemoteFetchError.parseFailed(error.localizedDescription)
+        }
+    }
+
+    private static func parseModelQuotas(_ response: FetchAvailableModelsResponse) throws -> [AntigravityModelQuota] {
+        let models = response.models ?? [:]
+        return models.compactMap { modelID, model in
+            guard let quotaInfo = model.quotaInfo else { return nil }
+            let resetTime = quotaInfo.resetTime.flatMap(Self.parseResetTime(_:))
+            let label = model.displayName?.trimmedNonEmpty
+                ?? model.label?.trimmedNonEmpty
+                ?? modelID
+            return AntigravityModelQuota(
+                label: label,
+                modelId: modelID,
+                remainingFraction: quotaInfo.remainingFraction,
+                resetTime: resetTime,
+                resetDescription: resetTime.map { UsageFormatter.resetDescription(from: $0) })
+        }
+    }
+
+    private static func parseQuotaBuckets(_ response: RetrieveUserQuotaResponse) throws -> [AntigravityModelQuota] {
+        guard let buckets = response.buckets, !buckets.isEmpty else {
+            throw AntigravityRemoteFetchError.parseFailed("No quota buckets in response")
+        }
+
+        var modelQuotaMap: [String: (fraction: Double?, resetTime: String?)] = [:]
+        for bucket in buckets {
+            guard let modelID = bucket.modelId?.trimmedNonEmpty else { continue }
+            let next = (bucket.remainingFraction, bucket.resetTime)
+            if let existing = modelQuotaMap[modelID] {
+                let existingValue = existing.fraction ?? Double.greatestFiniteMagnitude
+                let nextValue = next.0 ?? Double.greatestFiniteMagnitude
+                if nextValue < existingValue {
+                    modelQuotaMap[modelID] = next
+                }
+            } else {
+                modelQuotaMap[modelID] = next
+            }
+        }
+
+        return modelQuotaMap.keys.sorted().compactMap { modelID in
+            guard let info = modelQuotaMap[modelID] else { return nil }
+            let resetTime = info.resetTime.flatMap(Self.parseResetTime(_:))
+            return AntigravityModelQuota(
+                label: modelID,
+                modelId: modelID,
+                remainingFraction: info.fraction,
+                resetTime: resetTime,
+                resetDescription: resetTime.map { UsageFormatter.resetDescription(from: $0) })
+        }
+    }
+
+    private static func resolvePlan(response: CodeAssistResponse, claims: TokenClaims) -> String? {
+        if let planType = response.planInfo?.planType?.trimmedNonEmpty {
+            return planType
+        }
+
+        switch (response.currentTier?.id?.trimmedNonEmpty, claims.hostedDomain) {
+        case ("standard-tier", _):
+            return "Paid"
+        case ("free-tier", .some):
+            return "Workspace"
+        case ("free-tier", .none):
+            return "Free"
+        case ("legacy-tier", _):
+            return "Legacy"
+        default:
+            return response.currentTier?.name?.trimmedNonEmpty
+        }
+    }
+
+    private static func pickOnboardTier(from response: CodeAssistResponse) -> String? {
+        if let defaultTier = response.allowedTiers?
+            .first(where: { $0.isDefault == true && $0.id?.trimmedNonEmpty != nil })?.id?.trimmedNonEmpty
+        {
+            return defaultTier
+        }
+        if let firstTier = response.allowedTiers?
+            .first(where: { $0.id?.trimmedNonEmpty != nil })?.id?.trimmedNonEmpty
+        {
+            return firstTier
+        }
+        if let paidTier = response.paidTier?.id?.trimmedNonEmpty {
+            return paidTier
+        }
+        if let currentTier = response.currentTier?.id?.trimmedNonEmpty {
+            return currentTier
+        }
+        return nil
+    }
+
+    private static func parseResetTime(_ value: String) -> Date? {
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        if let date = formatter.date(from: value) {
+            return date
+        }
+        formatter.formatOptions = [.withInternetDateTime]
+        return formatter.date(from: value)
+    }
+
+    private static func credentialsStore(homeDirectory: String) -> AntigravityOAuthCredentialsStore {
+        let homeURL = URL(fileURLWithPath: homeDirectory, isDirectory: true)
+        return AntigravityOAuthCredentialsStore(fileURL: AntigravityOAuthCredentialsStore.defaultURL(home: homeURL))
+    }
+
+    private static func resolveCredentialSource(
+        homeDirectory: String,
+        environment: [String: String]) throws -> (
+        credentials: AntigravityOAuthCredentials?,
+        store: AntigravityOAuthCredentialsStore?)
+    {
+        let primaryStore = Self.credentialsStore(homeDirectory: homeDirectory)
+        if let tokenValue = environment[AntigravityOAuthCredentialsStore.environmentCredentialsKey] {
+            guard let credentials = AntigravityOAuthCredentialsStore.credentials(fromTokenAccountValue: tokenValue)
+            else {
+                throw AntigravityRemoteFetchError.parseFailed("Could not decode selected account credentials.")
+            }
+            return (credentials, nil)
+        }
+        return try (primaryStore.load(), primaryStore)
+    }
+
+    private struct RefreshResult {
+        let accessToken: String
+        let credentials: AntigravityOAuthCredentials
+    }
+
+    private static func refreshAccessToken(
+        credentials: AntigravityOAuthCredentials,
+        refreshToken: String,
+        context: FetchContext) async throws
+        -> RefreshResult
+    {
+        let oauthClient = try Self.refreshOAuthClient(
+            from: credentials,
+            oauthClientResolver: context.oauthClientResolver)
+
+        var request = URLRequest(url: AntigravityOAuthConfig.tokenURL)
+        request.httpMethod = "POST"
+        request.timeoutInterval = context.timeout
+        request.setValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")
+        request.httpBody = Self.formBody([
+            "client_id": oauthClient.clientID,
+            "client_secret": oauthClient.clientSecret,
+            "refresh_token": refreshToken,
+            "grant_type": "refresh_token",
+        ])
+
+        let httpResponse = try await ProviderHTTPTransportHandler(context.dataLoader).response(for: request)
+        guard httpResponse.statusCode == 200 else {
+            throw AntigravityRemoteFetchError.notLoggedIn
+        }
+        guard let json = try JSONSerialization.jsonObject(with: httpResponse.data) as? [String: Any],
+              let accessToken = json["access_token"] as? String
+        else {
+            throw AntigravityRemoteFetchError.parseFailed("Could not parse refresh response")
+        }
+
+        let updatedCredentials = Self.updatedCredentials(credentials, refreshResponse: json)
+        try await context.persistCredentials(updatedCredentials)
+        return RefreshResult(accessToken: accessToken, credentials: updatedCredentials)
+    }
+
+    private static func refreshOAuthClient(
+        from credentials: AntigravityOAuthCredentials,
+        oauthClientResolver: @escaping @Sendable () -> AntigravityOAuthClient?) throws
+        -> AntigravityOAuthClient
+    {
+        if let clientID = credentials.clientID?.trimmedNonEmpty,
+           let clientSecret = credentials.clientSecret?.trimmedNonEmpty
+        {
+            return AntigravityOAuthClient(clientID: clientID, clientSecret: clientSecret)
+        }
+
+        guard let client = oauthClientResolver() else {
+            throw AntigravityRemoteFetchError.apiError(AntigravityOAuthConfig.missingCredentialsMessage)
+        }
+        return client
+    }
+
+    private static func updatedCredentials(
+        _ credentials: AntigravityOAuthCredentials,
+        refreshResponse: [String: Any]) -> AntigravityOAuthCredentials
+    {
+        var credentials = credentials
+        if let accessToken = refreshResponse["access_token"] as? String {
+            credentials.accessToken = accessToken
+        }
+        if let expiresIn = refreshResponse["expires_in"] as? Double {
+            credentials.expiryDateMilliseconds = (Date().timeIntervalSince1970 + expiresIn) * 1000
+        }
+        if let expiresIn = refreshResponse["expires_in"] as? Int {
+            credentials.expiryDateMilliseconds = (Date().timeIntervalSince1970 + Double(expiresIn)) * 1000
+        }
+        if let idToken = refreshResponse["id_token"] as? String {
+            credentials.idToken = idToken
+        }
+        return credentials
+    }
+
+    private static func formBody(_ values: [String: String]) -> Data? {
+        var components = URLComponents()
+        components.queryItems = values.map { key, value in
+            URLQueryItem(name: key, value: value)
+        }
+        return components.query?.data(using: .utf8)
+    }
+
+    private struct TokenClaims {
+        let email: String?
+        let hostedDomain: String?
+    }
+
+    private static func extractClaims(from credentials: AntigravityOAuthCredentials) -> TokenClaims {
+        let tokenClaims = Self.extractClaimsFromToken(credentials.idToken)
+        return TokenClaims(
+            email: tokenClaims.email ?? credentials.email?.trimmedNonEmpty,
+            hostedDomain: tokenClaims.hostedDomain)
+    }
+
+    private static func extractClaimsFromToken(_ idToken: String?) -> TokenClaims {
+        guard let idToken else {
+            return TokenClaims(email: nil, hostedDomain: nil)
+        }
+
+        let parts = idToken.components(separatedBy: ".")
+        guard parts.count >= 2 else {
+            return TokenClaims(email: nil, hostedDomain: nil)
+        }
+
+        var payload = parts[1]
+            .replacingOccurrences(of: "-", with: "+")
+            .replacingOccurrences(of: "_", with: "/")
+        let remainder = payload.count % 4
+        if remainder > 0 {
+            payload += String(repeating: "=", count: 4 - remainder)
+        }
+
+        guard let data = Data(base64Encoded: payload, options: .ignoreUnknownCharacters),
+              let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any]
+        else {
+            return TokenClaims(email: nil, hostedDomain: nil)
+        }
+
+        return TokenClaims(
+            email: (json["email"] as? String)?.trimmedNonEmpty,
+            hostedDomain: (json["hd"] as? String)?.trimmedNonEmpty)
+    }
+}
+
+extension String {
+    fileprivate var trimmedNonEmpty: String? {
+        let trimmed = self.trimmingCharacters(in: .whitespacesAndNewlines)
+        return trimmed.isEmpty ? nil : trimmed
+    }
+}
+
+private struct ProjectReference: Decodable {
+    let value: String?
+
+    init(from decoder: Decoder) throws {
+        let single = try decoder.singleValueContainer()
+        if let stringValue = try? single.decode(String.self) {
+            self.value = stringValue
+            return
+        }
+
+        let keyed = try decoder.container(keyedBy: CodingKeys.self)
+        self.value = try keyed.decodeIfPresent(String.self, forKey: .id)
+            ?? keyed.decodeIfPresent(String.self, forKey: .projectID)
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case id
+        case projectID = "projectId"
+    }
+}
+
+private struct CodeAssistResponse: Decodable {
+    let planInfo: CodeAssistPlanInfo?
+    let currentTier: TierInfo?
+    let paidTier: TierInfo?
+    let allowedTiers: [AllowedTier]?
+    let cloudaicompanionProject: ProjectReference?
+
+    var projectID: String? {
+        self.cloudaicompanionProject?.value?.trimmingCharacters(in: .whitespacesAndNewlines).nilIfEmpty
+    }
+}
+
+private struct CodeAssistPlanInfo: Decodable {
+    let planType: String?
+}
+
+private struct TierInfo: Decodable {
+    let id: String?
+    let name: String?
+}
+
+private struct AllowedTier: Decodable {
+    let id: String?
+    let isDefault: Bool?
+}
+
+private struct OnboardResponse: Decodable {
+    let response: OnboardInnerResponse?
+
+    var projectID: String? {
+        self.response?.cloudaicompanionProject?.value?.trimmingCharacters(in: .whitespacesAndNewlines).nilIfEmpty
+    }
+}
+
+private struct OnboardInnerResponse: Decodable {
+    let cloudaicompanionProject: ProjectReference?
+}
+
+private struct FetchAvailableModelsResponse: Decodable {
+    let models: [String: AntigravityRemoteModel]?
+}
+
+private struct RetrieveUserQuotaResponse: Decodable {
+    let buckets: [RetrieveUserQuotaBucket]?
+}
+
+private struct RetrieveUserQuotaBucket: Decodable {
+    let modelId: String?
+    let remainingFraction: Double?
+    let resetTime: String?
+}
+
+private struct AntigravityRemoteModel: Decodable {
+    let displayName: String?
+    let label: String?
+    let quotaInfo: AntigravityRemoteQuotaInfo?
+}
+
+private struct AntigravityRemoteQuotaInfo: Decodable {
+    let remainingFraction: Double?
+    let resetTime: String?
+}
+
+extension String? {
+    fileprivate var trimmedNonEmpty: String? {
+        self?.trimmingCharacters(in: .whitespacesAndNewlines).nilIfEmpty
+    }
+}
+
+extension String {
+    fileprivate var nilIfEmpty: String? {
+        self.isEmpty ? nil : self
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Antigravity/AntigravityStatusProbe.swift b/Sources/CodexBarCore/Providers/Antigravity/AntigravityStatusProbe.swift
index b4452b4c8..cd84afef4 100644
--- a/Sources/CodexBarCore/Providers/Antigravity/AntigravityStatusProbe.swift
+++ b/Sources/CodexBarCore/Providers/Antigravity/AntigravityStatusProbe.swift
@@ -10,26 +10,83 @@ public struct AntigravityModelQuota: Sendable {
     public let resetTime: Date?
     public let resetDescription: String?
 
+    public init(
+        label: String,
+        modelId: String,
+        remainingFraction: Double?,
+        resetTime: Date?,
+        resetDescription: String?)
+    {
+        self.label = label
+        self.modelId = modelId
+        self.remainingFraction = remainingFraction
+        self.resetTime = resetTime
+        self.resetDescription = resetDescription
+    }
+
     public var remainingPercent: Double {
         guard let remainingFraction else { return 0 }
         return max(0, min(100, remainingFraction * 100))
     }
 }
 
+private enum AntigravityModelFamily {
+    case claude
+    case geminiPro
+    case geminiFlash
+    case unknown
+}
+
+private struct AntigravityNormalizedModel {
+    let quota: AntigravityModelQuota
+    let family: AntigravityModelFamily
+    let selectionPriority: Int?
+}
+
 public struct AntigravityStatusSnapshot: Sendable {
     public let modelQuotas: [AntigravityModelQuota]
     public let accountEmail: String?
     public let accountPlan: String?
 
+    public init(
+        modelQuotas: [AntigravityModelQuota],
+        accountEmail: String?,
+        accountPlan: String?)
+    {
+        self.modelQuotas = modelQuotas
+        self.accountEmail = accountEmail
+        self.accountPlan = accountPlan
+    }
+
     public func toUsageSnapshot() throws -> UsageSnapshot {
-        let ordered = Self.selectModels(self.modelQuotas)
-        guard let primaryQuota = ordered.first else {
+        guard !self.modelQuotas.isEmpty else {
             throw AntigravityStatusProbeError.parseFailed("No quota models available")
         }
 
-        let primary = Self.rateWindow(for: primaryQuota)
-        let secondary = ordered.count > 1 ? Self.rateWindow(for: ordered[1]) : nil
-        let tertiary = ordered.count > 2 ? Self.rateWindow(for: ordered[2]) : nil
+        let normalized = Self.normalizedModels(self.modelQuotas)
+        let primaryQuota = Self.representative(for: .claude, in: normalized)
+        let secondaryQuota = Self.representative(for: .geminiPro, in: normalized)
+        let tertiaryQuota = Self.representative(for: .geminiFlash, in: normalized)
+        let fallbackQuota: AntigravityModelQuota? = if primaryQuota == nil, secondaryQuota == nil,
+                                                       tertiaryQuota == nil
+        {
+            Self.fallbackRepresentative(in: normalized)
+        } else {
+            nil
+        }
+
+        let primary = (primaryQuota ?? fallbackQuota).map(Self.rateWindow(for:))
+        let secondary = secondaryQuota.map(Self.rateWindow(for:))
+        let tertiary = tertiaryQuota.map(Self.rateWindow(for:))
+
+        // primary/secondary/tertiary keep the 3-family summary for back-compat.
+        // extraRateWindows carries every model quota loss-free, including families
+        // with no dedicated slot and variants the representative selection collapses.
+        let extraWindows = self.modelQuotas
+            .sorted(by: Self.modelQuotaSortPrecedes)
+            .map { quota in
+                NamedRateWindow(id: quota.modelId, title: quota.label, window: Self.rateWindow(for: quota))
+            }
 
         let identity = ProviderIdentitySnapshot(
             providerID: .antigravity,
@@ -40,6 +97,7 @@ public struct AntigravityStatusSnapshot: Sendable {
             primary: primary,
             secondary: secondary,
             tertiary: tertiary,
+            extraRateWindows: extraWindows.isEmpty ? nil : extraWindows,
             updatedAt: Date(),
             identity: identity)
     }
@@ -52,40 +110,119 @@ public struct AntigravityStatusSnapshot: Sendable {
             resetDescription: quota.resetDescription)
     }
 
-    private static func selectModels(_ models: [AntigravityModelQuota]) -> [AntigravityModelQuota] {
-        var ordered: [AntigravityModelQuota] = []
-        if let claude = models.first(where: { Self.isClaudeWithoutThinking($0.label) }) {
-            ordered.append(claude)
-        }
-        if let pro = models.first(where: { Self.isGeminiProLow($0.label) }),
-           !ordered.contains(where: { $0.label == pro.label })
-        {
-            ordered.append(pro)
-        }
-        if let flash = models.first(where: { Self.isGeminiFlash($0.label) }),
-           !ordered.contains(where: { $0.label == flash.label })
-        {
-            ordered.append(flash)
+    private static func modelQuotaSortPrecedes(_ lhs: AntigravityModelQuota, _ rhs: AntigravityModelQuota) -> Bool {
+        let labelOrder = lhs.label.caseInsensitiveCompare(rhs.label)
+        if labelOrder != .orderedSame {
+            return labelOrder == .orderedAscending
         }
-        if ordered.isEmpty {
-            ordered.append(contentsOf: models.sorted(by: { $0.remainingPercent < $1.remainingPercent }))
+        return lhs.modelId.caseInsensitiveCompare(rhs.modelId) == .orderedAscending
+    }
+
+    private static func normalizedModels(_ models: [AntigravityModelQuota]) -> [AntigravityNormalizedModel] {
+        models.map { self.normalizeModel($0) }
+    }
+
+    private static func normalizeModel(_ quota: AntigravityModelQuota) -> AntigravityNormalizedModel {
+        let modelId = quota.modelId.lowercased()
+        let label = quota.label.lowercased()
+        let family = Self.family(forModelID: modelId, label: label)
+
+        let isLite = modelId.contains("lite") || label.contains("lite")
+        let isAutocomplete = modelId.contains("autocomplete") || label.contains("autocomplete") || modelId
+            .hasPrefix("tab_")
+        let isLowPriorityGeminiPro = modelId.contains("pro-low")
+            || (label.contains("pro") && label.contains("low"))
+
+        let selectionPriority: Int? = switch family {
+        case .claude:
+            0
+        case .geminiPro:
+            if isLowPriorityGeminiPro {
+                0
+            } else if !isLite, !isAutocomplete {
+                1
+            } else {
+                nil
+            }
+        case .geminiFlash:
+            (!isLite && !isAutocomplete) ? 0 : nil
+        case .unknown:
+            nil
         }
-        return ordered
+
+        return AntigravityNormalizedModel(
+            quota: quota,
+            family: family,
+            selectionPriority: selectionPriority)
     }
 
-    private static func isClaudeWithoutThinking(_ label: String) -> Bool {
-        let lower = label.lowercased()
-        return lower.contains("claude") && !lower.contains("thinking")
+    private static func representative(
+        for family: AntigravityModelFamily,
+        in models: [AntigravityNormalizedModel]) -> AntigravityModelQuota?
+    {
+        let candidates = models.filter { $0.family == family && $0.selectionPriority != nil }
+        guard !candidates.isEmpty else { return nil }
+        return candidates.min { lhs, rhs in
+            let lhsHasRemainingFraction = lhs.quota.remainingFraction != nil
+            let rhsHasRemainingFraction = rhs.quota.remainingFraction != nil
+            if lhsHasRemainingFraction != rhsHasRemainingFraction {
+                return lhsHasRemainingFraction && !rhsHasRemainingFraction
+            }
+            let lhsPriority = lhs.selectionPriority ?? Int.max
+            let rhsPriority = rhs.selectionPriority ?? Int.max
+            if lhsPriority != rhsPriority {
+                return lhsPriority < rhsPriority
+            }
+            if lhs.quota.remainingPercent != rhs.quota.remainingPercent {
+                return lhs.quota.remainingPercent < rhs.quota.remainingPercent
+            }
+            switch (lhs.quota.resetTime, rhs.quota.resetTime) {
+            case let (.some(left), .some(right)) where left != right:
+                return left < right
+            case (.some, .none):
+                return true
+            case (.none, .some):
+                return false
+            default:
+                return lhs.quota.label.localizedCaseInsensitiveCompare(rhs.quota.label) == .orderedAscending
+            }
+        }?.quota
     }
 
-    private static func isGeminiProLow(_ label: String) -> Bool {
-        let lower = label.lowercased()
-        return lower.contains("pro") && lower.contains("low")
+    private static func fallbackRepresentative(in models: [AntigravityNormalizedModel]) -> AntigravityModelQuota? {
+        guard !models.isEmpty else { return nil }
+        return models.min { lhs, rhs in
+            let lhsHasRemainingFraction = lhs.quota.remainingFraction != nil
+            let rhsHasRemainingFraction = rhs.quota.remainingFraction != nil
+            if lhsHasRemainingFraction != rhsHasRemainingFraction {
+                return lhsHasRemainingFraction && !rhsHasRemainingFraction
+            }
+            if lhs.quota.remainingPercent != rhs.quota.remainingPercent {
+                return lhs.quota.remainingPercent < rhs.quota.remainingPercent
+            }
+            return lhs.quota.label.localizedCaseInsensitiveCompare(rhs.quota.label) == .orderedAscending
+        }?.quota
     }
 
-    private static func isGeminiFlash(_ label: String) -> Bool {
-        let lower = label.lowercased()
-        return lower.contains("gemini") && lower.contains("flash")
+    private static func family(forModelID modelId: String, label: String) -> AntigravityModelFamily {
+        let modelIDFamily = Self.family(from: modelId)
+        if modelIDFamily != .unknown {
+            return modelIDFamily
+        }
+        return Self.family(from: label)
+    }
+
+    private static func family(from text: String) -> AntigravityModelFamily {
+        if text.contains("claude") {
+            return .claude
+        }
+        if text.contains("gemini"), text.contains("pro") {
+            return .geminiPro
+        }
+        if text.contains("gemini"), text.contains("flash") {
+            return .geminiFlash
+        }
+        return .unknown
     }
 }
 
@@ -144,7 +281,6 @@ public enum AntigravityStatusProbeError: LocalizedError, Sendable, Equatable {
 public struct AntigravityStatusProbe: Sendable {
     public var timeout: TimeInterval = 8.0
 
-    private static let processName = "language_server_macos"
     private static let getUserStatusPath = "/exa.language_server_pb.LanguageServerService/GetUserStatus"
     private static let commandModelConfigPath =
         "/exa.language_server_pb.LanguageServerService/GetCommandModelConfigs"
@@ -158,50 +294,62 @@ public struct AntigravityStatusProbe: Sendable {
     public func fetch() async throws -> AntigravityStatusSnapshot {
         let processInfo = try await Self.detectProcessInfo(timeout: self.timeout)
         let ports = try await Self.listeningPorts(pid: processInfo.pid, timeout: self.timeout)
-        let connectPort = try await Self.findWorkingPort(
-            ports: ports,
-            csrfToken: processInfo.csrfToken,
+        let endpoint = try await Self.resolveWorkingEndpoint(
+            candidateEndpoints: Self.connectionCandidates(
+                listeningPorts: ports,
+                languageServerCSRFToken: processInfo.csrfToken,
+                extensionServerPort: processInfo.extensionPort,
+                extensionServerCSRFToken: processInfo.extensionServerCSRFToken),
             timeout: self.timeout)
         let context = RequestContext(
-            httpsPort: connectPort,
-            httpPort: processInfo.extensionPort,
-            csrfToken: processInfo.csrfToken,
+            endpoints: Self.requestEndpoints(
+                resolvedEndpoint: endpoint,
+                listeningPorts: ports,
+                languageServerCSRFToken: processInfo.csrfToken,
+                extensionServerPort: processInfo.extensionPort,
+                extensionServerCSRFToken: processInfo.extensionServerCSRFToken),
             timeout: self.timeout)
 
         do {
-            let response = try await Self.makeRequest(
+            return try await Self.makeParsedRequest(
                 payload: RequestPayload(
                     path: Self.getUserStatusPath,
                     body: Self.defaultRequestBody()),
-                context: context)
-            return try Self.parseUserStatusResponse(response)
+                context: context,
+                parse: Self.parseUserStatusResponse)
         } catch {
-            let response = try await Self.makeRequest(
+            return try await Self.makeParsedRequest(
                 payload: RequestPayload(
                     path: Self.commandModelConfigPath,
                     body: Self.defaultRequestBody()),
-                context: context)
-            return try Self.parseCommandModelResponse(response)
+                context: context,
+                parse: Self.parseCommandModelResponse)
         }
     }
 
     public func fetchPlanInfoSummary() async throws -> AntigravityPlanInfoSummary? {
         let processInfo = try await Self.detectProcessInfo(timeout: self.timeout)
         let ports = try await Self.listeningPorts(pid: processInfo.pid, timeout: self.timeout)
-        let connectPort = try await Self.findWorkingPort(
-            ports: ports,
-            csrfToken: processInfo.csrfToken,
+        let endpoint = try await Self.resolveWorkingEndpoint(
+            candidateEndpoints: Self.connectionCandidates(
+                listeningPorts: ports,
+                languageServerCSRFToken: processInfo.csrfToken,
+                extensionServerPort: processInfo.extensionPort,
+                extensionServerCSRFToken: processInfo.extensionServerCSRFToken),
             timeout: self.timeout)
-        let response = try await Self.makeRequest(
+        return try await Self.makeParsedRequest(
             payload: RequestPayload(
                 path: Self.getUserStatusPath,
                 body: Self.defaultRequestBody()),
             context: RequestContext(
-                httpsPort: connectPort,
-                httpPort: processInfo.extensionPort,
-                csrfToken: processInfo.csrfToken,
-                timeout: self.timeout))
-        return try Self.parsePlanInfoSummary(response)
+                endpoints: Self.requestEndpoints(
+                    resolvedEndpoint: endpoint,
+                    listeningPorts: ports,
+                    languageServerCSRFToken: processInfo.csrfToken,
+                    extensionServerPort: processInfo.extensionPort,
+                    extensionServerCSRFToken: processInfo.extensionServerCSRFToken),
+                timeout: self.timeout),
+            parse: Self.parsePlanInfoSummary)
     }
 
     public static func isRunning(timeout: TimeInterval = 4.0) async -> Bool {
@@ -228,7 +376,8 @@ public struct AntigravityStatusProbe: Sendable {
         let modelConfigs = userStatus.cascadeModelConfigData?.clientModelConfigs ?? []
         let models = modelConfigs.compactMap(Self.quotaFromConfig(_:))
         let email = userStatus.email
-        let planName = userStatus.planStatus?.planInfo?.preferredName
+        // Prefer userTier.name (actual subscription tier) over planInfo (shows "Pro" for Ultra users)
+        let planName = userStatus.userTier?.preferredName ?? userStatus.planStatus?.planInfo?.preferredName
 
         return AntigravityStatusSnapshot(
             modelQuotas: models,
@@ -294,13 +443,30 @@ public struct AntigravityStatusProbe: Sendable {
 
     // MARK: - Port detection
 
-    private struct ProcessInfoResult: Sendable {
+    private struct ProcessInfoResult {
         let pid: Int
         let extensionPort: Int?
+        let extensionServerCSRFToken: String?
         let csrfToken: String
         let commandLine: String
     }
 
+    struct AntigravityConnectionEndpoint: Equatable {
+        enum Source: String {
+            case languageServer = "language-server"
+            case extensionServer = "extension-server"
+        }
+
+        let scheme: String
+        let port: Int
+        let csrfToken: String
+        let source: Source
+
+        func matchesRequestTarget(_ other: Self) -> Bool {
+            self.scheme == other.scheme && self.port == other.port && self.csrfToken == other.csrfToken
+        }
+    }
+
     private static func detectProcessInfo(timeout: TimeInterval) async throws -> ProcessInfoResult {
         let env = ProcessInfo.processInfo.environment
         let result = try await SubprocessRunner.run(
@@ -315,13 +481,17 @@ public struct AntigravityStatusProbe: Sendable {
         for line in lines {
             let text = String(line)
             guard let match = Self.matchProcessLine(text) else { continue }
-            let lower = match.command.lowercased()
-            guard lower.contains(Self.processName) else { continue }
-            guard Self.isAntigravityCommandLine(lower) else { continue }
+            guard Self.isAntigravityLanguageServerCommandLine(match.command) else { continue }
             sawAntigravity = true
             guard let token = Self.extractFlag("--csrf_token", from: match.command) else { continue }
             let port = Self.extractPort("--extension_server_port", from: match.command)
-            return ProcessInfoResult(pid: match.pid, extensionPort: port, csrfToken: token, commandLine: match.command)
+            let extensionServerCSRFToken = Self.extractFlag("--extension_server_csrf_token", from: match.command)
+            return ProcessInfoResult(
+                pid: match.pid,
+                extensionPort: port,
+                extensionServerCSRFToken: extensionServerCSRFToken,
+                csrfToken: token,
+                commandLine: match.command)
         }
 
         if sawAntigravity {
@@ -343,6 +513,16 @@ public struct AntigravityStatusProbe: Sendable {
         return ProcessLineMatch(pid: pid, command: String(parts[1]))
     }
 
+    static func isAntigravityLanguageServerCommandLine(_ command: String) -> Bool {
+        let lower = command.lowercased()
+        return Self.isLanguageServerCommandLine(lower) && Self.isAntigravityCommandLine(lower)
+    }
+
+    private static func isLanguageServerCommandLine(_ lowerCommand: String) -> Bool {
+        let pattern = #"(^|[/\\])language_server(_macos|\.exe)?(\s|$)"#
+        return lowerCommand.range(of: pattern, options: .regularExpression) != nil
+    }
+
     private static func isAntigravityCommandLine(_ command: String) -> Bool {
         if command.contains("--app_data_dir") && command.contains("antigravity") { return true }
         if command.contains("/antigravity/") || command.contains("\\antigravity\\") { return true }
@@ -400,21 +580,165 @@ public struct AntigravityStatusProbe: Sendable {
         return ports.sorted()
     }
 
-    private static func findWorkingPort(
-        ports: [Int],
-        csrfToken: String,
-        timeout: TimeInterval) async throws -> Int
+    static func connectionCandidates(
+        listeningPorts: [Int],
+        languageServerCSRFToken: String,
+        extensionServerPort: Int?,
+        extensionServerCSRFToken: String?) -> [AntigravityConnectionEndpoint]
+    {
+        var endpoints = Self.languageServerEndpoints(
+            listeningPorts: listeningPorts,
+            languageServerCSRFToken: languageServerCSRFToken)
+
+        for endpoint in Self.extensionServerEndpoints(
+            extensionServerPort: extensionServerPort,
+            languageServerCSRFToken: languageServerCSRFToken,
+            extensionServerCSRFToken: extensionServerCSRFToken)
+        {
+            guard !endpoints.contains(where: { $0.matchesRequestTarget(endpoint) }) else { continue }
+            endpoints.append(endpoint)
+        }
+
+        return endpoints
+    }
+
+    static func requestEndpoints(
+        resolvedEndpoint: AntigravityConnectionEndpoint,
+        listeningPorts: [Int],
+        languageServerCSRFToken: String,
+        extensionServerPort: Int?,
+        extensionServerCSRFToken: String?) -> [AntigravityConnectionEndpoint]
+    {
+        var endpoints = [resolvedEndpoint]
+
+        if resolvedEndpoint.source == .extensionServer {
+            Self.appendUniqueRequestTargets(
+                from: Self.extensionServerEndpoints(
+                    extensionServerPort: extensionServerPort,
+                    languageServerCSRFToken: languageServerCSRFToken,
+                    extensionServerCSRFToken: extensionServerCSRFToken),
+                to: &endpoints)
+            Self.appendUniqueRequestTargets(
+                from: Self.languageServerEndpoints(
+                    listeningPorts: listeningPorts,
+                    languageServerCSRFToken: languageServerCSRFToken),
+                to: &endpoints)
+        } else {
+            Self.appendUniqueRequestTargets(
+                from: Self.languageServerEndpoints(
+                    listeningPorts: listeningPorts,
+                    languageServerCSRFToken: languageServerCSRFToken),
+                to: &endpoints)
+            Self.appendUniqueRequestTargets(
+                from: Self.extensionServerEndpoints(
+                    extensionServerPort: extensionServerPort,
+                    languageServerCSRFToken: languageServerCSRFToken,
+                    extensionServerCSRFToken: extensionServerCSRFToken),
+                to: &endpoints)
+        }
+
+        return endpoints
+    }
+
+    private static func languageServerEndpoints(
+        listeningPorts: [Int],
+        languageServerCSRFToken: String) -> [AntigravityConnectionEndpoint]
+    {
+        listeningPorts.map {
+            AntigravityConnectionEndpoint(
+                scheme: "https",
+                port: $0,
+                csrfToken: languageServerCSRFToken,
+                source: .languageServer)
+        }
+    }
+
+    private static func extensionServerEndpoints(
+        extensionServerPort: Int?,
+        languageServerCSRFToken: String,
+        extensionServerCSRFToken: String?) -> [AntigravityConnectionEndpoint]
+    {
+        guard let extensionServerPort else { return [] }
+
+        var endpoints: [AntigravityConnectionEndpoint] = []
+        if let extensionServerCSRFToken {
+            endpoints.append(
+                AntigravityConnectionEndpoint(
+                    scheme: "http",
+                    port: extensionServerPort,
+                    csrfToken: extensionServerCSRFToken,
+                    source: .extensionServer))
+        }
+
+        if extensionServerCSRFToken != languageServerCSRFToken {
+            endpoints.append(
+                AntigravityConnectionEndpoint(
+                    scheme: "http",
+                    port: extensionServerPort,
+                    csrfToken: languageServerCSRFToken,
+                    source: .extensionServer))
+        }
+
+        return endpoints
+    }
+
+    private static func appendUniqueRequestTargets(
+        from candidates: [AntigravityConnectionEndpoint],
+        to endpoints: inout [AntigravityConnectionEndpoint])
+    {
+        for endpoint in candidates {
+            guard !endpoints.contains(where: { $0.matchesRequestTarget(endpoint) }) else { continue }
+            endpoints.append(endpoint)
+        }
+    }
+
+    static func resolveWorkingEndpoint(
+        candidateEndpoints: [AntigravityConnectionEndpoint],
+        timeout: TimeInterval,
+        testConnectivity: @escaping @Sendable (AntigravityConnectionEndpoint, TimeInterval) async -> Bool = Self
+            .testEndpointConnectivity) async throws -> AntigravityConnectionEndpoint
     {
-        for port in ports {
-            let ok = await Self.testPortConnectivity(port: port, csrfToken: csrfToken, timeout: timeout)
-            if ok { return port }
+        for endpoint in candidateEndpoints {
+            let ok = await testConnectivity(endpoint, timeout)
+            if ok { return endpoint }
+        }
+        if let fallback = fallbackProbeEndpoint(candidateEndpoints) {
+            self.log.debug("Port probe fell back to best-effort endpoint", metadata: [
+                "source": fallback.source.rawValue,
+                "scheme": fallback.scheme,
+                "port": "\(fallback.port)",
+            ])
+            return fallback
         }
         throw AntigravityStatusProbeError.portDetectionFailed("no working API port found")
     }
 
-    private static func testPortConnectivity(
-        port: Int,
-        csrfToken: String,
+    static func fallbackProbePort(ports: [Int], extensionPort: Int?) -> Int? {
+        if let nonExtension = ports.first(where: { $0 != extensionPort }) {
+            return nonExtension
+        }
+        if let extensionPort {
+            return extensionPort
+        }
+        return ports.first
+    }
+
+    static func isReachableProbeError(_ error: Error) -> Bool {
+        guard case let AntigravityStatusProbeError.apiError(message) = error else { return false }
+        return message.hasPrefix("HTTP ")
+    }
+
+    private static func fallbackProbeEndpoint(
+        _ endpoints: [AntigravityConnectionEndpoint]) -> AntigravityConnectionEndpoint?
+    {
+        if let languageServerEndpoint = endpoints.first(where: { $0.source == .languageServer }) {
+            return languageServerEndpoint
+        }
+        return endpoints.first
+    }
+
+    private static func testEndpointConnectivity(
+        _ endpoint: AntigravityConnectionEndpoint,
         timeout: TimeInterval) async -> Bool
     {
         do {
@@ -422,15 +746,22 @@ public struct AntigravityStatusProbe: Sendable {
                 payload: RequestPayload(
                     path: self.unleashPath,
                     body: self.unleashRequestBody()),
-                context: RequestContext(
-                    httpsPort: port,
-                    httpPort: nil,
-                    csrfToken: csrfToken,
-                    timeout: timeout))
+                context: RequestContext(endpoints: [endpoint], timeout: timeout))
             return true
         } catch {
+            if self.isReachableProbeError(error) {
+                self.log.debug("Port probe received HTTP response; treating endpoint as reachable", metadata: [
+                    "source": endpoint.source.rawValue,
+                    "scheme": endpoint.scheme,
+                    "port": "\(endpoint.port)",
+                    "error": error.localizedDescription,
+                ])
+                return true
+            }
             self.log.debug("Port probe failed", metadata: [
-                "port": "\(port)",
+                "source": endpoint.source.rawValue,
+                "scheme": endpoint.scheme,
+                "port": "\(endpoint.port)",
                 "error": error.localizedDescription,
             ])
             return false
@@ -439,15 +770,13 @@ public struct AntigravityStatusProbe: Sendable {
 
     // MARK: - HTTP
 
-    private struct RequestPayload {
+    struct RequestPayload {
         let path: String
         let body: [String: Any]
     }
 
-    private struct RequestContext: Sendable {
-        let httpsPort: Int
-        let httpPort: Int?
-        let csrfToken: String
+    struct RequestContext {
+        let endpoints: [AntigravityConnectionEndpoint]
         let timeout: TimeInterval
     }
 
@@ -484,29 +813,67 @@ public struct AntigravityStatusProbe: Sendable {
         payload: RequestPayload,
         context: RequestContext) async throws -> Data
     {
-        do {
-            return try await self.sendRequest(
-                scheme: "https",
-                port: context.httpsPort,
-                payload: payload,
-                context: context)
-        } catch {
-            guard let httpPort = context.httpPort, httpPort != context.httpsPort else { throw error }
-            return try await Self.sendRequest(
-                scheme: "http",
-                port: httpPort,
-                payload: payload,
-                context: context)
+        try await self.sendRequest(payload: payload, context: context)
+    }
+
+    static func makeParsedRequest<T>(
+        payload: RequestPayload,
+        context: RequestContext,
+        send: @escaping @Sendable (RequestPayload, AntigravityConnectionEndpoint, TimeInterval) async throws -> Data =
+            sendRequest,
+        parse: @escaping @Sendable (Data) throws -> T) async throws -> T
+    {
+        var lastError: Error?
+
+        for endpoint in context.endpoints {
+            do {
+                let data = try await send(payload, endpoint, context.timeout)
+                return try parse(data)
+            } catch {
+                lastError = error
+                Self.log.debug("Antigravity request/parse attempt failed", metadata: [
+                    "path": payload.path,
+                    "source": endpoint.source.rawValue,
+                    "scheme": endpoint.scheme,
+                    "port": "\(endpoint.port)",
+                    "error": error.localizedDescription,
+                ])
+            }
         }
+
+        throw lastError ?? AntigravityStatusProbeError.apiError("Invalid response")
     }
 
     private static func sendRequest(
-        scheme: String,
-        port: Int,
         payload: RequestPayload,
         context: RequestContext) async throws -> Data
     {
-        guard let url = URL(string: "\(scheme)://127.0.0.1:\(port)\(payload.path)") else {
+        var lastError: Error?
+
+        for endpoint in context.endpoints {
+            do {
+                return try await Self.sendRequest(payload: payload, endpoint: endpoint, timeout: context.timeout)
+            } catch {
+                lastError = error
+                Self.log.debug("Antigravity request attempt failed", metadata: [
+                    "path": payload.path,
+                    "source": endpoint.source.rawValue,
+                    "scheme": endpoint.scheme,
+                    "port": "\(endpoint.port)",
+                    "error": error.localizedDescription,
+                ])
+            }
+        }
+
+        throw lastError ?? AntigravityStatusProbeError.apiError("Invalid URL")
+    }
+
+    private static func sendRequest(
+        payload: RequestPayload,
+        endpoint: AntigravityConnectionEndpoint,
+        timeout: TimeInterval) async throws -> Data
+    {
+        guard let url = URL(string: "\(endpoint.scheme)://127.0.0.1:\(endpoint.port)\(payload.path)") else {
             throw AntigravityStatusProbeError.apiError("Invalid URL")
         }
 
@@ -514,19 +881,24 @@ public struct AntigravityStatusProbe: Sendable {
         var request = URLRequest(url: url)
         request.httpMethod = "POST"
         request.httpBody = body
-        request.timeoutInterval = context.timeout
+        request.timeoutInterval = timeout
         request.setValue("application/json", forHTTPHeaderField: "Content-Type")
         request.setValue(String(body.count), forHTTPHeaderField: "Content-Length")
         request.setValue("1", forHTTPHeaderField: "Connect-Protocol-Version")
-        request.setValue(context.csrfToken, forHTTPHeaderField: "X-Codeium-Csrf-Token")
+        request.setValue(endpoint.csrfToken, forHTTPHeaderField: "X-Codeium-Csrf-Token")
 
         let config = URLSessionConfiguration.ephemeral
-        config.timeoutIntervalForRequest = context.timeout
-        config.timeoutIntervalForResource = context.timeout
-        let session = URLSession(configuration: config, delegate: InsecureSessionDelegate(), delegateQueue: nil)
+        config.timeoutIntervalForRequest = timeout
+        config.timeoutIntervalForResource = timeout
+        #if !os(Linux)
+        config.waitsForConnectivity = false
+        #endif
+
+        let delegate = LocalhostSessionDelegate()
+        let session = URLSession(configuration: config, delegate: delegate, delegateQueue: nil)
         defer { session.invalidateAndCancel() }
 
-        let (data, response) = try await session.data(for: request)
+        let (data, response) = try await delegate.data(for: request, session: session)
         guard let http = response as? HTTPURLResponse else {
             throw AntigravityStatusProbeError.apiError("Invalid response")
         }
@@ -538,20 +910,42 @@ public struct AntigravityStatusProbe: Sendable {
     }
 }
 
-private final class InsecureSessionDelegate: NSObject {}
-
-extension InsecureSessionDelegate: URLSessionTaskDelegate {}
-
-extension InsecureSessionDelegate {
-    func urlSession(
-        _ session: URLSession,
-        task: URLSessionTask,
-        didReceive challenge: URLAuthenticationChallenge,
-        completionHandler: @escaping @MainActor @Sendable (URLSession.AuthChallengeDisposition, URLCredential?) -> Void)
+enum LocalhostTrustPolicy {
+    static func shouldAcceptServerTrust(
+        host: String,
+        authenticationMethod: String,
+        hasServerTrust: Bool) -> Bool
     {
-        let result = self.challengeResult(challenge)
-        Task { @MainActor in
-            completionHandler(result.disposition, result.credential)
+        #if !os(Linux)
+        guard authenticationMethod == NSURLAuthenticationMethodServerTrust else { return false }
+        #endif
+        let normalizedHost = host.lowercased()
+        guard normalizedHost == "127.0.0.1" || normalizedHost == "localhost" else { return false }
+        return hasServerTrust
+    }
+}
+
+private final class LocalhostSessionDelegate: NSObject {
+    func data(for request: URLRequest, session: URLSession) async throws -> (Data, URLResponse) {
+        let state = LocalhostSessionTaskState()
+        return try await withTaskCancellationHandler {
+            try await withCheckedThrowingContinuation { continuation in
+                let task = session.dataTask(with: request) { data, response, error in
+                    if let error {
+                        continuation.resume(throwing: error)
+                        return
+                    }
+                    guard let data, let response else {
+                        continuation.resume(throwing: AntigravityStatusProbeError.apiError("Invalid response"))
+                        return
+                    }
+                    continuation.resume(returning: (data, response))
+                }
+                state.setTask(task)
+                task.resume()
+            }
+        } onCancel: {
+            state.cancel()
         }
     }
 
@@ -559,17 +953,68 @@ extension InsecureSessionDelegate {
         disposition: URLSession.AuthChallengeDisposition,
         credential: URLCredential?)
     {
-        #if canImport(FoundationNetworking)
+        #if os(Linux)
         return (.performDefaultHandling, nil)
         #else
-        if let trust = challenge.protectionSpace.serverTrust {
-            return (.useCredential, URLCredential(trust: trust))
+        let protectionSpace = challenge.protectionSpace
+        let trust = protectionSpace.serverTrust
+        guard LocalhostTrustPolicy.shouldAcceptServerTrust(
+            host: protectionSpace.host,
+            authenticationMethod: protectionSpace.authenticationMethod,
+            hasServerTrust: trust != nil),
+            let trust
+        else {
+            return (.performDefaultHandling, nil)
         }
-        return (.performDefaultHandling, nil)
+        return (.useCredential, URLCredential(trust: trust))
         #endif
     }
 }
 
+extension LocalhostSessionDelegate: URLSessionDelegate {
+    func urlSession(
+        _ session: URLSession,
+        didReceive challenge: URLAuthenticationChallenge) async -> (URLSession.AuthChallengeDisposition, URLCredential?)
+    {
+        self.challengeResult(challenge)
+    }
+}
+
+extension LocalhostSessionDelegate: URLSessionTaskDelegate {
+    func urlSession(
+        _ session: URLSession,
+        task: URLSessionTask,
+        didReceive challenge: URLAuthenticationChallenge) async -> (URLSession.AuthChallengeDisposition, URLCredential?)
+    {
+        self.challengeResult(challenge)
+    }
+}
+
+private final class LocalhostSessionTaskState: @unchecked Sendable {
+    private let lock = NSLock()
+    private var task: URLSessionDataTask?
+    private var isCancelled = false
+
+    func setTask(_ task: URLSessionDataTask) {
+        self.lock.lock()
+        self.task = task
+        let shouldCancel = self.isCancelled
+        self.lock.unlock()
+
+        if shouldCancel {
+            task.cancel()
+        }
+    }
+
+    func cancel() {
+        self.lock.lock()
+        self.isCancelled = true
+        let task = self.task
+        self.lock.unlock()
+        task?.cancel()
+    }
+}
+
 private struct UserStatusResponse: Decodable {
     let code: CodeValue?
     let message: String?
@@ -586,6 +1031,18 @@ private struct UserStatus: Decodable {
     let email: String?
     let planStatus: PlanStatus?
     let cascadeModelConfigData: ModelConfigData?
+    let userTier: UserTier?
+}
+
+private struct UserTier: Decodable {
+    let id: String?
+    let name: String?
+    let description: String?
+
+    var preferredName: String? {
+        guard let value = name?.trimmingCharacters(in: .whitespacesAndNewlines) else { return nil }
+        return value.isEmpty ? nil : value
+    }
 }
 
 private struct PlanStatus: Decodable {
diff --git a/Sources/CodexBarCore/Providers/Antigravity/AntigravityUsageDataSource.swift b/Sources/CodexBarCore/Providers/Antigravity/AntigravityUsageDataSource.swift
new file mode 100644
index 000000000..7db69bf62
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Antigravity/AntigravityUsageDataSource.swift
@@ -0,0 +1,30 @@
+import Foundation
+
+public enum AntigravityUsageDataSource: String, CaseIterable, Identifiable, Sendable {
+    case auto
+    case oauth
+    case cli
+
+    public var id: String {
+        self.rawValue
+    }
+
+    public var displayName: String {
+        switch self {
+        case .auto: "Auto"
+        case .oauth: "Google OAuth"
+        case .cli: "Local IDE API"
+        }
+    }
+
+    public var sourceLabel: String {
+        switch self {
+        case .auto:
+            "auto"
+        case .oauth:
+            "oauth"
+        case .cli:
+            "cli"
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Augment/AuggieCLIProbe.swift b/Sources/CodexBarCore/Providers/Augment/AuggieCLIProbe.swift
index 23c31b293..19eb38e94 100644
--- a/Sources/CodexBarCore/Providers/Augment/AuggieCLIProbe.swift
+++ b/Sources/CodexBarCore/Providers/Augment/AuggieCLIProbe.swift
@@ -13,6 +13,9 @@ public struct AuggieCLIProbe: Sendable {
         return try self.parse(output)
     }
 
+    /// Timeout for the `auggie account status` command.
+    private static let commandTimeout: TimeInterval = 15
+
     private func runAuggieAccountStatus() async throws -> String {
         let env = ProcessInfo.processInfo.environment
         let loginPATH = LoginShellPathCache.shared.current
@@ -24,24 +27,15 @@ public struct AuggieCLIProbe: Sendable {
             env: env,
             loginPATH: loginPATH)
 
-        let process = Process()
-        process.executableURL = URL(fileURLWithPath: executable)
-        process.arguments = ["account", "status"]
-        process.environment = pathEnv
-
-        let stdout = Pipe()
-        let stderr = Pipe()
-        process.standardOutput = stdout
-        process.standardError = stderr
-
-        try process.run()
-        process.waitUntilExit()
-
-        let outputData = stdout.fileHandleForReading.readDataToEndOfFile()
-        let errorData = stderr.fileHandleForReading.readDataToEndOfFile()
+        let result = try await SubprocessRunner.run(
+            binary: executable,
+            arguments: ["account", "status"],
+            environment: pathEnv,
+            timeout: Self.commandTimeout,
+            label: "auggie-account-status")
 
-        let output = String(data: outputData, encoding: .utf8) ?? ""
-        let errorOutput = String(data: errorData, encoding: .utf8) ?? ""
+        let output = result.stdout
+        let errorOutput = result.stderr
 
         guard !output.isEmpty else {
             if !errorOutput.isEmpty {
diff --git a/Sources/CodexBarCore/Providers/Augment/AugmentSessionKeepalive.swift b/Sources/CodexBarCore/Providers/Augment/AugmentSessionKeepalive.swift
index 9485c8ef7..40e1974a9 100644
--- a/Sources/CodexBarCore/Providers/Augment/AugmentSessionKeepalive.swift
+++ b/Sources/CodexBarCore/Providers/Augment/AugmentSessionKeepalive.swift
@@ -59,9 +59,15 @@ public final class AugmentSessionKeepalive {
         }
 
         self.log("🚀 Starting Augment session keepalive")
-        self.log("   - Check interval: \(Int(self.checkInterval))s (every 5 minutes)")
-        self.log("   - Refresh buffer: \(Int(self.refreshBufferSeconds))s (5 minutes before expiry)")
-        self.log("   - Min refresh interval: \(Int(self.minRefreshInterval))s (2 minutes)")
+        self.log(
+            "   - Check interval: \(Int(self.checkInterval))s "
+                + "(\(Self.durationDescription(seconds: self.checkInterval)))")
+        self.log(
+            "   - Refresh buffer: \(Int(self.refreshBufferSeconds))s "
+                + "(\(Self.durationDescription(seconds: self.refreshBufferSeconds)) before expiry)")
+        self.log(
+            "   - Min refresh interval: \(Int(self.minRefreshInterval))s "
+                + "(\(Self.durationDescription(seconds: self.minRefreshInterval)))")
 
         self.timerTask = Task.detached(priority: .utility) { [weak self] in
             while !Task.isCancelled {
@@ -371,7 +377,7 @@ public final class AugmentSessionKeepalive {
             request.setValue("https://app.augmentcode.com", forHTTPHeaderField: "Referer")
 
             do {
-                let (data, response) = try await URLSession.shared.data(for: request)
+                let (data, response) = try await ProviderHTTPClient.shared.data(for: request)
 
                 guard let httpResponse = response as? HTTPURLResponse else {
                     self.log("   ✗ Invalid response type")
@@ -435,6 +441,15 @@ public final class AugmentSessionKeepalive {
 
     private static let log = CodexBarLog.logger(LogCategories.augmentKeepalive)
 
+    private static func durationDescription(seconds: TimeInterval) -> String {
+        let totalSeconds = max(0, Int(seconds.rounded()))
+        if totalSeconds >= 60, totalSeconds % 60 == 0 {
+            let minutes = totalSeconds / 60
+            return "\(minutes) minute\(minutes == 1 ? "" : "s")"
+        }
+        return "\(totalSeconds) second\(totalSeconds == 1 ? "" : "s")"
+    }
+
     private func log(_ message: String) {
         let timestamp = Date().formatted(date: .omitted, time: .standard)
         let fullMessage = "[\(timestamp)] [AugmentKeepalive] \(message)"
diff --git a/Sources/CodexBarCore/Providers/Augment/AugmentStatusProbe.swift b/Sources/CodexBarCore/Providers/Augment/AugmentStatusProbe.swift
index 43459fd1f..cff8957a4 100644
--- a/Sources/CodexBarCore/Providers/Augment/AugmentStatusProbe.swift
+++ b/Sources/CodexBarCore/Providers/Augment/AugmentStatusProbe.swift
@@ -67,7 +67,7 @@ public enum AugmentCookieImporter {
         for browserSource in augmentCookieImportOrder {
             do {
                 let query = BrowserCookieQuery(domains: cookieDomains)
-                let sources = try Self.cookieClient.records(
+                let sources = try Self.cookieClient.codexBarRecords(
                     matching: query,
                     in: browserSource,
                     logger: log)
@@ -131,6 +131,10 @@ public struct AugmentCreditsResponse: Codable, Sendable {
     }
 
     public var creditsLimit: Double? {
+        if let available = self.usageUnitsAvailable, available > 0 {
+            return available
+        }
+
         guard let remaining = self.usageUnitsRemaining,
               let consumed = self.usageUnitsConsumedThisBillingCycle
         else {
@@ -222,6 +226,7 @@ public struct AugmentStatusSnapshot: Sendable {
 
     private static func formatResetDate(_ date: Date) -> String {
         let formatter = RelativeDateTimeFormatter()
+        formatter.locale = Locale(identifier: "en_US")
         formatter.unitsStyle = .full
         return formatter.localizedString(for: date, relativeTo: Date())
     }
@@ -492,7 +497,7 @@ public struct AugmentStatusProbe: Sendable {
         request.setValue("application/json", forHTTPHeaderField: "Accept")
         request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
 
-        let (data, response) = try await URLSession.shared.data(for: request)
+        let (data, response) = try await ProviderHTTPClient.shared.data(for: request)
 
         guard let httpResponse = response as? HTTPURLResponse else {
             throw AugmentStatusProbeError.networkError("Invalid response")
@@ -530,7 +535,7 @@ public struct AugmentStatusProbe: Sendable {
         request.setValue("application/json", forHTTPHeaderField: "Accept")
         request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
 
-        let (data, response) = try await URLSession.shared.data(for: request)
+        let (data, response) = try await ProviderHTTPClient.shared.data(for: request)
 
         guard let httpResponse = response as? HTTPURLResponse else {
             throw AugmentStatusProbeError.networkError("Invalid response")
@@ -589,14 +594,16 @@ public struct AugmentStatusProbe: Sendable {
     }
 
     /// Debug probe that returns raw API responses
-    public func debugRawProbe() async -> String {
+    public func debugRawProbe(cookieHeaderOverride: String? = nil) async -> String {
         let stamp = ISO8601DateFormatter().string(from: Date())
         var lines: [String] = []
         lines.append("=== Augment Debug Probe @ \(stamp) ===")
         lines.append("")
 
         do {
-            let snapshot = try await self.fetch(logger: { msg in lines.append("[log] \(msg)") })
+            let snapshot = try await self.fetch(
+                cookieHeaderOverride: cookieHeaderOverride,
+                logger: { msg in lines.append("[log] \(msg)") })
             lines.append("")
             lines.append("Probe Success")
             lines.append("")
@@ -616,13 +623,13 @@ public struct AugmentStatusProbe: Sendable {
             }
 
             let output = lines.joined(separator: "\n")
-            Task { @MainActor in Self.recordDump(output) }
+            await MainActor.run { Self.recordDump(output) }
             return output
         } catch {
             lines.append("")
             lines.append("Probe Failed: \(error.localizedDescription)")
             let output = lines.joined(separator: "\n")
-            Task { @MainActor in Self.recordDump(output) }
+            await MainActor.run { Self.recordDump(output) }
             return output
         }
     }
diff --git a/Sources/CodexBarCore/Providers/AzureOpenAI/AzureOpenAIProviderDescriptor.swift b/Sources/CodexBarCore/Providers/AzureOpenAI/AzureOpenAIProviderDescriptor.swift
new file mode 100644
index 000000000..90cb7c79d
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/AzureOpenAI/AzureOpenAIProviderDescriptor.swift
@@ -0,0 +1,92 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum AzureOpenAIProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .azureopenai,
+            metadata: ProviderMetadata(
+                id: .azureopenai,
+                displayName: "Azure OpenAI",
+                sessionLabel: "Status",
+                weeklyLabel: "Deployment",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show Azure OpenAI status",
+                cliName: "azure-openai",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: nil,
+                dashboardURL: "https://ai.azure.com",
+                statusPageURL: nil,
+                statusLinkURL: "https://azure.status.microsoft/en-us/status"),
+            branding: ProviderBranding(
+                iconStyle: .openai,
+                iconResourceName: "ProviderIcon-codex",
+                color: ProviderColor(red: 0, green: 120 / 255, blue: 212 / 255)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "Azure OpenAI usage history is not exposed by the deployment validation probe." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .api],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [AzureOpenAIAPIFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "azure-openai",
+                aliases: ["azureopenai", "aoai"],
+                versionDetector: nil))
+    }
+}
+
+struct AzureOpenAIAPIFetchStrategy: ProviderFetchStrategy {
+    let id: String = "azureopenai.api"
+    let kind: ProviderFetchKind = .apiToken
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        _ = context
+        // Keep the strategy available so missing partial configuration surfaces
+        // as a precise settings error instead of a generic no-strategy failure.
+        return true
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard let apiKey = Self.resolveAPIKey(environment: context.env) else {
+            throw AzureOpenAIUsageError.missingAPIKey
+        }
+        guard let endpoint = Self.resolveEndpoint(environment: context.env) else {
+            throw AzureOpenAIUsageError.missingEndpoint
+        }
+        guard let deploymentName = Self.resolveDeploymentName(environment: context.env) else {
+            throw AzureOpenAIUsageError.missingDeploymentName
+        }
+
+        let usage = try await AzureOpenAIUsageFetcher.fetchUsage(
+            apiKey: apiKey,
+            endpoint: endpoint,
+            deploymentName: deploymentName,
+            apiVersion: AzureOpenAISettingsReader.apiVersion(environment: context.env))
+        return self.makeResult(
+            usage: usage.toUsageSnapshot(),
+            sourceLabel: "deployment")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    private static func resolveAPIKey(environment: [String: String]) -> String? {
+        ProviderTokenResolver.azureOpenAIToken(environment: environment)
+    }
+
+    private static func resolveEndpoint(environment: [String: String]) -> URL? {
+        AzureOpenAISettingsReader.endpoint(environment: environment)
+    }
+
+    private static func resolveDeploymentName(environment: [String: String]) -> String? {
+        AzureOpenAISettingsReader.deploymentName(environment: environment)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/AzureOpenAI/AzureOpenAISettingsReader.swift b/Sources/CodexBarCore/Providers/AzureOpenAI/AzureOpenAISettingsReader.swift
new file mode 100644
index 000000000..97949a367
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/AzureOpenAI/AzureOpenAISettingsReader.swift
@@ -0,0 +1,76 @@
+import Foundation
+
+public enum AzureOpenAISettingsReader {
+    public static let apiKeyEnvironmentKey = "AZURE_OPENAI_API_KEY"
+    public static let endpointEnvironmentKey = "AZURE_OPENAI_ENDPOINT"
+    public static let deploymentNameEnvironmentKey = "AZURE_OPENAI_DEPLOYMENT_NAME"
+    public static let apiVersionEnvironmentKey = "AZURE_OPENAI_API_VERSION"
+    public static let defaultAPIVersion = "2024-10-21"
+
+    public static func apiKey(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        self.cleaned(environment[self.apiKeyEnvironmentKey])
+    }
+
+    public static func endpoint(environment: [String: String] = ProcessInfo.processInfo.environment) -> URL? {
+        guard let rawEndpoint = self.cleaned(environment[self.endpointEnvironmentKey]) else { return nil }
+        return self.endpointURL(from: rawEndpoint)
+    }
+
+    public static func deploymentName(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        self.cleaned(environment[self.deploymentNameEnvironmentKey])
+    }
+
+    public static func apiVersion(environment: [String: String] = ProcessInfo.processInfo.environment) -> String {
+        self.cleaned(environment[self.apiVersionEnvironmentKey]) ?? self.defaultAPIVersion
+    }
+
+    public static func endpointURL(from rawEndpoint: String) -> URL? {
+        let trimmed = rawEndpoint.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return nil }
+
+        let withScheme = trimmed.contains("://") ? trimmed : "https://\(trimmed)"
+        guard let url = URL(string: withScheme),
+              let host = url.host?.trimmingCharacters(in: .whitespacesAndNewlines),
+              !host.isEmpty
+        else {
+            return nil
+        }
+        return url
+    }
+
+    static func cleaned(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+
+        value = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : value
+    }
+}
+
+public enum AzureOpenAISettingsError: LocalizedError, Sendable, Equatable {
+    case missingAPIKey
+    case missingEndpoint
+    case missingDeploymentName
+    case invalidEndpoint
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingAPIKey:
+            "Azure OpenAI API key not configured. Set AZURE_OPENAI_API_KEY or configure an API key in Settings."
+        case .missingEndpoint:
+            "Azure OpenAI endpoint not configured. Set AZURE_OPENAI_ENDPOINT or configure an endpoint in Settings."
+        case .missingDeploymentName:
+            "Azure OpenAI deployment not configured. Set AZURE_OPENAI_DEPLOYMENT_NAME or configure a deployment " +
+                "in Settings."
+        case .invalidEndpoint:
+            "Azure OpenAI endpoint is invalid."
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/AzureOpenAI/AzureOpenAIUsageFetcher.swift b/Sources/CodexBarCore/Providers/AzureOpenAI/AzureOpenAIUsageFetcher.swift
new file mode 100644
index 000000000..39d80a28d
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/AzureOpenAI/AzureOpenAIUsageFetcher.swift
@@ -0,0 +1,242 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public struct AzureOpenAIUsageSnapshot: Codable, Sendable, Equatable {
+    public let endpointHost: String
+    public let deploymentName: String
+    public let model: String?
+    public let apiVersion: String
+    public let updatedAt: Date
+
+    public init(
+        endpointHost: String,
+        deploymentName: String,
+        model: String?,
+        apiVersion: String,
+        updatedAt: Date)
+    {
+        self.endpointHost = endpointHost
+        self.deploymentName = deploymentName
+        self.model = model
+        self.apiVersion = apiVersion
+        self.updatedAt = updatedAt
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let detail = Self.detailText(deploymentName: self.deploymentName, model: self.model)
+        return UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 0,
+                windowMinutes: nil,
+                resetsAt: nil,
+                resetDescription: detail),
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: self.updatedAt,
+            identity: ProviderIdentitySnapshot(
+                providerID: .azureopenai,
+                accountEmail: nil,
+                accountOrganization: self.endpointHost,
+                loginMethod: "Deployment: \(self.deploymentName)"))
+    }
+
+    private static func detailText(deploymentName: String, model: String?) -> String {
+        let cleanedModel = model?.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard let cleanedModel, !cleanedModel.isEmpty else {
+            return "Deployment: \(deploymentName)"
+        }
+        return "Deployment: \(deploymentName) · Model: \(cleanedModel)"
+    }
+}
+
+public enum AzureOpenAIUsageError: LocalizedError, Sendable, Equatable {
+    case missingAPIKey
+    case missingEndpoint
+    case missingDeploymentName
+    case invalidEndpoint
+    case invalidURL
+    case networkError(String)
+    case apiError(statusCode: Int, message: String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingAPIKey:
+            AzureOpenAISettingsError.missingAPIKey.errorDescription
+        case .missingEndpoint:
+            AzureOpenAISettingsError.missingEndpoint.errorDescription
+        case .missingDeploymentName:
+            AzureOpenAISettingsError.missingDeploymentName.errorDescription
+        case .invalidEndpoint:
+            AzureOpenAISettingsError.invalidEndpoint.errorDescription
+        case .invalidURL:
+            "Azure OpenAI validation URL is invalid."
+        case let .networkError(message):
+            "Azure OpenAI network error: \(message)"
+        case let .apiError(statusCode, message):
+            if message.isEmpty {
+                "Azure OpenAI API error: HTTP \(statusCode)"
+            } else {
+                "Azure OpenAI API error: HTTP \(statusCode): \(message)"
+            }
+        case let .parseFailed(message):
+            "Azure OpenAI response parse error: \(message)"
+        }
+    }
+}
+
+private struct AzureOpenAIChatCompletionResponse: Decodable {
+    let model: String?
+}
+
+public enum AzureOpenAIUsageFetcher {
+    private static let timeoutSeconds: TimeInterval = 20
+    private static let maxErrorBodyLength = 240
+
+    public static func fetchUsage(
+        apiKey: String,
+        endpoint: URL,
+        deploymentName: String,
+        apiVersion: String = AzureOpenAISettingsReader.defaultAPIVersion,
+        transport: any ProviderHTTPTransport = ProviderHTTPClient.shared,
+        updatedAt: Date = Date()) async throws -> AzureOpenAIUsageSnapshot
+    {
+        let apiKey = apiKey.trimmingCharacters(in: .whitespacesAndNewlines)
+        let deploymentName = deploymentName.trimmingCharacters(in: .whitespacesAndNewlines)
+        let apiVersion = apiVersion.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !apiKey.isEmpty else { throw AzureOpenAIUsageError.missingAPIKey }
+        guard !deploymentName.isEmpty else { throw AzureOpenAIUsageError.missingDeploymentName }
+        guard endpoint.host?.isEmpty == false else { throw AzureOpenAIUsageError.invalidEndpoint }
+        let effectiveAPIVersion = apiVersion.isEmpty ? AzureOpenAISettingsReader.defaultAPIVersion : apiVersion
+
+        var request = try URLRequest(url: self.chatCompletionsURL(
+            endpoint: endpoint,
+            deploymentName: deploymentName,
+            apiVersion: effectiveAPIVersion))
+        request.httpMethod = "POST"
+        request.timeoutInterval = Self.timeoutSeconds
+        request.setValue(apiKey, forHTTPHeaderField: "api-key")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.setValue("application/json", forHTTPHeaderField: "Content-Type")
+        request.httpBody = try self.validationRequestBody(
+            deploymentName: deploymentName,
+            apiVersion: effectiveAPIVersion)
+
+        let response: ProviderHTTPResponse
+        do {
+            response = try await transport.response(for: request)
+        } catch {
+            throw AzureOpenAIUsageError.networkError(error.localizedDescription)
+        }
+
+        guard (200..<300).contains(response.statusCode) else {
+            throw AzureOpenAIUsageError.apiError(
+                statusCode: response.statusCode,
+                message: self.responseSummary(response.data))
+        }
+
+        let model: String?
+        do {
+            model = try JSONDecoder().decode(AzureOpenAIChatCompletionResponse.self, from: response.data).model
+        } catch {
+            throw AzureOpenAIUsageError.parseFailed(error.localizedDescription)
+        }
+
+        return AzureOpenAIUsageSnapshot(
+            endpointHost: endpoint.host ?? endpoint.absoluteString,
+            deploymentName: deploymentName,
+            model: model,
+            apiVersion: effectiveAPIVersion,
+            updatedAt: updatedAt)
+    }
+
+    public static func _chatCompletionsURLForTesting(
+        endpoint: URL,
+        deploymentName: String,
+        apiVersion: String) throws -> URL
+    {
+        try self.chatCompletionsURL(endpoint: endpoint, deploymentName: deploymentName, apiVersion: apiVersion)
+    }
+
+    private static func chatCompletionsURL(
+        endpoint: URL,
+        deploymentName: String,
+        apiVersion: String) throws -> URL
+    {
+        if self.usesV1API(apiVersion) {
+            let base = self.apiRoot(endpoint: endpoint, pathComponents: ["openai", "v1"])
+                .appendingPathComponent("chat")
+                .appendingPathComponent("completions")
+            guard let url = URLComponents(url: base, resolvingAgainstBaseURL: false)?.url else {
+                throw AzureOpenAIUsageError.invalidURL
+            }
+            return url
+        }
+
+        let base = self.apiRoot(endpoint: endpoint, pathComponents: ["openai"])
+            .appendingPathComponent("deployments")
+            .appendingPathComponent(deploymentName)
+            .appendingPathComponent("chat")
+            .appendingPathComponent("completions")
+        guard var components = URLComponents(url: base, resolvingAgainstBaseURL: false) else {
+            throw AzureOpenAIUsageError.invalidURL
+        }
+        components.queryItems = [URLQueryItem(name: "api-version", value: apiVersion)]
+        guard let url = components.url else { throw AzureOpenAIUsageError.invalidURL }
+        return url
+    }
+
+    private static func apiRoot(endpoint: URL, pathComponents expectedComponents: [String]) -> URL {
+        let existingComponents = endpoint.pathComponents
+            .filter { $0 != "/" }
+            .map { $0.lowercased() }
+        let expectedComponents = expectedComponents.map { $0.lowercased() }
+        let sharedCount = stride(
+            from: min(existingComponents.count, expectedComponents.count),
+            through: 0,
+            by: -1)
+            .first { count in
+                count == 0 || Array(existingComponents.suffix(count)) == Array(expectedComponents.prefix(count))
+            } ?? 0
+        return expectedComponents.dropFirst(sharedCount).reduce(endpoint) { url, component in
+            url.appendingPathComponent(component)
+        }
+    }
+
+    private static func validationRequestBody(
+        deploymentName: String,
+        apiVersion: String) throws -> Data
+    {
+        var payload: [String: Any] = [
+            "messages": [
+                ["role": "user", "content": "ping"],
+            ],
+        ]
+        if self.usesV1API(apiVersion) {
+            payload["model"] = deploymentName
+            payload["max_completion_tokens"] = 1
+        } else {
+            payload["max_tokens"] = 1
+        }
+        return try JSONSerialization.data(withJSONObject: payload, options: [])
+    }
+
+    private static func usesV1API(_ apiVersion: String) -> Bool {
+        apiVersion.trimmingCharacters(in: .whitespacesAndNewlines).lowercased() == "v1"
+    }
+
+    private static func responseSummary(_ data: Data) -> String {
+        guard let body = String(data: data, encoding: .utf8)?
+            .replacingOccurrences(of: #"\s+"#, with: " ", options: .regularExpression)
+            .trimmingCharacters(in: .whitespacesAndNewlines),
+            !body.isEmpty
+        else {
+            return ""
+        }
+        guard body.count > Self.maxErrorBodyLength else { return body }
+        let index = body.index(body.startIndex, offsetBy: Self.maxErrorBodyLength)
+        return "\(body[..<index])… [truncated]"
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Bedrock/BedrockAWSSigner.swift b/Sources/CodexBarCore/Providers/Bedrock/BedrockAWSSigner.swift
new file mode 100644
index 000000000..360ac9ee0
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Bedrock/BedrockAWSSigner.swift
@@ -0,0 +1,179 @@
+#if canImport(CryptoKit)
+import CryptoKit
+#else
+import Crypto
+#endif
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+enum BedrockAWSSigner {
+    struct Credentials {
+        let accessKeyID: String
+        let secretAccessKey: String
+        let sessionToken: String?
+    }
+
+    static func sign(
+        request: inout URLRequest,
+        credentials: Credentials,
+        region: String,
+        service: String,
+        date: Date = Date())
+    {
+        let dateFormatter = Self.dateFormatter()
+        let dateStamp = Self.dateStamp(date: date)
+        let amzDate = dateFormatter.string(from: date)
+
+        request.setValue(amzDate, forHTTPHeaderField: "X-Amz-Date")
+        if let sessionToken = credentials.sessionToken {
+            request.setValue(sessionToken, forHTTPHeaderField: "X-Amz-Security-Token")
+        }
+
+        let host = request.url?.host ?? ""
+        request.setValue(host, forHTTPHeaderField: "Host")
+
+        let bodyHash = Self.sha256Hex(request.httpBody ?? Data())
+        request.setValue(bodyHash, forHTTPHeaderField: "x-amz-content-sha256")
+
+        let signedHeaders = Self.signedHeaders(request: request)
+        let canonicalRequest = Self.canonicalRequest(
+            request: request,
+            signedHeaders: signedHeaders,
+            bodyHash: bodyHash)
+
+        let credentialScope = "\(dateStamp)/\(region)/\(service)/aws4_request"
+        let stringToSign = [
+            "AWS4-HMAC-SHA256",
+            amzDate,
+            credentialScope,
+            Self.sha256Hex(Data(canonicalRequest.utf8)),
+        ].joined(separator: "\n")
+
+        let signature = Self.calculateSignature(
+            secretKey: credentials.secretAccessKey,
+            dateStamp: dateStamp,
+            region: region,
+            service: service,
+            stringToSign: stringToSign)
+
+        let authorization = "AWS4-HMAC-SHA256 "
+            + "Credential=\(credentials.accessKeyID)/\(credentialScope), "
+            + "SignedHeaders=\(signedHeaders.keys), "
+            + "Signature=\(signature)"
+
+        request.setValue(authorization, forHTTPHeaderField: "Authorization")
+    }
+
+    private struct SignedHeadersInfo {
+        let keys: String
+        let canonical: String
+    }
+
+    private static func signedHeaders(request: URLRequest) -> SignedHeadersInfo {
+        var headers: [(String, String)] = []
+        if let allHeaders = request.allHTTPHeaderFields {
+            for (key, value) in allHeaders {
+                headers.append((key.lowercased(), value.trimmingCharacters(in: .whitespaces)))
+            }
+        }
+        headers.sort { $0.0 < $1.0 }
+
+        let keys = headers.map(\.0).joined(separator: ";")
+        let canonical = headers.map { "\($0.0):\($0.1)" }.joined(separator: "\n")
+        return SignedHeadersInfo(keys: keys, canonical: canonical)
+    }
+
+    private static func canonicalRequest(
+        request: URLRequest,
+        signedHeaders: SignedHeadersInfo,
+        bodyHash: String) -> String
+    {
+        let method = request.httpMethod ?? "GET"
+        let url = request.url!
+        let path = url.path.isEmpty ? "/" : url.path
+        let query = Self.canonicalQueryString(url: url)
+
+        return [
+            method,
+            Self.uriEncodePath(path),
+            query,
+            signedHeaders.canonical + "\n",
+            signedHeaders.keys,
+            bodyHash,
+        ].joined(separator: "\n")
+    }
+
+    private static func canonicalQueryString(url: URL) -> String {
+        guard let components = URLComponents(url: url, resolvingAgainstBaseURL: false),
+              let queryItems = components.queryItems,
+              !queryItems.isEmpty
+        else {
+            return ""
+        }
+
+        return queryItems
+            .map { item in
+                let key = Self.uriEncode(item.name)
+                let value = Self.uriEncode(item.value ?? "")
+                return "\(key)=\(value)"
+            }
+            .sorted()
+            .joined(separator: "&")
+    }
+
+    private static func calculateSignature(
+        secretKey: String,
+        dateStamp: String,
+        region: String,
+        service: String,
+        stringToSign: String) -> String
+    {
+        let kDate = Self.hmacSHA256(key: Data("AWS4\(secretKey)".utf8), data: Data(dateStamp.utf8))
+        let kRegion = Self.hmacSHA256(key: kDate, data: Data(region.utf8))
+        let kService = Self.hmacSHA256(key: kRegion, data: Data(service.utf8))
+        let kSigning = Self.hmacSHA256(key: kService, data: Data("aws4_request".utf8))
+        let signature = Self.hmacSHA256(key: kSigning, data: Data(stringToSign.utf8))
+        return signature.map { String(format: "%02x", $0) }.joined()
+    }
+
+    private static func hmacSHA256(key: Data, data: Data) -> Data {
+        let symmetricKey = SymmetricKey(data: key)
+        let mac = HMAC<SHA256>.authenticationCode(for: data, using: symmetricKey)
+        return Data(mac)
+    }
+
+    private static func sha256Hex(_ data: Data) -> String {
+        let digest = SHA256.hash(data: data)
+        return digest.map { String(format: "%02x", $0) }.joined()
+    }
+
+    private static func dateFormatter() -> DateFormatter {
+        let formatter = DateFormatter()
+        formatter.dateFormat = "yyyyMMdd'T'HHmmss'Z'"
+        formatter.timeZone = TimeZone(identifier: "UTC")
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        return formatter
+    }
+
+    private static func dateStamp(date: Date) -> String {
+        let formatter = DateFormatter()
+        formatter.dateFormat = "yyyyMMdd"
+        formatter.timeZone = TimeZone(identifier: "UTC")
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        return formatter.string(from: date)
+    }
+
+    private static func uriEncode(_ string: String) -> String {
+        var allowed = CharacterSet.alphanumerics
+        allowed.insert(charactersIn: "-._~")
+        return string.addingPercentEncoding(withAllowedCharacters: allowed) ?? string
+    }
+
+    private static func uriEncodePath(_ path: String) -> String {
+        path.split(separator: "/", omittingEmptySubsequences: false)
+            .map { self.uriEncode(String($0)) }
+            .joined(separator: "/")
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Bedrock/BedrockCredentialResolver.swift b/Sources/CodexBarCore/Providers/Bedrock/BedrockCredentialResolver.swift
new file mode 100644
index 000000000..c5f3cac13
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Bedrock/BedrockCredentialResolver.swift
@@ -0,0 +1,78 @@
+import Foundation
+
+/// Resolves Bedrock signing credentials + region for the configured auth mode.
+///
+/// Shared by the main usage fetch (`BedrockAPIFetchStrategy`) and the daily
+/// cost-history refresh (`CostUsageFetcher`) so both honor AWS-profile auth
+/// identically instead of the history path silently requiring static keys.
+enum BedrockCredentialResolver {
+    struct Resolved {
+        let credentials: BedrockAWSSigner.Credentials
+        let region: String
+    }
+
+    static func resolve(
+        environment: [String: String],
+        resolveAWSBinary: ([String: String]) -> String? = { BinaryLocator.resolveAWSBinary(env: $0) },
+        makeProvider: (String) -> BedrockProfileCredentialProvider = {
+            BedrockProfileCredentialProvider.live(awsBinaryPath: $0)
+        }) async throws -> Resolved
+    {
+        switch BedrockSettingsReader.authMode(environment: environment) {
+        case .keys:
+            guard let accessKeyID = BedrockSettingsReader.accessKeyID(environment: environment),
+                  let secretAccessKey = BedrockSettingsReader.secretAccessKey(environment: environment)
+            else {
+                throw BedrockUsageError.missingCredentials
+            }
+            let credentials = BedrockAWSSigner.Credentials(
+                accessKeyID: accessKeyID,
+                secretAccessKey: secretAccessKey,
+                sessionToken: BedrockSettingsReader.sessionToken(environment: environment))
+            return Resolved(
+                credentials: credentials,
+                region: BedrockSettingsReader.region(environment: environment))
+
+        case .profile:
+            guard let profile = BedrockSettingsReader.profile(environment: environment) else {
+                throw BedrockUsageError.missingCredentials
+            }
+            guard let awsBinary = resolveAWSBinary(environment) else {
+                throw BedrockUsageError.awsCLINotFound
+            }
+            let cliEnvironment = Self.profileCLIEnvironment(environment)
+            let provider = makeProvider(awsBinary)
+            let credentials = try await provider.exportCredentials(profile: profile, environment: cliEnvironment)
+            let region = try await Self.resolveRegion(
+                provider: provider,
+                profile: profile,
+                environment: cliEnvironment)
+            return Resolved(credentials: credentials, region: region)
+        }
+    }
+
+    private static func profileCLIEnvironment(_ environment: [String: String]) -> [String: String] {
+        var cliEnvironment = environment
+        // `--profile` selects the requested profile. Leaving AWS_PROFILE set can
+        // break assume-role profiles that use `credential_source = Environment`;
+        // keep the source credential variables themselves available.
+        cliEnvironment[BedrockSettingsReader.profileKey] = nil
+        return cliEnvironment
+    }
+
+    private static func resolveRegion(
+        provider: BedrockProfileCredentialProvider,
+        profile: String,
+        environment: [String: String]) async throws -> String
+    {
+        if let explicit = BedrockSettingsReader.cleaned(environment[BedrockSettingsReader.regionKeys[0]])
+            ?? BedrockSettingsReader.cleaned(environment[BedrockSettingsReader.regionKeys[1]])
+        {
+            return explicit
+        }
+        if let derived = try await provider.resolveRegion(profile: profile, environment: environment) {
+            return derived
+        }
+        return BedrockSettingsReader.defaultRegion
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Bedrock/BedrockProfileCredentialProvider.swift b/Sources/CodexBarCore/Providers/Bedrock/BedrockProfileCredentialProvider.swift
new file mode 100644
index 000000000..1f692f9a9
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Bedrock/BedrockProfileCredentialProvider.swift
@@ -0,0 +1,87 @@
+import Foundation
+
+/// Resolves AWS credentials for a named profile by shelling out to the AWS CLI.
+///
+/// Uses `aws configure export-credentials`, which transparently resolves static
+/// credentials, SSO sessions, assume-role chains, and `credential_process` profiles.
+/// The runner is injected so tests never invoke a real `aws` binary.
+struct BedrockProfileCredentialProvider {
+    typealias Runner = @Sendable (
+        _ arguments: [String],
+        _ environment: [String: String]) async throws -> SubprocessResult
+
+    let awsBinaryPath: String
+    let run: Runner
+
+    /// Production provider that drives the real `aws` binary via `SubprocessRunner`.
+    static func live(awsBinaryPath: String) -> BedrockProfileCredentialProvider {
+        BedrockProfileCredentialProvider(awsBinaryPath: awsBinaryPath) { arguments, environment in
+            try await SubprocessRunner.run(
+                binary: awsBinaryPath,
+                arguments: arguments,
+                environment: environment,
+                timeout: 20,
+                label: "aws-bedrock-credentials")
+        }
+    }
+
+    func exportCredentials(
+        profile: String,
+        environment: [String: String] = [:]) async throws -> BedrockAWSSigner.Credentials
+    {
+        let result: SubprocessResult
+        do {
+            result = try await self.run(
+                ["configure", "export-credentials", "--profile", profile, "--format", "process"],
+                environment)
+        } catch let SubprocessRunnerError.nonZeroExit(_, stderr) {
+            throw Self.mapExportError(stderr: stderr, profile: profile)
+        }
+
+        guard let data = result.stdout.data(using: .utf8),
+              let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
+              let accessKeyID = Self.nonEmpty(json["AccessKeyId"] as? String),
+              let secretAccessKey = Self.nonEmpty(json["SecretAccessKey"] as? String)
+        else {
+            throw BedrockUsageError.parseFailed("Could not parse AWS CLI export-credentials output")
+        }
+
+        return BedrockAWSSigner.Credentials(
+            accessKeyID: accessKeyID,
+            secretAccessKey: secretAccessKey,
+            sessionToken: Self.nonEmpty(json["SessionToken"] as? String))
+    }
+
+    /// Returns the profile's configured region, or `nil` when unset.
+    /// `aws configure get region` exits non-zero when the value is not configured,
+    /// which is a normal case rather than an error.
+    func resolveRegion(
+        profile: String,
+        environment: [String: String] = [:]) async throws -> String?
+    {
+        do {
+            let result = try await self.run(
+                ["configure", "get", "region", "--profile", profile],
+                environment)
+            return Self.nonEmpty(result.stdout)
+        } catch SubprocessRunnerError.nonZeroExit {
+            return nil
+        }
+    }
+
+    static func mapExportError(stderr: String, profile: String) -> BedrockUsageError {
+        let lower = stderr.lowercased()
+        if lower.contains("sso login") || lower.contains("expired") || lower.contains("token has expired") {
+            return .profileSessionExpired(profile)
+        }
+        let trimmed = stderr.trimmingCharacters(in: .whitespacesAndNewlines)
+        return .apiError(trimmed.isEmpty ? "AWS CLI failed to export credentials" : trimmed)
+    }
+
+    private static func nonEmpty(_ raw: String?) -> String? {
+        guard let value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+        return value
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Bedrock/BedrockProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Bedrock/BedrockProviderDescriptor.swift
new file mode 100644
index 000000000..deaf60086
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Bedrock/BedrockProviderDescriptor.swift
@@ -0,0 +1,75 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum BedrockProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .bedrock,
+            metadata: ProviderMetadata(
+                id: .bedrock,
+                displayName: "AWS Bedrock",
+                sessionLabel: "Budget",
+                weeklyLabel: "Cost",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show AWS Bedrock usage",
+                cliName: "bedrock",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                dashboardURL: "https://console.aws.amazon.com/bedrock",
+                statusPageURL: nil,
+                statusLinkURL: "https://health.aws.amazon.com/health/status"),
+            branding: ProviderBranding(
+                iconStyle: .bedrock,
+                iconResourceName: "ProviderIcon-bedrock",
+                color: ProviderColor(red: 1, green: 0.6, blue: 0)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: true,
+                noDataMessage: { "No AWS Bedrock cost data available. Check your AWS access keys "
+                    + "or profile, and that the AWS CLI is installed for profile auth."
+                }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .api],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [BedrockAPIFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "bedrock",
+                aliases: ["aws-bedrock"],
+                versionDetector: nil))
+    }
+}
+
+struct BedrockAPIFetchStrategy: ProviderFetchStrategy {
+    let id: String = "bedrock.api"
+    let kind: ProviderFetchKind = .apiToken
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        switch BedrockSettingsReader.authMode(environment: context.env) {
+        case .keys:
+            BedrockSettingsReader.hasCredentials(environment: context.env)
+        case .profile:
+            BedrockSettingsReader.profile(environment: context.env) != nil
+        }
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let resolved = try await BedrockCredentialResolver.resolve(environment: context.env)
+        let budget = BedrockSettingsReader.budget(environment: context.env)
+        let usage = try await BedrockUsageFetcher.fetchUsage(
+            credentials: resolved.credentials,
+            region: resolved.region,
+            budget: budget,
+            environment: context.env)
+        return self.makeResult(
+            usage: usage.toUsageSnapshot(),
+            sourceLabel: "api")
+    }
+
+    func shouldFallback(on _: any Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Bedrock/BedrockSettingsReader.swift b/Sources/CodexBarCore/Providers/Bedrock/BedrockSettingsReader.swift
new file mode 100644
index 000000000..aa1a6447f
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Bedrock/BedrockSettingsReader.swift
@@ -0,0 +1,106 @@
+import Foundation
+
+public enum BedrockAuthMode: String, Codable, Sendable, CaseIterable {
+    case keys
+    case profile
+}
+
+public enum BedrockSettingsReader {
+    public static let accessKeyIDKey = "AWS_ACCESS_KEY_ID"
+    public static let secretAccessKeyKey = "AWS_SECRET_ACCESS_KEY"
+    public static let sessionTokenKey = "AWS_SESSION_TOKEN"
+    public static let regionKeys = ["AWS_REGION", "AWS_DEFAULT_REGION"]
+    public static let budgetKey = "CODEXBAR_BEDROCK_BUDGET"
+    public static let apiURLKey = "CODEXBAR_BEDROCK_API_URL"
+    public static let profileKey = "AWS_PROFILE"
+    public static let authModeKey = "CODEXBAR_BEDROCK_AUTH_MODE"
+    public static let defaultRegion = "us-east-1"
+
+    public static func accessKeyID(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        self.cleaned(environment[self.accessKeyIDKey])
+    }
+
+    public static func secretAccessKey(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.cleaned(environment[self.secretAccessKeyKey])
+    }
+
+    public static func sessionToken(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.cleaned(environment[self.sessionTokenKey])
+    }
+
+    public static func region(environment: [String: String] = ProcessInfo.processInfo.environment) -> String {
+        for key in self.regionKeys {
+            if let value = self.cleaned(environment[key]) {
+                return value
+            }
+        }
+        return self.defaultRegion
+    }
+
+    public static func budget(environment: [String: String] = ProcessInfo.processInfo.environment) -> Double? {
+        guard let raw = self.cleaned(environment[self.budgetKey]),
+              let value = Double(raw),
+              value > 0
+        else {
+            return nil
+        }
+        return value
+    }
+
+    public static func profile(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.cleaned(environment[self.profileKey])
+    }
+
+    public static func authMode(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> BedrockAuthMode
+    {
+        if let raw = self.cleaned(environment[self.authModeKey])?.lowercased(),
+           let mode = BedrockAuthMode(rawValue: raw)
+        {
+            return mode
+        }
+        if self.profile(environment: environment) != nil,
+           !self.hasStaticKeys(environment: environment)
+        {
+            return .profile
+        }
+        return .keys
+    }
+
+    static func hasStaticKeys(environment: [String: String]) -> Bool {
+        self.accessKeyID(environment: environment) != nil &&
+            self.secretAccessKey(environment: environment) != nil
+    }
+
+    public static func hasCredentials(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> Bool
+    {
+        switch self.authMode(environment: environment) {
+        case .keys:
+            self.hasStaticKeys(environment: environment)
+        case .profile:
+            self.profile(environment: environment) != nil
+        }
+    }
+
+    static func cleaned(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+
+        value = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : value
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Bedrock/BedrockUsageStats.swift b/Sources/CodexBarCore/Providers/Bedrock/BedrockUsageStats.swift
new file mode 100644
index 000000000..f2c447177
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Bedrock/BedrockUsageStats.swift
@@ -0,0 +1,444 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public struct BedrockUsageSnapshot: Codable, Sendable {
+    public let monthlySpend: Double
+    public let monthlyBudget: Double?
+    public let inputTokens: Int?
+    public let outputTokens: Int?
+    public let region: String
+    public let updatedAt: Date
+
+    public init(
+        monthlySpend: Double,
+        monthlyBudget: Double?,
+        inputTokens: Int? = nil,
+        outputTokens: Int? = nil,
+        region: String,
+        updatedAt: Date)
+    {
+        self.monthlySpend = monthlySpend
+        self.monthlyBudget = monthlyBudget
+        self.inputTokens = inputTokens
+        self.outputTokens = outputTokens
+        self.region = region
+        self.updatedAt = updatedAt
+    }
+
+    public var budgetUsedPercent: Double? {
+        guard let budget = self.monthlyBudget, budget > 0 else { return nil }
+        return min(100, max(0, (self.monthlySpend / budget) * 100))
+    }
+
+    public var totalTokens: Int? {
+        guard let input = self.inputTokens, let output = self.outputTokens else { return nil }
+        return input + output
+    }
+}
+
+extension BedrockUsageSnapshot {
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let primary: RateWindow? = if let usedPercent = self.budgetUsedPercent {
+            RateWindow(
+                usedPercent: usedPercent,
+                windowMinutes: nil,
+                resetsAt: Self.endOfCurrentMonth(),
+                resetDescription: "Monthly budget")
+        } else {
+            nil
+        }
+
+        let cost = ProviderCostSnapshot(
+            used: self.monthlySpend,
+            limit: self.monthlyBudget ?? 0,
+            currencyCode: "USD",
+            period: "Monthly",
+            resetsAt: Self.endOfCurrentMonth(),
+            updatedAt: self.updatedAt)
+
+        var loginParts: [String] = []
+        loginParts.append(String(format: "Spend: $%.2f", self.monthlySpend))
+        if let budget = self.monthlyBudget {
+            loginParts.append(String(format: "Budget: $%.2f", budget))
+        }
+        if let total = self.totalTokens {
+            loginParts.append("Tokens: \(Self.formattedTokenCount(total))")
+        }
+
+        let identity = ProviderIdentitySnapshot(
+            providerID: .bedrock,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: loginParts.joined(separator: " - "))
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: nil,
+            tertiary: nil,
+            providerCost: cost,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+
+    private static func endOfCurrentMonth() -> Date? {
+        let calendar = Calendar.current
+        guard let range = calendar.range(of: .day, in: .month, for: Date()) else { return nil }
+        let components = calendar.dateComponents([.year, .month], from: Date())
+        guard let startOfMonth = calendar.date(from: components) else { return nil }
+        return calendar.date(byAdding: .day, value: range.count, to: startOfMonth)
+    }
+
+    static func formattedTokenCount(_ count: Int) -> String {
+        if count >= 1_000_000 {
+            return String(format: "%.1fM", Double(count) / 1_000_000)
+        } else if count >= 1000 {
+            return String(format: "%.1fK", Double(count) / 1000)
+        }
+        return "\(count)"
+    }
+}
+
+enum BedrockUsageFetcher {
+    private static let log = CodexBarLog.logger(LogCategories.bedrockUsage)
+    private static let requestTimeoutSeconds: TimeInterval = 15
+
+    private struct CostExplorerQuery {
+        let startDate: String
+        let endDate: String
+        let granularity: String
+        let nextPageToken: String?
+    }
+
+    static func fetchUsage(
+        credentials: BedrockAWSSigner.Credentials,
+        region: String,
+        budget: Double?,
+        environment: [String: String] = ProcessInfo.processInfo.environment) async throws
+        -> BedrockUsageSnapshot
+    {
+        let spend = try await Self.fetchMonthlyCost(
+            credentials: credentials,
+            environment: environment)
+
+        return BedrockUsageSnapshot(
+            monthlySpend: spend,
+            monthlyBudget: budget,
+            inputTokens: nil,
+            outputTokens: nil,
+            region: region,
+            updatedAt: Date())
+    }
+
+    static func fetchDailyReport(
+        credentials: BedrockAWSSigner.Credentials,
+        since: Date,
+        until: Date,
+        environment: [String: String] = ProcessInfo.processInfo.environment) async throws
+        -> CostUsageDailyReport
+    {
+        let formatter = Self.dateFormatter()
+        let startDate = formatter.string(from: since)
+        let inclusiveEnd = Self.utcCalendar().date(byAdding: .day, value: 1, to: until) ?? until
+        let endDate = formatter.string(from: inclusiveEnd)
+
+        let pages = try await Self.callCostExplorerPages(
+            startDate: startDate,
+            endDate: endDate,
+            granularity: "DAILY",
+            credentials: credentials,
+            environment: environment)
+
+        let entries = try Self.parseDailyResponses(pages)
+        return CostUsageDailyReport(data: entries, summary: nil)
+    }
+
+    private static func fetchMonthlyCost(
+        credentials: BedrockAWSSigner.Credentials,
+        environment: [String: String]) async throws -> Double
+    {
+        let (startDate, endDate) = Self.currentMonthRange()
+
+        let pages = try await Self.callCostExplorerPages(
+            startDate: startDate,
+            endDate: endDate,
+            granularity: "MONTHLY",
+            credentials: credentials,
+            environment: environment)
+
+        return try Self.parseTotalCost(pages)
+    }
+
+    private static func callCostExplorerPages(
+        startDate: String,
+        endDate: String,
+        granularity: String,
+        credentials: BedrockAWSSigner.Credentials,
+        environment: [String: String]) async throws -> [Data]
+    {
+        var pages: [Data] = []
+        var nextPageToken: String?
+        var seenPageTokens: Set<String> = []
+
+        repeat {
+            let page = try await Self.callCostExplorerPage(
+                query: CostExplorerQuery(
+                    startDate: startDate,
+                    endDate: endDate,
+                    granularity: granularity,
+                    nextPageToken: nextPageToken),
+                credentials: credentials,
+                environment: environment)
+            pages.append(page)
+            nextPageToken = try Self.nextPageToken(from: page)
+            if let nextPageToken, !seenPageTokens.insert(nextPageToken).inserted {
+                throw BedrockUsageError.parseFailed("Cost Explorer returned repeated NextPageToken")
+            }
+        } while nextPageToken != nil
+
+        return pages
+    }
+
+    private static func callCostExplorerPage(
+        query: CostExplorerQuery,
+        credentials: BedrockAWSSigner.Credentials,
+        environment: [String: String]) async throws -> Data
+    {
+        let ceRegion = "us-east-1"
+        let baseURL: URL = if let override = environment[BedrockSettingsReader.apiURLKey],
+                              let url = URL(string: BedrockSettingsReader.cleaned(override) ?? "")
+        {
+            url
+        } else {
+            URL(string: "https://ce.\(ceRegion).amazonaws.com")!
+        }
+
+        var requestBody: [String: Any] = [
+            "TimePeriod": [
+                "Start": query.startDate,
+                "End": query.endDate,
+            ],
+            "Granularity": query.granularity,
+            "Metrics": ["UnblendedCost"],
+            "GroupBy": [
+                ["Type": "DIMENSION", "Key": "SERVICE"],
+            ],
+        ]
+        if let nextPageToken = query.nextPageToken {
+            requestBody["NextPageToken"] = nextPageToken
+        }
+
+        let bodyData = try JSONSerialization.data(withJSONObject: requestBody)
+
+        var request = URLRequest(url: baseURL)
+        request.httpMethod = "POST"
+        request.httpBody = bodyData
+        request.setValue("application/x-amz-json-1.1", forHTTPHeaderField: "Content-Type")
+        request.setValue(
+            "AWSInsightsIndexService.GetCostAndUsage",
+            forHTTPHeaderField: "X-Amz-Target")
+        request.timeoutInterval = Self.requestTimeoutSeconds
+
+        BedrockAWSSigner.sign(
+            request: &request,
+            credentials: credentials,
+            region: ceRegion,
+            service: "ce")
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        guard response.statusCode == 200 else {
+            let summary = Self.sanitizedResponseBody(response.data)
+            Self.log.error("AWS Cost Explorer returned \(response.statusCode): \(summary)")
+            throw BedrockUsageError.apiError("HTTP \(response.statusCode)")
+        }
+
+        return response.data
+    }
+
+    private static func nextPageToken(from data: Data) throws -> String? {
+        guard let json = try JSONSerialization.jsonObject(with: data) as? [String: Any] else {
+            throw BedrockUsageError.parseFailed("Invalid Cost Explorer response")
+        }
+        return BedrockSettingsReader.cleaned(json["NextPageToken"] as? String)
+    }
+
+    private static func parseTotalCost(_ pages: [Data]) throws -> Double {
+        var total = 0.0
+        for page in pages {
+            total += try Self.parseTotalCost(page)
+        }
+        return total
+    }
+
+    private static func parseTotalCost(_ data: Data) throws -> Double {
+        var total = 0.0
+        for (_, cost, _) in try Self.parseGroupedResults(data) {
+            total += cost
+        }
+        return total
+    }
+
+    private static func parseDailyResponses(_ pages: [Data]) throws -> [CostUsageDailyReport.Entry] {
+        let reports = try pages.map { page in
+            try CostUsageDailyReport(data: Self.parseDailyResponse(page), summary: nil)
+        }
+        return CostUsageDailyReport.merged(reports).data
+    }
+
+    private static func parseDailyResponse(_ data: Data) throws -> [CostUsageDailyReport.Entry] {
+        guard let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
+              let results = json["ResultsByTime"] as? [[String: Any]]
+        else {
+            throw BedrockUsageError.parseFailed("Missing ResultsByTime in Cost Explorer response")
+        }
+
+        var entries: [CostUsageDailyReport.Entry] = []
+        for result in results {
+            guard let timePeriod = result["TimePeriod"] as? [String: String],
+                  let dateStr = timePeriod["Start"]
+            else { continue }
+
+            var dayCost = 0.0
+            var breakdowns: [CostUsageDailyReport.ModelBreakdown] = []
+
+            if let groups = result["Groups"] as? [[String: Any]] {
+                for group in groups {
+                    guard let keys = group["Keys"] as? [String],
+                          let serviceName = keys.first,
+                          serviceName.localizedCaseInsensitiveContains("Bedrock")
+                    else { continue }
+
+                    if let metrics = group["Metrics"] as? [String: Any],
+                       let unblended = metrics["UnblendedCost"] as? [String: Any],
+                       let amountStr = unblended["Amount"] as? String,
+                       let amount = Double(amountStr),
+                       amount > 0
+                    {
+                        dayCost += amount
+                        breakdowns.append(CostUsageDailyReport.ModelBreakdown(
+                            modelName: serviceName,
+                            costUSD: amount))
+                    }
+                }
+            }
+
+            guard dayCost > 0 else { continue }
+
+            entries.append(CostUsageDailyReport.Entry(
+                date: dateStr,
+                inputTokens: nil,
+                outputTokens: nil,
+                totalTokens: nil,
+                costUSD: dayCost,
+                modelsUsed: breakdowns.map(\.modelName),
+                modelBreakdowns: breakdowns.isEmpty ? nil : breakdowns))
+        }
+
+        return entries
+    }
+
+    private static func parseGroupedResults(_ data: Data) throws
+        -> [(service: String, cost: Double, date: String)]
+    {
+        guard let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
+              let results = json["ResultsByTime"] as? [[String: Any]]
+        else {
+            throw BedrockUsageError.parseFailed("Missing ResultsByTime in Cost Explorer response")
+        }
+
+        var items: [(service: String, cost: Double, date: String)] = []
+        for result in results {
+            let dateStr = (result["TimePeriod"] as? [String: String])?["Start"] ?? ""
+            guard let groups = result["Groups"] as? [[String: Any]] else { continue }
+            for group in groups {
+                guard let keys = group["Keys"] as? [String],
+                      let serviceName = keys.first,
+                      serviceName.localizedCaseInsensitiveContains("Bedrock")
+                else { continue }
+
+                if let metrics = group["Metrics"] as? [String: Any],
+                   let unblended = metrics["UnblendedCost"] as? [String: Any],
+                   let amountStr = unblended["Amount"] as? String,
+                   let amount = Double(amountStr)
+                {
+                    items.append((serviceName, amount, dateStr))
+                }
+            }
+        }
+        return items
+    }
+
+    private static func dateFormatter() -> DateFormatter {
+        let formatter = DateFormatter()
+        formatter.dateFormat = "yyyy-MM-dd"
+        formatter.timeZone = TimeZone(identifier: "UTC")
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        return formatter
+    }
+
+    private static func utcCalendar() -> Calendar {
+        var calendar = Calendar(identifier: .gregorian)
+        calendar.timeZone = TimeZone(secondsFromGMT: 0)!
+        return calendar
+    }
+
+    static func currentMonthRange(now: Date = Date()) -> (start: String, end: String) {
+        let calendar = Self.utcCalendar()
+        let components = calendar.dateComponents([.year, .month], from: now)
+        let startOfMonth = calendar.date(from: components)!
+
+        let formatter = Self.dateFormatter()
+        let startOfToday = calendar.startOfDay(for: now)
+        let tomorrow = calendar.date(byAdding: .day, value: 1, to: startOfToday)!
+        return (formatter.string(from: startOfMonth), formatter.string(from: tomorrow))
+    }
+
+    private static func sanitizedResponseBody(_ data: Data) -> String {
+        guard !data.isEmpty,
+              let body = String(bytes: data, encoding: .utf8)
+        else {
+            return "empty body"
+        }
+
+        let trimmed = body.replacingOccurrences(
+            of: #"\s+"#,
+            with: " ",
+            options: .regularExpression)
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+
+        if trimmed.count > 240 {
+            let index = trimmed.index(trimmed.startIndex, offsetBy: 240)
+            return "\(trimmed[..<index])... [truncated]"
+        }
+
+        return trimmed
+    }
+}
+
+public enum BedrockUsageError: LocalizedError, Sendable, Equatable {
+    case missingCredentials
+    case awsCLINotFound
+    case profileSessionExpired(String)
+    case networkError(String)
+    case apiError(String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCredentials:
+            "AWS credentials not configured. Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY " +
+                "or configure Bedrock in Settings."
+        case .awsCLINotFound:
+            "AWS CLI not found. Install the AWS CLI (v2) or set AWS_CLI_PATH to its location."
+        case let .profileSessionExpired(profile):
+            "AWS profile session expired. Run `aws sso login --profile \(profile)` and try again."
+        case let .networkError(message):
+            "AWS Bedrock network error: \(message)"
+        case let .apiError(message):
+            "AWS Cost Explorer API error: \(message)"
+        case let .parseFailed(message):
+            "Failed to parse AWS Cost Explorer response: \(message)"
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeAdminAPISettingsReader.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeAdminAPISettingsReader.swift
new file mode 100644
index 000000000..cbb179114
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeAdminAPISettingsReader.swift
@@ -0,0 +1,43 @@
+import Foundation
+
+public enum ClaudeAdminAPISettingsReader {
+    public static let adminAPIKeyEnvironmentKey = "ANTHROPIC_ADMIN_KEY"
+    public static let alternateAdminAPIKeyEnvironmentKey = "ANTHROPIC_ADMIN_API_KEY"
+    public static let apiKeyEnvironmentKeys = [
+        Self.adminAPIKeyEnvironmentKey,
+        Self.alternateAdminAPIKeyEnvironmentKey,
+    ]
+
+    public static func apiKey(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        for key in self.apiKeyEnvironmentKeys {
+            if let token = self.cleaned(environment[key]) { return token }
+        }
+        return nil
+    }
+
+    public static func cleaned(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+
+        value = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : value
+    }
+}
+
+public enum ClaudeAdminAPISettingsError: LocalizedError, Sendable {
+    case missingToken
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingToken:
+            "Claude API usage needs an Anthropic Admin API key."
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeAdminAPIUsageFetcher.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeAdminAPIUsageFetcher.swift
new file mode 100644
index 000000000..37df52a03
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeAdminAPIUsageFetcher.swift
@@ -0,0 +1,432 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public enum ClaudeAdminAPIUsageError: LocalizedError, Sendable, Equatable {
+    case missingCredentials
+    case networkError(String)
+    case apiError(endpoint: String, statusCode: Int)
+    case parseFailed(endpoint: String, message: String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCredentials:
+            "Missing Anthropic Admin API key."
+        case let .networkError(message):
+            "Claude API usage network error: \(message)"
+        case let .apiError(endpoint, statusCode):
+            "Claude API usage \(endpoint) error: HTTP \(statusCode)"
+        case let .parseFailed(endpoint, message):
+            "Failed to parse Claude API usage \(endpoint): \(message)"
+        }
+    }
+}
+
+public enum ClaudeAdminAPIUsageFetcher {
+    public static let costReportURL = URL(string: "https://api.anthropic.com/v1/organizations/cost_report")!
+    public static let messagesUsageURL =
+        URL(string: "https://api.anthropic.com/v1/organizations/usage_report/messages")!
+
+    private static let anthropicVersion = "2023-06-01"
+    private static let timeoutSeconds: TimeInterval = 20
+    private static let maxDailyBuckets = 31
+
+    public static func fetchUsage(
+        apiKey: String,
+        costURL: URL = Self.costReportURL,
+        messagesURL: URL = Self.messagesUsageURL,
+        session transport: any ProviderHTTPTransport = ProviderHTTPClient.shared,
+        now: Date = Date()) async throws -> ClaudeAdminAPIUsageSnapshot
+    {
+        let trimmed = apiKey.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else {
+            throw ClaudeAdminAPIUsageError.missingCredentials
+        }
+
+        let calendar = Self.utcCalendar
+        let range = Self.dailyRange(now: now, calendar: calendar)
+        let costs = try await Self.fetchCostReport(
+            apiKey: trimmed,
+            baseURL: costURL,
+            range: range,
+            transport: transport)
+        let messages = try await Self.fetchMessagesUsage(
+            apiKey: trimmed,
+            baseURL: messagesURL,
+            range: range,
+            transport: transport)
+
+        return Self.makeSnapshot(costs: costs, messages: messages, now: now, calendar: calendar)
+    }
+
+    static func _parseSnapshotForTesting(
+        costs: Data,
+        messages: Data,
+        now: Date,
+        calendar: Calendar = Self.utcCalendar) throws -> ClaudeAdminAPIUsageSnapshot
+    {
+        let costs = try Self.decodeCosts(costs)
+        let messages = try Self.decodeMessages(messages)
+        return Self.makeSnapshot(costs: costs, messages: messages, now: now, calendar: calendar)
+    }
+
+    private static func fetchCostReport(
+        apiKey: String,
+        baseURL: URL,
+        range: DateRange,
+        transport: any ProviderHTTPTransport) async throws -> CostReportResponse
+    {
+        let url = Self.url(
+            baseURL: baseURL,
+            range: range,
+            queryItems: [
+                URLQueryItem(name: "group_by[]", value: "description"),
+            ])
+        let data = try await Self.fetchData(url: url, apiKey: apiKey, endpoint: "cost_report", transport: transport)
+        return try Self.decodeCosts(data)
+    }
+
+    private static func fetchMessagesUsage(
+        apiKey: String,
+        baseURL: URL,
+        range: DateRange,
+        transport: any ProviderHTTPTransport) async throws -> MessagesUsageResponse
+    {
+        let url = Self.url(
+            baseURL: baseURL,
+            range: range,
+            queryItems: [
+                URLQueryItem(name: "group_by[]", value: "model"),
+            ])
+        let data = try await Self.fetchData(url: url, apiKey: apiKey, endpoint: "messages", transport: transport)
+        return try Self.decodeMessages(data)
+    }
+
+    private static func fetchData(
+        url: URL,
+        apiKey: String,
+        endpoint: String,
+        transport: any ProviderHTTPTransport) async throws -> Data
+    {
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.timeoutInterval = Self.timeoutSeconds
+        request.setValue(Self.anthropicVersion, forHTTPHeaderField: "anthropic-version")
+        request.setValue(apiKey, forHTTPHeaderField: "x-api-key")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.setValue("CodexBar/1.0", forHTTPHeaderField: "User-Agent")
+
+        let response: ProviderHTTPResponse
+        do {
+            response = try await transport.response(for: request)
+        } catch {
+            throw ClaudeAdminAPIUsageError.networkError(error.localizedDescription)
+        }
+
+        guard response.statusCode == 200 else {
+            throw ClaudeAdminAPIUsageError.apiError(endpoint: endpoint, statusCode: response.statusCode)
+        }
+        return response.data
+    }
+
+    private static func decodeCosts(_ data: Data) throws -> CostReportResponse {
+        do {
+            return try JSONDecoder().decode(CostReportResponse.self, from: data)
+        } catch {
+            throw ClaudeAdminAPIUsageError.parseFailed(endpoint: "cost_report", message: error.localizedDescription)
+        }
+    }
+
+    private static func decodeMessages(_ data: Data) throws -> MessagesUsageResponse {
+        do {
+            return try JSONDecoder().decode(MessagesUsageResponse.self, from: data)
+        } catch {
+            throw ClaudeAdminAPIUsageError.parseFailed(endpoint: "messages", message: error.localizedDescription)
+        }
+    }
+
+    private static func makeSnapshot(
+        costs: CostReportResponse,
+        messages: MessagesUsageResponse,
+        now: Date,
+        calendar: Calendar) -> ClaudeAdminAPIUsageSnapshot
+    {
+        var accumulators: [String: DailyAccumulator] = [:]
+
+        for bucket in costs.data {
+            var accumulator = accumulators[bucket.startingAt] ?? DailyAccumulator(
+                startingAt: bucket.startingAt,
+                endingAt: bucket.endingAt)
+            for result in bucket.results {
+                // Anthropic Usage & Cost API docs define `amount` as a decimal string in lowest USD units.
+                let value = Self.usdFromAnthropicLowestUnitAmount(result.amount)
+                accumulator.costUSD += value
+                let item = Self.displayName(result.description ?? result.costType, fallback: "Claude API")
+                accumulator.costItems[item, default: 0] += value
+            }
+            accumulators[bucket.startingAt] = accumulator
+        }
+
+        for bucket in messages.data {
+            var accumulator = accumulators[bucket.startingAt] ?? DailyAccumulator(
+                startingAt: bucket.startingAt,
+                endingAt: bucket.endingAt)
+            for result in bucket.results {
+                let input = result.uncachedInputTokens ?? 0
+                let cacheCreation = result.cacheCreation?.totalInputTokens ?? 0
+                let cacheRead = result.cacheReadInputTokens ?? 0
+                let output = result.outputTokens ?? 0
+                let total = input + cacheCreation + cacheRead + output
+                accumulator.inputTokens += input
+                accumulator.cacheCreationInputTokens += cacheCreation
+                accumulator.cacheReadInputTokens += cacheRead
+                accumulator.outputTokens += output
+                accumulator.totalTokens += total
+                let modelName = Self.displayName(result.model, fallback: "Claude API")
+                accumulator.models[modelName, default: ModelAccumulator()].add(
+                    inputTokens: input,
+                    cacheCreationInputTokens: cacheCreation,
+                    cacheReadInputTokens: cacheRead,
+                    outputTokens: output,
+                    totalTokens: total)
+            }
+            accumulators[bucket.startingAt] = accumulator
+        }
+
+        let daily = accumulators.values
+            .compactMap { $0.makeBucket(calendar: calendar) }
+            .filter { $0.startTime <= now }
+            .sorted { $0.startTime < $1.startTime }
+        return ClaudeAdminAPIUsageSnapshot(daily: daily, updatedAt: now)
+    }
+
+    private static func displayName(_ raw: String?, fallback: String) -> String {
+        guard let trimmed = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !trimmed.isEmpty else {
+            return fallback
+        }
+        return trimmed
+    }
+
+    private static func usdFromAnthropicLowestUnitAmount(_ raw: String) -> Double {
+        (Double(raw) ?? 0) / 100
+    }
+
+    private static func url(baseURL: URL, range: DateRange, queryItems extraItems: [URLQueryItem]) -> URL {
+        var components = URLComponents(url: baseURL, resolvingAgainstBaseURL: false)!
+        components.queryItems = [
+            URLQueryItem(name: "starting_at", value: Self.rfc3339String(from: range.start)),
+            URLQueryItem(name: "ending_at", value: Self.rfc3339String(from: range.end)),
+            URLQueryItem(name: "bucket_width", value: "1d"),
+            URLQueryItem(name: "limit", value: String(Self.maxDailyBuckets)),
+        ] + extraItems
+        return components.url!
+    }
+
+    private static func dailyRange(now: Date, calendar: Calendar) -> DateRange {
+        let today = calendar.startOfDay(for: now)
+        let start = calendar.date(byAdding: .day, value: -(Self.maxDailyBuckets - 1), to: today) ?? today
+        let end = calendar.date(byAdding: .day, value: 1, to: today) ?? now
+        return DateRange(start: start, end: end)
+    }
+
+    private static var utcCalendar: Calendar {
+        var calendar = Calendar(identifier: .gregorian)
+        calendar.locale = Locale(identifier: "en_US_POSIX")
+        calendar.timeZone = TimeZone(secondsFromGMT: 0)!
+        return calendar
+    }
+
+    private static func rfc3339Formatter() -> ISO8601DateFormatter {
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime]
+        formatter.timeZone = TimeZone(secondsFromGMT: 0)
+        return formatter
+    }
+
+    private static func rfc3339String(from date: Date) -> String {
+        self.rfc3339Formatter().string(from: date)
+    }
+
+    fileprivate static func dayKey(from date: Date, calendar: Calendar) -> String {
+        let formatter = DateFormatter()
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        formatter.timeZone = calendar.timeZone
+        formatter.dateFormat = "yyyy-MM-dd"
+        return formatter.string(from: date)
+    }
+
+    fileprivate static func parseDate(_ raw: String) -> Date? {
+        self.rfc3339Formatter().date(from: raw)
+    }
+}
+
+private struct DateRange {
+    let start: Date
+    let end: Date
+}
+
+private struct DailyAccumulator {
+    let startingAt: String
+    let endingAt: String
+    var costUSD: Double = 0
+    var inputTokens: Int = 0
+    var cacheCreationInputTokens: Int = 0
+    var cacheReadInputTokens: Int = 0
+    var outputTokens: Int = 0
+    var totalTokens: Int = 0
+    var costItems: [String: Double] = [:]
+    var models: [String: ModelAccumulator] = [:]
+
+    func makeBucket(calendar: Calendar) -> ClaudeAdminAPIUsageSnapshot.DailyBucket? {
+        guard let start = ClaudeAdminAPIUsageFetcher.parseDate(self.startingAt),
+              let end = ClaudeAdminAPIUsageFetcher.parseDate(self.endingAt)
+        else { return nil }
+        return ClaudeAdminAPIUsageSnapshot.DailyBucket(
+            day: ClaudeAdminAPIUsageFetcher.dayKey(from: start, calendar: calendar),
+            startTime: start,
+            endTime: end,
+            costUSD: self.costUSD,
+            inputTokens: self.inputTokens,
+            cacheCreationInputTokens: self.cacheCreationInputTokens,
+            cacheReadInputTokens: self.cacheReadInputTokens,
+            outputTokens: self.outputTokens,
+            totalTokens: self.totalTokens,
+            costItems: self.costItems
+                .map { ClaudeAdminAPIUsageSnapshot.CostBreakdown(name: $0.key, costUSD: $0.value) }
+                .sorted {
+                    if $0.costUSD == $1.costUSD { return $0.name < $1.name }
+                    return $0.costUSD > $1.costUSD
+                },
+            models: self.models
+                .map { name, total in total.makeModel(name: name) }
+                .sorted {
+                    if $0.totalTokens == $1.totalTokens { return $0.name < $1.name }
+                    return $0.totalTokens > $1.totalTokens
+                })
+    }
+}
+
+private struct ModelAccumulator {
+    var inputTokens = 0
+    var cacheCreationInputTokens = 0
+    var cacheReadInputTokens = 0
+    var outputTokens = 0
+    var totalTokens = 0
+
+    mutating func add(
+        inputTokens: Int,
+        cacheCreationInputTokens: Int,
+        cacheReadInputTokens: Int,
+        outputTokens: Int,
+        totalTokens: Int)
+    {
+        self.inputTokens += inputTokens
+        self.cacheCreationInputTokens += cacheCreationInputTokens
+        self.cacheReadInputTokens += cacheReadInputTokens
+        self.outputTokens += outputTokens
+        self.totalTokens += totalTokens
+    }
+
+    func makeModel(name: String) -> ClaudeAdminAPIUsageSnapshot.ModelBreakdown {
+        ClaudeAdminAPIUsageSnapshot.ModelBreakdown(
+            name: name,
+            inputTokens: self.inputTokens,
+            cacheCreationInputTokens: self.cacheCreationInputTokens,
+            cacheReadInputTokens: self.cacheReadInputTokens,
+            outputTokens: self.outputTokens,
+            totalTokens: self.totalTokens)
+    }
+}
+
+private struct CostReportResponse: Decodable {
+    let data: [CostBucket]
+    let hasMore: Bool?
+    let nextPage: String?
+
+    private enum CodingKeys: String, CodingKey {
+        case data
+        case hasMore = "has_more"
+        case nextPage = "next_page"
+    }
+}
+
+private struct CostBucket: Decodable {
+    let startingAt: String
+    let endingAt: String
+    let results: [CostResult]
+
+    private enum CodingKeys: String, CodingKey {
+        case startingAt = "starting_at"
+        case endingAt = "ending_at"
+        case results
+    }
+}
+
+private struct CostResult: Decodable {
+    let currency: String?
+    let amount: String
+    let description: String?
+    let costType: String?
+
+    private enum CodingKeys: String, CodingKey {
+        case currency
+        case amount
+        case description
+        case costType = "cost_type"
+    }
+}
+
+private struct MessagesUsageResponse: Decodable {
+    let data: [MessagesBucket]
+    let hasMore: Bool?
+    let nextPage: String?
+
+    private enum CodingKeys: String, CodingKey {
+        case data
+        case hasMore = "has_more"
+        case nextPage = "next_page"
+    }
+}
+
+private struct MessagesBucket: Decodable {
+    let startingAt: String
+    let endingAt: String
+    let results: [MessagesResult]
+
+    private enum CodingKeys: String, CodingKey {
+        case startingAt = "starting_at"
+        case endingAt = "ending_at"
+        case results
+    }
+}
+
+private struct MessagesResult: Decodable {
+    let uncachedInputTokens: Int?
+    let cacheCreation: CacheCreation?
+    let cacheReadInputTokens: Int?
+    let outputTokens: Int?
+    let model: String?
+
+    private enum CodingKeys: String, CodingKey {
+        case uncachedInputTokens = "uncached_input_tokens"
+        case cacheCreation = "cache_creation"
+        case cacheReadInputTokens = "cache_read_input_tokens"
+        case outputTokens = "output_tokens"
+        case model
+    }
+}
+
+private struct CacheCreation: Decodable {
+    let ephemeral1HInputTokens: Int?
+    let ephemeral5MInputTokens: Int?
+
+    var totalInputTokens: Int {
+        (self.ephemeral1HInputTokens ?? 0) + (self.ephemeral5MInputTokens ?? 0)
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case ephemeral1HInputTokens = "ephemeral_1h_input_tokens"
+        case ephemeral5MInputTokens = "ephemeral_5m_input_tokens"
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeAdminAPIUsageSnapshot.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeAdminAPIUsageSnapshot.swift
new file mode 100644
index 000000000..f9b82ab0c
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeAdminAPIUsageSnapshot.swift
@@ -0,0 +1,222 @@
+import Foundation
+
+public struct ClaudeAdminAPIUsageSnapshot: Codable, Equatable, Sendable {
+    public struct DailyBucket: Codable, Equatable, Sendable, Identifiable {
+        public let day: String
+        public let startTime: Date
+        public let endTime: Date
+        public let costUSD: Double
+        public let inputTokens: Int
+        public let cacheCreationInputTokens: Int
+        public let cacheReadInputTokens: Int
+        public let outputTokens: Int
+        public let totalTokens: Int
+        public let costItems: [CostBreakdown]
+        public let models: [ModelBreakdown]
+
+        public var id: String {
+            self.day
+        }
+
+        public init(
+            day: String,
+            startTime: Date,
+            endTime: Date,
+            costUSD: Double,
+            inputTokens: Int,
+            cacheCreationInputTokens: Int,
+            cacheReadInputTokens: Int,
+            outputTokens: Int,
+            totalTokens: Int,
+            costItems: [CostBreakdown],
+            models: [ModelBreakdown])
+        {
+            self.day = day
+            self.startTime = startTime
+            self.endTime = endTime
+            self.costUSD = costUSD
+            self.inputTokens = inputTokens
+            self.cacheCreationInputTokens = cacheCreationInputTokens
+            self.cacheReadInputTokens = cacheReadInputTokens
+            self.outputTokens = outputTokens
+            self.totalTokens = totalTokens
+            self.costItems = costItems
+            self.models = models
+        }
+    }
+
+    public struct CostBreakdown: Codable, Equatable, Sendable, Identifiable {
+        public let name: String
+        public let costUSD: Double
+
+        public var id: String {
+            self.name
+        }
+
+        public init(name: String, costUSD: Double) {
+            self.name = name
+            self.costUSD = costUSD
+        }
+    }
+
+    public struct ModelBreakdown: Codable, Equatable, Sendable, Identifiable {
+        public let name: String
+        public let inputTokens: Int
+        public let cacheCreationInputTokens: Int
+        public let cacheReadInputTokens: Int
+        public let outputTokens: Int
+        public let totalTokens: Int
+
+        public var id: String {
+            self.name
+        }
+
+        public init(
+            name: String,
+            inputTokens: Int,
+            cacheCreationInputTokens: Int,
+            cacheReadInputTokens: Int,
+            outputTokens: Int,
+            totalTokens: Int)
+        {
+            self.name = name
+            self.inputTokens = inputTokens
+            self.cacheCreationInputTokens = cacheCreationInputTokens
+            self.cacheReadInputTokens = cacheReadInputTokens
+            self.outputTokens = outputTokens
+            self.totalTokens = totalTokens
+        }
+    }
+
+    public struct Summary: Equatable, Sendable {
+        public let costUSD: Double
+        public let inputTokens: Int
+        public let cacheCreationInputTokens: Int
+        public let cacheReadInputTokens: Int
+        public let outputTokens: Int
+        public let totalTokens: Int
+
+        public init(
+            costUSD: Double,
+            inputTokens: Int,
+            cacheCreationInputTokens: Int,
+            cacheReadInputTokens: Int,
+            outputTokens: Int,
+            totalTokens: Int)
+        {
+            self.costUSD = costUSD
+            self.inputTokens = inputTokens
+            self.cacheCreationInputTokens = cacheCreationInputTokens
+            self.cacheReadInputTokens = cacheReadInputTokens
+            self.outputTokens = outputTokens
+            self.totalTokens = totalTokens
+        }
+    }
+
+    public let daily: [DailyBucket]
+    public let updatedAt: Date
+
+    public init(daily: [DailyBucket], updatedAt: Date) {
+        self.daily = daily.sorted { $0.startTime < $1.startTime }
+        self.updatedAt = updatedAt
+    }
+
+    public var last30Days: Summary {
+        self.summary(days: 30)
+    }
+
+    public var last7Days: Summary {
+        self.summary(days: 7)
+    }
+
+    public var latestDay: Summary {
+        self.summary(days: 1)
+    }
+
+    public func summary(days: Int) -> Summary {
+        let selected = self.daily.suffix(max(1, days))
+        return Summary(
+            costUSD: selected.reduce(0) { $0 + $1.costUSD },
+            inputTokens: selected.reduce(0) { $0 + $1.inputTokens },
+            cacheCreationInputTokens: selected.reduce(0) { $0 + $1.cacheCreationInputTokens },
+            cacheReadInputTokens: selected.reduce(0) { $0 + $1.cacheReadInputTokens },
+            outputTokens: selected.reduce(0) { $0 + $1.outputTokens },
+            totalTokens: selected.reduce(0) { $0 + $1.totalTokens })
+    }
+
+    public var topModels: [ModelBreakdown] {
+        var totals: [String: ModelAccumulator] = [:]
+        for day in self.daily {
+            for model in day.models {
+                totals[model.name, default: ModelAccumulator()].add(model)
+            }
+        }
+        return totals
+            .map { name, total in total.makeModel(name: name) }
+            .sorted {
+                if $0.totalTokens == $1.totalTokens { return $0.name < $1.name }
+                return $0.totalTokens > $1.totalTokens
+            }
+    }
+
+    public var topCostItems: [CostBreakdown] {
+        var totals: [String: Double] = [:]
+        for day in self.daily {
+            for item in day.costItems {
+                totals[item.name, default: 0] += item.costUSD
+            }
+        }
+        return totals
+            .map { CostBreakdown(name: $0.key, costUSD: $0.value) }
+            .sorted {
+                if $0.costUSD == $1.costUSD { return $0.name < $1.name }
+                return $0.costUSD > $1.costUSD
+            }
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let total = self.last30Days
+        return UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            providerCost: ProviderCostSnapshot(
+                used: total.costUSD,
+                limit: 0,
+                currencyCode: "USD",
+                period: "Last 30 days",
+                updatedAt: self.updatedAt),
+            claudeAdminAPIUsage: self,
+            updatedAt: self.updatedAt,
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: nil,
+                accountOrganization: nil,
+                loginMethod: "Admin API"))
+    }
+
+    private struct ModelAccumulator {
+        var inputTokens = 0
+        var cacheCreationInputTokens = 0
+        var cacheReadInputTokens = 0
+        var outputTokens = 0
+        var totalTokens = 0
+
+        mutating func add(_ model: ModelBreakdown) {
+            self.inputTokens += model.inputTokens
+            self.cacheCreationInputTokens += model.cacheCreationInputTokens
+            self.cacheReadInputTokens += model.cacheReadInputTokens
+            self.outputTokens += model.outputTokens
+            self.totalTokens += model.totalTokens
+        }
+
+        func makeModel(name: String) -> ModelBreakdown {
+            ModelBreakdown(
+                name: name,
+                inputTokens: self.inputTokens,
+                cacheCreationInputTokens: self.cacheCreationInputTokens,
+                cacheReadInputTokens: self.cacheReadInputTokens,
+                outputTokens: self.outputTokens,
+                totalTokens: self.totalTokens)
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeCLISession.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeCLISession.swift
index 9ae1bc052..93f2ddd8a 100644
--- a/Sources/CodexBarCore/Providers/Claude/ClaudeCLISession.swift
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeCLISession.swift
@@ -8,6 +8,25 @@ import Foundation
 actor ClaudeCLISession {
     static let shared = ClaudeCLISession()
     private static let log = CodexBarLog.logger(LogCategories.claudeCLI)
+    #if DEBUG
+    @TaskLocal private static var sessionOverrideForTesting: ClaudeCLISession?
+
+    static var current: ClaudeCLISession {
+        self.sessionOverrideForTesting ?? self.shared
+    }
+
+    static func withIsolatedSessionForTesting<T>(operation: () async throws -> T) async rethrows -> T {
+        let session = ClaudeCLISession()
+        defer { Task { await session.reset() } }
+        return try await self.$sessionOverrideForTesting.withValue(session) {
+            try await operation()
+        }
+    }
+    #else
+    static var current: ClaudeCLISession {
+        self.shared
+    }
+    #endif
 
     enum SessionError: LocalizedError {
         case launchFailed(String)
@@ -98,6 +117,7 @@ actor ClaudeCLISession {
         timeout: TimeInterval,
         idleTimeout: TimeInterval? = 3.0,
         stopOnSubstrings: [String] = [],
+        stopWhenNormalized: (@Sendable (String) -> Bool)? = nil,
         settleAfterStop: TimeInterval = 0.25,
         sendEnterEvery: TimeInterval? = nil) async throws -> String
     {
@@ -136,6 +156,7 @@ actor ClaudeCLISession {
 
         var buffer = Data()
         var scanTailText = ""
+        var normalizedScan = ""
         var utf8Carry = Data()
         let deadline = Date().addingTimeInterval(timeout)
         var lastOutputAt = Date()
@@ -152,27 +173,26 @@ actor ClaudeCLISession {
                 lastOutputAt = Date()
                 Self.appendScanText(newData: newData, scanTailText: &scanTailText, utf8Carry: &utf8Carry)
                 if scanTailText.count > 8192 { scanTailText = String(scanTailText.suffix(8192)) }
-            }
+                normalizedScan = Self.normalizedNeedle(TextParsing.stripANSICodes(scanTailText))
 
-            let scanData = scanBuffer.append(newData)
-            if !scanData.isEmpty,
-               scanData.range(of: cursorQuery) != nil
-            {
-                try? self.send("\u{1b}[1;1R")
-            }
-
-            let normalizedScan = Self.normalizedNeedle(TextParsing.stripANSICodes(scanTailText))
+                let scanData = scanBuffer.append(newData)
+                if scanData.range(of: cursorQuery) != nil {
+                    try? self.send("\u{1b}[1;1R")
+                }
 
-            for item in sendNeedles where !triggeredSends.contains(item.needle) {
-                if normalizedScan.contains(item.needle) {
-                    try? self.send(item.keys)
-                    triggeredSends.insert(item.needle)
+                for item in sendNeedles where !triggeredSends.contains(item.needle) {
+                    if normalizedScan.contains(item.needle) {
+                        try? self.send(item.keys)
+                        triggeredSends.insert(item.needle)
+                    }
                 }
-            }
 
-            if stopNeedles.contains(where: normalizedScan.contains) {
-                stoppedEarly = true
-                break
+                if stopNeedles
+                    .contains(where: normalizedScan.contains) || (stopWhenNormalized?(normalizedScan) == true)
+                {
+                    stoppedEarly = true
+                    break
+                }
             }
 
             if self.shouldStopForIdleTimeout(
@@ -278,10 +298,9 @@ actor ClaudeCLISession {
         proc.standardOutput = secondaryHandle
         proc.standardError = secondaryHandle
 
-        let workingDirectory = ClaudeStatusProbe.probeWorkingDirectoryURL()
+        let workingDirectory = ClaudeStatusProbe.preparedProbeWorkingDirectoryURL()
         proc.currentDirectoryURL = workingDirectory
-        var env = TTYCommandRunner.enrichedEnvironment()
-        env = Self.scrubbedClaudeEnvironment(from: env)
+        var env = Self.launchEnvironment()
         env["PWD"] = workingDirectory.path
         proc.environment = env
 
@@ -298,9 +317,21 @@ actor ClaudeCLISession {
         }
 
         let pid = proc.processIdentifier
+        guard TTYCommandRunner.registerActiveProcessForAppShutdown(
+            pid: pid,
+            binary: URL(fileURLWithPath: binary).lastPathComponent)
+        else {
+            proc.terminate()
+            kill(pid, SIGKILL)
+            try? primaryHandle.close()
+            try? secondaryHandle.close()
+            throw SessionError.launchFailed("App shutdown in progress")
+        }
+
         var processGroup: pid_t?
         if setpgid(pid, pid) == 0 {
             processGroup = pid
+            TTYCommandRunner.updateActiveProcessGroupForAppShutdown(pid: pid, processGroup: processGroup)
         }
 
         self.process = proc
@@ -312,6 +343,10 @@ actor ClaudeCLISession {
         self.startedAt = Date()
     }
 
+    static func launchEnvironment(baseEnv: [String: String] = ProcessInfo.processInfo.environment) -> [String: String] {
+        self.scrubbedClaudeEnvironment(from: TTYCommandRunner.enrichedEnvironment(baseEnv: baseEnv))
+    }
+
     private static func scrubbedClaudeEnvironment(from base: [String: String]) -> [String: String] {
         var env = base
         let explicitKeys: [String] = [
@@ -337,11 +372,16 @@ actor ClaudeCLISession {
         try? self.primaryHandle?.close()
         try? self.secondaryHandle?.close()
 
+        let descendants = self.process.map { TTYProcessTreeTerminator.descendantPIDs(of: $0.processIdentifier) } ?? []
         if let proc = self.process, proc.isRunning {
             proc.terminate()
         }
-        if let pgid = self.processGroup {
-            kill(-pgid, SIGTERM)
+        if let proc = self.process {
+            TTYProcessTreeTerminator.terminateProcessTree(
+                rootPID: proc.processIdentifier,
+                processGroup: self.processGroup,
+                signal: SIGTERM,
+                knownDescendants: descendants)
         }
         let waitDeadline = Date().addingTimeInterval(1.0)
         if let proc = self.process {
@@ -349,11 +389,17 @@ actor ClaudeCLISession {
                 usleep(100_000)
             }
             if proc.isRunning {
-                if let pgid = self.processGroup {
-                    kill(-pgid, SIGKILL)
+                TTYProcessTreeTerminator.terminateProcessTree(
+                    rootPID: proc.processIdentifier,
+                    processGroup: self.processGroup,
+                    signal: SIGKILL,
+                    knownDescendants: descendants)
+            } else {
+                for pid in descendants where pid > 0 {
+                    kill(pid, SIGKILL)
                 }
-                kill(proc.processIdentifier, SIGKILL)
             }
+            TTYCommandRunner.unregisterActiveProcessForAppShutdown(pid: proc.processIdentifier)
         }
 
         self.process = nil
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeCredentialRouting.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeCredentialRouting.swift
new file mode 100644
index 000000000..2472de27f
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeCredentialRouting.swift
@@ -0,0 +1,102 @@
+import Foundation
+
+public enum ClaudeCredentialRouting: Sendable, Equatable {
+    case none
+    case oauth(accessToken: String)
+    case webCookie(header: String)
+    case adminAPIKey(String)
+
+    public static func resolve(tokenAccountToken: String?, manualCookieHeader: String?) -> Self {
+        if let tokenAccountToken,
+           let route = self.resolvePrimaryCredential(tokenAccountToken)
+        {
+            return route
+        }
+
+        guard let manualCookieHeader = self.normalizedWebCookie(manualCookieHeader) else {
+            return .none
+        }
+        return .webCookie(header: manualCookieHeader)
+    }
+
+    public var oauthAccessToken: String? {
+        guard case let .oauth(accessToken) = self else { return nil }
+        return accessToken
+    }
+
+    public var manualCookieHeader: String? {
+        guard case let .webCookie(header) = self else { return nil }
+        return header
+    }
+
+    public var isOAuth: Bool {
+        if case .oauth = self { return true }
+        return false
+    }
+
+    public var adminAPIKey: String? {
+        guard case let .adminAPIKey(key) = self else { return nil }
+        return key
+    }
+
+    private static func resolvePrimaryCredential(_ raw: String) -> Self? {
+        if let adminKey = self.normalizedAdminAPIKey(raw) {
+            return .adminAPIKey(adminKey)
+        }
+        if let accessToken = self.normalizedOAuthToken(raw) {
+            return .oauth(accessToken: accessToken)
+        }
+        if let cookieHeader = self.normalizedWebCookie(raw) {
+            return .webCookie(header: cookieHeader)
+        }
+        return nil
+    }
+
+    private static func normalizedOAuthToken(_ raw: String?) -> String? {
+        guard let trimmed = self.cleaned(raw) else { return nil }
+        let lower = trimmed.lowercased()
+        if lower.contains("cookie:") || trimmed.contains("=") {
+            return nil
+        }
+        if lower.hasPrefix("bearer ") {
+            let bearerTrimmed = trimmed.dropFirst("bearer ".count)
+                .trimmingCharacters(in: .whitespacesAndNewlines)
+            guard !bearerTrimmed.isEmpty else { return nil }
+            let lowerBearerTrimmed = bearerTrimmed.lowercased()
+            return lowerBearerTrimmed.hasPrefix("sk-ant-oat") ? bearerTrimmed : nil
+        }
+        return lower.hasPrefix("sk-ant-oat") ? trimmed : nil
+    }
+
+    private static func normalizedAdminAPIKey(_ raw: String?) -> String? {
+        guard let trimmed = self.cleaned(raw) else { return nil }
+        let lower = trimmed.lowercased()
+        if lower.contains("cookie:") || trimmed.contains("=") {
+            return nil
+        }
+        if lower.hasPrefix("bearer ") {
+            let bearerTrimmed = trimmed.dropFirst("bearer ".count)
+                .trimmingCharacters(in: .whitespacesAndNewlines)
+            guard !bearerTrimmed.isEmpty else { return nil }
+            return bearerTrimmed.lowercased().hasPrefix("sk-ant-admin") ? bearerTrimmed : nil
+        }
+        return lower.hasPrefix("sk-ant-admin") ? trimmed : nil
+    }
+
+    private static func normalizedWebCookie(_ raw: String?) -> String? {
+        guard let normalized = CookieHeaderNormalizer.normalize(raw) else { return nil }
+        if normalized.contains("=") {
+            return normalized
+        }
+        return "sessionKey=\(normalized)"
+    }
+
+    private static func cleaned(_ raw: String?) -> String? {
+        guard let trimmed = raw?.trimmingCharacters(in: .whitespacesAndNewlines),
+              !trimmed.isEmpty
+        else {
+            return nil
+        }
+        return trimmed
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentialModels.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentialModels.swift
index a62a13819..a94084607 100644
--- a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentialModels.swift
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentialModels.swift
@@ -10,19 +10,22 @@ public struct ClaudeOAuthCredentials: Sendable {
     public let expiresAt: Date?
     public let scopes: [String]
     public let rateLimitTier: String?
+    public let subscriptionType: String?
 
     public init(
         accessToken: String,
         refreshToken: String?,
         expiresAt: Date?,
         scopes: [String],
-        rateLimitTier: String?)
+        rateLimitTier: String?,
+        subscriptionType: String? = nil)
     {
         self.accessToken = accessToken
         self.refreshToken = refreshToken
         self.expiresAt = expiresAt
         self.scopes = scopes
         self.rateLimitTier = rateLimitTier
+        self.subscriptionType = subscriptionType
     }
 
     public var isExpired: Bool {
@@ -55,7 +58,8 @@ public struct ClaudeOAuthCredentials: Sendable {
             refreshToken: oauth.refreshToken,
             expiresAt: expiresAt,
             scopes: oauth.scopes ?? [],
-            rateLimitTier: oauth.rateLimitTier)
+            rateLimitTier: oauth.rateLimitTier,
+            subscriptionType: oauth.subscriptionType)
     }
 
     private struct Root: Decodable {
@@ -68,6 +72,7 @@ public struct ClaudeOAuthCredentials: Sendable {
         let expiresAt: Double?
         let scopes: [String]?
         let rateLimitTier: String?
+        let subscriptionType: String?
 
         enum CodingKeys: String, CodingKey {
             case accessToken
@@ -75,6 +80,7 @@ public struct ClaudeOAuthCredentials: Sendable {
             case expiresAt
             case scopes
             case rateLimitTier
+            case subscriptionType
         }
     }
 }
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials+SecurityCLIReader.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials+SecurityCLIReader.swift
index 7e5e497b7..f6a7e48ad 100644
--- a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials+SecurityCLIReader.swift
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials+SecurityCLIReader.swift
@@ -11,7 +11,7 @@ extension ClaudeOAuthCredentialsStore {
     private static let securityBinaryPath = "/usr/bin/security"
     private static let securityCLIReadTimeout: TimeInterval = 1.5
 
-    struct SecurityCLIReadRequest: Sendable {
+    struct SecurityCLIReadRequest {
         let account: String?
     }
 
@@ -19,18 +19,18 @@ extension ClaudeOAuthCredentialsStore {
         readStrategy: ClaudeOAuthKeychainReadStrategy = ClaudeOAuthKeychainReadStrategyPreference.current())
         -> Bool
     {
-        readStrategy == .securityCLI
+        readStrategy == .securityCLIExperimental
     }
 
     #if os(macOS)
-    private enum SecurityCLIReadError: Error, Sendable {
+    private enum SecurityCLIReadError: Error {
         case binaryUnavailable
         case launchFailed
         case timedOut
         case nonZeroExit(status: Int32, stderrLength: Int)
     }
 
-    private struct SecurityCLIReadCommandResult: Sendable {
+    private struct SecurityCLIReadCommandResult {
         let status: Int32
         let stdout: Data
         let stderrLength: Int
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials+TestingOverrides.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials+TestingOverrides.swift
index dbcd11105..105df7476 100644
--- a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials+TestingOverrides.swift
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials+TestingOverrides.swift
@@ -102,7 +102,7 @@ extension ClaudeOAuthCredentialsStore {
         }
     }
 
-    enum SecurityCLIReadOverride: Sendable {
+    enum SecurityCLIReadOverride {
         case data(Data?)
         case timedOut
         case nonZeroExit
@@ -115,6 +115,40 @@ extension ClaudeOAuthCredentialsStore {
     @TaskLocal static var taskSecurityCLIReadAccountOverride: String?
     nonisolated(unsafe) static var securityCLIReadOverride: SecurityCLIReadOverride?
 
+    public struct TestingOverridesSnapshot: Sendable {
+        let keychainOverrideStore: ClaudeKeychainOverrideStore?
+        let keychainData: Data?
+        let keychainFingerprint: ClaudeKeychainFingerprint?
+        let memoryCacheStore: MemoryCacheStore?
+        let fingerprintStore: ClaudeKeychainFingerprintStore?
+        let keychainAccessOverride: Bool?
+        let credentialsFileFingerprintStore: CredentialsFileFingerprintStore?
+        let securityCLIReadOverride: SecurityCLIReadOverride?
+        let securityCLIReadAccountOverride: String?
+
+        init(
+            keychainOverrideStore: ClaudeKeychainOverrideStore?,
+            keychainData: Data?,
+            keychainFingerprint: ClaudeKeychainFingerprint?,
+            memoryCacheStore: MemoryCacheStore?,
+            fingerprintStore: ClaudeKeychainFingerprintStore?,
+            keychainAccessOverride: Bool?,
+            credentialsFileFingerprintStore: CredentialsFileFingerprintStore?,
+            securityCLIReadOverride: SecurityCLIReadOverride?,
+            securityCLIReadAccountOverride: String?)
+        {
+            self.keychainOverrideStore = keychainOverrideStore
+            self.keychainData = keychainData
+            self.keychainFingerprint = keychainFingerprint
+            self.memoryCacheStore = memoryCacheStore
+            self.fingerprintStore = fingerprintStore
+            self.keychainAccessOverride = keychainAccessOverride
+            self.credentialsFileFingerprintStore = credentialsFileFingerprintStore
+            self.securityCLIReadOverride = securityCLIReadOverride
+            self.securityCLIReadAccountOverride = securityCLIReadAccountOverride
+        }
+    }
+
     static func withKeychainAccessOverrideForTesting<T>(
         _ disabled: Bool?,
         operation: () throws -> T) rethrows -> T
@@ -187,6 +221,10 @@ extension ClaudeOAuthCredentialsStore {
         }
     }
 
+    static func currentSecurityCLIReadOverrideForTesting() -> SecurityCLIReadOverride? {
+        self.taskSecurityCLIReadOverride ?? self.securityCLIReadOverride
+    }
+
     static func withSecurityCLIReadAccountOverrideForTesting<T>(
         _ account: String?,
         operation: () throws -> T) rethrows -> T
@@ -205,6 +243,98 @@ extension ClaudeOAuthCredentialsStore {
         }
     }
 
+    public static func withCurrentTestingOverridesForTask<T>(
+        operation: () async throws -> T) async rethrows -> T
+    {
+        try await self.withTestingOverridesSnapshotForTask(
+            self.currentTestingOverridesSnapshotForTask,
+            operation: operation)
+    }
+
+    public static func withCurrentTestingOverridesForTask<T>(
+        operation: () throws -> T) rethrows -> T
+    {
+        try self.withTestingOverridesSnapshotForTask(
+            self.currentTestingOverridesSnapshotForTask,
+            operation: operation)
+    }
+
+    public static var currentTestingOverridesSnapshotForTask: TestingOverridesSnapshot {
+        TestingOverridesSnapshot(
+            keychainOverrideStore: self.taskClaudeKeychainOverrideStore,
+            keychainData: self.taskClaudeKeychainDataOverride,
+            keychainFingerprint: self.taskClaudeKeychainFingerprintOverride,
+            memoryCacheStore: self.taskMemoryCacheStoreOverride,
+            fingerprintStore: self.taskClaudeKeychainFingerprintStoreOverride,
+            keychainAccessOverride: self.taskKeychainAccessOverride,
+            credentialsFileFingerprintStore: self.taskCredentialsFileFingerprintStoreOverride,
+            securityCLIReadOverride: self.taskSecurityCLIReadOverride,
+            securityCLIReadAccountOverride: self.taskSecurityCLIReadAccountOverride)
+    }
+
+    public static func withTestingOverridesSnapshotForTask<T>(
+        _ snapshot: TestingOverridesSnapshot,
+        operation: () async throws -> T) async rethrows -> T
+    {
+        try await self.$taskClaudeKeychainOverrideStore.withValue(snapshot.keychainOverrideStore) {
+            try await self.$taskClaudeKeychainDataOverride.withValue(snapshot.keychainData) {
+                try await self.$taskClaudeKeychainFingerprintOverride.withValue(snapshot.keychainFingerprint) {
+                    try await self.$taskMemoryCacheStoreOverride.withValue(snapshot.memoryCacheStore) {
+                        try await self.$taskClaudeKeychainFingerprintStoreOverride
+                            .withValue(snapshot.fingerprintStore) {
+                                try await self.$taskKeychainAccessOverride.withValue(snapshot.keychainAccessOverride) {
+                                    try await self.$taskCredentialsFileFingerprintStoreOverride.withValue(
+                                        snapshot.credentialsFileFingerprintStore)
+                                    {
+                                        try await self.$taskSecurityCLIReadOverride.withValue(
+                                            snapshot.securityCLIReadOverride)
+                                        {
+                                            try await self.$taskSecurityCLIReadAccountOverride.withValue(
+                                                snapshot.securityCLIReadAccountOverride)
+                                            {
+                                                try await operation()
+                                            }
+                                        }
+                                    }
+                                }
+                            }
+                    }
+                }
+            }
+        }
+    }
+
+    public static func withTestingOverridesSnapshotForTask<T>(
+        _ snapshot: TestingOverridesSnapshot,
+        operation: () throws -> T) rethrows -> T
+    {
+        try self.$taskClaudeKeychainOverrideStore.withValue(snapshot.keychainOverrideStore) {
+            try self.$taskClaudeKeychainDataOverride.withValue(snapshot.keychainData) {
+                try self.$taskClaudeKeychainFingerprintOverride.withValue(snapshot.keychainFingerprint) {
+                    try self.$taskMemoryCacheStoreOverride.withValue(snapshot.memoryCacheStore) {
+                        try self.$taskClaudeKeychainFingerprintStoreOverride.withValue(snapshot.fingerprintStore) {
+                            try self.$taskKeychainAccessOverride.withValue(snapshot.keychainAccessOverride) {
+                                try self.$taskCredentialsFileFingerprintStoreOverride.withValue(
+                                    snapshot.credentialsFileFingerprintStore)
+                                {
+                                    try self.$taskSecurityCLIReadOverride.withValue(
+                                        snapshot.securityCLIReadOverride)
+                                    {
+                                        try self.$taskSecurityCLIReadAccountOverride.withValue(
+                                            snapshot.securityCLIReadAccountOverride)
+                                        {
+                                            try operation()
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+
     static func setSecurityCLIReadOverrideForTesting(_ readOverride: SecurityCLIReadOverride?) {
         self.securityCLIReadOverride = readOverride
     }
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials.swift
index e3e52c51f..798fb98d5 100644
--- a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials.swift
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials.swift
@@ -10,7 +10,7 @@ import LocalAuthentication
 import Security
 #endif
 
-// swiftlint:disable type_body_length
+// swiftlint:disable type_body_length file_length
 public enum ClaudeOAuthCredentialsStore {
     private static let credentialsPath = ".claude/.credentials.json"
     static let claudeKeychainService = "Claude Code-credentials"
@@ -41,18 +41,18 @@ public enum ClaudeOAuthCredentialsStore {
     private static let claudeKeychainChangeCheckMinimumInterval: TimeInterval = 60
     private static let reauthenticateHint = "Run `claude` to re-authenticate."
 
-    struct ClaudeKeychainFingerprint: Codable, Equatable, Sendable {
+    struct ClaudeKeychainFingerprint: Codable, Equatable {
         let modifiedAt: Int?
         let createdAt: Int?
         let persistentRefHash: String?
     }
 
-    struct CredentialsFileFingerprint: Codable, Equatable, Sendable {
+    struct CredentialsFileFingerprint: Codable, Equatable {
         let modifiedAtMs: Int?
         let size: Int
     }
 
-    struct CacheEntry: Codable, Sendable {
+    struct CacheEntry: Codable {
         let data: Data
         let storedAt: Date
         let owner: ClaudeOAuthCredentialOwner?
@@ -100,273 +100,987 @@ public enum ClaudeOAuthCredentialsStore {
         self.memoryCacheLock.unlock()
     }
 
-    public static func load(
-        environment: [String: String] = ProcessInfo.processInfo.environment,
-        allowKeychainPrompt: Bool = true,
-        respectKeychainPromptCooldown: Bool = false) throws -> ClaudeOAuthCredentials
-    {
-        try self.loadRecord(
-            environment: environment,
-            allowKeychainPrompt: allowKeychainPrompt,
-            respectKeychainPromptCooldown: respectKeychainPromptCooldown).credentials
-    }
+    private struct CollaboratorContext {
+        let allowBackgroundPromptBootstrap: Bool
+        #if DEBUG
+        let credentialsURLOverride: URL?
+        let testingOverrides: TestingOverridesSnapshot
+        #endif
 
-    public static func loadRecord(
-        environment: [String: String] = ProcessInfo.processInfo.environment,
-        allowKeychainPrompt: Bool = true,
-        respectKeychainPromptCooldown: Bool = false,
-        allowClaudeKeychainRepairWithoutPrompt: Bool = true) throws -> ClaudeOAuthCredentialRecord
-    {
-        // "Silent" keychain probes can still show UI on some macOS configurations. If the caller disallows prompts,
-        // always honor the Claude keychain access cooldown gate to prevent prompt storms in Auto-mode paths.
-        let shouldRespectKeychainPromptCooldownForSilentProbes = respectKeychainPromptCooldown || !allowKeychainPrompt
+        func run<T>(_ operation: () throws -> T) rethrows -> T {
+            try ClaudeOAuthCredentialsStore.$allowBackgroundPromptBootstrap
+                .withValue(self.allowBackgroundPromptBootstrap) {
+                    #if DEBUG
+                    try ClaudeOAuthCredentialsStore.withTestingOverridesSnapshotForTask(self.testingOverrides) {
+                        try ClaudeOAuthCredentialsStore
+                            .withCredentialsURLOverrideForTesting(self.credentialsURLOverride) {
+                                try operation()
+                            }
+                    }
+                    #else
+                    try operation()
+                    #endif
+                }
+        }
 
-        if let credentials = self.loadFromEnvironment(environment) {
-            return ClaudeOAuthCredentialRecord(
-                credentials: credentials,
-                owner: .environment,
-                source: .environment)
+        func run<T>(_ operation: () async throws -> T) async rethrows -> T {
+            try await ClaudeOAuthCredentialsStore.$allowBackgroundPromptBootstrap
+                .withValue(self.allowBackgroundPromptBootstrap) {
+                    #if DEBUG
+                    try await ClaudeOAuthCredentialsStore.withTestingOverridesSnapshotForTask(self.testingOverrides) {
+                        try await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(
+                            self.credentialsURLOverride)
+                        {
+                            try await operation()
+                        }
+                    }
+                    #else
+                    try await operation()
+                    #endif
+                }
         }
+    }
 
-        _ = self.invalidateCacheIfCredentialsFileChanged()
+    private static func currentCollaboratorContext() -> CollaboratorContext {
+        #if DEBUG
+        CollaboratorContext(
+            allowBackgroundPromptBootstrap: self.allowBackgroundPromptBootstrap,
+            credentialsURLOverride: self.taskCredentialsURLOverride,
+            testingOverrides: self.currentTestingOverridesSnapshotForTask)
+        #else
+        CollaboratorContext(
+            allowBackgroundPromptBootstrap: self.allowBackgroundPromptBootstrap)
+        #endif
+    }
+
+    private struct Repository {
+        let context: CollaboratorContext
 
-        let memory = self.readMemoryCache()
-        if let cachedRecord = memory.record,
-           let timestamp = memory.timestamp,
-           Date().timeIntervalSince(timestamp) < self.memoryCacheValidityDuration,
-           !cachedRecord.credentials.isExpired
+        func load(environment: [String: String], allowKeychainPrompt: Bool, respectKeychainPromptCooldown: Bool) throws
+            -> ClaudeOAuthCredentials
         {
-            if self.shouldAttemptFreshnessSyncFromClaudeKeychain(cached: cachedRecord),
-               let synced = self.syncWithClaudeKeychainIfChanged(
-                   cached: cachedRecord,
-                   respectKeychainPromptCooldown: shouldRespectKeychainPromptCooldownForSilentProbes)
-            {
-                return synced
-            }
-            return ClaudeOAuthCredentialRecord(
-                credentials: cachedRecord.credentials,
-                owner: cachedRecord.owner,
-                source: .memoryCache)
-        }
-
-        var lastError: Error?
-        var expiredRecord: ClaudeOAuthCredentialRecord?
-
-        // 2. Try CodexBar's keychain cache (no prompts)
-        switch KeychainCacheStore.load(key: self.cacheKey, as: CacheEntry.self) {
-        case let .found(entry):
-            if let creds = try? ClaudeOAuthCredentials.parse(data: entry.data) {
-                // Legacy cache entries (pre-owner field) may contain credentials that were originally sourced from
-                // Claude Code (Keychain/file). Treating them as CodexBar-owned would re-enable direct refresh-token
-                // rotation here, which risks desyncing Claude Code (it continues to hold the old refresh token).
-                // Defaulting to `.claudeCLI` keeps refresh ownership with Claude Code.
-                let owner = entry.owner ?? .claudeCLI
-                let record = ClaudeOAuthCredentialRecord(
-                    credentials: creds,
-                    owner: owner,
-                    source: .cacheKeychain)
-                if creds.isExpired {
-                    expiredRecord = record
-                } else {
-                    if self.shouldAttemptFreshnessSyncFromClaudeKeychain(cached: record),
-                       let synced = self.syncWithClaudeKeychainIfChanged(
-                           cached: record,
+            try self.loadRecord(
+                environment: environment,
+                allowKeychainPrompt: allowKeychainPrompt,
+                respectKeychainPromptCooldown: respectKeychainPromptCooldown,
+                allowClaudeKeychainRepairWithoutPrompt: true).credentials
+        }
+
+        func loadRecord(
+            environment: [String: String],
+            allowKeychainPrompt: Bool,
+            respectKeychainPromptCooldown: Bool,
+            allowClaudeKeychainRepairWithoutPrompt: Bool) throws -> ClaudeOAuthCredentialRecord
+        {
+            try self.context.run {
+                let shouldRespectKeychainPromptCooldownForSilentProbes =
+                    respectKeychainPromptCooldown || !allowKeychainPrompt
+
+                if let credentials = ClaudeOAuthCredentialsStore.loadFromEnvironment(environment) {
+                    return ClaudeOAuthCredentialRecord(
+                        credentials: credentials,
+                        owner: .environment,
+                        source: .environment)
+                }
+
+                _ = self.invalidateCacheIfCredentialsFileChanged()
+
+                let recovery = Recovery(context: self.context)
+                let memory = ClaudeOAuthCredentialsStore.readMemoryCache()
+                if let cachedRecord = memory.record,
+                   let timestamp = memory.timestamp,
+                   Date().timeIntervalSince(timestamp) < ClaudeOAuthCredentialsStore.memoryCacheValidityDuration,
+                   !cachedRecord.credentials.isExpired
+                {
+                    if recovery.shouldAttemptFreshnessSyncFromClaudeKeychain(cached: cachedRecord),
+                       let synced = recovery.syncWithClaudeKeychainIfChanged(
+                           cached: cachedRecord,
                            respectKeychainPromptCooldown: shouldRespectKeychainPromptCooldownForSilentProbes)
                     {
                         return synced
                     }
-                    self.writeMemoryCache(
-                        record: ClaudeOAuthCredentialRecord(
+                    return ClaudeOAuthCredentialRecord(
+                        credentials: cachedRecord.credentials,
+                        owner: cachedRecord.owner,
+                        source: .memoryCache)
+                }
+
+                var lastError: Error?
+                var expiredRecord: ClaudeOAuthCredentialRecord?
+                var cacheTemporarilyUnavailable = false
+
+                switch KeychainCacheStore.load(key: ClaudeOAuthCredentialsStore.cacheKey, as: CacheEntry.self) {
+                case let .found(entry):
+                    if let creds = try? ClaudeOAuthCredentials.parse(data: entry.data) {
+                        let owner = entry.owner ?? .claudeCLI
+                        let record = ClaudeOAuthCredentialRecord(
                             credentials: creds,
                             owner: owner,
+                            source: .cacheKeychain)
+                        if creds.isExpired {
+                            expiredRecord = record
+                        } else {
+                            if recovery.shouldAttemptFreshnessSyncFromClaudeKeychain(cached: record),
+                               let synced = recovery.syncWithClaudeKeychainIfChanged(
+                                   cached: record,
+                                   respectKeychainPromptCooldown: shouldRespectKeychainPromptCooldownForSilentProbes)
+                            {
+                                return synced
+                            }
+                            ClaudeOAuthCredentialsStore.writeMemoryCache(
+                                record: ClaudeOAuthCredentialRecord(
+                                    credentials: creds,
+                                    owner: owner,
+                                    source: .memoryCache),
+                                timestamp: Date())
+                            return record
+                        }
+                    } else {
+                        KeychainCacheStore.clear(key: ClaudeOAuthCredentialsStore.cacheKey)
+                    }
+                case .invalid:
+                    KeychainCacheStore.clear(key: ClaudeOAuthCredentialsStore.cacheKey)
+                case .temporarilyUnavailable:
+                    cacheTemporarilyUnavailable = true
+                case .missing:
+                    break
+                }
+
+                do {
+                    let fileData = try ClaudeOAuthCredentialsStore.loadFromFile()
+                    let creds = try ClaudeOAuthCredentials.parse(data: fileData)
+                    let record = ClaudeOAuthCredentialRecord(
+                        credentials: creds,
+                        owner: .claudeCLI,
+                        source: .credentialsFile)
+                    if creds.isExpired {
+                        expiredRecord = record
+                    } else {
+                        ClaudeOAuthCredentialsStore.writeMemoryCache(
+                            record: ClaudeOAuthCredentialRecord(
+                                credentials: creds,
+                                owner: .claudeCLI,
+                                source: .memoryCache),
+                            timestamp: Date())
+                        if !cacheTemporarilyUnavailable {
+                            ClaudeOAuthCredentialsStore.saveToCacheKeychain(fileData, owner: .claudeCLI)
+                        }
+                        return record
+                    }
+                } catch let error as ClaudeOAuthCredentialsError {
+                    if case .notFound = error {
+                    } else {
+                        lastError = error
+                    }
+                } catch {
+                    lastError = error
+                }
+
+                if allowClaudeKeychainRepairWithoutPrompt, !allowKeychainPrompt {
+                    if let repaired = recovery.repairFromClaudeKeychainWithoutPromptIfAllowed(
+                        now: Date(),
+                        respectKeychainPromptCooldown: shouldRespectKeychainPromptCooldownForSilentProbes,
+                        allowCacheKeychainWrite: !cacheTemporarilyUnavailable)
+                    {
+                        return repaired
+                    }
+                }
+
+                if let prompted = self.loadFromClaudeKeychainWithPromptIfAllowed(
+                    allowKeychainPrompt: allowKeychainPrompt,
+                    respectKeychainPromptCooldown: respectKeychainPromptCooldown,
+                    allowCacheKeychainWrite: !cacheTemporarilyUnavailable,
+                    lastError: &lastError)
+                {
+                    return prompted
+                }
+
+                if let expiredRecord {
+                    return expiredRecord
+                }
+                if let lastError { throw lastError }
+                throw ClaudeOAuthCredentialsError.notFound
+            }
+        }
+
+        private func loadFromClaudeKeychainWithPromptIfAllowed(
+            allowKeychainPrompt: Bool,
+            respectKeychainPromptCooldown: Bool,
+            allowCacheKeychainWrite: Bool,
+            lastError: inout Error?) -> ClaudeOAuthCredentialRecord?
+        {
+            let shouldApplyPromptCooldown =
+                ClaudeOAuthCredentialsStore.isPromptPolicyApplicable && respectKeychainPromptCooldown
+            let promptAllowed =
+                allowKeychainPrompt
+                    && (!shouldApplyPromptCooldown || ClaudeOAuthKeychainAccessGate.shouldAllowPrompt())
+            guard promptAllowed else { return nil }
+
+            do {
+                ClaudeOAuthCredentialsStore.claudeKeychainPromptLock.lock()
+                defer { ClaudeOAuthCredentialsStore.claudeKeychainPromptLock.unlock() }
+
+                let memory = ClaudeOAuthCredentialsStore.readMemoryCache()
+                if let cachedRecord = memory.record,
+                   let timestamp = memory.timestamp,
+                   Date().timeIntervalSince(timestamp) < ClaudeOAuthCredentialsStore.memoryCacheValidityDuration,
+                   !cachedRecord.credentials.isExpired
+                {
+                    return ClaudeOAuthCredentialRecord(
+                        credentials: cachedRecord.credentials,
+                        owner: cachedRecord.owner,
+                        source: .memoryCache)
+                }
+                if case let .found(entry) = KeychainCacheStore.load(
+                    key: ClaudeOAuthCredentialsStore.cacheKey,
+                    as: CacheEntry.self),
+                    let creds = try? ClaudeOAuthCredentials.parse(data: entry.data),
+                    !creds.isExpired
+                {
+                    return ClaudeOAuthCredentialRecord(
+                        credentials: creds,
+                        owner: entry.owner ?? .claudeCLI,
+                        source: .cacheKeychain)
+                }
+
+                let promptMode = ClaudeOAuthKeychainPromptPreference.current()
+                guard ClaudeOAuthCredentialsStore.shouldAllowClaudeCodeKeychainAccess(mode: promptMode) else {
+                    return nil
+                }
+
+                if ClaudeOAuthCredentialsStore.shouldPreferSecurityCLIKeychainRead(),
+                   let keychainData = ClaudeOAuthCredentialsStore.loadFromClaudeKeychainViaSecurityCLIIfEnabled(
+                       interaction: ProviderInteractionContext.current)
+                {
+                    let creds = try ClaudeOAuthCredentials.parse(data: keychainData)
+                    let record = ClaudeOAuthCredentialRecord(
+                        credentials: creds,
+                        owner: .claudeCLI,
+                        source: .claudeKeychain)
+                    ClaudeOAuthCredentialsStore.writeMemoryCache(
+                        record: ClaudeOAuthCredentialRecord(
+                            credentials: creds,
+                            owner: .claudeCLI,
                             source: .memoryCache),
                         timestamp: Date())
+                    if allowCacheKeychainWrite {
+                        ClaudeOAuthCredentialsStore.saveToCacheKeychain(keychainData, owner: .claudeCLI)
+                    }
                     return record
                 }
-            } else {
-                KeychainCacheStore.clear(key: self.cacheKey)
-            }
-        case .invalid:
-            KeychainCacheStore.clear(key: self.cacheKey)
-        case .missing:
-            break
-        }
 
-        // 3. Try file (no keychain prompt)
-        do {
-            let fileData = try self.loadFromFile()
-            let creds = try ClaudeOAuthCredentials.parse(data: fileData)
-            let record = ClaudeOAuthCredentialRecord(
-                credentials: creds,
-                owner: .claudeCLI,
-                source: .credentialsFile)
-            if creds.isExpired {
-                expiredRecord = record
-            } else {
-                self.writeMemoryCache(
+                let shouldPreferSecurityCLIKeychainRead =
+                    ClaudeOAuthCredentialsStore.shouldPreferSecurityCLIKeychainRead()
+                var fallbackPromptMode = promptMode
+                if shouldPreferSecurityCLIKeychainRead {
+                    fallbackPromptMode = ClaudeOAuthKeychainPromptPreference.securityFrameworkFallbackMode()
+                    let fallbackDecision = ClaudeOAuthCredentialsStore.securityFrameworkFallbackPromptDecision(
+                        promptMode: fallbackPromptMode,
+                        allowKeychainPrompt: allowKeychainPrompt,
+                        respectKeychainPromptCooldown: respectKeychainPromptCooldown)
+                    ClaudeOAuthCredentialsStore.log.debug(
+                        "Claude keychain Security.framework fallback prompt policy evaluated",
+                        metadata: [
+                            "reader": "securityFrameworkFallback",
+                            "fallbackPromptMode": fallbackPromptMode.rawValue,
+                            "fallbackPromptAllowed": "\(fallbackDecision.allowed)",
+                            "fallbackBlockedReason": fallbackDecision.blockedReason ?? "none",
+                        ])
+                    guard fallbackDecision.allowed else { return nil }
+                }
+
+                if ClaudeOAuthCredentialsStore.shouldShowClaudeKeychainPreAlert() {
+                    KeychainPromptHandler.notify(
+                        KeychainPromptContext(
+                            kind: .claudeOAuth,
+                            service: ClaudeOAuthCredentialsStore.claudeKeychainService,
+                            account: nil))
+                }
+                let keychainData: Data = if shouldPreferSecurityCLIKeychainRead {
+                    try ClaudeOAuthCredentialsStore.loadFromClaudeKeychainUsingSecurityFramework(
+                        promptMode: fallbackPromptMode,
+                        allowKeychainPrompt: true)
+                } else {
+                    try ClaudeOAuthCredentialsStore.loadFromClaudeKeychain()
+                }
+                let creds = try ClaudeOAuthCredentials.parse(data: keychainData)
+                let record = ClaudeOAuthCredentialRecord(
+                    credentials: creds,
+                    owner: .claudeCLI,
+                    source: .claudeKeychain)
+                ClaudeOAuthCredentialsStore.writeMemoryCache(
                     record: ClaudeOAuthCredentialRecord(
                         credentials: creds,
                         owner: .claudeCLI,
                         source: .memoryCache),
                     timestamp: Date())
-                self.saveToCacheKeychain(fileData, owner: .claudeCLI)
+                if allowCacheKeychainWrite {
+                    ClaudeOAuthCredentialsStore.saveToCacheKeychain(keychainData, owner: .claudeCLI)
+                }
                 return record
-            }
-        } catch let error as ClaudeOAuthCredentialsError {
-            if case .notFound = error {
-                // Ignore missing file
-            } else {
+            } catch let error as ClaudeOAuthCredentialsError {
+                if case .notFound = error {
+                } else {
+                    lastError = error
+                }
+            } catch {
                 lastError = error
             }
-        } catch {
-            lastError = error
+            return nil
         }
 
-        // 3.5 Try Claude keychain without prompting (repair path; may still show UI on some systems).
-        // Only attempt this when prompts are disallowed; otherwise, go straight to the interactive path.
-        if allowClaudeKeychainRepairWithoutPrompt, !allowKeychainPrompt {
-            if let repaired = self.repairFromClaudeKeychainWithoutPromptIfAllowed(
-                now: Date(),
-                respectKeychainPromptCooldown: shouldRespectKeychainPromptCooldownForSilentProbes)
-            {
-                return repaired
+        @discardableResult
+        func invalidateCacheIfCredentialsFileChanged() -> Bool {
+            self.context.run {
+                let current = ClaudeOAuthCredentialsStore.currentFileFingerprint()
+                let stored = ClaudeOAuthCredentialsStore.loadFileFingerprint()
+                guard current != stored else { return false }
+                ClaudeOAuthCredentialsStore.log.info("Claude OAuth credentials file changed; invalidating cache")
+
+                ClaudeOAuthCredentialsStore.writeMemoryCache(record: nil, timestamp: nil)
+
+                var shouldClearKeychainCache = false
+                var shouldSaveFileFingerprint = true
+                if let current {
+                    if let modifiedAtMs = current.modifiedAtMs {
+                        let modifiedAt = Date(timeIntervalSince1970: TimeInterval(Double(modifiedAtMs) / 1000.0))
+                        switch KeychainCacheStore.load(
+                            key: ClaudeOAuthCredentialsStore.cacheKey,
+                            as: CacheEntry.self)
+                        {
+                        case let .found(entry):
+                            if entry.storedAt < modifiedAt {
+                                shouldClearKeychainCache = true
+                            }
+                        case .missing, .invalid:
+                            shouldClearKeychainCache = true
+                        case .temporarilyUnavailable:
+                            shouldClearKeychainCache = false
+                            shouldSaveFileFingerprint = false
+                        }
+                    } else {
+                        shouldClearKeychainCache = true
+                    }
+                } else {
+                    shouldClearKeychainCache = true
+                }
+
+                if shouldClearKeychainCache {
+                    ClaudeOAuthCredentialsStore.clearCacheKeychain()
+                }
+                if shouldSaveFileFingerprint {
+                    ClaudeOAuthCredentialsStore.saveFileFingerprint(current)
+                }
+                return true
             }
         }
 
-        // 4. Fall back to Claude's keychain (may prompt user if allowed)
-        if let prompted = self.loadFromClaudeKeychainWithPromptIfAllowed(
-            allowKeychainPrompt: allowKeychainPrompt,
-            respectKeychainPromptCooldown: respectKeychainPromptCooldown,
-            lastError: &lastError)
-        {
-            return prompted
+        func invalidateCache() {
+            self.context.run {
+                ClaudeOAuthCredentialsStore.writeMemoryCache(record: nil, timestamp: nil)
+                ClaudeOAuthCredentialsStore.clearCacheKeychain()
+            }
         }
 
-        if let expiredRecord {
-            return expiredRecord
+        func hasCachedCredentials(environment: [String: String]) -> Bool {
+            self.context.run {
+                func isRefreshableOrValid(_ record: ClaudeOAuthCredentialRecord) -> Bool {
+                    let creds = record.credentials
+                    if !creds.isExpired { return true }
+                    switch record.owner {
+                    case .claudeCLI:
+                        return true
+                    case .codexbar:
+                        let refreshToken = creds.refreshToken?.trimmingCharacters(
+                            in: .whitespacesAndNewlines) ?? ""
+                        return !refreshToken.isEmpty
+                    case .environment:
+                        return false
+                    }
+                }
+
+                if let creds = ClaudeOAuthCredentialsStore.loadFromEnvironment(environment),
+                   isRefreshableOrValid(
+                       ClaudeOAuthCredentialRecord(
+                           credentials: creds,
+                           owner: .environment,
+                           source: .environment))
+                {
+                    return true
+                }
+
+                let memory = ClaudeOAuthCredentialsStore.readMemoryCache()
+                if let timestamp = memory.timestamp,
+                   let cached = memory.record,
+                   Date().timeIntervalSince(timestamp) < ClaudeOAuthCredentialsStore.memoryCacheValidityDuration,
+                   isRefreshableOrValid(cached)
+                {
+                    return true
+                }
+
+                switch KeychainCacheStore.load(key: ClaudeOAuthCredentialsStore.cacheKey, as: CacheEntry.self) {
+                case let .found(entry):
+                    guard let creds = try? ClaudeOAuthCredentials.parse(data: entry.data) else { return false }
+                    let record = ClaudeOAuthCredentialRecord(
+                        credentials: creds,
+                        owner: entry.owner ?? .claudeCLI,
+                        source: .cacheKeychain)
+                    return isRefreshableOrValid(record)
+                case .temporarilyUnavailable:
+                    return true
+                default:
+                    break
+                }
+
+                if let fileData = try? ClaudeOAuthCredentialsStore.loadFromFile(),
+                   let creds = try? ClaudeOAuthCredentials.parse(data: fileData),
+                   isRefreshableOrValid(
+                       ClaudeOAuthCredentialRecord(
+                           credentials: creds,
+                           owner: .claudeCLI,
+                           source: .credentialsFile))
+                {
+                    return true
+                }
+                return false
+            }
+        }
+
+        func hasClaudeKeychainCredentialsWithoutPrompt() -> Bool {
+            self.context.run {
+                #if os(macOS)
+                let mode = ClaudeOAuthKeychainPromptPreference.current()
+                guard ClaudeOAuthCredentialsStore.shouldAllowClaudeCodeKeychainAccess(mode: mode) else { return false }
+                if ClaudeOAuthCredentialsStore.loadFromClaudeKeychainViaSecurityCLIIfEnabled(
+                    interaction: ProviderInteractionContext.current) != nil
+                {
+                    return true
+                }
+
+                let fallbackPromptMode = ClaudeOAuthKeychainPromptPreference.securityFrameworkFallbackMode()
+                guard ClaudeOAuthCredentialsStore.shouldAllowClaudeCodeKeychainAccess(mode: fallbackPromptMode) else {
+                    return false
+                }
+                if ProviderInteractionContext.current == .background,
+                   !ClaudeOAuthKeychainAccessGate.shouldAllowPrompt()
+                {
+                    return false
+                }
+                #if DEBUG
+                if let store = ClaudeOAuthCredentialsStore.taskClaudeKeychainOverrideStore,
+                   let data = store.data
+                {
+                    return (try? ClaudeOAuthCredentials.parse(data: data)) != nil
+                }
+                if let data = ClaudeOAuthCredentialsStore.taskClaudeKeychainDataOverride
+                    ?? ClaudeOAuthCredentialsStore.claudeKeychainDataOverride
+                {
+                    return (try? ClaudeOAuthCredentials.parse(data: data)) != nil
+                }
+                #endif
+
+                var query: [String: Any] = [
+                    kSecClass as String: kSecClassGenericPassword,
+                    kSecAttrService as String: ClaudeOAuthCredentialsStore.claudeKeychainService,
+                    kSecMatchLimit as String: kSecMatchLimitOne,
+                    kSecReturnAttributes as String: true,
+                ]
+                KeychainNoUIQuery.apply(to: &query)
+
+                let (status, _, durationMs) = ClaudeOAuthKeychainQueryTiming.copyMatching(query)
+                if ClaudeOAuthKeychainQueryTiming
+                    .backoffIfSlowNoUIQuery(
+                        durationMs,
+                        ClaudeOAuthCredentialsStore.claudeKeychainService,
+                        ClaudeOAuthCredentialsStore.log)
+                {
+                    return false
+                }
+                switch status {
+                case errSecSuccess, errSecInteractionNotAllowed:
+                    return true
+                case errSecUserCanceled, errSecAuthFailed, errSecNoAccessForItem:
+                    ClaudeOAuthKeychainAccessGate.recordDenied()
+                    return false
+                default:
+                    return false
+                }
+                #else
+                return false
+                #endif
+            }
         }
-        if let lastError { throw lastError }
-        throw ClaudeOAuthCredentialsError.notFound
     }
 
-    private static func loadFromClaudeKeychainWithPromptIfAllowed(
-        allowKeychainPrompt: Bool,
-        respectKeychainPromptCooldown: Bool,
-        lastError: inout Error?) -> ClaudeOAuthCredentialRecord?
-    {
-        let shouldApplyPromptCooldown = self.isPromptPolicyApplicable && respectKeychainPromptCooldown
-        let promptAllowed =
-            allowKeychainPrompt
-                && (!shouldApplyPromptCooldown || ClaudeOAuthKeychainAccessGate.shouldAllowPrompt())
-        guard promptAllowed else { return nil }
+    private struct Recovery {
+        let context: CollaboratorContext
 
-        do {
-            self.claudeKeychainPromptLock.lock()
-            defer { self.claudeKeychainPromptLock.unlock() }
-
-            // Multiple concurrent callers can all reach this point before the first one populates the cache.
-            // Re-check the cache while holding the prompt lock to avoid triggering multiple OS keychain dialogs.
-            let memory = self.readMemoryCache()
-            if let cachedRecord = memory.record,
-               let timestamp = memory.timestamp,
-               Date().timeIntervalSince(timestamp) < self.memoryCacheValidityDuration,
-               !cachedRecord.credentials.isExpired
-            {
-                return ClaudeOAuthCredentialRecord(
-                    credentials: cachedRecord.credentials,
-                    owner: cachedRecord.owner,
-                    source: .memoryCache)
+        func shouldAttemptFreshnessSyncFromClaudeKeychain(cached: ClaudeOAuthCredentialRecord) -> Bool {
+            guard !cached.credentials.isExpired else { return false }
+            guard cached.owner == .claudeCLI else { return false }
+            guard ClaudeOAuthCredentialsStore.keychainAccessAllowed else { return false }
+
+            let mode = ClaudeOAuthKeychainPromptPreference.storedMode()
+            switch mode {
+            case .never:
+                return false
+            case .onlyOnUserAction:
+                if ProviderInteractionContext.current != .userInitiated {
+                    if ProcessInfo.processInfo.environment["CODEXBAR_DEBUG_CLAUDE_OAUTH_FLOW"] == "1" {
+                        ClaudeOAuthCredentialsStore.log.debug(
+                            "Claude OAuth keychain freshness sync skipped (background)",
+                            metadata: ["promptMode": mode.rawValue, "owner": String(describing: cached.owner)])
+                    }
+                    return false
+                }
+                return true
+            case .always:
+                return true
             }
-            if case let .found(entry) = KeychainCacheStore.load(key: self.cacheKey, as: CacheEntry.self),
-               let creds = try? ClaudeOAuthCredentials.parse(data: entry.data),
-               !creds.isExpired
+        }
+
+        func syncWithClaudeKeychainIfChanged(
+            cached: ClaudeOAuthCredentialRecord,
+            respectKeychainPromptCooldown: Bool,
+            now: Date = Date()) -> ClaudeOAuthCredentialRecord?
+        {
+            #if os(macOS)
+            let mode = ClaudeOAuthKeychainPromptPreference.current()
+            guard ClaudeOAuthCredentialsStore.shouldAllowClaudeCodeKeychainAccess(mode: mode) else { return nil }
+            if ClaudeOAuthCredentialsStore.isPromptPolicyApplicable,
+               respectKeychainPromptCooldown,
+               !ClaudeOAuthKeychainAccessGate.shouldAllowPrompt(now: now)
             {
-                return ClaudeOAuthCredentialRecord(
-                    credentials: creds,
-                    owner: entry.owner ?? .claudeCLI,
-                    source: .cacheKeychain)
+                return nil
             }
 
-            let promptMode = ClaudeOAuthKeychainPromptPreference.current()
-            guard self.shouldAllowClaudeCodeKeychainAccess(mode: promptMode) else { return nil }
+            if ClaudeOAuthCredentialsStore.shouldShowClaudeKeychainPreAlert() {
+                return nil
+            }
 
-            if self.shouldPreferSecurityCLIKeychainRead(),
-               let keychainData = self.loadFromClaudeKeychainViaSecurityCLIIfEnabled(
-                   interaction: ProviderInteractionContext.current)
-            {
-                let creds = try ClaudeOAuthCredentials.parse(data: keychainData)
-                let record = ClaudeOAuthCredentialRecord(
-                    credentials: creds,
+            if !ClaudeOAuthCredentialsStore.shouldCheckClaudeKeychainChange(now: now) {
+                return nil
+            }
+
+            guard let currentFingerprint = ClaudeOAuthCredentialsStore.currentClaudeKeychainFingerprintWithoutPrompt()
+            else {
+                return nil
+            }
+            let storedFingerprint = ClaudeOAuthCredentialsStore.loadClaudeKeychainFingerprint()
+            guard currentFingerprint != storedFingerprint else { return nil }
+
+            do {
+                guard let data = try ClaudeOAuthCredentialsStore.loadFromClaudeKeychainNonInteractive() else {
+                    return nil
+                }
+                guard let keychainCreds = try? ClaudeOAuthCredentials.parse(data: data) else {
+                    ClaudeOAuthCredentialsStore.saveClaudeKeychainFingerprint(currentFingerprint)
+                    return nil
+                }
+                ClaudeOAuthCredentialsStore.saveClaudeKeychainFingerprint(currentFingerprint)
+
+                guard keychainCreds.accessToken != cached.credentials.accessToken else { return nil }
+                if keychainCreds.isExpired, !cached.credentials.isExpired { return nil }
+
+                ClaudeOAuthCredentialsStore.log.info("Claude keychain credentials changed; syncing OAuth cache")
+                let synced = ClaudeOAuthCredentialRecord(
+                    credentials: keychainCreds,
                     owner: .claudeCLI,
                     source: .claudeKeychain)
-                self.writeMemoryCache(
+                ClaudeOAuthCredentialsStore.writeMemoryCache(
                     record: ClaudeOAuthCredentialRecord(
-                        credentials: creds,
+                        credentials: keychainCreds,
                         owner: .claudeCLI,
                         source: .memoryCache),
-                    timestamp: Date())
-                self.saveToCacheKeychain(keychainData, owner: .claudeCLI)
-                return record
+                    timestamp: now)
+                ClaudeOAuthCredentialsStore.saveToCacheKeychain(data, owner: .claudeCLI)
+                return synced
+            } catch let error as ClaudeOAuthCredentialsError {
+                if case let .keychainError(status) = error,
+                   status == Int(errSecUserCanceled)
+                   || status == Int(errSecAuthFailed)
+                   || status == Int(errSecInteractionNotAllowed)
+                   || status == Int(errSecNoAccessForItem)
+                {
+                    ClaudeOAuthKeychainAccessGate.recordDenied(now: now)
+                }
+                return nil
+            } catch {
+                return nil
             }
+            #else
+            _ = cached
+            _ = respectKeychainPromptCooldown
+            _ = now
+            return nil
+            #endif
+        }
 
-            let shouldPreferSecurityCLIKeychainRead = self.shouldPreferSecurityCLIKeychainRead()
-            var fallbackPromptMode = promptMode
-            if shouldPreferSecurityCLIKeychainRead {
-                fallbackPromptMode = ClaudeOAuthKeychainPromptPreference.securityFrameworkFallbackMode()
-                let fallbackDecision = self.securityFrameworkFallbackPromptDecision(
-                    promptMode: fallbackPromptMode,
-                    allowKeychainPrompt: allowKeychainPrompt,
-                    respectKeychainPromptCooldown: respectKeychainPromptCooldown)
-                self.log.debug(
-                    "Claude keychain Security.framework fallback prompt policy evaluated",
-                    metadata: [
-                        "reader": "securityFrameworkFallback",
-                        "fallbackPromptMode": fallbackPromptMode.rawValue,
-                        "fallbackPromptAllowed": "\(fallbackDecision.allowed)",
-                        "fallbackBlockedReason": fallbackDecision.blockedReason ?? "none",
-                    ])
-                guard fallbackDecision.allowed else { return nil }
-            }
+        func repairFromClaudeKeychainWithoutPromptIfAllowed(
+            now: Date,
+            respectKeychainPromptCooldown: Bool,
+            allowCacheKeychainWrite: Bool = true) -> ClaudeOAuthCredentialRecord?
+        {
+            #if os(macOS)
+            let mode = ClaudeOAuthKeychainPromptPreference.current()
+            guard ClaudeOAuthCredentialsStore.shouldAllowClaudeCodeKeychainAccess(mode: mode) else { return nil }
 
-            // Some macOS configurations still show the system keychain prompt even for our "silent" probes.
-            // Only show the in-app pre-alert when we have evidence that Keychain interaction is likely.
-            if self.shouldShowClaudeKeychainPreAlert() {
-                KeychainPromptHandler.notify(
-                    KeychainPromptContext(
-                        kind: .claudeOAuth,
-                        service: self.claudeKeychainService,
-                        account: nil))
+            if ClaudeOAuthCredentialsStore.shouldShowClaudeKeychainPreAlert() {
+                return nil
             }
-            let keychainData: Data = if shouldPreferSecurityCLIKeychainRead {
-                try self.loadFromClaudeKeychainUsingSecurityFramework(
-                    promptMode: fallbackPromptMode,
-                    allowKeychainPrompt: true)
-            } else {
-                try self.loadFromClaudeKeychain()
+
+            if ClaudeOAuthCredentialsStore.isPromptPolicyApplicable,
+               respectKeychainPromptCooldown,
+               ProviderInteractionContext.current != .userInitiated,
+               !ClaudeOAuthKeychainAccessGate.shouldAllowPrompt(now: now)
+            {
+                return nil
             }
-            let creds = try ClaudeOAuthCredentials.parse(data: keychainData)
-            let record = ClaudeOAuthCredentialRecord(
-                credentials: creds,
-                owner: .claudeCLI,
-                source: .claudeKeychain)
-            self.writeMemoryCache(
-                record: ClaudeOAuthCredentialRecord(
+
+            do {
+                if ClaudeOAuthCredentialsStore.shouldPreferSecurityCLIKeychainRead(),
+                   let securityData = ClaudeOAuthCredentialsStore.loadFromClaudeKeychainViaSecurityCLIIfEnabled(
+                       interaction: ProviderInteractionContext.current),
+                   !securityData.isEmpty
+                {
+                    guard let creds = try? ClaudeOAuthCredentials.parse(data: securityData) else { return nil }
+                    if creds.isExpired {
+                        return ClaudeOAuthCredentialRecord(
+                            credentials: creds,
+                            owner: .claudeCLI,
+                            source: .claudeKeychain)
+                    }
+
+                    ClaudeOAuthCredentialsStore.writeMemoryCache(
+                        record: ClaudeOAuthCredentialRecord(
+                            credentials: creds,
+                            owner: .claudeCLI,
+                            source: .memoryCache),
+                        timestamp: now)
+                    if allowCacheKeychainWrite {
+                        ClaudeOAuthCredentialsStore.saveToCacheKeychain(securityData, owner: .claudeCLI)
+                    }
+
+                    ClaudeOAuthCredentialsStore.log.info(
+                        "Claude keychain credentials loaded without prompt; syncing OAuth cache",
+                        metadata: ["interaction": ProviderInteractionContext.current == .userInitiated
+                            ? "user" : "background"])
+                    return ClaudeOAuthCredentialRecord(
+                        credentials: creds,
+                        owner: .claudeCLI,
+                        source: .claudeKeychain)
+                }
+
+                guard let data = try ClaudeOAuthCredentialsStore.loadFromClaudeKeychainNonInteractive(),
+                      !data.isEmpty
+                else {
+                    return nil
+                }
+                let fingerprint = ClaudeOAuthCredentialsStore.currentClaudeKeychainFingerprintWithoutPrompt()
+                guard let creds = try? ClaudeOAuthCredentials.parse(data: data) else {
+                    ClaudeOAuthCredentialsStore.saveClaudeKeychainFingerprint(fingerprint)
+                    return nil
+                }
+
+                if creds.isExpired {
+                    ClaudeOAuthCredentialsStore.saveClaudeKeychainFingerprint(fingerprint)
+                    return ClaudeOAuthCredentialRecord(
+                        credentials: creds,
+                        owner: .claudeCLI,
+                        source: .claudeKeychain)
+                }
+
+                ClaudeOAuthCredentialsStore.saveClaudeKeychainFingerprint(fingerprint)
+                ClaudeOAuthCredentialsStore.writeMemoryCache(
+                    record: ClaudeOAuthCredentialRecord(
+                        credentials: creds,
+                        owner: .claudeCLI,
+                        source: .memoryCache),
+                    timestamp: now)
+                if allowCacheKeychainWrite {
+                    ClaudeOAuthCredentialsStore.saveToCacheKeychain(data, owner: .claudeCLI)
+                }
+
+                ClaudeOAuthCredentialsStore.log.info(
+                    "Claude keychain credentials loaded without prompt; syncing OAuth cache",
+                    metadata: ["interaction": ProviderInteractionContext.current == .userInitiated
+                        ? "user" : "background"])
+                return ClaudeOAuthCredentialRecord(
                     credentials: creds,
                     owner: .claudeCLI,
-                    source: .memoryCache),
-                timestamp: Date())
-            self.saveToCacheKeychain(keychainData, owner: .claudeCLI)
-            return record
-        } catch let error as ClaudeOAuthCredentialsError {
-            if case .notFound = error {
-                // Ignore missing entry
-            } else {
-                lastError = error
+                    source: .claudeKeychain)
+            } catch let error as ClaudeOAuthCredentialsError {
+                if case let .keychainError(status) = error,
+                   status == Int(errSecUserCanceled)
+                   || status == Int(errSecAuthFailed)
+                   || status == Int(errSecInteractionNotAllowed)
+                   || status == Int(errSecNoAccessForItem)
+                {
+                    ClaudeOAuthKeychainAccessGate.recordDenied(now: now)
+                }
+                return nil
+            } catch {
+                return nil
             }
-        } catch {
-            lastError = error
+            #else
+            _ = now
+            _ = respectKeychainPromptCooldown
+            return nil
+            #endif
         }
-        return nil
+
+        @discardableResult
+        func syncFromClaudeKeychainWithoutPrompt(now: Date = Date()) -> Bool {
+            self.context.run {
+                #if os(macOS)
+                let mode = ClaudeOAuthKeychainPromptPreference.current()
+                guard ClaudeOAuthCredentialsStore.shouldAllowClaudeCodeKeychainAccess(mode: mode) else { return false }
+
+                if let data = ClaudeOAuthCredentialsStore.loadFromClaudeKeychainViaSecurityCLIIfEnabled(
+                    interaction: ProviderInteractionContext.current),
+                    !data.isEmpty
+                {
+                    if let creds = try? ClaudeOAuthCredentials.parse(data: data), !creds.isExpired {
+                        ClaudeOAuthCredentialsStore.writeMemoryCache(
+                            record: ClaudeOAuthCredentialRecord(
+                                credentials: creds,
+                                owner: .claudeCLI,
+                                source: .memoryCache),
+                            timestamp: now)
+                        ClaudeOAuthCredentialsStore.saveToCacheKeychain(data, owner: .claudeCLI)
+                        return true
+                    }
+                }
+
+                let fallbackPromptMode = ClaudeOAuthKeychainPromptPreference.securityFrameworkFallbackMode()
+                guard ClaudeOAuthCredentialsStore.shouldAllowClaudeCodeKeychainAccess(mode: fallbackPromptMode) else {
+                    return false
+                }
+
+                if ProviderInteractionContext.current == .background,
+                   !ClaudeOAuthKeychainAccessGate.shouldAllowPrompt(now: now)
+                {
+                    return false
+                }
+
+                #if DEBUG
+                let override = ClaudeOAuthCredentialsStore.taskClaudeKeychainOverrideStore?.data
+                    ?? ClaudeOAuthCredentialsStore.taskClaudeKeychainDataOverride
+                    ?? ClaudeOAuthCredentialsStore.claudeKeychainDataOverride
+                if let override,
+                   !override.isEmpty,
+                   let creds = try? ClaudeOAuthCredentials.parse(data: override),
+                   !creds.isExpired
+                {
+                    ClaudeOAuthCredentialsStore.saveClaudeKeychainFingerprint(
+                        ClaudeOAuthCredentialsStore.currentClaudeKeychainFingerprintWithoutPrompt())
+                    ClaudeOAuthCredentialsStore.writeMemoryCache(
+                        record: ClaudeOAuthCredentialRecord(
+                            credentials: creds,
+                            owner: .claudeCLI,
+                            source: .memoryCache),
+                        timestamp: now)
+                    ClaudeOAuthCredentialsStore.saveToCacheKeychain(override, owner: .claudeCLI)
+                    return true
+                }
+                #endif
+
+                if ClaudeOAuthCredentialsStore.shouldShowClaudeKeychainPreAlert() {
+                    return false
+                }
+
+                if let candidate = ClaudeOAuthCredentialsStore.claudeKeychainCandidatesWithoutPrompt(
+                    promptMode: fallbackPromptMode).first,
+                    let data = try? ClaudeOAuthCredentialsStore.loadClaudeKeychainData(
+                        candidate: candidate,
+                        allowKeychainPrompt: false),
+                    !data.isEmpty
+                {
+                    let fingerprint = ClaudeKeychainFingerprint(
+                        modifiedAt: candidate.modifiedAt.map { Int($0.timeIntervalSince1970) },
+                        createdAt: candidate.createdAt.map { Int($0.timeIntervalSince1970) },
+                        persistentRefHash: ClaudeOAuthCredentialsStore.sha256Prefix(candidate.persistentRef))
+
+                    if let creds = try? ClaudeOAuthCredentials.parse(data: data), !creds.isExpired {
+                        ClaudeOAuthCredentialsStore.saveClaudeKeychainFingerprint(fingerprint)
+                        ClaudeOAuthCredentialsStore.writeMemoryCache(
+                            record: ClaudeOAuthCredentialRecord(
+                                credentials: creds,
+                                owner: .claudeCLI,
+                                source: .memoryCache),
+                            timestamp: now)
+                        ClaudeOAuthCredentialsStore.saveToCacheKeychain(data, owner: .claudeCLI)
+                        return true
+                    }
+
+                    ClaudeOAuthCredentialsStore.saveClaudeKeychainFingerprint(fingerprint)
+                }
+
+                let legacyData = try? ClaudeOAuthCredentialsStore.loadClaudeKeychainLegacyData(
+                    allowKeychainPrompt: false,
+                    promptMode: fallbackPromptMode)
+                if let legacyData,
+                   !legacyData.isEmpty,
+                   let creds = try? ClaudeOAuthCredentials.parse(data: legacyData),
+                   !creds.isExpired
+                {
+                    ClaudeOAuthCredentialsStore.saveClaudeKeychainFingerprint(
+                        ClaudeOAuthCredentialsStore.currentClaudeKeychainFingerprintWithoutPrompt())
+                    ClaudeOAuthCredentialsStore.writeMemoryCache(
+                        record: ClaudeOAuthCredentialRecord(
+                            credentials: creds,
+                            owner: .claudeCLI,
+                            source: .memoryCache),
+                        timestamp: now)
+                    ClaudeOAuthCredentialsStore.saveToCacheKeychain(legacyData, owner: .claudeCLI)
+                    return true
+                }
+
+                return false
+                #else
+                _ = now
+                return false
+                #endif
+            }
+        }
+    }
+
+    private struct Refresher {
+        let context: CollaboratorContext
+
+        func refreshAccessToken(
+            refreshToken: String,
+            existingScopes: [String],
+            existingRateLimitTier: String?,
+            existingSubscriptionType: String? = nil) async throws -> ClaudeOAuthCredentials
+        {
+            try await self.context.run {
+                let newCredentials = try await self.refreshAccessTokenCore(
+                    refreshToken: refreshToken,
+                    existingScopes: existingScopes,
+                    existingRateLimitTier: existingRateLimitTier,
+                    existingSubscriptionType: existingSubscriptionType)
+
+                ClaudeOAuthCredentialsStore.saveRefreshedCredentialsToCache(newCredentials)
+                ClaudeOAuthCredentialsStore.writeMemoryCache(
+                    record: ClaudeOAuthCredentialRecord(
+                        credentials: newCredentials,
+                        owner: .codexbar,
+                        source: .memoryCache),
+                    timestamp: Date())
+                ClaudeOAuthRefreshFailureGate.recordSuccess()
+
+                return newCredentials
+            }
+        }
+
+        private func refreshAccessTokenCore(
+            refreshToken: String,
+            existingScopes: [String],
+            existingRateLimitTier: String?,
+            existingSubscriptionType: String?) async throws -> ClaudeOAuthCredentials
+        {
+            guard ClaudeOAuthRefreshFailureGate.shouldAttempt() else {
+                let status = ClaudeOAuthRefreshFailureGate.currentBlockStatus()
+                let message = switch status {
+                case .terminal:
+                    "Claude OAuth refresh blocked until auth changes. \(ClaudeOAuthCredentialsStore.reauthenticateHint)"
+                case .transient:
+                    "Claude OAuth refresh temporarily backed off due to prior failures; will retry automatically."
+                case nil:
+                    "Claude OAuth refresh temporarily suppressed due to prior failures; will retry automatically."
+                }
+                throw ClaudeOAuthCredentialsError.refreshFailed(message)
+            }
+
+            guard let url = URL(string: ClaudeOAuthCredentialsStore.tokenRefreshEndpoint) else {
+                throw ClaudeOAuthCredentialsError.refreshFailed("Invalid token endpoint URL")
+            }
+
+            var request = URLRequest(url: url)
+            request.httpMethod = "POST"
+            request.timeoutInterval = 30
+            request.setValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")
+            request.setValue("application/json", forHTTPHeaderField: "Accept")
+
+            var components = URLComponents()
+            components.queryItems = [
+                URLQueryItem(name: "grant_type", value: "refresh_token"),
+                URLQueryItem(name: "refresh_token", value: refreshToken),
+                URLQueryItem(name: "client_id", value: ClaudeOAuthCredentialsStore.oauthClientID),
+            ]
+            request.httpBody = (components.percentEncodedQuery ?? "").data(using: .utf8)
+
+            let response = try await ProviderHTTPClient.shared.response(for: request)
+            let data = response.data
+            guard response.statusCode == 200 else {
+                if let disposition = ClaudeOAuthCredentialsStore.refreshFailureDisposition(
+                    statusCode: response.statusCode,
+                    data: data)
+                {
+                    let oauthError = ClaudeOAuthCredentialsStore.extractOAuthErrorCode(from: data)
+                    ClaudeOAuthCredentialsStore.log.info(
+                        "Claude OAuth refresh rejected",
+                        metadata: [
+                            "httpStatus": "\(response.statusCode)",
+                            "oauthError": oauthError ?? "nil",
+                            "disposition": disposition.rawValue,
+                        ])
+
+                    switch disposition {
+                    case .terminalInvalidGrant:
+                        ClaudeOAuthRefreshFailureGate.recordTerminalAuthFailure()
+                        Repository(context: self.context).invalidateCache()
+                        let message = "HTTP \(response.statusCode) invalid_grant. " +
+                            ClaudeOAuthCredentialsStore.reauthenticateHint
+                        throw ClaudeOAuthCredentialsError.refreshFailed(
+                            message)
+                    case .transientBackoff:
+                        ClaudeOAuthRefreshFailureGate.recordTransientFailure()
+                        let suffix = oauthError.map { " (\($0))" } ?? ""
+                        throw ClaudeOAuthCredentialsError.refreshFailed("HTTP \(response.statusCode)\(suffix)")
+                    }
+                }
+                throw ClaudeOAuthCredentialsError.refreshFailed("HTTP \(response.statusCode)")
+            }
+
+            let tokenResponse = try JSONDecoder().decode(TokenRefreshResponse.self, from: data)
+            let expiresAt = Date(timeIntervalSinceNow: TimeInterval(tokenResponse.expiresIn))
+
+            return ClaudeOAuthCredentials(
+                accessToken: tokenResponse.accessToken,
+                refreshToken: tokenResponse.refreshToken ?? refreshToken,
+                expiresAt: expiresAt,
+                scopes: existingScopes,
+                rateLimitTier: existingRateLimitTier,
+                subscriptionType: existingSubscriptionType)
+        }
+    }
+
+    public static func load(
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        allowKeychainPrompt: Bool = true,
+        respectKeychainPromptCooldown: Bool = false) throws -> ClaudeOAuthCredentials
+    {
+        let context = self.currentCollaboratorContext()
+        return try Repository(context: context).load(
+            environment: environment,
+            allowKeychainPrompt: allowKeychainPrompt,
+            respectKeychainPromptCooldown: respectKeychainPromptCooldown)
+    }
+
+    public static func loadRecord(
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        allowKeychainPrompt: Bool = true,
+        respectKeychainPromptCooldown: Bool = false,
+        allowClaudeKeychainRepairWithoutPrompt: Bool = true) throws -> ClaudeOAuthCredentialRecord
+    {
+        let context = self.currentCollaboratorContext()
+        return try Repository(context: context).loadRecord(
+            environment: environment,
+            allowKeychainPrompt: allowKeychainPrompt,
+            respectKeychainPromptCooldown: respectKeychainPromptCooldown,
+            allowClaudeKeychainRepairWithoutPrompt: allowClaudeKeychainRepairWithoutPrompt)
     }
 
     /// Async version of load that handles expired tokens based on credential ownership.
@@ -377,10 +1091,14 @@ public enum ClaudeOAuthCredentialsStore {
         allowKeychainPrompt: Bool = true,
         respectKeychainPromptCooldown: Bool = false) async throws -> ClaudeOAuthCredentials
     {
-        let record = try self.loadRecord(
+        let context = self.currentCollaboratorContext()
+        let repository = Repository(context: context)
+        let refresher = Refresher(context: context)
+        let record = try repository.loadRecord(
             environment: environment,
             allowKeychainPrompt: allowKeychainPrompt,
-            respectKeychainPromptCooldown: respectKeychainPromptCooldown)
+            respectKeychainPromptCooldown: respectKeychainPromptCooldown,
+            allowClaudeKeychainRepairWithoutPrompt: true)
         let credentials = record.credentials
         let now = Date()
         var expiryMetadata = credentials.diagnosticsMetadata(now: now)
@@ -425,10 +1143,11 @@ public enum ClaudeOAuthCredentialsStore {
         self.log.info("Access token expired, attempting auto-refresh")
 
         do {
-            let refreshed = try await self.refreshAccessToken(
+            let refreshed = try await refresher.refreshAccessToken(
                 refreshToken: refreshToken,
                 existingScopes: credentials.scopes,
-                existingRateLimitTier: credentials.rateLimitTier)
+                existingRateLimitTier: credentials.rateLimitTier,
+                existingSubscriptionType: credentials.subscriptionType)
             self.log.info("Token refresh successful, expires in \(refreshed.expiresIn ?? 0) seconds")
             return refreshed
         } catch {
@@ -437,419 +1156,137 @@ public enum ClaudeOAuthCredentialsStore {
         }
     }
 
-    /// Save refreshed credentials to CodexBar's keychain cache
-    private static func saveRefreshedCredentialsToCache(_ credentials: ClaudeOAuthCredentials) {
-        var oauth: [String: Any] = [
-            "accessToken": credentials.accessToken,
-            "expiresAt": (credentials.expiresAt?.timeIntervalSince1970 ?? 0) * 1000,
-            "scopes": credentials.scopes,
-        ]
-
-        if let refreshToken = credentials.refreshToken {
-            oauth["refreshToken"] = refreshToken
-        }
-        if let rateLimitTier = credentials.rateLimitTier {
-            oauth["rateLimitTier"] = rateLimitTier
-        }
-
-        let oauthData: [String: Any] = ["claudeAiOauth": oauth]
-
-        guard let jsonData = try? JSONSerialization.data(withJSONObject: oauthData) else {
-            self.log.error("Failed to serialize refreshed credentials for cache")
-            return
-        }
-
-        self.saveToCacheKeychain(jsonData, owner: .codexbar)
-        self.log.debug("Saved refreshed credentials to CodexBar keychain cache")
-    }
-
-    /// Response from the OAuth token refresh endpoint
-    private struct TokenRefreshResponse: Decodable {
-        let accessToken: String
-        let refreshToken: String?
-        let expiresIn: Int
-        let tokenType: String?
-
-        enum CodingKeys: String, CodingKey {
-            case accessToken = "access_token"
-            case refreshToken = "refresh_token"
-            case expiresIn = "expires_in"
-            case tokenType = "token_type"
-        }
-    }
-
-    public static func loadFromFile() throws -> Data {
-        let url = self.credentialsFileURL()
-        do {
-            return try Data(contentsOf: url)
-        } catch {
-            if (error as NSError).code == NSFileReadNoSuchFileError {
-                throw ClaudeOAuthCredentialsError.notFound
-            }
-            throw ClaudeOAuthCredentialsError.readFailed(error.localizedDescription)
-        }
-    }
-
-    @discardableResult
-    public static func invalidateCacheIfCredentialsFileChanged() -> Bool {
-        let current = self.currentFileFingerprint()
-        let stored = self.loadFileFingerprint()
-        guard current != stored else { return false }
-        self.saveFileFingerprint(current)
-        self.log.info("Claude OAuth credentials file changed; invalidating cache")
-        // The credentials file can be stale (or even unrelated) compared to what we’ve already cached from the
-        // keychain. Clearing the keychain cache unconditionally can cause us to prefer an expired file over a
-        // still-valid cached token.
-        //
-        // We always drop the in-memory cache. The keychain cache is only cleared when it is older than the
-        // credentials file (or the file disappeared), so we still pick up fresh file updates on next load.
-        self.writeMemoryCache(record: nil, timestamp: nil)
-
-        var shouldClearKeychainCache = false
-        if let current {
-            if let modifiedAtMs = current.modifiedAtMs {
-                let modifiedAt = Date(timeIntervalSince1970: TimeInterval(Double(modifiedAtMs) / 1000.0))
-                if case let .found(entry) = KeychainCacheStore.load(key: self.cacheKey, as: CacheEntry.self) {
-                    if entry.storedAt < modifiedAt {
-                        shouldClearKeychainCache = true
-                    }
-                } else {
-                    // If we can’t load the cache entry, there’s nothing meaningful to preserve here.
-                    shouldClearKeychainCache = true
-                }
-            } else {
-                // If we can’t compare timestamps, be conservative and clear the keychain cache.
-                shouldClearKeychainCache = true
-            }
-        } else {
-            // File was removed; cached values are likely stale (e.g. logout).
-            shouldClearKeychainCache = true
-        }
-
-        if shouldClearKeychainCache {
-            self.clearCacheKeychain()
-        }
-        return true
-    }
-
-    /// Invalidate the credentials cache (call after login/logout)
-    public static func invalidateCache() {
-        self.writeMemoryCache(record: nil, timestamp: nil)
-        self.clearCacheKeychain()
-    }
-
-    /// Check if CodexBar has cached credentials (in memory or keychain cache)
-    public static func hasCachedCredentials(environment: [String: String] = ProcessInfo.processInfo
-        .environment) -> Bool
-    {
-        func isRefreshableOrValid(_ record: ClaudeOAuthCredentialRecord) -> Bool {
-            let creds = record.credentials
-            if !creds.isExpired { return true }
-            switch record.owner {
-            case .claudeCLI:
-                // Claude CLI can refresh its own credentials once invoked, even if no refresh token is visible here.
-                return true
-            case .codexbar:
-                let refreshToken = creds.refreshToken?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
-                return !refreshToken.isEmpty
-            case .environment:
-                return false
-            }
-        }
-
-        if let creds = self.loadFromEnvironment(environment),
-           isRefreshableOrValid(ClaudeOAuthCredentialRecord(
-               credentials: creds,
-               owner: .environment,
-               source: .environment))
-        {
-            return true
-        }
-
-        // Check in-memory cache
-        let memory = self.readMemoryCache()
-        if let timestamp = memory.timestamp,
-           let cached = memory.record,
-           Date().timeIntervalSince(timestamp) < self.memoryCacheValidityDuration,
-           isRefreshableOrValid(cached)
-        {
-            return true
-        }
-        // Check keychain cache (must be parseable; may be expired but still refreshable without prompting)
-        switch KeychainCacheStore.load(key: self.cacheKey, as: CacheEntry.self) {
-        case let .found(entry):
-            guard let creds = try? ClaudeOAuthCredentials.parse(data: entry.data) else { return false }
-            let record = ClaudeOAuthCredentialRecord(
-                credentials: creds,
-                owner: entry.owner ?? .claudeCLI,
-                source: .cacheKeychain)
-            return isRefreshableOrValid(record)
-        default:
-            break
-        }
-
-        // Check credentials file (no prompts)
-        if let fileData = try? self.loadFromFile(),
-           let creds = try? ClaudeOAuthCredentials.parse(data: fileData),
-           isRefreshableOrValid(ClaudeOAuthCredentialRecord(
-               credentials: creds,
-               owner: .claudeCLI,
-               source: .credentialsFile))
-        {
-            return true
-        }
-        return false
-    }
-
-    public static func hasClaudeKeychainCredentialsWithoutPrompt() -> Bool {
-        #if os(macOS)
-        let mode = ClaudeOAuthKeychainPromptPreference.current()
-        guard self.shouldAllowClaudeCodeKeychainAccess(mode: mode) else { return false }
-        if self.loadFromClaudeKeychainViaSecurityCLIIfEnabled(
-            interaction: ProviderInteractionContext.current) != nil
-        {
-            return true
-        }
+    /// Save refreshed credentials to CodexBar's keychain cache
+    private static func saveRefreshedCredentialsToCache(_ credentials: ClaudeOAuthCredentials) {
+        var oauth: [String: Any] = [
+            "accessToken": credentials.accessToken,
+            "expiresAt": (credentials.expiresAt?.timeIntervalSince1970 ?? 0) * 1000,
+            "scopes": credentials.scopes,
+        ]
 
-        let fallbackPromptMode = ClaudeOAuthKeychainPromptPreference.securityFrameworkFallbackMode()
-        guard self.shouldAllowClaudeCodeKeychainAccess(mode: fallbackPromptMode) else { return false }
-        if ProviderInteractionContext.current == .background,
-           !ClaudeOAuthKeychainAccessGate.shouldAllowPrompt() { return false }
-        #if DEBUG
-        if let store = self.taskClaudeKeychainOverrideStore,
-           let data = store.data
-        {
-            return (try? ClaudeOAuthCredentials.parse(data: data)) != nil
+        if let refreshToken = credentials.refreshToken {
+            oauth["refreshToken"] = refreshToken
         }
-        if let data = self.taskClaudeKeychainDataOverride ?? self.claudeKeychainDataOverride {
-            return (try? ClaudeOAuthCredentials.parse(data: data)) != nil
+        if let rateLimitTier = credentials.rateLimitTier {
+            oauth["rateLimitTier"] = rateLimitTier
         }
-        #endif
-
-        var query: [String: Any] = [
-            kSecClass as String: kSecClassGenericPassword,
-            kSecAttrService as String: self.claudeKeychainService,
-            kSecMatchLimit as String: kSecMatchLimitOne,
-            kSecReturnAttributes as String: true,
-        ]
-        KeychainNoUIQuery.apply(to: &query)
-
-        let (status, _, durationMs) = ClaudeOAuthKeychainQueryTiming.copyMatching(query)
-        if ClaudeOAuthKeychainQueryTiming
-            .backoffIfSlowNoUIQuery(durationMs, self.claudeKeychainService, self.log) { return false }
-        switch status {
-        case errSecSuccess, errSecInteractionNotAllowed:
-            return true
-        case errSecUserCanceled, errSecAuthFailed, errSecNoAccessForItem:
-            // Treat denial as "not available" and record a cooldown to avoid prompt storms in Auto mode.
-            ClaudeOAuthKeychainAccessGate.recordDenied()
-            return false
-        default:
-            return false
+        if let subscriptionType = credentials.subscriptionType {
+            oauth["subscriptionType"] = subscriptionType
         }
-        #else
-        return false
-        #endif
-    }
 
-    private static func syncWithClaudeKeychainIfChanged(
-        cached: ClaudeOAuthCredentialRecord,
-        respectKeychainPromptCooldown: Bool,
-        now: Date = Date()) -> ClaudeOAuthCredentialRecord?
-    {
-        #if os(macOS)
-        let mode = ClaudeOAuthKeychainPromptPreference.current()
-        guard self.shouldAllowClaudeCodeKeychainAccess(mode: mode) else { return nil }
-        if self.isPromptPolicyApplicable,
-           respectKeychainPromptCooldown,
-           !ClaudeOAuthKeychainAccessGate.shouldAllowPrompt(now: now)
-        {
-            return nil
-        }
+        let oauthData: [String: Any] = ["claudeAiOauth": oauth]
 
-        // Do not attempt a non-interactive data read if preflight indicates interaction is likely.
-        // Why: on some systems, Security.framework can still surface UI even for "no UI" queries.
-        if self.shouldShowClaudeKeychainPreAlert() {
-            return nil
+        guard let jsonData = try? JSONSerialization.data(withJSONObject: oauthData) else {
+            self.log.error("Failed to serialize refreshed credentials for cache")
+            return
         }
 
-        if !self.shouldCheckClaudeKeychainChange(now: now) {
-            return nil
-        }
+        self.saveToCacheKeychain(jsonData, owner: .codexbar)
+        self.log.debug("Saved refreshed credentials to CodexBar keychain cache")
+    }
 
-        guard let currentFingerprint = self.currentClaudeKeychainFingerprintWithoutPrompt() else {
-            return nil
+    /// Response from the OAuth token refresh endpoint
+    private struct TokenRefreshResponse: Decodable {
+        let accessToken: String
+        let refreshToken: String?
+        let expiresIn: Int
+        let tokenType: String?
+
+        enum CodingKeys: String, CodingKey {
+            case accessToken = "access_token"
+            case refreshToken = "refresh_token"
+            case expiresIn = "expires_in"
+            case tokenType = "token_type"
         }
-        let storedFingerprint = self.loadClaudeKeychainFingerprint()
-        guard currentFingerprint != storedFingerprint else { return nil }
+    }
 
+    public static func loadFromFile() throws -> Data {
+        let url = self.credentialsFileURL()
         do {
-            guard let data = try self.loadFromClaudeKeychainNonInteractive() else {
-                return nil
-            }
-            guard let keychainCreds = try? ClaudeOAuthCredentials.parse(data: data) else {
-                self.saveClaudeKeychainFingerprint(currentFingerprint)
-                return nil
-            }
-            self.saveClaudeKeychainFingerprint(currentFingerprint)
-
-            // Only sync if token actually changed to avoid churn on unrelated keychain metadata updates.
-            guard keychainCreds.accessToken != cached.credentials.accessToken else { return nil }
-            // Avoid regressing a working cached token if the keychain entry looks invalid/expired.
-            if keychainCreds.isExpired, !cached.credentials.isExpired { return nil }
-
-            self.log.info("Claude keychain credentials changed; syncing OAuth cache")
-            let synced = ClaudeOAuthCredentialRecord(
-                credentials: keychainCreds,
-                owner: .claudeCLI,
-                source: .claudeKeychain)
-            self.writeMemoryCache(
-                record: ClaudeOAuthCredentialRecord(
-                    credentials: keychainCreds,
-                    owner: .claudeCLI,
-                    source: .memoryCache),
-                timestamp: now)
-            self.saveToCacheKeychain(data, owner: .claudeCLI)
-            return synced
-        } catch let error as ClaudeOAuthCredentialsError {
-            if case let .keychainError(status) = error,
-               status == Int(errSecUserCanceled)
-               || status == Int(errSecAuthFailed)
-               || status == Int(errSecInteractionNotAllowed)
-               || status == Int(errSecNoAccessForItem)
-            {
-                // Back off to avoid repeated keychain probes on systems that still show prompts.
-                ClaudeOAuthKeychainAccessGate.recordDenied(now: now)
-            }
-            return nil
+            return try Data(contentsOf: url)
         } catch {
-            return nil
+            if (error as NSError).code == NSFileReadNoSuchFileError {
+                throw ClaudeOAuthCredentialsError.notFound
+            }
+            throw ClaudeOAuthCredentialsError.readFailed(error.localizedDescription)
         }
-        #else
-        _ = cached
-        _ = respectKeychainPromptCooldown
-        _ = now
-        return nil
-        #endif
     }
 
-    private static func shouldAttemptFreshnessSyncFromClaudeKeychain(cached: ClaudeOAuthCredentialRecord) -> Bool {
-        guard !cached.credentials.isExpired else { return false }
-        guard cached.owner == .claudeCLI else { return false }
-        guard self.keychainAccessAllowed else { return false }
+    public static func credentialsFileFingerprintToken() -> String? {
+        guard let fingerprint = self.currentFileFingerprint() else { return nil }
+        let modifiedAt = fingerprint.modifiedAtMs.map(String.init) ?? "nil"
+        return "\(modifiedAt):\(fingerprint.size)"
+    }
 
-        // Freshness sync is opportunistic and may perform Security.framework fingerprint checks.
-        // Keep this gated by the user's stored prompt policy even in experimental reader mode.
-        let mode = ClaudeOAuthKeychainPromptPreference.storedMode()
-        switch mode {
-        case .never:
+    public static func authFingerprintToken() -> String {
+        let file = self.credentialsFileFingerprintToken() ?? "nil"
+        let keychain = self.claudeKeychainFingerprintToken() ?? "nil"
+        return "file=\(file)|keychain=\(keychain)"
+    }
+
+    public static func consumeClaudeKeychainFingerprintChangeWithoutPrompt() -> Bool {
+        let current: ClaudeKeychainFingerprint?
+        switch self.probeClaudeKeychainFingerprintWithoutPrompt() {
+        case .unavailable:
             return false
-        case .onlyOnUserAction:
-            if ProviderInteractionContext.current != .userInitiated {
-                if ProcessInfo.processInfo.environment["CODEXBAR_DEBUG_CLAUDE_OAUTH_FLOW"] == "1" {
-                    self.log.debug(
-                        "Claude OAuth keychain freshness sync skipped (background)",
-                        metadata: ["promptMode": mode.rawValue, "owner": String(describing: cached.owner)])
-                }
-                return false
-            }
-            return true
-        case .always:
-            return true
+        case let .value(fingerprint):
+            current = fingerprint
         }
+        let stored = self.loadClaudeKeychainFingerprint()
+        guard current != stored else { return false }
+        self.saveClaudeKeychainFingerprint(current)
+        return true
     }
 
-    private static func repairFromClaudeKeychainWithoutPromptIfAllowed(
-        now: Date,
-        respectKeychainPromptCooldown: Bool) -> ClaudeOAuthCredentialRecord?
-    {
-        #if os(macOS)
-        let mode = ClaudeOAuthKeychainPromptPreference.current()
-        guard self.shouldAllowClaudeCodeKeychainAccess(mode: mode) else { return nil }
-
-        // If Keychain preflight indicates interaction is likely, skip the silent repair read.
-        // Why: non-interactive probes can still show UI on some systems, and if interaction is required we should
-        // let the interactive prompt path handle it (when allowed).
-        if self.shouldShowClaudeKeychainPreAlert() {
-            return nil
+    public static func claudeKeychainFingerprintChangedWithoutConsuming() -> Bool {
+        let current: ClaudeKeychainFingerprint?
+        switch self.probeClaudeKeychainFingerprintWithoutPrompt() {
+        case .unavailable:
+            return false
+        case let .value(fingerprint):
+            current = fingerprint
         }
+        return current != self.loadClaudeKeychainFingerprint()
+    }
 
-        if self.isPromptPolicyApplicable,
-           respectKeychainPromptCooldown,
-           ProviderInteractionContext.current != .userInitiated,
-           !ClaudeOAuthKeychainAccessGate.shouldAllowPrompt(now: now)
-        {
-            return nil
+    public static func claudeKeychainFingerprintToken() -> String? {
+        let fingerprint: ClaudeKeychainFingerprint? = switch self.probeClaudeKeychainFingerprintWithoutPrompt() {
+        case .unavailable:
+            self.loadClaudeKeychainFingerprint()
+        case let .value(probed):
+            probed
         }
+        guard let fingerprint else { return nil }
+        let modifiedAt = fingerprint.modifiedAt.map(String.init) ?? "nil"
+        let createdAt = fingerprint.createdAt.map(String.init) ?? "nil"
+        let persistentRefHash = fingerprint.persistentRefHash ?? "nil"
+        return "\(modifiedAt):\(createdAt):\(persistentRefHash)"
+    }
 
-        do {
-            if self.shouldPreferSecurityCLIKeychainRead(),
-               let securityData = self.loadFromClaudeKeychainViaSecurityCLIIfEnabled(
-                   interaction: ProviderInteractionContext.current),
-               !securityData.isEmpty
-            {
-                // Keep CLI-success repair prompt-safe in experimental mode by avoiding Security.framework fingerprint
-                // probes, which can still show UI on some systems even for "no UI" queries.
-                guard let creds = try? ClaudeOAuthCredentials.parse(data: securityData) else { return nil }
-                if creds.isExpired {
-                    return ClaudeOAuthCredentialRecord(credentials: creds, owner: .claudeCLI, source: .claudeKeychain)
-                }
-
-                self.writeMemoryCache(
-                    record: ClaudeOAuthCredentialRecord(credentials: creds, owner: .claudeCLI, source: .memoryCache),
-                    timestamp: now)
-                self.saveToCacheKeychain(securityData, owner: .claudeCLI)
-
-                self.log.info(
-                    "Claude keychain credentials loaded without prompt; syncing OAuth cache",
-                    metadata: ["interaction": ProviderInteractionContext
-                        .current == .userInitiated ? "user" : "background"])
-                return ClaudeOAuthCredentialRecord(credentials: creds, owner: .claudeCLI, source: .claudeKeychain)
-            }
+    private enum ClaudeKeychainProbe<Value> {
+        case unavailable
+        case value(Value)
+    }
 
-            guard let data = try self.loadFromClaudeKeychainNonInteractive(), !data.isEmpty else { return nil }
-            let fingerprint = self.currentClaudeKeychainFingerprintWithoutPrompt()
-            guard let creds = try? ClaudeOAuthCredentials.parse(data: data) else {
-                // Fingerprint so we don't repeatedly hammer a broken keychain item.
-                self.saveClaudeKeychainFingerprint(fingerprint)
-                return nil
-            }
+    @discardableResult
+    public static func invalidateCacheIfCredentialsFileChanged() -> Bool {
+        Repository(context: self.currentCollaboratorContext()).invalidateCacheIfCredentialsFileChanged()
+    }
 
-            if creds.isExpired {
-                // We intentionally don't cache expired credentials as a "working" OAuth cache entry. However, for the
-                // OAuth flow to delegate refresh to Claude CLI, we must surface the expired record to the caller.
-                self.saveClaudeKeychainFingerprint(fingerprint)
-                return ClaudeOAuthCredentialRecord(credentials: creds, owner: .claudeCLI, source: .claudeKeychain)
-            }
+    /// Invalidate the credentials cache (call after login/logout)
+    public static func invalidateCache() {
+        Repository(context: self.currentCollaboratorContext()).invalidateCache()
+    }
 
-            self.saveClaudeKeychainFingerprint(fingerprint)
-            self.writeMemoryCache(
-                record: ClaudeOAuthCredentialRecord(credentials: creds, owner: .claudeCLI, source: .memoryCache),
-                timestamp: now)
-            self.saveToCacheKeychain(data, owner: .claudeCLI)
+    /// Check if CodexBar has cached credentials (in memory or keychain cache)
+    public static func hasCachedCredentials(environment: [String: String] = ProcessInfo.processInfo
+        .environment) -> Bool
+    {
+        Repository(context: self.currentCollaboratorContext()).hasCachedCredentials(environment: environment)
+    }
 
-            self.log.info(
-                "Claude keychain credentials loaded without prompt; syncing OAuth cache",
-                metadata: ["interaction": ProviderInteractionContext.current == .userInitiated ? "user" : "background"])
-            return ClaudeOAuthCredentialRecord(credentials: creds, owner: .claudeCLI, source: .claudeKeychain)
-        } catch let error as ClaudeOAuthCredentialsError {
-            if case let .keychainError(status) = error,
-               status == Int(errSecUserCanceled)
-               || status == Int(errSecAuthFailed)
-               || status == Int(errSecInteractionNotAllowed)
-               || status == Int(errSecNoAccessForItem)
-            {
-                ClaudeOAuthKeychainAccessGate.recordDenied(now: now)
-            }
-            return nil
-        } catch {
-            return nil
-        }
-        #else
-        _ = now
-        _ = respectKeychainPromptCooldown
-        return nil
-        #endif
+    public static func hasClaudeKeychainCredentialsWithoutPrompt() -> Bool {
+        Repository(context: self.currentCollaboratorContext()).hasClaudeKeychainCredentialsWithoutPrompt()
     }
 
     private static func shouldCheckClaudeKeychainChange(now: Date = Date()) -> Bool {
@@ -907,27 +1344,58 @@ public enum ClaudeOAuthCredentialsStore {
     }
 
     private static func currentClaudeKeychainFingerprintWithoutPrompt() -> ClaudeKeychainFingerprint? {
+        switch self.probeClaudeKeychainFingerprintWithoutPrompt() {
+        case .unavailable:
+            nil
+        case let .value(fingerprint):
+            fingerprint
+        }
+    }
+
+    private static func probeClaudeKeychainFingerprintWithoutPrompt()
+    -> ClaudeKeychainProbe<ClaudeKeychainFingerprint?> {
         let mode = ClaudeOAuthKeychainPromptPreference.current()
-        guard self.shouldAllowClaudeCodeKeychainAccess(mode: mode) else { return nil }
         #if DEBUG
-        if let store = taskClaudeKeychainOverrideStore { return store.fingerprint }
+        if let store = taskClaudeKeychainOverrideStore { return .value(store.fingerprint) }
         if let override = taskClaudeKeychainFingerprintOverride ?? self
-            .claudeKeychainFingerprintOverride { return override }
+            .claudeKeychainFingerprintOverride { return .value(override) }
         #endif
+        guard self.shouldAllowClaudeCodeKeychainAccess(mode: mode) else { return .unavailable }
+        if self.isPromptPolicyApplicable,
+           ProviderInteractionContext.current == .background,
+           !ClaudeOAuthKeychainAccessGate.shouldAllowPrompt()
+        {
+            return .unavailable
+        }
         #if os(macOS)
-        let newest: ClaudeKeychainCandidate? = self.claudeKeychainCandidatesWithoutPrompt().first
-            ?? self.claudeKeychainLegacyCandidateWithoutPrompt()
-        guard let newest else { return nil }
+        let candidatesProbe = self.claudeKeychainCandidatesProbeWithoutPrompt(promptMode: mode)
+        let newest: ClaudeKeychainCandidate?
+        switch candidatesProbe {
+        case .unavailable:
+            return .unavailable
+        case let .value(candidates):
+            if let first = candidates.first {
+                newest = first
+            } else {
+                switch self.claudeKeychainLegacyCandidateProbeWithoutPrompt(promptMode: mode) {
+                case .unavailable:
+                    return .unavailable
+                case let .value(candidate):
+                    newest = candidate
+                }
+            }
+        }
+        guard let newest else { return .value(nil) }
 
         let modifiedAt = newest.modifiedAt.map { Int($0.timeIntervalSince1970) }
         let createdAt = newest.createdAt.map { Int($0.timeIntervalSince1970) }
         let persistentRefHash = Self.sha256Prefix(newest.persistentRef)
-        return ClaudeKeychainFingerprint(
+        return .value(ClaudeKeychainFingerprint(
             modifiedAt: modifiedAt,
             createdAt: createdAt,
-            persistentRefHash: persistentRefHash)
+            persistentRefHash: persistentRefHash))
         #else
-        return nil
+        return .unavailable
         #endif
     }
 
@@ -1084,21 +1552,21 @@ public enum ClaudeOAuthCredentialsStore {
     }
 
     #if os(macOS)
-    private struct ClaudeKeychainCandidate: Sendable {
+    private struct ClaudeKeychainCandidate {
         let persistentRef: Data
         let account: String?
         let modifiedAt: Date?
         let createdAt: Date?
     }
 
-    private static func claudeKeychainCandidatesWithoutPrompt(
+    private static func claudeKeychainCandidatesProbeWithoutPrompt(
         promptMode: ClaudeOAuthKeychainPromptMode = ClaudeOAuthKeychainPromptPreference
-            .current()) -> [ClaudeKeychainCandidate]
+            .current()) -> ClaudeKeychainProbe<[ClaudeKeychainCandidate]>
     {
-        guard self.shouldAllowClaudeCodeKeychainAccess(mode: promptMode) else { return [] }
+        guard self.shouldAllowClaudeCodeKeychainAccess(mode: promptMode) else { return .unavailable }
         if self.isPromptPolicyApplicable,
            ProviderInteractionContext.current == .background,
-           !ClaudeOAuthKeychainAccessGate.shouldAllowPrompt() { return [] }
+           !ClaudeOAuthKeychainAccessGate.shouldAllowPrompt() { return .unavailable }
         var query: [String: Any] = [
             kSecClass as String: kSecClassGenericPassword,
             kSecAttrService as String: self.claudeKeychainService,
@@ -1110,12 +1578,13 @@ public enum ClaudeOAuthCredentialsStore {
 
         let (status, result, durationMs) = ClaudeOAuthKeychainQueryTiming.copyMatching(query)
         if ClaudeOAuthKeychainQueryTiming
-            .backoffIfSlowNoUIQuery(durationMs, self.claudeKeychainService, self.log) { return [] }
+            .backoffIfSlowNoUIQuery(durationMs, self.claudeKeychainService, self.log) { return .unavailable }
         if status == errSecUserCanceled || status == errSecAuthFailed || status == errSecNoAccessForItem {
             ClaudeOAuthKeychainAccessGate.recordDenied()
         }
-        guard status == errSecSuccess else { return [] }
-        guard let rows = result as? [[String: Any]], !rows.isEmpty else { return [] }
+        if status == errSecItemNotFound { return .value([]) }
+        guard status == errSecSuccess else { return .unavailable }
+        guard let rows = result as? [[String: Any]], !rows.isEmpty else { return .value([]) }
 
         let candidates: [ClaudeKeychainCandidate] = rows.compactMap { row in
             guard let persistentRef = row[kSecValuePersistentRef as String] as? Data else { return nil }
@@ -1126,21 +1595,34 @@ public enum ClaudeOAuthCredentialsStore {
                 createdAt: row[kSecAttrCreationDate as String] as? Date)
         }
 
-        return candidates.sorted { lhs, rhs in
+        let sorted = candidates.sorted { lhs, rhs in
             let lhsDate = lhs.modifiedAt ?? lhs.createdAt ?? Date.distantPast
             let rhsDate = rhs.modifiedAt ?? rhs.createdAt ?? Date.distantPast
             return lhsDate > rhsDate
         }
+        return .value(sorted)
     }
 
-    private static func claudeKeychainLegacyCandidateWithoutPrompt(
+    private static func claudeKeychainCandidatesWithoutPrompt(
         promptMode: ClaudeOAuthKeychainPromptMode = ClaudeOAuthKeychainPromptPreference
-            .current()) -> ClaudeKeychainCandidate?
+            .current()) -> [ClaudeKeychainCandidate]
     {
-        guard self.shouldAllowClaudeCodeKeychainAccess(mode: promptMode) else { return nil }
+        switch self.claudeKeychainCandidatesProbeWithoutPrompt(promptMode: promptMode) {
+        case .unavailable:
+            []
+        case let .value(candidates):
+            candidates
+        }
+    }
+
+    private static func claudeKeychainLegacyCandidateProbeWithoutPrompt(
+        promptMode: ClaudeOAuthKeychainPromptMode = ClaudeOAuthKeychainPromptPreference
+            .current()) -> ClaudeKeychainProbe<ClaudeKeychainCandidate?>
+    {
+        guard self.shouldAllowClaudeCodeKeychainAccess(mode: promptMode) else { return .unavailable }
         if self.isPromptPolicyApplicable,
            ProviderInteractionContext.current == .background,
-           !ClaudeOAuthKeychainAccessGate.shouldAllowPrompt() { return nil }
+           !ClaudeOAuthKeychainAccessGate.shouldAllowPrompt() { return .unavailable }
         var query: [String: Any] = [
             kSecClass as String: kSecClassGenericPassword,
             kSecAttrService as String: self.claudeKeychainService,
@@ -1152,18 +1634,31 @@ public enum ClaudeOAuthCredentialsStore {
 
         let (status, result, durationMs) = ClaudeOAuthKeychainQueryTiming.copyMatching(query)
         if ClaudeOAuthKeychainQueryTiming
-            .backoffIfSlowNoUIQuery(durationMs, self.claudeKeychainService, self.log) { return nil }
+            .backoffIfSlowNoUIQuery(durationMs, self.claudeKeychainService, self.log) { return .unavailable }
         if status == errSecUserCanceled || status == errSecAuthFailed || status == errSecNoAccessForItem {
             ClaudeOAuthKeychainAccessGate.recordDenied()
         }
-        guard status == errSecSuccess else { return nil }
-        guard let row = result as? [String: Any] else { return nil }
-        guard let persistentRef = row[kSecValuePersistentRef as String] as? Data else { return nil }
-        return ClaudeKeychainCandidate(
+        if status == errSecItemNotFound { return .value(nil) }
+        guard status == errSecSuccess else { return .unavailable }
+        guard let row = result as? [String: Any] else { return .value(nil) }
+        guard let persistentRef = row[kSecValuePersistentRef as String] as? Data else { return .value(nil) }
+        return .value(ClaudeKeychainCandidate(
             persistentRef: persistentRef,
             account: row[kSecAttrAccount as String] as? String,
             modifiedAt: row[kSecAttrModificationDate as String] as? Date,
-            createdAt: row[kSecAttrCreationDate as String] as? Date)
+            createdAt: row[kSecAttrCreationDate as String] as? Date))
+    }
+
+    private static func claudeKeychainLegacyCandidateWithoutPrompt(
+        promptMode: ClaudeOAuthKeychainPromptMode = ClaudeOAuthKeychainPromptPreference
+            .current()) -> ClaudeKeychainCandidate?
+    {
+        switch self.claudeKeychainLegacyCandidateProbeWithoutPrompt(promptMode: promptMode) {
+        case .unavailable:
+            nil
+        case let .value(candidate):
+            candidate
+        }
     }
 
     private static func loadClaudeKeychainData(
@@ -1323,23 +1818,22 @@ public enum ClaudeOAuthCredentialsStore {
     }
 
     #if DEBUG
-    static func withCredentialsURLOverrideForTesting<T>(
-        _ url: URL?,
-        operation: () throws -> T) rethrows -> T
-    {
+    public static func withCredentialsURLOverrideForTesting<T>(_ url: URL?, operation: () throws -> T) rethrows -> T {
         try self.$taskCredentialsURLOverride.withValue(url) {
             try operation()
         }
     }
 
-    static func withCredentialsURLOverrideForTesting<T>(
-        _ url: URL?,
-        operation: () async throws -> T) async rethrows -> T
-    {
+    public static func withCredentialsURLOverrideForTesting<T>(_ url: URL?, operation: () async throws -> T)
+    async rethrows -> T {
         try await self.$taskCredentialsURLOverride.withValue(url) {
             try await operation()
         }
     }
+
+    public static var currentCredentialsURLOverrideForTesting: URL? {
+        self.taskCredentialsURLOverride
+    }
     #endif
 
     private static func saveToCacheKeychain(_ data: Data, owner: ClaudeOAuthCredentialOwner? = nil) {
@@ -1354,10 +1848,22 @@ public enum ClaudeOAuthCredentialsStore {
     private static var keychainAccessAllowed: Bool {
         #if DEBUG
         if let override = self.taskKeychainAccessOverride { return !override }
+        if KeychainAccessGate.currentOverrideForTesting == true { return false }
+        if self.hasTaskKeychainTestingOverride { return true }
         #endif
         return !KeychainAccessGate.isDisabled
     }
 
+    #if DEBUG
+    private static var hasTaskKeychainTestingOverride: Bool {
+        self.taskClaudeKeychainOverrideStore != nil
+            || self.taskClaudeKeychainDataOverride != nil
+            || self.taskClaudeKeychainFingerprintOverride != nil
+            || self.taskSecurityCLIReadOverride != nil
+            || self.taskSecurityCLIReadAccountOverride != nil
+    }
+    #endif
+
     private static var isPromptPolicyApplicable: Bool {
         ClaudeOAuthKeychainPromptPreference.isApplicable()
     }
@@ -1509,102 +2015,7 @@ extension ClaudeOAuthCredentialsStore {
     /// CodexBar's caches. This is used to avoid triggering a second OS keychain dialog during the OAuth retry.
     @discardableResult
     static func syncFromClaudeKeychainWithoutPrompt(now: Date = Date()) -> Bool {
-        #if os(macOS)
-        let mode = ClaudeOAuthKeychainPromptPreference.current()
-        guard self.shouldAllowClaudeCodeKeychainAccess(mode: mode) else { return false }
-
-        if let data = self.loadFromClaudeKeychainViaSecurityCLIIfEnabled(
-            interaction: ProviderInteractionContext.current),
-            !data.isEmpty
-        {
-            if let creds = try? ClaudeOAuthCredentials.parse(data: data), !creds.isExpired {
-                // Keep delegated refresh recovery on the security CLI path only in experimental mode.
-                // Avoid Security.framework fingerprint probes here because "no UI" queries can still prompt.
-                self.writeMemoryCache(
-                    record: ClaudeOAuthCredentialRecord(credentials: creds, owner: .claudeCLI, source: .memoryCache),
-                    timestamp: now)
-                self.saveToCacheKeychain(data, owner: .claudeCLI)
-                return true
-            }
-        }
-
-        let fallbackPromptMode = ClaudeOAuthKeychainPromptPreference.securityFrameworkFallbackMode()
-        guard self.shouldAllowClaudeCodeKeychainAccess(mode: fallbackPromptMode) else { return false }
-
-        // If background keychain access has been denied/blocked, don't attempt silent Security.framework fallback
-        // reads that could trigger repeated prompts on misbehaving configurations.
-        if ProviderInteractionContext.current == .background,
-           !ClaudeOAuthKeychainAccessGate.shouldAllowPrompt(now: now) { return false }
-
-        #if DEBUG
-        // Test hook: allow unit tests to simulate a silent Security.framework fallback read without touching
-        // the real Keychain.
-        let override = self.taskClaudeKeychainOverrideStore?.data ?? self.taskClaudeKeychainDataOverride
-            ?? self.claudeKeychainDataOverride
-        if let override,
-           !override.isEmpty,
-           let creds = try? ClaudeOAuthCredentials.parse(data: override),
-           !creds.isExpired
-        {
-            self.saveClaudeKeychainFingerprint(self.currentClaudeKeychainFingerprintWithoutPrompt())
-            self.writeMemoryCache(
-                record: ClaudeOAuthCredentialRecord(credentials: creds, owner: .claudeCLI, source: .memoryCache),
-                timestamp: now)
-            self.saveToCacheKeychain(override, owner: .claudeCLI)
-            return true
-        }
-        #endif
-
-        // Skip the silent data read if preflight indicates interaction is likely.
-        // Why: on some systems, Security.framework can still surface UI even for "no UI" probes.
-        if self.shouldShowClaudeKeychainPreAlert() {
-            return false
-        }
-
-        // Consult only the newest candidate to avoid syncing from a different keychain entry (e.g. old login).
-        if let candidate = self.claudeKeychainCandidatesWithoutPrompt(promptMode: fallbackPromptMode).first,
-           let data = try? self.loadClaudeKeychainData(candidate: candidate, allowKeychainPrompt: false),
-           !data.isEmpty
-        {
-            let fingerprint = ClaudeKeychainFingerprint(
-                modifiedAt: candidate.modifiedAt.map { Int($0.timeIntervalSince1970) },
-                createdAt: candidate.createdAt.map { Int($0.timeIntervalSince1970) },
-                persistentRefHash: Self.sha256Prefix(candidate.persistentRef))
-
-            if let creds = try? ClaudeOAuthCredentials.parse(data: data), !creds.isExpired {
-                self.saveClaudeKeychainFingerprint(fingerprint)
-                self.writeMemoryCache(
-                    record: ClaudeOAuthCredentialRecord(credentials: creds, owner: .claudeCLI, source: .memoryCache),
-                    timestamp: now)
-                self.saveToCacheKeychain(data, owner: .claudeCLI)
-                return true
-            }
-
-            // Fingerprint so we don't repeatedly hammer a broken/expired keychain item during background retries.
-            self.saveClaudeKeychainFingerprint(fingerprint)
-        }
-
-        let legacyData = try? self.loadClaudeKeychainLegacyData(
-            allowKeychainPrompt: false,
-            promptMode: fallbackPromptMode)
-        if let legacyData,
-           !legacyData.isEmpty,
-           let creds = try? ClaudeOAuthCredentials.parse(data: legacyData),
-           !creds.isExpired
-        {
-            self.saveClaudeKeychainFingerprint(self.currentClaudeKeychainFingerprintWithoutPrompt())
-            self.writeMemoryCache(
-                record: ClaudeOAuthCredentialRecord(credentials: creds, owner: .claudeCLI, source: .memoryCache),
-                timestamp: now)
-            self.saveToCacheKeychain(legacyData, owner: .claudeCLI)
-            return true
-        }
-
-        return false
-        #else
-        _ = now
-        return false
-        #endif
+        Recovery(context: self.currentCollaboratorContext()).syncFromClaudeKeychainWithoutPrompt(now: now)
     }
 
     private static func shouldShowClaudeKeychainPreAlert() -> Bool {
@@ -1627,110 +2038,17 @@ extension ClaudeOAuthCredentialsStore {
     public static func refreshAccessToken(
         refreshToken: String,
         existingScopes: [String],
-        existingRateLimitTier: String?) async throws -> ClaudeOAuthCredentials
+        existingRateLimitTier: String?,
+        existingSubscriptionType: String? = nil) async throws -> ClaudeOAuthCredentials
     {
-        let newCredentials = try await self.refreshAccessTokenCore(
+        try await Refresher(context: self.currentCollaboratorContext()).refreshAccessToken(
             refreshToken: refreshToken,
             existingScopes: existingScopes,
-            existingRateLimitTier: existingRateLimitTier)
-
-        // Save to CodexBar's keychain cache (not Claude's keychain)
-        self.saveRefreshedCredentialsToCache(newCredentials)
-
-        // Update in-memory cache
-        self.writeMemoryCache(
-            record: ClaudeOAuthCredentialRecord(
-                credentials: newCredentials,
-                owner: .codexbar,
-                source: .memoryCache),
-            timestamp: Date())
-        ClaudeOAuthRefreshFailureGate.recordSuccess()
-
-        return newCredentials
-    }
-
-    /// Core refresh logic (network + error disposition + failure gating).
-    /// Does not update any caches or keychain items.
-    private static func refreshAccessTokenCore(
-        refreshToken: String,
-        existingScopes: [String],
-        existingRateLimitTier: String?) async throws -> ClaudeOAuthCredentials
-    {
-        guard ClaudeOAuthRefreshFailureGate.shouldAttempt() else {
-            let status = ClaudeOAuthRefreshFailureGate.currentBlockStatus()
-            let message = switch status {
-            case .terminal:
-                "Claude OAuth refresh blocked until auth changes. \(self.reauthenticateHint)"
-            case .transient:
-                "Claude OAuth refresh temporarily backed off due to prior failures; will retry automatically."
-            case nil:
-                "Claude OAuth refresh temporarily suppressed due to prior failures; will retry automatically."
-            }
-            throw ClaudeOAuthCredentialsError.refreshFailed(message)
-        }
-
-        guard let url = URL(string: self.tokenRefreshEndpoint) else {
-            throw ClaudeOAuthCredentialsError.refreshFailed("Invalid token endpoint URL")
-        }
-
-        var request = URLRequest(url: url)
-        request.httpMethod = "POST"
-        request.timeoutInterval = 30
-        request.setValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")
-        request.setValue("application/json", forHTTPHeaderField: "Accept")
-
-        var components = URLComponents()
-        components.queryItems = [
-            URLQueryItem(name: "grant_type", value: "refresh_token"),
-            URLQueryItem(name: "refresh_token", value: refreshToken),
-            URLQueryItem(name: "client_id", value: self.oauthClientID),
-        ]
-        request.httpBody = (components.percentEncodedQuery ?? "").data(using: .utf8)
-
-        let (data, response) = try await URLSession.shared.data(for: request)
-
-        guard let http = response as? HTTPURLResponse else {
-            throw ClaudeOAuthCredentialsError.refreshFailed("Invalid response")
-        }
-
-        guard http.statusCode == 200 else {
-            if let disposition = self.refreshFailureDisposition(statusCode: http.statusCode, data: data) {
-                let oauthError = self.extractOAuthErrorCode(from: data)
-                self.log.info(
-                    "Claude OAuth refresh rejected",
-                    metadata: [
-                        "httpStatus": "\(http.statusCode)",
-                        "oauthError": oauthError ?? "nil",
-                        "disposition": disposition.rawValue,
-                    ])
-
-                switch disposition {
-                case .terminalInvalidGrant:
-                    ClaudeOAuthRefreshFailureGate.recordTerminalAuthFailure()
-                    self.invalidateCache()
-                    throw ClaudeOAuthCredentialsError.refreshFailed(
-                        "HTTP \(http.statusCode) invalid_grant. \(self.reauthenticateHint)")
-                case .transientBackoff:
-                    ClaudeOAuthRefreshFailureGate.recordTransientFailure()
-                    let suffix = oauthError.map { " (\($0))" } ?? ""
-                    throw ClaudeOAuthCredentialsError.refreshFailed("HTTP \(http.statusCode)\(suffix)")
-                }
-            }
-            throw ClaudeOAuthCredentialsError.refreshFailed("HTTP \(http.statusCode)")
-        }
-
-        let tokenResponse = try JSONDecoder().decode(TokenRefreshResponse.self, from: data)
-        let expiresAt = Date(timeIntervalSinceNow: TimeInterval(tokenResponse.expiresIn))
-
-        return ClaudeOAuthCredentials(
-            accessToken: tokenResponse.accessToken,
-            refreshToken: tokenResponse.refreshToken ?? refreshToken,
-            expiresAt: expiresAt,
-            scopes: existingScopes,
-            rateLimitTier: existingRateLimitTier)
+            existingRateLimitTier: existingRateLimitTier,
+            existingSubscriptionType: existingSubscriptionType)
     }
 
-    private enum RefreshFailureDisposition: String, Sendable {
+    private enum RefreshFailureDisposition: String {
         case terminalInvalidGrant
         case transientBackoff
     }
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthDelegatedRefreshCoordinator.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthDelegatedRefreshCoordinator.swift
index feec7c26e..d775e584f 100644
--- a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthDelegatedRefreshCoordinator.swift
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthDelegatedRefreshCoordinator.swift
@@ -1,6 +1,21 @@
 import Foundation
 
 public enum ClaudeOAuthDelegatedRefreshCoordinator {
+    private final class AttemptStateStorage: @unchecked Sendable {
+        let lock = NSLock()
+        let persistsCooldown: Bool
+        var hasLoadedState = false
+        var lastAttemptAt: Date?
+        var lastCooldownInterval: TimeInterval?
+        var inFlightAttemptID: UInt64?
+        var inFlightTask: Task<Outcome, Never>?
+        var nextAttemptID: UInt64 = 0
+
+        init(persistsCooldown: Bool) {
+            self.persistsCooldown = persistsCooldown
+        }
+    }
+
     public enum Outcome: Sendable, Equatable {
         case skippedByCooldown
         case cliUnavailable
@@ -14,84 +29,125 @@ public enum ClaudeOAuthDelegatedRefreshCoordinator {
     private static let defaultCooldownInterval: TimeInterval = 60 * 5
     private static let shortCooldownInterval: TimeInterval = 20
 
-    private static let stateLock = NSLock()
-    private nonisolated(unsafe) static var hasLoadedState = false
-    private nonisolated(unsafe) static var lastAttemptAt: Date?
-    private nonisolated(unsafe) static var lastCooldownInterval: TimeInterval?
-    private nonisolated(unsafe) static var inFlightAttemptID: UInt64?
-    private nonisolated(unsafe) static var inFlightTask: Task<Outcome, Never>?
-    private nonisolated(unsafe) static var nextAttemptID: UInt64 = 0
+    private static let sharedState = AttemptStateStorage(persistsCooldown: true)
 
-    public static func attempt(now: Date = Date(), timeout: TimeInterval = 8) async -> Outcome {
+    public static func attempt(
+        now: Date = Date(),
+        timeout: TimeInterval = 8,
+        environment: [String: String] = ProcessInfo.processInfo.environment) async -> Outcome
+    {
         if Task.isCancelled {
             return .attemptedFailed("Cancelled.")
         }
 
-        switch self.inFlightDecision(now: now, timeout: timeout) {
+        switch self.inFlightDecision(now: now, timeout: timeout, environment: environment) {
         case let .join(task):
             return await task.value
-        case let .start(id, task):
+        case let .start(id, task, state):
             let outcome = await task.value
-            self.clearInFlightTaskIfStillCurrent(id: id)
+            self.clearInFlightTaskIfStillCurrent(id: id, state: state)
             return outcome
         }
     }
 
     private enum InFlightDecision {
         case join(Task<Outcome, Never>)
-        case start(UInt64, Task<Outcome, Never>)
+        case start(UInt64, Task<Outcome, Never>, AttemptStateStorage)
     }
 
-    private static func inFlightDecision(now: Date, timeout: TimeInterval) -> InFlightDecision {
-        self.stateLock.lock()
-        defer { self.stateLock.unlock() }
+    private struct AttemptConfiguration {
+        let environment: [String: String]
+        let readStrategy: ClaudeOAuthKeychainReadStrategy
+        let keychainAccessDisabled: Bool
+        #if DEBUG
+        let cliAvailableOverride: Bool?
+        let touchAuthPathOverride: (@Sendable (TimeInterval, [String: String]) async throws -> Void)?
+        let keychainFingerprintOverride: (@Sendable () -> ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint?)?
+        #endif
+    }
+
+    private static func inFlightDecision(
+        now: Date,
+        timeout: TimeInterval,
+        environment: [String: String]) -> InFlightDecision
+    {
+        let state = self.currentStateStorage
+        state.lock.lock()
+        defer { state.lock.unlock() }
 
-        if let existing = self.inFlightTask {
+        if let existing = state.inFlightTask {
             return .join(existing)
         }
 
-        self.nextAttemptID += 1
-        let attemptID = self.nextAttemptID
+        state.nextAttemptID += 1
+        let attemptID = state.nextAttemptID
         // Detached to avoid inheriting the caller's executor context (e.g. MainActor) and cancellation state.
-        let readStrategy = ClaudeOAuthKeychainReadStrategyPreference.current()
-        let keychainAccessDisabled = KeychainAccessGate.isDisabled
+        #if DEBUG
+        let configuration = AttemptConfiguration(
+            environment: environment,
+            readStrategy: ClaudeOAuthKeychainReadStrategyPreference.current(),
+            keychainAccessDisabled: KeychainAccessGate.isDisabled,
+            cliAvailableOverride: self.cliAvailableOverrideForTesting,
+            touchAuthPathOverride: self.touchAuthPathOverrideForTesting,
+            keychainFingerprintOverride: self.keychainFingerprintOverrideForTesting)
+        let securityCLIReadOverride = ClaudeOAuthCredentialsStore.currentSecurityCLIReadOverrideForTesting()
+        #else
+        let configuration = AttemptConfiguration(
+            environment: environment,
+            readStrategy: ClaudeOAuthKeychainReadStrategyPreference.current(),
+            keychainAccessDisabled: KeychainAccessGate.isDisabled)
+        #endif
         let task = Task.detached(priority: .utility) {
+            #if DEBUG
+            return await ClaudeOAuthCredentialsStore.withSecurityCLIReadOverrideForTesting(securityCLIReadOverride) {
+                await self.performAttempt(
+                    now: now,
+                    timeout: timeout,
+                    configuration: configuration,
+                    state: state)
+            }
+            #else
             await self.performAttempt(
                 now: now,
                 timeout: timeout,
-                readStrategy: readStrategy,
-                keychainAccessDisabled: keychainAccessDisabled)
+                configuration: configuration,
+                state: state)
+            #endif
         }
-        self.inFlightAttemptID = attemptID
-        self.inFlightTask = task
-        return .start(attemptID, task)
+        state.inFlightAttemptID = attemptID
+        state.inFlightTask = task
+        return .start(attemptID, task, state)
     }
 
     private static func performAttempt(
         now: Date,
         timeout: TimeInterval,
-        readStrategy: ClaudeOAuthKeychainReadStrategy,
-        keychainAccessDisabled: Bool) async -> Outcome
+        configuration: AttemptConfiguration,
+        state: AttemptStateStorage) async -> Outcome
     {
-        guard self.isClaudeCLIAvailable() else {
+        guard self.isClaudeCLIAvailable(environment: configuration.environment, configuration: configuration) else {
             self.log.info("Claude OAuth delegated refresh skipped: claude CLI unavailable")
             return .cliUnavailable
         }
 
         // Atomically reserve an attempt under the lock so concurrent callers don't race past isInCooldown() and start
         // multiple touches/poll loops.
-        guard self.reserveAttemptIfNotInCooldown(now: now) else {
+        guard self.reserveAttemptIfNotInCooldown(now: now, state: state) else {
             self.log.debug("Claude OAuth delegated refresh skipped by cooldown")
             return .skippedByCooldown
         }
 
         let baseline = self.currentKeychainChangeObservationBaseline(
-            readStrategy: readStrategy,
-            keychainAccessDisabled: keychainAccessDisabled)
+            readStrategy: configuration.readStrategy,
+            keychainAccessDisabled: configuration.keychainAccessDisabled,
+            configuration: configuration)
         var touchError: Error?
 
         do {
-            try await self.touchOAuthAuthPath(timeout: timeout)
+            try await self.touchOAuthAuthPath(
+                timeout: timeout,
+                environment: configuration.environment,
+                configuration: configuration)
         } catch {
             touchError = error
         }
@@ -100,16 +156,17 @@ public enum ClaudeOAuthDelegatedRefreshCoordinator {
         // Otherwise we end up in a long cooldown with still-expired credentials.
         let changed = await self.waitForClaudeKeychainChange(
             from: baseline,
-            readStrategy: readStrategy,
-            keychainAccessDisabled: keychainAccessDisabled,
+            readStrategy: configuration.readStrategy,
+            keychainAccessDisabled: configuration.keychainAccessDisabled,
+            configuration: configuration,
             timeout: min(max(timeout, 1), 2))
         if changed {
-            self.recordAttempt(now: now, cooldown: self.defaultCooldownInterval)
+            self.recordAttempt(now: now, cooldown: self.defaultCooldownInterval, state: state)
             self.log.info("Claude OAuth delegated refresh touch succeeded")
             return .attemptedSucceeded
         }
 
-        self.recordAttempt(now: now, cooldown: self.shortCooldownInterval)
+        self.recordAttempt(now: now, cooldown: self.shortCooldownInterval, state: state)
         if let touchError {
             let errorType = String(describing: type(of: touchError))
             self.log.warning(
@@ -124,65 +181,85 @@ public enum ClaudeOAuthDelegatedRefreshCoordinator {
     }
 
     public static func isInCooldown(now: Date = Date()) -> Bool {
-        self.stateLock.lock()
-        defer { self.stateLock.unlock() }
-        self.loadStateIfNeededLocked()
-        guard let lastAttemptAt = self.lastAttemptAt else { return false }
-        let cooldown = self.lastCooldownInterval ?? self.defaultCooldownInterval
+        let state = self.currentStateStorage
+        state.lock.lock()
+        defer { state.lock.unlock() }
+        self.loadStateIfNeededLocked(state: state)
+        guard let lastAttemptAt = state.lastAttemptAt else { return false }
+        let cooldown = state.lastCooldownInterval ?? self.defaultCooldownInterval
         return now.timeIntervalSince(lastAttemptAt) < cooldown
     }
 
     public static func cooldownRemainingSeconds(now: Date = Date()) -> Int? {
-        self.stateLock.lock()
-        defer { self.stateLock.unlock() }
-        self.loadStateIfNeededLocked()
-        guard let lastAttemptAt = self.lastAttemptAt else { return nil }
-        let cooldown = self.lastCooldownInterval ?? self.defaultCooldownInterval
+        let state = self.currentStateStorage
+        state.lock.lock()
+        defer { state.lock.unlock() }
+        self.loadStateIfNeededLocked(state: state)
+        guard let lastAttemptAt = state.lastAttemptAt else { return nil }
+        let cooldown = state.lastCooldownInterval ?? self.defaultCooldownInterval
         let remaining = cooldown - now.timeIntervalSince(lastAttemptAt)
         guard remaining > 0 else { return nil }
         return Int(remaining.rounded(.up))
     }
 
-    public static func isClaudeCLIAvailable() -> Bool {
+    public static func isClaudeCLIAvailable(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> Bool
+    {
+        self.isClaudeCLIAvailable(
+            environment: environment,
+            configuration: nil)
+    }
+
+    private static func isClaudeCLIAvailable(
+        environment: [String: String],
+        configuration: AttemptConfiguration?) -> Bool
+    {
         #if DEBUG
-        if let override = self.cliAvailableOverride {
+        if let override = configuration?.cliAvailableOverride ?? self.cliAvailableOverrideForTesting {
             return override
         }
         #endif
-        return ClaudeStatusProbe.isClaudeBinaryAvailable()
+        return ClaudeCLIResolver.isAvailable(environment: environment)
     }
 
-    private static func touchOAuthAuthPath(timeout: TimeInterval) async throws {
+    private static func touchOAuthAuthPath(
+        timeout: TimeInterval,
+        environment: [String: String],
+        configuration: AttemptConfiguration?) async throws
+    {
         #if DEBUG
-        if let override = self.touchAuthPathOverride {
-            try await override(timeout)
+        if let override = configuration?.touchAuthPathOverride ?? self.touchAuthPathOverrideForTesting {
+            try await override(timeout, environment)
             return
         }
         #endif
-        try await ClaudeStatusProbe.touchOAuthAuthPath(timeout: timeout)
+        try await ClaudeStatusProbe.touchOAuthAuthPath(timeout: timeout, environment: environment)
     }
 
-    private enum KeychainChangeObservationBaseline: Sendable {
+    private enum KeychainChangeObservationBaseline {
         case securityFramework(fingerprint: ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint?)
         case securityCLI(data: Data?)
     }
 
     private static func currentKeychainChangeObservationBaseline(
         readStrategy: ClaudeOAuthKeychainReadStrategy,
-        keychainAccessDisabled: Bool) -> KeychainChangeObservationBaseline
+        keychainAccessDisabled: Bool,
+        configuration: AttemptConfiguration?) -> KeychainChangeObservationBaseline
     {
-        if readStrategy == .securityCLI {
+        if readStrategy == .securityCLIExperimental {
             return .securityCLI(data: self.currentClaudeKeychainDataViaSecurityCLIForObservation(
                 readStrategy: readStrategy,
-                keychainAccessDisabled: keychainAccessDisabled))
+                keychainAccessDisabled: keychainAccessDisabled,
+                interaction: .background))
         }
-        return .securityFramework(fingerprint: self.currentClaudeKeychainFingerprint())
+        return .securityFramework(fingerprint: self.currentClaudeKeychainFingerprint(configuration: configuration))
     }
 
     private static func waitForClaudeKeychainChange(
         from baseline: KeychainChangeObservationBaseline,
         readStrategy: ClaudeOAuthKeychainReadStrategy,
         keychainAccessDisabled: Bool,
+        configuration: AttemptConfiguration?,
         timeout: TimeInterval) async -> Bool
     {
         // Prefer correctness but bound the delay. Keychain writes can be slightly delayed after the CLI touch.
@@ -198,7 +275,10 @@ public enum ClaudeOAuthDelegatedRefreshCoordinator {
             case let .securityFramework(fingerprintBefore):
                 // Treat "no fingerprint" as "not observed"; we only succeed if we can read a fingerprint and it
                 // differs.
-                guard let current = self.currentClaudeKeychainFingerprintForObservation() else { return false }
+                guard let current = self.currentClaudeKeychainFingerprintForObservation(configuration: configuration)
+                else {
+                    return false
+                }
                 return current != fingerprintBefore
             case let .securityCLI(dataBefore):
                 // In experimental mode, avoid Security.framework observation entirely and detect change from
@@ -208,7 +288,8 @@ public enum ClaudeOAuthDelegatedRefreshCoordinator {
                 guard let dataBefore else { return false }
                 guard let current = self.currentClaudeKeychainDataViaSecurityCLIForObservation(
                     readStrategy: readStrategy,
-                    keychainAccessDisabled: keychainAccessDisabled)
+                    keychainAccessDisabled: keychainAccessDisabled,
+                    interaction: .background)
                 else { return false }
                 return current != dataBefore
             }
@@ -235,9 +316,11 @@ public enum ClaudeOAuthDelegatedRefreshCoordinator {
         return false
     }
 
-    private static func currentClaudeKeychainFingerprint() -> ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint? {
+    private static func currentClaudeKeychainFingerprint(
+        configuration: AttemptConfiguration?) -> ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint?
+    {
         #if DEBUG
-        if let override = self.keychainFingerprintOverride {
+        if let override = configuration?.keychainFingerprintOverride ?? self.keychainFingerprintOverrideForTesting {
             return override()
         }
         #endif
@@ -246,9 +329,15 @@ public enum ClaudeOAuthDelegatedRefreshCoordinator {
 
     private static func currentClaudeKeychainFingerprintForObservation() -> ClaudeOAuthCredentialsStore
         .ClaudeKeychainFingerprint?
+    {
+        self.currentClaudeKeychainFingerprintForObservation(configuration: nil)
+    }
+
+    private static func currentClaudeKeychainFingerprintForObservation(
+        configuration: AttemptConfiguration?) -> ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint?
     {
         #if DEBUG
-        if let override = self.keychainFingerprintOverride {
+        if let override = configuration?.keychainFingerprintOverride ?? self.keychainFingerprintOverrideForTesting {
             return override()
         }
         #endif
@@ -265,101 +354,139 @@ public enum ClaudeOAuthDelegatedRefreshCoordinator {
 
     private static func currentClaudeKeychainDataViaSecurityCLIForObservation(
         readStrategy: ClaudeOAuthKeychainReadStrategy,
-        keychainAccessDisabled: Bool) -> Data?
+        keychainAccessDisabled: Bool,
+        interaction: ProviderInteraction) -> Data?
     {
         guard !keychainAccessDisabled else { return nil }
         return ClaudeOAuthCredentialsStore.loadFromClaudeKeychainViaSecurityCLIIfEnabled(
-            interaction: .background,
+            interaction: interaction,
             readStrategy: readStrategy)
     }
 
-    private static func clearInFlightTaskIfStillCurrent(id: UInt64) {
-        self.stateLock.lock()
-        if self.inFlightAttemptID == id {
-            self.inFlightAttemptID = nil
-            self.inFlightTask = nil
+    private static func clearInFlightTaskIfStillCurrent(id: UInt64, state: AttemptStateStorage) {
+        state.lock.lock()
+        if state.inFlightAttemptID == id {
+            state.inFlightAttemptID = nil
+            state.inFlightTask = nil
         }
-        self.stateLock.unlock()
+        state.lock.unlock()
     }
 
-    private static func recordAttempt(now: Date, cooldown: TimeInterval) {
-        self.stateLock.lock()
-        defer { self.stateLock.unlock() }
-        self.loadStateIfNeededLocked()
-        self.lastAttemptAt = now
-        self.lastCooldownInterval = cooldown
+    private static func recordAttempt(now: Date, cooldown: TimeInterval, state: AttemptStateStorage) {
+        state.lock.lock()
+        defer { state.lock.unlock() }
+        self.loadStateIfNeededLocked(state: state)
+        state.lastAttemptAt = now
+        state.lastCooldownInterval = cooldown
+        guard state.persistsCooldown else { return }
         UserDefaults.standard.set(now.timeIntervalSince1970, forKey: self.cooldownDefaultsKey)
         UserDefaults.standard.set(cooldown, forKey: self.cooldownIntervalDefaultsKey)
     }
 
-    private static func reserveAttemptIfNotInCooldown(now: Date) -> Bool {
-        self.stateLock.lock()
-        defer { self.stateLock.unlock() }
-        self.loadStateIfNeededLocked()
+    private static func reserveAttemptIfNotInCooldown(now: Date, state: AttemptStateStorage) -> Bool {
+        state.lock.lock()
+        defer { state.lock.unlock() }
+        self.loadStateIfNeededLocked(state: state)
 
-        let cooldown = self.lastCooldownInterval ?? self.defaultCooldownInterval
-        if let lastAttemptAt = self.lastAttemptAt, now.timeIntervalSince(lastAttemptAt) < cooldown {
+        let cooldown = state.lastCooldownInterval ?? self.defaultCooldownInterval
+        if let lastAttemptAt = state.lastAttemptAt, now.timeIntervalSince(lastAttemptAt) < cooldown {
             return false
         }
 
         // Reserve with a short cooldown; the final outcome will extend or keep it short.
-        self.lastAttemptAt = now
-        self.lastCooldownInterval = self.shortCooldownInterval
+        state.lastAttemptAt = now
+        state.lastCooldownInterval = self.shortCooldownInterval
+        guard state.persistsCooldown else { return true }
         UserDefaults.standard.set(now.timeIntervalSince1970, forKey: self.cooldownDefaultsKey)
         UserDefaults.standard.set(self.shortCooldownInterval, forKey: self.cooldownIntervalDefaultsKey)
         return true
     }
 
-    private static func loadStateIfNeededLocked() {
-        guard !self.hasLoadedState else { return }
-        self.hasLoadedState = true
+    private static func loadStateIfNeededLocked(state: AttemptStateStorage) {
+        guard !state.hasLoadedState else { return }
+        state.hasLoadedState = true
+        guard state.persistsCooldown else {
+            state.lastAttemptAt = nil
+            state.lastCooldownInterval = nil
+            return
+        }
         guard let raw = UserDefaults.standard.object(forKey: self.cooldownDefaultsKey) as? Double else {
-            self.lastAttemptAt = nil
-            self.lastCooldownInterval = nil
+            state.lastAttemptAt = nil
+            state.lastCooldownInterval = nil
             return
         }
-        self.lastAttemptAt = Date(timeIntervalSince1970: raw)
+        state.lastAttemptAt = Date(timeIntervalSince1970: raw)
         if let interval = UserDefaults.standard.object(forKey: self.cooldownIntervalDefaultsKey) as? Double {
-            self.lastCooldownInterval = interval
+            state.lastCooldownInterval = interval
         } else {
-            self.lastCooldownInterval = nil
+            state.lastCooldownInterval = nil
         }
     }
 
     #if DEBUG
-    private nonisolated(unsafe) static var cliAvailableOverride: Bool?
-    private nonisolated(unsafe) static var touchAuthPathOverride: (@Sendable (TimeInterval) async throws -> Void)?
-    private nonisolated(unsafe) static var keychainFingerprintOverride: (() -> ClaudeOAuthCredentialsStore
+    @TaskLocal private static var stateStorageForTesting: AttemptStateStorage?
+    @TaskLocal static var cliAvailableOverrideForTesting: Bool?
+    @TaskLocal static var touchAuthPathOverrideForTesting: (@Sendable (
+        TimeInterval,
+        [String: String]) async throws -> Void)?
+    @TaskLocal static var keychainFingerprintOverrideForTesting: (@Sendable () -> ClaudeOAuthCredentialsStore
         .ClaudeKeychainFingerprint?)?
 
-    static func setCLIAvailableOverrideForTesting(_ override: Bool?) {
-        self.cliAvailableOverride = override
+    static func withCLIAvailableOverrideForTesting<T>(
+        _ override: Bool?,
+        operation: () async throws -> T) async rethrows -> T
+    {
+        try await self.$cliAvailableOverrideForTesting.withValue(override) {
+            try await operation()
+        }
     }
 
-    static func setTouchAuthPathOverrideForTesting(_ override: (@Sendable (TimeInterval) async throws -> Void)?) {
-        self.touchAuthPathOverride = override
+    static func withTouchAuthPathOverrideForTesting<T>(
+        _ override: (@Sendable (TimeInterval, [String: String]) async throws -> Void)?,
+        operation: () async throws -> T) async rethrows -> T
+    {
+        try await self.$touchAuthPathOverrideForTesting.withValue(override) {
+            try await operation()
+        }
     }
 
-    static func setKeychainFingerprintOverrideForTesting(
-        _ override: (() -> ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint?)?)
+    static func withKeychainFingerprintOverrideForTesting<T>(
+        _ override: (@Sendable () -> ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint?)?,
+        operation: () async throws -> T) async rethrows -> T
     {
-        self.keychainFingerprintOverride = override
+        try await self.$keychainFingerprintOverrideForTesting.withValue(override) {
+            try await operation()
+        }
+    }
+
+    static func withIsolatedStateForTesting<T>(operation: () async throws -> T) async rethrows -> T {
+        let state = AttemptStateStorage(persistsCooldown: false)
+        return try await self.$stateStorageForTesting.withValue(state) {
+            try await operation()
+        }
     }
 
     static func resetForTesting() {
-        self.stateLock.lock()
-        self.hasLoadedState = true
-        self.lastAttemptAt = nil
-        self.lastCooldownInterval = nil
-        self.inFlightAttemptID = nil
-        self.inFlightTask = nil
-        self.nextAttemptID = 0
-        self.stateLock.unlock()
+        let state = self.currentStateStorage
+        state.lock.lock()
+        state.hasLoadedState = true
+        state.lastAttemptAt = nil
+        state.lastCooldownInterval = nil
+        state.inFlightAttemptID = nil
+        state.inFlightTask = nil
+        state.nextAttemptID = 0
+        state.lock.unlock()
+        guard state.persistsCooldown else { return }
         UserDefaults.standard.removeObject(forKey: self.cooldownDefaultsKey)
         UserDefaults.standard.removeObject(forKey: self.cooldownIntervalDefaultsKey)
-        self.cliAvailableOverride = nil
-        self.touchAuthPathOverride = nil
-        self.keychainFingerprintOverride = nil
     }
     #endif
+
+    private static var currentStateStorage: AttemptStateStorage {
+        #if DEBUG
+        self.stateStorageForTesting ?? self.sharedState
+        #else
+        self.sharedState
+        #endif
+    }
 }
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthKeychainAccessGate.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthKeychainAccessGate.swift
index 451a8b23e..6d43c45d6 100644
--- a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthKeychainAccessGate.swift
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthKeychainAccessGate.swift
@@ -14,8 +14,10 @@ public enum ClaudeOAuthKeychainAccessGate {
     private static let cooldownInterval: TimeInterval = 60 * 60 * 6
     @TaskLocal private static var taskOverrideShouldAllowPromptForTesting: Bool?
     #if DEBUG
-    final class DeniedUntilStore: @unchecked Sendable {
-        var deniedUntil: Date?
+    public final class DeniedUntilStore: @unchecked Sendable {
+        public var deniedUntil: Date?
+
+        public init() {}
     }
 
     @TaskLocal private static var taskDeniedUntilStoreOverrideForTesting: DeniedUntilStore?
@@ -106,7 +108,7 @@ public enum ClaudeOAuthKeychainAccessGate {
         }
     }
 
-    static func withDeniedUntilStoreOverrideForTesting<T>(
+    public static func withDeniedUntilStoreOverrideForTesting<T>(
         _ store: DeniedUntilStore?,
         operation: () throws -> T) rethrows -> T
     {
@@ -115,7 +117,7 @@ public enum ClaudeOAuthKeychainAccessGate {
         }
     }
 
-    static func withDeniedUntilStoreOverrideForTesting<T>(
+    public static func withDeniedUntilStoreOverrideForTesting<T>(
         _ store: DeniedUntilStore?,
         operation: () async throws -> T) async rethrows -> T
     {
@@ -124,6 +126,10 @@ public enum ClaudeOAuthKeychainAccessGate {
         }
     }
 
+    public static var currentDeniedUntilStoreOverrideForTesting: DeniedUntilStore? {
+        self.taskDeniedUntilStoreOverrideForTesting
+    }
+
     public static func resetForTesting() {
         self.lock.withLock { state in
             // Keep deterministic during tests: avoid re-loading UserDefaults written by unrelated code paths.
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthKeychainPromptMode.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthKeychainPromptMode.swift
index 3aa8dd0df..0ef6064d9 100644
--- a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthKeychainPromptMode.swift
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthKeychainPromptMode.swift
@@ -51,14 +51,14 @@ public enum ClaudeOAuthKeychainPromptPreference {
         readStrategy: ClaudeOAuthKeychainReadStrategy = ClaudeOAuthKeychainReadStrategyPreference.current())
         -> ClaudeOAuthKeychainPromptMode
     {
-        if readStrategy == .securityCLI {
+        if readStrategy == .securityCLIExperimental {
             return self.storedMode(userDefaults: userDefaults)
         }
         return self.effectiveMode(userDefaults: userDefaults, readStrategy: readStrategy)
     }
 
     #if DEBUG
-    static func withTaskOverrideForTesting<T>(
+    public static func withTaskOverrideForTesting<T>(
         _ mode: ClaudeOAuthKeychainPromptMode?,
         operation: () throws -> T) rethrows -> T
     {
@@ -67,7 +67,7 @@ public enum ClaudeOAuthKeychainPromptPreference {
         }
     }
 
-    static func withTaskOverrideForTesting<T>(
+    public static func withTaskOverrideForTesting<T>(
         _ mode: ClaudeOAuthKeychainPromptMode?,
         operation: () async throws -> T) async rethrows -> T
     {
@@ -75,5 +75,9 @@ public enum ClaudeOAuthKeychainPromptPreference {
             try await operation()
         }
     }
+
+    public static var currentTaskOverrideForTesting: ClaudeOAuthKeychainPromptMode? {
+        self.taskOverride
+    }
     #endif
 }
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthKeychainReadStrategy.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthKeychainReadStrategy.swift
index fcf8a0b46..01556f94a 100644
--- a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthKeychainReadStrategy.swift
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthKeychainReadStrategy.swift
@@ -2,7 +2,7 @@ import Foundation
 
 public enum ClaudeOAuthKeychainReadStrategy: String, Sendable, Codable, CaseIterable {
     case securityFramework
-    case securityCLI
+    case securityCLIExperimental
 }
 
 public enum ClaudeOAuthKeychainReadStrategyPreference {
@@ -16,16 +16,28 @@ public enum ClaudeOAuthKeychainReadStrategyPreference {
         #if DEBUG
         if let taskOverride { return taskOverride }
         #endif
-        if let raw = userDefaults.string(forKey: self.userDefaultsKey),
-           let strategy = ClaudeOAuthKeychainReadStrategy(rawValue: raw)
+        if let raw = userDefaults.string(forKey: self.userDefaultsKey) {
+            return ClaudeOAuthKeychainReadStrategy(rawValue: raw) ?? .securityFramework
+        }
+        #if DEBUG
+        if self.isRunningUnderTests,
+           ProcessInfo.processInfo.environment["CODEXBAR_ALLOW_TEST_KEYCHAIN_ACCESS"] != "1"
         {
-            return strategy
+            return .securityFramework
         }
-        return .securityCLI
+        #endif
+        return .securityCLIExperimental
     }
 
     #if DEBUG
-    static func withTaskOverrideForTesting<T>(
+    private static var isRunningUnderTests: Bool {
+        let processName = ProcessInfo.processInfo.processName
+        return processName == "swiftpm-testing-helper"
+            || processName.hasSuffix("PackageTests")
+            || ProcessInfo.processInfo.environment["XCTestConfigurationFilePath"] != nil
+    }
+
+    public static func withTaskOverrideForTesting<T>(
         _ strategy: ClaudeOAuthKeychainReadStrategy?,
         operation: () throws -> T) rethrows -> T
     {
@@ -34,7 +46,7 @@ public enum ClaudeOAuthKeychainReadStrategyPreference {
         }
     }
 
-    static func withTaskOverrideForTesting<T>(
+    public static func withTaskOverrideForTesting<T>(
         _ strategy: ClaudeOAuthKeychainReadStrategy?,
         operation: () async throws -> T) async rethrows -> T
     {
@@ -42,5 +54,9 @@ public enum ClaudeOAuthKeychainReadStrategyPreference {
             try await operation()
         }
     }
+
+    public static var currentTaskOverrideForTesting: ClaudeOAuthKeychainReadStrategy? {
+        self.taskOverride
+    }
     #endif
 }
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthRefreshFailureGate.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthRefreshFailureGate.swift
index 59aa13241..e9caa25a5 100644
--- a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthRefreshFailureGate.swift
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthRefreshFailureGate.swift
@@ -9,7 +9,7 @@ public enum ClaudeOAuthRefreshFailureGate {
         case transient(until: Date, failures: Int)
     }
 
-    struct AuthFingerprint: Codable, Equatable, Sendable {
+    struct AuthFingerprint: Codable, Equatable {
         let keychain: ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint?
         let credentialsFile: String?
     }
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthUsageFetcher.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthUsageFetcher.swift
index 5899eb189..72b2a4f58 100644
--- a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthUsageFetcher.swift
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthUsageFetcher.swift
@@ -5,6 +5,7 @@ import FoundationNetworking
 
 public enum ClaudeOAuthFetchError: LocalizedError, Sendable {
     case unauthorized
+    case rateLimited(retryAfter: Date?)
     case invalidResponse
     case serverError(Int, String?)
     case networkError(Error)
@@ -13,6 +14,9 @@ public enum ClaudeOAuthFetchError: LocalizedError, Sendable {
         switch self {
         case .unauthorized:
             return "Claude OAuth request unauthorized. Run `claude` to re-authenticate."
+        case .rateLimited:
+            return "Claude OAuth usage endpoint is rate limited by Anthropic right now. Wait a few minutes, "
+                + "then click Refresh. If it keeps happening, run `claude logout && claude login`, then try again."
         case .invalidResponse:
             return "Claude OAuth response was invalid."
         case let .serverError(code, body):
@@ -37,6 +41,10 @@ enum ClaudeOAuthUsageFetcher {
     private static let fallbackClaudeCodeVersion = "2.1.0"
 
     static func fetchUsage(accessToken: String) async throws -> OAuthUsageResponse {
+        if let blockedUntil = ClaudeOAuthUsageRateLimitGate.blockedUntil() {
+            throw ClaudeOAuthFetchError.rateLimited(retryAfter: blockedUntil)
+        }
+
         guard let url = URL(string: baseURL + usagePath) else {
             throw ClaudeOAuthFetchError.invalidResponse
         }
@@ -52,21 +60,26 @@ enum ClaudeOAuthUsageFetcher {
         request.setValue(Self.claudeCodeUserAgent(), forHTTPHeaderField: "User-Agent")
 
         do {
-            let (data, response) = try await URLSession.shared.data(for: request)
-            guard let http = response as? HTTPURLResponse else {
-                throw ClaudeOAuthFetchError.invalidResponse
-            }
-            switch http.statusCode {
+            let response = try await ProviderHTTPClient.shared.response(for: request)
+            let data = response.data
+            switch response.statusCode {
             case 200:
-                return try Self.decodeUsageResponse(data)
+                let usage = try Self.decodeUsageResponse(data)
+                ClaudeOAuthUsageRateLimitGate.recordSuccess()
+                return usage
             case 401:
                 throw ClaudeOAuthFetchError.unauthorized
+            case 429:
+                let retryAfter = Self.retryAfterDate(from: response.response)
+                ClaudeOAuthUsageRateLimitGate.recordRateLimit(retryAfter: retryAfter)
+                throw ClaudeOAuthFetchError.rateLimited(
+                    retryAfter: ClaudeOAuthUsageRateLimitGate.currentBlockedUntil() ?? retryAfter)
             case 403:
                 let body = String(data: data, encoding: .utf8)
-                throw ClaudeOAuthFetchError.serverError(http.statusCode, body)
+                throw ClaudeOAuthFetchError.serverError(response.statusCode, body)
             default:
                 let body = String(data: data, encoding: .utf8)
-                throw ClaudeOAuthFetchError.serverError(http.statusCode, body)
+                throw ClaudeOAuthFetchError.serverError(response.statusCode, body)
             }
         } catch let error as ClaudeOAuthFetchError {
             throw error
@@ -89,6 +102,23 @@ enum ClaudeOAuthUsageFetcher {
         return formatter.date(from: string)
     }
 
+    private static func retryAfterDate(from response: HTTPURLResponse, now: Date = Date()) -> Date? {
+        guard let raw = response.value(forHTTPHeaderField: "Retry-After")?
+            .trimmingCharacters(in: .whitespacesAndNewlines),
+            !raw.isEmpty
+        else { return nil }
+
+        if let seconds = TimeInterval(raw), seconds >= 0 {
+            return now.addingTimeInterval(seconds)
+        }
+
+        let formatter = DateFormatter()
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        formatter.timeZone = TimeZone(secondsFromGMT: 0)
+        formatter.dateFormat = "EEE',' dd MMM yyyy HH':'mm':'ss zzz"
+        return formatter.date(from: raw)
+    }
+
     private static func claudeCodeUserAgent() -> String {
         self.claudeCodeUserAgent(versionString: ProviderVersionDetector.claudeVersion())
     }
@@ -108,27 +138,93 @@ enum ClaudeOAuthUsageFetcher {
     }
 }
 
-struct OAuthUsageResponse: Decodable, Sendable {
+struct OAuthUsageResponse: Decodable {
     let fiveHour: OAuthUsageWindow?
     let sevenDay: OAuthUsageWindow?
     let sevenDayOAuthApps: OAuthUsageWindow?
     let sevenDayOpus: OAuthUsageWindow?
     let sevenDaySonnet: OAuthUsageWindow?
+    let sevenDayRoutines: OAuthUsageWindow?
+    let sevenDayRoutinesSourceKey: String?
     let iguanaNecktie: OAuthUsageWindow?
     let extraUsage: OAuthExtraUsage?
 
-    enum CodingKeys: String, CodingKey {
-        case fiveHour = "five_hour"
-        case sevenDay = "seven_day"
-        case sevenDayOAuthApps = "seven_day_oauth_apps"
-        case sevenDayOpus = "seven_day_opus"
-        case sevenDaySonnet = "seven_day_sonnet"
-        case iguanaNecktie = "iguana_necktie"
-        case extraUsage = "extra_usage"
+    init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: DynamicCodingKey.self)
+        self.fiveHour = Self.decodeWindow(in: container, keys: ["five_hour"])
+        self.sevenDay = Self.decodeWindow(in: container, keys: ["seven_day"])
+        self.sevenDayOAuthApps = Self.decodeWindow(in: container, keys: ["seven_day_oauth_apps"])
+        self.sevenDayOpus = Self.decodeWindow(in: container, keys: ["seven_day_opus"])
+        self.sevenDaySonnet = Self.decodeWindow(in: container, keys: ["seven_day_sonnet"])
+        let routines = Self.decodeWindowWithSource(in: container, keys: [
+            "seven_day_routines",
+            "seven_day_claude_routines",
+            "claude_routines",
+            "routines",
+            "routine",
+            "seven_day_cowork",
+            "cowork",
+        ])
+        self.sevenDayRoutines = routines.window
+        self.sevenDayRoutinesSourceKey = routines.sourceKey
+        self.iguanaNecktie = Self.decodeWindow(in: container, keys: ["iguana_necktie"])
+        self.extraUsage = Self.decodeValue(in: container, keys: ["extra_usage"])
+    }
+
+    private static func decodeWindow(
+        in container: KeyedDecodingContainer<DynamicCodingKey>,
+        keys: [String]) -> OAuthUsageWindow?
+    {
+        self.decodeValue(in: container, keys: keys)
+    }
+
+    private static func decodeWindowWithSource(
+        in container: KeyedDecodingContainer<DynamicCodingKey>,
+        keys: [String]) -> (window: OAuthUsageWindow?, sourceKey: String?)
+    {
+        var firstNullKey: String?
+        for keyName in keys {
+            guard let key = DynamicCodingKey(stringValue: keyName) else { continue }
+            guard container.contains(key) else { continue }
+            if let value = try? container.decodeIfPresent(OAuthUsageWindow.self, forKey: key) {
+                return (value, keyName)
+            }
+            if firstNullKey == nil {
+                firstNullKey = keyName
+            }
+        }
+        return (nil, firstNullKey)
+    }
+
+    private static func decodeValue<T: Decodable>(
+        in container: KeyedDecodingContainer<DynamicCodingKey>,
+        keys: [String]) -> T?
+    {
+        for keyName in keys {
+            guard let key = DynamicCodingKey(stringValue: keyName) else { continue }
+            if let value = try? container.decodeIfPresent(T.self, forKey: key) {
+                return value
+            }
+        }
+        return nil
+    }
+}
+
+private struct DynamicCodingKey: CodingKey {
+    let stringValue: String
+    let intValue: Int?
+
+    init?(stringValue: String) {
+        self.stringValue = stringValue
+        self.intValue = nil
+    }
+
+    init?(intValue: Int) {
+        nil
     }
 }
 
-struct OAuthUsageWindow: Decodable, Sendable {
+struct OAuthUsageWindow: Decodable {
     let utilization: Double?
     let resetsAt: String?
 
@@ -138,7 +234,7 @@ struct OAuthUsageWindow: Decodable, Sendable {
     }
 }
 
-struct OAuthExtraUsage: Decodable, Sendable {
+struct OAuthExtraUsage: Decodable {
     let isEnabled: Bool?
     let monthlyLimit: Double?
     let usedCredits: Double?
@@ -163,5 +259,9 @@ extension ClaudeOAuthUsageFetcher {
     static func _userAgentForTesting(versionString: String?) -> String {
         self.claudeCodeUserAgent(versionString: versionString)
     }
+
+    static func _retryAfterDateForTesting(from response: HTTPURLResponse, now: Date) -> Date? {
+        self.retryAfterDate(from: response, now: now)
+    }
 }
 #endif
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthUsageRateLimitGate.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthUsageRateLimitGate.swift
new file mode 100644
index 000000000..01ee9ec8f
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthUsageRateLimitGate.swift
@@ -0,0 +1,46 @@
+import Foundation
+
+enum ClaudeOAuthUsageRateLimitGate {
+    private static let blockedUntilKey = "claudeOAuthUsageRateLimitBlockedUntilV1"
+    private static let defaultCooldown: TimeInterval = 60 * 5
+
+    static func blockedUntil(
+        interaction: ProviderInteraction = ProviderInteractionContext.current,
+        now: Date = Date()) -> Date?
+    {
+        guard interaction != .userInitiated else { return nil }
+        return self.currentBlockedUntil(now: now)
+    }
+
+    static func currentBlockedUntil(now: Date = Date()) -> Date? {
+        guard let raw = UserDefaults.standard.object(forKey: self.blockedUntilKey) as? Double else {
+            return nil
+        }
+
+        let blockedUntil = Date(timeIntervalSince1970: raw)
+        guard blockedUntil > now else {
+            UserDefaults.standard.removeObject(forKey: self.blockedUntilKey)
+            return nil
+        }
+        return blockedUntil
+    }
+
+    static func recordRateLimit(retryAfter: Date?, now: Date = Date()) {
+        let blockedUntil = if let retryAfter, retryAfter > now {
+            retryAfter
+        } else {
+            now.addingTimeInterval(self.defaultCooldown)
+        }
+        UserDefaults.standard.set(blockedUntil.timeIntervalSince1970, forKey: self.blockedUntilKey)
+    }
+
+    static func recordSuccess() {
+        UserDefaults.standard.removeObject(forKey: self.blockedUntilKey)
+    }
+
+    #if DEBUG
+    static func resetForTesting() {
+        UserDefaults.standard.removeObject(forKey: self.blockedUntilKey)
+    }
+    #endif
+}
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudePlan.swift b/Sources/CodexBarCore/Providers/Claude/ClaudePlan.swift
new file mode 100644
index 000000000..73c567106
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudePlan.swift
@@ -0,0 +1,154 @@
+import Foundation
+
+public enum ClaudePlan: String, CaseIterable, Sendable {
+    case max
+    case pro
+    case team
+    case enterprise
+    case ultra
+
+    public var brandedLoginMethod: String {
+        switch self {
+        case .max:
+            "Claude Max"
+        case .pro:
+            "Claude Pro"
+        case .team:
+            "Claude Team"
+        case .enterprise:
+            "Claude Enterprise"
+        case .ultra:
+            "Claude Ultra"
+        }
+    }
+
+    public var compactLoginMethod: String {
+        switch self {
+        case .max:
+            "Max"
+        case .pro:
+            "Pro"
+        case .team:
+            "Team"
+        case .enterprise:
+            "Enterprise"
+        case .ultra:
+            "Ultra"
+        }
+    }
+
+    public var countsAsSubscription: Bool {
+        switch self {
+        case .max, .pro, .team, .ultra:
+            true
+        case .enterprise:
+            false
+        }
+    }
+
+    public static func fromOAuthRateLimitTier(_ rateLimitTier: String?) -> Self? {
+        self.fromRateLimitTier(rateLimitTier)
+    }
+
+    public static func fromOAuthCredentials(subscriptionType: String?, rateLimitTier: String?) -> Self? {
+        self.fromCompatibilityLoginMethod(subscriptionType)
+            ?? self.fromOAuthRateLimitTier(rateLimitTier)
+    }
+
+    public static func fromWebAccount(rateLimitTier: String?, billingType: String?) -> Self? {
+        if let plan = self.fromRateLimitTier(rateLimitTier) {
+            return plan
+        }
+
+        let tier = Self.normalized(rateLimitTier)
+        let billing = Self.normalized(billingType)
+        if billing.contains("stripe"), tier.contains("claude") {
+            return .pro
+        }
+        return nil
+    }
+
+    public static func fromCompatibilityLoginMethod(_ loginMethod: String?) -> Self? {
+        let words = Self.normalizedWords(loginMethod)
+        if words.isEmpty {
+            return nil
+        }
+        if words.contains("max") {
+            return .max
+        }
+        if words.contains("pro") {
+            return .pro
+        }
+        if words.contains("team") {
+            return .team
+        }
+        if words.contains("enterprise") {
+            return .enterprise
+        }
+        if words.contains("ultra") {
+            return .ultra
+        }
+        return nil
+    }
+
+    public static func oauthLoginMethod(rateLimitTier: String?) -> String? {
+        self.fromOAuthRateLimitTier(rateLimitTier)?.brandedLoginMethod
+    }
+
+    public static func oauthLoginMethod(subscriptionType: String?, rateLimitTier: String?) -> String? {
+        self.fromOAuthCredentials(
+            subscriptionType: subscriptionType,
+            rateLimitTier: rateLimitTier)?.brandedLoginMethod
+    }
+
+    public static func webLoginMethod(rateLimitTier: String?, billingType: String?) -> String? {
+        self.fromWebAccount(rateLimitTier: rateLimitTier, billingType: billingType)?.brandedLoginMethod
+    }
+
+    public static func cliCompatibilityLoginMethod(_ loginMethod: String?) -> String? {
+        guard let loginMethod = loginMethod?.trimmingCharacters(in: .whitespacesAndNewlines),
+              !loginMethod.isEmpty
+        else {
+            return nil
+        }
+
+        if let plan = self.fromCompatibilityLoginMethod(loginMethod) {
+            return plan.compactLoginMethod
+        }
+
+        return loginMethod
+    }
+
+    public static func isSubscriptionLoginMethod(_ loginMethod: String?) -> Bool {
+        self.fromCompatibilityLoginMethod(loginMethod)?.countsAsSubscription ?? false
+    }
+
+    private static func fromRateLimitTier(_ rateLimitTier: String?) -> Self? {
+        let tier = Self.normalized(rateLimitTier)
+        if tier.contains("max") {
+            return .max
+        }
+        if tier.contains("pro") {
+            return .pro
+        }
+        if tier.contains("team") {
+            return .team
+        }
+        if tier.contains("enterprise") {
+            return .enterprise
+        }
+        return nil
+    }
+
+    private static func normalized(_ text: String?) -> String {
+        text?
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            .lowercased() ?? ""
+    }
+
+    private static func normalizedWords(_ text: String?) -> [String] {
+        self.normalized(text)
+            .split(whereSeparator: { !$0.isLetter && !$0.isNumber })
+            .map(String.init)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeProviderDescriptor.swift
index 667fbaff3..e316b7449 100644
--- a/Sources/CodexBarCore/Providers/Claude/ClaudeProviderDescriptor.swift
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeProviderDescriptor.swift
@@ -24,6 +24,7 @@ public enum ClaudeProviderDescriptor {
                 browserCookieOrder: ProviderBrowserCookieDefaults.defaultImportOrder,
                 dashboardURL: "https://console.anthropic.com/settings/billing",
                 subscriptionDashboardURL: "https://claude.ai/settings/usage",
+                changelogURL: "https://github.com/anthropics/claude-code/releases",
                 statusPageURL: "https://status.claude.com/"),
             branding: ProviderBranding(
                 iconStyle: .claude,
@@ -33,7 +34,7 @@ public enum ClaudeProviderDescriptor {
                 supportsTokenCost: true,
                 noDataMessage: self.noDataMessage),
             fetchPlan: ProviderFetchPlan(
-                sourceModes: [.auto, .web, .cli, .oauth],
+                sourceModes: [.auto, .api, .web, .cli, .oauth],
                 pipeline: ProviderFetchPipeline(resolveStrategies: self.resolveStrategies)),
             cli: ProviderCLIConfig(
                 name: "claude",
@@ -43,58 +44,65 @@ public enum ClaudeProviderDescriptor {
     }
 
     private static func resolveStrategies(context: ProviderFetchContext) async -> [any ProviderFetchStrategy] {
-        switch context.runtime {
-        case .cli:
-            switch context.sourceMode {
-            case .oauth:
-                return [ClaudeOAuthFetchStrategy()]
-            case .web:
-                return [ClaudeWebFetchStrategy(browserDetection: context.browserDetection)]
-            case .cli:
-                return [ClaudeCLIFetchStrategy(
-                    useWebExtras: false,
-                    manualCookieHeader: nil,
-                    browserDetection: context.browserDetection)]
+        if context.sourceMode == .api || self.hasAutoAdminAPIKey(context: context) {
+            return [ClaudeAdminAPIFetchStrategy()]
+        }
+        if ClaudeAdminAPIFetchStrategy.isSelectedAdminAPIAccount(context: context) {
+            return [ClaudeAdminAPIFetchStrategy()]
+        }
+
+        let planningInput = await Self.makePlanningInput(context: context)
+        let plan = ClaudeSourcePlanner.resolve(input: planningInput)
+        let manualCookieHeader = Self.manualCookieHeader(from: context)
+
+        return plan.orderedSteps.map { step in
+            let strategy: any ProviderFetchStrategy = switch step.dataSource {
             case .api:
-                return []
-            case .auto:
-                return [
-                    ClaudeOAuthFetchStrategy(),
-                    ClaudeWebFetchStrategy(browserDetection: context.browserDetection),
-                    ClaudeCLIFetchStrategy(
-                        useWebExtras: false,
-                        manualCookieHeader: nil,
-                        browserDetection: context.browserDetection),
-                ]
-            }
-        case .app:
-            let webExtrasEnabled = context.settings?.claude?.webExtrasEnabled ?? false
-            let manualCookieHeader = CookieHeaderNormalizer.normalize(context.settings?.claude?.manualCookieHeader)
-            switch context.sourceMode {
+                ClaudeAdminAPIFetchStrategy()
             case .oauth:
-                return [ClaudeOAuthFetchStrategy()]
+                ClaudeOAuthFetchStrategy()
             case .web:
-                return [ClaudeWebFetchStrategy(browserDetection: context.browserDetection)]
+                ClaudeWebFetchStrategy(browserDetection: context.browserDetection)
             case .cli:
-                return [ClaudeCLIFetchStrategy(
-                    useWebExtras: webExtrasEnabled,
+                ClaudeCLIFetchStrategy(
+                    useWebExtras: context.runtime == .app
+                        && planningInput.webExtrasEnabled,
                     manualCookieHeader: manualCookieHeader,
-                    browserDetection: context.browserDetection)]
-            case .api:
-                return []
+                    browserDetection: context.browserDetection)
             case .auto:
-                return [
-                    ClaudeOAuthFetchStrategy(),
-                    ClaudeCLIFetchStrategy(
-                        useWebExtras: webExtrasEnabled,
-                        manualCookieHeader: manualCookieHeader,
-                        browserDetection: context.browserDetection),
-                    ClaudeWebFetchStrategy(browserDetection: context.browserDetection),
-                ]
+                fatalError("Planner must not emit .auto as an executable step.")
             }
+            return ClaudePlannedFetchStrategy(base: strategy, plannedStep: step)
         }
     }
 
+    private static func hasAutoAdminAPIKey(context: ProviderFetchContext) -> Bool {
+        context.sourceMode == .auto && ClaudeAdminAPISettingsReader.apiKey(environment: context.env) != nil
+    }
+
+    private static func makePlanningInput(context: ProviderFetchContext) async -> ClaudeSourcePlanningInput {
+        let webExtrasEnabled = context.settings?.claude?.webExtrasEnabled ?? false
+        let needsOAuthAvailability = context.runtime == .app && context.sourceMode == .auto
+
+        return ClaudeSourcePlanningInput(
+            runtime: context.runtime,
+            selectedDataSource: Self.sourceDataSource(from: context.sourceMode),
+            webExtrasEnabled: webExtrasEnabled,
+            hasWebSession: ClaudeWebFetchStrategy.isAvailableForFallback(
+                context: context,
+                browserDetection: context.browserDetection),
+            hasCLI: ClaudeCLIResolver.isAvailable(environment: context.env),
+            hasOAuthCredentials: needsOAuthAvailability && ClaudeOAuthPlanningAvailability.isAvailable(
+                runtime: context.runtime,
+                sourceMode: context.sourceMode,
+                environment: context.env))
+    }
+
+    private static func manualCookieHeader(from context: ProviderFetchContext) -> String? {
+        guard context.settings?.claude?.cookieSource == .manual else { return nil }
+        return CookieHeaderNormalizer.normalize(context.settings?.claude?.manualCookieHeader)
+    }
+
     private static func noDataMessage() -> String {
         "No Claude usage logs found in ~/.config/claude/projects or ~/.claude/projects."
     }
@@ -106,21 +114,29 @@ public enum ClaudeProviderDescriptor {
         hasCLI: Bool,
         hasOAuthCredentials: Bool) -> ClaudeUsageStrategy
     {
-        if selectedDataSource == .auto {
-            if hasOAuthCredentials {
-                return ClaudeUsageStrategy(dataSource: .oauth, useWebExtras: false)
-            }
-            if hasCLI {
-                return ClaudeUsageStrategy(dataSource: .cli, useWebExtras: false)
-            }
-            if hasWebSession {
-                return ClaudeUsageStrategy(dataSource: .web, useWebExtras: false)
-            }
-            return ClaudeUsageStrategy(dataSource: .cli, useWebExtras: false)
-        }
+        let plan = ClaudeSourcePlanner.resolve(input: ClaudeSourcePlanningInput(
+            runtime: .app,
+            selectedDataSource: selectedDataSource,
+            webExtrasEnabled: webExtrasEnabled,
+            hasWebSession: hasWebSession,
+            hasCLI: hasCLI,
+            hasOAuthCredentials: hasOAuthCredentials))
+        return plan.compatibilityStrategy ?? ClaudeUsageStrategy(dataSource: selectedDataSource, useWebExtras: false)
+    }
 
-        let useWebExtras = selectedDataSource == .cli && webExtrasEnabled && hasWebSession
-        return ClaudeUsageStrategy(dataSource: selectedDataSource, useWebExtras: useWebExtras)
+    private static func sourceDataSource(from mode: ProviderSourceMode) -> ClaudeUsageDataSource {
+        switch mode {
+        case .auto:
+            .auto
+        case .api:
+            .api
+        case .web:
+            .web
+        case .cli:
+            .cli
+        case .oauth:
+            .oauth
+        }
     }
 }
 
@@ -129,6 +145,90 @@ public struct ClaudeUsageStrategy: Equatable, Sendable {
     public let useWebExtras: Bool
 }
 
+public enum ClaudeOAuthPlanningAvailability {
+    public static func isAvailable(
+        runtime: ProviderRuntime,
+        sourceMode: ProviderSourceMode,
+        environment: [String: String]) -> Bool
+    {
+        ClaudeOAuthFetchStrategy.isPlausiblyAvailable(
+            runtime: runtime,
+            sourceMode: sourceMode,
+            environment: environment)
+    }
+}
+
+private struct ClaudePlannedFetchStrategy: ProviderFetchStrategy {
+    let base: any ProviderFetchStrategy
+    let plannedStep: ClaudeFetchPlanStep
+
+    var id: String {
+        self.base.id
+    }
+
+    var kind: ProviderFetchKind {
+        self.base.kind
+    }
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        if context.sourceMode == .auto {
+            return self.plannedStep.isPlausiblyAvailable
+        }
+        return await self.base.isAvailable(context)
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        try await self.base.fetch(context)
+    }
+
+    func shouldFallback(on error: Error, context: ProviderFetchContext) -> Bool {
+        self.base.shouldFallback(on: error, context: context)
+    }
+}
+
+struct ClaudeAdminAPIFetchStrategy: ProviderFetchStrategy {
+    let id: String = "claude.admin-api"
+    let kind: ProviderFetchKind = .apiToken
+    let usageFetcher: @Sendable (String) async throws -> ClaudeAdminAPIUsageSnapshot
+
+    init(
+        usageFetcher: @escaping @Sendable (String) async throws -> ClaudeAdminAPIUsageSnapshot = { apiKey in
+            try await ClaudeAdminAPIUsageFetcher.fetchUsage(apiKey: apiKey)
+        })
+    {
+        self.usageFetcher = usageFetcher
+    }
+
+    static func isSelectedAdminAPIAccount(context: ProviderFetchContext) -> Bool {
+        guard context.selectedTokenAccountID != nil else { return false }
+        return self.resolveToken(environment: context.env) != nil
+    }
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        Self.resolveToken(environment: context.env) != nil
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard let apiKey = Self.resolveToken(environment: context.env) else {
+            throw ClaudeAdminAPISettingsError.missingToken
+        }
+        let usage = try await self.usageFetcher(apiKey)
+        return self.makeResult(
+            usage: usage.toUsageSnapshot(),
+            sourceLabel: "admin-api")
+    }
+
+    func shouldFallback(on _: Error, context: ProviderFetchContext) -> Bool {
+        context.runtime == .app &&
+            context.sourceMode == .auto &&
+            !Self.isSelectedAdminAPIAccount(context: context)
+    }
+
+    private static func resolveToken(environment: [String: String]) -> String? {
+        ProviderTokenResolver.claudeAdminAPIToken(environment: environment)
+    }
+}
+
 struct ClaudeOAuthFetchStrategy: ProviderFetchStrategy {
     let id: String = "claude.oauth"
     let kind: ProviderFetchKind = .oauth
@@ -138,82 +238,79 @@ struct ClaudeOAuthFetchStrategy: ProviderFetchStrategy {
     @TaskLocal static var claudeCLIAvailableOverride: Bool?
     #endif
 
-    private func loadNonInteractiveCredentialRecord(_ context: ProviderFetchContext) -> ClaudeOAuthCredentialRecord? {
+    private func loadNonInteractiveCredentialRecord(environment: [String: String]) -> ClaudeOAuthCredentialRecord? {
         #if DEBUG
         if let override = Self.nonInteractiveCredentialRecordOverride { return override }
         #endif
 
         return try? ClaudeOAuthCredentialsStore.loadRecord(
-            environment: context.env,
+            environment: environment,
             allowKeychainPrompt: false,
             respectKeychainPromptCooldown: true,
             allowClaudeKeychainRepairWithoutPrompt: false)
     }
 
-    private func isClaudeCLIAvailable() -> Bool {
+    private func isClaudeCLIAvailable(environment: [String: String]) -> Bool {
         #if DEBUG
         if let override = Self.claudeCLIAvailableOverride { return override }
         #endif
-        return ClaudeOAuthDelegatedRefreshCoordinator.isClaudeCLIAvailable()
+        return ClaudeCLIResolver.isAvailable(environment: environment)
     }
 
-    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
-        let nonInteractiveRecord = self.loadNonInteractiveCredentialRecord(context)
+    static func isPlausiblyAvailable(
+        runtime: ProviderRuntime,
+        sourceMode: ProviderSourceMode,
+        environment: [String: String]) -> Bool
+    {
+        let hasEnvironmentOAuthToken = !(environment[ClaudeOAuthCredentialsStore.environmentTokenKey]?
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            .isEmpty ?? true)
+        if hasEnvironmentOAuthToken {
+            return true
+        }
+
+        let strategy = ClaudeOAuthFetchStrategy()
+        let nonInteractiveRecord = strategy.loadNonInteractiveCredentialRecord(environment: environment)
         let nonInteractiveCredentials = nonInteractiveRecord?.credentials
         let hasRequiredScopeWithoutPrompt = nonInteractiveCredentials?.scopes.contains("user:profile") == true
         if hasRequiredScopeWithoutPrompt, nonInteractiveCredentials?.isExpired == false {
-            // Gate controls refresh attempts, not use of already-valid access tokens.
             return true
         }
 
-        let hasEnvironmentOAuthToken = !(context.env[ClaudeOAuthCredentialsStore.environmentTokenKey]?
-            .trimmingCharacters(in: .whitespacesAndNewlines)
-            .isEmpty ?? true)
-        let claudeCLIAvailable = self.isClaudeCLIAvailable()
-
-        if hasEnvironmentOAuthToken {
-            return true
-        }
+        let claudeCLIAvailable = strategy.isClaudeCLIAvailable(environment: environment)
 
         if let nonInteractiveRecord, hasRequiredScopeWithoutPrompt, nonInteractiveRecord.credentials.isExpired {
             switch nonInteractiveRecord.owner {
             case .codexbar:
                 let refreshToken = nonInteractiveRecord.credentials.refreshToken?
                     .trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
-                if context.sourceMode == .auto {
+                if sourceMode == .auto {
                     return !refreshToken.isEmpty
                 }
                 return true
             case .claudeCLI:
-                if context.sourceMode == .auto {
+                if sourceMode == .auto {
                     return claudeCLIAvailable
                 }
                 return true
             case .environment:
-                return context.sourceMode != .auto
+                return sourceMode != .auto
             }
         }
 
-        guard context.sourceMode == .auto else { return true }
+        guard sourceMode == .auto else { return true }
 
-        // Prefer OAuth in Auto mode only when it’s plausibly usable:
-        // - we can load credentials without prompting (env / CodexBar cache / credentials file) AND they meet the
-        //   scope requirement, or
-        // - Claude Code has stored OAuth creds in Keychain and we may be able to bootstrap (one prompt max).
-        //
-        // User actions should be able to recover immediately even if a prior background attempt tripped the
-        // keychain cooldown gate. Clear the cooldown before deciding availability so the fetch path can proceed.
+        let fallbackPromptMode = ClaudeOAuthKeychainPromptPreference.securityFrameworkFallbackMode()
         let promptPolicyApplicable = ClaudeOAuthKeychainPromptPreference.isApplicable()
-        if promptPolicyApplicable, ProviderInteractionContext.current == .userInitiated {
+        if ProviderInteractionContext.current == .userInitiated {
             _ = ClaudeOAuthKeychainAccessGate.clearDenied()
         }
 
-        let shouldAllowStartupBootstrap = promptPolicyApplicable &&
-            context.runtime == .app &&
+        let shouldAllowStartupBootstrap = runtime == .app &&
             ProviderRefreshContext.current == .startup &&
             ProviderInteractionContext.current == .background &&
-            ClaudeOAuthKeychainPromptPreference.current() == .onlyOnUserAction &&
-            !ClaudeOAuthCredentialsStore.hasCachedCredentials(environment: context.env)
+            fallbackPromptMode == .onlyOnUserAction &&
+            !ClaudeOAuthCredentialsStore.hasCachedCredentials(environment: environment)
         if shouldAllowStartupBootstrap {
             return ClaudeOAuthKeychainAccessGate.shouldAllowPrompt()
         }
@@ -226,6 +323,13 @@ struct ClaudeOAuthFetchStrategy: ProviderFetchStrategy {
         return ClaudeOAuthCredentialsStore.hasClaudeKeychainCredentialsWithoutPrompt()
     }
 
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        Self.isPlausiblyAvailable(
+            runtime: context.runtime,
+            sourceMode: context.sourceMode,
+            environment: context.env)
+    }
+
     func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
         let fetcher = ClaudeUsageFetcher(
             browserDetection: context.browserDetection,
@@ -254,14 +358,20 @@ struct ClaudeOAuthFetchStrategy: ProviderFetchStrategy {
             accountEmail: usage.accountEmail,
             accountOrganization: usage.accountOrganization,
             loginMethod: usage.loginMethod)
+        let primary = usage.primaryWindowKind == .spendLimit ? nil : usage.primary
         return UsageSnapshot(
-            primary: usage.primary,
+            primary: primary,
             secondary: usage.secondary,
             tertiary: usage.opus,
+            extraRateWindows: usage.extraRateWindows.isEmpty ? nil : usage.extraRateWindows,
             providerCost: usage.providerCost,
             updatedAt: usage.updatedAt,
             identity: identity)
     }
+
+    static func _snapshotForTesting(from usage: ClaudeUsageSnapshot) -> UsageSnapshot {
+        self.snapshot(from: usage)
+    }
 }
 
 struct ClaudeWebFetchStrategy: ProviderFetchStrategy {
@@ -278,7 +388,8 @@ struct ClaudeWebFetchStrategy: ProviderFetchStrategy {
             browserDetection: browserDetection,
             dataSource: .web,
             useWebExtras: false,
-            manualCookieHeader: Self.manualCookieHeader(from: context))
+            manualCookieHeader: Self.manualCookieHeader(from: context),
+            webOrganizationID: context.settings?.claude?.organizationID)
         let usage = try await fetcher.loadLatestUsage(model: "sonnet")
         return self.makeResult(
             usage: ClaudeOAuthFetchStrategy.snapshot(from: usage),
@@ -325,9 +436,11 @@ struct ClaudeCLIFetchStrategy: ProviderFetchStrategy {
         let keepAlive = context.settings?.debugKeepCLISessionsAlive ?? false
         let fetcher = ClaudeUsageFetcher(
             browserDetection: browserDetection,
+            environment: context.env,
             dataSource: .cli,
             useWebExtras: self.useWebExtras,
             manualCookieHeader: self.manualCookieHeader,
+            webOrganizationID: context.settings?.claude?.organizationID,
             keepCLISessionsAlive: keepAlive)
         let usage = try await fetcher.loadLatestUsage(model: "sonnet")
         return self.makeResult(
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeSourcePlanner.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeSourcePlanner.swift
new file mode 100644
index 000000000..24ae2c0c1
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeSourcePlanner.swift
@@ -0,0 +1,224 @@
+import Foundation
+
+public struct ClaudeSourcePlanningInput: Equatable, Sendable {
+    public let runtime: ProviderRuntime
+    public let selectedDataSource: ClaudeUsageDataSource
+    public let webExtrasEnabled: Bool
+    public let hasWebSession: Bool
+    public let hasCLI: Bool
+    public let hasOAuthCredentials: Bool
+
+    public init(
+        runtime: ProviderRuntime,
+        selectedDataSource: ClaudeUsageDataSource,
+        webExtrasEnabled: Bool,
+        hasWebSession: Bool,
+        hasCLI: Bool,
+        hasOAuthCredentials: Bool)
+    {
+        self.runtime = runtime
+        self.selectedDataSource = selectedDataSource
+        self.webExtrasEnabled = webExtrasEnabled
+        self.hasWebSession = hasWebSession
+        self.hasCLI = hasCLI
+        self.hasOAuthCredentials = hasOAuthCredentials
+    }
+}
+
+public enum ClaudeSourcePlanReason: String, Equatable, Sendable {
+    case explicitSourceSelection = "explicit-source-selection"
+    case appAutoPreferredOAuth = "app-auto-preferred-oauth"
+    case appAutoFallbackCLI = "app-auto-fallback-cli"
+    case appAutoFallbackWeb = "app-auto-fallback-web"
+    case cliAutoPreferredWeb = "cli-auto-preferred-web"
+    case cliAutoFallbackCLI = "cli-auto-fallback-cli"
+}
+
+public struct ClaudeFetchPlanStep: Equatable, Sendable {
+    public let dataSource: ClaudeUsageDataSource
+    public let inclusionReason: ClaudeSourcePlanReason
+    public let isPlausiblyAvailable: Bool
+
+    public init(
+        dataSource: ClaudeUsageDataSource,
+        inclusionReason: ClaudeSourcePlanReason,
+        isPlausiblyAvailable: Bool)
+    {
+        self.dataSource = dataSource
+        self.inclusionReason = inclusionReason
+        self.isPlausiblyAvailable = isPlausiblyAvailable
+    }
+}
+
+public struct ClaudeFetchPlan: Equatable, Sendable {
+    public let input: ClaudeSourcePlanningInput
+    public let orderedSteps: [ClaudeFetchPlanStep]
+
+    public init(input: ClaudeSourcePlanningInput, orderedSteps: [ClaudeFetchPlanStep]) {
+        self.input = input
+        self.orderedSteps = orderedSteps
+    }
+
+    public var availableSteps: [ClaudeFetchPlanStep] {
+        self.orderedSteps.filter(\.isPlausiblyAvailable)
+    }
+
+    public var isNoSourceAvailable: Bool {
+        self.availableSteps.isEmpty
+    }
+
+    public var preferredStep: ClaudeFetchPlanStep? {
+        switch self.input.selectedDataSource {
+        case .auto:
+            self.availableSteps.first
+        case .api, .oauth, .web, .cli:
+            self.orderedSteps.first
+        }
+    }
+
+    public var executionSteps: [ClaudeFetchPlanStep] {
+        switch self.input.selectedDataSource {
+        case .auto:
+            self.availableSteps
+        case .api, .oauth, .web, .cli:
+            self.orderedSteps
+        }
+    }
+
+    public var compatibilityStrategy: ClaudeUsageStrategy? {
+        guard let preferredStep else { return nil }
+        let useWebExtras = self.input.runtime == .app
+            && preferredStep.dataSource == .cli
+            && self.input.webExtrasEnabled
+        return ClaudeUsageStrategy(
+            dataSource: preferredStep.dataSource,
+            useWebExtras: useWebExtras)
+    }
+
+    public var orderLabel: String {
+        self.orderedSteps.map(\.dataSource.sourceLabel).joined(separator: "→")
+    }
+
+    public func debugLines() -> [String] {
+        var lines = ["planner_order=\(self.orderLabel)"]
+        lines.append("planner_selected=\(self.preferredStep?.dataSource.rawValue ?? "none")")
+        lines.append("planner_no_source=\(self.isNoSourceAvailable)")
+        for step in self.orderedSteps {
+            let availability = step.isPlausiblyAvailable ? "available" : "unavailable"
+            lines.append(
+                "planner_step.\(step.dataSource.rawValue)=\(availability) reason=\(step.inclusionReason.rawValue)")
+        }
+        return lines
+    }
+}
+
+public enum ClaudeCLIResolver {
+    #if DEBUG
+    @TaskLocal static var resolvedBinaryPathOverrideForTesting: String?
+
+    public static var currentResolvedBinaryPathOverrideForTesting: String? {
+        self.resolvedBinaryPathOverrideForTesting
+    }
+
+    public static func withResolvedBinaryPathOverrideForTesting<T>(
+        _ path: String?,
+        operation: () async throws -> T) async rethrows -> T
+    {
+        try await self.$resolvedBinaryPathOverrideForTesting.withValue(path) {
+            try await operation()
+        }
+    }
+    #endif
+
+    public static func resolvedBinaryPath(
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        loginPATH: [String]? = LoginShellPathCache.shared.current)
+        -> String?
+    {
+        #if DEBUG
+        if let override = self.resolvedBinaryPathOverrideForTesting {
+            return FileManager.default.isExecutableFile(atPath: override) ? override : nil
+        }
+        #endif
+
+        var normalizedEnvironment = environment
+        if let override = environment["CLAUDE_CLI_PATH"]?.trimmingCharacters(in: .whitespacesAndNewlines) {
+            if override.isEmpty {
+                normalizedEnvironment.removeValue(forKey: "CLAUDE_CLI_PATH")
+            } else {
+                normalizedEnvironment["CLAUDE_CLI_PATH"] = override
+                if FileManager.default.isExecutableFile(atPath: override) {
+                    return override
+                }
+            }
+        }
+
+        return BinaryLocator.resolveClaudeBinary(
+            env: normalizedEnvironment,
+            loginPATH: loginPATH)
+    }
+
+    public static func isAvailable(environment: [String: String] = ProcessInfo.processInfo.environment) -> Bool {
+        self.resolvedBinaryPath(environment: environment) != nil
+    }
+}
+
+public enum ClaudeSourcePlanner {
+    public static func resolve(input: ClaudeSourcePlanningInput) -> ClaudeFetchPlan {
+        ClaudeFetchPlan(input: input, orderedSteps: self.makeSteps(input: input))
+    }
+
+    private static func makeSteps(input: ClaudeSourcePlanningInput) -> [ClaudeFetchPlanStep] {
+        switch input.selectedDataSource {
+        case .auto:
+            switch input.runtime {
+            case .app:
+                [
+                    self.step(.oauth, reason: .appAutoPreferredOAuth, input: input),
+                    self.step(.cli, reason: .appAutoFallbackCLI, input: input),
+                    self.step(.web, reason: .appAutoFallbackWeb, input: input),
+                ]
+            case .cli:
+                [
+                    self.step(.web, reason: .cliAutoPreferredWeb, input: input),
+                    self.step(.cli, reason: .cliAutoFallbackCLI, input: input),
+                ]
+            }
+        case .api:
+            [self.step(.api, reason: .explicitSourceSelection, input: input)]
+        case .oauth:
+            [self.step(.oauth, reason: .explicitSourceSelection, input: input)]
+        case .web:
+            [self.step(.web, reason: .explicitSourceSelection, input: input)]
+        case .cli:
+            [self.step(.cli, reason: .explicitSourceSelection, input: input)]
+        }
+    }
+
+    private static func step(
+        _ dataSource: ClaudeUsageDataSource,
+        reason: ClaudeSourcePlanReason,
+        input: ClaudeSourcePlanningInput) -> ClaudeFetchPlanStep
+    {
+        ClaudeFetchPlanStep(
+            dataSource: dataSource,
+            inclusionReason: reason,
+            isPlausiblyAvailable: self.isPlausiblyAvailable(dataSource, input: input))
+    }
+
+    private static func isPlausiblyAvailable(
+        _ dataSource: ClaudeUsageDataSource,
+        input: ClaudeSourcePlanningInput) -> Bool
+    {
+        switch dataSource {
+        case .auto, .api:
+            false
+        case .oauth:
+            input.hasOAuthCredentials
+        case .web:
+            input.hasWebSession
+        case .cli:
+            input.hasCLI
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeStatusProbe.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeStatusProbe.swift
index f5e768624..333ec400c 100644
--- a/Sources/CodexBarCore/Providers/Claude/ClaudeStatusProbe.swift
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeStatusProbe.swift
@@ -48,6 +48,10 @@ public struct ClaudeStatusProbe: Sendable {
     public var timeout: TimeInterval = 20.0
     public var keepCLISessionsAlive: Bool = false
     private static let log = CodexBarLog.logger(LogCategories.claudeProbe)
+    #if DEBUG
+    public typealias FetchOverride = @Sendable (String, TimeInterval, Bool) async throws -> ClaudeStatusSnapshot
+    @TaskLocal static var fetchOverride: FetchOverride?
+    #endif
 
     public init(claudeBinary: String = "claude", timeout: TimeInterval = 20.0, keepCLISessionsAlive: Bool = false) {
         self.claudeBinary = claudeBinary
@@ -55,15 +59,44 @@ public struct ClaudeStatusProbe: Sendable {
         self.keepCLISessionsAlive = keepCLISessionsAlive
     }
 
+    #if DEBUG
+    public static var currentFetchOverrideForTesting: FetchOverride? {
+        self.fetchOverride
+    }
+
+    public static func withFetchOverrideForTesting<T>(
+        _ override: FetchOverride?,
+        operation: () async throws -> T) async rethrows -> T
+    {
+        try await self.$fetchOverride.withValue(override) {
+            try await operation()
+        }
+    }
+
+    public static func withFetchOverrideForTesting<T>(
+        _ override: FetchOverride?,
+        operation: () async -> T) async -> T
+    {
+        await self.$fetchOverride.withValue(override) {
+            await operation()
+        }
+    }
+    #endif
+
     public func fetch() async throws -> ClaudeStatusSnapshot {
         let resolved = Self.resolvedBinaryPath(binaryName: self.claudeBinary)
-        guard Self.isBinaryAvailable(resolved) else {
+        guard let resolved, Self.isBinaryAvailable(resolved) else {
             throw ClaudeStatusProbeError.claudeNotInstalled
         }
 
         // Run commands sequentially through a shared Claude session to avoid warm-up churn.
         let timeout = self.timeout
         let keepAlive = self.keepCLISessionsAlive
+        #if DEBUG
+        if let override = Self.fetchOverride {
+            return try await override(resolved, timeout, keepAlive)
+        }
+        #endif
         do {
             var usage = try await Self.capture(subcommand: "/usage", binary: resolved, timeout: timeout)
             if !Self.usageOutputLooksRelevant(usage) {
@@ -104,15 +137,11 @@ public struct ClaudeStatusProbe: Sendable {
             self.normalizedData = Data(normalized.utf8)
         }
 
-        func contains(_ needle: Data) -> Bool {
-            self.normalizedData.range(of: needle) != nil
+        func contains(_ needle: String) -> Bool {
+            self.normalizedData.range(of: Data(needle.utf8)) != nil
         }
     }
 
-    private static let weeklyLabelNeedle = Data("current week".utf8)
-    private static let opusLabelNeedle = Data("opus".utf8)
-    private static let sonnetLabelNeedle = Data("sonnet".utf8)
-
     public static func parse(text: String, statusText: String? = nil) throws -> ClaudeStatusSnapshot {
         let clean = TextParsing.stripANSICodes(text)
         let statusClean = statusText.map(TextParsing.stripANSICodes)
@@ -129,11 +158,21 @@ public struct ClaudeStatusProbe: Sendable {
             throw ClaudeStatusProbeError.parseFailed(usageError)
         }
 
+        let latestUsagePanel = self.trimToLatestUsagePanel(clean)
+        if self.isUsageStillLoading(text: latestUsagePanel ?? clean) {
+            Self.dumpIfNeeded(
+                enabled: shouldDump,
+                reason: "usage still loading",
+                usage: clean,
+                status: statusText)
+            throw ClaudeStatusProbeError.parseFailed("Claude CLI /usage is still loading usage data.")
+        }
+
         // Claude CLI renders /usage as a TUI. Our PTY capture includes earlier screen fragments (including a status
         // line
         // with a "0%" context meter) before the usage panel is drawn. To keep parsing stable, trim to the last
         // Settings/Usage panel when present.
-        let usagePanelText = self.trimToLatestUsagePanel(clean) ?? clean
+        let usagePanelText = latestUsagePanel ?? clean
         let labelContext = LabelSearchContext(text: usagePanelText)
 
         var sessionPct = self.extractPercent(labelSubstring: "Current session", context: labelContext)
@@ -151,9 +190,9 @@ public struct ClaudeStatusProbe: Sendable {
         // may omit the weekly panel entirely, and we should treat that as "unavailable" rather than guessing.
         let compactContext = usagePanelText.lowercased().filter { !$0.isWhitespace }
         let hasWeeklyLabel =
-            labelContext.contains(Self.weeklyLabelNeedle)
+            labelContext.contains("currentweek")
             || compactContext.contains("currentweek")
-        let hasOpusLabel = labelContext.contains(Self.opusLabelNeedle) || labelContext.contains(Self.sonnetLabelNeedle)
+        let hasOpusLabel = labelContext.contains("opus") || labelContext.contains("sonnet")
 
         if sessionPct == nil || (hasWeeklyLabel && weeklyPct == nil) || (hasOpusLabel && opusPct == nil) {
             let ordered = self.allPercents(usagePanelText)
@@ -212,18 +251,24 @@ public struct ClaudeStatusProbe: Sendable {
         return self.extractIdentity(usageText: usageClean, statusText: statusClean)
     }
 
-    public static func fetchIdentity(timeout: TimeInterval = 12.0) async throws -> ClaudeAccountIdentity {
-        let resolved = self.resolvedBinaryPath(binaryName: "claude")
-        guard self.isBinaryAvailable(resolved) else {
+    public static func fetchIdentity(
+        timeout: TimeInterval = 12.0,
+        environment: [String: String] = ProcessInfo.processInfo.environment) async throws -> ClaudeAccountIdentity
+    {
+        let resolved = self.resolvedBinaryPath(binaryName: "claude", environment: environment)
+        guard let resolved, self.isBinaryAvailable(resolved) else {
             throw ClaudeStatusProbeError.claudeNotInstalled
         }
         let statusText = try await Self.capture(subcommand: "/status", binary: resolved, timeout: timeout)
         return Self.parseIdentity(usageText: nil, statusText: statusText)
     }
 
-    public static func touchOAuthAuthPath(timeout: TimeInterval = 8) async throws {
-        let resolved = self.resolvedBinaryPath(binaryName: "claude")
-        guard self.isBinaryAvailable(resolved) else {
+    public static func touchOAuthAuthPath(
+        timeout: TimeInterval = 8,
+        environment: [String: String] = ProcessInfo.processInfo.environment) async throws
+    {
+        let resolved = self.resolvedBinaryPath(binaryName: "claude", environment: environment)
+        guard let resolved, self.isBinaryAvailable(resolved) else {
             throw ClaudeStatusProbeError.claudeNotInstalled
         }
         do {
@@ -245,8 +290,10 @@ public struct ClaudeStatusProbe: Sendable {
         }
     }
 
-    public static func isClaudeBinaryAvailable() -> Bool {
-        let resolved = self.resolvedBinaryPath(binaryName: "claude")
+    public static func isClaudeBinaryAvailable(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> Bool
+    {
+        let resolved = self.resolvedBinaryPath(binaryName: "claude", environment: environment)
         return self.isBinaryAvailable(resolved)
     }
 
@@ -270,6 +317,7 @@ public struct ClaudeStatusProbe: Sendable {
             || normalized.contains("currentweek")
             || normalized.contains("loadingusage")
             || normalized.contains("failedtoloadusagedata")
+            || self.usageCaptureHasSubscriptionNotice(normalized)
     }
 
     private static func extractPercent(labelSubstrings: [String], context: LabelSearchContext) -> Int? {
@@ -406,6 +454,9 @@ public struct ClaudeStatusProbe: Sendable {
         {
             return "Claude CLI usage endpoint is rate limited right now. Please try again later."
         }
+        if self.isSubscriptionNoticeOnly(text: text) {
+            return "Claude CLI /usage returned a subscription notice without session quota data."
+        }
         if lower.contains("failed to load usage data") {
             return "Claude CLI could not load usage data. Open the CLI and retry `/usage`."
         }
@@ -415,6 +466,30 @@ public struct ClaudeStatusProbe: Sendable {
         return nil
     }
 
+    private static func isUsageStillLoading(text: String) -> Bool {
+        let normalized = TextParsing.stripANSICodes(text).lowercased().filter { !$0.isWhitespace }
+        guard normalized.contains("loadingusage") else { return false }
+        return !self.usageCaptureHasSessionValue(normalized) && self.allPercents(text).isEmpty
+    }
+
+    /// Returns true when the text contains only a subscription notice with no session/weekly quota data.
+    /// CLI 2.1+ can return "You are currently using your subscription to power your Claude Code usage"
+    /// which lacks the "Current session" / "Current week" labels and percentage values needed for quota display.
+    /// A PTY capture may contain both an intermediate "Loading usage data…" panel and the final subscription
+    /// notice; `loadingusage` is not treated as quota data in this check so mixed captures surface correctly.
+    private static func isSubscriptionNoticeOnly(text: String) -> Bool {
+        let normalized = text.lowercased().filter { !$0.isWhitespace }
+        guard normalized.contains("currentlyusingyoursubscription") else { return false }
+        guard normalized.contains("claudecodeusage") else { return false }
+        // Only real session/week labels and actual percentage values count as quota data.
+        // `loadingusage` is not quota data — a mixed loading+subscription PTY capture should
+        // surface the subscription error, not a still-loading stall.
+        let hasQuotaData = normalized.contains("currentsession") || normalized.contains("currentweek")
+            || normalized.contains("%used") || normalized.contains("%left") || normalized.contains("%remaining")
+            || normalized.contains("%available")
+        return !hasQuotaData
+    }
+
     /// Collect remaining percentages in the order they appear; used as a backup when labels move/rename.
     private static func allPercents(_ text: String) -> [Int] {
         let lines = text.components(separatedBy: .newlines)
@@ -459,7 +534,7 @@ public struct ClaudeStatusProbe: Sendable {
             for candidate in window {
                 let trimmed = candidate.trimmingCharacters(in: .whitespacesAndNewlines)
                 let normalized = self.normalizedForLabelSearch(trimmed)
-                if normalized.hasPrefix("current "), !normalized.contains(label) { break }
+                if normalized.hasPrefix("current"), !normalized.contains(label) { break }
                 if let reset = self.resetFromLine(candidate) { return reset }
             }
         }
@@ -480,9 +555,7 @@ public struct ClaudeStatusProbe: Sendable {
     }
 
     private static func normalizedForLabelSearch(_ text: String) -> String {
-        text.lowercased()
-            .split(whereSeparator: { $0.isWhitespace })
-            .joined(separator: " ")
+        String(text.lowercased().unicodeScalars.filter(CharacterSet.alphanumerics.contains))
     }
 
     /// Capture all "Resets ..." strings to surface in the menu.
@@ -579,6 +652,9 @@ public struct ClaudeStatusProbe: Sendable {
         guard var raw = text?.trimmingCharacters(in: .whitespacesAndNewlines), !raw.isEmpty else { return nil }
         raw = raw.replacingOccurrences(of: #"(?i)^resets?:?\s*"#, with: "", options: .regularExpression)
         raw = raw.replacingOccurrences(of: " at ", with: " ", options: .caseInsensitive)
+        raw = raw.replacingOccurrences(of: #"(?i)\b([A-Za-z]{3})(\d)"#, with: "$1 $2", options: .regularExpression)
+        raw = raw.replacingOccurrences(of: #",(\d)"#, with: ", $1", options: .regularExpression)
+        raw = raw.replacingOccurrences(of: #"(?i)(\d)at(?=\d)"#, with: "$1 ", options: .regularExpression)
         raw = raw.replacingOccurrences(
             of: #"(?<=\d)\.(\d{2})\b"#,
             with: ":$1",
@@ -610,7 +686,7 @@ public struct ClaudeStatusProbe: Sendable {
     private static func extractLoginMethod(text: String) -> String? {
         guard !text.isEmpty else { return nil }
         if let explicit = self.extractFirst(pattern: #"(?i)login\s+method:\s*(.+)"#, text: text) {
-            return self.cleanPlan(explicit)
+            return ClaudePlan.cliCompatibilityLoginMethod(self.cleanPlan(explicit))
         }
         // Capture any "Claude <...>" phrase (e.g., Max/Pro/Ultra/Team) to avoid future plan-name churn.
         // Strip any leading ANSI that may have survived (rare) before matching.
@@ -623,7 +699,7 @@ public struct ClaudeStatusProbe: Sendable {
                       match.numberOfRanges >= 2,
                       let r = Range(match.range(at: 1), in: text) else { return }
                 let raw = String(text[r])
-                let val = Self.cleanPlan(raw)
+                let val = ClaudePlan.cliCompatibilityLoginMethod(Self.cleanPlan(raw)) ?? Self.cleanPlan(raw)
                 candidates.append(val)
             }
         }
@@ -679,6 +755,14 @@ public struct ClaudeStatusProbe: Sendable {
         }
     }
 
+    #if DEBUG
+    public static func _replaceDumpsForTesting(_ dumps: [String]) async {
+        await MainActor.run {
+            self.recentDumps = dumps
+        }
+    }
+    #endif
+
     private static func extractUsageErrorJSON(text: String) -> String? {
         let pattern = #"Failed\s*to\s*load\s*usage\s*data:\s*(\{.*\})"#
         guard let regex = try? NSRegularExpression(pattern: pattern, options: [.dotMatchesLineSeparators]) else {
@@ -726,15 +810,19 @@ public struct ClaudeStatusProbe: Sendable {
 
     // MARK: - Process helpers
 
-    private static func resolvedBinaryPath(binaryName: String) -> String {
-        let env = ProcessInfo.processInfo.environment
-        return BinaryLocator.resolveClaudeBinary(env: env, loginPATH: LoginShellPathCache.shared.current)
-            ?? TTYCommandRunner.which(binaryName)
-            ?? binaryName
+    private static func resolvedBinaryPath(
+        binaryName: String,
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        if binaryName.contains("/") {
+            return binaryName
+        }
+        return ClaudeCLIResolver.resolvedBinaryPath(environment: environment)
     }
 
-    private static func isBinaryAvailable(_ binaryPathOrName: String) -> Bool {
-        FileManager.default.isExecutableFile(atPath: binaryPathOrName)
+    private static func isBinaryAvailable(_ binaryPathOrName: String?) -> Bool {
+        guard let binaryPathOrName else { return false }
+        return FileManager.default.isExecutableFile(atPath: binaryPathOrName)
             || TTYCommandRunner.which(binaryPathOrName) != nil
     }
 
@@ -752,15 +840,48 @@ public struct ClaudeStatusProbe: Sendable {
         }
     }
 
+    static func preparedProbeWorkingDirectoryURL() -> URL {
+        let directory = self.probeWorkingDirectoryURL()
+        do {
+            try self.prepareProbeWorkingDirectory(at: directory)
+        } catch {
+            Self.log.warning(
+                "Claude probe local settings unavailable",
+                metadata: ["error": error.localizedDescription])
+        }
+        return directory
+    }
+
+    static func prepareProbeWorkingDirectory(at directory: URL, fileManager fm: FileManager = .default) throws {
+        try fm.createDirectory(at: directory, withIntermediateDirectories: true)
+        let claudeDirectory = directory.appendingPathComponent(".claude", isDirectory: true)
+        try fm.createDirectory(at: claudeDirectory, withIntermediateDirectories: true)
+
+        let settingsURL = claudeDirectory.appendingPathComponent("settings.local.json")
+        var settings = (try? self.readSettingsObject(from: settingsURL, fileManager: fm)) ?? [:]
+        settings["disableDeepLinkRegistration"] = "disable"
+        let data = try JSONSerialization.data(
+            withJSONObject: settings,
+            options: [.prettyPrinted, .sortedKeys])
+        try data.write(to: settingsURL, options: .atomic)
+    }
+
+    private static func readSettingsObject(from url: URL, fileManager fm: FileManager) throws -> [String: Any] {
+        guard fm.fileExists(atPath: url.path) else {
+            return [:]
+        }
+        let data = try Data(contentsOf: url)
+        guard !data.isEmpty else {
+            return [:]
+        }
+        let object = try JSONSerialization.jsonObject(with: data)
+        return object as? [String: Any] ?? [:]
+    }
+
     /// Run claude CLI inside a PTY so we can respond to interactive permission prompts.
     private static func capture(subcommand: String, binary: String, timeout: TimeInterval) async throws -> String {
         let stopOnSubstrings = subcommand == "/usage"
             ? [
-                "Current week (all models)",
-                "Current week (Opus)",
-                "Current week (Sonnet only)",
-                "Current week (Sonnet)",
-                "Current session",
                 "Failed to load usage data",
                 "failed to load usage data",
                 "Failedto loadusagedata",
@@ -769,25 +890,44 @@ public struct ClaudeStatusProbe: Sendable {
             : []
         let idleTimeout: TimeInterval? = subcommand == "/usage" ? nil : 3.0
         let sendEnterEvery: TimeInterval? = subcommand == "/usage" ? 0.8 : nil
+        let stopWhenNormalized: (@Sendable (String) -> Bool)? = subcommand == "/usage"
+            ? { @Sendable normalizedScan in
+                Self.usageCaptureHasSessionValue(normalizedScan)
+                    || Self.usageCaptureHasSubscriptionNotice(normalizedScan)
+            }
+            : nil
         do {
-            return try await ClaudeCLISession.shared.capture(
+            return try await ClaudeCLISession.current.capture(
                 subcommand: subcommand,
                 binary: binary,
                 timeout: timeout,
                 idleTimeout: idleTimeout,
                 stopOnSubstrings: stopOnSubstrings,
+                stopWhenNormalized: stopWhenNormalized,
                 settleAfterStop: subcommand == "/usage" ? 2.0 : 0.25,
                 sendEnterEvery: sendEnterEvery)
         } catch ClaudeCLISession.SessionError.processExited {
-            await ClaudeCLISession.shared.reset()
+            await ClaudeCLISession.current.reset()
             throw ClaudeStatusProbeError.timedOut
         } catch ClaudeCLISession.SessionError.timedOut {
+            await ClaudeCLISession.current.reset()
             throw ClaudeStatusProbeError.timedOut
         } catch ClaudeCLISession.SessionError.launchFailed(_) {
             throw ClaudeStatusProbeError.claudeNotInstalled
         } catch {
-            await ClaudeCLISession.shared.reset()
+            await ClaudeCLISession.current.reset()
             throw error
         }
     }
+
+    private static func usageCaptureHasSessionValue(_ normalizedText: String) -> Bool {
+        guard let labelRange = normalizedText.range(of: "currentsession") else { return false }
+        let tail = normalizedText[labelRange.upperBound...]
+        return tail.range(of: #"[0-9]{1,3}(?:\.[0-9]+)?%"#, options: .regularExpression) != nil
+    }
+
+    private static func usageCaptureHasSubscriptionNotice(_ normalizedText: String) -> Bool {
+        normalizedText.contains("currentlyusingyoursubscription")
+            && normalizedText.contains("claudecodeusage")
+    }
 }
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeUsageDataSource.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeUsageDataSource.swift
index b97dce042..063de7ffa 100644
--- a/Sources/CodexBarCore/Providers/Claude/ClaudeUsageDataSource.swift
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeUsageDataSource.swift
@@ -2,6 +2,7 @@ import Foundation
 
 public enum ClaudeUsageDataSource: String, CaseIterable, Identifiable, Sendable {
     case auto
+    case api
     case oauth
     case web
     case cli
@@ -13,6 +14,7 @@ public enum ClaudeUsageDataSource: String, CaseIterable, Identifiable, Sendable
     public var displayName: String {
         switch self {
         case .auto: "Auto"
+        case .api: "API (Admin key)"
         case .oauth: "OAuth API"
         case .web: "Web API (cookies)"
         case .cli: "CLI (PTY)"
@@ -23,6 +25,8 @@ public enum ClaudeUsageDataSource: String, CaseIterable, Identifiable, Sendable
         switch self {
         case .auto:
             "auto"
+        case .api:
+            "api"
         case .oauth:
             "oauth"
         case .web:
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeUsageFetcher.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeUsageFetcher.swift
index 989db8e06..c7cceae96 100644
--- a/Sources/CodexBarCore/Providers/Claude/ClaudeUsageFetcher.swift
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeUsageFetcher.swift
@@ -7,9 +7,16 @@ public protocol ClaudeUsageFetching: Sendable {
 }
 
 public struct ClaudeUsageSnapshot: Sendable {
+    public enum PrimaryWindowKind: Equatable, Sendable {
+        case usage
+        case spendLimit
+    }
+
     public let primary: RateWindow
+    public let primaryWindowKind: PrimaryWindowKind
     public let secondary: RateWindow?
     public let opus: RateWindow?
+    public let extraRateWindows: [NamedRateWindow]
     public let providerCost: ProviderCostSnapshot?
     public let updatedAt: Date
     public let accountEmail: String?
@@ -19,8 +26,10 @@ public struct ClaudeUsageSnapshot: Sendable {
 
     public init(
         primary: RateWindow,
+        primaryWindowKind: PrimaryWindowKind = .usage,
         secondary: RateWindow?,
         opus: RateWindow?,
+        extraRateWindows: [NamedRateWindow] = [],
         providerCost: ProviderCostSnapshot? = nil,
         updatedAt: Date,
         accountEmail: String?,
@@ -29,8 +38,10 @@ public struct ClaudeUsageSnapshot: Sendable {
         rawText: String?)
     {
         self.primary = primary
+        self.primaryWindowKind = primaryWindowKind
         self.secondary = secondary
         self.opus = opus
+        self.extraRateWindows = extraRateWindows
         self.providerCost = providerCost
         self.updatedAt = updatedAt
         self.accountEmail = accountEmail
@@ -58,21 +69,76 @@ public enum ClaudeUsageError: LocalizedError, Sendable {
 }
 
 public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
-    private let environment: [String: String]
-    private let dataSource: ClaudeUsageDataSource
-    private let oauthKeychainPromptCooldownEnabled: Bool
-    private let allowBackgroundDelegatedRefresh: Bool
-    private let allowStartupBootstrapPrompt: Bool
-    private let useWebExtras: Bool
-    private let manualCookieHeader: String?
-    private let keepCLISessionsAlive: Bool
-    private let browserDetection: BrowserDetection
+    private static let sessionWindowMinutes = 5 * 60
+    private static let weeklyWindowMinutes = 7 * 24 * 60
+    private static let cliAutoProbeTimeout: TimeInterval = 12
+    private static let cliProbeTimeout: TimeInterval = 24
+    private static let cliRetryProbeTimeout: TimeInterval = 60
+    private struct Configuration {
+        let environment: [String: String]
+        let runtime: ProviderRuntime
+        let dataSource: ClaudeUsageDataSource
+        let oauthKeychainPromptCooldownEnabled: Bool
+        let allowBackgroundDelegatedRefresh: Bool
+        let allowStartupBootstrapPrompt: Bool
+        let useWebExtras: Bool
+        let manualCookieHeader: String?
+        let webOrganizationID: String?
+        let keepCLISessionsAlive: Bool
+        let browserDetection: BrowserDetection
+    }
+
+    private let configuration: Configuration
     private static let log = CodexBarLog.logger(LogCategories.claudeUsage)
     private static var isClaudeOAuthFlowDebugEnabled: Bool {
         ProcessInfo.processInfo.environment["CODEXBAR_DEBUG_CLAUDE_OAUTH_FLOW"] == "1"
     }
 
-    private struct ClaudeOAuthKeychainPromptPolicy: Sendable {
+    private var environment: [String: String] {
+        self.configuration.environment
+    }
+
+    private var runtime: ProviderRuntime {
+        self.configuration.runtime
+    }
+
+    private var dataSource: ClaudeUsageDataSource {
+        self.configuration.dataSource
+    }
+
+    private var oauthKeychainPromptCooldownEnabled: Bool {
+        self.configuration.oauthKeychainPromptCooldownEnabled
+    }
+
+    private var allowBackgroundDelegatedRefresh: Bool {
+        self.configuration.allowBackgroundDelegatedRefresh
+    }
+
+    private var allowStartupBootstrapPrompt: Bool {
+        self.configuration.allowStartupBootstrapPrompt
+    }
+
+    private var useWebExtras: Bool {
+        self.configuration.useWebExtras
+    }
+
+    private var manualCookieHeader: String? {
+        self.configuration.manualCookieHeader
+    }
+
+    private var webOrganizationID: String? {
+        self.configuration.webOrganizationID
+    }
+
+    private var keepCLISessionsAlive: Bool {
+        self.configuration.keepCLISessionsAlive
+    }
+
+    private var browserDetection: BrowserDetection {
+        self.configuration.browserDetection
+    }
+
+    private struct ClaudeOAuthKeychainPromptPolicy {
         let mode: ClaudeOAuthKeychainPromptMode
         let isApplicable: Bool
         let interaction: ProviderInteraction
@@ -99,15 +165,15 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
         }
     }
 
-    private static func currentClaudeOAuthKeychainPromptPolicy() -> ClaudeOAuthKeychainPromptPolicy {
-        let isApplicable = ClaudeOAuthKeychainPromptPreference.isApplicable()
+    private static func currentClaudeOAuthInteractivePromptPolicy() -> ClaudeOAuthKeychainPromptPolicy {
         let policy = ClaudeOAuthKeychainPromptPolicy(
-            mode: ClaudeOAuthKeychainPromptPreference.current(),
-            isApplicable: isApplicable,
+            mode: ClaudeOAuthKeychainPromptPreference.securityFrameworkFallbackMode(),
+            isApplicable: true,
             interaction: ProviderInteractionContext.current)
 
-        // User actions should be able to immediately retry a repair after a background cooldown was recorded.
-        if policy.isApplicable, policy.interaction == .userInitiated {
+        // User actions should be able to immediately retry a Security.framework fallback repair after a background
+        // cooldown was recorded, even when /usr/bin/security is the primary reader.
+        if policy.interaction == .userInitiated {
             if ClaudeOAuthKeychainAccessGate.clearDenied() {
                 Self.log.info("Claude OAuth keychain cooldown cleared by user action")
             }
@@ -115,6 +181,13 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
         return policy
     }
 
+    private static func currentClaudeOAuthDelegatedRefreshPolicy() -> ClaudeOAuthKeychainPromptPolicy {
+        ClaudeOAuthKeychainPromptPolicy(
+            mode: ClaudeOAuthKeychainPromptPreference.current(),
+            isApplicable: ClaudeOAuthKeychainPromptPreference.isApplicable(),
+            interaction: ProviderInteractionContext.current)
+    }
+
     private static func assertDelegatedRefreshAllowedInCurrentInteraction(
         policy: ClaudeOAuthKeychainPromptPolicy,
         allowBackgroundDelegatedRefresh: Bool) throws
@@ -141,7 +214,8 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
     @TaskLocal static var fetchOAuthUsageOverride: (@Sendable (String) async throws -> OAuthUsageResponse)?
     @TaskLocal static var delegatedRefreshAttemptOverride: (@Sendable (
         Date,
-        TimeInterval) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)?
+        TimeInterval,
+        [String: String]) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)?
     @TaskLocal static var hasCachedCredentialsOverride: Bool?
     #endif
 
@@ -153,25 +227,407 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
     public init(
         browserDetection: BrowserDetection,
         environment: [String: String] = ProcessInfo.processInfo.environment,
+        runtime: ProviderRuntime = .app,
         dataSource: ClaudeUsageDataSource = .oauth,
         oauthKeychainPromptCooldownEnabled: Bool = false,
         allowBackgroundDelegatedRefresh: Bool = false,
         allowStartupBootstrapPrompt: Bool = false,
         useWebExtras: Bool = false,
         manualCookieHeader: String? = nil,
+        webOrganizationID: String? = nil,
         keepCLISessionsAlive: Bool = false)
     {
-        self.browserDetection = browserDetection
-        self.environment = environment
-        self.dataSource = dataSource
-        self.oauthKeychainPromptCooldownEnabled = oauthKeychainPromptCooldownEnabled
-        self.allowBackgroundDelegatedRefresh = allowBackgroundDelegatedRefresh
-        self.allowStartupBootstrapPrompt = allowStartupBootstrapPrompt
-        self.useWebExtras = useWebExtras
-        self.manualCookieHeader = manualCookieHeader
-        self.keepCLISessionsAlive = keepCLISessionsAlive
+        self.configuration = Configuration(
+            environment: environment,
+            runtime: runtime,
+            dataSource: dataSource,
+            oauthKeychainPromptCooldownEnabled: oauthKeychainPromptCooldownEnabled,
+            allowBackgroundDelegatedRefresh: allowBackgroundDelegatedRefresh,
+            allowStartupBootstrapPrompt: allowStartupBootstrapPrompt,
+            useWebExtras: useWebExtras,
+            manualCookieHeader: manualCookieHeader,
+            webOrganizationID: webOrganizationID,
+            keepCLISessionsAlive: keepCLISessionsAlive,
+            browserDetection: browserDetection)
+    }
+
+    private struct OAuthExecutor {
+        let fetcher: ClaudeUsageFetcher
+
+        func load(allowDelegatedRetry: Bool) async throws -> ClaudeUsageSnapshot {
+            do {
+                let promptPolicy = ClaudeUsageFetcher.currentClaudeOAuthInteractivePromptPolicy()
+
+                #if DEBUG
+                let hasCache = if let hasCachedCredentialsOverride = ClaudeUsageFetcher.hasCachedCredentialsOverride {
+                    hasCachedCredentialsOverride
+                } else if ClaudeUsageFetcher.loadOAuthCredentialsOverride != nil {
+                    false
+                } else {
+                    ClaudeOAuthCredentialsStore.hasCachedCredentials(environment: self.fetcher.environment)
+                }
+                #else
+                let hasCache = ClaudeOAuthCredentialsStore.hasCachedCredentials(environment: self.fetcher.environment)
+                #endif
+
+                let startupBootstrapOverride = self.shouldAllowStartupBootstrapPrompt(
+                    policy: promptPolicy,
+                    hasCache: hasCache)
+                let allowKeychainPrompt = (promptPolicy.canPromptNow || startupBootstrapOverride) && !hasCache
+                ClaudeUsageFetcher.logOAuthBootstrapPromptDecision(
+                    allowKeychainPrompt: allowKeychainPrompt,
+                    policy: promptPolicy,
+                    hasCache: hasCache,
+                    startupBootstrapOverride: startupBootstrapOverride)
+
+                let credentials = try await ClaudeOAuthCredentialsStore.$allowBackgroundPromptBootstrap
+                    .withValue(startupBootstrapOverride) {
+                        try await ClaudeUsageFetcher.loadOAuthCredentials(
+                            environment: self.fetcher.environment,
+                            allowKeychainPrompt: allowKeychainPrompt,
+                            respectKeychainPromptCooldown: promptPolicy.shouldRespectKeychainPromptCooldown)
+                    }
+
+                try self.validateRequiredOAuthScope(credentials)
+                let usage = try await ClaudeUsageFetcher.fetchOAuthUsage(accessToken: credentials.accessToken)
+                return try ClaudeUsageFetcher.mapOAuthUsage(usage, credentials: credentials)
+            } catch let error as CancellationError {
+                throw error
+            } catch let error as ClaudeUsageError {
+                throw error
+            } catch let error as ClaudeOAuthCredentialsError {
+                if case .refreshDelegatedToClaudeCLI = error {
+                    return try await self.loadAfterDelegatedRefresh(allowDelegatedRetry: allowDelegatedRetry)
+                }
+                throw ClaudeUsageError.oauthFailed(error.localizedDescription)
+            } catch let error as ClaudeOAuthFetchError {
+                if case .rateLimited = error {
+                    throw ClaudeUsageError.oauthFailed(error.localizedDescription)
+                }
+                ClaudeOAuthCredentialsStore.invalidateCache()
+                if case let .serverError(statusCode, body) = error,
+                   statusCode == 403,
+                   body?.contains("user:profile") ?? false
+                {
+                    throw ClaudeUsageError.oauthFailed(
+                        "Claude OAuth token does not meet scope requirement 'user:profile'. "
+                            + "Run `claude setup-token` to re-generate credentials, or switch Claude Source to "
+                            + "Web/CLI.")
+                }
+                throw ClaudeUsageError.oauthFailed(error.localizedDescription)
+            } catch {
+                throw ClaudeUsageError.oauthFailed(error.localizedDescription)
+            }
+        }
+
+        private func shouldAllowStartupBootstrapPrompt(
+            policy: ClaudeOAuthKeychainPromptPolicy,
+            hasCache: Bool) -> Bool
+        {
+            guard self.fetcher.allowStartupBootstrapPrompt else { return false }
+            guard !hasCache else { return false }
+            guard ClaudeOAuthKeychainPromptPreference.securityFrameworkFallbackMode() == .onlyOnUserAction else {
+                return false
+            }
+            guard policy.interaction == .background else { return false }
+            return ProviderRefreshContext.current == .startup
+        }
+
+        private func loadAfterDelegatedRefresh(allowDelegatedRetry: Bool) async throws -> ClaudeUsageSnapshot {
+            guard allowDelegatedRetry else {
+                throw ClaudeUsageError.oauthFailed(
+                    "Claude OAuth token expired and delegated Claude CLI refresh did not recover. "
+                        + "Run `claude login`, then retry.")
+            }
+
+            try Task.checkCancellation()
+
+            let delegatedPromptPolicy = ClaudeUsageFetcher.currentClaudeOAuthDelegatedRefreshPolicy()
+            try ClaudeUsageFetcher.assertDelegatedRefreshAllowedInCurrentInteraction(
+                policy: delegatedPromptPolicy,
+                allowBackgroundDelegatedRefresh: self.fetcher.allowBackgroundDelegatedRefresh)
+
+            let delegatedOutcome = await ClaudeUsageFetcher.attemptDelegatedRefresh(
+                environment: self.fetcher.environment)
+            ClaudeUsageFetcher.log.info(
+                "Claude OAuth delegated refresh attempted",
+                metadata: [
+                    "outcome": ClaudeUsageFetcher.delegatedRefreshOutcomeLabel(delegatedOutcome),
+                ])
+
+            do {
+                if self.fetcher.oauthKeychainPromptCooldownEnabled {
+                    switch delegatedOutcome {
+                    case .skippedByCooldown, .cliUnavailable:
+                        throw ClaudeUsageError.oauthFailed(
+                            "Claude OAuth token expired; delegated refresh is unavailable (outcome="
+                                + "\(ClaudeUsageFetcher.delegatedRefreshOutcomeLabel(delegatedOutcome))).")
+                    case .attemptedSucceeded, .attemptedFailed:
+                        break
+                    }
+                }
+
+                try Task.checkCancellation()
+
+                _ = ClaudeOAuthCredentialsStore.invalidateCacheIfCredentialsFileChanged()
+
+                let didSyncSilently = delegatedOutcome == .attemptedSucceeded
+                    && ClaudeOAuthCredentialsStore.syncFromClaudeKeychainWithoutPrompt(now: Date())
+
+                let promptPolicy = ClaudeUsageFetcher.currentClaudeOAuthInteractivePromptPolicy()
+                ClaudeUsageFetcher.logDeferredBackgroundDelegatedRecoveryIfNeeded(
+                    delegatedOutcome: delegatedOutcome,
+                    didSyncSilently: didSyncSilently,
+                    policy: promptPolicy)
+                let retryAllowKeychainPrompt = promptPolicy.canPromptNow && !didSyncSilently
+                if retryAllowKeychainPrompt {
+                    ClaudeUsageFetcher.log.info(
+                        "Claude OAuth keychain prompt allowed (post-delegation retry)",
+                        metadata: [
+                            "interaction": promptPolicy.interactionLabel,
+                            "promptMode": promptPolicy.mode.rawValue,
+                            "promptPolicyApplicable": "\(promptPolicy.isApplicable)",
+                            "delegatedOutcome": ClaudeUsageFetcher.delegatedRefreshOutcomeLabel(delegatedOutcome),
+                            "didSyncSilently": "\(didSyncSilently)",
+                        ])
+                }
+                if ClaudeUsageFetcher.isClaudeOAuthFlowDebugEnabled {
+                    ClaudeUsageFetcher.log.debug(
+                        "Claude OAuth credential load (post-delegation retry start)",
+                        metadata: [
+                            "cooldownEnabled": "\(self.fetcher.oauthKeychainPromptCooldownEnabled)",
+                            "didSyncSilently": "\(didSyncSilently)",
+                            "allowKeychainPrompt": "\(retryAllowKeychainPrompt)",
+                            "delegatedOutcome": ClaudeUsageFetcher.delegatedRefreshOutcomeLabel(delegatedOutcome),
+                            "interaction": promptPolicy.interactionLabel,
+                            "promptMode": promptPolicy.mode.rawValue,
+                            "promptPolicyApplicable": "\(promptPolicy.isApplicable)",
+                        ])
+                }
+
+                let refreshedCredentials = try await ClaudeUsageFetcher.loadOAuthCredentials(
+                    environment: self.fetcher.environment,
+                    allowKeychainPrompt: retryAllowKeychainPrompt,
+                    respectKeychainPromptCooldown: promptPolicy.shouldRespectKeychainPromptCooldown)
+                if ClaudeUsageFetcher.isClaudeOAuthFlowDebugEnabled {
+                    ClaudeUsageFetcher.log.debug(
+                        "Claude OAuth credential load (post-delegation retry)",
+                        metadata: [
+                            "cooldownEnabled": "\(self.fetcher.oauthKeychainPromptCooldownEnabled)",
+                            "didSyncSilently": "\(didSyncSilently)",
+                            "allowKeychainPrompt": "\(retryAllowKeychainPrompt)",
+                            "delegatedOutcome": ClaudeUsageFetcher.delegatedRefreshOutcomeLabel(delegatedOutcome),
+                            "interaction": promptPolicy.interactionLabel,
+                            "promptMode": promptPolicy.mode.rawValue,
+                            "promptPolicyApplicable": "\(promptPolicy.isApplicable)",
+                        ])
+                }
+
+                try self.validateRequiredOAuthScope(refreshedCredentials)
+                let usage = try await ClaudeUsageFetcher.fetchOAuthUsage(
+                    accessToken: refreshedCredentials.accessToken)
+                return try ClaudeUsageFetcher.mapOAuthUsage(usage, credentials: refreshedCredentials)
+            } catch {
+                ClaudeUsageFetcher.log.debug(
+                    "Claude OAuth post-delegation retry failed",
+                    metadata: ClaudeUsageFetcher.delegatedRetryFailureMetadata(
+                        error: error,
+                        oauthKeychainPromptCooldownEnabled: self.fetcher.oauthKeychainPromptCooldownEnabled,
+                        delegatedOutcome: delegatedOutcome))
+                throw ClaudeUsageError.oauthFailed(
+                    ClaudeUsageFetcher.delegatedRefreshFailureMessage(
+                        for: delegatedOutcome,
+                        retryError: error))
+            }
+        }
+
+        private func validateRequiredOAuthScope(_ credentials: ClaudeOAuthCredentials) throws {
+            guard credentials.scopes.contains("user:profile") else {
+                let scopes = credentials.scopes.joined(separator: ", ")
+                let detail = scopes.isEmpty
+                    ? "Claude OAuth token missing 'user:profile' scope."
+                    : "Claude OAuth token missing 'user:profile' scope (has: \(scopes))."
+                throw ClaudeUsageError.oauthFailed(
+                    detail + " Run `claude setup-token` to re-generate credentials, or switch Claude Source to "
+                        + "Web/CLI.")
+            }
+        }
     }
 
+    private struct StepExecutor {
+        let fetcher: ClaudeUsageFetcher
+
+        func loadLatestUsage(model: String) async throws -> ClaudeUsageSnapshot {
+            switch self.fetcher.dataSource {
+            case .auto:
+                return try await self.executeAuto(model: model)
+            case .api:
+                throw ClaudeUsageError.parseFailed("Claude Admin API usage is handled by the provider descriptor.")
+            case .oauth:
+                var snapshot = try await self.fetcher.loadViaOAuth(allowDelegatedRetry: true)
+                snapshot = await self.fetcher.applyWebExtrasIfNeeded(to: snapshot)
+                return snapshot
+            case .web:
+                return try await self.fetcher.loadViaWebAPI()
+            case .cli:
+                return try await self.loadViaCLIWithRetry(model: model)
+            }
+        }
+
+        private func executeAuto(model: String) async throws -> ClaudeUsageSnapshot {
+            let plan = await self.makeAutoFetchPlan()
+            self.logAutoPlan(plan)
+
+            let executionSteps = plan.executionSteps
+            for (index, step) in executionSteps.enumerated() {
+                do {
+                    return try await self.execute(step: step, model: model)
+                } catch {
+                    if index < executionSteps.count - 1 {
+                        ClaudeUsageFetcher.log.debug(
+                            "Claude planner step failed; falling back to next step",
+                            metadata: [
+                                "step": step.dataSource.rawValue,
+                                "reason": step.inclusionReason.rawValue,
+                                "errorType": String(describing: type(of: error)),
+                            ])
+                        continue
+                    }
+                    throw error
+                }
+            }
+            throw ClaudeUsageError.parseFailed("Claude planner produced no executable steps.")
+        }
+
+        private func makeAutoFetchPlan() async -> ClaudeFetchPlan {
+            let hasWebSession =
+                if let header = self.fetcher.manualCookieHeader {
+                    ClaudeWebAPIFetcher.hasSessionKey(cookieHeader: header)
+                } else {
+                    ClaudeWebAPIFetcher.hasSessionKey(browserDetection: self.fetcher.browserDetection)
+                }
+            let hasCLI = ClaudeCLIResolver.isAvailable(environment: self.fetcher.environment)
+            return ClaudeSourcePlanner.resolve(input: ClaudeSourcePlanningInput(
+                runtime: self.fetcher.runtime,
+                selectedDataSource: .auto,
+                webExtrasEnabled: self.fetcher.useWebExtras,
+                hasWebSession: hasWebSession,
+                hasCLI: hasCLI,
+                hasOAuthCredentials: ClaudeOAuthPlanningAvailability.isAvailable(
+                    runtime: self.fetcher.runtime,
+                    sourceMode: .auto,
+                    environment: self.fetcher.environment)))
+        }
+
+        private func logAutoPlan(_ plan: ClaudeFetchPlan) {
+            var metadata: [String: String] = [
+                "plannerOrder": plan.orderLabel,
+                "selected": plan.preferredStep?.dataSource.rawValue ?? "none",
+                "noSourceAvailable": "\(plan.isNoSourceAvailable)",
+                "webExtrasEnabled": "\(self.fetcher.useWebExtras)",
+                "oauthReadStrategy": ClaudeOAuthKeychainReadStrategyPreference.current().rawValue,
+            ]
+            for (index, step) in plan.orderedSteps.enumerated() {
+                metadata["step\(index)"] =
+                    "\(step.dataSource.rawValue):\(step.inclusionReason.rawValue):\(step.isPlausiblyAvailable)"
+            }
+            ClaudeUsageFetcher.log.debug("Claude auto source planner", metadata: metadata)
+        }
+
+        private func execute(step: ClaudeFetchPlanStep, model: String) async throws -> ClaudeUsageSnapshot {
+            switch step.dataSource {
+            case .api:
+                throw ClaudeUsageError.parseFailed("Planner emitted invalid api execution step.")
+            case .oauth:
+                var snapshot = try await self.fetcher.loadViaOAuth(allowDelegatedRetry: true)
+                snapshot = await self.fetcher.applyWebExtrasIfNeeded(to: snapshot)
+                return snapshot
+            case .web:
+                return try await self.fetcher.loadViaWebAPI()
+            case .cli:
+                return try await self.loadViaAutoCLI(model: model)
+            case .auto:
+                throw ClaudeUsageError.parseFailed("Planner emitted invalid auto execution step.")
+            }
+        }
+
+        private func loadViaAutoCLI(model: String) async throws -> ClaudeUsageSnapshot {
+            do {
+                return try await self.loadViaCLI(model: model, timeout: ClaudeUsageFetcher.cliAutoProbeTimeout)
+            } catch {
+                if error is CancellationError { throw error }
+                guard Self.shouldRetryCLIProbe(after: error) else { throw error }
+                return try await self.loadViaCLI(model: model, timeout: ClaudeUsageFetcher.cliRetryProbeTimeout)
+            }
+        }
+
+        private func loadViaCLIWithRetry(model: String) async throws -> ClaudeUsageSnapshot {
+            do {
+                return try await self.loadViaCLI(model: model, timeout: ClaudeUsageFetcher.cliProbeTimeout)
+            } catch {
+                if error is CancellationError { throw error }
+                guard Self.shouldRetryCLIProbe(after: error) else { throw error }
+                return try await self.loadViaCLI(model: model, timeout: ClaudeUsageFetcher.cliRetryProbeTimeout)
+            }
+        }
+
+        private func loadViaCLI(model: String, timeout: TimeInterval) async throws -> ClaudeUsageSnapshot {
+            var snapshot: ClaudeUsageSnapshot
+            do {
+                snapshot = try await self.fetcher.loadViaPTY(model: model, timeout: timeout)
+            } catch {
+                if error is CancellationError { throw error }
+                guard Self.shouldTryDirectCLIUsage(after: error) else { throw error }
+                let ptyError = error
+                do {
+                    snapshot = try await self.fetcher.loadViaDirectCLI(
+                        timeout: Self.directCLIUsageTimeout(for: timeout))
+                } catch let directError {
+                    if directError is CancellationError { throw directError }
+                    guard Self.directCLIErrorShouldReplacePTYError(directError) else { throw ptyError }
+                    throw directError
+                }
+            }
+            snapshot = await self.fetcher.applyWebExtrasIfNeeded(to: snapshot)
+            return snapshot
+        }
+
+        private static func directCLIUsageTimeout(for ptyTimeout: TimeInterval) -> TimeInterval {
+            min(max(ptyTimeout / 3, 6), 8)
+        }
+
+        private static func directCLIErrorShouldReplacePTYError(_ error: Error) -> Bool {
+            if case let ClaudeStatusProbeError.parseFailed(message) = error {
+                return message.lowercased().contains("subscription")
+            }
+            if case let ClaudeUsageError.parseFailed(message) = error {
+                return message.lowercased().contains("subscription")
+            }
+            return false
+        }
+
+        private static func shouldTryDirectCLIUsage(after error: Error) -> Bool {
+            if case ClaudeStatusProbeError.timedOut = error { return true }
+            if case let ClaudeStatusProbeError.parseFailed(message) = error {
+                let lower = message.lowercased()
+                return lower.contains("still loading usage") || lower.contains("could not load usage data")
+            }
+            let message = error.localizedDescription.lowercased()
+            return message.contains("timed out") || message.contains("timeout")
+        }
+
+        private static func shouldRetryCLIProbe(after error: Error) -> Bool {
+            if case ClaudeStatusProbeError.timedOut = error { return true }
+            if case let ClaudeStatusProbeError.parseFailed(message) = error {
+                return message.lowercased().contains("still loading usage")
+            }
+            let message = error.localizedDescription.lowercased()
+            return message.contains("timed out") || message.contains("timeout")
+        }
+    }
+}
+
+extension ClaudeUsageFetcher {
     // MARK: - Parsing helpers
 
     public static func parse(json: Data) -> ClaudeUsageSnapshot? {
@@ -199,21 +655,26 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
             return nil
         }
 
-        func makeWindow(_ dict: [String: Any]?) -> RateWindow? {
+        func makeWindow(_ dict: [String: Any]?, windowMinutes: Int) -> RateWindow? {
             guard let dict else { return nil }
             let pct = (dict["pct_used"] as? NSNumber)?.doubleValue ?? 0
             let resetText = dict["resets"] as? String
             return RateWindow(
                 usedPercent: pct,
-                windowMinutes: nil,
+                windowMinutes: windowMinutes,
                 resetsAt: Self.parseReset(text: resetText),
                 resetDescription: resetText)
         }
 
-        guard let session = makeWindow(firstWindowDict(["session_5h"])) else {
+        guard let session = makeWindow(
+            firstWindowDict(["session_5h"]),
+            windowMinutes: Self.sessionWindowMinutes)
+        else {
             throw ClaudeUsageError.parseFailed("missing session data")
         }
-        let weekAll = makeWindow(firstWindowDict(["week_all_models", "week_all"]))
+        let weekAll = makeWindow(
+            firstWindowDict(["week_all_models", "week_all"]),
+            windowMinutes: Self.weeklyWindowMinutes)
 
         let rawEmail = (obj["account_email"] as? String)?.trimmingCharacters(
             in: .whitespacesAndNewlines)
@@ -234,7 +695,7 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
             let resets = opus["resets"] as? String
             return RateWindow(
                 usedPercent: pct,
-                windowMinutes: nil,
+                windowMinutes: Self.weeklyWindowMinutes,
                 resetsAt: Self.parseReset(text: resets),
                 resetDescription: resets)
         }()
@@ -278,7 +739,7 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
 
     public func debugRawProbe(model: String = "sonnet") async -> String {
         do {
-            let snap = try await self.loadViaPTY(model: model, timeout: 10)
+            let snap = try await self.loadViaPTY(model: model, timeout: Self.cliProbeTimeout)
             let opus = snap.opus?.remainingPercent ?? -1
             let email = snap.accountEmail ?? "nil"
             let org = snap.accountOrganization ?? "nil"
@@ -294,19 +755,13 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
         }
     }
 
-    // MARK: - OAuth API path
-
-    private func shouldAllowStartupBootstrapPrompt(
-        policy: ClaudeOAuthKeychainPromptPolicy,
-        hasCache: Bool) -> Bool
-    {
-        guard policy.isApplicable else { return false }
-        guard self.allowStartupBootstrapPrompt else { return false }
-        guard !hasCache else { return false }
-        guard policy.mode == .onlyOnUserAction else { return false }
-        guard policy.interaction == .background else { return false }
-        return ProviderRefreshContext.current == .startup
+    public func loadLatestUsage(model: String = "sonnet") async throws -> ClaudeUsageSnapshot {
+        try await StepExecutor(fetcher: self).loadLatestUsage(model: model)
     }
+}
+
+extension ClaudeUsageFetcher {
+    // MARK: - OAuth API path
 
     private static func logOAuthBootstrapPromptDecision(
         allowKeychainPrompt: Bool,
@@ -345,188 +800,7 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
     }
 
     private func loadViaOAuth(allowDelegatedRetry: Bool) async throws -> ClaudeUsageSnapshot {
-        do {
-            let promptPolicy = Self.currentClaudeOAuthKeychainPromptPolicy()
-
-            // Allow keychain prompt when no cached credentials exist (bootstrap case)
-            #if DEBUG
-            let hasCache = Self.hasCachedCredentialsOverride
-                ?? ClaudeOAuthCredentialsStore.hasCachedCredentials(environment: self.environment)
-            #else
-            let hasCache = ClaudeOAuthCredentialsStore.hasCachedCredentials(environment: self.environment)
-            #endif
-            let startupBootstrapOverride = self.shouldAllowStartupBootstrapPrompt(
-                policy: promptPolicy,
-                hasCache: hasCache)
-            // Note: `hasCachedCredentials` intentionally returns true for expired Claude-CLI-owned creds, because the
-            // repair path is delegated refresh via Claude CLI (followed by a silent re-sync) rather than immediately
-            // prompting on the initial load.
-            let allowKeychainPrompt = (promptPolicy.canPromptNow || startupBootstrapOverride) && !hasCache
-            Self.logOAuthBootstrapPromptDecision(
-                allowKeychainPrompt: allowKeychainPrompt,
-                policy: promptPolicy,
-                hasCache: hasCache,
-                startupBootstrapOverride: startupBootstrapOverride)
-            // Ownership-aware credential loading:
-            // - Claude CLI-owned credentials delegate refresh to Claude CLI.
-            // - CodexBar-owned credentials use direct token-endpoint refresh.
-            let creds = try await ClaudeOAuthCredentialsStore.$allowBackgroundPromptBootstrap
-                .withValue(startupBootstrapOverride) {
-                    try await Self.loadOAuthCredentials(
-                        environment: self.environment,
-                        allowKeychainPrompt: allowKeychainPrompt,
-                        respectKeychainPromptCooldown: promptPolicy.shouldRespectKeychainPromptCooldown)
-                }
-            // The usage endpoint requires user:profile scope.
-            if !creds.scopes.contains("user:profile") {
-                throw ClaudeUsageError.oauthFailed(
-                    "Claude OAuth token missing 'user:profile' scope (has: \(creds.scopes.joined(separator: ", "))). "
-                        + "Run `claude setup-token` to re-generate credentials, or switch Claude Source to Web/CLI.")
-            }
-            let usage = try await Self.fetchOAuthUsage(accessToken: creds.accessToken)
-            return try Self.mapOAuthUsage(usage, credentials: creds)
-        } catch let error as CancellationError {
-            throw error
-        } catch let error as ClaudeUsageError {
-            throw error
-        } catch let error as ClaudeOAuthCredentialsError {
-            if case .refreshDelegatedToClaudeCLI = error {
-                return try await self.loadViaOAuthAfterDelegatedRefresh(allowDelegatedRetry: allowDelegatedRetry)
-            }
-            throw ClaudeUsageError.oauthFailed(error.localizedDescription)
-        } catch let error as ClaudeOAuthFetchError {
-            ClaudeOAuthCredentialsStore.invalidateCache()
-            if case let .serverError(statusCode, body) = error,
-               statusCode == 403,
-               body?.contains("user:profile") ?? false
-            {
-                throw ClaudeUsageError.oauthFailed(
-                    "Claude OAuth token does not meet scope requirement 'user:profile'. "
-                        + "Run `claude setup-token` to re-generate credentials, or switch Claude Source to Web/CLI.")
-            }
-            throw ClaudeUsageError.oauthFailed(error.localizedDescription)
-        } catch {
-            throw ClaudeUsageError.oauthFailed(error.localizedDescription)
-        }
-    }
-
-    private func loadViaOAuthAfterDelegatedRefresh(allowDelegatedRetry: Bool) async throws -> ClaudeUsageSnapshot {
-        guard allowDelegatedRetry else {
-            throw ClaudeUsageError.oauthFailed(
-                "Claude OAuth token expired and delegated Claude CLI refresh did not recover. "
-                    + "Run `claude login`, then retry.")
-        }
-
-        try Task.checkCancellation()
-
-        let delegatedPromptPolicy = Self.currentClaudeOAuthKeychainPromptPolicy()
-        try Self.assertDelegatedRefreshAllowedInCurrentInteraction(
-            policy: delegatedPromptPolicy,
-            allowBackgroundDelegatedRefresh: self.allowBackgroundDelegatedRefresh)
-
-        let delegatedOutcome = await Self.attemptDelegatedRefresh()
-        Self.log.info(
-            "Claude OAuth delegated refresh attempted",
-            metadata: [
-                "outcome": Self.delegatedRefreshOutcomeLabel(delegatedOutcome),
-            ])
-
-        do {
-            // In Auto mode, avoid forcing interactive Keychain prompts or blocking the fallback chain when
-            // delegation cannot run.
-            if self.oauthKeychainPromptCooldownEnabled {
-                switch delegatedOutcome {
-                case .skippedByCooldown, .cliUnavailable:
-                    throw ClaudeUsageError.oauthFailed(
-                        "Claude OAuth token expired; delegated refresh is unavailable (outcome="
-                            + "\(Self.delegatedRefreshOutcomeLabel(delegatedOutcome))).")
-                case .attemptedSucceeded:
-                    break
-                case .attemptedFailed:
-                    // Delegation ran but didn't observe a keychain change. We'll attempt a non-interactive reload
-                    // below (allowKeychainPrompt=false) and then allow the Auto chain to fall back.
-                    break
-                }
-            }
-
-            try Task.checkCancellation()
-
-            // After delegated refresh, reload credentials and retry OAuth once.
-            // In OAuth mode we allow an interactive Keychain prompt here; in Auto mode we keep it silent to avoid
-            // bypassing the prompt cooldown and to let the fallback chain proceed.
-            _ = ClaudeOAuthCredentialsStore.invalidateCacheIfCredentialsFileChanged()
-
-            let didSyncSilently = delegatedOutcome == .attemptedSucceeded
-                && ClaudeOAuthCredentialsStore.syncFromClaudeKeychainWithoutPrompt(now: Date())
-
-            let promptPolicy = Self.currentClaudeOAuthKeychainPromptPolicy()
-            Self.logDeferredBackgroundDelegatedRecoveryIfNeeded(
-                delegatedOutcome: delegatedOutcome,
-                didSyncSilently: didSyncSilently,
-                policy: promptPolicy)
-            let retryAllowKeychainPrompt = promptPolicy.canPromptNow && !didSyncSilently
-            if retryAllowKeychainPrompt {
-                Self.log.info(
-                    "Claude OAuth keychain prompt allowed (post-delegation retry)",
-                    metadata: [
-                        "interaction": promptPolicy.interactionLabel,
-                        "promptMode": promptPolicy.mode.rawValue,
-                        "promptPolicyApplicable": "\(promptPolicy.isApplicable)",
-                        "delegatedOutcome": Self.delegatedRefreshOutcomeLabel(delegatedOutcome),
-                        "didSyncSilently": "\(didSyncSilently)",
-                    ])
-            }
-            if Self.isClaudeOAuthFlowDebugEnabled {
-                Self.log.debug(
-                    "Claude OAuth credential load (post-delegation retry start)",
-                    metadata: [
-                        "cooldownEnabled": "\(self.oauthKeychainPromptCooldownEnabled)",
-                        "didSyncSilently": "\(didSyncSilently)",
-                        "allowKeychainPrompt": "\(retryAllowKeychainPrompt)",
-                        "delegatedOutcome": Self.delegatedRefreshOutcomeLabel(delegatedOutcome),
-                        "interaction": promptPolicy.interactionLabel,
-                        "promptMode": promptPolicy.mode.rawValue,
-                        "promptPolicyApplicable": "\(promptPolicy.isApplicable)",
-                    ])
-            }
-            let refreshedCreds = try await Self.loadOAuthCredentials(
-                environment: self.environment,
-                allowKeychainPrompt: retryAllowKeychainPrompt,
-                respectKeychainPromptCooldown: promptPolicy.shouldRespectKeychainPromptCooldown)
-            if Self.isClaudeOAuthFlowDebugEnabled {
-                Self.log.debug(
-                    "Claude OAuth credential load (post-delegation retry)",
-                    metadata: [
-                        "cooldownEnabled": "\(self.oauthKeychainPromptCooldownEnabled)",
-                        "didSyncSilently": "\(didSyncSilently)",
-                        "allowKeychainPrompt": "\(retryAllowKeychainPrompt)",
-                        "delegatedOutcome": Self.delegatedRefreshOutcomeLabel(delegatedOutcome),
-                        "interaction": promptPolicy.interactionLabel,
-                        "promptMode": promptPolicy.mode.rawValue,
-                        "promptPolicyApplicable": "\(promptPolicy.isApplicable)",
-                    ])
-            }
-
-            if !refreshedCreds.scopes.contains("user:profile") {
-                let scopes = refreshedCreds.scopes.joined(separator: ", ")
-                throw ClaudeUsageError.oauthFailed(
-                    "Claude OAuth token missing 'user:profile' scope (has: \(scopes)). "
-                        + "Run `claude setup-token` to re-generate credentials, "
-                        + "or switch Claude Source to Web/CLI.")
-            }
-
-            let usage = try await Self.fetchOAuthUsage(accessToken: refreshedCreds.accessToken)
-            return try Self.mapOAuthUsage(usage, credentials: refreshedCreds)
-        } catch {
-            Self.log.debug(
-                "Claude OAuth post-delegation retry failed",
-                metadata: Self.delegatedRetryFailureMetadata(
-                    error: error,
-                    oauthKeychainPromptCooldownEnabled: self.oauthKeychainPromptCooldownEnabled,
-                    delegatedOutcome: delegatedOutcome))
-            throw ClaudeUsageError.oauthFailed(
-                Self.delegatedRefreshFailureMessage(for: delegatedOutcome, retryError: error))
-        }
+        try await OAuthExecutor(fetcher: self).load(allowDelegatedRetry: allowDelegatedRetry)
     }
 
     private static func loadOAuthCredentials(
@@ -556,18 +830,23 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
 
     private static func attemptDelegatedRefresh(
         now: Date = Date(),
-        timeout: TimeInterval = 15) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome
+        timeout: TimeInterval = 15,
+        environment: [String: String] = ProcessInfo.processInfo.environment)
+        async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome
     {
         #if DEBUG
         if let override = delegatedRefreshAttemptOverride {
-            return await override(now, timeout)
+            return await override(now, timeout, environment)
         }
         #endif
-        return await ClaudeOAuthDelegatedRefreshCoordinator.attempt(now: now, timeout: timeout)
+        return await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
+            now: now,
+            timeout: timeout,
+            environment: environment)
     }
 
-    private static func delegatedRefreshOutcomeLabel(_ outcome: ClaudeOAuthDelegatedRefreshCoordinator
-        .Outcome) -> String
+    private static func delegatedRefreshOutcomeLabel(
+        _ outcome: ClaudeOAuthDelegatedRefreshCoordinator.Outcome) -> String
     {
         switch outcome {
         case .skippedByCooldown:
@@ -585,7 +864,12 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
         for outcome: ClaudeOAuthDelegatedRefreshCoordinator.Outcome,
         retryError: Error) -> String
     {
-        _ = retryError
+        if let oauthError = retryError as? ClaudeOAuthFetchError,
+           case .rateLimited = oauthError
+        {
+            return oauthError.localizedDescription
+        }
+
         switch outcome {
         case .skippedByCooldown:
             return "Claude OAuth token expired and delegated refresh is cooling down. "
@@ -619,6 +903,9 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
             switch oauthError {
             case .unauthorized:
                 metadata["oauthError"] = "unauthorized"
+            case let .rateLimited(retryAfter):
+                metadata["oauthError"] = "rateLimited"
+                metadata["retryAfter"] = retryAfter.map { "\($0.timeIntervalSince1970)" } ?? "nil"
             case .invalidResponse:
                 metadata["oauthError"] = "invalidResponse"
             case let .serverError(statusCode, body):
@@ -651,7 +938,35 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
                 resetDescription: resetDescription)
         }
 
-        guard let primary = makeWindow(usage.fiveHour, windowMinutes: 5 * 60) else {
+        let loginMethod = ClaudePlan.oauthLoginMethod(
+            subscriptionType: credentials.subscriptionType,
+            rateLimitTier: credentials.rateLimitTier)
+        let primary = makeWindow(usage.fiveHour, windowMinutes: 5 * 60)
+            ?? makeWindow(usage.sevenDay, windowMinutes: 7 * 24 * 60)
+            ?? makeWindow(usage.sevenDayOAuthApps, windowMinutes: 7 * 24 * 60)
+            ?? makeWindow(usage.sevenDaySonnet, windowMinutes: 7 * 24 * 60)
+            ?? makeWindow(usage.sevenDayOpus, windowMinutes: 7 * 24 * 60)
+        let treatAsSpendLimit = primary == nil && usage.extraUsage?.isEnabled == true
+        let providerCost = Self.oauthExtraUsageCost(
+            usage.extraUsage,
+            loginMethod: loginMethod,
+            treatAsSpendLimit: treatAsSpendLimit)
+
+        guard let primary else {
+            if let spendLimit = Self.oauthSpendLimitWindow(from: providerCost, extraUsage: usage.extraUsage) {
+                return ClaudeUsageSnapshot(
+                    primary: spendLimit,
+                    primaryWindowKind: .spendLimit,
+                    secondary: nil,
+                    opus: nil,
+                    extraRateWindows: Self.oauthExtraRateWindows(from: usage),
+                    providerCost: providerCost,
+                    updatedAt: Date(),
+                    accountEmail: nil,
+                    accountOrganization: nil,
+                    loginMethod: loginMethod,
+                    rawText: nil)
+            }
             throw ClaudeUsageError.parseFailed("missing session data")
         }
 
@@ -659,14 +974,13 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
         let modelSpecific = makeWindow(
             usage.sevenDaySonnet ?? usage.sevenDayOpus,
             windowMinutes: 7 * 24 * 60)
-
-        let loginMethod = Self.inferPlan(rateLimitTier: credentials.rateLimitTier)
-        let providerCost = Self.oauthExtraUsageCost(usage.extraUsage, loginMethod: loginMethod)
+        let extraRateWindows = Self.oauthExtraRateWindows(from: usage)
 
         return ClaudeUsageSnapshot(
             primary: primary,
             secondary: weekly,
             opus: modelSpecific,
+            extraRateWindows: extraRateWindows,
             providerCost: providerCost,
             updatedAt: Date(),
             accountEmail: nil,
@@ -677,7 +991,8 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
 
     private static func oauthExtraUsageCost(
         _ extra: OAuthExtraUsage?,
-        loginMethod: String?) -> ProviderCostSnapshot?
+        loginMethod: String?,
+        treatAsSpendLimit: Bool = false) -> ProviderCostSnapshot?
     {
         guard let extra, extra.isEnabled == true else { return nil }
         guard let used = extra.usedCredits,
@@ -685,32 +1000,86 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
         else { return nil }
         let currency = extra.currency?.trimmingCharacters(in: .whitespacesAndNewlines)
         let code = (currency?.isEmpty ?? true) ? "USD" : currency!
-        let normalized = Self.normalizeClaudeExtraUsageAmounts(used: used, limit: limit)
+        let isSpendLimit = treatAsSpendLimit || ClaudePlan.fromCompatibilityLoginMethod(loginMethod) == .enterprise
+        let normalized = Self.normalizeClaudeExtraUsageAmounts(
+            used: used,
+            limit: limit,
+            treatAsMajorUnits: false)
         return ProviderCostSnapshot(
             used: normalized.used,
             limit: normalized.limit,
             currencyCode: code,
-            period: "Monthly",
+            period: isSpendLimit ? "Spend limit" : "Monthly cap",
             resetsAt: nil,
             updatedAt: Date())
     }
 
-    private static func normalizeClaudeExtraUsageAmounts(used: Double, limit: Double) -> (
-        used: Double, limit: Double)
+    private static func oauthSpendLimitWindow(
+        from providerCost: ProviderCostSnapshot?,
+        extraUsage: OAuthExtraUsage?) -> RateWindow?
     {
+        guard let providerCost,
+              providerCost.limit > 0
+        else { return nil }
+        let usedPercent = extraUsage?.utilization ?? (providerCost.used / providerCost.limit) * 100
+        let used = UsageFormatter.currencyString(providerCost.used, currencyCode: providerCost.currencyCode)
+        let limit = UsageFormatter.currencyString(providerCost.limit, currencyCode: providerCost.currencyCode)
+        return RateWindow(
+            usedPercent: min(100, max(0, usedPercent)),
+            windowMinutes: nil,
+            resetsAt: providerCost.resetsAt,
+            resetDescription: "\(providerCost.period ?? "Spend limit"): \(used) / \(limit)")
+    }
+
+    private static func normalizeClaudeExtraUsageAmounts(
+        used: Double,
+        limit: Double,
+        treatAsMajorUnits: Bool) -> (used: Double, limit: Double)
+    {
+        if treatAsMajorUnits {
+            return (used: used, limit: limit)
+        }
+
         // Claude's OAuth API returns values in cents (minor units), same as the Web API.
         // Always convert to dollars (major units) for display consistency.
         // See: ClaudeWebAPIFetcher.swift which always divides by 100.
-        (used: used / 100.0, limit: limit / 100.0)
+        return (used: used / 100.0, limit: limit / 100.0)
     }
 
-    private static func inferPlan(rateLimitTier: String?) -> String? {
-        let tier = rateLimitTier?.lowercased() ?? ""
-        if tier.contains("max") { return "Claude Max" }
-        if tier.contains("pro") { return "Claude Pro" }
-        if tier.contains("team") { return "Claude Team" }
-        if tier.contains("enterprise") { return "Claude Enterprise" }
-        return nil
+    private static func oauthExtraRateWindows(from usage: OAuthUsageResponse) -> [NamedRateWindow] {
+        let definitions: [(id: String, title: String, window: OAuthUsageWindow?, sourceKey: String?)] = [
+            (
+                id: "claude-routines",
+                title: "Daily Routines",
+                window: usage.sevenDayRoutines,
+                sourceKey: usage.sevenDayRoutinesSourceKey),
+        ]
+        if let routinesKey = usage.sevenDayRoutinesSourceKey {
+            Self.log.debug("Claude OAuth extra usage key matched: routines=\(routinesKey)")
+        }
+        return definitions.compactMap { definition in
+            let utilization: Double
+            let resetDate: Date?
+            if let window = definition.window, let parsedUtilization = window.utilization {
+                utilization = parsedUtilization
+                resetDate = ClaudeOAuthUsageFetcher.parseISO8601Date(window.resetsAt)
+            } else if definition.sourceKey != nil {
+                // Keep product bars visible when the API returns a known key with null payload.
+                utilization = 0
+                resetDate = nil
+            } else {
+                return nil
+            }
+            let resetDescription = resetDate.map(Self.formatResetDate)
+            return NamedRateWindow(
+                id: definition.id,
+                title: definition.title,
+                window: RateWindow(
+                    usedPercent: utilization,
+                    windowMinutes: Self.weeklyWindowMinutes,
+                    resetsAt: resetDate,
+                    resetDescription: resetDescription))
+        }
     }
 
     // MARK: - Web API path (uses browser cookies)
@@ -718,11 +1087,17 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
     private func loadViaWebAPI() async throws -> ClaudeUsageSnapshot {
         let webData: ClaudeWebAPIFetcher.WebUsageData =
             if let header = self.manualCookieHeader {
-                try await ClaudeWebAPIFetcher.fetchUsage(cookieHeader: header) { msg in
+                try await ClaudeWebAPIFetcher.fetchUsage(
+                    cookieHeader: header,
+                    targetOrganizationID: self.webOrganizationID)
+                { msg in
                     Self.log.debug(msg)
                 }
             } else {
-                try await ClaudeWebAPIFetcher.fetchUsage(browserDetection: self.browserDetection) { msg in
+                try await ClaudeWebAPIFetcher.fetchUsage(
+                    browserDetection: self.browserDetection,
+                    targetOrganizationID: self.webOrganizationID)
+                { msg in
                     Self.log.debug(msg)
                 }
             }
@@ -753,6 +1128,7 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
             primary: primary,
             secondary: secondary,
             opus: opus,
+            extraRateWindows: webData.extraRateWindows,
             providerCost: webData.extraUsageCost,
             updatedAt: Date(),
             accountEmail: webData.accountEmail,
@@ -770,42 +1146,74 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
 
     // MARK: - PTY-based probe (no tmux)
 
-    private func loadViaPTY(model: String, timeout: TimeInterval = 10) async throws
-        -> ClaudeUsageSnapshot
-    {
-        guard TTYCommandRunner.which("claude") != nil else {
+    private func loadViaPTY(model: String, timeout: TimeInterval = 10) async throws -> ClaudeUsageSnapshot {
+        guard let claudeBinary = ClaudeCLIResolver.resolvedBinaryPath(environment: self.environment) else {
             throw ClaudeUsageError.claudeNotInstalled
         }
         let probe = ClaudeStatusProbe(
-            claudeBinary: "claude",
+            claudeBinary: claudeBinary,
             timeout: timeout,
             keepCLISessionsAlive: self.keepCLISessionsAlive)
         let snap = try await probe.fetch()
 
+        return try Self.makeSnapshot(from: snap)
+    }
+
+    private func loadViaDirectCLI(timeout: TimeInterval) async throws -> ClaudeUsageSnapshot {
+        guard let claudeBinary = ClaudeCLIResolver.resolvedBinaryPath(environment: self.environment) else {
+            throw ClaudeUsageError.claudeNotInstalled
+        }
+
+        let workingDirectory = ClaudeStatusProbe.preparedProbeWorkingDirectoryURL()
+        var environment = ClaudeCLISession.launchEnvironment(baseEnv: self.environment)
+        environment["PWD"] = workingDirectory.path
+
+        let result = try await SubprocessRunner.run(
+            binary: claudeBinary,
+            arguments: ["/usage"],
+            environment: environment,
+            timeout: timeout,
+            standardInput: FileHandle.nullDevice,
+            currentDirectoryURL: workingDirectory,
+            label: "claude-direct-usage")
+        let snap = try ClaudeStatusProbe.parse(text: result.stdout)
+        return try Self.makeSnapshot(from: snap)
+    }
+
+    private static func makeSnapshot(from snap: ClaudeStatusSnapshot) throws -> ClaudeUsageSnapshot {
         guard let sessionPctLeft = snap.sessionPercentLeft else {
             throw ClaudeUsageError.parseFailed("missing session data")
         }
 
-        func makeWindow(pctLeft: Int?, reset: String?) -> RateWindow? {
+        func makeWindow(pctLeft: Int?, reset: String?, windowMinutes: Int) -> RateWindow? {
             guard let left = pctLeft else { return nil }
             let used = max(0, min(100, 100 - Double(left)))
             let resetClean = reset?.trimmingCharacters(in: .whitespacesAndNewlines)
             return RateWindow(
                 usedPercent: used,
-                windowMinutes: nil,
+                windowMinutes: windowMinutes,
                 resetsAt: ClaudeStatusProbe.parseResetDate(from: resetClean),
                 resetDescription: resetClean)
         }
 
-        let primary = makeWindow(pctLeft: sessionPctLeft, reset: snap.primaryResetDescription)!
+        let primary = makeWindow(
+            pctLeft: sessionPctLeft,
+            reset: snap.primaryResetDescription,
+            windowMinutes: Self.sessionWindowMinutes)!
         let weekly = makeWindow(
-            pctLeft: snap.weeklyPercentLeft, reset: snap.secondaryResetDescription)
-        let opus = makeWindow(pctLeft: snap.opusPercentLeft, reset: snap.opusResetDescription)
+            pctLeft: snap.weeklyPercentLeft,
+            reset: snap.secondaryResetDescription,
+            windowMinutes: Self.weeklyWindowMinutes)
+        let opus = makeWindow(
+            pctLeft: snap.opusPercentLeft,
+            reset: snap.opusResetDescription,
+            windowMinutes: Self.weeklyWindowMinutes)
 
         return ClaudeUsageSnapshot(
             primary: primary,
             secondary: weekly,
             opus: opus,
+            extraRateWindows: [],
             providerCost: nil,
             updatedAt: Date(),
             accountEmail: snap.accountEmail,
@@ -814,30 +1222,37 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
             rawText: snap.rawText)
     }
 
-    private func applyWebExtrasIfNeeded(to snapshot: ClaudeUsageSnapshot) async
-        -> ClaudeUsageSnapshot
-    {
+    private func applyWebExtrasIfNeeded(to snapshot: ClaudeUsageSnapshot) async -> ClaudeUsageSnapshot {
         guard self.useWebExtras, self.dataSource != .web else { return snapshot }
         do {
             let webData: ClaudeWebAPIFetcher.WebUsageData =
                 if let header = self.manualCookieHeader {
-                    try await ClaudeWebAPIFetcher.fetchUsage(cookieHeader: header) { msg in
+                    try await ClaudeWebAPIFetcher.fetchUsage(
+                        cookieHeader: header,
+                        targetOrganizationID: self.webOrganizationID)
+                    { msg in
                         Self.log.debug(msg)
                     }
                 } else {
                     try await ClaudeWebAPIFetcher.fetchUsage(
-                        browserDetection: self.browserDetection)
+                        browserDetection: self.browserDetection,
+                        targetOrganizationID: self.webOrganizationID)
                     { msg in
                         Self.log.debug(msg)
                     }
                 }
-            // Only merge cost extras; keep identity fields from the primary data source.
-            if snapshot.providerCost == nil, let extra = webData.extraUsageCost {
+            // Only merge usage/cost extras; keep identity fields from the primary data source.
+            let mergedExtraRateWindows = snapshot.extraRateWindows.isEmpty ? webData.extraRateWindows : snapshot
+                .extraRateWindows
+            let mergedProviderCost = snapshot.providerCost ?? webData.extraUsageCost
+            if mergedProviderCost != snapshot.providerCost || mergedExtraRateWindows != snapshot.extraRateWindows {
                 return ClaudeUsageSnapshot(
                     primary: snapshot.primary,
+                    primaryWindowKind: snapshot.primaryWindowKind,
                     secondary: snapshot.secondary,
                     opus: snapshot.opus,
-                    providerCost: extra,
+                    extraRateWindows: mergedExtraRateWindows,
+                    providerCost: mergedProviderCost,
                     updatedAt: snapshot.updatedAt,
                     accountEmail: snapshot.accountEmail,
                     accountOrganization: snapshot.accountOrganization,
@@ -882,104 +1297,6 @@ public struct ClaudeUsageFetcher: ClaudeUsageFetching, Sendable {
         let data = pipe.fileHandleForReading.readDataToEndOfFile()
         return String(data: data, encoding: .utf8)
     }
-}
-
-extension ClaudeUsageFetcher {
-    public func loadLatestUsage(model: String = "sonnet") async throws -> ClaudeUsageSnapshot {
-        switch self.dataSource {
-        case .auto:
-            let oauthCreds: ClaudeOAuthCredentials?
-            let oauthProbeError: Error?
-            do {
-                oauthCreds = try ClaudeOAuthCredentialsStore.load(
-                    environment: self.environment,
-                    allowKeychainPrompt: false,
-                    respectKeychainPromptCooldown: true)
-                oauthProbeError = nil
-            } catch {
-                oauthCreds = nil
-                oauthProbeError = error
-            }
-
-            let hasOAuthCredentials = oauthCreds?.scopes.contains("user:profile") ?? false
-            let hasWebSession =
-                if let header = self.manualCookieHeader {
-                    ClaudeWebAPIFetcher.hasSessionKey(cookieHeader: header)
-                } else {
-                    ClaudeWebAPIFetcher.hasSessionKey(browserDetection: self.browserDetection)
-                }
-            let hasCLI = TTYCommandRunner.which("claude") != nil
-
-            var autoDecisionMetadata: [String: String] = [
-                "hasOAuthCredentials": "\(hasOAuthCredentials)",
-                "hasWebSession": "\(hasWebSession)",
-                "hasCLI": "\(hasCLI)",
-                "oauthReadStrategy": ClaudeOAuthKeychainReadStrategyPreference.current().rawValue,
-            ]
-            if let oauthCreds {
-                autoDecisionMetadata["oauthProbe"] = "success"
-                for (key, value) in oauthCreds.diagnosticsMetadata(now: Date()) {
-                    autoDecisionMetadata[key] = value
-                }
-            } else if let oauthProbeError {
-                autoDecisionMetadata["oauthProbe"] = "failure"
-                autoDecisionMetadata["oauthProbeError"] = Self.oauthCredentialProbeErrorLabel(oauthProbeError)
-            } else {
-                autoDecisionMetadata["oauthProbe"] = "none"
-            }
-
-            func logAutoDecision(selected: String) {
-                var metadata = autoDecisionMetadata
-                metadata["selected"] = selected
-                Self.log.debug("Claude auto source decision", metadata: metadata)
-            }
-
-            if hasOAuthCredentials {
-                logAutoDecision(selected: "oauth")
-                var snap = try await self.loadViaOAuth(allowDelegatedRetry: true)
-                snap = await self.applyWebExtrasIfNeeded(to: snap)
-                return snap
-            }
-            if hasWebSession {
-                logAutoDecision(selected: "web")
-                return try await self.loadViaWebAPI()
-            }
-            if hasCLI {
-                do {
-                    logAutoDecision(selected: "cli")
-                    var snap = try await self.loadViaPTY(model: model, timeout: 10)
-                    snap = await self.applyWebExtrasIfNeeded(to: snap)
-                    return snap
-                } catch {
-                    Self.log.debug(
-                        "Claude auto source CLI path failed; falling back to OAuth",
-                        metadata: [
-                            "errorType": String(describing: type(of: error)),
-                        ])
-                }
-            }
-            logAutoDecision(selected: "oauthFallback")
-            var snap = try await self.loadViaOAuth(allowDelegatedRetry: true)
-            snap = await self.applyWebExtrasIfNeeded(to: snap)
-            return snap
-        case .oauth:
-            var snap = try await self.loadViaOAuth(allowDelegatedRetry: true)
-            snap = await self.applyWebExtrasIfNeeded(to: snap)
-            return snap
-        case .web:
-            return try await self.loadViaWebAPI()
-        case .cli:
-            do {
-                var snap = try await self.loadViaPTY(model: model, timeout: 10)
-                snap = await self.applyWebExtrasIfNeeded(to: snap)
-                return snap
-            } catch {
-                var snap = try await self.loadViaPTY(model: model, timeout: 24)
-                snap = await self.applyWebExtrasIfNeeded(to: snap)
-                return snap
-            }
-        }
-    }
 
     private static func oauthCredentialProbeErrorLabel(_ error: Error) -> String {
         guard let oauthError = error as? ClaudeOAuthCredentialsError else {
@@ -1013,7 +1330,8 @@ extension ClaudeUsageFetcher {
 extension ClaudeUsageFetcher {
     public static func _mapOAuthUsageForTesting(
         _ data: Data,
-        rateLimitTier: String? = nil) throws -> ClaudeUsageSnapshot
+        rateLimitTier: String? = nil,
+        subscriptionType: String? = nil) throws -> ClaudeUsageSnapshot
     {
         let usage = try ClaudeOAuthUsageFetcher.decodeUsageResponse(data)
         let creds = ClaudeOAuthCredentials(
@@ -1021,7 +1339,8 @@ extension ClaudeUsageFetcher {
             refreshToken: nil,
             expiresAt: Date().addingTimeInterval(3600),
             scopes: [],
-            rateLimitTier: rateLimitTier)
+            rateLimitTier: rateLimitTier,
+            subscriptionType: subscriptionType)
         return try Self.mapOAuthUsage(usage, credentials: creds)
     }
 }
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeWeb/ClaudeWebAPIFetcher.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeWeb/ClaudeWebAPIFetcher.swift
index e004b47c1..61c573320 100644
--- a/Sources/CodexBarCore/Providers/Claude/ClaudeWeb/ClaudeWebAPIFetcher.swift
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeWeb/ClaudeWebAPIFetcher.swift
@@ -54,6 +54,7 @@ public enum ClaudeWebAPIFetcher {
         case unauthorized
         case serverError(statusCode: Int)
         case noOrganization
+        case organizationNotFound(String)
 
         public var errorDescription: String? {
             switch self {
@@ -73,6 +74,8 @@ public enum ClaudeWebAPIFetcher {
                 "Claude API error: HTTP \(code)"
             case .noOrganization:
                 "No Claude organization found for this account."
+            case let .organizationNotFound(id):
+                "Claude organization '\(id)' was not found for this session."
             }
         }
     }
@@ -84,6 +87,7 @@ public enum ClaudeWebAPIFetcher {
         public let weeklyPercentUsed: Double?
         public let weeklyResetsAt: Date?
         public let opusPercentUsed: Double?
+        public let extraRateWindows: [NamedRateWindow]
         public let extraUsageCost: ProviderCostSnapshot?
         public let accountOrganization: String?
         public let accountEmail: String?
@@ -95,6 +99,7 @@ public enum ClaudeWebAPIFetcher {
             weeklyPercentUsed: Double?,
             weeklyResetsAt: Date?,
             opusPercentUsed: Double?,
+            extraRateWindows: [NamedRateWindow],
             extraUsageCost: ProviderCostSnapshot?,
             accountOrganization: String?,
             accountEmail: String?,
@@ -105,6 +110,7 @@ public enum ClaudeWebAPIFetcher {
             self.weeklyPercentUsed = weeklyPercentUsed
             self.weeklyResetsAt = weeklyResetsAt
             self.opusPercentUsed = opusPercentUsed
+            self.extraRateWindows = extraRateWindows
             self.extraUsageCost = extraUsageCost
             self.accountOrganization = accountOrganization
             self.accountEmail = accountEmail
@@ -131,6 +137,7 @@ public enum ClaudeWebAPIFetcher {
     /// Tries browser cookies using the standard import order.
     public static func fetchUsage(
         browserDetection: BrowserDetection,
+        targetOrganizationID: String? = nil,
         logger: ((String) -> Void)? = nil) async throws -> WebUsageData
     {
         let log: (String) -> Void = { msg in logger?("[claude-web] \(msg)") }
@@ -140,7 +147,10 @@ public enum ClaudeWebAPIFetcher {
         {
             log("Using cached cookie header from \(cached.sourceLabel)")
             do {
-                return try await self.fetchUsage(cookieHeader: cached.cookieHeader, logger: log)
+                return try await self.fetchUsage(
+                    cookieHeader: cached.cookieHeader,
+                    targetOrganizationID: targetOrganizationID,
+                    logger: log)
             } catch let error as FetchError {
                 switch error {
                 case .unauthorized, .noSessionKeyFound, .invalidSessionKey:
@@ -156,7 +166,10 @@ public enum ClaudeWebAPIFetcher {
         let sessionInfo = try extractSessionKeyInfo(browserDetection: browserDetection, logger: log)
         log("Found session key (\(sessionInfo.cookieCount) cookies)")
 
-        let usage = try await self.fetchUsage(using: sessionInfo, logger: log)
+        let usage = try await self.fetchUsage(
+            using: sessionInfo,
+            targetOrganizationID: targetOrganizationID,
+            logger: log)
         CookieHeaderCache.store(
             provider: .claude,
             cookieHeader: "sessionKey=\(sessionInfo.key)",
@@ -166,28 +179,40 @@ public enum ClaudeWebAPIFetcher {
 
     public static func fetchUsage(
         cookieHeader: String,
+        targetOrganizationID: String? = nil,
         logger: ((String) -> Void)? = nil) async throws -> WebUsageData
     {
         let log: (String) -> Void = { msg in logger?("[claude-web] \(msg)") }
         let sessionInfo = try self.sessionKeyInfo(cookieHeader: cookieHeader)
         log("Using manual session key (\(sessionInfo.cookieCount) cookies)")
-        return try await self.fetchUsage(using: sessionInfo, logger: log)
+        return try await self.fetchUsage(
+            using: sessionInfo,
+            targetOrganizationID: targetOrganizationID,
+            logger: log)
     }
 
     public static func fetchUsage(
         using sessionKeyInfo: SessionKeyInfo,
+        targetOrganizationID: String? = nil,
         logger: ((String) -> Void)? = nil) async throws -> WebUsageData
     {
         let log: (String) -> Void = { msg in logger?(msg) }
         let sessionKey = sessionKeyInfo.key
 
         // Fetch organization info
-        let organization = try await fetchOrganizationInfo(sessionKey: sessionKey, logger: log)
+        let organization = try await fetchOrganizationInfo(
+            sessionKey: sessionKey,
+            targetOrganizationID: targetOrganizationID,
+            logger: log)
         log("Organization resolved")
 
         var usage = try await fetchUsageData(orgId: organization.id, sessionKey: sessionKey, logger: log)
         if usage.extraUsageCost == nil,
-           let extra = await fetchExtraUsageCost(orgId: organization.id, sessionKey: sessionKey, logger: log)
+           let extra = await ClaudeWebExtraUsageCost.fetch(
+               baseURL: Self.baseURL,
+               orgId: organization.id,
+               sessionKey: sessionKey,
+               logger: log)
         {
             usage = WebUsageData(
                 sessionPercentUsed: usage.sessionPercentUsed,
@@ -195,6 +220,7 @@ public enum ClaudeWebAPIFetcher {
                 weeklyPercentUsed: usage.weeklyPercentUsed,
                 weeklyResetsAt: usage.weeklyResetsAt,
                 opusPercentUsed: usage.opusPercentUsed,
+                extraRateWindows: usage.extraRateWindows,
                 extraUsageCost: extra,
                 accountOrganization: usage.accountOrganization,
                 accountEmail: usage.accountEmail,
@@ -207,6 +233,7 @@ public enum ClaudeWebAPIFetcher {
                 weeklyPercentUsed: usage.weeklyPercentUsed,
                 weeklyResetsAt: usage.weeklyResetsAt,
                 opusPercentUsed: usage.opusPercentUsed,
+                extraRateWindows: usage.extraRateWindows,
                 extraUsageCost: usage.extraUsageCost,
                 accountOrganization: usage.accountOrganization,
                 accountEmail: account.email,
@@ -219,6 +246,7 @@ public enum ClaudeWebAPIFetcher {
                 weeklyPercentUsed: usage.weeklyPercentUsed,
                 weeklyResetsAt: usage.weeklyResetsAt,
                 opusPercentUsed: usage.opusPercentUsed,
+                extraRateWindows: usage.extraRateWindows,
                 extraUsageCost: usage.extraUsageCost,
                 accountOrganization: name,
                 accountEmail: usage.accountEmail,
@@ -264,7 +292,7 @@ public enum ClaudeWebAPIFetcher {
             request.timeoutInterval = 20
 
             do {
-                let (data, response) = try await URLSession.shared.data(for: request)
+                let (data, response) = try await ProviderHTTPClient.shared.data(for: request)
                 let http = response as? HTTPURLResponse
                 let contentType = http?.allHeaderFields["Content-Type"] as? String
                 let truncated = data.prefix(Self.maxProbeBytes)
@@ -351,7 +379,7 @@ public enum ClaudeWebAPIFetcher {
         for browserSource in installedBrowsers {
             do {
                 let query = BrowserCookieQuery(domains: cookieDomains)
-                let sources = try Self.cookieClient.records(
+                let sources = try Self.cookieClient.codexBarRecords(
                     matching: query,
                     in: browserSource,
                     logger: log)
@@ -390,6 +418,7 @@ public enum ClaudeWebAPIFetcher {
 
     private static func fetchOrganizationInfo(
         sessionKey: String,
+        targetOrganizationID: String? = nil,
         logger: ((String) -> Void)? = nil) async throws -> OrganizationInfo
     {
         let url = URL(string: "\(baseURL)/organizations")!
@@ -399,7 +428,7 @@ public enum ClaudeWebAPIFetcher {
         request.httpMethod = "GET"
         request.timeoutInterval = 15
 
-        let (data, response) = try await URLSession.shared.data(for: request)
+        let (data, response) = try await ProviderHTTPClient.shared.data(for: request)
 
         guard let httpResponse = response as? HTTPURLResponse else {
             throw FetchError.invalidResponse
@@ -409,7 +438,7 @@ public enum ClaudeWebAPIFetcher {
 
         switch httpResponse.statusCode {
         case 200:
-            return try self.parseOrganizationResponse(data)
+            return try self.parseOrganizationResponse(data, targetOrganizationID: targetOrganizationID)
         case 401, 403:
             throw FetchError.unauthorized
         default:
@@ -429,7 +458,7 @@ public enum ClaudeWebAPIFetcher {
         request.httpMethod = "GET"
         request.timeoutInterval = 15
 
-        let (data, response) = try await URLSession.shared.data(for: request)
+        let (data, response) = try await ProviderHTTPClient.shared.data(for: request)
 
         guard let httpResponse = response as? HTTPURLResponse else {
             throw FetchError.invalidResponse
@@ -439,7 +468,7 @@ public enum ClaudeWebAPIFetcher {
 
         switch httpResponse.statusCode {
         case 200:
-            return try self.parseUsageResponse(data)
+            return try self.parseUsageResponse(data, logger: logger)
         case 401, 403:
             throw FetchError.unauthorized
         default:
@@ -447,7 +476,7 @@ public enum ClaudeWebAPIFetcher {
         }
     }
 
-    private static func parseUsageResponse(_ data: Data) throws -> WebUsageData {
+    private static func parseUsageResponse(_ data: Data, logger: ((String) -> Void)? = nil) throws -> WebUsageData {
         guard let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
             throw FetchError.invalidResponse
         }
@@ -463,10 +492,8 @@ public enum ClaudeWebAPIFetcher {
                 sessionResets = self.parseISO8601Date(resetsAt)
             }
         }
-        guard let sessionPercent else {
-            // If we can't parse session utilization, treat this as a failure so callers can fall back to the CLI.
-            throw FetchError.invalidResponse
-        }
+        // Enterprise/credit-based accounts return null for five_hour; treat as 0% rather than an error.
+        let resolvedSessionPercent = sessionPercent ?? 0.0
 
         // Parse seven_day (weekly) usage
         var weeklyPercent: Double?
@@ -480,84 +507,40 @@ public enum ClaudeWebAPIFetcher {
             }
         }
 
-        // Parse seven_day_opus (Opus-specific weekly) usage
+        // Parse seven_day_sonnet (preferred) / seven_day_opus usage
         var opusPercent: Double?
-        if let sevenDayOpus = json["seven_day_opus"] as? [String: Any] {
-            if let utilization = sevenDayOpus["utilization"] as? Int {
-                opusPercent = Double(utilization)
-            }
+        if let sevenDaySonnet = json["seven_day_sonnet"] as? [String: Any] {
+            opusPercent = Self.percentValue(from: sevenDaySonnet["utilization"])
+        } else if let sevenDayOpus = json["seven_day_opus"] as? [String: Any] {
+            opusPercent = Self.percentValue(from: sevenDayOpus["utilization"])
+        }
+        let extraRateParse = ClaudeWebExtraRateWindowParser.parse(from: json)
+        if let sourceKey = extraRateParse.sourceKeys["claude-routines"] {
+            logger?("Usage API extra window key matched: routines=\(sourceKey)")
         }
+        let extraUsageCost = ClaudeWebExtraUsageCost.parse(from: json["extra_usage"])
 
         return WebUsageData(
-            sessionPercentUsed: sessionPercent,
+            sessionPercentUsed: resolvedSessionPercent,
             sessionResetsAt: sessionResets,
             weeklyPercentUsed: weeklyPercent,
             weeklyResetsAt: weeklyResets,
             opusPercentUsed: opusPercent,
-            extraUsageCost: nil,
+            extraRateWindows: extraRateParse.windows,
+            extraUsageCost: extraUsageCost,
             accountOrganization: nil,
             accountEmail: nil,
             loginMethod: nil)
     }
 
-    // MARK: - Extra usage cost (Claude "Extra")
-
-    private struct OverageSpendLimitResponse: Decodable {
-        let monthlyCreditLimit: Double?
-        let currency: String?
-        let usedCredits: Double?
-        let isEnabled: Bool?
-
-        enum CodingKeys: String, CodingKey {
-            case monthlyCreditLimit = "monthly_credit_limit"
-            case currency
-            case usedCredits = "used_credits"
-            case isEnabled = "is_enabled"
+    private static func percentValue(from value: Any?) -> Double? {
+        if let intValue = value as? Int {
+            return Double(intValue)
         }
-    }
-
-    /// Best-effort fetch of Claude Extra spend/limit (does not fail the main usage fetch).
-    private static func fetchExtraUsageCost(
-        orgId: String,
-        sessionKey: String,
-        logger: ((String) -> Void)? = nil) async -> ProviderCostSnapshot?
-    {
-        let url = URL(string: "\(baseURL)/organizations/\(orgId)/overage_spend_limit")!
-        var request = URLRequest(url: url)
-        request.setValue("sessionKey=\(sessionKey)", forHTTPHeaderField: "Cookie")
-        request.setValue("application/json", forHTTPHeaderField: "Accept")
-        request.httpMethod = "GET"
-        request.timeoutInterval = 15
-
-        do {
-            let (data, response) = try await URLSession.shared.data(for: request)
-            guard let httpResponse = response as? HTTPURLResponse else { return nil }
-            logger?("Overage API status: \(httpResponse.statusCode)")
-            guard httpResponse.statusCode == 200 else { return nil }
-            return Self.parseOverageSpendLimit(data)
-        } catch {
-            return nil
+        if let doubleValue = value as? Double {
+            return doubleValue
         }
-    }
-
-    private static func parseOverageSpendLimit(_ data: Data) -> ProviderCostSnapshot? {
-        guard let decoded = try? JSONDecoder().decode(OverageSpendLimitResponse.self, from: data) else { return nil }
-        guard decoded.isEnabled == true else { return nil }
-        guard let used = decoded.usedCredits,
-              let limit = decoded.monthlyCreditLimit,
-              let currency = decoded.currency,
-              !currency.isEmpty else { return nil }
-
-        let usedAmount = used / 100.0
-        let limitAmount = limit / 100.0
-
-        return ProviderCostSnapshot(
-            used: usedAmount,
-            limit: limitAmount,
-            currencyCode: currency,
-            period: "Monthly",
-            resetsAt: nil,
-            updatedAt: Date())
+        return nil
     }
 
     #if DEBUG
@@ -568,12 +551,15 @@ public enum ClaudeWebAPIFetcher {
         try self.parseUsageResponse(data)
     }
 
-    public static func _parseOrganizationsResponseForTesting(_ data: Data) throws -> OrganizationInfo {
-        try self.parseOrganizationResponse(data)
+    public static func _parseOrganizationsResponseForTesting(
+        _ data: Data,
+        targetOrganizationID: String? = nil) throws -> OrganizationInfo
+    {
+        try self.parseOrganizationResponse(data, targetOrganizationID: targetOrganizationID)
     }
 
     public static func _parseOverageSpendLimitForTesting(_ data: Data) -> ProviderCostSnapshot? {
-        self.parseOverageSpendLimit(data)
+        ClaudeWebExtraUsageCost.parseOverageSpendLimit(data)
     }
 
     public static func _parseAccountInfoForTesting(_ data: Data, orgId: String?) -> WebAccountInfo? {
@@ -592,35 +578,31 @@ public enum ClaudeWebAPIFetcher {
         return formatter.date(from: string)
     }
 
-    private struct OrganizationResponse: Decodable {
-        let uuid: String
-        let name: String?
-        let capabilities: [String]?
-
-        var normalizedCapabilities: Set<String> {
-            Set((self.capabilities ?? []).map { $0.lowercased() })
-        }
-
-        var hasChatCapability: Bool {
-            self.normalizedCapabilities.contains("chat")
-        }
-
-        var isApiOnly: Bool {
-            let normalized = self.normalizedCapabilities
-            return !normalized.isEmpty && normalized == ["api"]
-        }
-    }
-
-    private static func parseOrganizationResponse(_ data: Data) throws -> OrganizationInfo {
-        guard let organizations = try? JSONDecoder().decode([OrganizationResponse].self, from: data) else {
+    private static func parseOrganizationResponse(
+        _ data: Data,
+        targetOrganizationID: String? = nil) throws -> OrganizationInfo
+    {
+        guard let organizations = try? JSONDecoder().decode([ClaudeWebOrganizationResponse].self, from: data) else {
             throw FetchError.invalidResponse
         }
+        if let targetOrganizationID = targetOrganizationID?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !targetOrganizationID.isEmpty
+        {
+            guard let selected = organizations.first(where: { $0.uuid == targetOrganizationID }) else {
+                throw FetchError.organizationNotFound(targetOrganizationID)
+            }
+            return self.organizationInfo(from: selected)
+        }
         guard let selected = organizations.first(where: { $0.hasChatCapability })
             ?? organizations.first(where: { !$0.isApiOnly })
             ?? organizations.first
         else {
             throw FetchError.noOrganization
         }
+        return self.organizationInfo(from: selected)
+    }
+
+    private static func organizationInfo(from selected: ClaudeWebOrganizationResponse) -> OrganizationInfo {
         let name = selected.name?.trimmingCharacters(in: .whitespacesAndNewlines)
         let sanitized = (name?.isEmpty ?? true) ? nil : name
         return OrganizationInfo(id: selected.uuid, name: sanitized)
@@ -677,7 +659,7 @@ public enum ClaudeWebAPIFetcher {
         request.timeoutInterval = 15
 
         do {
-            let (data, response) = try await URLSession.shared.data(for: request)
+            let (data, response) = try await ProviderHTTPClient.shared.data(for: request)
             guard let httpResponse = response as? HTTPURLResponse else { return nil }
             logger?("Account API status: \(httpResponse.statusCode)")
             guard httpResponse.statusCode == 200 else { return nil }
@@ -691,7 +673,7 @@ public enum ClaudeWebAPIFetcher {
         guard let response = try? JSONDecoder().decode(AccountResponse.self, from: data) else { return nil }
         let email = response.emailAddress?.trimmingCharacters(in: .whitespacesAndNewlines)
         let membership = Self.selectMembership(response.memberships, orgId: orgId)
-        let plan = Self.inferPlan(
+        let plan = ClaudePlan.webLoginMethod(
             rateLimitTier: membership?.organization.rateLimitTier,
             billingType: membership?.organization.billingType)
         return WebAccountInfo(email: email, loginMethod: plan)
@@ -708,18 +690,7 @@ public enum ClaudeWebAPIFetcher {
         return memberships.first
     }
 
-    private static func inferPlan(rateLimitTier: String?, billingType: String?) -> String? {
-        let tier = rateLimitTier?.lowercased() ?? ""
-        let billing = billingType?.lowercased() ?? ""
-        if tier.contains("max") { return "Claude Max" }
-        if tier.contains("pro") { return "Claude Pro" }
-        if tier.contains("team") { return "Claude Team" }
-        if tier.contains("enterprise") { return "Claude Enterprise" }
-        if billing.contains("stripe"), tier.contains("claude") { return "Claude Pro" }
-        return nil
-    }
-
-    private struct ProbeParseResult: Sendable {
+    private struct ProbeParseResult {
         let keys: [String]
         let emails: [String]
         let planHints: [String]
@@ -841,26 +812,32 @@ public enum ClaudeWebAPIFetcher {
 
     public static func fetchUsage(
         browserDetection: BrowserDetection,
+        targetOrganizationID: String? = nil,
         logger: ((String) -> Void)? = nil) async throws -> WebUsageData
     {
         _ = browserDetection
+        _ = targetOrganizationID
         _ = logger
         throw FetchError.notSupportedOnThisPlatform
     }
 
     public static func fetchUsage(
         cookieHeader: String,
+        targetOrganizationID: String? = nil,
         logger: ((String) -> Void)? = nil) async throws -> WebUsageData
     {
         _ = cookieHeader
+        _ = targetOrganizationID
         _ = logger
         throw FetchError.notSupportedOnThisPlatform
     }
 
     public static func fetchUsage(
         using sessionKeyInfo: SessionKeyInfo,
+        targetOrganizationID: String? = nil,
         logger: ((String) -> Void)? = nil) async throws -> WebUsageData
     {
+        _ = targetOrganizationID
         throw FetchError.notSupportedOnThisPlatform
     }
 
@@ -895,3 +872,122 @@ public enum ClaudeWebAPIFetcher {
 
     #endif
 }
+
+private enum ClaudeWebExtraUsageCost {
+    // MARK: - Extra usage cost (Claude "Extra")
+
+    static func parse(from value: Any?) -> ProviderCostSnapshot? {
+        guard let extraUsage = value as? [String: Any] else { return nil }
+        guard let used = Self.doubleValue(extraUsage["used_credits"]),
+              let limit = Self.doubleValue(extraUsage["monthly_limit"] ?? extraUsage["monthly_credit_limit"]),
+              limit > 0 else { return nil }
+        let currency = (extraUsage["currency"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let currencyCode = currency?.isEmpty == false ? currency ?? "USD" : "USD"
+        return Self.makeExtraUsageCost(
+            usedCredits: used,
+            monthlyCreditLimit: limit,
+            currencyCode: currencyCode)
+    }
+
+    struct OverageSpendLimitResponse: Decodable {
+        let monthlyCreditLimit: Double?
+        let currency: String?
+        let usedCredits: Double?
+        let isEnabled: Bool?
+
+        enum CodingKeys: String, CodingKey {
+            case monthlyCreditLimit = "monthly_credit_limit"
+            case currency
+            case usedCredits = "used_credits"
+            case isEnabled = "is_enabled"
+        }
+    }
+
+    /// Best-effort fetch of Claude Extra spend/limit (does not fail the main usage fetch).
+    static func fetch(
+        baseURL: String,
+        orgId: String,
+        sessionKey: String,
+        logger: ((String) -> Void)? = nil) async -> ProviderCostSnapshot?
+    {
+        let url = URL(string: "\(baseURL)/organizations/\(orgId)/overage_spend_limit")!
+        var request = URLRequest(url: url)
+        request.setValue("sessionKey=\(sessionKey)", forHTTPHeaderField: "Cookie")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.httpMethod = "GET"
+        request.timeoutInterval = 15
+
+        do {
+            let (data, response) = try await ProviderHTTPClient.shared.data(for: request)
+            guard let httpResponse = response as? HTTPURLResponse else { return nil }
+            logger?("Overage API status: \(httpResponse.statusCode)")
+            guard httpResponse.statusCode == 200 else { return nil }
+            return Self.parseOverageSpendLimit(data)
+        } catch {
+            return nil
+        }
+    }
+
+    static func parseOverageSpendLimit(_ data: Data) -> ProviderCostSnapshot? {
+        guard let decoded = try? JSONDecoder().decode(OverageSpendLimitResponse.self, from: data) else { return nil }
+        guard decoded.isEnabled == true else { return nil }
+        guard let used = decoded.usedCredits,
+              let limit = decoded.monthlyCreditLimit,
+              let currency = decoded.currency,
+              !currency.isEmpty else { return nil }
+
+        return Self.makeExtraUsageCost(
+            usedCredits: used,
+            monthlyCreditLimit: limit,
+            currencyCode: currency)
+    }
+
+    static func makeExtraUsageCost(
+        usedCredits: Double,
+        monthlyCreditLimit: Double,
+        currencyCode: String) -> ProviderCostSnapshot
+    {
+        let usedAmount = usedCredits / 100.0
+        let limitAmount = monthlyCreditLimit / 100.0
+
+        return ProviderCostSnapshot(
+            used: usedAmount,
+            limit: limitAmount,
+            currencyCode: currencyCode,
+            period: "Monthly cap",
+            resetsAt: nil,
+            updatedAt: Date())
+    }
+
+    static func doubleValue(_ value: Any?) -> Double? {
+        switch value {
+        case let int as Int:
+            Double(int)
+        case let double as Double:
+            double
+        case let string as String:
+            Double(string)
+        default:
+            nil
+        }
+    }
+}
+
+private struct ClaudeWebOrganizationResponse: Decodable {
+    let uuid: String
+    let name: String?
+    let capabilities: [String]?
+
+    var normalizedCapabilities: Set<String> {
+        Set((self.capabilities ?? []).map { $0.lowercased() })
+    }
+
+    var hasChatCapability: Bool {
+        self.normalizedCapabilities.contains("chat")
+    }
+
+    var isApiOnly: Bool {
+        let normalized = self.normalizedCapabilities
+        return !normalized.isEmpty && normalized == ["api"]
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Claude/ClaudeWeb/ClaudeWebExtraRateWindowParser.swift b/Sources/CodexBarCore/Providers/Claude/ClaudeWeb/ClaudeWebExtraRateWindowParser.swift
new file mode 100644
index 000000000..e9be31eee
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Claude/ClaudeWeb/ClaudeWebExtraRateWindowParser.swift
@@ -0,0 +1,106 @@
+import Foundation
+
+enum ClaudeWebExtraRateWindowParser {
+    private static let definitions: [(id: String, title: String, keys: [String])] = [
+        (
+            id: "claude-routines",
+            title: "Daily Routines",
+            keys: [
+                "seven_day_routines",
+                "seven_day_claude_routines",
+                "claude_routines",
+                "routines",
+                "routine",
+                "seven_day_cowork",
+                "cowork",
+            ]),
+    ]
+
+    static func parse(from json: [String: Any]) -> (windows: [NamedRateWindow], sourceKeys: [String: String]) {
+        var windows: [NamedRateWindow] = []
+        var sourceKeys: [String: String] = [:]
+        windows.reserveCapacity(Self.definitions.count)
+
+        for definition in Self.definitions {
+            if let foundWindow = Self.firstUsageWindow(in: json, keys: definition.keys) {
+                let rawWindow = foundWindow.window
+                guard let utilization = Self.percentValue(from: rawWindow["utilization"]) else { continue }
+                let resetsAt = (rawWindow["resets_at"] as? String).flatMap(Self.parseISO8601Date)
+                windows.append(Self.namedWindow(
+                    id: definition.id,
+                    title: definition.title,
+                    usedPercent: utilization,
+                    resetsAt: resetsAt))
+                sourceKeys[definition.id] = foundWindow.sourceKey
+                continue
+            }
+
+            // Some accounts expose the key with null payloads (for example `seven_day_cowork: null`).
+            // Preserve the bar in that case with a 0% window so the product section remains visible.
+            if let key = Self.firstUsageKey(in: json, keys: definition.keys) {
+                windows.append(Self.namedWindow(
+                    id: definition.id,
+                    title: definition.title,
+                    usedPercent: 0,
+                    resetsAt: nil))
+                sourceKeys[definition.id] = key
+            }
+        }
+        return (windows, sourceKeys)
+    }
+
+    private static func namedWindow(
+        id: String,
+        title: String,
+        usedPercent: Double,
+        resetsAt: Date?) -> NamedRateWindow
+    {
+        NamedRateWindow(
+            id: id,
+            title: title,
+            window: RateWindow(
+                usedPercent: usedPercent,
+                windowMinutes: 7 * 24 * 60,
+                resetsAt: resetsAt,
+                resetDescription: nil))
+    }
+
+    private static func firstUsageWindow(
+        in json: [String: Any],
+        keys: [String]) -> (window: [String: Any], sourceKey: String)?
+    {
+        for key in keys {
+            if let window = json[key] as? [String: Any] {
+                return (window, key)
+            }
+        }
+        return nil
+    }
+
+    private static func firstUsageKey(in json: [String: Any], keys: [String]) -> String? {
+        for key in keys where json.keys.contains(key) {
+            return key
+        }
+        return nil
+    }
+
+    private static func percentValue(from value: Any?) -> Double? {
+        if let intValue = value as? Int {
+            return Double(intValue)
+        }
+        if let doubleValue = value as? Double {
+            return doubleValue
+        }
+        return nil
+    }
+
+    private static func parseISO8601Date(_ string: String) -> Date? {
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        if let date = formatter.date(from: string) {
+            return date
+        }
+        formatter.formatOptions = [.withInternetDateTime]
+        return formatter.date(from: string)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codebuff/CodebuffProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Codebuff/CodebuffProviderDescriptor.swift
new file mode 100644
index 000000000..8ea43102f
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codebuff/CodebuffProviderDescriptor.swift
@@ -0,0 +1,93 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum CodebuffProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .codebuff,
+            metadata: ProviderMetadata(
+                id: .codebuff,
+                displayName: "Codebuff",
+                sessionLabel: "Credits",
+                weeklyLabel: "Weekly",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: true,
+                creditsHint: "Credit balance from the Codebuff API",
+                toggleTitle: "Show Codebuff usage",
+                cliName: "codebuff",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: nil,
+                dashboardURL: "https://www.codebuff.com/usage",
+                statusPageURL: nil,
+                statusLinkURL: nil),
+            branding: ProviderBranding(
+                iconStyle: .codebuff,
+                iconResourceName: "ProviderIcon-codebuff",
+                color: ProviderColor(red: 68 / 255, green: 255 / 255, blue: 0 / 255)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "Codebuff cost summary is not yet supported." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .api],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [CodebuffAPIFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "codebuff",
+                aliases: ["manicode"],
+                versionDetector: nil))
+    }
+}
+
+struct CodebuffAPIFetchStrategy: ProviderFetchStrategy {
+    let id: String = "codebuff.api"
+    let kind: ProviderFetchKind = .apiToken
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        _ = context
+        // Keep the strategy available so missing-token surfaces as a user-friendly error
+        // instead of a generic "no strategy" outcome.
+        return true
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard let resolution = Self.resolveToken(environment: context.env) else {
+            throw CodebuffUsageError.missingCredentials
+        }
+        let usage = try await CodebuffUsageFetcher.fetchUsage(
+            apiKey: resolution.token,
+            environment: context.env,
+            includeSubscription: Self.shouldFetchSubscription(for: resolution))
+        return self.makeResult(
+            usage: usage.toUsageSnapshot(),
+            sourceLabel: "api")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    static func shouldFetchSubscription(for resolution: ProviderTokenResolution) -> Bool {
+        resolution.source == .authFile
+    }
+
+    private static func resolveToken(environment: [String: String]) -> ProviderTokenResolution? {
+        ProviderTokenResolver.codebuffResolution(environment: environment)
+    }
+}
+
+/// Errors related to Codebuff settings.
+public enum CodebuffSettingsError: LocalizedError, Sendable {
+    case missingToken
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingToken:
+            "Codebuff API token not configured. Set CODEBUFF_API_KEY or run `codebuff login` to " +
+                "populate ~/.config/manicode/credentials.json."
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codebuff/CodebuffSettingsReader.swift b/Sources/CodexBarCore/Providers/Codebuff/CodebuffSettingsReader.swift
new file mode 100644
index 000000000..a046b43ca
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codebuff/CodebuffSettingsReader.swift
@@ -0,0 +1,75 @@
+import Foundation
+
+/// Reads Codebuff settings from the environment or the local credentials file
+/// that the `codebuff` CLI (formerly `manicode`) writes when the user logs in.
+public enum CodebuffSettingsReader {
+    /// Environment variable key for the Codebuff API token.
+    public static let apiTokenKey = "CODEBUFF_API_KEY"
+
+    /// Returns the API token from environment if present and non-empty.
+    public static func apiKey(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        self.cleaned(environment[self.apiTokenKey])
+    }
+
+    /// Returns the API base URL, defaulting to the production endpoint.
+    public static func apiURL(environment: [String: String] = ProcessInfo.processInfo.environment) -> URL {
+        if let override = environment["CODEBUFF_API_URL"],
+           let url = URL(string: cleaned(override) ?? "")
+        {
+            return url
+        }
+        return URL(string: "https://www.codebuff.com")!
+    }
+
+    /// Returns the auth token from the local credentials file if present.
+    public static func authToken(
+        authFileURL: URL? = nil,
+        homeDirectory: URL = FileManager.default.homeDirectoryForCurrentUser) -> String?
+    {
+        let fileURL = authFileURL ?? self.defaultAuthFileURL(homeDirectory: homeDirectory)
+        guard let data = try? Data(contentsOf: fileURL) else { return nil }
+        return self.parseAuthToken(data: data)
+    }
+
+    /// Default on-disk credentials path: `~/.config/manicode/credentials.json`.
+    static func defaultAuthFileURL(homeDirectory: URL) -> URL {
+        homeDirectory
+            .appendingPathComponent(".config", isDirectory: true)
+            .appendingPathComponent("manicode", isDirectory: true)
+            .appendingPathComponent("credentials.json", isDirectory: false)
+    }
+
+    static func parseAuthToken(data: Data) -> String? {
+        guard let payload = try? JSONDecoder().decode(CredentialsFile.self, from: data) else {
+            return nil
+        }
+        return self.cleaned(payload.default?.authToken) ?? self.cleaned(payload.authToken)
+    }
+
+    static func cleaned(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+
+        value = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : value
+    }
+}
+
+private struct CredentialsFile: Decodable {
+    let `default`: CredentialsProfile?
+    let authToken: String?
+}
+
+private struct CredentialsProfile: Decodable {
+    let authToken: String?
+    let fingerprintId: String?
+    let email: String?
+    let name: String?
+}
diff --git a/Sources/CodexBarCore/Providers/Codebuff/CodebuffUsageError.swift b/Sources/CodexBarCore/Providers/Codebuff/CodebuffUsageError.swift
new file mode 100644
index 000000000..729d17f89
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codebuff/CodebuffUsageError.swift
@@ -0,0 +1,40 @@
+import Foundation
+
+public enum CodebuffUsageError: LocalizedError, Sendable, Equatable {
+    case missingCredentials
+    case unauthorized
+    case endpointNotFound
+    case serviceUnavailable(Int)
+    case apiError(Int)
+    case networkError(String)
+    case parseFailed(String)
+
+    public static let missingToken: CodebuffUsageError = .missingCredentials
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCredentials:
+            "Codebuff API token not configured. Set CODEBUFF_API_KEY or run `codebuff login` to " +
+                "populate ~/.config/manicode/credentials.json."
+        case .unauthorized:
+            "Unauthorized. Please sign in to Codebuff again."
+        case .endpointNotFound:
+            "Codebuff usage endpoint not found."
+        case let .serviceUnavailable(status):
+            "Codebuff API is temporarily unavailable (status \(status))."
+        case let .apiError(status):
+            "Codebuff API returned an unexpected status (\(status))."
+        case let .networkError(message):
+            "Codebuff API error: \(message)"
+        case let .parseFailed(message):
+            "Could not parse Codebuff usage: \(message)"
+        }
+    }
+
+    public var isAuthRelated: Bool {
+        switch self {
+        case .unauthorized, .missingCredentials: true
+        default: false
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codebuff/CodebuffUsageFetcher.swift b/Sources/CodexBarCore/Providers/Codebuff/CodebuffUsageFetcher.swift
new file mode 100644
index 000000000..bd8062ad6
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codebuff/CodebuffUsageFetcher.swift
@@ -0,0 +1,345 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+/// Fetches live credit balance and subscription details from the Codebuff API.
+/// Uses Bearer token auth against the public www.codebuff.com endpoints used by
+/// the dashboard + the `codebuff` CLI.
+public enum CodebuffUsageFetcher {
+    private static let requestTimeoutSeconds: TimeInterval = 15
+    /// Extra grace period to wait for the optional subscription endpoint after the
+    /// primary usage call returns. Keeps the menu responsive when `/api/user/subscription`
+    /// is slow or hangs while `/api/v1/usage` succeeds quickly.
+    private static let subscriptionGraceSeconds: TimeInterval = 2
+
+    public static func fetchUsage(
+        apiKey: String,
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        includeSubscription: Bool = true,
+        session transport: any ProviderHTTPTransport = ProviderHTTPClient.shared) async throws -> CodebuffUsageSnapshot
+    {
+        let trimmed = apiKey.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else {
+            throw CodebuffUsageError.missingCredentials
+        }
+
+        let baseURL = CodebuffSettingsReader.apiURL(environment: environment)
+
+        let (usageValues, subscriptionValues) = try await self.fetchPayloads(
+            apiKey: trimmed,
+            baseURL: baseURL,
+            includeSubscription: includeSubscription,
+            transport: transport)
+
+        return CodebuffUsageSnapshot(
+            creditsUsed: usageValues.used,
+            creditsTotal: usageValues.total,
+            creditsRemaining: usageValues.remaining,
+            weeklyUsed: subscriptionValues?.weeklyUsed,
+            weeklyLimit: subscriptionValues?.weeklyLimit,
+            weeklyResetsAt: subscriptionValues?.weeklyResetsAt,
+            billingPeriodEnd: subscriptionValues?.billingPeriodEnd,
+            nextQuotaReset: usageValues.nextQuotaReset,
+            tier: subscriptionValues?.tier,
+            subscriptionStatus: subscriptionValues?.status,
+            autoTopUpEnabled: usageValues.autoTopupEnabled,
+            accountEmail: subscriptionValues?.email,
+            updatedAt: Date())
+    }
+
+    private static func fetchPayloads(
+        apiKey: String,
+        baseURL: URL,
+        includeSubscription: Bool,
+        transport: any ProviderHTTPTransport) async throws -> (UsagePayload, SubscriptionPayload?)
+    {
+        try await withThrowingTaskGroup(of: FetchResult.self) { group in
+            group.addTask {
+                try await .usage(self.fetchUsagePayload(apiKey: apiKey, baseURL: baseURL, transport: transport))
+            }
+            if includeSubscription {
+                group.addTask {
+                    await .subscription(try? self.fetchSubscriptionPayload(
+                        apiKey: apiKey,
+                        baseURL: baseURL,
+                        transport: transport))
+                }
+            }
+
+            var usageValues: UsagePayload?
+            var subscriptionValues: SubscriptionPayload?
+            var subscriptionFinished = !includeSubscription
+            var timeoutStarted = false
+
+            while let result = try await group.next() {
+                switch result {
+                case let .usage(payload):
+                    usageValues = payload
+                    if subscriptionFinished {
+                        group.cancelAll()
+                        return (payload, subscriptionValues)
+                    }
+                    if !timeoutStarted {
+                        timeoutStarted = true
+                        group.addTask {
+                            let nanos = UInt64(max(0, Self.subscriptionGraceSeconds) * 1_000_000_000)
+                            try? await Task.sleep(nanoseconds: nanos)
+                            return .subscriptionTimeout
+                        }
+                    }
+
+                case let .subscription(payload):
+                    subscriptionValues = payload
+                    subscriptionFinished = true
+                    if let usageValues {
+                        group.cancelAll()
+                        return (usageValues, payload)
+                    }
+
+                case .subscriptionTimeout:
+                    if let usageValues {
+                        group.cancelAll()
+                        return (usageValues, subscriptionValues)
+                    }
+                }
+            }
+
+            throw CodebuffUsageError.networkError("Usage request did not complete")
+        }
+    }
+
+    // MARK: - Endpoint helpers
+
+    private enum FetchResult {
+        case usage(UsagePayload)
+        case subscription(SubscriptionPayload?)
+        case subscriptionTimeout
+    }
+
+    struct UsagePayload {
+        let used: Double?
+        let total: Double?
+        let remaining: Double?
+        let nextQuotaReset: Date?
+        let autoTopupEnabled: Bool?
+    }
+
+    struct SubscriptionPayload {
+        let status: String?
+        let tier: String?
+        let billingPeriodEnd: Date?
+        let weeklyUsed: Double?
+        let weeklyLimit: Double?
+        let weeklyResetsAt: Date?
+        let email: String?
+    }
+
+    static func usageURL(baseURL: URL) -> URL {
+        baseURL.appendingPathComponent("/api/v1/usage")
+    }
+
+    static func subscriptionURL(baseURL: URL) -> URL {
+        baseURL.appendingPathComponent("/api/user/subscription")
+    }
+
+    static func statusError(for statusCode: Int) -> CodebuffUsageError? {
+        switch statusCode {
+        case 401, 403: .unauthorized
+        case 404: .endpointNotFound
+        case 500...599: .serviceUnavailable(statusCode)
+        default: nil
+        }
+    }
+
+    static func parseUsagePayload(_ data: Data) throws -> UsagePayload {
+        guard let root = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
+            throw CodebuffUsageError.parseFailed("Invalid JSON")
+        }
+
+        let used = self.double(from: root["usage"]) ?? self.double(from: root["used"])
+        let total = self.double(from: root["quota"]) ?? self.double(from: root["limit"])
+        let remaining = self.double(from: root["remainingBalance"]) ?? self.double(from: root["remaining"])
+        let reset = self.date(from: root["next_quota_reset"])
+        let autoTopUp = root["autoTopupEnabled"] as? Bool ?? root["auto_topup_enabled"] as? Bool
+
+        return UsagePayload(
+            used: used,
+            total: total,
+            remaining: remaining,
+            nextQuotaReset: reset,
+            autoTopupEnabled: autoTopUp)
+    }
+
+    static func parseSubscriptionPayload(_ data: Data) throws -> SubscriptionPayload {
+        guard let root = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
+            throw CodebuffUsageError.parseFailed("Invalid JSON")
+        }
+
+        let subscription = root["subscription"] as? [String: Any]
+        let rateLimit = root["rateLimit"] as? [String: Any]
+
+        let tier = self.string(from: subscription?["displayName"])
+            ?? self.string(from: root["displayName"])
+            ?? self.string(from: subscription?["tier"])
+            ?? self.string(from: root["tier"])
+            ?? self.string(from: subscription?["scheduledTier"])
+        let status = subscription?["status"] as? String
+        let email = root["email"] as? String ?? (root["user"] as? [String: Any])?["email"] as? String
+        let billingPeriodEnd = self.date(from: subscription?["billingPeriodEnd"])
+            ?? self.date(from: subscription?["currentPeriodEnd"])
+        let weeklyUsed = self.double(from: rateLimit?["weeklyUsed"])
+            ?? self.double(from: rateLimit?["used"])
+        let weeklyLimit = self.double(from: rateLimit?["weeklyLimit"])
+            ?? self.double(from: rateLimit?["limit"])
+        let weeklyResetsAt = self.date(from: rateLimit?["weeklyResetsAt"])
+
+        return SubscriptionPayload(
+            status: status,
+            tier: tier,
+            billingPeriodEnd: billingPeriodEnd,
+            weeklyUsed: weeklyUsed,
+            weeklyLimit: weeklyLimit,
+            weeklyResetsAt: weeklyResetsAt,
+            email: email)
+    }
+
+    // MARK: - Test hooks
+
+    static func _parseUsagePayloadForTesting(_ data: Data) throws -> UsagePayload {
+        try self.parseUsagePayload(data)
+    }
+
+    static func _parseSubscriptionPayloadForTesting(_ data: Data) throws -> SubscriptionPayload {
+        try self.parseSubscriptionPayload(data)
+    }
+
+    static func _statusErrorForTesting(_ statusCode: Int) -> CodebuffUsageError? {
+        self.statusError(for: statusCode)
+    }
+
+    // MARK: - Networking
+
+    private static func fetchUsagePayload(
+        apiKey: String,
+        baseURL: URL,
+        transport: any ProviderHTTPTransport) async throws -> UsagePayload
+    {
+        var request = URLRequest(url: self.usageURL(baseURL: baseURL))
+        request.httpMethod = "POST"
+        request.timeoutInterval = self.requestTimeoutSeconds
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Content-Type")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.httpBody = try? JSONSerialization.data(withJSONObject: ["fingerprintId": "codexbar-usage"])
+
+        let response = try await self.send(request: request, transport: transport)
+        if let err = self.statusError(for: response.statusCode) {
+            throw err
+        }
+        guard response.statusCode == 200 else {
+            throw CodebuffUsageError.apiError(response.statusCode)
+        }
+        return try self.parseUsagePayload(response.data)
+    }
+
+    private static func fetchSubscriptionPayload(
+        apiKey: String,
+        baseURL: URL,
+        transport: any ProviderHTTPTransport) async throws -> SubscriptionPayload
+    {
+        var request = URLRequest(url: self.subscriptionURL(baseURL: baseURL))
+        request.httpMethod = "GET"
+        request.timeoutInterval = self.requestTimeoutSeconds
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+
+        let response = try await self.send(request: request, transport: transport)
+        if let err = self.statusError(for: response.statusCode) {
+            throw err
+        }
+        guard response.statusCode == 200 else {
+            throw CodebuffUsageError.apiError(response.statusCode)
+        }
+        return try self.parseSubscriptionPayload(response.data)
+    }
+
+    private static func send(
+        request: URLRequest,
+        transport: any ProviderHTTPTransport) async throws -> ProviderHTTPResponse
+    {
+        do {
+            return try await transport.response(for: request)
+        } catch let error as CodebuffUsageError {
+            throw error
+        } catch let error as URLError where error.code == .badServerResponse {
+            throw CodebuffUsageError.networkError("Invalid response")
+        } catch {
+            throw CodebuffUsageError.networkError(error.localizedDescription)
+        }
+    }
+
+    // MARK: - Value parsing
+
+    private static func double(from value: Any?) -> Double? {
+        switch value {
+        case let number as NSNumber:
+            let raw = number.doubleValue
+            return raw.isFinite ? raw : nil
+        case let string as String:
+            let trimmed = string.trimmingCharacters(in: .whitespacesAndNewlines)
+            guard !trimmed.isEmpty, let raw = Double(trimmed), raw.isFinite else { return nil }
+            return raw
+        default:
+            return nil
+        }
+    }
+
+    private static func string(from value: Any?) -> String? {
+        switch value {
+        case let string as String:
+            let trimmed = string.trimmingCharacters(in: .whitespacesAndNewlines)
+            return trimmed.isEmpty ? nil : trimmed
+        case let number as NSNumber:
+            let raw = number.doubleValue
+            guard raw.isFinite else { return nil }
+            return number.stringValue
+        default:
+            return nil
+        }
+    }
+
+    private static func date(from value: Any?) -> Date? {
+        switch value {
+        case let string as String:
+            let trimmed = string.trimmingCharacters(in: .whitespacesAndNewlines)
+            guard !trimmed.isEmpty else { return nil }
+            let fractional = ISO8601DateFormatter()
+            fractional.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+            if let date = fractional.date(from: trimmed) {
+                return date
+            }
+            let plain = ISO8601DateFormatter()
+            plain.formatOptions = [.withInternetDateTime]
+            if let date = plain.date(from: trimmed) {
+                return date
+            }
+            if let interval = Double(trimmed), interval.isFinite {
+                return Self.dateFromNumeric(interval)
+            }
+            return nil
+        case let number as NSNumber:
+            let raw = number.doubleValue
+            return raw.isFinite ? Self.dateFromNumeric(raw) : nil
+        default:
+            return nil
+        }
+    }
+
+    private static func dateFromNumeric(_ value: Double) -> Date? {
+        if value > 10_000_000_000 {
+            return Date(timeIntervalSince1970: value / 1000)
+        }
+        return Date(timeIntervalSince1970: value)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codebuff/CodebuffUsageSnapshot.swift b/Sources/CodexBarCore/Providers/Codebuff/CodebuffUsageSnapshot.swift
new file mode 100644
index 000000000..478cc8e1e
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codebuff/CodebuffUsageSnapshot.swift
@@ -0,0 +1,147 @@
+import Foundation
+
+/// Parsed view of a Codebuff usage + subscription response pair.
+public struct CodebuffUsageSnapshot: Sendable {
+    public let creditsUsed: Double?
+    public let creditsTotal: Double?
+    public let creditsRemaining: Double?
+    public let weeklyUsed: Double?
+    public let weeklyLimit: Double?
+    public let weeklyResetsAt: Date?
+    public let billingPeriodEnd: Date?
+    public let nextQuotaReset: Date?
+    public let tier: String?
+    public let subscriptionStatus: String?
+    public let autoTopUpEnabled: Bool?
+    public let accountEmail: String?
+    public let updatedAt: Date
+
+    public init(
+        creditsUsed: Double? = nil,
+        creditsTotal: Double? = nil,
+        creditsRemaining: Double? = nil,
+        weeklyUsed: Double? = nil,
+        weeklyLimit: Double? = nil,
+        weeklyResetsAt: Date? = nil,
+        billingPeriodEnd: Date? = nil,
+        nextQuotaReset: Date? = nil,
+        tier: String? = nil,
+        subscriptionStatus: String? = nil,
+        autoTopUpEnabled: Bool? = nil,
+        accountEmail: String? = nil,
+        updatedAt: Date = Date())
+    {
+        self.creditsUsed = creditsUsed
+        self.creditsTotal = creditsTotal
+        self.creditsRemaining = creditsRemaining
+        self.weeklyUsed = weeklyUsed
+        self.weeklyLimit = weeklyLimit
+        self.weeklyResetsAt = weeklyResetsAt
+        self.billingPeriodEnd = billingPeriodEnd
+        self.nextQuotaReset = nextQuotaReset
+        self.tier = tier
+        self.subscriptionStatus = subscriptionStatus
+        self.autoTopUpEnabled = autoTopUpEnabled
+        self.accountEmail = accountEmail
+        self.updatedAt = updatedAt
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let primary = self.makeCreditsWindow()
+        let secondary = self.makeWeeklyWindow()
+
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codebuff,
+            accountEmail: self.accountEmail,
+            accountOrganization: nil,
+            loginMethod: self.makeLoginMethod())
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: secondary,
+            tertiary: nil,
+            providerCost: nil,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+
+    private func makeCreditsWindow() -> RateWindow? {
+        let total = self.resolvedTotal
+        guard let total, total > 0 else {
+            if self.creditsRemaining != nil || self.creditsUsed != nil {
+                // Degenerate case: no usable quota in the payload. Surface the row as fully
+                // exhausted so missing quota data is visibly surfaced (matches Kilo's behaviour
+                // for zero/unknown totals) rather than rendering a misleading healthy bar.
+                return RateWindow(
+                    usedPercent: 100,
+                    windowMinutes: nil,
+                    resetsAt: self.nextQuotaReset,
+                    resetDescription: nil)
+            }
+            return nil
+        }
+        let used = self.resolvedUsed
+        let percent = min(100, max(0, (used / total) * 100))
+        // Note: do not stuff the credit balance ("X/Y credits") into `resetDescription` —
+        // generic renderers (UsageFormatter.resetLine) prepend "Resets " when `resetsAt`
+        // is absent, which would surface misleading text like "Resets 250/1,000 credits".
+        // The credits detail is shown via the dedicated Codebuff account panel instead.
+        return RateWindow(
+            usedPercent: percent,
+            windowMinutes: nil,
+            resetsAt: self.nextQuotaReset,
+            resetDescription: nil)
+    }
+
+    private func makeWeeklyWindow() -> RateWindow? {
+        guard let limit = self.weeklyLimit, limit > 0 else { return nil }
+        let used = max(0, self.weeklyUsed ?? 0)
+        let percent = min(100, max(0, (used / limit) * 100))
+        // Same reasoning as above: avoid encoding non-reset detail in `resetDescription`.
+        return RateWindow(
+            usedPercent: percent,
+            windowMinutes: 7 * 24 * 60,
+            resetsAt: self.weeklyResetsAt,
+            resetDescription: nil)
+    }
+
+    private var resolvedTotal: Double? {
+        if let creditsTotal { return max(0, creditsTotal) }
+        if let creditsUsed, let creditsRemaining {
+            return max(0, creditsUsed + creditsRemaining)
+        }
+        return nil
+    }
+
+    private var resolvedUsed: Double {
+        if let creditsUsed {
+            return max(0, creditsUsed)
+        }
+        if let total = self.resolvedTotal, let creditsRemaining {
+            return max(0, total - creditsRemaining)
+        }
+        return 0
+    }
+
+    private func makeLoginMethod() -> String? {
+        var parts: [String] = []
+        if let tier = self.tier?.trimmingCharacters(in: .whitespacesAndNewlines), !tier.isEmpty {
+            parts.append(tier.capitalized)
+        }
+        if let remaining = self.creditsRemaining {
+            parts.append("\(Self.compactNumber(remaining)) remaining")
+        }
+        if self.autoTopUpEnabled == true {
+            parts.append("auto top-up")
+        }
+        return parts.isEmpty ? nil : parts.joined(separator: " · ")
+    }
+
+    static func compactNumber(_ value: Double) -> String {
+        let formatter = NumberFormatter()
+        formatter.numberStyle = .decimal
+        formatter.locale = Locale(identifier: "en_US")
+        formatter.maximumFractionDigits = value >= 1000 ? 0 : 1
+        return formatter.string(from: NSNumber(value: value)) ?? String(format: "%.0f", value)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexAccountReconciliation.swift b/Sources/CodexBarCore/Providers/Codex/CodexAccountReconciliation.swift
new file mode 100644
index 000000000..25dcae7ac
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codex/CodexAccountReconciliation.swift
@@ -0,0 +1,325 @@
+import Foundation
+
+public struct CodexResolvedActiveSource: Equatable, Sendable {
+    public let persistedSource: CodexActiveSource
+    public let resolvedSource: CodexActiveSource
+
+    public init(persistedSource: CodexActiveSource, resolvedSource: CodexActiveSource) {
+        self.persistedSource = persistedSource
+        self.resolvedSource = resolvedSource
+    }
+
+    public var requiresPersistenceCorrection: Bool {
+        self.persistedSource != self.resolvedSource
+    }
+}
+
+public enum CodexActiveSourceResolver {
+    public static func resolve(from snapshot: CodexAccountReconciliationSnapshot) -> CodexResolvedActiveSource {
+        let persistedSource = snapshot.activeSource
+        let resolvedSource: CodexActiveSource = switch persistedSource {
+        case .liveSystem:
+            .liveSystem
+        case let .managedAccount(id):
+            if let activeStoredAccount = snapshot.activeStoredAccount {
+                self.matchesLiveSystemAccount(
+                    storedAccount: activeStoredAccount,
+                    snapshot: snapshot,
+                    liveSystemAccount: snapshot.liveSystemAccount) ? .liveSystem : .managedAccount(id: id)
+            } else {
+                snapshot.liveSystemAccount != nil ? .liveSystem : .managedAccount(id: id)
+            }
+        }
+
+        return CodexResolvedActiveSource(
+            persistedSource: persistedSource,
+            resolvedSource: resolvedSource)
+    }
+
+    private static func matchesLiveSystemAccount(
+        storedAccount: ManagedCodexAccount,
+        snapshot: CodexAccountReconciliationSnapshot,
+        liveSystemAccount: ObservedSystemCodexAccount?) -> Bool
+    {
+        guard let liveSystemAccount else { return false }
+        if let storedFingerprint = storedAccount.authFingerprint,
+           let liveFingerprint = liveSystemAccount.authFingerprint,
+           storedFingerprint == liveFingerprint
+        {
+            return true
+        }
+        return CodexIdentityMatcher.matches(
+            snapshot.runtimeIdentity(for: storedAccount),
+            lhsEmail: snapshot.runtimeEmail(for: storedAccount),
+            snapshot.runtimeIdentity(for: liveSystemAccount),
+            rhsEmail: liveSystemAccount.email)
+    }
+}
+
+public struct CodexAccountReconciliationSnapshot: Equatable, Sendable {
+    public let storedAccounts: [ManagedCodexAccount]
+    public let activeStoredAccount: ManagedCodexAccount?
+    public let liveSystemAccount: ObservedSystemCodexAccount?
+    public let matchingStoredAccountForLiveSystemAccount: ManagedCodexAccount?
+    public let activeSource: CodexActiveSource
+    public let hasUnreadableAddedAccountStore: Bool
+    public let storedAccountRuntimeIdentities: [UUID: CodexIdentity]
+    public let storedAccountRuntimeEmails: [UUID: String]
+
+    public init(
+        storedAccounts: [ManagedCodexAccount],
+        activeStoredAccount: ManagedCodexAccount?,
+        liveSystemAccount: ObservedSystemCodexAccount?,
+        matchingStoredAccountForLiveSystemAccount: ManagedCodexAccount?,
+        activeSource: CodexActiveSource,
+        hasUnreadableAddedAccountStore: Bool,
+        storedAccountRuntimeIdentities: [UUID: CodexIdentity] = [:],
+        storedAccountRuntimeEmails: [UUID: String] = [:])
+    {
+        self.storedAccounts = storedAccounts
+        self.activeStoredAccount = activeStoredAccount
+        self.liveSystemAccount = liveSystemAccount
+        self.matchingStoredAccountForLiveSystemAccount = matchingStoredAccountForLiveSystemAccount
+        self.activeSource = activeSource
+        self.hasUnreadableAddedAccountStore = hasUnreadableAddedAccountStore
+        self.storedAccountRuntimeIdentities = storedAccountRuntimeIdentities
+        self.storedAccountRuntimeEmails = storedAccountRuntimeEmails
+    }
+
+    public static func == (lhs: CodexAccountReconciliationSnapshot, rhs: CodexAccountReconciliationSnapshot) -> Bool {
+        lhs.storedAccounts.map(AccountIdentity.init) == rhs.storedAccounts.map(AccountIdentity.init)
+            && lhs.activeStoredAccount.map(AccountIdentity.init) == rhs.activeStoredAccount.map(AccountIdentity.init)
+            && lhs.liveSystemAccount == rhs.liveSystemAccount
+            && lhs.matchingStoredAccountForLiveSystemAccount.map(AccountIdentity.init)
+            == rhs.matchingStoredAccountForLiveSystemAccount.map(AccountIdentity.init)
+            && lhs.activeSource == rhs.activeSource
+            && lhs.hasUnreadableAddedAccountStore == rhs.hasUnreadableAddedAccountStore
+            && lhs.storedAccountRuntimeIdentities == rhs.storedAccountRuntimeIdentities
+            && lhs.storedAccountRuntimeEmails == rhs.storedAccountRuntimeEmails
+    }
+
+    public func runtimeIdentity(for storedAccount: ManagedCodexAccount) -> CodexIdentity {
+        self.storedAccountRuntimeIdentities[storedAccount.id]
+            ?? CodexIdentityResolver.resolve(accountId: nil, email: storedAccount.email)
+    }
+
+    public func runtimeEmail(for storedAccount: ManagedCodexAccount) -> String {
+        self.storedAccountRuntimeEmails[storedAccount.id]
+            ?? Self.normalizeEmail(storedAccount.email)
+    }
+
+    public func runtimeIdentity(for liveSystemAccount: ObservedSystemCodexAccount) -> CodexIdentity {
+        CodexIdentityMatcher.normalized(
+            liveSystemAccount.identity,
+            fallbackEmail: liveSystemAccount.email)
+    }
+
+    private static func normalizeEmail(_ email: String) -> String {
+        email.trimmingCharacters(in: .whitespacesAndNewlines).lowercased()
+    }
+}
+
+public struct DefaultCodexAccountReconciler {
+    public let storeLoader: @Sendable () throws -> ManagedCodexAccountSet
+    public let systemObserver: any CodexSystemAccountObserving
+    public let activeSource: CodexActiveSource
+    public let baseEnvironment: [String: String]
+    public let managedEnvironmentBuilder: @Sendable ([String: String], ManagedCodexAccount) -> [String: String]
+
+    public init(
+        storeLoader: @escaping @Sendable () throws -> ManagedCodexAccountSet = {
+            try FileManagedCodexAccountStore().loadAccounts()
+        },
+        systemObserver: any CodexSystemAccountObserving = DefaultCodexSystemAccountObserver(),
+        activeSource: CodexActiveSource = .liveSystem,
+        baseEnvironment: [String: String],
+        managedEnvironmentBuilder: @escaping @Sendable ([String: String], ManagedCodexAccount)
+            -> [String: String] = { baseEnvironment, account in
+                CodexHomeScope.scopedEnvironment(base: baseEnvironment, codexHome: account.managedHomePath)
+            })
+    {
+        self.storeLoader = storeLoader
+        self.systemObserver = systemObserver
+        self.activeSource = activeSource
+        self.baseEnvironment = baseEnvironment
+        self.managedEnvironmentBuilder = managedEnvironmentBuilder
+    }
+
+    public func loadSnapshot() -> CodexAccountReconciliationSnapshot {
+        let liveSystemAccount = self.loadLiveSystemAccount()
+
+        do {
+            let accounts = try self.storeLoader()
+            let runtimeAccounts = Dictionary(uniqueKeysWithValues: accounts.accounts.map { account in
+                let runtimeAccount = self.loadRuntimeAccount(for: account)
+                return (account.id, runtimeAccount)
+            })
+            let activeStoredAccount: ManagedCodexAccount? = switch self.activeSource {
+            case let .managedAccount(id):
+                accounts.account(id: id)
+            case .liveSystem:
+                nil
+            }
+            let matchingStoredAccountForLiveSystemAccount = liveSystemAccount.flatMap { liveAccount in
+                if let liveFingerprint = liveAccount.authFingerprint,
+                   let exactFingerprintMatch = accounts.accounts.first(where: {
+                       $0.authFingerprint == liveFingerprint
+                   })
+                {
+                    return exactFingerprintMatch
+                }
+                return accounts.accounts.first { account in
+                    guard let runtimeAccount = runtimeAccounts[account.id] else { return false }
+                    return CodexIdentityMatcher.matches(
+                        runtimeAccount.identity,
+                        lhsEmail: runtimeAccount.email,
+                        self.runtimeIdentity(for: liveAccount),
+                        rhsEmail: liveAccount.email)
+                }
+            }
+
+            return CodexAccountReconciliationSnapshot(
+                storedAccounts: accounts.accounts,
+                activeStoredAccount: activeStoredAccount,
+                liveSystemAccount: liveSystemAccount,
+                matchingStoredAccountForLiveSystemAccount: matchingStoredAccountForLiveSystemAccount,
+                activeSource: self.activeSource,
+                hasUnreadableAddedAccountStore: false,
+                storedAccountRuntimeIdentities: runtimeAccounts.mapValues(\.identity),
+                storedAccountRuntimeEmails: runtimeAccounts.mapValues(\.email))
+        } catch {
+            return CodexAccountReconciliationSnapshot(
+                storedAccounts: [],
+                activeStoredAccount: nil,
+                liveSystemAccount: liveSystemAccount,
+                matchingStoredAccountForLiveSystemAccount: nil,
+                activeSource: self.activeSource,
+                hasUnreadableAddedAccountStore: true)
+        }
+    }
+
+    private func loadLiveSystemAccount() -> ObservedSystemCodexAccount? {
+        do {
+            guard let account = try self.systemObserver.loadSystemAccount(environment: self.baseEnvironment) else {
+                return nil
+            }
+            let normalizedEmail = Self.normalizeEmail(account.email)
+            guard !normalizedEmail.isEmpty else {
+                return nil
+            }
+            return ObservedSystemCodexAccount(
+                email: normalizedEmail,
+                workspaceLabel: account.workspaceLabel,
+                workspaceAccountID: account.workspaceAccountID,
+                authFingerprint: account.authFingerprint,
+                codexHomePath: account.codexHomePath,
+                observedAt: account.observedAt,
+                identity: self.runtimeIdentity(for: account))
+        } catch {
+            return nil
+        }
+    }
+
+    private static func normalizeEmail(_ email: String) -> String {
+        email.trimmingCharacters(in: .whitespacesAndNewlines).lowercased()
+    }
+
+    private func loadRuntimeAccount(for account: ManagedCodexAccount) -> RuntimeManagedCodexAccount {
+        let scopedEnvironment = self.managedEnvironmentBuilder(self.baseEnvironment, account)
+        let authBackedAccount = UsageFetcher(environment: scopedEnvironment).loadAuthBackedCodexAccount()
+        let email = Self.normalizeEmail(authBackedAccount.email ?? account.email)
+        let identity = CodexIdentityMatcher.normalized(authBackedAccount.identity, fallbackEmail: email)
+
+        return RuntimeManagedCodexAccount(
+            email: email,
+            identity: identity)
+    }
+
+    private func runtimeIdentity(for liveSystemAccount: ObservedSystemCodexAccount) -> CodexIdentity {
+        CodexIdentityMatcher.normalized(
+            liveSystemAccount.identity,
+            fallbackEmail: liveSystemAccount.email)
+    }
+}
+
+public enum CodexIdentityMatcher {
+    public static func matches(_ lhs: CodexIdentity, _ rhs: CodexIdentity) -> Bool {
+        switch (lhs, rhs) {
+        case let (.providerAccount(leftID), .providerAccount(rightID)):
+            leftID == rightID
+        case let (.emailOnly(leftEmail), .emailOnly(rightEmail)):
+            leftEmail == rightEmail
+        default:
+            false
+        }
+    }
+
+    public static func matches(
+        _ lhs: CodexIdentity,
+        lhsEmail: String?,
+        _ rhs: CodexIdentity,
+        rhsEmail: String?) -> Bool
+    {
+        guard self.matches(lhs, rhs) else { return false }
+        guard case .providerAccount = lhs, case .providerAccount = rhs else { return true }
+        guard let normalizedLeftEmail = CodexIdentityResolver.normalizeEmail(lhsEmail),
+              let normalizedRightEmail = CodexIdentityResolver.normalizeEmail(rhsEmail)
+        else {
+            return true
+        }
+        return normalizedLeftEmail == normalizedRightEmail
+    }
+
+    public static func normalized(_ identity: CodexIdentity, fallbackEmail: String) -> CodexIdentity {
+        switch identity {
+        case .providerAccount:
+            identity
+        case let .emailOnly(normalizedEmail):
+            CodexIdentityResolver.resolve(accountId: nil, email: normalizedEmail)
+        case .unresolved:
+            CodexIdentityResolver.resolve(accountId: nil, email: fallbackEmail)
+        }
+    }
+
+    public static func selectionKey(for identity: CodexIdentity, fallbackEmail: String) -> String {
+        switch self.normalized(identity, fallbackEmail: fallbackEmail) {
+        case let .providerAccount(id):
+            "provider:\(id)"
+        case let .emailOnly(normalizedEmail):
+            "email:\(normalizedEmail)"
+        case .unresolved:
+            "unresolved:\(fallbackEmail)"
+        }
+    }
+}
+
+private struct RuntimeManagedCodexAccount {
+    let email: String
+    let identity: CodexIdentity
+}
+
+private struct AccountIdentity: Equatable {
+    let id: UUID
+    let email: String
+    let providerAccountID: String?
+    let workspaceLabel: String?
+    let workspaceAccountID: String?
+    let managedHomePath: String
+    let createdAt: TimeInterval
+    let updatedAt: TimeInterval
+    let lastAuthenticatedAt: TimeInterval?
+    let authFingerprint: String?
+
+    init(_ account: ManagedCodexAccount) {
+        self.id = account.id
+        self.email = account.email
+        self.providerAccountID = account.providerAccountID
+        self.workspaceLabel = account.workspaceLabel
+        self.workspaceAccountID = account.workspaceAccountID
+        self.managedHomePath = account.managedHomePath
+        self.createdAt = account.createdAt
+        self.updatedAt = account.updatedAt
+        self.lastAuthenticatedAt = account.lastAuthenticatedAt
+        self.authFingerprint = account.authFingerprint
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexAdditionalRateLimitMapper.swift b/Sources/CodexBarCore/Providers/Codex/CodexAdditionalRateLimitMapper.swift
new file mode 100644
index 000000000..6a0997de2
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codex/CodexAdditionalRateLimitMapper.swift
@@ -0,0 +1,153 @@
+import Foundation
+
+/// Maps Codex `additional_rate_limits` entries (model-specific limits such as GPT-5.3-Codex-Spark)
+/// into named extra rate windows.
+///
+/// These limits are reported by the `wham/usage` API alongside, but separately from, the primary and
+/// weekly Codex windows, so we surface them through `UsageSnapshot.extraRateWindows` rather than the core
+/// primary/secondary lanes. When the field is absent the mapper returns an empty list and the snapshot is
+/// unchanged.
+enum CodexAdditionalRateLimitMapper {
+    /// Stable ids/titles for GPT-5.3-Codex-Spark limits so SwiftUI identity stays constant even if the API
+    /// label wording shifts. Keep the original 5-hour id for compatibility with the first Spark implementation.
+    static let sparkWindowID = "codex-spark"
+    static let sparkWeeklyWindowID = "codex-spark-weekly"
+    static let sparkWindowTitle = "Codex Spark 5-hour"
+    static let sparkWeeklyWindowTitle = "Codex Spark Weekly"
+
+    static func extraRateWindows(
+        from additionalRateLimits: [CodexUsageResponse.AdditionalRateLimit]?,
+        now: Date = Date()) -> [NamedRateWindow]
+    {
+        guard let additionalRateLimits, !additionalRateLimits.isEmpty else { return [] }
+        var usedIDs = Set<String>()
+        return additionalRateLimits.flatMap { entry in
+            self.namedWindows(from: entry, usedIDs: &usedIDs, now: now)
+        }
+    }
+
+    private static func namedWindows(
+        from entry: CodexUsageResponse.AdditionalRateLimit,
+        usedIDs: inout Set<String>,
+        now: Date) -> [NamedRateWindow]
+    {
+        if self.isSpark(entry) {
+            return self.sparkWindows(from: entry, usedIDs: &usedIDs, now: now)
+        }
+
+        // Model-specific limits report utilization in the primary window; fall back to the secondary
+        // window only when a primary one is not present.
+        guard let snapshot = entry.rateLimit?.primaryWindow ?? entry.rateLimit?.secondaryWindow else {
+            return []
+        }
+        guard let id = self.windowID(for: entry), usedIDs.insert(id).inserted else { return [] }
+        return [self.namedWindow(
+            id: id,
+            title: self.windowTitle(for: entry),
+            snapshot: snapshot,
+            now: now)]
+    }
+
+    private static func sparkWindows(
+        from entry: CodexUsageResponse.AdditionalRateLimit,
+        usedIDs: inout Set<String>,
+        now: Date) -> [NamedRateWindow]
+    {
+        let candidates: [(CodexUsageResponse.WindowSnapshot?, SparkWindowKind)] = [
+            (entry.rateLimit?.primaryWindow, .fiveHour),
+            (entry.rateLimit?.secondaryWindow, .weekly),
+        ]
+
+        return candidates.compactMap { snapshot, fallbackKind in
+            guard let snapshot else { return nil }
+            let kind = self.sparkWindowKind(for: snapshot, fallback: fallbackKind)
+            guard usedIDs.insert(kind.id).inserted else { return nil }
+            return self.namedWindow(id: kind.id, title: kind.title, snapshot: snapshot, now: now)
+        }
+    }
+
+    private static func namedWindow(
+        id: String,
+        title: String,
+        snapshot: CodexUsageResponse.WindowSnapshot,
+        now: Date) -> NamedRateWindow
+    {
+        let resetDate: Date? = snapshot.resetAt > 0
+            ? Date(timeIntervalSince1970: TimeInterval(snapshot.resetAt))
+            : nil
+        let window = RateWindow(
+            usedPercent: Double(snapshot.usedPercent),
+            windowMinutes: snapshot.limitWindowSeconds > 0 ? snapshot.limitWindowSeconds / 60 : nil,
+            resetsAt: resetDate,
+            resetDescription: resetDate.map { UsageFormatter.resetDescription(from: $0, now: now) })
+        return NamedRateWindow(id: id, title: title, window: window)
+    }
+
+    private enum SparkWindowKind {
+        case fiveHour
+        case weekly
+
+        var id: String {
+            switch self {
+            case .fiveHour: CodexAdditionalRateLimitMapper.sparkWindowID
+            case .weekly: CodexAdditionalRateLimitMapper.sparkWeeklyWindowID
+            }
+        }
+
+        var title: String {
+            switch self {
+            case .fiveHour: CodexAdditionalRateLimitMapper.sparkWindowTitle
+            case .weekly: CodexAdditionalRateLimitMapper.sparkWeeklyWindowTitle
+            }
+        }
+    }
+
+    private static func sparkWindowKind(
+        for snapshot: CodexUsageResponse.WindowSnapshot,
+        fallback: SparkWindowKind) -> SparkWindowKind
+    {
+        let minutes = snapshot.limitWindowSeconds > 0 ? snapshot.limitWindowSeconds / 60 : 0
+        if minutes > 0, minutes <= 6 * 60 { return .fiveHour }
+        if minutes >= 6 * 24 * 60 { return .weekly }
+        return fallback
+    }
+
+    private static func windowID(for entry: CodexUsageResponse.AdditionalRateLimit) -> String? {
+        guard let source = self.firstNonEmpty(entry.meteredFeature, entry.limitName) else { return nil }
+        let slug = self.slug(source)
+        return slug.isEmpty ? nil : "codex-\(slug)"
+    }
+
+    private static func windowTitle(for entry: CodexUsageResponse.AdditionalRateLimit) -> String {
+        self.firstNonEmpty(entry.limitName, entry.meteredFeature) ?? "Codex extra limit"
+    }
+
+    private static func isSpark(_ entry: CodexUsageResponse.AdditionalRateLimit) -> Bool {
+        [entry.limitName, entry.meteredFeature]
+            .compactMap { $0?.lowercased() }
+            .contains { $0.contains("spark") }
+    }
+
+    private static func firstNonEmpty(_ values: String?...) -> String? {
+        for value in values {
+            let trimmed = value?.trimmingCharacters(in: .whitespacesAndNewlines)
+            if let trimmed, !trimmed.isEmpty { return trimmed }
+        }
+        return nil
+    }
+
+    private static func slug(_ value: String) -> String {
+        var result = ""
+        var lastWasDash = false
+        for scalar in value.lowercased().unicodeScalars {
+            if CharacterSet.alphanumerics.contains(scalar) {
+                result.unicodeScalars.append(scalar)
+                lastWasDash = false
+            } else if !lastWasDash {
+                result.append("-")
+                lastWasDash = true
+            }
+        }
+        return result.trimmingCharacters(in: CharacterSet(charactersIn: "-"))
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexCLIDashboardAuthorityContext.swift b/Sources/CodexBarCore/Providers/Codex/CodexCLIDashboardAuthorityContext.swift
new file mode 100644
index 000000000..ce348063b
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codex/CodexCLIDashboardAuthorityContext.swift
@@ -0,0 +1,62 @@
+import Foundation
+
+public enum CodexCLIDashboardAuthorityContext {
+    public static func makeLiveWebInput(
+        dashboard: OpenAIDashboardSnapshot,
+        context: ProviderFetchContext,
+        routingTargetEmail: String?) -> CodexDashboardAuthorityInput
+    {
+        let auth = context.fetcher.loadAuthBackedCodexAccount()
+        return CodexDashboardAuthorityInput(
+            sourceKind: .liveWeb,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: auth.identity,
+                expectedScopedEmail: auth.email,
+                trustedCurrentUsageEmail: nil,
+                dashboardSignedInEmail: dashboard.signedInEmail,
+                knownOwners: context.settings?.codex?.dashboardAuthorityKnownOwners ?? []),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: CodexIdentityResolver.normalizeEmail(routingTargetEmail),
+                lastKnownDashboardRoutingEmail: nil))
+    }
+
+    public static func makeCachedDashboardInput(
+        dashboard: OpenAIDashboardSnapshot,
+        cachedAccountEmail: String,
+        usage: UsageSnapshot,
+        sourceLabel: String,
+        context: ProviderFetchContext) -> CodexDashboardAuthorityInput
+    {
+        let auth = context.fetcher.loadAuthBackedCodexAccount()
+        let trustedCurrentUsageEmail = Self.shouldTrustUsageEmail(sourceLabel: sourceLabel)
+            ? usage.accountEmail(for: .codex)
+            : nil
+        return CodexDashboardAuthorityInput(
+            sourceKind: .cachedDashboard,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: auth.identity,
+                expectedScopedEmail: auth.email,
+                trustedCurrentUsageEmail: trustedCurrentUsageEmail,
+                dashboardSignedInEmail: dashboard.signedInEmail,
+                knownOwners: context.settings?.codex?.dashboardAuthorityKnownOwners ?? []),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: auth.email,
+                lastKnownDashboardRoutingEmail: cachedAccountEmail))
+    }
+
+    public static func attachmentEmail(from input: CodexDashboardAuthorityInput) -> String? {
+        CodexIdentityResolver.normalizeEmail(
+            input.proof.expectedScopedEmail ??
+                input.proof.trustedCurrentUsageEmail ??
+                input.proof.dashboardSignedInEmail)
+    }
+
+    public static func shouldTrustUsageEmail(sourceLabel: String) -> Bool {
+        switch sourceLabel.trimmingCharacters(in: .whitespacesAndNewlines).lowercased() {
+        case "codex-cli", "oauth":
+            true
+        default:
+            false
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexCLILaunchGate.swift b/Sources/CodexBarCore/Providers/Codex/CodexCLILaunchGate.swift
new file mode 100644
index 000000000..78ffa8a7b
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codex/CodexCLILaunchGate.swift
@@ -0,0 +1,70 @@
+import Foundation
+
+final class CodexCLILaunchGate: @unchecked Sendable {
+    static let shared = CodexCLILaunchGate()
+    static let cooldown: TimeInterval = 30 * 60
+
+    private struct Entry {
+        let message: String
+        let expiresAt: Date
+    }
+
+    private let lock = NSLock()
+    private var entries: [String: Entry] = [:]
+
+    func backgroundSkipMessage(
+        binary: String,
+        now: Date = Date(),
+        interaction: ProviderInteraction = ProviderInteractionContext.current) -> String?
+    {
+        guard interaction == .background else { return nil }
+
+        self.lock.lock()
+        defer { self.lock.unlock() }
+
+        guard let entry = self.entries[binary] else { return nil }
+        guard entry.expiresAt > now else {
+            self.entries.removeValue(forKey: binary)
+            return nil
+        }
+        return entry.message
+    }
+
+    @discardableResult
+    func recordLaunchFailure(binary: String, message: String, now: Date = Date()) -> String? {
+        guard Self.shouldThrottleLaunchFailure(message) else { return nil }
+        let throttled = Self.throttledMessage(binary: binary, originalMessage: message)
+        let entry = Entry(
+            message: throttled,
+            expiresAt: now.addingTimeInterval(Self.cooldown))
+
+        self.lock.lock()
+        self.entries[binary] = entry
+        self.lock.unlock()
+
+        return throttled
+    }
+
+    func resetForTesting() {
+        self.lock.lock()
+        self.entries.removeAll()
+        self.lock.unlock()
+    }
+
+    static func shouldThrottleLaunchFailure(_ message: String) -> Bool {
+        let lower = message.lowercased()
+        if lower.contains("openpty") ||
+            lower.contains("write to pty") ||
+            lower.contains("app shutdown")
+        {
+            return false
+        }
+        return true
+    }
+
+    private static func throttledMessage(binary: String, originalMessage: String) -> String {
+        "Codex CLI launch failed; background refresh is paused for 30 minutes. " +
+            "Reinstall or unblock `\(binary)` in macOS security settings, then refresh manually. " +
+            "Last error: \(originalMessage)"
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexCLISession.swift b/Sources/CodexBarCore/Providers/Codex/CodexCLISession.swift
index 8c7f3b245..fb9cc77bc 100644
--- a/Sources/CodexBarCore/Providers/Codex/CodexCLISession.swift
+++ b/Sources/CodexBarCore/Providers/Codex/CodexCLISession.swift
@@ -31,6 +31,18 @@ actor CodexCLISession {
     private var startedAt: Date?
     private var ptyRows: UInt16 = 0
     private var ptyCols: UInt16 = 0
+    private var sessionEnvironment: [String: String]?
+    private var sessionArguments: [String] = []
+    private var sessionWorkingDirectory: URL?
+
+    struct CaptureOptions {
+        let timeout: TimeInterval
+        let rows: UInt16
+        let cols: UInt16
+        let environment: [String: String]
+        let extraArgs: [String]
+        let workingDirectory: URL?
+    }
 
     private struct RollingBuffer {
         private let maxNeedle: Int
@@ -81,8 +93,11 @@ actor CodexCLISession {
     }
 
     // swiftlint:disable cyclomatic_complexity
-    func captureStatus(binary: String, timeout: TimeInterval, rows: UInt16, cols: UInt16) async throws -> String {
-        try self.ensureStarted(binary: binary, rows: rows, cols: cols)
+    func captureStatus(
+        binary: String,
+        options: CaptureOptions) async throws -> String
+    {
+        try self.ensureStarted(binary: binary, options: options)
         if let startedAt {
             let sinceStart = Date().timeIntervalSince(startedAt)
             if sinceStart < 0.4 {
@@ -110,7 +125,7 @@ actor CodexCLISession {
         var updateScanBuffer = RollingBuffer(maxNeedle: updateMaxNeedle)
 
         var buffer = Data()
-        let deadline = Date().addingTimeInterval(timeout)
+        let deadline = Date().addingTimeInterval(options.timeout)
         var nextCursorCheckAt = Date(timeIntervalSince1970: 0)
 
         var skippedCodexUpdate = false
@@ -243,12 +258,18 @@ actor CodexCLISession {
         self.cleanup()
     }
 
-    private func ensureStarted(binary: String, rows: UInt16, cols: UInt16) throws {
+    private func ensureStarted(
+        binary: String,
+        options: CaptureOptions) throws
+    {
         if let proc = self.process,
            proc.isRunning,
            self.binaryPath == binary,
-           self.ptyRows == rows,
-           self.ptyCols == cols
+           self.ptyRows == options.rows,
+           self.ptyCols == options.cols,
+           self.sessionEnvironment == options.environment,
+           self.sessionArguments == options.extraArgs,
+           self.sessionWorkingDirectory == options.workingDirectory
         {
             return
         }
@@ -256,7 +277,7 @@ actor CodexCLISession {
 
         var primaryFD: Int32 = -1
         var secondaryFD: Int32 = -1
-        var win = winsize(ws_row: rows, ws_col: cols, ws_xpixel: 0, ws_ypixel: 0)
+        var win = winsize(ws_row: options.rows, ws_col: options.cols, ws_xpixel: 0, ws_ypixel: 0)
         guard openpty(&primaryFD, &secondaryFD, nil, nil, &win) == 0 else {
             throw SessionError.launchFailed("openpty failed")
         }
@@ -268,12 +289,15 @@ actor CodexCLISession {
         let proc = Process()
         let resolvedURL = URL(fileURLWithPath: binary)
         proc.executableURL = resolvedURL
-        proc.arguments = ["-s", "read-only", "-a", "untrusted"]
+        proc.arguments = options.extraArgs
         proc.standardInput = secondaryHandle
         proc.standardOutput = secondaryHandle
         proc.standardError = secondaryHandle
+        proc.currentDirectoryURL = options.workingDirectory
 
-        let env = TTYCommandRunner.enrichedEnvironment()
+        let env = TTYCommandRunner.enrichedEnvironment(
+            baseEnv: options.environment,
+            home: options.environment["HOME"] ?? NSHomeDirectory())
         proc.environment = env
 
         do {
@@ -285,9 +309,21 @@ actor CodexCLISession {
         }
 
         let pid = proc.processIdentifier
+        guard TTYCommandRunner.registerActiveProcessForAppShutdown(
+            pid: pid,
+            binary: resolvedURL.lastPathComponent)
+        else {
+            proc.terminate()
+            kill(pid, SIGKILL)
+            try? primaryHandle.close()
+            try? secondaryHandle.close()
+            throw SessionError.launchFailed("App shutdown in progress")
+        }
+
         var processGroup: pid_t?
         if setpgid(pid, pid) == 0 {
             processGroup = pid
+            TTYCommandRunner.updateActiveProcessGroupForAppShutdown(pid: pid, processGroup: processGroup)
         }
 
         self.process = proc
@@ -297,8 +333,11 @@ actor CodexCLISession {
         self.processGroup = processGroup
         self.binaryPath = binary
         self.startedAt = Date()
-        self.ptyRows = rows
-        self.ptyCols = cols
+        self.ptyRows = options.rows
+        self.ptyCols = options.cols
+        self.sessionEnvironment = options.environment
+        self.sessionArguments = options.extraArgs
+        self.sessionWorkingDirectory = options.workingDirectory
     }
 
     private func cleanup() {
@@ -308,11 +347,16 @@ actor CodexCLISession {
         try? self.primaryHandle?.close()
         try? self.secondaryHandle?.close()
 
+        let descendants = self.process.map { TTYProcessTreeTerminator.descendantPIDs(of: $0.processIdentifier) } ?? []
         if let proc = self.process, proc.isRunning {
             proc.terminate()
         }
-        if let pgid = self.processGroup {
-            kill(-pgid, SIGTERM)
+        if let proc = self.process {
+            TTYProcessTreeTerminator.terminateProcessTree(
+                rootPID: proc.processIdentifier,
+                processGroup: self.processGroup,
+                signal: SIGTERM,
+                knownDescendants: descendants)
         }
         let waitDeadline = Date().addingTimeInterval(1.0)
         if let proc = self.process {
@@ -320,11 +364,17 @@ actor CodexCLISession {
                 usleep(100_000)
             }
             if proc.isRunning {
-                if let pgid = self.processGroup {
-                    kill(-pgid, SIGKILL)
+                TTYProcessTreeTerminator.terminateProcessTree(
+                    rootPID: proc.processIdentifier,
+                    processGroup: self.processGroup,
+                    signal: SIGKILL,
+                    knownDescendants: descendants)
+            } else {
+                for pid in descendants where pid > 0 {
+                    kill(pid, SIGKILL)
                 }
-                kill(proc.processIdentifier, SIGKILL)
             }
+            TTYCommandRunner.unregisterActiveProcessForAppShutdown(pid: proc.processIdentifier)
         }
 
         self.process = nil
@@ -336,6 +386,9 @@ actor CodexCLISession {
         self.startedAt = nil
         self.ptyRows = 0
         self.ptyCols = 0
+        self.sessionEnvironment = nil
+        self.sessionArguments = []
+        self.sessionWorkingDirectory = nil
     }
 
     private func readChunk() -> Data {
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexDashboardAuthority.swift b/Sources/CodexBarCore/Providers/Codex/CodexDashboardAuthority.swift
new file mode 100644
index 000000000..7ba2f6554
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codex/CodexDashboardAuthority.swift
@@ -0,0 +1,317 @@
+import Foundation
+
+public enum CodexDashboardSourceKind: String, Codable, Sendable {
+    case liveWeb
+    case cachedDashboard
+}
+
+public enum CodexDashboardDisposition: String, Codable, Sendable {
+    case attach
+    case displayOnly
+    case failClosed
+}
+
+public enum CodexDashboardAllowedEffect: String, Codable, CaseIterable, Hashable, Sendable {
+    case usageBackfill
+    case creditsAttachment
+    case refreshGuardSeed
+    case historicalBackfill
+    case cachedDashboardReuse
+}
+
+public enum CodexDashboardCleanup: String, Codable, CaseIterable, Hashable, Sendable {
+    case dashboardSnapshot
+    case dashboardDerivedUsage
+    case dashboardDerivedCredits
+    case dashboardRefreshGuardSeed
+    case dashboardCache
+}
+
+public struct CodexDashboardKnownOwnerCandidate: Equatable, Hashable, Sendable {
+    public let identity: CodexIdentity
+    public let normalizedEmail: String?
+
+    public init(identity: CodexIdentity, normalizedEmail: String?) {
+        self.identity = identity
+        self.normalizedEmail = normalizedEmail
+    }
+
+    public func hash(into hasher: inout Hasher) {
+        switch self.identity {
+        case let .providerAccount(id):
+            hasher.combine("providerAccount")
+            hasher.combine(id)
+        case let .emailOnly(normalizedEmail):
+            hasher.combine("emailOnly")
+            hasher.combine(normalizedEmail)
+        case .unresolved:
+            hasher.combine("unresolved")
+        }
+        hasher.combine(self.normalizedEmail)
+    }
+}
+
+public struct CodexDashboardOwnershipProofContext: Equatable, Sendable {
+    public let currentIdentity: CodexIdentity
+    public let expectedScopedEmail: String?
+    public let trustedCurrentUsageEmail: String?
+    public let dashboardSignedInEmail: String?
+    public let knownOwners: [CodexDashboardKnownOwnerCandidate]
+
+    public init(
+        currentIdentity: CodexIdentity,
+        expectedScopedEmail: String?,
+        trustedCurrentUsageEmail: String?,
+        dashboardSignedInEmail: String?,
+        knownOwners: [CodexDashboardKnownOwnerCandidate])
+    {
+        self.currentIdentity = currentIdentity
+        self.expectedScopedEmail = expectedScopedEmail
+        self.trustedCurrentUsageEmail = trustedCurrentUsageEmail
+        self.dashboardSignedInEmail = dashboardSignedInEmail
+        self.knownOwners = knownOwners
+    }
+}
+
+public struct CodexDashboardRoutingHints: Equatable, Sendable {
+    public let targetEmail: String?
+    public let lastKnownDashboardRoutingEmail: String?
+
+    public init(targetEmail: String?, lastKnownDashboardRoutingEmail: String?) {
+        self.targetEmail = targetEmail
+        self.lastKnownDashboardRoutingEmail = lastKnownDashboardRoutingEmail
+    }
+}
+
+public struct CodexDashboardAuthorityInput: Equatable, Sendable {
+    public let sourceKind: CodexDashboardSourceKind
+    public let proof: CodexDashboardOwnershipProofContext
+    public let routing: CodexDashboardRoutingHints
+
+    public init(
+        sourceKind: CodexDashboardSourceKind,
+        proof: CodexDashboardOwnershipProofContext,
+        routing: CodexDashboardRoutingHints)
+    {
+        self.sourceKind = sourceKind
+        self.proof = proof
+        self.routing = routing
+    }
+}
+
+public enum CodexDashboardDecisionReason: Equatable, Sendable {
+    case exactProviderAccountMatch
+    case trustedEmailMatchNoCompetingOwner
+    case trustedContinuityNoCompetingOwner
+    case wrongEmail(expected: String?, actual: String?)
+    case sameEmailAmbiguity(email: String)
+    case unresolvedWithoutTrustedEvidence
+    case providerAccountMissingScopedEmail
+    case providerAccountLacksExactOwnershipProof
+    case missingDashboardSignedInEmail
+}
+
+public struct CodexDashboardAuthorityDecision: Equatable, Sendable {
+    public let disposition: CodexDashboardDisposition
+    public let reason: CodexDashboardDecisionReason
+    public let allowedEffects: Set<CodexDashboardAllowedEffect>
+    public let cleanup: Set<CodexDashboardCleanup>
+
+    public init(
+        disposition: CodexDashboardDisposition,
+        reason: CodexDashboardDecisionReason,
+        allowedEffects: Set<CodexDashboardAllowedEffect>,
+        cleanup: Set<CodexDashboardCleanup>)
+    {
+        self.disposition = disposition
+        self.reason = reason
+        self.allowedEffects = allowedEffects
+        self.cleanup = cleanup
+    }
+}
+
+public enum CodexDashboardPolicyError: LocalizedError, Equatable, Sendable {
+    case displayOnly(CodexDashboardAuthorityDecision)
+
+    public var errorDescription: String? {
+        switch self {
+        case .displayOnly:
+            "Codex dashboard may be displayed, but it cannot be attached to the active account."
+        }
+    }
+}
+
+public enum CodexDashboardAuthority {
+    /// Evaluates whether a Codex dashboard snapshot may attach to the active account.
+    ///
+    /// App callers may keep `.displayOnly` dashboard data visible, but must not attach usage,
+    /// credits, refresh guards, or historical backfill.
+    ///
+    /// CLI callers should surface `.displayOnly` as `CodexDashboardPolicyError.displayOnly`
+    /// instead of treating it as a generic failure.
+    ///
+    /// Cached dashboard callers may restore data only when the decision includes
+    /// `.cachedDashboardReuse` in `allowedEffects`.
+    public static func evaluate(_ input: CodexDashboardAuthorityInput) -> CodexDashboardAuthorityDecision {
+        let proof = input.proof
+        let currentIdentity = Self.normalizeIdentity(proof.currentIdentity)
+        let expectedScopedEmail = CodexIdentityResolver.normalizeEmail(proof.expectedScopedEmail)
+        let trustedCurrentUsageEmail = CodexIdentityResolver.normalizeEmail(proof.trustedCurrentUsageEmail)
+        let dashboardSignedInEmail = CodexIdentityResolver.normalizeEmail(proof.dashboardSignedInEmail)
+        let knownOwners = Self.normalizeKnownOwners(proof.knownOwners)
+
+        // Routing hints are intentionally excluded from ownership proof. They may help fetch or route
+        // dashboard requests, but they must never influence attach/display/fail-closed policy.
+
+        guard let dashboardSignedInEmail else {
+            return Self.makeDecision(
+                disposition: .failClosed,
+                reason: .missingDashboardSignedInEmail,
+                sourceKind: input.sourceKind)
+        }
+
+        if let expectedScopedEmail, dashboardSignedInEmail != expectedScopedEmail {
+            return Self.makeDecision(
+                disposition: .failClosed,
+                reason: .wrongEmail(expected: expectedScopedEmail, actual: dashboardSignedInEmail),
+                sourceKind: input.sourceKind)
+        }
+
+        switch currentIdentity {
+        case let .providerAccount(id):
+            let exactMatch = knownOwners.contains { candidate in
+                candidate.identity == .providerAccount(id: id) && candidate.normalizedEmail == dashboardSignedInEmail
+            }
+            if exactMatch {
+                return Self.makeDecision(
+                    disposition: .attach,
+                    reason: .exactProviderAccountMatch,
+                    sourceKind: input.sourceKind)
+            }
+            guard expectedScopedEmail != nil else {
+                return Self.makeDecision(
+                    disposition: .failClosed,
+                    reason: .providerAccountMissingScopedEmail,
+                    sourceKind: input.sourceKind)
+            }
+            if Self.knownOwnerCount(for: dashboardSignedInEmail, in: knownOwners) > 1 {
+                return Self.makeDecision(
+                    disposition: .displayOnly,
+                    reason: .sameEmailAmbiguity(email: dashboardSignedInEmail),
+                    sourceKind: input.sourceKind)
+            }
+            return Self.makeDecision(
+                disposition: .failClosed,
+                reason: .providerAccountLacksExactOwnershipProof,
+                sourceKind: input.sourceKind)
+
+        case let .emailOnly(normalizedEmail):
+            guard dashboardSignedInEmail == normalizedEmail else {
+                return Self.makeDecision(
+                    disposition: .failClosed,
+                    reason: .wrongEmail(expected: normalizedEmail, actual: dashboardSignedInEmail),
+                    sourceKind: input.sourceKind)
+            }
+            if Self.knownOwnerCount(for: normalizedEmail, in: knownOwners) > 1 {
+                return Self.makeDecision(
+                    disposition: .displayOnly,
+                    reason: .sameEmailAmbiguity(email: normalizedEmail),
+                    sourceKind: input.sourceKind)
+            }
+            return Self.makeDecision(
+                disposition: .attach,
+                reason: .trustedEmailMatchNoCompetingOwner,
+                sourceKind: input.sourceKind)
+
+        case .unresolved:
+            guard let trustedCurrentUsageEmail else {
+                return Self.makeDecision(
+                    disposition: .failClosed,
+                    reason: .unresolvedWithoutTrustedEvidence,
+                    sourceKind: input.sourceKind)
+            }
+            guard dashboardSignedInEmail == trustedCurrentUsageEmail else {
+                return Self.makeDecision(
+                    disposition: .failClosed,
+                    reason: .wrongEmail(expected: trustedCurrentUsageEmail, actual: dashboardSignedInEmail),
+                    sourceKind: input.sourceKind)
+            }
+            if Self.knownOwnerCount(for: trustedCurrentUsageEmail, in: knownOwners) > 1 {
+                return Self.makeDecision(
+                    disposition: .displayOnly,
+                    reason: .sameEmailAmbiguity(email: trustedCurrentUsageEmail),
+                    sourceKind: input.sourceKind)
+            }
+            return Self.makeDecision(
+                disposition: .attach,
+                reason: .trustedContinuityNoCompetingOwner,
+                sourceKind: input.sourceKind)
+        }
+    }
+
+    private static func normalizeIdentity(_ identity: CodexIdentity) -> CodexIdentity {
+        switch identity {
+        case let .providerAccount(id):
+            if let normalizedID = CodexIdentityResolver.normalizeAccountID(id) {
+                return .providerAccount(id: normalizedID)
+            }
+            return .unresolved
+        case let .emailOnly(normalizedEmail):
+            if let normalizedEmail = CodexIdentityResolver.normalizeEmail(normalizedEmail) {
+                return .emailOnly(normalizedEmail: normalizedEmail)
+            }
+            return .unresolved
+        case .unresolved:
+            return .unresolved
+        }
+    }
+
+    private static func normalizeKnownOwners(
+        _ candidates: [CodexDashboardKnownOwnerCandidate])
+        -> Set<CodexDashboardKnownOwnerCandidate>
+    {
+        Set(candidates.map { candidate in
+            CodexDashboardKnownOwnerCandidate(
+                identity: self.normalizeIdentity(candidate.identity),
+                normalizedEmail: CodexIdentityResolver.normalizeEmail(candidate.normalizedEmail))
+        })
+    }
+
+    private static func knownOwnerCount(
+        for email: String,
+        in candidates: Set<CodexDashboardKnownOwnerCandidate>) -> Int
+    {
+        candidates.count { $0.normalizedEmail == email }
+    }
+
+    private static func makeDecision(
+        disposition: CodexDashboardDisposition,
+        reason: CodexDashboardDecisionReason,
+        sourceKind: CodexDashboardSourceKind) -> CodexDashboardAuthorityDecision
+    {
+        CodexDashboardAuthorityDecision(
+            disposition: disposition,
+            reason: reason,
+            allowedEffects: self.allowedEffects(disposition: disposition, sourceKind: sourceKind),
+            cleanup: disposition == .attach ? [] : Set(CodexDashboardCleanup.allCases))
+    }
+
+    private static func allowedEffects(
+        disposition: CodexDashboardDisposition,
+        sourceKind: CodexDashboardSourceKind) -> Set<CodexDashboardAllowedEffect>
+    {
+        guard disposition == .attach else { return [] }
+
+        switch sourceKind {
+        case .liveWeb:
+            return [
+                .usageBackfill,
+                .creditsAttachment,
+                .refreshGuardSeed,
+                .historicalBackfill,
+            ]
+        case .cachedDashboard:
+            return [.cachedDashboardReuse]
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexIdentity.swift b/Sources/CodexBarCore/Providers/Codex/CodexIdentity.swift
new file mode 100644
index 000000000..f83cb195d
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codex/CodexIdentity.swift
@@ -0,0 +1,47 @@
+import Foundation
+
+public enum CodexIdentity: Codable, Equatable, Sendable {
+    case providerAccount(id: String)
+    // Normal OAuth auth should resolve to a provider account ID. Email-only identity is kept as a
+    // migration/hardening fallback for partial auth payloads, not as the primary steady-state path.
+    case emailOnly(normalizedEmail: String)
+    case unresolved
+}
+
+public enum CodexIdentityResolver {
+    public static func resolve(accountId: String?, email: String?) -> CodexIdentity {
+        if let accountId = normalizeAccountID(accountId) {
+            return .providerAccount(id: accountId)
+        }
+        if let email = Self.normalizeEmail(email) {
+            return .emailOnly(normalizedEmail: email)
+        }
+        return .unresolved
+    }
+
+    public static func normalizeEmail(_ email: String?) -> String? {
+        guard let email = email?.trimmingCharacters(in: .whitespacesAndNewlines), !email.isEmpty else {
+            return nil
+        }
+        return email.lowercased()
+    }
+
+    public static func normalizeAccountID(_ accountId: String?) -> String? {
+        guard let accountId = accountId?.trimmingCharacters(in: .whitespacesAndNewlines), !accountId.isEmpty else {
+            return nil
+        }
+        return accountId
+    }
+}
+
+public struct CodexAuthBackedAccount: Equatable, Sendable {
+    public let identity: CodexIdentity
+    public let email: String?
+    public let plan: String?
+
+    public init(identity: CodexIdentity, email: String?, plan: String?) {
+        self.identity = identity
+        self.email = email
+        self.plan = plan
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexOAuth/CodexOAuthCredentials.swift b/Sources/CodexBarCore/Providers/Codex/CodexOAuth/CodexOAuthCredentials.swift
index f7f5c3191..c6c5698b2 100644
--- a/Sources/CodexBarCore/Providers/Codex/CodexOAuth/CodexOAuthCredentials.swift
+++ b/Sources/CodexBarCore/Providers/Codex/CodexOAuth/CodexOAuthCredentials.swift
@@ -46,19 +46,19 @@ public enum CodexOAuthCredentialsError: LocalizedError, Sendable {
 }
 
 public enum CodexOAuthCredentialsStore {
-    private static var authFilePath: URL {
-        let home = FileManager.default.homeDirectoryForCurrentUser
-        if let codexHome = ProcessInfo.processInfo.environment["CODEX_HOME"]?.trimmingCharacters(
-            in: .whitespacesAndNewlines),
-            !codexHome.isEmpty
-        {
-            return URL(fileURLWithPath: codexHome).appendingPathComponent("auth.json")
-        }
-        return home.appendingPathComponent(".codex").appendingPathComponent("auth.json")
+    private static func authFilePath(
+        env: [String: String] = ProcessInfo.processInfo.environment,
+        fileManager: FileManager = .default) -> URL
+    {
+        CodexHomeScope
+            .ambientHomeURL(env: env, fileManager: fileManager)
+            .appendingPathComponent("auth.json")
     }
 
-    public static func load() throws -> CodexOAuthCredentials {
-        let url = self.authFilePath
+    public static func load(env: [String: String] = ProcessInfo.processInfo
+        .environment) throws -> CodexOAuthCredentials
+    {
+        let url = self.authFilePath(env: env)
         guard FileManager.default.fileExists(atPath: url.path) else {
             throw CodexOAuthCredentialsError.notFound
         }
@@ -86,15 +86,18 @@ public enum CodexOAuthCredentialsStore {
         guard let tokens = json["tokens"] as? [String: Any] else {
             throw CodexOAuthCredentialsError.missingTokens
         }
-        guard let accessToken = tokens["access_token"] as? String,
-              let refreshToken = tokens["refresh_token"] as? String,
+        guard let accessToken = Self.stringValue(in: tokens, snakeCaseKey: "access_token", camelCaseKey: "accessToken"),
+              let refreshToken = Self.stringValue(
+                  in: tokens,
+                  snakeCaseKey: "refresh_token",
+                  camelCaseKey: "refreshToken"),
               !accessToken.isEmpty
         else {
             throw CodexOAuthCredentialsError.missingTokens
         }
 
-        let idToken = tokens["id_token"] as? String
-        let accountId = tokens["account_id"] as? String
+        let idToken = Self.stringValue(in: tokens, snakeCaseKey: "id_token", camelCaseKey: "idToken")
+        let accountId = Self.stringValue(in: tokens, snakeCaseKey: "account_id", camelCaseKey: "accountId")
         let lastRefresh = Self.parseLastRefresh(from: json["last_refresh"])
 
         return CodexOAuthCredentials(
@@ -105,8 +108,11 @@ public enum CodexOAuthCredentialsStore {
             lastRefresh: lastRefresh)
     }
 
-    public static func save(_ credentials: CodexOAuthCredentials) throws {
-        let url = self.authFilePath
+    public static func save(
+        _ credentials: CodexOAuthCredentials,
+        env: [String: String] = ProcessInfo.processInfo.environment) throws
+    {
+        let url = self.authFilePath(env: env)
 
         var json: [String: Any] = [:]
         if let data = try? Data(contentsOf: url),
@@ -143,4 +149,27 @@ public enum CodexOAuthCredentialsStore {
         formatter.formatOptions = [.withInternetDateTime]
         return formatter.date(from: value)
     }
+
+    private static func stringValue(
+        in dictionary: [String: Any],
+        snakeCaseKey: String,
+        camelCaseKey: String)
+        -> String?
+    {
+        if let value = dictionary[snakeCaseKey] as? String, !value.isEmpty {
+            return value
+        }
+        if let value = dictionary[camelCaseKey] as? String, !value.isEmpty {
+            return value
+        }
+        return nil
+    }
+}
+
+#if DEBUG
+extension CodexOAuthCredentialsStore {
+    static func _authFileURLForTesting(env: [String: String]) -> URL {
+        self.authFilePath(env: env)
+    }
 }
+#endif
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexOAuth/CodexOAuthUsageFetcher.swift b/Sources/CodexBarCore/Providers/Codex/CodexOAuth/CodexOAuthUsageFetcher.swift
index 174c08c54..41f11cef5 100644
--- a/Sources/CodexBarCore/Providers/Codex/CodexOAuth/CodexOAuthUsageFetcher.swift
+++ b/Sources/CodexBarCore/Providers/Codex/CodexOAuth/CodexOAuthUsageFetcher.swift
@@ -7,11 +7,28 @@ public struct CodexUsageResponse: Decodable, Sendable {
     public let planType: PlanType?
     public let rateLimit: RateLimitDetails?
     public let credits: CreditDetails?
+    /// Model-specific limits (e.g. GPT-5.3-Codex-Spark) that sit alongside the primary/weekly windows.
+    public let additionalRateLimits: [AdditionalRateLimit]?
 
     enum CodingKeys: String, CodingKey {
         case planType = "plan_type"
         case rateLimit = "rate_limit"
         case credits
+        case additionalRateLimits = "additional_rate_limits"
+    }
+
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.planType = try? container.decodeIfPresent(PlanType.self, forKey: .planType)
+        self.rateLimit = try? container.decodeIfPresent(RateLimitDetails.self, forKey: .rateLimit)
+        self.credits = try? container.decodeIfPresent(CreditDetails.self, forKey: .credits)
+        // Optional and additive: missing/malformed extra limits must never disturb primary/weekly mapping.
+        // Decode per element so a single malformed entry cannot discard its valid siblings; a non-array
+        // value (or absent field) leaves `additionalRateLimits` nil and primary/weekly mapping untouched.
+        let additionalRateLimits = try? container.decodeIfPresent(
+            [LossyAdditionalRateLimit].self,
+            forKey: .additionalRateLimits)
+        self.additionalRateLimits = additionalRateLimits?.compactMap(\.value)
     }
 
     public enum PlanType: Sendable, Decodable, Equatable {
@@ -75,11 +92,46 @@ public struct CodexUsageResponse: Decodable, Sendable {
     public struct RateLimitDetails: Decodable, Sendable {
         public let primaryWindow: WindowSnapshot?
         public let secondaryWindow: WindowSnapshot?
+        let primaryWindowDecodeFailed: Bool
+        let secondaryWindowDecodeFailed: Bool
 
         enum CodingKeys: String, CodingKey {
             case primaryWindow = "primary_window"
             case secondaryWindow = "secondary_window"
         }
+
+        public init(from decoder: Decoder) throws {
+            let container = try decoder.container(keyedBy: CodingKeys.self)
+            let primaryHadValue = Self.hasNonNilValue(container: container, key: .primaryWindow)
+            do {
+                self.primaryWindow = try container.decodeIfPresent(WindowSnapshot.self, forKey: .primaryWindow)
+                self.primaryWindowDecodeFailed = false
+            } catch {
+                self.primaryWindow = nil
+                self.primaryWindowDecodeFailed = primaryHadValue
+            }
+
+            let secondaryHadValue = Self.hasNonNilValue(container: container, key: .secondaryWindow)
+            do {
+                self.secondaryWindow = try container.decodeIfPresent(WindowSnapshot.self, forKey: .secondaryWindow)
+                self.secondaryWindowDecodeFailed = false
+            } catch {
+                self.secondaryWindow = nil
+                self.secondaryWindowDecodeFailed = secondaryHadValue
+            }
+        }
+
+        private static func hasNonNilValue(
+            container: KeyedDecodingContainer<CodingKeys>,
+            key: CodingKeys) -> Bool
+        {
+            guard container.contains(key) else { return false }
+            return (try? container.decodeNil(forKey: key)) == false
+        }
+
+        var hasWindowDecodeFailure: Bool {
+            self.primaryWindowDecodeFailed || self.secondaryWindowDecodeFailed
+        }
     }
 
     public struct WindowSnapshot: Decodable, Sendable {
@@ -94,6 +146,38 @@ public struct CodexUsageResponse: Decodable, Sendable {
         }
     }
 
+    /// One entry of `additional_rate_limits`: a named, model-specific limit (e.g. GPT-5.3-Codex-Spark)
+    /// whose windows reuse the same shape as the primary/weekly `RateLimitDetails`.
+    public struct AdditionalRateLimit: Decodable, Sendable {
+        public let limitName: String?
+        public let meteredFeature: String?
+        public let rateLimit: RateLimitDetails?
+
+        enum CodingKeys: String, CodingKey {
+            case limitName = "limit_name"
+            case meteredFeature = "metered_feature"
+            case rateLimit = "rate_limit"
+        }
+
+        public init(from decoder: Decoder) throws {
+            let container = try decoder.container(keyedBy: CodingKeys.self)
+            self.limitName = try? container.decodeIfPresent(String.self, forKey: .limitName)
+            self.meteredFeature = try? container.decodeIfPresent(String.self, forKey: .meteredFeature)
+            self.rateLimit = try? container.decodeIfPresent(RateLimitDetails.self, forKey: .rateLimit)
+        }
+    }
+
+    /// Decodes a single `additional_rate_limits` element without ever throwing, so one malformed
+    /// entry cannot discard its valid siblings during array decoding.
+    private struct LossyAdditionalRateLimit: Decodable {
+        let value: AdditionalRateLimit?
+
+        init(from decoder: Decoder) throws {
+            let container = try decoder.singleValueContainer()
+            self.value = try? container.decode(AdditionalRateLimit.self)
+        }
+    }
+
     public struct CreditDetails: Decodable, Sendable {
         public let hasCredits: Bool
         public let unlimited: Bool
@@ -150,8 +234,12 @@ public enum CodexOAuthUsageFetcher {
     private static let chatGPTUsagePath = "/wham/usage"
     private static let codexUsagePath = "/api/codex/usage"
 
-    public static func fetchUsage(accessToken: String, accountId: String?) async throws -> CodexUsageResponse {
-        var request = URLRequest(url: Self.resolveUsageURL())
+    public static func fetchUsage(
+        accessToken: String,
+        accountId: String?,
+        env: [String: String] = ProcessInfo.processInfo.environment) async throws -> CodexUsageResponse
+    {
+        var request = URLRequest(url: Self.resolveUsageURL(env: env))
         request.httpMethod = "GET"
         request.timeoutInterval = 30
         request.setValue("Bearer \(accessToken)", forHTTPHeaderField: "Authorization")
@@ -163,12 +251,10 @@ public enum CodexOAuthUsageFetcher {
         }
 
         do {
-            let (data, response) = try await URLSession.shared.data(for: request)
-            guard let http = response as? HTTPURLResponse else {
-                throw CodexOAuthFetchError.invalidResponse
-            }
+            let response = try await ProviderHTTPClient.shared.response(for: request)
+            let data = response.data
 
-            switch http.statusCode {
+            switch response.statusCode {
             case 200...299:
                 do {
                     return try JSONDecoder().decode(CodexUsageResponse.self, from: data)
@@ -179,7 +265,7 @@ public enum CodexOAuthUsageFetcher {
                 throw CodexOAuthFetchError.unauthorized
             default:
                 let body = String(data: data, encoding: .utf8)
-                throw CodexOAuthFetchError.serverError(http.statusCode, body)
+                throw CodexOAuthFetchError.serverError(response.statusCode, body)
             }
         } catch let error as CodexOAuthFetchError {
             throw error
@@ -188,8 +274,8 @@ public enum CodexOAuthUsageFetcher {
         }
     }
 
-    private static func resolveUsageURL() -> URL {
-        self.resolveUsageURL(env: ProcessInfo.processInfo.environment, configContents: nil)
+    private static func resolveUsageURL(env: [String: String]) -> URL {
+        self.resolveUsageURL(env: env, configContents: nil)
     }
 
     private static func resolveUsageURL(env: [String: String], configContents: String?) -> URL {
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexOAuth/CodexTokenRefresher.swift b/Sources/CodexBarCore/Providers/Codex/CodexOAuth/CodexTokenRefresher.swift
index aa49311fa..c39a3c3b1 100644
--- a/Sources/CodexBarCore/Providers/Codex/CodexOAuth/CodexTokenRefresher.swift
+++ b/Sources/CodexBarCore/Providers/Codex/CodexOAuth/CodexTokenRefresher.swift
@@ -49,25 +49,10 @@ public enum CodexTokenRefresher {
         request.httpBody = try JSONSerialization.data(withJSONObject: body)
 
         do {
-            let (data, response) = try await URLSession.shared.data(for: request)
-            guard let http = response as? HTTPURLResponse else {
-                throw RefreshError.invalidResponse("No HTTP response")
-            }
-
-            if http.statusCode == 401 {
-                if let errorCode = Self.extractErrorCode(from: data) {
-                    switch errorCode.lowercased() {
-                    case "refresh_token_expired": throw RefreshError.expired
-                    case "refresh_token_reused": throw RefreshError.reused
-                    case "refresh_token_invalidated": throw RefreshError.revoked
-                    default: throw RefreshError.expired
-                    }
-                }
-                throw RefreshError.expired
-            }
-
-            guard http.statusCode == 200 else {
-                throw RefreshError.invalidResponse("Status \(http.statusCode)")
+            let response = try await ProviderHTTPClient.shared.response(for: request)
+            let data = response.data
+            guard response.statusCode == 200 else {
+                throw Self.refreshFailureError(statusCode: response.statusCode, data: data)
             }
 
             guard let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
@@ -97,4 +82,33 @@ public enum CodexTokenRefresher {
         if let error = json["error"] as? String { return error }
         return json["code"] as? String
     }
+
+    private static func refreshFailureError(statusCode: Int, data: Data) -> RefreshError {
+        if let errorCode = extractErrorCode(from: data) {
+            switch errorCode.lowercased() {
+            case "refresh_token_expired":
+                return .expired
+            case "refresh_token_reused":
+                return .reused
+            case "invalid_grant", "refresh_token_invalidated":
+                return .revoked
+            default:
+                break
+            }
+        }
+
+        if statusCode == 401 {
+            return .expired
+        }
+
+        return .invalidResponse("Status \(statusCode)")
+    }
 }
+
+#if DEBUG
+extension CodexTokenRefresher {
+    static func _refreshFailureErrorForTesting(statusCode: Int, data: Data) -> RefreshError {
+        self.refreshFailureError(statusCode: statusCode, data: data)
+    }
+}
+#endif
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexOpenAIWorkspaceIdentityCache.swift b/Sources/CodexBarCore/Providers/Codex/CodexOpenAIWorkspaceIdentityCache.swift
new file mode 100644
index 000000000..2809c8c3c
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codex/CodexOpenAIWorkspaceIdentityCache.swift
@@ -0,0 +1,115 @@
+import Foundation
+
+public struct CodexOpenAIWorkspaceIdentityCache: @unchecked Sendable {
+    public static let currentVersion = 1
+
+    private struct Payload: Codable {
+        let version: Int
+        var labelsByWorkspaceAccountID: [String: String]
+
+        init(
+            version: Int = CodexOpenAIWorkspaceIdentityCache.currentVersion,
+            labelsByWorkspaceAccountID: [String: String])
+        {
+            self.version = version
+            self.labelsByWorkspaceAccountID = labelsByWorkspaceAccountID
+        }
+    }
+
+    #if DEBUG
+    @TaskLocal static var taskFileURLOverride: URL?
+    #endif
+
+    private let fileURL: URL
+    private let fileManager: FileManager
+
+    public init(fileURL: URL = Self.defaultURL(), fileManager: FileManager = .default) {
+        self.fileURL = fileURL
+        self.fileManager = fileManager
+    }
+
+    public func workspaceLabel(for workspaceAccountID: String?) -> String? {
+        guard let normalizedWorkspaceAccountID = CodexOpenAIWorkspaceResolver
+            .normalizeWorkspaceAccountID(workspaceAccountID)
+        else {
+            return nil
+        }
+
+        return self.loadPayload().labelsByWorkspaceAccountID[normalizedWorkspaceAccountID]
+    }
+
+    public func store(_ identity: CodexOpenAIWorkspaceIdentity) throws {
+        guard let workspaceLabel = CodexOpenAIWorkspaceIdentity.normalizeWorkspaceLabel(identity.workspaceLabel) else {
+            return
+        }
+
+        var payload = self.loadPayload()
+        payload.labelsByWorkspaceAccountID[identity.workspaceAccountID] = workspaceLabel
+
+        let encoder = JSONEncoder()
+        encoder.outputFormatting = [.prettyPrinted, .sortedKeys]
+        let data = try encoder.encode(payload)
+        let directory = self.fileURL.deletingLastPathComponent()
+        if !self.fileManager.fileExists(atPath: directory.path) {
+            try self.fileManager.createDirectory(at: directory, withIntermediateDirectories: true)
+        }
+        try data.write(to: self.fileURL, options: [.atomic])
+        try self.applySecurePermissionsIfNeeded()
+    }
+
+    private func loadPayload() -> Payload {
+        guard self.fileManager.fileExists(atPath: self.fileURL.path),
+              let data = try? Data(contentsOf: self.fileURL),
+              let payload = try? JSONDecoder().decode(Payload.self, from: data),
+              payload.version == Self.currentVersion
+        else {
+            return Payload(labelsByWorkspaceAccountID: [:])
+        }
+
+        return payload
+    }
+
+    private func applySecurePermissionsIfNeeded() throws {
+        #if os(macOS)
+        try self.fileManager.setAttributes([
+            .posixPermissions: NSNumber(value: Int16(0o600)),
+        ], ofItemAtPath: self.fileURL.path)
+        #endif
+    }
+
+    public static func defaultURL() -> URL {
+        #if DEBUG
+        if let override = self.taskFileURLOverride {
+            return override
+        }
+        #endif
+
+        let base = FileManager.default.urls(for: .applicationSupportDirectory, in: .userDomainMask).first
+            ?? FileManager.default.homeDirectoryForCurrentUser
+        return base
+            .appendingPathComponent("CodexBar", isDirectory: true)
+            .appendingPathComponent("codex-openai-workspaces.json")
+    }
+}
+
+#if DEBUG
+extension CodexOpenAIWorkspaceIdentityCache {
+    public static func withFileURLOverrideForTesting<T>(
+        _ fileURL: URL,
+        operation: () throws -> T) rethrows -> T
+    {
+        try self.$taskFileURLOverride.withValue(fileURL) {
+            try operation()
+        }
+    }
+
+    public static func withFileURLOverrideForTesting<T>(
+        _ fileURL: URL,
+        operation: () async throws -> T) async rethrows -> T
+    {
+        try await self.$taskFileURLOverride.withValue(fileURL) {
+            try await operation()
+        }
+    }
+}
+#endif
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexOpenAIWorkspaceResolver.swift b/Sources/CodexBarCore/Providers/Codex/CodexOpenAIWorkspaceResolver.swift
new file mode 100644
index 000000000..4aea36710
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codex/CodexOpenAIWorkspaceResolver.swift
@@ -0,0 +1,113 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public struct CodexOpenAIWorkspaceIdentity: Equatable, Sendable {
+    public let workspaceAccountID: String
+    public let workspaceLabel: String?
+
+    public init(workspaceAccountID: String, workspaceLabel: String?) {
+        self.workspaceAccountID = Self.normalizeWorkspaceAccountID(workspaceAccountID)
+        self.workspaceLabel = Self.normalizeWorkspaceLabel(workspaceLabel)
+    }
+
+    public static func normalizeWorkspaceAccountID(_ value: String) -> String {
+        value.trimmingCharacters(in: .whitespacesAndNewlines).lowercased()
+    }
+
+    public static func normalizeWorkspaceLabel(_ value: String?) -> String? {
+        guard let trimmed = value?.trimmingCharacters(in: .whitespacesAndNewlines), !trimmed.isEmpty else {
+            return nil
+        }
+        return trimmed
+    }
+}
+
+public enum CodexOpenAIWorkspaceResolver {
+    private struct AccountsResponse: Decodable {
+        let items: [AccountItem]
+    }
+
+    private struct AccountItem: Decodable {
+        let id: String
+        let name: String?
+    }
+
+    private static let accountsURL = URL(string: "https://chatgpt.com/backend-api/accounts")!
+
+    public static func resolve(
+        credentials: CodexOAuthCredentials,
+        session transport: any ProviderHTTPTransport = ProviderHTTPClient
+            .shared) async throws -> CodexOpenAIWorkspaceIdentity?
+    {
+        guard let workspaceAccountID = normalizeWorkspaceAccountID(credentials.accountId) else {
+            return nil
+        }
+
+        let identities = try await self.listWorkspaces(credentials: credentials, session: transport)
+        if let identity = identities.first(where: { $0.workspaceAccountID == workspaceAccountID }) {
+            return identity
+        }
+
+        return CodexOpenAIWorkspaceIdentity(
+            workspaceAccountID: workspaceAccountID,
+            workspaceLabel: nil)
+    }
+
+    public static func listWorkspaces(
+        credentials: CodexOAuthCredentials,
+        session transport: any ProviderHTTPTransport = ProviderHTTPClient
+            .shared) async throws -> [CodexOpenAIWorkspaceIdentity]
+    {
+        var request = URLRequest(url: self.accountsURL)
+        request.httpMethod = "GET"
+        request.timeoutInterval = 20
+        request.setValue("Bearer \(credentials.accessToken)", forHTTPHeaderField: "Authorization")
+        request.setValue("codex-cli", forHTTPHeaderField: "User-Agent")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        if let workspaceAccountID = normalizeWorkspaceAccountID(credentials.accountId) {
+            request.setValue(workspaceAccountID, forHTTPHeaderField: "ChatGPT-Account-Id")
+        }
+
+        let response = try await transport.response(for: request)
+        guard (200..<300).contains(response.statusCode)
+        else {
+            throw CodexOpenAIWorkspaceResolverError.invalidResponse
+        }
+
+        let decoded = try JSONDecoder().decode(AccountsResponse.self, from: response.data)
+        return decoded.items.compactMap { account in
+            guard let workspaceAccountID = self.normalizeWorkspaceAccountID(account.id) else { return nil }
+            return CodexOpenAIWorkspaceIdentity(
+                workspaceAccountID: workspaceAccountID,
+                workspaceLabel: self.resolveWorkspaceLabel(from: account))
+        }
+    }
+
+    public static func normalizeWorkspaceAccountID(_ value: String?) -> String? {
+        guard let trimmed = value?.trimmingCharacters(in: .whitespacesAndNewlines), !trimmed.isEmpty else {
+            return nil
+        }
+        return trimmed.lowercased()
+    }
+
+    private static func resolveWorkspaceLabel(from account: AccountItem) -> String? {
+        let name = account.name?.trimmingCharacters(in: .whitespacesAndNewlines)
+        if let name, !name.isEmpty {
+            return name
+        }
+        return "Personal"
+    }
+}
+
+public enum CodexOpenAIWorkspaceResolverError: LocalizedError, Sendable {
+    case invalidResponse
+
+    public var errorDescription: String? {
+        switch self {
+        case .invalidResponse:
+            "OpenAI account lookup returned an invalid response."
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexPlanFormatting.swift b/Sources/CodexBarCore/Providers/Codex/CodexPlanFormatting.swift
new file mode 100644
index 000000000..af546a380
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codex/CodexPlanFormatting.swift
@@ -0,0 +1,59 @@
+import Foundation
+
+public enum CodexPlanFormatting {
+    private static let exactDisplayNames: [String: String] = [
+        "pro": "Pro 20x",
+        "prolite": "Pro 5x",
+        "pro_lite": "Pro 5x",
+        "pro-lite": "Pro 5x",
+        "pro lite": "Pro 5x",
+    ]
+
+    private static let uppercaseWords: Set<String> = [
+        "cbp",
+        "k12",
+    ]
+
+    public static func displayName(_ raw: String?) -> String? {
+        guard let raw = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !raw.isEmpty else {
+            return nil
+        }
+
+        let lower = raw.lowercased()
+        if let exact = Self.exactDisplayNames[lower] {
+            return exact
+        }
+
+        let cleaned = UsageFormatter.cleanPlanName(raw)
+        let candidate = cleaned.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !candidate.isEmpty else { return raw }
+
+        if let exact = Self.exactDisplayNames[candidate.lowercased()] {
+            return exact
+        }
+
+        let components = candidate
+            .split(whereSeparator: { $0 == "_" || $0 == "-" || $0.isWhitespace })
+            .map(String.init)
+            .filter { !$0.isEmpty }
+
+        guard !components.isEmpty else { return candidate }
+
+        let formatted = components.map(Self.wordDisplayName).joined(separator: " ")
+        return formatted.isEmpty ? candidate : formatted
+    }
+
+    private static func wordDisplayName(_ raw: String) -> String {
+        let lower = raw.lowercased()
+        if Self.uppercaseWords.contains(lower) {
+            return lower.uppercased()
+        }
+        if raw == raw.uppercased(), raw.contains(where: \.isLetter) {
+            return raw
+        }
+        if let first = raw.first, first.isLowercase {
+            return raw.prefix(1).uppercased() + raw.dropFirst()
+        }
+        return raw
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Codex/CodexProviderDescriptor.swift
index ea0c8b880..dbd9af075 100644
--- a/Sources/CodexBarCore/Providers/Codex/CodexProviderDescriptor.swift
+++ b/Sources/CodexBarCore/Providers/Codex/CodexProviderDescriptor.swift
@@ -21,8 +21,10 @@ public enum CodexProviderDescriptor {
                 defaultEnabled: true,
                 isPrimaryProvider: true,
                 usesAccountFallback: true,
-                browserCookieOrder: ProviderBrowserCookieDefaults.defaultImportOrder,
+                browserCookieOrder: ProviderBrowserCookieDefaults.codexCookieImportOrder
+                    ?? ProviderBrowserCookieDefaults.defaultImportOrder,
                 dashboardURL: "https://chatgpt.com/codex/settings/usage",
+                changelogURL: "https://github.com/openai/codex/releases",
                 statusPageURL: "https://status.openai.com/"),
             branding: ProviderBranding(
                 iconStyle: .codex,
@@ -32,7 +34,7 @@ public enum CodexProviderDescriptor {
                 supportsTokenCost: true,
                 noDataMessage: self.noDataMessage),
             fetchPlan: ProviderFetchPlan(
-                sourceModes: [.auto, .oauth],
+                sourceModes: [.auto, .web, .cli, .oauth],
                 pipeline: ProviderFetchPipeline(resolveStrategies: self.resolveStrategies)),
             cli: ProviderCLIConfig(
                 name: "codex",
@@ -40,22 +42,46 @@ public enum CodexProviderDescriptor {
     }
 
     private static func resolveStrategies(context: ProviderFetchContext) async -> [any ProviderFetchStrategy] {
-        switch context.sourceMode {
-        case .oauth, .auto:
-            [CodexOAuthFetchStrategy()]
-        case .api, .web, .cli:
-            []
+        let cli = CodexCLIUsageStrategy()
+        let oauth = CodexOAuthFetchStrategy()
+        let web = CodexWebDashboardStrategy()
+
+        switch context.runtime {
+        case .cli:
+            switch context.sourceMode {
+            case .oauth:
+                return [oauth]
+            case .web:
+                return [web]
+            case .cli:
+                return [cli]
+            case .api:
+                return []
+            case .auto:
+                return [web, oauth, cli]
+            }
+        case .app:
+            switch context.sourceMode {
+            case .oauth:
+                return [oauth]
+            case .cli:
+                return [cli]
+            case .web:
+                return [web]
+            case .api:
+                return []
+            case .auto:
+                return [oauth, cli]
+            }
         }
     }
 
     private static func noDataMessage() -> String {
-        let fm = FileManager.default
-        let home = fm.homeDirectoryForCurrentUser.path
-        let base = ProcessInfo.processInfo.environment["CODEX_HOME"].flatMap { raw -> String? in
-            let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
-            guard !trimmed.isEmpty else { return nil }
-            return trimmed
-        } ?? "\(home)/.codex"
+        self.noDataMessage(env: ProcessInfo.processInfo.environment)
+    }
+
+    private static func noDataMessage(env: [String: String], fileManager: FileManager = .default) -> String {
+        let base = CodexHomeScope.ambientHomeURL(env: env, fileManager: fileManager).path
         let sessions = "\(base)/sessions"
         let archived = "\(base)/archived_sessions"
         return "No Codex sessions found in \(sessions) or \(archived)."
@@ -83,16 +109,27 @@ struct CodexCLIUsageStrategy: ProviderFetchStrategy {
     let id: String = "codex.cli"
     let kind: ProviderFetchKind = .cli
 
-    func isAvailable(_: ProviderFetchContext) async -> Bool {
-        true
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        Self.resolvedBinary(env: context.env) != nil
     }
 
     func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
-        let keepAlive = context.settings?.debugKeepCLISessionsAlive ?? false
-        let usage = try await context.fetcher.loadLatestUsage(keepCLISessionsAlive: keepAlive)
-        let credits = await context.includeCredits
-            ? (try? context.fetcher.loadLatestCredits(keepCLISessionsAlive: keepAlive))
-            : nil
+        let snapshot = try await context.fetcher.loadLatestCLIAccountSnapshot()
+        guard let usage = snapshot.usage else {
+            guard context.includeCredits, let credits = snapshot.credits else {
+                throw UsageError.noRateLimitsFound
+            }
+            // Credits refresh can succeed even when RPC omits rate-limit windows.
+            return self.makeResult(
+                usage: UsageSnapshot(
+                    primary: nil,
+                    secondary: nil,
+                    updatedAt: credits.updatedAt,
+                    identity: nil),
+                credits: credits,
+                sourceLabel: "codex-cli")
+        }
+        let credits = context.includeCredits ? snapshot.credits : nil
         return self.makeResult(
             usage: usage,
             credits: credits,
@@ -102,55 +139,83 @@ struct CodexCLIUsageStrategy: ProviderFetchStrategy {
     func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
         false
     }
+
+    static func resolvedBinary(
+        env: [String: String],
+        loginPATH: [String]? = LoginShellPathCache.shared.current,
+        commandV: (String, String?, TimeInterval, FileManager) -> String? = ShellCommandLocator.commandV,
+        aliasResolver: (String, String?, TimeInterval, FileManager, String) -> String? = ShellCommandLocator
+            .resolveAlias,
+        fileManager: FileManager = .default,
+        home: String = NSHomeDirectory()) -> String?
+    {
+        BinaryLocator.resolveCodexBinary(
+            env: env,
+            loginPATH: loginPATH,
+            commandV: commandV,
+            aliasResolver: aliasResolver,
+            fileManager: fileManager,
+            home: home)
+    }
 }
 
 struct CodexOAuthFetchStrategy: ProviderFetchStrategy {
     let id: String = "codex.oauth"
     let kind: ProviderFetchKind = .oauth
 
-    func isAvailable(_: ProviderFetchContext) async -> Bool {
-        (try? CodexOAuthCredentialsStore.load()) != nil
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        (try? CodexOAuthCredentialsStore.load(env: context.env)) != nil
     }
 
-    func fetch(_: ProviderFetchContext) async throws -> ProviderFetchResult {
-        var credentials = try CodexOAuthCredentialsStore.load()
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        var credentials = try CodexOAuthCredentialsStore.load(env: context.env)
 
         if credentials.needsRefresh, !credentials.refreshToken.isEmpty {
             credentials = try await CodexTokenRefresher.refresh(credentials)
-            try CodexOAuthCredentialsStore.save(credentials)
+            try CodexOAuthCredentialsStore.save(credentials, env: context.env)
         }
 
         let usage = try await CodexOAuthUsageFetcher.fetchUsage(
             accessToken: credentials.accessToken,
-            accountId: credentials.accountId)
-
-        return self.makeResult(
-            usage: Self.mapUsage(usage, credentials: credentials),
-            credits: Self.mapCredits(usage.credits),
-            sourceLabel: "oauth")
+            accountId: credentials.accountId,
+            env: context.env)
+        let updatedAt = Date()
+        return try Self.makeResult(
+            usageResponse: usage,
+            credentials: credentials,
+            updatedAt: updatedAt,
+            sourceMode: context.sourceMode)
     }
 
     func shouldFallback(on error: Error, context: ProviderFetchContext) -> Bool {
         guard context.sourceMode == .auto else { return false }
-        return true
-    }
 
-    private static func mapUsage(_ response: CodexUsageResponse, credentials: CodexOAuthCredentials) -> UsageSnapshot {
-        let primary = Self.makeWindow(response.rateLimit?.primaryWindow)
-        let secondary = Self.makeWindow(response.rateLimit?.secondaryWindow)
-
-        let identity = ProviderIdentitySnapshot(
-            providerID: .codex,
-            accountEmail: Self.resolveAccountEmail(from: credentials),
-            accountOrganization: nil,
-            loginMethod: Self.resolvePlan(response: response, credentials: credentials))
-
-        return UsageSnapshot(
-            primary: primary ?? RateWindow(usedPercent: 0, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
-            secondary: secondary,
-            tertiary: nil,
-            updatedAt: Date(),
-            identity: identity)
+        // Auto mode may launch the CLI as the next strategy. Keep that fallback
+        // limited to OAuth states the CLI can actually repair, otherwise
+        // transient API or decode failures can spawn `codex app-server`
+        // repeatedly instead of surfacing the original OAuth failure.
+        if let fetchError = error as? CodexOAuthFetchError {
+            switch fetchError {
+            case .unauthorized:
+                return true
+            case .invalidResponse, .serverError, .networkError:
+                return false
+            }
+        }
+        if let credentialsError = error as? CodexOAuthCredentialsError {
+            switch credentialsError {
+            case .notFound, .missingTokens:
+                return true
+            case .decodeFailed:
+                return false
+            }
+        }
+        switch error as? CodexTokenRefresher.RefreshError {
+        case .expired, .revoked, .reused:
+            return true
+        case .networkError, .invalidResponse, .none:
+            return false
+        }
     }
 
     private static func mapCredits(_ credits: CodexUsageResponse.CreditDetails?) -> CreditsSnapshot? {
@@ -158,47 +223,70 @@ struct CodexOAuthFetchStrategy: ProviderFetchStrategy {
         return CreditsSnapshot(remaining: balance, events: [], updatedAt: Date())
     }
 
-    private static func makeWindow(_ window: CodexUsageResponse.WindowSnapshot?) -> RateWindow? {
-        guard let window else { return nil }
-        let resetDate = Date(timeIntervalSince1970: TimeInterval(window.resetAt))
-        let resetDescription = UsageFormatter.resetDescription(from: resetDate)
-        return RateWindow(
-            usedPercent: Double(window.usedPercent),
-            windowMinutes: window.limitWindowSeconds / 60,
-            resetsAt: resetDate,
-            resetDescription: resetDescription)
-    }
+    private static func makeResult(
+        usageResponse: CodexUsageResponse,
+        credentials: CodexOAuthCredentials,
+        updatedAt: Date,
+        sourceMode: ProviderSourceMode) throws -> ProviderFetchResult
+    {
+        let credits = Self.mapCredits(usageResponse.credits)
+        let reconciled = CodexReconciledState.fromOAuth(
+            response: usageResponse,
+            credentials: credentials,
+            updatedAt: updatedAt)
 
-    private static func resolveAccountEmail(from credentials: CodexOAuthCredentials) -> String? {
-        guard let idToken = credentials.idToken,
-              let payload = UsageFetcher.parseJWT(idToken)
-        else {
-            return nil
+        if let reconciled {
+            return CodexOAuthFetchStrategy().makeResult(
+                usage: reconciled.toUsageSnapshot(),
+                credits: credits,
+                sourceLabel: "oauth")
         }
 
-        let profileDict = payload["https://api.openai.com/profile"] as? [String: Any]
-        let email = (payload["email"] as? String) ?? (profileDict?["email"] as? String)
-        return email?.trimmingCharacters(in: .whitespacesAndNewlines)
-    }
-
-    private static func resolvePlan(response: CodexUsageResponse, credentials: CodexOAuthCredentials) -> String? {
-        if let plan = response.planType?.rawValue, !plan.isEmpty { return plan }
-        guard let idToken = credentials.idToken,
-              let payload = UsageFetcher.parseJWT(idToken)
-        else {
-            return nil
+        guard let credits else {
+            throw UsageError.noRateLimitsFound
         }
-        let authDict = payload["https://api.openai.com/auth"] as? [String: Any]
-        let plan = (authDict?["chatgpt_plan_type"] as? String) ?? (payload["chatgpt_plan_type"] as? String)
-        return plan?.trimmingCharacters(in: .whitespacesAndNewlines)
+
+        // Credits can still be useful when the OAuth API omits or partially
+        // fails to decode rate-limit windows. Returning the partial OAuth result
+        // prevents auto mode from escalating a usable response into CLI fallback.
+        return CodexOAuthFetchStrategy().makeResult(
+            usage: UsageSnapshot(
+                primary: nil,
+                secondary: nil,
+                tertiary: nil,
+                updatedAt: updatedAt,
+                identity: CodexReconciledState.oauthIdentity(
+                    response: usageResponse,
+                    credentials: credentials)),
+            credits: credits,
+            sourceLabel: "oauth")
     }
 }
 
 #if DEBUG
 extension CodexOAuthFetchStrategy {
-    static func _mapUsageForTesting(_ data: Data, credentials: CodexOAuthCredentials) throws -> UsageSnapshot {
+    static func _mapUsageForTesting(_ data: Data, credentials: CodexOAuthCredentials) throws -> UsageSnapshot? {
         let usage = try JSONDecoder().decode(CodexUsageResponse.self, from: data)
-        return Self.mapUsage(usage, credentials: credentials)
+        return CodexReconciledState.fromOAuth(response: usage, credentials: credentials)?.toUsageSnapshot()
+    }
+
+    static func _mapResultForTesting(
+        _ data: Data,
+        credentials: CodexOAuthCredentials,
+        sourceMode: ProviderSourceMode = .oauth) throws -> ProviderFetchResult
+    {
+        let usageResponse = try JSONDecoder().decode(CodexUsageResponse.self, from: data)
+        return try Self.makeResult(
+            usageResponse: usageResponse,
+            credentials: credentials,
+            updatedAt: Date(),
+            sourceMode: sourceMode)
+    }
+}
+
+extension CodexProviderDescriptor {
+    static func _noDataMessageForTesting(env: [String: String]) -> String {
+        self.noDataMessage(env: env)
     }
 }
 #endif
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexProviderSettingsBuilder.swift b/Sources/CodexBarCore/Providers/Codex/CodexProviderSettingsBuilder.swift
new file mode 100644
index 000000000..b52c1452c
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codex/CodexProviderSettingsBuilder.swift
@@ -0,0 +1,67 @@
+import Foundation
+
+public struct CodexProviderSettingsBuilderInput: Sendable {
+    public let usageDataSource: CodexUsageDataSource
+    public let cookieSource: ProviderCookieSource
+    public let manualCookieHeader: String?
+    public let reconciliationSnapshot: CodexAccountReconciliationSnapshot
+    public let resolvedActiveSource: CodexResolvedActiveSource
+
+    public init(
+        usageDataSource: CodexUsageDataSource,
+        cookieSource: ProviderCookieSource,
+        manualCookieHeader: String?,
+        reconciliationSnapshot: CodexAccountReconciliationSnapshot,
+        resolvedActiveSource: CodexResolvedActiveSource)
+    {
+        self.usageDataSource = usageDataSource
+        self.cookieSource = cookieSource
+        self.manualCookieHeader = manualCookieHeader
+        self.reconciliationSnapshot = reconciliationSnapshot
+        self.resolvedActiveSource = resolvedActiveSource
+    }
+}
+
+public enum CodexKnownOwnerCatalog {
+    public static func candidates(
+        from snapshot: CodexAccountReconciliationSnapshot) -> [CodexDashboardKnownOwnerCandidate]
+    {
+        var candidates = snapshot.storedAccounts.map { account in
+            CodexDashboardKnownOwnerCandidate(
+                identity: snapshot.runtimeIdentity(for: account),
+                normalizedEmail: CodexIdentityResolver.normalizeEmail(snapshot.runtimeEmail(for: account)))
+        }
+
+        if let liveSystemAccount = snapshot.liveSystemAccount {
+            candidates.append(CodexDashboardKnownOwnerCandidate(
+                identity: snapshot.runtimeIdentity(for: liveSystemAccount),
+                normalizedEmail: CodexIdentityResolver.normalizeEmail(liveSystemAccount.email)))
+        }
+
+        return candidates
+    }
+}
+
+public enum CodexProviderSettingsBuilder {
+    public static func make(input: CodexProviderSettingsBuilderInput) -> ProviderSettingsSnapshot
+    .CodexProviderSettings {
+        let snapshot = input.reconciliationSnapshot
+        let persistedSource = input.resolvedActiveSource.persistedSource
+        let managedSourceSelected = switch persistedSource {
+        case .liveSystem:
+            false
+        case .managedAccount:
+            true
+        }
+
+        return ProviderSettingsSnapshot.CodexProviderSettings(
+            usageDataSource: input.usageDataSource,
+            cookieSource: input.cookieSource,
+            manualCookieHeader: input.manualCookieHeader,
+            managedAccountStoreUnreadable: managedSourceSelected && snapshot.hasUnreadableAddedAccountStore,
+            managedAccountTargetUnavailable: managedSourceSelected
+                && snapshot.hasUnreadableAddedAccountStore == false
+                && snapshot.activeStoredAccount == nil,
+            dashboardAuthorityKnownOwners: CodexKnownOwnerCatalog.candidates(from: snapshot))
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexRateWindowNormalizer.swift b/Sources/CodexBarCore/Providers/Codex/CodexRateWindowNormalizer.swift
new file mode 100644
index 000000000..018100eec
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codex/CodexRateWindowNormalizer.swift
@@ -0,0 +1,66 @@
+import Foundation
+
+enum CodexRateWindowNormalizer {
+    static func normalize(
+        primary: RateWindow?,
+        secondary: RateWindow?)
+        -> (primary: RateWindow?, secondary: RateWindow?)
+    {
+        switch (primary, secondary) {
+        case let (.some(primaryWindow), .some(secondaryWindow)):
+            switch (self.role(for: primaryWindow), self.role(for: secondaryWindow)) {
+            case (.session, .weekly), (.session, .unknown), (.unknown, .weekly):
+                (primaryWindow, secondaryWindow)
+            case (.weekly, .session), (.weekly, .unknown):
+                (secondaryWindow, primaryWindow)
+            default:
+                (primaryWindow, secondaryWindow)
+            }
+        case let (.some(primaryWindow), .none):
+            switch role(for: primaryWindow) {
+            case .weekly:
+                (nil, primaryWindow)
+            case .session, .unknown:
+                (primaryWindow, nil)
+            }
+        case let (.none, .some(secondaryWindow)):
+            switch self.role(for: secondaryWindow) {
+            case .session, .unknown:
+                (secondaryWindow, nil)
+            case .weekly:
+                (nil, secondaryWindow)
+            }
+        case (.none, .none):
+            (nil, nil)
+        }
+    }
+
+    private enum WindowRole {
+        case session
+        case weekly
+        case unknown
+    }
+
+    private static func role(for window: RateWindow) -> WindowRole {
+        switch window.windowMinutes {
+        case 300:
+            .session
+        case 10080:
+            .weekly
+        default:
+            .unknown
+        }
+    }
+}
+
+#if DEBUG
+extension CodexRateWindowNormalizer {
+    static func _normalizeForTesting(
+        primary: RateWindow?,
+        secondary: RateWindow?)
+        -> (primary: RateWindow?, secondary: RateWindow?)
+    {
+        self.normalize(primary: primary, secondary: secondary)
+    }
+}
+#endif
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexReconciledState.swift b/Sources/CodexBarCore/Providers/Codex/CodexReconciledState.swift
new file mode 100644
index 000000000..83f8f28d4
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codex/CodexReconciledState.swift
@@ -0,0 +1,149 @@
+import Foundation
+
+public struct CodexReconciledState: Sendable {
+    public let session: RateWindow?
+    public let weekly: RateWindow?
+    /// Named model-specific limits (e.g. Codex Spark) surfaced through `UsageSnapshot.extraRateWindows`.
+    public let extraRateWindows: [NamedRateWindow]
+    public let identity: ProviderIdentitySnapshot?
+    public let updatedAt: Date
+
+    public init(
+        session: RateWindow?,
+        weekly: RateWindow?,
+        extraRateWindows: [NamedRateWindow] = [],
+        identity: ProviderIdentitySnapshot?,
+        updatedAt: Date)
+    {
+        self.session = session
+        self.weekly = weekly
+        self.extraRateWindows = extraRateWindows
+        self.identity = identity
+        self.updatedAt = updatedAt
+    }
+
+    public static func fromCLI(
+        primary: RateWindow?,
+        secondary: RateWindow?,
+        identity: ProviderIdentitySnapshot?,
+        updatedAt: Date = Date()) -> CodexReconciledState?
+    {
+        self.make(primary: primary, secondary: secondary, identity: identity, updatedAt: updatedAt)
+    }
+
+    public static func fromOAuth(
+        response: CodexUsageResponse,
+        credentials: CodexOAuthCredentials,
+        updatedAt: Date = Date()) -> CodexReconciledState?
+    {
+        self.make(
+            primary: self.makeWindow(response.rateLimit?.primaryWindow),
+            secondary: self.makeWindow(response.rateLimit?.secondaryWindow),
+            extraRateWindows: CodexAdditionalRateLimitMapper.extraRateWindows(
+                from: response.additionalRateLimits,
+                now: updatedAt),
+            identity: self.oauthIdentity(response: response, credentials: credentials),
+            updatedAt: updatedAt)
+    }
+
+    public static func fromAttachedDashboard(
+        snapshot: OpenAIDashboardSnapshot,
+        provider: UsageProvider = .codex,
+        accountEmail: String? = nil,
+        accountPlan: String? = nil) -> CodexReconciledState?
+    {
+        let resolvedEmail = accountEmail ?? snapshot.signedInEmail
+        let resolvedPlan = accountPlan ?? snapshot.accountPlan
+        let identity = ProviderIdentitySnapshot(
+            providerID: provider,
+            accountEmail: resolvedEmail,
+            accountOrganization: nil,
+            loginMethod: resolvedPlan)
+
+        return self.make(
+            primary: snapshot.primaryLimit,
+            secondary: snapshot.secondaryLimit,
+            extraRateWindows: snapshot.extraRateWindows ?? [],
+            identity: identity,
+            updatedAt: snapshot.updatedAt)
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        UsageSnapshot(
+            primary: self.session,
+            secondary: self.weekly,
+            tertiary: nil,
+            extraRateWindows: self.extraRateWindows.isEmpty ? nil : self.extraRateWindows,
+            updatedAt: self.updatedAt,
+            identity: self.identity)
+    }
+
+    public static func oauthIdentity(
+        response: CodexUsageResponse,
+        credentials: CodexOAuthCredentials) -> ProviderIdentitySnapshot
+    {
+        ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: self.resolveAccountEmail(from: credentials),
+            accountOrganization: nil,
+            loginMethod: self.resolvePlan(response: response, credentials: credentials))
+    }
+
+    private static func make(
+        primary: RateWindow?,
+        secondary: RateWindow?,
+        extraRateWindows: [NamedRateWindow] = [],
+        identity: ProviderIdentitySnapshot?,
+        updatedAt: Date) -> CodexReconciledState?
+    {
+        let normalized = CodexRateWindowNormalizer.normalize(primary: primary, secondary: secondary)
+        // Extra windows are supplemental, so they never resurrect a snapshot on their own: keep the
+        // existing primary/weekly gate to preserve current behavior when only extra limits are present.
+        guard normalized.primary != nil || normalized.secondary != nil else {
+            return nil
+        }
+
+        return CodexReconciledState(
+            session: normalized.primary,
+            weekly: normalized.secondary,
+            extraRateWindows: extraRateWindows,
+            identity: identity,
+            updatedAt: updatedAt)
+    }
+
+    private static func makeWindow(_ window: CodexUsageResponse.WindowSnapshot?) -> RateWindow? {
+        guard let window else { return nil }
+        let resetDate = Date(timeIntervalSince1970: TimeInterval(window.resetAt))
+        let resetDescription = UsageFormatter.resetDescription(from: resetDate)
+        return RateWindow(
+            usedPercent: Double(window.usedPercent),
+            windowMinutes: window.limitWindowSeconds / 60,
+            resetsAt: resetDate,
+            resetDescription: resetDescription)
+    }
+
+    private static func resolveAccountEmail(from credentials: CodexOAuthCredentials) -> String? {
+        guard let idToken = credentials.idToken,
+              let payload = UsageFetcher.parseJWT(idToken)
+        else {
+            return nil
+        }
+
+        let profileDict = payload["https://api.openai.com/profile"] as? [String: Any]
+        let email = (payload["email"] as? String) ?? (profileDict?["email"] as? String)
+        return email?.trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+
+    private static func resolvePlan(response: CodexUsageResponse, credentials: CodexOAuthCredentials) -> String? {
+        if let plan = response.planType?.rawValue, !plan.isEmpty { return plan }
+        guard let idToken = credentials.idToken,
+              let payload = UsageFetcher.parseJWT(idToken)
+        else {
+            return nil
+        }
+
+        let authDict = payload["https://api.openai.com/auth"] as? [String: Any]
+        let plan = (authDict?["chatgpt_plan_type"] as? String) ?? (payload["chatgpt_plan_type"] as? String)
+        return plan?.trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexStatusProbe.swift b/Sources/CodexBarCore/Providers/Codex/CodexStatusProbe.swift
index a04aee558..6da629082 100644
--- a/Sources/CodexBarCore/Providers/Codex/CodexStatusProbe.swift
+++ b/Sources/CodexBarCore/Providers/Codex/CodexStatusProbe.swift
@@ -6,6 +6,8 @@ public struct CodexStatusSnapshot: Sendable {
     public let weeklyPercentLeft: Int?
     public let fiveHourResetDescription: String?
     public let weeklyResetDescription: String?
+    public let fiveHourResetsAt: Date?
+    public let weeklyResetsAt: Date?
     public let rawText: String
 
     public init(
@@ -14,6 +16,8 @@ public struct CodexStatusSnapshot: Sendable {
         weeklyPercentLeft: Int?,
         fiveHourResetDescription: String?,
         weeklyResetDescription: String?,
+        fiveHourResetsAt: Date?,
+        weeklyResetsAt: Date?,
         rawText: String)
     {
         self.credits = credits
@@ -21,12 +25,15 @@ public struct CodexStatusSnapshot: Sendable {
         self.weeklyPercentLeft = weeklyPercentLeft
         self.fiveHourResetDescription = fiveHourResetDescription
         self.weeklyResetDescription = weeklyResetDescription
+        self.fiveHourResetsAt = fiveHourResetsAt
+        self.weeklyResetsAt = weeklyResetsAt
         self.rawText = rawText
     }
 }
 
 public enum CodexStatusProbeError: LocalizedError, Sendable {
     case codexNotInstalled
+    case launchBlocked(String)
     case parseFailed(String)
     case timedOut
     case updateRequired(String)
@@ -35,6 +42,8 @@ public enum CodexStatusProbeError: LocalizedError, Sendable {
         switch self {
         case .codexNotInstalled:
             "Codex CLI missing. Install via `npm i -g @openai/codex` (or bun install) and restart."
+        case let .launchBlocked(message):
+            message
         case .parseFailed:
             "Could not parse Codex status; will retry shortly."
         case .timedOut:
@@ -53,26 +62,32 @@ public struct CodexStatusProbe {
     public var codexBinary: String = "codex"
     public var timeout: TimeInterval = Self.defaultTimeoutSeconds
     public var keepCLISessionsAlive: Bool = false
+    public var environment: [String: String] = ProcessInfo.processInfo.environment
 
     public init() {}
 
     public init(
         codexBinary: String = "codex",
         timeout: TimeInterval = 8.0,
-        keepCLISessionsAlive: Bool = false)
+        keepCLISessionsAlive: Bool = false,
+        environment: [String: String] = ProcessInfo.processInfo.environment)
     {
         self.codexBinary = codexBinary
         self.timeout = timeout
         self.keepCLISessionsAlive = keepCLISessionsAlive
+        self.environment = environment
     }
 
     public func fetch() async throws -> CodexStatusSnapshot {
-        let env = ProcessInfo.processInfo.environment
+        let env = self.environment
         let resolved = BinaryLocator.resolveCodexBinary(env: env, loginPATH: LoginShellPathCache.shared.current)
             ?? self.codexBinary
         guard FileManager.default.isExecutableFile(atPath: resolved) || TTYCommandRunner.which(resolved) != nil else {
             throw CodexStatusProbeError.codexNotInstalled
         }
+        if let message = CodexCLILaunchGate.shared.backgroundSkipMessage(binary: resolved) {
+            throw CodexStatusProbeError.launchBlocked(message)
+        }
         do {
             return try await self.runAndParse(binary: resolved, rows: 60, cols: 200, timeout: self.timeout)
         } catch let error as CodexStatusProbeError {
@@ -87,12 +102,14 @@ public struct CodexStatusProbe {
             default:
                 throw error
             }
+        } catch {
+            throw error
         }
     }
 
     // MARK: - Parsing
 
-    public static func parse(text: String) throws -> CodexStatusSnapshot {
+    public static func parse(text: String, now: Date = .init()) throws -> CodexStatusSnapshot {
         let clean = TextParsing.stripANSICodes(text)
         guard !clean.isEmpty else { throw CodexStatusProbeError.timedOut }
         if clean.localizedCaseInsensitiveContains("data not available yet") {
@@ -119,41 +136,121 @@ public struct CodexStatusProbe {
             weeklyPercentLeft: weekPct,
             fiveHourResetDescription: fiveReset,
             weeklyResetDescription: weekReset,
+            fiveHourResetsAt: self.parseResetDate(from: fiveReset, now: now),
+            weeklyResetsAt: self.parseResetDate(from: weekReset, now: now),
             rawText: clean)
     }
 
+    private static func parseResetDate(from text: String?, now: Date) -> Date? {
+        guard var raw = text?.trimmingCharacters(in: .whitespacesAndNewlines), !raw.isEmpty else { return nil }
+        raw = raw.trimmingCharacters(in: CharacterSet(charactersIn: "()"))
+        raw = raw.replacingOccurrences(of: #"\s+"#, with: " ", options: .regularExpression)
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+
+        let calendar = Calendar(identifier: .gregorian)
+        let formatter = DateFormatter()
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        formatter.timeZone = TimeZone.current
+        formatter.defaultDate = now
+
+        if let match = raw.firstMatch(of: /^([0-9]{1,2}:[0-9]{2}) on ([0-9]{1,2} [A-Za-z]{3})$/) {
+            raw = "\(match.output.2) \(match.output.1)"
+            formatter.dateFormat = "d MMM HH:mm"
+            if let date = formatter.date(from: raw) {
+                return self.bumpYearIfNeeded(date, now: now, calendar: calendar)
+            }
+        }
+
+        if let match = raw.firstMatch(of: /^([0-9]{1,2}:[0-9]{2}) on ([A-Za-z]{3} [0-9]{1,2})$/) {
+            raw = "\(match.output.2) \(match.output.1)"
+            formatter.dateFormat = "MMM d HH:mm"
+            if let date = formatter.date(from: raw) {
+                return self.bumpYearIfNeeded(date, now: now, calendar: calendar)
+            }
+        }
+
+        for format in ["HH:mm", "H:mm"] {
+            formatter.dateFormat = format
+            if let time = formatter.date(from: raw) {
+                let components = calendar.dateComponents([.hour, .minute], from: time)
+                guard let anchored = calendar.date(
+                    bySettingHour: components.hour ?? 0,
+                    minute: components.minute ?? 0,
+                    second: 0,
+                    of: now)
+                else {
+                    return nil
+                }
+                if anchored >= now {
+                    return anchored
+                }
+                return calendar.date(byAdding: .day, value: 1, to: anchored)
+            }
+        }
+
+        return nil
+    }
+
+    private static func bumpYearIfNeeded(_ date: Date, now: Date, calendar: Calendar) -> Date? {
+        if date >= now {
+            return date
+        }
+        return calendar.date(byAdding: .year, value: 1, to: date)
+    }
+
     private func runAndParse(
         binary: String,
         rows: UInt16,
         cols: UInt16,
         timeout: TimeInterval) async throws -> CodexStatusSnapshot
     {
+        let stateHome = try CodexStatusProbeIsolation.supportDirectory(environment: self.environment)
+        let extraArgs = CodexStatusProbeIsolation.codexArguments(stateHome: stateHome)
+        let workingDirectory = CodexStatusProbeIsolation.workingDirectory(environment: self.environment)
         let text: String
         if self.keepCLISessionsAlive {
             do {
                 text = try await CodexCLISession.shared.captureStatus(
                     binary: binary,
-                    timeout: timeout,
-                    rows: rows,
-                    cols: cols)
+                    options: .init(
+                        timeout: timeout,
+                        rows: rows,
+                        cols: cols,
+                        environment: self.environment,
+                        extraArgs: extraArgs,
+                        workingDirectory: workingDirectory))
             } catch CodexCLISession.SessionError.processExited {
                 throw CodexStatusProbeError.timedOut
             } catch CodexCLISession.SessionError.timedOut {
                 throw CodexStatusProbeError.timedOut
-            } catch CodexCLISession.SessionError.launchFailed(_) {
+            } catch let CodexCLISession.SessionError.launchFailed(message) {
+                if let throttled = CodexCLILaunchGate.shared.recordLaunchFailure(binary: binary, message: message) {
+                    throw CodexStatusProbeError.launchBlocked(throttled)
+                }
                 throw CodexStatusProbeError.codexNotInstalled
             }
         } else {
             let runner = TTYCommandRunner()
-            let script = "/status\n"
-            let result = try runner.run(
-                binary: binary,
-                send: script,
-                options: .init(
-                    rows: rows,
-                    cols: cols,
-                    timeout: timeout,
-                    extraArgs: ["-s", "read-only", "-a", "untrusted"]))
+            let script = "/status"
+            let result: TTYCommandRunner.Result
+            do {
+                result = try runner.run(
+                    binary: binary,
+                    send: script,
+                    options: .init(
+                        rows: rows,
+                        cols: cols,
+                        timeout: timeout,
+                        workingDirectory: workingDirectory,
+                        extraArgs: extraArgs,
+                        baseEnvironment: self.environment,
+                        forceCodexStatusMode: true))
+            } catch let TTYCommandRunner.Error.launchFailed(message) {
+                if let throttled = CodexCLILaunchGate.shared.recordLaunchFailure(binary: binary, message: message) {
+                    throw CodexStatusProbeError.launchBlocked(throttled)
+                }
+                throw CodexStatusProbeError.codexNotInstalled
+            }
             text = result.text
         }
         return try Self.parse(text: text)
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexStatusProbeIsolation.swift b/Sources/CodexBarCore/Providers/Codex/CodexStatusProbeIsolation.swift
new file mode 100644
index 000000000..2401122e4
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codex/CodexStatusProbeIsolation.swift
@@ -0,0 +1,46 @@
+import Foundation
+
+enum CodexStatusProbeIsolation {
+    static func supportDirectory(environment: [String: String]) throws -> URL {
+        let baseURL: URL = if let tmp = environment["TMPDIR"]?.trimmingCharacters(in: .whitespacesAndNewlines),
+                              !tmp.isEmpty
+        {
+            URL(fileURLWithPath: tmp, isDirectory: true)
+        } else {
+            FileManager.default.temporaryDirectory
+        }
+
+        let directory = baseURL
+            .appendingPathComponent("CodexBar", isDirectory: true)
+            .appendingPathComponent("CodexStatusProbe", isDirectory: true)
+        try FileManager.default.createDirectory(at: directory, withIntermediateDirectories: true)
+        return directory
+    }
+
+    static func workingDirectory(environment: [String: String]) -> URL? {
+        let home = environment["HOME"]?.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard let home, !home.isEmpty else { return nil }
+        return URL(fileURLWithPath: home, isDirectory: true)
+    }
+
+    static func codexArguments(stateHome: URL) -> [String] {
+        [
+            "-s",
+            "read-only",
+            "-a",
+            "untrusted",
+            "-c",
+            "history.persistence=\"none\"",
+            "-c",
+            "experimental_thread_store={type=\"in_memory\",id=\"codexbar-status\"}",
+            "-c",
+            "sqlite_home=\"\(self.tomlEscaped(stateHome.path))\"",
+        ]
+    }
+
+    private static func tomlEscaped(_ value: String) -> String {
+        value
+            .replacingOccurrences(of: "\\", with: "\\\\")
+            .replacingOccurrences(of: "\"", with: "\\\"")
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexSystemAccountObserver.swift b/Sources/CodexBarCore/Providers/Codex/CodexSystemAccountObserver.swift
new file mode 100644
index 000000000..5b6620973
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codex/CodexSystemAccountObserver.swift
@@ -0,0 +1,69 @@
+import Foundation
+
+public struct ObservedSystemCodexAccount: Equatable, Sendable {
+    public let email: String
+    public let workspaceLabel: String?
+    public let workspaceAccountID: String?
+    public let authFingerprint: String?
+    public let codexHomePath: String
+    public let observedAt: Date
+    public let identity: CodexIdentity
+
+    public init(
+        email: String,
+        workspaceLabel: String? = nil,
+        workspaceAccountID: String? = nil,
+        authFingerprint: String? = nil,
+        codexHomePath: String,
+        observedAt: Date,
+        identity: CodexIdentity = .unresolved)
+    {
+        self.email = email
+        self.workspaceLabel = workspaceLabel
+        self.workspaceAccountID = workspaceAccountID
+        self.authFingerprint = CodexAuthFingerprint.normalize(authFingerprint)
+        self.codexHomePath = codexHomePath
+        self.observedAt = observedAt
+        self.identity = identity
+    }
+}
+
+public protocol CodexSystemAccountObserving: Sendable {
+    func loadSystemAccount(environment: [String: String]) throws -> ObservedSystemCodexAccount?
+}
+
+public struct DefaultCodexSystemAccountObserver: CodexSystemAccountObserving {
+    private let workspaceCache: CodexOpenAIWorkspaceIdentityCache
+
+    public init(workspaceCache: CodexOpenAIWorkspaceIdentityCache = CodexOpenAIWorkspaceIdentityCache()) {
+        self.workspaceCache = workspaceCache
+    }
+
+    public func loadSystemAccount(environment: [String: String]) throws -> ObservedSystemCodexAccount? {
+        let homeURL = CodexHomeScope.ambientHomeURL(env: environment)
+        let fetcher = UsageFetcher(environment: environment)
+        let account = fetcher.loadAuthBackedCodexAccount()
+
+        guard let rawEmail = account.email?.trimmingCharacters(in: .whitespacesAndNewlines),
+              !rawEmail.isEmpty
+        else {
+            return nil
+        }
+
+        let providerAccountID: String? = switch account.identity {
+        case let .providerAccount(id):
+            ManagedCodexAccount.normalizeProviderAccountID(id)
+        case .emailOnly, .unresolved:
+            nil
+        }
+
+        return ObservedSystemCodexAccount(
+            email: rawEmail.lowercased(),
+            workspaceLabel: self.workspaceCache.workspaceLabel(for: providerAccountID),
+            workspaceAccountID: providerAccountID,
+            authFingerprint: CodexAuthFingerprint.fingerprint(homePath: homeURL.path),
+            codexHomePath: homeURL.path,
+            observedAt: Date(),
+            identity: account.identity)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexVisibleAccountProjection.swift b/Sources/CodexBarCore/Providers/Codex/CodexVisibleAccountProjection.swift
new file mode 100644
index 000000000..7d9965f64
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Codex/CodexVisibleAccountProjection.swift
@@ -0,0 +1,251 @@
+import Foundation
+
+public struct CodexVisibleAccount: Equatable, Identifiable, Sendable {
+    public let id: String
+    public let email: String
+    public let workspaceLabel: String?
+    public let workspaceAccountID: String?
+    public let authFingerprint: String?
+    public let storedAccountID: UUID?
+    public let selectionSource: CodexActiveSource
+    public let isActive: Bool
+    public let isLive: Bool
+    public let canReauthenticate: Bool
+    public let canRemove: Bool
+
+    public init(
+        id: String,
+        email: String,
+        workspaceLabel: String? = nil,
+        workspaceAccountID: String? = nil,
+        authFingerprint: String? = nil,
+        storedAccountID: UUID?,
+        selectionSource: CodexActiveSource,
+        isActive: Bool,
+        isLive: Bool,
+        canReauthenticate: Bool,
+        canRemove: Bool)
+    {
+        self.id = id
+        self.email = email
+        self.workspaceLabel = Self.normalizeWorkspaceLabel(workspaceLabel)
+        self.workspaceAccountID = workspaceAccountID
+        self.authFingerprint = CodexAuthFingerprint.normalize(authFingerprint)
+        self.storedAccountID = storedAccountID
+        self.selectionSource = selectionSource
+        self.isActive = isActive
+        self.isLive = isLive
+        self.canReauthenticate = canReauthenticate
+        self.canRemove = canRemove
+    }
+
+    public var displayName: String {
+        guard let workspaceLabel else { return self.email }
+        return "\(self.email) — \(workspaceLabel)"
+    }
+
+    public var menuDisplayName: String {
+        guard let menuWorkspaceLabel else { return self.email }
+        return "\(self.email) — \(menuWorkspaceLabel)"
+    }
+
+    public var menuWorkspaceLabel: String? {
+        guard let workspaceLabel, workspaceLabel.compare("Personal", options: [.caseInsensitive]) != .orderedSame else {
+            return nil
+        }
+        return workspaceLabel
+    }
+
+    public var authenticationHealthLabel: String? {
+        guard !self.isLive, self.storedAccountID != nil, self.authFingerprint == nil else { return nil }
+        return "Missing auth"
+    }
+
+    private static func normalizeWorkspaceLabel(_ workspaceLabel: String?) -> String? {
+        guard let trimmed = workspaceLabel?.trimmingCharacters(in: .whitespacesAndNewlines), !trimmed.isEmpty else {
+            return nil
+        }
+        return trimmed
+    }
+}
+
+public struct CodexVisibleAccountProjection: Equatable, Sendable {
+    public let visibleAccounts: [CodexVisibleAccount]
+    public let activeVisibleAccountID: String?
+    public let liveVisibleAccountID: String?
+    public let hasUnreadableAddedAccountStore: Bool
+
+    public init(
+        visibleAccounts: [CodexVisibleAccount],
+        activeVisibleAccountID: String?,
+        liveVisibleAccountID: String?,
+        hasUnreadableAddedAccountStore: Bool)
+    {
+        self.visibleAccounts = visibleAccounts
+        self.activeVisibleAccountID = activeVisibleAccountID
+        self.liveVisibleAccountID = liveVisibleAccountID
+        self.hasUnreadableAddedAccountStore = hasUnreadableAddedAccountStore
+    }
+
+    public func source(forVisibleAccountID id: String) -> CodexActiveSource? {
+        self.visibleAccounts.first { $0.id == id }?.selectionSource
+    }
+}
+
+extension DefaultCodexAccountReconciler {
+    public func loadVisibleAccounts() -> CodexVisibleAccountProjection {
+        CodexVisibleAccountProjection.make(from: self.loadSnapshot())
+    }
+}
+
+extension CodexVisibleAccountProjection {
+    public static func make(from snapshot: CodexAccountReconciliationSnapshot) -> CodexVisibleAccountProjection {
+        let resolvedActiveSource = CodexActiveSourceResolver.resolve(from: snapshot).resolvedSource
+        var drafts: [VisibleAccountDraft] = []
+
+        for storedAccount in snapshot.storedAccounts {
+            let normalizedEmail = snapshot.runtimeEmail(for: storedAccount)
+            drafts.append(VisibleAccountDraft(
+                email: normalizedEmail,
+                workspaceLabel: Self.normalizeWorkspaceLabel(storedAccount.workspaceLabel),
+                workspaceAccountID: storedAccount.workspaceAccountID,
+                authFingerprint: storedAccount.authFingerprint,
+                storedAccountID: storedAccount.id,
+                selectionSource: .managedAccount(id: storedAccount.id),
+                isLive: false,
+                canReauthenticate: true,
+                canRemove: true,
+                identity: snapshot.runtimeIdentity(for: storedAccount)))
+        }
+
+        if let liveSystemAccount = snapshot.liveSystemAccount {
+            let normalizedEmail = Self.normalizeVisibleEmail(liveSystemAccount.email)
+            let liveIdentity = snapshot.runtimeIdentity(for: liveSystemAccount)
+            if let exactStoredAccountID = snapshot.matchingStoredAccountForLiveSystemAccount?.id,
+               let exactIndex = drafts.firstIndex(where: { $0.storedAccountID == exactStoredAccountID })
+            {
+                let existingDraft = drafts[exactIndex]
+                let liveWorkspaceLabel = Self.normalizeWorkspaceLabel(liveSystemAccount.workspaceLabel)
+                drafts[exactIndex] = VisibleAccountDraft(
+                    email: existingDraft.email,
+                    workspaceLabel: liveWorkspaceLabel ?? existingDraft.workspaceLabel,
+                    workspaceAccountID: liveSystemAccount.workspaceAccountID ?? existingDraft.workspaceAccountID,
+                    authFingerprint: liveSystemAccount.authFingerprint ?? existingDraft.authFingerprint,
+                    storedAccountID: existingDraft.storedAccountID,
+                    selectionSource: .liveSystem,
+                    isLive: true,
+                    canReauthenticate: existingDraft.canReauthenticate,
+                    canRemove: existingDraft.canRemove,
+                    identity: liveIdentity)
+            } else if let existingIndex = drafts.firstIndex(where: { draft in
+                CodexIdentityMatcher.matches(
+                    draft.identity,
+                    lhsEmail: draft.email,
+                    liveIdentity,
+                    rhsEmail: normalizedEmail)
+            }) {
+                let existingDraft = drafts[existingIndex]
+                let liveWorkspaceLabel = Self.normalizeWorkspaceLabel(liveSystemAccount.workspaceLabel)
+                drafts[existingIndex] = VisibleAccountDraft(
+                    email: existingDraft.email,
+                    workspaceLabel: liveWorkspaceLabel ?? existingDraft.workspaceLabel,
+                    workspaceAccountID: liveSystemAccount.workspaceAccountID ?? existingDraft.workspaceAccountID,
+                    authFingerprint: liveSystemAccount.authFingerprint ?? existingDraft.authFingerprint,
+                    storedAccountID: existingDraft.storedAccountID,
+                    selectionSource: .liveSystem,
+                    isLive: true,
+                    canReauthenticate: existingDraft.canReauthenticate,
+                    canRemove: existingDraft.canRemove,
+                    identity: liveIdentity)
+            } else {
+                drafts.append(VisibleAccountDraft(
+                    email: normalizedEmail,
+                    workspaceLabel: Self.normalizeWorkspaceLabel(liveSystemAccount.workspaceLabel),
+                    workspaceAccountID: liveSystemAccount.workspaceAccountID,
+                    authFingerprint: liveSystemAccount.authFingerprint,
+                    storedAccountID: nil,
+                    selectionSource: .liveSystem,
+                    isLive: true,
+                    canReauthenticate: true,
+                    canRemove: false,
+                    identity: liveIdentity))
+            }
+        }
+
+        let groupedByEmail = Dictionary(grouping: drafts.indices, by: { drafts[$0].email })
+        let visibleAccounts = drafts.map { draft in
+            let id = Self.visibleAccountID(for: draft, emailGroupSize: groupedByEmail[draft.email]?.count ?? 0)
+            let isActive = switch resolvedActiveSource {
+            case .liveSystem:
+                draft.selectionSource == .liveSystem
+            case let .managedAccount(id):
+                draft.selectionSource == .managedAccount(id: id)
+            }
+
+            return CodexVisibleAccount(
+                id: id,
+                email: draft.email,
+                workspaceLabel: draft.workspaceLabel,
+                workspaceAccountID: draft.workspaceAccountID,
+                authFingerprint: draft.authFingerprint,
+                storedAccountID: draft.storedAccountID,
+                selectionSource: draft.selectionSource,
+                isActive: isActive,
+                isLive: draft.isLive,
+                canReauthenticate: draft.canReauthenticate,
+                canRemove: draft.canRemove)
+        }.sorted { lhs, rhs in
+            if lhs.email != rhs.email {
+                return lhs.email < rhs.email
+            }
+            if lhs.isLive != rhs.isLive {
+                return lhs.isLive && !rhs.isLive
+            }
+            if lhs.displayName != rhs.displayName {
+                return lhs.displayName < rhs.displayName
+            }
+            return lhs.id < rhs.id
+        }
+
+        return CodexVisibleAccountProjection(
+            visibleAccounts: visibleAccounts,
+            activeVisibleAccountID: visibleAccounts.first { $0.isActive }?.id,
+            liveVisibleAccountID: visibleAccounts.first { $0.isLive }?.id,
+            hasUnreadableAddedAccountStore: snapshot.hasUnreadableAddedAccountStore)
+    }
+
+    private static func normalizeVisibleEmail(_ email: String) -> String {
+        email.trimmingCharacters(in: .whitespacesAndNewlines).lowercased()
+    }
+
+    private static func normalizeWorkspaceLabel(_ workspaceLabel: String?) -> String? {
+        guard let trimmed = workspaceLabel?.trimmingCharacters(in: .whitespacesAndNewlines), !trimmed.isEmpty else {
+            return nil
+        }
+        return trimmed
+    }
+
+    private static func visibleAccountID(for draft: VisibleAccountDraft, emailGroupSize: Int) -> String {
+        guard emailGroupSize > 1 else { return draft.email }
+
+        switch draft.selectionSource {
+        case .liveSystem:
+            return "live:\(CodexIdentityMatcher.selectionKey(for: draft.identity, fallbackEmail: draft.email))"
+        case let .managedAccount(id):
+            return "managed:\(id.uuidString.lowercased())"
+        }
+    }
+}
+
+private struct VisibleAccountDraft {
+    let email: String
+    let workspaceLabel: String?
+    let workspaceAccountID: String?
+    let authFingerprint: String?
+    let storedAccountID: UUID?
+    let selectionSource: CodexActiveSource
+    let isLive: Bool
+    let canReauthenticate: Bool
+    let canRemove: Bool
+    let identity: CodexIdentity
+}
diff --git a/Sources/CodexBarCore/Providers/Codex/CodexWebDashboardStrategy.swift b/Sources/CodexBarCore/Providers/Codex/CodexWebDashboardStrategy.swift
index b1c8e91c8..b613a54e4 100644
--- a/Sources/CodexBarCore/Providers/Codex/CodexWebDashboardStrategy.swift
+++ b/Sources/CodexBarCore/Providers/Codex/CodexWebDashboardStrategy.swift
@@ -9,24 +9,34 @@ public struct CodexWebDashboardStrategy: ProviderFetchStrategy {
     public init() {}
 
     public func isAvailable(_ context: ProviderFetchContext) async -> Bool {
-        context.sourceMode.usesWeb
+        context.sourceMode.usesWeb &&
+            !Self.managedAccountStoreIsUnreadable(context) &&
+            !Self.managedAccountTargetIsUnavailable(context)
     }
 
     public func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard !Self.managedAccountStoreIsUnreadable(context) else {
+            // A fail-closed placeholder CODEX_HOME does not identify a target account. If the managed store
+            // itself is unreadable, web import must not fall back to "any signed-in browser account".
+            throw OpenAIDashboardFetcher.FetchError.loginRequired
+        }
+        guard !Self.managedAccountTargetIsUnavailable(context) else {
+            // If the selected managed account no longer exists in a readable store, web import must not
+            // fall back to "any signed-in browser account" for that stale selection.
+            throw OpenAIDashboardFetcher.FetchError.loginRequired
+        }
+
         // Ensure AppKit is initialized before using WebKit in a CLI.
         await MainActor.run {
             _ = NSApplication.shared
         }
 
-        let accountEmail = context.fetcher.loadAccountInfo().email?
-            .trimmingCharacters(in: .whitespacesAndNewlines)
         let options = OpenAIWebOptions(
             timeout: context.webTimeout,
             debugDumpHTML: context.webDebugDumpHTML,
             verbose: context.verbose)
         let result = try await Self.fetchOpenAIWebCodex(
-            accountEmail: accountEmail,
-            fetcher: context.fetcher,
+            context: context,
             options: options,
             browserDetection: context.browserDetection)
         return self.makeResult(
@@ -37,30 +47,66 @@ public struct CodexWebDashboardStrategy: ProviderFetchStrategy {
     }
 
     public func shouldFallback(on error: Error, context: ProviderFetchContext) -> Bool {
-        guard context.sourceMode == .auto else { return false }
         _ = error
-        return true
+        return context.sourceMode == .auto
+    }
+
+    private static func managedAccountStoreIsUnreadable(_ context: ProviderFetchContext) -> Bool {
+        context.settings?.codex?.managedAccountStoreUnreadable == true
+    }
+
+    private static func managedAccountTargetIsUnavailable(_ context: ProviderFetchContext) -> Bool {
+        context.settings?.codex?.managedAccountTargetUnavailable == true
     }
 }
 
-private struct OpenAIWebCodexResult: Sendable {
+struct OpenAIWebCodexResult {
     let usage: UsageSnapshot
     let credits: CreditsSnapshot?
     let dashboard: OpenAIDashboardSnapshot
 }
 
-private enum OpenAIWebCodexError: LocalizedError {
+enum OpenAIWebCodexError: LocalizedError, Equatable {
     case missingUsage
+    case policyRejected(CodexDashboardAuthorityDecision)
 
     var errorDescription: String? {
         switch self {
         case .missingUsage:
-            "OpenAI web dashboard did not include usage limits."
+            return "OpenAI web dashboard did not include usage limits."
+        case let .policyRejected(decision):
+            switch decision.reason {
+            case let .wrongEmail(expected, actual):
+                var details: [String] = []
+                if let expected {
+                    details.append("expected \(expected)")
+                }
+                if let actual {
+                    details.append("got \(actual)")
+                }
+                if details.isEmpty {
+                    return "OpenAI web dashboard belonged to the wrong account."
+                }
+                return "OpenAI web dashboard belonged to the wrong account (\(details.joined(separator: ", ")))."
+            case .unresolvedWithoutTrustedEvidence:
+                return "Active Codex identity is unresolved and no trusted auth-backed continuity exists."
+            case .providerAccountMissingScopedEmail:
+                return "Active Codex provider account is missing its scoped email, " +
+                    "so dashboard ownership cannot be proven."
+            case .providerAccountLacksExactOwnershipProof:
+                return "OpenAI web dashboard could not be proven to belong to the active provider account."
+            case .missingDashboardSignedInEmail:
+                return "OpenAI web dashboard did not expose a signed-in email."
+            case let .sameEmailAmbiguity(email):
+                return "OpenAI web dashboard email \(email) is ambiguous across multiple known owners."
+            default:
+                return "OpenAI web dashboard was rejected by Codex dashboard authority."
+            }
         }
     }
 }
 
-private struct OpenAIWebOptions: Sendable {
+private struct OpenAIWebOptions {
     let timeout: TimeInterval
     let debugDumpHTML: Bool
     let verbose: Bool
@@ -96,8 +142,7 @@ private final class WebLogBuffer {
 extension CodexWebDashboardStrategy {
     @MainActor
     fileprivate static func fetchOpenAIWebCodex(
-        accountEmail: String?,
-        fetcher: UsageFetcher,
+        context: ProviderFetchContext,
         options: OpenAIWebOptions,
         browserDetection: BrowserDetection) async throws -> OpenAIWebCodexResult
     {
@@ -105,47 +150,130 @@ extension CodexWebDashboardStrategy {
         let log: @MainActor (String) -> Void = { line in
             logger.append(line)
         }
-        let dashboard = try await Self.fetchOpenAIWebDashboard(
-            accountEmail: accountEmail,
-            fetcher: fetcher,
-            options: options,
-            browserDetection: browserDetection,
-            logger: log)
-        guard let usage = dashboard.toUsageSnapshot(provider: .codex, accountEmail: accountEmail) else {
-            throw OpenAIWebCodexError.missingUsage
+        do {
+            let result = try await Self.fetchOpenAIWebDashboard(
+                context: context,
+                options: options,
+                browserDetection: browserDetection,
+                preferCachedCookieHeader: true,
+                logger: log)
+            return try Self.makeAuthorizedDashboardResult(
+                dashboard: result.dashboard,
+                context: context,
+                routingTargetEmail: result.routingTargetEmail)
+        } catch {
+            guard Self.shouldRetryWithFreshBrowserImport(after: error) else {
+                throw error
+            }
+            log("Retrying OpenAI web dashboard with a fresh browser cookie import.")
+            let result = try await Self.fetchOpenAIWebDashboard(
+                context: context,
+                options: options,
+                browserDetection: browserDetection,
+                preferCachedCookieHeader: false,
+                logger: log)
+            return try Self.makeAuthorizedDashboardResult(
+                dashboard: result.dashboard,
+                context: context,
+                routingTargetEmail: result.routingTargetEmail)
+        }
+    }
+
+    nonisolated static func shouldRetryWithFreshBrowserImport(after error: Error) -> Bool {
+        if error is OpenAIWebCodexError {
+            return error as? OpenAIWebCodexError == .missingUsage
+        }
+        if case OpenAIDashboardFetcher.FetchError.noDashboardData = error {
+            return true
         }
-        let credits = dashboard.toCreditsSnapshot()
-        return OpenAIWebCodexResult(usage: usage, credits: credits, dashboard: dashboard)
+        return false
     }
 
     @MainActor
-    fileprivate static func fetchOpenAIWebDashboard(
-        accountEmail: String?,
-        fetcher: UsageFetcher,
+    static func makeAuthorizedDashboardResultForTesting(
+        dashboard: OpenAIDashboardSnapshot,
+        context: ProviderFetchContext,
+        routingTargetEmail: String?)
+        throws -> OpenAIWebCodexResult
+    {
+        try self.makeAuthorizedDashboardResult(
+            dashboard: dashboard,
+            context: context,
+            routingTargetEmail: routingTargetEmail)
+    }
+
+    @MainActor
+    private static func makeAuthorizedDashboardResult(
+        dashboard: OpenAIDashboardSnapshot,
+        context: ProviderFetchContext,
+        routingTargetEmail: String?) throws -> OpenAIWebCodexResult
+    {
+        let input = CodexCLIDashboardAuthorityContext.makeLiveWebInput(
+            dashboard: dashboard,
+            context: context,
+            routingTargetEmail: routingTargetEmail)
+        let decision = CodexDashboardAuthority.evaluate(input)
+
+        switch decision.disposition {
+        case .attach:
+            let attachedAccountEmail = CodexCLIDashboardAuthorityContext.attachmentEmail(from: input)
+            guard let usage = dashboard.toUsageSnapshot(provider: .codex, accountEmail: attachedAccountEmail) else {
+                throw OpenAIWebCodexError.missingUsage
+            }
+            let credits = dashboard.toCreditsSnapshot()
+            if let attachedAccountEmail {
+                OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+                    accountEmail: attachedAccountEmail,
+                    snapshot: dashboard))
+            }
+            return OpenAIWebCodexResult(usage: usage, credits: credits, dashboard: dashboard)
+        case .displayOnly:
+            if decision.cleanup.contains(.dashboardCache) {
+                OpenAIDashboardCacheStore.clear()
+            }
+            throw CodexDashboardPolicyError.displayOnly(decision)
+        case .failClosed:
+            if decision.cleanup.contains(.dashboardCache) {
+                OpenAIDashboardCacheStore.clear()
+            }
+            throw OpenAIWebCodexError.policyRejected(decision)
+        }
+    }
+
+    private struct OpenAIWebDashboardFetchResult {
+        let dashboard: OpenAIDashboardSnapshot
+        let routingTargetEmail: String?
+    }
+
+    @MainActor
+    private static func fetchOpenAIWebDashboard(
+        context: ProviderFetchContext,
         options: OpenAIWebOptions,
         browserDetection: BrowserDetection,
-        logger: @MainActor @escaping (String) -> Void) async throws -> OpenAIDashboardSnapshot
+        preferCachedCookieHeader: Bool,
+        logger: @MainActor @escaping (String) -> Void) async throws -> OpenAIWebDashboardFetchResult
     {
-        let trimmed = accountEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
-        let fallback = fetcher.loadAccountInfo().email?.trimmingCharacters(in: .whitespacesAndNewlines)
-        let codexEmail = trimmed?.isEmpty == false ? trimmed : (fallback?.isEmpty == false ? fallback : nil)
-        let allowAnyAccount = codexEmail == nil
+        let auth = context.fetcher.loadAuthBackedCodexAccount()
+        let routingTargetEmail = auth.email?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let allowAnyAccount = routingTargetEmail == nil
 
         let importResult = try await OpenAIDashboardBrowserCookieImporter(browserDetection: browserDetection)
-            .importBestCookies(intoAccountEmail: codexEmail, allowAnyAccount: allowAnyAccount, logger: logger)
-        let effectiveEmail = codexEmail ?? importResult.signedInEmail?
+            .importBestCookies(
+                intoAccountEmail: routingTargetEmail,
+                allowAnyAccount: allowAnyAccount,
+                preferCachedCookieHeader: preferCachedCookieHeader,
+                logger: logger)
+        let effectiveEmail = routingTargetEmail ?? importResult.signedInEmail?
             .trimmingCharacters(in: .whitespacesAndNewlines)
 
-        let dash = try await OpenAIDashboardFetcher().loadLatestDashboard(
+        let dashboard = try await OpenAIDashboardFetcher().loadLatestDashboard(
             accountEmail: effectiveEmail,
             logger: logger,
             debugDumpHTML: options.debugDumpHTML,
             timeout: options.timeout)
-        let cacheEmail = effectiveEmail ?? dash.signedInEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
-        if let cacheEmail, !cacheEmail.isEmpty {
-            OpenAIDashboardCacheStore.save(OpenAIDashboardCache(accountEmail: cacheEmail, snapshot: dash))
-        }
-        return dash
+        return OpenAIWebDashboardFetchResult(
+            dashboard: dashboard,
+            routingTargetEmail: routingTargetEmail)
     }
 }
 #else
diff --git a/Sources/CodexBarCore/Providers/CommandCode/CommandCodeCookieHeader.swift b/Sources/CodexBarCore/Providers/CommandCode/CommandCodeCookieHeader.swift
new file mode 100644
index 000000000..f5835c80b
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/CommandCode/CommandCodeCookieHeader.swift
@@ -0,0 +1,85 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+/// A resolved CommandCode session cookie ready to be sent on `Cookie:` headers.
+///
+/// CommandCode's API (api.commandcode.ai) authenticates with the better-auth session
+/// cookie set by commandcode.ai. better-auth emits either `better-auth.session_token`
+/// or `__Secure-better-auth.session_token` depending on whether `useSecureCookies` is
+/// enabled (the `__Secure-` variant is required by browsers for HTTPS production).
+public struct CommandCodeCookieOverride: Sendable, Equatable {
+    public let name: String
+    public let token: String
+
+    public init(name: String, token: String) {
+        self.name = name
+        self.token = token
+    }
+
+    /// `Cookie: name=value` header value.
+    public var headerValue: String {
+        "\(self.name)=\(self.token)"
+    }
+}
+
+public enum CommandCodeCookieHeader {
+    /// Cookie names used by better-auth in production (HTTPS) and dev (HTTP).
+    /// The `__Secure-` variant is the standard production deployment.
+    public static let supportedSessionCookieNames = [
+        "__Host-better-auth.session_token",
+        "__Secure-better-auth.session_token",
+        "better-auth.session_token",
+    ]
+
+    /// Extract a session cookie from a list of `HTTPCookie` records.
+    public static func sessionCookie(from cookies: [HTTPCookie]) -> CommandCodeCookieOverride? {
+        let pairs = cookies.map { (name: $0.name, value: $0.value) }
+        return self.extractSessionCookie(from: pairs)
+    }
+
+    /// Parse a raw `Cookie:` header (or bare token) and extract the session value.
+    public static func override(from raw: String?) -> CommandCodeCookieOverride? {
+        guard let raw = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !raw.isEmpty else {
+            return nil
+        }
+
+        // Bare token — assume the production cookie name.
+        if !raw.contains("="), !raw.contains(";") {
+            return CommandCodeCookieOverride(
+                name: "__Secure-better-auth.session_token",
+                token: raw)
+        }
+
+        return self.extractSessionCookie(fromHeader: raw)
+    }
+
+    private static func extractSessionCookie(fromHeader header: String) -> CommandCodeCookieOverride? {
+        var pairs: [(name: String, value: String)] = []
+        for chunk in header.split(separator: ";") {
+            let trimmed = chunk.trimmingCharacters(in: .whitespacesAndNewlines)
+            guard let separator = trimmed.firstIndex(of: "=") else { continue }
+            let key = String(trimmed[..<separator]).trimmingCharacters(in: .whitespacesAndNewlines)
+            let value = String(trimmed[trimmed.index(after: separator)...])
+                .trimmingCharacters(in: .whitespacesAndNewlines)
+            guard !key.isEmpty, !value.isEmpty else { continue }
+            pairs.append((name: key, value: value))
+        }
+        return self.extractSessionCookie(from: pairs)
+    }
+
+    private static func extractSessionCookie(from pairs: [(name: String, value: String)])
+    -> CommandCodeCookieOverride? {
+        var byLowerName: [String: (name: String, value: String)] = [:]
+        for pair in pairs {
+            byLowerName[pair.name.lowercased()] = pair
+        }
+        for expected in self.supportedSessionCookieNames {
+            if let match = byLowerName[expected.lowercased()] {
+                return CommandCodeCookieOverride(name: match.name, token: match.value)
+            }
+        }
+        return nil
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/CommandCode/CommandCodeCookieImporter.swift b/Sources/CodexBarCore/Providers/CommandCode/CommandCodeCookieImporter.swift
new file mode 100644
index 000000000..3db2c5293
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/CommandCode/CommandCodeCookieImporter.swift
@@ -0,0 +1,230 @@
+import Foundation
+
+#if os(macOS)
+import SweetCookieKit
+
+/// Imports CommandCode session cookies from installed browsers (Chrome by default).
+public enum CommandCodeCookieImporter {
+    private static let importSessionCacheTTL: TimeInterval = 5
+    private static let importSessionCache = ImportSessionCache(ttl: importSessionCacheTTL)
+    private static let log = CodexBarLog.logger(LogCategories.commandcodeCookie)
+    private static let cookieClient = BrowserCookieClient()
+    private static let cookieDomains = ["commandcode.ai", "www.commandcode.ai"]
+    private static let cookieImportOrder: BrowserCookieImportOrder =
+        ProviderDefaults.metadata[.commandcode]?.browserCookieOrder ?? Browser.defaultImportOrder
+
+    public struct SessionInfo: Sendable {
+        public let cookies: [HTTPCookie]
+        public let sourceLabel: String
+
+        public init(cookies: [HTTPCookie], sourceLabel: String) {
+            self.cookies = cookies
+            self.sourceLabel = sourceLabel
+        }
+
+        public var sessionCookie: CommandCodeCookieOverride? {
+            CommandCodeCookieHeader.sessionCookie(from: self.cookies)
+        }
+
+        public var cookieHeader: String {
+            self.cookies.map { "\($0.name)=\($0.value)" }.joined(separator: "; ")
+        }
+    }
+
+    public static func importSessions(
+        browserDetection: BrowserDetection = BrowserDetection(),
+        logger: ((String) -> Void)? = nil) throws -> [SessionInfo]
+    {
+        if let cached = self.cachedImportSessions() {
+            return cached
+        }
+
+        var sessions: [SessionInfo] = []
+        let candidates = self.cookieImportOrder.cookieImportCandidates(using: browserDetection)
+        for browserSource in candidates {
+            do {
+                let perSource = try self.importSessions(from: browserSource, logger: logger)
+                sessions.append(contentsOf: perSource)
+            } catch {
+                BrowserCookieAccessGate.recordIfNeeded(error)
+                self.emit(
+                    "\(browserSource.displayName) cookie import failed: \(error.localizedDescription)",
+                    logger: logger)
+            }
+        }
+
+        guard !sessions.isEmpty else {
+            throw CommandCodeCookieImportError.noCookies
+        }
+        self.storeImportSessions(sessions)
+        return sessions
+    }
+
+    public static func importSessions(
+        from browserSource: Browser,
+        logger: ((String) -> Void)? = nil) throws -> [SessionInfo]
+    {
+        let query = BrowserCookieQuery(domains: self.cookieDomains)
+        let log: (String) -> Void = { msg in self.emit(msg, logger: logger) }
+        let sources = try Self.cookieClient.codexBarRecords(
+            matching: query,
+            in: browserSource,
+            logger: log)
+
+        var sessions: [SessionInfo] = []
+        let grouped = Dictionary(grouping: sources, by: { $0.store.profile.id })
+        let sortedGroups = grouped.values.sorted { lhs, rhs in
+            self.mergedLabel(for: lhs) < self.mergedLabel(for: rhs)
+        }
+
+        for group in sortedGroups where !group.isEmpty {
+            let label = self.mergedLabel(for: group)
+            let mergedRecords = self.mergeRecords(group)
+            guard !mergedRecords.isEmpty else { continue }
+            let httpCookies = BrowserCookieClient.makeHTTPCookies(mergedRecords, origin: query.origin)
+            guard !httpCookies.isEmpty else { continue }
+
+            let session = SessionInfo(cookies: httpCookies, sourceLabel: label)
+            if let sessionCookie = session.sessionCookie {
+                log("Found \(sessionCookie.name) cookie in \(label)")
+            } else {
+                let names = httpCookies.map(\.name).joined(separator: ", ")
+                log("No known session name in \(label); sending all domain cookies (\(names))")
+            }
+            sessions.append(session)
+        }
+        return sessions
+    }
+
+    public static func importSession(
+        browserDetection: BrowserDetection = BrowserDetection(),
+        logger: ((String) -> Void)? = nil) throws -> SessionInfo
+    {
+        let sessions = try self.importSessions(browserDetection: browserDetection, logger: logger)
+        guard let first = sessions.first else { throw CommandCodeCookieImportError.noCookies }
+        return first
+    }
+
+    public static func hasSession(
+        browserDetection: BrowserDetection = BrowserDetection(),
+        logger: ((String) -> Void)? = nil) -> Bool
+    {
+        do {
+            let session = try self.importSession(browserDetection: browserDetection, logger: logger)
+            return !session.cookies.isEmpty
+        } catch {
+            return false
+        }
+    }
+
+    static func invalidateImportSessionCache() {
+        self.importSessionCache.invalidate()
+    }
+
+    private static func emit(_ message: String, logger: ((String) -> Void)?) {
+        logger?("[commandcode-cookie] \(message)")
+        self.log.debug(message)
+    }
+
+    private static func cachedImportSessions(now: Date = Date()) -> [SessionInfo]? {
+        self.importSessionCache.load(now: now)
+    }
+
+    private static func storeImportSessions(_ sessions: [SessionInfo], now: Date = Date()) {
+        self.importSessionCache.store(sessions, now: now)
+    }
+
+    private static func mergedLabel(for sources: [BrowserCookieStoreRecords]) -> String {
+        guard let base = sources.map(\.label).min() else { return "Unknown" }
+        if base.hasSuffix(" (Network)") {
+            return String(base.dropLast(" (Network)".count))
+        }
+        return base
+    }
+
+    private static func mergeRecords(_ sources: [BrowserCookieStoreRecords]) -> [BrowserCookieRecord] {
+        let sortedSources = sources.sorted { lhs, rhs in
+            self.storePriority(lhs.store.kind) < self.storePriority(rhs.store.kind)
+        }
+        var mergedByKey: [String: BrowserCookieRecord] = [:]
+        for source in sortedSources {
+            for record in source.records {
+                let key = self.recordKey(record)
+                if let existing = mergedByKey[key] {
+                    if self.shouldReplace(existing: existing, candidate: record) {
+                        mergedByKey[key] = record
+                    }
+                } else {
+                    mergedByKey[key] = record
+                }
+            }
+        }
+        return Array(mergedByKey.values)
+    }
+
+    private static func storePriority(_ kind: BrowserCookieStoreKind) -> Int {
+        switch kind {
+        case .network: 0
+        case .primary: 1
+        case .safari: 2
+        }
+    }
+
+    private static func recordKey(_ record: BrowserCookieRecord) -> String {
+        "\(record.name)|\(record.domain)|\(record.path)"
+    }
+
+    private static func shouldReplace(existing: BrowserCookieRecord, candidate: BrowserCookieRecord) -> Bool {
+        switch (existing.expires, candidate.expires) {
+        case let (lhs?, rhs?): rhs > lhs
+        case (nil, .some): true
+        case (.some, nil): false
+        case (nil, nil): false
+        }
+    }
+
+    private final class ImportSessionCache: @unchecked Sendable {
+        private let ttl: TimeInterval
+        private let lock = NSLock()
+        private var entry: (sessions: [SessionInfo], expiresAt: Date)?
+
+        init(ttl: TimeInterval) {
+            self.ttl = ttl
+        }
+
+        func load(now: Date) -> [SessionInfo]? {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            guard let entry = self.entry else { return nil }
+            guard entry.expiresAt > now else {
+                self.entry = nil
+                return nil
+            }
+            return entry.sessions
+        }
+
+        func store(_ sessions: [SessionInfo], now: Date) {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            self.entry = (sessions: sessions, expiresAt: now.addingTimeInterval(self.ttl))
+        }
+
+        func invalidate() {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            self.entry = nil
+        }
+    }
+}
+
+public enum CommandCodeCookieImportError: LocalizedError {
+    case noCookies
+
+    public var errorDescription: String? {
+        switch self {
+        case .noCookies:
+            "No Command Code session cookies found in browsers. Sign in to commandcode.ai."
+        }
+    }
+}
+#endif
diff --git a/Sources/CodexBarCore/Providers/CommandCode/CommandCodePlanCatalog.swift b/Sources/CodexBarCore/Providers/CommandCode/CommandCodePlanCatalog.swift
new file mode 100644
index 000000000..16c7bcea2
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/CommandCode/CommandCodePlanCatalog.swift
@@ -0,0 +1,34 @@
+import Foundation
+
+/// Static catalog of CommandCode subscription plans → monthly credit allowance (in USD).
+///
+/// The `/internal/billing/credits` endpoint exposes the *remaining* `monthlyCredits`,
+/// not the plan total. The plan total is published on the public pricing page
+/// (https://commandcode.ai/pricing) and is keyed by `planId` returned from
+/// `/internal/billing/subscriptions`.
+public enum CommandCodePlanCatalog {
+    public struct Plan: Sendable, Equatable {
+        public let id: String
+        public let displayName: String
+        /// Monthly credit allowance in USD.
+        public let monthlyCreditsUSD: Double
+
+        public init(id: String, displayName: String, monthlyCreditsUSD: Double) {
+            self.id = id
+            self.displayName = displayName
+            self.monthlyCreditsUSD = monthlyCreditsUSD
+        }
+    }
+
+    public static let plans: [Plan] = [
+        Plan(id: "individual-go", displayName: "Go", monthlyCreditsUSD: 10),
+        Plan(id: "individual-pro", displayName: "Pro", monthlyCreditsUSD: 30),
+        Plan(id: "individual-max", displayName: "Max", monthlyCreditsUSD: 150),
+        Plan(id: "individual-ultra", displayName: "Ultra", monthlyCreditsUSD: 300),
+    ]
+
+    public static func plan(forID planID: String) -> Plan? {
+        let normalized = planID.lowercased()
+        return self.plans.first(where: { $0.id == normalized })
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/CommandCode/CommandCodeProviderDescriptor.swift b/Sources/CodexBarCore/Providers/CommandCode/CommandCodeProviderDescriptor.swift
new file mode 100644
index 000000000..b4ee6735b
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/CommandCode/CommandCodeProviderDescriptor.swift
@@ -0,0 +1,96 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum CommandCodeProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .commandcode,
+            metadata: ProviderMetadata(
+                id: .commandcode,
+                displayName: "Command Code",
+                sessionLabel: "Monthly credits",
+                weeklyLabel: "Monthly",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: true,
+                creditsHint: "Monthly USD credits from Command Code billing.",
+                toggleTitle: "Show Command Code usage",
+                cliName: "commandcode",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: ProviderBrowserCookieDefaults.defaultImportOrder,
+                dashboardURL: "https://commandcode.ai/studio",
+                subscriptionDashboardURL: "https://commandcode.ai/sixhobbits/settings/billing",
+                statusPageURL: nil,
+                statusLinkURL: nil),
+            branding: ProviderBranding(
+                iconStyle: .commandcode,
+                iconResourceName: "ProviderIcon-commandcode",
+                color: ProviderColor(red: 0 / 255, green: 0 / 255, blue: 0 / 255)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "Command Code cost summary is not yet supported." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .web],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [CommandCodeWebFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "commandcode",
+                aliases: ["command-code"],
+                versionDetector: nil))
+    }
+}
+
+struct CommandCodeWebFetchStrategy: ProviderFetchStrategy {
+    let id: String = "commandcode.web"
+    let kind: ProviderFetchKind = .web
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        guard context.settings?.commandcode?.cookieSource != .off else { return false }
+        #if os(macOS)
+        return true
+        #else
+        return false
+        #endif
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        #if os(macOS)
+        let cookieHeader: String
+        let sourceLabel: String
+        if let manual = Self.manualCookieHeader(from: context) {
+            cookieHeader = manual
+            sourceLabel = "manual"
+        } else {
+            let session: CommandCodeCookieImporter.SessionInfo
+            do {
+                session = try CommandCodeCookieImporter.importSession()
+            } catch {
+                throw CommandCodeUsageError.missingCredentials
+            }
+            guard !session.cookies.isEmpty else {
+                throw CommandCodeUsageError.missingCredentials
+            }
+            cookieHeader = session.cookieHeader
+            sourceLabel = session.sourceLabel
+        }
+        let snapshot = try await CommandCodeUsageFetcher.fetchUsage(cookieHeader: cookieHeader)
+        return self.makeResult(
+            usage: snapshot.toUsageSnapshot(),
+            sourceLabel: sourceLabel)
+        #else
+        throw CommandCodeUsageError.missingCredentials
+        #endif
+    }
+
+    private static func manualCookieHeader(from context: ProviderFetchContext) -> String? {
+        guard context.settings?.commandcode?.cookieSource == .manual else { return nil }
+        return CookieHeaderNormalizer.normalize(context.settings?.commandcode?.manualCookieHeader)
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/CommandCode/CommandCodeUsageError.swift b/Sources/CodexBarCore/Providers/CommandCode/CommandCodeUsageError.swift
new file mode 100644
index 000000000..9e13b8914
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/CommandCode/CommandCodeUsageError.swift
@@ -0,0 +1,34 @@
+import Foundation
+
+public enum CommandCodeUsageError: LocalizedError, Sendable, Equatable {
+    case missingCredentials
+    case invalidCredentials
+    case networkError(String)
+    case apiError(Int)
+    case parseFailed(String)
+    case unknownPlan(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCredentials:
+            "Command Code session cookie not found. Sign in to commandcode.ai in Chrome."
+        case .invalidCredentials:
+            "Command Code session is invalid or expired. Sign in to commandcode.ai again."
+        case let .networkError(message):
+            "Command Code network error: \(message)"
+        case let .apiError(status):
+            "Command Code API returned status \(status)."
+        case let .parseFailed(message):
+            "Could not parse Command Code response: \(message)"
+        case let .unknownPlan(planID):
+            "Unknown Command Code plan: \(planID). Add it to CommandCodePlanCatalog."
+        }
+    }
+
+    public var isAuthRelated: Bool {
+        switch self {
+        case .missingCredentials, .invalidCredentials: true
+        default: false
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/CommandCode/CommandCodeUsageFetcher.swift b/Sources/CodexBarCore/Providers/CommandCode/CommandCodeUsageFetcher.swift
new file mode 100644
index 000000000..4c0b28244
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/CommandCode/CommandCodeUsageFetcher.swift
@@ -0,0 +1,181 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+/// Fetches live billing data from `api.commandcode.ai` using a better-auth session
+/// cookie scraped from the user's browser.
+public enum CommandCodeUsageFetcher {
+    private static let log = CodexBarLog.logger(LogCategories.commandcodeUsage)
+    private static let requestTimeoutSeconds: TimeInterval = 15
+    private static let apiBase = URL(string: "https://api.commandcode.ai")!
+    private static let creditsPath = "/internal/billing/credits"
+    private static let subscriptionsPath = "/internal/billing/subscriptions"
+    private static let webOrigin = "https://commandcode.ai"
+    private static let userAgent =
+        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) " +
+        "AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
+
+    public static func fetchUsage(
+        cookieHeader: String,
+        session transport: any ProviderHTTPTransport = ProviderHTTPClient.shared,
+        now: Date = Date()) async throws -> CommandCodeUsageSnapshot
+    {
+        async let creditsResult = self.fetchCredits(cookieHeader: cookieHeader, transport: transport)
+        async let subscriptionResult = self.fetchSubscription(cookieHeader: cookieHeader, transport: transport)
+
+        let credits = try await creditsResult
+        let subscription = try await subscriptionResult
+
+        let plan: CommandCodePlanCatalog.Plan? = subscription.flatMap { sub in
+            CommandCodePlanCatalog.plan(forID: sub.planID)
+        }
+
+        // If we got an active subscription with an unrecognised plan ID, surface that
+        // explicitly rather than silently dropping the totals row.
+        if let sub = subscription, sub.status.lowercased() == "active", plan == nil {
+            Self.log.error("Unknown CommandCode planId: \(sub.planID)")
+            throw CommandCodeUsageError.unknownPlan(sub.planID)
+        }
+
+        return CommandCodeUsageSnapshot(
+            monthlyCreditsRemaining: credits.monthlyCredits,
+            purchasedCredits: credits.purchasedCredits,
+            premiumMonthlyCredits: credits.premiumMonthlyCredits,
+            opensourceMonthlyCredits: credits.opensourceMonthlyCredits,
+            plan: plan,
+            billingPeriodEnd: subscription?.currentPeriodEnd,
+            subscriptionStatus: subscription?.status,
+            updatedAt: now)
+    }
+
+    // MARK: - Endpoints
+
+    struct CreditsPayload {
+        let monthlyCredits: Double
+        let purchasedCredits: Double
+        let premiumMonthlyCredits: Double
+        let opensourceMonthlyCredits: Double
+    }
+
+    struct SubscriptionPayload {
+        let planID: String
+        let status: String
+        let currentPeriodEnd: Date?
+    }
+
+    private static func fetchCredits(
+        cookieHeader: String,
+        transport: any ProviderHTTPTransport) async throws -> CreditsPayload
+    {
+        let url = self.apiBase.appendingPathComponent(self.creditsPath)
+        let data = try await self.send(url: url, cookieHeader: cookieHeader, transport: transport)
+        return try self.parseCredits(data: data)
+    }
+
+    private static func fetchSubscription(
+        cookieHeader: String,
+        transport: any ProviderHTTPTransport) async throws -> SubscriptionPayload?
+    {
+        let url = self.apiBase.appendingPathComponent(self.subscriptionsPath)
+        let data = try await self.send(url: url, cookieHeader: cookieHeader, transport: transport)
+        return try self.parseSubscription(data: data)
+    }
+
+    private static func send(
+        url: URL,
+        cookieHeader: String,
+        transport: any ProviderHTTPTransport) async throws -> Data
+    {
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.timeoutInterval = self.requestTimeoutSeconds
+        request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
+        request.setValue("application/json, text/plain, */*", forHTTPHeaderField: "Accept")
+        request.setValue("en-US,en;q=0.9", forHTTPHeaderField: "Accept-Language")
+        request.setValue(self.userAgent, forHTTPHeaderField: "User-Agent")
+        request.setValue(self.webOrigin, forHTTPHeaderField: "Origin")
+        request.setValue("\(self.webOrigin)/", forHTTPHeaderField: "Referer")
+
+        let response: ProviderHTTPResponse
+        do {
+            response = try await transport.response(for: request)
+        } catch {
+            throw CommandCodeUsageError.networkError(error.localizedDescription)
+        }
+        if response.statusCode == 401 || response.statusCode == 403 {
+            throw CommandCodeUsageError.invalidCredentials
+        }
+        guard (200..<300).contains(response.statusCode) else {
+            let body = String(data: response.data, encoding: .utf8) ?? ""
+            Self.log.error("CommandCode \(url.path) → \(response.statusCode): \(body)")
+            throw CommandCodeUsageError.apiError(response.statusCode)
+        }
+        return response.data
+    }
+
+    // MARK: - Parsing
+
+    static func parseCredits(data: Data) throws -> CreditsPayload {
+        guard let root = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
+            throw CommandCodeUsageError.parseFailed("Credits: invalid JSON")
+        }
+        guard let credits = root["credits"] as? [String: Any] else {
+            throw CommandCodeUsageError.parseFailed("Credits: missing 'credits' object")
+        }
+        guard let monthly = self.double(from: credits["monthlyCredits"]) else {
+            throw CommandCodeUsageError.parseFailed("Credits: missing monthlyCredits")
+        }
+        return CreditsPayload(
+            monthlyCredits: monthly,
+            purchasedCredits: self.double(from: credits["purchasedCredits"]) ?? 0,
+            premiumMonthlyCredits: self.double(from: credits["premiumMonthlyCredits"]) ?? 0,
+            opensourceMonthlyCredits: self.double(from: credits["opensourceMonthlyCredits"]) ?? 0)
+    }
+
+    static func parseSubscription(data: Data) throws -> SubscriptionPayload? {
+        guard let root = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
+            throw CommandCodeUsageError.parseFailed("Subscriptions: invalid JSON")
+        }
+        // {"success":true,"data":{...}} when subscribed; data may be missing or null on free tier.
+        guard root["success"] as? Bool ?? false else {
+            return nil
+        }
+        guard let data = root["data"] as? [String: Any] else {
+            return nil
+        }
+        guard let planID = data["planId"] as? String, !planID.isEmpty else {
+            throw CommandCodeUsageError.parseFailed("Subscriptions: missing planId")
+        }
+        let status = (data["status"] as? String) ?? "unknown"
+        let periodEnd = self.date(from: data["currentPeriodEnd"])
+        return SubscriptionPayload(planID: planID, status: status, currentPeriodEnd: periodEnd)
+    }
+
+    // MARK: - Value coercion
+
+    private static func double(from value: Any?) -> Double? {
+        switch value {
+        case let n as NSNumber:
+            let d = n.doubleValue
+            return d.isFinite ? d : nil
+        case let s as String:
+            let trimmed = s.trimmingCharacters(in: .whitespacesAndNewlines)
+            return Double(trimmed)
+        default:
+            return nil
+        }
+    }
+
+    private static func date(from value: Any?) -> Date? {
+        guard let s = value as? String else { return nil }
+        let trimmed = s.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return nil }
+        let fractional = ISO8601DateFormatter()
+        fractional.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        if let date = fractional.date(from: trimmed) { return date }
+        let plain = ISO8601DateFormatter()
+        plain.formatOptions = [.withInternetDateTime]
+        return plain.date(from: trimmed)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/CommandCode/CommandCodeUsageSnapshot.swift b/Sources/CodexBarCore/Providers/CommandCode/CommandCodeUsageSnapshot.swift
new file mode 100644
index 000000000..b93fe8d9f
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/CommandCode/CommandCodeUsageSnapshot.swift
@@ -0,0 +1,117 @@
+import Foundation
+
+/// Parsed view of CommandCode `/internal/billing/credits` + `/internal/billing/subscriptions`.
+public struct CommandCodeUsageSnapshot: Sendable {
+    /// USD remaining in the current monthly grant (`credits.monthlyCredits`).
+    public let monthlyCreditsRemaining: Double
+    /// USD top-up balance carried over (`credits.purchasedCredits`).
+    public let purchasedCredits: Double
+    /// USD remaining in the premium monthly grant (`credits.premiumMonthlyCredits`).
+    public let premiumMonthlyCredits: Double
+    /// USD remaining in the open-source monthly grant (`credits.opensourceMonthlyCredits`).
+    public let opensourceMonthlyCredits: Double
+    /// Subscription plan, or nil when the user is on the free tier.
+    public let plan: CommandCodePlanCatalog.Plan?
+    /// `currentPeriodEnd` from the active subscription.
+    public let billingPeriodEnd: Date?
+    /// Subscription status (e.g. `active`, `canceled`).
+    public let subscriptionStatus: String?
+    public let updatedAt: Date
+
+    public init(
+        monthlyCreditsRemaining: Double,
+        purchasedCredits: Double,
+        premiumMonthlyCredits: Double,
+        opensourceMonthlyCredits: Double,
+        plan: CommandCodePlanCatalog.Plan?,
+        billingPeriodEnd: Date?,
+        subscriptionStatus: String?,
+        updatedAt: Date = Date())
+    {
+        self.monthlyCreditsRemaining = monthlyCreditsRemaining
+        self.purchasedCredits = purchasedCredits
+        self.premiumMonthlyCredits = premiumMonthlyCredits
+        self.opensourceMonthlyCredits = opensourceMonthlyCredits
+        self.plan = plan
+        self.billingPeriodEnd = billingPeriodEnd
+        self.subscriptionStatus = subscriptionStatus
+        self.updatedAt = updatedAt
+    }
+
+    /// USD allocation for the active monthly grant (from the catalog).
+    public var monthlyCreditsTotal: Double? {
+        self.plan?.monthlyCreditsUSD
+    }
+
+    /// USD spent in the current monthly grant (total – remaining), clamped to [0, total].
+    public var monthlyCreditsUsed: Double? {
+        guard let total = self.monthlyCreditsTotal else { return nil }
+        return max(0, min(total, total - self.monthlyCreditsRemaining))
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let primary = self.makePrimaryWindow()
+
+        let identity = ProviderIdentitySnapshot(
+            providerID: .commandcode,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: self.makeLoginMethod())
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: nil,
+            tertiary: nil,
+            providerCost: nil,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+
+    private func makePrimaryWindow() -> RateWindow? {
+        guard let total = self.monthlyCreditsTotal, total > 0 else {
+            // Free / unknown plan with no allowance — surface 100% so the bar renders empty.
+            if self.monthlyCreditsRemaining > 0 || self.purchasedCredits > 0 {
+                return RateWindow(
+                    usedPercent: 0,
+                    windowMinutes: nil,
+                    resetsAt: self.billingPeriodEnd,
+                    resetDescription: nil)
+            }
+            return nil
+        }
+        let used = self.monthlyCreditsUsed ?? 0
+        let percent = min(100, max(0, (used / total) * 100))
+        return RateWindow(
+            usedPercent: percent,
+            windowMinutes: nil,
+            resetsAt: self.billingPeriodEnd,
+            resetDescription: nil)
+    }
+
+    private func makeLoginMethod() -> String? {
+        var parts: [String] = []
+        if let name = self.plan?.displayName, !name.isEmpty {
+            parts.append(name)
+        }
+        if let total = self.monthlyCreditsTotal {
+            let used = self.monthlyCreditsUsed ?? 0
+            parts.append("\(Self.formatUSD(used)) of \(Self.formatUSD(total))")
+        } else if self.monthlyCreditsRemaining > 0 {
+            parts.append("\(Self.formatUSD(self.monthlyCreditsRemaining)) remaining")
+        }
+        if self.purchasedCredits > 0 {
+            parts.append("+ \(Self.formatUSD(self.purchasedCredits)) credits")
+        }
+        return parts.isEmpty ? nil : parts.joined(separator: " · ")
+    }
+
+    static func formatUSD(_ value: Double) -> String {
+        let formatter = NumberFormatter()
+        formatter.numberStyle = .currency
+        formatter.currencyCode = "USD"
+        formatter.locale = Locale(identifier: "en_US")
+        formatter.maximumFractionDigits = value < 100 ? 2 : 0
+        formatter.minimumFractionDigits = value < 100 ? 2 : 0
+        return formatter.string(from: NSNumber(value: value)) ?? "$\(value)"
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Copilot/CopilotDeviceFlow.swift b/Sources/CodexBarCore/Providers/Copilot/CopilotDeviceFlow.swift
index 094ad9f2e..ed003330b 100644
--- a/Sources/CodexBarCore/Providers/Copilot/CopilotDeviceFlow.swift
+++ b/Sources/CodexBarCore/Providers/Copilot/CopilotDeviceFlow.swift
@@ -4,20 +4,29 @@ import FoundationNetworking
 #endif
 
 public struct CopilotDeviceFlow: Sendable {
+    public static let defaultHost = "github.com"
+
     private let clientID = "Iv1.b507a08c87ecfe98" // VS Code Client ID
     private let scopes = "read:user"
+    private let host: String
 
     public struct DeviceCodeResponse: Decodable, Sendable {
         public let deviceCode: String
         public let userCode: String
         public let verificationUri: String
+        public let verificationUriComplete: String?
         public let expiresIn: Int
         public let interval: Int
 
+        public var verificationURLToOpen: String {
+            self.verificationUriComplete ?? self.verificationUri
+        }
+
         enum CodingKeys: String, CodingKey {
             case deviceCode = "device_code"
             case userCode = "user_code"
             case verificationUri = "verification_uri"
+            case verificationUriComplete = "verification_uri_complete"
             case expiresIn = "expires_in"
             case interval
         }
@@ -35,11 +44,48 @@ public struct CopilotDeviceFlow: Sendable {
         }
     }
 
-    public init() {}
+    public init(enterpriseHost: String? = nil) {
+        self.host = Self.normalizedHost(enterpriseHost)
+    }
+
+    public var deviceCodeURL: URL? {
+        Self.makeRequestURL(host: self.host, path: "/login/device/code")
+    }
+
+    public var accessTokenURL: URL? {
+        Self.makeRequestURL(host: self.host, path: "/login/oauth/access_token")
+    }
+
+    public static func normalizedHost(_ raw: String?) -> String {
+        guard var host = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !host.isEmpty else {
+            return self.defaultHost
+        }
+        let componentsValue = host.contains("://") ? host : "https://\(host)"
+        if let components = URLComponents(string: componentsValue),
+           let parsedHost = components.host,
+           !parsedHost.isEmpty
+        {
+            host = parsedHost
+            if let port = components.port {
+                host += ":\(port)"
+            }
+        } else {
+            if host.hasPrefix("https://") {
+                host.removeFirst("https://".count)
+            } else if host.hasPrefix("http://") {
+                host.removeFirst("http://".count)
+            }
+            host = host.split(separator: "/", maxSplits: 1).first.map(String.init) ?? host
+        }
+        let normalized = host.trimmingCharacters(in: CharacterSet(charactersIn: ".")).lowercased()
+        return normalized.isEmpty ? Self.defaultHost : normalized
+    }
 
     public func requestDeviceCode() async throws -> DeviceCodeResponse {
-        let components = URLComponents(string: "https://github.com/login/device/code")!
-        let request = URLRequest(url: components.url!)
+        guard let deviceCodeURL = self.deviceCodeURL else {
+            throw URLError(.badURL)
+        }
+        let request = URLRequest(url: deviceCodeURL)
 
         var postRequest = request
         postRequest.httpMethod = "POST"
@@ -52,18 +98,20 @@ public struct CopilotDeviceFlow: Sendable {
         ]
         postRequest.httpBody = Self.formURLEncodedBody(body)
 
-        let (data, response) = try await URLSession.shared.data(for: postRequest)
+        let response = try await ProviderHTTPClient.shared.response(for: postRequest)
 
-        guard let httpResponse = response as? HTTPURLResponse, httpResponse.statusCode == 200 else {
+        guard response.statusCode == 200 else {
             throw URLError(.badServerResponse)
         }
 
-        return try JSONDecoder().decode(DeviceCodeResponse.self, from: data)
+        return try JSONDecoder().decode(DeviceCodeResponse.self, from: response.data)
     }
 
     public func pollForToken(deviceCode: String, interval: Int) async throws -> String {
-        let url = URL(string: "https://github.com/login/oauth/access_token")!
-        var request = URLRequest(url: url)
+        guard let accessTokenURL = self.accessTokenURL else {
+            throw URLError(.badURL)
+        }
+        var request = URLRequest(url: accessTokenURL)
         request.httpMethod = "POST"
         request.setValue("application/json", forHTTPHeaderField: "Accept")
         request.setValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")
@@ -79,10 +127,10 @@ public struct CopilotDeviceFlow: Sendable {
             try await Task.sleep(nanoseconds: UInt64(interval) * 1_000_000_000)
             try Task.checkCancellation()
 
-            let (data, _) = try await URLSession.shared.data(for: request)
+            let response = try await ProviderHTTPClient.shared.response(for: request)
 
             // Check for error in JSON
-            if let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
+            if let json = try? JSONSerialization.jsonObject(with: response.data) as? [String: Any],
                let error = json["error"] as? String
             {
                 if error == "authorization_pending" {
@@ -98,7 +146,7 @@ public struct CopilotDeviceFlow: Sendable {
                 throw URLError(.userAuthenticationRequired) // Generic failure
             }
 
-            if let tokenResponse = try? JSONDecoder().decode(AccessTokenResponse.self, from: data) {
+            if let tokenResponse = try? JSONDecoder().decode(AccessTokenResponse.self, from: response.data) {
                 return tokenResponse.accessToken
             }
         }
@@ -113,6 +161,10 @@ public struct CopilotDeviceFlow: Sendable {
         return Data(pairs.utf8)
     }
 
+    static func makeRequestURL(host: String, path: String) -> URL? {
+        URL(string: "https://\(host)\(path)")
+    }
+
     private static func formEncode(_ value: String) -> String {
         var allowed = CharacterSet.urlQueryAllowed
         allowed.remove(charactersIn: "+&=")
diff --git a/Sources/CodexBarCore/Providers/Copilot/CopilotProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Copilot/CopilotProviderDescriptor.swift
index 9e2b063cc..3709cabed 100644
--- a/Sources/CodexBarCore/Providers/Copilot/CopilotProviderDescriptor.swift
+++ b/Sources/CodexBarCore/Providers/Copilot/CopilotProviderDescriptor.swift
@@ -44,14 +44,16 @@ struct CopilotAPIFetchStrategy: ProviderFetchStrategy {
     let kind: ProviderFetchKind = .apiToken
 
     func isAvailable(_ context: ProviderFetchContext) async -> Bool {
-        Self.resolveToken(environment: context.env) != nil
+        Self.resolveToken(context: context) != nil
     }
 
     func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
-        guard let token = Self.resolveToken(environment: context.env), !token.isEmpty else {
+        guard let token = Self.resolveToken(context: context), !token.isEmpty else {
             throw URLError(.userAuthenticationRequired)
         }
-        let fetcher = CopilotUsageFetcher(token: token)
+        let fetcher = CopilotUsageFetcher(
+            token: token,
+            enterpriseHost: context.settings?.copilot?.enterpriseHost)
         let snap = try await fetcher.fetch()
         return self.makeResult(
             usage: snap,
@@ -62,7 +64,10 @@ struct CopilotAPIFetchStrategy: ProviderFetchStrategy {
         false
     }
 
-    private static func resolveToken(environment: [String: String]) -> String? {
-        ProviderTokenResolver.copilotToken(environment: environment)
+    private static func resolveToken(context: ProviderFetchContext) -> String? {
+        ProviderTokenResolver.copilotToken(environment: context.env)
+            ?? ProviderTokenResolver.copilotResolution(environment: [
+                "COPILOT_API_TOKEN": context.settings?.copilot?.apiToken ?? "",
+            ])?.token
     }
 }
diff --git a/Sources/CodexBarCore/Providers/Copilot/CopilotUsageFetcher.swift b/Sources/CodexBarCore/Providers/Copilot/CopilotUsageFetcher.swift
index ddf41a10a..8aa9b2214 100644
--- a/Sources/CodexBarCore/Providers/Copilot/CopilotUsageFetcher.swift
+++ b/Sources/CodexBarCore/Providers/Copilot/CopilotUsageFetcher.swift
@@ -4,14 +4,43 @@ import FoundationNetworking
 #endif
 
 public struct CopilotUsageFetcher: Sendable {
+    public struct GitHubUserIdentity: Decodable, Equatable, Sendable {
+        public let id: Int64
+        public let login: String
+
+        public init(id: Int64, login: String) {
+            self.id = id
+            self.login = login
+        }
+    }
+
     private let token: String
+    private let enterpriseHost: String?
 
-    public init(token: String) {
+    public init(token: String, enterpriseHost: String? = nil) {
         self.token = token
+        self.enterpriseHost = enterpriseHost
+    }
+
+    public static func apiHost(enterpriseHost: String?) -> String {
+        let host = CopilotDeviceFlow.normalizedHost(enterpriseHost)
+        if host == CopilotDeviceFlow.defaultHost {
+            return "api.github.com"
+        }
+        if host.hasPrefix("api.") {
+            return host
+        }
+        return "api.\(host)"
+    }
+
+    public static func usageURL(enterpriseHost: String?) -> URL? {
+        CopilotDeviceFlow.makeRequestURL(
+            host: self.apiHost(enterpriseHost: enterpriseHost),
+            path: "/copilot_internal/user")
     }
 
     public func fetch() async throws -> UsageSnapshot {
-        guard let url = URL(string: "https://api.github.com/copilot_internal/user") else {
+        guard let url = Self.usageURL(enterpriseHost: self.enterpriseHost) else {
             throw URLError(.badURL)
         }
 
@@ -20,23 +49,19 @@ public struct CopilotUsageFetcher: Sendable {
         request.setValue("token \(self.token)", forHTTPHeaderField: "Authorization")
         self.addCommonHeaders(to: &request)
 
-        let (data, response) = try await URLSession.shared.data(for: request)
-
-        guard let httpResponse = response as? HTTPURLResponse else {
-            throw URLError(.badServerResponse)
-        }
+        let response = try await ProviderHTTPClient.shared.response(for: request)
 
-        if httpResponse.statusCode == 401 || httpResponse.statusCode == 403 {
+        if response.statusCode == 401 || response.statusCode == 403 {
             throw URLError(.userAuthenticationRequired)
         }
 
-        guard httpResponse.statusCode == 200 else {
+        guard response.statusCode == 200 else {
             throw URLError(.badServerResponse)
         }
 
-        let usage = try JSONDecoder().decode(CopilotUsageResponse.self, from: data)
-        let premium = self.makeRateWindow(from: usage.quotaSnapshots.premiumInteractions)
-        let chat = self.makeRateWindow(from: usage.quotaSnapshots.chat)
+        let usage = try JSONDecoder().decode(CopilotUsageResponse.self, from: response.data)
+        let premium = Self.makeRateWindow(from: usage.quotaSnapshots.premiumInteractions)
+        let chat = Self.makeRateWindow(from: usage.quotaSnapshots.chat)
 
         let primary: RateWindow?
         let secondary: RateWindow?
@@ -66,6 +91,33 @@ public struct CopilotUsageFetcher: Sendable {
             identity: identity)
     }
 
+    public static func fetchGitHubUsername(token: String) async throws -> String {
+        try await self.fetchGitHubIdentity(token: token).login
+    }
+
+    public static func fetchGitHubIdentity(
+        token: String,
+        transport: any ProviderHTTPTransport = ProviderHTTPClient.shared)
+        async throws -> GitHubUserIdentity
+    {
+        guard let url = URL(string: "https://api.github.com/user") else {
+            throw URLError(.badURL)
+        }
+        var request = URLRequest(url: url)
+        request.setValue("token \(token)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+
+        let response = try await transport.response(for: request)
+        switch response.statusCode {
+        case 200:
+            return try JSONDecoder().decode(GitHubUserIdentity.self, from: response.data)
+        case 401, 403:
+            throw URLError(.userAuthenticationRequired)
+        default:
+            throw URLError(.badServerResponse)
+        }
+    }
+
     private func addCommonHeaders(to request: inout URLRequest) {
         request.setValue("application/json", forHTTPHeaderField: "Accept")
         request.setValue("vscode/1.96.2", forHTTPHeaderField: "Editor-Version")
@@ -74,17 +126,19 @@ public struct CopilotUsageFetcher: Sendable {
         request.setValue("2025-04-01", forHTTPHeaderField: "X-Github-Api-Version")
     }
 
-    private func makeRateWindow(from snapshot: CopilotUsageResponse.QuotaSnapshot?) -> RateWindow? {
+    static func makeRateWindow(from snapshot: CopilotUsageResponse.QuotaSnapshot?) -> RateWindow? {
         guard let snapshot else { return nil }
         guard !snapshot.isPlaceholder else { return nil }
         guard snapshot.hasPercentRemaining else { return nil }
-        // percent_remaining is 0-100 based on the JSON example in the web app source
-        let usedPercent = max(0, 100 - snapshot.percentRemaining)
+        let usedPercent = snapshot.usedPercent
+        let overQuotaDescription = snapshot.overQuotaUsedPercent.map { used in
+            String(format: "%.0f%% used", used)
+        }
 
         return RateWindow(
             usedPercent: usedPercent,
             windowMinutes: nil, // Not provided
             resetsAt: nil, // Not provided per-quota in the simplified snapshot
-            resetDescription: nil)
+            resetDescription: overQuotaDescription)
     }
 }
diff --git a/Sources/CodexBarCore/Providers/Crof/CrofProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Crof/CrofProviderDescriptor.swift
new file mode 100644
index 000000000..3e43e0785
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Crof/CrofProviderDescriptor.swift
@@ -0,0 +1,70 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum CrofProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .crof,
+            metadata: ProviderMetadata(
+                id: .crof,
+                displayName: "Crof",
+                sessionLabel: "Requests",
+                weeklyLabel: "Credits",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "Credit balance from the Crof usage API",
+                toggleTitle: "Show Crof usage",
+                cliName: "crof",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: nil,
+                dashboardURL: "https://crof.ai/dashboard",
+                statusPageURL: nil,
+                statusLinkURL: nil),
+            branding: ProviderBranding(
+                iconStyle: .crof,
+                iconResourceName: "ProviderIcon-crof",
+                color: ProviderColor(red: 0.18, green: 0.67, blue: 0.58)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "Crof cost summary is not available via API." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .api],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [CrofAPIFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "crof",
+                aliases: ["crofai"],
+                versionDetector: nil))
+    }
+}
+
+struct CrofAPIFetchStrategy: ProviderFetchStrategy {
+    let id: String = "crof.api"
+    let kind: ProviderFetchKind = .apiToken
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        Self.resolveToken(environment: context.env) != nil
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard let apiKey = Self.resolveToken(environment: context.env) else {
+            throw CrofUsageError.missingCredentials
+        }
+        let usage = try await CrofUsageFetcher.fetchUsage(apiKey: apiKey)
+        return self.makeResult(
+            usage: usage.toUsageSnapshot(),
+            sourceLabel: "api")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    private static func resolveToken(environment: [String: String]) -> String? {
+        ProviderTokenResolver.crofToken(environment: environment)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Crof/CrofSettingsReader.swift b/Sources/CodexBarCore/Providers/Crof/CrofSettingsReader.swift
new file mode 100644
index 000000000..14680a9ce
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Crof/CrofSettingsReader.swift
@@ -0,0 +1,27 @@
+import Foundation
+
+public enum CrofSettingsReader {
+    public static let apiKeyEnvironmentKeys = ["CROF_API_KEY", "CROFAI_API_KEY"]
+
+    public static func apiKey(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        for key in self.apiKeyEnvironmentKeys {
+            if let value = self.cleaned(environment[key]) {
+                return value
+            }
+        }
+        return nil
+    }
+
+    private static func cleaned(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+        value = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : value
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Crof/CrofUsageFetcher.swift b/Sources/CodexBarCore/Providers/Crof/CrofUsageFetcher.swift
new file mode 100644
index 000000000..c8c3a4cac
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Crof/CrofUsageFetcher.swift
@@ -0,0 +1,89 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public struct CrofUsageResponse: Decodable, Sendable {
+    public let credits: Double
+    public let requestsPlan: Double
+    public let usableRequests: Double
+
+    enum CodingKeys: String, CodingKey {
+        case credits
+        case requestsPlan = "requests_plan"
+        case usableRequests = "usable_requests"
+    }
+}
+
+public enum CrofUsageError: LocalizedError, Sendable, Equatable {
+    case missingCredentials
+    case networkError(String)
+    case apiError(Int)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCredentials:
+            "Missing Crof API key."
+        case let .networkError(message):
+            "Crof network error: \(message)"
+        case let .apiError(statusCode):
+            "Crof API error: HTTP \(statusCode)"
+        case let .parseFailed(message):
+            "Failed to parse Crof response: \(message)"
+        }
+    }
+}
+
+public enum CrofUsageFetcher {
+    public static let usageURL = URL(string: "https://crof.ai/usage_api/")!
+    private static let timeoutSeconds: TimeInterval = 15
+
+    public static func fetchUsage(
+        apiKey: String,
+        session transport: any ProviderHTTPTransport = ProviderHTTPClient.shared) async throws -> CrofUsageSnapshot
+    {
+        let trimmed = apiKey.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else {
+            throw CrofUsageError.missingCredentials
+        }
+
+        var request = URLRequest(url: self.usageURL)
+        request.httpMethod = "GET"
+        request.timeoutInterval = Self.timeoutSeconds
+        request.setValue("Bearer \(trimmed)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+
+        let response: ProviderHTTPResponse
+        do {
+            response = try await transport.response(for: request)
+        } catch {
+            throw CrofUsageError.networkError(error.localizedDescription)
+        }
+
+        guard response.statusCode == 200 else {
+            throw CrofUsageError.apiError(response.statusCode)
+        }
+
+        return try self.parseSnapshot(response.data)
+    }
+
+    static func _parseSnapshotForTesting(_ data: Data) throws -> CrofUsageSnapshot {
+        try self.parseSnapshot(data)
+    }
+
+    private static func parseSnapshot(_ data: Data) throws -> CrofUsageSnapshot {
+        let decoded: CrofUsageResponse
+        do {
+            decoded = try JSONDecoder().decode(CrofUsageResponse.self, from: data)
+        } catch {
+            throw CrofUsageError.parseFailed(error.localizedDescription)
+        }
+
+        return CrofUsageSnapshot(
+            credits: decoded.credits,
+            requestsPlan: decoded.requestsPlan,
+            usableRequests: decoded.usableRequests,
+            updatedAt: Date())
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Crof/CrofUsageSnapshot.swift b/Sources/CodexBarCore/Providers/Crof/CrofUsageSnapshot.swift
new file mode 100644
index 000000000..ee76bcb9e
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Crof/CrofUsageSnapshot.swift
@@ -0,0 +1,83 @@
+import Foundation
+
+public struct CrofUsageSnapshot: Sendable {
+    private static let requestWindowMinutes = 24 * 60
+    private static let resetTimeZone = TimeZone(identifier: "America/Chicago") ?? TimeZone(secondsFromGMT: -5)!
+
+    public let credits: Double
+    public let requestsPlan: Double
+    public let usableRequests: Double
+    public let updatedAt: Date
+
+    public init(
+        credits: Double,
+        requestsPlan: Double,
+        usableRequests: Double,
+        updatedAt: Date = Date())
+    {
+        self.credits = credits
+        self.requestsPlan = requestsPlan
+        self.usableRequests = usableRequests
+        self.updatedAt = updatedAt
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let usedPercent: Double
+        if self.requestsPlan > 0 {
+            let usableRequests = max(0, min(self.requestsPlan, self.usableRequests))
+            let remainingPercent = floor(usableRequests / self.requestsPlan * 100).clamped(to: 0...100)
+            usedPercent = 100 - remainingPercent
+        } else {
+            usedPercent = 100
+        }
+
+        let primary = RateWindow(
+            usedPercent: usedPercent,
+            windowMinutes: Self.requestWindowMinutes,
+            resetsAt: Self.nextRequestReset(after: self.updatedAt),
+            resetDescription: Self.formatRequestsLeft(self.usableRequests))
+
+        let creditsDetail = Self.formatCredits(self.credits)
+        let secondary = RateWindow(
+            // Crof returns a balance but no credit cap, so the bar only indicates present vs. exhausted credits.
+            usedPercent: self.credits > 0 ? 0 : 100,
+            windowMinutes: nil,
+            resetsAt: nil,
+            resetDescription: creditsDetail)
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: secondary,
+            providerCost: nil,
+            updatedAt: self.updatedAt,
+            identity: ProviderIdentitySnapshot(
+                providerID: .crof,
+                accountEmail: nil,
+                accountOrganization: nil,
+                loginMethod: "API key"))
+    }
+
+    private static func formatCredits(_ value: Double) -> String {
+        let clamped = max(0, value)
+        let cents = floor(clamped * 100) / 100
+        return String(format: "$%.2f", cents)
+    }
+
+    private static func formatRequestsLeft(_ value: Double) -> String {
+        let clamped = max(0, value)
+        let formatted = clamped.rounded() == clamped
+            ? String(format: "%.0f", clamped)
+            : String(format: "%.2f", clamped)
+        return "\(formatted) requests left"
+    }
+
+    private static func nextRequestReset(after date: Date) -> Date? {
+        var calendar = Calendar(identifier: .gregorian)
+        calendar.timeZone = Self.resetTimeZone
+
+        let startOfDay = calendar.startOfDay(for: date)
+        return startOfDay <= date
+            ? calendar.date(byAdding: .day, value: 1, to: startOfDay)
+            : startOfDay
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Cursor/CursorProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Cursor/CursorProviderDescriptor.swift
index e694e2e77..76742f5e5 100644
--- a/Sources/CodexBarCore/Providers/Cursor/CursorProviderDescriptor.swift
+++ b/Sources/CodexBarCore/Providers/Cursor/CursorProviderDescriptor.swift
@@ -10,10 +10,10 @@ public enum CursorProviderDescriptor {
             metadata: ProviderMetadata(
                 id: .cursor,
                 displayName: "Cursor",
-                sessionLabel: "Plan",
-                weeklyLabel: "On-Demand",
-                opusLabel: nil,
-                supportsOpus: false,
+                sessionLabel: "Total",
+                weeklyLabel: "Auto",
+                opusLabel: "API",
+                supportsOpus: true,
                 supportsCredits: true,
                 creditsHint: "On-demand usage beyond included plan limits.",
                 toggleTitle: "Show Cursor usage",
@@ -21,7 +21,8 @@ public enum CursorProviderDescriptor {
                 defaultEnabled: false,
                 isPrimaryProvider: false,
                 usesAccountFallback: false,
-                browserCookieOrder: ProviderBrowserCookieDefaults.defaultImportOrder,
+                browserCookieOrder: ProviderBrowserCookieDefaults.cursorCookieImportOrder
+                    ?? ProviderBrowserCookieDefaults.defaultImportOrder,
                 dashboardURL: "https://cursor.com/dashboard?tab=usage",
                 statusPageURL: "https://status.cursor.com",
                 statusLinkURL: nil),
diff --git a/Sources/CodexBarCore/Providers/Cursor/CursorStatusProbe.swift b/Sources/CodexBarCore/Providers/Cursor/CursorStatusProbe.swift
index 84cca3c3d..bb94fdfca 100644
--- a/Sources/CodexBarCore/Providers/Cursor/CursorStatusProbe.swift
+++ b/Sources/CodexBarCore/Providers/Cursor/CursorStatusProbe.swift
@@ -1,4 +1,7 @@
 import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
 import SweetCookieKit
 
 #if os(macOS)
@@ -15,6 +18,20 @@ public enum CursorCookieImporter {
         "WorkosCursorSessionToken",
         "__Secure-next-auth.session-token",
         "next-auth.session-token",
+        // WorkOS AuthKit (common default; configurable server-side)
+        "wos-session",
+        "__Secure-wos-session",
+        // Auth.js v5
+        "authjs.session-token",
+        "__Secure-authjs.session-token",
+    ]
+
+    /// Hosts whose cookies may authenticate Cursor web/API requests.
+    private static let cookieDomains = [
+        "cursor.com",
+        "www.cursor.com",
+        "cursor.sh",
+        "authenticator.cursor.sh",
     ]
 
     public struct SessionInfo: Sendable {
@@ -31,35 +48,125 @@ public enum CursorCookieImporter {
         }
     }
 
+    /// Reads Cursor session cookies from one browser if present (no fallback to other browsers).
+    static func importSessionIfPresent(
+        browser: Browser,
+        browserDetection: BrowserDetection,
+        logger: ((String) -> Void)? = nil) -> SessionInfo?
+    {
+        self.importSessionsIfPresent(
+            browser: browser,
+            browserDetection: browserDetection,
+            logger: logger).first
+    }
+
+    /// Reads all Cursor session-cookie candidates from one browser source order.
+    static func importSessionsIfPresent(
+        browser: Browser,
+        browserDetection: BrowserDetection,
+        logger: ((String) -> Void)? = nil) -> [SessionInfo]
+    {
+        self.importCookiesFromBrowser(
+            browser: browser,
+            browserDetection: browserDetection,
+            requireKnownSessionName: true,
+            logger: logger)
+    }
+
+    /// Like ``importSessionIfPresent`` but accepts any non-empty cookie set for Cursor domains so the API can validate
+    /// (used after the strict name pass fails — e.g. new cookie names or host-only cookies).
+    static func importDomainCookiesIfPresent(
+        browser: Browser,
+        browserDetection: BrowserDetection,
+        logger: ((String) -> Void)? = nil) -> SessionInfo?
+    {
+        self.importDomainCookieSessionsIfPresent(
+            browser: browser,
+            browserDetection: browserDetection,
+            logger: logger).first
+    }
+
+    /// Reads fallback cookie candidates whose names are not already covered by the strict session-cookie pass.
+    static func importDomainCookieSessionsIfPresent(
+        browser: Browser,
+        browserDetection: BrowserDetection,
+        logger: ((String) -> Void)? = nil) -> [SessionInfo]
+    {
+        self.importCookiesFromBrowser(
+            browser: browser,
+            browserDetection: browserDetection,
+            requireKnownSessionName: false,
+            logger: logger)
+    }
+
+    private static func importCookiesFromBrowser(
+        browser: Browser,
+        browserDetection: BrowserDetection,
+        requireKnownSessionName: Bool,
+        logger: ((String) -> Void)?) -> [SessionInfo]
+    {
+        let log: (String) -> Void = { msg in logger?("[cursor-cookie] \(msg)") }
+        guard browserDetection.isCookieSourceAvailable(browser) else { return [] }
+        guard BrowserCookieAccessGate.shouldAttempt(browser) else { return [] }
+
+        do {
+            let query = BrowserCookieQuery(domains: Self.cookieDomains)
+            let sources = try Self.cookieClient.codexBarRecords(
+                matching: query,
+                in: browser,
+                logger: log)
+            var sessions: [SessionInfo] = []
+            for source in sources where !source.records.isEmpty {
+                let httpCookies = BrowserCookieClient.makeHTTPCookies(source.records, origin: query.origin)
+                let hasNamedSession = httpCookies.contains(where: { Self.sessionCookieNames.contains($0.name) })
+                if hasNamedSession {
+                    log("Found \(httpCookies.count) Cursor cookies in \(source.label)")
+                    if requireKnownSessionName {
+                        sessions.append(SessionInfo(cookies: httpCookies, sourceLabel: source.label))
+                    }
+                    continue
+                }
+                if !requireKnownSessionName, !httpCookies.isEmpty {
+                    log(
+                        "Found \(httpCookies.count) Cursor domain cookies in \(source.label) "
+                            + "(no known session name); will validate via API")
+                    sessions.append(SessionInfo(
+                        cookies: httpCookies,
+                        sourceLabel: "\(source.label) (domain cookies)"))
+                    continue
+                }
+                log("\(source.label) cookies found, but no Cursor session cookie present")
+            }
+            return sessions
+        } catch {
+            BrowserCookieAccessGate.recordIfNeeded(error)
+            log("\(browser.displayName) cookie import failed: \(error.localizedDescription)")
+        }
+        return []
+    }
+
     /// Attempts to import Cursor cookies using the standard browser import order.
     public static func importSession(
         browserDetection: BrowserDetection,
         logger: ((String) -> Void)? = nil) throws -> SessionInfo
     {
-        let log: (String) -> Void = { msg in logger?("[cursor-cookie] \(msg)") }
-
-        // Filter to cookie-eligible browsers to avoid unnecessary keychain prompts
         let installedBrowsers = cursorCookieImportOrder.cookieImportCandidates(using: browserDetection)
-        let cookieDomains = ["cursor.com", "cursor.sh"]
         for browserSource in installedBrowsers {
-            do {
-                let query = BrowserCookieQuery(domains: cookieDomains)
-                let sources = try Self.cookieClient.records(
-                    matching: query,
-                    in: browserSource,
-                    logger: log)
-                for source in sources where !source.records.isEmpty {
-                    let httpCookies = BrowserCookieClient.makeHTTPCookies(source.records, origin: query.origin)
-                    if httpCookies.contains(where: { Self.sessionCookieNames.contains($0.name) }) {
-                        log("Found \(httpCookies.count) Cursor cookies in \(source.label)")
-                        return SessionInfo(cookies: httpCookies, sourceLabel: source.label)
-                    } else {
-                        log("\(source.label) cookies found, but no Cursor session cookie present")
-                    }
-                }
-            } catch {
-                BrowserCookieAccessGate.recordIfNeeded(error)
-                log("\(browserSource.displayName) cookie import failed: \(error.localizedDescription)")
+            if let session = Self.importSessionsIfPresent(
+                browser: browserSource,
+                browserDetection: browserDetection,
+                logger: logger).first
+            {
+                return session
+            }
+        }
+        for browserSource in installedBrowsers {
+            if let session = Self.importDomainCookieSessionsIfPresent(
+                browser: browserSource,
+                browserDetection: browserDetection,
+                logger: logger).first
+            {
+                return session
             }
         }
 
@@ -94,6 +201,38 @@ public struct CursorUsageSummary: Codable, Sendable {
 public struct CursorIndividualUsage: Codable, Sendable {
     public let plan: CursorPlanUsage?
     public let onDemand: CursorOnDemandUsage?
+    /// Enterprise / team-member personal cap. Reported by Cursor when the account is part of a team or
+    /// enterprise plan with an individual quota. Values follow the same cents-based units as `plan`.
+    public let overall: CursorOverallUsage?
+
+    public init(
+        plan: CursorPlanUsage? = nil,
+        onDemand: CursorOnDemandUsage? = nil,
+        overall: CursorOverallUsage? = nil)
+    {
+        self.plan = plan
+        self.onDemand = onDemand
+        self.overall = overall
+    }
+}
+
+/// Personal cap reported under `individualUsage.overall` for Enterprise/Team members.
+/// Mirrors the shape of `CursorOnDemandUsage`; values are in cents.
+public struct CursorOverallUsage: Codable, Sendable {
+    public let enabled: Bool?
+    /// Usage in cents (e.g., 7384 = $73.84)
+    public let used: Int?
+    /// Limit in cents (e.g., 10000 = $100.00). `nil` indicates the API omitted a numeric cap.
+    public let limit: Int?
+    /// Remaining in cents.
+    public let remaining: Int?
+
+    public init(enabled: Bool? = nil, used: Int? = nil, limit: Int? = nil, remaining: Int? = nil) {
+        self.enabled = enabled
+        self.used = used
+        self.limit = limit
+        self.remaining = remaining
+    }
 }
 
 public struct CursorPlanUsage: Codable, Sendable {
@@ -128,6 +267,31 @@ public struct CursorOnDemandUsage: Codable, Sendable {
 
 public struct CursorTeamUsage: Codable, Sendable {
     public let onDemand: CursorOnDemandUsage?
+    /// Shared team/enterprise pool counted across all members. Same cents-based units as the other usage blocks.
+    public let pooled: CursorPooledUsage?
+
+    public init(onDemand: CursorOnDemandUsage? = nil, pooled: CursorPooledUsage? = nil) {
+        self.onDemand = onDemand
+        self.pooled = pooled
+    }
+}
+
+/// Shared team/enterprise pool reported under `teamUsage.pooled`. Values are in cents.
+public struct CursorPooledUsage: Codable, Sendable {
+    public let enabled: Bool?
+    /// Pool usage in cents.
+    public let used: Int?
+    /// Pool limit in cents. `nil` indicates an unlimited or unreported pool.
+    public let limit: Int?
+    /// Pool remaining in cents.
+    public let remaining: Int?
+
+    public init(enabled: Bool? = nil, used: Int? = nil, limit: Int? = nil, remaining: Int? = nil) {
+        self.enabled = enabled
+        self.used = used
+        self.limit = limit
+        self.remaining = remaining
+    }
 }
 
 // MARK: - Cursor Usage API Models (Legacy Request-Based Plans)
@@ -174,8 +338,12 @@ public struct CursorUserInfo: Codable, Sendable {
 // MARK: - Cursor Status Snapshot
 
 public struct CursorStatusSnapshot: Sendable {
-    /// Percentage of included plan usage (0-100)
+    /// Percentage of included plan usage (0-100) — the "Total" headline number from Cursor's UI
     public let planPercentUsed: Double
+    /// Auto + Composer usage percent (0-100), nil when not available
+    public let autoPercentUsed: Double?
+    /// API (named model) usage percent (0-100), nil when not available
+    public let apiPercentUsed: Double?
     /// Included plan usage in USD
     public let planUsedUSD: Double
     /// Included plan limit in USD
@@ -213,6 +381,8 @@ public struct CursorStatusSnapshot: Sendable {
 
     public init(
         planPercentUsed: Double,
+        autoPercentUsed: Double? = nil,
+        apiPercentUsed: Double? = nil,
         planUsedUSD: Double,
         planLimitUSD: Double,
         onDemandUsedUSD: Double,
@@ -228,6 +398,8 @@ public struct CursorStatusSnapshot: Sendable {
         requestsLimit: Int? = nil)
     {
         self.planPercentUsed = planPercentUsed
+        self.autoPercentUsed = autoPercentUsed
+        self.apiPercentUsed = apiPercentUsed
         self.planUsedUSD = planUsedUSD
         self.planLimitUSD = planLimitUSD
         self.onDemandUsedUSD = onDemandUsedUSD
@@ -262,31 +434,37 @@ public struct CursorStatusSnapshot: Sendable {
             resetsAt: self.billingCycleEnd,
             resetDescription: self.billingCycleEnd.map { Self.formatResetDate($0) })
 
-        // Always use individual on-demand values (what users see in their Cursor dashboard).
-        // Team values are aggregates across all members, not useful for individual tracking.
-        let resolvedOnDemandUsed = self.onDemandUsedUSD
-        let resolvedOnDemandLimit = self.onDemandLimitUSD
+        // Secondary: Auto + Composer usage (shown as its own bar below Total)
+        let secondary: RateWindow? = self.autoPercentUsed.map { pct in
+            RateWindow(
+                usedPercent: pct,
+                windowMinutes: nil,
+                resetsAt: self.billingCycleEnd,
+                resetDescription: self.billingCycleEnd.map { Self.formatResetDate($0) })
+        }
 
-        // Secondary: On-demand usage as percentage of individual limit
-        let secondary: RateWindow? = if let limit = resolvedOnDemandLimit,
-                                        limit > 0
-        {
+        // Tertiary: API (named model) usage
+        let tertiary: RateWindow? = self.apiPercentUsed.map { pct in
             RateWindow(
-                usedPercent: (resolvedOnDemandUsed / limit) * 100,
+                usedPercent: pct,
                 windowMinutes: nil,
                 resetsAt: self.billingCycleEnd,
                 resetDescription: self.billingCycleEnd.map { Self.formatResetDate($0) })
-        } else {
-            nil
         }
 
-        // Provider cost snapshot for on-demand usage
-        let providerCost: ProviderCostSnapshot? = if resolvedOnDemandUsed > 0 {
+        // On-demand: tracked via providerCost only (shown in the credits/cost section)
+        let resolvedOnDemandUsed = self.onDemandUsedUSD
+        let resolvedOnDemandLimit = self.onDemandLimitUSD
+
+        // Provider cost snapshot for on-demand usage (include budget before first spend)
+        let providerCost: ProviderCostSnapshot? = if resolvedOnDemandUsed > 0
+            || (resolvedOnDemandLimit ?? 0) > 0
+        {
             ProviderCostSnapshot(
                 used: resolvedOnDemandUsed,
                 limit: resolvedOnDemandLimit ?? 0,
                 currencyCode: "USD",
-                period: "monthly",
+                period: "Monthly",
                 resetsAt: self.billingCycleEnd,
                 updatedAt: Date())
         } else {
@@ -310,7 +488,7 @@ public struct CursorStatusSnapshot: Sendable {
         return UsageSnapshot(
             primary: primary,
             secondary: secondary,
-            tertiary: nil,
+            tertiary: tertiary,
             providerCost: providerCost,
             cursorRequests: cursorRequests,
             updatedAt: Date(),
@@ -357,7 +535,9 @@ public enum CursorStatusProbeError: LocalizedError, Sendable {
         case let .parseFailed(msg):
             "Could not parse Cursor usage: \(msg)"
         case .noSessionCookie:
-            "No Cursor session found. Please log in to cursor.com in \(cursorCookieImportOrder.loginHint)."
+            "No Cursor session found. Please log in to cursor.com in \(cursorCookieImportOrder.loginHint). "
+                + "If you use Safari, grant CodexBar Full Disk Access in System Settings ▸ Privacy & Security. "
+                + "You can also sign in to Cursor from the CodexBar menu (Add / switch account)."
         }
     }
 }
@@ -490,15 +670,18 @@ public struct CursorStatusProbe: Sendable {
     public let baseURL: URL
     public var timeout: TimeInterval = 15.0
     private let browserDetection: BrowserDetection
+    private let urlSession: any ProviderHTTPTransport
 
     public init(
         baseURL: URL = URL(string: "https://cursor.com")!,
         timeout: TimeInterval = 15.0,
-        browserDetection: BrowserDetection)
+        browserDetection: BrowserDetection,
+        urlSession: any ProviderHTTPTransport = ProviderHTTPClient.shared)
     {
         self.baseURL = baseURL
         self.timeout = timeout
         self.browserDetection = browserDetection
+        self.urlSession = urlSession
     }
 
     /// Fetch Cursor usage with manual cookie header (for debugging).
@@ -507,17 +690,22 @@ public struct CursorStatusProbe: Sendable {
     }
 
     /// Fetch Cursor usage using browser cookies with fallback to stored session.
-    public func fetch(cookieHeaderOverride: String? = nil, logger: ((String) -> Void)? = nil)
+    public func fetch(
+        cookieHeaderOverride: String? = nil,
+        allowCachedSessions: Bool = true,
+        logger: ((String) -> Void)? = nil)
         async throws -> CursorStatusSnapshot
     {
         let log: (String) -> Void = { msg in logger?("[cursor] \(msg)") }
+        var firstRecoverableError: CursorStatusProbeError?
 
         if let override = CookieHeaderNormalizer.normalize(cookieHeaderOverride) {
             log("Using manual cookie header")
             return try await self.fetchWithCookieHeader(override)
         }
 
-        if let cached = CookieHeaderCache.load(provider: .cursor),
+        if allowCachedSessions,
+           let cached = CookieHeaderCache.load(provider: .cursor),
            !cached.cookieHeader.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
         {
             log("Using cached cookie header from \(cached.sourceLabel)")
@@ -534,47 +722,195 @@ public struct CursorStatusProbe: Sendable {
             }
         }
 
-        // Try importing cookies from the configured browser order first.
-        do {
-            let session = try CursorCookieImporter.importSession(browserDetection: self.browserDetection, logger: log)
-            log("Using cookies from \(session.sourceLabel)")
-            let snapshot = try await self.fetchWithCookieHeader(session.cookieHeader)
-            CookieHeaderCache.store(
-                provider: .cursor,
-                cookieHeader: session.cookieHeader,
-                sourceLabel: session.sourceLabel)
+        // Try each browser in order. The first browser that *has* session cookie names is not always valid
+        // (e.g. stale Chrome tokens); keep trying until the API accepts a session or we run out of browsers.
+        let browserCandidates = cursorCookieImportOrder.cookieImportCandidates(using: self.browserDetection)
+        switch await self.scanBrowsers(
+            browserCandidates,
+            importSessions: { browser in
+                CursorCookieImporter.importSessionsIfPresent(
+                    browser: browser,
+                    browserDetection: self.browserDetection,
+                    logger: log)
+            },
+            attemptFetch: { session in
+                await self.fetchIfSessionAccepted(session, log: log)
+            })
+        {
+        case let .succeeded(snapshot):
             return snapshot
-        } catch {
-            log("Browser cookie import failed: \(error.localizedDescription)")
+        case let .exhausted(error):
+            firstRecoverableError = error ?? firstRecoverableError
+        }
+
+        switch await self.scanBrowsers(
+            browserCandidates,
+            importSessions: { browser in
+                CursorCookieImporter.importDomainCookieSessionsIfPresent(
+                    browser: browser,
+                    browserDetection: self.browserDetection,
+                    logger: log)
+            },
+            attemptFetch: { session in
+                await self.fetchIfSessionAccepted(session, log: log)
+            })
+        {
+        case let .succeeded(snapshot):
+            return snapshot
+        case let .exhausted(error):
+            firstRecoverableError = error ?? firstRecoverableError
         }
 
         // Fall back to stored session cookies (from "Add Account" login flow)
-        let storedCookies = await CursorSessionStore.shared.getCookies()
-        if !storedCookies.isEmpty {
-            log("Using stored session cookies")
-            let cookieHeader = storedCookies.map { "\($0.name)=\($0.value)" }.joined(separator: "; ")
-            do {
-                return try await self.fetchWithCookieHeader(cookieHeader)
-            } catch {
-                if case CursorStatusProbeError.notLoggedIn = error {
-                    // Clear only when auth is invalid; keep for transient failures.
-                    await CursorSessionStore.shared.clearCookies()
-                    log("Stored session invalid, cleared")
-                } else {
+        if allowCachedSessions {
+            let storedCookies = await CursorSessionStore.shared.getCookies()
+            if !storedCookies.isEmpty {
+                log("Using stored session cookies")
+                let cookieHeader = storedCookies.map { "\($0.name)=\($0.value)" }.joined(separator: "; ")
+                do {
+                    return try await self.fetchWithCookieHeader(cookieHeader)
+                } catch let error as CursorStatusProbeError {
+                    if case .notLoggedIn = error {
+                        // Clear only when auth is invalid; keep for transient failures.
+                        await CursorSessionStore.shared.clearCookies()
+                        log("Stored session invalid, cleared")
+                    } else {
+                        log("Stored session failed: \(error.localizedDescription)")
+                        firstRecoverableError = firstRecoverableError ?? error
+                    }
+                } catch {
                     log("Stored session failed: \(error.localizedDescription)")
+                    firstRecoverableError = firstRecoverableError ?? .networkError(error.localizedDescription)
                 }
             }
         }
 
+        if let firstRecoverableError {
+            throw firstRecoverableError
+        }
+
         throw CursorStatusProbeError.noSessionCookie
     }
 
+    enum ImportedSessionFetchOutcome {
+        case succeeded(CursorStatusSnapshot)
+        case tryNextBrowser
+        case failed(CursorStatusProbeError)
+    }
+
+    enum ImportedSessionScanResult {
+        case succeeded(CursorStatusSnapshot)
+        case exhausted(CursorStatusProbeError?)
+    }
+
+    func scanBrowsers(
+        _ browsers: [Browser],
+        importSessions: (Browser) -> [CursorCookieImporter.SessionInfo],
+        attemptFetch: (CursorCookieImporter.SessionInfo) async -> ImportedSessionFetchOutcome) async
+        -> ImportedSessionScanResult
+    {
+        var firstFailure: CursorStatusProbeError?
+
+        for browser in browsers {
+            let sessions = importSessions(browser)
+            guard !sessions.isEmpty else { continue }
+            for session in sessions {
+                switch await attemptFetch(session) {
+                case let .succeeded(snapshot):
+                    return .succeeded(snapshot)
+                case .tryNextBrowser:
+                    continue
+                case let .failed(error):
+                    firstFailure = firstFailure ?? error
+                }
+            }
+        }
+
+        return .exhausted(firstFailure)
+    }
+
+    func scanImportedSessions(
+        _ sessions: [CursorCookieImporter.SessionInfo],
+        attemptFetch: (CursorCookieImporter.SessionInfo) async -> ImportedSessionFetchOutcome) async
+        -> ImportedSessionScanResult
+    {
+        var firstFailure: CursorStatusProbeError?
+
+        for session in sessions {
+            switch await attemptFetch(session) {
+            case let .succeeded(snapshot):
+                return .succeeded(snapshot)
+            case .tryNextBrowser:
+                continue
+            case let .failed(error):
+                firstFailure = firstFailure ?? error
+            }
+        }
+
+        return .exhausted(firstFailure)
+    }
+
+    private func fetchIfSessionAccepted(
+        _ session: CursorCookieImporter.SessionInfo,
+        log: @escaping (String) -> Void) async -> ImportedSessionFetchOutcome
+    {
+        log("Trying Cursor session from \(session.sourceLabel)")
+        do {
+            let snapshot = try await self.fetchWithCookieHeader(session.cookieHeader)
+            CookieHeaderCache.store(
+                provider: .cursor,
+                cookieHeader: session.cookieHeader,
+                sourceLabel: session.sourceLabel)
+            return .succeeded(snapshot)
+        } catch let error as CursorStatusProbeError {
+            if case .notLoggedIn = error {
+                log("Cursor API rejected cookies from \(session.sourceLabel); trying next browser if any")
+                return .tryNextBrowser
+            }
+            log("Cursor fetch failed using \(session.sourceLabel): \(error.localizedDescription)")
+            return .failed(error)
+        } catch {
+            log("Cursor fetch failed using \(session.sourceLabel): \(error.localizedDescription)")
+            return .failed(.networkError(error.localizedDescription))
+        }
+    }
+
     private func fetchWithCookieHeader(_ cookieHeader: String) async throws -> CursorStatusSnapshot {
-        async let usageSummaryTask = self.fetchUsageSummary(cookieHeader: cookieHeader)
-        async let userInfoTask = self.fetchUserInfo(cookieHeader: cookieHeader)
+        enum FetchPart: Sendable {
+            case usageSummary((CursorUsageSummary, String))
+            case userInfo(Result<CursorUserInfo, Error>)
+        }
 
-        let (usageSummary, rawJSON) = try await usageSummaryTask
-        let userInfo = try? await userInfoTask
+        var usageSummaryResult: (CursorUsageSummary, String)?
+        var userInfo: CursorUserInfo?
+
+        try await withThrowingTaskGroup(of: FetchPart.self) { group in
+            group.addTask {
+                try await .usageSummary(self.fetchUsageSummary(cookieHeader: cookieHeader))
+            }
+            group.addTask {
+                do {
+                    return try await .userInfo(.success(self.fetchUserInfo(cookieHeader: cookieHeader)))
+                } catch {
+                    return .userInfo(.failure(error))
+                }
+            }
+
+            while let result = try await group.next() {
+                switch result {
+                case let .usageSummary(value):
+                    usageSummaryResult = value
+                case let .userInfo(value):
+                    userInfo = try? value.get()
+                }
+            }
+        }
+
+        guard let usageSummaryResult else {
+            throw CursorStatusProbeError.networkError("Cursor usage summary fetch did not complete")
+        }
+
+        let (usageSummary, rawJSON) = usageSummaryResult
 
         // Fetch legacy request usage only if user has a sub ID.
         // Uses try? to avoid breaking the flow for users where this endpoint fails or returns unexpected data.
@@ -610,7 +946,7 @@ public struct CursorStatusProbe: Sendable {
         request.setValue("application/json", forHTTPHeaderField: "Accept")
         request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
 
-        let (data, response) = try await URLSession.shared.data(for: request)
+        let (data, response) = try await self.urlSession.data(for: request)
 
         guard let httpResponse = response as? HTTPURLResponse else {
             throw CursorStatusProbeError.networkError("Invalid response")
@@ -643,7 +979,7 @@ public struct CursorStatusProbe: Sendable {
         request.setValue("application/json", forHTTPHeaderField: "Accept")
         request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
 
-        let (data, response) = try await URLSession.shared.data(for: request)
+        let (data, response) = try await self.urlSession.data(for: request)
 
         guard let httpResponse = response as? HTTPURLResponse, httpResponse.statusCode == 200 else {
             throw CursorStatusProbeError.networkError("Failed to fetch user info")
@@ -664,7 +1000,7 @@ public struct CursorStatusProbe: Sendable {
         request.setValue("application/json", forHTTPHeaderField: "Accept")
         request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
 
-        let (data, response) = try await URLSession.shared.data(for: request)
+        let (data, response) = try await self.urlSession.data(for: request)
 
         guard let httpResponse = response as? HTTPURLResponse, httpResponse.statusCode == 200 else {
             throw CursorStatusProbeError.networkError("Failed to fetch request usage")
@@ -693,16 +1029,76 @@ public struct CursorStatusProbe: Sendable {
         // Use plan.limit directly - breakdown.total represents total *used* credits, not the limit.
         let planUsedRaw = Double(summary.individualUsage?.plan?.used ?? 0)
         let planLimitRaw = Double(summary.individualUsage?.plan?.limit ?? 0)
-        let planUsed = planUsedRaw / 100.0
-        let planLimit = planLimitRaw / 100.0
-        let planPercentUsed: Double = if planLimitRaw > 0 {
+        func normPct(_ value: Double?) -> Double? {
+            guard let v = value else { return nil }
+            if v < 0 { return 0 }
+            if v > 100 { return 100 }
+            return v
+        }
+
+        func normalizeTotalPercent(_ v: Double) -> Double {
+            max(0, min(100, v))
+        }
+
+        // Cursor's usage-summary percent fields are already in percentage units, even when they are fractional
+        // values below 1.0 (for example 0.36 means 0.36%, which the dashboard rounds to 0%).
+        let autoPercent = normPct(summary.individualUsage?.plan?.autoPercentUsed)
+        let apiPercent = normPct(summary.individualUsage?.plan?.apiPercentUsed)
+
+        // Enterprise / team-member personal cap (cents). Reported under `individualUsage.overall` for accounts
+        // that don't get a `plan` block. Falls through to existing logic when absent so non-enterprise paths
+        // are untouched.
+        let overallUsedRaw = (summary.individualUsage?.overall?.used).map(Double.init)
+        let overallLimitRaw = (summary.individualUsage?.overall?.limit).map(Double.init)
+
+        // Shared team/enterprise pool (cents). Last-resort fallback when no individual data is available.
+        let pooledUsedRaw = (summary.teamUsage?.pooled?.used).map(Double.init)
+        let pooledLimitRaw = (summary.teamUsage?.pooled?.limit).map(Double.init)
+
+        // Headline "Total" precedence:
+        //   1. `individualUsage.plan.totalPercentUsed` (existing behavior for Pro/Hobby/etc.)
+        //   2. averaged `auto` + `api` lane percents (existing behavior)
+        //   3. either lane alone (existing behavior)
+        //   4. `individualUsage.plan` ratio (existing behavior)
+        //   5. NEW: `individualUsage.overall` ratio (Enterprise/Team personal cap)
+        //   6. NEW: `teamUsage.pooled` ratio (last resort when no individual data is reported)
+        let planPercentUsed: Double = if let totalPercentUsed = summary.individualUsage?.plan?.totalPercentUsed {
+            normalizeTotalPercent(totalPercentUsed)
+        } else if let autoUsed = autoPercent, let apiUsed = apiPercent {
+            max(0, min(100, (autoUsed + apiUsed) / 2))
+        } else if let apiUsed = apiPercent {
+            max(0, min(100, apiUsed))
+        } else if let autoUsed = autoPercent {
+            max(0, min(100, autoUsed))
+        } else if planLimitRaw > 0 {
             (planUsedRaw / planLimitRaw) * 100
-        } else if let totalPercentUsed = summary.individualUsage?.plan?.totalPercentUsed {
-            totalPercentUsed <= 1 ? totalPercentUsed * 100 : totalPercentUsed
+        } else if let used = overallUsedRaw, let limit = overallLimitRaw, limit > 0 {
+            normalizeTotalPercent((used / limit) * 100)
+        } else if let used = pooledUsedRaw, let limit = pooledLimitRaw, limit > 0 {
+            normalizeTotalPercent((used / limit) * 100)
         } else {
             0
         }
 
+        // USD figures: prefer the source the headline ultimately came from. When `plan` is missing but
+        // `overall` or `pooled` carry the cents, surface those so the on-demand display and downstream
+        // consumers see real dollar amounts instead of zeros.
+        let planUsed: Double
+        let planLimit: Double
+        if planLimitRaw > 0 || planUsedRaw > 0 {
+            planUsed = planUsedRaw / 100.0
+            planLimit = planLimitRaw / 100.0
+        } else if let usedCents = overallUsedRaw, let limitCents = overallLimitRaw {
+            planUsed = usedCents / 100.0
+            planLimit = limitCents / 100.0
+        } else if let usedCents = pooledUsedRaw, let limitCents = pooledLimitRaw {
+            planUsed = usedCents / 100.0
+            planLimit = limitCents / 100.0
+        } else {
+            planUsed = 0
+            planLimit = 0
+        }
+
         let onDemandUsed = Double(summary.individualUsage?.onDemand?.used ?? 0) / 100.0
         let onDemandLimit: Double? = summary.individualUsage?.onDemand?.limit.map { Double($0) / 100.0 }
 
@@ -715,6 +1111,8 @@ public struct CursorStatusProbe: Sendable {
 
         return CursorStatusSnapshot(
             planPercentUsed: planPercentUsed,
+            autoPercentUsed: autoPercent,
+            apiPercentUsed: apiPercent,
             planUsedUSD: planUsed,
             planLimitUSD: planLimit,
             onDemandUsedUSD: onDemandUsed,
@@ -761,11 +1159,13 @@ public struct CursorStatusProbe: Sendable {
     public init(
         baseURL: URL = URL(string: "https://cursor.com")!,
         timeout: TimeInterval = 15.0,
-        browserDetection: BrowserDetection)
+        browserDetection: BrowserDetection,
+        urlSession: any ProviderHTTPTransport = ProviderHTTPClient.shared)
     {
         _ = baseURL
         _ = timeout
         _ = browserDetection
+        _ = urlSession
     }
 
     public func fetch(logger: ((String) -> Void)? = nil) async throws -> CursorStatusSnapshot {
@@ -775,6 +1175,7 @@ public struct CursorStatusProbe: Sendable {
 
     public func fetch(
         cookieHeaderOverride _: String? = nil,
+        allowCachedSessions _: Bool = true,
         logger: ((String) -> Void)? = nil) async throws -> CursorStatusSnapshot
     {
         try await self.fetch(logger: logger)
diff --git a/Sources/CodexBarCore/Providers/DeepSeek/DeepSeekProviderDescriptor.swift b/Sources/CodexBarCore/Providers/DeepSeek/DeepSeekProviderDescriptor.swift
new file mode 100644
index 000000000..fec26d578
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/DeepSeek/DeepSeekProviderDescriptor.swift
@@ -0,0 +1,73 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum DeepSeekProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .deepseek,
+            metadata: ProviderMetadata(
+                id: .deepseek,
+                displayName: "DeepSeek",
+                sessionLabel: "Balance",
+                weeklyLabel: "Balance",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show DeepSeek usage",
+                cliName: "deepseek",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: nil,
+                dashboardURL: "https://platform.deepseek.com/usage",
+                statusPageURL: nil,
+                statusLinkURL: "https://status.deepseek.com"),
+            branding: ProviderBranding(
+                iconStyle: .deepseek,
+                iconResourceName: "ProviderIcon-deepseek",
+                color: ProviderColor(red: 0.32, green: 0.49, blue: 0.94)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "DeepSeek per-day cost history is not available via API." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .api],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [DeepSeekAPIFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "deepseek",
+                aliases: ["deep-seek", "ds"],
+                versionDetector: nil))
+    }
+}
+
+struct DeepSeekAPIFetchStrategy: ProviderFetchStrategy {
+    let id: String = "deepseek.api"
+    let kind: ProviderFetchKind = .apiToken
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        Self.resolveToken(environment: context.env) != nil
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard let apiKey = Self.resolveToken(environment: context.env) else {
+            throw DeepSeekUsageError.missingCredentials
+        }
+        let usage = try await DeepSeekUsageFetcher.fetchUsage(
+            apiKey: apiKey,
+            includeOptionalUsage: context.includeOptionalUsage)
+
+        return self.makeResult(
+            usage: usage.toUsageSnapshot(),
+            sourceLabel: "api")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    private static func resolveToken(environment: [String: String]) -> String? {
+        ProviderTokenResolver.deepseekToken(environment: environment)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/DeepSeek/DeepSeekSettingsReader.swift b/Sources/CodexBarCore/Providers/DeepSeek/DeepSeekSettingsReader.swift
new file mode 100644
index 000000000..3c787cabc
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/DeepSeek/DeepSeekSettingsReader.swift
@@ -0,0 +1,33 @@
+import Foundation
+
+public struct DeepSeekSettingsReader: Sendable {
+    public static let apiKeyEnvironmentKey = "DEEPSEEK_API_KEY"
+    public static let apiKeyEnvironmentKeys = [Self.apiKeyEnvironmentKey, "DEEPSEEK_KEY"]
+
+    public static func apiKey(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        for key in self.apiKeyEnvironmentKeys {
+            guard let raw = environment[key]?.trimmingCharacters(in: .whitespacesAndNewlines),
+                  !raw.isEmpty
+            else {
+                continue
+            }
+            let cleaned = Self.cleaned(raw)
+            if !cleaned.isEmpty {
+                return cleaned
+            }
+        }
+        return nil
+    }
+
+    private static func cleaned(_ raw: String) -> String {
+        var value = raw
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+        return value.trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/DeepSeek/DeepSeekUsageCostParser.swift b/Sources/CodexBarCore/Providers/DeepSeek/DeepSeekUsageCostParser.swift
new file mode 100644
index 000000000..77e6e4f25
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/DeepSeek/DeepSeekUsageCostParser.swift
@@ -0,0 +1,709 @@
+import Foundation
+
+// MARK: - Amount Response Models
+
+struct DeepSeekAmountPayload: Decodable {
+    let code: Int?
+    let msg: String?
+    let data: DeepSeekAmountData?
+
+    private enum CodingKeys: String, CodingKey {
+        case code, msg, data
+    }
+
+    init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.code = try container.decodeIfPresent(Int.self, forKey: .code)
+        self.msg = try container.decodeIfPresent(String.self, forKey: .msg)
+        if container.contains(.data) {
+            if let dataValue = try? container.decodeIfPresent(DeepSeekAmountData.self, forKey: .data) {
+                self.data = dataValue
+            } else {
+                self.data = nil
+            }
+        } else {
+            self.data = nil
+        }
+    }
+}
+
+struct DeepSeekAmountData: Decodable {
+    let bizCode: Int?
+    let bizMsg: String?
+    let bizData: DeepSeekAmountBizData?
+
+    private enum CodingKeys: String, CodingKey {
+        case bizCode = "biz_code"
+        case bizMsg = "biz_msg"
+        case bizData = "biz_data"
+    }
+
+    init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.bizCode = try container.decodeIfPresent(Int.self, forKey: .bizCode)
+        self.bizMsg = try container.decodeIfPresent(String.self, forKey: .bizMsg)
+        if container.contains(.bizData) {
+            if let dataValue = try? container.decodeIfPresent(DeepSeekAmountBizData.self, forKey: .bizData) {
+                self.bizData = dataValue
+            } else {
+                self.bizData = nil
+            }
+        } else {
+            self.bizData = nil
+        }
+    }
+}
+
+struct DeepSeekAmountBizData: Decodable {
+    let total: [DeepSeekModelUsage]?
+    let days: [DeepSeekDayUsage]?
+
+    private enum CodingKeys: String, CodingKey {
+        case total, days
+    }
+}
+
+// MARK: - Cost Response Models
+
+struct DeepSeekCostPayload: Decodable {
+    let code: Int?
+    let msg: String?
+    let data: DeepSeekCostData?
+
+    private enum CodingKeys: String, CodingKey {
+        case code, msg, data
+    }
+
+    init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.code = try container.decodeIfPresent(Int.self, forKey: .code)
+        self.msg = try container.decodeIfPresent(String.self, forKey: .msg)
+        if container.contains(.data) {
+            if let dataValue = try? container.decodeIfPresent(DeepSeekCostData.self, forKey: .data) {
+                self.data = dataValue
+            } else {
+                self.data = nil
+            }
+        } else {
+            self.data = nil
+        }
+    }
+}
+
+struct DeepSeekCostData: Decodable {
+    let bizCode: Int?
+    let bizMsg: String?
+    let bizData: [DeepSeekCostBizDataItem]?
+
+    private enum CodingKeys: String, CodingKey {
+        case bizCode = "biz_code"
+        case bizMsg = "biz_msg"
+        case bizData = "biz_data"
+    }
+
+    init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.bizCode = try container.decodeIfPresent(Int.self, forKey: .bizCode)
+        self.bizMsg = try container.decodeIfPresent(String.self, forKey: .bizMsg)
+        self.bizData = try container.decodeIfPresent([DeepSeekCostBizDataItem].self, forKey: .bizData)
+    }
+}
+
+struct DeepSeekCostBizDataItem: Decodable {
+    let total: [DeepSeekCostModelUsage]?
+    let days: [DeepSeekCostDayUsage]?
+    let currency: String?
+
+    private enum CodingKeys: String, CodingKey {
+        case total, days, currency
+    }
+}
+
+// MARK: - Shared Models
+
+struct DeepSeekModelUsage: Decodable {
+    let model: String?
+    let usage: [DeepSeekUsageItem]?
+
+    private enum CodingKeys: String, CodingKey {
+        case model, usage
+    }
+}
+
+struct DeepSeekDayUsage: Decodable {
+    let date: String?
+    let data: [DeepSeekModelUsage]?
+
+    private enum CodingKeys: String, CodingKey {
+        case date, data
+    }
+}
+
+struct DeepSeekUsageItem: Decodable {
+    let type: String?
+    let amount: String?
+
+    private enum CodingKeys: String, CodingKey {
+        case type, amount
+    }
+}
+
+struct DeepSeekCostModelUsage: Decodable {
+    let model: String?
+    let usage: [DeepSeekCostItem]?
+
+    private enum CodingKeys: String, CodingKey {
+        case model, usage
+    }
+}
+
+struct DeepSeekCostDayUsage: Decodable {
+    let date: String?
+    let data: [DeepSeekCostModelUsage]?
+
+    private enum CodingKeys: String, CodingKey {
+        case date, data
+    }
+}
+
+struct DeepSeekCostItem: Decodable {
+    let type: String?
+    let amount: String?
+
+    private enum CodingKeys: String, CodingKey {
+        case type, amount
+    }
+}
+
+// MARK: - Domain Models
+
+public struct DeepSeekUsageSummary: Sendable, Equatable {
+    public let todayTokens: Int
+    public let currentMonthTokens: Int
+    public let todayCost: Double?
+    public let currentMonthCost: Double?
+    public let requestCount: Int
+    public let currentMonthRequestCount: Int
+    public let topModel: String?
+    public let categoryBreakdown: [DeepSeekCategoryBreakdown]
+    public let daily: [DeepSeekDailyUsage]
+    public let currency: String
+    public let updatedAt: Date
+
+    public init(
+        todayTokens: Int,
+        currentMonthTokens: Int,
+        todayCost: Double?,
+        currentMonthCost: Double?,
+        requestCount: Int,
+        currentMonthRequestCount: Int,
+        topModel: String?,
+        categoryBreakdown: [DeepSeekCategoryBreakdown],
+        daily: [DeepSeekDailyUsage],
+        currency: String,
+        updatedAt: Date)
+    {
+        self.todayTokens = todayTokens
+        self.currentMonthTokens = currentMonthTokens
+        self.todayCost = todayCost
+        self.currentMonthCost = currentMonthCost
+        self.requestCount = requestCount
+        self.currentMonthRequestCount = currentMonthRequestCount
+        self.topModel = topModel
+        self.categoryBreakdown = categoryBreakdown
+        self.daily = daily
+        self.currency = currency
+        self.updatedAt = updatedAt
+    }
+}
+
+public struct DeepSeekCategoryBreakdown: Sendable, Equatable {
+    public let category: DeepSeekUsageCategory
+    public let tokens: Int
+    public let cost: Double?
+
+    public init(category: DeepSeekUsageCategory, tokens: Int, cost: Double?) {
+        self.category = category
+        self.tokens = tokens
+        self.cost = cost
+    }
+}
+
+public enum DeepSeekUsageCategory: String, Sendable, Equatable {
+    case promptCacheHitToken = "PROMPT_CACHE_HIT_TOKEN"
+    case promptCacheMissToken = "PROMPT_CACHE_MISS_TOKEN"
+    case responseToken = "RESPONSE_TOKEN"
+    case request = "REQUEST"
+
+    public init?(rawValue: String) {
+        switch rawValue.uppercased() {
+        case "PROMPT_CACHE_HIT_TOKEN":
+            self = .promptCacheHitToken
+        case "PROMPT_CACHE_MISS_TOKEN":
+            self = .promptCacheMissToken
+        case "RESPONSE_TOKEN":
+            self = .responseToken
+        case "REQUEST":
+            self = .request
+        default:
+            return nil
+        }
+    }
+}
+
+public struct DeepSeekDailyUsage: Sendable, Equatable {
+    public let date: String
+    public let totalTokens: Int
+    public let cost: Double?
+    public let requestCount: Int
+
+    public init(date: String, totalTokens: Int, cost: Double?, requestCount: Int) {
+        self.date = date
+        self.totalTokens = totalTokens
+        self.cost = cost
+        self.requestCount = requestCount
+    }
+}
+
+// MARK: - Parsing
+
+enum DeepSeekUsageCostParser {
+    static func decodeAmountPayload(data: Data) throws -> DeepSeekAmountPayload {
+        try JSONDecoder().decode(DeepSeekAmountPayload.self, from: data)
+    }
+
+    static func decodeCostPayload(data: Data) throws -> DeepSeekCostPayload {
+        try JSONDecoder().decode(DeepSeekCostPayload.self, from: data)
+    }
+
+    static func parse(
+        amountData: Data,
+        costData: Data,
+        now: Date = Date(),
+        calendar: Calendar = .current) throws -> DeepSeekUsageSummary
+    {
+        let amountPayload: DeepSeekAmountPayload
+        let costPayload: DeepSeekCostPayload
+        do {
+            amountPayload = try self.decodeAmountPayload(data: amountData)
+        } catch {
+            throw DeepSeekUsageError.parseFailed("amount: \(error.localizedDescription)")
+        }
+        do {
+            costPayload = try self.decodeCostPayload(data: costData)
+        } catch {
+            throw DeepSeekUsageError.parseFailed("cost: \(error.localizedDescription)")
+        }
+
+        // Validate responses
+        if let code = amountPayload.code, code != 0 {
+            throw DeepSeekUsageError.apiError("amount code \(code)")
+        }
+        if let bizCode = amountPayload.data?.bizCode, bizCode != 0 {
+            throw DeepSeekUsageError.apiError("amount biz_code \(bizCode)")
+        }
+        if let code = costPayload.code, code != 0 {
+            throw DeepSeekUsageError.apiError("cost code \(code)")
+        }
+        if let bizCode = costPayload.data?.bizCode, bizCode != 0 {
+            throw DeepSeekUsageError.apiError("cost biz_code \(bizCode)")
+        }
+
+        guard let amountBizData = amountPayload.data?.bizData else {
+            throw DeepSeekUsageError.parseFailed("Missing amount biz_data")
+        }
+
+        let currency = costPayload.data?.bizData?.first?.currency ?? "CNY"
+
+        // Parse total amounts
+        let totalAmounts = amountBizData.total ?? []
+        let totalCosts = costPayload.data?.bizData?.first?.total ?? []
+
+        // Parse daily data
+        let dailyAmounts = amountBizData.days ?? []
+        let dailyCosts = costPayload.data?.bizData?.first?.days ?? []
+
+        return self.aggregate(input: AggregationInput(
+            totalAmounts: totalAmounts,
+            totalCosts: totalCosts,
+            dailyAmounts: dailyAmounts,
+            dailyCosts: dailyCosts,
+            currency: currency,
+            now: now,
+            calendar: calendar))
+    }
+
+    // MARK: - Aggregation
+
+    private struct AggregationContext {
+        let calendar: Calendar
+        let todayString: String
+        let startOfMonth: Date
+        let now: Date
+        let dailyAmountMap: [String: [String: [DeepSeekUsageItem]]]
+        let dailyCostMap: [String: [String: [DeepSeekCostItem]]]
+        let allDates: Set<String>
+
+        init(
+            dailyAmounts: [DeepSeekDayUsage],
+            dailyCosts: [DeepSeekCostDayUsage],
+            now: Date,
+            calendar: Calendar)
+        {
+            self.calendar = calendar
+            self.now = now
+            self.todayString = Self.dayString(now, calendar: calendar)
+
+            var components = calendar.dateComponents([.year, .month], from: now)
+            components.day = 1
+            self.startOfMonth = calendar.date(from: components) ?? now
+
+            self.dailyAmountMap = Self.buildAmountMap(from: dailyAmounts)
+            self.dailyCostMap = Self.buildCostMap(from: dailyCosts)
+
+            var dates: Set<String> = []
+            for date in self.dailyAmountMap.keys {
+                dates.insert(date)
+            }
+            for date in self.dailyCostMap.keys {
+                dates.insert(date)
+            }
+            self.allDates = dates
+        }
+
+        static func dayString(_ date: Date, calendar: Calendar) -> String {
+            let components = calendar.dateComponents([.year, .month, .day], from: date)
+            guard let year = components.year,
+                  let month = components.month,
+                  let day = components.day
+            else { return "" }
+            return String(format: "%04d-%02d-%02d", year, month, day)
+        }
+
+        static func buildAmountMap(
+            from dailyAmounts: [DeepSeekDayUsage]) -> [String: [String: [DeepSeekUsageItem]]]
+        {
+            var result: [String: [String: [DeepSeekUsageItem]]] = [:]
+            for dayUsage in dailyAmounts {
+                guard let date = dayUsage.date else { continue }
+                var modelMap: [String: [DeepSeekUsageItem]] = [:]
+                for modelUsage in dayUsage.data ?? [] {
+                    guard let model = modelUsage.model else { continue }
+                    let items = modelUsage.usage ?? []
+                    if !items.isEmpty {
+                        modelMap[model] = items
+                    }
+                }
+                if !modelMap.isEmpty {
+                    result[date] = modelMap
+                }
+            }
+            return result
+        }
+
+        static func buildCostMap(
+            from dailyCosts: [DeepSeekCostDayUsage]) -> [String: [String: [DeepSeekCostItem]]]
+        {
+            var result: [String: [String: [DeepSeekCostItem]]] = [:]
+            for dayUsage in dailyCosts {
+                guard let date = dayUsage.date else { continue }
+                var modelMap: [String: [DeepSeekCostItem]] = [:]
+                for modelUsage in dayUsage.data ?? [] {
+                    guard let model = modelUsage.model else { continue }
+                    let items = modelUsage.usage ?? []
+                    if !items.isEmpty {
+                        modelMap[model] = items
+                    }
+                }
+                if !modelMap.isEmpty {
+                    result[date] = modelMap
+                }
+            }
+            return result
+        }
+    }
+
+    private struct AggregationInput {
+        let totalAmounts: [DeepSeekModelUsage]
+        let totalCosts: [DeepSeekCostModelUsage]
+        let dailyAmounts: [DeepSeekDayUsage]
+        let dailyCosts: [DeepSeekCostDayUsage]
+        let currency: String
+        let now: Date
+        let calendar: Calendar
+    }
+
+    private static func aggregate(input: AggregationInput) -> DeepSeekUsageSummary {
+        let ctx = AggregationContext(
+            dailyAmounts: input.dailyAmounts,
+            dailyCosts: input.dailyCosts,
+            now: input.now,
+            calendar: input.calendar)
+
+        // Today aggregation
+        let todayResult = self.aggregateDay(
+            dateString: ctx.todayString,
+            amountMap: ctx.dailyAmountMap,
+            costMap: ctx.dailyCostMap,
+            calendar: ctx.calendar)
+
+        // Month aggregation
+        let dailyCtx = DailyAggregationContext(
+            allDates: ctx.allDates,
+            startOfMonth: ctx.startOfMonth,
+            now: ctx.now,
+            amountMap: ctx.dailyAmountMap,
+            costMap: ctx.dailyCostMap,
+            calendar: ctx.calendar)
+        let monthResult = self.aggregateMonth(ctx: dailyCtx)
+
+        // Model and category breakdown from totals
+        let (topModel, categoryBreakdown) = self.buildBreakdowns(
+            totalAmounts: input.totalAmounts,
+            totalCosts: input.totalCosts)
+
+        // Daily usage array
+        let dailyUsages = self.buildDailyUsages(ctx: dailyCtx)
+
+        return DeepSeekUsageSummary(
+            todayTokens: todayResult.tokens,
+            currentMonthTokens: monthResult.tokens,
+            todayCost: todayResult.cost,
+            currentMonthCost: monthResult.cost,
+            requestCount: todayResult.requests,
+            currentMonthRequestCount: monthResult.requests,
+            topModel: topModel,
+            categoryBreakdown: categoryBreakdown,
+            daily: dailyUsages,
+            currency: input.currency,
+            updatedAt: input.now)
+    }
+
+    private struct DayAggregationResult {
+        let tokens: Int
+        let cost: Double?
+        let requests: Int
+    }
+
+    private struct DailyAggregationContext {
+        let allDates: Set<String>
+        let startOfMonth: Date
+        let now: Date
+        let amountMap: [String: [String: [DeepSeekUsageItem]]]
+        let costMap: [String: [String: [DeepSeekCostItem]]]
+        let calendar: Calendar
+    }
+
+    private static func aggregateDay(
+        dateString: String,
+        amountMap: [String: [String: [DeepSeekUsageItem]]],
+        costMap: [String: [String: [DeepSeekCostItem]]],
+        calendar: Calendar) -> DayAggregationResult
+    {
+        var tokens = 0
+        var cost: Double?
+        var requests = 0
+
+        if let amounts = amountMap[dateString] {
+            for items in amounts.values {
+                for item in items {
+                    guard let category = DeepSeekUsageCategory(rawValue: item.type ?? "") else { continue }
+                    if category == .request {
+                        requests += self.parseTokenAmount(item.amount)
+                    } else {
+                        tokens += self.parseTokenAmount(item.amount)
+                    }
+                }
+            }
+        }
+
+        if let costs = costMap[dateString] {
+            for items in costs.values {
+                for item in items {
+                    guard let category = DeepSeekUsageCategory(rawValue: item.type ?? "") else { continue }
+                    if category != .request {
+                        let amount = Self.parseCostAmount(item.amount)
+                        if let existing = cost {
+                            cost = existing + amount
+                        } else {
+                            cost = amount
+                        }
+                    }
+                }
+            }
+        }
+
+        return DayAggregationResult(tokens: tokens, cost: cost, requests: requests)
+    }
+
+    private static func aggregateMonth(ctx: DailyAggregationContext) -> DayAggregationResult {
+        var tokens = 0
+        var cost: Double?
+        var requests = 0
+
+        for date in ctx.allDates {
+            guard let parsed = self.parseDate(date, calendar: ctx.calendar),
+                  parsed >= ctx.startOfMonth,
+                  parsed <= ctx.now
+            else { continue }
+
+            if let amounts = ctx.amountMap[date] {
+                for items in amounts.values {
+                    for item in items {
+                        guard let category = DeepSeekUsageCategory(rawValue: item.type ?? "") else { continue }
+                        if category == .request {
+                            requests += Self.parseTokenAmount(item.amount)
+                        } else {
+                            tokens += Self.parseTokenAmount(item.amount)
+                        }
+                    }
+                }
+            }
+
+            if let costs = ctx.costMap[date] {
+                for items in costs.values {
+                    for item in items {
+                        guard let category = DeepSeekUsageCategory(rawValue: item.type ?? "") else { continue }
+                        if category != .request {
+                            let amount = Self.parseCostAmount(item.amount)
+                            if let existing = cost {
+                                cost = existing + amount
+                            } else {
+                                cost = amount
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        return DayAggregationResult(tokens: tokens, cost: cost, requests: requests)
+    }
+
+    private static func buildBreakdowns(
+        totalAmounts: [DeepSeekModelUsage],
+        totalCosts: [DeepSeekCostModelUsage]) -> (String?, [DeepSeekCategoryBreakdown])
+    {
+        var modelTokens: [String: Int] = [:]
+        var categoryTokens: [DeepSeekUsageCategory: Int] = [:]
+        var categoryCosts: [DeepSeekUsageCategory: Double] = [:]
+
+        for modelUsage in totalAmounts {
+            guard let model = modelUsage.model else { continue }
+            var total = 0
+            for item in modelUsage.usage ?? [] {
+                guard let category = DeepSeekUsageCategory(rawValue: item.type ?? "") else { continue }
+                if category != .request {
+                    let amount = Self.parseTokenAmount(item.amount)
+                    total += amount
+                    categoryTokens[category, default: 0] += amount
+                }
+            }
+            modelTokens[model] = total
+        }
+
+        for costUsage in totalCosts {
+            guard costUsage.model != nil else { continue }
+            for item in costUsage.usage ?? [] {
+                guard let category = DeepSeekUsageCategory(rawValue: item.type ?? "") else { continue }
+                if category != .request {
+                    let amount = Self.parseCostAmount(item.amount)
+                    categoryCosts[category, default: 0] += amount
+                }
+            }
+        }
+
+        let topModel = modelTokens.max {
+            if $0.value == $1.value { return $0.key > $1.key }
+            return $0.value < $1.value
+        }?.key
+
+        var breakdown: [DeepSeekCategoryBreakdown] = []
+        for category in [DeepSeekUsageCategory.promptCacheHitToken, .promptCacheMissToken, .responseToken] {
+            breakdown.append(DeepSeekCategoryBreakdown(
+                category: category,
+                tokens: categoryTokens[category] ?? 0,
+                cost: categoryCosts[category]))
+        }
+
+        return (topModel, breakdown)
+    }
+
+    private static func buildDailyUsages(ctx: DailyAggregationContext) -> [DeepSeekDailyUsage] {
+        var result: [DeepSeekDailyUsage] = []
+
+        for date in ctx.allDates.sorted() {
+            guard let parsed = self.parseDate(date, calendar: ctx.calendar),
+                  parsed >= ctx.startOfMonth,
+                  parsed <= ctx.now
+            else { continue }
+
+            var dayTokens = 0
+            var dayCost: Double?
+            var dayRequests = 0
+
+            if let amounts = ctx.amountMap[date] {
+                for items in amounts.values {
+                    for item in items {
+                        guard let category = DeepSeekUsageCategory(rawValue: item.type ?? "") else { continue }
+                        if category == .request {
+                            dayRequests += Self.parseTokenAmount(item.amount)
+                        } else {
+                            dayTokens += Self.parseTokenAmount(item.amount)
+                        }
+                    }
+                }
+            }
+
+            if let costs = ctx.costMap[date] {
+                for items in costs.values {
+                    for item in items {
+                        guard let category = DeepSeekUsageCategory(rawValue: item.type ?? "") else { continue }
+                        if category != .request {
+                            let amount = Self.parseCostAmount(item.amount)
+                            if let existing = dayCost {
+                                dayCost = existing + amount
+                            } else {
+                                dayCost = amount
+                            }
+                        }
+                    }
+                }
+            }
+
+            result.append(DeepSeekDailyUsage(
+                date: date,
+                totalTokens: dayTokens,
+                cost: dayCost,
+                requestCount: dayRequests))
+        }
+
+        return result
+    }
+
+    // MARK: - Helpers
+
+    private static func parseTokenAmount(_ value: String?) -> Int {
+        guard let value, let intValue = Int64(value.trimmingCharacters(in: .whitespacesAndNewlines)) else {
+            return 0
+        }
+        return Int(intValue)
+    }
+
+    private static func parseCostAmount(_ value: String?) -> Double {
+        guard let value else { return 0 }
+        let trimmed = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return Double(trimmed) ?? 0
+    }
+
+    private static func parseDate(_ text: String, calendar: Calendar) -> Date? {
+        let trimmed = text.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return nil }
+        let formatter = DateFormatter()
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        formatter.calendar = calendar
+        formatter.timeZone = calendar.timeZone
+        formatter.dateFormat = "yyyy-MM-dd"
+        return formatter.date(from: trimmed)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/DeepSeek/DeepSeekUsageFetcher.swift b/Sources/CodexBarCore/Providers/DeepSeek/DeepSeekUsageFetcher.swift
new file mode 100644
index 000000000..0cc960409
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/DeepSeek/DeepSeekUsageFetcher.swift
@@ -0,0 +1,443 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+// MARK: - API response types
+
+public struct DeepSeekBalanceResponse: Decodable, Sendable {
+    public let isAvailable: Bool
+    public let balanceInfos: [DeepSeekBalanceInfo]
+
+    enum CodingKeys: String, CodingKey {
+        case isAvailable = "is_available"
+        case balanceInfos = "balance_infos"
+    }
+}
+
+public struct DeepSeekBalanceInfo: Decodable, Sendable {
+    public let currency: String
+    public let totalBalance: String
+    public let grantedBalance: String
+    public let toppedUpBalance: String
+
+    enum CodingKeys: String, CodingKey {
+        case currency
+        case totalBalance = "total_balance"
+        case grantedBalance = "granted_balance"
+        case toppedUpBalance = "topped_up_balance"
+    }
+}
+
+// MARK: - Domain snapshot
+
+public struct DeepSeekUsageSnapshot: Sendable {
+    public let isAvailable: Bool
+    public let currency: String
+    public let totalBalance: Double
+    public let grantedBalance: Double
+    public let toppedUpBalance: Double
+    public let usageSummary: DeepSeekUsageSummary?
+    public let updatedAt: Date
+
+    public init(
+        isAvailable: Bool,
+        currency: String,
+        totalBalance: Double,
+        grantedBalance: Double,
+        toppedUpBalance: Double,
+        usageSummary: DeepSeekUsageSummary? = nil,
+        updatedAt: Date)
+    {
+        self.isAvailable = isAvailable
+        self.currency = currency
+        self.totalBalance = totalBalance
+        self.grantedBalance = grantedBalance
+        self.toppedUpBalance = toppedUpBalance
+        self.usageSummary = usageSummary
+        self.updatedAt = updatedAt
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let symbol = self.currency == "CNY" ? "¥" : "$"
+
+        let balanceDetail: String
+        let usedPercent: Double
+        if self.totalBalance <= 0 {
+            balanceDetail = "\(symbol)0.00 — add credits at platform.deepseek.com"
+            usedPercent = 100
+        } else if !self.isAvailable {
+            balanceDetail = "Balance unavailable for API calls"
+            usedPercent = 100
+        } else {
+            let total = String(format: "\(symbol)%.2f", self.totalBalance)
+            let paid = String(format: "\(symbol)%.2f", self.toppedUpBalance)
+            let granted = String(format: "\(symbol)%.2f", self.grantedBalance)
+            balanceDetail = "\(total) (Paid: \(paid) / Granted: \(granted))"
+            usedPercent = 0
+        }
+
+        let identity = ProviderIdentitySnapshot(
+            providerID: .deepseek,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: nil)
+        let balanceWindow = RateWindow(
+            usedPercent: usedPercent,
+            windowMinutes: nil,
+            resetsAt: nil,
+            resetDescription: balanceDetail)
+
+        return UsageSnapshot(
+            primary: balanceWindow,
+            secondary: nil,
+            tertiary: nil,
+            providerCost: nil,
+            deepseekUsage: self.usageSummary,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+}
+
+// MARK: - Errors
+
+public enum DeepSeekUsageError: LocalizedError, Sendable {
+    case missingCredentials
+    case networkError(String)
+    case apiError(String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCredentials:
+            "Missing DeepSeek API key."
+        case let .networkError(message):
+            "DeepSeek network error: \(message)"
+        case let .apiError(message):
+            "DeepSeek API error: \(message)"
+        case let .parseFailed(message):
+            "Failed to parse DeepSeek response: \(message)"
+        }
+    }
+}
+
+// MARK: - Fetcher
+
+public struct DeepSeekUsageFetcher: Sendable {
+    private static let log = CodexBarLog.logger(LogCategories.deepSeekUsage)
+    private static let balanceURL = URL(string: "https://api.deepseek.com/user/balance")!
+    private static let usageAmountURL = URL(string: "https://platform.deepseek.com/api/v0/usage/amount")!
+    private static let usageCostURL = URL(string: "https://platform.deepseek.com/api/v0/usage/cost")!
+    private static let timeoutSeconds: TimeInterval = 15
+    private static let optionalSummaryJoinGrace: Duration = .seconds(2)
+    private static var apiCalendar: Calendar {
+        var calendar = Calendar(identifier: .gregorian)
+        calendar.locale = Locale(identifier: "en_US_POSIX")
+        calendar.timeZone = TimeZone(secondsFromGMT: 0) ?? .gmt
+        return calendar
+    }
+
+    public static func fetchUsage(
+        apiKey: String,
+        includeOptionalUsage: Bool = true) async throws -> DeepSeekUsageSnapshot
+    {
+        try await self.fetchUsage(
+            apiKey: apiKey,
+            includeOptionalUsage: includeOptionalUsage,
+            optionalSummaryJoinGrace: self.optionalSummaryJoinGrace,
+            fetchBalanceData: { key in
+                try await self.fetchBalanceData(apiKey: key)
+            },
+            fetchSummary: { key in
+                try await self.fetchUsageSummary(apiKey: key)
+            })
+    }
+
+    static func _fetchUsageForTesting(
+        apiKey: String,
+        includeOptionalUsage: Bool,
+        optionalSummaryJoinGrace: Duration = .zero,
+        fetchBalanceData: @escaping @Sendable (String) async throws -> Data,
+        fetchSummary: @escaping @Sendable (String) async throws -> DeepSeekUsageSummary)
+        async throws -> DeepSeekUsageSnapshot
+    {
+        try await self.fetchUsage(
+            apiKey: apiKey,
+            includeOptionalUsage: includeOptionalUsage,
+            optionalSummaryJoinGrace: optionalSummaryJoinGrace,
+            fetchBalanceData: fetchBalanceData,
+            fetchSummary: fetchSummary)
+    }
+
+    private static func fetchUsage(
+        apiKey: String,
+        includeOptionalUsage: Bool,
+        optionalSummaryJoinGrace: Duration,
+        fetchBalanceData: @escaping @Sendable (String) async throws -> Data,
+        fetchSummary: @escaping @Sendable (String) async throws -> DeepSeekUsageSummary)
+        async throws -> DeepSeekUsageSnapshot
+    {
+        guard !apiKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty else {
+            throw DeepSeekUsageError.missingCredentials
+        }
+
+        let summaryTask: Task<DeepSeekUsageSummary, Error>? = if includeOptionalUsage {
+            Task {
+                try await fetchSummary(apiKey)
+            }
+        } else {
+            nil
+        }
+
+        let balanceData: Data
+        do {
+            balanceData = try await fetchBalanceData(apiKey)
+        } catch {
+            summaryTask?.cancel()
+            throw error
+        }
+        var snapshot: DeepSeekUsageSnapshot
+        do {
+            snapshot = try Self.parseSnapshot(data: balanceData)
+        } catch {
+            summaryTask?.cancel()
+            throw error
+        }
+
+        if let summaryTask {
+            let summary = try await self.completedOptionalUsageSummary(
+                from: summaryTask,
+                joinGrace: optionalSummaryJoinGrace)
+            if let summary {
+                snapshot = DeepSeekUsageSnapshot(
+                    isAvailable: snapshot.isAvailable,
+                    currency: snapshot.currency,
+                    totalBalance: snapshot.totalBalance,
+                    grantedBalance: snapshot.grantedBalance,
+                    toppedUpBalance: snapshot.toppedUpBalance,
+                    usageSummary: summary,
+                    updatedAt: snapshot.updatedAt)
+            }
+        }
+
+        return snapshot
+    }
+
+    private static func fetchBalanceData(apiKey: String) async throws -> Data {
+        var request = URLRequest(url: self.balanceURL)
+        request.httpMethod = "GET"
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.timeoutInterval = Self.timeoutSeconds
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
+            Self.log.error("DeepSeek balance endpoint returned HTTP \(response.statusCode)")
+            throw DeepSeekUsageError.apiError("HTTP \(response.statusCode)")
+        }
+
+        return data
+    }
+
+    private static func completedOptionalUsageSummary(
+        from task: Task<DeepSeekUsageSummary, Error>,
+        joinGrace: Duration) async throws -> DeepSeekUsageSummary?
+    {
+        try await withTaskCancellationHandler {
+            do {
+                return try await withThrowingTaskGroup(of: DeepSeekUsageSummary?.self) { group in
+                    group.addTask {
+                        try await task.value
+                    }
+                    group.addTask {
+                        if joinGrace > .zero {
+                            try await Task.sleep(for: joinGrace)
+                        }
+                        return nil
+                    }
+
+                    let result = try await group.next().flatMap(\.self)
+                    if result == nil {
+                        task.cancel()
+                    }
+                    group.cancelAll()
+                    return result
+                }
+            } catch {
+                task.cancel()
+                if Task.isCancelled {
+                    throw error
+                }
+                return nil
+            }
+        } onCancel: {
+            task.cancel()
+        }
+    }
+
+    static func _parseSnapshotForTesting(_ data: Data) throws -> DeepSeekUsageSnapshot {
+        try self.parseSnapshot(data: data)
+    }
+
+    public static func fetchUsageSummary(
+        apiKey: String,
+        now: Date = Date(),
+        calendar: Calendar? = nil) async throws -> DeepSeekUsageSummary
+    {
+        let calendar = calendar ?? self.apiCalendar
+        let period = try self.usagePeriod(now: now, calendar: calendar)
+
+        let amountData = try await self.fetchAmount(apiKey: apiKey, month: period.month, year: period.year)
+        let costData = try await self.fetchCost(apiKey: apiKey, month: period.month, year: period.year)
+
+        return try DeepSeekUsageCostParser.parse(
+            amountData: amountData,
+            costData: costData,
+            now: now,
+            calendar: calendar)
+    }
+
+    static func _apiUsagePeriodForTesting(now: Date, calendar: Calendar? = nil) throws -> (month: Int, year: Int) {
+        try self.usagePeriod(now: now, calendar: calendar ?? self.apiCalendar)
+    }
+
+    private static func usagePeriod(now: Date, calendar: Calendar) throws -> (month: Int, year: Int) {
+        let monthComponents = calendar.dateComponents([.month, .year], from: now)
+        guard let month = monthComponents.month, let year = monthComponents.year else {
+            throw DeepSeekUsageError.parseFailed("Could not determine current month/year")
+        }
+        return (month: month, year: year)
+    }
+
+    private static func fetchAmount(apiKey: String, month: Int, year: Int) async throws -> Data {
+        guard var components = URLComponents(url: self.usageAmountURL, resolvingAgainstBaseURL: false) else {
+            throw DeepSeekUsageError.networkError("Invalid URL")
+        }
+        components.queryItems = [
+            URLQueryItem(name: "month", value: String(month)),
+            URLQueryItem(name: "year", value: String(year)),
+        ]
+        guard let url = components.url else {
+            throw DeepSeekUsageError.networkError("Could not construct URL")
+        }
+
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.timeoutInterval = Self.timeoutSeconds
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
+            if response.statusCode == 401 || response.statusCode == 403 {
+                throw DeepSeekUsageError.missingCredentials
+            }
+            throw DeepSeekUsageError.apiError("HTTP \(response.statusCode)")
+        }
+
+        return data
+    }
+
+    private static func fetchCost(apiKey: String, month: Int, year: Int) async throws -> Data {
+        guard var components = URLComponents(url: self.usageCostURL, resolvingAgainstBaseURL: false) else {
+            throw DeepSeekUsageError.networkError("Invalid URL")
+        }
+        components.queryItems = [
+            URLQueryItem(name: "month", value: String(month)),
+            URLQueryItem(name: "year", value: String(year)),
+        ]
+        guard let url = components.url else {
+            throw DeepSeekUsageError.networkError("Could not construct URL")
+        }
+
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.timeoutInterval = Self.timeoutSeconds
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
+            if response.statusCode == 401 || response.statusCode == 403 {
+                throw DeepSeekUsageError.missingCredentials
+            }
+            throw DeepSeekUsageError.apiError("HTTP \(response.statusCode)")
+        }
+
+        return data
+    }
+
+    static func _parseUsageSummaryForTesting(
+        amountData: Data,
+        costData: Data,
+        now: Date = Date(),
+        calendar: Calendar = .current) throws -> DeepSeekUsageSummary
+    {
+        try DeepSeekUsageCostParser.parse(
+            amountData: amountData,
+            costData: costData,
+            now: now,
+            calendar: calendar)
+    }
+
+    private static func parseSnapshot(data: Data) throws -> DeepSeekUsageSnapshot {
+        let decoded: DeepSeekBalanceResponse
+        do {
+            decoded = try JSONDecoder().decode(DeepSeekBalanceResponse.self, from: data)
+        } catch {
+            throw DeepSeekUsageError.parseFailed(error.localizedDescription)
+        }
+
+        let balances = try decoded.balanceInfos.map(Self.parseBalanceInfo)
+        guard !balances.isEmpty else {
+            return DeepSeekUsageSnapshot(
+                isAvailable: false,
+                currency: "USD",
+                totalBalance: 0,
+                grantedBalance: 0,
+                toppedUpBalance: 0,
+                updatedAt: Date())
+        }
+
+        // Prefer USD when it is funded, but do not hide a positive CNY balance behind
+        // an empty USD row returned by the API.
+        let selected = balances.first { $0.currency == "USD" && $0.totalBalance > 0 }
+            ?? balances.first { $0.totalBalance > 0 }
+            ?? balances.first { $0.currency == "USD" }
+            ?? balances[0]
+
+        return DeepSeekUsageSnapshot(
+            isAvailable: decoded.isAvailable,
+            currency: selected.currency,
+            totalBalance: selected.totalBalance,
+            grantedBalance: selected.grantedBalance,
+            toppedUpBalance: selected.toppedUpBalance,
+            updatedAt: Date())
+    }
+
+    private struct ParsedBalanceInfo {
+        let currency: String
+        let totalBalance: Double
+        let grantedBalance: Double
+        let toppedUpBalance: Double
+    }
+
+    private static func parseBalanceInfo(_ info: DeepSeekBalanceInfo) throws -> ParsedBalanceInfo {
+        guard
+            let total = Double(info.totalBalance),
+            let granted = Double(info.grantedBalance),
+            let toppedUp = Double(info.toppedUpBalance)
+        else {
+            throw DeepSeekUsageError.parseFailed("Non-numeric balance value in response.")
+        }
+
+        return ParsedBalanceInfo(
+            currency: info.currency,
+            totalBalance: total,
+            grantedBalance: granted,
+            toppedUpBalance: toppedUp)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Deepgram/DeepgramProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Deepgram/DeepgramProviderDescriptor.swift
new file mode 100644
index 000000000..8490e177b
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Deepgram/DeepgramProviderDescriptor.swift
@@ -0,0 +1,103 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum DeepgramProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .deepgram,
+            metadata: ProviderMetadata(
+                id: .deepgram,
+                displayName: "Deepgram",
+                sessionLabel: "Requests",
+                weeklyLabel: "Usage",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "Usage summary from Deepgram API",
+                toggleTitle: "Show Deepgram usage",
+                cliName: "deepgram",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: nil,
+                dashboardURL: "https://console.deepgram.com/project/",
+                statusPageURL: nil,
+                statusLinkURL: "https://status.deepgram.com"),
+            branding: ProviderBranding(
+                iconStyle: .deepgram,
+                iconResourceName: "ProviderIcon-deepgram",
+                color: ProviderColor(
+                    red: 100 / 255,
+                    green: 103 / 255,
+                    blue: 242 / 255)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: {
+                    "Deepgram cost summary is not yet supported."
+                }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .api],
+                pipeline: ProviderFetchPipeline(
+                    resolveStrategies: { _ in
+                        [DeepgramAPIFetchStrategy()]
+                    })),
+            cli: ProviderCLIConfig(
+                name: "deepgram",
+                aliases: ["dg"],
+                versionDetector: nil))
+    }
+}
+
+struct DeepgramAPIFetchStrategy: ProviderFetchStrategy {
+    let id: String = "deepgram.api"
+    let kind: ProviderFetchKind = .apiToken
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        Self.resolveAPIKey(context) != nil
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard let apiKey = Self.resolveAPIKey(context) else {
+            throw DeepgramSettingsError.missingToken
+        }
+
+        let usage = try await DeepgramUsageFetcher.fetchUsage(
+            apiKey: apiKey,
+            projectID: Self.resolveProjectID(context),
+            environment: context.env)
+
+        return self.makeResult(
+            usage: usage.toUsageSnapshot(),
+            sourceLabel: "api")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    private static func resolveAPIKey(_ context: ProviderFetchContext) -> String? {
+        ProviderTokenResolver.deepgramResolution(
+            type: .apiKey,
+            environment: context.env)
+    }
+
+    private static func resolveProjectID(_ context: ProviderFetchContext) -> String? {
+        ProviderTokenResolver.deepgramResolution(
+            type: .projectID,
+            environment: context.env)
+    }
+}
+
+/// Errors related to Deepgram settings
+public enum DeepgramSettingsError: LocalizedError, Sendable {
+    case missingToken
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingToken:
+            "Deepgram API token not configured. Set DEEPGRAM_API_KEY environment variable or configure in Settings."
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Deepgram/DeepgramSettingsReader.swift b/Sources/CodexBarCore/Providers/Deepgram/DeepgramSettingsReader.swift
new file mode 100644
index 000000000..beb86103f
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Deepgram/DeepgramSettingsReader.swift
@@ -0,0 +1,33 @@
+import Foundation
+
+public struct DeepgramSettingsReader: Sendable {
+    public static let apiKeyEnvironmentKey = "DEEPGRAM_API_KEY"
+    public static let projectIDEnvironmentKey = "DEEPGRAM_PROJECT_ID"
+
+    public static func apiKey(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.cleaned(environment[self.apiKeyEnvironmentKey])
+    }
+
+    public static func projectID(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.cleaned(environment[self.projectIDEnvironmentKey])
+    }
+
+    private static func cleaned(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+
+        value = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : value
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Deepgram/DeepgramUsageFetcher.swift b/Sources/CodexBarCore/Providers/Deepgram/DeepgramUsageFetcher.swift
new file mode 100644
index 000000000..cd8e713b2
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Deepgram/DeepgramUsageFetcher.swift
@@ -0,0 +1,548 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public enum DeepgramUsageError: LocalizedError, Sendable {
+    case missingAPIKey
+    case invalidCredentials
+    case invalidProjectID
+    case forbidden(String)
+    case networkError(String)
+    case apiError(String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingAPIKey:
+            "Missing Deepgram API key. Set apiKey in ~/.codexbar/config.json or DEEPGRAM_API_KEY."
+        case .invalidCredentials:
+            "Deepgram API key is invalid or expired."
+        case .invalidProjectID:
+            "Deepgram project ID is invalid or no projects were returned for this API key."
+        case let .forbidden(message):
+            "Deepgram rejected access: \(message)"
+        case let .networkError(message):
+            "Deepgram network error: \(message)"
+        case let .apiError(message):
+            "Deepgram API error: \(message)"
+        case let .parseFailed(message):
+            "Deepgram parse error: \(message)"
+        }
+    }
+}
+
+// MARK: - API Responses
+
+public struct DeepgramProjectsResponse: Decodable, Sendable {
+    public let projects: [DeepgramProject]
+}
+
+public struct DeepgramProject: Decodable, Sendable, Equatable {
+    public let projectID: String
+    public let name: String?
+
+    private enum CodingKeys: String, CodingKey {
+        case projectID = "project_id"
+        case name
+    }
+
+    public init(projectID: String, name: String? = nil) {
+        self.projectID = projectID
+        self.name = name
+    }
+}
+
+public struct DeepgramUsageResponse: Decodable, Sendable {
+    public let start: String?
+    public let end: String?
+    public let resolution: DeepgramUsageResolution?
+    public let results: [DeepgramUsageResult]
+}
+
+public struct DeepgramUsageResolution: Decodable, Sendable {
+    public let units: String?
+    public let amount: Int?
+}
+
+public struct DeepgramUsageResult: Codable, Sendable {
+    public let start: String?
+    public let end: String?
+    public let hours: Double?
+    public let totalHours: Double?
+    public let agentHours: Double?
+    public let tokensIn: Int?
+    public let tokensOut: Int?
+    public let ttsCharacters: Int?
+    public let requests: Int?
+
+    private enum CodingKeys: String, CodingKey {
+        case start
+        case end
+        case hours
+        case totalHours = "total_hours"
+        case agentHours = "agent_hours"
+        case tokensIn = "tokens_in"
+        case tokensOut = "tokens_out"
+        case ttsCharacters = "tts_characters"
+        case requests
+    }
+}
+
+// MARK: - Query
+
+public struct DeepgramUsageQuery: Sendable {
+    public var start: String?
+    public var end: String?
+
+    public init(
+        start: String? = nil,
+        end: String? = nil)
+    {
+        self.start = start
+        self.end = end
+    }
+
+    public func queryItems() -> [URLQueryItem] {
+        var items: [URLQueryItem] = []
+
+        func add(_ name: String, _ value: String?) {
+            guard let value = value?.trimmingCharacters(in: .whitespacesAndNewlines),
+                  !value.isEmpty
+            else {
+                return
+            }
+            items.append(URLQueryItem(name: name, value: value))
+        }
+
+        add("start", self.start)
+        add("end", self.end)
+
+        return items
+    }
+}
+
+// MARK: - Snapshot
+
+public struct DeepgramUsageSnapshot: Codable, Sendable {
+    public let projectID: String
+    public let projectName: String?
+    public let projectCount: Int
+    public let start: String?
+    public let end: String?
+    public let hours: Double
+    public let totalHours: Double
+    public let agentHours: Double
+    public let tokensIn: Int
+    public let tokensOut: Int
+    public let ttsCharacters: Int
+    public let requests: Int
+    public let updatedAt: Date
+
+    public init(
+        projectID: String,
+        projectName: String? = nil,
+        projectCount: Int = 1,
+        start: String?,
+        end: String?,
+        hours: Double,
+        totalHours: Double,
+        agentHours: Double = 0,
+        tokensIn: Int = 0,
+        tokensOut: Int = 0,
+        ttsCharacters: Int = 0,
+        requests: Int,
+        updatedAt: Date)
+    {
+        self.projectID = projectID
+        self.projectName = projectName
+        self.projectCount = projectCount
+        self.start = start
+        self.end = end
+        self.hours = hours
+        self.totalHours = totalHours
+        self.agentHours = agentHours
+        self.tokensIn = tokensIn
+        self.tokensOut = tokensOut
+        self.ttsCharacters = ttsCharacters
+        self.requests = requests
+        self.updatedAt = updatedAt
+    }
+}
+
+extension DeepgramUsageSnapshot {
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let identity = ProviderIdentitySnapshot(
+            providerID: .deepgram,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: self.identityLabel)
+
+        return UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            tertiary: nil,
+            providerCost: nil,
+            deepgramUsage: self,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+
+    public var displayLines: [String] {
+        var lines: [String] = []
+        lines.append("Requests: \(Self.formatInteger(self.requests))")
+
+        var usageParts: [String] = []
+        if self.hours > 0 {
+            usageParts.append("\(Self.formatDecimal(self.hours)) audio hours")
+        }
+        if self.totalHours > 0 {
+            usageParts.append("\(Self.formatDecimal(self.totalHours)) billable hours")
+        }
+        if !usageParts.isEmpty {
+            lines.append(usageParts.joined(separator: " · "))
+        }
+
+        var modelParts: [String] = []
+        if self.agentHours > 0 {
+            modelParts.append("\(Self.formatDecimal(self.agentHours)) agent hours")
+        }
+        if self.tokensIn > 0 || self.tokensOut > 0 {
+            modelParts.append("\(Self.formatInteger(self.tokensIn + self.tokensOut)) tokens")
+        }
+        if self.ttsCharacters > 0 {
+            modelParts.append("\(Self.formatInteger(self.ttsCharacters)) TTS chars")
+        }
+        if !modelParts.isEmpty {
+            lines.append(modelParts.joined(separator: " · "))
+        }
+
+        if let start, let end {
+            lines.append("Period: \(start) to \(end)")
+        }
+
+        return lines
+    }
+
+    private var identityLabel: String? {
+        if self.projectCount > 1 {
+            return "\(self.projectCount) projects"
+        }
+        if let projectName = self.projectName?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !projectName.isEmpty
+        {
+            return "Project: \(projectName)"
+        }
+        return "Project: \(self.projectID)"
+    }
+
+    fileprivate static func aggregate(
+        _ snapshots: [DeepgramUsageSnapshot],
+        updatedAt: Date) throws -> DeepgramUsageSnapshot
+    {
+        guard let first = snapshots.first else {
+            throw DeepgramUsageError.invalidProjectID
+        }
+        if snapshots.count == 1 { return first }
+        return DeepgramUsageSnapshot(
+            projectID: "all",
+            projectName: nil,
+            projectCount: snapshots.count,
+            start: snapshots.compactMap(\.start).min(),
+            end: snapshots.compactMap(\.end).max(),
+            hours: snapshots.reduce(0) { $0 + $1.hours },
+            totalHours: snapshots.reduce(0) { $0 + $1.totalHours },
+            agentHours: snapshots.reduce(0) { $0 + $1.agentHours },
+            tokensIn: snapshots.reduce(0) { $0 + $1.tokensIn },
+            tokensOut: snapshots.reduce(0) { $0 + $1.tokensOut },
+            ttsCharacters: snapshots.reduce(0) { $0 + $1.ttsCharacters },
+            requests: snapshots.reduce(0) { $0 + $1.requests },
+            updatedAt: updatedAt)
+    }
+
+    private static func formatInteger(_ value: Int) -> String {
+        let formatter = NumberFormatter()
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        formatter.numberStyle = .decimal
+        formatter.usesGroupingSeparator = true
+        formatter.groupingSeparator = ","
+        formatter.maximumFractionDigits = 0
+        return formatter.string(from: NSNumber(value: value)) ?? "\(value)"
+    }
+
+    private static func formatDecimal(_ value: Double) -> String {
+        let formatter = NumberFormatter()
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        formatter.numberStyle = .decimal
+        formatter.usesGroupingSeparator = true
+        formatter.groupingSeparator = ","
+        formatter.minimumFractionDigits = value == floor(value) ? 0 : 1
+        formatter.maximumFractionDigits = 1
+        return formatter.string(from: NSNumber(value: value)) ?? String(format: "%.1f", value)
+    }
+}
+
+// MARK: - Fetcher
+
+public struct DeepgramUsageFetcher: Sendable {
+    private static let log = CodexBarLog.logger(LogCategories.deepgramUsage)
+    private static let defaultBaseURL = URL(string: "https://api.deepgram.com/v1")!
+
+    private struct FetchContext {
+        let apiKey: String
+        let query: DeepgramUsageQuery
+        let timeout: TimeInterval
+        let environment: [String: String]
+        let transport: ProviderHTTPTransport
+        let updatedAt: Date
+    }
+
+    public static func fetchUsage(
+        apiKey: String,
+        projectID: String? = nil,
+        query: DeepgramUsageQuery = DeepgramUsageQuery(),
+        timeout: TimeInterval = 15,
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        transport: ProviderHTTPTransport = ProviderHTTPClient.shared) async throws -> DeepgramUsageSnapshot
+    {
+        let cleanedAPIKey = apiKey.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !cleanedAPIKey.isEmpty else {
+            throw DeepgramUsageError.missingAPIKey
+        }
+
+        let updatedAt = Date()
+        let context = FetchContext(
+            apiKey: cleanedAPIKey,
+            query: query,
+            timeout: timeout,
+            environment: environment,
+            transport: transport,
+            updatedAt: updatedAt)
+
+        if let cleanedProjectID = self.cleaned(projectID) {
+            return try await self.fetchUsage(
+                project: DeepgramProject(projectID: cleanedProjectID),
+                context: context)
+        }
+
+        let projects = try await self.listProjects(
+            apiKey: cleanedAPIKey,
+            timeout: timeout,
+            environment: environment,
+            transport: transport)
+        guard !projects.isEmpty else {
+            throw DeepgramUsageError.invalidProjectID
+        }
+
+        var snapshots: [DeepgramUsageSnapshot] = []
+        snapshots.reserveCapacity(projects.count)
+        for project in projects {
+            let snapshot = try await self.fetchUsage(
+                project: project,
+                context: context)
+            snapshots.append(snapshot)
+        }
+        return try DeepgramUsageSnapshot.aggregate(snapshots, updatedAt: updatedAt)
+    }
+
+    static func _parseSnapshotForTesting(
+        _ data: Data,
+        projectID: String = "project-test",
+        projectName: String? = nil,
+        updatedAt: Date = Date()) throws -> DeepgramUsageSnapshot
+    {
+        try self.parseUsage(
+            data: data,
+            project: DeepgramProject(projectID: projectID, name: projectName),
+            updatedAt: updatedAt)
+    }
+
+    private static func listProjects(
+        apiKey: String,
+        timeout: TimeInterval,
+        environment: [String: String],
+        transport: ProviderHTTPTransport) async throws -> [DeepgramProject]
+    {
+        let url = self.apiURL(environment: environment).appendingPathComponent("projects")
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.timeoutInterval = timeout
+        request.setValue("Token \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+
+        let response = try await self.perform(request: request, transport: transport)
+        do {
+            return try JSONDecoder().decode(DeepgramProjectsResponse.self, from: response.data).projects
+        } catch {
+            Self.log.error("Deepgram projects decode failed: \(error.localizedDescription)")
+            throw DeepgramUsageError.parseFailed(error.localizedDescription)
+        }
+    }
+
+    private static func fetchUsage(
+        project: DeepgramProject,
+        context: FetchContext) async throws -> DeepgramUsageSnapshot
+    {
+        let url = try self.usageURL(
+            projectID: project.projectID,
+            query: context.query,
+            environment: context.environment)
+
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.timeoutInterval = context.timeout
+        request.setValue("Token \(context.apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+
+        let response = try await self.perform(request: request, transport: context.transport)
+        return try self.parseUsage(data: response.data, project: project, updatedAt: context.updatedAt)
+    }
+
+    private static func perform(
+        request: URLRequest,
+        transport: ProviderHTTPTransport) async throws -> ProviderHTTPResponse
+    {
+        let response: ProviderHTTPResponse
+        do {
+            response = try await transport.response(for: request)
+        } catch {
+            throw DeepgramUsageError.networkError(error.localizedDescription)
+        }
+
+        guard response.statusCode == 200 else {
+            let summary = self.responseSummary(response.data)
+            Self.log.error("Deepgram returned HTTP \(response.statusCode): \(summary)")
+
+            switch response.statusCode {
+            case 401:
+                throw DeepgramUsageError.invalidCredentials
+            case 403:
+                throw DeepgramUsageError.forbidden(
+                    "The API key may not have access to the project or the Management API. HTTP 403: \(summary)")
+            case 400:
+                throw DeepgramUsageError.apiError("Bad request. HTTP 400: \(summary)")
+            default:
+                throw DeepgramUsageError.apiError("HTTP \(response.statusCode): \(summary)")
+            }
+        }
+
+        return response
+    }
+
+    private static func usageURL(
+        projectID: String,
+        query: DeepgramUsageQuery,
+        environment: [String: String]) throws -> URL
+    {
+        let usageURL = self.apiURL(environment: environment)
+            .appendingPathComponent("projects")
+            .appendingPathComponent(projectID)
+            .appendingPathComponent("usage")
+            .appendingPathComponent("breakdown")
+
+        guard var components = URLComponents(url: usageURL, resolvingAgainstBaseURL: false) else {
+            throw DeepgramUsageError.networkError("Invalid usage URL")
+        }
+
+        let queryItems = query.queryItems()
+        if !queryItems.isEmpty {
+            components.queryItems = queryItems
+        }
+
+        guard let finalURL = components.url else {
+            throw DeepgramUsageError.networkError("Invalid usage query")
+        }
+
+        return finalURL
+    }
+
+    private static func apiURL(environment: [String: String]) -> URL {
+        if let raw = environment["DEEPGRAM_API_URL"]?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !raw.isEmpty,
+           let url = URL(string: raw)
+        {
+            return url
+        }
+
+        return self.defaultBaseURL
+    }
+
+    private static func parseUsage(
+        data: Data,
+        project: DeepgramProject,
+        updatedAt: Date) throws -> DeepgramUsageSnapshot
+    {
+        do {
+            let response = try JSONDecoder().decode(DeepgramUsageResponse.self, from: data)
+            return DeepgramUsageSnapshot(
+                projectID: project.projectID,
+                projectName: project.name,
+                start: response.start,
+                end: response.end,
+                hours: response.results.reduce(0) { $0 + ($1.hours ?? 0) },
+                totalHours: response.results.reduce(0) { $0 + ($1.totalHours ?? 0) },
+                agentHours: response.results.reduce(0) { $0 + ($1.agentHours ?? 0) },
+                tokensIn: response.results.reduce(0) { $0 + ($1.tokensIn ?? 0) },
+                tokensOut: response.results.reduce(0) { $0 + ($1.tokensOut ?? 0) },
+                ttsCharacters: response.results.reduce(0) { $0 + ($1.ttsCharacters ?? 0) },
+                requests: response.results.reduce(0) { $0 + ($1.requests ?? 0) },
+                updatedAt: updatedAt)
+        } catch let error as DecodingError {
+            Self.log.error("Deepgram decoding error: \(error.localizedDescription)")
+            Self.log.error("Deepgram raw response: \(self.responseSummary(data))")
+            throw DeepgramUsageError.parseFailed(error.localizedDescription)
+        } catch {
+            Self.log.error("Deepgram parse error: \(error.localizedDescription)")
+            Self.log.error("Deepgram raw response: \(self.responseSummary(data))")
+            throw DeepgramUsageError.parseFailed(error.localizedDescription)
+        }
+    }
+
+    private static func cleaned(_ raw: String?) -> String? {
+        guard let value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+        return value
+    }
+
+    private static func responseSummary(_ data: Data) -> String {
+        guard !data.isEmpty else { return "empty body" }
+
+        guard let text = String(data: data, encoding: .utf8) else {
+            return "non-text body (\(data.count) bytes)"
+        }
+
+        let cleaned = text
+            .replacingOccurrences(of: #"\s+"#, with: " ", options: .regularExpression)
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+
+        guard !cleaned.isEmpty else {
+            return "empty body"
+        }
+
+        let maxLength = 240
+        guard cleaned.count > maxLength else {
+            return self.redact(cleaned)
+        }
+
+        let index = cleaned.index(cleaned.startIndex, offsetBy: maxLength)
+        return self.redact("\(cleaned[..<index])... [truncated]")
+    }
+
+    private static func redact(_ text: String) -> String {
+        let replacements: [(String, String)] = [
+            (#"(?i)(token\s+)[A-Za-z0-9._\-]+"#, "$1[REDACTED]"),
+            (#"(?i)(dg_[A-Za-z0-9._\-]+)"#, "[REDACTED]"),
+            (
+                #"(?i)(\"(?:api_?key|authorization|token|access_token|refresh_token)\"\s*:\s*\")([^\"]+)(\")"#,
+                "$1[REDACTED]$3"),
+        ]
+
+        return replacements.reduce(text) { partial, replacement in
+            partial.replacingOccurrences(
+                of: replacement.0,
+                with: replacement.1,
+                options: .regularExpression)
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Doubao/DoubaoProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Doubao/DoubaoProviderDescriptor.swift
new file mode 100644
index 000000000..69fb57c89
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Doubao/DoubaoProviderDescriptor.swift
@@ -0,0 +1,69 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum DoubaoProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .doubao,
+            metadata: ProviderMetadata(
+                id: .doubao,
+                displayName: "Doubao",
+                sessionLabel: "Requests",
+                weeklyLabel: "Rate limit",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show Doubao usage",
+                cliName: "doubao",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: nil,
+                dashboardURL: "https://console.volcengine.com/ark/region:ark+cn-beijing/openManagement?LLM=%7B%7D&advancedActiveKey=subscribe",
+                statusPageURL: nil),
+            branding: ProviderBranding(
+                iconStyle: .doubao,
+                iconResourceName: "ProviderIcon-doubao",
+                color: ProviderColor(red: 51 / 255, green: 112 / 255, blue: 255 / 255)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "Doubao cost summary is not available." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .api],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [DoubaoAPIFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "doubao",
+                aliases: ["volcengine", "ark", "bytedance"],
+                versionDetector: nil))
+    }
+}
+
+struct DoubaoAPIFetchStrategy: ProviderFetchStrategy {
+    let id: String = "doubao.api"
+    let kind: ProviderFetchKind = .apiToken
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        Self.resolveToken(environment: context.env) != nil
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard let apiKey = Self.resolveToken(environment: context.env) else {
+            throw DoubaoUsageError.missingCredentials
+        }
+        let usage = try await DoubaoUsageFetcher.fetchUsage(apiKey: apiKey)
+        return self.makeResult(
+            usage: usage.toUsageSnapshot(),
+            sourceLabel: "api")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    private static func resolveToken(environment: [String: String]) -> String? {
+        ProviderTokenResolver.doubaoToken(environment: environment)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Doubao/DoubaoSettingsReader.swift b/Sources/CodexBarCore/Providers/Doubao/DoubaoSettingsReader.swift
new file mode 100644
index 000000000..fc5942e54
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Doubao/DoubaoSettingsReader.swift
@@ -0,0 +1,36 @@
+import Foundation
+
+public struct DoubaoSettingsReader: Sendable {
+    public static let apiKeyEnvironmentKeys = [
+        "ARK_API_KEY",
+        "VOLCENGINE_API_KEY",
+        "DOUBAO_API_KEY",
+    ]
+
+    public static func apiKey(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        for key in self.apiKeyEnvironmentKeys {
+            guard let raw = environment[key]?.trimmingCharacters(in: .whitespacesAndNewlines),
+                  !raw.isEmpty
+            else {
+                continue
+            }
+            let cleaned = Self.cleaned(raw)
+            if !cleaned.isEmpty {
+                return cleaned
+            }
+        }
+        return nil
+    }
+
+    private static func cleaned(_ raw: String) -> String {
+        var value = raw
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+        return value.trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Doubao/DoubaoUsageFetcher.swift b/Sources/CodexBarCore/Providers/Doubao/DoubaoUsageFetcher.swift
new file mode 100644
index 000000000..9bfad55db
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Doubao/DoubaoUsageFetcher.swift
@@ -0,0 +1,287 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public struct DoubaoUsageSnapshot: Sendable {
+    public let remainingRequests: Int
+    public let limitRequests: Int
+    public let resetTime: Date?
+    public let updatedAt: Date
+    public let apiKeyValid: Bool
+    public let totalTokens: Int?
+    public init(
+        remainingRequests: Int,
+        limitRequests: Int,
+        resetTime: Date?,
+        updatedAt: Date,
+        apiKeyValid: Bool = false,
+        totalTokens: Int? = nil)
+    {
+        self.remainingRequests = remainingRequests
+        self.limitRequests = limitRequests
+        self.resetTime = resetTime
+        self.updatedAt = updatedAt
+        self.apiKeyValid = apiKeyValid
+        self.totalTokens = totalTokens
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let usedPercent: Double
+        let resetDescription: String
+
+        if self.limitRequests > 0 {
+            let used = max(0, self.limitRequests - self.remainingRequests)
+            usedPercent = min(100, max(0, Double(used) / Double(self.limitRequests) * 100))
+            resetDescription = "\(used)/\(self.limitRequests) requests"
+        } else if self.apiKeyValid {
+            usedPercent = 0
+            resetDescription = "Active - check dashboard for details"
+        } else {
+            usedPercent = 0
+            resetDescription = "No usage data"
+        }
+
+        let primary = RateWindow(
+            usedPercent: usedPercent,
+            windowMinutes: nil,
+            resetsAt: self.resetTime,
+            resetDescription: resetDescription)
+
+        let identity = ProviderIdentitySnapshot(
+            providerID: .doubao,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: nil)
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: nil,
+            tertiary: nil,
+            providerCost: nil,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+}
+
+public enum DoubaoUsageError: LocalizedError, Sendable {
+    case missingCredentials
+    case networkError(String)
+    case apiError(Int, String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCredentials:
+            "Missing Doubao API key (ARK_API_KEY)."
+        case let .networkError(message):
+            "Doubao network error: \(message)"
+        case let .apiError(code, message):
+            "Doubao API error (\(code)): \(message)"
+        case let .parseFailed(message):
+            "Failed to parse Doubao response: \(message)"
+        }
+    }
+}
+
+public struct DoubaoUsageFetcher: Sendable {
+    private static let log = CodexBarLog.logger(LogCategories.doubaoUsage)
+    private static let apiURL = URL(string: "https://ark.cn-beijing.volces.com/api/coding/v3/chat/completions")!
+
+    /// Models to probe, ordered by likelihood. We try multiple models because
+    /// different key types may not have access to every model.
+    private static let probeModels = [
+        "doubao-seed-2.0-code",
+        "doubao-1.5-pro-32k",
+        "doubao-lite-32k",
+    ]
+
+    public static func fetchUsage(apiKey: String) async throws -> DoubaoUsageSnapshot {
+        guard !apiKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty else {
+            throw DoubaoUsageError.missingCredentials
+        }
+
+        var lastError: Error?
+        for model in self.probeModels {
+            do {
+                return try await self.probe(apiKey: apiKey, model: model)
+            } catch let error as DoubaoUsageError {
+                if case let .apiError(code, _) = error, code == 404 || code == 403 {
+                    Self.log.debug("Doubao probe model \(model) unavailable (\(code)), trying next")
+                    lastError = error
+                    continue
+                }
+                throw error
+            }
+        }
+        throw lastError ?? DoubaoUsageError.apiError(0, "All probe models failed")
+    }
+
+    private static func probe(apiKey: String, model: String) async throws -> DoubaoUsageSnapshot {
+        var request = URLRequest(url: self.apiURL)
+        request.httpMethod = "POST"
+        request.timeoutInterval = 15
+        request.setValue("application/json", forHTTPHeaderField: "Content-Type")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+
+        let body: [String: Any] = [
+            "model": model,
+            "max_tokens": 1,
+            "messages": [
+                ["role": "user", "content": "hi"],
+            ] as [[String: Any]],
+        ]
+
+        request.httpBody = try JSONSerialization.data(withJSONObject: body)
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+
+        // Accept both 200 (success) and 429 (rate limited) – both carry rate limit headers.
+        guard response.statusCode == 200 || response.statusCode == 429 else {
+            let summary = Self.apiErrorSummary(statusCode: response.statusCode, data: data)
+            Self.log.error("Doubao API returned \(response.statusCode): \(summary)")
+            throw DoubaoUsageError.apiError(response.statusCode, summary)
+        }
+
+        let headers = response.response.allHeaderFields
+        let remaining = Self.intHeader(headers, "x-ratelimit-remaining-requests")
+        let limit = Self.intHeader(headers, "x-ratelimit-limit-requests")
+        let resetString = Self.stringHeader(headers, "x-ratelimit-reset-requests")
+
+        let resetTime: Date? = resetString.flatMap(Self.parseResetTime)
+
+        var totalTokens: Int?
+        if remaining == nil, limit == nil,
+           let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
+           let usage = json["usage"] as? [String: Any]
+        {
+            totalTokens = usage["total_tokens"] as? Int
+        }
+
+        // 429 means the key is valid but rate-limited; treat it as valid so the UI
+        // shows "Active" instead of "No usage data" when headers are absent.
+        let keyValid = response.statusCode == 200 || response.statusCode == 429
+
+        let snapshot = DoubaoUsageSnapshot(
+            remainingRequests: remaining ?? 0,
+            limitRequests: limit ?? 0,
+            resetTime: resetTime,
+            updatedAt: Date(),
+            apiKeyValid: keyValid,
+            totalTokens: totalTokens)
+
+        Self.log.debug(
+            """
+            Doubao usage parsed remaining=\(snapshot.remainingRequests) \
+            limit=\(snapshot.limitRequests) valid=\(snapshot.apiKeyValid)
+            """)
+
+        return snapshot
+    }
+
+    private static func stringHeader(_ headers: [AnyHashable: Any], _ name: String) -> String? {
+        if let value = headers[name] as? String { return value }
+        for (key, val) in headers {
+            if let keyStr = key as? String,
+               keyStr.caseInsensitiveCompare(name) == .orderedSame,
+               let valStr = val as? String
+            {
+                return valStr
+            }
+        }
+        return nil
+    }
+
+    private static func intHeader(_ headers: [AnyHashable: Any], _ name: String) -> Int? {
+        if let value = headers[name] as? String, let int = Int(value) {
+            return int
+        }
+        if let value = headers[name.lowercased()] as? String, let int = Int(value) {
+            return int
+        }
+        for (key, val) in headers {
+            if let keyStr = key as? String,
+               keyStr.lowercased() == name.lowercased(),
+               let valStr = val as? String,
+               let int = Int(valStr)
+            {
+                return int
+            }
+        }
+        return nil
+    }
+
+    private static func parseResetTime(_ value: String) -> Date? {
+        let trimmed = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        if trimmed.isEmpty { return nil }
+
+        let isoFormatter = ISO8601DateFormatter()
+        isoFormatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        if let date = isoFormatter.date(from: trimmed) { return date }
+        let isoFallback = ISO8601DateFormatter()
+        isoFallback.formatOptions = [.withInternetDateTime]
+        if let date = isoFallback.date(from: trimmed) { return date }
+
+        var seconds: TimeInterval = 0
+        let pattern = /(\d+)([dhms])/
+        for match in trimmed.matches(of: pattern) {
+            guard let num = Double(match.1) else { continue }
+            switch match.2 {
+            case "d": seconds += num * 86400
+            case "h": seconds += num * 3600
+            case "m": seconds += num * 60
+            case "s": seconds += num
+            default: break
+            }
+        }
+        if seconds > 0 {
+            return Date().addingTimeInterval(seconds)
+        }
+
+        if let secs = TimeInterval(trimmed) {
+            return Date().addingTimeInterval(secs)
+        }
+
+        return nil
+    }
+
+    private static func apiErrorSummary(statusCode: Int, data: Data) -> String {
+        guard let root = try? JSONSerialization.jsonObject(with: data),
+              let json = root as? [String: Any]
+        else {
+            if let text = String(data: data, encoding: .utf8)?
+                .trimmingCharacters(in: .whitespacesAndNewlines),
+                !text.isEmpty
+            {
+                return self.compactText(text)
+            }
+            return "Unexpected response body (\(data.count) bytes)."
+        }
+
+        if let error = json["error"] as? [String: Any],
+           let message = error["message"] as? String
+        {
+            let trimmed = message.trimmingCharacters(in: .whitespacesAndNewlines)
+            if !trimmed.isEmpty { return Self.compactText(trimmed) }
+        }
+
+        if let message = json["message"] as? String {
+            let trimmed = message.trimmingCharacters(in: .whitespacesAndNewlines)
+            if !trimmed.isEmpty { return Self.compactText(trimmed) }
+        }
+
+        return "HTTP \(statusCode) (\(data.count) bytes)."
+    }
+
+    private static func compactText(_ text: String, maxLength: Int = 200) -> String {
+        let collapsed = text
+            .components(separatedBy: .newlines)
+            .joined(separator: " ")
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+        if collapsed.count <= maxLength { return collapsed }
+        let limitIndex = collapsed.index(collapsed.startIndex, offsetBy: maxLength)
+        return "\(collapsed[..<limitIndex])..."
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/ElevenLabs/ElevenLabsProviderDescriptor.swift b/Sources/CodexBarCore/Providers/ElevenLabs/ElevenLabsProviderDescriptor.swift
new file mode 100644
index 000000000..5b18a5edf
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/ElevenLabs/ElevenLabsProviderDescriptor.swift
@@ -0,0 +1,73 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum ElevenLabsProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .elevenlabs,
+            metadata: ProviderMetadata(
+                id: .elevenlabs,
+                displayName: "ElevenLabs",
+                sessionLabel: "Credits",
+                weeklyLabel: "Voices",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show ElevenLabs usage",
+                cliName: "elevenlabs",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: nil,
+                dashboardURL: "https://elevenlabs.io/app/developers/usage",
+                subscriptionDashboardURL: "https://elevenlabs.io/app/subscription",
+                statusPageURL: nil,
+                statusLinkURL: "https://status.elevenlabs.io"),
+            branding: ProviderBranding(
+                iconStyle: .elevenlabs,
+                iconResourceName: "ProviderIcon-elevenlabs",
+                color: ProviderColor(red: 0.92, green: 0.92, blue: 0.90)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "ElevenLabs cost history is not available via API yet." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .api],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [ElevenLabsAPIFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "elevenlabs",
+                aliases: ["11labs", "eleven"],
+                versionDetector: nil))
+    }
+}
+
+struct ElevenLabsAPIFetchStrategy: ProviderFetchStrategy {
+    let id: String = "elevenlabs.api"
+    let kind: ProviderFetchKind = .apiToken
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        Self.resolveToken(environment: context.env) != nil
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard let apiKey = Self.resolveToken(environment: context.env) else {
+            throw ElevenLabsUsageError.missingCredentials
+        }
+        let usage = try await ElevenLabsUsageFetcher.fetchUsage(
+            apiKey: apiKey,
+            environment: context.env)
+        return self.makeResult(
+            usage: usage.toUsageSnapshot(),
+            sourceLabel: "api")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    private static func resolveToken(environment: [String: String]) -> String? {
+        ProviderTokenResolver.elevenLabsToken(environment: environment)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/ElevenLabs/ElevenLabsSettingsReader.swift b/Sources/CodexBarCore/Providers/ElevenLabs/ElevenLabsSettingsReader.swift
new file mode 100644
index 000000000..bd3cdf4ca
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/ElevenLabs/ElevenLabsSettingsReader.swift
@@ -0,0 +1,40 @@
+import Foundation
+
+public enum ElevenLabsSettingsReader {
+    public static let apiKeyEnvironmentKey = "ELEVENLABS_API_KEY"
+    public static let apiKeyEnvironmentKeys = [
+        Self.apiKeyEnvironmentKey,
+        "XI_API_KEY",
+    ]
+    public static let apiURLEnvironmentKey = "ELEVENLABS_API_URL"
+
+    public static func apiKey(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        for key in self.apiKeyEnvironmentKeys {
+            guard let token = self.cleaned(environment[key]) else { continue }
+            return token
+        }
+        return nil
+    }
+
+    public static func apiURL(environment: [String: String] = ProcessInfo.processInfo.environment) -> URL {
+        if let override = self.cleaned(environment[self.apiURLEnvironmentKey]),
+           let url = URL(string: override)
+        {
+            return url
+        }
+        return URL(string: "https://api.elevenlabs.io")!
+    }
+
+    static func cleaned(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+        value = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : value
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/ElevenLabs/ElevenLabsUsageFetcher.swift b/Sources/CodexBarCore/Providers/ElevenLabs/ElevenLabsUsageFetcher.swift
new file mode 100644
index 000000000..bdf293132
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/ElevenLabs/ElevenLabsUsageFetcher.swift
@@ -0,0 +1,251 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public struct ElevenLabsOverage: Codable, Sendable, Equatable {
+    public let amount: String?
+    public let currency: String?
+}
+
+public struct ElevenLabsSubscriptionResponse: Decodable, Sendable {
+    public let tier: String?
+    public let characterCount: Int
+    public let characterLimit: Int
+    public let voiceSlotsUsed: Int?
+    public let professionalVoiceSlotsUsed: Int?
+    public let voiceLimit: Int?
+    public let professionalVoiceLimit: Int?
+    public let currentOverage: ElevenLabsOverage?
+    public let status: String?
+    public let nextCharacterCountResetUnix: Int?
+
+    private enum CodingKeys: String, CodingKey {
+        case tier
+        case characterCount = "character_count"
+        case characterLimit = "character_limit"
+        case voiceSlotsUsed = "voice_slots_used"
+        case professionalVoiceSlotsUsed = "professional_voice_slots_used"
+        case voiceLimit = "voice_limit"
+        case professionalVoiceLimit = "professional_voice_limit"
+        case currentOverage = "current_overage"
+        case status
+        case nextCharacterCountResetUnix = "next_character_count_reset_unix"
+    }
+}
+
+public struct ElevenLabsUsageSnapshot: Codable, Sendable, Equatable {
+    public let tier: String?
+    public let characterCount: Int
+    public let characterLimit: Int
+    public let voiceSlotsUsed: Int?
+    public let professionalVoiceSlotsUsed: Int?
+    public let voiceLimit: Int?
+    public let professionalVoiceLimit: Int?
+    public let currentOverage: ElevenLabsOverage?
+    public let status: String?
+    public let resetsAt: Date?
+    public let updatedAt: Date
+
+    public init(
+        tier: String?,
+        characterCount: Int,
+        characterLimit: Int,
+        voiceSlotsUsed: Int?,
+        professionalVoiceSlotsUsed: Int?,
+        voiceLimit: Int?,
+        professionalVoiceLimit: Int?,
+        currentOverage: ElevenLabsOverage?,
+        status: String?,
+        resetsAt: Date?,
+        updatedAt: Date)
+    {
+        self.tier = tier
+        self.characterCount = characterCount
+        self.characterLimit = characterLimit
+        self.voiceSlotsUsed = voiceSlotsUsed
+        self.professionalVoiceSlotsUsed = professionalVoiceSlotsUsed
+        self.voiceLimit = voiceLimit
+        self.professionalVoiceLimit = professionalVoiceLimit
+        self.currentOverage = currentOverage
+        self.status = status
+        self.resetsAt = resetsAt
+        self.updatedAt = updatedAt
+    }
+
+    public var usedPercent: Double {
+        guard self.characterLimit > 0 else { return 0 }
+        return max(0, Double(self.characterCount) / Double(self.characterLimit) * 100)
+    }
+
+    public var remainingCharacters: Int {
+        max(0, self.characterLimit - self.characterCount)
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let primary = RateWindow(
+            usedPercent: self.usedPercent,
+            windowMinutes: nil,
+            resetsAt: self.resetsAt,
+            resetDescription: self.characterSummary)
+        let extraWindows = self.voiceWindows()
+        let identity = ProviderIdentitySnapshot(
+            providerID: .elevenlabs,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: self.displayTier)
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: nil,
+            tertiary: nil,
+            extraRateWindows: extraWindows.isEmpty ? nil : extraWindows,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+
+    private var displayTier: String? {
+        guard let tier = tier?.trimmingCharacters(in: .whitespacesAndNewlines), !tier.isEmpty else {
+            return status
+        }
+        let statusSuffix = if let status, !status.isEmpty, status.lowercased() != "active" {
+            " · \(status)"
+        } else {
+            ""
+        }
+        return "\(tier.replacingOccurrences(of: "_", with: " ").capitalized)\(statusSuffix)"
+    }
+
+    private var characterSummary: String {
+        "\(Self.formatCount(self.characterCount)) / \(Self.formatCount(self.characterLimit)) credits"
+    }
+
+    private func voiceWindows() -> [NamedRateWindow] {
+        var windows: [NamedRateWindow] = []
+        if let used = voiceSlotsUsed, let limit = voiceLimit, limit > 0 {
+            windows.append(NamedRateWindow(
+                id: "voice-slots",
+                title: "Voice slots",
+                window: RateWindow(
+                    usedPercent: Double(used) / Double(limit) * 100,
+                    windowMinutes: nil,
+                    resetsAt: nil,
+                    resetDescription: "\(used) / \(limit)")))
+        }
+        if let used = professionalVoiceSlotsUsed, let limit = professionalVoiceLimit, limit > 0 {
+            windows.append(NamedRateWindow(
+                id: "professional-voices",
+                title: "Professional voices",
+                window: RateWindow(
+                    usedPercent: Double(used) / Double(limit) * 100,
+                    windowMinutes: nil,
+                    resetsAt: nil,
+                    resetDescription: "\(used) / \(limit)")))
+        }
+        return windows
+    }
+
+    private static func formatCount(_ value: Int) -> String {
+        let formatter = NumberFormatter()
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        formatter.numberStyle = .decimal
+        formatter.usesGroupingSeparator = true
+        formatter.groupingSeparator = ","
+        formatter.maximumFractionDigits = 0
+        return formatter.string(from: NSNumber(value: value)) ?? "\(value)"
+    }
+}
+
+public enum ElevenLabsUsageError: LocalizedError, Sendable {
+    case missingCredentials
+    case networkError(String)
+    case apiError(String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCredentials:
+            "Missing ElevenLabs API key. Set apiKey in ~/.codexbar/config.json or ELEVENLABS_API_KEY."
+        case let .networkError(message):
+            "ElevenLabs network error: \(message)"
+        case let .apiError(message):
+            "ElevenLabs API error: \(message)"
+        case let .parseFailed(message):
+            "Failed to parse ElevenLabs response: \(message)"
+        }
+    }
+}
+
+public struct ElevenLabsUsageFetcher: Sendable {
+    private static let log = CodexBarLog.logger(LogCategories.elevenLabsUsage)
+    private static let timeoutSeconds: TimeInterval = 15
+
+    public static func fetchUsage(
+        apiKey: String,
+        environment: [String: String] = ProcessInfo.processInfo.environment) async throws -> ElevenLabsUsageSnapshot
+    {
+        let trimmed = apiKey.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else {
+            throw ElevenLabsUsageError.missingCredentials
+        }
+
+        let url = Self.subscriptionURL(baseURL: ElevenLabsSettingsReader.apiURL(environment: environment))
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.setValue(trimmed, forHTTPHeaderField: "xi-api-key")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.timeoutInterval = Self.timeoutSeconds
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        switch response.statusCode {
+        case 200:
+            return try Self.parseSnapshot(data: response.data, updatedAt: Date())
+        case 401, 403:
+            throw ElevenLabsUsageError.missingCredentials
+        default:
+            Self.log.error("ElevenLabs API returned \(response.statusCode)")
+            throw ElevenLabsUsageError.apiError("HTTP \(response.statusCode)")
+        }
+    }
+
+    static func _parseSnapshotForTesting(_ data: Data, updatedAt: Date) throws -> ElevenLabsUsageSnapshot {
+        try self.parseSnapshot(data: data, updatedAt: updatedAt)
+    }
+
+    private static func parseSnapshot(data: Data, updatedAt: Date) throws -> ElevenLabsUsageSnapshot {
+        let decoded: ElevenLabsSubscriptionResponse
+        do {
+            decoded = try JSONDecoder().decode(ElevenLabsSubscriptionResponse.self, from: data)
+        } catch {
+            throw ElevenLabsUsageError.parseFailed(error.localizedDescription)
+        }
+
+        let resetsAt = decoded.nextCharacterCountResetUnix.map {
+            Date(timeIntervalSince1970: TimeInterval($0))
+        }
+
+        return ElevenLabsUsageSnapshot(
+            tier: decoded.tier,
+            characterCount: decoded.characterCount,
+            characterLimit: decoded.characterLimit,
+            voiceSlotsUsed: decoded.voiceSlotsUsed,
+            professionalVoiceSlotsUsed: decoded.professionalVoiceSlotsUsed,
+            voiceLimit: decoded.voiceLimit,
+            professionalVoiceLimit: decoded.professionalVoiceLimit,
+            currentOverage: decoded.currentOverage,
+            status: decoded.status,
+            resetsAt: resetsAt,
+            updatedAt: updatedAt)
+    }
+
+    private static func subscriptionURL(baseURL: URL) -> URL {
+        var url = baseURL
+        let pathComponents = url.path.split(separator: "/")
+        if pathComponents.last == "v1" {
+            url.append(path: "user/subscription")
+        } else {
+            url.append(path: "v1/user/subscription")
+        }
+        return url
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Factory/FactoryLocalStorageImporter.swift b/Sources/CodexBarCore/Providers/Factory/FactoryLocalStorageImporter.swift
index b245c6981..08f0cde2a 100644
--- a/Sources/CodexBarCore/Providers/Factory/FactoryLocalStorageImporter.swift
+++ b/Sources/CodexBarCore/Providers/Factory/FactoryLocalStorageImporter.swift
@@ -6,7 +6,7 @@ import SweetCookieKit
 
 #if os(macOS)
 enum FactoryLocalStorageImporter {
-    struct TokenInfo: Sendable {
+    struct TokenInfo {
         let refreshToken: String
         let accessToken: String?
         let organizationID: String?
@@ -65,12 +65,12 @@ enum FactoryLocalStorageImporter {
 
     // MARK: - Chrome local storage discovery
 
-    private enum LocalStorageSourceKind: Sendable {
+    private enum LocalStorageSourceKind {
         case chromeLevelDB(URL)
         case safariSQLite(URL)
     }
 
-    private struct LocalStorageCandidate: Sendable {
+    private struct LocalStorageCandidate {
         let label: String
         let kind: LocalStorageSourceKind
     }
@@ -192,7 +192,7 @@ enum FactoryLocalStorageImporter {
 
     // MARK: - Token extraction
 
-    private struct WorkOSTokenMatch: Sendable {
+    private struct WorkOSTokenMatch {
         let refreshToken: String
         let accessToken: String?
         let organizationID: String?
diff --git a/Sources/CodexBarCore/Providers/Factory/FactoryManualCredentials.swift b/Sources/CodexBarCore/Providers/Factory/FactoryManualCredentials.swift
new file mode 100644
index 000000000..ae4698a53
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Factory/FactoryManualCredentials.swift
@@ -0,0 +1,58 @@
+import Foundation
+
+extension FactoryStatusProbe {
+    struct ManualCredentials {
+        let cookieHeader: String?
+        let bearerToken: String?
+    }
+
+    static func manualCredentials(from raw: String?) -> ManualCredentials? {
+        guard let raw = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !raw.isEmpty else {
+            return nil
+        }
+        let normalizedCookieHeader = CookieHeaderNormalizer.normalize(raw)
+        let cookieHeader = normalizedCookieHeader.flatMap {
+            CookieHeaderNormalizer.pairs(from: $0).isEmpty ? nil : $0
+        }
+        let bearerToken = self.authorizationBearerToken(from: raw)
+            ?? normalizedCookieHeader.flatMap(self.bearerToken(fromHeader:))
+            ?? self.bareBearerToken(from: raw)
+        guard cookieHeader != nil || bearerToken != nil else { return nil }
+        return ManualCredentials(cookieHeader: cookieHeader, bearerToken: bearerToken)
+    }
+
+    static func bearerToken(fromHeader cookieHeader: String) -> String? {
+        for pair in CookieHeaderNormalizer.pairs(from: cookieHeader) where pair.name == "access-token" {
+            let token = pair.value.trimmingCharacters(in: .whitespacesAndNewlines)
+            if !token.isEmpty { return token }
+        }
+        return nil
+    }
+
+    private static func authorizationBearerToken(from raw: String) -> String? {
+        let pattern = #"(?i)(?:authorization\s*:\s*)?bearer\s+([A-Za-z0-9._~+/=-]+)"#
+        guard let regex = try? NSRegularExpression(pattern: pattern, options: []) else { return nil }
+        let range = NSRange(raw.startIndex..<raw.endIndex, in: raw)
+        guard let match = regex.firstMatch(in: raw, options: [], range: range),
+              match.numberOfRanges >= 2,
+              let tokenRange = Range(match.range(at: 1), in: raw)
+        else {
+            return nil
+        }
+        let token = raw[tokenRange].trimmingCharacters(in: .whitespacesAndNewlines)
+        return token.isEmpty ? nil : String(token)
+    }
+
+    private static func bareBearerToken(from raw: String) -> String? {
+        let token = raw.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !token.contains("="),
+              !token.contains(";"),
+              !token.contains(" "),
+              !token.contains("\n"),
+              token.count >= 40 || token.split(separator: ".").count >= 3
+        else {
+            return nil
+        }
+        return token
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Factory/FactoryProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Factory/FactoryProviderDescriptor.swift
index dbbe1509d..815cd537a 100644
--- a/Sources/CodexBarCore/Providers/Factory/FactoryProviderDescriptor.swift
+++ b/Sources/CodexBarCore/Providers/Factory/FactoryProviderDescriptor.swift
@@ -65,6 +65,6 @@ struct FactoryStatusFetchStrategy: ProviderFetchStrategy {
 
     private static func manualCookieHeader(from context: ProviderFetchContext) -> String? {
         guard context.settings?.factory?.cookieSource == .manual else { return nil }
-        return CookieHeaderNormalizer.normalize(context.settings?.factory?.manualCookieHeader)
+        return context.settings?.factory?.manualCookieHeader?.trimmingCharacters(in: .whitespacesAndNewlines)
     }
 }
diff --git a/Sources/CodexBarCore/Providers/Factory/FactoryStatusProbe.swift b/Sources/CodexBarCore/Providers/Factory/FactoryStatusProbe.swift
index b4994a1d1..e3b1fb230 100644
--- a/Sources/CodexBarCore/Providers/Factory/FactoryStatusProbe.swift
+++ b/Sources/CodexBarCore/Providers/Factory/FactoryStatusProbe.swift
@@ -79,7 +79,7 @@ public enum FactoryCookieImporter {
         let log: (String) -> Void = { msg in logger?("[factory-cookie] \(msg)") }
         let cookieDomains = ["factory.ai", "app.factory.ai", "auth.factory.ai"]
         let query = BrowserCookieQuery(domains: cookieDomains)
-        let sources = try Self.cookieClient.records(
+        let sources = try Self.cookieClient.codexBarRecords(
             matching: query,
             in: browserSource,
             logger: log)
@@ -138,6 +138,12 @@ public enum FactoryCookieImporter {
 public struct FactoryAuthResponse: Codable, Sendable {
     public let featureFlags: FactoryFeatureFlags?
     public let organization: FactoryOrganization?
+    public let userProfile: FactoryUserProfile?
+}
+
+public struct FactoryUserProfile: Codable, Sendable {
+    public let id: String?
+    public let email: String?
 }
 
 public struct FactoryFeatureFlags: Codable, Sendable {
@@ -195,6 +201,117 @@ public struct FactoryTokenUsage: Codable, Sendable {
     public let orgOverageLimit: Int64?
 }
 
+public struct FactoryBillingLimitsResponse: Codable, Sendable {
+    public let usesTokenRateLimitsBilling: Bool
+    public let limits: FactoryTokenRateLimits?
+    public let extraUsageBalanceCents: Int
+    public let overagePreference: String?
+    public let extraUsageAllowed: Bool
+    public let tokenRateLimitsRolloutEligible: Bool
+
+    enum CodingKeys: String, CodingKey {
+        case usesTokenRateLimitsBilling
+        case limits
+        case extraUsageBalanceCents
+        case overagePreference
+        case extraUsageAllowed
+        case tokenRateLimitsRolloutEligible
+    }
+
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.usesTokenRateLimitsBilling = try container
+            .decodeIfPresent(Bool.self, forKey: .usesTokenRateLimitsBilling) ?? false
+        self.limits = try container.decodeIfPresent(FactoryTokenRateLimits.self, forKey: .limits)
+        self.extraUsageBalanceCents = try container.decodeIfPresent(Int.self, forKey: .extraUsageBalanceCents) ?? 0
+        self.overagePreference = try container.decodeIfPresent(String.self, forKey: .overagePreference)
+        self.extraUsageAllowed = try container.decodeIfPresent(Bool.self, forKey: .extraUsageAllowed) ?? false
+        self.tokenRateLimitsRolloutEligible = try container
+            .decodeIfPresent(Bool.self, forKey: .tokenRateLimitsRolloutEligible) ?? false
+    }
+}
+
+public struct FactoryTokenRateLimits: Codable, Sendable {
+    public let standard: FactoryLimitPool
+    public let core: FactoryLimitPool?
+}
+
+public struct FactoryLimitPool: Codable, Sendable {
+    public let fiveHour: FactoryBillingWindow
+    public let weekly: FactoryBillingWindow
+    public let monthly: FactoryBillingWindow
+
+    public var hasUsageData: Bool {
+        [self.fiveHour, self.weekly, self.monthly].contains {
+            $0.usedPercent > 0 || $0.windowEnd != nil || $0.secondsRemaining != nil
+        }
+    }
+}
+
+public struct FactoryBillingWindow: Codable, Sendable {
+    public let usedPercent: Double
+    public let windowEnd: FlexibleFactoryDate?
+    public let secondsRemaining: Double?
+
+    public func resetAt(now: Date) -> Date? {
+        if let secondsRemaining, secondsRemaining > 0 {
+            return now.addingTimeInterval(secondsRemaining)
+        }
+        guard let windowEnd = self.windowEnd?.date, windowEnd > now else {
+            return nil
+        }
+        return windowEnd
+    }
+
+    public func effectiveUsedPercent(now: Date) -> Double {
+        // Factory can leave stale values after short rolling windows expire. The web UI treats
+        // that state as reset, so mirror it here instead of showing expired usage.
+        if self.resetAt(now: now) == nil, self.windowEnd != nil, self.secondsRemaining == nil {
+            return 0
+        }
+        return min(100, max(0, self.usedPercent))
+    }
+
+    public func rateWindow(windowMinutes: Int?, title: String, now: Date) -> RateWindow {
+        let reset = self.resetAt(now: now)
+        return RateWindow(
+            usedPercent: self.effectiveUsedPercent(now: now),
+            windowMinutes: windowMinutes,
+            resetsAt: reset,
+            resetDescription: reset.map { FactoryStatusSnapshot.formatResetDate($0) })
+    }
+}
+
+public struct FlexibleFactoryDate: Codable, Sendable {
+    public let date: Date
+
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.singleValueContainer()
+        if let seconds = try? container.decode(Double.self) {
+            self.date = Date(timeIntervalSince1970: seconds > 1e12 ? seconds / 1000.0 : seconds)
+            return
+        }
+        let string = try container.decode(String.self)
+        if let numeric = Double(string) {
+            self.date = Date(timeIntervalSince1970: numeric > 1e12 ? numeric / 1000.0 : numeric)
+            return
+        }
+
+        let fractional = ISO8601DateFormatter()
+        fractional.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        if let parsed = fractional.date(from: string) ?? ISO8601DateFormatter().date(from: string) {
+            self.date = parsed
+            return
+        }
+        throw DecodingError.dataCorruptedError(in: container, debugDescription: "Invalid Factory date")
+    }
+
+    public func encode(to encoder: Encoder) throws {
+        var container = encoder.singleValueContainer()
+        try container.encode(self.date)
+    }
+}
+
 /// Helper for encoding arbitrary JSON
 public struct AnyCodable: Codable, Sendable {
     public init(from decoder: Decoder) throws {
@@ -248,6 +365,10 @@ public struct FactoryStatusSnapshot: Sendable {
     public let userId: String?
     /// Raw JSON for debugging
     public let rawJSON: String?
+    /// New Factory token-rate-limits billing payload, when enabled for the account.
+    public let tokenRateLimits: FactoryTokenRateLimits?
+    public let extraUsageBalanceCents: Int?
+    public let overagePreference: String?
 
     public init(
         standardUserTokens: Int64,
@@ -265,7 +386,10 @@ public struct FactoryStatusSnapshot: Sendable {
         organizationName: String?,
         accountEmail: String?,
         userId: String?,
-        rawJSON: String?)
+        rawJSON: String?,
+        tokenRateLimits: FactoryTokenRateLimits? = nil,
+        extraUsageBalanceCents: Int? = nil,
+        overagePreference: String? = nil)
     {
         self.standardUserTokens = standardUserTokens
         self.standardOrgTokens = standardOrgTokens
@@ -283,10 +407,17 @@ public struct FactoryStatusSnapshot: Sendable {
         self.accountEmail = accountEmail
         self.userId = userId
         self.rawJSON = rawJSON
+        self.tokenRateLimits = tokenRateLimits
+        self.extraUsageBalanceCents = extraUsageBalanceCents
+        self.overagePreference = overagePreference
     }
 
     /// Convert to UsageSnapshot for the common provider interface
     public func toUsageSnapshot() -> UsageSnapshot {
+        if let tokenRateLimits {
+            return self.tokenRateLimitsUsageSnapshot(from: tokenRateLimits)
+        }
+
         // Primary: Standard tokens used (as percentage of allowance, capped reasonably)
         let standardPercent = self.calculateUsagePercent(
             used: self.standardUserTokens,
@@ -337,12 +468,75 @@ public struct FactoryStatusSnapshot: Sendable {
             identity: identity)
     }
 
+    private func tokenRateLimitsUsageSnapshot(from limits: FactoryTokenRateLimits) -> UsageSnapshot {
+        let now = Date()
+        let primary = limits.standard.fiveHour.rateWindow(windowMinutes: 5 * 60, title: "5h", now: now)
+        let secondary = limits.standard.weekly.rateWindow(windowMinutes: 7 * 24 * 60, title: "7-day", now: now)
+        let tertiary = limits.standard.monthly.rateWindow(windowMinutes: nil, title: "Monthly", now: now)
+
+        let coreWindows: [NamedRateWindow]? = if let core = limits.core, core.hasUsageData {
+            [
+                NamedRateWindow(
+                    id: "factory-core-5h",
+                    title: "Core 5h",
+                    window: core.fiveHour.rateWindow(windowMinutes: 5 * 60, title: "Core 5h", now: now)),
+                NamedRateWindow(
+                    id: "factory-core-7d",
+                    title: "Core 7-day",
+                    window: core.weekly.rateWindow(windowMinutes: 7 * 24 * 60, title: "Core 7-day", now: now)),
+                NamedRateWindow(
+                    id: "factory-core-monthly",
+                    title: "Core Monthly",
+                    window: core.monthly.rateWindow(windowMinutes: nil, title: "Core Monthly", now: now)),
+            ]
+        } else {
+            nil
+        }
+
+        let loginMethod: String? = {
+            var parts: [String] = []
+            if let tier = self.tier, !tier.isEmpty {
+                parts.append("Factory \(tier.capitalized)")
+            }
+            if let plan = self.planName, !plan.isEmpty, !plan.lowercased().contains("factory") {
+                parts.append(plan)
+            }
+            if let overagePreference, !overagePreference.isEmpty {
+                parts.append("Fallback: \(overagePreference)")
+            }
+            return parts.isEmpty ? nil : parts.joined(separator: " - ")
+        }()
+
+        let identity = ProviderIdentitySnapshot(
+            providerID: .factory,
+            accountEmail: self.accountEmail,
+            accountOrganization: self.organizationName,
+            loginMethod: loginMethod)
+        let providerCost = self.extraUsageBalanceCents.map {
+            ProviderCostSnapshot(
+                used: Double($0) / 100.0,
+                limit: 0,
+                currencyCode: "USD",
+                period: "Extra usage balance",
+                updatedAt: now)
+        }
+        return UsageSnapshot(
+            primary: primary,
+            secondary: secondary,
+            tertiary: tertiary,
+            extraRateWindows: coreWindows,
+            providerCost: providerCost,
+            updatedAt: now,
+            identity: identity)
+    }
+
     private func calculateUsagePercent(used: Int64, allowance: Int64, apiRatio: Double?) -> Double {
         // Prefer API-provided ratio when available and valid.
         // This handles plan-specific limits correctly on the server side,
         // avoiding issues with missing/sentinel values in totalAllowance.
         let unlimitedThreshold: Int64 = 1_000_000_000_000
         if let ratio = apiRatio,
+           !(ratio == 0 && used > 0 && allowance > 0 && allowance <= unlimitedThreshold),
            let percent = Self.percentFromAPIRatio(ratio, allowance: allowance, unlimitedThreshold: unlimitedThreshold)
         {
             return percent
@@ -383,7 +577,7 @@ public struct FactoryStatusSnapshot: Sendable {
         return nil
     }
 
-    private static func formatResetDate(_ date: Date) -> String {
+    static func formatResetDate(_ date: Date) -> String {
         let formatter = DateFormatter()
         formatter.dateFormat = "MMM d 'at' h:mma"
         formatter.locale = Locale(identifier: "en_US_POSIX")
@@ -402,7 +596,8 @@ public enum FactoryStatusProbeError: LocalizedError, Sendable {
     public var errorDescription: String? {
         switch self {
         case .notLoggedIn:
-            "Not logged in to Factory. Please log in via the CodexBar menu."
+            "No usable Droid session found. Log in to app.factory.ai in \(factoryCookieImportOrder.loginHint), " +
+                "then refresh Droid."
         case let .networkError(msg):
             "Factory API error: \(msg)"
         case let .parseFailed(msg):
@@ -421,7 +616,7 @@ public actor FactorySessionStore {
     private var sessionCookies: [HTTPCookie] = []
     private var bearerToken: String?
     private var refreshToken: String?
-    private let fileURL: URL
+    private var fileURL: URL
     private var didLoadFromDisk = false
 
     private init() {
@@ -444,6 +639,13 @@ public actor FactorySessionStore {
         return self.sessionCookies
     }
 
+    public func clearCookies() {
+        self.loadFromDiskIfNeeded()
+        self.didLoadFromDisk = true
+        self.sessionCookies = []
+        self.saveToDisk()
+    }
+
     public func setBearerToken(_ token: String?) {
         self.didLoadFromDisk = true
         self.bearerToken = token
@@ -479,6 +681,22 @@ public actor FactorySessionStore {
         return !self.sessionCookies.isEmpty || self.bearerToken != nil || self.refreshToken != nil
     }
 
+    func resetInMemoryForTesting() {
+        self.sessionCookies = []
+        self.bearerToken = nil
+        self.refreshToken = nil
+        self.didLoadFromDisk = false
+    }
+
+    func useFileURLForTesting(_ fileURL: URL) {
+        self.fileURL = fileURL
+        self.sessionCookies = []
+        self.bearerToken = nil
+        self.refreshToken = nil
+        self.didLoadFromDisk = false
+        try? FileManager.default.removeItem(at: fileURL)
+    }
+
     private func saveToDisk() {
         let cookieData = self.sessionCookies.compactMap { cookie -> [String: Any]? in
             guard let props = cookie.properties else { return nil }
@@ -516,6 +734,7 @@ public actor FactorySessionStore {
         guard !payload.isEmpty,
               let data = try? JSONSerialization.data(withJSONObject: payload, options: [.prettyPrinted])
         else {
+            try? FileManager.default.removeItem(at: self.fileURL)
             return
         }
         try? data.write(to: self.fileURL)
@@ -590,7 +809,7 @@ public struct FactoryStatusProbe: Sendable {
         "client_01HNM792M5G5G1A2THWPXKFMXB",
     ]
 
-    private struct WorkOSAuthResponse: Decodable, Sendable {
+    private struct WorkOSAuthResponse: Decodable {
         let access_token: String
         let refresh_token: String?
         let organization_id: String?
@@ -616,24 +835,33 @@ public struct FactoryStatusProbe: Sendable {
         let log: (String) -> Void = { msg in logger?("[factory] \(msg)") }
         var lastError: Error?
 
-        if let override = CookieHeaderNormalizer.normalize(cookieHeaderOverride) {
-            log("Using manual cookie header")
-            let bearer = Self.bearerToken(fromHeader: override)
-            let candidates = [
-                self.baseURL,
-                Self.authBaseURL,
-                Self.apiBaseURL,
-            ]
-            for baseURL in candidates {
-                do {
-                    return try await self.fetchWithCookieHeader(
-                        override,
-                        bearerToken: bearer,
-                        baseURL: baseURL)
-                } catch {
-                    lastError = error
+        let manualOverride = cookieHeaderOverride?.trimmingCharacters(in: .whitespacesAndNewlines)
+        if manualOverride?.isEmpty == false {
+            guard let override = Self.manualCredentials(from: manualOverride) else {
+                throw FactoryStatusProbeError.noSessionCookie
+            }
+            if let cookieHeader = override.cookieHeader {
+                log("Using manual cookie header")
+                let candidates = [
+                    self.baseURL,
+                    Self.authBaseURL,
+                    Self.apiBaseURL,
+                ]
+                for baseURL in candidates {
+                    do {
+                        return try await self.fetchWithCookieHeader(
+                            cookieHeader,
+                            bearerToken: override.bearerToken,
+                            baseURL: baseURL)
+                    } catch {
+                        lastError = error
+                    }
                 }
             }
+            if let bearerToken = override.bearerToken {
+                log("Using manual Factory bearer token")
+                return try await self.fetchWithBearerToken(bearerToken, logger: log)
+            }
             if let lastError { throw lastError }
             throw FactoryStatusProbeError.noSessionCookie
         }
@@ -659,19 +887,19 @@ public struct FactoryStatusProbe: Sendable {
         // Filter to only installed browsers to avoid unnecessary keychain prompts
         let installedChromiumAndFirefox = [.chrome, .firefox].cookieImportCandidates(using: self.browserDetection)
 
-        let attempts: [FetchAttemptResult] = await [
-            self.attemptStoredCookies(logger: log),
-            self.attemptStoredBearer(logger: log),
-            self.attemptStoredRefreshToken(logger: log),
-            self.attemptLocalStorageTokens(logger: log),
-            self.attemptBrowserCookies(logger: log, sources: [.safari]),
-            self.attemptWorkOSCookies(logger: log, sources: [.safari]),
-            self.attemptBrowserCookies(logger: log, sources: installedChromiumAndFirefox),
-            self.attemptWorkOSCookies(logger: log, sources: installedChromiumAndFirefox),
+        let attempts: [() async -> FetchAttemptResult] = [
+            { await self.attemptStoredCookies(logger: log) },
+            { await self.attemptStoredBearer(logger: log) },
+            { await self.attemptStoredRefreshToken(logger: log) },
+            { await self.attemptLocalStorageTokens(logger: log) },
+            { await self.attemptBrowserCookies(logger: log, sources: [.safari]) },
+            { await self.attemptWorkOSCookies(logger: log, sources: [.safari]) },
+            { await self.attemptBrowserCookies(logger: log, sources: installedChromiumAndFirefox) },
+            { await self.attemptWorkOSCookies(logger: log, sources: installedChromiumAndFirefox) },
         ]
 
-        for result in attempts {
-            switch result {
+        for attempt in attempts {
+            switch await attempt() {
             case let .success(snapshot):
                 return snapshot
             case let .failure(error):
@@ -685,7 +913,7 @@ public struct FactoryStatusProbe: Sendable {
         throw FactoryStatusProbeError.noSessionCookie
     }
 
-    private enum FetchAttemptResult: Sendable {
+    private enum FetchAttemptResult {
         case success(FactoryStatusSnapshot)
         case failure(Error)
         case skipped
@@ -732,8 +960,8 @@ public struct FactoryStatusProbe: Sendable {
             return try await .success(self.fetchWithCookies(storedCookies, logger: logger))
         } catch {
             if case FactoryStatusProbeError.notLoggedIn = error {
-                await FactorySessionStore.shared.clearSession()
-                logger("Stored session invalid, cleared")
+                await FactorySessionStore.shared.clearCookies()
+                logger("Stored session cookies invalid, cleared")
             } else {
                 logger("Stored session failed: \(error.localizedDescription)")
             }
@@ -818,7 +1046,7 @@ public struct FactoryStatusProbe: Sendable {
         for browserSource in sources {
             do {
                 let query = BrowserCookieQuery(domains: ["workos.com"])
-                let sources = try BrowserCookieClient().records(
+                let sources = try BrowserCookieClient().codexBarRecords(
                     matching: query,
                     in: browserSource,
                     logger: log)
@@ -978,14 +1206,6 @@ public struct FactoryStatusProbe: Sendable {
         cookies.map { "\($0.name)=\($0.value)" }.joined(separator: "; ")
     }
 
-    private static func bearerToken(fromHeader cookieHeader: String) -> String? {
-        for pair in CookieHeaderNormalizer.pairs(from: cookieHeader) where pair.name == "access-token" {
-            let token = pair.value.trimmingCharacters(in: .whitespacesAndNewlines)
-            if !token.isEmpty { return token }
-        }
-        return nil
-    }
-
     private func fetchWithCookieHeader(
         _ cookieHeader: String,
         bearerToken: String?,
@@ -997,8 +1217,21 @@ public struct FactoryStatusProbe: Sendable {
             bearerToken: bearerToken,
             baseURL: baseURL)
 
-        // Extract user ID from JWT in the auth response or use a default endpoint
-        let userId = self.extractUserIdFromAuth(authInfo)
+        let userId = factoryUserIdFromAuth(authInfo)
+            ?? factoryUserIdFromBearerToken(bearerToken)
+
+        if let billingLimits = try await self.fetchBillingLimitsIfAvailable(
+            cookieHeader: cookieHeader,
+            bearerToken: bearerToken),
+            billingLimits.usesTokenRateLimitsBilling,
+            let tokenRateLimits = billingLimits.limits
+        {
+            return self.buildTokenRateLimitsSnapshot(
+                authInfo: authInfo,
+                billingLimits: billingLimits,
+                tokenRateLimits: tokenRateLimits,
+                userId: userId)
+        }
 
         // Fetch usage data
         let usageData = try await self.fetchUsage(
@@ -1010,6 +1243,45 @@ public struct FactoryStatusProbe: Sendable {
         return self.buildSnapshot(authInfo: authInfo, usageData: usageData, userId: userId)
     }
 
+    private func fetchBillingLimitsIfAvailable(
+        cookieHeader: String,
+        bearerToken: String?) async throws -> FactoryBillingLimitsResponse?
+    {
+        let url = Self.apiBaseURL.appendingPathComponent("/api/billing/limits")
+        var request = URLRequest(url: url)
+        request.timeoutInterval = self.timeout
+        request.httpMethod = "GET"
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.setValue("application/json", forHTTPHeaderField: "Content-Type")
+        request.setValue("https://app.factory.ai", forHTTPHeaderField: "Origin")
+        request.setValue("https://app.factory.ai/", forHTTPHeaderField: "Referer")
+        request.setValue("web-app", forHTTPHeaderField: "x-factory-client")
+        if !cookieHeader.isEmpty {
+            request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
+        }
+        if let bearerToken {
+            request.setValue("Bearer \(bearerToken)", forHTTPHeaderField: "Authorization")
+        }
+
+        let data: Data
+        let response: URLResponse
+        do {
+            (data, response) = try await ProviderHTTPClient.shared.data(for: request)
+        } catch {
+            return nil
+        }
+
+        guard let httpResponse = response as? HTTPURLResponse else {
+            return nil
+        }
+
+        guard httpResponse.statusCode == 200 else {
+            return nil
+        }
+
+        return try? JSONDecoder().decode(FactoryBillingLimitsResponse.self, from: data)
+    }
+
     private func fetchAuthInfo(
         cookieHeader: String,
         bearerToken: String?,
@@ -1031,16 +1303,23 @@ public struct FactoryStatusProbe: Sendable {
             request.setValue("Bearer \(bearerToken)", forHTTPHeaderField: "Authorization")
         }
 
-        let (data, response) = try await URLSession.shared.data(for: request)
+        let (data, response) = try await ProviderHTTPClient.shared.data(for: request)
 
         guard let httpResponse = response as? HTTPURLResponse else {
             throw FactoryStatusProbeError.networkError("Invalid response")
         }
 
-        if httpResponse.statusCode == 401 || httpResponse.statusCode == 403 {
+        if httpResponse.statusCode == 401 {
             throw FactoryStatusProbeError.notLoggedIn
         }
 
+        if httpResponse.statusCode == 403 {
+            let body = String(data: data, encoding: .utf8)?
+                .trimmingCharacters(in: .whitespacesAndNewlines) ?? "<binary>"
+            let snippet = body.isEmpty ? "" : ": \(body.prefix(200))"
+            throw FactoryStatusProbeError.networkError("HTTP 403 Forbidden\(snippet)")
+        }
+
         guard httpResponse.statusCode == 200 else {
             let body = String(data: data, encoding: .utf8)?
                 .trimmingCharacters(in: .whitespacesAndNewlines) ?? "<binary>"
@@ -1064,10 +1343,19 @@ public struct FactoryStatusProbe: Sendable {
         userId: String?,
         baseURL: URL) async throws -> FactoryUsageResponse
     {
-        let url = baseURL.appendingPathComponent("/api/organization/subscription/usage")
+        var components = URLComponents(
+            url: baseURL.appendingPathComponent("/api/organization/subscription/usage"),
+            resolvingAgainstBaseURL: false)
+        components?.queryItems = [
+            URLQueryItem(name: "useCache", value: "true"),
+        ]
+        if let userId {
+            components?.queryItems?.append(URLQueryItem(name: "userId", value: userId))
+        }
+        let url = components?.url ?? baseURL.appendingPathComponent("/api/organization/subscription/usage")
         var request = URLRequest(url: url)
         request.timeoutInterval = self.timeout
-        request.httpMethod = "POST"
+        request.httpMethod = "GET"
         request.setValue("application/json", forHTTPHeaderField: "Accept")
         request.setValue("application/json", forHTTPHeaderField: "Content-Type")
         request.setValue("https://app.factory.ai", forHTTPHeaderField: "Origin")
@@ -1080,14 +1368,7 @@ public struct FactoryStatusProbe: Sendable {
             request.setValue("Bearer \(bearerToken)", forHTTPHeaderField: "Authorization")
         }
 
-        // Build request body
-        var body: [String: Any] = ["useCache": true]
-        if let userId {
-            body["userId"] = userId
-        }
-        request.httpBody = try? JSONSerialization.data(withJSONObject: body)
-
-        let (data, response) = try await URLSession.shared.data(for: request)
+        let (data, response) = try await ProviderHTTPClient.shared.data(for: request)
 
         guard let httpResponse = response as? HTTPURLResponse else {
             throw FactoryStatusProbeError.networkError("Invalid response")
@@ -1221,7 +1502,7 @@ public struct FactoryStatusProbe: Sendable {
         }
         request.httpBody = try JSONSerialization.data(withJSONObject: body, options: [])
 
-        let (data, response) = try await URLSession.shared.data(for: request)
+        let (data, response) = try await ProviderHTTPClient.shared.data(for: request)
         guard let httpResponse = response as? HTTPURLResponse else {
             throw FactoryStatusProbeError.networkError("Invalid WorkOS response")
         }
@@ -1291,7 +1572,7 @@ public struct FactoryStatusProbe: Sendable {
         }
         request.httpBody = try JSONSerialization.data(withJSONObject: body, options: [])
 
-        let (data, response) = try await URLSession.shared.data(for: request)
+        let (data, response) = try await ProviderHTTPClient.shared.data(for: request)
         guard let httpResponse = response as? HTTPURLResponse else {
             throw FactoryStatusProbeError.networkError("Invalid WorkOS response")
         }
@@ -1325,12 +1606,6 @@ public struct FactoryStatusProbe: Sendable {
         return description.localizedCaseInsensitiveContains("missing refresh token")
     }
 
-    private func extractUserIdFromAuth(_ auth: FactoryAuthResponse) -> String? {
-        // The user ID might be in the organization or we might need to parse JWT
-        // For now, return nil and let the API handle it
-        nil
-    }
-
     private func buildSnapshot(
         authInfo: FactoryAuthResponse,
         usageData: FactoryUsageResponse,
@@ -1359,6 +1634,55 @@ public struct FactoryStatusProbe: Sendable {
             userId: userId ?? usageData.userId,
             rawJSON: nil)
     }
+
+    private func buildTokenRateLimitsSnapshot(
+        authInfo: FactoryAuthResponse,
+        billingLimits: FactoryBillingLimitsResponse,
+        tokenRateLimits: FactoryTokenRateLimits,
+        userId: String?) -> FactoryStatusSnapshot
+    {
+        FactoryStatusSnapshot(
+            standardUserTokens: 0,
+            standardOrgTokens: 0,
+            standardAllowance: 0,
+            standardUsedRatio: nil,
+            premiumUserTokens: 0,
+            premiumOrgTokens: 0,
+            premiumAllowance: 0,
+            premiumUsedRatio: nil,
+            periodStart: nil,
+            periodEnd: nil,
+            planName: authInfo.organization?.subscription?.orbSubscription?.plan?.name,
+            tier: authInfo.organization?.subscription?.factoryTier,
+            organizationName: authInfo.organization?.name,
+            accountEmail: nil,
+            userId: userId,
+            rawJSON: nil,
+            tokenRateLimits: tokenRateLimits,
+            extraUsageBalanceCents: billingLimits.extraUsageBalanceCents,
+            overagePreference: billingLimits.overagePreference)
+    }
+}
+
+private func factoryUserIdFromAuth(_ auth: FactoryAuthResponse) -> String? {
+    factoryNormalizedString(auth.userProfile?.id)
+}
+
+private func factoryUserIdFromBearerToken(_ token: String?) -> String? {
+    guard let token,
+          let claims = UsageFetcher.parseJWT(token),
+          let subject = claims["sub"] as? String
+    else {
+        return nil
+    }
+    return factoryNormalizedString(subject)
+}
+
+private func factoryNormalizedString(_ value: String?) -> String? {
+    guard let value = value?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+        return nil
+    }
+    return value
 }
 
 #else
diff --git a/Sources/CodexBarCore/Providers/Gemini/GeminiProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Gemini/GeminiProviderDescriptor.swift
index b503b3978..ff5d0ca22 100644
--- a/Sources/CodexBarCore/Providers/Gemini/GeminiProviderDescriptor.swift
+++ b/Sources/CodexBarCore/Providers/Gemini/GeminiProviderDescriptor.swift
@@ -12,8 +12,8 @@ public enum GeminiProviderDescriptor {
                 displayName: "Gemini",
                 sessionLabel: "Pro",
                 weeklyLabel: "Flash",
-                opusLabel: nil,
-                supportsOpus: false,
+                opusLabel: "Flash Lite",
+                supportsOpus: true,
                 supportsCredits: false,
                 creditsHint: "",
                 toggleTitle: "Show Gemini usage",
@@ -22,6 +22,7 @@ public enum GeminiProviderDescriptor {
                 isPrimaryProvider: false,
                 usesAccountFallback: false,
                 dashboardURL: "https://gemini.google.com",
+                changelogURL: "https://github.com/google-gemini/gemini-cli/releases",
                 statusPageURL: nil,
                 statusLinkURL: "https://www.google.com/appsstatus/dashboard/products/npdyhgECDJ6tB66MxXyo/history",
                 statusWorkspaceProductID: "npdyhgECDJ6tB66MxXyo"),
@@ -42,6 +43,8 @@ public enum GeminiProviderDescriptor {
 }
 
 struct GeminiStatusFetchStrategy: ProviderFetchStrategy {
+    static let sourceLabel = "oauth-api"
+
     let id: String = "gemini.api"
     let kind: ProviderFetchKind = .apiToken
 
@@ -54,7 +57,7 @@ struct GeminiStatusFetchStrategy: ProviderFetchStrategy {
         let snap = try await probe.fetch()
         return self.makeResult(
             usage: snap.toUsageSnapshot(),
-            sourceLabel: "api")
+            sourceLabel: Self.sourceLabel)
     }
 
     func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
diff --git a/Sources/CodexBarCore/Providers/Gemini/GeminiStatusProbe+DataLoader.swift b/Sources/CodexBarCore/Providers/Gemini/GeminiStatusProbe+DataLoader.swift
new file mode 100644
index 000000000..502f4960c
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Gemini/GeminiStatusProbe+DataLoader.swift
@@ -0,0 +1,131 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+extension GeminiStatusProbe {
+    public static func defaultDataLoader(for request: URLRequest) async throws -> (Data, URLResponse) {
+        let loader = Self.dataLoaderWithCurlFallback(
+            primary: { request in
+                try await ProviderHTTPClient.shared.data(for: request)
+            },
+            fallback: Self.curlDataLoader)
+        return try await loader(request)
+    }
+
+    public static func dataLoaderWithCurlFallback(
+        primary: @escaping @Sendable (URLRequest) async throws -> (Data, URLResponse),
+        fallback: @escaping @Sendable (URLRequest) async throws -> (Data, URLResponse))
+        -> @Sendable (URLRequest) async throws -> (Data, URLResponse)
+    {
+        { request in
+            do {
+                return try await primary(request)
+            } catch {
+                guard Self.isURLSessionTimeout(error) else {
+                    throw error
+                }
+                CodexBarLog.logger(LogCategories.geminiProbe)
+                    .warning("Gemini URLSession timed out; retrying with curl")
+                return try await fallback(request)
+            }
+        }
+    }
+
+    private static func isURLSessionTimeout(_ error: Error) -> Bool {
+        if let urlError = error as? URLError {
+            return urlError.code == .timedOut
+        }
+
+        let nsError = error as NSError
+        return nsError.domain == NSURLErrorDomain && nsError.code == NSURLErrorTimedOut
+    }
+
+    private static func curlDataLoader(for request: URLRequest) async throws -> (Data, URLResponse) {
+        guard let url = request.url else {
+            throw URLError(.badURL)
+        }
+
+        let fileManager = FileManager.default
+        let tempDir = fileManager.temporaryDirectory
+            .appendingPathComponent("codexbar-gemini-curl-\(UUID().uuidString)", isDirectory: true)
+        try fileManager.createDirectory(
+            at: tempDir,
+            withIntermediateDirectories: true,
+            attributes: [.posixPermissions: 0o700])
+        defer {
+            try? fileManager.removeItem(at: tempDir)
+        }
+
+        let configURL = tempDir.appendingPathComponent("curl.conf")
+        var config = [
+            "silent",
+            "show-error",
+            "location",
+            "url = \(Self.curlConfigQuote(url.absoluteString))",
+            "max-time = \(max(1, Int(ceil(request.timeoutInterval))))",
+        ]
+
+        if let method = request.httpMethod, !method.isEmpty {
+            config.append("request = \(Self.curlConfigQuote(method))")
+        }
+
+        for (name, value) in (request.allHTTPHeaderFields ?? [:]).sorted(by: { $0.key < $1.key }) {
+            let header = "\(name): \(value)"
+            guard !header.contains("\n"), !header.contains("\r") else {
+                throw GeminiStatusProbeError.apiError("Invalid request header")
+            }
+            config.append("header = \(Self.curlConfigQuote(header))")
+        }
+
+        if let body = request.httpBody {
+            let bodyURL = tempDir.appendingPathComponent("body")
+            try body.write(to: bodyURL, options: .atomic)
+            try fileManager.setAttributes([.posixPermissions: 0o600], ofItemAtPath: bodyURL.path)
+            config.append("data-binary = \(Self.curlConfigQuote("@\(bodyURL.path)"))")
+        }
+
+        config.append("write-out = \(Self.curlConfigQuote(Self.curlHTTPStatusMarker + "%{http_code}"))")
+        try config.joined(separator: "\n").write(to: configURL, atomically: true, encoding: .utf8)
+        try fileManager.setAttributes([.posixPermissions: 0o600], ofItemAtPath: configURL.path)
+
+        let result = try await SubprocessRunner.run(
+            binary: "/usr/bin/curl",
+            arguments: ["--config", configURL.path],
+            environment: TTYCommandRunner.enrichedEnvironment(),
+            timeout: max(5, request.timeoutInterval + 2),
+            label: "gemini-api-curl")
+
+        return try Self.parseCurlDataLoaderResult(result.stdout, url: url)
+    }
+
+    private static let curlHTTPStatusMarker = "__CODEXBAR_HTTP_STATUS__:"
+
+    private static func curlConfigQuote(_ value: String) -> String {
+        let escaped = value
+            .replacingOccurrences(of: "\\", with: "\\\\")
+            .replacingOccurrences(of: "\"", with: "\\\"")
+        return "\"\(escaped)\""
+    }
+
+    private static func parseCurlDataLoaderResult(_ output: String, url: URL) throws -> (Data, URLResponse) {
+        guard let markerRange = output.range(of: curlHTTPStatusMarker, options: .backwards) else {
+            throw GeminiStatusProbeError.apiError("curl response missing HTTP status")
+        }
+
+        let body = String(output[..<markerRange.lowerBound])
+        let statusText = output[markerRange.upperBound...]
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+        guard let statusCode = Int(statusText), statusCode > 0,
+              let response = HTTPURLResponse(
+                  url: url,
+                  statusCode: statusCode,
+                  httpVersion: nil,
+                  headerFields: nil)
+        else {
+            throw GeminiStatusProbeError.apiError("curl response had invalid HTTP status")
+        }
+
+        return (Data(body.utf8), response)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Gemini/GeminiStatusProbe.swift b/Sources/CodexBarCore/Providers/Gemini/GeminiStatusProbe.swift
index 509cb03e2..245197072 100644
--- a/Sources/CodexBarCore/Providers/Gemini/GeminiStatusProbe.swift
+++ b/Sources/CodexBarCore/Providers/Gemini/GeminiStatusProbe.swift
@@ -31,12 +31,15 @@ public struct GeminiStatusSnapshot: Sendable {
     }
 
     /// Converts Gemini quotas to a unified UsageSnapshot.
-    /// Groups quotas by tier: Pro (24h window) as primary, Flash (24h window) as secondary.
+    /// Groups quotas by tier: Pro (24h window) as primary, Flash (24h window) as secondary,
+    /// Flash Lite (24h window) as tertiary.
     public func toUsageSnapshot() -> UsageSnapshot {
         let lower = self.modelQuotas.map { ($0.modelId.lowercased(), $0) }
-        let flashQuotas = lower.filter { $0.0.contains("flash") }.map(\.1)
-        let proQuotas = lower.filter { $0.0.contains("pro") }.map(\.1)
+        let flashLiteQuotas = lower.filter { Self.isFlashLiteModel(id: $0.0) }.map(\.1)
+        let flashQuotas = lower.filter { Self.isFlashModel(id: $0.0) }.map(\.1)
+        let proQuotas = lower.filter { Self.isProModel(id: $0.0) }.map(\.1)
 
+        let flashLiteMin = flashLiteQuotas.min(by: { $0.percentLeft < $1.percentLeft })
         let flashMin = flashQuotas.min(by: { $0.percentLeft < $1.percentLeft })
         let proMin = proQuotas.min(by: { $0.percentLeft < $1.percentLeft })
 
@@ -53,6 +56,13 @@ public struct GeminiStatusSnapshot: Sendable {
                 resetsAt: $0.resetTime,
                 resetDescription: $0.resetDescription)
         }
+        let tertiary: RateWindow? = flashLiteMin.map {
+            RateWindow(
+                usedPercent: 100 - $0.percentLeft,
+                windowMinutes: 1440,
+                resetsAt: $0.resetTime,
+                resetDescription: $0.resetDescription)
+        }
 
         let identity = ProviderIdentitySnapshot(
             providerID: .gemini,
@@ -62,9 +72,22 @@ public struct GeminiStatusSnapshot: Sendable {
         return UsageSnapshot(
             primary: primary,
             secondary: secondary,
+            tertiary: tertiary,
             updatedAt: Date(),
             identity: identity)
     }
+
+    private static func isFlashLiteModel(id: String) -> Bool {
+        id.contains("flash-lite")
+    }
+
+    private static func isFlashModel(id: String) -> Bool {
+        id.contains("flash") && !self.isFlashLiteModel(id: id)
+    }
+
+    private static func isProModel(id: String) -> Bool {
+        id.contains("pro")
+    }
 }
 
 public enum GeminiStatusProbeError: LocalizedError, Sendable, Equatable {
@@ -123,9 +146,7 @@ public struct GeminiStatusProbe: Sendable {
     public init(
         timeout: TimeInterval = 10.0,
         homeDirectory: String = NSHomeDirectory(),
-        dataLoader: @escaping @Sendable (URLRequest) async throws -> (Data, URLResponse) = { request in
-            try await URLSession.shared.data(for: request)
-        })
+        dataLoader: @escaping @Sendable (URLRequest) async throws -> (Data, URLResponse) = Self.defaultDataLoader)
     {
         self.timeout = timeout
         self.homeDirectory = homeDirectory
@@ -189,31 +210,36 @@ public struct GeminiStatusProbe: Sendable {
             "now": "\(Date())",
         ])
 
-        guard let storedAccessToken = creds.accessToken, !storedAccessToken.isEmpty else {
-            Self.log.error("No access token found")
-            throw GeminiStatusProbeError.notLoggedIn
-        }
-
-        var accessToken = storedAccessToken
-        if let expiry = creds.expiryDate, expiry < Date() {
-            Self.log.info("Token expired; attempting refresh", metadata: [
-                "expiry": "\(expiry)",
-            ])
+        var accessToken = creds.accessToken?.isEmpty == false ? creds.accessToken : nil
+        var idToken = creds.idToken
+        let needsRefresh = accessToken == nil || creds.expiryDate.map { $0 < Date() } == true
+        if needsRefresh {
+            if accessToken == nil {
+                Self.log.info("No access token found; attempting refresh from stored Gemini credentials")
+            } else if let expiry = creds.expiryDate {
+                Self.log.info("Token expired; attempting refresh", metadata: [
+                    "expiry": "\(expiry)",
+                ])
+            }
 
-            guard let refreshToken = creds.refreshToken else {
+            guard let refreshToken = creds.refreshToken, !refreshToken.isEmpty else {
                 Self.log.error("No refresh token available")
                 throw GeminiStatusProbeError.notLoggedIn
             }
-
             accessToken = try await Self.refreshAccessToken(
                 refreshToken: refreshToken,
                 timeout: timeout,
                 homeDirectory: homeDirectory,
                 dataLoader: dataLoader)
+            idToken = (try? Self.loadCredentials(homeDirectory: homeDirectory).idToken) ?? idToken
+        }
+        guard let accessToken else {
+            Self.log.error("No access token found")
+            throw GeminiStatusProbeError.notLoggedIn
         }
 
         // Extract account info from JWT
-        let claims = Self.extractClaimsFromToken(creds.idToken)
+        let claims = Self.extractClaimsFromToken(idToken)
 
         // Load Code Assist status to get project ID and tier (aligned with CLI setupUser logic)
         let caStatus = await Self.loadCodeAssistStatus(
@@ -337,7 +363,7 @@ public struct GeminiStatusProbe: Sendable {
         return nil
     }
 
-    private struct CodeAssistStatus: Sendable {
+    private struct CodeAssistStatus {
         let tier: GeminiUserTierId?
         let projectId: String?
 
@@ -452,20 +478,311 @@ public struct GeminiStatusProbe: Sendable {
         }
 
         // Resolve symlinks to find the actual installation
-        let fm = FileManager.default
-        var realPath = geminiPath
-        if let resolved = try? fm.destinationOfSymbolicLink(atPath: geminiPath) {
-            if resolved.hasPrefix("/") {
-                realPath = resolved
-            } else {
-                realPath = (geminiPath as NSString).deletingLastPathComponent + "/" + resolved
+        let resolvedGeminiPath = URL(fileURLWithPath: geminiPath).resolvingSymlinksInPath().path
+
+        // Try the legacy layouts first — they're cheap file reads and cover the common cases
+        // (Homebrew, npm/bun sibling, Nix) without spawning subprocesses or walking the tree.
+        if let credentials = Self.extractOAuthCredentialsFromLegacyPaths(realGeminiPath: resolvedGeminiPath) {
+            return credentials
+        }
+
+        // For fnm-managed installs, ask fnm where the package lives
+        if Self.isLikelyFnmManagedPath(geminiPath) || Self.isLikelyFnmManagedPath(resolvedGeminiPath),
+           let fnmPath = TTYCommandRunner.which("fnm"),
+           let packageRoot = Self.resolveGeminiPackageRootViaFnm(fnmPath: fnmPath, environment: env),
+           let credentials = Self.extractOAuthCredentials(fromGeminiPackageRoot: packageRoot)
+        {
+            return credentials
+        }
+
+        // Fall back to walking up the directory tree from the binary
+        if let packageRoot = Self.findGeminiPackageRoot(startingAt: resolvedGeminiPath),
+           let credentials = Self.extractOAuthCredentials(fromGeminiPackageRoot: packageRoot)
+        {
+            return credentials
+        }
+
+        return nil
+    }
+
+    private static func isLikelyFnmManagedPath(_ path: String) -> Bool {
+        let normalized = path.replacingOccurrences(of: "\\", with: "/")
+        return normalized.contains("/fnm_multishells/")
+            || (normalized.contains("/node-versions/") && normalized.contains("/fnm/"))
+    }
+
+    private static func resolveGeminiPackageRootViaFnm(
+        fnmPath: String,
+        environment: [String: String]) -> String?
+    {
+        guard let currentVersion = runProcess(
+            executable: fnmPath,
+            arguments: ["current"],
+            environment: environment,
+            timeout: 2.0),
+            !currentVersion.isEmpty
+        else {
+            return nil
+        }
+
+        // Prefer npm root -g because require.resolve searches from the current
+        // working directory and often fails for globally-installed packages.
+        if let npmRoot = runProcess(
+            executable: fnmPath,
+            arguments: [
+                "exec",
+                "--using",
+                currentVersion,
+                "npm",
+                "root",
+                "-g",
+            ],
+            environment: environment,
+            timeout: 4.0),
+            !npmRoot.isEmpty
+        {
+            let packageRoot = "\(npmRoot)/@google/gemini-cli"
+            let packageJSONPath = "\(packageRoot)/package.json"
+            if FileManager.default.fileExists(atPath: packageJSONPath) {
+                return packageRoot
+            }
+        }
+
+        // Fallback for non-npm global installations.
+        if let packageJSONPath = runProcess(
+            executable: fnmPath,
+            arguments: [
+                "exec",
+                "--using",
+                currentVersion,
+                "node",
+                "-p",
+                "require.resolve('@google/gemini-cli/package.json')",
+            ],
+            environment: environment,
+            timeout: 4.0),
+            !packageJSONPath.isEmpty
+        {
+            return (packageJSONPath as NSString).deletingLastPathComponent
+        }
+
+        return nil
+    }
+
+    private static func runProcess(
+        executable: String,
+        arguments: [String],
+        environment: [String: String],
+        timeout: TimeInterval) -> String?
+    {
+        let process = Process()
+        process.executableURL = URL(fileURLWithPath: executable)
+        process.arguments = arguments
+
+        var mergedEnvironment = environment
+        mergedEnvironment["PATH"] = PathBuilder.effectivePATH(
+            purposes: [.tty, .nodeTooling],
+            env: environment,
+            loginPATH: LoginShellPathCache.shared.current)
+        process.environment = mergedEnvironment
+
+        let stdout = Pipe()
+        process.standardOutput = stdout
+        process.standardError = Pipe()
+        process.standardInput = nil
+
+        let exitSemaphore = DispatchSemaphore(value: 0)
+        process.terminationHandler = { _ in
+            exitSemaphore.signal()
+        }
+
+        do {
+            try process.run()
+        } catch {
+            return nil
+        }
+
+        let didExit = exitSemaphore.wait(timeout: .now() + timeout) == .success
+        if !didExit {
+            if process.isRunning {
+                process.terminate()
+                _ = exitSemaphore.wait(timeout: .now() + 0.5)
+            }
+            return nil
+        }
+
+        let data = stdout.fileHandleForReading.readDataToEndOfFile()
+        guard process.terminationStatus == 0,
+              let output = String(data: data, encoding: .utf8)?
+                  .trimmingCharacters(in: .whitespacesAndNewlines),
+                  !output.isEmpty
+        else {
+            return nil
+        }
+
+        return output.components(separatedBy: .newlines).first?
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+
+    private static func findGeminiPackageRoot(startingAt path: String) -> String? {
+        let fileManager = FileManager.default
+        var currentURL = URL(fileURLWithPath: path).standardizedFileURL
+
+        var isDirectory: ObjCBool = false
+        if !fileManager.fileExists(atPath: currentURL.path, isDirectory: &isDirectory) || !isDirectory.boolValue {
+            currentURL.deleteLastPathComponent()
+        }
+
+        // Bound the walk so an unrelated Gemini install elsewhere on the host
+        // (e.g. a global npm/brew install unrelated to the resolved binary) can't
+        // contaminate discovery started from the actual binary path.
+        let maxAscents = 8
+        for _ in 0...maxAscents {
+            let packageJSONURL = currentURL.appendingPathComponent("package.json")
+            if let data = try? Data(contentsOf: packageJSONURL),
+               let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
+               json["name"] as? String == "@google/gemini-cli"
+            {
+                return currentURL.path
+            }
+
+            // Also check for a global Node installation layout:
+            // <current>/lib/node_modules/@google/gemini-cli/package.json
+            let globalPackageJSONURL = currentURL
+                .appendingPathComponent("lib")
+                .appendingPathComponent("node_modules")
+                .appendingPathComponent("@google")
+                .appendingPathComponent("gemini-cli")
+                .appendingPathComponent("package.json")
+            if let data = try? Data(contentsOf: globalPackageJSONURL),
+               let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
+               json["name"] as? String == "@google/gemini-cli"
+            {
+                return globalPackageJSONURL.deletingLastPathComponent().path
+            }
+
+            // Homebrew layout:
+            // <cellar-version>/libexec/lib/node_modules/@google/gemini-cli/package.json
+            let homebrewPackageJSONURL = currentURL
+                .appendingPathComponent("libexec")
+                .appendingPathComponent("lib")
+                .appendingPathComponent("node_modules")
+                .appendingPathComponent("@google")
+                .appendingPathComponent("gemini-cli")
+                .appendingPathComponent("package.json")
+            if let data = try? Data(contentsOf: homebrewPackageJSONURL),
+               let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
+               json["name"] as? String == "@google/gemini-cli"
+            {
+                return homebrewPackageJSONURL.deletingLastPathComponent().path
+            }
+
+            let parentURL = currentURL.deletingLastPathComponent()
+            if parentURL.path == currentURL.path {
+                return nil
+            }
+            currentURL = parentURL
+        }
+
+        return nil
+    }
+
+    private static func extractOAuthCredentials(fromGeminiPackageRoot packageRoot: String) -> OAuthClientCredentials? {
+        // Check the standard distributed file first, then any sibling core package
+        let oauthFile = "dist/src/code_assist/oauth2.js"
+        let candidatePaths = [
+            "\(packageRoot)/\(oauthFile)",
+            "\(packageRoot)/node_modules/@google/gemini-cli-core/\(oauthFile)",
+        ]
+
+        for path in candidatePaths {
+            if let content = try? String(contentsOfFile: path, encoding: .utf8),
+               let credentials = Self.parseOAuthCredentials(from: content)
+            {
+                return credentials
+            }
+        }
+
+        return Self.extractOAuthCredentialsFromBundle(packageRoot: packageRoot)
+    }
+
+    private static func extractOAuthCredentialsFromBundle(packageRoot: String) -> OAuthClientCredentials? {
+        let bundleRoot = URL(fileURLWithPath: packageRoot).appendingPathComponent("bundle", isDirectory: true)
+        let entryURL = bundleRoot.appendingPathComponent("gemini.js")
+
+        guard FileManager.default.fileExists(atPath: entryURL.path) else {
+            return nil
+        }
+
+        var pendingURLs = [entryURL]
+        var visitedPaths = Set<String>()
+
+        while !pendingURLs.isEmpty {
+            let currentURL = pendingURLs.removeFirst()
+            let standardizedPath = currentURL.standardizedFileURL.path
+            guard visitedPaths.insert(standardizedPath).inserted,
+                  let content = try? String(contentsOf: currentURL, encoding: .utf8)
+            else {
+                continue
             }
+
+            if let credentials = Self.parseOAuthCredentials(from: content) {
+                return credentials
+            }
+
+            let imports = Self.extractRelativeJavaScriptImports(from: content)
+            for importPath in imports {
+                let nextURL = URL(fileURLWithPath: importPath, relativeTo: currentURL.deletingLastPathComponent())
+                    .standardizedFileURL
+                guard nextURL.path.hasPrefix(bundleRoot.path) else { continue }
+                pendingURLs.append(nextURL)
+            }
+        }
+
+        guard let bundleFiles = try? FileManager.default.contentsOfDirectory(
+            at: bundleRoot,
+            includingPropertiesForKeys: nil,
+            options: [.skipsHiddenFiles])
+        else {
+            return nil
         }
 
-        // Navigate from bin/gemini to the oauth2.js file
-        // Homebrew path: .../libexec/lib/node_modules/@google/gemini-cli/node_modules/@google/gemini-cli-core/dist/src/code_assist/oauth2.js
-        // Bun/npm path: .../node_modules/@google/gemini-cli-core/dist/src/code_assist/oauth2.js (sibling package)
-        let binDir = (realPath as NSString).deletingLastPathComponent
+        for url in bundleFiles where url.pathExtension == "js" && !visitedPaths.contains(url.standardizedFileURL.path) {
+            guard let content = try? String(contentsOf: url, encoding: .utf8) else { continue }
+            if let credentials = Self.parseOAuthCredentials(from: content) {
+                return credentials
+            }
+        }
+
+        return nil
+    }
+
+    private static func extractRelativeJavaScriptImports(from content: String) -> [String] {
+        let patterns = [
+            #"(?:import|export)\s+(?:[^;]*?\s+from\s+)?[\"'](\./[^\"']+\.js)[\"']"#,
+            #"import\(\s*[\"'](\./[^\"']+\.js)[\"']\s*\)"#,
+        ]
+
+        var discoveredPaths: [String] = []
+        var seen = Set<String>()
+        let fullRange = NSRange(content.startIndex..., in: content)
+
+        for pattern in patterns {
+            guard let regex = try? NSRegularExpression(pattern: pattern) else { continue }
+            for match in regex.matches(in: content, range: fullRange) {
+                guard let range = Range(match.range(at: 1), in: content) else { continue }
+                let path = String(content[range])
+                if seen.insert(path).inserted {
+                    discoveredPaths.append(path)
+                }
+            }
+        }
+
+        return discoveredPaths
+    }
+
+    private static func extractOAuthCredentialsFromLegacyPaths(realGeminiPath: String) -> OAuthClientCredentials? {
+        let binDir = (realGeminiPath as NSString).deletingLastPathComponent
         let baseDir = (binDir as NSString).deletingLastPathComponent
 
         let oauthSubpath =
@@ -486,8 +803,10 @@ public struct GeminiStatusProbe: Sendable {
         ]
 
         for path in possiblePaths {
-            if let content = try? String(contentsOfFile: path, encoding: .utf8) {
-                return self.parseOAuthCredentials(from: content)
+            if let content = try? String(contentsOfFile: path, encoding: .utf8),
+               let credentials = Self.parseOAuthCredentials(from: content)
+            {
+                return credentials
             }
         }
 
@@ -495,9 +814,9 @@ public struct GeminiStatusProbe: Sendable {
     }
 
     private static func parseOAuthCredentials(from content: String) -> OAuthClientCredentials? {
-        // Match: const OAUTH_CLIENT_ID = '...';
-        let clientIdPattern = #"OAUTH_CLIENT_ID\s*=\s*['"]([\w\-\.]+)['"]\s*;"#
-        let secretPattern = #"OAUTH_CLIENT_SECRET\s*=\s*['"]([\w\-]+)['"]\s*;"#
+        // Match: const/let/var OAUTH_CLIENT_ID = '...';
+        let clientIdPattern = #"(?:const|let|var)?\s*OAUTH_CLIENT_ID\s*=\s*['"]([\w\-\.]+)['"]\s*;"#
+        let secretPattern = #"(?:const|let|var)?\s*OAUTH_CLIENT_SECRET\s*=\s*['"]([\w\-]+)['"]\s*;"#
 
         guard let clientIdRegex = try? NSRegularExpression(pattern: clientIdPattern),
               let secretRegex = try? NSRegularExpression(pattern: secretPattern)
diff --git a/Sources/CodexBarCore/Providers/Grok/GrokAuth.swift b/Sources/CodexBarCore/Providers/Grok/GrokAuth.swift
new file mode 100644
index 000000000..9544808d1
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Grok/GrokAuth.swift
@@ -0,0 +1,188 @@
+import Foundation
+
+public struct GrokCredentials: Sendable {
+    public let accessToken: String
+    public let refreshToken: String?
+    public let scope: String
+    public let authMode: String?
+    public let userId: String?
+    public let email: String?
+    public let firstName: String?
+    public let lastName: String?
+    public let teamId: String?
+    public let oidcIssuer: String?
+    public let oidcClientId: String?
+    public let expiresAt: Date?
+    public let createTime: Date?
+
+    public init(
+        accessToken: String,
+        refreshToken: String?,
+        scope: String,
+        authMode: String?,
+        userId: String?,
+        email: String?,
+        firstName: String?,
+        lastName: String?,
+        teamId: String?,
+        oidcIssuer: String?,
+        oidcClientId: String?,
+        expiresAt: Date?,
+        createTime: Date?)
+    {
+        self.accessToken = accessToken
+        self.refreshToken = refreshToken
+        self.scope = scope
+        self.authMode = authMode
+        self.userId = userId
+        self.email = email
+        self.firstName = firstName
+        self.lastName = lastName
+        self.teamId = teamId
+        self.oidcIssuer = oidcIssuer
+        self.oidcClientId = oidcClientId
+        self.expiresAt = expiresAt
+        self.createTime = createTime
+    }
+
+    public var displayName: String? {
+        let parts = [self.firstName, self.lastName].compactMap { $0?.nilIfEmpty }
+        guard !parts.isEmpty else { return nil }
+        return parts.joined(separator: " ")
+    }
+
+    public var isExpired: Bool {
+        guard let expiresAt else { return false }
+        return Date() >= expiresAt
+    }
+
+    public var loginMethod: String? {
+        switch self.authMode?.lowercased() {
+        case "oidc": "SuperGrok"
+        case "session": "session"
+        case nil: nil
+        default: self.authMode
+        }
+    }
+}
+
+public enum GrokCredentialsError: LocalizedError, Sendable {
+    case notFound
+    case decodeFailed(String)
+    case missingTokens
+
+    public var errorDescription: String? {
+        switch self {
+        case .notFound:
+            "Grok auth.json not found. Run `grok login` to authenticate."
+        case let .decodeFailed(message):
+            "Failed to decode Grok credentials: \(message)"
+        case .missingTokens:
+            "Grok auth.json exists but contains no access tokens."
+        }
+    }
+}
+
+public enum GrokCredentialsStore {
+    /// Top-level OIDC scope used by `grok login` for SuperGrok subscribers.
+    public static let oidcScopePrefix = "https://auth.x.ai::"
+    /// Legacy/session scope used by older `grok login` flows.
+    public static let legacySessionScope = "https://accounts.x.ai/sign-in"
+
+    public static func grokHomeURL(
+        env: [String: String] = ProcessInfo.processInfo.environment,
+        fileManager: FileManager = .default) -> URL
+    {
+        if let custom = env["GROK_HOME"]?.nilIfEmpty {
+            return URL(fileURLWithPath: (custom as NSString).expandingTildeInPath)
+        }
+        let home = fileManager.homeDirectoryForCurrentUser
+        return home.appendingPathComponent(".grok", isDirectory: true)
+    }
+
+    public static func authFileURL(
+        env: [String: String] = ProcessInfo.processInfo.environment,
+        fileManager: FileManager = .default) -> URL
+    {
+        self.grokHomeURL(env: env, fileManager: fileManager).appendingPathComponent("auth.json")
+    }
+
+    public static func load(env: [String: String] = ProcessInfo.processInfo.environment) throws -> GrokCredentials {
+        let url = self.authFileURL(env: env)
+        guard FileManager.default.fileExists(atPath: url.path) else {
+            throw GrokCredentialsError.notFound
+        }
+        let data = try Data(contentsOf: url)
+        return try self.parse(data: data)
+    }
+
+    public static func parse(data: Data) throws -> GrokCredentials {
+        let raw: Any
+        do {
+            raw = try JSONSerialization.jsonObject(with: data)
+        } catch {
+            throw GrokCredentialsError.decodeFailed(error.localizedDescription)
+        }
+        guard let root = raw as? [String: Any] else {
+            throw GrokCredentialsError.decodeFailed("Invalid JSON (expected object at root)")
+        }
+
+        // `auth.json` is a map keyed by scope URL. Prefer the OIDC scope (SuperGrok),
+        // fall back to the legacy session scope.
+        let preferredEntry = Self.selectPreferredEntry(in: root)
+        guard let (scope, entry) = preferredEntry else {
+            throw GrokCredentialsError.missingTokens
+        }
+        guard let key = entry["key"] as? String, !key.isEmpty else {
+            throw GrokCredentialsError.missingTokens
+        }
+
+        return GrokCredentials(
+            accessToken: key,
+            refreshToken: (entry["refresh_token"] as? String)?.nilIfEmpty,
+            scope: scope,
+            authMode: (entry["auth_mode"] as? String)?.nilIfEmpty,
+            userId: (entry["user_id"] as? String)?.nilIfEmpty,
+            email: (entry["email"] as? String)?.nilIfEmpty,
+            firstName: (entry["first_name"] as? String)?.nilIfEmpty,
+            lastName: (entry["last_name"] as? String)?.nilIfEmpty,
+            teamId: (entry["team_id"] as? String)?.nilIfEmpty,
+            oidcIssuer: (entry["oidc_issuer"] as? String)?.nilIfEmpty,
+            oidcClientId: (entry["oidc_client_id"] as? String)?.nilIfEmpty,
+            expiresAt: Self.parseDate(entry["expires_at"]),
+            createTime: Self.parseDate(entry["create_time"]))
+    }
+
+    private static func selectPreferredEntry(in root: [String: Any]) -> (scope: String, entry: [String: Any])? {
+        var oidcCandidate: (String, [String: Any])?
+        var legacyCandidate: (String, [String: Any])?
+        for (scope, value) in root {
+            guard let entry = value as? [String: Any] else { continue }
+            // Only accept entries that actually carry a usable bearer token. A
+            // stale/partial OIDC record (key missing or empty) must not shadow a
+            // healthy legacy session entry.
+            guard let key = entry["key"] as? String, !key.isEmpty else { continue }
+            if scope.hasPrefix(self.oidcScopePrefix) {
+                oidcCandidate = (scope, entry)
+            } else if scope == self.legacySessionScope || scope.contains("/sign-in") {
+                legacyCandidate = (scope, entry)
+            }
+        }
+        return oidcCandidate ?? legacyCandidate
+    }
+
+    private static func parseDate(_ raw: Any?) -> Date? {
+        guard let value = raw as? String, !value.isEmpty else { return nil }
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        if let date = formatter.date(from: value) { return date }
+        formatter.formatOptions = [.withInternetDateTime]
+        return formatter.date(from: value)
+    }
+}
+
+extension String {
+    fileprivate var nilIfEmpty: String? {
+        self.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty ? nil : self
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Grok/GrokCookieImporter.swift b/Sources/CodexBarCore/Providers/Grok/GrokCookieImporter.swift
new file mode 100644
index 000000000..2efd4ee21
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Grok/GrokCookieImporter.swift
@@ -0,0 +1,213 @@
+import Foundation
+
+#if os(macOS)
+import SweetCookieKit
+
+public enum GrokCookieImporter {
+    private static let importSessionCacheTTL: TimeInterval = 5
+    private static let importSessionCache = ImportSessionCache(ttl: importSessionCacheTTL)
+    private static let log = CodexBarLog.logger(LogCategories.providers)
+    private static let cookieClient = BrowserCookieClient()
+    private static let cookieDomains = ["grok.com"]
+    private static let cookieImportOrder: BrowserCookieImportOrder =
+        ProviderDefaults.metadata[.grok]?.browserCookieOrder ?? Browser.defaultImportOrder
+
+    public struct SessionInfo: Sendable {
+        public let cookies: [HTTPCookie]
+        public let sourceLabel: String
+
+        public init(cookies: [HTTPCookie], sourceLabel: String) {
+            self.cookies = cookies
+            self.sourceLabel = sourceLabel
+        }
+
+        public var cookieHeader: String {
+            self.cookies.map { "\($0.name)=\($0.value)" }.joined(separator: "; ")
+        }
+    }
+
+    public static func importSessions(
+        browserDetection: BrowserDetection = BrowserDetection(),
+        logger: ((String) -> Void)? = nil) throws -> [SessionInfo]
+    {
+        if let cached = self.cachedImportSessions() {
+            return cached
+        }
+
+        var sessions: [SessionInfo] = []
+        let candidates = self.cookieImportOrder.cookieImportCandidates(using: browserDetection)
+        for browserSource in candidates {
+            do {
+                let perSource = try self.importSessions(from: browserSource, logger: logger)
+                sessions.append(contentsOf: perSource)
+            } catch {
+                BrowserCookieAccessGate.recordIfNeeded(error)
+                self.emit(
+                    "\(browserSource.displayName) cookie import failed: \(error.localizedDescription)",
+                    logger: logger)
+            }
+        }
+
+        guard !sessions.isEmpty else { throw GrokWebBillingError.missingCredentials }
+        self.storeImportSessions(sessions)
+        return sessions
+    }
+
+    public static func importSessions(
+        from browserSource: Browser,
+        logger: ((String) -> Void)? = nil) throws -> [SessionInfo]
+    {
+        let query = BrowserCookieQuery(domains: self.cookieDomains)
+        let log: (String) -> Void = { msg in self.emit(msg, logger: logger) }
+        let sources = try Self.cookieClient.codexBarRecords(
+            matching: query,
+            in: browserSource,
+            logger: log)
+
+        var sessions: [SessionInfo] = []
+        let grouped = Dictionary(grouping: sources, by: { $0.store.profile.id })
+        let sortedGroups = grouped.values.sorted { lhs, rhs in
+            self.mergedLabel(for: lhs) < self.mergedLabel(for: rhs)
+        }
+
+        for group in sortedGroups where !group.isEmpty {
+            let label = self.mergedLabel(for: group)
+            let mergedRecords = self.mergeRecords(group)
+            guard mergedRecords.contains(where: { $0.name == "sso" || $0.name == "sso-rw" }) else { continue }
+            let httpCookies = BrowserCookieClient.makeHTTPCookies(mergedRecords, origin: query.origin)
+            guard !httpCookies.isEmpty else { continue }
+            log("Found Grok session cookies in \(label)")
+            sessions.append(SessionInfo(cookies: httpCookies, sourceLabel: label))
+        }
+        return sessions
+    }
+
+    public static func importSession(
+        browserDetection: BrowserDetection = BrowserDetection(),
+        logger: ((String) -> Void)? = nil) throws -> SessionInfo
+    {
+        let sessions = try self.importSessions(browserDetection: browserDetection, logger: logger)
+        guard let first = sessions.first else { throw GrokWebBillingError.missingCredentials }
+        return first
+    }
+
+    public static func hasSession(
+        browserDetection: BrowserDetection = BrowserDetection(),
+        logger: ((String) -> Void)? = nil) -> Bool
+    {
+        do {
+            _ = try self.importSession(browserDetection: browserDetection, logger: logger)
+            return true
+        } catch {
+            return false
+        }
+    }
+
+    static func invalidateImportSessionCache() {
+        self.importSessionCache.invalidate()
+    }
+
+    private static func emit(_ message: String, logger: ((String) -> Void)?) {
+        logger?("[grok-cookie] \(message)")
+        self.log.debug("\(message)")
+    }
+
+    private static func cachedImportSessions(now: Date = Date()) -> [SessionInfo]? {
+        self.importSessionCache.load(now: now)
+    }
+
+    private static func storeImportSessions(_ sessions: [SessionInfo], now: Date = Date()) {
+        self.importSessionCache.store(sessions, now: now)
+    }
+
+    private static func mergedLabel(for sources: [BrowserCookieStoreRecords]) -> String {
+        guard let base = sources.map(\.label).min() else { return "Unknown" }
+        if base.hasSuffix(" (Network)") {
+            return String(base.dropLast(" (Network)".count))
+        }
+        return base
+    }
+
+    private static func mergeRecords(_ sources: [BrowserCookieStoreRecords]) -> [BrowserCookieRecord] {
+        let sortedSources = sources.sorted { lhs, rhs in
+            self.storePriority(lhs.store.kind) < self.storePriority(rhs.store.kind)
+        }
+        var mergedByKey: [String: BrowserCookieRecord] = [:]
+        for source in sortedSources {
+            for record in source.records {
+                let key = self.recordKey(record)
+                if let existing = mergedByKey[key] {
+                    if self.shouldReplace(existing: existing, candidate: record) {
+                        mergedByKey[key] = record
+                    }
+                } else {
+                    mergedByKey[key] = record
+                }
+            }
+        }
+        return Array(mergedByKey.values)
+    }
+
+    private static func storePriority(_ kind: BrowserCookieStoreKind) -> Int {
+        switch kind {
+        case .network: 0
+        case .primary: 1
+        case .safari: 2
+        }
+    }
+
+    private static func recordKey(_ record: BrowserCookieRecord) -> String {
+        "\(record.name)|\(record.domain)|\(record.path)"
+    }
+
+    private static func shouldReplace(existing: BrowserCookieRecord, candidate: BrowserCookieRecord) -> Bool {
+        switch (existing.expires, candidate.expires) {
+        case let (lhs?, rhs?): rhs > lhs
+        case (nil, .some): true
+        case (.some, nil): false
+        case (nil, nil): false
+        }
+    }
+
+    private final class ImportSessionCache: @unchecked Sendable {
+        private let ttl: TimeInterval
+        private let lock = NSLock()
+        private var entry: (sessions: [SessionInfo], expiresAt: Date)?
+
+        init(ttl: TimeInterval) {
+            self.ttl = ttl
+        }
+
+        func load(now: Date) -> [SessionInfo]? {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            guard let entry = self.entry, entry.expiresAt > now else {
+                self.entry = nil
+                return nil
+            }
+            return entry.sessions
+        }
+
+        func store(_ sessions: [SessionInfo], now: Date) {
+            self.lock.lock()
+            self.entry = (sessions, now.addingTimeInterval(self.ttl))
+            self.lock.unlock()
+        }
+
+        func invalidate() {
+            self.lock.lock()
+            self.entry = nil
+            self.lock.unlock()
+        }
+    }
+}
+#else
+public enum GrokCookieImporter {
+    public static func hasSession(
+        browserDetection _: BrowserDetection = BrowserDetection(),
+        logger _: ((String) -> Void)? = nil) -> Bool
+    {
+        false
+    }
+}
+#endif
diff --git a/Sources/CodexBarCore/Providers/Grok/GrokLocalSessionScanner.swift b/Sources/CodexBarCore/Providers/Grok/GrokLocalSessionScanner.swift
new file mode 100644
index 000000000..c5b1afded
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Grok/GrokLocalSessionScanner.swift
@@ -0,0 +1,100 @@
+import Foundation
+
+/// Aggregated stats from local `~/.grok/sessions/**/signals.json` files.
+/// Used as a local fallback view when the JSON-RPC billing call is unavailable.
+public struct GrokLocalSessionSummary: Sendable {
+    public let sessionCount: Int
+    public let totalTokens: Int
+    public let lastSessionAt: Date?
+    public let primaryModel: String?
+    public let models: [String]
+
+    public init(
+        sessionCount: Int,
+        totalTokens: Int,
+        lastSessionAt: Date?,
+        primaryModel: String?,
+        models: [String])
+    {
+        self.sessionCount = sessionCount
+        self.totalTokens = totalTokens
+        self.lastSessionAt = lastSessionAt
+        self.primaryModel = primaryModel
+        self.models = models
+    }
+}
+
+public enum GrokLocalSessionScanner {
+    public static let defaultLookbackDays = 30
+
+    /// Walk `~/.grok/sessions/<encoded_cwd>/<session_id>/signals.json` and aggregate stats.
+    public static func summarize(
+        env: [String: String] = ProcessInfo.processInfo.environment,
+        fileManager: FileManager = .default,
+        lookbackDays: Int = defaultLookbackDays,
+        now: Date = .init()) -> GrokLocalSessionSummary
+    {
+        let root = GrokCredentialsStore.grokHomeURL(env: env, fileManager: fileManager)
+            .appendingPathComponent("sessions", isDirectory: true)
+        guard let rootEnum = fileManager.enumerator(
+            at: root,
+            includingPropertiesForKeys: [.contentModificationDateKey, .isDirectoryKey],
+            options: [.skipsHiddenFiles])
+        else {
+            return GrokLocalSessionSummary(
+                sessionCount: 0,
+                totalTokens: 0,
+                lastSessionAt: nil,
+                primaryModel: nil,
+                models: [])
+        }
+
+        let lookbackCutoff = Calendar.current.date(byAdding: .day, value: -lookbackDays, to: now) ?? now
+        var sessionCount = 0
+        var totalTokens = 0
+        var lastSessionAt: Date?
+        var modelCounts: [String: Int] = [:]
+
+        while let url = rootEnum.nextObject() as? URL {
+            guard url.lastPathComponent == "signals.json" else { continue }
+            let attrs = try? url.resourceValues(forKeys: [.contentModificationDateKey])
+            let mtime = attrs?.contentModificationDate ?? Date.distantPast
+            guard mtime >= lookbackCutoff else { continue }
+
+            guard let data = try? Data(contentsOf: url),
+                  let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any]
+            else { continue }
+
+            sessionCount += 1
+            let beforeCompaction = (json["totalTokensBeforeCompaction"] as? Int) ?? 0
+            let contextUsed = (json["contextTokensUsed"] as? Int) ?? 0
+            totalTokens += beforeCompaction + contextUsed
+
+            if mtime > (lastSessionAt ?? Date.distantPast) {
+                lastSessionAt = mtime
+            }
+
+            if let primary = (json["primaryModelId"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines),
+               !primary.isEmpty
+            {
+                modelCounts[primary, default: 0] += 1
+            }
+            if let models = json["modelsUsed"] as? [String] {
+                for model in models {
+                    let trimmed = model.trimmingCharacters(in: .whitespacesAndNewlines)
+                    if !trimmed.isEmpty {
+                        modelCounts[trimmed, default: 0] += 1
+                    }
+                }
+            }
+        }
+
+        let sortedModels = modelCounts.sorted { $0.value > $1.value }.map(\.key)
+        return GrokLocalSessionSummary(
+            sessionCount: sessionCount,
+            totalTokens: totalTokens,
+            lastSessionAt: lastSessionAt,
+            primaryModel: sortedModels.first,
+            models: sortedModels)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Grok/GrokProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Grok/GrokProviderDescriptor.swift
new file mode 100644
index 000000000..a2d6e8b76
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Grok/GrokProviderDescriptor.swift
@@ -0,0 +1,197 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum GrokProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .grok,
+            metadata: ProviderMetadata(
+                id: .grok,
+                displayName: "Grok",
+                sessionLabel: "Credits",
+                weeklyLabel: "On-demand",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show Grok usage",
+                cliName: "grok",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: ProviderBrowserCookieDefaults.grokCookieImportOrder,
+                dashboardURL: "https://grok.com/?_s=usage",
+                changelogURL: "https://x.ai/news",
+                statusPageURL: nil,
+                statusLinkURL: "https://status.x.ai"),
+            branding: ProviderBranding(
+                iconStyle: .grok,
+                iconResourceName: "ProviderIcon-grok",
+                color: ProviderColor(red: 16 / 255, green: 163 / 255, blue: 127 / 255)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "Grok cost summary is not supported yet." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .cli, .web],
+                pipeline: ProviderFetchPipeline(resolveStrategies: self.resolveStrategies)),
+            cli: ProviderCLIConfig(
+                name: "grok",
+                versionDetector: { _ in GrokStatusProbe.detectVersion() }))
+    }
+
+    private static func resolveStrategies(context: ProviderFetchContext) async -> [any ProviderFetchStrategy] {
+        switch context.sourceMode {
+        case .auto:
+            [GrokCLIFetchStrategy(), GrokWebFetchStrategy()]
+        case .cli:
+            [GrokCLIFetchStrategy()]
+        case .web:
+            [GrokWebFetchStrategy()]
+        case .api, .oauth:
+            []
+        }
+    }
+
+    /// Returns a contextual label for Grok's primary usage bar ("Weekly" or "Monthly").
+    /// Prefer the billing period duration when available; fall back to reset distance for
+    /// web billing payloads that expose only a reset timestamp.
+    public static func primaryLabel(window: RateWindow?, now: Date = .now) -> String? {
+        if let minutes = window?.windowMinutes {
+            return self.primaryLabel(duration: TimeInterval(minutes) * 60)
+        }
+        return self.primaryLabel(resetsAt: window?.resetsAt, now: now)
+    }
+
+    public static func primaryLabel(resetsAt: Date?, now: Date = .now) -> String? {
+        guard let resetsAt else { return nil }
+        return self.primaryLabel(duration: resetsAt.timeIntervalSince(now))
+    }
+
+    private static func primaryLabel(duration seconds: TimeInterval) -> String? {
+        guard seconds > 3600 else { return nil }
+        let days = Int((seconds / 86400).rounded(.toNearestOrAwayFromZero))
+        if (4...12).contains(days) { return "Weekly" }
+        if (20...45).contains(days) { return "Monthly" }
+        return nil
+    }
+}
+
+struct GrokCLIFetchStrategy: ProviderFetchStrategy {
+    let id: String = "grok.cli"
+    let kind: ProviderFetchKind = .cli
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        BinaryLocator.resolveGrokBinary(env: context.env) != nil
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let probe = GrokStatusProbe()
+        let snap = try await probe.fetch(env: context.env)
+        return self.makeResult(
+            usage: snap.toUsageSnapshot(),
+            sourceLabel: "grok-cli")
+    }
+
+    func shouldFallback(on _: Error, context: ProviderFetchContext) -> Bool {
+        context.sourceMode == .auto
+    }
+}
+
+struct GrokWebFetchStrategy: ProviderFetchStrategy {
+    let id: String = "grok.web"
+    let kind: ProviderFetchKind = .web
+
+    static func canImportBrowserCookies(runtime: ProviderRuntime, env: [String: String]) -> Bool {
+        runtime == .app || env["CODEXBAR_ALLOW_BROWSER_COOKIE_IMPORT"] == "1"
+    }
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        #if os(macOS)
+        if Self.canImportBrowserCookies(runtime: context.runtime, env: context.env),
+           GrokCookieImporter.hasSession(browserDetection: context.browserDetection)
+        {
+            return true
+        }
+        #endif
+        return FileManager.default.fileExists(atPath: GrokCredentialsStore.authFileURL(env: context.env).path)
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let (webBilling, sourceLabel, authenticatedByAuthFile) = try await self.fetchWebBilling(context: context)
+        let credentials = Self.credentialsForWebBillingSnapshot(
+            credentials: try? GrokCredentialsStore.load(env: context.env),
+            authenticatedByAuthFile: authenticatedByAuthFile)
+        let snapshot = GrokUsageSnapshot(
+            billing: nil,
+            webBilling: webBilling,
+            credentials: GrokStatusProbe.credentialsForSnapshot(
+                credentials: credentials,
+                billing: nil,
+                webBilling: webBilling),
+            localSummary: GrokLocalSessionScanner.summarize(env: context.env),
+            cliVersion: GrokStatusProbe.detectVersion(env: context.env),
+            updatedAt: Date())
+        return self.makeResult(
+            usage: snapshot.toUsageSnapshot(),
+            sourceLabel: sourceLabel)
+    }
+
+    private func fetchWebBilling(context: ProviderFetchContext) async throws -> (
+        snapshot: GrokWebBillingSnapshot,
+        sourceLabel: String,
+        authenticatedByAuthFile: Bool)
+    {
+        #if os(macOS)
+        if Self.canImportBrowserCookies(runtime: context.runtime, env: context.env) {
+            var lastCookieError: Error?
+            do {
+                let sessions = try GrokCookieImporter.importSessions(browserDetection: context.browserDetection)
+                let (snapshot, sourceLabel) = try await Self.fetchFirstValidCookieSession(sessions)
+                return (snapshot, sourceLabel, false)
+            } catch {
+                lastCookieError = error
+            }
+            if !FileManager.default.fileExists(atPath: GrokCredentialsStore.authFileURL(env: context.env).path) {
+                throw lastCookieError ?? GrokWebBillingError.missingCredentials
+            }
+        }
+        #endif
+
+        let credentials = try GrokCredentialsStore.load(env: context.env)
+        let snapshot = try await GrokWebBillingFetcher.fetch(credentials: credentials)
+        return (snapshot, "grok-web", true)
+    }
+
+    static func credentialsForWebBillingSnapshot(
+        credentials: GrokCredentials?,
+        authenticatedByAuthFile: Bool) -> GrokCredentials?
+    {
+        authenticatedByAuthFile ? credentials : nil
+    }
+
+    #if os(macOS)
+    static func fetchFirstValidCookieSession(
+        _ sessions: [GrokCookieImporter.SessionInfo],
+        fetch: (String) async throws -> GrokWebBillingSnapshot = { cookieHeader in
+            try await GrokWebBillingFetcher.fetch(cookieHeader: cookieHeader)
+        }) async throws -> (GrokWebBillingSnapshot, String)
+    {
+        var lastError: Error?
+        for session in sessions {
+            do {
+                let snapshot = try await fetch(session.cookieHeader)
+                return (snapshot, session.sourceLabel)
+            } catch {
+                lastError = error
+            }
+        }
+        throw lastError ?? GrokWebBillingError.missingCredentials
+    }
+    #endif
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Grok/GrokRPCClient.swift b/Sources/CodexBarCore/Providers/Grok/GrokRPCClient.swift
new file mode 100644
index 000000000..a0feea798
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Grok/GrokRPCClient.swift
@@ -0,0 +1,371 @@
+import Foundation
+
+/// JSON-RPC client for `grok agent stdio` (ACP protocol).
+///
+/// The protocol mirrors Codex's app-server (newline-delimited JSON-RPC 2.0 over stdin/stdout),
+/// but uses `protocolVersion`/`clientCapabilities` for the `initialize` call instead of
+/// `clientInfo`. Billing is fetched via the `x.ai/billing` extension method.
+final class GrokRPCClient: @unchecked Sendable {
+    private static let log = CodexBarLog.logger(LogCategories.grok)
+
+    private let process = Process()
+    private let stdinPipe = Pipe()
+    private let stdoutPipe = Pipe()
+    private let stderrPipe = Pipe()
+    private let initializeTimeoutSeconds: TimeInterval
+    private let requestTimeoutSeconds: TimeInterval
+    private var nextID: Int = 1
+    private let stdoutLineStream: AsyncStream<Data>
+    private let stdoutLineContinuation: AsyncStream<Data>.Continuation
+
+    init(
+        executable: String = "grok",
+        arguments: [String] = ["agent", "stdio"],
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        initializeTimeoutSeconds: TimeInterval = 4.0,
+        requestTimeoutSeconds: TimeInterval = 3.0) throws
+    {
+        self.initializeTimeoutSeconds = initializeTimeoutSeconds
+        self.requestTimeoutSeconds = requestTimeoutSeconds
+        var stdoutContinuation: AsyncStream<Data>.Continuation!
+        self.stdoutLineStream = AsyncStream<Data> { continuation in
+            stdoutContinuation = continuation
+        }
+        self.stdoutLineContinuation = stdoutContinuation
+
+        let resolvedExec = BinaryLocator.resolveGrokBinary(env: environment)
+            ?? TTYCommandRunner.which(executable)
+
+        guard let resolvedExec else {
+            Self.log.warning("Grok RPC binary not found", metadata: ["binary": executable])
+            throw GrokRPCError.binaryNotFound
+        }
+
+        var env = environment
+        env["PATH"] = PathBuilder.effectivePATH(purposes: [.rpc], env: env)
+
+        self.process.environment = env
+        self.process.executableURL = URL(fileURLWithPath: "/usr/bin/env")
+        self.process.arguments = [resolvedExec] + arguments
+        self.process.standardInput = self.stdinPipe
+        self.process.standardOutput = self.stdoutPipe
+        self.process.standardError = self.stderrPipe
+
+        do {
+            try self.process.run()
+            Self.log.debug("Grok RPC started", metadata: ["binary": resolvedExec])
+        } catch {
+            Self.log.warning("Grok RPC failed to start", metadata: ["error": error.localizedDescription])
+            throw GrokRPCError.startFailed(error.localizedDescription)
+        }
+
+        let stdoutHandle = self.stdoutPipe.fileHandleForReading
+        let stdoutLineContinuation = self.stdoutLineContinuation
+        let stdoutBuffer = LineBuffer()
+        stdoutHandle.readabilityHandler = { handle in
+            let data = handle.availableData
+            if data.isEmpty {
+                handle.readabilityHandler = nil
+                stdoutLineContinuation.finish()
+                return
+            }
+            let lines = stdoutBuffer.appendAndDrainLines(data)
+            for lineData in lines {
+                stdoutLineContinuation.yield(lineData)
+            }
+        }
+
+        let stderrHandle = self.stderrPipe.fileHandleForReading
+        stderrHandle.readabilityHandler = { handle in
+            let data = handle.availableData
+            if data.isEmpty {
+                handle.readabilityHandler = nil
+                return
+            }
+            guard let text = String(data: data, encoding: .utf8), !text.isEmpty else { return }
+            for line in text.split(whereSeparator: \.isNewline) {
+                #if !os(Linux)
+                fputs("[grok stderr] \(line)\n", stderr)
+                #endif
+            }
+        }
+    }
+
+    deinit {
+        self.shutdown()
+    }
+
+    func initialize() async throws {
+        let params: [String: Any] = [
+            "protocolVersion": "1",
+            "clientCapabilities": [
+                "fs": ["readTextFile": false, "writeTextFile": false],
+                "terminal": false,
+            ],
+        ]
+        _ = try await self.request(
+            method: "initialize",
+            params: params,
+            timeout: self.initializeTimeoutSeconds)
+    }
+
+    /// Calls `x.ai/billing` and returns the decoded response.
+    func fetchBilling() async throws -> GrokBillingResponse {
+        let message = try await self.request(method: "x.ai/billing", params: [:])
+        return try self.decodeResult(from: message)
+    }
+
+    func shutdown() {
+        if self.process.isRunning {
+            Self.log.debug("Grok RPC stopping")
+            self.process.terminate()
+        }
+    }
+
+    // MARK: - JSON-RPC plumbing (mirrors CodexRPCClient)
+
+    private struct SendableJSONMessage: @unchecked Sendable {
+        let value: [String: Any]
+    }
+
+    private func request(
+        method: String,
+        params: [String: Any]? = nil,
+        timeout: TimeInterval? = nil) async throws -> [String: Any]
+    {
+        let id = self.nextID
+        self.nextID += 1
+        try self.sendRequest(id: id, method: method, params: params)
+
+        let resolvedTimeout = timeout ?? self.requestTimeoutSeconds
+        let wrapped = try await self.withTimeout(seconds: resolvedTimeout, method: method) {
+            while true {
+                let message = try await self.readNextMessage()
+                // Skip notifications (no id) or unrelated responses.
+                if message["id"] == nil { continue }
+                guard let messageID = self.jsonID(message["id"]), messageID == id else { continue }
+                if let error = message["error"] as? [String: Any] {
+                    let messageText = (error["message"] as? String) ?? "unknown JSON-RPC error"
+                    throw GrokRPCError.requestFailed(messageText)
+                }
+                return SendableJSONMessage(value: message)
+            }
+        }
+        return wrapped.value
+    }
+
+    private func withTimeout<T: Sendable>(
+        seconds: TimeInterval,
+        method: String,
+        body: @escaping @Sendable () async throws -> T) async throws -> T
+    {
+        try await withThrowingTaskGroup(of: T.self) { group in
+            group.addTask { try await body() }
+            group.addTask { [weak self] in
+                try await Task.sleep(for: .seconds(seconds))
+                self?.terminateProcessForTimeout(method: method)
+                throw GrokRPCError.timeout(method: method)
+            }
+            do {
+                guard let result = try await group.next() else {
+                    throw GrokRPCError.timeout(method: method)
+                }
+                group.cancelAll()
+                return result
+            } catch {
+                group.cancelAll()
+                throw error
+            }
+        }
+    }
+
+    private func terminateProcessForTimeout(method: String) {
+        if self.process.isRunning {
+            Self.log.warning("Grok RPC timed out on `\(method)`; terminating process")
+            self.process.terminate()
+        }
+    }
+
+    private func sendRequest(id: Int, method: String, params: [String: Any]?) throws {
+        let paramsValue: Any = params ?? [:]
+        let payload: [String: Any] = [
+            "jsonrpc": "2.0",
+            "id": id,
+            "method": method,
+            "params": paramsValue,
+        ]
+        try self.sendPayload(payload)
+    }
+
+    private func sendPayload(_ payload: [String: Any]) throws {
+        let raw = try JSONSerialization.data(withJSONObject: payload)
+        // Foundation's JSONSerialization escapes "/" as "\/" by default. Grok's
+        // ACP server treats the escaped form as a *different* method name (it does
+        // not unescape before lookup), so `x.ai/billing` becomes "Method not found"
+        // when sent as `x.ai\/billing`. Re-encode without slash escapes to match
+        // the on-the-wire shape the grok agent expects.
+        let unescaped = String(data: raw, encoding: .utf8)?
+            .replacingOccurrences(of: "\\/", with: "/")
+        let data = unescaped.flatMap { $0.data(using: .utf8) } ?? raw
+        if let preview = String(data: data.prefix(200), encoding: .utf8) {
+            Self.log.debug("grok rpc -> \(preview)")
+        }
+        self.stdinPipe.fileHandleForWriting.write(data)
+        self.stdinPipe.fileHandleForWriting.write(Data([0x0A]))
+    }
+
+    private func readNextMessage() async throws -> [String: Any] {
+        for await lineData in self.stdoutLineStream {
+            if lineData.isEmpty { continue }
+            if let preview = String(data: lineData.prefix(300), encoding: .utf8) {
+                Self.log.debug("grok rpc <- \(preview)")
+            }
+            if let json = try? JSONSerialization.jsonObject(with: lineData) as? [String: Any] {
+                return json
+            }
+        }
+        throw GrokRPCError.malformed("grok agent stdio closed stdout")
+    }
+
+    private func decodeResult<T: Decodable>(from message: [String: Any]) throws -> T {
+        guard let result = message["result"] else {
+            throw GrokRPCError.malformed("missing result field")
+        }
+        let data = try JSONSerialization.data(withJSONObject: result)
+        let decoder = JSONDecoder()
+        return try decoder.decode(T.self, from: data)
+    }
+
+    private func jsonID(_ value: Any?) -> Int? {
+        switch value {
+        case let int as Int: int
+        case let number as NSNumber: number.intValue
+        default: nil
+        }
+    }
+
+    private final class LineBuffer: @unchecked Sendable {
+        private var buffer = Data()
+        private let lock = NSLock()
+
+        func appendAndDrainLines(_ data: Data) -> [Data] {
+            self.lock.lock()
+            defer { lock.unlock() }
+            self.buffer.append(data)
+            var out: [Data] = []
+            while let newline = self.buffer.firstIndex(of: 0x0A) {
+                let lineData = Data(self.buffer[..<newline])
+                self.buffer.removeSubrange(...newline)
+                if !lineData.isEmpty {
+                    out.append(lineData)
+                }
+            }
+            return out
+        }
+    }
+}
+
+public enum GrokRPCError: LocalizedError, Sendable {
+    case binaryNotFound
+    case startFailed(String)
+    case requestFailed(String)
+    case timeout(method: String)
+    case malformed(String)
+    case notAuthenticated
+
+    public var errorDescription: String? {
+        switch self {
+        case .binaryNotFound:
+            return "Grok CLI not found. Install via `curl -fsSL https://x.ai/cli/install.sh | bash`."
+        case let .startFailed(message):
+            return "Grok CLI failed to start: \(message)"
+        case let .requestFailed(message):
+            // Surface the auth-required hint that billing.rs emits verbatim.
+            if message.localizedCaseInsensitiveContains("authentication required")
+                || message.localizedCaseInsensitiveContains("grok login")
+            {
+                return "Grok billing requires authentication. Run `grok login`."
+            }
+            return "Grok request failed: \(message)"
+        case let .timeout(method):
+            return "Grok RPC timed out on `\(method)`."
+        case let .malformed(message):
+            return "Malformed Grok RPC response: \(message)"
+        case .notAuthenticated:
+            return "Not authenticated to Grok. Run `grok login`."
+        }
+    }
+}
+
+/// Schema for the `x.ai/billing` result.
+///
+/// All monetary amounts (`monthlyLimit`, `onDemandCap`, `includedUsed`, etc.) are
+/// represented as `{ val: <cents> }` in the wire format.
+public struct GrokBillingResponse: Codable, Sendable {
+    public let billingCycle: GrokBillingCycle?
+    public let monthlyLimit: GrokCent?
+    public let onDemandCap: GrokCent?
+    public let onDemandEnabled: Bool?
+    public let disabledByConfig: Bool?
+    public let usage: GrokBillingUsage?
+
+    private enum CodingKeys: String, CodingKey {
+        case billingCycle
+        case monthlyLimit
+        case onDemandCap
+        case onDemandEnabled = "on_demand_enabled"
+        case disabledByConfig
+        case usage
+    }
+}
+
+public struct GrokBillingCycle: Codable, Sendable {
+    public let billingPeriodStart: String?
+    public let billingPeriodEnd: String?
+}
+
+public struct GrokBillingUsage: Codable, Sendable {
+    public let includedUsed: GrokCent?
+    public let onDemandUsed: GrokCent?
+    public let totalUsed: GrokCent?
+}
+
+public struct GrokCent: Codable, Sendable {
+    public let val: Int?
+}
+
+extension GrokBillingResponse {
+    /// Convenience accessor: monthly usage as a 0–100 percent.
+    public var monthlyUsedPercent: Double? {
+        guard let limit = self.monthlyLimit?.val, limit > 0,
+              let used = self.usage?.totalUsed?.val
+        else { return nil }
+        return min(100.0, max(0.0, Double(used) / Double(limit) * 100.0))
+    }
+
+    public var billingPeriodEndDate: Date? {
+        guard let raw = self.billingCycle?.billingPeriodEnd else { return nil }
+        return GrokBillingResponse.parseISO8601(raw)
+    }
+
+    public var billingPeriodStartDate: Date? {
+        guard let raw = self.billingCycle?.billingPeriodStart else { return nil }
+        return GrokBillingResponse.parseISO8601(raw)
+    }
+
+    public var billingPeriodMinutes: Int? {
+        guard let start = self.billingPeriodStartDate,
+              let end = self.billingPeriodEndDate,
+              end > start
+        else { return nil }
+        return Int(end.timeIntervalSince(start) / 60)
+    }
+
+    private static func parseISO8601(_ raw: String) -> Date? {
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        if let date = formatter.date(from: raw) { return date }
+        formatter.formatOptions = [.withInternetDateTime]
+        return formatter.date(from: raw)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Grok/GrokStatusProbe.swift b/Sources/CodexBarCore/Providers/Grok/GrokStatusProbe.swift
new file mode 100644
index 000000000..4a6e0a2a2
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Grok/GrokStatusProbe.swift
@@ -0,0 +1,157 @@
+import Foundation
+
+public struct GrokUsageSnapshot: Sendable {
+    public let billing: GrokBillingResponse?
+    public let webBilling: GrokWebBillingSnapshot?
+    public let credentials: GrokCredentials?
+    public let localSummary: GrokLocalSessionSummary?
+    public let cliVersion: String?
+    public let updatedAt: Date
+
+    public init(
+        billing: GrokBillingResponse?,
+        webBilling: GrokWebBillingSnapshot? = nil,
+        credentials: GrokCredentials?,
+        localSummary: GrokLocalSessionSummary?,
+        cliVersion: String?,
+        updatedAt: Date)
+    {
+        self.billing = billing
+        self.webBilling = webBilling
+        self.credentials = credentials
+        self.localSummary = localSummary
+        self.cliVersion = cliVersion
+        self.updatedAt = updatedAt
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        // Primary window: credit usage (against included limit) from the CLI RPC,
+        // falling back to the web billing RPC used by grok.com when the agent surface lacks billing.
+        var primary: RateWindow?
+        if let billing,
+           let percent = billing.monthlyUsedPercent
+        {
+            primary = RateWindow(
+                usedPercent: percent,
+                windowMinutes: billing.billingPeriodMinutes,
+                resetsAt: billing.billingPeriodEndDate,
+                resetDescription: nil)
+        } else if let webBilling,
+                  let percent = webBilling.usedPercent
+        {
+            primary = RateWindow(
+                usedPercent: percent,
+                windowMinutes: nil,
+                resetsAt: webBilling.resetsAt,
+                resetDescription: nil)
+        }
+
+        let identity = ProviderIdentitySnapshot(
+            providerID: .grok,
+            accountEmail: self.credentials?.email,
+            accountOrganization: self.credentials?.teamId,
+            loginMethod: self.credentials?.loginMethod)
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+}
+
+public struct GrokStatusProbe: Sendable {
+    public init() {}
+
+    public static func detectVersion(env: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        guard let binary = BinaryLocator.resolveGrokBinary(env: env) else { return nil }
+        let process = Process()
+        process.executableURL = URL(fileURLWithPath: "/usr/bin/env")
+        process.arguments = [binary, "--version"]
+        let pipe = Pipe()
+        process.standardOutput = pipe
+        process.standardError = pipe
+        do {
+            try process.run()
+            process.waitUntilExit()
+            let data = pipe.fileHandleForReading.readDataToEndOfFile()
+            guard let output = String(data: data, encoding: .utf8) else { return nil }
+            // Output is like "grok 0.1.210 (8b63e9068c)" — strip the leading "grok " so
+            // callers can prefix the CLI name themselves without duplicating it.
+            let trimmed = output.trimmingCharacters(in: .whitespacesAndNewlines)
+            let firstLine = trimmed.split(separator: "\n").first.map(String.init) ?? trimmed
+            let withoutPrefix = firstLine.replacingOccurrences(
+                of: #"^grok\s+"#,
+                with: "",
+                options: [.regularExpression])
+                .trimmingCharacters(in: .whitespacesAndNewlines)
+            return withoutPrefix.isEmpty ? nil : withoutPrefix
+        } catch {
+            return nil
+        }
+    }
+
+    public func fetch(env: [String: String] = ProcessInfo.processInfo.environment) async throws -> GrokUsageSnapshot {
+        // Credentials are optional: we still show identity-less state if the user
+        // hasn't logged in, with a clear hint via the RPC error.
+        let credentials = try? GrokCredentialsStore.load(env: env)
+
+        var billing: GrokBillingResponse?
+        var rpcError: Error?
+        do {
+            let client = try GrokRPCClient(environment: env)
+            defer { client.shutdown() }
+            try await client.initialize()
+            billing = try await client.fetchBilling()
+        } catch {
+            rpcError = error
+        }
+
+        // Local fallback summary always succeeds (empty if no sessions yet).
+        let localSummary = GrokLocalSessionScanner.summarize(env: env)
+        let cliVersion = Self.detectVersion(env: env)
+
+        // `localSummary` is *not* currently projected into a visible RateWindow or
+        // identity field, so a stale `~/.grok/sessions/` directory must not
+        // suppress the auth-required hint. CLI-only fetches need a billing
+        // response; the provider pipeline owns the separate web fallback.
+        if billing == nil {
+            throw rpcError ?? GrokRPCError.notAuthenticated
+        }
+
+        return GrokUsageSnapshot(
+            billing: billing,
+            webBilling: nil,
+            credentials: Self.credentialsForSnapshot(
+                credentials: credentials,
+                billing: billing,
+                webBilling: nil),
+            localSummary: localSummary,
+            cliVersion: cliVersion,
+            updatedAt: Date())
+    }
+
+    static func credentialsForSnapshot(
+        credentials: GrokCredentials?,
+        billing: GrokBillingResponse?,
+        webBilling: GrokWebBillingSnapshot? = nil) -> GrokCredentials?
+    {
+        // If remote usage succeeded, xAI accepted auth and the local
+        // identity is still useful even when the persisted expires_at is stale.
+        if billing != nil || webBilling != nil { return credentials }
+        return credentials.flatMap { $0.isExpired ? nil : $0 }
+    }
+
+    static func shouldSurfaceRemoteAuthError(_ error: Error?) -> Bool {
+        guard let error = error as? GrokWebBillingError else { return false }
+        switch error {
+        case let .requestFailed(status, _):
+            return status == 401 || status == 403
+        case let .rpcFailed(status, _):
+            return status == 16
+        case .missingCredentials, .emptyResponse, .invalidResponse, .parseFailed:
+            return false
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Grok/GrokWebBillingFetcher.swift b/Sources/CodexBarCore/Providers/Grok/GrokWebBillingFetcher.swift
new file mode 100644
index 000000000..50a0beae3
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Grok/GrokWebBillingFetcher.swift
@@ -0,0 +1,386 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public struct GrokWebBillingSnapshot: Sendable, Equatable {
+    public let usedPercent: Double?
+    public let resetsAt: Date?
+
+    public init(usedPercent: Double?, resetsAt: Date?) {
+        self.usedPercent = usedPercent
+        self.resetsAt = resetsAt
+    }
+}
+
+public enum GrokWebBillingError: LocalizedError, Sendable {
+    case missingCredentials
+    case emptyResponse
+    case invalidResponse
+    case requestFailed(Int, String)
+    case rpcFailed(Int, String)
+    case parseFailed
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCredentials:
+            "Grok web billing requires a signed-in grok.com browser session or `grok login`."
+        case .emptyResponse:
+            "Grok web billing returned no protobuf payload."
+        case .invalidResponse:
+            "Grok web billing returned an invalid response."
+        case let .requestFailed(status, body):
+            if status == 401 || status == 403 {
+                "Grok web billing rejected credentials. Run `grok login` to refresh xAI auth."
+            } else {
+                "Grok web billing request failed with HTTP \(status): \(body)"
+            }
+        case let .rpcFailed(status, message):
+            if status == 16 {
+                "Grok web billing rejected credentials. Run `grok login` to refresh xAI auth."
+            } else {
+                "Grok web billing RPC failed with status \(status): \(message)"
+            }
+        case .parseFailed:
+            "Could not parse Grok web billing usage."
+        }
+    }
+}
+
+public enum GrokWebBillingFetcher {
+    public static let defaultEndpoint =
+        URL(string: "https://grok.com/grok_api_v2.GrokBuildBilling/GetGrokCreditsConfig")!
+    private static let requestTimeoutSeconds: TimeInterval = 15
+
+    public static func fetch(
+        credentials: GrokCredentials,
+        session transport: any ProviderHTTPTransport = ProviderHTTPClient.shared,
+        endpoint: URL = Self.defaultEndpoint) async throws -> GrokWebBillingSnapshot
+    {
+        try await self.fetch(
+            authorizationHeader: "Bearer \(credentials.accessToken)",
+            cookieHeader: nil,
+            transport: transport,
+            endpoint: endpoint)
+    }
+
+    public static func fetch(
+        cookieHeader: String,
+        session transport: any ProviderHTTPTransport = ProviderHTTPClient.shared,
+        endpoint: URL = Self.defaultEndpoint) async throws -> GrokWebBillingSnapshot
+    {
+        try await self.fetch(
+            authorizationHeader: nil,
+            cookieHeader: cookieHeader,
+            transport: transport,
+            endpoint: endpoint)
+    }
+
+    private static func fetch(
+        authorizationHeader: String?,
+        cookieHeader: String?,
+        transport: any ProviderHTTPTransport,
+        endpoint: URL) async throws -> GrokWebBillingSnapshot
+    {
+        do {
+            return try await self.fetchOnce(
+                authorizationHeader: authorizationHeader,
+                cookieHeader: cookieHeader,
+                transport: transport,
+                endpoint: endpoint)
+        } catch where self.shouldRetry(error) {
+            return try await self.fetchOnce(
+                authorizationHeader: authorizationHeader,
+                cookieHeader: cookieHeader,
+                transport: transport,
+                endpoint: endpoint)
+        }
+    }
+
+    private static func fetchOnce(
+        authorizationHeader: String?,
+        cookieHeader: String?,
+        transport: any ProviderHTTPTransport,
+        endpoint: URL) async throws -> GrokWebBillingSnapshot
+    {
+        var request = URLRequest(url: endpoint)
+        request.httpMethod = "POST"
+        request.timeoutInterval = Self.requestTimeoutSeconds
+        request.httpBody = Data([0x00, 0x00, 0x00, 0x00, 0x00])
+        if let authorizationHeader {
+            request.setValue(authorizationHeader, forHTTPHeaderField: "Authorization")
+        }
+        if let cookieHeader {
+            request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
+        }
+        request.setValue("https://grok.com", forHTTPHeaderField: "Origin")
+        request.setValue("https://grok.com/?_s=usage", forHTTPHeaderField: "Referer")
+        request.setValue("*/*", forHTTPHeaderField: "Accept")
+        request.setValue("application/grpc-web+proto", forHTTPHeaderField: "Content-Type")
+        request.setValue("1", forHTTPHeaderField: "x-grpc-web")
+        request.setValue("connect-es/2.1.1", forHTTPHeaderField: "x-user-agent")
+        request.setValue("CodexBar", forHTTPHeaderField: "User-Agent")
+
+        let response: ProviderHTTPResponse
+        do {
+            response = try await transport.response(for: request)
+        } catch let error as URLError where error.code == .badServerResponse {
+            throw GrokWebBillingError.invalidResponse
+        } catch {
+            throw error
+        }
+        guard response.statusCode == 200 else {
+            let body = String(data: response.data.prefix(400), encoding: .utf8) ?? ""
+            throw GrokWebBillingError.requestFailed(response.statusCode, body)
+        }
+        try Self.validateGRPCStatusFields(Self.grpcHeaderFields(from: response.response.allHeaderFields))
+        try Self.validateGRPCWebTrailers(response.data)
+
+        return try Self.parseGRPCWebResponse(response.data)
+    }
+
+    private static func shouldRetry(_ error: Error) -> Bool {
+        if let urlError = error as? URLError {
+            return urlError.code == .timedOut || urlError.code == .networkConnectionLost
+        }
+        if case let GrokWebBillingError.requestFailed(status, body) = error {
+            if [408, 502, 503, 504].contains(status) { return true }
+            return body.localizedCaseInsensitiveContains("timeout")
+                || body.localizedCaseInsensitiveContains("deadline")
+        }
+        guard case let GrokWebBillingError.rpcFailed(status, message) = error else { return false }
+        if status == 4 { return true }
+        guard status == 1 else { return false }
+        return message.localizedCaseInsensitiveContains("timeout")
+            || message.localizedCaseInsensitiveContains("deadline")
+            || message.localizedCaseInsensitiveContains("expired")
+    }
+
+    static func parseGRPCWebResponse(_ data: Data, now: Date = Date()) throws -> GrokWebBillingSnapshot {
+        let payloads = Self.grpcWebDataFrames(from: data)
+        guard !payloads.isEmpty else { throw GrokWebBillingError.emptyResponse }
+
+        var scan = ProtobufScan()
+        for payload in payloads {
+            scan.merge(Self.scanProtobuf(payload, depth: 0))
+        }
+
+        let parsedPercent = scan.fixed32Fields
+            .filter { field in
+                field.path.last == 1 && field.value.isFinite && field.value >= 0 && field.value <= 100
+            }
+            .min { lhs, rhs in
+                lhs.path.count == rhs.path.count ? lhs.order < rhs.order : lhs.path.count < rhs.path.count
+            }
+            .map { Double($0.value) }
+
+        let resetFields = scan.varintFields.compactMap { field -> (path: [UInt64], date: Date)? in
+            let raw = field.value
+            guard raw >= 1_700_000_000, raw <= 2_100_000_000 else { return nil }
+            return (field.path, Date(timeIntervalSince1970: TimeInterval(raw)))
+        }
+        let futureResetFields = resetFields.filter { $0.date > now }
+        let reset = futureResetFields
+            .filter { $0.path == [1, 5, 1] }
+            .map(\.date)
+            .min() ?? futureResetFields
+            .map(\.date)
+            .min()
+
+        let noUsageYet = parsedPercent == nil &&
+            scan.fixed32Fields.isEmpty &&
+            reset != nil &&
+            scan.varintFields.contains { $0.path.starts(with: [1, 6]) }
+        guard let percent = parsedPercent ?? (noUsageYet ? 0 : nil) else {
+            throw GrokWebBillingError.parseFailed
+        }
+        return GrokWebBillingSnapshot(usedPercent: percent, resetsAt: reset)
+    }
+
+    static func grpcWebDataFrames(from data: Data) -> [Data] {
+        let bytes = [UInt8](data)
+        var frames: [Data] = []
+        var index = 0
+        while index + 5 <= bytes.count {
+            let flags = bytes[index]
+            let length = (Int(bytes[index + 1]) << 24)
+                | (Int(bytes[index + 2]) << 16)
+                | (Int(bytes[index + 3]) << 8)
+                | Int(bytes[index + 4])
+            let start = index + 5
+            let end = start + length
+            guard length >= 0, end <= bytes.count else { break }
+            if flags & 0x80 == 0 {
+                frames.append(Data(bytes[start..<end]))
+            }
+            index = end
+        }
+        return frames
+    }
+
+    static func validateGRPCWebTrailers(_ data: Data) throws {
+        try self.validateGRPCStatusFields(self.grpcWebTrailerFields(from: data))
+    }
+
+    static func validateGRPCStatusFields(_ fields: [String: String]) throws {
+        guard let rawStatus = fields["grpc-status"],
+              let status = Int(rawStatus),
+              status != 0
+        else {
+            return
+        }
+        throw GrokWebBillingError.rpcFailed(status, fields["grpc-message"] ?? "")
+    }
+
+    static func grpcHeaderFields(from headers: [AnyHashable: Any]) -> [String: String] {
+        var fields: [String: String] = [:]
+        for (key, value) in headers {
+            let normalizedKey = String(describing: key)
+                .trimmingCharacters(in: .whitespacesAndNewlines)
+                .lowercased()
+            guard normalizedKey.hasPrefix("grpc-") else { continue }
+            fields[normalizedKey] = String(describing: value)
+                .trimmingCharacters(in: .whitespacesAndNewlines)
+                .removingPercentEncoding ?? ""
+        }
+        return fields
+    }
+
+    static func grpcWebTrailerFields(from data: Data) -> [String: String] {
+        let bytes = [UInt8](data)
+        var fields: [String: String] = [:]
+        var index = 0
+        while index + 5 <= bytes.count {
+            let flags = bytes[index]
+            let length = (Int(bytes[index + 1]) << 24)
+                | (Int(bytes[index + 2]) << 16)
+                | (Int(bytes[index + 3]) << 8)
+                | Int(bytes[index + 4])
+            let start = index + 5
+            let end = start + length
+            guard length >= 0, end <= bytes.count else { break }
+            if flags & 0x80 != 0, let text = String(data: Data(bytes[start..<end]), encoding: .utf8) {
+                for line in text.components(separatedBy: .newlines) where !line.isEmpty {
+                    guard let separator = line.firstIndex(of: ":") else { continue }
+                    let key = line[..<separator]
+                        .trimmingCharacters(in: .whitespacesAndNewlines)
+                        .lowercased()
+                    let value = line[line.index(after: separator)...]
+                        .trimmingCharacters(in: .whitespacesAndNewlines)
+                        .removingPercentEncoding ?? ""
+                    fields[key] = value
+                }
+            }
+            index = end
+        }
+        return fields
+    }
+
+    private struct ProtobufScan {
+        struct Fixed32Field {
+            var path: [UInt64]
+            var value: Float
+            var order: Int
+        }
+
+        struct VarintField {
+            var path: [UInt64]
+            var value: UInt64
+        }
+
+        var fixed32Fields: [Fixed32Field] = []
+        var varintFields: [VarintField] = []
+
+        mutating func merge(_ other: ProtobufScan) {
+            self.fixed32Fields.append(contentsOf: other.fixed32Fields)
+            self.varintFields.append(contentsOf: other.varintFields)
+        }
+    }
+
+    private static func scanProtobuf(_ data: Data, depth: Int) -> ProtobufScan {
+        self.scanProtobuf(data, depth: depth, path: [], order: 0).scan
+    }
+
+    private static func scanProtobuf(
+        _ data: Data,
+        depth: Int,
+        path: [UInt64],
+        order: Int) -> (scan: ProtobufScan, order: Int)
+    {
+        let bytes = [UInt8](data)
+        var scan = ProtobufScan()
+        var index = 0
+        var nextOrder = order
+
+        while index < bytes.count {
+            let fieldStart = index
+            guard let key = Self.readVarint(bytes, index: &index), key != 0 else {
+                index = fieldStart + 1
+                continue
+            }
+            let fieldNumber = key >> 3
+            let wireType = key & 0x07
+            let fieldPath = path + [fieldNumber]
+
+            switch wireType {
+            case 0:
+                if let value = Self.readVarint(bytes, index: &index) {
+                    scan.varintFields.append(ProtobufScan.VarintField(path: fieldPath, value: value))
+                } else {
+                    index = fieldStart + 1
+                }
+            case 1:
+                guard index + 8 <= bytes.count else { return (scan, nextOrder) }
+                index += 8
+            case 2:
+                guard let length = Self.readVarint(bytes, index: &index),
+                      length <= UInt64(bytes.count - index)
+                else {
+                    index = fieldStart + 1
+                    continue
+                }
+                let start = index
+                let end = index + Int(length)
+                if depth < 4 {
+                    let nested = Self.scanProtobuf(
+                        Data(bytes[start..<end]),
+                        depth: depth + 1,
+                        path: fieldPath,
+                        order: nextOrder)
+                    scan.merge(nested.scan)
+                    nextOrder = nested.order
+                }
+                index = end
+            case 5:
+                guard index + 4 <= bytes.count else { return (scan, nextOrder) }
+                let bitPattern = UInt32(bytes[index])
+                    | (UInt32(bytes[index + 1]) << 8)
+                    | (UInt32(bytes[index + 2]) << 16)
+                    | (UInt32(bytes[index + 3]) << 24)
+                scan.fixed32Fields.append(ProtobufScan.Fixed32Field(
+                    path: fieldPath,
+                    value: Float(bitPattern: bitPattern),
+                    order: nextOrder))
+                nextOrder += 1
+                index += 4
+            default:
+                index = fieldStart + 1
+            }
+        }
+
+        return (scan, nextOrder)
+    }
+
+    private static func readVarint(_ bytes: [UInt8], index: inout Int) -> UInt64? {
+        var value: UInt64 = 0
+        var shift: UInt64 = 0
+        while index < bytes.count, shift < 64 {
+            let byte = bytes[index]
+            index += 1
+            value |= UInt64(byte & 0x7F) << shift
+            if byte & 0x80 == 0 { return value }
+            shift += 7
+        }
+        return nil
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Groq/GroqProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Groq/GroqProviderDescriptor.swift
new file mode 100644
index 000000000..8728ea2ff
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Groq/GroqProviderDescriptor.swift
@@ -0,0 +1,68 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum GroqProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .groq,
+            metadata: ProviderMetadata(
+                id: .groq,
+                displayName: "Groq",
+                sessionLabel: "Requests",
+                weeklyLabel: "Tokens",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show Groq usage",
+                cliName: "groqcloud",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: nil,
+                dashboardURL: "https://console.groq.com/dashboard/metrics",
+                statusPageURL: nil,
+                statusLinkURL: "https://status.groq.com"),
+            branding: ProviderBranding(
+                iconStyle: .groq,
+                iconResourceName: "ProviderIcon-groq",
+                color: ProviderColor(red: 245 / 255, green: 104 / 255, blue: 68 / 255)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "Groq cost history is not available via the metrics API." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .api],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [GroqAPIFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "groqcloud",
+                aliases: ["groq", "groq-api"],
+                versionDetector: nil))
+    }
+}
+
+struct GroqAPIFetchStrategy: ProviderFetchStrategy {
+    let id: String = "groq.api"
+    let kind: ProviderFetchKind = .apiToken
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        ProviderTokenResolver.groqToken(environment: context.env) != nil
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard let apiKey = ProviderTokenResolver.groqToken(environment: context.env) else {
+            throw GroqUsageError.missingCredentials
+        }
+        let usage = try await GroqUsageFetcher.fetchUsage(
+            apiKey: apiKey,
+            environment: context.env)
+        return self.makeResult(
+            usage: usage.toUsageSnapshot(),
+            sourceLabel: "metrics")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Groq/GroqSettingsReader.swift b/Sources/CodexBarCore/Providers/Groq/GroqSettingsReader.swift
new file mode 100644
index 000000000..4b4f20804
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Groq/GroqSettingsReader.swift
@@ -0,0 +1,36 @@
+import Foundation
+
+public enum GroqSettingsReader {
+    public static let apiKeyEnvironmentKey = "GROQ_API_KEY"
+    public static let apiURLEnvironmentKey = "GROQ_API_URL"
+
+    public static func apiKey(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.cleaned(environment[self.apiKeyEnvironmentKey])
+    }
+
+    public static func apiURL(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> URL
+    {
+        if let raw = self.cleaned(environment[self.apiURLEnvironmentKey]),
+           let url = URL(string: raw)
+        {
+            return url
+        }
+        return URL(string: "https://api.groq.com/v1")!
+    }
+
+    static func cleaned(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+        value = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : value
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Groq/GroqUsageFetcher.swift b/Sources/CodexBarCore/Providers/Groq/GroqUsageFetcher.swift
new file mode 100644
index 000000000..c375c515a
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Groq/GroqUsageFetcher.swift
@@ -0,0 +1,234 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public enum GroqUsageError: LocalizedError, Sendable {
+    case missingCredentials
+    case invalidURL
+    case accessDenied(String)
+    case apiError(String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCredentials:
+            "Missing Groq API key. Set apiKey in ~/.codexbar/config.json or GROQ_API_KEY."
+        case .invalidURL:
+            "Groq metrics URL is invalid."
+        case let .accessDenied(message):
+            "Groq metrics access denied: \(message)"
+        case let .apiError(message):
+            "Groq metrics API error: \(message)"
+        case let .parseFailed(message):
+            "Groq metrics parse error: \(message)"
+        }
+    }
+}
+
+public struct GroqUsageSnapshot: Codable, Sendable, Equatable {
+    public let requestRatePerSecond: Double
+    public let inputTokenRatePerSecond: Double
+    public let outputTokenRatePerSecond: Double
+    public let promptCacheHitRatePerSecond: Double
+    public let updatedAt: Date
+
+    public init(
+        requestRatePerSecond: Double,
+        inputTokenRatePerSecond: Double,
+        outputTokenRatePerSecond: Double,
+        promptCacheHitRatePerSecond: Double = 0,
+        updatedAt: Date)
+    {
+        self.requestRatePerSecond = requestRatePerSecond
+        self.inputTokenRatePerSecond = inputTokenRatePerSecond
+        self.outputTokenRatePerSecond = outputTokenRatePerSecond
+        self.promptCacheHitRatePerSecond = promptCacheHitRatePerSecond
+        self.updatedAt = updatedAt
+    }
+
+    public var requestsPerMinute: Double {
+        self.requestRatePerSecond * 60
+    }
+
+    public var tokensPerMinute: Double {
+        (self.inputTokenRatePerSecond + self.outputTokenRatePerSecond) * 60
+    }
+
+    public var cacheHitsPerMinute: Double {
+        self.promptCacheHitRatePerSecond * 60
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 0,
+                windowMinutes: 5,
+                resetsAt: nil,
+                resetDescription: "\(Self.formatDecimal(self.requestsPerMinute)) req/min"),
+            secondary: RateWindow(
+                usedPercent: 0,
+                windowMinutes: 5,
+                resetsAt: nil,
+                resetDescription: "\(Self.formatDecimal(self.tokensPerMinute)) tok/min"),
+            tertiary: self.promptCacheHitRatePerSecond > 0 ? RateWindow(
+                usedPercent: 0,
+                windowMinutes: 5,
+                resetsAt: nil,
+                resetDescription: "\(Self.formatDecimal(self.cacheHitsPerMinute)) cache/min") : nil,
+            updatedAt: self.updatedAt,
+            identity: ProviderIdentitySnapshot(
+                providerID: .groq,
+                accountEmail: nil,
+                accountOrganization: nil,
+                loginMethod: "Prometheus metrics"))
+    }
+
+    static func formatDecimal(_ value: Double) -> String {
+        if value >= 100 {
+            return String(format: "%.0f", value)
+        }
+        if value >= 10 {
+            return String(format: "%.1f", value)
+        }
+        return String(format: "%.2f", value)
+    }
+}
+
+private struct GroqPrometheusResponse: Decodable {
+    struct Payload: Decodable {
+        let result: [Series]
+    }
+
+    struct Series: Decodable {
+        let value: [PrometheusValue]?
+    }
+
+    enum PrometheusValue: Decodable {
+        case number(Double)
+        case string(String)
+
+        init(from decoder: Decoder) throws {
+            let container = try decoder.singleValueContainer()
+            if let number = try? container.decode(Double.self) {
+                self = .number(number)
+                return
+            }
+            self = try .string(container.decode(String.self))
+        }
+
+        var doubleValue: Double? {
+            switch self {
+            case let .number(number):
+                number
+            case let .string(text):
+                Double(text)
+            }
+        }
+    }
+
+    let status: String
+    let data: Payload?
+    let error: String?
+}
+
+public struct GroqUsageFetcher: Sendable {
+    public init() {}
+
+    public static func fetchUsage(
+        apiKey: String,
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        transport: any ProviderHTTPTransport = ProviderHTTPClient.shared,
+        updatedAt: Date = Date()) async throws -> GroqUsageSnapshot
+    {
+        guard !apiKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty else {
+            throw GroqUsageError.missingCredentials
+        }
+        let baseURL = GroqSettingsReader.apiURL(environment: environment)
+            .appendingPathComponent("metrics")
+            .appendingPathComponent("prometheus")
+
+        async let requests = Self.queryScalar(
+            query: "sum(model_project_id_status_code:requests:rate5m)",
+            apiKey: apiKey,
+            baseURL: baseURL,
+            transport: transport)
+        async let inputTokens = Self.queryScalar(
+            query: "sum(model_project_id:tokens_in:rate5m)",
+            apiKey: apiKey,
+            baseURL: baseURL,
+            transport: transport)
+        async let outputTokens = Self.queryScalar(
+            query: "sum(model_project_id:tokens_out:rate5m)",
+            apiKey: apiKey,
+            baseURL: baseURL,
+            transport: transport)
+        async let cacheHits = Self.queryScalar(
+            query: "sum(model_project_id:prompt_cache_hits:rate5m)",
+            apiKey: apiKey,
+            baseURL: baseURL,
+            transport: transport)
+
+        return try await GroqUsageSnapshot(
+            requestRatePerSecond: requests,
+            inputTokenRatePerSecond: inputTokens,
+            outputTokenRatePerSecond: outputTokens,
+            promptCacheHitRatePerSecond: cacheHits,
+            updatedAt: updatedAt)
+    }
+
+    public static func _parseScalarForTesting(_ data: Data) throws -> Double {
+        try self.parseScalar(data: data)
+    }
+
+    private static func queryScalar(
+        query: String,
+        apiKey: String,
+        baseURL: URL,
+        transport: any ProviderHTTPTransport) async throws -> Double
+    {
+        guard var components = URLComponents(
+            url: baseURL.appendingPathComponent("api/v1/query"),
+            resolvingAgainstBaseURL: false)
+        else { throw GroqUsageError.invalidURL }
+        components.queryItems = [URLQueryItem(name: "query", value: query)]
+        guard let url = components.url else { throw GroqUsageError.invalidURL }
+
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+
+        let response = try await transport.response(for: request)
+        guard (200..<300).contains(response.statusCode) else {
+            let summary = Self.responseSummary(response.data)
+            if response.statusCode == 401 || response.statusCode == 403 {
+                throw GroqUsageError.accessDenied(summary)
+            }
+            throw GroqUsageError.apiError("HTTP \(response.statusCode): \(summary)")
+        }
+        return try self.parseScalar(data: response.data)
+    }
+
+    private static func parseScalar(data: Data) throws -> Double {
+        do {
+            let decoded = try JSONDecoder().decode(GroqPrometheusResponse.self, from: data)
+            guard decoded.status == "success" else {
+                throw GroqUsageError.apiError(decoded.error ?? "query failed")
+            }
+            return decoded.data?.result.compactMap { series in
+                series.value?.last?.doubleValue
+            }.reduce(0, +) ?? 0
+        } catch let error as GroqUsageError {
+            throw error
+        } catch {
+            throw GroqUsageError.parseFailed(error.localizedDescription)
+        }
+    }
+
+    private static func responseSummary(_ data: Data) -> String {
+        String(bytes: data.prefix(500), encoding: .utf8)?
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            ?? ""
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/JetBrains/JetBrainsStatusProbe.swift b/Sources/CodexBarCore/Providers/JetBrains/JetBrainsStatusProbe.swift
index b9e02dff9..198d830d1 100644
--- a/Sources/CodexBarCore/Providers/JetBrains/JetBrainsStatusProbe.swift
+++ b/Sources/CodexBarCore/Providers/JetBrains/JetBrainsStatusProbe.swift
@@ -1,5 +1,5 @@
 import Foundation
-#if canImport(FoundationXML)
+#if os(macOS) && canImport(FoundationXML)
 import FoundationXML
 #endif
 
diff --git a/Sources/CodexBarCore/Providers/Kilo/KiloBearerTokenResolver.swift b/Sources/CodexBarCore/Providers/Kilo/KiloBearerTokenResolver.swift
new file mode 100644
index 000000000..6478c2031
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Kilo/KiloBearerTokenResolver.swift
@@ -0,0 +1,78 @@
+import Foundation
+
+public struct KiloResolvedBearerToken: Sendable, Equatable {
+    public let token: String
+    public let sourceLabel: String
+
+    public init(token: String, sourceLabel: String) {
+        self.token = token
+        self.sourceLabel = sourceLabel
+    }
+}
+
+/// Resolves the Kilo bearer token shared by usage fetches and organization discovery.
+///
+/// Behavior mirrors the per-strategy resolution in `KiloProviderDescriptor`:
+/// - `.api`: explicit `apiKey`, falling back to `KILO_API_KEY` env var.
+/// - `.cli`: token from `~/.local/share/kilo/auth.json` (`kilo.access`).
+/// - `.auto`: API first, falling back to CLI when API credentials are missing.
+public enum KiloBearerTokenResolver {
+    public static func resolve(
+        source: KiloUsageDataSource,
+        apiKey: String?,
+        environment: [String: String] = ProcessInfo.processInfo.environment) throws -> KiloResolvedBearerToken
+    {
+        switch source {
+        case .api:
+            return try self.resolveAPI(apiKey: apiKey, environment: environment)
+        case .cli:
+            return try self.resolveCLI(environment: environment)
+        case .auto:
+            if let resolved = try? self.resolveAPI(apiKey: apiKey, environment: environment) {
+                return resolved
+            }
+            return try self.resolveCLI(environment: environment)
+        }
+    }
+
+    private static func resolveAPI(
+        apiKey: String?,
+        environment: [String: String]) throws -> KiloResolvedBearerToken
+    {
+        let direct = KiloSettingsReader.cleaned(apiKey)
+        let envValue = KiloSettingsReader.cleaned(environment[KiloSettingsReader.apiTokenKey])
+        if let token = direct ?? envValue {
+            return KiloResolvedBearerToken(token: token, sourceLabel: "api")
+        }
+        throw KiloUsageError.missingCredentials
+    }
+
+    private static func resolveCLI(
+        environment: [String: String]) throws -> KiloResolvedBearerToken
+    {
+        let url = self.authFileURL(environment: environment)
+        guard FileManager.default.fileExists(atPath: url.path) else {
+            throw KiloUsageError.cliSessionMissing(url.path)
+        }
+        let data: Data
+        do {
+            data = try Data(contentsOf: url)
+        } catch {
+            throw KiloUsageError.cliSessionUnreadable(url.path)
+        }
+        guard let token = KiloSettingsReader.parseAuthToken(data: data) else {
+            throw KiloUsageError.cliSessionInvalid(url.path)
+        }
+        return KiloResolvedBearerToken(token: token, sourceLabel: "cli")
+    }
+
+    static func authFileURL(environment: [String: String]) -> URL {
+        if let home = KiloSettingsReader.cleaned(environment["HOME"]) {
+            let expandedHome = NSString(string: home).expandingTildeInPath
+            return KiloSettingsReader.defaultAuthFileURL(
+                homeDirectory: URL(fileURLWithPath: expandedHome, isDirectory: true))
+        }
+        return KiloSettingsReader.defaultAuthFileURL(
+            homeDirectory: FileManager.default.homeDirectoryForCurrentUser)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Kilo/KiloOrganization.swift b/Sources/CodexBarCore/Providers/Kilo/KiloOrganization.swift
new file mode 100644
index 000000000..46b43fad6
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Kilo/KiloOrganization.swift
@@ -0,0 +1,13 @@
+import Foundation
+
+public struct KiloOrganization: Codable, Sendable, Equatable, Hashable, Identifiable {
+    public let id: String
+    public let name: String
+    public let role: String?
+
+    public init(id: String, name: String, role: String? = nil) {
+        self.id = id
+        self.name = name
+        self.role = role
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Kilo/KiloProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Kilo/KiloProviderDescriptor.swift
index 091bef846..8e3d8fad3 100644
--- a/Sources/CodexBarCore/Providers/Kilo/KiloProviderDescriptor.swift
+++ b/Sources/CodexBarCore/Providers/Kilo/KiloProviderDescriptor.swift
@@ -22,7 +22,7 @@ public enum KiloProviderDescriptor {
                 isPrimaryProvider: false,
                 usesAccountFallback: false,
                 browserCookieOrder: nil,
-                dashboardURL: "https://app.kilo.ai/account/usage",
+                dashboardURL: "https://app.kilo.ai/usage",
                 statusPageURL: nil),
             branding: ProviderBranding(
                 iconStyle: .kilo,
diff --git a/Sources/CodexBarCore/Providers/Kilo/KiloSettingsReader.swift b/Sources/CodexBarCore/Providers/Kilo/KiloSettingsReader.swift
index b32f88b98..e315fc2e6 100644
--- a/Sources/CodexBarCore/Providers/Kilo/KiloSettingsReader.swift
+++ b/Sources/CodexBarCore/Providers/Kilo/KiloSettingsReader.swift
@@ -44,8 +44,7 @@ public enum KiloSettingsReader {
         if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
             (value.hasPrefix("'") && value.hasSuffix("'"))
         {
-            value.removeFirst()
-            value.removeLast()
+            value = String(value.dropFirst().dropLast())
         }
 
         value = value.trimmingCharacters(in: .whitespacesAndNewlines)
diff --git a/Sources/CodexBarCore/Providers/Kilo/KiloUsageFetcher.swift b/Sources/CodexBarCore/Providers/Kilo/KiloUsageFetcher.swift
index a274b113a..59135ff8f 100644
--- a/Sources/CodexBarCore/Providers/Kilo/KiloUsageFetcher.swift
+++ b/Sources/CodexBarCore/Providers/Kilo/KiloUsageFetcher.swift
@@ -234,6 +234,7 @@ public enum KiloUsageError: LocalizedError, Sendable, Equatable {
     }
 }
 
+// swiftlint:disable:next type_body_length
 public struct KiloUsageFetcher: Sendable {
     private struct KiloPassFields {
         let used: Double?
@@ -257,6 +258,7 @@ public struct KiloUsageFetcher: Sendable {
 
     public static func fetchUsage(
         apiKey: String,
+        scope: KiloUsageScope = .personal,
         environment: [String: String] = ProcessInfo.processInfo.environment) async throws -> KiloUsageSnapshot
     {
         guard !apiKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty else {
@@ -264,39 +266,186 @@ public struct KiloUsageFetcher: Sendable {
         }
 
         let baseURL = KiloSettingsReader.apiURL(environment: environment)
-        let batchURL = try self.makeBatchURL(baseURL: baseURL)
+        let request = try self.makeRequest(baseURL: baseURL, apiKey: apiKey, scope: scope)
+
+        let response: ProviderHTTPResponse
+        do {
+            response = try await ProviderHTTPClient.shared.response(for: request)
+        } catch {
+            throw KiloUsageError.networkError(error.localizedDescription)
+        }
+
+        if let mapped = self.statusError(for: response.statusCode) {
+            throw mapped
+        }
+
+        guard response.statusCode == 200 else {
+            throw KiloUsageError.apiError(response.statusCode)
+        }
+
+        return try self.parseSnapshot(data: response.data)
+    }
+
+    static func _buildBatchURLForTesting(baseURL: URL) throws -> URL {
+        try self.makeBatchURL(baseURL: baseURL)
+    }
 
+    static func _buildRequestForTesting(
+        baseURL: URL,
+        apiKey: String,
+        scope: KiloUsageScope) throws -> URLRequest
+    {
+        try self.makeRequest(baseURL: baseURL, apiKey: apiKey, scope: scope)
+    }
+
+    private static func makeRequest(
+        baseURL: URL,
+        apiKey: String,
+        scope: KiloUsageScope) throws -> URLRequest
+    {
+        let batchURL = try self.makeBatchURL(baseURL: baseURL)
         var request = URLRequest(url: batchURL)
         request.httpMethod = "GET"
         request.timeoutInterval = 15
         request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
         request.setValue("application/json", forHTTPHeaderField: "Accept")
+        if let orgId = scope.organizationID {
+            request.setValue(orgId, forHTTPHeaderField: "X-KILOCODE-ORGANIZATIONID")
+        }
+        return request
+    }
+
+    public static func fetchOrganizations(
+        apiKey: String,
+        environment: [String: String] = ProcessInfo.processInfo.environment) async throws -> [KiloOrganization]
+    {
+        guard !apiKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty else {
+            throw KiloUsageError.missingCredentials
+        }
+
+        let baseURL = KiloSettingsReader.apiURL(environment: environment)
+        let trpcRequest = try self.makeOrgListTRPCRequest(baseURL: baseURL, apiKey: apiKey)
 
-        let data: Data
-        let response: URLResponse
         do {
-            (data, response) = try await URLSession.shared.data(for: request)
+            let response = try await ProviderHTTPClient.shared.response(for: trpcRequest)
+            if response.statusCode == 404 {
+                return try await self.fetchOrganizationsRESTFallback(apiKey: apiKey)
+            }
+            if let mapped = self.statusError(for: response.statusCode) {
+                throw mapped
+            }
+            return try self.parseOrganizations(data: response.data)
+        } catch let error as KiloUsageError {
+            throw error
         } catch {
             throw KiloUsageError.networkError(error.localizedDescription)
         }
+    }
+
+    static func _parseOrganizationsForTesting(_ data: Data) throws -> [KiloOrganization] {
+        try self.parseOrganizations(data: data)
+    }
 
-        guard let httpResponse = response as? HTTPURLResponse else {
-            throw KiloUsageError.networkError("Invalid response")
+    private static func makeOrgListTRPCRequest(
+        baseURL: URL,
+        apiKey: String) throws -> URLRequest
+    {
+        let endpoint = baseURL.appendingPathComponent("user.getOrganizations")
+        let inputData = try JSONSerialization.data(
+            withJSONObject: ["0": ["json": NSNull()]] as [String: Any])
+        guard let inputString = String(data: inputData, encoding: .utf8),
+              var components = URLComponents(url: endpoint, resolvingAgainstBaseURL: false)
+        else {
+            throw KiloUsageError.parseFailed("Invalid org list endpoint")
+        }
+        components.queryItems = [
+            URLQueryItem(name: "batch", value: "1"),
+            URLQueryItem(name: "input", value: inputString),
+        ]
+        guard let url = components.url else {
+            throw KiloUsageError.parseFailed("Invalid org list endpoint")
         }
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.timeoutInterval = 15
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        return request
+    }
+
+    private static func fetchOrganizationsRESTFallback(apiKey: String) async throws -> [KiloOrganization] {
+        guard let url = URL(string: "https://api.kilo.ai/api/profile") else {
+            throw KiloUsageError.parseFailed("Invalid REST fallback URL")
+        }
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.timeoutInterval = 15
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
 
-        if let mapped = self.statusError(for: httpResponse.statusCode) {
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        if let mapped = self.statusError(for: response.statusCode) {
             throw mapped
         }
+        guard response.statusCode == 200 else {
+            throw KiloUsageError.apiError(response.statusCode)
+        }
+        return try self.parseOrganizations(data: response.data)
+    }
+
+    private static func parseOrganizations(data: Data) throws -> [KiloOrganization] {
+        guard let root = try? JSONSerialization.jsonObject(with: data) else {
+            throw KiloUsageError.parseFailed("Invalid JSON")
+        }
 
-        guard httpResponse.statusCode == 200 else {
-            throw KiloUsageError.apiError(httpResponse.statusCode)
+        // tRPC batch shape: [ { result: { data: { json: [orgs] } } } ]
+        if let entries = root as? [[String: Any]],
+           let first = entries.first,
+           let resultObject = first["result"] as? [String: Any]
+        {
+            if let dataObject = resultObject["data"] as? [String: Any],
+               let payload = dataObject["json"] as? [[String: Any]]
+            {
+                return self.decodeOrganizations(payload)
+            }
+            if let payload = resultObject["data"] as? [[String: Any]] {
+                return self.decodeOrganizations(payload)
+            }
         }
 
-        return try self.parseSnapshot(data: data)
+        // REST profile shape: { user: ..., organizations: [orgs] }
+        if let dictionary = root as? [String: Any] {
+            if let orgs = dictionary["organizations"] as? [[String: Any]] {
+                return self.decodeOrganizations(orgs)
+            }
+            // Some single-procedure tRPC shapes flatten to { result: { data: { json: { organizations: [...] }}}}
+            if let resultObject = dictionary["result"] as? [String: Any],
+               let dataObject = resultObject["data"] as? [String: Any]
+            {
+                if let payload = dataObject["json"] as? [[String: Any]] {
+                    return self.decodeOrganizations(payload)
+                }
+                if let payload = dataObject["json"] as? [String: Any],
+                   let orgs = payload["organizations"] as? [[String: Any]]
+                {
+                    return self.decodeOrganizations(orgs)
+                }
+            }
+        }
+
+        return []
     }
 
-    static func _buildBatchURLForTesting(baseURL: URL) throws -> URL {
-        try self.makeBatchURL(baseURL: baseURL)
+    private static func decodeOrganizations(_ raw: [[String: Any]]) -> [KiloOrganization] {
+        raw.compactMap { item -> KiloOrganization? in
+            guard let id = item["id"] as? String, !id.isEmpty else { return nil }
+            let name = (item["name"] as? String).map {
+                $0.trimmingCharacters(in: .whitespacesAndNewlines)
+            } ?? id
+            let role = (item["role"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines)
+            let normalizedRole = (role?.isEmpty ?? true) ? nil : role
+            return KiloOrganization(id: id, name: name.isEmpty ? id : name, role: normalizedRole)
+        }
     }
 
     static func _parseSnapshotForTesting(_ data: Data) throws -> KiloUsageSnapshot {
diff --git a/Sources/CodexBarCore/Providers/Kilo/KiloUsageScope.swift b/Sources/CodexBarCore/Providers/Kilo/KiloUsageScope.swift
new file mode 100644
index 000000000..30369afef
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Kilo/KiloUsageScope.swift
@@ -0,0 +1,33 @@
+import Foundation
+
+public enum KiloUsageScope: Sendable, Hashable, Equatable {
+    case personal
+    case organization(id: String, name: String)
+
+    public var scopeIdentifier: String {
+        switch self {
+        case .personal:
+            "personal"
+        case let .organization(id, _):
+            "org:\(id)"
+        }
+    }
+
+    public var organizationID: String? {
+        switch self {
+        case .personal:
+            nil
+        case let .organization(id, _):
+            id
+        }
+    }
+
+    public var displayName: String {
+        switch self {
+        case .personal:
+            "Personal"
+        case let .organization(_, name):
+            name
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Kimi/KimiCookieImporter.swift b/Sources/CodexBarCore/Providers/Kimi/KimiCookieImporter.swift
index 3ede44a7c..b3f6deef6 100644
--- a/Sources/CodexBarCore/Providers/Kimi/KimiCookieImporter.swift
+++ b/Sources/CodexBarCore/Providers/Kimi/KimiCookieImporter.swift
@@ -54,7 +54,7 @@ public enum KimiCookieImporter {
     {
         let query = BrowserCookieQuery(domains: self.cookieDomains)
         let log: (String) -> Void = { msg in self.emit(msg, logger: logger) }
-        let sources = try Self.cookieClient.records(
+        let sources = try Self.cookieClient.codexBarRecords(
             matching: query,
             in: browserSource,
             logger: log)
diff --git a/Sources/CodexBarCore/Providers/Kimi/KimiModels.swift b/Sources/CodexBarCore/Providers/Kimi/KimiModels.swift
index 62ed83cc1..8d15d5f5d 100644
--- a/Sources/CodexBarCore/Providers/Kimi/KimiModels.swift
+++ b/Sources/CodexBarCore/Providers/Kimi/KimiModels.swift
@@ -12,11 +12,11 @@ struct KimiUsage: Codable {
 
 public struct KimiUsageDetail: Codable, Sendable {
     public let limit: String
-    public let used: String? // Optional because rate limit detail doesn't have this
+    public let used: String?
     public let remaining: String?
-    public let resetTime: String
+    public let resetTime: String?
 
-    public init(limit: String, used: String?, remaining: String?, resetTime: String) {
+    public init(limit: String, used: String?, remaining: String?, resetTime: String?) {
         self.limit = limit
         self.used = used
         self.remaining = remaining
diff --git a/Sources/CodexBarCore/Providers/Kimi/KimiSettingsReader.swift b/Sources/CodexBarCore/Providers/Kimi/KimiSettingsReader.swift
index bcb29d9c0..4874ca4d5 100644
--- a/Sources/CodexBarCore/Providers/Kimi/KimiSettingsReader.swift
+++ b/Sources/CodexBarCore/Providers/Kimi/KimiSettingsReader.swift
@@ -14,8 +14,7 @@ public enum KimiSettingsReader {
         if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
             (value.hasPrefix("'") && value.hasSuffix("'"))
         {
-            value.removeFirst()
-            value.removeLast()
+            value = String(value.dropFirst().dropLast())
         }
 
         value = value.trimmingCharacters(in: .whitespacesAndNewlines)
diff --git a/Sources/CodexBarCore/Providers/Kimi/KimiUsageFetcher.swift b/Sources/CodexBarCore/Providers/Kimi/KimiUsageFetcher.swift
index c6d6c2a2e..1e069123e 100644
--- a/Sources/CodexBarCore/Providers/Kimi/KimiUsageFetcher.swift
+++ b/Sources/CodexBarCore/Providers/Kimi/KimiUsageFetcher.swift
@@ -46,25 +46,22 @@ public struct KimiUsageFetcher: Sendable {
         let requestBody = ["scope": ["FEATURE_CODING"]]
         request.httpBody = try? JSONSerialization.data(withJSONObject: requestBody)
 
-        let (data, response) = try await URLSession.shared.data(for: request)
-        guard let httpResponse = response as? HTTPURLResponse else {
-            throw KimiAPIError.networkError("Invalid response")
-        }
-
-        guard httpResponse.statusCode == 200 else {
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
             let responseBody = String(data: data, encoding: .utf8) ?? "<binary data>"
-            Self.log.error("Kimi API returned \(httpResponse.statusCode): \(responseBody)")
+            Self.log.error("Kimi API returned \(response.statusCode): \(responseBody)")
 
-            if httpResponse.statusCode == 401 {
+            if response.statusCode == 401 {
                 throw KimiAPIError.invalidToken
             }
-            if httpResponse.statusCode == 403 {
+            if response.statusCode == 403 {
                 throw KimiAPIError.invalidToken
             }
-            if httpResponse.statusCode == 400 {
+            if response.statusCode == 400 {
                 throw KimiAPIError.invalidRequest("Bad request")
             }
-            throw KimiAPIError.apiError("HTTP \(httpResponse.statusCode)")
+            throw KimiAPIError.apiError("HTTP \(response.statusCode)")
         }
 
         let usageResponse = try JSONDecoder().decode(KimiUsageResponse.self, from: data)
diff --git a/Sources/CodexBarCore/Providers/Kimi/KimiUsageSnapshot.swift b/Sources/CodexBarCore/Providers/Kimi/KimiUsageSnapshot.swift
index c39e1602a..d19ff420d 100644
--- a/Sources/CodexBarCore/Providers/Kimi/KimiUsageSnapshot.swift
+++ b/Sources/CodexBarCore/Providers/Kimi/KimiUsageSnapshot.swift
@@ -11,8 +11,8 @@ public struct KimiUsageSnapshot: Sendable {
         self.updatedAt = updatedAt
     }
 
-    private static func parseDate(_ dateString: String) -> Date? {
-        // Handle ISO 8601 format like: 2026-01-09T15:23:13.716839300Z
+    private static func parseDate(_ dateString: String?) -> Date? {
+        guard let dateString else { return nil }
         let formatter = ISO8601DateFormatter()
         formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
         if let date = formatter.date(from: dateString) {
diff --git a/Sources/CodexBarCore/Providers/KimiK2/KimiK2ProviderDescriptor.swift b/Sources/CodexBarCore/Providers/KimiK2/KimiK2ProviderDescriptor.swift
index cc986b6f0..f6903c217 100644
--- a/Sources/CodexBarCore/Providers/KimiK2/KimiK2ProviderDescriptor.swift
+++ b/Sources/CodexBarCore/Providers/KimiK2/KimiK2ProviderDescriptor.swift
@@ -9,20 +9,20 @@ public enum KimiK2ProviderDescriptor {
             id: .kimik2,
             metadata: ProviderMetadata(
                 id: .kimik2,
-                displayName: "Kimi K2",
+                displayName: "Kimi K2 (unofficial)",
                 sessionLabel: "Credits",
                 weeklyLabel: "Credits",
                 opusLabel: nil,
                 supportsOpus: false,
                 supportsCredits: false,
                 creditsHint: "",
-                toggleTitle: "Show Kimi K2 usage",
+                toggleTitle: "Show unofficial Kimi K2 usage",
                 cliName: "kimik2",
                 defaultEnabled: false,
                 isPrimaryProvider: false,
                 usesAccountFallback: false,
                 browserCookieOrder: nil,
-                dashboardURL: "https://kimi-k2.ai/my-credits",
+                dashboardURL: nil,
                 statusPageURL: nil),
             branding: ProviderBranding(
                 iconStyle: .kimi,
@@ -30,7 +30,7 @@ public enum KimiK2ProviderDescriptor {
                 color: ProviderColor(red: 76 / 255, green: 0 / 255, blue: 255 / 255)),
             tokenCost: ProviderTokenCostConfig(
                 supportsTokenCost: false,
-                noDataMessage: { "Kimi K2 cost summary is not available." }),
+                noDataMessage: { "Unofficial Kimi K2 cost summary is not available." }),
             fetchPlan: ProviderFetchPlan(
                 sourceModes: [.auto, .api],
                 pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [KimiK2APIFetchStrategy()] })),
diff --git a/Sources/CodexBarCore/Providers/KimiK2/KimiK2SettingsReader.swift b/Sources/CodexBarCore/Providers/KimiK2/KimiK2SettingsReader.swift
index 3e59199d4..507e597dc 100644
--- a/Sources/CodexBarCore/Providers/KimiK2/KimiK2SettingsReader.swift
+++ b/Sources/CodexBarCore/Providers/KimiK2/KimiK2SettingsReader.swift
@@ -29,8 +29,7 @@ public struct KimiK2SettingsReader: Sendable {
         if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
             (value.hasPrefix("'") && value.hasSuffix("'"))
         {
-            value.removeFirst()
-            value.removeLast()
+            value = String(value.dropFirst().dropLast())
         }
         return value.trimmingCharacters(in: .whitespacesAndNewlines)
     }
diff --git a/Sources/CodexBarCore/Providers/KimiK2/KimiK2UsageFetcher.swift b/Sources/CodexBarCore/Providers/KimiK2/KimiK2UsageFetcher.swift
index 775e109bf..22f9255e6 100644
--- a/Sources/CodexBarCore/Providers/KimiK2/KimiK2UsageFetcher.swift
+++ b/Sources/CodexBarCore/Providers/KimiK2/KimiK2UsageFetcher.swift
@@ -29,26 +29,13 @@ public struct KimiK2UsageSummary: Sendable {
     }
 
     public func toUsageSnapshot() -> UsageSnapshot {
-        let total = max(0, self.consumed + self.remaining)
-        let usedPercent: Double = if total > 0 {
-            min(100, max(0, (self.consumed / total) * 100))
-        } else {
-            0
-        }
-        let usedText = String(format: "%.0f", self.consumed)
-        let totalText = String(format: "%.0f", total)
-        let rateWindow = RateWindow(
-            usedPercent: usedPercent,
-            windowMinutes: nil,
-            resetsAt: nil,
-            resetDescription: total > 0 ? "Credits: \(usedText)/\(totalText)" : nil)
         let identity = ProviderIdentitySnapshot(
             providerID: .kimik2,
             accountEmail: nil,
             accountOrganization: nil,
-            loginMethod: nil)
+            loginMethod: "Credits: \(UsageFormatter.creditsString(from: self.remaining))")
         return UsageSnapshot(
-            primary: rateWindow,
+            primary: nil,
             secondary: nil,
             tertiary: nil,
             providerCost: nil,
@@ -136,15 +123,11 @@ public struct KimiK2UsageFetcher: Sendable {
         request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
         request.setValue("application/json", forHTTPHeaderField: "Accept")
 
-        let (data, response) = try await URLSession.shared.data(for: request)
-
-        guard let httpResponse = response as? HTTPURLResponse else {
-            throw KimiK2UsageError.networkError("Invalid response")
-        }
-
-        guard httpResponse.statusCode == 200 else {
-            let body = String(data: data, encoding: .utf8) ?? "HTTP \(httpResponse.statusCode)"
-            Self.log.error("Kimi K2 API returned \(httpResponse.statusCode): \(body)")
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
+            let body = String(data: data, encoding: .utf8) ?? "HTTP \(response.statusCode)"
+            Self.log.error("Kimi K2 API returned \(response.statusCode): \(body)")
             throw KimiK2UsageError.apiError(body)
         }
 
@@ -152,7 +135,7 @@ public struct KimiK2UsageFetcher: Sendable {
             Self.log.debug("Kimi K2 API response: \(jsonString)")
         }
 
-        let summary = try Self.parseSummary(data: data, headers: httpResponse.allHeaderFields)
+        let summary = try Self.parseSummary(data: data, headers: response.response.allHeaderFields)
         return KimiK2UsageSnapshot(summary: summary)
     }
 
diff --git a/Sources/CodexBarCore/Providers/Kiro/KiroStatusProbe.swift b/Sources/CodexBarCore/Providers/Kiro/KiroStatusProbe.swift
index 2e90d136a..5d83a1cf7 100644
--- a/Sources/CodexBarCore/Providers/Kiro/KiroStatusProbe.swift
+++ b/Sources/CodexBarCore/Providers/Kiro/KiroStatusProbe.swift
@@ -2,15 +2,61 @@ import Foundation
 
 public struct KiroUsageSnapshot: Sendable {
     public let planName: String
+    public let displayPlanName: String
+    public let accountEmail: String?
+    public let authMethod: String?
     public let creditsUsed: Double
     public let creditsTotal: Double
     public let creditsPercent: Double
     public let bonusCreditsUsed: Double?
     public let bonusCreditsTotal: Double?
     public let bonusExpiryDays: Int?
+    public let overagesStatus: String?
+    public let overageCreditsUsed: Double?
+    public let estimatedOverageCostUSD: Double?
+    public let manageURL: String?
+    public let contextUsage: KiroContextUsageSnapshot?
     public let resetsAt: Date?
     public let updatedAt: Date
 
+    public init(
+        planName: String,
+        displayPlanName: String? = nil,
+        accountEmail: String? = nil,
+        authMethod: String? = nil,
+        creditsUsed: Double,
+        creditsTotal: Double,
+        creditsPercent: Double,
+        bonusCreditsUsed: Double?,
+        bonusCreditsTotal: Double?,
+        bonusExpiryDays: Int?,
+        overagesStatus: String? = nil,
+        overageCreditsUsed: Double? = nil,
+        estimatedOverageCostUSD: Double? = nil,
+        manageURL: String? = nil,
+        contextUsage: KiroContextUsageSnapshot? = nil,
+        resetsAt: Date?,
+        updatedAt: Date)
+    {
+        self.planName = planName
+        self.displayPlanName = displayPlanName ?? KiroStatusProbe.displayPlanName(planName)
+        self.accountEmail = accountEmail
+        self.authMethod = authMethod
+        self.creditsUsed = creditsUsed
+        self.creditsTotal = creditsTotal
+        self.creditsPercent = creditsPercent
+        self.bonusCreditsUsed = bonusCreditsUsed
+        self.bonusCreditsTotal = bonusCreditsTotal
+        self.bonusExpiryDays = bonusExpiryDays
+        self.overagesStatus = overagesStatus
+        self.overageCreditsUsed = overageCreditsUsed
+        self.estimatedOverageCostUSD = estimatedOverageCostUSD
+        self.manageURL = manageURL
+        self.contextUsage = contextUsage
+        self.resetsAt = resetsAt
+        self.updatedAt = updatedAt
+    }
+
     public func toUsageSnapshot() -> UsageSnapshot {
         let primary = RateWindow(
             usedPercent: self.creditsPercent,
@@ -37,19 +83,116 @@ public struct KiroUsageSnapshot: Sendable {
 
         let identity = ProviderIdentitySnapshot(
             providerID: .kiro,
-            accountEmail: nil,
-            accountOrganization: self.planName,
-            loginMethod: self.planName)
+            accountEmail: self.accountEmail,
+            accountOrganization: nil,
+            loginMethod: self.authMethod)
+
+        let kiroUsage = KiroUsageDetails(
+            planName: self.planName,
+            displayPlanName: self.displayPlanName,
+            creditsUsed: self.creditsUsed,
+            creditsTotal: self.creditsTotal,
+            creditsRemaining: self.creditsRemaining,
+            bonusCreditsUsed: self.bonusCreditsUsed,
+            bonusCreditsTotal: self.bonusCreditsTotal,
+            bonusCreditsRemaining: self.bonusCreditsRemaining,
+            bonusExpiryDays: self.bonusExpiryDays,
+            overagesStatus: self.overagesStatus,
+            overageCreditsUsed: self.overageCreditsUsed,
+            estimatedOverageCostUSD: self.estimatedOverageCostUSD,
+            manageURL: self.manageURL,
+            contextUsage: self.contextUsage)
 
         return UsageSnapshot(
             primary: primary,
             secondary: secondary,
             tertiary: nil,
+            kiroUsage: kiroUsage,
             providerCost: nil,
             zaiUsage: nil,
             updatedAt: self.updatedAt,
             identity: identity)
     }
+
+    public var creditsRemaining: Double {
+        max(0, self.creditsTotal - self.creditsUsed)
+    }
+
+    public var bonusCreditsRemaining: Double? {
+        guard let bonusCreditsUsed, let bonusCreditsTotal else { return nil }
+        return max(0, bonusCreditsTotal - bonusCreditsUsed)
+    }
+}
+
+public struct KiroContextUsageSnapshot: Codable, Equatable, Sendable {
+    public let totalPercentUsed: Double
+    public let contextFilesPercent: Double?
+    public let toolsPercent: Double?
+    public let kiroResponsesPercent: Double?
+    public let promptsPercent: Double?
+
+    public init(
+        totalPercentUsed: Double,
+        contextFilesPercent: Double?,
+        toolsPercent: Double?,
+        kiroResponsesPercent: Double?,
+        promptsPercent: Double?)
+    {
+        self.totalPercentUsed = totalPercentUsed
+        self.contextFilesPercent = contextFilesPercent
+        self.toolsPercent = toolsPercent
+        self.kiroResponsesPercent = kiroResponsesPercent
+        self.promptsPercent = promptsPercent
+    }
+}
+
+public struct KiroUsageDetails: Codable, Equatable, Sendable {
+    public let planName: String
+    public let displayPlanName: String
+    public let creditsUsed: Double
+    public let creditsTotal: Double
+    public let creditsRemaining: Double
+    public let bonusCreditsUsed: Double?
+    public let bonusCreditsTotal: Double?
+    public let bonusCreditsRemaining: Double?
+    public let bonusExpiryDays: Int?
+    public let overagesStatus: String?
+    public let overageCreditsUsed: Double?
+    public let estimatedOverageCostUSD: Double?
+    public let manageURL: String?
+    public let contextUsage: KiroContextUsageSnapshot?
+
+    public init(
+        planName: String,
+        displayPlanName: String,
+        creditsUsed: Double,
+        creditsTotal: Double,
+        creditsRemaining: Double,
+        bonusCreditsUsed: Double?,
+        bonusCreditsTotal: Double?,
+        bonusCreditsRemaining: Double?,
+        bonusExpiryDays: Int?,
+        overagesStatus: String?,
+        overageCreditsUsed: Double?,
+        estimatedOverageCostUSD: Double?,
+        manageURL: String?,
+        contextUsage: KiroContextUsageSnapshot?)
+    {
+        self.planName = planName
+        self.displayPlanName = displayPlanName
+        self.creditsUsed = creditsUsed
+        self.creditsTotal = creditsTotal
+        self.creditsRemaining = creditsRemaining
+        self.bonusCreditsUsed = bonusCreditsUsed
+        self.bonusCreditsTotal = bonusCreditsTotal
+        self.bonusCreditsRemaining = bonusCreditsRemaining
+        self.bonusExpiryDays = bonusExpiryDays
+        self.overagesStatus = overagesStatus
+        self.overageCreditsUsed = overageCreditsUsed
+        self.estimatedOverageCostUSD = estimatedOverageCostUSD
+        self.manageURL = manageURL
+        self.contextUsage = contextUsage
+    }
 }
 
 public enum KiroStatusProbeError: LocalizedError, Sendable {
@@ -105,27 +248,42 @@ public struct KiroStatusProbe: Sendable {
     }
 
     public func fetch() async throws -> KiroUsageSnapshot {
-        try await self.ensureLoggedIn()
+        let account = try await self.ensureLoggedIn()
         let output = try await self.runUsageCommand()
-        return try self.parse(output: output)
+        var contextUsage: KiroContextUsageSnapshot?
+        do {
+            contextUsage = try await self.fetchContextUsage()
+        } catch {
+            Self.logger.debug("Kiro context usage probe failed: \(error.localizedDescription)")
+        }
+        return try self.parse(
+            output: output,
+            accountEmail: account.email,
+            authMethod: account.authMethod,
+            contextUsage: contextUsage)
     }
 
-    private struct KiroCLIResult: Sendable {
+    private struct KiroCLIResult {
         let stdout: String
         let stderr: String
         let terminationStatus: Int32
         let terminatedForIdle: Bool
     }
 
-    private func ensureLoggedIn() async throws {
+    struct KiroAccountInfo: Equatable {
+        let authMethod: String?
+        let email: String?
+    }
+
+    private func ensureLoggedIn() async throws -> KiroAccountInfo {
         let result = try await self.runCommand(arguments: ["whoami"], timeout: 5.0)
-        try self.validateWhoAmIOutput(
+        return try self.validateWhoAmIOutput(
             stdout: result.stdout,
             stderr: result.stderr,
             terminationStatus: result.terminationStatus)
     }
 
-    func validateWhoAmIOutput(stdout: String, stderr: String, terminationStatus: Int32) throws {
+    func validateWhoAmIOutput(stdout: String, stderr: String, terminationStatus: Int32) throws -> KiroAccountInfo {
         let trimmedStdout = stdout.trimmingCharacters(in: .whitespacesAndNewlines)
         let trimmedStderr = stderr.trimmingCharacters(in: .whitespacesAndNewlines)
         let combined = trimmedStderr.isEmpty ? trimmedStdout : trimmedStderr
@@ -145,6 +303,39 @@ public struct KiroStatusProbe: Sendable {
         if combined.isEmpty {
             throw KiroStatusProbeError.cliFailed("Kiro CLI whoami returned no output.")
         }
+
+        return self.parseWhoAmIOutput(combined)
+    }
+
+    func parseWhoAmIOutput(_ output: String) -> KiroAccountInfo {
+        let stripped = Self.stripANSI(output)
+        var authMethod: String?
+        var email: String?
+        for rawLine in stripped.components(separatedBy: .newlines) {
+            let line = rawLine.trimmingCharacters(in: .whitespacesAndNewlines)
+            guard !line.isEmpty else { continue }
+            if line.localizedCaseInsensitiveContains("logged in with") {
+                authMethod = line.replacingOccurrences(
+                    of: #"(?i)^\s*logged in with\s+"#,
+                    with: "",
+                    options: [.regularExpression])
+                    .trimmingCharacters(in: .whitespacesAndNewlines)
+            } else if line.localizedCaseInsensitiveContains("email:") {
+                email = line.replacingOccurrences(
+                    of: #"(?i)^\s*email:\s*"#,
+                    with: "",
+                    options: [.regularExpression])
+                    .trimmingCharacters(in: .whitespacesAndNewlines)
+            } else if email == nil,
+                      !line.contains(" "),
+                      line.contains("@")
+            {
+                email = line
+            }
+        }
+        return KiroAccountInfo(
+            authMethod: authMethod?.nilIfEmpty,
+            email: email?.nilIfEmpty)
     }
 
     private func runUsageCommand() async throws -> String {
@@ -188,6 +379,17 @@ public struct KiroStatusProbe: Sendable {
         return result.stdout
     }
 
+    private func fetchContextUsage() async throws -> KiroContextUsageSnapshot? {
+        let result = try await self.runCommand(
+            arguments: ["chat", "--no-interactive", "/context"],
+            timeout: 8.0,
+            idleTimeout: 3.0)
+        let output = result.stdout.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+            ? result.stderr
+            : result.stdout
+        return self.parseContextUsage(output: output)
+    }
+
     private func runCommand(
         arguments: [String],
         timeout: TimeInterval,
@@ -333,7 +535,12 @@ public struct KiroStatusProbe: Sendable {
         }
     }
 
-    func parse(output: String) throws -> KiroUsageSnapshot {
+    func parse(
+        output: String,
+        accountEmail: String? = nil,
+        authMethod: String? = nil,
+        contextUsage: KiroContextUsageSnapshot? = nil) throws -> KiroUsageSnapshot
+    {
         let stripped = Self.stripANSI(output)
 
         let trimmed = stripped.trimmingCharacters(in: .whitespacesAndNewlines)
@@ -361,37 +568,15 @@ public struct KiroStatusProbe: Sendable {
         var matchedCredits = false
         var matchedNewFormat = false
 
-        // Parse plan name from "| KIRO FREE" or similar (legacy format)
-        var planName = "Kiro"
-        if let planMatch = stripped.range(of: #"\|\s*(KIRO\s+\w+)"#, options: .regularExpression) {
-            let raw = String(stripped[planMatch]).replacingOccurrences(of: "|", with: "")
-            planName = raw.trimmingCharacters(in: .whitespaces)
-        }
-
-        // Parse plan name from "Plan: Q Developer Pro" (new format, kiro-cli 1.24+)
-        if let newPlanMatch = stripped.range(of: #"Plan:\s*(.+)"#, options: .regularExpression) {
-            let line = String(stripped[newPlanMatch])
-            // Extract just the plan name, stopping at newline
-            let planLine = line.replacingOccurrences(of: "Plan:", with: "").trimmingCharacters(in: .whitespaces)
-            if let firstLine = planLine.split(separator: "\n").first {
-                planName = String(firstLine).trimmingCharacters(in: .whitespaces)
-                matchedNewFormat = true
-            }
-        }
+        let parsedPlan = Self.parsePlanName(from: stripped)
+        let planName = parsedPlan.name
+        matchedNewFormat = parsedPlan.matchedNewFormat
 
         // Check if this is a managed plan with no usage data
         let isManagedPlan = lowered.contains("managed by admin")
             || lowered.contains("managed by organization")
 
-        // Parse reset date from "resets on 01/01"
-        var resetsAt: Date?
-        if let resetMatch = stripped.range(of: #"resets on (\d{2}/\d{2})"#, options: .regularExpression) {
-            let resetStr = String(stripped[resetMatch])
-            if let dateRange = resetStr.range(of: #"\d{2}/\d{2}"#, options: .regularExpression) {
-                let dateStr = String(resetStr[dateRange])
-                resetsAt = Self.parseResetDate(dateStr)
-            }
-        }
+        let resetsAt = Self.parseResetDate(in: stripped)
 
         // Parse credits percentage from "████...█ X%"
         var creditsPercent: Double = 0
@@ -420,24 +605,24 @@ public struct KiroStatusProbe: Sendable {
             creditsPercent = (creditsUsed / creditsTotal) * 100.0
         }
 
-        // Parse bonus credits from "Bonus credits: X.XX/Y credits used, expires in Z days"
-        var bonusUsed: Double?
-        var bonusTotal: Double?
-        var bonusExpiryDays: Int?
-        if let bonusMatch = stripped.range(of: #"Bonus credits:\s*(\d+\.?\d*)/(\d+)"#, options: .regularExpression) {
-            let bonusStr = String(stripped[bonusMatch])
-            let numbers = bonusStr.matches(of: /(\d+\.?\d*)/)
-            if numbers.count >= 2 {
-                bonusUsed = Double(String(numbers[0].output.1))
-                bonusTotal = Double(String(numbers[1].output.1))
-            }
-        }
-        if let expiryMatch = stripped.range(of: #"expires in (\d+) days?"#, options: .regularExpression) {
-            let expiryStr = String(stripped[expiryMatch])
-            if let numMatch = expiryStr.range(of: #"\d+"#, options: .regularExpression) {
-                bonusExpiryDays = Int(String(expiryStr[numMatch]))
-            }
-        }
+        let bonusCredits = Self.parseBonusCredits(in: stripped)
+
+        let overagesStatus = Self.firstCapture(
+            in: stripped,
+            pattern: #"(?i)Overages:\s*([^\n]+)"#)
+            .map(Self.cleanInlineValue)
+            .flatMap(\.nilIfEmpty)
+        let overageCreditsUsed = Self.firstCapture(
+            in: stripped,
+            pattern: #"(?i)Credits used:\s*(\d+\.?\d*)"#)
+            .flatMap(Double.init)
+        let estimatedOverageCostUSD = Self.firstCapture(
+            in: stripped,
+            pattern: #"(?i)Est\.\s*cost:\s*\$?(\d+\.?\d*)\s*USD"#)
+            .flatMap(Double.init)
+        let manageURL = Self.firstCapture(
+            in: stripped,
+            pattern: #"https://app\.kiro\.dev/account/usage"#)
 
         // Managed plans in new format may omit usage metrics. Only fall back to zeros when
         // we did not parse any usage values, so we do not mask real metrics.
@@ -445,12 +630,20 @@ public struct KiroStatusProbe: Sendable {
             // Managed plans don't expose credits; return snapshot with plan name only
             return KiroUsageSnapshot(
                 planName: planName,
+                displayPlanName: Self.displayPlanName(planName),
+                accountEmail: accountEmail?.nilIfEmpty,
+                authMethod: authMethod?.nilIfEmpty,
                 creditsUsed: 0,
                 creditsTotal: 0,
                 creditsPercent: 0,
-                bonusCreditsUsed: nil,
-                bonusCreditsTotal: nil,
-                bonusExpiryDays: nil,
+                bonusCreditsUsed: bonusCredits.used,
+                bonusCreditsTotal: bonusCredits.total,
+                bonusExpiryDays: bonusCredits.expiryDays,
+                overagesStatus: overagesStatus,
+                overageCreditsUsed: overageCreditsUsed,
+                estimatedOverageCostUSD: estimatedOverageCostUSD,
+                manageURL: manageURL,
+                contextUsage: contextUsage,
                 resetsAt: nil,
                 updatedAt: Date())
         }
@@ -464,16 +657,41 @@ public struct KiroStatusProbe: Sendable {
 
         return KiroUsageSnapshot(
             planName: planName,
+            displayPlanName: Self.displayPlanName(planName),
+            accountEmail: accountEmail?.nilIfEmpty,
+            authMethod: authMethod?.nilIfEmpty,
             creditsUsed: creditsUsed,
             creditsTotal: creditsTotal,
             creditsPercent: creditsPercent,
-            bonusCreditsUsed: bonusUsed,
-            bonusCreditsTotal: bonusTotal,
-            bonusExpiryDays: bonusExpiryDays,
+            bonusCreditsUsed: bonusCredits.used,
+            bonusCreditsTotal: bonusCredits.total,
+            bonusExpiryDays: bonusCredits.expiryDays,
+            overagesStatus: overagesStatus,
+            overageCreditsUsed: overageCreditsUsed,
+            estimatedOverageCostUSD: estimatedOverageCostUSD,
+            manageURL: manageURL,
+            contextUsage: contextUsage,
             resetsAt: resetsAt,
             updatedAt: Date())
     }
 
+    func parseContextUsage(output: String) -> KiroContextUsageSnapshot? {
+        let stripped = Self.stripANSI(output)
+        guard let total = Self.firstCapture(
+            in: stripped,
+            pattern: #"(?i)Context window:\s*(\d+\.?\d*)%\s+used"#)
+            .flatMap(Double.init)
+        else {
+            return nil
+        }
+        return KiroContextUsageSnapshot(
+            totalPercentUsed: total,
+            contextFilesPercent: Self.percent(after: "Context files", in: stripped),
+            toolsPercent: Self.percent(after: "Tools", in: stripped),
+            kiroResponsesPercent: Self.percent(after: "Kiro responses", in: stripped),
+            promptsPercent: Self.percent(after: "Your prompts", in: stripped))
+    }
+
     private static func stripANSI(_ text: String) -> String {
         // Remove ANSI escape sequences
         let pattern = #"\x1B\[[0-9;?]*[A-Za-z]|\x1B\].*?\x07"#
@@ -484,7 +702,87 @@ public struct KiroStatusProbe: Sendable {
         return regex.stringByReplacingMatches(in: text, options: [], range: range, withTemplate: "")
     }
 
+    private static func parsePlanName(from text: String) -> (name: String, matchedNewFormat: Bool) {
+        var planName = "Kiro"
+        var matchedNewFormat = false
+
+        // Parse plan name from "| KIRO FREE" or similar (legacy format)
+        if let planMatch = text.range(of: #"\|\s*(KIRO\s+\w+)"#, options: .regularExpression) {
+            let raw = String(text[planMatch]).replacingOccurrences(of: "|", with: "")
+            planName = raw.trimmingCharacters(in: .whitespaces)
+        }
+
+        // Parse plan name from "Estimated Usage | resets on 2026-06-01 | KIRO FREE" (kiro-cli 2.x)
+        if let estimatedMatch = text.range(
+            of: #"Estimated Usage\s*\|[^\n|]*\|\s*([A-Z][A-Z0-9 ]+)"#,
+            options: .regularExpression)
+        {
+            let line = String(text[estimatedMatch])
+            if let plan = line.split(separator: "|").last?.trimmingCharacters(in: .whitespacesAndNewlines),
+               !plan.isEmpty
+            {
+                planName = plan
+            }
+        }
+
+        // Parse plan name from "Plan: Q Developer Pro" (new format, kiro-cli 1.24+)
+        if let newPlanMatch = text.range(of: #"Plan:\s*(.+)"#, options: .regularExpression) {
+            let line = String(text[newPlanMatch])
+            let planLine = line.replacingOccurrences(of: "Plan:", with: "").trimmingCharacters(in: .whitespaces)
+            if let firstLine = planLine.split(separator: "\n").first {
+                planName = String(firstLine).trimmingCharacters(in: .whitespaces)
+                matchedNewFormat = true
+            }
+        }
+
+        return (planName, matchedNewFormat)
+    }
+
+    private static func parseResetDate(in text: String) -> Date? {
+        guard let resetMatch = text.range(
+            of: #"resets on (\d{4}-\d{2}-\d{2}|\d{2}/\d{2})"#,
+            options: .regularExpression)
+        else { return nil }
+
+        let resetStr = String(text[resetMatch])
+        guard let dateRange = resetStr.range(
+            of: #"\d{4}-\d{2}-\d{2}|\d{2}/\d{2}"#,
+            options: .regularExpression)
+        else { return nil }
+
+        return Self.parseResetDate(String(resetStr[dateRange]))
+    }
+
+    private static func parseBonusCredits(in text: String) -> (used: Double?, total: Double?, expiryDays: Int?) {
+        var used: Double?
+        var total: Double?
+        var expiryDays: Int?
+        if let bonusMatch = text.range(of: #"Bonus credits:\s*(\d+\.?\d*)/(\d+)"#, options: .regularExpression) {
+            let bonusStr = String(text[bonusMatch])
+            let numbers = bonusStr.matches(of: /(\d+\.?\d*)/)
+            if numbers.count >= 2 {
+                used = Double(String(numbers[0].output.1))
+                total = Double(String(numbers[1].output.1))
+            }
+        }
+        if let expiryMatch = text.range(of: #"expires in (\d+) days?"#, options: .regularExpression) {
+            let expiryStr = String(text[expiryMatch])
+            if let numMatch = expiryStr.range(of: #"\d+"#, options: .regularExpression) {
+                expiryDays = Int(String(expiryStr[numMatch]))
+            }
+        }
+        return (used, total, expiryDays)
+    }
+
     private static func parseResetDate(_ dateStr: String) -> Date? {
+        if dateStr.contains("-") {
+            let formatter = DateFormatter()
+            formatter.locale = Locale(identifier: "en_US_POSIX")
+            formatter.timeZone = Calendar.current.timeZone
+            formatter.dateFormat = "yyyy-MM-dd"
+            return formatter.date(from: dateStr)
+        }
+
         // Format: MM/DD - assume current or next year
         let parts = dateStr.split(separator: "/")
         guard parts.count == 2,
@@ -510,6 +808,45 @@ public struct KiroStatusProbe: Sendable {
         return calendar.date(from: components)
     }
 
+    public static func displayPlanName(_ planName: String) -> String {
+        let cleaned = Self.cleanInlineValue(planName)
+            .replacingOccurrences(of: #"\s+"#, with: " ", options: [.regularExpression])
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+        guard cleaned.localizedCaseInsensitiveContains("KIRO") else {
+            return cleaned.isEmpty ? planName : cleaned
+        }
+        return cleaned
+            .split(separator: " ")
+            .map { word in
+                if word.caseInsensitiveCompare("KIRO") == .orderedSame { return "Kiro" }
+                return word.prefix(1).uppercased() + word.dropFirst().lowercased()
+            }
+            .joined(separator: " ")
+    }
+
+    private static func percent(after label: String, in text: String) -> Double? {
+        let escaped = NSRegularExpression.escapedPattern(for: label)
+        return self.firstCapture(
+            in: text,
+            pattern: #"(?i)"# + escaped + #"\s+(\d+\.?\d*)%"#)
+            .flatMap(Double.init)
+    }
+
+    private static func firstCapture(in text: String, pattern: String) -> String? {
+        guard let regex = try? NSRegularExpression(pattern: pattern, options: []) else { return nil }
+        let nsRange = NSRange(text.startIndex..<text.endIndex, in: text)
+        guard let match = regex.firstMatch(in: text, options: [], range: nsRange) else { return nil }
+        let captureIndex = match.numberOfRanges > 1 ? 1 : 0
+        guard let range = Range(match.range(at: captureIndex), in: text) else { return nil }
+        return String(text[range]).trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+
+    private static func cleanInlineValue(_ text: String) -> String {
+        self.stripANSI(text)
+            .replacingOccurrences(of: #"\x1B|\[[0-9;?]*[A-Za-z]"#, with: "", options: [.regularExpression])
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+
     private static func isUsageOutputComplete(_ output: String) -> Bool {
         let stripped = self.stripANSI(output).lowercased()
         return stripped.contains("covered in plan")
@@ -519,3 +856,9 @@ public struct KiroStatusProbe: Sendable {
             || stripped.contains("managed by admin")
     }
 }
+
+extension String {
+    fileprivate var nilIfEmpty: String? {
+        self.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty ? nil : self
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/LLMProxy/LLMProxyProviderDescriptor.swift b/Sources/CodexBarCore/Providers/LLMProxy/LLMProxyProviderDescriptor.swift
new file mode 100644
index 000000000..e226646ed
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/LLMProxy/LLMProxyProviderDescriptor.swift
@@ -0,0 +1,69 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum LLMProxyProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .llmproxy,
+            metadata: ProviderMetadata(
+                id: .llmproxy,
+                displayName: "LLM Proxy",
+                sessionLabel: "Quota",
+                weeklyLabel: "Requests",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show LLM Proxy usage",
+                cliName: "llmproxy",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: nil,
+                dashboardURL: nil,
+                statusPageURL: nil),
+            branding: ProviderBranding(
+                iconStyle: .llmproxy,
+                iconResourceName: "ProviderIcon-llmproxy",
+                color: ProviderColor(red: 36 / 255, green: 180 / 255, blue: 126 / 255)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "LLM Proxy cost history is reported in the quota-stats summary." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .api],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [LLMProxyAPIFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "llmproxy",
+                aliases: ["llm-api-key-proxy", "llm-proxy"],
+                versionDetector: nil))
+    }
+}
+
+struct LLMProxyAPIFetchStrategy: ProviderFetchStrategy {
+    let id: String = "llmproxy.api"
+    let kind: ProviderFetchKind = .apiToken
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        ProviderTokenResolver.llmProxyToken(environment: context.env) != nil &&
+            LLMProxySettingsReader.baseURL(environment: context.env) != nil
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard let apiKey = ProviderTokenResolver.llmProxyToken(environment: context.env) else {
+            throw LLMProxyUsageError.missingCredentials
+        }
+        guard let baseURL = LLMProxySettingsReader.baseURL(environment: context.env) else {
+            throw LLMProxyUsageError.missingBaseURL
+        }
+        let usage = try await LLMProxyUsageFetcher.fetchUsage(apiKey: apiKey, baseURL: baseURL)
+        return self.makeResult(
+            usage: usage.toUsageSnapshot(),
+            sourceLabel: "api")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/LLMProxy/LLMProxySettingsReader.swift b/Sources/CodexBarCore/Providers/LLMProxy/LLMProxySettingsReader.swift
new file mode 100644
index 000000000..e753752f9
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/LLMProxy/LLMProxySettingsReader.swift
@@ -0,0 +1,32 @@
+import Foundation
+
+public enum LLMProxySettingsReader {
+    public static let apiKeyEnvironmentKey = "LLM_PROXY_API_KEY"
+    public static let baseURLEnvironmentKey = "LLM_PROXY_BASE_URL"
+
+    public static func apiKey(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.cleaned(environment[self.apiKeyEnvironmentKey])
+    }
+
+    public static func baseURL(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> URL?
+    {
+        guard let raw = self.cleaned(environment[self.baseURLEnvironmentKey]) else { return nil }
+        return URL(string: raw)
+    }
+
+    static func cleaned(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+        value = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : value
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/LLMProxy/LLMProxyUsageFetcher.swift b/Sources/CodexBarCore/Providers/LLMProxy/LLMProxyUsageFetcher.swift
new file mode 100644
index 000000000..094ec3015
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/LLMProxy/LLMProxyUsageFetcher.swift
@@ -0,0 +1,313 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public enum LLMProxyUsageError: LocalizedError, Sendable {
+    case missingCredentials
+    case missingBaseURL
+    case invalidURL
+    case apiError(String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCredentials:
+            "Missing LLM Proxy API key. Set apiKey in ~/.codexbar/config.json or LLM_PROXY_API_KEY."
+        case .missingBaseURL:
+            "Missing LLM Proxy base URL. Set enterpriseHost in ~/.codexbar/config.json or LLM_PROXY_BASE_URL."
+        case .invalidURL:
+            "LLM Proxy URL is invalid."
+        case let .apiError(message):
+            "LLM Proxy API error: \(message)"
+        case let .parseFailed(message):
+            "LLM Proxy parse error: \(message)"
+        }
+    }
+}
+
+public struct LLMProxyUsageSnapshot: Codable, Sendable, Equatable {
+    public let providerCount: Int
+    public let credentialCount: Int
+    public let activeCredentialCount: Int
+    public let exhaustedCredentialCount: Int
+    public let totalRequests: Int
+    public let totalTokens: Int
+    public let approximateCostUSD: Double?
+    public let minimumRemainingPercent: Double?
+    public let nextResetAt: Date?
+    public let topProviders: [ProviderSummary]
+    public let updatedAt: Date
+
+    public struct ProviderSummary: Codable, Sendable, Equatable {
+        public let name: String
+        public let requests: Int
+        public let tokens: Int
+        public let approximateCostUSD: Double?
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let used = self.minimumRemainingPercent.map { max(0, min(100, 100 - $0)) }
+        let windows = self.topProviders.prefix(3).map { provider in
+            NamedRateWindow(
+                id: provider.name,
+                title: provider.name,
+                window: RateWindow(
+                    usedPercent: 0,
+                    windowMinutes: nil,
+                    resetsAt: nil,
+                    resetDescription: Self.providerSummaryText(provider)))
+        }
+        return UsageSnapshot(
+            primary: used.map {
+                RateWindow(
+                    usedPercent: $0,
+                    windowMinutes: nil,
+                    resetsAt: self.nextResetAt,
+                    resetDescription: nil)
+            },
+            secondary: RateWindow(
+                usedPercent: 0,
+                windowMinutes: nil,
+                resetsAt: nil,
+                resetDescription: "\(Self.formatInteger(self.totalRequests)) requests"),
+            tertiary: RateWindow(
+                usedPercent: 0,
+                windowMinutes: nil,
+                resetsAt: nil,
+                resetDescription: "\(Self.formatInteger(self.totalTokens)) tokens"),
+            extraRateWindows: windows.isEmpty ? nil : Array(windows),
+            providerCost: self.approximateCostUSD.map {
+                ProviderCostSnapshot(
+                    used: $0,
+                    limit: 0,
+                    currencyCode: "USD",
+                    period: "Approx. spend",
+                    resetsAt: self.nextResetAt,
+                    updatedAt: self.updatedAt)
+            },
+            updatedAt: self.updatedAt,
+            identity: ProviderIdentitySnapshot(
+                providerID: .llmproxy,
+                accountEmail: nil,
+                accountOrganization: "\(self.activeCredentialCount)/\(self.credentialCount) active keys",
+                loginMethod: "quota-stats"))
+    }
+
+    private static func providerSummaryText(_ provider: ProviderSummary) -> String {
+        var pieces = [
+            "\(Self.formatInteger(provider.requests)) req",
+            "\(Self.formatInteger(provider.tokens)) tok",
+        ]
+        if let cost = provider.approximateCostUSD {
+            pieces.append(UsageFormatter.usdString(cost))
+        }
+        return pieces.joined(separator: " · ")
+    }
+
+    private static func formatInteger(_ value: Int) -> String {
+        let formatter = NumberFormatter()
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        formatter.numberStyle = .decimal
+        formatter.usesGroupingSeparator = true
+        formatter.groupingSeparator = ","
+        formatter.maximumFractionDigits = 0
+        return formatter.string(from: NSNumber(value: value)) ?? "\(value)"
+    }
+}
+
+private struct LLMProxyQuotaStatsResponse: Decodable {
+    struct ProviderStats: Decodable {
+        struct Tokens: Decodable {
+            let inputCached: Int?
+            let inputUncached: Int?
+            let output: Int?
+
+            private enum CodingKeys: String, CodingKey {
+                case inputCached = "input_cached"
+                case inputUncached = "input_uncached"
+                case output
+            }
+        }
+
+        struct QuotaGroup: Decodable {
+            let remainingPercent: Double?
+            let resetTime: String?
+
+            private enum CodingKeys: String, CodingKey {
+                case remainingPercent = "remaining_percent"
+                case resetTime = "reset_time"
+            }
+        }
+
+        let credentialCount: Int?
+        let activeCount: Int?
+        let exhaustedCount: Int?
+        let totalRequests: Int?
+        let tokens: Tokens?
+        let approximateCost: Double?
+        let quotaGroups: [QuotaGroup]?
+
+        private enum CodingKeys: String, CodingKey {
+            case credentialCount = "credential_count"
+            case activeCount = "active_count"
+            case exhaustedCount = "exhausted_count"
+            case totalRequests = "total_requests"
+            case tokens
+            case approximateCost = "approx_cost"
+            case quotaGroups = "quota_groups"
+        }
+
+        init(from decoder: Decoder) throws {
+            let container = try decoder.container(keyedBy: CodingKeys.self)
+            self.credentialCount = try container.decodeIfPresent(Int.self, forKey: .credentialCount)
+            self.activeCount = try container.decodeIfPresent(Int.self, forKey: .activeCount)
+            self.exhaustedCount = try container.decodeIfPresent(Int.self, forKey: .exhaustedCount)
+            self.totalRequests = try container.decodeIfPresent(Int.self, forKey: .totalRequests)
+            self.tokens = try container.decodeIfPresent(Tokens.self, forKey: .tokens)
+            self.approximateCost = try container.decodeIfPresent(Double.self, forKey: .approximateCost)
+            self.quotaGroups = Self.decodeQuotaGroups(from: container)
+        }
+
+        private static func decodeQuotaGroups(from container: KeyedDecodingContainer<CodingKeys>)
+            -> [QuotaGroup]?
+        {
+            if let groups = try? container.decodeIfPresent([QuotaGroup].self, forKey: .quotaGroups) {
+                return groups
+            }
+            let keyedGroups = try? container.decodeIfPresent(
+                [String: QuotaGroup].self,
+                forKey: .quotaGroups)
+            return keyedGroups?.values.sorted { lhs, rhs in
+                (lhs.remainingPercent ?? .infinity) < (rhs.remainingPercent ?? .infinity)
+            }
+        }
+    }
+
+    struct Summary: Decodable {
+        let totalRequests: Int?
+        let approximateCost: Double?
+        let totalTokens: Int?
+
+        private enum CodingKeys: String, CodingKey {
+            case totalRequests = "total_requests"
+            case approximateCost = "approx_cost"
+            case totalTokens = "total_tokens"
+        }
+    }
+
+    let providers: [String: ProviderStats]
+    let summary: Summary?
+}
+
+public struct LLMProxyUsageFetcher: Sendable {
+    public init() {}
+
+    public static func fetchUsage(
+        apiKey: String,
+        baseURL: URL,
+        transport: any ProviderHTTPTransport = ProviderHTTPClient.shared,
+        updatedAt: Date = Date()) async throws -> LLMProxyUsageSnapshot
+    {
+        guard !apiKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty else {
+            throw LLMProxyUsageError.missingCredentials
+        }
+        let url = self.quotaStatsURL(baseURL: baseURL)
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+
+        let response = try await transport.response(for: request)
+        guard (200..<300).contains(response.statusCode) else {
+            throw LLMProxyUsageError.apiError("HTTP \(response.statusCode): \(Self.responseSummary(response.data))")
+        }
+        return try self.parseSnapshot(data: response.data, updatedAt: updatedAt)
+    }
+
+    public static func _parseSnapshotForTesting(_ data: Data, updatedAt: Date) throws -> LLMProxyUsageSnapshot {
+        try self.parseSnapshot(data: data, updatedAt: updatedAt)
+    }
+
+    public static func _quotaStatsURLForTesting(baseURL: URL) -> URL {
+        self.quotaStatsURL(baseURL: baseURL)
+    }
+
+    private static func quotaStatsURL(baseURL: URL) -> URL {
+        let path = baseURL.path.trimmingCharacters(in: CharacterSet(charactersIn: "/"))
+        let versionedBaseURL = path.split(separator: "/").last == "v1"
+            ? baseURL
+            : baseURL.appendingPathComponent("v1")
+        return versionedBaseURL.appendingPathComponent("quota-stats")
+    }
+
+    private static func parseSnapshot(data: Data, updatedAt: Date) throws -> LLMProxyUsageSnapshot {
+        do {
+            let decoded = try JSONDecoder().decode(LLMProxyQuotaStatsResponse.self, from: data)
+            let providers = decoded.providers
+            let summaries = providers.map { name, stats in
+                LLMProxyUsageSnapshot.ProviderSummary(
+                    name: name,
+                    requests: stats.totalRequests ?? 0,
+                    tokens: Self.tokenTotal(stats.tokens),
+                    approximateCostUSD: stats.approximateCost)
+            }.sorted { lhs, rhs in
+                if lhs.requests != rhs.requests { return lhs.requests > rhs.requests }
+                return lhs.name < rhs.name
+            }
+            let requests = decoded.summary?.totalRequests ?? summaries.reduce(0) { $0 + $1.requests }
+            let tokens = decoded.summary?.totalTokens ?? summaries.reduce(0) { $0 + $1.tokens }
+            let cost = decoded.summary?.approximateCost ?? {
+                let sum = summaries.compactMap(\.approximateCostUSD).reduce(0, +)
+                return sum > 0 ? sum : nil
+            }()
+
+            let quotaGroups = providers.values.flatMap { $0.quotaGroups ?? [] }
+            let minRemaining = quotaGroups.compactMap(\.remainingPercent).min()
+            let reset = quotaGroups.compactMap { Self.parseDate($0.resetTime) }.min()
+
+            return LLMProxyUsageSnapshot(
+                providerCount: providers.count,
+                credentialCount: providers.values.reduce(0) { $0 + ($1.credentialCount ?? 0) },
+                activeCredentialCount: providers.values.reduce(0) { $0 + ($1.activeCount ?? 0) },
+                exhaustedCredentialCount: providers.values.reduce(0) { $0 + ($1.exhaustedCount ?? 0) },
+                totalRequests: requests,
+                totalTokens: tokens,
+                approximateCostUSD: cost,
+                minimumRemainingPercent: minRemaining,
+                nextResetAt: reset,
+                topProviders: summaries,
+                updatedAt: updatedAt)
+        } catch let error as LLMProxyUsageError {
+            throw error
+        } catch {
+            throw LLMProxyUsageError.parseFailed(error.localizedDescription)
+        }
+    }
+
+    private static func tokenTotal(_ tokens: LLMProxyQuotaStatsResponse.ProviderStats.Tokens?) -> Int {
+        (tokens?.inputCached ?? 0) + (tokens?.inputUncached ?? 0) + (tokens?.output ?? 0)
+    }
+
+    private static func parseDate(_ raw: String?) -> Date? {
+        guard let raw else { return nil }
+        if let date = self.iso8601DateFormatter(fractionalSeconds: true).date(from: raw) {
+            return date
+        }
+        return self.iso8601DateFormatter(fractionalSeconds: false).date(from: raw)
+    }
+
+    private static func iso8601DateFormatter(fractionalSeconds: Bool) -> ISO8601DateFormatter {
+        let formatter = ISO8601DateFormatter()
+        if fractionalSeconds {
+            formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        }
+        return formatter
+    }
+
+    private static func responseSummary(_ data: Data) -> String {
+        String(bytes: data.prefix(500), encoding: .utf8)?
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            ?? ""
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Manus/ManusCookieHeader.swift b/Sources/CodexBarCore/Providers/Manus/ManusCookieHeader.swift
new file mode 100644
index 000000000..8e8260915
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Manus/ManusCookieHeader.swift
@@ -0,0 +1,42 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public enum ManusCookieHeader {
+    public static let sessionCookieName = "session_id"
+
+    public static func resolveToken(context: ProviderFetchContext) -> String? {
+        guard let settings = context.settings?.manus, settings.cookieSource == .manual else { return nil }
+        return self.token(from: settings.manualCookieHeader)
+    }
+
+    public static func token(from raw: String?) -> String? {
+        guard let raw = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !raw.isEmpty else {
+            return nil
+        }
+
+        if !raw.contains("="), !raw.contains(";") {
+            return raw
+        }
+
+        let pairs = CookieHeaderNormalizer.pairs(from: raw)
+        for pair in pairs where pair.name.caseInsensitiveCompare(self.sessionCookieName) == .orderedSame {
+            let token = pair.value.trimmingCharacters(in: .whitespacesAndNewlines)
+            if !token.isEmpty {
+                return token
+            }
+        }
+        return nil
+    }
+
+    public static func sessionToken(from cookies: [HTTPCookie]) -> String? {
+        for cookie in cookies where cookie.name.caseInsensitiveCompare(self.sessionCookieName) == .orderedSame {
+            let token = cookie.value.trimmingCharacters(in: .whitespacesAndNewlines)
+            if !token.isEmpty {
+                return token
+            }
+        }
+        return nil
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Manus/ManusCookieImporter.swift b/Sources/CodexBarCore/Providers/Manus/ManusCookieImporter.swift
new file mode 100644
index 000000000..e8affb76e
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Manus/ManusCookieImporter.swift
@@ -0,0 +1,188 @@
+import Foundation
+
+#if os(macOS)
+import SweetCookieKit
+
+public enum ManusCookieImporter {
+    private static let log = CodexBarLog.logger(LogCategories.manusCookie)
+    private static let cookieClient = BrowserCookieClient()
+    private static let cookieDomains = ["manus.im", "www.manus.im"]
+    private static let cookieImportOrder: BrowserCookieImportOrder =
+        ProviderDefaults.metadata[.manus]?.browserCookieOrder ?? Browser.defaultImportOrder
+    nonisolated(unsafe) static var importSessionOverrideForTesting:
+        ((BrowserDetection, ((String) -> Void)?) throws -> SessionInfo)?
+    nonisolated(unsafe) static var importSessionsOverrideForTesting:
+        ((BrowserDetection, ((String) -> Void)?) throws -> [SessionInfo])?
+
+    public struct SessionInfo: Sendable {
+        public let cookies: [HTTPCookie]
+        public let sourceLabel: String
+
+        public init(cookies: [HTTPCookie], sourceLabel: String) {
+            self.cookies = cookies
+            self.sourceLabel = sourceLabel
+        }
+
+        public var sessionToken: String? {
+            ManusCookieHeader.sessionToken(from: self.cookies)
+        }
+    }
+
+    public static func importSessions(
+        browserDetection: BrowserDetection = BrowserDetection(),
+        logger: ((String) -> Void)? = nil) throws -> [SessionInfo]
+    {
+        if let override = self.importSessionsOverrideForTesting {
+            return try override(browserDetection, logger)
+        }
+        if let override = self.importSessionOverrideForTesting {
+            return try [override(browserDetection, logger)]
+        }
+
+        var sessions: [SessionInfo] = []
+        let candidates = self.cookieImportOrder.cookieImportCandidates(using: browserDetection)
+        for browserSource in candidates {
+            do {
+                let perSource = try self.importSessions(from: browserSource, logger: logger)
+                sessions.append(contentsOf: perSource)
+            } catch {
+                BrowserCookieAccessGate.recordIfNeeded(error)
+                self.emit(
+                    "\(browserSource.displayName) cookie import failed: \(error.localizedDescription)",
+                    logger: logger)
+            }
+        }
+
+        guard !sessions.isEmpty else {
+            throw ManusCookieImportError.noCookies
+        }
+        return sessions
+    }
+
+    public static func importSessions(
+        from browserSource: Browser,
+        logger: ((String) -> Void)? = nil) throws -> [SessionInfo]
+    {
+        let query = BrowserCookieQuery(domains: self.cookieDomains)
+        let log: (String) -> Void = { message in self.emit(message, logger: logger) }
+        let sources = try Self.cookieClient.codexBarRecords(
+            matching: query,
+            in: browserSource,
+            logger: log)
+
+        var sessions: [SessionInfo] = []
+        let grouped = Dictionary(grouping: sources, by: { $0.store.profile.id })
+        let sortedGroups = grouped.values.sorted { lhs, rhs in
+            self.mergedLabel(for: lhs) < self.mergedLabel(for: rhs)
+        }
+
+        for group in sortedGroups where !group.isEmpty {
+            let label = self.mergedLabel(for: group)
+            let mergedRecords = self.mergeRecords(group)
+            guard !mergedRecords.isEmpty else { continue }
+            let httpCookies = BrowserCookieClient.makeHTTPCookies(mergedRecords, origin: query.origin)
+            guard !httpCookies.isEmpty else { continue }
+
+            let session = SessionInfo(cookies: httpCookies, sourceLabel: label)
+            guard let token = session.sessionToken else {
+                continue
+            }
+
+            log("Found \(ManusCookieHeader.sessionCookieName) cookie in \(label)")
+            if !token.isEmpty {
+                sessions.append(session)
+            }
+        }
+
+        return sessions
+    }
+
+    public static func importSession(
+        browserDetection: BrowserDetection = BrowserDetection(),
+        logger: ((String) -> Void)? = nil) throws -> SessionInfo
+    {
+        let sessions = try self.importSessions(browserDetection: browserDetection, logger: logger)
+        guard let first = sessions.first else {
+            throw ManusCookieImportError.noCookies
+        }
+        return first
+    }
+
+    public static func hasSession(
+        browserDetection: BrowserDetection = BrowserDetection(),
+        logger: ((String) -> Void)? = nil) -> Bool
+    {
+        do {
+            _ = try self.importSession(browserDetection: browserDetection, logger: logger)
+            return true
+        } catch {
+            return false
+        }
+    }
+
+    private static func emit(_ message: String, logger: ((String) -> Void)?) {
+        logger?("[manus-cookie] \(message)")
+        self.log.debug(message)
+    }
+
+    private static func mergedLabel(for sources: [BrowserCookieStoreRecords]) -> String {
+        guard let base = sources.map(\.label).min() else { return "Unknown" }
+        if base.hasSuffix(" (Network)") {
+            return String(base.dropLast(" (Network)".count))
+        }
+        return base
+    }
+
+    private static func mergeRecords(_ sources: [BrowserCookieStoreRecords]) -> [BrowserCookieRecord] {
+        let sortedSources = sources.sorted { lhs, rhs in
+            self.storePriority(lhs.store.kind) < self.storePriority(rhs.store.kind)
+        }
+        var mergedByKey: [String: BrowserCookieRecord] = [:]
+        for source in sortedSources {
+            for record in source.records {
+                let key = self.recordKey(record)
+                if let existing = mergedByKey[key] {
+                    if self.shouldReplace(existing: existing, candidate: record) {
+                        mergedByKey[key] = record
+                    }
+                } else {
+                    mergedByKey[key] = record
+                }
+            }
+        }
+        return Array(mergedByKey.values)
+    }
+
+    private static func storePriority(_ kind: BrowserCookieStoreKind) -> Int {
+        switch kind {
+        case .network: 0
+        case .primary: 1
+        case .safari: 2
+        }
+    }
+
+    private static func recordKey(_ record: BrowserCookieRecord) -> String {
+        "\(record.name)|\(record.domain)|\(record.path)"
+    }
+
+    private static func shouldReplace(existing: BrowserCookieRecord, candidate: BrowserCookieRecord) -> Bool {
+        switch (existing.expires, candidate.expires) {
+        case let (lhs?, rhs?): rhs > lhs
+        case (nil, .some): true
+        case (.some, nil): false
+        case (nil, nil): false
+        }
+    }
+}
+
+enum ManusCookieImportError: LocalizedError {
+    case noCookies
+
+    var errorDescription: String? {
+        switch self {
+        case .noCookies:
+            "No Manus session cookies found in browsers. Please log into manus.im."
+        }
+    }
+}
+#endif
diff --git a/Sources/CodexBarCore/Providers/Manus/ManusProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Manus/ManusProviderDescriptor.swift
new file mode 100644
index 000000000..838c6e5eb
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Manus/ManusProviderDescriptor.swift
@@ -0,0 +1,182 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum ManusProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .manus,
+            metadata: ProviderMetadata(
+                id: .manus,
+                displayName: "Manus",
+                sessionLabel: "Monthly credits",
+                weeklyLabel: "Daily refresh",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show Manus usage",
+                cliName: "manus",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: ProviderBrowserCookieDefaults.defaultImportOrder,
+                dashboardURL: "https://manus.im",
+                statusPageURL: nil),
+            branding: ProviderBranding(
+                iconStyle: .manus,
+                iconResourceName: "ProviderIcon-manus",
+                color: ProviderColor(red: 52 / 255, green: 50 / 255, blue: 45 / 255)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "Manus cost summary is not supported." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .web],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [ManusWebFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "manus",
+                aliases: [],
+                versionDetector: nil))
+    }
+}
+
+struct ManusWebFetchStrategy: ProviderFetchStrategy {
+    private enum SessionTokenSource {
+        case manual
+        case cache
+        case browser
+        case environment
+
+        var shouldCacheAfterFetch: Bool {
+            self == .browser
+        }
+    }
+
+    private struct ResolvedSessionToken {
+        let value: String
+        let source: SessionTokenSource
+    }
+
+    let id: String = "manus.web"
+    let kind: ProviderFetchKind = .web
+    private static let log = CodexBarLog.logger(LogCategories.manusWeb)
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        guard context.settings?.manus?.cookieSource != .off else { return false }
+        if context.settings?.manus?.cookieSource == .manual { return true }
+
+        if let cached = CookieHeaderCache.load(provider: .manus),
+           ManusCookieHeader.token(from: cached.cookieHeader) != nil
+        {
+            return true
+        }
+
+        #if os(macOS)
+        if ManusCookieImporter.hasSession(browserDetection: context.browserDetection) {
+            return true
+        }
+        #endif
+
+        return ManusSettingsReader.sessionToken(environment: context.env) != nil
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let resolvedTokens = try self.resolveSessionTokens(context: context)
+        guard !resolvedTokens.isEmpty else {
+            throw ManusAPIError.missingToken
+        }
+
+        var sawInvalidToken = false
+        for resolved in resolvedTokens {
+            do {
+                let response = try await ManusUsageFetcher.fetchCredits(sessionToken: resolved.value)
+                self.cacheTokenIfNeeded(resolved, sourceLabel: "web")
+                return self.makeResult(
+                    usage: response.toUsageSnapshot(),
+                    sourceLabel: "web")
+            } catch ManusAPIError.invalidToken {
+                sawInvalidToken = true
+                if resolved.source == .cache {
+                    CookieHeaderCache.clear(provider: .manus)
+                }
+                continue
+            }
+        }
+
+        if sawInvalidToken {
+            throw ManusAPIError.invalidToken
+        }
+        throw ManusAPIError.missingToken
+    }
+
+    func shouldFallback(on error: Error, context _: ProviderFetchContext) -> Bool {
+        if case ManusAPIError.missingToken = error { return false }
+        if case ManusAPIError.invalidCookie = error { return false }
+        if case ManusAPIError.invalidToken = error { return false }
+        return true
+    }
+
+    private func resolveSessionTokens(context: ProviderFetchContext) throws -> [ResolvedSessionToken] {
+        guard context.settings?.manus?.cookieSource != .off else { return [] }
+
+        if context.settings?.manus?.cookieSource == .manual {
+            guard let token = ManusCookieHeader.resolveToken(context: context) else {
+                throw ManusAPIError.invalidCookie
+            }
+            return [ResolvedSessionToken(value: token, source: .manual)]
+        }
+
+        var tokens: [ResolvedSessionToken] = []
+
+        if let cached = CookieHeaderCache.load(provider: .manus),
+           let token = ManusCookieHeader.token(from: cached.cookieHeader)
+        {
+            tokens.append(ResolvedSessionToken(value: token, source: .cache))
+        }
+
+        tokens.append(contentsOf: self.resolveBrowserOrEnvironmentTokens(context: context))
+        return self.deduplicated(tokens)
+    }
+
+    private func resolveBrowserOrEnvironmentTokens(context: ProviderFetchContext) -> [ResolvedSessionToken] {
+        guard context.settings?.manus?.cookieSource != .off else { return [] }
+        var tokens: [ResolvedSessionToken] = []
+
+        #if os(macOS)
+        do {
+            let sessions = try ManusCookieImporter.importSessions(browserDetection: context.browserDetection)
+            tokens.append(contentsOf: sessions.compactMap { session in
+                guard let token = session.sessionToken else { return nil }
+                return ResolvedSessionToken(value: token, source: .browser)
+            })
+        } catch {
+            Self.log.debug("No Manus browser session available: \(error.localizedDescription)")
+        }
+        #endif
+
+        if let token = ManusSettingsReader.sessionToken(environment: context.env) {
+            tokens.append(ResolvedSessionToken(value: token, source: .environment))
+        }
+        return self.deduplicated(tokens)
+    }
+
+    private func deduplicated(_ tokens: [ResolvedSessionToken]) -> [ResolvedSessionToken] {
+        var seen: Set<String> = []
+        var deduplicated: [ResolvedSessionToken] = []
+        for token in tokens where !token.value.isEmpty {
+            if seen.insert(token.value).inserted {
+                deduplicated.append(token)
+            }
+        }
+        return deduplicated
+    }
+
+    private func cacheTokenIfNeeded(_ token: ResolvedSessionToken, sourceLabel: String) {
+        guard token.source.shouldCacheAfterFetch else { return }
+        CookieHeaderCache.store(
+            provider: .manus,
+            cookieHeader: "\(ManusCookieHeader.sessionCookieName)=\(token.value)",
+            sourceLabel: sourceLabel)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Manus/ManusSettingsReader.swift b/Sources/CodexBarCore/Providers/Manus/ManusSettingsReader.swift
new file mode 100644
index 000000000..3d9fbfa84
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Manus/ManusSettingsReader.swift
@@ -0,0 +1,31 @@
+import Foundation
+
+public enum ManusSettingsReader {
+    public static func sessionToken(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        let rawToken = environment["MANUS_SESSION_TOKEN"]
+            ?? environment["manus_session_token"]
+            ?? environment["MANUS_SESSION_ID"]
+            ?? environment["manus_session_id"]
+        if let token = ManusCookieHeader.token(from: self.cleaned(rawToken)) {
+            return token
+        }
+
+        let rawCookie = environment["MANUS_COOKIE"] ?? environment["manus_cookie"]
+        return ManusCookieHeader.token(from: self.cleaned(rawCookie))
+    }
+
+    private static func cleaned(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+
+        value = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : value
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Manus/ManusUsageFetcher.swift b/Sources/CodexBarCore/Providers/Manus/ManusUsageFetcher.swift
new file mode 100644
index 000000000..b59f37b07
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Manus/ManusUsageFetcher.swift
@@ -0,0 +1,295 @@
+import Foundation
+
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public struct ManusCreditsResponse: Decodable, Sendable {
+    public let totalCredits: Double
+    public let freeCredits: Double
+    public let periodicCredits: Double
+    public let addonCredits: Double
+    public let refreshCredits: Double
+    public let maxRefreshCredits: Double
+    public let proMonthlyCredits: Double
+    public let eventCredits: Double
+    public let nextRefreshTime: Date?
+    public let refreshInterval: String?
+
+    public init(
+        totalCredits: Double,
+        freeCredits: Double,
+        periodicCredits: Double,
+        addonCredits: Double,
+        refreshCredits: Double,
+        maxRefreshCredits: Double,
+        proMonthlyCredits: Double,
+        eventCredits: Double,
+        nextRefreshTime: Date? = nil,
+        refreshInterval: String? = nil)
+    {
+        self.totalCredits = totalCredits
+        self.freeCredits = freeCredits
+        self.periodicCredits = periodicCredits
+        self.addonCredits = addonCredits
+        self.refreshCredits = refreshCredits
+        self.maxRefreshCredits = maxRefreshCredits
+        self.proMonthlyCredits = proMonthlyCredits
+        self.eventCredits = eventCredits
+        self.nextRefreshTime = nextRefreshTime
+        self.refreshInterval = refreshInterval
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case totalCredits
+        case freeCredits
+        case periodicCredits
+        case addonCredits
+        case refreshCredits
+        case maxRefreshCredits
+        case proMonthlyCredits
+        case eventCredits
+        case nextRefreshTime
+        case refreshInterval
+    }
+
+    public init(from decoder: any Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.totalCredits = container.decodeLossyDoubleIfPresent(forKey: .totalCredits) ?? 0
+        self.freeCredits = container.decodeLossyDoubleIfPresent(forKey: .freeCredits) ?? 0
+        self.periodicCredits = container.decodeLossyDoubleIfPresent(forKey: .periodicCredits) ?? 0
+        self.addonCredits = container.decodeLossyDoubleIfPresent(forKey: .addonCredits) ?? 0
+        self.refreshCredits = container.decodeLossyDoubleIfPresent(forKey: .refreshCredits) ?? 0
+        self.maxRefreshCredits = container.decodeLossyDoubleIfPresent(forKey: .maxRefreshCredits) ?? 0
+        self.proMonthlyCredits = container.decodeLossyDoubleIfPresent(forKey: .proMonthlyCredits) ?? 0
+        self.eventCredits = container.decodeLossyDoubleIfPresent(forKey: .eventCredits) ?? 0
+        self.nextRefreshTime = container.decodeIfPresentFlexibleDate(forKey: .nextRefreshTime)
+        self.refreshInterval = try? container.decodeIfPresent(String.self, forKey: .refreshInterval)
+    }
+}
+
+public enum ManusUsageFetcher {
+    private static let log = CodexBarLog.logger(LogCategories.manusAPI)
+    private static let creditsURL =
+        URL(string: "https://api.manus.im/user.v1.UserService/GetAvailableCredits")!
+    @TaskLocal static var fetchCreditsOverride:
+        (@Sendable (String, Date) async throws -> ManusCreditsResponse)?
+
+    public static func fetchCredits(
+        sessionToken: String,
+        now: Date = Date()) async throws -> ManusCreditsResponse
+    {
+        if let override = self.fetchCreditsOverride {
+            return try await override(sessionToken, now)
+        }
+
+        guard !sessionToken.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty else {
+            throw ManusAPIError.missingToken
+        }
+
+        var request = URLRequest(url: self.creditsURL)
+        request.httpMethod = "POST"
+        request.timeoutInterval = 15
+        request.httpBody = Data("{}".utf8)
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.setValue("application/json", forHTTPHeaderField: "Content-Type")
+        request.setValue("Bearer \(sessionToken)", forHTTPHeaderField: "Authorization")
+        request.setValue("https://manus.im", forHTTPHeaderField: "Origin")
+        request.setValue("https://manus.im/", forHTTPHeaderField: "Referer")
+        request.setValue("1", forHTTPHeaderField: "Connect-Protocol-Version")
+        let userAgent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) " +
+            "AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
+        request.setValue(
+            userAgent,
+            forHTTPHeaderField: "User-Agent")
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
+            let body = String(data: data, encoding: .utf8) ?? "<binary>"
+            let truncated = body.count > 200 ? String(body.prefix(200)) + "…" : body
+            Self.log.error("Manus API returned \(response.statusCode): \(truncated)")
+            if response.statusCode == 401 || response.statusCode == 403 {
+                throw ManusAPIError.invalidToken
+            }
+            throw ManusAPIError.apiError("HTTP \(response.statusCode)")
+        }
+
+        do {
+            return try self.parseResponse(data)
+        } catch let error as ManusAPIError {
+            throw error
+        } catch {
+            let preview = String(data: data.prefix(500), encoding: .utf8) ?? "<binary>"
+            Self.log.error("Manus parse failed: \(error) — response: \(preview)")
+            throw ManusAPIError.parseFailed(error.localizedDescription)
+        }
+    }
+
+    public static func parseResponse(_ data: Data) throws -> ManusCreditsResponse {
+        let decoder = JSONDecoder()
+
+        // Try envelope first — the direct decoder defaults missing fields to 0,
+        // so it would "succeed" on wrapped payloads and silently return zero credits.
+        if let envelope = try? decoder.decode(ManusCreditsEnvelope.self, from: data),
+           let response = envelope.data ?? envelope.result ?? envelope.response ?? envelope.availableCredits
+        {
+            return response
+        }
+
+        let response = try decoder.decode(ManusCreditsResponse.self, from: data)
+        // The custom decoder defaults every numeric field to 0, so an unrelated JSON
+        // object (e.g. an error payload) would otherwise surface as a bogus zero-credit
+        // snapshot. Require at least one known credits key in the raw payload.
+        guard Self.payloadContainsCreditsField(data: data) else {
+            throw ManusAPIError.parseFailed("response missing expected credits fields")
+        }
+        return response
+    }
+
+    private static let expectedCreditsKeys: Set<String> = [
+        "totalCredits", "freeCredits", "periodicCredits", "addonCredits",
+        "refreshCredits", "maxRefreshCredits", "proMonthlyCredits", "eventCredits",
+    ]
+
+    private static func payloadContainsCreditsField(data: Data) -> Bool {
+        guard let object = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
+            return false
+        }
+        return !Self.expectedCreditsKeys.isDisjoint(with: object.keys)
+    }
+}
+
+extension ManusCreditsResponse {
+    public func toUsageSnapshot(now: Date = Date()) -> UsageSnapshot {
+        let primary: RateWindow? = if self.proMonthlyCredits > 0 {
+            RateWindow(
+                usedPercent: min(
+                    100,
+                    max(0, (self.proMonthlyCredits - self.periodicCredits) / self.proMonthlyCredits * 100)),
+                windowMinutes: nil,
+                resetsAt: nil,
+                resetDescription: Self.monthlyDetail(totalCredits: self.totalCredits, freeCredits: self.freeCredits))
+        } else {
+            nil
+        }
+
+        let secondary: RateWindow? = if self.maxRefreshCredits > 0 {
+            RateWindow(
+                usedPercent: min(
+                    100,
+                    max(0, (self.maxRefreshCredits - self.refreshCredits) / self.maxRefreshCredits * 100)),
+                windowMinutes: nil,
+                resetsAt: self.nextRefreshTime,
+                resetDescription: Self.refreshDetail(
+                    refreshCredits: self.refreshCredits,
+                    maxRefreshCredits: self.maxRefreshCredits,
+                    refreshInterval: self.refreshInterval))
+        } else {
+            nil
+        }
+
+        let balance = Self.creditCountString(self.totalCredits)
+        let identity = ProviderIdentitySnapshot(
+            providerID: .manus,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: "Balance: \(balance) credits")
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: secondary,
+            tertiary: nil,
+            providerCost: nil,
+            updatedAt: now,
+            identity: identity)
+    }
+
+    private static func creditCountString(_ value: Double) -> String {
+        let formatter = NumberFormatter()
+        formatter.numberStyle = .decimal
+        formatter.usesGroupingSeparator = true
+        formatter.maximumFractionDigits = 0
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        return formatter.string(from: NSNumber(value: value.rounded())) ?? String(Int(value.rounded()))
+    }
+
+    private static func monthlyDetail(totalCredits: Double, freeCredits: Double) -> String? {
+        let total = self.creditCountString(totalCredits)
+        let free = self.creditCountString(freeCredits)
+        return "Total \(total) • Free \(free)"
+    }
+
+    private static func refreshDetail(
+        refreshCredits: Double,
+        maxRefreshCredits: Double,
+        refreshInterval: String?) -> String?
+    {
+        let refresh = self.creditCountString(refreshCredits)
+        let maxRefresh = self.creditCountString(maxRefreshCredits)
+        if let refreshInterval, !refreshInterval.isEmpty {
+            return "\(refreshInterval.capitalized): \(refresh) / \(maxRefresh)"
+        }
+        return "\(refresh) / \(maxRefresh)"
+    }
+}
+
+public enum ManusAPIError: LocalizedError, Equatable, Sendable {
+    case missingToken
+    case invalidCookie
+    case invalidToken
+    case networkError(String)
+    case apiError(String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingToken:
+            "No Manus session token provided."
+        case .invalidCookie:
+            "Manus session cookie is invalid."
+        case .invalidToken:
+            "Invalid Manus session token."
+        case let .networkError(message):
+            "Manus network error: \(message)"
+        case let .apiError(message):
+            "Manus API error: \(message)"
+        case let .parseFailed(message):
+            "Failed to parse Manus response: \(message)"
+        }
+    }
+}
+
+private struct ManusCreditsEnvelope: Decodable {
+    let data: ManusCreditsResponse?
+    let result: ManusCreditsResponse?
+    let response: ManusCreditsResponse?
+    let availableCredits: ManusCreditsResponse?
+}
+
+extension KeyedDecodingContainer where K: CodingKey {
+    fileprivate func decodeLossyDoubleIfPresent(forKey key: K) -> Double? {
+        if let value = try? self.decodeIfPresent(Double.self, forKey: key) {
+            return value
+        }
+        if let intValue = try? self.decodeIfPresent(Int.self, forKey: key) {
+            return Double(intValue)
+        }
+        if let stringValue = try? self.decodeIfPresent(String.self, forKey: key) {
+            return Double(stringValue.trimmingCharacters(in: .whitespacesAndNewlines))
+        }
+        return nil
+    }
+
+    fileprivate func decodeIfPresentFlexibleDate(forKey key: K) -> Date? {
+        if let value = try? self.decodeIfPresent(Date.self, forKey: key) {
+            return value
+        }
+        guard let stringValue = try? self.decodeIfPresent(String.self, forKey: key),
+              !stringValue.isEmpty
+        else {
+            return nil
+        }
+        return ISO8601DateFormatter().date(from: stringValue)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/MiMo/MiMoCookieImporter.swift b/Sources/CodexBarCore/Providers/MiMo/MiMoCookieImporter.swift
new file mode 100644
index 000000000..6cb2470af
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/MiMo/MiMoCookieImporter.swift
@@ -0,0 +1,240 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+enum MiMoCookieHeader {
+    static let requiredCookieNames: Set<String> = [
+        "api-platform_serviceToken",
+        "userId",
+    ]
+    static let knownCookieNames: Set<String> = requiredCookieNames.union([
+        "api-platform_ph",
+        "api-platform_slh",
+    ])
+
+    static func normalizedHeader(from raw: String?) -> String? {
+        guard let normalized = CookieHeaderNormalizer.normalize(raw) else { return nil }
+        let pairs = CookieHeaderNormalizer.pairs(from: normalized)
+        guard !pairs.isEmpty else { return nil }
+
+        var byName: [String: String] = [:]
+        for pair in pairs {
+            let name = pair.name.trimmingCharacters(in: .whitespacesAndNewlines)
+            let value = pair.value.trimmingCharacters(in: .whitespacesAndNewlines)
+            guard self.knownCookieNames.contains(name), !value.isEmpty else { continue }
+            byName[name] = value
+        }
+
+        guard self.requiredCookieNames.isSubset(of: Set(byName.keys)) else { return nil }
+        return byName.keys.sorted().compactMap { name in
+            guard let value = byName[name] else { return nil }
+            return "\(name)=\(value)"
+        }.joined(separator: "; ")
+    }
+
+    static func header(from cookies: [HTTPCookie]) -> String? {
+        let requestURL = URL(string: "https://platform.xiaomimimo.com/api/v1/balance")!
+        var byName: [String: HTTPCookie] = [:]
+        for cookie in cookies {
+            guard self.knownCookieNames.contains(cookie.name) else { continue }
+            guard !cookie.value.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty else { continue }
+            if let expiry = cookie.expiresDate, expiry < Date() { continue }
+            guard Self.matchesRequestURL(cookie: cookie, url: requestURL) else { continue }
+
+            if let existing = byName[cookie.name] {
+                if Self.cookieSortKey(for: cookie) >= Self.cookieSortKey(for: existing) {
+                    byName[cookie.name] = cookie
+                }
+            } else {
+                byName[cookie.name] = cookie
+            }
+        }
+
+        guard self.requiredCookieNames.isSubset(of: Set(byName.keys)) else { return nil }
+        return byName.keys.sorted().compactMap { name in
+            guard let cookie = byName[name] else { return nil }
+            return "\(cookie.name)=\(cookie.value)"
+        }.joined(separator: "; ")
+    }
+
+    private static func matchesRequestURL(cookie: HTTPCookie, url: URL) -> Bool {
+        guard let host = url.host else { return false }
+        let normalizedDomain = cookie.domain.lowercased().trimmingCharacters(in: CharacterSet(charactersIn: "."))
+        guard !normalizedDomain.isEmpty else { return false }
+        guard host == normalizedDomain || host.hasSuffix(".\(normalizedDomain)") else { return false }
+
+        let cookiePath = cookie.path.isEmpty ? "/" : cookie.path
+        let requestPath = url.path.isEmpty ? "/" : url.path
+        if requestPath == cookiePath {
+            return true
+        }
+        guard requestPath.hasPrefix(cookiePath) else { return false }
+        guard cookiePath != "/" else { return true }
+        if cookiePath.hasSuffix("/") {
+            return true
+        }
+        guard
+            let boundaryIndex = requestPath.index(
+                cookiePath.startIndex,
+                offsetBy: cookiePath.count,
+                limitedBy: requestPath.endIndex),
+            boundaryIndex < requestPath.endIndex
+        else {
+            return true
+        }
+        return requestPath[boundaryIndex] == "/"
+    }
+
+    private static func cookieSortKey(for cookie: HTTPCookie) -> (Int, Int, Date) {
+        let pathLength = cookie.path.count
+        let normalizedDomain = cookie.domain.lowercased().trimmingCharacters(in: CharacterSet(charactersIn: "."))
+        let domainLength = normalizedDomain.count
+        let expiry = cookie.expiresDate ?? .distantPast
+        return (pathLength, domainLength, expiry)
+    }
+}
+
+#if os(macOS)
+import SweetCookieKit
+
+private let miMoCookieImportOrder: BrowserCookieImportOrder =
+    ProviderDefaults.metadata[.mimo]?.browserCookieOrder ?? Browser.defaultImportOrder
+
+public enum MiMoCookieImporter {
+    private static let cookieClient = BrowserCookieClient()
+    private static let cookieDomains = [
+        "platform.xiaomimimo.com",
+        "xiaomimimo.com",
+    ]
+
+    public struct SessionInfo: Sendable {
+        public let cookieHeader: String
+        public let sourceLabel: String
+
+        public init(cookieHeader: String, sourceLabel: String) {
+            self.cookieHeader = cookieHeader
+            self.sourceLabel = sourceLabel
+        }
+    }
+
+    nonisolated(unsafe) static var importSessionsOverrideForTesting:
+        ((BrowserDetection, ((String) -> Void)?) throws -> [SessionInfo])?
+
+    public static func importSessions(
+        browserDetection: BrowserDetection,
+        logger: ((String) -> Void)? = nil) throws -> [SessionInfo]
+    {
+        if let override = self.importSessionsOverrideForTesting {
+            return try override(browserDetection, logger)
+        }
+
+        let log: (String) -> Void = { msg in logger?("[mimo-cookie] \(msg)") }
+        var sessions: [SessionInfo] = []
+        let installed = miMoCookieImportOrder.cookieImportCandidates(using: browserDetection)
+        let labels = installed.map(\.displayName).joined(separator: ", ")
+        log("Cookie import candidates: \(labels)")
+
+        for browserSource in installed {
+            do {
+                let query = BrowserCookieQuery(domains: self.cookieDomains)
+                let sources = try Self.cookieClient.records(
+                    matching: query,
+                    in: browserSource,
+                    logger: log)
+                sessions.append(contentsOf: self.sessionInfos(from: sources, origin: query.origin))
+            } catch {
+                BrowserCookieAccessGate.recordIfNeeded(error)
+                log("\(browserSource.displayName) cookie import failed: \(error.localizedDescription)")
+            }
+        }
+
+        return sessions
+    }
+
+    public static func hasSession(
+        browserDetection: BrowserDetection,
+        logger: ((String) -> Void)? = nil) -> Bool
+    {
+        (try? self.importSessions(browserDetection: browserDetection, logger: logger).isEmpty == false) ?? false
+    }
+
+    static func sessionInfos(
+        from sources: [BrowserCookieStoreRecords],
+        origin: BrowserCookieOriginStrategy = .domainBased) -> [SessionInfo]
+    {
+        let grouped = Dictionary(grouping: sources, by: { $0.store.profile.id })
+        let sortedGroups = grouped.values.sorted { lhs, rhs in
+            self.mergedLabel(for: lhs) < self.mergedLabel(for: rhs)
+        }
+
+        var sessions: [SessionInfo] = []
+        for group in sortedGroups where !group.isEmpty {
+            let label = self.mergedLabel(for: group)
+            let mergedRecords = self.mergeRecords(group)
+            guard !mergedRecords.isEmpty else { continue }
+            let cookies = BrowserCookieClient.makeHTTPCookies(mergedRecords, origin: origin)
+            guard let cookieHeader = MiMoCookieHeader.header(from: cookies) else {
+                continue
+            }
+            sessions.append(SessionInfo(cookieHeader: cookieHeader, sourceLabel: label))
+        }
+        return sessions
+    }
+
+    private static func mergedLabel(for sources: [BrowserCookieStoreRecords]) -> String {
+        guard let base = sources.map(\.label).min() else {
+            return "Unknown"
+        }
+        if base.hasSuffix(" (Network)") {
+            return String(base.dropLast(" (Network)".count))
+        }
+        return base
+    }
+
+    private static func mergeRecords(_ sources: [BrowserCookieStoreRecords]) -> [BrowserCookieRecord] {
+        let sortedSources = sources.sorted { lhs, rhs in
+            self.storePriority(lhs.store.kind) < self.storePriority(rhs.store.kind)
+        }
+        var mergedByKey: [String: BrowserCookieRecord] = [:]
+        for source in sortedSources {
+            for record in source.records {
+                let key = self.recordKey(record)
+                if let existing = mergedByKey[key] {
+                    if self.shouldReplace(existing: existing, candidate: record) {
+                        mergedByKey[key] = record
+                    }
+                } else {
+                    mergedByKey[key] = record
+                }
+            }
+        }
+        return Array(mergedByKey.values)
+    }
+
+    private static func storePriority(_ kind: BrowserCookieStoreKind) -> Int {
+        switch kind {
+        case .network: 0
+        case .primary: 1
+        case .safari: 2
+        }
+    }
+
+    private static func recordKey(_ record: BrowserCookieRecord) -> String {
+        "\(record.name)|\(record.domain)|\(record.path)"
+    }
+
+    private static func shouldReplace(existing: BrowserCookieRecord, candidate: BrowserCookieRecord) -> Bool {
+        switch (existing.expires, candidate.expires) {
+        case let (lhs?, rhs?):
+            rhs > lhs
+        case (nil, .some):
+            true
+        case (.some, nil):
+            false
+        case (nil, nil):
+            false
+        }
+    }
+}
+#endif
diff --git a/Sources/CodexBarCore/Providers/MiMo/MiMoProviderDescriptor.swift b/Sources/CodexBarCore/Providers/MiMo/MiMoProviderDescriptor.swift
new file mode 100644
index 000000000..42e3eb6cc
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/MiMo/MiMoProviderDescriptor.swift
@@ -0,0 +1,178 @@
+import CodexBarMacroSupport
+import Foundation
+
+#if os(macOS)
+import SweetCookieKit
+#endif
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum MiMoProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        #if os(macOS)
+        let browserOrder: BrowserCookieImportOrder = [
+            .chrome,
+            .chromeBeta,
+            .chromeCanary,
+        ]
+        #else
+        let browserOrder: BrowserCookieImportOrder? = nil
+        #endif
+
+        return ProviderDescriptor(
+            id: .mimo,
+            metadata: ProviderMetadata(
+                id: .mimo,
+                displayName: "Xiaomi MiMo",
+                sessionLabel: "Credits",
+                weeklyLabel: "Window",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: true,
+                creditsHint: "Token plan credits usage.",
+                toggleTitle: "Show Xiaomi MiMo token plan & balance",
+                cliName: "mimo",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: browserOrder,
+                dashboardURL: "https://platform.xiaomimimo.com/#/console/balance",
+                statusPageURL: nil),
+            branding: ProviderBranding(
+                iconStyle: .mimo,
+                iconResourceName: "ProviderIcon-mimo",
+                color: ProviderColor(red: 1.0, green: 105 / 255, blue: 0)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "Xiaomi MiMo cost summary is not supported." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .web],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [MiMoWebFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "mimo",
+                aliases: ["xiaomi-mimo"],
+                versionDetector: nil))
+    }
+}
+
+struct MiMoWebFetchStrategy: ProviderFetchStrategy {
+    let id: String = "mimo.web"
+    let kind: ProviderFetchKind = .web
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        guard context.settings?.mimo?.cookieSource != .off else { return false }
+        if context.settings?.mimo?.cookieSource == .manual {
+            return Self.resolveManualCookieHeader(context: context) != nil
+        }
+        if Self.resolveManualCookieHeader(context: context) != nil {
+            return true
+        }
+
+        #if os(macOS)
+        if let cached = CookieHeaderCache.load(provider: .mimo),
+           MiMoCookieHeader.normalizedHeader(from: cached.cookieHeader) != nil
+        {
+            return true
+        }
+        return MiMoCookieImporter.hasSession(browserDetection: context.browserDetection)
+        #else
+        return false
+        #endif
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard context.settings?.mimo?.cookieSource != .off else {
+            throw MiMoSettingsError.missingCookie
+        }
+        if context.settings?.mimo?.cookieSource == .manual {
+            guard let manualCookie = Self.resolveManualCookieHeader(context: context) else {
+                throw MiMoSettingsError.invalidCookie
+            }
+            let snapshot = try await MiMoUsageFetcher.fetchUsage(
+                cookieHeader: manualCookie,
+                environment: context.env)
+            return self.makeResult(usage: snapshot.toUsageSnapshot(), sourceLabel: "web")
+        }
+        if let manualCookie = Self.resolveManualCookieHeader(context: context) {
+            let snapshot = try await MiMoUsageFetcher.fetchUsage(
+                cookieHeader: manualCookie,
+                environment: context.env)
+            return self.makeResult(usage: snapshot.toUsageSnapshot(), sourceLabel: "web")
+        }
+
+        #if os(macOS)
+        var lastError: Error?
+
+        if let cached = CookieHeaderCache.load(provider: .mimo),
+           let cachedHeader = MiMoCookieHeader.normalizedHeader(from: cached.cookieHeader)
+        {
+            do {
+                let snapshot = try await MiMoUsageFetcher.fetchUsage(
+                    cookieHeader: cachedHeader,
+                    environment: context.env)
+                return self.makeResult(usage: snapshot.toUsageSnapshot(), sourceLabel: "web")
+            } catch {
+                guard Self.shouldRetryNextSession(for: error) else {
+                    throw error
+                }
+                CookieHeaderCache.clear(provider: .mimo)
+                lastError = error
+            }
+        }
+
+        let sessions = try MiMoCookieImporter.importSessions(browserDetection: context.browserDetection)
+        guard !sessions.isEmpty else {
+            if let lastError { throw lastError }
+            throw MiMoSettingsError.missingCookie
+        }
+
+        for session in sessions {
+            do {
+                let snapshot = try await MiMoUsageFetcher.fetchUsage(
+                    cookieHeader: session.cookieHeader,
+                    environment: context.env)
+                CookieHeaderCache.store(
+                    provider: .mimo,
+                    cookieHeader: session.cookieHeader,
+                    sourceLabel: session.sourceLabel)
+                return self.makeResult(usage: snapshot.toUsageSnapshot(), sourceLabel: "web")
+            } catch {
+                guard Self.shouldRetryNextSession(for: error) else {
+                    throw error
+                }
+                lastError = error
+                continue
+            }
+        }
+
+        if let lastError { throw lastError }
+        throw MiMoSettingsError.missingCookie
+        #else
+        throw MiMoSettingsError.missingCookie
+        #endif
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    private static func resolveManualCookieHeader(context: ProviderFetchContext) -> String? {
+        guard context.settings?.mimo?.cookieSource == .manual else { return nil }
+        return MiMoCookieHeader.normalizedHeader(from: context.settings?.mimo?.manualCookieHeader)
+    }
+
+    private static func shouldRetryNextSession(for error: Error) -> Bool {
+        if error is DecodingError {
+            return true
+        }
+        guard let mimoError = error as? MiMoUsageError else {
+            return false
+        }
+        switch mimoError {
+        case .invalidCredentials, .loginRequired, .parseFailed:
+            return true
+        case .networkError:
+            return false
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/MiMo/MiMoUsageFetcher.swift b/Sources/CodexBarCore/Providers/MiMo/MiMoUsageFetcher.swift
new file mode 100644
index 000000000..7f443d587
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/MiMo/MiMoUsageFetcher.swift
@@ -0,0 +1,260 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public enum MiMoSettingsError: LocalizedError, Sendable {
+    case missingCookie
+    case invalidCookie
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCookie:
+            "No Xiaomi MiMo browser session found. Log in at platform.xiaomimimo.com first."
+        case .invalidCookie:
+            "Xiaomi MiMo requires the api-platform_serviceToken and userId cookies."
+        }
+    }
+}
+
+public enum MiMoUsageError: LocalizedError, Sendable {
+    case invalidCredentials
+    case loginRequired
+    case parseFailed(String)
+    case networkError(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .invalidCredentials:
+            "Xiaomi MiMo browser session expired. Log in again."
+        case .loginRequired:
+            "Xiaomi MiMo login required."
+        case let .parseFailed(message):
+            "Could not parse Xiaomi MiMo balance: \(message)"
+        case let .networkError(message):
+            "Xiaomi MiMo request failed: \(message)"
+        }
+    }
+}
+
+public enum MiMoSettingsReader {
+    public static let apiURLKey = "MIMO_API_URL"
+
+    public static func apiURL(environment: [String: String] = ProcessInfo.processInfo.environment) -> URL {
+        if let override = environment[self.apiURLKey],
+           let url = URL(string: override.trimmingCharacters(in: .whitespacesAndNewlines)),
+           let scheme = url.scheme, !scheme.isEmpty
+        {
+            return url
+        }
+        return URL(string: "https://platform.xiaomimimo.com/api/v1")!
+    }
+}
+
+public enum MiMoUsageFetcher {
+    private static let requestTimeout: TimeInterval = 15
+
+    public static func fetchUsage(
+        cookieHeader: String,
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        now: Date = Date()) async throws -> MiMoUsageSnapshot
+    {
+        guard let normalizedCookie = MiMoCookieHeader.normalizedHeader(from: cookieHeader) else {
+            throw MiMoSettingsError.invalidCookie
+        }
+
+        let balanceURL = MiMoSettingsReader.apiURL(environment: environment).appendingPathComponent("balance")
+        let tokenDetailURL = MiMoSettingsReader.apiURL(environment: environment)
+            .appendingPathComponent("tokenPlan/detail")
+        let tokenUsageURL = MiMoSettingsReader.apiURL(environment: environment)
+            .appendingPathComponent("tokenPlan/usage")
+
+        async let balanceData = self.fetchAuthenticated(url: balanceURL, cookie: normalizedCookie)
+        let tokenDetailData: Data? = try? await self.fetchAuthenticated(url: tokenDetailURL, cookie: normalizedCookie)
+        let tokenUsageData: Data? = try? await self.fetchAuthenticated(url: tokenUsageURL, cookie: normalizedCookie)
+
+        return try await self.parseCombinedSnapshot(
+            balanceData: balanceData,
+            tokenDetailData: tokenDetailData,
+            tokenUsageData: tokenUsageData,
+            now: now)
+    }
+
+    private static func fetchAuthenticated(
+        url: URL,
+        cookie: String,
+        environment: [String: String] = ProcessInfo.processInfo.environment) async throws -> Data
+    {
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.timeoutInterval = Self.requestTimeout
+        request.setValue("application/json, text/plain, */*", forHTTPHeaderField: "Accept")
+        request.setValue(cookie, forHTTPHeaderField: "Cookie")
+        request.setValue("en-US,en;q=0.9", forHTTPHeaderField: "Accept-Language")
+        request.setValue("UTC+01:00", forHTTPHeaderField: "x-timeZone")
+        request.setValue("https://platform.xiaomimimo.com", forHTTPHeaderField: "Origin")
+        request.setValue("https://platform.xiaomimimo.com/#/console/balance", forHTTPHeaderField: "Referer")
+        request.setValue(
+            "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) " +
+                "AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36",
+            forHTTPHeaderField: "User-Agent")
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+
+        switch response.statusCode {
+        case 200:
+            break
+        case 401:
+            throw MiMoUsageError.loginRequired
+        case 403:
+            throw MiMoUsageError.invalidCredentials
+        default:
+            throw MiMoUsageError.networkError("HTTP \(response.statusCode)")
+        }
+
+        return response.data
+    }
+
+    static func parseCombinedSnapshot(
+        balanceData: Data,
+        tokenDetailData: Data?,
+        tokenUsageData: Data?,
+        now: Date = Date()) throws -> MiMoUsageSnapshot
+    {
+        let balanceSnapshot = try self.parseUsageSnapshot(from: balanceData, now: now)
+        let planDetail: (planCode: String?, periodEnd: Date?, expired: Bool) = {
+            guard let data = tokenDetailData, let result = try? self.parseTokenPlanDetail(from: data) else {
+                return (planCode: nil, periodEnd: nil, expired: false)
+            }
+            return result
+        }()
+        let planUsage: (used: Int, limit: Int, percent: Double) = {
+            guard let data = tokenUsageData, let result = try? self.parseTokenPlanUsage(from: data) else {
+                return (used: 0, limit: 0, percent: 0)
+            }
+            return result
+        }()
+
+        return MiMoUsageSnapshot(
+            balance: balanceSnapshot.balance,
+            currency: balanceSnapshot.currency,
+            planCode: planDetail.planCode,
+            planPeriodEnd: planDetail.periodEnd,
+            planExpired: planDetail.expired,
+            tokenUsed: planUsage.used,
+            tokenLimit: planUsage.limit,
+            tokenPercent: planUsage.percent,
+            updatedAt: now)
+    }
+
+    static func parseUsageSnapshot(from data: Data, now: Date = Date()) throws -> MiMoUsageSnapshot {
+        let decoder = JSONDecoder()
+        let response = try decoder.decode(BalanceResponse.self, from: data)
+
+        guard response.code == 0 else {
+            let message = response.message?.trimmingCharacters(in: .whitespacesAndNewlines)
+            if response.code == 401 {
+                throw MiMoUsageError.loginRequired
+            }
+            if response.code == 403 {
+                throw MiMoUsageError.invalidCredentials
+            }
+            throw MiMoUsageError.parseFailed(message?.isEmpty == false ? message! : "code \(response.code)")
+        }
+
+        guard let data = response.data else {
+            throw MiMoUsageError.parseFailed("Missing balance payload")
+        }
+        guard let balance = Double(data.balance) else {
+            throw MiMoUsageError.parseFailed("Invalid balance value")
+        }
+
+        let currency = data.currency.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !currency.isEmpty else {
+            throw MiMoUsageError.parseFailed("Missing currency")
+        }
+
+        return MiMoUsageSnapshot(balance: balance, currency: currency, updatedAt: now)
+    }
+
+    static func parseTokenPlanDetail(from data: Data) throws -> (planCode: String?, periodEnd: Date?, expired: Bool) {
+        let decoder = JSONDecoder()
+        let response = try decoder.decode(TokenPlanDetailResponse.self, from: data)
+
+        guard response.code == 0, let payload = response.data else {
+            return (planCode: nil, periodEnd: nil, expired: false)
+        }
+
+        let formatter = DateFormatter()
+        formatter.dateFormat = "yyyy-MM-dd HH:mm:ss"
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        formatter.timeZone = TimeZone(secondsFromGMT: 0)
+
+        let periodEnd: Date? = if let dateStr = payload.currentPeriodEnd {
+            formatter.date(from: dateStr)
+        } else {
+            nil
+        }
+
+        return (planCode: payload.planCode, periodEnd: periodEnd, expired: payload.expired)
+    }
+
+    static func parseTokenPlanUsage(from data: Data) throws -> (used: Int, limit: Int, percent: Double) {
+        let decoder = JSONDecoder()
+        let response = try decoder.decode(TokenPlanUsageResponse.self, from: data)
+
+        guard response.code == 0,
+              let monthUsage = response.data?.monthUsage,
+              let item = monthUsage.items.first
+        else {
+            return (used: 0, limit: 0, percent: 0)
+        }
+
+        return (used: item.used, limit: item.limit, percent: item.percent)
+    }
+
+    private struct BalanceResponse: Decodable {
+        let code: Int
+        let message: String?
+        let data: BalancePayload?
+    }
+
+    private struct BalancePayload: Decodable {
+        let balance: String
+        let currency: String
+    }
+
+    private struct TokenPlanDetailResponse: Decodable {
+        let code: Int
+        let message: String?
+        let data: TokenPlanDetailPayload?
+    }
+
+    private struct TokenPlanDetailPayload: Decodable {
+        let planCode: String?
+        let currentPeriodEnd: String?
+        let expired: Bool
+    }
+
+    private struct TokenPlanUsageResponse: Decodable {
+        let code: Int
+        let message: String?
+        let data: TokenPlanUsagePayload?
+    }
+
+    private struct TokenPlanUsagePayload: Decodable {
+        let monthUsage: MonthUsage?
+    }
+
+    private struct MonthUsage: Decodable {
+        let percent: Double
+        let items: [UsageItem]
+    }
+
+    private struct UsageItem: Decodable {
+        let name: String
+        let used: Int
+        let limit: Int
+        let percent: Double
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/MiMo/MiMoUsageSnapshot.swift b/Sources/CodexBarCore/Providers/MiMo/MiMoUsageSnapshot.swift
new file mode 100644
index 000000000..03bde859e
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/MiMo/MiMoUsageSnapshot.swift
@@ -0,0 +1,82 @@
+import Foundation
+
+public struct MiMoUsageSnapshot: Sendable {
+    public let balance: Double
+    public let currency: String
+    public let planCode: String?
+    public let planPeriodEnd: Date?
+    public let planExpired: Bool
+    public let tokenUsed: Int
+    public let tokenLimit: Int
+    public let tokenPercent: Double
+    public let updatedAt: Date
+
+    public init(
+        balance: Double,
+        currency: String,
+        planCode: String? = nil,
+        planPeriodEnd: Date? = nil,
+        planExpired: Bool = false,
+        tokenUsed: Int = 0,
+        tokenLimit: Int = 0,
+        tokenPercent: Double = 0,
+        updatedAt: Date)
+    {
+        self.balance = balance
+        self.currency = currency
+        self.planCode = planCode
+        self.planPeriodEnd = planPeriodEnd
+        self.planExpired = planExpired
+        self.tokenUsed = tokenUsed
+        self.tokenLimit = tokenLimit
+        self.tokenPercent = tokenPercent
+        self.updatedAt = updatedAt
+    }
+}
+
+extension MiMoUsageSnapshot {
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let trimmedCurrency = self.currency.trimmingCharacters(in: .whitespacesAndNewlines)
+        let balanceText = UsageFormatter.currencyString(self.balance, currencyCode: trimmedCurrency)
+
+        let primary: RateWindow? = {
+            guard self.tokenLimit > 0 else { return nil }
+            let usedPercent = max(0, min(100, self.tokenPercent * 100))
+            let usedText = Self.fullCountString(self.tokenUsed)
+            let limitText = Self.fullCountString(self.tokenLimit)
+            let resetDesc = "\(usedText) / \(limitText) Credits"
+            return RateWindow(
+                usedPercent: usedPercent,
+                windowMinutes: nil,
+                resetsAt: self.planPeriodEnd,
+                resetDescription: resetDesc)
+        }()
+
+        let planLabel: String? = {
+            guard let planCode = self.planCode else { return nil }
+            return planCode.capitalized
+        }()
+
+        let identity = ProviderIdentitySnapshot(
+            providerID: .mimo,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: planLabel ?? "Balance: \(balanceText)")
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: nil,
+            tertiary: nil,
+            providerCost: nil,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+
+    private static func fullCountString(_ value: Int) -> String {
+        let formatter = NumberFormatter()
+        formatter.numberStyle = .decimal
+        formatter.usesGroupingSeparator = true
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        return formatter.string(from: NSNumber(value: value)) ?? "\(value)"
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxAPIRegion.swift b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxAPIRegion.swift
index 8428f81f7..bf93d57a7 100644
--- a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxAPIRegion.swift
+++ b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxAPIRegion.swift
@@ -7,6 +7,7 @@ public enum MiniMaxAPIRegion: String, CaseIterable, Sendable {
     private static let codingPlanPath = "user-center/payment/coding-plan"
     private static let codingPlanQuery = "cycle_type=3"
     private static let remainsPath = "v1/api/openplatform/coding_plan/remains"
+    private static let billingHistoryPath = "account/amount"
 
     public var displayName: String {
         switch self {
@@ -55,4 +56,22 @@ public enum MiniMaxAPIRegion: String, CaseIterable, Sendable {
     public var apiRemainsURL: URL {
         URL(string: self.apiBaseURLString)!.appendingPathComponent(Self.remainsPath)
     }
+
+    public var dashboardURL: URL {
+        var components = URLComponents(string: self.baseURLString)!
+        components.path = "/" + Self.codingPlanPath
+        components.query = Self.codingPlanQuery
+        return components.url!
+    }
+
+    public func billingHistoryURL(page: Int, limit: Int) -> URL {
+        var components = URLComponents(string: self.baseURLString)!
+        components.path = "/" + Self.billingHistoryPath
+        components.queryItems = [
+            URLQueryItem(name: "page", value: "\(page)"),
+            URLQueryItem(name: "limit", value: "\(limit)"),
+            URLQueryItem(name: "aggregate", value: "false"),
+        ]
+        return components.url!
+    }
 }
diff --git a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxAPISettingsReader.swift b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxAPISettingsReader.swift
index ed9e41138..ab1a2359b 100644
--- a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxAPISettingsReader.swift
+++ b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxAPISettingsReader.swift
@@ -2,6 +2,11 @@ import Foundation
 
 public struct MiniMaxAPISettingsReader: Sendable {
     public static let apiTokenKey = "MINIMAX_API_KEY"
+    public static let codingPlanAPITokenKey = "MINIMAX_CODING_API_KEY"
+    public static let apiTokenEnvironmentKeys = [
+        Self.codingPlanAPITokenKey,
+        Self.apiTokenKey,
+    ]
 
     public enum APIKeyKind: Sendable {
         case codingPlan
@@ -12,7 +17,9 @@ public struct MiniMaxAPISettingsReader: Sendable {
     public static func apiToken(
         environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
     {
-        if let token = self.cleaned(environment[apiTokenKey]) { return token }
+        for key in self.apiTokenEnvironmentKeys {
+            if let token = self.cleaned(environment[key]) { return token }
+        }
         return nil
     }
 
@@ -37,8 +44,7 @@ public struct MiniMaxAPISettingsReader: Sendable {
         if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
             (value.hasPrefix("'") && value.hasSuffix("'"))
         {
-            value.removeFirst()
-            value.removeLast()
+            value = String(value.dropFirst().dropLast())
         }
 
         value = value.trimmingCharacters(in: .whitespacesAndNewlines)
@@ -52,7 +58,8 @@ public enum MiniMaxAPISettingsError: LocalizedError, Sendable {
     public var errorDescription: String? {
         switch self {
         case .missingToken:
-            "MiniMax API token not found. Set apiKey in ~/.codexbar/config.json or MINIMAX_API_KEY."
+            "MiniMax API token not found. Set apiKey in ~/.codexbar/config.json, " +
+                "MINIMAX_CODING_API_KEY, or MINIMAX_API_KEY."
         }
     }
 }
diff --git a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxAuthMode.swift b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxAuthMode.swift
index 89f4c9c81..ea0fd87a6 100644
--- a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxAuthMode.swift
+++ b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxAuthMode.swift
@@ -29,6 +29,14 @@ public enum MiniMaxAuthMode: Sendable {
         self != .apiToken
     }
 
+    public var description: String {
+        switch self {
+        case .apiToken: "apiToken"
+        case .cookie: "cookie"
+        case .none: "none"
+        }
+    }
+
     private static func cleaned(_ raw: String?) -> String? {
         guard let value = raw?.trimmingCharacters(in: .whitespacesAndNewlines),
               !value.isEmpty
diff --git a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxBillingHistory.swift b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxBillingHistory.swift
new file mode 100644
index 000000000..159e72af8
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxBillingHistory.swift
@@ -0,0 +1,360 @@
+import Foundation
+
+public struct MiniMaxBillingSummary: Sendable {
+    public let todayTokens: Int
+    public let last30DaysTokens: Int
+    public let todayCash: Double?
+    public let last30DaysCash: Double?
+    public let daily: [MiniMaxBillingDay]
+    public let topMethods: [MiniMaxBillingBreakdown]
+    public let topModels: [MiniMaxBillingBreakdown]
+    public let updatedAt: Date
+
+    public init(
+        todayTokens: Int,
+        last30DaysTokens: Int,
+        todayCash: Double?,
+        last30DaysCash: Double?,
+        daily: [MiniMaxBillingDay],
+        topMethods: [MiniMaxBillingBreakdown],
+        topModels: [MiniMaxBillingBreakdown],
+        updatedAt: Date)
+    {
+        self.todayTokens = todayTokens
+        self.last30DaysTokens = last30DaysTokens
+        self.todayCash = todayCash
+        self.last30DaysCash = last30DaysCash
+        self.daily = daily
+        self.topMethods = topMethods
+        self.topModels = topModels
+        self.updatedAt = updatedAt
+    }
+}
+
+public struct MiniMaxBillingDay: Sendable, Equatable {
+    public let day: String
+    public let tokens: Int
+    public let cash: Double?
+
+    public init(day: String, tokens: Int, cash: Double?) {
+        self.day = day
+        self.tokens = tokens
+        self.cash = cash
+    }
+}
+
+public struct MiniMaxBillingBreakdown: Sendable, Equatable {
+    public let name: String
+    public let tokens: Int
+    public let cash: Double?
+
+    public init(name: String, tokens: Int, cash: Double?) {
+        self.name = name
+        self.tokens = tokens
+        self.cash = cash
+    }
+}
+
+struct MiniMaxBillingHistoryPayload: Decodable {
+    let baseResp: MiniMaxBaseResponse?
+    let chargeRecords: [MiniMaxBillingRecord]
+    let totalCount: Int?
+
+    private enum CodingKeys: String, CodingKey {
+        case baseResp = "base_resp"
+        case chargeRecords = "charge_records"
+        case totalCount = "total_cnt"
+    }
+
+    init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.baseResp = try container.decodeIfPresent(MiniMaxBaseResponse.self, forKey: .baseResp)
+        self.chargeRecords = try container.decodeIfPresent([MiniMaxBillingRecord].self, forKey: .chargeRecords) ?? []
+        self.totalCount = MiniMaxDecoding.decodeInt(container, forKey: .totalCount)
+    }
+}
+
+struct MiniMaxBillingRecord: Decodable {
+    let consumeToken: Int?
+    let consumeInputToken: Int?
+    let consumeOutputToken: Int?
+    let consumeCash: Double?
+    let consumeCashAfterVoucher: Double?
+    let createdAt: Int?
+    let ymd: String?
+    let consumeTime: String?
+    let method: String?
+    let model: String?
+    let result: String?
+    let status: String?
+
+    private enum CodingKeys: String, CodingKey {
+        case consumeToken = "consume_token"
+        case consumeInputToken = "consume_input_token"
+        case consumeOutputToken = "consume_output_token"
+        case consumeCash = "consume_cash"
+        case consumeCashAfterVoucher = "consume_cash_after_voucher"
+        case createdAt = "created_at"
+        case ymd
+        case consumeTime = "consume_time"
+        case method
+        case model
+        case result
+        case status
+    }
+
+    init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.consumeToken = MiniMaxDecoding.decodeInt(container, forKey: .consumeToken)
+        self.consumeInputToken = MiniMaxDecoding.decodeInt(container, forKey: .consumeInputToken)
+        self.consumeOutputToken = MiniMaxDecoding.decodeInt(container, forKey: .consumeOutputToken)
+        self.consumeCash = MiniMaxDecoding.decodeDouble(container, forKey: .consumeCash)
+        self.consumeCashAfterVoucher = MiniMaxDecoding.decodeDouble(container, forKey: .consumeCashAfterVoucher)
+        self.createdAt = MiniMaxDecoding.decodeInt(container, forKey: .createdAt)
+        self.ymd = try container.decodeIfPresent(String.self, forKey: .ymd)
+        self.consumeTime = try container.decodeIfPresent(String.self, forKey: .consumeTime)
+        self.method = try container.decodeIfPresent(String.self, forKey: .method)
+        self.model = try container.decodeIfPresent(String.self, forKey: .model)
+        self.result = Self.decodeOptionalScalarString(container, forKey: .result)
+        self.status = Self.decodeOptionalScalarString(container, forKey: .status)
+    }
+
+    var recordResult: String? {
+        if let result = self.result?.trimmingCharacters(in: .whitespacesAndNewlines), !result.isEmpty {
+            return result
+        }
+        if let status = self.status?.trimmingCharacters(in: .whitespacesAndNewlines), !status.isEmpty {
+            return status
+        }
+        return nil
+    }
+
+    var tokenCount: Int {
+        if let consumeToken, consumeToken > 0 { return consumeToken }
+        return max(0, (self.consumeInputToken ?? 0) + (self.consumeOutputToken ?? 0))
+    }
+
+    var cashValue: Double? {
+        self.consumeCashAfterVoucher ?? self.consumeCash
+    }
+
+    private static func decodeOptionalScalarString<K: CodingKey>(
+        _ container: KeyedDecodingContainer<K>,
+        forKey key: K) -> String?
+    {
+        if let value = try? container.decodeIfPresent(String.self, forKey: key) {
+            return value
+        }
+        if let value = try? container.decodeIfPresent(Int.self, forKey: key) {
+            return String(value)
+        }
+        if let value = try? container.decodeIfPresent(Double.self, forKey: key) {
+            return String(value)
+        }
+        if let value = try? container.decodeIfPresent(Bool.self, forKey: key) {
+            return String(value)
+        }
+        return nil
+    }
+}
+
+enum MiniMaxBillingHistoryParser {
+    static func decodePayload(data: Data) throws -> MiniMaxBillingHistoryPayload {
+        try JSONDecoder().decode(MiniMaxBillingHistoryPayload.self, from: data)
+    }
+
+    static func parse(
+        data: Data,
+        now: Date = Date(),
+        calendar: Calendar = .current) throws -> MiniMaxBillingSummary
+    {
+        let payload = try self.decodePayload(data: data)
+        if let status = payload.baseResp?.statusCode, status != 0 {
+            let message = payload.baseResp?.statusMessage ?? "status_code \(status)"
+            throw MiniMaxUsageError.apiError(message)
+        }
+        guard !payload.chargeRecords.isEmpty || (payload.totalCount ?? 0) == 0 else {
+            throw MiniMaxUsageError.parseFailed("Missing MiniMax billing records.")
+        }
+        return self.aggregate(records: payload.chargeRecords, now: now, calendar: calendar)
+    }
+
+    static func aggregate(
+        records: [MiniMaxBillingRecord],
+        now: Date = Date(),
+        calendar inputCalendar: Calendar = .current) -> MiniMaxBillingSummary
+    {
+        var calendar = inputCalendar
+        calendar.timeZone = inputCalendar.timeZone
+
+        let startOfToday = calendar.startOfDay(for: now)
+        let startOf30Days = calendar.date(byAdding: .day, value: -29, to: startOfToday) ?? startOfToday
+        var daily: [String: (date: Date, tokens: Int, cash: Double, hasCash: Bool)] = [:]
+        var methodTotals: [String: (tokens: Int, cash: Double, hasCash: Bool)] = [:]
+        var modelTotals: [String: (tokens: Int, cash: Double, hasCash: Bool)] = [:]
+
+        for record in records {
+            if let recordResult = record.recordResult,
+               recordResult.caseInsensitiveCompare("SUCCESS") != .orderedSame
+            {
+                continue
+            }
+
+            guard let date = self.recordDate(record, calendar: calendar),
+                  date >= startOf30Days,
+                  date <= now
+            else {
+                continue
+            }
+
+            let day = self.dayString(date, calendar: calendar)
+            let tokens = record.tokenCount
+            let cash = record.cashValue
+            var bucket = daily[day] ?? (calendar.startOfDay(for: date), 0, 0, false)
+            bucket.tokens += tokens
+            if let cash {
+                bucket.cash += cash
+                bucket.hasCash = true
+            }
+            daily[day] = bucket
+
+            self.add(record, tokens: tokens, cash: cash, keyPath: \.method, totals: &methodTotals)
+            self.add(record, tokens: tokens, cash: cash, keyPath: \.model, totals: &modelTotals)
+        }
+
+        let sortedDays = daily
+            .sorted { $0.value.date < $1.value.date }
+            .map { key, value in
+                MiniMaxBillingDay(
+                    day: key,
+                    tokens: value.tokens,
+                    cash: value.hasCash ? value.cash : nil)
+            }
+        let todayKey = self.dayString(now, calendar: calendar)
+        let today = daily[todayKey]
+        let last30Tokens = sortedDays.reduce(0) { $0 + $1.tokens }
+        let last30CashValues = sortedDays.compactMap(\.cash)
+        let last30Cash = last30CashValues.isEmpty ? nil : last30CashValues.reduce(0, +)
+
+        return MiniMaxBillingSummary(
+            todayTokens: today?.tokens ?? 0,
+            last30DaysTokens: last30Tokens,
+            todayCash: (today?.hasCash == true) ? today?.cash : nil,
+            last30DaysCash: last30Cash,
+            daily: sortedDays,
+            topMethods: self.breakdowns(from: methodTotals),
+            topModels: self.breakdowns(from: modelTotals),
+            updatedAt: now)
+    }
+
+    private static func add(
+        _ record: MiniMaxBillingRecord,
+        tokens: Int,
+        cash: Double?,
+        keyPath: KeyPath<MiniMaxBillingRecord, String?>,
+        totals: inout [String: (tokens: Int, cash: Double, hasCash: Bool)])
+    {
+        let rawName = record[keyPath: keyPath]?.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard let rawName, !rawName.isEmpty else { return }
+        var total = totals[rawName] ?? (0, 0, false)
+        total.tokens += tokens
+        if let cash {
+            total.cash += cash
+            total.hasCash = true
+        }
+        totals[rawName] = total
+    }
+
+    private static func breakdowns(from totals: [String: (tokens: Int, cash: Double, hasCash: Bool)])
+        -> [MiniMaxBillingBreakdown]
+    {
+        totals
+            .map { name, value in
+                MiniMaxBillingBreakdown(
+                    name: name,
+                    tokens: value.tokens,
+                    cash: value.hasCash ? value.cash : nil)
+            }
+            .sorted {
+                if $0.tokens == $1.tokens {
+                    return $0.name.localizedCaseInsensitiveCompare($1.name) == .orderedAscending
+                }
+                return $0.tokens > $1.tokens
+            }
+            .prefix(3)
+            .map(\.self)
+    }
+
+    static func containsRecordBefore30DayWindow(
+        _ records: [MiniMaxBillingRecord],
+        now: Date = Date(),
+        calendar inputCalendar: Calendar = .current) -> Bool
+    {
+        var calendar = inputCalendar
+        calendar.timeZone = inputCalendar.timeZone
+        let startOfToday = calendar.startOfDay(for: now)
+        let startOf30Days = calendar.date(byAdding: .day, value: -29, to: startOfToday) ?? startOfToday
+        return records.contains { record in
+            guard let date = self.recordDate(record, calendar: calendar) else { return false }
+            return date < startOf30Days
+        }
+    }
+
+    private static func recordDate(_ record: MiniMaxBillingRecord, calendar: Calendar) -> Date? {
+        if let createdAt = record.createdAt {
+            let interval = createdAt > 1_000_000_000_000
+                ? TimeInterval(createdAt) / 1000
+                : TimeInterval(createdAt)
+            return Date(timeIntervalSince1970: interval)
+        }
+        if let ymd = record.ymd {
+            return self.parseDateOnly(ymd, calendar: calendar)
+        }
+        if let consumeTime = record.consumeTime {
+            return self.parseDate(consumeTime, formats: [
+                "yyyy-MM-dd HH:mm:ss",
+                "yyyy/MM/dd HH:mm:ss",
+                "yyyy-MM-dd'T'HH:mm:ssXXXXX",
+            ])
+        }
+        return nil
+    }
+
+    private static func parseDateOnly(_ text: String, calendar: Calendar) -> Date? {
+        let trimmed = text.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return nil }
+        let formatter = DateFormatter()
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        formatter.calendar = calendar
+        formatter.timeZone = calendar.timeZone
+        for format in ["yyyy-MM-dd", "yyyyMMdd", "yyyy/MM/dd"] {
+            formatter.dateFormat = format
+            if let date = formatter.date(from: trimmed) {
+                return calendar.startOfDay(for: date)
+            }
+        }
+        return nil
+    }
+
+    private static func parseDate(_ text: String, formats: [String]) -> Date? {
+        let trimmed = text.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return nil }
+        let formatter = DateFormatter()
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        formatter.timeZone = TimeZone(secondsFromGMT: 0)
+        for format in formats {
+            formatter.dateFormat = format
+            if let date = formatter.date(from: trimmed) { return date }
+        }
+        return nil
+    }
+
+    private static func dayString(_ date: Date, calendar: Calendar) -> String {
+        let components = calendar.dateComponents([.year, .month, .day], from: date)
+        guard let year = components.year,
+              let month = components.month,
+              let day = components.day
+        else { return "" }
+        return String(format: "%04d-%02d-%02d", year, month, day)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxCookieImporter.swift b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxCookieImporter.swift
index 756b350df..5841de178 100644
--- a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxCookieImporter.swift
+++ b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxCookieImporter.swift
@@ -64,7 +64,7 @@ public enum MiniMaxCookieImporter {
     {
         let query = BrowserCookieQuery(domains: self.cookieDomains)
         let log: (String) -> Void = { msg in self.emit(msg, logger: logger) }
-        let sources = try Self.cookieClient.records(
+        let sources = try Self.cookieClient.codexBarRecords(
             matching: query,
             in: browserSource,
             logger: log)
diff --git a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxLocalStorageImporter.swift b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxLocalStorageImporter.swift
index fcd1ebcce..51f92891d 100644
--- a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxLocalStorageImporter.swift
+++ b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxLocalStorageImporter.swift
@@ -5,7 +5,7 @@ import SweetCookieKit
 
 #if os(macOS)
 enum MiniMaxLocalStorageImporter {
-    struct TokenInfo: Sendable {
+    struct TokenInfo {
         let accessToken: String
         let groupID: String?
         let sourceLabel: String
@@ -106,21 +106,21 @@ enum MiniMaxLocalStorageImporter {
 
     // MARK: - Chrome local storage discovery
 
-    private enum LocalStorageSourceKind: Sendable {
+    private enum LocalStorageSourceKind {
         case chromeLevelDB(URL)
     }
 
-    private struct LocalStorageCandidate: Sendable {
+    private struct LocalStorageCandidate {
         let label: String
         let kind: LocalStorageSourceKind
     }
 
-    private struct SessionStorageCandidate: Sendable {
+    private struct SessionStorageCandidate {
         let label: String
         let url: URL
     }
 
-    private struct IndexedDBCandidate: Sendable {
+    private struct IndexedDBCandidate {
         let label: String
         let url: URL
     }
@@ -335,7 +335,7 @@ enum MiniMaxLocalStorageImporter {
 
     // MARK: - Token extraction
 
-    private struct LocalStorageSnapshot: Sendable {
+    private struct LocalStorageSnapshot {
         let tokens: [String]
         let groupID: String?
     }
diff --git a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxProviderDescriptor.swift b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxProviderDescriptor.swift
index 5bf0a9c52..703c9d5e2 100644
--- a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxProviderDescriptor.swift
+++ b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxProviderDescriptor.swift
@@ -121,6 +121,9 @@ struct MiniMaxCodingPlanFetchStrategy: ProviderFetchStrategy {
         {
             return true
         }
+        guard Self.allowsBrowserCookieImport(context: context) else {
+            return false
+        }
         return MiniMaxCookieImporter.hasSession(browserDetection: context.browserDetection)
         #else
         return false
@@ -130,7 +133,8 @@ struct MiniMaxCodingPlanFetchStrategy: ProviderFetchStrategy {
     func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
         let fetchContext = FetchContext(
             region: context.settings?.minimax?.apiRegion ?? .global,
-            environment: context.env)
+            environment: context.env,
+            includeBillingHistory: context.includeOptionalUsage)
         if let override = Self.resolveCookieOverride(context: context) {
             Self.log.debug("Using MiniMax cookie header from settings/env")
             let snapshot = try await MiniMaxUsageFetcher.fetchUsage(
@@ -138,7 +142,8 @@ struct MiniMaxCodingPlanFetchStrategy: ProviderFetchStrategy {
                 authorizationToken: override.authorizationToken,
                 groupID: override.groupID,
                 region: fetchContext.region,
-                environment: fetchContext.environment)
+                environment: fetchContext.environment,
+                includeBillingHistory: context.includeOptionalUsage)
             return self.makeResult(
                 usage: snapshot.toUsageSnapshot(),
                 sourceLabel: "web")
@@ -172,6 +177,11 @@ struct MiniMaxCodingPlanFetchStrategy: ProviderFetchStrategy {
             }
         }
 
+        guard Self.allowsBrowserCookieImport(context: context) else {
+            if let lastError { throw lastError }
+            throw MiniMaxSettingsError.missingCookie
+        }
+
         let sessions = (try? MiniMaxCookieImporter.importSessions(
             browserDetection: context.browserDetection)) ?? []
         guard !sessions.isEmpty else {
@@ -217,17 +227,22 @@ struct MiniMaxCodingPlanFetchStrategy: ProviderFetchStrategy {
         false
     }
 
-    private struct TokenContext: Sendable {
+    static func allowsBrowserCookieImport(context: ProviderFetchContext) -> Bool {
+        context.runtime == .app && ProviderInteractionContext.current == .userInitiated
+    }
+
+    private struct TokenContext {
         let tokensByLabel: [String: [String]]
         let groupIDByLabel: [String: String]
     }
 
-    private struct FetchContext: Sendable {
+    private struct FetchContext {
         let region: MiniMaxAPIRegion
         let environment: [String: String]
+        let includeBillingHistory: Bool
     }
 
-    private enum FetchAttemptResult: Sendable {
+    private enum FetchAttemptResult {
         case success(MiniMaxUsageSnapshot)
         case failure(Error)
     }
@@ -314,7 +329,8 @@ struct MiniMaxCodingPlanFetchStrategy: ProviderFetchStrategy {
                     authorizationToken: token,
                     groupID: groupID,
                     region: fetchContext.region,
-                    environment: fetchContext.environment)
+                    environment: fetchContext.environment,
+                    includeBillingHistory: fetchContext.includeBillingHistory)
                 Self.log.debug("MiniMax \(prefix)cookies valid from \(sourceLabel)")
                 return .success(snapshot)
             } catch {
diff --git a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxServiceUsage.swift b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxServiceUsage.swift
new file mode 100644
index 000000000..488b0b0f5
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxServiceUsage.swift
@@ -0,0 +1,211 @@
+//
+//  MiniMaxServiceUsage.swift
+//  CodexBarCore
+//
+//  Created by Sisyphus on 2026-03-25.
+//
+
+import Foundation
+
+/// Represents the usage information for a specific MiniMax service.
+///
+/// This struct encapsulates all the relevant details about how much of a particular
+/// MiniMax service has been used within its quota window, including reset timing
+/// and localized display strings.
+public struct MiniMaxServiceUsage: Sendable {
+    /// The service identifier (e.g., "text-generation", "text-to-speech", "image")
+    public let serviceType: String
+
+    /// The type of time window for the quota (e.g., "5 hours" or "Today")
+    /// This should be a localized string.
+    public let windowType: String
+
+    /// The specific time range for the current quota window.
+    /// For hourly quotas: "10:00-15:00(UTC+8)"
+    /// For daily quotas: full date range string
+    public let timeRange: String
+
+    /// The amount of quota that has been used.
+    public let usage: Int
+
+    /// The total quota limit for this service in the current window
+    public let limit: Int
+
+    /// The percentage of quota used (0-100)
+    public let percent: Double
+
+    /// The timestamp when the quota will reset, if available
+    public let resetsAt: Date?
+
+    /// A localized description of when the quota resets (e.g., "Resets in 2 hours 30 minutes")
+    public let resetDescription: String
+
+    /// The remaining quota available (limit - usage)
+    public var remaining: Int {
+        max(0, self.limit - self.usage)
+    }
+
+    /// The display name for this service
+    public var displayName: String {
+        let normalized = self.serviceType.lowercased()
+        return switch normalized {
+        case "text-generation":
+            "Text Generation"
+        case "text-to-speech":
+            "Text to Speech"
+        case "image":
+            "Image"
+        case "text generation":
+            "Text Generation"
+        case "text to speech":
+            "Text to Speech"
+        case "image generation":
+            "Image Generation"
+        case "text to video":
+            "Text to Video"
+        case "image to video":
+            "Image to Video"
+        case "music generation":
+            "Music Generation"
+        case "music generation · v2.6":
+            "Music Generation · v2.6"
+        case "music cover":
+            "Music Cover"
+        case "lyrics generation":
+            "Lyrics Generation"
+        case "image understanding":
+            "Image Understanding"
+        default:
+            self.serviceType
+        }
+    }
+
+    /// Creates a new MiniMaxServiceUsage instance.
+    ///
+    /// - Parameters:
+    ///   - serviceType: The service identifier
+    ///   - windowType: The type of time window (localized)
+    ///   - timeRange: The specific time range string
+    ///   - usage: The amount of quota used
+    ///   - limit: The total quota limit
+    ///   - percent: The percentage used (0-100)
+    ///   - resetsAt: Optional reset timestamp
+    ///   - resetDescription: Localized reset description
+    public init(
+        serviceType: String,
+        windowType: String,
+        timeRange: String,
+        usage: Int,
+        limit: Int,
+        percent: Double,
+        resetsAt: Date?,
+        resetDescription: String)
+    {
+        self.serviceType = serviceType
+        self.windowType = windowType
+        self.timeRange = timeRange
+        self.usage = usage
+        self.limit = limit
+        self.percent = percent
+        self.resetsAt = resetsAt
+        self.resetDescription = resetDescription
+    }
+}
+
+extension MiniMaxServiceUsage {
+    public static func parseWindowType(_ windowType: String) -> (windowType: String, windowMinutes: Int?) {
+        switch windowType.lowercased() {
+        case "5 hours", "5 小时":
+            return ("5 hours", 300)
+        case "today", "今日":
+            return ("Today", 1440)
+        default:
+            // Try to extract hours from string like "X hours"
+            if let hours = Int(windowType.components(separatedBy: .whitespaces).first ?? "") {
+                return (windowType, hours * 60)
+            }
+            return (windowType, nil)
+        }
+    }
+
+    public static func parseTimeRange(_ timeRange: String, now: Date) -> Date? {
+        let calendar = Calendar.current
+
+        // Handle "10:00-15:00(UTC+8)" format
+        if timeRange.contains("-"), timeRange.contains("("), timeRange.contains(")") {
+            // Extract the time part before the timezone
+            let components = timeRange.split(separator: "(")
+            guard components.count >= 1 else { return nil }
+            let timePart = String(components[0]).trimmingCharacters(in: .whitespaces)
+
+            // Split by "-" to get start and end times
+            let timeComponents = timePart.split(separator: "-")
+            guard timeComponents.count == 2 else { return nil }
+
+            let endTimeStr = String(timeComponents[1]).trimmingCharacters(in: .whitespaces)
+
+            // Parse end time (HH:mm format)
+            let timeFormatter = DateFormatter()
+            timeFormatter.dateFormat = "HH:mm"
+            timeFormatter.timeZone = TimeZone.current
+
+            guard let endTime = timeFormatter.date(from: endTimeStr) else { return nil }
+
+            // Get today's date components
+            let nowComponents = calendar.dateComponents([.year, .month, .day], from: now)
+            let endTimeComponents = calendar.dateComponents([.hour, .minute], from: endTime)
+
+            // Combine today's date with end time
+            var combinedComponents = DateComponents()
+            combinedComponents.year = nowComponents.year
+            combinedComponents.month = nowComponents.month
+            combinedComponents.day = nowComponents.day
+            combinedComponents.hour = endTimeComponents.hour
+            combinedComponents.minute = endTimeComponents.minute
+
+            guard let resultDate = calendar.date(from: combinedComponents) else { return nil }
+
+            // If the result date is in the past (before now), add one day
+            if resultDate < now {
+                return calendar.date(byAdding: .day, value: 1, to: resultDate)
+            }
+
+            return resultDate
+        }
+
+        // Handle "2026/03/25 00:00 - 2026/03/26 00:00" format
+        if timeRange.contains(" - ") {
+            let dateComponents = timeRange.split(separator: " - ")
+            guard dateComponents.count == 2 else { return nil }
+
+            let endDateStr = String(dateComponents[1]).trimmingCharacters(in: .whitespaces)
+
+            let dateFormatter = DateFormatter()
+            dateFormatter.dateFormat = "yyyy/MM/dd HH:mm"
+            dateFormatter.timeZone = TimeZone.current
+
+            return dateFormatter.date(from: endDateStr)
+        }
+
+        return nil
+    }
+
+    public static func generateResetDescription(resetsAt: Date, now: Date = Date()) -> String {
+        let calendar = Calendar.current
+        let components = calendar.dateComponents([.hour, .minute], from: now, to: resetsAt)
+
+        guard let hours = components.hour, let minutes = components.minute else {
+            return "Resets soon"
+        }
+
+        if hours > 0, minutes > 0 {
+            return "Resets in \(hours) hours \(minutes) minutes"
+        } else if hours > 0 {
+            return "Resets in \(hours) hour\(hours > 1 ? "s" : "")"
+        } else if minutes > 0 {
+            return "Resets in \(minutes) minute\(minutes > 1 ? "s" : "")"
+        } else {
+            return "Resets now"
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxSettingsReader.swift b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxSettingsReader.swift
index 57dfbd3bd..0e0684fdc 100644
--- a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxSettingsReader.swift
+++ b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxSettingsReader.swift
@@ -8,6 +8,7 @@ public struct MiniMaxSettingsReader: Sendable {
     public static let hostKey = "MINIMAX_HOST"
     public static let codingPlanURLKey = "MINIMAX_CODING_PLAN_URL"
     public static let remainsURLKey = "MINIMAX_REMAINS_URL"
+    public static let billingHistoryURLKey = "MINIMAX_BILLING_HISTORY_URL"
 
     public static func cookieHeader(
         environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
@@ -41,6 +42,12 @@ public struct MiniMaxSettingsReader: Sendable {
         self.url(from: environment[self.remainsURLKey])
     }
 
+    public static func billingHistoryURL(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> URL?
+    {
+        self.url(from: environment[self.billingHistoryURLKey])
+    }
+
     static func cleaned(_ raw: String?) -> String? {
         guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
             return nil
@@ -49,8 +56,7 @@ public struct MiniMaxSettingsReader: Sendable {
         if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
             (value.hasPrefix("'") && value.hasSuffix("'"))
         {
-            value.removeFirst()
-            value.removeLast()
+            value = String(value.dropFirst().dropLast())
         }
 
         value = value.trimmingCharacters(in: .whitespacesAndNewlines)
diff --git a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift
index debe08288..7b250d6a2 100644
--- a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift
+++ b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift
@@ -4,44 +4,65 @@ import FoundationNetworking
 #endif
 
 public struct MiniMaxUsageFetcher: Sendable {
-    private static let log = CodexBarLog.logger(LogCategories.minimaxUsage)
+    static let log = CodexBarLog.logger(LogCategories.minimaxUsage)
     private static let codingPlanPath = "user-center/payment/coding-plan"
     private static let codingPlanQuery = "cycle_type=3"
     private static let codingPlanRemainsPath = "v1/api/openplatform/coding_plan/remains"
-    private struct RemainsContext: Sendable {
+    private static let billingHistoryPath = "account/amount"
+    private static let billingHistoryLimit = 100
+    private struct RemainsContext {
         let authorizationToken: String?
         let groupID: String?
     }
 
+    private struct WebFetchContext {
+        let cookie: String
+        let authorizationToken: String?
+        let region: MiniMaxAPIRegion
+        let environment: [String: String]
+        let transport: any ProviderHTTPTransport
+    }
+
     public static func fetchUsage(
         cookieHeader: String,
         authorizationToken: String? = nil,
         groupID: String? = nil,
         region: MiniMaxAPIRegion = .global,
         environment: [String: String] = ProcessInfo.processInfo.environment,
+        includeBillingHistory: Bool = true,
+        session transport: any ProviderHTTPTransport = ProviderHTTPClient.shared,
         now: Date = Date()) async throws -> MiniMaxUsageSnapshot
     {
         guard let cookie = MiniMaxCookieHeader.normalized(from: cookieHeader) else {
             throw MiniMaxUsageError.invalidCredentials
         }
 
+        let context = WebFetchContext(
+            cookie: cookie,
+            authorizationToken: authorizationToken,
+            region: region,
+            environment: environment,
+            transport: transport)
         do {
-            return try await self.fetchCodingPlanHTML(
-                cookie: cookie,
-                authorizationToken: authorizationToken,
-                region: region,
-                environment: environment,
+            let snapshot = try await self.fetchCodingPlanHTML(context: context, now: now)
+            return try await self.attachingBillingIfAvailable(
+                to: snapshot,
+                context: context,
+                includeBillingHistory: includeBillingHistory,
                 now: now)
         } catch let error as MiniMaxUsageError {
             if case .parseFailed = error {
                 Self.log.debug("MiniMax coding plan HTML parse failed, trying remains API")
-                return try await self.fetchCodingPlanRemains(
-                    cookie: cookie,
+                let snapshot = try await self.fetchCodingPlanRemains(
+                    context: context,
                     remainsContext: RemainsContext(
                         authorizationToken: authorizationToken,
                         groupID: groupID),
-                    region: region,
-                    environment: environment,
+                    now: now)
+                return try await self.attachingBillingIfAvailable(
+                    to: snapshot,
+                    context: context,
+                    includeBillingHistory: includeBillingHistory,
                     now: now)
             }
             throw error
@@ -51,7 +72,8 @@ public struct MiniMaxUsageFetcher: Sendable {
     public static func fetchUsage(
         apiToken: String,
         region: MiniMaxAPIRegion = .global,
-        now: Date = Date()) async throws -> MiniMaxUsageSnapshot
+        now: Date = Date(),
+        session transport: any ProviderHTTPTransport = ProviderHTTPClient.shared) async throws -> MiniMaxUsageSnapshot
     {
         let cleaned = apiToken.trimmingCharacters(in: .whitespacesAndNewlines)
         guard !cleaned.isEmpty else {
@@ -62,16 +84,20 @@ public struct MiniMaxUsageFetcher: Sendable {
         // user has no persisted region and we default to `.global`, retry the China endpoint when the global host
         // rejects the token so upgrades don't regress existing setups.
         if region != .global {
-            return try await self.fetchUsageOnce(apiToken: cleaned, region: region, now: now)
+            return try await self.fetchUsageOnce(apiToken: cleaned, region: region, now: now, transport: transport)
         }
 
         do {
-            return try await self.fetchUsageOnce(apiToken: cleaned, region: .global, now: now)
+            return try await self.fetchUsageOnce(apiToken: cleaned, region: .global, now: now, transport: transport)
         } catch let error as MiniMaxUsageError {
             guard case .invalidCredentials = error else { throw error }
             Self.log.debug("MiniMax API token rejected for global host, retrying China mainland host")
             do {
-                return try await self.fetchUsageOnce(apiToken: cleaned, region: .chinaMainland, now: now)
+                return try await self.fetchUsageOnce(
+                    apiToken: cleaned,
+                    region: .chinaMainland,
+                    now: now,
+                    transport: transport)
             } catch {
                 // Preserve the original invalid-credentials error so the fetch pipeline can fall back to web.
                 Self.log.debug("MiniMax China mainland retry failed, preserving global invalidCredentials")
@@ -83,7 +109,8 @@ public struct MiniMaxUsageFetcher: Sendable {
     private static func fetchUsageOnce(
         apiToken: String,
         region: MiniMaxAPIRegion,
-        now: Date) async throws -> MiniMaxUsageSnapshot
+        now: Date,
+        transport: any ProviderHTTPTransport) async throws -> MiniMaxUsageSnapshot
     {
         var request = URLRequest(url: region.apiRemainsURL)
         request.httpMethod = "GET"
@@ -92,35 +119,40 @@ public struct MiniMaxUsageFetcher: Sendable {
         request.setValue("application/json", forHTTPHeaderField: "Content-Type")
         request.setValue("CodexBar", forHTTPHeaderField: "MM-API-Source")
 
-        let (data, response) = try await URLSession.shared.data(for: request)
-        guard let httpResponse = response as? HTTPURLResponse else {
+        let response: ProviderHTTPResponse
+        do {
+            response = try await transport.response(for: request)
+        } catch let error as URLError where error.code == .badServerResponse {
             throw MiniMaxUsageError.networkError("Invalid response")
+        } catch {
+            throw error
         }
 
-        guard httpResponse.statusCode == 200 else {
-            let body = String(data: data, encoding: .utf8) ?? ""
-            Self.log.error("MiniMax returned \(httpResponse.statusCode): \(body)")
-            if httpResponse.statusCode == 401 || httpResponse.statusCode == 403 {
+        guard response.statusCode == 200 else {
+            let body = String(data: response.data, encoding: .utf8) ?? ""
+            Self.log.error("MiniMax returned \(response.statusCode): \(body)")
+            if response.statusCode == 401 || response.statusCode == 403 {
                 throw MiniMaxUsageError.invalidCredentials
             }
-            throw MiniMaxUsageError.apiError("HTTP \(httpResponse.statusCode)")
+            throw MiniMaxUsageError.apiError("HTTP \(response.statusCode)")
         }
 
-        return try MiniMaxUsageParser.parseCodingPlanRemains(data: data, now: now)
+        let snapshot = try MiniMaxUsageParser.parseCodingPlanRemains(data: response.data, now: now)
+        if let services = snapshot.services, !services.isEmpty {
+            Self.log.debug("MiniMax multi-service response detected: \(services.count) services")
+        }
+        return snapshot
     }
 
     private static func fetchCodingPlanHTML(
-        cookie: String,
-        authorizationToken: String?,
-        region: MiniMaxAPIRegion,
-        environment: [String: String],
+        context: WebFetchContext,
         now: Date) async throws -> MiniMaxUsageSnapshot
     {
-        let url = self.resolveCodingPlanURL(region: region, environment: environment)
+        let url = self.resolveCodingPlanURL(region: context.region, environment: context.environment)
         var request = URLRequest(url: url)
         request.httpMethod = "GET"
-        request.setValue(cookie, forHTTPHeaderField: "Cookie")
-        if let authorizationToken {
+        request.setValue(context.cookie, forHTTPHeaderField: "Cookie")
+        if let authorizationToken = context.authorizationToken {
             request.setValue("Bearer \(authorizationToken)", forHTTPHeaderField: "Authorization")
         }
         let acceptHeader = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
@@ -133,30 +165,38 @@ public struct MiniMaxUsageFetcher: Sendable {
         let origin = self.originURL(from: url)
         request.setValue(origin.absoluteString, forHTTPHeaderField: "origin")
         request.setValue(
-            self.resolveCodingPlanRefererURL(region: region, environment: environment).absoluteString,
+            self.resolveCodingPlanRefererURL(region: context.region, environment: context.environment).absoluteString,
             forHTTPHeaderField: "referer")
 
-        let (data, response) = try await URLSession.shared.data(for: request)
-        guard let httpResponse = response as? HTTPURLResponse else {
+        let response: ProviderHTTPResponse
+        do {
+            response = try await context.transport.response(for: request)
+        } catch let error as URLError where error.code == .badServerResponse {
             throw MiniMaxUsageError.networkError("Invalid response")
+        } catch {
+            throw error
         }
 
-        guard httpResponse.statusCode == 200 else {
-            let body = String(data: data, encoding: .utf8) ?? ""
-            Self.log.error("MiniMax returned \(httpResponse.statusCode): \(body)")
-            if httpResponse.statusCode == 401 || httpResponse.statusCode == 403 {
+        guard response.statusCode == 200 else {
+            let body = String(data: response.data, encoding: .utf8) ?? ""
+            Self.log.error("MiniMax returned \(response.statusCode): \(body)")
+            if response.statusCode == 401 || response.statusCode == 403 {
                 throw MiniMaxUsageError.invalidCredentials
             }
-            throw MiniMaxUsageError.apiError("HTTP \(httpResponse.statusCode)")
+            throw MiniMaxUsageError.apiError("HTTP \(response.statusCode)")
         }
 
-        if let contentType = httpResponse.value(forHTTPHeaderField: "Content-Type"),
+        if let contentType = response.response.value(forHTTPHeaderField: "Content-Type"),
            contentType.lowercased().contains("application/json")
         {
-            return try MiniMaxUsageParser.parseCodingPlanRemains(data: data, now: now)
+            let snapshot = try MiniMaxUsageParser.parseCodingPlanRemains(data: response.data, now: now)
+            if let services = snapshot.services, !services.isEmpty {
+                Self.log.debug("MiniMax multi-service response detected: \(services.count) services")
+            }
+            return snapshot
         }
 
-        let html = String(data: data, encoding: .utf8) ?? ""
+        let html = String(data: response.data, encoding: .utf8) ?? ""
         if html.contains("__NEXT_DATA__") {
             Self.log.debug("MiniMax coding plan HTML contains __NEXT_DATA__")
         }
@@ -167,17 +207,15 @@ public struct MiniMaxUsageFetcher: Sendable {
     }
 
     private static func fetchCodingPlanRemains(
-        cookie: String,
+        context: WebFetchContext,
         remainsContext: RemainsContext,
-        region: MiniMaxAPIRegion,
-        environment: [String: String],
         now: Date) async throws -> MiniMaxUsageSnapshot
     {
-        let baseRemainsURL = self.resolveRemainsURL(region: region, environment: environment)
+        let baseRemainsURL = self.resolveRemainsURL(region: context.region, environment: context.environment)
         let remainsURL = self.appendGroupID(remainsContext.groupID, to: baseRemainsURL)
         var request = URLRequest(url: remainsURL)
         request.httpMethod = "GET"
-        request.setValue(cookie, forHTTPHeaderField: "Cookie")
+        request.setValue(context.cookie, forHTTPHeaderField: "Cookie")
         if let authorizationToken = remainsContext.authorizationToken {
             request.setValue("Bearer \(authorizationToken)", forHTTPHeaderField: "Authorization")
         }
@@ -192,38 +230,137 @@ public struct MiniMaxUsageFetcher: Sendable {
         let origin = self.originURL(from: baseRemainsURL)
         request.setValue(origin.absoluteString, forHTTPHeaderField: "origin")
         request.setValue(
-            self.resolveCodingPlanRefererURL(region: region, environment: environment).absoluteString,
+            self.resolveCodingPlanRefererURL(region: context.region, environment: context.environment).absoluteString,
             forHTTPHeaderField: "referer")
 
-        let (data, response) = try await URLSession.shared.data(for: request)
-        guard let httpResponse = response as? HTTPURLResponse else {
+        let response: ProviderHTTPResponse
+        do {
+            response = try await context.transport.response(for: request)
+        } catch let error as URLError where error.code == .badServerResponse {
             throw MiniMaxUsageError.networkError("Invalid response")
+        } catch {
+            throw error
         }
 
-        guard httpResponse.statusCode == 200 else {
-            let body = String(data: data, encoding: .utf8) ?? ""
-            Self.log.error("MiniMax returned \(httpResponse.statusCode): \(body)")
-            if httpResponse.statusCode == 401 || httpResponse.statusCode == 403 {
+        guard response.statusCode == 200 else {
+            let body = String(data: response.data, encoding: .utf8) ?? ""
+            Self.log.error("MiniMax returned \(response.statusCode): \(body)")
+            if response.statusCode == 401 || response.statusCode == 403 {
                 throw MiniMaxUsageError.invalidCredentials
             }
-            throw MiniMaxUsageError.apiError("HTTP \(httpResponse.statusCode)")
+            throw MiniMaxUsageError.apiError("HTTP \(response.statusCode)")
         }
 
-        if let contentType = httpResponse.value(forHTTPHeaderField: "Content-Type"),
+        if let contentType = response.response.value(forHTTPHeaderField: "Content-Type"),
            contentType.lowercased().contains("application/json")
         {
-            let payload = try MiniMaxUsageParser.decodePayload(data: data)
-            self.logCodingPlanStatus(payload: payload)
-            return try MiniMaxUsageParser.parseCodingPlanRemains(payload: payload, now: now)
+            let snapshot = try MiniMaxUsageParser.parseCodingPlanRemains(data: response.data, now: now)
+            if let services = snapshot.services, !services.isEmpty {
+                Self.log.debug("MiniMax multi-service response detected: \(services.count) services")
+            }
+            return snapshot
         }
 
-        let html = String(data: data, encoding: .utf8) ?? ""
+        let html = String(data: response.data, encoding: .utf8) ?? ""
         if self.looksSignedOut(html: html) {
             throw MiniMaxUsageError.invalidCredentials
         }
         return try MiniMaxUsageParser.parse(html: html, now: now)
     }
 
+    private static func attachingBillingIfAvailable(
+        to snapshot: MiniMaxUsageSnapshot,
+        context: WebFetchContext,
+        includeBillingHistory: Bool,
+        now: Date) async throws -> MiniMaxUsageSnapshot
+    {
+        guard includeBillingHistory else { return snapshot }
+        do {
+            let billing = try await self.fetchBillingSummary(context: context, now: now)
+            return snapshot.withBillingSummary(billing)
+        } catch is CancellationError {
+            throw CancellationError()
+        } catch let error as URLError where error.code == .cancelled {
+            throw error
+        } catch let error as MiniMaxUsageError {
+            if case .invalidCredentials = error, context.authorizationToken != nil {
+                throw error
+            }
+            Self.log.debug("MiniMax billing history unavailable: \(error.localizedDescription)")
+            return snapshot
+        } catch {
+            Self.log.debug("MiniMax billing history unavailable: \(error.localizedDescription)")
+            return snapshot
+        }
+    }
+
+    private static func fetchBillingSummary(context: WebFetchContext, now: Date) async throws -> MiniMaxBillingSummary {
+        var records: [MiniMaxBillingRecord] = []
+        var totalCount: Int?
+
+        var page = 1
+        while true {
+            let url = self.resolveBillingHistoryURL(
+                region: context.region,
+                environment: context.environment,
+                page: page,
+                limit: Self.billingHistoryLimit)
+            let response = try await self.billingHistoryResponse(url: url, context: context)
+            guard response.statusCode == 200 else {
+                let body = String(data: response.data, encoding: .utf8) ?? ""
+                Self.log.debug("MiniMax billing history returned \(response.statusCode): \(body)")
+                if response.statusCode == 401 || response.statusCode == 403 {
+                    throw MiniMaxUsageError.invalidCredentials
+                }
+                throw MiniMaxUsageError.apiError("HTTP \(response.statusCode)")
+            }
+
+            let payload = try MiniMaxBillingHistoryParser.decodePayload(data: response.data)
+            if let status = payload.baseResp?.statusCode, status != 0 {
+                let message = payload.baseResp?.statusMessage ?? "status_code \(status)"
+                throw MiniMaxUsageError.apiError(message)
+            }
+            totalCount = payload.totalCount ?? totalCount
+            guard !payload.chargeRecords.isEmpty else { break }
+            records.append(contentsOf: payload.chargeRecords)
+            if MiniMaxBillingHistoryParser.containsRecordBefore30DayWindow(payload.chargeRecords, now: now) { break }
+            if let totalCount, records.count >= totalCount { break }
+            page += 1
+        }
+
+        return MiniMaxBillingHistoryParser.aggregate(records: records, now: now)
+    }
+
+    private static func billingHistoryResponse(
+        url: URL,
+        context: WebFetchContext) async throws -> ProviderHTTPResponse
+    {
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.setValue(context.cookie, forHTTPHeaderField: "Cookie")
+        if let authorizationToken = context.authorizationToken {
+            request.setValue("Bearer \(authorizationToken)", forHTTPHeaderField: "Authorization")
+        }
+        request.setValue("application/json, text/plain, */*", forHTTPHeaderField: "accept")
+        request.setValue("XMLHttpRequest", forHTTPHeaderField: "x-requested-with")
+        let userAgent =
+            "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) " +
+            "AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
+        request.setValue(userAgent, forHTTPHeaderField: "user-agent")
+        request.setValue("en-US,en;q=0.9", forHTTPHeaderField: "accept-language")
+        let origin = self.originURL(from: url)
+        request.setValue(origin.absoluteString, forHTTPHeaderField: "origin")
+        request.setValue(origin.appendingPathComponent("account").absoluteString, forHTTPHeaderField: "referer")
+
+        do {
+            return try await context.transport.response(for: request)
+        } catch let error as URLError where error.code == .badServerResponse {
+            throw MiniMaxUsageError.networkError("Invalid response")
+        } catch {
+            throw error
+        }
+    }
+
     private static func appendGroupID(_ groupID: String?, to url: URL) -> URL {
         guard let groupID, !groupID.isEmpty else { return url }
         guard var components = URLComponents(url: url, resolvingAgainstBaseURL: false) else { return url }
@@ -290,6 +427,35 @@ public struct MiniMaxUsageFetcher: Sendable {
         return region.remainsURL
     }
 
+    static func resolveBillingHistoryURL(
+        region: MiniMaxAPIRegion,
+        environment: [String: String],
+        page: Int,
+        limit: Int = Self.billingHistoryLimit) -> URL
+    {
+        if let override = MiniMaxSettingsReader.billingHistoryURL(environment: environment) {
+            return self.billingHistoryURL(from: override, page: page, limit: limit)
+        }
+        if let host = MiniMaxSettingsReader.hostOverride(environment: environment),
+           let hostURL = self.url(from: host, path: Self.billingHistoryPath)
+        {
+            return self.billingHistoryURL(from: hostURL, page: page, limit: limit)
+        }
+        return region.billingHistoryURL(page: page, limit: limit)
+    }
+
+    private static func billingHistoryURL(from url: URL, page: Int, limit: Int) -> URL {
+        guard var components = URLComponents(url: url, resolvingAgainstBaseURL: false) else { return url }
+        var items = components.queryItems?.filter {
+            $0.name != "page" && $0.name != "limit" && $0.name != "aggregate"
+        } ?? []
+        items.append(URLQueryItem(name: "page", value: "\(page)"))
+        items.append(URLQueryItem(name: "limit", value: "\(limit)"))
+        items.append(URLQueryItem(name: "aggregate", value: "false"))
+        components.queryItems = items
+        return components.url ?? url
+    }
+
     static func url(from raw: String, path: String? = nil, query: String? = nil) -> URL? {
         guard let cleaned = MiniMaxSettingsReader.cleaned(raw) else { return nil }
 
@@ -320,12 +486,35 @@ public struct MiniMaxUsageFetcher: Sendable {
     }
 
     private static func looksSignedOut(html: String) -> Bool {
-        let lower = html.lowercased()
+        let lower = self.visibleText(from: html).lowercased()
         return lower.contains("sign in") || lower.contains("log in") || lower.contains("登录") || lower.contains("登入")
     }
+
+    static func _looksSignedOutForTesting(html: String) -> Bool {
+        self.looksSignedOut(html: html)
+    }
+
+    private static func visibleText(from html: String) -> String {
+        let patterns = [
+            #"(?is)<script\b[^>]*>.*?</script>"#,
+            #"(?is)<style\b[^>]*>.*?</style>"#,
+            #"(?is)<!--.*?-->"#,
+            #"<[^>]+>"#,
+            #"\s+"#,
+        ]
+
+        return patterns.enumerated().reduce(html) { result, item in
+            let replacement = item.offset == patterns.count - 1 ? " " : ""
+            return result.replacingOccurrences(
+                of: item.element,
+                with: replacement,
+                options: .regularExpression)
+        }
+        .trimmingCharacters(in: .whitespacesAndNewlines)
+    }
 }
 
-struct MiniMaxCodingPlanPayload: Decodable, Sendable {
+struct MiniMaxCodingPlanPayload: Decodable {
     let baseResp: MiniMaxBaseResponse?
     let data: MiniMaxCodingPlanData
 
@@ -346,7 +535,7 @@ struct MiniMaxCodingPlanPayload: Decodable, Sendable {
     }
 }
 
-struct MiniMaxCodingPlanData: Decodable, Sendable {
+struct MiniMaxCodingPlanData: Decodable {
     let baseResp: MiniMaxBaseResponse?
     let currentSubscribeTitle: String?
     let planName: String?
@@ -377,36 +566,54 @@ struct MiniMaxCodingPlanData: Decodable, Sendable {
     }
 }
 
-struct MiniMaxComboCard: Decodable, Sendable {
+struct MiniMaxComboCard: Decodable {
     let title: String?
 }
 
-struct MiniMaxModelRemains: Decodable, Sendable {
+struct MiniMaxModelRemains: Decodable {
+    let modelName: String?
     let currentIntervalTotalCount: Int?
     let currentIntervalUsageCount: Int?
     let startTime: Int?
     let endTime: Int?
     let remainsTime: Int?
+    let currentWeeklyTotalCount: Int?
+    let currentWeeklyUsageCount: Int?
+    let weeklyStartTime: Int?
+    let weeklyEndTime: Int?
+    let weeklyRemainsTime: Int?
 
     private enum CodingKeys: String, CodingKey {
+        case modelName = "model_name"
         case currentIntervalTotalCount = "current_interval_total_count"
         case currentIntervalUsageCount = "current_interval_usage_count"
         case startTime = "start_time"
         case endTime = "end_time"
         case remainsTime = "remains_time"
+        case currentWeeklyTotalCount = "current_weekly_total_count"
+        case currentWeeklyUsageCount = "current_weekly_usage_count"
+        case weeklyStartTime = "weekly_start_time"
+        case weeklyEndTime = "weekly_end_time"
+        case weeklyRemainsTime = "weekly_remains_time"
     }
 
     init(from decoder: Decoder) throws {
         let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.modelName = try container.decodeIfPresent(String.self, forKey: .modelName)
         self.currentIntervalTotalCount = MiniMaxDecoding.decodeInt(container, forKey: .currentIntervalTotalCount)
         self.currentIntervalUsageCount = MiniMaxDecoding.decodeInt(container, forKey: .currentIntervalUsageCount)
         self.startTime = MiniMaxDecoding.decodeInt(container, forKey: .startTime)
         self.endTime = MiniMaxDecoding.decodeInt(container, forKey: .endTime)
         self.remainsTime = MiniMaxDecoding.decodeInt(container, forKey: .remainsTime)
+        self.currentWeeklyTotalCount = MiniMaxDecoding.decodeInt(container, forKey: .currentWeeklyTotalCount)
+        self.currentWeeklyUsageCount = MiniMaxDecoding.decodeInt(container, forKey: .currentWeeklyUsageCount)
+        self.weeklyStartTime = MiniMaxDecoding.decodeInt(container, forKey: .weeklyStartTime)
+        self.weeklyEndTime = MiniMaxDecoding.decodeInt(container, forKey: .weeklyEndTime)
+        self.weeklyRemainsTime = MiniMaxDecoding.decodeInt(container, forKey: .weeklyRemainsTime)
     }
 }
 
-struct MiniMaxBaseResponse: Decodable, Sendable {
+struct MiniMaxBaseResponse: Decodable {
     let statusCode: Int?
     let statusMessage: String?
 
@@ -422,6 +629,53 @@ struct MiniMaxBaseResponse: Decodable, Sendable {
     }
 }
 
+// MARK: - Multi-Service API Response Structures
+
+struct MiniMaxMultiServicePayload: Decodable {
+    let data: MiniMaxMultiServiceData
+}
+
+struct MiniMaxMultiServiceData: Decodable {
+    let services: [MiniMaxServiceItem]
+}
+
+struct MiniMaxServiceItem: Decodable {
+    let serviceType: String?
+    let windowType: String?
+    let timeRange: String?
+    let usage: Int?
+    let limit: Int?
+    let percent: Double?
+
+    private enum CodingKeys: String, CodingKey {
+        case serviceType = "service_type"
+        case windowType = "window_type"
+        case timeRange = "time_range"
+        case usage
+        case limit
+        case percent
+    }
+
+    init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.serviceType = try container.decodeIfPresent(String.self, forKey: .serviceType)
+        self.windowType = try container.decodeIfPresent(String.self, forKey: .windowType)
+        self.timeRange = try container.decodeIfPresent(String.self, forKey: .timeRange)
+        self.usage = MiniMaxDecoding.decodeInt(container, forKey: .usage)
+        self.limit = MiniMaxDecoding.decodeInt(container, forKey: .limit)
+        // Handle both Double and String for percent (flexible parsing)
+        if let percentDouble = try? container.decodeIfPresent(Double.self, forKey: .percent) {
+            self.percent = percentDouble
+        } else if let percentString = try? container.decodeIfPresent(String.self, forKey: .percent),
+                  let percentValue = Double(percentString)
+        {
+            self.percent = percentValue
+        } else {
+            self.percent = nil
+        }
+    }
+}
+
 enum MiniMaxDecoding {
     static func decodeInt<K: CodingKey>(_ container: KeyedDecodingContainer<K>, forKey key: K) -> Int? {
         if let value = try? container.decodeIfPresent(Int.self, forKey: key) {
@@ -439,6 +693,23 @@ enum MiniMaxDecoding {
         }
         return nil
     }
+
+    static func decodeDouble<K: CodingKey>(_ container: KeyedDecodingContainer<K>, forKey key: K) -> Double? {
+        if let value = try? container.decodeIfPresent(Double.self, forKey: key) {
+            return value
+        }
+        if let value = try? container.decodeIfPresent(Int.self, forKey: key) {
+            return Double(value)
+        }
+        if let value = try? container.decodeIfPresent(Int64.self, forKey: key) {
+            return Double(value)
+        }
+        if let value = try? container.decodeIfPresent(String.self, forKey: key) {
+            let trimmed = value.trimmingCharacters(in: .whitespacesAndNewlines)
+            return Double(trimmed)
+        }
+        return nil
+    }
 }
 
 enum MiniMaxUsageParser {
@@ -447,6 +718,11 @@ enum MiniMaxUsageParser {
         return try decoder.decode(MiniMaxCodingPlanPayload.self, from: data)
     }
 
+    static func decodeMultiServicePayload(data: Data) throws -> MiniMaxMultiServicePayload {
+        let decoder = JSONDecoder()
+        return try decoder.decode(MiniMaxMultiServicePayload.self, from: data)
+    }
+
     static func decodePayload(json: [String: Any]) throws -> MiniMaxCodingPlanPayload {
         let normalized = self.normalizeCodingPlanPayload(json)
         let data = try JSONSerialization.data(withJSONObject: normalized, options: [])
@@ -454,6 +730,15 @@ enum MiniMaxUsageParser {
     }
 
     static func parseCodingPlanRemains(data: Data, now: Date = Date()) throws -> MiniMaxUsageSnapshot {
+        do {
+            if let multiServiceSnapshot = try self.parseMultiService(data: data, now: now) {
+                return multiServiceSnapshot
+            }
+        } catch {
+            // Log multi-service parsing failure but continue to single-service parsing
+            MiniMaxUsageFetcher.log.debug("MiniMax multi-service parsing failed: \(error.localizedDescription)")
+        }
+
         let payload = try self.decodePayload(data: data)
         return try self.parseCodingPlanRemains(payload: payload, now: now)
     }
@@ -498,29 +783,64 @@ enum MiniMaxUsageParser {
             throw MiniMaxUsageError.apiError(message)
         }
 
-        guard let first = payload.data.modelRemains.first else {
+        guard !payload.data.modelRemains.isEmpty else {
             throw MiniMaxUsageError.parseFailed("Missing coding plan data.")
         }
 
-        let total = first.currentIntervalTotalCount
-        let remaining = first.currentIntervalUsageCount
+        // Convert model_remains to services array for multi-service UI display
+        var services: [MiniMaxServiceUsage] = []
+        for item in payload.data.modelRemains {
+            guard let modelName = item.modelName else { continue }
+            let serviceTypeIdentifier = self.mapModelNameToServiceType(modelName: modelName)
+
+            if let intervalService = self.makeServiceUsage(
+                ServiceUsageInput(
+                    serviceType: serviceTypeIdentifier,
+                    windowTypeOverride: nil,
+                    total: item.currentIntervalTotalCount,
+                    remaining: item.currentIntervalUsageCount,
+                    start: item.startTime,
+                    end: item.endTime,
+                    remainsTime: item.remainsTime),
+                now: now)
+            {
+                services.append(intervalService)
+            }
+
+            // current_weekly_usage_count is also REMAINING quota; render only when weekly quota is real.
+            if self.isTextGenerationModelName(modelName),
+               let weeklyService = self.makeServiceUsage(
+                   ServiceUsageInput(
+                       serviceType: serviceTypeIdentifier,
+                       windowTypeOverride: "Weekly",
+                       total: item.currentWeeklyTotalCount,
+                       remaining: item.currentWeeklyUsageCount,
+                       start: item.weeklyStartTime,
+                       end: item.weeklyEndTime,
+                       remainsTime: item.weeklyRemainsTime),
+                   now: now)
+            {
+                services.append(weeklyService)
+            }
+        }
+
+        // Use first service for backward compatibility fields
+        let first = payload.data.modelRemains.first
+        let total = first?.currentIntervalTotalCount
+        let remaining = first?.currentIntervalUsageCount
         let usedPercent = self.usedPercent(total: total, remaining: remaining)
 
         let windowMinutes = self.windowMinutes(
-            start: self.dateFromEpoch(first.startTime),
-            end: self.dateFromEpoch(first.endTime))
+            start: self.dateFromEpoch(first?.startTime),
+            end: self.dateFromEpoch(first?.endTime))
 
         let resetsAt = self.resetsAt(
-            end: self.dateFromEpoch(first.endTime),
-            remains: first.remainsTime,
+            end: self.dateFromEpoch(first?.endTime),
+            remains: first?.remainsTime,
             now: now)
 
         let planName = self.parsePlanName(data: payload.data)
 
-        if planName == nil, total == nil, usedPercent == nil {
-            throw MiniMaxUsageError.parseFailed("Missing coding plan data.")
-        }
-
         let currentPrompts: Int? = if let total, let remaining {
             max(0, total - remaining)
         } else {
@@ -535,7 +855,8 @@ enum MiniMaxUsageParser {
             windowMinutes: windowMinutes,
             usedPercent: usedPercent,
             resetsAt: resetsAt,
-            updatedAt: now)
+            updatedAt: now,
+            services: services.isEmpty ? nil : services)
     }
 
     private static func usedPercent(total: Int?, remaining: Int?) -> Double? {
@@ -786,7 +1107,7 @@ enum MiniMaxUsageParser {
         if let tzHint = timeZoneHint?.trimmingCharacters(in: .whitespacesAndNewlines),
            !tzHint.isEmpty
         {
-            formatter.timeZone = TimeZone(identifier: tzHint)
+            formatter.timeZone = self.timeZone(from: tzHint)
         }
         formatter.locale = Locale(identifier: "en_US_POSIX")
 
@@ -816,6 +1137,33 @@ enum MiniMaxUsageParser {
         return 0
     }
 
+    private static func timeZone(from hint: String) -> TimeZone? {
+        let trimmed = hint.trimmingCharacters(in: .whitespacesAndNewlines)
+        if let timeZone = TimeZone(identifier: trimmed) {
+            return timeZone
+        }
+
+        let pattern = #"(?i)^(?:UTC|GMT)\s*([+-])\s*(\d{1,2})(?::?(\d{2}))?$"#
+        guard let regex = try? NSRegularExpression(pattern: pattern),
+              let match = regex.firstMatch(in: trimmed, range: NSRange(trimmed.startIndex..., in: trimmed)),
+              let signRange = Range(match.range(at: 1), in: trimmed),
+              let hourRange = Range(match.range(at: 2), in: trimmed)
+        else {
+            return nil
+        }
+
+        let sign = trimmed[signRange] == "-" ? -1 : 1
+        let hours = Int(trimmed[hourRange]) ?? 0
+        let minutes = if match.range(at: 3).location != NSNotFound,
+                         let minuteRange = Range(match.range(at: 3), in: trimmed)
+        {
+            Int(trimmed[minuteRange]) ?? 0
+        } else {
+            0
+        }
+        return TimeZone(secondsFromGMT: sign * ((hours * 3600) + (minutes * 60)))
+    }
+
     private static func seconds(from value: Double, unit: String) -> TimeInterval {
         let lower = unit.lowercased()
         if lower.hasPrefix("d") { return value * 24 * 60 * 60 }
@@ -855,6 +1203,282 @@ enum MiniMaxUsageParser {
             return String(text[captureRange]).trimmingCharacters(in: .whitespacesAndNewlines)
         }
     }
+
+    // MARK: - Multi-Service Parsing
+
+    private static func parseMultiService(data: Data, now: Date) throws -> MiniMaxUsageSnapshot? {
+        let payload = try self.decodeMultiServicePayload(data: data)
+
+        guard !payload.data.services.isEmpty else {
+            return nil
+        }
+
+        var services: [MiniMaxServiceUsage] = []
+        for item in payload.data.services {
+            guard let serviceType = item.serviceType,
+                  let windowType = item.windowType,
+                  let timeRange = item.timeRange,
+                  let usage = item.usage,
+                  let limit = item.limit,
+                  limit > 0
+            else {
+                continue
+            }
+
+            var percent = item.percent ?? 0.0
+            if item.percent == nil, limit > 0 {
+                percent = Double(usage) / Double(limit) * 100.0
+            }
+
+            let resetsAt = self.parseResetsAtFromTimeRange(timeRange: timeRange, windowType: windowType, now: now)
+            let resetDescription = self.resetDescription(
+                for: windowType,
+                timeRange: timeRange,
+                now: now,
+                resetsAt: resetsAt)
+
+            let serviceTypeIdentifier: String = if serviceType.lowercased().contains("text"),
+                                                   serviceType.lowercased().contains("generation")
+            {
+                "text-generation"
+            } else if serviceType.lowercased().contains("text"), serviceType.lowercased().contains("speech") {
+                "text-to-speech"
+            } else if serviceType.lowercased().contains("image") {
+                "image"
+            } else {
+                serviceType.lowercased()
+                    .replacingOccurrences(of: " ", with: "-")
+                    .replacingOccurrences(of: "_", with: "-")
+            }
+
+            let serviceUsage = MiniMaxServiceUsage(
+                serviceType: serviceTypeIdentifier,
+                windowType: windowType,
+                timeRange: timeRange,
+                usage: usage,
+                limit: limit,
+                percent: min(100.0, max(0.0, percent)),
+                resetsAt: resetsAt,
+                resetDescription: resetDescription)
+            services.append(serviceUsage)
+        }
+
+        if services.isEmpty {
+            return nil
+        }
+
+        let planName = self.extractPlanNameFromServices(services: payload.data.services)
+
+        return MiniMaxUsageSnapshot(
+            planName: planName,
+            availablePrompts: nil,
+            currentPrompts: nil,
+            remainingPrompts: nil,
+            windowMinutes: nil,
+            usedPercent: nil,
+            resetsAt: nil,
+            updatedAt: now,
+            services: services)
+    }
+
+    private static func parseResetsAtFromTimeRange(timeRange: String, windowType: String, now: Date) -> Date? {
+        let lowerWindow = windowType.lowercased().trimmingCharacters(in: .whitespacesAndNewlines)
+
+        if lowerWindow == "today" {
+            let components = timeRange.split(separator: "-", maxSplits: 1)
+            guard components.count == 2 else { return nil }
+
+            let endTimeStr = String(components[1].trimmingCharacters(in: .whitespacesAndNewlines))
+            let formatter = DateFormatter()
+            formatter.dateFormat = "yyyy/MM/dd HH:mm"
+            formatter.locale = Locale(identifier: "en_US_POSIX")
+            formatter.timeZone = TimeZone(identifier: "Asia/Shanghai")
+
+            return formatter.date(from: endTimeStr)
+        }
+
+        if lowerWindow.contains("hour") || lowerWindow.contains("h") {
+            let timeComponents = timeRange.split(separator: "-")
+            guard timeComponents.count >= 2 else { return nil }
+
+            let endTimePart = String(timeComponents[1])
+            let endTimeClean = endTimePart.replacingOccurrences(of: "\\(.*\\)", with: "", options: .regularExpression)
+                .trimmingCharacters(in: .whitespacesAndNewlines)
+
+            return self.dateForTime(endTimeClean, timeZoneHint: "UTC+8", now: now)
+        }
+
+        return nil
+    }
+
+    private static func resetDescription(
+        for windowType: String,
+        timeRange: String,
+        now: Date,
+        resetsAt: Date?) -> String
+    {
+        if let resetsAt, resetsAt > now {
+            let interval = resetsAt.timeIntervalSince(now)
+            if interval < 60 {
+                return "Resets in \(Int(interval)) seconds"
+            } else if interval < 3600 {
+                let minutes = Int(interval / 60)
+                return "Resets in \(minutes) minute\(minutes == 1 ? "" : "s")"
+            } else if interval < 86400 {
+                let hours = Int(interval / 3600)
+                return "Resets in \(hours) hour\(hours == 1 ? "" : "s")"
+            } else {
+                let days = Int(interval / 86400)
+                return "Resets in \(days) day\(days == 1 ? "" : "s")"
+            }
+        }
+
+        return "\(windowType): \(timeRange)"
+    }
+
+    private static func extractPlanNameFromServices(services: [MiniMaxServiceItem]) -> String? {
+        for service in services {
+            if let serviceType = service.serviceType,
+               serviceType.lowercased().contains("pro") || serviceType.lowercased().contains("max")
+            {
+                return serviceType
+            }
+        }
+
+        return nil
+    }
+
+    private static func parseWindowInfo(
+        startTime: Date?,
+        endTime: Date?,
+        now: Date) -> (windowType: String, timeRange: String)
+    {
+        guard let startTime, let endTime else {
+            return (windowType: "Unknown", timeRange: "N/A")
+        }
+
+        let durationSeconds = endTime.timeIntervalSince(startTime)
+        let durationHours = durationSeconds / 3600
+
+        // Determine window type based on duration
+        let windowType = if durationHours >= 23, durationHours <= 25 {
+            "Today"
+        } else if durationHours >= 4, durationHours <= 6 {
+            "5 hours"
+        } else if durationHours >= 1, durationHours < 23 {
+            "\(Int(durationHours)) hours"
+        } else {
+            "Custom"
+        }
+
+        // Format time range
+        let formatter = DateFormatter()
+        formatter.dateFormat = "HH:mm"
+        formatter.timeZone = TimeZone(identifier: "Asia/Shanghai") ?? .current
+        let startStr = formatter.string(from: startTime)
+        let endStr = formatter.string(from: endTime)
+
+        let timeRange = "\(startStr)-\(endStr)(UTC+8)"
+
+        return (windowType: windowType, timeRange: timeRange)
+    }
+
+    private struct ServiceUsageInput {
+        let serviceType: String
+        let windowTypeOverride: String?
+        let total: Int?
+        let remaining: Int?
+        let start: Int?
+        let end: Int?
+        let remainsTime: Int?
+    }
+
+    private static func makeServiceUsage(_ input: ServiceUsageInput, now: Date) -> MiniMaxServiceUsage? {
+        guard let total = input.total, total > 0, let remaining = input.remaining else { return nil }
+        let used = max(0, total - remaining)
+        if used == 0, total == 0 { return nil }
+
+        let startTime = self.dateFromEpoch(input.start)
+        let endTime = self.dateFromEpoch(input.end)
+        var (windowType, timeRange) = self.parseWindowInfo(startTime: startTime, endTime: endTime, now: now)
+        if let windowTypeOverride = input.windowTypeOverride { windowType = windowTypeOverride }
+        if windowType.lowercased() == "weekly",
+           let weeklyRange = self.formatMiniMaxDateTimeRange(startTime: startTime, endTime: endTime)
+        {
+            timeRange = weeklyRange
+        }
+
+        let resetsAt = self.resetsAt(end: endTime, remains: input.remainsTime, now: now)
+        let resetDescription = self.resetDescription(
+            for: windowType,
+            timeRange: timeRange,
+            now: now,
+            resetsAt: resetsAt)
+
+        let percent = Double(used) / Double(total) * 100.0
+        return MiniMaxServiceUsage(
+            serviceType: input.serviceType,
+            windowType: windowType,
+            timeRange: timeRange,
+            usage: used,
+            limit: total,
+            percent: min(100.0, max(0.0, percent)),
+            resetsAt: resetsAt,
+            resetDescription: resetDescription)
+    }
+
+    private static func mapModelNameToServiceType(modelName: String) -> String {
+        // Text Generation (文本生成): M2.7, M2.7-highspeed, MiniMax-M*, etc.
+        if self.isTextGenerationModelName(modelName) {
+            return "Text Generation"
+        }
+
+        let lower = modelName.lowercased()
+
+        // Text to Speech (语音合成): speech-hd, Speech 2.8, etc.
+        if lower.contains("speech") {
+            return "Text to Speech"
+        }
+
+        // Image to Video Fast (图生视频 Fast): Hailuo-2.3-Fast
+        if lower.contains("hailuo"), lower.contains("fast") {
+            return "Image to Video"
+        }
+
+        // Text to Video (文生视频): Hailuo-2.3 (non-Fast)
+        if lower.contains("hailuo") {
+            return "Text to Video"
+        }
+
+        // Image Generation (图像生成): image-01, image-02, etc.
+        if lower.hasPrefix("image-") {
+            return "Image Generation"
+        }
+
+        // Music Generation (音乐生成): music-2.5, etc.
+        if lower.contains("music") {
+            return "Music Generation"
+        }
+
+        // Default: use model name as-is
+        return modelName
+    }
+
+    private static func isTextGenerationModelName(_ modelName: String) -> Bool {
+        let lower = modelName.lowercased()
+        return lower.contains("minimax-m") || lower.hasPrefix("m2.")
+    }
+
+    private static func formatMiniMaxDateTimeRange(startTime: Date?, endTime: Date?) -> String? {
+        guard let startTime, let endTime else { return nil }
+        let formatter = DateFormatter()
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        formatter.timeZone = TimeZone(identifier: "Asia/Shanghai")
+        formatter.dateFormat = "MM/dd HH:mm"
+        let start = formatter.string(from: startTime)
+        let end = formatter.string(from: endTime)
+        return "\(start) - \(end)(UTC+8)"
+    }
 }
 
 public enum MiniMaxUsageError: LocalizedError, Sendable, Equatable {
diff --git a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageSnapshot.swift b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageSnapshot.swift
index 09ed671e2..f66de9d23 100644
--- a/Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageSnapshot.swift
+++ b/Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageSnapshot.swift
@@ -9,6 +9,41 @@ public struct MiniMaxUsageSnapshot: Sendable {
     public let usedPercent: Double?
     public let resetsAt: Date?
     public let updatedAt: Date
+    public let services: [MiniMaxServiceUsage]?
+    public let billingSummary: MiniMaxBillingSummary?
+
+    public var primaryService: MiniMaxServiceUsage? {
+        // Priority: "Text Generation" > first service
+        if let services = self.services, !services.isEmpty {
+            if let textGenService = services.first(where: { $0.displayName == "Text Generation" }) {
+                return textGenService
+            }
+            return services.first
+        }
+        return nil
+    }
+
+    public var secondaryService: MiniMaxServiceUsage? {
+        // Return second service for RateWindow.secondary if exists
+        guard let services = self.services, services.count >= 2 else { return nil }
+        // If we have Text Generation as primary, get the next non-Text Generation service
+        if let textGenIndex = services.firstIndex(where: { $0.displayName == "Text Generation" }) {
+            // If Text Generation is first, secondary is second
+            if textGenIndex == 0 {
+                return services[1]
+            }
+            // If Text Generation is not first, secondary could be first or second depending on count
+            return services[0]
+        }
+        // No Text Generation found, just return second service
+        return services[1]
+    }
+
+    public var tertiaryService: MiniMaxServiceUsage? {
+        // Return third service for RateWindow.tertiary if exists
+        guard let services = self.services, services.count >= 3 else { return nil }
+        return services[2]
+    }
 
     public init(
         planName: String?,
@@ -18,7 +53,9 @@ public struct MiniMaxUsageSnapshot: Sendable {
         windowMinutes: Int?,
         usedPercent: Double?,
         resetsAt: Date?,
-        updatedAt: Date)
+        updatedAt: Date,
+        services: [MiniMaxServiceUsage]? = nil,
+        billingSummary: MiniMaxBillingSummary? = nil)
     {
         self.planName = planName
         self.availablePrompts = availablePrompts
@@ -28,11 +65,52 @@ public struct MiniMaxUsageSnapshot: Sendable {
         self.usedPercent = usedPercent
         self.resetsAt = resetsAt
         self.updatedAt = updatedAt
+        self.services = services
+        self.billingSummary = billingSummary
+    }
+
+    public func withBillingSummary(_ billingSummary: MiniMaxBillingSummary?) -> MiniMaxUsageSnapshot {
+        MiniMaxUsageSnapshot(
+            planName: self.planName,
+            availablePrompts: self.availablePrompts,
+            currentPrompts: self.currentPrompts,
+            remainingPrompts: self.remainingPrompts,
+            windowMinutes: self.windowMinutes,
+            usedPercent: self.usedPercent,
+            resetsAt: self.resetsAt,
+            updatedAt: self.updatedAt,
+            services: self.services,
+            billingSummary: billingSummary)
     }
 }
 
 extension MiniMaxUsageSnapshot {
     public func toUsageSnapshot() -> UsageSnapshot {
+        // If we have services array, use that for multi-service support
+        if let services = self.services, !services.isEmpty {
+            let primaryWindow = self.rateWindow(for: self.primaryService)
+            let secondaryWindow = self.rateWindow(for: self.secondaryService)
+            let tertiaryWindow = self.rateWindow(for: self.tertiaryService)
+
+            let planName = self.planName?.trimmingCharacters(in: .whitespacesAndNewlines)
+            let loginMethod = (planName?.isEmpty ?? true) ? nil : planName
+            let identity = ProviderIdentitySnapshot(
+                providerID: .minimax,
+                accountEmail: nil,
+                accountOrganization: nil,
+                loginMethod: loginMethod)
+
+            return UsageSnapshot(
+                primary: primaryWindow,
+                secondary: secondaryWindow,
+                tertiary: tertiaryWindow,
+                providerCost: nil,
+                minimaxUsage: self,
+                updatedAt: self.updatedAt,
+                identity: identity)
+        }
+
+        // Fallback to single-service mode for backward compatibility
         let used = max(0, min(100, self.usedPercent ?? 0))
         let resetDescription = self.limitDescription()
         let primary = RateWindow(
@@ -59,6 +137,16 @@ extension MiniMaxUsageSnapshot {
             identity: identity)
     }
 
+    private func rateWindow(for service: MiniMaxServiceUsage?) -> RateWindow? {
+        guard let service else { return nil }
+        let windowMinutes = self.windowMinutes(for: service)
+        return RateWindow(
+            usedPercent: max(0, min(100, service.percent)),
+            windowMinutes: windowMinutes,
+            resetsAt: service.resetsAt,
+            resetDescription: service.resetDescription)
+    }
+
     private func limitDescription() -> String? {
         guard let availablePrompts, availablePrompts > 0 else {
             return self.windowDescription()
@@ -82,4 +170,31 @@ extension MiniMaxUsageSnapshot {
         }
         return "\(windowMinutes) \(windowMinutes == 1 ? "minute" : "minutes")"
     }
+
+    private func windowMinutes(for service: MiniMaxServiceUsage) -> Int? {
+        let windowType = service.windowType.lowercased().trimmingCharacters(in: .whitespacesAndNewlines)
+
+        // Handle "Today" case - 24 hours = 1440 minutes
+        if windowType == "today" {
+            return 24 * 60
+        }
+
+        // Handle time duration formats like "5 hours", "30 minutes", etc.
+        let components = windowType.split(separator: " ")
+        guard components.count >= 2 else { return nil }
+
+        guard let value = Int(components[0]) else { return nil }
+        let unit = components[1].lowercased()
+
+        switch unit {
+        case "hour", "hours", "h", "hr", "hrs":
+            return value * 60
+        case "minute", "minutes", "min", "mins", "m":
+            return value
+        case "day", "days", "d":
+            return value * 24 * 60
+        default:
+            return nil
+        }
+    }
 }
diff --git a/Sources/CodexBarCore/Providers/Mistral/MistralCookieImporter.swift b/Sources/CodexBarCore/Providers/Mistral/MistralCookieImporter.swift
new file mode 100644
index 000000000..0bd65cb44
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Mistral/MistralCookieImporter.swift
@@ -0,0 +1,101 @@
+import Foundation
+
+#if os(macOS)
+import SweetCookieKit
+
+private let mistralCookieImportOrder: BrowserCookieImportOrder =
+    ProviderDefaults.metadata[.mistral]?.browserCookieOrder ?? Browser.defaultImportOrder
+
+public enum MistralCookieImporter {
+    private static let cookieClient = BrowserCookieClient()
+    private static let cookieDomains = ["mistral.ai", "admin.mistral.ai", "auth.mistral.ai"]
+
+    public struct SessionInfo: Sendable {
+        public let cookies: [HTTPCookie]
+        public let sourceLabel: String
+
+        public init(cookies: [HTTPCookie], sourceLabel: String) {
+            self.cookies = cookies
+            self.sourceLabel = sourceLabel
+        }
+
+        public var cookieHeader: String {
+            self.cookies.map { "\($0.name)=\($0.value)" }.joined(separator: "; ")
+        }
+
+        /// Extracts the CSRF token from the `csrftoken` cookie for the `X-CSRFTOKEN` header.
+        public var csrfToken: String? {
+            self.cookies.first { $0.name == "csrftoken" }?.value
+        }
+    }
+
+    /// Returns `true` if any cookie name starts with `ory_session_` (the Ory Kratos session cookie).
+    private static func hasSessionCookie(_ cookies: [HTTPCookie]) -> Bool {
+        cookies.contains { $0.name.hasPrefix("ory_session_") }
+    }
+
+    public static func importSession(
+        browserDetection: BrowserDetection,
+        preferredBrowsers: [Browser] = [.chrome],
+        logger: ((String) -> Void)? = nil) throws -> SessionInfo
+    {
+        let log: (String) -> Void = { msg in logger?("[mistral-cookie] \(msg)") }
+        let installedBrowsers = preferredBrowsers.isEmpty
+            ? mistralCookieImportOrder.cookieImportCandidates(using: browserDetection)
+            : preferredBrowsers.cookieImportCandidates(using: browserDetection)
+
+        for browserSource in installedBrowsers {
+            do {
+                let query = BrowserCookieQuery(domains: self.cookieDomains)
+                let sources = try Self.cookieClient.records(
+                    matching: query,
+                    in: browserSource,
+                    logger: log)
+                for source in sources where !source.records.isEmpty {
+                    let httpCookies = BrowserCookieClient.makeHTTPCookies(source.records, origin: query.origin)
+                    if !httpCookies.isEmpty {
+                        guard Self.hasSessionCookie(httpCookies) else {
+                            log("Skipping \(source.label) cookies: missing ory_session_* cookie")
+                            continue
+                        }
+                        log("Found \(httpCookies.count) Mistral cookies in \(source.label)")
+                        return SessionInfo(cookies: httpCookies, sourceLabel: source.label)
+                    }
+                }
+            } catch {
+                BrowserCookieAccessGate.recordIfNeeded(error)
+                log("\(browserSource.displayName) cookie import failed: \(error.localizedDescription)")
+            }
+        }
+
+        throw MistralCookieImportError.noCookies
+    }
+
+    public static func hasSession(
+        browserDetection: BrowserDetection,
+        preferredBrowsers: [Browser] = [.chrome],
+        logger: ((String) -> Void)? = nil) -> Bool
+    {
+        do {
+            _ = try self.importSession(
+                browserDetection: browserDetection,
+                preferredBrowsers: preferredBrowsers,
+                logger: logger)
+            return true
+        } catch {
+            return false
+        }
+    }
+}
+
+enum MistralCookieImportError: LocalizedError {
+    case noCookies
+
+    var errorDescription: String? {
+        switch self {
+        case .noCookies:
+            "No Mistral session cookies found in browsers."
+        }
+    }
+}
+#endif
diff --git a/Sources/CodexBarCore/Providers/Mistral/MistralErrors.swift b/Sources/CodexBarCore/Providers/Mistral/MistralErrors.swift
new file mode 100644
index 000000000..1c8ab4ae4
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Mistral/MistralErrors.swift
@@ -0,0 +1,35 @@
+import Foundation
+
+public enum MistralUsageError: LocalizedError, Sendable {
+    case missingCookie
+    case invalidCredentials
+    case apiError(String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCookie:
+            "No Mistral session cookies found in browsers."
+        case .invalidCredentials:
+            "Mistral session expired or invalid (HTTP 401/403)."
+        case let .apiError(detail):
+            "Mistral API error: \(detail)"
+        case let .parseFailed(detail):
+            "Failed to parse Mistral billing response: \(detail)"
+        }
+    }
+}
+
+enum MistralSettingsError: LocalizedError {
+    case missingCookie
+    case invalidCookie
+
+    var errorDescription: String? {
+        switch self {
+        case .missingCookie:
+            "No Mistral session cookies found in browsers."
+        case .invalidCookie:
+            "Mistral cookie header is invalid or missing ory_session cookie."
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Mistral/MistralModels.swift b/Sources/CodexBarCore/Providers/Mistral/MistralModels.swift
new file mode 100644
index 000000000..1470a7688
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Mistral/MistralModels.swift
@@ -0,0 +1,250 @@
+import Foundation
+
+// MARK: - API Response Models
+
+/// Top-level response from `GET https://admin.mistral.ai/api/billing/v2/usage`.
+struct MistralBillingResponse: Codable {
+    let completion: MistralModelUsageCategory?
+    let ocr: MistralModelUsageCategory?
+    let connectors: MistralModelUsageCategory?
+    let librariesApi: MistralLibrariesUsageCategory?
+    let fineTuning: MistralFineTuningCategory?
+    let audio: MistralModelUsageCategory?
+    let vibeUsage: Double?
+    let date: String?
+    let previousMonth: String?
+    let nextMonth: String?
+    let startDate: String?
+    let endDate: String?
+    let currency: String?
+    let currencySymbol: String?
+    let prices: [MistralPrice]?
+
+    enum CodingKeys: String, CodingKey {
+        case completion, ocr, connectors, audio, date, currency, prices
+        case librariesApi = "libraries_api"
+        case fineTuning = "fine_tuning"
+        case vibeUsage = "vibe_usage"
+        case previousMonth = "previous_month"
+        case nextMonth = "next_month"
+        case startDate = "start_date"
+        case endDate = "end_date"
+        case currencySymbol = "currency_symbol"
+    }
+}
+
+struct MistralModelUsageCategory: Codable {
+    let models: [String: MistralModelUsageData]?
+}
+
+struct MistralLibrariesUsageCategory: Codable {
+    let pages: MistralModelUsageCategory?
+    let tokens: MistralModelUsageCategory?
+}
+
+struct MistralFineTuningCategory: Codable {
+    let training: [String: MistralModelUsageData]?
+    let storage: [String: MistralModelUsageData]?
+}
+
+struct MistralModelUsageData: Codable {
+    let input: [MistralUsageEntry]?
+    let output: [MistralUsageEntry]?
+    let cached: [MistralUsageEntry]?
+}
+
+struct MistralUsageEntry: Codable {
+    let usageType: String?
+    let eventType: String?
+    let billingMetric: String?
+    let billingDisplayName: String?
+    let billingGroup: String?
+    let timestamp: String?
+    let value: Int?
+    let valuePaid: Int?
+
+    enum CodingKeys: String, CodingKey {
+        case timestamp, value
+        case usageType = "usage_type"
+        case eventType = "event_type"
+        case billingMetric = "billing_metric"
+        case billingDisplayName = "billing_display_name"
+        case billingGroup = "billing_group"
+        case valuePaid = "value_paid"
+    }
+}
+
+struct MistralPrice: Codable {
+    let eventType: String?
+    let billingMetric: String?
+    let billingGroup: String?
+    let price: String?
+
+    enum CodingKeys: String, CodingKey {
+        case price
+        case eventType = "event_type"
+        case billingMetric = "billing_metric"
+        case billingGroup = "billing_group"
+    }
+}
+
+// MARK: - Intermediate Snapshot
+
+public struct MistralDailyUsageBucket: Codable, Equatable, Sendable, Identifiable {
+    public struct ModelBreakdown: Codable, Equatable, Sendable, Identifiable {
+        public let name: String
+        public let cost: Double
+        public let inputTokens: Int
+        public let cachedTokens: Int
+        public let outputTokens: Int
+
+        public var id: String {
+            self.name
+        }
+
+        public var totalTokens: Int {
+            self.inputTokens + self.cachedTokens + self.outputTokens
+        }
+
+        public init(name: String, cost: Double, inputTokens: Int, cachedTokens: Int, outputTokens: Int) {
+            self.name = name
+            self.cost = cost
+            self.inputTokens = inputTokens
+            self.cachedTokens = cachedTokens
+            self.outputTokens = outputTokens
+        }
+    }
+
+    public let day: String
+    public let cost: Double
+    public let inputTokens: Int
+    public let cachedTokens: Int
+    public let outputTokens: Int
+    public let models: [ModelBreakdown]
+
+    public var id: String {
+        self.day
+    }
+
+    public var totalTokens: Int {
+        self.inputTokens + self.cachedTokens + self.outputTokens
+    }
+
+    public init(
+        day: String,
+        cost: Double,
+        inputTokens: Int,
+        cachedTokens: Int,
+        outputTokens: Int,
+        models: [ModelBreakdown])
+    {
+        self.day = day
+        self.cost = cost
+        self.inputTokens = inputTokens
+        self.cachedTokens = cachedTokens
+        self.outputTokens = outputTokens
+        self.models = models
+    }
+}
+
+public struct MistralUsageSnapshot: Codable, Sendable {
+    public let totalCost: Double
+    public let currency: String
+    public let currencySymbol: String
+    public let totalInputTokens: Int
+    public let totalOutputTokens: Int
+    public let totalCachedTokens: Int
+    public let modelCount: Int
+    public let daily: [MistralDailyUsageBucket]
+    public let startDate: Date?
+    public let endDate: Date?
+    public let updatedAt: Date
+
+    public init(
+        totalCost: Double,
+        currency: String,
+        currencySymbol: String,
+        totalInputTokens: Int,
+        totalOutputTokens: Int,
+        totalCachedTokens: Int,
+        modelCount: Int,
+        daily: [MistralDailyUsageBucket] = [],
+        startDate: Date?,
+        endDate: Date?,
+        updatedAt: Date)
+    {
+        self.totalCost = totalCost
+        self.currency = currency
+        self.currencySymbol = currencySymbol
+        self.totalInputTokens = totalInputTokens
+        self.totalOutputTokens = totalOutputTokens
+        self.totalCachedTokens = totalCachedTokens
+        self.modelCount = modelCount
+        self.daily = daily.sorted { $0.day < $1.day }
+        self.startDate = startDate
+        self.endDate = endDate
+        self.updatedAt = updatedAt
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        // Negative totalCost means a refund/credit adjustment; clamp to zero rather than
+        // showing a confusing negative amount in the menu bar.
+        let spendText = if self.totalCost > 0 {
+            "\(self.currencySymbol)\(String(format: "%.4f", self.totalCost)) this month"
+        } else {
+            "\(self.currencySymbol)0.0000 this month"
+        }
+        let identity = ProviderIdentitySnapshot(
+            providerID: .mistral,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: "API spend: \(spendText)")
+        return UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            providerCost: nil,
+            mistralUsage: self,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+
+    public func toCostUsageTokenSnapshot(historyDays: Int = 30) -> CostUsageTokenSnapshot {
+        let clampedHistoryDays = max(1, min(365, historyDays))
+        let selected = self.daily
+        let entries = selected.map { bucket in
+            let modelBreakdowns = bucket.models.map {
+                CostUsageDailyReport.ModelBreakdown(
+                    modelName: $0.name,
+                    costUSD: max($0.cost, 0),
+                    totalTokens: $0.totalTokens)
+            }
+            let modelsUsed = bucket.models.map(\.name)
+            return CostUsageDailyReport.Entry(
+                date: bucket.day,
+                inputTokens: bucket.inputTokens,
+                outputTokens: bucket.outputTokens,
+                cacheReadTokens: bucket.cachedTokens,
+                cacheCreationTokens: nil,
+                totalTokens: bucket.totalTokens,
+                costUSD: max(bucket.cost, 0),
+                modelsUsed: modelsUsed.isEmpty ? nil : modelsUsed,
+                modelBreakdowns: modelBreakdowns.isEmpty ? nil : modelBreakdowns)
+        }
+        let latest = selected.last
+        let totalCost = max(self.totalCost, 0)
+        let totalTokens = selected.isEmpty
+            ? self.totalInputTokens + self.totalCachedTokens + self.totalOutputTokens
+            : selected.reduce(0) { $0 + $1.totalTokens }
+        let tokens = totalTokens > 0 ? totalTokens : nil
+        return CostUsageTokenSnapshot(
+            sessionTokens: latest?.totalTokens,
+            sessionCostUSD: latest.map { max($0.cost, 0) },
+            last30DaysTokens: tokens,
+            last30DaysCostUSD: totalCost,
+            currencyCode: self.currency,
+            historyDays: selected.isEmpty ? clampedHistoryDays : max(1, min(365, selected.count)),
+            historyLabel: "This month",
+            daily: entries,
+            updatedAt: self.updatedAt)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Mistral/MistralProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Mistral/MistralProviderDescriptor.swift
new file mode 100644
index 000000000..b1af52984
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Mistral/MistralProviderDescriptor.swift
@@ -0,0 +1,121 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum MistralProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .mistral,
+            metadata: ProviderMetadata(
+                id: .mistral,
+                displayName: "Mistral",
+                sessionLabel: "Monthly",
+                weeklyLabel: "",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show Mistral usage",
+                cliName: "mistral",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: ProviderBrowserCookieDefaults.defaultImportOrder,
+                dashboardURL: "https://admin.mistral.ai/organization/usage",
+                statusPageURL: nil,
+                statusLinkURL: "https://status.mistral.ai"),
+            branding: ProviderBranding(
+                iconStyle: .mistral,
+                iconResourceName: "ProviderIcon-mistral",
+                color: ProviderColor(red: 255 / 255, green: 80 / 255, blue: 15 / 255)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: true,
+                noDataMessage: { "Mistral cost history needs a billing web session." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .web],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [MistralWebFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "mistral",
+                aliases: ["mistral-ai"],
+                versionDetector: nil))
+    }
+}
+
+struct MistralWebFetchStrategy: ProviderFetchStrategy {
+    let id: String = "mistral.web"
+    let kind: ProviderFetchKind = .web
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        guard context.settings?.mistral?.cookieSource != .off else { return false }
+        return true
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let cookieSource = context.settings?.mistral?.cookieSource ?? .auto
+        do {
+            let (cookieHeader, csrfToken) = try Self.resolveCookieHeader(context: context, allowCached: true)
+            let snapshot = try await MistralUsageFetcher.fetchUsage(
+                cookieHeader: cookieHeader,
+                csrfToken: csrfToken,
+                timeout: context.webTimeout)
+            return self.makeResult(
+                usage: snapshot.toUsageSnapshot(),
+                sourceLabel: "web")
+        } catch MistralUsageError.invalidCredentials where cookieSource != .manual {
+            #if os(macOS)
+            CookieHeaderCache.clear(provider: .mistral)
+            let (cookieHeader, csrfToken) = try Self.resolveCookieHeader(context: context, allowCached: false)
+            let snapshot = try await MistralUsageFetcher.fetchUsage(
+                cookieHeader: cookieHeader,
+                csrfToken: csrfToken,
+                timeout: context.webTimeout)
+            return self.makeResult(
+                usage: snapshot.toUsageSnapshot(),
+                sourceLabel: "web")
+            #else
+            throw MistralUsageError.invalidCredentials
+            #endif
+        }
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    private static func resolveCookieHeader(
+        context: ProviderFetchContext,
+        allowCached: Bool) throws -> (cookieHeader: String, csrfToken: String?)
+    {
+        if let settings = context.settings?.mistral, settings.cookieSource == .manual {
+            if let header = CookieHeaderNormalizer.normalize(settings.manualCookieHeader) {
+                let pairs = CookieHeaderNormalizer.pairs(from: header)
+                let hasSessionCookie = pairs.contains { $0.name.hasPrefix("ory_session_") }
+                if hasSessionCookie {
+                    let csrfToken = pairs.first { $0.name == "csrftoken" }?.value
+                    return (header, csrfToken)
+                }
+            }
+            throw MistralSettingsError.invalidCookie
+        }
+
+        #if os(macOS)
+        if allowCached,
+           let cached = CookieHeaderCache.load(provider: .mistral),
+           !cached.cookieHeader.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+        {
+            let pairs = CookieHeaderNormalizer.pairs(from: cached.cookieHeader)
+            let csrfToken = pairs.first { $0.name == "csrftoken" }?.value
+            return (cached.cookieHeader, csrfToken)
+        }
+        let session = try MistralCookieImporter.importSession(browserDetection: context.browserDetection)
+        CookieHeaderCache.store(
+            provider: .mistral,
+            cookieHeader: session.cookieHeader,
+            sourceLabel: session.sourceLabel)
+        return (session.cookieHeader, session.csrfToken)
+        #else
+        throw MistralSettingsError.missingCookie
+        #endif
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Mistral/MistralUsageFetcher.swift b/Sources/CodexBarCore/Providers/Mistral/MistralUsageFetcher.swift
new file mode 100644
index 000000000..996658610
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Mistral/MistralUsageFetcher.swift
@@ -0,0 +1,389 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public enum MistralUsageFetcher {
+    private static let baseURL = URL(string: "https://admin.mistral.ai")!
+
+    public static func fetchUsage(
+        cookieHeader: String,
+        csrfToken: String?,
+        timeout: TimeInterval = 15) async throws -> MistralUsageSnapshot
+    {
+        let now = Date()
+        var calendar = Calendar(identifier: .gregorian)
+        calendar.timeZone = TimeZone(identifier: "UTC")!
+        let month = calendar.component(.month, from: now)
+        let year = calendar.component(.year, from: now)
+
+        let usagePath = self.baseURL.appendingPathComponent("/api/billing/v2/usage")
+        var components = URLComponents(url: usagePath, resolvingAgainstBaseURL: false)!
+        components.queryItems = [
+            URLQueryItem(name: "month", value: "\(month)"),
+            URLQueryItem(name: "year", value: "\(year)"),
+        ]
+        guard let url = components.url else {
+            throw MistralUsageError.apiError("Failed to construct URL")
+        }
+
+        var request = URLRequest(url: url, timeoutInterval: timeout)
+        request.setValue("*/*", forHTTPHeaderField: "Accept")
+        request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
+        request.setValue("https://admin.mistral.ai/organization/usage", forHTTPHeaderField: "Referer")
+        request.setValue("https://admin.mistral.ai", forHTTPHeaderField: "Origin")
+        if let csrfToken {
+            request.setValue(csrfToken, forHTTPHeaderField: "X-CSRFTOKEN")
+        }
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+
+        switch response.statusCode {
+        case 200:
+            break
+        case 401, 403:
+            throw MistralUsageError.invalidCredentials
+        default:
+            let body = String(data: data.prefix(200), encoding: .utf8) ?? ""
+            throw MistralUsageError.apiError("HTTP \(response.statusCode): \(body)")
+        }
+
+        return try Self.parseResponse(data: data, updatedAt: now)
+    }
+
+    static func parseResponse(data: Data, updatedAt: Date) throws -> MistralUsageSnapshot {
+        let decoder = JSONDecoder()
+        let billing: MistralBillingResponse
+        do {
+            billing = try decoder.decode(MistralBillingResponse.self, from: data)
+        } catch {
+            throw MistralUsageError.parseFailed(error.localizedDescription)
+        }
+
+        let prices = Self.buildPriceIndex(billing.prices ?? [])
+        var totalCost: Double = 0
+        var totalInput = 0
+        var totalOutput = 0
+        var totalCached = 0
+        var modelCount = 0
+        var daily: [String: DailyAccumulator] = [:]
+
+        // Aggregate completion tokens
+        if let models = billing.completion?.models {
+            for (modelName, modelData) in models {
+                modelCount += 1
+                let (input, output, cached, cost) = Self.aggregateModel(modelData, prices: prices)
+                totalInput += input
+                totalOutput += output
+                totalCached += cached
+                totalCost += cost
+                Self.addDailyEntries(
+                    modelName: modelName,
+                    data: modelData,
+                    prices: prices,
+                    daily: &daily,
+                    countsTokens: true)
+            }
+        }
+
+        // Aggregate OCR, connectors, audio if present
+        for category in [billing.ocr, billing.connectors, billing.audio] {
+            if let models = category?.models {
+                for (modelName, modelData) in models {
+                    let (_, _, _, cost) = Self.aggregateModel(modelData, prices: prices)
+                    totalCost += cost
+                    Self.addDailyEntries(
+                        modelName: modelName,
+                        data: modelData,
+                        prices: prices,
+                        daily: &daily,
+                        countsTokens: false)
+                }
+            }
+        }
+
+        // Aggregate libraries_api (pages + tokens)
+        if let models = billing.librariesApi?.pages?.models {
+            for (modelName, modelData) in models {
+                let (_, _, _, cost) = Self.aggregateModel(modelData, prices: prices)
+                totalCost += cost
+                Self.addDailyEntries(
+                    modelName: modelName,
+                    data: modelData,
+                    prices: prices,
+                    daily: &daily,
+                    countsTokens: false)
+            }
+        }
+        if let models = billing.librariesApi?.tokens?.models {
+            for (modelName, modelData) in models {
+                let (_, _, _, cost) = Self.aggregateModel(modelData, prices: prices)
+                totalCost += cost
+                Self.addDailyEntries(
+                    modelName: modelName,
+                    data: modelData,
+                    prices: prices,
+                    daily: &daily,
+                    countsTokens: true)
+            }
+        }
+
+        // Aggregate fine_tuning (training + storage)
+        for models in [billing.fineTuning?.training, billing.fineTuning?.storage] {
+            if let models {
+                for (modelName, modelData) in models {
+                    let (_, _, _, cost) = Self.aggregateModel(modelData, prices: prices)
+                    totalCost += cost
+                    Self.addDailyEntries(
+                        modelName: modelName,
+                        data: modelData,
+                        prices: prices,
+                        daily: &daily,
+                        countsTokens: false)
+                }
+            }
+        }
+
+        let currency = billing.currency ?? "EUR"
+        let currencySymbol = billing.currencySymbol ?? "€"
+
+        let startDate = billing.startDate.flatMap { Self.parseDate($0) }
+        let endDate = billing.endDate.flatMap { Self.parseDate($0) }
+
+        return MistralUsageSnapshot(
+            totalCost: totalCost,
+            currency: currency,
+            currencySymbol: currencySymbol,
+            totalInputTokens: totalInput,
+            totalOutputTokens: totalOutput,
+            totalCachedTokens: totalCached,
+            modelCount: modelCount,
+            daily: daily.values.map { $0.makeBucket() },
+            startDate: startDate,
+            endDate: endDate,
+            updatedAt: updatedAt)
+    }
+
+    // MARK: - Private Helpers
+
+    private static func buildPriceIndex(_ prices: [MistralPrice]) -> [String: Double] {
+        var index: [String: Double] = [:]
+        for price in prices {
+            guard let metric = price.billingMetric,
+                  let group = price.billingGroup,
+                  let priceStr = price.price,
+                  let value = Double(priceStr)
+            else { continue }
+            let key = "\(metric)::\(group)"
+            index[key] = value
+        }
+        return index
+    }
+
+    private static func aggregateModel(
+        _ data: MistralModelUsageData,
+        prices: [String: Double]) -> (input: Int, output: Int, cached: Int, cost: Double)
+    {
+        var totalInput = 0
+        var totalOutput = 0
+        var totalCached = 0
+        var totalCost: Double = 0
+
+        for entry in data.input ?? [] {
+            let tokens = entry.valuePaid ?? entry.value ?? 0
+            totalInput += tokens
+            if let metric = entry.billingMetric, let group = entry.billingGroup {
+                let pricePerToken = prices["\(metric)::\(group)"] ?? 0
+                totalCost += Double(tokens) * pricePerToken
+            }
+        }
+
+        for entry in data.output ?? [] {
+            let tokens = entry.valuePaid ?? entry.value ?? 0
+            totalOutput += tokens
+            if let metric = entry.billingMetric, let group = entry.billingGroup {
+                let pricePerToken = prices["\(metric)::\(group)"] ?? 0
+                totalCost += Double(tokens) * pricePerToken
+            }
+        }
+
+        for entry in data.cached ?? [] {
+            let tokens = entry.valuePaid ?? entry.value ?? 0
+            totalCached += tokens
+            if let metric = entry.billingMetric, let group = entry.billingGroup {
+                let pricePerToken = prices["\(metric)::\(group)"] ?? 0
+                totalCost += Double(tokens) * pricePerToken
+            }
+        }
+
+        return (totalInput, totalOutput, totalCached, totalCost)
+    }
+
+    private static func addDailyEntries(
+        modelName: String,
+        data: MistralModelUsageData,
+        prices: [String: Double],
+        daily: inout [String: DailyAccumulator],
+        countsTokens: Bool)
+    {
+        self.addDaily(
+            entries: data.input ?? [],
+            context: DailyEntryContext(
+                kind: .input,
+                modelName: modelName,
+                prices: prices,
+                countsTokens: countsTokens),
+            daily: &daily)
+        self.addDaily(
+            entries: data.output ?? [],
+            context: DailyEntryContext(
+                kind: .output,
+                modelName: modelName,
+                prices: prices,
+                countsTokens: countsTokens),
+            daily: &daily)
+        self.addDaily(
+            entries: data.cached ?? [],
+            context: DailyEntryContext(
+                kind: .cached,
+                modelName: modelName,
+                prices: prices,
+                countsTokens: countsTokens),
+            daily: &daily)
+    }
+
+    fileprivate enum TokenKind {
+        case input
+        case cached
+        case output
+    }
+
+    private static func addDaily(
+        entries: [MistralUsageEntry],
+        context: DailyEntryContext,
+        daily: inout [String: DailyAccumulator])
+    {
+        for entry in entries {
+            guard let day = dayKey(from: entry.timestamp) else { continue }
+            let units = entry.valuePaid ?? entry.value ?? 0
+            let cost = Self.cost(for: entry, units: units, prices: context.prices)
+            var accumulator = daily[day] ?? DailyAccumulator(day: day)
+            accumulator.add(
+                modelName: Self.displayModelName(context.modelName, entry: entry),
+                kind: context.kind,
+                units: units,
+                cost: cost,
+                countsTokens: context.countsTokens)
+            daily[day] = accumulator
+        }
+    }
+
+    private static func cost(for entry: MistralUsageEntry, units: Int, prices: [String: Double]) -> Double {
+        guard let metric = entry.billingMetric, let group = entry.billingGroup else { return 0 }
+        return Double(units) * (prices["\(metric)::\(group)"] ?? 0)
+    }
+
+    private static func displayModelName(_ raw: String, entry: MistralUsageEntry) -> String {
+        if let display = entry.billingDisplayName?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !display.isEmpty
+        {
+            return display
+        }
+        return raw.split(separator: "::").first.map(String.init) ?? raw
+    }
+
+    private static func dayKey(from timestamp: String?) -> String? {
+        guard let trimmed = timestamp?.trimmingCharacters(in: .whitespacesAndNewlines), !trimmed.isEmpty else {
+            return nil
+        }
+        if trimmed.count >= 10 {
+            return String(trimmed.prefix(10))
+        }
+        return nil
+    }
+
+    private static func parseDate(_ string: String) -> Date? {
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        if let date = formatter.date(from: string) { return date }
+        formatter.formatOptions = [.withInternetDateTime]
+        return formatter.date(from: string)
+    }
+}
+
+private struct DailyEntryContext {
+    let kind: MistralUsageFetcher.TokenKind
+    let modelName: String
+    let prices: [String: Double]
+    let countsTokens: Bool
+}
+
+private struct DailyAccumulator {
+    let day: String
+    var cost: Double = 0
+    var inputTokens = 0
+    var cachedTokens = 0
+    var outputTokens = 0
+    var models: [String: ModelAccumulator] = [:]
+
+    mutating func add(
+        modelName: String,
+        kind: MistralUsageFetcher.TokenKind,
+        units: Int,
+        cost: Double,
+        countsTokens: Bool)
+    {
+        self.cost += cost
+        var model = self.models[modelName] ?? ModelAccumulator(name: modelName)
+        model.cost += cost
+        guard countsTokens else {
+            self.models[modelName] = model
+            return
+        }
+        switch kind {
+        case .input:
+            self.inputTokens += units
+            model.inputTokens += units
+        case .cached:
+            self.cachedTokens += units
+            model.cachedTokens += units
+        case .output:
+            self.outputTokens += units
+            model.outputTokens += units
+        }
+        self.models[modelName] = model
+    }
+
+    func makeBucket() -> MistralDailyUsageBucket {
+        MistralDailyUsageBucket(
+            day: self.day,
+            cost: self.cost,
+            inputTokens: self.inputTokens,
+            cachedTokens: self.cachedTokens,
+            outputTokens: self.outputTokens,
+            models: self.models.values
+                .map { $0.makeBreakdown() }
+                .sorted {
+                    if $0.totalTokens == $1.totalTokens { return $0.name < $1.name }
+                    return $0.totalTokens > $1.totalTokens
+                })
+    }
+}
+
+private struct ModelAccumulator {
+    let name: String
+    var cost: Double = 0
+    var inputTokens = 0
+    var cachedTokens = 0
+    var outputTokens = 0
+
+    func makeBreakdown() -> MistralDailyUsageBucket.ModelBreakdown {
+        MistralDailyUsageBucket.ModelBreakdown(
+            name: self.name,
+            cost: self.cost,
+            inputTokens: self.inputTokens,
+            cachedTokens: self.cachedTokens,
+            outputTokens: self.outputTokens)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Moonshot/MoonshotProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Moonshot/MoonshotProviderDescriptor.swift
new file mode 100644
index 000000000..61703f138
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Moonshot/MoonshotProviderDescriptor.swift
@@ -0,0 +1,71 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum MoonshotProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .moonshot,
+            metadata: ProviderMetadata(
+                id: .moonshot,
+                displayName: "Moonshot / Kimi API",
+                sessionLabel: "Balance",
+                weeklyLabel: "Balance",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show Moonshot / Kimi API balance",
+                cliName: "moonshot",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: nil,
+                dashboardURL: "https://platform.moonshot.ai/console/account",
+                statusPageURL: nil),
+            branding: ProviderBranding(
+                iconStyle: .kimi,
+                iconResourceName: "ProviderIcon-kimi",
+                color: ProviderColor(red: 32 / 255, green: 93 / 255, blue: 235 / 255)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "Moonshot / Kimi API cost summary is not available." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .api],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [MoonshotAPIFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "moonshot",
+                aliases: [],
+                versionDetector: nil))
+    }
+}
+
+struct MoonshotAPIFetchStrategy: ProviderFetchStrategy {
+    let id: String = "moonshot.api"
+    let kind: ProviderFetchKind = .apiToken
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        Self.resolveToken(environment: context.env) != nil
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard let apiKey = Self.resolveToken(environment: context.env) else {
+            throw MoonshotUsageError.missingCredentials
+        }
+        let region =
+            context.settings?.moonshot?.region ?? MoonshotSettingsReader.region(environment: context.env)
+        let usage = try await MoonshotUsageFetcher.fetchUsage(apiKey: apiKey, region: region)
+        return self.makeResult(
+            usage: usage.toUsageSnapshot(),
+            sourceLabel: "api")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    private static func resolveToken(environment: [String: String]) -> String? {
+        ProviderTokenResolver.moonshotToken(environment: environment)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Moonshot/MoonshotRegion.swift b/Sources/CodexBarCore/Providers/Moonshot/MoonshotRegion.swift
new file mode 100644
index 000000000..420e3ff1e
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Moonshot/MoonshotRegion.swift
@@ -0,0 +1,30 @@
+import Foundation
+
+public enum MoonshotRegion: String, CaseIterable, Sendable {
+    case international
+    case china
+
+    private static let balancePath = "v1/users/me/balance"
+
+    public var displayName: String {
+        switch self {
+        case .international:
+            "International (api.moonshot.ai)"
+        case .china:
+            "China (api.moonshot.cn)"
+        }
+    }
+
+    public var apiBaseURLString: String {
+        switch self {
+        case .international:
+            "https://api.moonshot.ai"
+        case .china:
+            "https://api.moonshot.cn"
+        }
+    }
+
+    public var balanceURL: URL {
+        URL(string: self.apiBaseURLString)!.appendingPathComponent(Self.balancePath)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Moonshot/MoonshotSettingsReader.swift b/Sources/CodexBarCore/Providers/Moonshot/MoonshotSettingsReader.swift
new file mode 100644
index 000000000..b01db6eca
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Moonshot/MoonshotSettingsReader.swift
@@ -0,0 +1,47 @@
+import Foundation
+
+public struct MoonshotSettingsReader: Sendable {
+    public static let apiKeyEnvironmentKeys = [
+        "MOONSHOT_API_KEY",
+        "MOONSHOT_KEY",
+    ]
+    public static let regionEnvironmentKey = "MOONSHOT_REGION"
+
+    public static func apiKey(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        for key in self.apiKeyEnvironmentKeys {
+            guard let raw = environment[key]?.trimmingCharacters(in: .whitespacesAndNewlines),
+                  !raw.isEmpty
+            else {
+                continue
+            }
+            let cleaned = Self.cleaned(raw)
+            if !cleaned.isEmpty {
+                return cleaned
+            }
+        }
+
+        return nil
+    }
+
+    public static func region(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> MoonshotRegion
+    {
+        guard let raw = environment[self.regionEnvironmentKey] else {
+            return .international
+        }
+        let cleaned = Self.cleaned(raw).lowercased()
+        return MoonshotRegion(rawValue: cleaned) ?? .international
+    }
+
+    private static func cleaned(_ raw: String) -> String {
+        var value = raw
+        if (value.hasPrefix("\"") && value.hasSuffix("\""))
+            || (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+        return value.trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Moonshot/MoonshotUsageFetcher.swift b/Sources/CodexBarCore/Providers/Moonshot/MoonshotUsageFetcher.swift
new file mode 100644
index 000000000..04a137d0d
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Moonshot/MoonshotUsageFetcher.swift
@@ -0,0 +1,161 @@
+import Foundation
+
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public struct MoonshotUsageSnapshot: Sendable {
+    public let summary: MoonshotUsageSummary
+
+    public init(summary: MoonshotUsageSummary) {
+        self.summary = summary
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        self.summary.toUsageSnapshot()
+    }
+}
+
+public struct MoonshotUsageSummary: Sendable {
+    public let availableBalance: Double
+    public let voucherBalance: Double
+    public let cashBalance: Double
+    public let updatedAt: Date
+
+    public init(
+        availableBalance: Double, voucherBalance: Double, cashBalance: Double, updatedAt: Date)
+    {
+        self.availableBalance = availableBalance
+        self.voucherBalance = voucherBalance
+        self.cashBalance = cashBalance
+        self.updatedAt = updatedAt
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let balance = UsageFormatter.usdString(self.availableBalance)
+        let loginMethod: String
+        if self.cashBalance < 0 {
+            let deficit = UsageFormatter.usdString(abs(self.cashBalance))
+            loginMethod = "Balance: \(balance) · \(deficit) in deficit"
+        } else {
+            loginMethod = "Balance: \(balance)"
+        }
+        let identity = ProviderIdentitySnapshot(
+            providerID: .moonshot,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: loginMethod)
+        return UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            tertiary: nil,
+            providerCost: nil,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+}
+
+private struct MoonshotBalanceResponse: Decodable {
+    let code: Int
+    let data: MoonshotBalanceData
+    let scode: String
+    let status: Bool
+}
+
+private struct MoonshotBalanceData: Decodable {
+    let availableBalance: Double
+    let voucherBalance: Double
+    let cashBalance: Double
+
+    private enum CodingKeys: String, CodingKey {
+        case availableBalance = "available_balance"
+        case voucherBalance = "voucher_balance"
+        case cashBalance = "cash_balance"
+    }
+}
+
+public enum MoonshotUsageError: LocalizedError, Sendable {
+    case missingCredentials
+    case networkError(String)
+    case apiError(String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCredentials:
+            "Missing Moonshot API key."
+        case let .networkError(message):
+            "Moonshot network error: \(message)"
+        case let .apiError(message):
+            "Moonshot API error: \(message)"
+        case let .parseFailed(message):
+            "Failed to parse Moonshot response: \(message)"
+        }
+    }
+}
+
+public struct MoonshotUsageFetcher: Sendable {
+    private static let log = CodexBarLog.logger(LogCategories.moonshotUsage)
+    private static let timeoutSeconds: TimeInterval = 15
+
+    public static func fetchUsage(
+        apiKey: String,
+        region: MoonshotRegion = .international,
+        session transport: any ProviderHTTPTransport = ProviderHTTPClient.shared) async throws -> MoonshotUsageSnapshot
+    {
+        let cleaned = apiKey.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !cleaned.isEmpty else {
+            throw MoonshotUsageError.missingCredentials
+        }
+
+        var request = URLRequest(url: self.resolveBalanceURL(region: region))
+        request.httpMethod = "GET"
+        request.setValue("Bearer \(cleaned)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.timeoutInterval = Self.timeoutSeconds
+
+        let response: ProviderHTTPResponse
+        do {
+            response = try await transport.response(for: request)
+        } catch let error as URLError where error.code == .badServerResponse {
+            throw MoonshotUsageError.networkError("Invalid response")
+        } catch {
+            throw error
+        }
+
+        guard response.statusCode == 200 else {
+            Self.log.error("Moonshot API returned HTTP \(response.statusCode)")
+            throw MoonshotUsageError.apiError("HTTP \(response.statusCode)")
+        }
+
+        let summary = try self.parseSummary(data: response.data)
+        return MoonshotUsageSnapshot(summary: summary)
+    }
+
+    public static func resolveBalanceURL(region: MoonshotRegion) -> URL {
+        region.balanceURL
+    }
+
+    static func _parseSummaryForTesting(_ data: Data) throws -> MoonshotUsageSummary {
+        try self.parseSummary(data: data)
+    }
+
+    private static func parseSummary(data: Data) throws -> MoonshotUsageSummary {
+        let response: MoonshotBalanceResponse
+        do {
+            response = try JSONDecoder().decode(MoonshotBalanceResponse.self, from: data)
+        } catch {
+            throw MoonshotUsageError.parseFailed(error.localizedDescription)
+        }
+
+        guard response.code == 0, response.status else {
+            throw MoonshotUsageError.apiError("code \(response.code), scode \(response.scode)")
+        }
+
+        return MoonshotUsageSummary(
+            availableBalance: response.data.availableBalance,
+            voucherBalance: response.data.voucherBalance,
+            cashBalance: response.data.cashBalance,
+            updatedAt: Date())
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Ollama/OllamaProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Ollama/OllamaProviderDescriptor.swift
index 4702609fa..e13a18c73 100644
--- a/Sources/CodexBarCore/Providers/Ollama/OllamaProviderDescriptor.swift
+++ b/Sources/CodexBarCore/Providers/Ollama/OllamaProviderDescriptor.swift
@@ -32,12 +32,32 @@ public enum OllamaProviderDescriptor {
                 supportsTokenCost: false,
                 noDataMessage: { "Ollama cost summary is not supported." }),
             fetchPlan: ProviderFetchPlan(
-                sourceModes: [.auto, .web],
-                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [OllamaStatusFetchStrategy()] })),
+                sourceModes: [.auto, .web, .api],
+                pipeline: ProviderFetchPipeline(resolveStrategies: self.resolveStrategies)),
             cli: ProviderCLIConfig(
                 name: "ollama",
                 versionDetector: nil))
     }
+
+    private static func resolveStrategies(context: ProviderFetchContext) async -> [any ProviderFetchStrategy] {
+        switch context.sourceMode {
+        case .web:
+            return [OllamaStatusFetchStrategy()]
+        case .api:
+            return [OllamaAPIFetchStrategy()]
+        case .cli, .oauth:
+            return []
+        case .auto:
+            break
+        }
+        if context.settings?.ollama?.cookieSource == .off {
+            return [OllamaAPIFetchStrategy()]
+        }
+        if ProviderTokenResolver.ollamaToken(environment: context.env) != nil {
+            return [OllamaStatusFetchStrategy(), OllamaAPIFetchStrategy()]
+        }
+        return [OllamaStatusFetchStrategy()]
+    }
 }
 
 struct OllamaStatusFetchStrategy: ProviderFetchStrategy {
@@ -65,8 +85,9 @@ struct OllamaStatusFetchStrategy: ProviderFetchStrategy {
             sourceLabel: "web")
     }
 
-    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
-        false
+    func shouldFallback(on _: Error, context: ProviderFetchContext) -> Bool {
+        context.sourceMode == .auto
+            && ProviderTokenResolver.ollamaToken(environment: context.env) != nil
     }
 
     private static func manualCookieHeader(from context: ProviderFetchContext) -> String? {
@@ -74,3 +95,30 @@ struct OllamaStatusFetchStrategy: ProviderFetchStrategy {
         return CookieHeaderNormalizer.normalize(context.settings?.ollama?.manualCookieHeader)
     }
 }
+
+struct OllamaAPIFetchStrategy: ProviderFetchStrategy {
+    let id: String = "ollama.api"
+    let kind: ProviderFetchKind = .apiToken
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        Self.resolveToken(environment: context.env) != nil
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard let apiKey = Self.resolveToken(environment: context.env) else {
+            throw OllamaUsageError.missingAPIKey
+        }
+        let snapshot = try await OllamaAPIUsageFetcher.fetchUsage(apiKey: apiKey)
+        return self.makeResult(
+            usage: snapshot.toUsageSnapshot(),
+            sourceLabel: "api")
+    }
+
+    func shouldFallback(on _: Error, context: ProviderFetchContext) -> Bool {
+        context.sourceMode == .auto
+    }
+
+    private static func resolveToken(environment: [String: String]) -> String? {
+        ProviderTokenResolver.ollamaToken(environment: environment)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Ollama/OllamaUsageFetcher.swift b/Sources/CodexBarCore/Providers/Ollama/OllamaUsageFetcher.swift
index 9e5c4b068..6b58dd804 100644
--- a/Sources/CodexBarCore/Providers/Ollama/OllamaUsageFetcher.swift
+++ b/Sources/CodexBarCore/Providers/Ollama/OllamaUsageFetcher.swift
@@ -9,6 +9,7 @@ import SweetCookieKit
 
 private let ollamaSessionCookieNames: Set<String> = [
     "session",
+    "__Secure-session",
     "ollama_session",
     "__Host-ollama_session",
     "__Secure-next-auth.session-token",
@@ -29,18 +30,24 @@ private func hasRecognizedOllamaSessionCookie(in header: String) -> Bool {
 }
 
 public enum OllamaUsageError: LocalizedError, Sendable {
+    case missingAPIKey
     case notLoggedIn
     case invalidCredentials
+    case apiUnauthorized
     case parseFailed(String)
     case networkError(String)
     case noSessionCookie
 
     public var errorDescription: String? {
         switch self {
+        case .missingAPIKey:
+            "Missing Ollama API key. Set apiKey in ~/.codexbar/config.json or OLLAMA_API_KEY."
         case .notLoggedIn:
             "Not logged in to Ollama. Please log in via ollama.com/settings."
         case .invalidCredentials:
             "Ollama session cookie expired. Please log in again."
+        case .apiUnauthorized:
+            "Ollama API key is invalid or expired."
         case let .parseFailed(message):
             "Could not parse Ollama usage: \(message)"
         case let .networkError(message):
@@ -59,6 +66,7 @@ public enum OllamaCookieImporter {
     private static let cookieClient = BrowserCookieClient()
     private static let cookieDomains = ["ollama.com", "www.ollama.com"]
     static let defaultPreferredBrowsers: [Browser] = [.chrome]
+    static let defaultAllowFallbackBrowsers = true
 
     public struct SessionInfo: Sendable {
         public let cookies: [HTTPCookie]
@@ -199,7 +207,7 @@ public enum OllamaCookieImporter {
         for browserSource in browserSources {
             do {
                 let query = BrowserCookieQuery(domains: self.cookieDomains)
-                let sources = try Self.cookieClient.records(
+                let sources = try Self.cookieClient.codexBarRecords(
                     matching: query,
                     in: browserSource,
                     logger: logger)
@@ -228,12 +236,12 @@ public struct OllamaUsageFetcher: Sendable {
     private static let settingsURL = URL(string: "https://ollama.com/settings")!
     @MainActor private static var recentDumps: [String] = []
 
-    private struct CookieCandidate: Sendable {
+    private struct CookieCandidate {
         let cookieHeader: String
         let sourceLabel: String
     }
 
-    enum RetryableParseFailure: Error, Sendable {
+    enum RetryableParseFailure: Error {
         case missingUsageData
     }
 
@@ -368,7 +376,11 @@ public struct OllamaUsageFetcher: Sendable {
             return [CookieCandidate(cookieHeader: manualHeader, sourceLabel: "manual cookie header")]
         }
         #if os(macOS)
-        let sessions = try OllamaCookieImporter.importSessions(browserDetection: self.browserDetection, logger: logger)
+        let sessions = try OllamaCookieImporter.importSessions(
+            browserDetection: self.browserDetection,
+            preferredBrowsers: OllamaCookieImporter.defaultPreferredBrowsers,
+            allowFallbackBrowsers: OllamaCookieImporter.defaultAllowFallbackBrowsers,
+            logger: logger)
         return sessions.map { session in
             CookieCandidate(cookieHeader: session.cookieHeader, sourceLabel: session.sourceLabel)
         }
@@ -450,7 +462,11 @@ public struct OllamaUsageFetcher: Sendable {
             return manualHeader
         }
         #if os(macOS)
-        let session = try OllamaCookieImporter.importSession(browserDetection: self.browserDetection, logger: logger)
+        let session = try OllamaCookieImporter.importSession(
+            browserDetection: self.browserDetection,
+            preferredBrowsers: OllamaCookieImporter.defaultPreferredBrowsers,
+            allowFallbackBrowsers: OllamaCookieImporter.defaultAllowFallbackBrowsers,
+            logger: logger)
         logger?("[ollama] Using cookies from \(session.sourceLabel)")
         return session.cookieHeader
         #else
@@ -508,13 +524,10 @@ public struct OllamaUsageFetcher: Sendable {
         request.setValue(Self.settingsURL.absoluteString, forHTTPHeaderField: "referer")
 
         let session = self.makeURLSession(diagnostics)
-        let (data, response) = try await session.data(for: request)
-        guard let httpResponse = response as? HTTPURLResponse else {
-            throw OllamaUsageError.networkError("Invalid response")
-        }
+        let httpResponse = try await session.response(for: request)
         let responseInfo = ResponseInfo(
             statusCode: httpResponse.statusCode,
-            url: httpResponse.url?.absoluteString ?? "unknown")
+            url: httpResponse.response.url?.absoluteString ?? "unknown")
 
         guard httpResponse.statusCode == 200 else {
             if httpResponse.statusCode == 401 || httpResponse.statusCode == 403 {
@@ -523,7 +536,7 @@ public struct OllamaUsageFetcher: Sendable {
             throw OllamaUsageError.networkError("HTTP \(httpResponse.statusCode)")
         }
 
-        let html = String(data: data, encoding: .utf8) ?? ""
+        let html = String(data: httpResponse.data, encoding: .utf8) ?? ""
         return (html, responseInfo)
     }
 
@@ -568,7 +581,7 @@ public struct OllamaUsageFetcher: Sendable {
         }
     }
 
-    private struct ResponseInfo: Sendable {
+    private struct ResponseInfo {
         let statusCode: Int
         let url: String
     }
@@ -612,3 +625,117 @@ public struct OllamaUsageFetcher: Sendable {
         return host.hasSuffix(".ollama.com")
     }
 }
+
+public struct OllamaAPISettingsReader: Sendable {
+    public static let apiKeyEnvironmentKeys = [
+        "OLLAMA_API_KEY",
+        "OLLAMA_KEY",
+    ]
+
+    public static func apiKey(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        for key in self.apiKeyEnvironmentKeys {
+            guard let value = self.cleaned(environment[key]), !value.isEmpty else { continue }
+            return value
+        }
+        return nil
+    }
+
+    private static func cleaned(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines),
+              !value.isEmpty
+        else {
+            return nil
+        }
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+        return value.trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+}
+
+public struct OllamaAPIUsageSnapshot: Sendable {
+    public let modelCount: Int
+    public let updatedAt: Date
+
+    public init(modelCount: Int, updatedAt: Date) {
+        self.modelCount = modelCount
+        self.updatedAt = updatedAt
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            tertiary: nil,
+            providerCost: nil,
+            updatedAt: self.updatedAt,
+            identity: ProviderIdentitySnapshot(
+                providerID: .ollama,
+                accountEmail: nil,
+                accountOrganization: nil,
+                loginMethod: "API key"))
+    }
+}
+
+public enum OllamaAPIUsageFetcher {
+    public static let tagsURL = URL(string: "https://ollama.com/api/tags")!
+    private static let timeoutSeconds: TimeInterval = 20
+
+    public static func fetchUsage(
+        apiKey: String,
+        tagsURL: URL = Self.tagsURL,
+        transport: any ProviderHTTPTransport = ProviderHTTPClient.shared,
+        now: Date = Date()) async throws -> OllamaAPIUsageSnapshot
+    {
+        let trimmed = apiKey.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else {
+            throw OllamaUsageError.missingAPIKey
+        }
+
+        var request = URLRequest(url: tagsURL)
+        request.httpMethod = "GET"
+        request.timeoutInterval = Self.timeoutSeconds
+        request.setValue("Bearer \(trimmed)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.setValue("CodexBar/1.0", forHTTPHeaderField: "User-Agent")
+
+        let response: ProviderHTTPResponse
+        do {
+            response = try await transport.response(for: request)
+        } catch {
+            throw OllamaUsageError.networkError(error.localizedDescription)
+        }
+
+        switch response.statusCode {
+        case 200:
+            return try Self.parseTags(data: response.data, now: now)
+        case 401, 403:
+            throw OllamaUsageError.apiUnauthorized
+        default:
+            throw OllamaUsageError.networkError("HTTP \(response.statusCode)")
+        }
+    }
+
+    static func _parseTagsForTesting(_ data: Data, now: Date = Date()) throws -> OllamaAPIUsageSnapshot {
+        try self.parseTags(data: data, now: now)
+    }
+
+    private static func parseTags(data: Data, now: Date) throws -> OllamaAPIUsageSnapshot {
+        do {
+            let response = try JSONDecoder().decode(TagsResponse.self, from: data)
+            return OllamaAPIUsageSnapshot(modelCount: response.models.count, updatedAt: now)
+        } catch {
+            throw OllamaUsageError.parseFailed(error.localizedDescription)
+        }
+    }
+
+    private struct TagsResponse: Decodable {
+        let models: [Model]
+    }
+
+    private struct Model: Decodable {}
+}
diff --git a/Sources/CodexBarCore/Providers/Ollama/OllamaUsageParser.swift b/Sources/CodexBarCore/Providers/Ollama/OllamaUsageParser.swift
index f93f35864..53d3cf51f 100644
--- a/Sources/CodexBarCore/Providers/Ollama/OllamaUsageParser.swift
+++ b/Sources/CodexBarCore/Providers/Ollama/OllamaUsageParser.swift
@@ -2,13 +2,14 @@ import Foundation
 
 enum OllamaUsageParser {
     private static let primaryUsageLabels = ["Session usage", "Hourly usage"]
+    private static let usageLabels = primaryUsageLabels + ["Weekly usage"]
 
-    enum ParseFailure: Sendable, Equatable {
+    enum ParseFailure: Equatable {
         case notLoggedIn
         case missingUsageData
     }
 
-    enum ClassifiedParseResult: Sendable {
+    enum ClassifiedParseResult {
         case success(OllamaUsageSnapshot)
         case failure(ParseFailure)
     }
@@ -44,12 +45,14 @@ enum OllamaUsageParser {
             weeklyUsedPercent: weekly?.usedPercent,
             sessionResetsAt: session?.resetsAt,
             weeklyResetsAt: weekly?.resetsAt,
+            sessionWindowMinutes: session?.windowMinutes,
             updatedAt: now))
     }
 
-    private struct UsageBlock: Sendable {
+    private struct UsageBlock {
         let usedPercent: Double
         let resetsAt: Date?
+        let windowMinutes: Int?
     }
 
     private static func parsePlanName(_ html: String) -> String? {
@@ -72,11 +75,15 @@ enum OllamaUsageParser {
     private static func parseUsageBlock(label: String, html: String) -> UsageBlock? {
         guard let labelRange = html.range(of: label) else { return nil }
         let tail = String(html[labelRange.upperBound...])
-        let window = String(tail.prefix(800))
+        let window = self.usageBlockWindow(after: label, in: tail)
 
         guard let usedPercent = self.parsePercent(in: window) else { return nil }
         let resetsAt = self.parseISODate(in: window)
-        return UsageBlock(usedPercent: usedPercent, resetsAt: resetsAt)
+        let windowMinutes = label == "Session usage" ? 5 * 60 : nil
+        return UsageBlock(
+            usedPercent: usedPercent,
+            resetsAt: resetsAt,
+            windowMinutes: windowMinutes)
     }
 
     private static func parseUsageBlock(labels: [String], html: String) -> UsageBlock? {
@@ -88,6 +95,16 @@ enum OllamaUsageParser {
         return nil
     }
 
+    private static func usageBlockWindow(after label: String, in tail: String) -> String {
+        let maxLength = 4000
+        let boundary = self.usageLabels
+            .filter { $0 != label }
+            .compactMap { tail.range(of: $0)?.lowerBound }
+            .min()
+        let bounded = boundary.map { String(tail[..<$0]) } ?? String(tail.prefix(maxLength))
+        return String(bounded.prefix(maxLength))
+    }
+
     private static func parsePercent(in text: String) -> Double? {
         let usedPattern = #"([0-9]+(?:\.[0-9]+)?)\s*%\s*used"#
         if let raw = self.firstCapture(in: text, pattern: usedPattern, options: [.caseInsensitive]) {
diff --git a/Sources/CodexBarCore/Providers/Ollama/OllamaUsageSnapshot.swift b/Sources/CodexBarCore/Providers/Ollama/OllamaUsageSnapshot.swift
index 002f78d81..d3c7e3273 100644
--- a/Sources/CodexBarCore/Providers/Ollama/OllamaUsageSnapshot.swift
+++ b/Sources/CodexBarCore/Providers/Ollama/OllamaUsageSnapshot.swift
@@ -7,6 +7,7 @@ public struct OllamaUsageSnapshot: Sendable {
     public let weeklyUsedPercent: Double?
     public let sessionResetsAt: Date?
     public let weeklyResetsAt: Date?
+    public let sessionWindowMinutes: Int?
     public let updatedAt: Date
 
     public init(
@@ -16,6 +17,7 @@ public struct OllamaUsageSnapshot: Sendable {
         weeklyUsedPercent: Double?,
         sessionResetsAt: Date?,
         weeklyResetsAt: Date?,
+        sessionWindowMinutes: Int? = nil,
         updatedAt: Date)
     {
         self.planName = planName
@@ -24,16 +26,17 @@ public struct OllamaUsageSnapshot: Sendable {
         self.weeklyUsedPercent = weeklyUsedPercent
         self.sessionResetsAt = sessionResetsAt
         self.weeklyResetsAt = weeklyResetsAt
+        self.sessionWindowMinutes = sessionWindowMinutes
         self.updatedAt = updatedAt
     }
 }
 
 extension OllamaUsageSnapshot {
     public func toUsageSnapshot() -> UsageSnapshot {
-        let sessionWindow = self.makeWindow(
+        let sessionWindow = self.makeSessionWindow(
             usedPercent: self.sessionUsedPercent,
             resetsAt: self.sessionResetsAt)
-        let weeklyWindow = self.makeWindow(
+        let weeklyWindow = self.makeWeeklyWindow(
             usedPercent: self.weeklyUsedPercent,
             resetsAt: self.weeklyResetsAt)
 
@@ -54,12 +57,22 @@ extension OllamaUsageSnapshot {
             identity: identity)
     }
 
-    private func makeWindow(usedPercent: Double?, resetsAt: Date?) -> RateWindow? {
+    private func makeSessionWindow(usedPercent: Double?, resetsAt: Date?) -> RateWindow? {
         guard let usedPercent else { return nil }
         let clamped = min(100, max(0, usedPercent))
         return RateWindow(
             usedPercent: clamped,
-            windowMinutes: nil,
+            windowMinutes: self.sessionWindowMinutes,
+            resetsAt: resetsAt,
+            resetDescription: nil)
+    }
+
+    private func makeWeeklyWindow(usedPercent: Double?, resetsAt: Date?) -> RateWindow? {
+        guard let usedPercent else { return nil }
+        let clamped = min(100, max(0, usedPercent))
+        return RateWindow(
+            usedPercent: clamped,
+            windowMinutes: 7 * 24 * 60,
             resetsAt: resetsAt,
             resetDescription: nil)
     }
diff --git a/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPICreditBalanceFetcher.swift b/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPICreditBalanceFetcher.swift
new file mode 100644
index 000000000..f35db443a
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPICreditBalanceFetcher.swift
@@ -0,0 +1,185 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public struct OpenAIAPICreditGrant: Decodable, Sendable {
+    public let grantAmount: Double?
+    public let usedAmount: Double?
+    public let expiresAt: Date?
+
+    private enum CodingKeys: String, CodingKey {
+        case grantAmount = "grant_amount"
+        case usedAmount = "used_amount"
+        case expiresAt = "expires_at"
+    }
+}
+
+public struct OpenAIAPICreditGrantsList: Decodable, Sendable {
+    public let data: [OpenAIAPICreditGrant]
+}
+
+public struct OpenAIAPICreditGrantsResponse: Decodable, Sendable {
+    public let totalGranted: Double
+    public let totalUsed: Double
+    public let totalAvailable: Double
+    public let grants: OpenAIAPICreditGrantsList?
+
+    private enum CodingKeys: String, CodingKey {
+        case totalGranted = "total_granted"
+        case totalUsed = "total_used"
+        case totalAvailable = "total_available"
+        case grants
+    }
+}
+
+public enum OpenAIAPICreditBalanceError: LocalizedError, Sendable, Equatable {
+    case missingCredentials
+    case networkError(String)
+    case apiError(Int)
+    case forbidden
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCredentials:
+            "Missing OpenAI API key."
+        case let .networkError(message):
+            "OpenAI API credit balance network error: \(message)"
+        case let .apiError(statusCode):
+            "OpenAI API credit balance error: HTTP \(statusCode)"
+        case .forbidden:
+            "OpenAI API credit balance endpoint returned HTTP 403. Use a legacy/user API key with billing access; " +
+                "project keys may not expose credit grants."
+        case let .parseFailed(message):
+            "Failed to parse OpenAI API credit balance: \(message)"
+        }
+    }
+}
+
+public struct OpenAIAPICreditBalanceSnapshot: Sendable {
+    public let totalGranted: Double
+    public let totalUsed: Double
+    public let totalAvailable: Double
+    public let nextGrantExpiry: Date?
+    public let updatedAt: Date
+
+    public init(
+        totalGranted: Double,
+        totalUsed: Double,
+        totalAvailable: Double,
+        nextGrantExpiry: Date?,
+        updatedAt: Date = Date())
+    {
+        self.totalGranted = totalGranted
+        self.totalUsed = totalUsed
+        self.totalAvailable = totalAvailable
+        self.nextGrantExpiry = nextGrantExpiry
+        self.updatedAt = updatedAt
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let usedPercent: Double = if self.totalGranted > 0 {
+            min(100, max(0, (self.totalUsed / self.totalGranted) * 100))
+        } else {
+            self.totalAvailable > 0 ? 0 : 100
+        }
+
+        let primary = RateWindow(
+            usedPercent: usedPercent,
+            windowMinutes: nil,
+            resetsAt: self.nextGrantExpiry,
+            resetDescription: "\(Self.formatUSD(self.totalAvailable)) available")
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: nil,
+            providerCost: ProviderCostSnapshot(
+                used: max(0, self.totalUsed),
+                limit: max(0, self.totalGranted),
+                currencyCode: "USD",
+                period: "API credits",
+                resetsAt: self.nextGrantExpiry,
+                updatedAt: self.updatedAt),
+            updatedAt: self.updatedAt,
+            identity: ProviderIdentitySnapshot(
+                providerID: .openai,
+                accountEmail: nil,
+                accountOrganization: nil,
+                loginMethod: "API balance: \(Self.formatUSD(self.totalAvailable))"))
+    }
+
+    private static func formatUSD(_ value: Double) -> String {
+        UsageFormatter.currencyString(max(0, value), currencyCode: "USD")
+    }
+}
+
+public enum OpenAIAPICreditBalanceFetcher {
+    public static let creditGrantsURL = URL(string: "https://api.openai.com/v1/dashboard/billing/credit_grants")!
+    private static let timeoutSeconds: TimeInterval = 15
+
+    public static func fetchBalance(
+        apiKey: String,
+        url: URL = Self.creditGrantsURL,
+        session transport: any ProviderHTTPTransport = ProviderHTTPClient.shared,
+        now: Date = Date()) async throws -> OpenAIAPICreditBalanceSnapshot
+    {
+        let trimmed = apiKey.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else {
+            throw OpenAIAPICreditBalanceError.missingCredentials
+        }
+
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.timeoutInterval = Self.timeoutSeconds
+        request.setValue("Bearer \(trimmed)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+
+        let response: ProviderHTTPResponse
+        do {
+            response = try await transport.response(for: request)
+        } catch {
+            throw OpenAIAPICreditBalanceError.networkError(error.localizedDescription)
+        }
+
+        guard response.statusCode != 403 else {
+            throw OpenAIAPICreditBalanceError.forbidden
+        }
+        guard response.statusCode == 200 else {
+            throw OpenAIAPICreditBalanceError.apiError(response.statusCode)
+        }
+
+        return try self.parseSnapshot(response.data, now: now)
+    }
+
+    public static func _parseSnapshotForTesting(
+        _ data: Data,
+        now: Date = Date()) throws -> OpenAIAPICreditBalanceSnapshot
+    {
+        try self.parseSnapshot(data, now: now)
+    }
+
+    private static func parseSnapshot(_ data: Data, now: Date) throws -> OpenAIAPICreditBalanceSnapshot {
+        let decoder = JSONDecoder()
+        decoder.dateDecodingStrategy = .secondsSince1970
+
+        let decoded: OpenAIAPICreditGrantsResponse
+        do {
+            decoded = try decoder.decode(OpenAIAPICreditGrantsResponse.self, from: data)
+        } catch {
+            throw OpenAIAPICreditBalanceError.parseFailed(error.localizedDescription)
+        }
+
+        let nextExpiry = decoded.grants?.data
+            .compactMap(\.expiresAt)
+            .filter { $0 > now }
+            .min()
+
+        return OpenAIAPICreditBalanceSnapshot(
+            totalGranted: decoded.totalGranted,
+            totalUsed: decoded.totalUsed,
+            totalAvailable: decoded.totalAvailable,
+            nextGrantExpiry: nextExpiry,
+            updatedAt: now)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPIProviderDescriptor.swift b/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPIProviderDescriptor.swift
new file mode 100644
index 000000000..009b369f7
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPIProviderDescriptor.swift
@@ -0,0 +1,134 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum OpenAIAPIProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .openai,
+            metadata: ProviderMetadata(
+                id: .openai,
+                displayName: "OpenAI",
+                sessionLabel: "Spend",
+                weeklyLabel: "Requests",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show OpenAI usage",
+                cliName: "openai",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                dashboardURL: "https://platform.openai.com/usage",
+                statusPageURL: "https://status.openai.com"),
+            branding: ProviderBranding(
+                iconStyle: .openai,
+                iconResourceName: "ProviderIcon-codex",
+                color: ProviderColor(red: 0.06, green: 0.51, blue: 0.43)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: true,
+                noDataMessage: { "OpenAI usage needs an Admin API key for organization usage." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .api],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [OpenAIAPIBalanceFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "openai",
+                aliases: ["openai-api"],
+                versionDetector: nil))
+    }
+}
+
+struct OpenAIAPIBalanceFetchStrategy: ProviderFetchStrategy {
+    let id: String = "openai.api.balance"
+    let kind: ProviderFetchKind = .apiToken
+    let usageFetcher: @Sendable (OpenAIAPIUsageCredential, Int) async throws -> OpenAIAPIUsageSnapshot
+    let balanceFetcher: @Sendable (String) async throws -> OpenAIAPICreditBalanceSnapshot
+
+    init(
+        usageFetcher: @escaping @Sendable (OpenAIAPIUsageCredential, Int) async throws -> OpenAIAPIUsageSnapshot =
+            OpenAIAPIBalanceFetchStrategy.fetchUsage(credential:days:),
+        balanceFetcher: @escaping @Sendable (String) async throws -> OpenAIAPICreditBalanceSnapshot = { apiKey in
+            try await OpenAIAPICreditBalanceFetcher.fetchBalance(apiKey: apiKey)
+        })
+    {
+        self.usageFetcher = usageFetcher
+        self.balanceFetcher = balanceFetcher
+    }
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        OpenAIAPIUsageCredential(environment: context.env) != nil
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard let credential = OpenAIAPIUsageCredential(environment: context.env) else {
+            throw OpenAIAPISettingsError.missingToken
+        }
+
+        do {
+            let usage = try await self.usageFetcher(credential, context.costUsageHistoryDays)
+            return self.makeResult(
+                usage: usage.toUsageSnapshot(),
+                sourceLabel: credential.sourceLabel)
+        } catch {
+            let usageError = error
+            if !credential.allowsLegacyBalanceFallback {
+                throw usageError
+            }
+            // Preserve the older balance-only path for unscoped keys and Admin API outages.
+            do {
+                let balance = try await self.balanceFetcher(credential.apiKey)
+                return self.makeResult(
+                    usage: balance.toUsageSnapshot(),
+                    sourceLabel: "billing-api")
+            } catch {
+                if (usageError as? OpenAIAPIUsageError)?.isCredentialRejected != true {
+                    throw usageError
+                }
+                throw error
+            }
+        }
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    private static func fetchUsage(
+        credential: OpenAIAPIUsageCredential,
+        days: Int) async throws -> OpenAIAPIUsageSnapshot
+    {
+        try await OpenAIAPIUsageFetcher.fetchUsage(
+            apiKey: credential.apiKey,
+            projectID: credential.projectID,
+            historyDays: days)
+    }
+}
+
+struct OpenAIAPIUsageCredential: Equatable {
+    let apiKey: String
+    let projectID: String?
+    let usesAdminKey: Bool
+
+    init?(environment: [String: String]) {
+        if let adminKey = OpenAIAPISettingsReader.adminAPIKey(environment: environment) {
+            self.apiKey = adminKey
+            self.usesAdminKey = true
+        } else if let apiKey = OpenAIAPISettingsReader.apiKey(environment: environment) {
+            self.apiKey = apiKey
+            self.usesAdminKey = false
+        } else {
+            return nil
+        }
+        self.projectID = OpenAIAPISettingsReader.projectID(environment: environment)
+    }
+
+    var sourceLabel: String {
+        self.projectID == nil ? "admin-api" : "admin-api:project"
+    }
+
+    var allowsLegacyBalanceFallback: Bool {
+        self.projectID == nil || !self.usesAdminKey
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPISettingsReader.swift b/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPISettingsReader.swift
new file mode 100644
index 000000000..a641872d1
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPISettingsReader.swift
@@ -0,0 +1,52 @@
+import Foundation
+
+public enum OpenAIAPISettingsReader {
+    public static let adminAPIKeyEnvironmentKey = "OPENAI_ADMIN_KEY"
+    public static let apiKeyEnvironmentKey = "OPENAI_API_KEY"
+    public static let projectIDEnvironmentKey = "OPENAI_PROJECT_ID"
+    public static let apiKeyEnvironmentKeys = [
+        Self.adminAPIKeyEnvironmentKey,
+        Self.apiKeyEnvironmentKey,
+    ]
+
+    public static func apiKey(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        for key in self.apiKeyEnvironmentKeys {
+            if let token = self.cleaned(environment[key]) { return token }
+        }
+        return nil
+    }
+
+    public static func adminAPIKey(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        self.cleaned(environment[self.adminAPIKeyEnvironmentKey])
+    }
+
+    public static func projectID(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        self.cleaned(environment[self.projectIDEnvironmentKey])
+    }
+
+    static func cleaned(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+
+        value = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : value
+    }
+}
+
+public enum OpenAIAPISettingsError: LocalizedError, Sendable {
+    case missingToken
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingToken:
+            "OpenAI API key not configured. Set OPENAI_API_KEY or configure an API key in Settings."
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPIUsageFetcher.swift b/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPIUsageFetcher.swift
new file mode 100644
index 000000000..135702829
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPIUsageFetcher.swift
@@ -0,0 +1,396 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public enum OpenAIAPIUsageError: LocalizedError, Sendable, Equatable {
+    case missingCredentials
+    case networkError(String)
+    case apiError(endpoint: String, statusCode: Int)
+    case parseFailed(endpoint: String, message: String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCredentials:
+            "Missing OpenAI Admin API key."
+        case let .networkError(message):
+            "OpenAI API usage network error: \(message)"
+        case let .apiError(endpoint, statusCode):
+            "OpenAI API usage \(endpoint) error: HTTP \(statusCode)"
+        case let .parseFailed(endpoint, message):
+            "Failed to parse OpenAI API usage \(endpoint): \(message)"
+        }
+    }
+
+    var isCredentialRejected: Bool {
+        switch self {
+        case let .apiError(_, statusCode):
+            statusCode == 401 || statusCode == 403
+        default:
+            false
+        }
+    }
+}
+
+public enum OpenAIAPIUsageFetcher {
+    public static let organizationCostsURL = URL(string: "https://api.openai.com/v1/organization/costs")!
+    public static let organizationCompletionsUsageURL =
+        URL(string: "https://api.openai.com/v1/organization/usage/completions")!
+
+    private static let maxDailyBucketLimit = 31
+    private static let timeoutSeconds: TimeInterval = 20
+
+    private struct EndpointRequestContext {
+        let apiKey: String
+        let projectID: String?
+        let transport: any ProviderHTTPTransport
+        let retryPolicy: ProviderHTTPRetryPolicy
+    }
+
+    private struct UsageEndpoint<Bucket> {
+        let name: String
+        let baseURL: URL
+        let queryItems: [URLQueryItem]
+        let decodeBuckets: (Data) throws -> [Bucket]
+    }
+
+    private typealias SnapshotMetadata = (now: Date, calendar: Calendar, historyDays: Int, projectID: String?)
+
+    public static func fetchUsage(
+        apiKey: String,
+        projectID: String? = nil,
+        costsURL: URL = Self.organizationCostsURL,
+        completionsURL: URL = Self.organizationCompletionsUsageURL,
+        session transport: any ProviderHTTPTransport = ProviderHTTPClient.shared,
+        now: Date = Date(),
+        historyDays: Int = 30,
+        retryPolicy: ProviderHTTPRetryPolicy = .transientIdempotent) async throws -> OpenAIAPIUsageSnapshot
+    {
+        let trimmed = apiKey.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else {
+            throw OpenAIAPIUsageError.missingCredentials
+        }
+        let normalizedProjectID = OpenAIAPISettingsReader.cleaned(projectID)
+
+        let calendar = Self.utcCalendar
+        let clampedHistoryDays = max(1, min(365, historyDays))
+        let ranges = Self.dailyRanges(now: now, calendar: calendar, historyDays: clampedHistoryDays)
+        let requestContext = EndpointRequestContext(
+            apiKey: trimmed,
+            projectID: normalizedProjectID,
+            transport: transport,
+            retryPolicy: retryPolicy)
+        let costs = try await Self.fetchBuckets(
+            endpoint: Self.costsEndpoint(baseURL: costsURL),
+            context: requestContext,
+            ranges: ranges)
+        let completions = try await Self.fetchBuckets(
+            endpoint: Self.completionsEndpoint(baseURL: completionsURL),
+            context: requestContext,
+            ranges: ranges)
+
+        return Self.makeSnapshot(
+            costs: costs,
+            completions: completions,
+            metadata: SnapshotMetadata(
+                now: now,
+                calendar: calendar,
+                historyDays: clampedHistoryDays,
+                projectID: normalizedProjectID))
+    }
+
+    static func _parseSnapshotForTesting(
+        costs: Data,
+        completions: Data,
+        now: Date,
+        calendar: Calendar = Self.utcCalendar,
+        historyDays: Int = 30,
+        projectID: String? = nil) throws -> OpenAIAPIUsageSnapshot
+    {
+        try self.makeSnapshot(
+            costs: self.decodeCosts(costs).data,
+            completions: self.decodeCompletions(completions).data,
+            metadata: SnapshotMetadata(
+                now: now,
+                calendar: calendar,
+                historyDays: historyDays,
+                projectID: OpenAIAPISettingsReader.cleaned(projectID)))
+    }
+
+    private static func costsEndpoint(baseURL: URL) -> UsageEndpoint<OpenAICostBucket> {
+        UsageEndpoint(
+            name: "costs",
+            baseURL: baseURL,
+            queryItems: [URLQueryItem(name: "group_by", value: "line_item")],
+            decodeBuckets: { try self.decodeCosts($0).data })
+    }
+
+    private static func completionsEndpoint(
+        baseURL: URL) -> UsageEndpoint<OpenAICompletionsUsageBucket>
+    {
+        UsageEndpoint(
+            name: "completions",
+            baseURL: baseURL,
+            queryItems: [URLQueryItem(name: "group_by", value: "model")],
+            decodeBuckets: { try self.decodeCompletions($0).data })
+    }
+
+    private static func fetchBuckets<Bucket>(
+        endpoint: UsageEndpoint<Bucket>,
+        context: EndpointRequestContext,
+        ranges: [DateRange]) async throws -> [Bucket]
+    {
+        var buckets: [Bucket] = []
+        for range in ranges {
+            let url = Self.url(
+                baseURL: endpoint.baseURL,
+                range: range,
+                queryItems: endpoint.queryItems + Self.projectQueryItems(projectID: context.projectID))
+            let data = try await Self.fetchData(
+                url: url,
+                apiKey: context.apiKey,
+                endpoint: endpoint.name,
+                transport: context.transport,
+                retryPolicy: context.retryPolicy)
+            try buckets.append(contentsOf: endpoint.decodeBuckets(data))
+        }
+        return buckets
+    }
+
+    private static func projectQueryItems(projectID: String?) -> [URLQueryItem] {
+        guard let projectID else { return [] }
+        return [URLQueryItem(name: "project_ids", value: projectID)]
+    }
+
+    private static func fetchData(
+        url: URL,
+        apiKey: String,
+        endpoint: String,
+        transport: any ProviderHTTPTransport,
+        retryPolicy: ProviderHTTPRetryPolicy) async throws -> Data
+    {
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.timeoutInterval = Self.timeoutSeconds
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+
+        let response: ProviderHTTPResponse
+        do {
+            response = try await transport.response(for: request, retryPolicy: retryPolicy)
+        } catch {
+            throw OpenAIAPIUsageError.networkError(error.localizedDescription)
+        }
+
+        guard response.statusCode == 200 else {
+            throw OpenAIAPIUsageError.apiError(endpoint: endpoint, statusCode: response.statusCode)
+        }
+        return response.data
+    }
+
+    private static func decodeCosts(_ data: Data) throws -> CostsResponse {
+        do {
+            return try JSONDecoder().decode(CostsResponse.self, from: data)
+        } catch {
+            throw OpenAIAPIUsageError.parseFailed(endpoint: "costs", message: error.localizedDescription)
+        }
+    }
+
+    private static func decodeCompletions(_ data: Data) throws -> CompletionsUsageResponse {
+        do {
+            return try JSONDecoder().decode(CompletionsUsageResponse.self, from: data)
+        } catch {
+            throw OpenAIAPIUsageError.parseFailed(endpoint: "completions", message: error.localizedDescription)
+        }
+    }
+
+    private static func makeSnapshot(
+        costs: [OpenAICostBucket],
+        completions: [OpenAICompletionsUsageBucket],
+        metadata: SnapshotMetadata) -> OpenAIAPIUsageSnapshot
+    {
+        var accumulators: [Int: DailyAccumulator] = [:]
+
+        for bucket in costs {
+            var accumulator = accumulators[bucket.startTime] ?? DailyAccumulator(
+                startTime: bucket.startTime,
+                endTime: bucket.endTime)
+            for result in bucket.results {
+                let value = result.amount?.value ?? 0
+                accumulator.costUSD += value
+                let lineItem = Self.displayName(result.lineItem, fallback: "API")
+                accumulator.lineItems[lineItem, default: 0] += value
+            }
+            accumulators[bucket.startTime] = accumulator
+        }
+
+        for bucket in completions {
+            var accumulator = accumulators[bucket.startTime] ?? DailyAccumulator(
+                startTime: bucket.startTime,
+                endTime: bucket.endTime)
+            for result in bucket.results {
+                let input = result.inputTokens ?? 0
+                let cached = result.inputCachedTokens ?? 0
+                let output = result.outputTokens ?? 0
+                let audioInput = result.inputAudioTokens ?? 0
+                let audioOutput = result.outputAudioTokens ?? 0
+                let requests = result.numModelRequests ?? 0
+                let totalTokens = input + output + audioInput + audioOutput
+                accumulator.requests += requests
+                accumulator.inputTokens += input + audioInput
+                accumulator.cachedInputTokens += cached
+                accumulator.outputTokens += output + audioOutput
+                accumulator.totalTokens += totalTokens
+                let modelName = Self.displayName(result.model, fallback: "Responses and Chat Completions")
+                accumulator.models[modelName, default: ModelAccumulator()].add(
+                    requests: requests,
+                    inputTokens: input + audioInput,
+                    cachedInputTokens: cached,
+                    outputTokens: output + audioOutput,
+                    totalTokens: totalTokens)
+            }
+            accumulators[bucket.startTime] = accumulator
+        }
+
+        let daily = accumulators.values
+            .filter { $0.startDate <= metadata.now }
+            .sorted { $0.startTime < $1.startTime }
+            .map { $0.makeBucket(calendar: metadata.calendar) }
+        return OpenAIAPIUsageSnapshot(
+            daily: daily,
+            updatedAt: metadata.now,
+            historyDays: metadata.historyDays,
+            projectID: metadata.projectID)
+    }
+
+    private static func displayName(_ raw: String?, fallback: String) -> String {
+        guard let trimmed = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !trimmed.isEmpty else {
+            return fallback
+        }
+        return trimmed
+    }
+
+    private static func url(baseURL: URL, range: DateRange, queryItems extraItems: [URLQueryItem]) -> URL {
+        var components = URLComponents(url: baseURL, resolvingAgainstBaseURL: false)!
+        components.queryItems = [
+            URLQueryItem(name: "start_time", value: String(range.startTime)),
+            URLQueryItem(name: "end_time", value: String(range.endTime)),
+            URLQueryItem(name: "bucket_width", value: "1d"),
+            URLQueryItem(name: "limit", value: String(range.limit)),
+        ] + extraItems
+        return components.url!
+    }
+
+    private static func dailyRanges(now: Date, calendar: Calendar, historyDays: Int) -> [DateRange] {
+        let today = calendar.startOfDay(for: now)
+        let clampedHistoryDays = max(1, min(365, historyDays))
+        var cursor = calendar.date(byAdding: .day, value: -(clampedHistoryDays - 1), to: today) ?? today
+        var remainingDays = clampedHistoryDays
+        var ranges: [DateRange] = []
+        ranges.reserveCapacity(Int(ceil(Double(clampedHistoryDays) / Double(Self.maxDailyBucketLimit))))
+
+        while remainingDays > 0 {
+            let chunkDays = min(Self.maxDailyBucketLimit, remainingDays)
+            let end = calendar.date(byAdding: .day, value: chunkDays, to: cursor) ?? cursor
+            ranges.append(DateRange(
+                startTime: Int(cursor.timeIntervalSince1970),
+                endTime: Int(end.timeIntervalSince1970),
+                limit: chunkDays))
+            cursor = end
+            remainingDays -= chunkDays
+        }
+        return ranges
+    }
+
+    private static var utcCalendar: Calendar {
+        var calendar = Calendar(identifier: .gregorian)
+        calendar.locale = Locale(identifier: "en_US_POSIX")
+        calendar.timeZone = TimeZone(secondsFromGMT: 0)!
+        return calendar
+    }
+}
+
+private struct DateRange {
+    let startTime: Int
+    let endTime: Int
+    let limit: Int
+}
+
+private struct DailyAccumulator {
+    let startTime: Int
+    let endTime: Int
+    var costUSD: Double = 0
+    var requests: Int = 0
+    var inputTokens: Int = 0
+    var cachedInputTokens: Int = 0
+    var outputTokens: Int = 0
+    var totalTokens: Int = 0
+    var lineItems: [String: Double] = [:]
+    var models: [String: ModelAccumulator] = [:]
+
+    var startDate: Date {
+        Date(timeIntervalSince1970: TimeInterval(self.startTime))
+    }
+
+    func makeBucket(calendar: Calendar) -> OpenAIAPIUsageSnapshot.DailyBucket {
+        OpenAIAPIUsageSnapshot.DailyBucket(
+            day: Self.dayKey(from: self.startDate, calendar: calendar),
+            startTime: self.startDate,
+            endTime: Date(timeIntervalSince1970: TimeInterval(self.endTime)),
+            costUSD: self.costUSD,
+            requests: self.requests,
+            inputTokens: self.inputTokens,
+            cachedInputTokens: self.cachedInputTokens,
+            outputTokens: self.outputTokens,
+            totalTokens: self.totalTokens,
+            lineItems: self.lineItems
+                .map { OpenAIAPIUsageSnapshot.LineItemBreakdown(name: $0.key, costUSD: $0.value) }
+                .sorted {
+                    if $0.costUSD == $1.costUSD { return $0.name < $1.name }
+                    return $0.costUSD > $1.costUSD
+                },
+            models: self.models
+                .map { $0.value.makeModel(name: $0.key) }
+                .sorted {
+                    if $0.totalTokens == $1.totalTokens { return $0.name < $1.name }
+                    return $0.totalTokens > $1.totalTokens
+                })
+    }
+
+    private static func dayKey(from date: Date, calendar: Calendar) -> String {
+        let comps = calendar.dateComponents([.year, .month, .day], from: date)
+        return String(format: "%04d-%02d-%02d", comps.year ?? 0, comps.month ?? 0, comps.day ?? 0)
+    }
+}
+
+private struct ModelAccumulator {
+    var requests = 0
+    var inputTokens = 0
+    var cachedInputTokens = 0
+    var outputTokens = 0
+    var totalTokens = 0
+
+    mutating func add(
+        requests: Int,
+        inputTokens: Int,
+        cachedInputTokens: Int,
+        outputTokens: Int,
+        totalTokens: Int)
+    {
+        self.requests += requests
+        self.inputTokens += inputTokens
+        self.cachedInputTokens += cachedInputTokens
+        self.outputTokens += outputTokens
+        self.totalTokens += totalTokens
+    }
+
+    func makeModel(name: String) -> OpenAIAPIUsageSnapshot.ModelBreakdown {
+        OpenAIAPIUsageSnapshot.ModelBreakdown(
+            name: name,
+            requests: self.requests,
+            inputTokens: self.inputTokens,
+            cachedInputTokens: self.cachedInputTokens,
+            outputTokens: self.outputTokens,
+            totalTokens: self.totalTokens)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPIUsageResponses.swift b/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPIUsageResponses.swift
new file mode 100644
index 000000000..02ad04854
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPIUsageResponses.swift
@@ -0,0 +1,106 @@
+import Foundation
+
+struct CostsResponse: Decodable {
+    let data: [OpenAICostBucket]
+}
+
+struct OpenAICostBucket: Decodable {
+    let startTime: Int
+    let endTime: Int
+    let results: [OpenAICostResult]
+
+    private enum CodingKeys: String, CodingKey {
+        case startTime = "start_time"
+        case endTime = "end_time"
+        case results
+    }
+}
+
+struct OpenAICostResult: Decodable {
+    struct Amount: Decodable {
+        let value: Double?
+        let currency: String?
+
+        private enum CodingKeys: String, CodingKey {
+            case value
+            case currency
+        }
+
+        init(from decoder: Decoder) throws {
+            let container = try decoder.container(keyedBy: CodingKeys.self)
+            self.value = try container.decodeFlexibleDoubleIfPresent(forKey: .value)
+            self.currency = try container.decodeIfPresent(String.self, forKey: .currency)
+        }
+    }
+
+    let amount: Amount?
+    let lineItem: String?
+
+    private enum CodingKeys: String, CodingKey {
+        case amount
+        case lineItem = "line_item"
+    }
+}
+
+struct CompletionsUsageResponse: Decodable {
+    let data: [OpenAICompletionsUsageBucket]
+}
+
+struct OpenAICompletionsUsageBucket: Decodable {
+    let startTime: Int
+    let endTime: Int
+    let results: [OpenAICompletionsUsageResult]
+
+    private enum CodingKeys: String, CodingKey {
+        case startTime = "start_time"
+        case endTime = "end_time"
+        case results
+    }
+}
+
+struct OpenAICompletionsUsageResult: Decodable {
+    let inputTokens: Int?
+    let inputCachedTokens: Int?
+    let inputAudioTokens: Int?
+    let outputTokens: Int?
+    let outputAudioTokens: Int?
+    let numModelRequests: Int?
+    let model: String?
+
+    private enum CodingKeys: String, CodingKey {
+        case inputTokens = "input_tokens"
+        case inputCachedTokens = "input_cached_tokens"
+        case inputAudioTokens = "input_audio_tokens"
+        case outputTokens = "output_tokens"
+        case outputAudioTokens = "output_audio_tokens"
+        case numModelRequests = "num_model_requests"
+        case model
+    }
+}
+
+extension KeyedDecodingContainer {
+    fileprivate func decodeFlexibleDoubleIfPresent(forKey key: Key) throws -> Double? {
+        guard self.contains(key), try !self.decodeNil(forKey: key) else {
+            return nil
+        }
+
+        if let value = try? self.decode(Double.self, forKey: key) {
+            return value
+        }
+
+        if let rawValue = try? self.decode(String.self, forKey: key) {
+            let trimmed = rawValue.trimmingCharacters(in: .whitespacesAndNewlines)
+            guard !trimmed.isEmpty else {
+                return nil
+            }
+            if let value = Double(trimmed) {
+                return value
+            }
+        }
+
+        throw DecodingError.dataCorruptedError(
+            forKey: key,
+            in: self,
+            debugDescription: "Expected a number or numeric string for \(key.stringValue)")
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPIUsageSnapshot.swift b/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPIUsageSnapshot.swift
new file mode 100644
index 000000000..9f741ea99
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/OpenAI/OpenAIAPIUsageSnapshot.swift
@@ -0,0 +1,280 @@
+import Foundation
+
+public struct OpenAIAPIUsageSnapshot: Codable, Equatable, Sendable {
+    public struct DailyBucket: Codable, Equatable, Sendable, Identifiable {
+        public let day: String
+        public let startTime: Date
+        public let endTime: Date
+        public let costUSD: Double
+        public let requests: Int
+        public let inputTokens: Int
+        public let cachedInputTokens: Int
+        public let outputTokens: Int
+        public let totalTokens: Int
+        public let lineItems: [LineItemBreakdown]
+        public let models: [ModelBreakdown]
+
+        public var id: String {
+            self.day
+        }
+
+        public init(
+            day: String,
+            startTime: Date,
+            endTime: Date,
+            costUSD: Double,
+            requests: Int,
+            inputTokens: Int,
+            cachedInputTokens: Int,
+            outputTokens: Int,
+            totalTokens: Int,
+            lineItems: [LineItemBreakdown],
+            models: [ModelBreakdown])
+        {
+            self.day = day
+            self.startTime = startTime
+            self.endTime = endTime
+            self.costUSD = costUSD
+            self.requests = requests
+            self.inputTokens = inputTokens
+            self.cachedInputTokens = cachedInputTokens
+            self.outputTokens = outputTokens
+            self.totalTokens = totalTokens
+            self.lineItems = lineItems
+            self.models = models
+        }
+    }
+
+    public struct LineItemBreakdown: Codable, Equatable, Sendable, Identifiable {
+        public let name: String
+        public let costUSD: Double
+
+        public var id: String {
+            self.name
+        }
+
+        public init(name: String, costUSD: Double) {
+            self.name = name
+            self.costUSD = costUSD
+        }
+    }
+
+    public struct ModelBreakdown: Codable, Equatable, Sendable, Identifiable {
+        public let name: String
+        public let requests: Int
+        public let inputTokens: Int
+        public let cachedInputTokens: Int
+        public let outputTokens: Int
+        public let totalTokens: Int
+
+        public var id: String {
+            self.name
+        }
+
+        public init(
+            name: String,
+            requests: Int,
+            inputTokens: Int,
+            cachedInputTokens: Int,
+            outputTokens: Int,
+            totalTokens: Int)
+        {
+            self.name = name
+            self.requests = requests
+            self.inputTokens = inputTokens
+            self.cachedInputTokens = cachedInputTokens
+            self.outputTokens = outputTokens
+            self.totalTokens = totalTokens
+        }
+    }
+
+    public struct Summary: Equatable, Sendable {
+        public let costUSD: Double
+        public let requests: Int
+        public let inputTokens: Int
+        public let cachedInputTokens: Int
+        public let outputTokens: Int
+        public let totalTokens: Int
+
+        public init(
+            costUSD: Double,
+            requests: Int,
+            inputTokens: Int,
+            cachedInputTokens: Int,
+            outputTokens: Int,
+            totalTokens: Int)
+        {
+            self.costUSD = costUSD
+            self.requests = requests
+            self.inputTokens = inputTokens
+            self.cachedInputTokens = cachedInputTokens
+            self.outputTokens = outputTokens
+            self.totalTokens = totalTokens
+        }
+    }
+
+    public let daily: [DailyBucket]
+    public let updatedAt: Date
+    public let historyDays: Int
+    public let projectID: String?
+
+    public init(daily: [DailyBucket], updatedAt: Date, historyDays: Int = 30, projectID: String? = nil) {
+        self.daily = daily.sorted { $0.startTime < $1.startTime }
+        self.updatedAt = updatedAt
+        self.historyDays = max(1, min(365, historyDays))
+        self.projectID = OpenAIAPISettingsReader.cleaned(projectID)
+    }
+
+    public var last30Days: Summary {
+        self.summary(days: self.historyDays)
+    }
+
+    public var historyWindowLabel: String {
+        self.historyDays == 1 ? "Today" : "\(self.historyDays)d"
+    }
+
+    public var historyWindowPeriodLabel: String {
+        self.historyDays == 1 ? "Today" : "Last \(self.historyDays) days"
+    }
+
+    public var last7Days: Summary {
+        self.summary(days: 7)
+    }
+
+    public var latestDay: Summary {
+        self.summary(days: 1)
+    }
+
+    public func summary(days: Int) -> Summary {
+        let selected = self.daily.suffix(max(1, days))
+        return Summary(
+            costUSD: selected.reduce(0) { $0 + $1.costUSD },
+            requests: selected.reduce(0) { $0 + $1.requests },
+            inputTokens: selected.reduce(0) { $0 + $1.inputTokens },
+            cachedInputTokens: selected.reduce(0) { $0 + $1.cachedInputTokens },
+            outputTokens: selected.reduce(0) { $0 + $1.outputTokens },
+            totalTokens: selected.reduce(0) { $0 + $1.totalTokens })
+    }
+
+    public var topModels: [ModelBreakdown] {
+        var totals: [String: ModelAccumulator] = [:]
+        for day in self.daily {
+            for model in day.models {
+                totals[model.name, default: ModelAccumulator()].add(model)
+            }
+        }
+        return totals
+            .map { name, total in total.makeModel(name: name) }
+            .sorted {
+                if $0.totalTokens == $1.totalTokens { return $0.name < $1.name }
+                return $0.totalTokens > $1.totalTokens
+            }
+    }
+
+    public var topLineItems: [LineItemBreakdown] {
+        var totals: [String: Double] = [:]
+        for day in self.daily {
+            for item in day.lineItems {
+                totals[item.name, default: 0] += item.costUSD
+            }
+        }
+        return totals
+            .map { LineItemBreakdown(name: $0.key, costUSD: $0.value) }
+            .sorted {
+                if $0.costUSD == $1.costUSD { return $0.name < $1.name }
+                return $0.costUSD > $1.costUSD
+            }
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let total = self.last30Days
+        return UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            providerCost: ProviderCostSnapshot(
+                used: total.costUSD,
+                limit: 0,
+                currencyCode: "USD",
+                period: self.historyWindowPeriodLabel,
+                updatedAt: self.updatedAt),
+            openAIAPIUsage: self,
+            updatedAt: self.updatedAt,
+            identity: ProviderIdentitySnapshot(
+                providerID: .openai,
+                accountEmail: nil,
+                accountOrganization: self.identityAccountOrganization,
+                loginMethod: self.identityLoginMethod))
+    }
+
+    private var identityLoginMethod: String {
+        guard let projectID else { return "Admin API" }
+        return "Admin API: \(projectID)"
+    }
+
+    private var identityAccountOrganization: String? {
+        guard let projectID else { return nil }
+        return "Project: \(projectID)"
+    }
+
+    public func toCostUsageTokenSnapshot() -> CostUsageTokenSnapshot {
+        let daily = self.daily.map { bucket in
+            let modelBreakdowns = bucket.models.map {
+                CostUsageDailyReport.ModelBreakdown(
+                    modelName: $0.name,
+                    costUSD: nil,
+                    totalTokens: $0.totalTokens,
+                    requestCount: $0.requests)
+            }
+            let modelsUsed = bucket.models.map(\.name)
+            return CostUsageDailyReport.Entry(
+                date: bucket.day,
+                inputTokens: bucket.inputTokens,
+                outputTokens: bucket.outputTokens,
+                cacheReadTokens: bucket.cachedInputTokens,
+                cacheCreationTokens: nil,
+                totalTokens: bucket.totalTokens,
+                requestCount: bucket.requests,
+                costUSD: bucket.costUSD,
+                modelsUsed: modelsUsed.isEmpty ? nil : modelsUsed,
+                modelBreakdowns: modelBreakdowns.isEmpty ? nil : modelBreakdowns)
+        }
+        let latest = self.latestDay
+        let total = self.last30Days
+        return CostUsageTokenSnapshot(
+            sessionTokens: latest.totalTokens,
+            sessionCostUSD: latest.costUSD,
+            sessionRequests: latest.requests,
+            last30DaysTokens: total.totalTokens,
+            last30DaysCostUSD: total.costUSD,
+            last30DaysRequests: total.requests,
+            historyDays: self.historyDays,
+            daily: daily,
+            updatedAt: self.updatedAt)
+    }
+
+    private struct ModelAccumulator {
+        var requests = 0
+        var inputTokens = 0
+        var cachedInputTokens = 0
+        var outputTokens = 0
+        var totalTokens = 0
+
+        mutating func add(_ model: ModelBreakdown) {
+            self.requests += model.requests
+            self.inputTokens += model.inputTokens
+            self.cachedInputTokens += model.cachedInputTokens
+            self.outputTokens += model.outputTokens
+            self.totalTokens += model.totalTokens
+        }
+
+        func makeModel(name: String) -> ModelBreakdown {
+            ModelBreakdown(
+                name: name,
+                requests: self.requests,
+                inputTokens: self.inputTokens,
+                cachedInputTokens: self.cachedInputTokens,
+                outputTokens: self.outputTokens,
+                totalTokens: self.totalTokens)
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/OpenCode/OpenCodeCookieImporter.swift b/Sources/CodexBarCore/Providers/OpenCode/OpenCodeCookieImporter.swift
index d91261fdb..0532d8cae 100644
--- a/Sources/CodexBarCore/Providers/OpenCode/OpenCodeCookieImporter.swift
+++ b/Sources/CodexBarCore/Providers/OpenCode/OpenCodeCookieImporter.swift
@@ -37,7 +37,7 @@ public enum OpenCodeCookieImporter {
         for browserSource in installedBrowsers {
             do {
                 let query = BrowserCookieQuery(domains: self.cookieDomains)
-                let sources = try Self.cookieClient.records(
+                let sources = try Self.cookieClient.codexBarRecords(
                     matching: query,
                     in: browserSource,
                     logger: log)
diff --git a/Sources/CodexBarCore/Providers/OpenCode/OpenCodeProviderDescriptor.swift b/Sources/CodexBarCore/Providers/OpenCode/OpenCodeProviderDescriptor.swift
index 18803a46c..eb3d3fb82 100644
--- a/Sources/CodexBarCore/Providers/OpenCode/OpenCodeProviderDescriptor.swift
+++ b/Sources/CodexBarCore/Providers/OpenCode/OpenCodeProviderDescriptor.swift
@@ -84,35 +84,14 @@ struct OpenCodeUsageFetchStrategy: ProviderFetchStrategy {
     }
 
     private static func resolveCookieHeader(context: ProviderFetchContext, allowCached: Bool) throws -> String {
-        if let settings = context.settings?.opencode, settings.cookieSource == .manual {
-            if let header = CookieHeaderNormalizer.normalize(settings.manualCookieHeader) {
-                let pairs = CookieHeaderNormalizer.pairs(from: header)
-                let hasAuthCookie = pairs.contains { pair in
-                    pair.name == "auth" || pair.name == "__Host-auth"
-                }
-                if hasAuthCookie {
-                    return header
-                }
-            }
-            throw OpenCodeSettingsError.invalidCookie
-        }
-
-        #if os(macOS)
-        if allowCached,
-           let cached = CookieHeaderCache.load(provider: .opencode),
-           !cached.cookieHeader.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
-        {
-            return cached.cookieHeader
-        }
-        let session = try OpenCodeCookieImporter.importSession(browserDetection: context.browserDetection)
-        CookieHeaderCache.store(
-            provider: .opencode,
-            cookieHeader: session.cookieHeader,
-            sourceLabel: session.sourceLabel)
-        return session.cookieHeader
-        #else
-        throw OpenCodeSettingsError.missingCookie
-        #endif
+        try OpenCodeWebCookieSupport.resolveCookieHeader(
+            context: OpenCodeWebCookieSupport.Context(
+                settings: context.settings?.opencode,
+                provider: .opencode,
+                browserDetection: context.browserDetection,
+                allowCached: allowCached),
+            invalidCookie: OpenCodeSettingsError.invalidCookie,
+            missingCookie: OpenCodeSettingsError.missingCookie)
     }
 }
 
diff --git a/Sources/CodexBarCore/Providers/OpenCode/OpenCodeUsageFetcher.swift b/Sources/CodexBarCore/Providers/OpenCode/OpenCodeUsageFetcher.swift
index ed27f1d4f..71aa42719 100644
--- a/Sources/CodexBarCore/Providers/OpenCode/OpenCodeUsageFetcher.swift
+++ b/Sources/CodexBarCore/Providers/OpenCode/OpenCodeUsageFetcher.swift
@@ -62,6 +62,10 @@ public struct OpenCodeUsageFetcher: Sendable {
         "renewAt",
         "renew_at",
     ]
+    private static let renewAtKeys = [
+        "renewAt",
+        "renew_at",
+    ]
     private static func makeISO8601Formatter() -> ISO8601DateFormatter {
         let formatter = ISO8601DateFormatter()
         formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
@@ -83,25 +87,32 @@ public struct OpenCodeUsageFetcher: Sendable {
         cookieHeader: String,
         timeout: TimeInterval,
         now: Date = Date(),
-        workspaceIDOverride: String? = nil) async throws -> OpenCodeUsageSnapshot
+        workspaceIDOverride: String? = nil,
+        session transport: any ProviderHTTPTransport = ProviderHTTPClient.shared) async throws -> OpenCodeUsageSnapshot
     {
+        guard let requestCookieHeader = OpenCodeWebCookieSupport.requestCookieHeader(from: cookieHeader) else {
+            throw OpenCodeUsageError.invalidCredentials
+        }
         let workspaceID: String = if let override = self.normalizeWorkspaceID(workspaceIDOverride) {
             override
         } else {
             try await self.fetchWorkspaceID(
-                cookieHeader: cookieHeader,
-                timeout: timeout)
+                cookieHeader: requestCookieHeader,
+                timeout: timeout,
+                transport: transport)
         }
         let subscriptionText = try await self.fetchSubscriptionInfo(
             workspaceID: workspaceID,
-            cookieHeader: cookieHeader,
-            timeout: timeout)
+            cookieHeader: requestCookieHeader,
+            timeout: timeout,
+            transport: transport)
         return try self.parseSubscription(text: subscriptionText, now: now)
     }
 
     private static func fetchWorkspaceID(
         cookieHeader: String,
-        timeout: TimeInterval) async throws -> String
+        timeout: TimeInterval,
+        transport: any ProviderHTTPTransport) async throws -> String
     {
         let text = try await self.fetchServerText(
             request: ServerRequest(
@@ -110,7 +121,8 @@ public struct OpenCodeUsageFetcher: Sendable {
                 method: "GET",
                 referer: self.baseURL),
             cookieHeader: cookieHeader,
-            timeout: timeout)
+            timeout: timeout,
+            transport: transport)
         if self.looksSignedOut(text: text) {
             throw OpenCodeUsageError.invalidCredentials
         }
@@ -127,7 +139,8 @@ public struct OpenCodeUsageFetcher: Sendable {
                     method: "POST",
                     referer: self.baseURL),
                 cookieHeader: cookieHeader,
-                timeout: timeout)
+                timeout: timeout,
+                transport: transport)
             if self.looksSignedOut(text: fallback) {
                 throw OpenCodeUsageError.invalidCredentials
             }
@@ -147,7 +160,8 @@ public struct OpenCodeUsageFetcher: Sendable {
     private static func fetchSubscriptionInfo(
         workspaceID: String,
         cookieHeader: String,
-        timeout: TimeInterval) async throws -> String
+        timeout: TimeInterval,
+        transport: any ProviderHTTPTransport) async throws -> String
     {
         let referer = URL(string: "https://opencode.ai/workspace/\(workspaceID)/billing") ?? self.baseURL
         let text = try await self.fetchServerText(
@@ -157,7 +171,8 @@ public struct OpenCodeUsageFetcher: Sendable {
                 method: "GET",
                 referer: referer),
             cookieHeader: cookieHeader,
-            timeout: timeout)
+            timeout: timeout,
+            transport: transport)
         if self.looksSignedOut(text: text) {
             throw OpenCodeUsageError.invalidCredentials
         }
@@ -178,7 +193,8 @@ public struct OpenCodeUsageFetcher: Sendable {
                     method: "POST",
                     referer: referer),
                 cookieHeader: cookieHeader,
-                timeout: timeout)
+                timeout: timeout,
+                transport: transport)
             if self.looksSignedOut(text: fallback) {
                 throw OpenCodeUsageError.invalidCredentials
             }
@@ -207,7 +223,7 @@ public struct OpenCodeUsageFetcher: Sendable {
     private static func missingSubscriptionDataError(workspaceID: String) -> OpenCodeUsageError {
         OpenCodeUsageError.apiError(
             "No subscription usage data was returned for workspace \(workspaceID). " +
-                "This usually means this workspace does not have OpenCode Black usage data.")
+                "This usually means this workspace does not have OpenCode subscription quota data available.")
     }
 
     private static func normalizeWorkspaceID(_ raw: String?) -> String? {
@@ -236,7 +252,8 @@ public struct OpenCodeUsageFetcher: Sendable {
     private static func fetchServerText(
         request serverRequest: ServerRequest,
         cookieHeader: String,
-        timeout: TimeInterval) async throws -> String
+        timeout: TimeInterval,
+        transport: any ProviderHTTPTransport) async throws -> String
     {
         let url = self.serverRequestURL(
             serverID: serverRequest.serverID,
@@ -260,28 +277,33 @@ public struct OpenCodeUsageFetcher: Sendable {
             urlRequest.setValue("application/json", forHTTPHeaderField: "Content-Type")
         }
 
-        let (data, response) = try await URLSession.shared.data(for: urlRequest)
-        guard let httpResponse = response as? HTTPURLResponse else {
+        let response: ProviderHTTPResponse
+        do {
+            response = try await transport.response(for: urlRequest)
+        } catch let error as URLError where error.code == .badServerResponse {
             throw OpenCodeUsageError.networkError("Invalid response")
+        } catch {
+            throw error
         }
 
-        guard httpResponse.statusCode == 200 else {
-            let bodyText = String(data: data, encoding: .utf8) ?? ""
-            let contentType = httpResponse.value(forHTTPHeaderField: "Content-Type") ?? "unknown"
-            Self.log.error("OpenCode returned \(httpResponse.statusCode) (type=\(contentType) length=\(data.count))")
+        guard response.statusCode == 200 else {
+            let bodyText = String(data: response.data, encoding: .utf8) ?? ""
+            let contentType = response.response.value(forHTTPHeaderField: "Content-Type") ?? "unknown"
+            Self.log
+                .error("OpenCode returned \(response.statusCode) (type=\(contentType) length=\(response.data.count))")
             if self.looksSignedOut(text: bodyText) {
                 throw OpenCodeUsageError.invalidCredentials
             }
-            if httpResponse.statusCode == 401 || httpResponse.statusCode == 403 {
+            if response.statusCode == 401 || response.statusCode == 403 {
                 throw OpenCodeUsageError.invalidCredentials
             }
             if let message = self.extractServerErrorMessage(from: bodyText) {
-                throw OpenCodeUsageError.apiError("HTTP \(httpResponse.statusCode): \(message)")
+                throw OpenCodeUsageError.apiError("HTTP \(response.statusCode): \(message)")
             }
-            throw OpenCodeUsageError.apiError("HTTP \(httpResponse.statusCode)")
+            throw OpenCodeUsageError.apiError("HTTP \(response.statusCode)")
         }
 
-        guard let text = String(data: data, encoding: .utf8) else {
+        guard let text = String(data: response.data, encoding: .utf8) else {
             throw OpenCodeUsageError.parseFailed("Response was not UTF-8.")
         }
         return text
@@ -428,7 +450,12 @@ public struct OpenCodeUsageFetcher: Sendable {
 
     private static func looksSignedOut(text: String) -> Bool {
         let lower = text.lowercased()
-        if lower.contains("login") || lower.contains("sign in") || lower.contains("auth/authorize") {
+        if lower.contains("login") ||
+            lower.contains("sign in") ||
+            lower.contains("auth/authorize") ||
+            lower.contains("not associated with an account") ||
+            lower.contains("actor of type \"public\"")
+        {
             return true
         }
         return false
@@ -479,24 +506,33 @@ public struct OpenCodeUsageFetcher: Sendable {
 
     private static func parseUsageJSON(object: Any, now: Date) -> OpenCodeUsageSnapshot? {
         guard let dict = object as? [String: Any] else { return nil }
-        if let snapshot = self.parseUsageDictionary(dict, now: now) {
+        let renewsAt = self.dateValue(from: self.value(from: dict, keys: self.renewAtKeys))
+        if let snapshot = self.parseUsageDictionary(dict, now: now, inheritedRenewsAt: renewsAt) {
             return snapshot
         }
 
         for key in ["data", "result", "usage", "billing", "payload"] {
             if let nested = dict[key] as? [String: Any],
-               let snapshot = self.parseUsageDictionary(nested, now: now)
+               let snapshot = self.parseUsageDictionary(nested, now: now, inheritedRenewsAt: renewsAt)
             {
                 return snapshot
             }
         }
 
-        return self.parseUsageNested(dict, now: now, depth: 0)
+        if let snapshot = self.parseUsageNested(dict, now: now, depth: 0, inheritedRenewsAt: renewsAt) {
+            return snapshot
+        }
+        return self.parseUsageFromCandidates(object: object, now: now, inheritedRenewsAt: renewsAt)
     }
 
-    private static func parseUsageDictionary(_ dict: [String: Any], now: Date) -> OpenCodeUsageSnapshot? {
+    private static func parseUsageDictionary(
+        _ dict: [String: Any],
+        now: Date,
+        inheritedRenewsAt: Date?) -> OpenCodeUsageSnapshot?
+    {
+        let renewsAt = self.dateValue(from: self.value(from: dict, keys: self.renewAtKeys)) ?? inheritedRenewsAt
         if let usage = dict["usage"] as? [String: Any],
-           let snapshot = self.parseUsageDictionary(usage, now: now)
+           let snapshot = self.parseUsageDictionary(usage, now: now, inheritedRenewsAt: renewsAt)
         {
             return snapshot
         }
@@ -508,14 +544,20 @@ public struct OpenCodeUsageFetcher: Sendable {
         let weekly = weeklyKeys.compactMap { dict[$0] as? [String: Any] }.first
 
         if let rolling, let weekly {
-            return self.buildSnapshot(rolling: rolling, weekly: weekly, now: now)
+            return self.buildSnapshot(rolling: rolling, weekly: weekly, now: now, renewsAt: renewsAt)
         }
 
         return nil
     }
 
-    private static func parseUsageNested(_ dict: [String: Any], now: Date, depth: Int) -> OpenCodeUsageSnapshot? {
+    private static func parseUsageNested(
+        _ dict: [String: Any],
+        now: Date,
+        depth: Int,
+        inheritedRenewsAt: Date?) -> OpenCodeUsageSnapshot?
+    {
         if depth > 3 { return nil }
+        let renewsAt = self.dateValue(from: self.value(from: dict, keys: self.renewAtKeys)) ?? inheritedRenewsAt
         var rolling: [String: Any]?
         var weekly: [String: Any]?
 
@@ -529,15 +571,18 @@ public struct OpenCodeUsageFetcher: Sendable {
             }
         }
 
-        if let rolling, let weekly,
-           let snapshot = self.buildSnapshot(rolling: rolling, weekly: weekly, now: now)
-        {
-            return snapshot
+        if let rolling, let weekly {
+            let snapshot = self.buildSnapshot(rolling: rolling, weekly: weekly, now: now, renewsAt: renewsAt)
+            if let snapshot { return snapshot }
         }
 
         for value in dict.values {
             if let sub = value as? [String: Any],
-               let snapshot = self.parseUsageNested(sub, now: now, depth: depth + 1)
+               let snapshot = self.parseUsageNested(
+                   sub,
+                   now: now,
+                   depth: depth + 1,
+                   inheritedRenewsAt: renewsAt)
             {
                 return snapshot
             }
@@ -546,7 +591,11 @@ public struct OpenCodeUsageFetcher: Sendable {
         return nil
     }
 
-    private static func parseUsageFromCandidates(object: Any, now: Date) -> OpenCodeUsageSnapshot? {
+    private static func parseUsageFromCandidates(
+        object: Any,
+        now: Date,
+        inheritedRenewsAt: Date? = nil) -> OpenCodeUsageSnapshot?
+    {
         let candidates = self.collectWindowCandidates(object: object, now: now)
         guard !candidates.isEmpty else { return nil }
 
@@ -573,15 +622,18 @@ public struct OpenCodeUsageFetcher: Sendable {
 
         guard let rolling, let weekly else { return nil }
 
+        let renewsAt = self.dateValue(from: self.value(from: object as? [String: Any] ?? [:], keys: self.renewAtKeys))
+            ?? inheritedRenewsAt
         return OpenCodeUsageSnapshot(
             rollingUsagePercent: rolling.percent,
             weeklyUsagePercent: weekly.percent,
             rollingResetInSec: rolling.resetInSec,
             weeklyResetInSec: weekly.resetInSec,
+            renewsAt: renewsAt,
             updatedAt: now)
     }
 
-    private struct WindowCandidate: Sendable {
+    private struct WindowCandidate {
         let id: UUID
         let percent: Double
         let resetInSec: Int
@@ -656,7 +708,8 @@ public struct OpenCodeUsageFetcher: Sendable {
     private static func buildSnapshot(
         rolling: [String: Any],
         weekly: [String: Any],
-        now: Date) -> OpenCodeUsageSnapshot?
+        now: Date,
+        renewsAt: Date? = nil) -> OpenCodeUsageSnapshot?
     {
         guard let rollingWindow = self.parseWindow(rolling, now: now),
               let weeklyWindow = self.parseWindow(weekly, now: now)
@@ -669,6 +722,7 @@ public struct OpenCodeUsageFetcher: Sendable {
             weeklyUsagePercent: weeklyWindow.percent,
             rollingResetInSec: rollingWindow.resetInSec,
             weeklyResetInSec: weeklyWindow.resetInSec,
+            renewsAt: renewsAt,
             updatedAt: now)
     }
 
diff --git a/Sources/CodexBarCore/Providers/OpenCode/OpenCodeUsageSnapshot.swift b/Sources/CodexBarCore/Providers/OpenCode/OpenCodeUsageSnapshot.swift
index aa1d87f28..672812525 100644
--- a/Sources/CodexBarCore/Providers/OpenCode/OpenCodeUsageSnapshot.swift
+++ b/Sources/CodexBarCore/Providers/OpenCode/OpenCodeUsageSnapshot.swift
@@ -5,6 +5,7 @@ public struct OpenCodeUsageSnapshot: Sendable {
     public let weeklyUsagePercent: Double
     public let rollingResetInSec: Int
     public let weeklyResetInSec: Int
+    public let renewsAt: Date?
     public let updatedAt: Date
 
     public init(
@@ -12,12 +13,14 @@ public struct OpenCodeUsageSnapshot: Sendable {
         weeklyUsagePercent: Double,
         rollingResetInSec: Int,
         weeklyResetInSec: Int,
+        renewsAt: Date? = nil,
         updatedAt: Date)
     {
         self.rollingUsagePercent = rollingUsagePercent
         self.weeklyUsagePercent = weeklyUsagePercent
         self.rollingResetInSec = rollingResetInSec
         self.weeklyResetInSec = weeklyResetInSec
+        self.renewsAt = renewsAt
         self.updatedAt = updatedAt
     }
 
@@ -36,9 +39,20 @@ public struct OpenCodeUsageSnapshot: Sendable {
             resetsAt: weeklyReset,
             resetDescription: nil)
 
+        var extraWindows: [NamedRateWindow]?
+        if let renewsAt = self.renewsAt {
+            let renewalWindow = RateWindow(
+                usedPercent: 0,
+                windowMinutes: nil,
+                resetsAt: renewsAt,
+                resetDescription: nil)
+            extraWindows = [NamedRateWindow(id: "renewal", title: "Renews", window: renewalWindow)]
+        }
+
         return UsageSnapshot(
             primary: primary,
             secondary: secondary,
+            extraRateWindows: extraWindows,
             updatedAt: self.updatedAt,
             identity: nil)
     }
diff --git a/Sources/CodexBarCore/Providers/OpenCode/OpenCodeWebCookieSupport.swift b/Sources/CodexBarCore/Providers/OpenCode/OpenCodeWebCookieSupport.swift
new file mode 100644
index 000000000..5d239b08d
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/OpenCode/OpenCodeWebCookieSupport.swift
@@ -0,0 +1,62 @@
+import Foundation
+
+enum OpenCodeWebCookieSupport {
+    private static let requestCookieNames: Set<String> = ["auth", "__Host-auth"]
+
+    struct Context {
+        let settings: ProviderSettingsSnapshot.OpenCodeProviderSettings?
+        let provider: UsageProvider
+        let browserDetection: BrowserDetection
+        let allowCached: Bool
+    }
+
+    static func requestCookieHeader(from rawHeader: String?) -> String? {
+        CookieHeaderNormalizer.filteredHeader(from: rawHeader, allowedNames: self.requestCookieNames)
+    }
+
+    static func resolveCookieHeader(
+        context: Context,
+        invalidCookie: @autoclosure () -> Error,
+        missingCookie: @autoclosure () -> Error) throws -> String
+    {
+        if let settings = context.settings, settings.cookieSource == .manual {
+            if let header = self.requestCookieHeader(from: settings.manualCookieHeader) {
+                return header
+            }
+            throw invalidCookie()
+        }
+
+        #if os(macOS)
+        if context.allowCached,
+           let cached = CookieHeaderCache.load(provider: context.provider),
+           let header = self.requestCookieHeader(from: cached.cookieHeader)
+        {
+            return header
+        }
+        let session = try OpenCodeCookieImporter.importSession(
+            browserDetection: context.browserDetection,
+            preferredBrowsers: self.automaticImportOrder(provider: context.provider))
+        guard let header = self.requestCookieHeader(from: session.cookieHeader) else {
+            throw missingCookie()
+        }
+        CookieHeaderCache.store(
+            provider: context.provider,
+            cookieHeader: header,
+            sourceLabel: session.sourceLabel)
+        return header
+        #else
+        throw missingCookie()
+        #endif
+    }
+
+    #if os(macOS)
+    static func automaticImportOrder(provider: UsageProvider) -> BrowserCookieImportOrder {
+        if provider == .opencodego,
+           let order = ProviderDefaults.metadata[provider]?.browserCookieOrder
+        {
+            return order
+        }
+        return [.chrome]
+    }
+    #endif
+}
diff --git a/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoLocalUsageReader.swift b/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoLocalUsageReader.swift
new file mode 100644
index 000000000..13098a445
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoLocalUsageReader.swift
@@ -0,0 +1,320 @@
+import Foundation
+
+#if os(macOS)
+import SQLite3
+
+public enum OpenCodeGoLocalUsageError: LocalizedError, Sendable, Equatable {
+    case notDetected
+    case historyUnavailable(String)
+    case sqliteFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .notDetected:
+            "OpenCode Go not detected. Log in with OpenCode Go or use it locally first."
+        case let .historyUnavailable(message):
+            "OpenCode Go local usage history is unavailable: \(message)"
+        case let .sqliteFailed(message):
+            "SQLite error reading OpenCode Go usage: \(message)"
+        }
+    }
+}
+
+public struct OpenCodeGoLocalUsageReader: Sendable {
+    private static let fiveHours: TimeInterval = 5 * 60 * 60
+    private static let week: TimeInterval = 7 * 24 * 60 * 60
+    private static let limits = (session: 12.0, weekly: 30.0, monthly: 60.0)
+
+    private let authURL: URL
+    private let databaseURL: URL
+
+    public init(homeDirectory: URL = FileManager.default.homeDirectoryForCurrentUser) {
+        let openCodeDirectory = homeDirectory
+            .appendingPathComponent(".local", isDirectory: true)
+            .appendingPathComponent("share", isDirectory: true)
+            .appendingPathComponent("opencode", isDirectory: true)
+        self.authURL = openCodeDirectory.appendingPathComponent("auth.json", isDirectory: false)
+        self.databaseURL = openCodeDirectory.appendingPathComponent("opencode.db", isDirectory: false)
+    }
+
+    public init(authURL: URL, databaseURL: URL) {
+        self.authURL = authURL
+        self.databaseURL = databaseURL
+    }
+
+    public func fetch(now: Date = Date()) throws -> OpenCodeGoUsageSnapshot {
+        let hasAuth = Self.hasAuthKey(at: self.authURL)
+        guard FileManager.default.fileExists(atPath: self.databaseURL.path) else {
+            if hasAuth {
+                throw OpenCodeGoLocalUsageError.historyUnavailable("database not found")
+            }
+            throw OpenCodeGoLocalUsageError.notDetected
+        }
+
+        let rows = try self.readRows()
+        guard hasAuth || !rows.isEmpty else {
+            throw OpenCodeGoLocalUsageError.notDetected
+        }
+        guard !rows.isEmpty else {
+            throw OpenCodeGoLocalUsageError.historyUnavailable("no local usage rows")
+        }
+        return Self.snapshot(rows: rows, now: now)
+    }
+
+    private func readRows() throws -> [UsageRow] {
+        var db: OpaquePointer?
+        guard sqlite3_open_v2(self.databaseURL.path, &db, SQLITE_OPEN_READONLY, nil) == SQLITE_OK else {
+            let message = db.flatMap { String(cString: sqlite3_errmsg($0)) } ?? "unknown error"
+            sqlite3_close(db)
+            throw OpenCodeGoLocalUsageError.sqliteFailed(message)
+        }
+        defer { sqlite3_close(db) }
+        sqlite3_busy_timeout(db, 250)
+
+        let sql = self.hasTable(named: "part", db: db) ? Self.messageAndPartUsageSQL : Self.messageUsageSQL
+
+        var stmt: OpaquePointer?
+        guard sqlite3_prepare_v2(db, sql, -1, &stmt, nil) == SQLITE_OK else {
+            let message = db.flatMap { String(cString: sqlite3_errmsg($0)) } ?? "unknown error"
+            throw OpenCodeGoLocalUsageError.sqliteFailed(message)
+        }
+        defer { sqlite3_finalize(stmt) }
+
+        var rows: [UsageRow] = []
+        while true {
+            let step = sqlite3_step(stmt)
+            if step == SQLITE_DONE { break }
+            guard step == SQLITE_ROW else {
+                let message = db.flatMap { String(cString: sqlite3_errmsg($0)) } ?? "unknown error"
+                throw OpenCodeGoLocalUsageError.sqliteFailed(message)
+            }
+
+            let createdMs = sqlite3_column_int64(stmt, 0)
+            let cost = sqlite3_column_double(stmt, 1)
+            guard createdMs > 0, cost >= 0, cost.isFinite else { continue }
+            rows.append(UsageRow(createdMs: createdMs, cost: cost))
+        }
+        return rows
+    }
+
+    private func hasTable(named name: String, db: OpaquePointer?) -> Bool {
+        var stmt: OpaquePointer?
+        guard sqlite3_prepare_v2(
+            db,
+            "SELECT 1 FROM sqlite_master WHERE type = 'table' AND name = ? LIMIT 1",
+            -1,
+            &stmt,
+            nil) == SQLITE_OK
+        else {
+            return false
+        }
+        defer { sqlite3_finalize(stmt) }
+
+        let transient = unsafeBitCast(-1, to: sqlite3_destructor_type.self)
+        sqlite3_bind_text(stmt, 1, name, -1, transient)
+        return sqlite3_step(stmt) == SQLITE_ROW
+    }
+
+    private static let messageUsageSQL = """
+        SELECT
+          CAST(COALESCE(json_extract(data, '$.time.created'), time_created) AS INTEGER) AS createdMs,
+          CAST(json_extract(data, '$.cost') AS REAL) AS cost
+        FROM message
+        WHERE json_valid(data)
+          AND json_extract(data, '$.providerID') = 'opencode-go'
+          AND json_extract(data, '$.role') = 'assistant'
+          AND json_type(data, '$.cost') IN ('integer', 'real')
+    """
+
+    private static let messageAndPartUsageSQL = """
+        WITH message_costs AS (
+          SELECT
+            id AS messageID,
+            CAST(COALESCE(json_extract(data, '$.time.created'), time_created) AS INTEGER) AS createdMs,
+            CAST(json_extract(data, '$.cost') AS REAL) AS cost
+          FROM message
+          WHERE json_valid(data)
+            AND json_extract(data, '$.providerID') = 'opencode-go'
+            AND json_extract(data, '$.role') = 'assistant'
+            AND json_type(data, '$.cost') IN ('integer', 'real')
+        )
+        SELECT createdMs, cost
+        FROM message_costs
+        UNION ALL
+        SELECT
+          CAST(COALESCE(json_extract(p.data, '$.time.created'), p.time_created, m.time_created) AS INTEGER)
+            AS createdMs,
+          CAST(json_extract(p.data, '$.cost') AS REAL) AS cost
+        FROM part p
+        JOIN message m ON m.id = p.message_id
+        WHERE json_valid(p.data)
+          AND json_valid(m.data)
+          AND json_extract(p.data, '$.type') = 'step-finish'
+          AND json_type(p.data, '$.cost') IN ('integer', 'real')
+          AND json_extract(m.data, '$.providerID') = 'opencode-go'
+          AND json_extract(m.data, '$.role') = 'assistant'
+          AND NOT EXISTS (
+            SELECT 1
+            FROM message_costs
+            WHERE message_costs.messageID = p.message_id
+          )
+    """
+
+    private struct UsageRow {
+        let createdMs: Int64
+        let cost: Double
+    }
+
+    private static func hasAuthKey(at url: URL) -> Bool {
+        guard let data = try? Data(contentsOf: url),
+              let object = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
+              let entry = object["opencode-go"] as? [String: Any],
+              let key = entry["key"] as? String
+        else {
+            return false
+        }
+        return !key.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+    }
+
+    private static func snapshot(rows: [UsageRow], now: Date) -> OpenCodeGoUsageSnapshot {
+        let nowMs = Int64(now.timeIntervalSince1970 * 1000)
+        let sessionStart = nowMs - Int64(Self.fiveHours * 1000)
+        let weekStart = self.startOfUTCWeek(now: now).timeIntervalSince1970 * 1000
+        let weekStartMs = Int64(weekStart)
+        let weekEndMs = weekStartMs + Int64(Self.week * 1000)
+        let earliestMs = rows.map(\.createdMs).min()
+        let monthBounds = self.monthBounds(now: now, anchorMs: earliestMs)
+
+        let sessionCost = self.sum(rows: rows, startMs: sessionStart, endMs: nowMs)
+        let weeklyCost = self.sum(rows: rows, startMs: weekStartMs, endMs: weekEndMs)
+        let monthlyCost = self.sum(rows: rows, startMs: monthBounds.startMs, endMs: monthBounds.endMs)
+
+        return OpenCodeGoUsageSnapshot(
+            hasMonthlyUsage: true,
+            rollingUsagePercent: self.percent(used: sessionCost, limit: self.limits.session),
+            weeklyUsagePercent: self.percent(used: weeklyCost, limit: self.limits.weekly),
+            monthlyUsagePercent: self.percent(used: monthlyCost, limit: self.limits.monthly),
+            rollingResetInSec: self.rollingReset(rows: rows, nowMs: nowMs),
+            weeklyResetInSec: max(0, Int((weekEndMs - nowMs) / 1000)),
+            monthlyResetInSec: max(0, Int((monthBounds.endMs - nowMs) / 1000)),
+            updatedAt: now)
+    }
+
+    private static func sum(rows: [UsageRow], startMs: Int64, endMs: Int64) -> Double {
+        rows.reduce(0) { total, row in
+            guard row.createdMs >= startMs, row.createdMs < endMs else { return total }
+            return total + row.cost
+        }
+    }
+
+    private static func percent(used: Double, limit: Double) -> Double {
+        guard used.isFinite, limit > 0 else { return 0 }
+        let value = max(0, min(100, used / limit * 100))
+        return (value * 10).rounded() / 10
+    }
+
+    private static func rollingReset(rows: [UsageRow], nowMs: Int64) -> Int {
+        let sessionStart = nowMs - Int64(Self.fiveHours * 1000)
+        let oldest = rows
+            .filter { $0.createdMs >= sessionStart && $0.createdMs < nowMs }
+            .map(\.createdMs)
+            .min() ?? nowMs
+        return max(0, Int((oldest + Int64(Self.fiveHours * 1000) - nowMs) / 1000))
+    }
+
+    private static func startOfUTCWeek(now: Date) -> Date {
+        var calendar = Calendar(identifier: .gregorian)
+        calendar.timeZone = TimeZone(secondsFromGMT: 0) ?? TimeZone.current
+        calendar.firstWeekday = 2
+        calendar.minimumDaysInFirstWeek = 4
+        let components = calendar.dateComponents([.yearForWeekOfYear, .weekOfYear], from: now)
+        return calendar.date(from: components) ?? now
+    }
+
+    private static func monthBounds(now: Date, anchorMs: Int64?) -> (startMs: Int64, endMs: Int64) {
+        var calendar = Calendar(identifier: .gregorian)
+        calendar.timeZone = TimeZone(secondsFromGMT: 0) ?? TimeZone.current
+
+        guard let anchorMs else {
+            let start = calendar.date(from: calendar.dateComponents([.year, .month], from: now)) ?? now
+            let end = calendar.date(byAdding: .month, value: 1, to: start) ?? start
+            return (Int64(start.timeIntervalSince1970 * 1000), Int64(end.timeIntervalSince1970 * 1000))
+        }
+
+        let anchor = Date(timeIntervalSince1970: TimeInterval(anchorMs) / 1000)
+        let anchorComponents = calendar.dateComponents([.day, .hour, .minute, .second, .nanosecond], from: anchor)
+        let nowComponents = calendar.dateComponents([.year, .month], from: now)
+
+        var startMonthComponents = nowComponents
+        var start = self.anchoredMonth(calendar: calendar, month: startMonthComponents, anchor: anchorComponents)
+        if start > now {
+            guard let previous = calendar.date(byAdding: .month, value: -1, to: start) else {
+                let end = self.anchoredMonth(
+                    calendar: calendar,
+                    month: self.monthComponents(after: startMonthComponents, calendar: calendar),
+                    anchor: anchorComponents)
+                return (Int64(start.timeIntervalSince1970 * 1000), Int64(end.timeIntervalSince1970 * 1000))
+            }
+            startMonthComponents = calendar.dateComponents([.year, .month], from: previous)
+            start = self.anchoredMonth(calendar: calendar, month: startMonthComponents, anchor: anchorComponents)
+        }
+        let end = self.anchoredMonth(
+            calendar: calendar,
+            month: self.monthComponents(after: startMonthComponents, calendar: calendar),
+            anchor: anchorComponents)
+        return (Int64(start.timeIntervalSince1970 * 1000), Int64(end.timeIntervalSince1970 * 1000))
+    }
+
+    private static func monthComponents(after month: DateComponents, calendar: Calendar) -> DateComponents {
+        let monthStart = calendar.date(from: month) ?? Date()
+        let nextMonth = calendar.date(byAdding: .month, value: 1, to: monthStart) ?? monthStart
+        return calendar.dateComponents([.year, .month], from: nextMonth)
+    }
+
+    private static func anchoredMonth(
+        calendar: Calendar,
+        month: DateComponents,
+        anchor: DateComponents) -> Date
+    {
+        var components = DateComponents()
+        components.calendar = calendar
+        components.timeZone = calendar.timeZone
+        components.year = month.year
+        components.month = month.month
+        components.day = anchor.day
+        components.hour = anchor.hour
+        components.minute = anchor.minute
+        components.second = anchor.second
+        components.nanosecond = anchor.nanosecond
+
+        if let date = calendar.date(from: components),
+           calendar.component(.month, from: date) == month.month
+        {
+            return date
+        }
+
+        components.day = calendar.range(of: .day, in: .month, for: calendar.date(from: month) ?? Date())?.count
+        return calendar.date(from: components) ?? Date()
+    }
+}
+
+#else
+
+public enum OpenCodeGoLocalUsageError: LocalizedError, Sendable, Equatable {
+    case notSupported
+
+    public var errorDescription: String? {
+        "OpenCode Go local usage is only supported on macOS."
+    }
+}
+
+public struct OpenCodeGoLocalUsageReader: Sendable {
+    public init(homeDirectory _: URL = FileManager.default.homeDirectoryForCurrentUser) {}
+    public init(authURL _: URL, databaseURL _: URL) {}
+
+    public func fetch(now _: Date = Date()) throws -> OpenCodeGoUsageSnapshot {
+        throw OpenCodeGoLocalUsageError.notSupported
+    }
+}
+
+#endif
diff --git a/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoProviderDescriptor.swift b/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoProviderDescriptor.swift
new file mode 100644
index 000000000..51b2ac417
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoProviderDescriptor.swift
@@ -0,0 +1,193 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum OpenCodeGoProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .opencodego,
+            metadata: ProviderMetadata(
+                id: .opencodego,
+                displayName: "OpenCode Go",
+                sessionLabel: "5-hour",
+                weeklyLabel: "Weekly",
+                opusLabel: "Monthly",
+                supportsOpus: true,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show OpenCode Go usage",
+                cliName: "opencodego",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: ProviderBrowserCookieDefaults.defaultImportOrder,
+                dashboardURL: "https://opencode.ai",
+                statusPageURL: nil),
+            branding: ProviderBranding(
+                iconStyle: .opencodego,
+                iconResourceName: "ProviderIcon-opencodego",
+                color: ProviderColor(red: 59 / 255, green: 130 / 255, blue: 246 / 255)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "OpenCode Go cost summary is not supported." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .web],
+                pipeline: ProviderFetchPipeline(resolveStrategies: self.resolveStrategies)),
+            cli: ProviderCLIConfig(
+                name: "opencodego",
+                versionDetector: nil))
+    }
+
+    private static func resolveStrategies(context: ProviderFetchContext) async -> [any ProviderFetchStrategy] {
+        if context.sourceMode == .web {
+            return [OpenCodeGoUsageFetchStrategy()]
+        }
+        return [
+            OpenCodeGoUsageFetchStrategy(),
+            OpenCodeGoLocalUsageFetchStrategy(),
+        ]
+    }
+}
+
+struct OpenCodeGoLocalUsageFetchStrategy: ProviderFetchStrategy {
+    let id: String = "opencodego.local"
+    let kind: ProviderFetchKind = .localProbe
+
+    func isAvailable(_: ProviderFetchContext) async -> Bool {
+        true
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let snapshot = try await self.snapshot(context: context)
+        return self.makeResult(
+            usage: snapshot.toUsageSnapshot(),
+            sourceLabel: "local")
+    }
+
+    func shouldFallback(on error: Error, context _: ProviderFetchContext) -> Bool {
+        error is OpenCodeGoLocalUsageError
+    }
+
+    private func snapshot(context: ProviderFetchContext) async throws -> OpenCodeGoUsageSnapshot {
+        let snapshot = try OpenCodeGoLocalUsageReader().fetch()
+        guard context.includeOptionalUsage,
+              context.settings?.opencodego?.cookieSource != .off
+        else {
+            return snapshot
+        }
+
+        guard let cookieHeader = Self.cachedOrManualCookieHeader(context: context) else {
+            return snapshot
+        }
+
+        let workspaceOverride = context.settings?.opencodego?.workspaceID
+            ?? context.env["CODEXBAR_OPENCODEGO_WORKSPACE_ID"]
+        let zenBalanceTask = Task<Double?, Error> {
+            do {
+                return try await OpenCodeGoUsageFetcher.fetchOptionalZenBalance(
+                    cookieHeader: cookieHeader,
+                    timeout: context.webTimeout,
+                    workspaceIDOverride: workspaceOverride)
+            } catch is CancellationError {
+                throw CancellationError()
+            } catch {
+                return nil
+            }
+        }
+        let zenBalance = try await OpenCodeGoUsageFetcher.completedOptionalZenBalance(from: zenBalanceTask)
+        return snapshot.withZenBalanceUSD(zenBalance)
+    }
+
+    private static func cachedOrManualCookieHeader(context: ProviderFetchContext) -> String? {
+        if let settings = context.settings?.opencodego, settings.cookieSource == .manual {
+            return OpenCodeWebCookieSupport.requestCookieHeader(from: settings.manualCookieHeader)
+        }
+
+        #if os(macOS)
+        guard let cached = CookieHeaderCache.load(provider: .opencodego) else { return nil }
+        return OpenCodeWebCookieSupport.requestCookieHeader(from: cached.cookieHeader)
+        #else
+        return nil
+        #endif
+    }
+}
+
+struct OpenCodeGoUsageFetchStrategy: ProviderFetchStrategy {
+    let id: String = "opencodego.web"
+    let kind: ProviderFetchKind = .web
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        guard context.settings?.opencodego?.cookieSource != .off else { return false }
+        return true
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let workspaceOverride = context.settings?.opencodego?.workspaceID
+            ?? context.env["CODEXBAR_OPENCODEGO_WORKSPACE_ID"]
+        let cookieSource = context.settings?.opencodego?.cookieSource ?? .auto
+        do {
+            let cookieHeader = try Self.resolveCookieHeader(context: context, allowCached: true)
+            let snapshot = try await OpenCodeGoUsageFetcher.fetchUsage(
+                cookieHeader: cookieHeader,
+                timeout: context.webTimeout,
+                workspaceIDOverride: workspaceOverride,
+                includeZenBalance: context.includeOptionalUsage)
+            return self.makeResult(
+                usage: snapshot.toUsageSnapshot(),
+                sourceLabel: "web")
+        } catch OpenCodeGoUsageError.invalidCredentials where cookieSource != .manual {
+            #if os(macOS)
+            CookieHeaderCache.clear(provider: .opencodego)
+            let cookieHeader = try Self.resolveCookieHeader(context: context, allowCached: false)
+            let snapshot = try await OpenCodeGoUsageFetcher.fetchUsage(
+                cookieHeader: cookieHeader,
+                timeout: context.webTimeout,
+                workspaceIDOverride: workspaceOverride,
+                includeZenBalance: context.includeOptionalUsage)
+            return self.makeResult(
+                usage: snapshot.toUsageSnapshot(),
+                sourceLabel: "web")
+            #else
+            throw OpenCodeGoUsageError.invalidCredentials
+            #endif
+        }
+    }
+
+    func shouldFallback(on error: Error, context: ProviderFetchContext) -> Bool {
+        guard context.sourceMode == .auto else { return false }
+        return switch error {
+        case OpenCodeGoSettingsError.missingCookie,
+             OpenCodeGoSettingsError.invalidCookie,
+             OpenCodeGoUsageError.invalidCredentials:
+            true
+        default:
+            false
+        }
+    }
+
+    static func resolveCookieHeader(context: ProviderFetchContext, allowCached: Bool) throws -> String {
+        try OpenCodeWebCookieSupport.resolveCookieHeader(
+            context: OpenCodeWebCookieSupport.Context(
+                settings: context.settings?.opencodego,
+                provider: .opencodego,
+                browserDetection: context.browserDetection,
+                allowCached: allowCached),
+            invalidCookie: OpenCodeGoSettingsError.invalidCookie,
+            missingCookie: OpenCodeGoSettingsError.missingCookie)
+    }
+}
+
+enum OpenCodeGoSettingsError: LocalizedError {
+    case missingCookie
+    case invalidCookie
+
+    var errorDescription: String? {
+        switch self {
+        case .missingCookie:
+            "No OpenCode Go session cookies found in browsers."
+        case .invalidCookie:
+            "OpenCode Go cookie header is invalid."
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoUsageFetcher.swift b/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoUsageFetcher.swift
new file mode 100644
index 000000000..70e18ec04
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoUsageFetcher.swift
@@ -0,0 +1,909 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public enum OpenCodeGoUsageError: LocalizedError {
+    case invalidCredentials
+    case networkError(String)
+    case apiError(String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .invalidCredentials:
+            "OpenCode Go session cookie is invalid or expired."
+        case let .networkError(message):
+            "OpenCode Go network error: \(message)"
+        case let .apiError(message):
+            "OpenCode Go API error: \(message)"
+        case let .parseFailed(message):
+            "OpenCode Go parse error: \(message)"
+        }
+    }
+}
+
+public struct OpenCodeGoUsageFetcher: Sendable {
+    private static let log = CodexBarLog.logger(LogCategories.opencodeGoUsage)
+    private static let baseURL = URL(string: "https://opencode.ai")!
+    private static let serverURL = URL(string: "https://opencode.ai/_server")!
+    private static let workspacesServerID = "def39973159c7f0483d8793a822b8dbb10d067e12c65455fcb4608459ba0234f"
+
+    private static let userAgent =
+        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) " +
+        "AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
+
+    private final class RedirectGuardDelegate: NSObject, URLSessionTaskDelegate {
+        func urlSession(
+            _ session: URLSession,
+            task: URLSessionTask,
+            willPerformHTTPRedirection response: HTTPURLResponse,
+            newRequest request: URLRequest,
+            completionHandler: @escaping (URLRequest?) -> Void)
+        {
+            guard OpenCodeGoUsageFetcher.allowsRedirect(
+                from: task.originalRequest?.url,
+                to: request.url)
+            else {
+                completionHandler(nil)
+                return
+            }
+            completionHandler(request)
+        }
+    }
+
+    private struct ServerRequest {
+        let serverID: String
+        let args: String?
+        let method: String
+        let referer: URL
+    }
+
+    private static let percentKeys = [
+        "usagePercent",
+        "usedPercent",
+        "percentUsed",
+        "percent",
+        "usage_percent",
+        "used_percent",
+        "utilization",
+        "utilizationPercent",
+        "utilization_percent",
+        "usage",
+    ]
+    private static let resetInKeys = [
+        "resetInSec",
+        "resetInSeconds",
+        "resetSeconds",
+        "reset_sec",
+        "reset_in_sec",
+        "resetsInSec",
+        "resetsInSeconds",
+        "resetIn",
+        "resetSec",
+    ]
+    private static let resetAtKeys = [
+        "resetAt",
+        "resetsAt",
+        "reset_at",
+        "resets_at",
+        "nextReset",
+        "next_reset",
+        "renewAt",
+        "renew_at",
+    ]
+    private static let renewAtKeys = [
+        "renewAt",
+        "renew_at",
+    ]
+    private static let redirectGuardDelegate = RedirectGuardDelegate()
+    private static let redirectGuardSession: URLSession = {
+        let configuration = URLSessionConfiguration.ephemeral
+        configuration.httpCookieStorage = nil
+        return URLSession(
+            configuration: configuration,
+            delegate: OpenCodeGoUsageFetcher.redirectGuardDelegate,
+            delegateQueue: nil)
+    }()
+
+    public static func fetchUsage(
+        cookieHeader: String,
+        timeout: TimeInterval,
+        now: Date = Date(),
+        workspaceIDOverride: String? = nil,
+        includeZenBalance: Bool = true,
+        session: URLSession? = nil) async throws -> OpenCodeGoUsageSnapshot
+    {
+        let session = session ?? self.redirectGuardSession
+        guard let requestCookieHeader = OpenCodeWebCookieSupport.requestCookieHeader(from: cookieHeader) else {
+            throw OpenCodeGoUsageError.invalidCredentials
+        }
+        let workspaceID: String = if let override = self.normalizeWorkspaceID(workspaceIDOverride) {
+            override
+        } else {
+            try await self.fetchWorkspaceID(
+                cookieHeader: requestCookieHeader,
+                timeout: timeout,
+                session: session)
+        }
+        let subscriptionText: String
+        do {
+            subscriptionText = try await self.fetchUsagePage(
+                workspaceID: workspaceID,
+                cookieHeader: requestCookieHeader,
+                timeout: timeout,
+                session: session)
+        } catch {
+            throw error
+        }
+        let snapshot = try self.parseSubscription(text: subscriptionText, now: now)
+        let zenBalanceTask = includeZenBalance ? Task {
+            try await self.fetchOptionalZenBalance(
+                workspaceID: workspaceID,
+                cookieHeader: requestCookieHeader,
+                timeout: min(timeout, self.optionalZenBalanceTimeout),
+                session: session)
+        } : nil
+        guard let zenBalanceTask else {
+            return snapshot
+        }
+        let zenBalance = try await self.completedOptionalZenBalance(from: zenBalanceTask)
+        return snapshot.withZenBalanceUSD(zenBalance)
+    }
+
+    static func fetchOptionalZenBalance(
+        cookieHeader: String,
+        timeout: TimeInterval,
+        workspaceIDOverride: String? = nil,
+        session: URLSession? = nil) async throws -> Double?
+    {
+        let session = session ?? self.redirectGuardSession
+        guard let requestCookieHeader = OpenCodeWebCookieSupport.requestCookieHeader(from: cookieHeader) else {
+            throw OpenCodeGoUsageError.invalidCredentials
+        }
+        let workspaceID: String = if let override = self.normalizeWorkspaceID(workspaceIDOverride) {
+            override
+        } else {
+            try await self.fetchWorkspaceID(
+                cookieHeader: requestCookieHeader,
+                timeout: timeout,
+                session: session)
+        }
+        return try await self.fetchOptionalZenBalance(
+            workspaceID: workspaceID,
+            cookieHeader: requestCookieHeader,
+            timeout: min(timeout, self.optionalZenBalanceTimeout),
+            session: session)
+    }
+
+    static func allowsRedirect(from sourceURL: URL?, to destinationURL: URL?) -> Bool {
+        guard let sourceHost = sourceURL?.host?.lowercased(),
+              let destinationHost = destinationURL?.host?.lowercased(),
+              sourceHost == destinationHost,
+              destinationURL?.scheme?.lowercased() == "https"
+        else { return false }
+        return true
+    }
+
+    public static func dashboardURL(workspaceID raw: String?) -> URL {
+        guard let workspaceID = self.normalizeWorkspaceID(raw),
+              let url = URL(string: "\(self.baseURL.absoluteString)/workspace/\(workspaceID)/go")
+        else {
+            return self.baseURL
+        }
+        return url
+    }
+}
+
+extension OpenCodeGoUsageFetcher {
+    private static func fetchWorkspaceID(
+        cookieHeader: String,
+        timeout: TimeInterval,
+        session: URLSession) async throws -> String
+    {
+        let text = try await self.fetchServerText(
+            request: ServerRequest(
+                serverID: self.workspacesServerID,
+                args: nil,
+                method: "GET",
+                referer: self.baseURL),
+            cookieHeader: cookieHeader,
+            timeout: timeout,
+            session: session)
+        if self.looksSignedOut(text: text) {
+            throw OpenCodeGoUsageError.invalidCredentials
+        }
+        var ids = self.parseWorkspaceIDs(text: text)
+        if ids.isEmpty {
+            ids = self.parseWorkspaceIDsFromJSON(text: text)
+        }
+        if ids.isEmpty {
+            Self.log.error("OpenCode Go workspace ids missing after GET; retrying with POST.")
+            let fallback = try await self.fetchServerText(
+                request: ServerRequest(
+                    serverID: self.workspacesServerID,
+                    args: "[]",
+                    method: "POST",
+                    referer: self.baseURL),
+                cookieHeader: cookieHeader,
+                timeout: timeout,
+                session: session)
+            if self.looksSignedOut(text: fallback) {
+                throw OpenCodeGoUsageError.invalidCredentials
+            }
+            ids = self.parseWorkspaceIDs(text: fallback)
+            if ids.isEmpty {
+                ids = self.parseWorkspaceIDsFromJSON(text: fallback)
+            }
+            if ids.isEmpty {
+                throw OpenCodeGoUsageError.parseFailed("Missing workspace id.")
+            }
+            return ids[0]
+        }
+        return ids[0]
+    }
+
+    static func normalizeWorkspaceID(_ raw: String?) -> String? {
+        guard let raw else { return nil }
+        let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
+        if trimmed.hasPrefix("wrk_"), trimmed.count > 4 {
+            return trimmed
+        }
+        if let url = URL(string: trimmed) {
+            let parts = url.pathComponents
+            if let index = parts.firstIndex(of: "workspace"),
+               parts.count > index + 1
+            {
+                let candidate = parts[index + 1]
+                if candidate.hasPrefix("wrk_"), candidate.count > 4 {
+                    return candidate
+                }
+            }
+        }
+        if let match = trimmed.range(of: #"wrk_[A-Za-z0-9]+"#, options: .regularExpression) {
+            return String(trimmed[match])
+        }
+        return nil
+    }
+
+    static func parseWorkspaceIDs(text: String) -> [String] {
+        let pattern = #"id\s*:\s*\"(wrk_[^\"]+)\""#
+        guard let regex = try? NSRegularExpression(pattern: pattern, options: []) else { return [] }
+        let nsrange = NSRange(text.startIndex..<text.endIndex, in: text)
+        return regex.matches(in: text, options: [], range: nsrange).compactMap { match in
+            guard let range = Range(match.range(at: 1), in: text) else { return nil }
+            return String(text[range])
+        }
+    }
+
+    private static func parseWorkspaceIDsFromJSON(text: String) -> [String] {
+        guard let data = text.data(using: .utf8),
+              let object = try? JSONSerialization.jsonObject(with: data, options: [])
+        else {
+            return []
+        }
+        var results: [String] = []
+        self.collectWorkspaceIDs(object: object, out: &results)
+        return results
+    }
+
+    private static func collectWorkspaceIDs(object: Any, out: inout [String]) {
+        if let dict = object as? [String: Any] {
+            for (_, value) in dict {
+                self.collectWorkspaceIDs(object: value, out: &out)
+            }
+            return
+        }
+        if let array = object as? [Any] {
+            for value in array {
+                self.collectWorkspaceIDs(object: value, out: &out)
+            }
+            return
+        }
+        if let string = object as? String,
+           string.hasPrefix("wrk_"),
+           !out.contains(string)
+        {
+            out.append(string)
+        }
+    }
+
+    private static func fetchUsagePage(
+        workspaceID: String,
+        cookieHeader: String,
+        timeout: TimeInterval,
+        session: URLSession) async throws -> String
+    {
+        let url = URL(string: "https://opencode.ai/workspace/\(workspaceID)/go") ?? self.baseURL
+        let text = try await self.fetchPageText(
+            url: url,
+            cookieHeader: cookieHeader,
+            timeout: timeout,
+            session: session)
+        if self.looksSignedOut(text: text) {
+            throw OpenCodeGoUsageError.invalidCredentials
+        }
+        guard self.parseSubscriptionJSON(text: text, now: Date()) != nil ||
+            self.extractDouble(
+                pattern: #"rollingUsage[^}]*?usagePercent\s*:\s*([0-9]+(?:\.[0-9]+)?)"#,
+                text: text) != nil
+        else {
+            Self.log.error("OpenCode Go usage page payload missing usage fields.")
+            throw OpenCodeGoUsageError.parseFailed("Missing usage fields.")
+        }
+        return text
+    }
+
+    static func parseSubscription(text: String, now: Date) throws -> OpenCodeGoUsageSnapshot {
+        if let snapshot = self.parseSubscriptionJSON(text: text, now: now) {
+            return snapshot
+        }
+
+        guard let rollingPercent = self.extractDouble(
+            pattern: #"rollingUsage[^}]*?usagePercent\s*:\s*([0-9]+(?:\.[0-9]+)?)"#,
+            text: text),
+            let rollingReset = self.extractInt(
+                pattern: #"rollingUsage[^}]*?resetInSec\s*:\s*([0-9]+)"#,
+                text: text),
+            let weeklyPercent = self.extractDouble(
+                pattern: #"weeklyUsage[^}]*?usagePercent\s*:\s*([0-9]+(?:\.[0-9]+)?)"#,
+                text: text),
+            let weeklyReset = self.extractInt(
+                pattern: #"weeklyUsage[^}]*?resetInSec\s*:\s*([0-9]+)"#,
+                text: text)
+        else {
+            throw OpenCodeGoUsageError.parseFailed("Missing usage fields.")
+        }
+
+        let monthlyPercent = self.extractDouble(
+            pattern: #"monthlyUsage[^}]*?usagePercent\s*:\s*([0-9]+(?:\.[0-9]+)?)"#,
+            text: text)
+        let monthlyReset = self.extractInt(
+            pattern: #"monthlyUsage[^}]*?resetInSec\s*:\s*([0-9]+)"#,
+            text: text)
+
+        return OpenCodeGoUsageSnapshot(
+            hasMonthlyUsage: monthlyPercent != nil || monthlyReset != nil,
+            rollingUsagePercent: rollingPercent,
+            weeklyUsagePercent: weeklyPercent,
+            monthlyUsagePercent: monthlyPercent ?? 0,
+            rollingResetInSec: rollingReset,
+            weeklyResetInSec: weeklyReset,
+            monthlyResetInSec: monthlyReset ?? 0,
+            updatedAt: now)
+    }
+
+    private static func parseSubscriptionJSON(text: String, now: Date) -> OpenCodeGoUsageSnapshot? {
+        guard let data = text.data(using: .utf8),
+              let object = try? JSONSerialization.jsonObject(with: data, options: []),
+              let dict = object as? [String: Any]
+        else {
+            return nil
+        }
+
+        let renewsAt = self.dateValue(from: self.value(from: dict, keys: self.renewAtKeys))
+        if let snapshot = self.parseUsageDictionary(dict, now: now, inheritedRenewsAt: renewsAt) {
+            return snapshot
+        }
+        for key in ["data", "result", "usage", "billing", "payload"] {
+            if let nested = dict[key] as? [String: Any],
+               let snapshot = self.parseUsageDictionary(nested, now: now, inheritedRenewsAt: renewsAt)
+            {
+                return snapshot
+            }
+        }
+        if let snapshot = self.parseUsageNested(dict, now: now, depth: 0, inheritedRenewsAt: renewsAt) {
+            return snapshot
+        }
+        return self.parseUsageFromCandidates(object: object, now: now, inheritedRenewsAt: renewsAt)
+    }
+
+    private static func parseUsageDictionary(
+        _ dict: [String: Any],
+        now: Date,
+        inheritedRenewsAt: Date?) -> OpenCodeGoUsageSnapshot?
+    {
+        let renewsAt = self.dateValue(from: self.value(from: dict, keys: self.renewAtKeys)) ?? inheritedRenewsAt
+        if let usage = dict["usage"] as? [String: Any],
+           let snapshot = self.parseUsageDictionary(usage, now: now, inheritedRenewsAt: renewsAt)
+        {
+            return snapshot
+        }
+
+        let rollingKeys = ["rollingUsage", "rolling", "rolling_usage", "rollingWindow", "rolling_window"]
+        let weeklyKeys = ["weeklyUsage", "weekly", "weekly_usage", "weeklyWindow", "weekly_window"]
+        let monthlyKeys = ["monthlyUsage", "monthly", "monthly_usage", "monthlyWindow", "monthly_window"]
+
+        let rolling = self.firstDict(from: dict, keys: rollingKeys)
+        let weekly = self.firstDict(from: dict, keys: weeklyKeys)
+        let monthly = self.firstDict(from: dict, keys: monthlyKeys)
+
+        guard let rolling, let weekly else { return nil }
+
+        return self.buildSnapshot(rolling: rolling, weekly: weekly, monthly: monthly, now: now, renewsAt: renewsAt)
+    }
+
+    private static func parseUsageNested(
+        _ dict: [String: Any],
+        now: Date,
+        depth: Int,
+        inheritedRenewsAt: Date?) -> OpenCodeGoUsageSnapshot?
+    {
+        if depth > 3 { return nil }
+        let renewsAt = self.dateValue(from: self.value(from: dict, keys: self.renewAtKeys)) ?? inheritedRenewsAt
+        var rolling: [String: Any]?
+        var weekly: [String: Any]?
+        var monthly: [String: Any]?
+
+        for (key, value) in dict {
+            guard let sub = value as? [String: Any] else { continue }
+            let lower = key.lowercased()
+            if lower.contains("rolling") || lower.contains("hour") || lower.contains("5h") || lower.contains("5-hour") {
+                rolling = sub
+            } else if lower.contains("weekly") || lower.contains("week") {
+                weekly = sub
+            } else if lower.contains("monthly") || lower.contains("month") {
+                monthly = sub
+            }
+        }
+
+        if let rolling, let weekly {
+            let snapshot = self.buildSnapshot(
+                rolling: rolling,
+                weekly: weekly,
+                monthly: monthly,
+                now: now,
+                renewsAt: renewsAt)
+            if let snapshot { return snapshot }
+        }
+
+        for value in dict.values {
+            if let sub = value as? [String: Any],
+               let snapshot = self.parseUsageNested(
+                   sub,
+                   now: now,
+                   depth: depth + 1,
+                   inheritedRenewsAt: renewsAt)
+            {
+                return snapshot
+            }
+        }
+
+        return nil
+    }
+
+    private static func parseUsageFromCandidates(
+        object: Any,
+        now: Date,
+        inheritedRenewsAt: Date? = nil) -> OpenCodeGoUsageSnapshot?
+    {
+        let candidates = self.collectWindowCandidates(object: object, now: now)
+        guard !candidates.isEmpty else { return nil }
+
+        let rollingCandidates = candidates.filter { candidate in
+            candidate.pathLower.contains("rolling") ||
+                candidate.pathLower.contains("hour") ||
+                candidate.pathLower.contains("5h") ||
+                candidate.pathLower.contains("5-hour")
+        }
+        let weeklyCandidates = candidates.filter { candidate in
+            candidate.pathLower.contains("weekly") ||
+                candidate.pathLower.contains("week")
+        }
+        let monthlyCandidates = candidates.filter { candidate in
+            candidate.pathLower.contains("monthly") ||
+                candidate.pathLower.contains("month")
+        }
+
+        let rolling = self.pickCandidate(
+            preferred: rollingCandidates,
+            fallback: candidates,
+            pickShorter: true)
+        let weekly = self.pickCandidate(
+            from: weeklyCandidates.filter { candidate in
+                candidate.id != rolling?.id
+            },
+            pickShorter: false)
+        let monthly = self.pickCandidate(
+            from: monthlyCandidates.filter { candidate in
+                candidate.id != rolling?.id && candidate.id != weekly?.id
+            },
+            pickShorter: false)
+
+        guard let rolling, let weekly else { return nil }
+
+        let renewsAt = self.dateValue(from: self.value(from: object as? [String: Any] ?? [:], keys: self.renewAtKeys))
+            ?? inheritedRenewsAt
+        return OpenCodeGoUsageSnapshot(
+            hasMonthlyUsage: monthly != nil,
+            rollingUsagePercent: rolling.percent,
+            weeklyUsagePercent: weekly.percent,
+            monthlyUsagePercent: monthly?.percent ?? 0,
+            rollingResetInSec: rolling.resetInSec,
+            weeklyResetInSec: weekly.resetInSec,
+            monthlyResetInSec: monthly?.resetInSec ?? 0,
+            renewsAt: renewsAt,
+            updatedAt: now)
+    }
+
+    private struct WindowCandidate {
+        let id: UUID
+        let percent: Double
+        let resetInSec: Int
+        let pathLower: String
+    }
+
+    private static func collectWindowCandidates(object: Any, now: Date) -> [WindowCandidate] {
+        var candidates: [WindowCandidate] = []
+        self.collectWindowCandidates(object: object, now: now, path: [], out: &candidates)
+        return candidates
+    }
+
+    private static func collectWindowCandidates(
+        object: Any,
+        now: Date,
+        path: [String],
+        out: inout [WindowCandidate])
+    {
+        if let dict = object as? [String: Any] {
+            if let window = self.parseWindow(dict, now: now) {
+                let pathLower = path.joined(separator: ".").lowercased()
+                out.append(WindowCandidate(
+                    id: UUID(),
+                    percent: window.percent,
+                    resetInSec: window.resetInSec,
+                    pathLower: pathLower))
+            }
+            for (key, value) in dict {
+                self.collectWindowCandidates(object: value, now: now, path: path + [key], out: &out)
+            }
+            return
+        }
+
+        if let array = object as? [Any] {
+            for (index, value) in array.enumerated() {
+                self.collectWindowCandidates(
+                    object: value,
+                    now: now,
+                    path: path + ["[\(index)]"],
+                    out: &out)
+            }
+        }
+    }
+
+    private static func pickCandidate(
+        preferred: [WindowCandidate],
+        fallback: [WindowCandidate],
+        pickShorter: Bool,
+        excluding excluded: UUID? = nil) -> WindowCandidate?
+    {
+        let filteredPreferred = preferred.filter { $0.id != excluded }
+        if let picked = self.pickCandidate(from: filteredPreferred, pickShorter: pickShorter) {
+            return picked
+        }
+        let filteredFallback = fallback.filter { $0.id != excluded }
+        return self.pickCandidate(from: filteredFallback, pickShorter: pickShorter)
+    }
+
+    private static func pickCandidate(from candidates: [WindowCandidate], pickShorter: Bool) -> WindowCandidate? {
+        guard !candidates.isEmpty else { return nil }
+        let comparator: (WindowCandidate, WindowCandidate) -> Bool = { lhs, rhs in
+            if pickShorter {
+                if lhs.resetInSec == rhs.resetInSec { return lhs.percent > rhs.percent }
+                return lhs.resetInSec < rhs.resetInSec
+            }
+            if lhs.resetInSec == rhs.resetInSec { return lhs.percent > rhs.percent }
+            return lhs.resetInSec > rhs.resetInSec
+        }
+        return candidates.min(by: comparator)
+    }
+
+    private static func firstDict(from dict: [String: Any], keys: [String]) -> [String: Any]? {
+        for key in keys {
+            if let value = dict[key] as? [String: Any] {
+                return value
+            }
+        }
+        return nil
+    }
+
+    private static func buildSnapshot(
+        rolling: [String: Any],
+        weekly: [String: Any],
+        monthly: [String: Any]?,
+        now: Date,
+        renewsAt: Date? = nil) -> OpenCodeGoUsageSnapshot?
+    {
+        guard let rollingWindow = self.parseWindow(rolling, now: now),
+              let weeklyWindow = self.parseWindow(weekly, now: now)
+        else {
+            return nil
+        }
+
+        let monthlyWindow = monthly.flatMap { self.parseWindow($0, now: now) }
+
+        return OpenCodeGoUsageSnapshot(
+            hasMonthlyUsage: monthlyWindow != nil,
+            rollingUsagePercent: rollingWindow.percent,
+            weeklyUsagePercent: weeklyWindow.percent,
+            monthlyUsagePercent: monthlyWindow?.percent ?? 0,
+            rollingResetInSec: rollingWindow.resetInSec,
+            weeklyResetInSec: weeklyWindow.resetInSec,
+            monthlyResetInSec: monthlyWindow?.resetInSec ?? 0,
+            renewsAt: renewsAt,
+            updatedAt: now)
+    }
+
+    private static func parseWindow(_ dict: [String: Any], now: Date) -> (percent: Double, resetInSec: Int)? {
+        var percent: Double?
+
+        for key in self.percentKeys {
+            if let value = self.doubleValue(from: dict[key]) {
+                percent = value
+                break
+            }
+        }
+
+        if percent == nil {
+            let usedKeys = ["used", "usage", "consumed", "count", "usedTokens"]
+            let limitKeys = ["limit", "total", "quota", "max", "cap", "tokenLimit"]
+            var used: Double?
+            for key in usedKeys {
+                if let value = self.doubleValue(from: dict[key]) {
+                    used = value
+                    break
+                }
+            }
+            var limit: Double?
+            for key in limitKeys {
+                if let value = self.doubleValue(from: dict[key]) {
+                    limit = value
+                    break
+                }
+            }
+            if let used, let limit, limit > 0 {
+                percent = (used / limit) * 100
+            }
+        }
+
+        guard var resolvedPercent = percent else { return nil }
+        if resolvedPercent <= 1.0, resolvedPercent >= 0 {
+            resolvedPercent *= 100
+        }
+        resolvedPercent = max(0, min(100, resolvedPercent))
+
+        var resetInSec: Int?
+        for key in self.resetInKeys {
+            if let value = self.intValue(from: dict[key]) {
+                resetInSec = value
+                break
+            }
+        }
+
+        if resetInSec == nil {
+            for key in self.resetAtKeys {
+                if let resetAt = self.dateValue(from: dict[key]) {
+                    resetInSec = max(0, Int(resetAt.timeIntervalSince(now)))
+                    break
+                }
+            }
+        }
+
+        let resolvedReset = max(0, resetInSec ?? 0)
+        return (resolvedPercent, resolvedReset)
+    }
+
+    private static func fetchServerText(
+        request serverRequest: ServerRequest,
+        cookieHeader: String,
+        timeout: TimeInterval,
+        session: URLSession) async throws -> String
+    {
+        let url = self.serverRequestURL(
+            serverID: serverRequest.serverID,
+            args: serverRequest.args,
+            method: serverRequest.method)
+        var urlRequest = URLRequest(url: url)
+        urlRequest.httpMethod = serverRequest.method
+        urlRequest.timeoutInterval = timeout
+        urlRequest.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
+        urlRequest.setValue(serverRequest.serverID, forHTTPHeaderField: "X-Server-Id")
+        urlRequest.setValue("server-fn:\(UUID().uuidString)", forHTTPHeaderField: "X-Server-Instance")
+        urlRequest.setValue(self.userAgent, forHTTPHeaderField: "User-Agent")
+        urlRequest.setValue(self.baseURL.absoluteString, forHTTPHeaderField: "Origin")
+        urlRequest.setValue(serverRequest.referer.absoluteString, forHTTPHeaderField: "Referer")
+        urlRequest.setValue("text/javascript, application/json;q=0.9, */*;q=0.8", forHTTPHeaderField: "Accept")
+        if serverRequest.method.uppercased() != "GET",
+           let args = serverRequest.args
+        {
+            urlRequest.httpBody = args.data(using: .utf8)
+            urlRequest.setValue("application/json", forHTTPHeaderField: "Content-Type")
+        }
+
+        let httpResponse = try await session.response(for: urlRequest)
+
+        guard httpResponse.statusCode == 200 else {
+            let bodyText = String(data: httpResponse.data, encoding: .utf8) ?? ""
+            let contentType = httpResponse.response.value(forHTTPHeaderField: "Content-Type") ?? "unknown"
+            let dataLength = httpResponse.data.count
+            Self.log.error(
+                "OpenCode Go returned \(httpResponse.statusCode) (type=\(contentType) length=\(dataLength))")
+            if self.looksSignedOut(text: bodyText) {
+                throw OpenCodeGoUsageError.invalidCredentials
+            }
+            if httpResponse.statusCode == 401 || httpResponse.statusCode == 403 {
+                throw OpenCodeGoUsageError.invalidCredentials
+            }
+            if let message = self.extractServerErrorMessage(from: bodyText) {
+                throw OpenCodeGoUsageError.apiError("HTTP \(httpResponse.statusCode): \(message)")
+            }
+            throw OpenCodeGoUsageError.apiError("HTTP \(httpResponse.statusCode)")
+        }
+
+        guard let text = String(data: httpResponse.data, encoding: .utf8) else {
+            throw OpenCodeGoUsageError.parseFailed("Response was not UTF-8.")
+        }
+        return text
+    }
+
+    static func fetchPageText(
+        url: URL,
+        cookieHeader: String,
+        timeout: TimeInterval,
+        session: URLSession) async throws -> String
+    {
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.timeoutInterval = timeout
+        request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
+        request.setValue(self.userAgent, forHTTPHeaderField: "User-Agent")
+        request.setValue(
+            "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
+            forHTTPHeaderField: "Accept")
+
+        let httpResponse = try await session.response(for: request)
+        guard httpResponse.statusCode == 200 else {
+            let bodyText = String(data: httpResponse.data, encoding: .utf8) ?? ""
+            if self.looksSignedOut(text: bodyText) {
+                throw OpenCodeGoUsageError.invalidCredentials
+            }
+            if httpResponse.statusCode == 401 || httpResponse.statusCode == 403 {
+                throw OpenCodeGoUsageError.invalidCredentials
+            }
+            if let message = self.extractServerErrorMessage(from: bodyText) {
+                throw OpenCodeGoUsageError.apiError("HTTP \(httpResponse.statusCode): \(message)")
+            }
+            throw OpenCodeGoUsageError.apiError("HTTP \(httpResponse.statusCode)")
+        }
+        guard let text = String(data: httpResponse.data, encoding: .utf8) else {
+            throw OpenCodeGoUsageError.parseFailed("Response was not UTF-8.")
+        }
+        return text
+    }
+
+    private static func serverRequestURL(serverID: String, args: String?, method: String) -> URL {
+        guard method.uppercased() == "GET" else {
+            return self.serverURL
+        }
+
+        var components = URLComponents(url: self.serverURL, resolvingAgainstBaseURL: false)
+        var queryItems = [URLQueryItem(name: "id", value: serverID)]
+        if let args, !args.isEmpty {
+            queryItems.append(URLQueryItem(name: "args", value: args))
+        }
+        components?.queryItems = queryItems
+        return components?.url ?? self.serverURL
+    }
+
+    static func looksSignedOut(text: String) -> Bool {
+        let lower = text.lowercased()
+        return lower.contains("login") ||
+            lower.contains("sign in") ||
+            lower.contains("auth/authorize") ||
+            lower.contains("not associated with an account") ||
+            lower.contains("actor of type \"public\"")
+    }
+
+    private static func extractServerErrorMessage(from text: String) -> String? {
+        guard let data = text.data(using: .utf8),
+              let object = try? JSONSerialization.jsonObject(with: data, options: [])
+        else {
+            if let match = text.range(of: #"(?i)<title>([^<]+)</title>"#, options: .regularExpression) {
+                return String(text[match].dropFirst(7).dropLast(8)).trimmingCharacters(in: .whitespacesAndNewlines)
+            }
+            return nil
+        }
+
+        guard let dict = object as? [String: Any] else { return nil }
+        if let message = dict["message"] as? String, !message.isEmpty {
+            return message
+        }
+        if let error = dict["error"] as? String, !error.isEmpty {
+            return error
+        }
+        if let detail = dict["detail"] as? String, !detail.isEmpty {
+            return detail
+        }
+        return nil
+    }
+
+    private static func extractDouble(pattern: String, text: String) -> Double? {
+        guard let regex = try? NSRegularExpression(pattern: pattern, options: []) else { return nil }
+        let nsrange = NSRange(text.startIndex..<text.endIndex, in: text)
+        guard let match = regex.firstMatch(in: text, options: [], range: nsrange),
+              let range = Range(match.range(at: 1), in: text)
+        else {
+            return nil
+        }
+        return Double(text[range])
+    }
+
+    private static func extractInt(pattern: String, text: String) -> Int? {
+        guard let regex = try? NSRegularExpression(pattern: pattern, options: []) else { return nil }
+        let nsrange = NSRange(text.startIndex..<text.endIndex, in: text)
+        guard let match = regex.firstMatch(in: text, options: [], range: nsrange),
+              let range = Range(match.range(at: 1), in: text)
+        else {
+            return nil
+        }
+        return Int(text[range])
+    }
+
+    private static func doubleValue(from value: Any?) -> Double? {
+        switch value {
+        case let number as Double:
+            number
+        case let number as NSNumber:
+            number.doubleValue
+        case let string as String:
+            Double(string.trimmingCharacters(in: .whitespacesAndNewlines))
+        default:
+            nil
+        }
+    }
+
+    private static func intValue(from value: Any?) -> Int? {
+        switch value {
+        case let number as Int:
+            number
+        case let number as NSNumber:
+            number.intValue
+        case let string as String:
+            Int(string.trimmingCharacters(in: .whitespacesAndNewlines))
+        default:
+            nil
+        }
+    }
+
+    private static func value(from dict: [String: Any], keys: [String]) -> Any? {
+        for key in keys {
+            if let value = dict[key] {
+                return value
+            }
+        }
+        return nil
+    }
+
+    private static func dateValue(from value: Any?) -> Date? {
+        guard let value else { return nil }
+        if let number = self.doubleValue(from: value) {
+            if number > 1_000_000_000_000 {
+                return Date(timeIntervalSince1970: number / 1000)
+            }
+            if number > 1_000_000_000 {
+                return Date(timeIntervalSince1970: number)
+            }
+        }
+        if let string = value as? String {
+            if let number = Double(string.trimmingCharacters(in: .whitespacesAndNewlines)) {
+                return self.dateValue(from: number)
+            }
+            let formatter = ISO8601DateFormatter()
+            formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+            if let parsed = formatter.date(from: string) {
+                return parsed
+            }
+        }
+        return nil
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoUsageSnapshot.swift b/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoUsageSnapshot.swift
new file mode 100644
index 000000000..5f4156ca8
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoUsageSnapshot.swift
@@ -0,0 +1,105 @@
+import Foundation
+
+public struct OpenCodeGoUsageSnapshot: Sendable {
+    public let hasMonthlyUsage: Bool
+    public let rollingUsagePercent: Double
+    public let weeklyUsagePercent: Double
+    public let monthlyUsagePercent: Double
+    public let rollingResetInSec: Int
+    public let weeklyResetInSec: Int
+    public let monthlyResetInSec: Int
+    public let zenBalanceUSD: Double?
+    public let renewsAt: Date?
+    public let updatedAt: Date
+
+    public init(
+        hasMonthlyUsage: Bool,
+        rollingUsagePercent: Double,
+        weeklyUsagePercent: Double,
+        monthlyUsagePercent: Double,
+        rollingResetInSec: Int,
+        weeklyResetInSec: Int,
+        monthlyResetInSec: Int,
+        zenBalanceUSD: Double? = nil,
+        renewsAt: Date? = nil,
+        updatedAt: Date)
+    {
+        self.hasMonthlyUsage = hasMonthlyUsage
+        self.rollingUsagePercent = rollingUsagePercent
+        self.weeklyUsagePercent = weeklyUsagePercent
+        self.monthlyUsagePercent = monthlyUsagePercent
+        self.rollingResetInSec = rollingResetInSec
+        self.weeklyResetInSec = weeklyResetInSec
+        self.monthlyResetInSec = monthlyResetInSec
+        self.zenBalanceUSD = zenBalanceUSD
+        self.renewsAt = renewsAt
+        self.updatedAt = updatedAt
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let rollingReset = self.updatedAt.addingTimeInterval(TimeInterval(self.rollingResetInSec))
+        let weeklyReset = self.updatedAt.addingTimeInterval(TimeInterval(self.weeklyResetInSec))
+
+        let primary = RateWindow(
+            usedPercent: self.rollingUsagePercent,
+            windowMinutes: 5 * 60,
+            resetsAt: rollingReset,
+            resetDescription: nil)
+        let secondary = RateWindow(
+            usedPercent: self.weeklyUsagePercent,
+            windowMinutes: 7 * 24 * 60,
+            resetsAt: weeklyReset,
+            resetDescription: nil)
+        let tertiary: RateWindow?
+        if self.hasMonthlyUsage {
+            let monthlyReset = self.updatedAt.addingTimeInterval(TimeInterval(self.monthlyResetInSec))
+            tertiary = RateWindow(
+                usedPercent: self.monthlyUsagePercent,
+                windowMinutes: 30 * 24 * 60,
+                resetsAt: monthlyReset,
+                resetDescription: nil)
+        } else {
+            tertiary = nil
+        }
+
+        var extraWindows: [NamedRateWindow]?
+        if let renewsAt = self.renewsAt {
+            let renewalWindow = RateWindow(
+                usedPercent: 0,
+                windowMinutes: nil,
+                resetsAt: renewsAt,
+                resetDescription: nil)
+            extraWindows = [NamedRateWindow(id: "renewal", title: "Renews", window: renewalWindow)]
+        }
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: secondary,
+            tertiary: tertiary,
+            extraRateWindows: extraWindows,
+            providerCost: self.zenBalanceUSD.map {
+                ProviderCostSnapshot(
+                    used: $0,
+                    limit: 0,
+                    currencyCode: "USD",
+                    period: "Zen balance",
+                    updatedAt: self.updatedAt)
+            },
+            updatedAt: self.updatedAt,
+            identity: nil)
+    }
+
+    public func withZenBalanceUSD(_ balance: Double?) -> OpenCodeGoUsageSnapshot {
+        OpenCodeGoUsageSnapshot(
+            hasMonthlyUsage: self.hasMonthlyUsage,
+            rollingUsagePercent: self.rollingUsagePercent,
+            weeklyUsagePercent: self.weeklyUsagePercent,
+            monthlyUsagePercent: self.monthlyUsagePercent,
+            rollingResetInSec: self.rollingResetInSec,
+            weeklyResetInSec: self.weeklyResetInSec,
+            monthlyResetInSec: self.monthlyResetInSec,
+            zenBalanceUSD: balance,
+            renewsAt: self.renewsAt,
+            updatedAt: self.updatedAt)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoZenBalanceFetcher.swift b/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoZenBalanceFetcher.swift
new file mode 100644
index 000000000..70b013611
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoZenBalanceFetcher.swift
@@ -0,0 +1,86 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+extension OpenCodeGoUsageFetcher {
+    static let optionalZenBalanceTimeout: TimeInterval = 5
+    static let optionalZenBalanceJoinGrace: Duration = .milliseconds(250)
+
+    public static func zenDashboardURL(workspaceID raw: String?) -> URL {
+        guard let workspaceID = self.normalizeWorkspaceID(raw),
+              let url = URL(string: "https://opencode.ai/workspace/\(workspaceID)")
+        else {
+            return URL(string: "https://opencode.ai")!
+        }
+        return url
+    }
+
+    static func fetchOptionalZenBalance(
+        workspaceID: String,
+        cookieHeader: String,
+        timeout: TimeInterval,
+        session: URLSession) async throws -> Double?
+    {
+        do {
+            let balance = try await self.fetchZenBalance(
+                workspaceID: workspaceID,
+                cookieHeader: cookieHeader,
+                timeout: timeout,
+                session: session)
+            try Task.checkCancellation()
+            return balance
+        } catch is CancellationError {
+            throw CancellationError()
+        } catch {
+            if Task.isCancelled {
+                throw CancellationError()
+            }
+            return nil
+        }
+    }
+
+    static func completedOptionalZenBalance(from task: Task<Double?, Error>) async throws -> Double? {
+        try await withThrowingTaskGroup(of: Double?.self) { group in
+            group.addTask {
+                try await task.value
+            }
+            group.addTask {
+                try await Task.sleep(for: self.optionalZenBalanceJoinGrace)
+                return nil
+            }
+
+            let result = try await group.next()
+            group.cancelAll()
+            guard let value = result else {
+                task.cancel()
+                return nil
+            }
+            if value == nil {
+                task.cancel()
+            }
+            return value
+        }
+    }
+
+    static func parseZenBalance(text: String) -> Double? {
+        OpenCodeGoZenBalanceParser.parse(text: text)
+    }
+
+    private static func fetchZenBalance(
+        workspaceID: String,
+        cookieHeader: String,
+        timeout: TimeInterval,
+        session: URLSession) async throws -> Double?
+    {
+        let text = try await self.fetchPageText(
+            url: self.zenDashboardURL(workspaceID: workspaceID),
+            cookieHeader: cookieHeader,
+            timeout: timeout,
+            session: session)
+        if self.looksSignedOut(text: text) {
+            throw OpenCodeGoUsageError.invalidCredentials
+        }
+        return self.parseZenBalance(text: text)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoZenBalanceParser.swift b/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoZenBalanceParser.swift
new file mode 100644
index 000000000..78b70b0d0
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/OpenCodeGo/OpenCodeGoZenBalanceParser.swift
@@ -0,0 +1,95 @@
+import Foundation
+
+enum OpenCodeGoZenBalanceParser {
+    static func parse(text: String) -> Double? {
+        if let value = self.parseJSON(text: text) {
+            return value
+        }
+        let localizedPattern = [
+            #"(?i)(?:current\s+balance|zen\s+balance|現在の残高)"#,
+            #"[^$]{0,80}\$\s*([0-9][0-9,]*(?:\.[0-9]+)?)"#,
+        ].joined()
+        if let value = self.extractDollarValue(pattern: localizedPattern, text: text) {
+            return value
+        }
+        let nearbyPattern = #"(?i)(?:balance|残高)[\s\S]{0,120}?\$\s*([0-9][0-9,]*(?:\.[0-9]+)?)"#
+        return self.extractDollarValue(pattern: nearbyPattern, text: text)
+    }
+
+    private static func parseJSON(text: String) -> Double? {
+        guard let data = text.data(using: .utf8),
+              let object = try? JSONSerialization.jsonObject(with: data, options: [])
+        else {
+            return nil
+        }
+        return self.findBalanceValue(in: object, path: [])
+    }
+
+    private static func findBalanceValue(in object: Any, path: [String]) -> Double? {
+        if let dict = object as? [String: Any] {
+            for (key, value) in dict {
+                let nextPath = path + [key]
+                if self.isExplicitBalanceAmountKey(key),
+                   let number = self.doubleValue(from: value)
+                {
+                    return number
+                }
+                if let found = self.findBalanceValue(in: value, path: nextPath) {
+                    return found
+                }
+            }
+            return nil
+        }
+        if let array = object as? [Any] {
+            for (index, value) in array.enumerated() {
+                if let found = self.findBalanceValue(in: value, path: path + ["[\(index)]"]) {
+                    return found
+                }
+            }
+        }
+        return nil
+    }
+
+    private static func isExplicitBalanceAmountKey(_ key: String) -> Bool {
+        let normalized = key
+            .lowercased()
+            .filter { $0.isLetter || $0.isNumber }
+        return [
+            "zenbalance",
+            "zencurrentbalance",
+            "currentbalance",
+            "currentbalanceusd",
+            "balanceusd",
+            "usdbalance",
+        ].contains(normalized)
+    }
+
+    private static func extractDollarValue(pattern: String, text: String) -> Double? {
+        guard let regex = try? NSRegularExpression(pattern: pattern, options: []) else { return nil }
+        let nsrange = NSRange(text.startIndex..<text.endIndex, in: text)
+        guard let match = regex.firstMatch(in: text, options: [], range: nsrange),
+              let range = Range(match.range(at: 1), in: text)
+        else {
+            return nil
+        }
+        return Double(text[range].replacingOccurrences(of: ",", with: ""))
+    }
+
+    private static func doubleValue(from value: Any?) -> Double? {
+        switch value {
+        case is Bool:
+            nil
+        case let number as Double:
+            number
+        case let number as NSNumber:
+            number.doubleValue
+        case let string as String:
+            Double(
+                string
+                    .trimmingCharacters(in: .whitespacesAndNewlines)
+                    .replacingOccurrences(of: ",", with: ""))
+        default:
+            nil
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/OpenRouter/OpenRouterSettingsReader.swift b/Sources/CodexBarCore/Providers/OpenRouter/OpenRouterSettingsReader.swift
index e5e3f4d78..1072ebe08 100644
--- a/Sources/CodexBarCore/Providers/OpenRouter/OpenRouterSettingsReader.swift
+++ b/Sources/CodexBarCore/Providers/OpenRouter/OpenRouterSettingsReader.swift
@@ -28,8 +28,7 @@ public enum OpenRouterSettingsReader {
         if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
             (value.hasPrefix("'") && value.hasSuffix("'"))
         {
-            value.removeFirst()
-            value.removeLast()
+            value = String(value.dropFirst().dropLast())
         }
 
         value = value.trimmingCharacters(in: .whitespacesAndNewlines)
diff --git a/Sources/CodexBarCore/Providers/OpenRouter/OpenRouterUsageStats.swift b/Sources/CodexBarCore/Providers/OpenRouter/OpenRouterUsageStats.swift
index fbcc3e44c..b37544dcc 100644
--- a/Sources/CodexBarCore/Providers/OpenRouter/OpenRouterUsageStats.swift
+++ b/Sources/CodexBarCore/Providers/OpenRouter/OpenRouterUsageStats.swift
@@ -45,11 +45,20 @@ public struct OpenRouterKeyData: Decodable, Sendable {
     public let limit: Double?
     /// Current usage
     public let usage: Double?
+    /// API key usage for the current UTC day.
+    public let usageDaily: Double?
+    /// API key usage for the current UTC week.
+    public let usageWeekly: Double?
+    /// API key usage for the current UTC month.
+    public let usageMonthly: Double?
 
     private enum CodingKeys: String, CodingKey {
         case rateLimit = "rate_limit"
         case limit
         case usage
+        case usageDaily = "usage_daily"
+        case usageWeekly = "usage_weekly"
+        case usageMonthly = "usage_monthly"
     }
 }
 
@@ -59,6 +68,11 @@ public struct OpenRouterRateLimit: Codable, Sendable {
     public let requests: Int
     /// Interval for the rate limit (e.g., "10s", "1m")
     public let interval: String
+
+    public init(requests: Int, interval: String) {
+        self.requests = requests
+        self.interval = interval
+    }
 }
 
 public enum OpenRouterKeyQuotaStatus: String, Codable, Sendable {
@@ -76,6 +90,9 @@ public struct OpenRouterUsageSnapshot: Codable, Sendable {
     public let keyDataFetched: Bool
     public let keyLimit: Double?
     public let keyUsage: Double?
+    public let keyUsageDaily: Double?
+    public let keyUsageWeekly: Double?
+    public let keyUsageMonthly: Double?
     public let rateLimit: OpenRouterRateLimit?
     public let updatedAt: Date
 
@@ -87,6 +104,9 @@ public struct OpenRouterUsageSnapshot: Codable, Sendable {
         keyDataFetched: Bool = false,
         keyLimit: Double? = nil,
         keyUsage: Double? = nil,
+        keyUsageDaily: Double? = nil,
+        keyUsageWeekly: Double? = nil,
+        keyUsageMonthly: Double? = nil,
         rateLimit: OpenRouterRateLimit?,
         updatedAt: Date)
     {
@@ -94,9 +114,13 @@ public struct OpenRouterUsageSnapshot: Codable, Sendable {
         self.totalUsage = totalUsage
         self.balance = balance
         self.usedPercent = usedPercent
-        self.keyDataFetched = keyDataFetched || keyLimit != nil || keyUsage != nil
+        self.keyDataFetched = keyDataFetched || keyLimit != nil || keyUsage != nil ||
+            keyUsageDaily != nil || keyUsageWeekly != nil || keyUsageMonthly != nil
         self.keyLimit = keyLimit
         self.keyUsage = keyUsage
+        self.keyUsageDaily = keyUsageDaily
+        self.keyUsageWeekly = keyUsageWeekly
+        self.keyUsageMonthly = keyUsageMonthly
         self.rateLimit = rateLimit
         self.updatedAt = updatedAt
     }
@@ -216,21 +240,17 @@ public struct OpenRouterUsageFetcher: Sendable {
         let title = Self.sanitizedHeaderValue(environment[self.clientTitleEnvKey]) ?? Self.defaultClientTitle
         request.setValue(title, forHTTPHeaderField: "X-Title")
 
-        let (data, response) = try await URLSession.shared.data(for: request)
-
-        guard let httpResponse = response as? HTTPURLResponse else {
-            throw OpenRouterUsageError.networkError("Invalid response")
-        }
-
-        guard httpResponse.statusCode == 200 else {
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
             let errorSummary = LogRedactor.redact(Self.sanitizedResponseBodySummary(data))
             if Self.debugFullErrorBodiesEnabled(environment: environment),
                let debugBody = Self.redactedDebugResponseBody(data)
             {
                 Self.log.debug("OpenRouter non-200 body (redacted): \(LogRedactor.redact(debugBody))")
             }
-            Self.log.error("OpenRouter API returned \(httpResponse.statusCode): \(errorSummary)")
-            throw OpenRouterUsageError.apiError("HTTP \(httpResponse.statusCode)")
+            Self.log.error("OpenRouter API returned \(response.statusCode): \(errorSummary)")
+            throw OpenRouterUsageError.apiError("HTTP \(response.statusCode)")
         }
 
         do {
@@ -252,6 +272,9 @@ public struct OpenRouterUsageFetcher: Sendable {
                 keyDataFetched: keyFetch.fetched,
                 keyLimit: keyFetch.data?.limit,
                 keyUsage: keyFetch.data?.usage,
+                keyUsageDaily: keyFetch.data?.usageDaily,
+                keyUsageWeekly: keyFetch.data?.usageWeekly,
+                keyUsageMonthly: keyFetch.data?.usageMonthly,
                 rateLimit: keyFetch.data?.rateLimit,
                 updatedAt: Date())
         } catch let error as DecodingError {
@@ -266,7 +289,7 @@ public struct OpenRouterUsageFetcher: Sendable {
     }
 
     /// Fetches key quota/rate-limit info from /key endpoint
-    private struct OpenRouterKeyFetchResult: Sendable {
+    private struct OpenRouterKeyFetchResult {
         let data: OpenRouterKeyData?
         let fetched: Bool
     }
@@ -323,16 +346,13 @@ public struct OpenRouterUsageFetcher: Sendable {
         request.timeoutInterval = timeoutSeconds
 
         do {
-            let (data, response) = try await URLSession.shared.data(for: request)
-
-            guard let httpResponse = response as? HTTPURLResponse,
-                  httpResponse.statusCode == 200
-            else {
+            let response = try await ProviderHTTPClient.shared.response(for: request)
+            guard response.statusCode == 200 else {
                 return OpenRouterKeyFetchResult(data: nil, fetched: false)
             }
 
             let decoder = JSONDecoder()
-            let keyResponse = try decoder.decode(OpenRouterKeyResponse.self, from: data)
+            let keyResponse = try decoder.decode(OpenRouterKeyResponse.self, from: response.data)
             return OpenRouterKeyFetchResult(data: keyResponse.data, fetched: true)
         } catch {
             Self.log.debug("Failed to fetch OpenRouter /key enrichment: \(error.localizedDescription)")
diff --git a/Sources/CodexBarCore/Providers/Perplexity/PerplexityAPIError.swift b/Sources/CodexBarCore/Providers/Perplexity/PerplexityAPIError.swift
new file mode 100644
index 000000000..35baf9350
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Perplexity/PerplexityAPIError.swift
@@ -0,0 +1,27 @@
+import Foundation
+
+public enum PerplexityAPIError: LocalizedError, Sendable, Equatable {
+    case missingToken
+    case invalidCookie
+    case invalidToken
+    case networkError(String)
+    case apiError(String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingToken:
+            "Perplexity session token is missing. Please log into Perplexity in your browser."
+        case .invalidCookie:
+            "Perplexity manual cookie header is empty or invalid."
+        case .invalidToken:
+            "Perplexity session token is invalid or expired. Please log in again."
+        case let .networkError(message):
+            "Perplexity network error: \(message)"
+        case let .apiError(message):
+            "Perplexity API error: \(message)"
+        case let .parseFailed(message):
+            "Failed to parse Perplexity usage data: \(message)"
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Perplexity/PerplexityCookieHeader.swift b/Sources/CodexBarCore/Providers/Perplexity/PerplexityCookieHeader.swift
new file mode 100644
index 000000000..1c66a95f2
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Perplexity/PerplexityCookieHeader.swift
@@ -0,0 +1,129 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public struct PerplexityCookieOverride: Sendable {
+    public let name: String
+    public let token: String
+    public let requestCookieNames: [String]
+
+    public init(name: String, token: String, requestCookieNames: [String]? = nil) {
+        self.name = name
+        self.token = token
+        self.requestCookieNames = requestCookieNames ?? [name]
+    }
+}
+
+public enum PerplexityCookieHeader {
+    public static let defaultSessionCookieName = "__Secure-next-auth.session-token"
+    public static let supportedSessionCookieNames = [
+        "__Secure-authjs.session-token",
+        "authjs.session-token",
+        "__Secure-next-auth.session-token",
+        "next-auth.session-token",
+    ]
+
+    public static func resolveCookieOverride(context: ProviderFetchContext) -> PerplexityCookieOverride? {
+        if let settings = context.settings?.perplexity, settings.cookieSource == .manual {
+            if let manual = settings.manualCookieHeader, !manual.isEmpty {
+                return self.override(from: manual)
+            }
+        }
+        return nil
+    }
+
+    public static func override(from raw: String?) -> PerplexityCookieOverride? {
+        guard let raw = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !raw.isEmpty else {
+            return nil
+        }
+
+        // Accept bare token value
+        if !raw.contains("="), !raw.contains(";") {
+            return PerplexityCookieOverride(
+                name: self.defaultSessionCookieName,
+                token: raw,
+                requestCookieNames: self.supportedSessionCookieNames)
+        }
+
+        // Extract a supported session cookie from a full cookie string.
+        if let cookie = self.extractSessionCookie(from: raw) {
+            return cookie
+        }
+
+        return nil
+    }
+
+    static func sessionCookie(from cookies: [HTTPCookie]) -> PerplexityCookieOverride? {
+        self.extractSessionCookie(from: cookies.map { (name: $0.name, value: $0.value) })
+    }
+
+    private static func extractSessionCookie(from raw: String) -> PerplexityCookieOverride? {
+        let pairs = raw.split(separator: ";")
+        var cookies: [(name: String, value: String)] = []
+        for pair in pairs {
+            let trimmed = pair.trimmingCharacters(in: .whitespacesAndNewlines)
+            guard !trimmed.isEmpty else { continue }
+            guard let separator = trimmed.firstIndex(of: "=") else { continue }
+            let key = String(trimmed[..<separator]).trimmingCharacters(in: .whitespacesAndNewlines)
+            let value = String(trimmed[trimmed.index(after: separator)...]).trimmingCharacters(
+                in: .whitespacesAndNewlines)
+            guard !key.isEmpty, !value.isEmpty else { continue }
+            cookies.append((name: key, value: value))
+        }
+        return self.extractSessionCookie(from: cookies)
+    }
+
+    private static func extractSessionCookie(from cookies: [(name: String, value: String)])
+    -> PerplexityCookieOverride? {
+        var cookieMap: [String: (name: String, value: String)] = [:]
+        var chunkedCookies: [String: [Int: (name: String, value: String)]] = [:]
+
+        for cookie in cookies {
+            let loweredName = cookie.name.lowercased()
+            cookieMap[loweredName] = cookie
+
+            for expected in self.supportedSessionCookieNames {
+                let loweredExpected = expected.lowercased()
+                let prefix = "\(loweredExpected)."
+                guard loweredName.hasPrefix(prefix) else { continue }
+                let suffix = String(loweredName.dropFirst(prefix.count))
+                guard let index = Int(suffix) else { continue }
+                chunkedCookies[loweredExpected, default: [:]][index] = cookie
+            }
+        }
+
+        for expected in self.supportedSessionCookieNames {
+            let loweredExpected = expected.lowercased()
+            if let match = cookieMap[loweredExpected] {
+                return PerplexityCookieOverride(name: match.name, token: match.value)
+            }
+            if let chunked = self.reassembleChunkedSessionCookie(from: chunkedCookies[loweredExpected]) {
+                return chunked
+            }
+        }
+        return nil
+    }
+
+    private static func reassembleChunkedSessionCookie(
+        from chunks: [Int: (name: String, value: String)]?) -> PerplexityCookieOverride?
+    {
+        guard let chunks,
+              let firstChunk = chunks[0],
+              let maxIndex = chunks.keys.max()
+        else {
+            return nil
+        }
+
+        var tokenParts: [String] = []
+        tokenParts.reserveCapacity(maxIndex + 1)
+        for index in 0...maxIndex {
+            guard let chunk = chunks[index] else { return nil }
+            tokenParts.append(chunk.value)
+        }
+
+        guard let suffixStart = firstChunk.name.lastIndex(of: ".") else { return nil }
+        let baseName = String(firstChunk.name[..<suffixStart])
+        return PerplexityCookieOverride(name: baseName, token: tokenParts.joined())
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Perplexity/PerplexityCookieImporter.swift b/Sources/CodexBarCore/Providers/Perplexity/PerplexityCookieImporter.swift
new file mode 100644
index 000000000..1c0a7c911
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Perplexity/PerplexityCookieImporter.swift
@@ -0,0 +1,245 @@
+import Foundation
+
+#if os(macOS)
+import SweetCookieKit
+
+public enum PerplexityCookieImporter {
+    private static let importSessionCacheTTL: TimeInterval = 5
+    private static let importSessionCache = ImportSessionCache(ttl: importSessionCacheTTL)
+    private static let log = CodexBarLog.logger(LogCategories.perplexityCookie)
+    private static let cookieClient = BrowserCookieClient()
+    private static let cookieDomains = ["www.perplexity.ai", "perplexity.ai"]
+    private static let cookieImportOrder: BrowserCookieImportOrder =
+        ProviderDefaults.metadata[.perplexity]?.browserCookieOrder ?? Browser.defaultImportOrder
+    nonisolated(unsafe) static var importSessionOverrideForTesting:
+        ((BrowserDetection, ((String) -> Void)?) throws -> SessionInfo)?
+    nonisolated(unsafe) static var importSessionsOverrideForTesting:
+        ((BrowserDetection, ((String) -> Void)?) throws -> [SessionInfo])?
+
+    public struct SessionInfo: Sendable {
+        public let cookies: [HTTPCookie]
+        public let sourceLabel: String
+
+        public init(cookies: [HTTPCookie], sourceLabel: String) {
+            self.cookies = cookies
+            self.sourceLabel = sourceLabel
+        }
+
+        public var sessionCookie: PerplexityCookieOverride? {
+            PerplexityCookieHeader.sessionCookie(from: self.cookies)
+        }
+
+        public var sessionToken: String? {
+            self.sessionCookie?.token
+        }
+    }
+
+    public static func importSessions(
+        browserDetection: BrowserDetection = BrowserDetection(),
+        logger: ((String) -> Void)? = nil) throws -> [SessionInfo]
+    {
+        if let cached = self.cachedImportSessions() {
+            return cached
+        }
+        if let override = self.importSessionsOverrideForTesting {
+            let sessions = try override(browserDetection, logger)
+            self.storeImportSessions(sessions)
+            return sessions
+        }
+        if let override = self.importSessionOverrideForTesting {
+            let session = try override(browserDetection, logger)
+            let sessions = [session]
+            self.storeImportSessions(sessions)
+            return sessions
+        }
+
+        var sessions: [SessionInfo] = []
+        let candidates = self.cookieImportOrder.cookieImportCandidates(using: browserDetection)
+        for browserSource in candidates {
+            do {
+                let perSource = try self.importSessions(from: browserSource, logger: logger)
+                sessions.append(contentsOf: perSource)
+            } catch {
+                BrowserCookieAccessGate.recordIfNeeded(error)
+                self.emit(
+                    "\(browserSource.displayName) cookie import failed: \(error.localizedDescription)",
+                    logger: logger)
+            }
+        }
+
+        guard !sessions.isEmpty else {
+            throw PerplexityCookieImportError.noCookies
+        }
+        self.storeImportSessions(sessions)
+        return sessions
+    }
+
+    public static func importSessions(
+        from browserSource: Browser,
+        logger: ((String) -> Void)? = nil) throws -> [SessionInfo]
+    {
+        let query = BrowserCookieQuery(domains: self.cookieDomains)
+        let log: (String) -> Void = { msg in self.emit(msg, logger: logger) }
+        let sources = try Self.cookieClient.codexBarRecords(
+            matching: query,
+            in: browserSource,
+            logger: log)
+
+        var sessions: [SessionInfo] = []
+        let grouped = Dictionary(grouping: sources, by: { $0.store.profile.id })
+        let sortedGroups = grouped.values.sorted { lhs, rhs in
+            self.mergedLabel(for: lhs) < self.mergedLabel(for: rhs)
+        }
+
+        for group in sortedGroups where !group.isEmpty {
+            let label = self.mergedLabel(for: group)
+            let mergedRecords = self.mergeRecords(group)
+            guard !mergedRecords.isEmpty else { continue }
+            let httpCookies = BrowserCookieClient.makeHTTPCookies(mergedRecords, origin: query.origin)
+            guard !httpCookies.isEmpty else { continue }
+
+            let session = SessionInfo(cookies: httpCookies, sourceLabel: label)
+            guard let sessionCookie = session.sessionCookie else {
+                continue
+            }
+
+            log("Found \(sessionCookie.name) cookie in \(label)")
+            sessions.append(session)
+        }
+        return sessions
+    }
+
+    public static func importSession(
+        browserDetection: BrowserDetection = BrowserDetection(),
+        logger: ((String) -> Void)? = nil) throws -> SessionInfo
+    {
+        let sessions = try self.importSessions(browserDetection: browserDetection, logger: logger)
+        guard let first = sessions.first else {
+            throw PerplexityCookieImportError.noCookies
+        }
+        return first
+    }
+
+    public static func hasSession(
+        browserDetection: BrowserDetection = BrowserDetection(),
+        logger: ((String) -> Void)? = nil) -> Bool
+    {
+        do {
+            _ = try self.importSession(browserDetection: browserDetection, logger: logger)
+            return true
+        } catch {
+            return false
+        }
+    }
+
+    static func invalidateImportSessionCache() {
+        self.importSessionCache.invalidate()
+    }
+
+    private static func emit(_ message: String, logger: ((String) -> Void)?) {
+        logger?("[perplexity-cookie] \(message)")
+        self.log.debug(message)
+    }
+
+    private static func cachedImportSessions(now: Date = Date()) -> [SessionInfo]? {
+        self.importSessionCache.load(now: now)
+    }
+
+    private static func storeImportSessions(_ sessions: [SessionInfo], now: Date = Date()) {
+        self.importSessionCache.store(sessions, now: now)
+    }
+
+    private static func mergedLabel(for sources: [BrowserCookieStoreRecords]) -> String {
+        guard let base = sources.map(\.label).min() else { return "Unknown" }
+        if base.hasSuffix(" (Network)") {
+            return String(base.dropLast(" (Network)".count))
+        }
+        return base
+    }
+
+    private static func mergeRecords(_ sources: [BrowserCookieStoreRecords]) -> [BrowserCookieRecord] {
+        let sortedSources = sources.sorted { lhs, rhs in
+            self.storePriority(lhs.store.kind) < self.storePriority(rhs.store.kind)
+        }
+        var mergedByKey: [String: BrowserCookieRecord] = [:]
+        for source in sortedSources {
+            for record in source.records {
+                let key = self.recordKey(record)
+                if let existing = mergedByKey[key] {
+                    if self.shouldReplace(existing: existing, candidate: record) {
+                        mergedByKey[key] = record
+                    }
+                } else {
+                    mergedByKey[key] = record
+                }
+            }
+        }
+        return Array(mergedByKey.values)
+    }
+
+    private static func storePriority(_ kind: BrowserCookieStoreKind) -> Int {
+        switch kind {
+        case .network: 0
+        case .primary: 1
+        case .safari: 2
+        }
+    }
+
+    private static func recordKey(_ record: BrowserCookieRecord) -> String {
+        "\(record.name)|\(record.domain)|\(record.path)"
+    }
+
+    private static func shouldReplace(existing: BrowserCookieRecord, candidate: BrowserCookieRecord) -> Bool {
+        switch (existing.expires, candidate.expires) {
+        case let (lhs?, rhs?): rhs > lhs
+        case (nil, .some): true
+        case (.some, nil): false
+        case (nil, nil): false
+        }
+    }
+
+    private final class ImportSessionCache: @unchecked Sendable {
+        private let ttl: TimeInterval
+        private let lock = NSLock()
+        private var entry: (sessions: [SessionInfo], expiresAt: Date)?
+
+        init(ttl: TimeInterval) {
+            self.ttl = ttl
+        }
+
+        func load(now: Date) -> [SessionInfo]? {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            guard let entry = self.entry else { return nil }
+            guard entry.expiresAt > now else {
+                self.entry = nil
+                return nil
+            }
+            return entry.sessions
+        }
+
+        func store(_ sessions: [SessionInfo], now: Date) {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            self.entry = (sessions: sessions, expiresAt: now.addingTimeInterval(self.ttl))
+        }
+
+        func invalidate() {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            self.entry = nil
+        }
+    }
+}
+
+enum PerplexityCookieImportError: LocalizedError {
+    case noCookies
+
+    var errorDescription: String? {
+        switch self {
+        case .noCookies:
+            "No Perplexity session cookies found in browsers. Please log into perplexity.ai."
+        }
+    }
+}
+#endif
diff --git a/Sources/CodexBarCore/Providers/Perplexity/PerplexityModels.swift b/Sources/CodexBarCore/Providers/Perplexity/PerplexityModels.swift
new file mode 100644
index 000000000..ae4ae592b
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Perplexity/PerplexityModels.swift
@@ -0,0 +1,29 @@
+import Foundation
+
+public struct PerplexityCreditsResponse: Codable {
+    public let balanceCents: Double
+    public let renewalDateTs: TimeInterval
+    public let currentPeriodPurchasedCents: Double
+    public let creditGrants: [PerplexityCreditGrant]
+    public let totalUsageCents: Double
+
+    enum CodingKeys: String, CodingKey {
+        case balanceCents = "balance_cents"
+        case renewalDateTs = "renewal_date_ts"
+        case currentPeriodPurchasedCents = "current_period_purchased_cents"
+        case creditGrants = "credit_grants"
+        case totalUsageCents = "total_usage_cents"
+    }
+}
+
+public struct PerplexityCreditGrant: Codable {
+    public let type: String
+    public let amountCents: Double
+    public let expiresAtTs: TimeInterval?
+
+    enum CodingKeys: String, CodingKey {
+        case type
+        case amountCents = "amount_cents"
+        case expiresAtTs = "expires_at_ts"
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Perplexity/PerplexityProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Perplexity/PerplexityProviderDescriptor.swift
new file mode 100644
index 000000000..1a6da7c1b
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Perplexity/PerplexityProviderDescriptor.swift
@@ -0,0 +1,238 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum PerplexityProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .perplexity,
+            metadata: ProviderMetadata(
+                id: .perplexity,
+                displayName: "Perplexity",
+                sessionLabel: "Credits",
+                weeklyLabel: "Bonus credits",
+                opusLabel: "Purchased",
+                supportsOpus: true,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show Perplexity usage",
+                cliName: "perplexity",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: nil,
+                dashboardURL: "https://www.perplexity.ai/account/usage",
+                statusPageURL: nil,
+                statusLinkURL: "https://status.perplexity.com/"),
+            branding: ProviderBranding(
+                iconStyle: .perplexity,
+                iconResourceName: "ProviderIcon-perplexity",
+                color: ProviderColor(red: 32 / 255, green: 178 / 255, blue: 170 / 255)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "Perplexity cost tracking is not supported." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .web],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [PerplexityWebFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "perplexity",
+                aliases: [],
+                versionDetector: nil))
+    }
+}
+
+struct PerplexityWebFetchStrategy: ProviderFetchStrategy {
+    private enum SessionCookieSource {
+        case manual
+        case cache
+        case browser
+        case environment
+
+        var shouldCacheAfterFetch: Bool {
+            self == .browser
+        }
+    }
+
+    private struct ResolvedSessionCookie {
+        let value: PerplexityCookieOverride
+        let source: SessionCookieSource
+    }
+
+    private struct SessionFetchResult {
+        let snapshot: PerplexityUsageSnapshot
+        let cookie: PerplexityCookieOverride
+    }
+
+    let id: String = "perplexity.web"
+    let kind: ProviderFetchKind = .web
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        guard context.settings?.perplexity?.cookieSource != .off else { return false }
+        if context.settings?.perplexity?.cookieSource == .manual { return true }
+
+        // Priority order mirrors resolveSessionCookie: manual override → cache → browser import → env var
+        if PerplexityCookieHeader.resolveCookieOverride(context: context) != nil {
+            return true
+        }
+
+        if CookieHeaderCache.load(provider: .perplexity) != nil {
+            return true
+        }
+
+        #if os(macOS)
+        if context.settings?.perplexity?.cookieSource != .off {
+            if PerplexityCookieImporter.hasSession() { return true }
+        }
+        #endif
+
+        if PerplexitySettingsReader.sessionToken(environment: context.env) != nil {
+            return true
+        }
+
+        return false
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let resolvedCookies = try self.resolveSessionCookies(context: context)
+        guard !resolvedCookies.isEmpty else {
+            throw PerplexityAPIError.missingToken
+        }
+        var sawInvalidToken = false
+
+        for resolvedCookie in resolvedCookies {
+            do {
+                let result = try await self.fetchSnapshot(using: resolvedCookie)
+                self.cacheSessionCookieIfNeeded(resolvedCookie, usedCookie: result.cookie, sourceLabel: "web")
+                return self.makeResult(
+                    usage: result.snapshot.toUsageSnapshot(),
+                    sourceLabel: "web")
+            } catch PerplexityAPIError.invalidToken {
+                sawInvalidToken = true
+                if resolvedCookie.source == .cache {
+                    CookieHeaderCache.clear(provider: .perplexity)
+                }
+                continue
+            }
+        }
+
+        if sawInvalidToken {
+            throw PerplexityAPIError.invalidToken
+        }
+        throw PerplexityAPIError.missingToken
+    }
+
+    func shouldFallback(on error: Error, context: ProviderFetchContext) -> Bool {
+        if case PerplexityAPIError.missingToken = error { return false }
+        if case PerplexityAPIError.invalidCookie = error { return false }
+        if case PerplexityAPIError.invalidToken = error { return false }
+        return true
+    }
+
+    private func resolveSessionCookies(context: ProviderFetchContext) throws -> [ResolvedSessionCookie] {
+        guard context.settings?.perplexity?.cookieSource != .off else { return [] }
+
+        if context.settings?.perplexity?.cookieSource == .manual {
+            guard let override = PerplexityCookieHeader.resolveCookieOverride(context: context) else {
+                throw PerplexityAPIError.invalidCookie
+            }
+            return [ResolvedSessionCookie(value: override, source: .manual)]
+        }
+
+        var cookies: [ResolvedSessionCookie] = []
+
+        // Try cached cookie before expensive browser import
+        if let cached = CookieHeaderCache.load(provider: .perplexity) {
+            if let override = PerplexityCookieHeader.override(from: cached.cookieHeader) {
+                cookies.append(ResolvedSessionCookie(value: override, source: .cache))
+            }
+        }
+
+        cookies.append(contentsOf: self.resolveSessionCookiesFromBrowserOrEnv(context: context))
+        return self.deduplicatedSessionCookies(cookies)
+    }
+
+    private func resolveSessionCookiesFromBrowserOrEnv(
+        context: ProviderFetchContext,
+        preferEnvironment: Bool = false) -> [ResolvedSessionCookie]
+    {
+        guard context.settings?.perplexity?.cookieSource != .off else { return [] }
+        var cookies: [ResolvedSessionCookie] = []
+
+        if preferEnvironment,
+           let cookie = PerplexitySettingsReader.sessionCookieOverride(environment: context.env)
+        {
+            cookies.append(ResolvedSessionCookie(value: cookie, source: .environment))
+        }
+
+        // Try browser cookie import when auto mode is enabled
+        #if os(macOS)
+        do {
+            let sessions = try PerplexityCookieImporter.importSessions()
+            cookies.append(contentsOf: sessions.compactMap { session in
+                guard let cookie = session.sessionCookie else { return nil }
+                return ResolvedSessionCookie(value: cookie, source: .browser)
+            })
+        } catch {
+            // No browser cookies found
+        }
+        #endif
+
+        // Fall back to environment
+        if !preferEnvironment,
+           let cookie = PerplexitySettingsReader.sessionCookieOverride(environment: context.env)
+        {
+            cookies.append(ResolvedSessionCookie(value: cookie, source: .environment))
+        }
+        return self.deduplicatedSessionCookies(cookies)
+    }
+
+    private func deduplicatedSessionCookies(_ cookies: [ResolvedSessionCookie]) -> [ResolvedSessionCookie] {
+        var deduplicated: [ResolvedSessionCookie] = []
+        for cookie in cookies {
+            if deduplicated.contains(where: { self.isEquivalentCookie($0.value, cookie.value) }) {
+                continue
+            }
+            deduplicated.append(cookie)
+        }
+        return deduplicated
+    }
+
+    private func cacheSessionCookieIfNeeded(
+        _ cookie: ResolvedSessionCookie,
+        usedCookie: PerplexityCookieOverride,
+        sourceLabel: String)
+    {
+        guard cookie.source.shouldCacheAfterFetch else { return }
+        CookieHeaderCache.store(
+            provider: .perplexity,
+            cookieHeader: "\(usedCookie.name)=\(usedCookie.token)",
+            sourceLabel: sourceLabel)
+    }
+
+    private func fetchSnapshot(using cookie: ResolvedSessionCookie) async throws -> SessionFetchResult {
+        var lastInvalidToken = false
+        for cookieName in cookie.value.requestCookieNames {
+            do {
+                let snapshot = try await PerplexityUsageFetcher.fetchCredits(
+                    sessionToken: cookie.value.token,
+                    cookieName: cookieName)
+                return SessionFetchResult(
+                    snapshot: snapshot,
+                    cookie: PerplexityCookieOverride(name: cookieName, token: cookie.value.token))
+            } catch PerplexityAPIError.invalidToken {
+                lastInvalidToken = true
+                continue
+            }
+        }
+
+        if lastInvalidToken {
+            throw PerplexityAPIError.invalidToken
+        }
+        throw PerplexityAPIError.missingToken
+    }
+
+    private func isEquivalentCookie(_ lhs: PerplexityCookieOverride, _ rhs: PerplexityCookieOverride) -> Bool {
+        lhs.token == rhs.token && lhs.requestCookieNames == rhs.requestCookieNames
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Perplexity/PerplexitySettingsReader.swift b/Sources/CodexBarCore/Providers/Perplexity/PerplexitySettingsReader.swift
new file mode 100644
index 000000000..ef1952b5a
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Perplexity/PerplexitySettingsReader.swift
@@ -0,0 +1,38 @@
+import Foundation
+
+public enum PerplexitySettingsReader {
+    public static func sessionCookieOverride(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> PerplexityCookieOverride?
+    {
+        let raw = environment["PERPLEXITY_SESSION_TOKEN"]
+            ?? environment["perplexity_session_token"]
+        if let token = self.cleaned(raw) { return PerplexityCookieHeader.override(from: token) }
+
+        // PERPLEXITY_COOKIE may be a full Cookie header string; preserve the matching session cookie name.
+        if let cookieRaw = environment["PERPLEXITY_COOKIE"] {
+            return PerplexityCookieHeader.override(from: self.cleaned(cookieRaw))
+        }
+        return nil
+    }
+
+    public static func sessionToken(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.sessionCookieOverride(environment: environment)?.token
+    }
+
+    private static func cleaned(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+
+        value = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : value
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Perplexity/PerplexityUsageFetcher.swift b/Sources/CodexBarCore/Providers/Perplexity/PerplexityUsageFetcher.swift
new file mode 100644
index 000000000..84e735e26
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Perplexity/PerplexityUsageFetcher.swift
@@ -0,0 +1,71 @@
+import Foundation
+
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+public struct PerplexityUsageFetcher: Sendable {
+    private static let log = CodexBarLog.logger(LogCategories.perplexityAPI)
+    private static let creditsURL =
+        URL(string: "https://www.perplexity.ai/rest/billing/credits?version=2.18&source=default")!
+    @TaskLocal static var fetchCreditsOverride:
+        (@Sendable (String, String, Date) async throws -> PerplexityUsageSnapshot)?
+
+    /// Testing hook: parse a raw JSON response without making network calls.
+    public static func _parseResponseForTesting(_ data: Data, now: Date = Date()) throws -> PerplexityUsageSnapshot {
+        do {
+            let decoded = try JSONDecoder().decode(PerplexityCreditsResponse.self, from: data)
+            return PerplexityUsageSnapshot(response: decoded, now: now)
+        } catch {
+            throw PerplexityAPIError.parseFailed(error.localizedDescription)
+        }
+    }
+
+    public static func fetchCredits(
+        sessionToken: String,
+        cookieName: String = PerplexityCookieHeader.defaultSessionCookieName,
+        now: Date = Date()) async throws -> PerplexityUsageSnapshot
+    {
+        if let override = self.fetchCreditsOverride {
+            return try await override(sessionToken, cookieName, now)
+        }
+
+        var request = URLRequest(url: self.creditsURL)
+        request.httpMethod = "GET"
+        request.timeoutInterval = 15
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.setValue(
+            "\(cookieName)=\(sessionToken)",
+            forHTTPHeaderField: "Cookie")
+        request.setValue("https://www.perplexity.ai", forHTTPHeaderField: "Origin")
+        request.setValue("https://www.perplexity.ai/account/usage", forHTTPHeaderField: "Referer")
+        let userAgent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) " +
+            "AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
+        request.setValue(userAgent, forHTTPHeaderField: "User-Agent")
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
+            let statusCode = response.statusCode
+            let body = String(data: data, encoding: .utf8) ?? "<binary>"
+            let truncated = body.count > 200 ? String(body.prefix(200)) + "…" : body
+            Self.log.error("Perplexity API returned \(statusCode): \(truncated)")
+            if statusCode == 401 || statusCode == 403 {
+                throw PerplexityAPIError.invalidToken
+            }
+            throw PerplexityAPIError.apiError("HTTP \(statusCode)")
+        }
+
+        do {
+            let decoded = try JSONDecoder().decode(PerplexityCreditsResponse.self, from: data)
+            let snapshot = PerplexityUsageSnapshot(response: decoded, now: now)
+            Self.log.debug(
+                "Perplexity credits parsed balance=\(snapshot.balanceCents) totalUsage=\(snapshot.totalUsageCents)")
+            return snapshot
+        } catch {
+            let preview = String(data: data.prefix(500), encoding: .utf8) ?? "<binary>"
+            Self.log.error("Perplexity parse failed: \(error) — response: \(preview)")
+            throw PerplexityAPIError.parseFailed(error.localizedDescription)
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Perplexity/PerplexityUsageSnapshot.swift b/Sources/CodexBarCore/Providers/Perplexity/PerplexityUsageSnapshot.swift
new file mode 100644
index 000000000..48e4cf9cc
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Perplexity/PerplexityUsageSnapshot.swift
@@ -0,0 +1,134 @@
+import Foundation
+
+public struct PerplexityUsageSnapshot: Sendable {
+    public let recurringTotal: Double
+    public let recurringUsed: Double
+    public let promoTotal: Double
+    public let promoUsed: Double
+    public let purchasedTotal: Double
+    public let purchasedUsed: Double
+    public let balanceCents: Double
+    public let totalUsageCents: Double
+    public let renewalDate: Date
+    public let promoExpiration: Date?
+    public let updatedAt: Date
+
+    public init(response: PerplexityCreditsResponse, now: Date) {
+        let recurring = response.creditGrants.filter { $0.type == "recurring" }
+        let promotional = response.creditGrants.filter {
+            $0.type == "promotional" && ($0.expiresAtTs ?? .infinity) > now.timeIntervalSince1970
+        }
+        let purchased = response.creditGrants.filter { $0.type == "purchased" }
+
+        // All timestamps from the Perplexity API are Unix seconds (verified Feb 2026).
+        let recurringSum = max(0, recurring.reduce(0.0) { $0 + $1.amountCents })
+        let promoSum = max(0, promotional.reduce(0.0) { $0 + $1.amountCents })
+        // Purchased credits may appear in the top-level field, in the credit_grants
+        // array (type == "purchased"), or both. Take whichever is larger to avoid
+        // double-counting while still catching either source.
+        let purchasedFromGrants = max(0, purchased.reduce(0.0) { $0 + $1.amountCents })
+        let purchasedFromField = max(0, response.currentPeriodPurchasedCents)
+        let purchasedSum = max(purchasedFromGrants, purchasedFromField)
+
+        // Waterfall attribution: recurring → purchased → promotional
+        var remaining = response.totalUsageCents
+        let usedFromRecurring = min(remaining, recurringSum); remaining -= usedFromRecurring
+        let usedFromPurchased = min(remaining, purchasedSum); remaining -= usedFromPurchased
+        let usedFromPromo = min(remaining, promoSum)
+
+        self.recurringTotal = recurringSum
+        self.recurringUsed = usedFromRecurring
+        self.promoTotal = promoSum
+        self.promoUsed = usedFromPromo
+        self.purchasedTotal = purchasedSum
+        self.purchasedUsed = usedFromPurchased
+        self.balanceCents = response.balanceCents
+        self.totalUsageCents = response.totalUsageCents
+        self.renewalDate = Date(timeIntervalSince1970: response.renewalDateTs)
+        self.promoExpiration = promotional
+            .compactMap { $0.expiresAtTs.map { Date(timeIntervalSince1970: $0) } }
+            .min()
+        self.updatedAt = now
+    }
+
+    /// Infer plan name from recurring credit allotment.
+    /// Free = 0, Pro = small pool (~500–1000), Max = 10,000+.
+    public var planName: String? {
+        if self.recurringTotal <= 0 { return nil }
+        if self.recurringTotal < 5000 { return "Pro" }
+        return "Max"
+    }
+
+    private static let promoExpiryFormatter: DateFormatter = {
+        let fmt = DateFormatter()
+        fmt.dateFormat = "MMM d"
+        return fmt
+    }()
+}
+
+extension PerplexityUsageSnapshot {
+    public func toUsageSnapshot() -> UsageSnapshot {
+        // Primary: recurring (monthly) credits
+        let hasFallbackCredits = self.promoTotal > 0 || self.purchasedTotal > 0
+        let primaryWindow: RateWindow? = {
+            if self.recurringTotal > 0 {
+                let primaryPercent = min(100, max(0, self.recurringUsed / self.recurringTotal * 100))
+                return RateWindow(
+                    usedPercent: primaryPercent,
+                    windowMinutes: nil,
+                    resetsAt: self.renewalDate,
+                    resetDescription: "\(Int(self.recurringUsed.rounded()))/\(Int(self.recurringTotal)) credits")
+            }
+            if hasFallbackCredits {
+                // When recurring is absent but bonus/purchased credits remain, omit the fake 0/0 primary lane
+                // so automatic menu-bar rendering can fall through to the usable pool.
+                return nil
+            }
+            return RateWindow(
+                usedPercent: 100,
+                windowMinutes: nil,
+                resetsAt: self.renewalDate,
+                resetDescription: "0/0 credits")
+        }()
+
+        // Secondary: promotional bonus credits — always shown.
+        // usedPercent=100 when promoTotal==0 so the bar renders empty rather than full.
+        let promoPercent = self.promoTotal > 0
+            ? min(100, max(0, self.promoUsed / self.promoTotal * 100))
+            : 100.0
+        var promoDesc = "\(Int(promoUsed.rounded()))/\(Int(self.promoTotal)) bonus"
+        if let expiry = promoExpiration {
+            promoDesc += " \u{00b7} exp. \(Self.promoExpiryFormatter.string(from: expiry))"
+        }
+        let secondary = RateWindow(
+            usedPercent: promoPercent,
+            windowMinutes: nil,
+            resetsAt: nil,
+            resetDescription: promoDesc)
+
+        // Tertiary: on-demand purchased credits — always shown.
+        // usedPercent=100 when purchasedTotal==0 so the bar renders empty rather than full.
+        let purchasedPercent = self.purchasedTotal > 0
+            ? min(100, max(0, self.purchasedUsed / self.purchasedTotal * 100))
+            : 100.0
+        let tertiary = RateWindow(
+            usedPercent: purchasedPercent,
+            windowMinutes: nil,
+            resetsAt: nil,
+            resetDescription: "\(Int(purchasedUsed.rounded()))/\(Int(self.purchasedTotal)) credits")
+
+        let identity = ProviderIdentitySnapshot(
+            providerID: .perplexity,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: planName)
+
+        return UsageSnapshot(
+            primary: primaryWindow,
+            secondary: secondary,
+            tertiary: tertiary,
+            providerCost: nil,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/ProviderCandidateRetryRunner.swift b/Sources/CodexBarCore/Providers/ProviderCandidateRetryRunner.swift
index 5b2048236..f3009d24c 100644
--- a/Sources/CodexBarCore/Providers/ProviderCandidateRetryRunner.swift
+++ b/Sources/CodexBarCore/Providers/ProviderCandidateRetryRunner.swift
@@ -1,6 +1,6 @@
 import Foundation
 
-enum ProviderCandidateRetryRunnerError: Error, Sendable {
+enum ProviderCandidateRetryRunnerError: Error {
     case noCandidates
 }
 
diff --git a/Sources/CodexBarCore/Providers/ProviderDescriptor.swift b/Sources/CodexBarCore/Providers/ProviderDescriptor.swift
index d7a3669d4..21e058dfc 100644
--- a/Sources/CodexBarCore/Providers/ProviderDescriptor.swift
+++ b/Sources/CodexBarCore/Providers/ProviderDescriptor.swift
@@ -54,15 +54,21 @@ public enum ProviderDescriptorRegistry {
     private static let store = Store()
     private static let descriptorsByID: [UsageProvider: ProviderDescriptor] = [
         .codex: CodexProviderDescriptor.descriptor,
+        .openai: OpenAIAPIProviderDescriptor.descriptor,
+        .azureopenai: AzureOpenAIProviderDescriptor.descriptor,
         .claude: ClaudeProviderDescriptor.descriptor,
         .cursor: CursorProviderDescriptor.descriptor,
         .opencode: OpenCodeProviderDescriptor.descriptor,
+        .opencodego: OpenCodeGoProviderDescriptor.descriptor,
+        .alibaba: AlibabaCodingPlanProviderDescriptor.descriptor,
+        .alibabatokenplan: AlibabaTokenPlanProviderDescriptor.descriptor,
         .factory: FactoryProviderDescriptor.descriptor,
         .gemini: GeminiProviderDescriptor.descriptor,
         .antigravity: AntigravityProviderDescriptor.descriptor,
         .copilot: CopilotProviderDescriptor.descriptor,
         .zai: ZaiProviderDescriptor.descriptor,
         .minimax: MiniMaxProviderDescriptor.descriptor,
+        .manus: ManusProviderDescriptor.descriptor,
         .kimi: KimiProviderDescriptor.descriptor,
         .kilo: KiloProviderDescriptor.descriptor,
         .kiro: KiroProviderDescriptor.descriptor,
@@ -70,11 +76,31 @@ public enum ProviderDescriptorRegistry {
         .augment: AugmentProviderDescriptor.descriptor,
         .jetbrains: JetBrainsProviderDescriptor.descriptor,
         .kimik2: KimiK2ProviderDescriptor.descriptor,
+        .moonshot: MoonshotProviderDescriptor.descriptor,
         .amp: AmpProviderDescriptor.descriptor,
+        .t3chat: T3ChatProviderDescriptor.descriptor,
         .ollama: OllamaProviderDescriptor.descriptor,
         .synthetic: SyntheticProviderDescriptor.descriptor,
         .openrouter: OpenRouterProviderDescriptor.descriptor,
+        .elevenlabs: ElevenLabsProviderDescriptor.descriptor,
         .warp: WarpProviderDescriptor.descriptor,
+        .windsurf: WindsurfProviderDescriptor.descriptor,
+        .perplexity: PerplexityProviderDescriptor.descriptor,
+        .mimo: MiMoProviderDescriptor.descriptor,
+        .doubao: DoubaoProviderDescriptor.descriptor,
+        .abacus: AbacusProviderDescriptor.descriptor,
+        .mistral: MistralProviderDescriptor.descriptor,
+        .deepseek: DeepSeekProviderDescriptor.descriptor,
+        .codebuff: CodebuffProviderDescriptor.descriptor,
+        .crof: CrofProviderDescriptor.descriptor,
+        .venice: VeniceProviderDescriptor.descriptor,
+        .commandcode: CommandCodeProviderDescriptor.descriptor,
+        .stepfun: StepFunProviderDescriptor.descriptor,
+        .bedrock: BedrockProviderDescriptor.descriptor,
+        .grok: GrokProviderDescriptor.descriptor,
+        .groq: GroqProviderDescriptor.descriptor,
+        .llmproxy: LLMProxyProviderDescriptor.descriptor,
+        .deepgram: DeepgramProviderDescriptor.descriptor,
     ]
     private static let bootstrap: Void = {
         for provider in UsageProvider.allCases {
diff --git a/Sources/CodexBarCore/Providers/ProviderDiagnosticExport.swift b/Sources/CodexBarCore/Providers/ProviderDiagnosticExport.swift
new file mode 100644
index 000000000..4ce2fad2f
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/ProviderDiagnosticExport.swift
@@ -0,0 +1,415 @@
+import Foundation
+
+public struct ProviderDiagnosticBatchExport: Codable, Sendable {
+    public let schemaVersion: String
+    public let timestamp: Date
+    public let diagnostics: [ProviderDiagnosticExport]
+
+    public init(
+        schemaVersion: String = "1.0",
+        timestamp: Date,
+        diagnostics: [ProviderDiagnosticExport])
+    {
+        self.schemaVersion = schemaVersion
+        self.timestamp = timestamp
+        self.diagnostics = diagnostics
+    }
+}
+
+public struct ProviderDiagnosticExport: Codable, Sendable {
+    public let schemaVersion: String
+    public let timestamp: Date
+    public let provider: String
+    public let displayName: String
+    public let source: String
+    public let sourceMode: String
+    public let auth: ProviderDiagnosticAuthSummary
+    public let usage: ProviderDiagnosticUsageSummary?
+    public let fetchAttempts: [ProviderDiagnosticFetchAttempt]
+    public let error: ProviderDiagnosticError?
+    public let settings: ProviderDiagnosticSettingsSummary
+    public let details: ProviderDiagnosticDetails?
+
+    public init(
+        schemaVersion: String = "1.0",
+        timestamp: Date,
+        provider: String,
+        displayName: String,
+        source: String,
+        sourceMode: String,
+        auth: ProviderDiagnosticAuthSummary,
+        usage: ProviderDiagnosticUsageSummary?,
+        fetchAttempts: [ProviderDiagnosticFetchAttempt],
+        error: ProviderDiagnosticError?,
+        settings: ProviderDiagnosticSettingsSummary,
+        details: ProviderDiagnosticDetails?)
+    {
+        self.schemaVersion = schemaVersion
+        self.timestamp = timestamp
+        self.provider = provider
+        self.displayName = displayName
+        self.source = source
+        self.sourceMode = sourceMode
+        self.auth = auth
+        self.usage = usage
+        self.fetchAttempts = fetchAttempts
+        self.error = error
+        self.settings = settings
+        self.details = details
+    }
+}
+
+public struct ProviderDiagnosticAuthSummary: Codable, Sendable {
+    public let configured: Bool
+    public let modes: [String]
+
+    public init(configured: Bool, modes: [String]) {
+        self.configured = configured
+        self.modes = modes
+    }
+
+    public func resolved(with outcome: ProviderFetchOutcome) -> ProviderDiagnosticAuthSummary {
+        var resolvedModes = self.modes
+        if outcome.isSuccess {
+            for attempt in outcome.attempts where attempt.wasAvailable {
+                let mode = ProviderDiagnosticFetchAttempt.kindLabel(attempt.kind)
+                if !resolvedModes.contains(mode) {
+                    resolvedModes.append(mode)
+                }
+            }
+        }
+        let configured = self.configured || outcome.isSuccess
+        return ProviderDiagnosticAuthSummary(configured: configured, modes: resolvedModes)
+    }
+}
+
+public struct ProviderDiagnosticUsageSummary: Codable, Sendable {
+    public let updatedAt: Date
+    public let windows: [ProviderDiagnosticRateWindow]
+    public let extraWindowCount: Int
+    public let providerCostPresent: Bool
+    public let providerSpecificData: [String]
+
+    public init(from snapshot: UsageSnapshot) {
+        var windows: [ProviderDiagnosticRateWindow] = []
+        if let primary = snapshot.primary {
+            windows.append(ProviderDiagnosticRateWindow(label: "primary", window: primary))
+        }
+        if let secondary = snapshot.secondary {
+            windows.append(ProviderDiagnosticRateWindow(label: "secondary", window: secondary))
+        }
+        if let tertiary = snapshot.tertiary {
+            windows.append(ProviderDiagnosticRateWindow(label: "tertiary", window: tertiary))
+        }
+        for extra in snapshot.extraRateWindows ?? [] {
+            windows.append(ProviderDiagnosticRateWindow(label: extra.title, window: extra.window))
+        }
+
+        var providerSpecificData: [String] = []
+        if snapshot.kiroUsage != nil { providerSpecificData.append("kiroUsage") }
+        if snapshot.zaiUsage != nil { providerSpecificData.append("zaiUsage") }
+        if snapshot.minimaxUsage != nil { providerSpecificData.append("minimaxUsage") }
+        if snapshot.deepseekUsage != nil { providerSpecificData.append("deepseekUsage") }
+        if snapshot.openRouterUsage != nil { providerSpecificData.append("openRouterUsage") }
+        if snapshot.openAIAPIUsage != nil { providerSpecificData.append("openAIAPIUsage") }
+        if snapshot.claudeAdminAPIUsage != nil { providerSpecificData.append("claudeAdminAPIUsage") }
+        if snapshot.mistralUsage != nil { providerSpecificData.append("mistralUsage") }
+        if snapshot.deepgramUsage != nil { providerSpecificData.append("deepgramUsage") }
+        if snapshot.cursorRequests != nil { providerSpecificData.append("cursorRequests") }
+
+        self.updatedAt = snapshot.updatedAt
+        self.windows = windows
+        self.extraWindowCount = snapshot.extraRateWindows?.count ?? 0
+        self.providerCostPresent = snapshot.providerCost != nil
+        self.providerSpecificData = providerSpecificData.sorted()
+    }
+}
+
+public struct ProviderDiagnosticRateWindow: Codable, Sendable {
+    public let label: String
+    public let usedPercent: Double
+    public let windowMinutes: Int?
+    public let resetsAt: Date?
+    public let hasResetDescription: Bool
+    public let nextRegenPercent: Double?
+
+    public init(label: String, window: RateWindow) {
+        self.label = label
+        self.usedPercent = window.usedPercent
+        self.windowMinutes = window.windowMinutes
+        self.resetsAt = window.resetsAt
+        self.hasResetDescription = window.resetDescription?.isEmpty == false
+        self.nextRegenPercent = window.nextRegenPercent
+    }
+}
+
+public struct ProviderDiagnosticFetchAttempt: Codable, Sendable {
+    public let kind: String
+    public let wasAvailable: Bool
+    public let errorCategory: String?
+
+    public init(
+        kind: String,
+        wasAvailable: Bool,
+        errorCategory: String?)
+    {
+        self.kind = kind
+        self.wasAvailable = wasAvailable
+        self.errorCategory = errorCategory
+    }
+
+    public init(from attempt: ProviderFetchAttempt) {
+        self.kind = Self.kindLabel(attempt.kind)
+        self.wasAvailable = attempt.wasAvailable
+        self.errorCategory = attempt.errorDescription.map(Self.errorCategoryLabel)
+    }
+
+    public static func kindLabel(_ kind: ProviderFetchKind) -> String {
+        switch kind {
+        case .cli: "cli"
+        case .web: "web"
+        case .oauth: "oauth"
+        case .apiToken: "api"
+        case .localProbe: "local"
+        case .webDashboard: "web"
+        }
+    }
+
+    public static func errorCategoryLabel(_ description: String?) -> String {
+        guard let desc = description?.lowercased() else { return "unknown" }
+        if desc.contains("network") || desc.contains("timeout") || desc.contains("connection") {
+            return "network"
+        }
+        if desc.contains("auth") || desc.contains("credential") || desc.contains("token") || desc.contains("cookie") ||
+            desc.contains("api key") || desc.contains("key not configured") || desc.contains("missing key")
+        {
+            return "auth"
+        }
+        if desc.contains("source") || desc.contains("not supported") || desc.contains("unavailable") {
+            return "configuration"
+        }
+        if desc.contains("api") || desc.contains("http") || desc.contains("404") || desc.contains("403") {
+            return "api"
+        }
+        if desc.contains("parse") || desc.contains("format") || desc.contains("decode") {
+            return "parse"
+        }
+        return "unknown"
+    }
+}
+
+public struct ProviderDiagnosticError: Codable, Sendable {
+    public let category: String
+    public let safeDescription: String
+
+    public init(category: String, safeDescription: String) {
+        self.category = category
+        self.safeDescription = safeDescription
+    }
+
+    public init(from error: Error, authConfigured: Bool) {
+        self.category = Self.errorCategory(error, authConfigured: authConfigured)
+        self.safeDescription = Self.safeDescription(category: self.category)
+    }
+
+    private static func errorCategory(_ error: Error, authConfigured: Bool) -> String {
+        if case ProviderFetchError.noAvailableStrategy = error {
+            return authConfigured ? "configuration" : "auth"
+        }
+        if let minimaxError = error as? MiniMaxUsageError {
+            switch minimaxError {
+            case .networkError: return "network"
+            case .invalidCredentials: return "auth"
+            case .apiError: return "api"
+            case .parseFailed: return "parse"
+            }
+        }
+        if error is MiniMaxSettingsError || error is MiniMaxAPISettingsError { return "auth" }
+        return ProviderDiagnosticFetchAttempt.errorCategoryLabel(error.localizedDescription)
+    }
+
+    private static func safeDescription(category: String) -> String {
+        switch category {
+        case "network":
+            "Network error - check your connection"
+        case "auth":
+            "Authentication or setup issue - check provider credentials"
+        case "api":
+            "API error - service returned an unexpected response"
+        case "parse":
+            "Parse error - unexpected response format"
+        case "configuration":
+            "Configuration issue - check provider source and settings"
+        default:
+            "An unexpected error occurred"
+        }
+    }
+}
+
+public struct ProviderDiagnosticSettingsSummary: Codable, Sendable {
+    public let sourceMode: String
+    public let apiRegion: String?
+
+    public init(sourceMode: ProviderSourceMode, apiRegion: String? = nil) {
+        self.sourceMode = sourceMode.rawValue
+        self.apiRegion = apiRegion
+    }
+}
+
+public enum ProviderDiagnosticDetails: Codable, Sendable {
+    case minimax(MiniMaxDiagnosticDetails)
+
+    private enum CodingKeys: String, CodingKey {
+        case type
+        case minimax
+    }
+
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        let type = try container.decode(String.self, forKey: .type)
+        switch type {
+        case "minimax":
+            self = try .minimax(container.decode(MiniMaxDiagnosticDetails.self, forKey: .minimax))
+        default:
+            throw DecodingError.dataCorruptedError(
+                forKey: .type,
+                in: container,
+                debugDescription: "Unknown provider diagnostic detail type")
+        }
+    }
+
+    public func encode(to encoder: Encoder) throws {
+        var container = encoder.container(keyedBy: CodingKeys.self)
+        switch self {
+        case let .minimax(details):
+            try container.encode("minimax", forKey: .type)
+            try container.encode(details, forKey: .minimax)
+        }
+    }
+}
+
+public struct MiniMaxDiagnosticDetails: Codable, Sendable {
+    public let planName: String?
+    public let availablePrompts: Int?
+    public let currentPrompts: Int?
+    public let remainingPrompts: Int?
+    public let windowMinutes: Int?
+    public let usedPercent: Double?
+    public let resetsAt: Date?
+    public let services: [MiniMaxDiagnosticServiceUsage]?
+    public let billingSummaryPresent: Bool
+
+    public init(from snapshot: MiniMaxUsageSnapshot) {
+        self.planName = snapshot.planName
+        self.availablePrompts = snapshot.availablePrompts
+        self.currentPrompts = snapshot.currentPrompts
+        self.remainingPrompts = snapshot.remainingPrompts
+        self.windowMinutes = snapshot.windowMinutes
+        self.usedPercent = snapshot.usedPercent
+        self.resetsAt = snapshot.resetsAt
+        self.services = snapshot.services?.map { MiniMaxDiagnosticServiceUsage(from: $0) }
+        self.billingSummaryPresent = snapshot.billingSummary != nil
+    }
+}
+
+public struct MiniMaxDiagnosticServiceUsage: Codable, Sendable {
+    public let displayName: String
+    public let percent: Double
+    public let windowType: String
+    public let resetsAt: Date?
+    public let hasResetDescription: Bool
+
+    public init(from service: MiniMaxServiceUsage) {
+        self.displayName = service.displayName
+        self.percent = service.percent
+        self.windowType = service.windowType
+        self.resetsAt = service.resetsAt
+        self.hasResetDescription = !service.resetDescription.isEmpty
+    }
+}
+
+public enum ProviderDiagnosticExportBuilder {
+    public struct Input: Sendable {
+        public let provider: UsageProvider
+        public let descriptor: ProviderDescriptor
+        public let outcome: ProviderFetchOutcome
+        public let sourceMode: ProviderSourceMode
+        public let settings: ProviderSettingsSnapshot?
+        public let auth: ProviderDiagnosticAuthSummary
+
+        public init(
+            provider: UsageProvider,
+            descriptor: ProviderDescriptor,
+            outcome: ProviderFetchOutcome,
+            sourceMode: ProviderSourceMode,
+            settings: ProviderSettingsSnapshot?,
+            auth: ProviderDiagnosticAuthSummary)
+        {
+            self.provider = provider
+            self.descriptor = descriptor
+            self.outcome = outcome
+            self.sourceMode = sourceMode
+            self.settings = settings
+            self.auth = auth
+        }
+    }
+
+    public static func build(_ input: Input) -> ProviderDiagnosticExport {
+        let resolvedAuth = input.auth.resolved(with: input.outcome)
+        let usage = input.outcome.usageSnapshot.map { ProviderDiagnosticUsageSummary(from: $0) }
+        let error = input.outcome.failureError
+            .map { ProviderDiagnosticError(from: $0, authConfigured: resolvedAuth.configured) }
+        let settingsSummary = ProviderDiagnosticSettingsSummary(
+            sourceMode: input.sourceMode,
+            apiRegion: Self.safeAPIRegion(provider: input.provider, settings: input.settings))
+
+        return ProviderDiagnosticExport(
+            timestamp: Date(),
+            provider: input.provider.rawValue,
+            displayName: input.descriptor.metadata.displayName,
+            source: input.outcome.sourceLabel,
+            sourceMode: input.sourceMode.rawValue,
+            auth: resolvedAuth,
+            usage: usage,
+            fetchAttempts: input.outcome.attempts.map { ProviderDiagnosticFetchAttempt(from: $0) },
+            error: error,
+            settings: settingsSummary,
+            details: Self.details(provider: input.provider, outcome: input.outcome))
+    }
+
+    private static func safeAPIRegion(provider: UsageProvider, settings: ProviderSettingsSnapshot?) -> String? {
+        guard provider == .minimax else { return nil }
+        return settings?.minimax?.apiRegion.rawValue ?? "global"
+    }
+
+    private static func details(provider: UsageProvider, outcome: ProviderFetchOutcome) -> ProviderDiagnosticDetails? {
+        guard provider == .minimax,
+              let usage = outcome.usageSnapshot?.minimaxUsage
+        else {
+            return nil
+        }
+        return .minimax(MiniMaxDiagnosticDetails(from: usage))
+    }
+}
+
+extension ProviderFetchOutcome {
+    fileprivate var isSuccess: Bool {
+        guard case .success = self.result else { return false }
+        return true
+    }
+
+    fileprivate var sourceLabel: String {
+        guard case let .success(result) = result else { return "failed" }
+        return result.sourceLabel
+    }
+
+    fileprivate var usageSnapshot: UsageSnapshot? {
+        guard case let .success(result) = result else { return nil }
+        return result.usage
+    }
+
+    fileprivate var failureError: Error? {
+        guard case let .failure(error) = result else { return nil }
+        return error
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/ProviderFetchPlan.swift b/Sources/CodexBarCore/Providers/ProviderFetchPlan.swift
index cadbdc813..e99a2c69f 100644
--- a/Sources/CodexBarCore/Providers/ProviderFetchPlan.swift
+++ b/Sources/CodexBarCore/Providers/ProviderFetchPlan.swift
@@ -18,9 +18,13 @@ public enum ProviderSourceMode: String, CaseIterable, Sendable, Codable {
 }
 
 public struct ProviderFetchContext: Sendable {
+    public typealias TokenAccountTokenUpdater = @Sendable (UsageProvider, UUID, String) async -> Void
+    public typealias ProviderManualTokenUpdater = @Sendable (UsageProvider, String) async -> Void
+
     public let runtime: ProviderRuntime
     public let sourceMode: ProviderSourceMode
     public let includeCredits: Bool
+    public let includeOptionalUsage: Bool
     public let webTimeout: TimeInterval
     public let webDebugDumpHTML: Bool
     public let verbose: Bool
@@ -29,11 +33,16 @@ public struct ProviderFetchContext: Sendable {
     public let fetcher: UsageFetcher
     public let claudeFetcher: any ClaudeUsageFetching
     public let browserDetection: BrowserDetection
+    public let selectedTokenAccountID: UUID?
+    public let tokenAccountTokenUpdater: TokenAccountTokenUpdater?
+    public let providerManualTokenUpdater: ProviderManualTokenUpdater?
+    public let costUsageHistoryDays: Int
 
     public init(
         runtime: ProviderRuntime,
         sourceMode: ProviderSourceMode,
         includeCredits: Bool,
+        includeOptionalUsage: Bool = true,
         webTimeout: TimeInterval,
         webDebugDumpHTML: Bool,
         verbose: Bool,
@@ -41,11 +50,16 @@ public struct ProviderFetchContext: Sendable {
         settings: ProviderSettingsSnapshot?,
         fetcher: UsageFetcher,
         claudeFetcher: any ClaudeUsageFetching,
-        browserDetection: BrowserDetection)
+        browserDetection: BrowserDetection,
+        selectedTokenAccountID: UUID? = nil,
+        tokenAccountTokenUpdater: TokenAccountTokenUpdater? = nil,
+        providerManualTokenUpdater: ProviderManualTokenUpdater? = nil,
+        costUsageHistoryDays: Int = 30)
     {
         self.runtime = runtime
         self.sourceMode = sourceMode
         self.includeCredits = includeCredits
+        self.includeOptionalUsage = includeOptionalUsage
         self.webTimeout = webTimeout
         self.webDebugDumpHTML = webDebugDumpHTML
         self.verbose = verbose
@@ -54,6 +68,10 @@ public struct ProviderFetchContext: Sendable {
         self.fetcher = fetcher
         self.claudeFetcher = claudeFetcher
         self.browserDetection = browserDetection
+        self.selectedTokenAccountID = selectedTokenAccountID
+        self.tokenAccountTokenUpdater = tokenAccountTokenUpdater
+        self.providerManualTokenUpdater = providerManualTokenUpdater
+        self.costUsageHistoryDays = max(1, min(365, costUsageHistoryDays))
     }
 }
 
@@ -162,6 +180,7 @@ public struct ProviderFetchPipeline: Sendable {
         let strategies = await self.resolveStrategies(context)
         var attempts: [ProviderFetchAttempt] = []
         attempts.reserveCapacity(strategies.count)
+        var lastAvailableError: Error?
 
         for strategy in strategies {
             let available = await strategy.isAvailable(context)
@@ -184,6 +203,7 @@ public struct ProviderFetchPipeline: Sendable {
                     errorDescription: nil))
                 return ProviderFetchOutcome(result: .success(result), attempts: attempts)
             } catch {
+                lastAvailableError = error
                 attempts.append(ProviderFetchAttempt(
                     strategyID: strategy.id,
                     kind: strategy.kind,
@@ -196,7 +216,7 @@ public struct ProviderFetchPipeline: Sendable {
             }
         }
 
-        let error = ProviderFetchError.noAvailableStrategy(provider)
+        let error = lastAvailableError ?? ProviderFetchError.noAvailableStrategy(provider)
         return ProviderFetchOutcome(result: .failure(error), attempts: attempts)
     }
 }
diff --git a/Sources/CodexBarCore/Providers/ProviderSettingsSnapshot.swift b/Sources/CodexBarCore/Providers/ProviderSettingsSnapshot.swift
index e9bf84f9e..71a29e7f5 100644
--- a/Sources/CodexBarCore/Providers/ProviderSettingsSnapshot.swift
+++ b/Sources/CodexBarCore/Providers/ProviderSettingsSnapshot.swift
@@ -8,16 +8,28 @@ public struct ProviderSettingsSnapshot: Sendable {
         claude: ClaudeProviderSettings? = nil,
         cursor: CursorProviderSettings? = nil,
         opencode: OpenCodeProviderSettings? = nil,
+        opencodego: OpenCodeProviderSettings? = nil,
+        alibaba: AlibabaCodingPlanProviderSettings? = nil,
+        alibabaTokenPlan: AlibabaTokenPlanProviderSettings? = nil,
         factory: FactoryProviderSettings? = nil,
         minimax: MiniMaxProviderSettings? = nil,
+        manus: ManusProviderSettings? = nil,
         zai: ZaiProviderSettings? = nil,
         copilot: CopilotProviderSettings? = nil,
         kilo: KiloProviderSettings? = nil,
         kimi: KimiProviderSettings? = nil,
         augment: AugmentProviderSettings? = nil,
+        moonshot: MoonshotProviderSettings? = nil,
         amp: AmpProviderSettings? = nil,
+        t3chat: T3ChatProviderSettings? = nil,
         ollama: OllamaProviderSettings? = nil,
-        jetbrains: JetBrainsProviderSettings? = nil) -> ProviderSettingsSnapshot
+        jetbrains: JetBrainsProviderSettings? = nil,
+        windsurf: WindsurfProviderSettings? = nil,
+        perplexity: PerplexityProviderSettings? = nil,
+        mimo: MiMoProviderSettings? = nil,
+        abacus: AbacusProviderSettings? = nil,
+        mistral: MistralProviderSettings? = nil,
+        stepfun: StepFunProviderSettings? = nil) -> ProviderSettingsSnapshot
     {
         ProviderSettingsSnapshot(
             debugMenuEnabled: debugMenuEnabled,
@@ -26,31 +38,52 @@ public struct ProviderSettingsSnapshot: Sendable {
             claude: claude,
             cursor: cursor,
             opencode: opencode,
+            opencodego: opencodego,
+            alibaba: alibaba,
+            alibabaTokenPlan: alibabaTokenPlan,
             factory: factory,
             minimax: minimax,
+            manus: manus,
             zai: zai,
             copilot: copilot,
             kilo: kilo,
             kimi: kimi,
             augment: augment,
+            moonshot: moonshot,
             amp: amp,
+            t3chat: t3chat,
             ollama: ollama,
-            jetbrains: jetbrains)
+            jetbrains: jetbrains,
+            windsurf: windsurf,
+            perplexity: perplexity,
+            mimo: mimo,
+            abacus: abacus,
+            mistral: mistral,
+            stepfun: stepfun)
     }
 
     public struct CodexProviderSettings: Sendable {
         public let usageDataSource: CodexUsageDataSource
         public let cookieSource: ProviderCookieSource
         public let manualCookieHeader: String?
+        public let managedAccountStoreUnreadable: Bool
+        public let managedAccountTargetUnavailable: Bool
+        public let dashboardAuthorityKnownOwners: [CodexDashboardKnownOwnerCandidate]
 
         public init(
             usageDataSource: CodexUsageDataSource,
             cookieSource: ProviderCookieSource,
-            manualCookieHeader: String?)
+            manualCookieHeader: String?,
+            managedAccountStoreUnreadable: Bool = false,
+            managedAccountTargetUnavailable: Bool = false,
+            dashboardAuthorityKnownOwners: [CodexDashboardKnownOwnerCandidate] = [])
         {
             self.usageDataSource = usageDataSource
             self.cookieSource = cookieSource
             self.manualCookieHeader = manualCookieHeader
+            self.managedAccountStoreUnreadable = managedAccountStoreUnreadable
+            self.managedAccountTargetUnavailable = managedAccountTargetUnavailable
+            self.dashboardAuthorityKnownOwners = dashboardAuthorityKnownOwners
         }
     }
 
@@ -59,17 +92,20 @@ public struct ProviderSettingsSnapshot: Sendable {
         public let webExtrasEnabled: Bool
         public let cookieSource: ProviderCookieSource
         public let manualCookieHeader: String?
+        public let organizationID: String?
 
         public init(
             usageDataSource: ClaudeUsageDataSource,
             webExtrasEnabled: Bool,
             cookieSource: ProviderCookieSource,
-            manualCookieHeader: String?)
+            manualCookieHeader: String?,
+            organizationID: String? = nil)
         {
             self.usageDataSource = usageDataSource
             self.webExtrasEnabled = webExtrasEnabled
             self.cookieSource = cookieSource
             self.manualCookieHeader = manualCookieHeader
+            self.organizationID = organizationID
         }
     }
 
@@ -95,6 +131,32 @@ public struct ProviderSettingsSnapshot: Sendable {
         }
     }
 
+    public struct AlibabaCodingPlanProviderSettings: Sendable {
+        public let cookieSource: ProviderCookieSource
+        public let manualCookieHeader: String?
+        public let apiRegion: AlibabaCodingPlanAPIRegion
+
+        public init(
+            cookieSource: ProviderCookieSource = .auto,
+            manualCookieHeader: String? = nil,
+            apiRegion: AlibabaCodingPlanAPIRegion = .international)
+        {
+            self.cookieSource = cookieSource
+            self.manualCookieHeader = manualCookieHeader
+            self.apiRegion = apiRegion
+        }
+    }
+
+    public struct AlibabaTokenPlanProviderSettings: Sendable {
+        public let cookieSource: ProviderCookieSource
+        public let manualCookieHeader: String?
+
+        public init(cookieSource: ProviderCookieSource = .auto, manualCookieHeader: String? = nil) {
+            self.cookieSource = cookieSource
+            self.manualCookieHeader = manualCookieHeader
+        }
+    }
+
     public struct FactoryProviderSettings: Sendable {
         public let cookieSource: ProviderCookieSource
         public let manualCookieHeader: String?
@@ -121,6 +183,16 @@ public struct ProviderSettingsSnapshot: Sendable {
         }
     }
 
+    public struct ManusProviderSettings: Sendable {
+        public let cookieSource: ProviderCookieSource
+        public let manualCookieHeader: String?
+
+        public init(cookieSource: ProviderCookieSource, manualCookieHeader: String?) {
+            self.cookieSource = cookieSource
+            self.manualCookieHeader = manualCookieHeader
+        }
+    }
+
     public struct ZaiProviderSettings: Sendable {
         public let apiRegion: ZaiAPIRegion
 
@@ -130,7 +202,13 @@ public struct ProviderSettingsSnapshot: Sendable {
     }
 
     public struct CopilotProviderSettings: Sendable {
-        public init() {}
+        public let apiToken: String?
+        public let enterpriseHost: String?
+
+        public init(apiToken: String? = nil, enterpriseHost: String? = nil) {
+            self.apiToken = apiToken
+            self.enterpriseHost = enterpriseHost
+        }
     }
 
     public struct KiloProviderSettings: Sendable {
@@ -163,6 +241,14 @@ public struct ProviderSettingsSnapshot: Sendable {
         }
     }
 
+    public struct MoonshotProviderSettings: Sendable {
+        public let region: MoonshotRegion?
+
+        public init(region: MoonshotRegion? = nil) {
+            self.region = region
+        }
+    }
+
     public struct JetBrainsProviderSettings: Sendable {
         public let ideBasePath: String?
 
@@ -181,6 +267,26 @@ public struct ProviderSettingsSnapshot: Sendable {
         }
     }
 
+    public struct T3ChatProviderSettings: Sendable {
+        public let cookieSource: ProviderCookieSource
+        public let manualCookieHeader: String?
+
+        public init(cookieSource: ProviderCookieSource, manualCookieHeader: String?) {
+            self.cookieSource = cookieSource
+            self.manualCookieHeader = manualCookieHeader
+        }
+    }
+
+    public struct CommandCodeProviderSettings: Sendable {
+        public let cookieSource: ProviderCookieSource
+        public let manualCookieHeader: String?
+
+        public init(cookieSource: ProviderCookieSource, manualCookieHeader: String?) {
+            self.cookieSource = cookieSource
+            self.manualCookieHeader = manualCookieHeader
+        }
+    }
+
     public struct OllamaProviderSettings: Sendable {
         public let cookieSource: ProviderCookieSource
         public let manualCookieHeader: String?
@@ -191,22 +297,110 @@ public struct ProviderSettingsSnapshot: Sendable {
         }
     }
 
+    public struct WindsurfProviderSettings: Sendable {
+        public let usageDataSource: WindsurfUsageDataSource
+        public let cookieSource: ProviderCookieSource
+        public let manualCookieHeader: String?
+
+        public init(
+            usageDataSource: WindsurfUsageDataSource,
+            cookieSource: ProviderCookieSource,
+            manualCookieHeader: String?)
+        {
+            self.usageDataSource = usageDataSource
+            self.cookieSource = cookieSource
+            self.manualCookieHeader = manualCookieHeader
+        }
+    }
+
+    public struct PerplexityProviderSettings: Sendable {
+        public let cookieSource: ProviderCookieSource
+        public let manualCookieHeader: String?
+
+        public init(cookieSource: ProviderCookieSource, manualCookieHeader: String?) {
+            self.cookieSource = cookieSource
+            self.manualCookieHeader = manualCookieHeader
+        }
+    }
+
+    public struct MiMoProviderSettings: Sendable {
+        public let cookieSource: ProviderCookieSource
+        public let manualCookieHeader: String?
+
+        public init(cookieSource: ProviderCookieSource, manualCookieHeader: String?) {
+            self.cookieSource = cookieSource
+            self.manualCookieHeader = manualCookieHeader
+        }
+    }
+
+    public struct AbacusProviderSettings: Sendable {
+        public let cookieSource: ProviderCookieSource
+        public let manualCookieHeader: String?
+
+        public init(cookieSource: ProviderCookieSource, manualCookieHeader: String?) {
+            self.cookieSource = cookieSource
+            self.manualCookieHeader = manualCookieHeader
+        }
+    }
+
+    public struct MistralProviderSettings: Sendable {
+        public let cookieSource: ProviderCookieSource
+        public let manualCookieHeader: String?
+
+        public init(cookieSource: ProviderCookieSource, manualCookieHeader: String?) {
+            self.cookieSource = cookieSource
+            self.manualCookieHeader = manualCookieHeader
+        }
+    }
+
+    public struct StepFunProviderSettings: Sendable {
+        public let cookieSource: ProviderCookieSource
+        public let manualToken: String
+        public let username: String
+        public let password: String
+
+        public init(
+            cookieSource: ProviderCookieSource = .auto,
+            manualToken: String = "",
+            username: String = "",
+            password: String = "")
+        {
+            self.cookieSource = cookieSource
+            self.manualToken = manualToken
+            self.username = username
+            self.password = password
+        }
+    }
+
     public let debugMenuEnabled: Bool
     public let debugKeepCLISessionsAlive: Bool
     public let codex: CodexProviderSettings?
     public let claude: ClaudeProviderSettings?
     public let cursor: CursorProviderSettings?
     public let opencode: OpenCodeProviderSettings?
+    public let opencodego: OpenCodeProviderSettings?
+    public let alibaba: AlibabaCodingPlanProviderSettings?
+    public let alibabaTokenPlan: AlibabaTokenPlanProviderSettings?
     public let factory: FactoryProviderSettings?
     public let minimax: MiniMaxProviderSettings?
+    public let manus: ManusProviderSettings?
     public let zai: ZaiProviderSettings?
     public let copilot: CopilotProviderSettings?
     public let kilo: KiloProviderSettings?
     public let kimi: KimiProviderSettings?
     public let augment: AugmentProviderSettings?
+    public let moonshot: MoonshotProviderSettings?
     public let amp: AmpProviderSettings?
+    public let t3chat: T3ChatProviderSettings?
+    public let commandcode: CommandCodeProviderSettings?
     public let ollama: OllamaProviderSettings?
     public let jetbrains: JetBrainsProviderSettings?
+    public let windsurf: WindsurfProviderSettings?
+    public let perplexity: PerplexityProviderSettings?
+    public let mimo: MiMoProviderSettings?
+    public let abacus: AbacusProviderSettings?
+    public let mistral: MistralProviderSettings?
+    public let stepfun: StepFunProviderSettings?
 
     public var jetbrainsIDEBasePath: String? {
         self.jetbrains?.ideBasePath
@@ -219,16 +413,29 @@ public struct ProviderSettingsSnapshot: Sendable {
         claude: ClaudeProviderSettings?,
         cursor: CursorProviderSettings?,
         opencode: OpenCodeProviderSettings?,
+        opencodego: OpenCodeProviderSettings?,
+        alibaba: AlibabaCodingPlanProviderSettings?,
+        alibabaTokenPlan: AlibabaTokenPlanProviderSettings? = nil,
         factory: FactoryProviderSettings?,
         minimax: MiniMaxProviderSettings?,
+        manus: ManusProviderSettings?,
         zai: ZaiProviderSettings?,
         copilot: CopilotProviderSettings?,
         kilo: KiloProviderSettings?,
         kimi: KimiProviderSettings?,
         augment: AugmentProviderSettings?,
+        moonshot: MoonshotProviderSettings? = nil,
         amp: AmpProviderSettings?,
+        t3chat: T3ChatProviderSettings? = nil,
+        commandcode: CommandCodeProviderSettings? = nil,
         ollama: OllamaProviderSettings?,
-        jetbrains: JetBrainsProviderSettings? = nil)
+        jetbrains: JetBrainsProviderSettings? = nil,
+        windsurf: WindsurfProviderSettings? = nil,
+        perplexity: PerplexityProviderSettings? = nil,
+        mimo: MiMoProviderSettings? = nil,
+        abacus: AbacusProviderSettings? = nil,
+        mistral: MistralProviderSettings? = nil,
+        stepfun: StepFunProviderSettings? = nil)
     {
         self.debugMenuEnabled = debugMenuEnabled
         self.debugKeepCLISessionsAlive = debugKeepCLISessionsAlive
@@ -236,16 +443,29 @@ public struct ProviderSettingsSnapshot: Sendable {
         self.claude = claude
         self.cursor = cursor
         self.opencode = opencode
+        self.opencodego = opencodego
+        self.alibaba = alibaba
+        self.alibabaTokenPlan = alibabaTokenPlan
         self.factory = factory
         self.minimax = minimax
+        self.manus = manus
         self.zai = zai
         self.copilot = copilot
         self.kilo = kilo
         self.kimi = kimi
         self.augment = augment
+        self.moonshot = moonshot
         self.amp = amp
+        self.t3chat = t3chat
+        self.commandcode = commandcode
         self.ollama = ollama
         self.jetbrains = jetbrains
+        self.windsurf = windsurf
+        self.perplexity = perplexity
+        self.mimo = mimo
+        self.abacus = abacus
+        self.mistral = mistral
+        self.stepfun = stepfun
     }
 }
 
@@ -254,16 +474,29 @@ public enum ProviderSettingsSnapshotContribution: Sendable {
     case claude(ProviderSettingsSnapshot.ClaudeProviderSettings)
     case cursor(ProviderSettingsSnapshot.CursorProviderSettings)
     case opencode(ProviderSettingsSnapshot.OpenCodeProviderSettings)
+    case opencodego(ProviderSettingsSnapshot.OpenCodeProviderSettings)
+    case alibaba(ProviderSettingsSnapshot.AlibabaCodingPlanProviderSettings)
+    case alibabaTokenPlan(ProviderSettingsSnapshot.AlibabaTokenPlanProviderSettings)
     case factory(ProviderSettingsSnapshot.FactoryProviderSettings)
     case minimax(ProviderSettingsSnapshot.MiniMaxProviderSettings)
+    case manus(ProviderSettingsSnapshot.ManusProviderSettings)
     case zai(ProviderSettingsSnapshot.ZaiProviderSettings)
     case copilot(ProviderSettingsSnapshot.CopilotProviderSettings)
     case kilo(ProviderSettingsSnapshot.KiloProviderSettings)
     case kimi(ProviderSettingsSnapshot.KimiProviderSettings)
     case augment(ProviderSettingsSnapshot.AugmentProviderSettings)
+    case moonshot(ProviderSettingsSnapshot.MoonshotProviderSettings)
     case amp(ProviderSettingsSnapshot.AmpProviderSettings)
+    case t3chat(ProviderSettingsSnapshot.T3ChatProviderSettings)
+    case commandcode(ProviderSettingsSnapshot.CommandCodeProviderSettings)
     case ollama(ProviderSettingsSnapshot.OllamaProviderSettings)
     case jetbrains(ProviderSettingsSnapshot.JetBrainsProviderSettings)
+    case windsurf(ProviderSettingsSnapshot.WindsurfProviderSettings)
+    case perplexity(ProviderSettingsSnapshot.PerplexityProviderSettings)
+    case mimo(ProviderSettingsSnapshot.MiMoProviderSettings)
+    case abacus(ProviderSettingsSnapshot.AbacusProviderSettings)
+    case mistral(ProviderSettingsSnapshot.MistralProviderSettings)
+    case stepfun(ProviderSettingsSnapshot.StepFunProviderSettings)
 }
 
 public struct ProviderSettingsSnapshotBuilder: Sendable {
@@ -273,38 +506,65 @@ public struct ProviderSettingsSnapshotBuilder: Sendable {
     public var claude: ProviderSettingsSnapshot.ClaudeProviderSettings?
     public var cursor: ProviderSettingsSnapshot.CursorProviderSettings?
     public var opencode: ProviderSettingsSnapshot.OpenCodeProviderSettings?
+    public var opencodego: ProviderSettingsSnapshot.OpenCodeProviderSettings?
+    public var alibaba: ProviderSettingsSnapshot.AlibabaCodingPlanProviderSettings?
+    public var alibabaTokenPlan: ProviderSettingsSnapshot.AlibabaTokenPlanProviderSettings?
     public var factory: ProviderSettingsSnapshot.FactoryProviderSettings?
     public var minimax: ProviderSettingsSnapshot.MiniMaxProviderSettings?
+    public var manus: ProviderSettingsSnapshot.ManusProviderSettings?
     public var zai: ProviderSettingsSnapshot.ZaiProviderSettings?
     public var copilot: ProviderSettingsSnapshot.CopilotProviderSettings?
     public var kilo: ProviderSettingsSnapshot.KiloProviderSettings?
     public var kimi: ProviderSettingsSnapshot.KimiProviderSettings?
     public var augment: ProviderSettingsSnapshot.AugmentProviderSettings?
+    public var moonshot: ProviderSettingsSnapshot.MoonshotProviderSettings?
     public var amp: ProviderSettingsSnapshot.AmpProviderSettings?
+    public var t3chat: ProviderSettingsSnapshot.T3ChatProviderSettings?
+    public var commandcode: ProviderSettingsSnapshot.CommandCodeProviderSettings?
     public var ollama: ProviderSettingsSnapshot.OllamaProviderSettings?
     public var jetbrains: ProviderSettingsSnapshot.JetBrainsProviderSettings?
+    public var windsurf: ProviderSettingsSnapshot.WindsurfProviderSettings?
+    public var perplexity: ProviderSettingsSnapshot.PerplexityProviderSettings?
+    public var mimo: ProviderSettingsSnapshot.MiMoProviderSettings?
+    public var abacus: ProviderSettingsSnapshot.AbacusProviderSettings?
+    public var mistral: ProviderSettingsSnapshot.MistralProviderSettings?
+    public var stepfun: ProviderSettingsSnapshot.StepFunProviderSettings?
 
     public init(debugMenuEnabled: Bool = false, debugKeepCLISessionsAlive: Bool = false) {
         self.debugMenuEnabled = debugMenuEnabled
         self.debugKeepCLISessionsAlive = debugKeepCLISessionsAlive
     }
 
+    // swiftlint:disable:next cyclomatic_complexity
     public mutating func apply(_ contribution: ProviderSettingsSnapshotContribution) {
         switch contribution {
         case let .codex(value): self.codex = value
         case let .claude(value): self.claude = value
         case let .cursor(value): self.cursor = value
         case let .opencode(value): self.opencode = value
+        case let .opencodego(value): self.opencodego = value
+        case let .alibaba(value): self.alibaba = value
+        case let .alibabaTokenPlan(value): self.alibabaTokenPlan = value
         case let .factory(value): self.factory = value
         case let .minimax(value): self.minimax = value
+        case let .manus(value): self.manus = value
         case let .zai(value): self.zai = value
         case let .copilot(value): self.copilot = value
         case let .kilo(value): self.kilo = value
         case let .kimi(value): self.kimi = value
         case let .augment(value): self.augment = value
+        case let .moonshot(value): self.moonshot = value
         case let .amp(value): self.amp = value
+        case let .t3chat(value): self.t3chat = value
+        case let .commandcode(value): self.commandcode = value
         case let .ollama(value): self.ollama = value
         case let .jetbrains(value): self.jetbrains = value
+        case let .windsurf(value): self.windsurf = value
+        case let .perplexity(value): self.perplexity = value
+        case let .mimo(value): self.mimo = value
+        case let .abacus(value): self.abacus = value
+        case let .mistral(value): self.mistral = value
+        case let .stepfun(value): self.stepfun = value
         }
     }
 
@@ -316,15 +576,28 @@ public struct ProviderSettingsSnapshotBuilder: Sendable {
             claude: self.claude,
             cursor: self.cursor,
             opencode: self.opencode,
+            opencodego: self.opencodego,
+            alibaba: self.alibaba,
+            alibabaTokenPlan: self.alibabaTokenPlan,
             factory: self.factory,
             minimax: self.minimax,
+            manus: self.manus,
             zai: self.zai,
             copilot: self.copilot,
             kilo: self.kilo,
             kimi: self.kimi,
             augment: self.augment,
+            moonshot: self.moonshot,
             amp: self.amp,
+            t3chat: self.t3chat,
+            commandcode: self.commandcode,
             ollama: self.ollama,
-            jetbrains: self.jetbrains)
+            jetbrains: self.jetbrains,
+            windsurf: self.windsurf,
+            perplexity: self.perplexity,
+            mimo: self.mimo,
+            abacus: self.abacus,
+            mistral: self.mistral,
+            stepfun: self.stepfun)
     }
 }
diff --git a/Sources/CodexBarCore/Providers/ProviderTokenResolver.swift b/Sources/CodexBarCore/Providers/ProviderTokenResolver.swift
index ada9fac8d..cd555a6bd 100644
--- a/Sources/CodexBarCore/Providers/ProviderTokenResolver.swift
+++ b/Sources/CodexBarCore/Providers/ProviderTokenResolver.swift
@@ -26,6 +26,24 @@ public enum ProviderTokenResolver {
         self.syntheticResolution(environment: environment)?.token
     }
 
+    public static func openAIAPIToken(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.openAIAPIResolution(environment: environment)?.token
+    }
+
+    public static func azureOpenAIToken(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.azureOpenAIResolution(environment: environment)?.token
+    }
+
+    public static func claudeAdminAPIToken(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.claudeAdminAPIResolution(environment: environment)?.token
+    }
+
     public static func copilotToken(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
         self.copilotResolution(environment: environment)?.token
     }
@@ -34,6 +52,10 @@ public enum ProviderTokenResolver {
         self.minimaxTokenResolution(environment: environment)?.token
     }
 
+    public static func alibabaToken(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        self.alibabaTokenResolution(environment: environment)?.token
+    }
+
     public static func minimaxCookie(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
         self.minimaxCookieResolution(environment: environment)?.token
     }
@@ -46,6 +68,14 @@ public enum ProviderTokenResolver {
         self.kimiK2Resolution(environment: environment)?.token
     }
 
+    public static func moonshotToken(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        self.moonshotResolution(environment: environment)?.token
+    }
+
+    public static func ollamaToken(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        self.ollamaResolution(environment: environment)?.token
+    }
+
     public static func kiloToken(
         environment: [String: String] = ProcessInfo.processInfo.environment,
         authFileURL: URL? = nil) -> String?
@@ -61,6 +91,103 @@ public enum ProviderTokenResolver {
         self.openRouterResolution(environment: environment)?.token
     }
 
+    public static func elevenLabsToken(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.elevenLabsResolution(environment: environment)?.token
+    }
+
+    public static func groqToken(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        self.groqResolution(environment: environment)?.token
+    }
+
+    public static func llmProxyToken(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        self.llmProxyResolution(environment: environment)?.token
+    }
+
+    public static func perplexitySessionToken(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.perplexityResolution(environment: environment)?.token
+    }
+
+    public static func deepseekToken(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.deepseekResolution(environment: environment)?.token
+    }
+
+    public static func crofToken(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.crofResolution(environment: environment)?.token
+    }
+
+    public static func veniceToken(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.veniceResolution(environment: environment)?.token
+    }
+
+    public static func stepfunToken(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.stepfunResolution(environment: environment)?.token
+    }
+
+    public static func doubaoToken(environment: [String: String] = ProcessInfo.processInfo.environment) -> String? {
+        self.doubaoResolution(environment: environment)?.token
+    }
+
+    public static func bedrockAccessKeyID(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.bedrockResolution(environment: environment)?.token
+    }
+
+    public static func bedrockResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
+    {
+        self.resolveEnv(BedrockSettingsReader.accessKeyID(environment: environment))
+    }
+
+    public static func deepseekResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
+    {
+        self.resolveEnv(DeepSeekSettingsReader.apiKey(environment: environment))
+    }
+
+    public static func crofResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
+    {
+        self.resolveEnv(CrofSettingsReader.apiKey(environment: environment))
+    }
+
+    public static func veniceResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
+    {
+        self.resolveEnv(VeniceSettingsReader.apiKey(environment: environment))
+    }
+
+    public static func codebuffToken(
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        authFileURL: URL? = nil) -> String?
+    {
+        self.codebuffResolution(environment: environment, authFileURL: authFileURL)?.token
+    }
+
+    public static func stepfunResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
+    {
+        self.resolveEnv(StepFunSettingsReader.token(environment: environment))
+    }
+
+    public static func doubaoResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
+    {
+        self.resolveEnv(DoubaoSettingsReader.apiKey(environment: environment))
+    }
+
     public static func zaiResolution(
         environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
     {
@@ -73,6 +200,24 @@ public enum ProviderTokenResolver {
         self.resolveEnv(SyntheticSettingsReader.apiKey(environment: environment))
     }
 
+    public static func openAIAPIResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
+    {
+        self.resolveEnv(OpenAIAPISettingsReader.apiKey(environment: environment))
+    }
+
+    public static func azureOpenAIResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
+    {
+        self.resolveEnv(AzureOpenAISettingsReader.apiKey(environment: environment))
+    }
+
+    public static func claudeAdminAPIResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
+    {
+        self.resolveEnv(ClaudeAdminAPISettingsReader.apiKey(environment: environment))
+    }
+
     public static func copilotResolution(
         environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
     {
@@ -85,6 +230,12 @@ public enum ProviderTokenResolver {
         self.resolveEnv(MiniMaxAPISettingsReader.apiToken(environment: environment))
     }
 
+    public static func alibabaTokenResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
+    {
+        self.resolveEnv(AlibabaCodingPlanSettingsReader.apiToken(environment: environment))
+    }
+
     public static func minimaxCookieResolution(
         environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
     {
@@ -116,6 +267,18 @@ public enum ProviderTokenResolver {
         self.resolveEnv(KimiK2SettingsReader.apiKey(environment: environment))
     }
 
+    public static func moonshotResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
+    {
+        self.resolveEnv(MoonshotSettingsReader.apiKey(environment: environment))
+    }
+
+    public static func ollamaResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
+    {
+        self.resolveEnv(OllamaAPISettingsReader.apiKey(environment: environment))
+    }
+
     public static func kiloResolution(
         environment: [String: String] = ProcessInfo.processInfo.environment,
         authFileURL: URL? = nil) -> ProviderTokenResolution?
@@ -141,6 +304,74 @@ public enum ProviderTokenResolver {
         self.resolveEnv(OpenRouterSettingsReader.apiToken(environment: environment))
     }
 
+    public static func elevenLabsResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
+    {
+        self.resolveEnv(ElevenLabsSettingsReader.apiKey(environment: environment))
+    }
+
+    public static func groqResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
+    {
+        self.resolveEnv(GroqSettingsReader.apiKey(environment: environment))
+    }
+
+    public static func llmProxyResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
+    {
+        self.resolveEnv(LLMProxySettingsReader.apiKey(environment: environment))
+    }
+
+    public enum DeepgramCredentialKind: Sendable {
+        case apiKey
+        case projectID
+    }
+
+    public static func deepgramResolution(
+        type: DeepgramCredentialKind,
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        switch type {
+        case .apiKey:
+            self.resolveEnv(DeepgramSettingsReader.apiKey(environment: environment))?.token
+
+        case .projectID:
+            self.resolveEnv(DeepgramSettingsReader.projectID(environment: environment))?.token
+        }
+    }
+
+    public static func codebuffResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        authFileURL: URL? = nil) -> ProviderTokenResolution?
+    {
+        if let resolution = self.resolveEnv(CodebuffSettingsReader.apiKey(environment: environment)) {
+            return resolution
+        }
+        if let token = CodebuffSettingsReader.authToken(authFileURL: authFileURL) {
+            return ProviderTokenResolution(token: token, source: .authFile)
+        }
+        return nil
+    }
+
+    public static func perplexityResolution(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> ProviderTokenResolution?
+    {
+        if let resolution = self.resolveEnv(PerplexitySettingsReader.sessionToken(environment: environment)) {
+            return resolution
+        }
+        #if os(macOS)
+        do {
+            let session = try PerplexityCookieImporter.importSession()
+            if let token = session.sessionToken {
+                return ProviderTokenResolution(token: token, source: .environment)
+            }
+        } catch {
+            // No browser cookies found, continue to fallback
+        }
+        #endif
+        return nil
+    }
+
     private static func cleaned(_ raw: String?) -> String? {
         guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
             return nil
@@ -149,8 +380,7 @@ public enum ProviderTokenResolver {
         if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
             (value.hasPrefix("'") && value.hasSuffix("'"))
         {
-            value.removeFirst()
-            value.removeLast()
+            value = String(value.dropFirst().dropLast())
         }
 
         value = value.trimmingCharacters(in: .whitespacesAndNewlines)
diff --git a/Sources/CodexBarCore/Providers/ProviderVersionDetector.swift b/Sources/CodexBarCore/Providers/ProviderVersionDetector.swift
index 15dd131da..4d133b2a4 100644
--- a/Sources/CodexBarCore/Providers/ProviderVersionDetector.swift
+++ b/Sources/CodexBarCore/Providers/ProviderVersionDetector.swift
@@ -1,3 +1,8 @@
+#if canImport(Darwin)
+import Darwin
+#else
+import Glibc
+#endif
 import Foundation
 
 public enum ProviderVersionDetector {
@@ -10,7 +15,8 @@ public enum ProviderVersionDetector {
                 options: TTYCommandRunner.Options(
                     timeout: 5.0,
                     extraArgs: ["--allowed-tools", "", "--version"],
-                    initialDelay: 0.0)).text
+                    initialDelay: 0.0,
+                    useClaudeProbeWorkingDirectory: true)).text
             let trimmed = TextParsing.stripANSICodes(out).trimmingCharacters(in: .whitespacesAndNewlines)
             return trimmed.isEmpty ? nil : trimmed
         } catch {
@@ -45,13 +51,19 @@ public enum ProviderVersionDetector {
         return nil
     }
 
-    private static func run(path: String, args: [String]) -> String? {
+    static func run(path: String, args: [String], timeout: TimeInterval = 2.0) -> String? {
         let proc = Process()
         proc.executableURL = URL(fileURLWithPath: path)
         proc.arguments = args
         let out = Pipe()
         proc.standardOutput = out
         proc.standardError = Pipe()
+        proc.standardInput = nil
+
+        let exitSemaphore = DispatchSemaphore(value: 0)
+        proc.terminationHandler = { _ in
+            exitSemaphore.signal()
+        }
 
         do {
             try proc.run()
@@ -59,19 +71,9 @@ public enum ProviderVersionDetector {
             return nil
         }
 
-        let deadline = Date().addingTimeInterval(2.0)
-        while proc.isRunning, Date() < deadline {
-            usleep(50000)
-        }
-        if proc.isRunning {
-            proc.terminate()
-            let killDeadline = Date().addingTimeInterval(0.5)
-            while proc.isRunning, Date() < killDeadline {
-                usleep(20000)
-            }
-            if proc.isRunning {
-                kill(proc.processIdentifier, SIGKILL)
-            }
+        let didExit = exitSemaphore.wait(timeout: .now() + timeout) == .success
+        if !didExit, !Self.forceExit(proc, exitSemaphore: exitSemaphore) {
+            return nil
         }
 
         let data = out.fileHandleForReading.readDataToEndOfFile()
@@ -82,4 +84,17 @@ public enum ProviderVersionDetector {
         let trimmed = text.trimmingCharacters(in: .whitespacesAndNewlines)
         return trimmed.isEmpty ? nil : trimmed
     }
+
+    private static func forceExit(_ proc: Process, exitSemaphore: DispatchSemaphore) -> Bool {
+        guard proc.isRunning else { return true }
+
+        proc.terminate()
+        if exitSemaphore.wait(timeout: .now() + 0.5) == .success {
+            return true
+        }
+
+        guard proc.isRunning else { return true }
+        kill(proc.processIdentifier, SIGKILL)
+        return exitSemaphore.wait(timeout: .now() + 1.0) == .success
+    }
 }
diff --git a/Sources/CodexBarCore/Providers/Providers.swift b/Sources/CodexBarCore/Providers/Providers.swift
index f48eefe43..e71f36370 100644
--- a/Sources/CodexBarCore/Providers/Providers.swift
+++ b/Sources/CodexBarCore/Providers/Providers.swift
@@ -4,15 +4,21 @@ import SweetCookieKit
 // swiftformat:disable sortDeclarations
 public enum UsageProvider: String, CaseIterable, Sendable, Codable {
     case codex
+    case openai
+    case azureopenai
     case claude
     case cursor
     case opencode
+    case opencodego
+    case alibaba
+    case alibabatokenplan
     case factory
     case gemini
     case antigravity
     case copilot
     case zai
     case minimax
+    case manus
     case kimi
     case kilo
     case kiro
@@ -20,24 +26,48 @@ public enum UsageProvider: String, CaseIterable, Sendable, Codable {
     case augment
     case jetbrains
     case kimik2
+    case moonshot
     case amp
+    case t3chat
     case ollama
     case synthetic
     case warp
     case openrouter
+    case elevenlabs
+    case windsurf
+    case perplexity
+    case mimo
+    case doubao
+    case abacus
+    case mistral
+    case deepseek
+    case codebuff
+    case crof
+    case venice
+    case commandcode
+    case stepfun
+    case bedrock
+    case grok
+    case groq
+    case llmproxy
+    case deepgram
 }
 
 // swiftformat:enable sortDeclarations
 
 public enum IconStyle: Sendable, CaseIterable {
     case codex
+    case openai
     case claude
     case zai
     case minimax
+    case manus
     case gemini
     case antigravity
     case cursor
     case opencode
+    case opencodego
+    case alibaba
     case factory
     case copilot
     case kimi
@@ -47,11 +77,31 @@ public enum IconStyle: Sendable, CaseIterable {
     case vertexai
     case augment
     case jetbrains
+    case moonshot
     case amp
+    case t3chat
     case ollama
     case synthetic
     case warp
     case openrouter
+    case elevenlabs
+    case windsurf
+    case perplexity
+    case mimo
+    case doubao
+    case abacus
+    case mistral
+    case deepseek
+    case codebuff
+    case crof
+    case venice
+    case commandcode
+    case stepfun
+    case bedrock
+    case grok
+    case groq
+    case llmproxy
+    case deepgram
     case combined
 }
 
@@ -72,6 +122,8 @@ public struct ProviderMetadata: Sendable {
     public let browserCookieOrder: BrowserCookieImportOrder?
     public let dashboardURL: String?
     public let subscriptionDashboardURL: String?
+    /// Provider-specific release notes or changelog URL for CLI/provider updates.
+    public let changelogURL: String?
     /// Statuspage.io base URL for incident polling (append /api/v2/status.json).
     public let statusPageURL: String?
     /// Browser-only status link (no API polling); used when statusPageURL is nil.
@@ -96,6 +148,7 @@ public struct ProviderMetadata: Sendable {
         browserCookieOrder: BrowserCookieImportOrder? = nil,
         dashboardURL: String?,
         subscriptionDashboardURL: String? = nil,
+        changelogURL: String? = nil,
         statusPageURL: String?,
         statusLinkURL: String? = nil,
         statusWorkspaceProductID: String? = nil)
@@ -116,6 +169,7 @@ public struct ProviderMetadata: Sendable {
         self.browserCookieOrder = browserCookieOrder
         self.dashboardURL = dashboardURL
         self.subscriptionDashboardURL = subscriptionDashboardURL
+        self.changelogURL = changelogURL
         self.statusPageURL = statusPageURL
         self.statusLinkURL = statusLinkURL
         self.statusWorkspaceProductID = statusWorkspaceProductID
@@ -136,4 +190,34 @@ public enum ProviderBrowserCookieDefaults {
         nil
         #endif
     }
+
+    /// Safari first for Cursor: active sessions often live only there, and Chromium profiles may carry stale tokens.
+    public static var cursorCookieImportOrder: BrowserCookieImportOrder? {
+        #if os(macOS)
+        [.safari] + Browser.defaultImportOrder.filter { $0 != .safari }
+        #else
+        nil
+        #endif
+    }
+
+    /// Preserve the legacy Codex prompt behavior: prefer Safari/Chrome/Firefox before
+    /// probing additional Chromium variants that may trigger Safe Storage prompts.
+    public static var codexCookieImportOrder: BrowserCookieImportOrder? {
+        #if os(macOS)
+        let preferredPrefix: [Browser] = [.safari, .chrome, .firefox]
+        return preferredPrefix + Browser.defaultImportOrder.filter { !preferredPrefix.contains($0) }
+        #else
+        nil
+        #endif
+    }
+
+    /// Grok is normally signed in through Chrome; keep this narrow so CLI/live probes do not touch
+    /// unrelated browser keychains.
+    public static var grokCookieImportOrder: BrowserCookieImportOrder? {
+        #if os(macOS)
+        [.chrome]
+        #else
+        nil
+        #endif
+    }
 }
diff --git a/Sources/CodexBarCore/Providers/StepFun/StepFunProviderDescriptor.swift b/Sources/CodexBarCore/Providers/StepFun/StepFunProviderDescriptor.swift
new file mode 100644
index 000000000..5724db3b9
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/StepFun/StepFunProviderDescriptor.swift
@@ -0,0 +1,316 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum StepFunProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .stepfun,
+            metadata: ProviderMetadata(
+                id: .stepfun,
+                displayName: "StepFun",
+                sessionLabel: "5h Window",
+                weeklyLabel: "Weekly Window",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show StepFun usage",
+                cliName: "stepfun",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: nil,
+                dashboardURL: "https://platform.stepfun.com/plan-usage",
+                statusPageURL: nil,
+                statusLinkURL: nil),
+            branding: ProviderBranding(
+                iconStyle: .stepfun,
+                iconResourceName: "ProviderIcon-stepfun",
+                color: ProviderColor(red: 0.13, green: 0.59, blue: 0.95)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "StepFun per-day cost history is not available via API." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .web],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [StepFunWebFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "stepfun",
+                aliases: ["step-fun", "sf"],
+                versionDetector: nil))
+    }
+}
+
+struct StepFunWebFetchStrategy: ProviderFetchStrategy {
+    let id: String = "stepfun.web"
+    let kind: ProviderFetchKind = .web
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        context.settings?.stepfun?.cookieSource != .off
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        do {
+            let resolved = try await Self.resolveToken(context: context, allowCached: true)
+            let usage = try await StepFunUsageFetcher.fetchUsage(token: resolved.token)
+            return self.makeResult(
+                usage: usage.toUsageSnapshot(),
+                sourceLabel: "web")
+        } catch let error where Self.isAuthenticationFailure(error) {
+            return try await self.recoverFromAuthenticationFailure(context: context, originalError: error)
+        }
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    // MARK: - Token Resolution
+
+    private struct ResolvedToken {
+        let token: String
+        let source: TokenSource
+    }
+
+    private enum TokenSource {
+        case manual
+        case cached
+        case settingsLogin
+        case environmentToken
+        case environmentLogin
+    }
+
+    private static func resolveToken(
+        context: ProviderFetchContext,
+        allowCached: Bool) async throws -> ResolvedToken
+    {
+        let settings = context.settings?.stepfun
+
+        // 1. Manual mode: use the token directly from settings
+        if settings?.cookieSource == .manual {
+            let manualToken = settings?.manualToken ?? ""
+            guard !manualToken.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty else {
+                throw StepFunUsageError.missingToken
+            }
+            return ResolvedToken(
+                token: StepFunTokenNormalizer.normalize(manualToken),
+                source: .manual)
+        }
+
+        // 2. Cached token from previous login
+        if allowCached, let cached = CookieHeaderCache.load(provider: .stepfun) {
+            return ResolvedToken(
+                token: StepFunTokenNormalizer.normalize(cached.cookieHeader),
+                source: .cached)
+        }
+
+        // 3. Username + password from Settings UI → perform full login flow
+        //    (register device → sign in by password → get Oasis-Token)
+        if let settings, !settings.username.isEmpty, !settings.password.isEmpty {
+            let token = try await StepFunUsageFetcher.login(
+                username: settings.username,
+                password: settings.password)
+            CookieHeaderCache.store(provider: .stepfun, cookieHeader: token, sourceLabel: "login")
+            return ResolvedToken(token: token, source: .settingsLogin)
+        }
+
+        // 4. Direct token from env var
+        if let token = StepFunSettingsReader.token(environment: context.env) {
+            return ResolvedToken(token: token, source: .environmentToken)
+        }
+
+        // 5. Username + password from env vars → perform full login flow
+        if let username = StepFunSettingsReader.username(environment: context.env),
+           let password = StepFunSettingsReader.password(environment: context.env)
+        {
+            let token = try await StepFunUsageFetcher.login(username: username, password: password)
+            CookieHeaderCache.store(provider: .stepfun, cookieHeader: token, sourceLabel: "login")
+            return ResolvedToken(token: token, source: .environmentLogin)
+        }
+
+        throw StepFunUsageError.missingCredentials
+    }
+
+    private func recoverFromAuthenticationFailure(
+        context: ProviderFetchContext,
+        originalError: Error) async throws -> ProviderFetchResult
+    {
+        let resolved = try await Self.resolveToken(context: context, allowCached: true)
+        let refreshed: String
+        do {
+            refreshed = try await StepFunUsageFetcher.refreshToken(token: resolved.token)
+        } catch {
+            if let fallback = try await Self.resolvedTokenWithoutStaleCache(context: context, source: resolved.source) {
+                do {
+                    let usage = try await StepFunUsageFetcher.fetchUsage(token: fallback.token)
+                    await Self.persistRecoveredToken(fallback.token, source: fallback.source, context: context)
+                    return self.makeResult(
+                        usage: usage.toUsageSnapshot(),
+                        sourceLabel: "web")
+                } catch {
+                    if !Self.isAuthenticationFailure(error) {
+                        throw error
+                    }
+                }
+            }
+            if let loginToken = try await Self.loginTokenIfAvailable(context: context, source: resolved.source) {
+                let usage = try await StepFunUsageFetcher.fetchUsage(token: loginToken)
+                return self.makeResult(
+                    usage: usage.toUsageSnapshot(),
+                    sourceLabel: "web")
+            }
+            throw Self.actionableAuthenticationError(for: resolved.source, originalError: originalError)
+        }
+
+        await Self.persistRecoveredToken(refreshed, source: resolved.source, context: context)
+
+        do {
+            let usage = try await StepFunUsageFetcher.fetchUsage(token: refreshed)
+            return self.makeResult(
+                usage: usage.toUsageSnapshot(),
+                sourceLabel: "web")
+        } catch let retryError where Self.isAuthenticationFailure(retryError) {
+            if let loginToken = try await Self.loginTokenIfAvailable(context: context, source: resolved.source) {
+                let usage = try await StepFunUsageFetcher.fetchUsage(token: loginToken)
+                return self.makeResult(
+                    usage: usage.toUsageSnapshot(),
+                    sourceLabel: "web")
+            }
+            throw Self.actionableAuthenticationError(for: resolved.source, originalError: originalError)
+        }
+    }
+
+    private static func resolvedTokenWithoutStaleCache(
+        context: ProviderFetchContext,
+        source: TokenSource) async throws -> ResolvedToken?
+    {
+        guard case .cached = source else { return nil }
+        CookieHeaderCache.clear(provider: .stepfun)
+        do {
+            return try await self.resolveToken(context: context, allowCached: false)
+        } catch StepFunUsageError.missingCredentials {
+            return nil
+        } catch StepFunUsageError.missingToken {
+            return nil
+        }
+    }
+
+    private static func loginTokenIfAvailable(
+        context: ProviderFetchContext,
+        source: TokenSource) async throws -> String?
+    {
+        if case .manual = source {
+            return nil
+        }
+
+        let settings = context.settings?.stepfun
+        if settings?.cookieSource != .manual,
+           let settings,
+           !settings.username.isEmpty,
+           !settings.password.isEmpty
+        {
+            CookieHeaderCache.clear(provider: .stepfun)
+            let token = try await StepFunUsageFetcher.login(
+                username: settings.username,
+                password: settings.password)
+            CookieHeaderCache.store(provider: .stepfun, cookieHeader: token, sourceLabel: "login")
+            return token
+        }
+
+        if let username = StepFunSettingsReader.username(environment: context.env),
+           let password = StepFunSettingsReader.password(environment: context.env)
+        {
+            CookieHeaderCache.clear(provider: .stepfun)
+            let token = try await StepFunUsageFetcher.login(username: username, password: password)
+            CookieHeaderCache.store(provider: .stepfun, cookieHeader: token, sourceLabel: "login")
+            return token
+        }
+
+        return nil
+    }
+
+    private static func persistRecoveredToken(
+        _ token: String,
+        source: TokenSource,
+        context: ProviderFetchContext) async
+    {
+        switch source {
+        case .cached, .settingsLogin, .environmentLogin:
+            CookieHeaderCache.store(provider: .stepfun, cookieHeader: token, sourceLabel: "refresh")
+        case .manual:
+            guard let accountID = context.selectedTokenAccountID,
+                  let updater = context.tokenAccountTokenUpdater
+            else {
+                await context.providerManualTokenUpdater?(.stepfun, token)
+                return
+            }
+            await updater(.stepfun, accountID, token)
+        case .environmentToken:
+            guard let accountID = context.selectedTokenAccountID,
+                  let updater = context.tokenAccountTokenUpdater
+            else { return }
+            await updater(.stepfun, accountID, token)
+        }
+    }
+
+    private static func isAuthenticationFailure(_ error: Error) -> Bool {
+        guard case let StepFunUsageError.apiError(message) = error else {
+            return false
+        }
+        let lower = message.trimmingCharacters(in: .whitespacesAndNewlines).lowercased()
+        return lower.contains("401") ||
+            lower.contains("403") ||
+            lower.contains("unauthorized") ||
+            lower.contains("unauthenticated") ||
+            lower.contains("invalid credentials") ||
+            lower.contains("invalid token") ||
+            lower.contains("token expired") ||
+            lower.contains("expired token")
+    }
+
+    private static func actionableAuthenticationError(
+        for source: TokenSource,
+        originalError: Error) -> StepFunUsageError
+    {
+        let suffix = switch source {
+        case .manual:
+            "Refresh the Oasis-Token, or switch StepFun to auto auth with username/password."
+        case .environmentToken:
+            "Refresh STEPFUN_TOKEN, or configure STEPFUN_USERNAME and STEPFUN_PASSWORD."
+        case .cached, .settingsLogin, .environmentLogin:
+            "Refresh the StepFun credentials and try again."
+        }
+        return .apiError("\(Self.authenticationFailureMessage(originalError)). \(suffix)")
+    }
+
+    private static func authenticationFailureMessage(_ error: Error) -> String {
+        if case let StepFunUsageError.apiError(message) = error {
+            return message
+        }
+        return error.localizedDescription
+    }
+}
+
+// MARK: - Token Normalizer
+
+public enum StepFunTokenNormalizer {
+    /// Normalize a StepFun token value — extracts the Oasis-Token from a cookie header
+    /// or returns the raw token value if it's not a cookie header.
+    public static func normalize(_ raw: String) -> String {
+        let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return "" }
+
+        // If it looks like a cookie header, extract Oasis-Token
+        if trimmed.contains("Oasis-Token=") {
+            let parts = trimmed.components(separatedBy: "Oasis-Token=")
+            if parts.count > 1 {
+                let afterToken = parts[1]
+                return afterToken.components(separatedBy: ";").first?
+                    .trimmingCharacters(in: .whitespaces) ?? afterToken
+            }
+        }
+
+        return trimmed
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/StepFun/StepFunSettingsReader.swift b/Sources/CodexBarCore/Providers/StepFun/StepFunSettingsReader.swift
new file mode 100644
index 000000000..b8a497a6f
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/StepFun/StepFunSettingsReader.swift
@@ -0,0 +1,38 @@
+import Foundation
+
+public struct StepFunSettingsReader: Sendable {
+    public static let usernameEnvironmentKey = "STEPFUN_USERNAME"
+    public static let passwordEnvironmentKey = "STEPFUN_PASSWORD"
+    public static let tokenEnvironmentKey = "STEPFUN_TOKEN"
+
+    public static func username(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.cleaned(environment[self.usernameEnvironmentKey])
+    }
+
+    public static func password(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.cleaned(environment[self.passwordEnvironmentKey])
+    }
+
+    public static func token(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        self.cleaned(environment[self.tokenEnvironmentKey])
+    }
+
+    private static func cleaned(_ raw: String?) -> String? {
+        guard var value = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+        value = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        return value.isEmpty ? nil : value
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/StepFun/StepFunUsageFetcher.swift b/Sources/CodexBarCore/Providers/StepFun/StepFunUsageFetcher.swift
new file mode 100644
index 000000000..9c8bca186
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/StepFun/StepFunUsageFetcher.swift
@@ -0,0 +1,554 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+// MARK: - API response types
+
+/// A flexible number type that can decode from both JSON integers and floats.
+/// The StepFun API returns `five_hour_usage_left_rate: 1` (int) or `0.99781543` (float).
+public struct StepFunFlexibleNumber: Decodable, Sendable {
+    public let value: Double
+
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.singleValueContainer()
+        if let intVal = try? container.decode(Int.self) {
+            self.value = Double(intVal)
+        } else if let doubleVal = try? container.decode(Double.self) {
+            self.value = doubleVal
+        } else {
+            self.value = 0
+        }
+    }
+
+    public init(_ value: Double) {
+        self.value = value
+    }
+}
+
+/// A flexible timestamp type that can decode from both JSON strings and integers.
+/// The StepFun API returns timestamps as strings like `"1777528800"`.
+public struct StepFunFlexibleTimestamp: Decodable, Sendable {
+    public let value: Int64
+
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.singleValueContainer()
+        if let strVal = try? container.decode(String.self), let parsed = Int64(strVal) {
+            self.value = parsed
+        } else if let intVal = try? container.decode(Int64.self) {
+            self.value = intVal
+        } else {
+            self.value = 0
+        }
+    }
+
+    public init(_ value: Int64) {
+        self.value = value
+    }
+}
+
+public struct StepFunRateLimitResponse: Decodable, Sendable {
+    public let status: Int?
+    public let code: Int?
+    public let message: String?
+    public let desc: String?
+    public let fiveHourUsageLeftRate: StepFunFlexibleNumber?
+    public let weeklyUsageLeftRate: StepFunFlexibleNumber?
+    public let fiveHourUsageResetTime: StepFunFlexibleTimestamp?
+    public let weeklyUsageResetTime: StepFunFlexibleTimestamp?
+
+    enum CodingKeys: String, CodingKey {
+        case status
+        case code
+        case message
+        case desc
+        case fiveHourUsageLeftRate = "five_hour_usage_left_rate"
+        case weeklyUsageLeftRate = "weekly_usage_left_rate"
+        case fiveHourUsageResetTime = "five_hour_usage_reset_time"
+        case weeklyUsageResetTime = "weekly_usage_reset_time"
+    }
+
+    public var isSuccess: Bool {
+        self.status == 1
+    }
+}
+
+// MARK: - Plan status response types
+
+struct StepFunPlanStatusResponse: Decodable {
+    let status: Int?
+    let subscription: StepFunSubscription?
+
+    var planName: String? {
+        self.subscription?.name?.trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+}
+
+struct StepFunSubscription: Decodable {
+    let name: String?
+    let planType: Int?
+    let planStatus: Int?
+
+    enum CodingKeys: String, CodingKey {
+        case name
+        case planType = "plan_type"
+        case planStatus = "status"
+    }
+}
+
+// MARK: - Auth response types
+
+struct StepFunRegisterDeviceResponse: Decodable {
+    let accessToken: StepFunTokenPair?
+    let refreshToken: StepFunTokenPair?
+}
+
+struct StepFunLoginResponse: Decodable {
+    let accessToken: StepFunTokenPair?
+    let refreshToken: StepFunTokenPair?
+}
+
+struct StepFunRefreshTokenResponse: Decodable {
+    let accessToken: StepFunTokenPair?
+    let refreshToken: StepFunTokenPair?
+}
+
+struct StepFunTokenPair: Decodable {
+    let raw: String
+}
+
+// MARK: - Domain snapshot
+
+public struct StepFunUsageSnapshot: Sendable {
+    public let fiveHourUsageLeftRate: Double
+    public let weeklyUsageLeftRate: Double
+    public let fiveHourUsageResetTime: Date
+    public let weeklyUsageResetTime: Date
+    public let planName: String?
+    public let updatedAt: Date
+
+    public init(
+        fiveHourUsageLeftRate: Double,
+        weeklyUsageLeftRate: Double,
+        fiveHourUsageResetTime: Date,
+        weeklyUsageResetTime: Date,
+        planName: String? = nil,
+        updatedAt: Date)
+    {
+        self.fiveHourUsageLeftRate = fiveHourUsageLeftRate
+        self.weeklyUsageLeftRate = weeklyUsageLeftRate
+        self.fiveHourUsageResetTime = fiveHourUsageResetTime
+        self.weeklyUsageResetTime = weeklyUsageResetTime
+        self.planName = planName
+        self.updatedAt = updatedAt
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        // Five-hour window: primary
+        let fiveHourUsedPercent = max(0, min(100, (1.0 - self.fiveHourUsageLeftRate) * 100))
+        let fiveHourResetDescription = UsageFormatter.resetDescription(from: self.fiveHourUsageResetTime)
+        let fiveHourWindow = RateWindow(
+            usedPercent: fiveHourUsedPercent,
+            windowMinutes: 300,
+            resetsAt: self.fiveHourUsageResetTime,
+            resetDescription: fiveHourResetDescription)
+
+        // Weekly window: secondary
+        let weeklyUsedPercent = max(0, min(100, (1.0 - self.weeklyUsageLeftRate) * 100))
+        let weeklyResetDescription = UsageFormatter.resetDescription(from: self.weeklyUsageResetTime)
+        let weeklyWindow = RateWindow(
+            usedPercent: weeklyUsedPercent,
+            windowMinutes: 10080,
+            resetsAt: self.weeklyUsageResetTime,
+            resetDescription: weeklyResetDescription)
+
+        let trimmedPlan = self.planName?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let loginMethod = (trimmedPlan?.isEmpty ?? true) ? "password" : trimmedPlan
+
+        let identity = ProviderIdentitySnapshot(
+            providerID: .stepfun,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: loginMethod)
+
+        return UsageSnapshot(
+            primary: fiveHourWindow,
+            secondary: weeklyWindow,
+            tertiary: nil,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+}
+
+// MARK: - Errors
+
+public enum StepFunUsageError: LocalizedError, Sendable {
+    case missingCredentials
+    case missingToken
+    case networkError(String)
+    case apiError(String)
+    case parseFailed(String)
+    case loginFailed(String)
+    case tokenRefreshFailed(String)
+    case deviceRegistrationFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCredentials:
+            "Missing StepFun username or password. Set STEPFUN_USERNAME and STEPFUN_PASSWORD environment variables."
+        case .missingToken:
+            "Missing StepFun authentication token."
+        case let .networkError(message):
+            "StepFun network error: \(message)"
+        case let .apiError(message):
+            "StepFun API error: \(message)"
+        case let .parseFailed(message):
+            "Failed to parse StepFun response: \(message)"
+        case let .loginFailed(message):
+            "StepFun login failed: \(message)"
+        case let .tokenRefreshFailed(message):
+            "StepFun token refresh failed: \(message)"
+        case let .deviceRegistrationFailed(message):
+            "StepFun device registration failed: \(message)"
+        }
+    }
+}
+
+// MARK: - Fetcher
+
+public struct StepFunUsageFetcher: Sendable {
+    private static let log = CodexBarLog.logger(LogCategories.stepfunUsage)
+    private static let platformURL = URL(string: "https://platform.stepfun.com")!
+    private static let apiURL =
+        URL(string: "https://platform.stepfun.com/api/step.openapi.devcenter.Dashboard/QueryStepPlanRateLimit")!
+    private static let planStatusURL =
+        URL(string: "https://platform.stepfun.com/api/step.openapi.devcenter.Dashboard/GetStepPlanStatus")!
+    private static let registerDeviceURL =
+        URL(string: "https://platform.stepfun.com/passport/proto.api.passport.v1.PassportService/RegisterDevice")!
+    private static let loginURL =
+        URL(string: "https://platform.stepfun.com/passport/proto.api.passport.v1.PassportService/SignInByPassword")!
+    private static let refreshTokenURL =
+        URL(string: "https://platform.stepfun.com/passport/proto.api.passport.v1.PassportService/RefreshToken")!
+    private static let timeoutSeconds: TimeInterval = 15
+
+    private static let webID = "c8a1002d2c457e758785a9979832217c7c0b884c"
+    private static let appID = "10300"
+
+    private static let baseHeaders: [String: String] = [
+        "content-type": "application/json",
+        "oasis-appid": appID,
+        "oasis-platform": "web",
+        "oasis-webid": webID,
+        "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) " +
+            "AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36",
+    ]
+
+    // MARK: - Public API
+
+    /// Perform the full login flow (username + password → Oasis-Token) and return the token.
+    /// Does NOT fetch usage — the caller should cache the token and then call `fetchUsage(token:)`.
+    public static func login(username: String, password: String) async throws -> String {
+        try await self.fullLogin(username: username, password: password)
+    }
+
+    /// Refresh an existing Oasis-Token and return a fresh access + refresh token pair.
+    public static func refreshToken(token: String) async throws -> String {
+        try await self.refreshOasisToken(token: token)
+    }
+
+    /// Fetch usage data using an existing Oasis-Token (from env var or cached).
+    public static func fetchUsage(token: String) async throws -> StepFunUsageSnapshot {
+        guard !token.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty else {
+            throw StepFunUsageError.missingToken
+        }
+        return try await self.queryUsage(token: token)
+    }
+
+    /// Full login flow: username + password → token, then fetch usage.
+    public static func fetchUsage(username: String, password: String) async throws -> StepFunUsageSnapshot {
+        let token = try await self.fullLogin(username: username, password: password)
+        return try await self.queryUsage(token: token)
+    }
+
+    // MARK: - Login
+
+    private static func fullLogin(username: String, password: String) async throws -> String {
+        // Step 1: Get INGRESSCOOKIE by visiting the platform homepage
+        let (ingressCookie, _) = try await self.getIngressCookie()
+
+        // Step 2: RegisterDevice → get anonymous token
+        let anonToken = try await self.registerDevice(ingressCookie: ingressCookie)
+
+        // Step 3: SignInByPassword → get authenticated token
+        return try await self.signInByPassword(
+            username: username,
+            password: password,
+            ingressCookie: ingressCookie,
+            anonToken: anonToken)
+    }
+
+    private static func getIngressCookie() async throws -> (String, HTTPURLResponse) {
+        var request = URLRequest(url: self.platformURL)
+        request.httpMethod = "GET"
+        for (key, value) in self.baseHeaders {
+            request.setValue(value, forHTTPHeaderField: key)
+        }
+        request.timeoutInterval = self.timeoutSeconds
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let httpResponse = response.response
+
+        // Extract INGRESSCOOKIE from Set-Cookie headers
+        let setCookieHeaders = httpResponse.allHeaderFields.filter { ($0.key as? String)?.lowercased() == "set-cookie" }
+        var ingressCookie = ""
+        for (_, value) in setCookieHeaders {
+            let cookieString = "\(value)"
+            if cookieString.contains("INGRESSCOOKIE=") {
+                let parts = cookieString.components(separatedBy: "INGRESSCOOKIE=")
+                if parts.count > 1 {
+                    let valuePart = parts[1].components(separatedBy: ";").first ?? ""
+                    ingressCookie = valuePart.trimmingCharacters(in: .whitespaces)
+                }
+            }
+        }
+
+        // Also check cookies from the URLSession cookie store
+        if ingressCookie.isEmpty {
+            let cookies = HTTPCookieStorage.shared.cookies(for: self.platformURL) ?? []
+            for cookie in cookies where cookie.name == "INGRESSCOOKIE" {
+                ingressCookie = cookie.value
+                break
+            }
+        }
+
+        guard !ingressCookie.isEmpty else {
+            throw StepFunUsageError.loginFailed("Could not obtain INGRESSCOOKIE")
+        }
+
+        return (ingressCookie, httpResponse)
+    }
+
+    private static func registerDevice(ingressCookie: String) async throws -> String {
+        var request = URLRequest(url: self.registerDeviceURL)
+        request.httpMethod = "POST"
+        request.httpBody = Data("{}".utf8)
+        for (key, value) in self.baseHeaders {
+            request.setValue(value, forHTTPHeaderField: key)
+        }
+        request.setValue("INGRESSCOOKIE=\(ingressCookie)", forHTTPHeaderField: "Cookie")
+        request.timeoutInterval = self.timeoutSeconds
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
+            let body = String(data: data, encoding: .utf8) ?? ""
+            Self.log.error("StepFun RegisterDevice returned \(response.statusCode): \(body)")
+            throw StepFunUsageError.deviceRegistrationFailed("HTTP \(response.statusCode)")
+        }
+
+        let decoded: StepFunRegisterDeviceResponse
+        do {
+            decoded = try JSONDecoder().decode(StepFunRegisterDeviceResponse.self, from: data)
+        } catch {
+            throw StepFunUsageError.parseFailed("RegisterDevice response: \(error.localizedDescription)")
+        }
+
+        guard let accessToken = decoded.accessToken?.raw, !accessToken.isEmpty else {
+            throw StepFunUsageError.deviceRegistrationFailed("No access token in RegisterDevice response")
+        }
+
+        return self.combinedToken(accessToken: accessToken, refreshToken: decoded.refreshToken?.raw)
+    }
+
+    private static func signInByPassword(
+        username: String,
+        password: String,
+        ingressCookie: String,
+        anonToken: String) async throws -> String
+    {
+        var request = URLRequest(url: self.loginURL)
+        request.httpMethod = "POST"
+        let body: [String: String] = ["username": username, "password": password]
+        request.httpBody = try? JSONSerialization.data(withJSONObject: body)
+        for (key, value) in self.baseHeaders {
+            request.setValue(value, forHTTPHeaderField: key)
+        }
+        request.setValue(
+            "Oasis-Token=\(anonToken); Oasis-Webid=\(self.webID); INGRESSCOOKIE=\(ingressCookie)",
+            forHTTPHeaderField: "Cookie")
+        request.timeoutInterval = self.timeoutSeconds
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
+            let body = String(data: data, encoding: .utf8) ?? ""
+            Self.log.error("StepFun SignInByPassword returned \(response.statusCode): \(body)")
+            throw StepFunUsageError.loginFailed("HTTP \(response.statusCode)")
+        }
+
+        let decoded: StepFunLoginResponse
+        do {
+            decoded = try JSONDecoder().decode(StepFunLoginResponse.self, from: data)
+        } catch {
+            throw StepFunUsageError.parseFailed("SignInByPassword response: \(error.localizedDescription)")
+        }
+
+        guard let accessToken = decoded.accessToken?.raw, !accessToken.isEmpty else {
+            throw StepFunUsageError.loginFailed("No access token in login response")
+        }
+
+        return self.combinedToken(accessToken: accessToken, refreshToken: decoded.refreshToken?.raw)
+    }
+
+    private static func refreshOasisToken(token: String) async throws -> String {
+        let normalized = StepFunTokenNormalizer.normalize(token)
+        guard !normalized.isEmpty else {
+            throw StepFunUsageError.missingToken
+        }
+
+        var request = URLRequest(url: self.refreshTokenURL)
+        request.httpMethod = "POST"
+        request.httpBody = Data("{}".utf8)
+        for (key, value) in self.baseHeaders {
+            request.setValue(value, forHTTPHeaderField: key)
+        }
+        request.setValue(normalized, forHTTPHeaderField: "Oasis-Token")
+        request.setValue(
+            "Oasis-Token=\(normalized); Oasis-Webid=\(self.webID)",
+            forHTTPHeaderField: "Cookie")
+        request.timeoutInterval = self.timeoutSeconds
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
+            let body = String(data: data, encoding: .utf8) ?? ""
+            Self.log.error("StepFun RefreshToken returned \(response.statusCode): \(body)")
+            throw StepFunUsageError.tokenRefreshFailed("HTTP \(response.statusCode)")
+        }
+
+        let decoded: StepFunRefreshTokenResponse
+        do {
+            decoded = try JSONDecoder().decode(StepFunRefreshTokenResponse.self, from: data)
+        } catch {
+            throw StepFunUsageError.parseFailed("RefreshToken response: \(error.localizedDescription)")
+        }
+
+        guard let accessToken = decoded.accessToken?.raw, !accessToken.isEmpty else {
+            throw StepFunUsageError.tokenRefreshFailed("No access token in refresh response")
+        }
+
+        return self.combinedToken(accessToken: accessToken, refreshToken: decoded.refreshToken?.raw)
+    }
+
+    private static func combinedToken(accessToken: String, refreshToken: String?) -> String {
+        guard let refreshToken, !refreshToken.isEmpty else {
+            return accessToken
+        }
+        return "\(accessToken)...\(refreshToken)"
+    }
+
+    // MARK: - Query usage
+
+    private static func queryUsage(token: String) async throws -> StepFunUsageSnapshot {
+        var request = URLRequest(url: self.apiURL)
+        request.httpMethod = "POST"
+        request.httpBody = Data("{}".utf8)
+        for (key, value) in self.baseHeaders {
+            request.setValue(value, forHTTPHeaderField: key)
+        }
+        request.setValue("Oasis-Token=\(token); Oasis-Webid=\(self.webID)", forHTTPHeaderField: "Cookie")
+        request.timeoutInterval = self.timeoutSeconds
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
+            let body = String(data: data, encoding: .utf8) ?? ""
+            Self.log.error("StepFun API returned \(response.statusCode): \(body)")
+            throw StepFunUsageError.apiError("HTTP \(response.statusCode)")
+        }
+
+        if let jsonString = String(data: data, encoding: .utf8) {
+            Self.log.debug("StepFun API response: \(jsonString)")
+        }
+
+        var snapshot = try self.parseSnapshot(data: data)
+
+        // Fetch plan name in parallel is not needed — just do it sequentially.
+        // If plan status fails, we still return usage data without plan name.
+        if let planName = try? await self.queryPlanStatus(token: token) {
+            snapshot = StepFunUsageSnapshot(
+                fiveHourUsageLeftRate: snapshot.fiveHourUsageLeftRate,
+                weeklyUsageLeftRate: snapshot.weeklyUsageLeftRate,
+                fiveHourUsageResetTime: snapshot.fiveHourUsageResetTime,
+                weeklyUsageResetTime: snapshot.weeklyUsageResetTime,
+                planName: planName,
+                updatedAt: snapshot.updatedAt)
+        }
+
+        return snapshot
+    }
+
+    // MARK: - Plan Status
+
+    private static func queryPlanStatus(token: String) async throws -> String? {
+        var request = URLRequest(url: self.planStatusURL)
+        request.httpMethod = "POST"
+        request.httpBody = Data("{}".utf8)
+        for (key, value) in self.baseHeaders {
+            request.setValue(value, forHTTPHeaderField: key)
+        }
+        request.setValue("Oasis-Token=\(token); Oasis-Webid=\(self.webID)", forHTTPHeaderField: "Cookie")
+        request.timeoutInterval = self.timeoutSeconds
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        guard response.statusCode == 200 else {
+            Self.log.debug("StepFun plan status request failed, skipping plan name")
+            return nil
+        }
+
+        let decoded: StepFunPlanStatusResponse
+        do {
+            decoded = try JSONDecoder().decode(StepFunPlanStatusResponse.self, from: response.data)
+        } catch {
+            Self.log.debug("StepFun plan status parse failed: \(error.localizedDescription)")
+            return nil
+        }
+
+        return decoded.planName
+    }
+
+    public static func _parseSnapshotForTesting(_ data: Data) throws -> StepFunUsageSnapshot {
+        try self.parseSnapshot(data: data)
+    }
+
+    private static func parseSnapshot(data: Data) throws -> StepFunUsageSnapshot {
+        let decoded: StepFunRateLimitResponse
+        do {
+            decoded = try JSONDecoder().decode(StepFunRateLimitResponse.self, from: data)
+        } catch {
+            throw StepFunUsageError.parseFailed(error.localizedDescription)
+        }
+
+        guard decoded.isSuccess else {
+            let msg = [decoded.message, decoded.desc]
+                .compactMap { $0?.trimmingCharacters(in: .whitespacesAndNewlines) }
+                .first { !$0.isEmpty } ?? decoded.code.map(String.init) ?? "unknown"
+            throw StepFunUsageError.apiError(msg)
+        }
+
+        guard let fiveHourRate = decoded.fiveHourUsageLeftRate,
+              let weeklyRate = decoded.weeklyUsageLeftRate,
+              let fiveHourReset = decoded.fiveHourUsageResetTime,
+              let weeklyReset = decoded.weeklyUsageResetTime
+        else {
+            throw StepFunUsageError.parseFailed("Missing usage rate or reset time fields")
+        }
+
+        return StepFunUsageSnapshot(
+            fiveHourUsageLeftRate: fiveHourRate.value,
+            weeklyUsageLeftRate: weeklyRate.value,
+            fiveHourUsageResetTime: Date(timeIntervalSince1970: TimeInterval(fiveHourReset.value)),
+            weeklyUsageResetTime: Date(timeIntervalSince1970: TimeInterval(weeklyReset.value)),
+            updatedAt: Date())
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Synthetic/SyntheticProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Synthetic/SyntheticProviderDescriptor.swift
index 550ab9190..b0501408d 100644
--- a/Sources/CodexBarCore/Providers/Synthetic/SyntheticProviderDescriptor.swift
+++ b/Sources/CodexBarCore/Providers/Synthetic/SyntheticProviderDescriptor.swift
@@ -10,12 +10,12 @@ public enum SyntheticProviderDescriptor {
             metadata: ProviderMetadata(
                 id: .synthetic,
                 displayName: "Synthetic",
-                sessionLabel: "Quota",
-                weeklyLabel: "Usage",
-                opusLabel: nil,
-                supportsOpus: false,
+                sessionLabel: "Five-hour quota",
+                weeklyLabel: "Weekly tokens",
+                opusLabel: "Search hourly",
+                supportsOpus: true,
                 supportsCredits: false,
-                creditsHint: "",
+                creditsHint: "Weekly token quota regenerates continuously.",
                 toggleTitle: "Show Synthetic usage",
                 cliName: "synthetic",
                 defaultEnabled: false,
diff --git a/Sources/CodexBarCore/Providers/Synthetic/SyntheticSettingsReader.swift b/Sources/CodexBarCore/Providers/Synthetic/SyntheticSettingsReader.swift
index a6134f883..14e07f430 100644
--- a/Sources/CodexBarCore/Providers/Synthetic/SyntheticSettingsReader.swift
+++ b/Sources/CodexBarCore/Providers/Synthetic/SyntheticSettingsReader.swift
@@ -18,8 +18,7 @@ public struct SyntheticSettingsReader: Sendable {
         if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
             (value.hasPrefix("'") && value.hasSuffix("'"))
         {
-            value.removeFirst()
-            value.removeLast()
+            value = String(value.dropFirst().dropLast())
         }
 
         value = value.trimmingCharacters(in: .whitespacesAndNewlines)
diff --git a/Sources/CodexBarCore/Providers/Synthetic/SyntheticUsageStats.swift b/Sources/CodexBarCore/Providers/Synthetic/SyntheticUsageStats.swift
index 198c42c25..a1ff84f95 100644
--- a/Sources/CodexBarCore/Providers/Synthetic/SyntheticUsageStats.swift
+++ b/Sources/CodexBarCore/Providers/Synthetic/SyntheticUsageStats.swift
@@ -9,29 +9,45 @@ public struct SyntheticQuotaEntry: Sendable {
     public let windowMinutes: Int?
     public let resetsAt: Date?
     public let resetDescription: String?
+    public let nextRegenPercent: Double?
+    public let cost: ProviderCostSnapshot?
 
     public init(
         label: String?,
         usedPercent: Double,
         windowMinutes: Int?,
         resetsAt: Date?,
-        resetDescription: String?)
+        resetDescription: String?,
+        nextRegenPercent: Double? = nil,
+        cost: ProviderCostSnapshot? = nil)
     {
         self.label = label
         self.usedPercent = usedPercent
         self.windowMinutes = windowMinutes
         self.resetsAt = resetsAt
         self.resetDescription = resetDescription
+        self.nextRegenPercent = nextRegenPercent
+        self.cost = cost
     }
 }
 
 public struct SyntheticUsageSnapshot: Sendable {
     public let quotas: [SyntheticQuotaEntry]
+    /// Slot-identified lanes for the known Synthetic response shape: [rolling-5h, weekly, search-hourly].
+    /// When set, `toUsageSnapshot` maps slot 0 → primary, slot 1 → secondary, slot 2 → tertiary,
+    /// so a missing lane stays nil instead of promoting the next lane into the wrong UI label.
+    public let slottedQuotas: [SyntheticQuotaEntry?]?
     public let planName: String?
     public let updatedAt: Date
 
-    public init(quotas: [SyntheticQuotaEntry], planName: String?, updatedAt: Date) {
+    public init(
+        quotas: [SyntheticQuotaEntry],
+        slottedQuotas: [SyntheticQuotaEntry?]? = nil,
+        planName: String?,
+        updatedAt: Date)
+    {
         self.quotas = quotas
+        self.slottedQuotas = slottedQuotas
         self.planName = planName
         self.updatedAt = updatedAt
     }
@@ -39,11 +55,13 @@ public struct SyntheticUsageSnapshot: Sendable {
 
 extension SyntheticUsageSnapshot {
     public func toUsageSnapshot() -> UsageSnapshot {
-        let primaryEntry = self.quotas.first
-        let secondaryEntry = self.quotas.dropFirst().first
+        let slots = self.slottedQuotas
+            ?? [self.quotas.first, self.quotas.dropFirst().first, self.quotas.dropFirst(2).first]
+        let entries: [SyntheticQuotaEntry?] = (0..<3).map { slots.indices.contains($0) ? slots[$0] : nil }
 
-        let primary = primaryEntry.map(Self.rateWindow(for:))
-        let secondary = secondaryEntry.map(Self.rateWindow(for:))
+        let primary = entries[0].map(Self.rateWindow(for:))
+        let secondary = entries[1].map(Self.rateWindow(for:))
+        let tertiary = entries[2].map(Self.rateWindow(for:))
 
         let planName = self.planName?.trimmingCharacters(in: .whitespacesAndNewlines)
         let loginMethod = (planName?.isEmpty ?? true) ? nil : planName
@@ -56,8 +74,8 @@ extension SyntheticUsageSnapshot {
         return UsageSnapshot(
             primary: primary,
             secondary: secondary,
-            tertiary: nil,
-            providerCost: nil,
+            tertiary: tertiary,
+            providerCost: self.quotas.first(where: { $0.cost != nil })?.cost,
             updatedAt: self.updatedAt,
             identity: identity)
     }
@@ -67,7 +85,8 @@ extension SyntheticUsageSnapshot {
             usedPercent: quota.usedPercent,
             windowMinutes: quota.windowMinutes,
             resetsAt: quota.resetsAt,
-            resetDescription: quota.resetDescription)
+            resetDescription: quota.resetDescription,
+            nextRegenPercent: quota.nextRegenPercent)
     }
 }
 
@@ -85,19 +104,15 @@ public struct SyntheticUsageFetcher: Sendable {
         request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
         request.setValue("application/json", forHTTPHeaderField: "Accept")
 
-        let (data, response) = try await URLSession.shared.data(for: request)
-
-        guard let httpResponse = response as? HTTPURLResponse else {
-            throw SyntheticUsageError.networkError("Invalid response")
-        }
-
-        guard httpResponse.statusCode == 200 else {
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
             let errorMessage = String(data: data, encoding: .utf8) ?? "Unknown error"
-            Self.log.error("Synthetic API returned \(httpResponse.statusCode): \(errorMessage)")
-            if httpResponse.statusCode == 401 || httpResponse.statusCode == 403 {
+            Self.log.error("Synthetic API returned \(response.statusCode): \(errorMessage)")
+            if response.statusCode == 401 || response.statusCode == 403 {
                 throw SyntheticUsageError.invalidCredentials
             }
-            throw SyntheticUsageError.apiError("HTTP \(httpResponse.statusCode): \(errorMessage)")
+            throw SyntheticUsageError.apiError("HTTP \(response.statusCode): \(errorMessage)")
         }
 
         do {
@@ -147,20 +162,46 @@ enum SyntheticUsageParser {
         }()
 
         let planName = self.planName(from: root)
-        let quotaObjects = self.quotaObjects(from: root)
-        let quotas = quotaObjects.compactMap { self.parseQuota($0) }
 
+        if let slots = self.prioritizedQuotaSlots(from: root) {
+            let slotted: [SyntheticQuotaEntry?] = slots.map { $0.flatMap(self.parseQuota) }
+            let flat = slotted.compactMap(\.self)
+            guard !flat.isEmpty else {
+                throw SyntheticUsageError.parseFailed("Missing quota data.")
+            }
+            return SyntheticUsageSnapshot(
+                quotas: flat,
+                slottedQuotas: slotted,
+                planName: planName,
+                updatedAt: now)
+        }
+
+        let quotas = self.fallbackQuotaObjects(from: root).compactMap(self.parseQuota)
         guard !quotas.isEmpty else {
             throw SyntheticUsageError.parseFailed("Missing quota data.")
         }
-
         return SyntheticUsageSnapshot(
             quotas: quotas,
             planName: planName,
             updatedAt: now)
     }
 
-    private static func quotaObjects(from root: [String: Any]) -> [[String: Any]] {
+    /// Returns slot-positional quota payloads `[rolling-5h, weekly, search-hourly]` when the known Synthetic
+    /// response shape is detected. Missing lanes stay nil in their slot so downstream code doesn't shift
+    /// labels. Returns nil if none of the known keys appear, so the fallback path runs.
+    private static func prioritizedQuotaSlots(from root: [String: Any]) -> [[String: Any]?]? {
+        let dataDict = root["data"] as? [String: Any]
+        let rolling = self.namedQuota(root["rollingFiveHourLimit"], label: "Rolling five-hour limit")
+            ?? self.namedQuota(dataDict?["rollingFiveHourLimit"], label: "Rolling five-hour limit")
+        let weekly = self.namedQuota(root["weeklyTokenLimit"], label: "Weekly token limit")
+            ?? self.namedQuota(dataDict?["weeklyTokenLimit"], label: "Weekly token limit")
+        let searchHourly = self.namedQuota((root["search"] as? [String: Any])?["hourly"], label: "Search hourly")
+            ?? self.namedQuota((dataDict?["search"] as? [String: Any])?["hourly"], label: "Search hourly")
+        let slots: [[String: Any]?] = [rolling, weekly, searchHourly]
+        return slots.contains(where: { $0 != nil }) ? slots : nil
+    }
+
+    private static func fallbackQuotaObjects(from root: [String: Any]) -> [[String: Any]] {
         let dataDict = root["data"] as? [String: Any]
         let candidates: [Any?] = [
             root["quotas"],
@@ -179,14 +220,8 @@ enum SyntheticUsageParser {
         ]
 
         for candidate in candidates {
-            if let array = candidate as? [[String: Any]] { return array }
-            if let array = candidate as? [Any] {
-                let dicts = array.compactMap { $0 as? [String: Any] }
-                if !dicts.isEmpty { return dicts }
-            }
-            if let dict = candidate as? [String: Any], self.isQuotaPayload(dict) {
-                return [dict]
-            }
+            let quotas = self.extractQuotaObjects(from: candidate)
+            if !quotas.isEmpty { return quotas }
         }
         return []
     }
@@ -239,14 +274,22 @@ enum SyntheticUsageParser {
 
         let windowMinutes = windowMinutes(from: payload)
         let resetsAt = self.firstDate(in: payload, keys: self.resetKeys)
+        // Leave resetDescription nil when resetsAt is set so the UI rebuilds the countdown each render
+        // against the current clock instead of freezing a stale "in Xm" string at parse time.
         let resetDescription = resetsAt == nil ? self.windowDescription(minutes: windowMinutes) : nil
 
+        let cost = self.providerCost(from: payload, usedPercent: clamped, resetsAt: resetsAt)
+        let nextRegenPercent = self.normalizedPercent(
+            self.firstDouble(in: payload, keys: Self.tickPercentKeys))
+
         return SyntheticQuotaEntry(
             label: label,
             usedPercent: clamped,
             windowMinutes: windowMinutes,
             resetsAt: resetsAt,
-            resetDescription: resetDescription)
+            resetDescription: resetDescription,
+            nextRegenPercent: nextRegenPercent,
+            cost: cost)
     }
 
     private static func isQuotaPayload(_ payload: [String: Any]) -> Bool {
@@ -271,9 +314,78 @@ enum SyntheticUsageParser {
         if let seconds = self.firstDouble(in: payload, keys: windowSecondsKeys) {
             return Int((seconds / 60).rounded())
         }
+        if let text = self.firstString(in: payload, keys: windowStringKeys) {
+            return self.windowMinutes(fromText: text)
+        }
         return nil
     }
 
+    private static func namedQuota(_ candidate: Any?, label: String) -> [String: Any]? {
+        guard var payload = candidate as? [String: Any], self.isQuotaPayload(payload) else { return nil }
+        if payload["label"] == nil, payload["name"] == nil {
+            payload["label"] = label
+        }
+        return payload
+    }
+
+    private static func extractQuotaObjects(from candidate: Any?) -> [[String: Any]] {
+        switch candidate {
+        case let array as [[String: Any]]:
+            var nestedQuotas: [[String: Any]] = []
+            for entry in array {
+                if self.isQuotaPayload(entry) {
+                    nestedQuotas.append(entry)
+                } else {
+                    nestedQuotas.append(contentsOf: self.extractQuotaObjects(from: entry))
+                }
+            }
+            return nestedQuotas
+        case let array as [Any]:
+            return array.flatMap { self.extractQuotaObjects(from: $0) }
+        case let dict as [String: Any]:
+            if self.isQuotaPayload(dict) {
+                return [dict]
+            }
+            var nestedQuotas: [[String: Any]] = []
+            for key in dict.keys.sorted() {
+                nestedQuotas.append(contentsOf: self.extractQuotaObjects(from: dict[key]))
+            }
+            return nestedQuotas
+        default:
+            return []
+        }
+    }
+
+    /// Parses durations like `"5hr"`, `"30min"`, `"2 days"`. Suffixes are sorted longest-first so
+    /// multi-letter units always win over their single-letter aliases — no ordering surprises if a
+    /// future unit shares a trailing letter with another.
+    static func windowMinutes(fromText text: String) -> Int? {
+        let normalized = text
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            .lowercased()
+            .replacingOccurrences(of: " ", with: "")
+        guard !normalized.isEmpty else { return nil }
+
+        for (suffix, multiplier) in Self.windowSuffixMultipliers {
+            guard normalized.hasSuffix(suffix) else { continue }
+            let valueText = String(normalized.dropLast(suffix.count))
+            guard let value = Double(valueText), value > 0 else { return nil }
+            return Int((value * multiplier).rounded())
+        }
+        return nil
+    }
+
+    private static let windowSuffixMultipliers: [(suffix: String, multiplier: Double)] = {
+        let raw: [(String, Double)] = [
+            ("minutes", 1), ("minute", 1), ("mins", 1), ("min", 1), ("m", 1),
+            ("hours", 60), ("hour", 60), ("hrs", 60), ("hr", 60), ("h", 60),
+            ("days", 24 * 60), ("day", 24 * 60), ("d", 24 * 60),
+        ]
+        return raw
+            .sorted { $0.0.count > $1.0.count }
+            .map { (suffix: $0.0, multiplier: $0.1) }
+    }()
+
     private static func windowDescription(minutes: Int?) -> String? {
         guard let minutes, minutes > 0 else { return nil }
         let dayMinutes = 24 * 60
@@ -288,6 +400,57 @@ enum SyntheticUsageParser {
         return "\(minutes) minute\(minutes == 1 ? "" : "s") window"
     }
 
+    private static func providerCost(
+        from payload: [String: Any],
+        usedPercent: Double,
+        resetsAt: Date?) -> ProviderCostSnapshot?
+    {
+        guard let limit = self.firstCurrency(in: payload, keys: self.costLimitKeys) else { return nil }
+
+        let remaining = self.firstCurrency(in: payload, keys: self.costRemainingKeys)
+        let usedFromPayload = self.firstCurrency(in: payload, keys: self.costUsedKeys)
+        let nextRegenAmount = self.firstCurrency(in: payload, keys: self.regenAmountKeys)
+        let used = if let usedFromPayload {
+            usedFromPayload
+        } else if let remaining {
+            max(0, limit - remaining)
+        } else {
+            (usedPercent.clamped(to: 0...100) / 100) * limit
+        }
+
+        return ProviderCostSnapshot(
+            used: used,
+            limit: limit,
+            currencyCode: "USD",
+            period: "Weekly",
+            resetsAt: resetsAt,
+            nextRegenAmount: nextRegenAmount,
+            updatedAt: Date())
+    }
+
+    private static func firstCurrency(in payload: [String: Any], keys: [String]) -> Double? {
+        for key in keys {
+            guard let value = payload[key] else { continue }
+            if let text = value as? String,
+               let parsed = self.parseCurrency(text)
+            {
+                return parsed
+            }
+            if let number = self.doubleValue(value) {
+                return number
+            }
+        }
+        return nil
+    }
+
+    private static func parseCurrency(_ text: String) -> Double? {
+        let cleaned = text
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            .replacingOccurrences(of: "$", with: "")
+            .replacingOccurrences(of: ",", with: "")
+        return Double(cleaned)
+    }
+
     private static func normalizedPercent(_ value: Double?) -> Double? {
         guard let value else { return nil }
         if value <= 1 { return value * 100 }
@@ -423,6 +586,13 @@ enum SyntheticUsageParser {
 
     private static let limitKeys = [
         "limit",
+        "messageLimit",
+        "message_limit",
+        "messages",
+        "maxRequests",
+        "max_requests",
+        "requestLimit",
+        "request_limit",
         "quota",
         "max",
         "total",
@@ -433,6 +603,10 @@ enum SyntheticUsageParser {
     private static let usedKeys = [
         "used",
         "usage",
+        "usedMessages",
+        "used_messages",
+        "messagesUsed",
+        "messages_used",
         "requests",
         "requestCount",
         "request_count",
@@ -456,6 +630,10 @@ enum SyntheticUsageParser {
         "renew_at",
         "renewsAt",
         "renews_at",
+        "nextTickAt",
+        "next_tick_at",
+        "nextRegenAt",
+        "next_regen_at",
         "periodEnd",
         "period_end",
         "expiresAt",
@@ -464,6 +642,33 @@ enum SyntheticUsageParser {
         "end_at",
     ]
 
+    private static let regenAmountKeys = [
+        "nextRegenCredits",
+        "next_regen_credits",
+    ]
+
+    private static let tickPercentKeys = [
+        "tickPercent",
+        "tick_percent",
+        "nextTickPercent",
+        "next_tick_percent",
+    ]
+
+    private static let costLimitKeys = [
+        "maxCredits",
+        "max_credits",
+    ]
+
+    private static let costRemainingKeys = [
+        "remainingCredits",
+        "remaining_credits",
+    ]
+
+    private static let costUsedKeys = [
+        "usedCredits",
+        "used_credits",
+    ]
+
     private static let windowMinutesKeys = [
         "windowMinutes",
         "window_minutes",
@@ -491,6 +696,15 @@ enum SyntheticUsageParser {
         "periodSeconds",
         "period_seconds",
     ]
+
+    private static let windowStringKeys = [
+        "window",
+        "windowLabel",
+        "window_label",
+        "period",
+        "periodLabel",
+        "period_label",
+    ]
 }
 
 public enum SyntheticUsageError: LocalizedError, Sendable {
diff --git a/Sources/CodexBarCore/Providers/T3Chat/T3ChatProviderDescriptor.swift b/Sources/CodexBarCore/Providers/T3Chat/T3ChatProviderDescriptor.swift
new file mode 100644
index 000000000..9317b4073
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/T3Chat/T3ChatProviderDescriptor.swift
@@ -0,0 +1,85 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum T3ChatProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .t3chat,
+            metadata: ProviderMetadata(
+                id: .t3chat,
+                displayName: "T3 Chat",
+                sessionLabel: "Base",
+                weeklyLabel: "Overage",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show T3 Chat usage",
+                cliName: "t3chat",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: ProviderBrowserCookieDefaults.defaultImportOrder,
+                dashboardURL: "https://t3.chat/settings/customization",
+                subscriptionDashboardURL: "https://t3.chat/settings/subscription",
+                statusPageURL: nil),
+            branding: ProviderBranding(
+                iconStyle: .t3chat,
+                iconResourceName: "ProviderIcon-t3chat",
+                color: ProviderColor(red: 245 / 255, green: 102 / 255, blue: 71 / 255)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "T3 Chat cost summary is not supported." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .web],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [T3ChatWebFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "t3chat",
+                aliases: ["t3-chat", "t3"],
+                versionDetector: nil))
+    }
+}
+
+struct T3ChatWebFetchStrategy: ProviderFetchStrategy {
+    let id: String = "t3chat.web"
+    let kind: ProviderFetchKind = .web
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        let cookieSource = context.settings?.t3chat?.cookieSource ?? .auto
+        guard cookieSource != .off else { return false }
+        if cookieSource == .manual {
+            return T3ChatUsageFetcher.requestContext(from: context.settings?.t3chat?.manualCookieHeader) != nil
+        }
+        #if os(macOS)
+        return true
+        #else
+        return false
+        #endif
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let fetcher = T3ChatUsageFetcher(browserDetection: context.browserDetection)
+        let manual = Self.manualCookieHeader(from: context)
+        let logger: ((String) -> Void)? = context.verbose
+            ? { msg in CodexBarLog.logger(LogCategories.t3chat).verbose(msg) }
+            : nil
+        let snapshot = try await fetcher.fetch(
+            cookieHeaderOverride: manual,
+            timeout: context.webTimeout,
+            logger: logger)
+        return self.makeResult(
+            usage: snapshot.toUsageSnapshot(),
+            sourceLabel: "web")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    private static func manualCookieHeader(from context: ProviderFetchContext) -> String? {
+        guard context.settings?.t3chat?.cookieSource == .manual else { return nil }
+        return context.settings?.t3chat?.manualCookieHeader
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/T3Chat/T3ChatUsageFetcher.swift b/Sources/CodexBarCore/Providers/T3Chat/T3ChatUsageFetcher.swift
new file mode 100644
index 000000000..bddc960e4
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/T3Chat/T3ChatUsageFetcher.swift
@@ -0,0 +1,366 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+#if os(macOS)
+import SweetCookieKit
+#endif
+
+#if os(macOS)
+private let t3ChatCookieImportOrder: BrowserCookieImportOrder =
+    ProviderDefaults.metadata[.t3chat]?.browserCookieOrder ?? Browser.defaultImportOrder
+
+public enum T3ChatCookieImporter {
+    private static let cookieClient = BrowserCookieClient()
+    private static let cookieDomains = ["t3.chat", "www.t3.chat"]
+
+    public struct SessionInfo: Sendable {
+        public let cookieHeader: String
+        public let sourceLabel: String
+
+        public init(cookieHeader: String, sourceLabel: String) {
+            self.cookieHeader = cookieHeader
+            self.sourceLabel = sourceLabel
+        }
+    }
+
+    public static func importSession(
+        browserDetection: BrowserDetection,
+        logger: ((String) -> Void)? = nil) throws -> SessionInfo
+    {
+        let log: (String) -> Void = { msg in logger?("[t3chat-cookie] \(msg)") }
+        let installed = t3ChatCookieImportOrder.cookieImportCandidates(using: browserDetection)
+
+        for browserSource in installed {
+            do {
+                let query = BrowserCookieQuery(domains: self.cookieDomains)
+                let sources = try self.cookieClient.codexBarRecords(
+                    matching: query,
+                    in: browserSource,
+                    logger: log)
+                for source in sources where !source.records.isEmpty {
+                    let cookies = BrowserCookieClient.makeHTTPCookies(source.records, origin: query.origin)
+                    guard !cookies.isEmpty else { continue }
+                    let names = cookies.map(\.name).joined(separator: ", ")
+                    log("\(source.label) cookies: \(names)")
+                    let header = cookies.map { "\($0.name)=\($0.value)" }.joined(separator: "; ")
+                    return SessionInfo(cookieHeader: header, sourceLabel: source.label)
+                }
+            } catch {
+                BrowserCookieAccessGate.recordIfNeeded(error)
+                log("\(browserSource.displayName) cookie import failed: \(error.localizedDescription)")
+            }
+        }
+
+        throw T3ChatUsageError.noSessionCookie
+    }
+}
+#endif
+
+public struct T3ChatUsageFetcher: Sendable {
+    private static let log = CodexBarLog.logger(LogCategories.t3chat)
+    private static let baseURL = URL(string: "https://t3.chat")!
+    private static let refererURL = URL(string: "https://t3.chat/settings/customization")!
+    /// Browser fingerprint defaults are only fallbacks; full cURL captures override these forwarded headers.
+    private static let userAgent =
+        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) " +
+        "AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
+    /// Captured from T3 Chat's getCustomerData tRPC request shape in May 2026.
+    private static let input = #"{"0":{"json":{"sessionId":null},"meta":{"values":{"sessionId":["undefined"]}}}}"#
+    private static let forwardedManualHeaders = [
+        "accept": "Accept",
+        "accept-language": "Accept-Language",
+        "cache-control": "Cache-Control",
+        "pragma": "Pragma",
+        "priority": "Priority",
+        "referer": "Referer",
+        "sec-fetch-dest": "Sec-Fetch-Dest",
+        "sec-fetch-mode": "Sec-Fetch-Mode",
+        "sec-fetch-site": "Sec-Fetch-Site",
+        "trpc-accept": "trpc-accept",
+        "user-agent": "User-Agent",
+        "x-client-context": "x-client-context",
+        "x-deployment-id": "X-Deployment-Id",
+        "x-trpc-batch": "x-trpc-batch",
+        "x-trpc-source": "x-trpc-source",
+    ]
+
+    public struct RequestContext: Sendable {
+        public let cookieHeader: String
+        public let headers: [String: String]
+
+        public init(cookieHeader: String, headers: [String: String] = [:]) {
+            self.cookieHeader = cookieHeader
+            self.headers = headers
+        }
+    }
+
+    public let browserDetection: BrowserDetection
+
+    public init(browserDetection: BrowserDetection) {
+        self.browserDetection = browserDetection
+    }
+
+    public func fetch(
+        cookieHeaderOverride: String? = nil,
+        timeout: TimeInterval = 15,
+        logger: ((String) -> Void)? = nil,
+        now: Date = Date(),
+        transport: any ProviderHTTPTransport = ProviderHTTPClient.shared) async throws -> T3ChatUsageSnapshot
+    {
+        let log: (String) -> Void = { msg in logger?("[t3chat] \(msg)") }
+        let context = try await self.resolveRequestContext(override: cookieHeaderOverride, logger: log)
+        if let logger {
+            let names = CookieHeaderNormalizer.pairs(from: context.cookieHeader).map(\.name)
+            if !names.isEmpty {
+                logger("[t3chat] Cookie names: \(names.joined(separator: ", "))")
+            }
+            if !context.headers.isEmpty {
+                let headerNames = context.headers.keys.sorted().joined(separator: ", ")
+                logger("[t3chat] Forwarding captured headers: \(headerNames)")
+            }
+        }
+        return try await Self.fetchCustomerData(
+            context: context,
+            timeout: timeout,
+            now: now,
+            transport: transport)
+    }
+
+    public func debugRawProbe(cookieHeaderOverride: String? = nil) async -> String {
+        let stamp = ISO8601DateFormatter().string(from: Date())
+        var lines: [String] = []
+        lines.append("=== T3 Chat Debug Probe @ \(stamp) ===")
+        lines.append("")
+
+        do {
+            let snapshot = try await self.fetch(
+                cookieHeaderOverride: cookieHeaderOverride,
+                logger: { msg in lines.append(msg) })
+            lines.append("")
+            lines.append("Fetch Success")
+            lines.append("subTier=\(snapshot.customerData.subTier ?? "nil")")
+            lines.append("usageBand=\(snapshot.customerData.usageBand ?? "nil")")
+            lines
+                .append(
+                    "usageFourHourPercentage=\(snapshot.customerData.usageFourHourPercentage?.description ?? "nil")")
+            lines.append("usageMonthPercentage=\(snapshot.customerData.usageMonthPercentage?.description ?? "nil")")
+            lines.append("usagePeriodPercentage=\(snapshot.customerData.usagePeriodPercentage?.description ?? "nil")")
+            lines
+                .append(
+                    "usageFourHourNextResetAt=\(snapshot.customerData.usageFourHourNextResetAt?.description ?? "nil")")
+            lines.append("billingNextResetAt=\(snapshot.customerData.billingNextResetAt?.description ?? "nil")")
+        } catch {
+            lines.append("")
+            lines.append("Probe Failed: \(error.localizedDescription)")
+        }
+
+        return lines.joined(separator: "\n")
+    }
+
+    public static func fetchCustomerData(
+        cookieHeader: String,
+        timeout: TimeInterval = 15,
+        now: Date = Date(),
+        transport: any ProviderHTTPTransport = ProviderHTTPClient.shared) async throws -> T3ChatUsageSnapshot
+    {
+        guard let normalizedCookieHeader = CookieHeaderNormalizer.normalize(cookieHeader) else {
+            throw T3ChatUsageError.noSessionCookie
+        }
+        return try await self.fetchCustomerData(
+            context: RequestContext(cookieHeader: normalizedCookieHeader),
+            timeout: timeout,
+            now: now,
+            transport: transport)
+    }
+
+    public static func fetchCustomerData(
+        context: RequestContext,
+        timeout: TimeInterval = 15,
+        now: Date = Date(),
+        transport: any ProviderHTTPTransport = ProviderHTTPClient.shared) async throws -> T3ChatUsageSnapshot
+    {
+        guard let normalizedCookieHeader = CookieHeaderNormalizer.normalize(context.cookieHeader) else {
+            throw T3ChatUsageError.noSessionCookie
+        }
+
+        let url = try self.customerDataURL()
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.timeoutInterval = timeout
+        self.applyDefaultHeaders(to: &request)
+        for (name, value) in context.headers {
+            request.setValue(value, forHTTPHeaderField: name)
+        }
+        request.setValue(self.baseURL.absoluteString, forHTTPHeaderField: "Origin")
+        request.setValue(normalizedCookieHeader, forHTTPHeaderField: "Cookie")
+
+        let response = try await transport.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
+            let body = String(data: data.prefix(200), encoding: .utf8) ?? "<binary>"
+            Self.log.error("T3 Chat API returned \(response.statusCode): \(body)")
+            if response.statusCode == 401 || response.statusCode == 403 {
+                throw T3ChatUsageError.invalidCredentials
+            }
+            if response.statusCode == 429,
+               response.response.value(forHTTPHeaderField: "x-vercel-mitigated") == "challenge"
+            {
+                throw T3ChatUsageError.vercelChallenge
+            }
+            throw T3ChatUsageError.apiError("HTTP \(response.statusCode)")
+        }
+
+        do {
+            return try T3ChatUsageParser.parseJSONLines(data, now: now)
+        } catch {
+            let preview = String(data: data.prefix(500), encoding: .utf8) ?? "<binary>"
+            Self.log.error("T3 Chat parse failed: \(error.localizedDescription) response=\(preview)")
+            throw error
+        }
+    }
+
+    private func resolveRequestContext(
+        override: String?,
+        logger: ((String) -> Void)?) async throws -> RequestContext
+    {
+        if let override = Self.requestContext(from: override) {
+            let source = override.headers.isEmpty ? "manual cookie header" : "manual cURL capture"
+            logger?("[t3chat] Using \(source)")
+            return override
+        }
+
+        #if os(macOS)
+        let session = try T3ChatCookieImporter.importSession(
+            browserDetection: self.browserDetection,
+            logger: logger)
+        logger?("[t3chat] Using cookies from \(session.sourceLabel)")
+        return RequestContext(cookieHeader: session.cookieHeader)
+        #else
+        throw T3ChatUsageError.noSessionCookie
+        #endif
+    }
+
+    static func requestContext(from raw: String?) -> RequestContext? {
+        guard let raw = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !raw.isEmpty else { return nil }
+        let headerFields = Self.headerFields(from: raw)
+        guard let cookieHeader = Self.cookieHeader(from: headerFields) ?? CookieHeaderNormalizer.normalize(raw) else {
+            return nil
+        }
+        let headers = Self.forwardedHeaders(from: headerFields)
+        return RequestContext(cookieHeader: cookieHeader, headers: headers)
+    }
+
+    private static func applyDefaultHeaders(to request: inout URLRequest) {
+        request.setValue("*/*", forHTTPHeaderField: "Accept")
+        request.setValue("application/jsonl", forHTTPHeaderField: "trpc-accept")
+        request.setValue("web-client", forHTTPHeaderField: "x-trpc-source")
+        request.setValue("true", forHTTPHeaderField: "x-trpc-batch")
+        request.setValue("en-US,en;q=0.9", forHTTPHeaderField: "Accept-Language")
+        request.setValue(self.userAgent, forHTTPHeaderField: "User-Agent")
+        request.setValue(self.refererURL.absoluteString, forHTTPHeaderField: "Referer")
+        request.setValue("empty", forHTTPHeaderField: "Sec-Fetch-Dest")
+        request.setValue("cors", forHTTPHeaderField: "Sec-Fetch-Mode")
+        request.setValue("same-origin", forHTTPHeaderField: "Sec-Fetch-Site")
+        request.setValue("u=4", forHTTPHeaderField: "Priority")
+        request.setValue("no-cache", forHTTPHeaderField: "Pragma")
+        request.setValue("no-cache", forHTTPHeaderField: "Cache-Control")
+    }
+
+    private static func forwardedHeaders(from fields: [String]) -> [String: String] {
+        var headers: [String: String] = [:]
+        for field in fields {
+            guard let colon = field.firstIndex(of: ":") else { continue }
+            let rawName = field[..<colon].trimmingCharacters(in: .whitespacesAndNewlines)
+            let value = field[field.index(after: colon)...].trimmingCharacters(in: .whitespacesAndNewlines)
+            guard !rawName.isEmpty, !value.isEmpty else { continue }
+            guard let canonical = self.forwardedManualHeaders[rawName.lowercased()] else { continue }
+            headers[canonical] = value
+        }
+        return headers
+    }
+
+    private static func cookieHeader(from fields: [String]) -> String? {
+        for field in fields {
+            guard let colon = field.firstIndex(of: ":") else { continue }
+            let rawName = field[..<colon].trimmingCharacters(in: .whitespacesAndNewlines)
+            guard rawName.caseInsensitiveCompare("Cookie") == .orderedSame else { continue }
+            let value = field[field.index(after: colon)...].trimmingCharacters(in: .whitespacesAndNewlines)
+            if let normalized = CookieHeaderNormalizer.normalize(String(value)) {
+                return normalized
+            }
+        }
+        return nil
+    }
+
+    private static func headerFields(from raw: String) -> [String] {
+        var fields: [String] = []
+        let pattern =
+            #"(?s)(?:^|\s)(?:-H|--header)(?:\s+|=|(?=['"$]))"# +
+            #"(?:\$'((?:\\.|[^'])*)'|'([^']*)'|"((?:\\.|[^"])*)"|(\S+))"#
+        guard let regex = try? NSRegularExpression(pattern: pattern, options: []) else { return fields }
+        let range = NSRange(raw.startIndex..<raw.endIndex, in: raw)
+        for match in regex.matches(in: raw, options: [], range: range) {
+            if let ansi = self.capture(1, in: match, raw: raw) {
+                fields.append(self.unescapeShellSegment(ansi, ansi: true))
+            } else if let single = self.capture(2, in: match, raw: raw) {
+                fields.append(single)
+            } else if let double = self.capture(3, in: match, raw: raw) {
+                fields.append(self.unescapeShellSegment(double, ansi: false))
+            } else if let bare = self.capture(4, in: match, raw: raw) {
+                fields.append(self.unescapeShellSegment(bare, ansi: false))
+            }
+        }
+        return fields
+    }
+
+    private static func capture(_ index: Int, in match: NSTextCheckingResult, raw: String) -> String? {
+        guard match.numberOfRanges > index,
+              let range = Range(match.range(at: index), in: raw)
+        else {
+            return nil
+        }
+        return String(raw[range])
+    }
+
+    private static func unescapeShellSegment(_ raw: String, ansi: Bool) -> String {
+        var output = ""
+        var index = raw.startIndex
+        while index < raw.endIndex {
+            guard raw[index] == "\\" else {
+                output.append(raw[index])
+                index = raw.index(after: index)
+                continue
+            }
+            let next = raw.index(after: index)
+            guard next < raw.endIndex else { return output }
+            switch raw[next] {
+            case "n" where ansi:
+                output.append("\n")
+            case "r" where ansi:
+                output.append("\r")
+            case "t" where ansi:
+                output.append("\t")
+            case "\n":
+                break
+            default:
+                output.append(raw[next])
+            }
+            index = raw.index(after: next)
+        }
+        return output
+    }
+
+    private static func customerDataURL() throws -> URL {
+        var components = URLComponents(string: "https://t3.chat/api/trpc/getCustomerData")!
+        components.queryItems = [
+            URLQueryItem(name: "batch", value: "1"),
+            URLQueryItem(name: "input", value: self.input),
+        ]
+        guard let url = components.url else {
+            throw T3ChatUsageError.apiError("Failed to build customer data URL.")
+        }
+        return url
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/T3Chat/T3ChatUsageSnapshot.swift b/Sources/CodexBarCore/Providers/T3Chat/T3ChatUsageSnapshot.swift
new file mode 100644
index 000000000..e75c05e7e
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/T3Chat/T3ChatUsageSnapshot.swift
@@ -0,0 +1,180 @@
+import Foundation
+
+public enum T3ChatUsageError: LocalizedError, Sendable {
+    case noSessionCookie
+    case invalidCredentials
+    case vercelChallenge
+    case apiError(String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .noSessionCookie:
+            "No T3 Chat cookies found. Please log in to t3.chat in your browser."
+        case .invalidCredentials:
+            "T3 Chat session cookie is invalid or expired."
+        case .vercelChallenge:
+            "T3 Chat returned a Vercel security challenge. Paste the full browser cURL request, " +
+                "not just the Cookie header."
+        case let .apiError(message):
+            "T3 Chat API error: \(message)"
+        case let .parseFailed(message):
+            "Could not parse T3 Chat usage: \(message)"
+        }
+    }
+}
+
+public struct T3ChatSubscription: Decodable, Sendable {
+    public let productId: String?
+    public let productName: String?
+    public let status: String?
+    public let currentPeriodStart: TimeInterval?
+    public let currentPeriodEnd: TimeInterval?
+    public let canceledAt: TimeInterval?
+    public let trialEndsAt: TimeInterval?
+}
+
+public struct T3ChatCustomerData: Decodable, Sendable {
+    public let subTier: String?
+    public let subscription: T3ChatSubscription?
+    public let lifetimeBalance: Double?
+    public let usageBand: String?
+    public let billingNextResetAt: TimeInterval?
+    public let usageFourHourPercentage: Double?
+    public let usageMonthPercentage: Double?
+    public let usageFourHourNextResetAt: TimeInterval?
+    public let usagePeriodPercentage: Double?
+    public let usageWindowNextResetAt: TimeInterval?
+
+    public var planName: String? {
+        let raw = self.subscription?.productName ?? self.subTier
+        guard let raw = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !raw.isEmpty else {
+            return nil
+        }
+        return raw.split(separator: "-").map { part in
+            part.prefix(1).uppercased() + String(part.dropFirst())
+        }.joined(separator: " ")
+    }
+}
+
+public struct T3ChatUsageSnapshot: Sendable {
+    public let customerData: T3ChatCustomerData
+    public let updatedAt: Date
+
+    public init(customerData: T3ChatCustomerData, updatedAt: Date) {
+        self.customerData = customerData
+        self.updatedAt = updatedAt
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let baseReset = Self.date(fromMilliseconds: self.customerData.usageFourHourNextResetAt)
+            ?? Self.date(fromMilliseconds: self.customerData.usageWindowNextResetAt)
+        // billingNextResetAt tracks the usage window reset, not the overage billing period.
+        // If subscription metadata is absent, leave the overage reset unknown instead of showing the base reset.
+        let overageReset = Self.date(fromMilliseconds: self.customerData.subscription?.currentPeriodEnd)
+
+        let primary = RateWindow(
+            usedPercent: Self.percent(self.customerData.usageFourHourPercentage),
+            windowMinutes: 4 * 60,
+            resetsAt: baseReset,
+            resetDescription: Self.description(label: "Base", usageBand: self.customerData.usageBand))
+
+        let secondaryPercent = self.customerData.usageMonthPercentage
+            ?? self.customerData.usagePeriodPercentage
+        let secondary = RateWindow(
+            usedPercent: Self.percent(secondaryPercent),
+            windowMinutes: nil,
+            resetsAt: overageReset,
+            resetDescription: "Overage")
+
+        let identity = ProviderIdentitySnapshot(
+            providerID: .t3chat,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: self.customerData.planName)
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: secondary,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+
+    private static func percent(_ raw: Double?) -> Double {
+        min(100, max(0, raw ?? 0))
+    }
+
+    private static func date(fromMilliseconds raw: TimeInterval?) -> Date? {
+        guard let raw, raw > 0 else { return nil }
+        // T3 Chat currently returns JavaScript epoch milliseconds, while some subscription fields may be seconds.
+        let seconds = raw > 10_000_000_000 ? raw / 1000 : raw
+        return Date(timeIntervalSince1970: seconds)
+    }
+
+    private static func description(label: String, usageBand: String?) -> String {
+        guard let usageBand = usageBand?.trimmingCharacters(in: .whitespacesAndNewlines),
+              !usageBand.isEmpty
+        else {
+            return label
+        }
+        return "\(label) - \(usageBand)"
+    }
+}
+
+public enum T3ChatUsageParser {
+    public static func parseJSONLines(_ data: Data, now: Date = Date()) throws -> T3ChatUsageSnapshot {
+        guard let text = String(data: data, encoding: .utf8) else {
+            throw T3ChatUsageError.parseFailed("Response is not UTF-8.")
+        }
+        return try self.parseJSONLines(text, now: now)
+    }
+
+    public static func parseJSONLines(_ text: String, now: Date = Date()) throws -> T3ChatUsageSnapshot {
+        let lines = text.split(whereSeparator: \.isNewline)
+        for line in lines {
+            guard let data = String(line).data(using: .utf8) else { continue }
+            guard let object = try? JSONSerialization.jsonObject(with: data) else { continue }
+            guard let customerObject = self.findCustomerData(in: object) else { continue }
+            let customerData = try self.decodeCustomerData(customerObject)
+            return T3ChatUsageSnapshot(customerData: customerData, updatedAt: now)
+        }
+
+        throw T3ChatUsageError.parseFailed("Missing customer data object.")
+    }
+
+    private static func findCustomerData(in object: Any) -> [String: Any]? {
+        if let dictionary = object as? [String: Any] {
+            if dictionary["usageFourHourPercentage"] != nil ||
+                dictionary["usageMonthPercentage"] != nil ||
+                dictionary["subscription"] != nil && dictionary["usageBand"] != nil
+            {
+                return dictionary
+            }
+
+            for value in dictionary.values {
+                if let found = self.findCustomerData(in: value) {
+                    return found
+                }
+            }
+        }
+
+        if let array = object as? [Any] {
+            for value in array {
+                if let found = self.findCustomerData(in: value) {
+                    return found
+                }
+            }
+        }
+
+        return nil
+    }
+
+    private static func decodeCustomerData(_ object: [String: Any]) throws -> T3ChatCustomerData {
+        do {
+            let data = try JSONSerialization.data(withJSONObject: object, options: [])
+            return try JSONDecoder().decode(T3ChatCustomerData.self, from: data)
+        } catch {
+            throw T3ChatUsageError.parseFailed(error.localizedDescription)
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Venice/VeniceProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Venice/VeniceProviderDescriptor.swift
new file mode 100644
index 000000000..b44db67cd
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Venice/VeniceProviderDescriptor.swift
@@ -0,0 +1,70 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum VeniceProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .venice,
+            metadata: ProviderMetadata(
+                id: .venice,
+                displayName: "Venice",
+                sessionLabel: "Balance",
+                weeklyLabel: "Balance",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show Venice usage",
+                cliName: "venice",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                browserCookieOrder: nil,
+                dashboardURL: "https://venice.ai/settings/api",
+                statusPageURL: nil,
+                statusLinkURL: nil),
+            branding: ProviderBranding(
+                iconStyle: .venice,
+                iconResourceName: "ProviderIcon-venice",
+                color: ProviderColor(red: 0.2, green: 0.6, blue: 1.0)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "Venice per-day cost history is not available via API." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .api],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in [VeniceAPIFetchStrategy()] })),
+            cli: ProviderCLIConfig(
+                name: "venice",
+                aliases: ["ven"],
+                versionDetector: nil))
+    }
+}
+
+struct VeniceAPIFetchStrategy: ProviderFetchStrategy {
+    let id: String = "venice.api"
+    let kind: ProviderFetchKind = .apiToken
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        Self.resolveToken(environment: context.env) != nil
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        guard let apiKey = Self.resolveToken(environment: context.env) else {
+            throw VeniceUsageError.missingCredentials
+        }
+        let usage = try await VeniceUsageFetcher.fetchUsage(apiKey: apiKey)
+        return self.makeResult(
+            usage: usage.toUsageSnapshot(),
+            sourceLabel: "api")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+
+    private static func resolveToken(environment: [String: String]) -> String? {
+        ProviderTokenResolver.veniceToken(environment: environment)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Venice/VeniceSettingsReader.swift b/Sources/CodexBarCore/Providers/Venice/VeniceSettingsReader.swift
new file mode 100644
index 000000000..fcfffa0c3
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Venice/VeniceSettingsReader.swift
@@ -0,0 +1,33 @@
+import Foundation
+
+public struct VeniceSettingsReader: Sendable {
+    public static let apiKeyEnvironmentKey = "VENICE_API_KEY"
+    public static let apiKeyEnvironmentKeys = [Self.apiKeyEnvironmentKey, "VENICE_KEY"]
+
+    public static func apiKey(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> String?
+    {
+        for key in self.apiKeyEnvironmentKeys {
+            guard let raw = environment[key]?.trimmingCharacters(in: .whitespacesAndNewlines),
+                  !raw.isEmpty
+            else {
+                continue
+            }
+            let cleaned = Self.cleaned(raw)
+            if !cleaned.isEmpty {
+                return cleaned
+            }
+        }
+        return nil
+    }
+
+    private static func cleaned(_ raw: String) -> String {
+        var value = raw
+        if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+            (value.hasPrefix("'") && value.hasSuffix("'"))
+        {
+            value = String(value.dropFirst().dropLast())
+        }
+        return value.trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Venice/VeniceUsageFetcher.swift b/Sources/CodexBarCore/Providers/Venice/VeniceUsageFetcher.swift
new file mode 100644
index 000000000..0326a40dd
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Venice/VeniceUsageFetcher.swift
@@ -0,0 +1,236 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+// MARK: - API response types
+
+public struct VeniceBalanceResponse: Decodable, Sendable {
+    public let canConsume: Bool
+    public let consumptionCurrency: String?
+    public let balances: VeniceBalances
+    public let diemEpochAllocation: Double?
+
+    enum CodingKeys: String, CodingKey {
+        case canConsume
+        case consumptionCurrency
+        case balances
+        case diemEpochAllocation
+    }
+
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.canConsume = try container.decode(Bool.self, forKey: .canConsume)
+        self.consumptionCurrency = try container.decodeIfPresent(String.self, forKey: .consumptionCurrency)
+        self.balances = try container.decode(VeniceBalances.self, forKey: .balances)
+        self.diemEpochAllocation = try container.decodeFlexibleDoubleIfPresent(forKey: .diemEpochAllocation)
+    }
+}
+
+public struct VeniceBalances: Decodable, Sendable {
+    public let diem: Double?
+    public let usd: Double?
+
+    enum CodingKeys: String, CodingKey {
+        case diem
+        case usd
+    }
+
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.diem = try container.decodeFlexibleDoubleIfPresent(forKey: .diem)
+        self.usd = try container.decodeFlexibleDoubleIfPresent(forKey: .usd)
+    }
+}
+
+// MARK: - Domain snapshot
+
+public struct VeniceUsageSnapshot: Sendable {
+    public let canConsume: Bool
+    public let consumptionCurrency: String?
+    public let diemBalance: Double?
+    public let usdBalance: Double?
+    public let diemEpochAllocation: Double?
+    public let updatedAt: Date
+
+    public init(
+        canConsume: Bool,
+        consumptionCurrency: String?,
+        diemBalance: Double?,
+        usdBalance: Double?,
+        diemEpochAllocation: Double?,
+        updatedAt: Date)
+    {
+        self.canConsume = canConsume
+        self.consumptionCurrency = consumptionCurrency
+        self.diemBalance = diemBalance
+        self.usdBalance = usdBalance
+        self.diemEpochAllocation = diemEpochAllocation
+        self.updatedAt = updatedAt
+    }
+
+    public func toUsageSnapshot() -> UsageSnapshot {
+        let balanceDetail: String
+        let usedPercent: Double
+        let activeCurrency = self.consumptionCurrency?.uppercased()
+
+        if !self.canConsume {
+            balanceDetail = "Balance unavailable for API calls"
+            usedPercent = 100
+        } else if activeCurrency == "USD", let usd = self.usdBalance, usd > 0 {
+            let usdStr = String(format: "%.2f", usd)
+            balanceDetail = "$\(usdStr) USD remaining"
+            usedPercent = 0
+        } else if activeCurrency != "USD", let diem = self.diemBalance, let allocation = self.diemEpochAllocation,
+                  allocation > 0
+        {
+            // DIEM balance with epoch allocation
+            let remaining = diem
+            let usedAmount = allocation - remaining
+            let used = clamp(usedAmount / allocation * 100, min: 0, max: 100)
+            usedPercent = used
+            let allocationStr = String(format: "%.2f", allocation)
+            let remainingStr = String(format: "%.2f", remaining)
+            balanceDetail = "DIEM \(remainingStr) / \(allocationStr) epoch allocation"
+        } else if activeCurrency == "DIEM", let diem = self.diemBalance, diem > 0 {
+            let diemStr = String(format: "%.2f", diem)
+            balanceDetail = "DIEM \(diemStr) remaining"
+            usedPercent = 0
+        } else if let diem = self.diemBalance, diem > 0 {
+            // DIEM balance without allocation
+            let diemStr = String(format: "%.2f", diem)
+            balanceDetail = "DIEM \(diemStr) remaining"
+            usedPercent = 0
+        } else if let usd = self.usdBalance, usd > 0 {
+            // USD balance
+            let usdStr = String(format: "%.2f", usd)
+            balanceDetail = "$\(usdStr) USD remaining"
+            usedPercent = 0
+        } else {
+            balanceDetail = "No Venice API balance available"
+            usedPercent = 100
+        }
+
+        let identity = ProviderIdentitySnapshot(
+            providerID: .venice,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: nil)
+        let balanceWindow = RateWindow(
+            usedPercent: usedPercent,
+            windowMinutes: nil,
+            resetsAt: nil,
+            resetDescription: balanceDetail)
+
+        return UsageSnapshot(
+            primary: balanceWindow,
+            secondary: nil,
+            tertiary: nil,
+            providerCost: nil,
+            updatedAt: self.updatedAt,
+            identity: identity)
+    }
+}
+
+// MARK: - Errors
+
+public enum VeniceUsageError: LocalizedError, Sendable {
+    case missingCredentials
+    case networkError(String)
+    case apiError(String)
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .missingCredentials:
+            "Missing Venice API key."
+        case let .networkError(message):
+            "Venice network error: \(message)"
+        case let .apiError(message):
+            "Venice API error: \(message)"
+        case let .parseFailed(message):
+            "Failed to parse Venice response: \(message)"
+        }
+    }
+}
+
+// MARK: - Fetcher
+
+public struct VeniceUsageFetcher: Sendable {
+    private static let log = CodexBarLog.logger(LogCategories.veniceUsage)
+    private static let balanceURL = URL(string: "https://api.venice.ai/api/v1/billing/balance")!
+    private static let timeoutSeconds: TimeInterval = 15
+
+    public static func fetchUsage(apiKey: String) async throws -> VeniceUsageSnapshot {
+        guard !apiKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty else {
+            throw VeniceUsageError.missingCredentials
+        }
+
+        var request = URLRequest(url: self.balanceURL)
+        request.httpMethod = "GET"
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        request.timeoutInterval = Self.timeoutSeconds
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        guard response.statusCode == 200 else {
+            Self.log.error("Venice API returned \(response.statusCode)")
+            throw VeniceUsageError.apiError("HTTP \(response.statusCode)")
+        }
+
+        return try Self.parseSnapshot(data: response.data)
+    }
+
+    static func _parseSnapshotForTesting(_ data: Data) throws -> VeniceUsageSnapshot {
+        try self.parseSnapshot(data: data)
+    }
+
+    private static func parseSnapshot(data: Data) throws -> VeniceUsageSnapshot {
+        let decoded: VeniceBalanceResponse
+        do {
+            decoded = try JSONDecoder().decode(VeniceBalanceResponse.self, from: data)
+        } catch {
+            throw VeniceUsageError.parseFailed(error.localizedDescription)
+        }
+
+        return VeniceUsageSnapshot(
+            canConsume: decoded.canConsume,
+            consumptionCurrency: decoded.consumptionCurrency,
+            diemBalance: decoded.balances.diem,
+            usdBalance: decoded.balances.usd,
+            diemEpochAllocation: decoded.diemEpochAllocation,
+            updatedAt: Date())
+    }
+}
+
+// MARK: - Helper
+
+private func clamp(_ value: Double, min: Double, max: Double) -> Double {
+    Swift.min(Swift.max(value, min), max)
+}
+
+extension KeyedDecodingContainer {
+    fileprivate func decodeFlexibleDoubleIfPresent(forKey key: K) throws -> Double? {
+        if try self.decodeNil(forKey: key) {
+            return nil
+        }
+        if let value = try? self.decode(Double.self, forKey: key) {
+            return value
+        }
+        if let stringValue = try? self.decode(String.self, forKey: key) {
+            let trimmed = stringValue.trimmingCharacters(in: .whitespacesAndNewlines)
+            guard !trimmed.isEmpty else { return nil }
+            if let parsed = Double(trimmed) {
+                return parsed
+            }
+            throw DecodingError.dataCorruptedError(
+                forKey: key,
+                in: self,
+                debugDescription: "Expected a numeric string for \(key.stringValue), got '\(stringValue)'")
+        }
+        throw DecodingError.dataCorruptedError(
+            forKey: key,
+            in: self,
+            debugDescription: "Expected a number or numeric string for \(key.stringValue)")
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/VertexAI/VertexAIOAuth/VertexAIOAuthCredentials.swift b/Sources/CodexBarCore/Providers/VertexAI/VertexAIOAuth/VertexAIOAuthCredentials.swift
index f1400800a..4356d24fb 100644
--- a/Sources/CodexBarCore/Providers/VertexAI/VertexAIOAuth/VertexAIOAuthCredentials.swift
+++ b/Sources/CodexBarCore/Providers/VertexAI/VertexAIOAuth/VertexAIOAuthCredentials.swift
@@ -55,10 +55,28 @@ public enum VertexAIOAuthCredentialsError: LocalizedError, Sendable {
 }
 
 public enum VertexAIOAuthCredentialsStore {
-    private static var credentialsFilePath: URL {
+    #if DEBUG
+    @TaskLocal static var gcloudAccessTokenOverrideForTesting: (@Sendable ([String: String]) async throws -> String)?
+    #endif
+
+    private struct ServiceAccountMetadata {
+        let email: String
+        let projectId: String?
+    }
+
+    private static func credentialsFilePath(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> URL
+    {
+        if let path = environment["GOOGLE_APPLICATION_CREDENTIALS"]?.trimmingCharacters(
+            in: .whitespacesAndNewlines),
+            !path.isEmpty
+        {
+            return URL(fileURLWithPath: path)
+        }
+
         let home = FileManager.default.homeDirectoryForCurrentUser
         // gcloud application default credentials location
-        if let configDir = ProcessInfo.processInfo.environment["CLOUDSDK_CONFIG"]?.trimmingCharacters(
+        if let configDir = environment["CLOUDSDK_CONFIG"]?.trimmingCharacters(
             in: .whitespacesAndNewlines),
             !configDir.isEmpty
         {
@@ -71,9 +89,11 @@ public enum VertexAIOAuthCredentialsStore {
             .appendingPathComponent("application_default_credentials.json")
     }
 
-    private static var projectFilePath: URL {
+    private static func projectFilePath(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> URL
+    {
         let home = FileManager.default.homeDirectoryForCurrentUser
-        if let configDir = ProcessInfo.processInfo.environment["CLOUDSDK_CONFIG"]?.trimmingCharacters(
+        if let configDir = environment["CLOUDSDK_CONFIG"]?.trimmingCharacters(
             in: .whitespacesAndNewlines),
             !configDir.isEmpty
         {
@@ -88,28 +108,88 @@ public enum VertexAIOAuthCredentialsStore {
             .appendingPathComponent("config_default")
     }
 
-    public static func load() throws -> VertexAIOAuthCredentials {
-        let url = self.credentialsFilePath
+    public static func hasCredentials(
+        environment: [String: String] = ProcessInfo.processInfo.environment) -> Bool
+    {
+        let url = self.credentialsFilePath(environment: environment)
+        guard FileManager.default.fileExists(atPath: url.path),
+              let data = try? Data(contentsOf: url),
+              let json = try? self.parseJSONObject(data: data)
+        else {
+            return false
+        }
+
+        if self.parseServiceAccountMetadata(json: json) != nil {
+            return true
+        }
+
+        return (try? self.parseUserCredentials(json: json, environment: environment)) != nil
+    }
+
+    public static func load(
+        environment: [String: String] = ProcessInfo.processInfo.environment) throws -> VertexAIOAuthCredentials
+    {
+        let url = self.credentialsFilePath(environment: environment)
+        guard FileManager.default.fileExists(atPath: url.path) else {
+            throw VertexAIOAuthCredentialsError.notFound
+        }
+
+        let data = try Data(contentsOf: url)
+        return try self.parse(data: data, environment: environment)
+    }
+
+    public static func loadForFetch(
+        environment: [String: String] = ProcessInfo.processInfo.environment) async throws -> VertexAIOAuthCredentials
+    {
+        let url = self.credentialsFilePath(environment: environment)
         guard FileManager.default.fileExists(atPath: url.path) else {
             throw VertexAIOAuthCredentialsError.notFound
         }
 
         let data = try Data(contentsOf: url)
-        return try self.parse(data: data)
+        let json = try self.parseJSONObject(data: data)
+        if let serviceAccount = self.parseServiceAccountMetadata(json: json) {
+            let token = try await self.printAccessToken(environment: environment)
+            return VertexAIOAuthCredentials(
+                accessToken: token,
+                refreshToken: "",
+                clientId: "",
+                clientSecret: "",
+                projectId: serviceAccount.projectId ?? self.loadProjectId(environment: environment),
+                email: serviceAccount.email,
+                expiryDate: Date().addingTimeInterval(50 * 60))
+        }
+
+        return try self.parseUserCredentials(json: json, environment: environment)
     }
 
     public static func parse(data: Data) throws -> VertexAIOAuthCredentials {
+        try self.parse(data: data, environment: ProcessInfo.processInfo.environment)
+    }
+
+    public static func parse(
+        data: Data,
+        environment: [String: String]) throws -> VertexAIOAuthCredentials
+    {
+        let json = try self.parseJSONObject(data: data)
+        return try self.parseUserCredentials(json: json, environment: environment)
+    }
+
+    private static func parseJSONObject(data: Data) throws -> [String: Any] {
         guard let json = try JSONSerialization.jsonObject(with: data) as? [String: Any] else {
             throw VertexAIOAuthCredentialsError.decodeFailed("Invalid JSON")
         }
+        return json
+    }
 
+    private static func parseUserCredentials(
+        json: [String: Any],
+        environment: [String: String]) throws -> VertexAIOAuthCredentials
+    {
         // Check for service account credentials
-        if json["client_email"] is String,
-           json["private_key"] is String
-        {
-            // Service account - use JWT for access token (simplified)
+        if self.parseServiceAccountMetadata(json: json) != nil {
             throw VertexAIOAuthCredentialsError.decodeFailed(
-                "Service account credentials not yet supported. Use `gcloud auth application-default login`.")
+                "Service account credentials require `gcloud auth application-default print-access-token`.")
         }
 
         // User credentials from gcloud auth application-default login
@@ -127,7 +207,7 @@ public enum VertexAIOAuthCredentialsStore {
         let accessToken = json["access_token"] as? String ?? ""
 
         // Try to get project ID from gcloud config
-        let projectId = Self.loadProjectId()
+        let projectId = Self.loadProjectId(environment: environment)
 
         // Try to extract email from ID token if present
         let email = Self.extractEmailFromIdToken(json["id_token"] as? String)
@@ -154,12 +234,56 @@ public enum VertexAIOAuthCredentialsStore {
         // The refresh happens on each app launch if needed
     }
 
-    private static func loadProjectId() -> String? {
-        let configPath = self.projectFilePath
-        guard let content = try? String(contentsOf: configPath, encoding: .utf8) else {
+    private static func parseServiceAccountMetadata(json: [String: Any]) -> ServiceAccountMetadata? {
+        guard let email = (json["client_email"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines),
+              !email.isEmpty,
+              let privateKey = (json["private_key"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines),
+              !privateKey.isEmpty
+        else {
             return nil
         }
 
+        let projectId = (json["project_id"] as? String)?
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+        return ServiceAccountMetadata(
+            email: email,
+            projectId: projectId?.isEmpty == false ? projectId : nil)
+    }
+
+    private static func printAccessToken(environment: [String: String]) async throws -> String {
+        #if DEBUG
+        if let override = self.gcloudAccessTokenOverrideForTesting {
+            let token = try await override(environment)
+            return try self.cleanAccessToken(token)
+        }
+        #endif
+
+        let env = TTYCommandRunner.enrichedEnvironment(baseEnv: environment)
+        let result = try await SubprocessRunner.run(
+            binary: "/usr/bin/env",
+            arguments: ["gcloud", "auth", "application-default", "print-access-token"],
+            environment: env,
+            timeout: 20,
+            label: "vertexai-gcloud-adc-token")
+        return try self.cleanAccessToken(result.stdout)
+    }
+
+    private static func cleanAccessToken(_ token: String) throws -> String {
+        let trimmed = token.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else {
+            throw VertexAIOAuthCredentialsError.missingTokens
+        }
+        return trimmed
+    }
+
+    private static func loadProjectId(environment: [String: String]) -> String? {
+        let configPath = self.projectFilePath(environment: environment)
+        guard let content = try? String(contentsOf: configPath, encoding: .utf8) else {
+            return environment["GOOGLE_CLOUD_PROJECT"]
+                ?? environment["GCLOUD_PROJECT"]
+                ?? environment["CLOUDSDK_CORE_PROJECT"]
+        }
+
         // Parse INI-style config for project
         for line in content.components(separatedBy: .newlines) {
             let trimmed = line.trimmingCharacters(in: .whitespaces)
@@ -172,9 +296,9 @@ public enum VertexAIOAuthCredentialsStore {
         }
 
         // Try environment variable
-        return ProcessInfo.processInfo.environment["GOOGLE_CLOUD_PROJECT"]
-            ?? ProcessInfo.processInfo.environment["GCLOUD_PROJECT"]
-            ?? ProcessInfo.processInfo.environment["CLOUDSDK_CORE_PROJECT"]
+        return environment["GOOGLE_CLOUD_PROJECT"]
+            ?? environment["GCLOUD_PROJECT"]
+            ?? environment["CLOUDSDK_CORE_PROJECT"]
     }
 
     private static func extractEmailFromIdToken(_ token: String?) -> String? {
diff --git a/Sources/CodexBarCore/Providers/VertexAI/VertexAIOAuth/VertexAITokenRefresher.swift b/Sources/CodexBarCore/Providers/VertexAI/VertexAIOAuth/VertexAITokenRefresher.swift
index b5e8e3f68..206fc3060 100644
--- a/Sources/CodexBarCore/Providers/VertexAI/VertexAIOAuth/VertexAITokenRefresher.swift
+++ b/Sources/CodexBarCore/Providers/VertexAI/VertexAIOAuth/VertexAITokenRefresher.swift
@@ -49,12 +49,10 @@ public enum VertexAITokenRefresher {
         request.httpBody = bodyString.data(using: .utf8)
 
         do {
-            let (data, response) = try await URLSession.shared.data(for: request)
-            guard let http = response as? HTTPURLResponse else {
-                throw RefreshError.invalidResponse("No HTTP response")
-            }
+            let response = try await ProviderHTTPClient.shared.response(for: request)
+            let data = response.data
 
-            if http.statusCode == 400 || http.statusCode == 401 {
+            if response.statusCode == 400 || response.statusCode == 401 {
                 if let errorCode = Self.extractErrorCode(from: data) {
                     switch errorCode.lowercased() {
                     case "invalid_grant":
@@ -68,8 +66,8 @@ public enum VertexAITokenRefresher {
                 throw RefreshError.expired
             }
 
-            guard http.statusCode == 200 else {
-                throw RefreshError.invalidResponse("Status \(http.statusCode)")
+            guard response.statusCode == 200 else {
+                throw RefreshError.invalidResponse("Status \(response.statusCode)")
             }
 
             guard let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
diff --git a/Sources/CodexBarCore/Providers/VertexAI/VertexAIOAuth/VertexAIUsageFetcher.swift b/Sources/CodexBarCore/Providers/VertexAI/VertexAIOAuth/VertexAIUsageFetcher.swift
index 2c9da2033..e3ad58b3a 100644
--- a/Sources/CodexBarCore/Providers/VertexAI/VertexAIOAuth/VertexAIUsageFetcher.swift
+++ b/Sources/CodexBarCore/Providers/VertexAI/VertexAIOAuth/VertexAIUsageFetcher.swift
@@ -215,20 +215,15 @@ public enum VertexAIUsageFetcher {
             request.setValue("Bearer \(accessToken)", forHTTPHeaderField: "Authorization")
             request.timeoutInterval = 30
 
-            let data: Data
-            let response: URLResponse
+            let response: ProviderHTTPResponse
 
             do {
-                (data, response) = try await URLSession.shared.data(for: request)
+                response = try await ProviderHTTPClient.shared.response(for: request)
             } catch {
                 throw VertexAIFetchError.networkError(error)
             }
 
-            guard let http = response as? HTTPURLResponse else {
-                throw VertexAIFetchError.invalidResponse("No HTTP response")
-            }
-
-            switch http.statusCode {
+            switch response.statusCode {
             case 401:
                 throw VertexAIFetchError.unauthorized
             case 403:
@@ -236,11 +231,11 @@ public enum VertexAIUsageFetcher {
             case 200:
                 break
             default:
-                let body = String(data: data, encoding: .utf8) ?? ""
-                throw VertexAIFetchError.invalidResponse("HTTP \(http.statusCode): \(body)")
+                let body = String(data: response.data, encoding: .utf8) ?? ""
+                throw VertexAIFetchError.invalidResponse("HTTP \(response.statusCode): \(body)")
             }
 
-            let decoded = try JSONDecoder().decode(MonitoringTimeSeriesResponse.self, from: data)
+            let decoded = try JSONDecoder().decode(MonitoringTimeSeriesResponse.self, from: response.data)
             if let series = decoded.timeSeries {
                 allSeries.append(contentsOf: series)
             }
diff --git a/Sources/CodexBarCore/Providers/VertexAI/VertexAIProviderDescriptor.swift b/Sources/CodexBarCore/Providers/VertexAI/VertexAIProviderDescriptor.swift
index f81e0d1f2..715aac444 100644
--- a/Sources/CodexBarCore/Providers/VertexAI/VertexAIProviderDescriptor.swift
+++ b/Sources/CodexBarCore/Providers/VertexAI/VertexAIProviderDescriptor.swift
@@ -45,12 +45,12 @@ struct VertexAIOAuthFetchStrategy: ProviderFetchStrategy {
     let id: String = "vertexai.oauth"
     let kind: ProviderFetchKind = .oauth
 
-    func isAvailable(_: ProviderFetchContext) async -> Bool {
-        (try? VertexAIOAuthCredentialsStore.load()) != nil
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        VertexAIOAuthCredentialsStore.hasCredentials(environment: context.env)
     }
 
-    func fetch(_: ProviderFetchContext) async throws -> ProviderFetchResult {
-        var credentials = try VertexAIOAuthCredentialsStore.load()
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        var credentials = try await VertexAIOAuthCredentialsStore.loadForFetch(environment: context.env)
 
         // Refresh token if expired
         if credentials.needsRefresh {
diff --git a/Sources/CodexBarCore/Providers/Warp/WarpSettingsReader.swift b/Sources/CodexBarCore/Providers/Warp/WarpSettingsReader.swift
index cd3c639c1..afe5df0c3 100644
--- a/Sources/CodexBarCore/Providers/Warp/WarpSettingsReader.swift
+++ b/Sources/CodexBarCore/Providers/Warp/WarpSettingsReader.swift
@@ -28,8 +28,7 @@ public struct WarpSettingsReader: Sendable {
         if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
             (value.hasPrefix("'") && value.hasSuffix("'"))
         {
-            value.removeFirst()
-            value.removeLast()
+            value = String(value.dropFirst().dropLast())
         }
         return value.trimmingCharacters(in: .whitespacesAndNewlines)
     }
diff --git a/Sources/CodexBarCore/Providers/Warp/WarpUsageFetcher.swift b/Sources/CodexBarCore/Providers/Warp/WarpUsageFetcher.swift
index 79ec2e8f0..0114d81c4 100644
--- a/Sources/CodexBarCore/Providers/Warp/WarpUsageFetcher.swift
+++ b/Sources/CodexBarCore/Providers/Warp/WarpUsageFetcher.swift
@@ -206,16 +206,12 @@ public struct WarpUsageFetcher: Sendable {
 
         request.httpBody = try JSONSerialization.data(withJSONObject: body)
 
-        let (data, response) = try await URLSession.shared.data(for: request)
-
-        guard let httpResponse = response as? HTTPURLResponse else {
-            throw WarpUsageError.networkError("Invalid response")
-        }
-
-        guard httpResponse.statusCode == 200 else {
-            let summary = Self.apiErrorSummary(statusCode: httpResponse.statusCode, data: data)
-            Self.log.error("Warp API returned \(httpResponse.statusCode): \(summary)")
-            throw WarpUsageError.apiError(httpResponse.statusCode, summary)
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
+            let summary = Self.apiErrorSummary(statusCode: response.statusCode, data: data)
+            Self.log.error("Warp API returned \(response.statusCode): \(summary)")
+            throw WarpUsageError.apiError(response.statusCode, summary)
         }
 
         do {
@@ -293,13 +289,13 @@ public struct WarpUsageFetcher: Sendable {
             bonusNextExpirationRemaining: bonus.nextExpirationRemaining)
     }
 
-    private struct BonusGrant: Sendable {
+    private struct BonusGrant {
         let granted: Int
         let remaining: Int
         let expiration: Date?
     }
 
-    private struct BonusSummary: Sendable {
+    private struct BonusSummary {
         let remaining: Int
         let total: Int
         let nextExpiration: Date?
diff --git a/Sources/CodexBarCore/Providers/Windsurf/WindsurfDevinSessionImporter.swift b/Sources/CodexBarCore/Providers/Windsurf/WindsurfDevinSessionImporter.swift
new file mode 100644
index 000000000..47a3504ee
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Windsurf/WindsurfDevinSessionImporter.swift
@@ -0,0 +1,254 @@
+import Foundation
+#if os(macOS)
+import SweetCookieKit
+#endif
+
+#if os(macOS)
+enum WindsurfDevinSessionImporter {
+    nonisolated(unsafe) static var importSessionsOverrideForTesting:
+        ((BrowserDetection, ((String) -> Void)?) -> [SessionInfo])?
+    nonisolated(unsafe) static var importPreferredSessionsOverrideForTesting:
+        ((BrowserDetection, ((String) -> Void)?) -> [SessionInfo])?
+    nonisolated(unsafe) static var importFallbackSessionsOverrideForTesting:
+        ((BrowserDetection, ((String) -> Void)?) -> [SessionInfo])?
+    static let defaultPreferredBrowsers: [Browser] = [.chrome]
+    static let fallbackBrowsers: [Browser] = [
+        .chromeBeta,
+        .chromeCanary,
+        .edge,
+        .edgeBeta,
+        .edgeCanary,
+        .brave,
+        .braveBeta,
+        .braveNightly,
+        .vivaldi,
+        .arc,
+        .arcBeta,
+        .arcCanary,
+        .dia,
+        .chatgptAtlas,
+        .chromium,
+        .helium,
+    ]
+
+    struct SessionInfo: Equatable {
+        let session: WindsurfDevinSessionAuth
+        let sourceLabel: String
+    }
+
+    static func importSessions(
+        browserDetection: BrowserDetection,
+        logger: ((String) -> Void)? = nil) -> [SessionInfo]
+    {
+        if let override = self.importSessionsOverrideForTesting {
+            return override(browserDetection, logger)
+        }
+
+        let log: (String) -> Void = { msg in logger?("[windsurf-storage] \(msg)") }
+        let preferredSessions = self.importSessions(
+            browserDetection: browserDetection,
+            browsers: self.defaultPreferredBrowsers,
+            logger: log)
+        if !preferredSessions.isEmpty {
+            return preferredSessions
+        }
+
+        log("No Windsurf devin session found in Chrome; trying fallback Chromium browsers")
+        let sessions = self.importSessions(
+            browserDetection: browserDetection,
+            browsers: self.fallbackBrowsersExcluding(self.defaultPreferredBrowsers),
+            logger: log)
+
+        if sessions.isEmpty {
+            log("No Windsurf devin session found in browser local storage")
+        }
+
+        return sessions
+    }
+
+    static func importPreferredSessions(
+        browserDetection: BrowserDetection,
+        logger: ((String) -> Void)? = nil) -> [SessionInfo]
+    {
+        if let override = self.importPreferredSessionsOverrideForTesting {
+            return override(browserDetection, logger)
+        }
+        let log: (String) -> Void = { msg in logger?("[windsurf-storage] \(msg)") }
+        return self.importSessions(
+            browserDetection: browserDetection,
+            browsers: self.defaultPreferredBrowsers,
+            logger: log)
+    }
+
+    static func importFallbackSessions(
+        browserDetection: BrowserDetection,
+        logger: ((String) -> Void)? = nil) -> [SessionInfo]
+    {
+        if let override = self.importFallbackSessionsOverrideForTesting {
+            return override(browserDetection, logger)
+        }
+        let log: (String) -> Void = { msg in logger?("[windsurf-storage] \(msg)") }
+        return self.importSessions(
+            browserDetection: browserDetection,
+            browsers: self.fallbackBrowsersExcluding(self.defaultPreferredBrowsers),
+            logger: log)
+    }
+
+    static func fallbackBrowsersExcluding(_ preferredBrowsers: [Browser]) -> [Browser] {
+        let preferred = Set(preferredBrowsers)
+        return self.fallbackBrowsers.filter { !preferred.contains($0) }
+    }
+
+    static func deduplicateSessions(_ sessions: [SessionInfo]) -> [SessionInfo] {
+        var deduplicated: [SessionInfo] = []
+        var seenSessionTokens = Set<String>()
+
+        for session in sessions {
+            guard seenSessionTokens.insert(session.session.sessionToken).inserted else { continue }
+            deduplicated.append(session)
+        }
+
+        return deduplicated
+    }
+
+    static func session(from storage: [String: String], sourceLabel: String) -> SessionInfo? {
+        guard let sessionToken = storage["devin_session_token"],
+              let auth1Token = storage["devin_auth1_token"],
+              let accountID = storage["devin_account_id"],
+              let primaryOrgID = storage["devin_primary_org_id"]
+        else {
+            return nil
+        }
+
+        return SessionInfo(
+            session: WindsurfDevinSessionAuth(
+                sessionToken: sessionToken,
+                auth1Token: auth1Token,
+                accountID: accountID,
+                primaryOrgID: primaryOrgID),
+            sourceLabel: sourceLabel)
+    }
+
+    static func decodedStorageValue(_ value: String) -> String {
+        let trimmed = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return trimmed }
+
+        if let data = trimmed.data(using: .utf8),
+           let decoded = try? JSONDecoder().decode(String.self, from: data)
+        {
+            return decoded.trimmingCharacters(in: .whitespacesAndNewlines)
+        }
+
+        return trimmed.trimmingCharacters(in: CharacterSet(charactersIn: "\""))
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+
+    struct LocalStorageCandidate {
+        let label: String
+        let url: URL
+    }
+
+    private static func importSessions(
+        browserDetection: BrowserDetection,
+        browsers: [Browser],
+        logger: @escaping (String) -> Void) -> [SessionInfo]
+    {
+        var sessions: [SessionInfo] = []
+        let candidates = self.chromeLocalStorageCandidates(
+            browserDetection: browserDetection,
+            browsers: browsers)
+        if !candidates.isEmpty {
+            logger("Chrome local storage candidates: \(candidates.count)")
+        }
+
+        for candidate in candidates {
+            let storage = self.readLocalStorage(from: candidate.url, logger: logger)
+            guard let session = self.session(from: storage, sourceLabel: candidate.label) else { continue }
+            logger("Found Windsurf devin session in \(candidate.label)")
+            sessions.append(session)
+        }
+
+        return self.deduplicateSessions(sessions)
+    }
+
+    static func chromeLocalStorageCandidates(
+        browserDetection: BrowserDetection,
+        browsers: [Browser]) -> [LocalStorageCandidate]
+    {
+        let installedBrowsers = browsers.browsersWithProfileData(using: browserDetection)
+        let roots = ChromiumProfileLocator
+            .roots(for: installedBrowsers, homeDirectories: BrowserCookieClient.defaultHomeDirectories())
+            .map { (url: $0.url, labelPrefix: $0.labelPrefix) }
+
+        var candidates: [LocalStorageCandidate] = []
+        for root in roots {
+            candidates.append(contentsOf: self.chromeProfileLocalStorageDirs(
+                root: root.url,
+                labelPrefix: root.labelPrefix))
+        }
+        return candidates
+    }
+
+    private static func chromeProfileLocalStorageDirs(root: URL, labelPrefix: String) -> [LocalStorageCandidate] {
+        guard let entries = try? FileManager.default.contentsOfDirectory(
+            at: root,
+            includingPropertiesForKeys: [.isDirectoryKey],
+            options: [.skipsHiddenFiles])
+        else { return [] }
+
+        let profileDirs = entries.filter { url in
+            guard let isDir = (try? url.resourceValues(forKeys: [.isDirectoryKey]).isDirectory), isDir else {
+                return false
+            }
+            let name = url.lastPathComponent
+            return name == "Default" || name.hasPrefix("Profile ") || name.hasPrefix("user-")
+        }
+        .sorted { $0.lastPathComponent < $1.lastPathComponent }
+
+        return profileDirs.compactMap { dir in
+            let levelDBURL = dir.appendingPathComponent("Local Storage").appendingPathComponent("leveldb")
+            guard FileManager.default.fileExists(atPath: levelDBURL.path) else { return nil }
+            let label = "\(labelPrefix) \(dir.lastPathComponent)"
+            return LocalStorageCandidate(label: label, url: levelDBURL)
+        }
+    }
+
+    private static func readLocalStorage(
+        from levelDBURL: URL,
+        logger: ((String) -> Void)? = nil) -> [String: String]
+    {
+        var storage: [String: String] = [:]
+
+        let entries = SweetCookieKit.ChromiumLocalStorageReader.readEntries(
+            for: "https://windsurf.com",
+            in: levelDBURL,
+            logger: logger)
+
+        for entry in entries where Self.targetKeys.contains(entry.key) {
+            storage[entry.key] = self.decodedStorageValue(entry.value)
+        }
+
+        if storage.count == Self.targetKeys.count {
+            return storage
+        }
+
+        let textEntries = SweetCookieKit.ChromiumLocalStorageReader.readTextEntries(
+            in: levelDBURL,
+            logger: logger)
+
+        for entry in textEntries {
+            guard storage[entry.key] == nil, Self.targetKeys.contains(entry.key) else { continue }
+            storage[entry.key] = self.decodedStorageValue(entry.value)
+        }
+
+        return storage
+    }
+
+    private static let targetKeys: Set<String> = [
+        "devin_session_token",
+        "devin_auth1_token",
+        "devin_account_id",
+        "devin_primary_org_id",
+    ]
+}
+#endif
diff --git a/Sources/CodexBarCore/Providers/Windsurf/WindsurfProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Windsurf/WindsurfProviderDescriptor.swift
new file mode 100644
index 000000000..377fbc398
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Windsurf/WindsurfProviderDescriptor.swift
@@ -0,0 +1,101 @@
+import CodexBarMacroSupport
+import Foundation
+
+@ProviderDescriptorRegistration
+@ProviderDescriptorDefinition
+public enum WindsurfProviderDescriptor {
+    static func makeDescriptor() -> ProviderDescriptor {
+        ProviderDescriptor(
+            id: .windsurf,
+            metadata: ProviderMetadata(
+                id: .windsurf,
+                displayName: "Windsurf",
+                sessionLabel: "Daily",
+                weeklyLabel: "Weekly",
+                opusLabel: nil,
+                supportsOpus: false,
+                supportsCredits: false,
+                creditsHint: "",
+                toggleTitle: "Show Windsurf usage",
+                cliName: "windsurf",
+                defaultEnabled: false,
+                isPrimaryProvider: false,
+                usesAccountFallback: false,
+                dashboardURL: "https://windsurf.com/subscription/usage",
+                statusPageURL: nil),
+            branding: ProviderBranding(
+                iconStyle: .windsurf,
+                iconResourceName: "ProviderIcon-windsurf",
+                color: ProviderColor(red: 52 / 255, green: 232 / 255, blue: 187 / 255)),
+            tokenCost: ProviderTokenCostConfig(
+                supportsTokenCost: false,
+                noDataMessage: { "Windsurf cost summary is not supported." }),
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .web, .cli],
+                pipeline: ProviderFetchPipeline(resolveStrategies: { _ in
+                    [WindsurfWebFetchStrategy(), WindsurfLocalFetchStrategy()]
+                })),
+            cli: ProviderCLIConfig(
+                name: "windsurf",
+                versionDetector: nil))
+    }
+}
+
+struct WindsurfWebFetchStrategy: ProviderFetchStrategy {
+    let id: String = "windsurf.web"
+    let kind: ProviderFetchKind = .web
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        guard context.sourceMode.usesWeb else { return false }
+        guard context.settings?.windsurf?.cookieSource != .off else { return false }
+        return true
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        #if os(macOS)
+        let cookieSource = context.settings?.windsurf?.cookieSource ?? .auto
+        let manualToken = Self.manualToken(from: context)
+        let usage = try await WindsurfWebFetcher.fetchUsage(
+            browserDetection: context.browserDetection,
+            cookieSource: cookieSource,
+            manualSessionInput: manualToken,
+            timeout: context.webTimeout,
+            logger: context.verbose ? { print($0) } : nil)
+        return self.makeResult(usage: usage, sourceLabel: "windsurf-web")
+        #else
+        throw WindsurfStatusProbeError.notSupported
+        #endif
+    }
+
+    func shouldFallback(on _: Error, context: ProviderFetchContext) -> Bool {
+        context.sourceMode == .auto
+    }
+
+    private static func manualToken(from context: ProviderFetchContext) -> String? {
+        guard context.settings?.windsurf?.cookieSource == .manual else { return nil }
+        let header = context.settings?.windsurf?.manualCookieHeader ?? ""
+        return header.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty ? nil : header
+    }
+}
+
+struct WindsurfLocalFetchStrategy: ProviderFetchStrategy {
+    let id: String = "windsurf.local"
+    let kind: ProviderFetchKind = .localProbe
+
+    func isAvailable(_ context: ProviderFetchContext) async -> Bool {
+        context.sourceMode != .web
+    }
+
+    func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let probe = WindsurfStatusProbe()
+        let planInfo = try probe.fetch()
+        let usage = planInfo.toUsageSnapshot()
+        return self.makeResult(
+            usage: usage,
+            sourceLabel: "local")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Windsurf/WindsurfStatusProbe.swift b/Sources/CodexBarCore/Providers/Windsurf/WindsurfStatusProbe.swift
new file mode 100644
index 000000000..73f863ec8
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Windsurf/WindsurfStatusProbe.swift
@@ -0,0 +1,281 @@
+import Foundation
+
+// MARK: - Cached Plan Info (Codable)
+
+public struct WindsurfCachedPlanInfo: Codable, Sendable {
+    public let planName: String?
+    public let startTimestamp: Int64?
+    public let endTimestamp: Int64?
+    public let usage: Usage?
+    public let quotaUsage: QuotaUsage?
+
+    public struct Usage: Codable, Sendable {
+        public let messages: Int?
+        public let usedMessages: Int?
+        public let remainingMessages: Int?
+        public let flowActions: Int?
+        public let usedFlowActions: Int?
+        public let remainingFlowActions: Int?
+        public let flexCredits: Int?
+        public let usedFlexCredits: Int?
+        public let remainingFlexCredits: Int?
+    }
+
+    public struct QuotaUsage: Codable, Sendable {
+        public let dailyRemainingPercent: Double?
+        public let weeklyRemainingPercent: Double?
+        public let dailyResetAtUnix: Int64?
+        public let weeklyResetAtUnix: Int64?
+    }
+}
+
+// MARK: - Errors & Probe
+
+#if os(macOS)
+
+import SQLite3
+
+public enum WindsurfStatusProbeError: LocalizedError, Sendable, Equatable {
+    case dbNotFound(String)
+    case sqliteFailed(String)
+    case noData
+    case parseFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case let .dbNotFound(path):
+            "Windsurf database not found at \(path). Ensure Windsurf is installed and has been launched at least once."
+        case let .sqliteFailed(message):
+            "SQLite error reading Windsurf data: \(message)"
+        case .noData:
+            "No plan data found in Windsurf database. Sign in to Windsurf first."
+        case let .parseFailed(message):
+            "Could not parse Windsurf plan data: \(message)"
+        }
+    }
+}
+
+// MARK: - Probe
+
+public struct WindsurfStatusProbe: Sendable {
+    private static let defaultDBPath: String = {
+        let home = NSHomeDirectory()
+        return "\(home)/Library/Application Support/Windsurf/User/globalStorage/state.vscdb"
+    }()
+
+    private static let query = "SELECT value FROM ItemTable WHERE key = 'windsurf.settings.cachedPlanInfo' LIMIT 1;"
+
+    private let dbPath: String
+
+    public init(dbPath: String? = nil) {
+        self.dbPath = dbPath ?? Self.defaultDBPath
+    }
+
+    public func fetch() throws -> WindsurfCachedPlanInfo {
+        guard FileManager.default.fileExists(atPath: self.dbPath) else {
+            throw WindsurfStatusProbeError.dbNotFound(self.dbPath)
+        }
+
+        var db: OpaquePointer?
+        guard sqlite3_open_v2(self.dbPath, &db, SQLITE_OPEN_READONLY, nil) == SQLITE_OK else {
+            let message = db.flatMap { String(cString: sqlite3_errmsg($0)) } ?? "unknown error"
+            sqlite3_close(db)
+            throw WindsurfStatusProbeError.sqliteFailed(message)
+        }
+        defer { sqlite3_close(db) }
+
+        sqlite3_busy_timeout(db, 250)
+
+        var stmt: OpaquePointer?
+        guard sqlite3_prepare_v2(db, Self.query, -1, &stmt, nil) == SQLITE_OK else {
+            let message = db.flatMap { String(cString: sqlite3_errmsg($0)) } ?? "unknown error"
+            throw WindsurfStatusProbeError.sqliteFailed(message)
+        }
+        defer { sqlite3_finalize(stmt) }
+
+        let stepResult = sqlite3_step(stmt)
+        guard stepResult == SQLITE_ROW else {
+            if stepResult == SQLITE_DONE {
+                throw WindsurfStatusProbeError.noData
+            }
+            let message = db.flatMap { String(cString: sqlite3_errmsg($0)) } ?? "unknown error"
+            throw WindsurfStatusProbeError.sqliteFailed(message)
+        }
+
+        guard let jsonString = Self.decodeSQLiteValue(stmt: stmt, index: 0) else {
+            throw WindsurfStatusProbeError.noData
+        }
+        guard let jsonData = jsonString.data(using: .utf8) else {
+            throw WindsurfStatusProbeError.parseFailed("Invalid UTF-8 encoding")
+        }
+
+        do {
+            return try JSONDecoder().decode(WindsurfCachedPlanInfo.self, from: jsonData)
+        } catch {
+            throw WindsurfStatusProbeError.parseFailed(error.localizedDescription)
+        }
+    }
+
+    private static func decodeSQLiteValue(stmt: OpaquePointer?, index: Int32) -> String? {
+        switch sqlite3_column_type(stmt, index) {
+        case SQLITE_TEXT:
+            guard let c = sqlite3_column_text(stmt, index) else { return nil }
+            return String(cString: c)
+        case SQLITE_BLOB:
+            guard let bytes = sqlite3_column_blob(stmt, index) else { return nil }
+            let data = Data(bytes: bytes, count: Int(sqlite3_column_bytes(stmt, index)))
+            // VSCode/Windsurf state.vscdb schema declares value as BLOB;
+            // only accept decodes that still parse as JSON to avoid UTF-16 mojibake.
+            return self.decodeJSONBlob(data)
+        default:
+            return nil
+        }
+    }
+
+    private static func decodeJSONBlob(_ data: Data) -> String? {
+        for encoding in [String.Encoding.utf8, .utf16LittleEndian] {
+            guard let decoded = String(data: data, encoding: encoding) else { continue }
+            let trimmed = decoded.trimmingCharacters(in: .controlCharacters)
+            guard let jsonData = trimmed.data(using: .utf8),
+                  (try? JSONSerialization.jsonObject(with: jsonData)) != nil
+            else {
+                continue
+            }
+            return trimmed
+        }
+        return nil
+    }
+}
+
+#else
+
+// MARK: - Windsurf (Unsupported)
+
+public enum WindsurfStatusProbeError: LocalizedError, Sendable, Equatable {
+    case notSupported
+
+    public var errorDescription: String? {
+        "Windsurf is only supported on macOS."
+    }
+}
+
+public struct WindsurfStatusProbe: Sendable {
+    public init(dbPath _: String? = nil) {}
+
+    public func fetch() throws -> WindsurfCachedPlanInfo {
+        throw WindsurfStatusProbeError.notSupported
+    }
+}
+
+#endif
+
+// MARK: - Conversion to UsageSnapshot
+
+extension WindsurfCachedPlanInfo {
+    public func toUsageSnapshot() -> UsageSnapshot {
+        var primary: RateWindow?
+        var secondary: RateWindow?
+
+        if let quota = self.quotaUsage {
+            // Primary: daily usage (usedPercent = 100 - dailyRemainingPercent)
+            if let daily = quota.dailyRemainingPercent {
+                let resetDate = quota.dailyResetAtUnix.map {
+                    Date(timeIntervalSince1970: TimeInterval($0))
+                }
+                primary = RateWindow(
+                    usedPercent: max(0, min(100, 100 - daily)),
+                    windowMinutes: nil,
+                    resetsAt: resetDate,
+                    resetDescription: Self.formatResetDescription(resetDate))
+            }
+
+            // Secondary: weekly usage
+            if let weekly = quota.weeklyRemainingPercent {
+                let resetDate = quota.weeklyResetAtUnix.map {
+                    Date(timeIntervalSince1970: TimeInterval($0))
+                }
+                secondary = RateWindow(
+                    usedPercent: max(0, min(100, 100 - weekly)),
+                    windowMinutes: nil,
+                    resetsAt: resetDate,
+                    resetDescription: Self.formatResetDescription(resetDate))
+            }
+        }
+
+        if primary == nil, let usage = self.usage {
+            primary = Self.makeUsageWindow(
+                used: usage.usedMessages,
+                remaining: usage.remainingMessages,
+                total: usage.messages,
+                unit: "messages")
+        }
+
+        if secondary == nil, let usage = self.usage {
+            secondary = Self.makeUsageWindow(
+                used: usage.usedFlowActions,
+                remaining: usage.remainingFlowActions,
+                total: usage.flowActions,
+                unit: "flow actions")
+        }
+
+        // Identity
+        var orgDescription: String?
+        if let endTimestamp = self.endTimestamp {
+            let endDate = Date(timeIntervalSince1970: TimeInterval(endTimestamp) / 1000)
+            let formatter = DateFormatter()
+            formatter.dateStyle = .medium
+            formatter.timeStyle = .none
+            orgDescription = "Expires \(formatter.string(from: endDate))"
+        }
+
+        let identity = ProviderIdentitySnapshot(
+            providerID: .windsurf,
+            accountEmail: nil,
+            accountOrganization: orgDescription,
+            loginMethod: self.planName)
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: secondary,
+            updatedAt: Date(),
+            identity: identity)
+    }
+
+    private static func makeUsageWindow(
+        used rawUsed: Int?,
+        remaining rawRemaining: Int?,
+        total rawTotal: Int?,
+        unit: String) -> RateWindow?
+    {
+        guard let total = rawTotal, total > 0 else { return nil }
+        let inferredUsed = rawUsed ?? rawRemaining.map { max(0, total - $0) }
+        guard let used = inferredUsed else { return nil }
+        let clampedUsed = max(0, min(total, used))
+        let usedPercent = max(0, min(100, Double(clampedUsed) / Double(total) * 100))
+        return RateWindow(
+            usedPercent: usedPercent,
+            windowMinutes: nil,
+            resetsAt: nil,
+            resetDescription: "\(clampedUsed) / \(total) \(unit)")
+    }
+
+    private static func formatResetDescription(_ date: Date?) -> String? {
+        guard let date else { return nil }
+        let now = Date()
+        let interval = date.timeIntervalSince(now)
+        guard interval > 0 else { return "Expired" }
+
+        let hours = Int(interval / 3600)
+        let minutes = Int((interval.truncatingRemainder(dividingBy: 3600)) / 60)
+
+        if hours > 24 {
+            let days = hours / 24
+            let remainingHours = hours % 24
+            return "Resets in \(days)d \(remainingHours)h"
+        } else if hours > 0 {
+            return "Resets in \(hours)h \(minutes)m"
+        } else {
+            return "Resets in \(minutes)m"
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Windsurf/WindsurfUsageDataSource.swift b/Sources/CodexBarCore/Providers/Windsurf/WindsurfUsageDataSource.swift
new file mode 100644
index 000000000..1330be598
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Windsurf/WindsurfUsageDataSource.swift
@@ -0,0 +1,27 @@
+import Foundation
+
+public enum WindsurfUsageDataSource: String, CaseIterable, Identifiable, Sendable {
+    case auto
+    case web
+    case cli
+
+    public var id: String {
+        self.rawValue
+    }
+
+    public var displayName: String {
+        switch self {
+        case .auto: "Auto"
+        case .web: "Web API (IndexedDB)"
+        case .cli: "Local (SQLite cache)"
+        }
+    }
+
+    public var sourceLabel: String {
+        switch self {
+        case .auto: "auto"
+        case .web: "web"
+        case .cli: "cli"
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Providers/Windsurf/WindsurfWebFetcher.swift b/Sources/CodexBarCore/Providers/Windsurf/WindsurfWebFetcher.swift
new file mode 100644
index 000000000..e936389bd
--- /dev/null
+++ b/Sources/CodexBarCore/Providers/Windsurf/WindsurfWebFetcher.swift
@@ -0,0 +1,678 @@
+import Foundation
+
+// MARK: - API Response Model
+
+public struct WindsurfGetPlanStatusResponse: Sendable, Equatable {
+    public let planStatus: PlanStatus?
+
+    public struct PlanStatus: Sendable, Equatable {
+        public let planInfo: PlanInfo?
+        public let planStart: Date?
+        public let planEnd: Date?
+        public let dailyQuotaRemainingPercent: Int?
+        public let weeklyQuotaRemainingPercent: Int?
+        public let dailyQuotaResetAtUnix: Int64?
+        public let weeklyQuotaResetAtUnix: Int64?
+        public let topUpStatus: TopUpStatus?
+        public let gracePeriodStatus: Int?
+
+        public struct PlanInfo: Sendable, Equatable {
+            public let planName: String?
+            public let teamsTier: Int?
+        }
+
+        public struct TopUpStatus: Sendable, Equatable {
+            public let topUpTransactionStatus: Int?
+        }
+    }
+}
+
+// MARK: - Conversion to UsageSnapshot
+
+extension WindsurfGetPlanStatusResponse {
+    public func toUsageSnapshot() -> UsageSnapshot {
+        var primary: RateWindow?
+        var secondary: RateWindow?
+
+        if let status = self.planStatus {
+            if let daily = status.dailyQuotaRemainingPercent {
+                let resetDate = status.dailyQuotaResetAtUnix.map {
+                    Date(timeIntervalSince1970: TimeInterval($0))
+                }
+                primary = RateWindow(
+                    usedPercent: max(0, min(100, 100 - Double(daily))),
+                    windowMinutes: nil,
+                    resetsAt: resetDate,
+                    resetDescription: Self.formatResetDescription(resetDate))
+            }
+
+            if let weekly = status.weeklyQuotaRemainingPercent {
+                let resetDate = status.weeklyQuotaResetAtUnix.map {
+                    Date(timeIntervalSince1970: TimeInterval($0))
+                }
+                secondary = RateWindow(
+                    usedPercent: max(0, min(100, 100 - Double(weekly))),
+                    windowMinutes: nil,
+                    resetsAt: resetDate,
+                    resetDescription: Self.formatResetDescription(resetDate))
+            }
+        }
+
+        var orgDescription: String?
+        if let endDate = self.planStatus?.planEnd {
+            let formatter = DateFormatter()
+            formatter.dateStyle = .medium
+            formatter.timeStyle = .none
+            orgDescription = "Expires \(formatter.string(from: endDate))"
+        }
+
+        let identity = ProviderIdentitySnapshot(
+            providerID: .windsurf,
+            accountEmail: nil,
+            accountOrganization: orgDescription,
+            loginMethod: self.planStatus?.planInfo?.planName)
+
+        return UsageSnapshot(
+            primary: primary,
+            secondary: secondary,
+            updatedAt: Date(),
+            identity: identity)
+    }
+
+    private static func formatResetDescription(_ date: Date?) -> String? {
+        guard let date else { return nil }
+        let now = Date()
+        let interval = date.timeIntervalSince(now)
+        guard interval > 0 else { return "Expired" }
+
+        let hours = Int(interval / 3600)
+        let minutes = Int((interval.truncatingRemainder(dividingBy: 3600)) / 60)
+
+        if hours > 24 {
+            let days = hours / 24
+            let remainingHours = hours % 24
+            return "Resets in \(days)d \(remainingHours)h"
+        } else if hours > 0 {
+            return "Resets in \(hours)h \(minutes)m"
+        } else {
+            return "Resets in \(minutes)m"
+        }
+    }
+}
+
+// MARK: - Session Material
+
+#if os(macOS)
+
+struct WindsurfDevinSessionAuth: Codable, Equatable {
+    let sessionToken: String
+    let auth1Token: String
+    let accountID: String
+    let primaryOrgID: String
+}
+
+public enum WindsurfWebFetcherError: LocalizedError, Sendable {
+    case noSessionData
+    case invalidManualSession(String)
+    case apiCallFailed(String)
+
+    public var errorDescription: String? {
+        switch self {
+        case .noSessionData:
+            "No Windsurf web session found in Chromium localStorage. Sign in to windsurf.com in Chrome or Edge first."
+        case let .invalidManualSession(message):
+            "Invalid Windsurf session payload: \(message)"
+        case let .apiCallFailed(message):
+            "Windsurf API call failed: \(message)"
+        }
+    }
+}
+
+public enum WindsurfWebFetcher {
+    private static let windsurfOrigin = "https://windsurf.com"
+    private static let windsurfProfileReferer = "https://windsurf.com/profile"
+    private static let getPlanStatusURL = "https://windsurf.com/_backend/exa.seat_management_pb.SeatManagementService/GetPlanStatus"
+
+    public static func fetchUsage(
+        browserDetection: BrowserDetection,
+        cookieSource: ProviderCookieSource = .auto,
+        manualSessionInput: String? = nil,
+        timeout: TimeInterval = 15,
+        logger: ((String) -> Void)? = nil,
+        session transport: any ProviderHTTPTransport = ProviderHTTPClient.shared) async throws -> UsageSnapshot
+    {
+        let log: (String) -> Void = { msg in logger?("[windsurf-web] \(msg)") }
+
+        if cookieSource == .manual {
+            guard let manualSessionInput,
+                  !manualSessionInput.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+            else {
+                throw WindsurfWebFetcherError.invalidManualSession("empty input")
+            }
+            log("Using manual Windsurf session bundle")
+            let auth = try self.parseManualSessionInput(manualSessionInput)
+            let response = try await self.fetchPlanStatus(auth: auth, timeout: timeout, transport: transport)
+            return response.toUsageSnapshot()
+        }
+
+        guard cookieSource != .off else {
+            throw WindsurfWebFetcherError.noSessionData
+        }
+
+        let preferredSessionInfos = WindsurfDevinSessionImporter.importPreferredSessions(
+            browserDetection: browserDetection,
+            logger: logger)
+        let sessionInfos = preferredSessionInfos.isEmpty
+            ? WindsurfDevinSessionImporter.importFallbackSessions(
+                browserDetection: browserDetection,
+                logger: logger)
+            : preferredSessionInfos
+        guard !sessionInfos.isEmpty else {
+            throw WindsurfWebFetcherError.noSessionData
+        }
+
+        do {
+            return try await self.fetchUsage(
+                sessionInfos: sessionInfos,
+                timeout: timeout,
+                logger: log,
+                transport: transport)
+        } catch {
+            guard !preferredSessionInfos.isEmpty, self.isRecoverableImportedSessionError(error) else {
+                throw error
+            }
+        }
+
+        log("Chrome Windsurf sessions failed; trying fallback Chromium browser sessions")
+        let fallbackSessionInfos = WindsurfDevinSessionImporter.importFallbackSessions(
+            browserDetection: browserDetection,
+            logger: logger)
+        guard !fallbackSessionInfos.isEmpty else {
+            throw WindsurfWebFetcherError.noSessionData
+        }
+        return try await self.fetchUsage(
+            sessionInfos: fallbackSessionInfos,
+            timeout: timeout,
+            logger: log,
+            transport: transport)
+    }
+
+    static func parseManualSessionInput(_ raw: String) throws -> WindsurfDevinSessionAuth {
+        let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else {
+            throw WindsurfWebFetcherError.invalidManualSession("empty input")
+        }
+
+        if let auth = self.parseJSONSessionInput(trimmed) {
+            return auth
+        }
+
+        if let auth = self.parseKeyValueSessionInput(trimmed) {
+            return auth
+        }
+
+        throw WindsurfWebFetcherError.invalidManualSession(
+            "expected JSON with devin_session_token, devin_auth1_token, devin_account_id, and devin_primary_org_id")
+    }
+
+    private static func parseJSONSessionInput(_ raw: String) -> WindsurfDevinSessionAuth? {
+        guard let data = raw.data(using: .utf8),
+              let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any]
+        else {
+            return nil
+        }
+        return self.sessionAuth(from: json)
+    }
+
+    private static func parseKeyValueSessionInput(_ raw: String) -> WindsurfDevinSessionAuth? {
+        let separators = CharacterSet(charactersIn: "\n,;")
+        let segments = raw
+            .trimmingCharacters(in: CharacterSet(charactersIn: "{}"))
+            .components(separatedBy: separators)
+            .map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
+            .filter { !$0.isEmpty }
+
+        var values: [String: String] = [:]
+        for segment in segments {
+            let delimiter: Character? = segment.contains("=") ? "=" : (segment.contains(":") ? ":" : nil)
+            guard let delimiter, let index = segment.firstIndex(of: delimiter) else { continue }
+            let key = String(segment[..<index]).trimmingCharacters(in: .whitespacesAndNewlines)
+            let value = String(segment[segment.index(after: index)...]).trimmingCharacters(in: .whitespacesAndNewlines)
+            values[key] = value.trimmingCharacters(in: CharacterSet(charactersIn: "\"'"))
+        }
+
+        guard !values.isEmpty else { return nil }
+        return self.sessionAuth(from: values)
+    }
+
+    private static func isRecoverableImportedSessionError(_ error: Error) -> Bool {
+        guard case let WindsurfWebFetcherError.apiCallFailed(message) = error else {
+            return false
+        }
+
+        return ["HTTP 400", "HTTP 401", "HTTP 403"].contains { message.hasPrefix($0) }
+    }
+
+    private static func fetchUsage(
+        sessionInfos: [WindsurfDevinSessionImporter.SessionInfo],
+        timeout: TimeInterval,
+        logger log: (String) -> Void,
+        transport: any ProviderHTTPTransport) async throws -> UsageSnapshot
+    {
+        var lastError: Error?
+        for sessionInfo in sessionInfos {
+            do {
+                log("Using devin session from \(sessionInfo.sourceLabel)")
+                let response = try await self.fetchPlanStatus(
+                    auth: sessionInfo.session,
+                    timeout: timeout,
+                    transport: transport)
+                return response.toUsageSnapshot()
+            } catch {
+                guard self.isRecoverableImportedSessionError(error) else {
+                    throw error
+                }
+                lastError = error
+                log("Windsurf devin session from \(sessionInfo.sourceLabel) failed; trying next imported session")
+            }
+        }
+
+        throw lastError ?? WindsurfWebFetcherError.noSessionData
+    }
+
+    private static func sessionAuth(from values: [String: Any]) -> WindsurfDevinSessionAuth? {
+        func stringValue(for keys: [String]) -> String? {
+            for key in keys {
+                if let value = values[key] as? String {
+                    let trimmed = value.trimmingCharacters(in: .whitespacesAndNewlines)
+                    if !trimmed.isEmpty {
+                        return trimmed
+                    }
+                }
+            }
+            return nil
+        }
+
+        guard let sessionToken = stringValue(for: ["devin_session_token", "devinSessionToken", "sessionToken"]),
+              let auth1Token = stringValue(for: ["devin_auth1_token", "devinAuth1Token", "auth1Token"]),
+              let accountID = stringValue(for: ["devin_account_id", "devinAccountId", "accountID", "accountId"]),
+              let primaryOrgID = stringValue(for: [
+                  "devin_primary_org_id",
+                  "devinPrimaryOrgId",
+                  "primaryOrgID",
+                  "primaryOrgId",
+              ])
+        else {
+            return nil
+        }
+
+        return WindsurfDevinSessionAuth(
+            sessionToken: sessionToken,
+            auth1Token: auth1Token,
+            accountID: accountID,
+            primaryOrgID: primaryOrgID)
+    }
+
+    private static func fetchPlanStatus(
+        auth: WindsurfDevinSessionAuth,
+        timeout: TimeInterval,
+        transport: any ProviderHTTPTransport) async throws -> WindsurfGetPlanStatusResponse
+    {
+        guard let url = URL(string: self.getPlanStatusURL) else {
+            throw WindsurfWebFetcherError.apiCallFailed("Invalid GetPlanStatus URL")
+        }
+
+        var request = URLRequest(url: url)
+        request.timeoutInterval = timeout
+        request.httpMethod = "POST"
+        request.setValue("application/proto", forHTTPHeaderField: "Content-Type")
+        request.setValue("1", forHTTPHeaderField: "Connect-Protocol-Version")
+        self.applyWindsurfHeaders(to: &request, auth: auth)
+        request.httpBody = WindsurfPlanStatusProtoCodec.encodeRequest(
+            authToken: auth.sessionToken,
+            includeTopUpStatus: true)
+
+        let response: ProviderHTTPResponse
+        do {
+            response = try await transport.response(for: request)
+        } catch let error as URLError where error.code == .badServerResponse {
+            throw WindsurfWebFetcherError.apiCallFailed("Invalid response")
+        } catch {
+            throw error
+        }
+
+        guard response.statusCode == 200 else {
+            let body = String(data: response.data, encoding: .utf8)?
+                .trimmingCharacters(in: .whitespacesAndNewlines)
+            let snippet = if let body, !body.isEmpty {
+                ": \(body.prefix(200))"
+            } else {
+                ": <binary \(response.data.count) bytes>"
+            }
+            throw WindsurfWebFetcherError.apiCallFailed("HTTP \(response.statusCode)\(snippet)")
+        }
+
+        do {
+            return try WindsurfPlanStatusProtoCodec.decodeResponse(response.data)
+        } catch {
+            throw WindsurfWebFetcherError.apiCallFailed("Parse error: \(error.localizedDescription)")
+        }
+    }
+
+    private static func applyWindsurfHeaders(to request: inout URLRequest, auth: WindsurfDevinSessionAuth) {
+        request.setValue(self.windsurfOrigin, forHTTPHeaderField: "Origin")
+        request.setValue(self.windsurfProfileReferer, forHTTPHeaderField: "Referer")
+        request.setValue(auth.sessionToken, forHTTPHeaderField: "x-auth-token")
+        request.setValue(auth.sessionToken, forHTTPHeaderField: "x-devin-session-token")
+        request.setValue(auth.auth1Token, forHTTPHeaderField: "x-devin-auth1-token")
+        request.setValue(auth.accountID, forHTTPHeaderField: "x-devin-account-id")
+        request.setValue(auth.primaryOrgID, forHTTPHeaderField: "x-devin-primary-org-id")
+    }
+}
+
+enum WindsurfPlanStatusProtoCodec {
+    /// Field numbers come from Windsurf's bundled protobuf metadata in
+    /// `/Applications/Windsurf.app/.../extension.js` and were re-verified against live browser traffic on 2026-04-17.
+    struct Request: Equatable {
+        let authToken: String
+        let includeTopUpStatus: Bool
+    }
+
+    static func encodeRequest(authToken: String, includeTopUpStatus: Bool) -> Data {
+        var data = Data()
+        self.appendFieldKey(1, wireType: .lengthDelimited, to: &data)
+        self.appendString(authToken, to: &data)
+        self.appendFieldKey(2, wireType: .varint, to: &data)
+        self.appendVarint(includeTopUpStatus ? 1 : 0, to: &data)
+        return data
+    }
+
+    static func decodeRequest(_ data: Data) throws -> Request {
+        var reader = ProtoReader(data: data)
+        var authToken: String?
+        var includeTopUpStatus = false
+
+        while let field = try reader.nextField() {
+            switch (field.number, field.wireType) {
+            case (1, .lengthDelimited):
+                authToken = try reader.readString()
+            case (2, .varint):
+                includeTopUpStatus = try reader.readVarint() != 0
+            default:
+                try reader.skipFieldBody(wireType: field.wireType)
+            }
+        }
+
+        guard let authToken else {
+            throw WindsurfProtoError.missingField("auth_token")
+        }
+
+        return Request(authToken: authToken, includeTopUpStatus: includeTopUpStatus)
+    }
+
+    static func decodeResponse(_ data: Data) throws -> WindsurfGetPlanStatusResponse {
+        var reader = ProtoReader(data: data)
+        var planStatus: WindsurfGetPlanStatusResponse.PlanStatus?
+
+        while let field = try reader.nextField() {
+            switch (field.number, field.wireType) {
+            case (1, .lengthDelimited):
+                planStatus = try self.decodePlanStatus(from: reader.readLengthDelimitedData())
+            default:
+                try reader.skipFieldBody(wireType: field.wireType)
+            }
+        }
+
+        return WindsurfGetPlanStatusResponse(planStatus: planStatus)
+    }
+
+    private static func decodePlanStatus(from data: Data) throws -> WindsurfGetPlanStatusResponse.PlanStatus {
+        var reader = ProtoReader(data: data)
+        var planInfo: WindsurfGetPlanStatusResponse.PlanStatus.PlanInfo?
+        var planStart: Date?
+        var planEnd: Date?
+        var dailyQuotaRemainingPercent: Int?
+        var weeklyQuotaRemainingPercent: Int?
+        var dailyQuotaResetAtUnix: Int64?
+        var weeklyQuotaResetAtUnix: Int64?
+        var topUpStatus: WindsurfGetPlanStatusResponse.PlanStatus.TopUpStatus?
+        var gracePeriodStatus: Int?
+
+        while let field = try reader.nextField() {
+            switch (field.number, field.wireType) {
+            case (1, .lengthDelimited):
+                planInfo = try self.decodePlanInfo(from: reader.readLengthDelimitedData())
+            case (2, .lengthDelimited):
+                planStart = try self.decodeTimestamp(from: reader.readLengthDelimitedData())
+            case (3, .lengthDelimited):
+                planEnd = try self.decodeTimestamp(from: reader.readLengthDelimitedData())
+            case (10, .lengthDelimited):
+                topUpStatus = try self.decodeTopUpStatus(from: reader.readLengthDelimitedData())
+            case (12, .varint):
+                gracePeriodStatus = try Int(reader.readVarint())
+            case (14, .varint):
+                dailyQuotaRemainingPercent = try Int(reader.readVarint())
+            case (15, .varint):
+                weeklyQuotaRemainingPercent = try Int(reader.readVarint())
+            case (17, .varint):
+                dailyQuotaResetAtUnix = try Int64(reader.readVarint())
+            case (18, .varint):
+                weeklyQuotaResetAtUnix = try Int64(reader.readVarint())
+            default:
+                try reader.skipFieldBody(wireType: field.wireType)
+            }
+        }
+
+        return WindsurfGetPlanStatusResponse.PlanStatus(
+            planInfo: planInfo,
+            planStart: planStart,
+            planEnd: planEnd,
+            dailyQuotaRemainingPercent: dailyQuotaRemainingPercent,
+            weeklyQuotaRemainingPercent: weeklyQuotaRemainingPercent,
+            dailyQuotaResetAtUnix: dailyQuotaResetAtUnix,
+            weeklyQuotaResetAtUnix: weeklyQuotaResetAtUnix,
+            topUpStatus: topUpStatus,
+            gracePeriodStatus: gracePeriodStatus)
+    }
+
+    private static func decodePlanInfo(
+        from data: Data) throws -> WindsurfGetPlanStatusResponse.PlanStatus.PlanInfo
+    {
+        var reader = ProtoReader(data: data)
+        var planName: String?
+        var teamsTier: Int?
+
+        while let field = try reader.nextField() {
+            switch (field.number, field.wireType) {
+            case (1, .varint):
+                teamsTier = try Int(reader.readVarint())
+            case (2, .lengthDelimited):
+                planName = try reader.readString()
+            default:
+                try reader.skipFieldBody(wireType: field.wireType)
+            }
+        }
+
+        return WindsurfGetPlanStatusResponse.PlanStatus.PlanInfo(planName: planName, teamsTier: teamsTier)
+    }
+
+    private static func decodeTopUpStatus(
+        from data: Data) throws -> WindsurfGetPlanStatusResponse.PlanStatus.TopUpStatus
+    {
+        var reader = ProtoReader(data: data)
+        var topUpTransactionStatus: Int?
+
+        while let field = try reader.nextField() {
+            switch (field.number, field.wireType) {
+            case (1, .varint):
+                topUpTransactionStatus = try Int(reader.readVarint())
+            default:
+                try reader.skipFieldBody(wireType: field.wireType)
+            }
+        }
+
+        return WindsurfGetPlanStatusResponse.PlanStatus.TopUpStatus(
+            topUpTransactionStatus: topUpTransactionStatus)
+    }
+
+    private static func decodeTimestamp(from data: Data) throws -> Date {
+        var reader = ProtoReader(data: data)
+        var seconds: Int64 = 0
+        var nanos: Int32 = 0
+
+        while let field = try reader.nextField() {
+            switch (field.number, field.wireType) {
+            case (1, .varint):
+                seconds = try Int64(reader.readVarint())
+            case (2, .varint):
+                nanos = try Int32(reader.readVarint())
+            default:
+                try reader.skipFieldBody(wireType: field.wireType)
+            }
+        }
+
+        let timeInterval = TimeInterval(seconds) + (TimeInterval(nanos) / 1_000_000_000)
+        return Date(timeIntervalSince1970: timeInterval)
+    }
+
+    private static func appendString(_ string: String, to data: inout Data) {
+        let encoded = Data(string.utf8)
+        self.appendVarint(UInt64(encoded.count), to: &data)
+        data.append(encoded)
+    }
+
+    private static func appendFieldKey(_ fieldNumber: Int, wireType: ProtoWireType, to data: inout Data) {
+        self.appendVarint(UInt64((fieldNumber << 3) | Int(wireType.rawValue)), to: &data)
+    }
+
+    private static func appendVarint(_ value: UInt64, to data: inout Data) {
+        var remaining = value
+        while remaining >= 0x80 {
+            data.append(UInt8((remaining & 0x7F) | 0x80))
+            remaining >>= 7
+        }
+        data.append(UInt8(remaining))
+    }
+}
+
+enum WindsurfProtoError: LocalizedError {
+    case truncated
+    case invalidWireType(UInt64)
+    case invalidUTF8
+    case missingField(String)
+    case unsupportedWireType(ProtoWireType)
+    case malformedFieldKey
+
+    var errorDescription: String? {
+        switch self {
+        case .truncated:
+            "truncated protobuf payload"
+        case let .invalidWireType(rawValue):
+            "invalid wire type \(rawValue)"
+        case .invalidUTF8:
+            "invalid UTF-8 string"
+        case let .missingField(name):
+            "missing protobuf field \(name)"
+        case let .unsupportedWireType(type):
+            "unsupported protobuf wire type \(type.rawValue)"
+        case .malformedFieldKey:
+            "malformed protobuf field key"
+        }
+    }
+}
+
+enum ProtoWireType: UInt64 {
+    case varint = 0
+    case fixed64 = 1
+    case lengthDelimited = 2
+    case startGroup = 3
+    case endGroup = 4
+    case fixed32 = 5
+}
+
+private struct ProtoField {
+    let number: Int
+    let wireType: ProtoWireType
+}
+
+private struct ProtoReader {
+    private let bytes: [UInt8]
+    private var index: Int = 0
+
+    init(data: Data) {
+        self.bytes = Array(data)
+    }
+
+    mutating func nextField() throws -> ProtoField? {
+        guard self.index < self.bytes.count else { return nil }
+        let key = try self.readVarint()
+        let number = Int(key >> 3)
+        guard number > 0 else {
+            throw WindsurfProtoError.malformedFieldKey
+        }
+        guard let wireType = ProtoWireType(rawValue: key & 0x07) else {
+            throw WindsurfProtoError.invalidWireType(key & 0x07)
+        }
+        return ProtoField(number: number, wireType: wireType)
+    }
+
+    mutating func readVarint() throws -> UInt64 {
+        var result: UInt64 = 0
+        var shift: UInt64 = 0
+
+        while self.index < self.bytes.count {
+            let byte = self.bytes[self.index]
+            self.index += 1
+
+            result |= UInt64(byte & 0x7F) << shift
+            if byte & 0x80 == 0 {
+                return result
+            }
+
+            shift += 7
+            if shift >= 64 {
+                throw WindsurfProtoError.truncated
+            }
+        }
+
+        throw WindsurfProtoError.truncated
+    }
+
+    mutating func readLengthDelimitedData() throws -> Data {
+        let length = try Int(self.readVarint())
+        guard length >= 0, self.index + length <= self.bytes.count else {
+            throw WindsurfProtoError.truncated
+        }
+
+        let chunk = Data(self.bytes[self.index..<(self.index + length)])
+        self.index += length
+        return chunk
+    }
+
+    mutating func readString() throws -> String {
+        let data = try self.readLengthDelimitedData()
+        guard let string = String(data: data, encoding: .utf8) else {
+            throw WindsurfProtoError.invalidUTF8
+        }
+        return string
+    }
+
+    mutating func skipFieldBody(wireType: ProtoWireType) throws {
+        switch wireType {
+        case .varint:
+            _ = try self.readVarint()
+        case .fixed64:
+            guard self.index + 8 <= self.bytes.count else { throw WindsurfProtoError.truncated }
+            self.index += 8
+        case .lengthDelimited:
+            _ = try self.readLengthDelimitedData()
+        case .fixed32:
+            guard self.index + 4 <= self.bytes.count else { throw WindsurfProtoError.truncated }
+            self.index += 4
+        case .startGroup, .endGroup:
+            throw WindsurfProtoError.unsupportedWireType(wireType)
+        }
+    }
+}
+
+#endif
diff --git a/Sources/CodexBarCore/Providers/Zai/ZaiAPIRegion.swift b/Sources/CodexBarCore/Providers/Zai/ZaiAPIRegion.swift
index 18d5a15e9..7a7943286 100644
--- a/Sources/CodexBarCore/Providers/Zai/ZaiAPIRegion.swift
+++ b/Sources/CodexBarCore/Providers/Zai/ZaiAPIRegion.swift
@@ -5,6 +5,7 @@ public enum ZaiAPIRegion: String, CaseIterable, Sendable {
     case bigmodelCN = "bigmodel-cn"
 
     private static let quotaPath = "api/monitor/usage/quota/limit"
+    private static let modelUsagePath = "api/monitor/usage/model-usage"
 
     public var displayName: String {
         switch self {
@@ -27,4 +28,8 @@ public enum ZaiAPIRegion: String, CaseIterable, Sendable {
     public var quotaLimitURL: URL {
         URL(string: self.baseURLString)!.appendingPathComponent(Self.quotaPath)
     }
+
+    public var modelUsageURL: URL {
+        URL(string: self.baseURLString)!.appendingPathComponent(Self.modelUsagePath)
+    }
 }
diff --git a/Sources/CodexBarCore/Providers/Zai/ZaiProviderDescriptor.swift b/Sources/CodexBarCore/Providers/Zai/ZaiProviderDescriptor.swift
index 430066a10..2c600a3d4 100644
--- a/Sources/CodexBarCore/Providers/Zai/ZaiProviderDescriptor.swift
+++ b/Sources/CodexBarCore/Providers/Zai/ZaiProviderDescriptor.swift
@@ -12,8 +12,8 @@ public enum ZaiProviderDescriptor {
                 displayName: "z.ai",
                 sessionLabel: "Tokens",
                 weeklyLabel: "MCP",
-                opusLabel: nil,
-                supportsOpus: false,
+                opusLabel: "5-hour",
+                supportsOpus: true,
                 supportsCredits: false,
                 creditsHint: "",
                 toggleTitle: "Show z.ai usage",
@@ -53,7 +53,7 @@ struct ZaiAPIFetchStrategy: ProviderFetchStrategy {
             throw ZaiSettingsError.missingToken
         }
         let region = context.settings?.zai?.apiRegion ?? .global
-        let usage = try await ZaiUsageFetcher.fetchUsage(
+        let usage = try await ZaiUsageFetcher.fetchUsageWithModelUsage(
             apiKey: apiKey,
             region: region,
             environment: context.env)
diff --git a/Sources/CodexBarCore/Providers/Zai/ZaiSettingsReader.swift b/Sources/CodexBarCore/Providers/Zai/ZaiSettingsReader.swift
index 4df2223e3..637913797 100644
--- a/Sources/CodexBarCore/Providers/Zai/ZaiSettingsReader.swift
+++ b/Sources/CodexBarCore/Providers/Zai/ZaiSettingsReader.swift
@@ -38,8 +38,7 @@ public struct ZaiSettingsReader: Sendable {
         if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
             (value.hasPrefix("'") && value.hasSuffix("'"))
         {
-            value.removeFirst()
-            value.removeLast()
+            value = String(value.dropFirst().dropLast())
         }
 
         value = value.trimmingCharacters(in: .whitespacesAndNewlines)
diff --git a/Sources/CodexBarCore/Providers/Zai/ZaiUsageStats.swift b/Sources/CodexBarCore/Providers/Zai/ZaiUsageStats.swift
index 1592a6181..eb45fc579 100644
--- a/Sources/CodexBarCore/Providers/Zai/ZaiUsageStats.swift
+++ b/Sources/CodexBarCore/Providers/Zai/ZaiUsageStats.swift
@@ -15,6 +15,7 @@ public enum ZaiLimitUnit: Int, Sendable {
     case days = 1
     case hours = 3
     case minutes = 5
+    case weeks = 6
 }
 
 /// A single limit entry from the z.ai API
@@ -69,6 +70,8 @@ extension ZaiLimitEntry {
             return self.number * 60
         case .days:
             return self.number * 24 * 60
+        case .weeks:
+            return self.number * 7 * 24 * 60
         case .unknown:
             return nil
         }
@@ -80,6 +83,7 @@ extension ZaiLimitEntry {
         case .minutes: "minute"
         case .hours: "hour"
         case .days: "day"
+        case .weeks: "week"
         case .unknown: nil
         }
         guard let unitLabel else { return nil }
@@ -92,6 +96,10 @@ extension ZaiLimitEntry {
         return "\(description) window"
     }
 
+    var isMCPMonthlyMarker: Bool {
+        self.type == .timeLimit && self.unit == .minutes && self.number == 1
+    }
+
     private var computedUsedPercent: Double? {
         guard let limit = self.usage, limit > 0 else { return nil }
 
@@ -129,14 +137,26 @@ public struct ZaiUsageDetail: Sendable, Codable {
 /// Complete z.ai usage response
 public struct ZaiUsageSnapshot: Sendable {
     public let tokenLimit: ZaiLimitEntry?
+    /// Shorter-window TOKENS_LIMIT (e.g. 5-hour), present only when the API returns two TOKENS_LIMIT entries.
+    public let sessionTokenLimit: ZaiLimitEntry?
     public let timeLimit: ZaiLimitEntry?
     public let planName: String?
+    public let modelUsage: ZaiModelUsageData?
     public let updatedAt: Date
 
-    public init(tokenLimit: ZaiLimitEntry?, timeLimit: ZaiLimitEntry?, planName: String?, updatedAt: Date) {
+    public init(
+        tokenLimit: ZaiLimitEntry?,
+        sessionTokenLimit: ZaiLimitEntry? = nil,
+        timeLimit: ZaiLimitEntry?,
+        planName: String?,
+        modelUsage: ZaiModelUsageData? = nil,
+        updatedAt: Date)
+    {
         self.tokenLimit = tokenLimit
+        self.sessionTokenLimit = sessionTokenLimit
         self.timeLimit = timeLimit
         self.planName = planName
+        self.modelUsage = modelUsage
         self.updatedAt = updatedAt
     }
 
@@ -150,13 +170,13 @@ extension ZaiUsageSnapshot {
     public func toUsageSnapshot() -> UsageSnapshot {
         let primaryLimit = self.tokenLimit ?? self.timeLimit
         let secondaryLimit = (self.tokenLimit != nil && self.timeLimit != nil) ? self.timeLimit : nil
-
         let primary = primaryLimit.map { Self.rateWindow(for: $0) } ?? RateWindow(
             usedPercent: 0,
             windowMinutes: nil,
             resetsAt: nil,
             resetDescription: nil)
         let secondary = secondaryLimit.map { Self.rateWindow(for: $0) }
+        let tertiary = self.sessionTokenLimit.map { Self.rateWindow(for: $0) }
 
         let planName = self.planName?.trimmingCharacters(in: .whitespacesAndNewlines)
         let loginMethod = (planName?.isEmpty ?? true) ? nil : planName
@@ -168,7 +188,7 @@ extension ZaiUsageSnapshot {
         return UsageSnapshot(
             primary: primary,
             secondary: secondary,
-            tertiary: nil,
+            tertiary: tertiary,
             providerCost: nil,
             zaiUsage: self,
             updatedAt: self.updatedAt,
@@ -184,6 +204,9 @@ extension ZaiUsageSnapshot {
     }
 
     private static func resetDescription(for limit: ZaiLimitEntry) -> String? {
+        if limit.isMCPMonthlyMarker {
+            return "Monthly"
+        }
         if let label = limit.windowLabel {
             return label
         }
@@ -303,16 +326,12 @@ public struct ZaiUsageFetcher: Sendable {
         request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "authorization")
         request.setValue("application/json", forHTTPHeaderField: "accept")
 
-        let (data, response) = try await URLSession.shared.data(for: request)
-
-        guard let httpResponse = response as? HTTPURLResponse else {
-            throw ZaiUsageError.networkError("Invalid response")
-        }
-
-        guard httpResponse.statusCode == 200 else {
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
             let errorMessage = String(data: data, encoding: .utf8) ?? "Unknown error"
-            Self.log.error("z.ai API returned \(httpResponse.statusCode): \(errorMessage)")
-            throw ZaiUsageError.apiError("HTTP \(httpResponse.statusCode): \(errorMessage)")
+            Self.log.error("z.ai API returned \(response.statusCode): \(errorMessage)")
+            throw ZaiUsageError.apiError("HTTP \(response.statusCode): \(errorMessage)")
         }
 
         // Some upstream issues (wrong endpoint/region/proxy) can yield HTTP 200 with an empty body.
@@ -364,24 +383,41 @@ public struct ZaiUsageFetcher: Sendable {
             throw ZaiUsageError.parseFailed("Missing data")
         }
 
-        var tokenLimit: ZaiLimitEntry?
+        var tokenLimits: [ZaiLimitEntry] = []
         var timeLimit: ZaiLimitEntry?
 
         for limit in responseData.limits {
             if let entry = limit.toLimitEntry() {
                 switch entry.type {
                 case .tokensLimit:
-                    tokenLimit = entry
+                    tokenLimits.append(entry)
                 case .timeLimit:
                     timeLimit = entry
                 }
             }
         }
 
+        // Multiple TOKENS_LIMIT entries: shortest window → sessionTokenLimit (tertiary),
+        // longest → tokenLimit (primary).
+        let tokenLimit: ZaiLimitEntry?
+        let sessionTokenLimit: ZaiLimitEntry?
+        if tokenLimits.count >= 2 {
+            let sorted = tokenLimits.sorted {
+                ($0.windowMinutes ?? Int.max) < ($1.windowMinutes ?? Int.max)
+            }
+            sessionTokenLimit = sorted.first
+            tokenLimit = sorted.last
+        } else {
+            tokenLimit = tokenLimits.first
+            sessionTokenLimit = nil
+        }
+
         return ZaiUsageSnapshot(
             tokenLimit: tokenLimit,
+            sessionTokenLimit: sessionTokenLimit,
             timeLimit: timeLimit,
             planName: responseData.planName,
+            modelUsage: nil,
             updatedAt: Date())
     }
 
@@ -402,6 +438,279 @@ public struct ZaiUsageFetcher: Sendable {
     }
 }
 
+// MARK: - Model Usage Data
+
+/// Per-model hourly token usage from the z.ai model-usage API
+public struct ZaiModelUsageData: Sendable {
+    public let xTime: [String]
+    public let modelDataList: [ZaiModelDataItem]
+
+    public init(xTime: [String], modelDataList: [ZaiModelDataItem]) {
+        self.xTime = xTime
+        self.modelDataList = modelDataList
+    }
+
+    public var modelNames: [String] {
+        self.modelDataList.compactMap(\.modelName)
+    }
+}
+
+public struct ZaiModelDataItem: Sendable {
+    public let modelName: String?
+    public let tokensUsage: [Int?]
+
+    public init(modelName: String?, tokensUsage: [Int?]) {
+        self.modelName = modelName
+        self.tokensUsage = tokensUsage
+    }
+}
+
+// MARK: - Hourly Chart Data
+
+public enum ZaiHourlyRange: Equatable, Sendable {
+    case today(referenceDate: Date)
+    case last24h
+
+    public var isToday: Bool {
+        if case .today = self { return true }
+        return false
+    }
+}
+
+public struct ZaiHourlyBar: Sendable {
+    public let label: String
+    public let segments: [(model: String, tokens: Int)]
+
+    public init(label: String, segments: [(model: String, tokens: Int)]) {
+        self.label = label
+        self.segments = segments
+    }
+
+    public var totalTokens: Int {
+        self.segments.reduce(0) { $0 + $1.tokens }
+    }
+}
+
+public enum ZaiHourlyBars: Sendable {
+    public static func from(modelData: ZaiModelUsageData, range: ZaiHourlyRange, now: Date = Date()) -> [ZaiHourlyBar] {
+        let calendar = Calendar.current
+        let referenceDate: Date = switch range {
+        case let .today(ref): ref
+        case .last24h: now
+        }
+
+        let todayStart = calendar.startOfDay(for: referenceDate)
+        let cutoff: Date = switch range {
+        case .today: todayStart
+        case .last24h: calendar.date(byAdding: .hour, value: -24, to: now) ?? now
+        }
+
+        var bars: [ZaiHourlyBar] = []
+        for (index, timeString) in modelData.xTime.enumerated() {
+            guard let hourDate = parseHourDate(timeString) else { continue }
+
+            if hourDate < cutoff { continue }
+
+            var segments: [(model: String, tokens: Int)] = []
+            for item in modelData.modelDataList {
+                guard index < item.tokensUsage.count,
+                      let tokenCount = item.tokensUsage[index], tokenCount > 0
+                else { continue }
+                segments.append((model: item.modelName ?? "Unknown", tokens: tokenCount))
+            }
+
+            let total = segments.reduce(0) { $0 + $1.tokens }
+            guard total > 0 else { continue }
+
+            let label = self.formatHourLabel(hourDate: hourDate)
+            bars.append(ZaiHourlyBar(label: label, segments: segments))
+        }
+
+        return bars
+    }
+
+    public static func parseHourDate(_ string: String) -> Date? {
+        let formatter = DateFormatter()
+        formatter.dateFormat = "yyyy-MM-dd HH:mm"
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        return formatter.date(from: string)
+    }
+
+    private static func formatHourLabel(hourDate: Date) -> String {
+        let formatter = DateFormatter()
+        formatter.dateFormat = "HH"
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        return formatter.string(from: hourDate)
+    }
+}
+
+// MARK: - Model Usage Fetcher Extension
+
+extension ZaiUsageFetcher {
+    /// Fetches hourly model usage data for the last 24 hours
+    public static func fetchModelUsage(
+        apiKey: String,
+        region: ZaiAPIRegion = .global,
+        environment: [String: String] = ProcessInfo.processInfo.environment) async throws -> ZaiModelUsageData
+    {
+        guard !apiKey.isEmpty else {
+            throw ZaiUsageError.invalidCredentials
+        }
+
+        let baseURL: URL = if let host = ZaiSettingsReader.apiHost(environment: environment),
+                              let resolved = Self.modelUsageURL(baseURLString: host)
+        {
+            resolved
+        } else {
+            region.modelUsageURL
+        }
+
+        let now = Date()
+        let calendar = Calendar.current
+        guard let startDate = calendar.date(byAdding: .day, value: -1, to: calendar.startOfDay(for: now)) else {
+            throw ZaiUsageError.parseFailed("Invalid date calculation")
+        }
+
+        let startComponents = calendar.dateComponents([.year, .month, .day, .hour], from: startDate)
+        let endComponents = calendar.dateComponents([.year, .month, .day, .hour], from: now)
+        let startTime = String(
+            format: "%04d-%02d-%02d %02d:00:00",
+            startComponents.year!,
+            startComponents.month!,
+            startComponents.day!,
+            startComponents.hour!)
+        let endTime = String(
+            format: "%04d-%02d-%02d %02d:59:59",
+            endComponents.year!,
+            endComponents.month!,
+            endComponents.day!,
+            endComponents.hour!)
+
+        guard var components = URLComponents(url: baseURL, resolvingAgainstBaseURL: false) else {
+            throw ZaiUsageError.networkError("Invalid URL")
+        }
+        components.queryItems = [
+            URLQueryItem(name: "startTime", value: startTime),
+            URLQueryItem(name: "endTime", value: endTime),
+        ]
+
+        guard let requestURL = components.url else {
+            throw ZaiUsageError.networkError("Invalid URL")
+        }
+
+        var request = URLRequest(url: requestURL)
+        request.httpMethod = "GET"
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Content-Type")
+
+        let response = try await ProviderHTTPClient.shared.response(for: request)
+        let data = response.data
+        guard response.statusCode == 200 else {
+            let errorMessage = String(data: data, encoding: .utf8) ?? "Unknown error"
+            Self.log.error("z.ai model-usage API returned \(response.statusCode): \(errorMessage)")
+            throw ZaiUsageError.apiError("HTTP \(response.statusCode): \(errorMessage)")
+        }
+
+        guard !data.isEmpty else { return ZaiModelUsageData(xTime: [], modelDataList: []) }
+
+        return try Self.parseModelUsage(from: data)
+    }
+
+    static func parseModelUsage(from data: Data) throws -> ZaiModelUsageData {
+        let decoder = JSONDecoder()
+        let apiResponse = try decoder.decode(ZaiModelUsageAPIResponse.self, from: data)
+
+        guard apiResponse.isSuccess else {
+            throw ZaiUsageError.apiError(apiResponse.msg)
+        }
+
+        guard let responseData = apiResponse.data else {
+            return ZaiModelUsageData(xTime: [], modelDataList: [])
+        }
+
+        let items = responseData.modelDataList?.map { raw in
+            ZaiModelDataItem(
+                modelName: raw.modelName,
+                tokensUsage: raw.tokensUsage ?? [])
+        } ?? []
+
+        return ZaiModelUsageData(
+            xTime: responseData.xTime ?? [],
+            modelDataList: items)
+    }
+
+    /// Fetches required quota data and attaches optional model usage when available.
+    public static func fetchUsageWithModelUsage(
+        apiKey: String,
+        region: ZaiAPIRegion = .global,
+        environment: [String: String] = ProcessInfo.processInfo.environment) async throws -> ZaiUsageSnapshot
+    {
+        let snapshot = try await Self.fetchUsage(apiKey: apiKey, region: region, environment: environment)
+        let modelUsage: ZaiModelUsageData?
+        do {
+            modelUsage = try await Self.fetchModelUsage(apiKey: apiKey, region: region, environment: environment)
+        } catch {
+            Self.log.info("z.ai model usage fetch failed (non-fatal): \(error.localizedDescription)")
+            modelUsage = nil
+        }
+
+        guard modelUsage != nil else { return snapshot }
+
+        return ZaiUsageSnapshot(
+            tokenLimit: snapshot.tokenLimit,
+            sessionTokenLimit: snapshot.sessionTokenLimit,
+            timeLimit: snapshot.timeLimit,
+            planName: snapshot.planName,
+            modelUsage: modelUsage,
+            updatedAt: snapshot.updatedAt)
+    }
+
+    private static func modelUsageURL(baseURLString: String) -> URL? {
+        guard let cleaned = ZaiSettingsReader.cleaned(baseURLString) else { return nil }
+        let path = "api/monitor/usage/model-usage"
+
+        if let url = URL(string: cleaned), url.scheme != nil {
+            if url.path.isEmpty || url.path == "/" {
+                return url.appendingPathComponent(path)
+            }
+            return url
+        }
+        guard let base = URL(string: "https://\(cleaned)") else { return nil }
+        if base.path.isEmpty || base.path == "/" {
+            return base.appendingPathComponent(path)
+        }
+        return base
+    }
+}
+
+// MARK: - Model Usage API Response (private)
+
+private struct ZaiModelUsageAPIResponse: Decodable {
+    let code: Int
+    let msg: String
+    let data: ZaiModelUsageRawData?
+    let success: Bool
+
+    var isSuccess: Bool {
+        self.success && self.code == 200
+    }
+}
+
+private struct ZaiModelUsageRawData: Decodable {
+    let xTime: [String]?
+    let modelDataList: [ZaiModelDataItemRaw]?
+
+    enum CodingKeys: String, CodingKey {
+        case xTime = "x_time"
+        case modelDataList
+    }
+}
+
+private struct ZaiModelDataItemRaw: Decodable {
+    let modelName: String?
+    let tokensUsage: [Int?]?
+}
+
 /// Errors that can occur during z.ai usage fetching
 public enum ZaiUsageError: LocalizedError, Sendable {
     case invalidCredentials
diff --git a/Sources/CodexBarCore/TokenAccountSupport.swift b/Sources/CodexBarCore/TokenAccountSupport.swift
index 378ad3939..37ec660a9 100644
--- a/Sources/CodexBarCore/TokenAccountSupport.swift
+++ b/Sources/CodexBarCore/TokenAccountSupport.swift
@@ -12,6 +12,7 @@ public struct TokenAccountSupport: Sendable {
     public let injection: TokenAccountInjection
     public let requiresManualCookieSource: Bool
     public let cookieName: String?
+    public let environmentKeysToScrub: [String]
 
     public init(
         title: String,
@@ -19,7 +20,8 @@ public struct TokenAccountSupport: Sendable {
         placeholder: String,
         injection: TokenAccountInjection,
         requiresManualCookieSource: Bool,
-        cookieName: String?)
+        cookieName: String?,
+        environmentKeysToScrub: [String] = [])
     {
         self.title = title
         self.subtitle = subtitle
@@ -27,6 +29,7 @@ public struct TokenAccountSupport: Sendable {
         self.injection = injection
         self.requiresManualCookieSource = requiresManualCookieSource
         self.cookieName = cookieName
+        self.environmentKeysToScrub = environmentKeysToScrub
     }
 }
 
@@ -42,15 +45,42 @@ public enum TokenAccountSupportCatalog {
             return [key: token]
         case .cookieHeader:
             if provider == .claude,
-               let normalized = self.normalizedClaudeOAuthToken(token),
-               self.isClaudeOAuthToken(normalized)
+               case let route = ClaudeCredentialRouting.resolve(tokenAccountToken: token, manualCookieHeader: nil)
             {
-                return [ClaudeOAuthCredentialsStore.environmentTokenKey: normalized]
+                switch route {
+                case let .oauth(accessToken):
+                    return [ClaudeOAuthCredentialsStore.environmentTokenKey: accessToken]
+                case let .adminAPIKey(apiKey):
+                    return [ClaudeAdminAPISettingsReader.adminAPIKeyEnvironmentKey: apiKey]
+                case .none, .webCookie:
+                    break
+                }
             }
             return nil
         }
     }
 
+    public static func scrubEnvironmentForSelectedAccount(
+        _ environment: inout [String: String],
+        provider: UsageProvider,
+        token _: String)
+    {
+        guard let support = self.support(for: provider) else { return }
+        switch support.injection {
+        case let .environment(key):
+            environment.removeValue(forKey: key)
+            for key in support.environmentKeysToScrub {
+                environment.removeValue(forKey: key)
+            }
+        case .cookieHeader:
+            guard provider == .claude else { return }
+            environment.removeValue(forKey: ClaudeOAuthCredentialsStore.environmentTokenKey)
+            for key in ClaudeAdminAPISettingsReader.apiKeyEnvironmentKeys {
+                environment.removeValue(forKey: key)
+            }
+        }
+    }
+
     public static func normalizedCookieHeader(for provider: UsageProvider, token: String) -> String {
         guard let support = self.support(for: provider) else {
             return token.trimmingCharacters(in: .whitespacesAndNewlines)
@@ -59,23 +89,7 @@ public enum TokenAccountSupportCatalog {
     }
 
     public static func isClaudeOAuthToken(_ token: String) -> Bool {
-        guard let trimmed = self.normalizedClaudeOAuthToken(token) else { return false }
-        let lower = trimmed.lowercased()
-        if lower.contains("cookie:") || trimmed.contains("=") {
-            return false
-        }
-        return lower.hasPrefix("sk-ant-oat")
-    }
-
-    private static func normalizedClaudeOAuthToken(_ token: String) -> String? {
-        let trimmed = token.trimmingCharacters(in: .whitespacesAndNewlines)
-        guard !trimmed.isEmpty else { return nil }
-        let lower = trimmed.lowercased()
-        if lower.hasPrefix("bearer ") {
-            return trimmed.dropFirst("bearer ".count)
-                .trimmingCharacters(in: .whitespacesAndNewlines)
-        }
-        return trimmed
+        ClaudeCredentialRouting.resolve(tokenAccountToken: token, manualCookieHeader: nil).isOAuth
     }
 
     public static func normalizedCookieHeader(_ token: String, support: TokenAccountSupport) -> String {
diff --git a/Sources/CodexBarCore/TokenAccountSupportCatalog+Data.swift b/Sources/CodexBarCore/TokenAccountSupportCatalog+Data.swift
index 2a1d0f1d4..12ec1cee5 100644
--- a/Sources/CodexBarCore/TokenAccountSupportCatalog+Data.swift
+++ b/Sources/CodexBarCore/TokenAccountSupportCatalog+Data.swift
@@ -2,13 +2,35 @@ import Foundation
 
 extension TokenAccountSupportCatalog {
     static let supportByProvider: [UsageProvider: TokenAccountSupport] = [
+        .openai: TokenAccountSupport(
+            title: "API keys",
+            subtitle: "Store multiple OpenAI API keys.",
+            placeholder: "sk-admin-...",
+            injection: .environment(key: OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey),
+            requiresManualCookieSource: false,
+            cookieName: nil,
+            environmentKeysToScrub: [OpenAIAPISettingsReader.projectIDEnvironmentKey]),
         .claude: TokenAccountSupport(
-            title: "Session tokens",
-            subtitle: "Store Claude sessionKey cookies or OAuth access tokens.",
-            placeholder: "Paste sessionKey or OAuth token…",
+            title: "Claude credentials",
+            subtitle: "Store Claude sessionKey cookies, OAuth tokens, or Anthropic Admin API keys.",
+            placeholder: "Paste sessionKey, OAuth token, or sk-ant-admin…",
             injection: .cookieHeader,
             requiresManualCookieSource: true,
             cookieName: "sessionKey"),
+        .deepseek: TokenAccountSupport(
+            title: "API tokens",
+            subtitle: "Store multiple DeepSeek API keys.",
+            placeholder: "Paste API key…",
+            injection: .environment(key: DeepSeekSettingsReader.apiKeyEnvironmentKey),
+            requiresManualCookieSource: false,
+            cookieName: nil),
+        .antigravity: TokenAccountSupport(
+            title: "Google accounts",
+            subtitle: "Store multiple Antigravity Google OAuth accounts for quick switching.",
+            placeholder: "Antigravity OAuth credentials JSON",
+            injection: .environment(key: AntigravityOAuthCredentialsStore.environmentCredentialsKey),
+            requiresManualCookieSource: false,
+            cookieName: nil),
         .zai: TokenAccountSupport(
             title: "API tokens",
             subtitle: "Stored in the CodexBar config file.",
@@ -30,13 +52,20 @@ extension TokenAccountSupportCatalog {
             injection: .cookieHeader,
             requiresManualCookieSource: true,
             cookieName: nil),
-        .factory: TokenAccountSupport(
+        .opencodego: TokenAccountSupport(
             title: "Session tokens",
-            subtitle: "Store multiple Factory Cookie headers.",
+            subtitle: "Store multiple OpenCode Go Cookie headers.",
             placeholder: "Cookie: …",
             injection: .cookieHeader,
             requiresManualCookieSource: true,
             cookieName: nil),
+        .factory: TokenAccountSupport(
+            title: "Session tokens",
+            subtitle: "Store multiple Factory Cookie or Authorization headers.",
+            placeholder: "Cookie: … or Authorization: Bearer …",
+            injection: .cookieHeader,
+            requiresManualCookieSource: true,
+            cookieName: nil),
         .minimax: TokenAccountSupport(
             title: "Session tokens",
             subtitle: "Store multiple MiniMax Cookie headers.",
@@ -44,6 +73,13 @@ extension TokenAccountSupportCatalog {
             injection: .cookieHeader,
             requiresManualCookieSource: true,
             cookieName: nil),
+        .manus: TokenAccountSupport(
+            title: "Session tokens",
+            subtitle: "Store multiple Manus session_id cookies.",
+            placeholder: "session_id=…",
+            injection: .cookieHeader,
+            requiresManualCookieSource: true,
+            cookieName: "session_id"),
         .augment: TokenAccountSupport(
             title: "Session tokens",
             subtitle: "Store multiple Augment Cookie headers.",
@@ -58,5 +94,61 @@ extension TokenAccountSupportCatalog {
             injection: .cookieHeader,
             requiresManualCookieSource: true,
             cookieName: nil),
+        .abacus: TokenAccountSupport(
+            title: "Session tokens",
+            subtitle: "Store multiple Abacus AI Cookie headers.",
+            placeholder: "Cookie: …",
+            injection: .cookieHeader,
+            requiresManualCookieSource: true,
+            cookieName: nil),
+        .mistral: TokenAccountSupport(
+            title: "Session tokens",
+            subtitle: "Store multiple Mistral Cookie headers.",
+            placeholder: "Cookie: …",
+            injection: .cookieHeader,
+            requiresManualCookieSource: true,
+            cookieName: nil),
+        .copilot: TokenAccountSupport(
+            title: "GitHub accounts",
+            subtitle: "Sign in with multiple GitHub accounts via OAuth.",
+            placeholder: "Paste GitHub token…",
+            injection: .environment(key: "COPILOT_API_TOKEN"),
+            requiresManualCookieSource: false,
+            cookieName: nil),
+        .venice: TokenAccountSupport(
+            title: "API tokens",
+            subtitle: "Store multiple Venice API keys.",
+            placeholder: "Paste API key…",
+            injection: .environment(key: VeniceSettingsReader.apiKeyEnvironmentKey),
+            requiresManualCookieSource: false,
+            cookieName: nil),
+        .elevenlabs: TokenAccountSupport(
+            title: "API keys",
+            subtitle: "Store multiple ElevenLabs API keys.",
+            placeholder: "Paste API key…",
+            injection: .environment(key: ElevenLabsSettingsReader.apiKeyEnvironmentKey),
+            requiresManualCookieSource: false,
+            cookieName: nil),
+        .groq: TokenAccountSupport(
+            title: "API keys",
+            subtitle: "Store multiple Groq API keys.",
+            placeholder: "Paste Groq API key…",
+            injection: .environment(key: GroqSettingsReader.apiKeyEnvironmentKey),
+            requiresManualCookieSource: false,
+            cookieName: nil),
+        .llmproxy: TokenAccountSupport(
+            title: "API keys",
+            subtitle: "Store multiple LLM Proxy API keys.",
+            placeholder: "Paste proxy API key…",
+            injection: .environment(key: LLMProxySettingsReader.apiKeyEnvironmentKey),
+            requiresManualCookieSource: false,
+            cookieName: nil),
+        .stepfun: TokenAccountSupport(
+            title: "Session tokens",
+            subtitle: "Store multiple StepFun Oasis-Token values.",
+            placeholder: "Oasis-Token=…",
+            injection: .cookieHeader,
+            requiresManualCookieSource: true,
+            cookieName: nil),
     ]
 }
diff --git a/Sources/CodexBarCore/TokenAccounts.swift b/Sources/CodexBarCore/TokenAccounts.swift
index 519386aec..73110d28d 100644
--- a/Sources/CodexBarCore/TokenAccounts.swift
+++ b/Sources/CodexBarCore/TokenAccounts.swift
@@ -6,18 +6,53 @@ public struct ProviderTokenAccount: Codable, Identifiable, Sendable {
     public let token: String
     public let addedAt: TimeInterval
     public let lastUsed: TimeInterval?
+    /// Stable provider-specific identity (e.g. GitHub `login`) used for
+    /// re-auth deduplication. Optional so legacy accounts keep working.
+    public let externalIdentifier: String?
+    /// Optional provider-specific organization/workspace target. Claude web
+    /// sessionKey accounts use this to disambiguate linked Anthropic emails.
+    public let organizationID: String?
 
-    public init(id: UUID, label: String, token: String, addedAt: TimeInterval, lastUsed: TimeInterval?) {
+    enum CodingKeys: String, CodingKey {
+        case id
+        case label
+        case token
+        case addedAt
+        case lastUsed
+        case externalIdentifier
+        case organizationID = "organizationId"
+    }
+
+    public init(
+        id: UUID,
+        label: String,
+        token: String,
+        addedAt: TimeInterval,
+        lastUsed: TimeInterval?,
+        externalIdentifier: String? = nil,
+        organizationID: String? = nil)
+    {
         self.id = id
         self.label = label
         self.token = token
         self.addedAt = addedAt
         self.lastUsed = lastUsed
+        self.externalIdentifier = externalIdentifier
+        self.organizationID = organizationID
     }
 
     public var displayName: String {
         self.label
     }
+
+    public var sanitizedOrganizationID: String? {
+        Self.clean(self.organizationID)
+    }
+
+    private static func clean(_ raw: String?) -> String? {
+        let trimmed = raw?.trimmingCharacters(in: .whitespacesAndNewlines)
+        return (trimmed?.isEmpty ?? true) ? nil : trimmed
+    }
 }
 
 public struct ProviderTokenAccountData: Codable, Sendable {
diff --git a/Sources/CodexBarCore/UsageFetcher.swift b/Sources/CodexBarCore/UsageFetcher.swift
index f2370e9ca..471f1147f 100644
--- a/Sources/CodexBarCore/UsageFetcher.swift
+++ b/Sources/CodexBarCore/UsageFetcher.swift
@@ -6,17 +6,49 @@ public struct RateWindow: Codable, Equatable, Sendable {
     public let resetsAt: Date?
     /// Optional textual reset description (used by Claude CLI UI scrape).
     public let resetDescription: String?
+    /// Optional percent restored on the next regeneration tick for providers with rolling recovery.
+    public let nextRegenPercent: Double?
 
-    public init(usedPercent: Double, windowMinutes: Int?, resetsAt: Date?, resetDescription: String?) {
+    public init(
+        usedPercent: Double,
+        windowMinutes: Int?,
+        resetsAt: Date?,
+        resetDescription: String?,
+        nextRegenPercent: Double? = nil)
+    {
         self.usedPercent = usedPercent
         self.windowMinutes = windowMinutes
         self.resetsAt = resetsAt
         self.resetDescription = resetDescription
+        self.nextRegenPercent = nextRegenPercent
     }
 
     public var remainingPercent: Double {
         max(0, 100 - self.usedPercent)
     }
+
+    public func backfillingResetTime(from cached: RateWindow?, now: Date = .init()) -> RateWindow {
+        if self.resetsAt != nil { return self }
+        guard let cachedReset = cached?.resetsAt, cachedReset > now else { return self }
+        return RateWindow(
+            usedPercent: self.usedPercent,
+            windowMinutes: self.windowMinutes ?? cached?.windowMinutes,
+            resetsAt: cachedReset,
+            resetDescription: self.resetDescription ?? cached?.resetDescription,
+            nextRegenPercent: self.nextRegenPercent)
+    }
+}
+
+public struct NamedRateWindow: Codable, Equatable, Sendable {
+    public let id: String
+    public let title: String
+    public let window: RateWindow
+
+    public init(id: String, title: String, window: RateWindow) {
+        self.id = id
+        self.title = title
+        self.window = window
+    }
 }
 
 public struct ProviderIdentitySnapshot: Codable, Sendable {
@@ -51,10 +83,17 @@ public struct UsageSnapshot: Codable, Sendable {
     public let primary: RateWindow?
     public let secondary: RateWindow?
     public let tertiary: RateWindow?
+    public let extraRateWindows: [NamedRateWindow]?
     public let providerCost: ProviderCostSnapshot?
+    public let kiroUsage: KiroUsageDetails?
     public let zaiUsage: ZaiUsageSnapshot?
     public let minimaxUsage: MiniMaxUsageSnapshot?
+    public let deepseekUsage: DeepSeekUsageSummary?
     public let openRouterUsage: OpenRouterUsageSnapshot?
+    public let openAIAPIUsage: OpenAIAPIUsageSnapshot?
+    public let claudeAdminAPIUsage: ClaudeAdminAPIUsageSnapshot?
+    public let mistralUsage: MistralUsageSnapshot?
+    public let deepgramUsage: DeepgramUsageSnapshot?
     public let cursorRequests: CursorRequestUsage?
     public let updatedAt: Date
     public let identity: ProviderIdentitySnapshot?
@@ -63,8 +102,14 @@ public struct UsageSnapshot: Codable, Sendable {
         case primary
         case secondary
         case tertiary
+        case extraRateWindows
         case providerCost
+        case kiroUsage
         case openRouterUsage
+        case openAIAPIUsage
+        case claudeAdminAPIUsage
+        case mistralUsage
+        case deepgramUsage
         case updatedAt
         case identity
         case accountEmail
@@ -76,10 +121,17 @@ public struct UsageSnapshot: Codable, Sendable {
         primary: RateWindow?,
         secondary: RateWindow?,
         tertiary: RateWindow? = nil,
+        extraRateWindows: [NamedRateWindow]? = nil,
+        kiroUsage: KiroUsageDetails? = nil,
         providerCost: ProviderCostSnapshot? = nil,
         zaiUsage: ZaiUsageSnapshot? = nil,
         minimaxUsage: MiniMaxUsageSnapshot? = nil,
+        deepseekUsage: DeepSeekUsageSummary? = nil,
         openRouterUsage: OpenRouterUsageSnapshot? = nil,
+        openAIAPIUsage: OpenAIAPIUsageSnapshot? = nil,
+        claudeAdminAPIUsage: ClaudeAdminAPIUsageSnapshot? = nil,
+        mistralUsage: MistralUsageSnapshot? = nil,
+        deepgramUsage: DeepgramUsageSnapshot? = nil,
         cursorRequests: CursorRequestUsage? = nil,
         updatedAt: Date,
         identity: ProviderIdentitySnapshot? = nil)
@@ -87,10 +139,17 @@ public struct UsageSnapshot: Codable, Sendable {
         self.primary = primary
         self.secondary = secondary
         self.tertiary = tertiary
+        self.extraRateWindows = extraRateWindows
+        self.kiroUsage = kiroUsage
         self.providerCost = providerCost
         self.zaiUsage = zaiUsage
         self.minimaxUsage = minimaxUsage
+        self.deepseekUsage = deepseekUsage
         self.openRouterUsage = openRouterUsage
+        self.openAIAPIUsage = openAIAPIUsage
+        self.claudeAdminAPIUsage = claudeAdminAPIUsage
+        self.mistralUsage = mistralUsage
+        self.deepgramUsage = deepgramUsage
         self.cursorRequests = cursorRequests
         self.updatedAt = updatedAt
         self.identity = identity
@@ -101,10 +160,19 @@ public struct UsageSnapshot: Codable, Sendable {
         self.primary = try container.decodeIfPresent(RateWindow.self, forKey: .primary)
         self.secondary = try container.decodeIfPresent(RateWindow.self, forKey: .secondary)
         self.tertiary = try container.decodeIfPresent(RateWindow.self, forKey: .tertiary)
+        self.extraRateWindows = try container.decodeIfPresent([NamedRateWindow].self, forKey: .extraRateWindows)
         self.providerCost = try container.decodeIfPresent(ProviderCostSnapshot.self, forKey: .providerCost)
+        self.kiroUsage = try container.decodeIfPresent(KiroUsageDetails.self, forKey: .kiroUsage)
         self.zaiUsage = nil // Not persisted, fetched fresh each time
         self.minimaxUsage = nil // Not persisted, fetched fresh each time
+        self.deepseekUsage = nil // Not persisted, fetched fresh each time
         self.openRouterUsage = try container.decodeIfPresent(OpenRouterUsageSnapshot.self, forKey: .openRouterUsage)
+        self.openAIAPIUsage = try container.decodeIfPresent(OpenAIAPIUsageSnapshot.self, forKey: .openAIAPIUsage)
+        self.claudeAdminAPIUsage = try container.decodeIfPresent(
+            ClaudeAdminAPIUsageSnapshot.self,
+            forKey: .claudeAdminAPIUsage)
+        self.mistralUsage = try container.decodeIfPresent(MistralUsageSnapshot.self, forKey: .mistralUsage)
+        self.deepgramUsage = try container.decodeIfPresent(DeepgramUsageSnapshot.self, forKey: .deepgramUsage)
         self.cursorRequests = nil // Not persisted, fetched fresh each time
         self.updatedAt = try container.decode(Date.self, forKey: .updatedAt)
         if let identity = try container.decodeIfPresent(ProviderIdentitySnapshot.self, forKey: .identity) {
@@ -131,8 +199,14 @@ public struct UsageSnapshot: Codable, Sendable {
         try container.encode(self.primary, forKey: .primary)
         try container.encode(self.secondary, forKey: .secondary)
         try container.encode(self.tertiary, forKey: .tertiary)
+        try container.encodeIfPresent(self.extraRateWindows, forKey: .extraRateWindows)
         try container.encodeIfPresent(self.providerCost, forKey: .providerCost)
+        try container.encodeIfPresent(self.kiroUsage, forKey: .kiroUsage)
         try container.encodeIfPresent(self.openRouterUsage, forKey: .openRouterUsage)
+        try container.encodeIfPresent(self.openAIAPIUsage, forKey: .openAIAPIUsage)
+        try container.encodeIfPresent(self.claudeAdminAPIUsage, forKey: .claudeAdminAPIUsage)
+        try container.encodeIfPresent(self.mistralUsage, forKey: .mistralUsage)
+        try container.encodeIfPresent(self.deepgramUsage, forKey: .deepgramUsage)
         try container.encode(self.updatedAt, forKey: .updatedAt)
         try container.encodeIfPresent(self.identity, forKey: .identity)
         try container.encodeIfPresent(self.identity?.accountEmail, forKey: .accountEmail)
@@ -145,20 +219,51 @@ public struct UsageSnapshot: Codable, Sendable {
         return identity
     }
 
+    public func automaticPerplexityWindow() -> RateWindow? {
+        let fallbackWindows = self.orderedPerplexityFallbackWindows()
+        guard let primary = self.primary else {
+            return fallbackWindows.first
+        }
+        if primary.remainingPercent > 0 || fallbackWindows.isEmpty {
+            return primary
+        }
+        return fallbackWindows.first
+    }
+
+    public func orderedPerplexityDisplayWindows() -> [RateWindow] {
+        let fallbackWindows = self.orderedPerplexityFallbackWindows()
+        guard let primary = self.primary else {
+            return fallbackWindows
+        }
+        if primary.remainingPercent > 0 || fallbackWindows.isEmpty {
+            return [primary] + fallbackWindows
+        }
+        return fallbackWindows + [primary]
+    }
+
     public func switcherWeeklyWindow(for provider: UsageProvider, showUsed: Bool) -> RateWindow? {
         switch provider {
         case .factory:
             // Factory prefers secondary window
             return self.secondary ?? self.primary
+        case .perplexity:
+            return self.automaticPerplexityWindow()
         case .cursor:
-            // Cursor: fall back to On-Demand when Plan is exhausted (only in "show remaining" mode).
-            // In "show used" mode, keep showing primary so 100% used Plan is visible.
+            // Cursor: fall back to on-demand budget when the included plan is exhausted (only in
+            // "show remaining" mode). The secondary/tertiary lanes are Total/Auto/API breakdowns,
+            // not extra capacity, so they should not replace the remaining paid quota indicator.
             if !showUsed,
                let primary = self.primary,
                primary.remainingPercent <= 0,
-               let secondary = self.secondary
+               let providerCost = self.providerCost,
+               providerCost.limit > 0
             {
-                return secondary
+                let usedPercent = max(0, min(100, (providerCost.used / providerCost.limit) * 100))
+                return RateWindow(
+                    usedPercent: usedPercent,
+                    windowMinutes: nil,
+                    resetsAt: providerCost.resetsAt,
+                    resetDescription: nil)
             }
             return self.primary ?? self.secondary
         default:
@@ -178,16 +283,32 @@ public struct UsageSnapshot: Codable, Sendable {
         self.identity(for: provider)?.loginMethod
     }
 
+    public var hasRateLimitWindows: Bool {
+        self.primary != nil || self.secondary != nil || self.tertiary != nil ||
+            !(self.extraRateWindows?.isEmpty ?? true)
+    }
+
+    public func rateLimitsUnavailable(for provider: UsageProvider) -> Bool {
+        UsageLimitsAvailability.resolve(provider: provider, snapshot: self).isUnavailable
+    }
+
     /// Keep this initializer-style copy in sync with UsageSnapshot fields so relabeling/scoping never drops data.
     public func withIdentity(_ identity: ProviderIdentitySnapshot?) -> UsageSnapshot {
         UsageSnapshot(
             primary: self.primary,
             secondary: self.secondary,
             tertiary: self.tertiary,
+            extraRateWindows: self.extraRateWindows,
+            kiroUsage: self.kiroUsage,
             providerCost: self.providerCost,
             zaiUsage: self.zaiUsage,
             minimaxUsage: self.minimaxUsage,
+            deepseekUsage: self.deepseekUsage,
             openRouterUsage: self.openRouterUsage,
+            openAIAPIUsage: self.openAIAPIUsage,
+            claudeAdminAPIUsage: self.claudeAdminAPIUsage,
+            mistralUsage: self.mistralUsage,
+            deepgramUsage: self.deepgramUsage,
             cursorRequests: self.cursorRequests,
             updatedAt: self.updatedAt,
             identity: identity)
@@ -199,18 +320,79 @@ public struct UsageSnapshot: Codable, Sendable {
         if scopedIdentity.providerID == identity.providerID { return self }
         return self.withIdentity(scopedIdentity)
     }
+
+    public func backfillingResetTimes(from cached: UsageSnapshot?, now: Date = .init()) -> UsageSnapshot {
+        guard let cached else { return self }
+        guard Self.identitiesMatch(self.identity, cached.identity) else { return self }
+        let primary = self.primary?.backfillingResetTime(from: cached.primary, now: now)
+        let secondary = self.secondary?.backfillingResetTime(from: cached.secondary, now: now)
+        let tertiary = self.tertiary?.backfillingResetTime(from: cached.tertiary, now: now)
+        if primary == self.primary, secondary == self.secondary, tertiary == self.tertiary {
+            return self
+        }
+        return UsageSnapshot(
+            primary: primary,
+            secondary: secondary,
+            tertiary: tertiary,
+            extraRateWindows: self.extraRateWindows,
+            providerCost: self.providerCost,
+            zaiUsage: self.zaiUsage,
+            minimaxUsage: self.minimaxUsage,
+            deepseekUsage: self.deepseekUsage,
+            openRouterUsage: self.openRouterUsage,
+            openAIAPIUsage: self.openAIAPIUsage,
+            claudeAdminAPIUsage: self.claudeAdminAPIUsage,
+            mistralUsage: self.mistralUsage,
+            deepgramUsage: self.deepgramUsage,
+            cursorRequests: self.cursorRequests,
+            updatedAt: self.updatedAt,
+            identity: self.identity)
+    }
+
+    private func orderedPerplexityFallbackWindows() -> [RateWindow] {
+        let fallbackWindows = [self.tertiary, self.secondary].compactMap(\.self)
+        let usableFallback = fallbackWindows.filter { $0.remainingPercent > 0 }
+        let exhaustedFallback = fallbackWindows.filter { $0.remainingPercent <= 0 }
+        return usableFallback + exhaustedFallback
+    }
+
+    private static func identitiesMatch(_ lhs: ProviderIdentitySnapshot?, _ rhs: ProviderIdentitySnapshot?) -> Bool {
+        if lhs == nil, rhs == nil { return true }
+        guard let lhs, let rhs else { return false }
+        let lhsEmail = lhs.accountEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let rhsEmail = rhs.accountEmail?.trimmingCharacters(in: .whitespacesAndNewlines)
+        if let lhsEmail, let rhsEmail, !lhsEmail.isEmpty, !rhsEmail.isEmpty {
+            return lhsEmail == rhsEmail
+        }
+        return true
+    }
 }
 
 public struct AccountInfo: Equatable, Sendable {
     public let email: String?
     public let plan: String?
 
+    public var hasIdentity: Bool {
+        self.email?.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty == false ||
+            self.plan?.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty == false
+    }
+
     public init(email: String?, plan: String?) {
         self.email = email
         self.plan = plan
     }
 }
 
+public struct CodexCLIAccountSnapshot: Sendable {
+    public let usage: UsageSnapshot?
+    public let credits: CreditsSnapshot?
+
+    public init(usage: UsageSnapshot?, credits: CreditsSnapshot?) {
+        self.usage = usage
+        self.credits = credits
+    }
+}
+
 public enum UsageError: LocalizedError, Sendable {
     case noSessions
     case noRateLimitsFound
@@ -226,6 +408,40 @@ public enum UsageError: LocalizedError, Sendable {
             "Could not parse Codex session log."
         }
     }
+
+    public static func isNoRateLimitsFoundDescription(_ text: String?) -> Bool {
+        text?.trimmingCharacters(in: .whitespacesAndNewlines) == UsageError.noRateLimitsFound.errorDescription
+    }
+}
+
+public enum UsageLimitsAvailability: Equatable, Sendable {
+    case available
+    case unavailable
+
+    public var isUnavailable: Bool {
+        self == .unavailable
+    }
+
+    public static func resolve(
+        provider: UsageProvider,
+        snapshot: UsageSnapshot?,
+        account: AccountInfo? = nil,
+        lastErrorDescription: String? = nil) -> Self
+    {
+        guard provider == .codex else { return .available }
+
+        if let snapshot {
+            guard snapshot.identity(for: provider) != nil else { return .available }
+            return snapshot.hasRateLimitWindows ? .available : .unavailable
+        }
+
+        guard UsageError.isNoRateLimitsFoundDescription(lastErrorDescription),
+              account?.hasIdentity == true
+        else {
+            return .available
+        }
+        return .unavailable
+    }
 }
 
 // MARK: - Codex RPC client (local process)
@@ -272,6 +488,7 @@ private struct RPCRateLimitSnapshot: Decodable, Encodable {
     let primary: RPCRateLimitWindow?
     let secondary: RPCRateLimitWindow?
     let credits: RPCCreditsSnapshot?
+    let planType: String?
 }
 
 private struct RPCRateLimitWindow: Decodable, Encodable {
@@ -286,10 +503,25 @@ private struct RPCCreditsSnapshot: Decodable, Encodable {
     let balance: String?
 }
 
-private enum RPCWireError: Error, LocalizedError {
+private struct RPCRateLimitsErrorBody: Decodable {
+    let email: String?
+    let planType: String?
+    let rateLimit: CodexUsageResponse.RateLimitDetails?
+    let credits: CodexUsageResponse.CreditDetails?
+
+    enum CodingKeys: String, CodingKey {
+        case email
+        case planType = "plan_type"
+        case rateLimit = "rate_limit"
+        case credits
+    }
+}
+
+enum RPCWireError: Error, LocalizedError {
     case startFailed(String)
     case requestFailed(String)
     case malformed(String)
+    case timeout(method: String)
 
     var errorDescription: String? {
         switch self {
@@ -299,10 +531,19 @@ private enum RPCWireError: Error, LocalizedError {
             "Codex connection failed: \(message)"
         case let .malformed(message):
             "Codex returned invalid data: \(message)"
+        case let .timeout(method):
+            "Codex RPC timed out waiting for `\(method)` reply."
         }
     }
 }
 
+typealias CodexExecutableResolver = @Sendable (_ environment: [String: String], _ executable: String) -> String?
+
+let defaultCodexExecutableResolver: CodexExecutableResolver = { environment, executable in
+    BinaryLocator.resolveCodexBinary(env: environment)
+        ?? TTYCommandRunner.which(executable)
+}
+
 /// RPC helper used on background tasks; safe because we confine it to the owning task.
 private final class CodexRPCClient: @unchecked Sendable {
     private static let log = CodexBarLog.logger(LogCategories.codexRPC)
@@ -313,6 +554,8 @@ private final class CodexRPCClient: @unchecked Sendable {
     private let stdoutLineStream: AsyncStream<Data>
     private let stdoutLineContinuation: AsyncStream<Data>.Continuation
     private var nextID = 1
+    private let initializeTimeoutSeconds: TimeInterval
+    private let requestTimeoutSeconds: TimeInterval
 
     private final class LineBuffer: @unchecked Sendable {
         private let lock = NSLock()
@@ -343,23 +586,27 @@ private final class CodexRPCClient: @unchecked Sendable {
 
     init(
         executable: String = "codex",
-        arguments: [String] = ["-s", "read-only", "-a", "untrusted", "app-server"]) throws
+        arguments: [String] = ["-s", "read-only", "-a", "untrusted", "app-server"],
+        environment: [String: String] = ProcessInfo.processInfo.environment,
+        initializeTimeoutSeconds: TimeInterval = 8.0,
+        requestTimeoutSeconds: TimeInterval = 3.0,
+        resolveExecutable: CodexExecutableResolver = defaultCodexExecutableResolver) throws
     {
+        self.initializeTimeoutSeconds = initializeTimeoutSeconds
+        self.requestTimeoutSeconds = requestTimeoutSeconds
         var stdoutContinuation: AsyncStream<Data>.Continuation!
         self.stdoutLineStream = AsyncStream<Data> { continuation in
             stdoutContinuation = continuation
         }
         self.stdoutLineContinuation = stdoutContinuation
 
-        let resolvedExec = BinaryLocator.resolveCodexBinary()
-            ?? TTYCommandRunner.which(executable)
+        let resolvedExec = resolveExecutable(environment, executable)
 
         guard let resolvedExec else {
             Self.log.warning("Codex RPC binary not found", metadata: ["binary": executable])
-            throw RPCWireError.startFailed(
-                "Codex CLI not found. Install with `npm i -g @openai/codex` (or bun) then relaunch CodexBar.")
+            throw CodexStatusProbeError.codexNotInstalled
         }
-        var env = ProcessInfo.processInfo.environment
+        var env = environment
         env["PATH"] = PathBuilder.effectivePATH(
             purposes: [.rpc, .nodeTooling],
             env: env)
@@ -371,12 +618,19 @@ private final class CodexRPCClient: @unchecked Sendable {
         self.process.standardOutput = self.stdoutPipe
         self.process.standardError = self.stderrPipe
 
+        if let message = CodexCLILaunchGate.shared.backgroundSkipMessage(binary: resolvedExec) {
+            Self.log.warning("Codex RPC launch skipped after recent launch failure", metadata: ["binary": resolvedExec])
+            throw RPCWireError.startFailed(message)
+        }
+
         do {
             try self.process.run()
             Self.log.debug("Codex RPC started", metadata: ["binary": resolvedExec])
         } catch {
-            Self.log.warning("Codex RPC failed to start", metadata: ["error": error.localizedDescription])
-            throw RPCWireError.startFailed(error.localizedDescription)
+            let message = error.localizedDescription
+            let throttled = CodexCLILaunchGate.shared.recordLaunchFailure(binary: resolvedExec, message: message)
+            Self.log.warning("Codex RPC failed to start", metadata: ["error": message])
+            throw RPCWireError.startFailed(throttled ?? message)
         }
 
         let stdoutHandle = self.stdoutPipe.fileHandleForReading
@@ -416,7 +670,8 @@ private final class CodexRPCClient: @unchecked Sendable {
     func initialize(clientName: String, clientVersion: String) async throws {
         _ = try await self.request(
             method: "initialize",
-            params: ["clientInfo": ["name": clientName, "version": clientVersion]])
+            params: ["clientInfo": ["name": clientName, "version": clientVersion]],
+            timeout: self.initializeTimeoutSeconds)
         try self.sendNotification(method: "initialized")
     }
 
@@ -439,26 +694,72 @@ private final class CodexRPCClient: @unchecked Sendable {
 
     // MARK: - JSON-RPC helpers
 
-    private func request(method: String, params: [String: Any]? = nil) async throws -> [String: Any] {
+    private struct SendableJSONMessage: @unchecked Sendable {
+        let value: [String: Any]
+    }
+
+    private func request(
+        method: String,
+        params: [String: Any]? = nil,
+        timeout: TimeInterval? = nil) async throws -> [String: Any]
+    {
         let id = self.nextID
         self.nextID += 1
         try self.sendRequest(id: id, method: method, params: params)
 
-        while true {
-            let message = try await self.readNextMessage()
+        let resolvedTimeout = timeout ?? self.requestTimeoutSeconds
+        let wrapped = try await self.withTimeout(seconds: resolvedTimeout, method: method) {
+            while true {
+                let message = try await self.readNextMessage()
 
-            if message["id"] == nil, let methodName = message["method"] as? String {
-                Self.debugWriteStderr("[codex notify] \(methodName)\n")
-                continue
-            }
+                if message["id"] == nil, let methodName = message["method"] as? String {
+                    Self.debugWriteStderr("[codex notify] \(methodName)\n")
+                    continue
+                }
 
-            guard let messageID = self.jsonID(message["id"]), messageID == id else { continue }
+                guard let messageID = self.jsonID(message["id"]), messageID == id else { continue }
+
+                if let error = message["error"] as? [String: Any], let messageText = error["message"] as? String {
+                    throw RPCWireError.requestFailed(messageText)
+                }
+
+                return SendableJSONMessage(value: message)
+            }
+        }
+        return wrapped.value
+    }
 
-            if let error = message["error"] as? [String: Any], let messageText = error["message"] as? String {
-                throw RPCWireError.requestFailed(messageText)
+    private func withTimeout<T: Sendable>(
+        seconds: TimeInterval,
+        method: String,
+        body: @escaping @Sendable () async throws -> T) async throws -> T
+    {
+        try await withThrowingTaskGroup(of: T.self) { group in
+            group.addTask {
+                try await body()
+            }
+            group.addTask { [weak self] in
+                try await Task.sleep(for: .seconds(seconds))
+                self?.terminateProcessForTimeout(method: method)
+                throw RPCWireError.timeout(method: method)
             }
+            do {
+                guard let result = try await group.next() else {
+                    throw RPCWireError.timeout(method: method)
+                }
+                group.cancelAll()
+                return result
+            } catch {
+                group.cancelAll()
+                throw error
+            }
+        }
+    }
 
-            return message
+    private func terminateProcessForTimeout(method: String) {
+        if self.process.isRunning {
+            Self.log.warning("Codex RPC timed out on `\(method)`; terminating process")
+            self.process.terminate()
         }
     }
 
@@ -514,118 +815,104 @@ private final class CodexRPCClient: @unchecked Sendable {
 
 public struct UsageFetcher: Sendable {
     private let environment: [String: String]
+    private let initializeTimeoutSeconds: TimeInterval
+    private let requestTimeoutSeconds: TimeInterval
+    private let codexExecutableResolver: CodexExecutableResolver
 
     public init(environment: [String: String] = ProcessInfo.processInfo.environment) {
         self.environment = environment
+        self.initializeTimeoutSeconds = 8.0
+        self.requestTimeoutSeconds = 3.0
+        self.codexExecutableResolver = defaultCodexExecutableResolver
         LoginShellPathCache.shared.captureOnce()
     }
 
-    public func loadLatestUsage(keepCLISessionsAlive: Bool = false) async throws -> UsageSnapshot {
-        try await self.withFallback(
-            primary: self.loadRPCUsage,
-            secondary: { try await self.loadTTYUsage(keepCLISessionsAlive: keepCLISessionsAlive) })
+    init(
+        environment: [String: String],
+        initializeTimeoutSeconds: TimeInterval,
+        requestTimeoutSeconds: TimeInterval,
+        codexExecutableResolver: @escaping CodexExecutableResolver = defaultCodexExecutableResolver)
+    {
+        self.environment = environment
+        self.initializeTimeoutSeconds = initializeTimeoutSeconds
+        self.requestTimeoutSeconds = requestTimeoutSeconds
+        self.codexExecutableResolver = codexExecutableResolver
+        LoginShellPathCache.shared.captureOnce()
     }
 
-    private func loadRPCUsage() async throws -> UsageSnapshot {
-        let rpc = try CodexRPCClient()
-        defer { rpc.shutdown() }
-
-        try await rpc.initialize(clientName: "codexbar", clientVersion: "0.5.4")
-        // The app-server answers on a single stdout stream, so keep requests
-        // serialized to avoid starving one reader when multiple awaiters race
-        // for the same pipe.
-        let limits = try await rpc.fetchRateLimits().rateLimits
-        let account = try? await rpc.fetchAccount()
-
-        guard let primary = Self.makeWindow(from: limits.primary),
-              let secondary = Self.makeWindow(from: limits.secondary)
-        else {
+    public func loadLatestUsage(keepCLISessionsAlive: Bool = false) async throws -> UsageSnapshot {
+        _ = keepCLISessionsAlive
+        guard let usage = try await self.loadLatestCLIAccountSnapshot().usage else {
             throw UsageError.noRateLimitsFound
         }
-
-        let identity = ProviderIdentitySnapshot(
-            providerID: .codex,
-            accountEmail: account?.account.flatMap { details in
-                if case let .chatgpt(email, _) = details { email } else { nil }
-            },
-            accountOrganization: nil,
-            loginMethod: account?.account.flatMap { details in
-                if case let .chatgpt(_, plan) = details { plan } else { nil }
-            })
-        return UsageSnapshot(
-            primary: primary,
-            secondary: secondary,
-            tertiary: nil,
-            updatedAt: Date(),
-            identity: identity)
+        return usage
     }
 
-    private func loadTTYUsage(keepCLISessionsAlive: Bool) async throws -> UsageSnapshot {
-        let status = try await CodexStatusProbe(keepCLISessionsAlive: keepCLISessionsAlive).fetch()
-        guard let fiveLeft = status.fiveHourPercentLeft, let weekLeft = status.weeklyPercentLeft else {
-            throw UsageError.noRateLimitsFound
+    public func loadLatestCLIAccountSnapshot() async throws -> CodexCLIAccountSnapshot {
+        let rpc = try CodexRPCClient(
+            environment: self.environment,
+            initializeTimeoutSeconds: self.initializeTimeoutSeconds,
+            requestTimeoutSeconds: self.requestTimeoutSeconds,
+            resolveExecutable: self.codexExecutableResolver)
+        defer { rpc.shutdown() }
+        do {
+            try await rpc.initialize(clientName: "codexbar", clientVersion: "0.5.4")
+            // The app-server answers on a single stdout stream, so keep requests
+            // serialized to avoid starving one reader when multiple awaiters race
+            // for the same pipe.
+            let limits = try await rpc.fetchRateLimits().rateLimits
+            let account = try? await rpc.fetchAccount()
+            let rateLimitsPlan = Self.normalizedCodexAccountField(limits.planType)
+            let identity = ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: account?.account.flatMap { details in
+                    if case let .chatgpt(email, _) = details { email } else { nil }
+                },
+                accountOrganization: nil,
+                loginMethod: account?.account.flatMap { details in
+                    if case let .chatgpt(_, plan) = details { plan } else { nil }
+                } ?? rateLimitsPlan)
+            let credits = Self.makeCredits(from: limits.credits)
+            let shouldReturnUnavailableUsage = credits == nil || rateLimitsPlan != nil
+            let usage = CodexReconciledState.fromCLI(
+                primary: Self.makeWindow(from: limits.primary),
+                secondary: Self.makeWindow(from: limits.secondary),
+                identity: identity)?
+                .toUsageSnapshot()
+                ?? (shouldReturnUnavailableUsage ? Self.emptyCodexUsageSnapshotIfIdentified(identity: identity) : nil)
+            guard usage != nil || credits != nil else {
+                throw UsageError.noRateLimitsFound
+            }
+            return CodexCLIAccountSnapshot(
+                usage: usage,
+                credits: credits)
+        } catch {
+            let usage = Self.recoverUsageFromRPCError(error)
+            let credits = Self.recoverCreditsFromRPCError(error)
+            if usage != nil || credits != nil {
+                return CodexCLIAccountSnapshot(
+                    usage: usage,
+                    credits: credits)
+            }
+            throw error
         }
-
-        let primary = RateWindow(
-            usedPercent: max(0, 100 - Double(fiveLeft)),
-            windowMinutes: 300,
-            resetsAt: nil,
-            resetDescription: status.fiveHourResetDescription)
-        let secondary = RateWindow(
-            usedPercent: max(0, 100 - Double(weekLeft)),
-            windowMinutes: 10080,
-            resetsAt: nil,
-            resetDescription: status.weeklyResetDescription)
-
-        return UsageSnapshot(
-            primary: primary,
-            secondary: secondary,
-            tertiary: nil,
-            updatedAt: Date(),
-            identity: nil)
     }
 
     public func loadLatestCredits(keepCLISessionsAlive: Bool = false) async throws -> CreditsSnapshot {
-        try await self.withFallback(
-            primary: self.loadRPCCredits,
-            secondary: { try await self.loadTTYCredits(keepCLISessionsAlive: keepCLISessionsAlive) })
-    }
-
-    private func loadRPCCredits() async throws -> CreditsSnapshot {
-        let rpc = try CodexRPCClient()
-        defer { rpc.shutdown() }
-        try await rpc.initialize(clientName: "codexbar", clientVersion: "0.5.4")
-        let limits = try await rpc.fetchRateLimits().rateLimits
-        guard let credits = limits.credits else { throw UsageError.noRateLimitsFound }
-        let remaining = Self.parseCredits(credits.balance)
-        return CreditsSnapshot(remaining: remaining, events: [], updatedAt: Date())
-    }
-
-    private func loadTTYCredits(keepCLISessionsAlive: Bool) async throws -> CreditsSnapshot {
-        let status = try await CodexStatusProbe(keepCLISessionsAlive: keepCLISessionsAlive).fetch()
-        guard let credits = status.credits else { throw UsageError.noRateLimitsFound }
-        return CreditsSnapshot(remaining: credits, events: [], updatedAt: Date())
-    }
-
-    private func withFallback<T>(
-        primary: @escaping () async throws -> T,
-        secondary: @escaping () async throws -> T) async throws -> T
-    {
-        do {
-            return try await primary()
-        } catch let primaryError {
-            do {
-                return try await secondary()
-            } catch {
-                // Preserve the original failure so callers see the primary path error.
-                throw primaryError
-            }
+        _ = keepCLISessionsAlive
+        guard let credits = try await self.loadLatestCLIAccountSnapshot().credits else {
+            throw UsageError.noRateLimitsFound
         }
+        return credits
     }
 
     public func debugRawRateLimits() async -> String {
         do {
-            let rpc = try CodexRPCClient()
+            let rpc = try CodexRPCClient(
+                environment: self.environment,
+                initializeTimeoutSeconds: self.initializeTimeoutSeconds,
+                requestTimeoutSeconds: self.requestTimeoutSeconds,
+                resolveExecutable: self.codexExecutableResolver)
             defer { rpc.shutdown() }
             try await rpc.initialize(clientName: "codexbar", clientVersion: "0.5.4")
             let limits = try await rpc.fetchRateLimits()
@@ -637,30 +924,30 @@ public struct UsageFetcher: Sendable {
     }
 
     public func loadAccountInfo() -> AccountInfo {
-        // Keep using auth.json for quick startup (non-blocking, no RPC spin-up required).
-        let authURL = URL(fileURLWithPath: self.environment["CODEX_HOME"] ?? "\(NSHomeDirectory())/.codex")
-            .appendingPathComponent("auth.json")
-        guard let data = try? Data(contentsOf: authURL),
-              let auth = try? JSONDecoder().decode(AuthFile.self, from: data),
-              let idToken = auth.tokens?.idToken
-        else {
-            return AccountInfo(email: nil, plan: nil)
-        }
+        let account = self.loadAuthBackedCodexAccount()
+        return AccountInfo(email: account.email, plan: account.plan)
+    }
 
-        guard let payload = UsageFetcher.parseJWT(idToken) else {
-            return AccountInfo(email: nil, plan: nil)
+    public func loadAuthBackedCodexAccount() -> CodexAuthBackedAccount {
+        guard let credentials = try? CodexOAuthCredentialsStore.load(env: self.environment) else {
+            return CodexAuthBackedAccount(identity: .unresolved, email: nil, plan: nil)
         }
 
-        let authDict = payload["https://api.openai.com/auth"] as? [String: Any]
-        let profileDict = payload["https://api.openai.com/profile"] as? [String: Any]
-
-        let plan = (authDict?["chatgpt_plan_type"] as? String)
-            ?? (payload["chatgpt_plan_type"] as? String)
-
-        let email = (payload["email"] as? String)
-            ?? (profileDict?["email"] as? String)
-
-        return AccountInfo(email: email, plan: plan)
+        let payload = credentials.idToken.flatMap(Self.parseJWT)
+        let authDict = payload?["https://api.openai.com/auth"] as? [String: Any]
+        let profileDict = payload?["https://api.openai.com/profile"] as? [String: Any]
+
+        let email = Self.normalizedCodexAccountField(
+            (payload?["email"] as? String) ?? (profileDict?["email"] as? String))
+        let plan = Self.normalizedCodexAccountField(
+            (authDict?["chatgpt_plan_type"] as? String) ?? (payload?["chatgpt_plan_type"] as? String))
+        let accountId = Self.normalizedCodexAccountField(
+            credentials.accountId
+                ?? (authDict?["chatgpt_account_id"] as? String)
+                ?? (payload?["chatgpt_account_id"] as? String))
+        let identity = CodexIdentityResolver.resolve(accountId: accountId, email: email)
+
+        return CodexAuthBackedAccount(identity: identity, email: email, plan: plan)
     }
 
     // MARK: - Helpers
@@ -676,11 +963,133 @@ public struct UsageFetcher: Sendable {
             resetDescription: resetDescription)
     }
 
+    private static func makeWindow(from response: CodexUsageResponse.WindowSnapshot?) -> RateWindow? {
+        guard let response else { return nil }
+        let resetsAtDate = Date(timeIntervalSince1970: TimeInterval(response.resetAt))
+        return RateWindow(
+            usedPercent: Double(response.usedPercent),
+            windowMinutes: response.limitWindowSeconds / 60,
+            resetsAt: resetsAtDate,
+            resetDescription: UsageFormatter.resetDescription(from: resetsAtDate))
+    }
+
+    private static func makeTTYWindow(
+        percentLeft: Int?,
+        windowMinutes: Int,
+        resetsAt: Date?,
+        resetDescription: String?) -> RateWindow?
+    {
+        guard let percentLeft else { return nil }
+        return RateWindow(
+            usedPercent: max(0, 100 - Double(percentLeft)),
+            windowMinutes: windowMinutes,
+            resetsAt: resetsAt,
+            resetDescription: resetDescription)
+    }
+
     private static func parseCredits(_ balance: String?) -> Double {
         guard let balance, let val = Double(balance) else { return 0 }
         return val
     }
 
+    private static func makeCredits(from rpc: RPCCreditsSnapshot?) -> CreditsSnapshot? {
+        guard let rpc else { return nil }
+        return CreditsSnapshot(remaining: self.parseCredits(rpc.balance), events: [], updatedAt: Date())
+    }
+
+    private static func emptyCodexUsageSnapshotIfIdentified(identity: ProviderIdentitySnapshot) -> UsageSnapshot? {
+        guard identity.accountEmail != nil || identity.loginMethod != nil else { return nil }
+        return UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: Date(),
+            identity: identity)
+    }
+
+    private static func recoverUsageFromRPCError(_ error: Error) -> UsageSnapshot? {
+        guard let body = self.decodeRateLimitsErrorBody(from: error) else { return nil }
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: self.normalizedCodexAccountField(body.email),
+            accountOrganization: nil,
+            loginMethod: self.normalizedCodexAccountField(body.planType))
+        guard let state = CodexReconciledState.fromCLI(
+            primary: self.makeWindow(from: body.rateLimit?.primaryWindow),
+            secondary: self.makeWindow(from: body.rateLimit?.secondaryWindow),
+            identity: identity)
+        else {
+            return nil
+        }
+        if body.rateLimit?.hasWindowDecodeFailure == true,
+           state.session == nil
+        {
+            return nil
+        }
+        return state.toUsageSnapshot()
+    }
+
+    private static func recoverCreditsFromRPCError(_ error: Error) -> CreditsSnapshot? {
+        guard let credits = self.decodeRateLimitsErrorBody(from: error)?.credits else { return nil }
+        guard let remaining = credits.balance else { return nil }
+        return CreditsSnapshot(remaining: remaining, events: [], updatedAt: Date())
+    }
+
+    private static func decodeRateLimitsErrorBody(from error: Error) -> RPCRateLimitsErrorBody? {
+        guard case let RPCWireError.requestFailed(message) = error else { return nil }
+        guard let json = self.extractJSONObject(after: "body=", in: message) else { return nil }
+        guard let data = json.data(using: .utf8) else { return nil }
+        return try? JSONDecoder().decode(RPCRateLimitsErrorBody.self, from: data)
+    }
+
+    private static func extractJSONObject(after marker: String, in text: String) -> String? {
+        guard let markerRange = text.range(of: marker) else { return nil }
+        let suffix = text[markerRange.upperBound...]
+        guard let start = suffix.firstIndex(of: "{") else { return nil }
+
+        var depth = 0
+        var inString = false
+        var isEscaped = false
+
+        for index in suffix[start...].indices {
+            let character = suffix[index]
+
+            if inString {
+                if isEscaped {
+                    isEscaped = false
+                } else if character == "\\" {
+                    isEscaped = true
+                } else if character == "\"" {
+                    inString = false
+                }
+                continue
+            }
+
+            switch character {
+            case "\"":
+                inString = true
+            case "{":
+                depth += 1
+            case "}":
+                depth -= 1
+                if depth == 0 {
+                    return String(suffix[start...index])
+                }
+            default:
+                break
+            }
+        }
+
+        return nil
+    }
+
+    private static func normalizedCodexAccountField(_ value: String?) -> String? {
+        guard let value = value?.trimmingCharacters(in: .whitespacesAndNewlines), !value.isEmpty else {
+            return nil
+        }
+        return value
+    }
+
     public static func parseJWT(_ token: String) -> [String: Any]? {
         let parts = token.split(separator: ".")
         guard parts.count >= 2 else { return nil }
@@ -698,8 +1107,68 @@ public struct UsageFetcher: Sendable {
     }
 }
 
-/// Minimal auth.json struct preserved from previous implementation
-private struct AuthFile: Decodable {
-    struct Tokens: Decodable { let idToken: String? }
-    let tokens: Tokens?
+#if DEBUG
+extension UsageFetcher {
+    static func _mapCodexRPCLimitsForTesting(
+        primary: (usedPercent: Double, windowMinutes: Int, resetsAt: Int?)?,
+        secondary: (usedPercent: Double, windowMinutes: Int, resetsAt: Int?)?,
+        planType: String? = nil) throws -> UsageSnapshot
+    {
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: self.normalizedCodexAccountField(planType))
+        guard let state = CodexReconciledState.fromCLI(
+            primary: primary.map(self.makeTestingWindow),
+            secondary: secondary.map(self.makeTestingWindow),
+            identity: identity)
+        else {
+            if let usage = self.emptyCodexUsageSnapshotIfIdentified(identity: identity) {
+                return usage
+            }
+            throw UsageError.noRateLimitsFound
+        }
+        return state.toUsageSnapshot()
+    }
+
+    static func _mapCodexStatusForTesting(_ status: CodexStatusSnapshot) throws -> UsageSnapshot {
+        guard let state = CodexReconciledState.fromCLI(
+            primary: self.makeTTYWindow(
+                percentLeft: status.fiveHourPercentLeft,
+                windowMinutes: 300,
+                resetsAt: status.fiveHourResetsAt,
+                resetDescription: status.fiveHourResetDescription),
+            secondary: self.makeTTYWindow(
+                percentLeft: status.weeklyPercentLeft,
+                windowMinutes: 10080,
+                resetsAt: status.weeklyResetsAt,
+                resetDescription: status.weeklyResetDescription),
+            identity: nil)
+        else {
+            throw UsageError.noRateLimitsFound
+        }
+        return state.toUsageSnapshot()
+    }
+
+    public static func _recoverCodexRPCUsageFromErrorForTesting(_ message: String) -> UsageSnapshot? {
+        self.recoverUsageFromRPCError(RPCWireError.requestFailed(message))
+    }
+
+    public static func _recoverCodexRPCCreditsFromErrorForTesting(_ message: String) -> CreditsSnapshot? {
+        self.recoverCreditsFromRPCError(RPCWireError.requestFailed(message))
+    }
+
+    private static func makeTestingWindow(
+        _ value: (usedPercent: Double, windowMinutes: Int, resetsAt: Int?))
+        -> RateWindow
+    {
+        let resetsAt = value.resetsAt.map { Date(timeIntervalSince1970: TimeInterval($0)) }
+        return RateWindow(
+            usedPercent: value.usedPercent,
+            windowMinutes: value.windowMinutes,
+            resetsAt: resetsAt,
+            resetDescription: resetsAt.map { UsageFormatter.resetDescription(from: $0) })
+    }
 }
+#endif
diff --git a/Sources/CodexBarCore/UsageFormatter.swift b/Sources/CodexBarCore/UsageFormatter.swift
index 226d43569..9f0b1b641 100644
--- a/Sources/CodexBarCore/UsageFormatter.swift
+++ b/Sources/CodexBarCore/UsageFormatter.swift
@@ -6,10 +6,75 @@ public enum ResetTimeDisplayStyle: String, Codable, Sendable {
 }
 
 public enum UsageFormatter {
+    private final class BundleToken {}
+
+    private static let localizationLock = NSLock()
+    private nonisolated(unsafe) static var localizationProvider: (@Sendable (String) -> String)?
+    private nonisolated(unsafe) static var localeProvider: (@Sendable () -> Locale)?
+
+    public static func setLocalizationProvider(_ provider: @escaping @Sendable (String) -> String) {
+        self.localizationLock.lock()
+        self.localizationProvider = provider
+        self.localizationLock.unlock()
+    }
+
+    public static func clearLocalizationProvider() {
+        self.localizationLock.lock()
+        self.localizationProvider = nil
+        self.localizationLock.unlock()
+    }
+
+    public static func setLocaleProvider(_ provider: @escaping @Sendable () -> Locale) {
+        self.localizationLock.lock()
+        self.localeProvider = provider
+        self.localizationLock.unlock()
+    }
+
+    public static func clearLocaleProvider() {
+        self.localizationLock.lock()
+        self.localeProvider = nil
+        self.localizationLock.unlock()
+    }
+
+    private static func currentLocale() -> Locale {
+        self.localizationLock.lock()
+        let provider = self.localeProvider
+        self.localizationLock.unlock()
+        return provider?() ?? Locale(identifier: "en_US_POSIX")
+    }
+
+    private static func localized(_ key: String) -> String {
+        self.localizationLock.lock()
+        let provider = self.localizationProvider
+        self.localizationLock.unlock()
+        if let provider {
+            return provider(key)
+        }
+        let coreBundle = Bundle(for: BundleToken.self)
+        let coreValue = NSLocalizedString(key, tableName: "Localizable", bundle: coreBundle, value: key, comment: "")
+        if coreValue != key { return coreValue }
+
+        let mainValue = NSLocalizedString(key, tableName: "Localizable", bundle: .main, value: key, comment: "")
+        if mainValue != key { return mainValue }
+
+        switch key {
+        case "usage_percent_suffix_left": return "left"
+        case "usage_percent_suffix_used": return "used"
+        default: return key
+        }
+    }
+
+    private static func localized(_ key: String, _ args: CVarArg...) -> String {
+        let format = self.localized(key)
+        return String(format: format, locale: self.currentLocale(), arguments: args)
+    }
+
     public static func usageLine(remaining: Double, used: Double, showUsed: Bool) -> String {
         let percent = showUsed ? used : remaining
         let clamped = min(100, max(0, percent))
-        let suffix = showUsed ? "used" : "left"
+        let suffix = showUsed
+            ? self.localized("usage_percent_suffix_used")
+            : self.localized("usage_percent_suffix_left")
         return String(format: "%.0f%% %@", clamped, suffix)
     }
 
@@ -37,14 +102,14 @@ public enum UsageFormatter {
         // Human-friendly phrasing: today / tomorrow / date+time.
         let calendar = Calendar.current
         if calendar.isDate(date, inSameDayAs: now) {
-            return date.formatted(date: .omitted, time: .shortened)
+            return date.formatted(.dateTime.hour().minute().locale(self.currentLocale()))
         }
         if let tomorrow = calendar.date(byAdding: .day, value: 1, to: now),
            calendar.isDate(date, inSameDayAs: tomorrow)
         {
-            return "tomorrow, \(date.formatted(date: .omitted, time: .shortened))"
+            return "tomorrow, \(date.formatted(.dateTime.hour().minute().locale(self.currentLocale())))"
         }
-        return date.formatted(date: .abbreviated, time: .shortened)
+        return date.formatted(.dateTime.month(.abbreviated).day().hour().minute().locale(self.currentLocale()))
     }
 
     public static func resetLine(
@@ -53,17 +118,30 @@ public enum UsageFormatter {
         now: Date = .init()) -> String?
     {
         if let date = window.resetsAt {
-            let text = style == .countdown
-                ? self.resetCountdownDescription(from: date, now: now)
-                : self.resetDescription(from: date, now: now)
-            return "Resets \(text)"
+            if style == .countdown {
+                let countdown = self.resetCountdownDescription(from: date, now: now)
+                if countdown == "now" {
+                    return self.localized("Resets now")
+                }
+                if countdown.hasPrefix("in ") {
+                    return self.localized("Resets in %@", String(countdown.dropFirst(3)))
+                }
+                return self.localized("Resets %@", countdown)
+            }
+            let text = self.resetDescription(from: date, now: now)
+            return self.localized("Resets %@", text)
         }
 
         if let desc = window.resetDescription {
             let trimmed = desc.trimmingCharacters(in: .whitespacesAndNewlines)
             guard !trimmed.isEmpty else { return nil }
-            if trimmed.lowercased().hasPrefix("resets") { return trimmed }
-            return "Resets \(trimmed)"
+            if trimmed.lowercased().hasPrefix("resets in ") {
+                return self.localized("Resets in %@", String(trimmed.dropFirst("Resets in ".count)))
+            }
+            if trimmed.lowercased().hasPrefix("resets ") {
+                return self.localized("Resets %@", String(trimmed.dropFirst("Resets ".count)))
+            }
+            return self.localized("Resets %@", trimmed)
         }
         return nil
     }
@@ -71,24 +149,27 @@ public enum UsageFormatter {
     public static func updatedString(from date: Date, now: Date = .init()) -> String {
         let delta = now.timeIntervalSince(date)
         if abs(delta) < 60 {
-            return "Updated just now"
+            return self.localized("Updated just now")
         }
         if let hours = Calendar.current.dateComponents([.hour], from: date, to: now).hour, hours < 24 {
             #if os(macOS)
             let rel = RelativeDateTimeFormatter()
+            rel.locale = self.currentLocale()
             rel.unitsStyle = .abbreviated
-            return "Updated \(rel.localizedString(for: date, relativeTo: now))"
+            return self.localized("Updated %@", rel.localizedString(for: date, relativeTo: now))
             #else
             let seconds = max(0, Int(now.timeIntervalSince(date)))
             if seconds < 3600 {
                 let minutes = max(1, seconds / 60)
-                return "Updated \(minutes)m ago"
+                return self.localized("Updated %@m ago", String(minutes))
             }
             let wholeHours = max(1, seconds / 3600)
-            return "Updated \(wholeHours)h ago"
+            return self.localized("Updated %@h ago", String(wholeHours))
             #endif
         } else {
-            return "Updated \(date.formatted(date: .omitted, time: .shortened))"
+            return self.localized(
+                "Updated %@",
+                date.formatted(.dateTime.hour().minute().locale(self.currentLocale())))
         }
     }
 
@@ -99,7 +180,15 @@ public enum UsageFormatter {
         // Use explicit locale for consistent formatting on all systems
         number.locale = Locale(identifier: "en_US_POSIX")
         let formatted = number.string(from: NSNumber(value: value)) ?? String(format: "%.2f", value)
-        return "\(formatted) left"
+        return self.localized("%@ left", formatted)
+    }
+
+    public static func kiroCreditNumber(_ value: Double) -> String {
+        let rounded = value.rounded()
+        if abs(value - rounded) < 0.005 {
+            return String(format: "%.0f", rounded)
+        }
+        return String(format: "%.2f", value)
     }
 
     /// Formats a USD value with proper negative handling and thousand separators.
@@ -108,6 +197,18 @@ public enum UsageFormatter {
         value.formatted(.currency(code: "USD").locale(Locale(identifier: "en_US")))
     }
 
+    public static let costEstimateHint = "Estimated from local logs · may differ from your bill"
+
+    public static func costEstimateHint(provider: UsageProvider) -> String {
+        switch provider {
+        case .claude:
+            "Estimated from local Claude logs at API rates; token totals include cache read/write tokens " +
+                "and may differ from Claude Code /status."
+        default:
+            self.costEstimateHint
+        }
+    }
+
     /// Formats a currency value with the specified currency code.
     /// Uses FormatStyle with explicit en_US locale to ensure consistent formatting
     /// regardless of the user's system locale (e.g., pt-BR users see $54.72 not US$ 54,72).
@@ -145,6 +246,25 @@ public enum UsageFormatter {
         return formatter.string(from: NSNumber(value: value)) ?? "\(value)"
     }
 
+    public static func byteCountString(_ bytes: Int64) -> String {
+        let sign = bytes < 0 ? "-" : ""
+        let absBytes = Double(Swift.abs(bytes))
+        let units: [(threshold: Double, divisor: Double, suffix: String)] = [
+            (1024 * 1024 * 1024, 1024 * 1024 * 1024, "GB"),
+            (1024 * 1024, 1024 * 1024, "MB"),
+            (1024, 1024, "KB"),
+        ]
+
+        for unit in units where absBytes >= unit.threshold {
+            let scaled = absBytes / unit.divisor
+            let format = scaled >= 10 || scaled.rounded(.towardZero) == scaled ? "%.0f" : "%.1f"
+            let formatted = String(format: format, scaled)
+            return "\(sign)\(formatted) \(unit.suffix)"
+        }
+
+        return "\(bytes) B"
+    }
+
     public static func creditEventSummary(_ event: CreditEvent) -> String {
         let formatter = DateFormatter()
         formatter.dateStyle = .medium
@@ -206,6 +326,26 @@ public enum UsageFormatter {
         return cleaned.isEmpty ? raw : cleaned
     }
 
+    public static func modelCostDetail(
+        _ model: String,
+        costUSD: Double?,
+        totalTokens: Int? = nil,
+        currencyCode: String = "USD") -> String?
+    {
+        let costDetail: String? = if let label = CostUsagePricing.codexDisplayLabel(model: model) {
+            label
+        } else if let costUSD {
+            self.currencyString(costUSD, currencyCode: currencyCode)
+        } else {
+            nil
+        }
+
+        let tokenDetail = totalTokens.map(self.tokenCountString)
+        let parts = [costDetail, tokenDetail].compactMap(\.self)
+        guard !parts.isEmpty else { return nil }
+        return parts.joined(separator: " · ")
+    }
+
     /// Cleans a provider plan string: strip ANSI/bracket noise, drop boilerplate words, collapse whitespace, and
     /// ensure a leading capital if the result starts lowercase.
     public static func cleanPlanName(_ text: String) -> String {
diff --git a/Sources/CodexBarCore/Vendored/CostUsage/CostUsageCache.swift b/Sources/CodexBarCore/Vendored/CostUsage/CostUsageCache.swift
index e56131a41..effe1478d 100644
--- a/Sources/CodexBarCore/Vendored/CostUsage/CostUsageCache.swift
+++ b/Sources/CodexBarCore/Vendored/CostUsage/CostUsageCache.swift
@@ -1,6 +1,17 @@
 import Foundation
 
 enum CostUsageCacheIO {
+    private static func artifactVersion(for provider: UsageProvider) -> Int {
+        switch provider {
+        case .codex:
+            8
+        case .claude, .vertexai:
+            2
+        default:
+            1
+        }
+    }
+
     private static func defaultCacheRoot() -> URL {
         let root = FileManager.default.urls(for: .cachesDirectory, in: .userDomainMask).first!
         return root.appendingPathComponent("CodexBar", isDirectory: true)
@@ -8,44 +19,80 @@ enum CostUsageCacheIO {
 
     static func cacheFileURL(provider: UsageProvider, cacheRoot: URL? = nil) -> URL {
         let root = cacheRoot ?? self.defaultCacheRoot()
+        let artifactVersion = self.artifactVersion(for: provider)
         return root
             .appendingPathComponent("cost-usage", isDirectory: true)
-            .appendingPathComponent("\(provider.rawValue)-v1.json", isDirectory: false)
+            .appendingPathComponent("\(provider.rawValue)-v\(artifactVersion).json", isDirectory: false)
     }
 
-    static func load(provider: UsageProvider, cacheRoot: URL? = nil) -> CostUsageCache {
+    static func load(
+        provider: UsageProvider,
+        cacheRoot: URL? = nil,
+        producerKey: String? = nil) -> CostUsageCache
+    {
         let url = self.cacheFileURL(provider: provider, cacheRoot: cacheRoot)
-        if let decoded = self.loadCache(at: url) { return decoded }
+        let expectedProducerKey = producerKey ?? self.currentProducerKey(provider: provider)
+        if let decoded = self.loadCache(at: url, expectedProducerKey: expectedProducerKey) { return decoded }
         return CostUsageCache()
     }
 
-    private static func loadCache(at url: URL) -> CostUsageCache? {
+    private static func loadCache(at url: URL, expectedProducerKey: String?) -> CostUsageCache? {
         guard let data = try? Data(contentsOf: url) else { return nil }
         guard let decoded = try? JSONDecoder().decode(CostUsageCache.self, from: data)
         else { return nil }
         guard decoded.version == 1 else { return nil }
+        if let expectedProducerKey {
+            guard decoded.producerKey == expectedProducerKey else { return nil }
+        }
         return decoded
     }
 
-    static func save(provider: UsageProvider, cache: CostUsageCache, cacheRoot: URL? = nil) {
+    static func save(
+        provider: UsageProvider,
+        cache: CostUsageCache,
+        cacheRoot: URL? = nil,
+        producerKey: String? = nil)
+    {
         let url = self.cacheFileURL(provider: provider, cacheRoot: cacheRoot)
         let dir = url.deletingLastPathComponent()
         try? FileManager.default.createDirectory(at: dir, withIntermediateDirectories: true)
 
+        var cache = cache
+        cache.producerKey = producerKey ?? self.currentProducerKey(provider: provider)
+
         let tmp = dir.appendingPathComponent(".tmp-\(UUID().uuidString).json", isDirectory: false)
         let data = (try? JSONEncoder().encode(cache)) ?? Data()
         do {
             try data.write(to: tmp, options: [.atomic])
-            _ = try FileManager.default.replaceItemAt(url, withItemAt: tmp)
+            if FileManager.default.fileExists(atPath: url.path) {
+                _ = try FileManager.default.replaceItemAt(url, withItemAt: tmp)
+            } else {
+                try FileManager.default.moveItem(at: tmp, to: url)
+            }
         } catch {
             try? FileManager.default.removeItem(at: tmp)
         }
     }
+
+    static func currentProducerKey(
+        provider: UsageProvider,
+        parserHash: String = CodexParserHash.value) -> String?
+    {
+        guard provider == .codex else { return nil }
+        return "\(provider.rawValue):cu:p\(parserHash)"
+    }
 }
 
-struct CostUsageCache: Codable, Sendable {
+struct CostUsageCache: Codable {
     var version: Int = 1
+    var producerKey: String?
     var lastScanUnixMs: Int64 = 0
+    var scanSinceKey: String?
+    var scanUntilKey: String?
+    var codexPricingKey: String?
+    var codexPriorityMetadataKey: String?
+    var codexPriorityTurnKeys: [String: String]?
+    var codexPriorityTurnIDsByDay: [String: [String]]?
 
     /// filePath -> file usage
     var files: [String: CostUsageFileUsage] = [:]
@@ -57,17 +104,31 @@ struct CostUsageCache: Codable, Sendable {
     var roots: [String: Int64]?
 }
 
-struct CostUsageFileUsage: Codable, Sendable {
+struct CostUsageFileUsage: Codable {
     var mtimeUnixMs: Int64
     var size: Int64
     var days: [String: [String: [Int]]]
     var parsedBytes: Int64?
     var lastModel: String?
     var lastTotals: CostUsageCodexTotals?
+    var lastCountedTotals: CostUsageCodexTotals?
+    var lastRawTotalsBaseline: CostUsageCodexTotals?
+    var hasDivergentTotals: Bool?
+    var lastCodexTurnID: String?
     var sessionId: String?
+    var forkedFromId: String?
+    var codexCostNanos: [String: [String: Int64]]?
+    var codexPrioritySurchargeNanos: [String: [String: Int64]]?
+    var codexStandardCostNanos: [String: [String: Int64]]?
+    var codexPriorityCostNanos: [String: [String: Int64]]?
+    var codexStandardTokens: [String: [String: Int]]?
+    var codexPriorityTokens: [String: [String: Int]]?
+    var codexTurnIDs: [String]?
+    var codexRows: [CostUsageScanner.CodexUsageRow]?
+    var claudeRows: [CostUsageScanner.ClaudeUsageRow]?
 }
 
-struct CostUsageCodexTotals: Codable, Sendable {
+struct CostUsageCodexTotals: Codable {
     var input: Int
     var cached: Int
     var output: Int
diff --git a/Sources/CodexBarCore/Vendored/CostUsage/CostUsageJsonl.swift b/Sources/CodexBarCore/Vendored/CostUsage/CostUsageJsonl.swift
index 5105f9759..7e13a9183 100644
--- a/Sources/CodexBarCore/Vendored/CostUsage/CostUsageJsonl.swift
+++ b/Sources/CodexBarCore/Vendored/CostUsage/CostUsageJsonl.swift
@@ -1,7 +1,7 @@
 import Foundation
 
 enum CostUsageJsonl {
-    struct Line: Sendable {
+    struct Line {
         let bytes: Data
         let wasTruncated: Bool
     }
@@ -14,6 +14,25 @@ enum CostUsageJsonl {
         prefixBytes: Int,
         onLine: (Line) -> Void) throws
         -> Int64
+    {
+        try self.scan(
+            fileURL: fileURL,
+            offset: offset,
+            maxLineBytes: maxLineBytes,
+            prefixBytes: prefixBytes,
+            checkCancellation: nil,
+            onLine: onLine)
+    }
+
+    @discardableResult
+    static func scan(
+        fileURL: URL,
+        offset: Int64 = 0,
+        maxLineBytes: Int,
+        prefixBytes: Int,
+        checkCancellation: (() throws -> Void)? = nil,
+        onLine: (Line) -> Void) throws
+        -> Int64
     {
         let handle = try FileHandle(forReadingFrom: fileURL)
         defer { try? handle.close() }
@@ -29,16 +48,18 @@ enum CostUsageJsonl {
         var truncated = false
         var bytesRead: Int64 = 0
 
-        func appendSegment(_ segment: Data.SubSequence) {
-            guard !segment.isEmpty else { return }
-            lineBytes += segment.count
-            guard !truncated else { return }
+        func appendSegment(_ bytes: UnsafePointer<UInt8>, count: Int) {
+            guard count > 0 else { return }
+            lineBytes += count
+            if current.count < prefixBytes {
+                let appendCount = min(prefixBytes - current.count, count)
+                if appendCount > 0 {
+                    current.append(bytes, count: appendCount)
+                }
+            }
             if lineBytes > maxLineBytes || lineBytes > prefixBytes {
                 truncated = true
-                current.removeAll(keepingCapacity: true)
-                return
             }
-            current.append(contentsOf: segment)
         }
 
         func flushLine() {
@@ -51,22 +72,32 @@ enum CostUsageJsonl {
         }
 
         while true {
+            try checkCancellation?()
             let chunk = try handle.read(upToCount: 256 * 1024) ?? Data()
             if chunk.isEmpty {
                 flushLine()
                 break
             }
 
+            try checkCancellation?()
             bytesRead += Int64(chunk.count)
-            var segmentStart = chunk.startIndex
-            while let nl = chunk[segmentStart...].firstIndex(of: 0x0A) {
-                appendSegment(chunk[segmentStart..<nl])
-                flushLine()
-                segmentStart = chunk.index(after: nl)
-            }
-            if segmentStart < chunk.endIndex {
-                appendSegment(chunk[segmentStart..<chunk.endIndex])
+            chunk.withUnsafeBytes { rawBuffer in
+                guard let base = rawBuffer.bindMemory(to: UInt8.self).baseAddress else { return }
+                var segmentStart = 0
+                var index = 0
+                while index < rawBuffer.count {
+                    if base[index] == 0x0A {
+                        appendSegment(base.advanced(by: segmentStart), count: index - segmentStart)
+                        flushLine()
+                        segmentStart = index + 1
+                    }
+                    index += 1
+                }
+                if segmentStart < rawBuffer.count {
+                    appendSegment(base.advanced(by: segmentStart), count: rawBuffer.count - segmentStart)
+                }
             }
+            try checkCancellation?()
         }
 
         return startOffset + bytesRead
diff --git a/Sources/CodexBarCore/Vendored/CostUsage/CostUsagePricing.swift b/Sources/CodexBarCore/Vendored/CostUsage/CostUsagePricing.swift
index ffc7b1b91..057098b06 100644
--- a/Sources/CodexBarCore/Vendored/CostUsage/CostUsagePricing.swift
+++ b/Sources/CodexBarCore/Vendored/CostUsage/CostUsagePricing.swift
@@ -1,13 +1,50 @@
 import Foundation
 
 enum CostUsagePricing {
-    struct CodexPricing: Sendable {
+    private static let codexPriorityInputTokenLimit = 272_000
+
+    struct CodexPricing {
         let inputCostPerToken: Double
         let outputCostPerToken: Double
-        let cacheReadInputCostPerToken: Double
+        let cacheReadInputCostPerToken: Double?
+        let displayLabel: String?
+
+        let thresholdTokens: Int?
+        let inputCostPerTokenAboveThreshold: Double?
+        let outputCostPerTokenAboveThreshold: Double?
+        let cacheReadInputCostPerTokenAboveThreshold: Double?
+        let priorityInputCostPerToken: Double?
+        let priorityOutputCostPerToken: Double?
+        let priorityCacheReadInputCostPerToken: Double?
+
+        init(
+            inputCostPerToken: Double,
+            outputCostPerToken: Double,
+            cacheReadInputCostPerToken: Double?,
+            displayLabel: String?,
+            thresholdTokens: Int? = nil,
+            inputCostPerTokenAboveThreshold: Double? = nil,
+            outputCostPerTokenAboveThreshold: Double? = nil,
+            cacheReadInputCostPerTokenAboveThreshold: Double? = nil,
+            priorityInputCostPerToken: Double? = nil,
+            priorityOutputCostPerToken: Double? = nil,
+            priorityCacheReadInputCostPerToken: Double? = nil)
+        {
+            self.inputCostPerToken = inputCostPerToken
+            self.outputCostPerToken = outputCostPerToken
+            self.cacheReadInputCostPerToken = cacheReadInputCostPerToken
+            self.displayLabel = displayLabel
+            self.thresholdTokens = thresholdTokens
+            self.inputCostPerTokenAboveThreshold = inputCostPerTokenAboveThreshold
+            self.outputCostPerTokenAboveThreshold = outputCostPerTokenAboveThreshold
+            self.cacheReadInputCostPerTokenAboveThreshold = cacheReadInputCostPerTokenAboveThreshold
+            self.priorityInputCostPerToken = priorityInputCostPerToken
+            self.priorityOutputCostPerToken = priorityOutputCostPerToken
+            self.priorityCacheReadInputCostPerToken = priorityCacheReadInputCostPerToken
+        }
     }
 
-    struct ClaudePricing: Sendable {
+    struct ClaudePricing {
         let inputCostPerToken: Double
         let outputCostPerToken: Double
         let cacheCreationInputCostPerToken: Double
@@ -24,33 +61,149 @@ enum CostUsagePricing {
         "gpt-5": CodexPricing(
             inputCostPerToken: 1.25e-6,
             outputCostPerToken: 1e-5,
-            cacheReadInputCostPerToken: 1.25e-7),
+            cacheReadInputCostPerToken: 1.25e-7,
+            displayLabel: nil),
         "gpt-5-codex": CodexPricing(
             inputCostPerToken: 1.25e-6,
             outputCostPerToken: 1e-5,
-            cacheReadInputCostPerToken: 1.25e-7),
+            cacheReadInputCostPerToken: 1.25e-7,
+            displayLabel: nil),
+        "gpt-5-mini": CodexPricing(
+            inputCostPerToken: 2.5e-7,
+            outputCostPerToken: 2e-6,
+            cacheReadInputCostPerToken: 2.5e-8,
+            displayLabel: nil),
+        "gpt-5-nano": CodexPricing(
+            inputCostPerToken: 5e-8,
+            outputCostPerToken: 4e-7,
+            cacheReadInputCostPerToken: 5e-9,
+            displayLabel: nil),
+        "gpt-5-pro": CodexPricing(
+            inputCostPerToken: 1.5e-5,
+            outputCostPerToken: 1.2e-4,
+            cacheReadInputCostPerToken: nil,
+            displayLabel: nil),
         "gpt-5.1": CodexPricing(
             inputCostPerToken: 1.25e-6,
             outputCostPerToken: 1e-5,
-            cacheReadInputCostPerToken: 1.25e-7),
+            cacheReadInputCostPerToken: 1.25e-7,
+            displayLabel: nil),
+        "gpt-5.1-codex": CodexPricing(
+            inputCostPerToken: 1.25e-6,
+            outputCostPerToken: 1e-5,
+            cacheReadInputCostPerToken: 1.25e-7,
+            displayLabel: nil),
+        "gpt-5.1-codex-max": CodexPricing(
+            inputCostPerToken: 1.25e-6,
+            outputCostPerToken: 1e-5,
+            cacheReadInputCostPerToken: 1.25e-7,
+            displayLabel: nil),
+        "gpt-5.1-codex-mini": CodexPricing(
+            inputCostPerToken: 2.5e-7,
+            outputCostPerToken: 2e-6,
+            cacheReadInputCostPerToken: 2.5e-8,
+            displayLabel: nil),
         "gpt-5.2": CodexPricing(
             inputCostPerToken: 1.75e-6,
             outputCostPerToken: 1.4e-5,
-            cacheReadInputCostPerToken: 1.75e-7),
+            cacheReadInputCostPerToken: 1.75e-7,
+            displayLabel: nil),
         "gpt-5.2-codex": CodexPricing(
             inputCostPerToken: 1.75e-6,
             outputCostPerToken: 1.4e-5,
-            cacheReadInputCostPerToken: 1.75e-7),
-        "gpt-5.3": CodexPricing(
-            inputCostPerToken: 1.75e-6,
-            outputCostPerToken: 1.4e-5,
-            cacheReadInputCostPerToken: 1.75e-7),
+            cacheReadInputCostPerToken: 1.75e-7,
+            displayLabel: nil),
+        "gpt-5.2-pro": CodexPricing(
+            inputCostPerToken: 2.1e-5,
+            outputCostPerToken: 1.68e-4,
+            cacheReadInputCostPerToken: nil,
+            displayLabel: nil),
         "gpt-5.3-codex": CodexPricing(
             inputCostPerToken: 1.75e-6,
             outputCostPerToken: 1.4e-5,
-            cacheReadInputCostPerToken: 1.75e-7),
+            cacheReadInputCostPerToken: 1.75e-7,
+            displayLabel: nil),
+        "gpt-5.3-codex-spark": CodexPricing(
+            inputCostPerToken: 0,
+            outputCostPerToken: 0,
+            cacheReadInputCostPerToken: 0,
+            displayLabel: "Research Preview"),
+        "gpt-5.4": CodexPricing(
+            inputCostPerToken: 2.5e-6,
+            outputCostPerToken: 1.5e-5,
+            cacheReadInputCostPerToken: 2.5e-7,
+            displayLabel: nil,
+            thresholdTokens: 272_000,
+            inputCostPerTokenAboveThreshold: 5e-6,
+            outputCostPerTokenAboveThreshold: 2.25e-5,
+            cacheReadInputCostPerTokenAboveThreshold: 5e-7,
+            priorityInputCostPerToken: 5e-6,
+            priorityOutputCostPerToken: 3e-5,
+            priorityCacheReadInputCostPerToken: 5e-7),
+        "gpt-5.4-mini": CodexPricing(
+            inputCostPerToken: 7.5e-7,
+            outputCostPerToken: 4.5e-6,
+            cacheReadInputCostPerToken: 7.5e-8,
+            displayLabel: nil,
+            priorityInputCostPerToken: 1.5e-6,
+            priorityOutputCostPerToken: 9e-6,
+            priorityCacheReadInputCostPerToken: 1.5e-7),
+        "gpt-5.4-nano": CodexPricing(
+            inputCostPerToken: 2e-7,
+            outputCostPerToken: 1.25e-6,
+            cacheReadInputCostPerToken: 2e-8,
+            displayLabel: nil),
+        "gpt-5.4-pro": CodexPricing(
+            inputCostPerToken: 3e-5,
+            outputCostPerToken: 1.8e-4,
+            cacheReadInputCostPerToken: nil,
+            displayLabel: nil),
+        "gpt-5.5": CodexPricing(
+            inputCostPerToken: 5e-6,
+            outputCostPerToken: 3e-5,
+            cacheReadInputCostPerToken: 5e-7,
+            displayLabel: nil,
+            thresholdTokens: 272_000,
+            inputCostPerTokenAboveThreshold: 1e-5,
+            outputCostPerTokenAboveThreshold: 4.5e-5,
+            cacheReadInputCostPerTokenAboveThreshold: 1e-6,
+            priorityInputCostPerToken: 1.25e-5,
+            priorityOutputCostPerToken: 7.5e-5,
+            priorityCacheReadInputCostPerToken: 1.25e-6),
+        "gpt-5.5-pro": CodexPricing(
+            inputCostPerToken: 3e-5,
+            outputCostPerToken: 1.8e-4,
+            cacheReadInputCostPerToken: nil,
+            displayLabel: nil),
     ]
 
+    static func codexBuiltInPricingFingerprint() -> String {
+        var parts = ["priorityInputTokenLimit=\(self.codexPriorityInputTokenLimit)"]
+        for model in self.codex.keys.sorted() {
+            guard let pricing = self.codex[model] else { continue }
+            parts.append([
+                "model=\(model)",
+                self.optionalPricingFingerprint(pricing.inputCostPerToken),
+                self.optionalPricingFingerprint(pricing.outputCostPerToken),
+                self.optionalPricingFingerprint(pricing.cacheReadInputCostPerToken),
+                pricing.displayLabel ?? "nil",
+                pricing.thresholdTokens.map(String.init) ?? "nil",
+                self.optionalPricingFingerprint(pricing.inputCostPerTokenAboveThreshold),
+                self.optionalPricingFingerprint(pricing.outputCostPerTokenAboveThreshold),
+                self.optionalPricingFingerprint(pricing.cacheReadInputCostPerTokenAboveThreshold),
+                self.optionalPricingFingerprint(pricing.priorityInputCostPerToken),
+                self.optionalPricingFingerprint(pricing.priorityOutputCostPerToken),
+                self.optionalPricingFingerprint(pricing.priorityCacheReadInputCostPerToken),
+            ].joined(separator: "|"))
+        }
+        return parts.joined(separator: "\n")
+    }
+
+    private static func optionalPricingFingerprint(_ value: Double?) -> String {
+        guard let value else { return "nil" }
+        return String(format: "%.17g", value)
+    }
+
     private static let claude: [String: ClaudePricing] = [
         "claude-haiku-4-5-20251001": ClaudePricing(
             inputCostPerToken: 1e-6,
@@ -112,6 +265,16 @@ enum CostUsagePricing {
             outputCostPerTokenAboveThreshold: nil,
             cacheCreationInputCostPerTokenAboveThreshold: nil,
             cacheReadInputCostPerTokenAboveThreshold: nil),
+        "claude-opus-4-7": ClaudePricing(
+            inputCostPerToken: 5e-6,
+            outputCostPerToken: 2.5e-5,
+            cacheCreationInputCostPerToken: 6.25e-6,
+            cacheReadInputCostPerToken: 5e-7,
+            thresholdTokens: nil,
+            inputCostPerTokenAboveThreshold: nil,
+            outputCostPerTokenAboveThreshold: nil,
+            cacheCreationInputCostPerTokenAboveThreshold: nil,
+            cacheReadInputCostPerTokenAboveThreshold: nil),
         "claude-sonnet-4-5": ClaudePricing(
             inputCostPerToken: 3e-6,
             outputCostPerToken: 1.5e-5,
@@ -122,6 +285,16 @@ enum CostUsagePricing {
             outputCostPerTokenAboveThreshold: 2.25e-5,
             cacheCreationInputCostPerTokenAboveThreshold: 7.5e-6,
             cacheReadInputCostPerTokenAboveThreshold: 6e-7),
+        "claude-sonnet-4-6": ClaudePricing(
+            inputCostPerToken: 3e-6,
+            outputCostPerToken: 1.5e-5,
+            cacheCreationInputCostPerToken: 3.75e-6,
+            cacheReadInputCostPerToken: 3e-7,
+            thresholdTokens: 200_000,
+            inputCostPerTokenAboveThreshold: 6e-6,
+            outputCostPerTokenAboveThreshold: 2.25e-5,
+            cacheCreationInputCostPerTokenAboveThreshold: 7.5e-6,
+            cacheReadInputCostPerTokenAboveThreshold: 6e-7),
         "claude-sonnet-4-5-20250929": ClaudePricing(
             inputCostPerToken: 3e-6,
             outputCostPerToken: 1.5e-5,
@@ -164,18 +337,33 @@ enum CostUsagePricing {
             cacheReadInputCostPerTokenAboveThreshold: 6e-7),
     ]
 
+    private static let codexModelsDevProviderID = "openai"
+    private static let claudeModelsDevProviderID = "anthropic"
+
     static func normalizeCodexModel(_ raw: String) -> String {
         var trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
         if trimmed.hasPrefix("openai/") {
             trimmed = String(trimmed.dropFirst("openai/".count))
         }
-        if let codexRange = trimmed.range(of: "-codex") {
-            let base = String(trimmed[..<codexRange.lowerBound])
-            if self.codex[base] != nil { return base }
+
+        if self.codex[trimmed] != nil {
+            return trimmed
+        }
+
+        if let datedSuffix = trimmed.range(of: #"-\d{4}-\d{2}-\d{2}$"#, options: .regularExpression) {
+            let base = String(trimmed[..<datedSuffix.lowerBound])
+            if self.codex[base] != nil {
+                return base
+            }
         }
         return trimmed
     }
 
+    static func codexDisplayLabel(model: String) -> String? {
+        let key = self.normalizeCodexModel(model)
+        return self.codex[key]?.displayLabel
+    }
+
     static func normalizeClaudeModel(_ raw: String) -> String {
         var trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
         if trimmed.hasPrefix("anthropic.") {
@@ -205,14 +393,110 @@ enum CostUsagePricing {
         return trimmed
     }
 
-    static func codexCostUSD(model: String, inputTokens: Int, cachedInputTokens: Int, outputTokens: Int) -> Double? {
+    static func codexCostUSD(
+        model: String,
+        inputTokens: Int,
+        cachedInputTokens: Int,
+        outputTokens: Int,
+        modelsDevCatalog: ModelsDevCatalog? = nil,
+        modelsDevCacheRoot: URL? = nil) -> Double?
+    {
         let key = self.normalizeCodexModel(model)
+        if let lookup = self.modelsDevLookup(
+            providerID: self.codexModelsDevProviderID,
+            model: model,
+            catalog: modelsDevCatalog,
+            cacheRoot: modelsDevCacheRoot)
+        {
+            return self.codexCostUSD(
+                pricing: lookup.pricing,
+                thresholdTokens: self.codex[key]?.thresholdTokens,
+                inputTokens: inputTokens,
+                cachedInputTokens: cachedInputTokens,
+                outputTokens: outputTokens)
+        }
+
         guard let pricing = self.codex[key] else { return nil }
+        return self.codexCostUSD(
+            pricing: pricing,
+            inputTokens: inputTokens,
+            cachedInputTokens: cachedInputTokens,
+            outputTokens: outputTokens)
+    }
+
+    static func codexPriorityCostUSD(
+        model: String,
+        inputTokens: Int,
+        cachedInputTokens: Int = 0,
+        outputTokens: Int) -> Double?
+    {
+        let key = self.normalizeCodexModel(model)
+        guard let pricing = self.codex[key],
+              let priorityInputCostPerToken = pricing.priorityInputCostPerToken,
+              let priorityOutputCostPerToken = pricing.priorityOutputCostPerToken
+        else { return nil }
+        if max(0, inputTokens) > self.codexPriorityInputTokenLimit {
+            return nil
+        }
+
+        let priorityPricing = CodexPricing(
+            inputCostPerToken: priorityInputCostPerToken,
+            outputCostPerToken: priorityOutputCostPerToken,
+            cacheReadInputCostPerToken: pricing.priorityCacheReadInputCostPerToken,
+            displayLabel: nil)
+        return self.codexCostUSD(
+            pricing: priorityPricing,
+            inputTokens: inputTokens,
+            cachedInputTokens: cachedInputTokens,
+            outputTokens: outputTokens)
+    }
+
+    private static func codexCostUSD(
+        pricing: CodexPricing,
+        inputTokens: Int,
+        cachedInputTokens: Int,
+        outputTokens: Int) -> Double
+    {
         let cached = min(max(0, cachedInputTokens), max(0, inputTokens))
         let nonCached = max(0, inputTokens - cached)
-        return Double(nonCached) * pricing.inputCostPerToken
-            + Double(cached) * pricing.cacheReadInputCostPerToken
-            + Double(max(0, outputTokens)) * pricing.outputCostPerToken
+        let cachedRate = pricing.cacheReadInputCostPerToken ?? pricing.inputCostPerToken
+
+        let usesLongContextRates = pricing.thresholdTokens.map { max(0, inputTokens) > $0 } ?? false
+        let inputRate = usesLongContextRates
+            ? pricing.inputCostPerTokenAboveThreshold ?? pricing.inputCostPerToken
+            : pricing.inputCostPerToken
+        let cachedInputRate = usesLongContextRates
+            ? pricing.cacheReadInputCostPerTokenAboveThreshold ?? cachedRate
+            : cachedRate
+        let outputRate = usesLongContextRates
+            ? pricing.outputCostPerTokenAboveThreshold ?? pricing.outputCostPerToken
+            : pricing.outputCostPerToken
+
+        return (Double(nonCached) * inputRate)
+            + (Double(cached) * cachedInputRate)
+            + (Double(max(0, outputTokens)) * outputRate)
+    }
+
+    private static func codexCostUSD(
+        pricing: ModelsDevPricingInfo,
+        thresholdTokens: Int? = nil,
+        inputTokens: Int,
+        cachedInputTokens: Int,
+        outputTokens: Int) -> Double
+    {
+        self.codexCostUSD(
+            pricing: CodexPricing(
+                inputCostPerToken: pricing.inputCostPerToken,
+                outputCostPerToken: pricing.outputCostPerToken,
+                cacheReadInputCostPerToken: pricing.cacheReadInputCostPerToken,
+                displayLabel: nil,
+                thresholdTokens: thresholdTokens ?? pricing.thresholdTokens,
+                inputCostPerTokenAboveThreshold: pricing.inputCostPerTokenAboveThreshold,
+                outputCostPerTokenAboveThreshold: pricing.outputCostPerTokenAboveThreshold,
+                cacheReadInputCostPerTokenAboveThreshold: pricing.cacheReadInputCostPerTokenAboveThreshold),
+            inputTokens: inputTokens,
+            cachedInputTokens: cachedInputTokens,
+            outputTokens: outputTokens)
     }
 
     static func claudeCostUSD(
@@ -220,11 +504,41 @@ enum CostUsagePricing {
         inputTokens: Int,
         cacheReadInputTokens: Int,
         cacheCreationInputTokens: Int,
-        outputTokens: Int) -> Double?
+        outputTokens: Int,
+        modelsDevCatalog: ModelsDevCatalog? = nil,
+        modelsDevCacheRoot: URL? = nil) -> Double?
     {
+        if let lookup = self.modelsDevLookup(
+            providerID: self.claudeModelsDevProviderID,
+            model: model,
+            catalog: modelsDevCatalog,
+            cacheRoot: modelsDevCacheRoot)
+        {
+            return self.claudeCostUSD(
+                pricing: lookup.pricing,
+                inputTokens: inputTokens,
+                cacheReadInputTokens: cacheReadInputTokens,
+                cacheCreationInputTokens: cacheCreationInputTokens,
+                outputTokens: outputTokens)
+        }
+
         let key = self.normalizeClaudeModel(model)
         guard let pricing = self.claude[key] else { return nil }
+        return self.claudeCostUSD(
+            pricing: pricing,
+            inputTokens: inputTokens,
+            cacheReadInputTokens: cacheReadInputTokens,
+            cacheCreationInputTokens: cacheCreationInputTokens,
+            outputTokens: outputTokens)
+    }
 
+    private static func claudeCostUSD(
+        pricing: ClaudePricing,
+        inputTokens: Int,
+        cacheReadInputTokens: Int,
+        cacheCreationInputTokens: Int,
+        outputTokens: Int) -> Double
+    {
         func tiered(_ tokens: Int, base: Double, above: Double?, threshold: Int?) -> Double {
             guard let threshold, let above else { return Double(tokens) * base }
             let below = min(tokens, threshold)
@@ -253,4 +567,48 @@ enum CostUsagePricing {
                 above: pricing.outputCostPerTokenAboveThreshold,
                 threshold: pricing.thresholdTokens)
     }
+
+    private static func claudeCostUSD(
+        pricing: ModelsDevPricingInfo,
+        inputTokens: Int,
+        cacheReadInputTokens: Int,
+        cacheCreationInputTokens: Int,
+        outputTokens: Int) -> Double
+    {
+        self.claudeCostUSD(
+            pricing: ClaudePricing(
+                inputCostPerToken: pricing.inputCostPerToken,
+                outputCostPerToken: pricing.outputCostPerToken,
+                cacheCreationInputCostPerToken: pricing.cacheCreationInputCostPerToken ?? pricing.inputCostPerToken,
+                cacheReadInputCostPerToken: pricing.cacheReadInputCostPerToken ?? pricing.inputCostPerToken,
+                thresholdTokens: pricing.thresholdTokens,
+                inputCostPerTokenAboveThreshold: pricing.inputCostPerTokenAboveThreshold,
+                outputCostPerTokenAboveThreshold: pricing.outputCostPerTokenAboveThreshold,
+                cacheCreationInputCostPerTokenAboveThreshold: pricing.cacheCreationInputCostPerTokenAboveThreshold,
+                cacheReadInputCostPerTokenAboveThreshold: pricing.cacheReadInputCostPerTokenAboveThreshold),
+            inputTokens: inputTokens,
+            cacheReadInputTokens: cacheReadInputTokens,
+            cacheCreationInputTokens: cacheCreationInputTokens,
+            outputTokens: outputTokens)
+    }
+
+    static func modelsDevCatalog(now: Date = Date(), cacheRoot: URL? = nil) -> ModelsDevCatalog? {
+        ModelsDevCache.load(now: now, cacheRoot: cacheRoot).artifact?.catalog
+    }
+
+    private static func modelsDevLookup(
+        providerID: String,
+        model: String,
+        catalog: ModelsDevCatalog?,
+        cacheRoot: URL?) -> ModelsDevPricingLookup?
+    {
+        if let catalog {
+            return catalog.pricing(providerID: providerID, modelID: model)
+        }
+
+        return ModelsDevPricingPipeline.lookup(
+            providerID: providerID,
+            modelID: model,
+            cacheRoot: cacheRoot)
+    }
 }
diff --git a/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+CacheHelpers.swift b/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+CacheHelpers.swift
new file mode 100644
index 000000000..64d351eb9
--- /dev/null
+++ b/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+CacheHelpers.swift
@@ -0,0 +1,1197 @@
+import Foundation
+
+extension CostUsageScanner {
+    static func codexRowsByDayModel(
+        cache: CostUsageCache,
+        range: CostUsageDayRange) -> [String: [String: [CodexUsageRow]]]
+    {
+        var rowsByDayModel: [String: [String: [CodexUsageRow]]] = [:]
+        for usage in cache.files.values {
+            for row in usage.codexRows ?? [] {
+                guard CostUsageDayRange.isInRange(dayKey: row.day, since: range.sinceKey, until: range.untilKey)
+                else { continue }
+                rowsByDayModel[row.day, default: [:]][row.model, default: []].append(row)
+            }
+        }
+        return rowsByDayModel
+    }
+
+    static func codexRowsByDayModel(
+        rows: [CodexUsageRow],
+        range: CostUsageDayRange) -> [String: [String: [CodexUsageRow]]]
+    {
+        var rowsByDayModel: [String: [String: [CodexUsageRow]]] = [:]
+        for row in rows {
+            guard CostUsageDayRange.isInRange(dayKey: row.day, since: range.sinceKey, until: range.untilKey)
+            else { continue }
+            rowsByDayModel[row.day, default: [:]][row.model, default: []].append(row)
+        }
+        return rowsByDayModel
+    }
+
+    static func codexCostNanosByDayModel(
+        cache: CostUsageCache,
+        range: CostUsageDayRange) -> [String: [String: Int64]]
+    {
+        self.codexNanosByDayModel(cache: cache, range: range) { $0.codexCostNanos }
+    }
+
+    static func codexPrioritySurchargeNanosByDayModel(
+        cache: CostUsageCache,
+        range: CostUsageDayRange) -> [String: [String: Int64]]
+    {
+        self.codexNanosByDayModel(cache: cache, range: range) { $0.codexPrioritySurchargeNanos }
+    }
+
+    static func codexStandardCostNanosByDayModel(
+        cache: CostUsageCache,
+        range: CostUsageDayRange) -> [String: [String: Int64]]
+    {
+        self.codexNanosByDayModel(cache: cache, range: range) { $0.codexStandardCostNanos }
+    }
+
+    static func codexPriorityCostNanosByDayModel(
+        cache: CostUsageCache,
+        range: CostUsageDayRange) -> [String: [String: Int64]]
+    {
+        self.codexNanosByDayModel(cache: cache, range: range) { $0.codexPriorityCostNanos }
+    }
+
+    static func codexStandardTokensByDayModel(
+        cache: CostUsageCache,
+        range: CostUsageDayRange) -> [String: [String: Int]]
+    {
+        self.codexIntByDayModel(cache: cache, range: range) { $0.codexStandardTokens }
+    }
+
+    static func codexPriorityTokensByDayModel(
+        cache: CostUsageCache,
+        range: CostUsageDayRange) -> [String: [String: Int]]
+    {
+        self.codexIntByDayModel(cache: cache, range: range) { $0.codexPriorityTokens }
+    }
+
+    static func codexNanosByDayModel(
+        cache: CostUsageCache,
+        range: CostUsageDayRange,
+        keyPath: (CostUsageFileUsage) -> [String: [String: Int64]]?) -> [String: [String: Int64]]
+    {
+        var out: [String: [String: Int64]] = [:]
+        for usage in cache.files.values {
+            for (day, models) in keyPath(usage) ?? [:] {
+                guard CostUsageDayRange.isInRange(dayKey: day, since: range.sinceKey, until: range.untilKey)
+                else { continue }
+                for (model, value) in models {
+                    out[day, default: [:]][model, default: 0] += value
+                }
+            }
+        }
+        return out
+    }
+
+    static func codexIntByDayModel(
+        cache: CostUsageCache,
+        range: CostUsageDayRange,
+        keyPath: (CostUsageFileUsage) -> [String: [String: Int]]?) -> [String: [String: Int]]
+    {
+        var out: [String: [String: Int]] = [:]
+        for usage in cache.files.values {
+            for (day, models) in keyPath(usage) ?? [:] {
+                guard CostUsageDayRange.isInRange(dayKey: day, since: range.sinceKey, until: range.untilKey)
+                else { continue }
+                for (model, value) in models {
+                    out[day, default: [:]][model, default: 0] += value
+                }
+            }
+        }
+        return out
+    }
+
+    static func codexRowsCostUSD(
+        rows: [CodexUsageRow],
+        modelsDevCatalog: ModelsDevCatalog?,
+        modelsDevCacheRoot: URL?) -> Double?
+    {
+        var total: Double = 0
+        var seen = false
+        for row in rows {
+            guard let cost = CostUsagePricing.codexCostUSD(
+                model: row.model,
+                inputTokens: row.input,
+                cachedInputTokens: row.cached,
+                outputTokens: row.output,
+                modelsDevCatalog: modelsDevCatalog,
+                modelsDevCacheRoot: modelsDevCacheRoot)
+            else { continue }
+            total += cost
+            seen = true
+        }
+        return seen ? total : nil
+    }
+
+    static func codexPrioritySurchargeUSD(
+        rows: [CodexUsageRow],
+        priorityTurns: [String: CodexPriorityTurnMetadata],
+        modelsDevCatalog: ModelsDevCatalog?,
+        modelsDevCacheRoot: URL?) -> Double?
+    {
+        var total: Double = 0
+        var seen = false
+        for row in rows {
+            guard let turnID = row.turnID, let priorityMetadata = priorityTurns[turnID] else { continue }
+            let pricedModel = Self.codexPriorityPricingModel(for: row, priorityMetadata: priorityMetadata)
+            guard let baseCost = CostUsagePricing.codexCostUSD(
+                model: pricedModel,
+                inputTokens: row.input,
+                cachedInputTokens: row.cached,
+                outputTokens: row.output,
+                modelsDevCatalog: modelsDevCatalog,
+                modelsDevCacheRoot: modelsDevCacheRoot),
+                let priorityCost = CostUsagePricing.codexPriorityCostUSD(
+                    model: pricedModel,
+                    inputTokens: row.input,
+                    cachedInputTokens: row.cached,
+                    outputTokens: row.output)
+            else { continue }
+            total += max(priorityCost - baseCost, 0)
+            seen = true
+        }
+        return seen ? total : nil
+    }
+
+    private static func codexPriorityPricingModel(
+        for row: CodexUsageRow,
+        priorityMetadata: CodexPriorityTurnMetadata) -> String
+    {
+        guard let model = priorityMetadata.model,
+              CostUsagePricing.codexPriorityCostUSD(
+                  model: model,
+                  inputTokens: row.input,
+                  cachedInputTokens: row.cached,
+                  outputTokens: row.output) != nil
+        else { return row.model }
+        return model
+    }
+
+    struct CodexRowCostBreakdown {
+        var standardCostUSD: Double = 0
+        var priorityCostUSD: Double = 0
+        var standardTokens: Int = 0
+        var priorityTokens: Int = 0
+        var sawStandardCost = false
+        var sawPriorityCost = false
+
+        var optionalStandardCostUSD: Double? {
+            self.sawStandardCost ? self.standardCostUSD : nil
+        }
+
+        var optionalPriorityCostUSD: Double? {
+            self.sawPriorityCost ? self.priorityCostUSD : nil
+        }
+
+        var optionalStandardTokens: Int? {
+            self.standardTokens > 0 ? self.standardTokens : nil
+        }
+
+        var optionalPriorityTokens: Int? {
+            self.priorityTokens > 0 ? self.priorityTokens : nil
+        }
+
+        var totalCostUSD: Double? {
+            guard self.sawStandardCost || self.sawPriorityCost else { return nil }
+            return self.standardCostUSD + self.priorityCostUSD
+        }
+
+        var hasModeSplit: Bool {
+            self.sawPriorityCost || self.priorityTokens > 0
+        }
+    }
+
+    static func codexRowCostBreakdown(
+        rows: [CodexUsageRow],
+        priorityTurns: [String: CodexPriorityTurnMetadata],
+        modelsDevCatalog: ModelsDevCatalog?,
+        modelsDevCacheRoot: URL?) -> CodexRowCostBreakdown
+    {
+        var breakdown = CodexRowCostBreakdown()
+        for row in rows {
+            let tokenCount = row.input + row.output
+            let priorityMetadata = row.turnID.flatMap { priorityTurns[$0] }
+            let isPriority = priorityMetadata != nil
+            if isPriority {
+                breakdown.priorityTokens += tokenCount
+            } else {
+                breakdown.standardTokens += tokenCount
+            }
+            let pricedModel = priorityMetadata.map { Self.codexPriorityPricingModel(for: row, priorityMetadata: $0) }
+                ?? row.model
+
+            let baseCost = CostUsagePricing.codexCostUSD(
+                model: pricedModel,
+                inputTokens: row.input,
+                cachedInputTokens: row.cached,
+                outputTokens: row.output,
+                modelsDevCatalog: modelsDevCatalog,
+                modelsDevCacheRoot: modelsDevCacheRoot)
+            if isPriority, let priorityCost = CostUsagePricing.codexPriorityCostUSD(
+                model: pricedModel,
+                inputTokens: row.input,
+                cachedInputTokens: row.cached,
+                outputTokens: row.output)
+            {
+                breakdown.priorityCostUSD += max(priorityCost, baseCost ?? priorityCost)
+                breakdown.sawPriorityCost = true
+            } else if isPriority, let baseCost {
+                breakdown.priorityCostUSD += baseCost
+                breakdown.sawPriorityCost = true
+            } else if let baseCost {
+                breakdown.standardCostUSD += baseCost
+                breakdown.sawStandardCost = true
+            }
+        }
+        return breakdown
+    }
+
+    // MARK: - File cache construction
+
+    static func makeFileUsage(
+        mtimeUnixMs: Int64,
+        size: Int64,
+        days: [String: [String: [Int]]],
+        parsedBytes: Int64?,
+        lastModel: String? = nil,
+        lastTotals: CostUsageCodexTotals? = nil,
+        lastCountedTotals: CostUsageCodexTotals? = nil,
+        lastRawTotalsBaseline: CostUsageCodexTotals? = nil,
+        hasDivergentTotals: Bool? = nil,
+        lastCodexTurnID: String? = nil,
+        sessionId: String? = nil,
+        forkedFromId: String? = nil,
+        codexCostNanos: [String: [String: Int64]]? = nil,
+        codexPrioritySurchargeNanos: [String: [String: Int64]]? = nil,
+        codexStandardCostNanos: [String: [String: Int64]]? = nil,
+        codexPriorityCostNanos: [String: [String: Int64]]? = nil,
+        codexStandardTokens: [String: [String: Int]]? = nil,
+        codexPriorityTokens: [String: [String: Int]]? = nil,
+        codexTurnIDs: [String]? = nil,
+        codexRows: [CodexUsageRow]? = nil,
+        claudeRows: [ClaudeUsageRow]? = nil) -> CostUsageFileUsage
+    {
+        CostUsageFileUsage(
+            mtimeUnixMs: mtimeUnixMs,
+            size: size,
+            days: days,
+            parsedBytes: parsedBytes,
+            lastModel: lastModel,
+            lastTotals: lastTotals,
+            lastCountedTotals: lastCountedTotals,
+            lastRawTotalsBaseline: lastRawTotalsBaseline,
+            hasDivergentTotals: hasDivergentTotals,
+            lastCodexTurnID: lastCodexTurnID,
+            sessionId: sessionId,
+            forkedFromId: forkedFromId,
+            codexCostNanos: codexCostNanos,
+            codexPrioritySurchargeNanos: codexPrioritySurchargeNanos,
+            codexStandardCostNanos: codexStandardCostNanos,
+            codexPriorityCostNanos: codexPriorityCostNanos,
+            codexStandardTokens: codexStandardTokens,
+            codexPriorityTokens: codexPriorityTokens,
+            codexTurnIDs: codexTurnIDs,
+            codexRows: codexRows,
+            claudeRows: claudeRows)
+    }
+
+    static func needsCodexCostCache(_ usage: CostUsageFileUsage) -> Bool {
+        !(usage.codexRows?.isEmpty ?? true)
+            && (usage.codexCostNanos == nil || self.needsCodexModeSplitCache(usage))
+    }
+
+    static func needsCodexCostCache(_ usage: CostUsageFileUsage, range: CostUsageDayRange) -> Bool {
+        guard let rows = usage.codexRows, !rows.isEmpty else { return false }
+        return rows.contains {
+            CostUsageDayRange.isInRange(dayKey: $0.day, since: range.sinceKey, until: range.untilKey)
+        } && (usage.codexCostNanos == nil || Self.needsCodexModeSplitCache(usage))
+    }
+
+    static func needsCodexModeSplitCache(_ usage: CostUsageFileUsage) -> Bool {
+        usage.codexStandardCostNanos == nil
+            || usage.codexPriorityCostNanos == nil
+            || usage.codexStandardTokens == nil
+            || usage.codexPriorityTokens == nil
+    }
+
+    static func codexFileUsageWithCostCache(
+        _ usage: CostUsageFileUsage,
+        context: CodexFileScanContext) -> CostUsageFileUsage
+    {
+        guard let rows = usage.codexRows, !rows.isEmpty else { return usage }
+        var migratedRows: [CodexUsageRow] = []
+        var retainedRows: [CodexUsageRow] = []
+        for row in rows {
+            if CostUsageDayRange.isInRange(
+                dayKey: row.day,
+                since: context.range.scanSinceKey,
+                until: context.range.scanUntilKey)
+            {
+                migratedRows.append(row)
+            } else {
+                retainedRows.append(row)
+            }
+        }
+        guard !migratedRows.isEmpty else { return usage }
+
+        let splitMaps = Self.codexModeSplitMaps(
+            rows: migratedRows,
+            range: context.range,
+            priorityTurns: context.resources.priorityTurns,
+            modelsDevCatalog: context.resources.modelsDevCatalog,
+            modelsDevCacheRoot: context.resources.modelsDevCacheRoot)
+        var updated = usage
+        updated.codexCostNanos = Self.mergeMissingCostMaps(
+            usage.codexCostNanos,
+            Self.codexCostNanos(
+                rows: migratedRows,
+                range: context.range,
+                modelsDevCatalog: context.resources.modelsDevCatalog,
+                modelsDevCacheRoot: context.resources.modelsDevCacheRoot))
+        updated.codexPrioritySurchargeNanos = Self.mergeMissingCostMaps(
+            usage.codexPrioritySurchargeNanos,
+            Self.codexPrioritySurchargeNanos(
+                rows: migratedRows,
+                range: context.range,
+                priorityTurns: context.resources.priorityTurns,
+                modelsDevCatalog: context.resources.modelsDevCatalog,
+                modelsDevCacheRoot: context.resources.modelsDevCacheRoot))
+        updated.codexStandardCostNanos = Self.mergeMissingCostMaps(
+            usage.codexStandardCostNanos,
+            splitMaps.standardCostNanos)
+        updated.codexPriorityCostNanos = Self.mergeMissingCostMaps(
+            usage.codexPriorityCostNanos,
+            splitMaps.priorityCostNanos)
+        updated.codexStandardTokens = Self.mergeMissingIntMaps(
+            usage.codexStandardTokens,
+            splitMaps.standardTokens)
+        updated.codexPriorityTokens = Self.mergeMissingIntMaps(
+            usage.codexPriorityTokens,
+            splitMaps.priorityTokens)
+        updated.codexTurnIDs = Self.mergeCodexTurnIDs(usage.codexTurnIDs, rows: migratedRows)
+        updated.codexRows = retainedRows.isEmpty ? nil : retainedRows
+        return updated
+    }
+
+    static func codexMergedCostMap(
+        _ existing: [String: [String: Int64]]?,
+        deltaRows: [CodexUsageRow],
+        context: CodexFileScanContext) -> [String: [String: Int64]]?
+    {
+        self.mergeCostMaps(
+            existing,
+            self.codexCostNanos(
+                rows: deltaRows,
+                range: context.range,
+                modelsDevCatalog: context.resources.modelsDevCatalog,
+                modelsDevCacheRoot: context.resources.modelsDevCacheRoot))
+    }
+
+    static func codexMergedPrioritySurchargeMap(
+        _ existing: [String: [String: Int64]]?,
+        deltaRows: [CodexUsageRow],
+        context: CodexFileScanContext) -> [String: [String: Int64]]?
+    {
+        self.mergeCostMaps(
+            existing,
+            self.codexPrioritySurchargeNanos(
+                rows: deltaRows,
+                range: context.range,
+                priorityTurns: context.resources.priorityTurns,
+                modelsDevCatalog: context.resources.modelsDevCatalog,
+                modelsDevCacheRoot: context.resources.modelsDevCacheRoot))
+    }
+
+    static func codexCostNanos(
+        rows: [CodexUsageRow],
+        range: CostUsageDayRange,
+        modelsDevCatalog: ModelsDevCatalog?,
+        modelsDevCacheRoot: URL?) -> [String: [String: Int64]]?
+    {
+        let rowsByDayModel = Self.codexRowsByDayModel(rows: rows, range: range)
+        var out: [String: [String: Int64]] = [:]
+        for (day, models) in rowsByDayModel {
+            for (model, rows) in models {
+                guard let cost = Self.codexRowsCostUSD(
+                    rows: rows,
+                    modelsDevCatalog: modelsDevCatalog,
+                    modelsDevCacheRoot: modelsDevCacheRoot)
+                else { continue }
+                out[day, default: [:]][model] = Int64((cost * Self.costScale).rounded())
+            }
+        }
+        return out.isEmpty ? nil : out
+    }
+
+    static func codexPrioritySurchargeNanos(
+        rows: [CodexUsageRow],
+        range: CostUsageDayRange,
+        priorityTurns: [String: CodexPriorityTurnMetadata],
+        modelsDevCatalog: ModelsDevCatalog?,
+        modelsDevCacheRoot: URL?) -> [String: [String: Int64]]?
+    {
+        guard !priorityTurns.isEmpty else { return nil }
+        let rowsByDayModel = Self.codexRowsByDayModel(rows: rows, range: range)
+        var out: [String: [String: Int64]] = [:]
+        for (day, models) in rowsByDayModel {
+            for (model, rows) in models {
+                guard let surcharge = Self.codexPrioritySurchargeUSD(
+                    rows: rows,
+                    priorityTurns: priorityTurns,
+                    modelsDevCatalog: modelsDevCatalog,
+                    modelsDevCacheRoot: modelsDevCacheRoot)
+                else { continue }
+                out[day, default: [:]][model] = Int64((surcharge * Self.costScale).rounded())
+            }
+        }
+        return out.isEmpty ? nil : out
+    }
+
+    static func codexModeSplitMaps(
+        rows: [CodexUsageRow],
+        range: CostUsageDayRange,
+        priorityTurns: [String: CodexPriorityTurnMetadata],
+        modelsDevCatalog: ModelsDevCatalog?,
+        modelsDevCacheRoot: URL?) -> (
+        standardCostNanos: [String: [String: Int64]]?,
+        priorityCostNanos: [String: [String: Int64]]?,
+        standardTokens: [String: [String: Int]]?,
+        priorityTokens: [String: [String: Int]]?)
+    {
+        var standardCostNanos: [String: [String: Int64]] = [:]
+        var priorityCostNanos: [String: [String: Int64]] = [:]
+        var standardTokens: [String: [String: Int]] = [:]
+        var priorityTokens: [String: [String: Int]] = [:]
+
+        for row in rows {
+            guard CostUsageDayRange.isInRange(dayKey: row.day, since: range.sinceKey, until: range.untilKey)
+            else { continue }
+
+            let tokenCount = row.input + row.output
+            let priorityMetadata = row.turnID.flatMap { priorityTurns[$0] }
+            let pricedModel = priorityMetadata.map { Self.codexPriorityPricingModel(for: row, priorityMetadata: $0) }
+                ?? row.model
+            let isPriority = priorityMetadata != nil
+
+            if isPriority {
+                priorityTokens[row.day, default: [:]][row.model, default: 0] += tokenCount
+            } else {
+                standardTokens[row.day, default: [:]][row.model, default: 0] += tokenCount
+            }
+
+            let baseCost = CostUsagePricing.codexCostUSD(
+                model: pricedModel,
+                inputTokens: row.input,
+                cachedInputTokens: row.cached,
+                outputTokens: row.output,
+                modelsDevCatalog: modelsDevCatalog,
+                modelsDevCacheRoot: modelsDevCacheRoot)
+
+            if isPriority, let priorityCost = CostUsagePricing.codexPriorityCostUSD(
+                model: pricedModel,
+                inputTokens: row.input,
+                cachedInputTokens: row.cached,
+                outputTokens: row.output)
+            {
+                priorityCostNanos[row.day, default: [:]][row.model, default: 0] += Int64(
+                    (max(priorityCost, baseCost ?? priorityCost) * Self.costScale).rounded())
+            } else if isPriority, let baseCost {
+                priorityCostNanos[row.day, default: [:]][row.model, default: 0] += Int64(
+                    (baseCost * Self.costScale).rounded())
+            } else if let baseCost {
+                standardCostNanos[row.day, default: [:]][row.model, default: 0] += Int64(
+                    (baseCost * Self.costScale).rounded())
+            }
+        }
+
+        return (
+            standardCostNanos.isEmpty ? nil : standardCostNanos,
+            priorityCostNanos.isEmpty ? nil : priorityCostNanos,
+            standardTokens.isEmpty ? nil : standardTokens,
+            priorityTokens.isEmpty ? nil : priorityTokens)
+    }
+
+    static func codexTurnIDs(rows: [CodexUsageRow]) -> [String]? {
+        let ids = Set(rows.compactMap(\.turnID))
+        return ids.sorted()
+    }
+
+    static func mergeCodexTurnIDs(_ existing: [String]?, rows: [CodexUsageRow]) -> [String]? {
+        var ids = Set(existing ?? [])
+        ids.formUnion(rows.compactMap(\.turnID))
+        return ids.sorted()
+    }
+
+    static func mergeCostMaps(
+        _ existing: [String: [String: Int64]]?,
+        _ delta: [String: [String: Int64]]?) -> [String: [String: Int64]]?
+    {
+        var out = existing ?? [:]
+        for (day, models) in delta ?? [:] {
+            for (model, value) in models {
+                out[day, default: [:]][model, default: 0] += value
+            }
+        }
+        return out.isEmpty ? nil : out
+    }
+
+    static func mergeMissingCostMaps(
+        _ existing: [String: [String: Int64]]?,
+        _ delta: [String: [String: Int64]]?) -> [String: [String: Int64]]?
+    {
+        var out = existing ?? [:]
+        for (day, models) in delta ?? [:] {
+            for (model, value) in models where out[day]?[model] == nil {
+                out[day, default: [:]][model] = value
+            }
+        }
+        return out.isEmpty ? nil : out
+    }
+
+    static func mergeIntMaps(
+        _ existing: [String: [String: Int]]?,
+        _ delta: [String: [String: Int]]?) -> [String: [String: Int]]?
+    {
+        var out = existing ?? [:]
+        for (day, models) in delta ?? [:] {
+            for (model, value) in models {
+                out[day, default: [:]][model, default: 0] += value
+            }
+        }
+        return out.isEmpty ? nil : out
+    }
+
+    static func mergeMissingIntMaps(
+        _ existing: [String: [String: Int]]?,
+        _ delta: [String: [String: Int]]?) -> [String: [String: Int]]?
+    {
+        var out = existing ?? [:]
+        for (day, models) in delta ?? [:] {
+            for (model, value) in models where out[day]?[model] == nil {
+                out[day, default: [:]][model] = value
+            }
+        }
+        return out.isEmpty ? nil : out
+    }
+
+    static func costMapOutsideScanWindow(
+        _ map: [String: [String: Int64]]?,
+        range: CostUsageDayRange) -> [String: [String: Int64]]?
+    {
+        let filtered = (map ?? [:]).filter {
+            !CostUsageDayRange.isInRange(dayKey: $0.key, since: range.scanSinceKey, until: range.scanUntilKey)
+        }
+        return filtered.isEmpty ? nil : filtered
+    }
+
+    static func intMapOutsideScanWindow(
+        _ map: [String: [String: Int]]?,
+        range: CostUsageDayRange) -> [String: [String: Int]]?
+    {
+        let filtered = (map ?? [:]).filter {
+            !CostUsageDayRange.isInRange(dayKey: $0.key, since: range.scanSinceKey, until: range.scanUntilKey)
+        }
+        return filtered.isEmpty ? nil : filtered
+    }
+
+    // MARK: - File scan orchestration
+
+    struct CodexFileMetadata {
+        let path: String
+        let mtimeUnixMs: Int64
+        let size: Int64
+        let fileId: String?
+    }
+
+    struct CodexFileScanInput {
+        let fileURL: URL
+        let metadata: CodexFileMetadata
+        let cached: CostUsageFileUsage?
+    }
+
+    static func codexFileMetadata(fileURL: URL) -> CodexFileMetadata {
+        let path = fileURL.path
+        let attrs = (try? FileManager.default.attributesOfItem(atPath: path)) ?? [:]
+        let mtime = (attrs[.modificationDate] as? Date)?.timeIntervalSince1970 ?? 0
+        let size = (attrs[.size] as? NSNumber)?.int64Value ?? 0
+        return CodexFileMetadata(
+            path: path,
+            mtimeUnixMs: Int64(mtime * 1000),
+            size: size,
+            fileId: Self.fileIdentityString(fileURL: fileURL))
+    }
+
+    static func dropCachedCodexFile(
+        path: String,
+        cached: CostUsageFileUsage?,
+        cache: inout CostUsageCache)
+    {
+        if let cached {
+            self.applyFileDays(cache: &cache, fileDays: cached.days, sign: -1)
+        }
+        cache.files.removeValue(forKey: path)
+    }
+
+    static func rememberScannedCodexFile(
+        fileURL: URL,
+        metadata: CodexFileMetadata,
+        sessionId: String?,
+        context: CodexFileScanContext,
+        state: inout CodexScanState)
+    {
+        if let sessionId {
+            state.seenSessionIds.insert(sessionId)
+            context.resources.fileIndex.remember(fileURL: fileURL, sessionId: sessionId)
+        }
+        if let fileId = metadata.fileId {
+            state.seenFileIds.insert(fileId)
+        }
+    }
+
+    static func keepCachedCodexFileIfFresh(
+        input: CodexFileScanInput,
+        context: CodexFileScanContext,
+        cache: inout CostUsageCache,
+        state: inout CodexScanState) -> Bool
+    {
+        guard let cached = input.cached else { return false }
+        let needsSessionId = cached.sessionId == nil
+        guard cached.mtimeUnixMs == input.metadata.mtimeUnixMs,
+              cached.size == input.metadata.size,
+              !needsSessionId,
+              !context.forceFullScan
+        else { return false }
+
+        guard !Self.cachedCodexFileNeedsPriorityRescan(cached, context: context) else { return false }
+
+        if Self.needsCodexCostCache(cached, range: context.range) {
+            cache.files[input.metadata.path] = Self.codexFileUsageWithCostCache(cached, context: context)
+        }
+        Self.rememberScannedCodexFile(
+            fileURL: input.fileURL,
+            metadata: input.metadata,
+            sessionId: cached.sessionId,
+            context: context,
+            state: &state)
+        return true
+    }
+
+    static func cachedCodexFileNeedsPriorityRescan(
+        _ cached: CostUsageFileUsage,
+        context: CodexFileScanContext) -> Bool
+    {
+        if cached.codexTurnIDs == nil {
+            return context.requiresTurnIDCache
+        }
+        guard !context.changedPriorityTurnIDs.isEmpty else { return false }
+        return !(Set(cached.codexTurnIDs ?? []).isDisjoint(with: context.changedPriorityTurnIDs))
+    }
+
+    static func appendCodexFileIncrementIfPossible(
+        input: CodexFileScanInput,
+        context: CodexFileScanContext,
+        cache: inout CostUsageCache,
+        state: inout CodexScanState) throws -> Bool
+    {
+        try context.checkCancellation?()
+        guard let cached = input.cached, cached.sessionId != nil, !context.forceFullScan else { return false }
+        guard !Self.cachedCodexFileNeedsPriorityRescan(cached, context: context) else { return false }
+        let startOffset = cached.parsedBytes ?? cached.size
+        let initialCountedTotals = cached.lastCountedTotals ?? cached.lastTotals
+        let initialRawTotalsBaseline = cached.lastRawTotalsBaseline ?? cached.lastTotals
+        let canIncremental = input.metadata.size > cached.size && startOffset > 0
+            && startOffset <= input.metadata.size
+            && initialCountedTotals != nil
+            && cached.forkedFromId == nil
+        guard canIncremental else { return false }
+
+        let delta = try Self.parseCodexFileCancellable(
+            fileURL: input.fileURL,
+            range: context.range,
+            startOffset: startOffset,
+            initialModel: cached.lastModel,
+            initialTotals: initialCountedTotals,
+            initialRawTotalsBaseline: initialRawTotalsBaseline,
+            initialHasDivergentTotals: cached.hasDivergentTotals ?? (cached.lastTotals == nil),
+            initialCodexTurnID: cached.lastCodexTurnID,
+            checkCancellation: context.checkCancellation)
+        if delta.forkedFromId != nil {
+            return false
+        }
+        let sessionId = delta.sessionId ?? cached.sessionId
+        if let sessionId, state.seenSessionIds.contains(sessionId) {
+            Self.dropCachedCodexFile(path: input.metadata.path, cached: cached, cache: &cache)
+            return true
+        }
+
+        let migratedCached = Self.codexFileUsageWithCostCache(cached, context: context)
+        if !delta.days.isEmpty {
+            Self.applyFileDays(cache: &cache, fileDays: delta.days, sign: 1)
+        }
+
+        var mergedDays = migratedCached.days
+        Self.mergeFileDays(existing: &mergedDays, delta: delta.days)
+        let splitMaps = Self.codexModeSplitMaps(
+            rows: delta.rows,
+            range: context.range,
+            priorityTurns: context.resources.priorityTurns,
+            modelsDevCatalog: context.resources.modelsDevCatalog,
+            modelsDevCacheRoot: context.resources.modelsDevCacheRoot)
+        cache.files[input.metadata.path] = Self.makeFileUsage(
+            mtimeUnixMs: input.metadata.mtimeUnixMs,
+            size: input.metadata.size,
+            days: mergedDays,
+            parsedBytes: delta.parsedBytes,
+            lastModel: delta.lastModel,
+            lastTotals: delta.lastTotals,
+            lastCountedTotals: delta.lastCountedTotals,
+            lastRawTotalsBaseline: delta.lastRawTotalsBaseline,
+            hasDivergentTotals: delta.hasDivergentTotals,
+            lastCodexTurnID: delta.lastCodexTurnID,
+            sessionId: sessionId,
+            forkedFromId: delta.forkedFromId ?? migratedCached.forkedFromId,
+            codexCostNanos: Self.codexMergedCostMap(
+                migratedCached.codexCostNanos,
+                deltaRows: delta.rows,
+                context: context),
+            codexPrioritySurchargeNanos: Self.codexMergedPrioritySurchargeMap(
+                migratedCached.codexPrioritySurchargeNanos,
+                deltaRows: delta.rows,
+                context: context),
+            codexStandardCostNanos: Self.mergeCostMaps(
+                migratedCached.codexStandardCostNanos,
+                splitMaps.standardCostNanos),
+            codexPriorityCostNanos: Self.mergeCostMaps(
+                migratedCached.codexPriorityCostNanos,
+                splitMaps.priorityCostNanos),
+            codexStandardTokens: Self.mergeIntMaps(
+                migratedCached.codexStandardTokens,
+                splitMaps.standardTokens),
+            codexPriorityTokens: Self.mergeIntMaps(
+                migratedCached.codexPriorityTokens,
+                splitMaps.priorityTokens),
+            codexTurnIDs: Self.mergeCodexTurnIDs(migratedCached.codexTurnIDs, rows: delta.rows),
+            codexRows: migratedCached.codexRows)
+        Self.rememberScannedCodexFile(
+            fileURL: input.fileURL,
+            metadata: input.metadata,
+            sessionId: sessionId,
+            context: context,
+            state: &state)
+        return true
+    }
+
+    static func rescanCodexFile(
+        input: CodexFileScanInput,
+        context: CodexFileScanContext,
+        cache: inout CostUsageCache,
+        state: inout CodexScanState) throws
+    {
+        try context.checkCancellation?()
+        if let cached = input.cached {
+            self.applyFileDays(cache: &cache, fileDays: cached.days, sign: -1)
+        }
+        let migratedCached = input.cached.map { Self.codexFileUsageWithCostCache($0, context: context) }
+        var usageDays = context.dropDeferredCodexRows
+            ? [:]
+            : Self.fileDaysOutsideScanWindow(migratedCached?.days ?? [:], range: context.range)
+
+        let parsed = try Self.parseCodexFileCancellable(
+            fileURL: input.fileURL,
+            range: context.range,
+            inheritedTotalsResolver: context.resources.inheritedResolver.inheritedTotals(for:atOrBefore:),
+            checkCancellation: context.checkCancellation)
+        let sessionId = parsed.sessionId ?? input.cached?.sessionId
+        if let sessionId, state.seenSessionIds.contains(sessionId) {
+            cache.files.removeValue(forKey: input.metadata.path)
+            return
+        }
+        Self.mergeFileDays(existing: &usageDays, delta: parsed.days)
+        let splitMaps = Self.codexModeSplitMaps(
+            rows: parsed.rows,
+            range: context.range,
+            priorityTurns: context.resources.priorityTurns,
+            modelsDevCatalog: context.resources.modelsDevCatalog,
+            modelsDevCacheRoot: context.resources.modelsDevCacheRoot)
+
+        cache.files[input.metadata.path] = Self.makeFileUsage(
+            mtimeUnixMs: input.metadata.mtimeUnixMs,
+            size: input.metadata.size,
+            days: usageDays,
+            parsedBytes: parsed.parsedBytes,
+            lastModel: parsed.lastModel,
+            lastTotals: parsed.lastTotals,
+            lastCountedTotals: parsed.lastCountedTotals,
+            lastRawTotalsBaseline: parsed.lastRawTotalsBaseline,
+            hasDivergentTotals: parsed.hasDivergentTotals,
+            lastCodexTurnID: parsed.lastCodexTurnID,
+            sessionId: sessionId,
+            forkedFromId: parsed.forkedFromId,
+            codexCostNanos: Self.mergeCostMaps(
+                context.dropDeferredCodexRows
+                    ? nil
+                    : Self.costMapOutsideScanWindow(migratedCached?.codexCostNanos, range: context.range),
+                Self.codexCostNanos(
+                    rows: parsed.rows,
+                    range: context.range,
+                    modelsDevCatalog: context.resources.modelsDevCatalog,
+                    modelsDevCacheRoot: context.resources.modelsDevCacheRoot)),
+            codexPrioritySurchargeNanos: Self.mergeCostMaps(
+                context.dropDeferredCodexRows
+                    ? nil
+                    : Self.costMapOutsideScanWindow(migratedCached?.codexPrioritySurchargeNanos, range: context.range),
+                Self.codexPrioritySurchargeNanos(
+                    rows: parsed.rows,
+                    range: context.range,
+                    priorityTurns: context.resources.priorityTurns,
+                    modelsDevCatalog: context.resources.modelsDevCatalog,
+                    modelsDevCacheRoot: context.resources.modelsDevCacheRoot)),
+            codexStandardCostNanos: Self.mergeCostMaps(
+                context.dropDeferredCodexRows
+                    ? nil
+                    : Self.costMapOutsideScanWindow(migratedCached?.codexStandardCostNanos, range: context.range),
+                splitMaps.standardCostNanos),
+            codexPriorityCostNanos: Self.mergeCostMaps(
+                context.dropDeferredCodexRows
+                    ? nil
+                    : Self.costMapOutsideScanWindow(migratedCached?.codexPriorityCostNanos, range: context.range),
+                splitMaps.priorityCostNanos),
+            codexStandardTokens: Self.mergeIntMaps(
+                context.dropDeferredCodexRows
+                    ? nil
+                    : Self.intMapOutsideScanWindow(migratedCached?.codexStandardTokens, range: context.range),
+                splitMaps.standardTokens),
+            codexPriorityTokens: Self.mergeIntMaps(
+                context.dropDeferredCodexRows
+                    ? nil
+                    : Self.intMapOutsideScanWindow(migratedCached?.codexPriorityTokens, range: context.range),
+                splitMaps.priorityTokens),
+            codexTurnIDs: context.dropDeferredCodexRows
+                ? Self.codexTurnIDs(rows: parsed.rows)
+                : Self.mergeCodexTurnIDs(migratedCached?.codexTurnIDs, rows: parsed.rows),
+            codexRows: context.dropDeferredCodexRows ? nil : migratedCached?.codexRows)
+        Self.applyFileDays(cache: &cache, fileDays: cache.files[input.metadata.path]?.days ?? [:], sign: 1)
+        Self.rememberScannedCodexFile(
+            fileURL: input.fileURL,
+            metadata: input.metadata,
+            sessionId: sessionId,
+            context: context,
+            state: &state)
+    }
+
+    static func mergeFileDays(
+        existing: inout [String: [String: [Int]]],
+        delta: [String: [String: [Int]]])
+    {
+        for (day, models) in delta {
+            var dayModels = existing[day] ?? [:]
+            for (model, packed) in models {
+                let existingPacked = dayModels[model] ?? []
+                let merged = self.addPacked(a: existingPacked, b: packed, sign: 1)
+                if merged.allSatisfy({ $0 == 0 }) {
+                    dayModels.removeValue(forKey: model)
+                } else {
+                    dayModels[model] = merged
+                }
+            }
+
+            if dayModels.isEmpty {
+                existing.removeValue(forKey: day)
+            } else {
+                existing[day] = dayModels
+            }
+        }
+    }
+
+    static func fileDaysOutsideScanWindow(
+        _ days: [String: [String: [Int]]],
+        range: CostUsageDayRange) -> [String: [String: [Int]]]
+    {
+        days.filter {
+            !CostUsageDayRange.isInRange(dayKey: $0.key, since: range.scanSinceKey, until: range.scanUntilKey)
+        }
+    }
+
+    static func applyFileDays(cache: inout CostUsageCache, fileDays: [String: [String: [Int]]], sign: Int) {
+        for (day, models) in fileDays {
+            var dayModels = cache.days[day] ?? [:]
+            for (model, packed) in models {
+                let existing = dayModels[model] ?? []
+                let merged = self.addPacked(a: existing, b: packed, sign: sign)
+                if merged.allSatisfy({ $0 == 0 }) {
+                    dayModels.removeValue(forKey: model)
+                } else {
+                    dayModels[model] = merged
+                }
+            }
+
+            if dayModels.isEmpty {
+                cache.days.removeValue(forKey: day)
+            } else {
+                cache.days[day] = dayModels
+            }
+        }
+    }
+
+    static func pruneDays(cache: inout CostUsageCache, sinceKey: String, untilKey: String) {
+        for key in cache.days.keys where !CostUsageDayRange.isInRange(dayKey: key, since: sinceKey, until: untilKey) {
+            cache.days.removeValue(forKey: key)
+        }
+    }
+
+    static func pruneForceRescanFilesOutsideWindow(
+        cache: inout CostUsageCache,
+        range: CostUsageDayRange,
+        isForceRescan: Bool)
+    {
+        guard isForceRescan else { return }
+        for key in cache.files.keys {
+            guard let old = cache.files[key] else { continue }
+            guard !old.touchesCodexScanWindow(sinceKey: range.scanSinceKey, untilKey: range.scanUntilKey)
+            else { continue }
+            Self.applyFileDays(cache: &cache, fileDays: old.days, sign: -1)
+            cache.files.removeValue(forKey: key)
+        }
+    }
+
+    static func requestedWindowExpandsCache(range: CostUsageDayRange, cache: CostUsageCache) -> Bool {
+        guard let cachedSince = cache.scanSinceKey,
+              let cachedUntil = cache.scanUntilKey
+        else {
+            return cache.lastScanUnixMs != 0 || !cache.files.isEmpty || !cache.days.isEmpty
+        }
+        return range.scanSinceKey < cachedSince || range.scanUntilKey > cachedUntil
+    }
+
+    static func addPacked(a: [Int], b: [Int], sign: Int) -> [Int] {
+        let len = max(a.count, b.count)
+        var out: [Int] = Array(repeating: 0, count: len)
+        for idx in 0..<len {
+            let next = (a[safe: idx] ?? 0) + sign * (b[safe: idx] ?? 0)
+            out[idx] = max(0, next)
+        }
+        return out
+    }
+
+    static func buildCodexReportFromCache(
+        cache: CostUsageCache,
+        range: CostUsageDayRange,
+        modelsDevCatalog: ModelsDevCatalog? = nil,
+        modelsDevCacheRoot: URL? = nil,
+        priorityTurns: [String: CodexPriorityTurnMetadata] = [:]) -> CostUsageDailyReport
+    {
+        var entries: [CostUsageDailyReport.Entry] = []
+        var totalInput = 0
+        var totalOutput = 0
+        var totalTokens = 0
+        var totalCost: Double = 0
+        var costSeen = false
+
+        let dayKeys = cache.days.keys.sorted().filter {
+            CostUsageDayRange.isInRange(dayKey: $0, since: range.sinceKey, until: range.untilKey)
+        }
+        let costNanosByDayModel = self.codexCostNanosByDayModel(cache: cache, range: range)
+        let prioritySurchargeNanosByDayModel = self.codexPrioritySurchargeNanosByDayModel(cache: cache, range: range)
+        let standardCostNanosByDayModel = self.codexStandardCostNanosByDayModel(cache: cache, range: range)
+        let priorityCostNanosByDayModel = self.codexPriorityCostNanosByDayModel(cache: cache, range: range)
+        let standardTokensByDayModel = self.codexStandardTokensByDayModel(cache: cache, range: range)
+        let priorityTokensByDayModel = self.codexPriorityTokensByDayModel(cache: cache, range: range)
+
+        let hasCodexRows = cache.files.values.contains {
+            !($0.codexRows?.isEmpty ?? true)
+        }
+        let rowsByDayModel = hasCodexRows ? self.codexRowsByDayModel(cache: cache, range: range) : [:]
+
+        for day in dayKeys {
+            guard let models = cache.days[day] else { continue }
+            let modelNames = models.keys.sorted()
+
+            var dayInput = 0
+            var dayOutput = 0
+            var breakdown: [CostUsageDailyReport.ModelBreakdown] = []
+            var dayCost: Double = 0
+            var dayCostSeen = false
+
+            for model in modelNames {
+                let packed = models[model] ?? [0, 0, 0]
+                let input = packed[safe: 0] ?? 0
+                let cached = packed[safe: 1] ?? 0
+                let output = packed[safe: 2] ?? 0
+                let totalTokens = input + output
+
+                dayInput += input
+                dayOutput += output
+
+                let rows = rowsByDayModel[day]?[model]
+                let rowCostBreakdown = rows.map {
+                    self.codexRowCostBreakdown(
+                        rows: $0,
+                        priorityTurns: priorityTurns,
+                        modelsDevCatalog: modelsDevCatalog,
+                        modelsDevCacheRoot: modelsDevCacheRoot)
+                }
+                let cachedBaseCost = costNanosByDayModel[day]?[model].map { Double($0) / Self.costScale }
+                let rowTotalCost = cachedBaseCost == nil ? rowCostBreakdown?.totalCostUSD : nil
+                let standardCost = standardCostNanosByDayModel[day]?[model].map { Double($0) / Self.costScale }
+                    ?? (rowCostBreakdown?.hasModeSplit == true ? rowCostBreakdown?.optionalStandardCostUSD : nil)
+                let priorityCost = priorityCostNanosByDayModel[day]?[model].map { Double($0) / Self.costScale }
+                    ?? (rowCostBreakdown?.hasModeSplit == true ? rowCostBreakdown?.optionalPriorityCostUSD : nil)
+                let splitTotalCost: Double? = if standardCost != nil || priorityCost != nil {
+                    (standardCost ?? 0) + (priorityCost ?? 0)
+                } else {
+                    nil
+                }
+                var cost = splitTotalCost
+                    ?? cachedBaseCost
+                    ?? rowTotalCost
+                    ?? CostUsagePricing.codexCostUSD(
+                        model: model,
+                        inputTokens: input,
+                        cachedInputTokens: cached,
+                        outputTokens: output,
+                        modelsDevCatalog: modelsDevCatalog,
+                        modelsDevCacheRoot: modelsDevCacheRoot)
+                if splitTotalCost == nil,
+                   let surchargeNanos = prioritySurchargeNanosByDayModel[day]?[model],
+                   cachedBaseCost != nil
+                {
+                    cost = (cost ?? 0) + (Double(surchargeNanos) / Self.costScale)
+                } else if splitTotalCost == nil,
+                          rowTotalCost == nil,
+                          !priorityTurns.isEmpty,
+                          let rows,
+                          let surcharge = self.codexPrioritySurchargeUSD(
+                              rows: rows,
+                              priorityTurns: priorityTurns,
+                              modelsDevCatalog: modelsDevCatalog,
+                              modelsDevCacheRoot: modelsDevCacheRoot)
+                {
+                    cost = (cost ?? 0) + surcharge
+                }
+                let standardModeTokens = standardTokensByDayModel[day]?[model]
+                    ?? (rowCostBreakdown?.hasModeSplit == true ? rowCostBreakdown?.optionalStandardTokens : nil)
+                let priorityModeTokens = priorityTokensByDayModel[day]?[model]
+                    ?? (rowCostBreakdown?.hasModeSplit == true ? rowCostBreakdown?.optionalPriorityTokens : nil)
+                let hasModeSplit = priorityCost != nil || priorityModeTokens != nil
+                breakdown.append(
+                    CostUsageDailyReport.ModelBreakdown(
+                        modelName: model,
+                        costUSD: cost,
+                        totalTokens: totalTokens,
+                        standardCostUSD: hasModeSplit ? standardCost : nil,
+                        priorityCostUSD: hasModeSplit ? priorityCost : nil,
+                        standardTokens: hasModeSplit ? standardModeTokens : nil,
+                        priorityTokens: hasModeSplit ? priorityModeTokens : nil))
+                if let cost {
+                    dayCost += cost
+                    dayCostSeen = true
+                }
+            }
+
+            let dayTotal = dayInput + dayOutput
+            let entryCost = dayCostSeen ? dayCost : nil
+            entries.append(CostUsageDailyReport.Entry(
+                date: day,
+                inputTokens: dayInput,
+                outputTokens: dayOutput,
+                totalTokens: dayTotal,
+                costUSD: entryCost,
+                modelsUsed: modelNames,
+                modelBreakdowns: Self.sortedModelBreakdowns(breakdown)))
+
+            totalInput += dayInput
+            totalOutput += dayOutput
+            totalTokens += dayTotal
+            if let entryCost {
+                totalCost += entryCost
+                costSeen = true
+            }
+        }
+
+        let summary: CostUsageDailyReport.Summary? = entries.isEmpty
+            ? nil
+            : CostUsageDailyReport.Summary(
+                totalInputTokens: totalInput,
+                totalOutputTokens: totalOutput,
+                totalTokens: totalTokens,
+                totalCostUSD: costSeen ? totalCost : nil)
+
+        return CostUsageDailyReport(data: entries, summary: summary)
+    }
+
+    static func sortedModelBreakdowns(_ breakdowns: [CostUsageDailyReport.ModelBreakdown])
+        -> [CostUsageDailyReport.ModelBreakdown]
+    {
+        breakdowns.sorted { lhs, rhs in
+            let lhsCost = lhs.costUSD ?? -1
+            let rhsCost = rhs.costUSD ?? -1
+            if lhsCost != rhsCost {
+                return lhsCost > rhsCost
+            }
+
+            let lhsTokens = lhs.totalTokens ?? -1
+            let rhsTokens = rhs.totalTokens ?? -1
+            if lhsTokens != rhsTokens {
+                return lhsTokens > rhsTokens
+            }
+
+            return lhs.modelName > rhs.modelName
+        }
+    }
+
+    static func parseDayKey(_ key: String) -> Date? {
+        let parts = key.split(separator: "-")
+        guard parts.count == 3 else { return nil }
+        guard
+            let year = Int(parts[0]),
+            let month = Int(parts[1]),
+            let day = Int(parts[2])
+        else { return nil }
+
+        var comps = DateComponents()
+        comps.calendar = Calendar.current
+        comps.timeZone = TimeZone.current
+        comps.year = year
+        comps.month = month
+        comps.day = day
+        comps.hour = 12
+        return comps.date
+    }
+}
+
+extension Data {
+    func containsAscii(_ needle: String) -> Bool {
+        guard let n = needle.data(using: .utf8) else { return false }
+        return self.range(of: n) != nil
+    }
+}
+
+extension [Int] {
+    subscript(safe index: Int) -> Int? {
+        if index < 0 { return nil }
+        if index >= self.count { return nil }
+        return self[index]
+    }
+}
+
+extension [UInt8] {
+    subscript(safe index: Int) -> UInt8? {
+        if index < 0 { return nil }
+        if index >= self.count { return nil }
+        return self[index]
+    }
+}
+
+extension CostUsageFileUsage {
+    func touchesCodexScanWindow(sinceKey: String, untilKey: String) -> Bool {
+        self.days.keys.contains {
+            CostUsageScanner.CostUsageDayRange.isInRange(dayKey: $0, since: sinceKey, until: untilKey)
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+Claude.swift b/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+Claude.swift
index 5e32060b0..3d1578e38 100644
--- a/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+Claude.swift
+++ b/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+Claude.swift
@@ -35,105 +35,296 @@ extension CostUsageScanner {
         fileURL: URL,
         range: CostUsageDayRange,
         providerFilter: ClaudeLogProviderFilter,
-        startOffset: Int64 = 0) -> ClaudeParseResult
+        startOffset: Int64 = 0,
+        modelsDevCatalog: ModelsDevCatalog? = nil,
+        modelsDevCacheRoot: URL? = nil) -> ClaudeParseResult
     {
-        var days: [String: [String: [Int]]] = [:]
-        // Track seen message+request IDs to deduplicate streaming chunks within a JSONL file.
-        // Claude emits multiple lines per message with cumulative usage, so we only count once.
-        var seenKeys: Set<String> = []
+        (
+            try? self.parseClaudeFileCancellable(
+                fileURL: fileURL,
+                range: range,
+                providerFilter: providerFilter,
+                startOffset: startOffset,
+                modelsDevCatalog: modelsDevCatalog,
+                modelsDevCacheRoot: modelsDevCacheRoot,
+                checkCancellation: nil)) ?? ClaudeParseResult(days: [:], rows: [], parsedBytes: startOffset)
+    }
 
+    static func parseClaudeFileCancellable(
+        fileURL: URL,
+        range: CostUsageDayRange,
+        providerFilter: ClaudeLogProviderFilter,
+        startOffset: Int64 = 0,
+        modelsDevCatalog: ModelsDevCatalog? = nil,
+        modelsDevCacheRoot: URL? = nil,
+        checkCancellation: CancellationCheck? = nil) throws -> ClaudeParseResult
+    {
         struct ClaudeTokens: Sendable {
             let input: Int
             let cacheRead: Int
             let cacheCreate: Int
             let output: Int
             let costNanos: Int
+            let costPriced: Bool
         }
 
-        func add(dayKey: String, model: String, tokens: ClaudeTokens) {
+        func add(dayKey: String, model: String, tokens: ClaudeTokens, days: inout [String: [String: [Int]]]) {
             guard CostUsageDayRange.isInRange(dayKey: dayKey, since: range.scanSinceKey, until: range.scanUntilKey)
             else { return }
             let normModel = CostUsagePricing.normalizeClaudeModel(model)
             var dayModels = days[dayKey] ?? [:]
-            var packed = dayModels[normModel] ?? [0, 0, 0, 0, 0]
+            var packed = dayModels[normModel] ?? [0, 0, 0, 0, 0, 0, 0]
             packed[0] = (packed[safe: 0] ?? 0) + tokens.input
             packed[1] = (packed[safe: 1] ?? 0) + tokens.cacheRead
             packed[2] = (packed[safe: 2] ?? 0) + tokens.cacheCreate
             packed[3] = (packed[safe: 3] ?? 0) + tokens.output
             packed[4] = (packed[safe: 4] ?? 0) + tokens.costNanos
+            packed[5] = (packed[safe: 5] ?? 0) + 1
+            packed[6] = (packed[safe: 6] ?? 0) + (tokens.costPriced ? 1 : 0)
             dayModels[normModel] = packed
             days[dayKey] = dayModels
         }
 
+        func toInt(_ v: Any?) -> Int {
+            if let n = v as? NSNumber { return n.intValue }
+            return 0
+        }
+
+        func toBool(_ value: Any?) -> Bool {
+            if let bool = value as? Bool { return bool }
+            if let number = value as? NSNumber { return number.boolValue }
+            return false
+        }
+
+        let pathRole = Self.claudePathRole(fileURL: fileURL)
+        var keyedRows: [String: ClaudeUsageRow] = [:]
+        var unkeyedRows: [ClaudeUsageRow] = []
+
         let maxLineBytes = 512 * 1024
         // Keep the full line so usage at the tail isn't dropped on large tool outputs.
         let prefixBytes = maxLineBytes
         let costScale = 1_000_000_000.0
 
-        let parsedBytes = (try? CostUsageJsonl.scan(
-            fileURL: fileURL,
-            offset: startOffset,
-            maxLineBytes: maxLineBytes,
-            prefixBytes: prefixBytes,
-            onLine: { line in
-                guard !line.bytes.isEmpty else { return }
-                guard !line.wasTruncated else { return }
-                guard line.bytes.containsAscii(#""type":"assistant""#) else { return }
-                guard line.bytes.containsAscii(#""usage""#) else { return }
-
-                guard
-                    let obj = (try? JSONSerialization.jsonObject(with: line.bytes)) as? [String: Any],
-                    let type = obj["type"] as? String,
-                    type == "assistant"
-                else { return }
-                guard Self.matchesClaudeProviderFilter(obj: obj, filter: providerFilter) else { return }
-
-                guard let tsText = obj["timestamp"] as? String else { return }
-                guard let dayKey = Self.dayKeyFromTimestamp(tsText) ?? Self.dayKeyFromParsedISO(tsText) else { return }
-
-                guard let message = obj["message"] as? [String: Any] else { return }
-                guard let model = message["model"] as? String else { return }
-                guard let usage = message["usage"] as? [String: Any] else { return }
-
-                // Deduplicate by message.id + requestId (streaming chunks have same usage).
-                let messageId = message["id"] as? String
-                let requestId = obj["requestId"] as? String
-                if let messageId, let requestId {
-                    let key = "\(messageId):\(requestId)"
-                    if seenKeys.contains(key) { return }
-                    seenKeys.insert(key)
+        let parsedBytes: Int64
+        do {
+            parsedBytes = try CostUsageJsonl.scan(
+                fileURL: fileURL,
+                offset: startOffset,
+                maxLineBytes: maxLineBytes,
+                prefixBytes: prefixBytes,
+                checkCancellation: checkCancellation,
+                onLine: { line in
+                    guard !line.bytes.isEmpty else { return }
+                    guard !line.wasTruncated else { return }
+                    guard line.bytes.containsAscii(#""type":"assistant""#) else { return }
+                    guard line.bytes.containsAscii(#""usage""#) else { return }
+
+                    autoreleasepool {
+                        guard
+                            let obj = (try? JSONSerialization.jsonObject(with: line.bytes)) as? [String: Any],
+                            let type = obj["type"] as? String,
+                            type == "assistant"
+                        else { return }
+                        guard Self.matchesClaudeProviderFilter(obj: obj, filter: providerFilter) else { return }
+
+                        guard let tsText = obj["timestamp"] as? String else { return }
+                        guard let dayKey = Self.dayKeyFromTimestamp(tsText) ?? Self.dayKeyFromParsedISO(tsText)
+                        else { return }
+
+                        guard let message = obj["message"] as? [String: Any] else { return }
+                        guard let model = message["model"] as? String else { return }
+                        guard let usage = message["usage"] as? [String: Any] else { return }
+
+                        let input = max(0, toInt(usage["input_tokens"]))
+                        let cacheCreate = max(0, toInt(usage["cache_creation_input_tokens"]))
+                        let cacheRead = max(0, toInt(usage["cache_read_input_tokens"]))
+                        let output = max(0, toInt(usage["output_tokens"]))
+                        if input == 0, cacheCreate == 0, cacheRead == 0, output == 0 { return }
+
+                        let cost = CostUsagePricing.claudeCostUSD(
+                            model: model,
+                            inputTokens: input,
+                            cacheReadInputTokens: cacheRead,
+                            cacheCreationInputTokens: cacheCreate,
+                            outputTokens: output,
+                            modelsDevCatalog: modelsDevCatalog,
+                            modelsDevCacheRoot: modelsDevCacheRoot)
+                        let costNanos = cost.map { Int(($0 * costScale).rounded()) } ?? 0
+                        let tokens = ClaudeTokens(
+                            input: input,
+                            cacheRead: cacheRead,
+                            cacheCreate: cacheCreate,
+                            output: output,
+                            costNanos: costNanos,
+                            costPriced: cost != nil)
+
+                        guard CostUsageDayRange.isInRange(
+                            dayKey: dayKey,
+                            since: range.scanSinceKey,
+                            until: range.scanUntilKey)
+                        else { return }
+
+                        let messageId = message["id"] as? String
+                        let requestId = obj["requestId"] as? String
+                        let sessionId = obj["sessionId"] as? String
+                            ?? obj["session_id"] as? String
+                            ?? (obj["metadata"] as? [String: Any])?["sessionId"] as? String
+                            ?? (message["metadata"] as? [String: Any])?["sessionId"] as? String
+                        let normalizedModel = CostUsagePricing.normalizeClaudeModel(model)
+                        let row = ClaudeUsageRow(
+                            dayKey: dayKey,
+                            model: normalizedModel,
+                            sessionId: sessionId,
+                            messageId: messageId,
+                            requestId: requestId,
+                            isSidechain: toBool(obj["isSidechain"]),
+                            pathRole: pathRole,
+                            input: tokens.input,
+                            cacheRead: tokens.cacheRead,
+                            cacheCreate: tokens.cacheCreate,
+                            output: tokens.output,
+                            costNanos: tokens.costNanos,
+                            costPriced: tokens.costPriced)
+
+                        // Streaming chunks share message.id + requestId inside a file.
+                        // Keep overwriting so the final cumulative chunk wins.
+                        if let messageId, let requestId {
+                            let key = "\(messageId):\(requestId)"
+                            keyedRows[key] = row
+                        } else {
+                            // Older logs omit IDs; treat each line as distinct to avoid dropping usage.
+                            unkeyedRows.append(row)
+                        }
+                    }
+                })
+        } catch is CancellationError {
+            throw CancellationError()
+        } catch {
+            parsedBytes = startOffset
+        }
+
+        let rows = keyedRows.keys.sorted().compactMap { keyedRows[$0] } + unkeyedRows
+        var days: [String: [String: [Int]]] = [:]
+        for row in rows {
+            let tokens = ClaudeTokens(
+                input: row.input,
+                cacheRead: row.cacheRead,
+                cacheCreate: row.cacheCreate,
+                output: row.output,
+                costNanos: row.costNanos,
+                costPriced: row.costPriced ?? (row.costNanos > 0))
+            add(dayKey: row.dayKey, model: row.model, tokens: tokens, days: &days)
+        }
+
+        return ClaudeParseResult(days: days, rows: rows, parsedBytes: parsedBytes)
+    }
+
+    private static func claudePathRole(fileURL: URL) -> ClaudePathRole {
+        fileURL.path.contains("/subagents/") ? .subagent : .parent
+    }
+
+    private static func claudeCanonicalRowKey(_ row: ClaudeUsageRow) -> String? {
+        guard let messageId = row.messageId, let requestId = row.requestId else {
+            return nil
+        }
+        return "\(messageId):\(requestId)"
+    }
+
+    private static func mergeClaudeRows(existing: [ClaudeUsageRow], delta: [ClaudeUsageRow]) -> [ClaudeUsageRow] {
+        var keyedRows: [String: ClaudeUsageRow] = [:]
+        var unkeyedRows: [ClaudeUsageRow] = []
+
+        for row in existing {
+            if let key = Self.claudeInFileKey(row) {
+                keyedRows[key] = row
+            } else {
+                unkeyedRows.append(row)
+            }
+        }
+        for row in delta {
+            if let key = Self.claudeInFileKey(row) {
+                keyedRows[key] = row
+            } else {
+                unkeyedRows.append(row)
+            }
+        }
+
+        return keyedRows.keys.sorted().compactMap { keyedRows[$0] } + unkeyedRows
+    }
+
+    private static func claudeInFileKey(_ row: ClaudeUsageRow) -> String? {
+        guard let messageId = row.messageId, let requestId = row.requestId else { return nil }
+        return "\(messageId):\(requestId)"
+    }
+
+    private static func claudeRowWins(
+        lhs: (path: String, row: ClaudeUsageRow),
+        rhs: (path: String, row: ClaudeUsageRow)) -> Bool
+    {
+        if lhs.row.isSidechain != rhs.row.isSidechain {
+            return rhs.row.isSidechain
+        }
+        if lhs.row.pathRole != rhs.row.pathRole {
+            return rhs.row.pathRole == .subagent
+        }
+        return lhs.path < rhs.path
+    }
+
+    private static func rebuildClaudeDays(cache: inout CostUsageCache) {
+        var days: [String: [String: [Int]]] = [:]
+        var winners: [String: (path: String, row: ClaudeUsageRow)] = [:]
+
+        func addRow(_ row: ClaudeUsageRow) {
+            var dayModels = days[row.dayKey] ?? [:]
+            var packed = dayModels[row.model] ?? [0, 0, 0, 0, 0, 0, 0]
+            packed[0] = (packed[safe: 0] ?? 0) + row.input
+            packed[1] = (packed[safe: 1] ?? 0) + row.cacheRead
+            packed[2] = (packed[safe: 2] ?? 0) + row.cacheCreate
+            packed[3] = (packed[safe: 3] ?? 0) + row.output
+            packed[4] = (packed[safe: 4] ?? 0) + row.costNanos
+            packed[5] = (packed[safe: 5] ?? 0) + 1
+            packed[6] = (packed[safe: 6] ?? 0) + ((row.costPriced ?? (row.costNanos > 0)) ? 1 : 0)
+            dayModels[row.model] = packed
+            days[row.dayKey] = dayModels
+        }
+
+        for path in cache.files.keys.sorted() {
+            guard let rows = cache.files[path]?.claudeRows else { continue }
+            for row in rows {
+                guard let canonicalKey = Self.claudeCanonicalRowKey(row) else {
+                    addRow(row)
+                    continue
+                }
+                let candidate = (path: path, row: row)
+                if let existing = winners[canonicalKey] {
+                    if Self.claudeRowWins(lhs: candidate, rhs: existing) {
+                        winners[canonicalKey] = candidate
+                    }
                 } else {
-                    // Older logs omit IDs; treat each line as distinct to avoid dropping usage.
+                    winners[canonicalKey] = candidate
                 }
+            }
+        }
 
-                func toInt(_ v: Any?) -> Int {
-                    if let n = v as? NSNumber { return n.intValue }
-                    return 0
-                }
+        for winner in winners.values {
+            addRow(winner.row)
+        }
 
-                let input = max(0, toInt(usage["input_tokens"]))
-                let cacheCreate = max(0, toInt(usage["cache_creation_input_tokens"]))
-                let cacheRead = max(0, toInt(usage["cache_read_input_tokens"]))
-                let output = max(0, toInt(usage["output_tokens"]))
-                if input == 0, cacheCreate == 0, cacheRead == 0, output == 0 { return }
+        cache.days = days
+    }
 
-                let cost = CostUsagePricing.claudeCostUSD(
-                    model: model,
-                    inputTokens: input,
-                    cacheReadInputTokens: cacheRead,
-                    cacheCreationInputTokens: cacheCreate,
-                    outputTokens: output)
-                let costNanos = cost.map { Int(($0 * costScale).rounded()) } ?? 0
-                let tokens = ClaudeTokens(
-                    input: input,
-                    cacheRead: cacheRead,
-                    cacheCreate: cacheCreate,
-                    output: output,
-                    costNanos: costNanos)
-                add(dayKey: dayKey, model: model, tokens: tokens)
-            })) ?? startOffset
-
-        return ClaudeParseResult(days: days, parsedBytes: parsedBytes)
+    private static func makeClaudeFileUsage(
+        mtimeMs: Int64,
+        size: Int64,
+        rows: [ClaudeUsageRow],
+        parsedBytes: Int64?) -> CostUsageFileUsage
+    {
+        makeFileUsage(
+            mtimeUnixMs: mtimeMs,
+            size: size,
+            days: [:],
+            parsedBytes: parsedBytes,
+            claudeRows: rows)
     }
 
     private static let vertexProviderKeys: Set<String> = [
@@ -260,17 +451,31 @@ extension CostUsageScanner {
 
     private final class ClaudeScanState {
         var cache: CostUsageCache
-        var rootCache: [String: Int64]
         var touched: Set<String>
         let range: CostUsageDayRange
         let providerFilter: ClaudeLogProviderFilter
-
-        init(cache: CostUsageCache, range: CostUsageDayRange, providerFilter: ClaudeLogProviderFilter) {
+        let forceFullScan: Bool
+        let modelsDevCatalog: ModelsDevCatalog?
+        let modelsDevCacheRoot: URL?
+        let checkCancellation: CancellationCheck?
+
+        init(
+            cache: CostUsageCache,
+            range: CostUsageDayRange,
+            providerFilter: ClaudeLogProviderFilter,
+            forceFullScan: Bool,
+            modelsDevCatalog: ModelsDevCatalog?,
+            modelsDevCacheRoot: URL?,
+            checkCancellation: CancellationCheck?)
+        {
             self.cache = cache
-            self.rootCache = cache.roots ?? [:]
             self.touched = []
             self.range = range
             self.providerFilter = providerFilter
+            self.forceFullScan = forceFullScan
+            self.modelsDevCatalog = modelsDevCatalog
+            self.modelsDevCacheRoot = modelsDevCacheRoot
+            self.checkCancellation = checkCancellation
         }
     }
 
@@ -278,119 +483,87 @@ extension CostUsageScanner {
         url: URL,
         size: Int64,
         mtimeMs: Int64,
-        state: ClaudeScanState)
+        state: ClaudeScanState) throws
     {
+        try state.checkCancellation?()
         let path = url.path
         state.touched.insert(path)
 
         if let cached = state.cache.files[path],
            cached.mtimeUnixMs == mtimeMs,
-           cached.size == size
+           cached.size == size,
+           !state.forceFullScan
         {
             return
         }
 
-        if let cached = state.cache.files[path] {
+        if let cached = state.cache.files[path], !state.forceFullScan {
             let startOffset = cached.parsedBytes ?? cached.size
             let canIncremental = size > cached.size && startOffset > 0 && startOffset <= size
+                && cached.claudeRows != nil
             if canIncremental {
-                let delta = Self.parseClaudeFile(
+                let delta = try Self.parseClaudeFileCancellable(
                     fileURL: url,
                     range: state.range,
                     providerFilter: state.providerFilter,
-                    startOffset: startOffset)
-                if !delta.days.isEmpty {
-                    Self.applyFileDays(cache: &state.cache, fileDays: delta.days, sign: 1)
-                }
-
-                var mergedDays = cached.days
-                Self.mergeFileDays(existing: &mergedDays, delta: delta.days)
-                state.cache.files[path] = Self.makeFileUsage(
-                    mtimeUnixMs: mtimeMs,
+                    startOffset: startOffset,
+                    modelsDevCatalog: state.modelsDevCatalog,
+                    modelsDevCacheRoot: state.modelsDevCacheRoot,
+                    checkCancellation: state.checkCancellation)
+                let mergedRows = Self.mergeClaudeRows(existing: cached.claudeRows ?? [], delta: delta.rows)
+                state.cache.files[path] = Self.makeClaudeFileUsage(
+                    mtimeMs: mtimeMs,
                     size: size,
-                    days: mergedDays,
+                    rows: mergedRows,
                     parsedBytes: delta.parsedBytes)
                 return
             }
-
-            Self.applyFileDays(cache: &state.cache, fileDays: cached.days, sign: -1)
         }
 
-        let parsed = Self.parseClaudeFile(
+        let parsed = try Self.parseClaudeFileCancellable(
             fileURL: url,
             range: state.range,
-            providerFilter: state.providerFilter)
-        let usage = Self.makeFileUsage(
-            mtimeUnixMs: mtimeMs,
+            providerFilter: state.providerFilter,
+            modelsDevCatalog: state.modelsDevCatalog,
+            modelsDevCacheRoot: state.modelsDevCacheRoot,
+            checkCancellation: state.checkCancellation)
+        let usage = Self.makeClaudeFileUsage(
+            mtimeMs: mtimeMs,
             size: size,
-            days: parsed.days,
+            rows: parsed.rows,
             parsedBytes: parsed.parsedBytes)
         state.cache.files[path] = usage
-        Self.applyFileDays(cache: &state.cache, fileDays: usage.days, sign: 1)
     }
 
     private static func scanClaudeRoot(
         root: URL,
-        state: ClaudeScanState)
+        state: ClaudeScanState) throws
     {
+        try state.checkCancellation?()
         let rootPath = root.path
         let rootCandidates = Self.claudeRootCandidates(for: rootPath)
         let prefixes = Set(rootCandidates).map { path in
             path.hasSuffix("/") ? path : "\(path)/"
         }
         let rootExists = rootCandidates.contains { FileManager.default.fileExists(atPath: $0) }
-        let canonicalRootPath = rootCandidates.first(where: {
-            FileManager.default.fileExists(atPath: $0)
-        }) ?? rootPath
 
         guard rootExists else {
             let stale = state.cache.files.keys.filter { path in
                 prefixes.contains(where: { path.hasPrefix($0) })
             }
             for path in stale {
-                if let old = state.cache.files[path] {
-                    Self.applyFileDays(cache: &state.cache, fileDays: old.days, sign: -1)
-                }
                 state.cache.files.removeValue(forKey: path)
             }
-            for candidate in rootCandidates {
-                state.rootCache.removeValue(forKey: candidate)
-            }
-            return
-        }
-
-        let rootAttrs = (try? FileManager.default.attributesOfItem(atPath: canonicalRootPath)) ?? [:]
-        let rootMtime = (rootAttrs[.modificationDate] as? Date)?.timeIntervalSince1970 ?? 0
-        let rootMtimeMs = Int64(rootMtime * 1000)
-        let cachedRootMtime = rootCandidates.compactMap { state.rootCache[$0] }.first
-        let canSkipEnumeration = cachedRootMtime == rootMtimeMs && rootMtimeMs > 0
-
-        if canSkipEnumeration {
-            let cachedPaths = state.cache.files.keys.filter { path in
-                prefixes.contains(where: { path.hasPrefix($0) })
-            }
-            for path in cachedPaths {
-                guard FileManager.default.fileExists(atPath: path) else {
-                    if let old = state.cache.files[path] {
-                        Self.applyFileDays(cache: &state.cache, fileDays: old.days, sign: -1)
-                    }
-                    state.cache.files.removeValue(forKey: path)
-                    continue
-                }
-                let attrs = (try? FileManager.default.attributesOfItem(atPath: path)) ?? [:]
-                let size = (attrs[.size] as? NSNumber)?.int64Value ?? 0
-                if size <= 0 { continue }
-                let mtime = (attrs[.modificationDate] as? Date)?.timeIntervalSince1970 ?? 0
-                let mtimeMs = Int64(mtime * 1000)
-                Self.processClaudeFile(
-                    url: URL(fileURLWithPath: path),
-                    size: size,
-                    mtimeMs: mtimeMs,
-                    state: state)
-            }
             return
         }
 
+        // Always enumerate the directory tree. The per-file mtime/size cache in
+        // processClaudeFile already skips unchanged files, so the only cost here is
+        // the directory walk itself. The previous root-mtime optimization skipped
+        // enumeration entirely when the root directory mtime was unchanged, but on
+        // POSIX systems a directory mtime only updates for direct child changes —
+        // not for files created or modified inside subdirectories. This caused new
+        // session logs to go undetected until the cache was manually cleared.
         let keys: [URLResourceKey] = [
             .isRegularFileKey,
             .contentModificationDateKey,
@@ -404,6 +577,7 @@ extension CostUsageScanner {
         else { return }
 
         for case let url as URL in enumerator {
+            try state.checkCancellation?()
             guard url.pathExtension.lowercased() == "jsonl" else { continue }
             guard let values = try? url.resourceValues(forKeys: Set(keys)) else { continue }
             guard values.isRegularFile == true else { continue }
@@ -412,32 +586,33 @@ extension CostUsageScanner {
 
             let mtime = values.contentModificationDate?.timeIntervalSince1970 ?? 0
             let mtimeMs = Int64(mtime * 1000)
-            Self.processClaudeFile(
+            try Self.processClaudeFile(
                 url: url,
                 size: size,
                 mtimeMs: mtimeMs,
                 state: state)
         }
 
-        if rootMtimeMs > 0 {
-            state.rootCache[canonicalRootPath] = rootMtimeMs
-            for candidate in rootCandidates where candidate != canonicalRootPath {
-                state.rootCache.removeValue(forKey: candidate)
-            }
-        }
+        // Root mtime caching removed — see comment above.
     }
 
     static func loadClaudeDaily(
         provider: UsageProvider,
         range: CostUsageDayRange,
         now: Date,
-        options: Options) -> CostUsageDailyReport
+        options: Options,
+        checkCancellation: CancellationCheck?) throws -> CostUsageDailyReport
     {
         var cache = CostUsageCacheIO.load(provider: provider, cacheRoot: options.cacheRoot)
         let nowMs = Int64(now.timeIntervalSince1970 * 1000)
 
         let refreshMs = Int64(max(0, options.refreshMinIntervalSeconds) * 1000)
-        let shouldRefresh = refreshMs == 0 || cache.lastScanUnixMs == 0 || nowMs - cache.lastScanUnixMs > refreshMs
+        let windowExpanded = Self.requestedWindowExpandsCache(range: range, cache: cache)
+        let shouldRefresh = options.forceRescan
+            || windowExpanded
+            || refreshMs == 0
+            || cache.lastScanUnixMs == 0
+            || nowMs - cache.lastScanUnixMs > refreshMs
 
         let roots = self.defaultClaudeProjectsRoots(options: options)
         let providerFilter = options.claudeLogProviderFilter
@@ -445,39 +620,57 @@ extension CostUsageScanner {
         var touched: Set<String> = []
 
         if shouldRefresh {
+            try checkCancellation?()
             if options.forceRescan {
                 cache = CostUsageCache()
             }
-            let scanState = ClaudeScanState(cache: cache, range: range, providerFilter: providerFilter)
+            let modelsDevCatalog = CostUsagePricing.modelsDevCatalog(now: now, cacheRoot: options.cacheRoot)
+            let scanState = ClaudeScanState(
+                cache: cache,
+                range: range,
+                providerFilter: providerFilter,
+                forceFullScan: options.forceRescan || windowExpanded,
+                modelsDevCatalog: modelsDevCatalog,
+                modelsDevCacheRoot: options.cacheRoot,
+                checkCancellation: checkCancellation)
 
             for root in roots {
-                Self.scanClaudeRoot(
+                try Self.scanClaudeRoot(
                     root: root,
                     state: scanState)
             }
+            try checkCancellation?()
 
             cache = scanState.cache
             touched = scanState.touched
-            cache.roots = scanState.rootCache.isEmpty ? nil : scanState.rootCache
+            cache.roots = nil
 
             for key in cache.files.keys where !touched.contains(key) {
-                if let old = cache.files[key] {
-                    Self.applyFileDays(cache: &cache, fileDays: old.days, sign: -1)
-                }
                 cache.files.removeValue(forKey: key)
             }
 
+            Self.rebuildClaudeDays(cache: &cache)
             Self.pruneDays(cache: &cache, sinceKey: range.scanSinceKey, untilKey: range.scanUntilKey)
+            cache.scanSinceKey = range.scanSinceKey
+            cache.scanUntilKey = range.scanUntilKey
             cache.lastScanUnixMs = nowMs
+            try checkCancellation?()
             CostUsageCacheIO.save(provider: provider, cache: cache, cacheRoot: options.cacheRoot)
         }
 
-        return Self.buildClaudeReportFromCache(cache: cache, range: range)
+        let modelsDevCatalog = CostUsagePricing.modelsDevCatalog(now: now, cacheRoot: options.cacheRoot)
+        return Self.buildClaudeReportFromCache(
+            cache: cache,
+            range: range,
+            modelsDevCatalog: modelsDevCatalog,
+            modelsDevCacheRoot: options.cacheRoot)
     }
 
     private static func buildClaudeReportFromCache(
         cache: CostUsageCache,
-        range: CostUsageDayRange) -> CostUsageDailyReport
+        range: CostUsageDayRange,
+        modelsDevCatalog: ModelsDevCatalog? = nil,
+        modelsDevCacheRoot: URL? = nil) -> CostUsageDailyReport
     {
         var entries: [CostUsageDailyReport.Entry] = []
         var totalInput = 0
@@ -513,6 +706,10 @@ extension CostUsageScanner {
                 let cacheCreate = packed[safe: 2] ?? 0
                 let output = packed[safe: 3] ?? 0
                 let cachedCost = packed[safe: 4] ?? 0
+                let sampleCount = packed[safe: 5] ?? 0
+                let pricedSampleCount = packed[safe: 6] ?? 0
+                let hasCompleteCachedCost = sampleCount > 0 && pricedSampleCount == sampleCount
+                let totalTokens = input + cacheRead + cacheCreate + output
 
                 // Cache tokens are tracked separately; totalTokens includes input + cache.
                 dayInput += input
@@ -520,23 +717,28 @@ extension CostUsageScanner {
                 dayCacheCreate += cacheCreate
                 dayOutput += output
 
-                let cost = cachedCost > 0
-                    ? Double(cachedCost) / costScale
-                    : CostUsagePricing.claudeCostUSD(
-                        model: model,
-                        inputTokens: input,
-                        cacheReadInputTokens: cacheRead,
-                        cacheCreationInputTokens: cacheCreate,
-                        outputTokens: output)
-                breakdown.append(CostUsageDailyReport.ModelBreakdown(modelName: model, costUSD: cost))
+                let currentPricingCost = CostUsagePricing.claudeCostUSD(
+                    model: model,
+                    inputTokens: input,
+                    cacheReadInputTokens: cacheRead,
+                    cacheCreationInputTokens: cacheCreate,
+                    outputTokens: output,
+                    modelsDevCatalog: modelsDevCatalog,
+                    modelsDevCacheRoot: modelsDevCacheRoot)
+                // Cached costs are accumulated per request, which preserves Claude long-context threshold boundaries.
+                let cost = hasCompleteCachedCost ? Double(cachedCost) / costScale : currentPricingCost
+                breakdown.append(
+                    CostUsageDailyReport.ModelBreakdown(
+                        modelName: model,
+                        costUSD: cost,
+                        totalTokens: totalTokens))
                 if let cost {
                     dayCost += cost
                     dayCostSeen = true
                 }
             }
 
-            breakdown.sort { lhs, rhs in (rhs.costUSD ?? -1) < (lhs.costUSD ?? -1) }
-            let top = Array(breakdown.prefix(3))
+            let sortedBreakdown = Self.sortedModelBreakdowns(breakdown)
 
             let dayTotal = dayInput + dayCacheRead + dayCacheCreate + dayOutput
             let entryCost = dayCostSeen ? dayCost : nil
@@ -549,7 +751,7 @@ extension CostUsageScanner {
                 totalTokens: dayTotal,
                 costUSD: entryCost,
                 modelsUsed: modelNames,
-                modelBreakdowns: top))
+                modelBreakdowns: sortedBreakdown))
 
             totalInput += dayInput
             totalOutput += dayOutput
diff --git a/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+CodexPriority.swift b/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+CodexPriority.swift
new file mode 100644
index 000000000..9583a0c1c
--- /dev/null
+++ b/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+CodexPriority.swift
@@ -0,0 +1,207 @@
+import Foundation
+#if canImport(SQLite3)
+import SQLite3
+#endif
+
+extension CostUsageScanner {
+    struct CodexPriorityTurnMetadata: Codable, Equatable {
+        var threadID: String?
+        var turnID: String
+        var model: String?
+        var timestamp: String?
+    }
+
+    private static let requestMarker = "websocket request:"
+
+    static func defaultCodexPriorityDatabaseURL() -> URL {
+        FileManager.default.homeDirectoryForCurrentUser
+            .appendingPathComponent(".codex", isDirectory: true)
+            .appendingPathComponent("logs_2.sqlite", isDirectory: false)
+    }
+
+    static func codexPriorityTurns(
+        databaseURL: URL? = nil,
+        sinceDayKey: String? = nil,
+        untilDayKey: String? = nil) -> [String: CodexPriorityTurnMetadata]
+    {
+        let url = databaseURL ?? self.defaultCodexPriorityDatabaseURL()
+        guard FileManager.default.fileExists(atPath: url.path) else { return [:] }
+
+        #if canImport(SQLite3)
+        var db: OpaquePointer?
+        guard sqlite3_open_v2(url.path, &db, SQLITE_OPEN_READONLY, nil) == SQLITE_OK else {
+            sqlite3_close(db)
+            return [:]
+        }
+        defer { sqlite3_close(db) }
+        sqlite3_busy_timeout(db, 250)
+
+        let query = if sinceDayKey != nil || untilDayKey != nil {
+            """
+            select ts, feedback_log_body
+            from logs
+            where ts >= ? and ts < ?
+              and (feedback_log_body like '%websocket request:%'
+                   or feedback_log_body like '%response.completed%')
+            """
+        } else {
+            """
+            select ts, feedback_log_body
+            from logs
+            where feedback_log_body like '%websocket request:%'
+               or feedback_log_body like '%response.completed%'
+            """
+        }
+        var stmt: OpaquePointer?
+        guard sqlite3_prepare_v2(db, query, -1, &stmt, nil) == SQLITE_OK else { return [:] }
+        defer { sqlite3_finalize(stmt) }
+
+        if sinceDayKey != nil || untilDayKey != nil {
+            let start = self.epochSeconds(forDayKey: sinceDayKey ?? "0000-01-01") ?? 0
+            let end = self.epochSeconds(forDayKey: self.nextDayKey(after: untilDayKey ?? "9999-12-30"))
+                ?? Int64.max
+            sqlite3_bind_int64(stmt, 1, start)
+            sqlite3_bind_int64(stmt, 2, end)
+        }
+
+        var turns: [String: CodexPriorityTurnMetadata] = [:]
+        var completedModelsByTurnID: [String: String] = [:]
+        while sqlite3_step(stmt) == SQLITE_ROW {
+            let timestamp = self.timestamp(stmt: stmt, index: 0)
+            guard self.timestamp(timestamp, isInRangeSince: sinceDayKey, until: untilDayKey),
+                  let body = self.text(stmt: stmt, index: 1)
+            else { continue }
+            if let completed = self.parseCodexCompletedTraceRow(body: body) {
+                completedModelsByTurnID[completed.turnID] = completed.model
+                if var existing = turns[completed.turnID] {
+                    existing.model = completed.model
+                    turns[completed.turnID] = existing
+                }
+                continue
+            }
+            guard var parsed = self.parseCodexPriorityTraceRow(timestamp: timestamp, body: body)
+            else { continue }
+            if let completedModel = completedModelsByTurnID[parsed.turnID] {
+                parsed.model = completedModel
+            }
+            turns[parsed.turnID] = parsed
+        }
+        return turns
+        #else
+        return [:]
+        #endif
+    }
+
+    static func parseCodexPriorityTraceRow(timestamp: String?, body: String) -> CodexPriorityTurnMetadata? {
+        guard let markerRange = body.range(of: self.requestMarker) else { return nil }
+        let prefix = String(body[..<markerRange.lowerBound])
+        let jsonText = body[markerRange.upperBound...].trimmingCharacters(in: .whitespacesAndNewlines)
+        guard let data = jsonText.data(using: .utf8),
+              let request = (try? JSONSerialization.jsonObject(with: data)) as? [String: Any],
+              request["type"] as? String == "response.create",
+              request["service_tier"] as? String == "priority"
+        else { return nil }
+
+        let turnID = self.value(named: "turn.id", in: prefix)
+            ?? self.value(named: "turn_id", in: prefix)
+            ?? request["turn_id"] as? String
+        guard let turnID, !turnID.isEmpty else { return nil }
+
+        return CodexPriorityTurnMetadata(
+            threadID: self.value(named: "thread_id", in: prefix),
+            turnID: turnID,
+            model: request["model"] as? String,
+            timestamp: timestamp)
+    }
+
+    static func parseCodexCompletedTraceRow(body: String) -> (turnID: String, model: String)? {
+        let marker = "websocket event:"
+        guard let markerRange = body.range(of: marker) else { return nil }
+        let prefix = String(body[..<markerRange.lowerBound])
+        let jsonText = body[markerRange.upperBound...].trimmingCharacters(in: .whitespacesAndNewlines)
+        guard let data = jsonText.data(using: .utf8),
+              let event = (try? JSONSerialization.jsonObject(with: data)) as? [String: Any],
+              event["type"] as? String == "response.completed",
+              let response = event["response"] as? [String: Any],
+              let model = response["model"] as? String,
+              !model.isEmpty
+        else { return nil }
+
+        let turnID = self.value(named: "turn.id", in: prefix)
+            ?? self.value(named: "turn_id", in: prefix)
+        guard let turnID, !turnID.isEmpty else { return nil }
+
+        return (turnID: turnID, model: model)
+    }
+
+    private static func value(named name: String, in text: String) -> String? {
+        guard let range = text.range(of: "\(name)=") else { return nil }
+        let tail = text[range.upperBound...]
+        let value = tail.prefix { char in
+            !char.isWhitespace && char != "," && char != "]" && char != ")"
+        }
+        return value.isEmpty ? nil : String(value)
+    }
+
+    #if canImport(SQLite3)
+    private static func text(stmt: OpaquePointer?, index: Int32) -> String? {
+        guard sqlite3_column_type(stmt, index) != SQLITE_NULL,
+              let cString = sqlite3_column_text(stmt, index)
+        else { return nil }
+        return String(cString: cString)
+    }
+
+    private static func timestamp(stmt: OpaquePointer?, index: Int32) -> String? {
+        guard sqlite3_column_type(stmt, index) != SQLITE_NULL else { return nil }
+        if sqlite3_column_type(stmt, index) == SQLITE_INTEGER {
+            return String(sqlite3_column_int64(stmt, index))
+        }
+        return self.text(stmt: stmt, index: index)
+    }
+    #endif
+
+    private static func timestamp(_ timestamp: String?, isInRangeSince since: String?, until: String?) -> Bool {
+        guard since != nil || until != nil else { return true }
+        guard let dayKey = self.dayKey(fromTimestamp: timestamp) else { return false }
+        if let since, dayKey < since { return false }
+        if let until, dayKey > until { return false }
+        return true
+    }
+
+    private static func dayKey(fromTimestamp timestamp: String?) -> String? {
+        guard let timestamp else { return nil }
+        if let seconds = Int64(timestamp) {
+            return CostUsageScanner.CostUsageDayRange.dayKey(
+                from: Date(timeIntervalSince1970: TimeInterval(seconds)))
+        }
+        let dayKey = timestamp.prefix(10)
+        return dayKey.count == 10 ? String(dayKey) : nil
+    }
+
+    private static func nextDayKey(after dayKey: String) -> String {
+        guard let date = self.localDate(forDayKey: dayKey),
+              let next = Calendar.current.date(byAdding: .day, value: 1, to: date)
+        else { return dayKey }
+        return CostUsageScanner.CostUsageDayRange.dayKey(from: next)
+    }
+
+    private static func epochSeconds(forDayKey dayKey: String) -> Int64? {
+        guard let date = self.localDate(forDayKey: dayKey) else { return nil }
+        return Int64(date.timeIntervalSince1970)
+    }
+
+    private static func localDate(forDayKey dayKey: String) -> Date? {
+        let parts = dayKey.split(separator: "-")
+        guard parts.count == 3,
+              let year = Int(parts[0]),
+              let month = Int(parts[1]),
+              let day = Int(parts[2])
+        else { return nil }
+        var components = DateComponents()
+        components.calendar = Calendar.current
+        components.year = year
+        components.month = month
+        components.day = day
+        return components.date
+    }
+}
diff --git a/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+CodexTruncatedPrefix.swift b/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+CodexTruncatedPrefix.swift
new file mode 100644
index 000000000..2c2f7554d
--- /dev/null
+++ b/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+CodexTruncatedPrefix.swift
@@ -0,0 +1,121 @@
+import Foundation
+
+extension CostUsageScanner {
+    static func extractCodexTurnContextModel(from bytes: Data) -> String? {
+        guard let text = truncatedUTF8String(from: bytes) else { return nil }
+        let object = text[...]
+        guard Self.extractJSONStringField("type", from: object, atDepth: 1) == "turn_context",
+              let payloadText = Self.extractJSONObjectField("payload", from: object, atDepth: 1)
+        else { return nil }
+
+        let payloadModel = Self.extractJSONStringField("model", from: payloadText, atDepth: 1)
+            ?? Self.extractJSONStringField("model_name", from: payloadText, atDepth: 1)
+        if let payloadModel { return payloadModel }
+
+        guard let infoText = Self.extractJSONObjectField("info", from: payloadText, atDepth: 1) else { return nil }
+        return Self.extractJSONStringField("model", from: infoText, atDepth: 1)
+            ?? Self.extractJSONStringField("model_name", from: infoText, atDepth: 1)
+    }
+
+    private static func truncatedUTF8String(from bytes: Data) -> String? {
+        for dropCount in 0...min(4, bytes.count) {
+            let end = bytes.count - dropCount
+            if let text = String(bytes: bytes.prefix(end), encoding: .utf8) {
+                return text
+            }
+        }
+        return nil
+    }
+
+    private static func extractJSONStringField(
+        _ field: String,
+        from text: Substring,
+        atDepth targetDepth: Int) -> String?
+    {
+        self.extractJSONField(field, from: text, atDepth: targetDepth) { text, index in
+            guard index < text.endIndex, text[index] == "\"" else { return nil }
+            let value = Self.parseJSONString(in: text, index: &index)
+            return value?.isEmpty == true ? nil : value
+        }
+    }
+
+    private static func extractJSONObjectField(
+        _ field: String,
+        from text: Substring,
+        atDepth targetDepth: Int) -> Substring?
+    {
+        self.extractJSONField(field, from: text, atDepth: targetDepth) { text, index in
+            guard index < text.endIndex, text[index] == "{" else { return nil }
+            return text[index...]
+        }
+    }
+
+    private static func extractJSONField<T>(
+        _ field: String,
+        from text: Substring,
+        atDepth targetDepth: Int,
+        parseValue: (Substring, inout String.Index) -> T?) -> T?
+    {
+        var index = text.startIndex
+        var depth = 0
+
+        while index < text.endIndex {
+            let character = text[index]
+            if character == "{" {
+                depth += 1
+                text.formIndex(after: &index)
+            } else if character == "}" {
+                depth -= 1
+                text.formIndex(after: &index)
+            } else if character == "\"" {
+                var valueIndex = index
+                guard let key = Self.parseJSONString(in: text, index: &valueIndex) else { return nil }
+                defer { index = valueIndex }
+                guard depth == targetDepth, key == field else { continue }
+
+                Self.skipJSONWhitespace(in: text, index: &valueIndex)
+                guard valueIndex < text.endIndex, text[valueIndex] == ":" else { continue }
+
+                text.formIndex(after: &valueIndex)
+                Self.skipJSONWhitespace(in: text, index: &valueIndex)
+                if let value = parseValue(text, &valueIndex) {
+                    return value
+                }
+            } else {
+                text.formIndex(after: &index)
+            }
+        }
+
+        return nil
+    }
+
+    private static func parseJSONString(in text: Substring, index: inout String.Index) -> String? {
+        guard index < text.endIndex, text[index] == "\"" else { return nil }
+        text.formIndex(after: &index)
+        var value = ""
+        var isEscaped = false
+        while index < text.endIndex {
+            let character = text[index]
+            if isEscaped {
+                value.append(character)
+                isEscaped = false
+            } else if character == "\\" {
+                isEscaped = true
+            } else if character == "\"" {
+                text.formIndex(after: &index)
+                return value
+            } else {
+                value.append(character)
+            }
+            text.formIndex(after: &index)
+        }
+
+        return nil
+    }
+
+    private static func skipJSONWhitespace(in text: Substring, index: inout String.Index) {
+        while index < text.endIndex, text[index].isWhitespace {
+            text.formIndex(after: &index)
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+Timestamp.swift b/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+Timestamp.swift
index e7cda6310..b8bf32153 100644
--- a/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+Timestamp.swift
+++ b/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner+Timestamp.swift
@@ -26,6 +26,10 @@ private enum CostUsageTimestampParser {
 }
 
 extension CostUsageScanner {
+    static func dateFromTimestamp(_ text: String) -> Date? {
+        CostUsageTimestampParser.parseISO(text)
+    }
+
     static func dayKeyFromTimestamp(_ text: String) -> String? {
         let bytes = Array(text.utf8)
         guard bytes.count >= 20 else { return nil }
diff --git a/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner.swift b/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner.swift
index a5ef942b5..09e2014e7 100644
--- a/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner.swift
+++ b/Sources/CodexBarCore/Vendored/CostUsage/CostUsageScanner.swift
@@ -1,16 +1,29 @@
+#if canImport(CryptoKit)
+import CryptoKit
+#else
+import Crypto
+#endif
 import Foundation
 
+// swiftlint:disable type_body_length file_length
 enum CostUsageScanner {
-    enum ClaudeLogProviderFilter: Sendable {
+    typealias CancellationCheck = () throws -> Void
+
+    static let log = CodexBarLog.logger(LogCategories.tokenCost)
+    static let codexActiveSessionLookbackDays = 30
+    static let costScale = 1_000_000_000.0
+
+    enum ClaudeLogProviderFilter {
         case all
         case vertexAIOnly
         case excludeVertexAI
     }
 
-    struct Options: Sendable {
+    struct Options {
         var codexSessionsRoot: URL?
         var claudeProjectsRoots: [URL]?
         var cacheRoot: URL?
+        var codexTraceDatabaseURL: URL?
         var refreshMinIntervalSeconds: TimeInterval = 60
         var claudeLogProviderFilter: ClaudeLogProviderFilter = .all
         /// Force a full rescan, ignoring per-file cache and incremental offsets.
@@ -20,65 +33,431 @@ enum CostUsageScanner {
             codexSessionsRoot: URL? = nil,
             claudeProjectsRoots: [URL]? = nil,
             cacheRoot: URL? = nil,
+            codexTraceDatabaseURL: URL? = nil,
             claudeLogProviderFilter: ClaudeLogProviderFilter = .all,
             forceRescan: Bool = false)
         {
             self.codexSessionsRoot = codexSessionsRoot
             self.claudeProjectsRoots = claudeProjectsRoots
             self.cacheRoot = cacheRoot
+            self.codexTraceDatabaseURL = codexTraceDatabaseURL
             self.claudeLogProviderFilter = claudeLogProviderFilter
             self.forceRescan = forceRescan
         }
     }
 
-    struct CodexParseResult: Sendable {
+    struct CodexParseResult {
         let days: [String: [String: [Int]]]
-        let parsedBytes: Int64
+        var parsedBytes: Int64
         let lastModel: String?
         let lastTotals: CostUsageCodexTotals?
+        let lastCountedTotals: CostUsageCodexTotals?
+        let lastRawTotalsBaseline: CostUsageCodexTotals?
+        let hasDivergentTotals: Bool
+        let lastCodexTurnID: String?
         let sessionId: String?
+        let forkedFromId: String?
+        let rows: [CodexUsageRow]
     }
 
-    private struct CodexScanState {
+    struct CodexUsageRow: Codable, Equatable {
+        let day: String
+        let model: String
+        let turnID: String?
+        let input: Int
+        let cached: Int
+        let output: Int
+    }
+
+    struct CodexScanState {
         var seenSessionIds: Set<String> = []
         var seenFileIds: Set<String> = []
     }
 
-    struct ClaudeParseResult: Sendable {
+    private struct CodexTimestampedTotals {
+        let timestamp: String
+        let date: Date?
+        let totals: CostUsageCodexTotals
+    }
+
+    enum CodexForkBaseline {
+        case resolved(CostUsageCodexTotals?)
+        case unresolved
+    }
+
+    private static func codexTotalsEqual(_ lhs: CostUsageCodexTotals?, _ rhs: CostUsageCodexTotals?) -> Bool {
+        lhs?.input == rhs?.input && lhs?.cached == rhs?.cached && lhs?.output == rhs?.output
+    }
+
+    private static func codexTotalsAtLeast(_ lhs: CostUsageCodexTotals, _ rhs: CostUsageCodexTotals) -> Bool {
+        lhs.input >= rhs.input && lhs.cached >= rhs.cached && lhs.output >= rhs.output
+    }
+
+    private static func codexTotalsAtMost(_ lhs: CostUsageCodexTotals, _ rhs: CostUsageCodexTotals) -> Bool {
+        lhs.input <= rhs.input && lhs.cached <= rhs.cached && lhs.output <= rhs.output
+    }
+
+    private static func codexShouldPreferTotalDelta(
+        rawBaseline: CostUsageCodexTotals?,
+        currentTotal: CostUsageCodexTotals,
+        totalDelta: CostUsageCodexTotals,
+        lastDelta: CostUsageCodexTotals,
+        sawDivergentTotals: Bool) -> Bool
+    {
+        guard !sawDivergentTotals, let rawBaseline else { return false }
+        return Self.codexTotalsAtLeast(currentTotal, rawBaseline)
+            && Self.codexTotalsAtMost(totalDelta, lastDelta)
+    }
+
+    private static func codexAddTotals(
+        _ lhs: CostUsageCodexTotals,
+        _ rhs: CostUsageCodexTotals) -> CostUsageCodexTotals
+    {
+        CostUsageCodexTotals(
+            input: lhs.input + rhs.input,
+            cached: lhs.cached + rhs.cached,
+            output: lhs.output + rhs.output)
+    }
+
+    private static func codexMinTotals(
+        _ lhs: CostUsageCodexTotals,
+        _ rhs: CostUsageCodexTotals) -> CostUsageCodexTotals
+    {
+        CostUsageCodexTotals(
+            input: min(lhs.input, rhs.input),
+            cached: min(lhs.cached, rhs.cached),
+            output: min(lhs.output, rhs.output))
+    }
+
+    private static func codexTotalDelta(
+        from baseline: CostUsageCodexTotals?,
+        to current: CostUsageCodexTotals) -> CostUsageCodexTotals
+    {
+        let baseline = baseline ?? .init(input: 0, cached: 0, output: 0)
+        return CostUsageCodexTotals(
+            input: max(0, current.input - baseline.input),
+            cached: max(0, current.cached - baseline.cached),
+            output: max(0, current.output - baseline.output))
+    }
+
+    private static func codexDivergentTotalDelta(
+        rawBaseline: CostUsageCodexTotals?,
+        countedBaseline: CostUsageCodexTotals?,
+        current: CostUsageCodexTotals) -> CostUsageCodexTotals
+    {
+        let rawBaseline = rawBaseline ?? .init(input: 0, cached: 0, output: 0)
+        let countedBaseline = countedBaseline ?? .init(input: 0, cached: 0, output: 0)
+
+        func delta(raw: Int, counted: Int, current: Int) -> Int {
+            if current >= raw {
+                return max(0, current - raw)
+            }
+            return max(0, current - counted)
+        }
+
+        return CostUsageCodexTotals(
+            input: delta(raw: rawBaseline.input, counted: countedBaseline.input, current: current.input),
+            cached: delta(raw: rawBaseline.cached, counted: countedBaseline.cached, current: current.cached),
+            output: delta(raw: rawBaseline.output, counted: countedBaseline.output, current: current.output))
+    }
+
+    struct CodexScanResources {
+        let fileIndex: CodexSessionFileIndex
+        let inheritedResolver: CodexInheritedTotalsResolver
+        let modelsDevCatalog: ModelsDevCatalog?
+        let modelsDevCacheRoot: URL?
+        let priorityTurns: [String: CodexPriorityTurnMetadata]
+    }
+
+    struct CodexFileScanContext {
+        let range: CostUsageDayRange
+        let forceFullScan: Bool
+        let dropDeferredCodexRows: Bool
+        let requiresTurnIDCache: Bool
+        let changedPriorityTurnIDs: Set<String>
+        let resources: CodexScanResources
+        let checkCancellation: CancellationCheck?
+    }
+
+    struct CodexRefreshPlan {
+        let refreshMs: Int64
+        let roots: [URL]
+        let rootsFingerprint: [String: Int64]
+        let rootsChanged: Bool
+        let windowExpanded: Bool
+        let needsCostCacheMigration: Bool
+        let modelsDevCatalog: ModelsDevCatalog?
+        let codexPricingKey: String
+        let codexPriorityMetadataKey: String
+        let hasPriorityMetadata: Bool
+        let priorityTurns: [String: CodexPriorityTurnMetadata]
+        let priorityTurnKeys: [String: String]
+        let priorityTurnIDsByDay: [String: [String]]
+        let pricingChanged: Bool
+        let priorityMetadataChanged: Bool
+        let priorityTurnsChanged: Bool
+        let needsTurnIDCacheMigration: Bool
+        let changedPriorityTurnIDs: Set<String>
+        let shouldRefresh: Bool
+    }
+
+    final class CodexSessionFileIndex {
+        private let files: [URL]
+        private let filePaths: Set<String>
+        private let roots: [URL]
+        private let checkCancellation: CancellationCheck?
+        private var nextUnindexedFile = 0
+        private var didIndexRoots = false
+        private var fileURLBySessionId: [String: URL] = [:]
+        private var missingSessionIds: Set<String> = []
+
+        init(
+            files: [URL],
+            roots: [URL],
+            cachedSessionFiles: [String: URL] = [:],
+            checkCancellation: CancellationCheck? = nil)
+        {
+            self.files = files
+            self.filePaths = Set(files.map(\.path))
+            self.roots = roots
+            self.fileURLBySessionId = cachedSessionFiles
+            self.checkCancellation = checkCancellation
+        }
+
+        func remember(fileURL: URL, sessionId: String?) {
+            guard let sessionId, !sessionId.isEmpty else { return }
+            self.fileURLBySessionId[sessionId] = fileURL
+        }
+
+        func fileURL(for sessionId: String) throws -> URL? {
+            if let cached = self.fileURLBySessionId[sessionId] {
+                return cached
+            }
+            if self.missingSessionIds.contains(sessionId) {
+                return nil
+            }
+
+            while self.nextUnindexedFile < self.files.count {
+                try self.checkCancellation?()
+                let fileURL = self.files[self.nextUnindexedFile]
+                self.nextUnindexedFile += 1
+                guard let indexedSessionId = try CostUsageScanner.parseCodexSessionIdentifier(
+                    fileURL: fileURL,
+                    checkCancellation: self.checkCancellation)
+                else {
+                    continue
+                }
+                self.fileURLBySessionId[indexedSessionId] = fileURL
+                if indexedSessionId == sessionId {
+                    return fileURL
+                }
+            }
+
+            if !self.didIndexRoots {
+                try self.indexRoots()
+                if let indexed = self.fileURLBySessionId[sessionId] {
+                    return indexed
+                }
+            }
+
+            self.missingSessionIds.insert(sessionId)
+            return nil
+        }
+
+        private func indexRoots() throws {
+            self.didIndexRoots = true
+            guard !self.roots.isEmpty else { return }
+            for root in self.roots {
+                try self.checkCancellation?()
+                guard let enumerator = FileManager.default.enumerator(
+                    at: root,
+                    includingPropertiesForKeys: [.isRegularFileKey],
+                    options: [.skipsHiddenFiles, .skipsPackageDescendants])
+                else { continue }
+
+                while let fileURL = enumerator.nextObject() as? URL {
+                    try self.checkCancellation?()
+                    guard fileURL.pathExtension.lowercased() == "jsonl" else { continue }
+                    guard !self.filePaths.contains(fileURL.path) else { continue }
+                    guard let indexedSessionId = try CostUsageScanner.parseCodexSessionIdentifier(
+                        fileURL: fileURL,
+                        checkCancellation: self.checkCancellation)
+                    else {
+                        continue
+                    }
+                    self.fileURLBySessionId[indexedSessionId] = fileURL
+                }
+            }
+        }
+    }
+
+    final class CodexInheritedTotalsResolver {
+        private let fileIndex: CodexSessionFileIndex
+        private let checkCancellation: CancellationCheck?
+        private var snapshotsBySessionId: [String: [CodexTimestampedTotals]] = [:]
+
+        init(fileIndex: CodexSessionFileIndex, checkCancellation: CancellationCheck?) {
+            self.fileIndex = fileIndex
+            self.checkCancellation = checkCancellation
+        }
+
+        func inheritedTotals(for sessionId: String, atOrBefore cutoffTimestamp: String) throws -> CodexForkBaseline {
+            guard !cutoffTimestamp.isEmpty else {
+                CostUsageScanner.log.warning(
+                    "Codex cost usage fork timestamp missing; treating parent baseline as unresolved",
+                    metadata: ["sessionId": sessionId])
+                return .unresolved
+            }
+            let cutoffDate = CostUsageScanner.dateFromTimestamp(cutoffTimestamp)
+            if cutoffDate == nil {
+                CostUsageScanner.log.warning(
+                    "Codex cost usage could not parse fork timestamp; falling back to lexical comparison",
+                    metadata: ["sessionId": sessionId, "timestamp": cutoffTimestamp])
+            }
+            guard let snapshots = try self.snapshots(for: sessionId) else { return .unresolved }
+            var inherited: CostUsageCodexTotals?
+            for snapshot in snapshots {
+                let isAtOrBefore: Bool = if let snapshotDate = snapshot.date, let cutoffDate {
+                    snapshotDate <= cutoffDate
+                } else {
+                    snapshot.timestamp <= cutoffTimestamp
+                }
+                if isAtOrBefore {
+                    inherited = snapshot.totals
+                }
+            }
+            return .resolved(inherited)
+        }
+
+        private func snapshots(for sessionId: String) throws -> [CodexTimestampedTotals]? {
+            if let cached = self.snapshotsBySessionId[sessionId] {
+                return cached
+            }
+            try self.checkCancellation?()
+            guard let fileURL = try self.fileIndex.fileURL(for: sessionId) else {
+                CostUsageScanner.log.warning(
+                    "Codex cost usage parent session file not found",
+                    metadata: ["sessionId": sessionId])
+                return nil
+            }
+            let parsed = try CostUsageScanner.parseCodexTokenSnapshots(
+                fileURL: fileURL,
+                checkCancellation: self.checkCancellation)
+            guard let parsedSessionId = parsed.sessionId else {
+                CostUsageScanner.log.warning(
+                    "Codex cost usage parent session missing session metadata",
+                    metadata: ["sessionId": sessionId, "path": fileURL.path])
+                return nil
+            }
+            if parsedSessionId != sessionId {
+                CostUsageScanner.log.warning(
+                    "Codex cost usage parent session resolved to mismatched session id",
+                    metadata: [
+                        "requestedSessionId": sessionId,
+                        "resolvedSessionId": parsedSessionId,
+                        "path": fileURL.path,
+                    ])
+                return nil
+            }
+            self.snapshotsBySessionId[sessionId] = parsed.snapshots
+            return parsed.snapshots
+        }
+    }
+
+    struct ClaudeParseResult {
         let days: [String: [String: [Int]]]
+        let rows: [ClaudeUsageRow]
         let parsedBytes: Int64
     }
 
+    enum ClaudePathRole: String, Codable {
+        case parent
+        case subagent
+    }
+
+    struct ClaudeUsageRow: Codable {
+        let dayKey: String
+        let model: String
+        let sessionId: String?
+        let messageId: String?
+        let requestId: String?
+        let isSidechain: Bool
+        let pathRole: ClaudePathRole
+        let input: Int
+        let cacheRead: Int
+        let cacheCreate: Int
+        let output: Int
+        let costNanos: Int
+        let costPriced: Bool?
+    }
+
     static func loadDailyReport(
         provider: UsageProvider,
         since: Date,
         until: Date,
         now: Date = Date(),
         options: Options = Options()) -> CostUsageDailyReport
+    {
+        (
+            try? self.loadDailyReportCancellable(
+                provider: provider,
+                since: since,
+                until: until,
+                now: now,
+                options: options,
+                checkCancellation: nil)) ?? CostUsageDailyReport(data: [], summary: nil)
+    }
+
+    static func loadDailyReportCancellable(
+        provider: UsageProvider,
+        since: Date,
+        until: Date,
+        now: Date = Date(),
+        options: Options = Options(),
+        checkCancellation: CancellationCheck?) throws -> CostUsageDailyReport
     {
         let range = CostUsageDayRange(since: since, until: until)
         let emptyReport = CostUsageDailyReport(data: [], summary: nil)
+        try checkCancellation?()
 
         switch provider {
         case .codex:
-            return self.loadCodexDaily(range: range, now: now, options: options)
+            return try self.loadCodexDaily(
+                range: range,
+                now: now,
+                options: options,
+                checkCancellation: checkCancellation)
         case .claude:
-            return self.loadClaudeDaily(provider: .claude, range: range, now: now, options: options)
+            return try self.loadClaudeDaily(
+                provider: .claude,
+                range: range,
+                now: now,
+                options: options,
+                checkCancellation: checkCancellation)
         case .vertexai:
             var filtered = options
             if filtered.claudeLogProviderFilter == .all {
                 filtered.claudeLogProviderFilter = .vertexAIOnly
             }
-            return self.loadClaudeDaily(provider: .vertexai, range: range, now: now, options: filtered)
-        case .zai, .gemini, .antigravity, .cursor, .opencode, .factory, .copilot, .minimax, .kilo, .kiro, .kimi,
-             .kimik2, .augment, .jetbrains, .amp, .ollama, .synthetic, .openrouter, .warp:
+            return try self.loadClaudeDaily(
+                provider: .vertexai,
+                range: range,
+                now: now,
+                options: filtered,
+                checkCancellation: checkCancellation)
+        case .openai, .azureopenai, .zai, .gemini, .antigravity, .cursor, .opencode, .opencodego, .alibaba,
+             .alibabatokenplan, .factory,
+             .copilot, .minimax, .manus, .kilo, .kiro, .kimi, .kimik2, .moonshot, .augment, .jetbrains, .amp, .ollama,
+             .t3chat, .synthetic, .openrouter, .elevenlabs, .warp, .perplexity, .mimo, .doubao, .abacus, .mistral,
+             .deepseek, .codebuff, .crof, .windsurf, .venice, .commandcode, .stepfun, .bedrock, .grok, .groq,
+             .llmproxy, .deepgram:
             return emptyReport
         }
     }
 
     // MARK: - Day keys
 
-    struct CostUsageDayRange: Sendable {
+    struct CostUsageDayRange {
         let sinceKey: String
         let untilKey: String
         let scanSinceKey: String
@@ -135,21 +514,313 @@ enum CostUsageScanner {
             .appendingPathComponent("archived_sessions", isDirectory: true)
     }
 
-    private static func listCodexSessionFiles(root: URL, scanSinceKey: String, scanUntilKey: String) -> [URL] {
+    private static func listCodexSessionFiles(
+        root: URL,
+        scanSinceKey: String,
+        scanUntilKey: String,
+        includeRecursive: Bool) -> [URL]
+    {
         let partitioned = self.listCodexSessionFilesByDatePartition(
             root: root,
             scanSinceKey: scanSinceKey,
             scanUntilKey: scanUntilKey)
         let flat = self.listCodexSessionFilesFlat(root: root, scanSinceKey: scanSinceKey, scanUntilKey: scanUntilKey)
+        let recursive = includeRecursive ? self.listCodexLegacySessionFilesRecursive(root: root) : []
         var seen: Set<String> = []
         var out: [URL] = []
-        for item in partitioned + flat where !seen.contains(item.path) {
+        for item in partitioned + flat + recursive where !seen.contains(item.path) {
             seen.insert(item.path)
             out.append(item)
         }
         return out
     }
 
+    private static func cachedCodexSessionFiles(
+        cache: CostUsageCache,
+        range: CostUsageDayRange,
+        roots: [URL]) -> [URL]
+    {
+        cache.files.compactMap { path, usage in
+            let hasRelevantDay = usage.days.keys.contains {
+                CostUsageDayRange.isInRange(dayKey: $0, since: range.scanSinceKey, until: range.scanUntilKey)
+            }
+            guard hasRelevantDay else { return nil }
+            guard FileManager.default.fileExists(atPath: path) else { return nil }
+            let fileURL = URL(fileURLWithPath: path)
+            guard Self.isWithinCodexRoots(fileURL: fileURL, roots: roots) else { return nil }
+            return fileURL
+        }
+    }
+
+    private static func cachedCodexSessionIndex(cache: CostUsageCache, roots: [URL]) -> [String: URL] {
+        var out: [String: URL] = [:]
+        for (path, usage) in cache.files {
+            guard let sessionId = usage.sessionId, !sessionId.isEmpty else { continue }
+            guard FileManager.default.fileExists(atPath: path) else { continue }
+            let fileURL = URL(fileURLWithPath: path)
+            guard Self.isWithinCodexRoots(fileURL: fileURL, roots: roots) else { continue }
+            out[sessionId] = fileURL
+        }
+        return out
+    }
+
+    private static func codexRootsFingerprint(_ roots: [URL]) -> [String: Int64] {
+        var out: [String: Int64] = [:]
+        for root in roots {
+            out[root.standardizedFileURL.path] = 0
+        }
+        return out
+    }
+
+    private static func codexPricingKey(modelsDevArtifact: ModelsDevCacheArtifact?) -> String {
+        guard let modelsDevArtifact else {
+            let fingerprint = CostUsagePricing.codexBuiltInPricingFingerprint()
+            return "builtin-\(Self.sha256Hex(Data(fingerprint.utf8)))"
+        }
+        let fingerprint = self.modelsDevPricingFingerprint(modelsDevArtifact.catalog)
+        return "models-dev-v\(modelsDevArtifact.version)-\(Self.sha256Hex(Data(fingerprint.utf8)))"
+    }
+
+    private static func modelsDevPricingFingerprint(_ catalog: ModelsDevCatalog) -> String {
+        var parts: [String] = []
+        for providerID in catalog.providers.keys.sorted() {
+            guard let provider = catalog.providers[providerID] else { continue }
+            parts.append("provider=\(providerID)|\(provider.id ?? "")")
+            for modelKey in provider.models.keys.sorted() {
+                guard let model = provider.models[modelKey] else { continue }
+                let cost = model.cost
+                let contextOver200K = cost?.contextOver200K
+                parts.append([
+                    "model=\(modelKey)",
+                    model.id,
+                    Self.optionalDoubleFingerprint(cost?.input),
+                    Self.optionalDoubleFingerprint(cost?.output),
+                    Self.optionalDoubleFingerprint(cost?.cacheRead),
+                    Self.optionalDoubleFingerprint(cost?.cacheWrite),
+                    Self.optionalDoubleFingerprint(contextOver200K?.input),
+                    Self.optionalDoubleFingerprint(contextOver200K?.output),
+                    Self.optionalDoubleFingerprint(contextOver200K?.cacheRead),
+                    Self.optionalDoubleFingerprint(contextOver200K?.cacheWrite),
+                    model.limit?.context.map(String.init) ?? "nil",
+                ].joined(separator: "|"))
+            }
+        }
+        return parts.joined(separator: "\n")
+    }
+
+    private static func optionalDoubleFingerprint(_ value: Double?) -> String {
+        guard let value else { return "nil" }
+        return String(format: "%.17g", value)
+    }
+
+    private static func codexPriorityMetadataKey(databaseURL: URL?) -> String {
+        let url = databaseURL ?? self.defaultCodexPriorityDatabaseURL()
+        let path = url.standardizedFileURL.path
+        return FileManager.default.fileExists(atPath: path) ? "sqlite:\(path)" : "missing:\(path)"
+    }
+
+    private static func codexPriorityMetadataChanged(old: String?, new: String) -> Bool {
+        guard let old, old != new else { return false }
+        return new.hasPrefix("sqlite:")
+    }
+
+    private static func codexPriorityTurnKeys(
+        _ priorityTurns: [String: CodexPriorityTurnMetadata]) -> [String: String]
+    {
+        var partsByDay: [String: [String]] = [:]
+        for (turnID, turn) in priorityTurns {
+            guard let dayKey = self.codexPriorityDayKey(turn) else { continue }
+            partsByDay[dayKey, default: []].append([
+                turnID,
+                turn.model ?? "",
+                turn.timestamp ?? "",
+                turn.threadID ?? "",
+            ].joined(separator: "|"))
+        }
+        var out: [String: String] = [:]
+        for (dayKey, parts) in partsByDay {
+            out[dayKey] = self.sha256Hex(Data(parts.sorted().joined(separator: "\n").utf8))
+        }
+        return out
+    }
+
+    private static func codexPriorityTurnIDsByDay(
+        _ priorityTurns: [String: CodexPriorityTurnMetadata]) -> [String: [String]]
+    {
+        var out: [String: Set<String>] = [:]
+        for (turnID, turn) in priorityTurns {
+            guard let dayKey = self.codexPriorityDayKey(turn) else { continue }
+            out[dayKey, default: []].insert(turnID)
+        }
+        return out.mapValues { $0.sorted() }
+    }
+
+    private static func codexPriorityDayKey(_ turn: CodexPriorityTurnMetadata) -> String? {
+        guard let timestamp = turn.timestamp else { return nil }
+        let dayKeyFromEpoch = Int64(timestamp).map {
+            CostUsageDayRange.dayKey(from: Date(timeIntervalSince1970: TimeInterval($0)))
+        }
+        return dayKeyFromEpoch ?? self.dayKeyFromTimestamp(timestamp) ?? self.dayKeyFromParsedISO(timestamp)
+    }
+
+    private static func codexPriorityTurnKeysChanged(
+        old: [String: String]?,
+        new: [String: String],
+        range: CostUsageDayRange) -> Bool
+    {
+        for dayKey in self.dayKeys(sinceKey: range.scanSinceKey, untilKey: range.scanUntilKey)
+            where old?[dayKey] != new[dayKey]
+        {
+            return true
+        }
+        return false
+    }
+
+    private static func changedPriorityTurnIDs(
+        old: [String: [String]]?,
+        new: [String: [String]],
+        oldKeys: [String: String]?,
+        newKeys: [String: String],
+        range: CostUsageDayRange) -> Set<String>
+    {
+        var out = Set<String>()
+        for dayKey in self.dayKeys(sinceKey: range.scanSinceKey, untilKey: range.scanUntilKey) {
+            let oldIDs = Set(old?[dayKey] ?? [])
+            let newIDs = Set(new[dayKey] ?? [])
+            if oldIDs != newIDs || oldKeys?[dayKey] != newKeys[dayKey] {
+                out.formUnion(oldIDs)
+                out.formUnion(newIDs)
+            }
+        }
+        return out
+    }
+
+    private static func mergePriorityTurnKeys(
+        existing: [String: String]?,
+        new: [String: String],
+        range: CostUsageDayRange,
+        retainedSinceKey: String,
+        retainedUntilKey: String) -> [String: String]?
+    {
+        var out = existing ?? [:]
+        for dayKey in self.dayKeys(sinceKey: range.scanSinceKey, untilKey: range.scanUntilKey) {
+            out[dayKey] = new[dayKey]
+        }
+        out = out.filter { key, _ in
+            CostUsageDayRange.isInRange(dayKey: key, since: retainedSinceKey, until: retainedUntilKey)
+        }
+        return out.isEmpty ? nil : out
+    }
+
+    private static func mergePriorityTurnIDsByDay(
+        existing: [String: [String]]?,
+        new: [String: [String]],
+        range: CostUsageDayRange,
+        retainedSinceKey: String,
+        retainedUntilKey: String) -> [String: [String]]?
+    {
+        var out = existing ?? [:]
+        for dayKey in self.dayKeys(sinceKey: range.scanSinceKey, untilKey: range.scanUntilKey) {
+            out[dayKey] = new[dayKey] ?? []
+        }
+        out = out.filter { key, _ in
+            CostUsageDayRange.isInRange(dayKey: key, since: retainedSinceKey, until: retainedUntilKey)
+        }
+        return out.isEmpty ? nil : out
+    }
+
+    private static func sha256Hex(_ data: Data) -> String {
+        SHA256.hash(data: data).map { String(format: "%02x", $0) }.joined()
+    }
+
+    private static func listCodexRecentlyModifiedFiles(
+        root: URL,
+        scanSinceKey: String,
+        scanUntilKey: String,
+        modifiedSince: Date) -> [URL]
+    {
+        let lookbackSinceKey = self.dayKey(scanSinceKey, addingDays: -self.codexActiveSessionLookbackDays)
+            ?? scanSinceKey
+        let partitioned = self.listCodexSessionFilesByDatePartition(
+            root: root,
+            scanSinceKey: lookbackSinceKey,
+            scanUntilKey: scanUntilKey)
+        let partitionedModified = self.filterRecentlyModified(files: partitioned, modifiedSince: modifiedSince)
+
+        let legacyRecursive = self.listCodexRecentlyModifiedFilesRecursive(root: root, modifiedSince: modifiedSince)
+        var seen = Set(partitionedModified.map(\.path))
+        var out = partitionedModified
+        for fileURL in legacyRecursive where !seen.contains(fileURL.path) {
+            seen.insert(fileURL.path)
+            out.append(fileURL)
+        }
+        return out
+    }
+
+    private static func filterRecentlyModified(files: [URL], modifiedSince: Date) -> [URL] {
+        files.filter { fileURL in
+            let values = try? fileURL.resourceValues(forKeys: [.isRegularFileKey, .contentModificationDateKey])
+            guard values?.isRegularFile == true else { return false }
+            guard let modifiedAt = values?.contentModificationDate else { return false }
+            return modifiedAt >= modifiedSince
+        }
+    }
+
+    private static func isDatePartitionComponent(_ value: String, length: Int) -> Bool {
+        value.count == length && value.allSatisfy(\.isNumber)
+    }
+
+    private static func dayKey(_ dayKey: String, addingDays days: Int) -> String? {
+        guard let date = self.parseDayKey(dayKey) else { return nil }
+        guard let shifted = Calendar.current.date(byAdding: .day, value: days, to: date) else { return nil }
+        return CostUsageDayRange.dayKey(from: shifted)
+    }
+
+    private static func dayKeys(sinceKey: String, untilKey: String) -> [String] {
+        guard let since = self.parseDayKey(sinceKey),
+              self.parseDayKey(untilKey) != nil
+        else { return sinceKey <= untilKey ? [sinceKey] : [] }
+
+        var out: [String] = []
+        var cursor = since
+        let calendar = Calendar.current
+        while CostUsageDayRange.dayKey(from: cursor) <= untilKey {
+            out.append(CostUsageDayRange.dayKey(from: cursor))
+            guard let next = calendar.date(byAdding: .day, value: 1, to: cursor) else { break }
+            if next <= cursor { break }
+            cursor = next
+        }
+        return out
+    }
+
+    private static func listCodexRecentlyModifiedFilesRecursive(root: URL, modifiedSince: Date) -> [URL] {
+        guard let enumerator = FileManager.default.enumerator(
+            at: root,
+            includingPropertiesForKeys: [.isRegularFileKey, .contentModificationDateKey],
+            options: [.skipsHiddenFiles, .skipsPackageDescendants])
+        else { return [] }
+
+        var out: [URL] = []
+        while let fileURL = enumerator.nextObject() as? URL {
+            guard fileURL.pathExtension.lowercased() == "jsonl" else { continue }
+            let values = try? fileURL.resourceValues(forKeys: [.isRegularFileKey, .contentModificationDateKey])
+            guard values?.isRegularFile == true else { continue }
+            guard let modifiedAt = values?.contentModificationDate, modifiedAt >= modifiedSince else { continue }
+            out.append(fileURL)
+        }
+        return out
+    }
+
+    private static func isWithinCodexRoots(fileURL: URL, roots: [URL]) -> Bool {
+        let filePath = fileURL.standardizedFileURL.path
+        return roots.contains { root in
+            let rootPath = root.standardizedFileURL.path
+            if filePath == rootPath { return true }
+            let prefix = rootPath.hasSuffix("/") ? rootPath : rootPath + "/"
+            return filePath.hasPrefix(prefix)
+        }
+    }
+
     private static func listCodexSessionFilesByDatePartition(
         root: URL,
         scanSinceKey: String,
@@ -206,6 +877,36 @@ enum CostUsageScanner {
         return out
     }
 
+    private static func listCodexLegacySessionFilesRecursive(root: URL) -> [URL] {
+        guard FileManager.default.fileExists(atPath: root.path) else { return [] }
+        let rootPath = root.standardizedFileURL.path
+        guard let enumerator = FileManager.default.enumerator(
+            at: root,
+            includingPropertiesForKeys: [.isDirectoryKey, .isRegularFileKey],
+            options: [.skipsHiddenFiles, .skipsPackageDescendants])
+        else { return [] }
+
+        var out: [URL] = []
+        while let item = enumerator.nextObject() as? URL {
+            if Self.isCodexDatePartitionAncestor(item, rootPath: rootPath) {
+                enumerator.skipDescendants()
+                continue
+            }
+            guard item.pathExtension.lowercased() == "jsonl" else { continue }
+            out.append(item)
+        }
+        return out
+    }
+
+    private static func isCodexDatePartitionAncestor(_ url: URL, rootPath: String) -> Bool {
+        let path = url.standardizedFileURL.path
+        guard path.hasPrefix(rootPath + "/") else { return false }
+        let relative = String(path.dropFirst(rootPath.count + 1))
+        let parts = relative.split(separator: "/")
+        guard parts.count == 1 else { return false }
+        return Self.isDatePartitionComponent(String(parts[0]), length: 4)
+    }
+
     private static let codexFilenameDateRegex = try? NSRegularExpression(pattern: "(\\d{4}-\\d{2}-\\d{2})")
 
     private static func dayKeyFromFilename(_ filename: String) -> String? {
@@ -216,7 +917,7 @@ enum CostUsageScanner {
         return String(filename[matchRange])
     }
 
-    private static func fileIdentityString(fileURL: URL) -> String? {
+    static func fileIdentityString(fileURL: URL) -> String? {
         guard let values = try? fileURL.resourceValues(forKeys: [.fileResourceIdentifierKey]) else { return nil }
         guard let identifier = values.fileResourceIdentifier else { return nil }
         if let data = identifier as? Data {
@@ -225,18 +926,304 @@ enum CostUsageScanner {
         return String(describing: identifier)
     }
 
+    private struct CodexSessionMetadata {
+        let sessionId: String?
+        let forkedFromId: String?
+        let forkTimestamp: String?
+    }
+
+    private static func codexForkParentId(from payload: [String: Any]?) -> String? {
+        guard let payload else { return nil }
+        for key in ["forked_from_id", "forkedFromId", "parent_session_id", "parentSessionId"] {
+            guard let value = payload[key] as? String else { continue }
+            let trimmed = value.trimmingCharacters(in: .whitespacesAndNewlines)
+            if !trimmed.isEmpty {
+                return trimmed
+            }
+        }
+        return nil
+    }
+
+    private static func parseCodexSessionIdentifier(
+        fileURL: URL,
+        checkCancellation: CancellationCheck? = nil) throws -> String?
+    {
+        try self.parseCodexSessionMetadata(fileURL: fileURL, checkCancellation: checkCancellation)?.sessionId
+    }
+
+    private static func parseCodexSessionMetadata(
+        fileURL: URL,
+        checkCancellation: CancellationCheck? = nil) throws -> CodexSessionMetadata?
+    {
+        let handle: FileHandle
+        do {
+            handle = try FileHandle(forReadingFrom: fileURL)
+        } catch {
+            self.log.warning(
+                "Codex cost usage failed to open session file for session id parsing",
+                metadata: ["path": fileURL.path, "error": error.localizedDescription])
+            return nil
+        }
+        defer { try? handle.close() }
+
+        var buffer = Data()
+        let newline = Data([0x0A])
+
+        func parseSessionMetadata(from lineData: Data) -> CodexSessionMetadata? {
+            guard !lineData.isEmpty else { return nil }
+            return autoreleasepool {
+                guard let obj = (try? JSONSerialization.jsonObject(with: lineData)) as? [String: Any]
+                else { return nil }
+                guard obj["type"] as? String == "session_meta" else { return nil }
+                let payload = obj["payload"] as? [String: Any]
+                return CodexSessionMetadata(
+                    sessionId: payload?["session_id"] as? String
+                        ?? payload?["sessionId"] as? String
+                        ?? payload?["id"] as? String
+                        ?? obj["session_id"] as? String
+                        ?? obj["sessionId"] as? String
+                        ?? obj["id"] as? String,
+                    forkedFromId: Self.codexForkParentId(from: payload),
+                    forkTimestamp: payload?["timestamp"] as? String
+                        ?? obj["timestamp"] as? String)
+            }
+        }
+
+        do {
+            while let chunk = try handle.read(upToCount: 64 * 1024), !chunk.isEmpty {
+                try checkCancellation?()
+                buffer.append(chunk)
+                while let newlineRange = buffer.range(of: newline) {
+                    let lineData = buffer.subdata(in: 0..<newlineRange.lowerBound)
+                    buffer.removeSubrange(0..<newlineRange.upperBound)
+                    if let metadata = parseSessionMetadata(from: lineData) {
+                        return metadata
+                    }
+                }
+            }
+        } catch is CancellationError {
+            throw CancellationError()
+        } catch {
+            self.log.warning(
+                "Codex cost usage failed while reading session file for session id parsing",
+                metadata: ["path": fileURL.path, "error": error.localizedDescription])
+            return nil
+        }
+
+        if let metadata = parseSessionMetadata(from: buffer) {
+            return metadata
+        }
+        return nil
+    }
+
+    private static func parseCodexTokenSnapshots(
+        fileURL: URL,
+        checkCancellation: CancellationCheck? = nil) throws -> (
+        sessionId: String?,
+        snapshots: [CodexTimestampedTotals])
+    {
+        var sessionId: String?
+        var previousTotals: CostUsageCodexTotals?
+        var rawTotalsBaseline: CostUsageCodexTotals?
+        var sawDivergentTotals = false
+        var snapshots: [CodexTimestampedTotals] = []
+        var warnedAboutUnparsedTimestamp = false
+
+        func parsedSnapshotDate(timestamp: String) -> Date? {
+            let date = Self.dateFromTimestamp(timestamp)
+            if date == nil, !warnedAboutUnparsedTimestamp {
+                warnedAboutUnparsedTimestamp = true
+                self.log.warning(
+                    "Codex cost usage could not parse parent token snapshot timestamp; "
+                        + "falling back to lexical comparison",
+                    metadata: ["path": fileURL.path, "timestamp": timestamp])
+            }
+            return date
+        }
+
+        do {
+            _ = try CostUsageJsonl.scan(
+                fileURL: fileURL,
+                maxLineBytes: 512 * 1024,
+                prefixBytes: 512 * 1024,
+                checkCancellation: checkCancellation,
+                onLine: { line in
+                    guard !line.bytes.isEmpty, !line.wasTruncated else { return }
+                    autoreleasepool {
+                        guard let obj = (try? JSONSerialization.jsonObject(with: line.bytes)) as? [String: Any]
+                        else { return }
+
+                        if obj["type"] as? String == "session_meta" {
+                            let payload = obj["payload"] as? [String: Any]
+                            if sessionId == nil {
+                                sessionId = payload?["session_id"] as? String
+                                    ?? payload?["sessionId"] as? String
+                                    ?? payload?["id"] as? String
+                                    ?? obj["session_id"] as? String
+                                    ?? obj["sessionId"] as? String
+                                    ?? obj["id"] as? String
+                            }
+                            return
+                        }
+
+                        guard obj["type"] as? String == "event_msg" else { return }
+                        guard let payload = obj["payload"] as? [String: Any] else { return }
+                        guard payload["type"] as? String == "token_count" else { return }
+                        guard let info = payload["info"] as? [String: Any] else { return }
+                        guard let timestamp = obj["timestamp"] as? String else { return }
+
+                        func toInt(_ value: Any?) -> Int {
+                            if let number = value as? NSNumber { return number.intValue }
+                            return 0
+                        }
+
+                        let total = info["total_token_usage"] as? [String: Any]
+                        let last = info["last_token_usage"] as? [String: Any]
+
+                        if let last {
+                            let rawDelta = CostUsageCodexTotals(
+                                input: max(0, toInt(last["input_tokens"])),
+                                cached: max(0, toInt(last["cached_input_tokens"] ?? last["cache_read_input_tokens"])),
+                                output: max(0, toInt(last["output_tokens"])))
+                            let base = previousTotals ?? .init(input: 0, cached: 0, output: 0)
+                            var countedDelta = rawDelta
+
+                            if let total {
+                                let rawTotals = CostUsageCodexTotals(
+                                    input: toInt(total["input_tokens"]),
+                                    cached: toInt(total["cached_input_tokens"] ?? total["cache_read_input_tokens"]),
+                                    output: toInt(total["output_tokens"]))
+                                let totalDelta = Self.codexTotalDelta(from: rawTotalsBaseline, to: rawTotals)
+                                if Self.codexShouldPreferTotalDelta(
+                                    rawBaseline: rawTotalsBaseline,
+                                    currentTotal: rawTotals,
+                                    totalDelta: totalDelta,
+                                    lastDelta: rawDelta,
+                                    sawDivergentTotals: sawDivergentTotals)
+                                {
+                                    countedDelta = totalDelta
+                                }
+                                let next = Self.codexAddTotals(base, countedDelta)
+                                previousTotals = next
+                                rawTotalsBaseline = rawTotals
+                                if !Self.codexTotalsEqual(rawTotals, next) {
+                                    sawDivergentTotals = true
+                                }
+                            } else {
+                                let next = Self.codexAddTotals(base, countedDelta)
+                                previousTotals = next
+                                rawTotalsBaseline = next
+                            }
+
+                            snapshots.append(CodexTimestampedTotals(
+                                timestamp: timestamp,
+                                date: parsedSnapshotDate(timestamp: timestamp),
+                                totals: previousTotals ?? base))
+                        } else if let total {
+                            let next = CostUsageCodexTotals(
+                                input: toInt(total["input_tokens"]),
+                                cached: toInt(total["cached_input_tokens"] ?? total["cache_read_input_tokens"]),
+                                output: toInt(total["output_tokens"]))
+                            let delta = sawDivergentTotals
+                                ? Self.codexDivergentTotalDelta(
+                                    rawBaseline: rawTotalsBaseline,
+                                    countedBaseline: previousTotals,
+                                    current: next)
+                                : Self.codexTotalDelta(from: rawTotalsBaseline, to: next)
+                            let base = previousTotals ?? .init(input: 0, cached: 0, output: 0)
+                            let countedTotals = Self.codexAddTotals(base, delta)
+                            previousTotals = countedTotals
+                            rawTotalsBaseline = next
+                            if !Self.codexTotalsEqual(next, countedTotals) {
+                                sawDivergentTotals = true
+                            }
+                            snapshots.append(CodexTimestampedTotals(
+                                timestamp: timestamp,
+                                date: parsedSnapshotDate(timestamp: timestamp),
+                                totals: countedTotals))
+                        }
+                    }
+                })
+        } catch is CancellationError {
+            throw CancellationError()
+        } catch {
+            self.log.warning(
+                "Codex cost usage failed while scanning parent token snapshots",
+                metadata: ["path": fileURL.path, "error": error.localizedDescription])
+        }
+
+        return (sessionId, snapshots)
+    }
+
     static func parseCodexFile(
         fileURL: URL,
         range: CostUsageDayRange,
         startOffset: Int64 = 0,
         initialModel: String? = nil,
-        initialTotals: CostUsageCodexTotals? = nil) -> CodexParseResult
+        initialTotals: CostUsageCodexTotals? = nil,
+        initialRawTotalsBaseline: CostUsageCodexTotals? = nil,
+        initialHasDivergentTotals: Bool = false,
+        initialCodexTurnID: String? = nil,
+        inheritedTotalsResolver: ((String, String) -> CodexForkBaseline)? = nil) -> CodexParseResult
+    {
+        let throwingResolver: ((String, String) throws -> CodexForkBaseline)? = inheritedTotalsResolver
+            .map { resolver in
+                { sessionId, timestamp in resolver(sessionId, timestamp) }
+            }
+        return (
+            try? Self.parseCodexFileCancellable(
+                fileURL: fileURL,
+                range: range,
+                startOffset: startOffset,
+                initialModel: initialModel,
+                initialTotals: initialTotals,
+                initialRawTotalsBaseline: initialRawTotalsBaseline,
+                initialHasDivergentTotals: initialHasDivergentTotals,
+                initialCodexTurnID: initialCodexTurnID,
+                inheritedTotalsResolver: throwingResolver,
+                checkCancellation: nil)) ?? CodexParseResult(
+            days: [:],
+            parsedBytes: startOffset,
+            lastModel: initialModel,
+            lastTotals: initialTotals,
+            lastCountedTotals: initialTotals,
+            lastRawTotalsBaseline: initialRawTotalsBaseline,
+            hasDivergentTotals: initialHasDivergentTotals,
+            lastCodexTurnID: initialCodexTurnID,
+            sessionId: nil,
+            forkedFromId: nil,
+            rows: [])
+    }
+
+    // swiftlint:disable:next cyclomatic_complexity function_body_length
+    static func parseCodexFileCancellable(
+        fileURL: URL,
+        range: CostUsageDayRange,
+        startOffset: Int64 = 0,
+        initialModel: String? = nil,
+        initialTotals: CostUsageCodexTotals? = nil,
+        initialRawTotalsBaseline: CostUsageCodexTotals? = nil,
+        initialHasDivergentTotals: Bool = false,
+        initialCodexTurnID: String? = nil,
+        inheritedTotalsResolver: ((String, String) throws -> CodexForkBaseline)? = nil,
+        checkCancellation: CancellationCheck? = nil) throws -> CodexParseResult
     {
         var currentModel = initialModel
         var previousTotals = initialTotals
         var sessionId: String?
+        var forkedFromId: String?
+        var inheritedTotals: CostUsageCodexTotals?
+        var remainingInheritedTotals: CostUsageCodexTotals?
+        var forkBaselineResolved = false
+        var hasUnresolvedForkBaseline = false
+        var unresolvedForkTotalWatermark: CostUsageCodexTotals?
+        var currentTurnID = initialCodexTurnID
+        var rawTotalsBaseline = initialRawTotalsBaseline ?? initialTotals
+        var sawDivergentTotals = initialHasDivergentTotals
+        var deferredError: Error?
 
         var days: [String: [String: [Int]]] = [:]
+        var rows: [CodexUsageRow] = []
 
         func add(dayKey: String, model: String, input: Int, cached: Int, output: Int) {
             guard CostUsageDayRange.isInRange(dayKey: dayKey, since: range.scanSinceKey, until: range.scanUntilKey)
@@ -252,484 +1239,652 @@ enum CostUsageScanner {
             days[dayKey] = dayModels
         }
 
-        let maxLineBytes = 256 * 1024
-        let prefixBytes = 32 * 1024
-
-        let parsedBytes = (try? CostUsageJsonl.scan(
-            fileURL: fileURL,
-            offset: startOffset,
-            maxLineBytes: maxLineBytes,
-            prefixBytes: prefixBytes,
-            onLine: { line in
-                guard !line.bytes.isEmpty else { return }
-                guard !line.wasTruncated else { return }
-
-                guard
-                    line.bytes.containsAscii(#""type":"event_msg""#)
-                    || line.bytes.containsAscii(#""type":"turn_context""#)
-                    || line.bytes.containsAscii(#""type":"session_meta""#)
-                else { return }
-
-                if line.bytes.containsAscii(#""type":"event_msg""#), !line.bytes.containsAscii(#""token_count""#) {
-                    return
-                }
+        func resolveForkBaseline(parentSessionId: String, forkedAt: String) throws {
+            guard !forkBaselineResolved else { return }
+            guard let inheritedTotalsResolver else { return }
+            forkBaselineResolved = true
+            switch try inheritedTotalsResolver(parentSessionId, forkedAt) {
+            case let .resolved(totals):
+                inheritedTotals = totals
+                remainingInheritedTotals = totals
+                hasUnresolvedForkBaseline = false
+            case .unresolved:
+                hasUnresolvedForkBaseline = true
+            }
+        }
 
-                guard
-                    let obj = (try? JSONSerialization.jsonObject(with: line.bytes)) as? [String: Any],
-                    let type = obj["type"] as? String
-                else { return }
-
-                if type == "session_meta" {
-                    if sessionId == nil {
-                        let payload = obj["payload"] as? [String: Any]
-                        sessionId = payload?["session_id"] as? String
-                            ?? payload?["sessionId"] as? String
-                            ?? payload?["id"] as? String
-                            ?? obj["session_id"] as? String
-                            ?? obj["sessionId"] as? String
-                            ?? obj["id"] as? String
-                    }
-                    return
-                }
+        let maxLineBytes = 256 * 1024
+        let prefixBytes = maxLineBytes
 
-                guard let tsText = obj["timestamp"] as? String else { return }
-                guard let dayKey = Self.dayKeyFromTimestamp(tsText) ?? Self.dayKeyFromParsedISO(tsText) else { return }
+        if startOffset == 0,
+           let metadata = try Self.parseCodexSessionMetadata(
+               fileURL: fileURL,
+               checkCancellation: checkCancellation)
+        {
+            sessionId = metadata.sessionId
+            forkedFromId = metadata.forkedFromId
+            if let forkedFromId = metadata.forkedFromId,
+               inheritedTotals == nil
+            {
+                let forkedAt = metadata.forkTimestamp ?? ""
+                try resolveForkBaseline(parentSessionId: forkedFromId, forkedAt: forkedAt)
+            }
+        }
 
-                if type == "turn_context" {
-                    if let payload = obj["payload"] as? [String: Any] {
-                        if let model = payload["model"] as? String {
-                            currentModel = model
-                        } else if let info = payload["info"] as? [String: Any], let model = info["model"] as? String {
+        var parsedBytes: Int64
+        do {
+            parsedBytes = try CostUsageJsonl.scan(
+                fileURL: fileURL,
+                offset: startOffset,
+                maxLineBytes: maxLineBytes,
+                prefixBytes: prefixBytes,
+                checkCancellation: checkCancellation,
+                onLine: { line in
+                    if deferredError != nil { return }
+                    guard !line.bytes.isEmpty else { return }
+                    if line.wasTruncated {
+                        // `turn_context` can carry very large prompts, but its model usually appears near the start.
+                        if let model = Self.extractCodexTurnContextModel(from: line.bytes) {
                             currentModel = model
                         }
+                        return
                     }
-                    return
-                }
 
-                guard type == "event_msg" else { return }
-                guard let payload = obj["payload"] as? [String: Any] else { return }
-                guard (payload["type"] as? String) == "token_count" else { return }
+                    guard
+                        line.bytes.containsAscii(#""type":"event_msg""#)
+                        || line.bytes.containsAscii(#""type":"turn_context""#)
+                        || line.bytes.containsAscii(#""type":"session_meta""#)
+                    else { return }
+
+                    if line.bytes.containsAscii(#""type":"event_msg""#),
+                       !line.bytes.containsAscii(#""token_count""#),
+                       !line.bytes.containsAscii(#""task_started""#)
+                    {
+                        return
+                    }
 
-                let info = payload["info"] as? [String: Any]
-                let modelFromInfo = info?["model"] as? String
-                    ?? info?["model_name"] as? String
-                    ?? payload["model"] as? String
-                    ?? obj["model"] as? String
-                let model = modelFromInfo ?? currentModel ?? "gpt-5"
+                    autoreleasepool {
+                        guard
+                            let obj = (try? JSONSerialization.jsonObject(with: line.bytes)) as? [String: Any],
+                            let type = obj["type"] as? String
+                        else { return }
+
+                        if type == "session_meta" {
+                            let payload = obj["payload"] as? [String: Any]
+                            if sessionId == nil {
+                                sessionId = payload?["session_id"] as? String
+                                    ?? payload?["sessionId"] as? String
+                                    ?? payload?["id"] as? String
+                                    ?? obj["session_id"] as? String
+                                    ?? obj["sessionId"] as? String
+                                    ?? obj["id"] as? String
+                            }
+                            if forkedFromId == nil {
+                                forkedFromId = Self.codexForkParentId(from: payload)
+                            }
+                            if let forkedFromId {
+                                let forkedAt = payload?["timestamp"] as? String
+                                    ?? obj["timestamp"] as? String
+                                    ?? ""
+                                do {
+                                    try resolveForkBaseline(parentSessionId: forkedFromId, forkedAt: forkedAt)
+                                } catch {
+                                    deferredError = error
+                                    return
+                                }
+                            }
+                            return
+                        }
 
-                func toInt(_ v: Any?) -> Int {
-                    if let n = v as? NSNumber { return n.intValue }
-                    return 0
-                }
+                        guard let tsText = obj["timestamp"] as? String else { return }
+                        guard let dayKey = Self.dayKeyFromTimestamp(tsText) ?? Self.dayKeyFromParsedISO(tsText)
+                        else { return }
+
+                        if type == "turn_context" {
+                            if let payload = obj["payload"] as? [String: Any] {
+                                if let model = payload["model"] as? String {
+                                    currentModel = model
+                                } else if let info = payload["info"] as? [String: Any],
+                                          let model = info["model"] as? String
+                                {
+                                    currentModel = model
+                                }
+                            }
+                            return
+                        }
 
-                let total = (info?["total_token_usage"] as? [String: Any])
-                let last = (info?["last_token_usage"] as? [String: Any])
-
-                var deltaInput = 0
-                var deltaCached = 0
-                var deltaOutput = 0
-
-                if let total {
-                    let input = toInt(total["input_tokens"])
-                    let cached = toInt(total["cached_input_tokens"] ?? total["cache_read_input_tokens"])
-                    let output = toInt(total["output_tokens"])
-
-                    let prev = previousTotals
-                    deltaInput = max(0, input - (prev?.input ?? 0))
-                    deltaCached = max(0, cached - (prev?.cached ?? 0))
-                    deltaOutput = max(0, output - (prev?.output ?? 0))
-                    previousTotals = CostUsageCodexTotals(input: input, cached: cached, output: output)
-                } else if let last {
-                    deltaInput = max(0, toInt(last["input_tokens"]))
-                    deltaCached = max(0, toInt(last["cached_input_tokens"] ?? last["cache_read_input_tokens"]))
-                    deltaOutput = max(0, toInt(last["output_tokens"]))
-                } else {
-                    return
-                }
+                        guard type == "event_msg" else { return }
+                        guard let payload = obj["payload"] as? [String: Any] else { return }
+                        if (payload["type"] as? String) == "task_started" {
+                            currentTurnID = Self.codexTurnID(from: payload)
+                            return
+                        }
+                        guard (payload["type"] as? String) == "token_count" else { return }
+
+                        let info = payload["info"] as? [String: Any]
+                        let modelFromInfo = info?["model"] as? String
+                            ?? info?["model_name"] as? String
+                            ?? payload["model"] as? String
+                            ?? obj["model"] as? String
+                        let model = currentModel ?? modelFromInfo ?? "gpt-5"
+
+                        func toInt(_ v: Any?) -> Int {
+                            if let n = v as? NSNumber { return n.intValue }
+                            return 0
+                        }
+
+                        func tokenTotals(_ usage: [String: Any]) -> CostUsageCodexTotals {
+                            CostUsageCodexTotals(
+                                input: max(0, toInt(usage["input_tokens"])),
+                                cached: max(0, toInt(usage["cached_input_tokens"] ?? usage["cache_read_input_tokens"])),
+                                output: max(0, toInt(usage["output_tokens"])))
+                        }
 
-                if deltaInput == 0, deltaCached == 0, deltaOutput == 0 { return }
-                let cachedClamp = min(deltaCached, deltaInput)
-                add(dayKey: dayKey, model: model, input: deltaInput, cached: cachedClamp, output: deltaOutput)
-            })) ?? startOffset
+                        let total = (info?["total_token_usage"] as? [String: Any])
+                        let last = (info?["last_token_usage"] as? [String: Any])
+
+                        var deltaInput = 0
+                        var deltaCached = 0
+                        var deltaOutput = 0
+
+                        func adjustedLastDelta(_ rawDelta: CostUsageCodexTotals) -> CostUsageCodexTotals {
+                            guard var remaining = remainingInheritedTotals else { return rawDelta }
+
+                            let adjusted = CostUsageCodexTotals(
+                                input: max(0, rawDelta.input - remaining.input),
+                                cached: max(0, rawDelta.cached - remaining.cached),
+                                output: max(0, rawDelta.output - remaining.output))
+
+                            remaining.input = max(0, remaining.input - rawDelta.input)
+                            remaining.cached = max(0, remaining.cached - rawDelta.cached)
+                            remaining.output = max(0, remaining.output - rawDelta.output)
+                            remainingInheritedTotals = if remaining.input == 0, remaining.cached == 0,
+                                                          remaining.output == 0
+                            {
+                                nil
+                            } else {
+                                remaining
+                            }
+
+                            return adjusted
+                        }
+
+                        let handledUnresolvedForkTotal = hasUnresolvedForkBaseline && total != nil
+                        if hasUnresolvedForkBaseline, let total {
+                            let currentRawTotals = tokenTotals(total)
+                            defer {
+                                unresolvedForkTotalWatermark = currentRawTotals
+                            }
+                            guard let last,
+                                  let watermark = unresolvedForkTotalWatermark
+                            else {
+                                return
+                            }
+
+                            let rawLastDelta = tokenTotals(last)
+                            let rawTotalDelta = Self.codexTotalDelta(from: watermark, to: currentRawTotals)
+                            let adjustedDelta = Self.codexMinTotals(rawLastDelta, rawTotalDelta)
+                            deltaInput = adjustedDelta.input
+                            deltaCached = adjustedDelta.cached
+                            deltaOutput = adjustedDelta.output
+                            let prev = previousTotals ?? .init(input: 0, cached: 0, output: 0)
+                            previousTotals = Self.codexAddTotals(prev, adjustedDelta)
+                            rawTotalsBaseline = previousTotals
+                        }
+
+                        if !handledUnresolvedForkTotal,
+                           let total,
+                           forkedFromId != nil,
+                           !hasUnresolvedForkBaseline
+                        {
+                            let rawTotals = tokenTotals(total)
+                            let currentTotals: CostUsageCodexTotals = if let inheritedTotals {
+                                CostUsageCodexTotals(
+                                    input: max(0, rawTotals.input - inheritedTotals.input),
+                                    cached: max(0, rawTotals.cached - inheritedTotals.cached),
+                                    output: max(0, rawTotals.output - inheritedTotals.output))
+                            } else {
+                                rawTotals
+                            }
+                            let delta = sawDivergentTotals
+                                ? Self.codexDivergentTotalDelta(
+                                    rawBaseline: rawTotalsBaseline,
+                                    countedBaseline: previousTotals,
+                                    current: currentTotals)
+                                : Self.codexTotalDelta(from: rawTotalsBaseline, to: currentTotals)
+                            deltaInput = delta.input
+                            deltaCached = delta.cached
+                            deltaOutput = delta.output
+                            let prev = previousTotals ?? .init(input: 0, cached: 0, output: 0)
+                            previousTotals = Self.codexAddTotals(prev, delta)
+                            rawTotalsBaseline = currentTotals
+                            if !Self.codexTotalsEqual(rawTotalsBaseline, previousTotals) {
+                                sawDivergentTotals = true
+                            }
+                            remainingInheritedTotals = nil
+                        } else if !handledUnresolvedForkTotal, let last {
+                            let rawDelta = CostUsageCodexTotals(
+                                input: max(0, toInt(last["input_tokens"])),
+                                cached: max(0, toInt(last["cached_input_tokens"] ?? last["cache_read_input_tokens"])),
+                                output: max(0, toInt(last["output_tokens"])))
+                            let hadRemainingInheritedTotals = remainingInheritedTotals != nil
+                            var adjustedDelta = adjustedLastDelta(rawDelta)
+                            deltaInput = adjustedDelta.input
+                            deltaCached = adjustedDelta.cached
+                            deltaOutput = adjustedDelta.output
+                            let prev = previousTotals ?? .init(input: 0, cached: 0, output: 0)
+
+                            if let total, !hasUnresolvedForkBaseline {
+                                let rawTotals = tokenTotals(total)
+                                let currentTotals: CostUsageCodexTotals = if let inheritedTotals {
+                                    CostUsageCodexTotals(
+                                        input: max(0, rawTotals.input - inheritedTotals.input),
+                                        cached: max(0, rawTotals.cached - inheritedTotals.cached),
+                                        output: max(0, rawTotals.output - inheritedTotals.output))
+                                } else {
+                                    rawTotals
+                                }
+                                let totalDelta = Self.codexTotalDelta(from: rawTotalsBaseline, to: currentTotals)
+                                if !hadRemainingInheritedTotals,
+                                   Self.codexShouldPreferTotalDelta(
+                                       rawBaseline: rawTotalsBaseline,
+                                       currentTotal: currentTotals,
+                                       totalDelta: totalDelta,
+                                       lastDelta: rawDelta,
+                                       sawDivergentTotals: sawDivergentTotals)
+                                {
+                                    adjustedDelta = totalDelta
+                                    deltaInput = adjustedDelta.input
+                                    deltaCached = adjustedDelta.cached
+                                    deltaOutput = adjustedDelta.output
+                                    remainingInheritedTotals = nil
+                                }
+                                let countedTotals = Self.codexAddTotals(prev, adjustedDelta)
+                                previousTotals = countedTotals
+                                rawTotalsBaseline = currentTotals
+                                if !Self.codexTotalsEqual(currentTotals, countedTotals) {
+                                    sawDivergentTotals = true
+                                }
+                            } else {
+                                let countedTotals = Self.codexAddTotals(prev, adjustedDelta)
+                                previousTotals = countedTotals
+                                rawTotalsBaseline = countedTotals
+                            }
+                        } else if !handledUnresolvedForkTotal, let total {
+                            let rawTotals = tokenTotals(total)
+
+                            let currentTotals: CostUsageCodexTotals = if let inheritedTotals {
+                                CostUsageCodexTotals(
+                                    input: max(0, rawTotals.input - inheritedTotals.input),
+                                    cached: max(0, rawTotals.cached - inheritedTotals.cached),
+                                    output: max(0, rawTotals.output - inheritedTotals.output))
+                            } else {
+                                rawTotals
+                            }
+
+                            let delta = sawDivergentTotals
+                                ? Self.codexDivergentTotalDelta(
+                                    rawBaseline: rawTotalsBaseline,
+                                    countedBaseline: previousTotals,
+                                    current: currentTotals)
+                                : Self.codexTotalDelta(from: rawTotalsBaseline, to: currentTotals)
+                            deltaInput = delta.input
+                            deltaCached = delta.cached
+                            deltaOutput = delta.output
+                            let prev = previousTotals ?? .init(input: 0, cached: 0, output: 0)
+                            previousTotals = Self.codexAddTotals(prev, delta)
+                            rawTotalsBaseline = currentTotals
+                            if !Self.codexTotalsEqual(rawTotalsBaseline, previousTotals) {
+                                sawDivergentTotals = true
+                            }
+                            remainingInheritedTotals = nil
+                        } else if !handledUnresolvedForkTotal {
+                            return
+                        }
+
+                        if deltaInput == 0, deltaCached == 0, deltaOutput == 0 { return }
+                        let cachedClamp = min(deltaCached, deltaInput)
+                        let normModel = CostUsagePricing.normalizeCodexModel(model)
+                        add(
+                            dayKey: dayKey,
+                            model: normModel,
+                            input: deltaInput,
+                            cached: cachedClamp,
+                            output: deltaOutput)
+                        if CostUsageDayRange.isInRange(
+                            dayKey: dayKey,
+                            since: range.scanSinceKey,
+                            until: range.scanUntilKey)
+                        {
+                            rows.append(CodexUsageRow(
+                                day: dayKey,
+                                model: normModel,
+                                turnID: Self.codexTurnID(from: payload) ?? currentTurnID,
+                                input: deltaInput,
+                                cached: cachedClamp,
+                                output: deltaOutput))
+                        }
+                    }
+                })
+            if let deferredError {
+                throw deferredError
+            }
+        } catch is CancellationError {
+            throw CancellationError()
+        } catch {
+            self.log.warning(
+                "Codex cost usage failed while scanning session file",
+                metadata: ["path": fileURL.path, "error": error.localizedDescription])
+            parsedBytes = startOffset
+        }
 
         return CodexParseResult(
             days: days,
             parsedBytes: parsedBytes,
             lastModel: currentModel,
-            lastTotals: previousTotals,
-            sessionId: sessionId)
+            lastTotals: sawDivergentTotals && !Self.codexTotalsEqual(rawTotalsBaseline, previousTotals)
+                ? nil
+                : previousTotals,
+            lastCountedTotals: previousTotals,
+            lastRawTotalsBaseline: rawTotalsBaseline,
+            hasDivergentTotals: sawDivergentTotals && !Self.codexTotalsEqual(rawTotalsBaseline, previousTotals),
+            lastCodexTurnID: currentTurnID,
+            sessionId: sessionId,
+            forkedFromId: forkedFromId,
+            rows: rows)
+    }
+
+    private static func codexTurnID(from payload: [String: Any]) -> String? {
+        if let turnID = payload["turn_id"] as? String ?? payload["turnId"] as? String ?? payload["id"] as? String {
+            return turnID
+        }
+        if let info = payload["info"] as? [String: Any] {
+            return info["turn_id"] as? String ?? info["turnId"] as? String ?? info["id"] as? String
+        }
+        return nil
     }
 
     private static func scanCodexFile(
         fileURL: URL,
-        range: CostUsageDayRange,
+        context: CodexFileScanContext,
         cache: inout CostUsageCache,
-        state: inout CodexScanState)
+        state: inout CodexScanState) throws
     {
-        let path = fileURL.path
-        let attrs = (try? FileManager.default.attributesOfItem(atPath: path)) ?? [:]
-        let mtime = (attrs[.modificationDate] as? Date)?.timeIntervalSince1970 ?? 0
-        let size = (attrs[.size] as? NSNumber)?.int64Value ?? 0
-        let mtimeMs = Int64(mtime * 1000)
-        let fileId = Self.fileIdentityString(fileURL: fileURL)
-
-        func dropCachedFile(_ cached: CostUsageFileUsage?) {
-            if let cached {
-                Self.applyFileDays(cache: &cache, fileDays: cached.days, sign: -1)
-            }
-            cache.files.removeValue(forKey: path)
-        }
-
-        if let fileId, state.seenFileIds.contains(fileId) {
-            dropCachedFile(cache.files[path])
+        try context.checkCancellation?()
+        let metadata = Self.codexFileMetadata(fileURL: fileURL)
+        if let fileId = metadata.fileId, state.seenFileIds.contains(fileId) {
+            Self.dropCachedCodexFile(path: metadata.path, cached: cache.files[metadata.path], cache: &cache)
             return
         }
 
-        let cached = cache.files[path]
+        let cached = cache.files[metadata.path]
         if let cachedSessionId = cached?.sessionId, state.seenSessionIds.contains(cachedSessionId) {
-            dropCachedFile(cached)
+            Self.dropCachedCodexFile(path: metadata.path, cached: cached, cache: &cache)
             return
         }
 
-        let needsSessionId = cached != nil && cached?.sessionId == nil
-        if let cached,
-           cached.mtimeUnixMs == mtimeMs,
-           cached.size == size,
-           !needsSessionId
-        {
-            if let cachedSessionId = cached.sessionId {
-                state.seenSessionIds.insert(cachedSessionId)
-            }
-            if let fileId {
-                state.seenFileIds.insert(fileId)
-            }
+        let input = CodexFileScanInput(fileURL: fileURL, metadata: metadata, cached: cached)
+        if Self.keepCachedCodexFileIfFresh(input: input, context: context, cache: &cache, state: &state) {
             return
         }
-
-        if let cached, cached.sessionId != nil {
-            let startOffset = cached.parsedBytes ?? cached.size
-            let canIncremental = size > cached.size && startOffset > 0 && startOffset <= size
-                && cached.lastTotals != nil
-            if canIncremental {
-                let delta = Self.parseCodexFile(
-                    fileURL: fileURL,
-                    range: range,
-                    startOffset: startOffset,
-                    initialModel: cached.lastModel,
-                    initialTotals: cached.lastTotals)
-                let sessionId = delta.sessionId ?? cached.sessionId
-                if let sessionId, state.seenSessionIds.contains(sessionId) {
-                    dropCachedFile(cached)
-                    return
-                }
-
-                if !delta.days.isEmpty {
-                    Self.applyFileDays(cache: &cache, fileDays: delta.days, sign: 1)
-                }
-
-                var mergedDays = cached.days
-                Self.mergeFileDays(existing: &mergedDays, delta: delta.days)
-                cache.files[path] = Self.makeFileUsage(
-                    mtimeUnixMs: mtimeMs,
-                    size: size,
-                    days: mergedDays,
-                    parsedBytes: delta.parsedBytes,
-                    lastModel: delta.lastModel,
-                    lastTotals: delta.lastTotals,
-                    sessionId: sessionId)
-                if let sessionId {
-                    state.seenSessionIds.insert(sessionId)
-                }
-                if let fileId {
-                    state.seenFileIds.insert(fileId)
-                }
-                return
-            }
-        }
-
-        if let cached {
-            Self.applyFileDays(cache: &cache, fileDays: cached.days, sign: -1)
-        }
-
-        let parsed = Self.parseCodexFile(fileURL: fileURL, range: range)
-        let sessionId = parsed.sessionId ?? cached?.sessionId
-        if let sessionId, state.seenSessionIds.contains(sessionId) {
-            cache.files.removeValue(forKey: path)
+        if try Self.appendCodexFileIncrementIfPossible(input: input, context: context, cache: &cache, state: &state) {
             return
         }
+        try Self.rescanCodexFile(input: input, context: context, cache: &cache, state: &state)
+    }
 
-        let usage = Self.makeFileUsage(
-            mtimeUnixMs: mtimeMs,
-            size: size,
-            days: parsed.days,
-            parsedBytes: parsed.parsedBytes,
-            lastModel: parsed.lastModel,
-            lastTotals: parsed.lastTotals,
-            sessionId: sessionId)
-        cache.files[path] = usage
-        Self.applyFileDays(cache: &cache, fileDays: usage.days, sign: 1)
-        if let sessionId {
-            state.seenSessionIds.insert(sessionId)
-        }
-        if let fileId {
-            state.seenFileIds.insert(fileId)
+    private static func makeCodexRefreshPlan(
+        cache: CostUsageCache,
+        range: CostUsageDayRange,
+        now: Date,
+        nowMs: Int64,
+        options: Options) -> CodexRefreshPlan
+    {
+        let refreshMs = Int64(max(0, options.refreshMinIntervalSeconds) * 1000)
+        let roots = self.codexSessionsRoots(options: options)
+        let rootsFingerprint = Self.codexRootsFingerprint(roots)
+        let rootsChanged = cache.roots != rootsFingerprint
+        let windowExpanded = Self.requestedWindowExpandsCache(range: range, cache: cache)
+        let needsCostCacheMigration = cache.files.values.contains { Self.needsCodexCostCache($0, range: range) }
+        let modelsDevLoad = ModelsDevCache.load(now: now, cacheRoot: options.cacheRoot)
+        let modelsDevCatalog = modelsDevLoad.artifact?.catalog
+        let codexPricingKey = Self.codexPricingKey(modelsDevArtifact: modelsDevLoad.artifact)
+        let codexPriorityMetadataKey = Self.codexPriorityMetadataKey(databaseURL: options.codexTraceDatabaseURL)
+        let hasPriorityMetadata = codexPriorityMetadataKey.hasPrefix("sqlite:")
+        let pricingChanged = cache.codexPricingKey != nil && cache.codexPricingKey != codexPricingKey
+        let priorityMetadataChanged = Self.codexPriorityMetadataChanged(
+            old: cache.codexPriorityMetadataKey,
+            new: codexPriorityMetadataKey)
+        let needsTurnIDCacheMigration = hasPriorityMetadata && cache.files.values.contains {
+            $0.codexTurnIDs == nil && $0.touchesCodexScanWindow(
+                sinceKey: range.scanSinceKey,
+                untilKey: range.scanUntilKey)
         }
+        let shouldInspectPriorityTurns = options.forceRescan
+            || windowExpanded
+            || rootsChanged
+            || needsCostCacheMigration
+            || needsTurnIDCacheMigration
+            || pricingChanged
+            || priorityMetadataChanged
+            || refreshMs == 0
+            || cache.lastScanUnixMs == 0
+            || nowMs - cache.lastScanUnixMs > refreshMs
+        let priorityTurns = shouldInspectPriorityTurns ? Self.codexPriorityTurns(
+            databaseURL: options.codexTraceDatabaseURL,
+            sinceDayKey: range.scanSinceKey,
+            untilDayKey: range.scanUntilKey) : [:]
+        let priorityTurnKeys = Self.codexPriorityTurnKeys(priorityTurns)
+        let priorityTurnIDsByDay = Self.codexPriorityTurnIDsByDay(priorityTurns)
+        let priorityTurnsChanged = shouldInspectPriorityTurns
+            && hasPriorityMetadata
+            && Self.codexPriorityTurnKeysChanged(
+                old: cache.codexPriorityTurnKeys,
+                new: priorityTurnKeys,
+                range: range)
+        let changedPriorityTurnIDs = shouldInspectPriorityTurns && hasPriorityMetadata
+            ? Self.changedPriorityTurnIDs(
+                old: cache.codexPriorityTurnIDsByDay,
+                new: priorityTurnIDsByDay,
+                oldKeys: cache.codexPriorityTurnKeys,
+                newKeys: priorityTurnKeys,
+                range: range)
+            : []
+        let shouldRefresh = options.forceRescan
+            || windowExpanded
+            || rootsChanged
+            || needsCostCacheMigration
+            || needsTurnIDCacheMigration
+            || pricingChanged
+            || priorityMetadataChanged
+            || priorityTurnsChanged
+            || refreshMs == 0
+            || cache.lastScanUnixMs == 0
+            || nowMs - cache.lastScanUnixMs > refreshMs
+
+        return CodexRefreshPlan(
+            refreshMs: refreshMs,
+            roots: roots,
+            rootsFingerprint: rootsFingerprint,
+            rootsChanged: rootsChanged,
+            windowExpanded: windowExpanded,
+            needsCostCacheMigration: needsCostCacheMigration,
+            modelsDevCatalog: modelsDevCatalog,
+            codexPricingKey: codexPricingKey,
+            codexPriorityMetadataKey: codexPriorityMetadataKey,
+            hasPriorityMetadata: hasPriorityMetadata,
+            priorityTurns: priorityTurns,
+            priorityTurnKeys: priorityTurnKeys,
+            priorityTurnIDsByDay: priorityTurnIDsByDay,
+            pricingChanged: pricingChanged,
+            priorityMetadataChanged: priorityMetadataChanged,
+            priorityTurnsChanged: priorityTurnsChanged,
+            needsTurnIDCacheMigration: needsTurnIDCacheMigration,
+            changedPriorityTurnIDs: changedPriorityTurnIDs,
+            shouldRefresh: shouldRefresh)
     }
 
-    private static func loadCodexDaily(range: CostUsageDayRange, now: Date, options: Options) -> CostUsageDailyReport {
+    private static func loadCodexDaily(
+        range: CostUsageDayRange,
+        now: Date,
+        options: Options,
+        checkCancellation: CancellationCheck?) throws -> CostUsageDailyReport
+    {
         var cache = CostUsageCacheIO.load(provider: .codex, cacheRoot: options.cacheRoot)
         let nowMs = Int64(now.timeIntervalSince1970 * 1000)
+        let plan = Self.makeCodexRefreshPlan(cache: cache, range: range, now: now, nowMs: nowMs, options: options)
 
-        let refreshMs = Int64(max(0, options.refreshMinIntervalSeconds) * 1000)
-        let shouldRefresh = refreshMs == 0 || cache.lastScanUnixMs == 0 || nowMs - cache.lastScanUnixMs > refreshMs
-
-        let roots = self.codexSessionsRoots(options: options)
-        var seenPaths: Set<String> = []
-        var files: [URL] = []
-        for root in roots {
-            let rootFiles = Self.listCodexSessionFiles(
-                root: root,
-                scanSinceKey: range.scanSinceKey,
-                scanUntilKey: range.scanUntilKey)
-            for fileURL in rootFiles.sorted(by: { $0.path < $1.path }) where !seenPaths.contains(fileURL.path) {
-                seenPaths.insert(fileURL.path)
-                files.append(fileURL)
-            }
-        }
-        let filePathsInScan = Set(files.map(\.path))
-
-        if shouldRefresh {
+        if plan.shouldRefresh {
+            try checkCancellation?()
             if options.forceRescan {
                 cache = CostUsageCache()
             }
-            var scanState = CodexScanState()
-            for fileURL in files {
-                Self.scanCodexFile(
-                    fileURL: fileURL,
-                    range: range,
-                    cache: &cache,
-                    state: &scanState)
-            }
 
-            for key in cache.files.keys where !filePathsInScan.contains(key) {
-                if let old = cache.files[key] {
-                    Self.applyFileDays(cache: &cache, fileDays: old.days, sign: -1)
+            let cachedSinceKey = cache.scanSinceKey
+            let cachedUntilKey = cache.scanUntilKey
+            let shouldRunColdCacheLookback = cache.files.isEmpty || plan.rootsChanged
+            let coldCacheLookbackStart = Self.parseDayKey(range.scanSinceKey)
+                .map { Calendar.current.startOfDay(for: $0) }
+            var seenPaths: Set<String> = []
+            var files: [URL] = []
+            for root in plan.roots {
+                let rootFiles = Self.listCodexSessionFiles(
+                    root: root,
+                    scanSinceKey: range.scanSinceKey,
+                    scanUntilKey: range.scanUntilKey,
+                    includeRecursive: options.forceRescan)
+                for fileURL in rootFiles.sorted(by: { $0.path < $1.path }) where !seenPaths.contains(fileURL.path) {
+                    seenPaths.insert(fileURL.path)
+                    files.append(fileURL)
                 }
-                cache.files.removeValue(forKey: key)
-            }
 
-            Self.pruneDays(cache: &cache, sinceKey: range.scanSinceKey, untilKey: range.scanUntilKey)
-            cache.lastScanUnixMs = nowMs
-            CostUsageCacheIO.save(provider: .codex, cache: cache, cacheRoot: options.cacheRoot)
-        }
-
-        return Self.buildCodexReportFromCache(cache: cache, range: range)
-    }
-
-    private static func buildCodexReportFromCache(
-        cache: CostUsageCache,
-        range: CostUsageDayRange) -> CostUsageDailyReport
-    {
-        var entries: [CostUsageDailyReport.Entry] = []
-        var totalInput = 0
-        var totalOutput = 0
-        var totalTokens = 0
-        var totalCost: Double = 0
-        var costSeen = false
-
-        let dayKeys = cache.days.keys.sorted().filter {
-            CostUsageDayRange.isInRange(dayKey: $0, since: range.sinceKey, until: range.untilKey)
-        }
-
-        for day in dayKeys {
-            guard let models = cache.days[day] else { continue }
-            let modelNames = models.keys.sorted()
-
-            var dayInput = 0
-            var dayOutput = 0
-
-            var breakdown: [CostUsageDailyReport.ModelBreakdown] = []
-            var dayCost: Double = 0
-            var dayCostSeen = false
-
-            for model in modelNames {
-                let packed = models[model] ?? [0, 0, 0]
-                let input = packed[safe: 0] ?? 0
-                let cached = packed[safe: 1] ?? 0
-                let output = packed[safe: 2] ?? 0
-
-                dayInput += input
-                dayOutput += output
-
-                let cost = CostUsagePricing.codexCostUSD(
-                    model: model,
-                    inputTokens: input,
-                    cachedInputTokens: cached,
-                    outputTokens: output)
-                breakdown.append(CostUsageDailyReport.ModelBreakdown(modelName: model, costUSD: cost))
-                if let cost {
-                    dayCost += cost
-                    dayCostSeen = true
+                if shouldRunColdCacheLookback, let coldCacheLookbackStart {
+                    let recentlyModifiedFiles = Self.listCodexRecentlyModifiedFiles(
+                        root: root,
+                        scanSinceKey: range.scanSinceKey,
+                        scanUntilKey: range.scanUntilKey,
+                        modifiedSince: coldCacheLookbackStart)
+                    for fileURL in recentlyModifiedFiles.sorted(by: { $0.path < $1.path })
+                        where !seenPaths.contains(fileURL.path)
+                    {
+                        seenPaths.insert(fileURL.path)
+                        files.append(fileURL)
+                    }
                 }
             }
 
-            breakdown.sort { lhs, rhs in (rhs.costUSD ?? -1) < (lhs.costUSD ?? -1) }
-            let top = Array(breakdown.prefix(3))
-
-            let dayTotal = dayInput + dayOutput
-            let entryCost = dayCostSeen ? dayCost : nil
-            entries.append(CostUsageDailyReport.Entry(
-                date: day,
-                inputTokens: dayInput,
-                outputTokens: dayOutput,
-                totalTokens: dayTotal,
-                costUSD: entryCost,
-                modelsUsed: modelNames,
-                modelBreakdowns: top))
-
-            totalInput += dayInput
-            totalOutput += dayOutput
-            totalTokens += dayTotal
-            if let entryCost {
-                totalCost += entryCost
-                costSeen = true
+            for fileURL in Self.cachedCodexSessionFiles(cache: cache, range: range, roots: plan.roots)
+                .sorted(by: { $0.path < $1.path })
+                where !seenPaths.contains(fileURL.path)
+            {
+                seenPaths.insert(fileURL.path)
+                files.append(fileURL)
             }
-        }
 
-        let summary: CostUsageDailyReport.Summary? = entries.isEmpty
-            ? nil
-            : CostUsageDailyReport.Summary(
-                totalInputTokens: totalInput,
-                totalOutputTokens: totalOutput,
-                totalTokens: totalTokens,
-                totalCostUSD: costSeen ? totalCost : nil)
+            let filePathsInScan = Set(files.map(\.path))
 
-        return CostUsageDailyReport(data: entries, summary: summary)
-    }
-
-    // MARK: - Shared cache mutations
+            var scanState = CodexScanState()
+            let fileIndex = CodexSessionFileIndex(
+                files: files,
+                roots: plan.roots,
+                cachedSessionFiles: Self.cachedCodexSessionIndex(cache: cache, roots: plan.roots),
+                checkCancellation: checkCancellation)
+            let inheritedResolver = CodexInheritedTotalsResolver(
+                fileIndex: fileIndex,
+                checkCancellation: checkCancellation)
+            let resources = CodexScanResources(
+                fileIndex: fileIndex,
+                inheritedResolver: inheritedResolver,
+                modelsDevCatalog: plan.modelsDevCatalog,
+                modelsDevCacheRoot: options.cacheRoot,
+                priorityTurns: plan.priorityTurns)
+            for fileURL in files {
+                try Self.scanCodexFile(
+                    fileURL: fileURL,
+                    context: CodexFileScanContext(
+                        range: range,
+                        forceFullScan: options
+                            .forceRescan || plan.windowExpanded || plan.pricingChanged || plan.priorityMetadataChanged,
+                        dropDeferredCodexRows: options.forceRescan || plan.pricingChanged || plan
+                            .priorityMetadataChanged
+                            || plan.needsTurnIDCacheMigration,
+                        requiresTurnIDCache: plan.needsTurnIDCacheMigration,
+                        changedPriorityTurnIDs: plan.changedPriorityTurnIDs,
+                        resources: resources,
+                        checkCancellation: checkCancellation),
+                    cache: &cache,
+                    state: &scanState)
+            }
+            try checkCancellation?()
 
-    static func makeFileUsage(
-        mtimeUnixMs: Int64,
-        size: Int64,
-        days: [String: [String: [Int]]],
-        parsedBytes: Int64?,
-        lastModel: String? = nil,
-        lastTotals: CostUsageCodexTotals? = nil,
-        sessionId: String? = nil) -> CostUsageFileUsage
-    {
-        CostUsageFileUsage(
-            mtimeUnixMs: mtimeUnixMs,
-            size: size,
-            days: days,
-            parsedBytes: parsedBytes,
-            lastModel: lastModel,
-            lastTotals: lastTotals,
-            sessionId: sessionId)
-    }
+            Self.pruneForceRescanFilesOutsideWindow(
+                cache: &cache,
+                range: range,
+                isForceRescan: options.forceRescan)
 
-    static func mergeFileDays(
-        existing: inout [String: [String: [Int]]],
-        delta: [String: [String: [Int]]])
-    {
-        for (day, models) in delta {
-            var dayModels = existing[day] ?? [:]
-            for (model, packed) in models {
-                let existingPacked = dayModels[model] ?? []
-                let merged = Self.addPacked(a: existingPacked, b: packed, sign: 1)
-                if merged.allSatisfy({ $0 == 0 }) {
-                    dayModels.removeValue(forKey: model)
-                } else {
-                    dayModels[model] = merged
-                }
+            let shouldDropAllUnscannedFiles = options.forceRescan || plan.rootsChanged || cache.files.isEmpty
+            for key in cache.files.keys where !filePathsInScan.contains(key) {
+                guard let old = cache.files[key] else { continue }
+                let shouldDrop = shouldDropAllUnscannedFiles ||
+                    old.touchesCodexScanWindow(sinceKey: range.scanSinceKey, untilKey: range.scanUntilKey)
+                guard shouldDrop else { continue }
+                Self.applyFileDays(cache: &cache, fileDays: old.days, sign: -1)
+                cache.files.removeValue(forKey: key)
             }
 
-            if dayModels.isEmpty {
-                existing.removeValue(forKey: day)
-            } else {
-                existing[day] = dayModels
-            }
-        }
-    }
-
-    static func applyFileDays(cache: inout CostUsageCache, fileDays: [String: [String: [Int]]], sign: Int) {
-        for (day, models) in fileDays {
-            var dayModels = cache.days[day] ?? [:]
-            for (model, packed) in models {
-                let existing = dayModels[model] ?? []
-                let merged = Self.addPacked(a: existing, b: packed, sign: sign)
-                if merged.allSatisfy({ $0 == 0 }) {
-                    dayModels.removeValue(forKey: model)
-                } else {
-                    dayModels[model] = merged
+            if !shouldDropAllUnscannedFiles {
+                for key in cache.files.keys {
+                    guard let old = cache.files[key] else { continue }
+                    guard old.touchesCodexScanWindow(sinceKey: range.scanSinceKey, untilKey: range.scanUntilKey)
+                    else { continue }
+                    guard FileManager.default.fileExists(atPath: key) else {
+                        Self.applyFileDays(cache: &cache, fileDays: old.days, sign: -1)
+                        cache.files.removeValue(forKey: key)
+                        continue
+                    }
                 }
             }
 
-            if dayModels.isEmpty {
-                cache.days.removeValue(forKey: day)
-            } else {
-                cache.days[day] = dayModels
+            let shouldRetainWiderWindow = !options.forceRescan && !plan.pricingChanged && !plan
+                .priorityMetadataChanged && !plan.needsTurnIDCacheMigration
+            let retainedSinceKey = shouldRetainWiderWindow
+                ? [cachedSinceKey, range.scanSinceKey].compactMap(\.self).min() ?? range.scanSinceKey
+                : range.scanSinceKey
+            let retainedUntilKey = shouldRetainWiderWindow
+                ? [cachedUntilKey, range.scanUntilKey].compactMap(\.self).max() ?? range.scanUntilKey
+                : range.scanUntilKey
+            Self.pruneDays(cache: &cache, sinceKey: retainedSinceKey, untilKey: retainedUntilKey)
+            cache.roots = plan.rootsFingerprint
+            cache.scanSinceKey = retainedSinceKey
+            cache.scanUntilKey = retainedUntilKey
+            cache.codexPricingKey = plan.codexPricingKey
+            cache.codexPriorityMetadataKey = plan.codexPriorityMetadataKey
+            if plan.hasPriorityMetadata {
+                cache.codexPriorityTurnKeys = Self.mergePriorityTurnKeys(
+                    existing: shouldRetainWiderWindow ? cache.codexPriorityTurnKeys : nil,
+                    new: plan.priorityTurnKeys,
+                    range: range,
+                    retainedSinceKey: retainedSinceKey,
+                    retainedUntilKey: retainedUntilKey)
+                cache.codexPriorityTurnIDsByDay = Self.mergePriorityTurnIDsByDay(
+                    existing: shouldRetainWiderWindow ? cache.codexPriorityTurnIDsByDay : nil,
+                    new: plan.priorityTurnIDsByDay,
+                    range: range,
+                    retainedSinceKey: retainedSinceKey,
+                    retainedUntilKey: retainedUntilKey)
             }
+            cache.lastScanUnixMs = nowMs
+            try checkCancellation?()
+            CostUsageCacheIO.save(provider: .codex, cache: cache, cacheRoot: options.cacheRoot)
         }
-    }
-
-    static func pruneDays(cache: inout CostUsageCache, sinceKey: String, untilKey: String) {
-        for key in cache.days.keys where !CostUsageDayRange.isInRange(dayKey: key, since: sinceKey, until: untilKey) {
-            cache.days.removeValue(forKey: key)
-        }
-    }
 
-    static func addPacked(a: [Int], b: [Int], sign: Int) -> [Int] {
-        let len = max(a.count, b.count)
-        var out: [Int] = Array(repeating: 0, count: len)
-        for idx in 0..<len {
-            let next = (a[safe: idx] ?? 0) + sign * (b[safe: idx] ?? 0)
-            out[idx] = max(0, next)
-        }
-        return out
-    }
-
-    // MARK: - Date parsing
-
-    private static func parseDayKey(_ key: String) -> Date? {
-        let parts = key.split(separator: "-")
-        guard parts.count == 3 else { return nil }
-        guard
-            let y = Int(parts[0]),
-            let m = Int(parts[1]),
-            let d = Int(parts[2])
-        else { return nil }
-
-        var comps = DateComponents()
-        comps.calendar = Calendar.current
-        comps.timeZone = TimeZone.current
-        comps.year = y
-        comps.month = m
-        comps.day = d
-        comps.hour = 12
-        return comps.date
-    }
-}
-
-extension Data {
-    func containsAscii(_ needle: String) -> Bool {
-        guard let n = needle.data(using: .utf8) else { return false }
-        return self.range(of: n) != nil
-    }
-}
-
-extension [Int] {
-    subscript(safe index: Int) -> Int? {
-        if index < 0 { return nil }
-        if index >= self.count { return nil }
-        return self[index]
+        return Self.buildCodexReportFromCache(
+            cache: cache,
+            range: range,
+            modelsDevCatalog: plan.modelsDevCatalog,
+            modelsDevCacheRoot: options.cacheRoot,
+            priorityTurns: plan.priorityTurns)
     }
 }
 
-extension [UInt8] {
-    subscript(safe index: Int) -> UInt8? {
-        if index < 0 { return nil }
-        if index >= self.count { return nil }
-        return self[index]
-    }
-}
+// swiftlint:enable type_body_length
diff --git a/Sources/CodexBarCore/Vendored/CostUsage/ModelsDevPricing.swift b/Sources/CodexBarCore/Vendored/CostUsage/ModelsDevPricing.swift
new file mode 100644
index 000000000..87801eb67
--- /dev/null
+++ b/Sources/CodexBarCore/Vendored/CostUsage/ModelsDevPricing.swift
@@ -0,0 +1,473 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+
+struct ModelsDevPricingInfo: Codable, Equatable {
+    var providerID: String
+    var providerName: String?
+    var modelID: String
+    var modelName: String?
+    var inputCostPerToken: Double
+    var outputCostPerToken: Double
+    var cacheReadInputCostPerToken: Double?
+    var cacheCreationInputCostPerToken: Double?
+    var contextWindow: Int?
+    var thresholdTokens: Int?
+    var inputCostPerTokenAboveThreshold: Double?
+    var outputCostPerTokenAboveThreshold: Double?
+    var cacheReadInputCostPerTokenAboveThreshold: Double?
+    var cacheCreationInputCostPerTokenAboveThreshold: Double?
+}
+
+struct ModelsDevPricingLookup: Equatable {
+    var pricing: ModelsDevPricingInfo
+    var normalizedModelID: String
+}
+
+struct ModelsDevCatalog: Codable, Equatable {
+    var providers: [String: ModelsDevProvider]
+
+    init(providers: [String: ModelsDevProvider]) {
+        self.providers = providers
+    }
+
+    init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: ModelsDevAnyCodingKey.self)
+        if let providersKey = ModelsDevAnyCodingKey(stringValue: "providers"),
+           let decoded = try? container.decode([String: ModelsDevProvider].self, forKey: providersKey)
+        {
+            self.providers = decoded.reduce(into: [:]) { result, item in
+                var provider = item.value
+                provider.mapKey = provider.mapKey ?? item.key
+                let providerID = ModelsDevProvider.normalizeProviderID(provider.id ?? item.key)
+                result[providerID] = provider
+            }
+            return
+        }
+
+        var providers: [String: ModelsDevProvider] = [:]
+
+        for key in container.allKeys {
+            guard var provider = try? container.decode(ModelsDevProvider.self, forKey: key) else { continue }
+            provider.mapKey = key.stringValue
+            let providerID = ModelsDevProvider.normalizeProviderID(provider.id ?? key.stringValue)
+            providers[providerID] = provider
+        }
+
+        self.providers = providers
+    }
+
+    func encode(to encoder: Encoder) throws {
+        var container = encoder.container(keyedBy: ModelsDevAnyCodingKey.self)
+        try container.encode(self.providers, forKey: ModelsDevAnyCodingKey(stringValue: "providers")!)
+    }
+
+    func pricing(providerID rawProviderID: String, modelID rawModelID: String) -> ModelsDevPricingLookup? {
+        let providerID = ModelsDevProvider.normalizeProviderID(rawProviderID)
+        return self.providers[providerID]?.pricing(modelID: rawModelID)
+    }
+
+    func containsProviderIDs(_ providerIDs: some Sequence<String>) -> Bool {
+        providerIDs.allSatisfy { self.providers.keys.contains(ModelsDevProvider.normalizeProviderID($0)) }
+    }
+
+    func containsProviderModels(from cachedCatalog: ModelsDevCatalog) -> Bool {
+        cachedCatalog.providers.allSatisfy { providerID, cachedProvider in
+            guard let provider = self.providers[ModelsDevProvider.normalizeProviderID(providerID)] else { return false }
+            return cachedProvider.models.values
+                .filter(\.isPriceable)
+                .allSatisfy { provider.containsModel(matching: $0) }
+        }
+    }
+}
+
+private struct ModelsDevAnyCodingKey: CodingKey {
+    var intValue: Int?
+    var stringValue: String
+
+    init?(intValue: Int) {
+        self.intValue = intValue
+        self.stringValue = String(intValue)
+    }
+
+    init?(stringValue: String) {
+        self.intValue = nil
+        self.stringValue = stringValue
+    }
+}
+
+struct ModelsDevProvider: Codable, Equatable {
+    var id: String?
+    var name: String?
+    var models: [String: ModelsDevModel]
+    var mapKey: String?
+
+    private enum CodingKeys: String, CodingKey {
+        case id
+        case name
+        case models
+    }
+
+    init(id: String?, name: String?, models: [String: ModelsDevModel], mapKey: String? = nil) {
+        self.id = id
+        self.name = name
+        self.models = models
+        self.mapKey = mapKey
+    }
+
+    init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.id = try container.decodeIfPresent(String.self, forKey: .id)
+        self.name = try container.decodeIfPresent(String.self, forKey: .name)
+
+        let modelContainer = try container.nestedContainer(keyedBy: ModelsDevAnyCodingKey.self, forKey: .models)
+        var models: [String: ModelsDevModel] = [:]
+        for key in modelContainer.allKeys {
+            guard let model = try? modelContainer.decode(ModelsDevModel.self, forKey: key) else { continue }
+            models[key.stringValue] = model
+        }
+        self.models = models
+    }
+
+    func encode(to encoder: Encoder) throws {
+        var container = encoder.container(keyedBy: CodingKeys.self)
+        try container.encodeIfPresent(self.id, forKey: .id)
+        try container.encodeIfPresent(self.name, forKey: .name)
+        try container.encode(self.models, forKey: .models)
+    }
+
+    static func normalizeProviderID(_ raw: String) -> String {
+        raw.trimmingCharacters(in: .whitespacesAndNewlines).lowercased()
+    }
+
+    func pricing(modelID rawModelID: String) -> ModelsDevPricingLookup? {
+        let candidates = ModelsDevModelIDNormalizer.candidates(rawModelID)
+        for candidate in candidates {
+            if let model = self.models[candidate],
+               let pricing = model.pricing(providerID: self.id ?? self.mapKey ?? "", providerName: self.name)
+            {
+                return ModelsDevPricingLookup(pricing: pricing, normalizedModelID: candidate)
+            }
+        }
+
+        for candidate in candidates {
+            if let match = self.models.values.first(where: { $0.normalizedID == candidate }),
+               let pricing = match.pricing(providerID: self.id ?? self.mapKey ?? "", providerName: self.name)
+            {
+                return ModelsDevPricingLookup(pricing: pricing, normalizedModelID: match.normalizedID)
+            }
+        }
+
+        return nil
+    }
+
+    func containsModel(matching cachedModel: ModelsDevModel) -> Bool {
+        self.pricing(modelID: cachedModel.id) != nil
+    }
+}
+
+struct ModelsDevModel: Codable, Equatable {
+    var id: String
+    var name: String?
+    var cost: ModelsDevCost?
+    var limit: ModelsDevLimit?
+
+    var normalizedID: String {
+        ModelsDevModelIDNormalizer.normalize(self.id)
+    }
+
+    var isPriceable: Bool {
+        self.cost?.input != nil && self.cost?.output != nil
+    }
+
+    func pricing(providerID: String, providerName: String?) -> ModelsDevPricingInfo? {
+        guard let input = self.cost?.input, let output = self.cost?.output else { return nil }
+
+        // models.dev publishes USD per 1M tokens. CodexBar cost math uses USD per token.
+        let unit = 1_000_000.0
+        let contextOver200K = self.cost?.contextOver200K
+        return ModelsDevPricingInfo(
+            providerID: ModelsDevProvider.normalizeProviderID(providerID),
+            providerName: providerName,
+            modelID: self.id,
+            modelName: self.name,
+            inputCostPerToken: input / unit,
+            outputCostPerToken: output / unit,
+            cacheReadInputCostPerToken: self.cost?.cacheRead.map { $0 / unit },
+            cacheCreationInputCostPerToken: self.cost?.cacheWrite.map { $0 / unit },
+            contextWindow: self.limit?.context,
+            thresholdTokens: contextOver200K == nil ? nil : 200_000,
+            inputCostPerTokenAboveThreshold: contextOver200K?.input.map { $0 / unit },
+            outputCostPerTokenAboveThreshold: contextOver200K?.output.map { $0 / unit },
+            cacheReadInputCostPerTokenAboveThreshold: contextOver200K?.cacheRead.map { $0 / unit },
+            cacheCreationInputCostPerTokenAboveThreshold: contextOver200K?.cacheWrite.map { $0 / unit })
+    }
+}
+
+struct ModelsDevCost: Codable, Equatable {
+    var input: Double?
+    var output: Double?
+    var cacheRead: Double?
+    var cacheWrite: Double?
+    var contextOver200K: ModelsDevContextOver200KCost?
+
+    private enum CodingKeys: String, CodingKey {
+        case input
+        case output
+        case cacheRead = "cache_read"
+        case cacheWrite = "cache_write"
+        case contextOver200K = "context_over_200k"
+    }
+}
+
+struct ModelsDevContextOver200KCost: Codable, Equatable {
+    var input: Double?
+    var output: Double?
+    var cacheRead: Double?
+    var cacheWrite: Double?
+
+    private enum CodingKeys: String, CodingKey {
+        case input
+        case output
+        case cacheRead = "cache_read"
+        case cacheWrite = "cache_write"
+    }
+}
+
+struct ModelsDevLimit: Codable, Equatable {
+    var context: Int?
+}
+
+enum ModelsDevModelIDNormalizer {
+    static func normalize(_ raw: String) -> String {
+        raw.trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+
+    static func candidates(_ raw: String) -> [String] {
+        var candidates: [String] = []
+
+        func append(_ value: String) {
+            let normalized = self.normalize(value)
+            guard !normalized.isEmpty, !candidates.contains(normalized) else { return }
+            candidates.append(normalized)
+        }
+
+        let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
+        append(trimmed)
+
+        if trimmed.hasPrefix("openai/") {
+            append(String(trimmed.dropFirst("openai/".count)))
+        }
+
+        if trimmed.hasPrefix("anthropic.") {
+            append(String(trimmed.dropFirst("anthropic.".count)))
+        }
+
+        if let lastDot = trimmed.lastIndex(of: "."),
+           trimmed.contains("claude-")
+        {
+            let tail = String(trimmed[trimmed.index(after: lastDot)...])
+            if tail.hasPrefix("claude-") {
+                append(tail)
+            }
+        }
+
+        var index = 0
+        while index < candidates.count {
+            let candidate = candidates[index]
+            if let atSign = candidate.firstIndex(of: "@") {
+                let base = String(candidate[..<atSign])
+                append(base)
+                let suffix = String(candidate[candidate.index(after: atSign)...])
+                if suffix.range(of: #"^\d{8}$"#, options: .regularExpression) != nil {
+                    append("\(base)-\(suffix)")
+                }
+            } else if candidate.hasPrefix("claude-") {
+                append("\(candidate)@default")
+            }
+
+            if let dated = candidate.range(of: #"-\d{4}-\d{2}-\d{2}$"#, options: .regularExpression) {
+                append(String(candidate[..<dated.lowerBound]))
+            }
+            if let compactDate = candidate.range(of: #"-\d{8}$"#, options: .regularExpression) {
+                append(String(candidate[..<compactDate.lowerBound]))
+            }
+            if let version = candidate.range(of: #"-v\d+:\d+$"#, options: .regularExpression) {
+                var base = candidate
+                base.removeSubrange(version)
+                append(base)
+            }
+
+            index += 1
+        }
+
+        return candidates
+    }
+}
+
+struct ModelsDevCacheArtifact: Codable, Equatable {
+    var version: Int
+    var fetchedAt: Date
+    var catalog: ModelsDevCatalog
+}
+
+struct ModelsDevCacheLoadResult: Equatable {
+    var artifact: ModelsDevCacheArtifact?
+    var isStale: Bool
+    var error: ModelsDevCache.Error?
+}
+
+enum ModelsDevCache {
+    enum Error: Swift.Error, Equatable {
+        case unreadable
+        case invalidVersion
+        case invalidJSON
+    }
+
+    static let artifactVersion = 1
+    static let ttlSeconds: TimeInterval = 24 * 60 * 60
+
+    private static func defaultCacheRoot() -> URL {
+        let root = FileManager.default.urls(for: .cachesDirectory, in: .userDomainMask).first!
+        return root.appendingPathComponent("CodexBar", isDirectory: true)
+    }
+
+    static func cacheFileURL(cacheRoot: URL? = nil) -> URL {
+        let root = cacheRoot ?? self.defaultCacheRoot()
+        return root
+            .appendingPathComponent("model-pricing", isDirectory: true)
+            .appendingPathComponent("models-dev-v\(Self.artifactVersion).json", isDirectory: false)
+    }
+
+    static func load(now: Date = Date(), cacheRoot: URL? = nil) -> ModelsDevCacheLoadResult {
+        let url = self.cacheFileURL(cacheRoot: cacheRoot)
+        guard let data = try? Data(contentsOf: url) else {
+            return ModelsDevCacheLoadResult(artifact: nil, isStale: true, error: .unreadable)
+        }
+
+        let decoder = JSONDecoder()
+        decoder.dateDecodingStrategy = .iso8601
+        guard let decoded = try? decoder.decode(ModelsDevCacheArtifact.self, from: data) else {
+            return ModelsDevCacheLoadResult(artifact: nil, isStale: true, error: .invalidJSON)
+        }
+        guard decoded.version == Self.artifactVersion else {
+            return ModelsDevCacheLoadResult(artifact: nil, isStale: true, error: .invalidVersion)
+        }
+
+        return ModelsDevCacheLoadResult(
+            artifact: decoded,
+            isStale: now.timeIntervalSince(decoded.fetchedAt) > Self.ttlSeconds,
+            error: nil)
+    }
+
+    static func save(catalog: ModelsDevCatalog, fetchedAt: Date = Date(), cacheRoot: URL? = nil) {
+        let artifact = ModelsDevCacheArtifact(
+            version: Self.artifactVersion,
+            fetchedAt: fetchedAt,
+            catalog: catalog)
+        self.save(artifact: artifact, cacheRoot: cacheRoot)
+    }
+
+    static func save(artifact: ModelsDevCacheArtifact, cacheRoot: URL? = nil) {
+        let url = self.cacheFileURL(cacheRoot: cacheRoot)
+        let dir = url.deletingLastPathComponent()
+        try? FileManager.default.createDirectory(at: dir, withIntermediateDirectories: true)
+
+        let encoder = JSONEncoder()
+        encoder.dateEncodingStrategy = .iso8601
+        guard let data = try? encoder.encode(artifact) else { return }
+
+        let tmp = dir.appendingPathComponent(".tmp-\(UUID().uuidString).json", isDirectory: false)
+        do {
+            try data.write(to: tmp, options: [.atomic])
+            if FileManager.default.fileExists(atPath: url.path) {
+                _ = try FileManager.default.replaceItemAt(url, withItemAt: tmp)
+            } else {
+                try FileManager.default.moveItem(at: tmp, to: url)
+            }
+        } catch {
+            try? FileManager.default.removeItem(at: tmp)
+        }
+    }
+}
+
+protocol ModelsDevHTTPTransport: Sendable {
+    func data(for request: URLRequest) async throws -> (Data, URLResponse)
+}
+
+struct URLSessionModelsDevTransport: ModelsDevHTTPTransport {
+    func data(for request: URLRequest) async throws -> (Data, URLResponse) {
+        try await URLSession.shared.data(for: request)
+    }
+}
+
+struct ModelsDevClient {
+    enum Error: Swift.Error, Equatable {
+        case invalidResponse
+        case httpStatus(Int)
+        case invalidJSON
+    }
+
+    var url: URL
+    var transport: any ModelsDevHTTPTransport
+
+    init(
+        url: URL = URL(string: "https://models.dev/api.json")!,
+        transport: any ModelsDevHTTPTransport = URLSessionModelsDevTransport())
+    {
+        self.url = url
+        self.transport = transport
+    }
+
+    func fetchCatalog() async throws -> ModelsDevCatalog {
+        var request = URLRequest(url: self.url)
+        request.httpMethod = "GET"
+        request.timeoutInterval = 20
+
+        let (data, response) = try await self.transport.data(for: request)
+        guard let http = response as? HTTPURLResponse else { throw Error.invalidResponse }
+        guard (200..<300).contains(http.statusCode) else { throw Error.httpStatus(http.statusCode) }
+
+        do {
+            return try JSONDecoder().decode(ModelsDevCatalog.self, from: data)
+        } catch {
+            throw Error.invalidJSON
+        }
+    }
+}
+
+enum ModelsDevPricingPipeline {
+    static func lookup(
+        providerID: String,
+        modelID: String,
+        now: Date = Date(),
+        cacheRoot: URL? = nil) -> ModelsDevPricingLookup?
+    {
+        ModelsDevCache.load(now: now, cacheRoot: cacheRoot)
+            .artifact?
+            .catalog
+            .pricing(providerID: providerID, modelID: modelID)
+    }
+
+    static func refreshIfNeeded(
+        now: Date = Date(),
+        cacheRoot: URL? = nil,
+        client: ModelsDevClient = ModelsDevClient()) async
+    {
+        let load = ModelsDevCache.load(now: now, cacheRoot: cacheRoot)
+        guard load.isStale else { return }
+
+        do {
+            let catalog = try await client.fetchCatalog()
+            if let oldCatalog = load.artifact?.catalog,
+               !catalog.containsProviderModels(from: oldCatalog)
+            {
+                return
+            }
+            ModelsDevCache.save(catalog: catalog, fetchedAt: now, cacheRoot: cacheRoot)
+        } catch {
+            // Best-effort refresh only. Future scanner integration should keep using the last valid cache.
+        }
+    }
+}
diff --git a/Sources/CodexBarCore/WeeklyProjection.swift b/Sources/CodexBarCore/WeeklyProjection.swift
deleted file mode 100644
index 1ac1b249b..000000000
--- a/Sources/CodexBarCore/WeeklyProjection.swift
+++ /dev/null
@@ -1,190 +0,0 @@
-import Foundation
-
-public struct WeeklyProjectionPoint: Sendable {
-    public let dayOfWeek: Int // 1=Mon ... 7=Sun
-    public let dayLabel: String // "Mon", "Tue", ...
-    public let thisWeekValue: Double? // actual data point
-    public let lastWeekValue: Double? // comparison point
-    public let projectedValue: Double? // extrapolated (future days only)
-
-    public init(
-        dayOfWeek: Int,
-        dayLabel: String,
-        thisWeekValue: Double?,
-        lastWeekValue: Double?,
-        projectedValue: Double?)
-    {
-        self.dayOfWeek = dayOfWeek
-        self.dayLabel = dayLabel
-        self.thisWeekValue = thisWeekValue
-        self.lastWeekValue = lastWeekValue
-        self.projectedValue = projectedValue
-    }
-}
-
-public struct WeeklyProjection: Sendable {
-    public let points: [WeeklyProjectionPoint]
-    public let metric: Metric
-    public let thisWeekTotal: Double?
-    public let lastWeekTotal: Double?
-    public let projectedEndOfWeek: Double?
-    public let changePercent: Double? // week-over-week change
-
-    public enum Metric: Sendable {
-        case percentage
-        case tokens
-        case cost
-    }
-
-    public init(
-        points: [WeeklyProjectionPoint],
-        metric: Metric,
-        thisWeekTotal: Double?,
-        lastWeekTotal: Double?,
-        projectedEndOfWeek: Double?,
-        changePercent: Double?)
-    {
-        self.points = points
-        self.metric = metric
-        self.thisWeekTotal = thisWeekTotal
-        self.lastWeekTotal = lastWeekTotal
-        self.projectedEndOfWeek = projectedEndOfWeek
-        self.changePercent = changePercent
-    }
-
-    public static func compute(
-        currentWeek: [WeeklyUsageRecord],
-        previousWeek: [WeeklyUsageRecord],
-        now: Date = Date()) -> WeeklyProjection
-    {
-        var cal = Calendar(identifier: .iso8601)
-        cal.timeZone = TimeZone.current
-        let todayDayOfWeek = cal.component(.weekday, from: now)
-        // Convert from Calendar weekday (1=Sun...7=Sat) to ISO 8601 (1=Mon...7=Sun)
-        let isoDayOfWeek = todayDayOfWeek == 1 ? 7 : todayDayOfWeek - 1
-
-        let dayLabels = ["Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"]
-
-        // Build lookup dictionaries by dayOfWeek
-        let currentByDay = Dictionary(uniqueKeysWithValues: currentWeek.map { ($0.dayOfWeek, $0) })
-        let previousByDay = Dictionary(uniqueKeysWithValues: previousWeek.map { ($0.dayOfWeek, $0) })
-
-        // Determine which metric to use: prefer percentage, fall back to tokens, then cost
-        let metric = Self.detectMetric(currentWeek: currentWeek, previousWeek: previousWeek)
-
-        // Compute average daily rate from this week's data.
-        // For percentage (cumulative): daily rate = latestValue / daysElapsed
-        // For tokens/cost (non-cumulative daily values): daily rate = mean of values
-        let currentValues = currentWeek.compactMap { Self.value(for: $0, metric: metric) }
-        let daysWithData = currentValues.count
-        let latestValue = currentWeek
-            .max { $0.dayOfWeek < $1.dayOfWeek }
-            .flatMap { Self.value(for: $0, metric: metric) }
-        let avgDailyRate: Double? = if daysWithData > 0 {
-            switch metric {
-            case .percentage:
-                (latestValue ?? 0) / Double(daysWithData)
-            case .tokens, .cost:
-                currentValues.reduce(0, +) / Double(daysWithData)
-            }
-        } else {
-            nil
-        }
-
-        var points: [WeeklyProjectionPoint] = []
-        for day in 1...7 {
-            let label = dayLabels[day - 1]
-            let currentRecord = currentByDay[day]
-            let previousRecord = previousByDay[day]
-
-            let thisWeekValue = currentRecord.flatMap { Self.value(for: $0, metric: metric) }
-            let lastWeekValue = previousRecord.flatMap { Self.value(for: $0, metric: metric) }
-
-            // Only project future days (after today)
-            let projectedValue: Double? = if day > isoDayOfWeek, let avgDailyRate {
-                switch metric {
-                case .percentage:
-                    // Cumulative: project what the running total will be on that day
-                    (latestValue ?? 0) + avgDailyRate * Double(day - isoDayOfWeek)
-                case .tokens, .cost:
-                    // Non-cumulative: flat daily rate per future day
-                    avgDailyRate
-                }
-            } else {
-                nil
-            }
-
-            points.append(WeeklyProjectionPoint(
-                dayOfWeek: day,
-                dayLabel: label,
-                thisWeekValue: thisWeekValue,
-                lastWeekValue: lastWeekValue,
-                projectedValue: projectedValue))
-        }
-
-        // Compute totals
-        let thisWeekTotal = Self.total(for: currentWeek, metric: metric)
-        let lastWeekTotal = Self.total(for: previousWeek, metric: metric)
-
-        // Project end-of-week
-        let projectedEndOfWeek: Double? = if let thisWeekTotal, let avgDailyRate {
-            thisWeekTotal + avgDailyRate * Double(max(0, 7 - isoDayOfWeek))
-        } else {
-            nil
-        }
-
-        // Week-over-week change
-        let changePercent: Double? = if let thisWeekTotal, let lastWeekTotal, lastWeekTotal > 0 {
-            ((thisWeekTotal - lastWeekTotal) / lastWeekTotal) * 100
-        } else {
-            nil
-        }
-
-        return WeeklyProjection(
-            points: points,
-            metric: metric,
-            thisWeekTotal: thisWeekTotal,
-            lastWeekTotal: lastWeekTotal,
-            projectedEndOfWeek: projectedEndOfWeek,
-            changePercent: changePercent)
-    }
-
-    // MARK: - Private
-
-    private static func detectMetric(
-        currentWeek: [WeeklyUsageRecord],
-        previousWeek: [WeeklyUsageRecord]) -> Metric
-    {
-        let allRecords = currentWeek + previousWeek
-        let hasPercent = allRecords.contains { $0.weeklyUsedPercent != nil }
-        if hasPercent { return .percentage }
-        let hasTokens = allRecords.contains { $0.totalTokens != nil }
-        if hasTokens { return .tokens }
-        return .cost
-    }
-
-    private static func value(for record: WeeklyUsageRecord, metric: Metric) -> Double? {
-        switch metric {
-        case .percentage:
-            record.weeklyUsedPercent
-        case .tokens:
-            record.totalTokens.map(Double.init)
-        case .cost:
-            record.costUSD
-        }
-    }
-
-    private static func total(for records: [WeeklyUsageRecord], metric: Metric) -> Double? {
-        let values = records.compactMap { Self.value(for: $0, metric: metric) }
-        guard !values.isEmpty else { return nil }
-        switch metric {
-        case .percentage:
-            // For percentage, use the latest (highest dayOfWeek) value as the "total"
-            return records
-                .max { $0.dayOfWeek < $1.dayOfWeek }
-                .flatMap { Self.value(for: $0, metric: metric) }
-        case .tokens, .cost:
-            return values.reduce(0, +)
-        }
-    }
-}
diff --git a/Sources/CodexBarCore/WeeklyUsageHistory.swift b/Sources/CodexBarCore/WeeklyUsageHistory.swift
deleted file mode 100644
index b45cd837b..000000000
--- a/Sources/CodexBarCore/WeeklyUsageHistory.swift
+++ /dev/null
@@ -1,82 +0,0 @@
-import Foundation
-
-/// A single daily snapshot combining API percentage data and local token data for weekly tracking.
-public struct WeeklyUsageRecord: Codable, Sendable, Equatable {
-    public let dayKey: String // "2026-02-11"
-    public let provider: UsageProvider
-    public let weekNumber: Int // ISO 8601 week-of-year
-    public let weekYear: Int // ISO 8601 year-for-week-of-year
-    public let dayOfWeek: Int // 1=Mon ... 7=Sun
-
-    // From RateWindow (percentage-based, from API)
-    public let weeklyUsedPercent: Double?
-    public let sessionUsedPercent: Double?
-    public let weeklyResetsAt: Date?
-
-    // From CostUsageTokenSnapshot (token-based, from local logs)
-    public let totalTokens: Int?
-    public let inputTokens: Int?
-    public let outputTokens: Int?
-    public let costUSD: Double?
-
-    public let recordedAt: Date
-
-    public init(
-        dayKey: String,
-        provider: UsageProvider,
-        weekNumber: Int,
-        weekYear: Int,
-        dayOfWeek: Int,
-        weeklyUsedPercent: Double?,
-        sessionUsedPercent: Double?,
-        weeklyResetsAt: Date?,
-        totalTokens: Int?,
-        inputTokens: Int?,
-        outputTokens: Int?,
-        costUSD: Double?,
-        recordedAt: Date)
-    {
-        self.dayKey = dayKey
-        self.provider = provider
-        self.weekNumber = weekNumber
-        self.weekYear = weekYear
-        self.dayOfWeek = dayOfWeek
-        self.weeklyUsedPercent = weeklyUsedPercent
-        self.sessionUsedPercent = sessionUsedPercent
-        self.weeklyResetsAt = weeklyResetsAt
-        self.totalTokens = totalTokens
-        self.inputTokens = inputTokens
-        self.outputTokens = outputTokens
-        self.costUSD = costUSD
-        self.recordedAt = recordedAt
-    }
-}
-
-/// Container for weekly usage records with query helpers.
-public struct WeeklyUsageReport: Codable, Sendable {
-    public var records: [WeeklyUsageRecord]
-
-    public init(records: [WeeklyUsageRecord] = []) {
-        self.records = records
-    }
-
-    public func currentWeek(now: Date = Date()) -> [WeeklyUsageRecord] {
-        let cal = Calendar(identifier: .iso8601)
-        let year = cal.component(.yearForWeekOfYear, from: now)
-        let week = cal.component(.weekOfYear, from: now)
-        return self.week(year: year, number: week)
-    }
-
-    public func previousWeek(now: Date = Date()) -> [WeeklyUsageRecord] {
-        let cal = Calendar(identifier: .iso8601)
-        guard let oneWeekAgo = cal.date(byAdding: .weekOfYear, value: -1, to: now) else { return [] }
-        let year = cal.component(.yearForWeekOfYear, from: oneWeekAgo)
-        let week = cal.component(.weekOfYear, from: oneWeekAgo)
-        return self.week(year: year, number: week)
-    }
-
-    public func week(year: Int, number: Int) -> [WeeklyUsageRecord] {
-        self.records.filter { $0.weekYear == year && $0.weekNumber == number }
-            .sorted { $0.dayOfWeek < $1.dayOfWeek }
-    }
-}
diff --git a/Sources/CodexBarCore/WeeklyUsageHistoryStore.swift b/Sources/CodexBarCore/WeeklyUsageHistoryStore.swift
deleted file mode 100644
index f6e61a2de..000000000
--- a/Sources/CodexBarCore/WeeklyUsageHistoryStore.swift
+++ /dev/null
@@ -1,81 +0,0 @@
-import Foundation
-
-public enum WeeklyUsageHistoryStore {
-    private static let directoryName = "usage-history"
-
-    public static func load(provider: UsageProvider) -> WeeklyUsageReport? {
-        guard let url = self.fileURL(for: provider) else { return nil }
-        guard let data = try? Data(contentsOf: url) else { return nil }
-        return try? self.decoder.decode(WeeklyUsageReport.self, from: data)
-    }
-
-    public static func save(record: WeeklyUsageRecord) {
-        let provider = record.provider
-        var report = self.load(provider: provider) ?? WeeklyUsageReport()
-
-        // Upsert by dayKey (last-write-wins for same day)
-        if let index = report.records.firstIndex(where: { $0.dayKey == record.dayKey }) {
-            report.records[index] = record
-        } else {
-            report.records.append(record)
-        }
-
-        guard let url = self.fileURL(for: provider) else { return }
-        do {
-            let data = try self.encoder.encode(report)
-            try data.write(to: url, options: [.atomic])
-        } catch {
-            return
-        }
-    }
-
-    public static func prune(provider: UsageProvider, keepingWeeks: Int = 12) {
-        guard var report = self.load(provider: provider) else { return }
-        let cal = Calendar(identifier: .iso8601)
-        let now = Date()
-        guard let cutoff = cal.date(byAdding: .weekOfYear, value: -keepingWeeks, to: now) else { return }
-        let cutoffYear = cal.component(.yearForWeekOfYear, from: cutoff)
-        let cutoffWeek = cal.component(.weekOfYear, from: cutoff)
-
-        let before = report.records.count
-        report.records.removeAll { record in
-            if record.weekYear < cutoffYear { return true }
-            if record.weekYear == cutoffYear, record.weekNumber < cutoffWeek { return true }
-            return false
-        }
-
-        guard report.records.count != before else { return }
-        guard let url = self.fileURL(for: provider) else { return }
-        do {
-            let data = try self.encoder.encode(report)
-            try data.write(to: url, options: [.atomic])
-        } catch {
-            return
-        }
-    }
-
-    // MARK: - Private
-
-    private static func fileURL(for provider: UsageProvider) -> URL? {
-        let fm = FileManager.default
-        let base = fm.urls(for: .applicationSupportDirectory, in: .userDomainMask).first
-            ?? fm.temporaryDirectory
-        let dir = base
-            .appendingPathComponent("CodexBar", isDirectory: true)
-            .appendingPathComponent(self.directoryName, isDirectory: true)
-        try? fm.createDirectory(at: dir, withIntermediateDirectories: true)
-        return dir.appendingPathComponent("\(provider.rawValue)-weekly-v1.json", isDirectory: false)
-    }
-
-    private static var encoder: JSONEncoder {
-        let encoder = JSONEncoder()
-        encoder.dateEncodingStrategy = .iso8601
-        return encoder
-    }
-
-    private static var decoder: JSONDecoder {
-        let decoder = JSONDecoder()
-        decoder.dateDecodingStrategy = .iso8601
-        return decoder
-    }
-}
diff --git a/Sources/CodexBarCore/WidgetSnapshot.swift b/Sources/CodexBarCore/WidgetSnapshot.swift
index 25a2f85b9..17affa8b1 100644
--- a/Sources/CodexBarCore/WidgetSnapshot.swift
+++ b/Sources/CodexBarCore/WidgetSnapshot.swift
@@ -1,12 +1,25 @@
 import Foundation
 
 public struct WidgetSnapshot: Codable, Sendable {
+    public struct WidgetUsageRowSnapshot: Codable, Equatable, Sendable {
+        public let id: String
+        public let title: String
+        public let percentLeft: Double?
+
+        public init(id: String, title: String, percentLeft: Double?) {
+            self.id = id
+            self.title = title
+            self.percentLeft = percentLeft
+        }
+    }
+
     public struct ProviderEntry: Codable, Sendable {
         public let provider: UsageProvider
         public let updatedAt: Date
         public let primary: RateWindow?
         public let secondary: RateWindow?
         public let tertiary: RateWindow?
+        public let usageRows: [WidgetUsageRowSnapshot]?
         public let creditsRemaining: Double?
         public let codeReviewRemainingPercent: Double?
         public let tokenUsage: TokenUsageSummary?
@@ -18,6 +31,7 @@ public struct WidgetSnapshot: Codable, Sendable {
             primary: RateWindow?,
             secondary: RateWindow?,
             tertiary: RateWindow?,
+            usageRows: [WidgetUsageRowSnapshot]? = nil,
             creditsRemaining: Double?,
             codeReviewRemainingPercent: Double?,
             tokenUsage: TokenUsageSummary?,
@@ -28,6 +42,7 @@ public struct WidgetSnapshot: Codable, Sendable {
             self.primary = primary
             self.secondary = secondary
             self.tertiary = tertiary
+            self.usageRows = usageRows
             self.creditsRemaining = creditsRemaining
             self.codeReviewRemainingPercent = codeReviewRemainingPercent
             self.tokenUsage = tokenUsage
@@ -40,17 +55,54 @@ public struct WidgetSnapshot: Codable, Sendable {
         public let sessionTokens: Int?
         public let last30DaysCostUSD: Double?
         public let last30DaysTokens: Int?
+        public let currencyCode: String
+        public let sessionLabel: String
+        public let last30DaysLabel: String
 
         public init(
             sessionCostUSD: Double?,
             sessionTokens: Int?,
             last30DaysCostUSD: Double?,
-            last30DaysTokens: Int?)
+            last30DaysTokens: Int?,
+            currencyCode: String = "USD",
+            sessionLabel: String = "Today",
+            last30DaysLabel: String = "30d")
         {
             self.sessionCostUSD = sessionCostUSD
             self.sessionTokens = sessionTokens
             self.last30DaysCostUSD = last30DaysCostUSD
             self.last30DaysTokens = last30DaysTokens
+            self.currencyCode = currencyCode.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+                ? "USD"
+                : currencyCode.trimmingCharacters(in: .whitespacesAndNewlines).uppercased()
+            self.sessionLabel = sessionLabel.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+                ? "Today"
+                : sessionLabel
+            self.last30DaysLabel = last30DaysLabel.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+                ? "30d"
+                : last30DaysLabel
+        }
+
+        private enum CodingKeys: String, CodingKey {
+            case sessionCostUSD
+            case sessionTokens
+            case last30DaysCostUSD
+            case last30DaysTokens
+            case currencyCode
+            case sessionLabel
+            case last30DaysLabel
+        }
+
+        public init(from decoder: Decoder) throws {
+            let container = try decoder.container(keyedBy: CodingKeys.self)
+            try self.init(
+                sessionCostUSD: container.decodeIfPresent(Double.self, forKey: .sessionCostUSD),
+                sessionTokens: container.decodeIfPresent(Int.self, forKey: .sessionTokens),
+                last30DaysCostUSD: container.decodeIfPresent(Double.self, forKey: .last30DaysCostUSD),
+                last30DaysTokens: container.decodeIfPresent(Int.self, forKey: .last30DaysTokens),
+                currencyCode: container.decodeIfPresent(String.self, forKey: .currencyCode) ?? "USD",
+                sessionLabel: container.decodeIfPresent(String.self, forKey: .sessionLabel) ?? "Today",
+                last30DaysLabel: container.decodeIfPresent(String.self, forKey: .last30DaysLabel) ?? "30d")
         }
     }
 
@@ -99,17 +151,16 @@ public struct WidgetSnapshot: Codable, Sendable {
 }
 
 public enum WidgetSnapshotStore {
-    public static let appGroupID = "group.com.steipete.codexbar"
-    private static let filename = "widget-snapshot.json"
+    private static let filename = AppGroupSupport.widgetSnapshotFilename
 
     public static func load(bundleID: String? = Bundle.main.bundleIdentifier) -> WidgetSnapshot? {
-        guard let url = self.snapshotURL(bundleID: bundleID) else { return nil }
+        let url = self.snapshotURL(bundleID: bundleID)
         guard let data = try? Data(contentsOf: url) else { return nil }
         return try? self.decoder.decode(WidgetSnapshot.self, from: data)
     }
 
     public static func save(_ snapshot: WidgetSnapshot, bundleID: String? = Bundle.main.bundleIdentifier) {
-        guard let url = self.snapshotURL(bundleID: bundleID) else { return }
+        let url = self.snapshotURL(bundleID: bundleID)
         do {
             let data = try self.encoder.encode(snapshot)
             try data.write(to: url, options: [.atomic])
@@ -118,32 +169,12 @@ public enum WidgetSnapshotStore {
         }
     }
 
-    private static func snapshotURL(bundleID: String?) -> URL? {
-        let fm = FileManager.default
-        let groupID = self.groupID(for: bundleID)
-        #if os(macOS)
-        if let groupID, let container = fm.containerURL(forSecurityApplicationGroupIdentifier: groupID) {
-            return container.appendingPathComponent(self.filename, isDirectory: false)
-        }
-        #endif
-
-        let base = fm.urls(for: .applicationSupportDirectory, in: .userDomainMask).first
-            ?? fm.temporaryDirectory
-        let dir = base.appendingPathComponent("CodexBar", isDirectory: true)
-        try? fm.createDirectory(at: dir, withIntermediateDirectories: true)
-        return dir.appendingPathComponent(self.filename, isDirectory: false)
+    private static func snapshotURL(bundleID: String?) -> URL {
+        AppGroupSupport.snapshotURL(bundleID: bundleID)
     }
 
     public static func appGroupID(for bundleID: String?) -> String? {
-        self.groupID(for: bundleID)
-    }
-
-    private static func groupID(for bundleID: String?) -> String? {
-        guard let bundleID, !bundleID.isEmpty else { return self.appGroupID }
-        if bundleID.contains(".debug") {
-            return "group.com.steipete.codexbar.debug"
-        }
-        return self.appGroupID
+        AppGroupSupport.currentGroupID(for: bundleID)
     }
 
     private static var encoder: JSONEncoder {
@@ -163,7 +194,7 @@ public enum WidgetSelectionStore {
     private static let selectedProviderKey = "widgetSelectedProvider"
 
     public static func loadSelectedProvider(bundleID: String? = Bundle.main.bundleIdentifier) -> UsageProvider? {
-        guard let defaults = self.sharedDefaults(bundleID: bundleID) else { return nil }
+        let defaults = self.sharedDefaults(bundleID: bundleID)
         guard let raw = defaults.string(forKey: self.selectedProviderKey) else { return nil }
         return UsageProvider(rawValue: raw)
     }
@@ -172,12 +203,11 @@ public enum WidgetSelectionStore {
         _ provider: UsageProvider,
         bundleID: String? = Bundle.main.bundleIdentifier)
     {
-        guard let defaults = self.sharedDefaults(bundleID: bundleID) else { return }
+        let defaults = self.sharedDefaults(bundleID: bundleID)
         defaults.set(provider.rawValue, forKey: self.selectedProviderKey)
     }
 
-    private static func sharedDefaults(bundleID: String?) -> UserDefaults? {
-        guard let groupID = WidgetSnapshotStore.appGroupID(for: bundleID) else { return nil }
-        return UserDefaults(suiteName: groupID)
+    private static func sharedDefaults(bundleID: String?) -> UserDefaults {
+        AppGroupSupport.sharedDefaults(bundleID: bundleID) ?? .standard
     }
 }
diff --git a/Sources/CodexBarWidget/CodexBarWidgetProvider.swift b/Sources/CodexBarWidget/CodexBarWidgetProvider.swift
index eb0d00574..aa3c5cb34 100644
--- a/Sources/CodexBarWidget/CodexBarWidgetProvider.swift
+++ b/Sources/CodexBarWidget/CodexBarWidgetProvider.swift
@@ -7,12 +7,15 @@ enum ProviderChoice: String, AppEnum {
     case codex
     case claude
     case gemini
+    case alibaba
+    case alibabatokenplan
     case antigravity
     case zai
     case copilot
     case minimax
     case kilo
     case opencode
+    case opencodego
 
     static let typeDisplayRepresentation = TypeDisplayRepresentation(name: "Provider")
 
@@ -20,12 +23,15 @@ enum ProviderChoice: String, AppEnum {
         .codex: DisplayRepresentation(title: "Codex"),
         .claude: DisplayRepresentation(title: "Claude"),
         .gemini: DisplayRepresentation(title: "Gemini"),
+        .alibaba: DisplayRepresentation(title: "Alibaba"),
+        .alibabatokenplan: DisplayRepresentation(title: "Alibaba Token Plan"),
         .antigravity: DisplayRepresentation(title: "Antigravity"),
         .zai: DisplayRepresentation(title: "z.ai"),
         .copilot: DisplayRepresentation(title: "Copilot"),
         .minimax: DisplayRepresentation(title: "MiniMax"),
         .kilo: DisplayRepresentation(title: "Kilo"),
         .opencode: DisplayRepresentation(title: "OpenCode"),
+        .opencodego: DisplayRepresentation(title: "OpenCode Go"),
     ]
 
     var provider: UsageProvider {
@@ -33,12 +39,15 @@ enum ProviderChoice: String, AppEnum {
         case .codex: .codex
         case .claude: .claude
         case .gemini: .gemini
+        case .alibaba: .alibaba
+        case .alibabatokenplan: .alibabatokenplan
         case .antigravity: .antigravity
         case .zai: .zai
         case .copilot: .copilot
         case .minimax: .minimax
         case .kilo: .kilo
         case .opencode: .opencode
+        case .opencodego: .opencodego
         }
     }
 
@@ -46,15 +55,21 @@ enum ProviderChoice: String, AppEnum {
     init?(provider: UsageProvider) {
         switch provider {
         case .codex: self = .codex
+        case .openai: return nil // OpenAI not yet supported in widgets
+        case .azureopenai: return nil // Azure OpenAI not yet supported in widgets
         case .claude: self = .claude
         case .gemini: self = .gemini
+        case .alibaba: self = .alibaba
+        case .alibabatokenplan: self = .alibabatokenplan
         case .antigravity: self = .antigravity
         case .cursor: return nil // Cursor not yet supported in widgets
         case .opencode: self = .opencode
+        case .opencodego: self = .opencodego
         case .zai: self = .zai
         case .factory: return nil // Factory not yet supported in widgets
         case .copilot: self = .copilot
         case .minimax: self = .minimax
+        case .manus: return nil // Manus not yet supported in widgets
         case .vertexai: return nil // Vertex AI not yet supported in widgets
         case .kilo: self = .kilo
         case .kiro: return nil // Kiro not yet supported in widgets
@@ -62,11 +77,31 @@ enum ProviderChoice: String, AppEnum {
         case .jetbrains: return nil // JetBrains not yet supported in widgets
         case .kimi: return nil // Kimi not yet supported in widgets
         case .kimik2: return nil // Kimi K2 not yet supported in widgets
+        case .moonshot: return nil // Moonshot not yet supported in widgets
         case .amp: return nil // Amp not yet supported in widgets
+        case .t3chat: return nil // T3 Chat not yet supported in widgets
         case .ollama: return nil // Ollama not yet supported in widgets
         case .synthetic: return nil // Synthetic not yet supported in widgets
         case .openrouter: return nil // OpenRouter not yet supported in widgets
+        case .elevenlabs: return nil // ElevenLabs not yet supported in widgets
         case .warp: return nil // Warp not yet supported in widgets
+        case .windsurf: return nil // Windsurf not yet supported in widgets
+        case .perplexity: return nil // Perplexity not yet supported in widgets
+        case .mimo: return nil // Xiaomi MiMo not yet supported in widgets
+        case .doubao: return nil // Doubao not yet supported in widgets
+        case .abacus: return nil // Abacus AI not yet supported in widgets
+        case .mistral: return nil // Mistral not yet supported in widgets
+        case .deepseek: return nil // DeepSeek not yet supported in widgets
+        case .codebuff: return nil // Codebuff not yet supported in widgets
+        case .crof: return nil // Crof not yet supported in widgets
+        case .venice: return nil // Venice not yet supported in widgets
+        case .commandcode: return nil // CommandCode not yet supported in widgets
+        case .stepfun: return nil // StepFun not yet supported in widgets
+        case .bedrock: return nil // Bedrock not yet supported in widgets
+        case .grok: return nil // Grok not yet supported in widgets
+        case .groq: return nil // Groq not yet supported in widgets
+        case .llmproxy: return nil // LLM Proxy not yet supported in widgets
+        case .deepgram: return nil // Deepgram not yet supported in widgets
         }
     }
 }
@@ -89,7 +124,7 @@ struct ProviderSelectionIntent: AppIntent, WidgetConfigurationIntent {
     static let title: LocalizedStringResource = "Provider"
     static let description = IntentDescription("Select the provider to display in the widget.")
 
-    @Parameter(title: "Provider")
+    @Parameter(title: "Provider", default: .codex)
     var provider: ProviderChoice
 
     init() {
@@ -121,10 +156,10 @@ struct CompactMetricSelectionIntent: AppIntent, WidgetConfigurationIntent {
     static let title: LocalizedStringResource = "Provider + Metric"
     static let description = IntentDescription("Select the provider and metric to display.")
 
-    @Parameter(title: "Provider")
+    @Parameter(title: "Provider", default: .codex)
     var provider: ProviderChoice
 
-    @Parameter(title: "Metric")
+    @Parameter(title: "Metric", default: .credits)
     var metric: CompactMetric
 
     init() {
@@ -174,7 +209,7 @@ struct CodexBarTimelineProvider: AppIntentTimelineProvider {
         in context: Context) async -> Timeline<CodexBarWidgetEntry>
     {
         let provider = configuration.provider.provider
-        let snapshot = WidgetSnapshotStore.load() ?? WidgetPreviewData.snapshot()
+        let snapshot = WidgetSnapshotStore.load() ?? WidgetPreviewData.emptySnapshot()
         let entry = CodexBarWidgetEntry(date: Date(), provider: provider, snapshot: snapshot)
         let refresh = Date().addingTimeInterval(30 * 60)
         return Timeline(entries: [entry], policy: .after(refresh))
@@ -203,7 +238,7 @@ struct CodexBarSwitcherTimelineProvider: TimelineProvider {
     }
 
     private func makeEntry() -> CodexBarSwitcherEntry {
-        let snapshot = WidgetSnapshotStore.load() ?? WidgetPreviewData.snapshot()
+        let snapshot = WidgetSnapshotStore.load() ?? WidgetPreviewData.emptySnapshot()
         let providers = self.availableProviders(from: snapshot)
         let stored = WidgetSelectionStore.loadSelectedProvider()
         let selected = providers.first { $0 == stored } ?? providers.first ?? .codex
@@ -218,6 +253,10 @@ struct CodexBarSwitcherTimelineProvider: TimelineProvider {
     }
 
     private func availableProviders(from snapshot: WidgetSnapshot) -> [UsageProvider] {
+        Self.supportedProviders(from: snapshot)
+    }
+
+    static func supportedProviders(from snapshot: WidgetSnapshot) -> [UsageProvider] {
         let enabled = snapshot.enabledProviders
         let providers = enabled.isEmpty ? snapshot.entries.map(\.provider) : enabled
         let supported = providers.filter { ProviderChoice(provider: $0) != nil }
@@ -236,10 +275,11 @@ struct CodexBarCompactTimelineProvider: AppIntentTimelineProvider {
 
     func snapshot(for configuration: CompactMetricSelectionIntent, in context: Context) async -> CodexBarCompactEntry {
         let provider = configuration.provider.provider
+        let metric = configuration.metric
         return CodexBarCompactEntry(
             date: Date(),
             provider: provider,
-            metric: configuration.metric,
+            metric: metric,
             snapshot: WidgetSnapshotStore.load() ?? WidgetPreviewData.snapshot())
     }
 
@@ -248,11 +288,12 @@ struct CodexBarCompactTimelineProvider: AppIntentTimelineProvider {
         in context: Context) async -> Timeline<CodexBarCompactEntry>
     {
         let provider = configuration.provider.provider
-        let snapshot = WidgetSnapshotStore.load() ?? WidgetPreviewData.snapshot()
+        let metric = configuration.metric
+        let snapshot = WidgetSnapshotStore.load() ?? WidgetPreviewData.emptySnapshot()
         let entry = CodexBarCompactEntry(
             date: Date(),
             provider: provider,
-            metric: configuration.metric,
+            metric: metric,
             snapshot: snapshot)
         let refresh = Date().addingTimeInterval(30 * 60)
         return Timeline(entries: [entry], policy: .after(refresh))
@@ -260,6 +301,10 @@ struct CodexBarCompactTimelineProvider: AppIntentTimelineProvider {
 }
 
 enum WidgetPreviewData {
+    static func emptySnapshot() -> WidgetSnapshot {
+        WidgetSnapshot(entries: [], enabledProviders: [], generatedAt: Date())
+    }
+
     static func snapshot() -> WidgetSnapshot {
         let primary = RateWindow(usedPercent: 35, windowMinutes: nil, resetsAt: nil, resetDescription: "Resets in 4h")
         let secondary = RateWindow(usedPercent: 60, windowMinutes: nil, resetsAt: nil, resetDescription: "Resets in 3d")
diff --git a/Sources/CodexBarWidget/CodexBarWidgetViews.swift b/Sources/CodexBarWidget/CodexBarWidgetViews.swift
index fbb8c5d9c..68fd97228 100644
--- a/Sources/CodexBarWidget/CodexBarWidgetViews.swift
+++ b/Sources/CodexBarWidget/CodexBarWidgetViews.swift
@@ -184,13 +184,19 @@ private struct CompactMetricView: View {
             let value = self.entry.creditsRemaining.map(WidgetFormat.credits) ?? "—"
             return (value, "Credits left", nil)
         case .todayCost:
-            let value = self.entry.tokenUsage?.sessionCostUSD.map(WidgetFormat.usd) ?? "—"
+            let value = self.entry.tokenUsage.map { token in
+                token.sessionCostUSD.map { WidgetFormat.currency($0, code: token.currencyCode) } ?? "—"
+            } ?? "—"
             let detail = self.entry.tokenUsage?.sessionTokens.map(WidgetFormat.tokenCount)
-            return (value, "Today cost", detail)
+            let label = self.entry.tokenUsage.map { "\($0.sessionLabel) cost" } ?? "Today cost"
+            return (value, label, detail)
         case .last30DaysCost:
-            let value = self.entry.tokenUsage?.last30DaysCostUSD.map(WidgetFormat.usd) ?? "—"
+            let value = self.entry.tokenUsage.map { token in
+                token.last30DaysCostUSD.map { WidgetFormat.currency($0, code: token.currencyCode) } ?? "—"
+            } ?? "—"
             let detail = self.entry.tokenUsage?.last30DaysTokens.map(WidgetFormat.tokenCount)
-            return (value, "30d cost", detail)
+            let label = self.entry.tokenUsage.map { "\($0.last30DaysLabel) cost" } ?? "30d cost"
+            return (value, label, detail)
         }
     }
 }
@@ -258,15 +264,21 @@ private struct ProviderSwitchChip: View {
     private var shortLabel: String {
         switch self.provider {
         case .codex: "Codex"
+        case .openai: "OpenAI"
+        case .azureopenai: "Azure OpenAI"
         case .claude: "Claude"
         case .gemini: "Gemini"
         case .antigravity: "Anti"
         case .cursor: "Cursor"
         case .opencode: "OpenCode"
+        case .opencodego: "OpenCode Go"
+        case .alibaba: "Alibaba"
+        case .alibabatokenplan: "Token Plan"
         case .zai: "z.ai"
         case .factory: "Droid"
         case .copilot: "Copilot"
         case .minimax: "MiniMax"
+        case .manus: "Manus"
         case .vertexai: "Vertex"
         case .kilo: "Kilo"
         case .kiro: "Kiro"
@@ -274,11 +286,31 @@ private struct ProviderSwitchChip: View {
         case .jetbrains: "JetBrains"
         case .kimi: "Kimi"
         case .kimik2: "Kimi K2"
+        case .moonshot: "Moonshot"
         case .amp: "Amp"
+        case .t3chat: "T3 Chat"
         case .ollama: "Ollama"
         case .synthetic: "Synthetic"
         case .openrouter: "OpenRouter"
+        case .elevenlabs: "ElevenLabs"
         case .warp: "Warp"
+        case .windsurf: "Windsurf"
+        case .perplexity: "Pplx"
+        case .mimo: "MiMo"
+        case .doubao: "Doubao"
+        case .abacus: "Abacus"
+        case .mistral: "Mistral"
+        case .deepseek: "DeepSeek"
+        case .codebuff: "Codebuff"
+        case .crof: "Crof"
+        case .venice: "Venice"
+        case .commandcode: "Command Code"
+        case .stepfun: "StepFun"
+        case .bedrock: "Bedrock"
+        case .grok: "Grok"
+        case .groq: "Groq"
+        case .llmproxy: "LLM Proxy"
+        case .deepgram: "Deepgram"
         }
     }
 }
@@ -288,14 +320,12 @@ private struct SwitcherSmallUsageView: View {
 
     var body: some View {
         VStack(alignment: .leading, spacing: 8) {
-            UsageBarRow(
-                title: ProviderDefaults.metadata[self.entry.provider]?.sessionLabel ?? "Session",
-                percentLeft: self.entry.primary?.remainingPercent,
-                color: WidgetColors.color(for: self.entry.provider))
-            UsageBarRow(
-                title: ProviderDefaults.metadata[self.entry.provider]?.weeklyLabel ?? "Weekly",
-                percentLeft: self.entry.secondary?.remainingPercent,
-                color: WidgetColors.color(for: self.entry.provider))
+            ForEach(WidgetUsageRow.rows(for: self.entry)) { row in
+                UsageBarRow(
+                    title: row.title,
+                    percentLeft: row.percentLeft,
+                    color: WidgetColors.color(for: self.entry.provider))
+            }
             if let codeReview = entry.codeReviewRemainingPercent {
                 UsageBarRow(
                     title: "Code review",
@@ -311,21 +341,22 @@ private struct SwitcherMediumUsageView: View {
 
     var body: some View {
         VStack(alignment: .leading, spacing: 10) {
-            UsageBarRow(
-                title: ProviderDefaults.metadata[self.entry.provider]?.sessionLabel ?? "Session",
-                percentLeft: self.entry.primary?.remainingPercent,
-                color: WidgetColors.color(for: self.entry.provider))
-            UsageBarRow(
-                title: ProviderDefaults.metadata[self.entry.provider]?.weeklyLabel ?? "Weekly",
-                percentLeft: self.entry.secondary?.remainingPercent,
-                color: WidgetColors.color(for: self.entry.provider))
+            ForEach(WidgetUsageRow.rows(for: self.entry)) { row in
+                UsageBarRow(
+                    title: row.title,
+                    percentLeft: row.percentLeft,
+                    color: WidgetColors.color(for: self.entry.provider))
+            }
             if let credits = entry.creditsRemaining {
                 ValueLine(title: "Credits", value: WidgetFormat.credits(credits))
             }
             if let token = entry.tokenUsage {
                 ValueLine(
-                    title: "Today",
-                    value: WidgetFormat.costAndTokens(cost: token.sessionCostUSD, tokens: token.sessionTokens))
+                    title: token.sessionLabel,
+                    value: WidgetFormat.costAndTokens(
+                        cost: token.sessionCostUSD,
+                        tokens: token.sessionTokens,
+                        currencyCode: token.currencyCode))
             }
         }
     }
@@ -336,14 +367,12 @@ private struct SwitcherLargeUsageView: View {
 
     var body: some View {
         VStack(alignment: .leading, spacing: 12) {
-            UsageBarRow(
-                title: ProviderDefaults.metadata[self.entry.provider]?.sessionLabel ?? "Session",
-                percentLeft: self.entry.primary?.remainingPercent,
-                color: WidgetColors.color(for: self.entry.provider))
-            UsageBarRow(
-                title: ProviderDefaults.metadata[self.entry.provider]?.weeklyLabel ?? "Weekly",
-                percentLeft: self.entry.secondary?.remainingPercent,
-                color: WidgetColors.color(for: self.entry.provider))
+            ForEach(WidgetUsageRow.rows(for: self.entry)) { row in
+                UsageBarRow(
+                    title: row.title,
+                    percentLeft: row.percentLeft,
+                    color: WidgetColors.color(for: self.entry.provider))
+            }
             if let codeReview = entry.codeReviewRemainingPercent {
                 UsageBarRow(
                     title: "Code review",
@@ -356,13 +385,17 @@ private struct SwitcherLargeUsageView: View {
             if let token = entry.tokenUsage {
                 VStack(alignment: .leading, spacing: 4) {
                     ValueLine(
-                        title: "Today",
-                        value: WidgetFormat.costAndTokens(cost: token.sessionCostUSD, tokens: token.sessionTokens))
+                        title: token.sessionLabel,
+                        value: WidgetFormat.costAndTokens(
+                            cost: token.sessionCostUSD,
+                            tokens: token.sessionTokens,
+                            currencyCode: token.currencyCode))
                     ValueLine(
-                        title: "30d",
+                        title: token.last30DaysLabel,
                         value: WidgetFormat.costAndTokens(
                             cost: token.last30DaysCostUSD,
-                            tokens: token.last30DaysTokens))
+                            tokens: token.last30DaysTokens,
+                            currencyCode: token.currencyCode))
                 }
             }
             UsageHistoryChart(points: self.entry.dailyUsage, color: WidgetColors.color(for: self.entry.provider))
@@ -377,14 +410,12 @@ private struct SmallUsageView: View {
     var body: some View {
         VStack(alignment: .leading, spacing: 8) {
             HeaderView(provider: self.entry.provider, updatedAt: self.entry.updatedAt)
-            UsageBarRow(
-                title: ProviderDefaults.metadata[self.entry.provider]?.sessionLabel ?? "Session",
-                percentLeft: self.entry.primary?.remainingPercent,
-                color: WidgetColors.color(for: self.entry.provider))
-            UsageBarRow(
-                title: ProviderDefaults.metadata[self.entry.provider]?.weeklyLabel ?? "Weekly",
-                percentLeft: self.entry.secondary?.remainingPercent,
-                color: WidgetColors.color(for: self.entry.provider))
+            ForEach(WidgetUsageRow.rows(for: self.entry)) { row in
+                UsageBarRow(
+                    title: row.title,
+                    percentLeft: row.percentLeft,
+                    color: WidgetColors.color(for: self.entry.provider))
+            }
             if let codeReview = entry.codeReviewRemainingPercent {
                 UsageBarRow(
                     title: "Code review",
@@ -402,21 +433,22 @@ private struct MediumUsageView: View {
     var body: some View {
         VStack(alignment: .leading, spacing: 10) {
             HeaderView(provider: self.entry.provider, updatedAt: self.entry.updatedAt)
-            UsageBarRow(
-                title: ProviderDefaults.metadata[self.entry.provider]?.sessionLabel ?? "Session",
-                percentLeft: self.entry.primary?.remainingPercent,
-                color: WidgetColors.color(for: self.entry.provider))
-            UsageBarRow(
-                title: ProviderDefaults.metadata[self.entry.provider]?.weeklyLabel ?? "Weekly",
-                percentLeft: self.entry.secondary?.remainingPercent,
-                color: WidgetColors.color(for: self.entry.provider))
+            ForEach(WidgetUsageRow.rows(for: self.entry)) { row in
+                UsageBarRow(
+                    title: row.title,
+                    percentLeft: row.percentLeft,
+                    color: WidgetColors.color(for: self.entry.provider))
+            }
             if let credits = entry.creditsRemaining {
                 ValueLine(title: "Credits", value: WidgetFormat.credits(credits))
             }
             if let token = entry.tokenUsage {
                 ValueLine(
-                    title: "Today",
-                    value: WidgetFormat.costAndTokens(cost: token.sessionCostUSD, tokens: token.sessionTokens))
+                    title: token.sessionLabel,
+                    value: WidgetFormat.costAndTokens(
+                        cost: token.sessionCostUSD,
+                        tokens: token.sessionTokens,
+                        currencyCode: token.currencyCode))
             }
         }
         .padding(12)
@@ -429,14 +461,12 @@ private struct LargeUsageView: View {
     var body: some View {
         VStack(alignment: .leading, spacing: 12) {
             HeaderView(provider: self.entry.provider, updatedAt: self.entry.updatedAt)
-            UsageBarRow(
-                title: ProviderDefaults.metadata[self.entry.provider]?.sessionLabel ?? "Session",
-                percentLeft: self.entry.primary?.remainingPercent,
-                color: WidgetColors.color(for: self.entry.provider))
-            UsageBarRow(
-                title: ProviderDefaults.metadata[self.entry.provider]?.weeklyLabel ?? "Weekly",
-                percentLeft: self.entry.secondary?.remainingPercent,
-                color: WidgetColors.color(for: self.entry.provider))
+            ForEach(WidgetUsageRow.rows(for: self.entry)) { row in
+                UsageBarRow(
+                    title: row.title,
+                    percentLeft: row.percentLeft,
+                    color: WidgetColors.color(for: self.entry.provider))
+            }
             if let codeReview = entry.codeReviewRemainingPercent {
                 UsageBarRow(
                     title: "Code review",
@@ -449,13 +479,17 @@ private struct LargeUsageView: View {
             if let token = entry.tokenUsage {
                 VStack(alignment: .leading, spacing: 4) {
                     ValueLine(
-                        title: "Today",
-                        value: WidgetFormat.costAndTokens(cost: token.sessionCostUSD, tokens: token.sessionTokens))
+                        title: token.sessionLabel,
+                        value: WidgetFormat.costAndTokens(
+                            cost: token.sessionCostUSD,
+                            tokens: token.sessionTokens,
+                            currencyCode: token.currencyCode))
                     ValueLine(
-                        title: "30d",
+                        title: token.last30DaysLabel,
                         value: WidgetFormat.costAndTokens(
                             cost: token.last30DaysCostUSD,
-                            tokens: token.last30DaysTokens))
+                            tokens: token.last30DaysTokens,
+                            currencyCode: token.currencyCode))
                 }
             }
             UsageHistoryChart(points: self.entry.dailyUsage, color: WidgetColors.color(for: self.entry.provider))
@@ -465,6 +499,39 @@ private struct LargeUsageView: View {
     }
 }
 
+struct WidgetUsageRow: Identifiable, Equatable {
+    let id: String
+    let title: String
+    let percentLeft: Double?
+
+    static func rows(for entry: WidgetSnapshot.ProviderEntry) -> [WidgetUsageRow] {
+        if let usageRows = entry.usageRows {
+            return usageRows.map { row in
+                WidgetUsageRow(id: row.id, title: row.title, percentLeft: row.percentLeft)
+            }
+        }
+
+        let metadata = ProviderDefaults.metadata[entry.provider]
+        var rows = [
+            WidgetUsageRow(
+                id: "primary",
+                title: metadata?.sessionLabel ?? "Session",
+                percentLeft: entry.primary?.remainingPercent),
+            WidgetUsageRow(
+                id: "secondary",
+                title: metadata?.weeklyLabel ?? "Weekly",
+                percentLeft: entry.secondary?.remainingPercent),
+        ]
+        if metadata?.supportsOpus == true {
+            rows.append(WidgetUsageRow(
+                id: "tertiary",
+                title: metadata?.opusLabel ?? "Opus",
+                percentLeft: entry.tertiary?.remainingPercent))
+        }
+        return rows.filter { $0.percentLeft != nil }
+    }
+}
+
 private struct HistoryView: View {
     let entry: WidgetSnapshot.ProviderEntry
     let isLarge: Bool
@@ -476,11 +543,17 @@ private struct HistoryView: View {
                 .frame(height: self.isLarge ? 90 : 60)
             if let token = entry.tokenUsage {
                 ValueLine(
-                    title: "Today",
-                    value: WidgetFormat.costAndTokens(cost: token.sessionCostUSD, tokens: token.sessionTokens))
+                    title: token.sessionLabel,
+                    value: WidgetFormat.costAndTokens(
+                        cost: token.sessionCostUSD,
+                        tokens: token.sessionTokens,
+                        currencyCode: token.currencyCode))
                 ValueLine(
-                    title: "30d",
-                    value: WidgetFormat.costAndTokens(cost: token.last30DaysCostUSD, tokens: token.last30DaysTokens))
+                    title: token.last30DaysLabel,
+                    value: WidgetFormat.costAndTokens(
+                        cost: token.last30DaysCostUSD,
+                        tokens: token.last30DaysTokens,
+                        currencyCode: token.currencyCode))
             }
         }
         .padding(12)
@@ -576,6 +649,10 @@ enum WidgetColors {
         switch provider {
         case .codex:
             Color(red: 73 / 255, green: 163 / 255, blue: 176 / 255)
+        case .openai:
+            Color(red: 15 / 255, green: 130 / 255, blue: 110 / 255)
+        case .azureopenai:
+            Color(red: 0, green: 120 / 255, blue: 212 / 255)
         case .claude:
             Color(red: 204 / 255, green: 124 / 255, blue: 94 / 255)
         case .gemini:
@@ -586,6 +663,10 @@ enum WidgetColors {
             Color(red: 0 / 255, green: 191 / 255, blue: 165 / 255) // #00BFA5 - Cursor teal
         case .opencode:
             Color(red: 59 / 255, green: 130 / 255, blue: 246 / 255)
+        case .opencodego:
+            Color(red: 59 / 255, green: 130 / 255, blue: 246 / 255)
+        case .alibaba, .alibabatokenplan:
+            Color(red: 1.0, green: 106 / 255, blue: 0)
         case .zai:
             Color(red: 232 / 255, green: 90 / 255, blue: 106 / 255)
         case .factory:
@@ -594,6 +675,8 @@ enum WidgetColors {
             Color(red: 168 / 255, green: 85 / 255, blue: 247 / 255) // Purple
         case .minimax:
             Color(red: 254 / 255, green: 96 / 255, blue: 60 / 255)
+        case .manus:
+            Color(red: 24 / 255, green: 24 / 255, blue: 24 / 255)
         case .vertexai:
             Color(red: 66 / 255, green: 133 / 255, blue: 244 / 255) // Google Blue
         case .kilo:
@@ -608,16 +691,56 @@ enum WidgetColors {
             Color(red: 254 / 255, green: 96 / 255, blue: 60 / 255) // Kimi orange
         case .kimik2:
             Color(red: 76 / 255, green: 0 / 255, blue: 255 / 255) // Kimi K2 purple
+        case .moonshot:
+            Color(red: 32 / 255, green: 93 / 255, blue: 235 / 255)
         case .amp:
             Color(red: 220 / 255, green: 38 / 255, blue: 38 / 255) // Amp red
+        case .t3chat:
+            Color(red: 245 / 255, green: 102 / 255, blue: 71 / 255)
         case .ollama:
             Color(red: 32 / 255, green: 32 / 255, blue: 32 / 255) // Ollama charcoal
         case .synthetic:
             Color(red: 20 / 255, green: 20 / 255, blue: 20 / 255) // Synthetic charcoal
         case .openrouter:
             Color(red: 111 / 255, green: 66 / 255, blue: 193 / 255) // OpenRouter purple
+        case .elevenlabs:
+            Color(red: 235 / 255, green: 235 / 255, blue: 230 / 255)
         case .warp:
             Color(red: 147 / 255, green: 139 / 255, blue: 180 / 255)
+        case .windsurf:
+            Color(red: 52 / 255, green: 232 / 255, blue: 187 / 255) // Windsurf #34e8bb
+        case .perplexity:
+            Color(red: 32 / 255, green: 178 / 255, blue: 170 / 255) // Perplexity teal
+        case .mimo:
+            Color(red: 1.0, green: 105 / 255, blue: 0)
+        case .doubao:
+            Color(red: 45 / 255, green: 136 / 255, blue: 255 / 255) // Doubao blue
+        case .abacus:
+            Color(red: 56 / 255, green: 189 / 255, blue: 248 / 255)
+        case .mistral:
+            Color(red: 255 / 255, green: 80 / 255, blue: 15 / 255) // Mistral orange
+        case .deepseek:
+            Color(red: 82 / 255, green: 125 / 255, blue: 240 / 255)
+        case .codebuff:
+            Color(red: 68 / 255, green: 255 / 255, blue: 0 / 255) // Codebuff lime
+        case .crof:
+            Color(red: 46 / 255, green: 171 / 255, blue: 148 / 255)
+        case .venice:
+            Color(red: 51 / 255, green: 153 / 255, blue: 1.0)
+        case .commandcode:
+            Color(red: 0, green: 0, blue: 0)
+        case .stepfun:
+            Color(red: 255 / 255, green: 140 / 255, blue: 0 / 255) // StepFun orange
+        case .bedrock:
+            Color(red: 255 / 255, green: 153 / 255, blue: 0 / 255) // AWS orange
+        case .grok:
+            Color(red: 16 / 255, green: 163 / 255, blue: 127 / 255) // Grok teal
+        case .groq:
+            Color(red: 245 / 255, green: 104 / 255, blue: 68 / 255)
+        case .llmproxy:
+            Color(red: 36 / 255, green: 180 / 255, blue: 126 / 255)
+        case .deepgram:
+            Color(red: 10 / 255, green: 18 / 255, blue: 27 / 255)
         }
     }
 }
@@ -636,21 +759,21 @@ enum WidgetFormat {
         return formatter.string(from: NSNumber(value: value)) ?? String(format: "%.2f", value)
     }
 
-    static func costAndTokens(cost: Double?, tokens: Int?) -> String {
-        let costText = cost.map(self.usd) ?? "—"
+    static func costAndTokens(cost: Double?, tokens: Int?, currencyCode: String = "USD") -> String {
+        let costText = cost.map { self.currency($0, code: currencyCode) } ?? "—"
         if let tokens {
             return "\(costText) · \(self.tokenCount(tokens))"
         }
         return costText
     }
 
-    static func usd(_ value: Double) -> String {
+    static func currency(_ value: Double, code: String) -> String {
         let formatter = NumberFormatter()
         formatter.numberStyle = .currency
-        formatter.currencyCode = "USD"
+        formatter.currencyCode = code
         formatter.maximumFractionDigits = 2
         formatter.minimumFractionDigits = 2
-        return formatter.string(from: NSNumber(value: value)) ?? String(format: "$%.2f", value)
+        return formatter.string(from: NSNumber(value: value)) ?? "\(code) \(String(format: "%.2f", value))"
     }
 
     static func tokenCount(_ value: Int) -> String {
@@ -663,6 +786,7 @@ enum WidgetFormat {
 
     static func relativeDate(_ date: Date) -> String {
         let formatter = RelativeDateTimeFormatter()
+        formatter.locale = Locale(identifier: "en_US")
         formatter.unitsStyle = .short
         return formatter.localizedString(for: date, relativeTo: Date())
     }
diff --git a/Tests/CodexBarTests/AbacusProviderTests.swift b/Tests/CodexBarTests/AbacusProviderTests.swift
new file mode 100644
index 000000000..8aca07d2b
--- /dev/null
+++ b/Tests/CodexBarTests/AbacusProviderTests.swift
@@ -0,0 +1,289 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+// MARK: - Descriptor Tests
+
+struct AbacusDescriptorTests {
+    @Test
+    func `descriptor has correct identity`() {
+        let descriptor = AbacusProviderDescriptor.descriptor
+        #expect(descriptor.id == .abacus)
+        #expect(descriptor.metadata.displayName == "Abacus AI")
+        #expect(descriptor.metadata.cliName == "abacusai")
+    }
+
+    @Test
+    func `descriptor does not expose a separate credits panel`() {
+        let meta = AbacusProviderDescriptor.descriptor.metadata
+        #expect(meta.supportsCredits == false)
+        #expect(meta.supportsOpus == false)
+    }
+
+    @Test
+    func `descriptor is not primary provider`() {
+        let meta = AbacusProviderDescriptor.descriptor.metadata
+        #expect(meta.isPrimaryProvider == false)
+        #expect(meta.defaultEnabled == false)
+    }
+
+    @Test
+    func `descriptor supports auto and web source modes`() {
+        let descriptor = AbacusProviderDescriptor.descriptor
+        #expect(descriptor.fetchPlan.sourceModes.contains(.auto))
+        #expect(descriptor.fetchPlan.sourceModes.contains(.web))
+    }
+
+    @Test
+    func `descriptor has no version detector`() {
+        let descriptor = AbacusProviderDescriptor.descriptor
+        #expect(descriptor.cli.versionDetector == nil)
+    }
+
+    @Test
+    func `descriptor does not support token cost`() {
+        let descriptor = AbacusProviderDescriptor.descriptor
+        #expect(descriptor.tokenCost.supportsTokenCost == false)
+    }
+
+    @Test
+    func `cli aliases include abacus-ai`() {
+        let descriptor = AbacusProviderDescriptor.descriptor
+        #expect(descriptor.cli.aliases.contains("abacus-ai"))
+    }
+
+    @Test
+    func `dashboard url points to compute points page`() {
+        let meta = AbacusProviderDescriptor.descriptor.metadata
+        #expect(meta.dashboardURL?.contains("compute-points") == true)
+    }
+}
+
+// MARK: - Usage Snapshot Conversion Tests
+
+struct AbacusUsageSnapshotTests {
+    @Test
+    func `converts full snapshot to usage snapshot`() throws {
+        let resetDate = Date(timeIntervalSince1970: 1_700_000_000)
+        let snapshot = AbacusUsageSnapshot(
+            creditsUsed: 250,
+            creditsTotal: 1000,
+            resetsAt: resetDate,
+            planName: "Pro")
+
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.primary != nil)
+        #expect(abs((usage.primary?.usedPercent ?? 0) - 25.0) < 0.01)
+        #expect(usage.primary?.resetDescription == "250 / 1,000 credits")
+        #expect(usage.primary?.resetsAt == resetDate)
+        // Window derived from actual billing cycle (1 calendar month before resetDate)
+        let cycleStart = try #require(Calendar.current.date(byAdding: .month, value: -1, to: resetDate))
+        let expectedMinutes = Int(resetDate.timeIntervalSince(cycleStart) / 60)
+        #expect(usage.primary?.windowMinutes == expectedMinutes)
+        #expect(usage.secondary == nil)
+        #expect(usage.tertiary == nil)
+        #expect(usage.identity?.providerID == .abacus)
+        #expect(usage.identity?.loginMethod == "Pro")
+    }
+
+    @Test
+    func `handles zero usage`() {
+        let snapshot = AbacusUsageSnapshot(
+            creditsUsed: 0,
+            creditsTotal: 500,
+            resetsAt: nil,
+            planName: "Basic")
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.usedPercent == 0.0)
+        #expect(usage.primary?.resetDescription == "0 / 500 credits")
+    }
+
+    @Test
+    func `handles full usage`() {
+        let snapshot = AbacusUsageSnapshot(
+            creditsUsed: 1000,
+            creditsTotal: 1000,
+            resetsAt: nil,
+            planName: nil)
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(abs((usage.primary?.usedPercent ?? 0) - 100.0) < 0.01)
+        #expect(usage.primary?.resetDescription == "1,000 / 1,000 credits")
+    }
+
+    @Test
+    func `handles nil credits gracefully`() {
+        let snapshot = AbacusUsageSnapshot(
+            creditsUsed: nil,
+            creditsTotal: nil,
+            resetsAt: nil,
+            planName: nil)
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.usedPercent == 0.0)
+        #expect(usage.primary?.resetDescription == nil)
+    }
+
+    @Test
+    func `handles nil total with non-nil used`() {
+        let snapshot = AbacusUsageSnapshot(
+            creditsUsed: 100,
+            creditsTotal: nil,
+            resetsAt: nil,
+            planName: nil)
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.usedPercent == 0.0)
+    }
+
+    @Test
+    func `handles zero total credits`() {
+        let snapshot = AbacusUsageSnapshot(
+            creditsUsed: 0,
+            creditsTotal: 0,
+            resetsAt: nil,
+            planName: nil)
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.usedPercent == 0.0)
+    }
+
+    @Test
+    func `formats large credit values with comma grouping`() {
+        let snapshot = AbacusUsageSnapshot(
+            creditsUsed: 12345,
+            creditsTotal: 50000,
+            resetsAt: nil,
+            planName: nil)
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.resetDescription == "12,345 / 50,000 credits")
+    }
+
+    @Test
+    func `formats fractional credit values`() {
+        let snapshot = AbacusUsageSnapshot(
+            creditsUsed: 42.5,
+            creditsTotal: 100,
+            resetsAt: nil,
+            planName: nil)
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.resetDescription == "42.5 / 100 credits")
+    }
+
+    @Test
+    func `window minutes represents monthly cycle`() {
+        let snapshot = AbacusUsageSnapshot(
+            creditsUsed: 0,
+            creditsTotal: 100,
+            resetsAt: nil,
+            planName: nil)
+
+        let usage = snapshot.toUsageSnapshot()
+        // 30 days * 24 hours * 60 minutes = 43200
+        #expect(usage.primary?.windowMinutes == 43200)
+    }
+
+    @Test
+    func `identity has no email or organization`() {
+        let snapshot = AbacusUsageSnapshot(
+            creditsUsed: 0,
+            creditsTotal: 100,
+            resetsAt: nil,
+            planName: "Pro")
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.identity?.accountEmail == nil)
+        #expect(usage.identity?.accountOrganization == nil)
+    }
+}
+
+// MARK: - Error Description Tests
+
+struct AbacusErrorTests {
+    @Test
+    func `noSessionCookie error mentions login`() {
+        let error = AbacusUsageError.noSessionCookie
+        #expect(error.errorDescription?.contains("log in") == true)
+    }
+
+    @Test
+    func `sessionExpired error mentions expired`() {
+        let error = AbacusUsageError.sessionExpired
+        #expect(error.errorDescription?.contains("expired") == true)
+    }
+
+    @Test
+    func `networkError includes message`() {
+        let error = AbacusUsageError.networkError("HTTP 500")
+        #expect(error.errorDescription?.contains("HTTP 500") == true)
+    }
+
+    @Test
+    func `parseFailed includes message`() {
+        let error = AbacusUsageError.parseFailed("Invalid JSON")
+        #expect(error.errorDescription?.contains("Invalid JSON") == true)
+    }
+
+    @Test
+    func `unauthorized error mentions login`() {
+        let error = AbacusUsageError.unauthorized
+        #expect(error.errorDescription?.contains("log in") == true)
+    }
+}
+
+// MARK: - Error Classification Tests
+
+struct AbacusErrorClassificationTests {
+    @Test
+    func `unauthorized is recoverable and auth related`() {
+        let error = AbacusUsageError.unauthorized
+        #expect(error.isRecoverable == true)
+        #expect(error.isAuthRelated == true)
+    }
+
+    @Test
+    func `sessionExpired is recoverable and auth related`() {
+        let error = AbacusUsageError.sessionExpired
+        #expect(error.isRecoverable == true)
+        #expect(error.isAuthRelated == true)
+    }
+
+    @Test
+    func `parseFailed is not recoverable`() {
+        let error = AbacusUsageError.parseFailed("bad json")
+        #expect(error.isRecoverable == false)
+        #expect(error.isAuthRelated == false)
+        #expect(error.shouldTryNextImportedSession == true)
+        #expect(error.shouldClearCachedCookie == true)
+    }
+
+    @Test
+    func `networkError is not recoverable`() {
+        let error = AbacusUsageError.networkError("timeout")
+        #expect(error.isRecoverable == false)
+        #expect(error.isAuthRelated == false)
+        #expect(error.shouldTryNextImportedSession == true)
+        #expect(error.shouldClearCachedCookie == false)
+    }
+
+    @Test
+    func `noSessionCookie is not recoverable`() {
+        let error = AbacusUsageError.noSessionCookie
+        #expect(error.isRecoverable == false)
+        #expect(error.isAuthRelated == false)
+        #expect(error.shouldTryNextImportedSession == false)
+        #expect(error.shouldClearCachedCookie == false)
+    }
+
+    @Test
+    func `auth failures continue imported session scanning`() {
+        #expect(AbacusUsageError.unauthorized.shouldTryNextImportedSession == true)
+        #expect(AbacusUsageError.sessionExpired.shouldTryNextImportedSession == true)
+        #expect(AbacusUsageError.unauthorized.shouldClearCachedCookie == true)
+        #expect(AbacusUsageError.sessionExpired.shouldClearCachedCookie == true)
+    }
+}
diff --git a/Tests/CodexBarTests/AlibabaCodingPlanCookieImporterTests.swift b/Tests/CodexBarTests/AlibabaCodingPlanCookieImporterTests.swift
new file mode 100644
index 000000000..9bf9952ae
--- /dev/null
+++ b/Tests/CodexBarTests/AlibabaCodingPlanCookieImporterTests.swift
@@ -0,0 +1,86 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+#if os(macOS)
+import SweetCookieKit
+
+struct AlibabaCodingPlanCookieImporterTests {
+    @Test
+    func `domain matching requires exact or label bounded suffix`() {
+        #expect(AlibabaCodingPlanCookieImporter.matchesCookieDomain("console.aliyun.com"))
+        #expect(AlibabaCodingPlanCookieImporter.matchesCookieDomain(".modelstudio.console.alibabacloud.com"))
+        #expect(AlibabaCodingPlanCookieImporter.matchesCookieDomain("foo.aliyun.com"))
+        #expect(AlibabaCodingPlanCookieImporter.matchesCookieDomain("evilaliyun.com") == false)
+        #expect(AlibabaCodingPlanCookieImporter.matchesCookieDomain("notalibabacloud.com") == false)
+    }
+
+    @Test
+    func `cookie import candidates honor provided browser order`() throws {
+        BrowserCookieAccessGate.resetForTesting()
+
+        let temp = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+        try FileManager.default.createDirectory(at: temp, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: temp) }
+
+        let firefoxProfile = temp
+            .appendingPathComponent("Library")
+            .appendingPathComponent("Application Support")
+            .appendingPathComponent("Firefox")
+            .appendingPathComponent("Profiles")
+            .appendingPathComponent("abc.default-release")
+        try FileManager.default.createDirectory(at: firefoxProfile, withIntermediateDirectories: true)
+        FileManager.default.createFile(
+            atPath: firefoxProfile.appendingPathComponent("cookies.sqlite").path,
+            contents: Data())
+
+        let detection = BrowserDetection(homeDirectory: temp.path, cacheTTL: 0)
+        let importOrder: BrowserCookieImportOrder = [.firefox, .safari, .chrome]
+
+        let candidates = AlibabaCodingPlanCookieImporter.cookieImportCandidates(
+            browserDetection: detection,
+            importOrder: importOrder)
+
+        let expected: [Browser] = [.firefox, .safari]
+        #expect(candidates == expected)
+    }
+
+    @Test
+    func `default cookie import candidates skip keychain browsers during tests`() throws {
+        BrowserCookieAccessGate.resetForTesting()
+
+        let temp = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+        try FileManager.default.createDirectory(at: temp, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: temp) }
+
+        let chromeProfile = temp
+            .appendingPathComponent("Library")
+            .appendingPathComponent("Application Support")
+            .appendingPathComponent("Google")
+            .appendingPathComponent("Chrome")
+            .appendingPathComponent("Default")
+        try FileManager.default.createDirectory(at: chromeProfile, withIntermediateDirectories: true)
+        let cookiesDir = chromeProfile.appendingPathComponent("Network")
+        try FileManager.default.createDirectory(at: cookiesDir, withIntermediateDirectories: true)
+        FileManager.default.createFile(
+            atPath: cookiesDir.appendingPathComponent("Cookies").path,
+            contents: Data())
+
+        let detection = BrowserDetection(homeDirectory: temp.path, cacheTTL: 0)
+        let candidates = AlibabaCodingPlanCookieImporter.cookieImportCandidates(browserDetection: detection)
+
+        #expect(candidates.first == .safari)
+        #expect(candidates.contains(.chrome) == false)
+    }
+}
+
+#else
+
+struct AlibabaCodingPlanCookieImporterTests {
+    @Test
+    func `non mac OS placeholder`() {
+        #expect(true)
+    }
+}
+
+#endif
diff --git a/Tests/CodexBarTests/AlibabaCodingPlanProviderTests.swift b/Tests/CodexBarTests/AlibabaCodingPlanProviderTests.swift
new file mode 100644
index 000000000..25dc0537b
--- /dev/null
+++ b/Tests/CodexBarTests/AlibabaCodingPlanProviderTests.swift
@@ -0,0 +1,987 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct AlibabaCodingPlanSettingsReaderTests {
+    @Test
+    func `api token reads from environment`() {
+        let token = AlibabaCodingPlanSettingsReader.apiToken(environment: ["ALIBABA_CODING_PLAN_API_KEY": "abc123"])
+        #expect(token == "abc123")
+    }
+
+    @Test
+    func `api token reads qwen alias from environment`() {
+        let token = AlibabaCodingPlanSettingsReader.apiToken(environment: ["ALIBABA_QWEN_API_KEY": "qwen123"])
+        #expect(token == "qwen123")
+    }
+
+    @Test
+    func `api token reads dashscope alias from environment`() {
+        let token = AlibabaCodingPlanSettingsReader.apiToken(environment: ["DASHSCOPE_API_KEY": "dashscope123"])
+        #expect(token == "dashscope123")
+    }
+
+    @Test
+    func `api token prefers coding plan key over aliases`() {
+        let token = AlibabaCodingPlanSettingsReader.apiToken(environment: [
+            "ALIBABA_CODING_PLAN_API_KEY": "coding-plan",
+            "ALIBABA_QWEN_API_KEY": "qwen",
+            "DASHSCOPE_API_KEY": "dashscope",
+        ])
+        #expect(token == "coding-plan")
+    }
+
+    @Test
+    func `api token strips quotes`() {
+        let token = AlibabaCodingPlanSettingsReader
+            .apiToken(environment: ["ALIBABA_CODING_PLAN_API_KEY": "\"token-xyz\""])
+        #expect(token == "token-xyz")
+    }
+
+    @Test
+    func `quota URL infers scheme`() {
+        let url = AlibabaCodingPlanSettingsReader
+            .quotaURL(environment: [AlibabaCodingPlanSettingsReader
+                    .quotaURLKey: "modelstudio.console.alibabacloud.com/data/api.json"])
+        #expect(url?.absoluteString == "https://modelstudio.console.alibabacloud.com/data/api.json")
+    }
+
+    @Test
+    func `missing cookie error includes access hint when present`() {
+        let error = AlibabaCodingPlanSettingsError
+            .missingCookie(details: "Safari cookie file exists but is not readable.")
+        #expect(error.errorDescription?.contains("Safari cookie file exists but is not readable.") == true)
+    }
+}
+
+struct AlibabaCodingPlanUsageSnapshotTests {
+    @Test
+    func `maps usage snapshot windows`() {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let reset5h = Date(timeIntervalSince1970: 1_700_000_300)
+        let resetWeek = Date(timeIntervalSince1970: 1_700_010_000)
+        let resetMonth = Date(timeIntervalSince1970: 1_700_100_000)
+        let snapshot = AlibabaCodingPlanUsageSnapshot(
+            planName: "Pro",
+            fiveHourUsedQuota: 20,
+            fiveHourTotalQuota: 100,
+            fiveHourNextRefreshTime: reset5h,
+            weeklyUsedQuota: 120,
+            weeklyTotalQuota: 400,
+            weeklyNextRefreshTime: resetWeek,
+            monthlyUsedQuota: 500,
+            monthlyTotalQuota: 2000,
+            monthlyNextRefreshTime: resetMonth,
+            updatedAt: now)
+
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.primary?.usedPercent == 20)
+        #expect(usage.primary?.windowMinutes == 300)
+        #expect(usage.secondary?.usedPercent == 30)
+        #expect(usage.secondary?.windowMinutes == 10080)
+        #expect(usage.tertiary?.usedPercent == 25)
+        #expect(usage.tertiary?.windowMinutes == 43200)
+        #expect(usage.loginMethod(for: .alibaba) == "Pro")
+    }
+
+    @Test
+    func `shifts primary reset forward when backend reset is not future`() {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let stalePrimaryReset = Date(timeIntervalSince1970: 1_699_999_900)
+        let snapshot = AlibabaCodingPlanUsageSnapshot(
+            planName: "Lite",
+            fiveHourUsedQuota: 70,
+            fiveHourTotalQuota: 1200,
+            fiveHourNextRefreshTime: stalePrimaryReset,
+            weeklyUsedQuota: 80,
+            weeklyTotalQuota: 9000,
+            weeklyNextRefreshTime: Date(timeIntervalSince1970: 1_700_010_000),
+            monthlyUsedQuota: 80,
+            monthlyTotalQuota: 18000,
+            monthlyNextRefreshTime: Date(timeIntervalSince1970: 1_700_100_000),
+            updatedAt: now)
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.resetsAt == stalePrimaryReset.addingTimeInterval(TimeInterval(5 * 60 * 60)))
+    }
+}
+
+struct AlibabaCodingPlanUsageParsingTests {
+    @Test
+    func `parses quota payload`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let json = """
+        {
+          "data": {
+            "codingPlanInstanceInfos": [
+              { "planName": "Alibaba Coding Plan Pro" }
+            ],
+            "codingPlanQuotaInfo": {
+              "per5HourUsedQuota": 52,
+              "per5HourTotalQuota": 1000,
+              "per5HourQuotaNextRefreshTime": 1700000300000,
+              "perWeekUsedQuota": 800,
+              "perWeekTotalQuota": 5000,
+              "perWeekQuotaNextRefreshTime": 1700100000000,
+              "perBillMonthUsedQuota": 1200,
+              "perBillMonthTotalQuota": 20000,
+              "perBillMonthQuotaNextRefreshTime": 1701000000000
+            }
+          },
+          "status_code": 0
+        }
+        """
+
+        let snapshot = try AlibabaCodingPlanUsageFetcher.parseUsageSnapshot(from: Data(json.utf8), now: now)
+
+        #expect(snapshot.planName == "Alibaba Coding Plan Pro")
+        #expect(snapshot.fiveHourUsedQuota == 52)
+        #expect(snapshot.fiveHourTotalQuota == 1000)
+        #expect(snapshot.weeklyTotalQuota == 5000)
+        #expect(snapshot.monthlyTotalQuota == 20000)
+        #expect(snapshot.fiveHourNextRefreshTime == Date(timeIntervalSince1970: 1_700_000_300))
+    }
+
+    @Test
+    func `multi instance quota payload uses selected active instance plan name`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let json = """
+        {
+          "data": {
+            "codingPlanInstanceInfos": [
+              {
+                "planName": "Expired Starter",
+                "status": "EXPIRED",
+                "endTime": "2025-04-01 17:00",
+                "codingPlanQuotaInfo": {
+                  "per5HourUsedQuota": 7,
+                  "per5HourTotalQuota": 100,
+                  "per5HourQuotaNextRefreshTime": 1700000100000
+                }
+              },
+              {
+                "planName": "Active Pro",
+                "status": "VALID",
+                "codingPlanQuotaInfo": {
+                  "per5HourUsedQuota": 52,
+                  "per5HourTotalQuota": 1000,
+                  "per5HourQuotaNextRefreshTime": 1700000300000
+                }
+              }
+            ]
+          },
+          "status_code": 0
+        }
+        """
+
+        let snapshot = try AlibabaCodingPlanUsageFetcher.parseUsageSnapshot(from: Data(json.utf8), now: now)
+
+        #expect(snapshot.planName == "Active Pro")
+        #expect(snapshot.fiveHourUsedQuota == 52)
+        #expect(snapshot.fiveHourTotalQuota == 1000)
+        #expect(snapshot.fiveHourNextRefreshTime == Date(timeIntervalSince1970: 1_700_000_300))
+    }
+
+    @Test
+    func `missing quota data without positive active signal fails`() {
+        let json = """
+        {
+          "data": {
+            "codingPlanInstanceInfos": [
+              { "planName": "Alibaba Coding Plan Pro" }
+            ]
+          },
+          "status_code": 0
+        }
+        """
+
+        #expect(throws: AlibabaCodingPlanUsageError.self) {
+            try AlibabaCodingPlanUsageFetcher.parseUsageSnapshot(from: Data(json.utf8))
+        }
+    }
+
+    @Test
+    func `plan usage without positive active proof fails`() {
+        let json = """
+        {
+          "data": {
+            "codingPlanInstanceInfos": [
+              {
+                "planName": "Alibaba Coding Plan Pro",
+                "planUsage": "18%"
+              }
+            ]
+          },
+          "status_code": 0
+        }
+        """
+
+        #expect(throws: AlibabaCodingPlanUsageError.self) {
+            try AlibabaCodingPlanUsageFetcher.parseUsageSnapshot(from: Data(json.utf8))
+        }
+    }
+
+    @Test
+    func `parses wrapped JSON string payload`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let inner = """
+        {
+          "data": {
+            "codingPlanInstanceInfos": [
+              {
+                "planName": "Coding Plan Lite",
+                "status": "VALID",
+                "codingPlanQuotaInfo": {
+                  "per5HourUsedQuota": 0,
+                  "per5HourTotalQuota": 1000,
+                  "per5HourQuotaNextRefreshTime": 1700000300000
+                }
+              }
+            ]
+          },
+          "statusCode": 200
+        }
+        """
+            .replacingOccurrences(of: "\n", with: "")
+            .replacingOccurrences(of: "  ", with: "")
+            .replacingOccurrences(of: "\"", with: "\\\"")
+
+        let wrapped = """
+        {
+          "successResponse": {
+            "body": "\(inner)"
+          }
+        }
+        """
+
+        let snapshot = try AlibabaCodingPlanUsageFetcher.parseUsageSnapshot(from: Data(wrapped.utf8), now: now)
+
+        #expect(snapshot.planName == "Coding Plan Lite")
+        #expect(snapshot.fiveHourTotalQuota == 1000)
+        #expect(snapshot.fiveHourUsedQuota == 0)
+    }
+
+    @Test
+    func `plan usage fallback stays visible but non quantitative`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let json = """
+        {
+          "data": {
+            "codingPlanInstanceInfos": [
+              {
+                "planName": "Coding Plan Lite",
+                "status": "VALID",
+                "planUsage": "0%",
+                "endTime": "2026-04-01 17:00"
+              }
+            ]
+          },
+          "status_code": 0
+        }
+        """
+
+        let snapshot = try AlibabaCodingPlanUsageFetcher.parseUsageSnapshot(from: Data(json.utf8), now: now)
+
+        #expect(snapshot.planName == "Coding Plan Lite")
+        #expect(snapshot.fiveHourUsedQuota == nil)
+        #expect(snapshot.fiveHourTotalQuota == nil)
+        #expect(snapshot.fiveHourNextRefreshTime == nil)
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary == nil)
+        #expect(usage.loginMethod(for: .alibaba) == "Coding Plan Lite")
+    }
+
+    @Test
+    func `falls back to active plan when quota and usage missing`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let json = """
+        {
+          "data": {
+            "codingPlanInstanceInfos": [
+              {
+                "planName": "Coding Plan Lite",
+                "status": "VALID",
+                "endTime": "2026-04-01 17:00"
+              }
+            ]
+          },
+          "status_code": 0
+        }
+        """
+
+        let snapshot = try AlibabaCodingPlanUsageFetcher.parseUsageSnapshot(from: Data(json.utf8), now: now)
+
+        #expect(snapshot.planName == "Coding Plan Lite")
+        #expect(snapshot.fiveHourUsedQuota == nil)
+        #expect(snapshot.fiveHourTotalQuota == nil)
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary == nil)
+        #expect(usage.loginMethod(for: .alibaba) == "Coding Plan Lite")
+    }
+
+    @Test
+    func `future end time counts as positive active signal`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let json = """
+        {
+          "data": {
+            "codingPlanInstanceInfos": [
+              {
+                "planName": "Coding Plan Lite",
+                "endTime": "2030-04-01 17:00"
+              }
+            ]
+          },
+          "status_code": 0
+        }
+        """
+
+        let snapshot = try AlibabaCodingPlanUsageFetcher.parseUsageSnapshot(from: Data(json.utf8), now: now)
+
+        #expect(snapshot.planName == "Coding Plan Lite")
+        #expect(snapshot.fiveHourUsedQuota == nil)
+        #expect(snapshot.weeklyTotalQuota == nil)
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary == nil)
+        #expect(usage.loginMethod(for: .alibaba) == "Coding Plan Lite")
+    }
+
+    @Test
+    func `multi instance fallback uses selected active instance plan name`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let json = """
+        {
+          "data": {
+            "codingPlanInstanceInfos": [
+              {
+                "planName": "Expired Starter",
+                "status": "EXPIRED",
+                "endTime": "2025-04-01 17:00"
+              },
+              {
+                "planName": "Active Pro",
+                "status": "VALID",
+                "planUsage": "42%"
+              }
+            ]
+          },
+          "status_code": 0
+        }
+        """
+
+        let snapshot = try AlibabaCodingPlanUsageFetcher.parseUsageSnapshot(from: Data(json.utf8), now: now)
+
+        #expect(snapshot.planName == "Active Pro")
+        #expect(snapshot.fiveHourUsedQuota == nil)
+        #expect(snapshot.fiveHourTotalQuota == nil)
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary == nil)
+        #expect(usage.loginMethod(for: .alibaba) == "Active Pro")
+    }
+
+    @Test
+    func `active instance without quota does not borrow quota from another instance`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let json = """
+        {
+          "data": {
+            "codingPlanInstanceInfos": [
+              {
+                "planName": "Expired Starter",
+                "status": "EXPIRED",
+                "endTime": "2025-04-01 17:00",
+                "codingPlanQuotaInfo": {
+                  "per5HourUsedQuota": 7,
+                  "per5HourTotalQuota": 100,
+                  "per5HourQuotaNextRefreshTime": 1700000100000
+                }
+              },
+              {
+                "planName": "Active Pro",
+                "status": "VALID"
+              }
+            ]
+          },
+          "status_code": 0
+        }
+        """
+
+        let snapshot = try AlibabaCodingPlanUsageFetcher.parseUsageSnapshot(from: Data(json.utf8), now: now)
+
+        #expect(snapshot.planName == "Active Pro")
+        #expect(snapshot.fiveHourUsedQuota == nil)
+        #expect(snapshot.fiveHourTotalQuota == nil)
+        #expect(snapshot.fiveHourNextRefreshTime == nil)
+    }
+
+    @Test
+    func `payload level active proof does not label first instance when no instance is active`() {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let json = """
+        {
+          "data": {
+            "status": "VALID",
+            "codingPlanInstanceInfos": [
+              {
+                "planName": "Expired Starter",
+                "status": "EXPIRED",
+                "endTime": "2025-04-01 17:00"
+              },
+              {
+                "planName": "No Proof Pro"
+              }
+            ]
+          },
+          "status_code": 0
+        }
+        """
+
+        #expect(throws: AlibabaCodingPlanUsageError.self) {
+            try AlibabaCodingPlanUsageFetcher.parseUsageSnapshot(from: Data(json.utf8), now: now)
+        }
+    }
+
+    @Test
+    func `does not fallback for inactive plan without quota`() {
+        let json = """
+        {
+          "data": {
+            "codingPlanInstanceInfos": [
+              {
+                "planName": "Coding Plan Lite",
+                "status": "EXPIRED"
+              }
+            ]
+          },
+          "status_code": 0
+        }
+        """
+
+        #expect(throws: AlibabaCodingPlanUsageError.self) {
+            try AlibabaCodingPlanUsageFetcher.parseUsageSnapshot(from: Data(json.utf8))
+        }
+    }
+
+    @Test
+    func `console need login payload maps to login required`() {
+        let json = """
+        {
+          "code": "ConsoleNeedLogin",
+          "message": "You need to log in.",
+          "requestId": "abc",
+          "successResponse": false
+        }
+        """
+
+        #expect(throws: AlibabaCodingPlanUsageError.loginRequired) {
+            try AlibabaCodingPlanUsageFetcher.parseUsageSnapshot(from: Data(json.utf8))
+        }
+    }
+
+    @Test
+    func `console need login payload maps to unavailable API key mode`() {
+        let json = """
+        {
+          "code": "ConsoleNeedLogin",
+          "message": "You need to log in.",
+          "requestId": "abc",
+          "successResponse": false
+        }
+        """
+
+        #expect(throws: AlibabaCodingPlanUsageError.apiKeyUnavailableInRegion) {
+            try AlibabaCodingPlanUsageFetcher.parseUsageSnapshot(
+                from: Data(json.utf8),
+                authMode: .apiKey)
+        }
+    }
+}
+
+@Suite(.serialized)
+struct AlibabaCodingPlanFallbackTests {
+    private struct StubClaudeFetcher: ClaudeUsageFetching {
+        func loadLatestUsage(model _: String) async throws -> ClaudeUsageSnapshot {
+            throw ClaudeUsageError.parseFailed("stub")
+        }
+
+        func debugRawProbe(model _: String) async -> String {
+            "stub"
+        }
+
+        func detectVersion() -> String? {
+            nil
+        }
+    }
+
+    private func makeContext(
+        sourceMode: ProviderSourceMode,
+        settings: ProviderSettingsSnapshot? = nil,
+        env: [String: String] = [:]) -> ProviderFetchContext
+    {
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        return ProviderFetchContext(
+            runtime: .cli,
+            sourceMode: sourceMode,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: settings,
+            fetcher: UsageFetcher(environment: env),
+            claudeFetcher: StubClaudeFetcher(),
+            browserDetection: browserDetection)
+    }
+
+    @Test
+    func `falls back on TLS failure in auto mode`() {
+        let strategy = AlibabaCodingPlanWebFetchStrategy()
+        let context = self.makeContext(sourceMode: .auto)
+        #expect(strategy.shouldFallback(on: URLError(.secureConnectionFailed), context: context))
+    }
+
+    @Test
+    func `does not fallback on TLS failure when source forced to web`() {
+        let strategy = AlibabaCodingPlanWebFetchStrategy()
+        let context = self.makeContext(sourceMode: .web)
+        #expect(strategy.shouldFallback(on: URLError(.secureConnectionFailed), context: context) == false)
+    }
+
+    @Test
+    func `auto mode does not borrow manual cookie authority when browser import fails`() {
+        let strategy = AlibabaCodingPlanWebFetchStrategy()
+        let settings = ProviderSettingsSnapshot.make(
+            alibaba: ProviderSettingsSnapshot.AlibabaCodingPlanProviderSettings(
+                cookieSource: .auto,
+                manualCookieHeader: "session=manual-cookie",
+                apiRegion: .international))
+        let context = self.makeContext(sourceMode: .auto, settings: settings)
+
+        CookieHeaderCache.clear(provider: .alibaba)
+        AlibabaCodingPlanCookieImporter.importSessionOverrideForTesting = { _, _ in
+            throw AlibabaCodingPlanSettingsError.missingCookie()
+        }
+        defer {
+            AlibabaCodingPlanCookieImporter.importSessionOverrideForTesting = nil
+        }
+
+        do {
+            _ = try AlibabaCodingPlanWebFetchStrategy.resolveCookieHeader(context: context, allowCached: false)
+            Issue.record("Expected auto mode to fail instead of borrowing the manual cookie header")
+        } catch let error as AlibabaCodingPlanSettingsError {
+            guard case .missingCookie = error else {
+                Issue.record("Expected missingCookie, got \(error)")
+                return
+            }
+            #expect(strategy.shouldFallback(on: error, context: context))
+        } catch {
+            Issue.record("Expected AlibabaCodingPlanSettingsError, got \(error)")
+        }
+    }
+
+    @Test
+    func `auto mode skips web when no alibaba session is available`() async {
+        let strategy = AlibabaCodingPlanWebFetchStrategy()
+        let settings = ProviderSettingsSnapshot.make(
+            alibaba: ProviderSettingsSnapshot.AlibabaCodingPlanProviderSettings(
+                cookieSource: .auto,
+                manualCookieHeader: nil,
+                apiRegion: .international))
+        let context = self.makeContext(
+            sourceMode: .auto,
+            settings: settings,
+            env: [AlibabaCodingPlanSettingsReader.apiTokenKey: "token-abc"])
+
+        CookieHeaderCache.clear(provider: .alibaba)
+        AlibabaCodingPlanCookieImporter.importSessionOverrideForTesting = { _, _ in
+            throw AlibabaCodingPlanSettingsError.missingCookie()
+        }
+        defer {
+            AlibabaCodingPlanCookieImporter.importSessionOverrideForTesting = nil
+        }
+
+        #expect(await strategy.isAvailable(context) == false)
+    }
+}
+
+struct AlibabaCodingPlanRegionTests {
+    @Test
+    func `defaults to international endpoint`() {
+        let url = AlibabaCodingPlanUsageFetcher.resolveQuotaURL(region: .international, environment: [:])
+        #expect(url.host == "modelstudio.console.alibabacloud.com")
+        #expect(url.path == "/data/api.json")
+    }
+
+    @Test
+    func `uses china mainland host`() {
+        let url = AlibabaCodingPlanUsageFetcher.resolveQuotaURL(region: .chinaMainland, environment: [:])
+        #expect(url.host == "bailian.console.aliyun.com")
+    }
+
+    @Test
+    func `host override wins for quota URL`() {
+        let env = [AlibabaCodingPlanSettingsReader.hostKey: "custom.aliyun.com"]
+        let url = AlibabaCodingPlanUsageFetcher.resolveQuotaURL(region: .international, environment: env)
+        #expect(url.host == "custom.aliyun.com")
+        #expect(url.path == "/data/api.json")
+    }
+
+    @Test
+    func `host override uses selected region for quota URL`() {
+        let env = [AlibabaCodingPlanSettingsReader.hostKey: "custom.aliyun.com"]
+        let url = AlibabaCodingPlanUsageFetcher.resolveQuotaURL(region: .chinaMainland, environment: env)
+        #expect(url.host == "custom.aliyun.com")
+
+        let components = URLComponents(url: url, resolvingAgainstBaseURL: false)
+        let currentRegion = components?.queryItems?.first(where: { $0.name == "currentRegionId" })?.value
+        #expect(currentRegion == AlibabaCodingPlanAPIRegion.chinaMainland.currentRegionID)
+    }
+
+    @Test
+    func `bare host override builds console dashboard URL`() {
+        let env = [AlibabaCodingPlanSettingsReader.hostKey: "custom.aliyun.com"]
+        let url = AlibabaCodingPlanUsageFetcher.resolveConsoleDashboardURL(region: .international, environment: env)
+        #expect(url.scheme == "https")
+        #expect(url.host == "custom.aliyun.com")
+        #expect(url.path == AlibabaCodingPlanAPIRegion.international.dashboardURL.path)
+
+        let components = URLComponents(url: url, resolvingAgainstBaseURL: false)
+        let tab = components?.queryItems?.first(where: { $0.name == "tab" })?.value
+        #expect(tab == "coding-plan")
+    }
+
+    @Test
+    func `quota url override beats host`() {
+        let env = [AlibabaCodingPlanSettingsReader.quotaURLKey: "https://example.com/custom/quota"]
+        let url = AlibabaCodingPlanUsageFetcher.resolveQuotaURL(region: .international, environment: env)
+        #expect(url.absoluteString == "https://example.com/custom/quota")
+    }
+}
+
+@Suite(.serialized)
+struct AlibabaCodingPlanUsageFetcherRequestTests {
+    @Test
+    func `api401 maps to invalid credentials`() async throws {
+        let registered = URLProtocol.registerClass(AlibabaUsageFetcherStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(AlibabaUsageFetcherStubURLProtocol.self)
+            }
+            AlibabaUsageFetcherStubURLProtocol.handler = nil
+        }
+
+        AlibabaUsageFetcherStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            return Self.makeResponse(url: url, body: #"{"message":"unauthorized"}"#, statusCode: 401)
+        }
+
+        await #expect(throws: AlibabaCodingPlanUsageError.invalidCredentials) {
+            _ = try await AlibabaCodingPlanUsageFetcher.fetchUsage(
+                apiKey: "cpk-test",
+                region: .chinaMainland,
+                environment: [AlibabaCodingPlanSettingsReader.quotaURLKey: "https://alibaba-api.test/data/api.json"])
+        }
+    }
+
+    @Test
+    func `cookie SEC token fallback survives user info request failure`() async throws {
+        let registered = URLProtocol.registerClass(AlibabaConsoleSECTokenStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(AlibabaConsoleSECTokenStubURLProtocol.self)
+            }
+            AlibabaConsoleSECTokenStubURLProtocol.handler = nil
+        }
+
+        AlibabaConsoleSECTokenStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+
+            if url.host == "modelstudio.console.alibabacloud.com", request.httpMethod == "GET" {
+                return Self.makeResponse(url: url, body: "<html></html>", statusCode: 200)
+            }
+
+            if url.host == "modelstudio.console.alibabacloud.com", url.path == "/tool/user/info.json" {
+                throw URLError(.timedOut)
+            }
+
+            if url.host == "bailian-singapore-cs.alibabacloud.com", request.httpMethod == "POST" {
+                let body = Self.requestBodyString(from: request)
+                #expect(body.contains("sec_token=cookie-sec-token"))
+                let json = """
+                {
+                  "data": {
+                    "codingPlanInstanceInfos": [
+                      { "planName": "Alibaba Coding Plan Pro", "status": "VALID" }
+                    ],
+                    "codingPlanQuotaInfo": {
+                      "per5HourUsedQuota": 52,
+                      "per5HourTotalQuota": 1000,
+                      "per5HourQuotaNextRefreshTime": 1700000300000
+                    }
+                  },
+                  "status_code": 0
+                }
+                """
+                return Self.makeResponse(url: url, body: json, statusCode: 200)
+            }
+
+            throw URLError(.unsupportedURL)
+        }
+
+        let snapshot = try await AlibabaCodingPlanUsageFetcher.fetchUsage(
+            cookieHeader: "sec_token=cookie-sec-token; login_aliyunid_ticket=ticket; login_aliyunid_pk=user",
+            region: .international,
+            environment: [:],
+            now: Date(timeIntervalSince1970: 1_700_000_000))
+
+        #expect(snapshot.planName == "Alibaba Coding Plan Pro")
+        #expect(snapshot.fiveHourUsedQuota == 52)
+        #expect(snapshot.fiveHourTotalQuota == 1000)
+    }
+
+    @Test
+    func `host override applies to user info SEC token fallback`() async throws {
+        let registered = URLProtocol.registerClass(AlibabaConsoleSECTokenStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(AlibabaConsoleSECTokenStubURLProtocol.self)
+            }
+            AlibabaConsoleSECTokenStubURLProtocol.handler = nil
+        }
+
+        AlibabaConsoleSECTokenStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            #expect(url.host == "alibaba-proxy.test")
+
+            if request.httpMethod == "GET", url.path == AlibabaCodingPlanAPIRegion.international.dashboardURL.path {
+                return Self.makeResponse(url: url, body: "<html></html>", statusCode: 200)
+            }
+
+            if request.httpMethod == "GET", url.path == "/tool/user/info.json" {
+                return Self.makeResponse(
+                    url: url,
+                    body: #"{"data":{"secToken":"override-sec-token"}}"#,
+                    statusCode: 200)
+            }
+
+            if request.httpMethod == "POST", url.path == "/data/api.json" {
+                let body = Self.requestBodyString(from: request)
+                #expect(body.contains("sec_token=override-sec-token"))
+                let json = """
+                {
+                  "data": {
+                    "codingPlanInstanceInfos": [
+                      { "planName": "Alibaba Coding Plan Pro", "status": "VALID" }
+                    ],
+                    "codingPlanQuotaInfo": {
+                      "per5HourUsedQuota": 21,
+                      "per5HourTotalQuota": 1000,
+                      "per5HourQuotaNextRefreshTime": 1700000300000
+                    }
+                  },
+                  "status_code": 0
+                }
+                """
+                return Self.makeResponse(url: url, body: json, statusCode: 200)
+            }
+
+            throw URLError(.unsupportedURL)
+        }
+
+        let snapshot = try await AlibabaCodingPlanUsageFetcher.fetchUsage(
+            cookieHeader: "sec_token=cookie-sec-token; login_aliyunid_ticket=ticket; login_aliyunid_pk=user",
+            region: .international,
+            environment: [AlibabaCodingPlanSettingsReader.hostKey: "https://alibaba-proxy.test"],
+            now: Date(timeIntervalSince1970: 1_700_000_000))
+
+        #expect(snapshot.planName == "Alibaba Coding Plan Pro")
+        #expect(snapshot.fiveHourUsedQuota == 21)
+        #expect(snapshot.fiveHourTotalQuota == 1000)
+    }
+
+    @Test
+    func `console request body uses region specific metadata`() async throws {
+        let registered = URLProtocol.registerClass(AlibabaConsoleSECTokenStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(AlibabaConsoleSECTokenStubURLProtocol.self)
+            }
+            AlibabaConsoleSECTokenStubURLProtocol.handler = nil
+        }
+
+        AlibabaConsoleSECTokenStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+
+            if request.httpMethod == "GET", url.path == AlibabaCodingPlanAPIRegion.chinaMainland.dashboardURL.path {
+                return Self.makeResponse(url: url, body: "<html></html>", statusCode: 200)
+            }
+
+            if request.httpMethod == "GET", url.path == "/tool/user/info.json" {
+                return Self.makeResponse(url: url, body: #"{"data":{"secToken":"cn-sec-token"}}"#, statusCode: 200)
+            }
+
+            if request.httpMethod == "POST", url.path == "/data/api.json" {
+                let body = Self.requestBodyString(from: request)
+                let params = try #require(Self.requestParamsDictionary(from: body))
+                let data = try #require(params["Data"] as? [String: Any])
+                let cornerstone = try #require(data["cornerstoneParam"] as? [String: Any])
+                #expect(cornerstone["domain"] as? String == AlibabaCodingPlanAPIRegion.chinaMainland.consoleDomain)
+                #expect(cornerstone["consoleSite"] as? String == AlibabaCodingPlanAPIRegion.chinaMainland.consoleSite)
+                #expect(
+                    cornerstone["feURL"] as? String
+                        == AlibabaCodingPlanAPIRegion.chinaMainland.dashboardURL.absoluteString)
+
+                let json = """
+                {
+                  "data": {
+                    "codingPlanInstanceInfos": [
+                      { "planName": "Alibaba Coding Plan Pro", "status": "VALID" }
+                    ],
+                    "codingPlanQuotaInfo": {
+                      "per5HourUsedQuota": 21,
+                      "per5HourTotalQuota": 1000,
+                      "per5HourQuotaNextRefreshTime": 1700000300000
+                    }
+                  },
+                  "status_code": 0
+                }
+                """
+                return Self.makeResponse(url: url, body: json, statusCode: 200)
+            }
+
+            throw URLError(.unsupportedURL)
+        }
+
+        let snapshot = try await AlibabaCodingPlanUsageFetcher.fetchUsage(
+            cookieHeader: "sec_token=cookie-sec-token; login_aliyunid_ticket=ticket; login_aliyunid_pk=user",
+            region: .chinaMainland,
+            environment: [:],
+            now: Date(timeIntervalSince1970: 1_700_000_000))
+
+        #expect(snapshot.planName == "Alibaba Coding Plan Pro")
+        #expect(snapshot.fiveHourUsedQuota == 21)
+        #expect(snapshot.fiveHourTotalQuota == 1000)
+    }
+
+    private static func makeResponse(url: URL, body: String, statusCode: Int) -> (HTTPURLResponse, Data) {
+        let response = HTTPURLResponse(
+            url: url,
+            statusCode: statusCode,
+            httpVersion: "HTTP/1.1",
+            headerFields: ["Content-Type": "application/json"])!
+        return (response, Data(body.utf8))
+    }
+
+    private static func requestBodyString(from request: URLRequest) -> String {
+        if let data = request.httpBody {
+            return String(data: data, encoding: .utf8) ?? ""
+        }
+
+        guard let stream = request.httpBodyStream else {
+            return ""
+        }
+
+        stream.open()
+        defer { stream.close() }
+
+        var data = Data()
+        let bufferSize = 4096
+        let buffer = UnsafeMutablePointer<UInt8>.allocate(capacity: bufferSize)
+        defer { buffer.deallocate() }
+
+        while stream.hasBytesAvailable {
+            let count = stream.read(buffer, maxLength: bufferSize)
+            if count <= 0 {
+                break
+            }
+            data.append(buffer, count: count)
+        }
+
+        return String(data: data, encoding: .utf8) ?? ""
+    }
+
+    private static func requestParamsDictionary(from body: String) -> [String: Any]? {
+        guard let components = URLComponents(string: "https://example.invalid/?\(body)"),
+              let params = components.queryItems?.first(where: { $0.name == "params" })?.value,
+              let data = params.data(using: .utf8)
+        else {
+            return nil
+        }
+
+        let object = try? JSONSerialization.jsonObject(with: data, options: [])
+        return object as? [String: Any]
+    }
+}
+
+final class AlibabaUsageFetcherStubURLProtocol: URLProtocol {
+    nonisolated(unsafe) static var handler: ((URLRequest) throws -> (HTTPURLResponse, Data))?
+
+    override static func canInit(with request: URLRequest) -> Bool {
+        request.url?.host == "alibaba-api.test"
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        guard let handler = Self.handler else {
+            self.client?.urlProtocol(self, didFailWithError: URLError(.badServerResponse))
+            return
+        }
+
+        do {
+            let (response, data) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
+}
+
+final class AlibabaConsoleSECTokenStubURLProtocol: URLProtocol {
+    nonisolated(unsafe) static var handler: ((URLRequest) throws -> (HTTPURLResponse, Data))?
+
+    override static func canInit(with request: URLRequest) -> Bool {
+        guard let host = request.url?.host else { return false }
+        return [
+            "alibaba-proxy.test",
+            "modelstudio.console.alibabacloud.com",
+            "bailian-singapore-cs.alibabacloud.com",
+            "bailian.console.aliyun.com",
+            "bailian-cs.console.aliyun.com",
+            "bailian-beijing-cs.aliyuncs.com",
+        ].contains(host)
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        guard let handler = Self.handler else {
+            self.client?.urlProtocol(self, didFailWithError: URLError(.badServerResponse))
+            return
+        }
+
+        do {
+            let (response, data) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
+}
diff --git a/Tests/CodexBarTests/AlibabaTokenPlanProviderTests.swift b/Tests/CodexBarTests/AlibabaTokenPlanProviderTests.swift
new file mode 100644
index 000000000..4916dd0e5
--- /dev/null
+++ b/Tests/CodexBarTests/AlibabaTokenPlanProviderTests.swift
@@ -0,0 +1,721 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct AlibabaTokenPlanSettingsReaderTests {
+    @Test
+    func `cookie reads from environment`() {
+        let cookie = AlibabaTokenPlanSettingsReader.cookieHeader(environment: [
+            AlibabaTokenPlanSettingsReader.cookieHeaderKey: "\"login_aliyunid_ticket=ticket\"",
+        ])
+        #expect(cookie == "login_aliyunid_ticket=ticket")
+    }
+
+    @Test
+    func `quota URL infers HTTPS scheme`() {
+        let url = AlibabaTokenPlanSettingsReader.quotaURL(environment: [
+            AlibabaTokenPlanSettingsReader.quotaURLKey: "quota.token-plan.test/data/api.json",
+        ])
+
+        #expect(url?.scheme == "https")
+        #expect(url?.host == "quota.token-plan.test")
+    }
+
+    @Test
+    func `quota URL rejects non HTTPS schemes`() {
+        let httpURL = AlibabaTokenPlanSettingsReader.quotaURL(environment: [
+            AlibabaTokenPlanSettingsReader.quotaURLKey: "http://quota.token-plan.test/data/api.json",
+        ])
+        let ftpURL = AlibabaTokenPlanSettingsReader.quotaURL(environment: [
+            AlibabaTokenPlanSettingsReader.quotaURLKey: "ftp://quota.token-plan.test/data/api.json",
+        ])
+
+        #expect(httpURL == nil)
+        #expect(ftpURL == nil)
+    }
+
+    @Test
+    func `host override rejects non HTTPS schemes`() {
+        let httpHost = AlibabaTokenPlanSettingsReader.hostOverride(environment: [
+            AlibabaTokenPlanSettingsReader.hostKey: "http://dashboard.token-plan.test",
+        ])
+        let httpsHost = AlibabaTokenPlanSettingsReader.hostOverride(environment: [
+            AlibabaTokenPlanSettingsReader.hostKey: "https://dashboard.token-plan.test",
+        ])
+        let bareHost = AlibabaTokenPlanSettingsReader.hostOverride(environment: [
+            AlibabaTokenPlanSettingsReader.hostKey: "dashboard.token-plan.test",
+        ])
+
+        #expect(httpHost == nil)
+        #expect(httpsHost == "https://dashboard.token-plan.test")
+        #expect(bareHost == "dashboard.token-plan.test")
+    }
+
+    @Test
+    func `default quota URL targets subscription summary API`() {
+        let url = AlibabaTokenPlanUsageFetcher.defaultQuotaURL
+        #expect(url.host == "bailian.console.aliyun.com")
+        #expect(url.absoluteString.contains("GetSubscriptionSummary"))
+        #expect(url.absoluteString.contains("BssOpenAPI-V3"))
+    }
+}
+
+struct AlibabaTokenPlanCookieHeaderTests {
+    @Test
+    func `builds URL scoped headers for API and dashboard`() throws {
+        let cookies = [
+            self.cookie(name: "login_aliyunid_ticket", value: "ticket", domain: ".aliyun.com"),
+            self.cookie(name: "login_current_pk", value: "account", domain: ".aliyun.com"),
+            self.cookie(name: "sec_token", value: "shared", domain: ".console.aliyun.com"),
+            self.cookie(name: "sec_token", value: "dashboard", domain: "bailian.console.aliyun.com"),
+            self.cookie(name: "modelstudio_only", value: "modelstudio", domain: "modelstudio.console.alibabacloud.com"),
+        ]
+
+        let headers = try #require(AlibabaTokenPlanCookieHeader.headers(from: cookies))
+
+        #expect(headers.apiCookieHeader.contains("login_aliyunid_ticket=ticket"))
+        #expect(headers.apiCookieHeader.contains("login_current_pk=account"))
+        #expect(headers.apiCookieHeader.contains("sec_token=dashboard"))
+        #expect(!headers.apiCookieHeader.contains("modelstudio_only=modelstudio"))
+        #expect(headers.dashboardCookieHeader.contains("sec_token=dashboard"))
+        #expect(!headers.dashboardCookieHeader.contains("modelstudio_only=modelstudio"))
+    }
+
+    @Test
+    func `cached token plan headers preserve URL scoping`() throws {
+        let headers = AlibabaTokenPlanCookieHeaders(
+            apiCookieHeader: "login_aliyunid_ticket=ticket; api_only=api",
+            dashboardCookieHeader: "login_aliyunid_ticket=ticket; dashboard_only=dashboard")
+
+        let cached = try #require(AlibabaTokenPlanCookieHeaders(cachedHeader: headers.cacheCookieHeader))
+
+        #expect(cached.apiCookieHeader.contains("api_only=api"))
+        #expect(!cached.apiCookieHeader.contains("dashboard_only=dashboard"))
+        #expect(cached.dashboardCookieHeader.contains("dashboard_only=dashboard"))
+        #expect(!cached.dashboardCookieHeader.contains("api_only=api"))
+    }
+
+    @Test
+    func `builds headers from environment scoped URLs`() throws {
+        let cookies = [
+            self.cookie(name: "login_aliyunid_ticket", value: "ticket", domain: ".token-plan.test"),
+            self.cookie(name: "api_only", value: "api", domain: "quota.token-plan.test"),
+            self.cookie(name: "dashboard_only", value: "dashboard", domain: "dashboard.token-plan.test"),
+            self.cookie(name: "prod_api_only", value: "prod-api", domain: "bailian.console.aliyun.com"),
+            self.cookie(name: "prod_dashboard_only", value: "prod-dashboard", domain: "bailian.console.aliyun.com"),
+        ]
+
+        let headers = try #require(AlibabaTokenPlanCookieHeader.headers(
+            from: cookies,
+            environment: [
+                AlibabaTokenPlanSettingsReader.quotaURLKey: "https://quota.token-plan.test/data/api.json",
+                AlibabaTokenPlanSettingsReader.hostKey: "https://dashboard.token-plan.test",
+            ]))
+
+        #expect(headers.apiCookieHeader.contains("login_aliyunid_ticket=ticket"))
+        #expect(headers.apiCookieHeader.contains("api_only=api"))
+        #expect(!headers.apiCookieHeader.contains("prod_api_only=prod-api"))
+        #expect(headers.dashboardCookieHeader.contains("dashboard_only=dashboard"))
+        #expect(!headers.dashboardCookieHeader.contains("prod_dashboard_only=prod-dashboard"))
+    }
+
+    private func cookie(
+        name: String,
+        value: String,
+        domain: String,
+        path: String = "/",
+        expires: Date = Date(timeIntervalSinceNow: 3600)) -> HTTPCookie
+    {
+        HTTPCookie(properties: [
+            .domain: domain,
+            .path: path,
+            .name: name,
+            .value: value,
+            .expires: expires,
+            .secure: true,
+        ])!
+    }
+}
+
+struct AlibabaTokenPlanUsageSnapshotTests {
+    @Test
+    func `maps used and total quota to primary window`() {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let reset = Date(timeIntervalSince1970: 1_700_100_000)
+        let snapshot = AlibabaTokenPlanUsageSnapshot(
+            planName: "TOKEN PLAN",
+            usedQuota: 250,
+            totalQuota: 1000,
+            remainingQuota: nil,
+            resetsAt: reset,
+            updatedAt: now)
+
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.primary?.usedPercent == 25)
+        #expect(usage.primary?.resetsAt == reset)
+        #expect(usage.primary?.resetDescription == "250 / 1,000 credits used")
+        #expect(usage.loginMethod(for: .alibabatokenplan) == "TOKEN PLAN")
+    }
+
+    @Test
+    func `does not create primary window from balance only`() {
+        let snapshot = AlibabaTokenPlanUsageSnapshot(
+            planName: "TOKEN PLAN",
+            usedQuota: nil,
+            totalQuota: nil,
+            remainingQuota: 700,
+            resetsAt: nil,
+            updatedAt: Date(timeIntervalSince1970: 1_700_000_000))
+
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.primary == nil)
+        #expect(usage.loginMethod(for: .alibabatokenplan) == "TOKEN PLAN")
+    }
+}
+
+@Suite(.serialized)
+struct AlibabaTokenPlanUsageParsingTests {
+    @Test
+    func `parses subscription summary payload`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let json = """
+        {
+          "Success": true,
+          "Data": {
+            "TotalCount": 1,
+            "TotalValue": 1000,
+            "TotalSurplusValue": 875,
+            "NearestExpireDate": 1701000000000
+          },
+          "Code": "200"
+        }
+        """
+
+        let snapshot = try AlibabaTokenPlanUsageFetcher.parseUsageSnapshot(from: Data(json.utf8), now: now)
+
+        #expect(snapshot.planName == "TOKEN PLAN")
+        #expect(snapshot.usedQuota == 125)
+        #expect(snapshot.totalQuota == 1000)
+        #expect(snapshot.remainingQuota == 875)
+        #expect(snapshot.resetsAt == Date(timeIntervalSince1970: 1_701_000_000))
+        #expect(snapshot.toUsageSnapshot().primary?.usedPercent == 12.5)
+    }
+
+    @Test
+    func `parses nested subscription summary body`() throws {
+        let body = """
+        {
+          "success": true,
+          "data": {
+            "totalCount": 1,
+            "totalSurplusValue": 750,
+            "totalValue": 1000
+          }
+        }
+        """
+        let payload = ["successResponse": ["body": body]]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+
+        let snapshot = try AlibabaTokenPlanUsageFetcher.parseUsageSnapshot(from: data)
+
+        #expect(snapshot.planName == "TOKEN PLAN")
+        #expect(snapshot.usedQuota == 250)
+        #expect(snapshot.remainingQuota == 750)
+        #expect(snapshot.totalQuota == 1000)
+        #expect(snapshot.toUsageSnapshot().primary?.usedPercent == 25)
+    }
+
+    @Test
+    func `empty subscription summary stays visible without quota window`() throws {
+        let json = """
+        {
+          "Success": true,
+          "Data": {
+            "TotalCount": 0
+          }
+        }
+        """
+
+        let snapshot = try AlibabaTokenPlanUsageFetcher.parseUsageSnapshot(from: Data(json.utf8))
+
+        #expect(snapshot.planName == nil)
+        #expect(snapshot.totalQuota == nil)
+        #expect(snapshot.toUsageSnapshot().primary == nil)
+    }
+
+    @Test
+    func `login payload maps to login required`() {
+        let json = """
+        {
+          "code": "ConsoleNeedLogin",
+          "message": "You need to log in.",
+          "successResponse": false
+        }
+        """
+
+        #expect(throws: AlibabaTokenPlanUsageError.loginRequired) {
+            try AlibabaTokenPlanUsageFetcher.parseUsageSnapshot(from: Data(json.utf8))
+        }
+    }
+
+    @Test
+    func `nested unsuccessful subscription summary maps to API error`() throws {
+        let body = """
+        {
+          "success": false,
+          "message": "Subscription lookup failed"
+        }
+        """
+        let payload = ["successResponse": ["body": body]]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+
+        #expect(throws: AlibabaTokenPlanUsageError.apiError("Subscription lookup failed")) {
+            try AlibabaTokenPlanUsageFetcher.parseUsageSnapshot(from: data)
+        }
+    }
+
+    @Test
+    func `forbidden payload maps to invalid credentials`() {
+        let json = """
+        {
+          "statusCode": 403,
+          "message": "Forbidden"
+        }
+        """
+
+        #expect(throws: AlibabaTokenPlanUsageError.invalidCredentials) {
+            try AlibabaTokenPlanUsageFetcher.parseUsageSnapshot(from: Data(json.utf8))
+        }
+    }
+
+    @Test
+    func `html login payload maps to login required`() {
+        let html = """
+        <html>
+          <body>Please login to Alibaba Cloud</body>
+        </html>
+        """
+
+        #expect(throws: AlibabaTokenPlanUsageError.loginRequired) {
+            try AlibabaTokenPlanUsageFetcher.parseUsageSnapshot(from: Data(html.utf8))
+        }
+    }
+
+    @Test
+    func `non json payload maps to parse failed`() {
+        #expect(throws: AlibabaTokenPlanUsageError.parseFailed("Invalid JSON response")) {
+            try AlibabaTokenPlanUsageFetcher.parseUsageSnapshot(from: Data("not-json".utf8))
+        }
+    }
+
+    @Test
+    func `cookie only request continues without SEC token`() async throws {
+        defer {
+            AlibabaTokenPlanStubURLProtocol.handler = nil
+        }
+
+        AlibabaTokenPlanStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+
+            if url.host == "alibaba-token-plan.test", request.httpMethod == "GET" {
+                return Self.makeResponse(url: url, body: "<html></html>", statusCode: 200)
+            }
+
+            if url.host == "alibaba-token-plan.test", request.httpMethod == "POST" {
+                #expect(request.value(forHTTPHeaderField: "Cookie") == "login_aliyunid_ticket=ticket; raw_only=keep")
+                #expect(request.value(forHTTPHeaderField: "Origin") == "https://bailian.console.aliyun.com")
+                #expect(request.value(forHTTPHeaderField: "Referer") == AlibabaTokenPlanUsageFetcher.dashboardURL
+                    .absoluteString)
+                let body = Self.requestBodyString(from: request)
+                #expect(!body.contains("sec_token="))
+                #expect(body.contains("GetSubscriptionSummary"))
+                #expect(body.contains("BssOpenAPI-V3"))
+                #expect(body.contains("ProductCode"))
+                #expect(body.contains("sfm_tokenplanteams_dp_cn"))
+                let json = """
+                {
+                  "Success": true,
+                  "Data": {
+                    "TotalCount": 1,
+                    "TotalValue": 1000,
+                    "TotalSurplusValue": 900
+                  }
+                }
+                """
+                return Self.makeResponse(url: url, body: json, statusCode: 200)
+            }
+
+            throw URLError(.unsupportedURL)
+        }
+
+        let configuration = URLSessionConfiguration.ephemeral
+        configuration.protocolClasses = [AlibabaTokenPlanStubURLProtocol.self]
+        let session = URLSession(configuration: configuration)
+        let snapshot = try await AlibabaTokenPlanUsageFetcher.fetchUsage(
+            apiCookieHeader: "login_aliyunid_ticket=ticket; raw_only=keep",
+            dashboardCookieHeader: "login_aliyunid_ticket=ticket; raw_only=keep",
+            environment: [AlibabaTokenPlanSettingsReader.hostKey: "https://alibaba-token-plan.test"],
+            session: session)
+
+        #expect(snapshot.planName == "TOKEN PLAN")
+    }
+
+    @Test
+    func `SEC token preflight uses injected session`() async throws {
+        AlibabaTokenPlanStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+
+            if url.host == "session-token.test", request.httpMethod == "GET" {
+                return Self.makeResponse(
+                    url: url,
+                    body: "<html><script>sec_token = \"session-html-token\";</script></html>",
+                    statusCode: 200)
+            }
+
+            if url.host == "session-token.test", request.httpMethod == "POST" {
+                let body = Self.requestBodyString(from: request)
+                #expect(body.contains("sec_token=session-html-token"))
+                let json = """
+                {
+                  "Success": true,
+                  "Data": {
+                    "TotalCount": 1,
+                    "TotalValue": 1000,
+                    "TotalSurplusValue": 900
+                  }
+                }
+                """
+                return Self.makeResponse(url: url, body: json, statusCode: 200)
+            }
+
+            throw URLError(.unsupportedURL)
+        }
+        defer {
+            AlibabaTokenPlanStubURLProtocol.handler = nil
+        }
+
+        let configuration = URLSessionConfiguration.ephemeral
+        configuration.protocolClasses = [AlibabaTokenPlanStubURLProtocol.self]
+        let session = URLSession(configuration: configuration)
+        let snapshot = try await AlibabaTokenPlanUsageFetcher.fetchUsage(
+            apiCookieHeader: "login_aliyunid_ticket=ticket",
+            dashboardCookieHeader: "login_aliyunid_ticket=ticket",
+            environment: [AlibabaTokenPlanSettingsReader.hostKey: "https://session-token.test"],
+            session: session)
+
+        #expect(snapshot.planName == "TOKEN PLAN")
+    }
+
+    @Test
+    func `redirect preserves cookie only for same host HTTPS requests`() throws {
+        let sourceURL = try #require(URL(string: "https://bailian.console.aliyun.com/data/api.json"))
+        let sameHostURL = try #require(URL(string: "https://bailian.console.aliyun.com/redirected"))
+        let crossHostURL = try #require(URL(string: "https://signin.aliyun.com/login"))
+        let insecureURL = try #require(URL(string: "http://bailian.console.aliyun.com/redirected"))
+        let response = try #require(HTTPURLResponse(
+            url: sourceURL,
+            statusCode: 302,
+            httpVersion: "HTTP/1.1",
+            headerFields: nil))
+
+        var sameHostRequest = URLRequest(url: sameHostURL)
+        sameHostRequest.setValue("old=value", forHTTPHeaderField: "Cookie")
+        let sameHostRedirect = try #require(AlibabaTokenPlanUsageFetcher.redirectedRequest(
+            response: response,
+            request: sameHostRequest,
+            cookieHeader: "login_aliyunid_ticket=ticket"))
+        #expect(sameHostRedirect.value(forHTTPHeaderField: "Cookie") == "login_aliyunid_ticket=ticket")
+
+        var crossHostRequest = URLRequest(url: crossHostURL)
+        crossHostRequest.setValue("old=value", forHTTPHeaderField: "Cookie")
+        let crossHostRedirect = try #require(AlibabaTokenPlanUsageFetcher.redirectedRequest(
+            response: response,
+            request: crossHostRequest,
+            cookieHeader: "login_aliyunid_ticket=ticket"))
+        #expect(crossHostRedirect.value(forHTTPHeaderField: "Cookie") == nil)
+
+        let insecureRedirect = AlibabaTokenPlanUsageFetcher.redirectedRequest(
+            response: response,
+            request: URLRequest(url: insecureURL),
+            cookieHeader: "login_aliyunid_ticket=ticket")
+        #expect(insecureRedirect == nil)
+    }
+
+    @Test
+    func `dashboard redirect preserves dashboard cookie header`() throws {
+        let sourceURL = try #require(URL(string: "https://bailian.console.aliyun.com/cn-beijing"))
+        let targetURL = try #require(URL(string: "https://bailian.console.aliyun.com/redirected"))
+        let response = try #require(HTTPURLResponse(
+            url: sourceURL,
+            statusCode: 302,
+            httpVersion: "HTTP/1.1",
+            headerFields: nil))
+        var request = URLRequest(url: targetURL)
+        request.setValue("api_only=wrong", forHTTPHeaderField: "Cookie")
+
+        let redirected = try #require(AlibabaTokenPlanUsageFetcher.redirectedRequest(
+            response: response,
+            request: request,
+            cookieHeader: "dashboard_only=keep"))
+
+        #expect(redirected.value(forHTTPHeaderField: "Cookie") == "dashboard_only=keep")
+    }
+
+    private static func makeResponse(url: URL, body: String, statusCode: Int) -> (HTTPURLResponse, Data) {
+        let response = HTTPURLResponse(
+            url: url,
+            statusCode: statusCode,
+            httpVersion: "HTTP/1.1",
+            headerFields: ["Content-Type": "application/json"])!
+        return (response, Data(body.utf8))
+    }
+
+    private static func requestBodyString(from request: URLRequest) -> String {
+        if let data = request.httpBody {
+            return String(data: data, encoding: .utf8) ?? ""
+        }
+        if let stream = request.httpBodyStream {
+            stream.open()
+            defer {
+                stream.close()
+            }
+            var data = Data()
+            var buffer = [UInt8](repeating: 0, count: 1024)
+            while stream.hasBytesAvailable {
+                let count = stream.read(&buffer, maxLength: buffer.count)
+                if count <= 0 {
+                    break
+                }
+                data.append(buffer, count: count)
+            }
+            return String(data: data, encoding: .utf8) ?? ""
+        }
+        return ""
+    }
+}
+
+@Suite(.serialized)
+struct AlibabaTokenPlanWebStrategyTests {
+    private struct StubClaudeFetcher: ClaudeUsageFetching {
+        func loadLatestUsage(model _: String) async throws -> ClaudeUsageSnapshot {
+            throw ClaudeUsageError.parseFailed("stub")
+        }
+
+        func debugRawProbe(model _: String) async -> String {
+            "stub"
+        }
+
+        func detectVersion() -> String? {
+            nil
+        }
+    }
+
+    @Test
+    func `auto web strategy surfaces cookie import errors`() async throws {
+        let strategy = AlibabaTokenPlanWebFetchStrategy()
+        let settings = ProviderSettingsSnapshot.make(
+            alibabaTokenPlan: ProviderSettingsSnapshot.AlibabaTokenPlanProviderSettings(
+                cookieSource: .auto,
+                manualCookieHeader: nil))
+        let context = ProviderFetchContext(
+            runtime: .cli,
+            sourceMode: .web,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: [:],
+            settings: settings,
+            fetcher: UsageFetcher(environment: [:]),
+            claudeFetcher: StubClaudeFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0))
+
+        CookieHeaderCache.clear(provider: .alibabatokenplan)
+        AlibabaCodingPlanCookieImporter.importSessionOverrideForTesting = { _, _ in
+            throw AlibabaCodingPlanSettingsError.missingCookie(
+                details: "macOS Keychain denied access to Chrome Safe Storage.")
+        }
+        defer {
+            AlibabaCodingPlanCookieImporter.importSessionOverrideForTesting = nil
+        }
+
+        #expect(await strategy.isAvailable(context))
+
+        do {
+            _ = try AlibabaTokenPlanWebFetchStrategy.resolveCookieHeader(context: context, allowCached: false)
+            Issue.record("Expected cookie import failure to be surfaced")
+        } catch let error as AlibabaTokenPlanSettingsError {
+            guard case let .missingCookie(details) = error else {
+                Issue.record("Expected missingCookie, got \(error)")
+                return
+            }
+            #expect(details == "macOS Keychain denied access to Chrome Safe Storage.")
+            #expect(error.localizedDescription.contains("Alibaba Token Plan"))
+            #expect(!error.localizedDescription.contains("Alibaba Coding Plan"))
+        }
+    }
+
+    @Test
+    func `auto web strategy imports subscription scoped token plan cookies`() throws {
+        let strategy = AlibabaTokenPlanWebFetchStrategy()
+        let settings = ProviderSettingsSnapshot.make(
+            alibabaTokenPlan: ProviderSettingsSnapshot.AlibabaTokenPlanProviderSettings(
+                cookieSource: .auto,
+                manualCookieHeader: nil))
+        let context = ProviderFetchContext(
+            runtime: .cli,
+            sourceMode: .web,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: [:],
+            settings: settings,
+            fetcher: UsageFetcher(environment: [:]),
+            claudeFetcher: StubClaudeFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0))
+
+        CookieHeaderCache.clear(provider: .alibabatokenplan)
+        AlibabaCodingPlanCookieImporter.importSessionOverrideForTesting = { _, _ in
+            AlibabaCodingPlanCookieImporter.SessionInfo(
+                cookies: [
+                    self.cookie(name: "login_aliyunid_ticket", value: "ticket", domain: ".aliyun.com"),
+                    self.cookie(name: "login_current_pk", value: "account", domain: ".aliyun.com"),
+                    self.cookie(name: "dashboard_only", value: "dashboard", domain: "bailian.console.aliyun.com"),
+                    self.cookie(
+                        name: "modelstudio_only",
+                        value: "modelstudio",
+                        domain: "modelstudio.console.alibabacloud.com"),
+                    self.cookie(name: "alibabacloud_only", value: "cloud", domain: ".alibabacloud.com"),
+                ],
+                sourceLabel: "Chrome Default")
+        }
+        defer {
+            AlibabaCodingPlanCookieImporter.importSessionOverrideForTesting = nil
+            CookieHeaderCache.clear(provider: .alibabatokenplan)
+        }
+
+        let headers = try AlibabaTokenPlanWebFetchStrategy.resolveCookieHeaders(context: context, allowCached: false)
+
+        #expect(headers.apiCookieHeader == headers.dashboardCookieHeader)
+        #expect(headers.apiCookieHeader.contains("dashboard_only=dashboard"))
+        #expect(!headers.apiCookieHeader.contains("modelstudio_only=modelstudio"))
+        #expect(!headers.apiCookieHeader.contains("alibabacloud_only=cloud"))
+        #expect(headers.dashboardCookieHeader.contains("dashboard_only=dashboard"))
+        #expect(!headers.dashboardCookieHeader.contains("modelstudio_only=modelstudio"))
+        #expect(!headers.dashboardCookieHeader.contains("alibabacloud_only=cloud"))
+
+        AlibabaCodingPlanCookieImporter.importSessionOverrideForTesting = { _, _ in
+            throw AlibabaCodingPlanSettingsError.missingCookie(details: "unexpected import")
+        }
+        let cachedHeaders = try AlibabaTokenPlanWebFetchStrategy.resolveCookieHeaders(
+            context: context,
+            allowCached: true)
+        #expect(cachedHeaders.apiCookieHeader == headers.apiCookieHeader)
+        #expect(cachedHeaders.dashboardCookieHeader == headers.dashboardCookieHeader)
+        #expect(strategy.id == "alibaba-token-plan.web")
+    }
+
+    @Test
+    func `auto web strategy scopes imported cookies to environment overrides`() throws {
+        let settings = ProviderSettingsSnapshot.make(
+            alibabaTokenPlan: ProviderSettingsSnapshot.AlibabaTokenPlanProviderSettings(
+                cookieSource: .auto,
+                manualCookieHeader: nil))
+        let environment = [
+            AlibabaTokenPlanSettingsReader.quotaURLKey: "https://quota.token-plan.test/data/api.json",
+            AlibabaTokenPlanSettingsReader.hostKey: "https://dashboard.token-plan.test",
+        ]
+        let context = ProviderFetchContext(
+            runtime: .cli,
+            sourceMode: .web,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: environment,
+            settings: settings,
+            fetcher: UsageFetcher(environment: environment),
+            claudeFetcher: StubClaudeFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0))
+
+        CookieHeaderCache.clear(provider: .alibabatokenplan)
+        AlibabaCodingPlanCookieImporter.importSessionOverrideForTesting = { _, _ in
+            AlibabaCodingPlanCookieImporter.SessionInfo(
+                cookies: [
+                    self.cookie(name: "login_aliyunid_ticket", value: "ticket", domain: ".token-plan.test"),
+                    self.cookie(name: "api_only", value: "api", domain: "quota.token-plan.test"),
+                    self.cookie(name: "dashboard_only", value: "dashboard", domain: "dashboard.token-plan.test"),
+                    self.cookie(name: "prod_api_only", value: "prod-api", domain: "bailian.console.aliyun.com"),
+                    self.cookie(
+                        name: "prod_dashboard_only",
+                        value: "prod-dashboard",
+                        domain: "bailian.console.aliyun.com"),
+                ],
+                sourceLabel: "Chrome Default")
+        }
+        defer {
+            AlibabaCodingPlanCookieImporter.importSessionOverrideForTesting = nil
+            CookieHeaderCache.clear(provider: .alibabatokenplan)
+        }
+
+        let headers = try AlibabaTokenPlanWebFetchStrategy.resolveCookieHeaders(context: context, allowCached: false)
+
+        #expect(headers.apiCookieHeader.contains("api_only=api"))
+        #expect(!headers.apiCookieHeader.contains("prod_api_only=prod-api"))
+        #expect(headers.dashboardCookieHeader.contains("dashboard_only=dashboard"))
+        #expect(!headers.dashboardCookieHeader.contains("prod_dashboard_only=prod-dashboard"))
+    }
+
+    private func cookie(
+        name: String,
+        value: String,
+        domain: String,
+        path: String = "/",
+        expires: Date = Date(timeIntervalSinceNow: 3600)) -> HTTPCookie
+    {
+        HTTPCookie(properties: [
+            .domain: domain,
+            .path: path,
+            .name: name,
+            .value: value,
+            .expires: expires,
+            .secure: true,
+        ])!
+    }
+}
+
+final class AlibabaTokenPlanStubURLProtocol: URLProtocol {
+    nonisolated(unsafe) static var handler: ((URLRequest) throws -> (HTTPURLResponse, Data))?
+
+    override static func canInit(with request: URLRequest) -> Bool {
+        guard let host = request.url?.host else { return false }
+        return host == "bailian.console.aliyun.com" ||
+            host == "alibaba-token-plan.test" ||
+            host == "session-token.test"
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        guard let handler = Self.handler else {
+            self.client?.urlProtocol(self, didFailWithError: URLError(.badServerResponse))
+            return
+        }
+
+        do {
+            let (response, data) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
+}
diff --git a/Tests/CodexBarTests/AmpUsageFetcherTests.swift b/Tests/CodexBarTests/AmpUsageFetcherTests.swift
index 8a4e8506c..135f58ee4 100644
--- a/Tests/CodexBarTests/AmpUsageFetcherTests.swift
+++ b/Tests/CodexBarTests/AmpUsageFetcherTests.swift
@@ -2,24 +2,23 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct AmpUsageFetcherTests {
     @Test
-    func attachesCookieForAmpHosts() {
+    func `attaches cookie for amp hosts`() {
         #expect(AmpUsageFetcher.shouldAttachCookie(to: URL(string: "https://ampcode.com/settings")))
         #expect(AmpUsageFetcher.shouldAttachCookie(to: URL(string: "https://www.ampcode.com")))
         #expect(AmpUsageFetcher.shouldAttachCookie(to: URL(string: "https://app.ampcode.com/path")))
     }
 
     @Test
-    func rejectsNonAmpHosts() {
+    func `rejects non amp hosts`() {
         #expect(!AmpUsageFetcher.shouldAttachCookie(to: URL(string: "https://example.com")))
         #expect(!AmpUsageFetcher.shouldAttachCookie(to: URL(string: "https://ampcode.com.evil.com")))
         #expect(!AmpUsageFetcher.shouldAttachCookie(to: nil))
     }
 
     @Test
-    func detectsLoginRedirects() throws {
+    func `detects login redirects`() throws {
         let signIn = try #require(URL(string: "https://ampcode.com/auth/sign-in?returnTo=%2Fsettings"))
         #expect(AmpUsageFetcher.isLoginRedirect(signIn))
 
@@ -34,7 +33,7 @@ struct AmpUsageFetcherTests {
     }
 
     @Test
-    func ignoresNonLoginURLs() throws {
+    func `ignores non login UR ls`() throws {
         let settings = try #require(URL(string: "https://ampcode.com/settings"))
         #expect(!AmpUsageFetcher.isLoginRedirect(settings))
 
diff --git a/Tests/CodexBarTests/AmpUsageParserTests.swift b/Tests/CodexBarTests/AmpUsageParserTests.swift
index 89ab59bdc..380b06e49 100644
--- a/Tests/CodexBarTests/AmpUsageParserTests.swift
+++ b/Tests/CodexBarTests/AmpUsageParserTests.swift
@@ -2,10 +2,9 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct AmpUsageParserTests {
     @Test
-    func parsesFreeTierUsageFromSettingsHTML() throws {
+    func `parses free tier usage from settings HTML`() throws {
         let now = Date(timeIntervalSince1970: 1_700_000_000)
         let html = """
         <script>
@@ -33,7 +32,7 @@ struct AmpUsageParserTests {
     }
 
     @Test
-    func parsesFreeTierUsageFromPrefetchedKey() throws {
+    func `parses free tier usage from prefetched key`() throws {
         let now = Date(timeIntervalSince1970: 1_700_010_000)
         let html = """
         <script>
@@ -49,7 +48,7 @@ struct AmpUsageParserTests {
     }
 
     @Test
-    func missingUsageThrowsParseFailed() {
+    func `missing usage throws parse failed`() {
         let html = "<html><body>No usage here.</body></html>"
 
         #expect {
@@ -61,7 +60,7 @@ struct AmpUsageParserTests {
     }
 
     @Test
-    func signedOutThrowsNotLoggedIn() {
+    func `signed out throws not logged in`() {
         let html = "<html><body>Please sign in to Amp.</body></html>"
 
         #expect {
@@ -73,7 +72,7 @@ struct AmpUsageParserTests {
     }
 
     @Test
-    func usageSnapshotClampsPercentAndWindow() {
+    func `usage snapshot clamps percent and window`() {
         let now = Date(timeIntervalSince1970: 1_700_020_000)
         let snapshot = AmpUsageSnapshot(
             freeQuota: 100,
@@ -88,7 +87,7 @@ struct AmpUsageParserTests {
     }
 
     @Test
-    func usageSnapshotOmitsResetWhenHourlyReplenishmentIsZero() {
+    func `usage snapshot omits reset when hourly replenishment is zero`() {
         let now = Date(timeIntervalSince1970: 1_700_030_000)
         let snapshot = AmpUsageSnapshot(
             freeQuota: 100,
diff --git a/Tests/CodexBarTests/AntigravityLoginAlertTests.swift b/Tests/CodexBarTests/AntigravityLoginAlertTests.swift
new file mode 100644
index 000000000..a11ee63a7
--- /dev/null
+++ b/Tests/CodexBarTests/AntigravityLoginAlertTests.swift
@@ -0,0 +1,52 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct AntigravityLoginAlertTests {
+    @Test
+    func `authorization URL asks Google to select an account`() throws {
+        let redirectURL = try #require(URL(string: "http://127.0.0.1:54321/callback"))
+        let url = try AntigravityLoginRunner.makeAuthorizationURL(
+            redirectURL: redirectURL,
+            state: "state",
+            oauthClient: AntigravityOAuthClient(
+                clientID: "client.apps.googleusercontent.com",
+                clientSecret: "secret"))
+        let components = try #require(URLComponents(url: url, resolvingAgainstBaseURL: false))
+        let prompt = components.queryItems?.first(where: { $0.name == "prompt" })?.value
+
+        #expect(prompt?.split(separator: " ").contains("select_account") == true)
+        #expect(prompt?.split(separator: " ").contains("consent") == true)
+    }
+
+    @Test
+    func `returns alert for timeout`() {
+        let result = AntigravityLoginRunner.Result(outcome: .timedOut)
+        let info = StatusItemController.antigravityLoginAlertInfo(for: result)
+        #expect(info?.title == "Antigravity login timed out")
+    }
+
+    @Test
+    func `returns alert for launch failure`() {
+        let result = AntigravityLoginRunner.Result(outcome: .launchFailed("https://example.com/login"))
+        let info = StatusItemController.antigravityLoginAlertInfo(for: result)
+        #expect(info?.title == "Could not open browser for Antigravity")
+        #expect(info?.message.contains("https://example.com/login") == true)
+    }
+
+    @Test
+    func `returns alert for auth failure`() {
+        let result = AntigravityLoginRunner.Result(outcome: .failed("permission denied"))
+        let info = StatusItemController.antigravityLoginAlertInfo(for: result)
+        #expect(info?.title == "Antigravity login failed")
+        #expect(info?.message == "permission denied")
+    }
+
+    @Test
+    func `returns nil on success`() {
+        let result = AntigravityLoginRunner.Result(outcome: .success("user@example.com"))
+        let info = StatusItemController.antigravityLoginAlertInfo(for: result)
+        #expect(info == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/AntigravityOAuthCredentialsStoreTests.swift b/Tests/CodexBarTests/AntigravityOAuthCredentialsStoreTests.swift
new file mode 100644
index 000000000..f4961ee12
--- /dev/null
+++ b/Tests/CodexBarTests/AntigravityOAuthCredentialsStoreTests.swift
@@ -0,0 +1,159 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct AntigravityOAuthCredentialsStoreTests {
+    @Test
+    func `oauth client discovery reads renamed legacy bundle`() throws {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let legacyClient = AntigravityOAuthClient(
+            clientID: self.googleClientID("legacy"),
+            clientSecret: self.googleClientSecret(repeating: "a"))
+        try self.writeAntigravityApp(
+            named: "Antigravity 2.app",
+            under: root,
+            bundleIdentifier: "com.google.antigravity-ide",
+            artifactRelativePath: "Contents/Resources/app/out/main.js",
+            artifactData: Data("""
+            out-build/vs/platform/cloudCode/common/oauthClient.js
+            clientId="\(legacyClient.clientID)";
+            clientSecret="\(legacyClient.clientSecret)";
+            """.utf8))
+
+        #expect(
+            AntigravityOAuthConfig.discoverClientFromInstalledApp(
+                applicationRoots: [root]) == legacyClient)
+    }
+
+    @Test
+    func `oauth client discovery reads standalone antigravity 2 bundle`() throws {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let standaloneClient = AntigravityOAuthClient(
+            clientID: self.googleClientID("standalone"),
+            clientSecret: self.googleClientSecret(repeating: "b"))
+        let alternateClient = AntigravityOAuthClient(
+            clientID: self.googleClientID("alternate"),
+            clientSecret: self.googleClientSecret(repeating: "c"))
+        var artifactData = Data([0xFF])
+        artifactData.append(Data(
+            """
+            \u{0}\(alternateClient.clientSecret)\u{0}\(standaloneClient.clientSecret)\
+            \u{0}oauth_data\(standaloneClient.clientID)\u{0}\(alternateClient.clientID)\u{0}
+            """.utf8))
+        try self.writeAntigravityApp(
+            named: "Antigravity.app",
+            under: root,
+            artifactRelativePath: "Contents/Resources/bin/language_server",
+            artifactData: artifactData)
+
+        #expect(
+            AntigravityOAuthConfig.discoverClientFromInstalledApp(
+                applicationRoots: [root]) == standaloneClient)
+    }
+
+    @Test
+    func `oauth client discovery reads antigravity extension language server`() throws {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let extensionClient = AntigravityOAuthClient(
+            clientID: self.googleClientID("extension"),
+            clientSecret: self.googleClientSecret(repeating: "d"))
+        let staleClient = AntigravityOAuthClient(
+            clientID: self.googleClientID("stale"),
+            clientSecret: self.googleClientSecret(repeating: "e"))
+        try self.writeAntigravityApp(
+            named: "Antigravity IDE.app",
+            under: root,
+            bundleIdentifier: "com.google.antigravity-ide",
+            artifactRelativePath: "Contents/Resources/app/out/main.js",
+            artifactData: Data("""
+            out-build/vs/platform/cloudCode/common/oauthClient.js
+            clientId="\(staleClient.clientID)";
+            clientSecret="\(staleClient.clientSecret)";
+            """.utf8))
+        var artifactData = Data([0xFF])
+        artifactData.append(Data(
+            """
+            \u{0}\(extensionClient.clientSecret)\u{0}oauth_data\u{0}\(extensionClient.clientID)\u{0}
+            """.utf8))
+        try self.writeAntigravityApp(
+            named: "Antigravity IDE.app",
+            under: root,
+            bundleIdentifier: "com.google.antigravity-ide",
+            artifactRelativePath: "Contents/Resources/app/extensions/antigravity/bin/language_server_macos_arm",
+            artifactData: artifactData)
+
+        #expect(
+            AntigravityOAuthConfig.discoverClientFromInstalledApp(
+                applicationRoots: [root]) == extensionClient)
+    }
+
+    @Test
+    func `oauth client discovery pairs lone binary secret with trailing client id`() throws {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let standaloneClient = AntigravityOAuthClient(
+            clientID: self.googleClientID("standalone"),
+            clientSecret: self.googleClientSecret(repeating: "b"))
+        let alternateClientID = self.googleClientID("alternate")
+        var artifactData = Data([0xFF])
+        artifactData.append(Data(
+            """
+            \u{0}\(standaloneClient.clientSecret)\u{0}oauth_data\
+            \u{0}\(alternateClientID)\u{0}\(standaloneClient.clientID)\u{0}
+            """.utf8))
+        try self.writeAntigravityApp(
+            named: "Antigravity.app",
+            under: root,
+            artifactRelativePath: "Contents/Resources/bin/language_server",
+            artifactData: artifactData)
+
+        #expect(
+            AntigravityOAuthConfig.discoverClientFromInstalledApp(
+                applicationRoots: [root]) == standaloneClient)
+    }
+
+    private func writeAntigravityApp(
+        named name: String,
+        under root: URL,
+        bundleIdentifier: String = "com.google.antigravity",
+        artifactRelativePath: String,
+        artifactData: Data) throws
+    {
+        let appURL = root.appendingPathComponent(name, isDirectory: true)
+        let contentsURL = appURL.appendingPathComponent("Contents", isDirectory: true)
+        try FileManager.default.createDirectory(
+            at: contentsURL,
+            withIntermediateDirectories: true)
+        let infoURL = contentsURL.appendingPathComponent("Info.plist")
+        let infoData = try PropertyListSerialization.data(
+            fromPropertyList: ["CFBundleIdentifier": bundleIdentifier],
+            format: .xml,
+            options: 0)
+        try infoData.write(to: infoURL)
+
+        let artifactURL = appURL.appendingPathComponent(artifactRelativePath)
+        try FileManager.default.createDirectory(
+            at: artifactURL.deletingLastPathComponent(),
+            withIntermediateDirectories: true)
+        try artifactData.write(to: artifactURL)
+    }
+
+    private func googleClientID(_ name: String) -> String {
+        "123456789012-" + name + ".apps" + ".googleusercontent.com"
+    }
+
+    private func googleClientSecret(repeating character: Character) -> String {
+        "GOC" + "SPX-" + String(repeating: character, count: 28)
+    }
+}
diff --git a/Tests/CodexBarTests/AntigravityRemoteUsageFetcherTests.swift b/Tests/CodexBarTests/AntigravityRemoteUsageFetcherTests.swift
new file mode 100644
index 000000000..6acc9125c
--- /dev/null
+++ b/Tests/CodexBarTests/AntigravityRemoteUsageFetcherTests.swift
@@ -0,0 +1,1026 @@
+import CodexBarCore
+import Foundation
+import Testing
+
+private actor AntigravityCredentialUpdateCapture {
+    private var captured: [AntigravityOAuthCredentials] = []
+
+    func append(_ credentials: AntigravityOAuthCredentials) {
+        self.captured.append(credentials)
+    }
+
+    func values() -> [AntigravityOAuthCredentials] {
+        self.captured
+    }
+}
+
+@Suite(.serialized)
+// swiftlint:disable:next type_body_length
+struct AntigravityRemoteUsageFetcherTests {
+    @Test
+    func `antigravity supports token accounts for quick account switching`() {
+        let support = TokenAccountSupportCatalog.support(for: .antigravity)
+
+        #expect(support?.title == "Google accounts")
+        #expect(support?.requiresManualCookieSource == false)
+        #expect(TokenAccountSupportCatalog.envOverride(
+            for: .antigravity,
+            token: "serialized-credentials")?[AntigravityOAuthCredentialsStore.environmentCredentialsKey] ==
+            "serialized-credentials")
+    }
+
+    @Test
+    func `oauth credentials round trip through token account value`() throws {
+        let credentials = AntigravityOAuthCredentials(
+            accessToken: "access-token",
+            refreshToken: "refresh-token",
+            expiryDate: Date(timeIntervalSince1970: 1_700_000_000),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "user@example.com"),
+            email: "user@example.com",
+            projectID: "project-123",
+            clientID: "client-id",
+            clientSecret: "client-secret")
+
+        let token = try AntigravityOAuthCredentialsStore.tokenAccountValue(for: credentials)
+        let decoded = try #require(AntigravityOAuthCredentialsStore.credentials(fromTokenAccountValue: token))
+
+        #expect(decoded == credentials)
+    }
+
+    @Test
+    func `remote fetch uses selected token account credentials before shared credentials`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeAntigravityCredentials(
+            accessToken: "shared-token",
+            refreshToken: nil,
+            expiry: Date().addingTimeInterval(3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "shared@example.com"),
+            email: "shared@example.com")
+        let selectedCredentials = AntigravityOAuthCredentials(
+            accessToken: "selected-token",
+            refreshToken: nil,
+            expiryDate: Date().addingTimeInterval(3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "selected@example.com"),
+            email: "selected@example.com",
+            projectID: nil,
+            clientID: nil,
+            clientSecret: nil)
+        let token = try AntigravityOAuthCredentialsStore.tokenAccountValue(for: selectedCredentials)
+
+        let dataLoader = GeminiAPITestHelpers.dataLoader { request in
+            guard let url = request.url, let host = url.host else {
+                throw URLError(.badURL)
+            }
+            #expect(request.value(forHTTPHeaderField: "Authorization") == "Bearer selected-token")
+
+            switch host {
+            case "cloudcode-pa.googleapis.com":
+                if url.path == "/v1internal:loadCodeAssist" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.jsonData([
+                            "currentTier": ["id": "free-tier", "name": "free"],
+                            "cloudaicompanionProject": "managed-project-123",
+                        ]))
+                }
+                if url.path == "/v1internal:fetchAvailableModels" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: Self.availableModelsResponse())
+                }
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            default:
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            }
+        }
+
+        let fetcher = AntigravityRemoteUsageFetcher(
+            timeout: 1,
+            homeDirectory: env.homeURL.path,
+            environment: [AntigravityOAuthCredentialsStore.environmentCredentialsKey: token],
+            dataLoader: dataLoader)
+        let snapshot = try await fetcher.fetch()
+
+        #expect(snapshot.accountEmail == "selected@example.com")
+    }
+
+    @Test
+    func `remote fetch refreshes selected token account without mutating shared credentials`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeAntigravityCredentials(
+            accessToken: "shared-token",
+            refreshToken: "shared-refresh",
+            expiry: Date().addingTimeInterval(3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "shared@example.com"),
+            email: "shared@example.com",
+            clientID: "shared-client-id",
+            clientSecret: "shared-client-secret")
+        let selectedCredentials = AntigravityOAuthCredentials(
+            accessToken: "selected-old-token",
+            refreshToken: "selected-refresh",
+            expiryDate: Date().addingTimeInterval(-3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "selected-old@example.com"),
+            email: "selected-old@example.com",
+            projectID: nil,
+            clientID: "selected-client-id",
+            clientSecret: "selected-client-secret")
+        let token = try AntigravityOAuthCredentialsStore.tokenAccountValue(for: selectedCredentials)
+        let updateCapture = AntigravityCredentialUpdateCapture()
+
+        let dataLoader = GeminiAPITestHelpers.dataLoader { request in
+            guard let url = request.url, let host = url.host else {
+                throw URLError(.badURL)
+            }
+
+            switch host {
+            case "oauth2.googleapis.com":
+                let body = String(data: request.httpBody ?? Data(), encoding: .utf8) ?? ""
+                #expect(body.contains("client_id=selected-client-id"))
+                #expect(body.contains("refresh_token=selected-refresh"))
+                return GeminiAPITestHelpers.response(
+                    url: url.absoluteString,
+                    status: 200,
+                    body: GeminiAPITestHelpers.jsonData([
+                        "access_token": "selected-new-token",
+                        "expires_in": 3600,
+                        "id_token": GeminiAPITestHelpers.makeIDToken(email: "selected-new@example.com"),
+                    ]))
+            case "cloudcode-pa.googleapis.com":
+                #expect(request.value(forHTTPHeaderField: "Authorization") == "Bearer selected-new-token")
+                if url.path == "/v1internal:loadCodeAssist" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.jsonData([
+                            "currentTier": ["id": "free-tier", "name": "free"],
+                            "cloudaicompanionProject": "selected-project-123",
+                        ]))
+                }
+                if url.path == "/v1internal:fetchAvailableModels" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: Self.availableModelsResponse())
+                }
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            default:
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            }
+        }
+
+        let fetcher = AntigravityRemoteUsageFetcher(
+            timeout: 1,
+            homeDirectory: env.homeURL.path,
+            environment: [AntigravityOAuthCredentialsStore.environmentCredentialsKey: token],
+            dataLoader: dataLoader,
+            credentialsUpdateHandler: { credentials in
+                await updateCapture.append(credentials)
+            })
+        let snapshot = try await fetcher.fetch()
+        let shared = try env.readAntigravityCredentials()
+        let updatedCredentials = await updateCapture.values()
+
+        #expect(snapshot.accountEmail == "selected-new@example.com")
+        #expect(shared["access_token"] as? String == "shared-token")
+        #expect(shared["email"] as? String == "shared@example.com")
+        #expect(updatedCredentials.last?.accessToken == "selected-new-token")
+        #expect(updatedCredentials.last?.projectID == "selected-project-123")
+    }
+
+    @Test
+    func `remote fetch ignores selected token account project id persistence failure`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        let selectedCredentials = AntigravityOAuthCredentials(
+            accessToken: "selected-token",
+            refreshToken: nil,
+            expiryDate: Date().addingTimeInterval(3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "selected@example.com"),
+            email: "selected@example.com",
+            projectID: nil,
+            clientID: nil,
+            clientSecret: nil)
+        let token = try AntigravityOAuthCredentialsStore.tokenAccountValue(for: selectedCredentials)
+
+        let dataLoader = GeminiAPITestHelpers.dataLoader { request in
+            guard let url = request.url, let host = url.host else {
+                throw URLError(.badURL)
+            }
+
+            switch host {
+            case "cloudcode-pa.googleapis.com":
+                if url.path == "/v1internal:loadCodeAssist" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.jsonData([
+                            "currentTier": ["id": "free-tier", "name": "free"],
+                            "cloudaicompanionProject": "selected-project-123",
+                        ]))
+                }
+                if url.path == "/v1internal:fetchAvailableModels" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: Self.availableModelsResponse())
+                }
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            default:
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            }
+        }
+
+        let fetcher = AntigravityRemoteUsageFetcher(
+            timeout: 1,
+            homeDirectory: env.homeURL.path,
+            environment: [AntigravityOAuthCredentialsStore.environmentCredentialsKey: token],
+            dataLoader: dataLoader,
+            credentialsUpdateHandler: { _ in
+                throw CocoaError(.fileWriteUnknown)
+            })
+        let snapshot = try await fetcher.fetch()
+
+        #expect(snapshot.accountEmail == "selected@example.com")
+    }
+
+    @Test
+    func `remote fetch rejects invalid selected token account`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeAntigravityCredentials(
+            accessToken: "shared-token",
+            refreshToken: nil,
+            expiry: Date().addingTimeInterval(3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "shared@example.com"),
+            email: "shared@example.com")
+
+        let fetcher = AntigravityRemoteUsageFetcher(
+            timeout: 1,
+            homeDirectory: env.homeURL.path,
+            environment: [AntigravityOAuthCredentialsStore.environmentCredentialsKey: "not-json"],
+            dataLoader: GeminiAPITestHelpers.dataLoader { _ in
+                throw URLError(.badServerResponse)
+            })
+
+        do {
+            _ = try await fetcher.fetch()
+            #expect(Bool(false), "Expected selected account decode failure")
+        } catch let error as AntigravityRemoteFetchError {
+            guard case let .parseFailed(message) = error else {
+                #expect(Bool(false), "Unexpected Antigravity error: \(error)")
+                return
+            }
+            #expect(message.contains("selected account"))
+        } catch {
+            #expect(Bool(false), "Unexpected error: \(error)")
+        }
+    }
+
+    @Test
+    func `remote fetch maps cloud code models into antigravity usage`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeAntigravityCredentials(
+            accessToken: "token",
+            refreshToken: nil,
+            expiry: Date().addingTimeInterval(3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "user@company.com", hostedDomain: "company.com"),
+            email: "user@company.com")
+
+        let dataLoader = GeminiAPITestHelpers.dataLoader { request in
+            guard let url = request.url, let host = url.host else {
+                throw URLError(.badURL)
+            }
+
+            switch host {
+            case "cloudcode-pa.googleapis.com":
+                if url.path == "/v1internal:loadCodeAssist" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.jsonData([
+                            "currentTier": ["id": "standard-tier", "name": "standard"],
+                            "cloudaicompanionProject": "managed-project-123",
+                        ]))
+                }
+                if url.path == "/v1internal:fetchAvailableModels" {
+                    let body = try #require(request.httpBody)
+                    let json = try #require(JSONSerialization.jsonObject(with: body) as? [String: Any])
+                    #expect(json["project"] as? String == "managed-project-123")
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: Self.availableModelsResponse())
+                }
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            default:
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            }
+        }
+
+        let fetcher = AntigravityRemoteUsageFetcher(
+            timeout: 1,
+            homeDirectory: env.homeURL.path,
+            dataLoader: dataLoader)
+        let snapshot = try await fetcher.fetch()
+
+        #expect(snapshot.accountEmail == "user@company.com")
+        #expect(snapshot.accountPlan == "Paid")
+
+        let usage = try snapshot.toUsageSnapshot()
+        #expect(usage.primary?.remainingPercent.rounded() == 50)
+        #expect(usage.secondary?.remainingPercent.rounded() == 80)
+        #expect(usage.tertiary?.remainingPercent.rounded() == 20)
+    }
+
+    @Test
+    func `remote fetch verifies full model quotas with quota endpoint`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeAntigravityCredentials(
+            accessToken: "token",
+            refreshToken: nil,
+            expiry: Date().addingTimeInterval(3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "user@example.com"),
+            email: "user@example.com")
+
+        final class Counter: @unchecked Sendable {
+            private let lock = NSLock()
+            private var value = 0
+
+            func increment() {
+                self.lock.lock()
+                self.value += 1
+                self.lock.unlock()
+            }
+
+            func get() -> Int {
+                self.lock.lock()
+                defer { self.lock.unlock() }
+                return self.value
+            }
+        }
+
+        let quotaCalls = Counter()
+        let dataLoader = GeminiAPITestHelpers.dataLoader { request in
+            guard let url = request.url, let host = url.host else {
+                throw URLError(.badURL)
+            }
+
+            switch host {
+            case "cloudcode-pa.googleapis.com":
+                if url.path == "/v1internal:loadCodeAssist" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.loadCodeAssistResponse(
+                            tierId: "standard-tier",
+                            projectId: "managed-project-123"))
+                }
+                if url.path == "/v1internal:fetchAvailableModels" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.jsonData([
+                            "models": [
+                                "claude-sonnet-4": [
+                                    "displayName": "Claude Sonnet 4",
+                                    "quotaInfo": ["remainingFraction": 1],
+                                ],
+                                "gemini-2.5-pro": [
+                                    "displayName": "Gemini 2.5 Pro",
+                                    "quotaInfo": ["remainingFraction": 1],
+                                ],
+                                "gemini-2.5-flash": [
+                                    "displayName": "Gemini 2.5 Flash",
+                                    "quotaInfo": ["remainingFraction": 1],
+                                ],
+                            ],
+                        ]))
+                }
+                if url.path == "/v1internal:retrieveUserQuota" {
+                    quotaCalls.increment()
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.jsonData([
+                            "buckets": [
+                                [
+                                    "modelId": "claude-sonnet-4",
+                                    "resetTime": "2025-01-01T00:00:00Z",
+                                ],
+                                [
+                                    "modelId": "gemini-2.5-pro",
+                                    "remainingFraction": 0.6,
+                                    "resetTime": "2025-01-01T00:00:00Z",
+                                ],
+                                [
+                                    "modelId": "gemini-2.5-flash",
+                                    "remainingFraction": 0.9,
+                                    "resetTime": "2025-01-01T00:00:00Z",
+                                ],
+                            ],
+                        ]))
+                }
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            default:
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            }
+        }
+
+        let snapshot = try await AntigravityRemoteUsageFetcher(
+            timeout: 1,
+            homeDirectory: env.homeURL.path,
+            dataLoader: dataLoader)
+            .fetch()
+        let usage = try snapshot.toUsageSnapshot()
+
+        #expect(quotaCalls.get() == 1)
+        #expect(usage.primary?.remainingPercent == 100.0)
+        #expect(usage.secondary?.remainingPercent == 60.0)
+        #expect(usage.tertiary?.remainingPercent == 90.0)
+    }
+
+    @Test
+    func `remote fetch keeps full model quotas when verification has no buckets`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeAntigravityCredentials(
+            accessToken: "token",
+            refreshToken: nil,
+            expiry: Date().addingTimeInterval(3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "user@example.com"),
+            email: "user@example.com")
+
+        let dataLoader = GeminiAPITestHelpers.dataLoader { request in
+            guard let url = request.url, let host = url.host else {
+                throw URLError(.badURL)
+            }
+
+            switch host {
+            case "cloudcode-pa.googleapis.com":
+                if url.path == "/v1internal:loadCodeAssist" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.loadCodeAssistResponse(
+                            tierId: "standard-tier",
+                            projectId: "managed-project-123"))
+                }
+                if url.path == "/v1internal:fetchAvailableModels" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.jsonData([
+                            "models": [
+                                "claude-sonnet-4": [
+                                    "displayName": "Claude Sonnet 4",
+                                    "quotaInfo": ["remainingFraction": 1],
+                                ],
+                                "gemini-2.5-pro": [
+                                    "displayName": "Gemini 2.5 Pro",
+                                    "quotaInfo": ["remainingFraction": 1],
+                                ],
+                            ],
+                        ]))
+                }
+                if url.path == "/v1internal:retrieveUserQuota" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.jsonData(["buckets": []]))
+                }
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            default:
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            }
+        }
+
+        let snapshot = try await AntigravityRemoteUsageFetcher(
+            timeout: 1,
+            homeDirectory: env.homeURL.path,
+            dataLoader: dataLoader)
+            .fetch()
+        let usage = try snapshot.toUsageSnapshot()
+
+        #expect(usage.primary?.remainingPercent == 100.0)
+        #expect(usage.secondary?.remainingPercent == 100.0)
+    }
+
+    @Test
+    func `remote fetch refreshes expired shared google token`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeAntigravityCredentials(
+            accessToken: "old-token",
+            refreshToken: "refresh-token",
+            expiry: Date().addingTimeInterval(-3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "stale@example.com"),
+            email: "stale@example.com",
+            clientID: "test-client-id",
+            clientSecret: "test-client-secret")
+
+        let dataLoader = GeminiAPITestHelpers.dataLoader { request in
+            guard let url = request.url, let host = url.host else {
+                throw URLError(.badURL)
+            }
+
+            switch host {
+            case "oauth2.googleapis.com":
+                return GeminiAPITestHelpers.response(
+                    url: url.absoluteString,
+                    status: 200,
+                    body: GeminiAPITestHelpers.jsonData([
+                        "access_token": "new-token",
+                        "expires_in": 3600,
+                        "id_token": GeminiAPITestHelpers.makeIDToken(email: "refreshed@example.com"),
+                    ]))
+            case "cloudcode-pa.googleapis.com":
+                let auth = request.value(forHTTPHeaderField: "Authorization")
+                #expect(auth == "Bearer new-token")
+                if url.path == "/v1internal:loadCodeAssist" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.jsonData([
+                            "currentTier": ["id": "standard-tier", "name": "standard"],
+                            "cloudaicompanionProject": "managed-project-123",
+                        ]))
+                }
+                if url.path == "/v1internal:fetchAvailableModels" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: Self.availableModelsResponse())
+                }
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            default:
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            }
+        }
+
+        let fetcher = AntigravityRemoteUsageFetcher(
+            timeout: 2,
+            homeDirectory: env.homeURL.path,
+            dataLoader: dataLoader)
+        let snapshot = try await fetcher.fetch()
+
+        let updated = try env.readAntigravityCredentials()
+        #expect(updated["access_token"] as? String == "new-token")
+        #expect(snapshot.accountEmail == "refreshed@example.com")
+    }
+
+    @Test
+    func `remote fetch refreshes nearly expired shared google token`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeAntigravityCredentials(
+            accessToken: "old-token",
+            refreshToken: "refresh-token",
+            expiry: Date().addingTimeInterval(5),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "stale@example.com"),
+            email: "stale@example.com",
+            clientID: "test-client-id",
+            clientSecret: "test-client-secret")
+
+        let dataLoader = GeminiAPITestHelpers.dataLoader { request in
+            guard let url = request.url, let host = url.host else {
+                throw URLError(.badURL)
+            }
+
+            switch host {
+            case "oauth2.googleapis.com":
+                return GeminiAPITestHelpers.response(
+                    url: url.absoluteString,
+                    status: 200,
+                    body: GeminiAPITestHelpers.jsonData([
+                        "access_token": "new-token",
+                        "expires_in": 3600,
+                        "id_token": GeminiAPITestHelpers.makeIDToken(email: "refreshed@example.com"),
+                    ]))
+            case "cloudcode-pa.googleapis.com":
+                #expect(request.value(forHTTPHeaderField: "Authorization") == "Bearer new-token")
+                if url.path == "/v1internal:loadCodeAssist" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.jsonData([
+                            "currentTier": ["id": "standard-tier", "name": "standard"],
+                            "cloudaicompanionProject": "managed-project-123",
+                        ]))
+                }
+                if url.path == "/v1internal:fetchAvailableModels" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: Self.availableModelsResponse())
+                }
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            default:
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            }
+        }
+
+        let fetcher = AntigravityRemoteUsageFetcher(
+            timeout: 2,
+            homeDirectory: env.homeURL.path,
+            dataLoader: dataLoader)
+        let snapshot = try await fetcher.fetch()
+
+        let updated = try env.readAntigravityCredentials()
+        #expect(updated["access_token"] as? String == "new-token")
+        #expect(snapshot.accountEmail == "refreshed@example.com")
+    }
+
+    @Test
+    func `remote refresh requires configured oauth client`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeAntigravityCredentials(
+            accessToken: "old-token",
+            refreshToken: "refresh-token",
+            expiry: Date().addingTimeInterval(-3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "user@example.com"),
+            email: "user@example.com")
+
+        let fetcher = AntigravityRemoteUsageFetcher(
+            timeout: 1,
+            homeDirectory: env.homeURL.path,
+            dataLoader: GeminiAPITestHelpers.dataLoader { _ in
+                throw URLError(.badServerResponse)
+            },
+            oauthClientResolver: { nil })
+
+        do {
+            _ = try await fetcher.fetch()
+            #expect(Bool(false), "Expected missing OAuth client configuration error")
+        } catch let error as AntigravityRemoteFetchError {
+            guard case let .apiError(message) = error else {
+                #expect(Bool(false), "Unexpected Antigravity error: \(error)")
+                return
+            }
+            #expect(message.contains("ANTIGRAVITY_OAUTH_CLIENT_ID"))
+        } catch {
+            #expect(Bool(false), "Unexpected error: \(error)")
+        }
+    }
+
+    @Test
+    func `remote fetch onboards project before fetching models`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeAntigravityCredentials(
+            accessToken: "token",
+            refreshToken: nil,
+            expiry: Date().addingTimeInterval(3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "user@example.com"),
+            email: "user@example.com")
+
+        final class Recorder: @unchecked Sendable {
+            private let lock = NSLock()
+            private var projects: [String] = []
+
+            func append(_ value: String) {
+                self.lock.lock()
+                self.projects.append(value)
+                self.lock.unlock()
+            }
+
+            func last() -> String? {
+                self.lock.lock()
+                defer { self.lock.unlock() }
+                return self.projects.last
+            }
+        }
+
+        let recorder = Recorder()
+        let dataLoader = GeminiAPITestHelpers.dataLoader { request in
+            guard let url = request.url, let host = url.host else {
+                throw URLError(.badURL)
+            }
+
+            switch host {
+            case "cloudcode-pa.googleapis.com":
+                if url.path == "/v1internal:loadCodeAssist" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.jsonData([
+                            "currentTier": ["id": "standard-tier", "name": "standard"],
+                            "allowedTiers": [["id": "standard-tier", "isDefault": true]],
+                        ]))
+                }
+                if url.path == "/v1internal:onboardUser" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.jsonData([
+                            "response": [
+                                "cloudaicompanionProject": [
+                                    "id": "onboarded-project-456",
+                                ],
+                            ],
+                        ]))
+                }
+                if url.path == "/v1internal:fetchAvailableModels" {
+                    let body = try #require(request.httpBody)
+                    let json = try #require(JSONSerialization.jsonObject(with: body) as? [String: Any])
+                    if let project = json["project"] as? String {
+                        recorder.append(project)
+                    }
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: Self.availableModelsResponse())
+                }
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            default:
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            }
+        }
+
+        let fetcher = AntigravityRemoteUsageFetcher(
+            timeout: 1,
+            homeDirectory: env.homeURL.path,
+            dataLoader: dataLoader)
+        _ = try await fetcher.fetch()
+
+        #expect(recorder.last() == "onboarded-project-456")
+    }
+
+    @Test
+    func `remote fetch falls back to retrieve user quota when model endpoint is forbidden`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeAntigravityCredentials(
+            accessToken: "token",
+            refreshToken: nil,
+            expiry: Date().addingTimeInterval(3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "user@example.com"),
+            email: "user@example.com")
+
+        final class Counter: @unchecked Sendable {
+            private let lock = NSLock()
+            private var value = 0
+
+            func increment() {
+                self.lock.lock()
+                self.value += 1
+                self.lock.unlock()
+            }
+
+            func get() -> Int {
+                self.lock.lock()
+                defer { self.lock.unlock() }
+                return self.value
+            }
+        }
+
+        let quotaCalls = Counter()
+        let dataLoader = GeminiAPITestHelpers.dataLoader { request in
+            guard let url = request.url, let host = url.host else {
+                throw URLError(.badURL)
+            }
+
+            switch host {
+            case "cloudcode-pa.googleapis.com":
+                if url.path == "/v1internal:loadCodeAssist" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.jsonData([
+                            "currentTier": ["id": "standard-tier", "name": "standard"],
+                            "cloudaicompanionProject": "managed-project-123",
+                        ]))
+                }
+                if url.path == "/v1internal:fetchAvailableModels" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 403,
+                        body: GeminiAPITestHelpers.jsonData([
+                            "error": [
+                                "code": 403,
+                                "message": "The caller does not have permission",
+                                "status": "PERMISSION_DENIED",
+                            ],
+                        ]))
+                }
+                if url.path == "/v1internal:retrieveUserQuota" {
+                    quotaCalls.increment()
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.sampleQuotaResponse())
+                }
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            default:
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            }
+        }
+
+        let fetcher = AntigravityRemoteUsageFetcher(
+            timeout: 1,
+            homeDirectory: env.homeURL.path,
+            dataLoader: dataLoader)
+        let snapshot = try await fetcher.fetch()
+        let usage = try snapshot.toUsageSnapshot()
+
+        #expect(quotaCalls.get() == 1)
+        #expect(usage.secondary?.remainingPercent == 60.0)
+        #expect(usage.tertiary?.remainingPercent == 90.0)
+    }
+
+    @Test
+    func `antigravity descriptor advertises oauth mode`() {
+        let descriptor = ProviderDescriptorRegistry.descriptor(for: .antigravity)
+        #expect(descriptor.fetchPlan.sourceModes == [.auto, .cli, .oauth])
+    }
+
+    @Test
+    func `remote fetch returns identity when both remote quota endpoints are forbidden`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeAntigravityCredentials(
+            accessToken: "token",
+            refreshToken: nil,
+            expiry: Date().addingTimeInterval(3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "user@example.com"),
+            email: "user@example.com")
+
+        let dataLoader = GeminiAPITestHelpers.dataLoader { request in
+            guard let url = request.url, let host = url.host else {
+                throw URLError(.badURL)
+            }
+
+            switch host {
+            case "cloudcode-pa.googleapis.com":
+                if url.path == "/v1internal:loadCodeAssist" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.jsonData([
+                            "currentTier": ["id": "standard-tier", "name": "standard"],
+                            "cloudaicompanionProject": "managed-project-123",
+                        ]))
+                }
+                if url.path == "/v1internal:fetchAvailableModels" || url.path == "/v1internal:retrieveUserQuota" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 403,
+                        body: GeminiAPITestHelpers.jsonData([
+                            "error": [
+                                "code": 403,
+                                "message": "The caller does not have permission",
+                                "status": "PERMISSION_DENIED",
+                            ],
+                        ]))
+                }
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            default:
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            }
+        }
+
+        let snapshot = try await AntigravityRemoteUsageFetcher(
+            timeout: 1,
+            homeDirectory: env.homeURL.path,
+            dataLoader: dataLoader)
+            .fetch()
+
+        #expect(snapshot.modelQuotas.isEmpty)
+        #expect(snapshot.accountEmail == "user@example.com")
+        #expect(snapshot.accountPlan == "Paid")
+    }
+
+    @Test
+    func `remote fetch ignores gemini credentials when antigravity auth is missing`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeCredentials(
+            accessToken: "gemini-token",
+            refreshToken: nil,
+            expiry: Date().addingTimeInterval(3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "gemini@example.com"))
+
+        let fetcher = AntigravityRemoteUsageFetcher(
+            timeout: 1,
+            homeDirectory: env.homeURL.path,
+            dataLoader: GeminiAPITestHelpers.dataLoader { _ in
+                throw URLError(.badServerResponse)
+            })
+
+        await #expect(throws: AntigravityRemoteFetchError.notLoggedIn) {
+            try await fetcher.fetch()
+        }
+    }
+
+    @Test
+    func `remote fetch prefers stored project id from antigravity credentials`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeAntigravityCredentials(
+            accessToken: "token",
+            refreshToken: nil,
+            expiry: Date().addingTimeInterval(3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "user@example.com"),
+            email: "user@example.com",
+            projectID: "stored-project-789")
+
+        final class Recorder: @unchecked Sendable {
+            private let lock = NSLock()
+            private var projects: [String] = []
+
+            func append(_ value: String) {
+                self.lock.lock()
+                self.projects.append(value)
+                self.lock.unlock()
+            }
+
+            func last() -> String? {
+                self.lock.lock()
+                defer { self.lock.unlock() }
+                return self.projects.last
+            }
+        }
+
+        let recorder = Recorder()
+        let dataLoader = GeminiAPITestHelpers.dataLoader { request in
+            guard let url = request.url, let host = url.host else {
+                throw URLError(.badURL)
+            }
+
+            switch host {
+            case "cloudcode-pa.googleapis.com":
+                if url.path == "/v1internal:loadCodeAssist" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.jsonData([
+                            "currentTier": ["id": "standard-tier", "name": "standard"],
+                        ]))
+                }
+                if url.path == "/v1internal:fetchAvailableModels" {
+                    let body = try #require(request.httpBody)
+                    let json = try #require(JSONSerialization.jsonObject(with: body) as? [String: Any])
+                    if let project = json["project"] as? String {
+                        recorder.append(project)
+                    }
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: Self.availableModelsResponse())
+                }
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            default:
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            }
+        }
+
+        _ = try await AntigravityRemoteUsageFetcher(
+            timeout: 1,
+            homeDirectory: env.homeURL.path,
+            dataLoader: dataLoader)
+            .fetch()
+
+        #expect(recorder.last() == "stored-project-789")
+    }
+
+    private static func availableModelsResponse() -> Data {
+        GeminiAPITestHelpers.jsonData([
+            "models": [
+                "claude-sonnet-4": [
+                    "displayName": "Claude Sonnet 4",
+                    "quotaInfo": [
+                        "remainingFraction": 0.5,
+                        "resetTime": "2025-01-01T00:00:00Z",
+                    ],
+                ],
+                "gemini-3-pro-low": [
+                    "displayName": "Gemini 3 Pro Low",
+                    "quotaInfo": [
+                        "remainingFraction": 0.8,
+                        "resetTime": "2025-01-01T00:00:00Z",
+                    ],
+                ],
+                "gemini-3-flash": [
+                    "displayName": "Gemini 3 Flash",
+                    "quotaInfo": [
+                        "remainingFraction": 0.2,
+                        "resetTime": "2025-01-01T00:00:00Z",
+                    ],
+                ],
+                "gemini-3-flash-lite": [
+                    "displayName": "Gemini 3 Flash Lite",
+                    "quotaInfo": [
+                        "remainingFraction": 0.7,
+                        "resetTime": "2025-01-01T00:00:00Z",
+                    ],
+                ],
+            ],
+        ])
+    }
+}
diff --git a/Tests/CodexBarTests/AntigravityStatusProbeTests.swift b/Tests/CodexBarTests/AntigravityStatusProbeTests.swift
index d69a3041f..f9f0a1cf7 100644
--- a/Tests/CodexBarTests/AntigravityStatusProbeTests.swift
+++ b/Tests/CodexBarTests/AntigravityStatusProbeTests.swift
@@ -1,11 +1,440 @@
-import CodexBarCore
 import Foundation
 import Testing
+@testable import CodexBarCore
+
+private final class AntigravityAttemptRecorder: @unchecked Sendable {
+    private let lock = NSLock()
+    private var endpoints: [AntigravityStatusProbe.AntigravityConnectionEndpoint] = []
+
+    func append(_ endpoint: AntigravityStatusProbe.AntigravityConnectionEndpoint) {
+        self.lock.lock()
+        self.endpoints.append(endpoint)
+        self.lock.unlock()
+    }
+
+    func snapshot() -> [AntigravityStatusProbe.AntigravityConnectionEndpoint] {
+        self.lock.lock()
+        let snapshot = self.endpoints
+        self.lock.unlock()
+        return snapshot
+    }
+}
 
-@Suite
 struct AntigravityStatusProbeTests {
     @Test
-    func parsesUserStatusResponse() throws {
+    func `process detection accepts antigravity 2 unsuffixed language server`() {
+        let command = """
+        /Applications/Antigravity.app/Contents/Resources/bin/language_server --standalone \
+        --override_ide_name antigravity --override_ide_version 2.0.0 \
+        --csrf_token token --app_data_dir antigravity
+        """
+
+        #expect(AntigravityStatusProbe.isAntigravityLanguageServerCommandLine(command))
+    }
+
+    @Test
+    func `process detection accepts antigravity language server paths with spaces`() {
+        let command = """
+        /Applications/Google Antigravity.app/Contents/Resources/bin/language_server --standalone \
+        --override_ide_name antigravity --csrf_token token --app_data_dir antigravity
+        """
+
+        #expect(AntigravityStatusProbe.isAntigravityLanguageServerCommandLine(command))
+    }
+
+    @Test
+    func `process detection keeps ignoring non language server antigravity helpers`() {
+        let helper = """
+        /Applications/Antigravity.app/Contents/Frameworks/Antigravity Helper.app/Contents/MacOS/Antigravity Helper \
+        --type=renderer --user-data-dir=/Users/test/Library/Application Support/Antigravity
+        """
+
+        #expect(!AntigravityStatusProbe.isAntigravityLanguageServerCommandLine(helper))
+    }
+
+    @Test
+    func `process detection still accepts legacy antigravity language server`() {
+        let command = """
+        /Applications/Antigravity.app/Contents/Resources/bin/language_server_macos \
+        --csrf_token token --app_data_dir antigravity
+        """
+
+        #expect(AntigravityStatusProbe.isAntigravityLanguageServerCommandLine(command))
+    }
+
+    @Test
+    func `localhost trust policy only accepts local server trust challenges`() {
+        #expect(
+            LocalhostTrustPolicy.shouldAcceptServerTrust(
+                host: "127.0.0.1",
+                authenticationMethod: NSURLAuthenticationMethodServerTrust,
+                hasServerTrust: true))
+        #expect(
+            LocalhostTrustPolicy.shouldAcceptServerTrust(
+                host: "LOCALHOST",
+                authenticationMethod: NSURLAuthenticationMethodServerTrust,
+                hasServerTrust: true))
+
+        #expect(
+            !LocalhostTrustPolicy.shouldAcceptServerTrust(
+                host: "cursor.com",
+                authenticationMethod: NSURLAuthenticationMethodServerTrust,
+                hasServerTrust: true))
+        #expect(
+            !LocalhostTrustPolicy.shouldAcceptServerTrust(
+                host: "127.0.0.1",
+                authenticationMethod: NSURLAuthenticationMethodHTTPBasic,
+                hasServerTrust: true))
+        #expect(
+            !LocalhostTrustPolicy.shouldAcceptServerTrust(
+                host: "127.0.0.1",
+                authenticationMethod: NSURLAuthenticationMethodServerTrust,
+                hasServerTrust: false))
+    }
+
+    @Test
+    func `localhost trust policy rejects non loopback hostnames that contain localhost`() {
+        #expect(
+            !LocalhostTrustPolicy.shouldAcceptServerTrust(
+                host: "localhost.example.com",
+                authenticationMethod: NSURLAuthenticationMethodServerTrust,
+                hasServerTrust: true))
+    }
+
+    @Test
+    func `connection candidates preserve scheme order and endpoint tokens`() {
+        let candidates = AntigravityStatusProbe.connectionCandidates(
+            listeningPorts: [64440],
+            languageServerCSRFToken: "language-token",
+            extensionServerPort: 64432,
+            extensionServerCSRFToken: "extension-token")
+
+        #expect(
+            candidates == [
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "https",
+                    port: 64440,
+                    csrfToken: "language-token",
+                    source: .languageServer),
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "http",
+                    port: 64432,
+                    csrfToken: "extension-token",
+                    source: .extensionServer),
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "http",
+                    port: 64432,
+                    csrfToken: "language-token",
+                    source: .extensionServer),
+            ])
+    }
+
+    @Test
+    func `connection candidates restrict plain http probing to the declared extension port`() {
+        let candidates = AntigravityStatusProbe.connectionCandidates(
+            listeningPorts: [64440, 64441],
+            languageServerCSRFToken: "language-token",
+            extensionServerPort: 64432,
+            extensionServerCSRFToken: nil)
+
+        #expect(
+            candidates == [
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "https",
+                    port: 64440,
+                    csrfToken: "language-token",
+                    source: .languageServer),
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "https",
+                    port: 64441,
+                    csrfToken: "language-token",
+                    source: .languageServer),
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "http",
+                    port: 64432,
+                    csrfToken: "language-token",
+                    source: .extensionServer),
+            ])
+    }
+
+    @Test
+    func `connection candidates preserve extension fallback when extension token is unavailable`() {
+        let candidates = AntigravityStatusProbe.connectionCandidates(
+            listeningPorts: [64440],
+            languageServerCSRFToken: "language-token",
+            extensionServerPort: 64432,
+            extensionServerCSRFToken: nil)
+
+        #expect(
+            candidates == [
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "https",
+                    port: 64440,
+                    csrfToken: "language-token",
+                    source: .languageServer),
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "http",
+                    port: 64432,
+                    csrfToken: "language-token",
+                    source: .extensionServer),
+            ])
+    }
+
+    @Test
+    func `connection candidates do not duplicate the same http target when ports overlap`() {
+        let candidates = AntigravityStatusProbe.connectionCandidates(
+            listeningPorts: [64432],
+            languageServerCSRFToken: "language-token",
+            extensionServerPort: 64432,
+            extensionServerCSRFToken: nil)
+
+        #expect(
+            candidates == [
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "https",
+                    port: 64432,
+                    csrfToken: "language-token",
+                    source: .languageServer),
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "http",
+                    port: 64432,
+                    csrfToken: "language-token",
+                    source: .extensionServer),
+            ])
+    }
+
+    @Test
+    func `request endpoints retry extension server after language server success`() {
+        let resolvedEndpoint = AntigravityStatusProbe.AntigravityConnectionEndpoint(
+            scheme: "https",
+            port: 64440,
+            csrfToken: "language-token",
+            source: .languageServer)
+
+        let endpoints = AntigravityStatusProbe.requestEndpoints(
+            resolvedEndpoint: resolvedEndpoint,
+            listeningPorts: [64440],
+            languageServerCSRFToken: "language-token",
+            extensionServerPort: 64432,
+            extensionServerCSRFToken: "extension-token")
+
+        #expect(
+            endpoints == [
+                resolvedEndpoint,
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "http",
+                    port: 64432,
+                    csrfToken: "extension-token",
+                    source: .extensionServer),
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "http",
+                    port: 64432,
+                    csrfToken: "language-token",
+                    source: .extensionServer),
+            ])
+    }
+
+    @Test
+    func `request endpoints preserve extension fallback when extension token is unavailable`() {
+        let resolvedEndpoint = AntigravityStatusProbe.AntigravityConnectionEndpoint(
+            scheme: "https",
+            port: 64440,
+            csrfToken: "language-token",
+            source: .languageServer)
+
+        let endpoints = AntigravityStatusProbe.requestEndpoints(
+            resolvedEndpoint: resolvedEndpoint,
+            listeningPorts: [64440],
+            languageServerCSRFToken: "language-token",
+            extensionServerPort: 64432,
+            extensionServerCSRFToken: nil)
+
+        #expect(
+            endpoints == [
+                resolvedEndpoint,
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "http",
+                    port: 64432,
+                    csrfToken: "language-token",
+                    source: .extensionServer),
+            ])
+    }
+
+    @Test
+    func `request endpoints retry alternate token after extension server wins discovery`() {
+        let resolvedEndpoint = AntigravityStatusProbe.AntigravityConnectionEndpoint(
+            scheme: "http",
+            port: 64432,
+            csrfToken: "extension-token",
+            source: .extensionServer)
+
+        let endpoints = AntigravityStatusProbe.requestEndpoints(
+            resolvedEndpoint: resolvedEndpoint,
+            listeningPorts: [64440],
+            languageServerCSRFToken: "language-token",
+            extensionServerPort: 64432,
+            extensionServerCSRFToken: "extension-token")
+
+        #expect(
+            endpoints == [
+                resolvedEndpoint,
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "http",
+                    port: 64432,
+                    csrfToken: "language-token",
+                    source: .extensionServer),
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "https",
+                    port: 64440,
+                    csrfToken: "language-token",
+                    source: .languageServer),
+            ])
+    }
+
+    @Test
+    func `request endpoints keep https language server fallback after extension probe wins`() {
+        let resolvedEndpoint = AntigravityStatusProbe.AntigravityConnectionEndpoint(
+            scheme: "http",
+            port: 64432,
+            csrfToken: "language-token",
+            source: .extensionServer)
+
+        let endpoints = AntigravityStatusProbe.requestEndpoints(
+            resolvedEndpoint: resolvedEndpoint,
+            listeningPorts: [64432, 64440],
+            languageServerCSRFToken: "language-token",
+            extensionServerPort: 64432,
+            extensionServerCSRFToken: nil)
+
+        #expect(
+            endpoints == [
+                resolvedEndpoint,
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "https",
+                    port: 64432,
+                    csrfToken: "language-token",
+                    source: .languageServer),
+                AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                    scheme: "https",
+                    port: 64440,
+                    csrfToken: "language-token",
+                    source: .languageServer),
+            ])
+    }
+
+    @Test
+    func `parsed request retries later endpoints after api level error payload`() async throws {
+        let endpoints = [
+            AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                scheme: "https",
+                port: 64440,
+                csrfToken: "bad-token",
+                source: .languageServer),
+            AntigravityStatusProbe.AntigravityConnectionEndpoint(
+                scheme: "http",
+                port: 64432,
+                csrfToken: "good-token",
+                source: .extensionServer),
+        ]
+        let attempted = AntigravityAttemptRecorder()
+
+        let snapshot = try await AntigravityStatusProbe.makeParsedRequest(
+            payload: AntigravityStatusProbe.RequestPayload(
+                path: "/exa.language_server_pb.LanguageServerService/GetUserStatus",
+                body: ["metadata": [:]]),
+            context: AntigravityStatusProbe.RequestContext(
+                endpoints: endpoints,
+                timeout: 1),
+            send: { _, endpoint, _ in
+                attempted.append(endpoint)
+                if endpoint.csrfToken == "bad-token" {
+                    return Data(#"{"code":16}"#.utf8)
+                }
+                return Data(
+                    #"""
+                    {
+                      "code": 0,
+                      "userStatus": {
+                        "email": "test@example.com",
+                        "cascadeModelConfigData": {
+                          "clientModelConfigs": []
+                        }
+                      }
+                    }
+                    """#.utf8)
+            },
+            parse: AntigravityStatusProbe.parseUserStatusResponse)
+
+        #expect(snapshot.accountEmail == "test@example.com")
+        #expect(attempted.snapshot() == endpoints)
+    }
+
+    @Test
+    func `endpoint resolver prefers successful https language server candidate`() async throws {
+        let candidates = AntigravityStatusProbe.connectionCandidates(
+            listeningPorts: [64440],
+            languageServerCSRFToken: "language-token",
+            extensionServerPort: 64432,
+            extensionServerCSRFToken: "extension-token")
+        let attempted = AntigravityAttemptRecorder()
+
+        let endpoint = try await AntigravityStatusProbe.resolveWorkingEndpoint(
+            candidateEndpoints: candidates,
+            timeout: 1)
+        { endpoint, _ in
+            attempted.append(endpoint)
+            return endpoint.scheme == "https" && endpoint.port == 64440
+        }
+
+        #expect(endpoint == candidates[0])
+        #expect(attempted.snapshot() == [candidates[0]])
+    }
+
+    @Test
+    func `endpoint resolver falls back to extension server after https language server candidates`() async throws {
+        let candidates = AntigravityStatusProbe.connectionCandidates(
+            listeningPorts: [64440, 64441],
+            languageServerCSRFToken: "language-token",
+            extensionServerPort: 64432,
+            extensionServerCSRFToken: "extension-token")
+        let attempted = AntigravityAttemptRecorder()
+
+        let endpoint = try await AntigravityStatusProbe.resolveWorkingEndpoint(
+            candidateEndpoints: candidates,
+            timeout: 1)
+        { endpoint, _ in
+            attempted.append(endpoint)
+            return endpoint.scheme == "http" && endpoint.port == 64432 && endpoint.source == .extensionServer
+        }
+
+        #expect(endpoint == candidates[2])
+        #expect(attempted.snapshot() == Array(candidates.prefix(3)))
+    }
+
+    @Test
+    func `endpoint resolver falls back to alternate extension token after primary token fails`() async throws {
+        let candidates = AntigravityStatusProbe.connectionCandidates(
+            listeningPorts: [64440],
+            languageServerCSRFToken: "language-token",
+            extensionServerPort: 64432,
+            extensionServerCSRFToken: "extension-token")
+        let attempted = AntigravityAttemptRecorder()
+
+        let endpoint = try await AntigravityStatusProbe.resolveWorkingEndpoint(
+            candidateEndpoints: candidates,
+            timeout: 1)
+        { endpoint, _ in
+            attempted.append(endpoint)
+            return endpoint.source == .extensionServer && endpoint.csrfToken == "language-token"
+        }
+
+        #expect(endpoint == candidates[2])
+        #expect(attempted.snapshot() == candidates)
+        #expect(endpoint.csrfToken == "language-token")
+    }
+
+    @Test
+    func `parses user status response`() throws {
         let json = """
         {
           "code": 0,
@@ -53,4 +482,468 @@ struct AntigravityStatusProbeTests {
         #expect(usage.secondary?.remainingPercent.rounded() == 80)
         #expect(usage.tertiary?.remainingPercent.rounded() == 20)
     }
+
+    @Test
+    func `prefers user tier name over generic plan info`() throws {
+        let json = """
+        {
+          "code": 0,
+          "userStatus": {
+            "email": "ultra@example.com",
+            "userTier": {
+              "id": "google_ai_ultra",
+              "name": "Google AI Ultra",
+              "description": "Ultra tier"
+            },
+            "planStatus": {
+              "planInfo": {
+                "planName": "Pro"
+              }
+            },
+            "cascadeModelConfigData": {
+              "clientModelConfigs": []
+            }
+          }
+        }
+        """
+
+        let data = Data(json.utf8)
+        let snapshot = try AntigravityStatusProbe.parseUserStatusResponse(data)
+
+        #expect(snapshot.accountEmail == "ultra@example.com")
+        #expect(snapshot.accountPlan == "Google AI Ultra")
+        #expect(snapshot.modelQuotas.isEmpty)
+    }
+
+    @Test
+    func `falls back to plan info when user tier name is blank`() throws {
+        let json = """
+        {
+          "code": 0,
+          "userStatus": {
+            "email": "fallback@example.com",
+            "userTier": {
+              "id": "google_ai_ultra",
+              "name": "   ",
+              "description": "Ultra tier"
+            },
+            "planStatus": {
+              "planInfo": {
+                "planName": "Pro"
+              }
+            },
+            "cascadeModelConfigData": {
+              "clientModelConfigs": []
+            }
+          }
+        }
+        """
+
+        let data = Data(json.utf8)
+        let snapshot = try AntigravityStatusProbe.parseUserStatusResponse(data)
+
+        #expect(snapshot.accountEmail == "fallback@example.com")
+        #expect(snapshot.accountPlan == "Pro")
+        #expect(snapshot.modelQuotas.isEmpty)
+    }
+
+    @Test
+    func `claude bar can use thinking variants`() throws {
+        let snapshot = AntigravityStatusSnapshot(
+            modelQuotas: [
+                AntigravityModelQuota(
+                    label: "Claude Thinking",
+                    modelId: "claude-thinking",
+                    remainingFraction: 0.7,
+                    resetTime: nil,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Claude Sonnet 4",
+                    modelId: "claude-sonnet-4",
+                    remainingFraction: 0.3,
+                    resetTime: nil,
+                    resetDescription: nil),
+            ],
+            accountEmail: nil,
+            accountPlan: nil)
+
+        let usage = try snapshot.toUsageSnapshot()
+        #expect(usage.primary?.remainingPercent.rounded() == 30)
+    }
+
+    @Test
+    func `claude bar uses thinking model when it is the only claude option`() throws {
+        let snapshot = AntigravityStatusSnapshot(
+            modelQuotas: [
+                AntigravityModelQuota(
+                    label: "Claude Thinking",
+                    modelId: "claude-thinking",
+                    remainingFraction: 0.7,
+                    resetTime: nil,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3 Pro Low",
+                    modelId: "gemini-3-pro-low",
+                    remainingFraction: 0.4,
+                    resetTime: nil,
+                    resetDescription: nil),
+            ],
+            accountEmail: nil,
+            accountPlan: nil)
+
+        let usage = try snapshot.toUsageSnapshot()
+        #expect(usage.primary?.remainingPercent.rounded() == 70)
+        #expect(usage.secondary?.remainingPercent.rounded() == 40)
+    }
+
+    @Test
+    func `gemini pro bar unavailable when only excluded variants exist`() throws {
+        let snapshot = AntigravityStatusSnapshot(
+            modelQuotas: [
+                AntigravityModelQuota(
+                    label: "Gemini Pro Lite",
+                    modelId: "gemini-3-pro-lite",
+                    remainingFraction: 0.6,
+                    resetTime: nil,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Claude Sonnet 4",
+                    modelId: "claude-sonnet-4",
+                    remainingFraction: 0.3,
+                    resetTime: nil,
+                    resetDescription: nil),
+            ],
+            accountEmail: nil,
+            accountPlan: nil)
+
+        let usage = try snapshot.toUsageSnapshot()
+        #expect(usage.secondary == nil)
+        #expect(usage.primary?.remainingPercent.rounded() == 30)
+    }
+
+    @Test
+    func `gemini pro chooses pro low model`() throws {
+        let snapshot = AntigravityStatusSnapshot(
+            modelQuotas: [
+                AntigravityModelQuota(
+                    label: "Gemini 3 Pro",
+                    modelId: "gemini-3-pro",
+                    remainingFraction: 0.9,
+                    resetTime: nil,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3 Pro Low",
+                    modelId: "gemini-3-pro-low",
+                    remainingFraction: 0.4,
+                    resetTime: nil,
+                    resetDescription: nil),
+            ],
+            accountEmail: nil,
+            accountPlan: nil)
+
+        let usage = try snapshot.toUsageSnapshot()
+        #expect(usage.secondary?.remainingPercent.rounded() == 40)
+    }
+
+    @Test
+    func `gemini pro low wins over standard pro when both exist`() throws {
+        let snapshot = AntigravityStatusSnapshot(
+            modelQuotas: [
+                AntigravityModelQuota(
+                    label: "Gemini 3 Pro",
+                    modelId: "gemini-3-pro",
+                    remainingFraction: 0.1,
+                    resetTime: nil,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3 Pro Low",
+                    modelId: "gemini-3-pro-low",
+                    remainingFraction: 0.9,
+                    resetTime: nil,
+                    resetDescription: nil),
+            ],
+            accountEmail: nil,
+            accountPlan: nil)
+
+        let usage = try snapshot.toUsageSnapshot()
+        #expect(usage.secondary?.remainingPercent.rounded() == 90)
+    }
+
+    @Test
+    func `gemini pro prefers model with remaining data over low priority placeholder`() throws {
+        let snapshot = AntigravityStatusSnapshot(
+            modelQuotas: [
+                AntigravityModelQuota(
+                    label: "Gemini 3 Pro (Low)",
+                    modelId: "MODEL_PLACEHOLDER_M36",
+                    remainingFraction: nil,
+                    resetTime: Date(timeIntervalSince1970: 1_735_000_000),
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3 Pro (High)",
+                    modelId: "MODEL_PLACEHOLDER_M37",
+                    remainingFraction: 1,
+                    resetTime: Date(timeIntervalSince1970: 1_735_100_000),
+                    resetDescription: nil),
+            ],
+            accountEmail: nil,
+            accountPlan: nil)
+
+        let usage = try snapshot.toUsageSnapshot()
+        #expect(usage.secondary?.remainingPercent.rounded() == 100)
+    }
+
+    @Test
+    func `gemini flash does not fallback to lite variant`() throws {
+        let snapshot = AntigravityStatusSnapshot(
+            modelQuotas: [
+                AntigravityModelQuota(
+                    label: "Gemini 2 Flash Lite",
+                    modelId: "gemini-2-flash-lite",
+                    remainingFraction: 0.2,
+                    resetTime: nil,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Claude Sonnet 4",
+                    modelId: "claude-sonnet-4",
+                    remainingFraction: 0.3,
+                    resetTime: nil,
+                    resetDescription: nil),
+            ],
+            accountEmail: nil,
+            accountPlan: nil)
+
+        let usage = try snapshot.toUsageSnapshot()
+        #expect(usage.tertiary == nil)
+        #expect(usage.primary?.remainingPercent.rounded() == 30)
+    }
+
+    @Test
+    func `falls back to labels when model ids are placeholders`() throws {
+        let snapshot = AntigravityStatusSnapshot(
+            modelQuotas: [
+                AntigravityModelQuota(
+                    label: "Claude Sonnet 4.6",
+                    modelId: "MODEL_PLACEHOLDER_M35",
+                    remainingFraction: 0.3,
+                    resetTime: nil,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3.1 Pro (Low)",
+                    modelId: "MODEL_PLACEHOLDER_M36",
+                    remainingFraction: 0.4,
+                    resetTime: nil,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3 Flash",
+                    modelId: "MODEL_PLACEHOLDER_M47",
+                    remainingFraction: 1,
+                    resetTime: nil,
+                    resetDescription: nil),
+            ],
+            accountEmail: nil,
+            accountPlan: nil)
+
+        let usage = try snapshot.toUsageSnapshot()
+        #expect(usage.primary?.remainingPercent.rounded() == 30)
+        #expect(usage.secondary?.remainingPercent.rounded() == 40)
+        #expect(usage.tertiary?.remainingPercent.rounded() == 100)
+    }
+
+    @Test
+    func `matches remote antigravity model names with parentheses`() throws {
+        let resetTime = Date(timeIntervalSince1970: 1_775_000_000)
+        let snapshot = AntigravityStatusSnapshot(
+            modelQuotas: [
+                AntigravityModelQuota(
+                    label: "Claude Opus 4.6 (Thinking)",
+                    modelId: "MODEL_PLACEHOLDER_M50",
+                    remainingFraction: 1,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Claude Sonnet 4.6 (Thinking)",
+                    modelId: "MODEL_PLACEHOLDER_M51",
+                    remainingFraction: 1,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3 Pro (High)",
+                    modelId: "MODEL_PLACEHOLDER_M52",
+                    remainingFraction: 1,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3 Pro (Low)",
+                    modelId: "MODEL_PLACEHOLDER_M53",
+                    remainingFraction: 1,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3 Flash",
+                    modelId: "MODEL_PLACEHOLDER_M54",
+                    remainingFraction: 1,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "GPT-OSS 120B (Medium)",
+                    modelId: "MODEL_PLACEHOLDER_M55",
+                    remainingFraction: 1,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+            ],
+            accountEmail: "user@example.com",
+            accountPlan: "Pro")
+
+        let usage = try snapshot.toUsageSnapshot()
+        #expect(usage.primary?.remainingPercent.rounded() == 100)
+        #expect(usage.secondary?.remainingPercent.rounded() == 100)
+        #expect(usage.tertiary?.remainingPercent.rounded() == 100)
+        #expect(usage.identity?.accountEmail == "user@example.com")
+    }
+}
+
+extension AntigravityStatusProbeTests {
+    @Test
+    func `extra rate windows preserve all model quotas in stable label order`() throws {
+        let resetTime = Date(timeIntervalSince1970: 1_775_000_000)
+        let snapshot = AntigravityStatusSnapshot(
+            modelQuotas: [
+                AntigravityModelQuota(
+                    label: "GPT-OSS 120B (Medium)",
+                    modelId: "MODEL_PLACEHOLDER_M55",
+                    remainingFraction: 0.25,
+                    resetTime: resetTime,
+                    resetDescription: "tomorrow"),
+                AntigravityModelQuota(
+                    label: "Gemini 3 Pro (Low)",
+                    modelId: "MODEL_PLACEHOLDER_M53",
+                    remainingFraction: 0.5,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Claude Opus 4.6 (Thinking)",
+                    modelId: "MODEL_PLACEHOLDER_M50",
+                    remainingFraction: 0.75,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3 Pro (High)",
+                    modelId: "MODEL_PLACEHOLDER_M52",
+                    remainingFraction: 1,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+            ],
+            accountEmail: nil,
+            accountPlan: nil)
+
+        let usage = try snapshot.toUsageSnapshot()
+        let extraWindows = try #require(usage.extraRateWindows)
+
+        #expect(extraWindows.map(\.id) == [
+            "MODEL_PLACEHOLDER_M50",
+            "MODEL_PLACEHOLDER_M52",
+            "MODEL_PLACEHOLDER_M53",
+            "MODEL_PLACEHOLDER_M55",
+        ])
+        #expect(extraWindows.map(\.title) == [
+            "Claude Opus 4.6 (Thinking)",
+            "Gemini 3 Pro (High)",
+            "Gemini 3 Pro (Low)",
+            "GPT-OSS 120B (Medium)",
+        ])
+        #expect(extraWindows.map { $0.window.remainingPercent.rounded() } == [75, 100, 50, 25])
+        #expect(extraWindows.last?.window.resetDescription == "tomorrow")
+    }
+
+    @Test
+    func `model without remaining fraction keeps reset time`() throws {
+        let resetTime = Date(timeIntervalSince1970: 1_735_000_000)
+        let snapshot = AntigravityStatusSnapshot(
+            modelQuotas: [
+                AntigravityModelQuota(
+                    label: "Gemini 3.1 Pro (Low)",
+                    modelId: "MODEL_PLACEHOLDER_M36",
+                    remainingFraction: nil,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3 Flash",
+                    modelId: "MODEL_PLACEHOLDER_M47",
+                    remainingFraction: 1,
+                    resetTime: nil,
+                    resetDescription: nil),
+            ],
+            accountEmail: nil,
+            accountPlan: nil)
+
+        let usage = try snapshot.toUsageSnapshot()
+        #expect(usage.secondary?.remainingPercent.rounded() == 0)
+        #expect(usage.secondary?.resetsAt == resetTime)
+        #expect(usage.tertiary?.remainingPercent.rounded() == 100)
+    }
+
+    @Test
+    func `filtered variants fall back to a visible primary snapshot`() throws {
+        let snapshot = AntigravityStatusSnapshot(
+            modelQuotas: [
+                AntigravityModelQuota(
+                    label: "Gemini 3 Pro Lite",
+                    modelId: "gemini-3-pro-lite",
+                    remainingFraction: 0.6,
+                    resetTime: nil,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3 Flash Lite",
+                    modelId: "gemini-3-flash-lite",
+                    remainingFraction: 0.2,
+                    resetTime: nil,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Tab Autocomplete",
+                    modelId: "tab_autocomplete_model",
+                    remainingFraction: 0.9,
+                    resetTime: nil,
+                    resetDescription: nil),
+            ],
+            accountEmail: "test@example.com",
+            accountPlan: "Pro")
+
+        let usage = try snapshot.toUsageSnapshot()
+        #expect(usage.primary?.remainingPercent.rounded() == 20)
+        #expect(usage.secondary == nil)
+        #expect(usage.tertiary == nil)
+        #expect(usage.accountEmail(for: .antigravity) == "test@example.com")
+        #expect(usage.loginMethod(for: .antigravity) == "Pro")
+    }
+
+    @Test
+    func `http probe errors still count as reachable`() {
+        #expect(
+            AntigravityStatusProbe.isReachableProbeError(
+                AntigravityStatusProbeError.apiError("HTTP 403: Forbidden")))
+        #expect(
+            AntigravityStatusProbe.isReachableProbeError(
+                AntigravityStatusProbeError.apiError("HTTP 404: Not Found")))
+        #expect(
+            !AntigravityStatusProbe.isReachableProbeError(
+                AntigravityStatusProbeError.apiError("Invalid response")))
+        #expect(!AntigravityStatusProbe.isReachableProbeError(AntigravityStatusProbeError.notRunning))
+    }
+
+    @Test
+    func `fallback probe port prefers non extension candidate`() {
+        #expect(
+            AntigravityStatusProbe.fallbackProbePort(
+                ports: [51170, 61775],
+                extensionPort: 61775) == 51170)
+        #expect(
+            AntigravityStatusProbe.fallbackProbePort(
+                ports: [61775],
+                extensionPort: 61775) == 61775)
+        #expect(
+            AntigravityStatusProbe.fallbackProbePort(
+                ports: [51170, 61775],
+                extensionPort: nil) == 51170)
+    }
 }
diff --git a/Tests/CodexBarTests/AppDelegateTests.swift b/Tests/CodexBarTests/AppDelegateTests.swift
index 70677caad..ffc7656a5 100644
--- a/Tests/CodexBarTests/AppDelegateTests.swift
+++ b/Tests/CodexBarTests/AppDelegateTests.swift
@@ -4,19 +4,14 @@ import Testing
 @testable import CodexBar
 
 @MainActor
-@Suite
 struct AppDelegateTests {
     @Test
-    func buildsStatusControllerAfterLaunch() {
+    func `builds status controller after launch`() {
         let appDelegate = AppDelegate()
         var factoryCalls = 0
-
-        // Install a test factory that records invocations without touching NSStatusBar.
-        StatusItemController.factory = { _, _, _, _, _ in
-            factoryCalls += 1
-            return DummyStatusController()
-        }
-        defer { StatusItemController.factory = StatusItemController.defaultFactory }
+        var ttyShutdowns = 0
+        let dummyStatusController = DummyStatusController()
+        let managedCodexAccountCoordinator = ManagedCodexAccountCoordinator()
 
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "AppDelegateTests"),
@@ -25,9 +20,31 @@ struct AppDelegateTests {
         let fetcher = UsageFetcher()
         let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
         let account = fetcher.loadAccountInfo()
+        let promotionCoordinator = CodexAccountPromotionCoordinator(
+            settingsStore: settings,
+            usageStore: store,
+            managedAccountCoordinator: managedCodexAccountCoordinator)
+        appDelegate.terminateActiveProcessesForAppShutdown = {
+            ttyShutdowns += 1
+        }
+
+        // Install a test factory that records invocations without touching NSStatusBar.
+        StatusItemController.factory = { _, _, _, _, _, receivedManagedCoordinator, receivedPromotionCoordinator in
+            factoryCalls += 1
+            #expect(receivedManagedCoordinator === managedCodexAccountCoordinator)
+            #expect(receivedPromotionCoordinator === promotionCoordinator)
+            return dummyStatusController
+        }
+        defer { StatusItemController.factory = StatusItemController.defaultFactory }
 
         // configure should not eagerly construct the status controller
-        appDelegate.configure(store: store, settings: settings, account: account, selection: PreferencesSelection())
+        appDelegate.configure(.init(
+            store: store,
+            settings: settings,
+            account: account,
+            selection: PreferencesSelection(),
+            managedCodexAccountCoordinator: managedCodexAccountCoordinator,
+            codexAccountPromotionCoordinator: promotionCoordinator))
         #expect(factoryCalls == 0)
 
         // construction happens once after launch
@@ -37,10 +54,21 @@ struct AppDelegateTests {
         // idempotent on subsequent calls
         appDelegate.applicationDidFinishLaunching(Notification(name: NSApplication.didFinishLaunchingNotification))
         #expect(factoryCalls == 1)
+
+        // production termination should ask the status controller to detach AppKit status/menu state
+        appDelegate.applicationWillTerminate(Notification(name: NSApplication.willTerminateNotification))
+        #expect(dummyStatusController.shutdowns == 1)
+        #expect(ttyShutdowns == 1)
     }
 }
 
 @MainActor
 private final class DummyStatusController: StatusItemControlling {
+    private(set) var shutdowns = 0
+
     func openMenuFromShortcut() {}
+    func runLoginFlowFromSettings(provider _: UsageProvider) async {}
+    func prepareForAppShutdown() {
+        self.shutdowns += 1
+    }
 }
diff --git a/Tests/CodexBarTests/AppGroupSupportTests.swift b/Tests/CodexBarTests/AppGroupSupportTests.swift
new file mode 100644
index 000000000..ba55d2acd
--- /dev/null
+++ b/Tests/CodexBarTests/AppGroupSupportTests.swift
@@ -0,0 +1,121 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct AppGroupSupportTests {
+    @Test
+    func `app group identifiers use resolved team-prefixed release and debug variants`() {
+        #expect(
+            AppGroupSupport.currentGroupID(teamID: "Y5PE65HELJ", bundleID: "com.steipete.codexbar")
+                == "Y5PE65HELJ.com.steipete.codexbar")
+        #expect(
+            AppGroupSupport.currentGroupID(teamID: "ABCDE12345", bundleID: "com.steipete.codexbar.debug")
+                == "ABCDE12345.com.steipete.codexbar.debug")
+        #expect(
+            AppGroupSupport.legacyGroupID(for: "com.steipete.codexbar")
+                == "group.com.steipete.codexbar")
+        #expect(
+            AppGroupSupport.legacyGroupID(for: "com.steipete.codexbar.debug")
+                == "group.com.steipete.codexbar.debug")
+    }
+
+    @Test
+    func `resolved team id falls back to plist and then default`() {
+        #expect(
+            AppGroupSupport.resolvedTeamID(
+                infoDictionaryOverride: [AppGroupSupport.teamIDInfoKey: "ABCDE12345"],
+                bundleURLOverride: nil) == "ABCDE12345")
+        #expect(
+            AppGroupSupport.resolvedTeamID(
+                infoDictionaryOverride: nil,
+                bundleURLOverride: nil) == AppGroupSupport.defaultTeamID)
+    }
+
+    @Test
+    func `legacy migration copies snapshot once`() throws {
+        let fileManager = FileManager.default
+        let root = fileManager.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        try fileManager.createDirectory(at: root, withIntermediateDirectories: true)
+        defer { try? fileManager.removeItem(at: root) }
+
+        let standardSuite = "AppGroupSupportTests-standard-\(UUID().uuidString)"
+        let currentSuite = "AppGroupSupportTests-current-\(UUID().uuidString)"
+        let legacySuite = "AppGroupSupportTests-legacy-\(UUID().uuidString)"
+
+        let standardDefaults = try #require(UserDefaults(suiteName: standardSuite))
+        let currentDefaults = try #require(UserDefaults(suiteName: currentSuite))
+        let legacyDefaults = try #require(UserDefaults(suiteName: legacySuite))
+        standardDefaults.removePersistentDomain(forName: standardSuite)
+        currentDefaults.removePersistentDomain(forName: currentSuite)
+        legacyDefaults.removePersistentDomain(forName: legacySuite)
+
+        legacyDefaults.set(true, forKey: "debugDisableKeychainAccess")
+        legacyDefaults.set(UsageProvider.cursor.rawValue, forKey: "widgetSelectedProvider")
+
+        let legacySnapshotURL = root.appendingPathComponent(
+            "legacy/widget-snapshot.json",
+            isDirectory: false)
+        try fileManager.createDirectory(
+            at: legacySnapshotURL.deletingLastPathComponent(),
+            withIntermediateDirectories: true)
+        try Data("legacy-snapshot".utf8).write(to: legacySnapshotURL)
+
+        let currentSnapshotURL = root.appendingPathComponent("current/widget-snapshot.json", isDirectory: false)
+        let result = AppGroupSupport.migrateLegacyDataIfNeeded(
+            bundleID: "com.steipete.codexbar",
+            standardDefaults: standardDefaults,
+            currentDefaultsOverride: currentDefaults,
+            legacyDefaultsOverride: legacyDefaults,
+            currentSnapshotURLOverride: currentSnapshotURL,
+            legacySnapshotURLOverride: legacySnapshotURL)
+
+        #expect(result.status == .migrated)
+        #expect(result.copiedSnapshot)
+        #expect(result.copiedDefaults == 2)
+        #expect(currentDefaults.bool(forKey: "debugDisableKeychainAccess"))
+        #expect(currentDefaults.string(forKey: "widgetSelectedProvider") == UsageProvider.cursor.rawValue)
+        #expect(fileManager.fileExists(atPath: currentSnapshotURL.path))
+        #expect(
+            standardDefaults.integer(forKey: AppGroupSupport.migrationVersionKey)
+                == AppGroupSupport.migrationVersion)
+
+        let secondResult = AppGroupSupport.migrateLegacyDataIfNeeded(
+            bundleID: "com.steipete.codexbar",
+            standardDefaults: standardDefaults,
+            currentDefaultsOverride: currentDefaults,
+            legacyDefaultsOverride: legacyDefaults,
+            currentSnapshotURLOverride: currentSnapshotURL,
+            legacySnapshotURLOverride: legacySnapshotURL)
+        #expect(secondResult.status == .alreadyCompleted)
+    }
+
+    @Test
+    func `legacy migration preserves existing target shared defaults`() throws {
+        let standardSuite = "AppGroupSupportTests-standard-existing-\(UUID().uuidString)"
+        let currentSuite = "AppGroupSupportTests-current-existing-\(UUID().uuidString)"
+        let legacySuite = "AppGroupSupportTests-legacy-existing-\(UUID().uuidString)"
+
+        let standardDefaults = try #require(UserDefaults(suiteName: standardSuite))
+        let currentDefaults = try #require(UserDefaults(suiteName: currentSuite))
+        let legacyDefaults = try #require(UserDefaults(suiteName: legacySuite))
+        standardDefaults.removePersistentDomain(forName: standardSuite)
+        currentDefaults.removePersistentDomain(forName: currentSuite)
+        legacyDefaults.removePersistentDomain(forName: legacySuite)
+
+        currentDefaults.set(false, forKey: "debugDisableKeychainAccess")
+        currentDefaults.set(UsageProvider.codex.rawValue, forKey: "widgetSelectedProvider")
+        legacyDefaults.set(true, forKey: "debugDisableKeychainAccess")
+        legacyDefaults.set(UsageProvider.cursor.rawValue, forKey: "widgetSelectedProvider")
+
+        let result = AppGroupSupport.migrateLegacyDataIfNeeded(
+            bundleID: "com.steipete.codexbar",
+            standardDefaults: standardDefaults,
+            currentDefaultsOverride: currentDefaults,
+            legacyDefaultsOverride: legacyDefaults)
+
+        #expect(result.status == .noChangesNeeded)
+        #expect(result.copiedDefaults == 0)
+        #expect(!currentDefaults.bool(forKey: "debugDisableKeychainAccess"))
+        #expect(currentDefaults.string(forKey: "widgetSelectedProvider") == UsageProvider.codex.rawValue)
+    }
+}
diff --git a/Tests/CodexBarTests/AugmentCLIFetchStrategyFallbackTests.swift b/Tests/CodexBarTests/AugmentCLIFetchStrategyFallbackTests.swift
new file mode 100644
index 000000000..58d9b0b6f
--- /dev/null
+++ b/Tests/CodexBarTests/AugmentCLIFetchStrategyFallbackTests.swift
@@ -0,0 +1,97 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+#if os(macOS)
+
+/// Regression tests for #474: verify that CLI timeout errors trigger fallback
+/// to the web strategy instead of stalling the refresh cycle.
+struct AugmentCLIFetchStrategyFallbackTests {
+    private struct StubClaudeFetcher: ClaudeUsageFetching {
+        func loadLatestUsage(model _: String) async throws -> ClaudeUsageSnapshot {
+            throw ClaudeUsageError.parseFailed("stub")
+        }
+
+        func debugRawProbe(model _: String) async -> String {
+            "stub"
+        }
+
+        func detectVersion() -> String? {
+            nil
+        }
+    }
+
+    private func makeContext(sourceMode: ProviderSourceMode = .auto) -> ProviderFetchContext {
+        let env: [String: String] = [:]
+        return ProviderFetchContext(
+            runtime: .app,
+            sourceMode: sourceMode,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: nil,
+            fetcher: UsageFetcher(environment: env),
+            claudeFetcher: StubClaudeFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0))
+    }
+
+    // SubprocessRunnerError is not an AuggieCLIError, so it hits the default
+    // fallback=true path — the desired behavior for infrastructure errors.
+
+    @Test
+    func `timeout error falls back to web`() {
+        let strategy = AugmentCLIFetchStrategy()
+        let context = self.makeContext()
+        let error = SubprocessRunnerError.timedOut("auggie-account-status")
+        #expect(strategy.shouldFallback(on: error, context: context) == true)
+    }
+
+    @Test
+    func `binary not found falls back to web`() {
+        let strategy = AugmentCLIFetchStrategy()
+        let context = self.makeContext()
+        let error = SubprocessRunnerError.binaryNotFound("/usr/local/bin/auggie")
+        #expect(strategy.shouldFallback(on: error, context: context) == true)
+    }
+
+    @Test
+    func `launch failed falls back to web`() {
+        let strategy = AugmentCLIFetchStrategy()
+        let context = self.makeContext()
+        let error = SubprocessRunnerError.launchFailed("permission denied")
+        #expect(strategy.shouldFallback(on: error, context: context) == true)
+    }
+
+    @Test
+    func `not authenticated falls back to web`() {
+        let strategy = AugmentCLIFetchStrategy()
+        let context = self.makeContext()
+        #expect(strategy.shouldFallback(on: AuggieCLIError.notAuthenticated, context: context) == true)
+    }
+
+    @Test
+    func `no output falls back to web`() {
+        let strategy = AugmentCLIFetchStrategy()
+        let context = self.makeContext()
+        #expect(strategy.shouldFallback(on: AuggieCLIError.noOutput, context: context) == true)
+    }
+
+    @Test
+    func `parse error does not fall back`() {
+        let strategy = AugmentCLIFetchStrategy()
+        let context = self.makeContext()
+        #expect(strategy.shouldFallback(on: AuggieCLIError.parseError("bad data"), context: context) == false)
+    }
+
+    @Test
+    func `non zero exit falls back to web`() {
+        let strategy = AugmentCLIFetchStrategy()
+        let context = self.makeContext()
+        let error = SubprocessRunnerError.nonZeroExit(code: 1, stderr: "crash")
+        #expect(strategy.shouldFallback(on: error, context: context) == true)
+    }
+}
+
+#endif
diff --git a/Tests/CodexBarTests/AugmentStatusProbeTests.swift b/Tests/CodexBarTests/AugmentStatusProbeTests.swift
index 912f36733..c72014ef5 100644
--- a/Tests/CodexBarTests/AugmentStatusProbeTests.swift
+++ b/Tests/CodexBarTests/AugmentStatusProbeTests.swift
@@ -2,12 +2,33 @@ import XCTest
 @testable import CodexBarCore
 
 final class AugmentStatusProbeTests: XCTestCase {
-    func test_debugRawProbe_returnsFormattedOutput() async {
+    private func failingProbe() throws -> AugmentStatusProbe {
+        try AugmentStatusProbe(baseURL: XCTUnwrap(URL(string: "http://127.0.0.1:1")), timeout: 0.1)
+    }
+
+    @MainActor
+    func test_sessionKeepaliveStartLogsActualIntervals() {
+        var messages: [String] = []
+        let keepalive = AugmentSessionKeepalive { message in
+            messages.append(message)
+        }
+
+        keepalive.start()
+        defer { keepalive.stop() }
+
+        XCTAssertTrue(messages.contains { $0.contains("Check interval: 60s (1 minute)") })
+        XCTAssertTrue(messages.contains { $0.contains("Refresh buffer: 300s (5 minutes before expiry)") })
+        XCTAssertTrue(messages.contains { $0.contains("Min refresh interval: 60s (1 minute)") })
+        XCTAssertFalse(messages.contains { $0.contains("every 5 minutes") })
+        XCTAssertFalse(messages.contains { $0.contains("2 minutes") })
+    }
+
+    func test_debugRawProbe_returnsFormattedOutput() async throws {
         // Given: A probe instance
-        let probe = AugmentStatusProbe()
+        let probe = try self.failingProbe()
 
         // When: We call debugRawProbe
-        let output = await probe.debugRawProbe()
+        let output = await probe.debugRawProbe(cookieHeaderOverride: "session=test")
 
         // Then: The output should contain expected debug information
         XCTAssertTrue(output.contains("=== Augment Debug Probe @"), "Should contain debug header")
@@ -29,10 +50,10 @@ final class AugmentStatusProbeTests: XCTestCase {
 
     func test_debugRawProbe_capturesFailureInDumps() async throws {
         // Given: A probe with an invalid base URL that will fail
-        let invalidProbe = try AugmentStatusProbe(baseURL: XCTUnwrap(URL(string: "https://invalid.example.com")))
+        let invalidProbe = try self.failingProbe()
 
         // When: We call debugRawProbe which should fail
-        let output = await invalidProbe.debugRawProbe()
+        let output = await invalidProbe.debugRawProbe(cookieHeaderOverride: "session=test")
 
         // Then: The output should indicate failure
         XCTAssertTrue(output.contains("Probe Failed"), "Should contain failure message")
@@ -45,11 +66,11 @@ final class AugmentStatusProbeTests: XCTestCase {
 
     func test_latestDumps_maintainsRingBuffer() async throws {
         // Given: Multiple failed probes to fill the ring buffer
-        let invalidProbe = try AugmentStatusProbe(baseURL: XCTUnwrap(URL(string: "https://invalid.example.com")))
+        let invalidProbe = try self.failingProbe()
 
         // When: We generate more than 5 dumps (the ring buffer size)
         for _ in 1...7 {
-            _ = await invalidProbe.debugRawProbe()
+            _ = await invalidProbe.debugRawProbe(cookieHeaderOverride: "session=test")
             // Small delay to ensure different timestamps
             try await Task.sleep(nanoseconds: 100_000_000) // 0.1 seconds
         }
@@ -60,24 +81,24 @@ final class AugmentStatusProbeTests: XCTestCase {
         XCTAssertLessThanOrEqual(separatorCount, 5, "Should maintain at most 5 dumps in ring buffer")
     }
 
-    func test_debugRawProbe_includesTimestamp() async {
+    func test_debugRawProbe_includesTimestamp() async throws {
         // Given: A probe instance
-        let probe = AugmentStatusProbe()
+        let probe = try self.failingProbe()
 
         // When: We call debugRawProbe
-        let output = await probe.debugRawProbe()
+        let output = await probe.debugRawProbe(cookieHeaderOverride: "session=test")
 
         // Then: The output should include an ISO8601 timestamp
         XCTAssertTrue(output.contains("@"), "Should contain timestamp marker")
         XCTAssertTrue(output.contains("==="), "Should contain debug header markers")
     }
 
-    func test_debugRawProbe_includesCreditsBalance() async {
+    func test_debugRawProbe_includesCreditsBalance() async throws {
         // Given: A probe instance
-        let probe = AugmentStatusProbe()
+        let probe = try self.failingProbe()
 
         // When: We call debugRawProbe
-        let output = await probe.debugRawProbe()
+        let output = await probe.debugRawProbe(cookieHeaderOverride: "session=test")
 
         // Then: The output should mention credits balance (either in success or failure)
         XCTAssertTrue(
@@ -85,6 +106,44 @@ final class AugmentStatusProbeTests: XCTestCase {
             "Should contain credits information or failure message")
     }
 
+    func test_creditsLimit_prefersUsageUnitsAvailable() throws {
+        let response = try JSONDecoder().decode(AugmentCreditsResponse.self, from: Data("""
+        {
+          "usageUnitsRemaining": 15,
+          "usageUnitsConsumedThisBillingCycle": 10,
+          "usageUnitsAvailable": 100,
+          "usageBalanceStatus": "active"
+        }
+        """.utf8))
+
+        XCTAssertEqual(response.creditsLimit, 100)
+    }
+
+    func test_creditsLimit_fallsBackToRemainingPlusConsumedWhenAvailableMissing() throws {
+        let response = try JSONDecoder().decode(AugmentCreditsResponse.self, from: Data("""
+        {
+          "usageUnitsRemaining": 15,
+          "usageUnitsConsumedThisBillingCycle": 10,
+          "usageBalanceStatus": "active"
+        }
+        """.utf8))
+
+        XCTAssertEqual(response.creditsLimit, 25)
+    }
+
+    func test_creditsLimit_ignoresZeroAvailableValue() throws {
+        let response = try JSONDecoder().decode(AugmentCreditsResponse.self, from: Data("""
+        {
+          "usageUnitsRemaining": 15,
+          "usageUnitsConsumedThisBillingCycle": 10,
+          "usageUnitsAvailable": 0,
+          "usageBalanceStatus": "active"
+        }
+        """.utf8))
+
+        XCTAssertEqual(response.creditsLimit, 25)
+    }
+
     // MARK: - Cookie Domain Filtering Tests
 
     func test_cookieDomainMatching_exactMatch() throws {
diff --git a/Tests/CodexBarTests/AzureOpenAIUsageFetcherTests.swift b/Tests/CodexBarTests/AzureOpenAIUsageFetcherTests.swift
new file mode 100644
index 000000000..24b419f2d
--- /dev/null
+++ b/Tests/CodexBarTests/AzureOpenAIUsageFetcherTests.swift
@@ -0,0 +1,227 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct AzureOpenAIUsageFetcherTests {
+    private func makeContext(environment: [String: String]) -> ProviderFetchContext {
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        return ProviderFetchContext(
+            runtime: .app,
+            sourceMode: .auto,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: environment,
+            settings: nil,
+            fetcher: UsageFetcher(environment: environment),
+            claudeFetcher: ClaudeUsageFetcher(browserDetection: browserDetection),
+            browserDetection: browserDetection)
+    }
+
+    @Test
+    func `settings reader trims env vars and normalizes endpoint`() {
+        let environment = [
+            AzureOpenAISettingsReader.apiKeyEnvironmentKey: " 'azure-key' ",
+            AzureOpenAISettingsReader.endpointEnvironmentKey: "my-resource.openai.azure.com",
+            AzureOpenAISettingsReader.deploymentNameEnvironmentKey: " \"chat-deployment\" ",
+        ]
+
+        #expect(AzureOpenAISettingsReader.apiKey(environment: environment) == "azure-key")
+        #expect(
+            AzureOpenAISettingsReader.endpoint(environment: environment)?.absoluteString ==
+                "https://my-resource.openai.azure.com")
+        #expect(AzureOpenAISettingsReader.deploymentName(environment: environment) == "chat-deployment")
+        #expect(AzureOpenAISettingsReader.apiVersion(environment: [:]) == AzureOpenAISettingsReader.defaultAPIVersion)
+    }
+
+    @Test
+    func `missing deployment config returns precise provider error`() async {
+        let descriptor = ProviderDescriptorRegistry.descriptor(for: .azureopenai)
+        let outcome = await descriptor.fetchPlan.fetchOutcome(
+            context: self.makeContext(environment: [
+                AzureOpenAISettingsReader.apiKeyEnvironmentKey: "azure-key",
+                AzureOpenAISettingsReader.endpointEnvironmentKey: "https://example-resource.openai.azure.com",
+            ]),
+            provider: .azureopenai)
+
+        guard case let .failure(error) = outcome.result else {
+            Issue.record("Expected missing deployment to fail")
+            return
+        }
+
+        #expect(error as? AzureOpenAIUsageError == .missingDeploymentName)
+        #expect(error.localizedDescription.contains("deployment not configured"))
+        #expect(outcome.attempts.map(\.wasAvailable) == [true])
+    }
+
+    @Test
+    func `fetcher validates deployment with chat completions request`() async throws {
+        let endpoint = try #require(URL(string: "https://example-resource.openai.azure.com"))
+        let updatedAt = Date(timeIntervalSince1970: 1_800_000_000)
+        let transport = ProviderHTTPTransportStub { request in
+            #expect(request.httpMethod == "POST")
+            #expect(request.url?.path == "/openai/deployments/chat-prod/chat/completions")
+            #expect(request.url?.query == "api-version=2024-10-21")
+            #expect(request.value(forHTTPHeaderField: "api-key") == "azure-key")
+            #expect(request.value(forHTTPHeaderField: "Accept") == "application/json")
+            #expect(request.value(forHTTPHeaderField: "Content-Type") == "application/json")
+
+            let body = try #require(request.httpBody)
+            let json = try #require(JSONSerialization.jsonObject(with: body) as? [String: Any])
+            #expect(json["max_tokens"] as? Int == 1)
+            #expect(json["temperature"] == nil)
+            let messages = try #require(json["messages"] as? [[String: String]])
+            #expect(messages.first?["content"] == "ping")
+
+            let response = try HTTPURLResponse(
+                url: #require(request.url),
+                statusCode: 200,
+                httpVersion: "HTTP/1.1",
+                headerFields: ["Content-Type": "application/json"])!
+            return (Data(#"{"id":"cmpl-1","model":"gpt-4o-mini"}"#.utf8), response)
+        }
+
+        let snapshot = try await AzureOpenAIUsageFetcher.fetchUsage(
+            apiKey: "azure-key",
+            endpoint: endpoint,
+            deploymentName: "chat-prod",
+            transport: transport,
+            updatedAt: updatedAt)
+
+        #expect(snapshot.endpointHost == "example-resource.openai.azure.com")
+        #expect(snapshot.deploymentName == "chat-prod")
+        #expect(snapshot.model == "gpt-4o-mini")
+        #expect(snapshot.apiVersion == AzureOpenAISettingsReader.defaultAPIVersion)
+        #expect(snapshot.updatedAt == updatedAt)
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.identity?.providerID == .azureopenai)
+        #expect(usage.identity?.accountOrganization == "example-resource.openai.azure.com")
+        #expect(usage.identity?.loginMethod == "Deployment: chat-prod")
+        #expect(usage.primary?.resetDescription == "Deployment: chat-prod · Model: gpt-4o-mini")
+    }
+
+    @Test
+    func `chat completions URL preserves endpoint path and deployment escaping`() throws {
+        let endpoint = try #require(URL(string: "https://proxy.example.com/base"))
+        let url = try AzureOpenAIUsageFetcher._chatCompletionsURLForTesting(
+            endpoint: endpoint,
+            deploymentName: "chat prod",
+            apiVersion: "2024-10-21")
+
+        #expect(
+            url.absoluteString ==
+                "https://proxy.example.com/base/openai/deployments/chat%20prod/chat/completions?api-version=2024-10-21")
+    }
+
+    @Test
+    func `chat completions URL does not duplicate openai endpoint suffix`() throws {
+        let endpoint = try #require(URL(string: "https://proxy.example.com/base/openai"))
+        let url = try AzureOpenAIUsageFetcher._chatCompletionsURLForTesting(
+            endpoint: endpoint,
+            deploymentName: "chat-prod",
+            apiVersion: "2024-10-21")
+
+        #expect(
+            url.absoluteString ==
+                "https://proxy.example.com/base/openai/deployments/chat-prod/chat/completions?api-version=2024-10-21")
+    }
+
+    @Test
+    func `v1 API validates with OpenAI compatible path and model field`() async throws {
+        let endpoint = try #require(URL(string: "https://example-resource.openai.azure.com"))
+        let transport = ProviderHTTPTransportStub { request in
+            #expect(request.httpMethod == "POST")
+            #expect(
+                request.url?.absoluteString ==
+                    "https://example-resource.openai.azure.com/openai/v1/chat/completions")
+            #expect(request.value(forHTTPHeaderField: "api-key") == "azure-key")
+
+            let body = try #require(request.httpBody)
+            let json = try #require(JSONSerialization.jsonObject(with: body) as? [String: Any])
+            #expect(json["model"] as? String == "chat-prod")
+            #expect(json["max_completion_tokens"] as? Int == 1)
+            #expect(json["max_tokens"] == nil)
+            #expect(json["temperature"] == nil)
+
+            let response = try HTTPURLResponse(
+                url: #require(request.url),
+                statusCode: 200,
+                httpVersion: "HTTP/1.1",
+                headerFields: ["Content-Type": "application/json"])!
+            return (Data(#"{"id":"cmpl-1","model":"gpt-4o-mini"}"#.utf8), response)
+        }
+
+        let snapshot = try await AzureOpenAIUsageFetcher.fetchUsage(
+            apiKey: "azure-key",
+            endpoint: endpoint,
+            deploymentName: "chat-prod",
+            apiVersion: "v1",
+            transport: transport)
+
+        #expect(snapshot.apiVersion == "v1")
+        #expect(snapshot.deploymentName == "chat-prod")
+        #expect(snapshot.model == "gpt-4o-mini")
+    }
+
+    @Test
+    func `v1 API accepts documented openai v1 base URL`() throws {
+        let endpoint = try #require(URL(string: "https://example-resource.openai.azure.com/openai/v1"))
+        let url = try AzureOpenAIUsageFetcher._chatCompletionsURLForTesting(
+            endpoint: endpoint,
+            deploymentName: "chat-prod",
+            apiVersion: "v1")
+
+        #expect(
+            url.absoluteString ==
+                "https://example-resource.openai.azure.com/openai/v1/chat/completions")
+    }
+}
+
+@MainActor
+struct AzureOpenAIMenuDescriptorTests {
+    @Test
+    func `azure openai deployment detail appears in menu`() throws {
+        let suite = "AzureOpenAIMenuDescriptorTests-menu"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings)
+        let snapshot = AzureOpenAIUsageSnapshot(
+            endpointHost: "example-resource.openai.azure.com",
+            deploymentName: "chat-prod",
+            model: "gpt-4o-mini",
+            apiVersion: "2024-10-21",
+            updatedAt: Date(timeIntervalSince1970: 1_800_000_000))
+        store._setSnapshotForTesting(snapshot.toUsageSnapshot(), provider: .azureopenai)
+
+        let descriptor = MenuDescriptor.build(
+            provider: .azureopenai,
+            store: store,
+            settings: settings,
+            account: AccountInfo(email: nil, plan: nil),
+            updateReady: false,
+            includeContextualActions: false)
+        let lines = descriptor.sections
+            .flatMap(\.entries)
+            .compactMap { entry -> String? in
+                guard case let .text(text, _) = entry else { return nil }
+                return text
+            }
+
+        #expect(lines.contains("Azure OpenAI"))
+        #expect(lines.contains("Deployment: chat-prod · Model: gpt-4o-mini"))
+    }
+}
diff --git a/Tests/CodexBarTests/BatteryDrainDiagnosticTests.swift b/Tests/CodexBarTests/BatteryDrainDiagnosticTests.swift
index 914c8aaed..a84172569 100644
--- a/Tests/CodexBarTests/BatteryDrainDiagnosticTests.swift
+++ b/Tests/CodexBarTests/BatteryDrainDiagnosticTests.swift
@@ -14,15 +14,13 @@ struct BatteryDrainDiagnosticTests {
     }
 
     private func makeStatusBarForTesting() -> NSStatusBar {
-        let env = ProcessInfo.processInfo.environment
-        if env["GITHUB_ACTIONS"] == "true" || env["CI"] == "true" {
-            return .system
-        }
-        return NSStatusBar()
+        // Use the real system status bar in tests. Creating standalone NSStatusBar instances
+        // has caused AppKit teardown crashes under swiftpm-testing-helper.
+        .system
     }
 
-    @Test("Fallback provider should not animate when all providers are disabled")
-    func fallbackProviderDoesNotAnimate() {
+    @Test
+    func `Fallback provider should not animate when all providers are disabled`() {
         self.ensureAppKitInitialized()
 
         let settings = SettingsStore(
@@ -54,6 +52,7 @@ struct BatteryDrainDiagnosticTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         #expect(
             controller.needsMenuBarIconAnimation() == false,
@@ -63,8 +62,8 @@ struct BatteryDrainDiagnosticTests {
             "Animation driver should not start for fallback provider")
     }
 
-    @Test("Enabled provider with data should not animate")
-    func enabledProviderWithDataDoesNotAnimate() {
+    @Test
+    func `Enabled provider with data should not animate`() {
         self.ensureAppKitInitialized()
 
         let settings = SettingsStore(
@@ -101,6 +100,7 @@ struct BatteryDrainDiagnosticTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         #expect(
             controller.needsMenuBarIconAnimation() == false,
@@ -110,8 +110,8 @@ struct BatteryDrainDiagnosticTests {
             "Animation driver should be nil when data is present")
     }
 
-    @Test("Enabled provider without data should animate")
-    func enabledProviderWithoutDataAnimates() {
+    @Test
+    func `Enabled provider without data should animate`() {
         self.ensureAppKitInitialized()
 
         let settings = SettingsStore(
@@ -141,9 +141,50 @@ struct BatteryDrainDiagnosticTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         #expect(
             controller.needsMenuBarIconAnimation() == true,
             "Should animate when enabled provider has no data")
     }
+
+    @Test
+    func `Enabled provider with error should not animate`() {
+        self.ensureAppKitInitialized()
+
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "BatteryDrain-ErrorStops"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+
+        let registry = ProviderRegistry.shared
+        if let meta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: meta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(
+            fetcher: fetcher,
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings)
+        store._setErrorForTesting("simulated Codex RPC timeout", provider: .codex)
+
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        #expect(store.isStale(provider: .codex) == true)
+        #expect(
+            controller.needsMenuBarIconAnimation() == false,
+            "Should not animate when provider has recorded an error")
+        #expect(controller.animationDriver == nil)
+    }
 }
diff --git a/Tests/CodexBarTests/BedrockCredentialResolverTests.swift b/Tests/CodexBarTests/BedrockCredentialResolverTests.swift
new file mode 100644
index 000000000..62db841e9
--- /dev/null
+++ b/Tests/CodexBarTests/BedrockCredentialResolverTests.swift
@@ -0,0 +1,139 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+private final class CapturedEnvironment: @unchecked Sendable {
+    private let lock = NSLock()
+    private var stored: [String: String] = [:]
+    func record(_ environment: [String: String]) {
+        self.lock.withLock { self.stored = environment }
+    }
+
+    var value: [String: String] {
+        self.lock.withLock { self.stored }
+    }
+}
+
+@Suite(.serialized)
+struct BedrockCredentialResolverTests {
+    private static let credentialsJSON = #"""
+    {"Version":1,"AccessKeyId":"AKIAPROFILE","SecretAccessKey":"profile-secret","SessionToken":"profile-token"}
+    """#
+
+    /// Fake AWS CLI runner: returns exported credentials and a profile region.
+    private func profileProvider(region: String = "ap-southeast-2") -> BedrockProfileCredentialProvider {
+        BedrockProfileCredentialProvider(awsBinaryPath: "/usr/bin/aws") { arguments, _ in
+            if arguments.contains("export-credentials") {
+                return SubprocessResult(stdout: Self.credentialsJSON, stderr: "")
+            }
+            if arguments.contains("get") {
+                return SubprocessResult(stdout: region + "\n", stderr: "")
+            }
+            return SubprocessResult(stdout: "", stderr: "")
+        }
+    }
+
+    @Test
+    func `keys mode resolves static credentials and region`() async throws {
+        let env = [
+            BedrockSettingsReader.accessKeyIDKey: "AKIAKEYS",
+            BedrockSettingsReader.secretAccessKeyKey: "keys-secret",
+            BedrockSettingsReader.regionKeys[0]: "us-west-2",
+        ]
+        let resolved = try await BedrockCredentialResolver.resolve(environment: env)
+        #expect(resolved.credentials.accessKeyID == "AKIAKEYS")
+        #expect(resolved.credentials.secretAccessKey == "keys-secret")
+        #expect(resolved.region == "us-west-2")
+    }
+
+    @Test
+    func `keys mode without credentials throws missingCredentials`() async {
+        await #expect(throws: BedrockUsageError.missingCredentials) {
+            try await BedrockCredentialResolver.resolve(environment: [:])
+        }
+    }
+
+    @Test
+    func `profile mode resolves credentials via the AWS CLI`() async throws {
+        let env = [
+            BedrockSettingsReader.authModeKey: "profile",
+            BedrockSettingsReader.profileKey: "work",
+        ]
+        let resolved = try await BedrockCredentialResolver.resolve(
+            environment: env,
+            resolveAWSBinary: { _ in "/usr/bin/aws" },
+            makeProvider: { _ in self.profileProvider() })
+        #expect(resolved.credentials.accessKeyID == "AKIAPROFILE")
+        #expect(resolved.credentials.sessionToken == "profile-token")
+        // No explicit region in env, so it is derived from the profile.
+        #expect(resolved.region == "ap-southeast-2")
+    }
+
+    @Test
+    func `profile mode prefers explicit region over the profile region`() async throws {
+        let env = [
+            BedrockSettingsReader.authModeKey: "profile",
+            BedrockSettingsReader.profileKey: "work",
+            BedrockSettingsReader.regionKeys[0]: "eu-central-1",
+        ]
+        let resolved = try await BedrockCredentialResolver.resolve(
+            environment: env,
+            resolveAWSBinary: { _ in "/usr/bin/aws" },
+            makeProvider: { _ in self.profileProvider() })
+        #expect(resolved.region == "eu-central-1")
+    }
+
+    @Test
+    func `profile mode without a profile name throws missingCredentials`() async {
+        let env = [BedrockSettingsReader.authModeKey: "profile"]
+        await #expect(throws: BedrockUsageError.missingCredentials) {
+            try await BedrockCredentialResolver.resolve(
+                environment: env,
+                resolveAWSBinary: { _ in "/usr/bin/aws" },
+                makeProvider: { _ in self.profileProvider() })
+        }
+    }
+
+    @Test
+    func `profile mode preserves source credentials but removes AWS_PROFILE for AWS CLI`() async throws {
+        let captured = CapturedEnvironment()
+        let env = [
+            BedrockSettingsReader.authModeKey: "profile",
+            BedrockSettingsReader.profileKey: "work",
+            BedrockSettingsReader.accessKeyIDKey: "AKIAINHERITED",
+            BedrockSettingsReader.secretAccessKeyKey: "inherited-secret",
+            BedrockSettingsReader.sessionTokenKey: "inherited-token",
+        ]
+        _ = try await BedrockCredentialResolver.resolve(
+            environment: env,
+            resolveAWSBinary: { _ in "/usr/bin/aws" },
+            makeProvider: { _ in
+                BedrockProfileCredentialProvider(awsBinaryPath: "/usr/bin/aws") { arguments, environment in
+                    captured.record(environment)
+                    if arguments.contains("export-credentials") {
+                        return SubprocessResult(stdout: Self.credentialsJSON, stderr: "")
+                    }
+                    return SubprocessResult(stdout: "us-east-1\n", stderr: "")
+                }
+            })
+        let seen = captured.value
+        #expect(seen[BedrockSettingsReader.accessKeyIDKey] == "AKIAINHERITED")
+        #expect(seen[BedrockSettingsReader.secretAccessKeyKey] == "inherited-secret")
+        #expect(seen[BedrockSettingsReader.sessionTokenKey] == "inherited-token")
+        #expect(seen[BedrockSettingsReader.profileKey] == nil)
+    }
+
+    @Test
+    func `profile mode without the AWS CLI throws awsCLINotFound`() async {
+        let env = [
+            BedrockSettingsReader.authModeKey: "profile",
+            BedrockSettingsReader.profileKey: "work",
+        ]
+        await #expect(throws: BedrockUsageError.awsCLINotFound) {
+            try await BedrockCredentialResolver.resolve(
+                environment: env,
+                resolveAWSBinary: { _ in nil },
+                makeProvider: { _ in self.profileProvider() })
+        }
+    }
+}
diff --git a/Tests/CodexBarTests/BedrockMenuCardTests.swift b/Tests/CodexBarTests/BedrockMenuCardTests.swift
new file mode 100644
index 000000000..60ca9b9d9
--- /dev/null
+++ b/Tests/CodexBarTests/BedrockMenuCardTests.swift
@@ -0,0 +1,53 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct BedrockMenuCardTests {
+    @Test
+    func `bedrock cost section labels latest billing day`() throws {
+        let now = Date()
+        let metadata = try #require(ProviderDefaults.metadata[.bedrock])
+        let tokenSnapshot = CostUsageTokenSnapshot(
+            sessionTokens: nil,
+            sessionCostUSD: 12.34,
+            last30DaysTokens: nil,
+            last30DaysCostUSD: 56.78,
+            historyDays: 7,
+            daily: [
+                CostUsageDailyReport.Entry(
+                    date: "2026-05-12",
+                    inputTokens: nil,
+                    outputTokens: nil,
+                    totalTokens: nil,
+                    costUSD: 12.34,
+                    modelsUsed: ["Amazon Bedrock"],
+                    modelBreakdowns: nil),
+            ],
+            updatedAt: now)
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .bedrock,
+            metadata: metadata,
+            snapshot: nil,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: tokenSnapshot,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: true,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.tokenUsage?.sessionLine == "Latest billing day (May 12): $12.34")
+        #expect(model.tokenUsage?.sessionLine.contains("Today") == false)
+        #expect(model.tokenUsage?.monthLine == "Last 7 days: $56.78")
+        #expect(model.tokenUsage?.hintLine == "AWS Cost Explorer billing can lag.")
+    }
+}
diff --git a/Tests/CodexBarTests/BedrockProfileCredentialProviderTests.swift b/Tests/CodexBarTests/BedrockProfileCredentialProviderTests.swift
new file mode 100644
index 000000000..f8861bcd2
--- /dev/null
+++ b/Tests/CodexBarTests/BedrockProfileCredentialProviderTests.swift
@@ -0,0 +1,93 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct BedrockProfileCredentialProviderTests {
+    private func provider(
+        stdout: String = "",
+        stderr: String = "",
+        throwsNonZero: Bool = false) -> BedrockProfileCredentialProvider
+    {
+        BedrockProfileCredentialProvider(awsBinaryPath: "/usr/bin/aws") { _, _ in
+            if throwsNonZero {
+                throw SubprocessRunnerError.nonZeroExit(code: 1, stderr: stderr)
+            }
+            return SubprocessResult(stdout: stdout, stderr: stderr)
+        }
+    }
+
+    @Test
+    func `parses export-credentials json with session token`() async throws {
+        let json = """
+        {"Version":1,"AccessKeyId":"AKIA","SecretAccessKey":"secret",\
+        "SessionToken":"token","Expiration":"2026-05-27T12:00:00Z"}
+        """
+        let creds = try await provider(stdout: json).exportCredentials(profile: "work")
+        #expect(creds.accessKeyID == "AKIA")
+        #expect(creds.secretAccessKey == "secret")
+        #expect(creds.sessionToken == "token")
+    }
+
+    @Test
+    func `parses export-credentials json without session token`() async throws {
+        let json = #"{"Version":1,"AccessKeyId":"AKIA","SecretAccessKey":"secret"}"#
+        let creds = try await provider(stdout: json).exportCredentials(profile: "work")
+        #expect(creds.accessKeyID == "AKIA")
+        #expect(creds.sessionToken == nil)
+    }
+
+    @Test
+    func `maps expired SSO stderr to profileSessionExpired`() async {
+        let stderr = "The SSO session associated with this profile has expired. " +
+            "To refresh this SSO session run aws sso login with the corresponding profile."
+        let sut = self.provider(stderr: stderr, throwsNonZero: true)
+        await #expect(throws: BedrockUsageError.profileSessionExpired("work")) {
+            try await sut.exportCredentials(profile: "work")
+        }
+    }
+
+    @Test
+    func `maps other non-zero exit to apiError`() async {
+        let sut = self.provider(stderr: "The config profile (work) could not be found", throwsNonZero: true)
+        do {
+            _ = try await sut.exportCredentials(profile: "work")
+            Issue.record("expected an error")
+        } catch let error as BedrockUsageError {
+            if case .apiError = error { } else { Issue.record("expected apiError, got \(error)") }
+        } catch {
+            Issue.record("unexpected error type: \(error)")
+        }
+    }
+
+    @Test
+    func `malformed json throws parseFailed`() async {
+        let sut = self.provider(stdout: "not json")
+        do {
+            _ = try await sut.exportCredentials(profile: "work")
+            Issue.record("expected an error")
+        } catch let error as BedrockUsageError {
+            if case .parseFailed = error { } else { Issue.record("expected parseFailed, got \(error)") }
+        } catch {
+            Issue.record("unexpected error type: \(error)")
+        }
+    }
+
+    @Test
+    func `resolveRegion returns trimmed value`() async throws {
+        let region = try await provider(stdout: "eu-west-1\n").resolveRegion(profile: "work")
+        #expect(region == "eu-west-1")
+    }
+
+    @Test
+    func `resolveRegion returns nil when unset (non-zero exit)`() async throws {
+        let region = try await provider(throwsNonZero: true).resolveRegion(profile: "work")
+        #expect(region == nil)
+    }
+
+    @Test
+    func `resolveRegion returns nil for empty output`() async throws {
+        let region = try await provider(stdout: "\n").resolveRegion(profile: "work")
+        #expect(region == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/BedrockSettingsFlowTests.swift b/Tests/CodexBarTests/BedrockSettingsFlowTests.swift
new file mode 100644
index 000000000..526eeb80f
--- /dev/null
+++ b/Tests/CodexBarTests/BedrockSettingsFlowTests.swift
@@ -0,0 +1,103 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+@MainActor
+struct BedrockSettingsFlowTests {
+    @Test
+    func `settings store maps Bedrock credentials into provider environment`() throws {
+        let suite = "BedrockSettingsFlowTests-settings-\(UUID().uuidString)"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        settings.bedrockAccessKeyID = "AKIATEST"
+        settings.bedrockSecretAccessKey = "secret"
+        settings.bedrockRegion = "us-west-2"
+
+        let config = try #require(settings.providerConfig(for: .bedrock))
+        #expect(config.sanitizedAPIKey == "AKIATEST")
+        #expect(config.sanitizedSecretKey == "secret")
+        #expect(config.sanitizedCookieHeader == nil)
+        #expect(config.sanitizedRegion == "us-west-2")
+
+        let env = ProviderRegistry.makeEnvironment(
+            base: [:],
+            provider: .bedrock,
+            settings: settings,
+            tokenOverride: nil)
+
+        #expect(env[BedrockSettingsReader.accessKeyIDKey] == "AKIATEST")
+        #expect(env[BedrockSettingsReader.secretAccessKeyKey] == "secret")
+        #expect(env[BedrockSettingsReader.regionKeys[0]] == "us-west-2")
+        #expect(BedrockSettingsReader.hasCredentials(environment: env))
+        #expect(BedrockProviderImplementation().isAvailable(context: ProviderAvailabilityContext(
+            provider: .bedrock,
+            settings: settings,
+            environment: env)))
+    }
+
+    @Test
+    func `bedrock availability requires secret access key`() throws {
+        let suite = "BedrockSettingsFlowTests-missing-secret-\(UUID().uuidString)"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        settings.bedrockAccessKeyID = "AKIATEST"
+
+        let env = ProviderRegistry.makeEnvironment(
+            base: [:],
+            provider: .bedrock,
+            settings: settings,
+            tokenOverride: nil)
+
+        #expect(env[BedrockSettingsReader.accessKeyIDKey] == "AKIATEST")
+        #expect(env[BedrockSettingsReader.secretAccessKeyKey] == nil)
+        #expect(!BedrockProviderImplementation().isAvailable(context: ProviderAvailabilityContext(
+            provider: .bedrock,
+            settings: settings,
+            environment: env)))
+    }
+
+    @Test
+    func `profile mode maps profile into provider environment and is available`() throws {
+        let suite = "BedrockSettingsFlowTests-profile-\(UUID().uuidString)"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        settings.bedrockAuthMode = BedrockAuthMode.profile.rawValue
+        settings.bedrockProfile = "work"
+
+        let config = try #require(settings.providerConfig(for: .bedrock))
+        #expect(config.sanitizedAWSAuthMode == "profile")
+        #expect(config.sanitizedAWSProfile == "work")
+
+        let env = ProviderRegistry.makeEnvironment(
+            base: [:],
+            provider: .bedrock,
+            settings: settings,
+            tokenOverride: nil)
+
+        #expect(env[BedrockSettingsReader.authModeKey] == "profile")
+        #expect(env[BedrockSettingsReader.profileKey] == "work")
+        #expect(env[BedrockSettingsReader.accessKeyIDKey] == nil)
+        #expect(BedrockSettingsReader.hasCredentials(environment: env))
+    }
+}
diff --git a/Tests/CodexBarTests/BedrockSettingsReaderTests.swift b/Tests/CodexBarTests/BedrockSettingsReaderTests.swift
new file mode 100644
index 000000000..e8a119a1c
--- /dev/null
+++ b/Tests/CodexBarTests/BedrockSettingsReaderTests.swift
@@ -0,0 +1,50 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct BedrockSettingsReaderTests {
+    @Test
+    func `default auth mode is keys`() {
+        #expect(BedrockSettingsReader.authMode(environment: [:]) == .keys)
+    }
+
+    @Test
+    func `explicit profile auth mode wins`() {
+        let env = ["CODEXBAR_BEDROCK_AUTH_MODE": "profile"]
+        #expect(BedrockSettingsReader.authMode(environment: env) == .profile)
+    }
+
+    @Test
+    func `AWS_PROFILE without keys implies profile mode`() {
+        let env = ["AWS_PROFILE": "work"]
+        #expect(BedrockSettingsReader.authMode(environment: env) == .profile)
+        #expect(BedrockSettingsReader.profile(environment: env) == "work")
+    }
+
+    @Test
+    func `AWS_PROFILE alongside static keys keeps keys mode`() {
+        let env = [
+            "AWS_PROFILE": "work",
+            "AWS_ACCESS_KEY_ID": "AKIA",
+            "AWS_SECRET_ACCESS_KEY": "secret",
+        ]
+        #expect(BedrockSettingsReader.authMode(environment: env) == .keys)
+    }
+
+    @Test
+    func `hasCredentials in profile mode requires a profile name`() {
+        let withProfile = ["CODEXBAR_BEDROCK_AUTH_MODE": "profile", "AWS_PROFILE": "work"]
+        let withoutProfile = ["CODEXBAR_BEDROCK_AUTH_MODE": "profile"]
+        #expect(BedrockSettingsReader.hasCredentials(environment: withProfile))
+        #expect(!BedrockSettingsReader.hasCredentials(environment: withoutProfile))
+    }
+
+    @Test
+    func `hasCredentials in keys mode requires both keys`() {
+        let both = ["AWS_ACCESS_KEY_ID": "AKIA", "AWS_SECRET_ACCESS_KEY": "secret"]
+        let onlyAccess = ["AWS_ACCESS_KEY_ID": "AKIA"]
+        #expect(BedrockSettingsReader.hasCredentials(environment: both))
+        #expect(!BedrockSettingsReader.hasCredentials(environment: onlyAccess))
+    }
+}
diff --git a/Tests/CodexBarTests/BedrockUsageStatsTests.swift b/Tests/CodexBarTests/BedrockUsageStatsTests.swift
new file mode 100644
index 000000000..44e15913c
--- /dev/null
+++ b/Tests/CodexBarTests/BedrockUsageStatsTests.swift
@@ -0,0 +1,340 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct BedrockUsageStatsTests {
+    @Test
+    func `to usage snapshot with budget shows primary window`() {
+        let snapshot = BedrockUsageSnapshot(
+            monthlySpend: 50,
+            monthlyBudget: 200,
+            inputTokens: 1_500_000,
+            outputTokens: 500_000,
+            region: "us-east-1",
+            updatedAt: Date(timeIntervalSince1970: 1_739_841_600))
+
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.primary?.usedPercent == 25)
+        #expect(usage.primary?.resetDescription == "Monthly budget")
+        #expect(usage.primary?.resetsAt != nil)
+        #expect(usage.providerCost?.used == 50)
+        #expect(usage.providerCost?.limit == 200)
+        #expect(usage.providerCost?.currencyCode == "USD")
+        #expect(usage.providerCost?.period == "Monthly")
+        #expect(usage.identity?.providerID == .bedrock)
+        #expect(usage.identity?.loginMethod?.contains("Spend: $50.00") == true)
+    }
+
+    @Test
+    func `to usage snapshot without budget omits primary window`() {
+        let snapshot = BedrockUsageSnapshot(
+            monthlySpend: 75.5,
+            monthlyBudget: nil,
+            region: "us-west-2",
+            updatedAt: Date(timeIntervalSince1970: 1_739_841_600))
+
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.primary == nil)
+        #expect(usage.providerCost?.used == 75.5)
+        #expect(usage.providerCost?.limit == 0)
+    }
+
+    @Test
+    func `settings reader parses credentials from environment`() {
+        let env = [
+            "AWS_ACCESS_KEY_ID": "AKIAIOSFODNN7EXAMPLE",
+            "AWS_SECRET_ACCESS_KEY": "secret",
+            "AWS_REGION": "eu-west-1",
+            "CODEXBAR_BEDROCK_BUDGET": "500",
+        ]
+
+        #expect(BedrockSettingsReader.accessKeyID(environment: env) == "AKIAIOSFODNN7EXAMPLE")
+        #expect(BedrockSettingsReader.secretAccessKey(environment: env) == "secret")
+        #expect(BedrockSettingsReader.region(environment: env) == "eu-west-1")
+        #expect(BedrockSettingsReader.budget(environment: env) == 500)
+        #expect(BedrockSettingsReader.hasCredentials(environment: env))
+    }
+
+    @Test
+    func `settings reader requires both credential fields`() {
+        #expect(!BedrockSettingsReader.hasCredentials(environment: [:]))
+        #expect(!BedrockSettingsReader.hasCredentials(environment: [
+            "AWS_ACCESS_KEY_ID": "AKIATEST",
+        ]))
+        #expect(!BedrockSettingsReader.hasCredentials(environment: [
+            "AWS_SECRET_ACCESS_KEY": "secret",
+        ]))
+    }
+
+    @Test
+    func `cost explorer response parsing extracts total`() async throws {
+        let registered = URLProtocol.registerClass(BedrockStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(BedrockStubURLProtocol.self)
+            }
+            BedrockStubURLProtocol.handler = nil
+        }
+
+        BedrockStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            let body = """
+            {
+                "ResultsByTime": [
+                    {
+                        "TimePeriod": {"Start": "2026-04-01", "End": "2026-04-06"},
+                        "Groups": [
+                            {
+                                "Keys": ["Claude Opus (Bedrock Edition)"],
+                                "Metrics": {"UnblendedCost": {"Amount": "30.00", "Unit": "USD"}}
+                            },
+                            {
+                                "Keys": ["Claude Sonnet (Bedrock Edition)"],
+                                "Metrics": {"UnblendedCost": {"Amount": "12.50", "Unit": "USD"}}
+                            },
+                            {
+                                "Keys": ["Amazon EC2"],
+                                "Metrics": {"UnblendedCost": {"Amount": "5.00", "Unit": "USD"}}
+                            }
+                        ]
+                    }
+                ]
+            }
+            """
+            return Self.makeResponse(url: url, body: body, statusCode: 200)
+        }
+
+        let credentials = BedrockAWSSigner.Credentials(
+            accessKeyID: "AKIATEST",
+            secretAccessKey: "testSecret",
+            sessionToken: nil)
+
+        let usage = try await BedrockUsageFetcher.fetchUsage(
+            credentials: credentials,
+            region: "us-east-1",
+            budget: 100,
+            environment: ["CODEXBAR_BEDROCK_API_URL": "https://bedrock.test"])
+
+        #expect(usage.monthlySpend == 42.50)
+        #expect(usage.monthlyBudget == 100)
+        #expect(usage.region == "us-east-1")
+    }
+
+    @Test
+    func `cost explorer pagination aggregates monthly total`() async throws {
+        let registered = URLProtocol.registerClass(BedrockStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(BedrockStubURLProtocol.self)
+            }
+            BedrockStubURLProtocol.handler = nil
+        }
+
+        let responses = BedrockStubResponseQueue([
+            """
+            {
+                "NextPageToken": "page-2",
+                "ResultsByTime": [
+                    {
+                        "TimePeriod": {"Start": "2026-04-01", "End": "2026-04-06"},
+                        "Groups": [
+                            {
+                                "Keys": ["Amazon EC2"],
+                                "Metrics": {"UnblendedCost": {"Amount": "5.00", "Unit": "USD"}}
+                            }
+                        ]
+                    }
+                ]
+            }
+            """,
+            """
+            {
+                "ResultsByTime": [
+                    {
+                        "TimePeriod": {"Start": "2026-04-01", "End": "2026-04-06"},
+                        "Groups": [
+                            {
+                                "Keys": ["Amazon Bedrock"],
+                                "Metrics": {"UnblendedCost": {"Amount": "12.00", "Unit": "USD"}}
+                            },
+                            {
+                                "Keys": ["Claude Sonnet (Bedrock Edition)"],
+                                "Metrics": {"UnblendedCost": {"Amount": "8.00", "Unit": "USD"}}
+                            }
+                        ]
+                    }
+                ]
+            }
+            """,
+        ])
+        BedrockStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            return responses.next(url: url)
+        }
+
+        let credentials = BedrockAWSSigner.Credentials(
+            accessKeyID: "AKIATEST",
+            secretAccessKey: "testSecret",
+            sessionToken: nil)
+
+        let usage = try await BedrockUsageFetcher.fetchUsage(
+            credentials: credentials,
+            region: "us-east-1",
+            budget: nil,
+            environment: [BedrockSettingsReader.apiURLKey: "https://bedrock.test"])
+
+        #expect(usage.monthlySpend == 20)
+        #expect(responses.remainingCount == 0)
+    }
+
+    @Test
+    func `cost usage fetcher uses provided bedrock environment`() async throws {
+        let registered = URLProtocol.registerClass(BedrockStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(BedrockStubURLProtocol.self)
+            }
+            BedrockStubURLProtocol.handler = nil
+        }
+
+        let responses = BedrockStubResponseQueue([
+            """
+            {
+                "NextPageToken": "daily-page-2",
+                "ResultsByTime": [
+                    {
+                        "TimePeriod": {"Start": "2025-12-10", "End": "2025-12-11"},
+                        "Groups": [
+                            {
+                                "Keys": ["Amazon EC2"],
+                                "Metrics": {"UnblendedCost": {"Amount": "5.00", "Unit": "USD"}}
+                            }
+                        ]
+                    }
+                ]
+            }
+            """,
+            """
+            {
+                "ResultsByTime": [
+                    {
+                        "TimePeriod": {"Start": "2025-12-10", "End": "2025-12-11"},
+                        "Groups": [
+                            {
+                                "Keys": ["Amazon Bedrock"],
+                                "Metrics": {"UnblendedCost": {"Amount": "7.25", "Unit": "USD"}}
+                            }
+                        ]
+                    }
+                ]
+            }
+            """,
+        ])
+        BedrockStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            return responses.next(url: url)
+        }
+
+        let snapshot = try await CostUsageFetcher().loadTokenSnapshot(
+            provider: .bedrock,
+            environment: [
+                BedrockSettingsReader.accessKeyIDKey: "AKIATEST",
+                BedrockSettingsReader.secretAccessKeyKey: "testSecret",
+                BedrockSettingsReader.apiURLKey: "https://bedrock.test",
+            ],
+            now: Date(timeIntervalSince1970: 1_765_324_800))
+
+        #expect(snapshot.last30DaysCostUSD == 7.25)
+        #expect(snapshot.sessionCostUSD == 7.25)
+        #expect(snapshot.daily.map(\.date) == ["2025-12-10"])
+        #expect(responses.remainingCount == 0)
+    }
+
+    @Test
+    func `current month range uses UTC calendar`() throws {
+        let originalTimeZone = NSTimeZone.default
+        NSTimeZone.default = TimeZone(secondsFromGMT: 14 * 60 * 60)!
+        defer {
+            NSTimeZone.default = originalTimeZone
+        }
+
+        let now = try #require(ISO8601DateFormatter().date(from: "2026-05-10T12:00:00Z"))
+        let range = BedrockUsageFetcher.currentMonthRange(now: now)
+
+        #expect(range.start == "2026-05-01")
+        #expect(range.end == "2026-05-11")
+    }
+
+    private final class BedrockStubResponseQueue {
+        private let lock = NSLock()
+        private var bodies: [String]
+
+        init(_ bodies: [String]) {
+            self.bodies = bodies
+        }
+
+        var remainingCount: Int {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            return self.bodies.count
+        }
+
+        func next(url: URL) -> (HTTPURLResponse, Data) {
+            self.lock.lock()
+            let body = self.bodies.isEmpty ? #"{"ResultsByTime":[]}"# : self.bodies.removeFirst()
+            self.lock.unlock()
+
+            let response = HTTPURLResponse(
+                url: url,
+                statusCode: 200,
+                httpVersion: "HTTP/1.1",
+                headerFields: ["Content-Type": "application/json"])!
+            return (response, Data(body.utf8))
+        }
+    }
+
+    private static func makeResponse(
+        url: URL,
+        body: String,
+        statusCode: Int = 200) -> (HTTPURLResponse, Data)
+    {
+        let response = HTTPURLResponse(
+            url: url,
+            statusCode: statusCode,
+            httpVersion: "HTTP/1.1",
+            headerFields: ["Content-Type": "application/json"])!
+        return (response, Data(body.utf8))
+    }
+}
+
+final class BedrockStubURLProtocol: URLProtocol {
+    nonisolated(unsafe) static var handler: ((URLRequest) throws -> (HTTPURLResponse, Data))?
+
+    override static func canInit(with request: URLRequest) -> Bool {
+        request.url?.host == "bedrock.test"
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        guard let handler = Self.handler else {
+            self.client?.urlProtocol(self, didFailWithError: URLError(.badServerResponse))
+            return
+        }
+        do {
+            let (response, data) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
+}
diff --git a/Tests/CodexBarTests/BrowserCookieOrderLabelTests.swift b/Tests/CodexBarTests/BrowserCookieOrderLabelTests.swift
index 64e6e0934..ac46fe826 100644
--- a/Tests/CodexBarTests/BrowserCookieOrderLabelTests.swift
+++ b/Tests/CodexBarTests/BrowserCookieOrderLabelTests.swift
@@ -1,22 +1,46 @@
-import CodexBarCore
 import SweetCookieKit
 import Testing
+@testable import CodexBarCore
 
-@Suite
 struct BrowserCookieOrderStatusStringTests {
     #if os(macOS)
     @Test
-    func cursorNoSessionIncludesBrowserLoginHint() {
+    func `codex cookie import order keeps firefox ahead of extra chromium browsers`() {
+        let order = ProviderDefaults.metadata[.codex]?.browserCookieOrder ?? Browser.defaultImportOrder
+        #expect(Array(order.prefix(3)) == [.safari, .chrome, .firefox])
+    }
+
+    @Test
+    func `automatic cookie import includes newly supported chromium browsers`() {
+        #expect(Browser.defaultImportOrder.contains(.comet))
+        #expect(Browser.defaultImportOrder.contains(.yandex))
+    }
+
+    @Test
+    func `cursor no session includes browser login hint`() {
         let order = ProviderDefaults.metadata[.cursor]?.browserCookieOrder ?? Browser.defaultImportOrder
         let message = CursorStatusProbeError.noSessionCookie.errorDescription ?? ""
         #expect(message.contains(order.loginHint))
     }
 
     @Test
-    func factoryNoSessionIncludesBrowserLoginHint() {
+    func `factory no session includes browser login hint`() {
         let order = ProviderDefaults.metadata[.factory]?.browserCookieOrder ?? Browser.defaultImportOrder
         let message = FactoryStatusProbeError.noSessionCookie.errorDescription ?? ""
         #expect(message.contains(order.loginHint))
     }
+
+    @Test
+    func `opencode go automatic cookies use full provider browser order`() {
+        let order = OpenCodeWebCookieSupport.automaticImportOrder(provider: .opencodego)
+        #expect(order == ProviderDefaults.metadata[.opencodego]?.browserCookieOrder)
+        #expect(order.contains(.edge))
+        #expect(order.contains(.firefox))
+    }
+
+    @Test
+    func `opencode automatic cookies keep chrome only default`() {
+        #expect(OpenCodeWebCookieSupport.automaticImportOrder(provider: .opencode) == [.chrome])
+    }
     #endif
 }
diff --git a/Tests/CodexBarTests/BrowserDetectionTests.swift b/Tests/CodexBarTests/BrowserDetectionTests.swift
index fe4f32a83..4ce346e23 100644
--- a/Tests/CodexBarTests/BrowserDetectionTests.swift
+++ b/Tests/CodexBarTests/BrowserDetectionTests.swift
@@ -1,27 +1,26 @@
-import CodexBarCore
 import Foundation
 import Testing
+@testable import CodexBarCore
 
 #if os(macOS)
 import SweetCookieKit
 
-@Suite
 struct BrowserDetectionTests {
     @Test
-    func safariAlwaysInstalled() {
+    func `safari always installed`() {
         #expect(BrowserDetection(cacheTTL: 0).isAppInstalled(.safari) == true)
         #expect(BrowserDetection(cacheTTL: 0).isCookieSourceAvailable(.safari) == true)
     }
 
     @Test
-    func filterInstalledIncludesSafari() {
+    func `filter installed includes safari`() {
         let detection = BrowserDetection(cacheTTL: 0)
         let browsers: [Browser] = [.safari, .chrome, .firefox]
         #expect(browsers.cookieImportCandidates(using: detection).contains(.safari))
     }
 
     @Test
-    func filterPreservesOrder() {
+    func `filter preserves order`() {
         BrowserCookieAccessGate.resetForTesting()
 
         let temp = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
@@ -46,7 +45,7 @@ struct BrowserDetectionTests {
     }
 
     @Test
-    func chromeRequiresProfileData() throws {
+    func `chrome requires profile data`() throws {
         let temp = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
         try FileManager.default.createDirectory(at: temp, withIntermediateDirectories: true)
         defer { try? FileManager.default.removeItem(at: temp) }
@@ -69,7 +68,66 @@ struct BrowserDetectionTests {
     }
 
     @Test
-    func diaRequiresProfileData() throws {
+    func `process filters chromium candidates despite false global keychain override`() throws {
+        guard ProcessInfo.processInfo.environment["CODEXBAR_ALLOW_TEST_KEYCHAIN_ACCESS"] != "1" else { return }
+        KeychainAccessGate.resetOverrideForTesting()
+        defer { KeychainAccessGate.resetOverrideForTesting() }
+
+        KeychainAccessGate.isDisabled = false
+
+        let temp = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+        try FileManager.default.createDirectory(at: temp, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: temp) }
+
+        let profile = temp
+            .appendingPathComponent("Library")
+            .appendingPathComponent("Application Support")
+            .appendingPathComponent("Google")
+            .appendingPathComponent("Chrome")
+            .appendingPathComponent("Default")
+        try FileManager.default.createDirectory(at: profile, withIntermediateDirectories: true)
+        let cookiesDir = profile.appendingPathComponent("Network")
+        try FileManager.default.createDirectory(at: cookiesDir, withIntermediateDirectories: true)
+        FileManager.default.createFile(atPath: cookiesDir.appendingPathComponent("Cookies").path, contents: Data())
+
+        let detection = BrowserDetection(homeDirectory: temp.path, cacheTTL: 0)
+        let browsers: [Browser] = [.chrome, .safari]
+        #expect(browsers.cookieImportCandidates(using: detection) == [.safari])
+    }
+
+    @Test
+    func `keychain interaction suppresses chromium cookie source during cooldown`() {
+        BrowserCookieAccessGate.resetForTesting()
+        defer { BrowserCookieAccessGate.resetForTesting() }
+
+        let start = Date(timeIntervalSince1970: 1000)
+        var preflightCount = 0
+
+        KeychainAccessGate.withTaskOverrideForTesting(false) {
+            KeychainAccessPreflight.withCheckGenericPasswordOverrideForTesting { _, _ in
+                preflightCount += 1
+                return .interactionRequired
+            } operation: {
+                #expect(BrowserCookieAccessGate.shouldAttempt(.chrome, now: start) == false)
+            }
+
+            KeychainAccessPreflight.withCheckGenericPasswordOverrideForTesting { _, _ in
+                preflightCount += 1
+                return .allowed
+            } operation: {
+                #expect(BrowserCookieAccessGate.shouldAttempt(.chrome, now: start.addingTimeInterval(60)) == false)
+                #expect(
+                    BrowserCookieAccessGate.shouldAttempt(
+                        .chrome,
+                        now: start.addingTimeInterval((60 * 60 * 6) + 1)) == true)
+            }
+        }
+
+        #expect(preflightCount == 2)
+    }
+
+    @Test
+    func `dia requires profile data`() throws {
         let temp = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
         try FileManager.default.createDirectory(at: temp, withIntermediateDirectories: true)
         defer { try? FileManager.default.removeItem(at: temp) }
@@ -92,7 +150,7 @@ struct BrowserDetectionTests {
     }
 
     @Test
-    func firefoxRequiresDefaultProfileDir() throws {
+    func `firefox requires default profile dir`() throws {
         let temp = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
         try FileManager.default.createDirectory(at: temp, withIntermediateDirectories: true)
         defer { try? FileManager.default.removeItem(at: temp) }
@@ -114,7 +172,7 @@ struct BrowserDetectionTests {
     }
 
     @Test
-    func zenAcceptsUppercaseDefaultProfileDir() throws {
+    func `zen accepts uppercase default profile dir`() throws {
         let temp = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
         try FileManager.default.createDirectory(at: temp, withIntermediateDirectories: true)
         defer { try? FileManager.default.removeItem(at: temp) }
@@ -138,15 +196,14 @@ struct BrowserDetectionTests {
 
 #else
 
-@Suite
 struct BrowserDetectionTests {
     @Test
-    func nonMacOSReturnsNoBrowsers() {
+    func `non mac OS returns no browsers`() {
         #expect(BrowserDetection(cacheTTL: 0).isCookieSourceAvailable(Browser()) == false)
     }
 
     @Test
-    func nonMacOSFilterReturnsEmpty() {
+    func `non mac OS filter returns empty`() {
         let detection = BrowserDetection(cacheTTL: 0)
         let browsers = [Browser(), Browser()]
         #expect(browsers.cookieImportCandidates(using: detection).isEmpty == true)
diff --git a/Tests/CodexBarTests/CLIArgumentParsingTests.swift b/Tests/CodexBarTests/CLIArgumentParsingTests.swift
index 969a2c01b..86377e8a0 100644
--- a/Tests/CodexBarTests/CLIArgumentParsingTests.swift
+++ b/Tests/CodexBarTests/CLIArgumentParsingTests.swift
@@ -3,10 +3,9 @@ import Commander
 import Testing
 @testable import CodexBarCLI
 
-@Suite
 struct CLIArgumentParsingTests {
     @Test
-    func jsonShortcutDoesNotEnableJsonLogs() throws {
+    func `json shortcut does not enable json logs`() throws {
         let signature = CodexBarCLI._usageSignatureForTesting()
         let parser = CommandParser(signature: signature)
         let parsed = try parser.parse(arguments: ["--json"])
@@ -17,7 +16,7 @@ struct CLIArgumentParsingTests {
     }
 
     @Test
-    func jsonOutputFlagEnablesJsonLogs() throws {
+    func `json output flag enables json logs`() throws {
         let signature = CodexBarCLI._usageSignatureForTesting()
         let parser = CommandParser(signature: signature)
         let parsed = try parser.parse(arguments: ["--json-output"])
@@ -28,7 +27,7 @@ struct CLIArgumentParsingTests {
     }
 
     @Test
-    func logLevelAndVerboseAreParsed() throws {
+    func `log level and verbose are parsed`() throws {
         let signature = CodexBarCLI._usageSignatureForTesting()
         let parser = CommandParser(signature: signature)
         let parsed = try parser.parse(arguments: ["--log-level", "info", "--verbose"])
@@ -38,14 +37,14 @@ struct CLIArgumentParsingTests {
     }
 
     @Test
-    func resolvedLogLevelDefaultsToError() {
+    func `resolved log level defaults to error`() {
         #expect(CodexBarCLI.resolvedLogLevel(verbose: false, rawLevel: nil) == .error)
         #expect(CodexBarCLI.resolvedLogLevel(verbose: true, rawLevel: nil) == .debug)
         #expect(CodexBarCLI.resolvedLogLevel(verbose: false, rawLevel: "info") == .info)
     }
 
     @Test
-    func formatOptionOverridesJsonShortcut() throws {
+    func `format option overrides json shortcut`() throws {
         let signature = CodexBarCLI._usageSignatureForTesting()
         let parser = CommandParser(signature: signature)
         let parsed = try parser.parse(arguments: ["--json", "--format", "text"])
@@ -56,7 +55,7 @@ struct CLIArgumentParsingTests {
     }
 
     @Test
-    func jsonOnlyEnablesJsonFormat() throws {
+    func `json only enables json format`() throws {
         let signature = CodexBarCLI._usageSignatureForTesting()
         let parser = CommandParser(signature: signature)
         let parsed = try parser.parse(arguments: ["--json-only"])
@@ -65,4 +64,24 @@ struct CLIArgumentParsingTests {
         #expect(!parsed.flags.contains("jsonOutput"))
         #expect(CodexBarCLI._decodeFormatForTesting(from: parsed) == .json)
     }
+
+    @Test
+    func `diagnose accepts json output flag but discards provider logs`() throws {
+        let signature = CodexBarCLI._diagnoseSignatureForTesting()
+        let parser = CommandParser(signature: signature)
+        let parsed = try parser.parse(arguments: [
+            "--provider", "minimax",
+            "--format", "json",
+            "--json-output",
+        ])
+
+        #expect(parsed.flags.contains("jsonOutput"))
+        let config = CodexBarCLI.loggingConfiguration(path: ["diagnose"], values: parsed)
+        switch config.destination {
+        case .discard:
+            break
+        case .stderr, .oslog:
+            Issue.record("diagnose should not emit provider logs beside the safe JSON export")
+        }
+    }
 }
diff --git a/Tests/CodexBarTests/CLICacheTests.swift b/Tests/CodexBarTests/CLICacheTests.swift
new file mode 100644
index 000000000..21ca7d869
--- /dev/null
+++ b/Tests/CodexBarTests/CLICacheTests.swift
@@ -0,0 +1,32 @@
+import Commander
+import Testing
+@testable import CodexBarCLI
+
+struct CLICacheTests {
+    @Test
+    func `cache clear parses cookies provider flags`() throws {
+        let parser = CommandParser(signature: CodexBarCLI._cacheSignatureForTesting())
+        let parsed = try parser.parse(arguments: ["--cookies", "--provider", "claude", "--json"])
+
+        #expect(parsed.flags.contains("cookies"))
+        #expect(parsed.flags.contains("jsonShortcut"))
+        #expect(parsed.options["provider"] == ["claude"])
+        #expect(CodexBarCLI._decodeFormatForTesting(from: parsed) == .json)
+    }
+
+    @Test
+    func `provider scope is rejected for cost clearing`() {
+        #expect(CodexBarCLI.cacheClearProviderScopeError(rawProvider: nil, clearCost: true) == nil)
+        #expect(CodexBarCLI.cacheClearProviderScopeError(rawProvider: "claude", clearCost: false) == nil)
+        #expect(CodexBarCLI.cacheClearProviderScopeError(rawProvider: "claude", clearCost: true)?
+            .contains("--provider only scopes cookie caches") == true)
+    }
+
+    @Test
+    func `cache help documents provider as cookie scoped`() {
+        let help = CodexBarCLI.cacheHelp(version: "0.0.0")
+
+        #expect(help.contains("--provider with --cookies"))
+        #expect(help.contains("codexbar cache clear --cookies --provider claude"))
+    }
+}
diff --git a/Tests/CodexBarTests/CLIConfigCommandTests.swift b/Tests/CodexBarTests/CLIConfigCommandTests.swift
new file mode 100644
index 000000000..e3ef3a2c6
--- /dev/null
+++ b/Tests/CodexBarTests/CLIConfigCommandTests.swift
@@ -0,0 +1,121 @@
+import CodexBarCore
+import Commander
+import Testing
+@testable import CodexBarCLI
+
+struct CLIConfigCommandTests {
+    @Test
+    func `config set api key parses provider stdin and no enable flags`() throws {
+        let parser = CommandParser(signature: CodexBarCLI._configSetAPIKeySignatureForTesting())
+        let parsed = try parser.parse(arguments: [
+            "--provider", "elevenlabs",
+            "--stdin",
+            "--no-enable",
+            "--json",
+        ])
+
+        #expect(parsed.options["provider"] == ["elevenlabs"])
+        #expect(parsed.flags.contains("stdin"))
+        #expect(parsed.flags.contains("noEnable"))
+        #expect(CodexBarCLI._decodeFormatForTesting(from: parsed) == .json)
+    }
+
+    @Test
+    func `config set api key stores key and enables provider`() {
+        let config = CodexBarConfig.makeDefault()
+        let updated = CodexBarCLI.configSettingAPIKey(
+            config,
+            provider: .elevenlabs,
+            apiKey: "xi-test-token",
+            enableProvider: true)
+        let provider = updated.providerConfig(for: .elevenlabs)
+
+        #expect(provider?.sanitizedAPIKey == "xi-test-token")
+        #expect(provider?.enabled == true)
+    }
+
+    @Test
+    func `config provider toggle parses provider and json flags`() throws {
+        let parser = CommandParser(signature: CodexBarCLI._configProviderToggleSignatureForTesting())
+        let parsed = try parser.parse(arguments: [
+            "--provider", "grok",
+            "--json",
+            "--pretty",
+        ])
+
+        #expect(parsed.options["provider"] == ["grok"])
+        #expect(CodexBarCLI._decodeFormatForTesting(from: parsed) == .json)
+        #expect(parsed.flags.contains("pretty"))
+    }
+
+    @Test
+    func `config provider toggle enables and disables provider`() {
+        let config = CodexBarConfig.makeDefault()
+        let enabled = CodexBarCLI.configSettingProviderEnabled(config, provider: .grok, enabled: true)
+        let disabled = CodexBarCLI.configSettingProviderEnabled(enabled, provider: .grok, enabled: false)
+
+        #expect(enabled.providerConfig(for: .grok)?.enabled == true)
+        #expect(disabled.providerConfig(for: .grok)?.enabled == false)
+    }
+
+    @Test
+    func `config provider status includes effective default`() throws {
+        let config = CodexBarConfig(providers: [
+            ProviderConfig(id: .grok, enabled: true),
+            ProviderConfig(id: .cursor, enabled: false),
+        ])
+        let statuses = CodexBarCLI.configProviderStatuses(config)
+        let grok = try #require(statuses.first { $0.provider == "grok" })
+        let cursor = try #require(statuses.first { $0.provider == "cursor" })
+
+        #expect(grok.enabled)
+        #expect(!cursor.enabled)
+        #expect(statuses.count == UsageProvider.allCases.count)
+    }
+
+    @Test
+    func `config set api key only accepts consumed config keys`() {
+        #expect(ProviderConfigEnvironment.supportsAPIKeyOverride(for: .elevenlabs))
+        #expect(ProviderConfigEnvironment.supportsAPIKeyOverride(for: .groq))
+        #expect(ProviderConfigEnvironment.supportsAPIKeyOverride(for: .llmproxy))
+        #expect(ProviderConfigEnvironment.supportsAPIKeyOverride(for: .openai))
+        #expect(!ProviderConfigEnvironment.supportsAPIKeyOverride(for: .bedrock))
+        #expect(!ProviderConfigEnvironment.supportsAPIKeyOverride(for: .deepseek))
+        #expect(!ProviderConfigEnvironment.supportsAPIKeyOverride(for: .cursor))
+    }
+
+    @Test
+    func `config set api key preserves disabled provider when requested`() {
+        var config = CodexBarConfig.makeDefault()
+        config.setProviderConfig(ProviderConfig(id: .elevenlabs, enabled: false))
+
+        let updated = CodexBarCLI.configSettingAPIKey(
+            config,
+            provider: .elevenlabs,
+            apiKey: "xi-test-token",
+            enableProvider: false)
+        let provider = updated.providerConfig(for: .elevenlabs)
+
+        #expect(provider?.sanitizedAPIKey == "xi-test-token")
+        #expect(provider?.enabled == false)
+    }
+
+    @Test
+    func `config set api key rejects ambiguous input`() {
+        #expect(throws: CLIArgumentError.self) {
+            try CodexBarCLI.resolveConfigAPIKeyInput(apiKey: "xi-test-token", readFromStdin: true)
+        }
+    }
+
+    @Test
+    func `config help documents set api key`() {
+        let help = CodexBarCLI.configHelp(version: "0.0.0")
+
+        #expect(help.contains("config set-api-key --provider <name>"))
+        #expect(help.contains("config providers"))
+        #expect(help.contains("config enable --provider <name>"))
+        #expect(help.contains("config disable --provider <name>"))
+        #expect(help.contains("--stdin"))
+        #expect(help.contains("enables that provider by default"))
+    }
+}
diff --git a/Tests/CodexBarTests/CLICostTests.swift b/Tests/CodexBarTests/CLICostTests.swift
index d376d383e..1b223bce5 100644
--- a/Tests/CodexBarTests/CLICostTests.swift
+++ b/Tests/CodexBarTests/CLICostTests.swift
@@ -4,10 +4,9 @@ import Foundation
 import Testing
 @testable import CodexBarCLI
 
-@Suite
 struct CLICostTests {
     @Test
-    func costJsonShortcutDoesNotEnableJsonLogs() throws {
+    func `cost json shortcut does not enable json logs`() throws {
         let signature = CodexBarCLI._costSignatureForTesting()
         let parser = CommandParser(signature: signature)
         let parsed = try parser.parse(arguments: ["--json"])
@@ -18,12 +17,13 @@ struct CLICostTests {
     }
 
     @Test
-    func rendersCostTextSnapshot() {
+    func `renders cost text snapshot`() {
         let snap = CostUsageTokenSnapshot(
             sessionTokens: 1200,
             sessionCostUSD: 1.25,
             last30DaysTokens: 9000,
             last30DaysCostUSD: 9.99,
+            historyDays: 90,
             daily: [],
             updatedAt: Date(timeIntervalSince1970: 0))
 
@@ -31,19 +31,22 @@ struct CLICostTests {
             .replacingOccurrences(of: "\u{00A0}", with: " ")
             .replacingOccurrences(of: "$ ", with: "$")
 
-        #expect(output.contains("Claude Cost (local)"))
+        #expect(output.contains("Claude Cost (API-rate estimate)"))
         #expect(output.contains("Today: $1.25 · 1.2K tokens"))
-        #expect(output.contains("Last 30 days: $9.99 · 9K tokens"))
+        #expect(output.contains("Last 90 days: $9.99 · 9K tokens"))
+        #expect(output.contains("cache read/write tokens"))
+        #expect(output.contains("Claude Code /status"))
     }
 
     @Test
-    func encodesCostPayloadJSON() throws {
+    func `encodes cost payload JSON`() throws {
         let payload = CostPayload(
             provider: "claude",
             source: "local",
             updatedAt: Date(timeIntervalSince1970: 1_700_000_000),
             sessionTokens: 100,
             sessionCostUSD: 0.5,
+            historyDays: 90,
             last30DaysTokens: 200,
             last30DaysCostUSD: 1.5,
             daily: [
@@ -57,7 +60,10 @@ struct CLICostTests {
                     costUSD: 0.01,
                     modelsUsed: ["claude-sonnet-4-20250514"],
                     modelBreakdowns: [
-                        CostModelBreakdownPayload(modelName: "claude-sonnet-4-20250514", costUSD: 0.01),
+                        CostModelBreakdownPayload(
+                            modelName: "claude-sonnet-4-20250514",
+                            costUSD: 0.01,
+                            totalTokens: 15),
                     ]),
             ],
             totals: CostTotalsPayload(
@@ -79,11 +85,71 @@ struct CLICostTests {
 
         #expect(json.contains("\"provider\":\"claude\""))
         #expect(json.contains("\"source\":\"local\""))
+        #expect(json.contains("\"historyDays\":90"))
         #expect(json.contains("\"daily\""))
         #expect(json.contains("\"totals\""))
         #expect(json.contains("\"cacheReadTokens\":2"))
         #expect(json.contains("\"cacheCreationTokens\":3"))
         #expect(json.contains("\"totalCost\""))
+        #expect(json.contains("\"totalTokens\":15"))
         #expect(json.contains("1700000000"))
     }
+
+    @Test
+    func `encodes exact codex model I ds and zero cost breakdowns`() throws {
+        let payload = CostPayload(
+            provider: "codex",
+            source: "local",
+            updatedAt: Date(timeIntervalSince1970: 1_700_000_000),
+            sessionTokens: 155,
+            sessionCostUSD: 0,
+            historyDays: 30,
+            last30DaysTokens: 155,
+            last30DaysCostUSD: 0,
+            daily: [
+                CostDailyEntryPayload(
+                    date: "2025-12-21",
+                    inputTokens: 120,
+                    outputTokens: 15,
+                    cacheReadTokens: 20,
+                    cacheCreationTokens: nil,
+                    totalTokens: 155,
+                    costUSD: 0,
+                    modelsUsed: ["gpt-5.3-codex-spark", "gpt-5.2-codex"],
+                    modelBreakdowns: [
+                        CostModelBreakdownPayload(modelName: "gpt-5.3-codex-spark", costUSD: 0, totalTokens: 15),
+                        CostModelBreakdownPayload(modelName: "gpt-5.2-codex", costUSD: 1.23, totalTokens: 140),
+                    ]),
+            ],
+            totals: CostTotalsPayload(
+                totalInputTokens: 120,
+                totalOutputTokens: 15,
+                cacheReadTokens: 20,
+                cacheCreationTokens: nil,
+                totalTokens: 155,
+                totalCostUSD: 0),
+            error: nil)
+
+        let encoder = JSONEncoder()
+        encoder.dateEncodingStrategy = .secondsSince1970
+        let data = try encoder.encode(payload)
+        guard let json = String(data: data, encoding: .utf8) else {
+            Issue.record("Failed to decode cost payload JSON")
+            return
+        }
+
+        #expect(json.contains("\"gpt-5.3-codex-spark\""))
+        #expect(json.contains("\"gpt-5.2-codex\""))
+        #expect(!json.contains("\"gpt-5.2\""))
+        #expect(json.contains("\"cost\":0"))
+        #expect(json.contains("\"totalTokens\":140"))
+    }
+
+    @Test
+    func `cost estimate hint is stable string`() {
+        let hint = UsageFormatter.costEstimateHint
+        #expect(!hint.isEmpty)
+        #expect(hint.contains("Estimated"))
+        #expect(UsageFormatter.costEstimateHint(provider: .claude).contains("cache read/write tokens"))
+    }
 }
diff --git a/Tests/CodexBarTests/CLIDiagnoseCommandTests.swift b/Tests/CodexBarTests/CLIDiagnoseCommandTests.swift
new file mode 100644
index 000000000..e2a27a7dd
--- /dev/null
+++ b/Tests/CodexBarTests/CLIDiagnoseCommandTests.swift
@@ -0,0 +1,125 @@
+import CodexBarCore
+import Testing
+@testable import CodexBarCLI
+
+struct CLIDiagnoseCommandTests {
+    @Test
+    func `diagnose help describes generic JSON export`() {
+        let help = CodexBarCLI.diagnoseHelp(version: "0.0.0")
+
+        #expect(help.contains("codexbar diagnose --provider <name|all> --format json"))
+        #expect(help.contains("codexbar diagnose --provider all --format json"))
+        #expect(help.contains("safe JSON export"))
+        #expect(help.contains("raw API tokens"))
+    }
+
+    private func makeSettingsWithMiniMaxCookie(_ manualCookieHeader: String) -> ProviderSettingsSnapshot {
+        ProviderSettingsSnapshot(
+            debugMenuEnabled: false,
+            debugKeepCLISessionsAlive: false,
+            codex: nil,
+            claude: nil,
+            cursor: nil,
+            opencode: nil,
+            opencodego: nil,
+            alibaba: nil,
+            factory: nil,
+            minimax: ProviderSettingsSnapshot.MiniMaxProviderSettings(
+                cookieSource: .manual,
+                manualCookieHeader: manualCookieHeader,
+                apiRegion: .global),
+            manus: nil,
+            zai: nil,
+            copilot: nil,
+            kilo: nil,
+            kimi: nil,
+            augment: nil,
+            amp: nil,
+            ollama: nil)
+    }
+
+    @Test
+    func `diagnose auth mode uses settings-backed MiniMax manual cookie when env token is absent`() {
+        let settings = self.makeSettingsWithMiniMaxCookie("Cookie: session_id=demo-cookie")
+
+        let authMode = CodexBarCLI._resolveMiniMaxAuthModeForTesting(
+            environment: [:],
+            settings: settings)
+
+        #expect(authMode == .cookie)
+    }
+
+    @Test
+    func `diagnose auth mode keeps apiToken precedence over settings cookie`() {
+        let settings = self.makeSettingsWithMiniMaxCookie("Cookie: session_id=demo-cookie")
+
+        let authMode = CodexBarCLI._resolveMiniMaxAuthModeForTesting(
+            environment: [MiniMaxAPISettingsReader.apiTokenKey: "sk-api-demo-token"],
+            settings: settings)
+
+        #expect(authMode == .apiToken)
+    }
+
+    @Test
+    func `generic diagnose auth summary detects provider config`() {
+        let summary = CodexBarCLI._diagnosticAuthSummaryForTesting(
+            provider: .openai,
+            account: nil,
+            config: ProviderConfig(id: .openai, apiKey: "sk-test"),
+            environment: [:],
+            settings: nil)
+
+        #expect(summary.configured)
+        #expect(summary.modes == ["api"])
+    }
+
+    @Test
+    func `generic diagnose auth summary detects provider environment credentials`() {
+        let summary = CodexBarCLI._diagnosticAuthSummaryForTesting(
+            provider: .openai,
+            account: nil,
+            config: nil,
+            environment: [OpenAIAPISettingsReader.apiKeyEnvironmentKey: "sk-test"],
+            settings: nil)
+
+        #expect(summary.configured)
+        #expect(summary.modes == ["api"])
+    }
+
+    @Test
+    func `generic diagnose auth summary requires complete Bedrock credentials`() {
+        let partial = CodexBarCLI._diagnosticAuthSummaryForTesting(
+            provider: .bedrock,
+            account: nil,
+            config: ProviderConfig(id: .bedrock, apiKey: "access-only"),
+            environment: [BedrockSettingsReader.accessKeyIDKey: "access-only"],
+            settings: nil)
+        #expect(!partial.configured)
+        #expect(partial.modes.isEmpty)
+
+        let complete = CodexBarCLI._diagnosticAuthSummaryForTesting(
+            provider: .bedrock,
+            account: nil,
+            config: nil,
+            environment: [
+                BedrockSettingsReader.accessKeyIDKey: "access",
+                BedrockSettingsReader.secretAccessKeyKey: "secret",
+            ],
+            settings: nil)
+        #expect(complete.configured)
+        #expect(complete.modes == ["api"])
+    }
+
+    @Test
+    func `generic diagnose auth summary does not assume ambient credentials`() {
+        let summary = CodexBarCLI._diagnosticAuthSummaryForTesting(
+            provider: .codex,
+            account: nil,
+            config: nil,
+            environment: [:],
+            settings: nil)
+
+        #expect(!summary.configured)
+        #expect(summary.modes.isEmpty)
+    }
+}
diff --git a/Tests/CodexBarTests/CLIEntryTests.swift b/Tests/CodexBarTests/CLIEntryTests.swift
index 22c78c1ce..59ee685c6 100644
--- a/Tests/CodexBarTests/CLIEntryTests.swift
+++ b/Tests/CodexBarTests/CLIEntryTests.swift
@@ -1,52 +1,136 @@
 import CodexBarCore
 import Commander
 import Foundation
-import Testing
+import XCTest
 @testable import CodexBarCLI
 
-@Suite
-struct CLIEntryTests {
-    @Test
-    func effectiveArgvDefaultsToUsage() {
-        #expect(CodexBarCLI.effectiveArgv([]) == ["usage"])
-        #expect(CodexBarCLI.effectiveArgv(["--json"]) == ["usage", "--json"])
-        #expect(CodexBarCLI.effectiveArgv(["usage", "--json"]) == ["usage", "--json"])
+final class CLIEntryTests: XCTestCase {
+    func test_effectiveArgvDefaultsToUsage() {
+        XCTAssertEqual(CodexBarCLI.effectiveArgv([]), ["usage"])
+        XCTAssertEqual(CodexBarCLI.effectiveArgv(["--json"]), ["usage", "--json"])
+        XCTAssertEqual(CodexBarCLI.effectiveArgv(["usage", "--json"]), ["usage", "--json"])
     }
 
-    @Test
-    func decodesFormatFromOptionsAndFlags() {
+    func test_decodesFormatFromOptionsAndFlags() {
         let jsonOption = ParsedValues(positional: [], options: ["format": ["json"]], flags: [])
-        #expect(CodexBarCLI._decodeFormatForTesting(from: jsonOption) == .json)
+        XCTAssertEqual(CodexBarCLI._decodeFormatForTesting(from: jsonOption), .json)
 
         let jsonFlag = ParsedValues(positional: [], options: [:], flags: ["json"])
-        #expect(CodexBarCLI._decodeFormatForTesting(from: jsonFlag) == .json)
+        XCTAssertEqual(CodexBarCLI._decodeFormatForTesting(from: jsonFlag), .json)
 
         let textDefault = ParsedValues(positional: [], options: [:], flags: [])
-        #expect(CodexBarCLI._decodeFormatForTesting(from: textDefault) == .text)
+        XCTAssertEqual(CodexBarCLI._decodeFormatForTesting(from: textDefault), .text)
     }
 
-    @Test
-    func providerSelectionPrefersOverride() {
+    func test_providerSelectionPrefersOverride() {
         let selection = CodexBarCLI.providerSelection(rawOverride: "codex", enabled: [.claude, .gemini])
-        #expect(selection.asList == [.codex])
+        XCTAssertEqual(selection.asList, [.codex])
     }
 
-    @Test
-    func normalizeVersionExtractsNumeric() {
-        #expect(CodexBarCLI.normalizeVersion(raw: "codex 1.2.3 (build 4)") == "1.2.3")
-        #expect(CodexBarCLI.normalizeVersion(raw: "  v2.0  ") == "2.0")
+    func test_normalizeVersionExtractsNumeric() {
+        XCTAssertEqual(CodexBarCLI.normalizeVersion(raw: "codex 1.2.3 (build 4)"), "1.2.3")
+        XCTAssertEqual(CodexBarCLI.normalizeVersion(raw: "  v2.0  "), "2.0")
     }
 
-    @Test
-    func makeHeaderIncludesVersionWhenAvailable() {
+    func test_makeHeaderIncludesVersionWhenAvailable() {
         let header = CodexBarCLI.makeHeader(provider: .codex, version: "1.2.3", source: "cli")
-        #expect(header.contains("Codex"))
-        #expect(header.contains("1.2.3"))
-        #expect(header.contains("cli"))
+        XCTAssertTrue(header.contains("Codex"))
+        XCTAssertTrue(header.contains("1.2.3"))
+        XCTAssertTrue(header.contains("cli"))
     }
 
-    @Test
-    func renderOpenAIWebDashboardTextIncludesSummary() {
+    func test_cliVersionFallsBackToContainingAppBundle() throws {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codexbar-cli-version-\(UUID().uuidString)", isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let appURL = root.appendingPathComponent("CodexBar.app", isDirectory: true)
+        let contentsURL = appURL.appendingPathComponent("Contents", isDirectory: true)
+        let helpersURL = contentsURL.appendingPathComponent("Helpers", isDirectory: true)
+        try FileManager.default.createDirectory(at: helpersURL, withIntermediateDirectories: true)
+
+        let infoURL = contentsURL.appendingPathComponent("Info.plist")
+        let plist: [String: Any] = ["CFBundleShortVersionString": "9.8.7"]
+        let data = try PropertyListSerialization.data(fromPropertyList: plist, format: .xml, options: 0)
+        try data.write(to: infoURL)
+
+        let helperURL = helpersURL.appendingPathComponent("CodexBarCLI")
+        try Data().write(to: helperURL)
+
+        XCTAssertEqual(CodexBarCLI.containingAppVersion(for: helperURL), "9.8.7")
+    }
+
+    func test_cliVersionFollowsSymlinkedHelper() throws {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codexbar-cli-version-symlink-\(UUID().uuidString)", isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let appURL = root.appendingPathComponent("CodexBar.app", isDirectory: true)
+        let contentsURL = appURL.appendingPathComponent("Contents", isDirectory: true)
+        let helpersURL = contentsURL.appendingPathComponent("Helpers", isDirectory: true)
+        let binURL = root.appendingPathComponent("bin", isDirectory: true)
+        try FileManager.default.createDirectory(at: helpersURL, withIntermediateDirectories: true)
+        try FileManager.default.createDirectory(at: binURL, withIntermediateDirectories: true)
+
+        let infoURL = contentsURL.appendingPathComponent("Info.plist")
+        let plist: [String: Any] = ["CFBundleShortVersionString": "2.4.6"]
+        let data = try PropertyListSerialization.data(fromPropertyList: plist, format: .xml, options: 0)
+        try data.write(to: infoURL)
+
+        let helperURL = helpersURL.appendingPathComponent("CodexBarCLI")
+        try Data().write(to: helperURL)
+
+        let symlinkURL = binURL.appendingPathComponent("codexbar")
+        try FileManager.default.createSymbolicLink(at: symlinkURL, withDestinationURL: helperURL)
+
+        XCTAssertEqual(CodexBarCLI.currentVersion(bundleVersion: nil, executablePath: symlinkURL.path), "2.4.6")
+    }
+
+    func test_cliVersionFallsBackToAdjacentVersionFile() throws {
+        try self.expectAdjacentVersionFile(raw: "v3.2.1\n", expected: "3.2.1")
+        try self.expectAdjacentVersionFile(raw: "3.2.2\n", expected: "3.2.2")
+        try self.expectAdjacentVersionFile(raw: "version-3.2.3\n", expected: "version-3.2.3")
+    }
+
+    func test_cliVersionPrefersAdjacentVersionOverStandaloneBundleName() throws {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codexbar-cli-version-bundle-\(UUID().uuidString)", isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let binURL = root.appendingPathComponent("bin", isDirectory: true)
+        try FileManager.default.createDirectory(at: binURL, withIntermediateDirectories: true)
+
+        let helperURL = binURL.appendingPathComponent("CodexBarCLI")
+        try Data().write(to: helperURL)
+        try "4.5.6\n".write(
+            to: binURL.appendingPathComponent("VERSION"),
+            atomically: false,
+            encoding: .utf8)
+
+        XCTAssertEqual(
+            CodexBarCLI.currentVersion(bundleVersion: "CodexBar", executablePath: helperURL.path),
+            "4.5.6")
+    }
+
+    private func expectAdjacentVersionFile(raw: String, expected: String) throws {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codexbar-cli-version-file-\(UUID().uuidString)", isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let binURL = root.appendingPathComponent("bin", isDirectory: true)
+        try FileManager.default.createDirectory(at: binURL, withIntermediateDirectories: true)
+
+        let helperURL = binURL.appendingPathComponent("CodexBarCLI")
+        try Data().write(to: helperURL)
+        try raw.write(
+            to: binURL.appendingPathComponent("VERSION"),
+            atomically: false,
+            encoding: .utf8)
+
+        XCTAssertEqual(CodexBarCLI.currentVersion(bundleVersion: nil, executablePath: helperURL.path), expected)
+    }
+
+    func test_renderOpenAIWebDashboardTextIncludesSummary() {
         let event = CreditEvent(
             date: Date(timeIntervalSince1970: 1_700_000_000),
             service: "codex",
@@ -54,6 +138,11 @@ struct CLIEntryTests {
         let snapshot = OpenAIDashboardSnapshot(
             signedInEmail: "user@example.com",
             codeReviewRemainingPercent: 45,
+            codeReviewLimit: RateWindow(
+                usedPercent: 55,
+                windowMinutes: nil,
+                resetsAt: Date().addingTimeInterval(3600),
+                resetDescription: nil),
             creditEvents: [event],
             dailyBreakdown: [],
             usageBreakdown: [],
@@ -62,87 +151,87 @@ struct CLIEntryTests {
 
         let text = CodexBarCLI.renderOpenAIWebDashboardText(snapshot)
 
-        #expect(text.contains("Web session: user@example.com"))
-        #expect(text.contains("Code review: 45% remaining"))
-        #expect(text.contains("Web history: 1 events"))
+        XCTAssertTrue(text.contains("Web session: user@example.com"))
+        XCTAssertTrue(text.contains("Code review: 45% remaining (Resets in "))
+        XCTAssertTrue(text.contains("Web history: 1 events"))
     }
 
-    @Test
-    func mapsErrorsToExitCodes() {
-        #expect(CodexBarCLI.mapError(CodexStatusProbeError.codexNotInstalled) == ExitCode(2))
-        #expect(CodexBarCLI.mapError(CodexStatusProbeError.timedOut) == ExitCode(4))
-        #expect(CodexBarCLI.mapError(UsageError.noRateLimitsFound) == ExitCode(3))
+    func test_mapsErrorsToExitCodes() {
+        XCTAssertEqual(CodexBarCLI.mapError(CodexStatusProbeError.codexNotInstalled), ExitCode(2))
+        XCTAssertEqual(CodexBarCLI.mapError(CodexStatusProbeError.timedOut), ExitCode(4))
+        XCTAssertEqual(CodexBarCLI.mapError(UsageError.noRateLimitsFound), ExitCode(3))
     }
 
-    @Test
-    func providerSelectionFallsBackToBothForPrimaryPair() {
+    func test_missingCodexBinaryErrorPayloadUsesInstallGuidance() {
+        let payload = CodexBarCLI.makeErrorPayload(CodexStatusProbeError.codexNotInstalled, kind: .provider)
+
+        XCTAssertEqual(payload.code, ExitCode.binaryNotFound.rawValue)
+        XCTAssertTrue(payload.message.contains("Codex CLI missing"))
+        XCTAssertFalse(payload.message.contains("Codex not running"))
+    }
+
+    func test_providerSelectionFallsBackToBothForPrimaryPair() {
         let selection = CodexBarCLI.providerSelection(rawOverride: nil, enabled: [.codex, .claude])
         switch selection {
         case .both:
             break
         default:
-            #expect(Bool(false))
+            XCTFail("Expected both selection")
         }
     }
 
-    @Test
-    func providerSelectionFallsBackToCustomWhenNonPrimary() {
+    func test_providerSelectionFallsBackToCustomWhenNonPrimary() {
         let selection = CodexBarCLI.providerSelection(rawOverride: nil, enabled: [.codex, .gemini])
         switch selection {
         case let .custom(providers):
-            #expect(providers == [.codex, .gemini])
+            XCTAssertEqual(providers, [.codex, .gemini])
         default:
-            #expect(Bool(false))
+            XCTFail("Expected custom selection")
         }
     }
 
-    @Test
-    func providerSelectionDefaultsToCodexWhenEmpty() {
+    func test_providerSelectionHonorsEmptyEnabledSet() {
         let selection = CodexBarCLI.providerSelection(rawOverride: nil, enabled: [])
         switch selection {
-        case let .single(provider):
-            #expect(provider == .codex)
+        case let .custom(providers):
+            XCTAssertEqual(providers, [])
         default:
-            #expect(Bool(false))
+            XCTFail("Expected empty custom selection")
         }
     }
 
-    @Test
-    func decodesSourceAndTimeoutOptions() throws {
+    func test_decodesSourceAndTimeoutOptions() throws {
         let signature = CodexBarCLI._usageSignatureForTesting()
         let parser = CommandParser(signature: signature)
         let parsed = try parser.parse(arguments: ["--web-timeout", "45", "--source", "oauth"])
-        #expect(CodexBarCLI._decodeWebTimeoutForTesting(from: parsed) == 45)
-        #expect(CodexBarCLI._decodeSourceModeForTesting(from: parsed) == .oauth)
+        XCTAssertEqual(CodexBarCLI._decodeWebTimeoutForTesting(from: parsed), 45)
+        XCTAssertEqual(CodexBarCLI._decodeSourceModeForTesting(from: parsed), .oauth)
 
         let parsedWeb = try parser.parse(arguments: ["--web"])
-        #expect(CodexBarCLI._decodeSourceModeForTesting(from: parsedWeb) == .web)
+        XCTAssertEqual(CodexBarCLI._decodeSourceModeForTesting(from: parsedWeb), .web)
     }
 
-    @Test
-    func shouldUseColorRespectsFormatAndFlags() {
-        #expect(!CodexBarCLI.shouldUseColor(noColor: true, format: .text))
-        #expect(!CodexBarCLI.shouldUseColor(noColor: false, format: .json))
+    func test_shouldUseColorRespectsFormatAndFlags() {
+        XCTAssertFalse(CodexBarCLI.shouldUseColor(noColor: true, format: .text))
+        XCTAssertFalse(CodexBarCLI.shouldUseColor(noColor: false, format: .json))
     }
 
-    @Test
-    func kiloUsageTextNotesShowFallbackOnlyForAutoResolvedToCLI() {
-        #expect(CodexBarCLI.usageTextNotes(
+    func test_kiloUsageTextNotesShowFallbackOnlyForAutoResolvedToCLI() {
+        XCTAssertEqual(CodexBarCLI.usageTextNotes(
             provider: .kilo,
             sourceMode: .auto,
-            resolvedSourceLabel: "cli") == ["Using CLI fallback"])
-        #expect(CodexBarCLI.usageTextNotes(
+            resolvedSourceLabel: "cli"), ["Using CLI fallback"])
+        XCTAssertTrue(CodexBarCLI.usageTextNotes(
             provider: .kilo,
             sourceMode: .api,
             resolvedSourceLabel: "cli").isEmpty)
-        #expect(CodexBarCLI.usageTextNotes(
+        XCTAssertTrue(CodexBarCLI.usageTextNotes(
             provider: .codex,
             sourceMode: .auto,
             resolvedSourceLabel: "cli").isEmpty)
     }
 
-    @Test
-    func kiloAutoFallbackSummaryIncludesOrderedAttemptDetails() {
+    func test_kiloAutoFallbackSummaryIncludesOrderedAttemptDetails() {
         let attempts = [
             ProviderFetchAttempt(
                 strategyID: "kilo.api",
@@ -165,13 +254,10 @@ struct CLIEntryTests {
             " -> cli: Kilo CLI session not found.",
         ].joined()
 
-        #expect(
-            summary ==
-                expected)
+        XCTAssertEqual(summary, expected)
     }
 
-    @Test
-    func kiloAutoFallbackSummaryIsNilOutsideKiloAutoFailures() {
+    func test_kiloAutoFallbackSummaryIsNilOutsideKiloAutoFailures() {
         let attempts = [
             ProviderFetchAttempt(
                 strategyID: "kilo.api",
@@ -180,21 +266,31 @@ struct CLIEntryTests {
                 errorDescription: "example"),
         ]
 
-        #expect(CodexBarCLI.kiloAutoFallbackSummary(
+        XCTAssertNil(CodexBarCLI.kiloAutoFallbackSummary(
             provider: .kilo,
             sourceMode: .api,
-            attempts: attempts) == nil)
-        #expect(CodexBarCLI.kiloAutoFallbackSummary(
+            attempts: attempts))
+        XCTAssertNil(CodexBarCLI.kiloAutoFallbackSummary(
             provider: .codex,
             sourceMode: .auto,
-            attempts: attempts) == nil)
+            attempts: attempts))
     }
 
-    @Test
-    func sourceModeRequiresWebSupportIsProviderAware() {
-        #expect(CodexBarCLI.sourceModeRequiresWebSupport(.web, provider: .kilo))
-        #expect(CodexBarCLI.sourceModeRequiresWebSupport(.auto, provider: .codex))
-        #expect(!CodexBarCLI.sourceModeRequiresWebSupport(.auto, provider: .kilo))
-        #expect(!CodexBarCLI.sourceModeRequiresWebSupport(.api, provider: .kilo))
+    func test_sourceModeRequiresWebSupportIsProviderAware() {
+        XCTAssertTrue(CodexBarCLI.sourceModeRequiresWebSupport(.web, provider: .kilo))
+        XCTAssertTrue(CodexBarCLI.sourceModeRequiresWebSupport(.auto, provider: .codex))
+        XCTAssertFalse(CodexBarCLI.sourceModeRequiresWebSupport(.auto, provider: .kilo))
+        XCTAssertFalse(CodexBarCLI.sourceModeRequiresWebSupport(.auto, provider: .grok))
+        XCTAssertFalse(CodexBarCLI.sourceModeRequiresWebSupport(.web, provider: .grok))
+        XCTAssertFalse(CodexBarCLI.sourceModeRequiresWebSupport(.api, provider: .kilo))
+        XCTAssertFalse(CodexBarCLI.sourceModeRequiresWebSupport(
+            .auto,
+            provider: .ollama,
+            environment: ["OLLAMA_API_KEY": "ollama-test"]))
+        XCTAssertFalse(CodexBarCLI.sourceModeRequiresWebSupport(
+            .auto,
+            provider: .ollama,
+            settings: ProviderSettingsSnapshot.make(
+                ollama: .init(cookieSource: .off, manualCookieHeader: nil))))
     }
 }
diff --git a/Tests/CodexBarTests/CLIOpenAIDashboardCacheTests.swift b/Tests/CodexBarTests/CLIOpenAIDashboardCacheTests.swift
new file mode 100644
index 000000000..96e84f52d
--- /dev/null
+++ b/Tests/CodexBarTests/CLIOpenAIDashboardCacheTests.swift
@@ -0,0 +1,433 @@
+import Foundation
+import Testing
+@testable import CodexBarCLI
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct CLIOpenAIDashboardCacheTests {
+    @Test
+    func `cached dashboard restores when authority allows cached reuse`() throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let authHome = try self.makeAuthHome(
+            email: "owner@example.com",
+            accountId: "acct-owner")
+        defer { try? FileManager.default.removeItem(at: authHome) }
+
+        let context = self.makeContext(
+            authHome: authHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-owner"),
+                    normalizedEmail: "owner@example.com"),
+            ])
+        let dashboard = self.makeDashboard(email: "owner@example.com")
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "stale-route@example.com",
+            snapshot: dashboard))
+
+        let restored = CodexBarCLI.loadOpenAIDashboardIfAvailable(
+            usage: self.makeUsage(email: nil),
+            sourceLabel: "openai-web",
+            context: context)
+
+        #expect(restored == dashboard)
+    }
+
+    @Test
+    func `cached dashboard returns nil on display only and clears cache`() throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let authHome = try self.makeAuthHome(email: "shared@example.com")
+        defer { try? FileManager.default.removeItem(at: authHome) }
+
+        let context = self.makeContext(
+            authHome: authHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-alpha"),
+                    normalizedEmail: "shared@example.com"),
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-beta"),
+                    normalizedEmail: "shared@example.com"),
+            ])
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "shared@example.com",
+            snapshot: self.makeDashboard(email: "shared@example.com")))
+
+        let restored = CodexBarCLI.loadOpenAIDashboardIfAvailable(
+            usage: self.makeUsage(email: "shared@example.com"),
+            sourceLabel: "codex-cli",
+            context: context)
+
+        #expect(restored == nil)
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+    }
+
+    @Test
+    func `cached dashboard returns nil on fail closed and clears cache`() throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let authHome = try self.makeAuthHome(
+            email: "owner@example.com",
+            accountId: "acct-owner")
+        defer { try? FileManager.default.removeItem(at: authHome) }
+
+        let context = self.makeContext(
+            authHome: authHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-other"),
+                    normalizedEmail: "owner@example.com"),
+            ])
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "owner@example.com",
+            snapshot: self.makeDashboard(email: "owner@example.com")))
+
+        let restored = CodexBarCLI.loadOpenAIDashboardIfAvailable(
+            usage: self.makeUsage(email: "owner@example.com"),
+            sourceLabel: "codex-cli",
+            context: context)
+
+        #expect(restored == nil)
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+    }
+
+    @Test
+    func `cached dashboard wrong email returns nil and clears cache`() throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let authHome = try self.makeAuthHome(
+            email: "owner@example.com",
+            accountId: "acct-owner")
+        defer { try? FileManager.default.removeItem(at: authHome) }
+
+        let context = self.makeContext(
+            authHome: authHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-owner"),
+                    normalizedEmail: "owner@example.com"),
+            ])
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "other@example.com",
+            snapshot: self.makeDashboard(email: "other@example.com")))
+
+        let restored = CodexBarCLI.loadOpenAIDashboardIfAvailable(
+            usage: self.makeUsage(email: "owner@example.com"),
+            sourceLabel: "codex-cli",
+            context: context)
+
+        #expect(restored == nil)
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+    }
+
+    @Test
+    func `cached dashboard provider account without scoped auth email fails closed`() throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let authHome = try self.makeAuthHome(email: nil, accountId: "acct-owner")
+        defer { try? FileManager.default.removeItem(at: authHome) }
+
+        let context = self.makeContext(
+            authHome: authHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-alpha"),
+                    normalizedEmail: "shared@example.com"),
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-beta"),
+                    normalizedEmail: "shared@example.com"),
+            ])
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "shared@example.com",
+            snapshot: self.makeDashboard(email: "shared@example.com")))
+
+        let restored = CodexBarCLI.loadOpenAIDashboardIfAvailable(
+            usage: self.makeUsage(email: "shared@example.com"),
+            sourceLabel: "codex-cli",
+            context: context)
+
+        #expect(restored == nil)
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+    }
+
+    @Test
+    func `cached dashboard unresolved trusted continuity with competing owner returns nil`() {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let emptyHome = self.makeEmptyHome()
+        defer { try? FileManager.default.removeItem(at: emptyHome) }
+        let context = self.makeContext(
+            authHome: emptyHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-alpha"),
+                    normalizedEmail: "shared@example.com"),
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-beta"),
+                    normalizedEmail: "shared@example.com"),
+            ])
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "shared@example.com",
+            snapshot: self.makeDashboard(email: "shared@example.com")))
+
+        let restored = CodexBarCLI.loadOpenAIDashboardIfAvailable(
+            usage: self.makeUsage(email: "shared@example.com"),
+            sourceLabel: "codex-cli",
+            context: context)
+
+        #expect(restored == nil)
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+    }
+
+    @Test
+    func `cached dashboard trusts codex cli usage continuity`() {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let emptyHome = self.makeEmptyHome()
+        defer { try? FileManager.default.removeItem(at: emptyHome) }
+        let context = self.makeContext(
+            authHome: emptyHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-owner"),
+                    normalizedEmail: "owner@example.com"),
+            ])
+        let dashboard = self.makeDashboard(email: "owner@example.com")
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "stale-route@example.com",
+            snapshot: dashboard))
+
+        let restored = CodexBarCLI.loadOpenAIDashboardIfAvailable(
+            usage: self.makeUsage(email: "owner@example.com"),
+            sourceLabel: "codex-cli",
+            context: context)
+
+        #expect(restored == dashboard)
+    }
+
+    @Test
+    func `cached dashboard trusts oauth usage continuity`() {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let emptyHome = self.makeEmptyHome()
+        defer { try? FileManager.default.removeItem(at: emptyHome) }
+        let context = self.makeContext(
+            authHome: emptyHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-owner"),
+                    normalizedEmail: "owner@example.com"),
+            ])
+        let dashboard = self.makeDashboard(email: "owner@example.com")
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "stale-route@example.com",
+            snapshot: dashboard))
+
+        let restored = CodexBarCLI.loadOpenAIDashboardIfAvailable(
+            usage: self.makeUsage(email: "owner@example.com"),
+            sourceLabel: "oauth",
+            context: context)
+
+        #expect(restored == dashboard)
+    }
+
+    @Test
+    func `cached dashboard does not trust open A I web usage continuity`() {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let emptyHome = self.makeEmptyHome()
+        defer { try? FileManager.default.removeItem(at: emptyHome) }
+        let context = self.makeContext(
+            authHome: emptyHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-owner"),
+                    normalizedEmail: "owner@example.com"),
+            ])
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "owner@example.com",
+            snapshot: self.makeDashboard(email: "owner@example.com")))
+
+        let restored = CodexBarCLI.loadOpenAIDashboardIfAvailable(
+            usage: self.makeUsage(email: "owner@example.com"),
+            sourceLabel: "openai-web",
+            context: context)
+
+        #expect(restored == nil)
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+    }
+
+    @Test
+    func `cached dashboard ignores cached account email equality when authority rejects`() throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let authHome = try self.makeAuthHome(
+            email: "owner@example.com",
+            accountId: "acct-owner")
+        defer { try? FileManager.default.removeItem(at: authHome) }
+
+        let context = self.makeContext(
+            authHome: authHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-other"),
+                    normalizedEmail: "owner@example.com"),
+            ])
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "owner@example.com",
+            snapshot: self.makeDashboard(email: "owner@example.com")))
+
+        let restored = CodexBarCLI.loadOpenAIDashboardIfAvailable(
+            usage: self.makeUsage(email: "owner@example.com"),
+            sourceLabel: "codex-cli",
+            context: context)
+
+        #expect(restored == nil)
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+    }
+
+    private func makeContext(
+        authHome: URL?,
+        knownOwners: [CodexDashboardKnownOwnerCandidate]) -> ProviderFetchContext
+    {
+        let env = authHome.map { ["CODEX_HOME": $0.path] } ?? [:]
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        return ProviderFetchContext(
+            runtime: .cli,
+            sourceMode: .auto,
+            includeCredits: true,
+            webTimeout: 60,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: ProviderSettingsSnapshot.make(
+                codex: .init(
+                    usageDataSource: .auto,
+                    cookieSource: .auto,
+                    manualCookieHeader: nil,
+                    dashboardAuthorityKnownOwners: knownOwners)),
+            fetcher: UsageFetcher(environment: env),
+            claudeFetcher: ClaudeUsageFetcher(browserDetection: browserDetection),
+            browserDetection: browserDetection)
+    }
+
+    private func makeUsage(email: String?) -> UsageSnapshot {
+        UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 10,
+                windowMinutes: 300,
+                resetsAt: Date(timeIntervalSince1970: 7200),
+                resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date(timeIntervalSince1970: 2000),
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: email,
+                accountOrganization: nil,
+                loginMethod: nil))
+    }
+
+    private func makeDashboard(email: String) -> OpenAIDashboardSnapshot {
+        let creditEvents = [
+            CreditEvent(
+                date: Date(timeIntervalSince1970: 1000),
+                service: "codex",
+                creditsUsed: 3),
+        ]
+        return OpenAIDashboardSnapshot(
+            signedInEmail: email,
+            codeReviewRemainingPercent: 75,
+            codeReviewLimit: RateWindow(
+                usedPercent: 25,
+                windowMinutes: 60,
+                resetsAt: Date(timeIntervalSince1970: 3600),
+                resetDescription: nil),
+            creditEvents: creditEvents,
+            dailyBreakdown: OpenAIDashboardSnapshot.makeDailyBreakdown(from: creditEvents, maxDays: 30),
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            primaryLimit: RateWindow(
+                usedPercent: 10,
+                windowMinutes: 300,
+                resetsAt: Date(timeIntervalSince1970: 7200),
+                resetDescription: nil),
+            secondaryLimit: nil,
+            creditsRemaining: 42,
+            accountPlan: "pro",
+            updatedAt: Date(timeIntervalSince1970: 2000))
+    }
+
+    private func makeAuthHome(email: String?, accountId: String? = nil) throws -> URL {
+        let homeURL = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        try self.writeCodexAuthFile(homeURL: homeURL, email: email, accountId: accountId)
+        return homeURL
+    }
+
+    private func makeEmptyHome() -> URL {
+        let homeURL = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        try? FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        return homeURL
+    }
+
+    private func writeCodexAuthFile(
+        homeURL: URL,
+        email: String?,
+        accountId: String?) throws
+    {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        var tokens: [String: Any] = [
+            "accessToken": "access-token",
+            "refreshToken": "refresh-token",
+            "idToken": Self.fakeJWT(email: email, accountId: accountId),
+        ]
+        if let accountId {
+            tokens["accountId"] = accountId
+        }
+        let auth = ["tokens": tokens]
+        let data = try JSONSerialization.data(withJSONObject: auth)
+        try data.write(to: homeURL.appendingPathComponent("auth.json"))
+    }
+
+    private static func fakeJWT(email: String?, accountId: String?) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        var authClaims: [String: Any] = [
+            "chatgpt_plan_type": "pro",
+        ]
+        if let accountId {
+            authClaims["chatgpt_account_id"] = accountId
+        }
+        var claims: [String: Any] = [
+            "chatgpt_plan_type": "pro",
+            "https://api.openai.com/auth": authClaims,
+        ]
+        if let email {
+            claims["email"] = email
+        }
+        let payload = (try? JSONSerialization.data(withJSONObject: claims)) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
+}
diff --git a/Tests/CodexBarTests/CLIOutputTests.swift b/Tests/CodexBarTests/CLIOutputTests.swift
index e8b828b1e..caa5c86d3 100644
--- a/Tests/CodexBarTests/CLIOutputTests.swift
+++ b/Tests/CodexBarTests/CLIOutputTests.swift
@@ -1,18 +1,18 @@
 import Foundation
 import Testing
 @testable import CodexBarCLI
+@testable import CodexBarCore
 
-@Suite
 struct CLIOutputTests {
     @Test
-    func outputPreferencesJsonOnlyForcesJSON() {
+    func `output preferences json only forces JSON`() {
         let output = CLIOutputPreferences.from(argv: ["--json-only"])
         #expect(output.jsonOnly == true)
         #expect(output.format == .json)
     }
 
     @Test
-    func cliErrorPayloadIsJSONArray() throws {
+    func `cli error payload is JSON array`() throws {
         let payload = CodexBarCLI.makeCLIErrorPayload(
             message: "Nope",
             code: .failure,
@@ -27,4 +27,41 @@ struct CLIOutputTests {
         let error = first?["error"] as? [String: Any]
         #expect(error?["message"] as? String == "Nope")
     }
+
+    @Test
+    func `exit omits generic error when command already emitted payload`() {
+        #expect(!CodexBarCLI.shouldPrintExitError(code: .success, message: nil))
+        #expect(!CodexBarCLI.shouldPrintExitError(code: .failure, message: nil))
+        #expect(CodexBarCLI.shouldPrintExitError(code: .failure, message: "Nope"))
+    }
+
+    @Test
+    func `text renderer includes deepgram usage metrics`() {
+        let deepgram = DeepgramUsageSnapshot(
+            projectID: "project-123",
+            start: "2026-05-10",
+            end: "2026-05-17",
+            hours: 12.5,
+            totalHours: 14,
+            agentHours: 1.25,
+            tokensIn: 100,
+            tokensOut: 50,
+            ttsCharacters: 1200,
+            requests: 42,
+            updatedAt: Date(timeIntervalSince1970: 0))
+        let text = CLIRenderer.renderText(
+            provider: .deepgram,
+            snapshot: deepgram.toUsageSnapshot(),
+            credits: nil,
+            context: RenderContext(
+                header: "Deepgram (api)",
+                status: nil,
+                useColor: false,
+                resetStyle: .countdown))
+
+        #expect(text.contains("Requests: 42"))
+        #expect(text.contains("Usage: 12.5 audio hours · 14 billable hours"))
+        #expect(text.contains("Usage: 1.2 agent hours · 150 tokens · 1,200 TTS chars"))
+        #expect(text.contains("Period: 2026-05-10 to 2026-05-17"))
+    }
 }
diff --git a/Tests/CodexBarTests/CLIProviderSelectionTests.swift b/Tests/CodexBarTests/CLIProviderSelectionTests.swift
index fe74c2860..8fa24d0a7 100644
--- a/Tests/CodexBarTests/CLIProviderSelectionTests.swift
+++ b/Tests/CodexBarTests/CLIProviderSelectionTests.swift
@@ -3,10 +3,9 @@ import Foundation
 import Testing
 @testable import CodexBarCLI
 
-@Suite
 struct CLIProviderSelectionTests {
     @Test
-    func helpIncludesGeminiAndAll() {
+    func `help includes gemini and all`() {
         let usage = CodexBarCLI.usageHelp(version: "0.0.0")
         let root = CodexBarCLI.rootHelp(version: "0.0.0")
         let expectedProviders = [
@@ -45,7 +44,7 @@ struct CLIProviderSelectionTests {
     }
 
     @Test
-    func helpMentionsSourceFlag() {
+    func `help mentions source flag`() {
         let usage = CodexBarCLI.usageHelp(version: "0.0.0")
         let root = CodexBarCLI.rootHelp(version: "0.0.0")
 
@@ -65,41 +64,49 @@ struct CLIProviderSelectionTests {
     }
 
     @Test
-    func providerSelectionRespectsOverride() {
+    func `provider selection respects override`() {
         let selection = CodexBarCLI.providerSelection(rawOverride: "gemini", enabled: [.codex, .claude])
         #expect(selection.asList == [.gemini])
     }
 
     @Test
-    func providerSelectionUsesAllWhenEnabled() {
+    func `provider selection uses enabled providers when three or more are enabled`() {
         let selection = CodexBarCLI.providerSelection(
             rawOverride: nil,
             enabled: [.codex, .claude, .zai, .cursor, .gemini, .antigravity, .factory, .copilot])
-        #expect(selection.asList == ProviderSelection.all.asList)
+        #expect(selection.asList == [.codex, .claude, .zai, .cursor, .gemini, .antigravity, .factory, .copilot])
     }
 
     @Test
-    func providerSelectionUsesBothForCodexAndClaude() {
+    func `provider selection does not expand three enabled providers to all providers`() {
+        let enabled: [UsageProvider] = [.codex, .claude, .copilot]
+        let selection = CodexBarCLI.providerSelection(rawOverride: nil, enabled: enabled)
+        #expect(selection.asList == enabled)
+        #expect(!selection.asList.contains(.gemini))
+    }
+
+    @Test
+    func `provider selection uses both for codex and claude`() {
         let selection = CodexBarCLI.providerSelection(rawOverride: nil, enabled: [.codex, .claude])
         #expect(selection.asList == [.codex, .claude])
     }
 
     @Test
-    func providerSelectionUsesCustomForCodexAndGemini() {
+    func `provider selection uses custom for codex and gemini`() {
         let enabled: [UsageProvider] = [.codex, .gemini]
         let selection = CodexBarCLI.providerSelection(rawOverride: nil, enabled: enabled)
         #expect(selection.asList == enabled)
     }
 
     @Test
-    func providerSelectionAcceptsKiroAlias() {
+    func `provider selection accepts kiro alias`() {
         let selection = CodexBarCLI.providerSelection(rawOverride: "kiro-cli", enabled: [.codex])
         #expect(selection.asList == [.kiro])
     }
 
     @Test
-    func providerSelectionDefaultsToCodexWhenEmpty() {
+    func `provider selection honors empty enabled set`() {
         let selection = CodexBarCLI.providerSelection(rawOverride: nil, enabled: [])
-        #expect(selection.asList == [.codex])
+        #expect(selection.asList == [])
     }
 }
diff --git a/Tests/CodexBarTests/CLIServeRouterTests.swift b/Tests/CodexBarTests/CLIServeRouterTests.swift
new file mode 100644
index 000000000..84149ed5e
--- /dev/null
+++ b/Tests/CodexBarTests/CLIServeRouterTests.swift
@@ -0,0 +1,140 @@
+import Commander
+import Foundation
+import Testing
+@testable import CodexBarCLI
+
+struct CLIServeRouterTests {
+    @Test
+    func `local http parser accepts only loopback host headers`() throws {
+        let allowedHosts = [
+            "localhost",
+            "localhost.",
+            "localhost:8080",
+            "127.0.0.1",
+            "127.0.0.1:8080",
+            "[::1]",
+            "[::1]:8080",
+        ]
+
+        for host in allowedHosts {
+            let request = try Self.parsedRequest(host: host)
+            #expect(request.host == host)
+            #expect(request.path == "/usage")
+        }
+    }
+
+    @Test
+    func `local http parser rejects hostile missing and duplicate hosts`() {
+        Self.expectParseFailure(raw: "GET /usage HTTP/1.1\r\n\r\n", .missingHost)
+        Self.expectParseFailure(raw: "GET /usage HTTP/1.1\r\nHost: evil.test\r\n\r\n", .disallowedHost)
+        Self.expectParseFailure(raw: "GET /usage HTTP/1.1\r\nHost: localhost, evil.test\r\n\r\n", .disallowedHost)
+        Self.expectParseFailure(raw: "GET /usage HTTP/1.1\r\nHost: localhost:abc\r\n\r\n", .disallowedHost)
+        Self.expectParseFailure(
+            raw: "GET /usage HTTP/1.1\r\nHost: localhost\r\nHost: 127.0.0.1\r\n\r\n",
+            .duplicateHost)
+    }
+
+    @Test
+    func `routes health usage and cost endpoints`() throws {
+        #expect(try CLIServeRouter.route(method: "GET", path: "/health", queryItems: [:]) == .health)
+        #expect(try CLIServeRouter.route(method: "GET", path: "/usage", queryItems: [:]) == .usage(provider: nil))
+        #expect(
+            try CLIServeRouter.route(
+                method: "GET",
+                path: "/usage",
+                queryItems: ["provider": "claude"]) == .usage(provider: "claude"))
+        #expect(
+            try CLIServeRouter.route(
+                method: "GET",
+                path: "/cost",
+                queryItems: ["provider": "codex"]) == .cost(provider: "codex"))
+    }
+
+    @Test
+    func `rejects non get methods`() {
+        do {
+            _ = try CLIServeRouter.route(method: "POST", path: "/usage", queryItems: [:])
+            Issue.record("Expected methodNotAllowed")
+        } catch let error as CLIServeRouteError {
+            #expect(error == .methodNotAllowed)
+        } catch {
+            Issue.record("Unexpected error: \(error)")
+        }
+    }
+
+    @Test
+    func `rejects unknown paths`() {
+        do {
+            _ = try CLIServeRouter.route(method: "GET", path: "/missing", queryItems: [:])
+            Issue.record("Expected notFound")
+        } catch let error as CLIServeRouteError {
+            #expect(error == .notFound)
+        } catch {
+            Issue.record("Unexpected error: \(error)")
+        }
+    }
+
+    @Test
+    func `serve numeric options reject malformed values`() {
+        #expect(CodexBarCLI.decodeServePort(from: ParsedValues(
+            positional: [],
+            options: ["port": ["abc"]],
+            flags: [])) == nil)
+        #expect(CodexBarCLI.decodeServePort(from: ParsedValues(
+            positional: [],
+            options: ["port": ["0"]],
+            flags: [])) == nil)
+        #expect(CodexBarCLI.decodeServePort(from: ParsedValues(
+            positional: [],
+            options: ["port": ["65536"]],
+            flags: [])) == nil)
+        #expect(CodexBarCLI.decodeServePort(from: ParsedValues(
+            positional: [],
+            options: [:],
+            flags: [])) == 8080)
+
+        #expect(CodexBarCLI.decodeServeRefreshInterval(from: ParsedValues(
+            positional: [],
+            options: ["refreshInterval": ["later"]],
+            flags: [])) == nil)
+        #expect(CodexBarCLI.decodeServeRefreshInterval(from: ParsedValues(
+            positional: [],
+            options: ["refreshInterval": ["-1"]],
+            flags: [])) == nil)
+        #expect(CodexBarCLI.decodeServeRefreshInterval(from: ParsedValues(
+            positional: [],
+            options: [:],
+            flags: [])) == 60)
+    }
+
+    @Test
+    func `serve cache skips provider error payloads`() {
+        let success = CLILocalHTTPResponse(
+            status: .ok,
+            body: Data(#"[{"provider":"codex","source":"local"}]"#.utf8))
+        let providerError = CLILocalHTTPResponse(
+            status: .ok,
+            body: Data(#"[{"provider":"codex","source":"local","error":{"message":"temporary"}}]"#.utf8))
+        let routeError = CLILocalHTTPResponse(
+            status: .badRequest,
+            body: Data(#"{"error":"bad request"}"#.utf8))
+
+        #expect(CodexBarCLI.shouldCacheServeResponse(success))
+        #expect(!CodexBarCLI.shouldCacheServeResponse(providerError))
+        #expect(!CodexBarCLI.shouldCacheServeResponse(routeError))
+    }
+
+    private static func parsedRequest(host: String) throws -> CLILocalHTTPRequest {
+        let raw = "GET /usage?provider=claude HTTP/1.1\r\nHost: \(host)\r\n\r\n"
+        return try CLILocalHTTPRequest.parse(Data(raw.utf8)).get()
+    }
+
+    private static func expectParseFailure(raw: String, _ expected: CLILocalHTTPRequestParseError) {
+        switch CLILocalHTTPRequest.parse(Data(raw.utf8)) {
+        case .success:
+            Issue.record("Expected \(expected)")
+        case let .failure(error):
+            #expect(error == expected)
+        }
+    }
+}
diff --git a/Tests/CodexBarTests/CLISnapshotTests.swift b/Tests/CodexBarTests/CLISnapshotTests.swift
index dd755b29f..173136e06 100644
--- a/Tests/CodexBarTests/CLISnapshotTests.swift
+++ b/Tests/CodexBarTests/CLISnapshotTests.swift
@@ -3,10 +3,58 @@ import Foundation
 import Testing
 @testable import CodexBarCLI
 
-@Suite
 struct CLISnapshotTests {
     @Test
-    func rendersTextSnapshotForCodex() {
+    func `renders Factory token rate billing with time window labels`() {
+        let snap = UsageSnapshot(
+            primary: .init(usedPercent: 12, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: .init(usedPercent: 25, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            tertiary: .init(usedPercent: 50, windowMinutes: 43200, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date(timeIntervalSince1970: 0))
+
+        let output = CLIRenderer.renderText(
+            provider: .factory,
+            snapshot: snap,
+            credits: nil,
+            context: RenderContext(
+                header: "Droid (factory)",
+                status: nil,
+                useColor: false,
+                resetStyle: .absolute))
+
+        #expect(output.contains("5-hour: 88% left"))
+        #expect(output.contains("Weekly: 75% left"))
+        #expect(output.contains("Monthly: 50% left"))
+        #expect(!output.contains("Standard:"))
+        #expect(!output.contains("Premium:"))
+    }
+
+    @Test
+    func `renders Factory legacy billing with pool labels`() {
+        let snap = UsageSnapshot(
+            primary: .init(usedPercent: 12, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: .init(usedPercent: 25, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: nil,
+            updatedAt: Date(timeIntervalSince1970: 0))
+
+        let output = CLIRenderer.renderText(
+            provider: .factory,
+            snapshot: snap,
+            credits: nil,
+            context: RenderContext(
+                header: "Droid (factory)",
+                status: nil,
+                useColor: false,
+                resetStyle: .absolute))
+
+        #expect(output.contains("Standard: 88% left"))
+        #expect(output.contains("Premium: 75% left"))
+        #expect(!output.contains("5-hour:"))
+        #expect(!output.contains("Monthly:"))
+    }
+
+    @Test
+    func `renders text snapshot for codex`() {
         let identity = ProviderIdentitySnapshot(
             providerID: .codex,
             accountEmail: "user@example.com",
@@ -40,11 +88,71 @@ struct CLISnapshotTests {
         #expect(output.contains("Weekly: 75% left"))
         #expect(output.contains("Credits: 42"))
         #expect(output.contains("Account: user@example.com"))
-        #expect(output.contains("Plan: Pro"))
+        #expect(output.contains("Plan: Pro 20x"))
     }
 
     @Test
-    func rendersTextSnapshotForClaudeWithoutWeekly() {
+    func `renders Codex prolite plan with multiplier display name`() {
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "user@example.com",
+            accountOrganization: nil,
+            loginMethod: "prolite")
+        let snap = UsageSnapshot(
+            primary: .init(usedPercent: 12, windowMinutes: 300, resetsAt: nil, resetDescription: "today at 3:00 PM"),
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: Date(timeIntervalSince1970: 0),
+            identity: identity)
+
+        let output = CLIRenderer.renderText(
+            provider: .codex,
+            snapshot: snap,
+            credits: nil,
+            context: RenderContext(
+                header: "Codex 1.2.3 (codex-cli)",
+                status: nil,
+                useColor: false,
+                resetStyle: .absolute))
+
+        #expect(output.contains("Plan: Pro 5x"))
+        #expect(!output.contains("Plan: Pro Lite"))
+        #expect(!output.contains("Plan: Prolite"))
+    }
+
+    @Test
+    func `renders Codex plan only limits as unavailable`() {
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "user@example.com",
+            accountOrganization: nil,
+            loginMethod: "pro")
+        let snap = UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: Date(timeIntervalSince1970: 0),
+            identity: identity)
+
+        let output = CLIRenderer.renderText(
+            provider: .codex,
+            snapshot: snap,
+            credits: nil,
+            context: RenderContext(
+                header: "Codex 1.2.3 (codex-cli)",
+                status: nil,
+                useColor: false,
+                resetStyle: .absolute))
+
+        #expect(output.contains("Limits: not available"))
+        #expect(output.contains("Account: user@example.com"))
+        #expect(output.contains("Plan: Pro 20x"))
+        #expect(!output.contains("Session:"))
+        #expect(!output.contains("Weekly:"))
+    }
+
+    @Test
+    func `renders text snapshot for claude without weekly`() {
         let snap = UsageSnapshot(
             primary: .init(usedPercent: 2, windowMinutes: nil, resetsAt: nil, resetDescription: "3pm (Europe/Vienna)"),
             secondary: nil,
@@ -66,7 +174,7 @@ struct CLISnapshotTests {
     }
 
     @Test
-    func rendersWarpUnlimitedAsDetailNotReset() {
+    func `renders warp unlimited as detail not reset`() {
         let meta = ProviderDescriptorRegistry.descriptor(for: .warp).metadata
         let snap = UsageSnapshot(
             primary: .init(usedPercent: 0, windowMinutes: nil, resetsAt: nil, resetDescription: "Unlimited"),
@@ -95,7 +203,7 @@ struct CLISnapshotTests {
     }
 
     @Test
-    func rendersWarpCreditsAsDetailAndResetAsDate() {
+    func `renders warp credits as detail and reset as date`() {
         let meta = ProviderDescriptorRegistry.descriptor(for: .warp).metadata
         let now = Date(timeIntervalSince1970: 0)
         let snap = UsageSnapshot(
@@ -130,7 +238,32 @@ struct CLISnapshotTests {
     }
 
     @Test
-    func rendersKiloPlanActivityAndFallbackNote() {
+    func `renders crof dollar balance as detail not reset`() {
+        let meta = ProviderDescriptorRegistry.descriptor(for: .crof).metadata
+        let snap = CrofUsageSnapshot(
+            credits: 9.9999,
+            requestsPlan: 1000,
+            usableRequests: 998,
+            updatedAt: Date(timeIntervalSince1970: 0)).toUsageSnapshot()
+
+        let output = CLIRenderer.renderText(
+            provider: .crof,
+            snapshot: snap,
+            credits: nil,
+            context: RenderContext(
+                header: "Crof",
+                status: nil,
+                useColor: false,
+                resetStyle: .countdown))
+
+        #expect(output.contains("\(meta.sessionLabel): 99% left"))
+        #expect(output.contains("\(meta.weeklyLabel): 100% left"))
+        #expect(output.contains("$9.99"))
+        #expect(!output.contains("Resets $9.99"))
+    }
+
+    @Test
+    func `renders kilo plan activity and fallback note`() {
         let now = Date(timeIntervalSince1970: 0)
         let identity = ProviderIdentitySnapshot(
             providerID: .kilo,
@@ -164,7 +297,7 @@ struct CLISnapshotTests {
     }
 
     @Test
-    func rendersKiloZeroTotalEdgeStateAsDetail() {
+    func `renders kilo zero total edge state as detail`() {
         let now = Date(timeIntervalSince1970: 0)
         let snap = KiloUsageSnapshot(
             creditsUsed: 0,
@@ -191,7 +324,7 @@ struct CLISnapshotTests {
     }
 
     @Test
-    func rendersKiloAutoTopUpOnlyAsActivityWithoutPlan() {
+    func `renders kilo auto top up only as activity without plan`() {
         let now = Date(timeIntervalSince1970: 0)
         let identity = ProviderIdentitySnapshot(
             providerID: .kilo,
@@ -220,7 +353,7 @@ struct CLISnapshotTests {
     }
 
     @Test
-    func rendersPaceLineWhenWeeklyHasReset() {
+    func `renders pace line when weekly has reset`() {
         let now = Date()
         let snap = UsageSnapshot(
             primary: nil,
@@ -246,7 +379,65 @@ struct CLISnapshotTests {
     }
 
     @Test
-    func rendersJSONPayload() throws {
+    func `renders Ollama weekly pace line when weekly window has reset`() {
+        let now = Date()
+        let snap = UsageSnapshot(
+            primary: .init(
+                usedPercent: 0,
+                windowMinutes: nil,
+                resetsAt: now.addingTimeInterval(4 * 3600),
+                resetDescription: nil),
+            secondary: .init(
+                usedPercent: 23,
+                windowMinutes: 10080,
+                resetsAt: now.addingTimeInterval(5 * 24 * 3600),
+                resetDescription: nil),
+            tertiary: nil,
+            updatedAt: now)
+
+        let output = CLIRenderer.renderText(
+            provider: .ollama,
+            snapshot: snap,
+            credits: nil,
+            context: RenderContext(
+                header: "Ollama (web)",
+                status: nil,
+                useColor: false,
+                resetStyle: .countdown))
+
+        #expect(output.contains("Weekly: 77% left"))
+        #expect(output.contains("Pace: 6% in reserve | Expected 29% used | Lasts until reset"))
+    }
+
+    @Test
+    func `hides Ollama weekly pace when weekly duration is missing`() {
+        let now = Date()
+        let snap = UsageSnapshot(
+            primary: nil,
+            secondary: .init(
+                usedPercent: 23,
+                windowMinutes: nil,
+                resetsAt: now.addingTimeInterval(5 * 24 * 3600),
+                resetDescription: nil),
+            tertiary: nil,
+            updatedAt: now)
+
+        let output = CLIRenderer.renderText(
+            provider: .ollama,
+            snapshot: snap,
+            credits: nil,
+            context: RenderContext(
+                header: "Ollama (web)",
+                status: nil,
+                useColor: false,
+                resetStyle: .countdown))
+
+        #expect(output.contains("Weekly: 77% left"))
+        #expect(!output.contains("Pace:"))
+    }
+
+    @Test
+    func `renders JSON payload`() throws {
         let snap = UsageSnapshot(
             primary: .init(usedPercent: 50, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
             secondary: .init(usedPercent: 10, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
@@ -286,7 +477,7 @@ struct CLISnapshotTests {
     }
 
     @Test
-    func encodesJSONWithSecondaryNullWhenMissing() throws {
+    func `encodes JSON with secondary null when missing`() throws {
         let snap = UsageSnapshot(
             primary: .init(usedPercent: 0, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
             secondary: nil,
@@ -305,21 +496,21 @@ struct CLISnapshotTests {
     }
 
     @Test
-    func parsesOutputFormat() {
+    func `parses output format`() {
         #expect(OutputFormat(argument: "json") == .json)
         #expect(OutputFormat(argument: "TEXT") == .text)
         #expect(OutputFormat(argument: "invalid") == nil)
     }
 
     @Test
-    func defaultsToUsageWhenNoCommandProvided() {
+    func `defaults to usage when no command provided`() {
         #expect(CodexBarCLI.effectiveArgv([]) == ["usage"])
         #expect(CodexBarCLI.effectiveArgv(["--format", "json"]).first == "usage")
         #expect(CodexBarCLI.effectiveArgv(["usage", "--format", "json"]).first == "usage")
     }
 
     @Test
-    func statusLineIsLastAndColoredWhenTTY() {
+    func `status line is last and colored when TTY`() {
         let identity = ProviderIdentitySnapshot(
             providerID: .claude,
             accountEmail: nil,
@@ -352,7 +543,7 @@ struct CLISnapshotTests {
     }
 
     @Test
-    func outputHasAnsiWhenTTYEvenWithoutStatus() {
+    func `output has ansi when TTY even without status`() {
         let snap = UsageSnapshot(
             primary: .init(usedPercent: 1, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
             secondary: nil,
@@ -373,7 +564,7 @@ struct CLISnapshotTests {
     }
 
     @Test
-    func ttyOutputColorsHeaderAndUsage() {
+    func `tty output colors header and usage`() {
         let snap = UsageSnapshot(
             primary: .init(usedPercent: 95, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
             secondary: .init(usedPercent: 80, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
@@ -396,7 +587,7 @@ struct CLISnapshotTests {
     }
 
     @Test
-    func statusLineIsPlainWhenNoTTY() {
+    func `status line is plain when no TTY`() {
         let identity = ProviderIdentitySnapshot(
             providerID: .codex,
             accountEmail: nil,
@@ -426,4 +617,27 @@ struct CLISnapshotTests {
         #expect(!output.contains("\u{001B}["))
         #expect(output.contains("Status: Operational – Operational"))
     }
+
+    @Test
+    func `renders 5-hour tertiary row for zai`() {
+        let snap = UsageSnapshot(
+            primary: .init(usedPercent: 9, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            secondary: .init(usedPercent: 50, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: .init(usedPercent: 25, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date(timeIntervalSince1970: 0))
+
+        let output = CLIRenderer.renderText(
+            provider: .zai,
+            snapshot: snap,
+            credits: nil,
+            context: RenderContext(
+                header: "z.ai 0.0.0 (zai)",
+                status: nil,
+                useColor: false,
+                resetStyle: .absolute))
+
+        #expect(output.contains("5-hour:"))
+        #expect(output.contains("Tokens:"))
+        #expect(output.contains("MCP:"))
+    }
 }
diff --git a/Tests/CodexBarTests/CLIWebFallbackTests.swift b/Tests/CodexBarTests/CLIWebFallbackTests.swift
index 8ebc1cbb1..df93a6f0a 100644
--- a/Tests/CodexBarTests/CLIWebFallbackTests.swift
+++ b/Tests/CodexBarTests/CLIWebFallbackTests.swift
@@ -2,7 +2,6 @@ import Testing
 @testable import CodexBarCLI
 @testable import CodexBarCore
 
-@Suite
 struct CLIWebFallbackTests {
     private func makeContext(
         runtime: ProviderRuntime = .cli,
@@ -34,7 +33,7 @@ struct CLIWebFallbackTests {
     }
 
     @Test
-    func codexFallsBackWhenCookiesMissing() {
+    func `codex falls back when cookies missing`() {
         let context = self.makeContext()
         let strategy = CodexWebDashboardStrategy()
         #expect(strategy.shouldFallback(
@@ -55,7 +54,7 @@ struct CLIWebFallbackTests {
     }
 
     @Test
-    func codexFallsBackForDashboardDataErrorsInAuto() {
+    func `codex falls back for dashboard data errors in auto`() {
         let context = self.makeContext()
         let strategy = CodexWebDashboardStrategy()
         #expect(strategy.shouldFallback(
@@ -64,7 +63,65 @@ struct CLIWebFallbackTests {
     }
 
     @Test
-    func claudeFallsBackWhenNoSessionKey() {
+    func `codex retries fresh browser import for missing usage and no data`() {
+        #expect(CodexWebDashboardStrategy.shouldRetryWithFreshBrowserImport(
+            after: OpenAIWebCodexError.missingUsage))
+        #expect(CodexWebDashboardStrategy.shouldRetryWithFreshBrowserImport(
+            after: OpenAIDashboardFetcher.FetchError.noDashboardData(body: "missing")))
+        #expect(!CodexWebDashboardStrategy.shouldRetryWithFreshBrowserImport(
+            after: OpenAIDashboardFetcher.FetchError.loginRequired))
+    }
+
+    @Test
+    func `codex display only falls back in auto`() {
+        let strategy = CodexWebDashboardStrategy()
+        let decision = self.makeCodexDisplayOnlyDecision()
+
+        #expect(strategy.shouldFallback(
+            on: CodexDashboardPolicyError.displayOnly(decision),
+            context: self.makeContext(sourceMode: .auto)))
+    }
+
+    @Test
+    func `codex display only does not fall back in explicit web`() {
+        let strategy = CodexWebDashboardStrategy()
+        let decision = self.makeCodexDisplayOnlyDecision()
+
+        #expect(!strategy.shouldFallback(
+            on: CodexDashboardPolicyError.displayOnly(decision),
+            context: self.makeContext(sourceMode: .web)))
+    }
+
+    @Test
+    func `codex web strategy is unavailable when managed account store is unreadable`() async {
+        let context = self.makeContext(settings: ProviderSettingsSnapshot.make(
+            codex: .init(
+                usageDataSource: .auto,
+                cookieSource: .auto,
+                manualCookieHeader: nil,
+                managedAccountStoreUnreadable: true)))
+        let strategy = CodexWebDashboardStrategy()
+        let available = await strategy.isAvailable(context)
+
+        #expect(!available)
+    }
+
+    @Test
+    func `codex web strategy is unavailable when selected managed target is unavailable`() async {
+        let context = self.makeContext(settings: ProviderSettingsSnapshot.make(
+            codex: .init(
+                usageDataSource: .auto,
+                cookieSource: .auto,
+                manualCookieHeader: nil,
+                managedAccountTargetUnavailable: true)))
+        let strategy = CodexWebDashboardStrategy()
+        let available = await strategy.isAvailable(context)
+
+        #expect(!available)
+    }
+
+    @Test
+    func `claude falls back when no session key`() {
         let context = self.makeContext()
         let strategy = ClaudeWebFetchStrategy(browserDetection: BrowserDetection(cacheTTL: 0))
         #expect(strategy.shouldFallback(on: ClaudeWebAPIFetcher.FetchError.noSessionKeyFound, context: context))
@@ -72,7 +129,7 @@ struct CLIWebFallbackTests {
     }
 
     @Test
-    func claudeCLIFallbackIsEnabledOnlyForAppAuto() {
+    func `claude CLI fallback is enabled only for app auto`() {
         let strategy = ClaudeCLIFetchStrategy(
             useWebExtras: false,
             manualCookieHeader: nil,
@@ -94,10 +151,32 @@ struct CLIWebFallbackTests {
     }
 
     @Test
-    func claudeWebFallbackIsDisabledForAppAuto() {
+    func `claude web fallback is disabled for app auto`() {
         let strategy = ClaudeWebFetchStrategy(browserDetection: BrowserDetection(cacheTTL: 0))
         let error = ClaudeWebAPIFetcher.FetchError.unauthorized
         #expect(strategy.shouldFallback(on: error, context: self.makeContext(runtime: .cli, sourceMode: .auto)))
         #expect(!strategy.shouldFallback(on: error, context: self.makeContext(runtime: .app, sourceMode: .auto)))
     }
+
+    private func makeCodexDisplayOnlyDecision() -> CodexDashboardAuthorityDecision {
+        CodexDashboardAuthority.evaluate(
+            CodexDashboardAuthorityInput(
+                sourceKind: .liveWeb,
+                proof: CodexDashboardOwnershipProofContext(
+                    currentIdentity: .emailOnly(normalizedEmail: "shared@example.com"),
+                    expectedScopedEmail: nil,
+                    trustedCurrentUsageEmail: nil,
+                    dashboardSignedInEmail: "shared@example.com",
+                    knownOwners: [
+                        CodexDashboardKnownOwnerCandidate(
+                            identity: .providerAccount(id: "acct-alpha"),
+                            normalizedEmail: "shared@example.com"),
+                        CodexDashboardKnownOwnerCandidate(
+                            identity: .providerAccount(id: "acct-beta"),
+                            normalizedEmail: "shared@example.com"),
+                    ]),
+                routing: CodexDashboardRoutingHints(
+                    targetEmail: "shared@example.com",
+                    lastKnownDashboardRoutingEmail: nil)))
+    }
 }
diff --git a/Tests/CodexBarTests/ClaudeAdminAPIUsageTests.swift b/Tests/CodexBarTests/ClaudeAdminAPIUsageTests.swift
new file mode 100644
index 000000000..6a63827e9
--- /dev/null
+++ b/Tests/CodexBarTests/ClaudeAdminAPIUsageTests.swift
@@ -0,0 +1,196 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct ClaudeAdminAPIUsageTests {
+    private func makeContext(
+        apiKey: String = "sk-ant-admin-test",
+        sourceMode: ProviderSourceMode = .api) -> ProviderFetchContext
+    {
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        let env = [ClaudeAdminAPISettingsReader.adminAPIKeyEnvironmentKey: apiKey]
+        return ProviderFetchContext(
+            runtime: .app,
+            sourceMode: sourceMode,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: nil,
+            fetcher: UsageFetcher(environment: env),
+            claudeFetcher: ClaudeUsageFetcher(browserDetection: browserDetection),
+            browserDetection: browserDetection)
+    }
+
+    @Test
+    func `prefers primary Anthropic admin key environment variable`() {
+        let token = ClaudeAdminAPISettingsReader.apiKey(environment: [
+            ClaudeAdminAPISettingsReader.alternateAdminAPIKeyEnvironmentKey: "sk-ant-admin-alt",
+            ClaudeAdminAPISettingsReader.adminAPIKeyEnvironmentKey: "sk-ant-admin-primary",
+        ])
+
+        #expect(token == "sk-ant-admin-primary")
+    }
+
+    @Test
+    func `routes Claude token account admin keys into admin api environment`() {
+        let env = TokenAccountSupportCatalog.envOverride(for: .claude, token: "Bearer sk-ant-admin-token")
+
+        #expect(env?[ClaudeAdminAPISettingsReader.adminAPIKeyEnvironmentKey] == "sk-ant-admin-token")
+    }
+
+    @Test
+    func `auto source uses configured admin api key`() async {
+        let descriptor = ProviderDescriptorRegistry.descriptor(for: .claude)
+        let context = self.makeContext(sourceMode: .auto)
+        let strategies = await descriptor.fetchPlan.pipeline.resolveStrategies(context)
+
+        #expect(strategies.map(\.id) == ["claude.admin-api"])
+    }
+
+    @Test
+    func `parses Anthropic admin cost and messages usage into daily summaries`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let costs = """
+        {
+          "data": [
+            {
+              "starting_at": "2023-11-14T00:00:00Z",
+              "ending_at": "2023-11-15T00:00:00Z",
+              "results": [
+                {
+                  "currency": "USD",
+                  "amount": "12345.00",
+                  "description": "Claude Sonnet 4 Usage - Input Tokens",
+                  "cost_type": "tokens"
+                },
+                {
+                  "currency": "USD",
+                  "amount": "2500.00",
+                  "description": "Web Search Usage",
+                  "cost_type": "web_search"
+                }
+              ]
+            },
+            {
+              "starting_at": "2023-11-15T00:00:00Z",
+              "ending_at": "2023-11-16T00:00:00Z",
+              "results": [
+                {
+                  "currency": "USD",
+                  "amount": "5000",
+                  "description": "Claude Haiku Usage - Output Tokens",
+                  "cost_type": "tokens"
+                }
+              ]
+            }
+          ],
+          "has_more": false,
+          "next_page": null
+        }
+        """
+        let messages = """
+        {
+          "data": [
+            {
+              "starting_at": "2023-11-14T00:00:00Z",
+              "ending_at": "2023-11-15T00:00:00Z",
+              "results": [
+                {
+                  "uncached_input_tokens": 1500,
+                  "cache_creation": {
+                    "ephemeral_1h_input_tokens": 1000,
+                    "ephemeral_5m_input_tokens": 500
+                  },
+                  "cache_read_input_tokens": 200,
+                  "output_tokens": 500,
+                  "model": "claude-sonnet-4-20250514"
+                },
+                {
+                  "uncached_input_tokens": 100,
+                  "output_tokens": 50,
+                  "model": "claude-opus-4-20250514"
+                }
+              ]
+            },
+            {
+              "starting_at": "2023-11-15T00:00:00Z",
+              "ending_at": "2023-11-16T00:00:00Z",
+              "results": [
+                {
+                  "uncached_input_tokens": 200,
+                  "cache_read_input_tokens": 300,
+                  "output_tokens": 100,
+                  "model": "claude-sonnet-4-20250514"
+                }
+              ]
+            }
+          ],
+          "has_more": false,
+          "next_page": null
+        }
+        """
+
+        let snapshot = try ClaudeAdminAPIUsageFetcher._parseSnapshotForTesting(
+            costs: Data(costs.utf8),
+            messages: Data(messages.utf8),
+            now: now)
+
+        #expect(snapshot.daily.count == 2)
+        #expect(snapshot.daily[0].costUSD == 148.45)
+        #expect(snapshot.daily[0].inputTokens == 1600)
+        #expect(snapshot.daily[0].cacheCreationInputTokens == 1500)
+        #expect(snapshot.daily[0].cacheReadInputTokens == 200)
+        #expect(snapshot.daily[0].outputTokens == 550)
+        #expect(snapshot.daily[0].totalTokens == 3850)
+        #expect(snapshot.last30Days.costUSD == 198.45)
+        #expect(snapshot.last30Days.totalTokens == 4450)
+        #expect(snapshot.topModels.first?.name == "claude-sonnet-4-20250514")
+        #expect(snapshot.topModels.first?.totalTokens == 4300)
+    }
+
+    @Test
+    func `maps Anthropic admin usage to Claude usage snapshot`() {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let apiUsage = ClaudeAdminAPIUsageSnapshot(
+            daily: [
+                ClaudeAdminAPIUsageSnapshot.DailyBucket(
+                    day: "2023-11-14",
+                    startTime: now,
+                    endTime: now.addingTimeInterval(86400),
+                    costUSD: 8.5,
+                    inputTokens: 1000,
+                    cacheCreationInputTokens: 400,
+                    cacheReadInputTokens: 300,
+                    outputTokens: 250,
+                    totalTokens: 1950,
+                    costItems: [],
+                    models: []),
+            ],
+            updatedAt: now)
+
+        let usage = apiUsage.toUsageSnapshot()
+
+        #expect(usage.primary == nil)
+        #expect(usage.providerCost?.used == 8.5)
+        #expect(usage.providerCost?.limit == 0)
+        #expect(usage.providerCost?.period == "Last 30 days")
+        #expect(usage.claudeAdminAPIUsage?.last30Days.totalTokens == 1950)
+        #expect(usage.identity?.providerID == .claude)
+        #expect(usage.identity?.loginMethod == "Admin API")
+    }
+
+    @Test
+    func `fetch strategy reports admin api source label`() async throws {
+        let strategy = ClaudeAdminAPIFetchStrategy(usageFetcher: { apiKey in
+            #expect(apiKey == "sk-ant-admin-test")
+            return ClaudeAdminAPIUsageSnapshot(daily: [], updatedAt: Date(timeIntervalSince1970: 1_700_000_000))
+        })
+
+        let result = try await strategy.fetch(self.makeContext())
+
+        #expect(result.sourceLabel == "admin-api")
+        #expect(result.usage.identity?.loginMethod == "Admin API")
+    }
+}
diff --git a/Tests/CodexBarTests/ClaudeBaselineCharacterizationTests.swift b/Tests/CodexBarTests/ClaudeBaselineCharacterizationTests.swift
new file mode 100644
index 000000000..ff3a80c1a
--- /dev/null
+++ b/Tests/CodexBarTests/ClaudeBaselineCharacterizationTests.swift
@@ -0,0 +1,297 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct ClaudeBaselineCharacterizationTests {
+    private func makeStubClaudeCLI() throws -> String {
+        let sample = """
+        Current session
+        12% used  (Resets 11am)
+        Current week (all models)
+        40% used  (Resets Nov 21)
+        Current week (Sonnet only)
+        5% used (Resets Nov 21)
+        Account: user@example.com
+        Org: Example Org
+        """
+        let script = """
+        #!/bin/sh
+        cat <<'EOF'
+        \(sample)
+        EOF
+        """
+        let url = FileManager.default.temporaryDirectory
+            .appendingPathComponent("claude-stub-\(UUID().uuidString)")
+        try Data(script.utf8).write(to: url)
+        try FileManager.default.setAttributes([.posixPermissions: 0o755], ofItemAtPath: url.path)
+        return url.path
+    }
+
+    private func makeContext(
+        runtime: ProviderRuntime,
+        sourceMode: ProviderSourceMode,
+        env: [String: String] = [:],
+        settings: ProviderSettingsSnapshot? = nil) -> ProviderFetchContext
+    {
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        return ProviderFetchContext(
+            runtime: runtime,
+            sourceMode: sourceMode,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: settings,
+            fetcher: UsageFetcher(environment: env),
+            claudeFetcher: ClaudeUsageFetcher(browserDetection: browserDetection),
+            browserDetection: browserDetection)
+    }
+
+    private func strategyIDs(
+        runtime: ProviderRuntime,
+        sourceMode: ProviderSourceMode,
+        env: [String: String] = [:],
+        settings: ProviderSettingsSnapshot? = nil) async -> [String]
+    {
+        let descriptor = ProviderDescriptorRegistry.descriptor(for: .claude)
+        let context = self.makeContext(runtime: runtime, sourceMode: sourceMode, env: env, settings: settings)
+        let strategies = await descriptor.fetchPlan.pipeline.resolveStrategies(context)
+        return strategies.map(\.id)
+    }
+
+    private func fetchOutcome(
+        runtime: ProviderRuntime,
+        sourceMode: ProviderSourceMode,
+        env: [String: String] = [:],
+        settings: ProviderSettingsSnapshot? = nil) async -> ProviderFetchOutcome
+    {
+        let descriptor = ProviderDescriptorRegistry.descriptor(for: .claude)
+        let context = self.makeContext(runtime: runtime, sourceMode: sourceMode, env: env, settings: settings)
+        return await descriptor.fetchPlan.fetchOutcome(context: context, provider: .claude)
+    }
+
+    private func withNoOAuthCredentials<T>(operation: () async throws -> T) async rethrows -> T {
+        let missingCredentialsURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("missing-claude-creds-\(UUID().uuidString).json")
+        return try await KeychainCacheStore.withServiceOverrideForTesting("rat-110-\(UUID().uuidString)") {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+            return try await ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                try await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                    try await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(missingCredentialsURL) {
+                        try await ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(true) {
+                            try await ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                data: nil,
+                                fingerprint: nil)
+                            {
+                                try await operation()
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    @Test
+    func `app auto pipeline order is OAuth then CLI then web`() async {
+        let settings = ProviderSettingsSnapshot.make(claude: .init(
+            usageDataSource: .auto,
+            webExtrasEnabled: true,
+            cookieSource: .manual,
+            manualCookieHeader: "sessionKey=sk-ant-session-token"))
+        let env = [
+            ClaudeOAuthCredentialsStore.environmentTokenKey: "oauth-token",
+            ClaudeOAuthCredentialsStore.environmentScopesKey: "user:profile",
+            "CLAUDE_CLI_PATH": "/usr/bin/true",
+        ]
+        let strategyIDs = await self.strategyIDs(runtime: .app, sourceMode: .auto, env: env, settings: settings)
+        #expect(strategyIDs == ["claude.oauth", "claude.cli", "claude.web"])
+    }
+
+    @Test
+    func `CLI auto pipeline order is web then CLI`() async {
+        let settings = ProviderSettingsSnapshot.make(claude: .init(
+            usageDataSource: .auto,
+            webExtrasEnabled: false,
+            cookieSource: .manual,
+            manualCookieHeader: "sessionKey=sk-ant-session-token"))
+        let env = [
+            "CLAUDE_CLI_PATH": "/usr/bin/true",
+        ]
+        let strategyIDs = await self.strategyIDs(runtime: .cli, sourceMode: .auto, env: env, settings: settings)
+        #expect(strategyIDs == ["claude.web", "claude.cli"])
+    }
+
+    @Test
+    func `explicit CLI pipeline attempts strategy even when planner marks CLI unavailable`() async {
+        let settings = ProviderSettingsSnapshot.make(claude: .init(
+            usageDataSource: .cli,
+            webExtrasEnabled: false,
+            cookieSource: .off,
+            manualCookieHeader: nil))
+        let env = [
+            "CLAUDE_CLI_PATH": "/definitely/missing/claude",
+        ]
+        let descriptor = ProviderDescriptorRegistry.descriptor(for: .claude)
+        let context = self.makeContext(runtime: .app, sourceMode: .cli, env: env, settings: settings)
+        let strategies = await descriptor.fetchPlan.pipeline.resolveStrategies(context)
+
+        #expect(strategies.map(\.id) == ["claude.cli"])
+        #expect(await strategies[0].isAvailable(context))
+    }
+
+    @Test
+    func `auto pipeline records unavailable planned steps when planner has no executable source`() async {
+        let settings = ProviderSettingsSnapshot.make(claude: .init(
+            usageDataSource: .auto,
+            webExtrasEnabled: true,
+            cookieSource: .off,
+            manualCookieHeader: nil))
+        let env = ["CLAUDE_CLI_PATH": "/definitely/missing/claude"]
+
+        await self.withNoOAuthCredentials {
+            await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting("/definitely/missing/claude") {
+                let strategyIDs = await self.strategyIDs(runtime: .app, sourceMode: .auto, env: env, settings: settings)
+                #expect(strategyIDs == ["claude.oauth", "claude.cli", "claude.web"])
+
+                let outcome = await self.fetchOutcome(runtime: .app, sourceMode: .auto, env: env, settings: settings)
+                #expect(outcome.attempts.map(\.strategyID) == ["claude.oauth", "claude.cli", "claude.web"])
+                #expect(outcome.attempts.map(\.wasAvailable) == [false, false, false])
+
+                switch outcome.result {
+                case let .failure(error as ProviderFetchError):
+                    switch error {
+                    case let .noAvailableStrategy(provider):
+                        #expect(provider == .claude)
+                    }
+                case let .failure(error):
+                    Issue.record("Unexpected failure: \(error)")
+                case let .success(result):
+                    Issue.record("Unexpected success: \(result.sourceLabel)")
+                }
+            }
+        }
+    }
+
+    @Test
+    func `app auto pipeline retains OAuth bootstrap strategy at startup`() async {
+        let settings = ProviderSettingsSnapshot.make(claude: .init(
+            usageDataSource: .auto,
+            webExtrasEnabled: false,
+            cookieSource: .off,
+            manualCookieHeader: nil))
+
+        await ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+            ClaudeOAuthCredentialsStore.invalidateCache()
+            ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
+            ClaudeOAuthKeychainAccessGate.resetForTesting()
+            defer {
+                ClaudeOAuthCredentialsStore.invalidateCache()
+                ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
+                ClaudeOAuthKeychainAccessGate.resetForTesting()
+            }
+
+            await self.withNoOAuthCredentials {
+                let strategyIDs = await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
+                    .onlyOnUserAction)
+                {
+                    await ProviderRefreshContext.$current.withValue(.startup) {
+                        await ProviderInteractionContext.$current.withValue(.background) {
+                            await self.strategyIDs(runtime: .app, sourceMode: .auto, settings: settings)
+                        }
+                    }
+                }
+                #expect(strategyIDs.first == "claude.oauth")
+                #expect(strategyIDs.contains("claude.oauth"))
+            }
+        }
+    }
+
+    @Test
+    func `auto pipeline CLI uses planned environment for execution`() async throws {
+        let settings = ProviderSettingsSnapshot.make(claude: .init(
+            usageDataSource: .auto,
+            webExtrasEnabled: false,
+            cookieSource: .off,
+            manualCookieHeader: nil))
+        let stubCLIPath = try self.makeStubClaudeCLI()
+        let env = ["CLAUDE_CLI_PATH": stubCLIPath]
+
+        await self.withNoOAuthCredentials {
+            let fetchOverride: @Sendable (String, TimeInterval, Bool) async throws
+                -> ClaudeStatusSnapshot = { binary, _, _ in
+                    #expect(binary == stubCLIPath)
+                    return ClaudeStatusSnapshot(
+                        sessionPercentLeft: 88,
+                        weeklyPercentLeft: 60,
+                        opusPercentLeft: 95,
+                        accountEmail: "user@example.com",
+                        accountOrganization: "Example Org",
+                        loginMethod: nil,
+                        primaryResetDescription: "Resets 11am",
+                        secondaryResetDescription: "Resets Nov 21",
+                        opusResetDescription: "Resets Nov 21",
+                        rawText: "stub")
+                }
+            let outcome = await ClaudeStatusProbe.$fetchOverride.withValue(fetchOverride) {
+                await self.fetchOutcome(runtime: .app, sourceMode: .auto, env: env, settings: settings)
+            }
+
+            #expect(outcome.attempts.map(\.strategyID) == ["claude.oauth", "claude.cli"])
+            #expect(outcome.attempts.map(\.wasAvailable) == [false, true])
+
+            switch outcome.result {
+            case let .success(result):
+                #expect(result.strategyID == "claude.cli")
+                #expect(result.sourceLabel == "claude")
+                #expect(result.usage.primary?.usedPercent == 12)
+                #expect(result.usage.secondary?.usedPercent == 40)
+                #expect(result.usage.tertiary?.usedPercent == 5)
+                #expect(result.usage.identity?.accountEmail == "user@example.com")
+            case let .failure(error):
+                Issue.record("Unexpected failure: \(error)")
+            }
+        }
+    }
+
+    @Test(arguments: [
+        (ProviderSourceMode.oauth, "claude.oauth"),
+        (ProviderSourceMode.cli, "claude.cli"),
+        (ProviderSourceMode.web, "claude.web"),
+    ])
+    func `explicit modes resolve single Claude strategy`(
+        sourceMode: ProviderSourceMode,
+        expectedStrategyID: String) async
+    {
+        let strategyIDs = await self.strategyIDs(runtime: .app, sourceMode: sourceMode)
+        #expect(strategyIDs == [expectedStrategyID])
+    }
+
+    @Test(arguments: [
+        (ProviderSourceMode.oauth, "claude.oauth"),
+        (ProviderSourceMode.cli, "claude.cli"),
+        (ProviderSourceMode.web, "claude.web"),
+    ])
+    func `CLI explicit modes resolve single Claude strategy`(
+        sourceMode: ProviderSourceMode,
+        expectedStrategyID: String) async
+    {
+        let strategyIDs = await self.strategyIDs(runtime: .cli, sourceMode: sourceMode)
+        #expect(strategyIDs == [expectedStrategyID])
+    }
+
+    @Test
+    func `Claude OAuth token heuristics accept raw and bearer inputs`() {
+        #expect(TokenAccountSupportCatalog.isClaudeOAuthToken("sk-ant-oat-test-token"))
+        #expect(TokenAccountSupportCatalog.isClaudeOAuthToken("Bearer sk-ant-oat-test-token"))
+    }
+
+    @Test
+    func `Claude OAuth token heuristics reject cookie shaped inputs`() {
+        #expect(!TokenAccountSupportCatalog.isClaudeOAuthToken("sessionKey=sk-ant-session"))
+        #expect(!TokenAccountSupportCatalog.isClaudeOAuthToken("Cookie: sessionKey=sk-ant-session; foo=bar"))
+    }
+}
diff --git a/Tests/CodexBarTests/ClaudeCLITimeoutRetryTests.swift b/Tests/CodexBarTests/ClaudeCLITimeoutRetryTests.swift
new file mode 100644
index 000000000..4f49ed02d
--- /dev/null
+++ b/Tests/CodexBarTests/ClaudeCLITimeoutRetryTests.swift
@@ -0,0 +1,265 @@
+import Foundation
+import Testing
+@testable import CodexBar
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct ClaudeCLITimeoutRetryTests {
+    private actor AttemptRecorder {
+        private var count = 0
+        private var timeouts: [TimeInterval] = []
+
+        func record(timeout: TimeInterval) -> Int {
+            self.count += 1
+            self.timeouts.append(timeout)
+            return self.count
+        }
+
+        func snapshot() -> (count: Int, timeouts: [TimeInterval]) {
+            (self.count, self.timeouts)
+        }
+    }
+
+    private final class WebRequestRecorder: @unchecked Sendable {
+        private let lock = NSLock()
+        private var paths: [String] = []
+
+        func record(_ path: String) {
+            self.lock.withLock {
+                self.paths.append(path)
+            }
+        }
+
+        func snapshot() -> [String] {
+            self.lock.withLock {
+                self.paths
+            }
+        }
+    }
+
+    @Test
+    func `cli usage retries with longer timeout after transient probe failure`() async throws {
+        let attempts = AttemptRecorder()
+        let fetcher = ClaudeUsageFetcher(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            environment: [:],
+            dataSource: .cli)
+
+        let fetchOverride: ClaudeStatusProbe.FetchOverride = { _, timeout, _ in
+            let attempt = await attempts.record(timeout: timeout)
+            if attempt == 1 {
+                throw ClaudeStatusProbeError.timedOut
+            }
+            return ClaudeStatusSnapshot(
+                sessionPercentLeft: 91,
+                weeklyPercentLeft: 88,
+                opusPercentLeft: nil,
+                accountEmail: "cli@example.com",
+                accountOrganization: "CLI Org",
+                loginMethod: "cli",
+                primaryResetDescription: nil,
+                secondaryResetDescription: nil,
+                opusResetDescription: nil,
+                rawText: "probe raw")
+        }
+
+        let snapshot = try await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting("/usr/bin/true") {
+            try await ClaudeStatusProbe.withFetchOverrideForTesting(fetchOverride) {
+                try await fetcher.loadLatestUsage(model: "sonnet")
+            }
+        }
+
+        let recorded = await attempts.snapshot()
+        #expect(recorded.count == 2)
+        #expect(recorded.timeouts == [24, 60])
+        #expect(snapshot.primary.usedPercent == 9)
+        #expect(snapshot.secondary?.usedPercent == 12)
+        #expect(snapshot.accountEmail == "cli@example.com")
+    }
+
+    @Test
+    func `auto cli usage does not retry unrecoverable parse failure`() async throws {
+        let attempts = AttemptRecorder()
+        let fetcher = ClaudeUsageFetcher(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            environment: [:],
+            dataSource: .auto,
+            manualCookieHeader: "foo=bar")
+
+        let fetchOverride: ClaudeStatusProbe.FetchOverride = { _, timeout, _ in
+            _ = await attempts.record(timeout: timeout)
+            throw ClaudeStatusProbeError.parseFailed("Missing Current session.")
+        }
+
+        await #expect(throws: ClaudeStatusProbeError.self) {
+            try await self.withNoOAuthCredentials {
+                try await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting("/usr/bin/true") {
+                    try await ClaudeStatusProbe.withFetchOverrideForTesting(fetchOverride) {
+                        try await fetcher.loadLatestUsage(model: "sonnet")
+                    }
+                }
+            }
+        }
+
+        let recorded = await attempts.snapshot()
+        #expect(recorded.count == 1)
+        #expect(recorded.timeouts == [12])
+    }
+
+    @Test
+    func `auto cli usage retries loading panel before stale web fallback`() async throws {
+        let attempts = AttemptRecorder()
+        let webRequests = WebRequestRecorder()
+        let fetcher = ClaudeUsageFetcher(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            environment: [:],
+            dataSource: .auto,
+            manualCookieHeader: "sessionKey=sk-ant-session-token")
+
+        let fetchOverride: ClaudeStatusProbe.FetchOverride = { _, timeout, _ in
+            let attempt = await attempts.record(timeout: timeout)
+            if attempt == 1 {
+                throw ClaudeStatusProbeError.parseFailed("Claude CLI /usage is still loading usage data.")
+            }
+            return ClaudeStatusSnapshot(
+                sessionPercentLeft: 95,
+                weeklyPercentLeft: 93,
+                opusPercentLeft: nil,
+                accountEmail: "loading-cli@example.com",
+                accountOrganization: "Loading CLI Org",
+                loginMethod: "cli",
+                primaryResetDescription: nil,
+                secondaryResetDescription: nil,
+                opusResetDescription: nil,
+                rawText: "probe raw")
+        }
+
+        let snapshot = try await self.withNoOAuthCredentials {
+            try await self.withClaudeWebStub(handler: { request in
+                webRequests.record(request.url?.path ?? "<missing>")
+                throw URLError(.userAuthenticationRequired)
+            }, operation: {
+                try await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting("/usr/bin/true") {
+                    try await ClaudeStatusProbe.withFetchOverrideForTesting(fetchOverride) {
+                        try await fetcher.loadLatestUsage(model: "sonnet")
+                    }
+                }
+            })
+        }
+
+        let recorded = await attempts.snapshot()
+        #expect(recorded.count == 2)
+        #expect(recorded.timeouts == [12, 60])
+        #expect(webRequests.snapshot().isEmpty)
+        #expect(snapshot.primary.usedPercent == 5)
+        #expect(snapshot.secondary?.usedPercent == 7)
+        #expect(snapshot.accountEmail == "loading-cli@example.com")
+    }
+
+    @Test
+    func `auto cli usage retries timeout when cli is final source`() async throws {
+        let attempts = AttemptRecorder()
+        let fetcher = ClaudeUsageFetcher(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            environment: [:],
+            dataSource: .auto,
+            manualCookieHeader: "foo=bar")
+
+        let fetchOverride: ClaudeStatusProbe.FetchOverride = { _, timeout, _ in
+            let attempt = await attempts.record(timeout: timeout)
+            if attempt == 1 {
+                throw ClaudeStatusProbeError.timedOut
+            }
+            return ClaudeStatusSnapshot(
+                sessionPercentLeft: 72,
+                weeklyPercentLeft: 64,
+                opusPercentLeft: nil,
+                accountEmail: "auto-cli@example.com",
+                accountOrganization: "Auto CLI Org",
+                loginMethod: "cli",
+                primaryResetDescription: nil,
+                secondaryResetDescription: nil,
+                opusResetDescription: nil,
+                rawText: "probe raw")
+        }
+
+        let snapshot = try await self.withNoOAuthCredentials {
+            try await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting("/usr/bin/true") {
+                try await ClaudeStatusProbe.withFetchOverrideForTesting(fetchOverride) {
+                    try await fetcher.loadLatestUsage(model: "sonnet")
+                }
+            }
+        }
+
+        let recorded = await attempts.snapshot()
+        #expect(recorded.count == 2)
+        #expect(recorded.timeouts == [12, 60])
+        #expect(snapshot.primary.usedPercent == 28)
+        #expect(snapshot.secondary?.usedPercent == 36)
+        #expect(snapshot.accountEmail == "auto-cli@example.com")
+    }
+
+    @Test
+    func `cli usage does not retry cancelled probe`() async throws {
+        let attempts = AttemptRecorder()
+        let fetcher = ClaudeUsageFetcher(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            environment: [:],
+            dataSource: .cli)
+
+        let fetchOverride: ClaudeStatusProbe.FetchOverride = { _, timeout, _ in
+            _ = await attempts.record(timeout: timeout)
+            throw CancellationError()
+        }
+
+        await #expect(throws: CancellationError.self) {
+            try await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting("/usr/bin/true") {
+                try await ClaudeStatusProbe.withFetchOverrideForTesting(fetchOverride) {
+                    try await fetcher.loadLatestUsage(model: "sonnet")
+                }
+            }
+        }
+
+        let recorded = await attempts.snapshot()
+        #expect(recorded.count == 1)
+        #expect(recorded.timeouts == [24])
+    }
+
+    private func withNoOAuthCredentials<T>(operation: () async throws -> T) async rethrows -> T {
+        let missingCredentialsURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("missing-claude-creds-\(UUID().uuidString).json")
+        return try await KeychainCacheStore.withServiceOverrideForTesting("rat-107-\(UUID().uuidString)") {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+            return try await ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                try await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                    try await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(missingCredentialsURL) {
+                        try await ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(true) {
+                            try await ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                data: nil,
+                                fingerprint: nil)
+                            {
+                                try await operation()
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    private func withClaudeWebStub<T>(
+        handler: @escaping (URLRequest) throws -> (HTTPURLResponse, Data),
+        operation: () async throws -> T) async rethrows -> T
+    {
+        let registered = URLProtocol.registerClass(ClaudeAutoFetcherStubURLProtocol.self)
+        ClaudeAutoFetcherStubURLProtocol.handler = handler
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(ClaudeAutoFetcherStubURLProtocol.self)
+            }
+            ClaudeAutoFetcherStubURLProtocol.handler = nil
+        }
+        return try await operation()
+    }
+}
diff --git a/Tests/CodexBarTests/ClaudeCredentialRoutingTests.swift b/Tests/CodexBarTests/ClaudeCredentialRoutingTests.swift
new file mode 100644
index 000000000..e711d0388
--- /dev/null
+++ b/Tests/CodexBarTests/ClaudeCredentialRoutingTests.swift
@@ -0,0 +1,58 @@
+import CodexBarCore
+import Testing
+
+struct ClaudeCredentialRoutingTests {
+    @Test
+    func `resolves raw OAuth token`() {
+        let routing = ClaudeCredentialRouting.resolve(
+            tokenAccountToken: "sk-ant-oat-test-token",
+            manualCookieHeader: nil)
+
+        #expect(routing == .oauth(accessToken: "sk-ant-oat-test-token"))
+    }
+
+    @Test
+    func `resolves bearer OAuth token`() {
+        let routing = ClaudeCredentialRouting.resolve(
+            tokenAccountToken: "Bearer sk-ant-oat-test-token",
+            manualCookieHeader: nil)
+
+        #expect(routing == .oauth(accessToken: "sk-ant-oat-test-token"))
+    }
+
+    @Test
+    func `resolves session token to cookie header`() {
+        let routing = ClaudeCredentialRouting.resolve(
+            tokenAccountToken: "sk-ant-session-token",
+            manualCookieHeader: nil)
+
+        #expect(routing == .webCookie(header: "sessionKey=sk-ant-session-token"))
+    }
+
+    @Test
+    func `resolves config cookie header through shared normalizer`() {
+        let routing = ClaudeCredentialRouting.resolve(
+            tokenAccountToken: nil,
+            manualCookieHeader: "Cookie: sessionKey=sk-ant-session-token; foo=bar")
+
+        #expect(routing == .webCookie(header: "sessionKey=sk-ant-session-token; foo=bar"))
+    }
+
+    @Test
+    func `token account input wins over config cookie fallback`() {
+        let routing = ClaudeCredentialRouting.resolve(
+            tokenAccountToken: "Bearer sk-ant-oat-test-token",
+            manualCookieHeader: "Cookie: sessionKey=sk-ant-session-token")
+
+        #expect(routing == .oauth(accessToken: "sk-ant-oat-test-token"))
+    }
+
+    @Test
+    func `empty inputs resolve to none`() {
+        let routing = ClaudeCredentialRouting.resolve(
+            tokenAccountToken: "   ",
+            manualCookieHeader: "\n")
+
+        #expect(routing == .none)
+    }
+}
diff --git a/Tests/CodexBarTests/ClaudeDebugDiagnosticsTests.swift b/Tests/CodexBarTests/ClaudeDebugDiagnosticsTests.swift
new file mode 100644
index 000000000..e67706257
--- /dev/null
+++ b/Tests/CodexBarTests/ClaudeDebugDiagnosticsTests.swift
@@ -0,0 +1,461 @@
+import Foundation
+import Testing
+@testable import CodexBar
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct ClaudeDebugDiagnosticsTests {
+    private func makeCredentialsData(
+        accessToken: String,
+        expiresAt: Date,
+        refreshToken: String? = nil) -> Data
+    {
+        let refreshTokenLine = if let refreshToken {
+            """
+                "refreshToken": "\(refreshToken)",
+            """
+        } else {
+            ""
+        }
+        let json = """
+        {
+          "claudeAiOauth": {
+            "accessToken": "\(accessToken)",
+        \(refreshTokenLine)
+            "expiresAt": \(Int(expiresAt.timeIntervalSince1970 * 1000)),
+            "scopes": ["user:profile"]
+          }
+        }
+        """
+        return Data(json.utf8)
+    }
+
+    @Test
+    func `debug log uses planner derived order and reasons`() async throws {
+        let suite = "ClaudeDebugDiagnosticsTests-\(UUID().uuidString)"
+        let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
+        let tempDir = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+        let credentialsURL = tempDir.appendingPathComponent("credentials.json")
+        let credsJSON = """
+        {
+          "claudeAiOauth": {
+            "accessToken": "oauth-token",
+            "expiresAt": \(Int(Date(timeIntervalSinceNow: 3600).timeIntervalSince1970 * 1000)),
+            "scopes": ["user:profile"]
+          }
+        }
+        """
+        try Data(credsJSON.utf8).write(to: credentialsURL)
+
+        let store = try await MainActor.run { () -> UsageStore in
+            let defaults = try #require(UserDefaults(suiteName: suite))
+            defaults.removePersistentDomain(forName: suite)
+            let configStore = testConfigStore(suiteName: suite)
+            let settings = SettingsStore(
+                userDefaults: defaults,
+                configStore: configStore,
+                zaiTokenStore: NoopZaiTokenStore())
+            settings.claudeUsageDataSource = .auto
+            settings.claudeCookieSource = .manual
+            settings.claudeCookieHeader = "sessionKey=sk-ant-session-token"
+
+            return UsageStore(
+                fetcher: UsageFetcher(),
+                browserDetection: BrowserDetection(cacheTTL: 0),
+                settings: settings)
+        }
+
+        let text = await KeychainCacheStore.withServiceOverrideForTesting(service) {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+            return await ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                    await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(credentialsURL) {
+                        await store.debugLog(for: .claude)
+                    }
+                }
+            }
+        }
+
+        #expect(text.contains("planner_order=oauth→cli→web"))
+        #expect(text.contains("planner_selected=oauth"))
+        #expect(text.contains("planner_no_source=false"))
+        #expect(text.contains("planner_step.oauth=available reason=app-auto-preferred-oauth"))
+        #expect(text.contains("planner_step.cli="))
+        #expect(text.contains("reason=app-auto-fallback-cli"))
+        #expect(text.contains("planner_step.web=available reason=app-auto-fallback-web"))
+        #expect(!text.contains("auto_heuristic="))
+    }
+
+    @Test
+    func `debug log reports no planner selected source when auto has no available sources`() async throws {
+        let suite = "ClaudeDebugDiagnosticsTests-\(UUID().uuidString)"
+        let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
+        let tempDir = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+        let missingCredentialsURL = tempDir.appendingPathComponent("missing-credentials.json")
+
+        let store = try await MainActor.run { () -> UsageStore in
+            let defaults = try #require(UserDefaults(suiteName: suite))
+            defaults.removePersistentDomain(forName: suite)
+            let configStore = testConfigStore(suiteName: suite)
+            let settings = SettingsStore(
+                userDefaults: defaults,
+                configStore: configStore,
+                zaiTokenStore: NoopZaiTokenStore())
+            settings.claudeUsageDataSource = .auto
+            settings.claudeCookieSource = .off
+            settings.claudeWebExtrasEnabled = true
+
+            return UsageStore(
+                fetcher: UsageFetcher(),
+                browserDetection: BrowserDetection(cacheTTL: 0),
+                settings: settings)
+        }
+
+        let text = await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting("/definitely/missing/claude") {
+            await KeychainCacheStore.withServiceOverrideForTesting(service) {
+                KeychainCacheStore.setTestStoreForTesting(true)
+                defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+                return await ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                    await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                        await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(missingCredentialsURL) {
+                            await ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(true) {
+                                await ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                    data: nil,
+                                    fingerprint: nil)
+                                {
+                                    await store.debugLog(for: .claude)
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        #expect(text.contains("planner_selected=none"))
+        #expect(text.contains("planner_no_source=true"))
+        #expect(text.contains("No planner-selected Claude source."))
+        #expect(!text.contains("web_extras=enabled"))
+    }
+
+    @Test
+    func `debug Claude dump returns recorded parse dumps`() async {
+        await ClaudeStatusProbe._replaceDumpsForTesting([
+            "dump one",
+            "dump two",
+        ])
+
+        let store = await MainActor.run {
+            UsageStore(
+                fetcher: UsageFetcher(),
+                browserDetection: BrowserDetection(cacheTTL: 0),
+                settings: SettingsStore(
+                    userDefaults: UserDefaults(),
+                    configStore: testConfigStore(suiteName: "ClaudeDebugDiagnosticsTests-\(UUID().uuidString)"),
+                    zaiTokenStore: NoopZaiTokenStore()))
+        }
+        let text = await store.debugClaudeDump()
+
+        #expect(text.contains("dump one"))
+        #expect(text.contains("dump two"))
+        #expect(!text.contains("planner_order="))
+        await ClaudeStatusProbe._replaceDumpsForTesting([])
+    }
+
+    @Test
+    func `debug log uses runtime OAuth availability for token account routing`() async throws {
+        let suite = "ClaudeDebugDiagnosticsTests-\(UUID().uuidString)"
+        let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
+        let tempDir = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+        let missingCredentialsURL = tempDir.appendingPathComponent("missing-credentials.json")
+
+        let store = try await MainActor.run { () -> UsageStore in
+            let defaults = try #require(UserDefaults(suiteName: suite))
+            defaults.removePersistentDomain(forName: suite)
+            let configStore = testConfigStore(suiteName: suite)
+            let settings = SettingsStore(
+                userDefaults: defaults,
+                configStore: configStore,
+                zaiTokenStore: NoopZaiTokenStore())
+            settings.claudeUsageDataSource = .auto
+            settings.claudeCookieSource = .off
+            settings.addTokenAccount(
+                provider: .claude,
+                label: "OAuth Account",
+                token: "sk-ant-oat-test-token")
+
+            return UsageStore(
+                fetcher: UsageFetcher(),
+                browserDetection: BrowserDetection(cacheTTL: 0),
+                settings: settings)
+        }
+
+        let text = await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting("/definitely/missing/claude") {
+            await KeychainCacheStore.withServiceOverrideForTesting(service) {
+                KeychainCacheStore.setTestStoreForTesting(true)
+                defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+                return await ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                    await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                        await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(missingCredentialsURL) {
+                            await ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(true) {
+                                await ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                    data: nil,
+                                    fingerprint: nil)
+                                {
+                                    await store.debugLog(for: .claude)
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        #expect(text.contains("planner_selected=oauth"))
+        #expect(text.contains("hasOAuthCredentials=true"))
+        #expect(text.contains("oauthCredentialOwner=environment"))
+        #expect(text.contains("oauthCredentialSource=environment"))
+        #expect(!text.contains("planner_selected=none"))
+    }
+
+    @Test
+    func `debug log preserves CLI probe overrides across detached work`() async throws {
+        let suite = "ClaudeDebugDiagnosticsTests-\(UUID().uuidString)"
+        let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
+        let tempDir = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+        let missingCredentialsURL = tempDir.appendingPathComponent("missing-credentials.json")
+        let store = try await MainActor.run { () -> UsageStore in
+            let defaults = try #require(UserDefaults(suiteName: suite))
+            defaults.removePersistentDomain(forName: suite)
+            let configStore = testConfigStore(suiteName: suite)
+            let settings = SettingsStore(
+                userDefaults: defaults,
+                configStore: configStore,
+                zaiTokenStore: NoopZaiTokenStore())
+            settings.claudeUsageDataSource = .cli
+            settings.claudeCookieSource = .off
+
+            return UsageStore(
+                fetcher: UsageFetcher(),
+                browserDetection: BrowserDetection(cacheTTL: 0),
+                settings: settings)
+        }
+
+        let fetchOverride: ClaudeStatusProbe.FetchOverride = { resolved, _, _ in
+            #expect(resolved == "/usr/bin/true")
+            return ClaudeStatusSnapshot(
+                sessionPercentLeft: 76,
+                weeklyPercentLeft: 55,
+                opusPercentLeft: nil,
+                accountEmail: "cli@example.com",
+                accountOrganization: "CLI Org",
+                loginMethod: "cli",
+                primaryResetDescription: "Mar 7 at 1pm",
+                secondaryResetDescription: nil,
+                opusResetDescription: nil,
+                rawText: "probe raw")
+        }
+
+        let text = await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting("/usr/bin/true") {
+            await KeychainCacheStore.withServiceOverrideForTesting(service) {
+                KeychainCacheStore.setTestStoreForTesting(true)
+                defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+                return await ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                    await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                        await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(missingCredentialsURL) {
+                            await ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(true) {
+                                await ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                    data: nil,
+                                    fingerprint: nil)
+                                {
+                                    await ClaudeStatusProbe.withFetchOverrideForTesting(fetchOverride) {
+                                        await store.debugLog(for: .claude)
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        #expect(text.contains("planner_selected=cli"))
+        #expect(text.contains("session_left=76.0 weekly_left=55.0"))
+        #expect(text.contains("email cli@example.com"))
+    }
+
+    @Test
+    func `debug log uses user initiated interaction for OAuth prompt gate`() async throws {
+        let suite = "ClaudeDebugDiagnosticsTests-\(UUID().uuidString)"
+        let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
+        let tempDir = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+        let missingCredentialsURL = tempDir.appendingPathComponent("missing-credentials.json")
+        let securityData = self.makeCredentialsData(
+            accessToken: "user-initiated-oauth",
+            expiresAt: Date(timeIntervalSinceNow: 3600))
+        let deniedStore = ClaudeOAuthKeychainAccessGate.DeniedUntilStore()
+        deniedStore.deniedUntil = Date(timeIntervalSinceNow: 300)
+
+        let store = try await MainActor.run { () -> UsageStore in
+            let defaults = try #require(UserDefaults(suiteName: suite))
+            defaults.removePersistentDomain(forName: suite)
+            let configStore = testConfigStore(suiteName: suite)
+            let settings = SettingsStore(
+                userDefaults: defaults,
+                configStore: configStore,
+                zaiTokenStore: NoopZaiTokenStore())
+            settings.claudeUsageDataSource = .auto
+            settings.claudeCookieSource = .off
+
+            return UsageStore(
+                fetcher: UsageFetcher(),
+                browserDetection: BrowserDetection(cacheTTL: 0),
+                settings: settings)
+        }
+
+        let text = await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting("/definitely/missing/claude") {
+            await KeychainCacheStore.withServiceOverrideForTesting(service) {
+                KeychainCacheStore.setTestStoreForTesting(true)
+                defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+                return await ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                    await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                        await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(missingCredentialsURL) {
+                            await ClaudeOAuthKeychainAccessGate.withDeniedUntilStoreOverrideForTesting(deniedStore) {
+                                await ClaudeOAuthKeychainPromptPreference
+                                    .withTaskOverrideForTesting(.onlyOnUserAction) {
+                                        await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
+                                            .securityCLIExperimental)
+                                        {
+                                            await ClaudeOAuthCredentialsStore.withSecurityCLIReadOverrideForTesting(
+                                                .data(securityData))
+                                            {
+                                                await ProviderInteractionContext.$current.withValue(.userInitiated) {
+                                                    await store.debugLog(for: .claude)
+                                                }
+                                            }
+                                        }
+                                    }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        #expect(text.contains("planner_selected=oauth"))
+        #expect(text.contains("hasOAuthCredentials=true"))
+    }
+
+    @Test
+    func `debug log invalidates cached planner output when Claude settings change`() async throws {
+        let suite = "ClaudeDebugDiagnosticsTests-\(UUID().uuidString)"
+        let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
+        let tempDir = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+        let missingCredentialsURL = tempDir.appendingPathComponent("missing-credentials.json")
+        let storeAndSettings = try await MainActor.run { () -> (UsageStore, SettingsStore) in
+            let defaults = try #require(UserDefaults(suiteName: suite))
+            defaults.removePersistentDomain(forName: suite)
+            let configStore = testConfigStore(suiteName: suite)
+            let settings = SettingsStore(
+                userDefaults: defaults,
+                configStore: configStore,
+                zaiTokenStore: NoopZaiTokenStore())
+            settings.claudeUsageDataSource = .cli
+            settings.claudeCookieSource = .off
+
+            let store = UsageStore(
+                fetcher: UsageFetcher(),
+                browserDetection: BrowserDetection(cacheTTL: 0),
+                settings: settings)
+            return (store, settings)
+        }
+        let store = storeAndSettings.0
+        let settings = storeAndSettings.1
+        let fetchOverride: ClaudeStatusProbe.FetchOverride = { _, _, _ in
+            ClaudeStatusSnapshot(
+                sessionPercentLeft: 80,
+                weeklyPercentLeft: 60,
+                opusPercentLeft: nil,
+                accountEmail: "cache@example.com",
+                accountOrganization: nil,
+                loginMethod: "cli",
+                primaryResetDescription: "Mar 7 at 1pm",
+                secondaryResetDescription: nil,
+                opusResetDescription: nil,
+                rawText: "probe raw")
+        }
+
+        let first = await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting("/usr/bin/true") {
+            await KeychainCacheStore.withServiceOverrideForTesting(service) {
+                KeychainCacheStore.setTestStoreForTesting(true)
+                defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+                return await ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                    await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                        await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(missingCredentialsURL) {
+                            await ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(false) {
+                                await ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                    data: nil,
+                                    fingerprint: nil)
+                                {
+                                    await ClaudeStatusProbe.withFetchOverrideForTesting(fetchOverride) {
+                                        await store.debugLog(for: .claude)
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        await MainActor.run {
+            settings.claudeUsageDataSource = .auto
+        }
+        await Task.yield()
+        await Task.yield()
+
+        let second = await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting("/definitely/missing/claude") {
+            await KeychainCacheStore.withServiceOverrideForTesting(service) {
+                KeychainCacheStore.setTestStoreForTesting(true)
+                defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+                return await ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                    await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                        await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(missingCredentialsURL) {
+                            await ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(true) {
+                                await ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                    data: nil,
+                                    fingerprint: nil)
+                                {
+                                    await store.debugLog(for: .claude)
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        #expect(first.contains("planner_selected=cli"))
+        #expect(second.contains("planner_selected=none"))
+    }
+}
diff --git a/Tests/CodexBarTests/ClaudeDirectUsageFallbackTests.swift b/Tests/CodexBarTests/ClaudeDirectUsageFallbackTests.swift
new file mode 100644
index 000000000..8b2375ac6
--- /dev/null
+++ b/Tests/CodexBarTests/ClaudeDirectUsageFallbackTests.swift
@@ -0,0 +1,152 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct ClaudeDirectUsageFallbackTests {
+    private final class InvocationLog: @unchecked Sendable {
+        private let url: URL
+        private let lock = NSLock()
+
+        init(url: URL) {
+            self.url = url
+        }
+
+        func contents() -> String {
+            self.lock.withLock {
+                (try? String(contentsOf: self.url, encoding: .utf8)) ?? ""
+            }
+        }
+    }
+
+    @Test
+    func `cli source falls back to direct usage when pty usage fails to load`() async throws {
+        let cliLogURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("claude-direct-fallback-log-\(UUID().uuidString).txt")
+        let log = InvocationLog(url: cliLogURL)
+        let fakeCLI = try Self.makeDirectFallbackClaudeCLI(logURL: cliLogURL)
+        let fetcher = ClaudeUsageFetcher(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            environment: [
+                "CLAUDE_CLI_PATH": fakeCLI.path,
+                ClaudeOAuthCredentialsStore.environmentTokenKey: "oauth-token",
+                ClaudeOAuthCredentialsStore.environmentScopesKey: "user:profile",
+                "ANTHROPIC_ADMIN_KEY": "admin-token",
+            ],
+            dataSource: .cli)
+
+        try await ClaudeCLISession.withIsolatedSessionForTesting {
+            try await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting(fakeCLI.path) {
+                do {
+                    _ = try await fetcher.loadLatestUsage(model: "sonnet")
+                    #expect(Bool(false), "Subscription-only usage should fail parsing")
+                } catch let ClaudeUsageError.parseFailed(message) {
+                    #expect(message.lowercased().contains("subscription"))
+                } catch let ClaudeStatusProbeError.parseFailed(message) {
+                    #expect(message.lowercased().contains("subscription"))
+                }
+            }
+        }
+
+        let invocations = log.contents()
+        #expect(invocations.contains("pty-usage"))
+        #expect(invocations.contains("direct-usage"))
+        #expect(!invocations.contains("pty-secret-env"))
+        #expect(!invocations.contains("direct-secret-env"))
+    }
+
+    @Test
+    func `direct usage timeout keeps original pty failure`() async throws {
+        let cliLogURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("claude-direct-timeout-log-\(UUID().uuidString).txt")
+        let log = InvocationLog(url: cliLogURL)
+        let fakeCLI = try Self.makeDirectTimeoutClaudeCLI(logURL: cliLogURL)
+        let fetcher = ClaudeUsageFetcher(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            environment: ["CLAUDE_CLI_PATH": fakeCLI.path],
+            dataSource: .cli)
+
+        await ClaudeCLISession.withIsolatedSessionForTesting {
+            await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting(fakeCLI.path) {
+                do {
+                    _ = try await fetcher.loadLatestUsage(model: "sonnet")
+                    #expect(Bool(false), "PTY failure should still surface")
+                } catch let ClaudeStatusProbeError.parseFailed(message) {
+                    #expect(message.lowercased().contains("could not load usage data"))
+                } catch {
+                    #expect(Bool(false), "Unexpected error: \(error)")
+                }
+            }
+        }
+
+        let invocations = log.contents()
+        #expect(invocations.contains("pty-usage"))
+        #expect(invocations.contains("direct-usage"))
+    }
+
+    private static func makeDirectFallbackClaudeCLI(logURL: URL) throws -> URL {
+        try self.makeClaudeCLI(name: "claude-direct-fallback", logURL: logURL, scriptBody: """
+        if [ "$1" = "/usage" ]; then
+          printf 'direct-usage\\n' >> "$LOG_FILE"
+          if [ -n "$CODEXBAR_CLAUDE_OAUTH_TOKEN" ] ||
+             [ -n "$CODEXBAR_CLAUDE_OAUTH_SCOPES" ] ||
+             [ -n "$ANTHROPIC_ADMIN_KEY" ]; then
+            printf 'direct-secret-env\\n' >> "$LOG_FILE"
+          fi
+          printf '%s\\n' 'You are currently using your subscription to power your Claude Code usage'
+          exit 0
+        fi
+        while IFS= read -r line; do
+          case "$line" in
+            *"/usage"*)
+              printf 'pty-usage\\n' >> "$LOG_FILE"
+              if [ -n "$CODEXBAR_CLAUDE_OAUTH_TOKEN" ] ||
+                 [ -n "$CODEXBAR_CLAUDE_OAUTH_SCOPES" ] ||
+                 [ -n "$ANTHROPIC_ADMIN_KEY" ]; then
+                printf 'pty-secret-env\\n' >> "$LOG_FILE"
+              fi
+              printf '%s\\n' 'Failed to load usage data'
+              ;;
+            *"/status"*)
+              printf 'pty-status\\n' >> "$LOG_FILE"
+              printf '%s\\n' 'Account: subscription@example.com'
+              ;;
+          esac
+        done
+        """)
+    }
+
+    private static func makeDirectTimeoutClaudeCLI(logURL: URL) throws -> URL {
+        try self.makeClaudeCLI(name: "claude-direct-timeout", logURL: logURL, scriptBody: """
+        if [ "$1" = "/usage" ]; then
+          printf 'direct-usage\\n' >> "$LOG_FILE"
+          sleep 30
+          exit 0
+        fi
+        while IFS= read -r line; do
+          case "$line" in
+            *"/usage"*)
+              printf 'pty-usage\\n' >> "$LOG_FILE"
+              printf '%s\\n' 'Failed to load usage data'
+              ;;
+          esac
+        done
+        """)
+    }
+
+    private static func makeClaudeCLI(name: String, logURL: URL, scriptBody: String) throws -> URL {
+        let directory = FileManager.default.temporaryDirectory
+            .appendingPathComponent("\(name)-\(UUID().uuidString)", isDirectory: true)
+        try FileManager.default.createDirectory(at: directory, withIntermediateDirectories: true)
+        let scriptURL = directory.appendingPathComponent("claude")
+        let script = """
+        #!/bin/sh
+        LOG_FILE='\(logURL.path)'
+        \(scriptBody)
+        """
+        try script.write(to: scriptURL, atomically: true, encoding: .utf8)
+        try FileManager.default.setAttributes(
+            [.posixPermissions: NSNumber(value: Int16(0o755))],
+            ofItemAtPath: scriptURL.path)
+        return scriptURL
+    }
+}
diff --git a/Tests/CodexBarTests/ClaudeOAuthCredentialsStorePromptPolicyTests.swift b/Tests/CodexBarTests/ClaudeOAuthCredentialsStorePromptPolicyTests.swift
index 627a6595a..341bc033a 100644
--- a/Tests/CodexBarTests/ClaudeOAuthCredentialsStorePromptPolicyTests.swift
+++ b/Tests/CodexBarTests/ClaudeOAuthCredentialsStorePromptPolicyTests.swift
@@ -23,7 +23,7 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
     }
 
     @Test
-    func doesNotReadClaudeKeychainInBackgroundWhenPromptModeOnlyOnUserAction() throws {
+    func `does not read claude keychain in background when prompt mode only on user action`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -55,19 +55,13 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
                         expiresAt: Date(timeIntervalSinceNow: 3600))
 
                     do {
-                        _ = try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                            .securityFramework)
-                        {
-                            try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.onlyOnUserAction) {
-                                try ProviderInteractionContext.$current.withValue(.background) {
-                                    try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
-                                        data: keychainData,
-                                        fingerprint: fingerprint)
-                                    {
-                                        try ClaudeOAuthCredentialsStore.load(
-                                            environment: [:],
-                                            allowKeychainPrompt: false)
-                                    }
+                        _ = try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.onlyOnUserAction) {
+                            try ProviderInteractionContext.$current.withValue(.background) {
+                                try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                    data: keychainData,
+                                    fingerprint: fingerprint)
+                                {
+                                    try ClaudeOAuthCredentialsStore.load(environment: [:], allowKeychainPrompt: false)
                                 }
                             }
                         }
@@ -84,7 +78,7 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
     }
 
     @Test
-    func canReadClaudeKeychainOnUserActionWhenPromptModeOnlyOnUserAction() throws {
+    func `can read claude keychain on user action when prompt mode only on user action`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -115,19 +109,13 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
                         accessToken: "keychain-token",
                         expiresAt: Date(timeIntervalSinceNow: 3600))
 
-                    let creds = try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                        .securityFramework)
-                    {
-                        try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.onlyOnUserAction) {
-                            try ProviderInteractionContext.$current.withValue(.userInitiated) {
-                                try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
-                                    data: keychainData,
-                                    fingerprint: fingerprint)
-                                {
-                                    try ClaudeOAuthCredentialsStore.load(
-                                        environment: [:],
-                                        allowKeychainPrompt: false)
-                                }
+                    let creds = try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.onlyOnUserAction) {
+                        try ProviderInteractionContext.$current.withValue(.userInitiated) {
+                            try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                data: keychainData,
+                                fingerprint: fingerprint)
+                            {
+                                try ClaudeOAuthCredentialsStore.load(environment: [:], allowKeychainPrompt: false)
                             }
                         }
                     }
@@ -139,7 +127,7 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
     }
 
     @Test
-    func doesNotShowPreAlertWhenClaudeKeychainReadableWithoutInteraction() throws {
+    func `does not show pre alert when claude keychain readable without interaction`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -174,21 +162,17 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
                             preflightOverride,
                             operation: {
                                 try KeychainPromptHandler.withHandlerForTesting(promptHandler, operation: {
-                                    try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                                        .securityFramework)
+                                    try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
+                                        .onlyOnUserAction)
                                     {
-                                        try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
-                                            .onlyOnUserAction)
-                                        {
-                                            try ProviderInteractionContext.$current.withValue(.userInitiated) {
-                                                try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
-                                                    data: keychainData,
-                                                    fingerprint: nil)
-                                                {
-                                                    try ClaudeOAuthCredentialsStore.load(
-                                                        environment: [:],
-                                                        allowKeychainPrompt: true)
-                                                }
+                                        try ProviderInteractionContext.$current.withValue(.userInitiated) {
+                                            try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                                data: keychainData,
+                                                fingerprint: nil)
+                                            {
+                                                try ClaudeOAuthCredentialsStore.load(
+                                                    environment: [:],
+                                                    allowKeychainPrompt: true)
                                             }
                                         }
                                     }
@@ -204,7 +188,7 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
     }
 
     @Test
-    func showsPreAlertWhenClaudeKeychainLikelyRequiresInteraction() throws {
+    func `shows pre alert when claude keychain likely requires interaction`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -239,21 +223,17 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
                             preflightOverride,
                             operation: {
                                 try KeychainPromptHandler.withHandlerForTesting(promptHandler, operation: {
-                                    try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                                        .securityFramework)
+                                    try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
+                                        .onlyOnUserAction)
                                     {
-                                        try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
-                                            .onlyOnUserAction)
-                                        {
-                                            try ProviderInteractionContext.$current.withValue(.userInitiated) {
-                                                try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
-                                                    data: keychainData,
-                                                    fingerprint: nil)
-                                                {
-                                                    try ClaudeOAuthCredentialsStore.load(
-                                                        environment: [:],
-                                                        allowKeychainPrompt: true)
-                                                }
+                                        try ProviderInteractionContext.$current.withValue(.userInitiated) {
+                                            try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                                data: keychainData,
+                                                fingerprint: nil)
+                                            {
+                                                try ClaudeOAuthCredentialsStore.load(
+                                                    environment: [:],
+                                                    allowKeychainPrompt: true)
                                             }
                                         }
                                     }
@@ -271,7 +251,7 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
     }
 
     @Test
-    func showsPreAlertWhenClaudeKeychainPreflightFails() throws {
+    func `shows pre alert when claude keychain preflight fails`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -306,21 +286,17 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
                             preflightOverride,
                             operation: {
                                 try KeychainPromptHandler.withHandlerForTesting(promptHandler, operation: {
-                                    try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                                        .securityFramework)
+                                    try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
+                                        .onlyOnUserAction)
                                     {
-                                        try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
-                                            .onlyOnUserAction)
-                                        {
-                                            try ProviderInteractionContext.$current.withValue(.userInitiated) {
-                                                try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
-                                                    data: keychainData,
-                                                    fingerprint: nil)
-                                                {
-                                                    try ClaudeOAuthCredentialsStore.load(
-                                                        environment: [:],
-                                                        allowKeychainPrompt: true)
-                                                }
+                                        try ProviderInteractionContext.$current.withValue(.userInitiated) {
+                                            try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                                data: keychainData,
+                                                fingerprint: nil)
+                                            {
+                                                try ClaudeOAuthCredentialsStore.load(
+                                                    environment: [:],
+                                                    allowKeychainPrompt: true)
                                             }
                                         }
                                     }
@@ -338,7 +314,7 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
     }
 
     @Test
-    func experimentalReader_skipsPreAlertWhenSecurityCLIReadSucceeds() throws {
+    func `experimental reader skips pre alert when security CLI read succeeds`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -374,7 +350,7 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
                             operation: {
                                 try KeychainPromptHandler.withHandlerForTesting(promptHandler, operation: {
                                     try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                                        .securityCLI)
+                                        .securityCLIExperimental)
                                     {
                                         try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.always) {
                                             try ProviderInteractionContext.$current.withValue(.userInitiated) {
@@ -400,7 +376,7 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
     }
 
     @Test
-    func experimentalReader_showsPreAlertWhenSecurityCLIFailsAndFallbackNeedsInteraction() throws {
+    func `experimental reader shows pre alert when security CLI fails and fallback needs interaction`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -436,7 +412,7 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
                             operation: {
                                 try KeychainPromptHandler.withHandlerForTesting(promptHandler, operation: {
                                     try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                                        .securityCLI)
+                                        .securityCLIExperimental)
                                     {
                                         try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.always) {
                                             try ProviderInteractionContext.$current.withValue(.userInitiated) {
@@ -466,7 +442,7 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
     }
 
     @Test
-    func experimentalReader_doesNotFallbackInBackgroundWhenStoredModeOnlyOnUserAction() throws {
+    func `experimental reader does not fallback in background when stored mode only on user action`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -504,7 +480,7 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
                                 operation: {
                                     try KeychainPromptHandler.withHandlerForTesting(promptHandler, operation: {
                                         try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                                            .securityCLI)
+                                            .securityCLIExperimental)
                                         {
                                             try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
                                                 .onlyOnUserAction)
@@ -544,7 +520,7 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
     }
 
     @Test
-    func experimentalReader_doesNotFallbackWhenStoredModeNever() throws {
+    func `experimental reader does not fallback when stored mode never`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -582,7 +558,7 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
                                 operation: {
                                     try KeychainPromptHandler.withHandlerForTesting(promptHandler, operation: {
                                         try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                                            .securityCLI)
+                                            .securityCLIExperimental)
                                         {
                                             try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.never) {
                                                 try ProviderInteractionContext.$current.withValue(.userInitiated) {
@@ -619,7 +595,9 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
     }
 
     @Test
-    func experimentalReader_nonInteractiveFallbackBlockedInBackgroundWhenStoredModeOnlyOnUserAction() throws {
+    func `experimental reader non interactive fallback blocked in background when stored mode only on user action`()
+        throws
+    {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -651,7 +629,7 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
                                 preflightOverride,
                                 operation: {
                                     try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                                        .securityCLI)
+                                        .securityCLIExperimental)
                                     {
                                         try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
                                             .onlyOnUserAction)
@@ -687,7 +665,7 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
     }
 
     @Test
-    func experimentalReader_allowsFallbackInBackgroundWhenStoredModeAlways() throws {
+    func `experimental reader allows fallback in background when stored mode always`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -724,7 +702,7 @@ struct ClaudeOAuthCredentialsStorePromptPolicyTests {
                             operation: {
                                 try KeychainPromptHandler.withHandlerForTesting(promptHandler, operation: {
                                     try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                                        .securityCLI)
+                                        .securityCLIExperimental)
                                     {
                                         try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.always) {
                                             try ProviderInteractionContext.$current.withValue(.background) {
diff --git a/Tests/CodexBarTests/ClaudeOAuthCredentialsStoreSecurityCLIFallbackPolicyTests.swift b/Tests/CodexBarTests/ClaudeOAuthCredentialsStoreSecurityCLIFallbackPolicyTests.swift
index 4b69b07ce..f2ba54d65 100644
--- a/Tests/CodexBarTests/ClaudeOAuthCredentialsStoreSecurityCLIFallbackPolicyTests.swift
+++ b/Tests/CodexBarTests/ClaudeOAuthCredentialsStoreSecurityCLIFallbackPolicyTests.swift
@@ -19,14 +19,14 @@ struct ClaudeOAuthCredentialsStoreSecurityCLIFallbackPolicyTests {
     }
 
     @Test
-    func experimentalReader_hasClaudeKeychainCredentialsWithoutPrompt_backgroundFallbackBlockedByStoredPolicy() {
+    func `experimental reader blocks background fallback per stored policy`() {
         let fallbackData = self.makeCredentialsData(
             accessToken: "fallback-should-be-blocked",
             expiresAt: Date(timeIntervalSinceNow: 3600))
 
         let hasCredentials = KeychainAccessGate.withTaskOverrideForTesting(false) {
             ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                .securityCLI,
+                .securityCLIExperimental,
                 operation: {
                     ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
                         .onlyOnUserAction,
@@ -51,7 +51,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLIFallbackPolicyTests {
     }
 
     @Test
-    func experimentalReader_syncFromClaudeKeychainWithoutPrompt_backgroundFallbackBlockedByStoredPolicy() {
+    func `experimental reader sync from claude keychain without prompt background fallback blocked by stored policy`() {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         KeychainCacheStore.withServiceOverrideForTesting(service) {
             KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -78,7 +78,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLIFallbackPolicyTests {
                         preflightOverride,
                         operation: {
                             ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                                .securityCLI,
+                                .securityCLIExperimental,
                                 operation: {
                                     ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
                                         .onlyOnUserAction,
diff --git a/Tests/CodexBarTests/ClaudeOAuthCredentialsStoreSecurityCLITests.swift b/Tests/CodexBarTests/ClaudeOAuthCredentialsStoreSecurityCLITests.swift
index 9cfbe251b..c9a167f64 100644
--- a/Tests/CodexBarTests/ClaudeOAuthCredentialsStoreSecurityCLITests.swift
+++ b/Tests/CodexBarTests/ClaudeOAuthCredentialsStoreSecurityCLITests.swift
@@ -23,7 +23,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
     }
 
     @Test
-    func experimentalReader_prefersSecurityCLIForNonInteractiveLoad() throws {
+    func `experimental reader prefers security CLI for non interactive load`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -51,7 +51,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
                         refreshToken: "security-refresh")
 
                     let creds = try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                        .securityCLI,
+                        .securityCLIExperimental,
                         operation: {
                             try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
                                 .onlyOnUserAction,
@@ -77,7 +77,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
     }
 
     @Test
-    func experimentalReader_nonInteractiveBackgroundLoad_stillExecutesSecurityCLIRead() throws {
+    func `experimental reader non interactive background load still executes security CLI read`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -109,7 +109,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
                     let securityReadCalls = ReadCounter()
 
                     let creds = try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                        .securityCLI,
+                        .securityCLIExperimental,
                         operation: {
                             try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
                                 .onlyOnUserAction,
@@ -136,7 +136,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
     }
 
     @Test
-    func experimentalReader_fallsBackWhenSecurityCLIThrows() throws {
+    func `experimental reader falls back when security CLI throws`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -164,7 +164,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
                         refreshToken: "fallback-refresh")
 
                     let creds = try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                        .securityCLI,
+                        .securityCLIExperimental,
                         operation: {
                             try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
                                 .onlyOnUserAction,
@@ -193,7 +193,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
     }
 
     @Test
-    func experimentalReader_fallsBackWhenSecurityCLIOutputMalformed() throws {
+    func `experimental reader falls back when security CLI output malformed`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -220,7 +220,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
                         expiresAt: Date(timeIntervalSinceNow: 3600))
 
                     let creds = try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                        .securityCLI,
+                        .securityCLIExperimental,
                         operation: {
                             try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
                                 .onlyOnUserAction,
@@ -249,7 +249,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
     }
 
     @Test
-    func experimentalReader_loadFromClaudeKeychainUsesSecurityCLI() throws {
+    func `experimental reader load from claude keychain uses security CLI`() throws {
         let securityData = self.makeCredentialsData(
             accessToken: "security-direct",
             expiresAt: Date(timeIntervalSinceNow: 3600),
@@ -261,7 +261,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
             persistentRefHash: "sentinel")
 
         let loaded = try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-            .securityCLI,
+            .securityCLIExperimental,
             operation: {
                 try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
                     .always,
@@ -292,13 +292,13 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
     }
 
     @Test
-    func experimentalReader_hasClaudeKeychainCredentialsWithoutPrompt_usesSecurityCLI() {
+    func `experimental reader has claude keychain credentials without prompt uses security CLI`() {
         let securityData = self.makeCredentialsData(
             accessToken: "security-available",
             expiresAt: Date(timeIntervalSinceNow: 3600))
 
         let hasCredentials = ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-            .securityCLI,
+            .securityCLIExperimental,
             operation: {
                 ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
                     .always,
@@ -317,13 +317,13 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
     }
 
     @Test
-    func experimentalReader_hasClaudeKeychainCredentialsWithoutPrompt_fallsBackWhenSecurityCLIFails() {
+    func `experimental reader has claude keychain credentials without prompt falls back when security CLI fails`() {
         let fallbackData = self.makeCredentialsData(
             accessToken: "fallback-available",
             expiresAt: Date(timeIntervalSinceNow: 3600))
 
         let hasCredentials = ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-            .securityCLI,
+            .securityCLIExperimental,
             operation: {
                 ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
                     .always,
@@ -347,7 +347,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
     }
 
     @Test
-    func experimentalReader_ignoresPromptPolicyAndCooldownForBackgroundSilentCheck() {
+    func `experimental reader ignores prompt policy and cooldown for background silent check`() {
         let securityData = self.makeCredentialsData(
             accessToken: "security-background",
             expiresAt: Date(timeIntervalSinceNow: 3600))
@@ -355,7 +355,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
         let hasCredentials = KeychainAccessGate.withTaskOverrideForTesting(false) {
             ClaudeOAuthKeychainAccessGate.withShouldAllowPromptOverrideForTesting(false) {
                 ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                    .securityCLI,
+                    .securityCLIExperimental,
                     operation: {
                         ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
                             .never,
@@ -376,12 +376,12 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
     }
 
     @Test
-    func experimentalReader_loadFromClaudeKeychainFallbackBlockedWhenStoredModeNever() throws {
+    func `experimental reader load from claude keychain fallback blocked when stored mode never`() throws {
         var threwNotFound = false
         do {
             _ = try KeychainAccessGate.withTaskOverrideForTesting(false) {
                 try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                    .securityCLI,
+                    .securityCLIExperimental,
                     operation: {
                         try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
                             .never,
@@ -406,7 +406,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
     }
 
     @Test
-    func experimentalReader_securityCLIRead_pinsPreferredAccountWhenAvailable() throws {
+    func `experimental reader security CLI read pins preferred account when available`() throws {
         let securityData = self.makeCredentialsData(
             accessToken: "security-account-pinned",
             expiresAt: Date(timeIntervalSinceNow: 3600))
@@ -416,7 +416,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
         let pinnedAccount = AccountBox()
 
         let loaded = try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-            .securityCLI,
+            .securityCLIExperimental,
             operation: {
                 try ClaudeOAuthCredentialsStore.withSecurityCLIReadAccountOverrideForTesting("new-account") {
                     try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
@@ -441,7 +441,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
     }
 
     @Test
-    func experimentalReader_securityCLIRead_doesNotPinAccountInBackground() throws {
+    func `experimental reader security CLI read does not pin account in background`() throws {
         let securityData = self.makeCredentialsData(
             accessToken: "security-account-not-pinned",
             expiresAt: Date(timeIntervalSinceNow: 3600))
@@ -451,7 +451,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
         let pinnedAccount = AccountBox()
 
         let loaded = try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-            .securityCLI,
+            .securityCLIExperimental,
             operation: {
                 try ClaudeOAuthCredentialsStore.withSecurityCLIReadAccountOverrideForTesting("new-account") {
                     try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
@@ -476,7 +476,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
     }
 
     @Test
-    func experimentalReader_freshnessSync_skipsSecurityCLIWhenPreflightRequiresInteraction() throws {
+    func `experimental reader freshness sync skips security CLI when preflight requires interaction`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -484,63 +484,67 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
                 defer { KeychainCacheStore.setTestStoreForTesting(false) }
 
                 try ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
-                    ClaudeOAuthCredentialsStore.invalidateCache()
-                    ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
-                    defer {
+                    try ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
                         ClaudeOAuthCredentialsStore.invalidateCache()
                         ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
-                    }
-
-                    let tempDir = FileManager.default.temporaryDirectory
-                        .appendingPathComponent(UUID().uuidString, isDirectory: true)
-                    try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
-                    let fileURL = tempDir.appendingPathComponent("credentials.json")
-                    try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
-                        let securityData = self.makeCredentialsData(
-                            accessToken: "security-sync",
-                            expiresAt: Date(timeIntervalSinceNow: 3600))
-                        final class ReadCounter: @unchecked Sendable {
-                            var count = 0
+                        defer {
+                            ClaudeOAuthCredentialsStore.invalidateCache()
+                            ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
                         }
-                        let securityReadCalls = ReadCounter()
 
-                        func loadWithPreflight(
-                            _ outcome: KeychainAccessPreflight.Outcome) throws -> ClaudeOAuthCredentials
-                        {
-                            let preflightOverride: (String, String?) -> KeychainAccessPreflight.Outcome = { _, _ in
-                                outcome
+                        let tempDir = FileManager.default.temporaryDirectory
+                            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+                        let fileURL = tempDir.appendingPathComponent("credentials.json")
+                        try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                            let securityData = self.makeCredentialsData(
+                                accessToken: "security-sync",
+                                expiresAt: Date(timeIntervalSinceNow: 3600))
+                            final class ReadCounter: @unchecked Sendable {
+                                var count = 0
                             }
-                            return try KeychainAccessPreflight.withCheckGenericPasswordOverrideForTesting(
-                                preflightOverride,
-                                operation: {
-                                    try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                                        .securityCLI)
-                                    {
-                                        try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.always) {
-                                            try ProviderInteractionContext.$current.withValue(.background) {
-                                                try ClaudeOAuthCredentialsStore.withSecurityCLIReadOverrideForTesting(
-                                                    .dynamic { _ in
-                                                        securityReadCalls.count += 1
-                                                        return securityData
-                                                    }) {
-                                                        try ClaudeOAuthCredentialsStore.load(
-                                                            environment: [:],
-                                                            allowKeychainPrompt: false,
-                                                            respectKeychainPromptCooldown: true)
+                            let securityReadCalls = ReadCounter()
+
+                            func loadWithPreflight(
+                                _ outcome: KeychainAccessPreflight.Outcome) throws -> ClaudeOAuthCredentials
+                            {
+                                let preflightOverride: (String, String?) -> KeychainAccessPreflight.Outcome = { _, _ in
+                                    outcome
+                                }
+                                return try KeychainAccessPreflight.withCheckGenericPasswordOverrideForTesting(
+                                    preflightOverride,
+                                    operation: {
+                                        try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
+                                            .securityCLIExperimental)
+                                        {
+                                            try ClaudeOAuthKeychainPromptPreference
+                                                .withTaskOverrideForTesting(.always) {
+                                                    try ProviderInteractionContext.$current.withValue(.background) {
+                                                        try ClaudeOAuthCredentialsStore
+                                                            .withSecurityCLIReadOverrideForTesting(
+                                                                .dynamic { _ in
+                                                                    securityReadCalls.count += 1
+                                                                    return securityData
+                                                                }) {
+                                                                    try ClaudeOAuthCredentialsStore.load(
+                                                                        environment: [:],
+                                                                        allowKeychainPrompt: false,
+                                                                        respectKeychainPromptCooldown: true)
+                                                            }
                                                     }
-                                            }
+                                                }
                                         }
-                                    }
-                                })
-                        }
+                                    })
+                            }
 
-                        let first = try loadWithPreflight(.allowed)
-                        #expect(first.accessToken == "security-sync")
-                        #expect(securityReadCalls.count == 1)
+                            let first = try loadWithPreflight(.allowed)
+                            #expect(first.accessToken == "security-sync")
+                            #expect(securityReadCalls.count == 1)
 
-                        let second = try loadWithPreflight(.interactionRequired)
-                        #expect(second.accessToken == "security-sync")
-                        #expect(securityReadCalls.count == 1)
+                            let second = try loadWithPreflight(.interactionRequired)
+                            #expect(second.accessToken == "security-sync")
+                            #expect(securityReadCalls.count == 1)
+                        }
                     }
                 }
             }
@@ -548,7 +552,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
     }
 
     @Test
-    func experimentalReader_freshnessSync_background_respectsStoredOnlyOnUserAction() throws {
+    func `experimental reader freshness sync background respects stored only on user action`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -556,63 +560,66 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
                 defer { KeychainCacheStore.setTestStoreForTesting(false) }
 
                 try ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
-                    ClaudeOAuthCredentialsStore.invalidateCache()
-                    ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
-                    defer {
+                    try ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
                         ClaudeOAuthCredentialsStore.invalidateCache()
                         ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
-                    }
-
-                    let tempDir = FileManager.default.temporaryDirectory
-                        .appendingPathComponent(UUID().uuidString, isDirectory: true)
-                    try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
-                    let fileURL = tempDir.appendingPathComponent("credentials.json")
-                    try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
-                        let securityData = self.makeCredentialsData(
-                            accessToken: "security-sync-only-on-user-action",
-                            expiresAt: Date(timeIntervalSinceNow: 3600))
-                        final class ReadCounter: @unchecked Sendable {
-                            var count = 0
-                        }
-                        let securityReadCalls = ReadCounter()
-                        let preflightOverride: (String, String?) -> KeychainAccessPreflight.Outcome = { _, _ in
-                            .allowed
+                        defer {
+                            ClaudeOAuthCredentialsStore.invalidateCache()
+                            ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
                         }
 
-                        func load(_ interaction: ProviderInteraction) throws -> ClaudeOAuthCredentials {
-                            try KeychainAccessPreflight.withCheckGenericPasswordOverrideForTesting(
-                                preflightOverride,
-                                operation: {
-                                    try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                                        .securityCLI)
-                                    {
-                                        try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
-                                            .onlyOnUserAction)
+                        let tempDir = FileManager.default.temporaryDirectory
+                            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+                        let fileURL = tempDir.appendingPathComponent("credentials.json")
+                        try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                            let securityData = self.makeCredentialsData(
+                                accessToken: "security-sync-only-on-user-action",
+                                expiresAt: Date(timeIntervalSinceNow: 3600))
+                            final class ReadCounter: @unchecked Sendable {
+                                var count = 0
+                            }
+                            let securityReadCalls = ReadCounter()
+                            let preflightOverride: (String, String?) -> KeychainAccessPreflight.Outcome = { _, _ in
+                                .allowed
+                            }
+
+                            func load(_ interaction: ProviderInteraction) throws -> ClaudeOAuthCredentials {
+                                try KeychainAccessPreflight.withCheckGenericPasswordOverrideForTesting(
+                                    preflightOverride,
+                                    operation: {
+                                        try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
+                                            .securityCLIExperimental)
                                         {
-                                            try ProviderInteractionContext.$current.withValue(interaction) {
-                                                try ClaudeOAuthCredentialsStore.withSecurityCLIReadOverrideForTesting(
-                                                    .dynamic { _ in
-                                                        securityReadCalls.count += 1
-                                                        return securityData
-                                                    }) {
-                                                        try ClaudeOAuthCredentialsStore.load(
-                                                            environment: [:],
-                                                            allowKeychainPrompt: false,
-                                                            respectKeychainPromptCooldown: true)
-                                                    }
+                                            try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
+                                                .onlyOnUserAction)
+                                            {
+                                                try ProviderInteractionContext.$current.withValue(interaction) {
+                                                    try ClaudeOAuthCredentialsStore
+                                                        .withSecurityCLIReadOverrideForTesting(
+                                                            .dynamic { _ in
+                                                                securityReadCalls.count += 1
+                                                                return securityData
+                                                            }) {
+                                                                try ClaudeOAuthCredentialsStore.load(
+                                                                    environment: [:],
+                                                                    allowKeychainPrompt: false,
+                                                                    respectKeychainPromptCooldown: true)
+                                                        }
+                                                }
                                             }
                                         }
-                                    }
-                                })
-                        }
+                                    })
+                            }
 
-                        let first = try load(.userInitiated)
-                        #expect(first.accessToken == "security-sync-only-on-user-action")
-                        #expect(securityReadCalls.count == 1)
+                            let first = try load(.userInitiated)
+                            #expect(first.accessToken == "security-sync-only-on-user-action")
+                            #expect(securityReadCalls.count == 1)
 
-                        let second = try load(.background)
-                        #expect(second.accessToken == "security-sync-only-on-user-action")
-                        #expect(securityReadCalls.count == 1)
+                            let second = try load(.background)
+                            #expect(second.accessToken == "security-sync-only-on-user-action")
+                            #expect(securityReadCalls.count == 1)
+                        }
                     }
                 }
             }
@@ -620,7 +627,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
     }
 
     @Test
-    func experimentalReader_syncFromClaudeKeychainWithoutPrompt_skipsFingerprintProbeAfterSecurityCLIRead() {
+    func `experimental reader sync skips fingerprint probe after security CLI read`() {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         KeychainCacheStore.withServiceOverrideForTesting(service) {
             KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -641,7 +648,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
                         persistentRefHash: "sentinel")
 
                     let synced = ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                        .securityCLI,
+                        .securityCLIExperimental,
                         operation: {
                             ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.always) {
                                 ProviderInteractionContext.$current.withValue(.background) {
@@ -672,7 +679,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
     }
 
     @Test
-    func experimentalReader_noPromptRepair_skipsFingerprintProbeAfterSecurityCLISuccess() throws {
+    func `experimental reader no prompt repair skips fingerprint probe after security CLI success`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -686,57 +693,63 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
                     ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
                 }
 
-                let tempDir = FileManager.default.temporaryDirectory
-                    .appendingPathComponent(UUID().uuidString, isDirectory: true)
-                try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
-                let fileURL = tempDir.appendingPathComponent("credentials.json")
-                try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
-                    let securityData = self.makeCredentialsData(
-                        accessToken: "security-repair-no-fingerprint-probe",
-                        expiresAt: Date(timeIntervalSinceNow: 3600))
-                    let fingerprintStore = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprintStore()
-                    let sentinelFingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
-                        modifiedAt: 456,
-                        createdAt: 455,
-                        persistentRefHash: "sentinel")
-
-                    let record = try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                        .securityCLI,
-                        operation: {
-                            try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.always) {
-                                try ProviderInteractionContext.$current.withValue(.background) {
-                                    try ClaudeOAuthCredentialsStore
-                                        .withClaudeKeychainFingerprintStoreOverrideForTesting(
-                                            fingerprintStore)
-                                        {
-                                            try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
-                                                data: nil,
-                                                fingerprint: sentinelFingerprint)
-                                            {
-                                                try ClaudeOAuthCredentialsStore.withSecurityCLIReadOverrideForTesting(
-                                                    .data(securityData))
+                try ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                    try ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                        let tempDir = FileManager.default.temporaryDirectory
+                            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+                        let fileURL = tempDir.appendingPathComponent("credentials.json")
+                        try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                            let securityData = self.makeCredentialsData(
+                                accessToken: "security-repair-no-fingerprint-probe",
+                                expiresAt: Date(timeIntervalSinceNow: 3600))
+                            let fingerprintStore = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprintStore()
+                            let sentinelFingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                                modifiedAt: 456,
+                                createdAt: 455,
+                                persistentRefHash: "sentinel")
+
+                            let record = try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
+                                .securityCLIExperimental,
+                                operation: {
+                                    try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.always) {
+                                        try ProviderInteractionContext.$current.withValue(.background) {
+                                            try ClaudeOAuthCredentialsStore
+                                                .withClaudeKeychainFingerprintStoreOverrideForTesting(
+                                                    fingerprintStore)
                                                 {
-                                                    try ClaudeOAuthCredentialsStore.loadRecord(
-                                                        environment: [:],
-                                                        allowKeychainPrompt: false,
-                                                        respectKeychainPromptCooldown: true)
+                                                    try ClaudeOAuthCredentialsStore
+                                                        .withClaudeKeychainOverridesForTesting(
+                                                            data: nil,
+                                                            fingerprint: sentinelFingerprint)
+                                                        {
+                                                            try ClaudeOAuthCredentialsStore
+                                                                .withSecurityCLIReadOverrideForTesting(
+                                                                    .data(securityData))
+                                                                {
+                                                                    try ClaudeOAuthCredentialsStore.loadRecord(
+                                                                        environment: [:],
+                                                                        allowKeychainPrompt: false,
+                                                                        respectKeychainPromptCooldown: true)
+                                                                }
+                                                        }
                                                 }
-                                            }
                                         }
-                                }
-                            }
-                        })
+                                    }
+                                })
 
-                    #expect(record.credentials.accessToken == "security-repair-no-fingerprint-probe")
-                    #expect(record.source == .claudeKeychain)
-                    #expect(fingerprintStore.fingerprint == nil)
+                            #expect(record.credentials.accessToken == "security-repair-no-fingerprint-probe")
+                            #expect(record.source == .claudeKeychain)
+                            #expect(fingerprintStore.fingerprint == nil)
+                        }
+                    }
                 }
             }
         }
     }
 
     @Test
-    func experimentalReader_loadWithPrompt_skipsFingerprintProbeAfterSecurityCLISuccess() throws {
+    func `experimental reader load with prompt skips fingerprint probe after security CLI success`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -750,57 +763,62 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
                     ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
                 }
 
-                let tempDir = FileManager.default.temporaryDirectory
-                    .appendingPathComponent(UUID().uuidString, isDirectory: true)
-                try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
-                let fileURL = tempDir.appendingPathComponent("credentials.json")
-                try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
-                    let securityData = self.makeCredentialsData(
-                        accessToken: "security-load-with-prompt",
-                        expiresAt: Date(timeIntervalSinceNow: 3600))
-                    let fingerprintStore = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprintStore()
-                    let sentinelFingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
-                        modifiedAt: 321,
-                        createdAt: 320,
-                        persistentRefHash: "sentinel")
-
-                    let creds = try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                        .securityCLI,
-                        operation: {
-                            try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.always) {
-                                try ProviderInteractionContext.$current.withValue(.userInitiated) {
-                                    try ClaudeOAuthCredentialsStore
-                                        .withClaudeKeychainFingerprintStoreOverrideForTesting(
-                                            fingerprintStore)
-                                        {
-                                            try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
-                                                data: nil,
-                                                fingerprint: sentinelFingerprint)
-                                            {
-                                                try ClaudeOAuthCredentialsStore
-                                                    .withSecurityCLIReadOverrideForTesting(
-                                                        .data(securityData))
-                                                    {
-                                                        try ClaudeOAuthCredentialsStore.load(
-                                                            environment: [:],
-                                                            allowKeychainPrompt: true,
-                                                            respectKeychainPromptCooldown: false)
-                                                    }
-                                            }
+                try ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                    try ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                        let tempDir = FileManager.default.temporaryDirectory
+                            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+                        let fileURL = tempDir.appendingPathComponent("credentials.json")
+                        try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                            let securityData = self.makeCredentialsData(
+                                accessToken: "security-load-with-prompt",
+                                expiresAt: Date(timeIntervalSinceNow: 3600))
+                            let fingerprintStore = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprintStore()
+                            let sentinelFingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                                modifiedAt: 321,
+                                createdAt: 320,
+                                persistentRefHash: "sentinel")
+
+                            let creds = try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
+                                .securityCLIExperimental,
+                                operation: {
+                                    try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.always) {
+                                        try ProviderInteractionContext.$current.withValue(.userInitiated) {
+                                            try ClaudeOAuthCredentialsStore
+                                                .withClaudeKeychainFingerprintStoreOverrideForTesting(
+                                                    fingerprintStore)
+                                                {
+                                                    try ClaudeOAuthCredentialsStore
+                                                        .withClaudeKeychainOverridesForTesting(
+                                                            data: nil,
+                                                            fingerprint: sentinelFingerprint)
+                                                        {
+                                                            try ClaudeOAuthCredentialsStore
+                                                                .withSecurityCLIReadOverrideForTesting(
+                                                                    .data(securityData))
+                                                                {
+                                                                    try ClaudeOAuthCredentialsStore.load(
+                                                                        environment: [:],
+                                                                        allowKeychainPrompt: true,
+                                                                        respectKeychainPromptCooldown: false)
+                                                                }
+                                                        }
+                                                }
                                         }
-                                }
-                            }
-                        })
+                                    }
+                                })
 
-                    #expect(creds.accessToken == "security-load-with-prompt")
-                    #expect(fingerprintStore.fingerprint == nil)
+                            #expect(creds.accessToken == "security-load-with-prompt")
+                            #expect(fingerprintStore.fingerprint == nil)
+                        }
+                    }
                 }
             }
         }
     }
 
     @Test
-    func experimentalReader_loadWithPrompt_doesNotReadWhenGlobalKeychainDisabled() throws {
+    func `experimental reader load with prompt does not read when global keychain disabled`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(true) {
@@ -830,7 +848,7 @@ struct ClaudeOAuthCredentialsStoreSecurityCLITests {
 
                     do {
                         _ = try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                            .securityCLI,
+                            .securityCLIExperimental,
                             operation: {
                                 try ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.always) {
                                     try ProviderInteractionContext.$current.withValue(.userInitiated) {
diff --git a/Tests/CodexBarTests/ClaudeOAuthCredentialsStoreTemporaryKeychainCacheTests.swift b/Tests/CodexBarTests/ClaudeOAuthCredentialsStoreTemporaryKeychainCacheTests.swift
new file mode 100644
index 000000000..b9e0630f5
--- /dev/null
+++ b/Tests/CodexBarTests/ClaudeOAuthCredentialsStoreTemporaryKeychainCacheTests.swift
@@ -0,0 +1,237 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct ClaudeOAuthCredentialsStoreTemporaryKeychainCacheTests {
+    private struct WrongCacheEntry: Codable {
+        let value: String
+    }
+
+    private func makeCredentialsData(accessToken: String, expiresAt: Date, refreshToken: String? = nil) -> Data {
+        let millis = Int(expiresAt.timeIntervalSince1970 * 1000)
+        let refreshField: String = {
+            guard let refreshToken else { return "" }
+            return ",\n            \"refreshToken\": \"\(refreshToken)\""
+        }()
+        let json = """
+        {
+          "claudeAiOauth": {
+            "accessToken": "\(accessToken)",
+            "expiresAt": \(millis),
+            "scopes": ["user:profile"]\(refreshField)
+          }
+        }
+        """
+        return Data(json.utf8)
+    }
+
+    #if os(macOS)
+    @Test
+    func `credentials file invalidation preserves keychain cache when temporarily unavailable`() throws {
+        let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
+        try KeychainCacheStore.withServiceOverrideForTesting(service) {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+            try ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                try ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                    ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
+                    defer { ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting() }
+
+                    let tempDir = FileManager.default.temporaryDirectory
+                        .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                    try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+                    let fileURL = tempDir.appendingPathComponent("credentials.json")
+                    try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                        let firstFile = self.makeCredentialsData(
+                            accessToken: "first-file",
+                            expiresAt: Date(timeIntervalSinceNow: 3600))
+                        try firstFile.write(to: fileURL)
+                        #expect(ClaudeOAuthCredentialsStore.invalidateCacheIfCredentialsFileChanged())
+
+                        let cacheKey = KeychainCacheStore.Key.oauth(provider: .claude)
+                        let cachedData = self.makeCredentialsData(
+                            accessToken: "cached-token",
+                            expiresAt: Date(timeIntervalSinceNow: 3600))
+                        KeychainCacheStore.store(
+                            key: cacheKey,
+                            entry: ClaudeOAuthCredentialsStore.CacheEntry(
+                                data: cachedData,
+                                storedAt: Date(),
+                                owner: .claudeCLI))
+                        defer { KeychainCacheStore.clear(key: cacheKey) }
+
+                        let updatedFile = self.makeCredentialsData(
+                            accessToken: "updated-file-token-longer",
+                            expiresAt: Date(timeIntervalSinceNow: 3600))
+                        try updatedFile.write(to: fileURL)
+
+                        KeychainCacheStore.withLoadFailureStatusOverrideForTesting(errSecInteractionNotAllowed) {
+                            #expect(ClaudeOAuthCredentialsStore.invalidateCacheIfCredentialsFileChanged())
+                        }
+
+                        switch KeychainCacheStore.load(
+                            key: cacheKey,
+                            as: ClaudeOAuthCredentialsStore.CacheEntry.self)
+                        {
+                        case let .found(entry):
+                            let parsed = try ClaudeOAuthCredentials.parse(data: entry.data)
+                            #expect(parsed.accessToken == "cached-token")
+                        case .missing, .temporarilyUnavailable, .invalid:
+                            #expect(Bool(false), "Expected temporary unavailability not to clear Claude cache")
+                        }
+
+                        #expect(ClaudeOAuthCredentialsStore.invalidateCacheIfCredentialsFileChanged())
+
+                        switch KeychainCacheStore.load(
+                            key: cacheKey,
+                            as: ClaudeOAuthCredentialsStore.CacheEntry.self)
+                        {
+                        case .missing:
+                            #expect(true)
+                        case .found, .temporarilyUnavailable, .invalid:
+                            #expect(Bool(false), "Expected pending invalidation to clear stale Claude cache")
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    @Test
+    func `temporary keychain cache unavailability does not overwrite cache from credentials file fallback`() throws {
+        let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
+        try KeychainCacheStore.withServiceOverrideForTesting(service) {
+            try KeychainAccessGate.withTaskOverrideForTesting(true) {
+                KeychainCacheStore.setTestStoreForTesting(true)
+                defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+                try ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                    try ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                        ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
+                        defer { ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting() }
+
+                        let tempDir = FileManager.default.temporaryDirectory
+                            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+                        let fileURL = tempDir.appendingPathComponent("credentials.json")
+                        try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                            let fileData = self.makeCredentialsData(
+                                accessToken: "file-fallback-token",
+                                expiresAt: Date(timeIntervalSinceNow: 3600))
+                            try fileData.write(to: fileURL)
+
+                            let cacheKey = KeychainCacheStore.Key.oauth(provider: .claude)
+                            let cachedData = self.makeCredentialsData(
+                                accessToken: "cached-token",
+                                expiresAt: Date(timeIntervalSinceNow: 3600))
+                            KeychainCacheStore.store(
+                                key: cacheKey,
+                                entry: ClaudeOAuthCredentialsStore.CacheEntry(
+                                    data: cachedData,
+                                    storedAt: Date(),
+                                    owner: .claudeCLI))
+                            defer { KeychainCacheStore.clear(key: cacheKey) }
+
+                            let loaded = try KeychainCacheStore.withLoadFailureStatusOverrideForTesting(
+                                errSecInteractionNotAllowed)
+                            {
+                                try ClaudeOAuthCredentialsStore.load(environment: [:], allowKeychainPrompt: false)
+                            }
+                            #expect(loaded.accessToken == "file-fallback-token")
+
+                            switch KeychainCacheStore.load(
+                                key: cacheKey,
+                                as: ClaudeOAuthCredentialsStore.CacheEntry.self)
+                            {
+                            case let .found(entry):
+                                let parsed = try ClaudeOAuthCredentials.parse(data: entry.data)
+                                #expect(parsed.accessToken == "cached-token")
+                            case .missing, .temporarilyUnavailable, .invalid:
+                                #expect(Bool(false), "Expected file fallback not to overwrite unavailable cache")
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    @Test
+    func `has cached credentials treats temporary keychain cache unavailability as present`() {
+        let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
+        KeychainCacheStore.withServiceOverrideForTesting(service) {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+            ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                ClaudeOAuthCredentialsStore.invalidateCache()
+                let cacheKey = KeychainCacheStore.Key.oauth(provider: .claude)
+                let cachedData = self.makeCredentialsData(
+                    accessToken: "cached-token",
+                    expiresAt: Date(timeIntervalSinceNow: 3600))
+                KeychainCacheStore.store(
+                    key: cacheKey,
+                    entry: ClaudeOAuthCredentialsStore.CacheEntry(data: cachedData, storedAt: Date()))
+                defer { KeychainCacheStore.clear(key: cacheKey) }
+
+                let hasCached = KeychainCacheStore.withLoadFailureStatusOverrideForTesting(
+                    errSecInteractionNotAllowed)
+                {
+                    ClaudeOAuthCredentialsStore.hasCachedCredentials(environment: [:])
+                }
+
+                #expect(hasCached == true)
+            }
+        }
+    }
+    #endif
+
+    @Test
+    func `invalid keychain cache is cleared by load`() throws {
+        let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
+        try KeychainCacheStore.withServiceOverrideForTesting(service) {
+            try KeychainAccessGate.withTaskOverrideForTesting(true) {
+                KeychainCacheStore.setTestStoreForTesting(true)
+                defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+                ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
+                defer { ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting() }
+
+                try ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                    try ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                        let tempDir = FileManager.default.temporaryDirectory
+                            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+                        let fileURL = tempDir.appendingPathComponent("credentials.json")
+                        try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                            let cacheKey = KeychainCacheStore.Key.oauth(provider: .claude)
+                            KeychainCacheStore.store(key: cacheKey, entry: WrongCacheEntry(value: "wrong-shape"))
+
+                            do {
+                                _ = try ClaudeOAuthCredentialsStore.load(environment: [:], allowKeychainPrompt: false)
+                                Issue.record("Expected ClaudeOAuthCredentialsError.notFound")
+                            } catch let error as ClaudeOAuthCredentialsError {
+                                guard case .notFound = error else {
+                                    Issue.record("Expected .notFound, got \(error)")
+                                    return
+                                }
+                            }
+
+                            switch KeychainCacheStore.load(
+                                key: cacheKey,
+                                as: ClaudeOAuthCredentialsStore.CacheEntry.self)
+                            {
+                            case .missing:
+                                #expect(true)
+                            case .found, .temporarilyUnavailable, .invalid:
+                                #expect(Bool(false), "Expected invalid Claude cache to be cleared")
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+}
diff --git a/Tests/CodexBarTests/ClaudeOAuthCredentialsStoreTests.swift b/Tests/CodexBarTests/ClaudeOAuthCredentialsStoreTests.swift
index f8cb007c4..ff4fddba8 100644
--- a/Tests/CodexBarTests/ClaudeOAuthCredentialsStoreTests.swift
+++ b/Tests/CodexBarTests/ClaudeOAuthCredentialsStoreTests.swift
@@ -23,7 +23,7 @@ struct ClaudeOAuthCredentialsStoreTests {
     }
 
     @Test
-    func loadsFromKeychainCacheBeforeExpiredFile() throws {
+    func `loads from keychain cache before expired file`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try ProviderInteractionContext.$current.withValue(.background) {
             try KeychainCacheStore.withServiceOverrideForTesting(service) {
@@ -91,7 +91,7 @@ struct ClaudeOAuthCredentialsStoreTests {
     }
 
     @Test
-    func loadRecord_nonInteractiveRepairCanBeDisabled() throws {
+    func `load record non interactive repair can be disabled`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             KeychainCacheStore.setTestStoreForTesting(true)
@@ -115,38 +115,34 @@ struct ClaudeOAuthCredentialsStoreTests {
                             expiresAt: Date(timeIntervalSinceNow: 3600))
 
                         // Simulate Claude Keychain containing creds, without querying the real Keychain.
-                        try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                            .securityFramework)
-                        {
-                            try ProviderInteractionContext.$current.withValue(.userInitiated) {
-                                try ClaudeOAuthCredentialsStore
-                                    .withClaudeKeychainOverridesForTesting(data: keychainData, fingerprint: nil) {
-                                        // When repair is disabled, non-interactive loads should not consult Claude's
-                                        // keychain data.
-                                        do {
-                                            _ = try ClaudeOAuthCredentialsStore.loadRecord(
-                                                environment: [:],
-                                                allowKeychainPrompt: false,
-                                                respectKeychainPromptCooldown: true,
-                                                allowClaudeKeychainRepairWithoutPrompt: false)
-                                            Issue.record("Expected ClaudeOAuthCredentialsError.notFound")
-                                        } catch let error as ClaudeOAuthCredentialsError {
-                                            guard case .notFound = error else {
-                                                Issue.record("Expected .notFound, got \(error)")
-                                                return
-                                            }
-                                        }
-
-                                        // With repair enabled, we should be able to seed from the "Claude keychain"
-                                        // override.
-                                        let record = try ClaudeOAuthCredentialsStore.loadRecord(
+                        try ProviderInteractionContext.$current.withValue(.userInitiated) {
+                            try ClaudeOAuthCredentialsStore
+                                .withClaudeKeychainOverridesForTesting(data: keychainData, fingerprint: nil) {
+                                    // When repair is disabled, non-interactive loads should not consult Claude's
+                                    // keychain data.
+                                    do {
+                                        _ = try ClaudeOAuthCredentialsStore.loadRecord(
                                             environment: [:],
                                             allowKeychainPrompt: false,
                                             respectKeychainPromptCooldown: true,
-                                            allowClaudeKeychainRepairWithoutPrompt: true)
-                                        #expect(record.credentials.accessToken == "claude-keychain")
+                                            allowClaudeKeychainRepairWithoutPrompt: false)
+                                        Issue.record("Expected ClaudeOAuthCredentialsError.notFound")
+                                    } catch let error as ClaudeOAuthCredentialsError {
+                                        guard case .notFound = error else {
+                                            Issue.record("Expected .notFound, got \(error)")
+                                            return
+                                        }
                                     }
-                            }
+
+                                    // With repair enabled, we should be able to seed from the "Claude keychain"
+                                    // override.
+                                    let record = try ClaudeOAuthCredentialsStore.loadRecord(
+                                        environment: [:],
+                                        allowKeychainPrompt: false,
+                                        respectKeychainPromptCooldown: true,
+                                        allowClaudeKeychainRepairWithoutPrompt: true)
+                                    #expect(record.credentials.accessToken == "claude-keychain")
+                                }
                         }
                     }
                 }
@@ -155,7 +151,7 @@ struct ClaudeOAuthCredentialsStoreTests {
     }
 
     @Test
-    func invalidatesCacheWhenCredentialsFileChanges() throws {
+    func `invalidates cache when credentials file changes`() throws {
         KeychainCacheStore.setTestStoreForTesting(true)
         defer { KeychainCacheStore.setTestStoreForTesting(false) }
 
@@ -164,38 +160,42 @@ struct ClaudeOAuthCredentialsStoreTests {
 
         // Avoid interacting with the real Keychain in unit tests.
         try ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(true) {
-            let tempDir = FileManager.default.temporaryDirectory
-                .appendingPathComponent(UUID().uuidString, isDirectory: true)
-            try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
-            let fileURL = tempDir.appendingPathComponent("credentials.json")
-            try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
-                let first = self.makeCredentialsData(
-                    accessToken: "first",
-                    expiresAt: Date(timeIntervalSinceNow: 3600))
-                try first.write(to: fileURL)
+            try ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                try ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                    let tempDir = FileManager.default.temporaryDirectory
+                        .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                    try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+                    let fileURL = tempDir.appendingPathComponent("credentials.json")
+                    try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                        let first = self.makeCredentialsData(
+                            accessToken: "first",
+                            expiresAt: Date(timeIntervalSinceNow: 3600))
+                        try first.write(to: fileURL)
 
-                let cacheKey = KeychainCacheStore.Key.oauth(provider: .claude)
-                let cacheEntry = ClaudeOAuthCredentialsStore.CacheEntry(data: first, storedAt: Date())
-                KeychainCacheStore.store(key: cacheKey, entry: cacheEntry)
+                        let cacheKey = KeychainCacheStore.Key.oauth(provider: .claude)
+                        let cacheEntry = ClaudeOAuthCredentialsStore.CacheEntry(data: first, storedAt: Date())
+                        KeychainCacheStore.store(key: cacheKey, entry: cacheEntry)
 
-                _ = try ClaudeOAuthCredentialsStore.load(environment: [:])
+                        _ = try ClaudeOAuthCredentialsStore.load(environment: [:])
 
-                let updated = self.makeCredentialsData(
-                    accessToken: "second",
-                    expiresAt: Date(timeIntervalSinceNow: 3600))
-                try updated.write(to: fileURL)
+                        let updated = self.makeCredentialsData(
+                            accessToken: "second",
+                            expiresAt: Date(timeIntervalSinceNow: 3600))
+                        try updated.write(to: fileURL)
 
-                #expect(ClaudeOAuthCredentialsStore.invalidateCacheIfCredentialsFileChanged())
-                KeychainCacheStore.clear(key: cacheKey)
+                        #expect(ClaudeOAuthCredentialsStore.invalidateCacheIfCredentialsFileChanged())
+                        KeychainCacheStore.clear(key: cacheKey)
 
-                let creds = try ClaudeOAuthCredentialsStore.load(environment: [:])
-                #expect(creds.accessToken == "second")
+                        let creds = try ClaudeOAuthCredentialsStore.load(environment: [:])
+                        #expect(creds.accessToken == "second")
+                    }
+                }
             }
         }
     }
 
     @Test
-    func returnsExpiredFileWhenNoOtherSources() throws {
+    func `returns expired file when no other sources`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(true) {
@@ -230,54 +230,57 @@ struct ClaudeOAuthCredentialsStoreTests {
     }
 
     @Test
-    func loadWithAutoRefresh_expiredClaudeCLIOwner_throwsDelegatedRefresh() async throws {
-        KeychainCacheStore.setTestStoreForTesting(true)
-        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+    func `load with auto refresh expired claude CLI owner throws delegated refresh`() async throws {
+        let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
+        try await KeychainCacheStore.withServiceOverrideForTesting(service) {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
 
-        ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
-        defer { ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting() }
+            ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
+            defer { ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting() }
 
-        let tempDir = FileManager.default.temporaryDirectory
-            .appendingPathComponent(UUID().uuidString, isDirectory: true)
-        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
-        let fileURL = tempDir.appendingPathComponent("credentials.json")
-        await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
-            await ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(true) {
-                ClaudeOAuthCredentialsStore.invalidateCache()
-                let cacheKey = KeychainCacheStore.Key.oauth(provider: .claude)
-                defer { KeychainCacheStore.clear(key: cacheKey) }
+            let tempDir = FileManager.default.temporaryDirectory
+                .appendingPathComponent(UUID().uuidString, isDirectory: true)
+            try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+            let fileURL = tempDir.appendingPathComponent("credentials.json")
+            await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                await ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(true) {
+                    ClaudeOAuthCredentialsStore.invalidateCache()
+                    let cacheKey = KeychainCacheStore.Key.oauth(provider: .claude)
+                    defer { KeychainCacheStore.clear(key: cacheKey) }
 
-                let expiredData = self.makeCredentialsData(
-                    accessToken: "expired-claude-cli-owner",
-                    expiresAt: Date(timeIntervalSinceNow: -3600),
-                    refreshToken: "refresh-token")
-                KeychainCacheStore.store(
-                    key: cacheKey,
-                    entry: ClaudeOAuthCredentialsStore.CacheEntry(
-                        data: expiredData,
-                        storedAt: Date(),
-                        owner: .claudeCLI))
+                    let expiredData = self.makeCredentialsData(
+                        accessToken: "expired-claude-cli-owner",
+                        expiresAt: Date(timeIntervalSinceNow: -3600),
+                        refreshToken: "refresh-token")
+                    KeychainCacheStore.store(
+                        key: cacheKey,
+                        entry: ClaudeOAuthCredentialsStore.CacheEntry(
+                            data: expiredData,
+                            storedAt: Date(),
+                            owner: .claudeCLI))
 
-                do {
-                    _ = try await ClaudeOAuthCredentialsStore.loadWithAutoRefresh(
-                        environment: [:],
-                        allowKeychainPrompt: false,
-                        respectKeychainPromptCooldown: true)
-                    Issue.record("Expected delegated refresh error for Claude CLI-owned credentials")
-                } catch let error as ClaudeOAuthCredentialsError {
-                    guard case .refreshDelegatedToClaudeCLI = error else {
-                        Issue.record("Expected .refreshDelegatedToClaudeCLI, got \(error)")
-                        return
+                    do {
+                        _ = try await ClaudeOAuthCredentialsStore.loadWithAutoRefresh(
+                            environment: [:],
+                            allowKeychainPrompt: false,
+                            respectKeychainPromptCooldown: true)
+                        Issue.record("Expected delegated refresh error for Claude CLI-owned credentials")
+                    } catch let error as ClaudeOAuthCredentialsError {
+                        guard case .refreshDelegatedToClaudeCLI = error else {
+                            Issue.record("Expected .refreshDelegatedToClaudeCLI, got \(error)")
+                            return
+                        }
+                    } catch {
+                        Issue.record("Expected ClaudeOAuthCredentialsError, got \(error)")
                     }
-                } catch {
-                    Issue.record("Expected ClaudeOAuthCredentialsError, got \(error)")
                 }
             }
         }
     }
 
     @Test
-    func loadWithAutoRefresh_expiredCodexbarOwner_usesDirectRefreshPath() async throws {
+    func `load with auto refresh expired codexbar owner uses direct refresh path`() async throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try await KeychainCacheStore.withServiceOverrideForTesting(service) {
             KeychainCacheStore.setTestStoreForTesting(true)
@@ -329,7 +332,7 @@ struct ClaudeOAuthCredentialsStoreTests {
     }
 
     @Test
-    func loadRecord_legacyCacheEntryWithoutOwner_defaultsToClaudeCLIOwner() throws {
+    func `load record legacy cache entry without owner defaults to claude CLI owner`() throws {
         KeychainCacheStore.setTestStoreForTesting(true)
         defer { KeychainCacheStore.setTestStoreForTesting(false) }
 
@@ -340,34 +343,36 @@ struct ClaudeOAuthCredentialsStoreTests {
             .appendingPathComponent(UUID().uuidString, isDirectory: true)
         try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
         let fileURL = tempDir.appendingPathComponent("credentials.json")
-        try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
-            try ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(true) {
-                ClaudeOAuthCredentialsStore.invalidateCache()
-                let cacheKey = KeychainCacheStore.Key.oauth(provider: .claude)
-                defer { KeychainCacheStore.clear(key: cacheKey) }
+        try ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+            try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                try ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(true) {
+                    ClaudeOAuthCredentialsStore.invalidateCache()
+                    let cacheKey = KeychainCacheStore.Key.oauth(provider: .claude)
+                    defer { KeychainCacheStore.clear(key: cacheKey) }
 
-                let validData = self.makeCredentialsData(
-                    accessToken: "legacy-owner",
-                    expiresAt: Date(timeIntervalSinceNow: 3600),
-                    refreshToken: "refresh-token")
-                KeychainCacheStore.store(
-                    key: cacheKey,
-                    entry: ClaudeOAuthCredentialsStore.CacheEntry(
-                        data: validData,
-                        storedAt: Date()))
-
-                let record = try ClaudeOAuthCredentialsStore.loadRecord(
-                    environment: [:],
-                    allowKeychainPrompt: false,
-                    respectKeychainPromptCooldown: true)
-                #expect(record.owner == .claudeCLI)
-                #expect(record.source == .cacheKeychain)
+                    let validData = self.makeCredentialsData(
+                        accessToken: "legacy-owner",
+                        expiresAt: Date(timeIntervalSinceNow: 3600),
+                        refreshToken: "refresh-token")
+                    KeychainCacheStore.store(
+                        key: cacheKey,
+                        entry: ClaudeOAuthCredentialsStore.CacheEntry(
+                            data: validData,
+                            storedAt: Date()))
+
+                    let record = try ClaudeOAuthCredentialsStore.loadRecord(
+                        environment: [:],
+                        allowKeychainPrompt: false,
+                        respectKeychainPromptCooldown: true)
+                    #expect(record.owner == .claudeCLI)
+                    #expect(record.source == .cacheKeychain)
+                }
             }
         }
     }
 
     @Test
-    func hasCachedCredentials_returnsFalseForExpiredUnrefreshableCodexbarCacheEntry() throws {
+    func `has cached credentials returns false for expired unrefreshable codexbar cache entry`() throws {
         KeychainCacheStore.setTestStoreForTesting(true)
         defer { KeychainCacheStore.setTestStoreForTesting(false) }
 
@@ -397,7 +402,7 @@ struct ClaudeOAuthCredentialsStoreTests {
     }
 
     @Test
-    func hasCachedCredentials_returnsTrueForExpiredRefreshableCacheEntry() throws {
+    func `has cached credentials returns true for expired refreshable cache entry`() throws {
         KeychainCacheStore.setTestStoreForTesting(true)
         defer { KeychainCacheStore.setTestStoreForTesting(false) }
 
@@ -424,7 +429,7 @@ struct ClaudeOAuthCredentialsStoreTests {
     }
 
     @Test
-    func hasCachedCredentials_returnsTrueForExpiredClaudeCLIBackedCredentialsFile() throws {
+    func `has cached credentials returns true for expired claude CLI backed credentials file`() throws {
         KeychainCacheStore.setTestStoreForTesting(true)
         defer { KeychainCacheStore.setTestStoreForTesting(false) }
 
@@ -449,7 +454,7 @@ struct ClaudeOAuthCredentialsStoreTests {
     }
 
     @Test
-    func syncsCacheWhenClaudeKeychainFingerprintChangesAndTokenDiffers() throws {
+    func `syncs cache when claude keychain fingerprint changes and token differs`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -492,22 +497,16 @@ struct ClaudeOAuthCredentialsStoreTests {
                         createdAt: 1,
                         persistentRefHash: "ref1")
 
-                    let first = try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                        .securityFramework)
-                    {
-                        try ProviderInteractionContext.$current.withValue(.userInitiated) {
-                            try ClaudeOAuthCredentialsStore.withClaudeKeychainFingerprintStoreOverrideForTesting(
-                                fingerprintStore)
-                            {
-                                try ClaudeOAuthKeychainAccessGate.withShouldAllowPromptOverrideForTesting(true) {
-                                    try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
-                                        data: cachedData,
-                                        fingerprint: fingerprint1)
-                                    {
-                                        try ClaudeOAuthCredentialsStore.load(
-                                            environment: [:],
-                                            allowKeychainPrompt: false)
-                                    }
+                    let first = try ProviderInteractionContext.$current.withValue(.userInitiated) {
+                        try ClaudeOAuthCredentialsStore.withClaudeKeychainFingerprintStoreOverrideForTesting(
+                            fingerprintStore)
+                        {
+                            try ClaudeOAuthKeychainAccessGate.withShouldAllowPromptOverrideForTesting(true) {
+                                try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                    data: cachedData,
+                                    fingerprint: fingerprint1)
+                                {
+                                    try ClaudeOAuthCredentialsStore.load(environment: [:], allowKeychainPrompt: false)
                                 }
                             }
                         }
@@ -526,22 +525,16 @@ struct ClaudeOAuthCredentialsStoreTests {
                         accessToken: "keychain-token",
                         expiresAt: Date(timeIntervalSinceNow: 3600))
 
-                    let second = try ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                        .securityFramework)
-                    {
-                        try ProviderInteractionContext.$current.withValue(.userInitiated) {
-                            try ClaudeOAuthCredentialsStore.withClaudeKeychainFingerprintStoreOverrideForTesting(
-                                fingerprintStore)
-                            {
-                                try ClaudeOAuthKeychainAccessGate.withShouldAllowPromptOverrideForTesting(true) {
-                                    try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
-                                        data: keychainData,
-                                        fingerprint: fingerprint2)
-                                    {
-                                        try ClaudeOAuthCredentialsStore.load(
-                                            environment: [:],
-                                            allowKeychainPrompt: false)
-                                    }
+                    let second = try ProviderInteractionContext.$current.withValue(.userInitiated) {
+                        try ClaudeOAuthCredentialsStore.withClaudeKeychainFingerprintStoreOverrideForTesting(
+                            fingerprintStore)
+                        {
+                            try ClaudeOAuthKeychainAccessGate.withShouldAllowPromptOverrideForTesting(true) {
+                                try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                    data: keychainData,
+                                    fingerprint: fingerprint2)
+                                {
+                                    try ClaudeOAuthCredentialsStore.load(environment: [:], allowKeychainPrompt: false)
                                 }
                             }
                         }
@@ -562,7 +555,7 @@ struct ClaudeOAuthCredentialsStoreTests {
     }
 
     @Test
-    func doesNotSyncInBackgroundWhenCacheValidAndPromptModeOnlyOnUserAction() throws {
+    func `does not sync in background when cache valid and prompt mode only on user action`() throws {
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
         try KeychainCacheStore.withServiceOverrideForTesting(service) {
             try KeychainAccessGate.withTaskOverrideForTesting(false) {
@@ -649,142 +642,74 @@ struct ClaudeOAuthCredentialsStoreTests {
     }
 
     @Test
-    func doesNotSyncWhenClaudeKeychainFingerprintUnchanged() throws {
+    func `does not sync when claude keychain fingerprint unchanged`() throws {
         KeychainCacheStore.setTestStoreForTesting(true)
         defer { KeychainCacheStore.setTestStoreForTesting(false) }
 
-        ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
-        defer { ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting() }
+        try ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+            try ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                ClaudeOAuthCredentialsStore.invalidateCache()
+                ClaudeOAuthCredentialsStore._resetClaudeKeychainChangeTrackingForTesting()
+                defer {
+                    ClaudeOAuthCredentialsStore.invalidateCache()
+                    ClaudeOAuthCredentialsStore._resetClaudeKeychainChangeTrackingForTesting()
+                }
 
-        ClaudeOAuthCredentialsStore.invalidateCache()
-        ClaudeOAuthCredentialsStore._resetClaudeKeychainChangeTrackingForTesting()
-        defer {
-            ClaudeOAuthCredentialsStore.invalidateCache()
-            ClaudeOAuthCredentialsStore._resetClaudeKeychainChangeTrackingForTesting()
-            ClaudeOAuthCredentialsStore.setClaudeKeychainDataOverrideForTesting(nil)
-            ClaudeOAuthCredentialsStore.setClaudeKeychainFingerprintOverrideForTesting(nil)
-        }
+                let cacheKey = KeychainCacheStore.Key.oauth(provider: .claude)
+                let cachedData = self.makeCredentialsData(
+                    accessToken: "cached-token",
+                    expiresAt: Date(timeIntervalSinceNow: 3600))
+                KeychainCacheStore.store(
+                    key: cacheKey,
+                    entry: ClaudeOAuthCredentialsStore.CacheEntry(data: cachedData, storedAt: Date()))
+
+                let fingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                    modifiedAt: 1,
+                    createdAt: 1,
+                    persistentRefHash: "ref1")
+                let first = try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                    data: cachedData,
+                    fingerprint: fingerprint,
+                    operation: {
+                        try ClaudeOAuthCredentialsStore.load(environment: [:], allowKeychainPrompt: false)
+                    })
+                #expect(first.accessToken == "cached-token")
 
-        let cacheKey = KeychainCacheStore.Key.oauth(provider: .claude)
-        let cachedData = self.makeCredentialsData(
-            accessToken: "cached-token",
-            expiresAt: Date(timeIntervalSinceNow: 3600))
-        KeychainCacheStore.store(
-            key: cacheKey,
-            entry: ClaudeOAuthCredentialsStore.CacheEntry(data: cachedData, storedAt: Date()))
+                ClaudeOAuthCredentialsStore._resetClaudeKeychainChangeThrottleForTesting()
+                let keychainData = self.makeCredentialsData(
+                    accessToken: "keychain-token",
+                    expiresAt: Date(timeIntervalSinceNow: 3600))
+                let second = try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                    data: keychainData,
+                    fingerprint: fingerprint,
+                    operation: {
+                        try ClaudeOAuthCredentialsStore.load(environment: [:], allowKeychainPrompt: false)
+                    })
+                #expect(second.accessToken == "cached-token")
 
-        let fingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
-            modifiedAt: 1,
-            createdAt: 1,
-            persistentRefHash: "ref1")
-        ClaudeOAuthCredentialsStore.setClaudeKeychainFingerprintOverrideForTesting(fingerprint)
-        ClaudeOAuthCredentialsStore.setClaudeKeychainDataOverrideForTesting(cachedData)
-
-        let first = try ClaudeOAuthCredentialsStore.load(environment: [:], allowKeychainPrompt: false)
-        #expect(first.accessToken == "cached-token")
-
-        ClaudeOAuthCredentialsStore._resetClaudeKeychainChangeThrottleForTesting()
-        let keychainData = self.makeCredentialsData(
-            accessToken: "keychain-token",
-            expiresAt: Date(timeIntervalSinceNow: 3600))
-        ClaudeOAuthCredentialsStore.setClaudeKeychainDataOverrideForTesting(keychainData)
-
-        let second = try ClaudeOAuthCredentialsStore.load(environment: [:], allowKeychainPrompt: false)
-        #expect(second.accessToken == "cached-token")
-
-        switch KeychainCacheStore.load(key: cacheKey, as: ClaudeOAuthCredentialsStore.CacheEntry.self) {
-        case let .found(entry):
-            let parsed = try ClaudeOAuthCredentials.parse(data: entry.data)
-            #expect(parsed.accessToken == "cached-token")
-        default:
-            #expect(Bool(false))
+                switch KeychainCacheStore.load(key: cacheKey, as: ClaudeOAuthCredentialsStore.CacheEntry.self) {
+                case let .found(entry):
+                    let parsed = try ClaudeOAuthCredentials.parse(data: entry.data)
+                    #expect(parsed.accessToken == "cached-token")
+                default:
+                    #expect(Bool(false))
+                }
+            }
         }
     }
 
     @Test
-    func doesNotSyncWhenKeychainCredentialsExpiredButCacheValid() throws {
+    func `does not sync when keychain credentials expired but cache valid`() throws {
         KeychainCacheStore.setTestStoreForTesting(true)
         defer { KeychainCacheStore.setTestStoreForTesting(false) }
 
-        ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
-        defer { ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting() }
-
-        ClaudeOAuthCredentialsStore.invalidateCache()
-        ClaudeOAuthCredentialsStore._resetClaudeKeychainChangeTrackingForTesting()
-        defer {
-            ClaudeOAuthCredentialsStore.invalidateCache()
-            ClaudeOAuthCredentialsStore._resetClaudeKeychainChangeTrackingForTesting()
-            ClaudeOAuthCredentialsStore.setClaudeKeychainDataOverrideForTesting(nil)
-            ClaudeOAuthCredentialsStore.setClaudeKeychainFingerprintOverrideForTesting(nil)
-        }
-
-        let cacheKey = KeychainCacheStore.Key.oauth(provider: .claude)
-        let cachedData = self.makeCredentialsData(
-            accessToken: "cached-token",
-            expiresAt: Date(timeIntervalSinceNow: 3600))
-        KeychainCacheStore.store(
-            key: cacheKey,
-            entry: ClaudeOAuthCredentialsStore.CacheEntry(data: cachedData, storedAt: Date()))
-
-        ClaudeOAuthCredentialsStore.setClaudeKeychainFingerprintOverrideForTesting(
-            ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
-                modifiedAt: 1,
-                createdAt: 1,
-                persistentRefHash: "ref1"))
-        ClaudeOAuthCredentialsStore.setClaudeKeychainDataOverrideForTesting(cachedData)
-
-        let first = try ClaudeOAuthCredentialsStore.load(environment: [:], allowKeychainPrompt: false)
-        #expect(first.accessToken == "cached-token")
-
-        ClaudeOAuthCredentialsStore._resetClaudeKeychainChangeThrottleForTesting()
-
-        ClaudeOAuthCredentialsStore.setClaudeKeychainFingerprintOverrideForTesting(
-            ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
-                modifiedAt: 2,
-                createdAt: 2,
-                persistentRefHash: "ref2"))
-        let expiredKeychainData = self.makeCredentialsData(
-            accessToken: "expired-keychain-token",
-            expiresAt: Date(timeIntervalSinceNow: -3600))
-        ClaudeOAuthCredentialsStore.setClaudeKeychainDataOverrideForTesting(expiredKeychainData)
-
-        let second = try ClaudeOAuthCredentialsStore.load(environment: [:], allowKeychainPrompt: false)
-        #expect(second.accessToken == "cached-token")
-
-        switch KeychainCacheStore.load(key: cacheKey, as: ClaudeOAuthCredentialsStore.CacheEntry.self) {
-        case let .found(entry):
-            let parsed = try ClaudeOAuthCredentials.parse(data: entry.data)
-            #expect(parsed.accessToken == "cached-token")
-        default:
-            #expect(Bool(false))
-        }
-    }
-
-    @Test
-    func respectsPromptCooldownGateWhenDisabledPrompting() throws {
-        let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
-        try KeychainCacheStore.withServiceOverrideForTesting(service) {
-            KeychainCacheStore.setTestStoreForTesting(true)
-            defer { KeychainCacheStore.setTestStoreForTesting(false) }
-
-            ClaudeOAuthKeychainAccessGate.resetForTesting()
-            defer { ClaudeOAuthKeychainAccessGate.resetForTesting() }
-
-            ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
-            defer { ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting() }
-
-            let tempDir = FileManager.default.temporaryDirectory
-                .appendingPathComponent(UUID().uuidString, isDirectory: true)
-            try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
-            let fileURL = tempDir.appendingPathComponent("credentials.json")
-            try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+        try ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+            try ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
                 ClaudeOAuthCredentialsStore.invalidateCache()
                 ClaudeOAuthCredentialsStore._resetClaudeKeychainChangeTrackingForTesting()
                 defer {
                     ClaudeOAuthCredentialsStore.invalidateCache()
                     ClaudeOAuthCredentialsStore._resetClaudeKeychainChangeTrackingForTesting()
-                    ClaudeOAuthCredentialsStore.setClaudeKeychainDataOverrideForTesting(nil)
-                    ClaudeOAuthCredentialsStore.setClaudeKeychainFingerprintOverrideForTesting(nil)
                 }
 
                 let cacheKey = KeychainCacheStore.Key.oauth(provider: .claude)
@@ -795,33 +720,31 @@ struct ClaudeOAuthCredentialsStoreTests {
                     key: cacheKey,
                     entry: ClaudeOAuthCredentialsStore.CacheEntry(data: cachedData, storedAt: Date()))
 
-                ClaudeOAuthCredentialsStore.setClaudeKeychainFingerprintOverrideForTesting(
-                    ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                let first = try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                    data: cachedData,
+                    fingerprint: ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
                         modifiedAt: 1,
                         createdAt: 1,
-                        persistentRefHash: "ref1"))
-                ClaudeOAuthCredentialsStore.setClaudeKeychainDataOverrideForTesting(cachedData)
-
-                let first = try ClaudeOAuthCredentialsStore.load(environment: [:], allowKeychainPrompt: false)
+                        persistentRefHash: "ref1"),
+                    operation: {
+                        try ClaudeOAuthCredentialsStore.load(environment: [:], allowKeychainPrompt: false)
+                    })
                 #expect(first.accessToken == "cached-token")
 
                 ClaudeOAuthCredentialsStore._resetClaudeKeychainChangeThrottleForTesting()
-                ClaudeOAuthKeychainAccessGate.recordDenied(now: Date())
 
-                ClaudeOAuthCredentialsStore.setClaudeKeychainFingerprintOverrideForTesting(
-                    ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                let expiredKeychainData = self.makeCredentialsData(
+                    accessToken: "expired-keychain-token",
+                    expiresAt: Date(timeIntervalSinceNow: -3600))
+                let second = try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                    data: expiredKeychainData,
+                    fingerprint: ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
                         modifiedAt: 2,
                         createdAt: 2,
-                        persistentRefHash: "ref2"))
-                let keychainData = self.makeCredentialsData(
-                    accessToken: "keychain-token",
-                    expiresAt: Date(timeIntervalSinceNow: 3600))
-                ClaudeOAuthCredentialsStore.setClaudeKeychainDataOverrideForTesting(keychainData)
-
-                let second = try ClaudeOAuthCredentialsStore.load(
-                    environment: [:],
-                    allowKeychainPrompt: false,
-                    respectKeychainPromptCooldown: true)
+                        persistentRefHash: "ref2"),
+                    operation: {
+                        try ClaudeOAuthCredentialsStore.load(environment: [:], allowKeychainPrompt: false)
+                    })
                 #expect(second.accessToken == "cached-token")
 
                 switch KeychainCacheStore.load(key: cacheKey, as: ClaudeOAuthCredentialsStore.CacheEntry.self) {
@@ -836,7 +759,83 @@ struct ClaudeOAuthCredentialsStoreTests {
     }
 
     @Test
-    func syncFromClaudeKeychainWithoutPrompt_respectsBackoffInBackground() {
+    func `respects prompt cooldown gate when disabled prompting`() throws {
+        let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
+        try KeychainCacheStore.withServiceOverrideForTesting(service) {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+            ClaudeOAuthKeychainAccessGate.resetForTesting()
+            defer { ClaudeOAuthKeychainAccessGate.resetForTesting() }
+
+            let tempDir = FileManager.default.temporaryDirectory
+                .appendingPathComponent(UUID().uuidString, isDirectory: true)
+            try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+            let fileURL = tempDir.appendingPathComponent("credentials.json")
+            try ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                try ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                    try ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                        ClaudeOAuthCredentialsStore.invalidateCache()
+                        ClaudeOAuthCredentialsStore._resetClaudeKeychainChangeTrackingForTesting()
+                        defer {
+                            ClaudeOAuthCredentialsStore.invalidateCache()
+                            ClaudeOAuthCredentialsStore._resetClaudeKeychainChangeTrackingForTesting()
+                        }
+
+                        let cacheKey = KeychainCacheStore.Key.oauth(provider: .claude)
+                        let cachedData = self.makeCredentialsData(
+                            accessToken: "cached-token",
+                            expiresAt: Date(timeIntervalSinceNow: 3600))
+                        KeychainCacheStore.store(
+                            key: cacheKey,
+                            entry: ClaudeOAuthCredentialsStore.CacheEntry(data: cachedData, storedAt: Date()))
+
+                        let first = try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                            data: cachedData,
+                            fingerprint: ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                                modifiedAt: 1,
+                                createdAt: 1,
+                                persistentRefHash: "ref1"),
+                            operation: {
+                                try ClaudeOAuthCredentialsStore.load(environment: [:], allowKeychainPrompt: false)
+                            })
+                        #expect(first.accessToken == "cached-token")
+
+                        ClaudeOAuthCredentialsStore._resetClaudeKeychainChangeThrottleForTesting()
+                        ClaudeOAuthKeychainAccessGate.recordDenied(now: Date())
+
+                        let keychainData = self.makeCredentialsData(
+                            accessToken: "keychain-token",
+                            expiresAt: Date(timeIntervalSinceNow: 3600))
+                        let second = try ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                            data: keychainData,
+                            fingerprint: ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                                modifiedAt: 2,
+                                createdAt: 2,
+                                persistentRefHash: "ref2"),
+                            operation: {
+                                try ClaudeOAuthCredentialsStore.load(
+                                    environment: [:],
+                                    allowKeychainPrompt: false,
+                                    respectKeychainPromptCooldown: true)
+                            })
+                        #expect(second.accessToken == "cached-token")
+
+                        switch KeychainCacheStore.load(key: cacheKey, as: ClaudeOAuthCredentialsStore.CacheEntry.self) {
+                        case let .found(entry):
+                            let parsed = try ClaudeOAuthCredentials.parse(data: entry.data)
+                            #expect(parsed.accessToken == "cached-token")
+                        default:
+                            #expect(Bool(false))
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    @Test
+    func `sync from claude keychain without prompt respects backoff in background`() {
         ProviderInteractionContext.$current.withValue(.background) {
             KeychainAccessGate.withTaskOverrideForTesting(true) {
                 ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(true) {
@@ -862,4 +861,29 @@ struct ClaudeOAuthCredentialsStoreTests {
             }
         }
     }
+
+    @Test
+    func `testing override snapshot forwards mutable Claude keychain override store across detached task`() async {
+        let fingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+            modifiedAt: 11,
+            createdAt: 7,
+            persistentRefHash: "snapshot-store")
+        let store = ClaudeOAuthCredentialsStore.ClaudeKeychainOverrideStore(
+            data: nil,
+            fingerprint: fingerprint)
+
+        let forwarded = await ClaudeOAuthCredentialsStore.withMutableClaudeKeychainOverrideStoreForTesting(store) {
+            let snapshot = ClaudeOAuthCredentialsStore.currentTestingOverridesSnapshotForTask
+
+            return await Task.detached {
+                ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.always) {
+                    ClaudeOAuthCredentialsStore.withTestingOverridesSnapshotForTask(snapshot) {
+                        ClaudeOAuthCredentialsStore.currentClaudeKeychainFingerprintWithoutPromptForAuthGate()
+                    }
+                }
+            }.value
+        }
+
+        #expect(forwarded == fingerprint)
+    }
 }
diff --git a/Tests/CodexBarTests/ClaudeOAuthDelegatedRefreshCoordinatorTests.swift b/Tests/CodexBarTests/ClaudeOAuthDelegatedRefreshCoordinatorTests.swift
index 770f8f4c7..d2d139a9a 100644
--- a/Tests/CodexBarTests/ClaudeOAuthDelegatedRefreshCoordinatorTests.swift
+++ b/Tests/CodexBarTests/ClaudeOAuthDelegatedRefreshCoordinatorTests.swift
@@ -29,120 +29,212 @@ struct ClaudeOAuthDelegatedRefreshCoordinatorTests {
         return Data(json.utf8)
     }
 
-    @Test
-    func cooldownPreventsRepeatedAttempts() async {
+    private func withCoordinatorOverrides<T>(
+        isolateState: Bool = true,
+        cliAvailable: Bool? = nil,
+        touchAuthPath: (@Sendable (TimeInterval, [String: String]) async throws -> Void)? = nil,
+        keychainFingerprint: (@Sendable () -> ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint?)? = nil,
+        operation: () async throws -> T) async rethrows -> T
+    {
+        if isolateState {
+            return try await ClaudeOAuthDelegatedRefreshCoordinator.withIsolatedStateForTesting {
+                ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting()
+                defer { ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting() }
+                return try await ClaudeOAuthDelegatedRefreshCoordinator.withKeychainFingerprintOverrideForTesting(
+                    keychainFingerprint)
+                {
+                    try await ClaudeOAuthDelegatedRefreshCoordinator.withCLIAvailableOverrideForTesting(
+                        cliAvailable)
+                    {
+                        try await ClaudeOAuthDelegatedRefreshCoordinator.withTouchAuthPathOverrideForTesting(
+                            touchAuthPath)
+                        {
+                            try await operation()
+                        }
+                    }
+                }
+            }
+        }
         ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting()
         defer { ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting() }
-
-        await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(.securityFramework) {
-            final class FingerprintBox: @unchecked Sendable {
-                var fingerprint: ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint?
-                init(_ fingerprint: ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint?) {
-                    self.fingerprint = fingerprint
+        return try await ClaudeOAuthDelegatedRefreshCoordinator.withKeychainFingerprintOverrideForTesting(
+            keychainFingerprint)
+        {
+            try await ClaudeOAuthDelegatedRefreshCoordinator.withCLIAvailableOverrideForTesting(cliAvailable) {
+                try await ClaudeOAuthDelegatedRefreshCoordinator.withTouchAuthPathOverrideForTesting(
+                    touchAuthPath)
+                {
+                    try await operation()
                 }
             }
-            let box = FingerprintBox(ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
-                modifiedAt: 1,
-                createdAt: 1,
-                persistentRefHash: "ref1"))
-            ClaudeOAuthDelegatedRefreshCoordinator.setKeychainFingerprintOverrideForTesting { box.fingerprint }
-
-            ClaudeOAuthDelegatedRefreshCoordinator.setCLIAvailableOverrideForTesting(true)
-            ClaudeOAuthDelegatedRefreshCoordinator.setTouchAuthPathOverrideForTesting { _ in
-                box.fingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
-                    modifiedAt: 2,
-                    createdAt: 2,
-                    persistentRefHash: "ref2")
-            }
+        }
+    }
 
-            let start = Date(timeIntervalSince1970: 10000)
-            let first = await ClaudeOAuthDelegatedRefreshCoordinator.attempt(now: start, timeout: 0.1)
-            let second = await ClaudeOAuthDelegatedRefreshCoordinator
-                .attempt(now: start.addingTimeInterval(30), timeout: 0.1)
+    @Test
+    func `cooldown prevents repeated attempts`() async {
+        ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting()
+        defer { ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting() }
 
-            #expect(first == .attemptedSucceeded)
-            #expect(second == .skippedByCooldown)
+        final class FingerprintBox: @unchecked Sendable {
+            var fingerprint: ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint?
+            init(_ fingerprint: ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint?) {
+                self.fingerprint = fingerprint
+            }
         }
+        let box = FingerprintBox(ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+            modifiedAt: 1,
+            createdAt: 1,
+            persistentRefHash: "ref1"))
+        let start = Date(timeIntervalSince1970: 10000)
+        let (first, second) = await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
+            .securityFramework)
+        {
+            await self.withCoordinatorOverrides(
+                cliAvailable: true,
+                touchAuthPath: { _, _ in
+                    box.fingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                        modifiedAt: 2,
+                        createdAt: 2,
+                        persistentRefHash: "ref2")
+                },
+                keychainFingerprint: { box.fingerprint },
+                operation: {
+                    let first = await ClaudeOAuthDelegatedRefreshCoordinator.attempt(now: start, timeout: 0.1)
+                    let second = await ClaudeOAuthDelegatedRefreshCoordinator
+                        .attempt(now: start.addingTimeInterval(30), timeout: 0.1)
+                    return (first, second)
+                })
+        }
+
+        #expect(first == .attemptedSucceeded)
+        #expect(second == .skippedByCooldown)
     }
 
     @Test
-    func cliUnavailableReturnsCliUnavailable() async {
+    func `cli unavailable returns cli unavailable`() async {
         ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting()
         defer { ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting() }
 
-        ClaudeOAuthDelegatedRefreshCoordinator.setCLIAvailableOverrideForTesting(false)
-
-        let outcome = await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
-            now: Date(timeIntervalSince1970: 20000),
-            timeout: 0.1)
+        let outcome = await self.withCoordinatorOverrides(cliAvailable: false, operation: {
+            await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
+                now: Date(timeIntervalSince1970: 20000),
+                timeout: 0.1)
+        })
 
         #expect(outcome == .cliUnavailable)
     }
 
     @Test
-    func successfulAuthTouchReportsAttemptedSucceeded() async {
+    func `successful auth touch reports attempted succeeded`() async {
         ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting()
         defer { ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting() }
 
-        await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(.securityFramework) {
-            final class FingerprintBox: @unchecked Sendable {
-                var fingerprint: ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint?
-                init(_ fingerprint: ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint?) {
-                    self.fingerprint = fingerprint
-                }
-            }
-            let box = FingerprintBox(ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
-                modifiedAt: 10,
-                createdAt: 10,
-                persistentRefHash: "refA"))
-            ClaudeOAuthDelegatedRefreshCoordinator.setKeychainFingerprintOverrideForTesting { box.fingerprint }
-
-            ClaudeOAuthDelegatedRefreshCoordinator.setCLIAvailableOverrideForTesting(true)
-            ClaudeOAuthDelegatedRefreshCoordinator.setTouchAuthPathOverrideForTesting { _ in
-                box.fingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
-                    modifiedAt: 11,
-                    createdAt: 11,
-                    persistentRefHash: "refB")
+        final class FingerprintBox: @unchecked Sendable {
+            var fingerprint: ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint?
+            init(_ fingerprint: ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint?) {
+                self.fingerprint = fingerprint
             }
-
-            let outcome = await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
-                now: Date(timeIntervalSince1970: 30000),
-                timeout: 0.1)
-
-            #expect(outcome == .attemptedSucceeded)
         }
+        let box = FingerprintBox(ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+            modifiedAt: 10,
+            createdAt: 10,
+            persistentRefHash: "refA"))
+        let outcome = await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
+            .securityFramework)
+        {
+            await self.withCoordinatorOverrides(
+                cliAvailable: true,
+                touchAuthPath: { _, _ in
+                    box.fingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                        modifiedAt: 11,
+                        createdAt: 11,
+                        persistentRefHash: "refB")
+                },
+                keychainFingerprint: { box.fingerprint },
+                operation: {
+                    await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
+                        now: Date(timeIntervalSince1970: 30000),
+                        timeout: 0.1)
+                })
+        }
+
+        #expect(outcome == .attemptedSucceeded)
     }
 
     @Test
-    func failedAuthTouchReportsAttemptedFailed() async {
+    func `failed auth touch reports attempted failed`() async throws {
         ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting()
         defer { ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting() }
 
-        ClaudeOAuthDelegatedRefreshCoordinator.setKeychainFingerprintOverrideForTesting {
-            ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
-                modifiedAt: 20,
-                createdAt: 20,
-                persistentRefHash: "refX")
-        }
+        let outcome = try await self.withCoordinatorOverrides(
+            cliAvailable: true,
+            touchAuthPath: { _, _ in
+                throw StubError.failed
+            },
+            keychainFingerprint: {
+                ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                    modifiedAt: 20,
+                    createdAt: 20,
+                    persistentRefHash: "refX")
+            },
+            operation: {
+                await KeychainAccessGate.withTaskOverrideForTesting(false) {
+                    await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(.securityFramework) {
+                        await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
+                            now: Date(timeIntervalSince1970: 40000),
+                            timeout: 0.1)
+                    }
+                }
+            })
 
-        ClaudeOAuthDelegatedRefreshCoordinator.setCLIAvailableOverrideForTesting(true)
-        ClaudeOAuthDelegatedRefreshCoordinator.setTouchAuthPathOverrideForTesting { _ in
-            throw StubError.failed
+        guard case let .attemptedFailed(message) = outcome else {
+            Issue.record("Expected .attemptedFailed outcome")
+            return
         }
+        #expect(message.contains("failed"))
+    }
 
-        let outcome = await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
-            now: Date(timeIntervalSince1970: 40000),
-            timeout: 0.1)
+    @Test
+    func `environment CLI override avoids CLI unavailable`() async throws {
+        ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting()
+        defer { ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting() }
+
+        let stubCLI = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+        let script = "#!/bin/sh\nexit 0\n"
+        try script.write(to: stubCLI, atomically: true, encoding: .utf8)
+        try FileManager.default.setAttributes([.posixPermissions: 0o755], ofItemAtPath: stubCLI.path)
+
+        let outcome = try await self.withCoordinatorOverrides(
+            touchAuthPath: { _, environment in
+                #expect(environment["CLAUDE_CLI_PATH"] == stubCLI.path)
+                throw StubError.failed
+            },
+            keychainFingerprint: {
+                ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                    modifiedAt: 20,
+                    createdAt: 20,
+                    persistentRefHash: "ref-env")
+            },
+            operation: {
+                await KeychainAccessGate.withTaskOverrideForTesting(false) {
+                    await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(.securityFramework) {
+                        await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
+                            now: Date(timeIntervalSince1970: 45000),
+                            timeout: 0.1,
+                            environment: ["CLAUDE_CLI_PATH": stubCLI.path])
+                    }
+                }
+            })
 
         guard case let .attemptedFailed(message) = outcome else {
-            Issue.record("Expected .attemptedFailed outcome")
+            Issue.record("Expected env-provided CLI override to reach touch attempt")
             return
         }
         #expect(message.contains("failed"))
     }
 
     @Test
-    func concurrentAttemptsJoinInFlight() async {
+    func `concurrent attempts join in flight`() async {
         ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting()
         defer { ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting() }
 
@@ -204,220 +296,242 @@ struct ClaudeOAuthDelegatedRefreshCoordinatorTests {
             modifiedAt: 1,
             createdAt: 1,
             persistentRefHash: "ref1"))
-        ClaudeOAuthDelegatedRefreshCoordinator.setKeychainFingerprintOverrideForTesting { box.fingerprint }
-
-        ClaudeOAuthDelegatedRefreshCoordinator.setCLIAvailableOverrideForTesting(true)
-        ClaudeOAuthDelegatedRefreshCoordinator.setTouchAuthPathOverrideForTesting { _ in
-            counter.increment()
-            await gate.markStarted()
-            await gate.waitRelease()
-            box.fingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
-                modifiedAt: 2,
-                createdAt: 2,
-                persistentRefHash: "ref2")
+        let now = Date(timeIntervalSince1970: 50000)
+        let outcomes = await KeychainAccessGate.withTaskOverrideForTesting(false) {
+            await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(.securityFramework) {
+                await self.withCoordinatorOverrides(
+                    isolateState: false,
+                    cliAvailable: true,
+                    touchAuthPath: { _, _ in
+                        counter.increment()
+                        await gate.markStarted()
+                        await gate.waitRelease()
+                        box.fingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                            modifiedAt: 2,
+                            createdAt: 2,
+                            persistentRefHash: "ref2")
+                        try? await Task.sleep(nanoseconds: 50_000_000)
+                    },
+                    keychainFingerprint: { box.fingerprint },
+                    operation: {
+                        let first = Task {
+                            await ClaudeOAuthDelegatedRefreshCoordinator.attempt(now: now, timeout: 2)
+                        }
+                        await gate.waitStarted()
+                        let second = Task {
+                            await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
+                                now: now.addingTimeInterval(30),
+                                timeout: 2)
+                        }
+
+                        await gate.release()
+                        return await [first.value, second.value]
+                    })
+            }
         }
 
-        await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(.securityFramework) {
-            let now = Date(timeIntervalSince1970: 50000)
-            async let first = ClaudeOAuthDelegatedRefreshCoordinator.attempt(now: now, timeout: 2)
-            await gate.waitStarted()
-            async let second = ClaudeOAuthDelegatedRefreshCoordinator
-                .attempt(now: now.addingTimeInterval(30), timeout: 2)
-
-            await gate.release()
-            let outcomes = await [first, second]
-
-            #expect(outcomes.allSatisfy { $0 == .attemptedSucceeded })
-            #expect(counter.count == 1)
-        }
+        #expect(outcomes.allSatisfy { $0 == .attemptedSucceeded })
+        #expect(counter.count == 1)
     }
 
     @Test
-    func experimentalStrategy_doesNotUseSecurityFrameworkFingerprintObservation() async {
+    func `experimental strategy does not use security framework fingerprint observation`() async {
         ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting()
         defer { ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting() }
-        await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-            .securityCLI)
-        {
-            final class CounterBox: @unchecked Sendable {
-                private let lock = NSLock()
-                private(set) var count: Int = 0
-                func increment() {
-                    self.lock.lock()
-                    self.count += 1
-                    self.lock.unlock()
+        await KeychainAccessGate.withTaskOverrideForTesting(false) {
+            await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
+                .securityCLIExperimental)
+            {
+                final class CounterBox: @unchecked Sendable {
+                    private let lock = NSLock()
+                    private(set) var count: Int = 0
+                    func increment() {
+                        self.lock.lock()
+                        self.count += 1
+                        self.lock.unlock()
+                    }
                 }
+                let fingerprintCounter = CounterBox()
+                let securityData = self.makeCredentialsData(
+                    accessToken: "security-token-a",
+                    expiresAt: Date(timeIntervalSinceNow: 3600))
+                let outcome = await self.withCoordinatorOverrides(
+                    cliAvailable: true,
+                    touchAuthPath: { _, _ in },
+                    keychainFingerprint: {
+                        fingerprintCounter.increment()
+                        return ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                            modifiedAt: 1,
+                            createdAt: 1,
+                            persistentRefHash: "framework-fingerprint")
+                    },
+                    operation: {
+                        await ClaudeOAuthCredentialsStore.withSecurityCLIReadOverrideForTesting(.data(securityData)) {
+                            await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
+                                now: Date(timeIntervalSince1970: 60000),
+                                timeout: 0.1)
+                        }
+                    })
+
+                guard case .attemptedFailed = outcome else {
+                    Issue.record("Expected .attemptedFailed outcome")
+                    return
+                }
+                #expect(fingerprintCounter.count < 1)
             }
-            let fingerprintCounter = CounterBox()
-            ClaudeOAuthDelegatedRefreshCoordinator.setKeychainFingerprintOverrideForTesting {
-                fingerprintCounter.increment()
-                return ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
-                    modifiedAt: 1,
-                    createdAt: 1,
-                    persistentRefHash: "framework-fingerprint")
-            }
-            ClaudeOAuthDelegatedRefreshCoordinator.setCLIAvailableOverrideForTesting(true)
-            ClaudeOAuthDelegatedRefreshCoordinator.setTouchAuthPathOverrideForTesting { _ in }
-
-            let securityData = self.makeCredentialsData(
-                accessToken: "security-token-a",
-                expiresAt: Date(timeIntervalSinceNow: 3600))
-            ClaudeOAuthCredentialsStore.setSecurityCLIReadOverrideForTesting(.data(securityData))
-            defer { ClaudeOAuthCredentialsStore.setSecurityCLIReadOverrideForTesting(nil) }
-            let outcome = await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
-                now: Date(timeIntervalSince1970: 60000),
-                timeout: 0.1)
-
-            guard case .attemptedFailed = outcome else {
-                Issue.record("Expected .attemptedFailed outcome")
-                return
-            }
-            #expect(fingerprintCounter.count < 1)
         }
     }
 
     @Test
-    func experimentalStrategy_observesSecurityCLIChangeAfterTouch() async {
+    func `experimental strategy observes security CLI change after touch`() async {
         ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting()
         defer { ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting() }
-        await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-            .securityCLI)
-        {
-            final class DataBox: @unchecked Sendable {
-                private let lock = NSLock()
-                private var _data: Data?
-                init(data: Data?) {
-                    self._data = data
-                }
-
-                func load() -> Data? {
-                    self.lock.lock()
-                    defer { self.lock.unlock() }
-                    return self._data
+        await KeychainAccessGate.withTaskOverrideForTesting(false) {
+            await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
+                .securityCLIExperimental)
+            {
+                final class DataBox: @unchecked Sendable {
+                    private let lock = NSLock()
+                    private var _data: Data?
+                    init(data: Data?) {
+                        self._data = data
+                    }
+
+                    func load() -> Data? {
+                        self.lock.lock()
+                        defer { self.lock.unlock() }
+                        return self._data
+                    }
+
+                    func store(_ data: Data?) {
+                        self.lock.lock()
+                        self._data = data
+                        self.lock.unlock()
+                    }
                 }
-
-                func store(_ data: Data?) {
-                    self.lock.lock()
-                    self._data = data
-                    self.lock.unlock()
+                final class CounterBox: @unchecked Sendable {
+                    private let lock = NSLock()
+                    private(set) var count: Int = 0
+                    func increment() {
+                        self.lock.lock()
+                        self.count += 1
+                        self.lock.unlock()
+                    }
                 }
+                let fingerprintCounter = CounterBox()
+                let beforeData = self.makeCredentialsData(
+                    accessToken: "security-token-before",
+                    expiresAt: Date(timeIntervalSinceNow: -60))
+                let afterData = self.makeCredentialsData(
+                    accessToken: "security-token-after",
+                    expiresAt: Date(timeIntervalSinceNow: 3600))
+                let dataBox = DataBox(data: beforeData)
+                let outcome = await self.withCoordinatorOverrides(
+                    cliAvailable: true,
+                    touchAuthPath: { _, _ in
+                        dataBox.store(afterData)
+                    },
+                    keychainFingerprint: {
+                        fingerprintCounter.increment()
+                        return ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                            modifiedAt: 11,
+                            createdAt: 11,
+                            persistentRefHash: "framework-fingerprint")
+                    },
+                    operation: {
+                        await ClaudeOAuthCredentialsStore.withSecurityCLIReadOverrideForTesting(
+                            .dynamic { _ in dataBox.load() })
+                        {
+                            await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
+                                now: Date(timeIntervalSince1970: 61000),
+                                timeout: 0.1)
+                        }
+                    })
+
+                #expect(outcome == .attemptedSucceeded)
+                #expect(fingerprintCounter.count < 1)
             }
-            final class CounterBox: @unchecked Sendable {
-                private let lock = NSLock()
-                private(set) var count: Int = 0
-                func increment() {
-                    self.lock.lock()
-                    self.count += 1
-                    self.lock.unlock()
-                }
-            }
-            let fingerprintCounter = CounterBox()
-            ClaudeOAuthDelegatedRefreshCoordinator.setKeychainFingerprintOverrideForTesting {
-                fingerprintCounter.increment()
-                return ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
-                    modifiedAt: 11,
-                    createdAt: 11,
-                    persistentRefHash: "framework-fingerprint")
-            }
-
-            let beforeData = self.makeCredentialsData(
-                accessToken: "security-token-before",
-                expiresAt: Date(timeIntervalSinceNow: -60))
-            let afterData = self.makeCredentialsData(
-                accessToken: "security-token-after",
-                expiresAt: Date(timeIntervalSinceNow: 3600))
-            let dataBox = DataBox(data: beforeData)
-
-            ClaudeOAuthDelegatedRefreshCoordinator.setCLIAvailableOverrideForTesting(true)
-            ClaudeOAuthDelegatedRefreshCoordinator.setTouchAuthPathOverrideForTesting { _ in
-                dataBox.store(afterData)
-            }
-            ClaudeOAuthCredentialsStore.setSecurityCLIReadOverrideForTesting(.dynamic { _ in dataBox.load() })
-            defer { ClaudeOAuthCredentialsStore.setSecurityCLIReadOverrideForTesting(nil) }
-
-            let outcome = await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
-                now: Date(timeIntervalSince1970: 61000),
-                timeout: 0.1)
-
-            #expect(outcome == .attemptedSucceeded)
-            #expect(fingerprintCounter.count < 1)
         }
     }
 
     @Test
-    func experimentalStrategy_missingBaselineDoesNotAutoSucceedWhenLaterReadSucceeds() async {
+    func `experimental strategy missing baseline does not auto succeed when later read succeeds`() async {
         ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting()
         defer { ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting() }
-        await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-            .securityCLI)
-        {
-            final class DataBox: @unchecked Sendable {
-                private let lock = NSLock()
-                private var _data: Data?
-                init(data: Data?) {
-                    self._data = data
+        await KeychainAccessGate.withTaskOverrideForTesting(false) {
+            await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
+                .securityCLIExperimental)
+            {
+                final class DataBox: @unchecked Sendable {
+                    private let lock = NSLock()
+                    private var _data: Data?
+                    init(data: Data?) {
+                        self._data = data
+                    }
+
+                    func load() -> Data? {
+                        self.lock.lock()
+                        defer { self.lock.unlock() }
+                        return self._data
+                    }
+
+                    func store(_ data: Data?) {
+                        self.lock.lock()
+                        self._data = data
+                        self.lock.unlock()
+                    }
                 }
-
-                func load() -> Data? {
-                    self.lock.lock()
-                    defer { self.lock.unlock() }
-                    return self._data
+                final class CounterBox: @unchecked Sendable {
+                    private let lock = NSLock()
+                    private(set) var count: Int = 0
+                    func increment() {
+                        self.lock.lock()
+                        self.count += 1
+                        self.lock.unlock()
+                    }
                 }
-
-                func store(_ data: Data?) {
-                    self.lock.lock()
-                    self._data = data
-                    self.lock.unlock()
+                let fingerprintCounter = CounterBox()
+                let afterData = self.makeCredentialsData(
+                    accessToken: "security-token-after-baseline-miss",
+                    expiresAt: Date(timeIntervalSinceNow: 3600))
+                let dataBox = DataBox(data: nil)
+                let outcome = await self.withCoordinatorOverrides(
+                    cliAvailable: true,
+                    touchAuthPath: { _, _ in
+                        dataBox.store(afterData)
+                    },
+                    keychainFingerprint: {
+                        fingerprintCounter.increment()
+                        return ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                            modifiedAt: 21,
+                            createdAt: 21,
+                            persistentRefHash: "framework-fingerprint")
+                    },
+                    operation: {
+                        await ClaudeOAuthCredentialsStore.withSecurityCLIReadOverrideForTesting(
+                            .dynamic { _ in dataBox.load() })
+                        {
+                            await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
+                                now: Date(timeIntervalSince1970: 61500),
+                                timeout: 0.1)
+                        }
+                    })
+
+                guard case .attemptedFailed = outcome else {
+                    Issue.record("Expected .attemptedFailed outcome when baseline is unavailable")
+                    return
                 }
+                #expect(fingerprintCounter.count < 1)
             }
-            final class CounterBox: @unchecked Sendable {
-                private let lock = NSLock()
-                private(set) var count: Int = 0
-                func increment() {
-                    self.lock.lock()
-                    self.count += 1
-                    self.lock.unlock()
-                }
-            }
-            let fingerprintCounter = CounterBox()
-            ClaudeOAuthDelegatedRefreshCoordinator.setKeychainFingerprintOverrideForTesting {
-                fingerprintCounter.increment()
-                return ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
-                    modifiedAt: 21,
-                    createdAt: 21,
-                    persistentRefHash: "framework-fingerprint")
-            }
-
-            let afterData = self.makeCredentialsData(
-                accessToken: "security-token-after-baseline-miss",
-                expiresAt: Date(timeIntervalSinceNow: 3600))
-            let dataBox = DataBox(data: nil)
-
-            ClaudeOAuthDelegatedRefreshCoordinator.setCLIAvailableOverrideForTesting(true)
-            ClaudeOAuthDelegatedRefreshCoordinator.setTouchAuthPathOverrideForTesting { _ in
-                dataBox.store(afterData)
-            }
-            ClaudeOAuthCredentialsStore.setSecurityCLIReadOverrideForTesting(.dynamic { _ in dataBox.load() })
-            defer { ClaudeOAuthCredentialsStore.setSecurityCLIReadOverrideForTesting(nil) }
-
-            let outcome = await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
-                now: Date(timeIntervalSince1970: 61500),
-                timeout: 0.1)
-
-            guard case .attemptedFailed = outcome else {
-                Issue.record("Expected .attemptedFailed outcome when baseline is unavailable")
-                return
-            }
-            #expect(fingerprintCounter.count < 1)
         }
     }
 
     @Test
-    func experimentalStrategy_observationSkipsSecurityCLIWhenGlobalKeychainDisabled() async {
+    func `experimental strategy observation skips security CLI when global keychain disabled`() async {
         ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting()
         defer { ClaudeOAuthDelegatedRefreshCoordinator.resetForTesting() }
         await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-            .securityCLI)
+            .securityCLIExperimental)
         {
             final class CounterBox: @unchecked Sendable {
                 private let lock = NSLock()
@@ -433,18 +547,21 @@ struct ClaudeOAuthDelegatedRefreshCoordinatorTests {
             let securityData = self.makeCredentialsData(
                 accessToken: "security-should-not-be-read",
                 expiresAt: Date(timeIntervalSinceNow: 3600))
-            ClaudeOAuthDelegatedRefreshCoordinator.setCLIAvailableOverrideForTesting(true)
-            ClaudeOAuthDelegatedRefreshCoordinator.setTouchAuthPathOverrideForTesting { _ in }
-            ClaudeOAuthCredentialsStore.setSecurityCLIReadOverrideForTesting(.dynamic { _ in
-                securityReadCounter.increment()
-                return securityData
-            })
-            defer { ClaudeOAuthCredentialsStore.setSecurityCLIReadOverrideForTesting(nil) }
-            let outcome = await KeychainAccessGate.withTaskOverrideForTesting(true) {
-                await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
-                    now: Date(timeIntervalSince1970: 62000),
-                    timeout: 0.1)
-            }
+            let outcome = await self.withCoordinatorOverrides(
+                cliAvailable: true,
+                touchAuthPath: { _, _ in },
+                operation: {
+                    await ClaudeOAuthCredentialsStore.withSecurityCLIReadOverrideForTesting(.dynamic { _ in
+                        securityReadCounter.increment()
+                        return securityData
+                    }) {
+                        await KeychainAccessGate.withTaskOverrideForTesting(true) {
+                            await ClaudeOAuthDelegatedRefreshCoordinator.attempt(
+                                now: Date(timeIntervalSince1970: 62000),
+                                timeout: 0.1)
+                        }
+                    }
+                })
 
             guard case .attemptedFailed = outcome else {
                 Issue.record("Expected .attemptedFailed outcome")
diff --git a/Tests/CodexBarTests/ClaudeOAuthDelegatedRefreshRecoveryTests.swift b/Tests/CodexBarTests/ClaudeOAuthDelegatedRefreshRecoveryTests.swift
index a6f61687f..e6827b531 100644
--- a/Tests/CodexBarTests/ClaudeOAuthDelegatedRefreshRecoveryTests.swift
+++ b/Tests/CodexBarTests/ClaudeOAuthDelegatedRefreshRecoveryTests.swift
@@ -58,7 +58,7 @@ struct ClaudeOAuthDelegatedRefreshRecoveryTests {
     }
 
     @Test
-    func silentKeychainRepair_recoversWithoutDelegation() async throws {
+    func `silent keychain repair recovers without delegation`() async throws {
         let delegatedCounter = AsyncCounter()
         let usageResponse = try Self.makeOAuthUsageResponse()
         let tokenCapture = TokenCapture()
@@ -121,34 +121,29 @@ struct ClaudeOAuthDelegatedRefreshRecoveryTests {
                                 }
                                 let delegatedOverride: (@Sendable (
                                     Date,
-                                    TimeInterval) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _ in
-                                    _ = await delegatedCounter.increment()
-                                    return .attemptedSucceeded
-                                }
+                                    TimeInterval,
+                                    [String: String]) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? =
+                                    { _, _, _ in
+                                        _ = await delegatedCounter.increment()
+                                        return .attemptedSucceeded
+                                    }
 
-                                let snapshot = try await ClaudeOAuthKeychainReadStrategyPreference
-                                    .withTaskOverrideForTesting(.securityFramework) {
-                                        try await ClaudeOAuthKeychainPromptPreference
-                                            .withTaskOverrideForTesting(.onlyOnUserAction) {
-                                                try await ProviderInteractionContext.$current
-                                                    .withValue(.userInitiated) {
-                                                        try await ClaudeOAuthCredentialsStore
-                                                            .withClaudeKeychainOverridesForTesting(
-                                                                data: freshData,
-                                                                fingerprint: fingerprint)
-                                                            {
-                                                                try await ClaudeUsageFetcher.$fetchOAuthUsageOverride
-                                                                    .withValue(fetchOverride) {
-                                                                        try await ClaudeUsageFetcher
-                                                                            .$delegatedRefreshAttemptOverride
-                                                                            .withValue(delegatedOverride) {
-                                                                                try await fetcher.loadLatestUsage(
-                                                                                    model: "sonnet")
-                                                                            }
-                                                                    }
+                                let snapshot = try await ClaudeOAuthKeychainPromptPreference
+                                    .withTaskOverrideForTesting(.onlyOnUserAction) {
+                                        try await ProviderInteractionContext.$current.withValue(.userInitiated) {
+                                            try await ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                                data: freshData,
+                                                fingerprint: fingerprint)
+                                            {
+                                                try await ClaudeUsageFetcher.$fetchOAuthUsageOverride
+                                                    .withValue(fetchOverride) {
+                                                        try await ClaudeUsageFetcher.$delegatedRefreshAttemptOverride
+                                                            .withValue(delegatedOverride) {
+                                                                try await fetcher.loadLatestUsage(model: "sonnet")
                                                             }
                                                     }
                                             }
+                                        }
                                     }
 
                                 // If Claude keychain already contains fresh credentials, we should recover without
@@ -169,7 +164,7 @@ struct ClaudeOAuthDelegatedRefreshRecoveryTests {
     }
 
     @Test
-    func delegatedRefresh_attemptedSucceeded_recoversAfterKeychainSync() async throws {
+    func `delegated refresh attempted succeeded recovers after keychain sync`() async throws {
         let delegatedCounter = AsyncCounter()
         let usageResponse = try Self.makeOAuthUsageResponse()
         let tokenCapture = TokenCapture()
@@ -236,36 +231,34 @@ struct ClaudeOAuthDelegatedRefreshRecoveryTests {
 
                                 let delegatedOverride: (@Sendable (
                                     Date,
-                                    TimeInterval) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _ in
-                                    // Simulate Claude CLI writing fresh credentials after the delegated refresh touch.
-                                    keychainOverrideStore.data = freshData
-                                    keychainOverrideStore.fingerprint = stubFingerprint
-                                    _ = await delegatedCounter.increment()
-                                    return .attemptedSucceeded
-                                }
+                                    TimeInterval,
+                                    [String: String]) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? =
+                                    { _, _, _ in
+                                        // Simulate Claude CLI writing fresh credentials after the delegated refresh
+                                        // touch.
+                                        keychainOverrideStore.data = freshData
+                                        keychainOverrideStore.fingerprint = stubFingerprint
+                                        _ = await delegatedCounter.increment()
+                                        return .attemptedSucceeded
+                                    }
 
-                                let snapshot = try await ClaudeOAuthKeychainReadStrategyPreference
-                                    .withTaskOverrideForTesting(.securityFramework) {
-                                        try await ClaudeOAuthKeychainPromptPreference
-                                            .withTaskOverrideForTesting(.always) {
-                                                try await ProviderInteractionContext.$current
-                                                    .withValue(.userInitiated) {
-                                                        try await ClaudeOAuthCredentialsStore
-                                                            .withMutableClaudeKeychainOverrideStoreForTesting(
-                                                                keychainOverrideStore)
-                                                            {
-                                                                try await ClaudeUsageFetcher.$fetchOAuthUsageOverride
-                                                                    .withValue(fetchOverride) {
-                                                                        try await ClaudeUsageFetcher
-                                                                            .$delegatedRefreshAttemptOverride
-                                                                            .withValue(delegatedOverride) {
-                                                                                try await fetcher.loadLatestUsage(
-                                                                                    model: "sonnet")
-                                                                            }
-                                                                    }
-                                                            }
-                                                    }
-                                            }
+                                let snapshot = try await ClaudeOAuthKeychainPromptPreference
+                                    .withTaskOverrideForTesting(.always) {
+                                        try await ProviderInteractionContext.$current.withValue(.userInitiated) {
+                                            try await ClaudeOAuthCredentialsStore
+                                                .withMutableClaudeKeychainOverrideStoreForTesting(
+                                                    keychainOverrideStore)
+                                                {
+                                                    try await ClaudeUsageFetcher.$fetchOAuthUsageOverride
+                                                        .withValue(fetchOverride) {
+                                                            try await ClaudeUsageFetcher
+                                                                .$delegatedRefreshAttemptOverride
+                                                                .withValue(delegatedOverride) {
+                                                                    try await fetcher.loadLatestUsage(model: "sonnet")
+                                                                }
+                                                        }
+                                                }
+                                        }
                                     }
 
                                 #expect(await delegatedCounter.current() == 1)
@@ -286,7 +279,9 @@ struct ClaudeOAuthDelegatedRefreshRecoveryTests {
     }
 
     @Test
-    func delegatedRefresh_attemptedSucceeded_backgroundOnlyOnUserAction_doesNotRecoverFromKeychain() async throws {
+    func `delegated refresh attempted succeeded background only on user action does not recover from keychain`()
+        async throws
+    {
         let delegatedCounter = AsyncCounter()
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
 
@@ -343,31 +338,27 @@ struct ClaudeOAuthDelegatedRefreshRecoveryTests {
 
                             let delegatedOverride: (@Sendable (
                                 Date,
-                                TimeInterval) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _ in
-                                keychainOverrideStore.data = freshData
-                                keychainOverrideStore.fingerprint = stubFingerprint
-                                _ = await delegatedCounter.increment()
-                                return .attemptedSucceeded
-                            }
+                                TimeInterval,
+                                [String: String]) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? =
+                                { _, _, _ in
+                                    keychainOverrideStore.data = freshData
+                                    keychainOverrideStore.fingerprint = stubFingerprint
+                                    _ = await delegatedCounter.increment()
+                                    return .attemptedSucceeded
+                                }
 
                             do {
-                                _ = try await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                                    .securityFramework)
+                                _ = try await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
+                                    .onlyOnUserAction)
                                 {
-                                    try await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(
-                                        .onlyOnUserAction)
-                                    {
-                                        try await ProviderInteractionContext.$current.withValue(.background) {
-                                            try await ClaudeOAuthCredentialsStore
-                                                .withMutableClaudeKeychainOverrideStoreForTesting(
-                                                    keychainOverrideStore)
-                                                {
-                                                    try await ClaudeUsageFetcher.$delegatedRefreshAttemptOverride
-                                                        .withValue(delegatedOverride) {
-                                                            try await fetcher.loadLatestUsage(model: "sonnet")
-                                                        }
-                                                }
-                                        }
+                                    try await ProviderInteractionContext.$current.withValue(.background) {
+                                        try await ClaudeOAuthCredentialsStore
+                                            .withMutableClaudeKeychainOverrideStoreForTesting(keychainOverrideStore) {
+                                                try await ClaudeUsageFetcher.$delegatedRefreshAttemptOverride
+                                                    .withValue(delegatedOverride) {
+                                                        try await fetcher.loadLatestUsage(model: "sonnet")
+                                                    }
+                                            }
                                     }
                                 }
                                 Issue.record(
diff --git a/Tests/CodexBarTests/ClaudeOAuthFetchStrategyAvailabilityTests.swift b/Tests/CodexBarTests/ClaudeOAuthFetchStrategyAvailabilityTests.swift
index 6d09e1641..82f4fb58c 100644
--- a/Tests/CodexBarTests/ClaudeOAuthFetchStrategyAvailabilityTests.swift
+++ b/Tests/CodexBarTests/ClaudeOAuthFetchStrategyAvailabilityTests.swift
@@ -19,9 +19,11 @@ struct ClaudeOAuthFetchStrategyAvailabilityTests {
         }
     }
 
-    private func makeContext(sourceMode: ProviderSourceMode) -> ProviderFetchContext {
-        let env: [String: String] = [:]
-        return ProviderFetchContext(
+    private func makeContext(
+        sourceMode: ProviderSourceMode,
+        env: [String: String] = [:]) -> ProviderFetchContext
+    {
+        ProviderFetchContext(
             runtime: .app,
             sourceMode: sourceMode,
             includeCredits: false,
@@ -48,7 +50,7 @@ struct ClaudeOAuthFetchStrategyAvailabilityTests {
     }
 
     @Test
-    func autoModeExpiredCreds_cliAvailable_returnsAvailable() async {
+    func `auto mode expired creds cli available returns available`() async {
         let context = self.makeContext(sourceMode: .auto)
         let strategy = ClaudeOAuthFetchStrategy()
         let available = await ClaudeOAuthFetchStrategy.$nonInteractiveCredentialRecordOverride
@@ -61,7 +63,7 @@ struct ClaudeOAuthFetchStrategyAvailabilityTests {
     }
 
     @Test
-    func autoModeExpiredCreds_cliUnavailable_returnsUnavailable() async {
+    func `auto mode expired creds cli unavailable returns unavailable`() async {
         let context = self.makeContext(sourceMode: .auto)
         let strategy = ClaudeOAuthFetchStrategy()
         let available = await ClaudeOAuthFetchStrategy.$nonInteractiveCredentialRecordOverride
@@ -74,7 +76,7 @@ struct ClaudeOAuthFetchStrategyAvailabilityTests {
     }
 
     @Test
-    func oauthModeExpiredCreds_cliAvailable_returnsAvailable() async {
+    func `oauth mode expired creds cli available returns available`() async {
         let context = self.makeContext(sourceMode: .oauth)
         let strategy = ClaudeOAuthFetchStrategy()
         let available = await ClaudeOAuthFetchStrategy.$nonInteractiveCredentialRecordOverride
@@ -87,7 +89,7 @@ struct ClaudeOAuthFetchStrategyAvailabilityTests {
     }
 
     @Test
-    func autoModeExpiredCodexbarCreds_cliUnavailable_stillAvailable() async {
+    func `auto mode expired codexbar creds cli unavailable still available`() async {
         let context = self.makeContext(sourceMode: .auto)
         let strategy = ClaudeOAuthFetchStrategy()
         let available = await ClaudeOAuthFetchStrategy.$nonInteractiveCredentialRecordOverride
@@ -100,7 +102,7 @@ struct ClaudeOAuthFetchStrategyAvailabilityTests {
     }
 
     @Test
-    func oauthModeDoesNotFallbackAfterOAuthFailure() {
+    func `oauth mode does not fallback after O auth failure`() {
         let context = self.makeContext(sourceMode: .oauth)
         let strategy = ClaudeOAuthFetchStrategy()
         #expect(strategy.shouldFallback(
@@ -109,7 +111,7 @@ struct ClaudeOAuthFetchStrategyAvailabilityTests {
     }
 
     @Test
-    func autoModeFallsBackAfterOAuthFailure() {
+    func `auto mode falls back after O auth failure`() {
         let context = self.makeContext(sourceMode: .auto)
         let strategy = ClaudeOAuthFetchStrategy()
         #expect(strategy.shouldFallback(
@@ -118,7 +120,7 @@ struct ClaudeOAuthFetchStrategyAvailabilityTests {
     }
 
     @Test
-    func autoMode_userInitiated_clearsKeychainCooldownGate() async {
+    func `auto mode user initiated clears keychain cooldown gate`() async {
         let context = self.makeContext(sourceMode: .auto)
         let strategy = ClaudeOAuthFetchStrategy()
         let recordWithoutRequiredScope = ClaudeOAuthCredentialRecord(
@@ -131,29 +133,92 @@ struct ClaudeOAuthFetchStrategyAvailabilityTests {
             owner: .claudeCLI,
             source: .cacheKeychain)
 
-        await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(.securityFramework) {
-            await KeychainAccessGate.withTaskOverrideForTesting(false) {
+        await KeychainAccessGate.withTaskOverrideForTesting(false) {
+            ClaudeOAuthKeychainAccessGate.resetForTesting()
+            defer { ClaudeOAuthKeychainAccessGate.resetForTesting() }
+
+            let now = Date(timeIntervalSince1970: 1000)
+            ClaudeOAuthKeychainAccessGate.recordDenied(now: now)
+            #expect(ClaudeOAuthKeychainAccessGate.shouldAllowPrompt(now: now) == false)
+
+            _ = await ClaudeOAuthFetchStrategy.$nonInteractiveCredentialRecordOverride
+                .withValue(recordWithoutRequiredScope) {
+                    await ProviderInteractionContext.$current.withValue(.userInitiated) {
+                        await strategy.isAvailable(context)
+                    }
+                }
+
+            #expect(ClaudeOAuthKeychainAccessGate.shouldAllowPrompt(now: now))
+        }
+    }
+
+    @Test
+    func `auto mode only on user action background startup without cache is available for bootstrap`() async throws {
+        let context = self.makeContext(sourceMode: .auto)
+        let strategy = ClaudeOAuthFetchStrategy()
+        let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
+
+        try await KeychainCacheStore.withServiceOverrideForTesting(service) {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+            try await ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                ClaudeOAuthCredentialsStore.invalidateCache()
+                ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
                 ClaudeOAuthKeychainAccessGate.resetForTesting()
-                defer { ClaudeOAuthKeychainAccessGate.resetForTesting() }
+                defer {
+                    ClaudeOAuthCredentialsStore.invalidateCache()
+                    ClaudeOAuthCredentialsStore._resetCredentialsFileTrackingForTesting()
+                    ClaudeOAuthKeychainAccessGate.resetForTesting()
+                }
 
-                let now = Date(timeIntervalSince1970: 1000)
-                ClaudeOAuthKeychainAccessGate.recordDenied(now: now)
-                #expect(ClaudeOAuthKeychainAccessGate.shouldAllowPrompt(now: now) == false)
+                let tempDir = FileManager.default.temporaryDirectory
+                    .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+                let fileURL = tempDir.appendingPathComponent("credentials.json")
 
-                _ = await ClaudeOAuthFetchStrategy.$nonInteractiveCredentialRecordOverride
-                    .withValue(recordWithoutRequiredScope) {
-                        await ProviderInteractionContext.$current.withValue(.userInitiated) {
-                            await strategy.isAvailable(context)
+                let available = await KeychainAccessGate.withTaskOverrideForTesting(false) {
+                    await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                        await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(.securityFramework) {
+                            await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.onlyOnUserAction) {
+                                await ProviderRefreshContext.$current.withValue(.startup) {
+                                    await ProviderInteractionContext.$current.withValue(.background) {
+                                        await strategy.isAvailable(context)
+                                    }
+                                }
+                            }
                         }
                     }
+                }
 
-                #expect(ClaudeOAuthKeychainAccessGate.shouldAllowPrompt(now: now))
+                #expect(available == true)
             }
         }
     }
 
     @Test
-    func autoMode_onlyOnUserAction_background_startup_withoutCache_isAvailableForBootstrap() async throws {
+    func `auto mode expired Claude CLI creds env provided CLI override returns available`() async throws {
+        let tempDir = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+        let cliURL = tempDir.appendingPathComponent("claude")
+        try Data("#!/bin/sh\nexit 0\n".utf8).write(to: cliURL)
+        try FileManager.default.setAttributes([.posixPermissions: 0o755], ofItemAtPath: cliURL.path)
+
+        let context = self.makeContext(
+            sourceMode: .auto,
+            env: ["CLAUDE_CLI_PATH": cliURL.path])
+        let strategy = ClaudeOAuthFetchStrategy()
+        let available = await ClaudeOAuthFetchStrategy.$nonInteractiveCredentialRecordOverride
+            .withValue(self.expiredRecord()) {
+                await strategy.isAvailable(context)
+            }
+
+        #expect(available == true)
+    }
+
+    @Test
+    func `auto mode default reader keeps background startup bootstrap available`() async throws {
         let context = self.makeContext(sourceMode: .auto)
         let strategy = ClaudeOAuthFetchStrategy()
         let service = "com.steipete.codexbar.cache.tests.\(UUID().uuidString)"
@@ -177,12 +242,14 @@ struct ClaudeOAuthFetchStrategyAvailabilityTests {
                 try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
                 let fileURL = tempDir.appendingPathComponent("credentials.json")
 
-                let available = await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
-                    await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(.securityFramework) {
+                let available = await KeychainAccessGate.withTaskOverrideForTesting(false) {
+                    await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
                         await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.onlyOnUserAction) {
-                            await ProviderRefreshContext.$current.withValue(.startup) {
-                                await ProviderInteractionContext.$current.withValue(.background) {
-                                    await strategy.isAvailable(context)
+                            await ClaudeOAuthCredentialsStore.withSecurityCLIReadOverrideForTesting(.nonZeroExit) {
+                                await ProviderRefreshContext.$current.withValue(.startup) {
+                                    await ProviderInteractionContext.$current.withValue(.background) {
+                                        await strategy.isAvailable(context)
+                                    }
                                 }
                             }
                         }
@@ -195,7 +262,7 @@ struct ClaudeOAuthFetchStrategyAvailabilityTests {
     }
 
     @Test
-    func autoMode_experimental_reader_ignoresPromptPolicyCooldownGate() async {
+    func `auto mode experimental reader ignores prompt policy cooldown gate`() async {
         let context = self.makeContext(sourceMode: .auto)
         let strategy = ClaudeOAuthFetchStrategy()
         let securityData = Data("""
@@ -221,7 +288,7 @@ struct ClaudeOAuthFetchStrategyAvailabilityTests {
         let available = await KeychainAccessGate.withTaskOverrideForTesting(false) {
             await ClaudeOAuthKeychainAccessGate.withShouldAllowPromptOverrideForTesting(false) {
                 await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                    .securityCLI)
+                    .securityCLIExperimental)
                 {
                     await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.onlyOnUserAction) {
                         await ClaudeOAuthFetchStrategy.$nonInteractiveCredentialRecordOverride.withValue(
@@ -244,7 +311,9 @@ struct ClaudeOAuthFetchStrategyAvailabilityTests {
     }
 
     @Test
-    func autoMode_experimental_reader_securityFailure_blocksAvailabilityWhenStoredPolicyBlocksFallback() async {
+    func `auto mode experimental reader security failure blocks availability when stored policy blocks fallback`()
+        async
+    {
         let context = self.makeContext(sourceMode: .auto)
         let strategy = ClaudeOAuthFetchStrategy()
         let fallbackData = Data("""
@@ -270,7 +339,7 @@ struct ClaudeOAuthFetchStrategyAvailabilityTests {
         let available = await KeychainAccessGate.withTaskOverrideForTesting(false) {
             await ClaudeOAuthKeychainAccessGate.withShouldAllowPromptOverrideForTesting(true) {
                 await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                    .securityCLI)
+                    .securityCLIExperimental)
                 {
                     await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.onlyOnUserAction) {
                         await ClaudeOAuthFetchStrategy.$nonInteractiveCredentialRecordOverride.withValue(
diff --git a/Tests/CodexBarTests/ClaudeOAuthKeychainAccessGateTests.swift b/Tests/CodexBarTests/ClaudeOAuthKeychainAccessGateTests.swift
index 3854b7b12..03e098e2c 100644
--- a/Tests/CodexBarTests/ClaudeOAuthKeychainAccessGateTests.swift
+++ b/Tests/CodexBarTests/ClaudeOAuthKeychainAccessGateTests.swift
@@ -5,7 +5,7 @@ import Testing
 @Suite(.serialized)
 struct ClaudeOAuthKeychainAccessGateTests {
     @Test
-    func blocksUntilCooldownExpires() {
+    func `blocks until cooldown expires`() {
         KeychainAccessGate.withTaskOverrideForTesting(false) {
             let store = ClaudeOAuthKeychainAccessGate.DeniedUntilStore()
             ClaudeOAuthKeychainAccessGate.withDeniedUntilStoreOverrideForTesting(store) {
@@ -23,7 +23,7 @@ struct ClaudeOAuthKeychainAccessGateTests {
     }
 
     @Test
-    func persistsDeniedUntil() {
+    func `persists denied until`() {
         KeychainAccessGate.withTaskOverrideForTesting(false) {
             ClaudeOAuthKeychainAccessGate.resetForTesting()
             defer { ClaudeOAuthKeychainAccessGate.resetForTesting() }
@@ -39,7 +39,7 @@ struct ClaudeOAuthKeychainAccessGateTests {
     }
 
     @Test
-    func respectsDebugDisableKeychainAccess() {
+    func `respects debug disable keychain access`() {
         KeychainAccessGate.withTaskOverrideForTesting(true) {
             ClaudeOAuthKeychainAccessGate.resetForTesting()
             defer { ClaudeOAuthKeychainAccessGate.resetForTesting() }
@@ -48,7 +48,18 @@ struct ClaudeOAuthKeychainAccessGateTests {
     }
 
     @Test
-    func clearDeniedAllowsImmediateRetry() {
+    func `process keeps keychain access disabled despite false global override`() {
+        guard ProcessInfo.processInfo.environment["CODEXBAR_ALLOW_TEST_KEYCHAIN_ACCESS"] != "1" else { return }
+        KeychainAccessGate.resetOverrideForTesting()
+        defer { KeychainAccessGate.resetOverrideForTesting() }
+
+        KeychainAccessGate.isDisabled = false
+
+        #expect(KeychainAccessGate.isDisabled)
+    }
+
+    @Test
+    func `clear denied allows immediate retry`() {
         KeychainAccessGate.withTaskOverrideForTesting(false) {
             ClaudeOAuthKeychainAccessGate.resetForTesting()
             defer { ClaudeOAuthKeychainAccessGate.resetForTesting() }
diff --git a/Tests/CodexBarTests/ClaudeOAuthRefreshDispositionTests.swift b/Tests/CodexBarTests/ClaudeOAuthRefreshDispositionTests.swift
index 45b032c08..795095251 100644
--- a/Tests/CodexBarTests/ClaudeOAuthRefreshDispositionTests.swift
+++ b/Tests/CodexBarTests/ClaudeOAuthRefreshDispositionTests.swift
@@ -2,24 +2,23 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct ClaudeOAuthRefreshDispositionTests {
     @Test
-    func invalidGrant_isTerminal() {
+    func `invalid grant is terminal`() {
         let data = Data(#"{"error":"invalid_grant"}"#.utf8)
         #expect(ClaudeOAuthCredentialsStore
             .refreshFailureDispositionForTesting(statusCode: 400, data: data) == "terminalInvalidGrant")
     }
 
     @Test
-    func otherError_isTransient() {
+    func `other error is transient`() {
         let data = Data(#"{"error":"invalid_request"}"#.utf8)
         #expect(ClaudeOAuthCredentialsStore
             .refreshFailureDispositionForTesting(statusCode: 400, data: data) == "transientBackoff")
     }
 
     @Test
-    func undecodableBody_isTransient() {
+    func `undecodable body is transient`() {
         let data = Data("not-json".utf8)
         #expect(ClaudeOAuthCredentialsStore
             .refreshFailureDispositionForTesting(statusCode: 401, data: data) == "transientBackoff")
@@ -27,7 +26,7 @@ struct ClaudeOAuthRefreshDispositionTests {
     }
 
     @Test
-    func nonAuthStatus_isNotHandled() {
+    func `non auth status is not handled`() {
         let data = Data(#"{"error":"invalid_grant"}"#.utf8)
         #expect(ClaudeOAuthCredentialsStore.refreshFailureDispositionForTesting(statusCode: 500, data: data) == nil)
     }
diff --git a/Tests/CodexBarTests/ClaudeOAuthRefreshFailureGateTests.swift b/Tests/CodexBarTests/ClaudeOAuthRefreshFailureGateTests.swift
index 5ae45a4b5..107eae03f 100644
--- a/Tests/CodexBarTests/ClaudeOAuthRefreshFailureGateTests.swift
+++ b/Tests/CodexBarTests/ClaudeOAuthRefreshFailureGateTests.swift
@@ -13,7 +13,7 @@ struct ClaudeOAuthRefreshFailureGateTests {
     private let transientFailureCountKey = "claudeOAuthRefreshTransientFailureCountV1"
 
     @Test
-    func blocksIndefinitely_whenFingerprintUnchanged() {
+    func `blocks indefinitely when fingerprint unchanged`() {
         ClaudeOAuthRefreshFailureGate.resetForTesting()
         defer { ClaudeOAuthRefreshFailureGate.resetForTesting() }
 
@@ -43,7 +43,7 @@ struct ClaudeOAuthRefreshFailureGateTests {
     }
 
     @Test
-    func migratesLegacyBlockedUntilInPast_doesNotBlockAndClearsKey() {
+    func `migrates legacy blocked until in past does not block and clears key`() {
         ClaudeOAuthRefreshFailureGate.resetForTesting()
         defer { ClaudeOAuthRefreshFailureGate.resetForTesting() }
 
@@ -57,7 +57,7 @@ struct ClaudeOAuthRefreshFailureGateTests {
     }
 
     @Test
-    func migratesLegacyBackoffToTransientBackoff_doesNotSetTerminalBlock() throws {
+    func `migrates legacy backoff to transient backoff does not set terminal block`() throws {
         ClaudeOAuthRefreshFailureGate.resetForTesting()
         defer { ClaudeOAuthRefreshFailureGate.resetForTesting() }
 
@@ -87,7 +87,7 @@ struct ClaudeOAuthRefreshFailureGateTests {
     }
 
     @Test
-    func unblocksWhenFingerprintBecomesAvailable_afterBeingUnknownAtFailure() {
+    func `unblocks when fingerprint becomes available after being unknown at failure`() {
         ClaudeOAuthRefreshFailureGate.resetForTesting()
         defer { ClaudeOAuthRefreshFailureGate.resetForTesting() }
 
@@ -112,7 +112,7 @@ struct ClaudeOAuthRefreshFailureGateTests {
     }
 
     @Test
-    func unblocksImmediately_whenFingerprintChanges() {
+    func `unblocks immediately when fingerprint changes`() {
         ClaudeOAuthRefreshFailureGate.resetForTesting()
         defer { ClaudeOAuthRefreshFailureGate.resetForTesting() }
 
@@ -139,7 +139,7 @@ struct ClaudeOAuthRefreshFailureGateTests {
     }
 
     @Test
-    func throttlesFingerprintRecheck_whileTerminalBlocked() {
+    func `throttles fingerprint recheck while terminal blocked`() {
         ClaudeOAuthRefreshFailureGate.resetForTesting()
         defer { ClaudeOAuthRefreshFailureGate.resetForTesting() }
 
@@ -174,7 +174,7 @@ struct ClaudeOAuthRefreshFailureGateTests {
     }
 
     @Test
-    func terminalBlockIsMonotonic_whenTransientFailureIsRecorded() {
+    func `terminal block is monotonic when transient failure is recorded`() {
         ClaudeOAuthRefreshFailureGate.resetForTesting()
         defer { ClaudeOAuthRefreshFailureGate.resetForTesting() }
 
@@ -197,7 +197,7 @@ struct ClaudeOAuthRefreshFailureGateTests {
     }
 
     @Test
-    func recordSuccess_clearsTerminalBlock() {
+    func `record success clears terminal block`() {
         ClaudeOAuthRefreshFailureGate.resetForTesting()
         defer { ClaudeOAuthRefreshFailureGate.resetForTesting() }
 
@@ -219,7 +219,7 @@ struct ClaudeOAuthRefreshFailureGateTests {
     }
 
     @Test
-    func transientBackoff_blocksUntilExpiry_thenUnblocks() {
+    func `transient backoff blocks until expiry then unblocks`() {
         ClaudeOAuthRefreshFailureGate.resetForTesting()
         defer { ClaudeOAuthRefreshFailureGate.resetForTesting() }
 
@@ -241,7 +241,7 @@ struct ClaudeOAuthRefreshFailureGateTests {
     }
 
     @Test
-    func transientBackoff_isExponentialAndCapped() {
+    func `transient backoff is exponential and capped`() {
         ClaudeOAuthRefreshFailureGate.resetForTesting()
         defer { ClaudeOAuthRefreshFailureGate.resetForTesting() }
 
@@ -274,7 +274,7 @@ struct ClaudeOAuthRefreshFailureGateTests {
     }
 
     @Test
-    func transientBackoff_unblocksEarly_whenFingerprintChanges() {
+    func `transient backoff unblocks early when fingerprint changes`() {
         ClaudeOAuthRefreshFailureGate.resetForTesting()
         defer { ClaudeOAuthRefreshFailureGate.resetForTesting() }
 
diff --git a/Tests/CodexBarTests/ClaudeOAuthTests.swift b/Tests/CodexBarTests/ClaudeOAuthTests.swift
index ecdf4109c..a08fec11b 100644
--- a/Tests/CodexBarTests/ClaudeOAuthTests.swift
+++ b/Tests/CodexBarTests/ClaudeOAuthTests.swift
@@ -2,10 +2,9 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct ClaudeOAuthTests {
     @Test
-    func parsesOAuthCredentials() throws {
+    func `parses O auth credentials`() throws {
         let json = """
         {
           "claudeAiOauth": {
@@ -13,7 +12,8 @@ struct ClaudeOAuthTests {
             "refreshToken": "test-refresh",
             "expiresAt": 4102444800000,
             "scopes": ["usage:read"],
-            "rateLimitTier": "default_claude_max_20x"
+            "rateLimitTier": "default_claude_max_20x",
+            "subscriptionType": "pro"
           }
         }
         """
@@ -22,11 +22,12 @@ struct ClaudeOAuthTests {
         #expect(creds.refreshToken == "test-refresh")
         #expect(creds.scopes == ["usage:read"])
         #expect(creds.rateLimitTier == "default_claude_max_20x")
+        #expect(creds.subscriptionType == "pro")
         #expect(creds.isExpired == false)
     }
 
     @Test
-    func missingAccessTokenThrows() {
+    func `missing access token throws`() {
         let json = """
         {
           "claudeAiOauth": {
@@ -42,7 +43,7 @@ struct ClaudeOAuthTests {
     }
 
     @Test
-    func missingOAuthBlockThrows() {
+    func `missing O auth block throws`() {
         let json = """
         { "other": { "accessToken": "nope" } }
         """
@@ -52,7 +53,7 @@ struct ClaudeOAuthTests {
     }
 
     @Test
-    func treatsMissingExpiryAsExpired() {
+    func `treats missing expiry as expired`() {
         let creds = ClaudeOAuthCredentials(
             accessToken: "token",
             refreshToken: nil,
@@ -63,7 +64,7 @@ struct ClaudeOAuthTests {
     }
 
     @Test
-    func mapsOAuthUsageToSnapshot() throws {
+    func `maps O auth usage to snapshot`() throws {
         let json = """
         {
           "five_hour": { "utilization": 12.5, "resets_at": "2025-12-25T12:00:00.000Z" },
@@ -83,7 +84,82 @@ struct ClaudeOAuthTests {
     }
 
     @Test
-    func mapsOAuthExtraUsage() throws {
+    func `maps O auth subscription type when rate limit tier is generic`() throws {
+        let json = """
+        {
+          "five_hour": { "utilization": 12.5, "resets_at": "2025-12-25T12:00:00.000Z" }
+        }
+        """
+        let snap = try ClaudeUsageFetcher._mapOAuthUsageForTesting(
+            Data(json.utf8),
+            rateLimitTier: "default_claude_ai",
+            subscriptionType: "pro")
+        #expect(snap.loginMethod == "Claude Pro")
+    }
+
+    @Test
+    func `ignores merged O auth design usage window`() throws {
+        let json = """
+        {
+          "five_hour": { "utilization": 12.5, "resets_at": "2025-12-25T12:00:00.000Z" },
+          "seven_day_design": { "utilization": 44, "resets_at": "2025-12-31T00:00:00.000Z" },
+          "seven_day_routines": { "utilization": 18, "resets_at": "2026-01-01T00:00:00.000Z" }
+        }
+        """
+        let snap = try ClaudeUsageFetcher._mapOAuthUsageForTesting(Data(json.utf8))
+        #expect(snap.extraRateWindows.count == 1)
+        #expect(snap.extraRateWindows.contains { $0.id == "claude-design" } == false)
+        #expect(snap.extraRateWindows.first(where: { $0.id == "claude-routines" })?.title == "Daily Routines")
+        #expect(snap.extraRateWindows.first(where: { $0.id == "claude-routines" })?.window.usedPercent == 18)
+    }
+
+    @Test
+    func `ignores merged O auth omelette usage window`() throws {
+        let json = """
+        {
+          "five_hour": { "utilization": 12.5, "resets_at": "2025-12-25T12:00:00.000Z" },
+          "seven_day_omelette": { "utilization": 29, "resets_at": "2025-12-31T00:00:00.000Z" },
+          "seven_day_cowork": { "utilization": 9, "resets_at": "2026-01-01T00:00:00.000Z" }
+        }
+        """
+        let snap = try ClaudeUsageFetcher._mapOAuthUsageForTesting(Data(json.utf8))
+        #expect(snap.extraRateWindows.count == 1)
+        #expect(snap.extraRateWindows.contains { $0.id == "claude-design" } == false)
+        #expect(snap.extraRateWindows.first(where: { $0.id == "claude-routines" })?.window.usedPercent == 9)
+    }
+
+    @Test
+    func `maps O auth null cowork as zero routines window`() throws {
+        let json = """
+        {
+          "five_hour": { "utilization": 12.5, "resets_at": "2025-12-25T12:00:00.000Z" },
+          "seven_day_omelette": { "utilization": 29, "resets_at": "2025-12-31T00:00:00.000Z" },
+          "seven_day_cowork": null
+        }
+        """
+        let snap = try ClaudeUsageFetcher._mapOAuthUsageForTesting(Data(json.utf8))
+        #expect(snap.extraRateWindows.first(where: { $0.id == "claude-routines" })?.window.usedPercent == 0)
+        #expect(snap.extraRateWindows.contains { $0.id == "claude-design" } == false)
+    }
+
+    @Test
+    func `prefers populated routines alias over null alias in mixed payload`() throws {
+        let json = """
+        {
+          "five_hour": { "utilization": 12.5, "resets_at": "2025-12-25T12:00:00.000Z" },
+          "seven_day_design": null,
+          "seven_day_omelette": { "utilization": 37, "resets_at": "2025-12-31T00:00:00.000Z" },
+          "seven_day_routines": null,
+          "seven_day_cowork": { "utilization": 14, "resets_at": "2026-01-01T00:00:00.000Z" }
+        }
+        """
+        let snap = try ClaudeUsageFetcher._mapOAuthUsageForTesting(Data(json.utf8))
+        #expect(snap.extraRateWindows.contains { $0.id == "claude-design" } == false)
+        #expect(snap.extraRateWindows.first(where: { $0.id == "claude-routines" })?.window.usedPercent == 14)
+    }
+
+    @Test
+    func `maps O auth extra usage`() throws {
         // OAuth API returns values in cents (minor units), same as Web API.
         // The normalization always converts to dollars (major units).
         let json = """
@@ -100,10 +176,11 @@ struct ClaudeOAuthTests {
         #expect(snap.providerCost?.currencyCode == "USD")
         #expect(snap.providerCost?.limit == 20.5)
         #expect(snap.providerCost?.used == 3.25)
+        #expect(snap.providerCost?.period == "Monthly cap")
     }
 
     @Test
-    func mapsOAuthExtraUsageMinorUnitsAsMajorUnits() throws {
+    func `maps O auth extra usage minor units as major units`() throws {
         let json = """
         {
           "five_hour": { "utilization": 1, "resets_at": "2025-12-25T12:00:00.000Z" },
@@ -119,10 +196,93 @@ struct ClaudeOAuthTests {
         #expect(snap.providerCost?.currencyCode == "USD")
         #expect(snap.providerCost?.limit == 20)
         #expect(snap.providerCost?.used == 5.2)
+        #expect(snap.providerCost?.period == "Monthly cap")
+    }
+
+    @Test
+    func `does not display spend limit 100x too high for enterprise O auth`() throws {
+        let json = """
+        {
+          "extra_usage": {
+            "is_enabled": true,
+            "monthly_limit": 2000,
+            "used_credits": 763,
+            "utilization": 38.15,
+            "currency": "EUR"
+          }
+        }
+        """
+        let snap = try ClaudeUsageFetcher._mapOAuthUsageForTesting(
+            Data(json.utf8),
+            subscriptionType: "enterprise")
+        #expect(snap.loginMethod == "Claude Enterprise")
+        #expect(snap.primary.usedPercent == 38.15)
+        #expect(snap.primaryWindowKind == .spendLimit)
+        #expect(snap.primary.windowMinutes == nil)
+        #expect(snap.primary.resetDescription == "Spend limit: €7.63 / €20.00")
+        #expect(snap.secondary == nil)
+        #expect(snap.providerCost?.period == "Spend limit")
+        #expect(snap.providerCost?.currencyCode == "EUR")
+        #expect(snap.providerCost?.limit == 20)
+        #expect(snap.providerCost?.used == 7.63)
+
+        let usage = ClaudeOAuthFetchStrategy._snapshotForTesting(from: snap)
+        #expect(usage.primary == nil)
+        #expect(usage.providerCost?.period == "Spend limit")
+        #expect(usage.providerCost?.limit == 20)
+        #expect(usage.providerCost?.used == 7.63)
     }
 
     @Test
-    func normalizesHighLimitOAuthExtraUsage() throws {
+    func `maps O auth spend limit without plan metadata from minor units`() throws {
+        let json = """
+        {
+          "extra_usage": {
+            "is_enabled": true,
+            "monthly_limit": 2000,
+            "used_credits": 763,
+            "utilization": 38.15,
+            "currency": "EUR"
+          }
+        }
+        """
+        let snap = try ClaudeUsageFetcher._mapOAuthUsageForTesting(Data(json.utf8))
+        #expect(snap.loginMethod == nil)
+        #expect(snap.primaryWindowKind == .spendLimit)
+        #expect(snap.primary.usedPercent == 38.15)
+        #expect(snap.primary.resetDescription == "Spend limit: €7.63 / €20.00")
+        #expect(snap.providerCost?.period == "Spend limit")
+        #expect(snap.providerCost?.currencyCode == "EUR")
+        #expect(snap.providerCost?.limit == 20)
+        #expect(snap.providerCost?.used == 7.63)
+    }
+
+    @Test
+    func `maps large enterprise O auth spend limit from minor units`() throws {
+        let json = """
+        {
+          "extra_usage": {
+            "is_enabled": true,
+            "monthly_limit": 1000000,
+            "used_credits": 123456,
+            "utilization": 12.3456,
+            "currency": "USD"
+          }
+        }
+        """
+        let snap = try ClaudeUsageFetcher._mapOAuthUsageForTesting(
+            Data(json.utf8),
+            subscriptionType: "enterprise")
+        #expect(snap.primaryWindowKind == .spendLimit)
+        #expect(snap.primary.usedPercent == 12.3456)
+        #expect(snap.primary.resetDescription == "Spend limit: $1,234.56 / $10,000.00")
+        #expect(snap.providerCost?.period == "Spend limit")
+        #expect(snap.providerCost?.limit == 10000)
+        #expect(snap.providerCost?.used == 1234.56)
+    }
+
+    @Test
+    func `normalizes high limit O auth extra usage`() throws {
         let json = """
         {
           "five_hour": { "utilization": 1, "resets_at": "2025-12-25T12:00:00.000Z" },
@@ -143,7 +303,7 @@ struct ClaudeOAuthTests {
     }
 
     @Test
-    func normalizesOAuthExtraUsageCentsToMajorUnits() throws {
+    func `normalizes O auth extra usage cents to major units`() throws {
         let json = """
         {
           "five_hour": { "utilization": 1, "resets_at": "2025-12-25T12:00:00.000Z" },
@@ -162,7 +322,7 @@ struct ClaudeOAuthTests {
     }
 
     @Test
-    func prefersOpusWhenSonnetMissing() throws {
+    func `prefers opus when sonnet missing`() throws {
         let json = """
         {
           "five_hour": { "utilization": 10, "resets_at": "2025-12-25T12:00:00.000Z" },
@@ -174,7 +334,7 @@ struct ClaudeOAuthTests {
     }
 
     @Test
-    func includesBodyInOAuth403Error() {
+    func `includes body in O auth403 error`() {
         let err = ClaudeOAuthFetchError.serverError(
             403,
             "HTTP 403: OAuth token does not meet scope requirement user:profile")
@@ -183,7 +343,108 @@ struct ClaudeOAuthTests {
     }
 
     @Test
-    func oauthUsageUserAgentUsesClaudeCodeVersion() {
+    func `O auth429 error gives actionable guidance without raw body`() {
+        let err = ClaudeOAuthFetchError.rateLimited(retryAfter: nil)
+        #expect(err.localizedDescription.contains("rate limited"))
+        #expect(err.localizedDescription.contains("claude logout && claude login"))
+        #expect(!err.localizedDescription.contains("rate_limit_error"))
+    }
+
+    @Test
+    func `O auth429 usage fetch surfaces guidance without raw JSON`() async throws {
+        let fetcher = ClaudeUsageFetcher(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            environment: [:],
+            dataSource: .oauth,
+            oauthKeychainPromptCooldownEnabled: true)
+
+        let loadCredsOverride: (@Sendable (
+            [String: String],
+            Bool,
+            Bool) async throws -> ClaudeOAuthCredentials)? = { _, _, _ in
+            ClaudeOAuthCredentials(
+                accessToken: "rate-limited-token",
+                refreshToken: "refresh-token",
+                expiresAt: Date(timeIntervalSinceNow: 3600),
+                scopes: ["user:profile"],
+                rateLimitTier: nil)
+        }
+        let fetchOverride: (@Sendable (String) async throws -> OAuthUsageResponse)? = { _ in
+            throw ClaudeOAuthFetchError.rateLimited(retryAfter: nil)
+        }
+
+        do {
+            _ = try await ClaudeUsageFetcher.$fetchOAuthUsageOverride.withValue(fetchOverride) {
+                try await ClaudeUsageFetcher.$loadOAuthCredentialsOverride.withValue(
+                    loadCredsOverride,
+                    operation: {
+                        try await fetcher.loadLatestUsage(model: "sonnet")
+                    })
+            }
+            Issue.record("Expected OAuth rate limit to fail with guidance")
+        } catch let error as ClaudeUsageError {
+            guard case let .oauthFailed(message) = error else {
+                Issue.record("Expected ClaudeUsageError.oauthFailed, got \(error)")
+                return
+            }
+            #expect(message.contains("rate limited"))
+            #expect(message.contains("claude logout && claude login"))
+            #expect(!message.contains("rate_limit_error"))
+        } catch {
+            Issue.record("Expected ClaudeUsageError, got \(error)")
+        }
+    }
+
+    @Test
+    func `O auth usage rate limit gate blocks background retries until cooldown`() {
+        ClaudeOAuthUsageRateLimitGate.resetForTesting()
+        defer { ClaudeOAuthUsageRateLimitGate.resetForTesting() }
+
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let retryAfter = now.addingTimeInterval(120)
+
+        #expect(ClaudeOAuthUsageRateLimitGate.currentBlockedUntil(now: now) == nil)
+        ClaudeOAuthUsageRateLimitGate.recordRateLimit(retryAfter: retryAfter, now: now)
+
+        #expect(ClaudeOAuthUsageRateLimitGate.currentBlockedUntil(now: now) == retryAfter)
+        #expect(ClaudeOAuthUsageRateLimitGate.blockedUntil(interaction: .background, now: now) == retryAfter)
+        #expect(ClaudeOAuthUsageRateLimitGate.blockedUntil(interaction: .userInitiated, now: now) == nil)
+        #expect(ClaudeOAuthUsageRateLimitGate.currentBlockedUntil(now: now.addingTimeInterval(119)) != nil)
+        #expect(ClaudeOAuthUsageRateLimitGate.currentBlockedUntil(now: now.addingTimeInterval(121)) == nil)
+    }
+
+    @Test
+    func `O auth retry after parses seconds`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let url = try #require(URL(string: "https://api.anthropic.com/api/oauth/usage"))
+        let response = try #require(HTTPURLResponse(
+            url: url,
+            statusCode: 429,
+            httpVersion: "HTTP/1.1",
+            headerFields: ["Retry-After": "42"]))
+
+        #expect(
+            ClaudeOAuthUsageFetcher._retryAfterDateForTesting(from: response, now: now)
+                == now.addingTimeInterval(42))
+    }
+
+    @Test
+    func `O auth retry after parses HTTP date`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let url = try #require(URL(string: "https://api.anthropic.com/api/oauth/usage"))
+        let response = try #require(HTTPURLResponse(
+            url: url,
+            statusCode: 429,
+            httpVersion: "HTTP/1.1",
+            headerFields: ["Retry-After": "Wed, 21 Oct 2015 07:28:00 GMT"]))
+
+        #expect(
+            ClaudeOAuthUsageFetcher._retryAfterDateForTesting(from: response, now: now)
+                == Date(timeIntervalSince1970: 1_445_412_480))
+    }
+
+    @Test
+    func `oauth usage user agent uses claude code version`() {
         #expect(
             ClaudeOAuthUsageFetcher._userAgentForTesting(versionString: "2.1.70 (Claude Code)")
                 == "claude-code/2.1.70")
@@ -191,7 +452,7 @@ struct ClaudeOAuthTests {
     }
 
     @Test
-    func skipsExtraUsageWhenDisabled() throws {
+    func `skips extra usage when disabled`() throws {
         let json = """
         {
           "five_hour": { "utilization": 1, "resets_at": "2025-12-25T12:00:00.000Z" },
@@ -209,7 +470,7 @@ struct ClaudeOAuthTests {
     // MARK: - Scope-based strategy resolution
 
     @Test
-    func prefersOAuthWhenAvailable() {
+    func `prefers O auth when available`() {
         let strategy = ClaudeProviderDescriptor.resolveUsageStrategy(
             selectedDataSource: .auto,
             webExtrasEnabled: false,
@@ -220,7 +481,7 @@ struct ClaudeOAuthTests {
     }
 
     @Test
-    func fallsBackToCLIWhenOAuthMissingAndCLIAvailable() {
+    func `falls back to CLI when O auth missing and CLI available`() {
         let strategy = ClaudeProviderDescriptor.resolveUsageStrategy(
             selectedDataSource: .auto,
             webExtrasEnabled: false,
@@ -231,7 +492,7 @@ struct ClaudeOAuthTests {
     }
 
     @Test
-    func fallsBackToWebWhenOAuthMissingAndCLIMissing() {
+    func `falls back to web when O auth missing and CLI missing`() {
         let strategy = ClaudeProviderDescriptor.resolveUsageStrategy(
             selectedDataSource: .auto,
             webExtrasEnabled: false,
@@ -242,7 +503,7 @@ struct ClaudeOAuthTests {
     }
 
     @Test
-    func fallsBackToCLIWhenOAuthMissingAndWebMissing() {
+    func `falls back to CLI when O auth missing and web missing`() {
         let strategy = ClaudeProviderDescriptor.resolveUsageStrategy(
             selectedDataSource: .auto,
             webExtrasEnabled: false,
diff --git a/Tests/CodexBarTests/ClaudePlanResolverTests.swift b/Tests/CodexBarTests/ClaudePlanResolverTests.swift
new file mode 100644
index 000000000..caeb2d17d
--- /dev/null
+++ b/Tests/CodexBarTests/ClaudePlanResolverTests.swift
@@ -0,0 +1,66 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct ClaudePlanResolverTests {
+    @Test
+    func `oauth rate limit tier maps to branded plan`() {
+        #expect(ClaudePlan.oauthLoginMethod(rateLimitTier: "default_claude_max_20x") == "Claude Max")
+        #expect(ClaudePlan.oauthLoginMethod(rateLimitTier: "claude_pro") == "Claude Pro")
+        #expect(ClaudePlan.oauthLoginMethod(rateLimitTier: "claude_team") == "Claude Team")
+        #expect(ClaudePlan.oauthLoginMethod(rateLimitTier: "claude_enterprise") == "Claude Enterprise")
+    }
+
+    @Test
+    func `oauth subscription type overrides generic rate limit tier`() {
+        #expect(
+            ClaudePlan.oauthLoginMethod(subscriptionType: "pro", rateLimitTier: "default_claude_ai")
+                == "Claude Pro")
+        #expect(
+            ClaudePlan.oauthLoginMethod(subscriptionType: "team", rateLimitTier: "default_claude_max_5x")
+                == "Claude Team")
+        #expect(ClaudePlan.oauthLoginMethod(subscriptionType: nil, rateLimitTier: "default_claude_ai") == nil)
+    }
+
+    @Test
+    func `web fallback preserves stripe Claude compatibility`() {
+        #expect(
+            ClaudePlan.webLoginMethod(
+                rateLimitTier: "default_claude",
+                billingType: "stripe_subscription")
+                == "Claude Pro")
+    }
+
+    @Test
+    func `compatibility parser understands current labels`() {
+        #expect(ClaudePlan.fromCompatibilityLoginMethod("Claude Max") == .max)
+        #expect(ClaudePlan.fromCompatibilityLoginMethod("Max") == .max)
+        #expect(ClaudePlan.fromCompatibilityLoginMethod("Claude Pro") == .pro)
+        #expect(ClaudePlan.fromCompatibilityLoginMethod("Ultra") == .ultra)
+        #expect(ClaudePlan.fromCompatibilityLoginMethod("Claude Team") == .team)
+        #expect(ClaudePlan.fromCompatibilityLoginMethod("Claude Enterprise") == .enterprise)
+    }
+
+    @Test
+    func `CLI projection keeps compact compatibility and unknown fallback`() {
+        #expect(ClaudePlan.cliCompatibilityLoginMethod("Claude Max Account") == "Max")
+        #expect(ClaudePlan.cliCompatibilityLoginMethod("Team") == "Team")
+        #expect(ClaudePlan.cliCompatibilityLoginMethod("Claude Enterprise Account") == "Enterprise")
+        #expect(ClaudePlan.cliCompatibilityLoginMethod("Claude Ultra Account") == "Ultra")
+        #expect(ClaudePlan.cliCompatibilityLoginMethod("Experimental") == "Experimental")
+        #expect(ClaudePlan.cliCompatibilityLoginMethod("Profile") == "Profile")
+        #expect(ClaudePlan.cliCompatibilityLoginMethod("Browser profile") == "Browser profile")
+    }
+
+    @Test
+    func `subscription compatibility preserves ultra and excludes enterprise`() {
+        #expect(ClaudePlan.isSubscriptionLoginMethod("Claude Max"))
+        #expect(ClaudePlan.isSubscriptionLoginMethod("Pro"))
+        #expect(ClaudePlan.isSubscriptionLoginMethod("Ultra"))
+        #expect(ClaudePlan.isSubscriptionLoginMethod("Team"))
+        #expect(!ClaudePlan.isSubscriptionLoginMethod("Claude Enterprise"))
+        #expect(!ClaudePlan.isSubscriptionLoginMethod("Profile"))
+        #expect(!ClaudePlan.isSubscriptionLoginMethod("Browser profile"))
+        #expect(!ClaudePlan.isSubscriptionLoginMethod("API"))
+    }
+}
diff --git a/Tests/CodexBarTests/ClaudeProbeWorkingDirectoryTests.swift b/Tests/CodexBarTests/ClaudeProbeWorkingDirectoryTests.swift
new file mode 100644
index 000000000..3a5f8724d
--- /dev/null
+++ b/Tests/CodexBarTests/ClaudeProbeWorkingDirectoryTests.swift
@@ -0,0 +1,72 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct ClaudeProbeWorkingDirectoryTests {
+    @Test
+    func `probe working directory disables deep link registration`() throws {
+        let directory = try Self.makeTemporaryDirectory()
+
+        try ClaudeStatusProbe.prepareProbeWorkingDirectory(at: directory)
+
+        let settings = try Self.readSettings(from: directory)
+        #expect(settings["disableDeepLinkRegistration"] as? String == "disable")
+    }
+
+    @Test
+    func `probe working directory preserves existing local settings`() throws {
+        let directory = try Self.makeTemporaryDirectory()
+        let settingsURL = directory
+            .appendingPathComponent(".claude", isDirectory: true)
+            .appendingPathComponent("settings.local.json")
+        try FileManager.default.createDirectory(
+            at: settingsURL.deletingLastPathComponent(),
+            withIntermediateDirectories: true)
+        let existing: [String: Any] = [
+            "permissions": [
+                "allow": ["Bash(*)"],
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: existing)
+        try data.write(to: settingsURL)
+
+        try ClaudeStatusProbe.prepareProbeWorkingDirectory(at: directory)
+
+        let settings = try Self.readSettings(from: directory)
+        #expect(settings["disableDeepLinkRegistration"] as? String == "disable")
+        let permissions = try #require(settings["permissions"] as? [String: Any])
+        #expect(permissions["allow"] as? [String] == ["Bash(*)"])
+    }
+
+    @Test
+    func `probe working directory overwrites invalid local settings`() throws {
+        let directory = try Self.makeTemporaryDirectory()
+        let settingsURL = directory
+            .appendingPathComponent(".claude", isDirectory: true)
+            .appendingPathComponent("settings.local.json")
+        try FileManager.default.createDirectory(
+            at: settingsURL.deletingLastPathComponent(),
+            withIntermediateDirectories: true)
+        try Data("{".utf8).write(to: settingsURL)
+
+        try ClaudeStatusProbe.prepareProbeWorkingDirectory(at: directory)
+
+        let settings = try Self.readSettings(from: directory)
+        #expect(settings["disableDeepLinkRegistration"] as? String == "disable")
+    }
+
+    private static func makeTemporaryDirectory() throws -> URL {
+        let directory = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codexbar-claude-probe-\(UUID().uuidString)", isDirectory: true)
+        try FileManager.default.createDirectory(at: directory, withIntermediateDirectories: true)
+        return directory
+    }
+
+    private static func readSettings(from directory: URL) throws -> [String: Any] {
+        let settingsURL = directory
+            .appendingPathComponent(".claude", isDirectory: true)
+            .appendingPathComponent("settings.local.json")
+        let data = try Data(contentsOf: settingsURL)
+        return try #require(JSONSerialization.jsonObject(with: data) as? [String: Any])
+    }
+}
diff --git a/Tests/CodexBarTests/ClaudeResilienceTests.swift b/Tests/CodexBarTests/ClaudeResilienceTests.swift
index d0d7372b7..aa2c851d2 100644
--- a/Tests/CodexBarTests/ClaudeResilienceTests.swift
+++ b/Tests/CodexBarTests/ClaudeResilienceTests.swift
@@ -1,10 +1,11 @@
+import Foundation
 import Testing
 @testable import CodexBar
+@testable import CodexBarCore
 
-@Suite
 struct ClaudeResilienceTests {
     @Test
-    func suppressesSingleFlakeWhenPriorDataExists() {
+    func `suppresses single flake when prior data exists`() {
         var gate = ConsecutiveFailureGate()
         let firstFailure = gate.shouldSurfaceError(onFailureWithPriorData: true)
         let secondFailure = gate.shouldSurfaceError(onFailureWithPriorData: true)
@@ -13,18 +14,1135 @@ struct ClaudeResilienceTests {
     }
 
     @Test
-    func surfacesFailureWithoutPriorData() {
+    func `surfaces failure without prior data`() {
         var gate = ConsecutiveFailureGate()
         let shouldSurface = gate.shouldSurfaceError(onFailureWithPriorData: false)
         #expect(shouldSurface)
     }
 
     @Test
-    func resetsAfterSuccess() {
+    func `resets after success`() {
         var gate = ConsecutiveFailureGate()
         _ = gate.shouldSurfaceError(onFailureWithPriorData: true)
         gate.recordSuccess()
         let shouldSurface = gate.shouldSurfaceError(onFailureWithPriorData: true)
         #expect(shouldSurface == false)
     }
+
+    @Test
+    func `timeout keeps prior Claude snapshot without surfacing repeated failure`() async throws {
+        try await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+            let tempDir = FileManager.default.temporaryDirectory
+                .appendingPathComponent(UUID().uuidString, isDirectory: true)
+            try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+            let fileURL = tempDir.appendingPathComponent("missing-credentials.json")
+
+            try await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                let (store, prior) = try await MainActor.run {
+                    let settings = Self.makeSettingsStore(suite: "ClaudeResilienceTests-timeout-cache")
+                    settings.refreshFrequency = .manual
+                    settings.statusChecksEnabled = false
+                    settings.claudeUsageDataSource = .cli
+
+                    let metadata = ProviderRegistry.shared.metadata
+                    for provider in UsageProvider.allCases {
+                        try settings.setProviderEnabled(
+                            provider: provider,
+                            metadata: #require(metadata[provider]),
+                            enabled: provider == .claude)
+                    }
+
+                    let store = UsageStore(
+                        fetcher: UsageFetcher(environment: [:]),
+                        browserDetection: BrowserDetection(cacheTTL: 0),
+                        settings: settings,
+                        startupBehavior: .testing,
+                        environmentBase: [:])
+                    let prior = UsageSnapshot(
+                        primary: RateWindow(usedPercent: 12, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+                        secondary: RateWindow(
+                            usedPercent: 34,
+                            windowMinutes: 10080,
+                            resetsAt: nil,
+                            resetDescription: nil),
+                        updatedAt: Date(timeIntervalSince1970: 1_800_000_000),
+                        identity: ProviderIdentitySnapshot(
+                            providerID: .claude,
+                            accountEmail: "claude@example.com",
+                            accountOrganization: nil,
+                            loginMethod: "Pro"))
+                    store._setSnapshotForTesting(prior, provider: .claude)
+
+                    let baseSpec = try #require(store.providerSpecs[.claude])
+                    let descriptor = ProviderDescriptor(
+                        id: .claude,
+                        metadata: baseSpec.descriptor.metadata,
+                        branding: baseSpec.descriptor.branding,
+                        tokenCost: baseSpec.descriptor.tokenCost,
+                        fetchPlan: ProviderFetchPlan(
+                            sourceModes: [.cli],
+                            pipeline: ProviderFetchPipeline { _ in [TimeoutFetchStrategy()] }),
+                        cli: baseSpec.descriptor.cli)
+                    store.providerSpecs[.claude] = ProviderSpec(
+                        style: baseSpec.style,
+                        isEnabled: baseSpec.isEnabled,
+                        descriptor: descriptor,
+                        makeFetchContext: baseSpec.makeFetchContext)
+                    return (store, prior)
+                }
+
+                await store.refreshProvider(.claude)
+                let firstResult = await MainActor.run {
+                    (
+                        updatedAt: store.snapshot(for: .claude)?.updatedAt,
+                        hasError: store.error(for: .claude) != nil)
+                }
+
+                #expect(firstResult.updatedAt == prior.updatedAt)
+                #expect(!firstResult.hasError)
+
+                await store.refreshProvider(.claude)
+                let secondResult = await MainActor.run {
+                    (
+                        updatedAt: store.snapshot(for: .claude)?.updatedAt,
+                        hasError: store.error(for: .claude) != nil)
+                }
+
+                #expect(secondResult.updatedAt == prior.updatedAt)
+                #expect(!secondResult.hasError)
+            }
+        }
+    }
+
+    @Test
+    func `repeated non probe transient failure still surfaces`() async throws {
+        try await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+            let tempDir = FileManager.default.temporaryDirectory
+                .appendingPathComponent(UUID().uuidString, isDirectory: true)
+            try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+            let fileURL = tempDir.appendingPathComponent("missing-credentials.json")
+
+            try await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                let (store, prior) = try await MainActor.run {
+                    let settings = Self.makeSettingsStore(suite: "ClaudeResilienceTests-network-cache")
+                    settings.refreshFrequency = .manual
+                    settings.statusChecksEnabled = false
+                    settings.claudeUsageDataSource = .cli
+
+                    let metadata = ProviderRegistry.shared.metadata
+                    for provider in UsageProvider.allCases {
+                        try settings.setProviderEnabled(
+                            provider: provider,
+                            metadata: #require(metadata[provider]),
+                            enabled: provider == .claude)
+                    }
+
+                    let store = UsageStore(
+                        fetcher: UsageFetcher(environment: [:]),
+                        browserDetection: BrowserDetection(cacheTTL: 0),
+                        settings: settings,
+                        startupBehavior: .testing,
+                        environmentBase: [:])
+                    let prior = UsageSnapshot(
+                        primary: RateWindow(usedPercent: 12, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+                        secondary: nil,
+                        updatedAt: Date(timeIntervalSince1970: 1_800_000_000),
+                        identity: ProviderIdentitySnapshot(
+                            providerID: .claude,
+                            accountEmail: "claude@example.com",
+                            accountOrganization: nil,
+                            loginMethod: "Pro"))
+                    store._setSnapshotForTesting(prior, provider: .claude)
+
+                    let baseSpec = try #require(store.providerSpecs[.claude])
+                    let descriptor = ProviderDescriptor(
+                        id: .claude,
+                        metadata: baseSpec.descriptor.metadata,
+                        branding: baseSpec.descriptor.branding,
+                        tokenCost: baseSpec.descriptor.tokenCost,
+                        fetchPlan: ProviderFetchPlan(
+                            sourceModes: [.cli],
+                            pipeline: ProviderFetchPipeline { _ in [NetworkLostFetchStrategy()] }),
+                        cli: baseSpec.descriptor.cli)
+                    store.providerSpecs[.claude] = ProviderSpec(
+                        style: baseSpec.style,
+                        isEnabled: baseSpec.isEnabled,
+                        descriptor: descriptor,
+                        makeFetchContext: baseSpec.makeFetchContext)
+                    return (store, prior)
+                }
+
+                await store.refreshProvider(.claude)
+                let firstResult = await MainActor.run {
+                    (
+                        updatedAt: store.snapshot(for: .claude)?.updatedAt,
+                        hasError: store.error(for: .claude) != nil)
+                }
+
+                #expect(firstResult.updatedAt == prior.updatedAt)
+                #expect(!firstResult.hasError)
+
+                await store.refreshProvider(.claude)
+                let secondResult = await MainActor.run {
+                    (
+                        updatedAt: store.snapshot(for: .claude)?.updatedAt,
+                        hasError: store.error(for: .claude) != nil)
+                }
+
+                #expect(secondResult.updatedAt == prior.updatedAt)
+                #expect(secondResult.hasError)
+            }
+        }
+    }
+
+    @Test
+    func `credentials change clears prior Claude snapshot for non transient failure`() async throws {
+        try await KeychainCacheStore.withServiceOverrideForTesting("com.steipete.codexbar.cache.tests.\(UUID())") {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+            try await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                let tempDir = FileManager.default.temporaryDirectory
+                    .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+                let fileURL = tempDir.appendingPathComponent("credentials.json")
+                try Data("{}".utf8).write(to: fileURL)
+
+                try await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                    #expect(ClaudeOAuthCredentialsStore.invalidateCacheIfCredentialsFileChanged())
+
+                    let store = try await MainActor.run {
+                        let settings = Self.makeSettingsStore(suite: "ClaudeResilienceTests-auth-change")
+                        settings.refreshFrequency = .manual
+                        settings.statusChecksEnabled = false
+                        settings.claudeUsageDataSource = .cli
+
+                        let metadata = ProviderRegistry.shared.metadata
+                        for provider in UsageProvider.allCases {
+                            try settings.setProviderEnabled(
+                                provider: provider,
+                                metadata: #require(metadata[provider]),
+                                enabled: provider == .claude)
+                        }
+
+                        let store = UsageStore(
+                            fetcher: UsageFetcher(environment: [:]),
+                            browserDetection: BrowserDetection(cacheTTL: 0),
+                            settings: settings,
+                            startupBehavior: .testing,
+                            environmentBase: [:])
+                        let prior = UsageSnapshot(
+                            primary: RateWindow(
+                                usedPercent: 12,
+                                windowMinutes: 300,
+                                resetsAt: nil,
+                                resetDescription: nil),
+                            secondary: nil,
+                            updatedAt: Date(timeIntervalSince1970: 1_800_000_000),
+                            identity: ProviderIdentitySnapshot(
+                                providerID: .claude,
+                                accountEmail: "old@example.com",
+                                accountOrganization: nil,
+                                loginMethod: "Pro"))
+                        store._setSnapshotForTesting(prior, provider: .claude)
+
+                        let baseSpec = try #require(store.providerSpecs[.claude])
+                        let descriptor = ProviderDescriptor(
+                            id: .claude,
+                            metadata: baseSpec.descriptor.metadata,
+                            branding: baseSpec.descriptor.branding,
+                            tokenCost: baseSpec.descriptor.tokenCost,
+                            fetchPlan: ProviderFetchPlan(
+                                sourceModes: [.cli],
+                                pipeline: ProviderFetchPipeline { _ in
+                                    [AuthFailureFetchStrategy(credentialsFileURL: fileURL)]
+                                }),
+                            cli: baseSpec.descriptor.cli)
+                        store.providerSpecs[.claude] = ProviderSpec(
+                            style: baseSpec.style,
+                            isEnabled: baseSpec.isEnabled,
+                            descriptor: descriptor,
+                            makeFetchContext: baseSpec.makeFetchContext)
+                        return store
+                    }
+
+                    await store.refreshProvider(.claude)
+                    let result = await MainActor.run {
+                        (
+                            hasSnapshot: store.snapshot(for: .claude) != nil,
+                            hasError: store.error(for: .claude) != nil)
+                    }
+
+                    #expect(!result.hasSnapshot)
+                    #expect(result.hasError)
+                }
+            }
+        }
+    }
+
+    @Test
+    func `credentials change clears prior Claude snapshot for transient failure`() async throws {
+        try await KeychainCacheStore.withServiceOverrideForTesting("com.steipete.codexbar.cache.tests.\(UUID())") {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+            try await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                let tempDir = FileManager.default.temporaryDirectory
+                    .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+                let fileURL = tempDir.appendingPathComponent("credentials.json")
+                try Data("{}".utf8).write(to: fileURL)
+
+                try await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                    #expect(ClaudeOAuthCredentialsStore.invalidateCacheIfCredentialsFileChanged())
+
+                    let store = try await MainActor.run {
+                        let settings = Self.makeSettingsStore(suite: "ClaudeResilienceTests-transient-auth-change")
+                        settings.refreshFrequency = .manual
+                        settings.statusChecksEnabled = false
+                        settings.claudeUsageDataSource = .cli
+
+                        let metadata = ProviderRegistry.shared.metadata
+                        for provider in UsageProvider.allCases {
+                            try settings.setProviderEnabled(
+                                provider: provider,
+                                metadata: #require(metadata[provider]),
+                                enabled: provider == .claude)
+                        }
+
+                        let store = UsageStore(
+                            fetcher: UsageFetcher(environment: [:]),
+                            browserDetection: BrowserDetection(cacheTTL: 0),
+                            settings: settings,
+                            startupBehavior: .testing,
+                            environmentBase: [:])
+                        let prior = UsageSnapshot(
+                            primary: RateWindow(
+                                usedPercent: 12,
+                                windowMinutes: 300,
+                                resetsAt: nil,
+                                resetDescription: nil),
+                            secondary: nil,
+                            updatedAt: Date(timeIntervalSince1970: 1_800_000_000),
+                            identity: ProviderIdentitySnapshot(
+                                providerID: .claude,
+                                accountEmail: "old@example.com",
+                                accountOrganization: nil,
+                                loginMethod: "Pro"))
+                        store._setSnapshotForTesting(prior, provider: .claude)
+
+                        let baseSpec = try #require(store.providerSpecs[.claude])
+                        let descriptor = ProviderDescriptor(
+                            id: .claude,
+                            metadata: baseSpec.descriptor.metadata,
+                            branding: baseSpec.descriptor.branding,
+                            tokenCost: baseSpec.descriptor.tokenCost,
+                            fetchPlan: ProviderFetchPlan(
+                                sourceModes: [.cli],
+                                pipeline: ProviderFetchPipeline { _ in
+                                    [TransientFailureAfterCredentialSwapFetchStrategy(credentialsFileURL: fileURL)]
+                                }),
+                            cli: baseSpec.descriptor.cli)
+                        store.providerSpecs[.claude] = ProviderSpec(
+                            style: baseSpec.style,
+                            isEnabled: baseSpec.isEnabled,
+                            descriptor: descriptor,
+                            makeFetchContext: baseSpec.makeFetchContext)
+                        return store
+                    }
+
+                    await store.refreshProvider(.claude)
+                    let result = await MainActor.run {
+                        (
+                            hasSnapshot: store.snapshot(for: .claude) != nil,
+                            hasError: store.error(for: .claude) != nil)
+                    }
+
+                    #expect(!result.hasSnapshot)
+                    #expect(result.hasError)
+                }
+            }
+        }
+    }
+
+    @Test
+    func `keychain change clears prior Claude snapshot for transient failure`() async throws {
+        try await KeychainCacheStore.withServiceOverrideForTesting("com.steipete.codexbar.cache.tests.\(UUID())") {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+            let storedFingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                modifiedAt: 1,
+                createdAt: 1,
+                persistentRefHash: "old")
+            let currentFingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                modifiedAt: 2,
+                createdAt: 1,
+                persistentRefHash: "new")
+            let fingerprintStore = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprintStore(
+                fingerprint: storedFingerprint)
+
+            try await ClaudeOAuthCredentialsStore.withClaudeKeychainFingerprintStoreOverrideForTesting(
+                fingerprintStore)
+            {
+                try await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.always) {
+                    try await ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(false) {
+                        try await KeychainAccessGate.withTaskOverrideForTesting(false) {
+                            try await ClaudeOAuthKeychainAccessGate.withShouldAllowPromptOverrideForTesting(true) {
+                                try await ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                    data: nil,
+                                    fingerprint: currentFingerprint)
+                                {
+                                    try await ClaudeOAuthCredentialsStore
+                                        .withIsolatedCredentialsFileTrackingForTesting {
+                                            let tempDir = FileManager.default.temporaryDirectory
+                                                .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                                            try FileManager.default.createDirectory(
+                                                at: tempDir,
+                                                withIntermediateDirectories: true)
+                                            let fileURL = tempDir.appendingPathComponent("missing-credentials.json")
+
+                                            try await ClaudeOAuthCredentialsStore
+                                                .withCredentialsURLOverrideForTesting(fileURL) {
+                                                    let store = try await MainActor.run {
+                                                        let settings = Self.makeSettingsStore(
+                                                            suite: "ClaudeResilienceTests-keychain-auth-change")
+                                                        settings.refreshFrequency = .manual
+                                                        settings.statusChecksEnabled = false
+                                                        settings.claudeUsageDataSource = .cli
+
+                                                        let metadata = ProviderRegistry.shared.metadata
+                                                        for provider in UsageProvider.allCases {
+                                                            try settings.setProviderEnabled(
+                                                                provider: provider,
+                                                                metadata: #require(metadata[provider]),
+                                                                enabled: provider == .claude)
+                                                        }
+
+                                                        let store = UsageStore(
+                                                            fetcher: UsageFetcher(environment: [:]),
+                                                            browserDetection: BrowserDetection(cacheTTL: 0),
+                                                            settings: settings,
+                                                            startupBehavior: .testing,
+                                                            environmentBase: [:])
+                                                        let prior = UsageSnapshot(
+                                                            primary: RateWindow(
+                                                                usedPercent: 12,
+                                                                windowMinutes: 300,
+                                                                resetsAt: nil,
+                                                                resetDescription: nil),
+                                                            secondary: nil,
+                                                            updatedAt: Date(timeIntervalSince1970: 1_800_000_000),
+                                                            identity: ProviderIdentitySnapshot(
+                                                                providerID: .claude,
+                                                                accountEmail: "old@example.com",
+                                                                accountOrganization: nil,
+                                                                loginMethod: "Pro"))
+                                                        store._setSnapshotForTesting(prior, provider: .claude)
+
+                                                        let baseSpec = try #require(store.providerSpecs[.claude])
+                                                        let descriptor = ProviderDescriptor(
+                                                            id: .claude,
+                                                            metadata: baseSpec.descriptor.metadata,
+                                                            branding: baseSpec.descriptor.branding,
+                                                            tokenCost: baseSpec.descriptor.tokenCost,
+                                                            fetchPlan: ProviderFetchPlan(
+                                                                sourceModes: [.cli],
+                                                                pipeline: ProviderFetchPipeline { _ in
+                                                                    [TimeoutFetchStrategy()]
+                                                                }),
+                                                            cli: baseSpec.descriptor.cli)
+                                                        store.providerSpecs[.claude] = ProviderSpec(
+                                                            style: baseSpec.style,
+                                                            isEnabled: baseSpec.isEnabled,
+                                                            descriptor: descriptor,
+                                                            makeFetchContext: baseSpec.makeFetchContext)
+                                                        return store
+                                                    }
+
+                                                    await store.refreshProvider(.claude)
+                                                    let result = await MainActor.run {
+                                                        (
+                                                            hasSnapshot: store.snapshot(for: .claude) != nil,
+                                                            hasError: store.error(for: .claude) != nil)
+                                                    }
+
+                                                    #expect(!result.hasSnapshot)
+                                                    #expect(result.hasError)
+                                                }
+                                        }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    @Test
+    func `keychain removal clears prior Claude snapshot for transient failure`() async throws {
+        try await KeychainCacheStore.withServiceOverrideForTesting("com.steipete.codexbar.cache.tests.\(UUID())") {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+            let storedFingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                modifiedAt: 1,
+                createdAt: 1,
+                persistentRefHash: "old")
+            let fingerprintStore = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprintStore(
+                fingerprint: storedFingerprint)
+            let keychainStore = ClaudeOAuthCredentialsStore.ClaudeKeychainOverrideStore(data: nil, fingerprint: nil)
+
+            try await ClaudeOAuthCredentialsStore.withClaudeKeychainFingerprintStoreOverrideForTesting(
+                fingerprintStore)
+            {
+                try await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.always) {
+                    try await ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(false) {
+                        try await KeychainAccessGate.withTaskOverrideForTesting(false) {
+                            try await ClaudeOAuthKeychainAccessGate.withShouldAllowPromptOverrideForTesting(true) {
+                                try await ClaudeOAuthCredentialsStore.withMutableClaudeKeychainOverrideStoreForTesting(
+                                    keychainStore)
+                                {
+                                    try await ClaudeOAuthCredentialsStore
+                                        .withIsolatedCredentialsFileTrackingForTesting {
+                                            let tempDir = FileManager.default.temporaryDirectory
+                                                .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                                            try FileManager.default.createDirectory(
+                                                at: tempDir,
+                                                withIntermediateDirectories: true)
+                                            let fileURL = tempDir.appendingPathComponent("missing-credentials.json")
+
+                                            try await ClaudeOAuthCredentialsStore
+                                                .withCredentialsURLOverrideForTesting(fileURL) {
+                                                    let store = try await MainActor.run {
+                                                        let settings = Self.makeSettingsStore(
+                                                            suite: "ClaudeResilienceTests-keychain-auth-removal")
+                                                        settings.refreshFrequency = .manual
+                                                        settings.statusChecksEnabled = false
+                                                        settings.claudeUsageDataSource = .cli
+
+                                                        let metadata = ProviderRegistry.shared.metadata
+                                                        for provider in UsageProvider.allCases {
+                                                            try settings.setProviderEnabled(
+                                                                provider: provider,
+                                                                metadata: #require(metadata[provider]),
+                                                                enabled: provider == .claude)
+                                                        }
+
+                                                        let store = UsageStore(
+                                                            fetcher: UsageFetcher(environment: [:]),
+                                                            browserDetection: BrowserDetection(cacheTTL: 0),
+                                                            settings: settings,
+                                                            startupBehavior: .testing,
+                                                            environmentBase: [:])
+                                                        let prior = UsageSnapshot(
+                                                            primary: RateWindow(
+                                                                usedPercent: 12,
+                                                                windowMinutes: 300,
+                                                                resetsAt: nil,
+                                                                resetDescription: nil),
+                                                            secondary: nil,
+                                                            updatedAt: Date(timeIntervalSince1970: 1_800_000_000),
+                                                            identity: ProviderIdentitySnapshot(
+                                                                providerID: .claude,
+                                                                accountEmail: "old@example.com",
+                                                                accountOrganization: nil,
+                                                                loginMethod: "Pro"))
+                                                        store._setSnapshotForTesting(prior, provider: .claude)
+
+                                                        let baseSpec = try #require(store.providerSpecs[.claude])
+                                                        let descriptor = ProviderDescriptor(
+                                                            id: .claude,
+                                                            metadata: baseSpec.descriptor.metadata,
+                                                            branding: baseSpec.descriptor.branding,
+                                                            tokenCost: baseSpec.descriptor.tokenCost,
+                                                            fetchPlan: ProviderFetchPlan(
+                                                                sourceModes: [.cli],
+                                                                pipeline: ProviderFetchPipeline { _ in
+                                                                    [TimeoutFetchStrategy()]
+                                                                }),
+                                                            cli: baseSpec.descriptor.cli)
+                                                        store.providerSpecs[.claude] = ProviderSpec(
+                                                            style: baseSpec.style,
+                                                            isEnabled: baseSpec.isEnabled,
+                                                            descriptor: descriptor,
+                                                            makeFetchContext: baseSpec.makeFetchContext)
+                                                        return store
+                                                    }
+
+                                                    await store.refreshProvider(.claude)
+                                                    let result = await MainActor.run {
+                                                        (
+                                                            hasSnapshot: store.snapshot(for: .claude) != nil,
+                                                            hasError: store.error(for: .claude) != nil,
+                                                            storedFingerprint: fingerprintStore.fingerprint)
+                                                    }
+
+                                                    #expect(!result.hasSnapshot)
+                                                    #expect(result.hasError)
+                                                    #expect(result.storedFingerprint == nil)
+                                                }
+                                        }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+}
+
+extension ClaudeResilienceTests {
+    @Test
+    func `keychain probe denial preserves prior Claude snapshot for transient failure`() async throws {
+        try await KeychainCacheStore.withServiceOverrideForTesting("com.steipete.codexbar.cache.tests.\(UUID())") {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+            let storedFingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                modifiedAt: 1,
+                createdAt: 1,
+                persistentRefHash: "old")
+            let fingerprintStore = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprintStore(
+                fingerprint: storedFingerprint)
+            let deniedStore = ClaudeOAuthKeychainAccessGate.DeniedUntilStore()
+            deniedStore.deniedUntil = Date(timeIntervalSinceNow: 3600)
+
+            try await ClaudeOAuthCredentialsStore.withClaudeKeychainFingerprintStoreOverrideForTesting(
+                fingerprintStore)
+            {
+                try await ClaudeOAuthKeychainAccessGate.withDeniedUntilStoreOverrideForTesting(deniedStore) {
+                    try await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.always) {
+                        try await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                            let tempDir = FileManager.default.temporaryDirectory
+                                .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                            try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+                            let fileURL = tempDir.appendingPathComponent("missing-credentials.json")
+
+                            try await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                                let (store, prior) = try await MainActor.run {
+                                    let settings = Self.makeSettingsStore(
+                                        suite: "ClaudeResilienceTests-keychain-denial")
+                                    settings.refreshFrequency = .manual
+                                    settings.statusChecksEnabled = false
+                                    settings.claudeUsageDataSource = .cli
+
+                                    let metadata = ProviderRegistry.shared.metadata
+                                    for provider in UsageProvider.allCases {
+                                        try settings.setProviderEnabled(
+                                            provider: provider,
+                                            metadata: #require(metadata[provider]),
+                                            enabled: provider == .claude)
+                                    }
+
+                                    let store = UsageStore(
+                                        fetcher: UsageFetcher(environment: [:]),
+                                        browserDetection: BrowserDetection(cacheTTL: 0),
+                                        settings: settings,
+                                        startupBehavior: .testing,
+                                        environmentBase: [:])
+                                    let prior = UsageSnapshot(
+                                        primary: RateWindow(
+                                            usedPercent: 12,
+                                            windowMinutes: 300,
+                                            resetsAt: nil,
+                                            resetDescription: nil),
+                                        secondary: nil,
+                                        updatedAt: Date(timeIntervalSince1970: 1_800_000_000),
+                                        identity: ProviderIdentitySnapshot(
+                                            providerID: .claude,
+                                            accountEmail: "old@example.com",
+                                            accountOrganization: nil,
+                                            loginMethod: "Pro"))
+                                    store._setSnapshotForTesting(prior, provider: .claude)
+
+                                    let baseSpec = try #require(store.providerSpecs[.claude])
+                                    let descriptor = ProviderDescriptor(
+                                        id: .claude,
+                                        metadata: baseSpec.descriptor.metadata,
+                                        branding: baseSpec.descriptor.branding,
+                                        tokenCost: baseSpec.descriptor.tokenCost,
+                                        fetchPlan: ProviderFetchPlan(
+                                            sourceModes: [.cli],
+                                            pipeline: ProviderFetchPipeline { _ in [TimeoutFetchStrategy()] }),
+                                        cli: baseSpec.descriptor.cli)
+                                    store.providerSpecs[.claude] = ProviderSpec(
+                                        style: baseSpec.style,
+                                        isEnabled: baseSpec.isEnabled,
+                                        descriptor: descriptor,
+                                        makeFetchContext: baseSpec.makeFetchContext)
+                                    return (store, prior)
+                                }
+
+                                await store.refreshProvider(.claude)
+                                let result = await MainActor.run {
+                                    (
+                                        updatedAt: store.snapshot(for: .claude)?.updatedAt,
+                                        hasError: store.error(for: .claude) != nil,
+                                        storedFingerprint: fingerprintStore.fingerprint)
+                                }
+
+                                #expect(result.updatedAt == prior.updatedAt)
+                                #expect(!result.hasError)
+                                #expect(result.storedFingerprint == storedFingerprint)
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    @Test
+    func `keychain change clears once then preserves later reset backfill`() async throws {
+        try await KeychainCacheStore.withServiceOverrideForTesting("com.steipete.codexbar.cache.tests.\(UUID())") {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+            let resetDate = Date(timeIntervalSince1970: 1_900_000_000)
+            let storedFingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                modifiedAt: 1,
+                createdAt: 1,
+                persistentRefHash: "old")
+            let currentFingerprint = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprint(
+                modifiedAt: 2,
+                createdAt: 1,
+                persistentRefHash: "new")
+            let fingerprintStore = ClaudeOAuthCredentialsStore.ClaudeKeychainFingerprintStore(
+                fingerprint: storedFingerprint)
+
+            try await ClaudeOAuthCredentialsStore.withClaudeKeychainFingerprintStoreOverrideForTesting(
+                fingerprintStore)
+            {
+                try await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.always) {
+                    try await ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(false) {
+                        try await KeychainAccessGate.withTaskOverrideForTesting(false) {
+                            try await ClaudeOAuthKeychainAccessGate.withShouldAllowPromptOverrideForTesting(true) {
+                                try await ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                    data: nil,
+                                    fingerprint: currentFingerprint)
+                                {
+                                    try await ClaudeOAuthCredentialsStore
+                                        .withIsolatedCredentialsFileTrackingForTesting {
+                                            let tempDir = FileManager.default.temporaryDirectory
+                                                .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                                            try FileManager.default.createDirectory(
+                                                at: tempDir,
+                                                withIntermediateDirectories: true)
+                                            let fileURL = tempDir.appendingPathComponent("missing-credentials.json")
+
+                                            try await ClaudeOAuthCredentialsStore
+                                                .withCredentialsURLOverrideForTesting(fileURL) {
+                                                    let store = try await MainActor.run {
+                                                        let settings = Self.makeSettingsStore(
+                                                            suite: "ClaudeResilienceTests-keychain-auth-consumed")
+                                                        settings.refreshFrequency = .manual
+                                                        settings.statusChecksEnabled = false
+                                                        settings.claudeUsageDataSource = .cli
+
+                                                        let metadata = ProviderRegistry.shared.metadata
+                                                        for provider in UsageProvider.allCases {
+                                                            try settings.setProviderEnabled(
+                                                                provider: provider,
+                                                                metadata: #require(metadata[provider]),
+                                                                enabled: provider == .claude)
+                                                        }
+
+                                                        let store = UsageStore(
+                                                            fetcher: UsageFetcher(environment: [:]),
+                                                            browserDetection: BrowserDetection(cacheTTL: 0),
+                                                            settings: settings,
+                                                            startupBehavior: .testing,
+                                                            environmentBase: [:])
+                                                        let prior = UsageSnapshot(
+                                                            primary: RateWindow(
+                                                                usedPercent: 12,
+                                                                windowMinutes: 300,
+                                                                resetsAt: resetDate,
+                                                                resetDescription: "old reset"),
+                                                            secondary: nil,
+                                                            updatedAt: Date(timeIntervalSince1970: 1_800_000_000),
+                                                            identity: nil)
+                                                        store._setSnapshotForTesting(prior, provider: .claude)
+                                                        store.lastKnownResetSnapshots[.claude] = prior
+
+                                                        let baseSpec = try #require(store.providerSpecs[.claude])
+                                                        let descriptor = ProviderDescriptor(
+                                                            id: .claude,
+                                                            metadata: baseSpec.descriptor.metadata,
+                                                            branding: baseSpec.descriptor.branding,
+                                                            tokenCost: baseSpec.descriptor.tokenCost,
+                                                            fetchPlan: ProviderFetchPlan(
+                                                                sourceModes: [.cli],
+                                                                pipeline: ProviderFetchPipeline { _ in
+                                                                    [SuccessfulFetchStrategy()]
+                                                                }),
+                                                            cli: baseSpec.descriptor.cli)
+                                                        store.providerSpecs[.claude] = ProviderSpec(
+                                                            style: baseSpec.style,
+                                                            isEnabled: baseSpec.isEnabled,
+                                                            descriptor: descriptor,
+                                                            makeFetchContext: baseSpec.makeFetchContext)
+                                                        return store
+                                                    }
+
+                                                    await store.refreshProvider(.claude)
+                                                    let firstReset = await MainActor.run {
+                                                        store.snapshot(for: .claude)?.primary?.resetsAt
+                                                    }
+                                                    #expect(firstReset == nil)
+                                                    #expect(fingerprintStore.fingerprint == currentFingerprint)
+
+                                                    await MainActor.run {
+                                                        let seed = UsageSnapshot(
+                                                            primary: RateWindow(
+                                                                usedPercent: 10,
+                                                                windowMinutes: 300,
+                                                                resetsAt: resetDate,
+                                                                resetDescription: "fresh reset"),
+                                                            secondary: nil,
+                                                            updatedAt: Date(timeIntervalSince1970: 1_800_000_050),
+                                                            identity: nil)
+                                                        store.lastKnownResetSnapshots[.claude] = seed
+                                                    }
+
+                                                    await store.refreshProvider(.claude)
+                                                    let secondReset = await MainActor.run {
+                                                        store.snapshot(for: .claude)?.primary?.resetsAt
+                                                    }
+
+                                                    #expect(secondReset == resetDate)
+                                                }
+                                        }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    @Test
+    func `credentials change before fetch clears stale reset backfill`() async throws {
+        try await KeychainCacheStore.withServiceOverrideForTesting("com.steipete.codexbar.cache.tests.\(UUID())") {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+            try await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                let tempDir = FileManager.default.temporaryDirectory
+                    .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+                let fileURL = tempDir.appendingPathComponent("credentials.json")
+                try Data("{\"old\":true}".utf8).write(to: fileURL)
+
+                try await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                    #expect(ClaudeOAuthCredentialsStore.invalidateCacheIfCredentialsFileChanged())
+                    try Data("{\"new\":true,\"version\":2}".utf8).write(to: fileURL)
+
+                    let store = try await MainActor.run {
+                        let settings = Self.makeSettingsStore(suite: "ClaudeResilienceTests-prefetch-auth-change")
+                        settings.refreshFrequency = .manual
+                        settings.statusChecksEnabled = false
+                        settings.claudeUsageDataSource = .cli
+
+                        let metadata = ProviderRegistry.shared.metadata
+                        for provider in UsageProvider.allCases {
+                            try settings.setProviderEnabled(
+                                provider: provider,
+                                metadata: #require(metadata[provider]),
+                                enabled: provider == .claude)
+                        }
+
+                        let store = UsageStore(
+                            fetcher: UsageFetcher(environment: [:]),
+                            browserDetection: BrowserDetection(cacheTTL: 0),
+                            settings: settings,
+                            startupBehavior: .testing,
+                            environmentBase: [:])
+                        let prior = UsageSnapshot(
+                            primary: RateWindow(
+                                usedPercent: 12,
+                                windowMinutes: 300,
+                                resetsAt: Date(timeIntervalSince1970: 1_900_000_000),
+                                resetDescription: "old reset"),
+                            secondary: nil,
+                            updatedAt: Date(timeIntervalSince1970: 1_800_000_000),
+                            identity: nil)
+                        store._setSnapshotForTesting(prior, provider: .claude)
+                        store.lastKnownResetSnapshots[.claude] = prior
+
+                        let baseSpec = try #require(store.providerSpecs[.claude])
+                        let descriptor = ProviderDescriptor(
+                            id: .claude,
+                            metadata: baseSpec.descriptor.metadata,
+                            branding: baseSpec.descriptor.branding,
+                            tokenCost: baseSpec.descriptor.tokenCost,
+                            fetchPlan: ProviderFetchPlan(
+                                sourceModes: [.cli],
+                                pipeline: ProviderFetchPipeline { _ in [SuccessfulFetchStrategy()] }),
+                            cli: baseSpec.descriptor.cli)
+                        store.providerSpecs[.claude] = ProviderSpec(
+                            style: baseSpec.style,
+                            isEnabled: baseSpec.isEnabled,
+                            descriptor: descriptor,
+                            makeFetchContext: baseSpec.makeFetchContext)
+                        return store
+                    }
+
+                    await store.refreshProvider(.claude)
+                    let reset = await MainActor.run {
+                        store.snapshot(for: .claude)?.primary?.resetsAt
+                    }
+
+                    #expect(reset == nil)
+                }
+            }
+        }
+    }
+
+    @Test
+    func `credentials change during successful Claude fetch applies fresh snapshot without stale reset`() async throws {
+        try await KeychainCacheStore.withServiceOverrideForTesting("com.steipete.codexbar.cache.tests.\(UUID())") {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+            try await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                let tempDir = FileManager.default.temporaryDirectory
+                    .appendingPathComponent(UUID().uuidString, isDirectory: true)
+                try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+                let fileURL = tempDir.appendingPathComponent("credentials.json")
+                try Data("{\"old\":true}".utf8).write(to: fileURL)
+
+                try await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(fileURL) {
+                    #expect(ClaudeOAuthCredentialsStore.invalidateCacheIfCredentialsFileChanged())
+
+                    let store = try await MainActor.run {
+                        let settings = Self.makeSettingsStore(suite: "ClaudeResilienceTests-midfetch-auth-change")
+                        settings.refreshFrequency = .manual
+                        settings.statusChecksEnabled = false
+                        settings.claudeUsageDataSource = .cli
+
+                        let metadata = ProviderRegistry.shared.metadata
+                        for provider in UsageProvider.allCases {
+                            try settings.setProviderEnabled(
+                                provider: provider,
+                                metadata: #require(metadata[provider]),
+                                enabled: provider == .claude)
+                        }
+
+                        let store = UsageStore(
+                            fetcher: UsageFetcher(environment: [:]),
+                            browserDetection: BrowserDetection(cacheTTL: 0),
+                            settings: settings,
+                            startupBehavior: .testing,
+                            environmentBase: [:])
+                        let prior = UsageSnapshot(
+                            primary: RateWindow(
+                                usedPercent: 12,
+                                windowMinutes: 300,
+                                resetsAt: Date(timeIntervalSince1970: 1_900_000_000),
+                                resetDescription: "old reset"),
+                            secondary: nil,
+                            updatedAt: Date(timeIntervalSince1970: 1_800_000_000),
+                            identity: ProviderIdentitySnapshot(
+                                providerID: .claude,
+                                accountEmail: "old@example.com",
+                                accountOrganization: nil,
+                                loginMethod: "Pro"))
+                        store._setSnapshotForTesting(prior, provider: .claude)
+                        store.lastKnownResetSnapshots[.claude] = prior
+
+                        let baseSpec = try #require(store.providerSpecs[.claude])
+                        let descriptor = ProviderDescriptor(
+                            id: .claude,
+                            metadata: baseSpec.descriptor.metadata,
+                            branding: baseSpec.descriptor.branding,
+                            tokenCost: baseSpec.descriptor.tokenCost,
+                            fetchPlan: ProviderFetchPlan(
+                                sourceModes: [.cli],
+                                pipeline: ProviderFetchPipeline { _ in
+                                    [SuccessfulCredentialSwapFetchStrategy(credentialsFileURL: fileURL)]
+                                }),
+                            cli: baseSpec.descriptor.cli)
+                        store.providerSpecs[.claude] = ProviderSpec(
+                            style: baseSpec.style,
+                            isEnabled: baseSpec.isEnabled,
+                            descriptor: descriptor,
+                            makeFetchContext: baseSpec.makeFetchContext)
+                        return store
+                    }
+
+                    await store.refreshProvider(.claude)
+                    let result = await MainActor.run {
+                        (
+                            hasSnapshot: store.snapshot(for: .claude) != nil,
+                            hasError: store.error(for: .claude) != nil,
+                            reset: store.lastKnownResetSnapshots[.claude]?.primary?.resetsAt)
+                    }
+
+                    #expect(result.hasSnapshot)
+                    #expect(!result.hasError)
+                    #expect(result.reset == nil)
+                }
+            }
+        }
+    }
+
+    @MainActor
+    private static func makeSettingsStore(suite: String) -> SettingsStore {
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore(),
+            codexCookieStore: InMemoryCookieHeaderStore(),
+            claudeCookieStore: InMemoryCookieHeaderStore(),
+            cursorCookieStore: InMemoryCookieHeaderStore(),
+            opencodeCookieStore: InMemoryCookieHeaderStore(),
+            factoryCookieStore: InMemoryCookieHeaderStore(),
+            minimaxCookieStore: InMemoryMiniMaxCookieStore(),
+            minimaxAPITokenStore: InMemoryMiniMaxAPITokenStore(),
+            kimiTokenStore: InMemoryKimiTokenStore(),
+            kimiK2TokenStore: InMemoryKimiK2TokenStore(),
+            augmentCookieStore: InMemoryCookieHeaderStore(),
+            ampCookieStore: InMemoryCookieHeaderStore(),
+            copilotTokenStore: InMemoryCopilotTokenStore(),
+            tokenAccountStore: InMemoryTokenAccountStore())
+        settings.providerDetectionCompleted = true
+        return settings
+    }
+}
+
+private struct TimeoutFetchStrategy: ProviderFetchStrategy {
+    let id = "test.timeout"
+    let kind: ProviderFetchKind = .cli
+
+    func isAvailable(_: ProviderFetchContext) async -> Bool {
+        true
+    }
+
+    func fetch(_: ProviderFetchContext) async throws -> ProviderFetchResult {
+        throw ClaudeStatusProbeError.timedOut
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+}
+
+private struct NetworkLostFetchStrategy: ProviderFetchStrategy {
+    let id = "test.network-lost"
+    let kind: ProviderFetchKind = .cli
+
+    func isAvailable(_: ProviderFetchContext) async -> Bool {
+        true
+    }
+
+    func fetch(_: ProviderFetchContext) async throws -> ProviderFetchResult {
+        throw URLError(.networkConnectionLost)
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+}
+
+private struct AuthFailureFetchStrategy: ProviderFetchStrategy {
+    let id = "test.auth-failure"
+    let kind: ProviderFetchKind = .cli
+    let credentialsFileURL: URL
+
+    func isAvailable(_: ProviderFetchContext) async -> Bool {
+        true
+    }
+
+    func fetch(_: ProviderFetchContext) async throws -> ProviderFetchResult {
+        try Data("{\"updated\":true}".utf8).write(to: self.credentialsFileURL)
+        _ = ClaudeOAuthCredentialsStore.invalidateCacheIfCredentialsFileChanged()
+        throw ClaudeUsageError.oauthFailed("Claude auth failed.")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+}
+
+private struct TransientFailureAfterCredentialSwapFetchStrategy: ProviderFetchStrategy {
+    let id = "test.transient-credential-swap"
+    let kind: ProviderFetchKind = .cli
+    let credentialsFileURL: URL
+
+    func isAvailable(_: ProviderFetchContext) async -> Bool {
+        true
+    }
+
+    func fetch(_: ProviderFetchContext) async throws -> ProviderFetchResult {
+        try Data("{\"updated\":true}".utf8).write(to: self.credentialsFileURL)
+        throw ClaudeStatusProbeError.timedOut
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+}
+
+private struct SuccessfulCredentialSwapFetchStrategy: ProviderFetchStrategy {
+    let id = "test.successful-credential-swap"
+    let kind: ProviderFetchKind = .cli
+    let credentialsFileURL: URL
+
+    func isAvailable(_: ProviderFetchContext) async -> Bool {
+        true
+    }
+
+    func fetch(_: ProviderFetchContext) async throws -> ProviderFetchResult {
+        try Data("{\"updated\":true}".utf8).write(to: self.credentialsFileURL)
+        return self.makeResult(
+            usage: UsageSnapshot(
+                primary: RateWindow(
+                    usedPercent: 20,
+                    windowMinutes: 300,
+                    resetsAt: nil,
+                    resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date(timeIntervalSince1970: 1_800_000_100),
+                identity: nil),
+            sourceLabel: "CLI")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+}
+
+private struct SuccessfulFetchStrategy: ProviderFetchStrategy {
+    let id = "test.successful"
+    let kind: ProviderFetchKind = .cli
+
+    func isAvailable(_: ProviderFetchContext) async -> Bool {
+        true
+    }
+
+    func fetch(_: ProviderFetchContext) async throws -> ProviderFetchResult {
+        self.makeResult(
+            usage: UsageSnapshot(
+                primary: RateWindow(
+                    usedPercent: 20,
+                    windowMinutes: 300,
+                    resetsAt: nil,
+                    resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date(timeIntervalSince1970: 1_800_000_100),
+                identity: nil),
+            sourceLabel: "CLI")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
 }
diff --git a/Tests/CodexBarTests/ClaudeSourcePlannerTests.swift b/Tests/CodexBarTests/ClaudeSourcePlannerTests.swift
new file mode 100644
index 000000000..c06851e1f
--- /dev/null
+++ b/Tests/CodexBarTests/ClaudeSourcePlannerTests.swift
@@ -0,0 +1,118 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct ClaudeSourcePlannerTests {
+    @Test
+    func `app auto plan preserves ordered steps and reasons`() {
+        let plan = ClaudeSourcePlanner.resolve(input: ClaudeSourcePlanningInput(
+            runtime: .app,
+            selectedDataSource: .auto,
+            webExtrasEnabled: false,
+            hasWebSession: true,
+            hasCLI: true,
+            hasOAuthCredentials: true))
+
+        #expect(plan.orderedSteps.map(\.dataSource) == [.oauth, .cli, .web])
+        #expect(plan.orderedSteps.map(\.inclusionReason) == [
+            .appAutoPreferredOAuth,
+            .appAutoFallbackCLI,
+            .appAutoFallbackWeb,
+        ])
+        #expect(plan.availableSteps.map(\.dataSource) == [.oauth, .cli, .web])
+        #expect(plan.preferredStep?.dataSource == .oauth)
+    }
+
+    @Test
+    func `CLI auto plan preserves ordered steps and reasons`() {
+        let plan = ClaudeSourcePlanner.resolve(input: ClaudeSourcePlanningInput(
+            runtime: .cli,
+            selectedDataSource: .auto,
+            webExtrasEnabled: false,
+            hasWebSession: true,
+            hasCLI: true,
+            hasOAuthCredentials: false))
+
+        #expect(plan.orderedSteps.map(\.dataSource) == [.web, .cli])
+        #expect(plan.orderedSteps.map(\.inclusionReason) == [
+            .cliAutoPreferredWeb,
+            .cliAutoFallbackCLI,
+        ])
+        #expect(plan.preferredStep?.dataSource == .web)
+    }
+
+    @Test
+    func `explicit mode plan is single step`() {
+        let plan = ClaudeSourcePlanner.resolve(input: ClaudeSourcePlanningInput(
+            runtime: .app,
+            selectedDataSource: .cli,
+            webExtrasEnabled: true,
+            hasWebSession: false,
+            hasCLI: true,
+            hasOAuthCredentials: false))
+
+        #expect(plan.orderedSteps.count == 1)
+        #expect(plan.orderedSteps.first?.dataSource == .cli)
+        #expect(plan.orderedSteps.first?.inclusionReason == .explicitSourceSelection)
+        #expect(plan.compatibilityStrategy == ClaudeUsageStrategy(dataSource: .cli, useWebExtras: true))
+    }
+
+    @Test
+    func `app auto CLI fallback reports web extras like runtime`() {
+        let plan = ClaudeSourcePlanner.resolve(input: ClaudeSourcePlanningInput(
+            runtime: .app,
+            selectedDataSource: .auto,
+            webExtrasEnabled: true,
+            hasWebSession: false,
+            hasCLI: true,
+            hasOAuthCredentials: false))
+
+        #expect(plan.preferredStep?.dataSource == .cli)
+        #expect(plan.compatibilityStrategy == ClaudeUsageStrategy(dataSource: .cli, useWebExtras: true))
+    }
+
+    @Test
+    func `no source planner output is deterministic`() {
+        let input = ClaudeSourcePlanningInput(
+            runtime: .app,
+            selectedDataSource: .auto,
+            webExtrasEnabled: false,
+            hasWebSession: false,
+            hasCLI: false,
+            hasOAuthCredentials: false)
+        let plan = ClaudeSourcePlanner.resolve(input: input)
+
+        #expect(plan.orderedSteps.map(\.dataSource) == [.oauth, .cli, .web])
+        #expect(plan.availableSteps.isEmpty)
+        #expect(plan.isNoSourceAvailable)
+        #expect(plan.preferredStep == nil)
+        #expect(plan.executionSteps.isEmpty)
+        #expect(plan.debugLines() == [
+            "planner_order=oauth→cli→web",
+            "planner_selected=none",
+            "planner_no_source=true",
+            "planner_step.oauth=unavailable reason=app-auto-preferred-oauth",
+            "planner_step.cli=unavailable reason=app-auto-fallback-cli",
+            "planner_step.web=unavailable reason=app-auto-fallback-web",
+        ])
+    }
+
+    @Test
+    func `CLI resolver falls back to PATH when Claude CLI path override is invalid`() throws {
+        let tempDir = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+        let binaryURL = tempDir.appendingPathComponent("claude")
+        try Data("#!/bin/sh\nexit 0\n".utf8).write(to: binaryURL)
+        try FileManager.default.setAttributes([.posixPermissions: 0o755], ofItemAtPath: binaryURL.path)
+
+        let resolved = ClaudeCLIResolver.resolvedBinaryPath(
+            environment: [
+                "CLAUDE_CLI_PATH": "/definitely/missing/claude",
+                "PATH": tempDir.path,
+            ],
+            loginPATH: nil)
+
+        #expect(resolved == binaryURL.path)
+    }
+}
diff --git a/Tests/CodexBarTests/ClaudeUsageDelegatedRefreshEnvironmentTests.swift b/Tests/CodexBarTests/ClaudeUsageDelegatedRefreshEnvironmentTests.swift
new file mode 100644
index 000000000..06cb71eba
--- /dev/null
+++ b/Tests/CodexBarTests/ClaudeUsageDelegatedRefreshEnvironmentTests.swift
@@ -0,0 +1,53 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct ClaudeUsageDelegatedRefreshEnvironmentTests {
+    @Test
+    func `oauth delegated retry passes fetcher environment to delegated refresh`() async throws {
+        let fetcher = ClaudeUsageFetcher(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            environment: ["CLAUDE_CLI_PATH": "/tmp/rat110-env-claude"],
+            dataSource: .oauth,
+            oauthKeychainPromptCooldownEnabled: true)
+
+        let delegatedOverride: (@Sendable (Date, TimeInterval, [String: String]) async
+            -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _, environment in
+            #expect(environment["CLAUDE_CLI_PATH"] == "/tmp/rat110-env-claude")
+            return .cliUnavailable
+        }
+        let loadCredsOverride: (@Sendable (
+            [String: String],
+            Bool,
+            Bool) async throws -> ClaudeOAuthCredentials)? = { _, _, _ in
+            throw ClaudeOAuthCredentialsError.refreshDelegatedToClaudeCLI
+        }
+
+        do {
+            _ = try await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.onlyOnUserAction) {
+                try await ProviderInteractionContext.$current.withValue(.userInitiated) {
+                    try await ClaudeUsageFetcher.$delegatedRefreshAttemptOverride.withValue(
+                        delegatedOverride,
+                        operation: {
+                            try await ClaudeUsageFetcher.$loadOAuthCredentialsOverride.withValue(
+                                loadCredsOverride,
+                                operation: {
+                                    try await ClaudeUsageFetcher.$hasCachedCredentialsOverride.withValue(
+                                        false,
+                                        operation: {
+                                            try await fetcher.loadLatestUsage(model: "sonnet")
+                                        })
+                                })
+                        })
+                }
+            }
+            Issue.record("Expected delegated retry to fail when the override reports CLI unavailable")
+        } catch let error as ClaudeUsageError {
+            guard case let .oauthFailed(message) = error else {
+                Issue.record("Expected ClaudeUsageError.oauthFailed, got \(error)")
+                return
+            }
+            #expect(message.contains("Claude CLI is not available"))
+        }
+    }
+}
diff --git a/Tests/CodexBarTests/ClaudeUsageTests.swift b/Tests/CodexBarTests/ClaudeUsageTests.swift
index 9e42e9e61..b52ed973d 100644
--- a/Tests/CodexBarTests/ClaudeUsageTests.swift
+++ b/Tests/CodexBarTests/ClaudeUsageTests.swift
@@ -3,7 +3,6 @@ import Testing
 @testable import CodexBar
 @testable import CodexBarCore
 
-@Suite
 struct ClaudeUsageTests {
     private actor AsyncCounter {
         private var value = 0
@@ -29,7 +28,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func parsesUsageJSONWithSonnetLimit() {
+    func `parses usage JSON with sonnet limit`() {
         let json = """
         {
           "ok": true,
@@ -42,12 +41,14 @@ struct ClaudeUsageTests {
         let snap = ClaudeUsageFetcher.parse(json: data)
         #expect(snap != nil)
         #expect(snap?.primary.usedPercent == 1)
+        #expect(snap?.primary.windowMinutes == 300)
         #expect(snap?.secondary?.usedPercent == 8)
+        #expect(snap?.secondary?.windowMinutes == 10080)
         #expect(snap?.primary.resetDescription == "11am (Europe/Vienna)")
     }
 
     @Test
-    func oauthDelegatedRetry_retriesOnce_thenSucceeds() async throws {
+    func `oauth delegated retry retries once then succeeds`() async throws {
         let loadCounter = AsyncCounter()
         let delegatedCounter = AsyncCounter()
         let usageResponse = try Self.makeOAuthUsageResponse()
@@ -60,7 +61,8 @@ struct ClaudeUsageTests {
         let fetchOverride: (@Sendable (String) async throws -> OAuthUsageResponse)? = { _ in usageResponse }
         let delegatedOverride: (@Sendable (
             Date,
-            TimeInterval) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _ in
+            TimeInterval,
+            [String: String]) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _, _ in
             _ = await delegatedCounter.increment()
             return .attemptedSucceeded
         }
@@ -102,7 +104,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func oauthDelegatedRetry_secondAttemptStillExpired_failsCleanly() async throws {
+    func `oauth delegated retry second attempt still expired fails cleanly`() async throws {
         let loadCounter = AsyncCounter()
         let delegatedCounter = AsyncCounter()
         let fetcher = ClaudeUsageFetcher(
@@ -114,7 +116,8 @@ struct ClaudeUsageTests {
         do {
             let delegatedOverride: (@Sendable (
                 Date,
-                TimeInterval) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _ in
+                TimeInterval,
+                [String: String]) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _, _ in
                 _ = await delegatedCounter.increment()
                 return .attemptedSucceeded
             }
@@ -155,7 +158,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func oauthDelegatedRetry_autoMode_cliUnavailable_failsFast() async throws {
+    func `oauth delegated retry auto mode cli unavailable fails fast`() async throws {
         let loadCounter = AsyncCounter()
         let delegatedCounter = AsyncCounter()
 
@@ -165,8 +168,8 @@ struct ClaudeUsageTests {
             dataSource: .oauth,
             oauthKeychainPromptCooldownEnabled: true)
 
-        let delegatedOverride: (@Sendable (Date, TimeInterval) async -> ClaudeOAuthDelegatedRefreshCoordinator
-            .Outcome)? = { _, _ in
+        let delegatedOverride: (@Sendable (Date, TimeInterval, [String: String]) async
+            -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _, _ in
             _ = await delegatedCounter.increment()
             return .cliUnavailable
         }
@@ -209,7 +212,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func oauthDelegatedRetry_autoMode_attemptedFailed_thenNonInteractiveReloadSucceeds() async throws {
+    func `oauth delegated retry auto mode attempted failed then non interactive reload succeeds`() async throws {
         let loadCounter = AsyncCounter()
         let delegatedCounter = AsyncCounter()
         let usageResponse = try Self.makeOAuthUsageResponse()
@@ -226,8 +229,8 @@ struct ClaudeUsageTests {
             oauthKeychainPromptCooldownEnabled: true)
 
         let fetchOverride: (@Sendable (String) async throws -> OAuthUsageResponse)? = { _ in usageResponse }
-        let delegatedOverride: (@Sendable (Date, TimeInterval) async -> ClaudeOAuthDelegatedRefreshCoordinator
-            .Outcome)? = { _, _ in
+        let delegatedOverride: (@Sendable (Date, TimeInterval, [String: String]) async
+            -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _, _ in
             _ = await delegatedCounter.increment()
             return .attemptedFailed("no-change")
         }
@@ -274,7 +277,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func oauthDelegatedRetry_onlyOnUserAction_background_suppressesDelegation() async throws {
+    func `oauth delegated retry only on user action background suppresses delegation`() async throws {
         let loadCounter = AsyncCounter()
         let delegatedCounter = AsyncCounter()
 
@@ -286,7 +289,8 @@ struct ClaudeUsageTests {
 
         let delegatedOverride: (@Sendable (
             Date,
-            TimeInterval) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _ in
+            TimeInterval,
+            [String: String]) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _, _ in
             _ = await delegatedCounter.increment()
             return .attemptedSucceeded
         }
@@ -299,17 +303,23 @@ struct ClaudeUsageTests {
         }
 
         do {
-            _ = try await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(.securityFramework) {
-                try await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.onlyOnUserAction) {
-                    try await ProviderInteractionContext.$current.withValue(.background) {
-                        try await ClaudeUsageFetcher.$delegatedRefreshAttemptOverride.withValue(delegatedOverride) {
-                            try await ClaudeUsageFetcher.$loadOAuthCredentialsOverride.withValue(loadCredsOverride) {
-                                try await fetcher.loadLatestUsage(model: "sonnet")
+            _ = try await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
+                .securityFramework,
+                operation: {
+                    try await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.onlyOnUserAction) {
+                        try await ProviderInteractionContext.$current.withValue(.background) {
+                            try await ClaudeUsageFetcher.$delegatedRefreshAttemptOverride.withValue(
+                                delegatedOverride)
+                            {
+                                try await ClaudeUsageFetcher.$loadOAuthCredentialsOverride.withValue(
+                                    loadCredsOverride)
+                                {
+                                    try await fetcher.loadLatestUsage(model: "sonnet")
+                                }
                             }
                         }
                     }
-                }
-            }
+                })
             Issue.record("Expected delegated refresh to be suppressed in background")
         } catch let error as ClaudeUsageError {
             guard case let .oauthFailed(message) = error else {
@@ -326,7 +336,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func oauthDelegatedRetry_never_background_suppressesDelegationEvenForCLI() async throws {
+    func `oauth delegated retry never background suppresses delegation even for CLI`() async throws {
         let loadCounter = AsyncCounter()
         let delegatedCounter = AsyncCounter()
 
@@ -339,7 +349,8 @@ struct ClaudeUsageTests {
 
         let delegatedOverride: (@Sendable (
             Date,
-            TimeInterval) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _ in
+            TimeInterval,
+            [String: String]) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _, _ in
             _ = await delegatedCounter.increment()
             return .attemptedSucceeded
         }
@@ -352,17 +363,23 @@ struct ClaudeUsageTests {
         }
 
         do {
-            _ = try await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(.securityFramework) {
-                try await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.never) {
-                    try await ProviderInteractionContext.$current.withValue(.background) {
-                        try await ClaudeUsageFetcher.$delegatedRefreshAttemptOverride.withValue(delegatedOverride) {
-                            try await ClaudeUsageFetcher.$loadOAuthCredentialsOverride.withValue(loadCredsOverride) {
-                                try await fetcher.loadLatestUsage(model: "sonnet")
+            _ = try await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
+                .securityFramework,
+                operation: {
+                    try await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.never) {
+                        try await ProviderInteractionContext.$current.withValue(.background) {
+                            try await ClaudeUsageFetcher.$delegatedRefreshAttemptOverride.withValue(
+                                delegatedOverride)
+                            {
+                                try await ClaudeUsageFetcher.$loadOAuthCredentialsOverride.withValue(
+                                    loadCredsOverride)
+                                {
+                                    try await fetcher.loadLatestUsage(model: "sonnet")
+                                }
                             }
                         }
                     }
-                }
-            }
+                })
             Issue.record("Expected delegated refresh to be suppressed for prompt policy 'never'")
         } catch let error as ClaudeUsageError {
             guard case let .oauthFailed(message) = error else {
@@ -379,9 +396,10 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func oauthBootstrap_onlyOnUserAction_background_startup_allowsInteractiveReadWhenNoCache() async throws {
+    func `oauth bootstrap only on user action background startup allows interactive read when no cache`() async throws {
         final class FlagBox: @unchecked Sendable {
             var allowKeychainPromptFlags: [Bool] = []
+            var allowBackgroundPromptBootstrapFlags: [Bool] = []
         }
 
         let flags = FlagBox()
@@ -399,6 +417,7 @@ struct ClaudeUsageTests {
             Bool,
             Bool) async throws -> ClaudeOAuthCredentials)? = { _, allowKeychainPrompt, _ in
             flags.allowKeychainPromptFlags.append(allowKeychainPrompt)
+            flags.allowBackgroundPromptBootstrapFlags.append(ClaudeOAuthCredentialsStore.allowBackgroundPromptBootstrap)
             return ClaudeOAuthCredentials(
                 accessToken: "fresh-token",
                 refreshToken: "refresh-token",
@@ -422,11 +441,12 @@ struct ClaudeUsageTests {
         }
 
         #expect(flags.allowKeychainPromptFlags == [true])
+        #expect(flags.allowBackgroundPromptBootstrapFlags == [true])
         #expect(snapshot.primary.usedPercent == 7)
     }
 
     @Test
-    func oauthDelegatedRetry_onlyOnUserAction_background_allowsDelegationForCLI() async throws {
+    func `oauth delegated retry only on user action background allows delegation for CLI`() async throws {
         let loadCounter = AsyncCounter()
         let delegatedCounter = AsyncCounter()
         let usageResponse = try Self.makeOAuthUsageResponse()
@@ -446,7 +466,8 @@ struct ClaudeUsageTests {
         let fetchOverride: (@Sendable (String) async throws -> OAuthUsageResponse)? = { _ in usageResponse }
         let delegatedOverride: (@Sendable (
             Date,
-            TimeInterval) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _ in
+            TimeInterval,
+            [String: String]) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _, _ in
             _ = await delegatedCounter.increment()
             return .attemptedSucceeded
         }
@@ -467,16 +488,12 @@ struct ClaudeUsageTests {
                 rateLimitTier: nil)
         }
 
-        let snapshot = try await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-            .securityFramework)
-        {
-            try await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.onlyOnUserAction) {
-                try await ProviderInteractionContext.$current.withValue(.background) {
-                    try await ClaudeUsageFetcher.$fetchOAuthUsageOverride.withValue(fetchOverride) {
-                        try await ClaudeUsageFetcher.$delegatedRefreshAttemptOverride.withValue(delegatedOverride) {
-                            try await ClaudeUsageFetcher.$loadOAuthCredentialsOverride.withValue(loadCredsOverride) {
-                                try await fetcher.loadLatestUsage(model: "sonnet")
-                            }
+        let snapshot = try await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.onlyOnUserAction) {
+            try await ProviderInteractionContext.$current.withValue(.background) {
+                try await ClaudeUsageFetcher.$fetchOAuthUsageOverride.withValue(fetchOverride) {
+                    try await ClaudeUsageFetcher.$delegatedRefreshAttemptOverride.withValue(delegatedOverride) {
+                        try await ClaudeUsageFetcher.$loadOAuthCredentialsOverride.withValue(loadCredsOverride) {
+                            try await fetcher.loadLatestUsage(model: "sonnet")
                         }
                     }
                 }
@@ -490,7 +507,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func parsesUsageJSONWhenWeeklyMissing() {
+    func `parses usage JSON when weekly missing`() {
         let json = """
         {
           "ok": true,
@@ -505,7 +522,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func parsesLegacyOpusAndAccount() {
+    func `parses legacy opus and account`() {
         let json = """
         {
           "ok": true,
@@ -519,13 +536,14 @@ struct ClaudeUsageTests {
         let data = Data(json.utf8)
         let snap = ClaudeUsageFetcher.parse(json: data)
         #expect(snap?.opus?.usedPercent == 0)
+        #expect(snap?.opus?.windowMinutes == 10080)
         #expect(snap?.opus?.resetDescription?.isEmpty == true)
         #expect(snap?.accountEmail == "steipete@gmail.com")
         #expect(snap?.accountOrganization == nil)
     }
 
     @Test
-    func parsesUsageJSONWhenOnlySonnetLimitIsPresent() {
+    func `parses usage JSON when only sonnet limit is present`() {
         let json = """
         {
           "ok": true,
@@ -542,7 +560,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func trimsAccountFields() throws {
+    func `trims account fields`() throws {
         let cases: [[String: String?]] = [
             ["email": " steipete@gmail.com ", "org": "  Org  "],
             ["email": "", "org": " Claude Max Account "],
@@ -571,7 +589,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func liveClaudeFetchPTY() async throws {
+    func `live claude fetch PTY`() async throws {
         guard ProcessInfo.processInfo.environment["LIVE_CLAUDE_FETCH"] == "1" else {
             return
         }
@@ -628,7 +646,7 @@ struct ClaudeUsageTests {
     // MARK: - Web API tests
 
     @Test
-    func liveClaudeFetchWebAPI() async throws {
+    func `live claude fetch web API`() async throws {
         // Set LIVE_CLAUDE_WEB_FETCH=1 to run this test with real browser cookies
         guard ProcessInfo.processInfo.environment["LIVE_CLAUDE_WEB_FETCH"] == "1" else {
             return
@@ -649,7 +667,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func claudeWebAPIHasSessionKeyCheck() {
+    func `claude web API has session key check`() {
         // Quick check that hasSessionKey returns a boolean (doesn't crash)
         let hasKey = ClaudeWebAPIFetcher.hasSessionKey(browserDetection: BrowserDetection(cacheTTL: 0))
         // We can't assert the value since it depends on the test environment
@@ -657,7 +675,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func parsesClaudeWebAPIUsageResponse() throws {
+    func `parses claude web API usage response`() throws {
         let json = """
         {
           "five_hour": { "utilization": 9, "resets_at": "2025-12-23T16:00:00.000Z" },
@@ -675,7 +693,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func parsesClaudeWebAPIUsageResponseWhenWeeklyMissing() throws {
+    func `parses claude web API usage response when weekly missing`() throws {
         let json = """
         {
           "five_hour": { "utilization": 9, "resets_at": "2025-12-23T16:00:00.000Z" }
@@ -688,7 +706,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func parsesClaudeWebAPIOverageSpendLimit() {
+    func `parses claude web API overage spend limit`() {
         let json = """
         {
           "monthly_credit_limit": 2000,
@@ -703,11 +721,11 @@ struct ClaudeUsageTests {
         #expect(cost?.currencyCode == "EUR")
         #expect(cost?.limit == 20)
         #expect(cost?.used == 0)
-        #expect(cost?.period == "Monthly")
+        #expect(cost?.period == "Monthly cap")
     }
 
     @Test
-    func parsesClaudeWebAPIOverageSpendLimitCents() {
+    func `parses claude web API overage spend limit cents`() {
         let json = """
         {
           "monthly_credit_limit": 12345,
@@ -724,7 +742,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func parsesClaudeWebAPIOrganizationsResponse() throws {
+    func `parses claude web API organizations response`() throws {
         let json = """
         [
           { "uuid": "org-123", "name": "Example Org", "capabilities": [] }
@@ -737,7 +755,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func parsesClaudeWebAPIOrganizationsPrefersChatCapabilityOverApiOnly() throws {
+    func `parses claude web API organizations prefers chat capability over api only`() throws {
         let json = """
         [
           { "uuid": "org-api", "name": "API Org", "capabilities": ["api"] },
@@ -751,7 +769,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func parsesClaudeWebAPIOrganizationsPrefersHybridChatOrg() throws {
+    func `parses claude web API organizations prefers hybrid chat org`() throws {
         let json = """
         [
           { "uuid": "org-api", "name": "API Org", "capabilities": ["api"] },
@@ -765,7 +783,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func parsesClaudeWebAPIAccountInfo() {
+    func `parses claude web API account info`() {
         let json = """
         {
           "email_address": "steipete@gmail.com",
@@ -788,7 +806,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func parsesClaudeWebAPIAccountInfoSelectsMatchingOrg() {
+    func `parses claude web API account info selects matching org`() {
         let json = """
         {
           "email_address": "steipete@gmail.com",
@@ -818,7 +836,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func parsesClaudeWebAPIAccountInfoFallsBackToFirstMembership() {
+    func `parses claude web API account info falls back to first membership`() {
         let json = """
         {
           "email_address": "steipete@gmail.com",
@@ -848,7 +866,7 @@ struct ClaudeUsageTests {
     }
 
     @Test
-    func claudeUsageFetcherInitWithDataSources() {
+    func `claude usage fetcher init with data sources`() {
         // Verify we can create fetchers with both configurations
         let browserDetection = BrowserDetection(cacheTTL: 0)
         let defaultFetcher = ClaudeUsageFetcher(browserDetection: browserDetection)
@@ -864,9 +882,530 @@ struct ClaudeUsageTests {
     }
 }
 
+struct ClaudeOAuthUsageMappingTests {
+    @Test
+    func `oauth usage falls back to weekly window when five hour is absent`() throws {
+        let json = """
+        {
+          "seven_day": { "utilization": 42, "resets_at": "2025-12-29T23:00:00.000Z" },
+          "seven_day_sonnet": { "utilization": 17, "resets_at": "2025-12-29T23:00:00.000Z" }
+        }
+        """
+        let snapshot = try ClaudeUsageFetcher._mapOAuthUsageForTesting(Data(json.utf8))
+
+        #expect(snapshot.primary.usedPercent == 42)
+        #expect(snapshot.primary.windowMinutes == 7 * 24 * 60)
+        #expect(snapshot.secondary?.usedPercent == 42)
+        #expect(snapshot.opus?.usedPercent == 17)
+    }
+
+    @Test
+    func `oauth usage falls back when five hour has no utilization`() throws {
+        let json = """
+        {
+          "five_hour": { "resets_at": "2025-12-23T16:00:00.000Z" },
+          "seven_day": { "utilization": 9, "resets_at": "2025-12-29T23:00:00.000Z" }
+        }
+        """
+        let snapshot = try ClaudeUsageFetcher._mapOAuthUsageForTesting(Data(json.utf8))
+
+        #expect(snapshot.primary.usedPercent == 9)
+        #expect(snapshot.primary.windowMinutes == 7 * 24 * 60)
+    }
+
+    @Test
+    func `oauth usage throws when no usable windows are present`() {
+        let json = "{}"
+
+        #expect(throws: ClaudeUsageError.self) {
+            try ClaudeUsageFetcher._mapOAuthUsageForTesting(Data(json.utf8))
+        }
+    }
+}
+
+@Suite(.serialized)
+struct ClaudeAutoFetcherCharacterizationTests {
+    private final class RequestLog: @unchecked Sendable {
+        private var paths: [String] = []
+        private let lock = NSLock()
+
+        func append(_ path: String) {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            self.paths.append(path)
+        }
+
+        func current() -> [String] {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            return self.paths
+        }
+    }
+
+    private final class InvocationLog: @unchecked Sendable {
+        let url: URL
+
+        init(url: URL) {
+            self.url = url
+        }
+
+        func contents() -> String {
+            (try? String(contentsOf: self.url, encoding: .utf8)) ?? ""
+        }
+    }
+
+    private static func makeOAuthUsageResponse() throws -> OAuthUsageResponse {
+        let json = """
+        {
+          "five_hour": { "utilization": 7, "resets_at": "2025-12-23T16:00:00.000Z" },
+          "seven_day": { "utilization": 21, "resets_at": "2025-12-29T23:00:00.000Z" }
+        }
+        """
+        return try ClaudeOAuthUsageFetcher._decodeUsageResponseForTesting(Data(json.utf8))
+    }
+
+    private static func makeFakeClaudeCLI(logURL: URL) throws -> URL {
+        let directory = FileManager.default.temporaryDirectory
+            .appendingPathComponent("claude-auto-\(UUID().uuidString)", isDirectory: true)
+        try FileManager.default.createDirectory(at: directory, withIntermediateDirectories: true)
+        let scriptURL = directory.appendingPathComponent("claude")
+        let script = """
+        #!/bin/sh
+        LOG_FILE='\(logURL.path)'
+        while IFS= read -r line; do
+          case "$line" in
+            *"/usage"*)
+              printf 'usage\\n' >> "$LOG_FILE"
+              cat <<'EOF'
+        Current session
+        93% left
+        Dec 23 at 4:00PM
+        Current week (all models)
+        79% left
+        Dec 29 at 11:00PM
+        EOF
+              ;;
+            *"/status"*)
+              printf 'status\\n' >> "$LOG_FILE"
+              cat <<'EOF'
+        Account: cli@example.com
+        Org: CLI Org
+        EOF
+              ;;
+          esac
+        done
+        """
+        try script.write(to: scriptURL, atomically: true, encoding: .utf8)
+        try FileManager.default.setAttributes(
+            [.posixPermissions: NSNumber(value: Int16(0o755))],
+            ofItemAtPath: scriptURL.path)
+        return scriptURL
+    }
+
+    private func withNoOAuthCredentials<T>(operation: () async throws -> T) async rethrows -> T {
+        let missingCredentialsURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("missing-claude-creds-\(UUID().uuidString).json")
+        return try await KeychainCacheStore.withServiceOverrideForTesting("rat-107-\(UUID().uuidString)") {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+            return try await ClaudeOAuthCredentialsStore.withIsolatedMemoryCacheForTesting {
+                try await ClaudeOAuthCredentialsStore.withIsolatedCredentialsFileTrackingForTesting {
+                    try await ClaudeOAuthCredentialsStore.withCredentialsURLOverrideForTesting(missingCredentialsURL) {
+                        try await ClaudeOAuthCredentialsStore.withKeychainAccessOverrideForTesting(true) {
+                            try await ClaudeOAuthCredentialsStore.withClaudeKeychainOverridesForTesting(
+                                data: nil,
+                                fingerprint: nil)
+                            {
+                                try await operation()
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    private func withClaudeWebStub<T>(
+        handler: @escaping (URLRequest) throws -> (HTTPURLResponse, Data),
+        operation: () async throws -> T) async rethrows -> T
+    {
+        let registered = URLProtocol.registerClass(ClaudeAutoFetcherStubURLProtocol.self)
+        ClaudeAutoFetcherStubURLProtocol.handler = handler
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(ClaudeAutoFetcherStubURLProtocol.self)
+            }
+            ClaudeAutoFetcherStubURLProtocol.handler = nil
+        }
+        return try await operation()
+    }
+
+    fileprivate static func makeJSONResponse(
+        url: URL,
+        body: String,
+        statusCode: Int = 200) -> (HTTPURLResponse, Data)
+    {
+        let response = HTTPURLResponse(
+            url: url,
+            statusCode: statusCode,
+            httpVersion: "HTTP/1.1",
+            headerFields: ["Content-Type": "application/json"])!
+        return (response, Data(body.utf8))
+    }
+
+    @Test
+    func `auto prefers OAuth even when web and CLI appear available`() async throws {
+        let usageResponse = try Self.makeOAuthUsageResponse()
+        let cliLogURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("claude-auto-cli-log-\(UUID().uuidString).txt")
+        let log = InvocationLog(url: cliLogURL)
+        let fakeCLI = try Self.makeFakeClaudeCLI(logURL: cliLogURL)
+        let webRequests = RequestLog()
+        let fetcher = ClaudeUsageFetcher(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            environment: [
+                ClaudeOAuthCredentialsStore.environmentTokenKey: "oauth-token",
+                ClaudeOAuthCredentialsStore.environmentScopesKey: "user:profile",
+            ],
+            runtime: .app,
+            dataSource: .auto,
+            manualCookieHeader: "sessionKey=sk-ant-session-token")
+
+        try await ClaudeCLISession.withIsolatedSessionForTesting {
+            try await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting(fakeCLI.path) {
+                try await self.withClaudeWebStub(handler: { request in
+                    webRequests.append(request.url?.path ?? "<missing>")
+                    let url = try #require(request.url)
+                    return Self.makeJSONResponse(url: url, body: "{}")
+                }, operation: {
+                    let fetchOverride: @Sendable (String) async throws -> OAuthUsageResponse = { _ in usageResponse }
+                    let snapshot = try await ClaudeUsageFetcher.$fetchOAuthUsageOverride.withValue(
+                        fetchOverride,
+                        operation: {
+                            try await fetcher.loadLatestUsage(model: "sonnet")
+                        })
+
+                    #expect(snapshot.primary.usedPercent == 7)
+                    #expect(snapshot.secondary?.usedPercent == 21)
+                    #expect(log.contents().isEmpty)
+                    let requests = webRequests.current()
+                    #expect(requests.isEmpty)
+                })
+            }
+        }
+    }
+
+    @Test
+    func `app runtime auto prefers CLI before web when OAuth unavailable`() async throws {
+        let cliLogURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("claude-auto-web-log-\(UUID().uuidString).txt")
+        let log = InvocationLog(url: cliLogURL)
+        let fakeCLI = try Self.makeFakeClaudeCLI(logURL: cliLogURL)
+        let fetcher = ClaudeUsageFetcher(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            environment: ["CLAUDE_CLI_PATH": fakeCLI.path],
+            runtime: .app,
+            dataSource: .auto,
+            manualCookieHeader: "sessionKey=sk-ant-session-token")
+
+        try await ClaudeCLISession.withIsolatedSessionForTesting {
+            try await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting(fakeCLI.path) {
+                try await self.withNoOAuthCredentials {
+                    try await self.withClaudeWebStub(handler: { request in
+                        let url = try #require(request.url)
+                        switch url.path {
+                        case "/api/organizations":
+                            return Self.makeJSONResponse(
+                                url: url,
+                                body: #"[{"uuid":"org-123","name":"Test Org","capabilities":["chat"]}]"#)
+                        case "/api/organizations/org-123/usage":
+                            let body = """
+                            {
+                              "five_hour": { "utilization": 11, "resets_at": "2025-12-23T16:00:00.000Z" },
+                              "seven_day": { "utilization": 22, "resets_at": "2025-12-29T23:00:00.000Z" },
+                              "seven_day_opus": { "utilization": 33 }
+                            }
+                            """
+                            return Self.makeJSONResponse(
+                                url: url,
+                                body: body)
+                        case "/api/account":
+                            let body = """
+                            {
+                              "email_address": "web@example.com",
+                              "memberships": [
+                                {
+                                  "organization": {
+                                    "uuid": "org-123",
+                                    "name": "Test Org",
+                                    "rate_limit_tier": "claude_max",
+                                    "billing_type": "stripe"
+                                  }
+                                }
+                              ]
+                            }
+                            """
+                            return Self.makeJSONResponse(
+                                url: url,
+                                body: body)
+                        case "/api/organizations/org-123/overage_spend_limit":
+                            let body = """
+                            {"monthly_credit_limit":5000,"currency":"USD","used_credits":1200,"is_enabled":true}
+                            """
+                            return Self.makeJSONResponse(
+                                url: url,
+                                body: body)
+                        default:
+                            return Self.makeJSONResponse(url: url, body: "{}", statusCode: 404)
+                        }
+                    }, operation: {
+                        let snapshot = try await fetcher.loadLatestUsage(model: "sonnet")
+
+                        #expect(snapshot.rawText != nil)
+                        #expect(log.contents().contains("usage"))
+                    })
+                }
+            }
+        }
+    }
+
+    @Test
+    func `CLI runtime auto prefers web before CLI when OAuth unavailable`() async throws {
+        let cliLogURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("claude-auto-cli-runtime-web-log-\(UUID().uuidString).txt")
+        let log = InvocationLog(url: cliLogURL)
+        let fakeCLI = try Self.makeFakeClaudeCLI(logURL: cliLogURL)
+        let fetcher = ClaudeUsageFetcher(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            environment: ["CLAUDE_CLI_PATH": fakeCLI.path],
+            runtime: .cli,
+            dataSource: .auto,
+            manualCookieHeader: "sessionKey=sk-ant-session-token")
+
+        try await ClaudeCLISession.withIsolatedSessionForTesting {
+            try await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting(fakeCLI.path) {
+                try await self.withNoOAuthCredentials {
+                    try await self.withClaudeWebStub(handler: { request in
+                        let url = try #require(request.url)
+                        switch url.path {
+                        case "/api/organizations":
+                            return Self.makeJSONResponse(
+                                url: url,
+                                body: #"[{"uuid":"org-123","name":"Test Org","capabilities":["chat"]}]"#)
+                        case "/api/organizations/org-123/usage":
+                            let body = """
+                            {
+                              "five_hour": { "utilization": 11, "resets_at": "2025-12-23T16:00:00.000Z" },
+                              "seven_day": { "utilization": 22, "resets_at": "2025-12-29T23:00:00.000Z" },
+                              "seven_day_opus": { "utilization": 33 }
+                            }
+                            """
+                            return Self.makeJSONResponse(url: url, body: body)
+                        case "/api/account":
+                            let body = """
+                            {
+                              "email_address": "web@example.com",
+                              "memberships": [
+                                {
+                                  "organization": {
+                                    "uuid": "org-123",
+                                    "name": "Test Org",
+                                    "rate_limit_tier": "claude_max",
+                                    "billing_type": "stripe"
+                                  }
+                                }
+                              ]
+                            }
+                            """
+                            return Self.makeJSONResponse(url: url, body: body)
+                        case "/api/organizations/org-123/overage_spend_limit":
+                            let body = """
+                            {"monthly_credit_limit":5000,"currency":"USD","used_credits":1200,"is_enabled":true}
+                            """
+                            return Self.makeJSONResponse(url: url, body: body)
+                        default:
+                            return Self.makeJSONResponse(url: url, body: "{}", statusCode: 404)
+                        }
+                    }, operation: {
+                        let snapshot = try await fetcher.loadLatestUsage(model: "sonnet")
+
+                        #expect(snapshot.primary.usedPercent == 11)
+                        #expect(snapshot.secondary?.usedPercent == 22)
+                        #expect(snapshot.opus?.usedPercent == 33)
+                        #expect(snapshot.accountEmail == "web@example.com")
+                        #expect(snapshot.loginMethod == "Claude Max")
+                        #expect(log.contents().isEmpty)
+                    })
+                }
+            }
+        }
+    }
+
+    @Test
+    func `app runtime auto fails deterministically when planner has no executable steps`() async {
+        let fetcher = ClaudeUsageFetcher(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            environment: ["CLAUDE_CLI_PATH": "/definitely/missing/claude"],
+            runtime: .app,
+            dataSource: .auto,
+            manualCookieHeader: "foo=bar")
+
+        await self.withNoOAuthCredentials {
+            await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting("/definitely/missing/claude") {
+                do {
+                    _ = try await fetcher.loadLatestUsage(model: "sonnet")
+                    Issue.record("Expected app auto no-source fetch to fail.")
+                } catch let error as ClaudeUsageError {
+                    #expect(error.localizedDescription.contains("Claude planner produced no executable steps."))
+                } catch {
+                    Issue.record("Unexpected error: \(error)")
+                }
+            }
+        }
+    }
+
+    @Test
+    func `CLI runtime auto fails deterministically when planner has no executable steps`() async {
+        let fetcher = ClaudeUsageFetcher(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            environment: ["CLAUDE_CLI_PATH": "/definitely/missing/claude"],
+            runtime: .cli,
+            dataSource: .auto,
+            manualCookieHeader: "foo=bar")
+
+        await self.withNoOAuthCredentials {
+            await ClaudeCLIResolver.withResolvedBinaryPathOverrideForTesting("/definitely/missing/claude") {
+                do {
+                    _ = try await fetcher.loadLatestUsage(model: "sonnet")
+                    Issue.record("Expected CLI auto no-source fetch to fail.")
+                } catch let error as ClaudeUsageError {
+                    #expect(error.localizedDescription.contains("Claude planner produced no executable steps."))
+                } catch {
+                    Issue.record("Unexpected error: \(error)")
+                }
+            }
+        }
+    }
+}
+
+final class ClaudeAutoFetcherStubURLProtocol: URLProtocol {
+    nonisolated(unsafe) static var handler: ((URLRequest) throws -> (HTTPURLResponse, Data))?
+
+    override static func canInit(with request: URLRequest) -> Bool {
+        request.url?.host == "claude.ai"
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        guard let handler = Self.handler else {
+            self.client?.urlProtocol(self, didFailWithError: URLError(.badServerResponse))
+            return
+        }
+        do {
+            let (response, data) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
+}
+
+extension ClaudeAutoFetcherCharacterizationTests {
+    @Test
+    func `web fetcher uses configured target organization`() async throws {
+        let fetcher = ClaudeUsageFetcher(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            dataSource: .web,
+            manualCookieHeader: "sessionKey=sk-ant-session-token",
+            webOrganizationID: "org-team")
+
+        try await self.withClaudeWebStub(handler: { request in
+            let url = try #require(request.url)
+            switch url.path {
+            case "/api/organizations":
+                let body = """
+                [
+                  { "uuid": "org-personal", "name": "Personal", "capabilities": ["chat"] },
+                  { "uuid": "org-team", "name": "Team Org", "capabilities": ["chat"] }
+                ]
+                """
+                return Self.makeJSONResponse(url: url, body: body)
+            case "/api/organizations/org-team/usage":
+                let body = """
+                {
+                  "five_hour": { "utilization": 14, "resets_at": "2025-12-23T16:00:00.000Z" },
+                  "seven_day": { "utilization": 28, "resets_at": "2025-12-29T23:00:00.000Z" }
+                }
+                """
+                return Self.makeJSONResponse(url: url, body: body)
+            case "/api/account":
+                let body = """
+                {
+                  "email_address": "linked@example.com",
+                  "memberships": [
+                    {
+                      "organization": {
+                        "uuid": "org-personal",
+                        "name": "Personal",
+                        "rate_limit_tier": "claude_max",
+                        "billing_type": "stripe"
+                      }
+                    },
+                    {
+                      "organization": {
+                        "uuid": "org-team",
+                        "name": "Team Org",
+                        "rate_limit_tier": "enterprise",
+                        "billing_type": "invoice"
+                      }
+                    }
+                  ]
+                }
+                """
+                return Self.makeJSONResponse(url: url, body: body)
+            case "/api/organizations/org-team/overage_spend_limit":
+                return Self.makeJSONResponse(url: url, body: "{}", statusCode: 404)
+            default:
+                return Self.makeJSONResponse(url: url, body: "{}", statusCode: 404)
+            }
+        }, operation: {
+            let snapshot = try await fetcher.loadLatestUsage(model: "sonnet")
+
+            #expect(snapshot.primary.usedPercent == 14)
+            #expect(snapshot.secondary?.usedPercent == 28)
+            #expect(snapshot.accountOrganization == "Team Org")
+            #expect(snapshot.accountEmail == "linked@example.com")
+            #expect(snapshot.loginMethod == "Claude Enterprise")
+        })
+    }
+}
+
 extension ClaudeUsageTests {
     @Test
-    func oauthDelegatedRetry_experimental_background_ignoresOnlyOnUserActionSuppression() async throws {
+    func `parses claude web API organizations honors target organization`() throws {
+        let json = """
+        [
+          { "uuid": "org-personal", "name": "Personal", "capabilities": ["chat"] },
+          { "uuid": "org-team", "name": "Team", "capabilities": ["chat"] }
+        ]
+        """
+        let data = Data(json.utf8)
+        let org = try ClaudeWebAPIFetcher._parseOrganizationsResponseForTesting(
+            data,
+            targetOrganizationID: "org-team")
+        #expect(org.id == "org-team")
+        #expect(org.name == "Team")
+    }
+
+    @Test
+    func `oauth delegated retry experimental background ignores only on user action suppression`() async throws {
         let loadCounter = AsyncCounter()
         let delegatedCounter = AsyncCounter()
         let usageResponse = try Self.makeOAuthUsageResponse()
@@ -881,7 +1420,8 @@ extension ClaudeUsageTests {
         let fetchOverride: (@Sendable (String) async throws -> OAuthUsageResponse)? = { _ in usageResponse }
         let delegatedOverride: (@Sendable (
             Date,
-            TimeInterval) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _ in
+            TimeInterval,
+            [String: String]) async -> ClaudeOAuthDelegatedRefreshCoordinator.Outcome)? = { _, _, _ in
             _ = await delegatedCounter.increment()
             return .attemptedSucceeded
         }
@@ -902,7 +1442,7 @@ extension ClaudeUsageTests {
         }
 
         let snapshot = try await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-            .securityCLI,
+            .securityCLIExperimental,
             operation: {
                 try await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.onlyOnUserAction) {
                     try await ProviderInteractionContext.$current.withValue(.background) {
@@ -929,7 +1469,7 @@ extension ClaudeUsageTests {
     }
 
     @Test
-    func oauthLoad_experimental_background_fallbackBlocked_propagatesOAuthFailure() async throws {
+    func `oauth load experimental background fallback blocked propagates O auth failure`() async throws {
         final class FlagBox: @unchecked Sendable {
             var respectPromptCooldownFlags: [Bool] = []
         }
@@ -951,7 +1491,7 @@ extension ClaudeUsageTests {
 
         await #expect(throws: ClaudeUsageError.self) {
             try await ClaudeOAuthKeychainReadStrategyPreference.withTaskOverrideForTesting(
-                .securityCLI,
+                .securityCLIExperimental,
                 operation: {
                     try await ClaudeOAuthKeychainPromptPreference.withTaskOverrideForTesting(.onlyOnUserAction) {
                         try await ProviderInteractionContext.$current.withValue(.background) {
diff --git a/Tests/CodexBarTests/ClaudeWebEnterpriseUsageTests.swift b/Tests/CodexBarTests/ClaudeWebEnterpriseUsageTests.swift
new file mode 100644
index 000000000..dcd5e1ddd
--- /dev/null
+++ b/Tests/CodexBarTests/ClaudeWebEnterpriseUsageTests.swift
@@ -0,0 +1,43 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct ClaudeWebEnterpriseUsageTests {
+    @Test
+    func `parses usage response when session window is null`() throws {
+        let json = """
+        {
+          "five_hour": null,
+          "seven_day": { "utilization": 42, "resets_at": "2025-12-29T23:00:00.000Z" }
+        }
+        """
+        let data = Data(json.utf8)
+        let parsed = try ClaudeWebAPIFetcher._parseUsageResponseForTesting(data)
+        #expect(parsed.sessionPercentUsed == 0)
+        #expect(parsed.weeklyPercentUsed == 42)
+    }
+
+    @Test
+    func `parses enterprise credit spend from usage response`() throws {
+        let json = """
+        {
+          "five_hour": null,
+          "seven_day": null,
+          "extra_usage": {
+            "monthly_limit": 100000,
+            "used_credits": 4132
+          }
+        }
+        """
+        let data = Data(json.utf8)
+        let parsed = try ClaudeWebAPIFetcher._parseUsageResponseForTesting(data)
+
+        #expect(parsed.sessionPercentUsed == 0)
+        #expect(parsed.sessionResetsAt == nil)
+        #expect(parsed.weeklyPercentUsed == nil)
+        #expect(parsed.extraUsageCost?.used == 41.32)
+        #expect(parsed.extraUsageCost?.limit == 1000)
+        #expect(parsed.extraUsageCost?.currencyCode == "USD")
+        #expect(parsed.extraUsageCost?.period == "Monthly cap")
+    }
+}
diff --git a/Tests/CodexBarTests/ClaudeWebUsageExtraWindowTests.swift b/Tests/CodexBarTests/ClaudeWebUsageExtraWindowTests.swift
new file mode 100644
index 000000000..b0d0241c3
--- /dev/null
+++ b/Tests/CodexBarTests/ClaudeWebUsageExtraWindowTests.swift
@@ -0,0 +1,49 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct ClaudeWebUsageExtraWindowTests {
+    @Test
+    func `parses claude web API sonnet usage response`() throws {
+        let json = """
+        {
+          "five_hour": { "utilization": 9, "resets_at": "2025-12-23T16:00:00.000Z" },
+          "seven_day_sonnet": { "utilization": 6, "resets_at": "2025-12-30T23:00:00.000Z" }
+        }
+        """
+        let data = Data(json.utf8)
+        let parsed = try ClaudeWebAPIFetcher._parseUsageResponseForTesting(data)
+        #expect(parsed.opusPercentUsed == 6)
+    }
+
+    @Test
+    func `ignores merged claude web API omelette usage window`() throws {
+        let json = """
+        {
+          "five_hour": { "utilization": 9, "resets_at": "2025-12-23T16:00:00.000Z" },
+          "seven_day_omelette": { "utilization": 26, "resets_at": "2025-12-30T23:00:00.000Z" },
+          "seven_day_cowork": { "utilization": 11, "resets_at": "2025-12-31T23:00:00.000Z" }
+        }
+        """
+        let data = Data(json.utf8)
+        let parsed = try ClaudeWebAPIFetcher._parseUsageResponseForTesting(data)
+        #expect(parsed.extraRateWindows.count == 1)
+        #expect(parsed.extraRateWindows.contains { $0.id == "claude-design" } == false)
+        #expect(parsed.extraRateWindows.first(where: { $0.id == "claude-routines" })?.window.usedPercent == 11)
+    }
+
+    @Test
+    func `parses claude web API cowork null as zero routines window`() throws {
+        let json = """
+        {
+          "five_hour": { "utilization": 9, "resets_at": "2025-12-23T16:00:00.000Z" },
+          "seven_day_omelette": { "utilization": 26, "resets_at": "2025-12-30T23:00:00.000Z" },
+          "seven_day_cowork": null
+        }
+        """
+        let data = Data(json.utf8)
+        let parsed = try ClaudeWebAPIFetcher._parseUsageResponseForTesting(data)
+        #expect(parsed.extraRateWindows.first(where: { $0.id == "claude-routines" })?.window.usedPercent == 0)
+        #expect(parsed.extraRateWindows.contains { $0.id == "claude-design" } == false)
+    }
+}
diff --git a/Tests/CodexBarTests/CodebuffSettingsReaderTests.swift b/Tests/CodexBarTests/CodebuffSettingsReaderTests.swift
new file mode 100644
index 000000000..d86d6e3be
--- /dev/null
+++ b/Tests/CodexBarTests/CodebuffSettingsReaderTests.swift
@@ -0,0 +1,110 @@
+import CodexBarCore
+import Foundation
+import Testing
+
+struct CodebuffSettingsReaderTests {
+    @Test
+    func `api URL defaults to www codebuff com`() {
+        let url = CodebuffSettingsReader.apiURL(environment: [:])
+        #expect(url.scheme == "https")
+        #expect(url.host() == "www.codebuff.com")
+    }
+
+    @Test
+    func `api URL honors environment override`() {
+        let url = CodebuffSettingsReader.apiURL(environment: [
+            "CODEBUFF_API_URL": "https://staging.codebuff.com",
+        ])
+        #expect(url.host() == "staging.codebuff.com")
+    }
+
+    @Test
+    func `api key reads from CODEBUFF_API_KEY and trims wrapping whitespace`() {
+        let token = CodebuffSettingsReader.apiKey(environment: [
+            CodebuffSettingsReader.apiTokenKey: "  cb-test-token  ",
+        ])
+        #expect(token == "cb-test-token")
+    }
+
+    @Test
+    func `api key strips surrounding quotes`() {
+        let token = CodebuffSettingsReader.apiKey(environment: [
+            CodebuffSettingsReader.apiTokenKey: "\"cb-test-token\"",
+        ])
+        #expect(token == "cb-test-token")
+    }
+
+    @Test
+    func `api key returns nil for empty environment`() {
+        #expect(CodebuffSettingsReader.apiKey(environment: [:]) == nil)
+    }
+
+    @Test
+    func `auth token parses credentials json`() throws {
+        let contents = #"{"authToken":"file-token","fingerprintId":"fp-1","email":"a@b.com"}"#
+        let url = try self.writeTempFile(named: "credentials.json", contents: contents)
+        defer { try? FileManager.default.removeItem(at: url.deletingLastPathComponent()) }
+
+        let token = CodebuffSettingsReader.authToken(authFileURL: url)
+        #expect(token == "file-token")
+    }
+
+    @Test
+    func `auth token parses default profile credentials json`() throws {
+        let contents = #"{"default":{"authToken":"default-token","fingerprintId":"fp-1","email":"a@b.com"}}"#
+        let url = try self.writeTempFile(named: "credentials.json", contents: contents)
+        defer { try? FileManager.default.removeItem(at: url.deletingLastPathComponent()) }
+
+        let token = CodebuffSettingsReader.authToken(authFileURL: url)
+        #expect(token == "default-token")
+    }
+
+    @Test
+    func `auth token returns nil for malformed credentials json`() throws {
+        let url = try self.writeTempFile(named: "credentials.json", contents: "{not-json}")
+        defer { try? FileManager.default.removeItem(at: url.deletingLastPathComponent()) }
+
+        let token = CodebuffSettingsReader.authToken(authFileURL: url)
+        #expect(token == nil)
+    }
+
+    @Test
+    func `auth token returns nil when file missing`() {
+        let url = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+            .appendingPathComponent("credentials.json", isDirectory: false)
+        #expect(CodebuffSettingsReader.authToken(authFileURL: url) == nil)
+    }
+
+    @Test
+    func `descriptor uses codebuff dashboard URL`() {
+        let descriptor = ProviderDescriptorRegistry.descriptor(for: .codebuff)
+        #expect(descriptor.metadata.dashboardURL == "https://www.codebuff.com/usage")
+        #expect(descriptor.metadata.displayName == "Codebuff")
+        #expect(descriptor.metadata.cliName == "codebuff")
+    }
+
+    @Test
+    func `descriptor uses dedicated codebuff icon resource`() {
+        let descriptor = ProviderDescriptorRegistry.descriptor(for: .codebuff)
+        #expect(descriptor.branding.iconResourceName == "ProviderIcon-codebuff")
+    }
+
+    @Test
+    func `descriptor supports auto and API source modes`() {
+        let descriptor = ProviderDescriptorRegistry.descriptor(for: .codebuff)
+        let expected: Set<ProviderSourceMode> = [.auto, .api]
+        #expect(descriptor.fetchPlan.sourceModes == expected)
+    }
+
+    // MARK: - Helpers
+
+    private func writeTempFile(named name: String, contents: String) throws -> URL {
+        let directory = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        try FileManager.default.createDirectory(at: directory, withIntermediateDirectories: true)
+        let fileURL = directory.appendingPathComponent(name, isDirectory: false)
+        try contents.write(to: fileURL, atomically: true, encoding: .utf8)
+        return fileURL
+    }
+}
diff --git a/Tests/CodexBarTests/CodebuffUsageFetcherTests.swift b/Tests/CodexBarTests/CodebuffUsageFetcherTests.swift
new file mode 100644
index 000000000..f1d4fd258
--- /dev/null
+++ b/Tests/CodexBarTests/CodebuffUsageFetcherTests.swift
@@ -0,0 +1,387 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct CodebuffUsageFetcherTests {
+    @Test
+    func `usage URL composes the correct endpoint`() throws {
+        let base = try #require(URL(string: "https://www.codebuff.com"))
+        let url = CodebuffUsageFetcher.usageURL(baseURL: base)
+        #expect(url.absoluteString == "https://www.codebuff.com/api/v1/usage")
+    }
+
+    @Test
+    func `subscription URL composes the correct endpoint`() throws {
+        let base = try #require(URL(string: "https://www.codebuff.com"))
+        let url = CodebuffUsageFetcher.subscriptionURL(baseURL: base)
+        #expect(url.absoluteString == "https://www.codebuff.com/api/user/subscription")
+    }
+
+    @Test
+    func `usage request sends required fingerprint id`() async throws {
+        defer {
+            CodebuffStubURLProtocol.handler = nil
+            CodebuffStubURLProtocol.requests = []
+            CodebuffStubURLProtocol.requestBodies = []
+        }
+        CodebuffStubURLProtocol.requests = []
+        CodebuffStubURLProtocol.requestBodies = []
+        CodebuffStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            switch url.path {
+            case "/api/v1/usage":
+                return try Self.makeResponse(url: url, body: #"{"usage":25,"quota":100,"remainingBalance":75}"#)
+            case "/api/user/subscription":
+                return try Self.makeResponse(url: url, body: "{}")
+            default:
+                return try Self.makeResponse(url: url, body: "{}", statusCode: 404)
+            }
+        }
+
+        let snapshot = try await CodebuffUsageFetcher.fetchUsage(apiKey: "cb-test", session: Self.makeSession())
+        let usageIndex = try #require(CodebuffStubURLProtocol.requests.firstIndex {
+            $0.url?.path == "/api/v1/usage"
+        })
+        let body = try #require(CodebuffStubURLProtocol.requestBodies[usageIndex])
+        let payload = try #require(JSONSerialization.jsonObject(with: body) as? [String: String])
+
+        #expect(payload["fingerprintId"] == "codexbar-usage")
+        #expect(snapshot.creditsUsed == 25)
+    }
+
+    @Test
+    func `usage fetch can skip subscription endpoint for API key tokens`() async throws {
+        defer {
+            CodebuffStubURLProtocol.handler = nil
+            CodebuffStubURLProtocol.requests = []
+            CodebuffStubURLProtocol.requestBodies = []
+        }
+        CodebuffStubURLProtocol.requests = []
+        CodebuffStubURLProtocol.requestBodies = []
+        CodebuffStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            switch url.path {
+            case "/api/v1/usage":
+                return try Self.makeResponse(url: url, body: #"{"usage":25,"quota":100,"remainingBalance":75}"#)
+            case "/api/user/subscription":
+                Issue.record("Subscription endpoint should not be called for API key tokens")
+                return try Self.makeResponse(url: url, body: "{}", statusCode: 500)
+            default:
+                return try Self.makeResponse(url: url, body: "{}", statusCode: 404)
+            }
+        }
+
+        let snapshot = try await CodebuffUsageFetcher.fetchUsage(
+            apiKey: "cb-test",
+            includeSubscription: false,
+            session: Self.makeSession())
+
+        #expect(snapshot.creditsUsed == 25)
+        #expect(CodebuffStubURLProtocol.requests.map(\.url?.path) == ["/api/v1/usage"])
+    }
+
+    @Test
+    func `api strategy only fetches subscription for credentials file tokens`() {
+        let envResolution = ProviderTokenResolution(token: "env-token", source: .environment)
+        let fileResolution = ProviderTokenResolution(token: "file-token", source: .authFile)
+
+        #expect(CodebuffAPIFetchStrategy.shouldFetchSubscription(for: envResolution) == false)
+        #expect(CodebuffAPIFetchStrategy.shouldFetchSubscription(for: fileResolution) == true)
+    }
+
+    @Test
+    func `status 401 maps to unauthorized`() {
+        #expect(CodebuffUsageFetcher._statusErrorForTesting(401) == .unauthorized)
+        #expect(CodebuffUsageFetcher._statusErrorForTesting(403) == .unauthorized)
+    }
+
+    @Test
+    func `status 404 maps to endpoint not found`() {
+        #expect(CodebuffUsageFetcher._statusErrorForTesting(404) == .endpointNotFound)
+    }
+
+    @Test
+    func `status 500 maps to service unavailable`() {
+        guard case .serviceUnavailable(503) = CodebuffUsageFetcher._statusErrorForTesting(503)
+        else {
+            Issue.record("Expected .serviceUnavailable(503)")
+            return
+        }
+    }
+
+    @Test
+    func `status 200 returns nil`() {
+        #expect(CodebuffUsageFetcher._statusErrorForTesting(200) == nil)
+    }
+
+    @Test
+    func `usage payload parses numeric credit fields`() throws {
+        let json = """
+        {
+          "usage": 1250,
+          "quota": 5000,
+          "remainingBalance": 3750,
+          "autoTopupEnabled": true,
+          "next_quota_reset": "2026-05-01T00:00:00Z"
+        }
+        """
+
+        let payload = try CodebuffUsageFetcher._parseUsagePayloadForTesting(Data(json.utf8))
+        #expect(payload.used == 1250)
+        #expect(payload.total == 5000)
+        #expect(payload.remaining == 3750)
+        #expect(payload.autoTopupEnabled == true)
+        #expect(payload.nextQuotaReset != nil)
+    }
+
+    @Test
+    func `usage payload accepts string-encoded numbers`() throws {
+        let json = """
+        { "usage": "12", "quota": "100", "remainingBalance": "88" }
+        """
+        let payload = try CodebuffUsageFetcher._parseUsagePayloadForTesting(Data(json.utf8))
+        #expect(payload.used == 12)
+        #expect(payload.total == 100)
+        #expect(payload.remaining == 88)
+    }
+
+    @Test
+    func `usage payload returns nil fields when absent`() throws {
+        let payload = try CodebuffUsageFetcher._parseUsagePayloadForTesting(Data("{}".utf8))
+        #expect(payload.used == nil)
+        #expect(payload.total == nil)
+        #expect(payload.remaining == nil)
+        #expect(payload.autoTopupEnabled == nil)
+    }
+
+    @Test
+    func `usage payload throws on malformed JSON`() {
+        #expect {
+            _ = try CodebuffUsageFetcher._parseUsagePayloadForTesting(Data("not-json".utf8))
+        } throws: { error in
+            guard case CodebuffUsageError.parseFailed = error else { return false }
+            return true
+        }
+    }
+
+    @Test
+    func `subscription payload parses tier and weekly window`() throws {
+        let json = """
+        {
+          "hasSubscription": true,
+          "subscription": {
+            "status": "active",
+            "tier": "pro",
+            "billingPeriodEnd": "2026-05-15T00:00:00Z"
+          },
+          "rateLimit": {
+            "weeklyUsed": 2100,
+            "weeklyLimit": 7000,
+            "weeklyResetsAt": "2026-05-08T00:00:00Z"
+          },
+          "email": "user@example.com"
+        }
+        """
+
+        let payload = try CodebuffUsageFetcher._parseSubscriptionPayloadForTesting(Data(json.utf8))
+        #expect(payload.tier == "pro")
+        #expect(payload.status == "active")
+        #expect(payload.weeklyUsed == 2100)
+        #expect(payload.weeklyLimit == 7000)
+        #expect(payload.weeklyResetsAt != nil)
+        #expect(payload.email == "user@example.com")
+        #expect(payload.billingPeriodEnd != nil)
+    }
+
+    @Test
+    func `subscription payload prefers display name over numeric tier`() throws {
+        let json = """
+        { "subscription": { "tier": 2, "displayName": "Pro" } }
+        """
+        let payload = try CodebuffUsageFetcher._parseSubscriptionPayloadForTesting(Data(json.utf8))
+        #expect(payload.tier == "Pro")
+    }
+
+    @Test
+    func `subscription payload falls back to numeric scheduled tier`() throws {
+        let json = """
+        { "subscription": { "scheduledTier": 3 } }
+        """
+        let payload = try CodebuffUsageFetcher._parseSubscriptionPayloadForTesting(Data(json.utf8))
+        #expect(payload.tier == "3")
+    }
+
+    @Test
+    func `subscription payload formats oversized numeric tier without trapping`() throws {
+        let json = """
+        { "subscription": { "scheduledTier": 9223372036854775808 } }
+        """
+        let payload = try CodebuffUsageFetcher._parseSubscriptionPayloadForTesting(Data(json.utf8))
+        #expect(payload.tier == "9223372036854775808")
+    }
+
+    @Test
+    func `subscription payload tolerates missing rate limit`() throws {
+        let json = """
+        { "subscription": { "status": "trialing", "tier": "free" } }
+        """
+        let payload = try CodebuffUsageFetcher._parseSubscriptionPayloadForTesting(Data(json.utf8))
+        #expect(payload.weeklyUsed == nil)
+        #expect(payload.weeklyLimit == nil)
+        #expect(payload.status == "trialing")
+    }
+
+    @Test
+    func `snapshot maps to rate window with credits window`() {
+        let snapshot = CodebuffUsageSnapshot(
+            creditsUsed: 250,
+            creditsTotal: 1000,
+            creditsRemaining: 750,
+            weeklyUsed: 100,
+            weeklyLimit: 500,
+            weeklyResetsAt: Date(timeIntervalSince1970: 1_777_680_000),
+            tier: "pro",
+            autoTopUpEnabled: true,
+            updatedAt: Date())
+
+        let unified = snapshot.toUsageSnapshot()
+        #expect(unified.primary?.usedPercent == 25)
+        // The credit balance is intentionally NOT stored in `resetDescription` —
+        // generic renderers prepend "Resets " when `resetsAt` is absent, which would
+        // surface misleading text like "Resets 250/1,000 credits".
+        #expect(unified.primary?.resetDescription == nil)
+        #expect(unified.secondary?.usedPercent == 20)
+        #expect(unified.secondary?.windowMinutes == 7 * 24 * 60)
+        #expect(unified.secondary?.resetsAt == Date(timeIntervalSince1970: 1_777_680_000))
+        #expect(unified.secondary?.resetDescription == nil)
+        #expect(unified.identity?.providerID == .codebuff)
+        #expect(unified.identity?.loginMethod?.contains("Pro") == true)
+        #expect(unified.identity?.loginMethod?.contains("auto top-up") == true)
+    }
+
+    @Test
+    func `snapshot infers total from used plus remaining`() {
+        let snapshot = CodebuffUsageSnapshot(
+            creditsUsed: 40,
+            creditsTotal: nil,
+            creditsRemaining: 60)
+
+        let unified = snapshot.toUsageSnapshot()
+        #expect(unified.primary?.usedPercent == 40)
+    }
+
+    @Test
+    func `snapshot surfaces exhausted state when quota is missing from payload`() {
+        // Only `creditsUsed` is populated (no total, no remaining) — the API response is
+        // degenerate but we still want the row to be visible so the user notices the
+        // missing configuration instead of seeing an empty/healthy-looking bar.
+        let usedOnly = CodebuffUsageSnapshot(
+            creditsUsed: 42,
+            creditsTotal: nil,
+            creditsRemaining: nil)
+        #expect(usedOnly.toUsageSnapshot().primary?.usedPercent == 100)
+
+        // Only `creditsRemaining` is populated — same fallback should apply.
+        let remainingOnly = CodebuffUsageSnapshot(
+            creditsUsed: nil,
+            creditsTotal: nil,
+            creditsRemaining: 17)
+        #expect(remainingOnly.toUsageSnapshot().primary?.usedPercent == 100)
+    }
+
+    @Test
+    func `snapshot hides credit window when no credit fields are present`() {
+        let empty = CodebuffUsageSnapshot()
+        #expect(empty.toUsageSnapshot().primary == nil)
+    }
+
+    @Test
+    func `missing credentials fetch call throws missing credentials`() async {
+        do {
+            _ = try await CodebuffUsageFetcher.fetchUsage(apiKey: "   ")
+            Issue.record("Expected missingCredentials error")
+        } catch let error as CodebuffUsageError {
+            #expect(error == .missingCredentials)
+        } catch {
+            Issue.record("Unexpected error: \(error)")
+        }
+    }
+
+    private static func makeSession() -> URLSession {
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [CodebuffStubURLProtocol.self]
+        return URLSession(configuration: config)
+    }
+
+    private static func makeResponse(
+        url: URL,
+        body: String,
+        statusCode: Int = 200) throws -> (HTTPURLResponse, Data)
+    {
+        guard let response = HTTPURLResponse(
+            url: url,
+            statusCode: statusCode,
+            httpVersion: nil,
+            headerFields: ["Content-Type": "application/json"])
+        else {
+            throw URLError(.badServerResponse)
+        }
+        return (response, Data(body.utf8))
+    }
+}
+
+final class CodebuffStubURLProtocol: URLProtocol {
+    nonisolated(unsafe) static var handler: ((URLRequest) throws -> (HTTPURLResponse, Data))?
+    nonisolated(unsafe) static var requests: [URLRequest] = []
+    nonisolated(unsafe) static var requestBodies: [Data?] = []
+
+    override static func canInit(with request: URLRequest) -> Bool {
+        request.url?.host == "www.codebuff.com"
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        Self.requests.append(self.request)
+        Self.requestBodies.append(Self.bodyData(from: self.request))
+        guard let handler = Self.handler else {
+            self.client?.urlProtocol(self, didFailWithError: URLError(.badServerResponse))
+            return
+        }
+        do {
+            let (response, data) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
+
+    private static func bodyData(from request: URLRequest) -> Data? {
+        if let httpBody = request.httpBody {
+            return httpBody
+        }
+        guard let stream = request.httpBodyStream else { return nil }
+
+        stream.open()
+        defer { stream.close() }
+
+        var data = Data()
+        var buffer = [UInt8](repeating: 0, count: 1024)
+        while stream.hasBytesAvailable {
+            let count = stream.read(&buffer, maxLength: buffer.count)
+            if count > 0 {
+                data.append(buffer, count: count)
+            } else {
+                break
+            }
+        }
+        return data.isEmpty ? nil : data
+    }
+}
diff --git a/Tests/CodexBarTests/CodexAccountFingerprintReconciliationTests.swift b/Tests/CodexBarTests/CodexAccountFingerprintReconciliationTests.swift
new file mode 100644
index 000000000..5d87dff58
--- /dev/null
+++ b/Tests/CodexBarTests/CodexAccountFingerprintReconciliationTests.swift
@@ -0,0 +1,102 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+struct CodexAccountFingerprintReconciliationTests {
+    @Test
+    func `active source falls back to identity when auth fingerprint rotated`() throws {
+        let accountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-333333333333"))
+        let managed = ManagedCodexAccount(
+            id: accountID,
+            email: "rotated@example.com",
+            authFingerprint: "old-auth-json",
+            managedHomePath: "/tmp/rotated",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let live = ObservedSystemCodexAccount(
+            email: "rotated@example.com",
+            authFingerprint: "new-auth-json",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date(),
+            identity: .emailOnly(normalizedEmail: "rotated@example.com"))
+        let snapshot = CodexAccountReconciliationSnapshot(
+            storedAccounts: [managed],
+            activeStoredAccount: managed,
+            liveSystemAccount: live,
+            matchingStoredAccountForLiveSystemAccount: managed,
+            activeSource: .managedAccount(id: accountID),
+            hasUnreadableAddedAccountStore: false)
+
+        let resolution = CodexActiveSourceResolver.resolve(from: snapshot)
+
+        #expect(resolution.resolvedSource == .liveSystem)
+        #expect(resolution.requiresPersistenceCorrection)
+    }
+
+    @Test
+    @MainActor
+    func `auth fingerprint matches live account before semantic duplicate identity`() throws {
+        let suite = "CodexAccountFingerprintReconciliationTests-auth-fingerprint"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        let firstID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let secondID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-222222222222"))
+        let first = ManagedCodexAccount(
+            id: firstID,
+            email: "same@example.com",
+            authFingerprint: "1111",
+            managedHomePath: "/tmp/first",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let second = ManagedCodexAccount(
+            id: secondID,
+            email: "same@example.com",
+            providerAccountID: "account-team",
+            authFingerprint: "2222",
+            managedHomePath: "/tmp/second",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let storeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-managed-store-\(UUID().uuidString).json")
+        try Self.writeManagedCodexStore(
+            ManagedCodexAccountSet(version: FileManagedCodexAccountStore.currentVersion, accounts: [first, second]),
+            to: storeURL)
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "same@example.com",
+            authFingerprint: "2222",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date(),
+            identity: .emailOnly(normalizedEmail: "same@example.com"))
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        let snapshot = settings.codexAccountReconciliationSnapshot
+        let projection = settings.codexVisibleAccountProjection
+
+        #expect(snapshot.matchingStoredAccountForLiveSystemAccount?.id == secondID)
+        #expect(projection.liveVisibleAccountID == "live:email:same@example.com")
+        #expect(projection.visibleAccounts.first { $0.storedAccountID == secondID }?.isLive == true)
+        #expect(projection.visibleAccounts.first { $0.storedAccountID == firstID }?.isLive == false)
+    }
+
+    private static func writeManagedCodexStore(_ accounts: ManagedCodexAccountSet, to storeURL: URL) throws {
+        let encoder = JSONEncoder()
+        encoder.outputFormatting = [.sortedKeys]
+        let data = try encoder.encode(accounts)
+        try data.write(to: storeURL, options: [.atomic])
+    }
+}
diff --git a/Tests/CodexBarTests/CodexAccountPromotionExecutionTests.swift b/Tests/CodexBarTests/CodexAccountPromotionExecutionTests.swift
new file mode 100644
index 000000000..049635485
--- /dev/null
+++ b/Tests/CodexBarTests/CodexAccountPromotionExecutionTests.swift
@@ -0,0 +1,310 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+@MainActor
+struct CodexAccountPromotionExecutionTests {
+    @Test
+    func `executor import store failure cleans up imported home and maps managed store error`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionExecutionTests-import-cleanup")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        try container.persistAccounts([target])
+        _ = try container.writeLiveOAuthAuthFile(email: "alpha@example.com", accountID: "acct-alpha")
+        let context = try await self.makeContext(container: container, targetID: target.id)
+        let executor = CodexDisplacedLivePreservationExecutor(
+            store: RecordingManagedCodexAccountStore(base: container.fileStore) { _ in
+                throw PromotionTestError.storeWriteFailed
+            },
+            homeFactory: container.homeFactory,
+            fileManager: .default)
+
+        #expect(throws: CodexAccountPromotionError.managedStoreCommitFailed) {
+            try executor.execute(plan: .importNew(reason: .noExistingManagedDestination), context: context)
+        }
+
+        #expect(try container.managedHomeURLs().count == 1)
+        #expect(try container.loadAccounts().accounts.count == 1)
+    }
+
+    @Test
+    func `executor refresh failure leaves live auth untouched and keeps copied managed auth`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionExecutionTests-refresh-failure")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let existingManagedLive = try container.createManagedAccount(
+            persistedEmail: "alpha@example.com",
+            authAccountID: "acct-alpha")
+        try container.persistAccounts([target, existingManagedLive])
+        let originalManagedAuthData = try container.managedAuthData(for: existingManagedLive)
+        let liveAuthData = try container.writeLiveOAuthAuthFile(
+            email: "alpha@example.com",
+            accountID: "acct-alpha",
+            apiKey: "sk-refreshed-live")
+        let originalLiveAuthData = try #require(try container.liveAuthData())
+        let context = try await self.makeContext(container: container, targetID: target.id)
+        let plan = CodexDisplacedLivePreservationPlanner().makePlan(context: context)
+        let executor = CodexDisplacedLivePreservationExecutor(
+            store: RecordingManagedCodexAccountStore(base: container.fileStore) { accounts in
+                if accounts.account(id: existingManagedLive.id)?
+                    .lastAuthenticatedAt != existingManagedLive.lastAuthenticatedAt
+                {
+                    throw PromotionTestError.storeWriteFailed
+                }
+            },
+            homeFactory: container.homeFactory,
+            fileManager: .default)
+
+        #expect(throws: CodexAccountPromotionError.managedStoreCommitFailed) {
+            try executor.execute(plan: plan, context: context)
+        }
+
+        let accounts = try container.loadAccounts().accounts
+        let persistedManagedLive = try #require(accounts.first(where: { $0.id == existingManagedLive.id }))
+        #expect(try container.liveAuthData() == originalLiveAuthData)
+        #expect(try container.managedAuthData(for: persistedManagedLive) != originalManagedAuthData)
+        #expect(try container.managedAuthData(for: persistedManagedLive) == liveAuthData)
+    }
+
+    @Test
+    func `executor import verifies persisted account after concurrent duplicate collision`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionExecutionTests-import-collision-repair")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let concurrentID = UUID()
+        let concurrentHomeURL = container.managedHomesURL.appendingPathComponent(
+            concurrentID.uuidString,
+            isDirectory: true)
+        try FileManager.default.createDirectory(at: concurrentHomeURL, withIntermediateDirectories: true)
+        let concurrentManaged = ManagedCodexAccount(
+            id: concurrentID,
+            email: "alpha@example.com",
+            providerAccountID: "acct-alpha",
+            workspaceLabel: "Personal",
+            workspaceAccountID: "acct-alpha",
+            managedHomePath: concurrentHomeURL.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        try container.persistAccounts([target])
+        let liveAuthData = try container.writeLiveOAuthAuthFile(email: "alpha@example.com", accountID: "acct-alpha")
+        let context = try await self.makeContext(container: container, targetID: target.id)
+        let executor = CodexDisplacedLivePreservationExecutor(
+            store: ConcurrentDuplicateManagedCodexAccountStore(
+                base: container.fileStore,
+                concurrentAccount: concurrentManaged),
+            homeFactory: container.homeFactory,
+            fileManager: .default)
+
+        let result = try executor.execute(plan: .importNew(reason: .noExistingManagedDestination), context: context)
+
+        #expect(result.displacedLiveDisposition == .alreadyManaged(managedAccountID: concurrentManaged.id))
+        let accounts = try container.loadAccounts().accounts
+        let repaired = try #require(accounts.first(where: { $0.id == concurrentManaged.id }))
+        #expect(repaired.managedHomePath != concurrentHomeURL.path)
+        #expect(try container.managedAuthData(for: repaired) == liveAuthData)
+    }
+
+    @Test
+    func `executor refresh filesystem failure maps to managed store error`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionExecutionTests-refresh-filesystem-failure")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let existingManagedLive = try container.createManagedAccount(
+            persistedEmail: "alpha@example.com",
+            authAccountID: "acct-alpha")
+        try container.persistAccounts([target, existingManagedLive])
+        _ = try container.writeLiveOAuthAuthFile(email: "alpha@example.com", accountID: "acct-alpha")
+        let context = try await self.makeContext(container: container, targetID: target.id)
+        let plan = CodexDisplacedLivePreservationPlanner().makePlan(context: context)
+
+        let managedHomeURL = URL(fileURLWithPath: existingManagedLive.managedHomePath, isDirectory: true)
+        try FileManager.default.removeItem(at: managedHomeURL)
+        try Data("blocked".utf8).write(to: managedHomeURL)
+
+        let executor = CodexDisplacedLivePreservationExecutor(
+            store: container.fileStore,
+            homeFactory: container.homeFactory,
+            fileManager: .default)
+
+        #expect(throws: CodexAccountPromotionError.managedStoreCommitFailed) {
+            try executor.execute(plan: plan, context: context)
+        }
+    }
+
+    @Test
+    func `executor legacy import repair ignores provider backed rows with the same email`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionExecutionTests-legacy-import-provider-same-email")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let providerManaged = try container.createManagedAccount(
+            persistedEmail: "alpha@example.com",
+            authAccountID: "acct-existing")
+        try container.persistAccounts([target, providerManaged])
+        _ = try container.writeLiveOAuthAuthFile(email: "alpha@example.com")
+        let context = try await self.makeContext(container: container, targetID: target.id)
+        let originalProviderManaged = try #require(try container.loadAccounts().account(id: providerManaged.id))
+
+        let executor = CodexDisplacedLivePreservationExecutor(
+            store: DroppingLegacyImportedAccountStore(
+                base: container.fileStore,
+                preservedProviderBackedAccount: originalProviderManaged),
+            homeFactory: container.homeFactory,
+            fileManager: .default)
+
+        #expect(throws: CodexAccountPromotionError.managedStoreCommitFailed) {
+            try executor.execute(plan: .importNew(reason: .noExistingManagedDestination), context: context)
+        }
+
+        let persistedProviderManaged = try #require(try container.loadAccounts().account(id: providerManaged.id))
+        #expect(persistedProviderManaged.providerAccountID == originalProviderManaged.providerAccountID)
+        #expect(persistedProviderManaged.managedHomePath == originalProviderManaged.managedHomePath)
+    }
+
+    @Test
+    func `executor reject preserves stable error mapping`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionExecutionTests-reject-mapping")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        try container.persistAccounts([target])
+        let context = try await self.makeContext(container: container, targetID: target.id)
+        let executor = CodexDisplacedLivePreservationExecutor(
+            store: container.fileStore,
+            homeFactory: container.homeFactory,
+            fileManager: .default)
+
+        #expect(throws: CodexAccountPromotionError.liveAccountAPIKeyOnlyUnsupported) {
+            try executor.execute(plan: .reject(reason: .liveAPIKeyOnlyUnsupported), context: context)
+        }
+        #expect(throws: CodexAccountPromotionError.liveAccountUnreadable) {
+            try executor.execute(plan: .reject(reason: .liveUnreadable), context: context)
+        }
+        #expect(throws: CodexAccountPromotionError.liveAccountMissingIdentityForPreservation) {
+            try executor.execute(plan: .reject(reason: .liveIdentityMissingForPreservation), context: context)
+        }
+    }
+
+    @Test
+    func `executor rejects target as preservation destination`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionExecutionTests-target-destination")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        try container.persistAccounts([target])
+        _ = try container.writeLiveOAuthAuthFile(email: "alpha@example.com", accountID: "acct-alpha")
+        let context = try await self.makeContext(container: container, targetID: target.id)
+        let executor = CodexDisplacedLivePreservationExecutor(
+            store: container.fileStore,
+            homeFactory: container.homeFactory,
+            fileManager: .default)
+
+        #expect(throws: CodexAccountPromotionError.managedStoreCommitFailed) {
+            try executor.execute(
+                plan: .refreshExisting(
+                    destination: context.target,
+                    reason: .readableHomeIdentityMatch),
+                context: context)
+        }
+    }
+
+    private func makeContext(
+        container: CodexAccountPromotionTestContainer,
+        targetID: UUID)
+        async throws -> PreparedPromotionContext
+    {
+        let builder = PreparedPromotionContextBuilder(
+            store: container.fileStore,
+            workspaceResolver: container.workspaceResolver,
+            snapshotLoader: SettingsStoreCodexAccountReconciliationSnapshotLoader(settingsStore: container.settings),
+            authMaterialReader: DefaultCodexAuthMaterialReader(),
+            baseEnvironment: container.baseEnvironment,
+            fileManager: .default)
+        return try await builder.build(targetID: targetID)
+    }
+}
+
+private final class ConcurrentDuplicateManagedCodexAccountStore: ManagedCodexAccountStoring, @unchecked Sendable {
+    let base: any ManagedCodexAccountStoring
+    let concurrentAccount: ManagedCodexAccount
+    private var didInjectConcurrentAccount = false
+
+    init(base: any ManagedCodexAccountStoring, concurrentAccount: ManagedCodexAccount) {
+        self.base = base
+        self.concurrentAccount = concurrentAccount
+    }
+
+    func loadAccounts() throws -> ManagedCodexAccountSet {
+        if self.didInjectConcurrentAccount == false {
+            self.didInjectConcurrentAccount = true
+            let current = try self.base.loadAccounts()
+            try self.base.storeAccounts(ManagedCodexAccountSet(
+                version: current.version,
+                accounts: current.accounts + [self.concurrentAccount]))
+        }
+        return try self.base.loadAccounts()
+    }
+
+    func storeAccounts(_ accounts: ManagedCodexAccountSet) throws {
+        try self.base.storeAccounts(accounts)
+    }
+
+    func ensureFileExists() throws -> URL {
+        try self.base.ensureFileExists()
+    }
+}
+
+private final class DroppingLegacyImportedAccountStore: ManagedCodexAccountStoring, @unchecked Sendable {
+    let base: any ManagedCodexAccountStoring
+    let preservedProviderBackedAccount: ManagedCodexAccount
+
+    init(base: any ManagedCodexAccountStoring, preservedProviderBackedAccount: ManagedCodexAccount) {
+        self.base = base
+        self.preservedProviderBackedAccount = preservedProviderBackedAccount
+    }
+
+    func loadAccounts() throws -> ManagedCodexAccountSet {
+        try self.base.loadAccounts()
+    }
+
+    func storeAccounts(_ accounts: ManagedCodexAccountSet) throws {
+        let filteredAccounts = accounts.accounts.filter {
+            $0.id == self.preservedProviderBackedAccount.id || $0.providerAccountID != nil
+        }
+        try self.base.storeAccounts(ManagedCodexAccountSet(
+            version: accounts.version,
+            accounts: filteredAccounts))
+    }
+
+    func ensureFileExists() throws -> URL {
+        try self.base.ensureFileExists()
+    }
+}
diff --git a/Tests/CodexBarTests/CodexAccountPromotionPlanningTests.swift b/Tests/CodexBarTests/CodexAccountPromotionPlanningTests.swift
new file mode 100644
index 000000000..f731d69d1
--- /dev/null
+++ b/Tests/CodexBarTests/CodexAccountPromotionPlanningTests.swift
@@ -0,0 +1,227 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+@MainActor
+struct CodexAccountPromotionPlanningTests {
+    @Test
+    func `planner converges from direct auth identities without snapshot help`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionPlanningTests-converges")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "alpha@example.com",
+            authAccountID: "acct-alpha")
+        try container.persistAccounts([target])
+        _ = try container.writeLiveOAuthAuthFileWithoutEmail(accountID: "acct-alpha")
+
+        let context = try await self.makeContext(container: container, targetID: target.id)
+        let plan = CodexDisplacedLivePreservationPlanner().makePlan(context: context)
+
+        switch plan {
+        case let .none(reason):
+            #expect(reason == .targetMatchesLiveAuthIdentity)
+        case .reject, .importNew, .refreshExisting, .repairExisting:
+            Issue.record("Expected convergence plan")
+        }
+    }
+
+    @Test
+    func `planner refreshes already managed account when readable home identity matches live`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionPlanningTests-refresh")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let existingManagedLive = try container.createManagedAccount(
+            persistedEmail: "legacy@example.com",
+            authEmail: "alpha@example.com",
+            authAccountID: "acct-alpha",
+            persistedProviderAccountID: nil)
+        try container.persistAccounts([target, existingManagedLive])
+        _ = try container.writeLiveOAuthAuthFile(email: "alpha@example.com", accountID: "acct-alpha")
+
+        let context = try await self.makeContext(container: container, targetID: target.id)
+        let plan = CodexDisplacedLivePreservationPlanner().makePlan(context: context)
+
+        switch plan {
+        case let .refreshExisting(destination, reason):
+            #expect(destination.persisted.id == existingManagedLive.id)
+            #expect(reason == .readableHomeIdentityMatch)
+        case .none, .reject, .importNew, .repairExisting:
+            Issue.record("Expected refresh plan")
+        }
+    }
+
+    @Test
+    func `planner uses repair for persisted provider match before any import fallback`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionPlanningTests-repair-before-import")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let staleManaged = ManagedCodexAccount(
+            id: UUID(),
+            email: "alpha@example.com",
+            providerAccountID: "acct-alpha",
+            workspaceLabel: "Personal",
+            workspaceAccountID: "acct-alpha",
+            managedHomePath: container.managedHomesURL
+                .appendingPathComponent(UUID().uuidString, isDirectory: true).path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        try container.persistAccounts([target, staleManaged])
+        _ = try container.writeLiveOAuthAuthFile(email: "alpha@example.com", accountID: "acct-alpha")
+
+        let context = try await self.makeContext(container: container, targetID: target.id)
+        let plan = CodexDisplacedLivePreservationPlanner().makePlan(context: context)
+
+        switch plan {
+        case let .repairExisting(destination, reason):
+            #expect(destination.persisted.id == staleManaged.id)
+            #expect(reason == .persistedProviderMatchWithMissingHome)
+        case .none, .reject, .importNew, .refreshExisting:
+            Issue.record("Expected repair plan")
+        }
+    }
+
+    @Test
+    func `planner rejects persisted provider match when readable home belongs to a different account`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionPlanningTests-conflicting-readable-home")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let conflictingManaged = try container.createManagedAccount(
+            persistedEmail: "alpha@example.com",
+            authEmail: "gamma@example.com",
+            authAccountID: "acct-gamma",
+            persistedProviderAccountID: "acct-alpha",
+            useAuthAccountIDAsPersistedProviderAccountID: false)
+        try container.persistAccounts([target, conflictingManaged])
+        _ = try container.writeLiveOAuthAuthFile(email: "alpha@example.com", accountID: "acct-alpha")
+
+        let context = try await self.makeContext(container: container, targetID: target.id)
+        let plan = CodexDisplacedLivePreservationPlanner().makePlan(context: context)
+
+        switch plan {
+        case let .reject(reason):
+            #expect(reason == .conflictingReadableManagedHome)
+        case .none, .importNew, .refreshExisting, .repairExisting:
+            Issue.record("Expected reject plan")
+        }
+    }
+
+    @Test
+    func `planner uses legacy email repair instead of import when provider account upgrades old record`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionPlanningTests-legacy-repair")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let legacyManaged = ManagedCodexAccount(
+            id: UUID(),
+            email: "alpha@example.com",
+            providerAccountID: nil,
+            workspaceLabel: nil,
+            workspaceAccountID: nil,
+            managedHomePath: container.managedHomesURL
+                .appendingPathComponent(UUID().uuidString, isDirectory: true).path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: nil)
+        try container.persistAccounts([target, legacyManaged])
+        _ = try container.writeLiveOAuthAuthFile(email: "alpha@example.com", accountID: "acct-alpha")
+
+        let context = try await self.makeContext(container: container, targetID: target.id)
+        let plan = CodexDisplacedLivePreservationPlanner().makePlan(context: context)
+
+        switch plan {
+        case let .repairExisting(destination, reason):
+            #expect(destination.persisted.id == legacyManaged.id)
+            #expect(reason == .persistedLegacyEmailMatch)
+        case .none, .reject, .importNew, .refreshExisting:
+            Issue.record("Expected legacy email repair plan")
+        }
+    }
+
+    @Test
+    func `planner imports when same email belongs to a different provider account workspace`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionPlanningTests-import",
+            workspaceIdentities: [
+                "acct-personal": CodexOpenAIWorkspaceIdentity(
+                    workspaceAccountID: "acct-personal",
+                    workspaceLabel: "Personal"),
+            ])
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "alice@example.com",
+            authAccountID: "acct-team",
+            workspaceLabel: "Team",
+            workspaceAccountID: "acct-team")
+        try container.persistAccounts([target])
+        _ = try container.writeLiveOAuthAuthFile(email: "alice@example.com", accountID: "acct-personal")
+
+        let context = try await self.makeContext(container: container, targetID: target.id)
+        let plan = CodexDisplacedLivePreservationPlanner().makePlan(context: context)
+
+        switch plan {
+        case let .importNew(reason):
+            #expect(reason == .noExistingManagedDestination)
+        case .none, .reject, .refreshExisting, .repairExisting:
+            Issue.record("Expected import plan")
+        }
+    }
+
+    @Test
+    func `planner rejects api key only live auth`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionPlanningTests-api-key")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        try container.persistAccounts([target])
+        _ = try container.writeLiveAPIKeyAuthFile()
+
+        let context = try await self.makeContext(container: container, targetID: target.id)
+        let plan = CodexDisplacedLivePreservationPlanner().makePlan(context: context)
+
+        switch plan {
+        case let .reject(reason):
+            #expect(reason == .liveAPIKeyOnlyUnsupported)
+        case .none, .importNew, .refreshExisting, .repairExisting:
+            Issue.record("Expected reject plan")
+        }
+    }
+
+    private func makeContext(
+        container: CodexAccountPromotionTestContainer,
+        targetID: UUID)
+        async throws -> PreparedPromotionContext
+    {
+        let builder = PreparedPromotionContextBuilder(
+            store: container.fileStore,
+            workspaceResolver: container.workspaceResolver,
+            snapshotLoader: SettingsStoreCodexAccountReconciliationSnapshotLoader(settingsStore: container.settings),
+            authMaterialReader: DefaultCodexAuthMaterialReader(),
+            baseEnvironment: container.baseEnvironment,
+            fileManager: .default)
+        return try await builder.build(targetID: targetID)
+    }
+}
diff --git a/Tests/CodexBarTests/CodexAccountPromotionPreparationTests.swift b/Tests/CodexBarTests/CodexAccountPromotionPreparationTests.swift
new file mode 100644
index 000000000..f32cb1dd3
--- /dev/null
+++ b/Tests/CodexBarTests/CodexAccountPromotionPreparationTests.swift
@@ -0,0 +1,118 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+@MainActor
+struct CodexAccountPromotionPreparationTests {
+    @Test
+    func `builder carries direct auth identities for target and live`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionPreparationTests-direct-identities",
+            workspaceIdentities: [
+                "acct-alpha": CodexOpenAIWorkspaceIdentity(
+                    workspaceAccountID: "acct-alpha",
+                    workspaceLabel: "Personal"),
+                "acct-beta": CodexOpenAIWorkspaceIdentity(
+                    workspaceAccountID: "acct-beta",
+                    workspaceLabel: "Team"),
+            ])
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        try container.persistAccounts([target])
+        _ = try container.writeLiveOAuthAuthFile(email: "alpha@example.com", accountID: "acct-alpha")
+
+        let builder = PreparedPromotionContextBuilder(
+            store: container.fileStore,
+            workspaceResolver: container.workspaceResolver,
+            snapshotLoader: SettingsStoreCodexAccountReconciliationSnapshotLoader(settingsStore: container.settings),
+            authMaterialReader: DefaultCodexAuthMaterialReader(),
+            baseEnvironment: container.baseEnvironment,
+            fileManager: .default)
+
+        let context = try await builder.build(targetID: target.id)
+
+        #expect(context.target.authIdentity?.identity == .providerAccount(id: "acct-beta"))
+        #expect(context.target.authIdentity?.workspaceLabel == "Team")
+        #expect(context.live.authIdentity?.identity == .providerAccount(id: "acct-alpha"))
+        #expect(context.live.authIdentity?.workspaceLabel == "Personal")
+    }
+
+    @Test
+    func `builder preserves target missing auth as degraded home state`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionPreparationTests-target-missing-auth")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        try container.persistAccounts([target])
+        try FileManager.default.removeItem(
+            at: URL(fileURLWithPath: target.managedHomePath, isDirectory: true)
+                .appendingPathComponent("auth.json", isDirectory: false))
+
+        let builder = PreparedPromotionContextBuilder(
+            store: container.fileStore,
+            workspaceResolver: container.workspaceResolver,
+            snapshotLoader: SettingsStoreCodexAccountReconciliationSnapshotLoader(settingsStore: container.settings),
+            authMaterialReader: DefaultCodexAuthMaterialReader(),
+            baseEnvironment: container.baseEnvironment,
+            fileManager: .default)
+
+        let context = try await builder.build(targetID: target.id)
+
+        switch context.target.homeState {
+        case let .missing(homeURL):
+            #expect(homeURL.path == target.managedHomePath)
+        case .readable, .unreadable:
+            Issue.record("Expected target auth to be represented as missing")
+        }
+        #expect(context.target.authIdentity == nil)
+        #expect(context.target.persistedIdentity.identity == .providerAccount(id: "acct-beta"))
+    }
+
+    @Test
+    func `builder keeps persisted and direct home identity views separate`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionPreparationTests-persisted-vs-direct",
+            workspaceIdentities: [
+                "acct-alpha": CodexOpenAIWorkspaceIdentity(
+                    workspaceAccountID: "acct-alpha",
+                    workspaceLabel: "Personal"),
+            ])
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let legacy = try container.createManagedAccount(
+            persistedEmail: "legacy@example.com",
+            authEmail: "alpha@example.com",
+            authAccountID: "acct-alpha",
+            persistedProviderAccountID: nil,
+            useAuthAccountIDAsPersistedProviderAccountID: false)
+        try container.persistAccounts([target, legacy])
+
+        let builder = PreparedPromotionContextBuilder(
+            store: container.fileStore,
+            workspaceResolver: container.workspaceResolver,
+            snapshotLoader: SettingsStoreCodexAccountReconciliationSnapshotLoader(settingsStore: container.settings),
+            authMaterialReader: DefaultCodexAuthMaterialReader(),
+            baseEnvironment: container.baseEnvironment,
+            fileManager: .default)
+
+        let context = try await builder.build(targetID: target.id)
+        let preparedLegacy = try #require(context.storedManagedAccounts.first(where: { $0.persisted.id == legacy.id }))
+
+        #expect(preparedLegacy.persistedIdentity.email == "legacy@example.com")
+        #expect(preparedLegacy.persistedIdentity.identity == .emailOnly(normalizedEmail: "legacy@example.com"))
+        #expect(preparedLegacy.authIdentity?.email == "alpha@example.com")
+        #expect(preparedLegacy.authIdentity?.identity == .providerAccount(id: "acct-alpha"))
+        #expect(preparedLegacy.authIdentity?.workspaceLabel == "Personal")
+    }
+}
diff --git a/Tests/CodexBarTests/CodexAccountPromotionServiceTests.swift b/Tests/CodexBarTests/CodexAccountPromotionServiceTests.swift
new file mode 100644
index 000000000..cfa386906
--- /dev/null
+++ b/Tests/CodexBarTests/CodexAccountPromotionServiceTests.swift
@@ -0,0 +1,734 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+@MainActor
+struct CodexAccountPromotionServiceTests {
+    @Test
+    func `happy path promotion swaps target auth into live home`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-happy-path")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        try container.persistAccounts([target])
+        container.settings.codexActiveSource = .managedAccount(id: target.id)
+        try container.removeLiveAuthFile()
+
+        let targetAuthData = try container.managedAuthData(for: target)
+        let result = try await container.makeService().promoteManagedAccount(id: target.id)
+        let accounts = try container.loadAccounts().accounts
+
+        #expect(result.targetManagedAccountID == target.id)
+        #expect(result.outcome == .promoted)
+        #expect(result.displacedLiveDisposition == .none)
+        #expect(result.didMutateLiveAuth)
+        #expect(result.resultingActiveSource == .liveSystem)
+        #expect(try container.liveAuthData() == targetAuthData)
+        #expect(accounts.count == 1)
+        #expect(accounts.first?.id == target.id)
+        #expect(container.settings.codexActiveSource == .liveSystem)
+        #expect(container.usageStore.snapshots[.codex]?.accountEmail(for: .codex) == "beta@example.com")
+    }
+
+    @Test
+    func `displaced live oauth is imported before target auth is promoted`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-displaced-import",
+            workspaceIdentities: [
+                "acct-alpha": CodexOpenAIWorkspaceIdentity(
+                    workspaceAccountID: "acct-alpha",
+                    workspaceLabel: "Personal"),
+            ])
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        try container.persistAccounts([target])
+        container.settings.codexActiveSource = .managedAccount(id: target.id)
+        let displacedLiveAuthData = try container.writeLiveOAuthAuthFile(
+            email: "alpha@example.com",
+            accountID: "acct-alpha")
+
+        let result = try await container.makeService().promoteManagedAccount(id: target.id)
+        let accounts = try container.loadAccounts().accounts
+        let importedID: UUID
+        switch result.displacedLiveDisposition {
+        case let .imported(managedAccountID):
+            importedID = managedAccountID
+        case .none, .alreadyManaged:
+            Issue.record("Expected displaced live account import")
+            throw PromotionTestError.unexpectedDisposition
+        }
+        let imported = try #require(accounts.first(where: { $0.id == importedID }))
+
+        #expect(accounts.count == 2)
+        #expect(imported.email == "alpha@example.com")
+        #expect(imported.providerAccountID == "acct-alpha")
+        #expect(imported.workspaceLabel == "Personal")
+        #expect(imported.workspaceAccountID == "acct-alpha")
+        #expect(imported.authFingerprint == CodexAuthFingerprint.fingerprint(data: displacedLiveAuthData))
+        #expect(try container.managedAuthData(for: imported) == displacedLiveAuthData)
+        #expect(try container.liveAuthData() == container.managedAuthData(for: target))
+    }
+
+    @Test
+    func `displaced live already managed uses reconciliation identity dedupe`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-already-managed")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let existingManagedLive = try container.createManagedAccount(
+            persistedEmail: "legacy@example.com",
+            authEmail: "alpha@example.com",
+            authAccountID: "acct-alpha",
+            persistedProviderAccountID: nil)
+        try container.persistAccounts([target, existingManagedLive])
+        let liveAuthData = try container.writeLiveOAuthAuthFile(
+            email: "alpha@example.com",
+            accountID: "acct-alpha",
+            apiKey: "sk-fresh-live")
+
+        let result = try await container.makeService().promoteManagedAccount(id: target.id)
+        let accounts = try container.loadAccounts().accounts
+        let refreshedManagedLive = try #require(accounts.first(where: { $0.id == existingManagedLive.id }))
+
+        #expect(result.displacedLiveDisposition == .alreadyManaged(managedAccountID: existingManagedLive.id))
+        #expect(accounts.count == 2)
+        #expect(accounts.contains(where: { $0.id == existingManagedLive.id }))
+        #expect(refreshedManagedLive.authFingerprint == CodexAuthFingerprint.fingerprint(data: liveAuthData))
+        #expect(try container.managedAuthData(for: refreshedManagedLive) == liveAuthData)
+        #expect(try container.liveAuthData() == container.managedAuthData(for: target))
+    }
+
+    @Test
+    func `provider only live auth refreshes existing managed account using persisted email`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-already-managed-no-email")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let existingManagedLive = try container.createManagedAccount(
+            persistedEmail: "alpha@example.com",
+            authAccountID: "acct-alpha")
+        try container.persistAccounts([target, existingManagedLive])
+        let liveAuthData = try container.writeLiveOAuthAuthFileWithoutEmail(accountID: "acct-alpha")
+
+        let result = try await container.makeService().promoteManagedAccount(id: target.id)
+        let accounts = try container.loadAccounts().accounts
+        let refreshedManagedLive = try #require(accounts.first(where: { $0.id == existingManagedLive.id }))
+
+        #expect(result.displacedLiveDisposition == .alreadyManaged(managedAccountID: existingManagedLive.id))
+        #expect(refreshedManagedLive.email == "alpha@example.com")
+        #expect(refreshedManagedLive.providerAccountID == "acct-alpha")
+        #expect(refreshedManagedLive.authFingerprint == CodexAuthFingerprint.fingerprint(data: liveAuthData))
+        #expect(try container.managedAuthData(for: refreshedManagedLive) == liveAuthData)
+    }
+
+    @Test
+    func `provider only live auth matching target converges and keeps managed active source`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-provider-only-convergence")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "alpha@example.com",
+            authAccountID: "acct-alpha")
+        try container.persistAccounts([target])
+        let liveAuthData = try container.writeLiveOAuthAuthFileWithoutEmail(accountID: "acct-alpha")
+        container.settings.codexActiveSource = .managedAccount(id: target.id)
+
+        let result = try await container.makeService().promoteManagedAccount(id: target.id)
+
+        #expect(result.outcome == .convergedNoOp)
+        #expect(result.displacedLiveDisposition == .none)
+        #expect(result.didMutateLiveAuth == false)
+        #expect(result.resultingActiveSource == .managedAccount(id: target.id))
+        #expect(try container.liveAuthData() == liveAuthData)
+        #expect(try container.loadAccounts().accounts.count == 1)
+        #expect(container.settings.codexActiveSource == .managedAccount(id: target.id))
+    }
+
+    @Test
+    func `provider only live auth matching target converges when target managed auth is missing`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-provider-only-convergence-missing-target-auth")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "alpha@example.com",
+            authAccountID: "acct-alpha")
+        try container.persistAccounts([target])
+        container.settings.codexActiveSource = .managedAccount(id: target.id)
+        try FileManager.default.removeItem(
+            at: URL(fileURLWithPath: target.managedHomePath, isDirectory: true)
+                .appendingPathComponent("auth.json", isDirectory: false))
+        let liveAuthData = try container.writeLiveOAuthAuthFileWithoutEmail(accountID: "acct-alpha")
+
+        let result = try await container.makeService().promoteManagedAccount(id: target.id)
+
+        #expect(result.outcome == .convergedNoOp)
+        #expect(result.displacedLiveDisposition == .none)
+        #expect(result.didMutateLiveAuth == false)
+        #expect(result.resultingActiveSource == .managedAccount(id: target.id))
+        #expect(try container.liveAuthData() == liveAuthData)
+        #expect(container.settings.codexActiveSource == .managedAccount(id: target.id))
+    }
+
+    @Test
+    func `snapshot convergence no op does not require target managed auth file`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-snapshot-convergence-with-missing-target-auth")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "alpha@example.com",
+            authAccountID: "acct-alpha")
+        try container.persistAccounts([target])
+        try FileManager.default.removeItem(
+            at: URL(fileURLWithPath: target.managedHomePath, isDirectory: true)
+                .appendingPathComponent("auth.json", isDirectory: false))
+        container.settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "alpha@example.com",
+            codexHomePath: container.liveHomeURL.path,
+            observedAt: Date(),
+            identity: .emailOnly(normalizedEmail: "alpha@example.com"))
+        let liveAuthData = try container.writeLiveOAuthAuthFile(
+            email: "alpha@example.com",
+            accountID: "acct-alpha")
+
+        let result = try await container.makeService().promoteManagedAccount(id: target.id)
+
+        #expect(result.outcome == .convergedNoOp)
+        #expect(result.displacedLiveDisposition == .none)
+        #expect(result.didMutateLiveAuth == false)
+        #expect(try container.liveAuthData() == liveAuthData)
+    }
+
+    @Test
+    func `convergence no-op does not rewrite live auth or import displaced live`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-convergence")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "alpha@example.com",
+            authAccountID: "acct-alpha")
+        try container.persistAccounts([target])
+        let liveAuthData = try container.writeLiveOAuthAuthFile(
+            email: "alpha@example.com",
+            accountID: "acct-alpha")
+
+        let result = try await container.makeService().promoteManagedAccount(id: target.id)
+
+        #expect(result.outcome == .convergedNoOp)
+        #expect(result.displacedLiveDisposition == .none)
+        #expect(result.didMutateLiveAuth == false)
+        #expect(try container.liveAuthData() == liveAuthData)
+        #expect(try container.loadAccounts().accounts.count == 1)
+        #expect(container.settings.codexActiveSource == .liveSystem)
+    }
+
+    @Test
+    func `same email different workspace imports displaced live as a distinct managed account`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-same-email-different-workspace",
+            workspaceIdentities: [
+                "acct-personal": CodexOpenAIWorkspaceIdentity(
+                    workspaceAccountID: "acct-personal",
+                    workspaceLabel: "Personal"),
+            ])
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "alice@example.com",
+            authAccountID: "acct-team",
+            workspaceLabel: "Team",
+            workspaceAccountID: "acct-team")
+        try container.persistAccounts([target])
+        _ = try container.writeLiveOAuthAuthFile(email: "alice@example.com", accountID: "acct-personal")
+
+        let result = try await container.makeService().promoteManagedAccount(id: target.id)
+        let importedID: UUID
+        switch result.displacedLiveDisposition {
+        case let .imported(managedAccountID):
+            importedID = managedAccountID
+        case .none, .alreadyManaged:
+            Issue.record("Expected same-email different-workspace import")
+            throw PromotionTestError.unexpectedDisposition
+        }
+        let accounts = try container.loadAccounts().accounts
+        let imported = try #require(accounts.first(where: { $0.id == importedID }))
+
+        #expect(accounts.count == 2)
+        #expect(imported.id != target.id)
+        #expect(imported.email == "alice@example.com")
+        #expect(imported.providerAccountID == "acct-personal")
+        #expect(imported.workspaceLabel == "Personal")
+        #expect(imported.workspaceAccountID == "acct-personal")
+    }
+
+    @Test
+    func `mixed api key and oauth live auth still preserves displaced live identity`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-mixed-auth-preservation",
+            workspaceIdentities: [
+                "acct-alpha": CodexOpenAIWorkspaceIdentity(
+                    workspaceAccountID: "acct-alpha",
+                    workspaceLabel: "Personal"),
+            ])
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        try container.persistAccounts([target])
+        _ = try container.writeLiveOAuthAuthFile(
+            email: "alpha@example.com",
+            accountID: "acct-alpha",
+            apiKey: "sk-mixed-live")
+
+        let result = try await container.makeService().promoteManagedAccount(id: target.id)
+        let importedID: UUID
+        switch result.displacedLiveDisposition {
+        case let .imported(managedAccountID):
+            importedID = managedAccountID
+        case .none, .alreadyManaged:
+            Issue.record("Expected displaced live import for mixed auth material")
+            throw PromotionTestError.unexpectedDisposition
+        }
+        let imported = try #require(try container.loadAccounts().accounts.first(where: { $0.id == importedID }))
+
+        #expect(imported.email == "alpha@example.com")
+        #expect(imported.providerAccountID == "acct-alpha")
+        #expect(imported.workspaceLabel == "Personal")
+    }
+
+    @Test
+    func `store commit failure leaves live auth untouched because promotion preserves before mutating`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-store-failure")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        try container.persistAccounts([target])
+        let liveAuthData = try container.writeLiveOAuthAuthFile(
+            email: "alpha@example.com",
+            accountID: "acct-alpha")
+        let swapper = RecordingCodexLiveAuthSwapper()
+        let store = RecordingManagedCodexAccountStore(base: container.fileStore) { _ in
+            throw PromotionTestError.storeWriteFailed
+        }
+
+        await #expect(throws: CodexAccountPromotionError.managedStoreCommitFailed) {
+            try await container.makeService(
+                store: store,
+                liveAuthSwapper: swapper).promoteManagedAccount(id: target.id)
+        }
+
+        #expect(swapper.swapCallCount == 0)
+        #expect(try container.liveAuthData() == liveAuthData)
+        #expect(try container.loadAccounts().accounts.count == 1)
+        #expect(try container.loadAccounts().accounts.first?.id == target.id)
+        #expect(try container.managedHomeURLs().count == 1)
+    }
+
+    @Test
+    func `refresh store failure leaves existing managed metadata stale after auth copy`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-refresh-store-failure")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let existingManagedLive = try container.createManagedAccount(
+            persistedEmail: "alpha@example.com",
+            authAccountID: "acct-alpha")
+        try container.persistAccounts([target, existingManagedLive])
+        let originalManagedAuthData = try container.managedAuthData(for: existingManagedLive)
+        let liveAuthData = try container.writeLiveOAuthAuthFile(
+            email: "alpha@example.com",
+            accountID: "acct-alpha",
+            apiKey: "sk-refreshed-live")
+        let swapper = RecordingCodexLiveAuthSwapper()
+        let store = RecordingManagedCodexAccountStore(base: container.fileStore) { accounts in
+            if accounts.account(id: existingManagedLive.id)?
+                .lastAuthenticatedAt != existingManagedLive.lastAuthenticatedAt
+            {
+                throw PromotionTestError.storeWriteFailed
+            }
+        }
+
+        await #expect(throws: CodexAccountPromotionError.managedStoreCommitFailed) {
+            try await container.makeService(
+                store: store,
+                liveAuthSwapper: swapper).promoteManagedAccount(id: target.id)
+        }
+
+        let accounts = try container.loadAccounts().accounts
+        let persistedManagedLive = try #require(accounts.first(where: { $0.id == existingManagedLive.id }))
+        #expect(swapper.swapCallCount == 0)
+        #expect(try container.managedAuthData(for: persistedManagedLive) != originalManagedAuthData)
+        #expect(try container.managedAuthData(for: persistedManagedLive) == liveAuthData)
+        #expect(persistedManagedLive.lastAuthenticatedAt == existingManagedLive.lastAuthenticatedAt)
+    }
+
+    @Test
+    func `already managed refresh resolves workspace metadata from live auth home`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-already-managed-workspace-refresh")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let existingManagedLive = try container.createManagedAccount(
+            persistedEmail: "alpha@example.com",
+            authAccountID: "acct-alpha",
+            workspaceLabel: "Stale",
+            workspaceAccountID: "acct-alpha")
+        try container.persistAccounts([target, existingManagedLive])
+        _ = try container.writeLiveOAuthAuthFile(email: "alpha@example.com", accountID: "acct-alpha")
+
+        let service = CodexAccountPromotionService(
+            store: container.fileStore,
+            homeFactory: container.homeFactory,
+            identityReader: container.identityReader,
+            workspaceResolver: HomePathWorkspaceResolver(
+                byHomePath: [
+                    container.liveHomeURL.path: CodexOpenAIWorkspaceIdentity(
+                        workspaceAccountID: "acct-alpha",
+                        workspaceLabel: "Fresh"),
+                    existingManagedLive.managedHomePath: CodexOpenAIWorkspaceIdentity(
+                        workspaceAccountID: "acct-alpha",
+                        workspaceLabel: "Stale"),
+                ]),
+            snapshotLoader: SettingsStoreCodexAccountReconciliationSnapshotLoader(settingsStore: container.settings),
+            authMaterialReader: DefaultCodexAuthMaterialReader(),
+            liveAuthSwapper: DefaultCodexLiveAuthSwapper(),
+            activeSourceWriter: SettingsStoreCodexActiveSourceWriter(settingsStore: container.settings),
+            accountScopedRefresher: UsageStoreCodexAccountScopedRefresher(usageStore: container.usageStore),
+            baseEnvironment: container.baseEnvironment,
+            fileManager: .default)
+
+        let result = try await service.promoteManagedAccount(id: target.id)
+        let accounts = try container.loadAccounts().accounts
+        let refreshedManagedLive = try #require(accounts.first(where: { $0.id == existingManagedLive.id }))
+
+        #expect(result.displacedLiveDisposition == .alreadyManaged(managedAccountID: existingManagedLive.id))
+        #expect(refreshedManagedLive.workspaceLabel == "Fresh")
+        #expect(refreshedManagedLive.workspaceAccountID == "acct-alpha")
+    }
+
+    @Test
+    func `live swap failure keeps preserved displaced live import in the managed store`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-swap-failure")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        try container.persistAccounts([target])
+        container.settings.codexActiveSource = .managedAccount(id: target.id)
+        let liveAuthData = try container.writeLiveOAuthAuthFile(
+            email: "alpha@example.com",
+            accountID: "acct-alpha")
+        let swapper = RecordingCodexLiveAuthSwapper { _, _ in
+            throw PromotionTestError.swapFailed
+        }
+
+        await #expect(throws: CodexAccountPromotionError.liveAuthSwapFailed) {
+            try await container.makeService(liveAuthSwapper: swapper).promoteManagedAccount(id: target.id)
+        }
+
+        let accounts = try container.loadAccounts().accounts
+        let imported = try #require(accounts.first(where: { $0.id != target.id }))
+        #expect(accounts.count == 2)
+        #expect(imported.authFingerprint == CodexAuthFingerprint.fingerprint(data: liveAuthData))
+        #expect(try container.managedAuthData(for: imported) == liveAuthData)
+        #expect(try container.liveAuthData() == liveAuthData)
+        #expect(container.settings.codexActiveSource == .managedAccount(id: target.id))
+    }
+
+    @Test
+    func `target managed auth without email is rejected before swap`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-target-auth-missing-email")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "alpha@example.com",
+            authAccountID: "acct-alpha")
+        try container.persistAccounts([target])
+        container.settings.codexActiveSource = .managedAccount(id: target.id)
+        _ = try container.writeManagedOAuthAuthFileWithoutEmail(for: target, accountID: "acct-alpha")
+        let swapper = RecordingCodexLiveAuthSwapper()
+
+        await #expect(throws: CodexAccountPromotionError.targetManagedAccountAuthUnreadable) {
+            try await container.makeService(liveAuthSwapper: swapper).promoteManagedAccount(id: target.id)
+        }
+
+        #expect(swapper.swapCallCount == 0)
+        #expect(try container.liveAuthData() == nil)
+        #expect(try container.loadAccounts().accounts.count == 1)
+        #expect(container.settings.codexActiveSource == .managedAccount(id: target.id))
+    }
+
+    @Test
+    func `provider account collision after stale managed home repairs existing record to preserved auth`()
+        async throws
+    {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-stale-home-collision")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let existingID = UUID()
+        let staleHomeURL = container.managedHomesURL.appendingPathComponent(existingID.uuidString, isDirectory: true)
+        try FileManager.default.createDirectory(at: staleHomeURL, withIntermediateDirectories: true)
+        let staleManaged = ManagedCodexAccount(
+            id: existingID,
+            email: "alpha@example.com",
+            providerAccountID: "acct-alpha",
+            workspaceLabel: "Personal",
+            workspaceAccountID: "acct-alpha",
+            managedHomePath: staleHomeURL.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        try container.persistAccounts([target, staleManaged])
+        _ = try container.writeLiveOAuthAuthFile(email: "alpha@example.com", accountID: "acct-alpha")
+        let liveAuthData = try #require(try container.liveAuthData())
+
+        let result = try await container.makeService().promoteManagedAccount(id: target.id)
+        let accounts = try container.loadAccounts().accounts
+        let repairedManaged = try #require(accounts.first(where: { $0.id == staleManaged.id }))
+
+        #expect(result.displacedLiveDisposition == .alreadyManaged(managedAccountID: staleManaged.id))
+        #expect(accounts.count == 2)
+        #expect(repairedManaged.managedHomePath == staleHomeURL.path)
+        #expect(repairedManaged.authFingerprint == CodexAuthFingerprint.fingerprint(data: liveAuthData))
+        #expect(try container.managedAuthData(for: repairedManaged) == liveAuthData)
+        #expect(try container.managedHomeURLs().count == 2)
+    }
+
+    @Test
+    func `legacy email only managed account upgrades to provider identity during promotion`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-legacy-email-upgrade",
+            workspaceIdentities: [
+                "acct-alpha": CodexOpenAIWorkspaceIdentity(
+                    workspaceAccountID: "acct-alpha",
+                    workspaceLabel: "Personal"),
+            ])
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let legacyID = UUID()
+        let legacyHomeURL = container.managedHomesURL.appendingPathComponent(legacyID.uuidString, isDirectory: true)
+        try FileManager.default.createDirectory(at: legacyHomeURL, withIntermediateDirectories: true)
+        let legacyManaged = ManagedCodexAccount(
+            id: legacyID,
+            email: "alpha@example.com",
+            providerAccountID: nil,
+            workspaceLabel: nil,
+            workspaceAccountID: nil,
+            managedHomePath: legacyHomeURL.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: nil)
+        try container.persistAccounts([target, legacyManaged])
+        let liveAuthData = try container.writeLiveOAuthAuthFile(email: "alpha@example.com", accountID: "acct-alpha")
+
+        let result = try await container.makeService().promoteManagedAccount(id: target.id)
+        let accounts = try container.loadAccounts().accounts
+        let upgradedManaged = try #require(accounts.first(where: { $0.id == legacyManaged.id }))
+
+        #expect(result.displacedLiveDisposition == .alreadyManaged(managedAccountID: legacyManaged.id))
+        #expect(accounts.count == 2)
+        #expect(upgradedManaged.providerAccountID == "acct-alpha")
+        #expect(upgradedManaged.workspaceLabel == "Personal")
+        #expect(upgradedManaged.workspaceAccountID == "acct-alpha")
+        #expect(try container.managedAuthData(for: upgradedManaged) == liveAuthData)
+    }
+
+    @Test
+    func `unsafe managed home refresh is rejected before auth rewrite`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-unsafe-refresh-home")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let unsafeManagedLive = ManagedCodexAccount(
+            id: UUID(),
+            email: "alpha@example.com",
+            providerAccountID: "acct-alpha",
+            workspaceLabel: nil,
+            workspaceAccountID: "acct-alpha",
+            managedHomePath: container.rootURL.appendingPathComponent("unsafe-home", isDirectory: true).path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        try container.persistAccounts([target, unsafeManagedLive])
+        let liveAuthData = try container.writeLiveOAuthAuthFile(
+            email: "alpha@example.com",
+            accountID: "acct-alpha")
+
+        await #expect(throws: CodexAccountPromotionError.displacedLiveImportFailed) {
+            try await container.makeService().promoteManagedAccount(id: target.id)
+        }
+
+        let accounts = try container.loadAccounts().accounts
+        #expect(try container.liveAuthData() == liveAuthData)
+        #expect(FileManager.default.fileExists(atPath: unsafeManagedLive.managedHomePath) == false)
+        #expect(accounts.count == 2)
+        #expect(accounts.contains(where: { $0.id == target.id }))
+        #expect(accounts.contains(where: { $0.id == unsafeManagedLive.id }))
+    }
+
+    @Test
+    func `promotion rejects conflicting readable managed home before overwriting auth`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-conflicting-readable-home")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        let conflictingManaged = try container.createManagedAccount(
+            persistedEmail: "alpha@example.com",
+            authEmail: "gamma@example.com",
+            authAccountID: "acct-gamma",
+            persistedProviderAccountID: "acct-alpha",
+            useAuthAccountIDAsPersistedProviderAccountID: false)
+        try container.persistAccounts([target, conflictingManaged])
+        let liveAuthData = try container.writeLiveOAuthAuthFile(email: "alpha@example.com", accountID: "acct-alpha")
+        let conflictingAuthData = try container.managedAuthData(for: conflictingManaged)
+
+        await #expect(throws: CodexAccountPromotionError.displacedLiveManagedAccountConflict) {
+            try await container.makeService().promoteManagedAccount(id: target.id)
+        }
+
+        let accounts = try container.loadAccounts().accounts
+        let persistedConflict = try #require(accounts.first(where: { $0.id == conflictingManaged.id }))
+        #expect(try container.liveAuthData() == liveAuthData)
+        #expect(try container.managedAuthData(for: persistedConflict) == conflictingAuthData)
+        #expect(accounts.count == 2)
+    }
+
+    @Test
+    func `api key only live auth is rejected fail closed`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-api-key-only")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        try container.persistAccounts([target])
+        let liveAuthData = try container.writeLiveAPIKeyAuthFile()
+        let snapshotLoader =
+            StaticCodexAccountReconciliationSnapshotLoader(snapshot: CodexAccountReconciliationSnapshot(
+                storedAccounts: [target],
+                activeStoredAccount: nil,
+                liveSystemAccount: nil,
+                matchingStoredAccountForLiveSystemAccount: nil,
+                activeSource: .liveSystem,
+                hasUnreadableAddedAccountStore: false))
+
+        await #expect(throws: CodexAccountPromotionError.liveAccountAPIKeyOnlyUnsupported) {
+            try await container.makeService(snapshotLoader: snapshotLoader).promoteManagedAccount(id: target.id)
+        }
+
+        #expect(try container.liveAuthData() == liveAuthData)
+        #expect(try container.loadAccounts().accounts.count == 1)
+        #expect(try container.loadAccounts().accounts.first?.id == target.id)
+    }
+
+    @Test
+    func `post promotion refresh re-resolves codex state from the new live auth`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexAccountPromotionServiceTests-state-reresolution")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "beta@example.com",
+            authAccountID: "acct-beta")
+        try container.persistAccounts([target])
+        let snapshotLoader =
+            StaticCodexAccountReconciliationSnapshotLoader(snapshot: CodexAccountReconciliationSnapshot(
+                storedAccounts: [target],
+                activeStoredAccount: nil,
+                liveSystemAccount: nil,
+                matchingStoredAccountForLiveSystemAccount: nil,
+                activeSource: .liveSystem,
+                hasUnreadableAddedAccountStore: false))
+        _ = try container.writeLiveOAuthAuthFile(email: "alpha@example.com", accountID: "acct-alpha")
+        container.seedScopedRefreshState(
+            email: "alpha@example.com",
+            identity: .providerAccount(id: "acct-alpha"))
+        let refresher = ClosureCodexAccountScopedRefresher { _ in
+            let snapshot = UsageSnapshot(
+                primary: RateWindow(usedPercent: 12, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "beta@example.com",
+                    accountOrganization: nil,
+                    loginMethod: "Pro"))
+            let credits = CreditsSnapshot(remaining: 17, events: [], updatedAt: Date())
+            container.usageStore._setSnapshotForTesting(snapshot, provider: .codex)
+            container.usageStore.credits = credits
+            container.usageStore.lastCreditsSnapshot = credits
+            container.usageStore.lastCreditsSnapshotAccountKey = "beta@example.com"
+            container.usageStore.lastCreditsSource = .api
+            container.usageStore.lastCodexAccountScopedRefreshGuard = CodexAccountScopedRefreshGuard(
+                source: .liveSystem,
+                identity: .providerAccount(id: "acct-beta"),
+                accountKey: "beta@example.com")
+        }
+
+        let result = try await container.makeService(
+            snapshotLoader: snapshotLoader,
+            accountScopedRefresher: refresher)
+            .promoteManagedAccount(id: target.id)
+
+        #expect(result.outcome == .promoted)
+        #expect(container.usageStore.snapshots[.codex]?.accountEmail(for: .codex) == "beta@example.com")
+        #expect(container.usageStore.lastCreditsSnapshotAccountKey == "beta@example.com")
+        #expect(container.usageStore.lastCodexAccountScopedRefreshGuard?.identity == .providerAccount(id: "acct-beta"))
+        #expect(container.usageStore.lastCodexAccountScopedRefreshGuard?.accountKey == "beta@example.com")
+    }
+}
+
+private struct HomePathWorkspaceResolver: ManagedCodexWorkspaceResolving {
+    let byHomePath: [String: CodexOpenAIWorkspaceIdentity]
+
+    func resolveWorkspaceIdentity(
+        homePath: String,
+        providerAccountID _: String) async -> CodexOpenAIWorkspaceIdentity?
+    {
+        self.byHomePath[homePath]
+    }
+}
diff --git a/Tests/CodexBarTests/CodexAccountPromotionTestSupport.swift b/Tests/CodexBarTests/CodexAccountPromotionTestSupport.swift
new file mode 100644
index 000000000..99011ea11
--- /dev/null
+++ b/Tests/CodexBarTests/CodexAccountPromotionTestSupport.swift
@@ -0,0 +1,492 @@
+import CodexBarCore
+import Foundation
+@testable import CodexBar
+
+@MainActor
+final class CodexAccountPromotionTestContainer {
+    let suiteName: String
+    let rootURL: URL
+    let liveHomeURL: URL
+    let managedHomesURL: URL
+    let managedStoreURL: URL
+    let settings: SettingsStore
+    let usageStore: UsageStore
+    let fileStore: FileManagedCodexAccountStore
+    let homeFactory: ManagedCodexHomeFactory
+    let identityReader: DefaultManagedCodexIdentityReader
+    let workspaceResolver: any ManagedCodexWorkspaceResolving
+    let baseEnvironment: [String: String]
+
+    init(
+        suiteName: String,
+        workspaceIdentities: [String: CodexOpenAIWorkspaceIdentity] = [:]) throws
+    {
+        self.suiteName = suiteName
+        self.rootURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-account-promotion-tests", isDirectory: true)
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        self.liveHomeURL = self.rootURL.appendingPathComponent("liveHome", isDirectory: true)
+        self.managedHomesURL = self.rootURL.appendingPathComponent("managed-codex-homes", isDirectory: true)
+        self.managedStoreURL = self.rootURL.appendingPathComponent("managed-codex-accounts.json", isDirectory: false)
+        self.baseEnvironment = ["CODEX_HOME": self.liveHomeURL.path]
+        self.fileStore = FileManagedCodexAccountStore(fileURL: self.managedStoreURL, fileManager: .default)
+        self.homeFactory = ManagedCodexHomeFactory(root: self.managedHomesURL, fileManager: .default)
+        self.identityReader = DefaultManagedCodexIdentityReader()
+        self.workspaceResolver = StubManagedCodexWorkspaceResolver(identities: workspaceIdentities)
+
+        try FileManager.default.createDirectory(at: self.liveHomeURL, withIntermediateDirectories: true)
+        try FileManager.default.createDirectory(at: self.managedHomesURL, withIntermediateDirectories: true)
+        _ = try self.fileStore.ensureFileExists()
+
+        let defaults = UserDefaults(suiteName: suiteName)!
+        defaults.removePersistentDomain(forName: suiteName)
+        defaults.set(true, forKey: "providerDetectionCompleted")
+        self.settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suiteName),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        self.settings._test_activeManagedCodexAccount = nil
+        self.settings._test_activeManagedCodexRemoteHomePath = nil
+        self.settings._test_unreadableManagedCodexAccountStore = false
+        self.settings._test_managedCodexAccountStoreURL = self.managedStoreURL
+        self.settings._test_liveSystemCodexAccount = nil
+        self.settings._test_codexReconciliationEnvironment = self.baseEnvironment
+        self.settings.providerDetectionCompleted = true
+        self.settings.refreshFrequency = .manual
+        self.settings.codexCookieSource = .off
+
+        self.usageStore = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: self.settings,
+            startupBehavior: .testing)
+        self.installDynamicCodexUsageLoader()
+        self.usageStore._test_codexCreditsLoaderOverride = {
+            CreditsSnapshot(remaining: 17, events: [], updatedAt: Date())
+        }
+    }
+
+    func tearDown() {
+        self.usageStore._test_codexCreditsLoaderOverride = nil
+        self.settings._test_activeManagedCodexAccount = nil
+        self.settings._test_activeManagedCodexRemoteHomePath = nil
+        self.settings._test_unreadableManagedCodexAccountStore = false
+        self.settings._test_managedCodexAccountStoreURL = nil
+        self.settings._test_liveSystemCodexAccount = nil
+        self.settings._test_codexReconciliationEnvironment = nil
+        self.settings.userDefaults.removePersistentDomain(forName: self.suiteName)
+        try? FileManager.default.removeItem(at: self.rootURL)
+    }
+
+    func makeService(
+        store: (any ManagedCodexAccountStoring)? = nil,
+        liveAuthSwapper: (any CodexLiveAuthSwapping)? = nil,
+        activeSourceWriter: (any CodexActiveSourceWriting)? = nil,
+        snapshotLoader: (any CodexAccountReconciliationSnapshotLoading)? = nil,
+        accountScopedRefresher: (any CodexAccountScopedRefreshing)? = nil)
+        -> CodexAccountPromotionService
+    {
+        CodexAccountPromotionService(
+            store: store ?? self.fileStore,
+            homeFactory: self.homeFactory,
+            identityReader: self.identityReader,
+            workspaceResolver: self.workspaceResolver,
+            snapshotLoader: snapshotLoader
+                ?? SettingsStoreCodexAccountReconciliationSnapshotLoader(settingsStore: self.settings),
+            authMaterialReader: DefaultCodexAuthMaterialReader(),
+            liveAuthSwapper: liveAuthSwapper ?? DefaultCodexLiveAuthSwapper(),
+            activeSourceWriter: activeSourceWriter
+                ?? SettingsStoreCodexActiveSourceWriter(settingsStore: self.settings),
+            accountScopedRefresher: accountScopedRefresher
+                ?? UsageStoreCodexAccountScopedRefresher(usageStore: self.usageStore),
+            baseEnvironment: self.baseEnvironment,
+            fileManager: .default)
+    }
+
+    func installDynamicCodexUsageLoader(usedPercent: Double = 12) {
+        let baseSpec = self.usageStore.providerSpecs[.codex]!
+        let liveHomePath = self.liveHomeURL.path
+        let identityReader = self.identityReader
+        self.usageStore
+            .providerSpecs[.codex] = makeCodexProviderSpec(baseSpec: baseSpec) {
+                let liveEmail = (try? identityReader.loadAccountIdentity(homePath: liveHomePath).email)
+                    ?? "unknown@example.com"
+                return UsageSnapshot(
+                    primary: RateWindow(
+                        usedPercent: usedPercent,
+                        windowMinutes: 300,
+                        resetsAt: nil,
+                        resetDescription: nil),
+                    secondary: nil,
+                    updatedAt: Date(),
+                    identity: ProviderIdentitySnapshot(
+                        providerID: .codex,
+                        accountEmail: liveEmail,
+                        accountOrganization: nil,
+                        loginMethod: "Pro"))
+            }
+    }
+
+    @discardableResult
+    func createManagedAccount(
+        id: UUID = UUID(),
+        persistedEmail: String,
+        authEmail: String? = nil,
+        authAccountID: String? = nil,
+        persistedProviderAccountID: String? = nil,
+        useAuthAccountIDAsPersistedProviderAccountID: Bool = true,
+        workspaceLabel: String? = nil,
+        workspaceAccountID: String? = nil,
+        plan: String = "Pro") throws -> ManagedCodexAccount
+    {
+        let homeURL = self.managedHomesURL.appendingPathComponent(id.uuidString, isDirectory: true)
+        let createdAt = Date().timeIntervalSince1970
+        let authData = try self.writeOAuthAuthFile(
+            homeURL: homeURL,
+            email: authEmail ?? persistedEmail,
+            plan: plan,
+            accountID: authAccountID)
+        let persistedProviderAccountIDValue: String? =
+            if useAuthAccountIDAsPersistedProviderAccountID {
+                persistedProviderAccountID ?? authAccountID
+            } else {
+                persistedProviderAccountID
+            }
+        return ManagedCodexAccount(
+            id: id,
+            email: persistedEmail,
+            providerAccountID: persistedProviderAccountIDValue,
+            workspaceLabel: workspaceLabel,
+            workspaceAccountID: workspaceAccountID ?? authAccountID,
+            authFingerprint: CodexAuthFingerprint.fingerprint(data: authData),
+            managedHomePath: homeURL.path,
+            createdAt: createdAt,
+            updatedAt: createdAt,
+            lastAuthenticatedAt: createdAt)
+    }
+
+    func persistAccounts(_ accounts: [ManagedCodexAccount]) throws {
+        try self.fileStore.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: accounts))
+    }
+
+    func loadAccounts() throws -> ManagedCodexAccountSet {
+        try self.fileStore.loadAccounts()
+    }
+
+    @discardableResult
+    func writeLiveOAuthAuthFile(
+        email: String,
+        plan: String = "Pro",
+        accountID: String? = nil,
+        apiKey: String? = nil) throws -> Data
+    {
+        try self.writeOAuthAuthFile(
+            homeURL: self.liveHomeURL,
+            email: email,
+            plan: plan,
+            accountID: accountID,
+            apiKey: apiKey)
+    }
+
+    @discardableResult
+    func writeLiveAPIKeyAuthFile(apiKey: String = "sk-live-only") throws -> Data {
+        let data = try JSONSerialization.data(
+            withJSONObject: ["OPENAI_API_KEY": apiKey],
+            options: [.sortedKeys])
+        try FileManager.default.createDirectory(at: self.liveHomeURL, withIntermediateDirectories: true)
+        try data.write(to: Self.authFileURL(for: self.liveHomeURL), options: .atomic)
+        return data
+    }
+
+    @discardableResult
+    func writeLiveOAuthAuthFileWithoutEmail(accountID: String, apiKey: String? = nil) throws -> Data {
+        try self.writeOAuthAuthFileWithoutEmail(
+            homeURL: self.liveHomeURL,
+            accountID: accountID,
+            apiKey: apiKey)
+    }
+
+    @discardableResult
+    func writeManagedOAuthAuthFileWithoutEmail(
+        for account: ManagedCodexAccount,
+        accountID: String,
+        apiKey: String? = nil) throws -> Data
+    {
+        try self.writeOAuthAuthFileWithoutEmail(
+            homeURL: URL(fileURLWithPath: account.managedHomePath, isDirectory: true),
+            accountID: accountID,
+            apiKey: apiKey)
+    }
+
+    @discardableResult
+    private func writeOAuthAuthFileWithoutEmail(
+        homeURL: URL,
+        accountID: String,
+        apiKey: String? = nil) throws -> Data
+    {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+
+        let tokens: [String: Any] = [
+            "accessToken": "access-\(accountID)",
+            "refreshToken": "refresh-\(accountID)",
+            "accountId": accountID,
+        ]
+        var json: [String: Any] = [
+            "tokens": tokens,
+            "last_refresh": "2026-04-05T00:00:00Z",
+        ]
+        if let apiKey {
+            json["OPENAI_API_KEY"] = apiKey
+        }
+
+        let data = try JSONSerialization.data(withJSONObject: json, options: [.sortedKeys])
+        try data.write(to: Self.authFileURL(for: homeURL), options: .atomic)
+        return data
+    }
+
+    func removeLiveAuthFile() throws {
+        let authFileURL = Self.authFileURL(for: self.liveHomeURL)
+        if FileManager.default.fileExists(atPath: authFileURL.path) {
+            try FileManager.default.removeItem(at: authFileURL)
+        }
+    }
+
+    func liveAuthData() throws -> Data? {
+        let authFileURL = Self.authFileURL(for: self.liveHomeURL)
+        guard FileManager.default.fileExists(atPath: authFileURL.path) else { return nil }
+        return try Data(contentsOf: authFileURL)
+    }
+
+    func managedAuthData(for account: ManagedCodexAccount) throws -> Data {
+        try Data(contentsOf: Self.authFileURL(for: URL(fileURLWithPath: account.managedHomePath, isDirectory: true)))
+    }
+
+    func managedHomeURLs() throws -> [URL] {
+        let urls = try FileManager.default.contentsOfDirectory(
+            at: self.managedHomesURL,
+            includingPropertiesForKeys: nil)
+        return urls.sorted { $0.lastPathComponent < $1.lastPathComponent }
+    }
+
+    func seedScopedRefreshState(email: String, identity: CodexIdentity) {
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 4, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: email,
+                accountOrganization: nil,
+                loginMethod: "Pro"))
+        let credits = CreditsSnapshot(remaining: 3, events: [], updatedAt: Date())
+
+        self.usageStore._setSnapshotForTesting(snapshot, provider: .codex)
+        self.usageStore.credits = credits
+        self.usageStore.lastCreditsSnapshot = credits
+        self.usageStore.lastCreditsSnapshotAccountKey = email
+        self.usageStore.lastCreditsSource = .api
+        self.usageStore.lastCodexAccountScopedRefreshGuard = CodexAccountScopedRefreshGuard(
+            source: .liveSystem,
+            identity: identity,
+            accountKey: email)
+    }
+
+    @discardableResult
+    private func writeOAuthAuthFile(
+        homeURL: URL,
+        email: String,
+        plan: String,
+        accountID: String?,
+        apiKey: String? = nil) throws -> Data
+    {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+
+        var tokens: [String: Any] = [
+            "accessToken": "access-\(email)",
+            "refreshToken": "refresh-\(email)",
+            "idToken": Self.fakeJWT(email: email, plan: plan, accountID: accountID),
+        ]
+        if let accountID {
+            tokens["accountId"] = accountID
+        }
+
+        var json: [String: Any] = [
+            "tokens": tokens,
+            "last_refresh": "2026-04-05T00:00:00Z",
+        ]
+        if let apiKey {
+            json["OPENAI_API_KEY"] = apiKey
+        }
+
+        let data = try JSONSerialization.data(withJSONObject: json, options: [.sortedKeys])
+        try data.write(to: Self.authFileURL(for: homeURL), options: .atomic)
+        return data
+    }
+
+    private static func fakeJWT(email: String, plan: String, accountID: String?) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        var authClaims: [String: Any] = [
+            "chatgpt_plan_type": plan,
+        ]
+        if let accountID {
+            authClaims["chatgpt_account_id"] = accountID
+        }
+        let payload = (try? JSONSerialization.data(withJSONObject: [
+            "email": email,
+            "chatgpt_plan_type": plan,
+            "https://api.openai.com/auth": authClaims,
+        ])) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
+
+    private static func authFileURL(for homeURL: URL) -> URL {
+        homeURL.appendingPathComponent("auth.json", isDirectory: false)
+    }
+}
+
+private func makeCodexProviderSpec(
+    baseSpec: ProviderSpec,
+    loader: @escaping @Sendable () async throws -> UsageSnapshot) -> ProviderSpec
+{
+    let baseDescriptor = baseSpec.descriptor
+    let strategy = TestPromotionCodexFetchStrategy(loader: loader)
+    let descriptor = ProviderDescriptor(
+        id: .codex,
+        metadata: baseDescriptor.metadata,
+        branding: baseDescriptor.branding,
+        tokenCost: baseDescriptor.tokenCost,
+        fetchPlan: ProviderFetchPlan(
+            sourceModes: [.auto, .cli, .oauth],
+            pipeline: ProviderFetchPipeline { _ in [strategy] }),
+        cli: baseDescriptor.cli)
+    return ProviderSpec(
+        style: baseSpec.style,
+        isEnabled: baseSpec.isEnabled,
+        descriptor: descriptor,
+        makeFetchContext: baseSpec.makeFetchContext)
+}
+
+private struct TestPromotionCodexFetchStrategy: ProviderFetchStrategy {
+    let loader: @Sendable () async throws -> UsageSnapshot
+
+    var id: String {
+        "test-promotion-codex"
+    }
+
+    var kind: ProviderFetchKind {
+        .cli
+    }
+
+    func isAvailable(_: ProviderFetchContext) async -> Bool {
+        true
+    }
+
+    func fetch(_: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let snapshot = try await self.loader()
+        return self.makeResult(usage: snapshot, sourceLabel: "test-promotion-codex")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+}
+
+final class RecordingManagedCodexAccountStore: ManagedCodexAccountStoring, @unchecked Sendable {
+    let base: any ManagedCodexAccountStoring
+    var storedSnapshots: [ManagedCodexAccountSet] = []
+    var onStore: (@Sendable (ManagedCodexAccountSet) throws -> Void)?
+
+    init(
+        base: any ManagedCodexAccountStoring,
+        onStore: (@Sendable (ManagedCodexAccountSet) throws -> Void)? = nil)
+    {
+        self.base = base
+        self.onStore = onStore
+    }
+
+    func loadAccounts() throws -> ManagedCodexAccountSet {
+        try self.base.loadAccounts()
+    }
+
+    func storeAccounts(_ accounts: ManagedCodexAccountSet) throws {
+        self.storedSnapshots.append(accounts)
+        try self.onStore?(accounts)
+        try self.base.storeAccounts(accounts)
+    }
+
+    func ensureFileExists() throws -> URL {
+        try self.base.ensureFileExists()
+    }
+}
+
+final class RecordingCodexLiveAuthSwapper: CodexLiveAuthSwapping, @unchecked Sendable {
+    let base: any CodexLiveAuthSwapping
+    var swapCallCount = 0
+    var swappedData: [Data] = []
+    var onSwap: (@Sendable (Data, URL) throws -> Void)?
+
+    init(
+        base: any CodexLiveAuthSwapping = DefaultCodexLiveAuthSwapper(),
+        onSwap: (@Sendable (Data, URL) throws -> Void)? = nil)
+    {
+        self.base = base
+        self.onSwap = onSwap
+    }
+
+    func swapLiveAuthData(_ data: Data, liveHomeURL: URL) throws {
+        self.swapCallCount += 1
+        self.swappedData.append(data)
+        try self.onSwap?(data, liveHomeURL)
+        try self.base.swapLiveAuthData(data, liveHomeURL: liveHomeURL)
+    }
+}
+
+enum PromotionTestError: Error, Equatable {
+    case storeWriteFailed
+    case swapFailed
+    case unexpectedDisposition
+}
+
+private struct StubManagedCodexWorkspaceResolver: ManagedCodexWorkspaceResolving {
+    let identities: [String: CodexOpenAIWorkspaceIdentity]
+
+    func resolveWorkspaceIdentity(
+        homePath _: String,
+        providerAccountID: String) async -> CodexOpenAIWorkspaceIdentity?
+    {
+        self.identities[providerAccountID]
+    }
+}
+
+@MainActor
+struct StaticCodexAccountReconciliationSnapshotLoader: CodexAccountReconciliationSnapshotLoading {
+    let snapshot: CodexAccountReconciliationSnapshot
+
+    func loadSnapshot() -> CodexAccountReconciliationSnapshot {
+        self.snapshot
+    }
+}
+
+@MainActor
+final class ClosureCodexAccountScopedRefresher: CodexAccountScopedRefreshing {
+    private let onRefresh: @MainActor (Bool) async -> Void
+
+    init(onRefresh: @escaping @MainActor (Bool) async -> Void) {
+        self.onRefresh = onRefresh
+    }
+
+    func refreshCodexAccountScopedState(allowDisabled: Bool) async {
+        await self.onRefresh(allowDisabled)
+    }
+}
diff --git a/Tests/CodexBarTests/CodexAccountProviderIdentityReconciliationTests.swift b/Tests/CodexBarTests/CodexAccountProviderIdentityReconciliationTests.swift
new file mode 100644
index 000000000..79517f800
--- /dev/null
+++ b/Tests/CodexBarTests/CodexAccountProviderIdentityReconciliationTests.swift
@@ -0,0 +1,48 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct CodexAccountProviderIdentityReconciliationTests {
+    @Test
+    func `same provider account id with different email does not merge live and managed rows`() {
+        let stored = ManagedCodexAccount(
+            id: UUID(),
+            email: "mi.chaelfmk5542@gmail.com",
+            providerAccountID: "team-4107",
+            workspaceLabel: "4107",
+            workspaceAccountID: "team-4107",
+            managedHomePath: "/tmp/managed-a",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let live = ObservedSystemCodexAccount(
+            email: "mich.aelfmk5542@gmail.com",
+            workspaceLabel: "4107",
+            workspaceAccountID: "team-4107",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date(),
+            identity: .providerAccount(id: "team-4107"))
+        let snapshot = CodexAccountReconciliationSnapshot(
+            storedAccounts: [stored],
+            activeStoredAccount: stored,
+            liveSystemAccount: live,
+            matchingStoredAccountForLiveSystemAccount: nil,
+            activeSource: .managedAccount(id: stored.id),
+            hasUnreadableAddedAccountStore: false,
+            storedAccountRuntimeIdentities: [stored.id: .providerAccount(id: "team-4107")],
+            storedAccountRuntimeEmails: [stored.id: "mi.chaelfmk5542@gmail.com"])
+
+        let resolution = CodexActiveSourceResolver.resolve(from: snapshot)
+        let projection = CodexVisibleAccountProjection.make(from: snapshot)
+
+        #expect(resolution.resolvedSource == .managedAccount(id: stored.id))
+        #expect(projection.visibleAccounts.count == 2)
+        #expect(projection.visibleAccounts.map(\.email).sorted() == [
+            "mi.chaelfmk5542@gmail.com",
+            "mich.aelfmk5542@gmail.com",
+        ])
+        #expect(projection.activeVisibleAccountID == "mi.chaelfmk5542@gmail.com")
+        #expect(projection.liveVisibleAccountID == "mich.aelfmk5542@gmail.com")
+    }
+}
diff --git a/Tests/CodexBarTests/CodexAccountReconciliationTests.swift b/Tests/CodexBarTests/CodexAccountReconciliationTests.swift
new file mode 100644
index 000000000..438ae652a
--- /dev/null
+++ b/Tests/CodexBarTests/CodexAccountReconciliationTests.swift
@@ -0,0 +1,859 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+struct CodexAccountReconciliationTests {
+    @MainActor
+    private static func makeSettings(suite: String) throws -> SettingsStore {
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        defaults.set(true, forKey: "providerDetectionCompleted")
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.providerDetectionCompleted = true
+        return settings
+    }
+
+    @Test
+    @MainActor
+    func `settings store exposes codex reconciliation accessors using managed and live overrides`() throws {
+        let suite = "CodexAccountReconciliationTests-settings-store"
+        let settings = try Self.makeSettings(suite: suite)
+        let managed = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let live = ObservedSystemCodexAccount(
+            email: "system@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings._test_activeManagedCodexAccount = managed
+        settings._test_liveSystemCodexAccount = live
+        settings.codexActiveSource = .managedAccount(id: managed.id)
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_liveSystemCodexAccount = nil
+        }
+
+        let snapshot = settings.codexAccountReconciliationSnapshot
+        let projection = settings.codexVisibleAccountProjection
+
+        #expect(settings.codexActiveSource == .managedAccount(id: managed.id))
+        #expect(snapshot.storedAccounts.map(\.id) == [managed.id])
+        #expect(snapshot.storedAccounts.map(\.email) == [managed.email])
+        #expect(snapshot.activeStoredAccount?.id == managed.id)
+        #expect(snapshot.activeStoredAccount?.email == managed.email)
+        #expect(snapshot.liveSystemAccount?.email == live.email)
+        #expect(snapshot.liveSystemAccount?.codexHomePath == live.codexHomePath)
+        #expect(snapshot.liveSystemAccount?.observedAt == live.observedAt)
+        #expect(snapshot.liveSystemAccount?.identity == .emailOnly(normalizedEmail: "system@example.com"))
+        #expect(snapshot.matchingStoredAccountForLiveSystemAccount == nil)
+        #expect(snapshot.activeSource == .managedAccount(id: managed.id))
+        #expect(snapshot.hasUnreadableAddedAccountStore == false)
+        #expect(Set(projection.visibleAccounts.map(\.email)) == ["managed@example.com", "system@example.com"])
+        #expect(settings.codexVisibleAccounts == projection.visibleAccounts)
+        #expect(projection.activeVisibleAccountID == "managed@example.com")
+        #expect(projection.liveVisibleAccountID == "system@example.com")
+    }
+
+    @Test
+    @MainActor
+    func `settings store managed override does not leak ambient live system account`() throws {
+        let suite = "CodexAccountReconciliationTests-managed-only"
+        let settings = try Self.makeSettings(suite: suite)
+        let managed = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        settings._test_activeManagedCodexAccount = managed
+        settings.codexActiveSource = .managedAccount(id: managed.id)
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+        }
+
+        let snapshot = settings.codexAccountReconciliationSnapshot
+        let projection = settings.codexVisibleAccountProjection
+
+        #expect(settings.codexActiveSource == .managedAccount(id: managed.id))
+        #expect(snapshot.liveSystemAccount == nil)
+        #expect(snapshot.matchingStoredAccountForLiveSystemAccount == nil)
+        #expect(snapshot.activeSource == .managedAccount(id: managed.id))
+        #expect(projection.visibleAccounts.map(\.email) == ["managed@example.com"])
+        #expect(projection.activeVisibleAccountID == "managed@example.com")
+        #expect(projection.liveVisibleAccountID == nil)
+    }
+
+    @Test
+    @MainActor
+    func `settings store reconciliation environment override drives live observation with synthetic store`() throws {
+        let suite = "CodexAccountReconciliationTests-environment-only"
+        let settings = try Self.makeSettings(suite: suite)
+        let ambientHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        try Self.writeCodexAuthFile(homeURL: ambientHome, email: "ambient@example.com", plan: "pro")
+        settings._test_codexReconciliationEnvironment = ["CODEX_HOME": ambientHome.path]
+        defer {
+            settings._test_codexReconciliationEnvironment = nil
+            try? FileManager.default.removeItem(at: ambientHome)
+        }
+
+        let snapshot = settings.codexAccountReconciliationSnapshot
+        let projection = settings.codexVisibleAccountProjection
+
+        #expect(settings.codexActiveSource == .liveSystem)
+        #expect(snapshot.storedAccounts.isEmpty)
+        #expect(snapshot.activeStoredAccount == nil)
+        #expect(snapshot.liveSystemAccount?.email == "ambient@example.com")
+        #expect(snapshot.liveSystemAccount?.codexHomePath == ambientHome.path)
+        #expect(snapshot.matchingStoredAccountForLiveSystemAccount == nil)
+        #expect(snapshot.activeSource == .liveSystem)
+        #expect(projection.visibleAccounts.map(\.email) == ["ambient@example.com"])
+        #expect(projection.activeVisibleAccountID == "ambient@example.com")
+        #expect(projection.liveVisibleAccountID == "ambient@example.com")
+    }
+
+    @Test
+    @MainActor
+    func `settings store home path override also keeps reconciliation hermetic`() throws {
+        let suite = "CodexAccountReconciliationTests-home-path-only"
+        let settings = try Self.makeSettings(suite: suite)
+        settings._test_activeManagedCodexRemoteHomePath = "/tmp/managed-route-home"
+        settings._test_liveSystemCodexAccount = nil
+        settings._test_codexReconciliationEnvironment = nil
+        defer {
+            settings._test_activeManagedCodexRemoteHomePath = nil
+            settings._test_liveSystemCodexAccount = nil
+            settings._test_codexReconciliationEnvironment = nil
+        }
+
+        let snapshot = settings.codexAccountReconciliationSnapshot
+        let projection = settings.codexVisibleAccountProjection
+
+        #expect(snapshot.storedAccounts.isEmpty)
+        #expect(snapshot.activeStoredAccount == nil)
+        #expect(snapshot.liveSystemAccount == nil)
+        #expect(snapshot.matchingStoredAccountForLiveSystemAccount == nil)
+        #expect(projection.visibleAccounts.isEmpty)
+        #expect(projection.activeVisibleAccountID == nil)
+        #expect(projection.liveVisibleAccountID == nil)
+    }
+
+    @Test
+    @MainActor
+    func `settings store home path override keeps active source hermetic without persisted source`() throws {
+        let suite = "CodexAccountReconciliationTests-home-path-hermetic-source"
+        let settings = try Self.makeSettings(suite: suite)
+        let ambient = ManagedCodexAccount(
+            id: UUID(),
+            email: "ambient-managed@example.com",
+            managedHomePath: "/tmp/ambient-managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let accounts = ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [ambient])
+        let storeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-managed-store-\(UUID().uuidString).json")
+        try Self.writeManagedCodexStore(accounts, to: storeURL)
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_activeManagedCodexRemoteHomePath = "/tmp/managed-route-home"
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_activeManagedCodexRemoteHomePath = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        let snapshot = settings.codexAccountReconciliationSnapshot
+
+        #expect(settings.codexActiveSource == .liveSystem)
+        #expect(settings.providerConfig(for: .codex)?.codexActiveSource == nil)
+        #expect(snapshot.storedAccounts.map(\.id) == [ambient.id])
+        #expect(snapshot.storedAccounts.map(\.email) == [ambient.email])
+        #expect(snapshot.activeStoredAccount == nil)
+        #expect(snapshot.activeSource == .liveSystem)
+    }
+
+    @Test
+    @MainActor
+    func `settings store normal reconciliation path honors persisted active source`() throws {
+        let suite = "CodexAccountReconciliationTests-normal-path-active-source"
+        let settings = try Self.makeSettings(suite: suite)
+        let persistedSource = CodexActiveSource.managedAccount(id: UUID())
+        settings.codexActiveSource = persistedSource
+
+        let snapshot = settings.codexAccountReconciliationSnapshot
+
+        #expect(snapshot.activeSource == persistedSource)
+    }
+
+    @Test
+    @MainActor
+    func `settings store debug managed store U R L override loads on disk accounts`() throws {
+        let suite = "CodexAccountReconciliationTests-debug-store-url"
+        let settings = try Self.makeSettings(suite: suite)
+        let stored = ManagedCodexAccount(
+            id: UUID(),
+            email: "stored@example.com",
+            managedHomePath: "/tmp/stored-managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let accounts = ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [stored])
+        let storeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-managed-store-\(UUID().uuidString).json")
+        try Self.writeManagedCodexStore(accounts, to: storeURL)
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings.codexActiveSource = .managedAccount(id: stored.id)
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        let snapshot = settings.codexAccountReconciliationSnapshot
+
+        #expect(snapshot.storedAccounts.map(\.id) == [stored.id])
+        #expect(snapshot.storedAccounts.map(\.email) == [stored.email])
+        #expect(snapshot.activeStoredAccount?.id == stored.id)
+        #expect(snapshot.activeStoredAccount?.email == stored.email)
+        #expect(snapshot.activeSource == .managedAccount(id: stored.id))
+    }
+
+    @Test
+    func `live only visible account is active when active source is live system`() {
+        let live = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        let projection = CodexVisibleAccountProjection.make(from: CodexAccountReconciliationSnapshot(
+            storedAccounts: [],
+            activeStoredAccount: nil,
+            liveSystemAccount: live,
+            matchingStoredAccountForLiveSystemAccount: nil,
+            activeSource: .liveSystem,
+            hasUnreadableAddedAccountStore: false))
+
+        #expect(projection.visibleAccounts.map(\.email) == ["live@example.com"])
+        #expect(projection.activeVisibleAccountID == "live@example.com")
+        #expect(projection.liveVisibleAccountID == "live@example.com")
+    }
+
+    @Test
+    func `workspace hydration changes snapshot equality and visible display state`() {
+        let accountID = UUID()
+        let baseAccount = ManagedCodexAccount(
+            id: accountID,
+            email: "user@example.com",
+            providerAccountID: "account-live",
+            managedHomePath: "/tmp/managed-a",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let hydratedAccount = ManagedCodexAccount(
+            id: accountID,
+            email: "user@example.com",
+            providerAccountID: "account-live",
+            workspaceLabel: "Team Alpha",
+            workspaceAccountID: "account-live",
+            managedHomePath: "/tmp/managed-a",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let baseSnapshot = CodexAccountReconciliationSnapshot(
+            storedAccounts: [baseAccount],
+            activeStoredAccount: baseAccount,
+            liveSystemAccount: nil,
+            matchingStoredAccountForLiveSystemAccount: nil,
+            activeSource: .managedAccount(id: accountID),
+            hasUnreadableAddedAccountStore: false)
+        let hydratedSnapshot = CodexAccountReconciliationSnapshot(
+            storedAccounts: [hydratedAccount],
+            activeStoredAccount: hydratedAccount,
+            liveSystemAccount: nil,
+            matchingStoredAccountForLiveSystemAccount: nil,
+            activeSource: .managedAccount(id: accountID),
+            hasUnreadableAddedAccountStore: false)
+
+        let baseProjection = CodexVisibleAccountProjection.make(from: baseSnapshot)
+        let hydratedProjection = CodexVisibleAccountProjection.make(from: hydratedSnapshot)
+
+        #expect(baseSnapshot != hydratedSnapshot)
+        #expect(baseProjection.visibleAccounts.first?.displayName == "user@example.com")
+        #expect(hydratedProjection.visibleAccounts.first?.displayName == "user@example.com — Team Alpha")
+    }
+
+    @Test
+    func `matching live system account does not duplicate stored identity`() {
+        let stored = ManagedCodexAccount(
+            id: UUID(),
+            email: "user@example.com",
+            managedHomePath: "/tmp/managed-a",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let accounts = ManagedCodexAccountSet(version: 1, accounts: [stored])
+        let live = ObservedSystemCodexAccount(
+            email: "USER@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        let reconciler = DefaultCodexAccountReconciler(
+            storeLoader: { accounts },
+            systemObserver: StubSystemObserver(account: live),
+            activeSource: .managedAccount(id: stored.id),
+            baseEnvironment: [:])
+
+        let projection = reconciler.loadVisibleAccounts()
+
+        #expect(projection.visibleAccounts.count == 1)
+        #expect(projection.activeVisibleAccountID == "user@example.com")
+        #expect(projection.liveVisibleAccountID == "user@example.com")
+    }
+
+    @Test
+    func `matching live system account prefers live workspace label and keeps stored fallback`() {
+        let stored = ManagedCodexAccount(
+            id: UUID(),
+            email: "user@example.com",
+            providerAccountID: "account-live",
+            workspaceLabel: "Saved Team",
+            workspaceAccountID: "account-live",
+            managedHomePath: "/tmp/managed-a",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let liveWithLabel = ObservedSystemCodexAccount(
+            email: "USER@example.com",
+            workspaceLabel: "Live Team",
+            workspaceAccountID: "account-live",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date(),
+            identity: .providerAccount(id: "account-live"))
+        let labeledSnapshot = CodexAccountReconciliationSnapshot(
+            storedAccounts: [stored],
+            activeStoredAccount: stored,
+            liveSystemAccount: liveWithLabel,
+            matchingStoredAccountForLiveSystemAccount: stored,
+            activeSource: .managedAccount(id: stored.id),
+            hasUnreadableAddedAccountStore: false,
+            storedAccountRuntimeIdentities: [stored.id: .providerAccount(id: "account-live")],
+            storedAccountRuntimeEmails: [stored.id: "user@example.com"])
+        let liveWithoutLabel = ObservedSystemCodexAccount(
+            email: "USER@example.com",
+            workspaceLabel: nil,
+            workspaceAccountID: "account-live",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date(),
+            identity: .providerAccount(id: "account-live"))
+        let fallbackSnapshot = CodexAccountReconciliationSnapshot(
+            storedAccounts: [stored],
+            activeStoredAccount: stored,
+            liveSystemAccount: liveWithoutLabel,
+            matchingStoredAccountForLiveSystemAccount: stored,
+            activeSource: .managedAccount(id: stored.id),
+            hasUnreadableAddedAccountStore: false,
+            storedAccountRuntimeIdentities: [stored.id: .providerAccount(id: "account-live")],
+            storedAccountRuntimeEmails: [stored.id: "user@example.com"])
+        let liveWithEmptyLabel = ObservedSystemCodexAccount(
+            email: "USER@example.com",
+            workspaceLabel: "   \n\t  ",
+            workspaceAccountID: "account-live",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date(),
+            identity: .providerAccount(id: "account-live"))
+        let emptyLabelSnapshot = CodexAccountReconciliationSnapshot(
+            storedAccounts: [stored],
+            activeStoredAccount: stored,
+            liveSystemAccount: liveWithEmptyLabel,
+            matchingStoredAccountForLiveSystemAccount: stored,
+            activeSource: .managedAccount(id: stored.id),
+            hasUnreadableAddedAccountStore: false,
+            storedAccountRuntimeIdentities: [stored.id: .providerAccount(id: "account-live")],
+            storedAccountRuntimeEmails: [stored.id: "user@example.com"])
+
+        let labeledProjection = CodexVisibleAccountProjection.make(from: labeledSnapshot)
+        let fallbackProjection = CodexVisibleAccountProjection.make(from: fallbackSnapshot)
+        let emptyLabelProjection = CodexVisibleAccountProjection.make(from: emptyLabelSnapshot)
+
+        #expect(labeledProjection.visibleAccounts.count == 1)
+        #expect(labeledProjection.visibleAccounts.first?.workspaceLabel == "Live Team")
+        #expect(labeledProjection.visibleAccounts.first?.displayName == "user@example.com — Live Team")
+        #expect(fallbackProjection.visibleAccounts.count == 1)
+        #expect(fallbackProjection.visibleAccounts.first?.workspaceLabel == "Saved Team")
+        #expect(fallbackProjection.visibleAccounts.first?.displayName == "user@example.com — Saved Team")
+        #expect(emptyLabelProjection.visibleAccounts.count == 1)
+        #expect(emptyLabelProjection.visibleAccounts.first?.workspaceLabel == "Saved Team")
+        #expect(emptyLabelProjection.visibleAccounts.first?.displayName == "user@example.com — Saved Team")
+    }
+
+    @Test
+    func `matching live system account resolves merged row selection to live system`() {
+        let stored = ManagedCodexAccount(
+            id: UUID(),
+            email: "user@example.com",
+            managedHomePath: "/tmp/managed-a",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let live = ObservedSystemCodexAccount(
+            email: "USER@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        let snapshot = CodexAccountReconciliationSnapshot(
+            storedAccounts: [stored],
+            activeStoredAccount: stored,
+            liveSystemAccount: live,
+            matchingStoredAccountForLiveSystemAccount: stored,
+            activeSource: .managedAccount(id: stored.id),
+            hasUnreadableAddedAccountStore: false)
+
+        let resolution = CodexActiveSourceResolver.resolve(from: snapshot)
+        let projection = CodexVisibleAccountProjection.make(from: snapshot)
+
+        #expect(resolution.persistedSource == .managedAccount(id: stored.id))
+        #expect(resolution.resolvedSource == .liveSystem)
+        #expect(resolution.requiresPersistenceCorrection)
+        #expect(projection.activeVisibleAccountID == "user@example.com")
+        #expect(projection.source(forVisibleAccountID: "user@example.com") == .liveSystem)
+    }
+
+    @Test
+    func `provider account does not collapse with email only live account on same email`() throws {
+        let managedHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+        try Self.writeCodexAuthFile(
+            homeURL: managedHome,
+            email: "user@example.com",
+            plan: "pro",
+            accountID: "account-managed")
+
+        let stored = ManagedCodexAccount(
+            id: UUID(),
+            email: "user@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let accounts = ManagedCodexAccountSet(version: 1, accounts: [stored])
+        let live = ObservedSystemCodexAccount(
+            email: "USER@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date(),
+            identity: .emailOnly(normalizedEmail: "user@example.com"))
+        let reconciler = DefaultCodexAccountReconciler(
+            storeLoader: { accounts },
+            systemObserver: StubSystemObserver(account: live),
+            activeSource: .managedAccount(id: stored.id),
+            baseEnvironment: [:])
+
+        let snapshot = reconciler.loadSnapshot()
+        let resolution = CodexActiveSourceResolver.resolve(from: snapshot)
+        let projection = CodexVisibleAccountProjection.make(from: snapshot)
+
+        #expect(snapshot.matchingStoredAccountForLiveSystemAccount == nil)
+        #expect(resolution.resolvedSource == .managedAccount(id: stored.id))
+        #expect(projection.visibleAccounts.count == 2)
+        #expect(Set(projection.visibleAccounts.map(\.email)) == Set(["user@example.com"]))
+        #expect(Set(projection.visibleAccounts.map(\.id)).count == 2)
+        #expect(projection.activeVisibleAccountID == projection.visibleAccounts
+            .first { $0.selectionSource == .managedAccount(id: stored.id) }?.id)
+        #expect(projection.liveVisibleAccountID == projection.visibleAccounts
+            .first { $0.selectionSource == .liveSystem }?.id)
+    }
+
+    @Test
+    func `missing managed source resolves to live system when live account exists`() {
+        let live = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        let missingID = UUID()
+        let snapshot = CodexAccountReconciliationSnapshot(
+            storedAccounts: [],
+            activeStoredAccount: nil,
+            liveSystemAccount: live,
+            matchingStoredAccountForLiveSystemAccount: nil,
+            activeSource: .managedAccount(id: missingID),
+            hasUnreadableAddedAccountStore: false)
+
+        let resolution = CodexActiveSourceResolver.resolve(from: snapshot)
+
+        #expect(resolution.persistedSource == .managedAccount(id: missingID))
+        #expect(resolution.resolvedSource == .liveSystem)
+        #expect(resolution.requiresPersistenceCorrection)
+    }
+
+    @Test
+    func `unreadable managed source resolves to live system when live account exists`() {
+        let live = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        let unreadableID = UUID()
+        let snapshot = CodexAccountReconciliationSnapshot(
+            storedAccounts: [],
+            activeStoredAccount: nil,
+            liveSystemAccount: live,
+            matchingStoredAccountForLiveSystemAccount: nil,
+            activeSource: .managedAccount(id: unreadableID),
+            hasUnreadableAddedAccountStore: true)
+
+        let resolution = CodexActiveSourceResolver.resolve(from: snapshot)
+
+        #expect(resolution.persistedSource == .managedAccount(id: unreadableID))
+        #expect(resolution.resolvedSource == .liveSystem)
+        #expect(resolution.requiresPersistenceCorrection)
+    }
+
+    @Test
+    func `managed account remains active when active source stays managed while live account changes`() {
+        let managed = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let live = ObservedSystemCodexAccount(
+            email: "system@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        let projection = CodexVisibleAccountProjection.make(from: CodexAccountReconciliationSnapshot(
+            storedAccounts: [managed],
+            activeStoredAccount: managed,
+            liveSystemAccount: live,
+            matchingStoredAccountForLiveSystemAccount: nil,
+            activeSource: .managedAccount(id: managed.id),
+            hasUnreadableAddedAccountStore: false))
+
+        #expect(Set(projection.visibleAccounts.map(\.email)) == [
+            "managed@example.com",
+            "system@example.com",
+        ])
+        #expect(projection.activeVisibleAccountID == "managed@example.com")
+        #expect(projection.liveVisibleAccountID == "system@example.com")
+    }
+
+    @Test
+    func `live system account that differs from active stored account remains visible`() {
+        let active = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-a",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let accounts = ManagedCodexAccountSet(version: 1, accounts: [active])
+        let live = ObservedSystemCodexAccount(
+            email: "system@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        let reconciler = DefaultCodexAccountReconciler(
+            storeLoader: { accounts },
+            systemObserver: StubSystemObserver(account: live),
+            activeSource: .managedAccount(id: active.id),
+            baseEnvironment: [:])
+
+        let projection = reconciler.loadVisibleAccounts()
+
+        #expect(Set(projection.visibleAccounts.map(\.email)) == ["managed@example.com", "system@example.com"])
+        #expect(projection.activeVisibleAccountID == "managed@example.com")
+        #expect(projection.liveVisibleAccountID == "system@example.com")
+    }
+
+    @Test
+    func `inactive stored account still appears as visible`() {
+        let active = ManagedCodexAccount(
+            id: UUID(),
+            email: "active@example.com",
+            managedHomePath: "/tmp/managed-a",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let inactive = ManagedCodexAccount(
+            id: UUID(),
+            email: "inactive@example.com",
+            managedHomePath: "/tmp/managed-b",
+            createdAt: 4,
+            updatedAt: 5,
+            lastAuthenticatedAt: 6)
+        let accounts = ManagedCodexAccountSet(
+            version: 1,
+            accounts: [active, inactive])
+        let live = ObservedSystemCodexAccount(
+            email: "system@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        let reconciler = DefaultCodexAccountReconciler(
+            storeLoader: { accounts },
+            systemObserver: StubSystemObserver(account: live),
+            activeSource: .managedAccount(id: active.id),
+            baseEnvironment: [:])
+
+        let projection = reconciler.loadVisibleAccounts()
+
+        #expect(Set(projection.visibleAccounts.map(\.email)) == [
+            "active@example.com",
+            "inactive@example.com",
+            "system@example.com",
+        ])
+        #expect(projection.activeVisibleAccountID == "active@example.com")
+        #expect(projection.liveVisibleAccountID == "system@example.com")
+    }
+
+    @Test
+    func `unreadable account store still exposes live system account and degraded flag`() {
+        let live = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        let reconciler = DefaultCodexAccountReconciler(
+            storeLoader: { throw FileManagedCodexAccountStoreError.unsupportedVersion(999) },
+            systemObserver: StubSystemObserver(account: live),
+            baseEnvironment: [:])
+
+        let projection = reconciler.loadVisibleAccounts()
+
+        #expect(projection.visibleAccounts.map(\.email) == ["live@example.com"])
+        #expect(projection.activeVisibleAccountID == "live@example.com")
+        #expect(projection.liveVisibleAccountID == "live@example.com")
+        #expect(projection.hasUnreadableAddedAccountStore)
+    }
+
+    @Test
+    func `whitespace only live email is ignored`() {
+        let accounts = ManagedCodexAccountSet(version: 1, accounts: [])
+        let live = ObservedSystemCodexAccount(
+            email: "   \n\t  ",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        let reconciler = DefaultCodexAccountReconciler(
+            storeLoader: { accounts },
+            systemObserver: StubSystemObserver(account: live),
+            baseEnvironment: [:])
+
+        let projection = reconciler.loadVisibleAccounts()
+
+        #expect(projection.visibleAccounts.isEmpty)
+        #expect(projection.activeVisibleAccountID == nil)
+        #expect(projection.liveVisibleAccountID == nil)
+    }
+
+    @Test
+    @MainActor
+    func `settings store can override active source to live system`() throws {
+        let suite = "CodexAccountReconciliationTests-live-source-override"
+        let settings = try Self.makeSettings(suite: suite)
+        let managed = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let live = ObservedSystemCodexAccount(
+            email: "system@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings._test_activeManagedCodexAccount = managed
+        settings._test_liveSystemCodexAccount = live
+        settings.codexActiveSource = .liveSystem
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_liveSystemCodexAccount = nil
+        }
+
+        let snapshot = settings.codexAccountReconciliationSnapshot
+        let projection = settings.codexVisibleAccountProjection
+
+        #expect(settings.codexActiveSource == .liveSystem)
+        #expect(snapshot.activeSource == .liveSystem)
+        #expect(projection.activeVisibleAccountID == "system@example.com")
+        #expect(projection.liveVisibleAccountID == "system@example.com")
+    }
+
+    @Test
+    @MainActor
+    func `selecting merged visible account persists live system source`() throws {
+        let suite = "CodexAccountReconciliationTests-select-merged-visible-account"
+        let settings = try Self.makeSettings(suite: suite)
+        let managed = ManagedCodexAccount(
+            id: UUID(),
+            email: "same@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let live = ObservedSystemCodexAccount(
+            email: "SAME@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings._test_activeManagedCodexAccount = managed
+        settings._test_liveSystemCodexAccount = live
+        settings.codexActiveSource = .managedAccount(id: managed.id)
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_liveSystemCodexAccount = nil
+        }
+
+        let didSelect = settings.selectCodexVisibleAccount(id: "same@example.com")
+
+        #expect(didSelect)
+        #expect(settings.codexActiveSource == .liveSystem)
+        #expect(settings.codexResolvedActiveSource == .liveSystem)
+    }
+
+    @Test
+    @MainActor
+    func `selecting authenticated managed account prefers live system when visible row is merged`() throws {
+        let suite = "CodexAccountReconciliationTests-select-authenticated-managed-merged"
+        let settings = try Self.makeSettings(suite: suite)
+        let managed = ManagedCodexAccount(
+            id: UUID(),
+            email: "same@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let live = ObservedSystemCodexAccount(
+            email: "SAME@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings._test_activeManagedCodexAccount = managed
+        settings._test_liveSystemCodexAccount = live
+        settings.codexActiveSource = .managedAccount(id: UUID())
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_liveSystemCodexAccount = nil
+        }
+
+        settings.selectAuthenticatedManagedCodexAccount(managed)
+
+        #expect(settings.codexActiveSource == .liveSystem)
+        #expect(settings.codexResolvedActiveSource == .liveSystem)
+    }
+
+    @Test
+    @MainActor
+    func `selecting authenticated managed account keeps managed source for split identity rows`() throws {
+        let suite = "CodexAccountReconciliationTests-select-authenticated-managed-split"
+        let settings = try Self.makeSettings(suite: suite)
+        let managedHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        let storeURL = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: managedHome)
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        try Self.writeCodexAuthFile(
+            homeURL: managedHome,
+            email: "same@example.com",
+            plan: "pro",
+            accountID: "account-managed")
+        let managed = ManagedCodexAccount(
+            id: UUID(),
+            email: "same@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        try Self.writeManagedCodexStore(
+            ManagedCodexAccountSet(version: FileManagedCodexAccountStore.currentVersion, accounts: [managed]),
+            to: storeURL)
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "SAME@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date(),
+            identity: .emailOnly(normalizedEmail: "same@example.com"))
+        settings.codexActiveSource = .liveSystem
+
+        let projection = settings.codexVisibleAccountProjection
+        #expect(projection.visibleAccounts.count == 2)
+
+        settings.selectAuthenticatedManagedCodexAccount(managed)
+
+        #expect(settings.codexActiveSource == .managedAccount(id: managed.id))
+        #expect(settings.codexResolvedActiveSource == .managedAccount(id: managed.id))
+    }
+}
+
+private struct StubSystemObserver: CodexSystemAccountObserving {
+    let account: ObservedSystemCodexAccount?
+
+    func loadSystemAccount(environment _: [String: String]) throws -> ObservedSystemCodexAccount? {
+        self.account
+    }
+}
+
+extension CodexAccountReconciliationTests {
+    private static func writeManagedCodexStore(_ accounts: ManagedCodexAccountSet, to storeURL: URL) throws {
+        let store = FileManagedCodexAccountStore(fileURL: storeURL)
+        try store.storeAccounts(accounts)
+    }
+
+    private static func writeCodexAuthFile(
+        homeURL: URL,
+        email: String,
+        plan: String,
+        accountID: String? = nil) throws
+    {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        var tokens: [String: Any] = [
+            "accessToken": "access-token",
+            "refreshToken": "refresh-token",
+            "idToken": Self.fakeJWT(email: email, plan: plan, accountID: accountID),
+        ]
+        if let accountID {
+            tokens["account_id"] = accountID
+        }
+        let auth = ["tokens": tokens]
+        let data = try JSONSerialization.data(withJSONObject: auth)
+        try data.write(to: homeURL.appendingPathComponent("auth.json"))
+    }
+
+    private static func fakeJWT(email: String, plan: String, accountID: String? = nil) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        var payloadObject: [String: Any] = [
+            "email": email,
+            "chatgpt_plan_type": plan,
+        ]
+        if let accountID {
+            payloadObject["https://api.openai.com/auth"] = [
+                "chatgpt_account_id": accountID,
+            ]
+        }
+        let payload = (try? JSONSerialization.data(withJSONObject: payloadObject)) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
+}
diff --git a/Tests/CodexBarTests/CodexAccountScopedRefreshCreditsTests.swift b/Tests/CodexBarTests/CodexAccountScopedRefreshCreditsTests.swift
new file mode 100644
index 000000000..97a8aaad5
--- /dev/null
+++ b/Tests/CodexBarTests/CodexAccountScopedRefreshCreditsTests.swift
@@ -0,0 +1,93 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+extension CodexAccountScopedRefreshTests {
+    @Test
+    func `credits refresh honors explicit codex oauth source without raw CLI fallback`() async throws {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-oauth-credits-source")
+        settings.refreshFrequency = .manual
+        settings.codexUsageDataSource = .oauth
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "alpha@example.com")
+
+        let store = self.makeUsageStore(
+            settings: settings,
+            environmentBase: ["CODEX_CLI_PATH": "/missing/codex"])
+        let usage = self.codexSnapshot(email: "alpha@example.com", usedPercent: 10)
+        store._setSnapshotForTesting(usage, provider: .codex)
+
+        let oauthStrategy = TestCodexFetchStrategy(
+            loader: { usage },
+            credits: self.credits(remaining: 77),
+            id: "codex.oauth",
+            kind: .oauth,
+            sourceLabel: "codex.oauth")
+        let cliStrategy = ThrowingTestCodexFetchStrategy {
+            throw TestRefreshError(message: "CLI strategy should not run for explicit OAuth credits refresh")
+        }
+        let baseSpec = try #require(store.providerSpecs[.codex])
+        store.providerSpecs[.codex] = Self.makeCodexProviderSpec(baseSpec: baseSpec) { context in
+            switch context.sourceMode {
+            case .oauth:
+                [oauthStrategy]
+            case .cli:
+                [cliStrategy]
+            case .auto:
+                [oauthStrategy, cliStrategy]
+            case .web, .api:
+                []
+            }
+        }
+
+        await store.refreshCreditsIfNeeded()
+
+        #expect(store.credits?.remaining == 77)
+        #expect(store.lastCreditsError == nil)
+        #expect(store.lastCreditsSource == .api)
+    }
+
+    @Test
+    func `auto credits refresh falls back when oauth usage omits credits`() async throws {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-auto-credits-fallback")
+        settings.refreshFrequency = .manual
+        settings.codexUsageDataSource = .auto
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "alpha@example.com")
+
+        let store = self.makeUsageStore(settings: settings)
+        let usage = self.codexSnapshot(email: "alpha@example.com", usedPercent: 10)
+        store._setSnapshotForTesting(usage, provider: .codex)
+
+        let oauthStrategy = TestCodexFetchStrategy(
+            loader: { usage },
+            credits: nil,
+            id: "codex.oauth",
+            kind: .oauth,
+            sourceLabel: "codex.oauth")
+        let cliStrategy = TestCodexFetchStrategy(
+            loader: { usage },
+            credits: self.credits(remaining: 41),
+            id: "codex.cli",
+            kind: .cli,
+            sourceLabel: "codex.cli")
+        let baseSpec = try #require(store.providerSpecs[.codex])
+        store.providerSpecs[.codex] = Self.makeCodexProviderSpec(baseSpec: baseSpec) { context in
+            switch context.sourceMode {
+            case .auto:
+                [oauthStrategy, cliStrategy]
+            case .oauth:
+                [oauthStrategy]
+            case .cli:
+                [cliStrategy]
+            case .web, .api:
+                []
+            }
+        }
+
+        await store.refreshCreditsIfNeeded()
+
+        #expect(store.credits?.remaining == 41)
+        #expect(store.lastCreditsError == nil)
+        #expect(store.lastCreditsSource == .api)
+    }
+}
diff --git a/Tests/CodexBarTests/CodexAccountScopedRefreshDashboardCleanupTests.swift b/Tests/CodexBarTests/CodexAccountScopedRefreshDashboardCleanupTests.swift
new file mode 100644
index 000000000..3e8a519f2
--- /dev/null
+++ b/Tests/CodexBarTests/CodexAccountScopedRefreshDashboardCleanupTests.swift
@@ -0,0 +1,122 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+extension CodexAccountScopedRefreshTests {
+    @Test
+    func `dashboard refresh accepted via unresolved routing fallback during account scoped refresh`() async throws {
+        let settings = self.makeSettingsStore(
+            suite: "CodexAccountScopedRefreshTests-dashboard-unresolved-routing-fallback")
+        let isolatedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-dashboard-unresolved-routing-\(UUID().uuidString)", isDirectory: true)
+        try? FileManager.default.createDirectory(at: isolatedHome, withIntermediateDirectories: true)
+        let codexMetadata = try #require(ProviderDescriptorRegistry.metadata[.codex])
+        settings.refreshFrequency = .manual
+        settings.setProviderEnabled(provider: .codex, metadata: codexMetadata, enabled: true)
+        settings.openAIWebAccessEnabled = true
+        settings.codexCookieSource = .auto
+        settings.codexActiveSource = .liveSystem
+        settings._test_liveSystemCodexAccount = nil
+        settings._test_codexReconciliationEnvironment = ["CODEX_HOME": isolatedHome.path]
+        defer {
+            settings._test_codexReconciliationEnvironment = nil
+            try? FileManager.default.removeItem(at: isolatedHome)
+        }
+
+        let store = self.makeUsageStore(settings: settings)
+        store.lastKnownLiveSystemCodexEmail = nil
+        self.installImmediateCodexProvider(
+            on: store,
+            snapshot: self.codexSnapshot(email: "work@company.com", usedPercent: 12))
+        store._test_codexCreditsLoaderOverride = { self.credits(remaining: 55) }
+        defer { store._test_codexCreditsLoaderOverride = nil }
+
+        var observedTargetEmail: String?
+        store._test_openAIDashboardLoaderOverride = { accountEmail, _, _ in
+            observedTargetEmail = accountEmail
+            #expect(store.currentCodexOpenAIWebRefreshGuard().source == .liveSystem)
+            #expect(store.currentCodexOpenAIWebRefreshGuard().identity == .unresolved)
+            return self.dashboard(email: "work@company.com", creditsRemaining: 33, usedPercent: 12)
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+
+        await store.refreshCodexAccountScopedState(allowDisabled: true)
+
+        #expect(observedTargetEmail == "work@company.com")
+        #expect(store.currentCodexOpenAIWebRefreshGuard().identity == .unresolved)
+        #expect(store.openAIDashboard?.signedInEmail == "work@company.com")
+        #expect(store.lastOpenAIDashboardSnapshot?.signedInEmail == "work@company.com")
+        #expect(store.openAIDashboardRequiresLogin == false)
+        #expect(store.lastOpenAIDashboardError == nil)
+        #expect(store.snapshots[.codex]?.accountEmail(for: .codex) == "work@company.com")
+        #expect(store.lastSourceLabels[.codex] == "test-codex")
+        #expect(store.credits?.remaining == 55)
+        #expect(store.lastCreditsSource == .api)
+    }
+
+    @Test
+    func `dashboard fail closed clears dashboard derived usage credits cache and visible dashboard`() async throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-dashboard-fail-closed-cleanup")
+        let managedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+        try Self.writeCodexAuthFile(
+            homeURL: managedHome,
+            email: "managed@example.com",
+            plan: "pro",
+            accountId: "acct-managed")
+
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let managedStoreURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_activeManagedCodexAccount = nil
+            try? FileManager.default.removeItem(at: managedStoreURL)
+        }
+
+        settings.refreshFrequency = .manual
+        settings.codexCookieSource = .auto
+        settings._test_managedCodexAccountStoreURL = managedStoreURL
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+
+        let store = self.makeUsageStore(settings: settings)
+        store._setSnapshotForTesting(
+            self.codexSnapshot(email: "managed@example.com", usedPercent: 20),
+            provider: .codex)
+        store.lastSourceLabels[.codex] = "openai-web"
+        let staleCredits = self.credits(remaining: 20)
+        store.credits = staleCredits
+        store.lastCreditsSnapshot = staleCredits
+        store.lastCreditsSnapshotAccountKey = "managed@example.com"
+        store.lastCreditsSource = .dashboardWeb
+        store.openAIDashboard = self.dashboard(email: "managed@example.com", creditsRemaining: 20, usedPercent: 20)
+        store.lastOpenAIDashboardSnapshot = store.openAIDashboard
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "managed@example.com",
+            snapshot: self.dashboard(email: "managed@example.com", creditsRemaining: 20, usedPercent: 20)))
+
+        await store.applyOpenAIDashboard(
+            self.dashboard(email: "other@example.com", creditsRemaining: 9, usedPercent: 35),
+            targetEmail: "managed@example.com")
+
+        #expect(store.openAIDashboard == nil)
+        #expect(store.lastOpenAIDashboardSnapshot == nil)
+        #expect(store.snapshots[.codex] == nil)
+        #expect(store.credits == nil)
+        #expect(store.lastCreditsSource == .none)
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+        #expect(store.openAIDashboardRequiresLogin == true)
+        #expect(store.lastOpenAIDashboardError?.contains("OpenAI dashboard signed in as other@example.com") == true)
+    }
+}
diff --git a/Tests/CodexBarTests/CodexAccountScopedRefreshTestSupport.swift b/Tests/CodexBarTests/CodexAccountScopedRefreshTestSupport.swift
new file mode 100644
index 000000000..e2ee1d4aa
--- /dev/null
+++ b/Tests/CodexBarTests/CodexAccountScopedRefreshTestSupport.swift
@@ -0,0 +1,445 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+extension CodexAccountScopedRefreshTests {
+    func makeSettingsStore(suite: String) -> SettingsStore {
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        defaults.set(true, forKey: "providerDetectionCompleted")
+        let configStore = testConfigStore(suiteName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings._test_activeManagedCodexAccount = nil
+        settings._test_activeManagedCodexRemoteHomePath = nil
+        settings._test_unreadableManagedCodexAccountStore = false
+        settings._test_managedCodexAccountStoreURL = nil
+        settings._test_liveSystemCodexAccount = nil
+        settings._test_codexReconciliationEnvironment = nil
+        settings.providerDetectionCompleted = true
+        return settings
+    }
+
+    static func writeCodexAuthFile(
+        homeURL: URL,
+        email: String,
+        plan: String,
+        accountId: String? = nil) throws
+    {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        var tokens: [String: Any] = [
+            "accessToken": "access-token",
+            "refreshToken": "refresh-token",
+            "idToken": Self.fakeJWT(email: email, plan: plan, accountId: accountId),
+        ]
+        if let accountId {
+            tokens["accountId"] = accountId
+        }
+        let data = try JSONSerialization.data(withJSONObject: ["tokens": tokens], options: [.sortedKeys])
+        try data.write(to: homeURL.appendingPathComponent("auth.json"))
+    }
+
+    static func fakeJWT(email: String, plan: String, accountId: String? = nil) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        var authClaims: [String: Any] = [
+            "chatgpt_plan_type": plan,
+        ]
+        if let accountId {
+            authClaims["chatgpt_account_id"] = accountId
+        }
+        let payload = (try? JSONSerialization.data(withJSONObject: [
+            "email": email,
+            "chatgpt_plan_type": plan,
+            "https://api.openai.com/auth": authClaims,
+        ])) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
+
+    func makeUsageStore(settings: SettingsStore, environmentBase: [String: String] = [:]) -> UsageStore {
+        UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing,
+            environmentBase: environmentBase)
+    }
+
+    func liveAccount(email: String, identity: CodexIdentity = .unresolved) -> ObservedSystemCodexAccount {
+        ObservedSystemCodexAccount(
+            email: email,
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date(),
+            identity: identity)
+    }
+
+    func codexSnapshot(email: String, usedPercent: Double) -> UsageSnapshot {
+        UsageSnapshot(
+            primary: RateWindow(usedPercent: usedPercent, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: email,
+                accountOrganization: nil,
+                loginMethod: "Pro"))
+    }
+
+    func credits(remaining: Double) -> CreditsSnapshot {
+        CreditsSnapshot(remaining: remaining, events: [], updatedAt: Date())
+    }
+
+    func dashboard(email: String, creditsRemaining: Double, usedPercent: Double) -> OpenAIDashboardSnapshot {
+        OpenAIDashboardSnapshot(
+            signedInEmail: email,
+            codeReviewRemainingPercent: 88,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            primaryLimit: RateWindow(
+                usedPercent: usedPercent,
+                windowMinutes: 300,
+                resetsAt: nil,
+                resetDescription: nil),
+            secondaryLimit: nil,
+            creditsRemaining: creditsRemaining,
+            accountPlan: "Pro",
+            updatedAt: Date())
+    }
+
+    func makeManagedAccountStoreURL(accounts: [ManagedCodexAccount]) throws -> URL {
+        let storeURL = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+        let store = FileManagedCodexAccountStore(fileURL: storeURL)
+        try store.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: accounts))
+        return storeURL
+    }
+
+    @MainActor
+    func withCodexVisibleAccountFailureStore(
+        suite: String,
+        errorMessage: String,
+        body: (UsageStore, RecordingCodexAccountUsageSnapshotStore, [CodexAccountUsageSnapshot]) async throws -> Void)
+        async throws
+    {
+        let settings = self.makeSettingsStore(suite: suite)
+        settings.refreshFrequency = .manual
+        settings.multiAccountMenuLayout = .stacked
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "live@example.com")
+        settings.codexActiveSource = .liveSystem
+
+        let managedAccountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let managedAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let storeURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+        settings._test_managedCodexAccountStoreURL = storeURL
+
+        let priorSnapshots = settings.codexVisibleAccountProjection.visibleAccounts.map { account in
+            CodexAccountUsageSnapshot(
+                account: account,
+                snapshot: self.codexSnapshot(email: account.email, usedPercent: 17),
+                error: nil,
+                sourceLabel: "cached")
+        }
+        let snapshotStore = RecordingCodexAccountUsageSnapshotStore(initialSnapshots: priorSnapshots)
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            codexAccountUsageSnapshotStore: snapshotStore,
+            startupBehavior: .testing)
+        self.installFailingCodexProvider(
+            on: store,
+            error: TestRefreshError(message: errorMessage))
+
+        try await body(store, snapshotStore, priorSnapshots)
+    }
+
+    func installBlockingCodexProvider(on store: UsageStore, blocker: BlockingCodexFetchStrategy) {
+        let baseSpec = store.providerSpecs[.codex]!
+        store.providerSpecs[.codex] = Self.makeCodexProviderSpec(baseSpec: baseSpec) {
+            try await blocker.awaitResult()
+        }
+    }
+
+    func installImmediateCodexProvider(on store: UsageStore, snapshot: UsageSnapshot) {
+        let baseSpec = store.providerSpecs[.codex]!
+        store.providerSpecs[.codex] = Self.makeCodexProviderSpec(baseSpec: baseSpec) {
+            snapshot
+        }
+    }
+
+    func installFailingCodexProvider(on store: UsageStore, error: Error) {
+        let baseSpec = store.providerSpecs[.codex]!
+        store.providerSpecs[.codex] = Self.makeThrowingCodexProviderSpec(baseSpec: baseSpec) {
+            throw error
+        }
+    }
+
+    static func makeCodexProviderSpec(
+        baseSpec: ProviderSpec,
+        loader: @escaping @Sendable () async throws -> UsageSnapshot) -> ProviderSpec
+    {
+        let baseDescriptor = baseSpec.descriptor
+        let strategy = TestCodexFetchStrategy(loader: loader)
+        let descriptor = ProviderDescriptor(
+            id: .codex,
+            metadata: baseDescriptor.metadata,
+            branding: baseDescriptor.branding,
+            tokenCost: baseDescriptor.tokenCost,
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .cli, .oauth],
+                pipeline: ProviderFetchPipeline { _ in [strategy] }),
+            cli: baseDescriptor.cli)
+        return ProviderSpec(
+            style: baseSpec.style,
+            isEnabled: baseSpec.isEnabled,
+            descriptor: descriptor,
+            makeFetchContext: baseSpec.makeFetchContext)
+    }
+
+    static func makeThrowingCodexProviderSpec(
+        baseSpec: ProviderSpec,
+        loader: @escaping @Sendable () async throws -> UsageSnapshot) -> ProviderSpec
+    {
+        let baseDescriptor = baseSpec.descriptor
+        let strategy = ThrowingTestCodexFetchStrategy(loader: loader)
+        let descriptor = ProviderDescriptor(
+            id: .codex,
+            metadata: baseDescriptor.metadata,
+            branding: baseDescriptor.branding,
+            tokenCost: baseDescriptor.tokenCost,
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .cli, .oauth],
+                pipeline: ProviderFetchPipeline { _ in [strategy] }),
+            cli: baseDescriptor.cli)
+        return ProviderSpec(
+            style: baseSpec.style,
+            isEnabled: baseSpec.isEnabled,
+            descriptor: descriptor,
+            makeFetchContext: baseSpec.makeFetchContext)
+    }
+
+    static func makeCodexProviderSpec(
+        baseSpec: ProviderSpec,
+        resolveStrategies: @escaping @Sendable (ProviderFetchContext) async -> [any ProviderFetchStrategy])
+        -> ProviderSpec
+    {
+        let baseDescriptor = baseSpec.descriptor
+        let descriptor = ProviderDescriptor(
+            id: .codex,
+            metadata: baseDescriptor.metadata,
+            branding: baseDescriptor.branding,
+            tokenCost: baseDescriptor.tokenCost,
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .cli, .oauth],
+                pipeline: ProviderFetchPipeline(resolveStrategies: resolveStrategies)),
+            cli: baseDescriptor.cli)
+        return ProviderSpec(
+            style: baseSpec.style,
+            isEnabled: baseSpec.isEnabled,
+            descriptor: descriptor,
+            makeFetchContext: baseSpec.makeFetchContext)
+    }
+}
+
+struct TestRefreshError: LocalizedError, Equatable {
+    let message: String
+
+    var errorDescription: String? {
+        self.message
+    }
+}
+
+final class RecordingCodexAccountUsageSnapshotStore: CodexAccountUsageSnapshotStoring, @unchecked Sendable {
+    private let lock = NSLock()
+    private var loadedSnapshots: [CodexAccountUsageSnapshot]
+    private var snapshotsStored: [CodexAccountUsageSnapshot] = []
+
+    init(initialSnapshots: [CodexAccountUsageSnapshot]) {
+        self.loadedSnapshots = initialSnapshots
+    }
+
+    var storedSnapshots: [CodexAccountUsageSnapshot] {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        return self.snapshotsStored
+    }
+
+    func load(for accounts: [CodexVisibleAccount]) -> [CodexAccountUsageSnapshot] {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        let accountIDs = Set(accounts.map(\.id))
+        return self.loadedSnapshots.filter { accountIDs.contains($0.id) }
+    }
+
+    func store(_ snapshots: [CodexAccountUsageSnapshot]) {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        self.snapshotsStored = snapshots
+    }
+}
+
+struct TestCodexFetchStrategy: ProviderFetchStrategy {
+    let loader: @Sendable () async throws -> UsageSnapshot
+    var credits: CreditsSnapshot?
+    var id = "test-codex"
+    var kind: ProviderFetchKind = .cli
+    var sourceLabel = "test-codex"
+
+    func isAvailable(_: ProviderFetchContext) async -> Bool {
+        true
+    }
+
+    func fetch(_: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let snapshot = try await self.loader()
+        return self.makeResult(
+            usage: snapshot,
+            credits: self.credits,
+            sourceLabel: self.sourceLabel)
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+}
+
+struct ThrowingTestCodexFetchStrategy: ProviderFetchStrategy {
+    let loader: @Sendable () async throws -> UsageSnapshot
+
+    var id: String {
+        "test-codex-throwing"
+    }
+
+    var kind: ProviderFetchKind {
+        .cli
+    }
+
+    func isAvailable(_: ProviderFetchContext) async -> Bool {
+        true
+    }
+
+    func fetch(_: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let snapshot = try await self.loader()
+        return self.makeResult(usage: snapshot, sourceLabel: "test-codex-throwing")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+}
+
+actor BlockingCodexFetchStrategy {
+    private var waiters: [CheckedContinuation<Result<UsageSnapshot, Error>, Never>] = []
+    private var startedWaiters: [CheckedContinuation<Void, Never>] = []
+    private var didStart = false
+
+    func awaitResult() async throws -> UsageSnapshot {
+        self.didStart = true
+        self.startedWaiters.forEach { $0.resume() }
+        self.startedWaiters.removeAll()
+        let result = await withCheckedContinuation { continuation in
+            self.waiters.append(continuation)
+        }
+        return try result.get()
+    }
+
+    func waitUntilStarted() async {
+        if self.didStart { return }
+        await withCheckedContinuation { continuation in
+            self.startedWaiters.append(continuation)
+        }
+    }
+
+    func resume(with result: Result<UsageSnapshot, Error>) {
+        self.waiters.forEach { $0.resume(returning: result) }
+        self.waiters.removeAll()
+    }
+}
+
+actor BlockingOpenAIDashboardLoader {
+    private var waiters: [CheckedContinuation<Result<OpenAIDashboardSnapshot, Error>, Never>] = []
+    private var startedWaiters: [CheckedContinuation<Void, Never>] = []
+    private var didStart = false
+
+    func awaitResult() async throws -> OpenAIDashboardSnapshot {
+        self.didStart = true
+        self.startedWaiters.forEach { $0.resume() }
+        self.startedWaiters.removeAll()
+        let result = await withCheckedContinuation { continuation in
+            self.waiters.append(continuation)
+        }
+        return try result.get()
+    }
+
+    func waitUntilStarted() async {
+        if self.didStart { return }
+        await withCheckedContinuation { continuation in
+            self.startedWaiters.append(continuation)
+        }
+    }
+
+    func resume(with result: Result<OpenAIDashboardSnapshot, Error>) {
+        self.waiters.forEach { $0.resume(returning: result) }
+        self.waiters.removeAll()
+    }
+}
+
+actor BlockingWidgetSnapshotSaver {
+    private var snapshots: [WidgetSnapshot] = []
+    private var waiters: [CheckedContinuation<Void, Never>] = []
+    private var startedWaiters: [CheckedContinuation<Void, Never>] = []
+
+    func save(_ snapshot: WidgetSnapshot) async {
+        self.snapshots.append(snapshot)
+        self.startedWaiters.forEach { $0.resume() }
+        self.startedWaiters.removeAll()
+        await withCheckedContinuation { continuation in
+            self.waiters.append(continuation)
+        }
+    }
+
+    func waitUntilStarted(count: Int) async {
+        if self.snapshots.count >= count { return }
+        await withCheckedContinuation { continuation in
+            self.startedWaiters.append(continuation)
+        }
+    }
+
+    func startedCount() -> Int {
+        self.snapshots.count
+    }
+
+    func resumeNext() {
+        guard !self.waiters.isEmpty else { return }
+        let waiter = self.waiters.removeFirst()
+        waiter.resume()
+    }
+
+    func savedSnapshots() -> [WidgetSnapshot] {
+        self.snapshots
+    }
+}
diff --git a/Tests/CodexBarTests/CodexAccountScopedRefreshTests.swift b/Tests/CodexBarTests/CodexAccountScopedRefreshTests.swift
new file mode 100644
index 000000000..6eb336799
--- /dev/null
+++ b/Tests/CodexBarTests/CodexAccountScopedRefreshTests.swift
@@ -0,0 +1,922 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+@MainActor
+struct CodexAccountScopedRefreshTests {
+    @Test
+    func `account transition invalidates codex scoped state and preserves token usage`() async {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-invalidate")
+        settings.refreshFrequency = .manual
+        settings.codexCookieSource = .auto
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "alpha@example.com")
+
+        let store = self.makeUsageStore(settings: settings)
+        let staleSnapshot = self.codexSnapshot(email: "alpha@example.com", usedPercent: 10)
+        let staleCredits = self.credits(remaining: 42)
+        let staleDashboard = self.dashboard(email: "alpha@example.com", creditsRemaining: 42, usedPercent: 20)
+        let tokenSnapshot = CostUsageTokenSnapshot(
+            sessionTokens: 120,
+            sessionCostUSD: 1.2,
+            last30DaysTokens: 900,
+            last30DaysCostUSD: 9.0,
+            daily: [],
+            updatedAt: Date())
+        var widgetSnapshots: [WidgetSnapshot] = []
+
+        store._setSnapshotForTesting(staleSnapshot, provider: .codex)
+        store.credits = staleCredits
+        store.lastCreditsSnapshot = staleCredits
+        store.lastCreditsSnapshotAccountKey = "alpha@example.com"
+        store.lastCreditsSource = .api
+        store.openAIDashboard = staleDashboard
+        store.lastOpenAIDashboardSnapshot = staleDashboard
+        store.lastOpenAIDashboardTargetEmail = "alpha@example.com"
+        store._setTokenSnapshotForTesting(tokenSnapshot, provider: .codex)
+        store.lastCodexAccountScopedRefreshGuard = store
+            .currentCodexAccountScopedRefreshGuard(preferCurrentSnapshot: false)
+        store._test_widgetSnapshotSaveOverride = { widgetSnapshots.append($0) }
+        defer { store._test_widgetSnapshotSaveOverride = nil }
+
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "beta@example.com")
+
+        let didInvalidate = store.prepareCodexAccountScopedRefreshIfNeeded()
+        await store.widgetSnapshotPersistTask?.value
+
+        #expect(didInvalidate)
+        #expect(store.snapshots[.codex] == nil)
+        #expect(store.credits == nil)
+        #expect(store.lastCreditsSnapshot == nil)
+        #expect(store.lastCreditsSnapshotAccountKey == nil)
+        #expect(store.lastCreditsSource == .none)
+        #expect(store.openAIDashboard == nil)
+        #expect(store.lastOpenAIDashboardSnapshot == nil)
+        #expect(store.tokenSnapshots[.codex] == tokenSnapshot)
+        #expect(widgetSnapshots.count == 1)
+        #expect(widgetSnapshots[0].entries.contains(where: { $0.provider == .codex }) == false)
+    }
+
+    @Test
+    func `first switch invalidates after codex refresh seeds the previous account guard`() async {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-first-switch")
+        settings.refreshFrequency = .manual
+        settings.codexCookieSource = .off
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "alpha@example.com")
+
+        let store = self.makeUsageStore(settings: settings)
+        self.installImmediateCodexProvider(
+            on: store,
+            snapshot: self.codexSnapshot(email: "alpha@example.com", usedPercent: 10))
+
+        await store.refreshProvider(.codex, allowDisabled: true)
+
+        #expect(store.lastCodexAccountScopedRefreshGuard?.accountKey == "alpha@example.com")
+
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "beta@example.com")
+
+        let didInvalidate = store.prepareCodexAccountScopedRefreshIfNeeded()
+
+        #expect(didInvalidate)
+        #expect(store.snapshots[.codex] == nil)
+    }
+
+    @Test
+    func `stale codex usage success is discarded after account switch`() async {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-stale-success")
+        settings.refreshFrequency = .manual
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "alpha@example.com")
+
+        let store = self.makeUsageStore(settings: settings)
+        let blocker = BlockingCodexFetchStrategy()
+        self.installBlockingCodexProvider(on: store, blocker: blocker)
+
+        let refreshTask = Task { await store.refreshProvider(.codex, allowDisabled: true) }
+        await blocker.waitUntilStarted()
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "beta@example.com")
+        await blocker.resume(with: .success(self.codexSnapshot(email: "alpha@example.com", usedPercent: 25)))
+        await refreshTask.value
+
+        #expect(store.snapshots[.codex] == nil)
+        #expect(store.errors[.codex] == nil)
+    }
+
+    @Test
+    func `same email provider account switch discards stale codex usage success`() async {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-stale-same-email-provider-account")
+        settings.refreshFrequency = .manual
+        settings._test_liveSystemCodexAccount = self.liveAccount(
+            email: "alpha@example.com",
+            identity: .providerAccount(id: "acct-alpha"))
+
+        let store = self.makeUsageStore(settings: settings)
+        let blocker = BlockingCodexFetchStrategy()
+        self.installBlockingCodexProvider(on: store, blocker: blocker)
+
+        let refreshTask = Task { await store.refreshProvider(.codex, allowDisabled: true) }
+        await blocker.waitUntilStarted()
+        settings._test_liveSystemCodexAccount = self.liveAccount(
+            email: "alpha@example.com",
+            identity: .providerAccount(id: "acct-beta"))
+        await blocker.resume(with: .success(self.codexSnapshot(email: "alpha@example.com", usedPercent: 25)))
+        await refreshTask.value
+
+        #expect(store.snapshots[.codex] == nil)
+        #expect(store.errors[.codex] == nil)
+    }
+
+    @Test
+    func `stale codex usage failure does not clear newer account snapshot`() async {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-stale-failure")
+        settings.refreshFrequency = .manual
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "alpha@example.com")
+
+        let store = self.makeUsageStore(settings: settings)
+        let blocker = BlockingCodexFetchStrategy()
+        self.installBlockingCodexProvider(on: store, blocker: blocker)
+
+        let refreshTask = Task { await store.refreshProvider(.codex, allowDisabled: true) }
+        await blocker.waitUntilStarted()
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "beta@example.com")
+        let freshSnapshot = self.codexSnapshot(email: "beta@example.com", usedPercent: 5)
+        store._setSnapshotForTesting(freshSnapshot, provider: .codex)
+        await blocker.resume(with: .failure(TestRefreshError(message: "stale failure")))
+        await refreshTask.value
+
+        #expect(store.snapshots[.codex]?.accountEmail(for: .codex) == "beta@example.com")
+        #expect(store.errors[.codex] == nil)
+    }
+
+    @Test
+    func `codex visible account refresh preserves prior snapshots when network fails`() async throws {
+        try await self.withCodexVisibleAccountFailureStore(
+            suite: "CodexAccountScopedRefreshTests-preserve-codex-snapshots",
+            errorMessage: "Network error: offline")
+        { store, snapshotStore, priorSnapshots in
+            await store.refreshCodexVisibleAccountsForMenu()
+
+            #expect(store.codexAccountSnapshots.count == priorSnapshots.count)
+            #expect(store.codexAccountSnapshots.allSatisfy { $0.snapshot?.primary?.usedPercent == 17 })
+            #expect(store.codexAccountSnapshots.allSatisfy { $0.error == "Network error: offline" })
+            #expect(store.codexAccountSnapshots.allSatisfy { $0.sourceLabel == "cached" })
+
+            let persisted = snapshotStore.storedSnapshots
+            #expect(persisted.count == priorSnapshots.count)
+            #expect(persisted.allSatisfy { $0.snapshot?.primary?.usedPercent == 17 })
+            #expect(persisted.allSatisfy { $0.error == "Network error: offline" })
+        }
+    }
+
+    @Test
+    func `codex visible account refresh drops prior snapshots when auth fails`() async throws {
+        try await self.withCodexVisibleAccountFailureStore(
+            suite: "CodexAccountScopedRefreshTests-drop-auth-failed-snapshots",
+            errorMessage: "401 Unauthorized")
+        { store, snapshotStore, priorSnapshots in
+            await store.refreshCodexVisibleAccountsForMenu()
+
+            #expect(store.codexAccountSnapshots.count == priorSnapshots.count)
+            #expect(store.codexAccountSnapshots.allSatisfy { $0.snapshot == nil })
+            #expect(store.codexAccountSnapshots.allSatisfy { $0.error == "401 Unauthorized" })
+
+            let persisted = snapshotStore.storedSnapshots
+            #expect(persisted.count == priorSnapshots.count)
+            #expect(persisted.allSatisfy { $0.snapshot == nil })
+            #expect(persisted.allSatisfy { $0.error == "401 Unauthorized" })
+        }
+    }
+
+    @Test
+    func `credits fallback only reuses cache for the same codex account`() async {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-credits")
+        settings.refreshFrequency = .manual
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "alpha@example.com")
+
+        let store = self.makeUsageStore(settings: settings)
+        let cachedCredits = self.credits(remaining: 12)
+        store._setSnapshotForTesting(self.codexSnapshot(email: "alpha@example.com", usedPercent: 10), provider: .codex)
+        store.lastCreditsSnapshot = cachedCredits
+        store.lastCreditsSnapshotAccountKey = "alpha@example.com"
+        store._test_codexCreditsLoaderOverride = {
+            throw TestRefreshError(message: "Codex credits data not available yet")
+        }
+        defer { store._test_codexCreditsLoaderOverride = nil }
+
+        await store.refreshCreditsIfNeeded()
+        #expect(store.credits == cachedCredits)
+        #expect(store.lastCreditsError == nil)
+
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "beta@example.com")
+        store._setSnapshotForTesting(self.codexSnapshot(email: "beta@example.com", usedPercent: 10), provider: .codex)
+
+        await store.refreshCreditsIfNeeded()
+        #expect(store.credits == nil)
+        #expect(store.lastCreditsSource == .none)
+        #expect(store.lastCreditsError == "Codex credits are still loading; will retry shortly.")
+    }
+
+    @Test
+    func `managed refresh invalidation keeps state when provider account is unchanged`() throws {
+        let settings = self.makeSettingsStore(
+            suite: "CodexAccountScopedRefreshTests-managed-renamed-email")
+        let managedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+        try Self.writeCodexAuthFile(
+            homeURL: managedHome,
+            email: "renamed@example.com",
+            plan: "pro",
+            accountId: "acct-managed")
+
+        let managedAccountID = UUID()
+        let managedAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "legacy@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccountID)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = self.makeUsageStore(settings: settings)
+        let currentSnapshot = self.codexSnapshot(email: "renamed@example.com", usedPercent: 10)
+        let currentCredits = self.credits(remaining: 42)
+        let currentDashboard = self.dashboard(email: "renamed@example.com", creditsRemaining: 42, usedPercent: 20)
+
+        store._setSnapshotForTesting(currentSnapshot, provider: .codex)
+        store.credits = currentCredits
+        store.lastCreditsSnapshot = currentCredits
+        store.lastCreditsSnapshotAccountKey = "renamed@example.com"
+        store.openAIDashboard = currentDashboard
+        store.lastOpenAIDashboardSnapshot = currentDashboard
+        store.lastOpenAIDashboardTargetEmail = "renamed@example.com"
+        store.seedCodexAccountScopedRefreshGuard(
+            source: .managedAccount(id: managedAccountID),
+            accountEmail: "renamed@example.com")
+
+        let currentGuard = store.currentCodexAccountScopedRefreshGuard(
+            preferCurrentSnapshot: false,
+            allowLastKnownLiveFallback: false)
+        let didInvalidate = store.prepareCodexAccountScopedRefreshIfNeeded()
+
+        #expect(currentGuard.identity == .providerAccount(id: "acct-managed"))
+        #expect(currentGuard.accountKey == "renamed@example.com")
+        #expect(didInvalidate == false)
+        #expect(store.snapshots[.codex]?.accountEmail(for: .codex) == "renamed@example.com")
+        #expect(store.credits?.remaining == 42)
+        #expect(store.openAIDashboard?.signedInEmail == "renamed@example.com")
+    }
+
+    @Test
+    func `credits refresh returns quickly when no live codex account is available`() async {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-credits-no-live-account")
+        let isolatedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-credits-no-live-\(UUID().uuidString)", isDirectory: true)
+        try? FileManager.default.createDirectory(at: isolatedHome, withIntermediateDirectories: true)
+        settings.refreshFrequency = .manual
+        settings._test_liveSystemCodexAccount = nil
+        settings._test_codexReconciliationEnvironment = ["CODEX_HOME": isolatedHome.path]
+        defer {
+            settings._test_codexReconciliationEnvironment = nil
+            try? FileManager.default.removeItem(at: isolatedHome)
+        }
+
+        let store = self.makeUsageStore(settings: settings)
+        var loaderCalled = false
+        store._test_codexCreditsLoaderOverride = {
+            loaderCalled = true
+            return self.credits(remaining: 1)
+        }
+        defer { store._test_codexCreditsLoaderOverride = nil }
+
+        let startedAt = ContinuousClock.now
+        await store.refreshCreditsIfNeeded(minimumSnapshotUpdatedAt: Date())
+        let elapsed = startedAt.duration(to: .now)
+
+        #expect(loaderCalled == false)
+        #expect(elapsed < .seconds(3))
+    }
+
+    @Test
+    func `stale dashboard apply is discarded after account switch`() async {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-dashboard")
+        settings.refreshFrequency = .manual
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "alpha@example.com")
+
+        let store = self.makeUsageStore(settings: settings)
+        let expectedGuard = store.currentCodexAccountScopedRefreshGuard()
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "beta@example.com")
+
+        await store.applyOpenAIDashboard(
+            self.dashboard(email: "alpha@example.com", creditsRemaining: 11, usedPercent: 35),
+            targetEmail: "alpha@example.com",
+            expectedGuard: expectedGuard,
+            allowCodexUsageBackfill: true)
+
+        #expect(store.openAIDashboard == nil)
+        #expect(store.snapshots[.codex] == nil)
+        #expect(store.credits == nil)
+    }
+
+    @Test
+    func `dashboard refresh fail closes when live identity is unresolved without trusted continuity`() async {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-dashboard-unresolved-fail-closed")
+        let isolatedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-openai-web-unresolved-fail-closed-\(UUID().uuidString)", isDirectory: true)
+        try? FileManager.default.createDirectory(at: isolatedHome, withIntermediateDirectories: true)
+        settings.refreshFrequency = .manual
+        settings.codexCookieSource = .auto
+        settings._test_liveSystemCodexAccount = nil
+        settings._test_codexReconciliationEnvironment = ["CODEX_HOME": isolatedHome.path]
+        defer {
+            settings._test_codexReconciliationEnvironment = nil
+            try? FileManager.default.removeItem(at: isolatedHome)
+        }
+
+        let store = self.makeUsageStore(settings: settings)
+        store.lastKnownLiveSystemCodexEmail = nil
+        store._test_openAIDashboardLoaderOverride = { _, _, _ in
+            self.dashboard(email: "seeded@example.com", creditsRemaining: 33, usedPercent: 12)
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+
+        let expectedGuard = store.currentCodexAccountScopedRefreshGuard()
+        #expect(expectedGuard.source == .liveSystem)
+        #expect(expectedGuard.identity == .unresolved)
+        #expect(expectedGuard.accountKey == nil)
+
+        await store.refreshOpenAIDashboardIfNeeded(force: true, expectedGuard: expectedGuard)
+
+        #expect(store.openAIDashboard == nil)
+        #expect(store.lastOpenAIDashboardSnapshot == nil)
+        #expect(store.snapshots[.codex] == nil)
+        #expect(store.credits == nil)
+        #expect(store.openAIDashboardRequiresLogin == true)
+        #expect(store.lastOpenAIDashboardError?.contains("could not be verified") == true)
+    }
+
+    @Test
+    func `dashboard refresh attaches for unresolved live identity with trusted non dashboard continuity`() async {
+        let settings = self.makeSettingsStore(
+            suite: "CodexAccountScopedRefreshTests-dashboard-unresolved-trusted-continuity")
+        let isolatedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-openai-web-unresolved-trusted-\(UUID().uuidString)", isDirectory: true)
+        try? FileManager.default.createDirectory(at: isolatedHome, withIntermediateDirectories: true)
+        settings.refreshFrequency = .manual
+        settings.codexCookieSource = .auto
+        settings._test_liveSystemCodexAccount = nil
+        settings._test_codexReconciliationEnvironment = ["CODEX_HOME": isolatedHome.path]
+        defer {
+            settings._test_codexReconciliationEnvironment = nil
+            try? FileManager.default.removeItem(at: isolatedHome)
+        }
+
+        let store = self.makeUsageStore(settings: settings)
+        store._setSnapshotForTesting(
+            self.codexSnapshot(email: "trusted@example.com", usedPercent: 12),
+            provider: .codex)
+        store.lastSourceLabels[.codex] = "codex-cli"
+        store._test_openAIDashboardLoaderOverride = { _, _, _ in
+            self.dashboard(email: "trusted@example.com", creditsRemaining: 33, usedPercent: 12)
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+
+        let expectedGuard = store.currentCodexOpenAIWebRefreshGuard()
+        #expect(expectedGuard.identity == .unresolved)
+
+        await store.refreshOpenAIDashboardIfNeeded(force: true, expectedGuard: expectedGuard)
+
+        #expect(store.openAIDashboard?.signedInEmail == "trusted@example.com")
+        #expect(store.snapshots[.codex]?.accountEmail(for: .codex) == "trusted@example.com")
+        #expect(store.lastSourceLabels[.codex] == "codex-cli")
+        #expect(store.credits?.remaining == 33)
+        #expect(store.lastCreditsSource == .dashboardWeb)
+        #expect(store.lastCreditsSnapshotAccountKey == "trusted@example.com")
+        #expect(
+            store.lastCodexAccountScopedRefreshGuard?.identity ==
+                .emailOnly(normalizedEmail: "trusted@example.com"))
+        #expect(store.lastCodexAccountScopedRefreshGuard?.accountKey == "trusted@example.com")
+    }
+
+    @Test
+    func `no usable codex usage does not block weekly only dashboard backfill`() async {
+        let settings = self.makeSettingsStore(
+            suite: "CodexAccountScopedRefreshTests-no-usable-usage-weekly-dashboard-backfill")
+        settings.refreshFrequency = .manual
+        settings.codexCookieSource = .auto
+        settings._test_liveSystemCodexAccount = self.liveAccount(
+            email: "weekly@example.com",
+            identity: .providerAccount(id: "acct-weekly"))
+
+        let store = self.makeUsageStore(settings: settings)
+        self.installFailingCodexProvider(on: store, error: UsageError.noRateLimitsFound)
+
+        await store.refreshProvider(.codex, allowDisabled: true)
+
+        #expect(store.snapshots[.codex] == nil)
+
+        await store.applyOpenAIDashboard(
+            OpenAIDashboardSnapshot(
+                signedInEmail: "weekly@example.com",
+                codeReviewRemainingPercent: 88,
+                creditEvents: [],
+                dailyBreakdown: [],
+                usageBreakdown: [],
+                creditsPurchaseURL: nil,
+                primaryLimit: nil,
+                secondaryLimit: RateWindow(
+                    usedPercent: 27,
+                    windowMinutes: 10080,
+                    resetsAt: Date(timeIntervalSince1970: 1_775_000_000),
+                    resetDescription: "next week"),
+                creditsRemaining: 14,
+                accountPlan: "Pro",
+                updatedAt: Date(timeIntervalSince1970: 1_774_900_000)),
+            targetEmail: "weekly@example.com",
+            allowCodexUsageBackfill: true)
+
+        #expect(store.openAIDashboard?.signedInEmail == "weekly@example.com")
+        #expect(store.snapshots[.codex]?.primary == nil)
+        #expect(store.snapshots[.codex]?.secondary?.usedPercent == 27)
+        #expect(store.snapshots[.codex]?.secondary?.windowMinutes == 10080)
+        #expect(store.lastSourceLabels[.codex] == "openai-web")
+    }
+
+    @Test
+    func `dashboard display only keeps dashboard visible and clears dashboard derived data`() async throws {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-dashboard-display-only-cleanup")
+        let managedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+        try Self.writeCodexAuthFile(
+            homeURL: managedHome,
+            email: "shared@example.com",
+            plan: "pro",
+            accountId: "acct-managed")
+
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "shared@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let managedStoreURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            try? FileManager.default.removeItem(at: managedStoreURL)
+            OpenAIDashboardCacheStore.clear()
+        }
+
+        settings.refreshFrequency = .manual
+        settings.codexCookieSource = .auto
+        settings._test_managedCodexAccountStoreURL = managedStoreURL
+        settings._test_liveSystemCodexAccount = self.liveAccount(
+            email: "shared@example.com",
+            identity: .emailOnly(normalizedEmail: "shared@example.com"))
+        settings.codexActiveSource = .liveSystem
+
+        let store = self.makeUsageStore(settings: settings)
+        store._setSnapshotForTesting(self.codexSnapshot(email: "shared@example.com", usedPercent: 20), provider: .codex)
+        store.lastSourceLabels[.codex] = "openai-web"
+        let staleCredits = self.credits(remaining: 20)
+        store.credits = staleCredits
+        store.lastCreditsSnapshot = staleCredits
+        store.lastCreditsSnapshotAccountKey = "shared@example.com"
+        store.lastCreditsSource = .dashboardWeb
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "shared@example.com",
+            snapshot: self.dashboard(email: "shared@example.com", creditsRemaining: 20, usedPercent: 20)))
+
+        await store.applyOpenAIDashboard(
+            self.dashboard(email: "shared@example.com", creditsRemaining: 9, usedPercent: 35),
+            targetEmail: "shared@example.com")
+
+        #expect(store.openAIDashboard?.signedInEmail == "shared@example.com")
+        #expect(store.lastOpenAIDashboardSnapshot?.signedInEmail == "shared@example.com")
+        #expect(store.snapshots[.codex] == nil)
+        #expect(store.lastSourceLabels[.codex] == nil)
+        #expect(store.credits == nil)
+        #expect(store.lastCreditsSource == .none)
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+    }
+
+    @Test
+    func `dashboard downgrade from real attach to display only retires owned state immediately`() async throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-dashboard-downgrade")
+        let managedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+        try Self.writeCodexAuthFile(
+            homeURL: managedHome,
+            email: "shared@example.com",
+            plan: "pro",
+            accountId: "acct-managed")
+
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "shared@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let managedStoreURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            try? FileManager.default.removeItem(at: managedStoreURL)
+        }
+
+        settings.refreshFrequency = .manual
+        settings.codexCookieSource = .auto
+        settings._test_liveSystemCodexAccount = self.liveAccount(
+            email: "shared@example.com",
+            identity: .emailOnly(normalizedEmail: "shared@example.com"))
+        settings.codexActiveSource = .liveSystem
+
+        let store = self.makeUsageStore(settings: settings)
+        await store.applyOpenAIDashboard(
+            self.dashboard(email: "shared@example.com", creditsRemaining: 20, usedPercent: 20),
+            targetEmail: "shared@example.com")
+
+        #expect(store.openAIDashboard?.signedInEmail == "shared@example.com")
+        #expect(store.snapshots[.codex]?.accountEmail(for: .codex) == "shared@example.com")
+        #expect(store.lastSourceLabels[.codex] == "openai-web")
+        #expect(store.credits?.remaining == 20)
+        #expect(store.lastCreditsSource == .dashboardWeb)
+        #expect(OpenAIDashboardCacheStore.load()?.accountEmail == "shared@example.com")
+
+        settings._test_managedCodexAccountStoreURL = managedStoreURL
+
+        await store.applyOpenAIDashboard(
+            self.dashboard(email: "shared@example.com", creditsRemaining: 9, usedPercent: 35),
+            targetEmail: "shared@example.com")
+
+        #expect(store.openAIDashboard?.signedInEmail == "shared@example.com")
+        #expect(store.lastOpenAIDashboardSnapshot?.signedInEmail == "shared@example.com")
+        #expect(store.snapshots[.codex] == nil)
+        #expect(store.lastSourceLabels[.codex] == nil)
+        #expect(store.credits == nil)
+        #expect(store.lastCreditsSource == .none)
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+    }
+
+    @Test
+    func `dashboard refresh rejects stale completion during live account reconciliation lag`() async {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-dashboard-reject-stale-live-lag")
+        let isolatedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-openai-web-stale-live-lag-\(UUID().uuidString)", isDirectory: true)
+        try? FileManager.default.createDirectory(at: isolatedHome, withIntermediateDirectories: true)
+        settings.refreshFrequency = .manual
+        settings.codexCookieSource = .auto
+        settings._test_codexReconciliationEnvironment = ["CODEX_HOME": isolatedHome.path]
+        settings.codexActiveSource = .liveSystem
+        defer {
+            settings._test_codexReconciliationEnvironment = nil
+            try? FileManager.default.removeItem(at: isolatedHome)
+        }
+
+        let store = self.makeUsageStore(settings: settings)
+        store._setSnapshotForTesting(self.codexSnapshot(email: "alpha@example.com", usedPercent: 12), provider: .codex)
+
+        let expectedGuard = store.currentCodexOpenAIWebRefreshGuard()
+        #expect(expectedGuard.accountKey == nil)
+
+        store._setSnapshotForTesting(self.codexSnapshot(email: "beta@example.com", usedPercent: 18), provider: .codex)
+
+        await store.applyOpenAIDashboard(
+            self.dashboard(email: "alpha@example.com", creditsRemaining: 40, usedPercent: 20),
+            targetEmail: nil,
+            expectedGuard: expectedGuard,
+            allowCodexUsageBackfill: true)
+
+        #expect(store.openAIDashboard == nil)
+        #expect(store.credits == nil)
+        #expect(store.snapshots[.codex]?.accountEmail(for: .codex) == "beta@example.com")
+    }
+
+    @Test
+    func `default dashboard refresh path discards stale completion after account switch`() async {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-dashboard-guard")
+        settings.refreshFrequency = .manual
+        settings.openAIWebAccessEnabled = true
+        settings.codexCookieSource = .auto
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "alpha@example.com")
+
+        let store = self.makeUsageStore(settings: settings)
+        self.installImmediateCodexProvider(
+            on: store,
+            snapshot: self.codexSnapshot(email: "alpha@example.com", usedPercent: 18))
+        let dashboardBlocker = BlockingOpenAIDashboardLoader()
+        store._test_openAIDashboardLoaderOverride = { _, _, _ in
+            try await dashboardBlocker.awaitResult()
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+
+        let refreshTask = Task { await store.refresh() }
+        await dashboardBlocker.waitUntilStarted()
+
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "beta@example.com")
+        store._setSnapshotForTesting(self.codexSnapshot(email: "beta@example.com", usedPercent: 7), provider: .codex)
+        store.openAIDashboard = nil
+        store.credits = nil
+
+        await dashboardBlocker.resume(with: .success(
+            self.dashboard(email: "alpha@example.com", creditsRemaining: 44, usedPercent: 21)))
+        await refreshTask.value
+
+        #expect(store.openAIDashboard == nil)
+        #expect(store.credits == nil)
+        #expect(store.snapshots[.codex]?.accountEmail(for: .codex) == "beta@example.com")
+    }
+
+    @Test
+    func `same email provider account switch discards stale dashboard completion`() async {
+        let settings = self
+            .makeSettingsStore(suite: "CodexAccountScopedRefreshTests-dashboard-same-email-provider-account")
+        settings.refreshFrequency = .manual
+        settings._test_liveSystemCodexAccount = self.liveAccount(
+            email: "alpha@example.com",
+            identity: .providerAccount(id: "acct-alpha"))
+
+        let store = self.makeUsageStore(settings: settings)
+        let expectedGuard = store.currentCodexOpenAIWebRefreshGuard()
+        #expect(expectedGuard.identity == .providerAccount(id: "acct-alpha"))
+
+        settings._test_liveSystemCodexAccount = self.liveAccount(
+            email: "alpha@example.com",
+            identity: .providerAccount(id: "acct-beta"))
+
+        await store.applyOpenAIDashboard(
+            self.dashboard(email: "alpha@example.com", creditsRemaining: 11, usedPercent: 35),
+            targetEmail: "alpha@example.com",
+            expectedGuard: expectedGuard,
+            allowCodexUsageBackfill: true)
+
+        #expect(store.openAIDashboard == nil)
+        #expect(store.snapshots[.codex] == nil)
+        #expect(store.credits == nil)
+    }
+
+    @Test
+    func `live switch invalidates stale codex state even when only last known live email remains`() async {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-invalidate-with-stale-last-known")
+        let isolatedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-invalidate-stale-last-known-\(UUID().uuidString)", isDirectory: true)
+        try? FileManager.default.createDirectory(at: isolatedHome, withIntermediateDirectories: true)
+        settings.refreshFrequency = .manual
+        settings.codexCookieSource = .auto
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "alpha@example.com")
+        settings._test_codexReconciliationEnvironment = ["CODEX_HOME": isolatedHome.path]
+        defer {
+            settings._test_codexReconciliationEnvironment = nil
+            try? FileManager.default.removeItem(at: isolatedHome)
+        }
+
+        let store = self.makeUsageStore(settings: settings)
+        store._setSnapshotForTesting(self.codexSnapshot(email: "alpha@example.com", usedPercent: 10), provider: .codex)
+        store.credits = self.credits(remaining: 12)
+        store.lastCreditsSnapshot = self.credits(remaining: 12)
+        store.lastCreditsSnapshotAccountKey = "alpha@example.com"
+        store.openAIDashboard = self.dashboard(email: "alpha@example.com", creditsRemaining: 12, usedPercent: 20)
+        store.lastOpenAIDashboardSnapshot = store.openAIDashboard
+        store.lastKnownLiveSystemCodexEmail = "alpha@example.com"
+        store.lastCodexAccountScopedRefreshGuard = store.currentCodexAccountScopedRefreshGuard(
+            preferCurrentSnapshot: false,
+            allowLastKnownLiveFallback: true)
+
+        settings._test_liveSystemCodexAccount = nil
+        store.snapshots.removeValue(forKey: .codex)
+
+        let didInvalidate = store.prepareCodexAccountScopedRefreshIfNeeded()
+        await store.widgetSnapshotPersistTask?.value
+
+        #expect(didInvalidate)
+        #expect(store.snapshots[.codex] == nil)
+        #expect(store.credits == nil)
+        #expect(store.openAIDashboard == nil)
+        #expect(store.lastCodexAccountScopedRefreshGuard?.accountKey == nil)
+    }
+
+    @Test
+    func `codex account refresh persists widget snapshots on invalidation and completion`() async {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-widgets")
+        settings.refreshFrequency = .manual
+        settings.codexCookieSource = .off
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "alpha@example.com")
+
+        let store = self.makeUsageStore(settings: settings)
+        store._setSnapshotForTesting(self.codexSnapshot(email: "alpha@example.com", usedPercent: 18), provider: .codex)
+        store.lastCodexAccountScopedRefreshGuard = store
+            .currentCodexAccountScopedRefreshGuard(preferCurrentSnapshot: false)
+
+        let blocker = BlockingCodexFetchStrategy()
+        self.installBlockingCodexProvider(on: store, blocker: blocker)
+        store._test_codexCreditsLoaderOverride = { self.credits(remaining: 77) }
+        defer { store._test_codexCreditsLoaderOverride = nil }
+
+        var widgetSnapshots: [WidgetSnapshot] = []
+        store._test_widgetSnapshotSaveOverride = { widgetSnapshots.append($0) }
+        defer { store._test_widgetSnapshotSaveOverride = nil }
+
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "beta@example.com")
+        let refreshTask = Task { await store.refreshCodexAccountScopedState(allowDisabled: true) }
+        await blocker.waitUntilStarted()
+        await blocker.resume(with: .success(self.codexSnapshot(email: "beta@example.com", usedPercent: 8)))
+        await refreshTask.value
+        await store.widgetSnapshotPersistTask?.value
+
+        #expect(widgetSnapshots.count == 2)
+        #expect(widgetSnapshots[0].entries.contains(where: { $0.provider == .codex }) == false)
+        #expect(widgetSnapshots[1].entries.first { $0.provider == .codex }?.creditsRemaining == 77)
+    }
+
+    @Test
+    func `widget snapshot saves stay ordered across codex account invalidation and completion`() async {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-widget-order")
+        settings.refreshFrequency = .manual
+
+        let store = self.makeUsageStore(settings: settings)
+        let saver = BlockingWidgetSnapshotSaver()
+        store._test_widgetSnapshotSaveOverride = { snapshot in
+            await saver.save(snapshot)
+        }
+        defer { store._test_widgetSnapshotSaveOverride = nil }
+
+        store.persistWidgetSnapshot(reason: "codex-account-invalidate")
+        await saver.waitUntilStarted(count: 1)
+        #expect(await saver.startedCount() == 1)
+
+        store._setSnapshotForTesting(self.codexSnapshot(email: "beta@example.com", usedPercent: 8), provider: .codex)
+        store.credits = self.credits(remaining: 77)
+        store.persistWidgetSnapshot(reason: "codex-account-refresh")
+
+        try? await Task.sleep(nanoseconds: 50_000_000)
+        #expect(await saver.startedCount() == 1)
+
+        await saver.resumeNext()
+        await saver.waitUntilStarted(count: 2)
+        await saver.resumeNext()
+        await store.widgetSnapshotPersistTask?.value
+
+        let snapshots = await saver.savedSnapshots()
+        #expect(snapshots.count == 2)
+        #expect(snapshots[0].entries.contains(where: { $0.provider == .codex }) == false)
+        #expect(snapshots[1].entries.first { $0.provider == .codex }?.creditsRemaining == 77)
+    }
+
+    @Test
+    func `widget snapshot excludes display only dashboard code review`() async throws {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-widget-display-only-dashboard")
+        settings.refreshFrequency = .manual
+
+        let store = self.makeUsageStore(settings: settings)
+        store._setSnapshotForTesting(self.codexSnapshot(email: "alpha@example.com", usedPercent: 18), provider: .codex)
+        store.credits = CreditsSnapshot(remaining: 12, events: [], updatedAt: Date())
+        store.openAIDashboard = self.dashboard(
+            email: "alpha@example.com",
+            creditsRemaining: 12,
+            usedPercent: 20)
+        store.openAIDashboardAttachmentAuthorized = false
+
+        var widgetSnapshots: [WidgetSnapshot] = []
+        store._test_widgetSnapshotSaveOverride = { widgetSnapshots.append($0) }
+        defer { store._test_widgetSnapshotSaveOverride = nil }
+
+        store.persistWidgetSnapshot(reason: "display-only-dashboard")
+        await store.widgetSnapshotPersistTask?.value
+
+        let codexEntry = try #require(widgetSnapshots.last?.entries.first { $0.provider == .codex })
+        #expect(codexEntry.creditsRemaining == nil)
+        #expect(codexEntry.codeReviewRemainingPercent == nil)
+    }
+
+    @Test
+    func `widget snapshot includes attached dashboard code review`() async throws {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-widget-attached-dashboard")
+        settings.refreshFrequency = .manual
+
+        let store = self.makeUsageStore(settings: settings)
+        store._setSnapshotForTesting(self.codexSnapshot(email: "alpha@example.com", usedPercent: 18), provider: .codex)
+        store.openAIDashboard = self.dashboard(
+            email: "alpha@example.com",
+            creditsRemaining: 12,
+            usedPercent: 20)
+        store.openAIDashboardAttachmentAuthorized = true
+
+        var widgetSnapshots: [WidgetSnapshot] = []
+        store._test_widgetSnapshotSaveOverride = { widgetSnapshots.append($0) }
+        defer { store._test_widgetSnapshotSaveOverride = nil }
+
+        store.persistWidgetSnapshot(reason: "attached-dashboard")
+        await store.widgetSnapshotPersistTask?.value
+
+        let codexEntry = try #require(widgetSnapshots.last?.entries.first { $0.provider == .codex })
+        #expect(codexEntry.codeReviewRemainingPercent == 88)
+    }
+
+    @Test
+    func `codex account refresh reports usage and credits phases before completion`() async {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-phases")
+        settings.refreshFrequency = .manual
+        settings.codexCookieSource = .off
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "alpha@example.com")
+
+        let store = self.makeUsageStore(settings: settings)
+        store._setSnapshotForTesting(self.codexSnapshot(email: "alpha@example.com", usedPercent: 18), provider: .codex)
+        store.lastCodexAccountScopedRefreshGuard = store
+            .currentCodexAccountScopedRefreshGuard(preferCurrentSnapshot: false)
+
+        let blocker = BlockingCodexFetchStrategy()
+        self.installBlockingCodexProvider(on: store, blocker: blocker)
+        store._test_codexCreditsLoaderOverride = { self.credits(remaining: 77) }
+        defer { store._test_codexCreditsLoaderOverride = nil }
+
+        var phases: [CodexAccountScopedRefreshPhase] = []
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "beta@example.com")
+
+        let refreshTask = Task {
+            await store.refreshCodexAccountScopedState(
+                allowDisabled: true,
+                phaseDidChange: { phases.append($0) })
+        }
+
+        await blocker.waitUntilStarted()
+        #expect(phases == [.invalidated])
+
+        await blocker.resume(with: .success(self.codexSnapshot(email: "beta@example.com", usedPercent: 8)))
+        await refreshTask.value
+
+        #expect(phases == [.invalidated, .usage, .credits, .completed])
+    }
+
+    @Test
+    func `refresh loads credits when codex email is discovered by usage in the same cycle`() async {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-refresh-credits")
+        settings.refreshFrequency = .manual
+        settings.codexCookieSource = .off
+
+        let store = self.makeUsageStore(settings: settings)
+        let blocker = BlockingCodexFetchStrategy()
+        self.installBlockingCodexProvider(on: store, blocker: blocker)
+        store._test_codexCreditsLoaderOverride = { self.credits(remaining: 55) }
+        defer { store._test_codexCreditsLoaderOverride = nil }
+
+        let refreshTask = Task { await store.refresh() }
+        await blocker.waitUntilStarted()
+        await blocker.resume(with: .success(self.codexSnapshot(email: "alpha@example.com", usedPercent: 12)))
+        await refreshTask.value
+        #expect(store.lastCodexAccountScopedRefreshGuard?.accountKey == "alpha@example.com")
+
+        await store.creditsRefreshTask?.value
+
+        #expect(store.credits?.remaining == 55)
+        #expect(store.lastCreditsSource == .api)
+    }
+
+    @Test
+    func `settings codex account selection refreshes credits on the first switch`() async throws {
+        let settings = self.makeSettingsStore(suite: "CodexAccountScopedRefreshTests-settings-selection")
+        settings.refreshFrequency = .manual
+        settings.codexCookieSource = .off
+        let managedAccountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let managedAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let storeURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_liveSystemCodexAccount = self.liveAccount(email: "live@example.com")
+
+        let store = self.makeUsageStore(settings: settings)
+        store._setSnapshotForTesting(self.codexSnapshot(email: "live@example.com", usedPercent: 30), provider: .codex)
+        store.lastCodexAccountScopedRefreshGuard = store
+            .currentCodexAccountScopedRefreshGuard(preferCurrentSnapshot: false)
+        self.installImmediateCodexProvider(
+            on: store,
+            snapshot: self.codexSnapshot(email: "managed@example.com", usedPercent: 9))
+        store._test_codexCreditsLoaderOverride = { self.credits(remaining: 55) }
+        defer { store._test_codexCreditsLoaderOverride = nil }
+
+        let pane = ProvidersPane(settings: settings, store: store)
+        await pane._test_selectCodexVisibleAccount(id: "managed@example.com")
+
+        #expect(settings.codexActiveSource == .managedAccount(id: managedAccountID))
+        #expect(store.snapshots[.codex]?.accountEmail(for: .codex) == "managed@example.com")
+        #expect(store.credits?.remaining == 55)
+    }
+}
diff --git a/Tests/CodexBarTests/CodexAccountsSectionStateTests.swift b/Tests/CodexBarTests/CodexAccountsSectionStateTests.swift
new file mode 100644
index 000000000..c25ff69b5
--- /dev/null
+++ b/Tests/CodexBarTests/CodexAccountsSectionStateTests.swift
@@ -0,0 +1,195 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@MainActor
+struct CodexAccountsSectionStateTests {
+    @Test
+    func `system badge shows for merged live row`() {
+        let accountID = UUID()
+        let mergedLiveAccount = CodexVisibleAccount(
+            id: "merged@example.com",
+            email: "merged@example.com",
+            storedAccountID: accountID,
+            selectionSource: .liveSystem,
+            isActive: true,
+            isLive: true,
+            canReauthenticate: true,
+            canRemove: true)
+        let state = CodexAccountsSectionState(
+            visibleAccounts: [mergedLiveAccount],
+            activeVisibleAccountID: mergedLiveAccount.id,
+            liveVisibleAccountID: mergedLiveAccount.id,
+            hasUnreadableManagedAccountStore: false,
+            isAuthenticatingManagedAccount: false,
+            authenticatingManagedAccountID: nil,
+            isRemovingManagedAccount: false,
+            isAuthenticatingLiveAccount: false,
+            isPromotingSystemAccount: false,
+            notice: nil)
+
+        #expect(state.showsLiveBadge(for: mergedLiveAccount))
+    }
+
+    @Test
+    func `system promotion availability uses live visible account and stored account id`() {
+        let managedAccountID = UUID()
+        let liveAccount = CodexVisibleAccount(
+            id: "live@example.com",
+            email: "live@example.com",
+            storedAccountID: nil,
+            selectionSource: .liveSystem,
+            isActive: false,
+            isLive: true,
+            canReauthenticate: true,
+            canRemove: false)
+        let managedAccount = CodexVisibleAccount(
+            id: "managed:\(managedAccountID.uuidString.lowercased())",
+            email: "managed@example.com",
+            storedAccountID: managedAccountID,
+            selectionSource: .managedAccount(id: managedAccountID),
+            isActive: true,
+            isLive: false,
+            canReauthenticate: true,
+            canRemove: true)
+        let state = CodexAccountsSectionState(
+            visibleAccounts: [liveAccount, managedAccount],
+            activeVisibleAccountID: managedAccount.id,
+            liveVisibleAccountID: liveAccount.id,
+            hasUnreadableManagedAccountStore: false,
+            isAuthenticatingManagedAccount: false,
+            authenticatingManagedAccountID: nil,
+            isRemovingManagedAccount: false,
+            isAuthenticatingLiveAccount: false,
+            isPromotingSystemAccount: false,
+            notice: nil)
+
+        #expect(state.canPromoteToSystem(liveAccount) == false)
+        #expect(state.canPromoteToSystem(managedAccount))
+    }
+
+    @Test
+    func `system promotion controls disable while conflicting work is running`() {
+        let managedAccountID = UUID()
+        let liveAccount = CodexVisibleAccount(
+            id: "live@example.com",
+            email: "live@example.com",
+            storedAccountID: nil,
+            selectionSource: .liveSystem,
+            isActive: false,
+            isLive: true,
+            canReauthenticate: true,
+            canRemove: false)
+        let managedAccount = CodexVisibleAccount(
+            id: "managed:\(managedAccountID.uuidString.lowercased())",
+            email: "managed@example.com",
+            storedAccountID: managedAccountID,
+            selectionSource: .managedAccount(id: managedAccountID),
+            isActive: true,
+            isLive: false,
+            canReauthenticate: true,
+            canRemove: true)
+        let state = CodexAccountsSectionState(
+            visibleAccounts: [liveAccount, managedAccount],
+            activeVisibleAccountID: managedAccount.id,
+            liveVisibleAccountID: liveAccount.id,
+            hasUnreadableManagedAccountStore: false,
+            isAuthenticatingManagedAccount: false,
+            authenticatingManagedAccountID: nil,
+            isRemovingManagedAccount: true,
+            isAuthenticatingLiveAccount: false,
+            isPromotingSystemAccount: false,
+            notice: nil)
+
+        #expect(state.isSystemSelectionDisabled)
+        #expect(state.canPromoteToSystem(managedAccount) == false)
+    }
+
+    @Test
+    func `system display does not fall back when no live account exists`() {
+        let managedAccountID = UUID()
+        let managedAccount = CodexVisibleAccount(
+            id: "managed:\(managedAccountID.uuidString.lowercased())",
+            email: "managed@example.com",
+            storedAccountID: managedAccountID,
+            selectionSource: .managedAccount(id: managedAccountID),
+            isActive: true,
+            isLive: false,
+            canReauthenticate: true,
+            canRemove: true)
+        let state = CodexAccountsSectionState(
+            visibleAccounts: [managedAccount],
+            activeVisibleAccountID: managedAccount.id,
+            liveVisibleAccountID: nil,
+            hasUnreadableManagedAccountStore: false,
+            isAuthenticatingManagedAccount: false,
+            authenticatingManagedAccountID: nil,
+            isRemovingManagedAccount: false,
+            isAuthenticatingLiveAccount: false,
+            isPromotingSystemAccount: false,
+            notice: nil)
+
+        #expect(state.systemVisibleAccount == nil)
+        #expect(state.showsSystemPicker)
+        #expect(state.systemDisplayName == "No system account")
+    }
+
+    @Test
+    func `remove in flight blocks add reauth and remove actions`() {
+        let managedAccountID = UUID()
+        let managedAccount = CodexVisibleAccount(
+            id: "managed:\(managedAccountID.uuidString.lowercased())",
+            email: "managed@example.com",
+            storedAccountID: managedAccountID,
+            selectionSource: .managedAccount(id: managedAccountID),
+            isActive: true,
+            isLive: false,
+            canReauthenticate: true,
+            canRemove: true)
+        let state = CodexAccountsSectionState(
+            visibleAccounts: [managedAccount],
+            activeVisibleAccountID: managedAccount.id,
+            liveVisibleAccountID: nil,
+            hasUnreadableManagedAccountStore: false,
+            isAuthenticatingManagedAccount: false,
+            authenticatingManagedAccountID: nil,
+            isRemovingManagedAccount: true,
+            isAuthenticatingLiveAccount: false,
+            isPromotingSystemAccount: false,
+            notice: nil)
+
+        #expect(state.canAddAccount == false)
+        #expect(state.canReauthenticate(managedAccount) == false)
+        #expect(state.canRemove(managedAccount) == false)
+    }
+
+    @Test
+    func `promotion in flight blocks add reauth and remove actions`() {
+        let managedAccountID = UUID()
+        let managedAccount = CodexVisibleAccount(
+            id: "managed:\(managedAccountID.uuidString.lowercased())",
+            email: "managed@example.com",
+            storedAccountID: managedAccountID,
+            selectionSource: .managedAccount(id: managedAccountID),
+            isActive: true,
+            isLive: false,
+            canReauthenticate: true,
+            canRemove: true)
+        let state = CodexAccountsSectionState(
+            visibleAccounts: [managedAccount],
+            activeVisibleAccountID: managedAccount.id,
+            liveVisibleAccountID: nil,
+            hasUnreadableManagedAccountStore: false,
+            isAuthenticatingManagedAccount: false,
+            authenticatingManagedAccountID: nil,
+            isRemovingManagedAccount: false,
+            isAuthenticatingLiveAccount: false,
+            isPromotingSystemAccount: true,
+            notice: nil)
+
+        #expect(state.canAddAccount == false)
+        #expect(state.canReauthenticate(managedAccount) == false)
+        #expect(state.canRemove(managedAccount) == false)
+    }
+}
diff --git a/Tests/CodexBarTests/CodexAccountsSettingsSectionTests.swift b/Tests/CodexBarTests/CodexAccountsSettingsSectionTests.swift
new file mode 100644
index 000000000..7ce1ff29a
--- /dev/null
+++ b/Tests/CodexBarTests/CodexAccountsSettingsSectionTests.swift
@@ -0,0 +1,453 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@MainActor
+struct CodexAccountsSettingsSectionTests {
+    @Test
+    func `codex accounts section shows live badge only for live only multi account row`() throws {
+        let settings = Self.makeSettingsStore(suite: "CodexAccountsSettingsSectionTests-live-badge")
+        let store = Self.makeUsageStore(settings: settings)
+        let managedStoreURL = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+        defer { try? FileManager.default.removeItem(at: managedStoreURL) }
+
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let managedStore = FileManagedCodexAccountStore(fileURL: managedStoreURL)
+        try managedStore.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [managedAccount]))
+
+        settings._test_managedCodexAccountStoreURL = managedStoreURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+
+        let pane = ProvidersPane(settings: settings, store: store)
+        let state = try #require(pane._test_codexAccountsSectionState())
+        let liveAccount = try #require(state.visibleAccounts.first { $0.email == "live@example.com" })
+        let managedVisibleAccount = try #require(state.visibleAccounts.first { $0.email == "managed@example.com" })
+
+        #expect(state.showsLiveBadge(for: liveAccount))
+        #expect(state.showsLiveBadge(for: managedVisibleAccount) == false)
+    }
+
+    @Test
+    func `single account codex settings uses simple account view instead of picker`() throws {
+        let settings = Self.makeSettingsStore(suite: "CodexAccountsSettingsSectionTests-single-account")
+        let store = Self.makeUsageStore(settings: settings)
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "solo@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+
+        let pane = ProvidersPane(settings: settings, store: store)
+        let state = try #require(pane._test_codexAccountsSectionState())
+
+        #expect(state.visibleAccounts.count == 1)
+        #expect(state.showsActivePicker == false)
+        #expect(state.singleVisibleAccount?.email == "solo@example.com")
+    }
+
+    @Test
+    func `single account codex settings state includes workspace display name`() throws {
+        let settings = Self.makeSettingsStore(suite: "CodexAccountsSettingsSectionTests-single-workspace")
+        let store = Self.makeUsageStore(settings: settings)
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "solo@example.com",
+            workspaceLabel: "Team Alpha",
+            workspaceAccountID: "account-live",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date(),
+            identity: .providerAccount(id: "account-live"))
+
+        let pane = ProvidersPane(settings: settings, store: store)
+        let state = try #require(pane._test_codexAccountsSectionState())
+
+        #expect(state.singleVisibleAccount?.displayName == "solo@example.com — Team Alpha")
+    }
+
+    @Test
+    func `codex accounts section disables managed mutations when store is unreadable`() throws {
+        let settings = Self.makeSettingsStore(suite: "CodexAccountsSettingsSectionTests-unreadable")
+        let store = Self.makeUsageStore(settings: settings)
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings._test_unreadableManagedCodexAccountStore = true
+        defer { settings._test_unreadableManagedCodexAccountStore = false }
+
+        let pane = ProvidersPane(settings: settings, store: store)
+        let state = try #require(pane._test_codexAccountsSectionState())
+        let liveAccount = try #require(state.visibleAccounts.first)
+
+        #expect(state.hasUnreadableManagedAccountStore)
+        #expect(state.canAddAccount == false)
+        #expect(state.notice?.tone == .warning)
+        #expect(state.canReauthenticate(liveAccount))
+    }
+
+    @Test
+    func `selecting merged visible account from settings keeps live system source`() async throws {
+        let settings = Self.makeSettingsStore(suite: "CodexAccountsSettingsSectionTests-select-merged")
+        let store = Self.makeUsageStore(settings: settings)
+        let managedStoreURL = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+        defer { try? FileManager.default.removeItem(at: managedStoreURL) }
+
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "same@example.com",
+            managedHomePath: "/tmp/managed",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let managedStore = FileManagedCodexAccountStore(fileURL: managedStoreURL)
+        try managedStore.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [managedAccount]))
+
+        settings._test_managedCodexAccountStoreURL = managedStoreURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "SAME@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+
+        let pane = ProvidersPane(settings: settings, store: store)
+        await pane._test_selectCodexVisibleAccount(id: "same@example.com")
+
+        #expect(settings.codexActiveSource == .liveSystem)
+        let state = try #require(pane._test_codexAccountsSectionState())
+        #expect(state.activeVisibleAccountID == "same@example.com")
+    }
+
+    @Test
+    func `settings account selection can target the managed row when same email rows split by identity`() async throws {
+        let settings = Self.makeSettingsStore(suite: "CodexAccountsSettingsSectionTests-select-split")
+        let store = Self.makeUsageStore(settings: settings)
+        let managedStoreURL = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+        let managedHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: managedStoreURL)
+            try? FileManager.default.removeItem(at: managedHome)
+        }
+
+        try Self.writeCodexAuthFile(
+            homeURL: managedHome,
+            email: "same@example.com",
+            plan: "pro",
+            accountID: "account-managed")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "same@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let managedStore = FileManagedCodexAccountStore(fileURL: managedStoreURL)
+        try managedStore.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [managedAccount]))
+
+        settings._test_managedCodexAccountStoreURL = managedStoreURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "SAME@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date(),
+            identity: .emailOnly(normalizedEmail: "same@example.com"))
+        settings.codexActiveSource = .liveSystem
+
+        let pane = ProvidersPane(settings: settings, store: store)
+        let initialState = try #require(pane._test_codexAccountsSectionState())
+        let managedVisibleAccount = try #require(initialState.visibleAccounts
+            .first { $0.storedAccountID == managedAccount.id })
+
+        await pane._test_selectCodexVisibleAccount(id: managedVisibleAccount.id)
+
+        #expect(settings.codexActiveSource == .managedAccount(id: managedAccount.id))
+        let updatedState = try #require(pane._test_codexAccountsSectionState())
+        #expect(updatedState.activeVisibleAccountID == managedVisibleAccount.id)
+    }
+
+    @Test
+    func `codex accounts section disables add and reauth while managed authentication is in flight`() async throws {
+        let settings = Self.makeSettingsStore(suite: "CodexAccountsSettingsSectionTests-in-flight")
+        let store = Self.makeUsageStore(settings: settings)
+        let managedStoreURL = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+        defer { try? FileManager.default.removeItem(at: managedStoreURL) }
+
+        let managedAccountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let managedAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let managedStore = FileManagedCodexAccountStore(fileURL: managedStoreURL)
+        try managedStore.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [managedAccount]))
+        settings._test_managedCodexAccountStoreURL = managedStoreURL
+
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+        let runner = BlockingManagedCodexLoginRunnerForSettingsSectionTests()
+        let service = ManagedCodexAccountService(
+            store: managedStore,
+            homeFactory: TestManagedCodexHomeFactoryForSettingsSectionTests(root: root),
+            loginRunner: runner,
+            identityReader: StubManagedCodexIdentityReaderForSettingsSectionTests(emails: ["managed@example.com"]))
+        let coordinator = ManagedCodexAccountCoordinator(service: service)
+        let authTask = Task { try await coordinator.authenticateManagedAccount() }
+        await runner.waitUntilStarted()
+
+        let pane = ProvidersPane(
+            settings: settings,
+            store: store,
+            managedCodexAccountCoordinator: coordinator)
+        let state = try #require(pane._test_codexAccountsSectionState())
+        let visibleAccount = try #require(state.visibleAccounts.first { $0.email == "managed@example.com" })
+
+        #expect(state.canAddAccount == false)
+        #expect(state.addAccountTitle == "Adding Account…")
+        #expect(state.canReauthenticate(visibleAccount) == false)
+
+        await runner.resume()
+        _ = try await authTask.value
+    }
+
+    @Test
+    func `adding managed codex account auto selects the merged live row`() async throws {
+        let settings = Self.makeSettingsStore(suite: "CodexAccountsSettingsSectionTests-add-merged")
+        let store = Self.makeUsageStore(settings: settings)
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "same@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+
+        let coordinator = Self.makeManagedCoordinator(settings: settings, email: "same@example.com")
+        let pane = ProvidersPane(
+            settings: settings,
+            store: store,
+            managedCodexAccountCoordinator: coordinator)
+
+        await pane._test_addManagedCodexAccount()
+
+        #expect(settings.codexActiveSource == .liveSystem)
+        let state = try #require(pane._test_codexAccountsSectionState())
+        #expect(state.activeVisibleAccountID == "same@example.com")
+    }
+
+    @Test
+    func `adding managed codex account selects the new managed account when email differs`() async throws {
+        let settings = Self.makeSettingsStore(suite: "CodexAccountsSettingsSectionTests-add-managed")
+        let store = Self.makeUsageStore(settings: settings)
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+
+        let coordinator = Self.makeManagedCoordinator(settings: settings, email: "managed@example.com")
+        let pane = ProvidersPane(
+            settings: settings,
+            store: store,
+            managedCodexAccountCoordinator: coordinator)
+
+        await pane._test_addManagedCodexAccount()
+
+        guard case .managedAccount = settings.codexActiveSource else {
+            Issue.record("Expected the new managed account to become active")
+            return
+        }
+        let state = try #require(pane._test_codexAccountsSectionState())
+        #expect(state.activeVisibleAccountID == "managed@example.com")
+    }
+
+    @Test
+    func `managed codex login failure message includes codex login output`() {
+        let error = ManagedCodexAccountServiceError.loginFailed(CodexLoginRunner.Result(
+            outcome: .failed(status: 2),
+            output: "Browser selected the existing ChatGPT account"))
+
+        #expect(error.userFacingMessage.contains("codex --version"))
+        #expect(error.userFacingMessage.contains("codex login output:"))
+        #expect(error.userFacingMessage.contains("Browser selected the existing ChatGPT account"))
+    }
+
+    private static func makeManagedCoordinator(
+        settings: SettingsStore,
+        email: String)
+        -> ManagedCodexAccountCoordinator
+    {
+        let storeURL = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+        let store = FileManagedCodexAccountStore(fileURL: storeURL)
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        settings._test_managedCodexAccountStoreURL = storeURL
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactoryForSettingsSectionTests(root: root),
+            loginRunner: StubManagedCodexLoginRunnerForSettingsSectionTests.success,
+            identityReader: StubManagedCodexIdentityReaderForSettingsSectionTests(emails: [email]))
+        return ManagedCodexAccountCoordinator(service: service)
+    }
+
+    private static func makeSettingsStore(suite: String) -> SettingsStore {
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore(),
+            codexCookieStore: InMemoryCookieHeaderStore(),
+            claudeCookieStore: InMemoryCookieHeaderStore(),
+            cursorCookieStore: InMemoryCookieHeaderStore(),
+            opencodeCookieStore: InMemoryCookieHeaderStore(),
+            factoryCookieStore: InMemoryCookieHeaderStore(),
+            minimaxCookieStore: InMemoryMiniMaxCookieStore(),
+            minimaxAPITokenStore: InMemoryMiniMaxAPITokenStore(),
+            kimiTokenStore: InMemoryKimiTokenStore(),
+            kimiK2TokenStore: InMemoryKimiK2TokenStore(),
+            augmentCookieStore: InMemoryCookieHeaderStore(),
+            ampCookieStore: InMemoryCookieHeaderStore(),
+            copilotTokenStore: InMemoryCopilotTokenStore(),
+            tokenAccountStore: InMemoryTokenAccountStore())
+    }
+
+    private static func makeUsageStore(settings: SettingsStore) -> UsageStore {
+        UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+    }
+}
+
+extension CodexAccountsSettingsSectionTests {
+    private static func writeCodexAuthFile(
+        homeURL: URL,
+        email: String,
+        plan: String,
+        accountID: String? = nil) throws
+    {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        var tokens: [String: Any] = [
+            "accessToken": "access-token",
+            "refreshToken": "refresh-token",
+            "idToken": Self.fakeJWT(email: email, plan: plan, accountID: accountID),
+        ]
+        if let accountID {
+            tokens["account_id"] = accountID
+        }
+        let auth = ["tokens": tokens]
+        let data = try JSONSerialization.data(withJSONObject: auth)
+        try data.write(to: homeURL.appendingPathComponent("auth.json"))
+    }
+
+    private static func fakeJWT(email: String, plan: String, accountID: String? = nil) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        var payloadObject: [String: Any] = [
+            "email": email,
+            "chatgpt_plan_type": plan,
+        ]
+        if let accountID {
+            payloadObject["https://api.openai.com/auth"] = [
+                "chatgpt_account_id": accountID,
+            ]
+        }
+        let payload = (try? JSONSerialization.data(withJSONObject: payloadObject)) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
+}
+
+private struct TestManagedCodexHomeFactoryForSettingsSectionTests: ManagedCodexHomeProducing {
+    let root: URL
+    private let nextID = UUID().uuidString
+
+    func makeHomeURL() -> URL {
+        self.root.appendingPathComponent(self.nextID, isDirectory: true)
+    }
+
+    func validateManagedHomeForDeletion(_ url: URL) throws {
+        try ManagedCodexHomeFactory(root: self.root).validateManagedHomeForDeletion(url)
+    }
+}
+
+private struct StubManagedCodexLoginRunnerForSettingsSectionTests: ManagedCodexLoginRunning {
+    let result: CodexLoginRunner.Result
+
+    func run(homePath _: String, timeout _: TimeInterval) async -> CodexLoginRunner.Result {
+        self.result
+    }
+
+    static let success = StubManagedCodexLoginRunnerForSettingsSectionTests(
+        result: CodexLoginRunner.Result(outcome: .success, output: "ok"))
+}
+
+private actor BlockingManagedCodexLoginRunnerForSettingsSectionTests: ManagedCodexLoginRunning {
+    private var waiters: [CheckedContinuation<CodexLoginRunner.Result, Never>] = []
+    private var startedWaiters: [CheckedContinuation<Void, Never>] = []
+    private var didStart = false
+
+    func run(homePath _: String, timeout _: TimeInterval) async -> CodexLoginRunner.Result {
+        self.didStart = true
+        self.startedWaiters.forEach { $0.resume() }
+        self.startedWaiters.removeAll()
+        return await withCheckedContinuation { continuation in
+            self.waiters.append(continuation)
+        }
+    }
+
+    func waitUntilStarted() async {
+        if self.didStart { return }
+        await withCheckedContinuation { continuation in
+            self.startedWaiters.append(continuation)
+        }
+    }
+
+    func resume() {
+        let result = CodexLoginRunner.Result(outcome: .success, output: "ok")
+        self.waiters.forEach { $0.resume(returning: result) }
+        self.waiters.removeAll()
+    }
+}
+
+private final class StubManagedCodexIdentityReaderForSettingsSectionTests: ManagedCodexIdentityReading,
+@unchecked Sendable {
+    private var emails: [String]
+
+    init(emails: [String]) {
+        self.emails = emails
+    }
+
+    func loadAccountIdentity(homePath _: String) throws -> CodexAuthBackedAccount {
+        let email = self.emails.isEmpty ? nil : self.emails.removeFirst()
+        return CodexAuthBackedAccount(
+            identity: CodexIdentityResolver.resolve(accountId: nil, email: email),
+            email: email,
+            plan: "Pro")
+    }
+}
diff --git a/Tests/CodexBarTests/CodexActiveSourceConfigTests.swift b/Tests/CodexBarTests/CodexActiveSourceConfigTests.swift
new file mode 100644
index 000000000..d9d5f256e
--- /dev/null
+++ b/Tests/CodexBarTests/CodexActiveSourceConfigTests.swift
@@ -0,0 +1,144 @@
+import CodexBarCore
+import Foundation
+import Testing
+
+@Suite(.serialized)
+struct CodexActiveSourceConfigTests {
+    @Test
+    func `legacy config without codex active source decodes to nil`() throws {
+        let legacyJSON = """
+        {
+            "version": 1,
+            "providers": [
+                {
+                    "id": "codex"
+                }
+            ]
+        }
+        """
+
+        let decoded = try JSONDecoder().decode(
+            CodexBarConfig.self,
+            from: Data(legacyJSON.utf8))
+
+        #expect(decoded.providerConfig(for: .codex)?.codexActiveSource == nil)
+        #expect(decoded.providerConfig(for: .codex)?.quotaWarnings == nil)
+    }
+
+    @Test
+    func `provider config round trips quota warning overrides`() throws {
+        let config = CodexBarConfig(
+            providers: [
+                ProviderConfig(
+                    id: .codex,
+                    quotaWarnings: QuotaWarningConfig(
+                        session: QuotaWarningWindowConfig(thresholds: [10]),
+                        weekly: QuotaWarningWindowConfig(thresholds: [50, 20]))),
+            ])
+
+        let data = try JSONEncoder().encode(config)
+        let decoded = try JSONDecoder().decode(CodexBarConfig.self, from: data)
+        let quotaWarnings = try #require(decoded.providerConfig(for: .codex)?.quotaWarnings)
+
+        #expect(quotaWarnings.thresholds(for: .session, global: [80]) == [10])
+        #expect(quotaWarnings.thresholds(for: .weekly, global: [80]) == [50, 20])
+    }
+
+    @Test
+    func `quota warning window enabled defaults stay backward compatible`() throws {
+        let legacyJSON = """
+        {
+            "version": 1,
+            "providers": [
+                {
+                    "id": "codex",
+                    "quotaWarnings": {
+                        "session": { "thresholds": [10] },
+                        "weekly": { "enabled": false }
+                    }
+                }
+            ]
+        }
+        """
+
+        let decoded = try JSONDecoder().decode(CodexBarConfig.self, from: Data(legacyJSON.utf8))
+        let quotaWarnings = try #require(decoded.providerConfig(for: .codex)?.quotaWarnings)
+
+        #expect(quotaWarnings.isEnabled(for: .session, global: false) == true)
+        #expect(quotaWarnings.isEnabled(for: .weekly, global: true) == false)
+        #expect(quotaWarnings.hasOverride(for: .session) == true)
+        #expect(quotaWarnings.hasOverride(for: .weekly) == true)
+    }
+
+    @Test
+    func `provider config encodes live system active source with expected schema`() throws {
+        let config = CodexBarConfig(
+            providers: [
+                ProviderConfig(
+                    id: .codex,
+                    codexActiveSource: .liveSystem),
+            ])
+
+        let data = try JSONEncoder().encode(config)
+        let object = try JSONSerialization.jsonObject(with: data) as? [String: Any]
+        let providers = try #require(object?["providers"] as? [[String: Any]])
+        let provider = try #require(providers.first(where: { $0["id"] as? String == "codex" }))
+        let activeSource = try #require(provider["codexActiveSource"] as? [String: Any])
+
+        #expect(activeSource.count == 1)
+        #expect(activeSource["kind"] as? String == "liveSystem")
+        #expect(activeSource["accountID"] == nil)
+    }
+
+    @Test
+    func `provider config encodes managed account active source with expected schema`() throws {
+        let accountID = UUID()
+        let config = CodexBarConfig(
+            providers: [
+                ProviderConfig(
+                    id: .codex,
+                    codexActiveSource: .managedAccount(id: accountID)),
+            ])
+
+        let data = try JSONEncoder().encode(config)
+        let object = try JSONSerialization.jsonObject(with: data) as? [String: Any]
+        let providers = try #require(object?["providers"] as? [[String: Any]])
+        let provider = try #require(providers.first(where: { $0["id"] as? String == "codex" }))
+        let activeSource = try #require(provider["codexActiveSource"] as? [String: Any])
+
+        #expect(activeSource.count == 2)
+        #expect(activeSource["kind"] as? String == "managedAccount")
+        #expect((activeSource["accountID"] as? String) == accountID.uuidString)
+    }
+
+    @Test
+    func `provider config round trips live system active source`() throws {
+        let config = CodexBarConfig(
+            providers: [
+                ProviderConfig(
+                    id: .codex,
+                    codexActiveSource: .liveSystem),
+            ])
+
+        let data = try JSONEncoder().encode(config)
+        let decoded = try JSONDecoder().decode(CodexBarConfig.self, from: data)
+
+        #expect(decoded.providerConfig(for: .codex)?.codexActiveSource == .liveSystem)
+    }
+
+    @Test
+    func `provider config round trips managed account active source`() throws {
+        let accountID = UUID()
+        let config = CodexBarConfig(
+            providers: [
+                ProviderConfig(
+                    id: .codex,
+                    codexActiveSource: .managedAccount(id: accountID)),
+            ])
+
+        let data = try JSONEncoder().encode(config)
+        let decoded = try JSONDecoder().decode(CodexBarConfig.self, from: data)
+
+        #expect(decoded.providerConfig(for: .codex)?.codexActiveSource == .managedAccount(id: accountID))
+    }
+}
diff --git a/Tests/CodexBarTests/CodexAdditionalRateLimitsTests.swift b/Tests/CodexBarTests/CodexAdditionalRateLimitsTests.swift
new file mode 100644
index 000000000..3809cb2ca
--- /dev/null
+++ b/Tests/CodexBarTests/CodexAdditionalRateLimitsTests.swift
@@ -0,0 +1,311 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct CodexAdditionalRateLimitsTests {
+    @Test
+    func `maps additional spark limit into a named extra rate window`() throws {
+        let json = """
+        {
+          "plan_type": "pro",
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": 22,
+              "reset_at": 1766948068,
+              "limit_window_seconds": 18000
+            },
+            "secondary_window": {
+              "used_percent": 43,
+              "reset_at": 1767407914,
+              "limit_window_seconds": 604800
+            }
+          },
+          "additional_rate_limits": [
+            {
+              "limit_name": "GPT-5.3-Codex-Spark",
+              "metered_feature": "gpt_5_3_codex_spark",
+              "rate_limit": {
+                "allowed": true,
+                "limit_reached": false,
+                "primary_window": {
+                  "used_percent": 30,
+                  "reset_at": 1766948068,
+                  "limit_window_seconds": 18000,
+                  "reset_after_seconds": 12345
+                },
+                "secondary_window": {
+                  "used_percent": 100,
+                  "reset_at": 1767407914,
+                  "limit_window_seconds": 604800,
+                  "reset_after_seconds": 56789
+                }
+              }
+            }
+          ]
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+        let mapped = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        let snapshot = try #require(mapped)
+        // Primary/weekly behavior is unchanged.
+        #expect(snapshot.primary?.usedPercent == 22)
+        #expect(snapshot.secondary?.usedPercent == 43)
+        // Spark surfaces as distinct 5-hour and weekly extra windows.
+        let extras = try #require(snapshot.extraRateWindows)
+        #expect(extras.count == 2)
+        let spark = try #require(extras.first)
+        #expect(spark.id == "codex-spark")
+        #expect(spark.title == "Codex Spark 5-hour")
+        #expect(spark.window.usedPercent == 30)
+        #expect(spark.window.windowMinutes == 300)
+        #expect(spark.window.resetsAt != nil)
+        let weekly = try #require(extras.last)
+        #expect(weekly.id == "codex-spark-weekly")
+        #expect(weekly.title == "Codex Spark Weekly")
+        #expect(weekly.window.usedPercent == 100)
+        #expect(weekly.window.windowMinutes == 10080)
+        #expect(weekly.window.resetsAt != nil)
+    }
+
+    @Test
+    func `keeps valid spark window when an additional limit sibling is malformed`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": { "used_percent": 22, "reset_at": 1766948068, "limit_window_seconds": 18000 },
+            "secondary_window": { "used_percent": 43, "reset_at": 1767407914, "limit_window_seconds": 604800 }
+          },
+          "additional_rate_limits": [
+            "garbage-not-an-object",
+            {
+              "limit_name": "GPT-5.3-Codex-Spark",
+              "metered_feature": "gpt_5_3_codex_spark",
+              "rate_limit": {
+                "primary_window": { "used_percent": 30, "reset_at": 1766948068, "limit_window_seconds": 18000 }
+              }
+            },
+            42
+          ]
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+        let mapped = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        let snapshot = try #require(mapped)
+        // Valid primary/weekly fields do not regress.
+        #expect(snapshot.primary?.usedPercent == 22)
+        #expect(snapshot.secondary?.usedPercent == 43)
+        // The malformed siblings are skipped, but the valid Spark entry survives.
+        let extras = try #require(snapshot.extraRateWindows)
+        #expect(extras.count == 1)
+        #expect(extras.first?.id == "codex-spark")
+        #expect(extras.first?.window.usedPercent == 30)
+    }
+
+    @Test
+    func `keeps primary usage when every additional limit element is malformed`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": { "used_percent": 22, "reset_at": 1766948068, "limit_window_seconds": 18000 }
+          },
+          "additional_rate_limits": ["garbage", 1, true]
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+        let snapshot = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        #expect(snapshot?.primary?.usedPercent == 22)
+        #expect(snapshot?.extraRateWindows == nil)
+    }
+
+    @Test
+    func `omits extra rate windows when additional limits are absent`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": 22,
+              "reset_at": 1766948068,
+              "limit_window_seconds": 18000
+            }
+          }
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+        let snapshot = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        #expect(snapshot?.primary?.usedPercent == 22)
+        #expect(snapshot?.extraRateWindows == nil)
+    }
+
+    @Test
+    func `tolerates malformed additional limits while keeping primary window`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": 22,
+              "reset_at": 1766948068,
+              "limit_window_seconds": 18000
+            }
+          },
+          "additional_rate_limits": "unexpected"
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+        let snapshot = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        #expect(snapshot?.primary?.usedPercent == 22)
+        #expect(snapshot?.extraRateWindows == nil)
+    }
+
+    @Test
+    func `skips additional limits without a usable window`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": 22,
+              "reset_at": 1766948068,
+              "limit_window_seconds": 18000
+            }
+          },
+          "additional_rate_limits": [
+            {
+              "limit_name": "GPT-5.3-Codex-Spark",
+              "metered_feature": "gpt_5_3_codex_spark",
+              "rate_limit": null
+            }
+          ]
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+        let snapshot = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        #expect(snapshot?.primary?.usedPercent == 22)
+        #expect(snapshot?.extraRateWindows == nil)
+    }
+
+    @Test
+    func `maps non spark additional limit using a slugged id and api label`() throws {
+        let now = Date(timeIntervalSince1970: 1_800_000_000)
+        let json = """
+        [
+          {
+            "limit_name": "GPT-5.3-Codex-Mini",
+            "metered_feature": "gpt_5_3_codex_mini",
+            "rate_limit": {
+              "allowed": true,
+              "limit_reached": false,
+              "primary_window": {
+                "used_percent": 12,
+                "reset_at": 1766948068,
+                "limit_window_seconds": 18000
+              }
+            }
+          },
+          {
+            "limit_name": "GPT-5.3-Codex-Mini",
+            "metered_feature": "gpt_5_3_codex_mini",
+            "rate_limit": {
+              "allowed": true,
+              "limit_reached": false,
+              "primary_window": {
+                "used_percent": 99,
+                "reset_at": 1766948068,
+                "limit_window_seconds": 18000
+              }
+            }
+          }
+        ]
+        """
+        let entries = try JSONDecoder().decode([CodexUsageResponse.AdditionalRateLimit].self, from: Data(json.utf8))
+        let windows = CodexAdditionalRateLimitMapper.extraRateWindows(from: entries, now: now)
+        // Duplicate ids collapse to the first occurrence.
+        #expect(windows.count == 1)
+        let window = try #require(windows.first)
+        #expect(window.id == "codex-gpt-5-3-codex-mini")
+        #expect(window.title == "GPT-5.3-Codex-Mini")
+        #expect(window.window.usedPercent == 12)
+    }
+
+    @Test
+    func `dedupes split spark entries by window kind`() throws {
+        let now = Date(timeIntervalSince1970: 1_800_000_000)
+        let json = """
+        [
+          {
+            "limit_name": "GPT-5.3-Codex-Spark",
+            "metered_feature": "gpt_5_3_codex_spark",
+            "rate_limit": {
+              "allowed": true,
+              "limit_reached": false,
+              "primary_window": {
+                "used_percent": 20,
+                "reset_at": 1766948068,
+                "limit_window_seconds": 18000
+              }
+            }
+          },
+          {
+            "limit_name": "GPT-5.3-Codex-Spark Weekly",
+            "metered_feature": "gpt_5_3_codex_spark",
+            "rate_limit": {
+              "allowed": true,
+              "limit_reached": false,
+              "primary_window": {
+                "used_percent": 80,
+                "reset_at": 1767407914,
+                "limit_window_seconds": 604800
+              }
+            }
+          },
+          {
+            "limit_name": "GPT-5.3-Codex-Spark Duplicate",
+            "metered_feature": "gpt_5_3_codex_spark",
+            "rate_limit": {
+              "allowed": true,
+              "limit_reached": false,
+              "primary_window": {
+                "used_percent": 99,
+                "reset_at": 1766948068,
+                "limit_window_seconds": 18000
+              }
+            }
+          }
+        ]
+        """
+        let entries = try JSONDecoder().decode([CodexUsageResponse.AdditionalRateLimit].self, from: Data(json.utf8))
+        let windows = CodexAdditionalRateLimitMapper.extraRateWindows(from: entries, now: now)
+
+        #expect(windows.map(\.id) == ["codex-spark", "codex-spark-weekly"])
+        #expect(windows.first?.window.usedPercent == 20)
+        #expect(windows.last?.window.usedPercent == 80)
+    }
+}
diff --git a/Tests/CodexBarTests/CodexBackgroundRefreshCoalescingTests.swift b/Tests/CodexBarTests/CodexBackgroundRefreshCoalescingTests.swift
new file mode 100644
index 000000000..bac3cd400
--- /dev/null
+++ b/Tests/CodexBarTests/CodexBackgroundRefreshCoalescingTests.swift
@@ -0,0 +1,359 @@
+import Foundation
+import Testing
+@testable import CodexBar
+@testable import CodexBarCore
+
+@Suite(.serialized)
+@MainActor
+struct CodexBackgroundRefreshCoalescingTests {
+    @Test
+    func `rapid regular refreshes coalesce concurrent Codex credits fetches`() async throws {
+        let settings = try self.makeSettingsStore(
+            suite: "CodexBackgroundRefreshCoalescingTests-credits-coalescing")
+        settings.statusChecksEnabled = false
+        settings.openAIWebAccessEnabled = false
+        let managedAccount = try Self.installManagedAccount(
+            email: "managed@example.com",
+            settings: settings)
+        defer { try? FileManager.default.removeItem(atPath: managedAccount.managedHomePath) }
+
+        let store = self.makeStore(settings: settings)
+        let blocker = BlockingCreditsLoader()
+        let firstCompletion = RefreshCompletionProbe()
+        let secondCompletion = RefreshCompletionProbe()
+        store._test_providerRefreshOverride = { _ in }
+        defer { store._test_providerRefreshOverride = nil }
+        store._test_codexCreditsLoaderOverride = {
+            try await blocker.awaitResult()
+        }
+        defer { store._test_codexCreditsLoaderOverride = nil }
+
+        let firstRefreshTask = Task {
+            await store.refresh(forceTokenUsage: false)
+            await firstCompletion.markCompleted()
+        }
+        await blocker.waitUntilStarted(count: 1)
+        #expect(await firstCompletion.waitUntilCompleted() == true)
+
+        let secondRefreshTask = Task {
+            await store.refresh(forceTokenUsage: false)
+            await secondCompletion.markCompleted()
+        }
+
+        #expect(await secondCompletion.waitUntilCompleted() == true)
+        #expect(await blocker.startedCount() == 1)
+
+        await blocker.resumeNext(with: .success(CreditsSnapshot(remaining: 25, events: [], updatedAt: Date())))
+
+        await firstRefreshTask.value
+        await secondRefreshTask.value
+    }
+
+    @Test
+    func `regular credits refresh reschedules when Codex account changes`() async throws {
+        let settings = try self.makeSettingsStore(
+            suite: "CodexBackgroundRefreshCoalescingTests-credits-account-switch")
+        settings.statusChecksEnabled = false
+        settings.openAIWebAccessEnabled = false
+        let alphaAccount = try Self.makeManagedAccount(email: "alpha@example.com")
+        let betaAccount = try Self.makeManagedAccount(email: "beta@example.com")
+        defer {
+            try? FileManager.default.removeItem(atPath: alphaAccount.managedHomePath)
+            try? FileManager.default.removeItem(atPath: betaAccount.managedHomePath)
+        }
+        settings._test_activeManagedCodexAccount = alphaAccount
+        settings.codexActiveSource = .managedAccount(id: alphaAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = self.makeStore(settings: settings)
+        let blocker = BlockingCreditsLoader()
+        store._test_providerRefreshOverride = { _ in }
+        defer { store._test_providerRefreshOverride = nil }
+        store._test_codexCreditsLoaderOverride = {
+            try await blocker.awaitResult()
+        }
+        defer { store._test_codexCreditsLoaderOverride = nil }
+
+        let alphaRefreshTask = Task {
+            await store.refresh(forceTokenUsage: false)
+        }
+        await blocker.waitUntilStarted(count: 1)
+
+        settings._test_activeManagedCodexAccount = betaAccount
+        settings.codexActiveSource = .managedAccount(id: betaAccount.id)
+        let betaRefreshTask = Task {
+            await store.refresh(forceTokenUsage: false)
+        }
+        await blocker.waitUntilStarted(count: 2)
+
+        await blocker.resumeNext(with: .success(CreditsSnapshot(remaining: 10, events: [], updatedAt: Date())))
+        await blocker.resumeNext(with: .success(CreditsSnapshot(remaining: 25, events: [], updatedAt: Date())))
+
+        await alphaRefreshTask.value
+        await betaRefreshTask.value
+        await store.creditsRefreshTask?.value
+
+        #expect(await blocker.startedCount() == 2)
+        #expect(store.lastCreditsSnapshotAccountKey == "beta@example.com")
+        #expect(store.credits?.remaining == 25)
+    }
+
+    @Test
+    func `force refresh cancels stale background Codex credits fetch`() async throws {
+        let settings = try self.makeSettingsStore(
+            suite: "CodexBackgroundRefreshCoalescingTests-credits-force-cancels-background")
+        settings.statusChecksEnabled = false
+        settings.openAIWebAccessEnabled = false
+        let managedAccount = try Self.installManagedAccount(
+            email: "managed@example.com",
+            settings: settings)
+        defer { try? FileManager.default.removeItem(atPath: managedAccount.managedHomePath) }
+
+        let store = self.makeStore(settings: settings)
+        let blocker = BlockingCreditsLoader()
+        store._test_providerRefreshOverride = { _ in }
+        defer { store._test_providerRefreshOverride = nil }
+        store._test_codexCreditsLoaderOverride = {
+            try await blocker.awaitResult()
+        }
+        defer { store._test_codexCreditsLoaderOverride = nil }
+
+        let regularRefreshTask = Task {
+            await store.refresh(forceTokenUsage: false)
+        }
+        await blocker.waitUntilStarted(count: 1)
+
+        let forceRefreshTask = Task {
+            await store.refresh(forceTokenUsage: true)
+        }
+        await blocker.waitUntilStarted(count: 2)
+
+        await blocker.resumeNext(with: .success(CreditsSnapshot(remaining: 10, events: [], updatedAt: Date())))
+        await blocker.resumeNext(with: .success(CreditsSnapshot(remaining: 25, events: [], updatedAt: Date())))
+
+        await regularRefreshTask.value
+        await forceRefreshTask.value
+
+        #expect(await blocker.startedCount() == 2)
+        #expect(store.credits?.remaining == 25)
+    }
+
+    @Test
+    func `rapid regular refreshes coalesce concurrent OpenAI dashboard fetches`() async throws {
+        let settings = try self.makeSettingsStore(
+            suite: "CodexBackgroundRefreshCoalescingTests-dashboard-coalescing")
+        settings.statusChecksEnabled = false
+        let managedAccount = try Self.installManagedAccount(
+            email: "managed@example.com",
+            settings: settings)
+        defer { try? FileManager.default.removeItem(atPath: managedAccount.managedHomePath) }
+
+        let store = self.makeStore(settings: settings)
+        let blocker = BlockingManagedOpenAIDashboardLoader()
+        let firstCompletion = RefreshCompletionProbe()
+        let secondCompletion = RefreshCompletionProbe()
+        store._test_providerRefreshOverride = { _ in }
+        defer { store._test_providerRefreshOverride = nil }
+        store._test_codexCreditsLoaderOverride = {
+            CreditsSnapshot(remaining: 25, events: [], updatedAt: Date())
+        }
+        defer { store._test_codexCreditsLoaderOverride = nil }
+        store._test_openAIDashboardLoaderOverride = { _, _, _ in
+            try await blocker.awaitResult()
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+
+        let firstRefreshTask = Task {
+            await store.refresh(forceTokenUsage: false)
+            await firstCompletion.markCompleted()
+        }
+        await blocker.waitUntilStarted(count: 1)
+        #expect(await firstCompletion.waitUntilCompleted() == true)
+
+        let secondRefreshTask = Task {
+            await store.refresh(forceTokenUsage: false)
+            await secondCompletion.markCompleted()
+        }
+
+        #expect(await secondCompletion.waitUntilCompleted() == true)
+        #expect(await blocker.startedCount() == 1)
+
+        let backgroundTask = try #require(store.openAIDashboardBackgroundRefreshTask)
+        await blocker.resumeNext(with: .success(OpenAIDashboardSnapshot(
+            signedInEmail: managedAccount.email,
+            codeReviewRemainingPercent: 95,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            creditsRemaining: 25,
+            accountPlan: "Pro",
+            updatedAt: Date())))
+
+        await firstRefreshTask.value
+        await secondRefreshTask.value
+        await backgroundTask.value
+
+        #expect(store.openAIDashboard?.creditsRemaining == 25)
+    }
+
+    @Test
+    func `cancelled background dashboard import does not publish stale account status`() async throws {
+        let settings = try self.makeSettingsStore(
+            suite: "CodexBackgroundRefreshCoalescingTests-dashboard-cancelled-import")
+        settings.statusChecksEnabled = false
+        let managedAccount = try Self.installManagedAccount(
+            email: "managed@example.com",
+            settings: settings)
+        defer { try? FileManager.default.removeItem(atPath: managedAccount.managedHomePath) }
+
+        let store = self.makeStore(settings: settings)
+        let importBlocker = BlockingOpenAIDashboardCookieImport()
+        store._test_openAIDashboardCookieImportOverride = { _, _, _, _, _ in
+            try await importBlocker.awaitResult()
+        }
+        defer { store._test_openAIDashboardCookieImportOverride = nil }
+
+        let importTask = Task { @MainActor in
+            await store.importOpenAIDashboardCookiesIfNeeded(
+                targetEmail: managedAccount.email,
+                force: true)
+        }
+        await importBlocker.waitUntilStarted()
+        importTask.cancel()
+        await importBlocker.resumeNext(with: .failure(
+            OpenAIDashboardBrowserCookieImporter.ImportError.noMatchingAccount(
+                found: [.init(sourceLabel: "Chrome", email: "other@example.com")])))
+
+        let imported = await importTask.value
+        #expect(imported == nil)
+        #expect(store.openAIDashboard == nil)
+        #expect(store.openAIDashboardCookieImportStatus == nil)
+        #expect(store.openAIDashboardRequiresLogin == false)
+    }
+
+    private func makeSettingsStore(suite: String) throws -> SettingsStore {
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        defaults.set(true, forKey: "providerDetectionCompleted")
+        let configStore = testConfigStore(suiteName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        let codexMetadata = try #require(ProviderDescriptorRegistry.metadata[.codex])
+        settings.setProviderEnabled(provider: .codex, metadata: codexMetadata, enabled: true)
+        settings.providerDetectionCompleted = true
+        settings.openAIWebAccessEnabled = true
+        settings.codexCookieSource = .auto
+        return settings
+    }
+
+    private func makeStore(settings: SettingsStore) -> UsageStore {
+        UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+    }
+
+    private static func installManagedAccount(
+        email: String,
+        settings: SettingsStore) throws -> ManagedCodexAccount
+    {
+        let account = try Self.makeManagedAccount(email: email)
+        settings._test_activeManagedCodexAccount = account
+        settings.codexActiveSource = .managedAccount(id: account.id)
+        return account
+    }
+
+    private static func makeManagedAccount(email: String) throws -> ManagedCodexAccount {
+        let managedHomeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        try Self.writeCodexAuthFile(
+            homeURL: managedHomeURL,
+            email: email,
+            plan: "Pro")
+        return ManagedCodexAccount(
+            id: UUID(),
+            email: email,
+            managedHomePath: managedHomeURL.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+    }
+
+    private static func writeCodexAuthFile(homeURL: URL, email: String, plan: String) throws {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        let tokens: [String: Any] = [
+            "accessToken": "access-token",
+            "refreshToken": "refresh-token",
+            "idToken": Self.fakeJWT(email: email, plan: plan),
+        ]
+        let data = try JSONSerialization.data(withJSONObject: ["tokens": tokens], options: [.sortedKeys])
+        try data.write(to: homeURL.appendingPathComponent("auth.json"))
+    }
+
+    private static func fakeJWT(email: String, plan: String) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        let payload = (try? JSONSerialization.data(withJSONObject: [
+            "email": email,
+            "chatgpt_plan_type": plan,
+            "https://api.openai.com/auth": [
+                "chatgpt_plan_type": plan,
+            ],
+        ])) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
+}
+
+private actor BlockingOpenAIDashboardCookieImport {
+    private var continuations: [
+        CheckedContinuation<Result<OpenAIDashboardBrowserCookieImporter.ImportResult, Error>, Never>
+    ] = []
+    private var startWaiters: [(count: Int, continuation: CheckedContinuation<Void, Never>)] = []
+    private var started = 0
+
+    func awaitResult() async throws -> OpenAIDashboardBrowserCookieImporter.ImportResult {
+        let result = await withCheckedContinuation { continuation in
+            self.continuations.append(continuation)
+            self.started += 1
+            self.resumeReadyStartWaiters()
+        }
+        return try result.get()
+    }
+
+    func waitUntilStarted(count: Int = 1) async {
+        if self.started >= count { return }
+        await withCheckedContinuation { continuation in
+            self.startWaiters.append((count: count, continuation: continuation))
+        }
+    }
+
+    func resumeNext(with result: Result<OpenAIDashboardBrowserCookieImporter.ImportResult, Error>) {
+        guard !self.continuations.isEmpty else { return }
+        let continuation = self.continuations.removeFirst()
+        continuation.resume(returning: result)
+    }
+
+    private func resumeReadyStartWaiters() {
+        var remaining: [(count: Int, continuation: CheckedContinuation<Void, Never>)] = []
+        for waiter in self.startWaiters {
+            if self.started >= waiter.count {
+                waiter.continuation.resume()
+            } else {
+                remaining.append(waiter)
+            }
+        }
+        self.startWaiters = remaining
+    }
+}
diff --git a/Tests/CodexBarTests/CodexBarConfigMigratorTests.swift b/Tests/CodexBarTests/CodexBarConfigMigratorTests.swift
new file mode 100644
index 000000000..363341ff0
--- /dev/null
+++ b/Tests/CodexBarTests/CodexBarConfigMigratorTests.swift
@@ -0,0 +1,189 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+struct CodexBarConfigMigratorTests {
+    @Test
+    func `legacy secret migration completion flag skips repeated scans`() throws {
+        let suite = "CodexBarConfigMigratorTests-skip-\(UUID().uuidString)"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        defer { defaults.removePersistentDomain(forName: suite) }
+
+        let secrets = CountingLegacySecretStore()
+        let accountStore = CountingTokenAccountStore()
+        let stores = Self.legacyStores(secrets: secrets, accountStore: accountStore)
+        let configStore = testConfigStore(suiteName: suite)
+
+        _ = CodexBarConfigMigrator.loadOrMigrate(configStore: configStore, userDefaults: defaults, stores: stores)
+
+        let firstSecretLoads = secrets.loadCount
+        let firstAccountLoads = accountStore.loadCount
+        #expect(firstSecretLoads > 0)
+        #expect(firstAccountLoads == 1)
+        #expect(defaults.bool(forKey: Self.legacyMigrationCompletedKey) == true)
+
+        _ = CodexBarConfigMigrator.loadOrMigrate(configStore: configStore, userDefaults: defaults, stores: stores)
+
+        #expect(secrets.loadCount == firstSecretLoads)
+        #expect(accountStore.loadCount == firstAccountLoads)
+    }
+
+    @Test
+    func `legacy migration completion waits for successful cleanup`() throws {
+        let suite = "CodexBarConfigMigratorTests-cleanup-failure-\(UUID().uuidString)"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        defer { defaults.removePersistentDomain(forName: suite) }
+
+        let secrets = CountingLegacySecretStore(token: "legacy-token", throwOnStore: true)
+        let accountStore = CountingTokenAccountStore()
+        let stores = Self.legacyStores(secrets: secrets, accountStore: accountStore)
+        let configStore = testConfigStore(suiteName: suite)
+
+        _ = CodexBarConfigMigrator.loadOrMigrate(configStore: configStore, userDefaults: defaults, stores: stores)
+
+        let firstSecretLoads = secrets.loadCount
+        #expect(firstSecretLoads > 0)
+        #expect(secrets.clearAttempts > 0)
+        #expect(defaults.bool(forKey: Self.legacyMigrationCompletedKey) == false)
+
+        secrets.throwOnStore = false
+        _ = CodexBarConfigMigrator.loadOrMigrate(configStore: configStore, userDefaults: defaults, stores: stores)
+
+        #expect(secrets.loadCount > firstSecretLoads)
+        #expect(defaults.bool(forKey: Self.legacyMigrationCompletedKey) == true)
+    }
+
+    @Test
+    func `legacy stores are kept when migrated config save fails`() throws {
+        let suite = "CodexBarConfigMigratorTests-save-failure-\(UUID().uuidString)"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        defer { defaults.removePersistentDomain(forName: suite) }
+
+        let base = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codexbar-tests", isDirectory: true)
+            .appendingPathComponent(suite, isDirectory: true)
+        try FileManager.default.createDirectory(at: base, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: base) }
+
+        let blockedDirectory = base.appendingPathComponent("blocked")
+        try Data("not a directory".utf8).write(to: blockedDirectory)
+
+        let secrets = CountingLegacySecretStore(token: "legacy-token")
+        let accountStore = CountingTokenAccountStore()
+        let stores = Self.legacyStores(secrets: secrets, accountStore: accountStore)
+        let configStore = CodexBarConfigStore(
+            fileURL: blockedDirectory.appendingPathComponent("config.json"))
+
+        _ = CodexBarConfigMigrator.loadOrMigrate(configStore: configStore, userDefaults: defaults, stores: stores)
+
+        #expect(secrets.clearAttempts == 0)
+        #expect(try secrets.loadToken() == "legacy-token")
+        #expect(defaults.bool(forKey: Self.legacyMigrationCompletedKey) == false)
+
+        try FileManager.default.removeItem(at: blockedDirectory)
+        _ = CodexBarConfigMigrator.loadOrMigrate(configStore: configStore, userDefaults: defaults, stores: stores)
+
+        #expect(secrets.clearAttempts > 0)
+        #expect(try secrets.loadToken() == nil)
+        #expect(defaults.bool(forKey: Self.legacyMigrationCompletedKey) == true)
+    }
+
+    private static let legacyMigrationCompletedKey = "codexbar.legacySecretsMigrationCompleted"
+
+    private static func legacyStores(
+        secrets: CountingLegacySecretStore,
+        accountStore: CountingTokenAccountStore) -> CodexBarConfigMigrator.LegacyStores
+    {
+        CodexBarConfigMigrator.LegacyStores(
+            zaiTokenStore: secrets,
+            syntheticTokenStore: secrets,
+            codexCookieStore: secrets,
+            claudeCookieStore: secrets,
+            cursorCookieStore: secrets,
+            opencodeCookieStore: secrets,
+            factoryCookieStore: secrets,
+            minimaxCookieStore: secrets,
+            minimaxAPITokenStore: secrets,
+            kimiTokenStore: secrets,
+            kimiK2TokenStore: secrets,
+            augmentCookieStore: secrets,
+            ampCookieStore: secrets,
+            copilotTokenStore: secrets,
+            tokenAccountStore: accountStore)
+    }
+}
+
+private final class CountingLegacySecretStore: ZaiTokenStoring, SyntheticTokenStoring, CookieHeaderStoring,
+    MiniMaxCookieStoring, MiniMaxAPITokenStoring, KimiTokenStoring, KimiK2TokenStoring, CopilotTokenStoring,
+    @unchecked Sendable
+{
+    private let lock = NSLock()
+    private var token: String?
+    var throwOnStore: Bool
+    private(set) var loadCount = 0
+    private(set) var clearAttempts = 0
+
+    init(token: String? = nil, throwOnStore: Bool = false) {
+        self.token = token
+        self.throwOnStore = throwOnStore
+    }
+
+    func loadToken() throws -> String? {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        self.loadCount += 1
+        return self.token
+    }
+
+    func storeToken(_ token: String?) throws {
+        try self.store(token)
+    }
+
+    func loadCookieHeader() throws -> String? {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        self.loadCount += 1
+        return self.token
+    }
+
+    func storeCookieHeader(_ header: String?) throws {
+        try self.store(header)
+    }
+
+    private func store(_ value: String?) throws {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        self.clearAttempts += value == nil ? 1 : 0
+        if self.throwOnStore {
+            throw TestStoreError.storeFailed
+        }
+        self.token = value
+    }
+}
+
+private final class CountingTokenAccountStore: ProviderTokenAccountStoring, @unchecked Sendable {
+    private let lock = NSLock()
+    private(set) var loadCount = 0
+
+    func loadAccounts() throws -> [UsageProvider: ProviderTokenAccountData] {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        self.loadCount += 1
+        return [:]
+    }
+
+    func storeAccounts(_: [UsageProvider: ProviderTokenAccountData]) throws {}
+
+    func ensureFileExists() throws -> URL {
+        FileManager.default.temporaryDirectory.appendingPathComponent("codexbar-empty-accounts.json")
+    }
+}
+
+private enum TestStoreError: Error {
+    case storeFailed
+}
diff --git a/Tests/CodexBarTests/CodexBarWidgetProviderTests.swift b/Tests/CodexBarTests/CodexBarWidgetProviderTests.swift
new file mode 100644
index 000000000..8d1754bc2
--- /dev/null
+++ b/Tests/CodexBarTests/CodexBarWidgetProviderTests.swift
@@ -0,0 +1,162 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+@testable import CodexBarWidget
+
+struct CodexBarWidgetProviderTests {
+    @Test
+    func `provider choice supports alibaba`() {
+        #expect(ProviderChoice(provider: .alibaba) == .alibaba)
+        #expect(ProviderChoice.alibaba.provider == .alibaba)
+    }
+
+    @Test
+    func `provider choice supports alibaba token plan`() {
+        #expect(ProviderChoice(provider: .alibabatokenplan) == .alibabatokenplan)
+        #expect(ProviderChoice.alibabatokenplan.provider == .alibabatokenplan)
+    }
+
+    @Test
+    func `provider choice supports opencode go`() {
+        #expect(ProviderChoice(provider: .opencodego) == .opencodego)
+        #expect(ProviderChoice.opencodego.provider == .opencodego)
+    }
+
+    @Test
+    func `supported providers fall back to codex when snapshot is empty`() {
+        let snapshot = WidgetSnapshot(entries: [], enabledProviders: [], generatedAt: Date())
+
+        #expect(CodexBarSwitcherTimelineProvider.supportedProviders(from: snapshot) == [.codex])
+    }
+
+    @Test
+    func `supported providers keep alibaba when it is the only enabled provider`() {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let entry = WidgetSnapshot.ProviderEntry(
+            provider: .alibaba,
+            updatedAt: now,
+            primary: nil,
+            secondary: nil,
+            tertiary: nil,
+            creditsRemaining: nil,
+            codeReviewRemainingPercent: nil,
+            tokenUsage: nil,
+            dailyUsage: [])
+        let snapshot = WidgetSnapshot(entries: [entry], enabledProviders: [.alibaba], generatedAt: now)
+
+        #expect(CodexBarSwitcherTimelineProvider.supportedProviders(from: snapshot) == [.alibaba])
+    }
+
+    @Test
+    func `supported providers keep alibaba token plan when it is the only enabled provider`() {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let entry = WidgetSnapshot.ProviderEntry(
+            provider: .alibabatokenplan,
+            updatedAt: now,
+            primary: nil,
+            secondary: nil,
+            tertiary: nil,
+            creditsRemaining: nil,
+            codeReviewRemainingPercent: nil,
+            tokenUsage: nil,
+            dailyUsage: [])
+        let snapshot = WidgetSnapshot(entries: [entry], enabledProviders: [.alibabatokenplan], generatedAt: now)
+
+        #expect(CodexBarSwitcherTimelineProvider.supportedProviders(from: snapshot) == [.alibabatokenplan])
+    }
+
+    @Test
+    func `codex weekly only widget rows omit session`() {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let entry = WidgetSnapshot.ProviderEntry(
+            provider: .codex,
+            updatedAt: now,
+            primary: nil,
+            secondary: RateWindow(usedPercent: 25, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            tertiary: nil,
+            creditsRemaining: nil,
+            codeReviewRemainingPercent: nil,
+            tokenUsage: nil,
+            dailyUsage: [])
+
+        let rows = WidgetUsageRow.rows(for: entry)
+
+        #expect(rows.count == 1)
+        #expect(rows.first?.title == "Weekly")
+        #expect(rows.first?.percentLeft == 75)
+    }
+
+    @Test
+    func `codex widget usage rows keep code review separate from rate rows`() {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let entry = WidgetSnapshot.ProviderEntry(
+            provider: .codex,
+            updatedAt: now,
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 25, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            tertiary: nil,
+            creditsRemaining: nil,
+            codeReviewRemainingPercent: 60,
+            tokenUsage: nil,
+            dailyUsage: [])
+
+        let rows = WidgetUsageRow.rows(for: entry)
+
+        #expect(rows.map(\.title) == ["Session", "Weekly"])
+        #expect(rows.count == 2)
+        #expect(!rows.contains { $0.title == "Code review" })
+    }
+
+    @Test
+    func `widget usage rows prefer projected rows over legacy slots`() {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let entry = WidgetSnapshot.ProviderEntry(
+            provider: .codex,
+            updatedAt: now,
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 25, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            tertiary: nil,
+            usageRows: [
+                WidgetSnapshot.WidgetUsageRowSnapshot(id: "weekly", title: "Weekly", percentLeft: 75),
+            ],
+            creditsRemaining: nil,
+            codeReviewRemainingPercent: nil,
+            tokenUsage: nil,
+            dailyUsage: [])
+
+        let rows = WidgetUsageRow.rows(for: entry)
+
+        #expect(rows == [WidgetUsageRow(id: "weekly", title: "Weekly", percentLeft: 75)])
+    }
+
+    @Test
+    func `legacy widget usage rows include tertiary slot when supported`() {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let entry = WidgetSnapshot.ProviderEntry(
+            provider: .antigravity,
+            updatedAt: now,
+            primary: RateWindow(usedPercent: 10, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 20, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 30, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            creditsRemaining: nil,
+            codeReviewRemainingPercent: nil,
+            tokenUsage: nil,
+            dailyUsage: [])
+
+        let rows = WidgetUsageRow.rows(for: entry)
+
+        #expect(rows.map(\.id) == ["primary", "secondary", "tertiary"])
+        #expect(rows.map(\.title) == ["Claude", "Gemini Pro", "Gemini Flash"])
+        #expect(rows.compactMap(\.percentLeft) == [90, 80, 70])
+    }
+
+    @Test
+    func `widget configuration intents default to codex and credits`() {
+        let providerIntent = ProviderSelectionIntent()
+        let compactIntent = CompactMetricSelectionIntent()
+
+        #expect(providerIntent.provider == .codex)
+        #expect(compactIntent.provider == .codex)
+        #expect(compactIntent.metric == .credits)
+    }
+}
diff --git a/Tests/CodexBarTests/CodexBaselineCharacterizationTests.swift b/Tests/CodexBarTests/CodexBaselineCharacterizationTests.swift
new file mode 100644
index 000000000..a131db5ab
--- /dev/null
+++ b/Tests/CodexBarTests/CodexBaselineCharacterizationTests.swift
@@ -0,0 +1,372 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct CodexBaselineCharacterizationTests {
+    private func makeContext(
+        runtime: ProviderRuntime,
+        sourceMode: ProviderSourceMode,
+        env: [String: String] = [:],
+        settings: ProviderSettingsSnapshot? = nil,
+        includeCredits: Bool = false) -> ProviderFetchContext
+    {
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        return ProviderFetchContext(
+            runtime: runtime,
+            sourceMode: sourceMode,
+            includeCredits: includeCredits,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: settings,
+            fetcher: UsageFetcher(environment: env, initializeTimeoutSeconds: 20.0, requestTimeoutSeconds: 3.0),
+            claudeFetcher: ClaudeUsageFetcher(browserDetection: browserDetection),
+            browserDetection: browserDetection)
+    }
+
+    private func strategyIDs(
+        runtime: ProviderRuntime,
+        sourceMode: ProviderSourceMode,
+        env: [String: String] = [:],
+        settings: ProviderSettingsSnapshot? = nil) async -> [String]
+    {
+        let descriptor = ProviderDescriptorRegistry.descriptor(for: .codex)
+        let context = self.makeContext(runtime: runtime, sourceMode: sourceMode, env: env, settings: settings)
+        let strategies = await descriptor.fetchPlan.pipeline.resolveStrategies(context)
+        return strategies.map(\.id)
+    }
+
+    private func fetchOutcome(
+        runtime: ProviderRuntime,
+        sourceMode: ProviderSourceMode,
+        env: [String: String] = [:],
+        settings: ProviderSettingsSnapshot? = nil,
+        includeCredits: Bool = false) async -> ProviderFetchOutcome
+    {
+        let descriptor = ProviderDescriptorRegistry.descriptor(for: .codex)
+        let context = self.makeContext(
+            runtime: runtime,
+            sourceMode: sourceMode,
+            env: env,
+            settings: settings,
+            includeCredits: includeCredits)
+        return await descriptor.fetchPlan.fetchOutcome(context: context, provider: .codex)
+    }
+
+    private func makeStubCodexCLI() throws -> String {
+        let script = """
+        #!/usr/bin/python3 -S
+        import json
+        import os
+        import sys
+
+        counter = os.environ.get("CODEXBAR_STUB_COUNTER")
+        if counter:
+            with open(counter, "a") as f:
+                f.write("start\\n")
+        credits_only = os.environ.get("CODEXBAR_STUB_CREDITS_ONLY") == "1"
+
+        for line in sys.stdin:
+            if not line.strip():
+                continue
+            message = json.loads(line)
+            method = message.get("method")
+            if method == "initialized":
+                continue
+
+            identifier = message.get("id")
+            if method == "initialize":
+                payload = {"id": identifier, "result": {}}
+            elif method == "account/rateLimits/read":
+                rate_limits = {
+                    "credits": {
+                        "hasCredits": True,
+                        "unlimited": False,
+                        "balance": "7"
+                    }
+                }
+                if not credits_only:
+                    rate_limits["primary"] = {
+                        "usedPercent": 12,
+                        "windowDurationMins": 300,
+                        "resetsAt": 1766948068
+                    }
+                    rate_limits["secondary"] = {
+                        "usedPercent": 43,
+                        "windowDurationMins": 10080,
+                        "resetsAt": 1767407914
+                    }
+                payload = {
+                    "id": identifier,
+                    "result": {
+                        "rateLimits": rate_limits
+                    }
+                }
+            elif method == "account/read":
+                payload = {
+                    "id": identifier,
+                    "result": {
+                        "account": {
+                            "type": "chatgpt",
+                            "email": "stub@example.com",
+                            "planType": "pro"
+                        },
+                        "requiresOpenaiAuth": False
+                    }
+                }
+            else:
+                payload = {"id": identifier, "result": {}}
+
+            print(json.dumps(payload), flush=True)
+        """
+        let url = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-stub-\(UUID().uuidString)", isDirectory: false)
+        try Data(script.utf8).write(to: url)
+        try FileManager.default.setAttributes([.posixPermissions: 0o755], ofItemAtPath: url.path)
+        return url.path
+    }
+
+    private func makeEmptyCodexHome() throws -> URL {
+        let homeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-empty-home-\(UUID().uuidString)", isDirectory: true)
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        return homeURL
+    }
+
+    private func makeUnavailableOAuthHome() throws -> URL {
+        let homeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-oauth-home-\(UUID().uuidString)", isDirectory: true)
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+
+        let credentials = CodexOAuthCredentials(
+            accessToken: "access-token",
+            refreshToken: "refresh-token",
+            idToken: nil,
+            accountId: "account-id",
+            lastRefresh: Date())
+        try CodexOAuthCredentialsStore.save(credentials, env: ["CODEX_HOME": homeURL.path])
+
+        let configURL = homeURL.appendingPathComponent("config.toml")
+        try "chatgpt_base_url = \"http://127.0.0.1:9\"".write(to: configURL, atomically: true, encoding: .utf8)
+
+        return homeURL
+    }
+
+    @Test
+    func `app auto pipeline order is OAuth then CLI without web`() async {
+        let strategyIDs = await self.strategyIDs(runtime: .app, sourceMode: .auto)
+        #expect(strategyIDs == ["codex.oauth", "codex.cli"])
+    }
+
+    @Test
+    func `CLI auto pipeline order is web then OAuth then CLI`() async {
+        let strategyIDs = await self.strategyIDs(runtime: .cli, sourceMode: .auto)
+        #expect(strategyIDs == ["codex.web.dashboard", "codex.oauth", "codex.cli"])
+    }
+
+    @Test
+    func `explicit fetch plan modes keep single Codex strategy selection`() async {
+        let appCases: [(ProviderSourceMode, [String])] = [
+            (.oauth, ["codex.oauth"]),
+            (.cli, ["codex.cli"]),
+            (.web, ["codex.web.dashboard"]),
+        ]
+
+        for (sourceMode, expected) in appCases {
+            let strategyIDs = await self.strategyIDs(runtime: .app, sourceMode: sourceMode)
+            #expect(strategyIDs == expected)
+        }
+
+        for (sourceMode, expected) in appCases {
+            let strategyIDs = await self.strategyIDs(runtime: .cli, sourceMode: sourceMode)
+            #expect(strategyIDs == expected)
+        }
+    }
+
+    @Test
+    func `app auto records unavailable OAuth before successful CLI fallback`() async throws {
+        let stubCLIPath = try self.makeStubCodexCLI()
+        let codexHome = try self.makeEmptyCodexHome()
+        defer { try? FileManager.default.removeItem(at: codexHome) }
+        let env = [
+            "CODEX_CLI_PATH": stubCLIPath,
+            "CODEX_HOME": codexHome.path,
+        ]
+
+        let outcome = await self.fetchOutcome(runtime: .app, sourceMode: .auto, env: env)
+
+        #expect(outcome.attempts.map(\.strategyID) == ["codex.oauth", "codex.cli"])
+        #expect(outcome.attempts.map(\.wasAvailable) == [false, true])
+
+        switch outcome.result {
+        case let .success(result):
+            #expect(result.sourceLabel == "codex-cli")
+            #expect(result.usage.accountEmail(for: .codex) == "stub@example.com")
+            #expect(result.usage.loginMethod(for: .codex) == "pro")
+        case let .failure(error):
+            Issue.record("Unexpected failure: \(error)")
+        }
+    }
+
+    @Test
+    func `app auto does not fall back from non auth failing OAuth`() async throws {
+        let stubCLIPath = try self.makeStubCodexCLI()
+        let oauthHome = try self.makeUnavailableOAuthHome()
+        defer { try? FileManager.default.removeItem(at: oauthHome) }
+
+        let env = [
+            "CODEX_CLI_PATH": stubCLIPath,
+            "CODEX_HOME": oauthHome.path,
+        ]
+
+        let outcome = await self.fetchOutcome(runtime: .app, sourceMode: .auto, env: env)
+
+        #expect(outcome.attempts.map(\.strategyID) == ["codex.oauth"])
+        #expect(outcome.attempts.map(\.wasAvailable) == [true])
+        #expect(outcome.attempts[0].errorDescription?.isEmpty == false)
+
+        switch outcome.result {
+        case .success:
+            Issue.record("Expected non-auth OAuth failure to stop before CLI fallback")
+        case let .failure(error as CodexOAuthFetchError):
+            switch error {
+            case .networkError:
+                break
+            default:
+                Issue.record("Expected network error, got \(error)")
+            }
+        case let .failure(error):
+            Issue.record("Unexpected failure: \(error)")
+        }
+    }
+
+    @Test
+    func `Codex CLI strategy fetches usage and credits with one app-server process`() async throws {
+        let stubCLIPath = try self.makeStubCodexCLI()
+        defer { try? FileManager.default.removeItem(atPath: stubCLIPath) }
+        let counterURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-stub-counter-\(UUID().uuidString)", isDirectory: false)
+        defer { try? FileManager.default.removeItem(at: counterURL) }
+
+        let env = [
+            "CODEX_CLI_PATH": stubCLIPath,
+            "CODEXBAR_STUB_COUNTER": counterURL.path,
+        ]
+
+        let outcome = await self.fetchOutcome(
+            runtime: .app,
+            sourceMode: .cli,
+            env: env,
+            includeCredits: true)
+
+        switch outcome.result {
+        case let .success(result):
+            #expect(result.sourceLabel == "codex-cli")
+            #expect(result.usage.primary?.usedPercent == 12)
+            #expect(result.credits?.remaining == 7)
+        case let .failure(error):
+            Issue.record("Unexpected failure: \(error)")
+        }
+
+        let count = (try? String(contentsOf: counterURL, encoding: .utf8))?
+            .split(whereSeparator: \.isNewline)
+            .count ?? 0
+        #expect(count == 1)
+    }
+
+    @Test
+    func `Codex CLI strategy keeps credits when rate limit windows are absent`() async throws {
+        let stubCLIPath = try self.makeStubCodexCLI()
+        defer { try? FileManager.default.removeItem(atPath: stubCLIPath) }
+
+        let outcome = await self.fetchOutcome(
+            runtime: .app,
+            sourceMode: .cli,
+            env: [
+                "CODEX_CLI_PATH": stubCLIPath,
+                "CODEXBAR_STUB_CREDITS_ONLY": "1",
+            ],
+            includeCredits: true)
+
+        switch outcome.result {
+        case let .success(result):
+            #expect(result.sourceLabel == "codex-cli")
+            #expect(result.usage.primary == nil)
+            #expect(result.usage.secondary == nil)
+            #expect(result.credits?.remaining == 7)
+        case let .failure(error):
+            Issue.record("Unexpected failure: \(error)")
+        }
+    }
+
+    @Test
+    func `CLI auto records unavailable web and OAuth before successful CLI`() async throws {
+        let stubCLIPath = try self.makeStubCodexCLI()
+        let codexHome = try self.makeEmptyCodexHome()
+        defer { try? FileManager.default.removeItem(at: codexHome) }
+        let settings = ProviderSettingsSnapshot.make(
+            codex: .init(
+                usageDataSource: .auto,
+                cookieSource: .auto,
+                manualCookieHeader: nil,
+                managedAccountStoreUnreadable: true))
+
+        let outcome = await self.fetchOutcome(
+            runtime: .cli,
+            sourceMode: .auto,
+            env: [
+                "CODEX_CLI_PATH": stubCLIPath,
+                "CODEX_HOME": codexHome.path,
+            ],
+            settings: settings)
+
+        #expect(outcome.attempts.map(\.strategyID) == ["codex.web.dashboard", "codex.oauth", "codex.cli"])
+        #expect(outcome.attempts.map(\.wasAvailable) == [false, false, true])
+
+        switch outcome.result {
+        case let .success(result):
+            #expect(result.sourceLabel == "codex-cli")
+            #expect(result.usage.accountEmail(for: .codex) == "stub@example.com")
+        case let .failure(error):
+            Issue.record("Unexpected failure: \(error)")
+        }
+    }
+
+    @Test
+    func `CLI auto tries OAuth before missing CLI fallback`() async throws {
+        let oauthHome = try self.makeUnavailableOAuthHome()
+        defer { try? FileManager.default.removeItem(at: oauthHome) }
+        let settings = ProviderSettingsSnapshot.make(
+            codex: .init(
+                usageDataSource: .auto,
+                cookieSource: .auto,
+                manualCookieHeader: nil,
+                managedAccountStoreUnreadable: true))
+
+        let outcome = await self.fetchOutcome(
+            runtime: .cli,
+            sourceMode: .auto,
+            env: [
+                "CODEX_CLI_PATH": "/missing/codex",
+                "CODEX_HOME": oauthHome.path,
+            ],
+            settings: settings)
+
+        #expect(outcome.attempts.map(\.strategyID) == ["codex.web.dashboard", "codex.oauth"])
+        #expect(outcome.attempts.map(\.wasAvailable) == [false, true])
+
+        switch outcome.result {
+        case .success:
+            Issue.record("Expected unavailable OAuth endpoint to fail before CLI fallback")
+        case let .failure(error as CodexOAuthFetchError):
+            if case .networkError = error {
+                break
+            }
+            Issue.record("Expected network error, got \(error)")
+        case let .failure(error):
+            Issue.record("Unexpected failure: \(error)")
+        }
+    }
+}
diff --git a/Tests/CodexBarTests/CodexCLILaunchGateTests.swift b/Tests/CodexBarTests/CodexCLILaunchGateTests.swift
new file mode 100644
index 000000000..bb0babe19
--- /dev/null
+++ b/Tests/CodexBarTests/CodexCLILaunchGateTests.swift
@@ -0,0 +1,40 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct CodexCLILaunchGateTests {
+    @Test
+    func `background launch failures suppress repeated background launches until cooldown expires`() {
+        let gate = CodexCLILaunchGate.shared
+        gate.resetForTesting()
+        defer { gate.resetForTesting() }
+        let now = Date(timeIntervalSince1970: 100)
+
+        let message = gate.recordLaunchFailure(
+            binary: "/opt/homebrew/bin/codex",
+            message: "\"codex\" was not opened because it contains malware.",
+            now: now)
+
+        #expect(message?.contains("background refresh is paused") == true)
+        #expect(gate.backgroundSkipMessage(
+            binary: "/opt/homebrew/bin/codex",
+            now: now.addingTimeInterval(60),
+            interaction: .background) == message)
+        #expect(gate.backgroundSkipMessage(
+            binary: "/opt/homebrew/bin/codex",
+            now: now.addingTimeInterval(60),
+            interaction: .userInitiated) == nil)
+        #expect(gate.backgroundSkipMessage(
+            binary: "/opt/homebrew/bin/codex",
+            now: now.addingTimeInterval(CodexCLILaunchGate.cooldown + 1),
+            interaction: .background) == nil)
+    }
+
+    @Test
+    func `PTY infrastructure failures do not suppress future Codex launches`() {
+        #expect(CodexCLILaunchGate.shouldThrottleLaunchFailure("openpty failed") == false)
+        #expect(CodexCLILaunchGate.shouldThrottleLaunchFailure("write to PTY failed") == false)
+        #expect(CodexCLILaunchGate.shouldThrottleLaunchFailure("The operation could not be completed") == true)
+    }
+}
diff --git a/Tests/CodexBarTests/CodexCLIWindowNormalizationTests.swift b/Tests/CodexBarTests/CodexCLIWindowNormalizationTests.swift
new file mode 100644
index 000000000..417517870
--- /dev/null
+++ b/Tests/CodexBarTests/CodexCLIWindowNormalizationTests.swift
@@ -0,0 +1,226 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct CodexCLIWindowNormalizationTests {
+    @Test
+    func `normalizer maps lone weekly window into secondary`() {
+        let weekly = RateWindow(
+            usedPercent: 5,
+            windowMinutes: 10080,
+            resetsAt: nil,
+            resetDescription: nil)
+
+        let normalized = CodexRateWindowNormalizer._normalizeForTesting(primary: weekly, secondary: nil)
+        #expect(normalized.primary == nil)
+        #expect(normalized.secondary?.usedPercent == 5)
+        #expect(normalized.secondary?.windowMinutes == 10080)
+    }
+
+    @Test
+    func `normalizer keeps lone session window in primary`() {
+        let session = RateWindow(
+            usedPercent: 31,
+            windowMinutes: 300,
+            resetsAt: nil,
+            resetDescription: nil)
+
+        let normalized = CodexRateWindowNormalizer._normalizeForTesting(primary: session, secondary: nil)
+        #expect(normalized.primary?.usedPercent == 31)
+        #expect(normalized.primary?.windowMinutes == 300)
+        #expect(normalized.secondary == nil)
+    }
+
+    @Test
+    func `normalizer keeps session and weekly ordering unchanged`() {
+        let session = RateWindow(
+            usedPercent: 31,
+            windowMinutes: 300,
+            resetsAt: nil,
+            resetDescription: nil)
+        let weekly = RateWindow(
+            usedPercent: 26,
+            windowMinutes: 10080,
+            resetsAt: nil,
+            resetDescription: nil)
+
+        let normalized = CodexRateWindowNormalizer._normalizeForTesting(primary: session, secondary: weekly)
+        #expect(normalized.primary?.usedPercent == 31)
+        #expect(normalized.primary?.windowMinutes == 300)
+        #expect(normalized.secondary?.usedPercent == 26)
+        #expect(normalized.secondary?.windowMinutes == 10080)
+    }
+
+    @Test
+    func `normalizer swaps reversed weekly and unknown windows`() {
+        let weekly = RateWindow(
+            usedPercent: 43,
+            windowMinutes: 10080,
+            resetsAt: nil,
+            resetDescription: nil)
+        let unknown = RateWindow(
+            usedPercent: 17,
+            windowMinutes: 540,
+            resetsAt: nil,
+            resetDescription: nil)
+
+        let normalized = CodexRateWindowNormalizer._normalizeForTesting(primary: weekly, secondary: unknown)
+        #expect(normalized.primary?.usedPercent == 17)
+        #expect(normalized.primary?.windowMinutes == 540)
+        #expect(normalized.secondary?.usedPercent == 43)
+        #expect(normalized.secondary?.windowMinutes == 10080)
+    }
+
+    @Test
+    func `maps weekly only RPC limits into secondary`() throws {
+        let snapshot = try UsageFetcher._mapCodexRPCLimitsForTesting(
+            primary: (usedPercent: 5, windowMinutes: 10080, resetsAt: nil),
+            secondary: nil)
+
+        #expect(snapshot.primary == nil)
+        #expect(snapshot.secondary?.usedPercent == 5)
+        #expect(snapshot.secondary?.windowMinutes == 10080)
+    }
+
+    @Test
+    func `maps session only RPC limits into primary`() throws {
+        let snapshot = try UsageFetcher._mapCodexRPCLimitsForTesting(
+            primary: (usedPercent: 31, windowMinutes: 300, resetsAt: nil),
+            secondary: nil)
+
+        #expect(snapshot.primary?.usedPercent == 31)
+        #expect(snapshot.primary?.windowMinutes == 300)
+        #expect(snapshot.secondary == nil)
+    }
+
+    @Test
+    func `maps reversed weekly and unknown RPC limits`() throws {
+        let snapshot = try UsageFetcher._mapCodexRPCLimitsForTesting(
+            primary: (usedPercent: 43, windowMinutes: 10080, resetsAt: nil),
+            secondary: (usedPercent: 17, windowMinutes: 540, resetsAt: nil))
+
+        #expect(snapshot.primary?.usedPercent == 17)
+        #expect(snapshot.primary?.windowMinutes == 540)
+        #expect(snapshot.secondary?.usedPercent == 43)
+        #expect(snapshot.secondary?.windowMinutes == 10080)
+    }
+
+    @Test
+    func `throws when RPC limits contain no windows`() {
+        #expect(throws: UsageError.noRateLimitsFound) {
+            try UsageFetcher._mapCodexRPCLimitsForTesting(primary: nil, secondary: nil)
+        }
+    }
+
+    @Test
+    func `maps plan only RPC limits into empty identified snapshot`() throws {
+        let snapshot = try UsageFetcher._mapCodexRPCLimitsForTesting(
+            primary: nil,
+            secondary: nil,
+            planType: "pro")
+
+        #expect(snapshot.primary == nil)
+        #expect(snapshot.secondary == nil)
+        #expect(snapshot.loginMethod(for: .codex) == "pro")
+        #expect(snapshot.rateLimitsUnavailable(for: .codex))
+    }
+
+    @Test
+    func `codex no rate limit error means limits unavailable without snapshot`() {
+        let availability = UsageLimitsAvailability.resolve(
+            provider: .codex,
+            snapshot: nil,
+            account: AccountInfo(email: "user@example.com", plan: nil),
+            lastErrorDescription: UsageError.noRateLimitsFound.errorDescription)
+
+        #expect(availability == .unavailable)
+    }
+
+    @Test
+    func `codex no rate limit error stays available without account context`() {
+        let availability = UsageLimitsAvailability.resolve(
+            provider: .codex,
+            snapshot: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            lastErrorDescription: UsageError.noRateLimitsFound.errorDescription)
+
+        #expect(availability == .available)
+    }
+
+    @Test
+    func `codex windowed snapshot wins over stale no rate limit error`() {
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "user@example.com",
+            accountOrganization: nil,
+            loginMethod: "pro")
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 25,
+                windowMinutes: 300,
+                resetsAt: nil,
+                resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date(),
+            identity: identity)
+        let availability = UsageLimitsAvailability.resolve(
+            provider: .codex,
+            snapshot: snapshot,
+            lastErrorDescription: UsageError.noRateLimitsFound.errorDescription)
+
+        #expect(availability == .available)
+    }
+
+    @Test
+    func `maps weekly only status snapshot into secondary`() throws {
+        let status = CodexStatusSnapshot(
+            credits: nil,
+            fiveHourPercentLeft: nil,
+            weeklyPercentLeft: 95,
+            fiveHourResetDescription: nil,
+            weeklyResetDescription: "resets next week",
+            fiveHourResetsAt: nil,
+            weeklyResetsAt: nil,
+            rawText: "Weekly limit: 95% left")
+
+        let snapshot = try UsageFetcher._mapCodexStatusForTesting(status)
+        #expect(snapshot.primary == nil)
+        #expect(snapshot.secondary?.usedPercent == 5)
+        #expect(snapshot.secondary?.windowMinutes == 10080)
+    }
+
+    @Test
+    func `maps five hour only status snapshot into primary`() throws {
+        let status = CodexStatusSnapshot(
+            credits: nil,
+            fiveHourPercentLeft: 69,
+            weeklyPercentLeft: nil,
+            fiveHourResetDescription: "resets soon",
+            weeklyResetDescription: nil,
+            fiveHourResetsAt: nil,
+            weeklyResetsAt: nil,
+            rawText: "5h limit: 69% left")
+
+        let snapshot = try UsageFetcher._mapCodexStatusForTesting(status)
+        #expect(snapshot.primary?.usedPercent == 31)
+        #expect(snapshot.primary?.windowMinutes == 300)
+        #expect(snapshot.secondary == nil)
+    }
+
+    @Test
+    func `throws when status snapshot contains no windows`() {
+        let status = CodexStatusSnapshot(
+            credits: nil,
+            fiveHourPercentLeft: nil,
+            weeklyPercentLeft: nil,
+            fiveHourResetDescription: nil,
+            weeklyResetDescription: nil,
+            fiveHourResetsAt: nil,
+            weeklyResetsAt: nil,
+            rawText: "")
+
+        #expect(throws: UsageError.noRateLimitsFound) {
+            try UsageFetcher._mapCodexStatusForTesting(status)
+        }
+    }
+}
diff --git a/Tests/CodexBarTests/CodexConsumerProjectionCharacterizationTests.swift b/Tests/CodexBarTests/CodexConsumerProjectionCharacterizationTests.swift
new file mode 100644
index 000000000..1eea7faf3
--- /dev/null
+++ b/Tests/CodexBarTests/CodexConsumerProjectionCharacterizationTests.swift
@@ -0,0 +1,157 @@
+import AppKit
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+@MainActor
+struct CodexConsumerProjectionCharacterizationTests {
+    private func makeStatusBarForTesting() -> NSStatusBar {
+        let env = ProcessInfo.processInfo.environment
+        if env["GITHUB_ACTIONS"] == "true" || env["CI"] == "true" {
+            return .system
+        }
+        return NSStatusBar()
+    }
+
+    private func makeSettings() -> SettingsStore {
+        let suite = "CodexConsumerProjectionCharacterizationTests-\(UUID().uuidString)"
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+    }
+
+    private func makeCodexStore(settings: SettingsStore, dashboardAuthorized: Bool) -> UsageStore {
+        let now = Date()
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(
+                    usedPercent: 22,
+                    windowMinutes: 300,
+                    resetsAt: now.addingTimeInterval(1800),
+                    resetDescription: nil),
+                secondary: nil,
+                tertiary: nil,
+                updatedAt: now,
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "codex@example.com",
+                    accountOrganization: nil,
+                    loginMethod: "Plus Plan")),
+            provider: .codex)
+        store.openAIDashboard = OpenAIDashboardSnapshot(
+            signedInEmail: "other@example.com",
+            codeReviewRemainingPercent: 88,
+            codeReviewLimit: RateWindow(
+                usedPercent: 12,
+                windowMinutes: nil,
+                resetsAt: now.addingTimeInterval(3600),
+                resetDescription: nil),
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            updatedAt: now)
+        store.openAIDashboardAttachmentAuthorized = dashboardAuthorized
+        store.openAIDashboardRequiresLogin = false
+        return store
+    }
+
+    @Test
+    func `snapshot override menu card stays isolated from live codex extras`() throws {
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+
+        let fetcher = UsageFetcher()
+        let store = self.makeCodexStore(settings: settings, dashboardAuthorized: true)
+        store.credits = CreditsSnapshot(remaining: 42, events: [], updatedAt: Date())
+        store._setTokenSnapshotForTesting(CostUsageTokenSnapshot(
+            sessionTokens: 123,
+            sessionCostUSD: 1.23,
+            last30DaysTokens: 456,
+            last30DaysCostUSD: 4.56,
+            daily: [],
+            updatedAt: Date()), provider: .codex)
+        store._setErrorForTesting("Live store error", provider: .codex)
+
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let overrideSnapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 15,
+                windowMinutes: 300,
+                resetsAt: Date().addingTimeInterval(1800),
+                resetDescription: nil),
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: "override@example.com",
+                accountOrganization: nil,
+                loginMethod: "Plus Plan"))
+
+        let model = try #require(controller.menuCardModel(
+            for: .codex,
+            snapshotOverride: overrideSnapshot,
+            errorOverride: "Override error"))
+
+        #expect(model.creditsText == "Credits unavailable; keep Codex running to refresh.")
+        #expect(model.tokenUsage == nil)
+        #expect(model.metrics.contains { $0.id == "code-review" } == false)
+        #expect(model.subtitleText == "Override error")
+    }
+
+    @Test
+    func `menu bar display text keeps percent in show used mode when codex is exhausted`() {
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .codex
+        settings.menuBarDisplayMode = .percent
+        settings.usageBarsShowUsed = true
+        settings.setMenuBarMetricPreference(.primary, for: .codex)
+
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+        store._setErrorForTesting(nil, provider: .codex)
+        store.credits = CreditsSnapshot(remaining: 80, events: [], updatedAt: Date())
+
+        let displayText = controller.menuBarDisplayText(for: .codex, snapshot: snapshot)
+
+        #expect(displayText == "100%")
+    }
+}
diff --git a/Tests/CodexBarTests/CodexConsumerProjectionTests.swift b/Tests/CodexBarTests/CodexConsumerProjectionTests.swift
new file mode 100644
index 000000000..ead6233f3
--- /dev/null
+++ b/Tests/CodexBarTests/CodexConsumerProjectionTests.swift
@@ -0,0 +1,241 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@MainActor
+struct CodexConsumerProjectionTests {
+    @Test
+    func `live card projection compacts weekly lanes and attaches dashboard extras`() {
+        let store = self.makeStore(suite: "CodexConsumerProjectionTests-live-card")
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: nil,
+                secondary: RateWindow(
+                    usedPercent: 25,
+                    windowMinutes: 10080,
+                    resetsAt: now.addingTimeInterval(3600),
+                    resetDescription: nil),
+                updatedAt: now),
+            provider: .codex)
+        store.credits = CreditsSnapshot(remaining: 42, events: [], updatedAt: now)
+        store.openAIDashboard = OpenAIDashboardSnapshot(
+            signedInEmail: "codex@example.com",
+            codeReviewRemainingPercent: 88,
+            codeReviewLimit: RateWindow(
+                usedPercent: 12,
+                windowMinutes: nil,
+                resetsAt: now.addingTimeInterval(7200),
+                resetDescription: nil),
+            creditEvents: [],
+            dailyBreakdown: [OpenAIDashboardDailyBreakdown(day: "2024-01-01", services: [], totalCreditsUsed: 3)],
+            usageBreakdown: [OpenAIDashboardDailyBreakdown(day: "2024-01-01", services: [], totalCreditsUsed: 4)],
+            creditsPurchaseURL: "https://chatgpt.com/settings/billing",
+            updatedAt: now)
+        store.openAIDashboardAttachmentAuthorized = true
+        store.openAIDashboardRequiresLogin = false
+
+        let projection = store.codexConsumerProjection(surface: .liveCard, now: now)
+
+        #expect(projection.visibleRateLanes == [.weekly])
+        #expect(projection.planUtilizationLanes.map(\.role.rawValue) == ["weekly"])
+        #expect(projection.dashboardVisibility == .attached)
+        #expect(projection.supplementalMetrics == [.codeReview])
+        #expect(projection.remainingPercent(for: .codeReview) == 88)
+        #expect(projection.credits?.remaining == 42)
+        #expect(projection.canShowBuyCredits)
+        #expect(projection.hasUsageBreakdown)
+        #expect(projection.hasCreditsHistory)
+    }
+
+    @Test
+    func `display only dashboard stays visible without attached extras`() {
+        let store = self.makeStore(suite: "CodexConsumerProjectionTests-display-only")
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(
+                    usedPercent: 15,
+                    windowMinutes: 300,
+                    resetsAt: now.addingTimeInterval(1800),
+                    resetDescription: nil),
+                secondary: RateWindow(
+                    usedPercent: 30,
+                    windowMinutes: 10080,
+                    resetsAt: now.addingTimeInterval(3600),
+                    resetDescription: nil),
+                updatedAt: now),
+            provider: .codex)
+        store.openAIDashboard = OpenAIDashboardSnapshot(
+            signedInEmail: "codex@example.com",
+            codeReviewRemainingPercent: 66,
+            creditEvents: [],
+            dailyBreakdown: [OpenAIDashboardDailyBreakdown(day: "2024-01-01", services: [], totalCreditsUsed: 3)],
+            usageBreakdown: [OpenAIDashboardDailyBreakdown(day: "2024-01-01", services: [], totalCreditsUsed: 4)],
+            creditsPurchaseURL: "https://chatgpt.com/settings/billing",
+            updatedAt: now)
+        store.openAIDashboardAttachmentAuthorized = false
+        store.openAIDashboardRequiresLogin = false
+
+        let projection = store.codexConsumerProjection(surface: .liveCard, now: now)
+
+        #expect(projection.dashboardVisibility == .displayOnly)
+        #expect(projection.supplementalMetrics.isEmpty)
+        #expect(projection.canShowBuyCredits)
+        #expect(!projection.hasUsageBreakdown)
+        #expect(!projection.hasCreditsHistory)
+    }
+
+    @Test
+    func `override card projection does not pull live codex adjuncts`() {
+        let store = self.makeStore(suite: "CodexConsumerProjectionTests-override")
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(
+                    usedPercent: 18,
+                    windowMinutes: 300,
+                    resetsAt: now.addingTimeInterval(1800),
+                    resetDescription: nil),
+                secondary: nil,
+                updatedAt: now),
+            provider: .codex)
+        store.credits = CreditsSnapshot(remaining: 42, events: [], updatedAt: now)
+        store.lastCreditsError = "Frame load interrupted"
+        store.openAIDashboard = OpenAIDashboardSnapshot(
+            signedInEmail: "codex@example.com",
+            codeReviewRemainingPercent: 88,
+            creditEvents: [],
+            dailyBreakdown: [OpenAIDashboardDailyBreakdown(day: "2024-01-01", services: [], totalCreditsUsed: 3)],
+            usageBreakdown: [OpenAIDashboardDailyBreakdown(day: "2024-01-01", services: [], totalCreditsUsed: 4)],
+            creditsPurchaseURL: "https://chatgpt.com/settings/billing",
+            updatedAt: now)
+        store.openAIDashboardAttachmentAuthorized = true
+        store.openAIDashboardRequiresLogin = false
+        store._setErrorForTesting("Live codex error", provider: .codex)
+
+        let overrideSnapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 55,
+                windowMinutes: 300,
+                resetsAt: now.addingTimeInterval(1200),
+                resetDescription: nil),
+            secondary: nil,
+            updatedAt: now)
+
+        let projection = store.codexConsumerProjection(
+            surface: .overrideCard,
+            snapshotOverride: overrideSnapshot,
+            errorOverride: "Override error",
+            now: now)
+
+        #expect(projection.visibleRateLanes == [.session])
+        #expect(projection.dashboardVisibility == .hidden)
+        #expect(projection.credits == nil)
+        #expect(projection.supplementalMetrics.isEmpty)
+        #expect(!projection.canShowBuyCredits)
+        #expect(!projection.hasUsageBreakdown)
+        #expect(!projection.hasCreditsHistory)
+        #expect(projection.userFacingErrors.usage == "Override error")
+        #expect(projection.userFacingErrors.credits == nil)
+        #expect(projection.userFacingErrors.dashboard == nil)
+    }
+
+    @Test
+    func `menu bar projection flags credits fallback on exhaustion`() {
+        let store = self.makeStore(suite: "CodexConsumerProjectionTests-menu-bar")
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(
+                    usedPercent: 100,
+                    windowMinutes: 300,
+                    resetsAt: now.addingTimeInterval(1800),
+                    resetDescription: nil),
+                secondary: RateWindow(
+                    usedPercent: 40,
+                    windowMinutes: 10080,
+                    resetsAt: now.addingTimeInterval(3600),
+                    resetDescription: nil),
+                updatedAt: now),
+            provider: .codex)
+        store.credits = CreditsSnapshot(remaining: 80, events: [], updatedAt: now)
+
+        let projection = store.codexConsumerProjection(surface: .menuBar, now: now)
+
+        #expect(projection.menuBarFallback == .creditsBalance)
+    }
+
+    @Test
+    func `live card projection keeps buy credits available without dashboard purchase URL`() {
+        let store = self.makeStore(suite: "CodexConsumerProjectionTests-buy-credits")
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(
+                    usedPercent: 20,
+                    windowMinutes: 300,
+                    resetsAt: now.addingTimeInterval(1800),
+                    resetDescription: nil),
+                secondary: nil,
+                updatedAt: now),
+            provider: .codex)
+        store.credits = CreditsSnapshot(remaining: 42, events: [], updatedAt: now)
+        store.openAIDashboardAttachmentAuthorized = false
+        store.openAIDashboardRequiresLogin = false
+
+        let projection = store.codexConsumerProjection(surface: .liveCard, now: now)
+
+        #expect(projection.canShowBuyCredits)
+    }
+
+    @Test
+    func `menu bar projection keeps credits fallback when credits load before usage`() {
+        let store = self.makeStore(suite: "CodexConsumerProjectionTests-menu-bar-credits-only")
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+
+        store._setSnapshotForTesting(nil, provider: .codex)
+        store.credits = CreditsSnapshot(remaining: 80, events: [], updatedAt: now)
+
+        let projection = store.codexConsumerProjection(surface: .menuBar, now: now)
+
+        #expect(projection.menuBarFallback == .creditsBalance)
+        #expect(!projection.hasExhaustedRateLane)
+    }
+
+    private func makeStore(suite: String) -> UsageStore {
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore(),
+            codexCookieStore: InMemoryCookieHeaderStore(),
+            claudeCookieStore: InMemoryCookieHeaderStore(),
+            cursorCookieStore: InMemoryCookieHeaderStore(),
+            opencodeCookieStore: InMemoryCookieHeaderStore(),
+            factoryCookieStore: InMemoryCookieHeaderStore(),
+            minimaxCookieStore: InMemoryMiniMaxCookieStore(),
+            minimaxAPITokenStore: InMemoryMiniMaxAPITokenStore(),
+            kimiTokenStore: InMemoryKimiTokenStore(),
+            kimiK2TokenStore: InMemoryKimiK2TokenStore(),
+            augmentCookieStore: InMemoryCookieHeaderStore(),
+            ampCookieStore: InMemoryCookieHeaderStore(),
+            copilotTokenStore: InMemoryCopilotTokenStore(),
+            tokenAccountStore: InMemoryTokenAccountStore())
+
+        return UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+    }
+}
diff --git a/Tests/CodexBarTests/CodexDashboardAuthorityTests.swift b/Tests/CodexBarTests/CodexDashboardAuthorityTests.swift
new file mode 100644
index 000000000..a2805135e
--- /dev/null
+++ b/Tests/CodexBarTests/CodexDashboardAuthorityTests.swift
@@ -0,0 +1,390 @@
+import CodexBarCore
+import Testing
+
+struct CodexDashboardAuthorityTests {
+    @Test
+    func `email only wrong email returns fail closed`() {
+        let input = CodexDashboardAuthorityInput(
+            sourceKind: .liveWeb,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: .emailOnly(normalizedEmail: "owner@example.com"),
+                expectedScopedEmail: nil,
+                trustedCurrentUsageEmail: nil,
+                dashboardSignedInEmail: "other@example.com",
+                knownOwners: [
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .emailOnly(normalizedEmail: "owner@example.com"),
+                        normalizedEmail: "owner@example.com"),
+                ]),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: "owner@example.com",
+                lastKnownDashboardRoutingEmail: nil))
+
+        let decision = CodexDashboardAuthority.evaluate(input)
+
+        #expect(decision.disposition == .failClosed)
+        #expect(decision.reason == .wrongEmail(expected: "owner@example.com", actual: "other@example.com"))
+    }
+
+    @Test
+    func `provider account wrong email returns fail closed`() {
+        let input = CodexDashboardAuthorityInput(
+            sourceKind: .liveWeb,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: .providerAccount(id: "acct-owner"),
+                expectedScopedEmail: "owner@example.com",
+                trustedCurrentUsageEmail: nil,
+                dashboardSignedInEmail: "other@example.com",
+                knownOwners: [
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-owner"),
+                        normalizedEmail: "owner@example.com"),
+                ]),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: "owner@example.com",
+                lastKnownDashboardRoutingEmail: "stale@example.com"))
+
+        let decision = CodexDashboardAuthority.evaluate(input)
+
+        #expect(decision.disposition == .failClosed)
+        #expect(decision.reason == .wrongEmail(expected: "owner@example.com", actual: "other@example.com"))
+    }
+
+    @Test
+    func `email only same email ambiguity returns display only`() {
+        let input = CodexDashboardAuthorityInput(
+            sourceKind: .liveWeb,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: .emailOnly(normalizedEmail: "shared@example.com"),
+                expectedScopedEmail: nil,
+                trustedCurrentUsageEmail: nil,
+                dashboardSignedInEmail: "shared@example.com",
+                knownOwners: [
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-alpha"),
+                        normalizedEmail: "shared@example.com"),
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-beta"),
+                        normalizedEmail: "shared@example.com"),
+                ]),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: "shared@example.com",
+                lastKnownDashboardRoutingEmail: "shared@example.com"))
+
+        let decision = CodexDashboardAuthority.evaluate(input)
+
+        #expect(decision.disposition == .displayOnly)
+        #expect(decision.reason == .sameEmailAmbiguity(email: "shared@example.com"))
+    }
+
+    @Test
+    func `provider account exact owner match returns attach`() {
+        let input = CodexDashboardAuthorityInput(
+            sourceKind: .liveWeb,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: .providerAccount(id: "acct-owner"),
+                expectedScopedEmail: "OWNER@example.com",
+                trustedCurrentUsageEmail: nil,
+                dashboardSignedInEmail: "owner@example.com",
+                knownOwners: [
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-owner"),
+                        normalizedEmail: "OWNER@example.com"),
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-other"),
+                        normalizedEmail: "other@example.com"),
+                ]),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: "route@example.com",
+                lastKnownDashboardRoutingEmail: "stale@example.com"))
+
+        let decision = CodexDashboardAuthority.evaluate(input)
+
+        #expect(decision.disposition == .attach)
+        #expect(decision.reason == .exactProviderAccountMatch)
+    }
+
+    @Test
+    func `provider account same email ambiguity without exact match returns display only`() {
+        let input = CodexDashboardAuthorityInput(
+            sourceKind: .liveWeb,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: .providerAccount(id: "acct-current"),
+                expectedScopedEmail: "shared@example.com",
+                trustedCurrentUsageEmail: nil,
+                dashboardSignedInEmail: "shared@example.com",
+                knownOwners: [
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-alpha"),
+                        normalizedEmail: "shared@example.com"),
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-beta"),
+                        normalizedEmail: "shared@example.com"),
+                ]),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: "shared@example.com",
+                lastKnownDashboardRoutingEmail: nil))
+
+        let decision = CodexDashboardAuthority.evaluate(input)
+
+        #expect(decision.disposition == .displayOnly)
+        #expect(decision.reason == .sameEmailAmbiguity(email: "shared@example.com"))
+    }
+
+    @Test
+    func `provider account nil scoped email with dashboard collision returns fail closed`() {
+        let input = CodexDashboardAuthorityInput(
+            sourceKind: .liveWeb,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: .providerAccount(id: "acct-current"),
+                expectedScopedEmail: nil,
+                trustedCurrentUsageEmail: "shared@example.com",
+                dashboardSignedInEmail: "shared@example.com",
+                knownOwners: [
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-alpha"),
+                        normalizedEmail: "shared@example.com"),
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-beta"),
+                        normalizedEmail: "shared@example.com"),
+                ]),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: "shared@example.com",
+                lastKnownDashboardRoutingEmail: nil))
+
+        let decision = CodexDashboardAuthority.evaluate(input)
+
+        #expect(decision.disposition == .failClosed)
+        #expect(decision.reason == .providerAccountMissingScopedEmail)
+    }
+
+    @Test
+    func `unresolved trusted continuity without competing owner returns attach`() {
+        let input = CodexDashboardAuthorityInput(
+            sourceKind: .liveWeb,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: .unresolved,
+                expectedScopedEmail: nil,
+                trustedCurrentUsageEmail: "owner@example.com",
+                dashboardSignedInEmail: "owner@example.com",
+                knownOwners: [
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-owner"),
+                        normalizedEmail: "owner@example.com"),
+                ]),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: "owner@example.com",
+                lastKnownDashboardRoutingEmail: "route@example.com"))
+
+        let decision = CodexDashboardAuthority.evaluate(input)
+
+        #expect(decision.disposition == .attach)
+        #expect(decision.reason == .trustedContinuityNoCompetingOwner)
+    }
+
+    @Test
+    func `unresolved trusted continuity with competing owner returns display only`() {
+        let input = CodexDashboardAuthorityInput(
+            sourceKind: .liveWeb,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: .unresolved,
+                expectedScopedEmail: nil,
+                trustedCurrentUsageEmail: "shared@example.com",
+                dashboardSignedInEmail: "shared@example.com",
+                knownOwners: [
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-alpha"),
+                        normalizedEmail: "shared@example.com"),
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-beta"),
+                        normalizedEmail: "shared@example.com"),
+                ]),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: "shared@example.com",
+                lastKnownDashboardRoutingEmail: "route@example.com"))
+
+        let decision = CodexDashboardAuthority.evaluate(input)
+
+        #expect(decision.disposition == .displayOnly)
+        #expect(decision.reason == .sameEmailAmbiguity(email: "shared@example.com"))
+    }
+
+    @Test
+    func `unresolved without trusted evidence returns fail closed`() {
+        let input = CodexDashboardAuthorityInput(
+            sourceKind: .liveWeb,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: .unresolved,
+                expectedScopedEmail: nil,
+                trustedCurrentUsageEmail: nil,
+                dashboardSignedInEmail: "owner@example.com",
+                knownOwners: []),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: "owner@example.com",
+                lastKnownDashboardRoutingEmail: nil))
+
+        let decision = CodexDashboardAuthority.evaluate(input)
+
+        #expect(decision.disposition == .failClosed)
+        #expect(decision.reason == .unresolvedWithoutTrustedEvidence)
+    }
+
+    @Test
+    func `missing dashboard signed in email returns fail closed`() {
+        let input = CodexDashboardAuthorityInput(
+            sourceKind: .liveWeb,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: .providerAccount(id: "acct-owner"),
+                expectedScopedEmail: "owner@example.com",
+                trustedCurrentUsageEmail: "owner@example.com",
+                dashboardSignedInEmail: nil,
+                knownOwners: [
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-owner"),
+                        normalizedEmail: "owner@example.com"),
+                ]),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: "owner@example.com",
+                lastKnownDashboardRoutingEmail: nil))
+
+        let decision = CodexDashboardAuthority.evaluate(input)
+
+        #expect(decision.disposition == .failClosed)
+        #expect(decision.reason == .missingDashboardSignedInEmail)
+    }
+
+    @Test
+    func `live web attach exposes usage credits guard and history effects`() {
+        let input = CodexDashboardAuthorityInput(
+            sourceKind: .liveWeb,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: .providerAccount(id: "acct-owner"),
+                expectedScopedEmail: "owner@example.com",
+                trustedCurrentUsageEmail: nil,
+                dashboardSignedInEmail: "owner@example.com",
+                knownOwners: [
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-owner"),
+                        normalizedEmail: "owner@example.com"),
+                ]),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: nil,
+                lastKnownDashboardRoutingEmail: nil))
+
+        let decision = CodexDashboardAuthority.evaluate(input)
+
+        #expect(decision.disposition == .attach)
+        #expect(decision.allowedEffects == Set([
+            .usageBackfill,
+            .creditsAttachment,
+            .refreshGuardSeed,
+            .historicalBackfill,
+        ]))
+        #expect(decision.cleanup.isEmpty)
+    }
+
+    @Test
+    func `cached dashboard attach exposes cached reuse only`() {
+        let input = CodexDashboardAuthorityInput(
+            sourceKind: .cachedDashboard,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: .emailOnly(normalizedEmail: "owner@example.com"),
+                expectedScopedEmail: nil,
+                trustedCurrentUsageEmail: nil,
+                dashboardSignedInEmail: "owner@example.com",
+                knownOwners: [
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-owner"),
+                        normalizedEmail: "owner@example.com"),
+                ]),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: "owner@example.com",
+                lastKnownDashboardRoutingEmail: nil))
+
+        let decision = CodexDashboardAuthority.evaluate(input)
+
+        #expect(decision.disposition == .attach)
+        #expect(decision.allowedEffects == Set([.cachedDashboardReuse]))
+        #expect(decision.cleanup.isEmpty)
+    }
+
+    @Test
+    func `display only emits full cleanup set`() {
+        let input = CodexDashboardAuthorityInput(
+            sourceKind: .liveWeb,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: .emailOnly(normalizedEmail: "shared@example.com"),
+                expectedScopedEmail: nil,
+                trustedCurrentUsageEmail: nil,
+                dashboardSignedInEmail: "shared@example.com",
+                knownOwners: [
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-alpha"),
+                        normalizedEmail: "shared@example.com"),
+                    CodexDashboardKnownOwnerCandidate(
+                        identity: .providerAccount(id: "acct-beta"),
+                        normalizedEmail: "shared@example.com"),
+                ]),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: nil,
+                lastKnownDashboardRoutingEmail: nil))
+
+        let decision = CodexDashboardAuthority.evaluate(input)
+
+        #expect(decision.disposition == .displayOnly)
+        #expect(decision.allowedEffects.isEmpty)
+        #expect(decision.cleanup == Set(CodexDashboardCleanup.allCases))
+    }
+
+    @Test
+    func `fail closed emits full cleanup set`() {
+        let input = CodexDashboardAuthorityInput(
+            sourceKind: .liveWeb,
+            proof: CodexDashboardOwnershipProofContext(
+                currentIdentity: .unresolved,
+                expectedScopedEmail: nil,
+                trustedCurrentUsageEmail: nil,
+                dashboardSignedInEmail: "owner@example.com",
+                knownOwners: []),
+            routing: CodexDashboardRoutingHints(
+                targetEmail: nil,
+                lastKnownDashboardRoutingEmail: nil))
+
+        let decision = CodexDashboardAuthority.evaluate(input)
+
+        #expect(decision.disposition == .failClosed)
+        #expect(decision.allowedEffects.isEmpty)
+        #expect(decision.cleanup == Set(CodexDashboardCleanup.allCases))
+    }
+
+    @Test
+    func `routing hints do not change evaluation result`() {
+        let proof = CodexDashboardOwnershipProofContext(
+            currentIdentity: .providerAccount(id: "acct-owner"),
+            expectedScopedEmail: "owner@example.com",
+            trustedCurrentUsageEmail: nil,
+            dashboardSignedInEmail: "owner@example.com",
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-owner"),
+                    normalizedEmail: "owner@example.com"),
+            ])
+        let baseInput = CodexDashboardAuthorityInput(
+            sourceKind: .liveWeb,
+            proof: proof,
+            routing: CodexDashboardRoutingHints(
+                targetEmail: "owner@example.com",
+                lastKnownDashboardRoutingEmail: "owner@example.com"))
+        let conflictingRoutingInput = CodexDashboardAuthorityInput(
+            sourceKind: .liveWeb,
+            proof: proof,
+            routing: CodexDashboardRoutingHints(
+                targetEmail: "wrong@example.com",
+                lastKnownDashboardRoutingEmail: "stale@example.com"))
+
+        let baseDecision = CodexDashboardAuthority.evaluate(baseInput)
+        let conflictingDecision = CodexDashboardAuthority.evaluate(conflictingRoutingInput)
+
+        #expect(baseDecision == conflictingDecision)
+    }
+}
diff --git a/Tests/CodexBarTests/CodexDashboardWorkedExampleParityTests.swift b/Tests/CodexBarTests/CodexDashboardWorkedExampleParityTests.swift
new file mode 100644
index 000000000..6576b62b4
--- /dev/null
+++ b/Tests/CodexBarTests/CodexDashboardWorkedExampleParityTests.swift
@@ -0,0 +1,573 @@
+import Foundation
+import Testing
+@testable import CodexBar
+@testable import CodexBarCLI
+@testable import CodexBarCore
+
+@Suite(.serialized)
+@MainActor
+struct CodexDashboardWorkedExampleParityTests {
+    @Test
+    func `worked example A wrong email app and CLI both reject and retire owned state`() async throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let store = self.makeAppStore(suite: "CodexDashboardWorkedExampleParityTests-example-a")
+        store.settings._test_liveSystemCodexAccount = self.liveAccount(
+            email: "work@company.com",
+            identity: .emailOnly(normalizedEmail: "work@company.com"))
+        store.settings.codexActiveSource = .liveSystem
+
+        let attachedDashboard = self.makeDashboard(
+            email: "work@company.com",
+            creditsRemaining: 42,
+            usedPercent: 20)
+        let attachedCredits = self.credits(remaining: 42)
+        store._setSnapshotForTesting(self.codexSnapshot(email: "work@company.com", usedPercent: 20), provider: .codex)
+        store.lastSourceLabels[.codex] = "openai-web"
+        store.credits = attachedCredits
+        store.lastCreditsSnapshot = attachedCredits
+        store.lastCreditsSnapshotAccountKey = "work@company.com"
+        store.lastCreditsSource = .dashboardWeb
+        store.openAIDashboard = attachedDashboard
+        store.lastOpenAIDashboardSnapshot = attachedDashboard
+        store.lastOpenAIDashboardTargetEmail = "work@company.com"
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "work@company.com",
+            snapshot: attachedDashboard))
+
+        await store.applyOpenAIDashboard(
+            self.makeDashboard(
+                email: "personal@gmail.com",
+                creditsRemaining: 9,
+                usedPercent: 35),
+            targetEmail: "work@company.com")
+
+        #expect(store.openAIDashboard == nil)
+        #expect(store.lastOpenAIDashboardSnapshot == nil)
+        #expect(store.snapshots[.codex] == nil)
+        #expect(store.credits == nil)
+        #expect(store.lastCreditsSource == .none)
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+        #expect(store.openAIDashboardRequiresLogin == true)
+
+        let authHome = try self.makeAuthHome(
+            email: "work@company.com",
+            accountId: "acct-work")
+        defer { try? FileManager.default.removeItem(at: authHome) }
+        let cliContext = self.makeCLIContext(
+            authHome: authHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-work"),
+                    normalizedEmail: "work@company.com"),
+            ])
+        let wrongEmailDashboard = self.makeDashboard(
+            email: "personal@gmail.com",
+            creditsRemaining: 9,
+            usedPercent: 35)
+
+        do {
+            _ = try CodexWebDashboardStrategy.makeAuthorizedDashboardResultForTesting(
+                dashboard: wrongEmailDashboard,
+                context: cliContext,
+                routingTargetEmail: "work@company.com")
+            Issue.record("Expected OpenAIWebCodexError.policyRejected")
+        } catch let error as OpenAIWebCodexError {
+            if case let .policyRejected(decision) = error {
+                #expect(decision.reason == .wrongEmail(expected: "work@company.com", actual: "personal@gmail.com"))
+            } else {
+                Issue.record("Expected policyRejected, got \(error)")
+            }
+        } catch {
+            Issue.record("Expected OpenAIWebCodexError.policyRejected, got \(error)")
+        }
+
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "personal@gmail.com",
+            snapshot: wrongEmailDashboard))
+
+        let restored = CodexBarCLI.loadOpenAIDashboardIfAvailable(
+            usage: self.makeUsage(email: "work@company.com"),
+            sourceLabel: "codex-cli",
+            context: cliContext)
+
+        #expect(restored == nil)
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+    }
+
+    @Test
+    func `worked example B same email ambiguity is display only in app and non attach in CLI`() async throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let managedHome = try self.makeAuthHome(
+            email: "work@company.com",
+            accountId: "acct-managed")
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "work@company.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let managedStoreURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer { try? FileManager.default.removeItem(at: managedStoreURL) }
+
+        let store = self.makeAppStore(suite: "CodexDashboardWorkedExampleParityTests-example-b")
+        store.settings._test_managedCodexAccountStoreURL = managedStoreURL
+        store.settings._test_liveSystemCodexAccount = self.liveAccount(
+            email: "work@company.com",
+            identity: .emailOnly(normalizedEmail: "work@company.com"))
+        store.settings.codexActiveSource = .liveSystem
+
+        await store.applyOpenAIDashboard(
+            self.makeDashboard(
+                email: "work@company.com",
+                creditsRemaining: 14,
+                usedPercent: 30,
+                includeUsageBreakdown: true),
+            targetEmail: "work@company.com")
+        try await Task.sleep(for: .milliseconds(250))
+
+        #expect(store.openAIDashboard?.signedInEmail == "work@company.com")
+        #expect(store.snapshots[.codex] == nil)
+        #expect(store.credits == nil)
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+        #expect(store.codexHistoricalDataset == nil)
+
+        let cliAuthHome = try self.makeAuthHome(email: "work@company.com")
+        defer { try? FileManager.default.removeItem(at: cliAuthHome) }
+        let ambiguousOwners = [
+            CodexDashboardKnownOwnerCandidate(
+                identity: .providerAccount(id: "acct-alpha"),
+                normalizedEmail: "work@company.com"),
+            CodexDashboardKnownOwnerCandidate(
+                identity: .providerAccount(id: "acct-beta"),
+                normalizedEmail: "work@company.com"),
+        ]
+        let cliContext = self.makeCLIContext(
+            authHome: cliAuthHome,
+            knownOwners: ambiguousOwners)
+        let dashboard = self.makeDashboard(
+            email: "work@company.com",
+            creditsRemaining: 14,
+            usedPercent: 30,
+            includeUsageBreakdown: true)
+        let expectedDecision = CodexDashboardAuthority.evaluate(
+            CodexCLIDashboardAuthorityContext.makeLiveWebInput(
+                dashboard: dashboard,
+                context: cliContext,
+                routingTargetEmail: "work@company.com"))
+
+        do {
+            _ = try CodexWebDashboardStrategy.makeAuthorizedDashboardResultForTesting(
+                dashboard: dashboard,
+                context: cliContext,
+                routingTargetEmail: "work@company.com")
+            Issue.record("Expected CodexDashboardPolicyError.displayOnly")
+        } catch let error as CodexDashboardPolicyError {
+            #expect(error == .displayOnly(expectedDecision))
+        } catch {
+            Issue.record("Expected CodexDashboardPolicyError.displayOnly, got \(error)")
+        }
+
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "work@company.com",
+            snapshot: dashboard))
+
+        let restored = CodexBarCLI.loadOpenAIDashboardIfAvailable(
+            usage: self.makeUsage(email: "work@company.com"),
+            sourceLabel: "codex-cli",
+            context: cliContext)
+
+        #expect(restored == nil)
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+    }
+
+    @Test
+    func `worked example C unresolved but proven continuity attaches in app and CLI`() async {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let emptyHome = self.makeEmptyHome()
+        defer { try? FileManager.default.removeItem(at: emptyHome) }
+
+        let store = self.makeAppStore(suite: "CodexDashboardWorkedExampleParityTests-example-c")
+        store.settings._test_codexReconciliationEnvironment = ["CODEX_HOME": emptyHome.path]
+        store.settings._test_liveSystemCodexAccount = nil
+        store.settings.codexActiveSource = .liveSystem
+        store._setSnapshotForTesting(self.codexSnapshot(email: "work@company.com", usedPercent: 12), provider: .codex)
+        store.lastSourceLabels[.codex] = "codex-cli"
+
+        let dashboard = self.makeDashboard(
+            email: "work@company.com",
+            creditsRemaining: 33,
+            usedPercent: 12)
+        let appAuthority = store.evaluateCodexDashboardAuthority(
+            dashboard: dashboard,
+            sourceKind: .liveWeb,
+            routingTargetEmail: "work@company.com")
+
+        await store.applyOpenAIDashboard(dashboard, targetEmail: "work@company.com")
+
+        #expect(store.openAIDashboard?.signedInEmail == "work@company.com")
+        #expect(store.credits?.remaining == 33)
+        #expect(store.lastCreditsSource == .dashboardWeb)
+        #expect(store.lastCodexAccountScopedRefreshGuard?.accountKey == "work@company.com")
+        #expect(store.openAIDashboardRequiresLogin == false)
+        #expect(store.lastOpenAIDashboardError == nil)
+
+        let cliContext = self.makeCLIContext(authHome: emptyHome, knownOwners: [])
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "stale-route@example.com",
+            snapshot: dashboard))
+
+        let restored = CodexBarCLI.loadOpenAIDashboardIfAvailable(
+            usage: self.makeUsage(email: "work@company.com"),
+            sourceLabel: "codex-cli",
+            context: cliContext)
+        let cliInput = CodexCLIDashboardAuthorityContext.makeCachedDashboardInput(
+            dashboard: dashboard,
+            cachedAccountEmail: "stale-route@example.com",
+            usage: self.makeUsage(email: "work@company.com"),
+            sourceLabel: "codex-cli",
+            context: cliContext)
+        let cliDecision = CodexDashboardAuthority.evaluate(cliInput)
+
+        #expect(restored == dashboard)
+        #expect(appAuthority.decision.disposition == .attach)
+        #expect(cliDecision.disposition == .attach)
+        #expect(appAuthority.decision.reason == .trustedContinuityNoCompetingOwner)
+        #expect(cliDecision.reason == .trustedContinuityNoCompetingOwner)
+    }
+
+    @Test
+    func `worked example D prior attach downgrades to ambiguity and retires old owned state`() async throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let store = self.makeAppStore(suite: "CodexDashboardWorkedExampleParityTests-example-d")
+        store.settings._test_liveSystemCodexAccount = self.liveAccount(
+            email: "shared@example.com",
+            identity: .emailOnly(normalizedEmail: "shared@example.com"))
+        store.settings.codexActiveSource = .liveSystem
+
+        let initialDashboard = self.makeDashboard(
+            email: "shared@example.com",
+            creditsRemaining: 21,
+            usedPercent: 18)
+        await store.applyOpenAIDashboard(initialDashboard, targetEmail: "shared@example.com")
+
+        #expect(store.openAIDashboard?.signedInEmail == "shared@example.com")
+        #expect(store.snapshots[.codex]?.accountEmail(for: .codex) == "shared@example.com")
+        #expect(store.credits?.remaining == 21)
+        #expect(store.lastSourceLabels[.codex] == "openai-web")
+        #expect(OpenAIDashboardCacheStore.load()?.accountEmail == "shared@example.com")
+
+        let managedHome = try self.makeAuthHome(
+            email: "shared@example.com",
+            accountId: "acct-managed")
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "shared@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let managedStoreURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer { try? FileManager.default.removeItem(at: managedStoreURL) }
+        store.settings._test_managedCodexAccountStoreURL = managedStoreURL
+
+        await store.applyOpenAIDashboard(
+            self.makeDashboard(
+                email: "shared@example.com",
+                creditsRemaining: 9,
+                usedPercent: 35,
+                includeUsageBreakdown: true),
+            targetEmail: "shared@example.com")
+
+        #expect(store.openAIDashboard?.signedInEmail == "shared@example.com")
+        #expect(store.lastOpenAIDashboardSnapshot?.signedInEmail == "shared@example.com")
+        #expect(store.snapshots[.codex] == nil)
+        #expect(store.credits == nil)
+        #expect(store.lastCreditsSource == .none)
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+
+        OpenAIDashboardCacheStore.clear()
+        let cliAuthHome = try self.makeAuthHome(email: "shared@example.com")
+        defer { try? FileManager.default.removeItem(at: cliAuthHome) }
+        let attachableContext = self.makeCLIContext(
+            authHome: cliAuthHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-alpha"),
+                    normalizedEmail: "shared@example.com"),
+            ])
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "shared@example.com",
+            snapshot: initialDashboard))
+
+        let initiallyRestored = CodexBarCLI.loadOpenAIDashboardIfAvailable(
+            usage: self.makeUsage(email: "shared@example.com"),
+            sourceLabel: "codex-cli",
+            context: attachableContext)
+        #expect(initiallyRestored == initialDashboard)
+
+        let ambiguousContext = self.makeCLIContext(
+            authHome: cliAuthHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-alpha"),
+                    normalizedEmail: "shared@example.com"),
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-beta"),
+                    normalizedEmail: "shared@example.com"),
+            ])
+
+        let downgradedRestored = CodexBarCLI.loadOpenAIDashboardIfAvailable(
+            usage: self.makeUsage(email: "shared@example.com"),
+            sourceLabel: "codex-cli",
+            context: ambiguousContext)
+
+        #expect(downgradedRestored == nil)
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+    }
+
+    private func makeDashboard(
+        email: String,
+        creditsRemaining: Double,
+        usedPercent: Double,
+        includeUsageBreakdown: Bool = false) -> OpenAIDashboardSnapshot
+    {
+        let updatedAt = Date(timeIntervalSince1970: 2000)
+        let creditEvents = [
+            CreditEvent(
+                date: Date(timeIntervalSince1970: 1000),
+                service: "codex",
+                creditsUsed: 3),
+        ]
+        let usageBreakdown = includeUsageBreakdown
+            ? self.makeUsageBreakdown(endingAt: updatedAt, days: 35, dailyCredits: 10)
+            : []
+        return OpenAIDashboardSnapshot(
+            signedInEmail: email,
+            codeReviewRemainingPercent: 75,
+            codeReviewLimit: RateWindow(
+                usedPercent: 25,
+                windowMinutes: 60,
+                resetsAt: Date(timeIntervalSince1970: 3600),
+                resetDescription: nil),
+            creditEvents: creditEvents,
+            dailyBreakdown: OpenAIDashboardSnapshot.makeDailyBreakdown(from: creditEvents, maxDays: 30),
+            usageBreakdown: usageBreakdown,
+            creditsPurchaseURL: nil,
+            primaryLimit: RateWindow(
+                usedPercent: usedPercent,
+                windowMinutes: 300,
+                resetsAt: Date(timeIntervalSince1970: 7200),
+                resetDescription: nil),
+            secondaryLimit: includeUsageBreakdown
+                ? RateWindow(
+                    usedPercent: usedPercent,
+                    windowMinutes: 10080,
+                    resetsAt: updatedAt.addingTimeInterval(2 * 24 * 60 * 60),
+                    resetDescription: nil)
+                : nil,
+            creditsRemaining: creditsRemaining,
+            accountPlan: "pro",
+            updatedAt: updatedAt)
+    }
+
+    private func makeAppStore(suite: String) -> UsageStore {
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings._test_activeManagedCodexAccount = nil
+        settings._test_activeManagedCodexRemoteHomePath = nil
+        settings._test_unreadableManagedCodexAccountStore = false
+        settings._test_managedCodexAccountStoreURL = nil
+        settings._test_liveSystemCodexAccount = nil
+        settings._test_codexReconciliationEnvironment = nil
+        settings.historicalTrackingEnabled = true
+        let historyURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString)
+            .appendingPathComponent("usage-history.jsonl")
+        let planStore = testPlanUtilizationHistoryStore(
+            suiteName: "CodexDashboardWorkedExampleParityTests-\(UUID().uuidString)")
+        return UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            historicalUsageHistoryStore: HistoricalUsageHistoryStore(fileURL: historyURL),
+            planUtilizationHistoryStore: planStore)
+    }
+
+    private func makeCLIContext(
+        authHome: URL?,
+        knownOwners: [CodexDashboardKnownOwnerCandidate]) -> ProviderFetchContext
+    {
+        let env = authHome.map { ["CODEX_HOME": $0.path] } ?? [:]
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        return ProviderFetchContext(
+            runtime: .cli,
+            sourceMode: .auto,
+            includeCredits: true,
+            webTimeout: 60,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: ProviderSettingsSnapshot.make(
+                codex: .init(
+                    usageDataSource: .auto,
+                    cookieSource: .auto,
+                    manualCookieHeader: nil,
+                    dashboardAuthorityKnownOwners: knownOwners)),
+            fetcher: UsageFetcher(environment: env),
+            claudeFetcher: ClaudeUsageFetcher(browserDetection: browserDetection),
+            browserDetection: browserDetection)
+    }
+
+    private func makeAuthHome(email: String?, accountId: String? = nil) throws -> URL {
+        let homeURL = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        try self.writeCodexAuthFile(homeURL: homeURL, email: email, accountId: accountId)
+        return homeURL
+    }
+
+    private func makeEmptyHome() -> URL {
+        let homeURL = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        try? FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        return homeURL
+    }
+
+    private func writeCodexAuthFile(
+        homeURL: URL,
+        email: String?,
+        accountId: String?) throws
+    {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        var tokens: [String: Any] = [
+            "accessToken": "access-token",
+            "refreshToken": "refresh-token",
+            "idToken": Self.fakeJWT(email: email, accountId: accountId),
+        ]
+        if let accountId {
+            tokens["accountId"] = accountId
+        }
+        let auth = ["tokens": tokens]
+        let data = try JSONSerialization.data(withJSONObject: auth)
+        try data.write(to: homeURL.appendingPathComponent("auth.json"))
+    }
+
+    private static func fakeJWT(email: String?, accountId: String?) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        var authClaims: [String: Any] = [
+            "chatgpt_plan_type": "pro",
+        ]
+        if let accountId {
+            authClaims["chatgpt_account_id"] = accountId
+        }
+        var claims: [String: Any] = [
+            "chatgpt_plan_type": "pro",
+            "https://api.openai.com/auth": authClaims,
+        ]
+        if let email {
+            claims["email"] = email
+        }
+        let payload = (try? JSONSerialization.data(withJSONObject: claims)) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
+
+    private func makeManagedAccountStoreURL(accounts: [ManagedCodexAccount]) throws -> URL {
+        let storeURL = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+        let store = FileManagedCodexAccountStore(fileURL: storeURL)
+        try store.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: accounts))
+        return storeURL
+    }
+
+    private func liveAccount(email: String, identity: CodexIdentity = .unresolved) -> ObservedSystemCodexAccount {
+        ObservedSystemCodexAccount(
+            email: email,
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date(),
+            identity: identity)
+    }
+
+    private func codexSnapshot(email: String, usedPercent: Double) -> UsageSnapshot {
+        UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: usedPercent,
+                windowMinutes: 300,
+                resetsAt: nil,
+                resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date(timeIntervalSince1970: 2000),
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: email,
+                accountOrganization: nil,
+                loginMethod: "Pro"))
+    }
+
+    private func credits(remaining: Double) -> CreditsSnapshot {
+        CreditsSnapshot(remaining: remaining, events: [], updatedAt: Date(timeIntervalSince1970: 2000))
+    }
+
+    private func makeUsage(email: String?) -> UsageSnapshot {
+        UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 10,
+                windowMinutes: 300,
+                resetsAt: Date(timeIntervalSince1970: 7200),
+                resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date(timeIntervalSince1970: 2000),
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: email,
+                accountOrganization: nil,
+                loginMethod: nil))
+    }
+
+    private func makeUsageBreakdown(
+        endingAt endDate: Date,
+        days: Int,
+        dailyCredits: Double) -> [OpenAIDashboardDailyBreakdown]
+    {
+        let formatter = DateFormatter()
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        formatter.timeZone = .current
+        formatter.dateFormat = "yyyy-MM-dd"
+        let calendar = Calendar(identifier: .gregorian)
+        let endDay = calendar.startOfDay(for: endDate)
+        return (0..<days).compactMap { offset in
+            guard let date = calendar.date(byAdding: .day, value: -offset, to: endDay) else { return nil }
+            return OpenAIDashboardDailyBreakdown(
+                day: formatter.string(from: date),
+                services: [
+                    OpenAIDashboardServiceUsage(service: "CLI", creditsUsed: dailyCredits),
+                ],
+                totalCreditsUsed: dailyCredits)
+        }
+    }
+}
diff --git a/Tests/CodexBarTests/CodexHistoryOwnershipTests.swift b/Tests/CodexBarTests/CodexHistoryOwnershipTests.swift
new file mode 100644
index 000000000..dbe002e1a
--- /dev/null
+++ b/Tests/CodexBarTests/CodexHistoryOwnershipTests.swift
@@ -0,0 +1,110 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct CodexHistoryOwnershipTests {
+    private let normalizedEmail = "user@example.com"
+    private let legacyEmailHash = "b4c9a289323b21a01c3e940f150eb9b8c542587f1abfd8f0e1cc1ffc5e475514"
+
+    @Test
+    func `serializes canonical provider-account key`() {
+        let key = CodexHistoryOwnership.canonicalKey(for: .providerAccount(id: "acct-123"))
+
+        #expect(key == "codex:v1:provider-account:acct-123")
+    }
+
+    @Test
+    func `serializes canonical email-hash key`() {
+        let key = CodexHistoryOwnership.canonicalKey(for: .emailOnly(normalizedEmail: self.normalizedEmail))
+
+        #expect(key == "codex:v1:email-hash:\(self.legacyEmailHash)")
+    }
+
+    @Test
+    func `unresolved identity has no canonical key`() {
+        let key = CodexHistoryOwnership.canonicalKey(for: .unresolved)
+
+        #expect(key == nil)
+    }
+
+    @Test
+    func `classifies canonical and legacy persisted keys`() {
+        let canonical = "codex:v1:provider-account:acct-123"
+        let legacy = CodexHistoryOwnership.classifyPersistedKey(
+            self.legacyEmailHash,
+            legacyEmailHash: self.legacyEmailHash)
+        let opaque = CodexHistoryOwnership.classifyPersistedKey(
+            "92a40b0d62f5f4f1b3dbd3f9ecb6c7700dd540d2d866e59d1c110f6b4d7f1abc",
+            legacyEmailHash: self.legacyEmailHash)
+
+        #expect(CodexHistoryOwnership.classifyPersistedKey(nil) == .legacyUnscoped)
+        #expect(CodexHistoryOwnership.classifyPersistedKey("") == .legacyUnscoped)
+        #expect(CodexHistoryOwnership.classifyPersistedKey(canonical) == .canonical(canonical))
+        #expect(legacy == .legacyEmailHash(self.legacyEmailHash))
+        #expect(opaque == .legacyOpaqueScoped("92a40b0d62f5f4f1b3dbd3f9ecb6c7700dd540d2d866e59d1c110f6b4d7f1abc"))
+    }
+
+    @Test
+    func `strict continuity passes for a single aliased email-hash owner`() {
+        let canonicalEmailHashKey = "codex:v1:email-hash:\(self.legacyEmailHash)"
+
+        let result = CodexHistoryOwnership.hasStrictSingleAccountContinuity(
+            scopedRawKeys: [self.legacyEmailHash],
+            targetCanonicalKey: canonicalEmailHashKey,
+            canonicalEmailHashKey: canonicalEmailHashKey,
+            legacyEmailHash: self.legacyEmailHash,
+            hasAdjacentMultiAccountVeto: false)
+
+        #expect(result)
+    }
+
+    @Test
+    func `strict continuity fails with ambiguous owners`() {
+        let canonicalEmailHashKey = "codex:v1:email-hash:\(self.legacyEmailHash)"
+
+        let result = CodexHistoryOwnership.hasStrictSingleAccountContinuity(
+            scopedRawKeys: [
+                canonicalEmailHashKey,
+                "codex:v1:provider-account:acct-123",
+            ],
+            targetCanonicalKey: canonicalEmailHashKey,
+            canonicalEmailHashKey: canonicalEmailHashKey,
+            legacyEmailHash: self.legacyEmailHash,
+            hasAdjacentMultiAccountVeto: false)
+
+        #expect(!result)
+    }
+
+    @Test
+    func `strict continuity fails when adjacent persisted evidence vetoes migration`() {
+        let canonicalEmailHashKey = "codex:v1:email-hash:\(self.legacyEmailHash)"
+
+        let result = CodexHistoryOwnership.hasStrictSingleAccountContinuity(
+            scopedRawKeys: [canonicalEmailHashKey],
+            targetCanonicalKey: canonicalEmailHashKey,
+            canonicalEmailHashKey: canonicalEmailHashKey,
+            legacyEmailHash: self.legacyEmailHash,
+            hasAdjacentMultiAccountVeto: true)
+
+        #expect(!result)
+    }
+
+    @Test
+    func `provider-account target inherits email continuity`() {
+        let providerAccountKey = "codex:v1:provider-account:acct-123"
+        let canonicalEmailHashKey = "codex:v1:email-hash:\(self.legacyEmailHash)"
+
+        let legacyMatchesProvider = CodexHistoryOwnership.belongsToTargetContinuity(
+            .legacyEmailHash(self.legacyEmailHash),
+            targetCanonicalKey: providerAccountKey,
+            canonicalEmailHashKey: canonicalEmailHashKey)
+        let canonicalMatchesProvider = CodexHistoryOwnership.belongsToTargetContinuity(
+            .canonical(canonicalEmailHashKey),
+            targetCanonicalKey: providerAccountKey,
+            canonicalEmailHashKey: canonicalEmailHashKey)
+
+        #expect(legacyMatchesProvider)
+        #expect(canonicalMatchesProvider)
+    }
+}
diff --git a/Tests/CodexBarTests/CodexIdentityResolverTests.swift b/Tests/CodexBarTests/CodexIdentityResolverTests.swift
new file mode 100644
index 000000000..fc44f8f39
--- /dev/null
+++ b/Tests/CodexBarTests/CodexIdentityResolverTests.swift
@@ -0,0 +1,43 @@
+import CodexBarCore
+import Testing
+
+struct CodexIdentityResolverTests {
+    @Test
+    func `resolver prefers provider account over email`() {
+        let identity = CodexIdentityResolver.resolve(
+            accountId: "account-123",
+            email: "Person@example.com")
+
+        #expect(identity == .providerAccount(id: "account-123"))
+    }
+
+    @Test
+    func `resolver falls back to normalized email when provider account missing`() {
+        let identity = CodexIdentityResolver.resolve(
+            accountId: nil,
+            email: " Person@example.com ")
+
+        #expect(identity == .emailOnly(normalizedEmail: "person@example.com"))
+    }
+
+    @Test
+    func `resolver returns unresolved when account data missing`() {
+        let identity = CodexIdentityResolver.resolve(accountId: nil, email: nil)
+
+        #expect(identity == .unresolved)
+    }
+
+    @Test
+    func `provider account does not equal email fallback even when email matches`() {
+        let providerAccount = CodexIdentityResolver.resolve(
+            accountId: "account-123",
+            email: "person@example.com")
+        let emailOnly = CodexIdentityResolver.resolve(
+            accountId: nil,
+            email: "person@example.com")
+
+        #expect(providerAccount == .providerAccount(id: "account-123"))
+        #expect(emailOnly == .emailOnly(normalizedEmail: "person@example.com"))
+        #expect(providerAccount != emailOnly)
+    }
+}
diff --git a/Tests/CodexBarTests/CodexManagedOpenAIWebRefreshTests.swift b/Tests/CodexBarTests/CodexManagedOpenAIWebRefreshTests.swift
new file mode 100644
index 000000000..a61a5c87f
--- /dev/null
+++ b/Tests/CodexBarTests/CodexManagedOpenAIWebRefreshTests.swift
@@ -0,0 +1,808 @@
+import Foundation
+import Testing
+@testable import CodexBar
+@testable import CodexBarCore
+
+@Suite(.serialized)
+@MainActor
+struct CodexManagedOpenAIWebRefreshTests {
+    @Test
+    func `regular refresh does not await OpenAI web scrape`() async throws {
+        let settings = try self
+            .makeSettingsStore(suite: "CodexManagedOpenAIWebRefreshTests-regular-refresh-nonblocking")
+        settings.statusChecksEnabled = false
+        if let codexMeta = ProviderRegistry.shared.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        let managedHomeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        try? Self.writeCodexAuthFile(
+            homeURL: managedHomeURL,
+            email: "managed@example.com",
+            plan: "Pro")
+        defer { try? FileManager.default.removeItem(at: managedHomeURL) }
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: managedHomeURL.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        let blocker = BlockingManagedOpenAIDashboardLoader()
+        let completion = RefreshCompletionProbe()
+        store._test_providerRefreshOverride = { _ in }
+        defer { store._test_providerRefreshOverride = nil }
+        store._test_codexCreditsLoaderOverride = {
+            CreditsSnapshot(remaining: 25, events: [], updatedAt: Date())
+        }
+        defer { store._test_codexCreditsLoaderOverride = nil }
+        store._test_openAIDashboardLoaderOverride = { _, _, _ in
+            try await blocker.awaitResult()
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+        store._test_openAIDashboardCookieImportOverride = { targetEmail, _, _, _, _ in
+            OpenAIDashboardBrowserCookieImporter.ImportResult(
+                sourceLabel: "Chrome",
+                cookieCount: 2,
+                signedInEmail: targetEmail,
+                matchesCodexEmail: true)
+        }
+        defer { store._test_openAIDashboardCookieImportOverride = nil }
+
+        let refreshTask = Task {
+            await store.refresh(forceTokenUsage: false)
+            await completion.markCompleted()
+        }
+
+        let didStart = await blocker.waitUntilStartedWithin(count: 1, timeout: .seconds(60))
+        #expect(didStart == true)
+        if !didStart {
+            refreshTask.cancel()
+            return
+        }
+
+        let completed = await completion.waitUntilCompleted(timeout: .seconds(2))
+        #expect(completed == true)
+        if !completed {
+            refreshTask.cancel()
+            await blocker.resumeNext(with: .failure(ManagedDashboardTestError.networkTimeout))
+            return
+        }
+        await refreshTask.value
+
+        let backgroundTask = try #require(store.openAIDashboardBackgroundRefreshTask)
+        #expect(await blocker.startedCount() == 1)
+
+        await blocker.resumeNext(with: .success(OpenAIDashboardSnapshot(
+            signedInEmail: managedAccount.email,
+            codeReviewRemainingPercent: 95,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            creditsRemaining: 25,
+            accountPlan: "Pro",
+            updatedAt: Date())))
+
+        await backgroundTask.value
+    }
+
+    @Test
+    func `regular refresh does not await Codex credits fetch`() async throws {
+        let settings = try self.makeSettingsStore(
+            suite: "CodexManagedOpenAIWebRefreshTests-regular-refresh-nonblocking-credits")
+        settings.statusChecksEnabled = false
+        settings.openAIWebAccessEnabled = false
+        if let codexMeta = ProviderRegistry.shared.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        let managedHomeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        try? Self.writeCodexAuthFile(
+            homeURL: managedHomeURL,
+            email: "managed@example.com",
+            plan: "Pro")
+        defer { try? FileManager.default.removeItem(at: managedHomeURL) }
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: managedHomeURL.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        let blocker = BlockingCreditsLoader()
+        let completion = RefreshCompletionProbe()
+        store._test_providerRefreshOverride = { _ in }
+        defer { store._test_providerRefreshOverride = nil }
+        store._test_codexCreditsLoaderOverride = {
+            try await blocker.awaitResult()
+        }
+        defer { store._test_codexCreditsLoaderOverride = nil }
+
+        let refreshTask = Task {
+            await store.refresh(forceTokenUsage: false)
+            await completion.markCompleted()
+        }
+
+        await blocker.waitUntilStarted(count: 1)
+
+        #expect(await blocker.startedCount() == 1)
+        #expect(await completion.isCompleted == true)
+
+        await blocker.resumeNext(with: .success(CreditsSnapshot(remaining: 25, events: [], updatedAt: Date())))
+
+        await refreshTask.value
+    }
+
+    @Test
+    func `background credits refresh persists updated widget snapshot after refresh returns`() async throws {
+        let settings = try self.makeSettingsStore(
+            suite: "CodexManagedOpenAIWebRefreshTests-widget-background-credits")
+        settings.statusChecksEnabled = false
+        settings.openAIWebAccessEnabled = false
+        if let codexMeta = ProviderRegistry.shared.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        let managedHomeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        try? Self.writeCodexAuthFile(
+            homeURL: managedHomeURL,
+            email: "managed@example.com",
+            plan: "Pro")
+        defer { try? FileManager.default.removeItem(at: managedHomeURL) }
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: managedHomeURL.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store.snapshots[.codex] = Self.codexSnapshot(email: managedAccount.email, usedPercent: 18)
+
+        let creditsBlocker = BlockingCreditsLoader()
+        let saver = BlockingWidgetSnapshotSaver()
+        store._test_providerRefreshOverride = { _ in }
+        defer { store._test_providerRefreshOverride = nil }
+        store._test_codexCreditsLoaderOverride = {
+            try await creditsBlocker.awaitResult()
+        }
+        defer { store._test_codexCreditsLoaderOverride = nil }
+        store._test_widgetSnapshotSaveOverride = { snapshot in
+            await saver.save(snapshot)
+        }
+        defer { store._test_widgetSnapshotSaveOverride = nil }
+
+        let refreshTask = Task {
+            await store.refresh(forceTokenUsage: false)
+        }
+
+        await refreshTask.value
+        await saver.waitUntilStarted(count: 1)
+
+        let firstSnapshots = await saver.savedSnapshots()
+        let firstCodexEntry = try #require(firstSnapshots.first?.entries.first { $0.provider == .codex })
+        #expect(firstCodexEntry.creditsRemaining == nil)
+
+        await saver.resumeNext()
+        let backgroundTask = try #require(store.creditsRefreshTask)
+        await creditsBlocker.resumeNext(with: .success(CreditsSnapshot(remaining: 25, events: [], updatedAt: Date())))
+        await backgroundTask.value
+        await saver.waitUntilStarted(count: 2)
+
+        #expect(await saver.startedCount() == 2)
+        let secondSnapshots = await saver.savedSnapshots()
+        let secondCodexEntry = try #require(secondSnapshots.last?.entries.first { $0.provider == .codex })
+        #expect(secondCodexEntry.creditsRemaining == 25)
+
+        await saver.resumeNext()
+        await store.widgetSnapshotPersistTask?.value
+    }
+
+    @Test
+    func `background dashboard refresh persists updated widget snapshot after refresh returns`() async throws {
+        let settings = try self.makeSettingsStore(
+            suite: "CodexManagedOpenAIWebRefreshTests-widget-background-dashboard")
+        settings.statusChecksEnabled = false
+        if let codexMeta = ProviderRegistry.shared.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        let managedHomeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        try? Self.writeCodexAuthFile(
+            homeURL: managedHomeURL,
+            email: "managed@example.com",
+            plan: "Pro")
+        defer { try? FileManager.default.removeItem(at: managedHomeURL) }
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: managedHomeURL.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store.snapshots[.codex] = Self.codexSnapshot(email: managedAccount.email, usedPercent: 18)
+        store.creditsRefreshTask = Task {}
+        store.creditsRefreshTaskKey = store.codexCreditsRefreshKey(
+            expectedGuard: store.currentCodexAccountScopedRefreshGuard())
+
+        let dashboardBlocker = BlockingManagedOpenAIDashboardLoader()
+        let saver = BlockingWidgetSnapshotSaver()
+        store._test_providerRefreshOverride = { _ in }
+        defer { store._test_providerRefreshOverride = nil }
+        store._test_codexCreditsLoaderOverride = {
+            CreditsSnapshot(remaining: 25, events: [], updatedAt: Date())
+        }
+        defer { store._test_codexCreditsLoaderOverride = nil }
+        store._test_openAIDashboardLoaderOverride = { _, _, _ in
+            try await dashboardBlocker.awaitResult()
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+        store._test_widgetSnapshotSaveOverride = { snapshot in
+            await saver.save(snapshot)
+        }
+        defer { store._test_widgetSnapshotSaveOverride = nil }
+
+        let refreshTask = Task {
+            await store.refresh(forceTokenUsage: false)
+        }
+
+        await refreshTask.value
+        await saver.waitUntilStarted(count: 1)
+
+        let firstSnapshots = await saver.savedSnapshots()
+        let firstCodexEntry = try #require(firstSnapshots.first?.entries.first { $0.provider == .codex })
+        #expect(firstCodexEntry.codeReviewRemainingPercent == nil)
+
+        await saver.resumeNext()
+        let backgroundTask = try #require(store.openAIDashboardBackgroundRefreshTask)
+        await dashboardBlocker.resumeNext(with: .success(OpenAIDashboardSnapshot(
+            signedInEmail: managedAccount.email,
+            codeReviewRemainingPercent: 95,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            creditsRemaining: 25,
+            accountPlan: "Pro",
+            updatedAt: Date())))
+        await backgroundTask.value
+        await saver.waitUntilStarted(count: 2)
+
+        #expect(await saver.startedCount() == 2)
+        let secondSnapshots = await saver.savedSnapshots()
+        let secondCodexEntry = try #require(secondSnapshots.last?.entries.first { $0.provider == .codex })
+        #expect(secondCodexEntry.codeReviewRemainingPercent == 95)
+
+        await saver.resumeNext()
+        await store.widgetSnapshotPersistTask?.value
+    }
+
+    @Test
+    func `manual cookie import bypasses same account refresh coalescing`() async throws {
+        let settings = try self.makeSettingsStore(
+            suite: "CodexManagedOpenAIWebRefreshTests-manual-import-bypass-coalesce")
+        let managedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-managed-openai-web-refresh-\(UUID().uuidString)", isDirectory: true)
+        try Self.writeCodexAuthFile(
+            homeURL: managedHome,
+            email: "managed@example.com",
+            plan: "Pro")
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        let blocker = BlockingManagedOpenAIDashboardLoader()
+        store._test_openAIDashboardLoaderOverride = { _, _, _ in
+            try await blocker.awaitResult()
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+        store._test_openAIDashboardCookieImportOverride = { targetEmail, _, _, _, _ in
+            OpenAIDashboardBrowserCookieImporter.ImportResult(
+                sourceLabel: "Chrome",
+                cookieCount: 2,
+                signedInEmail: targetEmail,
+                matchesCodexEmail: true)
+        }
+        defer { store._test_openAIDashboardCookieImportOverride = nil }
+
+        let expectedGuard = store.currentCodexOpenAIWebRefreshGuard()
+        let firstTask = Task {
+            await store.refreshOpenAIDashboardIfNeeded(force: true, expectedGuard: expectedGuard)
+        }
+        await blocker.waitUntilStarted(count: 1)
+
+        let manualImportTask = Task {
+            await store.importOpenAIDashboardBrowserCookiesNow()
+        }
+        await blocker.waitUntilStarted(count: 2)
+
+        await blocker.resumeNext(with: .success(OpenAIDashboardSnapshot(
+            signedInEmail: managedAccount.email,
+            codeReviewRemainingPercent: 70,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            creditsRemaining: 1,
+            accountPlan: "Free",
+            updatedAt: Date())))
+        await blocker.resumeNext(with: .success(OpenAIDashboardSnapshot(
+            signedInEmail: managedAccount.email,
+            codeReviewRemainingPercent: 95,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            creditsRemaining: 25,
+            accountPlan: "Pro",
+            updatedAt: Date())))
+
+        await firstTask.value
+        await manualImportTask.value
+
+        #expect(await blocker.startedCount() == 2)
+        #expect(store.openAIDashboard?.creditsRemaining == 25)
+        #expect(store.openAIDashboard?.accountPlan == "Pro")
+    }
+
+    @Test
+    func `stale cookie import status does not override later unrelated refresh failure`() async throws {
+        let settings = try self.makeSettingsStore(suite: "CodexManagedOpenAIWebRefreshTests-stale-cookie-status")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store.openAIDashboardCookieImportStatus =
+            "OpenAI cookies are for other@example.com, not managed@example.com."
+        store._test_openAIDashboardLoaderOverride = { _, _, _ in
+            throw ManagedDashboardTestError.networkTimeout
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+
+        let expectedGuard = store.currentCodexOpenAIWebRefreshGuard()
+        await store.refreshOpenAIDashboardIfNeeded(force: true, expectedGuard: expectedGuard)
+
+        #expect(store.lastOpenAIDashboardError == ManagedDashboardTestError.networkTimeout.localizedDescription)
+    }
+
+    @Test
+    func `navigation timeout imports cookies and retries dashboard refresh`() async throws {
+        let settings = try self.makeSettingsStore(suite: "CodexManagedOpenAIWebRefreshTests-timeout-import-retry")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        let blocker = BlockingManagedOpenAIDashboardLoader()
+        let importTracker = OpenAIDashboardImportCallTracker()
+        store._test_openAIDashboardLoaderOverride = { _, _, _ in
+            try await blocker.awaitResult()
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+        store._test_openAIDashboardCookieImportOverride = { targetEmail, _, _, _, _ in
+            _ = await importTracker.recordCall()
+            return OpenAIDashboardBrowserCookieImporter.ImportResult(
+                sourceLabel: "Chrome",
+                cookieCount: 2,
+                signedInEmail: targetEmail,
+                matchesCodexEmail: true)
+        }
+        defer { store._test_openAIDashboardCookieImportOverride = nil }
+
+        let expectedGuard = store.currentCodexOpenAIWebRefreshGuard()
+        let refreshTask = Task {
+            await store.refreshOpenAIDashboardIfNeeded(force: true, expectedGuard: expectedGuard)
+        }
+        await blocker.waitUntilStarted(count: 1)
+
+        await blocker.resumeNext(with: .failure(URLError(.timedOut)))
+        await importTracker.waitUntilCalls(count: 1)
+        await blocker.waitUntilStarted(count: 2)
+        await blocker.resumeNext(with: .success(OpenAIDashboardSnapshot(
+            signedInEmail: managedAccount.email,
+            codeReviewRemainingPercent: 90,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            creditsRemaining: 25,
+            accountPlan: "Pro",
+            updatedAt: Date())))
+
+        await refreshTask.value
+
+        #expect(await blocker.startedCount() == 2)
+        #expect(store.openAIDashboard?.creditsRemaining == 25)
+        #expect(store.lastOpenAIDashboardError == nil)
+    }
+
+    @Test
+    func `reset open A I web state blocks stale in flight dashboard completion`() async throws {
+        let settings = try self.makeSettingsStore(suite: "CodexManagedOpenAIWebRefreshTests-reset-invalidates-task")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        let blocker = BlockingManagedOpenAIDashboardLoader()
+        store._test_openAIDashboardLoaderOverride = { _, _, _ in
+            try await blocker.awaitResult()
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+
+        let expectedGuard = store.currentCodexOpenAIWebRefreshGuard()
+        let refreshTask = Task {
+            await store.refreshOpenAIDashboardIfNeeded(force: true, expectedGuard: expectedGuard)
+        }
+        await blocker.waitUntilStarted()
+
+        store.resetOpenAIWebState()
+        #expect(store.openAIDashboardRefreshTaskToken == nil)
+
+        await blocker.resumeNext(with: .success(OpenAIDashboardSnapshot(
+            signedInEmail: managedAccount.email,
+            codeReviewRemainingPercent: 85,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            creditsRemaining: 12,
+            accountPlan: "Pro",
+            updatedAt: Date())))
+
+        await refreshTask.value
+
+        #expect(store.openAIDashboard == nil)
+        #expect(store.lastOpenAIDashboardError == nil)
+    }
+
+    @Test
+    func `active refresh failure ignores stale import status from older task`() async throws {
+        let settings = try self.makeSettingsStore(suite: "CodexManagedOpenAIWebRefreshTests-concurrent-import-status")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store.openAIDashboardCookieImportStatus =
+            "OpenAI cookies are for other@example.com, not managed@example.com."
+        store._test_openAIDashboardLoaderOverride = { _, _, _ in
+            throw ManagedDashboardTestError.networkTimeout
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+
+        let expectedGuard = store.currentCodexOpenAIWebRefreshGuard()
+        await store.refreshOpenAIDashboardIfNeeded(force: true, expectedGuard: expectedGuard)
+
+        #expect(store.lastOpenAIDashboardError == ManagedDashboardTestError.networkTimeout.localizedDescription)
+    }
+
+    @Test
+    func `post import retry timeout exceeds normal retry timeout`() {
+        #expect(UsageStore.openAIWebDashboardFetchTimeout(didImportCookies: false) == 25)
+        #expect(UsageStore.openAIWebDashboardFetchTimeout(didImportCookies: true) == 25)
+        #expect(UsageStore.openAIWebRetryDashboardFetchTimeout(afterCookieImport: false) == 8)
+        #expect(UsageStore.openAIWebRetryDashboardFetchTimeout(afterCookieImport: true) == 25)
+    }
+
+    private func makeSettingsStore(suite: String) throws -> SettingsStore {
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        defaults.set(true, forKey: "providerDetectionCompleted")
+        let configStore = testConfigStore(suiteName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        let codexMetadata = try #require(ProviderDescriptorRegistry.metadata[.codex])
+        settings.setProviderEnabled(provider: .codex, metadata: codexMetadata, enabled: true)
+        settings.providerDetectionCompleted = true
+        settings.openAIWebAccessEnabled = true
+        settings.codexCookieSource = .auto
+        return settings
+    }
+
+    private static func writeCodexAuthFile(homeURL: URL, email: String, plan: String, accountId: String? = nil) throws {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        var tokens: [String: Any] = [
+            "accessToken": "access-token",
+            "refreshToken": "refresh-token",
+            "idToken": Self.fakeJWT(email: email, plan: plan, accountId: accountId),
+        ]
+        if let accountId {
+            tokens["accountId"] = accountId
+        }
+        let data = try JSONSerialization.data(withJSONObject: ["tokens": tokens], options: [.sortedKeys])
+        try data.write(to: homeURL.appendingPathComponent("auth.json"))
+    }
+
+    private static func fakeJWT(email: String, plan: String, accountId: String? = nil) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        var authClaims: [String: Any] = [
+            "chatgpt_plan_type": plan,
+        ]
+        if let accountId {
+            authClaims["chatgpt_account_id"] = accountId
+        }
+        let payload = (try? JSONSerialization.data(withJSONObject: [
+            "email": email,
+            "chatgpt_plan_type": plan,
+            "https://api.openai.com/auth": authClaims,
+        ])) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
+
+    private static func codexSnapshot(email: String, usedPercent: Double) -> UsageSnapshot {
+        UsageSnapshot(
+            primary: RateWindow(usedPercent: usedPercent, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: email,
+                accountOrganization: nil,
+                loginMethod: "Pro"))
+    }
+}
+
+private enum ManagedDashboardTestError: LocalizedError {
+    case networkTimeout
+
+    var errorDescription: String? {
+        switch self {
+        case .networkTimeout:
+            "Network timeout"
+        }
+    }
+}
+
+actor RefreshCompletionProbe {
+    private(set) var isCompleted = false
+
+    func markCompleted() {
+        self.isCompleted = true
+    }
+
+    func waitUntilCompleted(timeout: Duration = .seconds(5)) async -> Bool {
+        let startedAt = ContinuousClock.now
+        while !self.isCompleted {
+            if startedAt.duration(to: .now) >= timeout {
+                return false
+            }
+            try? await Task.sleep(for: .milliseconds(50))
+        }
+        return true
+    }
+}
+
+actor BlockingManagedOpenAIDashboardLoader {
+    private var continuations: [CheckedContinuation<Result<OpenAIDashboardSnapshot, Error>, Never>] = []
+    private var startWaiters: [(count: Int, continuation: CheckedContinuation<Void, Never>)] = []
+    private var started: Int = 0
+
+    func awaitResult() async throws -> OpenAIDashboardSnapshot {
+        let result = await withCheckedContinuation { continuation in
+            self.continuations.append(continuation)
+            self.started += 1
+            self.resumeReadyStartWaiters()
+        }
+        return try result.get()
+    }
+
+    func waitUntilStarted(count: Int = 1) async {
+        if self.started >= count { return }
+        await withCheckedContinuation { continuation in
+            self.startWaiters.append((count: count, continuation: continuation))
+        }
+    }
+
+    func waitUntilStartedWithin(count: Int = 1, timeout: Duration = .seconds(5)) async -> Bool {
+        let startedAt = ContinuousClock.now
+        while self.started < count {
+            if startedAt.duration(to: .now) >= timeout {
+                return false
+            }
+            try? await Task.sleep(for: .milliseconds(50))
+        }
+        return true
+    }
+
+    func startedCount() -> Int {
+        self.started
+    }
+
+    func resumeNext(with result: Result<OpenAIDashboardSnapshot, Error>) {
+        guard !self.continuations.isEmpty else { return }
+        let continuation = self.continuations.removeFirst()
+        continuation.resume(returning: result)
+    }
+
+    private func resumeReadyStartWaiters() {
+        var remaining: [(count: Int, continuation: CheckedContinuation<Void, Never>)] = []
+        for waiter in self.startWaiters {
+            if self.started >= waiter.count {
+                waiter.continuation.resume()
+            } else {
+                remaining.append(waiter)
+            }
+        }
+        self.startWaiters = remaining
+    }
+}
+
+actor BlockingCreditsLoader {
+    private var continuations: [CheckedContinuation<Result<CreditsSnapshot, Error>, Never>] = []
+    private var startWaiters: [(count: Int, continuation: CheckedContinuation<Void, Never>)] = []
+    private var started = 0
+
+    func awaitResult() async throws -> CreditsSnapshot {
+        let result = await withCheckedContinuation { continuation in
+            self.continuations.append(continuation)
+            self.started += 1
+            self.resumeReadyStartWaiters()
+        }
+        return try result.get()
+    }
+
+    func waitUntilStarted(count: Int = 1) async {
+        if self.started >= count { return }
+        await withCheckedContinuation { continuation in
+            self.startWaiters.append((count: count, continuation: continuation))
+        }
+    }
+
+    func startedCount() -> Int {
+        self.started
+    }
+
+    func resumeNext(with result: Result<CreditsSnapshot, Error>) {
+        guard !self.continuations.isEmpty else { return }
+        let continuation = self.continuations.removeFirst()
+        continuation.resume(returning: result)
+    }
+
+    private func resumeReadyStartWaiters() {
+        var remaining: [(count: Int, continuation: CheckedContinuation<Void, Never>)] = []
+        for waiter in self.startWaiters {
+            if self.started >= waiter.count {
+                waiter.continuation.resume()
+            } else {
+                remaining.append(waiter)
+            }
+        }
+        self.startWaiters = remaining
+    }
+}
+
+private actor OpenAIDashboardImportCallTracker {
+    private var calls: Int = 0
+    private var waiters: [(count: Int, continuation: CheckedContinuation<Void, Never>)] = []
+
+    func recordCall() -> Int {
+        self.calls += 1
+        self.resumeReadyWaiters()
+        return self.calls
+    }
+
+    func waitUntilCalls(count: Int) async {
+        if self.calls >= count { return }
+        await withCheckedContinuation { continuation in
+            self.waiters.append((count: count, continuation: continuation))
+        }
+    }
+
+    private func resumeReadyWaiters() {
+        var remaining: [(count: Int, continuation: CheckedContinuation<Void, Never>)] = []
+        for waiter in self.waiters {
+            if self.calls >= waiter.count {
+                waiter.continuation.resume()
+            } else {
+                remaining.append(waiter)
+            }
+        }
+        self.waiters = remaining
+    }
+}
diff --git a/Tests/CodexBarTests/CodexManagedOpenAIWebTestSupport.swift b/Tests/CodexBarTests/CodexManagedOpenAIWebTestSupport.swift
new file mode 100644
index 000000000..fce3d009f
--- /dev/null
+++ b/Tests/CodexBarTests/CodexManagedOpenAIWebTestSupport.swift
@@ -0,0 +1,207 @@
+import Foundation
+import Testing
+@testable import CodexBar
+@testable import CodexBarCore
+
+extension CodexManagedOpenAIWebTests {
+    @Test
+    func `same account dashboard refresh requests coalesce while one is in flight`() async throws {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-refresh-coalesce")
+        let managedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-openai-web-coalesce-\(UUID().uuidString)", isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+        try Self.writeCodexAuthFile(
+            homeURL: managedHome,
+            email: "managed@example.com",
+            plan: "pro",
+            accountId: "acct-managed")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            providerAccountID: "acct-managed",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        let blocker = CoalescingManagedOpenAIDashboardLoader()
+        store._test_openAIDashboardLoaderOverride = { _, _, _ in
+            try await blocker.awaitResult()
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+
+        let expectedGuard = store.currentCodexOpenAIWebRefreshGuard()
+        let firstTask = Task {
+            await store.refreshOpenAIDashboardIfNeeded(force: true, expectedGuard: expectedGuard)
+        }
+        await blocker.waitUntilStarted()
+
+        let secondTask = Task {
+            await store.refreshOpenAIDashboardIfNeeded(force: true, expectedGuard: expectedGuard)
+        }
+
+        try? await Task.sleep(nanoseconds: 50_000_000)
+        #expect(await blocker.startedCount() == 1)
+
+        await blocker.resume(with: .success(OpenAIDashboardSnapshot(
+            signedInEmail: managedAccount.email,
+            codeReviewRemainingPercent: 90,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            creditsRemaining: 10,
+            accountPlan: "Pro",
+            updatedAt: Date())))
+
+        await firstTask.value
+        await secondTask.value
+
+        #expect(await blocker.startedCount() == 1)
+        #expect(store.openAIDashboard?.signedInEmail == managedAccount.email)
+    }
+
+    @Test
+    func `friendly error shortens cookie mismatch copy`() {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-friendly-error-short")
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        let message = store.openAIDashboardFriendlyError(
+            body: "Sign in to continue",
+            targetEmail: "ratulsarna@gmail.com",
+            cookieImportStatus: "OpenAI cookies are for rdsarna@gmail.com, not ratulsarna@gmail.com.")
+
+        #expect(
+            message ==
+                "OpenAI cookies are for rdsarna@gmail.com, not ratulsarna@gmail.com. " +
+                "Switch chatgpt.com account, then refresh OpenAI cookies.")
+    }
+
+    func makeSettingsStore(suite: String) -> SettingsStore {
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        defaults.set(true, forKey: "providerDetectionCompleted")
+        let configStore = testConfigStore(suiteName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings._test_activeManagedCodexAccount = nil
+        settings._test_activeManagedCodexRemoteHomePath = nil
+        settings._test_unreadableManagedCodexAccountStore = false
+        settings._test_managedCodexAccountStoreURL = nil
+        settings._test_liveSystemCodexAccount = nil
+        settings._test_codexReconciliationEnvironment = nil
+        settings.providerDetectionCompleted = true
+        if let codexMetadata = ProviderDescriptorRegistry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMetadata, enabled: true)
+        }
+        settings.openAIWebAccessEnabled = true
+        settings.codexCookieSource = .auto
+        return settings
+    }
+
+    static func writeCodexAuthFile(
+        homeURL: URL,
+        email: String,
+        plan: String,
+        accountId: String? = nil) throws
+    {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        var tokens: [String: Any] = [
+            "accessToken": "access-token",
+            "refreshToken": "refresh-token",
+            "idToken": Self.fakeJWT(email: email, plan: plan, accountId: accountId),
+        ]
+        if let accountId {
+            tokens["accountId"] = accountId
+        }
+        let data = try JSONSerialization.data(withJSONObject: ["tokens": tokens], options: [.sortedKeys])
+        try data.write(to: homeURL.appendingPathComponent("auth.json"))
+    }
+
+    static func fakeJWT(email: String, plan: String, accountId: String? = nil) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        var authClaims: [String: Any] = [
+            "chatgpt_plan_type": plan,
+        ]
+        if let accountId {
+            authClaims["chatgpt_account_id"] = accountId
+        }
+        let payload = (try? JSONSerialization.data(withJSONObject: [
+            "email": email,
+            "chatgpt_plan_type": plan,
+            "https://api.openai.com/auth": authClaims,
+        ])) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
+}
+
+actor CoalescingManagedOpenAIDashboardLoader {
+    private var continuations: [CheckedContinuation<Result<OpenAIDashboardSnapshot, Error>, Never>] = []
+    private var startWaiters: [(count: Int, continuation: CheckedContinuation<Void, Never>)] = []
+    private var started: Int = 0
+
+    func awaitResult() async throws -> OpenAIDashboardSnapshot {
+        self.started += 1
+        self.resumeReadyStartWaiters()
+        let result = await withCheckedContinuation { continuation in
+            self.continuations.append(continuation)
+        }
+        return try result.get()
+    }
+
+    func waitUntilStarted(count: Int = 1) async {
+        if self.started >= count { return }
+        await withCheckedContinuation { continuation in
+            self.startWaiters.append((count: count, continuation: continuation))
+        }
+    }
+
+    func startedCount() -> Int {
+        self.started
+    }
+
+    func resume(with result: Result<OpenAIDashboardSnapshot, Error>) {
+        self.resumeNext(with: result)
+    }
+
+    func resumeNext(with result: Result<OpenAIDashboardSnapshot, Error>) {
+        guard !self.continuations.isEmpty else { return }
+        let continuation = self.continuations.removeFirst()
+        continuation.resume(returning: result)
+    }
+
+    private func resumeReadyStartWaiters() {
+        var remaining: [(count: Int, continuation: CheckedContinuation<Void, Never>)] = []
+        for waiter in self.startWaiters {
+            if self.started >= waiter.count {
+                waiter.continuation.resume()
+            } else {
+                remaining.append(waiter)
+            }
+        }
+        self.startWaiters = remaining
+    }
+}
diff --git a/Tests/CodexBarTests/CodexManagedOpenAIWebTests.swift b/Tests/CodexBarTests/CodexManagedOpenAIWebTests.swift
new file mode 100644
index 000000000..da934f23b
--- /dev/null
+++ b/Tests/CodexBarTests/CodexManagedOpenAIWebTests.swift
@@ -0,0 +1,881 @@
+import Foundation
+import Testing
+@testable import CodexBar
+@testable import CodexBarCore
+
+@Suite(.serialized)
+@MainActor
+struct CodexManagedOpenAIWebTests {
+    @Test
+    func `managed codex open A I web uses active managed identity and cache scope`() {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-managed")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let otherAccountID = UUID()
+        CookieHeaderCache.store(
+            provider: .codex,
+            scope: .managedAccount(otherAccountID),
+            cookieHeader: "auth=other-account",
+            sourceLabel: "Chrome")
+        CookieHeaderCache.store(
+            provider: .codex,
+            cookieHeader: "auth=provider-global",
+            sourceLabel: "Safari")
+        defer {
+            CookieHeaderCache.clear(provider: .codex, scope: .managedAccount(otherAccountID))
+            CookieHeaderCache.clear(provider: .codex)
+        }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        #expect(store.codexAccountEmailForOpenAIDashboard() == "managed@example.com")
+        #expect(store.codexCookieCacheScopeForOpenAIWeb() == .managedAccount(managedAccount.id))
+        #expect(CookieHeaderCache.load(provider: .codex, scope: store.codexCookieCacheScopeForOpenAIWeb()) == nil)
+    }
+
+    @Test
+    func `managed codex open A I web targets runtime auth backed email for selected account`() throws {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-managed-runtime-email")
+        let managedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+        try Self.writeCodexAuthFile(
+            homeURL: managedHome,
+            email: "renamed@example.com",
+            plan: "pro",
+            accountId: "acct-managed")
+
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "legacy@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        #expect(store.codexAccountEmailForOpenAIDashboard() == "renamed@example.com")
+        #expect(store.codexAccountEmailForOpenAIDashboard() != managedAccount.email)
+        #expect(store.currentCodexOpenAIWebRefreshGuard().accountKey == "renamed@example.com")
+        #expect(store.currentCodexOpenAIWebRefreshGuard().identity == .providerAccount(id: "acct-managed"))
+    }
+
+    @Test
+    func `live system codex open A I web uses live identity and no managed cache scope`() {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-live-system")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let liveAccount = ObservedSystemCodexAccount(
+            email: "system@example.com",
+            codexHomePath: "/tmp/live-codex-home",
+            observedAt: Date())
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings._test_liveSystemCodexAccount = liveAccount
+        settings.codexActiveSource = .liveSystem
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_liveSystemCodexAccount = nil
+        }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: ["CODEX_HOME": liveAccount.codexHomePath]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        #expect(store.codexAccountEmailForOpenAIDashboard() == liveAccount.email)
+        #expect(store.codexAccountEmailForOpenAIDashboard() != managedAccount.email)
+        #expect(store.codexCookieCacheScopeForOpenAIWeb() == nil)
+    }
+
+    @Test
+    func `live system codex open A I web does not reuse stale managed snapshot email after source switch`() {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-live-system-stale-managed-snapshot")
+        let isolatedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-openai-web-empty-\(UUID().uuidString)", isDirectory: true)
+        try? FileManager.default.createDirectory(at: isolatedHome, withIntermediateDirectories: true)
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings._test_codexReconciliationEnvironment = ["CODEX_HOME": isolatedHome.path]
+        settings.codexActiveSource = .liveSystem
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_codexReconciliationEnvironment = nil
+            try? FileManager.default.removeItem(at: isolatedHome)
+        }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: nil,
+                secondary: nil,
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: managedAccount.email,
+                    accountOrganization: nil,
+                    loginMethod: nil)),
+            provider: .codex)
+
+        #expect(store.codexAccountEmailForOpenAIDashboard() == nil)
+        #expect(store.codexAccountEmailForOpenAIDashboard() != managedAccount.email)
+        #expect(store.codexCookieCacheScopeForOpenAIWeb() == nil)
+    }
+
+    @Test
+    func `live system codex open A I web reuses last known live email without allowing any account`() async {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-live-system-last-known-email")
+        let isolatedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-openai-web-last-known-\(UUID().uuidString)", isDirectory: true)
+        try? FileManager.default.createDirectory(at: isolatedHome, withIntermediateDirectories: true)
+        let liveAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/tmp/live-codex-home",
+            observedAt: Date())
+        settings._test_liveSystemCodexAccount = liveAccount
+        settings._test_codexReconciliationEnvironment = ["CODEX_HOME": isolatedHome.path]
+        settings.codexActiveSource = .liveSystem
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        #expect(store.codexAccountEmailForOpenAIDashboard() == liveAccount.email)
+
+        settings._test_liveSystemCodexAccount = nil
+        defer {
+            settings._test_liveSystemCodexAccount = nil
+            settings._test_codexReconciliationEnvironment = nil
+            try? FileManager.default.removeItem(at: isolatedHome)
+        }
+
+        store.openAIDashboard = OpenAIDashboardSnapshot(
+            signedInEmail: "managed@example.com",
+            codeReviewRemainingPercent: 100,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            updatedAt: Date())
+        store.lastOpenAIDashboardCookieImportEmail = "managed-import@example.com"
+
+        var observedTargetEmail: String?
+        var observedAllowAnyAccount: Bool?
+        store._test_openAIDashboardCookieImportOverride = { targetEmail, allowAnyAccount, _, _, _ in
+            observedTargetEmail = targetEmail
+            observedAllowAnyAccount = allowAnyAccount
+            return OpenAIDashboardBrowserCookieImporter.ImportResult(
+                sourceLabel: "test",
+                cookieCount: 1,
+                signedInEmail: targetEmail,
+                matchesCodexEmail: true)
+        }
+        defer { store._test_openAIDashboardCookieImportOverride = nil }
+
+        let targetEmail = store.codexAccountEmailForOpenAIDashboard()
+        let imported = await store.importOpenAIDashboardCookiesIfNeeded(targetEmail: targetEmail, force: true)
+
+        #expect(targetEmail == liveAccount.email)
+        #expect(targetEmail != "managed@example.com")
+        #expect(targetEmail != "managed-import@example.com")
+        #expect(imported == liveAccount.email)
+        #expect(observedTargetEmail == liveAccount.email)
+        #expect(observedAllowAnyAccount == false)
+    }
+
+    @Test
+    func `successful dashboard apply preserves cached open A I web view for same account`() async {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-preserve-cache-on-success")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        OpenAIDashboardWebsiteDataStore.clearCacheForTesting()
+        let cache = OpenAIDashboardWebViewCache.shared
+        cache.clearAllForTesting()
+        defer {
+            cache.clearAllForTesting()
+            OpenAIDashboardWebsiteDataStore.clearCacheForTesting()
+        }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        let websiteDataStore = OpenAIDashboardWebsiteDataStore.store(forAccountEmail: managedAccount.email)
+        cache.cacheEntryForTesting(websiteDataStore: websiteDataStore)
+
+        #expect(cache.hasCachedEntry(for: websiteDataStore))
+
+        await store.applyOpenAIDashboard(
+            OpenAIDashboardSnapshot(
+                signedInEmail: managedAccount.email,
+                codeReviewRemainingPercent: 90,
+                creditEvents: [],
+                dailyBreakdown: [],
+                usageBreakdown: [],
+                creditsPurchaseURL: nil,
+                creditsRemaining: 10,
+                accountPlan: "Pro",
+                updatedAt: Date()),
+            targetEmail: managedAccount.email)
+
+        #expect(cache.hasCachedEntry(for: websiteDataStore))
+        #expect(cache.entryCount == 1)
+    }
+
+    @Test
+    func `dashboard refresh does not target stale last known live email`() async {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-live-system-refresh-strict-target")
+        let isolatedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-openai-web-refresh-strict-\(UUID().uuidString)", isDirectory: true)
+        try? FileManager.default.createDirectory(at: isolatedHome, withIntermediateDirectories: true)
+        let liveAccount = ObservedSystemCodexAccount(
+            email: "old@example.com",
+            codexHomePath: "/tmp/live-codex-home",
+            observedAt: Date())
+        settings._test_liveSystemCodexAccount = liveAccount
+        settings._test_codexReconciliationEnvironment = ["CODEX_HOME": isolatedHome.path]
+        settings.codexActiveSource = .liveSystem
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        #expect(store.codexAccountEmailForOpenAIDashboard() == liveAccount.email)
+
+        settings._test_liveSystemCodexAccount = nil
+        defer {
+            settings._test_liveSystemCodexAccount = nil
+            settings._test_codexReconciliationEnvironment = nil
+            try? FileManager.default.removeItem(at: isolatedHome)
+        }
+
+        var observedTargetEmail: String?
+        store._test_openAIDashboardLoaderOverride = { accountEmail, _, _ in
+            observedTargetEmail = accountEmail
+            return OpenAIDashboardSnapshot(
+                signedInEmail: "new@example.com",
+                codeReviewRemainingPercent: 88,
+                creditEvents: [],
+                dailyBreakdown: [],
+                usageBreakdown: [],
+                creditsPurchaseURL: nil,
+                primaryLimit: RateWindow(usedPercent: 12, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+                secondaryLimit: nil,
+                creditsRemaining: 22,
+                accountPlan: "Pro",
+                updatedAt: Date())
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+
+        let expectedGuard = store.currentCodexOpenAIWebRefreshGuard()
+        #expect(expectedGuard.accountKey == nil)
+
+        await store.refreshOpenAIDashboardIfNeeded(force: true, expectedGuard: expectedGuard)
+
+        #expect(observedTargetEmail == nil)
+        #expect(store.openAIDashboard == nil)
+        #expect(store.openAIDashboardRequiresLogin == true)
+        #expect(store.lastOpenAIDashboardError?.contains("could not be verified") == true)
+        #expect(store.lastKnownLiveSystemCodexEmail == "old@example.com")
+    }
+
+    @Test
+    func `dashboard refresh targets usage discovered live email before reconciliation catches up`() async {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-live-system-usage-discovered-target")
+        let isolatedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-openai-web-usage-discovered-\(UUID().uuidString)", isDirectory: true)
+        try? FileManager.default.createDirectory(at: isolatedHome, withIntermediateDirectories: true)
+        settings._test_codexReconciliationEnvironment = ["CODEX_HOME": isolatedHome.path]
+        settings.codexActiveSource = .liveSystem
+        defer {
+            settings._test_codexReconciliationEnvironment = nil
+            try? FileManager.default.removeItem(at: isolatedHome)
+        }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: nil,
+                secondary: nil,
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "usage@example.com",
+                    accountOrganization: nil,
+                    loginMethod: nil)),
+            provider: .codex)
+        store.lastSourceLabels[.codex] = "codex-cli"
+
+        var observedTargetEmail: String?
+        store._test_openAIDashboardLoaderOverride = { accountEmail, _, _ in
+            observedTargetEmail = accountEmail
+            return OpenAIDashboardSnapshot(
+                signedInEmail: "usage@example.com",
+                codeReviewRemainingPercent: 88,
+                creditEvents: [],
+                dailyBreakdown: [],
+                usageBreakdown: [],
+                creditsPurchaseURL: nil,
+                primaryLimit: RateWindow(usedPercent: 12, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+                secondaryLimit: nil,
+                creditsRemaining: 22,
+                accountPlan: "Pro",
+                updatedAt: Date())
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+
+        let expectedGuard = store.currentCodexOpenAIWebRefreshGuard()
+        #expect(expectedGuard.accountKey == nil)
+
+        await store.refreshOpenAIDashboardIfNeeded(force: true, expectedGuard: expectedGuard)
+
+        #expect(observedTargetEmail == "usage@example.com")
+        #expect(store.openAIDashboard?.signedInEmail == "usage@example.com")
+    }
+
+    @Test
+    func `usage discovered live email still surfaces open A I web login guidance during reconciliation lag`() async {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-live-system-usage-discovered-failure")
+        let isolatedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-openai-web-usage-discovered-failure-\(UUID().uuidString)", isDirectory: true)
+        try? FileManager.default.createDirectory(at: isolatedHome, withIntermediateDirectories: true)
+        settings._test_codexReconciliationEnvironment = ["CODEX_HOME": isolatedHome.path]
+        settings.codexActiveSource = .liveSystem
+        defer {
+            settings._test_codexReconciliationEnvironment = nil
+            try? FileManager.default.removeItem(at: isolatedHome)
+        }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: nil,
+                secondary: nil,
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "usage@example.com",
+                    accountOrganization: nil,
+                    loginMethod: nil)),
+            provider: .codex)
+        store.lastSourceLabels[.codex] = "codex-cli"
+
+        let expectedGuard = store.currentCodexOpenAIWebRefreshGuard()
+        #expect(expectedGuard.accountKey == nil)
+
+        await store.applyOpenAIDashboardLoginRequiredFailure(
+            expectedGuard: expectedGuard,
+            routingTargetEmail: "usage@example.com")
+
+        #expect(store.openAIDashboardRequiresLogin == true)
+        #expect(store.lastOpenAIDashboardError?.contains("requires a signed-in chatgpt.com session") == true)
+    }
+
+    @Test
+    func `open A I web import uses managed account target when live account differs`() async {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-targeting-active-vs-live")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let liveAccount = ObservedSystemCodexAccount(
+            email: "system@example.com",
+            codexHomePath: "/tmp/live-codex-home",
+            observedAt: Date())
+        let expectedScope = CookieHeaderCache.Scope.managedAccount(managedAccount.id)
+        let expectedEmail = managedAccount.email
+        var observedTargetEmail: String?
+        var observedScope: CookieHeaderCache.Scope?
+        var observedCookieSource: ProviderCookieSource?
+        var observedAllowAnyAccount = false
+
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings._test_liveSystemCodexAccount = liveAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_liveSystemCodexAccount = nil
+        }
+
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: liveAccount.email,
+                accountOrganization: nil,
+                loginMethod: nil))
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: ["CODEX_HOME": liveAccount.codexHomePath]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+        store._test_openAIDashboardCookieImportOverride = { targetEmail, allowAnyAccount, cookieSource, scope, _ in
+            observedTargetEmail = targetEmail
+            observedScope = scope
+            observedCookieSource = cookieSource
+            observedAllowAnyAccount = allowAnyAccount
+            return OpenAIDashboardBrowserCookieImporter.ImportResult(
+                sourceLabel: "test",
+                cookieCount: 1,
+                signedInEmail: targetEmail,
+                matchesCodexEmail: targetEmail == expectedEmail)
+        }
+        defer { store._test_openAIDashboardCookieImportOverride = nil }
+
+        let importerTarget = store.codexAccountEmailForOpenAIDashboard()
+        let imported = await store.importOpenAIDashboardCookiesIfNeeded(targetEmail: importerTarget, force: true)
+
+        #expect(importerTarget == expectedEmail)
+        #expect(importerTarget != liveAccount.email)
+        #expect(imported == expectedEmail)
+        #expect(observedTargetEmail == expectedEmail)
+        #expect(observedScope == expectedScope)
+        #expect(observedAllowAnyAccount == false)
+        #expect(observedCookieSource == .auto)
+        #expect(store.codexCookieCacheScopeForOpenAIWeb() == expectedScope)
+    }
+
+    @Test
+    func `open A I web prefers live identity when managed and live share email`() {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-same-email-prefers-live")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "person@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let liveAccount = ObservedSystemCodexAccount(
+            email: "PERSON@example.com",
+            codexHomePath: "/tmp/live-codex-home",
+            observedAt: Date())
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings._test_liveSystemCodexAccount = liveAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_liveSystemCodexAccount = nil
+        }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: ["CODEX_HOME": liveAccount.codexHomePath]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        #expect(settings.codexResolvedActiveSource == .liveSystem)
+        #expect(store.codexAccountEmailForOpenAIDashboard() == "person@example.com")
+        #expect(store.codexCookieCacheScopeForOpenAIWeb() == nil)
+    }
+
+    @Test
+    func `unmanaged codex open A I web falls back to provider global cache scope`() {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-unmanaged")
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        #expect(store.codexCookieCacheScopeForOpenAIWeb() == nil)
+    }
+
+    @Test
+    func `unreadable managed codex store fails closed for open A I web`() async {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-unreadable-store")
+        settings._test_unreadableManagedCodexAccountStore = true
+        settings.codexActiveSource = .managedAccount(id: UUID())
+        defer { settings._test_unreadableManagedCodexAccountStore = false }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        #expect(store.codexCookieCacheScopeForOpenAIWeb() == .managedStoreUnreadable)
+        #expect(store.codexAccountEmailForOpenAIDashboard() == nil)
+
+        let imported = await store.importOpenAIDashboardCookiesIfNeeded(targetEmail: nil, force: true)
+
+        #expect(imported == nil)
+        #expect(store.openAIDashboard == nil)
+        #expect(store.openAIDashboardRequiresLogin == true)
+        #expect(store.openAIDashboardCookieImportStatus?.contains("Managed Codex account data is unavailable") == true)
+
+        await store.refreshOpenAIDashboardIfNeeded(force: true)
+
+        #expect(store.openAIDashboard == nil)
+        #expect(store.openAIDashboardRequiresLogin == true)
+        #expect(store.lastOpenAIDashboardError?.contains("Managed Codex account data is unavailable") == true)
+    }
+
+    @Test
+    func `missing managed codex open A I web target fails closed`() async {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-missing-managed-target")
+        let storedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "stored@example.com",
+            managedHomePath: "/tmp/stored-managed-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let storeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-openai-web-\(UUID().uuidString).json")
+        let managedStore = FileManagedCodexAccountStore(fileURL: storeURL)
+        try? managedStore.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [storedAccount]))
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings.codexActiveSource = .managedAccount(id: UUID())
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        var importWasCalled = false
+        store._test_openAIDashboardCookieImportOverride = { _, _, _, _, _ in
+            importWasCalled = true
+            return OpenAIDashboardBrowserCookieImporter.ImportResult(
+                sourceLabel: "test",
+                cookieCount: 1,
+                signedInEmail: "unexpected@example.com",
+                matchesCodexEmail: true)
+        }
+        defer { store._test_openAIDashboardCookieImportOverride = nil }
+        store.openAIDashboard = OpenAIDashboardSnapshot(
+            signedInEmail: "stale-dashboard@example.com",
+            codeReviewRemainingPercent: 100,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            updatedAt: Date())
+        store.lastOpenAIDashboardCookieImportEmail = "stale-import@example.com"
+
+        #expect(store.codexAccountEmailForOpenAIDashboard() == nil)
+        #expect(store.codexCookieCacheScopeForOpenAIWeb() != nil)
+        #expect(store.codexCookieCacheScopeForOpenAIWeb() != .managedStoreUnreadable)
+
+        let imported = await store.importOpenAIDashboardCookiesIfNeeded(targetEmail: nil, force: true)
+        #expect(imported == nil)
+        #expect(importWasCalled == false)
+        #expect(store.openAIDashboard == nil)
+        #expect(store.openAIDashboardRequiresLogin == true)
+        #expect(store.openAIDashboardCookieImportStatus?
+            .contains("selected managed Codex account is unavailable") == true)
+
+        await store.refreshOpenAIDashboardIfNeeded(force: true)
+        #expect(importWasCalled == false)
+        #expect(store.openAIDashboard == nil)
+        #expect(store.lastOpenAIDashboardError?.contains("selected managed Codex account is unavailable") == true)
+    }
+
+    @Test
+    func `managed codex mismatch fail closed blocks stale dashboard restoration`() async {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-mismatch")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        let staleSnapshot = OpenAIDashboardSnapshot(
+            signedInEmail: managedAccount.email,
+            codeReviewRemainingPercent: 100,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            updatedAt: Date())
+
+        await store.applyOpenAIDashboard(staleSnapshot, targetEmail: managedAccount.email)
+        await store.applyOpenAIDashboard(
+            OpenAIDashboardSnapshot(
+                signedInEmail: "other@example.com",
+                codeReviewRemainingPercent: 100,
+                creditEvents: [],
+                dailyBreakdown: [],
+                usageBreakdown: [],
+                creditsPurchaseURL: nil,
+                updatedAt: Date()),
+            targetEmail: managedAccount.email)
+
+        #expect(store.openAIDashboard == nil)
+        #expect(store.lastOpenAIDashboardSnapshot == nil)
+        #expect(store.openAIDashboardRequiresLogin == true)
+        #expect(store.lastOpenAIDashboardError?.contains("OpenAI dashboard signed in as other@example.com") == true)
+
+        await store.applyOpenAIDashboardFailure(message: "No dashboard data")
+        #expect(store.openAIDashboard == nil)
+        #expect(store.lastOpenAIDashboardError == "No dashboard data")
+
+        await store.applyOpenAIDashboardLoginRequiredFailure()
+        #expect(store.openAIDashboard == nil)
+        #expect(store.openAIDashboardRequiresLogin == true)
+        #expect(store.lastOpenAIDashboardError?.contains("requires a signed-in chatgpt.com session") == true)
+    }
+
+    @Test
+    func `managed codex import mismatch fail closed blocks stale dashboard restoration`() async {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-import-mismatch")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store._test_openAIDashboardCookieImportOverride = { _, _, _, _, _ in
+            throw OpenAIDashboardBrowserCookieImporter.ImportError.noMatchingAccount(
+                found: [.init(sourceLabel: "Chrome", email: "other@example.com")])
+        }
+
+        let staleSnapshot = OpenAIDashboardSnapshot(
+            signedInEmail: managedAccount.email,
+            codeReviewRemainingPercent: 100,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            updatedAt: Date())
+        await store.applyOpenAIDashboard(staleSnapshot, targetEmail: managedAccount.email)
+
+        let imported = await store.importOpenAIDashboardCookiesIfNeeded(
+            targetEmail: managedAccount.email,
+            force: true)
+
+        #expect(imported == nil)
+        #expect(store.openAIDashboard == nil)
+        #expect(store.openAIDashboardRequiresLogin == true)
+        #expect(
+            store.openAIDashboardCookieImportStatus ==
+                "OpenAI cookies are for other@example.com, not managed@example.com.")
+
+        await store.applyOpenAIDashboardFailure(message: "No dashboard data")
+        #expect(store.openAIDashboard == nil)
+        #expect(store.lastOpenAIDashboardError == "No dashboard data")
+
+        await store.applyOpenAIDashboardLoginRequiredFailure()
+        #expect(store.openAIDashboard == nil)
+        #expect(store.openAIDashboardRequiresLogin == true)
+        #expect(store.lastOpenAIDashboardError?.contains("requires a signed-in chatgpt.com session") == true)
+    }
+
+    @Test
+    func `missing managed target failure handlers do not resurrect stale dashboard state`() async {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-missing-target-failure-handlers")
+        let isolatedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-openai-web-missing-target-\(UUID().uuidString)", isDirectory: true)
+        try? FileManager.default.createDirectory(at: isolatedHome, withIntermediateDirectories: true)
+        settings._test_codexReconciliationEnvironment = ["CODEX_HOME": isolatedHome.path]
+        settings.codexActiveSource = .managedAccount(id: UUID())
+        defer {
+            settings._test_codexReconciliationEnvironment = nil
+            try? FileManager.default.removeItem(at: isolatedHome)
+        }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        let staleSnapshot = OpenAIDashboardSnapshot(
+            signedInEmail: "stale@example.com",
+            codeReviewRemainingPercent: 100,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            updatedAt: Date())
+
+        await store.applyOpenAIDashboard(staleSnapshot, targetEmail: "stale@example.com")
+        await store.applyOpenAIDashboardFailure(message: "No dashboard data")
+
+        #expect(store.openAIDashboard == nil)
+        #expect(store.lastOpenAIDashboardSnapshot == nil)
+        #expect(store.lastOpenAIDashboardError?.contains("selected managed Codex account is unavailable") == true)
+
+        await store.applyOpenAIDashboard(staleSnapshot, targetEmail: "stale@example.com")
+        await store.applyOpenAIDashboardLoginRequiredFailure()
+
+        #expect(store.openAIDashboard == nil)
+        #expect(store.lastOpenAIDashboardSnapshot == nil)
+        #expect(store.openAIDashboardRequiresLogin == true)
+        #expect(store.lastOpenAIDashboardError?.contains("selected managed Codex account is unavailable") == true)
+    }
+
+    @Test
+    func `managed codex refresh stops after cookie mismatch instead of retrying web view`() async {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-mismatch-aborts-retry")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "ratulsarna@gmail.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        var loaderCalls = 0
+        store._test_openAIDashboardLoaderOverride = { _, _, _ in
+            loaderCalls += 1
+            throw OpenAIDashboardFetcher.FetchError.loginRequired
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+        store._test_openAIDashboardCookieImportOverride = { _, _, _, _, _ in
+            throw OpenAIDashboardBrowserCookieImporter.ImportError.noMatchingAccount(
+                found: [.init(sourceLabel: "Chrome", email: "rdsarna@gmail.com")])
+        }
+        defer { store._test_openAIDashboardCookieImportOverride = nil }
+
+        let expectedGuard = store.currentCodexOpenAIWebRefreshGuard()
+        await store.refreshOpenAIDashboardIfNeeded(force: true, expectedGuard: expectedGuard)
+
+        #expect(loaderCalls == 1)
+        #expect(
+            store.lastOpenAIDashboardError ==
+                "OpenAI cookies are for rdsarna@gmail.com, not ratulsarna@gmail.com. " +
+                "Switch chatgpt.com account, then refresh OpenAI cookies.")
+        #expect(store.openAIDashboard == nil)
+    }
+
+    @Test
+    func `managed codex refresh reports no matching web session without fake account`() async {
+        let settings = self.makeSettingsStore(suite: "CodexManagedOpenAIWebTests-no-matching-web-session")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "ratulsarna@gmail.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        store._test_openAIDashboardLoaderOverride = { _, _, _ in
+            throw OpenAIDashboardFetcher.FetchError.loginRequired
+        }
+        defer { store._test_openAIDashboardLoaderOverride = nil }
+        store._test_openAIDashboardCookieImportOverride = { _, _, _, _, _ in
+            throw OpenAIDashboardBrowserCookieImporter.ImportError.noMatchingAccount(found: [])
+        }
+        defer { store._test_openAIDashboardCookieImportOverride = nil }
+
+        let expectedGuard = store.currentCodexOpenAIWebRefreshGuard()
+        await store.refreshOpenAIDashboardIfNeeded(force: true, expectedGuard: expectedGuard)
+
+        #expect(
+            store.lastOpenAIDashboardError ==
+                "No matching OpenAI web session found for ratulsarna@gmail.com. " +
+                "Sign in to chatgpt.com as ratulsarna@gmail.com, then refresh OpenAI cookies.")
+        #expect(store.openAIDashboard == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/CodexManagedRoutingTests.swift b/Tests/CodexBarTests/CodexManagedRoutingTests.swift
new file mode 100644
index 000000000..2a2e2fcec
--- /dev/null
+++ b/Tests/CodexBarTests/CodexManagedRoutingTests.swift
@@ -0,0 +1,851 @@
+import Foundation
+import Testing
+@testable import CodexBar
+@testable import CodexBarCore
+
+@Suite(.serialized)
+@MainActor
+struct CodexManagedRoutingTests {
+    @Test
+    func `provider registry injects managed home when active source is managed account`() {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-registry")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/codex-managed-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+        }
+
+        let codexEnv = ProviderRegistry.makeEnvironment(
+            base: ["PATH": "/usr/bin"],
+            provider: .codex,
+            settings: settings,
+            tokenOverride: nil)
+        let claudeEnv = ProviderRegistry.makeEnvironment(
+            base: ["PATH": "/usr/bin"],
+            provider: .claude,
+            settings: settings,
+            tokenOverride: nil)
+
+        #expect(codexEnv["CODEX_HOME"] == managedAccount.managedHomePath)
+        #expect(claudeEnv["CODEX_HOME"] == nil)
+    }
+
+    @Test
+    func `provider registry scopes codex environment with source override without persisting selection`() throws {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-source-override-env")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/codex-managed-override-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let storeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-managed-override-\(UUID().uuidString).json")
+        let store = FileManagedCodexAccountStore(fileURL: storeURL)
+        try store.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [managedAccount]))
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings.codexActiveSource = .liveSystem
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        let env = ProviderRegistry.makeEnvironment(
+            base: ["CODEX_HOME": "/Users/example/.codex"],
+            provider: .codex,
+            settings: settings,
+            tokenOverride: nil,
+            codexActiveSourceOverride: .managedAccount(id: managedAccount.id))
+
+        #expect(env["CODEX_HOME"] == managedAccount.managedHomePath)
+        #expect(settings.codexActiveSource == .liveSystem)
+    }
+
+    @Test
+    func `provider registry builds codex snapshot with source override without persisting selection`() throws {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-source-override-snapshot")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/codex-managed-override-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let storeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-managed-snapshot-override-\(UUID().uuidString).json")
+        let store = FileManagedCodexAccountStore(fileURL: storeURL)
+        try store.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [managedAccount]))
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings.codexActiveSource = .liveSystem
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        let snapshot = ProviderRegistry.makeSettingsSnapshot(
+            settings: settings,
+            tokenOverride: nil,
+            codexActiveSourceOverride: .managedAccount(id: UUID()))
+
+        #expect(snapshot.codex?.managedAccountTargetUnavailable == true)
+        #expect(settings.codexActiveSource == .liveSystem)
+    }
+
+    @Test
+    func `provider registry preserves ambient live system home when active source is live system`() {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-live-system-routing")
+        let managedHomePath = "/tmp/managed-remote-home"
+        let liveHomePath = "/tmp/system-remote-home"
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: managedHomePath,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let liveSystemAccount = ObservedSystemCodexAccount(
+            email: "system@example.com",
+            codexHomePath: liveHomePath,
+            observedAt: Date())
+
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings._test_liveSystemCodexAccount = liveSystemAccount
+        settings.codexActiveSource = .liveSystem
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_liveSystemCodexAccount = nil
+        }
+
+        let env = ProviderRegistry.makeEnvironment(
+            base: ["CODEX_HOME": liveHomePath],
+            provider: .codex,
+            settings: settings,
+            tokenOverride: nil)
+
+        #expect(env["CODEX_HOME"] == liveHomePath)
+        #expect(env["CODEX_HOME"] != managedHomePath)
+    }
+
+    @Test
+    func `provider registry keeps managed home when live account differs`() {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-active-vs-live")
+        let managedHomePath = "/tmp/managed-remote-home"
+        let liveHomePath = "/tmp/system-remote-home"
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: managedHomePath,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let liveSystemAccount = ObservedSystemCodexAccount(
+            email: "system@example.com",
+            codexHomePath: liveHomePath,
+            observedAt: Date())
+
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings._test_liveSystemCodexAccount = liveSystemAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_liveSystemCodexAccount = nil
+        }
+
+        let env = ProviderRegistry.makeEnvironment(
+            base: ["CODEX_HOME": liveHomePath],
+            provider: .codex,
+            settings: settings,
+            tokenOverride: nil)
+
+        #expect(env["CODEX_HOME"] == managedHomePath)
+        #expect(env["CODEX_HOME"] != liveHomePath)
+    }
+
+    @Test
+    func `provider registry prefers live system routing when managed and live share email`() {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-same-email-prefers-live")
+        let managedHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        let liveHomePath = "/tmp/system-remote-home"
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "person@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let liveSystemAccount = ObservedSystemCodexAccount(
+            email: "PERSON@example.com",
+            codexHomePath: liveHomePath,
+            observedAt: Date())
+
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings._test_liveSystemCodexAccount = liveSystemAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_liveSystemCodexAccount = nil
+        }
+
+        let env = ProviderRegistry.makeEnvironment(
+            base: ["CODEX_HOME": liveHomePath],
+            provider: .codex,
+            settings: settings,
+            tokenOverride: nil)
+
+        #expect(settings.codexResolvedActiveSource == .liveSystem)
+        #expect(env["CODEX_HOME"] == liveHomePath)
+        #expect(env["CODEX_HOME"] != managedHome.path)
+    }
+
+    @Test
+    func `provider registry keeps managed routing when same email rows differ by identity strength`() throws {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-same-email-split-by-identity")
+        let managedHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        let liveHomePath = "/tmp/system-remote-home"
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+
+        try self.writeCodexAuthFile(
+            homeURL: managedHome,
+            email: "person@example.com",
+            plan: "pro",
+            accountId: "account-managed")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "person@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let liveSystemAccount = ObservedSystemCodexAccount(
+            email: "PERSON@example.com",
+            codexHomePath: liveHomePath,
+            observedAt: Date(),
+            identity: .emailOnly(normalizedEmail: "person@example.com"))
+
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings._test_liveSystemCodexAccount = liveSystemAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_liveSystemCodexAccount = nil
+        }
+
+        let env = ProviderRegistry.makeEnvironment(
+            base: ["CODEX_HOME": liveHomePath],
+            provider: .codex,
+            settings: settings,
+            tokenOverride: nil)
+
+        #expect(settings.codexResolvedActiveSource == .managedAccount(id: managedAccount.id))
+        #expect(env["CODEX_HOME"] == managedHome.path)
+        #expect(env["CODEX_HOME"] != liveHomePath)
+    }
+
+    @Test
+    func `persisted managed source corrects to live system when selected row collapses with live account`() {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-same-email-persist-correction")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "person@example.com",
+            managedHomePath: "/tmp/managed-remote-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let liveSystemAccount = ObservedSystemCodexAccount(
+            email: "PERSON@example.com",
+            codexHomePath: "/tmp/system-remote-home",
+            observedAt: Date())
+
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings._test_liveSystemCodexAccount = liveSystemAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_liveSystemCodexAccount = nil
+        }
+
+        let corrected = settings.persistResolvedCodexActiveSourceCorrectionIfNeeded()
+
+        #expect(corrected)
+        #expect(settings.codexActiveSource == .liveSystem)
+    }
+
+    @Test
+    func `codex provider refresh persists live correction for stale managed source`() async {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-provider-refresh-persists-correction")
+        let ambientHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: ambientHome) }
+
+        try? self.writeCodexAuthFile(homeURL: ambientHome, email: "live@example.com", plan: "pro")
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: ambientHome.path,
+            observedAt: Date())
+        settings.codexActiveSource = .managedAccount(id: UUID())
+        defer { settings._test_liveSystemCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: ["CODEX_HOME": ambientHome.path]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        #expect(settings.codexActiveSource != .liveSystem)
+
+        await store.refreshProvider(.codex, allowDisabled: true)
+
+        #expect(settings.codexActiveSource == .liveSystem)
+    }
+
+    @Test
+    func `full refresh persists live correction for stale managed source`() async {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-full-refresh-persists-correction")
+        let ambientHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: ambientHome) }
+
+        try? self.writeCodexAuthFile(homeURL: ambientHome, email: "live@example.com", plan: "pro")
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: ambientHome.path,
+            observedAt: Date())
+        settings.codexActiveSource = .managedAccount(id: UUID())
+        defer { settings._test_liveSystemCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: ["CODEX_HOME": ambientHome.path]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        #expect(settings.codexActiveSource != .liveSystem)
+
+        await store.refresh()
+
+        #expect(settings.codexActiveSource == .liveSystem)
+    }
+
+    @Test
+    func `provider registry fails closed when managed account store is unreadable`() {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-unreadable-store")
+        settings._test_unreadableManagedCodexAccountStore = true
+        settings.codexActiveSource = .managedAccount(id: UUID())
+        defer { settings._test_unreadableManagedCodexAccountStore = false }
+
+        let env = ProviderRegistry.makeEnvironment(
+            base: ["CODEX_HOME": "/Users/example/.codex"],
+            provider: .codex,
+            settings: settings,
+            tokenOverride: nil)
+
+        #expect(env["CODEX_HOME"] != nil)
+        #expect(env["CODEX_HOME"] != "/Users/example/.codex")
+        #expect(env["CODEX_HOME"]?.isEmpty == false)
+    }
+
+    @Test
+    func `provider registry bootstraps live system source instead of inferring managed fallback`() {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-unreadable-legacy-source")
+        settings._test_unreadableManagedCodexAccountStore = true
+        defer { settings._test_unreadableManagedCodexAccountStore = false }
+
+        let ambientHome = "/Users/example/.codex"
+        let env = ProviderRegistry.makeEnvironment(
+            base: ["CODEX_HOME": ambientHome],
+            provider: .codex,
+            settings: settings,
+            tokenOverride: nil)
+        let snapshot = settings.codexSettingsSnapshot(tokenOverride: nil)
+
+        #expect(env["CODEX_HOME"] == ambientHome)
+        #expect(settings.providerConfig(for: .codex)?.codexActiveSource == nil)
+        #expect(snapshot.managedAccountStoreUnreadable == false)
+        #expect(snapshot.managedAccountTargetUnavailable == false)
+    }
+
+    @Test
+    func `provider registry fails closed when selected managed source is missing from readable store`() throws {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-missing-managed-source")
+        let storedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "stored@example.com",
+            managedHomePath: "/tmp/stored-managed-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let storeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-managed-routing-\(UUID().uuidString).json")
+        let store = FileManagedCodexAccountStore(fileURL: storeURL)
+        try store.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [storedAccount]))
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings.codexActiveSource = .managedAccount(id: UUID())
+        settings._test_codexReconciliationEnvironment = ["CODEX_HOME": "/Users/example/.codex"]
+        defer {
+            settings._test_codexReconciliationEnvironment = nil
+            settings._test_managedCodexAccountStoreURL = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        let ambientHome = "/Users/example/.codex"
+        let expectedFailClosedPath = ManagedCodexHomeFactory.defaultRootURL()
+            .appendingPathComponent("managed-store-unreadable", isDirectory: true)
+            .path
+        let env = ProviderRegistry.makeEnvironment(
+            base: ["CODEX_HOME": ambientHome],
+            provider: .codex,
+            settings: settings,
+            tokenOverride: nil)
+
+        #expect(env["CODEX_HOME"] == expectedFailClosedPath)
+        #expect(env["CODEX_HOME"] != ambientHome)
+        #expect(env["CODEX_HOME"] != storedAccount.managedHomePath)
+    }
+
+    @Test
+    func `codex settings snapshot marks missing selected managed source as unavailable`() throws {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-missing-managed-snapshot")
+        let storedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "stored@example.com",
+            managedHomePath: "/tmp/stored-managed-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let storeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-managed-snapshot-\(UUID().uuidString).json")
+        let store = FileManagedCodexAccountStore(fileURL: storeURL)
+        try store.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [storedAccount]))
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings.codexActiveSource = .managedAccount(id: UUID())
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        let snapshot = settings.codexSettingsSnapshot(tokenOverride: nil)
+
+        #expect(snapshot.managedAccountStoreUnreadable == false)
+        #expect(snapshot.managedAccountTargetUnavailable == true)
+    }
+
+    @Test
+    func `codex settings snapshot ignores unreadable added account store when live system is active`() {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-live-system-snapshot")
+        settings._test_unreadableManagedCodexAccountStore = true
+        settings.codexActiveSource = .liveSystem
+        defer { settings._test_unreadableManagedCodexAccountStore = false }
+
+        let snapshot = settings.codexSettingsSnapshot(tokenOverride: nil)
+
+        #expect(snapshot.managedAccountStoreUnreadable == false)
+        #expect(snapshot.managedAccountTargetUnavailable == false)
+    }
+
+    @Test
+    func `codex settings snapshot keeps unreadable managed store fail closed when live account is present`() {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-unreadable-store-live-present")
+        settings._test_unreadableManagedCodexAccountStore = true
+        settings.codexActiveSource = .managedAccount(id: UUID())
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/example/.codex",
+            observedAt: Date(),
+            identity: .providerAccount(id: "acct-live"))
+        defer {
+            settings._test_unreadableManagedCodexAccountStore = false
+            settings._test_liveSystemCodexAccount = nil
+        }
+
+        let snapshot = settings.codexSettingsSnapshot(tokenOverride: nil)
+
+        #expect(snapshot.managedAccountStoreUnreadable == true)
+        #expect(snapshot.managedAccountTargetUnavailable == false)
+    }
+
+    @Test
+    func `codex settings snapshot keeps missing managed target fail closed when live account is present`() throws {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-missing-managed-live-present")
+        let storedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "stored@example.com",
+            managedHomePath: "/tmp/stored-managed-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let storeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-managed-live-present-\(UUID().uuidString).json")
+        let store = FileManagedCodexAccountStore(fileURL: storeURL)
+        try store.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [storedAccount]))
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings.codexActiveSource = .managedAccount(id: UUID())
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/example/.codex",
+            observedAt: Date(),
+            identity: .providerAccount(id: "acct-live"))
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        let snapshot = settings.codexSettingsSnapshot(tokenOverride: nil)
+
+        #expect(snapshot.managedAccountStoreUnreadable == false)
+        #expect(snapshot.managedAccountTargetUnavailable == true)
+    }
+
+    @Test
+    func `provider registry ignores debug managed home override without explicit managed source`() throws {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-debug-home-override")
+        let managedHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+
+        settings._test_activeManagedCodexRemoteHomePath = managedHome.path
+        defer { settings._test_activeManagedCodexRemoteHomePath = nil }
+        try self.writeCodexAuthFile(homeURL: managedHome, email: "managed@example.com", plan: "pro")
+
+        let ambientHome = "/Users/example/.codex"
+        let env = ProviderRegistry.makeEnvironment(
+            base: ["CODEX_HOME": ambientHome],
+            provider: .codex,
+            settings: settings,
+            tokenOverride: nil)
+
+        #expect(env["CODEX_HOME"] == ambientHome)
+        #expect(settings.providerConfig(for: .codex)?.codexActiveSource == nil)
+    }
+
+    @Test
+    func `provider registry builds codex fetcher scoped to managed home`() throws {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-registry-fetcher")
+        let managedHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+
+        settings._test_activeManagedCodexRemoteHomePath = managedHome.path
+        settings.codexActiveSource = .managedAccount(id: UUID())
+        try self.writeCodexAuthFile(homeURL: managedHome, email: "managed@example.com", plan: "pro")
+        defer {
+            settings._test_activeManagedCodexRemoteHomePath = nil
+        }
+
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        let specs = ProviderRegistry.shared.specs(
+            settings: settings,
+            metadata: ProviderDescriptorRegistry.metadata,
+            codexFetcher: UsageFetcher(environment: [:]),
+            claudeFetcher: ClaudeUsageFetcher(browserDetection: browserDetection),
+            browserDetection: browserDetection)
+        let context = try #require(specs[.codex]?.makeFetchContext())
+
+        let account = context.fetcher.loadAccountInfo()
+        #expect(account.email == "managed@example.com")
+        #expect(account.plan == "pro")
+    }
+
+    @Test
+    func `usage store builds codex fetch context with source override without persisting selection`() throws {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-usage-source-override")
+        let managedHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let storeURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-managed-usage-override-\(UUID().uuidString).json")
+        let managedStore = FileManagedCodexAccountStore(fileURL: storeURL)
+        try managedStore.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [managedAccount]))
+        try self.writeCodexAuthFile(homeURL: managedHome, email: "override@example.com", plan: "pro")
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings.codexActiveSource = .liveSystem
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        let context = store.makeFetchContext(
+            provider: .codex,
+            override: nil,
+            codexActiveSourceOverride: .managedAccount(id: managedAccount.id))
+
+        let account = context.fetcher.loadAccountInfo()
+        #expect(account.email == "override@example.com")
+        #expect(account.plan == "pro")
+        #expect(settings.codexActiveSource == .liveSystem)
+    }
+
+    @Test
+    func `usage store builds codex token account fetcher scoped to managed home`() throws {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-usage-store")
+        let managedHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+
+        settings._test_activeManagedCodexRemoteHomePath = managedHome.path
+        settings.codexActiveSource = .managedAccount(id: UUID())
+        try self.writeCodexAuthFile(homeURL: managedHome, email: "token@example.com", plan: "team")
+        defer {
+            settings._test_activeManagedCodexRemoteHomePath = nil
+        }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        let context = store.makeFetchContext(provider: .codex, override: nil)
+
+        let account = context.fetcher.loadAccountInfo()
+        #expect(account.email == "token@example.com")
+        #expect(account.plan == "team")
+    }
+
+    @Test
+    func `usage store builds codex credits fetcher scoped to managed home`() throws {
+        let settings = self.makeSettingsStore(suite: "CodexManagedRoutingTests-credits-fetcher")
+        let managedHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+
+        settings._test_activeManagedCodexRemoteHomePath = managedHome.path
+        settings.codexActiveSource = .managedAccount(id: UUID())
+        try self.writeCodexAuthFile(homeURL: managedHome, email: "credits@example.com", plan: "enterprise")
+        defer {
+            settings._test_activeManagedCodexRemoteHomePath = nil
+        }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        let account = store.codexCreditsFetcher().loadAccountInfo()
+
+        #expect(account.email == "credits@example.com")
+        #expect(account.plan == "enterprise")
+    }
+
+    @Test
+    func `default managed codex identity reader preserves provider account from scoped auth`() throws {
+        let managedHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+        try self.writeCodexAuthFile(
+            homeURL: managedHome,
+            email: "managed@example.com",
+            plan: "pro",
+            accountId: "managed-account-id")
+
+        let reader = DefaultManagedCodexIdentityReader()
+        let account = try reader.loadAccountIdentity(homePath: managedHome.path)
+
+        #expect(account.email == "managed@example.com")
+        #expect(account.plan == "pro")
+        #expect(account.identity == .providerAccount(id: "managed-account-id"))
+    }
+
+    @Test
+    func `codex O auth strategy availability reads auth from context env`() async throws {
+        let managedHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+
+        let credentials = CodexOAuthCredentials(
+            accessToken: "access-token",
+            refreshToken: "refresh-token",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+        try CodexOAuthCredentialsStore.save(credentials, env: ["CODEX_HOME": managedHome.path])
+
+        let strategy = CodexOAuthFetchStrategy()
+        let available = await strategy.isAvailable(self.makeContext(env: ["CODEX_HOME": managedHome.path]))
+
+        #expect(available)
+    }
+
+    @Test
+    func `codex O auth credentials store loads and saves using explicit env`() throws {
+        let managedHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: managedHome) }
+
+        let credentials = CodexOAuthCredentials(
+            accessToken: "access-token",
+            refreshToken: "refresh-token",
+            idToken: "id-token",
+            accountId: "account-id",
+            lastRefresh: Date())
+        let env = ["CODEX_HOME": managedHome.path]
+
+        try CodexOAuthCredentialsStore.save(credentials, env: env)
+
+        let authURL = CodexOAuthCredentialsStore._authFileURLForTesting(env: env)
+        #expect(authURL.path == managedHome.appendingPathComponent("auth.json").path)
+
+        let loaded = try CodexOAuthCredentialsStore.load(env: env)
+        #expect(loaded.accessToken == credentials.accessToken)
+        #expect(loaded.refreshToken == credentials.refreshToken)
+        #expect(loaded.idToken == credentials.idToken)
+        #expect(loaded.accountId == credentials.accountId)
+    }
+
+    @Test
+    func `codex no data message uses explicit environment home`() {
+        let env = ["CODEX_HOME": "/tmp/managed-codex-home"]
+
+        let message = CodexProviderDescriptor._noDataMessageForTesting(env: env)
+
+        #expect(message.contains("/tmp/managed-codex-home/sessions"))
+        #expect(message.contains("/tmp/managed-codex-home/archived_sessions"))
+    }
+
+    private func makeContext(env: [String: String]) -> ProviderFetchContext {
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        return ProviderFetchContext(
+            runtime: .app,
+            sourceMode: .auto,
+            includeCredits: false,
+            webTimeout: 60,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: nil,
+            fetcher: UsageFetcher(),
+            claudeFetcher: ClaudeUsageFetcher(browserDetection: browserDetection),
+            browserDetection: browserDetection)
+    }
+
+    private func makeSettingsStore(suite: String) -> SettingsStore {
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: InMemoryZaiTokenStore(),
+            syntheticTokenStore: InMemorySyntheticTokenStore(),
+            codexCookieStore: InMemoryCookieHeaderStore(),
+            claudeCookieStore: InMemoryCookieHeaderStore(),
+            cursorCookieStore: InMemoryCookieHeaderStore(),
+            opencodeCookieStore: InMemoryCookieHeaderStore(),
+            factoryCookieStore: InMemoryCookieHeaderStore(),
+            minimaxCookieStore: InMemoryMiniMaxCookieStore(),
+            minimaxAPITokenStore: InMemoryMiniMaxAPITokenStore(),
+            kimiTokenStore: InMemoryKimiTokenStore(),
+            kimiK2TokenStore: InMemoryKimiK2TokenStore(),
+            augmentCookieStore: InMemoryCookieHeaderStore(),
+            ampCookieStore: InMemoryCookieHeaderStore(),
+            copilotTokenStore: InMemoryCopilotTokenStore(),
+            tokenAccountStore: InMemoryTokenAccountStore())
+    }
+
+    private func writeCodexAuthFile(
+        homeURL: URL,
+        email: String,
+        plan: String,
+        accountId: String? = nil) throws
+    {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        var tokens: [String: Any] = [
+            "accessToken": "access-token",
+            "refreshToken": "refresh-token",
+            "idToken": Self.fakeJWT(email: email, plan: plan, accountId: accountId),
+        ]
+        if let accountId {
+            tokens["accountId"] = accountId
+        }
+        let auth = ["tokens": tokens]
+        let data = try JSONSerialization.data(withJSONObject: auth)
+        try data.write(to: homeURL.appendingPathComponent("auth.json"))
+    }
+
+    private static func fakeJWT(email: String, plan: String, accountId: String? = nil) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        var authClaims: [String: Any] = [
+            "chatgpt_plan_type": plan,
+        ]
+        if let accountId {
+            authClaims["chatgpt_account_id"] = accountId
+        }
+        let payload = (try? JSONSerialization.data(withJSONObject: [
+            "email": email,
+            "chatgpt_plan_type": plan,
+            "https://api.openai.com/auth": authClaims,
+        ])) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
+}
+
+private final class InMemoryZaiTokenStore: ZaiTokenStoring, @unchecked Sendable {
+    func loadToken() throws -> String? {
+        nil
+    }
+
+    func storeToken(_: String?) throws {}
+}
+
+private final class InMemorySyntheticTokenStore: SyntheticTokenStoring, @unchecked Sendable {
+    func loadToken() throws -> String? {
+        nil
+    }
+
+    func storeToken(_: String?) throws {}
+}
diff --git a/Tests/CodexBarTests/CodexOAuthTests.swift b/Tests/CodexBarTests/CodexOAuthTests.swift
index 10a628aa0..2d3410e84 100644
--- a/Tests/CodexBarTests/CodexOAuthTests.swift
+++ b/Tests/CodexBarTests/CodexOAuthTests.swift
@@ -2,10 +2,25 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct CodexOAuthTests {
+    private func makeContext(sourceMode: ProviderSourceMode = .auto) -> ProviderFetchContext {
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        return ProviderFetchContext(
+            runtime: .app,
+            sourceMode: sourceMode,
+            includeCredits: true,
+            webTimeout: 60,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: [:],
+            settings: nil,
+            fetcher: UsageFetcher(),
+            claudeFetcher: ClaudeUsageFetcher(browserDetection: browserDetection),
+            browserDetection: browserDetection)
+    }
+
     @Test
-    func parsesOAuthCredentials() throws {
+    func `parses O auth credentials`() throws {
         let json = """
         {
           "OPENAI_API_KEY": null,
@@ -27,7 +42,29 @@ struct CodexOAuthTests {
     }
 
     @Test
-    func parsesAPIKeyCredentials() throws {
+    func `parses legacy camel case O auth credentials`() throws {
+        let json = """
+        {
+          "OPENAI_API_KEY": null,
+          "tokens": {
+            "accessToken": "access-token",
+            "refreshToken": "refresh-token",
+            "idToken": "id-token",
+            "accountId": "account-123"
+          },
+          "last_refresh": "2025-12-20T12:34:56Z"
+        }
+        """
+        let creds = try CodexOAuthCredentialsStore.parse(data: Data(json.utf8))
+        #expect(creds.accessToken == "access-token")
+        #expect(creds.refreshToken == "refresh-token")
+        #expect(creds.idToken == "id-token")
+        #expect(creds.accountId == "account-123")
+        #expect(creds.lastRefresh != nil)
+    }
+
+    @Test
+    func `parses API key credentials`() throws {
         let json = """
         {
           "OPENAI_API_KEY": "sk-test"
@@ -41,7 +78,7 @@ struct CodexOAuthTests {
     }
 
     @Test
-    func decodesCreditsBalanceString() throws {
+    func `decodes credits balance string`() throws {
         let json = """
         {
           "plan_type": "pro",
@@ -67,7 +104,34 @@ struct CodexOAuthTests {
     }
 
     @Test
-    func mapsUsageWindowsFromOAuth() throws {
+    func `decodes prolite plan type without failing usage mapping`() throws {
+        let json = """
+        {
+          "plan_type": "prolite",
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": 12,
+              "reset_at": 1766948068,
+              "limit_window_seconds": 18000
+            }
+          }
+        }
+        """
+        let response = try CodexOAuthUsageFetcher._decodeUsageResponseForTesting(Data(json.utf8))
+        #expect(response.planType?.rawValue == "prolite")
+
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+        let mapped = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        #expect(mapped?.primary?.usedPercent == 12)
+    }
+
+    @Test
+    func `maps usage windows from O auth`() throws {
         let json = """
         {
           "rate_limit": {
@@ -90,7 +154,8 @@ struct CodexOAuthTests {
             idToken: nil,
             accountId: nil,
             lastRefresh: Date())
-        let snapshot = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        let mapped = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        let snapshot = try #require(mapped)
         #expect(snapshot.primary?.usedPercent == 22)
         #expect(snapshot.primary?.windowMinutes == 300)
         #expect(snapshot.secondary?.usedPercent == 43)
@@ -100,21 +165,541 @@ struct CodexOAuthTests {
     }
 
     @Test
-    func resolvesChatGPTUsageURLFromConfig() {
+    func `maps free weekly only window into secondary`() throws {
+        let json = """
+        {
+          "plan_type": "free",
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": 0,
+              "reset_at": 1775468693,
+              "limit_window_seconds": 604800
+            },
+            "secondary_window": null
+          }
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+        let mapped = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        let snapshot = try #require(mapped)
+        #expect(snapshot.primary == nil)
+        #expect(snapshot.secondary?.usedPercent == 0)
+        #expect(snapshot.secondary?.windowMinutes == 10080)
+    }
+
+    @Test
+    func `keeps single session window as primary`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": 9,
+              "reset_at": 1766948068,
+              "limit_window_seconds": 18000
+            },
+            "secondary_window": null
+          }
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+        let mapped = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        let snapshot = try #require(mapped)
+        #expect(snapshot.primary?.usedPercent == 9)
+        #expect(snapshot.primary?.windowMinutes == 300)
+        #expect(snapshot.secondary == nil)
+    }
+
+    @Test
+    func `preserves unknown single window as primary`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": 17,
+              "reset_at": 1766948068,
+              "limit_window_seconds": 32400
+            },
+            "secondary_window": null
+          }
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+        let mapped = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        let snapshot = try #require(mapped)
+        #expect(snapshot.primary?.usedPercent == 17)
+        #expect(snapshot.primary?.windowMinutes == 540)
+        #expect(snapshot.secondary == nil)
+    }
+
+    @Test
+    func `preserves unknown secondary only window as primary`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": null,
+            "secondary_window": {
+              "used_percent": 17,
+              "reset_at": 1766948068,
+              "limit_window_seconds": 32400
+            }
+          }
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+        let mapped = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        let snapshot = try #require(mapped)
+        #expect(snapshot.primary?.usedPercent == 17)
+        #expect(snapshot.primary?.windowMinutes == 540)
+        #expect(snapshot.secondary == nil)
+    }
+
+    @Test
+    func `swaps reversed weekly and unknown windows`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": 43,
+              "reset_at": 1767407914,
+              "limit_window_seconds": 604800
+            },
+            "secondary_window": {
+              "used_percent": 17,
+              "reset_at": 1766948068,
+              "limit_window_seconds": 32400
+            }
+          }
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+        let mapped = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        let snapshot = try #require(mapped)
+        #expect(snapshot.primary?.usedPercent == 17)
+        #expect(snapshot.primary?.windowMinutes == 540)
+        #expect(snapshot.secondary?.usedPercent == 43)
+        #expect(snapshot.secondary?.windowMinutes == 10080)
+    }
+
+    @Test
+    func `returns nil when O auth usage has no windows`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": null,
+            "secondary_window": null
+          }
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+        let snapshot = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        #expect(snapshot == nil)
+    }
+
+    @Test
+    func `keeps valid window when secondary window is malformed`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": 18,
+              "reset_at": 1766948068,
+              "limit_window_seconds": 18000
+            },
+            "secondary_window": {
+              "used_percent": "bad",
+              "reset_at": 1767407914,
+              "limit_window_seconds": 604800
+            }
+          }
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+        let snapshot = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        #expect(snapshot?.primary?.usedPercent == 18)
+        #expect(snapshot?.secondary == nil)
+    }
+
+    @Test
+    func `auto mode keeps weekly window when primary window is malformed`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": "bad",
+              "reset_at": 1766948068,
+              "limit_window_seconds": 18000
+            },
+            "secondary_window": {
+              "used_percent": 43,
+              "reset_at": 1767407914,
+              "limit_window_seconds": 604800
+            }
+          }
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+
+        let result = try CodexOAuthFetchStrategy._mapResultForTesting(
+            Data(json.utf8),
+            credentials: creds,
+            sourceMode: .auto)
+
+        #expect(result.usage.primary == nil)
+        #expect(result.usage.secondary?.usedPercent == 43)
+        #expect(result.usage.secondary?.windowMinutes == 10080)
+    }
+
+    @Test
+    func `explicit oauth keeps weekly window when primary window is malformed`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": "bad",
+              "reset_at": 1766948068,
+              "limit_window_seconds": 18000
+            },
+            "secondary_window": {
+              "used_percent": 43,
+              "reset_at": 1767407914,
+              "limit_window_seconds": 604800
+            }
+          }
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+
+        let result = try CodexOAuthFetchStrategy._mapResultForTesting(
+            Data(json.utf8),
+            credentials: creds,
+            sourceMode: .oauth)
+
+        #expect(result.usage.primary == nil)
+        #expect(result.usage.secondary?.usedPercent == 43)
+        #expect(result.usage.secondary?.windowMinutes == 10080)
+    }
+
+    @Test
+    func `auto mode preserves reversed session window when primary window is malformed`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": "bad",
+              "reset_at": 1767407914,
+              "limit_window_seconds": 604800
+            },
+            "secondary_window": {
+              "used_percent": 18,
+              "reset_at": 1766948068,
+              "limit_window_seconds": 18000
+            }
+          }
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+
+        let result = try CodexOAuthFetchStrategy._mapResultForTesting(
+            Data(json.utf8),
+            credentials: creds,
+            sourceMode: .auto)
+
+        #expect(result.usage.primary?.usedPercent == 18)
+        #expect(result.usage.primary?.windowMinutes == 300)
+        #expect(result.usage.secondary == nil)
+    }
+
+    @Test
+    func `auto mode keeps weekly window when reversed session window is malformed`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": 43,
+              "reset_at": 1767407914,
+              "limit_window_seconds": 604800
+            },
+            "secondary_window": {
+              "used_percent": "bad",
+              "reset_at": 1766948068,
+              "limit_window_seconds": 18000
+            }
+          }
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+
+        let result = try CodexOAuthFetchStrategy._mapResultForTesting(
+            Data(json.utf8),
+            credentials: creds,
+            sourceMode: .auto)
+
+        #expect(result.usage.primary == nil)
+        #expect(result.usage.secondary?.usedPercent == 43)
+        #expect(result.usage.secondary?.windowMinutes == 10080)
+    }
+
+    @Test
+    func `explicit oauth keeps weekly window when reversed session window is malformed`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": 43,
+              "reset_at": 1767407914,
+              "limit_window_seconds": 604800
+            },
+            "secondary_window": {
+              "used_percent": "bad",
+              "reset_at": 1766948068,
+              "limit_window_seconds": 18000
+            }
+          }
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+
+        let result = try CodexOAuthFetchStrategy._mapResultForTesting(
+            Data(json.utf8),
+            credentials: creds,
+            sourceMode: .oauth)
+
+        #expect(result.usage.primary == nil)
+        #expect(result.usage.secondary?.usedPercent == 43)
+        #expect(result.usage.secondary?.windowMinutes == 10080)
+    }
+
+    @Test
+    func `ignores malformed credits payload while keeping usage`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": 22,
+              "reset_at": 1766948068,
+              "limit_window_seconds": 18000
+            }
+          },
+          "credits": {
+            "has_credits": false,
+            "unlimited": false,
+            "balance": []
+          }
+        }
+        """
+        let response = try CodexOAuthUsageFetcher._decodeUsageResponseForTesting(Data(json.utf8))
+        #expect(response.credits?.hasCredits == false)
+        #expect(response.credits?.unlimited == false)
+        #expect(response.credits?.balance == nil)
+
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+        let snapshot = try CodexOAuthFetchStrategy._mapUsageForTesting(Data(json.utf8), credentials: creds)
+        #expect(snapshot?.primary?.usedPercent == 22)
+    }
+
+    @Test
+    func `credits only O auth payload still returns credits result`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": null,
+            "secondary_window": null
+          },
+          "credits": {
+            "has_credits": true,
+            "unlimited": false,
+            "balance": "14.5"
+          }
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+
+        let result = try CodexOAuthFetchStrategy._mapResultForTesting(Data(json.utf8), credentials: creds)
+
+        #expect(result.usage.primary == nil)
+        #expect(result.usage.secondary == nil)
+        #expect(result.credits?.remaining == 14.5)
+        #expect(result.sourceLabel == "oauth")
+    }
+
+    @Test
+    func `credits only O auth payload returns credits in auto mode`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": null,
+            "secondary_window": null
+          },
+          "credits": {
+            "has_credits": true,
+            "unlimited": false,
+            "balance": "14.5"
+          }
+        }
+        """
+        let creds = CodexOAuthCredentials(
+            accessToken: "access",
+            refreshToken: "refresh",
+            idToken: nil,
+            accountId: nil,
+            lastRefresh: Date())
+
+        let result = try CodexOAuthFetchStrategy._mapResultForTesting(
+            Data(json.utf8),
+            credentials: creds,
+            sourceMode: .auto)
+
+        #expect(result.usage.primary == nil)
+        #expect(result.usage.secondary == nil)
+        #expect(result.credits?.remaining == 14.5)
+        #expect(result.sourceLabel == "oauth")
+    }
+
+    @Test
+    func `auto mode only falls back from O auth on auth failures`() {
+        let strategy = CodexOAuthFetchStrategy()
+        let context = self.makeContext(sourceMode: .auto)
+
+        #expect(strategy.shouldFallback(on: CodexOAuthFetchError.unauthorized, context: context))
+        #expect(strategy.shouldFallback(on: CodexOAuthCredentialsError.notFound, context: context))
+        #expect(strategy.shouldFallback(on: CodexOAuthCredentialsError.missingTokens, context: context))
+        #expect(strategy.shouldFallback(on: CodexTokenRefresher.RefreshError.expired, context: context))
+        #expect(strategy.shouldFallback(on: CodexTokenRefresher.RefreshError.revoked, context: context))
+        #expect(strategy.shouldFallback(on: CodexTokenRefresher.RefreshError.reused, context: context))
+
+        #expect(!strategy.shouldFallback(on: UsageError.noRateLimitsFound, context: context))
+        #expect(!strategy.shouldFallback(on: CodexOAuthCredentialsError.decodeFailed("bad json"), context: context))
+        #expect(!strategy.shouldFallback(on: CodexOAuthFetchError.invalidResponse, context: context))
+        #expect(!strategy.shouldFallback(on: CodexOAuthFetchError.serverError(500, "offline"), context: context))
+        #expect(!strategy.shouldFallback(
+            on: CodexOAuthFetchError.networkError(URLError(.notConnectedToInternet)),
+            context: context))
+        #expect(!strategy.shouldFallback(
+            on: CodexTokenRefresher.RefreshError.networkError(URLError(.timedOut)),
+            context: context))
+    }
+
+    @Test
+    func `non 401 invalid grant refresh failure is treated as revoked`() {
+        let data = Data(#"{"error":"invalid_grant"}"#.utf8)
+        let error = CodexTokenRefresher._refreshFailureErrorForTesting(statusCode: 400, data: data)
+
+        switch error {
+        case .revoked:
+            break
+        default:
+            Issue.record("Expected invalid_grant to be treated as revoked")
+        }
+    }
+
+    @Test
+    func `non auth refresh failure remains invalid response`() {
+        let data = Data(#"{"error":"invalid_request"}"#.utf8)
+        let error = CodexTokenRefresher._refreshFailureErrorForTesting(statusCode: 400, data: data)
+
+        switch error {
+        case let .invalidResponse(message):
+            #expect(message == "Status 400")
+        default:
+            Issue.record("Expected invalid_request to remain an invalid response")
+        }
+    }
+
+    @Test
+    func `explicit O auth mode never falls back to CLI`() {
+        let strategy = CodexOAuthFetchStrategy()
+        let context = self.makeContext(sourceMode: .oauth)
+
+        #expect(!strategy.shouldFallback(on: CodexOAuthFetchError.unauthorized, context: context))
+        #expect(!strategy.shouldFallback(on: CodexTokenRefresher.RefreshError.expired, context: context))
+    }
+
+    @Test
+    func `resolves chat GPT usage URL from config`() {
         let config = "chatgpt_base_url = \"https://chatgpt.com/backend-api/\"\n"
         let url = CodexOAuthUsageFetcher._resolveUsageURLForTesting(configContents: config)
         #expect(url.absoluteString == "https://chatgpt.com/backend-api/wham/usage")
     }
 
     @Test
-    func resolvesCodexUsageURLFromConfig() {
+    func `resolves codex usage URL from config`() {
         let config = "chatgpt_base_url = \"https://api.openai.com\"\n"
         let url = CodexOAuthUsageFetcher._resolveUsageURLForTesting(configContents: config)
         #expect(url.absoluteString == "https://api.openai.com/api/codex/usage")
     }
 
     @Test
-    func normalizesChatGPTBaseURLWithoutBackendAPI() {
+    func `normalizes chat GPT base URL without backend API`() {
         let config = "chatgpt_base_url = \"https://chat.openai.com\"\n"
         let url = CodexOAuthUsageFetcher._resolveUsageURLForTesting(configContents: config)
         #expect(url.absoluteString == "https://chat.openai.com/backend-api/wham/usage")
diff --git a/Tests/CodexBarTests/CodexOpenAIWorkspaceResolverTests.swift b/Tests/CodexBarTests/CodexOpenAIWorkspaceResolverTests.swift
new file mode 100644
index 000000000..b0083f1a9
--- /dev/null
+++ b/Tests/CodexBarTests/CodexOpenAIWorkspaceResolverTests.swift
@@ -0,0 +1,144 @@
+import CodexBarCore
+import Foundation
+import Testing
+
+@Suite(.serialized)
+struct CodexOpenAIWorkspaceResolverTests {
+    @Test
+    func `resolver returns workspace identity and sends expected headers`() async throws {
+        defer {
+            CodexOpenAIWorkspaceStubURLProtocol.handler = nil
+            CodexOpenAIWorkspaceStubURLProtocol.requests = []
+        }
+        CodexOpenAIWorkspaceStubURLProtocol.requests = []
+
+        CodexOpenAIWorkspaceStubURLProtocol.handler = { request in
+            let requestURL = try #require(request.url)
+            let response = HTTPURLResponse(
+                url: requestURL,
+                statusCode: 200,
+                httpVersion: nil,
+                headerFields: nil)!
+            let data = Data("""
+            {
+              "items": [
+                { "id": "account-live", "name": "Team Alpha" }
+              ]
+            }
+            """.utf8)
+            return (response, data)
+        }
+
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [CodexOpenAIWorkspaceStubURLProtocol.self]
+        let session = URLSession(configuration: config)
+        let credentials = CodexOAuthCredentials(
+            accessToken: "access-token",
+            refreshToken: "refresh-token",
+            idToken: nil,
+            accountId: " account-live ",
+            lastRefresh: nil)
+
+        let identity = try await CodexOpenAIWorkspaceResolver.resolve(credentials: credentials, session: session)
+
+        #expect(identity == CodexOpenAIWorkspaceIdentity(
+            workspaceAccountID: "account-live",
+            workspaceLabel: "Team Alpha"))
+        #expect(CodexOpenAIWorkspaceStubURLProtocol.requests.count == 1)
+        #expect(CodexOpenAIWorkspaceStubURLProtocol.requests.first?.value(forHTTPHeaderField: "Authorization")
+            == "Bearer access-token")
+        #expect(CodexOpenAIWorkspaceStubURLProtocol.requests.first?.value(forHTTPHeaderField: "ChatGPT-Account-Id")
+            == "account-live")
+        #expect(CodexOpenAIWorkspaceStubURLProtocol.requests.first?.value(forHTTPHeaderField: "User-Agent")
+            == "codex-cli")
+    }
+
+    @Test
+    func `resolver returns personal when account name is empty`() async throws {
+        defer {
+            CodexOpenAIWorkspaceStubURLProtocol.handler = nil
+            CodexOpenAIWorkspaceStubURLProtocol.requests = []
+        }
+        CodexOpenAIWorkspaceStubURLProtocol.requests = []
+
+        CodexOpenAIWorkspaceStubURLProtocol.handler = { request in
+            let requestURL = try #require(request.url)
+            let response = HTTPURLResponse(
+                url: requestURL,
+                statusCode: 200,
+                httpVersion: nil,
+                headerFields: nil)!
+            let data = Data("""
+            {
+              "items": [
+                { "id": "account-live", "name": "   " }
+              ]
+            }
+            """.utf8)
+            return (response, data)
+        }
+
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [CodexOpenAIWorkspaceStubURLProtocol.self]
+        let session = URLSession(configuration: config)
+        let credentials = CodexOAuthCredentials(
+            accessToken: "access-token",
+            refreshToken: "refresh-token",
+            idToken: nil,
+            accountId: "account-live",
+            lastRefresh: nil)
+
+        let identity = try await CodexOpenAIWorkspaceResolver.resolve(credentials: credentials, session: session)
+
+        #expect(identity?.workspaceLabel == "Personal")
+    }
+
+    @Test
+    func `workspace identity cache persists and normalizes workspace ids`() throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+        let fileURL = root.appendingPathComponent("codex-openai-workspaces.json")
+
+        try CodexOpenAIWorkspaceIdentityCache.withFileURLOverrideForTesting(fileURL) {
+            let cache = CodexOpenAIWorkspaceIdentityCache()
+            try cache.store(CodexOpenAIWorkspaceIdentity(
+                workspaceAccountID: " Account-Live ",
+                workspaceLabel: "Team Alpha"))
+
+            #expect(cache.workspaceLabel(for: "account-live") == "Team Alpha")
+            #expect(cache.workspaceLabel(for: " ACCOUNT-LIVE ") == "Team Alpha")
+        }
+    }
+}
+
+final class CodexOpenAIWorkspaceStubURLProtocol: URLProtocol {
+    nonisolated(unsafe) static var requests: [URLRequest] = []
+    nonisolated(unsafe) static var handler: (@Sendable (URLRequest) throws -> (HTTPURLResponse, Data))?
+
+    override static func canInit(with request: URLRequest) -> Bool {
+        true
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        Self.requests.append(self.request)
+        guard let handler = Self.handler else {
+            self.client?.urlProtocol(self, didFailWithError: URLError(.badServerResponse))
+            return
+        }
+
+        do {
+            let (response, data) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
+}
diff --git a/Tests/CodexBarTests/CodexPlanFormattingTests.swift b/Tests/CodexBarTests/CodexPlanFormattingTests.swift
new file mode 100644
index 000000000..ca82b8f00
--- /dev/null
+++ b/Tests/CodexBarTests/CodexPlanFormattingTests.swift
@@ -0,0 +1,40 @@
+import CodexBarCore
+import Foundation
+import Testing
+
+struct CodexPlanFormattingTests {
+    @Test
+    func `maps Codex pro plans to usage multiplier names`() {
+        #expect(CodexPlanFormatting.displayName("pro") == "Pro 20x")
+        #expect(CodexPlanFormatting.displayName("Pro") == "Pro 20x")
+        #expect(CodexPlanFormatting.displayName("Codex Pro") == "Pro 20x")
+        #expect(CodexPlanFormatting.displayName("prolite") == "Pro 5x")
+        #expect(CodexPlanFormatting.displayName("pro_lite") == "Pro 5x")
+        #expect(CodexPlanFormatting.displayName("pro-lite") == "Pro 5x")
+        #expect(CodexPlanFormatting.displayName("Pro Lite") == "Pro 5x")
+        #expect(CodexPlanFormatting.displayName("Codex Pro Lite") == "Pro 5x")
+    }
+
+    @Test
+    func `returns nil for empty plan values`() {
+        #expect(CodexPlanFormatting.displayName(nil) == nil)
+        #expect(CodexPlanFormatting.displayName("") == nil)
+        #expect(CodexPlanFormatting.displayName("   ") == nil)
+    }
+
+    @Test
+    func `humanizes machine style plan identifiers`() {
+        #expect(
+            CodexPlanFormatting.displayName("enterprise_cbp_usage_based")
+                == "Enterprise CBP Usage Based")
+        #expect(
+            CodexPlanFormatting.displayName("self_serve_business_usage_based")
+                == "Self Serve Business Usage Based")
+        #expect(CodexPlanFormatting.displayName("k12") == "K12")
+    }
+
+    @Test
+    func `preserves unrelated already readable plan text`() {
+        #expect(CodexPlanFormatting.displayName("Enterprise") == "Enterprise")
+    }
+}
diff --git a/Tests/CodexBarTests/CodexPresentationCharacterizationTests.swift b/Tests/CodexBarTests/CodexPresentationCharacterizationTests.swift
new file mode 100644
index 000000000..670c44cd9
--- /dev/null
+++ b/Tests/CodexBarTests/CodexPresentationCharacterizationTests.swift
@@ -0,0 +1,491 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+@MainActor
+struct CodexPresentationCharacterizationTests {
+    @Test
+    func `weekly only Codex menu rendering omits session row`() {
+        let settings = self.makeSettingsStore(suite: "CodexPresentationCharacterizationTests-weekly-only")
+        settings.statusChecksEnabled = false
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(
+            fetcher: fetcher,
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: nil,
+                secondary: RateWindow(
+                    usedPercent: 20,
+                    windowMinutes: 10080,
+                    resetsAt: nil,
+                    resetDescription: "Apr 6, 2026"),
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "codex@example.com",
+                    accountOrganization: nil,
+                    loginMethod: "free")),
+            provider: .codex)
+
+        let descriptor = MenuDescriptor.build(
+            provider: .codex,
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updateReady: false,
+            includeContextualActions: false)
+
+        let lines = self.textLines(from: descriptor)
+        #expect(!lines.contains(where: { $0.hasPrefix("Session:") }))
+        #expect(lines.contains(where: { $0.hasPrefix("Weekly:") }))
+    }
+
+    @Test
+    func `Codex menu does not surface identity from another provider snapshot`() {
+        let settings = self.makeSettingsStore(suite: "CodexPresentationCharacterizationTests-provider-silo")
+        settings.statusChecksEnabled = false
+
+        let fetcher = UsageFetcher(environment: [:])
+        let store = UsageStore(
+            fetcher: fetcher,
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(usedPercent: 12, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "codex@example.com",
+                    accountOrganization: nil,
+                    loginMethod: "free")),
+            provider: .codex)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(usedPercent: 40, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .claude,
+                    accountEmail: "claude@example.com",
+                    accountOrganization: nil,
+                    loginMethod: "max")),
+            provider: .claude)
+
+        let descriptor = MenuDescriptor.build(
+            provider: .codex,
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updateReady: false,
+            includeContextualActions: false)
+
+        let lines = self.textLines(from: descriptor)
+        #expect(lines.contains("Account: codex@example.com"))
+        #expect(lines.contains("Plan: Free"))
+        #expect(!lines.contains("Account: claude@example.com"))
+        #expect(!lines.contains("Plan: Max"))
+    }
+
+    @Test
+    func `Codex menu maps prolite plan to multiplier display name`() {
+        let settings = self.makeSettingsStore(suite: "CodexPresentationCharacterizationTests-prolite")
+        settings.statusChecksEnabled = false
+
+        let fetcher = UsageFetcher(environment: [:])
+        let store = UsageStore(
+            fetcher: fetcher,
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(usedPercent: 12, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "codex@example.com",
+                    accountOrganization: nil,
+                    loginMethod: "prolite")),
+            provider: .codex)
+
+        let descriptor = MenuDescriptor.build(
+            provider: .codex,
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updateReady: false,
+            includeContextualActions: false)
+
+        let lines = self.textLines(from: descriptor)
+        #expect(lines.contains("Plan: Pro 5x"))
+        #expect(!lines.contains("Plan: Pro Lite"))
+        #expect(!lines.contains("Plan: Prolite"))
+    }
+
+    @Test
+    func `Codex menu prefers snapshot identity over conflicting fallback account info`() throws {
+        let settings = self.makeSettingsStore(suite: "CodexPresentationCharacterizationTests-snapshot-precedence")
+        settings.statusChecksEnabled = false
+        let managedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-presentation-fallback-\(UUID().uuidString)", isDirectory: true)
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "fallback@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        try Self.writeCodexAuthFile(homeURL: managedHome, email: "fallback@example.com", plan: "plus")
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings._test_activeManagedCodexRemoteHomePath = managedHome.path
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_activeManagedCodexRemoteHomePath = nil
+            try? FileManager.default.removeItem(at: managedHome)
+        }
+
+        let fetcher = UsageFetcher(environment: [:])
+        let store = UsageStore(
+            fetcher: fetcher,
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(usedPercent: 12, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "snapshot@example.com",
+                    accountOrganization: nil,
+                    loginMethod: "enterprise")),
+            provider: .codex)
+
+        let fallback = store.accountInfo(for: .codex)
+        #expect(fallback.email == "fallback@example.com")
+        #expect(fallback.plan == "plus")
+
+        let descriptor = MenuDescriptor.build(
+            provider: .codex,
+            store: store,
+            settings: settings,
+            account: AccountInfo(email: nil, plan: nil),
+            updateReady: false,
+            includeContextualActions: false)
+
+        let lines = self.textLines(from: descriptor)
+        #expect(lines.contains("Account: snapshot@example.com"))
+        #expect(lines.contains("Plan: Enterprise"))
+        #expect(!lines.contains("Account: fallback@example.com"))
+        #expect(!lines.contains("Plan: Plus"))
+    }
+
+    @Test
+    func `Codex menu falls back per field when snapshot identity is partial`() {
+        let settings = self.makeSettingsStore(suite: "CodexPresentationCharacterizationTests-partial-fallback")
+        settings.statusChecksEnabled = false
+        let managedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-presentation-partial-\(UUID().uuidString)", isDirectory: true)
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "fallback@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        try? Self.writeCodexAuthFile(homeURL: managedHome, email: "fallback@example.com", plan: "plus")
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings._test_activeManagedCodexRemoteHomePath = managedHome.path
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_activeManagedCodexRemoteHomePath = nil
+            try? FileManager.default.removeItem(at: managedHome)
+        }
+
+        let fetcher = UsageFetcher(environment: [:])
+        let store = UsageStore(
+            fetcher: fetcher,
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(usedPercent: 12, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "snapshot@example.com",
+                    accountOrganization: nil,
+                    loginMethod: nil)),
+            provider: .codex)
+
+        let descriptor = MenuDescriptor.build(
+            provider: .codex,
+            store: store,
+            settings: settings,
+            account: AccountInfo(email: nil, plan: nil),
+            updateReady: false,
+            includeContextualActions: false)
+
+        let lines = self.textLines(from: descriptor)
+        #expect(lines.contains("Account: snapshot@example.com"))
+        #expect(lines.contains("Plan: Plus"))
+        #expect(!lines.contains("Account: fallback@example.com"))
+    }
+
+    @Test
+    func `managed OpenAI web targeting uses active managed Codex identity and scope`() {
+        let settings = self.makeSettingsStore(suite: "CodexPresentationCharacterizationTests-managed-openai-web")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer { settings._test_activeManagedCodexAccount = nil }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        #expect(store.codexAccountEmailForOpenAIDashboard() == managedAccount.email)
+        #expect(store.codexCookieCacheScopeForOpenAIWeb() == .managedAccount(managedAccount.id))
+    }
+
+    @Test
+    func `live OpenAI web targeting uses live Codex identity without managed scope`() {
+        let settings = self.makeSettingsStore(suite: "CodexPresentationCharacterizationTests-live-openai-web")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let liveAccount = ObservedSystemCodexAccount(
+            email: "system@example.com",
+            codexHomePath: "/tmp/live-codex-home",
+            observedAt: Date())
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings._test_liveSystemCodexAccount = liveAccount
+        settings.codexActiveSource = .liveSystem
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_liveSystemCodexAccount = nil
+        }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: ["CODEX_HOME": liveAccount.codexHomePath]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        #expect(store.codexAccountEmailForOpenAIDashboard() == liveAccount.email)
+        #expect(store.codexAccountEmailForOpenAIDashboard() != managedAccount.email)
+        #expect(store.codexCookieCacheScopeForOpenAIWeb() == nil)
+    }
+
+    @Test
+    func `same email managed and live Codex resolves to live for OpenAI web targeting`() {
+        let settings = self.makeSettingsStore(suite: "CodexPresentationCharacterizationTests-same-email-prefers-live")
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "person@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let liveAccount = ObservedSystemCodexAccount(
+            email: "PERSON@example.com",
+            codexHomePath: "/tmp/live-codex-home",
+            observedAt: Date())
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings._test_liveSystemCodexAccount = liveAccount
+        settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_liveSystemCodexAccount = nil
+        }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: ["CODEX_HOME": liveAccount.codexHomePath]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        #expect(settings.codexResolvedActiveSource == .liveSystem)
+        #expect(store.codexAccountEmailForOpenAIDashboard() == "person@example.com")
+        #expect(store.codexAccountEmailForOpenAIDashboard() != liveAccount.email)
+        #expect(store.codexCookieCacheScopeForOpenAIWeb() == nil)
+    }
+
+    @Test
+    func `live OpenAI web targeting does not reuse stale managed Codex snapshot identity`() {
+        let settings = self.makeSettingsStore(suite: "CodexPresentationCharacterizationTests-stale-managed-snapshot")
+        let isolatedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-presentation-openai-web-\(UUID().uuidString)", isDirectory: true)
+        try? FileManager.default.createDirectory(at: isolatedHome, withIntermediateDirectories: true)
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+
+        settings._test_activeManagedCodexAccount = managedAccount
+        settings._test_codexReconciliationEnvironment = ["CODEX_HOME": isolatedHome.path]
+        settings.codexActiveSource = .liveSystem
+        defer {
+            settings._test_activeManagedCodexAccount = nil
+            settings._test_codexReconciliationEnvironment = nil
+            try? FileManager.default.removeItem(at: isolatedHome)
+        }
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: nil,
+                secondary: nil,
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: managedAccount.email,
+                    accountOrganization: nil,
+                    loginMethod: nil)),
+            provider: .codex)
+
+        #expect(store.codexAccountEmailForOpenAIDashboard() == nil)
+        #expect(store.codexAccountEmailForOpenAIDashboard() != managedAccount.email)
+        #expect(store.codexCookieCacheScopeForOpenAIWeb() == nil)
+    }
+
+    @Test
+    func `zai menu descriptor includes Tokens MCP and 5-hour rows`() {
+        let settings = self.makeSettingsStore(suite: "CodexPresentationCharacterizationTests-zai-three-quota")
+        settings.statusChecksEnabled = false
+
+        let fetcher = UsageFetcher(environment: [:])
+        let store = UsageStore(
+            fetcher: fetcher,
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(
+                    usedPercent: 9,
+                    windowMinutes: 10080,
+                    resetsAt: nil,
+                    resetDescription: nil),
+                secondary: RateWindow(
+                    usedPercent: 50,
+                    windowMinutes: nil,
+                    resetsAt: nil,
+                    resetDescription: nil),
+                tertiary: RateWindow(
+                    usedPercent: 25,
+                    windowMinutes: 300,
+                    resetsAt: nil,
+                    resetDescription: nil),
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .zai,
+                    accountEmail: nil,
+                    accountOrganization: nil,
+                    loginMethod: "pro")),
+            provider: .zai)
+
+        let descriptor = MenuDescriptor.build(
+            provider: .zai,
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updateReady: false,
+            includeContextualActions: false)
+
+        let lines = self.textLines(from: descriptor)
+        #expect(lines.contains(where: { $0.hasPrefix("Tokens:") }))
+        #expect(lines.contains(where: { $0.hasPrefix("MCP:") }))
+        #expect(lines.contains(where: { $0.hasPrefix("5-hour:") }))
+    }
+
+    private func makeSettingsStore(suite: String) -> SettingsStore {
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings._test_activeManagedCodexAccount = nil
+        settings._test_activeManagedCodexRemoteHomePath = nil
+        settings._test_unreadableManagedCodexAccountStore = false
+        settings._test_managedCodexAccountStoreURL = nil
+        settings._test_liveSystemCodexAccount = nil
+        settings._test_codexReconciliationEnvironment = nil
+        return settings
+    }
+
+    private func textLines(from descriptor: MenuDescriptor) -> [String] {
+        descriptor.sections
+            .flatMap(\.entries)
+            .compactMap { entry -> String? in
+                guard case let .text(text, _) = entry else { return nil }
+                return text
+            }
+    }
+
+    private static func writeCodexAuthFile(homeURL: URL, email: String, plan: String) throws {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        let auth = [
+            "tokens": [
+                "accessToken": "access-token",
+                "refreshToken": "refresh-token",
+                "idToken": Self.fakeJWT(email: email, plan: plan),
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: auth)
+        try data.write(to: homeURL.appendingPathComponent("auth.json"))
+    }
+
+    private static func fakeJWT(email: String, plan: String) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        let payload = (try? JSONSerialization.data(withJSONObject: [
+            "email": email,
+            "chatgpt_plan_type": plan,
+        ])) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
+}
diff --git a/Tests/CodexBarTests/CodexProviderSettingsBuilderTests.swift b/Tests/CodexBarTests/CodexProviderSettingsBuilderTests.swift
new file mode 100644
index 000000000..d2f2afb22
--- /dev/null
+++ b/Tests/CodexBarTests/CodexProviderSettingsBuilderTests.swift
@@ -0,0 +1,128 @@
+import CodexBarCore
+import Foundation
+import Testing
+
+struct CodexProviderSettingsBuilderTests {
+    @Test
+    func `builder keeps managed store unreadable fail closed when selection resolves back to live system`() {
+        let selectedManagedID = UUID()
+        let snapshot = CodexAccountReconciliationSnapshot(
+            storedAccounts: [],
+            activeStoredAccount: nil,
+            liveSystemAccount: ObservedSystemCodexAccount(
+                email: "live@example.com",
+                codexHomePath: "/tmp/live",
+                observedAt: Date(),
+                identity: .providerAccount(id: "acct-live")),
+            matchingStoredAccountForLiveSystemAccount: nil,
+            activeSource: .managedAccount(id: selectedManagedID),
+            hasUnreadableAddedAccountStore: true)
+
+        let settings = CodexProviderSettingsBuilder.make(input: CodexProviderSettingsBuilderInput(
+            usageDataSource: .auto,
+            cookieSource: .auto,
+            manualCookieHeader: nil,
+            reconciliationSnapshot: snapshot,
+            resolvedActiveSource: CodexActiveSourceResolver.resolve(from: snapshot)))
+
+        #expect(settings.managedAccountStoreUnreadable == true)
+        #expect(settings.managedAccountTargetUnavailable == false)
+    }
+
+    @Test
+    func `builder marks missing selected managed account as unavailable`() {
+        let selectedManagedID = UUID()
+        let otherStoredAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "other@example.com",
+            managedHomePath: "/tmp/other",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let snapshot = CodexAccountReconciliationSnapshot(
+            storedAccounts: [otherStoredAccount],
+            activeStoredAccount: nil,
+            liveSystemAccount: nil,
+            matchingStoredAccountForLiveSystemAccount: nil,
+            activeSource: .managedAccount(id: selectedManagedID),
+            hasUnreadableAddedAccountStore: false)
+
+        let settings = CodexProviderSettingsBuilder.make(input: CodexProviderSettingsBuilderInput(
+            usageDataSource: .auto,
+            cookieSource: .auto,
+            manualCookieHeader: nil,
+            reconciliationSnapshot: snapshot,
+            resolvedActiveSource: CodexActiveSourceResolver.resolve(from: snapshot)))
+
+        #expect(settings.managedAccountStoreUnreadable == false)
+        #expect(settings.managedAccountTargetUnavailable == true)
+    }
+
+    @Test
+    func `builder keeps missing managed target fail closed when selection resolves back to live system`() {
+        let selectedManagedID = UUID()
+        let otherStoredAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "other@example.com",
+            managedHomePath: "/tmp/other",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let snapshot = CodexAccountReconciliationSnapshot(
+            storedAccounts: [otherStoredAccount],
+            activeStoredAccount: nil,
+            liveSystemAccount: ObservedSystemCodexAccount(
+                email: "live@example.com",
+                codexHomePath: "/tmp/live",
+                observedAt: Date(),
+                identity: .providerAccount(id: "acct-live")),
+            matchingStoredAccountForLiveSystemAccount: nil,
+            activeSource: .managedAccount(id: selectedManagedID),
+            hasUnreadableAddedAccountStore: false)
+
+        let settings = CodexProviderSettingsBuilder.make(input: CodexProviderSettingsBuilderInput(
+            usageDataSource: .auto,
+            cookieSource: .auto,
+            manualCookieHeader: nil,
+            reconciliationSnapshot: snapshot,
+            resolvedActiveSource: CodexActiveSourceResolver.resolve(from: snapshot)))
+
+        #expect(settings.managedAccountStoreUnreadable == false)
+        #expect(settings.managedAccountTargetUnavailable == true)
+    }
+
+    @Test
+    func `known owner catalog includes runtime managed and live identities`() {
+        let storedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let liveSystemAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/tmp/live",
+            observedAt: Date(),
+            identity: .providerAccount(id: "acct-live"))
+        let snapshot = CodexAccountReconciliationSnapshot(
+            storedAccounts: [storedAccount],
+            activeStoredAccount: storedAccount,
+            liveSystemAccount: liveSystemAccount,
+            matchingStoredAccountForLiveSystemAccount: nil,
+            activeSource: .managedAccount(id: storedAccount.id),
+            hasUnreadableAddedAccountStore: false,
+            storedAccountRuntimeIdentities: [storedAccount.id: .providerAccount(id: "acct-managed")],
+            storedAccountRuntimeEmails: [storedAccount.id: "managed-runtime@example.com"])
+
+        let candidates = CodexKnownOwnerCatalog.candidates(from: snapshot)
+
+        #expect(candidates.count == 2)
+        #expect(candidates.contains(CodexDashboardKnownOwnerCandidate(
+            identity: .providerAccount(id: "acct-managed"),
+            normalizedEmail: "managed-runtime@example.com")))
+        #expect(candidates.contains(CodexDashboardKnownOwnerCandidate(
+            identity: .providerAccount(id: "acct-live"),
+            normalizedEmail: "live@example.com")))
+    }
+}
diff --git a/Tests/CodexBarTests/CodexSystemAccountObserverTests.swift b/Tests/CodexBarTests/CodexSystemAccountObserverTests.swift
new file mode 100644
index 000000000..6cb9db5ce
--- /dev/null
+++ b/Tests/CodexBarTests/CodexSystemAccountObserverTests.swift
@@ -0,0 +1,132 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+struct CodexSystemAccountObserverTests {
+    @Test
+    func `observer reads ambient CODEX_HOME when present`() throws {
+        let home = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: home) }
+        try Self.writeCodexAuthFile(
+            homeURL: home,
+            email: "  LIVE@Example.com  ",
+            plan: "pro",
+            accountId: "account-live")
+
+        let observer = DefaultCodexSystemAccountObserver()
+        let account = try observer.loadSystemAccount(environment: ["CODEX_HOME": home.path])
+
+        #expect(account?.email == "live@example.com")
+        #expect(account?.codexHomePath == home.path)
+        #expect(account?.identity == .providerAccount(id: "account-live"))
+    }
+
+    @Test
+    func `observer falls back to nil when ambient home has no readable email`() throws {
+        let home = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: home) }
+        try FileManager.default.createDirectory(at: home, withIntermediateDirectories: true)
+
+        let observer = DefaultCodexSystemAccountObserver()
+        let account = try observer.loadSystemAccount(environment: ["CODEX_HOME": home.path])
+
+        #expect(account == nil)
+    }
+
+    @Test
+    func `observer records observation timestamp`() throws {
+        let home = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: home) }
+        try Self.writeCodexAuthFile(homeURL: home, email: "user@example.com", plan: "team")
+
+        let before = Date()
+        let observer = DefaultCodexSystemAccountObserver()
+        let account = try observer.loadSystemAccount(environment: ["CODEX_HOME": home.path])
+        let observed = try #require(account)
+
+        #expect(observed.observedAt >= before)
+    }
+
+    @Test
+    func `observer preserves provider account identity from scoped auth`() throws {
+        let home = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: home) }
+        try Self.writeCodexAuthFile(
+            homeURL: home,
+            email: "user@example.com",
+            plan: "team",
+            accountId: "account-live-123")
+
+        let observer = DefaultCodexSystemAccountObserver()
+        let account = try #require(try observer.loadSystemAccount(environment: ["CODEX_HOME": home.path]))
+
+        #expect(account.identity == .providerAccount(id: "account-live-123"))
+    }
+
+    @Test
+    func `observer uses cached workspace label for provider account`() throws {
+        let home = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let cacheURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-openai-workspaces-\(UUID().uuidString).json")
+        defer {
+            try? FileManager.default.removeItem(at: home)
+            try? FileManager.default.removeItem(at: cacheURL)
+        }
+        try Self.writeCodexAuthFile(
+            homeURL: home,
+            email: "user@example.com",
+            plan: "team",
+            accountId: "account-live-123")
+
+        try CodexOpenAIWorkspaceIdentityCache.withFileURLOverrideForTesting(cacheURL) {
+            try CodexOpenAIWorkspaceIdentityCache().store(CodexOpenAIWorkspaceIdentity(
+                workspaceAccountID: "account-live-123",
+                workspaceLabel: "Team Alpha"))
+
+            let observer = DefaultCodexSystemAccountObserver()
+            let account = try #require(try observer.loadSystemAccount(environment: ["CODEX_HOME": home.path]))
+
+            #expect(account.workspaceAccountID == "account-live-123")
+            #expect(account.workspaceLabel == "Team Alpha")
+        }
+    }
+
+    private static func writeCodexAuthFile(
+        homeURL: URL,
+        email: String,
+        plan: String,
+        accountId: String? = nil) throws
+    {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        var tokens: [String: Any] = [
+            "accessToken": "access-token",
+            "refreshToken": "refresh-token",
+            "idToken": Self.fakeJWT(email: email, plan: plan),
+        ]
+        if let accountId {
+            tokens["accountId"] = accountId
+        }
+        let auth = ["tokens": tokens]
+        let data = try JSONSerialization.data(withJSONObject: auth)
+        try data.write(to: homeURL.appendingPathComponent("auth.json"))
+    }
+
+    private static func fakeJWT(email: String, plan: String) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        let payload = (try? JSONSerialization.data(withJSONObject: [
+            "email": email,
+            "chatgpt_plan_type": plan,
+        ])) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
+}
diff --git a/Tests/CodexBarTests/CodexSystemPromotionUITests.swift b/Tests/CodexBarTests/CodexSystemPromotionUITests.swift
new file mode 100644
index 000000000..0f780686d
--- /dev/null
+++ b/Tests/CodexBarTests/CodexSystemPromotionUITests.swift
@@ -0,0 +1,153 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+@MainActor
+struct CodexSystemPromotionUITests {
+    @Test
+    func `promotion coordinator promotes immediately`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexSystemPromotionUITests-coordinator-immediate")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "managed@example.com",
+            authAccountID: "acct-managed")
+        try container.persistAccounts([target])
+        _ = try container.writeLiveOAuthAuthFile(email: "live@example.com", accountID: "acct-live")
+
+        let managedVisibleAccountID = try #require(container.settings.codexVisibleAccountProjection.visibleAccounts
+            .first(where: { $0.storedAccountID == target.id })?
+            .id)
+        let coordinator = CodexAccountPromotionCoordinator(service: container.makeService())
+
+        let result = await coordinator.promote(managedAccountID: target.id)
+
+        let promotionResult: CodexAccountPromotionResult
+        switch result {
+        case let .success(value):
+            promotionResult = value
+        case let .failure(error):
+            Issue.record("Expected successful promotion, got \(error)")
+            throw PromotionTestError.unexpectedDisposition
+        }
+
+        #expect(promotionResult.outcome == .promoted)
+        #expect(container.settings.codexActiveSource == .liveSystem)
+        #expect(container.settings.codexVisibleAccountProjection.liveVisibleAccountID == managedVisibleAccountID)
+        #expect(coordinator.userFacingError == nil)
+    }
+
+    @Test
+    func `promotion coordinator blocks while live reauthentication is running`() async throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexSystemPromotionUITests-coordinator-live-reauth")
+        defer { container.tearDown() }
+
+        let target = try container.createManagedAccount(
+            persistedEmail: "managed@example.com",
+            authAccountID: "acct-managed")
+        try container.persistAccounts([target])
+        _ = try container.writeLiveOAuthAuthFile(email: "live@example.com", accountID: "acct-live")
+        container.settings.codexActiveSource = .managedAccount(id: target.id)
+
+        let coordinator = CodexAccountPromotionCoordinator(service: container.makeService())
+        coordinator.setLiveReauthenticationInProgress(true)
+
+        let result = await coordinator.promote(managedAccountID: target.id)
+
+        let error: CodexSystemAccountPromotionUserFacingError
+        switch result {
+        case .success:
+            Issue.record("Expected blocked promotion while live reauthentication is running")
+            throw PromotionTestError.unexpectedDisposition
+        case let .failure(value):
+            error = value
+        }
+
+        #expect(error.title == "Could not switch system account")
+        #expect(error.message == "Finish the current managed account change before switching the system account.")
+        #expect(coordinator.userFacingError == error)
+        #expect(coordinator.isInteractionBlocked())
+        #expect(container.settings.codexActiveSource == .managedAccount(id: target.id))
+    }
+
+    @Test
+    func `codex menu descriptor includes system account submenu`() throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexSystemPromotionUITests-menu-descriptor")
+        defer { container.tearDown() }
+
+        let managedAccountID = UUID()
+        let managedAccount = try container.createManagedAccount(
+            id: managedAccountID,
+            persistedEmail: "managed@example.com",
+            authAccountID: "acct-managed")
+        try container.persistAccounts([managedAccount])
+        container.settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: container.liveHomeURL.path,
+            observedAt: Date())
+
+        let descriptor = MenuDescriptor.build(
+            provider: .codex,
+            store: container.usageStore,
+            settings: container.settings,
+            account: UsageFetcher().loadAccountInfo(),
+            managedCodexAccountCoordinator: ManagedCodexAccountCoordinator(),
+            codexAccountPromotionCoordinator: CodexAccountPromotionCoordinator(
+                service: container.makeService()),
+            updateReady: false)
+
+        let submenu = try #require(descriptor.sections
+            .flatMap(\.entries)
+            .compactMap { entry -> (String, String?, [MenuDescriptor.SubmenuItem])? in
+                guard case let .submenu(title, systemImageName, items) = entry else { return nil }
+                return (title, systemImageName, items)
+            }
+            .first(where: { $0.0 == "System Account" }))
+
+        #expect(submenu.1 == MenuDescriptor.MenuActionSystemImage.systemAccount.rawValue)
+        #expect(submenu.2.map(\.title) == ["live@example.com", "managed@example.com"])
+        #expect(submenu.2.count == 2)
+        #expect(submenu.2[0].isChecked)
+        #expect(submenu.2[0].isEnabled == false)
+        #expect(submenu.2[0].action == nil)
+        #expect(submenu.2[1].isChecked == false)
+        #expect(submenu.2[1].isEnabled)
+        #expect(submenu.2[1].action == .requestCodexSystemPromotion(managedAccountID))
+    }
+
+    @Test
+    func `codex menu descriptor hides single live system account submenu`() throws {
+        let container = try CodexAccountPromotionTestContainer(
+            suiteName: "CodexSystemPromotionUITests-menu-single-live")
+        defer { container.tearDown() }
+
+        container.settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: container.liveHomeURL.path,
+            observedAt: Date())
+
+        let descriptor = MenuDescriptor.build(
+            provider: .codex,
+            store: container.usageStore,
+            settings: container.settings,
+            account: UsageFetcher().loadAccountInfo(),
+            managedCodexAccountCoordinator: ManagedCodexAccountCoordinator(),
+            codexAccountPromotionCoordinator: CodexAccountPromotionCoordinator(
+                service: container.makeService()),
+            updateReady: false)
+
+        let hasSystemAccountSubmenu = descriptor.sections
+            .flatMap(\.entries)
+            .contains { entry in
+                guard case let .submenu(title, _, _) = entry else { return false }
+                return title == "System Account"
+            }
+
+        #expect(!hasSystemAccountSubmenu)
+    }
+}
diff --git a/Tests/CodexBarTests/CodexUsageFetcherFallbackTests.swift b/Tests/CodexBarTests/CodexUsageFetcherFallbackTests.swift
new file mode 100644
index 000000000..4ce184b6c
--- /dev/null
+++ b/Tests/CodexBarTests/CodexUsageFetcherFallbackTests.swift
@@ -0,0 +1,508 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct CodexUsageFetcherFallbackTests {
+    @Test
+    func `missing CLI binary reports install guidance instead of not running`() async throws {
+        let fetcher = UsageFetcher(
+            environment: [:],
+            initializeTimeoutSeconds: 0.1,
+            requestTimeoutSeconds: 0.1,
+            codexExecutableResolver: { _, _ in nil })
+
+        do {
+            _ = try await fetcher.loadLatestCLIAccountSnapshot()
+            Issue.record("Expected missing Codex CLI to throw")
+        } catch CodexStatusProbeError.codexNotInstalled {
+            let message = CodexStatusProbeError.codexNotInstalled.localizedDescription
+            #expect(message.contains("Codex CLI missing"))
+            #expect(!message.contains("Codex not running"))
+        } catch {
+            Issue.record("Expected CodexStatusProbeError.codexNotInstalled, got \(type(of: error)): \(error)")
+        }
+    }
+
+    @Test
+    func `CLI usage recovers from RPC decode mismatch body payload`() {
+        let snapshot = UsageFetcher._recoverCodexRPCUsageFromErrorForTesting(
+            Self.decodeMismatchBodyMessage)
+
+        #expect(snapshot?.primary?.usedPercent == 4)
+        #expect(snapshot?.primary?.windowMinutes == 300)
+        #expect(snapshot?.secondary?.usedPercent == 19)
+        #expect(snapshot?.secondary?.windowMinutes == 10080)
+        #expect(snapshot?.accountEmail(for: UsageProvider.codex) == "prolite-test@example.com")
+        #expect(snapshot?.loginMethod(for: UsageProvider.codex) == "prolite")
+    }
+
+    @Test
+    func `CLI credits recover from RPC decode mismatch body payload`() {
+        let credits = UsageFetcher._recoverCodexRPCCreditsFromErrorForTesting(Self.decodeMismatchBodyMessage)
+
+        #expect(credits?.remaining == 0)
+    }
+
+    @Test
+    func `CLI credits recover from RPC error body when usage windows are unusable`() async throws {
+        let stubCLIPath = try self.makeDecodeMismatchStubCodexCLI(message: Self.creditsOnlyDecodeMismatchBodyMessage)
+        defer { try? FileManager.default.removeItem(atPath: stubCLIPath) }
+
+        let fetcher = self.makeStubUsageFetcher(stubCLIPath)
+        let credits = try await fetcher.loadLatestCredits()
+
+        #expect(credits.remaining == 14.5)
+        await #expect(throws: UsageError.noRateLimitsFound) {
+            _ = try await fetcher.loadLatestUsage()
+        }
+    }
+
+    @Test
+    func `CLI usage does not partially recover malformed RPC body without session lane`() {
+        let snapshot = UsageFetcher._recoverCodexRPCUsageFromErrorForTesting(
+            Self.partialDecodeBodyMessage)
+
+        #expect(snapshot == nil)
+    }
+
+    @Test
+    func `CLI usage recovers from RPC body without TTY fallback`() async throws {
+        let stubCLIPath = try self.makeDecodeMismatchStubCodexCLI(message: Self.decodeMismatchBodyMessage)
+        defer { try? FileManager.default.removeItem(atPath: stubCLIPath) }
+
+        let fetcher = self.makeStubUsageFetcher(stubCLIPath)
+        let snapshot = try await fetcher.loadLatestUsage()
+
+        #expect(snapshot.primary?.usedPercent == 4)
+        #expect(snapshot.primary?.windowMinutes == 300)
+        #expect(snapshot.secondary?.usedPercent == 19)
+        #expect(snapshot.secondary?.windowMinutes == 10080)
+    }
+
+    @Test
+    func `CLI credits recover from RPC body without TTY fallback`() async throws {
+        let stubCLIPath = try self.makeDecodeMismatchStubCodexCLI(message: Self.decodeMismatchBodyMessage)
+        defer { try? FileManager.default.removeItem(atPath: stubCLIPath) }
+
+        let fetcher = self.makeStubUsageFetcher(stubCLIPath)
+        let credits = try await fetcher.loadLatestCredits()
+
+        #expect(credits.remaining == 0)
+    }
+
+    @Test
+    func `CLI credits load from RPC response without usage windows`() async throws {
+        let stubCLIPath = try self.makeCreditsOnlyStubCodexCLI()
+        defer { try? FileManager.default.removeItem(atPath: stubCLIPath) }
+
+        let fetcher = self.makeStubUsageFetcher(stubCLIPath)
+        let credits = try await fetcher.loadLatestCredits()
+
+        #expect(credits.remaining == 21)
+        await #expect(throws: UsageError.noRateLimitsFound) {
+            _ = try await fetcher.loadLatestUsage()
+        }
+    }
+
+    @Test
+    func `CLI usage loads plan only RPC response as unavailable limits`() async throws {
+        let stubCLIPath = try self.makePlanOnlyStubCodexCLI()
+        defer { try? FileManager.default.removeItem(atPath: stubCLIPath) }
+
+        let fetcher = self.makeStubUsageFetcher(stubCLIPath)
+        let snapshot = try await fetcher.loadLatestUsage()
+
+        #expect(snapshot.primary == nil)
+        #expect(snapshot.secondary == nil)
+        #expect(snapshot.accountEmail(for: .codex) == "stub@example.com")
+        #expect(snapshot.loginMethod(for: .codex) == "pro")
+        #expect(snapshot.rateLimitsUnavailable(for: .codex))
+    }
+
+    @Test
+    func `CLI plan and credits response without usage windows keeps unavailable limits`() async throws {
+        let stubCLIPath = try self.makePlanOnlyStubCodexCLI(includeCredits: true)
+        defer { try? FileManager.default.removeItem(atPath: stubCLIPath) }
+
+        let fetcher = self.makeStubUsageFetcher(stubCLIPath)
+        let snapshot = try await fetcher.loadLatestCLIAccountSnapshot()
+
+        #expect(snapshot.usage?.primary == nil)
+        #expect(snapshot.usage?.secondary == nil)
+        #expect(snapshot.usage?.rateLimitsUnavailable(for: .codex) == true)
+        #expect(snapshot.credits?.remaining == 21)
+    }
+
+    @Test
+    func `CLI usage fails when RPC body recovery misses session lane`() async throws {
+        let stubCLIPath = try self.makeDecodeMismatchStubCodexCLI(message: Self.partialDecodeBodyMessage)
+        defer { try? FileManager.default.removeItem(atPath: stubCLIPath) }
+
+        let fetcher = self.makeStubUsageFetcher(stubCLIPath)
+
+        do {
+            _ = try await fetcher.loadLatestUsage()
+            Issue.record("Expected RPC failure without PTY fallback")
+        } catch {
+            #expect(error.localizedDescription.contains("Codex connection failed"))
+        }
+    }
+
+    @Test
+    func `hung CLI RPC rate limits request times out within budget`() async throws {
+        let stubCLIPath = try self.makeHungRateLimitsStubCodexCLI()
+        defer { try? FileManager.default.removeItem(atPath: stubCLIPath) }
+
+        let fetcher = UsageFetcher(
+            environment: ["CODEX_CLI_PATH": stubCLIPath],
+            initializeTimeoutSeconds: 2.0,
+            requestTimeoutSeconds: 0.2)
+
+        let started = Date()
+        do {
+            _ = try await fetcher.loadLatestUsage()
+            Issue.record("Expected hung Codex RPC usage request to time out")
+        } catch let error as RPCWireError {
+            guard case let .timeout(method) = error else {
+                Issue.record("Expected RPC timeout, got \(error)")
+                return
+            }
+            #expect(method == "account/rateLimits/read")
+        } catch {
+            Issue.record("Expected RPCWireError.timeout, got \(type(of: error)): \(error)")
+        }
+
+        let elapsed = Date().timeIntervalSince(started)
+        #expect(elapsed < 3.0, "Hung RPC request must fail fast, took \(elapsed)s")
+    }
+
+    @Test
+    func `repeated hung CLI RPC requests stay bounded`() async throws {
+        let stubCLIPath = try self.makeHungRateLimitsStubCodexCLI()
+        defer { try? FileManager.default.removeItem(atPath: stubCLIPath) }
+
+        let fetcher = UsageFetcher(
+            environment: ["CODEX_CLI_PATH": stubCLIPath],
+            initializeTimeoutSeconds: 2.0,
+            requestTimeoutSeconds: 0.2)
+
+        for attempt in 1...2 {
+            let started = Date()
+            do {
+                _ = try await fetcher.loadLatestCredits()
+                Issue.record("Expected hung Codex RPC credits request \(attempt) to time out")
+            } catch let error as RPCWireError {
+                guard case .timeout = error else {
+                    Issue.record("Expected RPC timeout on attempt \(attempt), got \(error)")
+                    return
+                }
+            } catch {
+                Issue.record("Expected RPCWireError.timeout on attempt \(attempt), got \(type(of: error)): \(error)")
+            }
+
+            let elapsed = Date().timeIntervalSince(started)
+            #expect(elapsed < 3.0, "Hung RPC request \(attempt) must fail fast, took \(elapsed)s")
+        }
+    }
+
+    private static let decodeMismatchBodyMessage = """
+    failed to fetch codex rate limits: Decode error for https://chatgpt.com/backend-api/wham/usage:
+    unknown variant `prolite`, expected one of `guest`, `free`, `go`, `plus`, `pro`;
+    content-type=application/json; body={
+      "user_id": "user-TEST",
+      "account_id": "account-TEST",
+      "email": "prolite-test@example.com",
+      "plan_type": "prolite",
+      "rate_limit": {
+        "allowed": true,
+        "limit_reached": false,
+        "primary_window": {
+          "used_percent": 4,
+          "limit_window_seconds": 18000,
+          "reset_after_seconds": 8657,
+          "reset_at": 1776216359
+        },
+        "secondary_window": {
+          "used_percent": 19,
+          "limit_window_seconds": 604800,
+          "reset_after_seconds": 187681,
+          "reset_at": 1776395384
+        }
+      },
+      "credits": {
+        "has_credits": false,
+        "unlimited": false,
+        "overage_limit_reached": false,
+        "balance": "0E-10"
+      }
+    }
+    """
+
+    private static let partialDecodeBodyMessage = """
+    failed to fetch codex rate limits: Decode error for https://chatgpt.com/backend-api/wham/usage:
+    unknown variant `prolite`, expected one of `guest`, `free`, `go`, `plus`, `pro`;
+    content-type=application/json; body={
+      "email": "prolite-test@example.com",
+      "plan_type": "prolite",
+      "rate_limit": {
+        "allowed": true,
+        "limit_reached": false,
+        "primary_window": {
+          "used_percent": "oops",
+          "limit_window_seconds": 18000,
+          "reset_at": 1776216359
+        },
+        "secondary_window": {
+          "used_percent": 19,
+          "limit_window_seconds": 604800,
+          "reset_after_seconds": 187681,
+          "reset_at": 1776395384
+        }
+      }
+    }
+    """
+
+    private static let creditsOnlyDecodeMismatchBodyMessage = """
+    failed to fetch codex rate limits: Decode error for https://chatgpt.com/backend-api/wham/usage:
+    unknown variant `prolite`, expected one of `guest`, `free`, `go`, `plus`, `pro`;
+    content-type=application/json; body={
+      "email": "prolite-test@example.com",
+      "plan_type": "prolite",
+      "rate_limit": {
+        "allowed": true,
+        "limit_reached": false,
+        "primary_window": {
+          "used_percent": "oops",
+          "limit_window_seconds": 18000,
+          "reset_at": 1776216359
+        }
+      },
+      "credits": {
+        "has_credits": true,
+        "unlimited": false,
+        "overage_limit_reached": false,
+        "balance": "14.5"
+      }
+    }
+    """
+
+    private func makeStubUsageFetcher(_ stubCLIPath: String) -> UsageFetcher {
+        UsageFetcher(
+            environment: ["CODEX_CLI_PATH": stubCLIPath],
+            initializeTimeoutSeconds: 20.0,
+            requestTimeoutSeconds: 3.0)
+    }
+
+    private func makeDecodeMismatchStubCodexCLI(
+        message: String = Self.decodeMismatchBodyMessage)
+        throws -> String
+    {
+        let script = """
+        #!/usr/bin/python3 -S
+        import json
+        import sys
+
+        args = sys.argv[1:]
+        if "app-server" in args:
+            for line in sys.stdin:
+                if not line.strip():
+                    continue
+                message = json.loads(line)
+                method = message.get("method")
+                if method == "initialized":
+                    continue
+
+                identifier = message.get("id")
+                if method == "initialize":
+                    payload = {"id": identifier, "result": {}}
+                elif method == "account/rateLimits/read":
+                    payload = {
+                        "id": identifier,
+                        "error": {
+                            "message": '''\(message)'''
+                        }
+                    }
+                elif method == "account/read":
+                    payload = {
+                        "id": identifier,
+                        "result": {
+                            "account": {
+                                "type": "chatgpt",
+                                "email": "stub@example.com",
+                                "planType": "prolite"
+                            },
+                            "requiresOpenaiAuth": False
+                        }
+                    }
+                else:
+                    payload = {"id": identifier, "result": {}}
+
+                print(json.dumps(payload), flush=True)
+        else:
+            sys.stderr.write("unexpected non app-server Codex invocation\\n")
+            sys.exit(92)
+        """
+        let url = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-fallback-stub-\(UUID().uuidString)", isDirectory: false)
+        try Data(script.utf8).write(to: url)
+        try FileManager.default.setAttributes([.posixPermissions: 0o755], ofItemAtPath: url.path)
+        return url.path
+    }
+
+    private func makePlanOnlyStubCodexCLI(includeCredits: Bool = false) throws -> String {
+        let creditsPayload = includeCredits
+            ? [
+                ",",
+                "                                \"credits\": {",
+                "                                    \"hasCredits\": True,",
+                "                                    \"unlimited\": False,",
+                "                                    \"balance\": \"21\"",
+                "                                }",
+            ].joined(separator: "\n")
+            : ""
+        let script = """
+        #!/usr/bin/python3 -S
+        import json
+        import sys
+
+        args = sys.argv[1:]
+        if "app-server" in args:
+            for line in sys.stdin:
+                if not line.strip():
+                    continue
+                message = json.loads(line)
+                method = message.get("method")
+                if method == "initialized":
+                    continue
+
+                identifier = message.get("id")
+                if method == "initialize":
+                    payload = {"id": identifier, "result": {}}
+                elif method == "account/rateLimits/read":
+                    payload = {
+                        "id": identifier,
+                        "result": {
+                            "rateLimits": {
+                                "planType": "pro"
+                                \(creditsPayload)
+                            }
+                        }
+                    }
+                elif method == "account/read":
+                    payload = {
+                        "id": identifier,
+                        "result": {
+                            "account": {
+                                "type": "chatgpt",
+                                "email": "stub@example.com",
+                                "planType": "pro"
+                            },
+                            "requiresOpenaiAuth": False
+                        }
+                    }
+                else:
+                    payload = {"id": identifier, "result": {}}
+
+                print(json.dumps(payload), flush=True)
+        else:
+            sys.stderr.write("unexpected non app-server Codex invocation\\n")
+            sys.exit(92)
+        """
+        let url = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-plan-only-stub-\(UUID().uuidString)", isDirectory: false)
+        try Data(script.utf8).write(to: url)
+        try FileManager.default.setAttributes([.posixPermissions: 0o755], ofItemAtPath: url.path)
+        return url.path
+    }
+
+    private func makeCreditsOnlyStubCodexCLI() throws -> String {
+        let script = """
+        #!/usr/bin/python3 -S
+        import json
+        import sys
+
+        args = sys.argv[1:]
+        if "app-server" in args:
+            for line in sys.stdin:
+                if not line.strip():
+                    continue
+                message = json.loads(line)
+                method = message.get("method")
+                if method == "initialized":
+                    continue
+
+                identifier = message.get("id")
+                if method == "initialize":
+                    payload = {"id": identifier, "result": {}}
+                elif method == "account/rateLimits/read":
+                    payload = {
+                        "id": identifier,
+                        "result": {
+                            "rateLimits": {
+                                "credits": {
+                                    "hasCredits": True,
+                                    "unlimited": False,
+                                    "balance": "21"
+                                }
+                            }
+                        }
+                    }
+                elif method == "account/read":
+                    payload = {
+                        "id": identifier,
+                        "result": {
+                            "account": {
+                                "type": "chatgpt",
+                                "email": "stub@example.com",
+                                "planType": "pro"
+                            },
+                            "requiresOpenaiAuth": False
+                        }
+                    }
+                else:
+                    payload = {"id": identifier, "result": {}}
+
+                print(json.dumps(payload), flush=True)
+        else:
+            sys.stderr.write("unexpected non app-server Codex invocation\\n")
+            sys.exit(92)
+        """
+        let url = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-credits-only-stub-\(UUID().uuidString)", isDirectory: false)
+        try Data(script.utf8).write(to: url)
+        try FileManager.default.setAttributes([.posixPermissions: 0o755], ofItemAtPath: url.path)
+        return url.path
+    }
+
+    private func makeHungRateLimitsStubCodexCLI() throws -> String {
+        let script = """
+        #!/bin/sh
+        case " $* " in
+          *" app-server "*) ;;
+          *) printf '%s\\n' "unexpected non app-server Codex invocation" >&2; exit 92 ;;
+        esac
+
+        while IFS= read -r line; do
+          case "$line" in
+            *'"method":"initialized"'*|*'"method": "initialized"'*)
+              ;;
+            *'"method":"initialize"'*|*'"method": "initialize"'*)
+              printf '%s\\n' '{"id":1,"result":{}}'
+              ;;
+            *'"method":"account/rateLimits/read"'*|*'"method": "account/rateLimits/read"'*)
+              sleep 30
+              ;;
+            *)
+              printf '%s\\n' '{"id":1,"result":{}}'
+              ;;
+          esac
+        done
+        """
+        let url = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-hung-stub-\(UUID().uuidString)", isDirectory: false)
+        try Data(script.utf8).write(to: url)
+        try FileManager.default.setAttributes([.posixPermissions: 0o755], ofItemAtPath: url.path)
+        return url.path
+    }
+}
diff --git a/Tests/CodexBarTests/CodexUserFacingErrorTests.swift b/Tests/CodexBarTests/CodexUserFacingErrorTests.swift
new file mode 100644
index 000000000..4fb88fc3c
--- /dev/null
+++ b/Tests/CodexBarTests/CodexUserFacingErrorTests.swift
@@ -0,0 +1,231 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@MainActor
+struct CodexUserFacingErrorTests {
+    @Test
+    func `missing codex CLI guidance is not collapsed to not running`() {
+        let store = self.makeUsageStore(suite: "CodexUserFacingErrorTests-missing-cli")
+        store.errors[.codex] = "Codex not running. Try running a Codex command first. "
+            + "(Codex CLI not found. Install with `npm i -g @openai/codex`.)"
+
+        #expect(store.userFacingError(for: .codex) == CodexStatusProbeError.codexNotInstalled.localizedDescription)
+    }
+
+    @Test
+    func `logged out codex CLI guidance is not collapsed to temporary outage`() {
+        let store = self.makeUsageStore(suite: "CodexUserFacingErrorTests-cli-login-required")
+        store.errors[.codex] =
+            "Codex connection failed: codex account authentication required to read rate limits"
+
+        #expect(
+            store.userFacingError(for: .codex) ==
+                "Codex CLI is not signed in. Run `codex login --device-auth`, then refresh.")
+    }
+
+    @Test
+    func `cached logged out codex CLI failure preserves cached suffix`() {
+        let store = self.makeUsageStore(suite: "CodexUserFacingErrorTests-cached-cli-login-required")
+        store.lastCreditsError =
+            "Last Codex credits refresh failed: Codex connection failed: "
+                + "codex account authentication required to read rate limits. Cached values from 2m ago."
+
+        #expect(
+            store.userFacingLastCreditsError ==
+                "Codex CLI is not signed in. Run `codex login --device-auth`, then refresh. "
+                + "Cached values from 2m ago.")
+    }
+
+    @Test
+    func `expired codex auth is sanitized`() {
+        let store = self.makeUsageStore(suite: "CodexUserFacingErrorTests-expired-auth")
+        store.errors[.codex] = """
+        Codex connection failed: failed to fetch codex rate limits: GET https://chatgpt.com/backend-api/wham/usage \
+        failed: 401 Unauthorized; content-type=text/plain; body={\"error\":{\"message\":\"Provided authentication \
+        token is expired. Please try signing in again.\",\"code\":\"token_expired\"}}
+        """
+
+        #expect(store.userFacingError(for: .codex) == "Codex session expired. Sign in again.")
+    }
+
+    @Test
+    func `transport codex error is sanitized`() {
+        let store = self.makeUsageStore(suite: "CodexUserFacingErrorTests-transport")
+        store.errors[.codex] =
+            "Codex connection failed: failed to fetch codex rate limits: "
+                + "GET https://chatgpt.com/backend-api/wham/usage failed: 500"
+
+        #expect(store.userFacingError(for: .codex) == "Codex usage is temporarily unavailable. Try refreshing.")
+    }
+
+    @Test
+    func `decode mismatch codex error is sanitized`() {
+        let store = self.makeUsageStore(suite: "CodexUserFacingErrorTests-decode-mismatch")
+        store.errors[.codex] =
+            "Codex connection failed: failed to fetch codex rate limits: "
+                + "Decode error for https://chatgpt.com/backend-api/wham/usage: "
+                + "unknown variant `prolite`, expected one of `guest`, `free`, `go`, `plus`, `pro`"
+
+        #expect(store.userFacingError(for: .codex) == "Codex usage is temporarily unavailable. Try refreshing.")
+    }
+
+    @Test
+    func `cached credits failure preserves cached suffix while sanitizing body`() {
+        let store = self.makeUsageStore(suite: "CodexUserFacingErrorTests-cached-credits")
+        store.lastCreditsError =
+            "Last Codex credits refresh failed: Codex connection failed: failed to fetch codex rate limits: "
+                + "GET https://chatgpt.com/backend-api/wham/usage failed: 500; body={\"error\":{}} "
+                + "Cached values from 2m ago."
+
+        #expect(
+            store.userFacingLastCreditsError ==
+                "Codex usage is temporarily unavailable. Try refreshing. Cached values from 2m ago.")
+    }
+
+    @Test
+    func `cached missing codex CLI failure preserves cached suffix`() {
+        let store = self.makeUsageStore(suite: "CodexUserFacingErrorTests-cached-missing-cli")
+        store.lastCreditsError =
+            "Last Codex credits refresh failed: Codex CLI not found. "
+                + "Install with `npm i -g @openai/codex`. Cached values from 2m ago."
+
+        #expect(
+            store.userFacingLastCreditsError ==
+                CodexStatusProbeError.codexNotInstalled.localizedDescription + " Cached values from 2m ago.")
+    }
+
+    @Test
+    func `browser mismatch remains unchanged`() {
+        let store = self.makeUsageStore(suite: "CodexUserFacingErrorTests-browser-mismatch")
+        store.lastOpenAIDashboardError =
+            "OpenAI cookies are for ratulsarna@gmail.com, not rdsarna@gmail.com. "
+                + "Switch chatgpt.com account, then refresh OpenAI cookies."
+
+        #expect(
+            store.userFacingLastOpenAIDashboardError ==
+                "OpenAI cookies are for ratulsarna@gmail.com, not rdsarna@gmail.com. "
+                + "Switch chatgpt.com account, then refresh OpenAI cookies.")
+    }
+
+    @Test
+    func `frame load interrupted becomes retry guidance`() {
+        let store = self.makeUsageStore(suite: "CodexUserFacingErrorTests-frame-load")
+        store.lastOpenAIDashboardError = "Frame load interrupted"
+
+        #expect(
+            store.userFacingLastOpenAIDashboardError ==
+                "OpenAI web refresh was interrupted. Refresh OpenAI cookies and try again.")
+    }
+
+    @Test
+    func `open A I web timeout becomes retry guidance`() {
+        let store = self.makeUsageStore(suite: "CodexUserFacingErrorTests-openai-web-timeout")
+        store.lastOpenAIDashboardError = "The operation couldn’t be completed. (NSURLErrorDomain error -1001.)"
+
+        #expect(
+            store.userFacingLastOpenAIDashboardError ==
+                "OpenAI web refresh timed out. Refresh OpenAI cookies and try again.")
+    }
+
+    @Test
+    func `open A I web network error becomes connection guidance`() {
+        let store = self.makeUsageStore(suite: "CodexUserFacingErrorTests-openai-web-network")
+        store.lastOpenAIDashboardError = "The operation couldn’t be completed. (NSURLErrorDomain error -1004.)"
+        let expected = [
+            "OpenAI web refresh hit a network error.",
+            "Check your connection, then refresh OpenAI cookies and try again.",
+        ].joined(separator: " ")
+
+        #expect(store.userFacingLastOpenAIDashboardError == expected)
+    }
+
+    @Test
+    func `non codex providers keep raw errors`() {
+        let store = self.makeUsageStore(suite: "CodexUserFacingErrorTests-non-codex")
+        store.errors[.claude] = "Claude probe failed with debug detail"
+
+        #expect(store.userFacingError(for: .claude) == "Claude probe failed with debug detail")
+    }
+
+    @Test
+    func `providers pane codex model uses sanitized values`() {
+        let settings = self.makeSettingsStore(suite: "CodexUserFacingErrorTests-pane-model")
+        let store = self.makeUsageStore(settings: settings)
+        store.errors[.codex] =
+            "Codex connection failed: failed to fetch codex rate limits: "
+                + "GET https://chatgpt.com/backend-api/wham/usage failed: 500"
+        store.lastCreditsError =
+            "Last Codex credits refresh failed: Codex connection failed: failed to fetch codex rate limits: "
+                + "GET https://chatgpt.com/backend-api/wham/usage failed: 500 "
+                + "Cached values from 1m ago."
+        store.lastOpenAIDashboardError = "Frame load interrupted"
+
+        let pane = ProvidersPane(settings: settings, store: store)
+        let model = pane._test_menuCardModel(for: .codex)
+
+        #expect(model.subtitleText == "Codex usage is temporarily unavailable. Try refreshing.")
+        #expect(
+            model.creditsHintText ==
+                "OpenAI web refresh was interrupted. Refresh OpenAI cookies and try again.")
+        #expect(
+            model.creditsHintCopyText ==
+                "OpenAI web refresh was interrupted. Refresh OpenAI cookies and try again.")
+        #expect(
+            model.creditsText == "Codex usage is temporarily unavailable. Try refreshing. Cached values from 1m ago.")
+    }
+
+    @Test
+    func `providers pane codex error display keeps raw full text for copy`() {
+        let settings = self.makeSettingsStore(suite: "CodexUserFacingErrorTests-pane-error-display")
+        let store = self.makeUsageStore(settings: settings)
+        let raw =
+            "Codex connection failed: failed to fetch codex rate limits: "
+                + "GET https://chatgpt.com/backend-api/wham/usage failed: 500; body={\"error\":{}}"
+        store.errors[.codex] = raw
+
+        let pane = ProvidersPane(settings: settings, store: store)
+        let display = pane._test_providerErrorDisplay(for: .codex)
+
+        #expect(display?.preview == "Codex usage is temporarily unavailable. Try refreshing.")
+        #expect(display?.full == raw)
+    }
+
+    private func makeUsageStore(suite: String) -> UsageStore {
+        let settings = self.makeSettingsStore(suite: suite)
+        return self.makeUsageStore(settings: settings)
+    }
+
+    private func makeUsageStore(settings: SettingsStore) -> UsageStore {
+        UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+    }
+
+    private func makeSettingsStore(suite: String) -> SettingsStore {
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore(),
+            codexCookieStore: InMemoryCookieHeaderStore(),
+            claudeCookieStore: InMemoryCookieHeaderStore(),
+            cursorCookieStore: InMemoryCookieHeaderStore(),
+            opencodeCookieStore: InMemoryCookieHeaderStore(),
+            factoryCookieStore: InMemoryCookieHeaderStore(),
+            minimaxCookieStore: InMemoryMiniMaxCookieStore(),
+            minimaxAPITokenStore: InMemoryMiniMaxAPITokenStore(),
+            kimiTokenStore: InMemoryKimiTokenStore(),
+            kimiK2TokenStore: InMemoryKimiK2TokenStore(),
+            augmentCookieStore: InMemoryCookieHeaderStore(),
+            ampCookieStore: InMemoryCookieHeaderStore(),
+            copilotTokenStore: InMemoryCopilotTokenStore(),
+            tokenAccountStore: InMemoryTokenAccountStore())
+    }
+}
diff --git a/Tests/CodexBarTests/CodexVisibleAccountTests.swift b/Tests/CodexBarTests/CodexVisibleAccountTests.swift
new file mode 100644
index 000000000..6b41769dd
--- /dev/null
+++ b/Tests/CodexBarTests/CodexVisibleAccountTests.swift
@@ -0,0 +1,39 @@
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+struct CodexVisibleAccountTests {
+    @Test
+    func `menu display name suppresses personal workspace label`() {
+        let personal = CodexVisibleAccount(
+            id: "personal",
+            email: "user@example.com",
+            workspaceLabel: "Personal",
+            workspaceAccountID: "account-personal",
+            storedAccountID: nil,
+            selectionSource: .liveSystem,
+            isActive: true,
+            isLive: true,
+            canReauthenticate: true,
+            canRemove: false)
+        let team = CodexVisibleAccount(
+            id: "team",
+            email: "user@example.com",
+            workspaceLabel: "Team Alpha",
+            workspaceAccountID: "account-team",
+            storedAccountID: nil,
+            selectionSource: .managedAccount(id: UUID()),
+            isActive: false,
+            isLive: false,
+            canReauthenticate: true,
+            canRemove: true)
+
+        #expect(personal.displayName == "user@example.com — Personal")
+        #expect(personal.menuDisplayName == "user@example.com")
+        #expect(personal.menuWorkspaceLabel == nil)
+        #expect(team.displayName == "user@example.com — Team Alpha")
+        #expect(team.menuDisplayName == "user@example.com — Team Alpha")
+        #expect(team.menuWorkspaceLabel == "Team Alpha")
+    }
+}
diff --git a/Tests/CodexBarTests/CodexWebDashboardStrategyAuthorityTests.swift b/Tests/CodexBarTests/CodexWebDashboardStrategyAuthorityTests.swift
new file mode 100644
index 000000000..631b8cbf8
--- /dev/null
+++ b/Tests/CodexBarTests/CodexWebDashboardStrategyAuthorityTests.swift
@@ -0,0 +1,388 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+@MainActor
+struct CodexWebDashboardStrategyAuthorityTests {
+    @Test
+    func `web dashboard attach converts snapshot with authority attachment email`() throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let authHome = try self.makeAuthHome(
+            email: "owner@example.com",
+            accountId: "acct-owner")
+        defer { try? FileManager.default.removeItem(at: authHome) }
+
+        let context = self.makeContext(
+            authHome: authHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-owner"),
+                    normalizedEmail: "owner@example.com"),
+            ])
+        let result = try CodexWebDashboardStrategy.makeAuthorizedDashboardResultForTesting(
+            dashboard: self.makeDashboard(email: "owner@example.com"),
+            context: context,
+            routingTargetEmail: "route@example.com")
+
+        #expect(result.usage.accountEmail(for: .codex) == "owner@example.com")
+        #expect(result.credits?.remaining == 42)
+    }
+
+    @Test
+    func `web dashboard display only throws typed policy error`() throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let authHome = try self.makeAuthHome(email: "shared@example.com")
+        defer { try? FileManager.default.removeItem(at: authHome) }
+
+        let context = self.makeContext(
+            authHome: authHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-alpha"),
+                    normalizedEmail: "shared@example.com"),
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-beta"),
+                    normalizedEmail: "shared@example.com"),
+            ])
+        let dashboard = self.makeDashboard(email: "shared@example.com")
+        let expectedDecision = CodexDashboardAuthority.evaluate(
+            CodexCLIDashboardAuthorityContext.makeLiveWebInput(
+                dashboard: dashboard,
+                context: context,
+                routingTargetEmail: "route@example.com"))
+
+        do {
+            _ = try CodexWebDashboardStrategy.makeAuthorizedDashboardResultForTesting(
+                dashboard: dashboard,
+                context: context,
+                routingTargetEmail: "route@example.com")
+            Issue.record("Expected CodexDashboardPolicyError.displayOnly")
+        } catch let error as CodexDashboardPolicyError {
+            #expect(error == .displayOnly(expectedDecision))
+        } catch {
+            Issue.record("Expected CodexDashboardPolicyError.displayOnly, got \(error)")
+        }
+    }
+
+    @Test
+    func `web dashboard fail closed throws policy rejection`() throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let authHome = try self.makeAuthHome(
+            email: "owner@example.com",
+            accountId: "acct-owner")
+        defer { try? FileManager.default.removeItem(at: authHome) }
+
+        let context = self.makeContext(
+            authHome: authHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-other"),
+                    normalizedEmail: "owner@example.com"),
+            ])
+        let dashboard = self.makeDashboard(email: "owner@example.com")
+        let expectedDecision = CodexDashboardAuthority.evaluate(
+            CodexCLIDashboardAuthorityContext.makeLiveWebInput(
+                dashboard: dashboard,
+                context: context,
+                routingTargetEmail: "route@example.com"))
+
+        do {
+            _ = try CodexWebDashboardStrategy.makeAuthorizedDashboardResultForTesting(
+                dashboard: dashboard,
+                context: context,
+                routingTargetEmail: "route@example.com")
+            Issue.record("Expected OpenAIWebCodexError.policyRejected")
+        } catch let error as OpenAIWebCodexError {
+            #expect(error == .policyRejected(expectedDecision))
+        } catch {
+            Issue.record("Expected OpenAIWebCodexError.policyRejected, got \(error)")
+        }
+    }
+
+    @Test
+    func `web dashboard wrong email throws policy rejection`() throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let authHome = try self.makeAuthHome(
+            email: "owner@example.com",
+            accountId: "acct-owner")
+        defer { try? FileManager.default.removeItem(at: authHome) }
+
+        let context = self.makeContext(
+            authHome: authHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-owner"),
+                    normalizedEmail: "owner@example.com"),
+            ])
+        let dashboard = self.makeDashboard(email: "other@example.com")
+        let expectedDecision = CodexDashboardAuthority.evaluate(
+            CodexCLIDashboardAuthorityContext.makeLiveWebInput(
+                dashboard: dashboard,
+                context: context,
+                routingTargetEmail: "owner@example.com"))
+
+        do {
+            _ = try CodexWebDashboardStrategy.makeAuthorizedDashboardResultForTesting(
+                dashboard: dashboard,
+                context: context,
+                routingTargetEmail: "owner@example.com")
+            Issue.record("Expected OpenAIWebCodexError.policyRejected")
+        } catch let error as OpenAIWebCodexError {
+            #expect(error == .policyRejected(expectedDecision))
+            if case let .policyRejected(decision) = error {
+                #expect(decision.reason == .wrongEmail(expected: "owner@example.com", actual: "other@example.com"))
+            }
+        } catch {
+            Issue.record("Expected OpenAIWebCodexError.policyRejected, got \(error)")
+        }
+    }
+
+    @Test
+    func `web dashboard provider account without scoped auth email fail closes on dashboard collision`() throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let authHome = try self.makeAuthHome(email: nil, accountId: "acct-owner")
+        defer { try? FileManager.default.removeItem(at: authHome) }
+
+        let context = self.makeContext(
+            authHome: authHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-alpha"),
+                    normalizedEmail: "shared@example.com"),
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-beta"),
+                    normalizedEmail: "shared@example.com"),
+            ])
+        let dashboard = self.makeDashboard(email: "shared@example.com")
+        let expectedDecision = CodexDashboardAuthority.evaluate(
+            CodexCLIDashboardAuthorityContext.makeLiveWebInput(
+                dashboard: dashboard,
+                context: context,
+                routingTargetEmail: "shared@example.com"))
+
+        do {
+            _ = try CodexWebDashboardStrategy.makeAuthorizedDashboardResultForTesting(
+                dashboard: dashboard,
+                context: context,
+                routingTargetEmail: "shared@example.com")
+            Issue.record("Expected OpenAIWebCodexError.policyRejected")
+        } catch let error as OpenAIWebCodexError {
+            #expect(error == .policyRejected(expectedDecision))
+            if case let .policyRejected(decision) = error {
+                #expect(decision.reason == .providerAccountMissingScopedEmail)
+            }
+        } catch {
+            Issue.record("Expected OpenAIWebCodexError.policyRejected, got \(error)")
+        }
+    }
+
+    @Test
+    func `web dashboard attach saves cache with attached email not routing fallback`() throws {
+        OpenAIDashboardCacheStore.clear()
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let authHome = try self.makeAuthHome(
+            email: "owner@example.com",
+            accountId: "acct-owner")
+        defer { try? FileManager.default.removeItem(at: authHome) }
+
+        let context = self.makeContext(
+            authHome: authHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-owner"),
+                    normalizedEmail: "owner@example.com"),
+            ])
+
+        _ = try CodexWebDashboardStrategy.makeAuthorizedDashboardResultForTesting(
+            dashboard: self.makeDashboard(email: "owner@example.com"),
+            context: context,
+            routingTargetEmail: "route@example.com")
+
+        let cache = try #require(OpenAIDashboardCacheStore.load())
+        #expect(cache.accountEmail == "owner@example.com")
+        #expect(cache.accountEmail != "route@example.com")
+    }
+
+    @Test
+    func `web dashboard fail closed clears stale cache`() throws {
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "stale@example.com",
+            snapshot: self.makeDashboard(email: "stale@example.com")))
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let authHome = try self.makeAuthHome(
+            email: "owner@example.com",
+            accountId: "acct-owner")
+        defer { try? FileManager.default.removeItem(at: authHome) }
+
+        let context = self.makeContext(
+            authHome: authHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-other"),
+                    normalizedEmail: "owner@example.com"),
+            ])
+
+        do {
+            _ = try CodexWebDashboardStrategy.makeAuthorizedDashboardResultForTesting(
+                dashboard: self.makeDashboard(email: "owner@example.com"),
+                context: context,
+                routingTargetEmail: "route@example.com")
+            Issue.record("Expected OpenAIWebCodexError.policyRejected")
+        } catch is OpenAIWebCodexError {}
+
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+    }
+
+    @Test
+    func `web dashboard display only clears stale cache`() throws {
+        OpenAIDashboardCacheStore.save(OpenAIDashboardCache(
+            accountEmail: "stale@example.com",
+            snapshot: self.makeDashboard(email: "stale@example.com")))
+        defer { OpenAIDashboardCacheStore.clear() }
+
+        let authHome = try self.makeAuthHome(email: "shared@example.com")
+        defer { try? FileManager.default.removeItem(at: authHome) }
+
+        let context = self.makeContext(
+            authHome: authHome,
+            knownOwners: [
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-alpha"),
+                    normalizedEmail: "shared@example.com"),
+                CodexDashboardKnownOwnerCandidate(
+                    identity: .providerAccount(id: "acct-beta"),
+                    normalizedEmail: "shared@example.com"),
+            ])
+
+        do {
+            _ = try CodexWebDashboardStrategy.makeAuthorizedDashboardResultForTesting(
+                dashboard: self.makeDashboard(email: "shared@example.com"),
+                context: context,
+                routingTargetEmail: "route@example.com")
+            Issue.record("Expected CodexDashboardPolicyError.displayOnly")
+        } catch is CodexDashboardPolicyError {}
+
+        #expect(OpenAIDashboardCacheStore.load() == nil)
+    }
+
+    private func makeContext(
+        authHome: URL? = nil,
+        knownOwners: [CodexDashboardKnownOwnerCandidate]) -> ProviderFetchContext
+    {
+        let env = authHome.map { ["CODEX_HOME": $0.path] } ?? [:]
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        return ProviderFetchContext(
+            runtime: .cli,
+            sourceMode: .auto,
+            includeCredits: true,
+            webTimeout: 60,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: ProviderSettingsSnapshot.make(
+                codex: .init(
+                    usageDataSource: .auto,
+                    cookieSource: .auto,
+                    manualCookieHeader: nil,
+                    dashboardAuthorityKnownOwners: knownOwners)),
+            fetcher: UsageFetcher(environment: env),
+            claudeFetcher: ClaudeUsageFetcher(browserDetection: browserDetection),
+            browserDetection: browserDetection)
+    }
+
+    private func makeDashboard(email: String) -> OpenAIDashboardSnapshot {
+        OpenAIDashboardSnapshot(
+            signedInEmail: email,
+            codeReviewRemainingPercent: 75,
+            codeReviewLimit: RateWindow(
+                usedPercent: 25,
+                windowMinutes: 60,
+                resetsAt: Date(timeIntervalSince1970: 3600),
+                resetDescription: nil),
+            creditEvents: [
+                CreditEvent(
+                    date: Date(timeIntervalSince1970: 1000),
+                    service: "codex",
+                    creditsUsed: 3),
+            ],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            primaryLimit: RateWindow(
+                usedPercent: 10,
+                windowMinutes: 300,
+                resetsAt: Date(timeIntervalSince1970: 7200),
+                resetDescription: nil),
+            secondaryLimit: nil,
+            creditsRemaining: 42,
+            accountPlan: "pro",
+            updatedAt: Date(timeIntervalSince1970: 2000))
+    }
+
+    private func makeAuthHome(email: String?, accountId: String? = nil) throws -> URL {
+        let homeURL = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        try self.writeCodexAuthFile(homeURL: homeURL, email: email, accountId: accountId)
+        return homeURL
+    }
+
+    private func writeCodexAuthFile(
+        homeURL: URL,
+        email: String?,
+        accountId: String?) throws
+    {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        var tokens: [String: Any] = [
+            "accessToken": "access-token",
+            "refreshToken": "refresh-token",
+            "idToken": Self.fakeJWT(email: email, accountId: accountId),
+        ]
+        if let accountId {
+            tokens["accountId"] = accountId
+        }
+        let auth = ["tokens": tokens]
+        let data = try JSONSerialization.data(withJSONObject: auth)
+        try data.write(to: homeURL.appendingPathComponent("auth.json"))
+    }
+
+    private static func fakeJWT(email: String?, accountId: String?) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        var authClaims: [String: Any] = [
+            "chatgpt_plan_type": "pro",
+        ]
+        if let accountId {
+            authClaims["chatgpt_account_id"] = accountId
+        }
+        var claims: [String: Any] = [
+            "chatgpt_plan_type": "pro",
+            "https://api.openai.com/auth": authClaims,
+        ]
+        if let email {
+            claims["email"] = email
+        }
+        let payload = (try? JSONSerialization.data(withJSONObject: claims)) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
+}
diff --git a/Tests/CodexBarTests/CodexbarTests.swift b/Tests/CodexBarTests/CodexbarTests.swift
index 737081635..4a907a53c 100644
--- a/Tests/CodexBarTests/CodexbarTests.swift
+++ b/Tests/CodexBarTests/CodexbarTests.swift
@@ -4,10 +4,9 @@ import Foundation
 import Testing
 @testable import CodexBar
 
-@Suite
 struct CodexBarTests {
     @Test
-    func iconRendererProducesTemplateImage() {
+    func `icon renderer produces template image`() {
         let image = IconRenderer.makeIcon(
             primaryRemaining: 50,
             weeklyRemaining: 75,
@@ -19,7 +18,7 @@ struct CodexBarTests {
     }
 
     @Test
-    func iconRendererRendersAtPixelAlignedSize() {
+    func `icon renderer renders at pixel aligned size`() {
         let image = IconRenderer.makeIcon(
             primaryRemaining: 50,
             weeklyRemaining: 75,
@@ -33,7 +32,7 @@ struct CodexBarTests {
     }
 
     @Test
-    func iconRendererCachesStaticIcons() {
+    func `icon renderer caches static icons`() {
         let first = IconRenderer.makeIcon(
             primaryRemaining: 42,
             weeklyRemaining: 17,
@@ -50,7 +49,148 @@ struct CodexBarTests {
     }
 
     @Test
-    func iconRendererCodexEyesPunchThroughWhenUnknown() {
+    func `antigravity icon falls back to tertiary when leading lanes are missing`() {
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            tertiary: RateWindow(usedPercent: 80, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        let remaining = IconRemainingResolver.resolvedRemaining(snapshot: snapshot, style: .antigravity)
+        #expect(remaining.primary == 20)
+        #expect(remaining.secondary == nil)
+    }
+
+    @Test
+    func `antigravity icon uses next distinct fallback lane`() {
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: RateWindow(usedPercent: 30, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 60, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        let remaining = IconRemainingResolver.resolvedRemaining(snapshot: snapshot, style: .antigravity)
+        #expect(remaining.primary == 70)
+        #expect(remaining.secondary == 40)
+    }
+
+    @Test
+    func `perplexity icon falls back to purchased lane when bonus is exhausted`() {
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 20, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        let remaining = IconRemainingResolver.resolvedRemaining(snapshot: snapshot, style: .perplexity)
+        #expect(remaining.primary == 80)
+        #expect(remaining.secondary == 0)
+    }
+
+    @Test
+    func `perplexity icon skips exhausted recurring lane when purchased credits remain`() {
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 20, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        let remaining = IconRemainingResolver.resolvedRemaining(snapshot: snapshot, style: .perplexity)
+        #expect(remaining.primary == 80)
+        #expect(remaining.secondary == 0)
+    }
+
+    @Test
+    func `perplexity icon prefers purchased lane before bonus`() {
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: RateWindow(usedPercent: 20, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 45, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        let remaining = IconRemainingResolver.resolvedRemaining(snapshot: snapshot, style: .perplexity)
+        #expect(remaining.primary == 55)
+        #expect(remaining.secondary == 80)
+    }
+
+    @Test
+    func `kimi icon renders primary bar when secondary is nil`() throws {
+        // Regression: Kimi account connected with usage, but no progress bar shown (issue #1043).
+        // When secondary (rate limit) is absent, the icon renderer must still show
+        // the primary (weekly quota) bar.
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 18.3, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+
+        let remaining = IconRemainingResolver.resolvedRemaining(snapshot: snapshot, style: .kimi)
+
+        guard let primaryRemaining = remaining.primary else {
+            Issue.record("remaining.primary was nil after IconRemainingResolver check")
+            return
+        }
+        #expect(primaryRemaining > 0) // 81.7% remaining
+        #expect(remaining.secondary == nil)
+
+        let image = IconRenderer.makeIcon(
+            primaryRemaining: remaining.primary,
+            weeklyRemaining: remaining.secondary,
+            creditsRemaining: nil,
+            stale: false,
+            style: .kimi)
+        #expect(image.size.width > 0)
+        #expect(image.isTemplate)
+
+        // Prove the primary bar is actually rendered using pixel inspection.
+        // Top bar rect: x ∈ [3, 33], y ∈ [19, 31] in the 36×36 canvas (barXPx=3, barWidthPx=30, y=19, h=12).
+        let bitmapReps = image.representations.compactMap { $0 as? NSBitmapImageRep }
+        let rep = try #require(bitmapReps.first { $0.pixelsWide == 36 && $0.pixelsHigh == 36 })
+
+        func alphaAt(px x: Int, _ y: Int) -> CGFloat {
+            (rep.colorAt(x: x, y: y) ?? .clear).alphaComponent
+        }
+
+        func regionHasFill(xRange: ClosedRange<Int>, yRange: ClosedRange<Int>) -> Bool {
+            for y in yRange {
+                for x in xRange where alphaAt(px: x, y) > 0.05 {
+                    return true
+                }
+            }
+            return false
+        }
+
+        // Primary bar (top track) must have fill to prove the progress bar rendered.
+        #expect(regionHasFill(xRange: 3...33, yRange: 19...31))
+    }
+
+    @Test
+    func `codex icon promotes weekly only window into primary display lane`() {
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: RateWindow(usedPercent: 25, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            tertiary: nil,
+            updatedAt: Date())
+
+        let remaining = IconRemainingResolver.resolvedRemaining(snapshot: snapshot, style: .codex)
+        #expect(remaining.primary == 75)
+        #expect(remaining.secondary == nil)
+    }
+
+    @Test
+    func `codex icon uses semantic projection lanes when durations drift`() {
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: RateWindow(usedPercent: 25, windowMinutes: 11040, resetsAt: nil, resetDescription: nil),
+            tertiary: nil,
+            updatedAt: Date())
+
+        let remaining = IconRemainingResolver.resolvedRemaining(snapshot: snapshot, style: .codex)
+        #expect(remaining.primary == 75)
+        #expect(remaining.secondary == nil)
+    }
+
+    @Test
+    func `icon renderer codex eyes punch through when unknown`() {
         // Regression: when remaining is nil, CoreGraphics inherits the previous fill alpha which caused
         // destinationOut “eyes” to become semi-transparent instead of fully punched through.
         let image = IconRenderer.makeIcon(
@@ -116,7 +256,7 @@ struct CodexBarTests {
     }
 
     @Test
-    func iconRendererWarpEyesCutOutAtExpectedCenters() {
+    func `icon renderer warp eyes cut out at expected centers`() {
         // Regression: Warp eyes should be tilted in-place and remain centered on the face.
         let image = IconRenderer.makeIcon(
             primaryRemaining: 50,
@@ -169,7 +309,28 @@ struct CodexBarTests {
     }
 
     @Test
-    func accountInfoParsesAuthToken() throws {
+    func `account info parses snake case auth token`() throws {
+        let tmp = try FileManager.default.url(
+            for: .itemReplacementDirectory,
+            in: .userDomainMask,
+            appropriateFor: URL(fileURLWithPath: NSTemporaryDirectory()),
+            create: true)
+        defer { try? FileManager.default.removeItem(at: tmp) }
+
+        let token = Self.fakeJWT(email: "user@example.com", plan: "pro")
+        let auth = ["tokens": ["id_token": token, "access_token": "access", "refresh_token": "refresh"]]
+        let data = try JSONSerialization.data(withJSONObject: auth)
+        let authURL = tmp.appendingPathComponent("auth.json")
+        try data.write(to: authURL)
+
+        let fetcher = UsageFetcher(environment: ["CODEX_HOME": tmp.path])
+        let account = fetcher.loadAccountInfo()
+        #expect(account.email == "user@example.com")
+        #expect(account.plan == "pro")
+    }
+
+    @Test
+    func `account info parses legacy camel case auth token`() throws {
         let tmp = try FileManager.default.url(
             for: .itemReplacementDirectory,
             in: .userDomainMask,
@@ -178,7 +339,7 @@ struct CodexBarTests {
         defer { try? FileManager.default.removeItem(at: tmp) }
 
         let token = Self.fakeJWT(email: "user@example.com", plan: "pro")
-        let auth = ["tokens": ["idToken": token]]
+        let auth = ["tokens": ["idToken": token, "accessToken": "access", "refreshToken": "refresh"]]
         let data = try JSONSerialization.data(withJSONObject: auth)
         let authURL = tmp.appendingPathComponent("auth.json")
         try data.write(to: authURL)
diff --git a/Tests/CodexBarTests/CommandCodeProviderTests.swift b/Tests/CodexBarTests/CommandCodeProviderTests.swift
new file mode 100644
index 000000000..5273b244c
--- /dev/null
+++ b/Tests/CodexBarTests/CommandCodeProviderTests.swift
@@ -0,0 +1,23 @@
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+struct CommandCodeProviderTests {
+    @Test
+    func `descriptor metadata is correct`() {
+        let descriptor = ProviderDescriptorRegistry.descriptor(for: .commandcode)
+
+        #expect(descriptor.metadata.displayName == "Command Code")
+        #expect(descriptor.metadata.dashboardURL == "https://commandcode.ai/studio")
+        #expect(descriptor.metadata.subscriptionDashboardURL == "https://commandcode.ai/sixhobbits/settings/billing")
+        #expect(descriptor.metadata.cliName == "commandcode")
+        #expect(descriptor.branding.iconResourceName == "ProviderIcon-commandcode")
+        #expect(descriptor.branding.iconStyle == .commandcode)
+    }
+
+    @MainActor
+    @Test
+    func `implementation is registered`() {
+        #expect(ProviderCatalog.implementation(for: .commandcode) != nil)
+    }
+}
diff --git a/Tests/CodexBarTests/CommandCodeUsageFetcherTests.swift b/Tests/CodexBarTests/CommandCodeUsageFetcherTests.swift
new file mode 100644
index 000000000..f8425f97e
--- /dev/null
+++ b/Tests/CodexBarTests/CommandCodeUsageFetcherTests.swift
@@ -0,0 +1,113 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+/// Tests for `CommandCodeUsageFetcher` parsers and the cookie/snapshot derivation,
+/// using real responses captured from api.commandcode.ai for an active "individual-go" plan.
+struct CommandCodeUsageFetcherTests {
+    private static let creditsJSON = """
+    {"credits":{"belowThreshold":false,"creditThreshold":0,"monthlyCredits":8.7784,\
+    "purchasedCredits":0,"premiumMonthlyCredits":0,"opensourceMonthlyCredits":8.7784}}
+    """
+
+    private static let subscriptionJSON = """
+    {"success":true,"data":{"id":"sub_1TTzt3DSZgxV3MJKG4ClCWpn","status":"active",\
+    "userId":"915e93a7-a1f9-4c97-a3f0-20a85fcb3a45","orgId":null,\
+    "createdAt":"2026-05-06T07:28:50.000Z","priceId":"price_1TMD8zDSZgxV3MJKxOZMVZrP",\
+    "metadata":{"commandCode":"true","commandCodeUserId":"915e93a7-a1f9-4c97-a3f0-20a85fcb3a45"},\
+    "quantity":1,"cancelAtPeriodEnd":false,\
+    "currentPeriodStart":"2026-05-06T07:28:50.000Z","currentPeriodEnd":"2026-06-06T07:28:50.000Z",\
+    "endedAt":null,"cancelAt":null,"canceledAt":null,"planId":"individual-go"}}
+    """
+
+    @Test
+    func `parses credits payload`() throws {
+        let data = try #require(Self.creditsJSON.data(using: .utf8))
+        let payload = try CommandCodeUsageFetcher.parseCredits(data: data)
+        #expect(payload.monthlyCredits == 8.7784)
+        #expect(payload.purchasedCredits == 0)
+        #expect(payload.premiumMonthlyCredits == 0)
+        #expect(payload.opensourceMonthlyCredits == 8.7784)
+    }
+
+    @Test
+    func `parses subscription payload`() throws {
+        let data = try #require(Self.subscriptionJSON.data(using: .utf8))
+        let payload = try #require(try CommandCodeUsageFetcher.parseSubscription(data: data))
+        #expect(payload.planID == "individual-go")
+        #expect(payload.status == "active")
+        let isoFormatter = ISO8601DateFormatter()
+        isoFormatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        let expectedEnd = isoFormatter.date(from: "2026-06-06T07:28:50.000Z")
+        #expect(payload.currentPeriodEnd == expectedEnd)
+    }
+
+    @Test
+    func `subscription on free tier returns nil`() throws {
+        let data = Data(#"{"success":true,"data":null}"#.utf8)
+        let payload = try CommandCodeUsageFetcher.parseSubscription(data: data)
+        #expect(payload == nil)
+    }
+
+    @Test
+    func `snapshot derives used and total from plan catalog`() throws {
+        let plan = try #require(CommandCodePlanCatalog.plan(forID: "individual-go"))
+        let snapshot = CommandCodeUsageSnapshot(
+            monthlyCreditsRemaining: 8.7784,
+            purchasedCredits: 0,
+            premiumMonthlyCredits: 0,
+            opensourceMonthlyCredits: 8.7784,
+            plan: plan,
+            billingPeriodEnd: Date(timeIntervalSince1970: 1_780_000_000),
+            subscriptionStatus: "active",
+            updatedAt: Date(timeIntervalSince1970: 0))
+        #expect(snapshot.monthlyCreditsTotal == 10)
+        #expect(abs((snapshot.monthlyCreditsUsed ?? -1) - 1.2216) < 0.0001)
+
+        let usage = snapshot.toUsageSnapshot()
+        let primary = try #require(usage.primary)
+        #expect(abs(primary.usedPercent - 12.216) < 0.001)
+        #expect(primary.resetsAt == Date(timeIntervalSince1970: 1_780_000_000))
+        #expect(usage.identity?.loginMethod == "Go · $1.22 of $10.00")
+    }
+
+    @Test
+    func `plan catalog covers known plans`() {
+        #expect(CommandCodePlanCatalog.plan(forID: "individual-go")?.monthlyCreditsUSD == 10)
+        #expect(CommandCodePlanCatalog.plan(forID: "individual-pro")?.monthlyCreditsUSD == 30)
+        #expect(CommandCodePlanCatalog.plan(forID: "individual-max")?.monthlyCreditsUSD == 150)
+        #expect(CommandCodePlanCatalog.plan(forID: "individual-ultra")?.monthlyCreditsUSD == 300)
+        #expect(CommandCodePlanCatalog.plan(forID: "unknown") == nil)
+    }
+
+    @Test
+    func `cookie header extracts secure session cookie`() throws {
+        let raw = "_ga=GA1.2.123; __Secure-better-auth.session_token=abc123; foo=bar"
+        let override = try #require(CommandCodeCookieHeader.override(from: raw))
+        #expect(override.name == "__Secure-better-auth.session_token")
+        #expect(override.token == "abc123")
+        #expect(override.headerValue == "__Secure-better-auth.session_token=abc123")
+    }
+
+    @Test
+    func `cookie header accepts non-secure variant`() throws {
+        let raw = "better-auth.session_token=plain-token"
+        let override = try #require(CommandCodeCookieHeader.override(from: raw))
+        #expect(override.name == "better-auth.session_token")
+        #expect(override.token == "plain-token")
+    }
+
+    @Test
+    func `cookie header accepts bare token and uses secure name`() throws {
+        let override = try #require(CommandCodeCookieHeader.override(from: "bare-value"))
+        #expect(override.name == "__Secure-better-auth.session_token")
+        #expect(override.token == "bare-value")
+    }
+
+    @Test
+    func `cookie header rejects empty input`() {
+        #expect(CommandCodeCookieHeader.override(from: nil) == nil)
+        #expect(CommandCodeCookieHeader.override(from: "") == nil)
+        #expect(CommandCodeCookieHeader.override(from: "   ") == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/ConfigValidationTests.swift b/Tests/CodexBarTests/ConfigValidationTests.swift
index 59c9447c9..da42392cc 100644
--- a/Tests/CodexBarTests/ConfigValidationTests.swift
+++ b/Tests/CodexBarTests/ConfigValidationTests.swift
@@ -2,10 +2,9 @@ import CodexBarCore
 import Foundation
 import Testing
 
-@Suite
 struct ConfigValidationTests {
     @Test
-    func reportsUnsupportedSource() {
+    func `reports unsupported source`() {
         var config = CodexBarConfig.makeDefault()
         config.setProviderConfig(ProviderConfig(id: .codex, source: .api))
         let issues = CodexBarConfigValidator.validate(config)
@@ -13,7 +12,7 @@ struct ConfigValidationTests {
     }
 
     @Test
-    func reportsMissingAPIKeyWhenSourceAPI() {
+    func `reports missing API key when source API`() {
         var config = CodexBarConfig.makeDefault()
         config.setProviderConfig(ProviderConfig(id: .zai, source: .api, apiKey: nil))
         let issues = CodexBarConfigValidator.validate(config)
@@ -21,7 +20,7 @@ struct ConfigValidationTests {
     }
 
     @Test
-    func reportsInvalidRegion() {
+    func `reports invalid region`() {
         var config = CodexBarConfig.makeDefault()
         config.setProviderConfig(ProviderConfig(id: .minimax, region: "nowhere"))
         let issues = CodexBarConfigValidator.validate(config)
@@ -29,7 +28,7 @@ struct ConfigValidationTests {
     }
 
     @Test
-    func warnsOnUnsupportedTokenAccounts() {
+    func `warns on unsupported token accounts`() {
         let accounts = ProviderTokenAccountData(
             version: 1,
             accounts: [ProviderTokenAccount(id: UUID(), label: "a", token: "t", addedAt: 0, lastUsed: nil)],
@@ -41,7 +40,7 @@ struct ConfigValidationTests {
     }
 
     @Test
-    func allowsOllamaTokenAccounts() {
+    func `allows ollama token accounts`() {
         let accounts = ProviderTokenAccountData(
             version: 1,
             accounts: [ProviderTokenAccount(id: UUID(), label: "a", token: "t", addedAt: 0, lastUsed: nil)],
@@ -53,10 +52,62 @@ struct ConfigValidationTests {
     }
 
     @Test
-    func acceptsKiloExtrasConfigField() {
+    func `accepts kilo extras config field`() {
         var config = CodexBarConfig.makeDefault()
         config.setProviderConfig(ProviderConfig(id: .kilo, extrasEnabled: true))
         let issues = CodexBarConfigValidator.validate(config)
         #expect(!issues.contains(where: { $0.provider == .kilo && $0.field == "extrasEnabled" }))
     }
+
+    @Test
+    func `allows deepgram project workspace ID`() {
+        var config = CodexBarConfig.makeDefault()
+        config.setProviderConfig(ProviderConfig(id: .deepgram, workspaceID: "project-123"))
+        let issues = CodexBarConfigValidator.validate(config)
+        #expect(!issues.contains(where: { $0.provider == .deepgram && $0.code == "workspace_unused" }))
+    }
+
+    @Test
+    func `allows Azure OpenAI endpoint and deployment fields`() {
+        var config = CodexBarConfig.makeDefault()
+        config.setProviderConfig(ProviderConfig(
+            id: .azureopenai,
+            workspaceID: "chat-prod",
+            enterpriseHost: "https://example-resource.openai.azure.com"))
+        let issues = CodexBarConfigValidator.validate(config)
+
+        #expect(!issues.contains(where: { $0.provider == .azureopenai && $0.code == "workspace_unused" }))
+        #expect(!issues.contains(where: { $0.provider == .azureopenai && $0.code == "enterprise_host_unused" }))
+    }
+
+    @Test
+    func `allows OpenAI API project workspace ID`() {
+        var config = CodexBarConfig.makeDefault()
+        config.setProviderConfig(ProviderConfig(id: .openai, workspaceID: "proj_abc"))
+        let issues = CodexBarConfigValidator.validate(config)
+
+        #expect(!issues.contains(where: { $0.provider == .openai && $0.code == "workspace_unused" }))
+    }
+
+    @Test
+    func `warns on unsupported workspace ID`() {
+        var config = CodexBarConfig.makeDefault()
+        config.setProviderConfig(ProviderConfig(id: .gemini, workspaceID: "workspace-123"))
+        let issues = CodexBarConfigValidator.validate(config)
+        #expect(issues.contains(where: { $0.provider == .gemini && $0.code == "workspace_unused" }))
+        #expect(issues.contains(where: { issue in
+            issue.provider == .gemini &&
+                issue.code == "workspace_unused" &&
+                issue.message.contains("openai")
+        }))
+    }
+
+    @Test
+    func `config store default url honors environment override`() {
+        let url = CodexBarConfigStore.defaultURL(environment: [
+            CodexBarConfigStore.pathEnvironmentKey: "~/tmp/codexbar-test-config.json",
+        ])
+
+        #expect(url.path.hasSuffix("/tmp/codexbar-test-config.json"))
+    }
 }
diff --git a/Tests/CodexBarTests/CookieHeaderCacheTests.swift b/Tests/CodexBarTests/CookieHeaderCacheTests.swift
index f02395722..d5ba8856d 100644
--- a/Tests/CodexBarTests/CookieHeaderCacheTests.swift
+++ b/Tests/CodexBarTests/CookieHeaderCacheTests.swift
@@ -4,8 +4,12 @@ import Testing
 
 @Suite(.serialized)
 struct CookieHeaderCacheTests {
+    private struct WrongEntry: Codable {
+        let value: String
+    }
+
     @Test
-    func storesAndLoadsEntry() {
+    func `stores and loads entry`() {
         KeychainCacheStore.setTestStoreForTesting(true)
         defer { KeychainCacheStore.setTestStoreForTesting(false) }
 
@@ -26,7 +30,55 @@ struct CookieHeaderCacheTests {
     }
 
     @Test
-    func migratesLegacyFileToKeychain() {
+    func `stores separate codex entries per managed account scope`() {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+        let provider: UsageProvider = .codex
+        let accountA = UUID()
+        let accountB = UUID()
+
+        CookieHeaderCache.store(
+            provider: provider,
+            scope: .managedAccount(accountA),
+            cookieHeader: "auth=account-a",
+            sourceLabel: "Chrome")
+        CookieHeaderCache.store(
+            provider: provider,
+            scope: .managedAccount(accountB),
+            cookieHeader: "auth=account-b",
+            sourceLabel: "Safari")
+        defer {
+            CookieHeaderCache.clear(provider: provider, scope: .managedAccount(accountA))
+            CookieHeaderCache.clear(provider: provider, scope: .managedAccount(accountB))
+        }
+
+        #expect(CookieHeaderCache.load(provider: provider, scope: .managedAccount(accountA))?
+            .cookieHeader == "auth=account-a")
+        #expect(CookieHeaderCache.load(provider: provider, scope: .managedAccount(accountB))?
+            .cookieHeader == "auth=account-b")
+        #expect(CookieHeaderCache.load(provider: provider)?.cookieHeader == nil)
+    }
+
+    @Test
+    func `provider global scope remains available without managed account`() {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+        let provider: UsageProvider = .codex
+
+        CookieHeaderCache.store(
+            provider: provider,
+            cookieHeader: "auth=system",
+            sourceLabel: "Chrome")
+        defer { CookieHeaderCache.clear(provider: provider) }
+
+        #expect(CookieHeaderCache.load(provider: provider)?.cookieHeader == "auth=system")
+        #expect(CookieHeaderCache.load(provider: provider, scope: .managedAccount(UUID())) == nil)
+    }
+
+    @Test
+    func `migrates legacy file to keychain`() {
         KeychainCacheStore.setTestStoreForTesting(true)
         defer { KeychainCacheStore.setTestStoreForTesting(false) }
 
@@ -57,4 +109,125 @@ struct CookieHeaderCacheTests {
         let loadedAgain = CookieHeaderCache.load(provider: provider)
         #expect(loadedAgain?.cookieHeader == "auth=legacy")
     }
+
+    #if os(macOS)
+    @Test
+    func `temporary keychain unavailability returns nil without migrating legacy file`() {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+        let legacyBase = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        CookieHeaderCache.setLegacyBaseURLOverrideForTesting(legacyBase)
+        defer { CookieHeaderCache.setLegacyBaseURLOverrideForTesting(nil) }
+
+        let provider: UsageProvider = .codex
+        let legacyURL = legacyBase.appendingPathComponent("\(provider.rawValue)-cookie.json")
+        CookieHeaderCache.store(
+            CookieHeaderCache.Entry(
+                cookieHeader: "auth=legacy",
+                storedAt: Date(timeIntervalSince1970: 0),
+                sourceLabel: "Legacy"),
+            to: legacyURL)
+        #expect(FileManager.default.fileExists(atPath: legacyURL.path) == true)
+
+        let loaded = KeychainCacheStore.withLoadFailureStatusOverrideForTesting(errSecInteractionNotAllowed) {
+            CookieHeaderCache.load(provider: provider)
+        }
+
+        #expect(loaded == nil)
+        #expect(FileManager.default.fileExists(atPath: legacyURL.path) == true)
+
+        switch KeychainCacheStore.load(key: .cookie(provider: provider), as: CookieHeaderCache.Entry.self) {
+        case .missing:
+            #expect(true)
+        case .found, .temporarilyUnavailable, .invalid:
+            #expect(Bool(false), "Expected temporary miss not to migrate legacy cache")
+        }
+    }
+    #endif
+
+    @Test
+    func `invalid keychain cache is cleared`() {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+        let legacyBase = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        CookieHeaderCache.setLegacyBaseURLOverrideForTesting(legacyBase)
+        defer { CookieHeaderCache.setLegacyBaseURLOverrideForTesting(nil) }
+
+        let provider: UsageProvider = .codex
+        let key = KeychainCacheStore.Key.cookie(provider: provider)
+        KeychainCacheStore.store(key: key, entry: WrongEntry(value: "not-a-cookie-entry"))
+
+        #expect(CookieHeaderCache.load(provider: provider) == nil)
+
+        switch KeychainCacheStore.load(key: key, as: CookieHeaderCache.Entry.self) {
+        case .missing:
+            #expect(true)
+        case .found, .temporarilyUnavailable, .invalid:
+            #expect(Bool(false), "Expected invalid cookie cache to be cleared")
+        }
+    }
+
+    @Test
+    func `clear all scopes removes global scoped invalid and legacy cookie entries`() {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+        let legacyBase = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        CookieHeaderCache.setLegacyBaseURLOverrideForTesting(legacyBase)
+        defer { CookieHeaderCache.setLegacyBaseURLOverrideForTesting(nil) }
+
+        let provider: UsageProvider = .codex
+        let accountID = UUID()
+        CookieHeaderCache.store(provider: provider, cookieHeader: "auth=global", sourceLabel: "Chrome")
+        CookieHeaderCache.store(
+            provider: provider,
+            scope: .managedAccount(accountID),
+            cookieHeader: "auth=scoped",
+            sourceLabel: "Chrome")
+        KeychainCacheStore.store(
+            key: .cookie(provider: provider, scopeIdentifier: "managed-store-unreadable"),
+            entry: WrongEntry(value: "invalid"))
+        CookieHeaderCache.store(
+            CookieHeaderCache.Entry(
+                cookieHeader: "auth=legacy",
+                storedAt: Date(timeIntervalSince1970: 0),
+                sourceLabel: "Legacy"),
+            to: CookieHeaderCache.legacyURLForTesting(provider: provider))
+
+        let cleared = CookieHeaderCache.clearAllScopes(provider: provider)
+
+        #expect(cleared == 4)
+        #expect(!CookieHeaderCache.hasKeychainEntryForTesting(provider: provider))
+        #expect(!CookieHeaderCache.hasKeychainEntryForTesting(provider: provider, scope: .managedAccount(accountID)))
+        #expect(!CookieHeaderCache.hasKeychainEntryForTesting(provider: provider, scope: .managedStoreUnreadable))
+        #expect(!CookieHeaderCache.hasLegacyEntryForTesting(provider: provider))
+    }
+
+    @Test
+    func `clear all removes every provider cookie key without decoding entries`() {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+        KeychainCacheStore.withServiceOverrideForTesting("cookie-clear-all-\(UUID().uuidString)") {
+            CookieHeaderCache.store(provider: .claude, cookieHeader: "auth=claude", sourceLabel: "Chrome")
+            CookieHeaderCache.store(
+                provider: .codex,
+                scope: .managedAccount(UUID()),
+                cookieHeader: "auth=codex",
+                sourceLabel: "Chrome")
+            KeychainCacheStore.store(
+                key: .cookie(provider: .cursor),
+                entry: WrongEntry(value: "invalid"))
+
+            let cleared = CookieHeaderCache.clearAll()
+
+            #expect(cleared >= 3)
+            #expect(KeychainCacheStore.keys(category: "cookie").isEmpty)
+        }
+    }
 }
diff --git a/Tests/CodexBarTests/CookieHeaderNormalizerTests.swift b/Tests/CodexBarTests/CookieHeaderNormalizerTests.swift
new file mode 100644
index 000000000..2fee1f509
--- /dev/null
+++ b/Tests/CodexBarTests/CookieHeaderNormalizerTests.swift
@@ -0,0 +1,14 @@
+import CodexBarCore
+import Testing
+
+struct CookieHeaderNormalizerTests {
+    @Test
+    func `compact curl short form without whitespace still parses`() {
+        let normalized = CookieHeaderNormalizer.normalize("curl https://example.com -bfoo=bar")
+
+        #expect(normalized == "foo=bar")
+        #expect(CookieHeaderNormalizer.pairs(from: "curl https://example.com -bfoo=bar").count == 1)
+        #expect(CookieHeaderNormalizer.pairs(from: "curl https://example.com -bfoo=bar").first?.name == "foo")
+        #expect(CookieHeaderNormalizer.pairs(from: "curl https://example.com -bfoo=bar").first?.value == "bar")
+    }
+}
diff --git a/Tests/CodexBarTests/CopilotDeviceFlowTests.swift b/Tests/CodexBarTests/CopilotDeviceFlowTests.swift
new file mode 100644
index 000000000..a79ac02ff
--- /dev/null
+++ b/Tests/CodexBarTests/CopilotDeviceFlowTests.swift
@@ -0,0 +1,91 @@
+import CodexBarCore
+import Foundation
+import Testing
+
+struct CopilotDeviceFlowTests {
+    @Test
+    func `prefers verification uri complete when available`() throws {
+        let response = try JSONDecoder().decode(
+            CopilotDeviceFlow.DeviceCodeResponse.self,
+            from: Data(
+                """
+                {
+                  "device_code": "device-code",
+                  "user_code": "ABCD-EFGH",
+                  "verification_uri": "https://github.com/login/device",
+                  "verification_uri_complete": "https://github.com/login/device?user_code=ABCD-EFGH",
+                  "expires_in": 900,
+                  "interval": 5
+                }
+                """.utf8))
+
+        #expect(response.verificationURLToOpen == "https://github.com/login/device?user_code=ABCD-EFGH")
+    }
+
+    @Test
+    func `falls back to verification uri when complete url missing`() throws {
+        let response = try JSONDecoder().decode(
+            CopilotDeviceFlow.DeviceCodeResponse.self,
+            from: Data(
+                """
+                {
+                  "device_code": "device-code",
+                  "user_code": "ABCD-EFGH",
+                  "verification_uri": "https://github.com/login/device",
+                  "expires_in": 900,
+                  "interval": 5
+                }
+                """.utf8))
+
+        #expect(response.verificationURLToOpen == "https://github.com/login/device")
+    }
+
+    @Test
+    func `device flow uses github by default`() throws {
+        let flow = CopilotDeviceFlow()
+        let deviceCodeURL = try #require(flow.deviceCodeURL)
+        let accessTokenURL = try #require(flow.accessTokenURL)
+
+        #expect(deviceCodeURL.absoluteString == "https://github.com/login/device/code")
+        #expect(accessTokenURL.absoluteString == "https://github.com/login/oauth/access_token")
+    }
+
+    @Test
+    func `device flow uses enterprise host`() throws {
+        let flow = CopilotDeviceFlow(enterpriseHost: "https://octocorp.ghe.com/login")
+        let deviceCodeURL = try #require(flow.deviceCodeURL)
+        let accessTokenURL = try #require(flow.accessTokenURL)
+
+        #expect(deviceCodeURL.absoluteString == "https://octocorp.ghe.com/login/device/code")
+        #expect(accessTokenURL.absoluteString == "https://octocorp.ghe.com/login/oauth/access_token")
+    }
+
+    @Test
+    func `device flow rejects invalid enterprise host without crashing`() {
+        let flow = CopilotDeviceFlow(enterpriseHost: "foo bar")
+
+        #expect(flow.deviceCodeURL == nil)
+        #expect(flow.accessTokenURL == nil)
+    }
+
+    @Test
+    func `device flow preserves enterprise host port`() throws {
+        let flow = CopilotDeviceFlow(enterpriseHost: "https://octocorp.ghe.com:8443/login")
+        let deviceCodeURL = try #require(flow.deviceCodeURL)
+        let accessTokenURL = try #require(flow.accessTokenURL)
+
+        #expect(deviceCodeURL.absoluteString == "https://octocorp.ghe.com:8443/login/device/code")
+        #expect(accessTokenURL.absoluteString == "https://octocorp.ghe.com:8443/login/oauth/access_token")
+    }
+
+    @Test
+    func `usage url uses enterprise api host`() throws {
+        let defaultURL = try #require(CopilotUsageFetcher.usageURL(enterpriseHost: nil))
+        let enterpriseURL = try #require(CopilotUsageFetcher.usageURL(enterpriseHost: "octocorp.ghe.com"))
+        let enterprisePortURL = try #require(CopilotUsageFetcher.usageURL(enterpriseHost: "octocorp.ghe.com:8443"))
+
+        #expect(defaultURL.absoluteString == "https://api.github.com/copilot_internal/user")
+        #expect(enterpriseURL.absoluteString == "https://api.octocorp.ghe.com/copilot_internal/user")
+        #expect(enterprisePortURL.absoluteString == "https://api.octocorp.ghe.com:8443/copilot_internal/user")
+    }
+}
diff --git a/Tests/CodexBarTests/CopilotMultiAccountTests.swift b/Tests/CodexBarTests/CopilotMultiAccountTests.swift
new file mode 100644
index 000000000..0dc6ae673
--- /dev/null
+++ b/Tests/CodexBarTests/CopilotMultiAccountTests.swift
@@ -0,0 +1,409 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+// MARK: - Catalog
+
+@Test
+func `copilot catalog entry exists`() {
+    let support = TokenAccountSupportCatalog.support(for: .copilot)
+    #expect(support != nil)
+    #expect(support?.requiresManualCookieSource == false)
+    #expect(support?.cookieName == nil)
+}
+
+@Test
+func `copilot catalog entry uses environment injection`() {
+    let support = TokenAccountSupportCatalog.support(for: .copilot)
+    guard let support else {
+        Issue.record("Copilot catalog entry missing")
+        return
+    }
+    if case let .environment(key) = support.injection {
+        #expect(key == "COPILOT_API_TOKEN")
+    } else {
+        Issue.record("Expected .environment injection, got cookieHeader")
+    }
+}
+
+@Test
+func `copilot env override uses correct key`() {
+    let override = TokenAccountSupportCatalog.envOverride(for: .copilot, token: "gh_abc")
+    #expect(override == ["COPILOT_API_TOKEN": "gh_abc"])
+}
+
+// MARK: - Username Fetch (parsing only)
+
+@Test
+func `GitHub user response parses stable id and login`() throws {
+    let json = #"{"login": "testuser", "id": 123, "name": "Test User"}"#
+    let user = try JSONDecoder().decode(CopilotUsageFetcher.GitHubUserIdentity.self, from: Data(json.utf8))
+    #expect(user.id == 123)
+    #expect(user.login == "testuser")
+}
+
+@Test
+func `GitHub user response requires stable id`() throws {
+    let json = #"{"login": "minimaluser"}"#
+    #expect(throws: DecodingError.self) {
+        try JSONDecoder().decode(CopilotUsageFetcher.GitHubUserIdentity.self, from: Data(json.utf8))
+    }
+}
+
+// MARK: - API Key Fallback
+
+@MainActor
+struct CopilotAPIKeyFallbackTests {
+    @Test
+    func `ensure loader preserves config token`() {
+        let settings = Self.makeSettingsStore(suite: "copilot-api-key-loader")
+        settings.copilotAPIToken = "gh_token_123"
+
+        settings.ensureCopilotAPITokenLoaded()
+
+        #expect(settings.copilotAPIToken == "gh_token_123")
+        #expect(settings.tokenAccounts(for: .copilot).isEmpty)
+    }
+
+    @Test
+    func `token accounts clear legacy config token`() {
+        let settings = Self.makeSettingsStore(suite: "copilot-api-key-with-accounts")
+        settings.copilotAPIToken = "gh_token_old"
+        settings.addTokenAccount(provider: .copilot, label: "existing", token: "gh_token_existing")
+
+        settings.ensureCopilotAPITokenLoaded()
+
+        #expect(settings.tokenAccounts(for: .copilot).count == 1)
+        #expect(settings.copilotAPIToken.isEmpty)
+        #expect(settings.copilotSettingsSnapshot(tokenOverride: nil).apiToken == "gh_token_existing")
+        #expect(settings.tokenAccounts(for: .copilot).first?.label == "existing")
+    }
+
+    private static func makeSettingsStore(suite: String) -> SettingsStore {
+        SettingsStore(
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore(),
+            codexCookieStore: InMemoryCookieHeaderStore(),
+            claudeCookieStore: InMemoryCookieHeaderStore(),
+            cursorCookieStore: InMemoryCookieHeaderStore(),
+            opencodeCookieStore: InMemoryCookieHeaderStore(),
+            factoryCookieStore: InMemoryCookieHeaderStore(),
+            minimaxCookieStore: InMemoryMiniMaxCookieStore(),
+            minimaxAPITokenStore: InMemoryMiniMaxAPITokenStore(),
+            kimiTokenStore: InMemoryKimiTokenStore(),
+            kimiK2TokenStore: InMemoryKimiK2TokenStore(),
+            augmentCookieStore: InMemoryCookieHeaderStore(),
+            ampCookieStore: InMemoryCookieHeaderStore(),
+            copilotTokenStore: InMemoryCopilotTokenStore(),
+            tokenAccountStore: InMemoryTokenAccountStore())
+    }
+}
+
+// MARK: - Environment Precedence
+
+@MainActor
+struct CopilotEnvironmentPrecedenceTests {
+    @Test
+    func `token account overrides config API key`() throws {
+        let settings = Self.makeSettingsStore(suite: "copilot-env-override")
+        settings.copilotAPIToken = "old_config_token"
+        settings.addTokenAccount(provider: .copilot, label: "new", token: "new_account_token")
+
+        let account = try #require(settings.selectedTokenAccount(for: .copilot))
+        let override = TokenAccountOverride(provider: .copilot, account: account)
+        let env = ProviderRegistry.makeEnvironment(
+            base: [:],
+            provider: .copilot,
+            settings: settings,
+            tokenOverride: override)
+        let snapshot = ProviderRegistry.makeSettingsSnapshot(settings: settings, tokenOverride: override)
+
+        #expect(env["COPILOT_API_TOKEN"] == "new_account_token")
+        #expect(snapshot.copilot?.apiToken == "new_account_token")
+    }
+
+    @Test
+    func `selected token account is included in copilot settings snapshot`() {
+        let settings = Self.makeSettingsStore(suite: "copilot-settings-snapshot-account")
+        settings.copilotAPIToken = "old_config_token"
+        settings.addTokenAccount(provider: .copilot, label: "new", token: "new_account_token")
+
+        let snapshot = ProviderRegistry.makeSettingsSnapshot(settings: settings, tokenOverride: nil)
+
+        #expect(snapshot.copilot?.apiToken == "new_account_token")
+    }
+
+    @Test
+    func `config API key used when no token accounts`() {
+        let settings = Self.makeSettingsStore(suite: "copilot-env-config-only")
+        settings.copilotAPIToken = "config_token"
+
+        let env = ProviderRegistry.makeEnvironment(
+            base: [:],
+            provider: .copilot,
+            settings: settings,
+            tokenOverride: nil)
+        let snapshot = ProviderRegistry.makeSettingsSnapshot(settings: settings, tokenOverride: nil)
+
+        #expect(env["COPILOT_API_TOKEN"] == "config_token")
+        #expect(snapshot.copilot?.apiToken == "config_token")
+    }
+
+    private static func makeSettingsStore(suite: String) -> SettingsStore {
+        SettingsStore(
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore(),
+            codexCookieStore: InMemoryCookieHeaderStore(),
+            claudeCookieStore: InMemoryCookieHeaderStore(),
+            cursorCookieStore: InMemoryCookieHeaderStore(),
+            opencodeCookieStore: InMemoryCookieHeaderStore(),
+            factoryCookieStore: InMemoryCookieHeaderStore(),
+            minimaxCookieStore: InMemoryMiniMaxCookieStore(),
+            minimaxAPITokenStore: InMemoryMiniMaxAPITokenStore(),
+            kimiTokenStore: InMemoryKimiTokenStore(),
+            kimiK2TokenStore: InMemoryKimiK2TokenStore(),
+            augmentCookieStore: InMemoryCookieHeaderStore(),
+            ampCookieStore: InMemoryCookieHeaderStore(),
+            copilotTokenStore: InMemoryCopilotTokenStore(),
+            tokenAccountStore: InMemoryTokenAccountStore())
+    }
+}
+
+// MARK: - External Identifier Dedup
+
+@MainActor
+struct CopilotExternalIdentifierTests {
+    @Test
+    func `addTokenAccount persists external identifier`() throws {
+        let settings = Self.makeSettingsStore(suite: "copilot-ext-id-add")
+        settings.addTokenAccount(
+            provider: .copilot,
+            label: "octocat (Pro)",
+            token: "gh_token_1",
+            externalIdentifier: "octocat")
+
+        let account = try #require(settings.tokenAccounts(for: .copilot).first)
+        #expect(account.externalIdentifier == "octocat")
+    }
+
+    @Test
+    func `updateTokenAccount preserves identifier when not provided`() throws {
+        let settings = Self.makeSettingsStore(suite: "copilot-ext-id-preserve")
+        settings.addTokenAccount(
+            provider: .copilot,
+            label: "octocat (Pro)",
+            token: "gh_token_1",
+            externalIdentifier: "octocat")
+        let original = try #require(settings.tokenAccounts(for: .copilot).first)
+
+        settings.updateTokenAccount(
+            provider: .copilot,
+            accountID: original.id,
+            label: "octocat (Business)",
+            token: "gh_token_2")
+
+        let updated = try #require(settings.tokenAccounts(for: .copilot).first)
+        #expect(updated.id == original.id)
+        #expect(updated.token == "gh_token_2")
+        #expect(updated.externalIdentifier == "octocat")
+    }
+
+    @Test
+    func `updateTokenAccount writes identifier back for legacy accounts`() throws {
+        let settings = Self.makeSettingsStore(suite: "copilot-ext-id-backfill")
+        // Legacy account: no externalIdentifier (pre-feature).
+        settings.addTokenAccount(provider: .copilot, label: "octocat (Pro)", token: "gh_legacy")
+        let legacy = try #require(settings.tokenAccounts(for: .copilot).first)
+        #expect(legacy.externalIdentifier == nil)
+
+        settings.updateTokenAccount(
+            provider: .copilot,
+            accountID: legacy.id,
+            label: "octocat (Pro)",
+            token: "gh_refreshed",
+            externalIdentifier: .some("octocat"))
+
+        let updated = try #require(settings.tokenAccounts(for: .copilot).first)
+        #expect(updated.id == legacy.id)
+        #expect(updated.externalIdentifier == "octocat")
+    }
+
+    @Test
+    func `legacy Account N account matches reauth by stored token identity`() async {
+        let legacy = Self.makeAccount(label: "Account 1", token: "old-token", externalIdentifier: nil)
+        let matched = await CopilotLoginFlow.matchExistingAccount(
+            existingAccounts: [legacy],
+            identity: Self.identity(id: 123, login: "octocat"),
+            label: "octocat (Pro)",
+            legacyIdentityResolver: { account in
+                account.token == "old-token" ? Self.identity(id: 123, login: "octocat") : nil
+            })
+
+        #expect(matched?.id == legacy.id)
+    }
+
+    @Test
+    func `user renamed legacy account matches reauth by stored token identity`() async {
+        let legacy = Self.makeAccount(label: "Work GitHub", token: "old-token", externalIdentifier: nil)
+        let matched = await CopilotLoginFlow.matchExistingAccount(
+            existingAccounts: [legacy],
+            identity: Self.identity(id: 123, login: "octocat"),
+            label: "octocat (Pro)",
+            legacyIdentityResolver: { account in
+                account.token == "old-token" ? Self.identity(id: 123, login: "OctoCat") : nil
+            })
+
+        #expect(matched?.id == legacy.id)
+    }
+
+    @Test
+    func `stable external identifier match is preferred`() async {
+        let identified = Self.makeAccount(
+            label: "Personal",
+            token: "identified",
+            externalIdentifier: "github:user:123")
+        let legacy = Self.makeAccount(label: "octocat", token: "legacy", externalIdentifier: nil)
+        let matched = await CopilotLoginFlow.matchExistingAccount(
+            existingAccounts: [legacy, identified],
+            identity: Self.identity(id: 123, login: "octocat"),
+            label: "octocat (Pro)",
+            legacyIdentityResolver: { _ in
+                Issue.record("Resolver should not run when externalIdentifier matches")
+                return nil
+            })
+
+        #expect(matched?.id == identified.id)
+    }
+
+    @Test
+    func `legacy login external identifier still matches and can be backfilled`() async {
+        let identified = Self.makeAccount(label: "Personal", token: "identified", externalIdentifier: "OctoCat")
+        let matched = await CopilotLoginFlow.matchExistingAccount(
+            existingAccounts: [identified],
+            identity: Self.identity(id: 123, login: "octocat"),
+            label: "octocat (Pro)",
+            legacyIdentityResolver: { _ in
+                Issue.record("Resolver should not run when legacy externalIdentifier matches")
+                return nil
+            })
+
+        #expect(matched?.id == identified.id)
+        #expect(CopilotLoginFlow.externalIdentifier(for: Self.identity(id: 123, login: "octocat")) == "github:user:123")
+    }
+
+    @Test
+    func `decoding legacy token account JSON yields nil identifier`() throws {
+        let json = """
+        {
+          "id": "11111111-1111-1111-1111-111111111111",
+          "label": "octocat",
+          "token": "gh_legacy",
+          "addedAt": 1700000000.0
+        }
+        """
+        let account = try JSONDecoder().decode(ProviderTokenAccount.self, from: Data(json.utf8))
+        #expect(account.label == "octocat")
+        #expect(account.externalIdentifier == nil)
+        #expect(account.lastUsed == nil)
+    }
+
+    private nonisolated static func identity(id: Int64, login: String) -> CopilotUsageFetcher.GitHubUserIdentity {
+        CopilotUsageFetcher.GitHubUserIdentity(id: id, login: login)
+    }
+
+    private static func makeAccount(
+        label: String,
+        token: String,
+        externalIdentifier: String?) -> ProviderTokenAccount
+    {
+        ProviderTokenAccount(
+            id: UUID(),
+            label: label,
+            token: token,
+            addedAt: 1_700_000_000,
+            lastUsed: nil,
+            externalIdentifier: externalIdentifier)
+    }
+
+    private static func makeSettingsStore(suite: String) -> SettingsStore {
+        SettingsStore(
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore(),
+            codexCookieStore: InMemoryCookieHeaderStore(),
+            claudeCookieStore: InMemoryCookieHeaderStore(),
+            cursorCookieStore: InMemoryCookieHeaderStore(),
+            opencodeCookieStore: InMemoryCookieHeaderStore(),
+            factoryCookieStore: InMemoryCookieHeaderStore(),
+            minimaxCookieStore: InMemoryMiniMaxCookieStore(),
+            minimaxAPITokenStore: InMemoryMiniMaxAPITokenStore(),
+            kimiTokenStore: InMemoryKimiTokenStore(),
+            kimiK2TokenStore: InMemoryKimiK2TokenStore(),
+            augmentCookieStore: InMemoryCookieHeaderStore(),
+            ampCookieStore: InMemoryCookieHeaderStore(),
+            copilotTokenStore: InMemoryCopilotTokenStore(),
+            tokenAccountStore: InMemoryTokenAccountStore())
+    }
+}
+
+// MARK: - Token Account Snapshot Error Messages
+
+@MainActor
+struct TokenAccountSnapshotErrorMessageTests {
+    @Test
+    func `cancellation is suppressed for global error path`() {
+        let store = Self.makeUsageStore()
+        #expect(store.tokenAccountErrorMessage(CancellationError()) == nil)
+        #expect(store.tokenAccountErrorMessage(URLError(.cancelled)) == nil)
+    }
+
+    @Test
+    func `cancellation-like localized errors are suppressed`() {
+        let store = Self.makeUsageStore()
+        struct Cancelled: LocalizedError {
+            var errorDescription: String? {
+                "cancelled"
+            }
+        }
+        #expect(store.tokenAccountErrorMessage(Cancelled()) == nil)
+    }
+
+    @Test
+    func `non-cancellation error preserves localized message`() {
+        let store = Self.makeUsageStore()
+        struct Boom: LocalizedError {
+            var errorDescription: String? {
+                "kaboom"
+            }
+        }
+        #expect(store.tokenAccountSnapshotErrorMessage(Boom()) == "kaboom")
+        #expect(store.tokenAccountErrorMessage(Boom()) == "kaboom")
+    }
+
+    private static func makeUsageStore() -> UsageStore {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "copilot-snapshot-error-\(UUID().uuidString)"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore(),
+            codexCookieStore: InMemoryCookieHeaderStore(),
+            claudeCookieStore: InMemoryCookieHeaderStore(),
+            cursorCookieStore: InMemoryCookieHeaderStore(),
+            opencodeCookieStore: InMemoryCookieHeaderStore(),
+            factoryCookieStore: InMemoryCookieHeaderStore(),
+            minimaxCookieStore: InMemoryMiniMaxCookieStore(),
+            minimaxAPITokenStore: InMemoryMiniMaxAPITokenStore(),
+            kimiTokenStore: InMemoryKimiTokenStore(),
+            kimiK2TokenStore: InMemoryKimiK2TokenStore(),
+            augmentCookieStore: InMemoryCookieHeaderStore(),
+            ampCookieStore: InMemoryCookieHeaderStore(),
+            copilotTokenStore: InMemoryCopilotTokenStore(),
+            tokenAccountStore: InMemoryTokenAccountStore())
+        return UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings)
+    }
+}
diff --git a/Tests/CodexBarTests/CopilotUsageFetcherTests.swift b/Tests/CodexBarTests/CopilotUsageFetcherTests.swift
new file mode 100644
index 000000000..3ae186a65
--- /dev/null
+++ b/Tests/CodexBarTests/CopilotUsageFetcherTests.swift
@@ -0,0 +1,28 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct CopilotUsageFetcherTests {
+    @Test
+    func `fetchGitHubIdentity uses shared client`() async throws {
+        let transport = ProviderHTTPTransportStub { request in
+            guard request.value(forHTTPHeaderField: "Authorization") == "token abc123" else {
+                throw URLError(.userAuthenticationRequired)
+            }
+            let response = try HTTPURLResponse(
+                url: #require(request.url),
+                statusCode: 200,
+                httpVersion: "HTTP/1.1",
+                headerFields: ["Content-Type": "application/json"])!
+            return (Data(#"{"login":"testuser","id":123}"#.utf8), response)
+        }
+
+        let identity = try await CopilotUsageFetcher.fetchGitHubIdentity(token: "abc123", transport: transport)
+
+        #expect(identity.login == "testuser")
+        #expect(identity.id == 123)
+        let requests = await transport.requests()
+        #expect(requests.count == 1)
+        #expect(requests.first?.url?.host == "api.github.com")
+    }
+}
diff --git a/Tests/CodexBarTests/CopilotUsageModelsTests.swift b/Tests/CodexBarTests/CopilotUsageModelsTests.swift
index b2dac8809..e59d2ad9e 100644
--- a/Tests/CodexBarTests/CopilotUsageModelsTests.swift
+++ b/Tests/CodexBarTests/CopilotUsageModelsTests.swift
@@ -1,11 +1,10 @@
-import CodexBarCore
 import Foundation
 import Testing
+@testable import CodexBarCore
 
-@Suite
 struct CopilotUsageModelsTests {
     @Test
-    func decodesQuotaSnapshotsPayload() throws {
+    func `decodes quota snapshots payload`() throws {
         let response = try Self.decodeFixture(
             """
             {
@@ -37,7 +36,7 @@ struct CopilotUsageModelsTests {
     }
 
     @Test
-    func decodesChatOnlyQuotaSnapshotsPayload() throws {
+    func `decodes chat only quota snapshots payload`() throws {
         let response = try Self.decodeFixture(
             """
             {
@@ -60,7 +59,7 @@ struct CopilotUsageModelsTests {
     }
 
     @Test
-    func preservesMissingDateFieldsAsNil() throws {
+    func `preserves missing date fields as nil`() throws {
         let response = try Self.decodeFixture(
             """
             {
@@ -81,7 +80,7 @@ struct CopilotUsageModelsTests {
     }
 
     @Test
-    func preservesExplicitEmptyDateFields() throws {
+    func `preserves explicit empty date fields`() throws {
         let response = try Self.decodeFixture(
             """
             {
@@ -104,7 +103,7 @@ struct CopilotUsageModelsTests {
     }
 
     @Test
-    func decodesMonthlyAndLimitedQuotaPayload() throws {
+    func `decodes monthly and limited quota payload`() throws {
         let response = try Self.decodeFixture(
             """
             {
@@ -132,7 +131,7 @@ struct CopilotUsageModelsTests {
     }
 
     @Test
-    func doesNotAssumeFullQuotaWhenLimitedQuotasAreMissing() throws {
+    func `does not assume full quota when limited quotas are missing`() throws {
         let response = try Self.decodeFixture(
             """
             {
@@ -149,7 +148,7 @@ struct CopilotUsageModelsTests {
     }
 
     @Test
-    func computesMonthlyFallbackPerQuotaOnlyWhenLimitedValueExists() throws {
+    func `computes monthly fallback per quota only when limited value exists`() throws {
         let response = try Self.decodeFixture(
             """
             {
@@ -172,7 +171,7 @@ struct CopilotUsageModelsTests {
     }
 
     @Test
-    func mergesDirectAndMonthlyFallbackLanesWhenDirectIsPartial() throws {
+    func `merges direct and monthly fallback lanes when direct is partial`() throws {
         let response = try Self.decodeFixture(
             """
             {
@@ -208,7 +207,7 @@ struct CopilotUsageModelsTests {
     }
 
     @Test
-    func decodesUnknownQuotaSnapshotKeysUsingFallback() throws {
+    func `decodes unknown quota snapshot keys using fallback`() throws {
         let response = try Self.decodeFixture(
             """
             {
@@ -232,7 +231,7 @@ struct CopilotUsageModelsTests {
     }
 
     @Test
-    func ignoresPlaceholderKnownSnapshotWhenSelectingUnknownKeyFallback() throws {
+    func `ignores placeholder known snapshot when selecting unknown key fallback`() throws {
         let response = try Self.decodeFixture(
             """
             {
@@ -255,7 +254,7 @@ struct CopilotUsageModelsTests {
     }
 
     @Test
-    func derivesPercentRemainingWhenMissingButEntitlementExists() throws {
+    func `derives percent remaining when missing but entitlement exists`() throws {
         let response = try Self.decodeFixture(
             """
             {
@@ -275,7 +274,56 @@ struct CopilotUsageModelsTests {
     }
 
     @Test
-    func marksPercentRemainingAsUnavailableWhenUnderdetermined() throws {
+    func `preserves over quota percent remaining`() throws {
+        let response = try Self.decodeFixture(
+            """
+            {
+              "copilot_plan": "paid",
+              "quota_snapshots": {
+                "premium_interactions": {
+                  "entitlement": 500,
+                  "remaining": -75,
+                  "percent_remaining": -15,
+                  "quota_id": "premium_interactions"
+                }
+              }
+            }
+            """)
+
+        let snapshot = try #require(response.quotaSnapshots.premiumInteractions)
+        #expect(snapshot.percentRemaining == -15)
+        #expect(snapshot.usedPercent == 115)
+        #expect(snapshot.overQuotaUsedPercent == 115)
+        let window = try #require(CopilotUsageFetcher.makeRateWindow(from: snapshot))
+        #expect(window.usedPercent == 115)
+        #expect(window.resetDescription == "115% used")
+    }
+
+    @Test
+    func `derives over quota percent from negative remaining`() throws {
+        let response = try Self.decodeFixture(
+            """
+            {
+              "copilot_plan": "paid",
+              "quota_snapshots": {
+                "chat": {
+                  "entitlement": 500,
+                  "remaining": -75,
+                  "quota_id": "chat"
+                }
+              }
+            }
+            """)
+
+        let snapshot = try #require(response.quotaSnapshots.chat)
+        #expect(snapshot.hasPercentRemaining)
+        #expect(snapshot.percentRemaining == -15)
+        #expect(snapshot.usedPercent == 115)
+        #expect(snapshot.overQuotaUsedPercent == 115)
+    }
+
+    @Test
+    func `marks percent remaining as unavailable when underdetermined`() throws {
         let response = try Self.decodeFixture(
             """
             {
@@ -294,7 +342,7 @@ struct CopilotUsageModelsTests {
     }
 
     @Test
-    func marksPercentRemainingAsUnavailableWhenRemainingIsMissing() throws {
+    func `marks percent remaining as unavailable when remaining is missing`() throws {
         let response = try Self.decodeFixture(
             """
             {
@@ -313,7 +361,7 @@ struct CopilotUsageModelsTests {
     }
 
     @Test
-    func fallsBackToMonthlyWhenDirectSnapshotIsMissingRemaining() throws {
+    func `falls back to monthly when direct snapshot is missing remaining`() throws {
         let response = try Self.decodeFixture(
             """
             {
@@ -342,7 +390,7 @@ struct CopilotUsageModelsTests {
     }
 
     @Test
-    func fallsBackToMonthlyWhenDirectSnapshotsLackComputablePercent() throws {
+    func `falls back to monthly when direct snapshots lack computable percent`() throws {
         let response = try Self.decodeFixture(
             """
             {
@@ -371,7 +419,7 @@ struct CopilotUsageModelsTests {
     }
 
     @Test
-    func skipsMonthlyFallbackWhenMonthlyDenominatorIsZero() throws {
+    func `skips monthly fallback when monthly denominator is zero`() throws {
         let response = try Self.decodeFixture(
             """
             {
diff --git a/Tests/CodexBarTests/CostHistoryChartMenuViewTests.swift b/Tests/CodexBarTests/CostHistoryChartMenuViewTests.swift
new file mode 100644
index 000000000..f1c98f03a
--- /dev/null
+++ b/Tests/CodexBarTests/CostHistoryChartMenuViewTests.swift
@@ -0,0 +1,12 @@
+import Testing
+@testable import CodexBar
+
+struct CostHistoryChartMenuViewTests {
+    @Test
+    @MainActor
+    func `window label keeps today for one day and dynamic labels otherwise`() {
+        #expect(CostHistoryChartMenuView.windowLabel(days: 1) == "Today")
+        #expect(CostHistoryChartMenuView.windowLabel(days: 7) == "Last 7 days")
+        #expect(CostHistoryChartMenuView.windowLabel(days: 30) == "Last 30 days")
+    }
+}
diff --git a/Tests/CodexBarTests/CostUsageCacheTests.swift b/Tests/CodexBarTests/CostUsageCacheTests.swift
new file mode 100644
index 000000000..f71c60e25
--- /dev/null
+++ b/Tests/CodexBarTests/CostUsageCacheTests.swift
@@ -0,0 +1,137 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct CostUsageCacheTests {
+    @Test
+    func `cache file URL uses codex specific artifact version`() {
+        let root = URL(fileURLWithPath: "/tmp/codexbar-cost-cache", isDirectory: true)
+
+        let codexURL = CostUsageCacheIO.cacheFileURL(provider: .codex, cacheRoot: root)
+        let claudeURL = CostUsageCacheIO.cacheFileURL(provider: .claude, cacheRoot: root)
+
+        #expect(codexURL.lastPathComponent == "codex-v8.json")
+        #expect(claudeURL.lastPathComponent == "claude-v2.json")
+    }
+
+    @Test
+    func `cache load requires matching producer key`() throws {
+        let root = try self.makeTemporaryCacheRoot()
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        var cache = CostUsageCache()
+        cache.lastScanUnixMs = 123
+        cache.days = ["2026-05-18": ["gpt-5.5": [1, 2, 3]]]
+
+        CostUsageCacheIO.save(
+            provider: .codex,
+            cache: cache,
+            cacheRoot: root,
+            producerKey: "codex:cu:p1111111111111111")
+
+        let loaded = CostUsageCacheIO.load(
+            provider: .codex,
+            cacheRoot: root,
+            producerKey: "codex:cu:p1111111111111111")
+        #expect(loaded.producerKey == "codex:cu:p1111111111111111")
+        #expect(loaded.lastScanUnixMs == 123)
+        #expect(loaded.days["2026-05-18"]?["gpt-5.5"] == [1, 2, 3])
+
+        let stale = CostUsageCacheIO.load(
+            provider: .codex,
+            cacheRoot: root,
+            producerKey: "codex:cu:p2222222222222222")
+        #expect(stale.lastScanUnixMs == 0)
+        #expect(stale.files.isEmpty)
+        #expect(stale.days.isEmpty)
+    }
+
+    @Test
+    func `legacy cache without producer key is ignored`() throws {
+        let root = try self.makeTemporaryCacheRoot()
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let url = CostUsageCacheIO.cacheFileURL(provider: .codex, cacheRoot: root)
+        try FileManager.default.createDirectory(
+            at: url.deletingLastPathComponent(),
+            withIntermediateDirectories: true)
+        let legacy = """
+        {
+          "version": 1,
+          "lastScanUnixMs": 999,
+          "files": {},
+          "days": {
+            "2026-05-18": {
+              "gpt-5": [1, 0, 0]
+            }
+          }
+        }
+        """
+        try legacy.write(to: url, atomically: false, encoding: .utf8)
+
+        let loaded = CostUsageCacheIO.load(
+            provider: .codex,
+            cacheRoot: root,
+            producerKey: "codex:cu:p1111111111111111")
+
+        #expect(loaded.lastScanUnixMs == 0)
+        #expect(loaded.days.isEmpty)
+    }
+
+    @Test
+    func `non codex cache does not require producer key`() throws {
+        let root = try self.makeTemporaryCacheRoot()
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let url = CostUsageCacheIO.cacheFileURL(provider: .claude, cacheRoot: root)
+        try FileManager.default.createDirectory(
+            at: url.deletingLastPathComponent(),
+            withIntermediateDirectories: true)
+        let legacy = """
+        {
+          "version": 1,
+          "lastScanUnixMs": 999,
+          "files": {},
+          "days": {
+            "2026-05-18": {
+              "claude-sonnet-4-5": [1, 0, 0]
+            }
+          }
+        }
+        """
+        try legacy.write(to: url, atomically: false, encoding: .utf8)
+
+        let loaded = CostUsageCacheIO.load(provider: .claude, cacheRoot: root)
+
+        #expect(loaded.lastScanUnixMs == 999)
+        #expect(loaded.days["2026-05-18"]?["claude-sonnet-4-5"] == [1, 0, 0])
+    }
+
+    @Test
+    func `current producer key uses generated parser hash for codex only`() {
+        let codexKey = CostUsageCacheIO.currentProducerKey(
+            provider: .codex,
+            parserHash: "abc1234567890def")
+        let standaloneKey = CostUsageCacheIO.currentProducerKey(
+            provider: .claude,
+            parserHash: "abc1234567890def")
+
+        #expect(codexKey == "codex:cu:pabc1234567890def")
+        #expect(standaloneKey == nil)
+    }
+
+    @Test
+    func `generated parser hash is stable short lowercase hex`() {
+        let hash = CodexParserHash.value
+
+        #expect(hash.range(of: #"^[0-9a-f]{16}$"#, options: .regularExpression) != nil)
+        #expect(CostUsageCacheIO.currentProducerKey(provider: .codex) == "codex:cu:p\(hash)")
+    }
+
+    private func makeTemporaryCacheRoot() throws -> URL {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codexbar-cost-cache-\(UUID().uuidString)", isDirectory: true)
+        try FileManager.default.createDirectory(at: root, withIntermediateDirectories: true)
+        return root
+    }
+}
diff --git a/Tests/CodexBarTests/CostUsageCancellationTests.swift b/Tests/CodexBarTests/CostUsageCancellationTests.swift
new file mode 100644
index 000000000..246603dbc
--- /dev/null
+++ b/Tests/CodexBarTests/CostUsageCancellationTests.swift
@@ -0,0 +1,147 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct CostUsageCancellationTests {
+    @Test
+    func `fetcher honors cancellation before token scan`() async throws {
+        let gate = AsyncCancellationGate()
+        let task = Task {
+            await gate.wait()
+            _ = try await CostUsageFetcher.loadTokenSnapshot(
+                provider: .codex,
+                scannerOptions: CostUsageScanner.Options())
+        }
+        await gate.waitUntilBlocked()
+        task.cancel()
+        await gate.open()
+
+        await #expect(throws: CancellationError.self) {
+            _ = try await task.value
+        }
+    }
+
+    @Test
+    func `codex scanner cancellation preserves existing cache`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 1, day: 2)
+        let iso = env.isoString(for: day)
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "session.jsonl",
+            contents: self.codexSessionContents(iso: iso, tokenLineCount: 1))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        #expect(report.data.count == 1)
+
+        let cacheURL = CostUsageCacheIO.cacheFileURL(provider: .codex, cacheRoot: env.cacheRoot)
+        let cacheBefore = try Data(contentsOf: cacheURL)
+
+        try self.codexSessionContents(iso: iso, tokenLineCount: 20000)
+            .write(to: fileURL, atomically: true, encoding: .utf8)
+
+        var checks = 0
+        let checkCancellation: CostUsageScanner.CancellationCheck = {
+            checks += 1
+            if checks >= 8 {
+                throw CancellationError()
+            }
+        }
+
+        #expect(throws: CancellationError.self) {
+            _ = try CostUsageScanner.loadDailyReportCancellable(
+                provider: .codex,
+                since: day,
+                until: day,
+                now: day,
+                options: options,
+                checkCancellation: checkCancellation)
+        }
+        #expect(checks >= 8)
+        #expect(try Data(contentsOf: cacheURL) == cacheBefore)
+    }
+
+    @Test
+    func `codex metadata pre scan honors cancellation`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 1, day: 2)
+        let iso = env.isoString(for: day)
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "session-without-metadata.jsonl",
+            contents: Array(repeating: self.codexTokenLine(iso: iso), count: 20000).joined(separator: "\n") + "\n")
+
+        var checks = 0
+        let checkCancellation: CostUsageScanner.CancellationCheck = {
+            checks += 1
+            if checks >= 3 {
+                throw CancellationError()
+            }
+        }
+
+        #expect(throws: CancellationError.self) {
+            _ = try CostUsageScanner.parseCodexFileCancellable(
+                fileURL: fileURL,
+                range: CostUsageScanner.CostUsageDayRange(since: day, until: day),
+                checkCancellation: checkCancellation)
+        }
+        #expect(checks >= 3)
+    }
+
+    private func codexSessionContents(iso: String, tokenLineCount: Int) -> String {
+        let session = #"{"type":"session_meta","payload":{"session_id":"session-1"}}"#
+        let context = #"{"type":"turn_context","timestamp":"\#(iso)","payload":{"model":"gpt-5"}}"#
+        return ([session, context] + Array(repeating: self.codexTokenLine(iso: iso), count: tokenLineCount))
+            .joined(separator: "\n") + "\n"
+    }
+
+    private func codexTokenLine(iso: String) -> String {
+        #"{"type":"event_msg","timestamp":"\#(iso)","payload":{"#
+            + #""type":"token_count","info":{"last_token_usage":{"#
+            + #""input_tokens":10,"cached_input_tokens":2,"output_tokens":4}}}}"#
+    }
+}
+
+private actor AsyncCancellationGate {
+    private var blockedContinuation: CheckedContinuation<Void, Never>?
+    private var openContinuation: CheckedContinuation<Void, Never>?
+    private var isBlocked = false
+    private var isOpen = false
+
+    func wait() async {
+        self.isBlocked = true
+        self.blockedContinuation?.resume()
+        self.blockedContinuation = nil
+        if self.isOpen { return }
+        await withCheckedContinuation { continuation in
+            self.openContinuation = continuation
+        }
+    }
+
+    func waitUntilBlocked() async {
+        if self.isBlocked { return }
+        await withCheckedContinuation { continuation in
+            self.blockedContinuation = continuation
+        }
+    }
+
+    func open() {
+        self.isOpen = true
+        self.openContinuation?.resume()
+        self.openContinuation = nil
+    }
+}
diff --git a/Tests/CodexBarTests/CostUsageDailyReportMergeTests.swift b/Tests/CodexBarTests/CostUsageDailyReportMergeTests.swift
new file mode 100644
index 000000000..e7a42293c
--- /dev/null
+++ b/Tests/CodexBarTests/CostUsageDailyReportMergeTests.swift
@@ -0,0 +1,166 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct CostUsageDailyReportMergeTests {
+    @Test
+    func `merged report sums overlapping day totals and model breakdowns`() {
+        let native = CostUsageDailyReport(
+            data: [
+                CostUsageDailyReport.Entry(
+                    date: "2026-04-04",
+                    inputTokens: 100,
+                    outputTokens: 20,
+                    cacheReadTokens: 10,
+                    cacheCreationTokens: nil,
+                    totalTokens: 130,
+                    costUSD: 1.25,
+                    modelsUsed: ["gpt-5.4"],
+                    modelBreakdowns: [
+                        CostUsageDailyReport.ModelBreakdown(
+                            modelName: "gpt-5.4",
+                            costUSD: 1.25,
+                            totalTokens: 130,
+                            standardCostUSD: 0.75,
+                            priorityCostUSD: 0.50,
+                            standardTokens: 80,
+                            priorityTokens: 50),
+                    ]),
+            ],
+            summary: CostUsageDailyReport.Summary(
+                totalInputTokens: 100,
+                totalOutputTokens: 20,
+                cacheReadTokens: 10,
+                cacheCreationTokens: nil,
+                totalTokens: 130,
+                totalCostUSD: 1.25))
+        let pi = CostUsageDailyReport(
+            data: [
+                CostUsageDailyReport.Entry(
+                    date: "2026-04-04",
+                    inputTokens: 50,
+                    outputTokens: 10,
+                    cacheReadTokens: 5,
+                    cacheCreationTokens: 2,
+                    totalTokens: 67,
+                    costUSD: 0.75,
+                    modelsUsed: ["gpt-5.4"],
+                    modelBreakdowns: [
+                        CostUsageDailyReport.ModelBreakdown(
+                            modelName: "gpt-5.4",
+                            costUSD: 0.75,
+                            totalTokens: 67,
+                            standardCostUSD: 0.25,
+                            priorityCostUSD: 0.50,
+                            standardTokens: 20,
+                            priorityTokens: 47),
+                    ]),
+            ],
+            summary: CostUsageDailyReport.Summary(
+                totalInputTokens: 50,
+                totalOutputTokens: 10,
+                cacheReadTokens: 5,
+                cacheCreationTokens: 2,
+                totalTokens: 67,
+                totalCostUSD: 0.75))
+
+        let merged = native.merged(with: pi)
+        #expect(merged.data.count == 1)
+        #expect(merged.data.first?.inputTokens == 150)
+        #expect(merged.data.first?.outputTokens == 30)
+        #expect(merged.data.first?.cacheReadTokens == 15)
+        #expect(merged.data.first?.cacheCreationTokens == 2)
+        #expect(merged.data.first?.totalTokens == 197)
+        #expect(abs((merged.data.first?.costUSD ?? 0) - 2.0) < 0.000001)
+        #expect(merged.data.first?.modelBreakdowns == [
+            CostUsageDailyReport.ModelBreakdown(
+                modelName: "gpt-5.4",
+                costUSD: 2.0,
+                totalTokens: 197,
+                standardCostUSD: 1.0,
+                priorityCostUSD: 1.0,
+                standardTokens: 100,
+                priorityTokens: 97),
+        ])
+        #expect(merged.summary?.totalTokens == 197)
+        #expect(abs((merged.summary?.totalCostUSD ?? 0) - 2.0) < 0.000001)
+    }
+
+    @Test
+    func `merged report unions days and orders model breakdowns deterministically`() {
+        let first = CostUsageDailyReport(
+            data: [
+                CostUsageDailyReport.Entry(
+                    date: "2026-04-04",
+                    inputTokens: nil,
+                    outputTokens: nil,
+                    cacheReadTokens: nil,
+                    cacheCreationTokens: nil,
+                    totalTokens: 30,
+                    costUSD: 0.30,
+                    modelsUsed: ["gpt-5.3-codex"],
+                    modelBreakdowns: [
+                        CostUsageDailyReport.ModelBreakdown(modelName: "gpt-5.3-codex", costUSD: 0.30, totalTokens: 30),
+                    ]),
+            ],
+            summary: nil)
+        let second = CostUsageDailyReport(
+            data: [
+                CostUsageDailyReport.Entry(
+                    date: "2026-04-05",
+                    inputTokens: nil,
+                    outputTokens: nil,
+                    cacheReadTokens: nil,
+                    cacheCreationTokens: nil,
+                    totalTokens: 40,
+                    costUSD: 0.40,
+                    modelsUsed: ["gpt-5.4", "gpt-5.3-codex"],
+                    modelBreakdowns: [
+                        CostUsageDailyReport.ModelBreakdown(modelName: "gpt-5.4", costUSD: 0.40, totalTokens: 40),
+                        CostUsageDailyReport.ModelBreakdown(modelName: "gpt-5.3-codex", costUSD: 0.00, totalTokens: 0),
+                    ]),
+            ],
+            summary: nil)
+
+        let merged = CostUsageDailyReport.merged([first, second])
+        #expect(merged.data.map(\.date) == ["2026-04-04", "2026-04-05"])
+        #expect(merged.data.last?.modelBreakdowns?.map(\.modelName) == ["gpt-5.4", "gpt-5.3-codex"])
+        #expect(merged.summary?.totalTokens == 70)
+        #expect(abs((merged.summary?.totalCostUSD ?? 0) - 0.70) < 0.000001)
+    }
+
+    @Test
+    func `merged report includes derived totals when another same day entry has explicit total`() {
+        let explicit = CostUsageDailyReport(
+            data: [
+                CostUsageDailyReport.Entry(
+                    date: "2026-04-04",
+                    inputTokens: 70,
+                    outputTokens: 30,
+                    totalTokens: 100,
+                    costUSD: 1.0,
+                    modelsUsed: ["gpt-5.4"],
+                    modelBreakdowns: nil),
+            ],
+            summary: nil)
+        let derived = CostUsageDailyReport(
+            data: [
+                CostUsageDailyReport.Entry(
+                    date: "2026-04-04",
+                    inputTokens: 10,
+                    outputTokens: 5,
+                    cacheReadTokens: 3,
+                    cacheCreationTokens: 2,
+                    totalTokens: nil,
+                    costUSD: 0.25,
+                    modelsUsed: ["gpt-5.3-codex"],
+                    modelBreakdowns: nil),
+            ],
+            summary: nil)
+
+        let merged = CostUsageDailyReport.merged([explicit, derived])
+        #expect(merged.data.first?.totalTokens == 120)
+        #expect(merged.summary?.totalTokens == 120)
+        #expect(abs((merged.data.first?.costUSD ?? 0) - 1.25) < 0.000001)
+    }
+}
diff --git a/Tests/CodexBarTests/CostUsageDecodingTests.swift b/Tests/CodexBarTests/CostUsageDecodingTests.swift
index 178b9e070..5175a0343 100644
--- a/Tests/CodexBarTests/CostUsageDecodingTests.swift
+++ b/Tests/CodexBarTests/CostUsageDecodingTests.swift
@@ -2,10 +2,9 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct CostUsageDecodingTests {
     @Test
-    func decodesDailyReportTypeFormat() throws {
+    func `decodes daily report type format`() throws {
         let json = """
         {
           "type": "daily",
@@ -44,7 +43,7 @@ struct CostUsageDecodingTests {
     }
 
     @Test
-    func decodesDailyReportLegacyFormat() throws {
+    func `decodes daily report legacy format`() throws {
         let json = """
         {
           "daily": [
@@ -80,7 +79,7 @@ struct CostUsageDecodingTests {
     }
 
     @Test
-    func decodesLegacyCacheTokenKeys() throws {
+    func `decodes legacy cache token keys`() throws {
         let json = """
         {
           "type": "daily",
@@ -108,7 +107,7 @@ struct CostUsageDecodingTests {
     }
 
     @Test
-    func decodesDailyReportLegacyFormatWithModelMap() throws {
+    func `decodes daily report legacy format with model map`() throws {
         let json = """
         {
           "daily": [
@@ -119,7 +118,7 @@ struct CostUsageDecodingTests {
               "totalTokens": 30,
               "costUSD": 0.12,
               "models": {
-                "gpt-5.2": {
+                "gpt-5.2-codex": {
                   "inputTokens": 10,
                   "outputTokens": 20,
                   "totalTokens": 30,
@@ -138,11 +137,11 @@ struct CostUsageDecodingTests {
         let report = try JSONDecoder().decode(CostUsageDailyReport.self, from: Data(json.utf8))
         #expect(report.data.count == 1)
         #expect(report.data[0].costUSD == 0.12)
-        #expect(report.data[0].modelsUsed == ["gpt-5.2"])
+        #expect(report.data[0].modelsUsed == ["gpt-5.2-codex"])
     }
 
     @Test
-    func decodesDailyReportLegacyFormatWithModelMapSorted() throws {
+    func `decodes daily report legacy format with model map sorted`() throws {
         let json = """
         {
           "daily": [
@@ -165,7 +164,7 @@ struct CostUsageDecodingTests {
     }
 
     @Test
-    func decodesDailyReportLegacyFormatWithEmptyModelMapAsNil() throws {
+    func `decodes daily report legacy format with empty model map as nil`() throws {
         let json = """
         {
           "daily": [
@@ -184,7 +183,7 @@ struct CostUsageDecodingTests {
     }
 
     @Test
-    func decodesDailyReportLegacyFormatPrefersModelsUsedListOverModelsMap() throws {
+    func `decodes daily report legacy format prefers models used list over models map`() throws {
         let json = """
         {
           "daily": [
@@ -192,7 +191,7 @@ struct CostUsageDecodingTests {
               "date": "Dec 20, 2025",
               "totalTokens": 30,
               "costUSD": 0.12,
-              "modelsUsed": ["gpt-5.2"],
+              "modelsUsed": ["gpt-5.2-codex"],
               "models": {
                 "ignored-model": { "totalTokens": 30 }
               }
@@ -202,11 +201,11 @@ struct CostUsageDecodingTests {
         """
 
         let report = try JSONDecoder().decode(CostUsageDailyReport.self, from: Data(json.utf8))
-        #expect(report.data[0].modelsUsed == ["gpt-5.2"])
+        #expect(report.data[0].modelsUsed == ["gpt-5.2-codex"])
     }
 
     @Test
-    func decodesDailyReportLegacyFormatWithModelsList() throws {
+    func `decodes daily report legacy format with models list`() throws {
         let json = """
         {
           "daily": [
@@ -214,18 +213,46 @@ struct CostUsageDecodingTests {
               "date": "Dec 20, 2025",
               "totalTokens": 30,
               "costUSD": 0.12,
-              "models": ["gpt-5.2", "gpt-5.2-mini"]
+              "models": ["gpt-5.2-codex", "gpt-5.2-mini"]
             }
           ]
         }
         """
 
         let report = try JSONDecoder().decode(CostUsageDailyReport.self, from: Data(json.utf8))
-        #expect(report.data[0].modelsUsed == ["gpt-5.2", "gpt-5.2-mini"])
+        #expect(report.data[0].modelsUsed == ["gpt-5.2-codex", "gpt-5.2-mini"])
     }
 
     @Test
-    func decodesDailyReportLegacyFormatWithInvalidModelsField() throws {
+    func `decodes model breakdown total tokens`() throws {
+        let json = """
+        {
+          "type": "daily",
+          "data": [
+            {
+              "date": "2025-12-20",
+              "totalTokens": 30,
+              "costUSD": 0.12,
+              "modelBreakdowns": [
+                {
+                  "modelName": "gpt-5.2-codex",
+                  "costUSD": 0.12,
+                  "totalTokens": 30
+                }
+              ]
+            }
+          ]
+        }
+        """
+
+        let report = try JSONDecoder().decode(CostUsageDailyReport.self, from: Data(json.utf8))
+        #expect(report.data[0].modelBreakdowns == [
+            CostUsageDailyReport.ModelBreakdown(modelName: "gpt-5.2-codex", costUSD: 0.12, totalTokens: 30),
+        ])
+    }
+
+    @Test
+    func `decodes daily report legacy format with invalid models field`() throws {
         let json = """
         {
           "daily": [
@@ -244,7 +271,7 @@ struct CostUsageDecodingTests {
     }
 
     @Test
-    func decodesMonthlyReportLegacyFormat() throws {
+    func `decodes monthly report legacy format`() throws {
         let json = """
         {
           "monthly": [
@@ -269,7 +296,7 @@ struct CostUsageDecodingTests {
     }
 
     @Test
-    func selectsMostRecentSession() throws {
+    func `selects most recent session`() throws {
         let json = """
         {
           "type": "session",
@@ -305,7 +332,7 @@ struct CostUsageDecodingTests {
     }
 
     @Test
-    func tokenSnapshotSelectsMostRecentDay() throws {
+    func `token snapshot selects most recent day`() throws {
         let json = """
         {
           "type": "daily",
@@ -338,7 +365,7 @@ struct CostUsageDecodingTests {
     }
 
     @Test
-    func tokenSnapshotUsesSummaryTotalCostWhenAvailable() throws {
+    func `token snapshot uses summary total cost when available`() throws {
         let json = """
         {
           "type": "daily",
@@ -358,7 +385,7 @@ struct CostUsageDecodingTests {
     }
 
     @Test
-    func tokenSnapshotFallsBackToSummedEntriesWhenSummaryMissing() throws {
+    func `token snapshot falls back to summed entries when summary missing`() throws {
         let json = """
         {
           "type": "daily",
@@ -375,7 +402,7 @@ struct CostUsageDecodingTests {
     }
 
     @Test
-    func tokenSnapshotReturnsNilTotalWhenNoCostsPresent() throws {
+    func `token snapshot returns nil total when no costs present`() throws {
         let json = """
         {
           "type": "daily",
diff --git a/Tests/CodexBarTests/CostUsageFetcherTests.swift b/Tests/CodexBarTests/CostUsageFetcherTests.swift
new file mode 100644
index 000000000..d58c63a37
--- /dev/null
+++ b/Tests/CodexBarTests/CostUsageFetcherTests.swift
@@ -0,0 +1,867 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct CostUsageFetcherTests {
+    @Test
+    func `fetcher scopes codex history to selected codex home`() async throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 4, day: 8)
+        let otherHome = env.root.appendingPathComponent("other-codex-home", isDirectory: true)
+        try Self.writeCodexSessionFile(
+            homeRoot: env.codexHomeRoot,
+            env: env,
+            day: day,
+            filename: "ambient.jsonl",
+            tokens: 100)
+        try Self.writeCodexSessionFile(homeRoot: otherHome, env: env, day: day, filename: "managed.jsonl", tokens: 10)
+
+        let options = CostUsageScanner.Options(cacheRoot: env.cacheRoot)
+        let ambient = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: day,
+            codexHomePath: env.codexHomeRoot.path,
+            scannerOptions: options)
+        let managed = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: day,
+            codexHomePath: otherHome.path,
+            scannerOptions: options)
+
+        #expect(ambient.sessionTokens == 100)
+        #expect(managed.sessionTokens == 10)
+    }
+
+    @Test
+    func `fetcher refreshes codex cache when legacy roots metadata is missing`() async throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 4, day: 8)
+        let managedHome = env.root.appendingPathComponent("managed-codex-home", isDirectory: true)
+        try Self.writeCodexSessionFile(
+            homeRoot: env.codexHomeRoot,
+            env: env,
+            day: day,
+            filename: "ambient.jsonl",
+            tokens: 100)
+        try Self.writeCodexSessionFile(homeRoot: managedHome, env: env, day: day, filename: "managed.jsonl", tokens: 10)
+
+        let options = CostUsageScanner.Options(cacheRoot: env.cacheRoot)
+        let piOptions = PiSessionCostScanner.Options(piSessionsRoot: env.piSessionsRoot, cacheRoot: env.cacheRoot)
+        let ambient = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: day,
+            codexHomePath: env.codexHomeRoot.path,
+            scannerOptions: options,
+            piScannerOptions: piOptions)
+        #expect(ambient.sessionTokens == 100)
+
+        var cache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+        cache.roots = nil
+        CostUsageCacheIO.save(provider: .codex, cache: cache, cacheRoot: env.cacheRoot)
+
+        let managed = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: day.addingTimeInterval(1),
+            codexHomePath: managedHome.path,
+            scannerOptions: options,
+            piScannerOptions: piOptions)
+
+        #expect(managed.sessionTokens == 10)
+    }
+
+    @Test
+    func `fetcher refreshes codex cache when history window expands`() async throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let oldDay = try env.makeLocalNoon(year: 2026, month: 4, day: 2)
+        let newDay = try env.makeLocalNoon(year: 2026, month: 4, day: 8)
+        try Self.writeCodexSessionFile(
+            homeRoot: env.codexHomeRoot,
+            env: env,
+            day: oldDay,
+            filename: "old.jsonl",
+            tokens: 15)
+        try Self.writeCodexSessionFile(
+            homeRoot: env.codexHomeRoot,
+            env: env,
+            day: newDay,
+            filename: "new.jsonl",
+            tokens: 30)
+
+        var options = CostUsageScanner.Options(cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 3600
+
+        let narrow = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: newDay,
+            codexHomePath: env.codexHomeRoot.path,
+            historyDays: 1,
+            scannerOptions: options)
+        #expect(narrow.daily.map(\.date) == ["2026-04-08"])
+        #expect(narrow.last30DaysTokens == 30)
+
+        var legacyCache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+        legacyCache.scanSinceKey = nil
+        legacyCache.scanUntilKey = nil
+        CostUsageCacheIO.save(provider: .codex, cache: legacyCache, cacheRoot: env.cacheRoot)
+
+        let expanded = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: newDay.addingTimeInterval(1),
+            codexHomePath: env.codexHomeRoot.path,
+            historyDays: 7,
+            scannerOptions: options)
+        #expect(expanded.daily.map(\.date) == ["2026-04-02", "2026-04-08"])
+        #expect(expanded.last30DaysTokens == 45)
+    }
+
+    @Test
+    func `fetcher resolves fork parent outside requested codex window`() async throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let parentDay = try env.makeLocalNoon(year: 2026, month: 4, day: 2)
+        let childDay = try env.makeLocalNoon(year: 2026, month: 4, day: 8)
+        let model = "openai/gpt-5.4"
+        let parentID = "parent-session"
+        let parentTimestamp = env.isoString(for: parentDay.addingTimeInterval(1))
+        let childTimestamp = env.isoString(for: childDay.addingTimeInterval(1))
+        _ = try env.writeCodexSessionFile(
+            day: parentDay,
+            filename: "parent.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "timestamp": env.isoString(for: parentDay),
+                    "payload": ["session_id": parentID],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": parentTimestamp,
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "model": model,
+                            "total_token_usage": [
+                                "input_tokens": 100,
+                                "cached_input_tokens": 0,
+                                "output_tokens": 0,
+                            ],
+                        ],
+                    ],
+                ],
+            ]))
+        _ = try env.writeCodexSessionFile(
+            day: childDay,
+            filename: "child.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "timestamp": env.isoString(for: childDay),
+                    "payload": [
+                        "session_id": "child-session",
+                        "forked_from_id": parentID,
+                        "timestamp": parentTimestamp,
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": childTimestamp,
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "model": model,
+                            "total_token_usage": [
+                                "input_tokens": 125,
+                                "cached_input_tokens": 0,
+                                "output_tokens": 5,
+                            ],
+                        ],
+                    ],
+                ],
+            ]))
+
+        let options = CostUsageScanner.Options(cacheRoot: env.cacheRoot)
+        let snapshot = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: childDay,
+            codexHomePath: env.codexHomeRoot.path,
+            historyDays: 1,
+            scannerOptions: options)
+
+        #expect(snapshot.daily.map(\.date) == ["2026-04-08"])
+        #expect(snapshot.last30DaysTokens == 30)
+    }
+
+    @Test
+    func `force refresh only scans requested codex date window`() async throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let oldDay = try env.makeLocalNoon(year: 2026, month: 3, day: 1)
+        let newDay = try env.makeLocalNoon(year: 2026, month: 4, day: 8)
+        let oldURL = try env.writeCodexSessionFile(
+            day: oldDay,
+            filename: "old.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: oldDay),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "model": "openai/gpt-5.4",
+                            "last_token_usage": [
+                                "input_tokens": 10,
+                                "cached_input_tokens": 0,
+                                "output_tokens": 0,
+                            ],
+                        ],
+                    ],
+                ],
+            ]))
+        try FileManager.default.setAttributes([.modificationDate: oldDay], ofItemAtPath: oldURL.path)
+        _ = try env.writeCodexSessionFile(
+            day: newDay,
+            filename: "new.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: newDay),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "model": "openai/gpt-5.4",
+                            "last_token_usage": [
+                                "input_tokens": 30,
+                                "cached_input_tokens": 0,
+                                "output_tokens": 0,
+                            ],
+                        ],
+                    ],
+                ],
+            ]))
+
+        let options = CostUsageScanner.Options(
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: env.root.appendingPathComponent("missing-traces.sqlite"))
+        let snapshot = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: newDay,
+            forceRefresh: true,
+            codexHomePath: env.codexHomeRoot.path,
+            historyDays: 1,
+            scannerOptions: options)
+        let cache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+        let cacheFileExists = FileManager.default.fileExists(
+            atPath: CostUsageCacheIO.cacheFileURL(provider: .codex, cacheRoot: env.cacheRoot).path)
+
+        #expect(snapshot.daily.map(\.date) == ["2026-04-08"])
+        #expect(snapshot.last30DaysTokens == 30)
+        #expect(cacheFileExists)
+        #expect(cache.files.keys.sorted().map(URL.init(fileURLWithPath:)).map(\.lastPathComponent) == ["new.jsonl"])
+    }
+
+    @Test
+    func `narrow codex refresh preserves wider cache window`() async throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let oldDay = try env.makeLocalNoon(year: 2026, month: 4, day: 2)
+        let newDay = try env.makeLocalNoon(year: 2026, month: 4, day: 8)
+        _ = try env.writeCodexSessionFile(
+            day: oldDay,
+            filename: "old.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: oldDay),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "model": "openai/gpt-5.4",
+                            "last_token_usage": [
+                                "input_tokens": 15,
+                                "cached_input_tokens": 0,
+                                "output_tokens": 0,
+                            ],
+                        ],
+                    ],
+                ],
+            ]))
+        _ = try env.writeCodexSessionFile(
+            day: newDay,
+            filename: "new.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: newDay),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "model": "openai/gpt-5.4",
+                            "last_token_usage": [
+                                "input_tokens": 30,
+                                "cached_input_tokens": 0,
+                                "output_tokens": 0,
+                            ],
+                        ],
+                    ],
+                ],
+            ]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: env.root.appendingPathComponent("missing-traces.sqlite"))
+        options.refreshMinIntervalSeconds = 0
+        _ = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: newDay,
+            until: newDay,
+            now: newDay,
+            options: options)
+        let wide = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: newDay.addingTimeInterval(1),
+            codexHomePath: env.codexHomeRoot.path,
+            historyDays: 7,
+            refreshPricingInBackground: false,
+            scannerOptions: options)
+        let narrow = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: newDay.addingTimeInterval(2),
+            codexHomePath: env.codexHomeRoot.path,
+            historyDays: 1,
+            refreshPricingInBackground: false,
+            scannerOptions: options)
+        let cache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+
+        #expect(wide.last30DaysTokens == 45)
+        #expect(narrow.last30DaysTokens == 30)
+        #expect(cache.files.keys.map(URL.init(fileURLWithPath:)).map(\.lastPathComponent).sorted() == [
+            "new.jsonl",
+            "old.jsonl",
+        ])
+        #expect(cache.scanSinceKey == "2026-04-01")
+        #expect(cache.scanUntilKey == "2026-04-09")
+    }
+
+    @Test
+    func `force codex rescan narrows cache window to refreshed range`() async throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let oldDay = try env.makeLocalNoon(year: 2026, month: 4, day: 2)
+        let newDay = try env.makeLocalNoon(year: 2026, month: 4, day: 8)
+        _ = try env.writeCodexSessionFile(
+            day: oldDay,
+            filename: "old.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: oldDay),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "model": "openai/gpt-5.4",
+                            "last_token_usage": [
+                                "input_tokens": 15,
+                                "cached_input_tokens": 0,
+                                "output_tokens": 0,
+                            ],
+                        ],
+                    ],
+                ],
+            ]))
+        _ = try env.writeCodexSessionFile(
+            day: newDay,
+            filename: "new.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: newDay),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "model": "openai/gpt-5.4",
+                            "last_token_usage": [
+                                "input_tokens": 30,
+                                "cached_input_tokens": 0,
+                                "output_tokens": 0,
+                            ],
+                        ],
+                    ],
+                ],
+            ]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: env.root.appendingPathComponent("missing-traces.sqlite"))
+        options.refreshMinIntervalSeconds = 0
+        _ = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: newDay,
+            codexHomePath: env.codexHomeRoot.path,
+            historyDays: 7,
+            refreshPricingInBackground: false,
+            scannerOptions: options)
+
+        var rescanOptions = options
+        rescanOptions.forceRescan = true
+        _ = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: newDay,
+            until: newDay,
+            now: newDay.addingTimeInterval(1),
+            options: rescanOptions)
+        let cache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+
+        #expect(cache.files.keys.map(URL.init(fileURLWithPath:)).map(\.lastPathComponent).sorted() == ["new.jsonl"])
+        #expect(cache.scanSinceKey == "2026-04-07")
+        #expect(cache.scanUntilKey == "2026-04-09")
+    }
+
+    @Test
+    func `codex refresh drops stale cache entry when session moves to archive`() async throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 4, day: 8)
+        let contents = try env.jsonl([
+            [
+                "type": "session_meta",
+                "timestamp": env.isoString(for: day),
+                "payload": ["session_id": "moved-session"],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: day.addingTimeInterval(1)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "model": "openai/gpt-5.4",
+                        "last_token_usage": [
+                            "input_tokens": 30,
+                            "cached_input_tokens": 0,
+                            "output_tokens": 0,
+                        ],
+                    ],
+                ],
+            ],
+        ])
+        let originalURL = try env.writeCodexSessionFile(day: day, filename: "moved.jsonl", contents: contents)
+
+        var options = CostUsageScanner.Options(cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+        let first = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: day,
+            codexHomePath: env.codexHomeRoot.path,
+            historyDays: 1,
+            scannerOptions: options)
+
+        let archivedURL = env.codexArchivedSessionsRoot.appendingPathComponent("moved.jsonl", isDirectory: false)
+        try FileManager.default.moveItem(at: originalURL, to: archivedURL)
+
+        let second = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: day.addingTimeInterval(1),
+            codexHomePath: env.codexHomeRoot.path,
+            historyDays: 1,
+            scannerOptions: options)
+        let cache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+
+        #expect(first.last30DaysTokens == 30)
+        #expect(second.last30DaysTokens == 30)
+        #expect(cache.files.count == 1)
+        #expect(cache.files.keys.first.map { URL(fileURLWithPath: $0).resolvingSymlinksInPath().path } ==
+            archivedURL.resolvingSymlinksInPath().path)
+    }
+
+    @Test
+    func `fetcher merges native and pi codex history with normalized model names`() async throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 4, day: 8)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+
+        let nativeTurnContext: [String: Any] = [
+            "type": "turn_context",
+            "timestamp": iso0,
+            "payload": [
+                "model": "openai/gpt-5.4",
+            ],
+        ]
+        let nativeTokenCount: [String: Any] = [
+            "type": "event_msg",
+            "timestamp": iso1,
+            "payload": [
+                "type": "token_count",
+                "info": [
+                    "total_token_usage": [
+                        "input_tokens": 100,
+                        "cached_input_tokens": 20,
+                        "output_tokens": 10,
+                    ],
+                    "model": "openai/gpt-5.4",
+                ],
+            ],
+        ]
+        _ = try env.writeCodexSessionFile(
+            day: day,
+            filename: "session.jsonl",
+            contents: env.jsonl([nativeTurnContext, nativeTokenCount]))
+
+        let piAssistant: [String: Any] = [
+            "type": "message",
+            "timestamp": iso1,
+            "message": [
+                "role": "assistant",
+                "provider": "openai-codex",
+                "model": "openai/gpt-5.4",
+                "timestamp": Int(day.timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 50,
+                    "cacheRead": 5,
+                    "output": 5,
+                    "totalTokens": 60,
+                ],
+            ],
+        ]
+        _ = try env.writePiSessionFile(
+            relativePath: "2026-04-08T10-00-00-000Z_test.jsonl",
+            contents: env.jsonl([piAssistant]))
+
+        let nativeOptions = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: [env.claudeProjectsRoot],
+            cacheRoot: env.cacheRoot)
+        let piOptions = PiSessionCostScanner.Options(
+            piSessionsRoot: env.piSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            refreshMinIntervalSeconds: 0)
+
+        let snapshot = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: day,
+            scannerOptions: nativeOptions,
+            piScannerOptions: piOptions)
+
+        let nativeCost = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.4",
+            inputTokens: 100,
+            cachedInputTokens: 20,
+            outputTokens: 10) ?? 0
+        let piCost = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.4",
+            inputTokens: 55,
+            cachedInputTokens: 5,
+            outputTokens: 5) ?? 0
+
+        #expect(snapshot.daily.count == 1)
+        #expect(snapshot.daily.first?.date == "2026-04-08")
+        #expect(snapshot.daily.first?.totalTokens == 170)
+        #expect(abs((snapshot.daily.first?.costUSD ?? 0) - (nativeCost + piCost)) < 0.000001)
+        #expect(snapshot.daily.first?.modelBreakdowns == [
+            CostUsageDailyReport.ModelBreakdown(
+                modelName: "gpt-5.4",
+                costUSD: nativeCost + piCost,
+                totalTokens: 170),
+        ])
+    }
+
+    @Test
+    func `fetcher merges native and pi claude history and ignores unsupported pi providers`() async throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 4, day: 9)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+
+        let nativeAssistant: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso0,
+            "message": [
+                "model": "anthropic.foo.claude-sonnet-4-6-v1:0",
+                "usage": [
+                    "input_tokens": 100,
+                    "cache_creation_input_tokens": 10,
+                    "cache_read_input_tokens": 5,
+                    "output_tokens": 20,
+                ],
+            ],
+        ]
+        _ = try env.writeClaudeProjectFile(
+            relativePath: "project-a/session.jsonl",
+            contents: env.jsonl([nativeAssistant]))
+
+        let supportedPiAssistant: [String: Any] = [
+            "type": "message",
+            "timestamp": iso1,
+            "message": [
+                "role": "assistant",
+                "provider": "anthropic",
+                "model": "claude-sonnet-4-6",
+                "timestamp": Int(day.addingTimeInterval(60).timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 50,
+                    "cacheRead": 4,
+                    "cacheWrite": 6,
+                    "output": 10,
+                    "totalTokens": 70,
+                ],
+            ],
+        ]
+        let unsupportedPiAssistant: [String: Any] = [
+            "type": "message",
+            "timestamp": iso1,
+            "message": [
+                "role": "assistant",
+                "provider": "openrouter",
+                "model": "claude-sonnet-4-6",
+                "timestamp": Int(day.addingTimeInterval(120).timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 999,
+                    "output": 1,
+                    "totalTokens": 1000,
+                ],
+            ],
+        ]
+        _ = try env.writePiSessionFile(
+            relativePath: "2026-04-09T10-00-00-000Z_test.jsonl",
+            contents: env.jsonl([supportedPiAssistant, unsupportedPiAssistant]))
+
+        let nativeOptions = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: [env.claudeProjectsRoot],
+            cacheRoot: env.cacheRoot)
+        let piOptions = PiSessionCostScanner.Options(
+            piSessionsRoot: env.piSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            refreshMinIntervalSeconds: 0)
+
+        let snapshot = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .claude,
+            now: day,
+            scannerOptions: nativeOptions,
+            piScannerOptions: piOptions)
+
+        let nativeCost = CostUsagePricing.claudeCostUSD(
+            model: "claude-sonnet-4-6",
+            inputTokens: 100,
+            cacheReadInputTokens: 5,
+            cacheCreationInputTokens: 10,
+            outputTokens: 20) ?? 0
+        let piCost = CostUsagePricing.claudeCostUSD(
+            model: "claude-sonnet-4-6",
+            inputTokens: 50,
+            cacheReadInputTokens: 4,
+            cacheCreationInputTokens: 6,
+            outputTokens: 10) ?? 0
+
+        #expect(snapshot.daily.count == 1)
+        #expect(snapshot.daily.first?.date == "2026-04-09")
+        #expect(snapshot.daily.first?.totalTokens == 205)
+        #expect(abs((snapshot.daily.first?.costUSD ?? 0) - (nativeCost + piCost)) < 0.000001)
+        #expect(snapshot.daily.first?.modelBreakdowns == [
+            CostUsageDailyReport.ModelBreakdown(
+                modelName: "claude-sonnet-4-6",
+                costUSD: nativeCost + piCost,
+                totalTokens: 205),
+        ])
+    }
+
+    @Test
+    func `fetcher prefers turn context model over token count fallback`() async throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 4, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+
+        let nativeTurnContext: [String: Any] = [
+            "type": "turn_context",
+            "timestamp": iso0,
+            "payload": [
+                "model": "openai/gpt-5.4",
+            ],
+        ]
+        let nativeTokenCount: [String: Any] = [
+            "type": "event_msg",
+            "timestamp": iso1,
+            "payload": [
+                "type": "token_count",
+                "info": [
+                    "model": "gpt-5",
+                    "total_token_usage": [
+                        "input_tokens": 100,
+                        "cached_input_tokens": 20,
+                        "output_tokens": 10,
+                    ],
+                ],
+            ],
+        ]
+        _ = try env.writeCodexSessionFile(
+            day: day,
+            filename: "session.jsonl",
+            contents: env.jsonl([nativeTurnContext, nativeTokenCount]))
+
+        let nativeOptions = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: [env.claudeProjectsRoot],
+            cacheRoot: env.cacheRoot)
+        let piOptions = PiSessionCostScanner.Options(
+            piSessionsRoot: env.piSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            refreshMinIntervalSeconds: 0)
+
+        let snapshot = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: day,
+            scannerOptions: nativeOptions,
+            piScannerOptions: piOptions)
+        let cost = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.4",
+            inputTokens: 100,
+            cachedInputTokens: 20,
+            outputTokens: 10) ?? 0
+
+        #expect(snapshot.daily.first?.modelBreakdowns == [
+            CostUsageDailyReport.ModelBreakdown(
+                modelName: "gpt-5.4",
+                costUSD: cost,
+                totalTokens: 110),
+        ])
+    }
+
+    @Test
+    func `force refresh keeps incremental cost cache`() async throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 4, day: 11)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let iso2 = env.isoString(for: day.addingTimeInterval(2))
+        let model = "openai/gpt-5.4"
+
+        let turnContext: [String: Any] = [
+            "type": "turn_context",
+            "timestamp": iso0,
+            "payload": ["model": model],
+        ]
+        let firstTokenCount: [String: Any] = [
+            "type": "event_msg",
+            "timestamp": iso1,
+            "payload": [
+                "type": "token_count",
+                "info": [
+                    "model": model,
+                    "total_token_usage": [
+                        "input_tokens": 100,
+                        "cached_input_tokens": 20,
+                        "output_tokens": 10,
+                    ],
+                ],
+            ],
+        ]
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "session.jsonl",
+            contents: env.jsonl([turnContext, firstTokenCount]))
+
+        let nativeOptions = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: [env.claudeProjectsRoot],
+            cacheRoot: env.cacheRoot)
+        let piOptions = PiSessionCostScanner.Options(
+            piSessionsRoot: env.piSessionsRoot,
+            cacheRoot: env.cacheRoot)
+
+        let first = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: day,
+            scannerOptions: nativeOptions,
+            piScannerOptions: piOptions)
+        #expect(first.daily.first?.totalTokens == 110)
+
+        let appendedTokenCount: [String: Any] = [
+            "type": "event_msg",
+            "timestamp": iso2,
+            "payload": [
+                "type": "token_count",
+                "info": [
+                    "model": model,
+                    "total_token_usage": [
+                        "input_tokens": 160,
+                        "cached_input_tokens": 40,
+                        "output_tokens": 16,
+                    ],
+                ],
+            ],
+        ]
+        try env.jsonl([turnContext, firstTokenCount, appendedTokenCount])
+            .write(to: fileURL, atomically: true, encoding: .utf8)
+
+        let refreshed = try await CostUsageFetcher.loadTokenSnapshot(
+            provider: .codex,
+            now: day,
+            forceRefresh: true,
+            scannerOptions: nativeOptions,
+            piScannerOptions: piOptions)
+
+        #expect(refreshed.daily.first?.totalTokens == 176)
+    }
+
+    private static func writeCodexSessionFile(
+        homeRoot: URL,
+        env: CostUsageTestEnvironment,
+        day: Date,
+        filename: String,
+        tokens: Int) throws
+    {
+        let comps = Calendar.current.dateComponents([.year, .month, .day], from: day)
+        let dir = homeRoot
+            .appendingPathComponent("sessions", isDirectory: true)
+            .appendingPathComponent(String(format: "%04d", comps.year ?? 1970), isDirectory: true)
+            .appendingPathComponent(String(format: "%02d", comps.month ?? 1), isDirectory: true)
+            .appendingPathComponent(String(format: "%02d", comps.day ?? 1), isDirectory: true)
+        try FileManager.default.createDirectory(at: dir, withIntermediateDirectories: true)
+
+        let model = "openai/gpt-5.4"
+        let url = dir.appendingPathComponent(filename, isDirectory: false)
+        try env.jsonl([
+            [
+                "type": "turn_context",
+                "timestamp": env.isoString(for: day),
+                "payload": ["model": model],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: day.addingTimeInterval(1)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "last_token_usage": [
+                            "input_tokens": tokens,
+                            "cached_input_tokens": 0,
+                            "output_tokens": 0,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+        ]).write(to: url, atomically: true, encoding: .utf8)
+    }
+}
diff --git a/Tests/CodexBarTests/CostUsageJsonlPerformanceTests.swift b/Tests/CodexBarTests/CostUsageJsonlPerformanceTests.swift
index 7e08ae0fe..70c3c14f0 100644
--- a/Tests/CodexBarTests/CostUsageJsonlPerformanceTests.swift
+++ b/Tests/CodexBarTests/CostUsageJsonlPerformanceTests.swift
@@ -5,7 +5,7 @@ import Testing
 @Suite(.serialized)
 struct CostUsageJsonlPerformanceTests {
     @Test
-    func scannerBenchmarkBeatsFrontBufferBaseline() throws {
+    func `scanner benchmark beats front buffer baseline`() throws {
         let root = FileManager.default.temporaryDirectory.appendingPathComponent(
             "codexbar-cost-usage-bench-\(UUID().uuidString)",
             isDirectory: true)
@@ -62,7 +62,10 @@ struct CostUsageJsonlPerformanceTests {
             scanner: scanWithFrontBufferBaseline)
 
         let speedup = Double(baselineFastest) / Double(currentFastest)
-        #expect(speedup >= 5.0)
+        print(
+            "Cost usage JSONL scanner benchmark: current=\(currentFastest)ns " +
+                "baseline=\(baselineFastest)ns speedup=\(String(format: "%.2f", speedup))x")
+        #expect(currentFastest < baselineFastest)
     }
 }
 
diff --git a/Tests/CodexBarTests/CostUsageJsonlScannerTests.swift b/Tests/CodexBarTests/CostUsageJsonlScannerTests.swift
new file mode 100644
index 000000000..0bf27a4cf
--- /dev/null
+++ b/Tests/CodexBarTests/CostUsageJsonlScannerTests.swift
@@ -0,0 +1,68 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct CostUsageJsonlScannerTests {
+    @Test
+    func `jsonl scanner handles lines across read chunks`() throws {
+        let root = try self.makeTemporaryRoot()
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let fileURL = root.appendingPathComponent("large-lines.jsonl", isDirectory: false)
+        let largeLine = String(repeating: "x", count: 300_000)
+        let contents = "\(largeLine)\nsmall\n"
+        try contents.write(to: fileURL, atomically: true, encoding: .utf8)
+
+        var scanned: [(count: Int, truncated: Bool)] = []
+        let endOffset = try CostUsageJsonl.scan(
+            fileURL: fileURL,
+            maxLineBytes: 400_000,
+            prefixBytes: 400_000)
+        { line in
+            scanned.append((line.bytes.count, line.wasTruncated))
+        }
+
+        #expect(endOffset == Int64(Data(contents.utf8).count))
+        #expect(scanned.count == 2)
+        #expect(scanned[0].count == 300_000)
+        #expect(scanned[0].truncated == false)
+        #expect(scanned[1].count == 5)
+        #expect(scanned[1].truncated == false)
+    }
+
+    @Test
+    func `jsonl scanner retains prefix for truncated lines`() throws {
+        let root = try self.makeTemporaryRoot()
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let fileURL = root.appendingPathComponent("truncated-lines.jsonl", isDirectory: false)
+        let shortLine = "ok"
+        let longLine = String(repeating: "a", count: 2000)
+        let contents = "\(shortLine)\n\(longLine)\n"
+        try contents.write(to: fileURL, atomically: true, encoding: .utf8)
+
+        var scanned: [CostUsageJsonl.Line] = []
+        _ = try CostUsageJsonl.scan(
+            fileURL: fileURL,
+            maxLineBytes: 10000,
+            prefixBytes: 64)
+        { line in
+            scanned.append(line)
+        }
+
+        #expect(scanned.count == 2)
+        #expect(String(data: scanned[0].bytes, encoding: .utf8) == "ok")
+        #expect(scanned[0].wasTruncated == false)
+        #expect(scanned[1].bytes.count == 64)
+        #expect(String(data: scanned[1].bytes, encoding: .utf8) == String(repeating: "a", count: 64))
+        #expect(scanned[1].wasTruncated == true)
+    }
+
+    private func makeTemporaryRoot() throws -> URL {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(
+            "codexbar-cost-usage-jsonl-\(UUID().uuidString)",
+            isDirectory: true)
+        try FileManager.default.createDirectory(at: root, withIntermediateDirectories: true)
+        return root
+    }
+}
diff --git a/Tests/CodexBarTests/CostUsageJsonlShapeBenchmarkTests.swift b/Tests/CodexBarTests/CostUsageJsonlShapeBenchmarkTests.swift
new file mode 100644
index 000000000..b8d302436
--- /dev/null
+++ b/Tests/CodexBarTests/CostUsageJsonlShapeBenchmarkTests.swift
@@ -0,0 +1,407 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct CostUsageJsonlShapeBenchmarkTests {
+    @Test
+    func `scanner benchmark covers codex session history shape`() throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(
+            "codexbar-cost-jsonl-shape-\(UUID().uuidString)",
+            isDirectory: true)
+        try FileManager.default.createDirectory(at: root, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let divisor = Self.shapeDivisor()
+        let plan = CodexJsonlShapePlan.localThirtyDaySample.scaled(divisor: divisor)
+        let fileURL = root.appendingPathComponent("codex-shape.jsonl", isDirectory: false)
+        let fixture = try CodexJsonlShapeFixture.write(plan: plan, to: fileURL)
+
+        let maxLineBytes = 256 * 1024
+        let prefixBytes = 32 * 1024
+
+        let currentSummary = try self.summarizeScan(
+            fileURL: fileURL,
+            maxLineBytes: maxLineBytes,
+            prefixBytes: prefixBytes,
+            scanner: CostUsageJsonl.scan)
+        let baselineSummary = try self.summarizeScan(
+            fileURL: fileURL,
+            maxLineBytes: maxLineBytes,
+            prefixBytes: prefixBytes,
+            scanner: self.scanWithFrontBufferBaseline)
+
+        #expect(currentSummary.lineCount == fixture.lineCount)
+        #expect(currentSummary.truncatedCount == fixture.truncatedLineCount)
+        #expect(currentSummary.endOffset == fixture.byteCount)
+        #expect(baselineSummary.lineCount == currentSummary.lineCount)
+        #expect(baselineSummary.truncatedCount == currentSummary.truncatedCount)
+        #expect(baselineSummary.endOffset == currentSummary.endOffset)
+
+        _ = try self.summarizeScan(
+            fileURL: fileURL,
+            maxLineBytes: maxLineBytes,
+            prefixBytes: prefixBytes,
+            scanner: CostUsageJsonl.scan)
+        _ = try self.summarizeScan(
+            fileURL: fileURL,
+            maxLineBytes: maxLineBytes,
+            prefixBytes: prefixBytes,
+            scanner: self.scanWithFrontBufferBaseline)
+
+        let currentFastest = try self.fastestScanDurationNanoseconds(
+            runs: 3,
+            fileURL: fileURL,
+            maxLineBytes: maxLineBytes,
+            prefixBytes: prefixBytes,
+            scanner: CostUsageJsonl.scan)
+        let baselineFastest = try self.fastestScanDurationNanoseconds(
+            runs: 3,
+            fileURL: fileURL,
+            maxLineBytes: maxLineBytes,
+            prefixBytes: prefixBytes,
+            scanner: self.scanWithFrontBufferBaseline)
+
+        let currentMBps = Self.megabytesPerSecond(byteCount: fixture.byteCount, nanoseconds: currentFastest)
+        let baselineMBps = Self.megabytesPerSecond(byteCount: fixture.byteCount, nanoseconds: baselineFastest)
+        let speedup = Double(baselineFastest) / Double(currentFastest)
+        print(
+            "Codex JSONL shape benchmark: divisor=\(divisor) " +
+                "bytes=\(fixture.byteCount) lines=\(fixture.lineCount) " +
+                "truncated=\(fixture.truncatedLineCount) " +
+                "current=\(Self.format(currentMBps))MB/s " +
+                "baseline=\(Self.format(baselineMBps))MB/s " +
+                "speedup=\(Self.format(speedup))x")
+    }
+
+    @Test
+    func `synthetic codex rows preserve model attribution`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 18)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let iso2 = env.isoString(for: day.addingTimeInterval(2))
+        let model = "openai/gpt-5.5"
+        let turnContext: [String: Any] = [
+            "type": "turn_context",
+            "timestamp": iso0,
+            "payload": [
+                "model": model,
+                "instructions": "synthetic",
+            ],
+        ]
+        let firstTokenCount = self.tokenCountWithoutModel(
+            timestamp: iso1,
+            input: 100,
+            cached: 40,
+            output: 10)
+        let secondTokenCount = self.tokenCountWithoutModel(
+            timestamp: iso2,
+            input: 50,
+            cached: 20,
+            output: 5)
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "synthetic-attribution.jsonl",
+            contents: env.jsonl([turnContext, firstTokenCount, secondTokenCount]))
+
+        let parsed = CostUsageScanner.parseCodexFile(
+            fileURL: fileURL,
+            range: CostUsageScanner.CostUsageDayRange(since: day, until: day))
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+
+        #expect(parsed.days[dayKey]?["gpt-5.5"] == [150, 60, 15])
+        #expect(parsed.days[dayKey]?["gpt-5"] == nil)
+    }
+
+    private static func shapeDivisor() -> Int {
+        let value = ProcessInfo.processInfo.environment["CODEXBAR_COST_JSONL_SHAPE_DIVISOR"] ?? "20"
+        return max(1, Int(value) ?? 20)
+    }
+
+    private static func megabytesPerSecond(byteCount: Int64, nanoseconds: UInt64) -> Double {
+        let seconds = Double(nanoseconds) / 1_000_000_000
+        guard seconds > 0 else { return 0 }
+        return (Double(byteCount) / 1_000_000) / seconds
+    }
+
+    private static func format(_ value: Double) -> String {
+        String(format: "%.1f", value)
+    }
+
+    private func tokenCountWithoutModel(timestamp: String, input: Int, cached: Int, output: Int) -> [String: Any] {
+        [
+            "type": "event_msg",
+            "timestamp": timestamp,
+            "payload": [
+                "type": "token_count",
+                "info": [
+                    "last_token_usage": [
+                        "input_tokens": input,
+                        "cached_input_tokens": cached,
+                        "output_tokens": output,
+                    ],
+                ],
+            ],
+        ]
+    }
+
+    private func summarizeScan(
+        fileURL: URL,
+        maxLineBytes: Int,
+        prefixBytes: Int,
+        scanner: JsonlShapeScanner) throws -> JsonlShapeScanSummary
+    {
+        var lineCount = 0
+        var truncatedCount = 0
+        let endOffset = try scanner(fileURL, 0, maxLineBytes, prefixBytes) { line in
+            lineCount += 1
+            if line.wasTruncated {
+                truncatedCount += 1
+            }
+        }
+
+        return JsonlShapeScanSummary(
+            lineCount: lineCount,
+            truncatedCount: truncatedCount,
+            endOffset: endOffset)
+    }
+
+    private func fastestScanDurationNanoseconds(
+        runs: Int,
+        fileURL: URL,
+        maxLineBytes: Int,
+        prefixBytes: Int,
+        scanner: JsonlShapeScanner) throws -> UInt64
+    {
+        var fastest = UInt64.max
+        for _ in 0..<runs {
+            let startedAt = DispatchTime.now().uptimeNanoseconds
+            _ = try self.summarizeScan(
+                fileURL: fileURL,
+                maxLineBytes: maxLineBytes,
+                prefixBytes: prefixBytes,
+                scanner: scanner)
+            let elapsed = DispatchTime.now().uptimeNanoseconds - startedAt
+            fastest = min(fastest, elapsed)
+        }
+        return fastest
+    }
+
+    @discardableResult
+    private func scanWithFrontBufferBaseline(
+        fileURL: URL,
+        offset: Int64 = 0,
+        maxLineBytes: Int,
+        prefixBytes: Int,
+        onLine: (CostUsageJsonl.Line) -> Void) throws
+        -> Int64
+    {
+        let handle = try FileHandle(forReadingFrom: fileURL)
+        defer { try? handle.close() }
+
+        let startOffset = max(0, offset)
+        if startOffset > 0 {
+            try handle.seek(toOffset: UInt64(startOffset))
+        }
+
+        var buffer = Data()
+        buffer.reserveCapacity(64 * 1024)
+
+        var current = Data()
+        current.reserveCapacity(4 * 1024)
+        var lineBytes = 0
+        var truncated = false
+        var bytesRead: Int64 = 0
+
+        func flushLine() {
+            guard lineBytes > 0 else { return }
+            onLine(.init(bytes: current, wasTruncated: truncated))
+            current.removeAll(keepingCapacity: true)
+            lineBytes = 0
+            truncated = false
+        }
+
+        while true {
+            let chunk = try handle.read(upToCount: 256 * 1024) ?? Data()
+            if chunk.isEmpty {
+                flushLine()
+                break
+            }
+
+            bytesRead += Int64(chunk.count)
+            buffer.append(chunk)
+
+            while true {
+                guard let nl = buffer.firstIndex(of: 0x0A) else { break }
+                let linePart = buffer[..<nl]
+                buffer.removeSubrange(...nl)
+
+                lineBytes += linePart.count
+                if !truncated {
+                    if lineBytes > maxLineBytes || lineBytes > prefixBytes {
+                        truncated = true
+                        current.removeAll(keepingCapacity: true)
+                    } else {
+                        current.append(contentsOf: linePart)
+                    }
+                }
+
+                flushLine()
+            }
+        }
+
+        return startOffset + bytesRead
+    }
+}
+
+private typealias JsonlShapeScanner = (
+    _ fileURL: URL,
+    _ offset: Int64,
+    _ maxLineBytes: Int,
+    _ prefixBytes: Int,
+    _ onLine: (CostUsageJsonl.Line) -> Void) throws -> Int64
+
+private struct JsonlShapeScanSummary: Equatable {
+    let lineCount: Int
+    let truncatedCount: Int
+    let endOffset: Int64
+}
+
+private struct CodexJsonlShapePlan {
+    static let localThirtyDaySample = CodexJsonlShapePlan(
+        totalLines: 145_797,
+        relevantLines: 57063,
+        tokenCountWithoutModelLines: 22235,
+        turnContextLines: 1935,
+        longTurnContextLines: 207,
+        linesOver32KiB: 2584,
+        linesOver256KiB: 697)
+
+    let totalLines: Int
+    let relevantLines: Int
+    let tokenCountWithoutModelLines: Int
+    let turnContextLines: Int
+    let longTurnContextLines: Int
+    let linesOver32KiB: Int
+    let linesOver256KiB: Int
+
+    func scaled(divisor: Int) -> CodexJsonlShapePlan {
+        CodexJsonlShapePlan(
+            totalLines: self.scaled(self.totalLines, divisor: divisor),
+            relevantLines: self.scaled(self.relevantLines, divisor: divisor),
+            tokenCountWithoutModelLines: self.scaled(self.tokenCountWithoutModelLines, divisor: divisor),
+            turnContextLines: self.scaled(self.turnContextLines, divisor: divisor),
+            longTurnContextLines: self.scaled(self.longTurnContextLines, divisor: divisor),
+            linesOver32KiB: self.scaled(self.linesOver32KiB, divisor: divisor),
+            linesOver256KiB: self.scaled(self.linesOver256KiB, divisor: divisor))
+    }
+
+    private func scaled(_ value: Int, divisor: Int) -> Int {
+        max(1, Int((Double(value) / Double(divisor)).rounded()))
+    }
+}
+
+private struct CodexJsonlShapeFixture {
+    let byteCount: Int64
+    let lineCount: Int
+    let truncatedLineCount: Int
+
+    static func write(plan: CodexJsonlShapePlan, to fileURL: URL) throws -> CodexJsonlShapeFixture {
+        FileManager.default.createFile(atPath: fileURL.path, contents: nil)
+        let handle = try FileHandle(forWritingTo: fileURL)
+        defer { try? handle.close() }
+
+        var byteCount: Int64 = 0
+        var lineCount = 0
+
+        func writeLine(_ line: String) throws {
+            let data = Data((line + "\n").utf8)
+            try handle.write(contentsOf: data)
+            byteCount += Int64(data.count)
+            lineCount += 1
+        }
+
+        let longTurnContextCount = min(plan.longTurnContextLines, plan.turnContextLines)
+        let shortTurnContextCount = plan.turnContextLines - longTurnContextCount
+        let largeIrrelevantOver256Count = plan.linesOver256KiB
+        let largeIrrelevantOver32Count = max(
+            0,
+            plan.linesOver32KiB - longTurnContextCount - largeIrrelevantOver256Count)
+        let otherRelevantCount = max(
+            0,
+            plan.relevantLines - plan.tokenCountWithoutModelLines - plan.turnContextLines)
+        let writtenBeforeSmallIrrelevant = plan.tokenCountWithoutModelLines
+            + shortTurnContextCount
+            + longTurnContextCount
+            + otherRelevantCount
+            + largeIrrelevantOver32Count
+            + largeIrrelevantOver256Count
+        let smallIrrelevantCount = max(0, plan.totalLines - writtenBeforeSmallIrrelevant)
+
+        try self.writeRepeated(
+            count: plan.tokenCountWithoutModelLines,
+            line: self.tokenCountWithoutModelLine,
+            writer: writeLine)
+        try self.writeRepeated(
+            count: shortTurnContextCount,
+            line: self.turnContextLine(fillerBytes: 2048),
+            writer: writeLine)
+        try self.writeRepeated(
+            count: longTurnContextCount,
+            line: self.turnContextLine(fillerBytes: 40 * 1024),
+            writer: writeLine)
+        try self.writeRepeated(
+            count: otherRelevantCount,
+            line: self.taskStartedLine,
+            writer: writeLine)
+        try self.writeRepeated(
+            count: largeIrrelevantOver32Count,
+            line: self.irrelevantLine(fillerBytes: 64 * 1024),
+            writer: writeLine)
+        try self.writeRepeated(
+            count: largeIrrelevantOver256Count,
+            line: self.irrelevantLine(fillerBytes: 300 * 1024),
+            writer: writeLine)
+        try self.writeRepeated(
+            count: smallIrrelevantCount,
+            line: self.irrelevantLine(fillerBytes: 512),
+            writer: writeLine)
+
+        return CodexJsonlShapeFixture(
+            byteCount: byteCount,
+            lineCount: lineCount,
+            truncatedLineCount: longTurnContextCount + largeIrrelevantOver32Count + largeIrrelevantOver256Count)
+    }
+
+    private static let tokenCountWithoutModelLine =
+        #"{"type":"event_msg","timestamp":"2026-05-18T00:00:00Z","payload":{"type":"token_count","info":"#
+            + #"{"last_token_usage":{"input_tokens":100,"cached_input_tokens":40,"output_tokens":10}}}}"#
+
+    private static let taskStartedLine =
+        #"{"type":"event_msg","timestamp":"2026-05-18T00:00:00Z","payload":"#
+            + #"{"type":"task_started","turn_id":"turn-0001"}}"#
+
+    private static func turnContextLine(fillerBytes: Int) -> String {
+        #"{"type":"turn_context","timestamp":"2026-05-18T00:00:00Z","payload":"#
+            + #"{"model":"openai/gpt-5.5","instructions":""#
+            + String(repeating: "x", count: fillerBytes)
+            + #""}}"#
+    }
+
+    private static func irrelevantLine(fillerBytes: Int) -> String {
+        #"{"type":"response_item","payload":""# + String(repeating: "x", count: fillerBytes) + #""}"#
+    }
+
+    private static func writeRepeated(
+        count: Int,
+        line: String,
+        writer: (String) throws -> Void) throws
+    {
+        for _ in 0..<count {
+            try writer(line)
+        }
+    }
+}
diff --git a/Tests/CodexBarTests/CostUsagePricingTests.swift b/Tests/CodexBarTests/CostUsagePricingTests.swift
index f70e8d555..4d4ea170b 100644
--- a/Tests/CodexBarTests/CostUsagePricingTests.swift
+++ b/Tests/CodexBarTests/CostUsagePricingTests.swift
@@ -1,18 +1,24 @@
+import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct CostUsagePricingTests {
     @Test
-    func normalizesCodexModelVariants() {
-        #expect(CostUsagePricing.normalizeCodexModel("openai/gpt-5-codex") == "gpt-5")
-        #expect(CostUsagePricing.normalizeCodexModel("gpt-5.2-codex") == "gpt-5.2")
-        #expect(CostUsagePricing.normalizeCodexModel("gpt-5.1-codex-max") == "gpt-5.1")
-        #expect(CostUsagePricing.normalizeCodexModel("gpt-5.3-codex-max") == "gpt-5.3")
+    func `normalizes codex model variants exactly`() {
+        #expect(CostUsagePricing.normalizeCodexModel("openai/gpt-5-codex") == "gpt-5-codex")
+        #expect(CostUsagePricing.normalizeCodexModel("gpt-5.2-codex") == "gpt-5.2-codex")
+        #expect(CostUsagePricing.normalizeCodexModel("gpt-5.1-codex-max") == "gpt-5.1-codex-max")
+        #expect(CostUsagePricing.normalizeCodexModel("gpt-5.4-pro-2026-03-05") == "gpt-5.4-pro")
+        #expect(CostUsagePricing.normalizeCodexModel("gpt-5.4-mini-2026-03-17") == "gpt-5.4-mini")
+        #expect(CostUsagePricing.normalizeCodexModel("gpt-5.4-nano-2026-03-17") == "gpt-5.4-nano")
+        #expect(CostUsagePricing.normalizeCodexModel("gpt-5.5-2026-04-23") == "gpt-5.5")
+        #expect(CostUsagePricing.normalizeCodexModel("gpt-5.5-pro-2026-04-23") == "gpt-5.5-pro")
+        #expect(CostUsagePricing.normalizeCodexModel("gpt-5.3-codex-2026-03-05") == "gpt-5.3-codex")
+        #expect(CostUsagePricing.normalizeCodexModel("gpt-5.3-codex-spark") == "gpt-5.3-codex-spark")
     }
 
     @Test
-    func codexCostSupportsGpt51CodexMax() {
+    func `codex cost supports gpt51 codex max`() {
         let cost = CostUsagePricing.codexCostUSD(
             model: "gpt-5.1-codex-max",
             inputTokens: 100,
@@ -22,9 +28,9 @@ struct CostUsagePricingTests {
     }
 
     @Test
-    func codexCostSupportsGpt53CodexMax() {
+    func `codex cost supports gpt53 codex`() {
         let cost = CostUsagePricing.codexCostUSD(
-            model: "gpt-5.3-codex-max",
+            model: "gpt-5.3-codex",
             inputTokens: 100,
             cachedInputTokens: 10,
             outputTokens: 5)
@@ -32,12 +38,296 @@ struct CostUsagePricingTests {
     }
 
     @Test
-    func normalizesClaudeOpus41DatedVariants() {
+    func `codex cost supports gpt54 mini and nano`() {
+        let mini = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.4-mini-2026-03-17",
+            inputTokens: 100,
+            cachedInputTokens: 10,
+            outputTokens: 5)
+        let nano = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.4-nano",
+            inputTokens: 100,
+            cachedInputTokens: 10,
+            outputTokens: 5)
+
+        #expect(mini != nil)
+        #expect(nano != nil)
+    }
+
+    @Test
+    func `codex cost supports gpt55 bundled fallback`() throws {
+        let root = try Self.cacheRoot()
+        let cost = CostUsagePricing.codexCostUSD(
+            model: "openai/gpt-5.5-2026-04-23",
+            inputTokens: 100,
+            cachedInputTokens: 10,
+            outputTokens: 5,
+            modelsDevCacheRoot: root)
+
+        let expected = (90.0 * 5e-6) + (10.0 * 5e-7) + (5.0 * 3e-5)
+        #expect(cost == expected)
+    }
+
+    @Test
+    func `codex cost applies gpt54 and gpt55 long context rates to full session`() throws {
+        let root = try Self.cacheRoot()
+        let gpt54 = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.4",
+            inputTokens: 272_001,
+            cachedInputTokens: 0,
+            outputTokens: 10,
+            modelsDevCacheRoot: root)
+        let gpt55 = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.5",
+            inputTokens: 272_001,
+            cachedInputTokens: 0,
+            outputTokens: 10,
+            modelsDevCacheRoot: root)
+
+        #expect(gpt54 == (272_001.0 * 5e-6) + (10.0 * 2.25e-5))
+        #expect(gpt55 == (272_001.0 * 1e-5) + (10.0 * 4.5e-5))
+    }
+
+    @Test
+    func `codex cost keeps normal rates at long context input boundary`() throws {
+        let root = try Self.cacheRoot()
+        let gpt55 = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.5",
+            inputTokens: 272_000,
+            cachedInputTokens: 0,
+            outputTokens: 128_000,
+            modelsDevCacheRoot: root)
+
+        #expect(gpt55 == (272_000.0 * 5e-6) + (128_000.0 * 3e-5))
+    }
+
+    @Test
+    func `codex cost applies long context rates to all cached and non cached input`() throws {
+        let root = try Self.cacheRoot()
+        let gpt55 = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.5",
+            inputTokens: 300_000,
+            cachedInputTokens: 200_000,
+            outputTokens: 10,
+            modelsDevCacheRoot: root)
+
+        let cached = 200_000.0 * 1e-6
+        let nonCached = 100_000.0 * 1e-5
+        let output = 10.0 * 4.5e-5
+
+        #expect(gpt55 == cached + nonCached + output)
+    }
+
+    @Test
+    func `codex priority cost applies model specific fast rates`() {
+        let gpt54 = CostUsagePricing.codexPriorityCostUSD(
+            model: "gpt-5.4",
+            inputTokens: 100,
+            cachedInputTokens: 20,
+            outputTokens: 10)
+        let gpt55 = CostUsagePricing.codexPriorityCostUSD(
+            model: "gpt-5.5",
+            inputTokens: 100,
+            cachedInputTokens: 20,
+            outputTokens: 10)
+        let gpt54Mini = CostUsagePricing.codexPriorityCostUSD(
+            model: "gpt-5.4-mini",
+            inputTokens: 100,
+            cachedInputTokens: 20,
+            outputTokens: 10)
+
+        #expect(gpt54 == (80.0 * 5e-6) + (20.0 * 5e-7) + (10.0 * 3e-5))
+        #expect(gpt55 == (80.0 * 1.25e-5) + (20.0 * 1.25e-6) + (10.0 * 7.5e-5))
+        #expect(gpt54Mini == (80.0 * 1.5e-6) + (20.0 * 1.5e-7) + (10.0 * 9e-6))
+    }
+
+    @Test
+    func `codex priority cost is unavailable for long context requests`() {
+        let gpt55 = CostUsagePricing.codexPriorityCostUSD(
+            model: "gpt-5.5",
+            inputTokens: 272_001,
+            cachedInputTokens: 0,
+            outputTokens: 10)
+        let gpt54Mini = CostUsagePricing.codexPriorityCostUSD(
+            model: "gpt-5.4-mini",
+            inputTokens: 272_001,
+            cachedInputTokens: 0,
+            outputTokens: 10)
+
+        #expect(gpt55 == nil)
+        #expect(gpt54Mini == nil)
+    }
+
+    @Test
+    func `codex priority cost remains available at priority input boundary`() {
+        let gpt55 = CostUsagePricing.codexPriorityCostUSD(
+            model: "gpt-5.5",
+            inputTokens: 272_000,
+            cachedInputTokens: 0,
+            outputTokens: 10)
+
+        #expect(gpt55 == (272_000.0 * 1.25e-5) + (10.0 * 7.5e-5))
+    }
+
+    @Test
+    func `codex models dev pricing uses codex long context threshold`() throws {
+        let root = try Self.seedModelsDevCache("""
+        {
+          "openai": {
+            "id": "openai",
+            "models": {
+              "gpt-5.5": {
+                "id": "gpt-5.5",
+                "cost": {
+                  "input": 5,
+                  "output": 30,
+                  "cache_read": 0.5,
+                  "context_over_200k": {
+                    "input": 10,
+                    "output": 45,
+                    "cache_read": 1
+                  }
+                }
+              }
+            }
+          }
+        }
+        """)
+
+        let atBoundary = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.5",
+            inputTokens: 272_000,
+            cachedInputTokens: 0,
+            outputTokens: 10,
+            modelsDevCacheRoot: root)
+        let aboveBoundary = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.5",
+            inputTokens: 272_001,
+            cachedInputTokens: 0,
+            outputTokens: 10,
+            modelsDevCacheRoot: root)
+
+        #expect(atBoundary == (272_000.0 * 5e-6) + (10.0 * 3e-5))
+        #expect(aboveBoundary == (272_001.0 * 1e-5) + (10.0 * 4.5e-5))
+    }
+
+    @Test
+    func `codex cost supports gpt55 pro bundled fallback`() throws {
+        let root = try Self.cacheRoot()
+        let cost = CostUsagePricing.codexCostUSD(
+            model: "openai/gpt-5.5-pro-2026-04-23",
+            inputTokens: 100,
+            cachedInputTokens: 10,
+            outputTokens: 5,
+            modelsDevCacheRoot: root)
+
+        let expected = (100.0 * 3e-5) + (5.0 * 1.8e-4)
+        #expect(cost == expected)
+    }
+
+    @Test
+    func `codex cost returns zero for research preview fallback model`() throws {
+        let root = try Self.cacheRoot()
+        let cost = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.3-codex-spark",
+            inputTokens: 100,
+            cachedInputTokens: 10,
+            outputTokens: 5,
+            modelsDevCacheRoot: root)
+        #expect(cost == 0)
+        #expect(CostUsagePricing.codexDisplayLabel(model: "gpt-5.3-codex-spark") == "Research Preview")
+        #expect(CostUsagePricing.codexDisplayLabel(model: "gpt-5.2-codex") == nil)
+    }
+
+    @Test
+    func `codex cost prefers models dev cache over bundled fallback`() throws {
+        let root = try Self.seedModelsDevCache("""
+        {
+          "openai": {
+            "id": "openai",
+            "models": {
+              "gpt-5.5": {
+                "id": "gpt-5.5",
+                "cost": { "input": 10, "output": 20, "cache_read": 1 }
+              }
+            }
+          }
+        }
+        """)
+
+        let cost = CostUsagePricing.codexCostUSD(
+            model: "openai/gpt-5.5",
+            inputTokens: 100,
+            cachedInputTokens: 10,
+            outputTokens: 5,
+            modelsDevCacheRoot: root)
+
+        let expected = (90.0 * 10e-6) + (10.0 * 1e-6) + (5.0 * 20e-6)
+        #expect(cost == expected)
+    }
+
+    @Test
+    func `codex cost lets models dev override research preview fallback`() throws {
+        let root = try Self.seedModelsDevCache("""
+        {
+          "openai": {
+            "id": "openai",
+            "models": {
+              "gpt-5.3-codex-spark": {
+                "id": "gpt-5.3-codex-spark",
+                "cost": { "input": 2, "output": 8, "cache_read": 0.2 }
+              }
+            }
+          }
+        }
+        """)
+
+        let cost = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.3-codex-spark",
+            inputTokens: 100,
+            cachedInputTokens: 10,
+            outputTokens: 5,
+            modelsDevCacheRoot: root)
+
+        let expected = (90.0 * 2e-6) + (10.0 * 0.2e-6) + (5.0 * 8e-6)
+        #expect(cost == expected)
+        #expect(CostUsagePricing.codexDisplayLabel(model: "gpt-5.3-codex-spark") == "Research Preview")
+    }
+
+    @Test
+    func `codex cost falls back to bundled pricing when models dev misses provider model`() throws {
+        let root = try Self.seedModelsDevCache("""
+        {
+          "anthropic": {
+            "id": "anthropic",
+            "models": {
+              "gpt-5.5": {
+                "id": "gpt-5.5",
+                "cost": { "input": 10, "output": 20, "cache_read": 1 }
+              }
+            }
+          }
+        }
+        """)
+
+        let cost = CostUsagePricing.codexCostUSD(
+            model: "openai/gpt-5.5",
+            inputTokens: 100,
+            cachedInputTokens: 10,
+            outputTokens: 5,
+            modelsDevCacheRoot: root)
+
+        let expected = (90.0 * 5e-6) + (10.0 * 5e-7) + (5.0 * 3e-5)
+        #expect(cost == expected)
+    }
+
+    @Test
+    func `normalizes claude opus41 dated variants`() {
         #expect(CostUsagePricing.normalizeClaudeModel("claude-opus-4-1-20250805") == "claude-opus-4-1")
     }
 
     @Test
-    func claudeCostSupportsOpus41DatedVariant() {
+    func `claude cost supports opus41 dated variant`() {
         let cost = CostUsagePricing.claudeCostUSD(
             model: "claude-opus-4-1-20250805",
             inputTokens: 10,
@@ -48,7 +338,7 @@ struct CostUsagePricingTests {
     }
 
     @Test
-    func claudeCostSupportsOpus46DatedVariant() {
+    func `claude cost supports opus46 dated variant`() {
         let cost = CostUsagePricing.claudeCostUSD(
             model: "claude-opus-4-6-20260205",
             inputTokens: 10,
@@ -59,7 +349,19 @@ struct CostUsagePricingTests {
     }
 
     @Test
-    func claudeCostReturnsNilForUnknownModels() {
+    func `claude cost supports opus47`() {
+        let cost = CostUsagePricing.claudeCostUSD(
+            model: "claude-opus-4-7",
+            inputTokens: 10,
+            cacheReadInputTokens: 0,
+            cacheCreationInputTokens: 0,
+            outputTokens: 5)
+        let expected = (10.0 * 5e-6) + (5.0 * 2.5e-5)
+        #expect(cost == expected)
+    }
+
+    @Test
+    func `claude cost returns nil for unknown models`() {
         let cost = CostUsagePricing.claudeCostUSD(
             model: "glm-4.6",
             inputTokens: 100,
@@ -68,4 +370,61 @@ struct CostUsagePricingTests {
             outputTokens: 40)
         #expect(cost == nil)
     }
+
+    @Test
+    func `claude cost prefers models dev cache with threshold pricing`() throws {
+        let root = try Self.seedModelsDevCache("""
+        {
+          "anthropic": {
+            "id": "anthropic",
+            "models": {
+              "claude-sonnet-4-6": {
+                "id": "claude-sonnet-4-6",
+                "cost": {
+                  "input": 3,
+                  "output": 15,
+                  "cache_read": 0.3,
+                  "cache_write": 3.75,
+                  "context_over_200k": {
+                    "input": 6,
+                    "output": 22.5,
+                    "cache_read": 0.6,
+                    "cache_write": 7.5
+                  }
+                }
+              }
+            }
+          }
+        }
+        """)
+
+        let cost = CostUsagePricing.claudeCostUSD(
+            model: "claude-sonnet-4-6",
+            inputTokens: 200_010,
+            cacheReadInputTokens: 5,
+            cacheCreationInputTokens: 5,
+            outputTokens: 5,
+            modelsDevCacheRoot: root)
+
+        let expected = (200_000.0 * 3e-6)
+            + (10.0 * 6e-6)
+            + (5.0 * 0.3e-6)
+            + (5.0 * 3.75e-6)
+            + (5.0 * 15e-6)
+        #expect(cost == expected)
+    }
+
+    private static func seedModelsDevCache(_ json: String) throws -> URL {
+        let root = try Self.cacheRoot()
+        let catalog = try JSONDecoder().decode(ModelsDevCatalog.self, from: Data(json.utf8))
+        ModelsDevCache.save(catalog: catalog, fetchedAt: Date(), cacheRoot: root)
+        return root
+    }
+
+    private static func cacheRoot() throws -> URL {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codexbar-pricing-tests-\(UUID().uuidString)", isDirectory: true)
+        try FileManager.default.createDirectory(at: root, withIntermediateDirectories: true)
+        return root
+    }
 }
diff --git a/Tests/CodexBarTests/CostUsageScannerBreakdownTests.swift b/Tests/CodexBarTests/CostUsageScannerBreakdownTests.swift
new file mode 100644
index 000000000..bb77320af
--- /dev/null
+++ b/Tests/CodexBarTests/CostUsageScannerBreakdownTests.swift
@@ -0,0 +1,3478 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+// swiftlint:disable file_length
+// swiftlint:disable type_body_length
+struct CostUsageScannerBreakdownTests {
+    private typealias Usage = (input: Int, cached: Int, output: Int)
+
+    private func codexTurnContext(timestamp: String, model: String) -> [String: Any] {
+        [
+            "type": "turn_context",
+            "timestamp": timestamp,
+            "payload": [
+                "model": model,
+            ],
+        ]
+    }
+
+    private func codexTokenCount(
+        timestamp: String,
+        model: String,
+        total: Usage? = nil,
+        last: Usage? = nil) -> [String: Any]
+    {
+        var info: [String: Any] = [
+            "model": model,
+        ]
+        if let total {
+            info["total_token_usage"] = [
+                "input_tokens": total.input,
+                "cached_input_tokens": total.cached,
+                "output_tokens": total.output,
+            ]
+        }
+        if let last {
+            info["last_token_usage"] = [
+                "input_tokens": last.input,
+                "cached_input_tokens": last.cached,
+                "output_tokens": last.output,
+            ]
+        }
+        return [
+            "type": "event_msg",
+            "timestamp": timestamp,
+            "payload": [
+                "type": "token_count",
+                "info": info,
+            ],
+        ]
+    }
+
+    private func codexTokenCountWithoutModel(timestamp: String, last: Usage) -> [String: Any] {
+        [
+            "type": "event_msg",
+            "timestamp": timestamp,
+            "payload": [
+                "type": "token_count",
+                "info": [
+                    "last_token_usage": [
+                        "input_tokens": last.input,
+                        "cached_input_tokens": last.cached,
+                        "output_tokens": last.output,
+                    ],
+                ],
+            ],
+        ]
+    }
+
+    private func oversizedCodexTurnContextLine(timestamp: String, model: String) -> String {
+        let largeInstructions = String(repeating: "x", count: 300 * 1024)
+        return #"{"type":"turn_context","timestamp":""#
+            + timestamp
+            + #"","payload":{"model":""#
+            + model
+            + #"","instructions":""#
+            + largeInstructions
+            + #""}}"#
+    }
+
+    private func oversizedCodexTurnContextInfoModelLine(timestamp: String, model: String) -> String {
+        let largeInstructions = String(repeating: "x", count: 300 * 1024)
+        return #"{"type":"turn_context","timestamp":""#
+            + timestamp
+            + #"","payload":{"empty":"","info":{"model":""#
+            + model
+            + #""},"instructions":""#
+            + largeInstructions
+            + #""}}"#
+    }
+
+    private func oversizedCodexTurnContextPromptOnlyLine(timestamp: String, promptModel: String) -> String {
+        let prompt = #"example: {\"type\":\"turn_context\",\"payload\":{\"model\":\"\#(promptModel)\"}}"#
+            + String(repeating: "x", count: 300 * 1024)
+        return #"{"type":"turn_context","timestamp":""#
+            + timestamp
+            + #"","payload":{"instructions":""#
+            + prompt
+            + #""}}"#
+    }
+
+    @Test
+    func `codex daily report parses token counts and caches`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2025, month: 12, day: 20)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let iso2 = env.isoString(for: day.addingTimeInterval(2))
+
+        let model = "openai/gpt-5.2-codex"
+        let turnContext: [String: Any] = [
+            "type": "turn_context",
+            "timestamp": iso0,
+            "payload": [
+                "model": model,
+            ],
+        ]
+        let firstTokenCount: [String: Any] = [
+            "type": "event_msg",
+            "timestamp": iso1,
+            "payload": [
+                "type": "token_count",
+                "info": [
+                    "total_token_usage": [
+                        "input_tokens": 100,
+                        "cached_input_tokens": 20,
+                        "output_tokens": 10,
+                    ],
+                    "model": model,
+                ],
+            ],
+        ]
+
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "session.jsonl",
+            contents: env.jsonl([turnContext, firstTokenCount]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: env.root.appendingPathComponent("missing-traces.sqlite"))
+        options.refreshMinIntervalSeconds = 0
+
+        let first = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        #expect(first.data.count == 1)
+        #expect(first.data[0].modelsUsed == ["gpt-5.2-codex"])
+        #expect(first.data[0].modelBreakdowns == [
+            CostUsageDailyReport.ModelBreakdown(
+                modelName: "gpt-5.2-codex",
+                costUSD: first.data[0].costUSD,
+                totalTokens: 110),
+        ])
+        #expect(first.data[0].totalTokens == 110)
+        #expect((first.data[0].costUSD ?? 0) > 0)
+        let firstCache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+        #expect(firstCache.codexPricingKey?.hasPrefix("builtin-") == true)
+
+        let secondTokenCount: [String: Any] = [
+            "type": "event_msg",
+            "timestamp": iso2,
+            "payload": [
+                "type": "token_count",
+                "info": [
+                    "total_token_usage": [
+                        "input_tokens": 160,
+                        "cached_input_tokens": 40,
+                        "output_tokens": 16,
+                    ],
+                    "model": model,
+                ],
+            ],
+        ]
+        try env.jsonl([turnContext, firstTokenCount, secondTokenCount])
+            .write(to: fileURL, atomically: true, encoding: .utf8)
+
+        let second = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        #expect(second.data.count == 1)
+        #expect(second.data[0].modelsUsed == ["gpt-5.2-codex"])
+        #expect(second.data[0].totalTokens == 176)
+        #expect((second.data[0].costUSD ?? 0) > (first.data[0].costUSD ?? 0))
+    }
+
+    @Test
+    func `codex incremental append falls back to rescan when fork metadata appears late`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let iso2 = env.isoString(for: day.addingTimeInterval(2))
+        let iso3 = env.isoString(for: day.addingTimeInterval(3))
+        let model = "gpt-5.4"
+        let sessionMeta: [String: Any] = [
+            "type": "session_meta",
+            "timestamp": iso0,
+            "payload": ["id": "late-fork-child"],
+        ]
+        let turnContext = self.codexTurnContext(timestamp: iso0, model: model)
+        let firstTokenCount = self.codexTokenCount(
+            timestamp: iso1,
+            model: model,
+            total: (input: 10, cached: 0, output: 0),
+            last: (input: 10, cached: 0, output: 0))
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "late-fork-child.jsonl",
+            contents: env.jsonl([sessionMeta, turnContext, firstTokenCount]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: env.root.appendingPathComponent("missing-traces.sqlite"))
+        options.refreshMinIntervalSeconds = 0
+
+        let first = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        #expect(first.data.first?.totalTokens == 10)
+
+        let lateForkMeta: [String: Any] = [
+            "type": "session_meta",
+            "timestamp": iso2,
+            "payload": [
+                "id": "late-fork-child",
+                "forked_from_id": "missing-parent",
+                "timestamp": iso2,
+            ],
+        ]
+        let replayedForkUsage = self.codexTokenCount(
+            timestamp: iso3,
+            model: model,
+            total: (input: 1000, cached: 900, output: 100),
+            last: (input: 1000, cached: 900, output: 100))
+        let handle = try FileHandle(forWritingTo: fileURL)
+        try handle.seekToEnd()
+        try handle.write(contentsOf: Data(("\n" + env.jsonl([lateForkMeta, replayedForkUsage])).utf8))
+        try handle.close()
+
+        let second = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        #expect(second.data.first?.totalTokens == 10)
+    }
+
+    @Test
+    func `codex daily report reprices cached sessions when models dev pricing changes`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let olderDay = try env.makeLocalNoon(year: 2026, month: 5, day: 5)
+        let olderFileURL = try env.writeCodexSessionFile(
+            day: olderDay,
+            filename: "older-session.jsonl",
+            contents: env.jsonl([
+                self.codexTurnContext(timestamp: env.isoString(for: olderDay), model: "custom-codex-model"),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: olderDay.addingTimeInterval(1)),
+                    model: "custom-codex-model",
+                    last: (input: 100, cached: 20, output: 10)),
+            ]))
+        try FileManager.default.setAttributes(
+            [.modificationDate: olderDay],
+            ofItemAtPath: olderFileURL.path)
+
+        let model = "custom-codex-model"
+        _ = try env.writeCodexSessionFile(
+            day: day,
+            filename: "session.jsonl",
+            contents: env.jsonl([
+                self.codexTurnContext(timestamp: iso0, model: model),
+                self.codexTokenCount(timestamp: iso1, model: model, last: (input: 100, cached: 20, output: 10)),
+            ]))
+
+        try ModelsDevCache.save(
+            catalog: Self.modelsDevCatalog(model: model, input: 1, output: 2, cacheRead: 0.5),
+            fetchedAt: Date(timeIntervalSince1970: 1),
+            cacheRoot: env.cacheRoot)
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: env.root.appendingPathComponent("missing-traces.sqlite"))
+        options.refreshMinIntervalSeconds = 0
+
+        let first = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: olderDay,
+            until: day,
+            now: day,
+            options: options)
+        let oldDailyCost = (80.0 / 1_000_000.0) + (20.0 * 0.5 / 1_000_000.0)
+            + (10.0 * 2.0 / 1_000_000.0)
+        #expect(first.summary?.totalCostUSD == oldDailyCost * 2)
+
+        try ModelsDevCache.save(
+            catalog: Self.modelsDevCatalog(model: model, input: 1, output: 2, cacheRead: 0.5),
+            fetchedAt: Date(timeIntervalSince1970: 2),
+            cacheRoot: env.cacheRoot)
+
+        options.refreshMinIntervalSeconds = 60
+        let samePricing = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day.addingTimeInterval(1),
+            options: options)
+        let samePricingCache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+        #expect(samePricing.summary?.totalCostUSD == oldDailyCost)
+        #expect(samePricingCache.scanSinceKey == "2026-05-04")
+
+        try ModelsDevCache.save(
+            catalog: Self.modelsDevCatalog(model: model, input: 10, output: 20, cacheRead: 5),
+            fetchedAt: Date(timeIntervalSince1970: 2),
+            cacheRoot: env.cacheRoot)
+
+        options.refreshMinIntervalSeconds = 60
+        let narrowRepriced = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day.addingTimeInterval(2),
+            options: options)
+        let newDailyCost = (80.0 * 10.0 / 1_000_000.0)
+            + (20.0 * 5.0 / 1_000_000.0)
+            + (10.0 * 20.0 / 1_000_000.0)
+        #expect(narrowRepriced.summary?.totalCostUSD == newDailyCost)
+
+        let wideRepriced = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: olderDay,
+            until: day,
+            now: day.addingTimeInterval(3),
+            options: options)
+
+        #expect(wideRepriced.summary?.totalCostUSD == newDailyCost * 2)
+    }
+
+    @Test
+    func `codex incremental cache preserves divergent total baseline`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 18)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let iso2 = env.isoString(for: day.addingTimeInterval(2))
+        let model = "openai/gpt-5.4"
+        let sessionMeta: [String: Any] = [
+            "type": "session_meta",
+            "timestamp": iso0,
+            "payload": ["session_id": "divergent-session"],
+        ]
+        let turnContext = self.codexTurnContext(timestamp: iso0, model: model)
+        let firstTokenCount = self.codexTokenCount(
+            timestamp: iso1,
+            model: model,
+            total: (input: 50, cached: 0, output: 0),
+            last: (input: 100, cached: 0, output: 0))
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "session.jsonl",
+            contents: env.jsonl([sessionMeta, turnContext, firstTokenCount]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: env.root.appendingPathComponent("missing-traces.sqlite"))
+        options.refreshMinIntervalSeconds = 0
+
+        let first = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        #expect(first.data.first?.totalTokens == 100)
+
+        let secondTokenCount = self.codexTokenCount(
+            timestamp: iso2,
+            model: model,
+            total: (input: 80, cached: 0, output: 0))
+        try env.jsonl([sessionMeta, turnContext, firstTokenCount, secondTokenCount])
+            .write(to: fileURL, atomically: true, encoding: .utf8)
+
+        let second = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day.addingTimeInterval(1),
+            options: options)
+        let cache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+        let usage = cache.files.first { URL(fileURLWithPath: $0.key).lastPathComponent == fileURL.lastPathComponent }?
+            .value
+
+        #expect(second.data.first?.totalTokens == 130)
+        #expect(usage?.lastTotals == nil)
+        #expect(usage?.lastCountedTotals?.input == 130)
+        #expect(usage?.lastRawTotalsBaseline?.input == 80)
+        #expect(usage?.hasDivergentTotals == true)
+    }
+
+    @Test
+    func `codex incremental cache migrates legacy rows before appending delta costs`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 18)
+        let olderDay = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let olderDayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: olderDay)
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let iso2 = env.isoString(for: day.addingTimeInterval(2))
+        let model = "gpt-5.4"
+        let sessionMeta: [String: Any] = [
+            "type": "session_meta",
+            "timestamp": iso0,
+            "payload": ["session_id": "legacy-cost-session"],
+        ]
+        let turnContext = self.codexTurnContext(timestamp: iso0, model: model)
+        let firstTokenCount = self.codexTokenCount(
+            timestamp: iso1,
+            model: model,
+            total: (input: 10, cached: 0, output: 0))
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "session.jsonl",
+            contents: env.jsonl([sessionMeta, turnContext, firstTokenCount]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: env.root.appendingPathComponent("missing-traces.sqlite"))
+        options.refreshMinIntervalSeconds = 0
+
+        _ = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+
+        var cache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+        let path = try #require(cache.files.keys.first)
+        var cachedUsage = try #require(cache.files[path])
+        #expect(cachedUsage.sessionId == "legacy-cost-session")
+        #expect(cachedUsage.lastCountedTotals?.input == 10)
+        cachedUsage.codexCostNanos = nil
+        cachedUsage.codexRows = [
+            CostUsageScanner.CodexUsageRow(
+                day: olderDayKey,
+                model: CostUsagePricing.normalizeCodexModel(model),
+                turnID: nil,
+                input: 20,
+                cached: 0,
+                output: 0),
+            CostUsageScanner.CodexUsageRow(
+                day: dayKey,
+                model: CostUsagePricing.normalizeCodexModel(model),
+                turnID: nil,
+                input: 10,
+                cached: 0,
+                output: 0),
+        ]
+        cache.files[path] = cachedUsage
+        CostUsageCacheIO.save(provider: .codex, cache: cache, cacheRoot: env.cacheRoot)
+        let savedUsage = try #require(CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot).files[path])
+        #expect(savedUsage.codexRows?.map(\.day) == [olderDayKey, dayKey])
+
+        let secondTokenCount = self.codexTokenCount(
+            timestamp: iso2,
+            model: model,
+            total: (input: 15, cached: 0, output: 0))
+        let appended = try "\n" + env.jsonl([secondTokenCount])
+        let handle = try FileHandle(forWritingTo: fileURL)
+        try handle.seekToEnd()
+        try handle.write(contentsOf: Data(appended.utf8))
+        try handle.close()
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day.addingTimeInterval(1),
+            options: options)
+        let expectedCost = 15.0 * 2.5e-6
+
+        #expect(report.data.first?.totalTokens == 15)
+        #expect(abs((report.summary?.totalCostUSD ?? 0) - expectedCost) < 0.000_000_001)
+
+        var migratedCache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+        let migratedUsage = try #require(migratedCache.files[path])
+        #expect(migratedUsage.codexRows?.map(\.day) == [olderDayKey])
+        #expect(migratedUsage.codexCostNanos?[dayKey] != nil)
+
+        let parsedBytes = migratedUsage.parsedBytes
+        options.refreshMinIntervalSeconds = 60
+        let repeated = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day.addingTimeInterval(2),
+            options: options)
+        migratedCache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+        #expect(repeated.data.first?.totalTokens == 15)
+        #expect(migratedCache.files[path]?.parsedBytes == parsedBytes)
+    }
+
+    @Test
+    func `codex split cache migration does not double count existing cost maps`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 18)
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let model = "gpt-5.4"
+        let normalizedModel = CostUsagePricing.normalizeCodexModel(model)
+        _ = try env.writeCodexSessionFile(
+            day: day,
+            filename: "session.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "timestamp": iso0,
+                    "payload": ["session_id": "split-cache-session"],
+                ],
+                self.codexTurnContext(timestamp: iso0, model: model),
+                self.codexTokenCount(
+                    timestamp: iso1,
+                    model: model,
+                    total: (input: 10, cached: 0, output: 0)),
+            ]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: env.root.appendingPathComponent("missing-traces.sqlite"))
+        options.refreshMinIntervalSeconds = 0
+
+        _ = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+
+        var cache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+        let path = try #require(cache.files.keys.first)
+        var cachedUsage = try #require(cache.files[path])
+        let originalCostNanos = try #require(cachedUsage.codexCostNanos?[dayKey]?[normalizedModel])
+        let addedModel = CostUsagePricing.normalizeCodexModel("gpt-5.5")
+        cachedUsage.codexRows = [
+            CostUsageScanner.CodexUsageRow(
+                day: dayKey,
+                model: normalizedModel,
+                turnID: nil,
+                input: 10,
+                cached: 0,
+                output: 0),
+            CostUsageScanner.CodexUsageRow(
+                day: dayKey,
+                model: addedModel,
+                turnID: nil,
+                input: 10,
+                cached: 0,
+                output: 0),
+        ]
+        cachedUsage.codexStandardCostNanos = nil
+        cachedUsage.codexPriorityCostNanos = nil
+        cachedUsage.codexStandardTokens = nil
+        cachedUsage.codexPriorityTokens = nil
+        cache.files[path] = cachedUsage
+        CostUsageCacheIO.save(provider: .codex, cache: cache, cacheRoot: env.cacheRoot)
+
+        options.refreshMinIntervalSeconds = 60
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day.addingTimeInterval(1),
+            options: options)
+
+        let expectedCost = 10.0 * 2.5e-6
+        #expect(abs((report.summary?.totalCostUSD ?? 0) - expectedCost) < 0.000_000_001)
+        let migratedUsage = try #require(CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot).files[path])
+        #expect(migratedUsage.codexRows == nil)
+        #expect(migratedUsage.codexCostNanos?[dayKey]?[normalizedModel] == originalCostNanos)
+        #expect(migratedUsage.codexCostNanos?[dayKey]?[addedModel] == Int64((10.0 * 5e-6 * 1_000_000_000).rounded()))
+        #expect(migratedUsage.codexStandardTokens?[dayKey]?[normalizedModel] == 10)
+        #expect(migratedUsage.codexStandardTokens?[dayKey]?[addedModel] == 10)
+    }
+
+    @Test
+    func `codex narrow full rescan preserves cached days outside scan window`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let olderDay = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 18)
+        let model = "gpt-5.4"
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "multi-day-session.jsonl",
+            contents: env.jsonl([
+                self.codexTurnContext(timestamp: env.isoString(for: olderDay), model: model),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: olderDay.addingTimeInterval(1)),
+                    model: model,
+                    last: (input: 20, cached: 0, output: 0)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(1)),
+                    model: model,
+                    last: (input: 10, cached: 0, output: 0)),
+            ]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: env.root.appendingPathComponent("missing-traces.sqlite"))
+        options.refreshMinIntervalSeconds = 0
+
+        let wide = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: olderDay,
+            until: day,
+            now: day,
+            options: options)
+        #expect(wide.summary?.totalTokens == 30)
+
+        try env.jsonl([
+            self.codexTurnContext(timestamp: env.isoString(for: olderDay), model: model),
+            self.codexTokenCount(
+                timestamp: env.isoString(for: olderDay.addingTimeInterval(1)),
+                model: model,
+                last: (input: 20, cached: 0, output: 0)),
+            self.codexTokenCount(
+                timestamp: env.isoString(for: day.addingTimeInterval(1)),
+                model: model,
+                last: (input: 12, cached: 0, output: 0)),
+        ]).write(to: fileURL, atomically: true, encoding: .utf8)
+
+        let narrow = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day.addingTimeInterval(1),
+            options: options)
+        #expect(narrow.summary?.totalTokens == 12)
+
+        options.refreshMinIntervalSeconds = 60
+        let repeatedWide = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: olderDay,
+            until: day,
+            now: day.addingTimeInterval(2),
+            options: options)
+        #expect(repeatedWide.summary?.totalTokens == 32)
+    }
+
+    @Test
+    func `codex turn id cache migration narrows retained cache window`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let olderDay = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 18)
+        let olderDayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: olderDay)
+        let model = "gpt-5.4"
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "legacy-turn-ids.jsonl",
+            contents: env.jsonl([
+                self.codexTurnContext(timestamp: env.isoString(for: olderDay), model: model),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: olderDay.addingTimeInterval(1)),
+                    model: model,
+                    last: (input: 20, cached: 0, output: 0)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(1)),
+                    model: model,
+                    last: (input: 10, cached: 0, output: 0)),
+            ]))
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try CostUsageScannerCodexPriorityTests.createTestLogsDatabase(at: dbURL)
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: dbURL)
+        options.refreshMinIntervalSeconds = 0
+
+        let wide = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: olderDay,
+            until: day,
+            now: day,
+            options: options)
+        #expect(wide.summary?.totalTokens == 30)
+
+        var cache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+        let path = try #require(cache.files.keys.first)
+        cache.files[path]?.codexTurnIDs = nil
+        CostUsageCacheIO.save(provider: .codex, cache: cache, cacheRoot: env.cacheRoot)
+
+        try env.jsonl([
+            self.codexTurnContext(timestamp: env.isoString(for: olderDay), model: model),
+            self.codexTokenCount(
+                timestamp: env.isoString(for: olderDay.addingTimeInterval(1)),
+                model: model,
+                last: (input: 20, cached: 0, output: 0)),
+            self.codexTokenCount(
+                timestamp: env.isoString(for: day.addingTimeInterval(1)),
+                model: model,
+                last: (input: 12, cached: 0, output: 0)),
+        ]).write(to: fileURL, atomically: true, encoding: .utf8)
+
+        options.refreshMinIntervalSeconds = 60
+        let narrow = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day.addingTimeInterval(1),
+            options: options)
+        #expect(narrow.summary?.totalTokens == 12)
+
+        cache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+        #expect(cache.scanSinceKey == "2026-05-17")
+        #expect(cache.scanUntilKey == "2026-05-19")
+        #expect(cache.files[path]?.days[olderDayKey] == nil)
+
+        let repeatedWide = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: olderDay,
+            until: day,
+            now: day.addingTimeInterval(2),
+            options: options)
+        #expect(repeatedWide.summary?.totalTokens == 32)
+    }
+
+    @Test
+    func `codex long turn context preserves model attribution`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 18)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let model = "openai/gpt-5.5"
+        let turnContext: [String: Any] = [
+            "type": "turn_context",
+            "timestamp": iso0,
+            "payload": [
+                "model": model,
+                "instructions": String(repeating: "x", count: 40 * 1024),
+            ],
+        ]
+        let tokenCount: [String: Any] = [
+            "type": "event_msg",
+            "timestamp": iso1,
+            "payload": [
+                "type": "token_count",
+                "info": [
+                    "last_token_usage": [
+                        "input_tokens": 100,
+                        "cached_input_tokens": 40,
+                        "output_tokens": 10,
+                    ],
+                ],
+            ],
+        ]
+
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "long-turn-context.jsonl",
+            contents: env.jsonl([turnContext, tokenCount]))
+
+        let parsed = CostUsageScanner.parseCodexFile(
+            fileURL: fileURL,
+            range: CostUsageScanner.CostUsageDayRange(since: day, until: day))
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+
+        #expect(parsed.days[dayKey]?["gpt-5.5"] == [100, 40, 10])
+        #expect(parsed.days[dayKey]?["gpt-5"] == nil)
+    }
+
+    @Test
+    func `codex oversized turn context prefix preserves model attribution`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 18)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let model = "openai/gpt-5.5"
+        let turnContextLine = self.oversizedCodexTurnContextLine(timestamp: iso0, model: model)
+        let tokenCountLine = try env.jsonl([
+            self.codexTokenCountWithoutModel(timestamp: iso1, last: (input: 120, cached: 30, output: 12)),
+        ])
+
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "oversized-turn-context.jsonl",
+            contents: turnContextLine + "\n" + tokenCountLine)
+
+        let parsed = CostUsageScanner.parseCodexFile(
+            fileURL: fileURL,
+            range: CostUsageScanner.CostUsageDayRange(since: day, until: day))
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+
+        #expect(parsed.days[dayKey]?["gpt-5.5"] == [120, 30, 12])
+        #expect(parsed.days[dayKey]?["gpt-5"] == nil)
+    }
+
+    @Test
+    func `codex oversized turn context prefix supports nested info model`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 18)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let model = "openai/gpt-5.5"
+        let turnContextLine = self.oversizedCodexTurnContextInfoModelLine(timestamp: iso0, model: model)
+        let tokenCountLine = try env.jsonl([
+            self.codexTokenCountWithoutModel(timestamp: iso1, last: (input: 120, cached: 30, output: 12)),
+        ])
+
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "oversized-turn-context-info-model.jsonl",
+            contents: turnContextLine + "\n" + tokenCountLine)
+
+        let parsed = CostUsageScanner.parseCodexFile(
+            fileURL: fileURL,
+            range: CostUsageScanner.CostUsageDayRange(since: day, until: day))
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+
+        #expect(parsed.days[dayKey]?["gpt-5.5"] == [120, 30, 12])
+        #expect(parsed.days[dayKey]?["gpt-5"] == nil)
+    }
+
+    @Test
+    func `codex oversized turn context ignores prompt model examples`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 18)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let iso2 = env.isoString(for: day.addingTimeInterval(2))
+        let turnContextLine = self.oversizedCodexTurnContextPromptOnlyLine(
+            timestamp: iso1,
+            promptModel: "openai/gpt-5.5")
+        let tokenCountLine = try env.jsonl([
+            self.codexTokenCountWithoutModel(timestamp: iso2, last: (input: 120, cached: 30, output: 12)),
+        ])
+
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "oversized-turn-context-prompt-example.jsonl",
+            contents: env.jsonl([self.codexTurnContext(timestamp: iso0, model: "openai/gpt-5.4")])
+                + turnContextLine + "\n" + tokenCountLine)
+
+        let parsed = CostUsageScanner.parseCodexFile(
+            fileURL: fileURL,
+            range: CostUsageScanner.CostUsageDayRange(since: day, until: day))
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+
+        #expect(parsed.days[dayKey]?["gpt-5.4"] == [120, 30, 12])
+        #expect(parsed.days[dayKey]?["gpt-5.5"] == nil)
+    }
+
+    @Test
+    func `codex token count model applies without turn context model`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 18)
+
+        let contents = try env.jsonl([
+            self.codexTokenCount(
+                timestamp: env.isoString(for: day.addingTimeInterval(1)),
+                model: "openai/gpt-5.5",
+                last: (input: 50, cached: 10, output: 5)),
+        ])
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "token-count-model.jsonl",
+            contents: contents)
+
+        let parsed = CostUsageScanner.parseCodexFile(
+            fileURL: fileURL,
+            range: CostUsageScanner.CostUsageDayRange(since: day, until: day))
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+
+        #expect(parsed.days[dayKey]?["gpt-5.5"] == [50, 10, 5])
+        #expect(parsed.days[dayKey]?["gpt-5"] == nil)
+    }
+
+    @Test
+    func `codex daily report writes corrected cache artifact for oversized turn context`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 18)
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let model = "openai/gpt-5.5"
+        let turnContextLine = self.oversizedCodexTurnContextLine(timestamp: iso0, model: model)
+        let tokenCountLine = try env.jsonl([
+            self.codexTokenCountWithoutModel(timestamp: iso1, last: (input: 120, cached: 30, output: 12)),
+        ])
+
+        _ = try env.writeCodexSessionFile(
+            day: day,
+            filename: "cached-oversized-turn-context.jsonl",
+            contents: turnContextLine + "\n" + tokenCountLine)
+
+        let oldCacheDir = env.cacheRoot.appendingPathComponent("cost-usage", isDirectory: true)
+        try FileManager.default.createDirectory(at: oldCacheDir, withIntermediateDirectories: true)
+        let oldCacheURL = oldCacheDir.appendingPathComponent("codex-v7.json", isDirectory: false)
+        let oldCache = #"{"version":1,"lastScanUnixMs":9999999999999,"files":{},"days":{"\#(dayKey)":"#
+            + #"{"gpt-5":[999,0,0]}}}"#
+        try oldCache.write(to: oldCacheURL, atomically: true, encoding: .utf8)
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 3600
+
+        let first = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        #expect(first.data.count == 1)
+        #expect(first.data[0].modelsUsed == ["gpt-5.5"])
+        #expect(first.data[0].modelBreakdowns?.map(\.modelName) == ["gpt-5.5"])
+        #expect(first.data[0].totalTokens == 132)
+
+        let newCacheURL = CostUsageCacheIO.cacheFileURL(provider: .codex, cacheRoot: env.cacheRoot)
+        #expect(newCacheURL.lastPathComponent == "codex-v8.json")
+        #expect(FileManager.default.fileExists(atPath: newCacheURL.path))
+        #expect(FileManager.default.fileExists(atPath: oldCacheURL.path))
+
+        let second = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day.addingTimeInterval(60),
+            options: options)
+        #expect(second.data.count == 1)
+        #expect(second.data[0].modelsUsed == ["gpt-5.5"])
+        #expect(second.data[0].totalTokens == 132)
+    }
+
+    @Test
+    func `codex daily report prefers last token usage over divergent totals`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 15)
+        let iso0 = env.isoString(for: day)
+        let model = "openai/gpt-5.5"
+        let turnContext = self.codexTurnContext(timestamp: iso0, model: model)
+
+        _ = try env.writeCodexSessionFile(
+            day: day,
+            filename: "session.jsonl",
+            contents: env.jsonl([
+                turnContext,
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(1)),
+                    model: model,
+                    total: (input: 100, cached: 20, output: 10),
+                    last: (input: 100, cached: 20, output: 10)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(2)),
+                    model: model,
+                    total: (input: 160, cached: 40, output: 16),
+                    last: (input: 60, cached: 20, output: 6)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(3)),
+                    model: model,
+                    total: (input: 1000, cached: 900, output: 100),
+                    last: (input: 40, cached: 30, output: 5)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(4)),
+                    model: model,
+                    total: (input: 1050, cached: 930, output: 110),
+                    last: (input: 50, cached: 30, output: 10)),
+            ]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+        options.forceRescan = true
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        let expectedCost = CostUsagePricing.codexCostUSD(
+            model: model,
+            inputTokens: 250,
+            cachedInputTokens: 100,
+            outputTokens: 31)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 250)
+        #expect(report.data[0].outputTokens == 31)
+        #expect(report.data[0].totalTokens == 281)
+        #expect(abs((report.data[0].costUSD ?? 0) - (expectedCost ?? 0)) < 0.000001)
+    }
+
+    @Test
+    func `codex repeated total token snapshots do not recount last usage`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 20)
+        let model = "openai/gpt-5.5"
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "repeated-total-snapshot.jsonl",
+            contents: env.jsonl([
+                self.codexTurnContext(timestamp: env.isoString(for: day), model: model),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(1)),
+                    model: model,
+                    total: (input: 100, cached: 20, output: 10),
+                    last: (input: 100, cached: 20, output: 10)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(2)),
+                    model: model,
+                    total: (input: 100, cached: 20, output: 10),
+                    last: (input: 100, cached: 20, output: 10)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(3)),
+                    model: model,
+                    total: (input: 130, cached: 20, output: 12),
+                    last: (input: 100, cached: 20, output: 10)),
+            ]))
+
+        let parsed = CostUsageScanner.parseCodexFile(
+            fileURL: fileURL,
+            range: CostUsageScanner.CostUsageDayRange(since: day, until: day))
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+        let packed = parsed.days[dayKey]?["gpt-5.5"] ?? []
+
+        #expect(packed[safe: 0] == 130)
+        #expect(packed[safe: 1] == 20)
+        #expect(packed[safe: 2] == 12)
+        #expect(parsed.rows.count == 2)
+    }
+
+    @Test
+    func `codex total only after divergent totals uses raw delta when it continues`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 15)
+        let model = "openai/gpt-5.5"
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "mixed-raw-continuing.jsonl",
+            contents: env.jsonl([
+                self.codexTurnContext(timestamp: env.isoString(for: day), model: model),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(1)),
+                    model: model,
+                    total: (input: 100, cached: 0, output: 0),
+                    last: (input: 100, cached: 0, output: 0)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(2)),
+                    model: model,
+                    total: (input: 1000, cached: 0, output: 0),
+                    last: (input: 40, cached: 0, output: 0)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(3)),
+                    model: model,
+                    total: (input: 1050, cached: 0, output: 0)),
+            ]))
+
+        let parsed = CostUsageScanner.parseCodexFile(
+            fileURL: fileURL,
+            range: CostUsageScanner.CostUsageDayRange(since: day, until: day))
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+        let packed = parsed.days[dayKey]?["gpt-5.5"] ?? []
+
+        #expect(packed[safe: 0] == 190)
+        #expect(parsed.lastTotals == nil)
+    }
+
+    @Test
+    func `codex total only after divergent totals preserves zero raw dimensions`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 15)
+        let model = "openai/gpt-5.5"
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "mixed-stale-dimension.jsonl",
+            contents: env.jsonl([
+                self.codexTurnContext(timestamp: env.isoString(for: day), model: model),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(1)),
+                    model: model,
+                    total: (input: 100, cached: 0, output: 0),
+                    last: (input: 100, cached: 0, output: 0)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(2)),
+                    model: model,
+                    total: (input: 1000, cached: 900, output: 0),
+                    last: (input: 40, cached: 0, output: 0)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(3)),
+                    model: model,
+                    total: (input: 1050, cached: 900, output: 0)),
+            ]))
+
+        let parsed = CostUsageScanner.parseCodexFile(
+            fileURL: fileURL,
+            range: CostUsageScanner.CostUsageDayRange(since: day, until: day))
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+        let packed = parsed.days[dayKey]?["gpt-5.5"] ?? []
+
+        #expect(packed[safe: 0] == 190)
+        #expect(packed[safe: 1] == 0)
+        #expect(parsed.lastTotals == nil)
+    }
+
+    @Test
+    func `codex total only after divergent totals can resume from counted baseline`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 15)
+        let model = "openai/gpt-5.5"
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "mixed-counted-resume.jsonl",
+            contents: env.jsonl([
+                self.codexTurnContext(timestamp: env.isoString(for: day), model: model),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(1)),
+                    model: model,
+                    total: (input: 100, cached: 0, output: 0),
+                    last: (input: 100, cached: 0, output: 0)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(2)),
+                    model: model,
+                    total: (input: 1000, cached: 0, output: 0),
+                    last: (input: 40, cached: 0, output: 0)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(3)),
+                    model: model,
+                    total: (input: 180, cached: 0, output: 0)),
+            ]))
+
+        let parsed = CostUsageScanner.parseCodexFile(
+            fileURL: fileURL,
+            range: CostUsageScanner.CostUsageDayRange(since: day, until: day))
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+        let packed = parsed.days[dayKey]?["gpt-5.5"] ?? []
+
+        #expect(packed[safe: 0] == 180)
+        #expect(parsed.lastTotals?.input == 180)
+    }
+
+    @Test
+    func `codex total only after last only counts from last based baseline`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 15)
+        let model = "openai/gpt-5.5"
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "last-then-total.jsonl",
+            contents: env.jsonl([
+                self.codexTurnContext(timestamp: env.isoString(for: day), model: model),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(1)),
+                    model: model,
+                    last: (input: 100, cached: 0, output: 0)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(2)),
+                    model: model,
+                    total: (input: 150, cached: 0, output: 0)),
+            ]))
+
+        let parsed = CostUsageScanner.parseCodexFile(
+            fileURL: fileURL,
+            range: CostUsageScanner.CostUsageDayRange(since: day, until: day))
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+        let packed = parsed.days[dayKey]?["gpt-5.5"] ?? []
+
+        #expect(packed[safe: 0] == 150)
+        #expect(parsed.lastTotals?.input == 150)
+    }
+
+    @Test
+    func `codex daily report includes archived sessions and dedupes`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2025, month: 12, day: 22)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+
+        let model = "openai/gpt-5.2-codex"
+        let sessionMeta: [String: Any] = [
+            "type": "session_meta",
+            "payload": [
+                "session_id": "sess-archived-1",
+            ],
+        ]
+        let turnContext: [String: Any] = [
+            "type": "turn_context",
+            "timestamp": iso0,
+            "payload": [
+                "model": model,
+            ],
+        ]
+        let tokenCount: [String: Any] = [
+            "type": "event_msg",
+            "timestamp": iso1,
+            "payload": [
+                "type": "token_count",
+                "info": [
+                    "total_token_usage": [
+                        "input_tokens": 100,
+                        "cached_input_tokens": 20,
+                        "output_tokens": 10,
+                    ],
+                    "model": model,
+                ],
+            ],
+        ]
+
+        let comps = Calendar.current.dateComponents([.year, .month, .day], from: day)
+        let dayKey = String(format: "%04d-%02d-%02d", comps.year ?? 1970, comps.month ?? 1, comps.day ?? 1)
+        let archivedName = "rollout-\(dayKey)T12-00-00-archived.jsonl"
+        let contents = try env.jsonl([sessionMeta, turnContext, tokenCount])
+        _ = try env.writeCodexArchivedSessionFile(filename: archivedName, contents: contents)
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+
+        let first = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        #expect(first.data.count == 1)
+        #expect(first.data[0].totalTokens == 110)
+
+        _ = try env.writeCodexSessionFile(day: day, filename: "session.jsonl", contents: contents)
+        let second = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        #expect(second.data.count == 1)
+        #expect(second.data[0].totalTokens == 110)
+    }
+
+    @Test
+    func `codex daily report includes long lived sessions stored under older date partitions`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let fileDay = try env.makeLocalNoon(year: 2026, month: 2, day: 27)
+        let reportDay = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let model = "openai/gpt-5.2-codex"
+
+        _ = try env.writeCodexSessionFile(
+            day: fileDay,
+            filename: "rollout-2026-02-27T11-29-28-cross-day.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "payload": [
+                        "id": "cross-day-session",
+                    ],
+                ],
+                [
+                    "type": "turn_context",
+                    "timestamp": env.isoString(for: reportDay),
+                    "payload": [
+                        "model": model,
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: reportDay.addingTimeInterval(1)),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 100,
+                                "cached_input_tokens": 20,
+                                "output_tokens": 10,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+            ]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: reportDay,
+            until: reportDay,
+            now: reportDay,
+            options: options)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 100)
+        #expect(report.data[0].outputTokens == 10)
+        #expect(report.data[0].totalTokens == 110)
+    }
+
+    @Test
+    func `codex cold cache includes very old active date partition session`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let fileDay = try env.makeLocalNoon(year: 2026, month: 1, day: 1)
+        let reportDay = try env.makeLocalNoon(year: 2026, month: 5, day: 18)
+        let model = "openai/gpt-5.2-codex"
+
+        let fileURL = try env.writeCodexSessionFile(
+            day: fileDay,
+            filename: "rollout-2026-01-01T11-29-28-active.jsonl",
+            contents: env.jsonl([
+                self.codexTurnContext(timestamp: env.isoString(for: fileDay), model: model),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: reportDay.addingTimeInterval(1)),
+                    model: model,
+                    last: (input: 70, cached: 20, output: 7)),
+            ]))
+        try FileManager.default.setAttributes([.modificationDate: reportDay], ofItemAtPath: fileURL.path)
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: env.root.appendingPathComponent("missing-traces.sqlite"))
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: reportDay,
+            until: reportDay,
+            now: reportDay,
+            options: options)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].totalTokens == 77)
+    }
+
+    @Test
+    func `codex cold cache includes recent legacy file in mixed root`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let reportDay = try env.makeLocalNoon(year: 2026, month: 5, day: 18)
+        let model = "openai/gpt-5.2-codex"
+        _ = try env.writeCodexSessionFile(
+            day: reportDay,
+            filename: "partitioned.jsonl",
+            contents: env.jsonl([
+                self.codexTurnContext(timestamp: env.isoString(for: reportDay), model: model),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: reportDay.addingTimeInterval(1)),
+                    model: model,
+                    last: (input: 1, cached: 0, output: 1)),
+            ]))
+
+        let legacyDir = env.codexSessionsRoot.appendingPathComponent("project/subdir", isDirectory: true)
+        try FileManager.default.createDirectory(at: legacyDir, withIntermediateDirectories: true)
+        let legacyURL = legacyDir.appendingPathComponent("legacy-active.jsonl")
+        try env.jsonl([
+            self.codexTurnContext(timestamp: env.isoString(for: reportDay), model: model),
+            self.codexTokenCount(
+                timestamp: env.isoString(for: reportDay.addingTimeInterval(2)),
+                model: model,
+                last: (input: 30, cached: 10, output: 3)),
+        ]).write(to: legacyURL, atomically: true, encoding: .utf8)
+        try FileManager.default.setAttributes([.modificationDate: reportDay], ofItemAtPath: legacyURL.path)
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: env.root.appendingPathComponent("missing-traces.sqlite"))
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: reportDay,
+            until: reportDay,
+            now: reportDay,
+            options: options)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].totalTokens == 35)
+    }
+
+    @Test
+    func `codex forked child subtracts parent totals at fork timestamp`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let parentDay = try env.makeLocalNoon(year: 2026, month: 2, day: 27)
+        let childDay = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let parentTs0 = env.isoString(for: parentDay)
+        let parentTs1 = env.isoString(for: parentDay.addingTimeInterval(1))
+        let parentTs2 = env.isoString(for: parentDay.addingTimeInterval(2))
+        let parentTs3 = env.isoString(for: parentDay.addingTimeInterval(3))
+        let childForkTs = env.isoString(for: parentDay.addingTimeInterval(2.5))
+        let childTs1 = env.isoString(for: childDay.addingTimeInterval(1))
+        let childTs2 = env.isoString(for: childDay.addingTimeInterval(2))
+
+        let model = "openai/gpt-5.2-codex"
+        let parentSessionId = "sess-parent"
+        let childSessionId = "sess-child"
+
+        _ = try env.writeCodexSessionFile(
+            day: parentDay,
+            filename: "rollout-2026-02-27T11-29-28-\(parentSessionId).jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "payload": [
+                        "id": parentSessionId,
+                    ],
+                ],
+                [
+                    "type": "turn_context",
+                    "timestamp": parentTs0,
+                    "payload": [
+                        "model": model,
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": parentTs1,
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 10,
+                                "cached_input_tokens": 2,
+                                "output_tokens": 1,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": parentTs2,
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 20,
+                                "cached_input_tokens": 5,
+                                "output_tokens": 2,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": parentTs3,
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 30,
+                                "cached_input_tokens": 8,
+                                "output_tokens": 3,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+            ]))
+
+        _ = try env.writeCodexSessionFile(
+            day: childDay,
+            filename: "rollout-2026-03-11T11-30-27-\(childSessionId).jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "payload": [
+                        "id": childSessionId,
+                        "forked_from_id": parentSessionId,
+                        "timestamp": childForkTs,
+                    ],
+                ],
+                [
+                    "type": "turn_context",
+                    "timestamp": childDay.ISO8601Format(),
+                    "payload": [
+                        "model": model,
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": childTs1,
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 20,
+                                "cached_input_tokens": 5,
+                                "output_tokens": 2,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": childTs2,
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 27,
+                                "cached_input_tokens": 7,
+                                "output_tokens": 4,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+            ]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+        options.forceRescan = true
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: childDay,
+            until: childDay,
+            now: childDay,
+            options: options)
+
+        let expectedCost = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.2-codex",
+            inputTokens: 7,
+            cachedInputTokens: 2,
+            outputTokens: 2)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 7)
+        #expect(report.data[0].outputTokens == 2)
+        #expect(report.data[0].totalTokens == 9)
+        #expect(abs((report.data[0].costUSD ?? 0) - (expectedCost ?? 0)) < 0.000001)
+    }
+
+    @Test
+    func `codex forked child skips cumulative totals when parent session is missing`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let parentDay = try env.makeLocalNoon(year: 2026, month: 2, day: 27)
+        let childDay = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let model = "openai/gpt-5.2-codex"
+        let missingParentSessionId = "sess-parent-deleted"
+        let childSessionId = "sess-child-deleted-parent"
+        let forkTs = env.isoString(for: parentDay.addingTimeInterval(2.5))
+
+        _ = try env.writeCodexSessionFile(
+            day: childDay,
+            filename: "rollout-2026-03-11T11-30-27-\(childSessionId).jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "payload": [
+                        "id": childSessionId,
+                        "forked_from_id": missingParentSessionId,
+                        "timestamp": forkTs,
+                    ],
+                ],
+                self.codexTurnContext(timestamp: env.isoString(for: childDay), model: model),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: childDay.addingTimeInterval(1)),
+                    model: model,
+                    total: (input: 1_000_000, cached: 100_000, output: 10000)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: childDay.addingTimeInterval(2)),
+                    model: model,
+                    total: (input: 1_000_120, cached: 100_010, output: 10020)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: childDay.addingTimeInterval(3)),
+                    model: model,
+                    total: (input: 1_000_140, cached: 100_012, output: 10023),
+                    last: (input: 20, cached: 2, output: 3)),
+            ]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+        options.forceRescan = true
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: childDay,
+            until: childDay,
+            now: childDay,
+            options: options)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 20)
+        #expect(report.data[0].outputTokens == 3)
+        #expect(report.data[0].totalTokens == 23)
+    }
+
+    @Test
+    func `codex fork with total usage ignores replayed last snapshots`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let iso0 = env.isoString(for: day)
+        let model = "openai/gpt-5.4"
+
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "rollout-\(iso0)-child-session.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "timestamp": iso0,
+                    "payload": [
+                        "id": "child-session",
+                        "forked_from_id": "parent-session",
+                        "timestamp": iso0,
+                    ],
+                ],
+                self.codexTurnContext(timestamp: iso0, model: model),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(1)),
+                    model: model,
+                    total: (input: 1000, cached: 900, output: 100),
+                    last: (input: 1000, cached: 900, output: 100)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(2)),
+                    model: model,
+                    total: (input: 1100, cached: 920, output: 110),
+                    last: (input: 40, cached: 20, output: 5)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(3)),
+                    model: model,
+                    total: (input: 1100, cached: 920, output: 110),
+                    last: (input: 40, cached: 20, output: 5)),
+            ]))
+        let range = CostUsageScanner.CostUsageDayRange(since: day, until: day)
+        let parsed = CostUsageScanner.parseCodexFile(
+            fileURL: fileURL,
+            range: range,
+            inheritedTotalsResolver: { parentSessionId, forkedAt in
+                #expect(parentSessionId == "parent-session")
+                #expect(forkedAt == iso0)
+                return .resolved(.init(input: 1000, cached: 900, output: 100))
+            })
+
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+        let normalized = CostUsagePricing.normalizeCodexModel(model)
+        let packed = parsed.days[dayKey]?[normalized] ?? []
+        #expect(packed.count >= 3)
+        #expect(packed[0] == 100)
+        #expect(packed[1] == 20)
+        #expect(packed[2] == 10)
+        #expect(parsed.rows.count == 1)
+        #expect(parsed.rows.first?.input == 100)
+        #expect(parsed.rows.first?.cached == 20)
+        #expect(parsed.rows.first?.output == 10)
+    }
+
+    @Test
+    func `codex fork skips last usage when parent baseline is unresolved`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let iso0 = env.isoString(for: day)
+        let model = "openai/gpt-5.4"
+
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "rollout-\(iso0)-missing-parent.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "timestamp": iso0,
+                    "payload": [
+                        "id": "child-session",
+                        "forked_from_id": "missing-parent",
+                        "timestamp": iso0,
+                    ],
+                ],
+                self.codexTurnContext(timestamp: iso0, model: model),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(1)),
+                    model: model,
+                    total: (input: 1000, cached: 900, output: 100),
+                    last: (input: 1000, cached: 900, output: 100)),
+            ]))
+        let range = CostUsageScanner.CostUsageDayRange(since: day, until: day)
+        let parsed = CostUsageScanner.parseCodexFile(
+            fileURL: fileURL,
+            range: range,
+            inheritedTotalsResolver: { parentSessionId, _ in
+                #expect(parentSessionId == "missing-parent")
+                return .unresolved
+            })
+
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+        let normalized = CostUsagePricing.normalizeCodexModel(model)
+        #expect(parsed.days[dayKey]?[normalized] == nil)
+        #expect(parsed.rows.isEmpty)
+    }
+
+    @Test
+    func `codex unresolved fork ignores duplicated total and last replay after prefix`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let iso0 = env.isoString(for: day)
+        let model = "openai/gpt-5.4"
+
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "rollout-\(iso0)-missing-parent-replay.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "timestamp": iso0,
+                    "payload": [
+                        "id": "child-session",
+                        "forked_from_id": "missing-parent",
+                        "timestamp": iso0,
+                    ],
+                ],
+                self.codexTurnContext(timestamp: iso0, model: model),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(1)),
+                    model: model,
+                    total: (input: 1000, cached: 900, output: 100)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(2)),
+                    model: model,
+                    total: (input: 1020, cached: 905, output: 105),
+                    last: (input: 20, cached: 5, output: 5)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(3)),
+                    model: model,
+                    total: (input: 1020, cached: 905, output: 105),
+                    last: (input: 20, cached: 5, output: 5)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(4)),
+                    model: model,
+                    total: (input: 1030, cached: 907, output: 108),
+                    last: (input: 10, cached: 2, output: 3)),
+            ]))
+        let range = CostUsageScanner.CostUsageDayRange(since: day, until: day)
+        let parsed = CostUsageScanner.parseCodexFile(
+            fileURL: fileURL,
+            range: range,
+            inheritedTotalsResolver: { parentSessionId, _ in
+                #expect(parentSessionId == "missing-parent")
+                return .unresolved
+            })
+
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+        let normalized = CostUsagePricing.normalizeCodexModel(model)
+        let packed = try #require(parsed.days[dayKey]?[normalized])
+        #expect(packed[0] == 30)
+        #expect(packed[1] == 7)
+        #expect(packed[2] == 8)
+        #expect(parsed.rows.count == 2)
+    }
+
+    @Test
+    func `codex empty fork parent id still counts cumulative totals`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let model = "openai/gpt-5.2-codex"
+        let sessionId = "sess-empty-fork-parent"
+
+        _ = try env.writeCodexSessionFile(
+            day: day,
+            filename: "rollout-2026-03-11T11-30-27-\(sessionId).jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "payload": [
+                        "id": sessionId,
+                        "forked_from_id": "",
+                        "timestamp": env.isoString(for: day),
+                    ],
+                ],
+                self.codexTurnContext(timestamp: env.isoString(for: day.addingTimeInterval(1)), model: model),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(2)),
+                    model: model,
+                    total: (input: 100, cached: 10, output: 5)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: day.addingTimeInterval(3)),
+                    model: model,
+                    total: (input: 125, cached: 12, output: 8)),
+            ]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+        options.forceRescan = true
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 125)
+        #expect(report.data[0].outputTokens == 8)
+        #expect(report.data[0].totalTokens == 133)
+    }
+
+    @Test
+    func `codex forked child inherits counted parent totals when totals diverge`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let parentDay = try env.makeLocalNoon(year: 2026, month: 2, day: 27)
+        let childDay = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let model = "openai/gpt-5.2-codex"
+        let parentSessionId = "sess-parent-diverged"
+        let childSessionId = "sess-child-diverged"
+        let forkTs = env.isoString(for: parentDay.addingTimeInterval(2.5))
+
+        _ = try env.writeCodexSessionFile(
+            day: parentDay,
+            filename: "rollout-2026-02-27T11-29-28-\(parentSessionId).jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "payload": [
+                        "id": parentSessionId,
+                    ],
+                ],
+                self.codexTurnContext(timestamp: env.isoString(for: parentDay), model: model),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: parentDay.addingTimeInterval(1)),
+                    model: model,
+                    total: (input: 100, cached: 0, output: 0),
+                    last: (input: 100, cached: 0, output: 0)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: parentDay.addingTimeInterval(2)),
+                    model: model,
+                    total: (input: 1000, cached: 0, output: 0),
+                    last: (input: 40, cached: 0, output: 0)),
+            ]))
+
+        _ = try env.writeCodexSessionFile(
+            day: childDay,
+            filename: "rollout-2026-03-11T11-30-27-\(childSessionId).jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "payload": [
+                        "id": childSessionId,
+                        "forked_from_id": parentSessionId,
+                        "timestamp": forkTs,
+                    ],
+                ],
+                self.codexTurnContext(timestamp: env.isoString(for: childDay), model: model),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: childDay.addingTimeInterval(1)),
+                    model: model,
+                    total: (input: 140, cached: 0, output: 0)),
+                self.codexTokenCount(
+                    timestamp: env.isoString(for: childDay.addingTimeInterval(2)),
+                    model: model,
+                    total: (input: 170, cached: 0, output: 0)),
+            ]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+        options.forceRescan = true
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: childDay,
+            until: childDay,
+            now: childDay,
+            options: options)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 30)
+        #expect(report.data[0].totalTokens == 30)
+    }
+
+    @Test
+    func `codex forked child subtracts inherited replay from last token usage`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let parentDay = try env.makeLocalNoon(year: 2026, month: 2, day: 27)
+        let childDay = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let parentTs0 = env.isoString(for: parentDay)
+        let parentTs1 = env.isoString(for: parentDay.addingTimeInterval(1))
+        let parentTs2 = env.isoString(for: parentDay.addingTimeInterval(2))
+        let childTs1 = env.isoString(for: childDay.addingTimeInterval(1))
+        let childTs2 = env.isoString(for: childDay.addingTimeInterval(2))
+        let childTs3 = env.isoString(for: childDay.addingTimeInterval(3))
+
+        let model = "openai/gpt-5.2-codex"
+        let parentSessionId = "sess-parent-last"
+        let childSessionId = "sess-child-last"
+        let forkTs = env.isoString(for: parentDay.addingTimeInterval(2.5))
+
+        _ = try env.writeCodexSessionFile(
+            day: parentDay,
+            filename: "rollout-2026-02-27T11-29-28-\(parentSessionId).jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "payload": [
+                        "id": parentSessionId,
+                    ],
+                ],
+                [
+                    "type": "turn_context",
+                    "timestamp": parentTs0,
+                    "payload": [
+                        "model": model,
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": parentTs1,
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 10,
+                                "cached_input_tokens": 2,
+                                "output_tokens": 1,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": parentTs2,
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 20,
+                                "cached_input_tokens": 5,
+                                "output_tokens": 2,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+            ]))
+
+        _ = try env.writeCodexSessionFile(
+            day: childDay,
+            filename: "rollout-2026-03-11T11-30-27-\(childSessionId).jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "payload": [
+                        "id": childSessionId,
+                        "forked_from_id": parentSessionId,
+                        "timestamp": forkTs,
+                    ],
+                ],
+                [
+                    "type": "turn_context",
+                    "timestamp": childDay.ISO8601Format(),
+                    "payload": [
+                        "model": model,
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": childTs1,
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "last_token_usage": [
+                                "input_tokens": 10,
+                                "cached_input_tokens": 2,
+                                "output_tokens": 1,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": childTs2,
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "last_token_usage": [
+                                "input_tokens": 10,
+                                "cached_input_tokens": 3,
+                                "output_tokens": 1,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": childTs3,
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "last_token_usage": [
+                                "input_tokens": 7,
+                                "cached_input_tokens": 2,
+                                "output_tokens": 2,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+            ]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+        options.forceRescan = true
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: childDay,
+            until: childDay,
+            now: childDay,
+            options: options)
+
+        let expectedCost = CostUsagePricing.codexCostUSD(
+            model: model,
+            inputTokens: 7,
+            cachedInputTokens: 2,
+            outputTokens: 2)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 7)
+        #expect(report.data[0].outputTokens == 2)
+        #expect(report.data[0].totalTokens == 9)
+        #expect(abs((report.data[0].costUSD ?? 0) - (expectedCost ?? 0)) < 0.000001)
+    }
+
+    @Test
+    // swiftlint:disable:next function_body_length
+    func `codex forked child ignores replayed parent prefix sequence`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let parentDay = try env.makeLocalNoon(year: 2026, month: 2, day: 27)
+        let childDay = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let model = "openai/gpt-5.2-codex"
+        let parentSessionId = "sess-parent-prefix"
+        let childSessionId = "sess-child-prefix"
+        let forkTs = env.isoString(for: parentDay.addingTimeInterval(5))
+
+        let parentEvents: [[String: Any]] = [
+            [
+                "type": "session_meta",
+                "payload": [
+                    "id": parentSessionId,
+                ],
+            ],
+            [
+                "type": "turn_context",
+                "timestamp": env.isoString(for: parentDay),
+                "payload": [
+                    "model": model,
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: parentDay.addingTimeInterval(1)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 10,
+                            "cached_input_tokens": 2,
+                            "output_tokens": 1,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: parentDay.addingTimeInterval(2)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 20,
+                            "cached_input_tokens": 5,
+                            "output_tokens": 2,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: parentDay.addingTimeInterval(3)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 30,
+                            "cached_input_tokens": 8,
+                            "output_tokens": 3,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+        ]
+        _ = try env.writeCodexSessionFile(
+            day: parentDay,
+            filename: "rollout-2026-02-27T11-29-28-\(parentSessionId).jsonl",
+            contents: env.jsonl(parentEvents))
+
+        let childEvents: [[String: Any]] = [
+            [
+                "type": "session_meta",
+                "payload": [
+                    "id": childSessionId,
+                    "forked_from_id": parentSessionId,
+                    "timestamp": forkTs,
+                ],
+            ],
+            [
+                "type": "turn_context",
+                "timestamp": env.isoString(for: childDay),
+                "payload": [
+                    "model": model,
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: childDay.addingTimeInterval(1)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 10,
+                            "cached_input_tokens": 2,
+                            "output_tokens": 1,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: childDay.addingTimeInterval(2)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 20,
+                            "cached_input_tokens": 5,
+                            "output_tokens": 2,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: childDay.addingTimeInterval(3)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 30,
+                            "cached_input_tokens": 8,
+                            "output_tokens": 3,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: childDay.addingTimeInterval(4)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 30,
+                            "cached_input_tokens": 8,
+                            "output_tokens": 3,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: childDay.addingTimeInterval(5)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 35,
+                            "cached_input_tokens": 9,
+                            "output_tokens": 4,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: childDay.addingTimeInterval(6)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 42,
+                            "cached_input_tokens": 11,
+                            "output_tokens": 5,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+        ]
+        _ = try env.writeCodexSessionFile(
+            day: childDay,
+            filename: "rollout-2026-03-11T11-30-27-\(childSessionId).jsonl",
+            contents: env.jsonl(childEvents))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+        options.forceRescan = true
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: childDay,
+            until: childDay,
+            now: childDay,
+            options: options)
+
+        let expectedCost = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.2-codex",
+            inputTokens: 12,
+            cachedInputTokens: 3,
+            outputTokens: 2)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 12)
+        #expect(report.data[0].outputTokens == 2)
+        #expect(report.data[0].totalTokens == 14)
+        #expect(abs((report.data[0].costUSD ?? 0) - (expectedCost ?? 0)) < 0.000001)
+    }
+
+    @Test
+    // swiftlint:disable:next function_body_length
+    func `codex forked child subtracts inherited replay even when session meta appears late`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let parentDay = try env.makeLocalNoon(year: 2026, month: 2, day: 27)
+        let childDay = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let model = "openai/gpt-5.2-codex"
+        let parentSessionId = "sess-parent-late-meta"
+        let childSessionId = "sess-child-late-meta"
+        let forkTs = env.isoString(for: parentDay.addingTimeInterval(5))
+
+        let parentEvents: [[String: Any]] = [
+            [
+                "type": "session_meta",
+                "payload": [
+                    "id": parentSessionId,
+                ],
+            ],
+            [
+                "type": "turn_context",
+                "timestamp": env.isoString(for: parentDay),
+                "payload": [
+                    "model": model,
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: parentDay.addingTimeInterval(1)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 10,
+                            "cached_input_tokens": 2,
+                            "output_tokens": 1,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: parentDay.addingTimeInterval(2)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 20,
+                            "cached_input_tokens": 5,
+                            "output_tokens": 2,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: parentDay.addingTimeInterval(3)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 30,
+                            "cached_input_tokens": 8,
+                            "output_tokens": 3,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+        ]
+        _ = try env.writeCodexSessionFile(
+            day: parentDay,
+            filename: "rollout-2026-02-27T11-29-28-\(parentSessionId).jsonl",
+            contents: env.jsonl(parentEvents))
+
+        let childEvents: [[String: Any]] = [
+            [
+                "type": "turn_context",
+                "timestamp": env.isoString(for: childDay),
+                "payload": [
+                    "model": model,
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: childDay.addingTimeInterval(1)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 10,
+                            "cached_input_tokens": 2,
+                            "output_tokens": 1,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: childDay.addingTimeInterval(2)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 20,
+                            "cached_input_tokens": 5,
+                            "output_tokens": 2,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: childDay.addingTimeInterval(3)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 30,
+                            "cached_input_tokens": 8,
+                            "output_tokens": 3,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+            [
+                "type": "session_meta",
+                "payload": [
+                    "id": childSessionId,
+                    "forked_from_id": parentSessionId,
+                    "timestamp": forkTs,
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: childDay.addingTimeInterval(4)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 35,
+                            "cached_input_tokens": 9,
+                            "output_tokens": 4,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: childDay.addingTimeInterval(5)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 42,
+                            "cached_input_tokens": 11,
+                            "output_tokens": 5,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+        ]
+        _ = try env.writeCodexSessionFile(
+            day: childDay,
+            filename: "rollout-2026-03-11T11-30-27-\(childSessionId).jsonl",
+            contents: env.jsonl(childEvents))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+        options.forceRescan = true
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: childDay,
+            until: childDay,
+            now: childDay,
+            options: options)
+
+        let expectedCost = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.2-codex",
+            inputTokens: 12,
+            cachedInputTokens: 3,
+            outputTokens: 2)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 12)
+        #expect(report.data[0].outputTokens == 2)
+        #expect(report.data[0].totalTokens == 14)
+        #expect(abs((report.data[0].costUSD ?? 0) - (expectedCost ?? 0)) < 0.000001)
+    }
+
+    @Test
+    func `codex forked child resolves parent when parent session file is a symlink`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let parentDay = try env.makeLocalNoon(year: 2026, month: 2, day: 27)
+        let childDay = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let model = "openai/gpt-5.2-codex"
+        let parentSessionId = "sess-parent-symlink"
+        let childSessionId = "sess-child-symlink"
+        let forkTs = env.isoString(for: parentDay.addingTimeInterval(3))
+
+        let parentContents = try env.jsonl([
+            [
+                "type": "session_meta",
+                "payload": [
+                    "id": parentSessionId,
+                ],
+            ],
+            [
+                "type": "turn_context",
+                "timestamp": env.isoString(for: parentDay),
+                "payload": [
+                    "model": model,
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: parentDay.addingTimeInterval(1)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 10,
+                            "cached_input_tokens": 2,
+                            "output_tokens": 1,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": env.isoString(for: parentDay.addingTimeInterval(2)),
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "total_token_usage": [
+                            "input_tokens": 20,
+                            "cached_input_tokens": 5,
+                            "output_tokens": 2,
+                        ],
+                        "model": model,
+                    ],
+                ],
+            ],
+        ])
+
+        let parentTarget = env.root.appendingPathComponent("parent-target.jsonl", isDirectory: false)
+        try parentContents.write(to: parentTarget, atomically: true, encoding: .utf8)
+
+        let comps = Calendar.current.dateComponents([.year, .month, .day], from: parentDay)
+        let parentDir = env.codexSessionsRoot
+            .appendingPathComponent(String(format: "%04d", comps.year ?? 1970), isDirectory: true)
+            .appendingPathComponent(String(format: "%02d", comps.month ?? 1), isDirectory: true)
+            .appendingPathComponent(String(format: "%02d", comps.day ?? 1), isDirectory: true)
+        try FileManager.default.createDirectory(at: parentDir, withIntermediateDirectories: true)
+        let parentLink = parentDir.appendingPathComponent(
+            "rollout-2026-02-27T11-29-28-\(parentSessionId).jsonl",
+            isDirectory: false)
+        try FileManager.default.createSymbolicLink(at: parentLink, withDestinationURL: parentTarget)
+
+        _ = try env.writeCodexSessionFile(
+            day: childDay,
+            filename: "rollout-2026-03-11T11-30-27-\(childSessionId).jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "payload": [
+                        "id": childSessionId,
+                        "forked_from_id": parentSessionId,
+                        "timestamp": forkTs,
+                    ],
+                ],
+                [
+                    "type": "turn_context",
+                    "timestamp": env.isoString(for: childDay),
+                    "payload": [
+                        "model": model,
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: childDay.addingTimeInterval(1)),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 20,
+                                "cached_input_tokens": 5,
+                                "output_tokens": 2,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: childDay.addingTimeInterval(2)),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 27,
+                                "cached_input_tokens": 7,
+                                "output_tokens": 4,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+            ]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+        options.forceRescan = true
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: childDay,
+            until: childDay,
+            now: childDay,
+            options: options)
+
+        let expectedCost = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.2-codex",
+            inputTokens: 7,
+            cachedInputTokens: 2,
+            outputTokens: 2)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 7)
+        #expect(report.data[0].outputTokens == 2)
+        #expect(report.data[0].totalTokens == 9)
+        #expect(abs((report.data[0].costUSD ?? 0) - (expectedCost ?? 0)) < 0.000001)
+    }
+
+    @Test
+    // swiftlint:disable:next function_body_length
+    func `codex forked child resolves parent by exact session meta id`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let parentDay = try env.makeLocalNoon(year: 2026, month: 2, day: 27)
+        let childDay = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let model = "openai/gpt-5.2-codex"
+        let wantedParentSessionId = "sess-parent-exact"
+        let wrongParentSessionId = "sess-parent-exact-extra"
+        let childSessionId = "sess-child-exact"
+        let forkTs = env.isoString(for: parentDay.addingTimeInterval(3))
+
+        _ = try env.writeCodexSessionFile(
+            day: parentDay,
+            filename: "rollout-2026-02-27T11-29-28-\(wrongParentSessionId).jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "payload": [
+                        "id": wrongParentSessionId,
+                    ],
+                ],
+                [
+                    "type": "turn_context",
+                    "timestamp": env.isoString(for: parentDay),
+                    "payload": [
+                        "model": model,
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: parentDay.addingTimeInterval(1)),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 1000,
+                                "cached_input_tokens": 100,
+                                "output_tokens": 100,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+            ]))
+
+        _ = try env.writeCodexSessionFile(
+            day: parentDay,
+            filename: "rollout-2026-02-27T11-29-29-\(wantedParentSessionId).jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "payload": [
+                        "id": wantedParentSessionId,
+                    ],
+                ],
+                [
+                    "type": "turn_context",
+                    "timestamp": env.isoString(for: parentDay),
+                    "payload": [
+                        "model": model,
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: parentDay.addingTimeInterval(1)),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 20,
+                                "cached_input_tokens": 5,
+                                "output_tokens": 2,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: parentDay.addingTimeInterval(2)),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 30,
+                                "cached_input_tokens": 8,
+                                "output_tokens": 3,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+            ]))
+
+        _ = try env.writeCodexSessionFile(
+            day: childDay,
+            filename: "rollout-2026-03-11T11-30-27-\(childSessionId).jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "payload": [
+                        "id": childSessionId,
+                        "forked_from_id": wantedParentSessionId,
+                        "timestamp": forkTs,
+                    ],
+                ],
+                [
+                    "type": "turn_context",
+                    "timestamp": env.isoString(for: childDay),
+                    "payload": [
+                        "model": model,
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: childDay.addingTimeInterval(1)),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 35,
+                                "cached_input_tokens": 9,
+                                "output_tokens": 4,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: childDay.addingTimeInterval(2)),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 42,
+                                "cached_input_tokens": 11,
+                                "output_tokens": 5,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+            ]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+        options.forceRescan = true
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: childDay,
+            until: childDay,
+            now: childDay,
+            options: options)
+
+        let expectedCost = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.2-codex",
+            inputTokens: 12,
+            cachedInputTokens: 3,
+            outputTokens: 2)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 12)
+        #expect(report.data[0].outputTokens == 2)
+        #expect(report.data[0].totalTokens == 14)
+        #expect(abs((report.data[0].costUSD ?? 0) - (expectedCost ?? 0)) < 0.000001)
+    }
+
+    @Test
+    func `codex forked child compares parent snapshots by parsed timestamp`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let parentDay = try env.makeLocalNoon(year: 2026, month: 2, day: 27)
+        let childDay = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let model = "openai/gpt-5.2-codex"
+        let parentSessionId = "sess-parent-timestamp"
+        let childSessionId = "sess-child-timestamp"
+
+        _ = try env.writeCodexSessionFile(
+            day: parentDay,
+            filename: "rollout-2026-02-27T11-29-28-\(parentSessionId).jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "payload": [
+                        "id": parentSessionId,
+                    ],
+                ],
+                [
+                    "type": "turn_context",
+                    "timestamp": "2026-02-27T23:59:58Z",
+                    "payload": [
+                        "model": model,
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": "2026-02-27T23:59:59Z",
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 20,
+                                "cached_input_tokens": 5,
+                                "output_tokens": 2,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": "2026-02-28T00:00:01Z",
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 100,
+                                "cached_input_tokens": 20,
+                                "output_tokens": 10,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+            ]))
+
+        _ = try env.writeCodexSessionFile(
+            day: childDay,
+            filename: "rollout-2026-03-11T11-30-27-\(childSessionId).jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "session_meta",
+                    "payload": [
+                        "id": childSessionId,
+                        "forked_from_id": parentSessionId,
+                        "timestamp": "2026-02-28T08:00:00+08:00",
+                    ],
+                ],
+                [
+                    "type": "turn_context",
+                    "timestamp": env.isoString(for: childDay),
+                    "payload": [
+                        "model": model,
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: childDay.addingTimeInterval(1)),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 25,
+                                "cached_input_tokens": 7,
+                                "output_tokens": 4,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: childDay.addingTimeInterval(2)),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "total_token_usage": [
+                                "input_tokens": 30,
+                                "cached_input_tokens": 10,
+                                "output_tokens": 6,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+            ]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+        options.forceRescan = true
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: childDay,
+            until: childDay,
+            now: childDay,
+            options: options)
+
+        let expectedCost = CostUsagePricing.codexCostUSD(
+            model: model,
+            inputTokens: 10,
+            cachedInputTokens: 5,
+            outputTokens: 4)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 10)
+        #expect(report.data[0].outputTokens == 4)
+        #expect(report.data[0].totalTokens == 14)
+        #expect(abs((report.data[0].costUSD ?? 0) - (expectedCost ?? 0)) < 0.000001)
+    }
+
+    @Test
+    func `codex first refresh keeps unrelated archived sessions out of cache`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let reportDay = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let archivedDay = try env.makeLocalNoon(year: 2025, month: 1, day: 1)
+        let model = "openai/gpt-5.2-codex"
+
+        _ = try env.writeCodexSessionFile(
+            day: reportDay,
+            filename: "rollout-2026-03-11T11-30-27-session-recent.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "turn_context",
+                    "timestamp": env.isoString(for: reportDay),
+                    "payload": [
+                        "model": model,
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: reportDay.addingTimeInterval(1)),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "last_token_usage": [
+                                "input_tokens": 7,
+                                "cached_input_tokens": 2,
+                                "output_tokens": 2,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+            ]))
+
+        let archivedURL = try env.writeCodexArchivedSessionFile(
+            filename: "rollout-2025-01-01T12-00-00-session-archived.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "turn_context",
+                    "timestamp": env.isoString(for: archivedDay),
+                    "payload": [
+                        "model": model,
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: archivedDay.addingTimeInterval(1)),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "last_token_usage": [
+                                "input_tokens": 100,
+                                "cached_input_tokens": 10,
+                                "output_tokens": 5,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+            ]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: reportDay,
+            until: reportDay,
+            now: reportDay,
+            options: options)
+
+        let cache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+
+        #expect(report.data.count == 1)
+        #expect(cache.files.keys.contains { $0.hasSuffix("session-recent.jsonl") })
+        #expect(!cache.files.keys.contains(archivedURL.path))
+    }
+
+    @Test
+    func `codex root switch reloads long lived sessions from older partitions`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        func writeSessionFile(
+            root: URL,
+            day: Date,
+            filename: String,
+            contents: String) throws -> URL
+        {
+            let comps = Calendar.current.dateComponents([.year, .month, .day], from: day)
+            let dir = root
+                .appendingPathComponent(String(format: "%04d", comps.year ?? 1970), isDirectory: true)
+                .appendingPathComponent(String(format: "%02d", comps.month ?? 1), isDirectory: true)
+                .appendingPathComponent(String(format: "%02d", comps.day ?? 1), isDirectory: true)
+            try FileManager.default.createDirectory(at: dir, withIntermediateDirectories: true)
+            let url = dir.appendingPathComponent(filename, isDirectory: false)
+            try contents.write(to: url, atomically: true, encoding: .utf8)
+            return url
+        }
+
+        let fileDay = try env.makeLocalNoon(year: 2026, month: 2, day: 27)
+        let reportDay = try env.makeLocalNoon(year: 2026, month: 3, day: 11)
+        let model = "openai/gpt-5.2-codex"
+        let otherSessionsRoot = env.root
+            .appendingPathComponent("other-codex-home", isDirectory: true)
+            .appendingPathComponent("sessions", isDirectory: true)
+        try FileManager.default.createDirectory(at: otherSessionsRoot, withIntermediateDirectories: true)
+
+        let oldRootURL = try env.writeCodexSessionFile(
+            day: reportDay,
+            filename: "rollout-2026-03-11T11-30-27-session-old-root.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "turn_context",
+                    "timestamp": env.isoString(for: reportDay),
+                    "payload": [
+                        "model": model,
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: reportDay.addingTimeInterval(1)),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "last_token_usage": [
+                                "input_tokens": 7,
+                                "cached_input_tokens": 2,
+                                "output_tokens": 2,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+            ]))
+
+        _ = try writeSessionFile(
+            root: otherSessionsRoot,
+            day: fileDay,
+            filename: "rollout-2026-02-27T11-30-27-session-new-root.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "turn_context",
+                    "timestamp": env.isoString(for: reportDay),
+                    "payload": [
+                        "model": model,
+                    ],
+                ],
+                [
+                    "type": "event_msg",
+                    "timestamp": env.isoString(for: reportDay.addingTimeInterval(1)),
+                    "payload": [
+                        "type": "token_count",
+                        "info": [
+                            "last_token_usage": [
+                                "input_tokens": 10,
+                                "cached_input_tokens": 5,
+                                "output_tokens": 4,
+                            ],
+                            "model": model,
+                        ],
+                    ],
+                ],
+            ]))
+
+        var firstOptions = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        firstOptions.refreshMinIntervalSeconds = 0
+
+        _ = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: reportDay,
+            until: reportDay,
+            now: reportDay,
+            options: firstOptions)
+
+        var secondOptions = CostUsageScanner.Options(
+            codexSessionsRoot: otherSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        secondOptions.refreshMinIntervalSeconds = 0
+
+        let secondReport = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: reportDay,
+            until: reportDay,
+            now: reportDay,
+            options: secondOptions)
+
+        let cache = CostUsageCacheIO.load(provider: .codex, cacheRoot: env.cacheRoot)
+
+        #expect(secondReport.data.count == 1)
+        #expect(secondReport.data[0].inputTokens == 10)
+        #expect(secondReport.data[0].outputTokens == 4)
+        #expect(secondReport.data[0].totalTokens == 14)
+        #expect(!cache.files.keys.contains(oldRootURL.path))
+    }
+
+    @Test
+    func `claude daily report parses usage and caches`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2025, month: 12, day: 20)
+        let iso0 = env.isoString(for: day)
+
+        let assistant: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso0,
+            "message": [
+                "model": "claude-sonnet-4-20250514",
+                "usage": [
+                    "input_tokens": 200,
+                    "cache_creation_input_tokens": 50,
+                    "cache_read_input_tokens": 25,
+                    "output_tokens": 80,
+                ],
+            ],
+        ]
+        _ = try env.writeClaudeProjectFile(
+            relativePath: "project-a/session-a.jsonl",
+            contents: env.jsonl([assistant]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: nil,
+            claudeProjectsRoots: [env.claudeProjectsRoot],
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .claude,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        #expect(report.data.count == 1)
+        #expect(report.data[0].modelsUsed == ["claude-sonnet-4-20250514"])
+        #expect(report.data[0].inputTokens == 200)
+        #expect(report.data[0].cacheCreationTokens == 50)
+        #expect(report.data[0].cacheReadTokens == 25)
+        #expect(report.data[0].outputTokens == 80)
+        #expect(report.data[0].totalTokens == 355)
+        #expect(report.data[0].modelBreakdowns == [
+            CostUsageDailyReport.ModelBreakdown(
+                modelName: "claude-sonnet-4-20250514",
+                costUSD: report.data[0].costUSD,
+                totalTokens: 355),
+        ])
+        #expect((report.data[0].costUSD ?? 0) > 0)
+    }
+
+    @Test
+    func `codex daily report preserves full sorted model breakdowns`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2025, month: 12, day: 23)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let iso2 = env.isoString(for: day.addingTimeInterval(2))
+        let iso3 = env.isoString(for: day.addingTimeInterval(3))
+        let iso4 = env.isoString(for: day.addingTimeInterval(4))
+        let iso5 = env.isoString(for: day.addingTimeInterval(5))
+        let iso6 = env.isoString(for: day.addingTimeInterval(6))
+        let iso7 = env.isoString(for: day.addingTimeInterval(7))
+
+        let events: [[String: Any]] = [
+            [
+                "type": "turn_context",
+                "timestamp": iso0,
+                "payload": ["model": "openai/gpt-5.2-pro"],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": iso1,
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "last_token_usage": [
+                            "input_tokens": 100,
+                            "cached_input_tokens": 0,
+                            "output_tokens": 10,
+                        ],
+                    ],
+                ],
+            ],
+            [
+                "type": "turn_context",
+                "timestamp": iso2,
+                "payload": ["model": "openai/gpt-5.3-codex"],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": iso3,
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "last_token_usage": [
+                            "input_tokens": 30,
+                            "cached_input_tokens": 0,
+                            "output_tokens": 10,
+                        ],
+                    ],
+                ],
+            ],
+            [
+                "type": "turn_context",
+                "timestamp": iso4,
+                "payload": ["model": "openai/gpt-5.2-codex"],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": iso5,
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "last_token_usage": [
+                            "input_tokens": 20,
+                            "cached_input_tokens": 0,
+                            "output_tokens": 10,
+                        ],
+                    ],
+                ],
+            ],
+            [
+                "type": "turn_context",
+                "timestamp": iso6,
+                "payload": ["model": "openai/gpt-5.3-codex-spark"],
+            ],
+            [
+                "type": "event_msg",
+                "timestamp": iso7,
+                "payload": [
+                    "type": "token_count",
+                    "info": [
+                        "last_token_usage": [
+                            "input_tokens": 10,
+                            "cached_input_tokens": 0,
+                            "output_tokens": 5,
+                        ],
+                    ],
+                ],
+            ],
+        ]
+
+        _ = try env.writeCodexSessionFile(
+            day: day,
+            filename: "session.jsonl",
+            contents: env.jsonl(events))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].modelBreakdowns?.map(\.modelName) == [
+            "gpt-5.2-pro",
+            "gpt-5.3-codex",
+            "gpt-5.2-codex",
+            "gpt-5.3-codex-spark",
+        ])
+        #expect(report.data[0].modelBreakdowns?.map(\.totalTokens) == [110, 40, 30, 15])
+    }
+
+    @Test
+    func `codex force rescan finds stale nested legacy sessions`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let legacyRoot = env.root.appendingPathComponent("legacy-codex-sessions", isDirectory: true)
+        let nestedDir = legacyRoot.appendingPathComponent("project/subdir", isDirectory: true)
+        try FileManager.default.createDirectory(at: nestedDir, withIntermediateDirectories: true)
+        try FileManager.default.createDirectory(
+            at: legacyRoot
+                .appendingPathComponent("2026", isDirectory: true)
+                .appendingPathComponent("05", isDirectory: true)
+                .appendingPathComponent("18", isDirectory: true),
+            withIntermediateDirectories: true)
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 18)
+        let fileURL = nestedDir.appendingPathComponent("session.jsonl", isDirectory: false)
+        try env.jsonl([
+            self.codexTurnContext(timestamp: env.isoString(for: day), model: "openai/gpt-5.5"),
+            self.codexTokenCount(
+                timestamp: env.isoString(for: day.addingTimeInterval(1)),
+                model: "openai/gpt-5.5",
+                last: (input: 40, cached: 10, output: 4)),
+        ]).write(to: fileURL, atomically: true, encoding: .utf8)
+        try FileManager.default.setAttributes(
+            [.modificationDate: day.addingTimeInterval(-10 * 24 * 60 * 60)],
+            ofItemAtPath: fileURL.path)
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: legacyRoot,
+            claudeProjectsRoots: nil,
+            cacheRoot: env.cacheRoot)
+        options.forceRescan = true
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].totalTokens == 44)
+    }
+
+    private static func modelsDevCatalog(
+        model: String,
+        input: Double,
+        output: Double,
+        cacheRead: Double) throws -> ModelsDevCatalog
+    {
+        let json = """
+        {
+          "openai": {
+            "id": "openai",
+            "name": "OpenAI",
+            "models": {
+              "\(model)": {
+                "id": "\(model)",
+                "cost": {
+                  "input": \(input),
+                  "output": \(output),
+                  "cache_read": \(cacheRead)
+                }
+              }
+            }
+          }
+        }
+        """
+        return try JSONDecoder().decode(ModelsDevCatalog.self, from: Data(json.utf8))
+    }
+}
+
+// swiftlint:enable type_body_length
diff --git a/Tests/CodexBarTests/CostUsageScannerClaudeRegressionTests.swift b/Tests/CodexBarTests/CostUsageScannerClaudeRegressionTests.swift
new file mode 100644
index 000000000..7600dfc09
--- /dev/null
+++ b/Tests/CodexBarTests/CostUsageScannerClaudeRegressionTests.swift
@@ -0,0 +1,730 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct CostUsageScannerClaudeRegressionTests {
+    @Test
+    func `parseClaudeFile snapshots keep the last streaming chunk`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2025, month: 12, day: 21)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+
+        let fileURL = try env.writeClaudeProjectFile(
+            relativePath: "project-a/parse-stream-last.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "assistant",
+                    "timestamp": iso0,
+                    "sessionId": "parse-session",
+                    "requestId": "req_parse_stream",
+                    "isSidechain": false,
+                    "message": [
+                        "id": "msg_parse_stream",
+                        "model": "claude-sonnet-4-20250514",
+                        "usage": [
+                            "input_tokens": 50,
+                            "cache_creation_input_tokens": 5,
+                            "cache_read_input_tokens": 0,
+                            "output_tokens": 7,
+                        ],
+                    ],
+                ],
+                [
+                    "type": "assistant",
+                    "timestamp": iso1,
+                    "sessionId": "parse-session",
+                    "requestId": "req_parse_stream",
+                    "isSidechain": false,
+                    "message": [
+                        "id": "msg_parse_stream",
+                        "model": "claude-sonnet-4-20250514",
+                        "usage": [
+                            "input_tokens": 50,
+                            "cache_creation_input_tokens": 5,
+                            "cache_read_input_tokens": 0,
+                            "output_tokens": 19,
+                        ],
+                    ],
+                ],
+            ]))
+
+        let parsed = CostUsageScanner.parseClaudeFile(
+            fileURL: fileURL,
+            range: CostUsageScanner.CostUsageDayRange(since: day, until: day),
+            providerFilter: .all)
+
+        #expect(parsed.rows.count == 1)
+        #expect(parsed.rows[0].sessionId == "parse-session")
+        #expect(parsed.rows[0].messageId == "msg_parse_stream")
+        #expect(parsed.rows[0].requestId == "req_parse_stream")
+        #expect(parsed.rows[0].output == 19)
+    }
+
+    @Test
+    func `parseClaudeFile snapshots keep missing id rows distinct`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2025, month: 12, day: 21)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+
+        let fileURL = try env.writeClaudeProjectFile(
+            relativePath: "project-a/parse-missing-ids.jsonl",
+            contents: env.jsonl([
+                [
+                    "type": "assistant",
+                    "timestamp": iso0,
+                    "message": [
+                        "model": "claude-sonnet-4-20250514",
+                        "usage": [
+                            "input_tokens": 11,
+                            "cache_creation_input_tokens": 0,
+                            "cache_read_input_tokens": 0,
+                            "output_tokens": 3,
+                        ],
+                    ],
+                ],
+                [
+                    "type": "assistant",
+                    "timestamp": iso1,
+                    "message": [
+                        "model": "claude-sonnet-4-20250514",
+                        "usage": [
+                            "input_tokens": 13,
+                            "cache_creation_input_tokens": 0,
+                            "cache_read_input_tokens": 0,
+                            "output_tokens": 5,
+                        ],
+                    ],
+                ],
+            ]))
+
+        let parsed = CostUsageScanner.parseClaudeFile(
+            fileURL: fileURL,
+            range: CostUsageScanner.CostUsageDayRange(since: day, until: day),
+            providerFilter: .all)
+
+        #expect(parsed.rows.count == 2)
+        #expect(parsed.rows.map(\.input).sorted() == [11, 13])
+        #expect(parsed.rows.allSatisfy { $0.messageId == nil && $0.requestId == nil })
+    }
+
+    @Test
+    func `claude opus 4 7 issue row gets priced`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 4, day: 23)
+        let fileURL = try env.writeClaudeProjectFile(
+            relativePath: "project-a/opus-47.jsonl",
+            contents: env.jsonl([
+                [
+                    "message": [
+                        "model": "claude-opus-4-7",
+                        "id": "msg_01NrvWoSMk2Eig6vkCgyRZqc",
+                        "type": "message",
+                        "role": "assistant",
+                        "usage": [
+                            "input_tokens": 6,
+                            "cache_creation_input_tokens": 1389,
+                            "cache_read_input_tokens": 50352,
+                            "output_tokens": 3922,
+                        ],
+                    ],
+                    "requestId": "req_011CaLLcFQD712ZnCTxHFk71",
+                    "type": "assistant",
+                    "timestamp": "2026-04-23T07:51:34.428Z",
+                    "sessionId": "39d4b923-8273-4c35-ad9c-e098395286f1",
+                ],
+            ]))
+
+        let parsed = CostUsageScanner.parseClaudeFile(
+            fileURL: fileURL,
+            range: CostUsageScanner.CostUsageDayRange(since: day, until: day),
+            providerFilter: .all)
+
+        #expect(parsed.rows.count == 1)
+        #expect(parsed.rows[0].model == "claude-opus-4-7")
+        #expect(parsed.rows[0].input == 6)
+        #expect(parsed.rows[0].cacheCreate == 1389)
+        #expect(parsed.rows[0].cacheRead == 50352)
+        #expect(parsed.rows[0].output == 3922)
+
+        let expected = 0.13193725
+        #expect(abs((Double(parsed.rows[0].costNanos) / 1_000_000_000) - expected) < 0.000000001)
+    }
+
+    @Test
+    func `claude streaming keeps the last cumulative chunk`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2025, month: 12, day: 21)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let iso2 = env.isoString(for: day.addingTimeInterval(2))
+
+        let model = "claude-sonnet-4-20250514"
+        let sessionId = "session-stream-last-wins"
+        let messageId = "msg_stream_last_wins"
+        let requestId = "req_stream_last_wins"
+
+        let chunk1: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso0,
+            "sessionId": sessionId,
+            "requestId": requestId,
+            "isSidechain": false,
+            "message": [
+                "id": messageId,
+                "model": model,
+                "usage": [
+                    "input_tokens": 120,
+                    "cache_creation_input_tokens": 10,
+                    "cache_read_input_tokens": 5,
+                    "output_tokens": 12,
+                ],
+            ],
+        ]
+        let chunk2: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso1,
+            "sessionId": sessionId,
+            "requestId": requestId,
+            "isSidechain": false,
+            "message": [
+                "id": messageId,
+                "model": model,
+                "usage": [
+                    "input_tokens": 120,
+                    "cache_creation_input_tokens": 10,
+                    "cache_read_input_tokens": 5,
+                    "output_tokens": 48,
+                ],
+            ],
+        ]
+        let chunk3: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso2,
+            "sessionId": sessionId,
+            "requestId": requestId,
+            "isSidechain": false,
+            "message": [
+                "id": messageId,
+                "model": model,
+                "usage": [
+                    "input_tokens": 120,
+                    "cache_creation_input_tokens": 10,
+                    "cache_read_input_tokens": 5,
+                    "output_tokens": 90,
+                ],
+            ],
+        ]
+
+        _ = try env.writeClaudeProjectFile(
+            relativePath: "project-a/stream-last-wins.jsonl",
+            contents: env.jsonl([chunk1, chunk2, chunk3]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: nil,
+            claudeProjectsRoots: [env.claudeProjectsRoot],
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .claude,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 120)
+        #expect(report.data[0].cacheCreationTokens == 10)
+        #expect(report.data[0].cacheReadTokens == 5)
+        #expect(report.data[0].outputTokens == 90)
+        #expect(report.data[0].totalTokens == 225)
+    }
+
+    @Test
+    func `claude cross file dedup prefers parent and keeps unique sidechain rows`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2025, month: 12, day: 22)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let iso2 = env.isoString(for: day.addingTimeInterval(2))
+        let iso3 = env.isoString(for: day.addingTimeInterval(3))
+
+        let model = "claude-sonnet-4-20250514"
+        let sessionId = "session-cross-file"
+
+        let parentOverlap: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso0,
+            "sessionId": sessionId,
+            "requestId": "req_overlap",
+            "isSidechain": false,
+            "message": [
+                "id": "msg_overlap",
+                "model": model,
+                "usage": [
+                    "input_tokens": 100,
+                    "cache_creation_input_tokens": 20,
+                    "cache_read_input_tokens": 10,
+                    "output_tokens": 30,
+                ],
+            ],
+        ]
+        let compactOverlap: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso1,
+            "sessionId": sessionId,
+            "requestId": "req_overlap",
+            "isSidechain": true,
+            "message": [
+                "id": "msg_overlap",
+                "model": model,
+                "usage": [
+                    "input_tokens": 100,
+                    "cache_creation_input_tokens": 20,
+                    "cache_read_input_tokens": 10,
+                    "output_tokens": 30,
+                ],
+            ],
+        ]
+        let nonCompactOverlap: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso2,
+            "sessionId": sessionId,
+            "requestId": "req_overlap",
+            "isSidechain": true,
+            "message": [
+                "id": "msg_overlap",
+                "model": model,
+                "usage": [
+                    "input_tokens": 100,
+                    "cache_creation_input_tokens": 20,
+                    "cache_read_input_tokens": 10,
+                    "output_tokens": 30,
+                ],
+            ],
+        ]
+        let uniqueSidechain: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso3,
+            "sessionId": sessionId,
+            "requestId": "req_unique_sidechain",
+            "isSidechain": true,
+            "message": [
+                "id": "msg_unique_sidechain",
+                "model": model,
+                "usage": [
+                    "input_tokens": 70,
+                    "cache_creation_input_tokens": 5,
+                    "cache_read_input_tokens": 0,
+                    "output_tokens": 20,
+                ],
+            ],
+        ]
+
+        _ = try env.writeClaudeProjectFile(
+            relativePath: "project-a/\(sessionId).jsonl",
+            contents: env.jsonl([parentOverlap]))
+        _ = try env.writeClaudeProjectFile(
+            relativePath: "project-a/\(sessionId)/subagents/agent-acompact-overlap.jsonl",
+            contents: env.jsonl([compactOverlap]))
+        _ = try env.writeClaudeProjectFile(
+            relativePath: "project-a/\(sessionId)/subagents/agent-aside_question-overlap.jsonl",
+            contents: env.jsonl([nonCompactOverlap, uniqueSidechain]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: nil,
+            claudeProjectsRoots: [env.claudeProjectsRoot],
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .claude,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 170)
+        #expect(report.data[0].cacheCreationTokens == 25)
+        #expect(report.data[0].cacheReadTokens == 10)
+        #expect(report.data[0].outputTokens == 50)
+        #expect(report.data[0].totalTokens == 255)
+    }
+
+    @Test
+    func `claude forked transcript history dedups globally while new fork rows count`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2025, month: 12, day: 22)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let iso2 = env.isoString(for: day.addingTimeInterval(2))
+        let model = "claude-sonnet-4-20250514"
+
+        let copiedHistoryInOriginal: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso0,
+            "sessionId": "session-original",
+            "requestId": "req_copied_history",
+            "isSidechain": false,
+            "uuid": "assistant-uuid-copied",
+            "parentUuid": "parent-uuid-copied",
+            "message": [
+                "id": "msg_copied_history",
+                "model": model,
+                "usage": [
+                    "input_tokens": 100,
+                    "cache_creation_input_tokens": 20,
+                    "cache_read_input_tokens": 10,
+                    "output_tokens": 30,
+                ],
+            ],
+        ]
+        var copiedHistoryInFork = copiedHistoryInOriginal
+        copiedHistoryInFork["sessionId"] = "session-fork"
+
+        let originalContinuation: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso1,
+            "sessionId": "session-original",
+            "requestId": "req_original_new",
+            "isSidechain": false,
+            "message": [
+                "id": "msg_original_new",
+                "model": model,
+                "usage": [
+                    "input_tokens": 40,
+                    "cache_creation_input_tokens": 0,
+                    "cache_read_input_tokens": 0,
+                    "output_tokens": 10,
+                ],
+            ],
+        ]
+        let forkContinuation: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso2,
+            "sessionId": "session-fork",
+            "requestId": "req_fork_new",
+            "isSidechain": false,
+            "message": [
+                "id": "msg_fork_new",
+                "model": model,
+                "usage": [
+                    "input_tokens": 70,
+                    "cache_creation_input_tokens": 5,
+                    "cache_read_input_tokens": 0,
+                    "output_tokens": 20,
+                ],
+            ],
+        ]
+
+        _ = try env.writeClaudeProjectFile(
+            relativePath: "project-a/session-original.jsonl",
+            contents: env.jsonl([copiedHistoryInOriginal, originalContinuation]))
+        _ = try env.writeClaudeProjectFile(
+            relativePath: "project-a/session-fork.jsonl",
+            contents: env.jsonl([copiedHistoryInFork, forkContinuation]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: nil,
+            claudeProjectsRoots: [env.claudeProjectsRoot],
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .claude,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 210)
+        #expect(report.data[0].cacheCreationTokens == 25)
+        #expect(report.data[0].cacheReadTokens == 10)
+        #expect(report.data[0].outputTokens == 60)
+        #expect(report.data[0].totalTokens == 305)
+    }
+
+    @Test
+    func `claude cross file dedup uses stable path order for same rank sidechains`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2025, month: 12, day: 23)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+
+        let model = "claude-sonnet-4-20250514"
+        let sessionId = "session-sidechain-path-order"
+
+        let firstSidechain: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso0,
+            "sessionId": sessionId,
+            "requestId": "req_path_order",
+            "isSidechain": true,
+            "message": [
+                "id": "msg_path_order",
+                "model": model,
+                "usage": [
+                    "input_tokens": 10,
+                    "cache_creation_input_tokens": 0,
+                    "cache_read_input_tokens": 0,
+                    "output_tokens": 1,
+                ],
+            ],
+        ]
+        let secondSidechain: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso1,
+            "sessionId": sessionId,
+            "requestId": "req_path_order",
+            "isSidechain": true,
+            "message": [
+                "id": "msg_path_order",
+                "model": model,
+                "usage": [
+                    "input_tokens": 999,
+                    "cache_creation_input_tokens": 0,
+                    "cache_read_input_tokens": 0,
+                    "output_tokens": 999,
+                ],
+            ],
+        ]
+
+        _ = try env.writeClaudeProjectFile(
+            relativePath: "project-a/\(sessionId)/subagents/agent-a-first.jsonl",
+            contents: env.jsonl([firstSidechain]))
+        _ = try env.writeClaudeProjectFile(
+            relativePath: "project-a/\(sessionId)/subagents/agent-b-second.jsonl",
+            contents: env.jsonl([secondSidechain]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: nil,
+            claudeProjectsRoots: [env.claudeProjectsRoot],
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .claude,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 10)
+        #expect(report.data[0].outputTokens == 1)
+        #expect(report.data[0].totalTokens == 11)
+    }
+
+    @Test
+    func `claude cross file dedup uses provider ids when session id is missing`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2025, month: 12, day: 23)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+
+        let model = "claude-sonnet-4-20250514"
+
+        let missingSession: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso0,
+            "requestId": "req_shared",
+            "isSidechain": false,
+            "message": [
+                "id": "msg_shared",
+                "model": model,
+                "usage": [
+                    "input_tokens": 10,
+                    "cache_creation_input_tokens": 0,
+                    "cache_read_input_tokens": 0,
+                    "output_tokens": 1,
+                ],
+            ],
+        ]
+        let sessionScoped: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso1,
+            "sessionId": "session-has-id",
+            "requestId": "req_shared",
+            "isSidechain": true,
+            "message": [
+                "id": "msg_shared",
+                "model": model,
+                "usage": [
+                    "input_tokens": 20,
+                    "cache_creation_input_tokens": 0,
+                    "cache_read_input_tokens": 0,
+                    "output_tokens": 2,
+                ],
+            ],
+        ]
+
+        _ = try env.writeClaudeProjectFile(
+            relativePath: "project-a/missing-session-parent.jsonl",
+            contents: env.jsonl([missingSession]))
+        _ = try env.writeClaudeProjectFile(
+            relativePath: "project-a/session-has-id/subagents/agent-a-sidechain.jsonl",
+            contents: env.jsonl([sessionScoped]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: nil,
+            claudeProjectsRoots: [env.claudeProjectsRoot],
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .claude,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+
+        #expect(report.data.count == 1)
+        #expect(report.data[0].inputTokens == 10)
+        #expect(report.data[0].outputTokens == 1)
+        #expect(report.data[0].totalTokens == 11)
+    }
+
+    @Test
+    func `claude rescans sessions when a new parent file overlaps cached sidechain data`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2025, month: 12, day: 24)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+
+        let model = "claude-sonnet-4-20250514"
+        let sessionId = "session-cache-recompute"
+
+        let sidechainOverlap: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso0,
+            "sessionId": sessionId,
+            "requestId": "req_overlap",
+            "isSidechain": true,
+            "message": [
+                "id": "msg_overlap",
+                "model": model,
+                "usage": [
+                    "input_tokens": 40,
+                    "cache_creation_input_tokens": 0,
+                    "cache_read_input_tokens": 0,
+                    "output_tokens": 10,
+                ],
+            ],
+        ]
+        let uniqueSidechain: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso1,
+            "sessionId": sessionId,
+            "requestId": "req_unique",
+            "isSidechain": true,
+            "message": [
+                "id": "msg_unique",
+                "model": model,
+                "usage": [
+                    "input_tokens": 5,
+                    "cache_creation_input_tokens": 0,
+                    "cache_read_input_tokens": 0,
+                    "output_tokens": 1,
+                ],
+            ],
+        ]
+
+        _ = try env.writeClaudeProjectFile(
+            relativePath: "project-a/\(sessionId)/subagents/agent-acompact-cached.jsonl",
+            contents: env.jsonl([sidechainOverlap, uniqueSidechain]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: nil,
+            claudeProjectsRoots: [env.claudeProjectsRoot],
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+
+        let firstReport = CostUsageScanner.loadDailyReport(
+            provider: .claude,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+
+        #expect(firstReport.data.count == 1)
+        #expect(firstReport.data[0].inputTokens == 45)
+        #expect(firstReport.data[0].outputTokens == 11)
+        #expect(firstReport.data[0].totalTokens == 56)
+
+        let parentOverlap: [String: Any] = [
+            "type": "assistant",
+            "timestamp": iso0,
+            "sessionId": sessionId,
+            "requestId": "req_overlap",
+            "isSidechain": false,
+            "message": [
+                "id": "msg_overlap",
+                "model": model,
+                "usage": [
+                    "input_tokens": 40,
+                    "cache_creation_input_tokens": 0,
+                    "cache_read_input_tokens": 0,
+                    "output_tokens": 10,
+                ],
+            ],
+        ]
+
+        _ = try env.writeClaudeProjectFile(
+            relativePath: "project-a/\(sessionId).jsonl",
+            contents: env.jsonl([parentOverlap]))
+
+        let secondReport = CostUsageScanner.loadDailyReport(
+            provider: .claude,
+            since: day,
+            until: day,
+            now: day.addingTimeInterval(10),
+            options: options)
+
+        #expect(secondReport.data.count == 1)
+        #expect(secondReport.data[0].inputTokens == 45)
+        #expect(secondReport.data[0].outputTokens == 11)
+        #expect(secondReport.data[0].totalTokens == 56)
+    }
+
+    @Test
+    func `claude sonnet 4 6 pricing is available for base and dated models`() {
+        let baseCost = CostUsagePricing.claudeCostUSD(
+            model: "claude-sonnet-4-6",
+            inputTokens: 1000,
+            cacheReadInputTokens: 100,
+            cacheCreationInputTokens: 50,
+            outputTokens: 25)
+        let datedCost = CostUsagePricing.claudeCostUSD(
+            model: "claude-sonnet-4-6-20260219",
+            inputTokens: 1000,
+            cacheReadInputTokens: 100,
+            cacheCreationInputTokens: 50,
+            outputTokens: 25)
+
+        #expect(baseCost != nil)
+        #expect(datedCost != nil)
+        #expect(baseCost == datedCost)
+    }
+}
diff --git a/Tests/CodexBarTests/CostUsageScannerCodexPriorityTests.swift b/Tests/CodexBarTests/CostUsageScannerCodexPriorityTests.swift
new file mode 100644
index 000000000..de842296f
--- /dev/null
+++ b/Tests/CodexBarTests/CostUsageScannerCodexPriorityTests.swift
@@ -0,0 +1,234 @@
+import Foundation
+#if canImport(SQLite3)
+import SQLite3
+import Testing
+@testable import CodexBarCore
+
+struct CostUsageScannerCodexPriorityTests {
+    @Test
+    func `parses priority turn metadata without exposing request body`() {
+        let body = "INFO thread_id=11111111-1111-1111-1111-111111111111 "
+            + "turn.id=22222222-2222-2222-2222-222222222222 websocket request: "
+            + #"{"type":"response.create","model":"gpt-5.5","service_tier":"priority","instructions":"secret prompt"}"#
+
+        let parsed = CostUsageScanner.parseCodexPriorityTraceRow(timestamp: "2026-05-10T12:00:00Z", body: body)
+
+        #expect(parsed?.threadID == "11111111-1111-1111-1111-111111111111")
+        #expect(parsed?.turnID == "22222222-2222-2222-2222-222222222222")
+        #expect(parsed?.model == "gpt-5.5")
+        #expect(parsed?.timestamp == "2026-05-10T12:00:00Z")
+    }
+
+    @Test
+    func `ignores non priority malformed and non response request rows`() {
+        let prefix = "thread_id=thread turn.id=turn websocket request: "
+
+        #expect(CostUsageScanner.parseCodexPriorityTraceRow(
+            timestamp: nil,
+            body: prefix + #"{"type":"session.update","service_tier":"priority"}"#) == nil)
+        #expect(CostUsageScanner.parseCodexPriorityTraceRow(
+            timestamp: nil,
+            body: prefix + #"{"type":"response.create"}"#) == nil)
+        #expect(CostUsageScanner.parseCodexPriorityTraceRow(
+            timestamp: nil,
+            body: prefix + #"{"type":"response.create","service_tier":"default"}"#) == nil)
+        #expect(CostUsageScanner.parseCodexPriorityTraceRow(
+            timestamp: nil,
+            body: prefix + #"{"#) == nil)
+    }
+
+    @Test
+    func `parses completed response model without exposing response body`() {
+        let body = "INFO thread_id=thread turn.id=turn websocket event: "
+            + #"{"type":"response.completed","response":{"model":"gpt-5.4","output":[{"content":"private"}]}}"#
+
+        let parsed = CostUsageScanner.parseCodexCompletedTraceRow(body: body)
+
+        #expect(parsed?.turnID == "turn")
+        #expect(parsed?.model == "gpt-5.4")
+    }
+
+    @Test
+    func `reads priority turns from sqlite logs table`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try Self.createTestLogsDatabase(at: dbURL)
+        try Self.insertTestLog(
+            dbURL: dbURL,
+            timestamp: "2026-05-10T12:00:00Z",
+            body: "thread_id=thread-a turn.id=turn-a websocket request: "
+                + #"{"type":"response.create","model":"gpt-5.5","service_tier":"priority","input":"private"}"#)
+        try Self.insertTestLog(
+            dbURL: dbURL,
+            timestamp: "2026-05-10T12:01:00Z",
+            body: """
+            thread_id=thread-b turn.id=turn-b websocket request: {"type":"response.create","model":"gpt-5.5"}
+            """)
+
+        let turns = CostUsageScanner.codexPriorityTurns(databaseURL: dbURL)
+
+        #expect(turns.keys.sorted() == ["turn-a"])
+        #expect(turns["turn-a"]?.threadID == "thread-a")
+        #expect(turns["turn-a"]?.model == "gpt-5.5")
+    }
+
+    @Test
+    func `sqlite scan upgrades priority request alias with completed response model`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try Self.createTestLogsDatabase(at: dbURL)
+        try Self.insertTestLog(
+            dbURL: dbURL,
+            timestamp: "2026-05-10T12:00:00Z",
+            body: "thread_id=thread turn.id=turn websocket request: "
+                + #"{"type":"response.create","model":"codex-auto-review","service_tier":"priority"}"#)
+        try Self.insertTestLog(
+            dbURL: dbURL,
+            timestamp: "2026-05-10T12:00:01Z",
+            body: "thread_id=thread turn.id=turn websocket event: "
+                + #"{"type":"response.completed","response":{"model":"gpt-5.4","input":"private"}}"#)
+
+        let turns = CostUsageScanner.codexPriorityTurns(databaseURL: dbURL)
+
+        #expect(turns["turn"]?.model == "gpt-5.4")
+    }
+
+    @Test
+    func `sqlite scan matches spaced completed response json`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try Self.createTestLogsDatabase(at: dbURL)
+        try Self.insertTestLog(
+            dbURL: dbURL,
+            timestamp: "2026-05-10T12:00:00Z",
+            body: "thread_id=thread turn.id=turn websocket request: "
+                + #"{"type":"response.create","model":"codex-auto-review","service_tier":"priority"}"#)
+        try Self.insertTestLog(
+            dbURL: dbURL,
+            timestamp: "2026-05-10T12:00:01Z",
+            body: "thread_id=thread turn.id=turn websocket event: "
+                + #"{"type": "response.completed", "response": {"model": "gpt-5.4"}}"#)
+
+        let turns = CostUsageScanner.codexPriorityTurns(databaseURL: dbURL)
+
+        #expect(turns["turn"]?.model == "gpt-5.4")
+    }
+
+    @Test
+    func `sqlite scan only returns priority turns in requested day range`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try Self.createTestLogsDatabase(at: dbURL)
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let previousDay = try #require(Calendar.current.date(byAdding: .day, value: -1, to: day))
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: day)
+        try Self.insertTestLog(
+            dbURL: dbURL,
+            timestamp: env.isoString(for: previousDay),
+            body: "thread_id=thread-old turn.id=turn-old websocket request: "
+                + #"{"type":"response.create","model":"gpt-5.5","service_tier":"priority"}"#)
+        try Self.insertTestLog(
+            dbURL: dbURL,
+            timestamp: env.isoString(for: day),
+            body: "thread_id=thread-new turn.id=turn-new websocket request: "
+                + #"{"type":"response.create","model":"gpt-5.5","service_tier":"priority"}"#)
+
+        let turns = CostUsageScanner.codexPriorityTurns(
+            databaseURL: dbURL,
+            sinceDayKey: dayKey,
+            untilDayKey: dayKey)
+
+        #expect(turns.keys.sorted() == ["turn-new"])
+    }
+
+    @Test
+    func `sqlite scan uses local day boundaries for integer timestamps`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try Self.createTestLogsDatabase(at: dbURL)
+
+        var components = DateComponents()
+        components.calendar = Calendar.current
+        components.year = 2026
+        components.month = 5
+        components.day = 10
+        let dayStart = try #require(components.date)
+        let dayKey = CostUsageScanner.CostUsageDayRange.dayKey(from: dayStart)
+        let previousSecond = try #require(Calendar.current.date(byAdding: .second, value: -1, to: dayStart))
+        let nextSecond = try #require(Calendar.current.date(byAdding: .second, value: 1, to: dayStart))
+
+        try Self.insertTestLog(
+            dbURL: dbURL,
+            epochSeconds: Int64(previousSecond.timeIntervalSince1970),
+            body: "thread_id=thread-before turn.id=turn-before websocket request: "
+                + #"{"type":"response.create","model":"gpt-5.5","service_tier":"priority"}"#)
+        try Self.insertTestLog(
+            dbURL: dbURL,
+            epochSeconds: Int64(nextSecond.timeIntervalSince1970),
+            body: "thread_id=thread-after turn.id=turn-after websocket request: "
+                + #"{"type":"response.create","model":"gpt-5.5","service_tier":"priority"}"#)
+
+        let turns = CostUsageScanner.codexPriorityTurns(
+            databaseURL: dbURL,
+            sinceDayKey: dayKey,
+            untilDayKey: dayKey)
+
+        #expect(turns.keys.sorted() == ["turn-after"])
+    }
+
+    static func createTestLogsDatabase(at dbURL: URL) throws {
+        var db: OpaquePointer?
+        guard sqlite3_open(dbURL.path, &db) == SQLITE_OK else { throw SQLiteTestError.open }
+        defer { sqlite3_close(db) }
+        try self.exec(db, "create table logs (ts integer not null, feedback_log_body text)")
+    }
+
+    static func insertTestLog(dbURL: URL, timestamp: String, body: String) throws {
+        try self.insertTestLog(dbURL: dbURL, epochSeconds: self.epochSeconds(timestamp), body: body)
+    }
+
+    static func insertTestLog(dbURL: URL, epochSeconds: Int64, body: String) throws {
+        var db: OpaquePointer?
+        guard sqlite3_open(dbURL.path, &db) == SQLITE_OK else { throw SQLiteTestError.open }
+        defer { sqlite3_close(db) }
+
+        var stmt: OpaquePointer?
+        guard sqlite3_prepare_v2(db, "insert into logs (ts, feedback_log_body) values (?, ?)", -1, &stmt, nil)
+            == SQLITE_OK
+        else { throw SQLiteTestError.prepare }
+        defer { sqlite3_finalize(stmt) }
+
+        let transient = unsafeBitCast(-1, to: sqlite3_destructor_type.self)
+        sqlite3_bind_int64(stmt, 1, epochSeconds)
+        sqlite3_bind_text(stmt, 2, body, -1, transient)
+        guard sqlite3_step(stmt) == SQLITE_DONE else { throw SQLiteTestError.step }
+    }
+
+    private static func epochSeconds(_ timestamp: String) -> Int64 {
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime]
+        guard let date = formatter.date(from: timestamp) else { return 0 }
+        return Int64(date.timeIntervalSince1970)
+    }
+
+    private static func exec(_ db: OpaquePointer?, _ sql: String) throws {
+        var message: UnsafeMutablePointer<CChar>?
+        guard sqlite3_exec(db, sql, nil, nil, &message) == SQLITE_OK else {
+            sqlite3_free(message)
+            throw SQLiteTestError.exec
+        }
+    }
+
+    private enum SQLiteTestError: Error {
+        case open
+        case prepare
+        case step
+        case exec
+    }
+}
+#endif
diff --git a/Tests/CodexBarTests/CostUsageScannerPriorityTests.swift b/Tests/CodexBarTests/CostUsageScannerPriorityTests.swift
new file mode 100644
index 000000000..8bdaaf5e2
--- /dev/null
+++ b/Tests/CodexBarTests/CostUsageScannerPriorityTests.swift
@@ -0,0 +1,680 @@
+import Foundation
+#if canImport(SQLite3)
+import Testing
+@testable import CodexBarCore
+
+struct CostUsageScannerPriorityTests {
+    @Test
+    func `codex daily report applies gpt55 priority rates`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let iso2 = env.isoString(for: day.addingTimeInterval(2))
+        let iso3 = env.isoString(for: day.addingTimeInterval(3))
+
+        let entries: [[String: Any]] = [
+            ["type": "turn_context", "timestamp": iso0, "payload": ["model": "gpt-5.5"]],
+            ["type": "event_msg", "timestamp": iso1, "payload": ["type": "task_started", "turn_id": "standard-turn"]],
+            self.tokenCount(timestamp: iso2, input: 100, cached: 20, output: 10),
+            ["type": "event_msg", "timestamp": iso3, "payload": ["type": "task_started", "turn_id": "priority-turn"]],
+            self.tokenCount(timestamp: iso3, input: 100, cached: 20, output: 10),
+        ]
+        _ = try env.writeCodexSessionFile(day: day, filename: "session.jsonl", contents: env.jsonl(entries))
+
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try CostUsageScannerCodexPriorityTests.createTestLogsDatabase(at: dbURL)
+        try self.insertPriorityTrace(dbURL: dbURL, timestamp: iso3)
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: dbURL)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        let standardCost = (80.0 * 5e-6) + (20.0 * 5e-7) + (10.0 * 3e-5)
+        let priorityCost = (80.0 * 1.25e-5) + (20.0 * 1.25e-6) + (10.0 * 7.5e-5)
+
+        #expect(report.summary?.totalCostUSD == standardCost + priorityCost)
+        let breakdown = try #require(report.data.first?.modelBreakdowns?.first)
+        #expect(breakdown.costUSD == standardCost + priorityCost)
+        #expect(breakdown.standardCostUSD == standardCost)
+        #expect(breakdown.priorityCostUSD == priorityCost)
+        #expect(breakdown.standardTokens == 110)
+        #expect(breakdown.priorityTokens == 110)
+    }
+
+    @Test
+    func `codex daily report keeps cached priority surcharge without live sqlite metadata`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let entries: [[String: Any]] = [
+            ["type": "turn_context", "timestamp": iso0, "payload": ["model": "gpt-5.5"]],
+            ["type": "event_msg", "timestamp": iso1, "payload": ["type": "task_started", "turn_id": "priority-turn"]],
+            self.tokenCount(timestamp: iso1, input: 100, cached: 20, output: 10),
+        ]
+        _ = try env.writeCodexSessionFile(day: day, filename: "session.jsonl", contents: env.jsonl(entries))
+
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try CostUsageScannerCodexPriorityTests.createTestLogsDatabase(at: dbURL)
+        try self.insertPriorityTrace(dbURL: dbURL, timestamp: iso1)
+
+        var refreshOptions = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: dbURL)
+        refreshOptions.refreshMinIntervalSeconds = 0
+
+        _ = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: refreshOptions)
+
+        var cachedOptions = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: env.root.appendingPathComponent("missing.sqlite"))
+        cachedOptions.refreshMinIntervalSeconds = 60
+
+        let cached = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day.addingTimeInterval(1),
+            options: cachedOptions)
+        let priorityCost = (80.0 * 1.25e-5) + (20.0 * 1.25e-6) + (10.0 * 7.5e-5)
+
+        #expect(cached.summary?.totalCostUSD == priorityCost)
+        let breakdown = try #require(cached.data.first?.modelBreakdowns?.first)
+        #expect(breakdown.priorityCostUSD == priorityCost)
+        #expect(breakdown.priorityTokens == 110)
+    }
+
+    @Test
+    func `codex daily report rescans when priority metadata appears`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let entries: [[String: Any]] = [
+            ["type": "turn_context", "timestamp": iso0, "payload": ["model": "gpt-5.5"]],
+            ["type": "event_msg", "timestamp": iso1, "payload": ["type": "task_started", "turn_id": "priority-turn"]],
+            self.tokenCount(timestamp: iso1, input: 100, cached: 20, output: 10),
+        ]
+        _ = try env.writeCodexSessionFile(day: day, filename: "session.jsonl", contents: env.jsonl(entries))
+
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        var missingOptions = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: dbURL)
+        missingOptions.refreshMinIntervalSeconds = 0
+
+        let first = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: missingOptions)
+        let baseCost = (80.0 * 5e-6) + (20.0 * 5e-7) + (10.0 * 3e-5)
+        #expect(first.summary?.totalCostUSD == baseCost)
+
+        try CostUsageScannerCodexPriorityTests.createTestLogsDatabase(at: dbURL)
+        try self.insertPriorityTrace(dbURL: dbURL, timestamp: iso1)
+
+        var liveOptions = missingOptions
+        liveOptions.refreshMinIntervalSeconds = 60
+        let rescanned = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day.addingTimeInterval(1),
+            options: liveOptions)
+        let priorityCost = (80.0 * 1.25e-5) + (20.0 * 1.25e-6) + (10.0 * 7.5e-5)
+
+        #expect(rescanned.summary?.totalCostUSD == priorityCost)
+    }
+
+    @Test
+    func `codex daily report ignores unrelated priority wal changes`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let entries: [[String: Any]] = [
+            ["type": "turn_context", "timestamp": iso0, "payload": ["model": "gpt-5.5"]],
+            ["type": "event_msg", "timestamp": iso1, "payload": ["type": "task_started", "turn_id": "priority-turn"]],
+            self.tokenCount(timestamp: iso1, input: 100, cached: 20, output: 10),
+        ]
+        _ = try env.writeCodexSessionFile(day: day, filename: "session.jsonl", contents: env.jsonl(entries))
+
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try CostUsageScannerCodexPriorityTests.createTestLogsDatabase(at: dbURL)
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: dbURL)
+        options.refreshMinIntervalSeconds = 0
+
+        let first = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        let baseCost = (80.0 * 5e-6) + (20.0 * 5e-7) + (10.0 * 3e-5)
+        #expect(first.summary?.totalCostUSD == baseCost)
+
+        let walURL = URL(fileURLWithPath: dbURL.path + "-wal")
+        try Data("wal-changed".utf8).write(to: walURL)
+
+        options.refreshMinIntervalSeconds = 60
+        let cached = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day.addingTimeInterval(1),
+            options: options)
+
+        #expect(cached.summary?.totalCostUSD == baseCost)
+    }
+
+    @Test
+    func `codex daily report reprices cached file when priority turn appears`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let entries: [[String: Any]] = [
+            ["type": "turn_context", "timestamp": iso0, "payload": ["model": "gpt-5.5"]],
+            ["type": "event_msg", "timestamp": iso1, "payload": ["type": "task_started", "turn_id": "priority-turn"]],
+            self.tokenCount(timestamp: iso1, input: 100, cached: 20, output: 10),
+        ]
+        _ = try env.writeCodexSessionFile(day: day, filename: "session.jsonl", contents: env.jsonl(entries))
+
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try CostUsageScannerCodexPriorityTests.createTestLogsDatabase(at: dbURL)
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: dbURL)
+        options.refreshMinIntervalSeconds = 0
+
+        let first = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        let baseCost = (80.0 * 5e-6) + (20.0 * 5e-7) + (10.0 * 3e-5)
+        #expect(first.summary?.totalCostUSD == baseCost)
+
+        try self.insertPriorityTrace(dbURL: dbURL, timestamp: iso1)
+
+        options.refreshMinIntervalSeconds = 60
+        let repriced = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day.addingTimeInterval(61),
+            options: options)
+        let priorityCost = (80.0 * 1.25e-5) + (20.0 * 1.25e-6) + (10.0 * 7.5e-5)
+
+        #expect(repriced.summary?.totalCostUSD == priorityCost)
+    }
+
+    @Test
+    func `codex daily report applies gpt54 priority rates`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let iso2 = env.isoString(for: day.addingTimeInterval(2))
+        let iso3 = env.isoString(for: day.addingTimeInterval(3))
+
+        let entries: [[String: Any]] = [
+            ["type": "turn_context", "timestamp": iso0, "payload": ["model": "gpt-5.4"]],
+            ["type": "event_msg", "timestamp": iso1, "payload": ["type": "task_started", "turn_id": "standard-turn"]],
+            self.tokenCount(timestamp: iso2, input: 100, cached: 20, output: 10),
+            ["type": "event_msg", "timestamp": iso3, "payload": ["type": "task_started", "turn_id": "priority-turn"]],
+            self.tokenCount(timestamp: iso3, input: 100, cached: 20, output: 10),
+        ]
+        _ = try env.writeCodexSessionFile(day: day, filename: "session.jsonl", contents: env.jsonl(entries))
+
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try CostUsageScannerCodexPriorityTests.createTestLogsDatabase(at: dbURL)
+        try self.insertPriorityTrace(dbURL: dbURL, timestamp: iso3, model: "gpt-5.4")
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: dbURL)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        let standardCost = (80.0 * 2.5e-6) + (20.0 * 2.5e-7) + (10.0 * 1.5e-5)
+        let priorityCost = (80.0 * 5e-6) + (20.0 * 5e-7) + (10.0 * 3e-5)
+
+        #expect(report.summary?.totalCostUSD == standardCost + priorityCost)
+    }
+
+    @Test
+    func `codex daily report prices priority alias with completed response model`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let entries: [[String: Any]] = [
+            ["type": "turn_context", "timestamp": iso0, "payload": ["model": "codex-auto-review"]],
+            ["type": "event_msg", "timestamp": iso1, "payload": ["type": "task_started", "turn_id": "priority-turn"]],
+            self.tokenCount(timestamp: iso1, input: 100, cached: 20, output: 10),
+        ]
+        _ = try env.writeCodexSessionFile(day: day, filename: "session.jsonl", contents: env.jsonl(entries))
+
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try CostUsageScannerCodexPriorityTests.createTestLogsDatabase(at: dbURL)
+        try self.insertPriorityTrace(dbURL: dbURL, timestamp: iso1, model: "codex-auto-review")
+        try CostUsageScannerCodexPriorityTests.insertTestLog(
+            dbURL: dbURL,
+            timestamp: iso1,
+            body: "thread_id=thread turn.id=priority-turn websocket event: "
+                + #"{"type":"response.completed","response":{"model":"gpt-5.4"}}"#)
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: dbURL)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        let priorityCost = (80.0 * 5e-6) + (20.0 * 5e-7) + (10.0 * 3e-5)
+
+        #expect(report.summary?.totalCostUSD == priorityCost)
+        let breakdown = try #require(report.data.first?.modelBreakdowns?.first)
+        #expect(breakdown.priorityCostUSD == priorityCost)
+        #expect(breakdown.priorityTokens == 110)
+    }
+
+    @Test
+    func `codex daily report totals use completed model priority cost`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let entries: [[String: Any]] = [
+            ["type": "turn_context", "timestamp": iso0, "payload": ["model": "gpt-5.4"]],
+            ["type": "event_msg", "timestamp": iso1, "payload": ["type": "task_started", "turn_id": "priority-turn"]],
+            self.tokenCount(timestamp: iso1, input: 100, cached: 20, output: 10),
+        ]
+        _ = try env.writeCodexSessionFile(day: day, filename: "session.jsonl", contents: env.jsonl(entries))
+
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try CostUsageScannerCodexPriorityTests.createTestLogsDatabase(at: dbURL)
+        try self.insertPriorityTrace(dbURL: dbURL, timestamp: iso1, model: "gpt-5.4")
+        try CostUsageScannerCodexPriorityTests.insertTestLog(
+            dbURL: dbURL,
+            timestamp: iso1,
+            body: "thread_id=thread turn.id=priority-turn websocket event: "
+                + #"{"type":"response.completed","response":{"model":"gpt-5.5"}}"#)
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: dbURL)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        let priorityCost = (80.0 * 1.25e-5) + (20.0 * 1.25e-6) + (10.0 * 7.5e-5)
+
+        #expect(report.summary?.totalCostUSD == priorityCost)
+        let breakdown = try #require(report.data.first?.modelBreakdowns?.first)
+        #expect(breakdown.costUSD == priorityCost)
+        #expect(breakdown.priorityCostUSD == priorityCost)
+    }
+
+    @Test
+    func `codex daily report reprices cached priority alias when completed model arrives`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let entries: [[String: Any]] = [
+            ["type": "turn_context", "timestamp": iso0, "payload": ["model": "codex-auto-review"]],
+            ["type": "event_msg", "timestamp": iso1, "payload": ["type": "task_started", "turn_id": "priority-turn"]],
+            self.tokenCount(timestamp: iso1, input: 100, cached: 20, output: 10),
+        ]
+        _ = try env.writeCodexSessionFile(day: day, filename: "session.jsonl", contents: env.jsonl(entries))
+
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try CostUsageScannerCodexPriorityTests.createTestLogsDatabase(at: dbURL)
+        try self.insertPriorityTrace(dbURL: dbURL, timestamp: iso1, model: "codex-auto-review")
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: dbURL)
+        options.refreshMinIntervalSeconds = 0
+
+        let first = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        #expect(first.summary?.totalCostUSD == nil)
+
+        try CostUsageScannerCodexPriorityTests.insertTestLog(
+            dbURL: dbURL,
+            timestamp: iso1,
+            body: "thread_id=thread turn.id=priority-turn websocket event: "
+                + #"{"type":"response.completed","response":{"model":"gpt-5.4"}}"#)
+
+        options.refreshMinIntervalSeconds = 60
+        let repriced = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day.addingTimeInterval(61),
+            options: options)
+        let priorityCost = (80.0 * 5e-6) + (20.0 * 5e-7) + (10.0 * 3e-5)
+
+        #expect(repriced.summary?.totalCostUSD == priorityCost)
+        let breakdown = try #require(repriced.data.first?.modelBreakdowns?.first)
+        #expect(breakdown.priorityCostUSD == priorityCost)
+        #expect(breakdown.priorityTokens == 110)
+    }
+
+    @Test
+    func `codex daily report falls back to session model for unpriced priority alias`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let entries: [[String: Any]] = [
+            ["type": "turn_context", "timestamp": iso0, "payload": ["model": "gpt-5.4"]],
+            ["type": "event_msg", "timestamp": iso1, "payload": ["type": "task_started", "turn_id": "priority-turn"]],
+            self.tokenCount(timestamp: iso1, input: 100, cached: 20, output: 10),
+        ]
+        _ = try env.writeCodexSessionFile(day: day, filename: "session.jsonl", contents: env.jsonl(entries))
+
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try CostUsageScannerCodexPriorityTests.createTestLogsDatabase(at: dbURL)
+        try self.insertPriorityTrace(dbURL: dbURL, timestamp: iso1, model: "codex-auto-review")
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: dbURL)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        let priorityCost = (80.0 * 5e-6) + (20.0 * 5e-7) + (10.0 * 3e-5)
+
+        #expect(report.summary?.totalCostUSD == priorityCost)
+        let breakdown = try #require(report.data.first?.modelBreakdowns?.first)
+        #expect(breakdown.priorityCostUSD == priorityCost)
+        #expect(breakdown.priorityTokens == 110)
+    }
+
+    @Test
+    func `codex daily report keeps base cost when sqlite metadata is missing`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let entries: [[String: Any]] = [
+            ["type": "turn_context", "timestamp": iso0, "payload": ["model": "gpt-5.5"]],
+            ["type": "event_msg", "timestamp": iso1, "payload": ["type": "task_started", "turn_id": "priority-turn"]],
+            self.tokenCount(timestamp: iso1, input: 100, cached: 20, output: 10),
+        ]
+        _ = try env.writeCodexSessionFile(day: day, filename: "session.jsonl", contents: env.jsonl(entries))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: env.root.appendingPathComponent("missing.sqlite"))
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        let expected = (80.0 * 5e-6) + (20.0 * 5e-7) + (10.0 * 3e-5)
+
+        #expect(report.summary?.totalCostUSD == expected)
+        let breakdown = try #require(report.data.first?.modelBreakdowns?.first)
+        #expect(breakdown.costUSD == expected)
+        #expect(breakdown.standardCostUSD == nil)
+        #expect(breakdown.priorityCostUSD == nil)
+        #expect(breakdown.standardTokens == nil)
+        #expect(breakdown.priorityTokens == nil)
+    }
+
+    @Test
+    func `codex daily report attributes base priced priority rows to fast bucket`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let entries: [[String: Any]] = [
+            ["type": "turn_context", "timestamp": iso0, "payload": ["model": "gpt-5.4-nano"]],
+            ["type": "event_msg", "timestamp": iso1, "payload": ["type": "task_started", "turn_id": "priority-turn"]],
+            self.tokenCount(timestamp: iso1, input: 100, cached: 20, output: 10),
+        ]
+        _ = try env.writeCodexSessionFile(day: day, filename: "session.jsonl", contents: env.jsonl(entries))
+
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try CostUsageScannerCodexPriorityTests.createTestLogsDatabase(at: dbURL)
+        try self.insertPriorityTrace(dbURL: dbURL, timestamp: iso1, model: "gpt-5.4-nano")
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: dbURL)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        let expected = (80.0 * 2e-7) + (20.0 * 2e-8) + (10.0 * 1.25e-6)
+
+        let breakdown = try #require(report.data.first?.modelBreakdowns?.first)
+        #expect(abs((report.summary?.totalCostUSD ?? 0) - expected) < 0.000_000_001)
+        #expect(abs((breakdown.costUSD ?? 0) - expected) < 0.000_000_001)
+        #expect(breakdown.standardCostUSD == nil)
+        #expect(abs((breakdown.priorityCostUSD ?? 0) - expected) < 0.000_000_001)
+        #expect(breakdown.standardTokens == nil)
+        #expect(breakdown.priorityTokens == 110)
+    }
+
+    @Test
+    func `codex pricing skips priority surcharge for long context rows`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let iso2 = env.isoString(for: day.addingTimeInterval(2))
+        let iso3 = env.isoString(for: day.addingTimeInterval(3))
+        let entries: [[String: Any]] = [
+            ["type": "turn_context", "timestamp": iso0, "payload": ["model": "gpt-5.5"]],
+            ["type": "event_msg", "timestamp": iso1, "payload": ["type": "task_started", "turn_id": "standard-turn"]],
+            self.tokenCount(timestamp: iso1, input: 272_001, cached: 0, output: 10),
+            ["type": "event_msg", "timestamp": iso2, "payload": ["type": "task_started", "turn_id": "priority-turn"]],
+            self.tokenCount(timestamp: iso2, input: 300_000, cached: 0, output: 5),
+            self.tokenCount(timestamp: iso3, input: 100_001, cached: 0, output: 5),
+        ]
+        _ = try env.writeCodexSessionFile(day: day, filename: "session.jsonl", contents: env.jsonl(entries))
+
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try CostUsageScannerCodexPriorityTests.createTestLogsDatabase(at: dbURL)
+        try self.insertPriorityTrace(dbURL: dbURL, timestamp: iso2)
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: dbURL)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        let standardTurnBase = (272_001.0 * 1e-5) + (10.0 * 4.5e-5)
+        let standardFirstRow = (300_000.0 * 1e-5) + (5.0 * 4.5e-5)
+        let prioritySecondRow = (100_001.0 * 1.25e-5) + (5.0 * 7.5e-5)
+
+        let expected = standardTurnBase + standardFirstRow + prioritySecondRow
+        #expect(abs((report.summary?.totalCostUSD ?? 0) - expected) < 0.000_000_001)
+    }
+
+    @Test
+    func `codex cumulative totals do not trigger long context pricing`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let iso2 = env.isoString(for: day.addingTimeInterval(2))
+        let iso3 = env.isoString(for: day.addingTimeInterval(3))
+        let entries: [[String: Any]] = [
+            ["type": "turn_context", "timestamp": iso0, "payload": ["model": "gpt-5.5"]],
+            ["type": "event_msg", "timestamp": iso1, "payload": ["type": "task_started", "turn_id": "standard-turn"]],
+            self.totalTokenCount(timestamp: iso1, input: 120_000, cached: 60000, output: 100),
+            self.totalTokenCount(timestamp: iso2, input: 240_000, cached: 120_000, output: 200),
+            ["type": "event_msg", "timestamp": iso3, "payload": ["type": "task_started", "turn_id": "priority-turn"]],
+            self.totalTokenCount(timestamp: iso3, input: 360_000, cached: 180_000, output: 300),
+        ]
+        _ = try env.writeCodexSessionFile(day: day, filename: "session.jsonl", contents: env.jsonl(entries))
+
+        let dbURL = env.root.appendingPathComponent("logs_2.sqlite")
+        try CostUsageScannerCodexPriorityTests.createTestLogsDatabase(at: dbURL)
+        try self.insertPriorityTrace(dbURL: dbURL, timestamp: iso3)
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: env.codexSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            codexTraceDatabaseURL: dbURL)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        let standardRow = (Double(60000) * 5e-6) + (Double(60000) * 5e-7) + (Double(100) * 3e-5)
+        let priorityRow = (Double(60000) * 1.25e-5) + (Double(60000) * 1.25e-6) + (Double(100) * 7.5e-5)
+        let expected = standardRow + standardRow + priorityRow
+
+        #expect(abs((report.summary?.totalCostUSD ?? 0) - expected) < 0.000_000_001)
+    }
+
+    private func tokenCount(timestamp: String, input: Int, cached: Int, output: Int) -> [String: Any] {
+        [
+            "type": "event_msg",
+            "timestamp": timestamp,
+            "payload": [
+                "type": "token_count",
+                "info": [
+                    "last_token_usage": [
+                        "input_tokens": input,
+                        "cached_input_tokens": cached,
+                        "output_tokens": output,
+                    ],
+                ],
+            ],
+        ]
+    }
+
+    private func totalTokenCount(timestamp: String, input: Int, cached: Int, output: Int) -> [String: Any] {
+        [
+            "type": "event_msg",
+            "timestamp": timestamp,
+            "payload": [
+                "type": "token_count",
+                "info": [
+                    "total_token_usage": [
+                        "input_tokens": input,
+                        "cached_input_tokens": cached,
+                        "output_tokens": output,
+                    ],
+                ],
+            ],
+        ]
+    }
+
+    private func insertPriorityTrace(dbURL: URL, timestamp: String, model: String = "gpt-5.5") throws {
+        try CostUsageScannerCodexPriorityTests.insertTestLog(
+            dbURL: dbURL,
+            timestamp: timestamp,
+            body: "thread_id=thread turn.id=priority-turn websocket request: "
+                + #"{"type":"response.create","model":""# + model + #"","service_tier":"priority"}"#)
+    }
+}
+#endif
diff --git a/Tests/CodexBarTests/CostUsageScannerTests.swift b/Tests/CodexBarTests/CostUsageScannerTests.swift
index ecad8208d..2b9dd7abe 100644
--- a/Tests/CodexBarTests/CostUsageScannerTests.swift
+++ b/Tests/CodexBarTests/CostUsageScannerTests.swift
@@ -2,213 +2,9 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct CostUsageScannerTests {
     @Test
-    func codexDailyReportParsesTokenCountsAndCaches() throws {
-        let env = try CostUsageTestEnvironment()
-        defer { env.cleanup() }
-
-        let day = try env.makeLocalNoon(year: 2025, month: 12, day: 20)
-        let iso0 = env.isoString(for: day)
-        let iso1 = env.isoString(for: day.addingTimeInterval(1))
-        let iso2 = env.isoString(for: day.addingTimeInterval(2))
-
-        let model = "openai/gpt-5.2-codex"
-        let turnContext: [String: Any] = [
-            "type": "turn_context",
-            "timestamp": iso0,
-            "payload": [
-                "model": model,
-            ],
-        ]
-        let firstTokenCount: [String: Any] = [
-            "type": "event_msg",
-            "timestamp": iso1,
-            "payload": [
-                "type": "token_count",
-                "info": [
-                    "total_token_usage": [
-                        "input_tokens": 100,
-                        "cached_input_tokens": 20,
-                        "output_tokens": 10,
-                    ],
-                    "model": model,
-                ],
-            ],
-        ]
-
-        let fileURL = try env.writeCodexSessionFile(
-            day: day,
-            filename: "session.jsonl",
-            contents: env.jsonl([turnContext, firstTokenCount]))
-
-        var options = CostUsageScanner.Options(
-            codexSessionsRoot: env.codexSessionsRoot,
-            claudeProjectsRoots: nil,
-            cacheRoot: env.cacheRoot)
-        options.refreshMinIntervalSeconds = 0
-
-        let first = CostUsageScanner.loadDailyReport(
-            provider: .codex,
-            since: day,
-            until: day,
-            now: day,
-            options: options)
-        #expect(first.data.count == 1)
-        #expect(first.data[0].modelsUsed == ["gpt-5.2"])
-        #expect(first.data[0].totalTokens == 110)
-        #expect((first.data[0].costUSD ?? 0) > 0)
-
-        let secondTokenCount: [String: Any] = [
-            "type": "event_msg",
-            "timestamp": iso2,
-            "payload": [
-                "type": "token_count",
-                "info": [
-                    "total_token_usage": [
-                        "input_tokens": 160,
-                        "cached_input_tokens": 40,
-                        "output_tokens": 16,
-                    ],
-                    "model": model,
-                ],
-            ],
-        ]
-        try env.jsonl([turnContext, firstTokenCount, secondTokenCount])
-            .write(to: fileURL, atomically: true, encoding: .utf8)
-
-        let second = CostUsageScanner.loadDailyReport(
-            provider: .codex,
-            since: day,
-            until: day,
-            now: day,
-            options: options)
-        #expect(second.data.count == 1)
-        #expect(second.data[0].totalTokens == 176)
-        #expect((second.data[0].costUSD ?? 0) > (first.data[0].costUSD ?? 0))
-    }
-
-    @Test
-    func codexDailyReportIncludesArchivedSessionsAndDedupes() throws {
-        let env = try CostUsageTestEnvironment()
-        defer { env.cleanup() }
-
-        let day = try env.makeLocalNoon(year: 2025, month: 12, day: 22)
-        let iso0 = env.isoString(for: day)
-        let iso1 = env.isoString(for: day.addingTimeInterval(1))
-
-        let model = "openai/gpt-5.2-codex"
-        let sessionMeta: [String: Any] = [
-            "type": "session_meta",
-            "payload": [
-                "session_id": "sess-archived-1",
-            ],
-        ]
-        let turnContext: [String: Any] = [
-            "type": "turn_context",
-            "timestamp": iso0,
-            "payload": [
-                "model": model,
-            ],
-        ]
-        let tokenCount: [String: Any] = [
-            "type": "event_msg",
-            "timestamp": iso1,
-            "payload": [
-                "type": "token_count",
-                "info": [
-                    "total_token_usage": [
-                        "input_tokens": 100,
-                        "cached_input_tokens": 20,
-                        "output_tokens": 10,
-                    ],
-                    "model": model,
-                ],
-            ],
-        ]
-
-        let comps = Calendar.current.dateComponents([.year, .month, .day], from: day)
-        let dayKey = String(format: "%04d-%02d-%02d", comps.year ?? 1970, comps.month ?? 1, comps.day ?? 1)
-        let archivedName = "rollout-\(dayKey)T12-00-00-archived.jsonl"
-        let contents = try env.jsonl([sessionMeta, turnContext, tokenCount])
-        _ = try env.writeCodexArchivedSessionFile(filename: archivedName, contents: contents)
-
-        var options = CostUsageScanner.Options(
-            codexSessionsRoot: env.codexSessionsRoot,
-            claudeProjectsRoots: nil,
-            cacheRoot: env.cacheRoot)
-        options.refreshMinIntervalSeconds = 0
-
-        let first = CostUsageScanner.loadDailyReport(
-            provider: .codex,
-            since: day,
-            until: day,
-            now: day,
-            options: options)
-        #expect(first.data.count == 1)
-        #expect(first.data[0].totalTokens == 110)
-
-        _ = try env.writeCodexSessionFile(day: day, filename: "session.jsonl", contents: contents)
-        let second = CostUsageScanner.loadDailyReport(
-            provider: .codex,
-            since: day,
-            until: day,
-            now: day,
-            options: options)
-        #expect(second.data.count == 1)
-        #expect(second.data[0].totalTokens == 110)
-    }
-
-    @Test
-    func claudeDailyReportParsesUsageAndCaches() throws {
-        let env = try CostUsageTestEnvironment()
-        defer { env.cleanup() }
-
-        let day = try env.makeLocalNoon(year: 2025, month: 12, day: 20)
-        let iso0 = env.isoString(for: day)
-
-        let assistant: [String: Any] = [
-            "type": "assistant",
-            "timestamp": iso0,
-            "message": [
-                "model": "claude-sonnet-4-20250514",
-                "usage": [
-                    "input_tokens": 200,
-                    "cache_creation_input_tokens": 50,
-                    "cache_read_input_tokens": 25,
-                    "output_tokens": 80,
-                ],
-            ],
-        ]
-        _ = try env.writeClaudeProjectFile(
-            relativePath: "project-a/session-a.jsonl",
-            contents: env.jsonl([assistant]))
-
-        var options = CostUsageScanner.Options(
-            codexSessionsRoot: nil,
-            claudeProjectsRoots: [env.claudeProjectsRoot],
-            cacheRoot: env.cacheRoot)
-        options.refreshMinIntervalSeconds = 0
-
-        let report = CostUsageScanner.loadDailyReport(
-            provider: .claude,
-            since: day,
-            until: day,
-            now: day,
-            options: options)
-        #expect(report.data.count == 1)
-        #expect(report.data[0].modelsUsed == ["claude-sonnet-4-20250514"])
-        #expect(report.data[0].inputTokens == 200)
-        #expect(report.data[0].cacheCreationTokens == 50)
-        #expect(report.data[0].cacheReadTokens == 25)
-        #expect(report.data[0].outputTokens == 80)
-        #expect(report.data[0].totalTokens == 355)
-        #expect((report.data[0].costUSD ?? 0) > 0)
-    }
-
-    @Test
-    func vertexDailyReportFiltersClaudeLogs() throws {
+    func `vertex daily report filters claude logs`() throws {
         let env = try CostUsageTestEnvironment()
         defer { env.cleanup() }
 
@@ -274,7 +70,7 @@ struct CostUsageScannerTests {
     }
 
     @Test
-    func vertexDailyReportDetectsByVrtxIdPrefix() throws {
+    func `vertex daily report detects by vrtx id prefix`() throws {
         let env = try CostUsageTestEnvironment()
         defer { env.cleanup() }
 
@@ -355,7 +151,82 @@ struct CostUsageScannerTests {
     }
 
     @Test
-    func claudeParsesLargeLinesWithUsageAtTail() throws {
+    func `claude report preserves per-request threshold pricing`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 9)
+        let first = env.isoString(for: day)
+        let second = env.isoString(for: day.addingTimeInterval(1))
+        let model = "claude-sonnet-4-6"
+        let firstEntry: [String: Any] = [
+            "type": "assistant",
+            "timestamp": first,
+            "requestId": "req_one",
+            "message": [
+                "id": "msg_one",
+                "model": model,
+                "usage": [
+                    "input_tokens": 150_000,
+                    "output_tokens": 0,
+                ],
+            ],
+        ]
+        let secondEntry: [String: Any] = [
+            "type": "assistant",
+            "timestamp": second,
+            "requestId": "req_two",
+            "message": [
+                "id": "msg_two",
+                "model": model,
+                "usage": [
+                    "input_tokens": 150_000,
+                    "output_tokens": 0,
+                ],
+            ],
+        ]
+
+        _ = try env.writeClaudeProjectFile(
+            relativePath: "project-a/threshold.jsonl",
+            contents: env.jsonl([firstEntry, secondEntry]))
+
+        var options = CostUsageScanner.Options(
+            codexSessionsRoot: nil,
+            claudeProjectsRoots: [env.claudeProjectsRoot],
+            cacheRoot: env.cacheRoot)
+        options.refreshMinIntervalSeconds = 0
+
+        let report = CostUsageScanner.loadDailyReport(
+            provider: .claude,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        let expectedRequestCost = CostUsagePricing.claudeCostUSD(
+            model: model,
+            inputTokens: 150_000,
+            cacheReadInputTokens: 0,
+            cacheCreationInputTokens: 0,
+            outputTokens: 0,
+            modelsDevCacheRoot: env.cacheRoot) ?? 0
+        let aggregateCost = CostUsagePricing.claudeCostUSD(
+            model: model,
+            inputTokens: 300_000,
+            cacheReadInputTokens: 0,
+            cacheCreationInputTokens: 0,
+            outputTokens: 0,
+            modelsDevCacheRoot: env.cacheRoot) ?? 0
+        let expectedCost = expectedRequestCost * 2
+
+        #expect(report.data.count == 1)
+        #expect(report.data.first?.inputTokens == 300_000)
+        #expect(abs((report.data.first?.costUSD ?? 0) - expectedCost) < 0.000001)
+        #expect(abs((report.data.first?.costUSD ?? 0) - aggregateCost) > 0.000001)
+        #expect(abs((report.data.first?.modelBreakdowns?.first?.costUSD ?? 0) - expectedCost) < 0.000001)
+    }
+
+    @Test
+    func `claude parses large lines with usage at tail`() throws {
         let env = try CostUsageTestEnvironment()
         defer { env.cleanup() }
 
@@ -400,7 +271,7 @@ struct CostUsageScannerTests {
     }
 
     @Test
-    func claudeDailyReportRefreshesWhenFileChanges() throws {
+    func `claude daily report refreshes when file changes`() throws {
         let env = try CostUsageTestEnvironment()
         defer { env.cleanup() }
 
@@ -465,7 +336,7 @@ struct CostUsageScannerTests {
     }
 
     @Test
-    func codexIncrementalParsingUsesPreviousTotals() throws {
+    func `codex incremental parsing uses previous totals`() throws {
         let env = try CostUsageTestEnvironment()
         defer { env.cleanup() }
 
@@ -476,6 +347,7 @@ struct CostUsageScannerTests {
 
         let model = "openai/gpt-5.2-codex"
         let normalized = CostUsagePricing.normalizeCodexModel(model)
+        #expect(normalized == "gpt-5.2-codex")
         let turnContext: [String: Any] = [
             "type": "turn_context",
             "timestamp": iso0,
@@ -544,7 +416,92 @@ struct CostUsageScannerTests {
     }
 
     @Test
-    func claudeIncrementalParsingReadsAppendedLinesOnly() throws {
+    func `codex incremental parsing keeps current turn id`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let iso0 = env.isoString(for: day)
+        let iso1 = env.isoString(for: day.addingTimeInterval(1))
+        let iso2 = env.isoString(for: day.addingTimeInterval(2))
+        let iso3 = env.isoString(for: day.addingTimeInterval(3))
+
+        let model = "openai/gpt-5.5"
+        let turnID = "22222222-2222-2222-2222-222222222222"
+        let turnContext: [String: Any] = [
+            "type": "turn_context",
+            "timestamp": iso0,
+            "payload": [
+                "model": model,
+            ],
+        ]
+        let taskStarted: [String: Any] = [
+            "type": "event_msg",
+            "timestamp": iso1,
+            "payload": [
+                "type": "task_started",
+                "id": turnID,
+            ],
+        ]
+        let firstTokenCount: [String: Any] = [
+            "type": "event_msg",
+            "timestamp": iso2,
+            "payload": [
+                "type": "token_count",
+                "info": [
+                    "total_token_usage": [
+                        "input_tokens": 100,
+                        "cached_input_tokens": 20,
+                        "output_tokens": 10,
+                    ],
+                ],
+            ],
+        ]
+
+        let fileURL = try env.writeCodexSessionFile(
+            day: day,
+            filename: "priority-session.jsonl",
+            contents: env.jsonl([turnContext, taskStarted, firstTokenCount]))
+        let range = CostUsageScanner.CostUsageDayRange(since: day, until: day)
+
+        let first = CostUsageScanner.parseCodexFile(fileURL: fileURL, range: range)
+        #expect(first.lastCodexTurnID == turnID)
+        #expect(first.rows.map(\.turnID) == [turnID])
+
+        let secondTokenCount: [String: Any] = [
+            "type": "event_msg",
+            "timestamp": iso3,
+            "payload": [
+                "type": "token_count",
+                "info": [
+                    "total_token_usage": [
+                        "input_tokens": 160,
+                        "cached_input_tokens": 40,
+                        "output_tokens": 16,
+                    ],
+                ],
+            ],
+        ]
+        try env.jsonl([turnContext, taskStarted, firstTokenCount, secondTokenCount])
+            .write(to: fileURL, atomically: true, encoding: .utf8)
+
+        let delta = CostUsageScanner.parseCodexFile(
+            fileURL: fileURL,
+            range: range,
+            startOffset: first.parsedBytes,
+            initialModel: first.lastModel,
+            initialTotals: first.lastTotals,
+            initialCodexTurnID: first.lastCodexTurnID)
+
+        #expect(delta.lastCodexTurnID == turnID)
+        #expect(delta.rows.map(\.turnID) == [turnID])
+        #expect(delta.rows.first?.input == 60)
+        #expect(delta.rows.first?.cached == 20)
+        #expect(delta.rows.first?.output == 6)
+    }
+
+    @Test
+    func `claude incremental parsing reads appended lines only`() throws {
         let env = try CostUsageTestEnvironment()
         defer { env.cleanup() }
 
@@ -608,7 +565,7 @@ struct CostUsageScannerTests {
     }
 
     @Test
-    func dayKeyFromTimestampMatchesISOParsing() {
+    func `day key from timestamp matches ISO parsing`() {
         let timestamps = [
             "2025-12-20T23:59:59Z",
             "2025-12-20T23:59:59+02:00",
@@ -622,7 +579,7 @@ struct CostUsageScannerTests {
     }
 
     @Test
-    func claudeDeduplicatesStreamingChunks() throws {
+    func `claude deduplicates streaming chunks`() throws {
         let env = try CostUsageTestEnvironment()
         defer { env.cleanup() }
 
@@ -710,7 +667,7 @@ struct CostUsageScannerTests {
     }
 
     @Test
-    func claudeCountsEntriesWithoutIdsAsSeparate() throws {
+    func `claude counts entries without ids as separate`() throws {
         let env = try CostUsageTestEnvironment()
         defer { env.cleanup() }
 
@@ -774,7 +731,7 @@ struct CostUsageScannerTests {
     }
 
     @Test
-    func claudeCountsDifferentRequestIdsSeparately() throws {
+    func `claude counts different request ids separately`() throws {
         let env = try CostUsageTestEnvironment()
         defer { env.cleanup() }
 
@@ -838,69 +795,16 @@ struct CostUsageScannerTests {
         #expect(report.data[0].outputTokens == 15)
         #expect(report.data[0].totalTokens == 45)
     }
-
-    @Test
-    func jsonlScannerHandlesLinesAcrossReadChunks() throws {
-        let env = try CostUsageTestEnvironment()
-        defer { env.cleanup() }
-
-        let fileURL = env.root.appendingPathComponent("large-lines.jsonl", isDirectory: false)
-        let largeLine = String(repeating: "x", count: 300_000)
-        let contents = "\(largeLine)\nsmall\n"
-        try contents.write(to: fileURL, atomically: true, encoding: .utf8)
-
-        var scanned: [(count: Int, truncated: Bool)] = []
-        let endOffset = try CostUsageJsonl.scan(
-            fileURL: fileURL,
-            maxLineBytes: 400_000,
-            prefixBytes: 400_000)
-        { line in
-            scanned.append((line.bytes.count, line.wasTruncated))
-        }
-
-        #expect(endOffset == Int64(Data(contents.utf8).count))
-        #expect(scanned.count == 2)
-        #expect(scanned[0].count == 300_000)
-        #expect(scanned[0].truncated == false)
-        #expect(scanned[1].count == 5)
-        #expect(scanned[1].truncated == false)
-    }
-
-    @Test
-    func jsonlScannerMarksPrefixLimitedLinesAsTruncated() throws {
-        let env = try CostUsageTestEnvironment()
-        defer { env.cleanup() }
-
-        let fileURL = env.root.appendingPathComponent("truncated-lines.jsonl", isDirectory: false)
-        let shortLine = "ok"
-        let longLine = String(repeating: "a", count: 2000)
-        let contents = "\(shortLine)\n\(longLine)\n"
-        try contents.write(to: fileURL, atomically: true, encoding: .utf8)
-
-        var scanned: [CostUsageJsonl.Line] = []
-        _ = try CostUsageJsonl.scan(
-            fileURL: fileURL,
-            maxLineBytes: 10000,
-            prefixBytes: 64)
-        { line in
-            scanned.append(line)
-        }
-
-        #expect(scanned.count == 2)
-        #expect(String(data: scanned[0].bytes, encoding: .utf8) == "ok")
-        #expect(scanned[0].wasTruncated == false)
-        #expect(scanned[1].bytes.isEmpty)
-        #expect(scanned[1].wasTruncated == true)
-    }
 }
 
-private struct CostUsageTestEnvironment {
+struct CostUsageTestEnvironment {
     let root: URL
     let cacheRoot: URL
     let codexHomeRoot: URL
     let codexSessionsRoot: URL
     let codexArchivedSessionsRoot: URL
     let claudeProjectsRoot: URL
+    let piSessionsRoot: URL
 
     init() throws {
         let root = FileManager.default.temporaryDirectory.appendingPathComponent(
@@ -914,10 +818,12 @@ private struct CostUsageTestEnvironment {
         self.codexArchivedSessionsRoot = self.codexHomeRoot
             .appendingPathComponent("archived_sessions", isDirectory: true)
         self.claudeProjectsRoot = root.appendingPathComponent("claude-projects", isDirectory: true)
+        self.piSessionsRoot = root.appendingPathComponent("pi-sessions", isDirectory: true)
         try FileManager.default.createDirectory(at: self.cacheRoot, withIntermediateDirectories: true)
         try FileManager.default.createDirectory(at: self.codexSessionsRoot, withIntermediateDirectories: true)
         try FileManager.default.createDirectory(at: self.codexArchivedSessionsRoot, withIntermediateDirectories: true)
         try FileManager.default.createDirectory(at: self.claudeProjectsRoot, withIntermediateDirectories: true)
+        try FileManager.default.createDirectory(at: self.piSessionsRoot, withIntermediateDirectories: true)
     }
 
     func cleanup() {
@@ -974,6 +880,13 @@ private struct CostUsageTestEnvironment {
         return url
     }
 
+    func writePiSessionFile(relativePath: String, contents: String) throws -> URL {
+        let url = self.piSessionsRoot.appendingPathComponent(relativePath, isDirectory: false)
+        try FileManager.default.createDirectory(at: url.deletingLastPathComponent(), withIntermediateDirectories: true)
+        try contents.write(to: url, atomically: true, encoding: .utf8)
+        return url
+    }
+
     func jsonl(_ objects: [Any]) throws -> String {
         let lines = try objects.map { obj in
             let data = try JSONSerialization.data(withJSONObject: obj)
diff --git a/Tests/CodexBarTests/CrofMenuCardTests.swift b/Tests/CodexBarTests/CrofMenuCardTests.swift
new file mode 100644
index 000000000..ade932a3a
--- /dev/null
+++ b/Tests/CodexBarTests/CrofMenuCardTests.swift
@@ -0,0 +1,44 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct CrofMenuCardTests {
+    @Test
+    func `model shows request count and avoids duplicate credits section`() throws {
+        let now = Date()
+        let metadata = try #require(ProviderDefaults.metadata[.crof])
+        let snapshot = CrofUsageSnapshot(
+            credits: 10,
+            requestsPlan: 1000,
+            usableRequests: 998,
+            updatedAt: now).toUsageSnapshot()
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .crof,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.creditsText == nil)
+        #expect(model.metrics.map(\.title) == ["Requests", "Credits"])
+        #expect(model.metrics.first?.percent == 99)
+        #expect(model.metrics.first?.resetText?.hasPrefix("Resets") == true)
+        #expect(model.metrics.first?.detailRightText == "998 requests left")
+        #expect(model.metrics.last?.resetText == "$10.00")
+    }
+}
diff --git a/Tests/CodexBarTests/CrofProviderImplementationTests.swift b/Tests/CodexBarTests/CrofProviderImplementationTests.swift
new file mode 100644
index 000000000..ed30b5200
--- /dev/null
+++ b/Tests/CodexBarTests/CrofProviderImplementationTests.swift
@@ -0,0 +1,52 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@MainActor
+struct CrofProviderImplementationTests {
+    @Test
+    func `availability uses crof environment token`() throws {
+        let settings = try Self.makeSettings(suite: "CrofProviderImplementationTests-env")
+        let implementation = CrofProviderImplementation()
+
+        let context = ProviderAvailabilityContext(
+            provider: .crof,
+            settings: settings,
+            environment: [CrofSettingsReader.apiKeyEnvironmentKeys[0]: "env-token"])
+
+        #expect(implementation.isAvailable(context: context))
+    }
+
+    @Test
+    func `availability uses stored crof API token`() throws {
+        let settings = try Self.makeSettings(suite: "CrofProviderImplementationTests-settings")
+        settings.crofAPIToken = "stored-token"
+        let implementation = CrofProviderImplementation()
+
+        let context = ProviderAvailabilityContext(provider: .crof, settings: settings, environment: [:])
+
+        #expect(implementation.isAvailable(context: context))
+    }
+
+    @Test
+    func `availability rejects missing crof API token`() throws {
+        let settings = try Self.makeSettings(suite: "CrofProviderImplementationTests-missing")
+        settings.crofAPIToken = "   "
+        let implementation = CrofProviderImplementation()
+
+        let context = ProviderAvailabilityContext(provider: .crof, settings: settings, environment: [:])
+
+        #expect(!implementation.isAvailable(context: context))
+    }
+
+    private static func makeSettings(suite: String) throws -> SettingsStore {
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+    }
+}
diff --git a/Tests/CodexBarTests/CrofUsageFetcherTests.swift b/Tests/CodexBarTests/CrofUsageFetcherTests.swift
new file mode 100644
index 000000000..43ae3d99d
--- /dev/null
+++ b/Tests/CodexBarTests/CrofUsageFetcherTests.swift
@@ -0,0 +1,236 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct CrofUsageFetcherTests {
+    @Test
+    func `usage URL points at public usage API`() {
+        #expect(CrofUsageFetcher.usageURL.absoluteString == "https://crof.ai/usage_api/")
+    }
+
+    @Test
+    func `usage response parses credits and request quota`() throws {
+        let json = """
+        {"credits":10.0,"requests_plan":1000,"usable_requests":998}
+        """
+
+        let snapshot = try CrofUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+
+        #expect(snapshot.credits == 10)
+        #expect(snapshot.requestsPlan == 1000)
+        #expect(snapshot.usableRequests == 998)
+    }
+
+    @Test
+    func `usage snapshot maps usable requests to remaining quota`() {
+        let snapshot = CrofUsageSnapshot(
+            credits: 10,
+            requestsPlan: 1000,
+            usableRequests: 998,
+            updatedAt: Date(timeIntervalSince1970: 1_777_800_000))
+
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.primary?.usedPercent == 1)
+        #expect(usage.primary?.windowMinutes == 1440)
+        #expect(usage.primary?.resetDescription == "998 requests left")
+        #expect(usage.secondary?.usedPercent == 0)
+        #expect(usage.secondary?.resetDescription == "$10.00")
+        #expect(usage.identity?.providerID == .crof)
+        #expect(usage.identity?.loginMethod == "API key")
+    }
+
+    @Test
+    func `usage snapshot floors credit balance to cents`() {
+        let snapshot = CrofUsageSnapshot(
+            credits: 9.9999,
+            requestsPlan: 1000,
+            usableRequests: 998)
+
+        #expect(snapshot.toUsageSnapshot().secondary?.resetDescription == "$9.99")
+    }
+
+    @Test
+    func `usage snapshot resets requests at next America Chicago midnight`() throws {
+        var utc = Calendar(identifier: .gregorian)
+        utc.timeZone = try #require(TimeZone(secondsFromGMT: 0))
+        let updatedAt = try #require(utc.date(from: DateComponents(
+            year: 2026,
+            month: 5,
+            day: 8,
+            hour: 18,
+            minute: 30)))
+        let expectedReset = try #require(utc.date(from: DateComponents(
+            year: 2026,
+            month: 5,
+            day: 9,
+            hour: 5)))
+        let snapshot = CrofUsageSnapshot(
+            credits: 10,
+            requestsPlan: 1000,
+            usableRequests: 998,
+            updatedAt: updatedAt)
+
+        #expect(snapshot.toUsageSnapshot().primary?.resetsAt == expectedReset)
+    }
+
+    @Test
+    func `usage snapshot clamps overreported usable requests`() {
+        let snapshot = CrofUsageSnapshot(
+            credits: 0,
+            requestsPlan: 1000,
+            usableRequests: 1200)
+
+        #expect(snapshot.toUsageSnapshot().primary?.usedPercent == 0)
+    }
+
+    @Test
+    func `usage snapshot treats zero plan as exhausted`() {
+        let snapshot = CrofUsageSnapshot(
+            credits: 0,
+            requestsPlan: 0,
+            usableRequests: 0)
+
+        #expect(snapshot.toUsageSnapshot().primary?.usedPercent == 100)
+    }
+
+    @Test
+    func `fetch sends bearer token`() async throws {
+        defer {
+            CrofStubURLProtocol.handler = nil
+            CrofStubURLProtocol.requests = []
+        }
+        CrofStubURLProtocol.requests = []
+        CrofStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            #expect(request.value(forHTTPHeaderField: "Authorization") == "Bearer crof-test")
+            #expect(request.value(forHTTPHeaderField: "Accept") == "application/json")
+            return try Self.makeResponse(
+                url: url,
+                body: #"{"credits":10.0,"requests_plan":1000,"usable_requests":998}"#)
+        }
+
+        let snapshot = try await CrofUsageFetcher.fetchUsage(apiKey: "crof-test", session: Self.makeSession())
+
+        #expect(snapshot.usableRequests == 998)
+        #expect(CrofStubURLProtocol.requests.map(\.url?.absoluteString) == ["https://crof.ai/usage_api/"])
+    }
+
+    @Test
+    func `descriptor supports auto and API source modes`() {
+        let descriptor = ProviderDescriptorRegistry.descriptor(for: .crof)
+        #expect(descriptor.metadata.displayName == "Crof")
+        #expect(descriptor.metadata.dashboardURL == "https://crof.ai/dashboard")
+        #expect(descriptor.fetchPlan.sourceModes == [.auto, .api])
+        #expect(descriptor.branding.iconResourceName == "ProviderIcon-crof")
+    }
+
+    @Test
+    func `settings reader uses CROF_API_KEY`() {
+        let token = CrofSettingsReader.apiKey(environment: [
+            CrofSettingsReader.apiKeyEnvironmentKeys[0]: "  crof-token  ",
+        ])
+
+        #expect(token == "crof-token")
+    }
+
+    @Test
+    func `token resolver uses crof environment token`() {
+        let env = [CrofSettingsReader.apiKeyEnvironmentKeys[0]: "crof-token"]
+        let resolution = ProviderTokenResolver.crofResolution(environment: env)
+
+        #expect(resolution?.token == "crof-token")
+        #expect(resolution?.source == .environment)
+    }
+
+    @Test
+    func `config API key override feeds crof environment`() {
+        let config = ProviderConfig(id: .crof, apiKey: "config-token")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [:],
+            provider: .crof,
+            config: config)
+
+        #expect(env[CrofSettingsReader.apiKeyEnvironmentKeys[0]] == "config-token")
+        #expect(ProviderTokenResolver.crofToken(environment: env) == "config-token")
+    }
+
+    @Test
+    func `config API key leaves existing crof environment token alone`() {
+        let key = CrofSettingsReader.apiKeyEnvironmentKeys[0]
+        let config = ProviderConfig(id: .crof, apiKey: "config-token")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [key: "env-token"],
+            provider: .crof,
+            config: config)
+
+        #expect(env[key] == "env-token")
+        #expect(ProviderTokenResolver.crofToken(environment: env) == "env-token")
+    }
+
+    @Test
+    func `missing credentials fetch call throws missing credentials`() async {
+        do {
+            _ = try await CrofUsageFetcher.fetchUsage(apiKey: "   ")
+            Issue.record("Expected missingCredentials error")
+        } catch let error as CrofUsageError {
+            #expect(error == .missingCredentials)
+        } catch {
+            Issue.record("Unexpected error: \(error)")
+        }
+    }
+
+    private static func makeSession() -> URLSession {
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [CrofStubURLProtocol.self]
+        return URLSession(configuration: config)
+    }
+
+    private static func makeResponse(
+        url: URL,
+        body: String,
+        statusCode: Int = 200) throws -> (HTTPURLResponse, Data)
+    {
+        guard let response = HTTPURLResponse(
+            url: url,
+            statusCode: statusCode,
+            httpVersion: nil,
+            headerFields: ["Content-Type": "application/json"])
+        else {
+            throw URLError(.badServerResponse)
+        }
+        return (response, Data(body.utf8))
+    }
+}
+
+final class CrofStubURLProtocol: URLProtocol {
+    nonisolated(unsafe) static var handler: ((URLRequest) throws -> (HTTPURLResponse, Data))?
+    nonisolated(unsafe) static var requests: [URLRequest] = []
+
+    override static func canInit(with request: URLRequest) -> Bool {
+        request.url?.host == "crof.ai"
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        Self.requests.append(self.request)
+        guard let handler = Self.handler else {
+            self.client?.urlProtocol(self, didFailWithError: URLError(.badServerResponse))
+            return
+        }
+        do {
+            let (response, data) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
+}
diff --git a/Tests/CodexBarTests/CursorEnterpriseUsageTests.swift b/Tests/CodexBarTests/CursorEnterpriseUsageTests.swift
new file mode 100644
index 000000000..c6b5dd19b
--- /dev/null
+++ b/Tests/CodexBarTests/CursorEnterpriseUsageTests.swift
@@ -0,0 +1,169 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct CursorEnterpriseUsageTests {
+    @Test
+    func `parses enterprise overall and pooled usage summary`() throws {
+        // Live Cursor Enterprise payload (sanitized). The Pro/Hobby `plan` block is absent;
+        // instead Cursor reports `individualUsage.overall` (personal cap) and `teamUsage.pooled`
+        // (shared team pool). Both blocks use cents like the existing `plan` block.
+        let json = """
+        {
+            "billingCycleStart": "2026-04-01T00:00:00.000Z",
+            "billingCycleEnd": "2026-05-01T00:00:00.000Z",
+            "membershipType": "enterprise",
+            "limitType": "team",
+            "isUnlimited": false,
+            "individualUsage": {
+                "overall": {
+                    "enabled": true,
+                    "used": 7384,
+                    "limit": 10000,
+                    "remaining": 2616
+                }
+            },
+            "teamUsage": {
+                "onDemand": {
+                    "enabled": true,
+                    "used": 0,
+                    "limit": null,
+                    "remaining": null
+                },
+                "pooled": {
+                    "enabled": true,
+                    "used": 12725135,
+                    "limit": 28122000,
+                    "remaining": 15396865
+                }
+            }
+        }
+        """
+        let data = try #require(json.data(using: .utf8))
+        let summary = try JSONDecoder().decode(CursorUsageSummary.self, from: data)
+
+        #expect(summary.membershipType == "enterprise")
+        #expect(summary.limitType == "team")
+        #expect(summary.individualUsage?.plan == nil)
+        #expect(summary.individualUsage?.overall?.used == 7384)
+        #expect(summary.individualUsage?.overall?.limit == 10000)
+        #expect(summary.individualUsage?.overall?.remaining == 2616)
+        #expect(summary.teamUsage?.pooled?.used == 12_725_135)
+        #expect(summary.teamUsage?.pooled?.limit == 28_122_000)
+    }
+
+    @Test
+    func `enterprise overall drives headline percent and dollars`() throws {
+        // Regression: Cursor Enterprise/Team accounts ship `individualUsage.overall` instead of
+        // `individualUsage.plan`. Without a model for `overall`, the parser used to report 0%
+        // (i.e. the menu showed "100% remaining"). The personal cap must take precedence over
+        // any team pool, and USD figures must reflect the same source.
+        let snapshot = CursorStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+            .parseUsageSummary(
+                CursorUsageSummary(
+                    billingCycleStart: "2026-04-01T00:00:00.000Z",
+                    billingCycleEnd: "2026-05-01T00:00:00.000Z",
+                    membershipType: "enterprise",
+                    limitType: "team",
+                    isUnlimited: false,
+                    autoModelSelectedDisplayMessage: nil,
+                    namedModelSelectedDisplayMessage: nil,
+                    individualUsage: CursorIndividualUsage(
+                        plan: nil,
+                        onDemand: nil,
+                        overall: CursorOverallUsage(enabled: true, used: 7384, limit: 10000, remaining: 2616)),
+                    teamUsage: CursorTeamUsage(
+                        onDemand: CursorOnDemandUsage(enabled: true, used: 0, limit: nil, remaining: nil),
+                        pooled: CursorPooledUsage(
+                            enabled: true,
+                            used: 12_725_135,
+                            limit: 28_122_000,
+                            remaining: 15_396_865))),
+                userInfo: nil,
+                rawJSON: nil)
+
+        // Headline: $73.84 / $100 -> 73.84% (matches Cursor's own dashboard).
+        // Allow a tiny tolerance for floating-point division (7384/10000 * 100).
+        #expect(abs(snapshot.planPercentUsed - 73.84) < 0.0001)
+        #expect(snapshot.planUsedUSD == 73.84)
+        #expect(snapshot.planLimitUSD == 100.0)
+        #expect(snapshot.autoPercentUsed == nil)
+        #expect(snapshot.apiPercentUsed == nil)
+
+        let primaryPercent = try #require(snapshot.toUsageSnapshot().primary?.usedPercent)
+        #expect(abs(primaryPercent - 73.84) < 0.0001)
+    }
+
+    @Test
+    func `enterprise pooled fallback used when no individual data`() {
+        // When Cursor only reports a shared team pool (no `plan`, no `overall`) we should still surface
+        // a non-zero headline so the menu reflects pool consumption rather than appearing "all clear".
+        let snapshot = CursorStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+            .parseUsageSummary(
+                CursorUsageSummary(
+                    billingCycleStart: nil,
+                    billingCycleEnd: nil,
+                    membershipType: "enterprise",
+                    limitType: "team",
+                    isUnlimited: false,
+                    autoModelSelectedDisplayMessage: nil,
+                    namedModelSelectedDisplayMessage: nil,
+                    individualUsage: nil,
+                    teamUsage: CursorTeamUsage(
+                        onDemand: nil,
+                        pooled: CursorPooledUsage(
+                            enabled: true,
+                            used: 12_725_135,
+                            limit: 28_122_000,
+                            remaining: 15_396_865))),
+                userInfo: nil,
+                rawJSON: nil)
+
+        #expect(snapshot.planPercentUsed > 45.0)
+        #expect(snapshot.planPercentUsed < 45.5)
+        #expect(snapshot.planUsedUSD == 127_251.35)
+        #expect(snapshot.planLimitUSD == 281_220.0)
+    }
+
+    @Test
+    func `existing plan block still wins over overall and pooled`() {
+        // Guard against future drift: when Cursor sends both legacy `plan` and the newer `overall`
+        // blocks, the existing percent precedence must remain intact.
+        let snapshot = CursorStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+            .parseUsageSummary(
+                CursorUsageSummary(
+                    billingCycleStart: nil,
+                    billingCycleEnd: nil,
+                    membershipType: "pro",
+                    limitType: "user",
+                    isUnlimited: false,
+                    autoModelSelectedDisplayMessage: nil,
+                    namedModelSelectedDisplayMessage: nil,
+                    individualUsage: CursorIndividualUsage(
+                        plan: CursorPlanUsage(
+                            enabled: true,
+                            used: 1500,
+                            limit: 5000,
+                            remaining: 3500,
+                            breakdown: nil,
+                            autoPercentUsed: nil,
+                            apiPercentUsed: nil,
+                            totalPercentUsed: 30.0),
+                        onDemand: nil,
+                        overall: CursorOverallUsage(enabled: true, used: 7384, limit: 10000, remaining: 2616)),
+                    teamUsage: CursorTeamUsage(
+                        onDemand: nil,
+                        pooled: CursorPooledUsage(
+                            enabled: true,
+                            used: 12_725_135,
+                            limit: 28_122_000,
+                            remaining: 15_396_865))),
+                userInfo: nil,
+                rawJSON: nil)
+
+        #expect(snapshot.planPercentUsed == 30.0)
+        #expect(snapshot.planUsedUSD == 15.0)
+        #expect(snapshot.planLimitUSD == 50.0)
+    }
+}
diff --git a/Tests/CodexBarTests/CursorLoginRunnerTests.swift b/Tests/CodexBarTests/CursorLoginRunnerTests.swift
new file mode 100644
index 000000000..16632ebe0
--- /dev/null
+++ b/Tests/CodexBarTests/CursorLoginRunnerTests.swift
@@ -0,0 +1,115 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@MainActor
+struct CursorLoginRunnerTests {
+    private final class LockedArray<Element>: @unchecked Sendable {
+        private let lock = NSLock()
+        private var values: [Element] = []
+
+        func append(_ value: Element) {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            self.values.append(value)
+        }
+
+        func snapshot() -> [Element] {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            return self.values
+        }
+    }
+
+    @Test
+    func `login opens Cursor auth URL in browser before polling cookies`() async {
+        var openedURLs: [URL] = []
+        var phases: [String] = []
+
+        let runner = CursorLoginRunner(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            timeout: 1,
+            pollInterval: 0.01,
+            openURL: { url in
+                openedURLs.append(url)
+                return true
+            },
+            loadSnapshot: {
+                CursorStatusSnapshot(
+                    planPercentUsed: 12,
+                    planUsedUSD: 1,
+                    planLimitUSD: 20,
+                    onDemandUsedUSD: 0,
+                    onDemandLimitUSD: nil,
+                    teamOnDemandUsedUSD: nil,
+                    teamOnDemandLimitUSD: nil,
+                    billingCycleEnd: nil,
+                    membershipType: "pro",
+                    accountEmail: "cursor@example.com",
+                    accountName: nil,
+                    rawJSON: nil)
+            },
+            sleeper: { _ in },
+            resetSessionCache: {})
+
+        let result = await runner.run { phase in
+            switch phase {
+            case .loading: phases.append("loading")
+            case .waitingLogin: phases.append("waitingLogin")
+            case .success: phases.append("success")
+            case let .failed(message): phases.append("failed:\(message)")
+            }
+        }
+
+        #expect(openedURLs == [CursorLoginRunner.authURL])
+        #expect(phases == ["loading", "waitingLogin", "success"])
+        #expect(result.email == "cursor@example.com")
+    }
+
+    @Test
+    func `login clears stale session state before opening auth URL`() async {
+        let events = LockedArray<String>()
+        let runner = CursorLoginRunner(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            timeout: 1,
+            pollInterval: 0.01,
+            openURL: { _ in
+                events.append("open")
+                return true
+            },
+            loadSnapshot: {
+                events.append("poll")
+                throw CursorStatusProbeError.noSessionCookie
+            },
+            sleeper: { _ in },
+            resetSessionCache: {
+                events.append("reset")
+            })
+
+        _ = await runner.run { _ in }
+
+        #expect(Array(events.snapshot().prefix(2)) == ["reset", "open"])
+    }
+
+    @Test
+    func `login reports launch failure when browser cannot open`() async {
+        let runner = CursorLoginRunner(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            openURL: { _ in false },
+            loadSnapshot: {
+                Issue.record("Should not poll cookies when browser launch fails")
+                throw CursorStatusProbeError.noSessionCookie
+            },
+            sleeper: { _ in },
+            resetSessionCache: {})
+
+        let result = await runner.run { _ in }
+
+        guard case let .failed(message) = result.outcome else {
+            Issue.record("Expected failed outcome")
+            return
+        }
+        #expect(message.contains("Could not open Cursor login"))
+    }
+}
diff --git a/Tests/CodexBarTests/CursorStatusProbeTests.swift b/Tests/CodexBarTests/CursorStatusProbeTests.swift
index b92ec265e..e34277f9f 100644
--- a/Tests/CodexBarTests/CursorStatusProbeTests.swift
+++ b/Tests/CodexBarTests/CursorStatusProbeTests.swift
@@ -2,12 +2,12 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
+@Suite(.serialized)
 struct CursorStatusProbeTests {
     // MARK: - Usage Summary Parsing
 
     @Test
-    func parsesBasicUsageSummary() throws {
+    func `parses basic usage summary`() throws {
         let json = """
         {
             "billingCycleStart": "2025-01-01T00:00:00.000Z",
@@ -51,7 +51,7 @@ struct CursorStatusProbeTests {
     }
 
     @Test
-    func parsesMinimalUsageSummary() throws {
+    func `parses minimal usage summary`() throws {
         let json = """
         {
             "membershipType": "hobby",
@@ -73,7 +73,7 @@ struct CursorStatusProbeTests {
     }
 
     @Test
-    func parsesEnterpriseUsageSummary() throws {
+    func `parses enterprise usage summary`() throws {
         let json = """
         {
             "membershipType": "enterprise",
@@ -99,7 +99,7 @@ struct CursorStatusProbeTests {
     // MARK: - User Info Parsing
 
     @Test
-    func parsesUserInfo() throws {
+    func `parses user info`() throws {
         let json = """
         {
             "email": "user@example.com",
@@ -120,7 +120,7 @@ struct CursorStatusProbeTests {
     // MARK: - Snapshot Conversion
 
     @Test
-    func prefersPlanRatioOverPercentField() {
+    func `prefers plan ratio over percent field`() {
         let snapshot = CursorStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
             .parseUsageSummary(
                 CursorUsageSummary(
@@ -146,11 +146,12 @@ struct CursorStatusProbeTests {
                 userInfo: nil,
                 rawJSON: nil)
 
-        #expect(snapshot.planPercentUsed == 9.8)
+        // totalPercentUsed is already expressed in percentage units.
+        #expect(snapshot.planPercentUsed == 0.40625)
     }
 
     @Test
-    func usesPercentFieldWhenLimitMissing() {
+    func `uses percent field when limit missing`() {
         let snapshot = CursorStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
             .parseUsageSummary(
                 CursorUsageSummary(
@@ -176,13 +177,152 @@ struct CursorStatusProbeTests {
                 userInfo: nil,
                 rawJSON: nil)
 
-        #expect(snapshot.planPercentUsed == 50.0)
+        #expect(snapshot.planPercentUsed == 0.5)
     }
 
     @Test
-    func convertsSnapshotToUsageSnapshot() {
+    func `headline total prefers provided total percent over lane average`() {
+        let snapshot = CursorStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+            .parseUsageSummary(
+                CursorUsageSummary(
+                    billingCycleStart: nil,
+                    billingCycleEnd: nil,
+                    membershipType: "pro",
+                    limitType: nil,
+                    isUnlimited: false,
+                    autoModelSelectedDisplayMessage: nil,
+                    namedModelSelectedDisplayMessage: nil,
+                    individualUsage: CursorIndividualUsage(
+                        plan: CursorPlanUsage(
+                            enabled: true,
+                            used: 5400,
+                            limit: 2000,
+                            remaining: nil,
+                            breakdown: nil,
+                            autoPercentUsed: 0,
+                            apiPercentUsed: 0.01,
+                            totalPercentUsed: 0.27),
+                        onDemand: nil),
+                    teamUsage: nil),
+                userInfo: nil,
+                rawJSON: nil)
+
+        #expect(snapshot.planPercentUsed == 0.27)
+        #expect(snapshot.autoPercentUsed == 0)
+        #expect(snapshot.apiPercentUsed == 0.01)
+    }
+
+    @Test
+    func `sub pool percents accept plain percent scale`() {
+        let snapshot = CursorStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+            .parseUsageSummary(
+                CursorUsageSummary(
+                    billingCycleStart: nil,
+                    billingCycleEnd: nil,
+                    membershipType: "pro",
+                    limitType: nil,
+                    isUnlimited: false,
+                    autoModelSelectedDisplayMessage: nil,
+                    namedModelSelectedDisplayMessage: nil,
+                    individualUsage: CursorIndividualUsage(
+                        plan: CursorPlanUsage(
+                            enabled: true,
+                            used: 0,
+                            limit: 2000,
+                            remaining: nil,
+                            breakdown: nil,
+                            autoPercentUsed: 12.5,
+                            apiPercentUsed: 3.0,
+                            totalPercentUsed: nil),
+                        onDemand: nil),
+                    teamUsage: nil),
+                userInfo: nil,
+                rawJSON: nil)
+
+        #expect(snapshot.autoPercentUsed == 12.5)
+        #expect(snapshot.apiPercentUsed == 3.0)
+        // Dashboard-style total ≈ average of Auto and API lanes
+        #expect(snapshot.planPercentUsed == 7.75)
+    }
+
+    @Test
+    func `headline total matches dashboard blend when lanes match totalPercentUsed`() {
+        let snapshot = CursorStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+            .parseUsageSummary(
+                CursorUsageSummary(
+                    billingCycleStart: nil,
+                    billingCycleEnd: nil,
+                    membershipType: "pro",
+                    limitType: nil,
+                    isUnlimited: false,
+                    autoModelSelectedDisplayMessage: nil,
+                    namedModelSelectedDisplayMessage: nil,
+                    individualUsage: CursorIndividualUsage(
+                        plan: CursorPlanUsage(
+                            enabled: true,
+                            used: 0,
+                            limit: 2000,
+                            remaining: nil,
+                            breakdown: nil,
+                            autoPercentUsed: 35,
+                            apiPercentUsed: 97,
+                            totalPercentUsed: 66),
+                        onDemand: nil),
+                    teamUsage: nil),
+                userInfo: nil,
+                rawJSON: nil)
+
+        #expect(snapshot.planPercentUsed == 66)
+        #expect(snapshot.autoPercentUsed == 35)
+        #expect(snapshot.apiPercentUsed == 97)
+    }
+
+    @Test
+    func `live cursor payload keeps fractional percents without scaling`() {
+        let snapshot = CursorStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+            .parseUsageSummary(
+                CursorUsageSummary(
+                    billingCycleStart: "2026-03-18T20:45:42.000Z",
+                    billingCycleEnd: "2026-04-18T20:45:42.000Z",
+                    membershipType: "pro",
+                    limitType: "user",
+                    isUnlimited: false,
+                    autoModelSelectedDisplayMessage: "You've used 1% of your included total usage",
+                    namedModelSelectedDisplayMessage: "You've used 1% of your included API usage",
+                    individualUsage: CursorIndividualUsage(
+                        plan: CursorPlanUsage(
+                            enabled: true,
+                            used: 86,
+                            limit: 2000,
+                            remaining: 1914,
+                            breakdown: CursorPlanBreakdown(
+                                included: 86,
+                                bonus: 0,
+                                total: 86),
+                            autoPercentUsed: 0.36,
+                            apiPercentUsed: 0.7111111111111111,
+                            totalPercentUsed: 0.441025641025641),
+                        onDemand: CursorOnDemandUsage(
+                            enabled: false,
+                            used: 0,
+                            limit: nil,
+                            remaining: nil)),
+                    teamUsage: CursorTeamUsage(onDemand: nil)),
+                userInfo: nil,
+                rawJSON: nil)
+
+        #expect(snapshot.planPercentUsed == 0.441025641025641)
+        #expect(snapshot.autoPercentUsed == 0.36)
+        #expect(snapshot.apiPercentUsed == 0.7111111111111111)
+        #expect(snapshot.toUsageSnapshot().primary?.remainingPercent == 99.55897435897436)
+    }
+
+    @Test
+    func `converts snapshot to usage snapshot`() {
         let snapshot = CursorStatusSnapshot(
             planPercentUsed: 45.0,
+            autoPercentUsed: 5.0,
+            apiPercentUsed: nil,
             planUsedUSD: 22.50,
             planLimitUSD: 50.0,
             onDemandUsedUSD: 5.0,
@@ -201,7 +341,6 @@ struct CursorStatusProbeTests {
         #expect(usageSnapshot.accountEmail(for: .cursor) == "user@example.com")
         #expect(usageSnapshot.loginMethod(for: .cursor) == "Cursor Pro")
         #expect(usageSnapshot.secondary != nil)
-        // Uses individual on-demand values (what users see in their dashboard)
         #expect(usageSnapshot.secondary?.usedPercent == 5.0)
         #expect(usageSnapshot.providerCost?.used == 5.0)
         #expect(usageSnapshot.providerCost?.limit == 100.0)
@@ -209,9 +348,37 @@ struct CursorStatusProbeTests {
     }
 
     @Test
-    func usesIndividualOnDemandWhenNoTeamUsage() {
+    func `provider cost includes on demand budget before first spend`() {
+        let snapshot = CursorStatusSnapshot(
+            planPercentUsed: 10.0,
+            autoPercentUsed: 5.0,
+            apiPercentUsed: nil,
+            planUsedUSD: 5.0,
+            planLimitUSD: 50.0,
+            onDemandUsedUSD: 0,
+            onDemandLimitUSD: 75.0,
+            teamOnDemandUsedUSD: nil,
+            teamOnDemandLimitUSD: nil,
+            billingCycleEnd: nil,
+            membershipType: "pro",
+            accountEmail: nil,
+            accountName: nil,
+            rawJSON: nil)
+
+        let usageSnapshot = snapshot.toUsageSnapshot()
+
+        #expect(usageSnapshot.providerCost != nil)
+        #expect(usageSnapshot.providerCost?.used == 0.0)
+        #expect(usageSnapshot.providerCost?.limit == 75.0)
+        #expect(usageSnapshot.providerCost?.period == "Monthly")
+    }
+
+    @Test
+    func `uses individual on demand when no team usage`() {
         let snapshot = CursorStatusSnapshot(
             planPercentUsed: 10.0,
+            autoPercentUsed: 20.0,
+            apiPercentUsed: nil,
             planUsedUSD: 5.0,
             planLimitUSD: 50.0,
             onDemandUsedUSD: 12.0,
@@ -232,7 +399,7 @@ struct CursorStatusProbeTests {
     }
 
     @Test
-    func formatsMembershipTypes() {
+    func `formats membership types`() {
         let testCases: [(input: String, expected: String)] = [
             ("pro", "Cursor Pro"),
             ("hobby", "Cursor Hobby"),
@@ -262,7 +429,7 @@ struct CursorStatusProbeTests {
     }
 
     @Test
-    func handlesNilOnDemandLimit() {
+    func `handles nil on demand limit`() {
         let snapshot = CursorStatusSnapshot(
             planPercentUsed: 50.0,
             planUsedUSD: 25.0,
@@ -290,7 +457,7 @@ struct CursorStatusProbeTests {
     // MARK: - Legacy Request-Based Plan
 
     @Test
-    func parsesLegacyRequestBasedPlan() {
+    func `parses legacy request based plan`() {
         let snapshot = CursorStatusSnapshot(
             planPercentUsed: 100.0,
             planUsedUSD: 0,
@@ -324,7 +491,7 @@ struct CursorStatusProbeTests {
     }
 
     @Test
-    func legacyPlanPrimaryUsesRequestsNotDollars() {
+    func `legacy plan primary uses requests not dollars`() {
         // Regression: Legacy plans report planPercentUsed as 0 while requests are used
         let snapshot = CursorStatusSnapshot(
             planPercentUsed: 0.0, // Dollar-based shows 0
@@ -352,7 +519,7 @@ struct CursorStatusProbeTests {
     }
 
     @Test
-    func parseUsageSummaryPrefersRequestTotal() {
+    func `parse usage summary prefers request total`() {
         let summary = CursorUsageSummary(
             billingCycleStart: nil,
             billingCycleEnd: nil,
@@ -382,8 +549,201 @@ struct CursorStatusProbeTests {
         #expect(snapshot.requestsLimit == 500)
     }
 
+    // MARK: - Imported Session Scanning
+
+    @Test
+    func `imported session scan continues after non auth failure until later success`() async {
+        let probe = CursorStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+        let expected = CursorStatusSnapshot(
+            planPercentUsed: 0.441025641025641,
+            autoPercentUsed: 0.36,
+            apiPercentUsed: 0.7111111111111111,
+            planUsedUSD: 0.86,
+            planLimitUSD: 20.0,
+            onDemandUsedUSD: 0,
+            onDemandLimitUSD: nil,
+            teamOnDemandUsedUSD: nil,
+            teamOnDemandLimitUSD: nil,
+            billingCycleEnd: nil,
+            membershipType: "pro",
+            accountEmail: nil,
+            accountName: nil,
+            rawJSON: nil)
+
+        let result = await probe.scanImportedSessions([
+            Self.makeSessionInfo(sourceLabel: "Chrome"),
+            Self.makeSessionInfo(sourceLabel: "Safari"),
+        ]) { session in
+            switch session.sourceLabel {
+            case "Chrome":
+                .failed(.networkError("HTTP 500"))
+            case "Safari":
+                .succeeded(expected)
+            default:
+                .tryNextBrowser
+            }
+        }
+
+        switch result {
+        case let .succeeded(snapshot):
+            #expect(snapshot.planPercentUsed == expected.planPercentUsed)
+            #expect(snapshot.autoPercentUsed == expected.autoPercentUsed)
+            #expect(snapshot.apiPercentUsed == expected.apiPercentUsed)
+        case .exhausted:
+            Issue.record("Expected scan to continue to the later successful browser session")
+        }
+    }
+
+    @Test
+    func `imported session scan preserves first non auth failure after exhausting sessions`() async {
+        let probe = CursorStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+
+        let result = await probe.scanImportedSessions([
+            Self.makeSessionInfo(sourceLabel: "Chrome"),
+            Self.makeSessionInfo(sourceLabel: "Safari"),
+            Self.makeSessionInfo(sourceLabel: "Arc"),
+        ]) { session in
+            switch session.sourceLabel {
+            case "Chrome":
+                .failed(.networkError("HTTP 500"))
+            case "Safari":
+                .tryNextBrowser
+            case "Arc":
+                .failed(.parseFailed("bad payload"))
+            default:
+                .tryNextBrowser
+            }
+        }
+
+        switch result {
+        case .succeeded:
+            Issue.record("Expected scan to report the first recoverable error after exhausting sessions")
+        case let .exhausted(error):
+            guard let error else {
+                Issue.record("Expected first recoverable error to be preserved")
+                return
+            }
+            guard case let .networkError(message) = error else {
+                Issue.record("Expected first recoverable error to be the Chrome network failure")
+                return
+            }
+            #expect(message == "HTTP 500")
+        }
+    }
+
+    @Test
+    func `browser scan stops importing after later browser succeeds`() async {
+        let probe = CursorStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+        let expected = CursorStatusSnapshot(
+            planPercentUsed: 42,
+            autoPercentUsed: 12,
+            apiPercentUsed: 85,
+            planUsedUSD: 8.4,
+            planLimitUSD: 20,
+            onDemandUsedUSD: 0,
+            onDemandLimitUSD: nil,
+            teamOnDemandUsedUSD: nil,
+            teamOnDemandLimitUSD: nil,
+            billingCycleEnd: nil,
+            membershipType: "pro",
+            accountEmail: nil,
+            accountName: nil,
+            rawJSON: nil)
+        var importedLabels: [String] = []
+
+        let result = await probe.scanBrowsers(
+            [.chrome, .safari, .chromeBeta],
+            importSessions: { browser in
+                importedLabels.append(browser.displayName)
+                switch browser {
+                case .chrome:
+                    return [Self.makeSessionInfo(sourceLabel: "Chrome")]
+                case .safari:
+                    return [Self.makeSessionInfo(sourceLabel: "Safari")]
+                case .chromeBeta:
+                    return [Self.makeSessionInfo(sourceLabel: "Chrome Beta")]
+                default:
+                    return []
+                }
+            },
+            attemptFetch: { session in
+                switch session.sourceLabel {
+                case "Chrome":
+                    .failed(.networkError("HTTP 500"))
+                case "Safari":
+                    .succeeded(expected)
+                default:
+                    .tryNextBrowser
+                }
+            })
+
+        switch result {
+        case let .succeeded(snapshot):
+            #expect(snapshot.planPercentUsed == expected.planPercentUsed)
+            #expect(importedLabels == ["Chrome", "Safari"])
+        case .exhausted:
+            Issue.record("Expected browser scan to stop after the later successful browser")
+        }
+    }
+
+    @Test
+    func `browser scan keeps trying later sources within the same browser`() async {
+        let probe = CursorStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+        let expected = CursorStatusSnapshot(
+            planPercentUsed: 12,
+            autoPercentUsed: 3,
+            apiPercentUsed: 45,
+            planUsedUSD: 2.4,
+            planLimitUSD: 20,
+            onDemandUsedUSD: 0,
+            onDemandLimitUSD: nil,
+            teamOnDemandUsedUSD: nil,
+            teamOnDemandLimitUSD: nil,
+            billingCycleEnd: nil,
+            membershipType: "pro",
+            accountEmail: nil,
+            accountName: nil,
+            rawJSON: nil)
+        var attemptedSources: [String] = []
+
+        let result = await probe.scanBrowsers(
+            [.chrome, .safari],
+            importSessions: { browser in
+                switch browser {
+                case .chrome:
+                    [
+                        Self.makeSessionInfo(sourceLabel: "Chrome Profile 1"),
+                        Self.makeSessionInfo(sourceLabel: "Chrome Profile 2 (domain cookies)"),
+                    ]
+                case .safari:
+                    [Self.makeSessionInfo(sourceLabel: "Safari")]
+                default:
+                    []
+                }
+            },
+            attemptFetch: { session in
+                attemptedSources.append(session.sourceLabel)
+                switch session.sourceLabel {
+                case "Chrome Profile 1":
+                    return CursorStatusProbe.ImportedSessionFetchOutcome.failed(.networkError("HTTP 500"))
+                case "Chrome Profile 2 (domain cookies)":
+                    return CursorStatusProbe.ImportedSessionFetchOutcome.succeeded(expected)
+                default:
+                    return CursorStatusProbe.ImportedSessionFetchOutcome.tryNextBrowser
+                }
+            })
+
+        switch result {
+        case let .succeeded(snapshot):
+            #expect(snapshot.planPercentUsed == expected.planPercentUsed)
+            #expect(attemptedSources == ["Chrome Profile 1", "Chrome Profile 2 (domain cookies)"])
+        case .exhausted:
+            Issue.record("Expected browser scan to continue to later sources within the same browser")
+        }
+    }
+
     @Test
-    func detectsNonLegacyPlan() {
+    func `detects non legacy plan`() {
         let snapshot = CursorStatusSnapshot(
             planPercentUsed: 50.0,
             planUsedUSD: 25.0,
@@ -409,7 +769,7 @@ struct CursorStatusProbeTests {
     // MARK: - Session Store Serialization
 
     @Test
-    func sessionStoreSavesAndLoadsCookies() async {
+    func `session store saves and loads cookies`() async {
         let store = CursorSessionStore.shared
 
         // Clear any existing cookies
@@ -444,7 +804,7 @@ struct CursorStatusProbeTests {
     }
 
     @Test
-    func sessionStoreReloadsFromDiskWhenNeeded() async {
+    func `session store reloads from disk when needed`() async {
         let store = CursorSessionStore.shared
         await store.resetForTesting()
 
@@ -474,7 +834,7 @@ struct CursorStatusProbeTests {
     }
 
     @Test
-    func sessionStoreHasValidSessionLoadsFromDisk() async {
+    func `session store has valid session loads from disk`() async {
         let store = CursorSessionStore.shared
         await store.resetForTesting()
 
@@ -500,4 +860,203 @@ struct CursorStatusProbeTests {
 
         await store.clearCookies()
     }
+
+    private static func makeSessionInfo(sourceLabel: String) -> CursorCookieImporter.SessionInfo {
+        let cookieProps: [HTTPCookiePropertyKey: Any] = [
+            .name: "WorkosCursorSessionToken",
+            .value: sourceLabel.lowercased(),
+            .domain: "cursor.com",
+            .path: "/",
+            .secure: true,
+        ]
+
+        let cookie = HTTPCookie(properties: cookieProps)!
+        return CursorCookieImporter.SessionInfo(cookies: [cookie], sourceLabel: sourceLabel)
+    }
+}
+
+private func makeCursorStatusProbeSession() -> URLSession {
+    let config = URLSessionConfiguration.ephemeral
+    config.protocolClasses = [CursorStatusProbeStubURLProtocol.self]
+    return URLSession(configuration: config)
+}
+
+private func makeCursorStatusProbeResponse(
+    url: URL,
+    body: String,
+    statusCode: Int,
+    contentType: String = "application/json") -> (HTTPURLResponse, Data)
+{
+    let response = HTTPURLResponse(
+        url: url,
+        statusCode: statusCode,
+        httpVersion: nil,
+        headerFields: ["Content-Type": contentType])!
+    return (response, Data(body.utf8))
+}
+
+extension CursorStatusProbeTests {
+    @Test
+    func `fetch ignores user info failure when usage summary succeeds`() async throws {
+        defer {
+            CursorStatusProbeStubURLProtocol.reset()
+        }
+        CursorStatusProbeStubURLProtocol.reset()
+
+        CursorStatusProbeStubURLProtocol.setHandler { request in
+            let requestURL = try #require(request.url)
+
+            switch requestURL.path {
+            case "/api/usage-summary":
+                return makeCursorStatusProbeResponse(
+                    url: requestURL,
+                    body: """
+                    {
+                      "membershipType": "pro",
+                      "individualUsage": {
+                        "plan": {
+                          "used": 1500,
+                          "limit": 5000,
+                          "totalPercentUsed": 30.0
+                        }
+                      }
+                    }
+                    """,
+                    statusCode: 200)
+            case "/api/auth/me":
+                return makeCursorStatusProbeResponse(
+                    url: requestURL,
+                    body: #"{"error":"nope"}"#,
+                    statusCode: 500)
+            default:
+                throw URLError(.badURL)
+            }
+        }
+
+        let baseURL = try #require(URL(string: "https://cursor.test"))
+        let snapshot = try await CursorStatusProbe(
+            baseURL: baseURL,
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            urlSession: makeCursorStatusProbeSession()).fetchWithManualCookies("auth=test")
+
+        #expect(snapshot.planPercentUsed == 30.0)
+        #expect(snapshot.accountEmail == nil)
+        #expect(CursorStatusProbeStubURLProtocol.requestCount == 2)
+    }
+
+    @Test
+    func `fetch fails cleanly when usage summary fails`() async {
+        defer {
+            CursorStatusProbeStubURLProtocol.reset()
+        }
+        CursorStatusProbeStubURLProtocol.reset()
+
+        CursorStatusProbeStubURLProtocol.setHandler { request in
+            let requestURL = try #require(request.url)
+
+            switch requestURL.path {
+            case "/api/usage-summary":
+                return makeCursorStatusProbeResponse(
+                    url: requestURL,
+                    body: #"{"error":"denied"}"#,
+                    statusCode: 500)
+            case "/api/auth/me":
+                return makeCursorStatusProbeResponse(
+                    url: requestURL,
+                    body: """
+                    {
+                      "email": "user@example.com",
+                      "email_verified": true,
+                      "name": "Test User",
+                      "sub": "auth0|12345"
+                    }
+                    """,
+                    statusCode: 200)
+            default:
+                throw URLError(.badURL)
+            }
+        }
+
+        do {
+            let baseURL = try #require(URL(string: "https://cursor.test"))
+            _ = try await CursorStatusProbe(
+                baseURL: baseURL,
+                browserDetection: BrowserDetection(cacheTTL: 0),
+                urlSession: makeCursorStatusProbeSession()).fetchWithManualCookies("auth=test")
+            Issue.record("Expected usage summary failure to be surfaced")
+        } catch let error as CursorStatusProbeError {
+            guard case let .networkError(message) = error else {
+                Issue.record("Expected networkError, got: \(error)")
+                return
+            }
+            #expect(message == "HTTP 500")
+            #expect(CursorStatusProbeStubURLProtocol.requestPaths.contains("/api/usage-summary"))
+        } catch {
+            Issue.record("Expected CursorStatusProbeError, got: \(error)")
+        }
+    }
+}
+
+final class CursorStatusProbeStubURLProtocol: URLProtocol {
+    private struct State {
+        var requests: [URLRequest] = []
+        var handler: (@Sendable (URLRequest) throws -> (HTTPURLResponse, Data))?
+    }
+
+    private static let lock = NSLock()
+    private nonisolated(unsafe) static var state = State()
+
+    static func setHandler(_ handler: @escaping @Sendable (URLRequest) throws -> (HTTPURLResponse, Data)) {
+        self.lock.lock()
+        self.state.handler = handler
+        self.lock.unlock()
+    }
+
+    static func reset() {
+        self.lock.lock()
+        self.state = State()
+        self.lock.unlock()
+    }
+
+    static var requestCount: Int {
+        lock.lock()
+        defer { Self.lock.unlock() }
+        return state.requests.count
+    }
+
+    static var requestPaths: [String] {
+        lock.lock()
+        defer { Self.lock.unlock() }
+        return state.requests.compactMap { $0.url?.path }
+    }
+
+    override static func canInit(with request: URLRequest) -> Bool {
+        true
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        let handler: (@Sendable (URLRequest) throws -> (HTTPURLResponse, Data))?
+        Self.lock.lock()
+        Self.state.requests.append(self.request)
+        handler = Self.state.handler
+        Self.lock.unlock()
+
+        do {
+            guard let handler else {
+                throw URLError(.cancelled)
+            }
+            let (response, data) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
 }
diff --git a/Tests/CodexBarTests/DeepSeekSettingsReaderTests.swift b/Tests/CodexBarTests/DeepSeekSettingsReaderTests.swift
new file mode 100644
index 000000000..0aba8b4a8
--- /dev/null
+++ b/Tests/CodexBarTests/DeepSeekSettingsReaderTests.swift
@@ -0,0 +1,73 @@
+import CodexBarCore
+import Testing
+
+struct DeepSeekSettingsReaderTests {
+    @Test
+    func `reads DEEPSEEK_API_KEY`() {
+        let env = ["DEEPSEEK_API_KEY": "sk-abc123"]
+        #expect(DeepSeekSettingsReader.apiKey(environment: env) == "sk-abc123")
+    }
+
+    @Test
+    func `falls back to DEEPSEEK_KEY`() {
+        let env = ["DEEPSEEK_KEY": "sk-fallback"]
+        #expect(DeepSeekSettingsReader.apiKey(environment: env) == "sk-fallback")
+    }
+
+    @Test
+    func `DEEPSEEK_API_KEY takes priority over DEEPSEEK_KEY`() {
+        let env = ["DEEPSEEK_API_KEY": "sk-primary", "DEEPSEEK_KEY": "sk-secondary"]
+        #expect(DeepSeekSettingsReader.apiKey(environment: env) == "sk-primary")
+    }
+
+    @Test
+    func `trims whitespace`() {
+        let env = ["DEEPSEEK_API_KEY": "  sk-trimmed  "]
+        #expect(DeepSeekSettingsReader.apiKey(environment: env) == "sk-trimmed")
+    }
+
+    @Test
+    func `strips double quotes`() {
+        let env = ["DEEPSEEK_API_KEY": "\"sk-quoted\""]
+        #expect(DeepSeekSettingsReader.apiKey(environment: env) == "sk-quoted")
+    }
+
+    @Test
+    func `strips single quotes`() {
+        let env = ["DEEPSEEK_KEY": "'sk-single'"]
+        #expect(DeepSeekSettingsReader.apiKey(environment: env) == "sk-single")
+    }
+
+    @Test
+    func `returns nil when no key present`() {
+        #expect(DeepSeekSettingsReader.apiKey(environment: [:]) == nil)
+    }
+
+    @Test
+    func `returns nil for empty key`() {
+        let env = ["DEEPSEEK_API_KEY": ""]
+        #expect(DeepSeekSettingsReader.apiKey(environment: env) == nil)
+    }
+
+    @Test
+    func `returns nil for whitespace-only key`() {
+        let env = ["DEEPSEEK_API_KEY": "   "]
+        #expect(DeepSeekSettingsReader.apiKey(environment: env) == nil)
+    }
+}
+
+struct DeepSeekProviderTokenResolverTests {
+    @Test
+    func `resolves from environment`() {
+        let env = ["DEEPSEEK_API_KEY": "sk-resolve-test"]
+        let resolution = ProviderTokenResolver.deepseekResolution(environment: env)
+        #expect(resolution?.token == "sk-resolve-test")
+        #expect(resolution?.source == .environment)
+    }
+
+    @Test
+    func `returns nil when key absent`() {
+        let resolution = ProviderTokenResolver.deepseekResolution(environment: [:])
+        #expect(resolution == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/DeepSeekUsageCostParserTests.swift b/Tests/CodexBarTests/DeepSeekUsageCostParserTests.swift
new file mode 100644
index 000000000..c7cc32b92
--- /dev/null
+++ b/Tests/CodexBarTests/DeepSeekUsageCostParserTests.swift
@@ -0,0 +1,855 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct DeepSeekUsageCostParserTests {
+    // Fixtures use date 2026-05-26
+    private let fixtureNow = Date(timeIntervalSince1970: 1_779_796_800) // 2026-05-26 12:00:00 UTC
+    private let fixtureCalendar: Calendar = {
+        var cal = Calendar.current
+        cal.timeZone = TimeZone(identifier: "UTC") ?? .current
+        return cal
+    }()
+
+    // MARK: - Amount Parser Tests
+
+    @Test
+    func `amount parser decodes total and days`() throws {
+        let json = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": {
+              "total": [
+                {
+                  "model": "deepseek-v4-flash",
+                  "usage": [
+                    {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "100686720"},
+                    {"type": "PROMPT_CACHE_MISS_TOKEN", "amount": "1305432"},
+                    {"type": "RESPONSE_TOKEN", "amount": "656338"},
+                    {"type": "REQUEST", "amount": "1212"}
+                  ]
+                }
+              ],
+              "days": [
+                {
+                  "date": "2026-05-26",
+                  "data": [
+                    {
+                      "model": "deepseek-v4-flash",
+                      "usage": [
+                        {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "100686720"},
+                        {"type": "PROMPT_CACHE_MISS_TOKEN", "amount": "1305432"},
+                        {"type": "RESPONSE_TOKEN", "amount": "656338"},
+                        {"type": "REQUEST", "amount": "1212"}
+                      ]
+                    }
+                  ]
+                }
+              ]
+            }
+          }
+        }
+        """
+        let payload = try DeepSeekUsageCostParser.decodeAmountPayload(data: Data(json.utf8))
+        #expect(payload.code == 0)
+        #expect(payload.data?.bizCode == 0)
+        #expect(payload.data?.bizData?.total?.count == 1)
+        #expect(payload.data?.bizData?.total?[0].model == "deepseek-v4-flash")
+        #expect(payload.data?.bizData?.days?.count == 1)
+        #expect(payload.data?.bizData?.days?[0].date == "2026-05-26")
+    }
+
+    @Test
+    func `amount parser handles missing biz_data gracefully`() throws {
+        let json = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": null
+        }
+        """
+        let payload = try DeepSeekUsageCostParser.decodeAmountPayload(data: Data(json.utf8))
+        #expect(payload.code == 0)
+        #expect(payload.data?.bizData?.total == nil)
+        #expect(payload.data?.bizData?.days == nil)
+    }
+
+    // MARK: - Cost Parser Tests
+
+    @Test
+    func `cost parser decodes total, days, and currency`() throws {
+        let json = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": [
+              {
+                "total": [
+                  {
+                    "model": "deepseek-v4-flash",
+                    "usage": [
+                      {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "2.0137344000000000"},
+                      {"type": "PROMPT_CACHE_MISS_TOKEN", "amount": "1.3054320000000000"},
+                      {"type": "RESPONSE_TOKEN", "amount": "1.3126760000000000"},
+                      {"type": "REQUEST", "amount": "0"}
+                    ]
+                  }
+                ],
+                "days": [
+                  {
+                    "date": "2026-05-26",
+                    "data": [
+                      {
+                        "model": "deepseek-v4-flash",
+                        "usage": [
+                          {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "2.0137344000000000"},
+                          {"type": "PROMPT_CACHE_MISS_TOKEN", "amount": "1.3054320000000000"},
+                          {"type": "RESPONSE_TOKEN", "amount": "1.3126760000000000"},
+                          {"type": "REQUEST", "amount": "0"}
+                        ]
+                      }
+                    ]
+                  }
+                ],
+                "currency": "CNY"
+              }
+            ]
+          }
+        }
+        """
+        let payload = try DeepSeekUsageCostParser.decodeCostPayload(data: Data(json.utf8))
+        #expect(payload.code == 0)
+        #expect(payload.data?.bizCode == 0)
+        #expect(payload.data?.bizData?[0].currency == "CNY")
+        #expect(payload.data?.bizData?[0].total?.count == 1)
+        #expect(payload.data?.bizData?[0].days?.count == 1)
+        #expect(payload.data?.bizData?[0].days?[0].date == "2026-05-26")
+    }
+
+    @Test
+    func `cost parser handles empty biz_data`() throws {
+        let json = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": []
+          }
+        }
+        """
+        let payload = try DeepSeekUsageCostParser.decodeCostPayload(data: Data(json.utf8))
+        #expect(payload.code == 0)
+        #expect(payload.data?.bizData?.isEmpty == true)
+    }
+
+    // MARK: - String Parsing Tests
+
+    @Test
+    func `string token parsing works`() throws {
+        let json = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": {
+              "total": [
+                {
+                  "model": "deepseek-v4-flash",
+                  "usage": [
+                    {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "100686720"},
+                    {"type": "RESPONSE_TOKEN", "amount": "656338"}
+                  ]
+                }
+              ],
+              "days": []
+            }
+          }
+        }
+        """
+        let payload = try DeepSeekUsageCostParser.decodeAmountPayload(data: Data(json.utf8))
+        #expect(payload.data?.bizData?.total?[0].usage?[0].type == "PROMPT_CACHE_HIT_TOKEN")
+        #expect(payload.data?.bizData?.total?[0].usage?[0].amount == "100686720")
+    }
+
+    @Test
+    func `decimal cost parsing works`() throws {
+        let json = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": [
+              {
+                "total": [
+                  {
+                    "model": "deepseek-v4-flash",
+                    "usage": [
+                      {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "2.0137344000000000"}
+                    ]
+                  }
+                ],
+                "days": [],
+                "currency": "CNY"
+              }
+            ]
+          }
+        }
+        """
+        let payload = try DeepSeekUsageCostParser.decodeCostPayload(data: Data(json.utf8))
+        #expect(payload.data?.bizData?[0].total?[0].usage?[0].amount == "2.0137344000000000")
+    }
+
+    // MARK: - Aggregation Tests
+
+    @Test
+    func `aggregation computes today token totals`() throws {
+        let amountJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": {
+              "total": [
+                {
+                  "model": "deepseek-v4-flash",
+                  "usage": [
+                    {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "100686720"},
+                    {"type": "PROMPT_CACHE_MISS_TOKEN", "amount": "1305432"},
+                    {"type": "RESPONSE_TOKEN", "amount": "656338"},
+                    {"type": "REQUEST", "amount": "1212"}
+                  ]
+                }
+              ],
+              "days": [
+                {
+                  "date": "2026-05-26",
+                  "data": [
+                    {
+                      "model": "deepseek-v4-flash",
+                      "usage": [
+                        {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "100686720"},
+                        {"type": "PROMPT_CACHE_MISS_TOKEN", "amount": "1305432"},
+                        {"type": "RESPONSE_TOKEN", "amount": "656338"},
+                        {"type": "REQUEST", "amount": "1212"}
+                      ]
+                    }
+                  ]
+                }
+              ]
+            }
+          }
+        }
+        """
+
+        let costJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": [
+              {
+                "total": [
+                  {
+                    "model": "deepseek-v4-flash",
+                    "usage": [
+                      {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "2.0137344000000000"},
+                      {"type": "PROMPT_CACHE_MISS_TOKEN", "amount": "1.3054320000000000"},
+                      {"type": "RESPONSE_TOKEN", "amount": "1.3126760000000000"},
+                      {"type": "REQUEST", "amount": "0"}
+                    ]
+                  }
+                ],
+                "days": [
+                  {
+                    "date": "2026-05-26",
+                    "data": [
+                      {
+                        "model": "deepseek-v4-flash",
+                        "usage": [
+                          {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "2.0137344000000000"},
+                          {"type": "PROMPT_CACHE_MISS_TOKEN", "amount": "1.3054320000000000"},
+                          {"type": "RESPONSE_TOKEN", "amount": "1.3126760000000000"},
+                          {"type": "REQUEST", "amount": "0"}
+                        ]
+                      }
+                    ]
+                  }
+                ],
+                "currency": "CNY"
+              }
+            ]
+          }
+        }
+        """
+
+        let summary = try DeepSeekUsageFetcher._parseUsageSummaryForTesting(
+            amountData: Data(amountJSON.utf8),
+            costData: Data(costJSON.utf8),
+            now: self.fixtureNow,
+            calendar: self.fixtureCalendar)
+
+        // Today is 2026-05-26 per the test data
+        #expect(summary.todayTokens == 102_648_490) // 100_686_720 + 1_305_432 + 656_338
+        #expect(summary.requestCount == 1212)
+        #expect(summary.currency == "CNY")
+    }
+
+    @Test
+    func `aggregation uses injected now and calendar for today bucket`() throws {
+        let amountJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": {
+              "total": [
+                {
+                  "model": "deepseek-v4-flash",
+                  "usage": [
+                    {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "100"},
+                    {"type": "REQUEST", "amount": "1"}
+                  ]
+                }
+              ],
+              "days": [
+                {
+                  "date": "2026-05-26",
+                  "data": [
+                    {
+                      "model": "deepseek-v4-flash",
+                      "usage": [
+                        {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "100"},
+                        {"type": "REQUEST", "amount": "1"}
+                      ]
+                    }
+                  ]
+                }
+              ]
+            }
+          }
+        }
+        """
+        let costJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": [
+              {
+                "total": [],
+                "days": [],
+                "currency": "CNY"
+              }
+            ]
+          }
+        }
+        """
+
+        var nextMonthUTC = Calendar(identifier: .gregorian)
+        nextMonthUTC.timeZone = TimeZone(identifier: "UTC") ?? .current
+        let injectedNow = try #require(nextMonthUTC.date(from: DateComponents(year: 2026, month: 6, day: 1, hour: 12)))
+
+        let summary = try DeepSeekUsageFetcher._parseUsageSummaryForTesting(
+            amountData: Data(amountJSON.utf8),
+            costData: Data(costJSON.utf8),
+            now: injectedNow,
+            calendar: nextMonthUTC)
+
+        #expect(summary.todayTokens == 0)
+        #expect(summary.currentMonthTokens == 0)
+    }
+
+    @Test
+    func `aggregation computes today cost totals`() throws {
+        let amountJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": {
+              "total": [
+                {
+                  "model": "deepseek-v4-flash",
+                  "usage": [
+                    {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "100686720"},
+                    {"type": "RESPONSE_TOKEN", "amount": "656338"}
+                  ]
+                }
+              ],
+              "days": [
+                {
+                  "date": "2026-05-26",
+                  "data": [
+                    {
+                      "model": "deepseek-v4-flash",
+                      "usage": [
+                        {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "100686720"},
+                        {"type": "RESPONSE_TOKEN", "amount": "656338"}
+                      ]
+                    }
+                  ]
+                }
+              ]
+            }
+          }
+        }
+        """
+
+        let costJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": [
+              {
+                "total": [
+                  {
+                    "model": "deepseek-v4-flash",
+                    "usage": [
+                      {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "2.0137344000000000"},
+                      {"type": "RESPONSE_TOKEN", "amount": "1.3126760000000000"}
+                    ]
+                  }
+                ],
+                "days": [
+                  {
+                    "date": "2026-05-26",
+                    "data": [
+                      {
+                        "model": "deepseek-v4-flash",
+                        "usage": [
+                          {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "2.0137344000000000"},
+                          {"type": "RESPONSE_TOKEN", "amount": "1.3126760000000000"}
+                        ]
+                      }
+                    ]
+                  }
+                ],
+                "currency": "CNY"
+              }
+            ]
+          }
+        }
+        """
+
+        let summary = try DeepSeekUsageFetcher._parseUsageSummaryForTesting(
+            amountData: Data(amountJSON.utf8),
+            costData: Data(costJSON.utf8),
+            now: self.fixtureNow,
+            calendar: self.fixtureCalendar)
+
+        #expect(abs((summary.todayCost ?? 0) - 3.3264104) < 0.0001)
+        #expect(summary.currentMonthCost != nil)
+    }
+
+    @Test
+    func `aggregation computes model and category breakdown`() throws {
+        let amountJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": {
+              "total": [
+                {
+                  "model": "deepseek-v4-flash",
+                  "usage": [
+                    {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "100686720"},
+                    {"type": "PROMPT_CACHE_MISS_TOKEN", "amount": "1305432"},
+                    {"type": "RESPONSE_TOKEN", "amount": "656338"}
+                  ]
+                }
+              ],
+              "days": []
+            }
+          }
+        }
+        """
+
+        let costJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": [
+              {
+                "total": [
+                  {
+                    "model": "deepseek-v4-flash",
+                    "usage": [
+                      {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "2.0137344000000000"},
+                      {"type": "PROMPT_CACHE_MISS_TOKEN", "amount": "1.3054320000000000"},
+                      {"type": "RESPONSE_TOKEN", "amount": "1.3126760000000000"}
+                    ]
+                  }
+                ],
+                "days": [],
+                "currency": "CNY"
+              }
+            ]
+          }
+        }
+        """
+
+        let summary = try DeepSeekUsageFetcher._parseUsageSummaryForTesting(
+            amountData: Data(amountJSON.utf8),
+            costData: Data(costJSON.utf8),
+            now: self.fixtureNow,
+            calendar: self.fixtureCalendar)
+
+        #expect(summary.topModel == "deepseek-v4-flash")
+        #expect(summary.categoryBreakdown.count == 3)
+
+        let cacheHit = summary.categoryBreakdown.first { $0.category == DeepSeekUsageCategory.promptCacheHitToken }
+        #expect(cacheHit?.tokens == 100_686_720)
+        #expect(abs((cacheHit?.cost ?? 0) - 2.0137344) < 0.0001)
+
+        let cacheMiss = summary.categoryBreakdown.first { $0.category == DeepSeekUsageCategory.promptCacheMissToken }
+        #expect(cacheMiss?.tokens == 1_305_432)
+        #expect(abs((cacheMiss?.cost ?? 0) - 1.305432) < 0.0001)
+
+        let response = summary.categoryBreakdown.first { $0.category == DeepSeekUsageCategory.responseToken }
+        #expect(response?.tokens == 656_338)
+        #expect(abs((response?.cost ?? 0) - 1.312676) < 0.0001)
+    }
+
+    // MARK: - Unknown Types Handling
+
+    @Test
+    func `unknown usage types are ignored safely`() throws {
+        let amountJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": {
+              "total": [
+                {
+                  "model": "deepseek-v4-flash",
+                  "usage": [
+                    {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "100"},
+                    {"type": "UNKNOWN_TYPE", "amount": "999"},
+                    {"type": "RESPONSE_TOKEN", "amount": "200"}
+                  ]
+                }
+              ],
+              "days": []
+            }
+          }
+        }
+        """
+
+        let costJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": [
+              {
+                "total": [
+                  {
+                    "model": "deepseek-v4-flash",
+                    "usage": [
+                      {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "1.0"},
+                      {"type": "UNKNOWN_TYPE", "amount": "99.0"},
+                      {"type": "RESPONSE_TOKEN", "amount": "2.0"}
+                    ]
+                  }
+                ],
+                "days": [],
+                "currency": "CNY"
+              }
+            ]
+          }
+        }
+        """
+
+        let summary = try DeepSeekUsageFetcher._parseUsageSummaryForTesting(
+            amountData: Data(amountJSON.utf8),
+            costData: Data(costJSON.utf8),
+            now: self.fixtureNow,
+            calendar: self.fixtureCalendar)
+
+        // Unknown type should be ignored - only known categories with non-zero tokens appear in breakdown
+        // todayTokens comes from daily data which is empty in this test, so it's 0
+        #expect(summary.todayTokens == 0)
+        #expect(summary.categoryBreakdown.count == 3) // Always 3 categories, even if some have 0 tokens
+    }
+
+    // MARK: - Error Handling
+
+    @Test
+    func `missing fields fails closed`() {
+        let amountJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": null
+        }
+        """
+
+        let costJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": [
+              {
+                "total": [],
+                "days": [],
+                "currency": "CNY"
+              }
+            ]
+          }
+        }
+        """
+
+        #expect {
+            _ = try DeepSeekUsageFetcher._parseUsageSummaryForTesting(
+                amountData: Data(amountJSON.utf8),
+                costData: Data(costJSON.utf8),
+                now: fixtureNow,
+                calendar: fixtureCalendar)
+        } throws: { error in
+            guard case DeepSeekUsageError.parseFailed = error else { return false }
+            return true
+        }
+    }
+
+    @Test
+    func `non-zero biz_code fails closed`() {
+        let amountJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 1001,
+            "biz_msg": "some error",
+            "biz_data": {
+              "total": [],
+              "days": []
+            }
+          }
+        }
+        """
+
+        let costJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": [
+              {
+                "total": [],
+                "days": [],
+                "currency": "CNY"
+              }
+            ]
+          }
+        }
+        """
+
+        #expect {
+            _ = try DeepSeekUsageFetcher._parseUsageSummaryForTesting(
+                amountData: Data(amountJSON.utf8),
+                costData: Data(costJSON.utf8))
+        } throws: { error in
+            guard case DeepSeekUsageError.apiError = error else { return false }
+            return true
+        }
+    }
+
+    @Test
+    func `invalid JSON fails closed`() {
+        #expect {
+            _ = try DeepSeekUsageFetcher._parseUsageSummaryForTesting(
+                amountData: Data("not json".utf8),
+                costData: Data("{}".utf8))
+        } throws: { error in
+            guard case DeepSeekUsageError.parseFailed = error else { return false }
+            return true
+        }
+    }
+
+    // MARK: - Edge Cases
+
+    @Test
+    func `empty days array works`() throws {
+        let amountJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": {
+              "total": [],
+              "days": []
+            }
+          }
+        }
+        """
+
+        let costJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": [
+              {
+                "total": [],
+                "days": [],
+                "currency": "CNY"
+              }
+            ]
+          }
+        }
+        """
+
+        let summary = try DeepSeekUsageFetcher._parseUsageSummaryForTesting(
+            amountData: Data(amountJSON.utf8),
+            costData: Data(costJSON.utf8),
+            now: self.fixtureNow,
+            calendar: self.fixtureCalendar)
+
+        #expect(summary.todayTokens == 0)
+        #expect(summary.currentMonthTokens == 0)
+        #expect(summary.todayCost == nil)
+        #expect(summary.currentMonthCost == nil)
+        #expect(summary.daily.isEmpty)
+    }
+
+    @Test
+    func `multiple models works`() throws {
+        let amountJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": {
+              "total": [
+                {
+                  "model": "deepseek-v4-flash",
+                  "usage": [
+                    {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "100"},
+                    {"type": "RESPONSE_TOKEN", "amount": "50"}
+                  ]
+                },
+                {
+                  "model": "deepseek-chat",
+                  "usage": [
+                    {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "200"},
+                    {"type": "RESPONSE_TOKEN", "amount": "100"}
+                  ]
+                }
+              ],
+              "days": [
+                {
+                  "date": "2026-05-26",
+                  "data": [
+                    {
+                      "model": "deepseek-v4-flash",
+                      "usage": [
+                        {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "100"},
+                        {"type": "RESPONSE_TOKEN", "amount": "50"}
+                      ]
+                    },
+                    {
+                      "model": "deepseek-chat",
+                      "usage": [
+                        {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "200"},
+                        {"type": "RESPONSE_TOKEN", "amount": "100"}
+                      ]
+                    }
+                  ]
+                }
+              ]
+            }
+          }
+        }
+        """
+
+        let costJSON = """
+        {
+          "code": 0,
+          "msg": "",
+          "data": {
+            "biz_code": 0,
+            "biz_msg": "",
+            "biz_data": [
+              {
+                "total": [
+                  {
+                    "model": "deepseek-v4-flash",
+                    "usage": [
+                      {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "1.0"},
+                      {"type": "RESPONSE_TOKEN", "amount": "0.5"}
+                    ]
+                  },
+                  {
+                    "model": "deepseek-chat",
+                    "usage": [
+                      {"type": "PROMPT_CACHE_HIT_TOKEN", "amount": "2.0"},
+                      {"type": "RESPONSE_TOKEN", "amount": "1.0"}
+                    ]
+                  }
+                ],
+                "days": [],
+                "currency": "CNY"
+              }
+            ]
+          }
+        }
+        """
+
+        let summary = try DeepSeekUsageFetcher._parseUsageSummaryForTesting(
+            amountData: Data(amountJSON.utf8),
+            costData: Data(costJSON.utf8),
+            now: self.fixtureNow,
+            calendar: self.fixtureCalendar)
+
+        #expect(summary.topModel == "deepseek-chat") // 300 tokens vs 150 tokens
+        #expect(summary.todayTokens == 450) // 150 + 300
+    }
+}
diff --git a/Tests/CodexBarTests/DeepSeekUsageFetcherTests.swift b/Tests/CodexBarTests/DeepSeekUsageFetcherTests.swift
new file mode 100644
index 000000000..e4d60078e
--- /dev/null
+++ b/Tests/CodexBarTests/DeepSeekUsageFetcherTests.swift
@@ -0,0 +1,527 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct DeepSeekUsageFetcherTests {
+    private struct TimeoutError: Error {}
+
+    private actor SummaryCancellationProbe {
+        private var started = false
+        private var cancelled = false
+        private var startedWaiters: [CheckedContinuation<Void, Never>] = []
+
+        func markStarted() {
+            self.started = true
+            for waiter in self.startedWaiters {
+                waiter.resume()
+            }
+            self.startedWaiters.removeAll()
+        }
+
+        func waitUntilStarted() async {
+            if self.started { return }
+            await withCheckedContinuation { continuation in
+                self.startedWaiters.append(continuation)
+            }
+        }
+
+        func markCancelled() {
+            self.cancelled = true
+        }
+
+        func wasCancelled() -> Bool {
+            self.cancelled
+        }
+    }
+
+    private static func withTimeout<T: Sendable>(
+        _ timeout: Duration,
+        operation: @escaping @Sendable () async throws -> T) async throws -> T
+    {
+        try await withThrowingTaskGroup(of: T.self) { group in
+            group.addTask {
+                try await operation()
+            }
+            group.addTask {
+                try await Task.sleep(for: timeout)
+                throw TimeoutError()
+            }
+
+            let result = try await group.next()
+            group.cancelAll()
+            guard let result else { throw TimeoutError() }
+            return result
+        }
+    }
+
+    private static let sampleBalanceJSON = """
+    {
+      "is_available": true,
+      "balance_infos": [
+        {
+          "currency": "USD",
+          "total_balance": "50.00",
+          "granted_balance": "10.00",
+          "topped_up_balance": "40.00"
+        }
+      ]
+    }
+    """
+
+    private static func sampleSummary(updatedAt: Date = Date()) -> DeepSeekUsageSummary {
+        DeepSeekUsageSummary(
+            todayTokens: 123,
+            currentMonthTokens: 456,
+            todayCost: 1.23,
+            currentMonthCost: 4.56,
+            requestCount: 7,
+            currentMonthRequestCount: 8,
+            topModel: "deepseek-v4-flash",
+            categoryBreakdown: [
+                DeepSeekCategoryBreakdown(category: .promptCacheHitToken, tokens: 123, cost: 1.23),
+            ],
+            daily: [],
+            currency: "USD",
+            updatedAt: updatedAt)
+    }
+
+    @Test
+    func `parses USD balance response`() throws {
+        let json = """
+        {
+          "is_available": true,
+          "balance_infos": [
+            {
+              "currency": "USD",
+              "total_balance": "50.00",
+              "granted_balance": "10.00",
+              "topped_up_balance": "40.00"
+            }
+          ]
+        }
+        """
+        let snapshot = try DeepSeekUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        #expect(snapshot.isAvailable == true)
+        #expect(snapshot.currency == "USD")
+        #expect(snapshot.totalBalance == 50.0)
+        #expect(snapshot.grantedBalance == 10.0)
+        #expect(snapshot.toppedUpBalance == 40.0)
+    }
+
+    @Test
+    func `parses CNY balance response`() throws {
+        let json = """
+        {
+          "is_available": true,
+          "balance_infos": [
+            {
+              "currency": "CNY",
+              "total_balance": "110.00",
+              "granted_balance": "10.00",
+              "topped_up_balance": "100.00"
+            }
+          ]
+        }
+        """
+        let snapshot = try DeepSeekUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        #expect(snapshot.currency == "CNY")
+        #expect(snapshot.totalBalance == 110.0)
+        #expect(snapshot.toppedUpBalance == 100.0)
+    }
+
+    @Test
+    func `prefers USD when both currencies present`() throws {
+        let json = """
+        {
+          "is_available": true,
+          "balance_infos": [
+            {
+              "currency": "CNY",
+              "total_balance": "100.00",
+              "granted_balance": "0.00",
+              "topped_up_balance": "100.00"
+            },
+            {
+              "currency": "USD",
+              "total_balance": "20.00",
+              "granted_balance": "5.00",
+              "topped_up_balance": "15.00"
+            }
+          ]
+        }
+        """
+        let snapshot = try DeepSeekUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        #expect(snapshot.currency == "USD")
+        #expect(snapshot.totalBalance == 20.0)
+    }
+
+    @Test
+    func `prefers positive CNY balance over empty USD balance`() throws {
+        let json = """
+        {
+          "is_available": true,
+          "balance_infos": [
+            {
+              "currency": "USD",
+              "total_balance": "0.00",
+              "granted_balance": "0.00",
+              "topped_up_balance": "0.00"
+            },
+            {
+              "currency": "CNY",
+              "total_balance": "100.00",
+              "granted_balance": "0.00",
+              "topped_up_balance": "100.00"
+            }
+          ]
+        }
+        """
+        let snapshot = try DeepSeekUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(snapshot.currency == "CNY")
+        #expect(snapshot.totalBalance == 100.0)
+        #expect(usage.primary?.resetDescription?.contains("¥100.00") == true)
+    }
+
+    @Test
+    func `zero balance prompts top up even when unavailable`() throws {
+        let json = """
+        {
+          "is_available": false,
+          "balance_infos": [
+            {
+              "currency": "USD",
+              "total_balance": "0.00",
+              "granted_balance": "0.00",
+              "topped_up_balance": "0.00"
+            }
+          ]
+        }
+        """
+        let snapshot = try DeepSeekUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        #expect(snapshot.isAvailable == false)
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.usedPercent == 100)
+        #expect(usage.primary?.resetDescription == "$0.00 — add credits at platform.deepseek.com")
+        #expect(usage.identity?.loginMethod == nil)
+    }
+
+    @Test
+    func `full bar when balance available`() throws {
+        let json = """
+        {
+          "is_available": true,
+          "balance_infos": [
+            {
+              "currency": "USD",
+              "total_balance": "5.00",
+              "granted_balance": "0.00",
+              "topped_up_balance": "5.00"
+            }
+          ]
+        }
+        """
+        let snapshot = try DeepSeekUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.usedPercent == 0)
+        #expect(usage.primary?.resetDescription?.contains("$5.00") == true)
+        #expect(usage.identity?.loginMethod == nil)
+    }
+
+    @Test
+    func `throws on malformed balance string`() {
+        let json = """
+        {
+          "is_available": true,
+          "balance_infos": [
+            {
+              "currency": "USD",
+              "total_balance": "not-a-number",
+              "granted_balance": "0.00",
+              "topped_up_balance": "0.00"
+            }
+          ]
+        }
+        """
+        #expect {
+            _ = try DeepSeekUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        } throws: { error in
+            guard case DeepSeekUsageError.parseFailed = error else { return false }
+            return true
+        }
+    }
+
+    @Test
+    func `empty balance_infos returns unavailable snapshot`() throws {
+        let json = """
+        {
+          "is_available": true,
+          "balance_infos": []
+        }
+        """
+        let snapshot = try DeepSeekUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        #expect(snapshot.isAvailable == false)
+        #expect(snapshot.totalBalance == 0.0)
+    }
+
+    @Test
+    func `throws on invalid JSON root`() {
+        let json = "[{ \"is_available\": true }]"
+        #expect {
+            _ = try DeepSeekUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        } throws: { error in
+            guard case DeepSeekUsageError.parseFailed = error else { return false }
+            return true
+        }
+    }
+
+    @Test
+    func `balance description includes paid and granted breakdown`() throws {
+        let json = """
+        {
+          "is_available": true,
+          "balance_infos": [
+            {
+              "currency": "USD",
+              "total_balance": "50.00",
+              "granted_balance": "10.00",
+              "topped_up_balance": "40.00"
+            }
+          ]
+        }
+        """
+        let snapshot = try DeepSeekUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        let usage = snapshot.toUsageSnapshot()
+        let detail = usage.primary?.resetDescription ?? ""
+        #expect(detail.contains("$50.00"))
+        #expect(detail.contains("$40.00"))
+        #expect(detail.contains("$10.00"))
+    }
+
+    @Test
+    func `CNY balance uses yen symbol`() throws {
+        let json = """
+        {
+          "is_available": true,
+          "balance_infos": [
+            {
+              "currency": "CNY",
+              "total_balance": "100.00",
+              "granted_balance": "0.00",
+              "topped_up_balance": "100.00"
+            }
+          ]
+        }
+        """
+        let snapshot = try DeepSeekUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        let usage = snapshot.toUsageSnapshot()
+        let detail = usage.primary?.resetDescription ?? ""
+        #expect(detail.contains("¥"))
+    }
+
+    @Test
+    func `balance snapshot has nil usage summary`() throws {
+        let json = """
+        {
+          "is_available": true,
+          "balance_infos": [
+            {
+              "currency": "USD",
+              "total_balance": "50.00",
+              "granted_balance": "10.00",
+              "topped_up_balance": "40.00"
+            }
+          ]
+        }
+        """
+        let snapshot = try DeepSeekUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.deepseekUsage == nil)
+    }
+
+    @Test
+    func `balance returns promptly when optional usage summary is slow`() async throws {
+        let probe = SummaryCancellationProbe()
+        let snapshot = try await Self.withTimeout(.seconds(10)) {
+            try await DeepSeekUsageFetcher._fetchUsageForTesting(
+                apiKey: "test-key",
+                includeOptionalUsage: true,
+                optionalSummaryJoinGrace: .milliseconds(50),
+                fetchBalanceData: { _ in
+                    Data(Self.sampleBalanceJSON.utf8)
+                },
+                fetchSummary: { _ in
+                    await probe.markStarted()
+                    do {
+                        try await Task.sleep(for: .seconds(60))
+                        return Self.sampleSummary()
+                    } catch is CancellationError {
+                        await probe.markCancelled()
+                        throw CancellationError()
+                    }
+                })
+        }
+
+        #expect(snapshot.totalBalance == 50.0)
+        #expect(snapshot.usageSummary == nil)
+        #expect(await probe.wasCancelled())
+    }
+
+    @Test
+    func `balance returns when optional usage summary fails closed`() async throws {
+        let snapshot = try await DeepSeekUsageFetcher._fetchUsageForTesting(
+            apiKey: "test-key",
+            includeOptionalUsage: true,
+            optionalSummaryJoinGrace: .seconds(2),
+            fetchBalanceData: { _ in
+                Data(Self.sampleBalanceJSON.utf8)
+            },
+            fetchSummary: { _ in
+                throw DeepSeekUsageError.networkError("simulated failure")
+            })
+
+        #expect(snapshot.totalBalance == 50.0)
+        #expect(snapshot.usageSummary == nil)
+    }
+
+    @Test
+    func `cancels optional usage summary when balance fetch fails`() async throws {
+        let probe = SummaryCancellationProbe()
+
+        do {
+            _ = try await DeepSeekUsageFetcher._fetchUsageForTesting(
+                apiKey: "test-key",
+                includeOptionalUsage: true,
+                optionalSummaryJoinGrace: .seconds(2),
+                fetchBalanceData: { _ in
+                    await probe.waitUntilStarted()
+                    throw DeepSeekUsageError.networkError("simulated balance failure")
+                },
+                fetchSummary: { _ in
+                    await probe.markStarted()
+                    do {
+                        try await Task.sleep(for: .seconds(1))
+                        return Self.sampleSummary()
+                    } catch is CancellationError {
+                        await probe.markCancelled()
+                        throw DeepSeekUsageError.networkError("cancelled")
+                    }
+                })
+            Issue.record("Expected balance failure")
+        } catch DeepSeekUsageError.networkError {
+            try await Task.sleep(for: .milliseconds(100))
+            #expect(await probe.wasCancelled())
+        }
+    }
+
+    @Test
+    func `cancels optional usage summary when balance parsing fails`() async throws {
+        let probe = SummaryCancellationProbe()
+
+        do {
+            _ = try await DeepSeekUsageFetcher._fetchUsageForTesting(
+                apiKey: "test-key",
+                includeOptionalUsage: true,
+                optionalSummaryJoinGrace: .seconds(2),
+                fetchBalanceData: { _ in
+                    await probe.waitUntilStarted()
+                    return Data("{\"is_available\":true,\"balance_infos\":[".utf8)
+                },
+                fetchSummary: { _ in
+                    await probe.markStarted()
+                    do {
+                        try await Task.sleep(for: .seconds(1))
+                        return Self.sampleSummary()
+                    } catch is CancellationError {
+                        await probe.markCancelled()
+                        throw DeepSeekUsageError.networkError("cancelled")
+                    }
+                })
+            Issue.record("Expected balance parse failure")
+        } catch DeepSeekUsageError.parseFailed {
+            try await Task.sleep(for: .milliseconds(100))
+            #expect(await probe.wasCancelled())
+        }
+    }
+
+    @Test
+    func `parent cancellation propagates while waiting for optional usage summary`() async throws {
+        let probe = SummaryCancellationProbe()
+        let task = Task {
+            try await DeepSeekUsageFetcher._fetchUsageForTesting(
+                apiKey: "test-key",
+                includeOptionalUsage: true,
+                optionalSummaryJoinGrace: .seconds(30),
+                fetchBalanceData: { _ in
+                    Data(Self.sampleBalanceJSON.utf8)
+                },
+                fetchSummary: { _ in
+                    await probe.markStarted()
+                    do {
+                        try await Task.sleep(for: .seconds(60))
+                        return Self.sampleSummary()
+                    } catch is CancellationError {
+                        await probe.markCancelled()
+                        throw CancellationError()
+                    }
+                })
+        }
+
+        await probe.waitUntilStarted()
+        task.cancel()
+
+        do {
+            _ = try await Self.withTimeout(.seconds(10)) {
+                try await task.value
+            }
+            Issue.record("Expected cancellation")
+        } catch is CancellationError {
+            #expect(await probe.wasCancelled())
+        }
+    }
+
+    @Test
+    func `usage period defaults to Gregorian API calendar`() throws {
+        let date = try #require(Self.utcDate(year: 2026, month: 5, day: 26))
+        let period = try DeepSeekUsageFetcher._apiUsagePeriodForTesting(now: date)
+
+        #expect(period.month == 5)
+        #expect(period.year == 2026)
+    }
+
+    @Test
+    func `usage period supports injected test calendar`() throws {
+        var calendar = Calendar(identifier: .buddhist)
+        calendar.timeZone = TimeZone(secondsFromGMT: 0) ?? .gmt
+        let date = try #require(Self.utcDate(year: 2026, month: 5, day: 26))
+        let period = try DeepSeekUsageFetcher._apiUsagePeriodForTesting(now: date, calendar: calendar)
+
+        #expect(period.month == 5)
+        #expect(period.year == 2569)
+    }
+
+    @Test
+    func `production path can populate usage summary when optional fetch succeeds`() async throws {
+        let expected = Self.sampleSummary()
+        let snapshot = try await DeepSeekUsageFetcher._fetchUsageForTesting(
+            apiKey: "test-key",
+            includeOptionalUsage: true,
+            optionalSummaryJoinGrace: .seconds(2),
+            fetchBalanceData: { _ in
+                Data(Self.sampleBalanceJSON.utf8)
+            },
+            fetchSummary: { _ in
+                expected
+            })
+
+        #expect(snapshot.totalBalance == 50.0)
+        #expect(snapshot.usageSummary == expected)
+    }
+
+    private static func utcDate(year: Int, month: Int, day: Int) -> Date? {
+        var calendar = Calendar(identifier: .gregorian)
+        calendar.timeZone = TimeZone(secondsFromGMT: 0) ?? .gmt
+        return calendar.date(from: DateComponents(year: year, month: month, day: day))
+    }
+}
diff --git a/Tests/CodexBarTests/DeepgramProviderTests.swift b/Tests/CodexBarTests/DeepgramProviderTests.swift
new file mode 100644
index 000000000..0d818695d
--- /dev/null
+++ b/Tests/CodexBarTests/DeepgramProviderTests.swift
@@ -0,0 +1,252 @@
+import Foundation
+import SwiftUI
+import Testing
+@testable import CodexBar
+@testable import CodexBarCore
+
+@MainActor
+struct DeepgramProviderTests {
+    @Test
+    func `deepgram field kinds and bindings`() throws {
+        let suite = "DeepgramProviderTests-field-kinds"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings)
+
+        let context = ProviderSettingsContext(
+            provider: .deepgram,
+            settings: settings,
+            store: store,
+            boolBinding: { keyPath in
+                Binding(
+                    get: { settings[keyPath: keyPath] },
+                    set: { settings[keyPath: keyPath] = $0 })
+            },
+            stringBinding: { keyPath in
+                Binding(
+                    get: { settings[keyPath: keyPath] },
+                    set: { settings[keyPath: keyPath] = $0 })
+            },
+            statusText: { _ in nil },
+            setStatusText: { _, _ in },
+            lastAppActiveRunAt: { _ in nil },
+            setLastAppActiveRunAt: { _, _ in },
+            requestConfirmation: { _ in },
+            runLoginFlow: {})
+
+        let implementation = DeepgramProviderImplementation()
+        let fields = implementation.settingsFields(context: context)
+
+        let apiField = try #require(fields.first(where: { $0.id == "deepgram-api-key" }))
+        let projectField = try #require(fields.first(where: { $0.id == "deepgram-project-id" }))
+
+        #expect(apiField.kind == .secure)
+        #expect(projectField.kind == .plain)
+
+        // Verify bindings update the SettingsStore
+        apiField.binding.wrappedValue = "dg_test_token"
+        #expect(settings.deepgramAPIKey == "dg_test_token")
+
+        projectField.binding.wrappedValue = "proj-1234"
+        #expect(settings.deepgramProjectID == "proj-1234")
+    }
+
+    @Test
+    nonisolated func `parses usage breakdown response into visible usage notes`() throws {
+        let body = #"""
+        {
+          "start": "2025-01-16",
+          "end": "2025-01-23",
+          "resolution": {
+            "units": "day",
+            "amount": 1
+          },
+          "results": [
+            {
+              "hours": 1619.7242069444444,
+              "total_hours": 1621.7395791666668,
+              "agent_hours": 41.33564388888889,
+              "tokens_in": 1200,
+              "tokens_out": 340,
+              "tts_characters": 9158866,
+              "requests": 373381,
+              "grouping": {
+                "start": "2025-01-16",
+                "end": "2025-01-16",
+                "endpoint": "listen"
+              }
+            },
+            {
+              "hours": 2.25,
+              "total_hours": 3.5,
+              "requests": 19,
+              "grouping": {
+                "start": "2025-01-17",
+                "end": "2025-01-17",
+                "endpoint": "speak"
+              }
+            }
+          ]
+        }
+        """#
+
+        let updatedAt = Date(timeIntervalSince1970: 123)
+        let snapshot = try DeepgramUsageFetcher._parseSnapshotForTesting(
+            Data(body.utf8),
+            projectID: "project-123",
+            updatedAt: updatedAt)
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(snapshot.requests == 373_400)
+        #expect(snapshot.hours == 1621.9742069444444)
+        #expect(snapshot.totalHours == 1625.2395791666668)
+        #expect(snapshot.agentHours == 41.33564388888889)
+        #expect(snapshot.tokensIn == 1200)
+        #expect(snapshot.tokensOut == 340)
+        #expect(snapshot.ttsCharacters == 9_158_866)
+        #expect(usage.deepgramUsage?.requests == 373_400)
+        #expect(usage.loginMethod(for: .deepgram) == "Project: project-123")
+        #expect(usage.deepgramUsage?.displayLines == [
+            "Requests: 373,400",
+            "1,622.0 audio hours · 1,625.2 billable hours",
+            "41.3 agent hours · 1,540 tokens · 9,158,866 TTS chars",
+            "Period: 2025-01-16 to 2025-01-23",
+        ])
+    }
+
+    @Test
+    nonisolated func `fetch usage calls breakdown endpoint with token auth`() async throws {
+        let transport = ProviderHTTPTransportStub { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            #expect(url.path == "/v1/projects/project-123/usage/breakdown")
+            let components = URLComponents(url: url, resolvingAgainstBaseURL: false)
+            #expect(components?.queryItems?.contains(URLQueryItem(name: "start", value: "2025-01-16")) == true)
+            #expect(components?.queryItems?.contains(URLQueryItem(name: "end", value: "2025-01-23")) == true)
+            #expect(request.value(forHTTPHeaderField: "Authorization") == "Token dg-test")
+            #expect(request.value(forHTTPHeaderField: "Accept") == "application/json")
+            #expect(request.timeoutInterval == 15)
+
+            let body = #"""
+            {
+              "start": "2025-01-16",
+              "end": "2025-01-23",
+              "resolution": {
+                "units": "day",
+                "amount": 1
+              },
+              "results": [
+                {
+                  "hours": 1.5,
+                  "total_hours": 2,
+                  "requests": 7
+                }
+              ]
+            }
+            """#
+            return Self.makeResponse(url: url, body: body)
+        }
+
+        let usage = try await DeepgramUsageFetcher.fetchUsage(
+            apiKey: " dg-test ",
+            projectID: " project-123 ",
+            query: DeepgramUsageQuery(start: "2025-01-16", end: "2025-01-23"),
+            environment: ["DEEPGRAM_API_URL": "https://deepgram.test/v1"],
+            transport: transport)
+
+        #expect(usage.projectID == "project-123")
+        #expect(usage.requests == 7)
+        #expect(usage.hours == 1.5)
+        #expect(usage.totalHours == 2)
+
+        let requests = await transport.requests()
+        #expect(requests.count == 1)
+    }
+
+    @Test
+    nonisolated func `fetch usage discovers projects when project id is omitted`() async throws {
+        let transport = ProviderHTTPTransportStub { request in
+            let url = try #require(request.url)
+            #expect(request.value(forHTTPHeaderField: "Authorization") == "Token dg-test")
+
+            switch url.path {
+            case "/v1/projects":
+                return Self.makeResponse(url: url, body: #"""
+                {
+                  "projects": [
+                    { "project_id": "project-a", "name": "Alpha" },
+                    { "project_id": "project-b", "name": "Beta" }
+                  ]
+                }
+                """#)
+
+            case "/v1/projects/project-a/usage/breakdown":
+                return Self.makeResponse(url: url, body: #"""
+                {
+                  "start": "2025-01-16",
+                  "end": "2025-01-23",
+                  "results": [
+                    { "hours": 1, "total_hours": 2, "requests": 3 }
+                  ]
+                }
+                """#)
+
+            case "/v1/projects/project-b/usage/breakdown":
+                return Self.makeResponse(url: url, body: #"""
+                {
+                  "start": "2025-01-17",
+                  "end": "2025-01-24",
+                  "results": [
+                    { "hours": 4, "total_hours": 5, "requests": 6 }
+                  ]
+                }
+                """#)
+
+            default:
+                throw URLError(.badURL)
+            }
+        }
+
+        let usage = try await DeepgramUsageFetcher.fetchUsage(
+            apiKey: "dg-test",
+            environment: ["DEEPGRAM_API_URL": "https://deepgram.test/v1"],
+            transport: transport)
+
+        #expect(usage.projectID == "all")
+        #expect(usage.projectCount == 2)
+        #expect(usage.requests == 9)
+        #expect(usage.hours == 5)
+        #expect(usage.totalHours == 7)
+        #expect(usage.start == "2025-01-16")
+        #expect(usage.end == "2025-01-24")
+        #expect(usage.toUsageSnapshot().loginMethod(for: .deepgram) == "2 projects")
+
+        let requests = await transport.requests()
+        #expect(requests.map { $0.url?.path } == [
+            "/v1/projects",
+            "/v1/projects/project-a/usage/breakdown",
+            "/v1/projects/project-b/usage/breakdown",
+        ])
+    }
+
+    private nonisolated static func makeResponse(
+        url: URL,
+        body: String,
+        statusCode: Int = 200) -> (Data, URLResponse)
+    {
+        let response = HTTPURLResponse(
+            url: url,
+            statusCode: statusCode,
+            httpVersion: "HTTP/1.1",
+            headerFields: ["Content-Type": "application/json"])!
+        return (Data(body.utf8), response)
+    }
+}
diff --git a/Tests/CodexBarTests/DoubaoProviderTests.swift b/Tests/CodexBarTests/DoubaoProviderTests.swift
new file mode 100644
index 000000000..9ce12c25e
--- /dev/null
+++ b/Tests/CodexBarTests/DoubaoProviderTests.swift
@@ -0,0 +1,39 @@
+import CodexBarCore
+import Foundation
+import Testing
+
+struct DoubaoProviderTests {
+    @Test
+    func `usage snapshot exposes request usage window`() {
+        let resetDate = Date(timeIntervalSince1970: 1_742_771_200)
+        let snapshot = DoubaoUsageSnapshot(
+            remainingRequests: 80,
+            limitRequests: 100,
+            resetTime: resetDate,
+            updatedAt: resetDate,
+            apiKeyValid: true)
+
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.primary?.usedPercent == 20)
+        #expect(usage.primary?.resetDescription == "20/100 requests")
+        #expect(usage.primary?.resetsAt == resetDate)
+        #expect(usage.identity?.providerID == .doubao)
+    }
+
+    @Test
+    func `usage snapshot shows active key when headers are absent`() {
+        let now = Date(timeIntervalSince1970: 1_742_771_200)
+        let snapshot = DoubaoUsageSnapshot(
+            remainingRequests: 0,
+            limitRequests: 0,
+            resetTime: nil,
+            updatedAt: now,
+            apiKeyValid: true)
+
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.primary?.usedPercent == 0)
+        #expect(usage.primary?.resetDescription == "Active - check dashboard for details")
+    }
+}
diff --git a/Tests/CodexBarTests/ElevenLabsUsageFetcherTests.swift b/Tests/CodexBarTests/ElevenLabsUsageFetcherTests.swift
new file mode 100644
index 000000000..26ce7014a
--- /dev/null
+++ b/Tests/CodexBarTests/ElevenLabsUsageFetcherTests.swift
@@ -0,0 +1,178 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct ElevenLabsUsageFetcherTests {
+    @Test
+    func `parses subscription response into usage snapshot`() throws {
+        let body = #"""
+        {
+          "tier": "creator",
+          "character_count": 25000,
+          "character_limit": 100000,
+          "voice_slots_used": 2,
+          "voice_limit": 10,
+          "professional_voice_slots_used": 1,
+          "professional_voice_limit": 2,
+          "current_overage": {"amount": "0", "currency": "usd"},
+          "status": "active",
+          "next_character_count_reset_unix": 1738356858
+        }
+        """#
+
+        let snapshot = try ElevenLabsUsageFetcher._parseSnapshotForTesting(
+            Data(body.utf8),
+            updatedAt: Date(timeIntervalSince1970: 1))
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(snapshot.characterCount == 25000)
+        #expect(snapshot.characterLimit == 100_000)
+        #expect(snapshot.usedPercent == 25)
+        #expect(snapshot.remainingCharacters == 75000)
+        #expect(usage.primary?.usedPercent == 25)
+        #expect(usage.primary?.resetDescription == "25,000 / 100,000 credits")
+        #expect(usage.primary?.resetsAt == Date(timeIntervalSince1970: 1_738_356_858))
+        #expect(usage.loginMethod(for: .elevenlabs) == "Creator")
+        #expect(usage.extraRateWindows?.count == 2)
+    }
+
+    @Test
+    func `fetch usage sends xi api key header`() async throws {
+        let registered = URLProtocol.registerClass(ElevenLabsStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(ElevenLabsStubURLProtocol.self)
+            }
+            ElevenLabsStubURLProtocol.handler = nil
+        }
+
+        ElevenLabsStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            #expect(url.path == "/v1/user/subscription")
+            #expect(request.value(forHTTPHeaderField: "xi-api-key") == "xi-test")
+            #expect(request.timeoutInterval == 15)
+
+            let body = #"""
+            {
+              "tier": "starter",
+              "character_count": 1000,
+              "character_limit": 10000,
+              "status": "active"
+            }
+            """#
+            return Self.makeResponse(url: url, body: body, statusCode: 200)
+        }
+
+        let usage = try await ElevenLabsUsageFetcher.fetchUsage(
+            apiKey: " xi-test ",
+            environment: [ElevenLabsSettingsReader.apiURLEnvironmentKey: "https://elevenlabs.test"])
+
+        #expect(usage.characterCount == 1000)
+        #expect(usage.characterLimit == 10000)
+        #expect(usage.usedPercent == 10)
+    }
+
+    @Test
+    func `fetch usage accepts versioned API base with trailing slash`() async throws {
+        let registered = URLProtocol.registerClass(ElevenLabsStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(ElevenLabsStubURLProtocol.self)
+            }
+            ElevenLabsStubURLProtocol.handler = nil
+        }
+
+        ElevenLabsStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            #expect(url.path == "/v1/user/subscription")
+
+            let body = #"""
+            {
+              "tier": "starter",
+              "character_count": 1000,
+              "character_limit": 10000,
+              "status": "active"
+            }
+            """#
+            return Self.makeResponse(url: url, body: body, statusCode: 200)
+        }
+
+        let usage = try await ElevenLabsUsageFetcher.fetchUsage(
+            apiKey: "xi-test",
+            environment: [ElevenLabsSettingsReader.apiURLEnvironmentKey: "https://elevenlabs.test/v1/"])
+
+        #expect(usage.characterCount == 1000)
+    }
+
+    @Test
+    func `non success fetch throws generic HTTP error`() async throws {
+        let registered = URLProtocol.registerClass(ElevenLabsStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(ElevenLabsStubURLProtocol.self)
+            }
+            ElevenLabsStubURLProtocol.handler = nil
+        }
+
+        ElevenLabsStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            return Self.makeResponse(url: url, body: #"{"detail":"bad xi-test"}"#, statusCode: 500)
+        }
+
+        do {
+            _ = try await ElevenLabsUsageFetcher.fetchUsage(
+                apiKey: "xi-test",
+                environment: [ElevenLabsSettingsReader.apiURLEnvironmentKey: "https://elevenlabs.test"])
+            Issue.record("Expected ElevenLabsUsageError.apiError")
+        } catch let error as ElevenLabsUsageError {
+            guard case let .apiError(message) = error else {
+                Issue.record("Expected apiError, got \(error)")
+                return
+            }
+            #expect(message == "HTTP 500")
+        }
+    }
+
+    private static func makeResponse(
+        url: URL,
+        body: String,
+        statusCode: Int = 200) -> (HTTPURLResponse, Data)
+    {
+        let response = HTTPURLResponse(
+            url: url,
+            statusCode: statusCode,
+            httpVersion: "HTTP/1.1",
+            headerFields: ["Content-Type": "application/json"])!
+        return (response, Data(body.utf8))
+    }
+}
+
+final class ElevenLabsStubURLProtocol: URLProtocol {
+    nonisolated(unsafe) static var handler: ((URLRequest) throws -> (HTTPURLResponse, Data))?
+
+    override static func canInit(with request: URLRequest) -> Bool {
+        request.url?.host == "elevenlabs.test"
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        guard let handler = Self.handler else {
+            self.client?.urlProtocol(self, didFailWithError: URLError(.badServerResponse))
+            return
+        }
+        do {
+            let (response, data) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
+}
diff --git a/Tests/CodexBarTests/FactoryManualCredentialTests.swift b/Tests/CodexBarTests/FactoryManualCredentialTests.swift
new file mode 100644
index 000000000..33edb0f9b
--- /dev/null
+++ b/Tests/CodexBarTests/FactoryManualCredentialTests.swift
@@ -0,0 +1,135 @@
+import CodexBarCore
+import Foundation
+import Testing
+
+extension FactoryStatusProbeFetchTests {
+    @Test
+    func `rejects malformed manual override before cached cookies`() async throws {
+        let registered = URLProtocol.registerClass(FactoryStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(FactoryStubURLProtocol.self)
+            }
+            FactoryStubURLProtocol.handler = nil
+            FactoryStubURLProtocol.requests = []
+            CookieHeaderCache.clear(provider: .factory)
+        }
+        FactoryStubURLProtocol.requests = []
+        CookieHeaderCache.store(provider: .factory, cookieHeader: "session=cached", sourceLabel: "Chrome")
+        FactoryStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            return Self.makeResponse(url: url, body: "{}", statusCode: 200)
+        }
+
+        let probe = FactoryStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+        await #expect {
+            _ = try await probe.fetch(cookieHeaderOverride: "definitely not a cookie or bearer")
+        } throws: { error in
+            guard case FactoryStatusProbeError.noSessionCookie = error else { return false }
+            return true
+        }
+        #expect(FactoryStubURLProtocol.requests.isEmpty)
+    }
+
+    @Test
+    func `falls back to bearer authorization when pasted cookie is stale`() async throws {
+        let registered = URLProtocol.registerClass(FactoryStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(FactoryStubURLProtocol.self)
+            }
+            FactoryStubURLProtocol.handler = nil
+            FactoryStubURLProtocol.requests = []
+        }
+        FactoryStubURLProtocol.requests = []
+
+        FactoryStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            if request.value(forHTTPHeaderField: "Cookie")?.contains("stale-session") == true {
+                return Self.makeResponse(url: url, body: "{}", statusCode: 401)
+            }
+            guard request.value(forHTTPHeaderField: "Authorization") == "Bearer factory-access-token" else {
+                return Self.makeResponse(url: url, body: "{}", statusCode: 401)
+            }
+            #expect(request.value(forHTTPHeaderField: "Cookie") == nil)
+            if url.host == "api.factory.ai", url.path == "/api/app/auth/me" {
+                let body = """
+                {
+                  "organization": {
+                    "id": "org_1",
+                    "name": "Acme",
+                    "subscription": {
+                      "factoryTier": "team",
+                      "orbSubscription": {
+                        "plan": { "name": "Team", "id": "plan_1" },
+                        "status": "active"
+                      }
+                    }
+                  },
+                  "userProfile": {
+                    "id": "user-1",
+                    "email": "user@example.com"
+                  }
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            if url.host == "api.factory.ai", url.path == "/api/billing/limits" {
+                return Self.makeResponse(url: url, body: "{}", statusCode: 404)
+            }
+            if url.host == "api.factory.ai", url.path == "/api/organization/subscription/usage" {
+                let body = """
+                {
+                  "usage": {
+                    "standard": {
+                      "userTokens": 100,
+                      "totalAllowance": 1000,
+                      "usedRatio": 0.10
+                    }
+                  },
+                  "userId": "user-1"
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            return Self.makeResponse(url: url, body: "{}", statusCode: 404)
+        }
+
+        let probe = FactoryStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+        let snapshot = try await probe.fetch(
+            cookieHeaderOverride: "Cookie: session=stale-session\nAuthorization: Bearer factory-access-token")
+
+        #expect(snapshot.userId == "user-1")
+        #expect(snapshot.standardUserTokens == 100)
+        #expect(snapshot.standardAllowance == 1000)
+        #expect(Self.requestTrace() == [
+            "GET app.factory.ai/api/app/auth/me",
+            "GET auth.factory.ai/api/app/auth/me",
+            "GET api.factory.ai/api/app/auth/me",
+            "GET api.factory.ai/api/app/auth/me",
+            "GET api.factory.ai/api/billing/limits",
+            "GET api.factory.ai/api/organization/subscription/usage?useCache=true&userId=user-1",
+        ])
+    }
+
+    private static func makeResponse(
+        url: URL,
+        body: String,
+        statusCode: Int = 200) -> (HTTPURLResponse, Data)
+    {
+        let response = HTTPURLResponse(
+            url: url,
+            statusCode: statusCode,
+            httpVersion: "HTTP/1.1",
+            headerFields: ["Content-Type": "application/json"])!
+        return (response, Data(body.utf8))
+    }
+
+    private static func requestTrace() -> [String] {
+        FactoryStubURLProtocol.requests.compactMap { request in
+            guard let url = request.url else { return nil }
+            let query = url.query.map { "?\($0)" } ?? ""
+            return "\(request.httpMethod ?? "?") \(url.host ?? "unknown")\(url.path)\(query)"
+        }
+    }
+}
diff --git a/Tests/CodexBarTests/FactoryProviderImplementationTests.swift b/Tests/CodexBarTests/FactoryProviderImplementationTests.swift
new file mode 100644
index 000000000..f37f19446
--- /dev/null
+++ b/Tests/CodexBarTests/FactoryProviderImplementationTests.swift
@@ -0,0 +1,82 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@MainActor
+struct FactoryProviderImplementationTests {
+    @Test
+    func `extra usage balance respects optional usage setting`() throws {
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            providerCost: ProviderCostSnapshot(
+                used: 25,
+                limit: 0,
+                currencyCode: "USD",
+                period: "Extra usage balance",
+                updatedAt: Date(timeIntervalSince1970: 0)),
+            updatedAt: Date(timeIntervalSince1970: 0))
+
+        var hiddenEntries: [ProviderMenuEntry] = []
+        let hiddenContext = try Self.context(snapshot: snapshot, showOptionalUsage: false)
+        FactoryProviderImplementation().appendUsageMenuEntries(
+            context: hiddenContext,
+            entries: &hiddenEntries)
+        #expect(hiddenEntries.isEmpty)
+
+        var visibleEntries: [ProviderMenuEntry] = []
+        let visibleContext = try Self.context(snapshot: snapshot, showOptionalUsage: true)
+        FactoryProviderImplementation().appendUsageMenuEntries(
+            context: visibleContext,
+            entries: &visibleEntries)
+
+        guard case let .text(title, style) = try #require(visibleEntries.first) else {
+            Issue.record("Expected Factory extra usage balance menu text")
+            return
+        }
+        #expect(title == "Extra usage balance: $25.00")
+        #expect(style == .primary)
+    }
+
+    private static func context(
+        snapshot: UsageSnapshot,
+        showOptionalUsage: Bool) throws -> ProviderMenuUsageContext
+    {
+        let suite = "FactoryProviderImplementationTests-\(UUID().uuidString)"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore(),
+            codexCookieStore: InMemoryCookieHeaderStore(),
+            claudeCookieStore: InMemoryCookieHeaderStore(),
+            cursorCookieStore: InMemoryCookieHeaderStore(),
+            opencodeCookieStore: InMemoryCookieHeaderStore(),
+            factoryCookieStore: InMemoryCookieHeaderStore(),
+            minimaxCookieStore: InMemoryMiniMaxCookieStore(),
+            minimaxAPITokenStore: InMemoryMiniMaxAPITokenStore(),
+            kimiTokenStore: InMemoryKimiTokenStore(),
+            kimiK2TokenStore: InMemoryKimiK2TokenStore(),
+            augmentCookieStore: InMemoryCookieHeaderStore(),
+            ampCookieStore: InMemoryCookieHeaderStore(),
+            copilotTokenStore: InMemoryCopilotTokenStore(),
+            tokenAccountStore: InMemoryTokenAccountStore())
+        settings.showOptionalCreditsAndExtraUsage = showOptionalUsage
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing,
+            environmentBase: [:])
+
+        return ProviderMenuUsageContext(
+            provider: .factory,
+            store: store,
+            settings: settings,
+            metadata: FactoryProviderDescriptor.descriptor.metadata,
+            snapshot: snapshot)
+    }
+}
diff --git a/Tests/CodexBarTests/FactoryStatusProbeFetchTests.swift b/Tests/CodexBarTests/FactoryStatusProbeFetchTests.swift
index d1c09f649..c1d8e2cf4 100644
--- a/Tests/CodexBarTests/FactoryStatusProbeFetchTests.swift
+++ b/Tests/CodexBarTests/FactoryStatusProbeFetchTests.swift
@@ -1,18 +1,242 @@
-import CodexBarCore
 import Foundation
 import Testing
+@testable import CodexBarCore
 
 @Suite(.serialized)
 struct FactoryStatusProbeFetchTests {
     @Test
-    func fetchesSnapshotUsingCookieHeaderOverride() async throws {
+    func `keeps stored Factory cookies available when cached header is not logged in`() async throws {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
         let registered = URLProtocol.registerClass(FactoryStubURLProtocol.self)
         defer {
             if registered {
                 URLProtocol.unregisterClass(FactoryStubURLProtocol.self)
             }
             FactoryStubURLProtocol.handler = nil
+            FactoryStubURLProtocol.requests = []
         }
+        FactoryStubURLProtocol.requests = []
+
+        FactoryStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            if url.host == "app.factory.ai",
+               url.path == "/api/app/auth/me",
+               request.value(forHTTPHeaderField: "Cookie")?.contains("stale-cache") == true
+            {
+                return Self.makeResponse(url: url, body: "{}", statusCode: 401)
+            }
+            if url.host == "api.factory.ai", url.path == "/api/app/auth/me" {
+                let body = """
+                {
+                  "organization": {
+                    "id": "org_1",
+                    "name": "Acme",
+                    "subscription": {
+                      "factoryTier": "team",
+                      "orbSubscription": {
+                        "plan": { "name": "Team", "id": "plan_1" },
+                        "status": "active"
+                      }
+                    }
+                  }
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            if url.host == "api.factory.ai", url.path == "/api/organization/subscription/usage" {
+                let body = """
+                {
+                  "usage": {
+                    "standard": {
+                      "userTokens": 100,
+                      "totalAllowance": 1000
+                    }
+                  },
+                  "userId": "user-1"
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            return Self.makeResponse(url: url, body: "{}", statusCode: 404)
+        }
+
+        let cookie = try #require(HTTPCookie(properties: [
+            .domain: "app.factory.ai",
+            .path: "/",
+            .name: "session",
+            .value: "valid-session",
+        ]))
+
+        let sessionFile = try await Self.isolateFactorySessionStore()
+        defer {
+            try? FileManager.default.removeItem(at: sessionFile)
+        }
+
+        await FactorySessionStore.shared.clearSession()
+        CookieHeaderCache.store(provider: .factory, cookieHeader: "session=stale-cache", sourceLabel: "Chrome")
+        await FactorySessionStore.shared.setCookies([cookie])
+        await FactorySessionStore.shared.resetInMemoryForTesting()
+        defer {
+            CookieHeaderCache.clear(provider: .factory)
+        }
+
+        let probe = FactoryStatusProbe(
+            timeout: 1.0,
+            browserDetection: BrowserDetection(
+                homeDirectory: "/tmp/codexbar-empty-browser-home",
+                cacheTTL: 0,
+                fileExists: { _ in false },
+                directoryContents: { _ in nil }))
+
+        let snapshot = try await probe.fetch()
+
+        #expect(CookieHeaderCache.load(provider: .factory) == nil)
+        #expect(snapshot.userId == "user-1")
+        #expect(await FactorySessionStore.shared.getCookies().map(\.value) == ["valid-session"])
+        #expect(Self.requestTrace() == [
+            "GET app.factory.ai/api/app/auth/me",
+            "GET api.factory.ai/api/app/auth/me",
+            "GET api.factory.ai/api/billing/limits",
+            "GET api.factory.ai/api/organization/subscription/usage?useCache=true",
+        ])
+        await FactorySessionStore.shared.clearSession()
+    }
+
+    @Test
+    func `preserves stored Factory refresh token when stored cookies are not logged in`() async throws {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+        let registered = URLProtocol.registerClass(FactoryStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(FactoryStubURLProtocol.self)
+            }
+            FactoryStubURLProtocol.handler = nil
+            FactoryStubURLProtocol.requests = []
+        }
+        FactoryStubURLProtocol.requests = []
+
+        FactoryStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            if url.host == "app.factory.ai", url.path == "/api/app/auth/me" {
+                return Self.makeResponse(url: url, body: "{}", statusCode: 401)
+            }
+            if url.host == "api.factory.ai",
+               url.path == "/api/app/auth/me",
+               request.value(forHTTPHeaderField: "Cookie")?.contains("stale-session") == true
+            {
+                return Self.makeResponse(url: url, body: "{}", statusCode: 401)
+            }
+            if url.host == "api.workos.com", url.path == "/user_management/authenticate" {
+                let requestBody = try Self.requestJSONBody(from: request)
+                guard requestBody["refresh_token"] as? String == "stale-refresh" else {
+                    throw URLError(.userAuthenticationRequired)
+                }
+                let body = """
+                {
+                  "access_token": "fresh-access",
+                  "refresh_token": "fresh-refresh"
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            if url.host == "api.factory.ai", url.path == "/api/app/auth/me" {
+                let body = """
+                {
+                  "organization": {
+                    "id": "org_1",
+                    "name": "Acme",
+                    "subscription": {
+                      "factoryTier": "team",
+                      "orbSubscription": {
+                        "plan": { "name": "Team", "id": "plan_1" },
+                        "status": "active"
+                      }
+                    }
+                  }
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            if url.host == "api.factory.ai", url.path == "/api/organization/subscription/usage" {
+                let body = """
+                {
+                  "usage": {
+                    "standard": {
+                      "userTokens": 100,
+                      "totalAllowance": 1000
+                    }
+                  },
+                  "userId": "user-1"
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            return Self.makeResponse(url: url, body: "{}", statusCode: 404)
+        }
+
+        let cookie = try #require(HTTPCookie(properties: [
+            .domain: "app.factory.ai",
+            .path: "/",
+            .name: "session",
+            .value: "stale-session",
+        ]))
+
+        let sessionFile = try await Self.isolateFactorySessionStore()
+        defer {
+            try? FileManager.default.removeItem(at: sessionFile)
+        }
+
+        await FactorySessionStore.shared.clearSession()
+        CookieHeaderCache.store(provider: .factory, cookieHeader: "session=stale-cache", sourceLabel: "Chrome")
+        await FactorySessionStore.shared.setCookies([cookie])
+        await FactorySessionStore.shared.setRefreshToken("stale-refresh")
+        await FactorySessionStore.shared.resetInMemoryForTesting()
+        defer {
+            CookieHeaderCache.clear(provider: .factory)
+        }
+
+        let probe = FactoryStatusProbe(
+            timeout: 1.0,
+            browserDetection: BrowserDetection(
+                homeDirectory: "/tmp/codexbar-empty-browser-home",
+                cacheTTL: 0,
+                fileExists: { _ in false },
+                directoryContents: { _ in nil }))
+
+        let snapshot = try await probe.fetch()
+
+        #expect(CookieHeaderCache.load(provider: .factory) == nil)
+        #expect(snapshot.userId == "user-1")
+        #expect(await FactorySessionStore.shared.getCookies().isEmpty)
+        #expect(await FactorySessionStore.shared.getBearerToken() == "fresh-access")
+        #expect(await FactorySessionStore.shared.getRefreshToken() == "fresh-refresh")
+        #expect(Self.requestTrace() == [
+            "GET app.factory.ai/api/app/auth/me",
+            "GET api.factory.ai/api/app/auth/me",
+            "GET app.factory.ai/api/app/auth/me",
+            "POST api.workos.com/user_management/authenticate",
+            "GET api.factory.ai/api/app/auth/me",
+            "GET api.factory.ai/api/billing/limits",
+            "GET api.factory.ai/api/organization/subscription/usage?useCache=true",
+        ])
+        await FactorySessionStore.shared.clearSession()
+    }
+
+    @Test
+    func `fetches snapshot using cookie header override`() async throws {
+        let registered = URLProtocol.registerClass(FactoryStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(FactoryStubURLProtocol.self)
+            }
+            FactoryStubURLProtocol.handler = nil
+            FactoryStubURLProtocol.requests = []
+        }
+        FactoryStubURLProtocol.requests = []
 
         FactoryStubURLProtocol.handler = { request in
             guard let url = request.url else { throw URLError(.badURL) }
@@ -78,6 +302,385 @@ struct FactoryStatusProbeFetchTests {
         #expect(usage.secondary?.usedPercent == 10)
     }
 
+    @Test
+    func `uses bearer subject when auth profile omits user id`() async throws {
+        let registered = URLProtocol.registerClass(FactoryStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(FactoryStubURLProtocol.self)
+            }
+            FactoryStubURLProtocol.handler = nil
+            FactoryStubURLProtocol.requests = []
+        }
+        FactoryStubURLProtocol.requests = []
+
+        FactoryStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            if url.path == "/api/app/auth/me" {
+                let body = """
+                {
+                  "organization": {
+                    "id": "org_1",
+                    "name": "Acme",
+                    "subscription": {
+                      "factoryTier": "team",
+                      "orbSubscription": {
+                        "plan": { "name": "Team", "id": "plan_1" },
+                        "status": "active"
+                      }
+                    }
+                  },
+                  "userProfile": {
+                    "email": "user@example.com",
+                    "role": "member"
+                  }
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            if url.host == "api.factory.ai", url.path == "/api/billing/limits" {
+                return Self.makeResponse(url: url, body: "{}", statusCode: 404)
+            }
+            if url.path == "/api/organization/subscription/usage" {
+                guard URLComponents(url: url, resolvingAgainstBaseURL: false)?
+                    .queryItems?
+                    .contains(where: { $0.name == "userId" && $0.value == "user_jwt" }) == true
+                else {
+                    return Self.makeResponse(
+                        url: url,
+                        body: #"{"detail":"Must be manager to get usage for other users"}"#,
+                        statusCode: 403)
+                }
+                let body = """
+                {
+                  "usage": {
+                    "standard": {
+                      "userTokens": 100,
+                      "totalAllowance": 1000,
+                      "usedRatio": 0.10
+                    }
+                  },
+                  "userId": "user_jwt"
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            return Self.makeResponse(url: url, body: "{}", statusCode: 404)
+        }
+
+        let token = Self.makeJWT(payload: ["sub": "user_jwt"])
+        let probe = FactoryStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+        let snapshot = try await probe.fetch(cookieHeaderOverride: "access-token=\(token); session=abc")
+
+        #expect(snapshot.userId == "user_jwt")
+        #expect(snapshot.standardUserTokens == 100)
+        #expect(Self.requestTrace() == [
+            "GET app.factory.ai/api/app/auth/me",
+            "GET api.factory.ai/api/billing/limits",
+            "GET app.factory.ai/api/organization/subscription/usage?useCache=true&userId=user_jwt",
+        ])
+    }
+
+    @Test
+    func `falls back to legacy usage when billing limits request fails`() async throws {
+        let registered = URLProtocol.registerClass(FactoryStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(FactoryStubURLProtocol.self)
+            }
+            FactoryStubURLProtocol.handler = nil
+            FactoryStubURLProtocol.requests = []
+        }
+        FactoryStubURLProtocol.requests = []
+
+        FactoryStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            if url.path == "/api/app/auth/me" {
+                let body = """
+                {
+                  "organization": {
+                    "id": "org_1",
+                    "name": "Acme",
+                    "subscription": {
+                      "factoryTier": "team",
+                      "orbSubscription": {
+                        "plan": { "name": "Team", "id": "plan_1" },
+                        "status": "active"
+                      }
+                    }
+                  }
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            if url.host == "api.factory.ai", url.path == "/api/billing/limits" {
+                throw URLError(.timedOut)
+            }
+            if url.path == "/api/organization/subscription/usage" {
+                let body = """
+                {
+                  "usage": {
+                    "standard": {
+                      "userTokens": 100,
+                      "totalAllowance": 1000,
+                      "usedRatio": 0.10
+                    },
+                    "premium": {
+                      "userTokens": 20,
+                      "totalAllowance": 100,
+                      "usedRatio": 0.20
+                    }
+                  },
+                  "userId": "user-1"
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            return Self.makeResponse(url: url, body: "{}", statusCode: 404)
+        }
+
+        let probe = FactoryStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+        let snapshot = try await probe.fetch(cookieHeaderOverride: "access-token=test.jwt.token; session=abc")
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(snapshot.tokenRateLimits == nil)
+        #expect(usage.primary?.usedPercent == 10)
+        #expect(usage.secondary?.usedPercent == 20)
+        #expect(Self.requestTrace() == [
+            "GET app.factory.ai/api/app/auth/me",
+            "GET api.factory.ai/api/billing/limits",
+            "GET app.factory.ai/api/organization/subscription/usage?useCache=true",
+        ])
+    }
+
+    @Test
+    func `falls back to legacy usage when billing limits rejects auth`() async throws {
+        let registered = URLProtocol.registerClass(FactoryStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(FactoryStubURLProtocol.self)
+            }
+            FactoryStubURLProtocol.handler = nil
+            FactoryStubURLProtocol.requests = []
+        }
+        FactoryStubURLProtocol.requests = []
+
+        FactoryStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            if url.path == "/api/app/auth/me" {
+                let body = """
+                {
+                  "organization": {
+                    "id": "org_1",
+                    "name": "Acme",
+                    "subscription": {
+                      "factoryTier": "team",
+                      "orbSubscription": {
+                        "plan": { "name": "Team", "id": "plan_1" },
+                        "status": "active"
+                      }
+                    }
+                  }
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            if url.host == "api.factory.ai", url.path == "/api/billing/limits" {
+                return Self.makeResponse(url: url, body: "{}", statusCode: 403)
+            }
+            if url.path == "/api/organization/subscription/usage" {
+                let body = """
+                {
+                  "usage": {
+                    "standard": {
+                      "userTokens": 100,
+                      "totalAllowance": 1000,
+                      "usedRatio": 0.10
+                    },
+                    "premium": {
+                      "userTokens": 20,
+                      "totalAllowance": 100,
+                      "usedRatio": 0.20
+                    }
+                  },
+                  "userId": "user-1"
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            return Self.makeResponse(url: url, body: "{}", statusCode: 404)
+        }
+
+        let probe = FactoryStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+        let snapshot = try await probe.fetch(cookieHeaderOverride: "access-token=test.jwt.token; session=abc")
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(snapshot.tokenRateLimits == nil)
+        #expect(usage.primary?.usedPercent == 10)
+        #expect(usage.secondary?.usedPercent == 20)
+        #expect(Self.requestTrace() == [
+            "GET app.factory.ai/api/app/auth/me",
+            "GET api.factory.ai/api/billing/limits",
+            "GET app.factory.ai/api/organization/subscription/usage?useCache=true",
+        ])
+    }
+
+    @Test
+    func `uses token rate limits billing when core pool is absent`() async throws {
+        let registered = URLProtocol.registerClass(FactoryStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(FactoryStubURLProtocol.self)
+            }
+            FactoryStubURLProtocol.handler = nil
+            FactoryStubURLProtocol.requests = []
+        }
+        FactoryStubURLProtocol.requests = []
+
+        FactoryStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            if url.path == "/api/app/auth/me" {
+                let body = """
+                {
+                  "organization": {
+                    "id": "org_1",
+                    "name": "Acme",
+                    "subscription": {
+                      "factoryTier": "team",
+                      "orbSubscription": {
+                        "plan": { "name": "Team", "id": "plan_1" },
+                        "status": "active"
+                      }
+                    }
+                  }
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            if url.host == "api.factory.ai", url.path == "/api/billing/limits" {
+                let body = """
+                {
+                  "usesTokenRateLimitsBilling": true,
+                  "extraUsageBalanceCents": 2500,
+                  "overagePreference": null,
+                  "extraUsageAllowed": false,
+                  "tokenRateLimitsRolloutEligible": true,
+                  "limits": {
+                    "standard": {
+                      "fiveHour": { "usedPercent": 12, "secondsRemaining": 3600 },
+                      "weekly": { "usedPercent": 34, "secondsRemaining": 7200 },
+                      "monthly": { "usedPercent": 56, "secondsRemaining": 10800 }
+                    }
+                  }
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            if url.path == "/api/organization/subscription/usage" {
+                return Self.makeResponse(url: url, body: "{}", statusCode: 500)
+            }
+            return Self.makeResponse(url: url, body: "{}", statusCode: 404)
+        }
+
+        let probe = FactoryStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+        let snapshot = try await probe.fetch(cookieHeaderOverride: "access-token=test.jwt.token; session=abc")
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(snapshot.tokenRateLimits != nil)
+        #expect(usage.primary?.usedPercent == 12)
+        #expect(usage.secondary?.usedPercent == 34)
+        #expect(usage.tertiary?.usedPercent == 56)
+        #expect(usage.extraRateWindows == nil)
+        #expect(usage.providerCost?.used == 25)
+        #expect(Self.requestTrace() == [
+            "GET app.factory.ai/api/app/auth/me",
+            "GET api.factory.ai/api/billing/limits",
+        ])
+    }
+
+    @Test
+    func `uses token rate limits billing when enabled`() async throws {
+        let registered = URLProtocol.registerClass(FactoryStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(FactoryStubURLProtocol.self)
+            }
+            FactoryStubURLProtocol.handler = nil
+            FactoryStubURLProtocol.requests = []
+        }
+        FactoryStubURLProtocol.requests = []
+
+        FactoryStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            if url.path == "/api/app/auth/me" {
+                let body = """
+                {
+                  "organization": {
+                    "id": "org_1",
+                    "name": "Acme",
+                    "subscription": {
+                      "factoryTier": "team",
+                      "orbSubscription": {
+                        "plan": { "name": "Team", "id": "plan_1" },
+                        "status": "active"
+                      }
+                    }
+                  }
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            if url.host == "api.factory.ai", url.path == "/api/billing/limits" {
+                let body = """
+                {
+                  "usesTokenRateLimitsBilling": true,
+                  "extraUsageBalanceCents": 2500,
+                  "overagePreference": "core",
+                  "extraUsageAllowed": true,
+                  "tokenRateLimitsRolloutEligible": true,
+                  "limits": {
+                    "standard": {
+                      "fiveHour": { "usedPercent": 12, "secondsRemaining": 3600 },
+                      "weekly": { "usedPercent": 34, "secondsRemaining": 7200 },
+                      "monthly": { "usedPercent": 56, "secondsRemaining": 10800 }
+                    },
+                    "core": {
+                      "fiveHour": { "usedPercent": 7, "secondsRemaining": 1800 },
+                      "weekly": { "usedPercent": 8, "secondsRemaining": 2800 },
+                      "monthly": { "usedPercent": 9, "secondsRemaining": 3800 }
+                    }
+                  }
+                }
+                """
+                return Self.makeResponse(url: url, body: body)
+            }
+            if url.path == "/api/organization/subscription/usage" {
+                return Self.makeResponse(url: url, body: "{}", statusCode: 500)
+            }
+            return Self.makeResponse(url: url, body: "{}", statusCode: 404)
+        }
+
+        let probe = FactoryStatusProbe(browserDetection: BrowserDetection(cacheTTL: 0))
+        let snapshot = try await probe.fetch(cookieHeaderOverride: "access-token=test.jwt.token; session=abc")
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(snapshot.tokenRateLimits != nil)
+        #expect(usage.primary?.usedPercent == 12)
+        #expect(usage.primary?.windowMinutes == 300)
+        #expect(usage.secondary?.usedPercent == 34)
+        #expect(usage.secondary?.windowMinutes == 10080)
+        #expect(usage.tertiary?.usedPercent == 56)
+        #expect(usage.extraRateWindows?.map(\.id) == ["factory-core-5h", "factory-core-7d", "factory-core-monthly"])
+        #expect(usage.extraRateWindows?.first?.window.usedPercent == 7)
+        #expect(usage.providerCost?.used == 25)
+        #expect(usage.providerCost?.limit == 0)
+        #expect(usage.loginMethod(for: .factory) == "Factory Team - Team - Fallback: core")
+        #expect(Self.requestTrace() == [
+            "GET app.factory.ai/api/app/auth/me",
+            "GET api.factory.ai/api/billing/limits",
+        ])
+    }
+
     private static func makeResponse(
         url: URL,
         body: String,
@@ -90,10 +693,73 @@ struct FactoryStatusProbeFetchTests {
             headerFields: ["Content-Type": "application/json"])!
         return (response, Data(body.utf8))
     }
+
+    private static func makeJWT(payload: [String: Any]) -> String {
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        let header = ["alg": "none", "typ": "JWT"]
+        let headerData = (try? JSONSerialization.data(withJSONObject: header)) ?? Data()
+        let payloadData = (try? JSONSerialization.data(withJSONObject: payload)) ?? Data()
+        return "\(base64URL(headerData)).\(base64URL(payloadData))."
+    }
+
+    private static func requestTrace() -> [String] {
+        FactoryStubURLProtocol.requests.compactMap { request in
+            guard let url = request.url else { return nil }
+            let query = url.query.map { "?\($0)" } ?? ""
+            return "\(request.httpMethod ?? "?") \(url.host ?? "unknown")\(url.path)\(query)"
+        }
+    }
+
+    private static func isolateFactorySessionStore() async throws -> URL {
+        let directory = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codexbar-factory-tests", isDirectory: true)
+        try FileManager.default.createDirectory(at: directory, withIntermediateDirectories: true)
+        let fileURL = directory.appendingPathComponent("\(UUID().uuidString).json")
+        await FactorySessionStore.shared.useFileURLForTesting(fileURL)
+        return fileURL
+    }
+
+    private static func requestJSONBody(from request: URLRequest) throws -> [String: Any] {
+        let data = try self.requestBodyData(from: request)
+        return try #require(JSONSerialization.jsonObject(with: data) as? [String: Any])
+    }
+
+    private static func requestBodyData(from request: URLRequest) throws -> Data {
+        if let body = request.httpBody {
+            return body
+        }
+        guard let stream = request.httpBodyStream else {
+            throw URLError(.badServerResponse)
+        }
+
+        stream.open()
+        defer { stream.close() }
+
+        var data = Data()
+        var buffer = [UInt8](repeating: 0, count: 1024)
+        while stream.hasBytesAvailable {
+            let count = stream.read(&buffer, maxLength: buffer.count)
+            if count < 0 {
+                throw stream.streamError ?? URLError(.cannotDecodeRawData)
+            }
+            if count == 0 {
+                break
+            }
+            data.append(buffer, count: count)
+        }
+        return data
+    }
 }
 
 final class FactoryStubURLProtocol: URLProtocol {
     nonisolated(unsafe) static var handler: ((URLRequest) throws -> (HTTPURLResponse, Data))?
+    nonisolated(unsafe) static var requests: [URLRequest] = []
 
     override static func canInit(with request: URLRequest) -> Bool {
         guard let host = request.url?.host else { return false }
@@ -110,6 +776,7 @@ final class FactoryStubURLProtocol: URLProtocol {
             return
         }
         do {
+            Self.requests.append(self.request)
             let (response, data) = try handler(self.request)
             self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
             self.client?.urlProtocol(self, didLoad: data)
diff --git a/Tests/CodexBarTests/FactoryStatusProbeTests.swift b/Tests/CodexBarTests/FactoryStatusProbeTests.swift
index f9aa8fe0b..f5481d074 100644
--- a/Tests/CodexBarTests/FactoryStatusProbeTests.swift
+++ b/Tests/CodexBarTests/FactoryStatusProbeTests.swift
@@ -2,10 +2,21 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
+struct FactoryProviderDescriptorTests {
+    @Test
+    func `descriptor keeps legacy labels by default`() {
+        let metadata = FactoryProviderDescriptor.descriptor.metadata
+
+        #expect(metadata.sessionLabel == "Standard")
+        #expect(metadata.weeklyLabel == "Premium")
+        #expect(metadata.opusLabel == nil)
+        #expect(!metadata.supportsOpus)
+    }
+}
+
 struct FactoryStatusSnapshotTests {
     @Test
-    func mapsUsageSnapshotWindowsAndLoginMethod() {
+    func `maps usage snapshot windows and login method`() {
         let periodEnd = Date(timeIntervalSince1970: 1_738_368_000) // Feb 1, 2025
         let snapshot = FactoryStatusSnapshot(
             standardUserTokens: 50,
@@ -33,7 +44,7 @@ struct FactoryStatusSnapshotTests {
     }
 
     @Test
-    func treatsLargeAllowancesAsUnlimited() {
+    func `treats large allowances as unlimited`() {
         let snapshot = FactoryStatusSnapshot(
             standardUserTokens: 50_000_000,
             standardOrgTokens: 0,
@@ -56,7 +67,7 @@ struct FactoryStatusSnapshotTests {
     }
 
     @Test
-    func prefersAPIUsedRatioWhenAllowanceMissing() {
+    func `prefers API used ratio when allowance missing`() {
         let snapshot = FactoryStatusSnapshot(
             standardUserTokens: 72_311_737,
             standardOrgTokens: 72_311_737,
@@ -82,7 +93,7 @@ struct FactoryStatusSnapshotTests {
     }
 
     @Test
-    func usesPercentScaleRatioWhenAllowanceMissing() {
+    func `uses percent scale ratio when allowance missing`() {
         let snapshot = FactoryStatusSnapshot(
             standardUserTokens: 0,
             standardOrgTokens: 0,
@@ -107,7 +118,34 @@ struct FactoryStatusSnapshotTests {
     }
 
     @Test
-    func fallsBackToCalculationWhenAPIRatioMissing() {
+    func `falls back to calculation when API ratio is zero but usage and allowance are present`() {
+        let snapshot = FactoryStatusSnapshot(
+            standardUserTokens: 5_826_293,
+            standardOrgTokens: 0,
+            standardAllowance: 20_000_000,
+            standardUsedRatio: 0,
+            premiumUserTokens: 0,
+            premiumOrgTokens: 0,
+            premiumAllowance: 0,
+            premiumUsedRatio: 0,
+            periodStart: nil,
+            periodEnd: nil,
+            planName: nil,
+            tier: nil,
+            organizationName: nil,
+            accountEmail: nil,
+            userId: nil,
+            rawJSON: nil)
+
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.primary?.usedPercent ?? 0 > 29)
+        #expect(usage.primary?.usedPercent ?? 0 < 30)
+        #expect(usage.secondary?.usedPercent == 0)
+    }
+
+    @Test
+    func `falls back to calculation when API ratio missing`() {
         let snapshot = FactoryStatusSnapshot(
             standardUserTokens: 50_000_000,
             standardOrgTokens: 0,
@@ -132,7 +170,7 @@ struct FactoryStatusSnapshotTests {
     }
 
     @Test
-    func fallsBackWhenAPIRatioIsInvalid() {
+    func `falls back when API ratio is invalid`() {
         let snapshot = FactoryStatusSnapshot(
             standardUserTokens: 50_000_000,
             standardOrgTokens: 0,
@@ -157,7 +195,7 @@ struct FactoryStatusSnapshotTests {
     }
 
     @Test
-    func clampsSlightlyOutOfRangeRatios() {
+    func `clamps slightly out of range ratios`() {
         let snapshot = FactoryStatusSnapshot(
             standardUserTokens: 100_000_000,
             standardOrgTokens: 0,
@@ -182,10 +220,9 @@ struct FactoryStatusSnapshotTests {
     }
 }
 
-@Suite
 struct FactoryStatusProbeWorkOSTests {
     @Test
-    func detectsMissingRefreshTokenPayload() {
+    func `detects missing refresh token payload`() {
         let payload = Data("""
         {"error":"invalid_request","error_description":"Missing refresh token."}
         """.utf8)
diff --git a/Tests/CodexBarTests/Fixtures/codex-historical-usage-real-legacy.jsonl b/Tests/CodexBarTests/Fixtures/codex-historical-usage-real-legacy.jsonl
new file mode 100644
index 000000000..24c52e180
--- /dev/null
+++ b/Tests/CodexBarTests/Fixtures/codex-historical-usage-real-legacy.jsonl
@@ -0,0 +1,6 @@
+{"accountKey":"d12264663b6c957df161c4eaa04268ee1eba54730fc206d6d1530a333fbc1bf5","provider":"codex","resetsAt":"2026-02-17T05:37:00Z","sampledAt":"2026-02-10T05:37:00Z","source":"backfill","usedPercent":0,"v":1,"windowKind":"secondary","windowMinutes":10080}
+{"accountKey":"d12264663b6c957df161c4eaa04268ee1eba54730fc206d6d1530a333fbc1bf5","provider":"codex","resetsAt":"2026-02-17T05:37:00Z","sampledAt":"2026-02-10T17:37:00Z","source":"backfill","usedPercent":15.888694315201283,"v":1,"windowKind":"secondary","windowMinutes":10080}
+{"accountKey":"d12264663b6c957df161c4eaa04268ee1eba54730fc206d6d1530a333fbc1bf5","provider":"codex","resetsAt":"2026-02-17T05:37:00Z","sampledAt":"2026-02-11T05:37:00Z","source":"backfill","usedPercent":36.46543073970202,"v":1,"windowKind":"secondary","windowMinutes":10080}
+{"accountKey":"d12264663b6c957df161c4eaa04268ee1eba54730fc206d6d1530a333fbc1bf5","provider":"codex","resetsAt":"2026-02-17T05:37:00Z","sampledAt":"2026-02-16T05:37:00Z","source":"backfill","usedPercent":100,"v":1,"windowKind":"secondary","windowMinutes":10080}
+{"accountKey":"d12264663b6c957df161c4eaa04268ee1eba54730fc206d6d1530a333fbc1bf5","provider":"codex","resetsAt":"2026-02-17T05:37:00Z","sampledAt":"2026-02-16T17:37:00Z","source":"backfill","usedPercent":100,"v":1,"windowKind":"secondary","windowMinutes":10080}
+{"accountKey":"d12264663b6c957df161c4eaa04268ee1eba54730fc206d6d1530a333fbc1bf5","provider":"codex","resetsAt":"2026-02-17T05:37:00Z","sampledAt":"2026-02-17T05:37:00Z","source":"backfill","usedPercent":100,"v":1,"windowKind":"secondary","windowMinutes":10080}
diff --git a/Tests/CodexBarTests/Fixtures/codex-plan-utilization-real-migration.json b/Tests/CodexBarTests/Fixtures/codex-plan-utilization-real-migration.json
new file mode 100644
index 000000000..0b5236165
--- /dev/null
+++ b/Tests/CodexBarTests/Fixtures/codex-plan-utilization-real-migration.json
@@ -0,0 +1,211 @@
+{
+  "version": 1,
+  "preferredAccountKey": "codex:v1:provider-account:0c2a5eef-a612-45bb-9796-9aa83ce1bed7",
+  "unscoped": [],
+  "accounts": {
+    "3e31a7fdc57ea26c62fd7061d25dcab74a91b0da2d8f514b07e99aad800ee897": [
+      {
+        "name": "session",
+        "windowMinutes": 300,
+        "entries": [
+          {
+            "capturedAt": "2026-03-23T09:55:44Z",
+            "resetsAt": "2026-03-23T10:28:16Z",
+            "usedPercent": 9
+          },
+          {
+            "capturedAt": "2026-03-23T10:27:49Z",
+            "resetsAt": "2026-03-23T10:28:16Z",
+            "usedPercent": 13
+          },
+          {
+            "capturedAt": "2026-04-01T07:07:28Z",
+            "resetsAt": "2026-04-01T12:07:28Z",
+            "usedPercent": 0
+          },
+          {
+            "capturedAt": "2026-04-01T07:59:25Z",
+            "resetsAt": "2026-04-01T12:57:12Z",
+            "usedPercent": 0
+          },
+          {
+            "capturedAt": "2026-04-01T08:30:22Z",
+            "resetsAt": "2026-04-01T12:57:12Z",
+            "usedPercent": 6
+          }
+        ]
+      },
+      {
+        "name": "weekly",
+        "windowMinutes": 10080,
+        "entries": [
+          {
+            "capturedAt": "2026-03-23T09:55:44Z",
+            "resetsAt": "2026-03-25T17:41:02Z",
+            "usedPercent": 51
+          },
+          {
+            "capturedAt": "2026-03-23T10:54:47Z",
+            "resetsAt": "2026-03-25T17:41:02Z",
+            "usedPercent": 53
+          },
+          {
+            "capturedAt": "2026-03-23T11:59:59Z",
+            "resetsAt": "2026-03-25T17:41:02Z",
+            "usedPercent": 53
+          },
+          {
+            "capturedAt": "2026-04-01T07:43:34Z",
+            "resetsAt": "2026-04-03T05:42:22Z",
+            "usedPercent": 62
+          },
+          {
+            "capturedAt": "2026-04-01T07:59:25Z",
+            "resetsAt": "2026-04-08T07:57:12Z",
+            "usedPercent": 0
+          },
+          {
+            "capturedAt": "2026-04-01T08:30:22Z",
+            "resetsAt": "2026-04-08T07:57:12Z",
+            "usedPercent": 2
+          }
+        ]
+      }
+    ],
+    "ae933d834c92219543c3f3ee7d5117b129f89174b6c47b2ab793df968f3616f4": [
+      {
+        "name": "weekly",
+        "windowMinutes": 10080,
+        "entries": [
+          {
+            "capturedAt": "2026-03-28T06:50:16Z",
+            "resetsAt": "2026-04-02T20:34:15Z",
+            "usedPercent": 1
+          },
+          {
+            "capturedAt": "2026-03-29T13:32:29Z",
+            "resetsAt": "2026-04-02T20:34:15Z",
+            "usedPercent": 1
+          },
+          {
+            "capturedAt": "2026-03-29T14:45:59Z",
+            "resetsAt": "2026-04-02T20:34:15Z",
+            "usedPercent": 1
+          },
+          {
+            "capturedAt": "2026-03-31T13:49:22Z",
+            "resetsAt": "2026-04-02T20:34:16Z",
+            "usedPercent": 1
+          },
+          {
+            "capturedAt": "2026-03-31T16:58:41Z",
+            "resetsAt": "2026-04-02T20:34:15Z",
+            "usedPercent": 1
+          },
+          {
+            "capturedAt": "2026-03-31T17:07:31Z",
+            "resetsAt": "2026-04-02T20:34:15Z",
+            "usedPercent": 1
+          }
+        ]
+      }
+    ],
+    "codex:v1:email-hash:e0905a26346930c615f5517913dad1a23312d882159719fbc429819216ff42b2": [
+      {
+        "name": "session",
+        "windowMinutes": 300,
+        "entries": [
+          {
+            "capturedAt": "2026-03-29T16:53:28Z",
+            "usedPercent": 18
+          },
+          {
+            "capturedAt": "2026-03-29T17:24:28Z",
+            "usedPercent": 18
+          },
+          {
+            "capturedAt": "2026-04-01T15:03:43Z",
+            "usedPercent": 10
+          },
+          {
+            "capturedAt": "2026-04-01T16:37:42Z",
+            "usedPercent": 10
+          },
+          {
+            "capturedAt": "2026-04-01T19:49:10Z",
+            "usedPercent": 10
+          }
+        ]
+      }
+    ],
+    "codex:v1:provider-account:0c2a5eef-a612-45bb-9796-9aa83ce1bed7": [
+      {
+        "name": "session",
+        "windowMinutes": 300,
+        "entries": [
+          {
+            "capturedAt": "2026-04-01T08:58:21Z",
+            "resetsAt": "2026-04-01T12:57:13Z",
+            "usedPercent": 6
+          },
+          {
+            "capturedAt": "2026-04-01T09:54:18Z",
+            "resetsAt": "2026-04-01T12:57:13Z",
+            "usedPercent": 8
+          },
+          {
+            "capturedAt": "2026-04-01T18:58:52Z",
+            "resetsAt": "2026-04-01T22:57:27Z",
+            "usedPercent": 4
+          },
+          {
+            "capturedAt": "2026-04-01T19:44:58Z",
+            "resetsAt": "2026-04-01T22:57:27Z",
+            "usedPercent": 8
+          },
+          {
+            "capturedAt": "2026-04-01T20:33:41Z",
+            "resetsAt": "2026-04-01T22:57:27Z",
+            "usedPercent": 10
+          }
+        ]
+      },
+      {
+        "name": "weekly",
+        "windowMinutes": 10080,
+        "entries": [
+          {
+            "capturedAt": "2026-04-01T08:58:21Z",
+            "resetsAt": "2026-04-08T07:57:13Z",
+            "usedPercent": 2
+          },
+          {
+            "capturedAt": "2026-04-01T09:54:18Z",
+            "resetsAt": "2026-04-08T07:57:13Z",
+            "usedPercent": 2
+          },
+          {
+            "capturedAt": "2026-04-01T10:54:30Z",
+            "resetsAt": "2026-04-08T07:57:12Z",
+            "usedPercent": 3
+          },
+          {
+            "capturedAt": "2026-04-01T18:58:52Z",
+            "resetsAt": "2026-04-08T07:57:12Z",
+            "usedPercent": 10
+          },
+          {
+            "capturedAt": "2026-04-01T19:44:58Z",
+            "resetsAt": "2026-04-08T07:57:13Z",
+            "usedPercent": 12
+          },
+          {
+            "capturedAt": "2026-04-01T20:33:41Z",
+            "resetsAt": "2026-04-08T07:57:12Z",
+            "usedPercent": 12
+          }
+        ]
+      }
+    ]
+  }
+}
diff --git a/Tests/CodexBarTests/Fixtures/models-dev-subset.json b/Tests/CodexBarTests/Fixtures/models-dev-subset.json
new file mode 100644
index 000000000..312b0bab0
--- /dev/null
+++ b/Tests/CodexBarTests/Fixtures/models-dev-subset.json
@@ -0,0 +1,89 @@
+{
+  "openai": {
+    "id": "openai",
+    "name": "OpenAI",
+    "models": {
+      "gpt-4o-mini": {
+        "id": "gpt-4o-mini",
+        "name": "GPT-4o mini",
+        "cost": {
+          "input": 0.15,
+          "output": 0.6,
+          "cache_read": 0.08
+        },
+        "limit": {
+          "context": 128000,
+          "output": 16384
+        }
+      },
+      "shared-model": {
+        "id": "shared-model",
+        "name": "Shared model via OpenAI",
+        "cost": {
+          "input": 1,
+          "output": 2
+        },
+        "limit": {
+          "context": 128000
+        }
+      }
+    }
+  },
+  "anthropic": {
+    "id": "anthropic",
+    "name": "Anthropic",
+    "models": {
+      "shared-model": {
+        "id": "shared-model",
+        "name": "Shared model via Anthropic",
+        "cost": {
+          "input": 3,
+          "output": 4
+        },
+        "limit": {
+          "context": 200000
+        }
+      },
+      "claude-sonnet-4-6": {
+        "id": "claude-sonnet-4-6",
+        "name": "Claude Sonnet 4.6",
+        "cost": {
+          "input": 3,
+          "output": 15,
+          "cache_read": 0.3,
+          "cache_write": 3.75,
+          "context_over_200k": {
+            "input": 6,
+            "output": 22.5,
+            "cache_read": 0.6,
+            "cache_write": 7.5
+          }
+        },
+        "limit": {
+          "context": 1000000,
+          "output": 64000
+        }
+      }
+    }
+  },
+  "google-vertex-anthropic": {
+    "id": "google-vertex-anthropic",
+    "name": "Vertex (Anthropic)",
+    "models": {
+      "claude-sonnet-4-6@default": {
+        "id": "claude-sonnet-4-6@default",
+        "name": "Claude Sonnet 4.6",
+        "cost": {
+          "input": 3.1,
+          "output": 15.1,
+          "cache_read": 0.31,
+          "cache_write": 3.76
+        },
+        "limit": {
+          "context": 1000000,
+          "output": 64000
+        }
+      }
+    }
+  }
+}
diff --git a/Tests/CodexBarTests/GeminiAPITestHelpers.swift b/Tests/CodexBarTests/GeminiAPITestHelpers.swift
index 0e20efc34..b243f22ab 100644
--- a/Tests/CodexBarTests/GeminiAPITestHelpers.swift
+++ b/Tests/CodexBarTests/GeminiAPITestHelpers.swift
@@ -37,6 +37,11 @@ enum GeminiAPITestHelpers {
                     "remainingFraction": 0.9,
                     "resetTime": "2025-01-01T00:00:00Z",
                 ],
+                [
+                    "modelId": "gemini-2.5-flash-lite",
+                    "remainingFraction": 0.8,
+                    "resetTime": "2025-01-01T00:00:00Z",
+                ],
             ],
         ])
     }
diff --git a/Tests/CodexBarTests/GeminiLoginAlertTests.swift b/Tests/CodexBarTests/GeminiLoginAlertTests.swift
index ce919a897..5905904b6 100644
--- a/Tests/CodexBarTests/GeminiLoginAlertTests.swift
+++ b/Tests/CodexBarTests/GeminiLoginAlertTests.swift
@@ -1,10 +1,9 @@
 import Testing
 @testable import CodexBar
 
-@Suite
 struct GeminiLoginAlertTests {
     @Test
-    func returnsAlertForMissingBinary() {
+    func `returns alert for missing binary`() {
         let result = GeminiLoginRunner.Result(outcome: .missingBinary)
         let info = StatusItemController.geminiLoginAlertInfo(for: result)
         #expect(info?.title == "Gemini CLI not found")
@@ -12,7 +11,7 @@ struct GeminiLoginAlertTests {
     }
 
     @Test
-    func returnsAlertForLaunchFailure() {
+    func `returns alert for launch failure`() {
         let result = GeminiLoginRunner.Result(outcome: .launchFailed("Boom"))
         let info = StatusItemController.geminiLoginAlertInfo(for: result)
         #expect(info?.title == "Could not open Terminal for Gemini")
@@ -20,7 +19,7 @@ struct GeminiLoginAlertTests {
     }
 
     @Test
-    func returnsNilOnSuccess() {
+    func `returns nil on success`() {
         let result = GeminiLoginRunner.Result(outcome: .success)
         let info = StatusItemController.geminiLoginAlertInfo(for: result)
         #expect(info == nil)
diff --git a/Tests/CodexBarTests/GeminiMenuCardTests.swift b/Tests/CodexBarTests/GeminiMenuCardTests.swift
new file mode 100644
index 000000000..bf7e89aff
--- /dev/null
+++ b/Tests/CodexBarTests/GeminiMenuCardTests.swift
@@ -0,0 +1,57 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct GeminiMenuCardTests {
+    @Test
+    func `gemini model uses flash lite title for tertiary metric`() throws {
+        let now = Date()
+        let identity = ProviderIdentitySnapshot(
+            providerID: .gemini,
+            accountEmail: "gemini@example.com",
+            accountOrganization: nil,
+            loginMethod: "Paid")
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 0,
+                windowMinutes: 1440,
+                resetsAt: now.addingTimeInterval(3600),
+                resetDescription: "Resets in 1h"),
+            secondary: RateWindow(
+                usedPercent: 25,
+                windowMinutes: 1440,
+                resetsAt: now.addingTimeInterval(7200),
+                resetDescription: "Resets in 2h"),
+            tertiary: RateWindow(
+                usedPercent: 40,
+                windowMinutes: 1440,
+                resetsAt: now.addingTimeInterval(10800),
+                resetDescription: "Resets in 3h"),
+            updatedAt: now,
+            identity: identity)
+        let metadata = try #require(ProviderDefaults.metadata[.gemini])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .gemini,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: "gemini@example.com", plan: "Paid"),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.metrics.map(\.title) == ["Pro", "Flash", "Flash Lite"])
+    }
+}
diff --git a/Tests/CodexBarTests/GeminiSourceLabelTests.swift b/Tests/CodexBarTests/GeminiSourceLabelTests.swift
new file mode 100644
index 000000000..8ba8ee11c
--- /dev/null
+++ b/Tests/CodexBarTests/GeminiSourceLabelTests.swift
@@ -0,0 +1,9 @@
+import Testing
+@testable import CodexBarCore
+
+struct GeminiSourceLabelTests {
+    @Test
+    func `Gemini source label reflects OAuth backed API requests`() {
+        #expect(GeminiStatusFetchStrategy.sourceLabel == "oauth-api")
+    }
+}
diff --git a/Tests/CodexBarTests/GeminiStatusProbeAPITests.swift b/Tests/CodexBarTests/GeminiStatusProbeAPITests.swift
index 8cbff0e44..976ac72b9 100644
--- a/Tests/CodexBarTests/GeminiStatusProbeAPITests.swift
+++ b/Tests/CodexBarTests/GeminiStatusProbeAPITests.swift
@@ -2,10 +2,10 @@ import CodexBarCore
 import Foundation
 import Testing
 
-@Suite("Gemini API", .serialized)
+@Suite(.serialized)
 struct GeminiStatusProbeAPITests {
     @Test
-    func missingCredentialsThrowsNotLoggedIn() async throws {
+    func `missing credentials throws not logged in`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
 
@@ -16,7 +16,7 @@ struct GeminiStatusProbeAPITests {
     }
 
     @Test
-    func rejectsApiKeyAuthType() async throws {
+    func `rejects api key auth type`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         try env.writeSettings(authType: "api-key")
@@ -28,7 +28,7 @@ struct GeminiStatusProbeAPITests {
     }
 
     @Test
-    func rejectsVertexAuthType() async throws {
+    func `rejects vertex auth type`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         try env.writeSettings(authType: "vertex-ai")
@@ -40,7 +40,7 @@ struct GeminiStatusProbeAPITests {
     }
 
     @Test
-    func refreshesExpiredTokenAndUpdatesStoredCredentials() async throws {
+    func `refreshes expired token and updates stored credentials`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         try env.writeCredentials(
@@ -67,6 +67,13 @@ struct GeminiStatusProbeAPITests {
 
             switch host {
             case "oauth2.googleapis.com":
+                // Fail the refresh if the client_id did not come from the test stub.
+                // This guards against the probe accidentally extracting OAuth creds
+                // from an unrelated Gemini install on the developer's machine.
+                let body = request.httpBody.flatMap { String(data: $0, encoding: .utf8) } ?? ""
+                guard body.contains("client_id=test-client-id") else {
+                    return GeminiAPITestHelpers.response(url: url.absoluteString, status: 400, body: Data())
+                }
                 let json = GeminiAPITestHelpers.jsonData([
                     "access_token": "new-token",
                     "expires_in": 3600,
@@ -112,7 +119,78 @@ struct GeminiStatusProbeAPITests {
     }
 
     @Test
-    func refreshesExpiredTokenWithNixShareLayout() async throws {
+    func `refreshes when stored Gemini credentials only have refresh token`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeCredentials(
+            accessToken: nil,
+            refreshToken: "refresh-token",
+            expiry: Date().addingTimeInterval(3600),
+            idToken: nil)
+
+        let binURL = try env.writeFakeGeminiCLI()
+        let previousValue = ProcessInfo.processInfo.environment["GEMINI_CLI_PATH"]
+        setenv("GEMINI_CLI_PATH", binURL.path, 1)
+        defer {
+            if let previousValue {
+                setenv("GEMINI_CLI_PATH", previousValue, 1)
+            } else {
+                unsetenv("GEMINI_CLI_PATH")
+            }
+        }
+
+        let dataLoader = GeminiAPITestHelpers.dataLoader { request in
+            guard let url = request.url, let host = url.host else {
+                throw URLError(.badURL)
+            }
+
+            switch host {
+            case "oauth2.googleapis.com":
+                let body = request.httpBody.flatMap { String(data: $0, encoding: .utf8) } ?? ""
+                guard body.contains("client_id=test-client-id") else {
+                    return GeminiAPITestHelpers.response(url: url.absoluteString, status: 400, body: Data())
+                }
+                let json = GeminiAPITestHelpers.jsonData([
+                    "access_token": "new-token",
+                    "expires_in": 3600,
+                    "id_token": GeminiAPITestHelpers.makeIDToken(email: "user@example.com"),
+                ])
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 200, body: json)
+            case "cloudresourcemanager.googleapis.com":
+                return GeminiAPITestHelpers.response(
+                    url: url.absoluteString,
+                    status: 200,
+                    body: GeminiAPITestHelpers.jsonData(["projects": []]))
+            case "cloudcode-pa.googleapis.com":
+                if url.path == "/v1internal:loadCodeAssist" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.loadCodeAssistStandardTierResponse())
+                }
+                let auth = request.value(forHTTPHeaderField: "Authorization")
+                guard auth == "Bearer new-token" else {
+                    return GeminiAPITestHelpers.response(url: url.absoluteString, status: 401, body: Data())
+                }
+                return GeminiAPITestHelpers.response(
+                    url: url.absoluteString,
+                    status: 200,
+                    body: GeminiAPITestHelpers.sampleQuotaResponse())
+            default:
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            }
+        }
+
+        let probe = GeminiStatusProbe(timeout: 2, homeDirectory: env.homeURL.path, dataLoader: dataLoader)
+        let snapshot = try await probe.fetch()
+        #expect(snapshot.accountEmail == "user@example.com")
+
+        let updated = try env.readCredentials()
+        #expect(updated["access_token"] as? String == "new-token")
+    }
+
+    @Test
+    func `refreshes expired token with nix share layout`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         try env.writeCredentials(
@@ -139,6 +217,13 @@ struct GeminiStatusProbeAPITests {
 
             switch host {
             case "oauth2.googleapis.com":
+                // Fail the refresh if the client_id did not come from the test stub.
+                // This guards against the probe accidentally extracting OAuth creds
+                // from an unrelated Gemini install on the developer's machine.
+                let body = request.httpBody.flatMap { String(data: $0, encoding: .utf8) } ?? ""
+                guard body.contains("client_id=test-client-id") else {
+                    return GeminiAPITestHelpers.response(url: url.absoluteString, status: 400, body: Data())
+                }
                 let json = GeminiAPITestHelpers.jsonData([
                     "access_token": "new-token",
                     "expires_in": 3600,
@@ -181,7 +266,190 @@ struct GeminiStatusProbeAPITests {
     }
 
     @Test
-    func usesCodeAssistProjectForQuota() async throws {
+    func `refreshes expired token with fnm bundle layout`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeCredentials(
+            accessToken: "old-token",
+            refreshToken: "refresh-token",
+            expiry: Date().addingTimeInterval(-3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "user@example.com"))
+
+        let binURL = try env.writeFakeGeminiCLI(layout: .fnmBundle)
+        // Match the real fnm layout: package root is inside the same multishell
+        // dir as the bin symlink target, under lib/node_modules/@google/gemini-cli.
+        let multishellRoot = binURL.deletingLastPathComponent().deletingLastPathComponent()
+        let packageJSONPath = multishellRoot
+            .appendingPathComponent("lib")
+            .appendingPathComponent("node_modules")
+            .appendingPathComponent("@google")
+            .appendingPathComponent("gemini-cli")
+            .appendingPathComponent("package.json")
+        let npmRoot = packageJSONPath
+            .deletingLastPathComponent()
+            .deletingLastPathComponent()
+            .deletingLastPathComponent()
+            .path
+        _ = try env.writeFakeFnm(npmRoot: npmRoot, geminiPackageJSONPath: packageJSONPath.path)
+
+        let previousPath = ProcessInfo.processInfo.environment["PATH"]
+        let fakeBinDir = env.homeURL.appendingPathComponent("bin").path
+        let pathValue = if let previousPath, !previousPath.isEmpty {
+            "\(fakeBinDir):\(binURL.deletingLastPathComponent().path):\(previousPath)"
+        } else {
+            "\(fakeBinDir):\(binURL.deletingLastPathComponent().path)"
+        }
+        setenv("PATH", pathValue, 1)
+
+        let previousGeminiPath = ProcessInfo.processInfo.environment["GEMINI_CLI_PATH"]
+        setenv("GEMINI_CLI_PATH", binURL.path, 1)
+        defer {
+            if let previousPath {
+                setenv("PATH", previousPath, 1)
+            } else {
+                unsetenv("PATH")
+            }
+
+            if let previousGeminiPath {
+                setenv("GEMINI_CLI_PATH", previousGeminiPath, 1)
+            } else {
+                unsetenv("GEMINI_CLI_PATH")
+            }
+        }
+
+        let dataLoader = GeminiAPITestHelpers.dataLoader { request in
+            guard let url = request.url, let host = url.host else {
+                throw URLError(.badURL)
+            }
+
+            switch host {
+            case "oauth2.googleapis.com":
+                // Fail the refresh if the client_id did not come from the test stub.
+                // This guards against the probe accidentally extracting OAuth creds
+                // from an unrelated Gemini install on the developer's machine.
+                let body = request.httpBody.flatMap { String(data: $0, encoding: .utf8) } ?? ""
+                guard body.contains("client_id=test-client-id") else {
+                    return GeminiAPITestHelpers.response(url: url.absoluteString, status: 400, body: Data())
+                }
+                let json = GeminiAPITestHelpers.jsonData([
+                    "access_token": "new-token",
+                    "expires_in": 3600,
+                    "id_token": GeminiAPITestHelpers.makeIDToken(email: "user@example.com"),
+                ])
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 200, body: json)
+            case "cloudresourcemanager.googleapis.com":
+                let json = GeminiAPITestHelpers.jsonData(["projects": []])
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 200, body: json)
+            case "cloudcode-pa.googleapis.com":
+                if url.path == "/v1internal:loadCodeAssist" {
+                    let auth = request.value(forHTTPHeaderField: "Authorization")
+                    if auth != "Bearer new-token" {
+                        return GeminiAPITestHelpers.response(url: url.absoluteString, status: 401, body: Data())
+                    }
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.loadCodeAssistStandardTierResponse())
+                }
+                if url.path != "/v1internal:retrieveUserQuota" {
+                    return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+                }
+                let auth = request.value(forHTTPHeaderField: "Authorization")
+                if auth != "Bearer new-token" {
+                    return GeminiAPITestHelpers.response(url: url.absoluteString, status: 401, body: Data())
+                }
+                return GeminiAPITestHelpers.response(
+                    url: url.absoluteString,
+                    status: 200,
+                    body: GeminiAPITestHelpers.sampleQuotaResponse())
+            default:
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            }
+        }
+
+        let probe = GeminiStatusProbe(timeout: 2, homeDirectory: env.homeURL.path, dataLoader: dataLoader)
+        let snapshot = try await probe.fetch()
+        #expect(snapshot.accountPlan == "Paid")
+
+        let updated = try env.readCredentials()
+        #expect(updated["access_token"] as? String == "new-token")
+    }
+
+    @Test
+    func `refreshes expired token with homebrew bundle layout`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeCredentials(
+            accessToken: "old-token",
+            refreshToken: "refresh-token",
+            expiry: Date().addingTimeInterval(-3600),
+            idToken: GeminiAPITestHelpers.makeIDToken(email: "user@example.com"))
+
+        let binURL = try env.writeFakeGeminiCLI(layout: .homebrewBundle)
+        let previousGeminiPath = ProcessInfo.processInfo.environment["GEMINI_CLI_PATH"]
+        setenv("GEMINI_CLI_PATH", binURL.path, 1)
+        defer {
+            if let previousGeminiPath {
+                setenv("GEMINI_CLI_PATH", previousGeminiPath, 1)
+            } else {
+                unsetenv("GEMINI_CLI_PATH")
+            }
+        }
+
+        let dataLoader = GeminiAPITestHelpers.dataLoader { request in
+            guard let url = request.url, let host = url.host else {
+                throw URLError(.badURL)
+            }
+
+            switch host {
+            case "oauth2.googleapis.com":
+                let body = request.httpBody.flatMap { String(data: $0, encoding: .utf8) } ?? ""
+                guard body.contains("client_id=test-client-id") else {
+                    return GeminiAPITestHelpers.response(url: url.absoluteString, status: 400, body: Data())
+                }
+                let json = GeminiAPITestHelpers.jsonData([
+                    "access_token": "new-token",
+                    "expires_in": 3600,
+                    "id_token": GeminiAPITestHelpers.makeIDToken(email: "user@example.com"),
+                ])
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 200, body: json)
+            case "cloudresourcemanager.googleapis.com":
+                return GeminiAPITestHelpers.response(
+                    url: url.absoluteString,
+                    status: 200,
+                    body: GeminiAPITestHelpers.jsonData(["projects": []]))
+            case "cloudcode-pa.googleapis.com":
+                guard request.value(forHTTPHeaderField: "Authorization") == "Bearer new-token" else {
+                    return GeminiAPITestHelpers.response(url: url.absoluteString, status: 401, body: Data())
+                }
+                if url.path == "/v1internal:loadCodeAssist" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.loadCodeAssistStandardTierResponse())
+                }
+                if url.path == "/v1internal:retrieveUserQuota" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.sampleQuotaResponse())
+                }
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            default:
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            }
+        }
+
+        let probe = GeminiStatusProbe(timeout: 2, homeDirectory: env.homeURL.path, dataLoader: dataLoader)
+        let snapshot = try await probe.fetch()
+        #expect(snapshot.accountPlan == "Paid")
+
+        let updated = try env.readCredentials()
+        #expect(updated["access_token"] as? String == "new-token")
+    }
+
+    @Test
+    func `uses code assist project for quota`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         try env.writeCredentials(
@@ -250,7 +518,66 @@ struct GeminiStatusProbeAPITests {
     }
 
     @Test
-    func failsRefreshWhenOAuthConfigMissing() async throws {
+    func `falls back to curl loader when URL session times out`() async throws {
+        let calls = LoaderCalls()
+        let url = try #require(URL(string: "https://cloudcode-pa.googleapis.com/v1internal:retrieveUserQuota"))
+        let request = URLRequest(url: url)
+        let body = Data("{\"ok\":true}".utf8)
+        let loader = GeminiStatusProbe.dataLoaderWithCurlFallback(
+            primary: { _ in
+                calls.incrementPrimary()
+                throw URLError(.timedOut)
+            },
+            fallback: { request in
+                calls.incrementFallback()
+                let (response, data) = GeminiAPITestHelpers.response(
+                    url: request.url!.absoluteString,
+                    status: 200,
+                    body: body)
+                return (data, response)
+            })
+
+        let (loadedBody, loadedResponse) = try await loader(request)
+        let counts = calls.counts()
+        #expect(loadedBody == body)
+        #expect((loadedResponse as? HTTPURLResponse)?.statusCode == 200)
+        #expect(counts.primary == 1)
+        #expect(counts.fallback == 1)
+    }
+
+    @Test
+    func `does not fall back to curl loader for non-timeout errors`() async throws {
+        let calls = LoaderCalls()
+        let url = try #require(URL(string: "https://cloudcode-pa.googleapis.com/v1internal:retrieveUserQuota"))
+        let request = URLRequest(url: url)
+        let loader = GeminiStatusProbe.dataLoaderWithCurlFallback(
+            primary: { _ in
+                calls.incrementPrimary()
+                throw URLError(.cannotFindHost)
+            },
+            fallback: { request in
+                calls.incrementFallback()
+                let (response, data) = GeminiAPITestHelpers.response(
+                    url: request.url!.absoluteString,
+                    status: 200,
+                    body: Data())
+                return (data, response)
+            })
+
+        do {
+            _ = try await loader(request)
+            Issue.record("Expected non-timeout URLSession error")
+        } catch let error as URLError {
+            #expect(error.code == .cannotFindHost)
+        }
+
+        let counts = calls.counts()
+        #expect(counts.primary == 1)
+        #expect(counts.fallback == 0)
+    }
+
+    @Test
+    func `fails refresh when O auth config missing`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         try env.writeCredentials(
@@ -277,7 +604,7 @@ struct GeminiStatusProbeAPITests {
     }
 
     @Test
-    func reportsApiErrors() async throws {
+    func `reports api errors`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         try env.writeCredentials(
@@ -313,7 +640,7 @@ struct GeminiStatusProbeAPITests {
     }
 
     @Test
-    func reportsNotLoggedInWhenAccessTokenMissing() async throws {
+    func `reports not logged in when access token missing`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         try env.writeCredentials(
@@ -329,7 +656,7 @@ struct GeminiStatusProbeAPITests {
     }
 
     @Test
-    func reportsNotLoggedInOn401() async throws {
+    func `reports not logged in on401`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         try env.writeCredentials(
@@ -365,7 +692,7 @@ struct GeminiStatusProbeAPITests {
     }
 
     @Test
-    func reportsParseErrorsForInvalidPayload() async throws {
+    func `reports parse errors for invalid payload`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         try env.writeCredentials(
@@ -418,4 +745,28 @@ struct GeminiStatusProbeAPITests {
             #expect(error as? GeminiStatusProbeError == expected)
         }
     }
+
+    private final class LoaderCalls: @unchecked Sendable {
+        private let lock = NSLock()
+        private var primaryCount = 0
+        private var fallbackCount = 0
+
+        func incrementPrimary() {
+            self.lock.lock()
+            self.primaryCount += 1
+            self.lock.unlock()
+        }
+
+        func incrementFallback() {
+            self.lock.lock()
+            self.fallbackCount += 1
+            self.lock.unlock()
+        }
+
+        func counts() -> (primary: Int, fallback: Int) {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            return (self.primaryCount, self.fallbackCount)
+        }
+    }
 }
diff --git a/Tests/CodexBarTests/GeminiStatusProbePlanTests.swift b/Tests/CodexBarTests/GeminiStatusProbePlanTests.swift
index a8b2656dd..9e38fb853 100644
--- a/Tests/CodexBarTests/GeminiStatusProbePlanTests.swift
+++ b/Tests/CodexBarTests/GeminiStatusProbePlanTests.swift
@@ -2,10 +2,10 @@ import CodexBarCore
 import Foundation
 import Testing
 
-@Suite("Gemini Plan", .serialized)
+@Suite(.serialized)
 struct GeminiStatusProbePlanTests {
     @Test
-    func selectsProjectIdForQuotaRequests() async throws {
+    func `selects project id for quota requests`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         try env.writeCredentials(
@@ -53,10 +53,13 @@ struct GeminiStatusProbePlanTests {
         let probe = GeminiStatusProbe(timeout: 1, homeDirectory: env.homeURL.path, dataLoader: dataLoader)
         let snapshot = try await probe.fetch()
         #expect(snapshot.modelQuotas.contains { $0.percentLeft == 40 })
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.secondary?.remainingPercent == 40)
+        #expect(usage.tertiary == nil)
     }
 
     @Test
-    func prefersLoadCodeAssistProjectForQuotaRequests() async throws {
+    func `prefers load code assist project for quota requests`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         try env.writeCredentials(
@@ -107,10 +110,61 @@ struct GeminiStatusProbePlanTests {
         let probe = GeminiStatusProbe(timeout: 1, homeDirectory: env.homeURL.path, dataLoader: dataLoader)
         let snapshot = try await probe.fetch()
         #expect(snapshot.modelQuotas.contains { $0.percentLeft == 40 })
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.secondary?.remainingPercent == 40)
+        #expect(usage.tertiary == nil)
     }
 
     @Test
-    func detectsPaidFromStandardTier() async throws {
+    func `separates flash and flash lite quota buckets from api response`() async throws {
+        let env = try GeminiTestEnvironment()
+        defer { env.cleanup() }
+        try env.writeCredentials(
+            accessToken: "token",
+            refreshToken: nil,
+            expiry: Date().addingTimeInterval(3600),
+            idToken: nil)
+
+        let dataLoader = GeminiAPITestHelpers.dataLoader { request in
+            guard let url = request.url, let host = url.host else {
+                throw URLError(.badURL)
+            }
+            switch host {
+            case "cloudresourcemanager.googleapis.com":
+                return GeminiAPITestHelpers.response(
+                    url: url.absoluteString,
+                    status: 200,
+                    body: GeminiAPITestHelpers.jsonData(["projects": []]))
+            case "cloudcode-pa.googleapis.com":
+                if url.path == "/v1internal:loadCodeAssist" {
+                    return GeminiAPITestHelpers.response(
+                        url: url.absoluteString,
+                        status: 200,
+                        body: GeminiAPITestHelpers.loadCodeAssistStandardTierResponse())
+                }
+                if url.path != "/v1internal:retrieveUserQuota" {
+                    return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+                }
+                return GeminiAPITestHelpers.response(
+                    url: url.absoluteString,
+                    status: 200,
+                    body: GeminiAPITestHelpers.sampleQuotaResponse())
+            default:
+                return GeminiAPITestHelpers.response(url: url.absoluteString, status: 404, body: Data())
+            }
+        }
+
+        let probe = GeminiStatusProbe(timeout: 1, homeDirectory: env.homeURL.path, dataLoader: dataLoader)
+        let snapshot = try await probe.fetch()
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.primary?.remainingPercent == 60.0)
+        #expect(usage.secondary?.remainingPercent == 90.0)
+        #expect(usage.tertiary?.remainingPercent == 80.0)
+    }
+
+    @Test
+    func `detects paid from standard tier`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         try env.writeCredentials(
@@ -154,7 +208,7 @@ struct GeminiStatusProbePlanTests {
     }
 
     @Test
-    func detectsWorkspaceFromFreeTierWithHostedDomain() async throws {
+    func `detects workspace from free tier with hosted domain`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         let idToken = GeminiAPITestHelpers.makeIDToken(email: "user@company.com", hostedDomain: "company.com")
@@ -199,7 +253,7 @@ struct GeminiStatusProbePlanTests {
     }
 
     @Test
-    func detectsFreeFromFreeTierWithoutHostedDomain() async throws {
+    func `detects free from free tier without hosted domain`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         let idToken = GeminiAPITestHelpers.makeIDToken(email: "user@gmail.com")
@@ -244,7 +298,7 @@ struct GeminiStatusProbePlanTests {
     }
 
     @Test
-    func detectsLegacyFromLegacyTier() async throws {
+    func `detects legacy from legacy tier`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         try env.writeCredentials(
@@ -288,7 +342,7 @@ struct GeminiStatusProbePlanTests {
     }
 
     @Test
-    func leavesBlankWhenLoadCodeAssistFails() async throws {
+    func `leaves blank when load code assist fails`() async throws {
         let env = try GeminiTestEnvironment()
         defer { env.cleanup() }
         try env.writeCredentials(
diff --git a/Tests/CodexBarTests/GeminiStatusProbeTests.swift b/Tests/CodexBarTests/GeminiStatusProbeTests.swift
index 7ede0ffc3..a3994c64f 100644
--- a/Tests/CodexBarTests/GeminiStatusProbeTests.swift
+++ b/Tests/CodexBarTests/GeminiStatusProbeTests.swift
@@ -2,7 +2,6 @@ import CodexBarCore
 import Foundation
 import Testing
 
-@Suite
 struct GeminiStatusProbeTests {
     /// Sample /stats output from Gemini CLI (actual format with box-drawing chars)
     static let sampleStatsOutput = """
@@ -17,14 +16,14 @@ struct GeminiStatusProbeTests {
     // MARK: - Legacy CLI parsing tests (kept for fallback support)
 
     @Test
-    func parsesMinimumPercentFromMultipleModels() throws {
+    func `parses minimum percent from multiple models`() throws {
         let snap = try GeminiStatusProbe.parse(text: Self.sampleStatsOutput)
         #expect(snap.dailyPercentLeft == 99.8)
         #expect(snap.resetDescription == "Resets in 20h 37m")
     }
 
     @Test
-    func parsesLowerPercentCorrectly() throws {
+    func `parses lower percent correctly`() throws {
         let output = """
         │  Model Usage                                                  Reqs                  Usage left  │
         │  gemini-2.5-flash                                               10       85.5% (Resets in 12h)  │
@@ -36,7 +35,7 @@ struct GeminiStatusProbeTests {
     }
 
     @Test
-    func handlesZeroPercentUsage() throws {
+    func `handles zero percent usage`() throws {
         let output = """
         │  gemini-2.5-flash                                               50        0.0% (Resets in 6h)  │
         │  gemini-2.5-pro                                                 20       15.0% (Resets in 6h)  │
@@ -47,7 +46,7 @@ struct GeminiStatusProbeTests {
     }
 
     @Test
-    func handles100PercentRemaining() throws {
+    func `handles100 percent remaining`() throws {
         let output = """
         │  gemini-2.5-flash                                                -      100.0% (Resets in 24h)  │
         """
@@ -56,14 +55,14 @@ struct GeminiStatusProbeTests {
     }
 
     @Test
-    func throwsOnEmptyOutput() {
+    func `throws on empty output`() {
         #expect(throws: GeminiStatusProbeError.self) {
             try GeminiStatusProbe.parse(text: "")
         }
     }
 
     @Test
-    func throwsOnNoUsageData() {
+    func `throws on no usage data`() {
         let output = """
         Welcome to Gemini CLI!
         Type /help for available commands.
@@ -74,7 +73,7 @@ struct GeminiStatusProbeTests {
     }
 
     @Test
-    func stripsANSICodesBeforeParsing() throws {
+    func `strips ANSI codes before parsing`() throws {
         let output =
             "\u{1B}[32m│\u{1B}[0m  gemini-2.5-flash                                                -       75.5% " +
             "(Resets in 18h)  │"
@@ -83,7 +82,7 @@ struct GeminiStatusProbeTests {
     }
 
     @Test
-    func preservesRawText() throws {
+    func `preserves raw text`() throws {
         let snap = try GeminiStatusProbe.parse(text: Self.sampleStatsOutput)
         #expect(snap.rawText == Self.sampleStatsOutput)
         #expect(snap.accountEmail == nil) // Legacy parse doesn't extract email
@@ -91,7 +90,7 @@ struct GeminiStatusProbeTests {
     }
 
     @Test
-    func parsesVariousResetDescriptions() throws {
+    func `parses various reset descriptions`() throws {
         let cases: [(String, String)] = [
             ("Resets in 24h", "Resets in 24h"),
             ("Resets in 1h 30m", "Resets in 1h 30m"),
@@ -107,7 +106,7 @@ struct GeminiStatusProbeTests {
     }
 
     @Test
-    func throwsNotLoggedInOnAuthPrompt() {
+    func `throws not logged in on auth prompt`() {
         let authOutputs = [
             "Waiting for auth... (Press ESC or CTRL+C to cancel)",
             "Login with Google\nUse Gemini API key",
@@ -123,7 +122,7 @@ struct GeminiStatusProbeTests {
     // MARK: - Model quota grouping tests
 
     @Test
-    func parsesModelsIntoQuotaArray() throws {
+    func `parses models into quota array`() throws {
         let snap = try GeminiStatusProbe.parse(text: Self.sampleStatsOutput)
         // Should parse multiple models (exact count may change as Google adds/removes models)
         #expect(snap.modelQuotas.count >= 2)
@@ -135,27 +134,29 @@ struct GeminiStatusProbeTests {
     }
 
     @Test
-    func lowestPercentLeftReturnsMinimum() throws {
+    func `lowest percent left returns minimum`() throws {
         let snap = try GeminiStatusProbe.parse(text: Self.sampleStatsOutput)
         // Flash models are 99.8%, Pro models are 100%, so min should be 99.8
         #expect(snap.lowestPercentLeft == 99.8)
     }
 
     @Test
-    func tierGroupingByKeyword() throws {
+    func `tier grouping by keyword`() throws {
         // Test that flash/pro keyword filtering works (model names may change)
         let snap = try GeminiStatusProbe.parse(text: Self.sampleStatsOutput)
 
-        let flashQuotas = snap.modelQuotas.filter { $0.modelId.contains("flash") }
+        let flashQuotas = snap.modelQuotas.filter { $0.modelId.contains("flash") && !$0.modelId.contains("flash-lite") }
+        let flashLiteQuotas = snap.modelQuotas.filter { $0.modelId.contains("flash-lite") }
         let proQuotas = snap.modelQuotas.filter { $0.modelId.contains("pro") }
 
         // Should have at least one of each tier in sample
         #expect(!flashQuotas.isEmpty)
+        #expect(!flashLiteQuotas.isEmpty)
         #expect(!proQuotas.isEmpty)
     }
 
     @Test
-    func tierMinimumCalculation() throws {
+    func `tier minimum calculation`() throws {
         // Use controlled test data to verify min-per-tier logic
         // Model names must start with "gemini-" to match the parser regex
         let output = """
@@ -177,7 +178,7 @@ struct GeminiStatusProbeTests {
     }
 
     @Test
-    func quotasHaveResetDescriptions() throws {
+    func `quotas have reset descriptions`() throws {
         let snap = try GeminiStatusProbe.parse(text: Self.sampleStatsOutput)
 
         // At least some quotas should have reset descriptions
@@ -185,10 +186,74 @@ struct GeminiStatusProbeTests {
         #expect(hasResets)
     }
 
+    @Test
+    func `to usage snapshot creates separate flash and flash lite meters`() throws {
+        let snap = try GeminiStatusProbe.parse(text: Self.sampleStatsOutput)
+        let usage = snap.toUsageSnapshot()
+
+        #expect(usage.primary?.remainingPercent == 100.0)
+        #expect(usage.secondary?.remainingPercent == 99.8)
+        #expect(usage.tertiary?.remainingPercent == 99.8)
+        #expect(usage.primary?.windowMinutes == 1440)
+        #expect(usage.secondary?.windowMinutes == 1440)
+        #expect(usage.tertiary?.windowMinutes == 1440)
+        #expect(usage.secondary?.resetDescription == "Resets in 20h 37m")
+        #expect(usage.tertiary?.resetDescription == "Resets in 20h 37m")
+    }
+
+    @Test
+    func `to usage snapshot does not let flash lite contaminate flash bucket`() throws {
+        let output = """
+        │  gemini-2.5-flash                           10       91.0% (Resets in 12h)  │
+        │  gemini-2.5-flash-lite                       5       33.0% (Resets in 6h)   │
+        │  gemini-2.5-pro                              2       80.0% (Resets in 24h)  │
+        """
+        let snap = try GeminiStatusProbe.parse(text: output)
+        let usage = snap.toUsageSnapshot()
+
+        #expect(usage.secondary?.remainingPercent == 91.0)
+        #expect(usage.tertiary?.remainingPercent == 33.0)
+        #expect(usage.secondary?.resetDescription == "Resets in 12h")
+        #expect(usage.tertiary?.resetDescription == "Resets in 6h")
+    }
+
+    @Test
+    func `to usage snapshot omits tertiary when no flash lite exists`() throws {
+        let output = """
+        │  gemini-2.5-flash                           10       85.0% (Resets in 12h)  │
+        │  gemini-2.5-pro                              2       95.0% (Resets in 24h)  │
+        """
+        let snap = try GeminiStatusProbe.parse(text: output)
+        let usage = snap.toUsageSnapshot()
+
+        #expect(usage.secondary?.remainingPercent == 85.0)
+        #expect(usage.tertiary == nil)
+    }
+
+    @Test
+    func `to usage snapshot uses lowest remaining quota per tier`() throws {
+        let output = """
+        │  gemini-a-flash                            10       91.0% (Resets in 12h)  │
+        │  gemini-b-flash                             5       74.0% (Resets in 10h)  │
+        │  gemini-c-flash-lite                        8       66.0% (Resets in 9h)   │
+        │  gemini-d-flash-lite                        1       42.0% (Resets in 7h)   │
+        │  gemini-e-pro                               2       88.0% (Resets in 24h)  │
+        │  gemini-f-pro                               1       97.0% (Resets in 25h)  │
+        """
+        let snap = try GeminiStatusProbe.parse(text: output)
+        let usage = snap.toUsageSnapshot()
+
+        #expect(usage.primary?.remainingPercent == 88.0)
+        #expect(usage.secondary?.remainingPercent == 74.0)
+        #expect(usage.tertiary?.remainingPercent == 42.0)
+        #expect(usage.secondary?.resetDescription == "Resets in 10h")
+        #expect(usage.tertiary?.resetDescription == "Resets in 7h")
+    }
+
     // MARK: - Live API test
 
     @Test
-    func liveGeminiFetch() async throws {
+    func `live gemini fetch`() async throws {
         guard ProcessInfo.processInfo.environment["LIVE_GEMINI_FETCH"] == "1" else {
             return
         }
diff --git a/Tests/CodexBarTests/GeminiTestEnvironment.swift b/Tests/CodexBarTests/GeminiTestEnvironment.swift
index 3d6b0b4bb..6e7ce8d8a 100644
--- a/Tests/CodexBarTests/GeminiTestEnvironment.swift
+++ b/Tests/CodexBarTests/GeminiTestEnvironment.swift
@@ -4,18 +4,26 @@ struct GeminiTestEnvironment {
     enum GeminiCLILayout {
         case npmNested
         case nixShare
+        case fnmBundle
+        case homebrewBundle
     }
 
     let homeURL: URL
     private let geminiDir: URL
+    private let antigravityDir: URL
 
     init() throws {
         let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
         try FileManager.default.createDirectory(at: root, withIntermediateDirectories: true)
         let geminiDir = root.appendingPathComponent(".gemini")
         try FileManager.default.createDirectory(at: geminiDir, withIntermediateDirectories: true)
+        let antigravityDir = root
+            .appendingPathComponent(".codexbar")
+            .appendingPathComponent("antigravity")
+        try FileManager.default.createDirectory(at: antigravityDir, withIntermediateDirectories: true)
         self.homeURL = root
         self.geminiDir = geminiDir
+        self.antigravityDir = antigravityDir
     }
 
     func cleanup() {
@@ -34,11 +42,16 @@ struct GeminiTestEnvironment {
         try data.write(to: self.geminiDir.appendingPathComponent("settings.json"), options: .atomic)
     }
 
-    func writeCredentials(accessToken: String, refreshToken: String?, expiry: Date, idToken: String?) throws {
+    func writeCredentials(
+        accessToken: String?,
+        refreshToken: String?,
+        expiry: Date,
+        idToken: String?) throws
+    {
         var payload: [String: Any] = [
-            "access_token": accessToken,
             "expiry_date": expiry.timeIntervalSince1970 * 1000,
         ]
+        if let accessToken { payload["access_token"] = accessToken }
         if let refreshToken { payload["refresh_token"] = refreshToken }
         if let idToken { payload["id_token"] = idToken }
         let data = try JSONSerialization.data(withJSONObject: payload)
@@ -52,14 +65,45 @@ struct GeminiTestEnvironment {
         return object as? [String: Any] ?? [:]
     }
 
+    func writeAntigravityCredentials(
+        accessToken: String,
+        refreshToken: String?,
+        expiry: Date,
+        idToken: String? = nil,
+        email: String? = nil,
+        projectID: String? = nil,
+        clientID: String? = nil,
+        clientSecret: String? = nil) throws
+    {
+        var payload: [String: Any] = [
+            "access_token": accessToken,
+            "expiry_date": expiry.timeIntervalSince1970 * 1000,
+        ]
+        if let refreshToken { payload["refresh_token"] = refreshToken }
+        if let idToken { payload["id_token"] = idToken }
+        if let email { payload["email"] = email }
+        if let projectID { payload["project_id"] = projectID }
+        if let clientID { payload["client_id"] = clientID }
+        if let clientSecret { payload["client_secret"] = clientSecret }
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        try data.write(to: self.antigravityDir.appendingPathComponent("oauth_creds.json"), options: .atomic)
+    }
+
+    func readAntigravityCredentials() throws -> [String: Any] {
+        let url = self.antigravityDir.appendingPathComponent("oauth_creds.json")
+        let data = try Data(contentsOf: url)
+        let object = try JSONSerialization.jsonObject(with: data)
+        return object as? [String: Any] ?? [:]
+    }
+
     func writeFakeGeminiCLI(includeOAuth: Bool = true, layout: GeminiCLILayout = .npmNested) throws -> URL {
         let base = self.homeURL.appendingPathComponent("gemini-cli")
         let binDir = base.appendingPathComponent("bin")
         try FileManager.default.createDirectory(at: binDir, withIntermediateDirectories: true)
 
-        let oauthPath: URL = switch layout {
+        switch layout {
         case .npmNested:
-            base
+            let oauthPath = base
                 .appendingPathComponent("lib")
                 .appendingPathComponent("node_modules")
                 .appendingPathComponent("@google")
@@ -71,8 +115,28 @@ struct GeminiTestEnvironment {
                 .appendingPathComponent("src")
                 .appendingPathComponent("code_assist")
                 .appendingPathComponent("oauth2.js")
+
+            if includeOAuth {
+                try FileManager.default.createDirectory(
+                    at: oauthPath.deletingLastPathComponent(),
+                    withIntermediateDirectories: true)
+
+                let oauthContent = """
+                const OAUTH_CLIENT_ID = 'test-client-id';
+                const OAUTH_CLIENT_SECRET = 'test-client-secret';
+                """
+                try oauthContent.write(to: oauthPath, atomically: true, encoding: .utf8)
+            }
+
+            let geminiBinary = binDir.appendingPathComponent("gemini")
+            try "#!/bin/bash\nexit 0\n".write(to: geminiBinary, atomically: true, encoding: .utf8)
+            try FileManager.default.setAttributes(
+                [.posixPermissions: 0o755],
+                ofItemAtPath: geminiBinary.path)
+            return geminiBinary
+
         case .nixShare:
-            base
+            let oauthPath = base
                 .appendingPathComponent("share")
                 .appendingPathComponent("gemini-cli")
                 .appendingPathComponent("node_modules")
@@ -82,25 +146,206 @@ struct GeminiTestEnvironment {
                 .appendingPathComponent("src")
                 .appendingPathComponent("code_assist")
                 .appendingPathComponent("oauth2.js")
+
+            if includeOAuth {
+                try FileManager.default.createDirectory(
+                    at: oauthPath.deletingLastPathComponent(),
+                    withIntermediateDirectories: true)
+
+                let oauthContent = """
+                const OAUTH_CLIENT_ID = 'test-client-id';
+                const OAUTH_CLIENT_SECRET = 'test-client-secret';
+                """
+                try oauthContent.write(to: oauthPath, atomically: true, encoding: .utf8)
+            }
+
+            let geminiBinary = binDir.appendingPathComponent("gemini")
+            try "#!/bin/bash\nexit 0\n".write(to: geminiBinary, atomically: true, encoding: .utf8)
+            try FileManager.default.setAttributes(
+                [.posixPermissions: 0o755],
+                ofItemAtPath: geminiBinary.path)
+            return geminiBinary
+
+        case .fnmBundle:
+            // Mirror a real fnm multishell layout: bin/gemini is a single relative
+            // symlink into the same multishell's lib/node_modules/@google/gemini-cli,
+            // which is a plain directory with the real package.json + bundle/*.js.
+            let multishellRoot = self.homeURL
+                .appendingPathComponent("Library")
+                .appendingPathComponent("Caches")
+                .appendingPathComponent("fnm_multishells")
+                .appendingPathComponent("12345_67890")
+            let binDir = multishellRoot.appendingPathComponent("bin")
+            let packageRoot = multishellRoot
+                .appendingPathComponent("lib")
+                .appendingPathComponent("node_modules")
+                .appendingPathComponent("@google")
+                .appendingPathComponent("gemini-cli")
+            let bundleDir = packageRoot.appendingPathComponent("bundle")
+            try FileManager.default.createDirectory(at: binDir, withIntermediateDirectories: true)
+            try FileManager.default.createDirectory(at: bundleDir, withIntermediateDirectories: true)
+
+            let packageJSON = """
+            {
+              "name": "@google/gemini-cli"
+            }
+            """
+            try packageJSON.write(
+                to: packageRoot.appendingPathComponent("package.json"),
+                atomically: true,
+                encoding: .utf8)
+
+            let chunkName = "chunk-TEST123.js"
+            let geminiEntry = bundleDir.appendingPathComponent("gemini.js")
+            let geminiContent = """
+            #!/usr/bin/env node
+            import { start } from "./\(chunkName)";
+            start();
+            """
+            try geminiContent.write(to: geminiEntry, atomically: true, encoding: .utf8)
+            try FileManager.default.setAttributes(
+                [.posixPermissions: 0o755],
+                ofItemAtPath: geminiEntry.path)
+
+            let chunkContent = if includeOAuth {
+                """
+                export const start = () => {};
+                const OAUTH_CLIENT_ID = 'test-client-id';
+                const OAUTH_CLIENT_SECRET = 'test-client-secret';
+                """
+            } else {
+                "export const start = () => {};\n"
+            }
+            try chunkContent.write(
+                to: bundleDir.appendingPathComponent(chunkName),
+                atomically: true,
+                encoding: .utf8)
+
+            // Relative symlink matching what fnm actually creates:
+            //   fnm_multishells/XXX/bin/gemini -> ../lib/node_modules/@google/gemini-cli/bundle/gemini.js
+            // Use the path-based API so the target is stored as a literal relative
+            // string; the URL-based API resolves URL(fileURLWithPath: "../...") against
+            // the process CWD, which produces a bogus absolute target.
+            let geminiBinary = binDir.appendingPathComponent("gemini")
+            try FileManager.default.createSymbolicLink(
+                atPath: geminiBinary.path,
+                withDestinationPath: "../lib/node_modules/@google/gemini-cli/bundle/gemini.js")
+
+            return geminiBinary
+
+        case .homebrewBundle:
+            return try self.writeFakeHomebrewGeminiCLI(base: base, includeOAuth: includeOAuth)
         }
+    }
 
-        if includeOAuth {
-            try FileManager.default.createDirectory(
-                at: oauthPath.deletingLastPathComponent(),
-                withIntermediateDirectories: true)
+    private func writeFakeHomebrewGeminiCLI(base: URL, includeOAuth: Bool) throws -> URL {
+        let cellarRoot = base
+            .appendingPathComponent("Cellar")
+            .appendingPathComponent("gemini-cli")
+            .appendingPathComponent("0.41.2")
+        let binDir = cellarRoot.appendingPathComponent("bin")
+        let packageRoot = cellarRoot
+            .appendingPathComponent("libexec")
+            .appendingPathComponent("lib")
+            .appendingPathComponent("node_modules")
+            .appendingPathComponent("@google")
+            .appendingPathComponent("gemini-cli")
+        let bundleDir = packageRoot.appendingPathComponent("bundle")
+        try FileManager.default.createDirectory(at: binDir, withIntermediateDirectories: true)
+        try FileManager.default.createDirectory(at: bundleDir, withIntermediateDirectories: true)
 
-            let oauthContent = """
-            const OAUTH_CLIENT_ID = 'test-client-id';
-            const OAUTH_CLIENT_SECRET = 'test-client-secret';
+        let packageJSON = """
+        {
+          "name": "@google/gemini-cli"
+        }
+        """
+        try packageJSON.write(
+            to: packageRoot.appendingPathComponent("package.json"),
+            atomically: true,
+            encoding: .utf8)
+
+        let entry = bundleDir.appendingPathComponent("gemini.js")
+        try "#!/usr/bin/env node\nawait import('./gemini-HASH.js');\n".write(
+            to: entry,
+            atomically: true,
+            encoding: .utf8)
+        try FileManager.default.setAttributes(
+            [.posixPermissions: 0o755],
+            ofItemAtPath: entry.path)
+        try "export const run = () => {};\n".write(
+            to: bundleDir.appendingPathComponent("gemini-HASH.js"),
+            atomically: true,
+            encoding: .utf8)
+
+        let chunkContent = if includeOAuth {
             """
-            try oauthContent.write(to: oauthPath, atomically: true, encoding: .utf8)
+            var OAUTH_CLIENT_ID = "test-client-id";
+            var OAUTH_CLIENT_SECRET = "test-client-secret";
+            """
+        } else {
+            "export const unrelated = true;\n"
         }
+        try chunkContent.write(
+            to: bundleDir.appendingPathComponent("chunk-OAUTH.js"),
+            atomically: true,
+            encoding: .utf8)
 
         let geminiBinary = binDir.appendingPathComponent("gemini")
-        try "#!/bin/bash\nexit 0\n".write(to: geminiBinary, atomically: true, encoding: .utf8)
+        try FileManager.default.createSymbolicLink(
+            atPath: geminiBinary.path,
+            withDestinationPath: "../libexec/lib/node_modules/@google/gemini-cli/bundle/gemini.js")
+        return geminiBinary
+    }
+
+    func writeFakeFnm(
+        currentVersion: String = "v24.6.0",
+        npmRoot: String? = nil,
+        geminiPackageJSONPath: String) throws -> URL
+    {
+        let binDir = self.homeURL.appendingPathComponent("bin")
+        try FileManager.default.createDirectory(at: binDir, withIntermediateDirectories: true)
+
+        let fnmPath = binDir.appendingPathComponent("fnm")
+        let script = if let npmRoot {
+            """
+            #!/bin/bash
+            if [ "$1" = "current" ]; then
+              printf '%s\n' "\(currentVersion)"
+              exit 0
+            fi
+
+            if [ "$1" = "exec" ] && [ "$4" = "npm" ] && [ "$5" = "root" ] && [ "$6" = "-g" ]; then
+              printf '%s\n' "\(npmRoot)"
+              exit 0
+            fi
+
+            if [ "$1" = "exec" ] && [ "$4" = "node" ]; then
+              printf '%s\n' "\(geminiPackageJSONPath)"
+              exit 0
+            fi
+
+            exit 1
+            """
+        } else {
+            """
+            #!/bin/bash
+            if [ "$1" = "current" ]; then
+              printf '%s\n' "\(currentVersion)"
+              exit 0
+            fi
+
+            if [ "$1" = "exec" ]; then
+              printf '%s\n' "\(geminiPackageJSONPath)"
+              exit 0
+            fi
+
+            exit 1
+            """
+        }
+        try script.write(to: fnmPath, atomically: true, encoding: .utf8)
         try FileManager.default.setAttributes(
             [.posixPermissions: 0o755],
-            ofItemAtPath: geminiBinary.path)
-        return geminiBinary
+            ofItemAtPath: fnmPath.path)
+        return fnmPath
     }
 }
diff --git a/Tests/CodexBarTests/GoogleWorkspaceStatusNetworkTests.swift b/Tests/CodexBarTests/GoogleWorkspaceStatusNetworkTests.swift
new file mode 100644
index 000000000..926612729
--- /dev/null
+++ b/Tests/CodexBarTests/GoogleWorkspaceStatusNetworkTests.swift
@@ -0,0 +1,44 @@
+import Foundation
+import Testing
+@testable import CodexBar
+
+@MainActor
+struct GoogleWorkspaceStatusNetworkTests {
+    @Test
+    func `fetchWorkspaceStatus uses shared client`() async throws {
+        let transport = ProviderHTTPTransportStub { request in
+            let response = try HTTPURLResponse(
+                url: #require(request.url),
+                statusCode: 200,
+                httpVersion: "HTTP/1.1",
+                headerFields: ["Content-Type": "application/json"])!
+            let body = Data(#"""
+            [
+              {
+                "begin": "2026-05-10T10:00:00+00:00",
+                "end": null,
+                "affected_products": [
+                  {"title": "Gemini", "id": "npdyhgECDJ6tB66MxXyo"}
+                ],
+                "most_recent_update": {
+                  "when": "2026-05-10T10:15:00+00:00",
+                  "status": "SERVICE_OUTAGE",
+                  "text": "**Summary**\nGemini API error.\n"
+                }
+              }
+            ]
+            """#.utf8)
+            return (body, response)
+        }
+
+        let status = try await UsageStore.fetchWorkspaceStatus(
+            productID: "npdyhgECDJ6tB66MxXyo",
+            transport: transport)
+
+        #expect(status.indicator == .critical)
+        #expect(status.description == "Gemini API error.")
+        let requests = await transport.requests()
+        #expect(requests.count == 1)
+        #expect(requests.first?.url?.host == "www.google.com")
+    }
+}
diff --git a/Tests/CodexBarTests/GoogleWorkspaceStatusTests.swift b/Tests/CodexBarTests/GoogleWorkspaceStatusTests.swift
index bcab931a8..1b37b9bb1 100644
--- a/Tests/CodexBarTests/GoogleWorkspaceStatusTests.swift
+++ b/Tests/CodexBarTests/GoogleWorkspaceStatusTests.swift
@@ -2,13 +2,12 @@ import Foundation
 import Testing
 @testable import CodexBar
 
-@Suite
 @MainActor
 struct GoogleWorkspaceStatusTests {
     private let productID = "npdyhgECDJ6tB66MxXyo"
 
     @Test
-    func parseWorkspaceStatusSelectsWorstIncident() throws {
+    func `parse workspace status selects worst incident`() throws {
         let data = Data(#"""
         [
           {
@@ -47,7 +46,7 @@ struct GoogleWorkspaceStatusTests {
     }
 
     @Test
-    func parseWorkspaceStatusIgnoresResolvedIncidents() throws {
+    func `parse workspace status ignores resolved incidents`() throws {
         let data = Data(#"""
         [
           {
diff --git a/Tests/CodexBarTests/GrokAuthTests.swift b/Tests/CodexBarTests/GrokAuthTests.swift
new file mode 100644
index 000000000..a2ed52e55
--- /dev/null
+++ b/Tests/CodexBarTests/GrokAuthTests.swift
@@ -0,0 +1,188 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct GrokAuthTests {
+    @Test
+    func `parses OIDC SuperGrok entry`() throws {
+        let json = #"""
+        {
+          "https://auth.x.ai::b1a00492-073a-47ea-816f-4c329264a828": {
+            "key": "secret-access-token-123",
+            "auth_mode": "oidc",
+            "create_time": "2026-05-15T13:31:33.384327Z",
+            "user_id": "user-uuid",
+            "email": "user@example.com",
+            "first_name": "Ada",
+            "last_name": "Lovelace",
+            "team_id": "team-uuid",
+            "refresh_token": "refresh-secret",
+            "expires_at": "2026-05-22T19:31:33.384327Z",
+            "oidc_issuer": "https://auth.x.ai",
+            "oidc_client_id": "b1a00492-073a-47ea-816f-4c329264a828"
+          }
+        }
+        """#
+        let data = Data(json.utf8)
+        let creds = try GrokCredentialsStore.parse(data: data)
+
+        #expect(creds.accessToken == "secret-access-token-123")
+        #expect(creds.refreshToken == "refresh-secret")
+        #expect(creds.email == "user@example.com")
+        #expect(creds.teamId == "team-uuid")
+        #expect(creds.authMode == "oidc")
+        #expect(creds.displayName == "Ada Lovelace")
+        #expect(creds.loginMethod == "SuperGrok")
+        #expect(creds.expiresAt != nil)
+    }
+
+    @Test
+    func `falls back to legacy session scope when OIDC absent`() throws {
+        let json = #"""
+        {
+          "https://accounts.x.ai/sign-in": {
+            "key": "legacy-token",
+            "auth_mode": "session",
+            "email": "legacy@example.com"
+          }
+        }
+        """#
+        let data = Data(json.utf8)
+        let creds = try GrokCredentialsStore.parse(data: data)
+        #expect(creds.accessToken == "legacy-token")
+        #expect(creds.email == "legacy@example.com")
+        #expect(creds.loginMethod == "session")
+    }
+
+    @Test
+    func `throws missingTokens when key absent`() {
+        let json = #"{"https://auth.x.ai::abc": {"auth_mode": "oidc"}}"#
+        let data = Data(json.utf8)
+        #expect(throws: GrokCredentialsError.self) {
+            _ = try GrokCredentialsStore.parse(data: data)
+        }
+    }
+
+    @Test
+    func `throws decodeFailed when JSON is invalid`() {
+        let data = Data("not-json".utf8)
+        #expect(throws: GrokCredentialsError.self) {
+            _ = try GrokCredentialsStore.parse(data: data)
+        }
+    }
+
+    @Test
+    func `isExpired reflects past expires_at`() throws {
+        // Past expiry
+        let pastJson = #"""
+        {
+          "https://auth.x.ai::client": {
+            "key": "stale-token",
+            "expires_at": "2020-01-01T00:00:00Z"
+          }
+        }
+        """#
+        let past = try GrokCredentialsStore.parse(data: Data(pastJson.utf8))
+        #expect(past.isExpired == true)
+
+        // Future expiry
+        let futureJson = #"""
+        {
+          "https://auth.x.ai::client": {
+            "key": "fresh-token",
+            "expires_at": "2099-01-01T00:00:00Z"
+          }
+        }
+        """#
+        let future = try GrokCredentialsStore.parse(data: Data(futureJson.utf8))
+        #expect(future.isExpired == false)
+
+        // Missing expires_at — treated as non-expired so we never spuriously lock
+        // out clients whose auth.json shape predates this field.
+        let noExpiryJson = #"""
+        {
+          "https://auth.x.ai::client": {
+            "key": "ageless-token"
+          }
+        }
+        """#
+        let noExpiry = try GrokCredentialsStore.parse(data: Data(noExpiryJson.utf8))
+        #expect(noExpiry.isExpired == false)
+    }
+
+    @Test
+    func `expired credentials are preserved when billing succeeds`() throws {
+        let pastJson = #"""
+        {
+          "https://auth.x.ai::client": {
+            "key": "stale-token",
+            "email": "grok@example.com",
+            "team_id": "team_123",
+            "expires_at": "2020-01-01T00:00:00Z"
+          }
+        }
+        """#
+        let expired = try GrokCredentialsStore.parse(data: Data(pastJson.utf8))
+        let billing = try JSONDecoder().decode(GrokBillingResponse.self, from: Data(#"{}"#.utf8))
+        let webBilling = GrokWebBillingSnapshot(
+            usedPercent: 42,
+            resetsAt: Date(timeIntervalSince1970: 1_800_000_000))
+
+        #expect(GrokStatusProbe.credentialsForSnapshot(credentials: expired, billing: nil) == nil)
+        #expect(GrokStatusProbe.credentialsForSnapshot(credentials: expired, billing: billing)?
+            .email == "grok@example.com")
+        #expect(GrokStatusProbe.credentialsForSnapshot(credentials: expired, billing: nil, webBilling: webBilling)?
+            .email == "grok@example.com")
+    }
+
+    @Test
+    func `remote auth failures surface even with fresh local credentials`() {
+        #expect(GrokStatusProbe.shouldSurfaceRemoteAuthError(GrokWebBillingError.requestFailed(401, "unauthorized")))
+        #expect(GrokStatusProbe.shouldSurfaceRemoteAuthError(GrokWebBillingError.requestFailed(403, "forbidden")))
+        #expect(GrokStatusProbe.shouldSurfaceRemoteAuthError(GrokWebBillingError.rpcFailed(16, "token expired")))
+        #expect(!GrokStatusProbe.shouldSurfaceRemoteAuthError(GrokWebBillingError.parseFailed))
+    }
+
+    @Test
+    func `falls back to legacy when OIDC entry has no key`() throws {
+        // A stale/partial OIDC record must not shadow a healthy legacy session.
+        let json = #"""
+        {
+          "https://auth.x.ai::stale-client": {
+            "auth_mode": "oidc",
+            "email": "stale@example.com"
+          },
+          "https://accounts.x.ai/sign-in": {
+            "key": "healthy-legacy-token",
+            "auth_mode": "session",
+            "email": "healthy@example.com"
+          }
+        }
+        """#
+        let data = Data(json.utf8)
+        let creds = try GrokCredentialsStore.parse(data: data)
+        #expect(creds.accessToken == "healthy-legacy-token")
+        #expect(creds.email == "healthy@example.com")
+    }
+
+    @Test
+    func `prefers OIDC entry over legacy session when both present`() throws {
+        let json = #"""
+        {
+          "https://accounts.x.ai/sign-in": {
+            "key": "legacy-should-not-win",
+            "auth_mode": "session"
+          },
+          "https://auth.x.ai::client-id": {
+            "key": "oidc-wins",
+            "auth_mode": "oidc",
+            "email": "preferred@example.com"
+          }
+        }
+        """#
+        let data = Data(json.utf8)
+        let creds = try GrokCredentialsStore.parse(data: data)
+        #expect(creds.accessToken == "oidc-wins")
+        #expect(creds.email == "preferred@example.com")
+    }
+}
diff --git a/Tests/CodexBarTests/GrokBillingResponseTests.swift b/Tests/CodexBarTests/GrokBillingResponseTests.swift
new file mode 100644
index 000000000..f0c5e27af
--- /dev/null
+++ b/Tests/CodexBarTests/GrokBillingResponseTests.swift
@@ -0,0 +1,69 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct GrokBillingResponseTests {
+    @Test
+    func `decodes full BillingConfigResponse and computes percent`() throws {
+        let json = #"""
+        {
+          "billingCycle": {
+            "billingPeriodStart": "2026-05-01T00:00:00Z",
+            "billingPeriodEnd": "2026-06-01T00:00:00Z"
+          },
+          "monthlyLimit": { "val": 99900 },
+          "onDemandCap": { "val": 0 },
+          "on_demand_enabled": false,
+          "disabledByConfig": false,
+          "usage": {
+            "includedUsed": { "val": 49950 },
+            "onDemandUsed": { "val": 0 },
+            "totalUsed": { "val": 49950 }
+          }
+        }
+        """#
+        let data = Data(json.utf8)
+        let response = try JSONDecoder().decode(GrokBillingResponse.self, from: data)
+
+        #expect(response.monthlyLimit?.val == 99900)
+        #expect(response.usage?.totalUsed?.val == 49950)
+        #expect(response.monthlyUsedPercent == 50.0)
+        #expect(response.billingPeriodEndDate != nil)
+        #expect(response.billingPeriodMinutes == 31 * 24 * 60)
+    }
+
+    @Test
+    func `monthlyUsedPercent returns nil when limit missing`() throws {
+        let json = #"""
+        {
+          "usage": { "totalUsed": { "val": 100 } }
+        }
+        """#
+        let data = Data(json.utf8)
+        let response = try JSONDecoder().decode(GrokBillingResponse.self, from: data)
+        #expect(response.monthlyUsedPercent == nil)
+    }
+
+    @Test
+    func `monthlyUsedPercent clamps over-100 usage`() throws {
+        let json = #"""
+        {
+          "monthlyLimit": { "val": 1000 },
+          "usage": { "totalUsed": { "val": 5000 } }
+        }
+        """#
+        let data = Data(json.utf8)
+        let response = try JSONDecoder().decode(GrokBillingResponse.self, from: data)
+        #expect(response.monthlyUsedPercent == 100.0)
+    }
+
+    @Test
+    func `handles missing optional fields gracefully`() throws {
+        let json = #"{}"#
+        let data = Data(json.utf8)
+        let response = try JSONDecoder().decode(GrokBillingResponse.self, from: data)
+        #expect(response.billingCycle == nil)
+        #expect(response.monthlyLimit == nil)
+        #expect(response.monthlyUsedPercent == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/GrokWebBillingFetcherTests.swift b/Tests/CodexBarTests/GrokWebBillingFetcherTests.swift
new file mode 100644
index 000000000..38b19a81d
--- /dev/null
+++ b/Tests/CodexBarTests/GrokWebBillingFetcherTests.swift
@@ -0,0 +1,647 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct GrokWebBillingFetcherTests {
+    private final class AttemptCounter: @unchecked Sendable {
+        private let lock = NSLock()
+        private var value = 0
+
+        func increment() -> Int {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            self.value += 1
+            return self.value
+        }
+
+        func current() -> Int {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            return self.value
+        }
+    }
+
+    @Test
+    func `provider exposes cli and web source modes`() {
+        #expect(GrokProviderDescriptor.descriptor.fetchPlan.sourceModes == [.auto, .cli, .web])
+    }
+
+    @Test
+    func `descriptor uses Credits label for primary usage window`() {
+        let metadata = GrokProviderDescriptor.descriptor.metadata
+        #expect(metadata.sessionLabel == "Credits")
+        #expect(metadata.weeklyLabel == "On-demand")
+        #expect(!metadata.supportsOpus)
+    }
+
+    @Test
+    func `primaryLabel derives Weekly or Monthly from resetsAt`() {
+        let now = Date()
+        let in6Days = now.addingTimeInterval(6 * 86400)
+        let in30Days = now.addingTimeInterval(30 * 86400)
+        let in90Days = now.addingTimeInterval(90 * 86400)
+        let lateWeeklyWindow = RateWindow(
+            usedPercent: 25,
+            windowMinutes: 7 * 24 * 60,
+            resetsAt: now.addingTimeInterval(86400),
+            resetDescription: nil)
+
+        #expect(GrokProviderDescriptor.primaryLabel(resetsAt: in6Days, now: now) == "Weekly")
+        #expect(GrokProviderDescriptor.primaryLabel(resetsAt: in30Days, now: now) == "Monthly")
+        #expect(GrokProviderDescriptor.primaryLabel(resetsAt: in90Days, now: now) == nil)
+        #expect(GrokProviderDescriptor.primaryLabel(window: lateWeeklyWindow, now: now) == "Weekly")
+        #expect(GrokProviderDescriptor.primaryLabel(resetsAt: nil) == nil)
+    }
+
+    @Test
+    func `cli runtime does not import browser cookies unless explicitly enabled`() {
+        #expect(GrokWebFetchStrategy.canImportBrowserCookies(runtime: .app, env: [:]))
+        #expect(!GrokWebFetchStrategy.canImportBrowserCookies(runtime: .cli, env: [:]))
+        #expect(GrokWebFetchStrategy.canImportBrowserCookies(
+            runtime: .cli,
+            env: ["CODEXBAR_ALLOW_BROWSER_COOKIE_IMPORT": "1"]))
+    }
+
+    @Test
+    func `web strategy tries later browser session when first cookie is stale`() async throws {
+        let stale = try #require(Self.cookie(name: "sso", value: "stale"))
+        let valid = try #require(Self.cookie(name: "sso", value: "valid"))
+        let sessions = [
+            GrokCookieImporter.SessionInfo(cookies: [stale], sourceLabel: "Chrome Profile 1"),
+            GrokCookieImporter.SessionInfo(cookies: [valid], sourceLabel: "Chrome Profile 2"),
+        ]
+        var attemptedHeaders: [String] = []
+
+        let result = try await GrokWebFetchStrategy.fetchFirstValidCookieSession(sessions) { cookieHeader in
+            attemptedHeaders.append(cookieHeader)
+            guard cookieHeader.contains("valid") else {
+                throw GrokWebBillingError.requestFailed(401, "stale")
+            }
+            return GrokWebBillingSnapshot(
+                usedPercent: 12,
+                resetsAt: Date(timeIntervalSince1970: 1_800_000_000))
+        }
+
+        #expect(attemptedHeaders == ["sso=stale", "sso=valid"])
+        #expect(result.0.usedPercent == 12)
+        #expect(result.1 == "Chrome Profile 2")
+    }
+
+    @Test
+    func `cookie authenticated web billing does not reuse auth file identity`() {
+        #expect(GrokWebFetchStrategy.credentialsForWebBillingSnapshot(
+            credentials: Self.credentials,
+            authenticatedByAuthFile: false) == nil)
+        #expect(GrokWebFetchStrategy.credentialsForWebBillingSnapshot(
+            credentials: Self.credentials,
+            authenticatedByAuthFile: true)?
+            .email == "grok@example.com")
+    }
+
+    @Test
+    func `parses grok grpc web billing frame`() throws {
+        let reset = UInt64(1_800_000_000)
+        let payload = Self.protobufPayload(usedPercent: 42.5, resetEpoch: reset)
+        let data = Self.grpcFrame(payload)
+
+        let snapshot = try GrokWebBillingFetcher.parseGRPCWebResponse(
+            data,
+            now: Date(timeIntervalSince1970: 1_799_000_000))
+
+        #expect(snapshot.usedPercent == 42.5)
+        #expect(snapshot.resetsAt == Date(timeIntervalSince1970: TimeInterval(reset)))
+    }
+
+    @Test
+    func `ignores grpc web trailer frames`() {
+        let payload = Self.protobufPayload(usedPercent: 12.25, resetEpoch: 1_800_000_001)
+        let trailer = Data("grpc-status: 0\r\n".utf8)
+        let data = Self.grpcFrame(payload) + Self.grpcFrame(trailer, flags: 0x80)
+
+        let frames = GrokWebBillingFetcher.grpcWebDataFrames(from: data)
+
+        #expect(frames == [payload])
+    }
+
+    @Test
+    func `web fetch turns grpc unauthenticated trailer into reauth guidance`() async throws {
+        defer {
+            GrokWebBillingStubURLProtocol.requests = []
+            GrokWebBillingStubURLProtocol.requestBodies = []
+            GrokWebBillingStubURLProtocol.handler = nil
+        }
+
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [GrokWebBillingStubURLProtocol.self]
+        let session = URLSession(configuration: config)
+        let endpoint = try #require(URL(string: "https://grok.test/grok_api_v2.GrokBuildBilling/GetGrokCreditsConfig"))
+        let body = Self.grpcFrame(Data("grpc-status: 16\r\ngrpc-message: token%20expired\r\n".utf8), flags: 0x80)
+
+        #expect(GrokWebBillingFetcher.grpcWebTrailerFields(from: body)["grpc-status"] == "16")
+
+        GrokWebBillingStubURLProtocol.requests = []
+        GrokWebBillingStubURLProtocol.requestBodies = []
+        GrokWebBillingStubURLProtocol.handler = { request in
+            let url = try #require(request.url)
+            let response = HTTPURLResponse(
+                url: url,
+                statusCode: 200,
+                httpVersion: nil,
+                headerFields: ["Content-Type": "application/grpc-web+proto"])!
+            return (response, body)
+        }
+
+        await #expect {
+            _ = try await GrokWebBillingFetcher.fetch(
+                credentials: Self.credentials,
+                session: session,
+                endpoint: endpoint)
+        } throws: { error in
+            error.localizedDescription.contains("grok login")
+        }
+    }
+
+    @Test
+    func `web fetch turns grpc unauthenticated headers into reauth guidance`() async throws {
+        defer {
+            GrokWebBillingStubURLProtocol.requests = []
+            GrokWebBillingStubURLProtocol.requestBodies = []
+            GrokWebBillingStubURLProtocol.handler = nil
+        }
+
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [GrokWebBillingStubURLProtocol.self]
+        let session = URLSession(configuration: config)
+        let endpoint = try #require(URL(string: "https://grok.test/grok_api_v2.GrokBuildBilling/GetGrokCreditsConfig"))
+
+        GrokWebBillingStubURLProtocol.requests = []
+        GrokWebBillingStubURLProtocol.requestBodies = []
+        GrokWebBillingStubURLProtocol.handler = { request in
+            let url = try #require(request.url)
+            let response = HTTPURLResponse(
+                url: url,
+                statusCode: 200,
+                httpVersion: nil,
+                headerFields: [
+                    "Content-Type": "application/grpc-web+proto",
+                    "grpc-status": "16",
+                    "grpc-message": "Invalid%20bearer%20token.",
+                ])!
+            return (response, Data())
+        }
+
+        await #expect {
+            _ = try await GrokWebBillingFetcher.fetch(
+                credentials: Self.credentials,
+                session: session,
+                endpoint: endpoint)
+        } throws: { error in
+            error.localizedDescription.contains("grok login")
+        }
+    }
+
+    @Test
+    func `rejects reset only billing because it cannot render usage`() {
+        var payload = Data()
+        payload.append(0x10) // field 2, varint reset timestamp
+        payload.append(contentsOf: Self.varint(1_800_000_001))
+
+        #expect {
+            _ = try GrokWebBillingFetcher.parseGRPCWebResponse(Self.grpcFrame(payload))
+        } throws: { error in
+            guard case GrokWebBillingError.parseFailed = error else { return false }
+            return true
+        }
+    }
+
+    @Test
+    func `parses grok no usage yet billing response as zero percent`() throws {
+        let data = Data([
+            0x00, 0x00, 0x00, 0x00, 0x37, 0x0A, 0x35, 0x12,
+            0x00, 0x1A, 0x00, 0x22, 0x06, 0x08, 0x80, 0xDA,
+            0xCF, 0xCF, 0x06, 0x2A, 0x06, 0x08, 0x80, 0x97,
+            0xF3, 0xD0, 0x06, 0x32, 0x09, 0x0A, 0x05, 0x08,
+            0xEA, 0x0F, 0x10, 0x04, 0x12, 0x00, 0x32, 0x09,
+            0x0A, 0x05, 0x08, 0xEA, 0x0F, 0x10, 0x03, 0x12,
+            0x00, 0x32, 0x09, 0x0A, 0x05, 0x08, 0xEA, 0x0F,
+            0x10, 0x02, 0x12, 0x00, 0x80, 0x00, 0x00, 0x00,
+            0x0F, 0x67, 0x72, 0x70, 0x63, 0x2D, 0x73, 0x74,
+            0x61, 0x74, 0x75, 0x73, 0x3A, 0x30, 0x0D, 0x0A,
+        ])
+
+        let snapshot = try GrokWebBillingFetcher.parseGRPCWebResponse(
+            data,
+            now: Date(timeIntervalSince1970: 1_768_000_000))
+
+        #expect(snapshot.usedPercent == 0)
+        #expect(snapshot.resetsAt == Date(timeIntervalSince1970: 1_780_272_000))
+    }
+
+    @Test
+    func `uses billing field one instead of earlier unrelated float`() throws {
+        var payload = Data()
+        payload.append(0x4D) // field 9, fixed32 unrelated in-range float
+        var unrelatedBits = Float(7).bitPattern.littleEndian
+        withUnsafeBytes(of: &unrelatedBits) { payload.append(contentsOf: $0) }
+        payload.append(0x0D) // field 1, fixed32 billing usage percent
+        var usageBits = Float(42).bitPattern.littleEndian
+        withUnsafeBytes(of: &usageBits) { payload.append(contentsOf: $0) }
+        payload.append(0x10) // field 2, varint reset timestamp
+        payload.append(contentsOf: Self.varint(1_800_000_001))
+
+        let snapshot = try GrokWebBillingFetcher.parseGRPCWebResponse(Self.grpcFrame(payload))
+
+        #expect(snapshot.usedPercent == 42)
+    }
+
+    @Test
+    func `chooses future billing end instead of recent billing start`() throws {
+        let recentStart = UInt64(1_800_000_000)
+        let billingEnd = UInt64(1_802_592_000)
+        var payload = Data()
+        payload.append(0x0D) // field 1, fixed32 usage percent
+        var percentBits = Float(33).bitPattern.littleEndian
+        withUnsafeBytes(of: &percentBits) { payload.append(contentsOf: $0) }
+        payload.append(0x10) // field 2, varint billing start
+        payload.append(contentsOf: Self.varint(recentStart))
+        payload.append(0x18) // field 3, varint billing end
+        payload.append(contentsOf: Self.varint(billingEnd))
+
+        let snapshot = try GrokWebBillingFetcher.parseGRPCWebResponse(
+            Self.grpcFrame(payload),
+            now: Date(timeIntervalSince1970: TimeInterval(recentStart + 1800)))
+
+        #expect(snapshot.resetsAt == Date(timeIntervalSince1970: TimeInterval(billingEnd)))
+    }
+
+    @Test
+    func `web fetch posts grpc web request with bearer token`() async throws {
+        defer {
+            GrokWebBillingStubURLProtocol.requests = []
+            GrokWebBillingStubURLProtocol.requestBodies = []
+            GrokWebBillingStubURLProtocol.handler = nil
+        }
+
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [GrokWebBillingStubURLProtocol.self]
+        let session = URLSession(configuration: config)
+        let endpoint = try #require(URL(string: "https://grok.test/grok_api_v2.GrokBuildBilling/GetGrokCreditsConfig"))
+        let reset = UInt64(1_800_000_002)
+
+        GrokWebBillingStubURLProtocol.requests = []
+        GrokWebBillingStubURLProtocol.requestBodies = []
+        GrokWebBillingStubURLProtocol.handler = { request in
+            let url = try #require(request.url)
+            #expect(url == endpoint)
+            #expect(request.httpMethod == "POST")
+            #expect(request.value(forHTTPHeaderField: "Authorization") == "Bearer token-123")
+            #expect(request.value(forHTTPHeaderField: "Origin") == "https://grok.com")
+            #expect(request.value(forHTTPHeaderField: "Referer") == "https://grok.com/?_s=usage")
+            #expect(request.value(forHTTPHeaderField: "Accept") == "*/*")
+            #expect(request.value(forHTTPHeaderField: "Content-Type") == "application/grpc-web+proto")
+            #expect(request.value(forHTTPHeaderField: "x-grpc-web") == "1")
+            #expect(request.timeoutInterval == 15)
+
+            let response = HTTPURLResponse(
+                url: url,
+                statusCode: 200,
+                httpVersion: nil,
+                headerFields: ["Content-Type": "application/grpc-web+proto"])!
+            let body = Self.grpcFrame(Self.protobufPayload(usedPercent: 55.5, resetEpoch: reset))
+            return (response, body)
+        }
+
+        let snapshot = try await GrokWebBillingFetcher.fetch(
+            credentials: Self.credentials,
+            session: session,
+            endpoint: endpoint)
+
+        #expect(GrokWebBillingStubURLProtocol.requests.count == 1)
+        #expect(GrokWebBillingStubURLProtocol.requestBodies == [Data([0x00, 0x00, 0x00, 0x00, 0x00])])
+        #expect(snapshot.usedPercent == 55.5)
+        #expect(snapshot.resetsAt == Date(timeIntervalSince1970: TimeInterval(reset)))
+    }
+
+    @Test
+    func `web fetch retries transient grpc timeout once`() async throws {
+        defer {
+            GrokWebBillingStubURLProtocol.requests = []
+            GrokWebBillingStubURLProtocol.requestBodies = []
+            GrokWebBillingStubURLProtocol.handler = nil
+        }
+
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [GrokWebBillingStubURLProtocol.self]
+        let session = URLSession(configuration: config)
+        let endpoint = try #require(URL(string: "https://grok.test/grok_api_v2.GrokBuildBilling/GetGrokCreditsConfig"))
+        let reset = UInt64(1_800_000_005)
+        let attempts = AttemptCounter()
+
+        GrokWebBillingStubURLProtocol.requests = []
+        GrokWebBillingStubURLProtocol.requestBodies = []
+        GrokWebBillingStubURLProtocol.handler = { request in
+            let attempt = attempts.increment()
+            let url = try #require(request.url)
+            let response = HTTPURLResponse(
+                url: url,
+                statusCode: 200,
+                httpVersion: nil,
+                headerFields: ["Content-Type": "application/grpc-web+proto"])!
+            if attempt == 1 {
+                let body = Self.grpcFrame(
+                    Data("grpc-status: 1\r\ngrpc-message: Timeout%20expired\r\n".utf8),
+                    flags: 0x80)
+                return (response, body)
+            }
+            return (response, Self.grpcFrame(Self.protobufPayload(usedPercent: 25, resetEpoch: reset)))
+        }
+
+        let snapshot = try await GrokWebBillingFetcher.fetch(
+            credentials: Self.credentials,
+            session: session,
+            endpoint: endpoint)
+
+        #expect(attempts.current() == 2)
+        #expect(GrokWebBillingStubURLProtocol.requests.count == 2)
+        #expect(snapshot.usedPercent == 25)
+        #expect(snapshot.resetsAt == Date(timeIntervalSince1970: TimeInterval(reset)))
+    }
+
+    @Test
+    func `web fetch retries grpc deadline exceeded without message`() async throws {
+        defer {
+            GrokWebBillingStubURLProtocol.requests = []
+            GrokWebBillingStubURLProtocol.requestBodies = []
+            GrokWebBillingStubURLProtocol.handler = nil
+        }
+
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [GrokWebBillingStubURLProtocol.self]
+        let session = URLSession(configuration: config)
+        let endpoint = try #require(URL(string: "https://grok.test/grok_api_v2.GrokBuildBilling/GetGrokCreditsConfig"))
+        let attempts = AttemptCounter()
+
+        GrokWebBillingStubURLProtocol.requests = []
+        GrokWebBillingStubURLProtocol.requestBodies = []
+        GrokWebBillingStubURLProtocol.handler = { request in
+            let attempt = attempts.increment()
+            let url = try #require(request.url)
+            let response = HTTPURLResponse(
+                url: url,
+                statusCode: 200,
+                httpVersion: nil,
+                headerFields: ["Content-Type": "application/grpc-web+proto"])!
+            if attempt == 1 {
+                return (response, Self.grpcFrame(Data("grpc-status: 4\r\n".utf8), flags: 0x80))
+            }
+            return (response, Self.grpcFrame(Self.protobufPayload(usedPercent: 25, resetEpoch: 1_800_000_005)))
+        }
+
+        let snapshot = try await GrokWebBillingFetcher.fetch(
+            credentials: Self.credentials,
+            session: session,
+            endpoint: endpoint)
+
+        #expect(attempts.current() == 2)
+        #expect(snapshot.usedPercent == 25)
+    }
+
+    @Test
+    func `web fetch retries HTTP gateway timeout once`() async throws {
+        defer {
+            GrokWebBillingStubURLProtocol.requests = []
+            GrokWebBillingStubURLProtocol.requestBodies = []
+            GrokWebBillingStubURLProtocol.handler = nil
+        }
+
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [GrokWebBillingStubURLProtocol.self]
+        let session = URLSession(configuration: config)
+        let endpoint = try #require(URL(string: "https://grok.test/grok_api_v2.GrokBuildBilling/GetGrokCreditsConfig"))
+        let attempts = AttemptCounter()
+
+        GrokWebBillingStubURLProtocol.requests = []
+        GrokWebBillingStubURLProtocol.requestBodies = []
+        GrokWebBillingStubURLProtocol.handler = { request in
+            let attempt = attempts.increment()
+            let url = try #require(request.url)
+            let statusCode = attempt == 1 ? 504 : 200
+            let response = HTTPURLResponse(
+                url: url,
+                statusCode: statusCode,
+                httpVersion: nil,
+                headerFields: ["Content-Type": "application/grpc-web+proto"])!
+            if attempt == 1 {
+                return (response, Data("gateway timeout".utf8))
+            }
+            return (response, Self.grpcFrame(Self.protobufPayload(usedPercent: 25, resetEpoch: 1_800_000_005)))
+        }
+
+        let snapshot = try await GrokWebBillingFetcher.fetch(
+            credentials: Self.credentials,
+            session: session,
+            endpoint: endpoint)
+
+        #expect(attempts.current() == 2)
+        #expect(snapshot.usedPercent == 25)
+    }
+
+    @Test
+    func `web fetch can authenticate with browser cookies`() async throws {
+        defer {
+            GrokWebBillingStubURLProtocol.requests = []
+            GrokWebBillingStubURLProtocol.requestBodies = []
+            GrokWebBillingStubURLProtocol.handler = nil
+        }
+
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [GrokWebBillingStubURLProtocol.self]
+        let session = URLSession(configuration: config)
+        let endpoint = try #require(URL(string: "https://grok.test/grok_api_v2.GrokBuildBilling/GetGrokCreditsConfig"))
+
+        GrokWebBillingStubURLProtocol.requests = []
+        GrokWebBillingStubURLProtocol.requestBodies = []
+        GrokWebBillingStubURLProtocol.handler = { request in
+            #expect(request.value(forHTTPHeaderField: "Cookie") == "sso=session; sso-rw=session")
+            #expect(request.value(forHTTPHeaderField: "Authorization") == nil)
+            #expect(request.value(forHTTPHeaderField: "x-user-agent") == "connect-es/2.1.1")
+            let response = HTTPURLResponse(
+                url: endpoint,
+                statusCode: 200,
+                httpVersion: nil,
+                headerFields: ["Content-Type": "application/grpc-web+proto"])!
+            let body = Self.grpcFrame(Self.protobufPayload(usedPercent: 9, resetEpoch: 1_800_000_004))
+            return (response, body)
+        }
+
+        let snapshot = try await GrokWebBillingFetcher.fetch(
+            cookieHeader: "sso=session; sso-rw=session",
+            session: session,
+            endpoint: endpoint)
+
+        #expect(snapshot.usedPercent == 9)
+    }
+
+    @Test
+    func `web fetch turns unauthorized response into reauth guidance`() async throws {
+        defer {
+            GrokWebBillingStubURLProtocol.requests = []
+            GrokWebBillingStubURLProtocol.requestBodies = []
+            GrokWebBillingStubURLProtocol.handler = nil
+        }
+
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [GrokWebBillingStubURLProtocol.self]
+        let session = URLSession(configuration: config)
+        let endpoint = try #require(URL(string: "https://grok.test/grok_api_v2.GrokBuildBilling/GetGrokCreditsConfig"))
+
+        GrokWebBillingStubURLProtocol.requests = []
+        GrokWebBillingStubURLProtocol.requestBodies = []
+        GrokWebBillingStubURLProtocol.handler = { request in
+            let url = try #require(request.url)
+            let response = HTTPURLResponse(
+                url: url,
+                statusCode: 401,
+                httpVersion: nil,
+                headerFields: ["Content-Type": "text/plain"])!
+            return (response, Data("unauthorized".utf8))
+        }
+
+        await #expect {
+            _ = try await GrokWebBillingFetcher.fetch(
+                credentials: Self.credentials,
+                session: session,
+                endpoint: endpoint)
+        } throws: { error in
+            error.localizedDescription.contains("grok login")
+        }
+    }
+
+    @Test
+    func `usage snapshot maps web billing when cli billing is absent`() {
+        let snapshot = GrokUsageSnapshot(
+            billing: nil,
+            webBilling: GrokWebBillingSnapshot(
+                usedPercent: 67.25,
+                resetsAt: Date(timeIntervalSince1970: 1_800_000_003)),
+            credentials: Self.credentials,
+            localSummary: nil,
+            cliVersion: nil,
+            updatedAt: Date(timeIntervalSince1970: 1_799_000_000))
+
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.primary?.usedPercent == 67.25)
+        #expect(usage.primary?.windowMinutes == nil)
+        #expect(usage.primary?.resetsAt == Date(timeIntervalSince1970: 1_800_000_003))
+        #expect(usage.accountEmail(for: .grok) == "grok@example.com")
+        #expect(usage.loginMethod(for: .grok) == "SuperGrok")
+    }
+
+    private static let credentials = GrokCredentials(
+        accessToken: "token-123",
+        refreshToken: "refresh-123",
+        scope: "https://auth.x.ai::client",
+        authMode: "oidc",
+        userId: "user-123",
+        email: "grok@example.com",
+        firstName: "G",
+        lastName: "Rok",
+        teamId: "team-123",
+        oidcIssuer: "https://auth.x.ai",
+        oidcClientId: "client",
+        expiresAt: Date(timeIntervalSince1970: 1_900_000_000),
+        createTime: Date(timeIntervalSince1970: 1_799_000_000))
+
+    private static func protobufPayload(usedPercent: Float, resetEpoch: UInt64) -> Data {
+        var data = Data()
+        data.append(0x0D) // field 1, fixed32
+        var percentBits = usedPercent.bitPattern.littleEndian
+        withUnsafeBytes(of: &percentBits) { data.append(contentsOf: $0) }
+        data.append(0x10) // field 2, varint
+        data.append(contentsOf: Self.varint(resetEpoch))
+        return data
+    }
+
+    private static func grpcFrame(_ payload: Data, flags: UInt8 = 0x00) -> Data {
+        var data = Data([flags])
+        let length = UInt32(payload.count).bigEndian
+        withUnsafeBytes(of: length) { data.append(contentsOf: $0) }
+        data.append(payload)
+        return data
+    }
+
+    private static func varint(_ value: UInt64) -> [UInt8] {
+        var remaining = value
+        var bytes: [UInt8] = []
+        repeat {
+            var byte = UInt8(remaining & 0x7F)
+            remaining >>= 7
+            if remaining != 0 { byte |= 0x80 }
+            bytes.append(byte)
+        } while remaining != 0
+        return bytes
+    }
+
+    private static func cookie(name: String, value: String) -> HTTPCookie? {
+        HTTPCookie(properties: [
+            .domain: "grok.com",
+            .path: "/",
+            .name: name,
+            .value: value,
+        ])
+    }
+}
+
+final class GrokWebBillingStubURLProtocol: URLProtocol {
+    nonisolated(unsafe) static var requests: [URLRequest] = []
+    nonisolated(unsafe) static var requestBodies: [Data?] = []
+    nonisolated(unsafe) static var handler: (@Sendable (URLRequest) throws -> (HTTPURLResponse, Data))?
+
+    override static func canInit(with _: URLRequest) -> Bool {
+        true
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        Self.requests.append(self.request)
+        Self.requestBodies.append(Self.readBody(from: self.request))
+        guard let handler = Self.handler else {
+            self.client?.urlProtocol(self, didFailWithError: URLError(.badServerResponse))
+            return
+        }
+
+        do {
+            let (response, data) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
+
+    private static func readBody(from request: URLRequest) -> Data? {
+        if let body = request.httpBody { return body }
+        guard let stream = request.httpBodyStream else { return nil }
+        stream.open()
+        defer { stream.close() }
+        var data = Data()
+        var buffer = [UInt8](repeating: 0, count: 1024)
+        while stream.hasBytesAvailable {
+            let count = stream.read(&buffer, maxLength: buffer.count)
+            if count > 0 {
+                data.append(buffer, count: count)
+            } else {
+                break
+            }
+        }
+        return data
+    }
+}
diff --git a/Tests/CodexBarTests/GroqUsageFetcherTests.swift b/Tests/CodexBarTests/GroqUsageFetcherTests.swift
new file mode 100644
index 000000000..2924e9501
--- /dev/null
+++ b/Tests/CodexBarTests/GroqUsageFetcherTests.swift
@@ -0,0 +1,41 @@
+import CodexBarCore
+import Foundation
+import Testing
+
+struct GroqUsageFetcherTests {
+    @Test
+    func `parses prometheus scalar response`() throws {
+        let json = """
+        {
+          "status": "success",
+          "data": {
+            "result": [
+              { "value": [1710000000, "2.5"] },
+              { "value": [1710000000, "1.5"] }
+            ]
+          }
+        }
+        """
+
+        let value = try GroqUsageFetcher._parseScalarForTesting(Data(json.utf8))
+
+        #expect(value == 4)
+    }
+
+    @Test
+    func `snapshot maps prometheus rates to menu windows`() {
+        let snapshot = GroqUsageSnapshot(
+            requestRatePerSecond: 2,
+            inputTokenRatePerSecond: 100,
+            outputTokenRatePerSecond: 50,
+            promptCacheHitRatePerSecond: 3,
+            updatedAt: Date(timeIntervalSince1970: 1))
+            .toUsageSnapshot()
+
+        #expect(snapshot.identity?.providerID == .groq)
+        #expect(snapshot.identity?.loginMethod == "Prometheus metrics")
+        #expect(snapshot.primary?.resetDescription == "120 req/min")
+        #expect(snapshot.secondary?.resetDescription == "9000 tok/min")
+        #expect(snapshot.tertiary?.resetDescription == "180 cache/min")
+    }
+}
diff --git a/Tests/CodexBarTests/HistoricalUsagePaceBackfillAuthorityTests.swift b/Tests/CodexBarTests/HistoricalUsagePaceBackfillAuthorityTests.swift
new file mode 100644
index 000000000..469613071
--- /dev/null
+++ b/Tests/CodexBarTests/HistoricalUsagePaceBackfillAuthorityTests.swift
@@ -0,0 +1,387 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+extension HistoricalUsagePaceTests {
+    @MainActor
+    @Test
+    func `backfill skips when dashboard authority is display only`() async throws {
+        let store = try Self.makeUsageStoreForBackfillTests(
+            suite: "HistoricalUsagePaceTests-backfill-display-only",
+            historyFileURL: Self.makeTempURL())
+        store._setCodexHistoricalDatasetForTesting(nil)
+
+        let snapshotNow = Date(timeIntervalSince1970: 1_770_000_000)
+        let dashboard = OpenAIDashboardSnapshot(
+            signedInEmail: "shared@example.com",
+            codeReviewRemainingPercent: nil,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: Self.syntheticBreakdown(endingAt: snapshotNow, days: 35, dailyCredits: 10),
+            creditsPurchaseURL: nil,
+            primaryLimit: nil,
+            secondaryLimit: RateWindow(
+                usedPercent: 50,
+                windowMinutes: 10080,
+                resetsAt: snapshotNow.addingTimeInterval(2 * 24 * 60 * 60),
+                resetDescription: nil),
+            creditsRemaining: nil,
+            accountPlan: nil,
+            updatedAt: snapshotNow)
+
+        store.backfillCodexHistoricalFromDashboardIfNeeded(
+            dashboard,
+            authorityDecision: CodexDashboardAuthorityDecision(
+                disposition: .displayOnly,
+                reason: .sameEmailAmbiguity(email: "shared@example.com"),
+                allowedEffects: [],
+                cleanup: Set(CodexDashboardCleanup.allCases)),
+            attachedAccountEmail: "shared@example.com")
+
+        try await Task.sleep(for: .milliseconds(250))
+        #expect(store.codexHistoricalDataset == nil)
+    }
+
+    @MainActor
+    @Test
+    func `backfill skips when dashboard authority fail closes`() async throws {
+        let store = try Self.makeUsageStoreForBackfillTests(
+            suite: "HistoricalUsagePaceTests-backfill-fail-closed",
+            historyFileURL: Self.makeTempURL())
+        store._setCodexHistoricalDatasetForTesting(nil)
+
+        let snapshotNow = Date(timeIntervalSince1970: 1_770_000_000)
+        let dashboard = OpenAIDashboardSnapshot(
+            signedInEmail: "wrong@example.com",
+            codeReviewRemainingPercent: nil,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: Self.syntheticBreakdown(endingAt: snapshotNow, days: 35, dailyCredits: 10),
+            creditsPurchaseURL: nil,
+            primaryLimit: nil,
+            secondaryLimit: RateWindow(
+                usedPercent: 50,
+                windowMinutes: 10080,
+                resetsAt: snapshotNow.addingTimeInterval(2 * 24 * 60 * 60),
+                resetDescription: nil),
+            creditsRemaining: nil,
+            accountPlan: nil,
+            updatedAt: snapshotNow)
+
+        store.backfillCodexHistoricalFromDashboardIfNeeded(
+            dashboard,
+            authorityDecision: CodexDashboardAuthorityDecision(
+                disposition: .failClosed,
+                reason: .wrongEmail(expected: "expected@example.com", actual: "wrong@example.com"),
+                allowedEffects: [],
+                cleanup: Set(CodexDashboardCleanup.allCases)),
+            attachedAccountEmail: "expected@example.com")
+
+        try await Task.sleep(for: .milliseconds(250))
+        #expect(store.codexHistoricalDataset == nil)
+    }
+
+    @MainActor
+    @Test
+    func `backfill uses dashboard secondary when available`() async throws {
+        let store = try Self.makeUsageStoreForBackfillTests(
+            suite: "HistoricalUsagePaceTests-backfill-dashboard-secondary",
+            historyFileURL: Self.makeTempURL())
+        store._setCodexHistoricalDatasetForTesting(nil)
+
+        let snapshotNow = Date(timeIntervalSince1970: 1_770_000_000)
+        let staleSnapshot = UsageSnapshot(
+            primary: nil,
+            secondary: RateWindow(
+                usedPercent: 5,
+                windowMinutes: 10080,
+                resetsAt: snapshotNow.addingTimeInterval(2 * 24 * 60 * 60),
+                resetDescription: nil),
+            tertiary: nil,
+            providerCost: nil,
+            updatedAt: snapshotNow.addingTimeInterval(-30 * 60),
+            identity: nil)
+        store._setSnapshotForTesting(staleSnapshot, provider: .codex)
+
+        let dashboard = OpenAIDashboardSnapshot(
+            signedInEmail: nil,
+            codeReviewRemainingPercent: nil,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: Self.syntheticBreakdown(endingAt: snapshotNow, days: 35, dailyCredits: 10),
+            creditsPurchaseURL: nil,
+            primaryLimit: nil,
+            secondaryLimit: RateWindow(
+                usedPercent: 50,
+                windowMinutes: 10080,
+                resetsAt: snapshotNow.addingTimeInterval(2 * 24 * 60 * 60),
+                resetDescription: nil),
+            creditsRemaining: nil,
+            accountPlan: nil,
+            updatedAt: snapshotNow)
+        store.backfillCodexHistoricalFromDashboardIfNeeded(
+            dashboard,
+            authorityDecision: CodexDashboardAuthorityDecision(
+                disposition: .attach,
+                reason: .trustedEmailMatchNoCompetingOwner,
+                allowedEffects: [.historicalBackfill],
+                cleanup: []),
+            attachedAccountEmail: "attached@example.com")
+
+        for _ in 0..<40 {
+            if (store.codexHistoricalDataset?.weeks.count ?? 0) >= 3 {
+                break
+            }
+            try await Task.sleep(for: .milliseconds(50))
+        }
+        #expect((store.codexHistoricalDataset?.weeks.count ?? 0) >= 3)
+    }
+
+    @MainActor
+    @Test
+    func `backfill uses normalized dashboard weekly when only primary window is weekly`() async throws {
+        let store = try Self.makeUsageStoreForBackfillTests(
+            suite: "HistoricalUsagePaceTests-backfill-normalized-dashboard-weekly",
+            historyFileURL: Self.makeTempURL())
+        store._setCodexHistoricalDatasetForTesting(nil)
+
+        let snapshotNow = Date(timeIntervalSince1970: 1_770_000_000)
+        let seededSnapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 22,
+                windowMinutes: 300,
+                resetsAt: snapshotNow.addingTimeInterval(2 * 60 * 60),
+                resetDescription: nil),
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: snapshotNow,
+            identity: nil)
+        store._setSnapshotForTesting(seededSnapshot, provider: .codex)
+
+        let dashboard = OpenAIDashboardSnapshot(
+            signedInEmail: nil,
+            codeReviewRemainingPercent: nil,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: Self.syntheticBreakdown(endingAt: snapshotNow, days: 35, dailyCredits: 10),
+            creditsPurchaseURL: nil,
+            primaryLimit: RateWindow(
+                usedPercent: 50,
+                windowMinutes: 10080,
+                resetsAt: snapshotNow.addingTimeInterval(2 * 24 * 60 * 60),
+                resetDescription: nil),
+            secondaryLimit: nil,
+            creditsRemaining: nil,
+            accountPlan: nil,
+            updatedAt: snapshotNow)
+        store.backfillCodexHistoricalFromDashboardIfNeeded(
+            dashboard,
+            authorityDecision: CodexDashboardAuthorityDecision(
+                disposition: .attach,
+                reason: .trustedEmailMatchNoCompetingOwner,
+                allowedEffects: [.historicalBackfill],
+                cleanup: []),
+            attachedAccountEmail: "attached@example.com")
+
+        for _ in 0..<40 {
+            if (store.codexHistoricalDataset?.weeks.count ?? 0) >= 3 {
+                break
+            }
+            try await Task.sleep(for: .milliseconds(50))
+        }
+        #expect((store.codexHistoricalDataset?.weeks.count ?? 0) >= 3)
+    }
+
+    @MainActor
+    @Test
+    func `backfill uses attached account email from authority instead of dashboard email`() async throws {
+        let store = try Self.makeUsageStoreForBackfillTests(
+            suite: "HistoricalUsagePaceTests-backfill-attached-email",
+            historyFileURL: Self.makeTempURL())
+        let isolatedHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-historical-attached-email-\(UUID().uuidString)", isDirectory: true)
+        try FileManager.default.createDirectory(at: isolatedHome, withIntermediateDirectories: true)
+        store.settings._test_liveSystemCodexAccount = nil
+        store.settings._test_codexReconciliationEnvironment = ["CODEX_HOME": isolatedHome.path]
+        defer {
+            store.settings._test_codexReconciliationEnvironment = nil
+            try? FileManager.default.removeItem(at: isolatedHome)
+        }
+        store._setCodexHistoricalDatasetForTesting(nil)
+
+        let snapshotNow = Date(timeIntervalSince1970: 1_770_000_000)
+        let dashboard = OpenAIDashboardSnapshot(
+            signedInEmail: "dashboard@example.com",
+            codeReviewRemainingPercent: nil,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: Self.syntheticBreakdown(endingAt: snapshotNow, days: 35, dailyCredits: 10),
+            creditsPurchaseURL: nil,
+            primaryLimit: nil,
+            secondaryLimit: RateWindow(
+                usedPercent: 50,
+                windowMinutes: 10080,
+                resetsAt: snapshotNow.addingTimeInterval(2 * 24 * 60 * 60),
+                resetDescription: nil),
+            creditsRemaining: nil,
+            accountPlan: nil,
+            updatedAt: snapshotNow)
+
+        store.backfillCodexHistoricalFromDashboardIfNeeded(
+            dashboard,
+            authorityDecision: CodexDashboardAuthorityDecision(
+                disposition: .attach,
+                reason: .trustedEmailMatchNoCompetingOwner,
+                allowedEffects: [.historicalBackfill],
+                cleanup: []),
+            attachedAccountEmail: "attached@example.com")
+
+        for _ in 0..<40 {
+            if store.codexHistoricalDatasetAccountKey != nil {
+                break
+            }
+            try await Task.sleep(for: .milliseconds(50))
+        }
+
+        #expect(
+            store.codexHistoricalDatasetAccountKey ==
+                CodexHistoryOwnership.canonicalEmailHashKey(for: "attached@example.com"))
+        #expect(
+            store.codexHistoricalDatasetAccountKey !=
+                CodexHistoryOwnership.canonicalEmailHashKey(for: "dashboard@example.com"))
+    }
+
+    @Test
+    func `will last decision uses smoothed probability when risk hidden`() throws {
+        let now = Date(timeIntervalSince1970: 0)
+        let windowMinutes = 10080
+        let duration = TimeInterval(windowMinutes) * 60
+        let currentResetsAt = now.addingTimeInterval(duration / 2)
+        let window = RateWindow(
+            usedPercent: 50,
+            windowMinutes: windowMinutes,
+            resetsAt: currentResetsAt,
+            resetDescription: nil)
+
+        let weeks = (0..<4).map { index in
+            HistoricalWeekProfile(
+                resetsAt: currentResetsAt.addingTimeInterval(-duration * Double(index + 1)),
+                windowMinutes: windowMinutes,
+                curve: Self.linearCurve(end: 100))
+        }
+        let pace = try #require(CodexHistoricalPaceEvaluator.evaluate(
+            window: window,
+            now: now,
+            dataset: CodexHistoricalDataset(weeks: weeks)))
+        #expect(pace.runOutProbability == nil)
+
+        let totalWeight = weeks.enumerated().reduce(0.0) { partial, element in
+            let ageWeeks = currentResetsAt.timeIntervalSince(element.element.resetsAt) / duration
+            return partial + exp(-ageWeeks / 3.0)
+        }
+        let smoothedProbability = (totalWeight + 0.5) / (totalWeight + 1.0)
+        #expect(pace.willLastToReset == (smoothedProbability < 0.5))
+    }
+
+    @MainActor
+    @Test
+    func `usage store falls back to linear when history disabled or insufficient`() throws {
+        let suite = "HistoricalUsagePaceTests-usage-store"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore(),
+            codexCookieStore: InMemoryCookieHeaderStore(),
+            claudeCookieStore: InMemoryCookieHeaderStore(),
+            cursorCookieStore: InMemoryCookieHeaderStore(),
+            opencodeCookieStore: InMemoryCookieHeaderStore(),
+            factoryCookieStore: InMemoryCookieHeaderStore(),
+            minimaxCookieStore: InMemoryMiniMaxCookieStore(),
+            minimaxAPITokenStore: InMemoryMiniMaxAPITokenStore(),
+            kimiTokenStore: InMemoryKimiTokenStore(),
+            kimiK2TokenStore: InMemoryKimiK2TokenStore(),
+            augmentCookieStore: InMemoryCookieHeaderStore(),
+            ampCookieStore: InMemoryCookieHeaderStore(),
+            copilotTokenStore: InMemoryCopilotTokenStore(),
+            tokenAccountStore: InMemoryTokenAccountStore())
+        settings.historicalTrackingEnabled = true
+
+        let planHistoryStore = testPlanUtilizationHistoryStore(
+            suiteName: "HistoricalUsagePaceTests-\(UUID().uuidString)")
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            historicalUsageHistoryStore: HistoricalUsageHistoryStore(fileURL: Self.makeTempURL()),
+            planUtilizationHistoryStore: planHistoryStore)
+
+        let now = Date(timeIntervalSince1970: 0)
+        let window = RateWindow(
+            usedPercent: 50,
+            windowMinutes: 10080,
+            resetsAt: now.addingTimeInterval(4 * 24 * 60 * 60),
+            resetDescription: nil)
+
+        let twoWeeksDataset = CodexHistoricalDataset(weeks: [
+            HistoricalWeekProfile(
+                resetsAt: now.addingTimeInterval(-7 * 24 * 60 * 60),
+                windowMinutes: 10080,
+                curve: Self.linearCurve(end: 100)),
+            HistoricalWeekProfile(
+                resetsAt: now.addingTimeInterval(-14 * 24 * 60 * 60),
+                windowMinutes: 10080,
+                curve: Self.linearCurve(end: 100)),
+        ])
+        store._setCodexHistoricalDatasetForTesting(twoWeeksDataset)
+
+        let computed = store.weeklyPace(provider: .codex, window: window, now: now)
+        let linear = UsagePace.weekly(window: window, now: now, defaultWindowMinutes: 10080)
+        #expect(computed != nil)
+        #expect(abs((computed?.deltaPercent ?? 0) - (linear?.deltaPercent ?? 0)) < 0.001)
+    }
+
+    @MainActor
+    @Test
+    func `usage store computes linear pace for providers with quota windows`() throws {
+        let suite = "HistoricalUsagePaceTests-generic-provider-\(UUID().uuidString)"
+        let store = try Self.makeUsageStoreForBackfillTests(
+            suite: suite,
+            historyFileURL: Self.makeTempURL())
+
+        let now = Date(timeIntervalSince1970: 0)
+        let window = RateWindow(
+            usedPercent: 40,
+            windowMinutes: 10080,
+            resetsAt: now.addingTimeInterval(4 * 24 * 60 * 60),
+            resetDescription: nil)
+
+        let pace = store.weeklyPace(provider: .zai, window: window, now: now)
+
+        #expect(pace != nil)
+        #expect(abs((pace?.deltaPercent ?? 0) - (40 - (3.0 / 7.0 * 100.0))) < 0.001)
+    }
+
+    @MainActor
+    @Test
+    func `usage store returns nil pace when generic window lacks explicit duration`() throws {
+        let suite = "HistoricalUsagePaceTests-no-window-minutes-\(UUID().uuidString)"
+        let store = try Self.makeUsageStoreForBackfillTests(
+            suite: suite,
+            historyFileURL: Self.makeTempURL())
+
+        let now = Date(timeIntervalSince1970: 0)
+        let window = RateWindow(
+            usedPercent: 40,
+            windowMinutes: nil,
+            resetsAt: now.addingTimeInterval(4 * 24 * 60 * 60),
+            resetDescription: nil)
+
+        let pace = store.weeklyPace(provider: .factory, window: window, now: now)
+
+        #expect(pace == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/HistoricalUsagePaceOwnershipTests.swift b/Tests/CodexBarTests/HistoricalUsagePaceOwnershipTests.swift
new file mode 100644
index 000000000..9cfa9ede1
--- /dev/null
+++ b/Tests/CodexBarTests/HistoricalUsagePaceOwnershipTests.swift
@@ -0,0 +1,444 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+extension HistoricalUsagePaceTests {
+    @Test
+    func `history store ownership aware load aliases legacy email hash into canonical email hash`() async {
+        let fileURL = Self.makeTempURL()
+        let store = HistoricalUsageHistoryStore(fileURL: fileURL)
+        let resetsAt = Date(timeIntervalSince1970: 1_770_000_000)
+        let normalizedEmail = "person@example.com"
+        let legacyEmailHash = CodexHistoryOwnership.legacyEmailHash(normalizedEmail: normalizedEmail)
+        let canonicalKey = CodexHistoryOwnership.canonicalEmailHashKey(for: normalizedEmail)
+
+        await Self.recordCompleteWeek(into: store, resetsAt: resetsAt, accountKey: legacyEmailHash)
+
+        let dataset = await store.loadCodexDataset(
+            canonicalAccountKey: canonicalKey,
+            canonicalEmailHashKey: canonicalKey,
+            legacyEmailHash: legacyEmailHash,
+            hasAdjacentMultiAccountVeto: false)
+
+        #expect(dataset?.weeks.count == 1)
+    }
+
+    @Test
+    func `history store ownership aware load keeps ambiguous nil key history unscoped`() async {
+        let fileURL = Self.makeTempURL()
+        let store = HistoricalUsageHistoryStore(fileURL: fileURL)
+        let resetsAt = Date(timeIntervalSince1970: 1_770_000_000)
+        let targetEmail = "person@example.com"
+        let targetCanonicalKey = CodexHistoryOwnership.canonicalEmailHashKey(for: targetEmail)
+        let targetLegacyEmailHash = CodexHistoryOwnership.legacyEmailHash(normalizedEmail: targetEmail)
+        let otherCanonicalKey = CodexHistoryOwnership.canonicalKey(for: .providerAccount(id: "acct-other"))
+
+        await Self.recordCompleteWeek(into: store, resetsAt: resetsAt, accountKey: nil)
+        _ = await store.recordCodexWeekly(
+            window: RateWindow(
+                usedPercent: 12,
+                windowMinutes: 10080,
+                resetsAt: resetsAt,
+                resetDescription: nil),
+            sampledAt: resetsAt.addingTimeInterval(-(10080 * 60)),
+            accountKey: targetLegacyEmailHash)
+        _ = await store.recordCodexWeekly(
+            window: RateWindow(
+                usedPercent: 18,
+                windowMinutes: 10080,
+                resetsAt: resetsAt,
+                resetDescription: nil),
+            sampledAt: resetsAt.addingTimeInterval(-(10080 * 60) + 60),
+            accountKey: otherCanonicalKey)
+
+        let dataset = await store.loadCodexDataset(
+            canonicalAccountKey: targetCanonicalKey,
+            canonicalEmailHashKey: targetCanonicalKey,
+            legacyEmailHash: targetLegacyEmailHash,
+            hasAdjacentMultiAccountVeto: false)
+
+        #expect(dataset == nil)
+    }
+
+    @Test
+    func `history store ownership aware load adopts nil key history only for strict single owner continuity`() async {
+        let fileURL = Self.makeTempURL()
+        let store = HistoricalUsageHistoryStore(fileURL: fileURL)
+        let resetsAt = Date(timeIntervalSince1970: 1_770_000_000)
+        let normalizedEmail = "person@example.com"
+        let legacyEmailHash = CodexHistoryOwnership.legacyEmailHash(normalizedEmail: normalizedEmail)
+        let canonicalKey = CodexHistoryOwnership.canonicalEmailHashKey(for: normalizedEmail)
+
+        await Self.recordCompleteWeek(into: store, resetsAt: resetsAt, accountKey: nil)
+        _ = await store.recordCodexWeekly(
+            window: RateWindow(
+                usedPercent: 12,
+                windowMinutes: 10080,
+                resetsAt: resetsAt,
+                resetDescription: nil),
+            sampledAt: resetsAt.addingTimeInterval(-(10080 * 60)),
+            accountKey: legacyEmailHash)
+
+        let dataset = await store.loadCodexDataset(
+            canonicalAccountKey: canonicalKey,
+            canonicalEmailHashKey: canonicalKey,
+            legacyEmailHash: legacyEmailHash,
+            hasAdjacentMultiAccountVeto: false)
+
+        #expect(dataset?.weeks.count == 1)
+    }
+
+    @Test
+    func `history store ignores later unrelated owners when evaluating nil key continuity`() async throws {
+        let fileURL = Self.makeTempURL()
+        let store = HistoricalUsageHistoryStore(fileURL: fileURL)
+        let resetsAt = Date(timeIntervalSince1970: 1_770_000_000)
+        let laterResetsAt = resetsAt.addingTimeInterval(21 * 24 * 60 * 60)
+        let normalizedEmail = "person@example.com"
+        let legacyEmailHash = CodexHistoryOwnership.legacyEmailHash(normalizedEmail: normalizedEmail)
+        let canonicalKey = CodexHistoryOwnership.canonicalEmailHashKey(for: normalizedEmail)
+        let otherCanonicalKey = try #require(
+            CodexHistoryOwnership.canonicalKey(for: .providerAccount(id: "acct-other")))
+
+        await Self.recordCompleteWeek(into: store, resetsAt: resetsAt, accountKey: nil)
+        _ = await store.recordCodexWeekly(
+            window: RateWindow(
+                usedPercent: 12,
+                windowMinutes: 10080,
+                resetsAt: resetsAt,
+                resetDescription: nil),
+            sampledAt: resetsAt.addingTimeInterval(-(10080 * 60)),
+            accountKey: legacyEmailHash)
+        _ = await store.recordCodexWeekly(
+            window: RateWindow(
+                usedPercent: 18,
+                windowMinutes: 10080,
+                resetsAt: laterResetsAt,
+                resetDescription: nil),
+            sampledAt: laterResetsAt.addingTimeInterval(-(10080 * 60)),
+            accountKey: otherCanonicalKey)
+
+        let dataset = await store.loadCodexDataset(
+            canonicalAccountKey: canonicalKey,
+            canonicalEmailHashKey: canonicalKey,
+            legacyEmailHash: legacyEmailHash,
+            hasAdjacentMultiAccountVeto: false)
+
+        #expect(dataset?.weeks.count == 1)
+        #expect(dataset?.weeks.first?.resetsAt == resetsAt)
+    }
+
+    @MainActor
+    @Test
+    func `refresh historical dataset keeps nil key history unscoped when managed and live accounts are distinct`()
+        async throws
+    {
+        let historyStore = HistoricalUsageHistoryStore(fileURL: Self.makeTempURL())
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let liveAccount = Self.liveAccount(
+            email: "live@example.com",
+            identity: .providerAccount(id: "live-acct"))
+        let resetsAt = Date(timeIntervalSince1970: 1_770_000_000)
+        let managedLegacyEmailHash = CodexHistoryOwnership.legacyEmailHash(normalizedEmail: managedAccount.email)
+        let managedCanonicalKey = CodexHistoryOwnership.canonicalEmailHashKey(for: managedAccount.email)
+
+        await Self.recordCompleteWeek(into: historyStore, resetsAt: resetsAt, accountKey: nil)
+        _ = await historyStore.recordCodexWeekly(
+            window: RateWindow(
+                usedPercent: 12,
+                windowMinutes: 10080,
+                resetsAt: resetsAt,
+                resetDescription: nil),
+            sampledAt: resetsAt.addingTimeInterval(-(10080 * 60)),
+            accountKey: managedLegacyEmailHash)
+
+        let store = try Self.makeUsageStoreForHistoricalTests(
+            suite: "HistoricalUsagePaceTests-adjacent-veto",
+            historicalUsageHistoryStore: historyStore)
+        store.settings._test_activeManagedCodexAccount = managedAccount
+        store.settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        store.settings._test_liveSystemCodexAccount = liveAccount
+        defer {
+            store.settings._test_activeManagedCodexAccount = nil
+            store.settings._test_liveSystemCodexAccount = nil
+            store.settings.codexActiveSource = .liveSystem
+        }
+
+        await store.refreshHistoricalDatasetIfNeeded()
+
+        #expect(store.codexHistoricalDataset == nil)
+        #expect(store.codexHistoricalDatasetAccountKey == managedCanonicalKey)
+    }
+
+    @MainActor
+    @Test
+    func `refresh historical dataset ignores extra saved managed accounts for adjacent veto`() async throws {
+        let historyStore = HistoricalUsageHistoryStore(fileURL: Self.makeTempURL())
+        let activeManagedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let inactiveManagedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "other@example.com",
+            managedHomePath: "/tmp/other-codex-home",
+            createdAt: 2,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let resetsAt = Date(timeIntervalSince1970: 1_770_000_000)
+        let managedLegacyEmailHash = CodexHistoryOwnership.legacyEmailHash(normalizedEmail: activeManagedAccount.email)
+        let managedCanonicalKey = CodexHistoryOwnership.canonicalEmailHashKey(for: activeManagedAccount.email)
+
+        await Self.recordCompleteWeek(into: historyStore, resetsAt: resetsAt, accountKey: nil)
+        _ = await historyStore.recordCodexWeekly(
+            window: RateWindow(
+                usedPercent: 12,
+                windowMinutes: 10080,
+                resetsAt: resetsAt,
+                resetDescription: nil),
+            sampledAt: resetsAt.addingTimeInterval(-(10080 * 60)),
+            accountKey: managedLegacyEmailHash)
+
+        let store = try Self.makeUsageStoreForHistoricalTests(
+            suite: "HistoricalUsagePaceTests-saved-managed-accounts",
+            historicalUsageHistoryStore: historyStore)
+        let managedStoreURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("HistoricalUsagePaceTests-\(UUID().uuidString)-managed-accounts.json")
+        let managedStore = FileManagedCodexAccountStore(fileURL: managedStoreURL)
+        try managedStore.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [activeManagedAccount, inactiveManagedAccount]))
+        store.settings._test_managedCodexAccountStoreURL = managedStoreURL
+        store.settings._test_activeManagedCodexAccount = activeManagedAccount
+        store.settings.codexActiveSource = .managedAccount(id: activeManagedAccount.id)
+        defer {
+            store.settings._test_managedCodexAccountStoreURL = nil
+            store.settings._test_activeManagedCodexAccount = nil
+            store.settings.codexActiveSource = .liveSystem
+        }
+
+        await store.refreshHistoricalDatasetIfNeeded()
+
+        #expect(store.codexHistoricalDataset?.weeks.count == 1)
+        #expect(store.codexHistoricalDatasetAccountKey == managedCanonicalKey)
+    }
+
+    @Test
+    func `history store ownership aware load merges legacy email hash into provider account continuity`() async throws {
+        let fileURL = Self.makeTempURL()
+        let store = HistoricalUsageHistoryStore(fileURL: fileURL)
+        let resetsAt = Date(timeIntervalSince1970: 1_770_000_000)
+        let normalizedEmail = "person@example.com"
+        let legacyEmailHash = CodexHistoryOwnership.legacyEmailHash(normalizedEmail: normalizedEmail)
+        let canonicalEmailHashKey = CodexHistoryOwnership.canonicalEmailHashKey(for: normalizedEmail)
+        let providerAccountKey = try #require(CodexHistoryOwnership.canonicalKey(for: .providerAccount(id: "acct-1")))
+
+        await Self.recordCompleteWeek(into: store, resetsAt: resetsAt, accountKey: legacyEmailHash)
+
+        let dataset = await store.loadCodexDataset(
+            canonicalAccountKey: providerAccountKey,
+            canonicalEmailHashKey: canonicalEmailHashKey,
+            legacyEmailHash: legacyEmailHash,
+            hasAdjacentMultiAccountVeto: false)
+
+        #expect(dataset?.weeks.count == 1)
+    }
+
+    @Test
+    func `history store real local fixture aliases bare email hash into canonical continuity`() async throws {
+        let fileURL = Self.makeTempURL()
+        try Self.writeHistoricalFixture(named: "codex-historical-usage-real-legacy.jsonl", to: fileURL)
+        let store = HistoricalUsageHistoryStore(fileURL: fileURL)
+        let formatter = ISO8601DateFormatter()
+        let normalizedEmail = "rdsarna@gmail.com"
+        let legacyEmailHash = CodexHistoryOwnership.legacyEmailHash(normalizedEmail: normalizedEmail)
+        let canonicalEmailHashKey = CodexHistoryOwnership.canonicalEmailHashKey(for: normalizedEmail)
+        let providerAccountKey = try #require(CodexHistoryOwnership.canonicalKey(for: .providerAccount(id: "acct-123")))
+        let fixtureResetAt = try #require(formatter.date(from: "2026-02-17T05:37:00Z"))
+        let weekSeconds = TimeInterval(7 * 24 * 60 * 60)
+        let weeksToShift = max(0, Int(ceil(Date().timeIntervalSince(fixtureResetAt) / weekSeconds)))
+        let dateShift = TimeInterval(weeksToShift) * weekSeconds
+        let records = try Self.readHistoricalRecords(from: fileURL)
+        try Self.writeHistoricalRecords(
+            records.map { record in
+                HistoricalUsageRecord(
+                    v: record.v,
+                    provider: record.provider,
+                    windowKind: record.windowKind,
+                    source: record.source,
+                    accountKey: record.accountKey,
+                    sampledAt: record.sampledAt.addingTimeInterval(dateShift),
+                    usedPercent: record.usedPercent,
+                    resetsAt: record.resetsAt.addingTimeInterval(dateShift),
+                    windowMinutes: record.windowMinutes)
+            },
+            to: fileURL)
+        let expectedResetAt = Self.normalizeReset(fixtureResetAt.addingTimeInterval(dateShift))
+
+        let dataset = await store.loadCodexDataset(
+            canonicalAccountKey: providerAccountKey,
+            canonicalEmailHashKey: canonicalEmailHashKey,
+            legacyEmailHash: legacyEmailHash,
+            hasAdjacentMultiAccountVeto: false)
+
+        #expect(dataset?.weeks.count == 1)
+        #expect(dataset?.weeks.first?.resetsAt == expectedResetAt)
+    }
+
+    @MainActor
+    @Test
+    func `usage store records historical pace with canonical provider account key`() async throws {
+        let historyFileURL = Self.makeTempURL()
+        let store = try Self.makeUsageStoreForBackfillTests(
+            suite: "HistoricalUsagePaceTests-provider-account-write",
+            historyFileURL: historyFileURL)
+        store.settings._test_liveSystemCodexAccount = Self.liveAccount(
+            email: "person@example.com",
+            identity: .providerAccount(id: "acct-123"))
+        defer { store.settings._test_liveSystemCodexAccount = nil }
+
+        let updatedAt = Date(timeIntervalSince1970: 1_770_000_000)
+        let snapshot = Self.weeklySnapshot(
+            email: "person@example.com",
+            usedPercent: 42,
+            resetsAt: updatedAt.addingTimeInterval(2 * 24 * 60 * 60),
+            updatedAt: updatedAt)
+
+        store.recordCodexHistoricalSampleIfNeeded(snapshot: snapshot)
+        let expectedKey = try #require(CodexHistoryOwnership.canonicalKey(for: .providerAccount(id: "acct-123")))
+        let records = try await Self.waitForHistoricalWrite(
+            store: store,
+            at: historyFileURL,
+            minimumCount: 1,
+            expectedAccountKey: expectedKey)
+
+        #expect(records.last?.accountKey == expectedKey)
+        #expect(store.codexHistoricalDatasetAccountKey == expectedKey)
+    }
+
+    @MainActor
+    @Test
+    func `usage store records historical pace with canonical email hash key`() async throws {
+        let historyFileURL = Self.makeTempURL()
+        let store = try Self.makeUsageStoreForBackfillTests(
+            suite: "HistoricalUsagePaceTests-email-hash-write",
+            historyFileURL: historyFileURL)
+        store.settings._test_liveSystemCodexAccount = Self.liveAccount(email: "person@example.com")
+        defer { store.settings._test_liveSystemCodexAccount = nil }
+
+        let updatedAt = Date(timeIntervalSince1970: 1_770_000_000)
+        let snapshot = Self.weeklySnapshot(
+            email: "Person@example.com",
+            usedPercent: 42,
+            resetsAt: updatedAt.addingTimeInterval(2 * 24 * 60 * 60),
+            updatedAt: updatedAt)
+
+        store.recordCodexHistoricalSampleIfNeeded(snapshot: snapshot)
+        let expectedKey = CodexHistoryOwnership.canonicalEmailHashKey(for: "person@example.com")
+        let records = try await Self.waitForHistoricalWrite(
+            store: store,
+            at: historyFileURL,
+            minimumCount: 1,
+            expectedAccountKey: expectedKey)
+
+        #expect(records.last?.accountKey == expectedKey)
+        #expect(store.codexHistoricalDatasetAccountKey == expectedKey)
+    }
+
+    @MainActor
+    @Test
+    func `refresh historical dataset aliases legacy email hash into canonical email hash`() async throws {
+        let historyFileURL = Self.makeTempURL()
+        let historyStore = HistoricalUsageHistoryStore(fileURL: historyFileURL)
+        let normalizedEmail = "person@example.com"
+        let legacyEmailHash = CodexHistoryOwnership.legacyEmailHash(normalizedEmail: normalizedEmail)
+        let canonicalKey = CodexHistoryOwnership.canonicalEmailHashKey(for: normalizedEmail)
+        let resetsAt = Date(timeIntervalSince1970: 1_770_000_000)
+        await Self.recordCompleteWeek(into: historyStore, resetsAt: resetsAt, accountKey: legacyEmailHash)
+
+        let store = try Self.makeUsageStoreForHistoricalTests(
+            suite: "HistoricalUsagePaceTests-refresh-legacy-alias",
+            historicalUsageHistoryStore: historyStore)
+        store.settings._test_liveSystemCodexAccount = Self.liveAccount(email: normalizedEmail)
+        defer { store.settings._test_liveSystemCodexAccount = nil }
+
+        await store.refreshHistoricalDatasetIfNeeded()
+
+        #expect(store.codexHistoricalDatasetAccountKey == canonicalKey)
+        #expect(store.codexHistoricalDataset?.weeks.count == 1)
+    }
+
+    @MainActor
+    @Test
+    func `refresh historical dataset carries matching email continuity into provider account`() async throws {
+        let historyFileURL = Self.makeTempURL()
+        let historyStore = HistoricalUsageHistoryStore(fileURL: historyFileURL)
+        let normalizedEmail = "person@example.com"
+        let legacyEmailHash = CodexHistoryOwnership.legacyEmailHash(normalizedEmail: normalizedEmail)
+        let providerAccountKey = try #require(CodexHistoryOwnership.canonicalKey(for: .providerAccount(id: "acct-123")))
+        let resetsAt = Date(timeIntervalSince1970: 1_770_000_000)
+        await Self.recordCompleteWeek(into: historyStore, resetsAt: resetsAt, accountKey: legacyEmailHash)
+
+        let store = try Self.makeUsageStoreForHistoricalTests(
+            suite: "HistoricalUsagePaceTests-refresh-provider-account-continuity",
+            historicalUsageHistoryStore: historyStore)
+        store.settings._test_liveSystemCodexAccount = Self.liveAccount(
+            email: normalizedEmail,
+            identity: .providerAccount(id: "acct-123"))
+        defer { store.settings._test_liveSystemCodexAccount = nil }
+
+        await store.refreshHistoricalDatasetIfNeeded()
+
+        #expect(store.codexHistoricalDatasetAccountKey == providerAccountKey)
+        #expect(store.codexHistoricalDataset?.weeks.count == 1)
+    }
+
+    @MainActor
+    @Test
+    func `refresh historical dataset ignores stale dashboard signals and uses active account ownership`() async throws {
+        let historyFileURL = Self.makeTempURL()
+        let historyStore = HistoricalUsageHistoryStore(fileURL: historyFileURL)
+        let staleEmail = "old@example.com"
+        let staleLegacyEmailHash = CodexHistoryOwnership.legacyEmailHash(normalizedEmail: staleEmail)
+        let staleResetsAt = Date(timeIntervalSince1970: 1_770_000_000)
+        await Self.recordCompleteWeek(into: historyStore, resetsAt: staleResetsAt, accountKey: staleLegacyEmailHash)
+
+        let store = try Self.makeUsageStoreForHistoricalTests(
+            suite: "HistoricalUsagePaceTests-refresh-prefers-active-email",
+            historicalUsageHistoryStore: historyStore)
+        let activeProviderAccountKey = try #require(
+            CodexHistoryOwnership.canonicalKey(for: .providerAccount(id: "acct-new")))
+        store.settings._test_liveSystemCodexAccount = Self.liveAccount(
+            email: "new@example.com",
+            identity: .providerAccount(id: "acct-new"))
+        store.openAIDashboard = OpenAIDashboardSnapshot(
+            signedInEmail: staleEmail,
+            codeReviewRemainingPercent: nil,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            primaryLimit: nil,
+            secondaryLimit: nil,
+            creditsRemaining: nil,
+            accountPlan: nil,
+            updatedAt: staleResetsAt)
+        store.lastOpenAIDashboardTargetEmail = staleEmail
+        defer { store.settings._test_liveSystemCodexAccount = nil }
+
+        await store.refreshHistoricalDatasetIfNeeded()
+
+        #expect(store.codexHistoricalDatasetAccountKey == activeProviderAccountKey)
+        #expect(store.codexHistoricalDataset == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/HistoricalUsagePaceTestSupport.swift b/Tests/CodexBarTests/HistoricalUsagePaceTestSupport.swift
index 9a04cb273..bb6102c7d 100644
--- a/Tests/CodexBarTests/HistoricalUsagePaceTestSupport.swift
+++ b/Tests/CodexBarTests/HistoricalUsagePaceTestSupport.swift
@@ -4,15 +4,7 @@ import Testing
 @testable import CodexBar
 
 extension HistoricalUsagePaceTests {
-    private static let utcTimeZone: TimeZone = {
-        if let zone = TimeZone(identifier: "UTC") {
-            return zone
-        }
-        if let zone = TimeZone(secondsFromGMT: 0) {
-            return zone
-        }
-        return TimeZone.current
-    }()
+    private static let dashboardTimeZone: TimeZone = .current
 
     static func linearCurve(end: Double) -> [Double] {
         let clampedEnd = max(0, min(100, end))
@@ -45,10 +37,10 @@ extension HistoricalUsagePaceTests {
         overridesByDayOffset: [Int: Double] = [:]) -> [OpenAIDashboardDailyBreakdown]
     {
         var calendar = Calendar(identifier: .gregorian)
-        calendar.timeZone = Self.utcTimeZone
+        calendar.timeZone = Self.dashboardTimeZone
         let formatter = DateFormatter()
         formatter.locale = Locale(identifier: "en_US_POSIX")
-        formatter.timeZone = Self.utcTimeZone
+        formatter.timeZone = Self.dashboardTimeZone
         formatter.dateFormat = "yyyy-MM-dd"
 
         let endDay = calendar.startOfDay(for: endDate)
@@ -65,10 +57,10 @@ extension HistoricalUsagePaceTests {
 
     static func gregorianDate(year: Int, month: Int, day: Int, hour: Int) -> Date {
         var calendar = Calendar(identifier: .gregorian)
-        calendar.timeZone = Self.utcTimeZone
+        calendar.timeZone = Self.dashboardTimeZone
         var components = DateComponents()
         components.calendar = calendar
-        components.timeZone = Self.utcTimeZone
+        components.timeZone = Self.dashboardTimeZone
         components.year = year
         components.month = month
         components.day = day
@@ -91,10 +83,10 @@ extension HistoricalUsagePaceTests {
             return nil
         }
         var calendar = Calendar(identifier: .gregorian)
-        calendar.timeZone = Self.utcTimeZone
+        calendar.timeZone = Self.dashboardTimeZone
         var dateComponents = DateComponents()
         dateComponents.calendar = calendar
-        dateComponents.timeZone = Self.utcTimeZone
+        dateComponents.timeZone = Self.dashboardTimeZone
         dateComponents.year = year
         dateComponents.month = month
         dateComponents.day = day
@@ -102,7 +94,7 @@ extension HistoricalUsagePaceTests {
     }
 
     static func normalizeReset(_ value: Date) -> Date {
-        let bucket = 60.0
+        let bucket = 5 * 60.0
         let rounded = (value.timeIntervalSinceReferenceDate / bucket).rounded() * bucket
         return Date(timeIntervalSinceReferenceDate: rounded)
     }
@@ -119,6 +111,35 @@ extension HistoricalUsagePaceTests {
             }
     }
 
+    static func writeHistoricalFixture(named name: String, to fileURL: URL) throws {
+        let fixtureURL = URL(fileURLWithPath: #filePath)
+            .deletingLastPathComponent()
+            .appendingPathComponent("Fixtures", isDirectory: true)
+            .appendingPathComponent(name, isDirectory: false)
+        try FileManager.default.createDirectory(
+            at: fileURL.deletingLastPathComponent(),
+            withIntermediateDirectories: true)
+        let data = try Data(contentsOf: fixtureURL)
+        try data.write(to: fileURL, options: .atomic)
+    }
+
+    static func writeHistoricalRecords(_ records: [HistoricalUsageRecord], to fileURL: URL) throws {
+        let encoder = JSONEncoder()
+        encoder.dateEncodingStrategy = .iso8601
+        encoder.outputFormatting = [.sortedKeys]
+        let lines = try records.map { record -> String in
+            let data = try encoder.encode(record)
+            guard let line = String(bytes: data, encoding: .utf8) else {
+                throw CocoaError(.fileWriteUnknown)
+            }
+            return line
+        }
+        try FileManager.default.createDirectory(
+            at: fileURL.deletingLastPathComponent(),
+            withIntermediateDirectories: true)
+        try (lines.joined(separator: "\n") + "\n").write(to: fileURL, atomically: true, encoding: .utf8)
+    }
+
     static func recordDedupKeyCount(_ records: [HistoricalUsageRecord]) -> Int {
         struct Key: Hashable {
             let resetsAt: Date
@@ -147,8 +168,114 @@ extension HistoricalUsagePaceTests {
             .joined(separator: "||")
     }
 
+    static func liveAccount(
+        email: String,
+        identity: CodexIdentity = .unresolved) -> ObservedSystemCodexAccount
+    {
+        ObservedSystemCodexAccount(
+            email: email,
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date(),
+            identity: identity)
+    }
+
+    static func weeklySnapshot(
+        email: String? = nil,
+        usedPercent: Double,
+        resetsAt: Date,
+        updatedAt: Date) -> UsageSnapshot
+    {
+        UsageSnapshot(
+            primary: nil,
+            secondary: RateWindow(
+                usedPercent: usedPercent,
+                windowMinutes: 10080,
+                resetsAt: resetsAt,
+                resetDescription: nil),
+            tertiary: nil,
+            providerCost: nil,
+            updatedAt: updatedAt,
+            identity: email.map {
+                ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: $0,
+                    accountOrganization: nil,
+                    loginMethod: "Pro")
+            })
+    }
+
+    static func recordCompleteWeek(
+        into store: HistoricalUsageHistoryStore,
+        resetsAt: Date,
+        accountKey: String?) async
+    {
+        let windowMinutes = 10080
+        let duration = TimeInterval(windowMinutes) * 60
+        let windowStart = resetsAt.addingTimeInterval(-duration)
+        let samples: [(u: Double, used: Double)] = [
+            (0.02, 3),
+            (0.10, 10),
+            (0.40, 40),
+            (0.60, 60),
+            (0.80, 80),
+            (0.98, 95),
+        ]
+
+        for sample in samples {
+            _ = await store.recordCodexWeekly(
+                window: RateWindow(
+                    usedPercent: sample.used,
+                    windowMinutes: windowMinutes,
+                    resetsAt: resetsAt,
+                    resetDescription: nil),
+                sampledAt: windowStart.addingTimeInterval(sample.u * duration),
+                accountKey: accountKey)
+        }
+    }
+
+    static func waitForHistoricalRecords(
+        at fileURL: URL,
+        minimumCount: Int,
+        timeoutMilliseconds: UInt64 = 10000) async throws -> [HistoricalUsageRecord]
+    {
+        let deadline = ContinuousClock.now + .milliseconds(timeoutMilliseconds)
+        while ContinuousClock.now < deadline {
+            if let records = try? Self.readHistoricalRecords(from: fileURL), records.count >= minimumCount {
+                return records
+            }
+            try await Task.sleep(for: .milliseconds(25))
+        }
+
+        return try Self.readHistoricalRecords(from: fileURL)
+    }
+
     @MainActor
-    static func makeUsageStoreForBackfillTests(suite: String, historyFileURL: URL) throws -> UsageStore {
+    static func waitForHistoricalWrite(
+        store: UsageStore,
+        at fileURL: URL,
+        minimumCount: Int,
+        expectedAccountKey: String?,
+        timeoutMilliseconds: UInt64 = 10000) async throws -> [HistoricalUsageRecord]
+    {
+        let deadline = ContinuousClock.now + .milliseconds(timeoutMilliseconds)
+        while ContinuousClock.now < deadline {
+            let records = (try? Self.readHistoricalRecords(from: fileURL)) ?? []
+            if records.count >= minimumCount,
+               store.codexHistoricalDatasetAccountKey == expectedAccountKey
+            {
+                return records
+            }
+            try await Task.sleep(for: .milliseconds(25))
+        }
+
+        return try Self.readHistoricalRecords(from: fileURL)
+    }
+
+    @MainActor
+    static func makeUsageStoreForHistoricalTests(
+        suite: String,
+        historicalUsageHistoryStore: HistoricalUsageHistoryStore) throws -> UsageStore
+    {
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
         let settings = SettingsStore(
@@ -170,10 +297,20 @@ extension HistoricalUsagePaceTests {
             copilotTokenStore: InMemoryCopilotTokenStore(),
             tokenAccountStore: InMemoryTokenAccountStore())
         settings.historicalTrackingEnabled = true
+        let planHistoryStore = testPlanUtilizationHistoryStore(
+            suiteName: "HistoricalUsagePaceTests-\(UUID().uuidString)")
         return UsageStore(
             fetcher: UsageFetcher(environment: [:]),
             browserDetection: BrowserDetection(cacheTTL: 0),
             settings: settings,
+            historicalUsageHistoryStore: historicalUsageHistoryStore,
+            planUtilizationHistoryStore: planHistoryStore)
+    }
+
+    @MainActor
+    static func makeUsageStoreForBackfillTests(suite: String, historyFileURL: URL) throws -> UsageStore {
+        try self.makeUsageStoreForHistoricalTests(
+            suite: suite,
             historicalUsageHistoryStore: HistoricalUsageHistoryStore(fileURL: historyFileURL))
     }
 }
diff --git a/Tests/CodexBarTests/HistoricalUsagePaceTests.swift b/Tests/CodexBarTests/HistoricalUsagePaceTests.swift
index 642add9aa..63cecbfe4 100644
--- a/Tests/CodexBarTests/HistoricalUsagePaceTests.swift
+++ b/Tests/CodexBarTests/HistoricalUsagePaceTests.swift
@@ -3,10 +3,10 @@ import Foundation
 import Testing
 @testable import CodexBar
 
-@Suite
+@Suite(.serialized)
 struct HistoricalUsagePaceTests {
     @Test
-    func historyStore_reconstructsDeterministicMonotoneCurve() async throws {
+    func `history store reconstructs deterministic monotone curve`() async throws {
         let fileURL = Self.makeTempURL()
         let store = HistoricalUsageHistoryStore(fileURL: fileURL)
         let windowMinutes = 10080
@@ -47,7 +47,7 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func reconstructWeekCurve_anchorsAtZeroAtWindowStart() async throws {
+    func `reconstruct week curve anchors at zero at window start`() async throws {
         let fileURL = Self.makeTempURL()
         let store = HistoricalUsageHistoryStore(fileURL: fileURL)
         let windowMinutes = 10080
@@ -80,7 +80,7 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func reconstructWeekCurve_addsEndAnchorWithoutBreakingMonotonicity() async throws {
+    func `reconstruct week curve adds end anchor without breaking monotonicity`() async throws {
         let fileURL = Self.makeTempURL()
         let store = HistoricalUsageHistoryStore(fileURL: fileURL)
         let windowMinutes = 10080
@@ -116,7 +116,7 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func historyStore_requiresStartAndEndCoverageForCompleteWeek() async {
+    func `history store requires start and end coverage for complete week`() async {
         let fileURL = Self.makeTempURL()
         let store = HistoricalUsageHistoryStore(fileURL: fileURL)
         let windowMinutes = 10080
@@ -149,7 +149,7 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func evaluator_appliesSmoothedProbabilityAndHidesRiskBelowThreshold() throws {
+    func `evaluator applies smoothed probability and hides risk below threshold`() throws {
         let now = Date(timeIntervalSince1970: 0)
         let windowMinutes = 10080
         let duration = TimeInterval(windowMinutes) * 60
@@ -197,7 +197,7 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func evaluator_neverReturnsNegativeEtaWithOutlierWeek() {
+    func `evaluator never returns negative eta with outlier week`() {
         let now = Date(timeIntervalSince1970: 0)
         let windowMinutes = 10080
         let duration = TimeInterval(windowMinutes) * 60
@@ -229,7 +229,7 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func historyStore_backfillsFromUsageBreakdownWhenHistoryIsEmpty() async {
+    func `history store backfills from usage breakdown when history is empty`() async {
         let fileURL = Self.makeTempURL()
         let store = HistoricalUsageHistoryStore(fileURL: fileURL)
         let now = Date(timeIntervalSince1970: 1_770_000_000)
@@ -252,7 +252,7 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func historyStore_backfillIsIdempotentForExistingWeeks() async {
+    func `history store backfill is idempotent for existing weeks`() async {
         let fileURL = Self.makeTempURL()
         let store = HistoricalUsageHistoryStore(fileURL: fileURL)
         let now = Date(timeIntervalSince1970: 1_770_000_000)
@@ -286,7 +286,45 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func historyStore_backfillFillsIncompleteExistingWeek() async {
+    func `history store backfill is idempotent across minute scale reset jitter`() async {
+        let fileURL = Self.makeTempURL()
+        let store = HistoricalUsageHistoryStore(fileURL: fileURL)
+        let now = Date(timeIntervalSince1970: 1_770_000_000)
+        let windowMinutes = 10080
+        let canonicalReset = Self.normalizeReset(now.addingTimeInterval(2 * 24 * 60 * 60))
+        let firstWindow = RateWindow(
+            usedPercent: 50,
+            windowMinutes: windowMinutes,
+            resetsAt: canonicalReset.addingTimeInterval(-90),
+            resetDescription: nil)
+        let secondWindow = RateWindow(
+            usedPercent: 50,
+            windowMinutes: windowMinutes,
+            resetsAt: canonicalReset.addingTimeInterval(90),
+            resetDescription: nil)
+
+        let breakdown = Self.syntheticBreakdown(endingAt: now, days: 35, dailyCredits: 10)
+        let first = await store.backfillCodexWeeklyFromUsageBreakdown(
+            breakdown,
+            referenceWindow: firstWindow,
+            now: now,
+            accountKey: nil)
+        let recordsAfterFirst = (try? Self.readHistoricalRecords(from: fileURL)) ?? []
+        let second = await store.backfillCodexWeeklyFromUsageBreakdown(
+            breakdown,
+            referenceWindow: secondWindow,
+            now: now,
+            accountKey: nil)
+        let recordsAfterSecond = (try? Self.readHistoricalRecords(from: fileURL)) ?? []
+
+        #expect((first?.weeks.count ?? 0) >= 3)
+        #expect(first?.weeks.count == second?.weeks.count)
+        #expect(recordsAfterSecond.count == recordsAfterFirst.count)
+        #expect(Self.datasetCurveSignature(first) == Self.datasetCurveSignature(second))
+    }
+
+    @Test
+    func `history store backfill fills incomplete existing week`() async {
         let fileURL = Self.makeTempURL()
         let store = HistoricalUsageHistoryStore(fileURL: fileURL)
         let now = Date(timeIntervalSince1970: 1_770_000_000)
@@ -321,7 +359,7 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func historyStore_shouldAcceptDoesNotCrossWindowMinutesRegimes() async throws {
+    func `history store should accept does not cross window minutes regimes`() async throws {
         let fileURL = Self.makeTempURL()
         let store = HistoricalUsageHistoryStore(fileURL: fileURL)
         let sampledAt = Date(timeIntervalSince1970: 1_770_000_000)
@@ -353,12 +391,12 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func weeksWithResetJitter_areGroupedTogether() async {
+    func `weeks with reset jitter are grouped together`() async {
         let fileURL = Self.makeTempURL()
         let store = HistoricalUsageHistoryStore(fileURL: fileURL)
         let windowMinutes = 10080
         let duration = TimeInterval(windowMinutes) * 60
-        let canonicalReset = Date(timeIntervalSince1970: 1_770_000_000)
+        let canonicalReset = Self.normalizeReset(Date(timeIntervalSince1970: 1_770_000_000))
         let windowStart = canonicalReset.addingTimeInterval(-duration)
 
         let samples: [(u: Double, used: Double)] = [
@@ -370,7 +408,7 @@ struct HistoricalUsagePaceTests {
             (0.98, 95),
         ]
         for (index, sample) in samples.enumerated() {
-            let jitteredReset = canonicalReset.addingTimeInterval(index.isMultiple(of: 2) ? -20 : 20)
+            let jitteredReset = canonicalReset.addingTimeInterval(index.isMultiple(of: 2) ? -100 : 100)
             _ = await store.recordCodexWeekly(
                 window: RateWindow(
                     usedPercent: sample.used,
@@ -386,7 +424,7 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func backfill_matchesIncompleteWeek_whenResetJitterExists() async throws {
+    func `backfill matches incomplete week when reset jitter exists`() async throws {
         let fileURL = Self.makeTempURL()
         let store = HistoricalUsageHistoryStore(fileURL: fileURL)
         let now = Date(timeIntervalSince1970: 1_770_000_000)
@@ -400,7 +438,7 @@ struct HistoricalUsagePaceTests {
             window: RateWindow(
                 usedPercent: 35,
                 windowMinutes: windowMinutes,
-                resetsAt: targetReset.addingTimeInterval(30),
+                resetsAt: targetReset.addingTimeInterval(120),
                 resetDescription: nil),
             sampledAt: targetStart.addingTimeInterval(duration * 0.5),
             accountKey: nil)
@@ -428,7 +466,7 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func backfill_doesNotStopAtThreeWeeks_whenMoreBackfillableWeeksExist() async throws {
+    func `backfill does not stop at three weeks when more backfillable weeks exist`() async throws {
         let fileURL = Self.makeTempURL()
         let store = HistoricalUsageHistoryStore(fileURL: fileURL)
         let now = Date(timeIntervalSince1970: 1_770_000_000)
@@ -474,7 +512,7 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func loadDataset_usesOnlyCurrentAccountKey() async throws {
+    func `load dataset uses only current account key`() async throws {
         let fileURL = Self.makeTempURL()
         let store = HistoricalUsageHistoryStore(fileURL: fileURL)
         let windowMinutes = 10080
@@ -514,7 +552,7 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func backfill_filtersByAccountKey() async throws {
+    func `backfill filters by account key`() async throws {
         let fileURL = Self.makeTempURL()
         let store = HistoricalUsageHistoryStore(fileURL: fileURL)
         let now = Date(timeIntervalSince1970: 1_770_000_000)
@@ -548,7 +586,7 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func coverageTolerance_allowsDayBoundaryShiftWithoutNoOp() async {
+    func `coverage tolerance allows day boundary shift without no op`() async {
         let fileURL = Self.makeTempURL()
         let store = HistoricalUsageHistoryStore(fileURL: fileURL)
         let now = Date(timeIntervalSince1970: 1_770_000_000)
@@ -573,7 +611,7 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func backfill_treatsOmittedRecentZeroUsageDaysAsCoverage() async {
+    func `backfill treats omitted recent zero usage days as coverage`() async {
         let fileURL = Self.makeTempURL()
         let store = HistoricalUsageHistoryStore(fileURL: fileURL)
         let now = Self.gregorianDate(year: 2026, month: 2, day: 26, hour: 20)
@@ -604,7 +642,39 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func partialDayCredits_areNotUndercountedAtAsOfTime() {
+    func `backfill treats omitted leading zero usage days as coverage`() async {
+        let fileURL = Self.makeTempURL()
+        let store = HistoricalUsageHistoryStore(fileURL: fileURL)
+        let now = Self.gregorianDate(year: 2026, month: 2, day: 26, hour: 20)
+        let resetsAt = now.addingTimeInterval(2 * 24 * 60 * 60)
+        let referenceWindow = RateWindow(
+            usedPercent: 50,
+            windowMinutes: 10080,
+            resetsAt: resetsAt,
+            resetDescription: nil)
+
+        let breakdown = Self.syntheticBreakdown(
+            endingAt: now,
+            days: 35,
+            dailyCredits: 10,
+            overridesByDayOffset: [
+                3: 0,
+                4: 0,
+                5: 0,
+            ])
+            .filter { $0.totalCreditsUsed > 0 }
+
+        let dataset = await store.backfillCodexWeeklyFromUsageBreakdown(
+            breakdown,
+            referenceWindow: referenceWindow,
+            now: now,
+            accountKey: nil)
+
+        #expect((dataset?.weeks.count ?? 0) >= 3)
+    }
+
+    @Test
+    func `partial day credits are not undercounted at as of time`() {
         let asOf = Self.gregorianDate(year: 2026, month: 2, day: 26, hour: 12)
         let start = Self.gregorianDate(year: 2026, month: 2, day: 20, hour: 0)
         let breakdown = Self.syntheticBreakdown(
@@ -626,7 +696,7 @@ struct HistoricalUsagePaceTests {
     }
 
     @Test
-    func gregorianDayParsing_isStableForYYYYMMDD() {
+    func `gregorian day parsing is stable for YYYYMMDD`() {
         let parsed = HistoricalUsageHistoryStore._dayStartForTesting("2026-02-26")
         let expected = Self.gregorianDate(year: 2026, month: 2, day: 26, hour: 0)
         #expect(parsed == expected)
@@ -634,7 +704,7 @@ struct HistoricalUsagePaceTests {
 
     @MainActor
     @Test
-    func backfill_skipsWhenTimestampMismatchExceeds5Minutes() async throws {
+    func `backfill skips when timestamp mismatch exceeds5 minutes`() async throws {
         let store = try Self.makeUsageStoreForBackfillTests(
             suite: "HistoricalUsagePaceTests-backfill-mismatch",
             historyFileURL: Self.makeTempURL())
@@ -667,147 +737,16 @@ struct HistoricalUsagePaceTests {
             creditsRemaining: nil,
             accountPlan: nil,
             updatedAt: snapshotNow.addingTimeInterval(-10 * 60))
-        store.backfillCodexHistoricalFromDashboardIfNeeded(dashboard)
+        store.backfillCodexHistoricalFromDashboardIfNeeded(
+            dashboard,
+            authorityDecision: CodexDashboardAuthorityDecision(
+                disposition: .attach,
+                reason: .trustedEmailMatchNoCompetingOwner,
+                allowedEffects: [.historicalBackfill],
+                cleanup: []),
+            attachedAccountEmail: "attached@example.com")
 
         try await Task.sleep(for: .milliseconds(250))
         #expect(store.codexHistoricalDataset == nil)
     }
-
-    @MainActor
-    @Test
-    func backfill_usesDashboardSecondaryWhenAvailable() async throws {
-        let store = try Self.makeUsageStoreForBackfillTests(
-            suite: "HistoricalUsagePaceTests-backfill-dashboard-secondary",
-            historyFileURL: Self.makeTempURL())
-        store._setCodexHistoricalDatasetForTesting(nil)
-
-        let snapshotNow = Date(timeIntervalSince1970: 1_770_000_000)
-        let staleSnapshot = UsageSnapshot(
-            primary: nil,
-            secondary: RateWindow(
-                usedPercent: 5,
-                windowMinutes: 10080,
-                resetsAt: snapshotNow.addingTimeInterval(2 * 24 * 60 * 60),
-                resetDescription: nil),
-            tertiary: nil,
-            providerCost: nil,
-            updatedAt: snapshotNow.addingTimeInterval(-30 * 60),
-            identity: nil)
-        store._setSnapshotForTesting(staleSnapshot, provider: .codex)
-
-        let dashboard = OpenAIDashboardSnapshot(
-            signedInEmail: nil,
-            codeReviewRemainingPercent: nil,
-            creditEvents: [],
-            dailyBreakdown: [],
-            usageBreakdown: Self.syntheticBreakdown(endingAt: snapshotNow, days: 35, dailyCredits: 10),
-            creditsPurchaseURL: nil,
-            primaryLimit: nil,
-            secondaryLimit: RateWindow(
-                usedPercent: 50,
-                windowMinutes: 10080,
-                resetsAt: snapshotNow.addingTimeInterval(2 * 24 * 60 * 60),
-                resetDescription: nil),
-            creditsRemaining: nil,
-            accountPlan: nil,
-            updatedAt: snapshotNow)
-        store.backfillCodexHistoricalFromDashboardIfNeeded(dashboard)
-
-        for _ in 0..<40 {
-            if (store.codexHistoricalDataset?.weeks.count ?? 0) >= 3 {
-                break
-            }
-            try await Task.sleep(for: .milliseconds(50))
-        }
-        #expect((store.codexHistoricalDataset?.weeks.count ?? 0) >= 3)
-    }
-
-    @Test
-    func willLastDecision_usesSmoothedProbabilityWhenRiskHidden() throws {
-        let now = Date(timeIntervalSince1970: 0)
-        let windowMinutes = 10080
-        let duration = TimeInterval(windowMinutes) * 60
-        let currentResetsAt = now.addingTimeInterval(duration / 2)
-        let window = RateWindow(
-            usedPercent: 50,
-            windowMinutes: windowMinutes,
-            resetsAt: currentResetsAt,
-            resetDescription: nil)
-
-        let weeks = (0..<4).map { index in
-            HistoricalWeekProfile(
-                resetsAt: currentResetsAt.addingTimeInterval(-duration * Double(index + 1)),
-                windowMinutes: windowMinutes,
-                curve: Self.linearCurve(end: 100))
-        }
-        let pace = try #require(CodexHistoricalPaceEvaluator.evaluate(
-            window: window,
-            now: now,
-            dataset: CodexHistoricalDataset(weeks: weeks)))
-        #expect(pace.runOutProbability == nil)
-
-        let totalWeight = weeks.enumerated().reduce(0.0) { partial, element in
-            let ageWeeks = currentResetsAt.timeIntervalSince(element.element.resetsAt) / duration
-            return partial + exp(-ageWeeks / 3.0)
-        }
-        let smoothedProbability = (totalWeight + 0.5) / (totalWeight + 1.0)
-        #expect(pace.willLastToReset == (smoothedProbability < 0.5))
-    }
-
-    @MainActor
-    @Test
-    func usageStore_fallsBackToLinearWhenHistoryDisabledOrInsufficient() throws {
-        let suite = "HistoricalUsagePaceTests-usage-store"
-        let defaults = try #require(UserDefaults(suiteName: suite))
-        defaults.removePersistentDomain(forName: suite)
-        let settings = SettingsStore(
-            userDefaults: defaults,
-            configStore: testConfigStore(suiteName: suite),
-            zaiTokenStore: NoopZaiTokenStore(),
-            syntheticTokenStore: NoopSyntheticTokenStore(),
-            codexCookieStore: InMemoryCookieHeaderStore(),
-            claudeCookieStore: InMemoryCookieHeaderStore(),
-            cursorCookieStore: InMemoryCookieHeaderStore(),
-            opencodeCookieStore: InMemoryCookieHeaderStore(),
-            factoryCookieStore: InMemoryCookieHeaderStore(),
-            minimaxCookieStore: InMemoryMiniMaxCookieStore(),
-            minimaxAPITokenStore: InMemoryMiniMaxAPITokenStore(),
-            kimiTokenStore: InMemoryKimiTokenStore(),
-            kimiK2TokenStore: InMemoryKimiK2TokenStore(),
-            augmentCookieStore: InMemoryCookieHeaderStore(),
-            ampCookieStore: InMemoryCookieHeaderStore(),
-            copilotTokenStore: InMemoryCopilotTokenStore(),
-            tokenAccountStore: InMemoryTokenAccountStore())
-        settings.historicalTrackingEnabled = true
-
-        let store = UsageStore(
-            fetcher: UsageFetcher(environment: [:]),
-            browserDetection: BrowserDetection(cacheTTL: 0),
-            settings: settings,
-            historicalUsageHistoryStore: HistoricalUsageHistoryStore(fileURL: Self.makeTempURL()))
-
-        let now = Date(timeIntervalSince1970: 0)
-        let window = RateWindow(
-            usedPercent: 50,
-            windowMinutes: 10080,
-            resetsAt: now.addingTimeInterval(4 * 24 * 60 * 60),
-            resetDescription: nil)
-
-        let twoWeeksDataset = CodexHistoricalDataset(weeks: [
-            HistoricalWeekProfile(
-                resetsAt: now.addingTimeInterval(-7 * 24 * 60 * 60),
-                windowMinutes: 10080,
-                curve: Self.linearCurve(end: 100)),
-            HistoricalWeekProfile(
-                resetsAt: now.addingTimeInterval(-14 * 24 * 60 * 60),
-                windowMinutes: 10080,
-                curve: Self.linearCurve(end: 100)),
-        ])
-        store._setCodexHistoricalDatasetForTesting(twoWeeksDataset)
-
-        let computed = store.weeklyPace(provider: .codex, window: window, now: now)
-        let linear = UsagePace.weekly(window: window, now: now, defaultWindowMinutes: 10080)
-        #expect(computed != nil)
-        #expect(abs((computed?.deltaPercent ?? 0) - (linear?.deltaPercent ?? 0)) < 0.001)
-    }
 }
diff --git a/Tests/CodexBarTests/InlineCostHistoryDashboardLabelTests.swift b/Tests/CodexBarTests/InlineCostHistoryDashboardLabelTests.swift
new file mode 100644
index 000000000..2584e5dfe
--- /dev/null
+++ b/Tests/CodexBarTests/InlineCostHistoryDashboardLabelTests.swift
@@ -0,0 +1,124 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct InlineCostHistoryDashboardLabelTests {
+    @Test
+    func `local cost history KPI titles preserve one day and dynamic windows`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let metadata = try #require(ProviderDefaults.metadata[.claude])
+        let daily = [
+            CostUsageDailyReport.Entry(
+                date: "2023-11-14",
+                inputTokens: 100,
+                outputTokens: 50,
+                totalTokens: 150,
+                costUSD: 0.12,
+                modelsUsed: ["claude-sonnet-4"],
+                modelBreakdowns: nil),
+            CostUsageDailyReport.Entry(
+                date: "2023-11-15",
+                inputTokens: 200,
+                outputTokens: 75,
+                totalTokens: 275,
+                costUSD: 0.25,
+                modelsUsed: ["claude-opus-4"],
+                modelBreakdowns: nil),
+        ]
+
+        func makeModel(historyDays: Int) -> UsageMenuCardView.Model {
+            let tokenSnapshot = CostUsageTokenSnapshot(
+                sessionTokens: 275,
+                sessionCostUSD: 0.25,
+                last30DaysTokens: 425,
+                last30DaysCostUSD: 0.37,
+                historyDays: historyDays,
+                daily: daily,
+                updatedAt: now)
+            return UsageMenuCardView.Model.make(.init(
+                provider: .claude,
+                metadata: metadata,
+                snapshot: UsageSnapshot(
+                    primary: RateWindow(usedPercent: 10, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                    secondary: nil,
+                    updatedAt: now),
+                credits: nil,
+                creditsError: nil,
+                dashboard: nil,
+                dashboardError: nil,
+                tokenSnapshot: tokenSnapshot,
+                tokenError: nil,
+                account: AccountInfo(email: nil, plan: nil),
+                isRefreshing: false,
+                lastError: nil,
+                usageBarsShowUsed: false,
+                resetTimeDisplayStyle: .countdown,
+                tokenCostUsageEnabled: true,
+                showOptionalCreditsAndExtraUsage: true,
+                hidePersonalInfo: false,
+                now: now))
+        }
+
+        let oneDay = makeModel(historyDays: 1)
+        #expect(oneDay.inlineUsageDashboard?.kpis[1].title == "Today")
+        #expect(oneDay.inlineUsageDashboard?.kpis[2].title == "Today tokens")
+
+        let sevenDays = makeModel(historyDays: 7)
+        #expect(sevenDays.inlineUsageDashboard?.kpis[1].title == "Last 7 days Cost")
+        #expect(sevenDays.inlineUsageDashboard?.kpis[2].title == "Last 7 days tokens")
+
+        let thirtyDays = makeModel(historyDays: 30)
+        #expect(thirtyDays.inlineUsageDashboard?.kpis[1].title == "30d cost")
+        #expect(thirtyDays.inlineUsageDashboard?.kpis[2].title == "30d tokens")
+    }
+
+    @Test
+    func `custom cost history KPI title keeps token label distinct`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let metadata = try #require(ProviderDefaults.metadata[.claude])
+        let tokenSnapshot = CostUsageTokenSnapshot(
+            sessionTokens: 275,
+            sessionCostUSD: 0.25,
+            last30DaysTokens: 425,
+            last30DaysCostUSD: 0.37,
+            historyLabel: "This month",
+            daily: [
+                CostUsageDailyReport.Entry(
+                    date: "2023-11-15",
+                    inputTokens: 200,
+                    outputTokens: 75,
+                    totalTokens: 275,
+                    costUSD: 0.25,
+                    modelsUsed: nil,
+                    modelBreakdowns: nil),
+            ],
+            updatedAt: now)
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .claude,
+            metadata: metadata,
+            snapshot: UsageSnapshot(
+                primary: nil,
+                secondary: nil,
+                updatedAt: now),
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: tokenSnapshot,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: true,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.inlineUsageDashboard?.kpis[1].title == "This month")
+        #expect(model.inlineUsageDashboard?.kpis[2].title == "This month tokens")
+    }
+}
diff --git a/Tests/CodexBarTests/InstallOriginTests.swift b/Tests/CodexBarTests/InstallOriginTests.swift
index 6257229a2..7099bb6c8 100644
--- a/Tests/CodexBarTests/InstallOriginTests.swift
+++ b/Tests/CodexBarTests/InstallOriginTests.swift
@@ -2,10 +2,9 @@ import Foundation
 import Testing
 @testable import CodexBar
 
-@Suite
 struct InstallOriginTests {
     @Test
-    func detectsHomebrewCaskroom() {
+    func `detects homebrew caskroom`() {
         #expect(
             InstallOrigin
                 .isHomebrewCask(
diff --git a/Tests/CodexBarTests/JetBrainsIDEDetectorTests.swift b/Tests/CodexBarTests/JetBrainsIDEDetectorTests.swift
index 2e7eeeef9..ecbee841e 100644
--- a/Tests/CodexBarTests/JetBrainsIDEDetectorTests.swift
+++ b/Tests/CodexBarTests/JetBrainsIDEDetectorTests.swift
@@ -1,10 +1,9 @@
 import CodexBarCore
 import Testing
 
-@Suite
 struct JetBrainsIDEDetectorTests {
     @Test
-    func parsesIDEDirectoryCaseInsensitive() {
+    func `parses IDE directory case insensitive`() {
         let info = JetBrainsIDEDetector._parseIDEDirectoryForTesting(
             dirname: "Webstorm2024.1",
             basePath: "/test")
diff --git a/Tests/CodexBarTests/JetBrainsStatusProbeTests.swift b/Tests/CodexBarTests/JetBrainsStatusProbeTests.swift
index 8e64863a7..d5fc20945 100644
--- a/Tests/CodexBarTests/JetBrainsStatusProbeTests.swift
+++ b/Tests/CodexBarTests/JetBrainsStatusProbeTests.swift
@@ -2,10 +2,9 @@ import CodexBarCore
 import Foundation
 import Testing
 
-@Suite
 struct JetBrainsStatusProbeTests {
     @Test
-    func parsesQuotaXMLWithTariffQuota() throws {
+    func `parses quota XML with tariff quota`() throws {
         // Real-world format with tariffQuota containing available credits
         let quotaInfo = [
             "{&#10;  &quot;type&quot;: &quot;Available&quot;,",
@@ -57,7 +56,7 @@ struct JetBrainsStatusProbeTests {
     }
 
     @Test
-    func parsesQuotaXMLWithoutTariffQuota() throws {
+    func `parses quota XML without tariff quota`() throws {
         // Fallback format without tariffQuota
         let quotaInfo = [
             "{&#10;  &quot;type&quot;: &quot;paid&quot;,",
@@ -104,7 +103,7 @@ struct JetBrainsStatusProbeTests {
     }
 
     @Test
-    func calculatesUsagePercentageFromAvailable() {
+    func `calculates usage percentage from available`() {
         // available = 75_000, maximum = 100_000 -> 75% remaining, 25% used
         let quotaInfo = JetBrainsQuotaInfo(
             type: "paid",
@@ -118,7 +117,7 @@ struct JetBrainsStatusProbeTests {
     }
 
     @Test
-    func calculatesUsagePercentageAtZero() {
+    func `calculates usage percentage at zero`() {
         let quotaInfo = JetBrainsQuotaInfo(
             type: "paid",
             used: 0,
@@ -131,7 +130,7 @@ struct JetBrainsStatusProbeTests {
     }
 
     @Test
-    func calculatesUsagePercentageAtMax() {
+    func `calculates usage percentage at max`() {
         let quotaInfo = JetBrainsQuotaInfo(
             type: "paid",
             used: 100_000,
@@ -144,7 +143,7 @@ struct JetBrainsStatusProbeTests {
     }
 
     @Test
-    func handlesZeroMaximum() {
+    func `handles zero maximum`() {
         let quotaInfo = JetBrainsQuotaInfo(
             type: "free",
             used: 1000,
@@ -157,7 +156,7 @@ struct JetBrainsStatusProbeTests {
     }
 
     @Test
-    func convertsToUsageSnapshot() throws {
+    func `converts to usage snapshot`() throws {
         let quotaInfo = JetBrainsQuotaInfo(
             type: "Available",
             used: 7478.3,
@@ -196,7 +195,7 @@ struct JetBrainsStatusProbeTests {
     }
 
     @Test
-    func usageSnapshotUsesRefillDateForReset() throws {
+    func `usage snapshot uses refill date for reset`() throws {
         let refillDate = Date().addingTimeInterval(86400 * 6) // 6 days from now
         let untilDate = Date().addingTimeInterval(86400 * 300) // 300 days from now
 
@@ -225,7 +224,7 @@ struct JetBrainsStatusProbeTests {
     }
 
     @Test
-    func parsesIDEDirectory() {
+    func `parses IDE directory`() {
         let ides = [
             ("IntelliJIdea2024.3", "IntelliJ IDEA", "2024.3"),
             ("PyCharm2024.2", "PyCharm", "2024.2"),
@@ -249,7 +248,7 @@ struct JetBrainsStatusProbeTests {
     }
 
     @Test
-    func expandsTildeInCustomPath() async throws {
+    func `expands tilde in custom path`() async throws {
         let fileManager = FileManager.default
         let home = fileManager.homeDirectoryForCurrentUser
         let testRoot = home
@@ -300,7 +299,7 @@ struct JetBrainsStatusProbeTests {
     }
 
     @Test
-    func handlesHTMLEntities() throws {
+    func `handles HTML entities`() throws {
         let quotaInfo = [
             "{&quot;type&quot;:&quot;free&quot;",
             ",&quot;current&quot;:&quot;0&quot;",
@@ -326,7 +325,7 @@ struct JetBrainsStatusProbeTests {
     }
 
     @Test
-    func throwsOnMissingQuotaInfo() throws {
+    func `throws on missing quota info`() throws {
         let xml = """
         <?xml version="1.0" encoding="UTF-8"?>
         <application>
@@ -342,7 +341,7 @@ struct JetBrainsStatusProbeTests {
     }
 
     @Test
-    func throwsOnEmptyQuotaInfo() throws {
+    func `throws on empty quota info`() throws {
         let xml = """
         <?xml version="1.0" encoding="UTF-8"?>
         <application>
diff --git a/Tests/CodexBarTests/KeyboardShortcutsBundleTests.swift b/Tests/CodexBarTests/KeyboardShortcutsBundleTests.swift
index 61e511225..f31aadae5 100644
--- a/Tests/CodexBarTests/KeyboardShortcutsBundleTests.swift
+++ b/Tests/CodexBarTests/KeyboardShortcutsBundleTests.swift
@@ -2,8 +2,8 @@ import KeyboardShortcuts
 import Testing
 
 @MainActor
-@Suite struct KeyboardShortcutsBundleTests {
-    @Test func recorderInitializesWithoutCrashing() {
+struct KeyboardShortcutsBundleTests {
+    @Test func `recorder initializes without crashing`() {
         _ = KeyboardShortcuts.RecorderCocoa(for: .init("test.keyboardshortcuts.bundle"))
     }
 }
diff --git a/Tests/CodexBarTests/KeychainCacheStoreTests.swift b/Tests/CodexBarTests/KeychainCacheStoreTests.swift
index 3bf24ca8f..0e4152394 100644
--- a/Tests/CodexBarTests/KeychainCacheStoreTests.swift
+++ b/Tests/CodexBarTests/KeychainCacheStoreTests.swift
@@ -10,7 +10,26 @@ struct KeychainCacheStoreTests {
     }
 
     @Test
-    func storesAndLoadsEntry() {
+    func `tests suppress real keychain access by default`() {
+        guard ProcessInfo.processInfo.environment["CODEXBAR_ALLOW_TEST_KEYCHAIN_ACCESS"] != "1" else { return }
+
+        #expect(KeychainCacheStore.canUseRealKeychainForTesting == false)
+        let key = KeychainCacheStore.Key(category: "test", identifier: UUID().uuidString)
+        let entry = TestEntry(value: "implicit", storedAt: Date(timeIntervalSince1970: 0))
+
+        KeychainCacheStore.store(key: key, entry: entry)
+        defer { KeychainCacheStore.clear(key: key) }
+
+        switch KeychainCacheStore.load(key: key, as: TestEntry.self) {
+        case let .found(loaded):
+            #expect(loaded == entry)
+        case .missing, .temporarilyUnavailable, .invalid:
+            #expect(Bool(false), "Expected implicit test cache entry")
+        }
+    }
+
+    @Test
+    func `stores and loads entry`() {
         KeychainCacheStore.setTestStoreForTesting(true)
         defer { KeychainCacheStore.setTestStoreForTesting(false) }
 
@@ -24,13 +43,13 @@ struct KeychainCacheStoreTests {
         switch KeychainCacheStore.load(key: key, as: TestEntry.self) {
         case let .found(loaded):
             #expect(loaded == entry)
-        case .missing, .invalid:
+        case .missing, .temporarilyUnavailable, .invalid:
             #expect(Bool(false), "Expected keychain cache entry")
         }
     }
 
     @Test
-    func overwritesExistingEntry() {
+    func `overwrites existing entry`() {
         KeychainCacheStore.setTestStoreForTesting(true)
         defer { KeychainCacheStore.setTestStoreForTesting(false) }
 
@@ -45,13 +64,13 @@ struct KeychainCacheStoreTests {
         switch KeychainCacheStore.load(key: key, as: TestEntry.self) {
         case let .found(loaded):
             #expect(loaded == second)
-        case .missing, .invalid:
+        case .missing, .temporarilyUnavailable, .invalid:
             #expect(Bool(false), "Expected overwritten keychain cache entry")
         }
     }
 
     @Test
-    func clearRemovesEntry() {
+    func `clear removes entry`() {
         KeychainCacheStore.setTestStoreForTesting(true)
         defer { KeychainCacheStore.setTestStoreForTesting(false) }
 
@@ -64,8 +83,117 @@ struct KeychainCacheStoreTests {
         switch KeychainCacheStore.load(key: key, as: TestEntry.self) {
         case .missing:
             #expect(true)
-        case .found, .invalid:
+        case .found, .temporarilyUnavailable, .invalid:
             #expect(Bool(false), "Expected keychain cache entry to be cleared")
         }
     }
+
+    @Test
+    func `clear reports whether an entry was removed`() {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+        let key = KeychainCacheStore.Key(category: "test", identifier: UUID().uuidString)
+        let entry = TestEntry(value: "gone", storedAt: Date(timeIntervalSince1970: 0))
+        KeychainCacheStore.store(key: key, entry: entry)
+
+        #expect(KeychainCacheStore.clear(key: key) == true)
+        #expect(KeychainCacheStore.clear(key: key) == false)
+    }
+
+    @Test
+    func `keys lists only matching category for current service`() {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+        let serviceA = "cache-keys-a-\(UUID().uuidString)"
+        let serviceB = "cache-keys-b-\(UUID().uuidString)"
+        let cookieA = KeychainCacheStore.Key(category: "cookie", identifier: "codex")
+        let scopedCookieA = KeychainCacheStore.Key(category: "cookie", identifier: "codex.managed.account")
+        let oauthA = KeychainCacheStore.Key(category: "oauth", identifier: "codex")
+        let cookieB = KeychainCacheStore.Key(category: "cookie", identifier: "claude")
+        let entry = TestEntry(value: "value", storedAt: Date(timeIntervalSince1970: 0))
+
+        KeychainCacheStore.withServiceOverrideForTesting(serviceA) {
+            KeychainCacheStore.store(key: cookieA, entry: entry)
+            KeychainCacheStore.store(key: scopedCookieA, entry: entry)
+            KeychainCacheStore.store(key: oauthA, entry: entry)
+        }
+        KeychainCacheStore.withServiceOverrideForTesting(serviceB) {
+            KeychainCacheStore.store(key: cookieB, entry: entry)
+        }
+
+        let keys = KeychainCacheStore.withServiceOverrideForTesting(serviceA) {
+            KeychainCacheStore.keys(category: "cookie")
+        }
+
+        #expect(keys == [cookieA, scopedCookieA])
+    }
+
+    #if os(macOS)
+    @Test
+    func `interaction not allowed is treated as temporarily unavailable`() {
+        let key = KeychainCacheStore.Key(category: "test", identifier: UUID().uuidString)
+        let result: KeychainCacheStore.LoadResult<TestEntry> = KeychainCacheStore.loadResultForKeychainReadFailure(
+            status: errSecInteractionNotAllowed,
+            key: key)
+
+        switch result {
+        case .temporarilyUnavailable:
+            #expect(true)
+        case .found, .missing, .invalid:
+            #expect(Bool(false), "Expected temporary keychain lock to be retry-later")
+        }
+    }
+
+    @Test
+    func `load failure override bypasses test store without affecting store or clear`() {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+
+        let key = KeychainCacheStore.Key(category: "test", identifier: UUID().uuidString)
+        let entry = TestEntry(value: "stored", storedAt: Date(timeIntervalSince1970: 0))
+        KeychainCacheStore.store(key: key, entry: entry)
+        defer { KeychainCacheStore.clear(key: key) }
+
+        KeychainCacheStore.withLoadFailureStatusOverrideForTesting(errSecInteractionNotAllowed) {
+            switch KeychainCacheStore.load(key: key, as: TestEntry.self) {
+            case .temporarilyUnavailable:
+                #expect(true)
+            case .found, .missing, .invalid:
+                #expect(Bool(false), "Expected override to run before test store")
+            }
+        }
+
+        switch KeychainCacheStore.load(key: key, as: TestEntry.self) {
+        case let .found(loaded):
+            #expect(loaded == entry)
+        case .missing, .temporarilyUnavailable, .invalid:
+            #expect(Bool(false), "Expected override not to mutate test store")
+        }
+    }
+
+    @Test
+    func `cache ACL trusts bundled app and CLI helper`() {
+        let root = URL(fileURLWithPath: "/Applications/CodexBar.app")
+        let executable = root.appendingPathComponent("Contents/MacOS/CodexBar")
+        let helper = root.appendingPathComponent("Contents/Helpers/CodexBarCLI")
+        let existing = Set([
+            root.path,
+            executable.path,
+            helper.path,
+        ])
+
+        let paths = KeychainCacheStore.trustedApplicationPathsForCacheAccess(
+            bundleURL: root,
+            executableURL: executable,
+            fileExists: { existing.contains($0) })
+
+        #expect(paths == [
+            root.path,
+            helper.path,
+            executable.path,
+        ])
+    }
+    #endif
 }
diff --git a/Tests/CodexBarTests/KeychainMigrationTests.swift b/Tests/CodexBarTests/KeychainMigrationTests.swift
index a6357b11e..7b3084b61 100644
--- a/Tests/CodexBarTests/KeychainMigrationTests.swift
+++ b/Tests/CodexBarTests/KeychainMigrationTests.swift
@@ -1,12 +1,11 @@
 import Testing
 @testable import CodexBar
 
-@Suite
 struct KeychainMigrationTests {
     @Test
-    func migrationListCoversKnownKeychainItems() {
+    func `migration list covers known keychain items`() {
         let items = Set(KeychainMigration.itemsToMigrate.map(\.label))
-        let expected: Set<String> = [
+        let expected: Set = [
             "com.steipete.CodexBar:codex-cookie",
             "com.steipete.CodexBar:claude-cookie",
             "com.steipete.CodexBar:cursor-cookie",
diff --git a/Tests/CodexBarTests/KeychainNoUIQueryTests.swift b/Tests/CodexBarTests/KeychainNoUIQueryTests.swift
new file mode 100644
index 000000000..58591543f
--- /dev/null
+++ b/Tests/CodexBarTests/KeychainNoUIQueryTests.swift
@@ -0,0 +1,62 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+#if os(macOS)
+import Darwin
+import LocalAuthentication
+import Security
+
+struct KeychainNoUIQueryTests {
+    private func resolveSecurityUIFailValue() -> String {
+        let securityPath = "/System/Library/Frameworks/Security.framework/Security"
+        guard let handle = dlopen(securityPath, RTLD_NOW) else {
+            return "u_AuthUIF"
+        }
+        defer { dlclose(handle) }
+        guard let symbol = dlsym(handle, "kSecUseAuthenticationUIFail") else {
+            return "u_AuthUIF"
+        }
+        let valuePointer = symbol.assumingMemoryBound(to: CFString?.self)
+        return (valuePointer.pointee as String?) ?? "u_AuthUIF"
+    }
+
+    @Test
+    func `apply sets non interactive context and UI fail policy`() {
+        var query: [String: Any] = [:]
+
+        KeychainNoUIQuery.apply(to: &query)
+
+        let context = query[kSecUseAuthenticationContext as String] as? LAContext
+        #expect(context != nil)
+        #expect(context?.interactionNotAllowed == true)
+
+        let uiPolicy = query[kSecUseAuthenticationUI as String] as? String
+        #expect(uiPolicy == self.resolveSecurityUIFailValue())
+        #expect(uiPolicy == (KeychainNoUIQuery.uiFailPolicyForTesting() as String))
+        #expect(uiPolicy != "kSecUseAuthenticationUIFail")
+    }
+
+    @Test
+    func `preflight query is strictly non interactive and does not request secret data`() {
+        let query = KeychainAccessPreflight.makeGenericPasswordPreflightQuery(
+            service: "test.service",
+            account: "test.account")
+
+        #expect(query[kSecReturnData as String] == nil)
+        #expect(query[kSecReturnAttributes as String] as? Bool == true)
+        #expect((query[kSecUseAuthenticationContext as String] as? LAContext)?.interactionNotAllowed == true)
+        #expect((query[kSecUseAuthenticationUI as String] as? String) == self.resolveSecurityUIFailValue())
+    }
+
+    @Test
+    func `preflight query executes without invalid UI policy`() {
+        let query = KeychainAccessPreflight.makeGenericPasswordPreflightQuery(
+            service: "codexbar.keychain.noui.\(UUID().uuidString)",
+            account: nil)
+        var result: AnyObject?
+        let status = SecItemCopyMatching(query as CFDictionary, &result)
+        #expect(status == errSecItemNotFound || status == errSecInteractionNotAllowed)
+    }
+}
+#endif
diff --git a/Tests/CodexBarTests/KeychainPromptSafetyAuditTests.swift b/Tests/CodexBarTests/KeychainPromptSafetyAuditTests.swift
new file mode 100644
index 000000000..fb00d1ae6
--- /dev/null
+++ b/Tests/CodexBarTests/KeychainPromptSafetyAuditTests.swift
@@ -0,0 +1,133 @@
+import Foundation
+import Testing
+
+struct KeychainPromptSafetyAuditTests {
+    @Test
+    func `agent instructions forbid keychain prompt validation`() throws {
+        let agents = try Self.readRepoFile("AGENTS.md")
+
+        #expect(agents.contains("Never run tests/checks or ad-hoc validation that can display macOS Keychain prompts"))
+        #expect(agents.contains("use parser tests, stubs, test stores, or `KeychainNoUIQuery`"))
+    }
+
+    @Test
+    func `live TTY integration tests are opt in`() throws {
+        let ttyTests = try Self.readRepoFile("Tests/CodexBarTests/TTYIntegrationTests.swift")
+
+        #expect(ttyTests.contains("LIVE_CODEX_TTY"))
+        #expect(ttyTests.contains("LIVE_CLAUDE_TTY"))
+        #expect(ttyTests.contains("guard ProcessInfo.processInfo.environment[\"LIVE_CODEX_TTY\"] == \"1\""))
+        #expect(ttyTests.contains("guard ProcessInfo.processInfo.environment[\"LIVE_CLAUDE_TTY\"] == \"1\""))
+    }
+
+    @Test
+    func `interactive keychain prompt test paths use test doubles`() throws {
+        let promptLiteral = "allowKeychainPrompt: true"
+        let testFiles = try Self.swiftTestFiles(excludingSelf: true)
+        let promptCallSites = try testFiles.flatMap { file in
+            try Self.lines(in: file)
+                .enumerated()
+                .filter { _, line in line.contains(promptLiteral) }
+                .map { lineNumber, _ in PromptCallSite(file: file, lineNumber: lineNumber + 1) }
+        }
+
+        #expect(promptCallSites.isEmpty == false)
+        for callSite in promptCallSites {
+            let lines = try Self.lines(in: callSite.file)
+            let usesScopedKeychainDouble = Self.hasOpenKeychainTestDouble(lines: lines, before: callSite.lineNumber)
+            let failureMessage = "\(callSite.file.path):\(callSite.lineNumber) has \(promptLiteral) "
+                + "without an enclosing keychain test double"
+            #expect(usesScopedKeychainDouble, "\(failureMessage)")
+        }
+    }
+
+    @Test
+    func `tests do not call SecItemCopyMatching except no UI query coverage`() throws {
+        let offenders = try Self.swiftTestFiles().filter { file in
+            let text = try Self.readFile(file)
+            return text.contains("SecItemCopyMatching")
+                && !file.path.hasSuffix("Tests/CodexBarTests/KeychainNoUIQueryTests.swift")
+                && !file.path.hasSuffix("Tests/CodexBarTests/KeychainPromptSafetyAuditTests.swift")
+        }
+
+        #expect(offenders.isEmpty, "Unexpected direct SecItemCopyMatching in tests: \(offenders.map(\.path))")
+    }
+
+    private static func repoRoot() -> URL {
+        URL(fileURLWithPath: #filePath)
+            .deletingLastPathComponent()
+            .deletingLastPathComponent()
+            .deletingLastPathComponent()
+    }
+
+    private static func readRepoFile(_ relativePath: String) throws -> String {
+        try self.readFile(self.repoRoot().appendingPathComponent(relativePath))
+    }
+
+    private static func readFile(_ url: URL) throws -> String {
+        try String(contentsOf: url, encoding: .utf8)
+    }
+
+    private static func lines(in url: URL) throws -> [Substring] {
+        try self.readFile(url).split(separator: "\n", omittingEmptySubsequences: false)
+    }
+
+    private static func swiftTestFiles(excludingSelf: Bool = false) throws -> [URL] {
+        let testsRoot = self.repoRoot().appendingPathComponent("Tests/CodexBarTests", isDirectory: true)
+        guard let enumerator = FileManager.default.enumerator(
+            at: testsRoot,
+            includingPropertiesForKeys: [.isRegularFileKey],
+            options: [.skipsHiddenFiles])
+        else { return [] }
+
+        var files: [URL] = []
+        for case let file as URL in enumerator where file.pathExtension == "swift" {
+            let values = try file.resourceValues(forKeys: [.isRegularFileKey])
+            if values.isRegularFile == true {
+                if excludingSelf, file.path.hasSuffix("Tests/CodexBarTests/KeychainPromptSafetyAuditTests.swift") {
+                    continue
+                }
+                files.append(file)
+            }
+        }
+        return files
+    }
+
+    private static func hasOpenKeychainTestDouble(lines: [Substring], before oneBasedLineNumber: Int) -> Bool {
+        let helperNames = [
+            "withClaudeKeychainOverridesForTesting",
+            "withSecurityCLIReadOverrideForTesting",
+            "KeychainAccessPreflight.withCheckGenericPasswordOverrideForTesting",
+        ]
+        let targetIndex = oneBasedLineNumber - 1
+        let lineRange = lines.indices.prefix(through: targetIndex)
+        return lineRange.contains { index in
+            helperNames.contains { lines[index].contains($0) }
+                && self.hasOpenBraceScope(lines: lines, from: index, through: targetIndex)
+        }
+    }
+
+    private static func hasOpenBraceScope(lines: [Substring], from startIndex: Int, through endIndex: Int) -> Bool {
+        var balance = 0
+        var sawOpeningBrace = false
+        for line in lines[startIndex...endIndex] {
+            for character in line {
+                switch character {
+                case "{":
+                    balance += 1
+                    sawOpeningBrace = true
+                case "}":
+                    balance -= 1
+                default:
+                    continue
+                }
+            }
+        }
+        return sawOpeningBrace && balance > 0
+    }
+
+    private struct PromptCallSite {
+        let file: URL
+        let lineNumber: Int
+    }
+}
diff --git a/Tests/CodexBarTests/KiloBearerTokenResolverTests.swift b/Tests/CodexBarTests/KiloBearerTokenResolverTests.swift
new file mode 100644
index 000000000..371bc3bfb
--- /dev/null
+++ b/Tests/CodexBarTests/KiloBearerTokenResolverTests.swift
@@ -0,0 +1,124 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct KiloBearerTokenResolverTests {
+    private func writeAuthFile(_ json: String) throws -> URL {
+        let directory = FileManager.default.temporaryDirectory
+            .appendingPathComponent("kilo-resolver-tests-\(UUID().uuidString)", isDirectory: true)
+        let kiloDir = directory
+            .appendingPathComponent(".local", isDirectory: true)
+            .appendingPathComponent("share", isDirectory: true)
+            .appendingPathComponent("kilo", isDirectory: true)
+        try FileManager.default.createDirectory(at: kiloDir, withIntermediateDirectories: true)
+        let authURL = kiloDir.appendingPathComponent("auth.json", isDirectory: false)
+        try json.write(to: authURL, atomically: true, encoding: .utf8)
+        return directory
+    }
+
+    @Test
+    func `api mode uses provided apiKey`() throws {
+        let resolved = try KiloBearerTokenResolver.resolve(
+            source: .api,
+            apiKey: "kilo_abc",
+            environment: [:])
+        #expect(resolved.token == "kilo_abc")
+        #expect(resolved.sourceLabel == "api")
+    }
+
+    @Test
+    func `api mode falls back to KILO_API_KEY env var when apiKey is empty`() throws {
+        let resolved = try KiloBearerTokenResolver.resolve(
+            source: .api,
+            apiKey: nil,
+            environment: ["KILO_API_KEY": "kilo_from_env"])
+        #expect(resolved.token == "kilo_from_env")
+        #expect(resolved.sourceLabel == "api")
+    }
+
+    @Test
+    func `api mode throws missingCredentials when nothing available`() {
+        #expect(throws: KiloUsageError.missingCredentials) {
+            try KiloBearerTokenResolver.resolve(
+                source: .api,
+                apiKey: nil,
+                environment: [:])
+        }
+    }
+
+    @Test
+    func `cli mode reads token from auth.json`() throws {
+        let home = try self.writeAuthFile(#"{ "kilo": { "access": "cli-token" } }"#)
+        defer { try? FileManager.default.removeItem(at: home) }
+
+        let resolved = try KiloBearerTokenResolver.resolve(
+            source: .cli,
+            apiKey: nil,
+            environment: ["HOME": home.path])
+        #expect(resolved.token == "cli-token")
+        #expect(resolved.sourceLabel == "cli")
+    }
+
+    @Test
+    func `cli mode throws cliSessionMissing when auth.json missing`() {
+        let nonexistentHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("kilo-no-such-home-\(UUID().uuidString)", isDirectory: true)
+        #expect(throws: (any Error).self) {
+            try KiloBearerTokenResolver.resolve(
+                source: .cli,
+                apiKey: nil,
+                environment: ["HOME": nonexistentHome.path])
+        }
+    }
+
+    @Test
+    func `cli mode throws cliSessionInvalid for malformed JSON`() throws {
+        let home = try self.writeAuthFile(#"{ "kilo": { } }"#)
+        defer { try? FileManager.default.removeItem(at: home) }
+
+        #expect(throws: (any Error).self) {
+            try KiloBearerTokenResolver.resolve(
+                source: .cli,
+                apiKey: nil,
+                environment: ["HOME": home.path])
+        }
+    }
+
+    @Test
+    func `auto mode prefers API key when available`() throws {
+        let home = try self.writeAuthFile(#"{ "kilo": { "access": "cli-token" } }"#)
+        defer { try? FileManager.default.removeItem(at: home) }
+
+        let resolved = try KiloBearerTokenResolver.resolve(
+            source: .auto,
+            apiKey: "kilo_api",
+            environment: ["HOME": home.path])
+        #expect(resolved.token == "kilo_api")
+        #expect(resolved.sourceLabel == "api")
+    }
+
+    @Test
+    func `auto mode falls back to CLI when API key missing`() throws {
+        let home = try self.writeAuthFile(#"{ "kilo": { "access": "cli-fallback" } }"#)
+        defer { try? FileManager.default.removeItem(at: home) }
+
+        let resolved = try KiloBearerTokenResolver.resolve(
+            source: .auto,
+            apiKey: nil,
+            environment: ["HOME": home.path])
+        #expect(resolved.token == "cli-fallback")
+        #expect(resolved.sourceLabel == "cli")
+    }
+
+    @Test
+    func `auto mode surfaces CLI error when neither path available`() {
+        let nonexistentHome = FileManager.default.temporaryDirectory
+            .appendingPathComponent("kilo-no-such-home-\(UUID().uuidString)", isDirectory: true)
+        #expect(throws: (any Error).self) {
+            try KiloBearerTokenResolver.resolve(
+                source: .auto,
+                apiKey: nil,
+                environment: ["HOME": nonexistentHome.path])
+        }
+    }
+}
diff --git a/Tests/CodexBarTests/KiloOrganizationTests.swift b/Tests/CodexBarTests/KiloOrganizationTests.swift
new file mode 100644
index 000000000..7b12e273e
--- /dev/null
+++ b/Tests/CodexBarTests/KiloOrganizationTests.swift
@@ -0,0 +1,72 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct KiloOrganizationTests {
+    @Test
+    func `decodes from canonical Kilo profile payload`() throws {
+        let json = #"""
+        { "id": "org_123", "name": "Acme Corp", "role": "owner" }
+        """#
+        let data = Data(json.utf8)
+        let org = try JSONDecoder().decode(KiloOrganization.self, from: data)
+        #expect(org.id == "org_123")
+        #expect(org.name == "Acme Corp")
+        #expect(org.role == "owner")
+    }
+
+    @Test
+    func `decodes when role missing`() throws {
+        let json = #"""
+        { "id": "org_xyz", "name": "No Role Org" }
+        """#
+        let data = Data(json.utf8)
+        let org = try JSONDecoder().decode(KiloOrganization.self, from: data)
+        #expect(org.role == nil)
+    }
+
+    @Test
+    func `equality covers all stored fields`() {
+        let a = KiloOrganization(id: "org_1", name: "A", role: "member")
+        let b = KiloOrganization(id: "org_1", name: "A", role: "member")
+        let differentRole = KiloOrganization(id: "org_1", name: "A", role: "owner")
+        #expect(a == b)
+        #expect(a != differentRole)
+    }
+}
+
+struct KiloUsageScopeTests {
+    @Test
+    func `personal scope identifier is stable`() {
+        let scope: KiloUsageScope = .personal
+        #expect(scope.scopeIdentifier == "personal")
+    }
+
+    @Test
+    func `organization scope identifier prefixes id`() {
+        let scope: KiloUsageScope = .organization(id: "org_42", name: "Acme")
+        #expect(scope.scopeIdentifier == "org:org_42")
+    }
+
+    @Test
+    func `organizationID is nil for personal`() {
+        #expect(KiloUsageScope.personal.organizationID == nil)
+    }
+
+    @Test
+    func `organizationID returns id for organization`() {
+        let scope: KiloUsageScope = .organization(id: "org_42", name: "Acme")
+        #expect(scope.organizationID == "org_42")
+    }
+
+    @Test
+    func `displayName falls back to Personal for personal`() {
+        #expect(KiloUsageScope.personal.displayName == "Personal")
+    }
+
+    @Test
+    func `displayName uses org name for organization`() {
+        let scope: KiloUsageScope = .organization(id: "org_42", name: "Acme")
+        #expect(scope.displayName == "Acme")
+    }
+}
diff --git a/Tests/CodexBarTests/KiloSettingsReaderTests.swift b/Tests/CodexBarTests/KiloSettingsReaderTests.swift
index 239729fe1..40335b477 100644
--- a/Tests/CodexBarTests/KiloSettingsReaderTests.swift
+++ b/Tests/CodexBarTests/KiloSettingsReaderTests.swift
@@ -1,10 +1,9 @@
 import CodexBarCore
 import Testing
 
-@Suite
 struct KiloSettingsReaderTests {
     @Test
-    func apiURLDefaultsToAppKiloAITrpc() {
+    func `api URL defaults to app kilo AI trpc`() {
         let url = KiloSettingsReader.apiURL(environment: [:])
 
         #expect(url.scheme == "https")
@@ -13,7 +12,7 @@ struct KiloSettingsReaderTests {
     }
 
     @Test
-    func apiURLIgnoresEnvironmentOverride() {
+    func `api URL ignores environment override`() {
         let url = KiloSettingsReader.apiURL(environment: ["KILO_API_URL": "https://proxy.example.com/trpc"])
 
         #expect(url.host() == "app.kilo.ai")
@@ -21,19 +20,19 @@ struct KiloSettingsReaderTests {
     }
 
     @Test
-    func descriptorUsesAppKiloAIDashboard() {
+    func `descriptor uses app kilo AI dashboard`() {
         let descriptor = ProviderDescriptorRegistry.descriptor(for: .kilo)
-        #expect(descriptor.metadata.dashboardURL == "https://app.kilo.ai/account/usage")
+        #expect(descriptor.metadata.dashboardURL == "https://app.kilo.ai/usage")
     }
 
     @Test
-    func descriptorUsesDedicatedKiloIconResource() {
+    func `descriptor uses dedicated kilo icon resource`() {
         let descriptor = ProviderDescriptorRegistry.descriptor(for: .kilo)
         #expect(descriptor.branding.iconResourceName == "ProviderIcon-kilo")
     }
 
     @Test
-    func descriptorSupportsAutoAPIAndCLISourceModes() {
+    func `descriptor supports auto API and CLI source modes`() {
         let descriptor = ProviderDescriptorRegistry.descriptor(for: .kilo)
         let expected: Set<ProviderSourceMode> = [.auto, .api, .cli]
         #expect(descriptor.fetchPlan.sourceModes == expected)
diff --git a/Tests/CodexBarTests/KiloSettingsStoreTests.swift b/Tests/CodexBarTests/KiloSettingsStoreTests.swift
new file mode 100644
index 000000000..c5156a854
--- /dev/null
+++ b/Tests/CodexBarTests/KiloSettingsStoreTests.swift
@@ -0,0 +1,57 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@MainActor
+struct KiloSettingsStoreTests {
+    private func makeSettings() throws -> SettingsStore {
+        let suite = "KiloSettingsStoreTests-\(UUID().uuidString)"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+    }
+
+    @Test
+    func `defaults to empty known organizations and empty enabled ids`() throws {
+        let settings = try self.makeSettings()
+        #expect(settings.kiloKnownOrganizations.isEmpty)
+        #expect(settings.kiloEnabledOrganizationIDs.isEmpty)
+    }
+
+    @Test
+    func `setting known organizations persists them`() throws {
+        let settings = try self.makeSettings()
+        let orgs = [
+            KiloOrganization(id: "org_1", name: "Alpha", role: "owner"),
+            KiloOrganization(id: "org_2", name: "Beta", role: "member"),
+        ]
+        settings.kiloKnownOrganizations = orgs
+        #expect(settings.kiloKnownOrganizations == orgs)
+    }
+
+    @Test
+    func `setting enabled org ids persists them`() throws {
+        let settings = try self.makeSettings()
+        settings.kiloEnabledOrganizationIDs = ["org_1", "org_2"]
+        #expect(settings.kiloEnabledOrganizationIDs == ["org_1", "org_2"])
+    }
+
+    @Test
+    func `setKiloKnownOrganizations prunes stale enabled ids`() throws {
+        let settings = try self.makeSettings()
+        settings.kiloKnownOrganizations = [
+            KiloOrganization(id: "org_1", name: "Alpha", role: nil),
+            KiloOrganization(id: "org_2", name: "Beta", role: nil),
+        ]
+        settings.kiloEnabledOrganizationIDs = ["org_1", "org_2"]
+        settings.setKiloKnownOrganizationsPruningEnabled(
+            [KiloOrganization(id: "org_2", name: "Beta", role: nil)])
+        #expect(settings.kiloKnownOrganizations.map(\.id) == ["org_2"])
+        #expect(settings.kiloEnabledOrganizationIDs == ["org_2"])
+    }
+}
diff --git a/Tests/CodexBarTests/KiloUsageFetcherTests.swift b/Tests/CodexBarTests/KiloUsageFetcherTests.swift
index b61f5e0a1..bd2828c50 100644
--- a/Tests/CodexBarTests/KiloUsageFetcherTests.swift
+++ b/Tests/CodexBarTests/KiloUsageFetcherTests.swift
@@ -2,7 +2,6 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct KiloUsageFetcherTests {
     private struct StubClaudeFetcher: ClaudeUsageFetching {
         func loadLatestUsage(model _: String) async throws -> ClaudeUsageSnapshot {
@@ -38,7 +37,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func batchURLUsesAuthenticatedTRPCBatchFormat() throws {
+    func `batch URL uses authenticated TRPC batch format`() throws {
         let baseURL = try #require(URL(string: "https://kilo.example/trpc"))
         let url = try KiloUsageFetcher._buildBatchURLForTesting(baseURL: baseURL)
 
@@ -65,7 +64,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func parseSnapshotMapsBusinessFieldsAndIdentity() throws {
+    func `parse snapshot maps business fields and identity`() throws {
         let json = """
         [
           {
@@ -117,7 +116,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func parseSnapshotMapsKiloPassWindowFromSubscriptionState() throws {
+    func `parse snapshot maps kilo pass window from subscription state`() throws {
         let json = """
         [
           {
@@ -174,7 +173,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func parseSnapshotMapsKnownTierNamesAndDefaultsToKiloPass() throws {
+    func `parse snapshot maps known tier names and defaults to kilo pass`() throws {
         let proTierJSON = """
         [
           { "result": { "data": { "creditBlocks": [], "totalBalance_mUsd": 0, "autoTopUpEnabled": false } } },
@@ -200,7 +199,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func parseSnapshotUsesAutoTopUpAmountWhenEnabledWithoutPaymentMethod() throws {
+    func `parse snapshot uses auto top up amount when enabled without payment method`() throws {
         let json = """
         [
           { "result": { "data": { "creditBlocks": [], "totalBalance_mUsd": 0, "autoTopUpEnabled": true } } },
@@ -214,7 +213,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func parseSnapshotFallbackPassFieldsUseMicroDollarScale() throws {
+    func `parse snapshot fallback pass fields use micro dollar scale`() throws {
         let json = """
         [
           {
@@ -264,7 +263,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func parseSnapshotTreatsEmptyAndNullBusinessFieldsAsNoDataSuccess() throws {
+    func `parse snapshot treats empty and null business fields as no data success`() throws {
         let json = """
         [
           {
@@ -309,7 +308,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func parseSnapshotKeepsSparseIndexedObjectRoutingByProcedureIndex() throws {
+    func `parse snapshot keeps sparse indexed object routing by procedure index`() throws {
         let json = """
         {
           "0": {
@@ -344,7 +343,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func parseSnapshotUsesTopLevelCreditsUsedFallback() throws {
+    func `parse snapshot uses top level credits used fallback`() throws {
         let json = """
         [
           {
@@ -368,7 +367,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func parseSnapshotKeepsZeroTotalVisibleWhenActivityExists() throws {
+    func `parse snapshot keeps zero total visible when activity exists`() throws {
         let json = """
         [
           {
@@ -413,7 +412,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func parseSnapshotTreatsZeroBalanceWithoutCreditBlocksAsVisibleZeroTotal() throws {
+    func `parse snapshot treats zero balance without credit blocks as visible zero total`() throws {
         let json = """
         [
           {
@@ -455,7 +454,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func parseSnapshotDegradesOptionalAutoTopUpTRPCError() throws {
+    func `parse snapshot degrades optional auto top up TRPC error`() throws {
         let json = """
         [
           {
@@ -498,7 +497,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func parseSnapshotKeepsRequiredProcedureTRPCErrorFatal() {
+    func `parse snapshot keeps required procedure TRPC error fatal`() {
         let json = """
         [
           {
@@ -534,7 +533,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func parseSnapshotMapsUnauthorizedTRPCError() {
+    func `parse snapshot maps unauthorized TRPC error`() {
         let json = """
         [
           {
@@ -560,7 +559,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func parseSnapshotMapsInvalidJSONToParseError() {
+    func `parse snapshot maps invalid JSON to parse error`() {
         #expect {
             _ = try KiloUsageFetcher._parseSnapshotForTesting(Data("not-json".utf8))
         } throws: { error in
@@ -571,7 +570,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func statusErrorMappingCoversAuthAndServerFailures() {
+    func `status error mapping covers auth and server failures`() {
         #expect(KiloUsageFetcher._statusErrorForTesting(401) == .unauthorized)
         #expect(KiloUsageFetcher._statusErrorForTesting(403) == .unauthorized)
         #expect(KiloUsageFetcher._statusErrorForTesting(404) == .endpointNotFound)
@@ -588,14 +587,14 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func fetchUsageWithoutCredentialsFailsFast() async {
+    func `fetch usage without credentials fails fast`() async {
         await #expect(throws: KiloUsageError.missingCredentials) {
             _ = try await KiloUsageFetcher.fetchUsage(apiKey: "  ", environment: [:])
         }
     }
 
     @Test
-    func descriptorFetchOutcomeWithoutCredentialsReturnsActionableError() async {
+    func `descriptor fetch outcome without credentials returns actionable error`() async {
         let descriptor = ProviderDescriptorRegistry.descriptor(for: .kilo)
         let outcome = await descriptor.fetchOutcome(context: self.makeContext())
 
@@ -612,7 +611,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func descriptorAPIModeIgnoresCLISessionFallback() async throws {
+    func `descriptor API mode ignores CLI session fallback`() async throws {
         let homeDirectory = try self.makeTemporaryHomeDirectory()
         defer { try? FileManager.default.removeItem(at: homeDirectory) }
         try self.writeKiloAuthFile(
@@ -636,7 +635,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func descriptorCLIModeMissingSessionReturnsActionableError() async throws {
+    func `descriptor CLI mode missing session returns actionable error`() async throws {
         let homeDirectory = try self.makeTemporaryHomeDirectory()
         defer { try? FileManager.default.removeItem(at: homeDirectory) }
         let expectedPath = KiloSettingsReader.defaultAuthFileURL(homeDirectory: homeDirectory).path
@@ -658,7 +657,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func descriptorAutoModeFallsBackFromAPIToCLI() async throws {
+    func `descriptor auto mode falls back from API to CLI`() async throws {
         let homeDirectory = try self.makeTemporaryHomeDirectory()
         defer { try? FileManager.default.removeItem(at: homeDirectory) }
         let expectedPath = KiloSettingsReader.defaultAuthFileURL(homeDirectory: homeDirectory).path
@@ -680,7 +679,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func apiStrategyFallsBackOnUnauthorizedOnlyInAutoMode() {
+    func `api strategy falls back on unauthorized only in auto mode`() {
         let strategy = KiloAPIFetchStrategy()
         #expect(strategy.shouldFallback(
             on: KiloUsageError.unauthorized,
@@ -691,7 +690,7 @@ struct KiloUsageFetcherTests {
     }
 
     @Test
-    func apiStrategyFallsBackOnMissingCredentialsOnlyInAutoMode() {
+    func `api strategy falls back on missing credentials only in auto mode`() {
         let strategy = KiloAPIFetchStrategy()
         #expect(strategy.shouldFallback(
             on: KiloUsageError.missingCredentials,
@@ -701,6 +700,78 @@ struct KiloUsageFetcherTests {
             context: self.makeContext(sourceMode: .api)))
     }
 
+    @Test
+    func `request builder adds org header for organization scope`() throws {
+        let baseURL = try #require(URL(string: "https://kilo.example/trpc"))
+        let request = try KiloUsageFetcher._buildRequestForTesting(
+            baseURL: baseURL,
+            apiKey: "test-token",
+            scope: .organization(id: "org_42", name: "Acme"))
+        #expect(request.value(forHTTPHeaderField: "X-KILOCODE-ORGANIZATIONID") == "org_42")
+        #expect(request.value(forHTTPHeaderField: "Authorization") == "Bearer test-token")
+    }
+
+    @Test
+    func `request builder omits org header for personal scope`() throws {
+        let baseURL = try #require(URL(string: "https://kilo.example/trpc"))
+        let request = try KiloUsageFetcher._buildRequestForTesting(
+            baseURL: baseURL,
+            apiKey: "test-token",
+            scope: .personal)
+        #expect(request.value(forHTTPHeaderField: "X-KILOCODE-ORGANIZATIONID") == nil)
+        #expect(request.value(forHTTPHeaderField: "Authorization") == "Bearer test-token")
+    }
+
+    @Test
+    func `parseOrganizations decodes tRPC array shape`() throws {
+        let json = #"""
+        [
+          {
+            "result": {
+              "data": {
+                "json": [
+                  { "id": "org_1", "name": "Alpha", "role": "owner" },
+                  { "id": "org_2", "name": "Beta", "role": "member" }
+                ]
+              }
+            }
+          }
+        ]
+        """#
+        let orgs = try KiloUsageFetcher._parseOrganizationsForTesting(Data(json.utf8))
+        #expect(orgs.count == 2)
+        #expect(orgs[0].id == "org_1")
+        #expect(orgs[0].name == "Alpha")
+        #expect(orgs[0].role == "owner")
+        #expect(orgs[1].id == "org_2")
+        #expect(orgs[1].role == "member")
+    }
+
+    @Test
+    func `parseOrganizations decodes profile REST shape`() throws {
+        let json = #"""
+        {
+          "user": { "email": "test@example.com" },
+          "organizations": [
+            { "id": "org_42", "name": "Gamma" }
+          ]
+        }
+        """#
+        let orgs = try KiloUsageFetcher._parseOrganizationsForTesting(Data(json.utf8))
+        #expect(orgs.count == 1)
+        #expect(orgs[0].id == "org_42")
+        #expect(orgs[0].role == nil)
+    }
+
+    @Test
+    func `parseOrganizations returns empty for no orgs`() throws {
+        let json = #"""
+        { "user": { "email": "x@y" }, "organizations": [] }
+        """#
+        let orgs = try KiloUsageFetcher._parseOrganizationsForTesting(Data(json.utf8))
+        #expect(orgs.isEmpty)
+    }
+
     private func makeTemporaryHomeDirectory() throws -> URL {
         let directory = FileManager.default.temporaryDirectory
             .appendingPathComponent(UUID().uuidString, isDirectory: true)
diff --git a/Tests/CodexBarTests/KimiK2SettingsReaderTests.swift b/Tests/CodexBarTests/KimiK2SettingsReaderTests.swift
index d291a921f..32d311704 100644
--- a/Tests/CodexBarTests/KimiK2SettingsReaderTests.swift
+++ b/Tests/CodexBarTests/KimiK2SettingsReaderTests.swift
@@ -1,25 +1,23 @@
 import CodexBarCore
 import Testing
 
-@Suite
 struct KimiK2SettingsReaderTests {
     @Test
-    func apiKeyIsTrimmed() {
+    func `api key is trimmed`() {
         let env = ["KIMI_API_KEY": "  key-123  "]
         #expect(KimiK2SettingsReader.apiKey(environment: env) == "key-123")
     }
 
     @Test
-    func apiKeyStripsQuotes() {
+    func `api key strips quotes`() {
         let env = ["KIMI_KEY": "\"quoted-456\""]
         #expect(KimiK2SettingsReader.apiKey(environment: env) == "quoted-456")
     }
 }
 
-@Suite
 struct KimiK2ProviderTokenResolverTests {
     @Test
-    func resolvesFromEnvironment() {
+    func `resolves from environment`() {
         let env = ["KIMI_API_KEY": "env-token"]
         let resolution = ProviderTokenResolver.kimiK2Resolution(environment: env)
         #expect(resolution?.token == "env-token")
diff --git a/Tests/CodexBarTests/KimiK2UsageFetcherTests.swift b/Tests/CodexBarTests/KimiK2UsageFetcherTests.swift
index 0fdb74f42..9b549bfbf 100644
--- a/Tests/CodexBarTests/KimiK2UsageFetcherTests.swift
+++ b/Tests/CodexBarTests/KimiK2UsageFetcherTests.swift
@@ -2,10 +2,9 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct KimiK2UsageFetcherTests {
     @Test
-    func parsesUsageFromNestedUsage() throws {
+    func `parses usage from nested usage`() throws {
         let json = """
         {
           "data": {
@@ -29,7 +28,7 @@ struct KimiK2UsageFetcherTests {
     }
 
     @Test
-    func usesHeaderFallbackForRemainingCredits() throws {
+    func `uses header fallback for remaining credits`() throws {
         let json = """
         { "total_credits_consumed": 50 }
         """
@@ -42,7 +41,7 @@ struct KimiK2UsageFetcherTests {
     }
 
     @Test
-    func parsesNumericTimestampSeconds() throws {
+    func `parses numeric timestamp seconds`() throws {
         let json = """
         {
           "timestamp": 1700000000,
@@ -58,7 +57,7 @@ struct KimiK2UsageFetcherTests {
     }
 
     @Test
-    func parsesNumericTimestampMilliseconds() throws {
+    func `parses numeric timestamp milliseconds`() throws {
         let json = """
         {
           "timestamp": 1700000000000,
@@ -74,7 +73,7 @@ struct KimiK2UsageFetcherTests {
     }
 
     @Test
-    func invalidRootReturnsParseError() {
+    func `invalid root returns parse error`() {
         let json = """
         [{ "total": 1 }]
         """
@@ -86,4 +85,17 @@ struct KimiK2UsageFetcherTests {
             return message == "Root JSON is not an object."
         }
     }
+
+    @Test
+    func `converts api key credits into text only snapshot`() {
+        let usage = KimiK2UsageSummary(
+            consumed: 10,
+            remaining: 25,
+            averageTokens: nil,
+            updatedAt: Date()).toUsageSnapshot()
+
+        #expect(usage.primary == nil)
+        #expect(usage.identity?.providerID == .kimik2)
+        #expect(usage.identity?.loginMethod == "Credits: 25 left")
+    }
 }
diff --git a/Tests/CodexBarTests/KimiProviderTests.swift b/Tests/CodexBarTests/KimiProviderTests.swift
index c8e375a43..bcac5c943 100644
--- a/Tests/CodexBarTests/KimiProviderTests.swift
+++ b/Tests/CodexBarTests/KimiProviderTests.swift
@@ -2,48 +2,46 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct KimiSettingsReaderTests {
     @Test
-    func readsTokenFromEnvironmentVariable() {
+    func `reads token from environment variable`() {
         let env = ["KIMI_AUTH_TOKEN": "test.jwt.token"]
         let token = KimiSettingsReader.authToken(environment: env)
         #expect(token == "test.jwt.token")
     }
 
     @Test
-    func normalizesQuotedToken() {
+    func `normalizes quoted token`() {
         let env = ["KIMI_AUTH_TOKEN": "\"test.jwt.token\""]
         let token = KimiSettingsReader.authToken(environment: env)
         #expect(token == "test.jwt.token")
     }
 
     @Test
-    func returnsNilWhenMissing() {
+    func `returns nil when missing`() {
         let env: [String: String] = [:]
         let token = KimiSettingsReader.authToken(environment: env)
         #expect(token == nil)
     }
 
     @Test
-    func returnsNilWhenEmpty() {
+    func `returns nil when empty`() {
         let env = ["KIMI_AUTH_TOKEN": ""]
         let token = KimiSettingsReader.authToken(environment: env)
         #expect(token == nil)
     }
 
     @Test
-    func normalizesLowercaseEnvironmentKey() {
+    func `normalizes lowercase environment key`() {
         let env = ["kimi_auth_token": "test.jwt.token"]
         let token = KimiSettingsReader.authToken(environment: env)
         #expect(token == "test.jwt.token")
     }
 }
 
-@Suite
 struct KimiUsageResponseParsingTests {
     @Test
-    func parsesValidResponse() throws {
+    func `parses valid response`() throws {
         let json = """
         {
           "usages": [
@@ -92,7 +90,7 @@ struct KimiUsageResponseParsingTests {
     }
 
     @Test
-    func parsesResponseWithoutRateLimits() throws {
+    func `parses response without rate limits`() throws {
         let json = """
         {
           "usages": [
@@ -115,7 +113,7 @@ struct KimiUsageResponseParsingTests {
     }
 
     @Test
-    func parsesResponseWithNullLimits() throws {
+    func `parses response with null limits`() throws {
         let json = """
         {
           "usages": [
@@ -138,7 +136,7 @@ struct KimiUsageResponseParsingTests {
     }
 
     @Test
-    func throwsOnInvalidJson() {
+    func `throws on invalid json`() {
         let invalidJson = "{ invalid json }"
 
         #expect(throws: DecodingError.self) {
@@ -147,7 +145,7 @@ struct KimiUsageResponseParsingTests {
     }
 
     @Test
-    func throwsOnMissingFeatureCodingScope() throws {
+    func `throws on missing feature coding scope`() throws {
         let json = """
         {
           "usages": [
@@ -170,10 +168,9 @@ struct KimiUsageResponseParsingTests {
     }
 }
 
-@Suite
 struct KimiUsageSnapshotConversionTests {
     @Test
-    func convertsToUsageSnapshotWithBothWindows() {
+    func `converts to usage snapshot with both windows`() {
         let now = Date()
         let weeklyDetail = KimiUsageDetail(
             limit: "2048",
@@ -210,7 +207,7 @@ struct KimiUsageSnapshotConversionTests {
     }
 
     @Test
-    func convertsToUsageSnapshotWithoutRateLimit() {
+    func `converts to usage snapshot without rate limit`() {
         let now = Date()
         let weeklyDetail = KimiUsageDetail(
             limit: "2048",
@@ -233,7 +230,7 @@ struct KimiUsageSnapshotConversionTests {
     }
 
     @Test
-    func handlesZeroValuesCorrectly() {
+    func `handles zero values correctly`() {
         let now = Date()
         let weeklyDetail = KimiUsageDetail(
             limit: "2048",
@@ -251,7 +248,7 @@ struct KimiUsageSnapshotConversionTests {
     }
 
     @Test
-    func handlesHundredPercentCorrectly() {
+    func `handles hundred percent correctly`() {
         let now = Date()
         let weeklyDetail = KimiUsageDetail(
             limit: "2048",
@@ -269,10 +266,9 @@ struct KimiUsageSnapshotConversionTests {
     }
 }
 
-@Suite
 struct KimiTokenResolverTests {
     @Test
-    func resolvesTokenFromEnvironment() {
+    func `resolves token from environment`() {
         KeychainAccessGate.withTaskOverrideForTesting(true) {
             let env = ["KIMI_AUTH_TOKEN": "test.jwt.token"]
             let token = ProviderTokenResolver.kimiAuthToken(environment: env)
@@ -281,7 +277,7 @@ struct KimiTokenResolverTests {
     }
 
     @Test
-    func resolvesTokenFromKeychainFirst() {
+    func `resolves token from keychain first`() {
         // This test would require mocking the keychain.
         KeychainAccessGate.withTaskOverrideForTesting(true) {
             let env = ["KIMI_AUTH_TOKEN": "test.env.token"]
@@ -291,7 +287,7 @@ struct KimiTokenResolverTests {
     }
 
     @Test
-    func resolutionIncludesSource() {
+    func `resolution includes source`() {
         KeychainAccessGate.withTaskOverrideForTesting(true) {
             let env = ["KIMI_AUTH_TOKEN": "test.jwt.token"]
             let resolution = ProviderTokenResolver.kimiAuthResolution(environment: env)
@@ -302,10 +298,9 @@ struct KimiTokenResolverTests {
     }
 }
 
-@Suite
 struct KimiAPIErrorTests {
     @Test
-    func errorDescriptionsAreHelpful() {
+    func `error descriptions are helpful`() {
         #expect(KimiAPIError.missingToken.errorDescription?.contains("missing") == true)
         #expect(KimiAPIError.invalidToken.errorDescription?.contains("invalid") == true)
         #expect(KimiAPIError.invalidRequest("Bad request").errorDescription?.contains("Bad request") == true)
diff --git a/Tests/CodexBarTests/KiroMenuCardModelTests.swift b/Tests/CodexBarTests/KiroMenuCardModelTests.swift
new file mode 100644
index 000000000..af7a2885a
--- /dev/null
+++ b/Tests/CodexBarTests/KiroMenuCardModelTests.swift
@@ -0,0 +1,108 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct KiroMenuCardModelTests {
+    @Test
+    func `kiro model shows account plan credits bonus and overages`() throws {
+        let now = Date()
+        let snapshot = KiroUsageSnapshot(
+            planName: "KIRO FREE",
+            accountEmail: "person@example.com",
+            authMethod: "Google",
+            creditsUsed: 0.17,
+            creditsTotal: 50,
+            creditsPercent: 0,
+            bonusCreditsUsed: 45.53,
+            bonusCreditsTotal: 2000,
+            bonusExpiryDays: 19,
+            overagesStatus: "Enabled billed at $0.04 per request",
+            overageCreditsUsed: 40.29,
+            estimatedOverageCostUSD: 1.61,
+            manageURL: "https://app.kiro.dev/account/usage",
+            contextUsage: KiroContextUsageSnapshot(
+                totalPercentUsed: 1.3,
+                contextFilesPercent: 0.5,
+                toolsPercent: 0.8,
+                kiroResponsesPercent: 0,
+                promptsPercent: 0),
+            resetsAt: now.addingTimeInterval(3600),
+            updatedAt: now).toUsageSnapshot()
+        let metadata = try #require(ProviderDefaults.metadata[.kiro])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .kiro,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.email == "person@example.com")
+        #expect(model.planText == "Kiro Free")
+        #expect(model.metrics.map(\.title) == ["Credits", "Bonus"])
+        #expect(model.metrics.first?.detailLeftText == "49.83 of 50 credits left")
+        #expect(model.metrics.dropFirst().first?.detailLeftText == "1954.47 of 2000 bonus credits left")
+        #expect(model.usageNotes.contains("Auth: Google"))
+        #expect(model.usageNotes.contains("Overages: Enabled billed at $0.04 per request"))
+        #expect(model.usageNotes.contains("Overage usage: 40.29 credits"))
+        #expect(model.usageNotes.contains("Overage cost: $1.61"))
+        #expect(model.usageNotes.contains { $0.localizedCaseInsensitiveContains("Context window") } == false)
+    }
+
+    @Test
+    func `kiro model hides overage spend when overages are disabled`() throws {
+        let now = Date()
+        let snapshot = KiroUsageSnapshot(
+            planName: "KIRO FREE",
+            creditsUsed: 0.17,
+            creditsTotal: 50,
+            creditsPercent: 0,
+            bonusCreditsUsed: nil,
+            bonusCreditsTotal: nil,
+            bonusExpiryDays: nil,
+            overagesStatus: "Disabled",
+            overageCreditsUsed: 40.29,
+            estimatedOverageCostUSD: 1.61,
+            resetsAt: nil,
+            updatedAt: now).toUsageSnapshot()
+        let metadata = try #require(ProviderDefaults.metadata[.kiro])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .kiro,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.usageNotes.contains("Overages: Disabled"))
+        #expect(model.usageNotes.contains("Overage usage: 40.29 credits") == false)
+        #expect(model.usageNotes.contains("Overage cost: $1.61") == false)
+    }
+}
diff --git a/Tests/CodexBarTests/KiroStatusProbeTests.swift b/Tests/CodexBarTests/KiroStatusProbeTests.swift
index e1b35be14..f56ab0b39 100644
--- a/Tests/CodexBarTests/KiroStatusProbeTests.swift
+++ b/Tests/CodexBarTests/KiroStatusProbeTests.swift
@@ -2,12 +2,11 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct KiroStatusProbeTests {
     // MARK: - Happy Path Parsing
 
     @Test
-    func parsesBasicUsageOutput() throws {
+    func `parses basic usage output`() throws {
         let output = """
         | KIRO FREE                                          |
         ████████████████████████████████████████████████████ 25%
@@ -18,6 +17,7 @@ struct KiroStatusProbeTests {
         let snapshot = try probe.parse(output: output)
 
         #expect(snapshot.planName == "KIRO FREE")
+        #expect(snapshot.displayPlanName == "Kiro Free")
         #expect(snapshot.creditsPercent == 25)
         #expect(snapshot.creditsUsed == 12.50)
         #expect(snapshot.creditsTotal == 50)
@@ -28,7 +28,7 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func parsesOutputWithBonusCredits() throws {
+    func `parses output with bonus credits`() throws {
         let output = """
         | KIRO PRO                                           |
         ████████████████████████████████████████████████████ 80%
@@ -40,6 +40,7 @@ struct KiroStatusProbeTests {
         let snapshot = try probe.parse(output: output)
 
         #expect(snapshot.planName == "KIRO PRO")
+        #expect(snapshot.displayPlanName == "Kiro Pro")
         #expect(snapshot.creditsPercent == 80)
         #expect(snapshot.creditsUsed == 40.00)
         #expect(snapshot.creditsTotal == 50)
@@ -49,7 +50,7 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func parsesOutputWithoutPercentFallbacksToCreditsRatio() throws {
+    func `parses output without percent fallbacks to credits ratio`() throws {
         let output = """
         | KIRO FREE                                          |
         (12.50 of 50 covered in plan), resets on 01/15
@@ -62,7 +63,7 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func parsesBonusCreditsWithoutExpiry() throws {
+    func `parses bonus credits without expiry`() throws {
         let output = """
         | KIRO FREE                                          |
         ████████████████████████████████████████████████████ 60%
@@ -79,7 +80,7 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func parsesOutputWithANSICodes() throws {
+    func `parses output with ANSI codes`() throws {
         let output = """
         \u{001B}[32m| KIRO FREE                                          |\u{001B}[0m
         \u{001B}[38;5;11m████████████████████████████████████████████████████\u{001B}[0m 50%
@@ -96,7 +97,7 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func parsesOutputWithSingleDay() throws {
+    func `parses output with single day`() throws {
         let output = """
         | KIRO FREE                                          |
         ████████████████████████████████████████████████████ 10%
@@ -111,7 +112,7 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func rejectsOutputMissingUsageMarkers() throws {
+    func `rejects output missing usage markers`() throws {
         let output = """
         | KIRO FREE                                          |
         """
@@ -125,7 +126,7 @@ struct KiroStatusProbeTests {
     // MARK: - New Format (kiro-cli 1.24+, Q Developer)
 
     @Test
-    func parsesQDeveloperManagedPlan() throws {
+    func `parses Q developer managed plan`() throws {
         let output = """
         Plan: Q Developer Pro
         Your plan is managed by admin
@@ -145,7 +146,7 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func parsesQDeveloperFreePlan() throws {
+    func `parses Q developer free plan`() throws {
         let output = """
         Plan: Q Developer Free
         Your plan is managed by admin
@@ -159,7 +160,7 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func parsesNewFormatWithANSICodes() throws {
+    func `parses new format with ANSI codes`() throws {
         let output = """
         \u{001B}[38;5;141mPlan: Q Developer Pro\u{001B}[0m
         Your plan is managed by admin
@@ -172,7 +173,7 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func rejectsHeaderOnlyNewFormatWithoutManagedMarker() {
+    func `rejects header only new format without managed marker`() {
         let output = """
         Plan: Q Developer Pro
         Tip: to see context window usage, run /context
@@ -185,7 +186,7 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func preservesParsedUsageForManagedPlanWithMetrics() throws {
+    func `preserves parsed usage for managed plan with metrics`() throws {
         let output = """
         Plan: Q Developer Enterprise
         Your plan is managed by admin
@@ -203,10 +204,94 @@ struct KiroStatusProbeTests {
         #expect(snapshot.resetsAt != nil)
     }
 
+    @Test
+    func `parses kiro cli two usage format`() throws {
+        let output = """
+        \u{001B}[1mEstimated Usage\u{001B}[0m | resets on 2026-06-01 | \u{001B}[mKIRO FREE\u{001B}[0m
+
+        🎁 Bonus credits: 45.53/2000 credits used, expires in 19 days
+
+        \u{001B}[1mCredits\u{001B}[0m (0.17 of 50 covered in plan)
+        ████████████████████████████████████████████████████████████████████████████████ 0%
+
+        Overages: \u{001B}[1mDisabled\u{001B}[0m
+
+        To manage your plan or configure overages navigate to https://app.kiro.dev/account/usage
+        """
+
+        let probe = KiroStatusProbe()
+        let snapshot = try probe.parse(
+            output: output,
+            accountEmail: "person@example.com",
+            authMethod: "Google")
+
+        #expect(snapshot.planName == "KIRO FREE")
+        #expect(snapshot.displayPlanName == "Kiro Free")
+        #expect(snapshot.accountEmail == "person@example.com")
+        #expect(snapshot.authMethod == "Google")
+        #expect(snapshot.creditsUsed == 0.17)
+        #expect(snapshot.creditsTotal == 50)
+        #expect(snapshot.creditsRemaining == 49.83)
+        #expect(snapshot.bonusCreditsUsed == 45.53)
+        #expect(snapshot.bonusCreditsTotal == 2000)
+        #expect(snapshot.bonusCreditsRemaining == 1954.47)
+        #expect(snapshot.bonusExpiryDays == 19)
+        #expect(snapshot.overagesStatus == "Disabled")
+        #expect(snapshot.manageURL == "https://app.kiro.dev/account/usage")
+        #expect(snapshot.resetsAt != nil)
+    }
+
+    @Test
+    func `parses kiro overage credits and estimated cost`() throws {
+        let output = """
+        Estimated Usage | resets on 2026-06-01 | KIRO PRO
+        Credits (1000.00 of 1000 covered in plan)
+        ████████████████████████████████████████████████████████████████████████████████ 100%
+
+        Overages: Enabled  billed at $0.04 per request
+        Credits used: 40.29
+        Est. cost: $1.61 USD
+
+        To manage your plan or configure overages navigate to https://app.kiro.dev/account/usage
+        """
+
+        let probe = KiroStatusProbe()
+        let snapshot = try probe.parse(output: output)
+
+        #expect(snapshot.planName == "KIRO PRO")
+        #expect(snapshot.creditsUsed == 1000)
+        #expect(snapshot.creditsTotal == 1000)
+        #expect(snapshot.overagesStatus == "Enabled  billed at $0.04 per request")
+        #expect(snapshot.overageCreditsUsed == 40.29)
+        #expect(snapshot.estimatedOverageCostUSD == 1.61)
+    }
+
+    @Test
+    func `parses context usage`() throws {
+        let output = """
+        Context window: 1.3% used (estimated)
+        ██████████████████████████████████████████████████████████████████████████████ 1.3%
+
+        █ Context files 0.5% (estimated)
+        █ Tools 0.8% (estimated)
+        █ Kiro responses 0.0% (estimated)
+        █ Your prompts 0.0% (estimated)
+        """
+
+        let probe = KiroStatusProbe()
+        let context = try #require(probe.parseContextUsage(output: output))
+
+        #expect(context.totalPercentUsed == 1.3)
+        #expect(context.contextFilesPercent == 0.5)
+        #expect(context.toolsPercent == 0.8)
+        #expect(context.kiroResponsesPercent == 0)
+        #expect(context.promptsPercent == 0)
+    }
+
     // MARK: - Snapshot Conversion
 
     @Test
-    func convertsSnapshotToUsageSnapshot() throws {
+    func `converts snapshot to usage snapshot`() throws {
         let now = Date()
         let resetDate = try #require(Calendar.current.date(byAdding: .day, value: 7, to: now))
 
@@ -226,12 +311,14 @@ struct KiroStatusProbeTests {
         #expect(usage.primary?.usedPercent == 25.0)
         #expect(usage.primary?.resetsAt == resetDate)
         #expect(usage.secondary?.usedPercent == 25.0) // 5/20 * 100
-        #expect(usage.loginMethod(for: .kiro) == "KIRO PRO")
-        #expect(usage.accountOrganization(for: .kiro) == "KIRO PRO")
+        #expect(usage.loginMethod(for: .kiro) == nil)
+        #expect(usage.accountOrganization(for: .kiro) == nil)
+        #expect(usage.kiroUsage?.displayPlanName == "Kiro Pro")
+        #expect(usage.kiroUsage?.creditsRemaining == 75)
     }
 
     @Test
-    func convertsSnapshotWithoutBonusCredits() {
+    func `converts snapshot without bonus credits`() {
         let snapshot = KiroUsageSnapshot(
             planName: "KIRO FREE",
             creditsUsed: 10.0,
@@ -252,7 +339,7 @@ struct KiroStatusProbeTests {
     // MARK: - Error Cases
 
     @Test
-    func emptyOutputThrowsParseError() {
+    func `empty output throws parse error`() {
         let probe = KiroStatusProbe()
 
         #expect(throws: KiroStatusProbeError.self) {
@@ -261,7 +348,7 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func warningOutputThrowsParseError() {
+    func `warning output throws parse error`() {
         let output = """
         \u{001B}[38;5;11m⚠️  Warning: Could not retrieve usage information from backend
         \u{001B}[38;5;8mError: dispatch failure (io error): an i/o error occurred
@@ -275,7 +362,7 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func unrecognizedFormatThrowsParseError() {
+    func `unrecognized format throws parse error`() {
         // Simulates a CLI format change where none of the expected patterns match
         let output = """
         Welcome to Kiro!
@@ -294,7 +381,7 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func loginPromptThrowsNotLoggedIn() {
+    func `login prompt throws not logged in`() {
         let output = """
         Failed to initialize auth portal.
         Please try again with: kiro-cli login --use-device-flow
@@ -314,7 +401,7 @@ struct KiroStatusProbeTests {
     // MARK: - WhoAmI Validation
 
     @Test
-    func whoamiNotLoggedInThrows() {
+    func `whoami not logged in throws`() {
         let probe = KiroStatusProbe()
 
         #expect {
@@ -326,7 +413,7 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func whoamiLoginRequiredThrows() {
+    func `whoami login required throws`() {
         let probe = KiroStatusProbe()
 
         #expect {
@@ -338,7 +425,7 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func whoamiEmptyOutputWithZeroStatusThrows() {
+    func `whoami empty output with zero status throws`() {
         let probe = KiroStatusProbe()
 
         #expect {
@@ -350,7 +437,7 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func whoamiNonZeroStatusWithMessageThrows() {
+    func `whoami non zero status with message throws`() {
         let probe = KiroStatusProbe()
 
         #expect {
@@ -362,12 +449,31 @@ struct KiroStatusProbeTests {
     }
 
     @Test
-    func whoamiSuccessDoesNotThrow() throws {
+    func `whoami success does not throw`() throws {
         let probe = KiroStatusProbe()
 
-        try probe.validateWhoAmIOutput(
+        let account = try probe.validateWhoAmIOutput(
+            stdout: """
+            Logged in with Google
+            Email: user@example.com
+            """,
+            stderr: "",
+            terminationStatus: 0)
+
+        #expect(account.authMethod == "Google")
+        #expect(account.email == "user@example.com")
+    }
+
+    @Test
+    func `whoami legacy bare email parses account`() throws {
+        let probe = KiroStatusProbe()
+
+        let account = try probe.validateWhoAmIOutput(
             stdout: "user@example.com",
             stderr: "",
             terminationStatus: 0)
+
+        #expect(account.authMethod == nil)
+        #expect(account.email == "user@example.com")
     }
 }
diff --git a/Tests/CodexBarTests/LLMProxyUsageFetcherTests.swift b/Tests/CodexBarTests/LLMProxyUsageFetcherTests.swift
new file mode 100644
index 000000000..3c61b3016
--- /dev/null
+++ b/Tests/CodexBarTests/LLMProxyUsageFetcherTests.swift
@@ -0,0 +1,120 @@
+import CodexBarCore
+import Foundation
+import Testing
+
+struct LLMProxyUsageFetcherTests {
+    @Test
+    func `parses quota stats summary`() throws {
+        let json = """
+        {
+          "providers": {
+            "openai": {
+              "credential_count": 3,
+              "active_count": 2,
+              "exhausted_count": 1,
+              "total_requests": 120,
+              "tokens": {
+                "input_cached": 1000,
+                "input_uncached": 2000,
+                "output": 3000
+              },
+              "approx_cost": 12.5,
+              "quota_groups": {
+                "default": {
+                  "remaining_percent": 42,
+                  "reset_time": "2026-05-18T12:00:00Z"
+                }
+              }
+            },
+            "anthropic": {
+              "credential_count": 1,
+              "active_count": 1,
+              "exhausted_count": 0,
+              "total_requests": 40,
+              "tokens": {
+                "input_cached": 0,
+                "input_uncached": 500,
+                "output": 500
+              },
+              "approx_cost": 3.0,
+              "quota_groups": [
+                { "remaining_percent": 80 }
+              ]
+            }
+          },
+          "summary": {
+            "total_requests": 160,
+            "total_tokens": 7000,
+            "approx_cost": 15.5
+          }
+        }
+        """
+
+        let parsed = try LLMProxyUsageFetcher._parseSnapshotForTesting(
+            Data(json.utf8),
+            updatedAt: Date(timeIntervalSince1970: 1))
+
+        #expect(parsed.providerCount == 2)
+        #expect(parsed.credentialCount == 4)
+        #expect(parsed.activeCredentialCount == 3)
+        #expect(parsed.exhaustedCredentialCount == 1)
+        #expect(parsed.totalRequests == 160)
+        #expect(parsed.totalTokens == 7000)
+        #expect(parsed.approximateCostUSD == 15.5)
+        #expect(parsed.minimumRemainingPercent == 42)
+
+        let snapshot = parsed.toUsageSnapshot()
+        #expect(snapshot.identity?.providerID == .llmproxy)
+        #expect(snapshot.primary?.usedPercent == 58)
+        #expect(snapshot.secondary?.resetDescription == "160 requests")
+        #expect(snapshot.tertiary?.resetDescription == "7,000 tokens")
+        #expect(snapshot.providerCost?.used == 15.5)
+    }
+
+    @Test
+    func `quota stats url accepts versioned or root base urls`() throws {
+        #expect(
+            try LLMProxyUsageFetcher
+                ._quotaStatsURLForTesting(baseURL: #require(URL(string: "https://proxy.example.com")))
+                .absoluteString == "https://proxy.example.com/v1/quota-stats")
+        #expect(
+            try LLMProxyUsageFetcher
+                ._quotaStatsURLForTesting(baseURL: #require(URL(string: "https://proxy.example.com/v1")))
+                .absoluteString == "https://proxy.example.com/v1/quota-stats")
+    }
+
+    @Test
+    func `parses fractional second quota reset times`() throws {
+        let json = """
+        {
+          "providers": {
+            "openai": {
+              "quota_groups": [
+                {
+                  "remaining_percent": 42,
+                  "reset_time": "2026-05-18T12:00:00.123Z"
+                }
+              ]
+            }
+          }
+        }
+        """
+
+        let parsed = try LLMProxyUsageFetcher._parseSnapshotForTesting(
+            Data(json.utf8),
+            updatedAt: Date(timeIntervalSince1970: 1))
+        let components = DateComponents(
+            calendar: Calendar(identifier: .gregorian),
+            timeZone: TimeZone(secondsFromGMT: 0),
+            year: 2026,
+            month: 5,
+            day: 18,
+            hour: 12,
+            minute: 0,
+            second: 0,
+            nanosecond: 123_000_000)
+        let expected = try #require(components.date)
+
+        #expect(try abs(#require(parsed.nextResetAt).timeIntervalSince(expected)) < 0.001)
+    }
+}
diff --git a/Tests/CodexBarTests/LiveAccountTests.swift b/Tests/CodexBarTests/LiveAccountTests.swift
index 762240032..a4d5e1189 100644
--- a/Tests/CodexBarTests/LiveAccountTests.swift
+++ b/Tests/CodexBarTests/LiveAccountTests.swift
@@ -3,10 +3,10 @@ import Foundation
 import Testing
 @testable import CodexBar
 
-@Suite("Live RPC account checks", .serialized)
+@Suite(.serialized)
 struct LiveAccountTests {
     @Test(.disabled("Set LIVE_TEST=1 to run live Codex account checks."))
-    func codexAccountEmailIsPresent() async throws {
+    func `codex account email is present`() async throws {
         guard ProcessInfo.processInfo.environment["LIVE_TEST"] == "1" else { return }
 
         let fetcher = UsageFetcher()
diff --git a/Tests/CodexBarTests/LoadingPatternTests.swift b/Tests/CodexBarTests/LoadingPatternTests.swift
index d476b02e9..535f2b741 100644
--- a/Tests/CodexBarTests/LoadingPatternTests.swift
+++ b/Tests/CodexBarTests/LoadingPatternTests.swift
@@ -2,10 +2,9 @@ import Foundation
 import Testing
 @testable import CodexBar
 
-@Suite
 struct LoadingPatternTests {
     @Test
-    func valuesStayWithinBounds() {
+    func `values stay within bounds`() {
         for pattern in LoadingPattern.allCases {
             for phase in stride(from: 0.0, through: Double.pi * 2, by: Double.pi / 6) {
                 let v = pattern.value(phase: phase)
@@ -15,7 +14,7 @@ struct LoadingPatternTests {
     }
 
     @Test
-    func knightRiderPingPongs() {
+    func `knight rider ping pongs`() {
         let pattern = LoadingPattern.knightRider
         let mid = pattern.value(phase: 0) // sin 0 = 0 => 50
         let min = pattern.value(phase: -Double.pi / 2) // sin -pi/2 = -1 => 0
@@ -26,7 +25,7 @@ struct LoadingPatternTests {
     }
 
     @Test
-    func secondaryOffsetDiffers() {
+    func `secondary offset differs`() {
         let pattern = LoadingPattern.cylon
         let primary = pattern.value(phase: 0)
         let secondary = pattern.value(phase: pattern.secondaryOffset)
diff --git a/Tests/CodexBarTests/LocalizationBundleTests.swift b/Tests/CodexBarTests/LocalizationBundleTests.swift
new file mode 100644
index 000000000..1bf64988e
--- /dev/null
+++ b/Tests/CodexBarTests/LocalizationBundleTests.swift
@@ -0,0 +1,125 @@
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct LocalizationBundleTests {
+    @Test
+    func `packaged app resolves localization bundle from resources`() throws {
+        let fixture = try Self.makeAppBundleFixture(includeLocalizationBundle: true)
+        defer { try? FileManager.default.removeItem(at: fixture.root) }
+
+        let bundle = codexBarLocalizationResourceBundle(mainBundle: fixture.appBundle)
+
+        #expect(bundle.bundleURL.lastPathComponent == "CodexBar_CodexBar.bundle")
+        #expect(bundle.path(forResource: "en", ofType: "lproj") != nil)
+    }
+
+    @Test
+    func `packaged app falls back to main bundle without touching SwiftPM module`() throws {
+        let fixture = try Self.makeAppBundleFixture(includeLocalizationBundle: false)
+        defer { try? FileManager.default.removeItem(at: fixture.root) }
+
+        let bundle = codexBarLocalizationResourceBundle(mainBundle: fixture.appBundle)
+
+        #expect(bundle.bundleURL == fixture.appBundle.bundleURL)
+    }
+
+    @Test
+    func `packaged app resolves raw copied localization resources from main bundle`() throws {
+        let fixture = try Self.makeAppBundleFixture(
+            includeLocalizationBundle: false,
+            includeMainLocalization: true)
+        defer { try? FileManager.default.removeItem(at: fixture.root) }
+
+        let bundle = codexBarLocalizationResourceBundle(mainBundle: fixture.appBundle)
+
+        #expect(bundle.bundleURL == fixture.appBundle.bundleURL)
+        #expect(bundle.path(forResource: "en", ofType: "lproj") != nil)
+    }
+
+    @Test
+    func `empty localized values fall back to English`() throws {
+        let fixture = try Self.makeAppBundleFixture(
+            includeLocalizationBundle: true,
+            includeEmptyChineseLocalization: true)
+        defer { try? FileManager.default.removeItem(at: fixture.root) }
+
+        let resourceBundle = codexBarLocalizationResourceBundle(mainBundle: fixture.appBundle)
+        let zhPath = try #require(resourceBundle.path(forResource: "zh-Hans", ofType: "lproj"))
+        let zhBundle = try #require(Bundle(path: zhPath))
+
+        #expect(codexBarLocalizedString("Settings", bundle: zhBundle, resourceBundle: resourceBundle) == "Settings")
+        #expect(codexBarLocalizedString("Missing", bundle: zhBundle, resourceBundle: resourceBundle) == "Missing")
+    }
+
+    @Test
+    func `managed Codex login failure includes CLI recovery guidance`() {
+        let message = L("managed_login_failed")
+
+        #expect(message.contains("codex --version"))
+        #expect(message.contains("@openai/codex@latest"))
+    }
+
+    private static func makeAppBundleFixture(
+        includeLocalizationBundle: Bool,
+        includeMainLocalization: Bool = false,
+        includeEmptyChineseLocalization: Bool = false) throws -> (root: URL, appBundle: Bundle)
+    {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(
+            "codexbar-localization-\(UUID().uuidString)",
+            isDirectory: true)
+        let appURL = root.appendingPathComponent("CodexBar.app", isDirectory: true)
+        let contentsURL = appURL.appendingPathComponent("Contents", isDirectory: true)
+        let resourcesURL = contentsURL.appendingPathComponent("Resources", isDirectory: true)
+        try FileManager.default.createDirectory(at: resourcesURL, withIntermediateDirectories: true)
+
+        let info = """
+        <?xml version="1.0" encoding="UTF-8"?>
+        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+        <plist version="1.0">
+        <dict>
+            <key>CFBundleExecutable</key><string>CodexBar</string>
+            <key>CFBundleIdentifier</key><string>com.steipete.codexbar.tests</string>
+            <key>CFBundleName</key><string>CodexBar</string>
+            <key>CFBundlePackageType</key><string>APPL</string>
+        </dict>
+        </plist>
+        """
+        try info.write(
+            to: contentsURL.appendingPathComponent("Info.plist"),
+            atomically: true,
+            encoding: .utf8)
+
+        if includeMainLocalization {
+            try Self.writeEnglishLocalization(to: resourcesURL.appendingPathComponent("en.lproj", isDirectory: true))
+        }
+
+        if includeLocalizationBundle {
+            let bundleURL = resourcesURL.appendingPathComponent("CodexBar_CodexBar.bundle", isDirectory: true)
+            try Self.writeEnglishLocalization(to: bundleURL.appendingPathComponent("en.lproj", isDirectory: true))
+            if includeEmptyChineseLocalization {
+                try Self.writeEmptyChineseLocalization(
+                    to: bundleURL.appendingPathComponent("zh-Hans.lproj", isDirectory: true))
+            }
+        }
+
+        let appBundle = try #require(Bundle(url: appURL))
+        return (root, appBundle)
+    }
+
+    private static func writeEnglishLocalization(to lprojURL: URL) throws {
+        try FileManager.default.createDirectory(at: lprojURL, withIntermediateDirectories: true)
+        try "\"Settings\" = \"Settings\";\n".write(
+            to: lprojURL.appendingPathComponent("Localizable.strings"),
+            atomically: true,
+            encoding: .utf8)
+    }
+
+    private static func writeEmptyChineseLocalization(to lprojURL: URL) throws {
+        try FileManager.default.createDirectory(at: lprojURL, withIntermediateDirectories: true)
+        try "\"Settings\" = \"\";\n".write(
+            to: lprojURL.appendingPathComponent("Localizable.strings"),
+            atomically: true,
+            encoding: .utf8)
+    }
+}
diff --git a/Tests/CodexBarTests/LoginNotificationLogicTests.swift b/Tests/CodexBarTests/LoginNotificationLogicTests.swift
new file mode 100644
index 000000000..68f4ab911
--- /dev/null
+++ b/Tests/CodexBarTests/LoginNotificationLogicTests.swift
@@ -0,0 +1,19 @@
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+struct LoginNotificationLogicTests {
+    @Test
+    func `login success notification copy follows Traditional Chinese app language`() {
+        Self.withAppLanguage("zh-Hant") {
+            let copy = LoginNotificationLogic.notificationCopy(providerName: "Codex")
+
+            #expect(copy.title == "Codex 登入成功")
+            #expect(copy.body == "你可以回到 App；認證已完成。")
+        }
+    }
+
+    private static func withAppLanguage(_ language: String, perform body: () -> Void) {
+        CodexBarLocalizationOverride.$appLanguage.withValue(language, operation: body)
+    }
+}
diff --git a/Tests/CodexBarTests/ManagedCodexAccountCoordinatorTests.swift b/Tests/CodexBarTests/ManagedCodexAccountCoordinatorTests.swift
new file mode 100644
index 000000000..5841ace2e
--- /dev/null
+++ b/Tests/CodexBarTests/ManagedCodexAccountCoordinatorTests.swift
@@ -0,0 +1,121 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+@MainActor
+struct ManagedCodexAccountCoordinatorTests {
+    @Test
+    func `coordinator exposes in flight state and rejects overlapping managed authentication`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let existingAccountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let runner = BlockingManagedCodexLoginRunner()
+        let service = ManagedCodexAccountService(
+            store: InMemoryManagedCodexAccountStoreForCoordinatorTests(
+                accounts: ManagedCodexAccountSet(version: 1, accounts: [])),
+            homeFactory: CoordinatorTestManagedCodexHomeFactory(root: root),
+            loginRunner: runner,
+            identityReader: CoordinatorStubManagedCodexIdentityReader(email: "user@example.com"))
+        let coordinator = ManagedCodexAccountCoordinator(service: service)
+
+        let authTask = Task { try await coordinator.authenticateManagedAccount(existingAccountID: existingAccountID) }
+        await runner.waitUntilStarted()
+
+        #expect(coordinator.isAuthenticatingManagedAccount)
+        #expect(coordinator.authenticatingManagedAccountID == existingAccountID)
+
+        await #expect(throws: ManagedCodexAccountCoordinatorError.authenticationInProgress) {
+            try await coordinator.authenticateManagedAccount()
+        }
+
+        await runner.resume()
+        let account = try await authTask.value
+
+        #expect(account.email == "user@example.com")
+        #expect(coordinator.isAuthenticatingManagedAccount == false)
+        #expect(coordinator.authenticatingManagedAccountID == nil)
+    }
+}
+
+private actor BlockingManagedCodexLoginRunner: ManagedCodexLoginRunning {
+    private var waiters: [CheckedContinuation<CodexLoginRunner.Result, Never>] = []
+    private var startedWaiters: [CheckedContinuation<Void, Never>] = []
+    private var didStart = false
+
+    func run(homePath _: String, timeout _: TimeInterval) async -> CodexLoginRunner.Result {
+        self.didStart = true
+        self.startedWaiters.forEach { $0.resume() }
+        self.startedWaiters.removeAll()
+        return await withCheckedContinuation { continuation in
+            self.waiters.append(continuation)
+        }
+    }
+
+    func waitUntilStarted() async {
+        if self.didStart { return }
+        await withCheckedContinuation { continuation in
+            self.startedWaiters.append(continuation)
+        }
+    }
+
+    func resume() {
+        let result = CodexLoginRunner.Result(outcome: .success, output: "ok")
+        self.waiters.forEach { $0.resume(returning: result) }
+        self.waiters.removeAll()
+    }
+}
+
+private final class InMemoryManagedCodexAccountStoreForCoordinatorTests: ManagedCodexAccountStoring,
+@unchecked Sendable {
+    var snapshot: ManagedCodexAccountSet
+
+    init(accounts: ManagedCodexAccountSet) {
+        self.snapshot = accounts
+    }
+
+    func loadAccounts() throws -> ManagedCodexAccountSet {
+        self.snapshot
+    }
+
+    func storeAccounts(_ accounts: ManagedCodexAccountSet) throws {
+        self.snapshot = accounts
+    }
+
+    func ensureFileExists() throws -> URL {
+        FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+    }
+}
+
+private final class CoordinatorTestManagedCodexHomeFactory: ManagedCodexHomeProducing, @unchecked Sendable {
+    let root: URL
+
+    init(root: URL) {
+        self.root = root
+    }
+
+    func makeHomeURL() -> URL {
+        self.root.appendingPathComponent(UUID().uuidString, isDirectory: true)
+    }
+
+    func validateManagedHomeForDeletion(_ url: URL) throws {
+        try ManagedCodexHomeFactory(root: self.root).validateManagedHomeForDeletion(url)
+    }
+}
+
+private final class CoordinatorStubManagedCodexIdentityReader: ManagedCodexIdentityReading, @unchecked Sendable {
+    let email: String
+
+    init(email: String) {
+        self.email = email
+    }
+
+    func loadAccountIdentity(homePath _: String) throws -> CodexAuthBackedAccount {
+        CodexAuthBackedAccount(
+            identity: CodexIdentityResolver.resolve(accountId: nil, email: self.email),
+            email: self.email,
+            plan: "Pro")
+    }
+}
diff --git a/Tests/CodexBarTests/ManagedCodexAccountServiceTests.swift b/Tests/CodexBarTests/ManagedCodexAccountServiceTests.swift
new file mode 100644
index 000000000..44ba8a5e1
--- /dev/null
+++ b/Tests/CodexBarTests/ManagedCodexAccountServiceTests.swift
@@ -0,0 +1,958 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+@MainActor
+struct ManagedCodexAccountServiceTests {
+    @Test
+    func `upsert preserves uuid for matching canonical email`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let fileURL = root.appendingPathComponent("managed.json", isDirectory: false)
+        let store = FileManagedCodexAccountStore(fileURL: fileURL, fileManager: .default)
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner.success,
+            identityReader: StubManagedCodexIdentityReader.accounts([
+                .init(identity: .providerAccount(id: "account-live"), email: "user@example.com", plan: "Pro"),
+                .init(identity: .providerAccount(id: "account-live"), email: "user@example.com", plan: "Pro"),
+            ]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver())
+
+        let first = try await service.authenticateManagedAccount()
+        let second = try await service.authenticateManagedAccount()
+        let snapshot = try store.loadAccounts()
+
+        #expect(first.id == second.id)
+        #expect(second.email == "user@example.com")
+        #expect(second.providerAccountID == "account-live")
+        #expect(snapshot.accounts.count == 1)
+        #expect(second.managedHomePath.hasPrefix(root.standardizedFileURL.path + "/"))
+    }
+
+    @Test
+    func `new authentication appends managed account without implicit selection side effect`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let firstID = try #require(UUID(uuidString: "11111111-1111-1111-1111-111111111111"))
+        let firstAccount = ManagedCodexAccount(
+            id: firstID,
+            email: "first@example.com",
+            managedHomePath: root.appendingPathComponent("accounts/first", isDirectory: true).path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let store = InMemoryManagedCodexAccountStore(
+            accounts: ManagedCodexAccountSet(
+                version: 1,
+                accounts: [firstAccount]))
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner.success,
+            identityReader: StubManagedCodexIdentityReader.accounts([
+                .init(identity: .providerAccount(id: "account-second"), email: "second@example.com", plan: "Pro"),
+            ]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver())
+
+        let authenticated = try await service.authenticateManagedAccount()
+
+        #expect(store.snapshot.accounts.count == 2)
+        #expect(authenticated.email == "second@example.com")
+        #expect(authenticated.providerAccountID == "account-second")
+    }
+
+    @Test
+    func `same email provider backed workspaces coexist across sequential add account flows`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let store = InMemoryManagedCodexAccountStore(
+            accounts: ManagedCodexAccountSet(
+                version: FileManagedCodexAccountStore.currentVersion,
+                accounts: []))
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner.success,
+            identityReader: StubManagedCodexIdentityReader.accounts([
+                .init(identity: .providerAccount(id: "workspace-personal"), email: "alice@example.com", plan: "Pro"),
+                .init(identity: .providerAccount(id: "workspace-team"), email: "alice@example.com", plan: "Pro"),
+            ]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver(identities: [
+                "workspace-personal": CodexOpenAIWorkspaceIdentity(
+                    workspaceAccountID: "workspace-personal",
+                    workspaceLabel: "Personal"),
+                "workspace-team": CodexOpenAIWorkspaceIdentity(
+                    workspaceAccountID: "workspace-team",
+                    workspaceLabel: "Team"),
+            ]))
+
+        let personal = try await service.authenticateManagedAccount()
+        let team = try await service.authenticateManagedAccount()
+
+        let storedPersonal = try #require(
+            store.snapshot.account(email: "alice@example.com", providerAccountID: "workspace-personal"))
+        let storedTeam = try #require(
+            store.snapshot.account(email: "alice@example.com", providerAccountID: "workspace-team"))
+        #expect(store.snapshot.accounts.count == 2)
+        #expect(personal.id == storedPersonal.id)
+        #expect(team.id == storedTeam.id)
+        #expect(personal.id != team.id)
+        #expect(storedPersonal.providerAccountID == "workspace-personal")
+        #expect(storedPersonal.workspaceLabel == "Personal")
+        #expect(storedTeam.providerAccountID == "workspace-team")
+        #expect(storedTeam.workspaceLabel == "Team")
+        #expect(storedPersonal.managedHomePath != storedTeam.managedHomePath)
+        #expect(FileManager.default.fileExists(atPath: storedPersonal.managedHomePath))
+        #expect(FileManager.default.fileExists(atPath: storedTeam.managedHomePath))
+    }
+
+    @Test
+    func `same workspace provider id with different emails does not overwrite existing account`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let existingHome = root.appendingPathComponent("accounts/existing", isDirectory: true)
+        try FileManager.default.createDirectory(at: existingHome, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let existingID = try #require(UUID(uuidString: "10101010-2020-3030-4040-505050505050"))
+        let existingAccount = ManagedCodexAccount(
+            id: existingID,
+            email: "mi.chaelfmk5542@gmail.com",
+            providerAccountID: "team-4107",
+            workspaceLabel: "4107",
+            workspaceAccountID: "team-4107",
+            managedHomePath: existingHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let store = InMemoryManagedCodexAccountStore(
+            accounts: ManagedCodexAccountSet(
+                version: FileManagedCodexAccountStore.currentVersion,
+                accounts: [existingAccount]))
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner.success,
+            identityReader: StubManagedCodexIdentityReader.accounts([
+                .init(identity: .providerAccount(id: "team-4107"), email: "mich.aelfmk5542@gmail.com", plan: "Team"),
+            ]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver(identities: [
+                "team-4107": CodexOpenAIWorkspaceIdentity(
+                    workspaceAccountID: "team-4107",
+                    workspaceLabel: "4107"),
+            ]))
+
+        let added = try await service.authenticateManagedAccount()
+
+        let original = try #require(
+            store.snapshot.account(email: "mi.chaelfmk5542@gmail.com", providerAccountID: "team-4107"))
+        let newAccount = try #require(
+            store.snapshot.account(email: "mich.aelfmk5542@gmail.com", providerAccountID: "team-4107"))
+        #expect(store.snapshot.accounts.count == 2)
+        #expect(original.id == existingID)
+        #expect(original.managedHomePath == existingHome.path)
+        #expect(newAccount.id == added.id)
+        #expect(newAccount.id != existingID)
+        #expect(newAccount.workspaceLabel == "4107")
+        #expect(FileManager.default.fileExists(atPath: existingHome.path))
+        #expect(FileManager.default.fileExists(atPath: newAccount.managedHomePath))
+    }
+
+    @Test
+    func `selected workspace is persisted and used as account identity`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let store = InMemoryManagedCodexAccountStore(
+            accounts: ManagedCodexAccountSet(
+                version: FileManagedCodexAccountStore.currentVersion,
+                accounts: []))
+        let workspaces = [
+            CodexOpenAIWorkspaceIdentity(
+                workspaceAccountID: "workspace-personal",
+                workspaceLabel: "Personal"),
+            CodexOpenAIWorkspaceIdentity(
+                workspaceAccountID: "workspace-team",
+                workspaceLabel: "Team"),
+        ]
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: WritingManagedCodexLoginRunner(
+                credentials: CodexOAuthCredentials(
+                    accessToken: "access-token",
+                    refreshToken: "refresh-token",
+                    idToken: nil,
+                    accountId: "workspace-personal",
+                    lastRefresh: nil)),
+            identityReader: StubManagedCodexIdentityReader.accounts([
+                .init(identity: .providerAccount(id: "workspace-personal"), email: "alice@example.com", plan: "Pro"),
+            ]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver(
+                identities: Dictionary(uniqueKeysWithValues: workspaces.map { ($0.workspaceAccountID, $0) }),
+                availableIdentities: workspaces),
+            workspaceSelector: StubManagedCodexWorkspaceSelector(selectedWorkspaceID: "workspace-team"))
+
+        let account = try await service.authenticateManagedAccount()
+        let credentials = try CodexOAuthCredentialsStore.load(env: ["CODEX_HOME": account.managedHomePath])
+
+        #expect(account.providerAccountID == "workspace-team")
+        #expect(account.workspaceLabel == "Team")
+        #expect(credentials.accountId == "workspace-team")
+        #expect(store.snapshot.accounts.count == 1)
+    }
+
+    @Test
+    func `reauth keeps previous home when store write fails`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let existingHome = root.appendingPathComponent("accounts/existing", isDirectory: true)
+        try FileManager.default.createDirectory(at: existingHome, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let existingAccountID = try #require(UUID(uuidString: "11111111-2222-3333-4444-555555555555"))
+        let existingAccount = ManagedCodexAccount(
+            id: existingAccountID,
+            email: "user@example.com",
+            managedHomePath: existingHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let store = FailingManagedCodexAccountStore(
+            accounts: ManagedCodexAccountSet(
+                version: 1,
+                accounts: [existingAccount]))
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner.success,
+            identityReader: StubManagedCodexIdentityReader.accounts([
+                .init(identity: .providerAccount(id: "account-live"), email: "user@example.com", plan: "Pro"),
+            ]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver())
+
+        await #expect(throws: TestManagedCodexAccountStoreError.writeFailed) {
+            try await service.authenticateManagedAccount()
+        }
+
+        let newHome = root.appendingPathComponent("accounts/account-1", isDirectory: true)
+        #expect(FileManager.default.fileExists(atPath: existingHome.path))
+        #expect(FileManager.default.fileExists(atPath: newHome.path) == false)
+        #expect(store.snapshot.accounts.count == 1)
+        #expect(store.snapshot.accounts.first?.managedHomePath == existingHome.path)
+    }
+
+    @Test
+    func `reauth reconciles by provider account id before existing account id`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let alphaHome = root.appendingPathComponent("accounts/alpha", isDirectory: true)
+        let betaHome = root.appendingPathComponent("accounts/beta", isDirectory: true)
+        try FileManager.default.createDirectory(at: alphaHome, withIntermediateDirectories: true)
+        try FileManager.default.createDirectory(at: betaHome, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let alphaID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let betaID = try #require(UUID(uuidString: "BBBBBBBB-CCCC-DDDD-EEEE-222222222222"))
+        let alphaAccount = ManagedCodexAccount(
+            id: alphaID,
+            email: "shared@example.com",
+            providerAccountID: "account-alpha",
+            managedHomePath: alphaHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let betaAccount = ManagedCodexAccount(
+            id: betaID,
+            email: "shared@example.com",
+            providerAccountID: "account-beta",
+            managedHomePath: betaHome.path,
+            createdAt: 2,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let store = InMemoryManagedCodexAccountStore(
+            accounts: ManagedCodexAccountSet(
+                version: 1,
+                accounts: [alphaAccount, betaAccount]))
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner.success,
+            identityReader: StubManagedCodexIdentityReader.accounts([
+                .init(identity: .providerAccount(id: "account-beta"), email: "SHARED@example.com", plan: "Pro"),
+            ]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver())
+
+        let account = try await service.authenticateManagedAccount(existingAccountID: alphaAccount.id)
+
+        let storedAlpha = try #require(store.snapshot.account(id: alphaAccount.id))
+        let storedBeta = try #require(store.snapshot.account(id: betaAccount.id))
+        #expect(account.id == betaAccount.id)
+        #expect(store.snapshot.accounts.count == 2)
+        #expect(storedAlpha.email == "shared@example.com")
+        #expect(storedAlpha.providerAccountID == "account-alpha")
+        #expect(storedAlpha.managedHomePath == alphaHome.path)
+        #expect(storedBeta.email == "shared@example.com")
+        #expect(storedBeta.providerAccountID == "account-beta")
+        #expect(storedBeta.managedHomePath.hasPrefix(root.standardizedFileURL.path + "/"))
+        #expect(storedBeta.managedHomePath != betaHome.path)
+        #expect(FileManager.default.fileExists(atPath: alphaHome.path))
+        #expect(FileManager.default.fileExists(atPath: betaHome.path) == false)
+        #expect(FileManager.default.fileExists(atPath: storedBeta.managedHomePath))
+    }
+
+    @Test
+    func `reauth to different account does not overwrite existing account id match`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let aliceHome = root.appendingPathComponent("accounts/alice", isDirectory: true)
+        try FileManager.default.createDirectory(at: aliceHome, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let aliceID = try #require(UUID(uuidString: "12121212-3434-5656-7878-909090909090"))
+        let aliceAccount = ManagedCodexAccount(
+            id: aliceID,
+            email: "alice@example.com",
+            providerAccountID: "account-alice",
+            managedHomePath: aliceHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let store = InMemoryManagedCodexAccountStore(accounts: ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [aliceAccount]))
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner.success,
+            identityReader: StubManagedCodexIdentityReader.accounts([
+                .init(identity: .providerAccount(id: "account-bob"), email: "bob@example.com", plan: "Pro"),
+            ]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver())
+
+        let account = try await service.authenticateManagedAccount(existingAccountID: aliceID)
+
+        let storedAlice = try #require(store.snapshot.account(id: aliceID))
+        let storedBob = try #require(store.snapshot.account(email: "bob@example.com"))
+        #expect(account.id != aliceID)
+        #expect(account.id == storedBob.id)
+        #expect(store.snapshot.accounts.count == 2)
+        #expect(storedAlice.email == "alice@example.com")
+        #expect(storedAlice.providerAccountID == "account-alice")
+        #expect(storedAlice.managedHomePath == aliceHome.path)
+        #expect(storedBob.email == "bob@example.com")
+        #expect(storedBob.providerAccountID == "account-bob")
+        #expect(storedBob.managedHomePath.hasPrefix(root.standardizedFileURL.path + "/"))
+        #expect(storedBob.managedHomePath != aliceHome.path)
+        #expect(FileManager.default.fileExists(atPath: aliceHome.path))
+        #expect(FileManager.default.fileExists(atPath: storedBob.managedHomePath))
+    }
+
+    @Test
+    func `reauth on same email different workspace does not overwrite selected workspace`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let personalHome = root.appendingPathComponent("accounts/personal", isDirectory: true)
+        try FileManager.default.createDirectory(at: personalHome, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let personalID = try #require(UUID(uuidString: "31313131-4242-5353-6464-757575757575"))
+        let personalAccount = ManagedCodexAccount(
+            id: personalID,
+            email: "alice@example.com",
+            providerAccountID: "workspace-personal",
+            workspaceLabel: "Personal",
+            workspaceAccountID: "workspace-personal",
+            managedHomePath: personalHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let store = InMemoryManagedCodexAccountStore(accounts: ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [personalAccount]))
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner.success,
+            identityReader: StubManagedCodexIdentityReader.accounts([
+                .init(identity: .providerAccount(id: "workspace-team"), email: "alice@example.com", plan: "Pro"),
+            ]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver(identities: [
+                "workspace-team": CodexOpenAIWorkspaceIdentity(
+                    workspaceAccountID: "workspace-team",
+                    workspaceLabel: "Team"),
+            ]))
+
+        let account = try await service.authenticateManagedAccount(existingAccountID: personalID)
+
+        let storedPersonal = try #require(store.snapshot.account(id: personalID))
+        let storedTeam = try #require(
+            store.snapshot.account(email: "alice@example.com", providerAccountID: "workspace-team"))
+        #expect(account.id == storedTeam.id)
+        #expect(account.id != personalID)
+        #expect(store.snapshot.accounts.count == 2)
+        #expect(storedPersonal.providerAccountID == "workspace-personal")
+        #expect(storedPersonal.workspaceLabel == "Personal")
+        #expect(storedPersonal.managedHomePath == personalHome.path)
+        #expect(storedTeam.providerAccountID == "workspace-team")
+        #expect(storedTeam.workspaceLabel == "Team")
+        #expect(storedTeam.managedHomePath != personalHome.path)
+        #expect(FileManager.default.fileExists(atPath: personalHome.path))
+        #expect(FileManager.default.fileExists(atPath: storedTeam.managedHomePath))
+    }
+
+    @Test
+    func `legacy row collapses onto provider backed row when provider id resolves elsewhere`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let legacyHome = root.appendingPathComponent("accounts/legacy", isDirectory: true)
+        let providerHome = root.appendingPathComponent("accounts/provider", isDirectory: true)
+        try FileManager.default.createDirectory(at: legacyHome, withIntermediateDirectories: true)
+        try FileManager.default.createDirectory(at: providerHome, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let legacyID = try #require(UUID(uuidString: "AAAAAAAA-1111-2222-3333-444444444444"))
+        let providerID = try #require(UUID(uuidString: "BBBBBBBB-1111-2222-3333-444444444444"))
+        let legacyAccount = ManagedCodexAccount(
+            id: legacyID,
+            email: "shared@example.com",
+            managedHomePath: legacyHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let providerAccount = ManagedCodexAccount(
+            id: providerID,
+            email: "shared@example.com",
+            providerAccountID: "account-real",
+            managedHomePath: providerHome.path,
+            createdAt: 2,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let store = InMemoryManagedCodexAccountStore(accounts: ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [legacyAccount, providerAccount]))
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner.success,
+            identityReader: StubManagedCodexIdentityReader.accounts([
+                .init(identity: .providerAccount(id: "account-real"), email: "shared@example.com", plan: "Pro"),
+            ]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver())
+
+        let account = try await service.authenticateManagedAccount(existingAccountID: legacyAccount.id)
+
+        #expect(account.id == providerAccount.id)
+        #expect(store.snapshot.accounts.count == 1)
+        #expect(store.snapshot.accounts.first?.id == providerAccount.id)
+        #expect(store.snapshot.accounts.first?.providerAccountID == "account-real")
+        #expect(FileManager.default.fileExists(atPath: legacyHome.path) == false)
+        #expect(FileManager.default.fileExists(atPath: providerHome.path) == false)
+        #expect(FileManager.default.fileExists(atPath: account.managedHomePath))
+    }
+
+    @Test
+    func `fresh provider login removes stale legacy row without explicit existing account id`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let legacyHome = root.appendingPathComponent("accounts/legacy", isDirectory: true)
+        let providerHome = root.appendingPathComponent("accounts/provider", isDirectory: true)
+        try FileManager.default.createDirectory(at: legacyHome, withIntermediateDirectories: true)
+        try FileManager.default.createDirectory(at: providerHome, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let legacyID = try #require(UUID(uuidString: "CCCCCCCC-1111-2222-3333-444444444444"))
+        let providerID = try #require(UUID(uuidString: "DDDDDDDD-1111-2222-3333-444444444444"))
+        let legacyAccount = ManagedCodexAccount(
+            id: legacyID,
+            email: "shared@example.com",
+            managedHomePath: legacyHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let providerAccount = ManagedCodexAccount(
+            id: providerID,
+            email: "shared@example.com",
+            providerAccountID: "account-real",
+            managedHomePath: providerHome.path,
+            createdAt: 2,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let store = InMemoryManagedCodexAccountStore(accounts: ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [legacyAccount, providerAccount]))
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner.success,
+            identityReader: StubManagedCodexIdentityReader.accounts([
+                .init(identity: .providerAccount(id: "account-real"), email: "shared@example.com", plan: "Pro"),
+            ]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver())
+
+        let account = try await service.authenticateManagedAccount()
+
+        #expect(account.id == providerAccount.id)
+        #expect(store.snapshot.accounts.count == 1)
+        #expect(store.snapshot.accounts.first?.id == providerAccount.id)
+        #expect(FileManager.default.fileExists(atPath: legacyHome.path) == false)
+        #expect(FileManager.default.fileExists(atPath: providerHome.path) == false)
+        #expect(FileManager.default.fileExists(atPath: account.managedHomePath))
+    }
+
+    @Test
+    func `authentication persists workspace metadata and tolerates missing workspace label`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let store = InMemoryManagedCodexAccountStore(
+            accounts: ManagedCodexAccountSet(version: FileManagedCodexAccountStore.currentVersion, accounts: []))
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner.success,
+            identityReader: StubManagedCodexIdentityReader.accounts([
+                .init(identity: .providerAccount(id: "account-live"), email: "user@example.com", plan: "Pro"),
+                .init(identity: .providerAccount(id: "account-fallback"), email: "fallback@example.com", plan: "Pro"),
+            ]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver(identities: [
+                "account-live": CodexOpenAIWorkspaceIdentity(
+                    workspaceAccountID: "account-live",
+                    workspaceLabel: "Team Alpha"),
+                "account-fallback": CodexOpenAIWorkspaceIdentity(
+                    workspaceAccountID: "account-fallback",
+                    workspaceLabel: nil),
+            ]))
+
+        let labeled = try await service.authenticateManagedAccount()
+        let fallback = try await service.authenticateManagedAccount()
+
+        #expect(labeled.providerAccountID == "account-live")
+        #expect(labeled.workspaceAccountID == "account-live")
+        #expect(labeled.workspaceLabel == "Team Alpha")
+        #expect(fallback.providerAccountID == "account-fallback")
+        #expect(fallback.workspaceAccountID == "account-fallback")
+        #expect(fallback.workspaceLabel == nil)
+    }
+
+    @Test
+    func `reauth preserves stored provider metadata when refresh cannot resolve account id`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let existingHome = root.appendingPathComponent("accounts/existing", isDirectory: true)
+        try FileManager.default.createDirectory(at: existingHome, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let existingID = try #require(UUID(uuidString: "EEEEEEEE-1111-2222-3333-444444444444"))
+        let existingAccount = ManagedCodexAccount(
+            id: existingID,
+            email: "user@example.com",
+            providerAccountID: "account-live",
+            workspaceLabel: "Team Alpha",
+            workspaceAccountID: "account-live",
+            managedHomePath: existingHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let store = InMemoryManagedCodexAccountStore(accounts: ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [existingAccount]))
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner.success,
+            identityReader: StubManagedCodexIdentityReader.accounts([
+                .init(
+                    identity: .emailOnly(normalizedEmail: "user@example.com"),
+                    email: "user@example.com",
+                    plan: "Pro"),
+            ]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver())
+
+        let account = try await service.authenticateManagedAccount(existingAccountID: existingID)
+        let stored = try #require(store.snapshot.account(id: existingID))
+
+        #expect(account.id == existingID)
+        #expect(account.providerAccountID == "account-live")
+        #expect(account.workspaceAccountID == "account-live")
+        #expect(account.workspaceLabel == "Team Alpha")
+        #expect(stored.providerAccountID == "account-live")
+        #expect(stored.workspaceAccountID == "account-live")
+        #expect(stored.workspaceLabel == "Team Alpha")
+        #expect(FileManager.default.fileExists(atPath: existingHome.path) == false)
+        #expect(FileManager.default.fileExists(atPath: account.managedHomePath))
+    }
+
+    @Test
+    func `auth failure cleanup uses managed root safety check`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let outsideHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        defer {
+            try? FileManager.default.removeItem(at: root)
+            try? FileManager.default.removeItem(at: outsideHome)
+        }
+
+        let store = InMemoryManagedCodexAccountStore(
+            accounts: ManagedCodexAccountSet(version: 1, accounts: []))
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: UnsafeManagedCodexHomeFactory(root: root, homeURL: outsideHome),
+            loginRunner: StubManagedCodexLoginRunner(
+                result: CodexLoginRunner.Result(outcome: .failed(status: 1), output: "nope")),
+            identityReader: StubManagedCodexIdentityReader.emails([]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver())
+
+        await #expect(throws: ManagedCodexAccountServiceError.self) {
+            try await service.authenticateManagedAccount()
+        }
+
+        #expect(FileManager.default.fileExists(atPath: outsideHome.path))
+        #expect(store.snapshot.accounts.isEmpty)
+    }
+
+    @Test
+    func `auth failure preserves codex login result output`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let loginResult = CodexLoginRunner.Result(
+            outcome: .failed(status: 42),
+            output: "OAuth callback used the wrong browser profile")
+        let service = ManagedCodexAccountService(
+            store: InMemoryManagedCodexAccountStore(
+                accounts: ManagedCodexAccountSet(version: 1, accounts: [])),
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner(result: loginResult),
+            identityReader: StubManagedCodexIdentityReader.emails([]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver())
+
+        do {
+            _ = try await service.authenticateManagedAccount()
+            Issue.record("Expected managed Codex login failure")
+        } catch let error as ManagedCodexAccountServiceError {
+            guard case let .loginFailed(capturedResult) = error else {
+                Issue.record("Expected loginFailed, got \(error)")
+                return
+            }
+            #expect(capturedResult == loginResult)
+            #expect(error.userFacingMessage.contains("codex --version"))
+            #expect(error.userFacingMessage.contains("OAuth callback used the wrong browser profile"))
+        }
+    }
+
+    @Test
+    func `remove deletes managed home under managed root`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let home = root.appendingPathComponent("accounts/account-a", isDirectory: true)
+        try FileManager.default.createDirectory(at: home, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let accountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE"))
+        let account = ManagedCodexAccount(
+            id: accountID,
+            email: "user@example.com",
+            managedHomePath: home.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let store = InMemoryManagedCodexAccountStore(
+            accounts: ManagedCodexAccountSet(version: 1, accounts: [account]))
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner.success,
+            identityReader: StubManagedCodexIdentityReader.emails([]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver())
+
+        try await service.removeManagedAccount(id: account.id)
+
+        #expect(store.snapshot.accounts.isEmpty)
+        #expect(FileManager.default.fileExists(atPath: home.path) == false)
+    }
+
+    @Test
+    func `remove keeps remaining managed account records`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let firstHome = root.appendingPathComponent("accounts/account-a", isDirectory: true)
+        let secondHome = root.appendingPathComponent("accounts/account-b", isDirectory: true)
+        try FileManager.default.createDirectory(at: firstHome, withIntermediateDirectories: true)
+        try FileManager.default.createDirectory(at: secondHome, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let firstID = try #require(UUID(uuidString: "AAAAAAAA-1111-1111-1111-111111111111"))
+        let secondID = try #require(UUID(uuidString: "BBBBBBBB-2222-2222-2222-222222222222"))
+        let first = ManagedCodexAccount(
+            id: firstID,
+            email: "first@example.com",
+            managedHomePath: firstHome.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let second = ManagedCodexAccount(
+            id: secondID,
+            email: "second@example.com",
+            managedHomePath: secondHome.path,
+            createdAt: 2,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let store = InMemoryManagedCodexAccountStore(
+            accounts: ManagedCodexAccountSet(
+                version: 1,
+                accounts: [first, second]))
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner.success,
+            identityReader: StubManagedCodexIdentityReader.emails([]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver())
+
+        try await service.removeManagedAccount(id: second.id)
+
+        #expect(store.snapshot.accounts.count == 1)
+        #expect(store.snapshot.accounts.first?.id == first.id)
+        #expect(FileManager.default.fileExists(atPath: secondHome.path) == false)
+    }
+
+    @Test
+    func `remove keeps persisted account when store write fails`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let home = root.appendingPathComponent("accounts/account-a", isDirectory: true)
+        try FileManager.default.createDirectory(at: home, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let accountID = try #require(UUID(uuidString: "CCCCCCCC-DDDD-EEEE-FFFF-000000000000"))
+        let account = ManagedCodexAccount(
+            id: accountID,
+            email: "user@example.com",
+            managedHomePath: home.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let store = FailingManagedCodexAccountStore(
+            accounts: ManagedCodexAccountSet(version: 1, accounts: [account]))
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner.success,
+            identityReader: StubManagedCodexIdentityReader.emails([]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver())
+
+        await #expect(throws: TestManagedCodexAccountStoreError.writeFailed) {
+            try await service.removeManagedAccount(id: account.id)
+        }
+
+        #expect(store.snapshot.accounts.count == 1)
+        #expect(store.snapshot.accounts.first?.managedHomePath == home.path)
+        #expect(FileManager.default.fileExists(atPath: home.path))
+    }
+
+    @Test
+    func `remove drops account but leaves unsafe home untouched`() async throws {
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let outsideRoot = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        try FileManager.default.createDirectory(at: outsideRoot, withIntermediateDirectories: true)
+        defer {
+            try? FileManager.default.removeItem(at: root)
+            try? FileManager.default.removeItem(at: outsideRoot)
+        }
+
+        let accountID = try #require(UUID(uuidString: "BBBBBBBB-CCCC-DDDD-EEEE-FFFFFFFFFFFF"))
+        let account = ManagedCodexAccount(
+            id: accountID,
+            email: "user@example.com",
+            managedHomePath: outsideRoot.path,
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let store = InMemoryManagedCodexAccountStore(
+            accounts: ManagedCodexAccountSet(version: 1, accounts: [account]))
+        let service = ManagedCodexAccountService(
+            store: store,
+            homeFactory: TestManagedCodexHomeFactory(root: root),
+            loginRunner: StubManagedCodexLoginRunner.success,
+            identityReader: StubManagedCodexIdentityReader.emails([]),
+            workspaceResolver: StubManagedCodexWorkspaceResolver())
+
+        try await service.removeManagedAccount(id: account.id)
+
+        #expect(store.snapshot.accounts.isEmpty)
+        #expect(FileManager.default.fileExists(atPath: outsideRoot.path))
+    }
+}
+
+private final class InMemoryManagedCodexAccountStore: ManagedCodexAccountStoring, @unchecked Sendable {
+    var snapshot: ManagedCodexAccountSet
+
+    init(accounts: ManagedCodexAccountSet) {
+        self.snapshot = accounts
+    }
+
+    func loadAccounts() throws -> ManagedCodexAccountSet {
+        self.snapshot
+    }
+
+    func storeAccounts(_ accounts: ManagedCodexAccountSet) throws {
+        self.snapshot = accounts
+    }
+
+    func ensureFileExists() throws -> URL {
+        FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+    }
+}
+
+private final class FailingManagedCodexAccountStore: ManagedCodexAccountStoring, @unchecked Sendable {
+    var snapshot: ManagedCodexAccountSet
+
+    init(accounts: ManagedCodexAccountSet) {
+        self.snapshot = accounts
+    }
+
+    func loadAccounts() throws -> ManagedCodexAccountSet {
+        self.snapshot
+    }
+
+    func storeAccounts(_ accounts: ManagedCodexAccountSet) throws {
+        _ = accounts
+        throw TestManagedCodexAccountStoreError.writeFailed
+    }
+
+    func ensureFileExists() throws -> URL {
+        FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+    }
+}
+
+private final class TestManagedCodexHomeFactory: ManagedCodexHomeProducing, @unchecked Sendable {
+    let root: URL
+    private let lock = NSLock()
+    private var index: Int = 0
+
+    init(root: URL) {
+        self.root = root
+    }
+
+    private func nextPathComponent() -> String {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        self.index += 1
+        return "accounts/account-\(self.index)"
+    }
+
+    func makeHomeURL() -> URL {
+        self.root.appendingPathComponent(self.nextPathComponent(), isDirectory: true)
+    }
+
+    func validateManagedHomeForDeletion(_ url: URL) throws {
+        try ManagedCodexHomeFactory(root: self.root).validateManagedHomeForDeletion(url)
+    }
+}
+
+private struct UnsafeManagedCodexHomeFactory: ManagedCodexHomeProducing {
+    let root: URL
+    let homeURL: URL
+
+    func makeHomeURL() -> URL {
+        self.homeURL
+    }
+
+    func validateManagedHomeForDeletion(_ url: URL) throws {
+        try ManagedCodexHomeFactory(root: self.root).validateManagedHomeForDeletion(url)
+    }
+}
+
+private struct StubManagedCodexLoginRunner: ManagedCodexLoginRunning {
+    let result: CodexLoginRunner.Result
+
+    func run(homePath: String, timeout: TimeInterval) async -> CodexLoginRunner.Result {
+        self.result
+    }
+
+    static let success = StubManagedCodexLoginRunner(
+        result: CodexLoginRunner.Result(outcome: .success, output: "ok"))
+}
+
+private struct WritingManagedCodexLoginRunner: ManagedCodexLoginRunning {
+    let credentials: CodexOAuthCredentials
+
+    func run(homePath: String, timeout _: TimeInterval) async -> CodexLoginRunner.Result {
+        do {
+            try CodexOAuthCredentialsStore.save(self.credentials, env: ["CODEX_HOME": homePath])
+            return CodexLoginRunner.Result(outcome: .success, output: "ok")
+        } catch {
+            return CodexLoginRunner.Result(outcome: .failed(status: 1), output: String(describing: error))
+        }
+    }
+}
+
+private enum TestManagedCodexAccountStoreError: Error, Equatable {
+    case writeFailed
+}
+
+private final class StubManagedCodexIdentityReader: ManagedCodexIdentityReading, @unchecked Sendable {
+    private let lock = NSLock()
+    private var identities: [CodexAuthBackedAccount]
+
+    init(identities: [CodexAuthBackedAccount]) {
+        self.identities = identities
+    }
+
+    func loadAccountIdentity(homePath _: String) throws -> CodexAuthBackedAccount {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        guard !self.identities.isEmpty else {
+            return CodexAuthBackedAccount(identity: .unresolved, email: nil, plan: nil)
+        }
+        return self.identities.removeFirst()
+    }
+
+    static func emails(_ emails: [String]) -> StubManagedCodexIdentityReader {
+        StubManagedCodexIdentityReader(identities: emails.map { email in
+            CodexAuthBackedAccount(
+                identity: CodexIdentityResolver.resolve(accountId: nil, email: email),
+                email: email,
+                plan: "Pro")
+        })
+    }
+
+    static func accounts(_ accounts: [CodexAuthBackedAccount]) -> StubManagedCodexIdentityReader {
+        StubManagedCodexIdentityReader(identities: accounts)
+    }
+}
+
+private struct StubManagedCodexWorkspaceResolver: ManagedCodexWorkspaceResolving {
+    let identities: [String: CodexOpenAIWorkspaceIdentity]
+    let availableIdentities: [CodexOpenAIWorkspaceIdentity]
+
+    init(
+        identities: [String: CodexOpenAIWorkspaceIdentity] = [:],
+        availableIdentities: [CodexOpenAIWorkspaceIdentity] = [])
+    {
+        self.identities = identities
+        self.availableIdentities = availableIdentities
+    }
+
+    func resolveWorkspaceIdentity(
+        homePath _: String,
+        providerAccountID: String) async -> CodexOpenAIWorkspaceIdentity?
+    {
+        self.identities[providerAccountID]
+    }
+
+    func availableWorkspaceIdentities(homePath _: String) async -> [CodexOpenAIWorkspaceIdentity] {
+        self.availableIdentities
+    }
+}
+
+private struct StubManagedCodexWorkspaceSelector: ManagedCodexWorkspaceSelecting {
+    let selectedWorkspaceID: String?
+
+    func selectWorkspace(
+        email _: String,
+        currentWorkspaceID _: String?,
+        workspaces: [CodexOpenAIWorkspaceIdentity]) async -> CodexOpenAIWorkspaceIdentity?
+    {
+        workspaces.first { $0.workspaceAccountID == self.selectedWorkspaceID }
+    }
+}
diff --git a/Tests/CodexBarTests/ManagedCodexAccountStoreTests.swift b/Tests/CodexBarTests/ManagedCodexAccountStoreTests.swift
new file mode 100644
index 000000000..274761cf5
--- /dev/null
+++ b/Tests/CodexBarTests/ManagedCodexAccountStoreTests.swift
@@ -0,0 +1,542 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Test
+func `FileManagedCodexAccountStore round trip`() throws {
+    let tempDir = FileManager.default.temporaryDirectory
+    let fileURL = tempDir.appendingPathComponent("codexbar-managed-codex-accounts-test.json")
+    defer { try? FileManager.default.removeItem(at: fileURL) }
+
+    let firstID = UUID()
+    let secondID = UUID()
+    let firstAccount = ManagedCodexAccount(
+        id: firstID,
+        email: "  FIRST@Example.COM ",
+        providerAccountID: "account-first",
+        managedHomePath: "/tmp/managed-home-1",
+        createdAt: 1000,
+        updatedAt: 2000,
+        lastAuthenticatedAt: 3000)
+    let secondAccount = ManagedCodexAccount(
+        id: secondID,
+        email: "second@example.com",
+        providerAccountID: "account-second",
+        managedHomePath: "/tmp/managed-home-2",
+        createdAt: 4000,
+        updatedAt: 5000,
+        lastAuthenticatedAt: nil)
+    let payload = ManagedCodexAccountSet(
+        version: FileManagedCodexAccountStore.currentVersion,
+        accounts: [firstAccount, secondAccount])
+    let store = FileManagedCodexAccountStore(fileURL: fileURL)
+
+    try store.storeAccounts(payload)
+    let contents = try String(contentsOf: fileURL, encoding: .utf8)
+    let loaded = try store.loadAccounts()
+    let accountsRange = try #require(contents.range(of: "\"accounts\""))
+    let versionRange = try #require(contents.range(of: "\"version\""))
+
+    #expect(loaded.version == FileManagedCodexAccountStore.currentVersion)
+    #expect(loaded.accounts.count == 2)
+    #expect(loaded.accounts[0].email == "first@example.com")
+    #expect(loaded.accounts[0].providerAccountID == "account-first")
+    #expect(loaded.account(id: firstID)?.managedHomePath == "/tmp/managed-home-1")
+    #expect(loaded.account(email: "SECOND@example.com", providerAccountID: "account-second")?.id == secondID)
+    #expect(contents.contains("\n  \"accounts\""))
+    #expect(accountsRange.lowerBound < versionRange.lowerBound)
+    #expect(contents.contains("\"activeAccountID\"") == false)
+}
+
+@Test
+func `FileManagedCodexAccountStore missing file loads empty set`() throws {
+    let tempDir = FileManager.default.temporaryDirectory
+    let fileURL = tempDir.appendingPathComponent("codexbar-managed-codex-accounts-nil-active-test.json")
+    defer { try? FileManager.default.removeItem(at: fileURL) }
+    try? FileManager.default.removeItem(at: fileURL)
+
+    let store = FileManagedCodexAccountStore(fileURL: fileURL)
+    let initial = try store.loadAccounts()
+
+    #expect(initial.version == FileManagedCodexAccountStore.currentVersion)
+    #expect(initial.accounts.isEmpty)
+
+    let account = ManagedCodexAccount(
+        id: UUID(),
+        email: "user@example.com",
+        managedHomePath: "/tmp/managed-home",
+        createdAt: 10,
+        updatedAt: 20,
+        lastAuthenticatedAt: nil)
+    let payload = ManagedCodexAccountSet(
+        version: 1,
+        accounts: [account])
+
+    try store.storeAccounts(payload)
+    let loaded = try store.loadAccounts()
+
+    #expect(loaded.version == FileManagedCodexAccountStore.currentVersion)
+    #expect(loaded.accounts.count == 1)
+    #expect(loaded.account(email: "USER@example.com")?.id == account.id)
+}
+
+@Test
+func `FileManagedCodexAccountStore canonicalizes decoded emails`() throws {
+    let tempDir = FileManager.default.temporaryDirectory
+    let fileURL = tempDir.appendingPathComponent("codexbar-managed-codex-accounts-decode-test.json")
+    defer { try? FileManager.default.removeItem(at: fileURL) }
+
+    let accountID = UUID()
+    let json = """
+    {
+      "accounts" : [
+        {
+          "createdAt" : 10,
+          "email" : "  MIXED@Example.COM  ",
+          "id" : "\(accountID.uuidString)",
+          "lastAuthenticatedAt" : null,
+          "managedHomePath" : "/tmp/managed-home",
+          "updatedAt" : 20
+        }
+      ],
+      "version" : 1
+    }
+    """
+
+    try json.write(to: fileURL, atomically: true, encoding: .utf8)
+
+    let store = FileManagedCodexAccountStore(fileURL: fileURL)
+    let loaded = try store.loadAccounts()
+
+    #expect(loaded.version == FileManagedCodexAccountStore.currentVersion)
+    #expect(loaded.accounts.first?.email == "mixed@example.com")
+    #expect(loaded.account(email: "mixed@example.com")?.id == accountID)
+}
+
+@Test
+func `FileManagedCodexAccountStore drops duplicate canonical emails on load`() throws {
+    let tempDir = FileManager.default.temporaryDirectory
+    let fileURL = tempDir.appendingPathComponent("codexbar-managed-codex-accounts-duplicate-email-test.json")
+    defer { try? FileManager.default.removeItem(at: fileURL) }
+
+    let firstID = UUID()
+    let secondID = UUID()
+    let json = """
+    {
+      "accounts" : [
+        {
+          "createdAt" : 10,
+          "email" : " First@Example.com ",
+          "id" : "\(firstID.uuidString)",
+          "lastAuthenticatedAt" : null,
+          "managedHomePath" : "/tmp/managed-home-1",
+          "updatedAt" : 20
+        },
+        {
+          "createdAt" : 30,
+          "email" : "first@example.com",
+          "id" : "\(secondID.uuidString)",
+          "lastAuthenticatedAt" : null,
+          "managedHomePath" : "/tmp/managed-home-2",
+          "updatedAt" : 40
+        }
+      ],
+      "version" : 1
+    }
+    """
+
+    try json.write(to: fileURL, atomically: true, encoding: .utf8)
+
+    let store = FileManagedCodexAccountStore(fileURL: fileURL)
+    let loaded = try store.loadAccounts()
+
+    #expect(loaded.accounts.count == 1)
+    #expect(loaded.accounts.first?.id == firstID)
+    #expect(loaded.accounts.first?.managedHomePath == "/tmp/managed-home-1")
+}
+
+@Test
+func `FileManagedCodexAccountStore keeps same email rows when hydrated provider account I Ds differ`() throws {
+    let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+    defer { try? FileManager.default.removeItem(at: root) }
+
+    let fileURL = root.appendingPathComponent("managed.json", isDirectory: false)
+    let firstHome = root.appendingPathComponent("first-home", isDirectory: true)
+    let secondHome = root.appendingPathComponent("second-home", isDirectory: true)
+    try writeCodexAuthFile(homeURL: firstHome, email: "user@example.com", accountId: "account-alpha")
+    try writeCodexAuthFile(homeURL: secondHome, email: "user@example.com", accountId: "account-beta")
+
+    let firstID = UUID()
+    let secondID = UUID()
+    let json = """
+    {
+      "accounts" : [
+        {
+          "createdAt" : 10,
+          "email" : " user@example.com ",
+          "id" : "\(firstID.uuidString)",
+          "lastAuthenticatedAt" : null,
+          "managedHomePath" : "\(firstHome.path)",
+          "updatedAt" : 20
+        },
+        {
+          "createdAt" : 30,
+          "email" : "USER@example.com",
+          "id" : "\(secondID.uuidString)",
+          "lastAuthenticatedAt" : null,
+          "managedHomePath" : "\(secondHome.path)",
+          "updatedAt" : 40
+        }
+      ],
+      "version" : 1
+    }
+    """
+
+    try json.write(to: fileURL, atomically: true, encoding: .utf8)
+
+    let store = FileManagedCodexAccountStore(fileURL: fileURL)
+    let loaded = try store.loadAccounts()
+
+    #expect(loaded.version == FileManagedCodexAccountStore.currentVersion)
+    #expect(loaded.accounts.count == 2)
+    #expect(loaded.account(email: "user@example.com", providerAccountID: "account-alpha")?.id == firstID)
+    #expect(loaded.account(email: "user@example.com", providerAccountID: "account-beta")?.id == secondID)
+}
+
+@Test
+func `managed account set keeps same provider account I D when emails differ`() {
+    let firstID = UUID()
+    let secondID = UUID()
+    let first = ManagedCodexAccount(
+        id: firstID,
+        email: "mi.chaelfmk5542@gmail.com",
+        providerAccountID: "team-4107",
+        managedHomePath: "/tmp/managed-home-1",
+        createdAt: 10,
+        updatedAt: 20,
+        lastAuthenticatedAt: nil)
+    let second = ManagedCodexAccount(
+        id: secondID,
+        email: "mich.aelfmk5542@gmail.com",
+        providerAccountID: "team-4107",
+        managedHomePath: "/tmp/managed-home-2",
+        createdAt: 30,
+        updatedAt: 40,
+        lastAuthenticatedAt: nil)
+
+    let set = ManagedCodexAccountSet(
+        version: FileManagedCodexAccountStore.currentVersion,
+        accounts: [first, second])
+
+    #expect(set.accounts.count == 2)
+    #expect(set.account(email: "mi.chaelfmk5542@gmail.com", providerAccountID: "team-4107")?.id == firstID)
+    #expect(set.account(email: "mich.aelfmk5542@gmail.com", providerAccountID: "team-4107")?.id == secondID)
+}
+
+@Test
+func `FileManagedCodexAccountStore hydrates provider account I D from id token when account field is absent`() throws {
+    let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+    defer { try? FileManager.default.removeItem(at: root) }
+
+    let fileURL = root.appendingPathComponent("managed.json", isDirectory: false)
+    let home = root.appendingPathComponent("jwt-only-home", isDirectory: true)
+    try writeCodexAuthFile(
+        homeURL: home,
+        email: "user@example.com",
+        accountId: "account-jwt-only",
+        includeAccountIdField: false)
+
+    let accountID = UUID()
+    let json = """
+    {
+      "accounts" : [
+        {
+          "createdAt" : 10,
+          "email" : "user@example.com",
+          "id" : "\(accountID.uuidString)",
+          "lastAuthenticatedAt" : null,
+          "managedHomePath" : "\(home.path)",
+          "updatedAt" : 20
+        }
+      ],
+      "version" : 1
+    }
+    """
+
+    try json.write(to: fileURL, atomically: true, encoding: .utf8)
+
+    let store = FileManagedCodexAccountStore(fileURL: fileURL)
+    let loaded = try store.loadAccounts()
+
+    #expect(loaded.version == FileManagedCodexAccountStore.currentVersion)
+    #expect(loaded.accounts.count == 1)
+    #expect(loaded.accounts.first?.providerAccountID == "account-jwt-only")
+    #expect(loaded.account(email: "user@example.com", providerAccountID: "account-jwt-only")?.id == accountID)
+}
+
+@Test
+func `FileManagedCodexAccountStore drops duplicate IDs on load`() throws {
+    let tempDir = FileManager.default.temporaryDirectory
+    let fileURL = tempDir.appendingPathComponent("codexbar-managed-codex-accounts-duplicate-id-test.json")
+    defer { try? FileManager.default.removeItem(at: fileURL) }
+
+    let sharedID = UUID()
+    let json = """
+    {
+      "accounts" : [
+        {
+          "createdAt" : 10,
+          "email" : "first@example.com",
+          "id" : "\(sharedID.uuidString)",
+          "lastAuthenticatedAt" : null,
+          "managedHomePath" : "/tmp/managed-home-1",
+          "updatedAt" : 20
+        },
+        {
+          "createdAt" : 30,
+          "email" : "second@example.com",
+          "id" : "\(sharedID.uuidString)",
+          "lastAuthenticatedAt" : null,
+          "managedHomePath" : "/tmp/managed-home-2",
+          "updatedAt" : 40
+        }
+      ],
+      "version" : 1
+    }
+    """
+
+    try json.write(to: fileURL, atomically: true, encoding: .utf8)
+
+    let store = FileManagedCodexAccountStore(fileURL: fileURL)
+    let loaded = try store.loadAccounts()
+
+    #expect(loaded.accounts.count == 1)
+    #expect(loaded.accounts.first?.id == sharedID)
+    #expect(loaded.accounts.first?.email == "first@example.com")
+    #expect(loaded.accounts.first?.managedHomePath == "/tmp/managed-home-1")
+}
+
+@Test
+func `FileManagedCodexAccountStore v1 upgrade keeps deleted home row with nil provider account I D`() throws {
+    let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+    defer { try? FileManager.default.removeItem(at: root) }
+    try FileManager.default.createDirectory(at: root, withIntermediateDirectories: true)
+
+    let fileURL = root.appendingPathComponent("managed.json", isDirectory: false)
+    let missingHome = root.appendingPathComponent("missing-home", isDirectory: true)
+    let accountID = UUID()
+    let json = """
+    {
+      "accounts" : [
+        {
+          "createdAt" : 10,
+          "email" : "user@example.com",
+          "id" : "\(accountID.uuidString)",
+          "lastAuthenticatedAt" : null,
+          "managedHomePath" : "\(missingHome.path)",
+          "updatedAt" : 20
+        }
+      ],
+      "version" : 1
+    }
+    """
+
+    try json.write(to: fileURL, atomically: true, encoding: .utf8)
+
+    let store = FileManagedCodexAccountStore(fileURL: fileURL)
+    let loaded = try store.loadAccounts()
+
+    #expect(loaded.version == FileManagedCodexAccountStore.currentVersion)
+    #expect(loaded.accounts.count == 1)
+    #expect(loaded.accounts.first?.id == accountID)
+    #expect(loaded.accounts.first?.providerAccountID == nil)
+}
+
+@Test
+func `FileManagedCodexAccountStore ignores legacy active account key on load`() throws {
+    let tempDir = FileManager.default.temporaryDirectory
+    let fileURL = tempDir.appendingPathComponent("codexbar-managed-codex-accounts-legacy-active-key-test.json")
+    defer { try? FileManager.default.removeItem(at: fileURL) }
+
+    let accountID = UUID()
+    let danglingID = UUID()
+    let json = """
+    {
+      "accounts" : [
+        {
+          "createdAt" : 10,
+          "email" : "user@example.com",
+          "id" : "\(accountID.uuidString)",
+          "lastAuthenticatedAt" : null,
+          "managedHomePath" : "/tmp/managed-home",
+          "updatedAt" : 20
+        }
+      ],
+      "activeAccountID" : "\(danglingID.uuidString)",
+      "version" : 1
+    }
+    """
+
+    try json.write(to: fileURL, atomically: true, encoding: .utf8)
+
+    let store = FileManagedCodexAccountStore(fileURL: fileURL)
+    let loaded = try store.loadAccounts()
+
+    #expect(loaded.accounts.count == 1)
+    #expect(loaded.account(id: accountID)?.email == "user@example.com")
+}
+
+@Test
+func `FileManagedCodexAccountStore upgrades v1 rows and writes readable v2 file without reauth`() throws {
+    let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+    defer { try? FileManager.default.removeItem(at: root) }
+
+    let fileURL = root.appendingPathComponent("managed.json", isDirectory: false)
+    let firstHome = root.appendingPathComponent("first-home", isDirectory: true)
+    let secondHome = root.appendingPathComponent("second-home", isDirectory: true)
+    try writeCodexAuthFile(homeURL: firstHome, email: "user@example.com", accountId: "account-alpha")
+    try writeCodexAuthFile(homeURL: secondHome, email: "second@example.com", accountId: "account-beta")
+
+    let firstID = UUID()
+    let secondID = UUID()
+    let json = """
+    {
+      "accounts" : [
+        {
+          "createdAt" : 10,
+          "email" : "user@example.com",
+          "id" : "\(firstID.uuidString)",
+          "lastAuthenticatedAt" : null,
+          "managedHomePath" : "\(firstHome.path)",
+          "updatedAt" : 20
+        },
+        {
+          "createdAt" : 30,
+          "email" : "second@example.com",
+          "id" : "\(secondID.uuidString)",
+          "lastAuthenticatedAt" : null,
+          "managedHomePath" : "\(secondHome.path)",
+          "updatedAt" : 40
+        }
+      ],
+      "version" : 1
+    }
+    """
+
+    try json.write(to: fileURL, atomically: true, encoding: .utf8)
+
+    let store = FileManagedCodexAccountStore(fileURL: fileURL)
+    let loaded = try store.loadAccounts()
+    try store.storeAccounts(loaded)
+    let reloaded = try store.loadAccounts()
+    let contents = try String(contentsOf: fileURL, encoding: .utf8)
+
+    #expect(loaded.accounts.count == 2)
+    #expect(loaded.account(email: "user@example.com", providerAccountID: "account-alpha")?.id == firstID)
+    #expect(loaded.account(email: "second@example.com", providerAccountID: "account-beta")?.id == secondID)
+    #expect(reloaded.accounts.count == 2)
+    #expect(contents.contains("account-alpha"))
+    #expect(contents.contains("account-beta"))
+    #expect(contents.contains("\"version\" : \(FileManagedCodexAccountStore.currentVersion)"))
+}
+
+@Test
+func `FileManagedCodexAccountStore rejects unsupported on disk versions`() throws {
+    let tempDir = FileManager.default.temporaryDirectory
+    let fileURL = tempDir.appendingPathComponent("codexbar-managed-codex-accounts-unsupported-version-test.json")
+    defer { try? FileManager.default.removeItem(at: fileURL) }
+
+    let accountID = UUID()
+    let json = """
+    {
+      "accounts" : [
+        {
+          "createdAt" : 10,
+          "email" : "user@example.com",
+          "id" : "\(accountID.uuidString)",
+          "lastAuthenticatedAt" : null,
+          "managedHomePath" : "/tmp/managed-home",
+          "updatedAt" : 20
+        }
+      ],
+      "version" : 999
+    }
+    """
+
+    try json.write(to: fileURL, atomically: true, encoding: .utf8)
+
+    let store = FileManagedCodexAccountStore(fileURL: fileURL)
+
+    #expect(throws: FileManagedCodexAccountStoreError.unsupportedVersion(999)) {
+        try store.loadAccounts()
+    }
+}
+
+@Test
+func `FileManagedCodexAccountStore normalizes stored version to current schema`() throws {
+    let tempDir = FileManager.default.temporaryDirectory
+    let fileURL = tempDir.appendingPathComponent("codexbar-managed-codex-accounts-version-normalization-test.json")
+    defer { try? FileManager.default.removeItem(at: fileURL) }
+
+    let accountID = UUID()
+    let account = ManagedCodexAccount(
+        id: accountID,
+        email: "user@example.com",
+        providerAccountID: "account-id",
+        managedHomePath: "/tmp/managed-home",
+        createdAt: 10,
+        updatedAt: 20,
+        lastAuthenticatedAt: nil)
+    let payload = ManagedCodexAccountSet(
+        version: 999,
+        accounts: [account])
+    let store = FileManagedCodexAccountStore(fileURL: fileURL)
+
+    try store.storeAccounts(payload)
+    let loaded = try store.loadAccounts()
+    let contents = try String(contentsOf: fileURL, encoding: .utf8)
+
+    #expect(loaded.version == FileManagedCodexAccountStore.currentVersion)
+    #expect(contents.contains("\"version\" : \(FileManagedCodexAccountStore.currentVersion)"))
+    #expect(!contents.contains("\"version\" : 999"))
+}
+
+private func writeCodexAuthFile(
+    homeURL: URL,
+    email: String,
+    accountId: String,
+    includeAccountIdField: Bool = true) throws
+{
+    try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+    var tokens: [String: Any] = [
+        "accessToken": "access-token",
+        "refreshToken": "refresh-token",
+        "idToken": fakeJWT(email: email, accountId: accountId),
+    ]
+    if includeAccountIdField {
+        tokens["accountId"] = accountId
+    }
+    let data = try JSONSerialization.data(withJSONObject: ["tokens": tokens], options: [.sortedKeys])
+    try data.write(to: homeURL.appendingPathComponent("auth.json"))
+}
+
+private func fakeJWT(email: String, accountId: String) -> String {
+    let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+    let payload = (try? JSONSerialization.data(withJSONObject: [
+        "email": email,
+        "https://api.openai.com/auth": [
+            "chatgpt_account_id": accountId,
+            "chatgpt_plan_type": "pro",
+        ],
+    ])) ?? Data()
+
+    func base64URL(_ data: Data) -> String {
+        data.base64EncodedString()
+            .replacingOccurrences(of: "=", with: "")
+            .replacingOccurrences(of: "+", with: "-")
+            .replacingOccurrences(of: "/", with: "_")
+    }
+
+    return "\(base64URL(header)).\(base64URL(payload))."
+}
diff --git a/Tests/CodexBarTests/ManusCookieHeaderTests.swift b/Tests/CodexBarTests/ManusCookieHeaderTests.swift
new file mode 100644
index 000000000..6f760d3d9
--- /dev/null
+++ b/Tests/CodexBarTests/ManusCookieHeaderTests.swift
@@ -0,0 +1,48 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct ManusCookieHeaderTests {
+    @Test
+    func `bare token resolves directly`() {
+        #expect(ManusCookieHeader.token(from: "abc123") == "abc123")
+    }
+
+    @Test
+    func `extracts session_id from cookie header`() {
+        let header = "foo=bar; session_id=token-a; baz=qux"
+        #expect(ManusCookieHeader.token(from: header) == "token-a")
+    }
+
+    @Test
+    func `extracts mixed case session id from cookie header`() {
+        let header = "foo=bar; Session_ID=token-b; baz=qux"
+        #expect(ManusCookieHeader.token(from: header) == "token-b")
+    }
+
+    @Test
+    func `unsupported cookie header returns nil`() {
+        #expect(ManusCookieHeader.token(from: "foo=bar; hello=world") == nil)
+    }
+
+    #if os(macOS)
+    @Test
+    func `importer session info extracts session token`() throws {
+        let cookies = try [
+            #require(self.makeCookie(name: "session_id", value: "cookie-token")),
+        ]
+        let session = ManusCookieImporter.SessionInfo(cookies: cookies, sourceLabel: "Chrome")
+        #expect(session.sessionToken == "cookie-token")
+    }
+
+    private func makeCookie(name: String, value: String) -> HTTPCookie? {
+        HTTPCookie(properties: [
+            .domain: "manus.im",
+            .path: "/",
+            .name: name,
+            .value: value,
+            .secure: "TRUE",
+        ])
+    }
+    #endif
+}
diff --git a/Tests/CodexBarTests/ManusProviderTests.swift b/Tests/CodexBarTests/ManusProviderTests.swift
new file mode 100644
index 000000000..be69fdf51
--- /dev/null
+++ b/Tests/CodexBarTests/ManusProviderTests.swift
@@ -0,0 +1,310 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct ManusProviderTests {
+    private static let now = Date(timeIntervalSince1970: 1_744_000_000)
+
+    private final class LockedArray<Element>: @unchecked Sendable {
+        private let lock = NSLock()
+        private var values: [Element] = []
+
+        func append(_ value: Element) {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            self.values.append(value)
+        }
+
+        func snapshot() -> [Element] {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            return self.values
+        }
+    }
+
+    private struct StubClaudeFetcher: ClaudeUsageFetching {
+        func loadLatestUsage(model _: String) async throws -> ClaudeUsageSnapshot {
+            throw ClaudeUsageError.parseFailed("stub")
+        }
+
+        func debugRawProbe(model _: String) async -> String {
+            "stub"
+        }
+
+        func detectVersion() -> String? {
+            nil
+        }
+    }
+
+    private func makeContext(
+        settings: ProviderSettingsSnapshot?,
+        env: [String: String] = [:]) -> ProviderFetchContext
+    {
+        ProviderFetchContext(
+            runtime: .app,
+            sourceMode: .auto,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: settings,
+            fetcher: UsageFetcher(environment: env),
+            claudeFetcher: StubClaudeFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0))
+    }
+
+    private func stubResponse() -> ManusCreditsResponse {
+        ManusCreditsResponse(
+            totalCredits: 120,
+            freeCredits: 20,
+            periodicCredits: 80,
+            addonCredits: 10,
+            refreshCredits: 30,
+            maxRefreshCredits: 300,
+            proMonthlyCredits: 100,
+            eventCredits: 10,
+            nextRefreshTime: Date(timeIntervalSince1970: 1_744_003_600),
+            refreshInterval: "daily")
+    }
+
+    private func withIsolatedCacheStore<T>(operation: () async throws -> T) async rethrows -> T {
+        let service = "manus-provider-tests-\(UUID().uuidString)"
+        return try await KeychainCacheStore.withServiceOverrideForTesting(service) {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+            return try await operation()
+        }
+    }
+
+    @Test
+    func `off mode ignores environment session token`() async {
+        let strategy = ManusWebFetchStrategy()
+        let settings = ProviderSettingsSnapshot.make(
+            manus: ProviderSettingsSnapshot.ManusProviderSettings(
+                cookieSource: .off,
+                manualCookieHeader: nil))
+        let context = self.makeContext(
+            settings: settings,
+            env: ["MANUS_SESSION_TOKEN": "env-token"])
+
+        #expect(await strategy.isAvailable(context) == false)
+    }
+
+    @Test
+    func `manual mode invalid cookie does not fall back to cache or environment`() async {
+        await self.withIsolatedCacheStore {
+            CookieHeaderCache.store(
+                provider: .manus,
+                cookieHeader: "session_id=cached-token",
+                sourceLabel: "web")
+
+            let strategy = ManusWebFetchStrategy()
+            let settings = ProviderSettingsSnapshot.make(
+                manus: ProviderSettingsSnapshot.ManusProviderSettings(
+                    cookieSource: .manual,
+                    manualCookieHeader: "foo=bar"))
+            let context = self.makeContext(
+                settings: settings,
+                env: ["MANUS_SESSION_TOKEN": "env-token"])
+
+            do {
+                _ = try await strategy.fetch(context)
+                Issue.record("Expected invalid manual cookie instead of falling back to cache/environment")
+            } catch let error as ManusAPIError {
+                #expect(error == .invalidCookie)
+            } catch {
+                Issue.record("Expected ManusAPIError.invalidCookie, got \(error)")
+            }
+        }
+    }
+
+    @Test
+    func `environment token does not populate browser cache`() async throws {
+        try await self.withIsolatedCacheStore {
+            #if os(macOS)
+            ManusCookieImporter.importSessionsOverrideForTesting = { _, _ in
+                throw ManusCookieImportError.noCookies
+            }
+            ManusCookieImporter.importSessionOverrideForTesting = nil
+            defer {
+                ManusCookieImporter.importSessionsOverrideForTesting = nil
+                ManusCookieImporter.importSessionOverrideForTesting = nil
+            }
+            #endif
+
+            let strategy = ManusWebFetchStrategy()
+            let settings = ProviderSettingsSnapshot.make(
+                manus: ProviderSettingsSnapshot.ManusProviderSettings(
+                    cookieSource: .auto,
+                    manualCookieHeader: nil))
+            let context = self.makeContext(
+                settings: settings,
+                env: ["MANUS_SESSION_TOKEN": "env-token"])
+            let fetchOverride: @Sendable (String, Date) async throws -> ManusCreditsResponse = { token, _ in
+                #expect(token == "env-token")
+                return self.stubResponse()
+            }
+
+            _ = try await ManusUsageFetcher.$fetchCreditsOverride.withValue(fetchOverride, operation: {
+                try await strategy.fetch(context)
+            })
+
+            #expect(CookieHeaderCache.load(provider: .manus) == nil)
+        }
+    }
+
+    #if os(macOS)
+    @Test
+    func `invalid browser token falls back to environment token`() async throws {
+        try await self.withIsolatedCacheStore {
+            let browserCookie = try #require(HTTPCookie(properties: [
+                .domain: "manus.im",
+                .path: "/",
+                .name: "session_id",
+                .value: "browser-token",
+                .secure: "TRUE",
+            ]))
+            ManusCookieImporter.importSessionOverrideForTesting = { _, _ in
+                ManusCookieImporter.SessionInfo(cookies: [browserCookie], sourceLabel: "Chrome")
+            }
+            ManusCookieImporter.importSessionsOverrideForTesting = nil
+            defer {
+                ManusCookieImporter.importSessionOverrideForTesting = nil
+                ManusCookieImporter.importSessionsOverrideForTesting = nil
+            }
+
+            let attempts = LockedArray<String>()
+            let strategy = ManusWebFetchStrategy()
+            let settings = ProviderSettingsSnapshot.make(
+                manus: ProviderSettingsSnapshot.ManusProviderSettings(
+                    cookieSource: .auto,
+                    manualCookieHeader: nil))
+            let context = self.makeContext(
+                settings: settings,
+                env: ["MANUS_SESSION_TOKEN": "env-token"])
+            let fetchOverride: @Sendable (String, Date) async throws -> ManusCreditsResponse = { token, _ in
+                attempts.append(token)
+                if token == "browser-token" {
+                    throw ManusAPIError.invalidToken
+                }
+                #expect(token == "env-token")
+                return self.stubResponse()
+            }
+
+            _ = try await ManusUsageFetcher.$fetchCreditsOverride.withValue(fetchOverride, operation: {
+                try await strategy.fetch(context)
+            })
+
+            #expect(attempts.snapshot() == ["browser-token", "env-token"])
+            #expect(CookieHeaderCache.load(provider: .manus) == nil)
+        }
+    }
+
+    @Test
+    func `browser token populates cache after successful fetch`() async throws {
+        try await self.withIsolatedCacheStore {
+            let browserCookie = try #require(HTTPCookie(properties: [
+                .domain: "manus.im",
+                .path: "/",
+                .name: "session_id",
+                .value: "browser-token",
+                .secure: "TRUE",
+            ]))
+            ManusCookieImporter.importSessionOverrideForTesting = { _, _ in
+                ManusCookieImporter.SessionInfo(cookies: [browserCookie], sourceLabel: "Chrome")
+            }
+            ManusCookieImporter.importSessionsOverrideForTesting = nil
+            defer {
+                ManusCookieImporter.importSessionOverrideForTesting = nil
+                ManusCookieImporter.importSessionsOverrideForTesting = nil
+            }
+
+            let strategy = ManusWebFetchStrategy()
+            let settings = ProviderSettingsSnapshot.make(
+                manus: ProviderSettingsSnapshot.ManusProviderSettings(
+                    cookieSource: .auto,
+                    manualCookieHeader: nil))
+            let context = self.makeContext(settings: settings)
+            let fetchOverride: @Sendable (String, Date) async throws -> ManusCreditsResponse = { token, _ in
+                #expect(token == "browser-token")
+                return self.stubResponse()
+            }
+
+            _ = try await ManusUsageFetcher.$fetchCreditsOverride.withValue(fetchOverride, operation: {
+                try await strategy.fetch(context)
+            })
+
+            let cached = CookieHeaderCache.load(provider: .manus)
+            #expect(cached?.cookieHeader == "session_id=browser-token")
+        }
+    }
+    #endif
+
+    @Test
+    func `settings reader accepts full cookie header from environment`() {
+        let env = ["MANUS_COOKIE": "foo=bar; session_id=env-cookie-token; baz=qux"]
+        #expect(ManusSettingsReader.sessionToken(environment: env) == "env-cookie-token")
+    }
+
+    @Test
+    func `parse response tolerates sparse live payload`() throws {
+        let data = Data("""
+        {
+          "totalCredits": 2869,
+          "freeCredits": 1500,
+          "periodicCredits": 1369,
+          "proMonthlyCredits": 4000,
+          "maxRefreshCredits": 300,
+          "nextRefreshTime": "2026-04-13T00:00:00Z",
+          "refreshInterval": "daily",
+          "userFlag": { "drc16": true }
+        }
+        """.utf8)
+
+        let response = try ManusUsageFetcher.parseResponse(data)
+        #expect(response.totalCredits == 2869)
+        #expect(response.periodicCredits == 1369)
+        #expect(response.proMonthlyCredits == 4000)
+        #expect(response.refreshCredits == 0)
+        #expect(response.addonCredits == 0)
+        #expect(response.maxRefreshCredits == 300)
+        #expect(response.nextRefreshTime != nil)
+
+        let snapshot = response.toUsageSnapshot(now: Self.now)
+        #expect(snapshot.providerCost == nil)
+        #expect(snapshot.primary?.usedPercent ?? 0 > 65)
+        #expect(snapshot.primary?.resetDescription == "Total 2,869 • Free 1,500")
+        #expect(snapshot.secondary?.usedPercent == 100)
+        #expect(snapshot.secondary?.resetDescription == "Daily: 0 / 300")
+    }
+
+    @Test
+    func `parse response rejects payload without credits fields`() {
+        let data = Data(#"{"error":"unauthorized","message":"session expired"}"#.utf8)
+
+        #expect(throws: ManusAPIError.self) {
+            try ManusUsageFetcher.parseResponse(data)
+        }
+    }
+
+    @Test
+    func `parse response accepts wrapped envelope`() throws {
+        let data = Data("""
+        {
+          "data": {
+            "totalCredits": 100,
+            "proMonthlyCredits": 200,
+            "periodicCredits": 50,
+            "maxRefreshCredits": 10,
+            "refreshCredits": 5
+          }
+        }
+        """.utf8)
+
+        let response = try ManusUsageFetcher.parseResponse(data)
+        #expect(response.totalCredits == 100)
+        #expect(response.periodicCredits == 50)
+    }
+}
diff --git a/Tests/CodexBarTests/MenuBarMetricWindowResolverTests.swift b/Tests/CodexBarTests/MenuBarMetricWindowResolverTests.swift
new file mode 100644
index 000000000..267f3098b
--- /dev/null
+++ b/Tests/CodexBarTests/MenuBarMetricWindowResolverTests.swift
@@ -0,0 +1,133 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct MenuBarMetricWindowResolverTests {
+    @Test
+    func `automatic metric uses zai 5-hour token lane when it is most constrained`() {
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 12, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 10, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 92, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        let window = MenuBarMetricWindowResolver.rateWindow(
+            preference: .automatic,
+            provider: .zai,
+            snapshot: snapshot,
+            supportsAverage: false)
+
+        #expect(window?.usedPercent == 92)
+    }
+
+    @Test
+    func `extra usage metric maps provider cost into a menu bar window`() {
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 12, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            providerCost: ProviderCostSnapshot(
+                used: 37.5,
+                limit: 150,
+                currencyCode: "USD",
+                updatedAt: Date()),
+            updatedAt: Date())
+
+        let window = MenuBarMetricWindowResolver.rateWindow(
+            preference: .extraUsage,
+            provider: .cursor,
+            snapshot: snapshot,
+            supportsAverage: false)
+
+        #expect(window?.usedPercent == 25)
+    }
+
+    @Test
+    func `automatic metric uses claude enterprise spend limit`() {
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            providerCost: ProviderCostSnapshot(
+                used: 67.03,
+                limit: 1000,
+                currencyCode: "USD",
+                period: "Spend limit",
+                updatedAt: Date()),
+            updatedAt: Date())
+
+        let window = MenuBarMetricWindowResolver.rateWindow(
+            preference: .automatic,
+            provider: .claude,
+            snapshot: snapshot,
+            supportsAverage: false)
+
+        #expect(abs((window?.usedPercent ?? 0) - 6.703) < 0.0001)
+    }
+
+    @Test
+    func `automatic metric uses claude web spend limit placeholder`() {
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 0, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            providerCost: ProviderCostSnapshot(
+                used: 67.03,
+                limit: 1000,
+                currencyCode: "USD",
+                period: "Monthly",
+                updatedAt: Date()),
+            updatedAt: Date())
+
+        let window = MenuBarMetricWindowResolver.rateWindow(
+            preference: .automatic,
+            provider: .claude,
+            snapshot: snapshot,
+            supportsAverage: false)
+
+        #expect(abs((window?.usedPercent ?? 0) - 6.703) < 0.0001)
+    }
+
+    @Test
+    func `automatic metric keeps claude quota window when extra usage is optional`() {
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 42, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            providerCost: ProviderCostSnapshot(
+                used: 67.03,
+                limit: 1000,
+                currencyCode: "USD",
+                period: "Monthly",
+                updatedAt: Date()),
+            updatedAt: Date())
+
+        let window = MenuBarMetricWindowResolver.rateWindow(
+            preference: .automatic,
+            provider: .claude,
+            snapshot: snapshot,
+            supportsAverage: false)
+
+        #expect(window?.usedPercent == 42)
+    }
+
+    @Test
+    func `automatic metric keeps claude zero quota window when reset exists`() {
+        let reset = Date(timeIntervalSince1970: 1000)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 0, windowMinutes: 300, resetsAt: reset, resetDescription: "later"),
+            secondary: nil,
+            providerCost: ProviderCostSnapshot(
+                used: 67.03,
+                limit: 1000,
+                currencyCode: "USD",
+                period: "Monthly",
+                updatedAt: Date()),
+            updatedAt: Date())
+
+        let window = MenuBarMetricWindowResolver.rateWindow(
+            preference: .automatic,
+            provider: .claude,
+            snapshot: snapshot,
+            supportsAverage: false)
+
+        #expect(window?.resetsAt == reset)
+    }
+}
diff --git a/Tests/CodexBarTests/MenuBarSeparatorStyleTests.swift b/Tests/CodexBarTests/MenuBarSeparatorStyleTests.swift
new file mode 100644
index 000000000..e1414c47d
--- /dev/null
+++ b/Tests/CodexBarTests/MenuBarSeparatorStyleTests.swift
@@ -0,0 +1,30 @@
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct MenuBarSeparatorStyleTests {
+    @Test
+    func separatorCharacters() {
+        #expect(MenuBarSeparatorStyle.dot.separator == " · ")
+        #expect(MenuBarSeparatorStyle.pipe.separator == " | ")
+    }
+
+    @Test
+    func idMatchesRawValue() {
+        for style in MenuBarSeparatorStyle.allCases {
+            #expect(style.id == style.rawValue)
+        }
+    }
+
+    @Test
+    func allCasesCoverDotAndPipe() {
+        #expect(MenuBarSeparatorStyle.allCases == [.dot, .pipe])
+    }
+
+    @Test
+    func rawValueRoundTripFallsBackToDot() {
+        #expect(MenuBarSeparatorStyle(rawValue: "dot") == .dot)
+        #expect(MenuBarSeparatorStyle(rawValue: "pipe") == .pipe)
+        #expect(MenuBarSeparatorStyle(rawValue: "garbage") == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/MenuBarVisibilityWatcherTests.swift b/Tests/CodexBarTests/MenuBarVisibilityWatcherTests.swift
new file mode 100644
index 000000000..ce47ef1fd
--- /dev/null
+++ b/Tests/CodexBarTests/MenuBarVisibilityWatcherTests.swift
@@ -0,0 +1,346 @@
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct MenuBarVisibilityWatcherTests {
+    @Test
+    func `does not flag intentionally hidden status item`() {
+        let snapshot = StatusItemVisibilitySnapshot(
+            isVisible: false,
+            hasButton: true,
+            hasWindow: false,
+            hasScreen: false,
+            buttonWidth: 0)
+
+        #expect(!MenuBarVisibilityWatcher.isBlockedSnapshot(snapshot: snapshot))
+    }
+
+    @Test
+    func `flags visible item without attached window`() {
+        let snapshot = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: false,
+            hasScreen: false,
+            buttonWidth: 18)
+
+        #expect(MenuBarVisibilityWatcher.isBlockedSnapshot(snapshot: snapshot))
+    }
+
+    @Test
+    func `flags visible item without button`() {
+        let snapshot = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: false,
+            hasWindow: false,
+            hasScreen: false,
+            buttonWidth: 0)
+
+        #expect(MenuBarVisibilityWatcher.isBlockedSnapshot(snapshot: snapshot))
+    }
+
+    @Test
+    func `flags visible item with zero width`() {
+        let snapshot = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: true,
+            hasScreen: true,
+            buttonWidth: 0)
+
+        #expect(MenuBarVisibilityWatcher.isBlockedSnapshot(snapshot: snapshot))
+    }
+
+    @Test
+    func `allows visible item attached to a screen with width`() {
+        let snapshot = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: true,
+            hasScreen: true,
+            buttonWidth: 18)
+
+        #expect(!MenuBarVisibilityWatcher.isBlockedSnapshot(snapshot: snapshot))
+    }
+
+    @Test
+    func `allows visible item attached to a detached screen`() {
+        let snapshot = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: true,
+            hasScreen: true,
+            isOnCurrentScreen: false,
+            buttonWidth: 18)
+
+        #expect(!MenuBarVisibilityWatcher.isBlockedSnapshot(snapshot: snapshot))
+    }
+
+    @Test
+    func `classifies detached live item as displaced but not blocked`() {
+        let snapshot = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: true,
+            hasScreen: false,
+            isOnCurrentScreen: false,
+            buttonWidth: 18)
+
+        #expect(!MenuBarVisibilityWatcher.isBlockedSnapshot(snapshot: snapshot))
+        #expect(MenuBarVisibilityWatcher.isDisplacedSnapshot(snapshot: snapshot))
+    }
+
+    @Test
+    func `classifies stale screen live item as displaced but not blocked`() {
+        let snapshot = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: true,
+            hasScreen: true,
+            isOnCurrentScreen: false,
+            buttonWidth: 18)
+
+        #expect(!MenuBarVisibilityWatcher.isBlockedSnapshot(snapshot: snapshot))
+        #expect(MenuBarVisibilityWatcher.isDisplacedSnapshot(snapshot: snapshot))
+    }
+
+    @Test
+    func `guidance shows once then repeats after a day`() throws {
+        let defaults = try #require(UserDefaults(suiteName: "MenuBarVisibilityWatcherTests"))
+        defaults.removePersistentDomain(forName: "MenuBarVisibilityWatcherTests")
+        let now = Date(timeIntervalSince1970: 1000)
+
+        #expect(MenuBarVisibilityWatcher.shouldShowGuidance(defaults: defaults, now: now))
+
+        MenuBarVisibilityWatcher.markGuidanceShown(defaults: defaults, now: now)
+
+        #expect(!MenuBarVisibilityWatcher.shouldShowGuidance(
+            defaults: defaults,
+            now: now.addingTimeInterval(MenuBarVisibilityWatcher.guidanceRepeatInterval - 1)))
+        #expect(MenuBarVisibilityWatcher.shouldShowGuidance(
+            defaults: defaults,
+            now: now.addingTimeInterval(MenuBarVisibilityWatcher.guidanceRepeatInterval)))
+    }
+
+    @Test
+    func `startup recovery triggers for blocked visible snapshot`() {
+        let launchedAt = Date(timeIntervalSince1970: 1000)
+        let blocked = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: false,
+            hasScreen: false,
+            buttonWidth: 18)
+
+        #expect(MenuBarVisibilityWatcher.shouldAttemptStartupRecovery(
+            appLaunchedAt: launchedAt,
+            now: launchedAt.addingTimeInterval(2),
+            snapshots: [blocked]))
+    }
+
+    @Test
+    func `startup recovery triggers when one split status item is blocked`() {
+        let launchedAt = Date(timeIntervalSince1970: 1000)
+        let healthy = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: true,
+            hasScreen: true,
+            buttonWidth: 18)
+        let blocked = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: false,
+            hasScreen: false,
+            buttonWidth: 18)
+
+        #expect(MenuBarVisibilityWatcher.shouldAttemptStartupRecovery(
+            appLaunchedAt: launchedAt,
+            now: launchedAt.addingTimeInterval(2),
+            snapshots: [healthy, blocked]))
+    }
+
+    @Test
+    func `startup recovery ignores stale checks`() {
+        let launchedAt = Date(timeIntervalSince1970: 1000)
+        let blocked = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: false,
+            hasScreen: false,
+            buttonWidth: 18)
+
+        #expect(!MenuBarVisibilityWatcher.shouldAttemptStartupRecovery(
+            appLaunchedAt: launchedAt,
+            now: launchedAt.addingTimeInterval(MenuBarVisibilityWatcher.startupFreshnessInterval + 1),
+            snapshots: [blocked]))
+    }
+
+    @Test
+    func `startup recovery ignores healthy visible snapshot`() {
+        let launchedAt = Date(timeIntervalSince1970: 1000)
+        let healthy = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: true,
+            hasScreen: true,
+            buttonWidth: 18)
+
+        #expect(!MenuBarVisibilityWatcher.shouldAttemptStartupRecovery(
+            appLaunchedAt: launchedAt,
+            now: launchedAt.addingTimeInterval(2),
+            snapshots: [healthy]))
+    }
+
+    @Test
+    func `screen change placement refresh ignores display removal with healthy status item`() {
+        let healthy = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: true,
+            hasScreen: true,
+            buttonWidth: 18)
+
+        #expect(!MenuBarVisibilityWatcher.shouldRefreshScreenChangePlacement(
+            previousScreenCount: 2,
+            currentScreenCount: 1,
+            snapshots: [healthy]))
+    }
+
+    @Test
+    func `screen change placement refresh ignores display removal when no status item is visible`() {
+        let hidden = StatusItemVisibilitySnapshot(
+            isVisible: false,
+            hasButton: true,
+            hasWindow: true,
+            hasScreen: true,
+            buttonWidth: 18)
+
+        #expect(!MenuBarVisibilityWatcher.shouldRefreshScreenChangePlacement(
+            previousScreenCount: 2,
+            currentScreenCount: 1,
+            snapshots: [hidden]))
+    }
+
+    @Test
+    func `screen change recovery triggers for blocked status item without display count change`() {
+        let blocked = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: false,
+            hasScreen: false,
+            buttonWidth: 18)
+
+        #expect(MenuBarVisibilityWatcher.shouldAttemptScreenChangeRecovery(snapshots: [blocked]))
+    }
+
+    @Test
+    func `screen change placement refresh triggers for detached live item after display removal`() {
+        let displaced = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: true,
+            hasScreen: false,
+            isOnCurrentScreen: false,
+            buttonWidth: 18)
+
+        #expect(MenuBarVisibilityWatcher.shouldRefreshScreenChangePlacement(
+            previousScreenCount: 2,
+            currentScreenCount: 1,
+            snapshots: [displaced]))
+    }
+
+    @Test
+    func `screen change placement refresh triggers for stale screen live item after display removal`() {
+        let displaced = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: true,
+            hasScreen: true,
+            isOnCurrentScreen: false,
+            buttonWidth: 18)
+
+        #expect(MenuBarVisibilityWatcher.shouldRefreshScreenChangePlacement(
+            previousScreenCount: 2,
+            currentScreenCount: 1,
+            snapshots: [displaced]))
+    }
+
+    @Test
+    func `screen change placement refresh ignores healthy item when display count does not shrink`() {
+        let healthy = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: true,
+            hasScreen: true,
+            buttonWidth: 18)
+
+        #expect(!MenuBarVisibilityWatcher.shouldRefreshScreenChangePlacement(
+            previousScreenCount: 1,
+            currentScreenCount: 2,
+            snapshots: [healthy]))
+    }
+
+    @Test
+    func `screen change placement refresh triggers for displaced live item when display count is unchanged`() {
+        let displaced = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: true,
+            hasScreen: true,
+            isOnCurrentScreen: false,
+            buttonWidth: 18)
+
+        #expect(MenuBarVisibilityWatcher.shouldRefreshScreenChangePlacement(
+            previousScreenCount: 2,
+            currentScreenCount: 2,
+            snapshots: [displaced]))
+    }
+
+    @Test
+    func `manager parked item with live window is not blocked`() {
+        // A menu bar manager parks items off the active screen with the window intact.
+        // hasAnyBlockedVisibleSnapshot must return false so verifyScreenChangeRecoveryIfNeeded
+        // does not trigger repeated recreation that corrupts Control Center.
+        let managed = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: true,
+            hasScreen: false,
+            isOnCurrentScreen: false,
+            buttonWidth: 18)
+
+        #expect(!MenuBarVisibilityWatcher.hasAnyBlockedVisibleSnapshot([managed]))
+        #expect(MenuBarVisibilityWatcher.hasAnyDisplacedVisibleSnapshot([managed]))
+    }
+
+    @Test
+    func `manager parked item with live window on stale screen is not blocked`() {
+        let managed = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: true,
+            hasScreen: true,
+            isOnCurrentScreen: false,
+            buttonWidth: 18)
+
+        #expect(!MenuBarVisibilityWatcher.hasAnyBlockedVisibleSnapshot([managed]))
+        #expect(MenuBarVisibilityWatcher.hasAnyDisplacedVisibleSnapshot([managed]))
+    }
+
+    @Test
+    func `item without window is blocked regardless of screen state`() {
+        // A missing window cannot be caused by a manager parking the item; it signals
+        // a genuine system block and must trigger recovery.
+        let blocked = StatusItemVisibilitySnapshot(
+            isVisible: true,
+            hasButton: true,
+            hasWindow: false,
+            hasScreen: false,
+            isOnCurrentScreen: false,
+            buttonWidth: 18)
+
+        #expect(MenuBarVisibilityWatcher.hasAnyBlockedVisibleSnapshot([blocked]))
+        #expect(!MenuBarVisibilityWatcher.hasAnyDisplacedVisibleSnapshot([blocked]))
+    }
+}
diff --git a/Tests/CodexBarTests/MenuCardAntigravityTests.swift b/Tests/CodexBarTests/MenuCardAntigravityTests.swift
new file mode 100644
index 000000000..3f7037c0d
--- /dev/null
+++ b/Tests/CodexBarTests/MenuCardAntigravityTests.swift
@@ -0,0 +1,283 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct MenuCardAntigravityTests {
+    @Test
+    func `antigravity metrics show zero percent for missing families`() throws {
+        let now = Date()
+        let identity = ProviderIdentitySnapshot(
+            providerID: .antigravity,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: "Pro")
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 5,
+                windowMinutes: nil,
+                resetsAt: now.addingTimeInterval(3600),
+                resetDescription: nil),
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: now,
+            identity: identity)
+        let metadata = try #require(ProviderDefaults.metadata[.antigravity])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .antigravity,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.metrics.count == 3)
+        #expect(model.metrics.map(\.title) == ["Claude", "Gemini Pro", "Gemini Flash"])
+        #expect(model.metrics[1].percent == 0)
+        #expect(model.metrics[1].percentLabel == "0% left")
+        #expect(model.metrics[1].statusText == nil)
+        #expect(model.metrics[1].detailText == nil)
+        #expect(model.metrics[2].percent == 0)
+        #expect(model.metrics[2].percentLabel == "0% left")
+        #expect(model.metrics[2].statusText == nil)
+        #expect(model.metrics[2].detailText == nil)
+    }
+
+    @Test
+    func `antigravity zero percent metric still shows reset text`() throws {
+        let now = Date(timeIntervalSince1970: 1_735_000_000)
+        let resetTime = now.addingTimeInterval(3600)
+        let antigravitySnapshot = AntigravityStatusSnapshot(
+            modelQuotas: [
+                AntigravityModelQuota(
+                    label: "Claude Thinking",
+                    modelId: "MODEL_PLACEHOLDER_M35",
+                    remainingFraction: 0.4,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3.1 Pro (Low)",
+                    modelId: "MODEL_PLACEHOLDER_M36",
+                    remainingFraction: nil,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3 Flash",
+                    modelId: "MODEL_PLACEHOLDER_M47",
+                    remainingFraction: 1,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+            ],
+            accountEmail: nil,
+            accountPlan: "Pro")
+        let snapshot = try antigravitySnapshot.toUsageSnapshot()
+        let metadata = try #require(ProviderDefaults.metadata[.antigravity])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .antigravity,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.metrics[1].percent == 0)
+        #expect(model.metrics[1].percentLabel == "0% left")
+        #expect(model.metrics[1].resetText != nil)
+    }
+
+    @Test
+    func `antigravity metrics include complete per model quota windows`() throws {
+        let now = Date(timeIntervalSince1970: 1_735_000_000)
+        let resetTime = now.addingTimeInterval(3600)
+        let antigravitySnapshot = AntigravityStatusSnapshot(
+            modelQuotas: [
+                AntigravityModelQuota(
+                    label: "GPT-OSS 120B (Medium)",
+                    modelId: "MODEL_PLACEHOLDER_M55",
+                    remainingFraction: 0.25,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3 Pro (Low)",
+                    modelId: "MODEL_PLACEHOLDER_M53",
+                    remainingFraction: 0.5,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Claude Opus 4.6 (Thinking)",
+                    modelId: "MODEL_PLACEHOLDER_M50",
+                    remainingFraction: 0.75,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3 Pro (High)",
+                    modelId: "MODEL_PLACEHOLDER_M52",
+                    remainingFraction: 1,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+            ],
+            accountEmail: nil,
+            accountPlan: "Pro")
+        let snapshot = try antigravitySnapshot.toUsageSnapshot()
+        let metadata = try #require(ProviderDefaults.metadata[.antigravity])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .antigravity,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.metrics.map(\.title) == [
+            "Claude",
+            "Gemini Pro",
+            "Gemini Flash",
+            "Claude Opus 4.6 (Thinking)",
+            "Gemini 3 Pro (High)",
+            "Gemini 3 Pro (Low)",
+            "GPT-OSS 120B (Medium)",
+        ])
+        #expect(model.metrics.suffix(4).map(\.percentLabel) == [
+            "75% left",
+            "100% left",
+            "50% left",
+            "25% left",
+        ])
+    }
+
+    @Test
+    func `antigravity per model extra windows still render when optional extras are disabled`() throws {
+        // Regression: the optional-credits/extra-usage setting is Codex-specific and must NOT hide
+        // other providers' core extra windows (here Antigravity per-model quotas).
+        let now = Date(timeIntervalSince1970: 1_735_000_000)
+        let resetTime = now.addingTimeInterval(3600)
+        let antigravitySnapshot = AntigravityStatusSnapshot(
+            modelQuotas: [
+                AntigravityModelQuota(
+                    label: "Claude Opus 4.6 (Thinking)",
+                    modelId: "MODEL_PLACEHOLDER_M50",
+                    remainingFraction: 0.75,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+                AntigravityModelQuota(
+                    label: "Gemini 3 Pro (High)",
+                    modelId: "MODEL_PLACEHOLDER_M52",
+                    remainingFraction: 1,
+                    resetTime: resetTime,
+                    resetDescription: nil),
+            ],
+            accountEmail: nil,
+            accountPlan: "Pro")
+        let snapshot = try antigravitySnapshot.toUsageSnapshot()
+        let metadata = try #require(ProviderDefaults.metadata[.antigravity])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .antigravity,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: false,
+            hidePersonalInfo: false,
+            now: now))
+
+        // Per-model extra windows remain visible even with optional extras disabled.
+        #expect(model.metrics.contains { $0.title == "Claude Opus 4.6 (Thinking)" })
+        #expect(model.metrics.contains { $0.title == "Gemini 3 Pro (High)" })
+    }
+
+    @Test
+    func `antigravity missing families show full usage in used mode`() throws {
+        let now = Date()
+        let identity = ProviderIdentitySnapshot(
+            providerID: .antigravity,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: "Pro")
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 5,
+                windowMinutes: nil,
+                resetsAt: now.addingTimeInterval(3600),
+                resetDescription: nil),
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: now,
+            identity: identity)
+        let metadata = try #require(ProviderDefaults.metadata[.antigravity])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .antigravity,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: true,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.metrics[1].percent == 100)
+        #expect(model.metrics[1].percentLabel == "100% used")
+        #expect(model.metrics[2].percent == 100)
+        #expect(model.metrics[2].percentLabel == "100% used")
+    }
+}
diff --git a/Tests/CodexBarTests/MenuCardCostHintTests.swift b/Tests/CodexBarTests/MenuCardCostHintTests.swift
new file mode 100644
index 000000000..086e9c633
--- /dev/null
+++ b/Tests/CodexBarTests/MenuCardCostHintTests.swift
@@ -0,0 +1,96 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct MenuCardCostHintTests {
+    @Test
+    func `claude cost hint explains cache tokens and status line drift`() throws {
+        let now = Date()
+        let metadata = try #require(ProviderDefaults.metadata[.claude])
+        let snapshot = CostUsageTokenSnapshot(
+            sessionTokens: 123,
+            sessionCostUSD: 1.23,
+            last30DaysTokens: 456,
+            last30DaysCostUSD: 78.9,
+            daily: [
+                CostUsageDailyReport.Entry(
+                    date: "2026-05-14",
+                    inputTokens: 1,
+                    outputTokens: 2,
+                    cacheReadTokens: 300,
+                    cacheCreationTokens: 400,
+                    totalTokens: 703,
+                    costUSD: 1.23,
+                    modelsUsed: ["claude-sonnet-4-6"],
+                    modelBreakdowns: nil),
+            ],
+            updatedAt: now)
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .claude,
+            metadata: metadata,
+            snapshot: nil,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: snapshot,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: true,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.tokenUsage?.hintLine?.contains("cache read/write tokens") == true)
+        #expect(model.tokenUsage?.hintLine?.contains("Claude Code /status") == true)
+    }
+
+    @Test
+    func `one day history label stays today`() throws {
+        let now = Date()
+        let metadata = try #require(ProviderDefaults.metadata[.claude])
+        let snapshot = CostUsageTokenSnapshot(
+            sessionTokens: 120,
+            sessionCostUSD: 1.2,
+            last30DaysTokens: 120,
+            last30DaysCostUSD: 1.2,
+            historyDays: 1,
+            daily: [
+                .init(
+                    date: "2026-05-14",
+                    inputTokens: 100,
+                    outputTokens: 20,
+                    totalTokens: 120,
+                    costUSD: 1.2,
+                    modelsUsed: ["claude-sonnet-4-6"],
+                    modelBreakdowns: nil),
+            ],
+            updatedAt: now)
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .claude,
+            metadata: metadata,
+            snapshot: nil,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: snapshot,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: true,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.tokenUsage?.monthLine.hasPrefix("Today: ") == true)
+    }
+}
diff --git a/Tests/CodexBarTests/MenuCardDeepSeekTests.swift b/Tests/CodexBarTests/MenuCardDeepSeekTests.swift
new file mode 100644
index 000000000..3a17f9b10
--- /dev/null
+++ b/Tests/CodexBarTests/MenuCardDeepSeekTests.swift
@@ -0,0 +1,146 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct MenuCardDeepSeekTests {
+    private static func sampleDeepSeekSummary(now: Date = Date()) -> DeepSeekUsageSummary {
+        DeepSeekUsageSummary(
+            todayTokens: 123,
+            currentMonthTokens: 456,
+            todayCost: 0.0123,
+            currentMonthCost: 0.0456,
+            requestCount: 7,
+            currentMonthRequestCount: 8,
+            topModel: "deepseek-chat",
+            categoryBreakdown: [
+                DeepSeekCategoryBreakdown(category: .promptCacheHitToken, tokens: 10, cost: 0.001),
+                DeepSeekCategoryBreakdown(category: .promptCacheMissToken, tokens: 20, cost: 0.002),
+                DeepSeekCategoryBreakdown(category: .responseToken, tokens: 30, cost: 0.003),
+            ],
+            daily: [
+                DeepSeekDailyUsage(date: "2026-05-26", totalTokens: 456, cost: 0.0456, requestCount: 8),
+            ],
+            currency: "CNY",
+            updatedAt: now)
+    }
+
+    private static func makeSnapshot(now: Date, usageSummary: DeepSeekUsageSummary? = nil) -> UsageSnapshot {
+        DeepSeekUsageSnapshot(
+            isAvailable: true,
+            currency: "USD",
+            totalBalance: 9.32,
+            grantedBalance: 0,
+            toppedUpBalance: 9.32,
+            usageSummary: usageSummary,
+            updatedAt: now)
+            .toUsageSnapshot()
+    }
+
+    @Test
+    func `model shows balance as status text instead of percentage detail`() throws {
+        let now = Date()
+        let identity = ProviderIdentitySnapshot(
+            providerID: .deepseek,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: nil)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 0,
+                windowMinutes: nil,
+                resetsAt: nil,
+                resetDescription: "$9.32 (Paid: $9.32 / Granted: $0.00)"),
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: now,
+            identity: identity)
+        let metadata = try #require(ProviderDefaults.metadata[.deepseek])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .deepseek,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        let primary = try #require(model.metrics.first)
+        #expect(primary.title == "Balance")
+        #expect(primary.statusText == "$9.32 (Paid: $9.32 / Granted: $0.00)")
+        #expect(primary.detailText == nil)
+        #expect(primary.resetText == nil)
+    }
+
+    @Test
+    func `model hides optional deepseek usage when extras disabled`() throws {
+        let now = Date()
+        let metadata = try #require(ProviderDefaults.metadata[.deepseek])
+        let snapshot = Self.makeSnapshot(now: now, usageSummary: Self.sampleDeepSeekSummary(now: now))
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .deepseek,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: false,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.inlineUsageDashboard == nil)
+        #expect(model.usageNotes.isEmpty)
+    }
+
+    @Test
+    func `model shows optional deepseek usage when extras enabled`() throws {
+        let now = Date()
+        let metadata = try #require(ProviderDefaults.metadata[.deepseek])
+        let snapshot = Self.makeSnapshot(now: now, usageSummary: Self.sampleDeepSeekSummary(now: now))
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .deepseek,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.inlineUsageDashboard?.accessibilityLabel == "DeepSeek 30 day token usage trend")
+        #expect(model.usageNotes.contains { $0.contains("Today:") })
+    }
+}
diff --git a/Tests/CodexBarTests/MenuCardKiloPassTests.swift b/Tests/CodexBarTests/MenuCardKiloPassTests.swift
index a888ca4c8..f15cfdcba 100644
--- a/Tests/CodexBarTests/MenuCardKiloPassTests.swift
+++ b/Tests/CodexBarTests/MenuCardKiloPassTests.swift
@@ -3,10 +3,9 @@ import Foundation
 import Testing
 @testable import CodexBar
 
-@Suite
 struct MenuCardKiloPassTests {
     @Test
-    func kiloModelShowsPassBeforeCreditsAndKeepsResetWithDetail() throws {
+    func `kilo model shows pass before credits and keeps reset with detail`() throws {
         let now = Date()
         let metadata = try #require(ProviderDefaults.metadata[.kilo])
         let snapshot = UsageSnapshot(
diff --git a/Tests/CodexBarTests/MenuCardModelCodexProjectionTests.swift b/Tests/CodexBarTests/MenuCardModelCodexProjectionTests.swift
new file mode 100644
index 000000000..cd6e59419
--- /dev/null
+++ b/Tests/CodexBarTests/MenuCardModelCodexProjectionTests.swift
@@ -0,0 +1,834 @@
+import CodexBarCore
+import Foundation
+import SwiftUI
+import Testing
+@testable import CodexBar
+
+struct MenuCardModelCodexProjectionTests {
+    @Test
+    func `codex weekly lane derives pace from its visible window`() throws {
+        let now = Date(timeIntervalSince1970: 1_800_000_000)
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "user@example.com",
+            accountOrganization: nil,
+            loginMethod: "Pro")
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 2,
+                windowMinutes: 300,
+                resetsAt: now.addingTimeInterval(4 * 60 * 60),
+                resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: 4,
+                windowMinutes: 10080,
+                resetsAt: now.addingTimeInterval(6 * 24 * 60 * 60),
+                resetDescription: nil),
+            tertiary: nil,
+            updatedAt: now,
+            identity: identity)
+        let projection = CodexConsumerProjection.make(
+            surface: .liveCard,
+            context: CodexConsumerProjection.Context(
+                snapshot: snapshot,
+                rawUsageError: nil,
+                liveCredits: nil,
+                rawCreditsError: nil,
+                liveDashboard: nil,
+                rawDashboardError: nil,
+                dashboardAttachmentAuthorized: false,
+                dashboardRequiresLogin: false,
+                now: now))
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: snapshot,
+            codexProjection: projection,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: "user@example.com", plan: "Pro"),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        let weekly = try #require(model.metrics.first { $0.id == "secondary" })
+        #expect(weekly.detailLeftText == "10% in reserve")
+        #expect(weekly.detailRightText == "Lasts until reset")
+    }
+
+    @Test
+    func `codex weekly lane includes workday markers when workDaysPerWeek is set`() throws {
+        let now = Date(timeIntervalSince1970: 1_800_000_000)
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "user@example.com",
+            accountOrganization: nil,
+            loginMethod: "Pro")
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 2,
+                windowMinutes: 300,
+                resetsAt: now.addingTimeInterval(4 * 60 * 60),
+                resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: 4,
+                windowMinutes: 10080,
+                resetsAt: now.addingTimeInterval(6 * 24 * 60 * 60),
+                resetDescription: nil),
+            tertiary: nil,
+            updatedAt: now,
+            identity: identity)
+        let projection = CodexConsumerProjection.make(
+            surface: .liveCard,
+            context: CodexConsumerProjection.Context(
+                snapshot: snapshot,
+                rawUsageError: nil,
+                liveCredits: nil,
+                rawCreditsError: nil,
+                liveDashboard: nil,
+                rawDashboardError: nil,
+                dashboardAttachmentAuthorized: false,
+                dashboardRequiresLogin: false,
+                now: now))
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: snapshot,
+            codexProjection: projection,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: "user@example.com", plan: "Pro"),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            quotaWarningThresholds: [.session: [], .weekly: []],
+            workDaysPerWeek: 5,
+            now: now))
+
+        let weekly = try #require(model.metrics.first { $0.id == "secondary" })
+        #expect(weekly.warningMarkerPercents == [20.0, 40.0, 60.0, 80.0])
+
+        let session = try #require(model.metrics.first { $0.id == "primary" })
+        #expect(session.warningMarkerPercents.isEmpty)
+    }
+
+    @Test
+    func `codex weekly lane workday markers merge with quota warning markers`() throws {
+        let now = Date(timeIntervalSince1970: 1_800_000_000)
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "user@example.com",
+            accountOrganization: nil,
+            loginMethod: "Pro")
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 2,
+                windowMinutes: 300,
+                resetsAt: now.addingTimeInterval(4 * 60 * 60),
+                resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: 4,
+                windowMinutes: 10080,
+                resetsAt: now.addingTimeInterval(6 * 24 * 60 * 60),
+                resetDescription: nil),
+            tertiary: nil,
+            updatedAt: now,
+            identity: identity)
+        let projection = CodexConsumerProjection.make(
+            surface: .liveCard,
+            context: CodexConsumerProjection.Context(
+                snapshot: snapshot,
+                rawUsageError: nil,
+                liveCredits: nil,
+                rawCreditsError: nil,
+                liveDashboard: nil,
+                rawDashboardError: nil,
+                dashboardAttachmentAuthorized: false,
+                dashboardRequiresLogin: false,
+                now: now))
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: snapshot,
+            codexProjection: projection,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: "user@example.com", plan: "Pro"),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            quotaWarningThresholds: [.session: [], .weekly: [50]],
+            workDaysPerWeek: 5,
+            now: now))
+
+        let weekly = try #require(model.metrics.first { $0.id == "secondary" })
+        #expect(weekly.warningMarkerPercents == [20.0, 40.0, 50.0, 60.0, 80.0])
+    }
+
+    @Test
+    func `codex weekly lane workday markers not inverted by usageBarsShowUsed`() throws {
+        let now = Date(timeIntervalSince1970: 1_800_000_000)
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "user@example.com",
+            accountOrganization: nil,
+            loginMethod: "Pro")
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 2,
+                windowMinutes: 300,
+                resetsAt: now.addingTimeInterval(4 * 60 * 60),
+                resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: 4,
+                windowMinutes: 10080,
+                resetsAt: now.addingTimeInterval(6 * 24 * 60 * 60),
+                resetDescription: nil),
+            tertiary: nil,
+            updatedAt: now,
+            identity: identity)
+        let projection = CodexConsumerProjection.make(
+            surface: .liveCard,
+            context: CodexConsumerProjection.Context(
+                snapshot: snapshot,
+                rawUsageError: nil,
+                liveCredits: nil,
+                rawCreditsError: nil,
+                liveDashboard: nil,
+                rawDashboardError: nil,
+                dashboardAttachmentAuthorized: false,
+                dashboardRequiresLogin: false,
+                now: now))
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: snapshot,
+            codexProjection: projection,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: "user@example.com", plan: "Pro"),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: true,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            quotaWarningThresholds: [.session: [], .weekly: []],
+            workDaysPerWeek: 5,
+            now: now))
+
+        let weekly = try #require(model.metrics.first { $0.id == "secondary" })
+        #expect(weekly.warningMarkerPercents == [20.0, 40.0, 60.0, 80.0])
+    }
+
+    @Test
+    func `codex plan only snapshot shows limits unavailable placeholder`() throws {
+        let now = Date()
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "user@example.com",
+            accountOrganization: nil,
+            loginMethod: "pro")
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: now,
+            identity: identity)
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: UsageError.noRateLimitsFound.errorDescription,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.placeholder == "Limits not available")
+        #expect(model.metrics.isEmpty)
+        #expect(model.subtitleStyle == .info)
+        #expect(!model.subtitleText.contains("Found sessions"))
+        #expect(model.planText == "Pro 20x")
+    }
+
+    @Test
+    func `codex plan only snapshot keeps actionable refresh errors visible`() throws {
+        let now = Date()
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "user@example.com",
+            accountOrganization: nil,
+            loginMethod: "pro")
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: now,
+            identity: identity)
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: "Codex connection failed: timed out.",
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.placeholder == nil)
+        #expect(model.subtitleStyle == .error)
+        #expect(model.subtitleText == "Codex connection failed: timed out.")
+        #expect(model.planText == "Pro 20x")
+    }
+
+    @Test
+    func `codex account fallback shows limits unavailable instead of no limits error`() throws {
+        let now = Date()
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: nil,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: "user@example.com", plan: "pro"),
+            isRefreshing: false,
+            lastError: UsageError.noRateLimitsFound.errorDescription,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.placeholder == "Limits not available")
+        #expect(model.subtitleStyle == .info)
+        #expect(!model.subtitleText.contains("Found sessions"))
+        #expect(model.email == "user@example.com")
+        #expect(model.planText == "Pro 20x")
+    }
+
+    @Test
+    func `codex no account fallback keeps no limits error visible`() throws {
+        let now = Date()
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: nil,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: UsageError.noRateLimitsFound.errorDescription,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.placeholder == nil)
+        #expect(model.subtitleStyle == .error)
+        #expect(model.subtitleText == UsageError.noRateLimitsFound.errorDescription)
+    }
+
+    @Test
+    func `builds metrics using used percent when enabled`() throws {
+        let now = Date()
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "codex@example.com",
+            accountOrganization: nil,
+            loginMethod: "Plus Plan")
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 22,
+                windowMinutes: 300,
+                resetsAt: now.addingTimeInterval(3000),
+                resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: 40,
+                windowMinutes: 10080,
+                resetsAt: now.addingTimeInterval(6000),
+                resetDescription: nil),
+            updatedAt: now,
+            identity: identity)
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+        let dashboard = OpenAIDashboardSnapshot(
+            signedInEmail: "codex@example.com",
+            codeReviewRemainingPercent: 73,
+            codeReviewLimit: RateWindow(
+                usedPercent: 27,
+                windowMinutes: nil,
+                resetsAt: now.addingTimeInterval(3600),
+                resetDescription: nil),
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            updatedAt: now)
+        let codexProjection = CodexConsumerProjection.make(
+            surface: .liveCard,
+            context: CodexConsumerProjection.Context(
+                snapshot: snapshot,
+                rawUsageError: nil,
+                liveCredits: nil,
+                rawCreditsError: nil,
+                liveDashboard: dashboard,
+                rawDashboardError: nil,
+                dashboardAttachmentAuthorized: true,
+                dashboardRequiresLogin: false,
+                now: now))
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: snapshot,
+            codexProjection: codexProjection,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: "codex@example.com", plan: "Plus Plan"),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: true,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.metrics.first?.title == "Session")
+        #expect(model.metrics.first?.percent == 22)
+        #expect(model.metrics.first?.percentLabel.contains("used") == true)
+        #expect(model.metrics.contains { $0.title == "Code review" && $0.percent == 27 })
+    }
+
+    @Test
+    func `shows code review metric when dashboard present`() throws {
+        let now = Date()
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "codex@example.com",
+            accountOrganization: nil,
+            loginMethod: nil)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 0, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: now,
+            identity: identity)
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+        let dashboard = OpenAIDashboardSnapshot(
+            signedInEmail: "codex@example.com",
+            codeReviewRemainingPercent: 73,
+            codeReviewLimit: RateWindow(
+                usedPercent: 27,
+                windowMinutes: nil,
+                resetsAt: now.addingTimeInterval(3600),
+                resetDescription: nil),
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            updatedAt: now)
+        let codexProjection = CodexConsumerProjection.make(
+            surface: .liveCard,
+            context: CodexConsumerProjection.Context(
+                snapshot: snapshot,
+                rawUsageError: nil,
+                liveCredits: nil,
+                rawCreditsError: nil,
+                liveDashboard: dashboard,
+                rawDashboardError: nil,
+                dashboardAttachmentAuthorized: true,
+                dashboardRequiresLogin: false,
+                now: now))
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: snapshot,
+            codexProjection: codexProjection,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: "codex@example.com", plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.metrics.contains { $0.title == "Code review" && $0.percent == 73 })
+        let codeReviewMetric = model.metrics.first { $0.id == "code-review" }
+        #expect(codeReviewMetric?.resetText?.contains("Resets") == true)
+    }
+
+    @Test
+    func `uses semantic codex lanes when weekly duration drifts`() throws {
+        let now = Date()
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "codex@example.com",
+            accountOrganization: nil,
+            loginMethod: nil)
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: RateWindow(
+                usedPercent: 25,
+                windowMinutes: 11040,
+                resetsAt: now.addingTimeInterval(3600),
+                resetDescription: nil),
+            tertiary: nil,
+            updatedAt: now,
+            identity: identity)
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+        let codexProjection = CodexConsumerProjection.make(
+            surface: .liveCard,
+            context: CodexConsumerProjection.Context(
+                snapshot: snapshot,
+                rawUsageError: nil,
+                liveCredits: nil,
+                rawCreditsError: nil,
+                liveDashboard: nil,
+                rawDashboardError: nil,
+                dashboardAttachmentAuthorized: false,
+                dashboardRequiresLogin: false,
+                now: now))
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: snapshot,
+            codexProjection: codexProjection,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: "codex@example.com", plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.metrics.count == 1)
+        #expect(model.metrics.first?.id == "secondary")
+        #expect(model.metrics.first?.title == "Weekly")
+        #expect(model.metrics.first?.percent == 75)
+    }
+
+    @Test
+    func `renders codex spark as a named extra metric after the core lanes`() throws {
+        let now = Date(timeIntervalSince1970: 1_800_000_000)
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "user@example.com",
+            accountOrganization: nil,
+            loginMethod: "Pro")
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 2,
+                windowMinutes: 300,
+                resetsAt: now.addingTimeInterval(4 * 60 * 60),
+                resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: 4,
+                windowMinutes: 10080,
+                resetsAt: now.addingTimeInterval(6 * 24 * 60 * 60),
+                resetDescription: nil),
+            tertiary: nil,
+            extraRateWindows: [
+                NamedRateWindow(
+                    id: "codex-spark",
+                    title: "Codex Spark 5-hour",
+                    window: RateWindow(
+                        usedPercent: 30,
+                        windowMinutes: 300,
+                        resetsAt: now.addingTimeInterval(60 * 60),
+                        resetDescription: nil)),
+                NamedRateWindow(
+                    id: "codex-spark-weekly",
+                    title: "Codex Spark Weekly",
+                    window: RateWindow(
+                        usedPercent: 100,
+                        windowMinutes: 10080,
+                        resetsAt: now.addingTimeInterval(6 * 24 * 60 * 60),
+                        resetDescription: nil)),
+            ],
+            updatedAt: now,
+            identity: identity)
+        let projection = CodexConsumerProjection.make(
+            surface: .liveCard,
+            context: CodexConsumerProjection.Context(
+                snapshot: snapshot,
+                rawUsageError: nil,
+                liveCredits: nil,
+                rawCreditsError: nil,
+                liveDashboard: nil,
+                rawDashboardError: nil,
+                dashboardAttachmentAuthorized: false,
+                dashboardRequiresLogin: false,
+                now: now))
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: snapshot,
+            codexProjection: projection,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: "user@example.com", plan: "Pro"),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        let spark = try #require(model.metrics.first { $0.id == "codex-spark" })
+        #expect(spark.title == "Codex Spark 5-hour")
+        #expect(spark.percent == 70)
+        #expect(spark.percentLabel == "70% left")
+        #expect(spark.resetText != nil)
+        let sparkWeekly = try #require(model.metrics.first { $0.id == "codex-spark-weekly" })
+        #expect(sparkWeekly.title == "Codex Spark Weekly")
+        #expect(sparkWeekly.percent == 0)
+        #expect(sparkWeekly.percentLabel == "0% left")
+        #expect(sparkWeekly.resetText != nil)
+        // Spark trails the core session/weekly lanes rather than replacing them.
+        let sparkIndex = try #require(model.metrics.firstIndex { $0.id == "codex-spark" })
+        let sparkWeeklyIndex = try #require(model.metrics.firstIndex { $0.id == "codex-spark-weekly" })
+        let sessionIndex = try #require(model.metrics.firstIndex { $0.id == "primary" })
+        #expect(sparkIndex > sessionIndex)
+        #expect(sparkWeeklyIndex > sparkIndex)
+    }
+
+    @Test
+    func `hides codex credits when disabled`() throws {
+        let now = Date()
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "codex@example.com",
+            accountOrganization: nil,
+            loginMethod: nil)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 0, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: now,
+            identity: identity)
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+        let codexProjection = CodexConsumerProjection.make(
+            surface: .liveCard,
+            context: CodexConsumerProjection.Context(
+                snapshot: snapshot,
+                rawUsageError: nil,
+                liveCredits: CreditsSnapshot(remaining: 12, events: [], updatedAt: now),
+                rawCreditsError: nil,
+                liveDashboard: nil,
+                rawDashboardError: nil,
+                dashboardAttachmentAuthorized: false,
+                dashboardRequiresLogin: false,
+                now: now))
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: snapshot,
+            codexProjection: codexProjection,
+            credits: CreditsSnapshot(remaining: 12, events: [], updatedAt: now),
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: "codex@example.com", plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: false,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.creditsText == nil)
+    }
+
+    @Test
+    func `hides codex spark extra metric when showOptionalCreditsAndExtraUsage is false`() throws {
+        let now = Date(timeIntervalSince1970: 1_800_000_000)
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "user@example.com",
+            accountOrganization: nil,
+            loginMethod: "Pro")
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 2,
+                windowMinutes: 300,
+                resetsAt: now.addingTimeInterval(4 * 60 * 60),
+                resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: 4,
+                windowMinutes: 10080,
+                resetsAt: now.addingTimeInterval(6 * 24 * 60 * 60),
+                resetDescription: nil),
+            tertiary: nil,
+            extraRateWindows: [
+                NamedRateWindow(
+                    id: "codex-spark",
+                    title: "Codex Spark 5-hour",
+                    window: RateWindow(
+                        usedPercent: 30,
+                        windowMinutes: 300,
+                        resetsAt: now.addingTimeInterval(60 * 60),
+                        resetDescription: nil)),
+                NamedRateWindow(
+                    id: "codex-spark-weekly",
+                    title: "Codex Spark Weekly",
+                    window: RateWindow(
+                        usedPercent: 100,
+                        windowMinutes: 10080,
+                        resetsAt: now.addingTimeInterval(6 * 24 * 60 * 60),
+                        resetDescription: nil)),
+            ],
+            updatedAt: now,
+            identity: identity)
+        let projection = CodexConsumerProjection.make(
+            surface: .liveCard,
+            context: CodexConsumerProjection.Context(
+                snapshot: snapshot,
+                rawUsageError: nil,
+                liveCredits: nil,
+                rawCreditsError: nil,
+                liveDashboard: nil,
+                rawDashboardError: nil,
+                dashboardAttachmentAuthorized: false,
+                dashboardRequiresLogin: false,
+                now: now))
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: snapshot,
+            codexProjection: projection,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: "user@example.com", plan: "Pro"),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: false,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(!model.metrics.contains { $0.id == "codex-spark" })
+        #expect(!model.metrics.contains { $0.id == "codex-spark-weekly" })
+        #expect(model.metrics.contains { $0.id == "primary" })
+        #expect(model.metrics.contains { $0.id == "secondary" })
+    }
+}
diff --git a/Tests/CodexBarTests/MenuCardModelTests.swift b/Tests/CodexBarTests/MenuCardModelTests.swift
index 48e2a7803..6e64710af 100644
--- a/Tests/CodexBarTests/MenuCardModelTests.swift
+++ b/Tests/CodexBarTests/MenuCardModelTests.swift
@@ -4,72 +4,710 @@ import SwiftUI
 import Testing
 @testable import CodexBar
 
-@Suite
-struct MenuCardModelTests {
+struct OverviewMenuCardVisibilityTests {
+    @Test
+    func `overview hides cards that only contain an error`() throws {
+        let metadata = try #require(ProviderDefaults.metadata[.cursor])
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .cursor,
+            metadata: metadata,
+            snapshot: nil,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: "No Cursor session found.",
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: Date()))
+
+        #expect(model.isOverviewErrorOnly)
+    }
+
+    @Test
+    func `overview keeps cards with graceful unavailable placeholders`() throws {
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: nil,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: "user@example.com", plan: "pro"),
+            isRefreshing: false,
+            lastError: UsageError.noRateLimitsFound.errorDescription,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: Date()))
+
+        #expect(model.placeholder == "Limits not available")
+        #expect(!model.isOverviewErrorOnly)
+    }
+}
+
+struct ProviderInlineDashboardModelTests {
+    @Test
+    func `claude admin api usage gets inline dashboard`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let metadata = try #require(ProviderDefaults.metadata[.claude])
+        let usage = ClaudeAdminAPIUsageSnapshot(
+            daily: [
+                ClaudeAdminAPIUsageSnapshot.DailyBucket(
+                    day: "2023-11-14",
+                    startTime: now,
+                    endTime: now.addingTimeInterval(86400),
+                    costUSD: 1.25,
+                    inputTokens: 1000,
+                    cacheCreationInputTokens: 400,
+                    cacheReadInputTokens: 300,
+                    outputTokens: 250,
+                    totalTokens: 1950,
+                    costItems: [
+                        ClaudeAdminAPIUsageSnapshot.CostBreakdown(name: "Claude Sonnet Usage", costUSD: 1.25),
+                    ],
+                    models: [
+                        ClaudeAdminAPIUsageSnapshot.ModelBreakdown(
+                            name: "claude-sonnet-4-20250514",
+                            inputTokens: 1000,
+                            cacheCreationInputTokens: 400,
+                            cacheReadInputTokens: 300,
+                            outputTokens: 250,
+                            totalTokens: 1950),
+                    ]),
+            ],
+            updatedAt: now)
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .claude,
+            metadata: metadata,
+            snapshot: usage.toUsageSnapshot(),
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.metrics.isEmpty)
+        #expect(model.inlineUsageDashboard?.kpis.first?.value == "$1.25")
+        #expect(model.inlineUsageDashboard?.points.first?.accessibilityValue == "2023-11-14: $1.25")
+        #expect(model.inlineUsageDashboard?.detailLines
+            .contains { $0.hasPrefix("30d:") && $0.contains("tokens") } == true)
+        #expect(model.inlineUsageDashboard?.detailLines.contains("Top model: claude-sonnet-4-20250514") == true)
+        #expect(model.planText == "Admin API")
+    }
+
+    @Test
+    func `openrouter period usage gets inline dashboard`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let metadata = try #require(ProviderDefaults.metadata[.openrouter])
+        let usage = OpenRouterUsageSnapshot(
+            totalCredits: 100,
+            totalUsage: 40,
+            balance: 60,
+            usedPercent: 40,
+            keyDataFetched: true,
+            keyLimit: 25,
+            keyUsage: 10,
+            keyUsageDaily: 1.25,
+            keyUsageWeekly: 7.5,
+            keyUsageMonthly: 18.75,
+            rateLimit: OpenRouterRateLimit(requests: 100, interval: "10s"),
+            updatedAt: now)
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .openrouter,
+            metadata: metadata,
+            snapshot: usage.toUsageSnapshot(),
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.inlineUsageDashboard?.kpis.first?.value == "$60.00")
+        #expect(model.inlineUsageDashboard?.points.map(\.label) == ["Today", "Week", "Month"])
+        #expect(model.inlineUsageDashboard?.detailLines.contains("Rate limit: 100 / 10s") == true)
+    }
+
+    @Test
+    func `local cost history gets inline dashboard`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let metadata = try #require(ProviderDefaults.metadata[.claude])
+        let daily = [
+            CostUsageDailyReport.Entry(
+                date: "2023-11-14",
+                inputTokens: 100,
+                outputTokens: 50,
+                totalTokens: 150,
+                costUSD: 0.12,
+                modelsUsed: ["claude-sonnet-4"],
+                modelBreakdowns: [
+                    CostUsageDailyReport.ModelBreakdown(
+                        modelName: "claude-sonnet-4",
+                        costUSD: 0.12,
+                        totalTokens: 150),
+                ]),
+            CostUsageDailyReport.Entry(
+                date: "2023-11-15",
+                inputTokens: 200,
+                outputTokens: 75,
+                totalTokens: 275,
+                costUSD: 0.25,
+                modelsUsed: ["claude-opus-4"],
+                modelBreakdowns: [
+                    CostUsageDailyReport.ModelBreakdown(
+                        modelName: "claude-opus-4",
+                        costUSD: 0.25,
+                        totalTokens: 275),
+                ]),
+        ]
+        let tokenSnapshot = CostUsageTokenSnapshot(
+            sessionTokens: 275,
+            sessionCostUSD: 0.25,
+            last30DaysTokens: 425,
+            last30DaysCostUSD: 0.37,
+            daily: daily,
+            updatedAt: now)
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .claude,
+            metadata: metadata,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 10, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: now),
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: tokenSnapshot,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: true,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.inlineUsageDashboard?.kpis.first?.value == "$0.25")
+        #expect(model.inlineUsageDashboard?.points.count == 2)
+        #expect(model.inlineUsageDashboard?.detailLines.contains { $0.contains("claude-opus-4") } == true)
+        #expect(model.tokenUsage?.sessionLine.contains("$0.25") == true)
+        #expect(model.tokenUsage?.monthLine.contains("$0.37") == true)
+    }
+
+    @Test
+    func `mistral daily buckets get inline dashboard`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let metadata = try #require(ProviderDefaults.metadata[.mistral])
+        let snapshot = MistralUsageSnapshot(
+            totalCost: 1.5,
+            currency: "EUR",
+            currencySymbol: "€",
+            totalInputTokens: 100,
+            totalOutputTokens: 50,
+            totalCachedTokens: 0,
+            modelCount: 1,
+            daily: [
+                MistralDailyUsageBucket(
+                    day: "2023-11-14",
+                    cost: 1.5,
+                    inputTokens: 100,
+                    cachedTokens: 0,
+                    outputTokens: 50,
+                    models: [
+                        MistralDailyUsageBucket.ModelBreakdown(
+                            name: "mistral-large",
+                            cost: 1.5,
+                            inputTokens: 100,
+                            cachedTokens: 0,
+                            outputTokens: 50),
+                    ]),
+            ],
+            startDate: nil,
+            endDate: nil,
+            updatedAt: now)
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .mistral,
+            metadata: metadata,
+            snapshot: snapshot.toUsageSnapshot(),
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.inlineUsageDashboard?.kpis.first?.value == "€1.50")
+        #expect(model.inlineUsageDashboard?.points.first?.accessibilityValue == "2023-11-14: €1.50")
+        #expect(model.inlineUsageDashboard?.detailLines.contains("Top model: mistral-large") == true)
+    }
+
+    @Test
+    func `mistral billing usage can show cost card summary`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let metadata = try #require(ProviderDefaults.metadata[.mistral])
+        let snapshot = MistralUsageSnapshot(
+            totalCost: 1.5,
+            currency: "EUR",
+            currencySymbol: "€",
+            totalInputTokens: 100,
+            totalOutputTokens: 50,
+            totalCachedTokens: 25,
+            modelCount: 1,
+            daily: [
+                MistralDailyUsageBucket(
+                    day: "2023-11-14",
+                    cost: 1.5,
+                    inputTokens: 100,
+                    cachedTokens: 25,
+                    outputTokens: 50,
+                    models: [
+                        MistralDailyUsageBucket.ModelBreakdown(
+                            name: "mistral-large",
+                            cost: 1.5,
+                            inputTokens: 100,
+                            cachedTokens: 25,
+                            outputTokens: 50),
+                    ]),
+            ],
+            startDate: nil,
+            endDate: nil,
+            updatedAt: now)
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .mistral,
+            metadata: metadata,
+            snapshot: snapshot.toUsageSnapshot(),
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: snapshot.toCostUsageTokenSnapshot(historyDays: 30),
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: true,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(ProviderDescriptorRegistry.descriptor(for: .mistral).tokenCost.supportsTokenCost)
+        #expect(model.tokenUsage?.sessionLine == "Latest billing day (Nov 14): €1.50 · 175 tokens")
+        #expect(model.tokenUsage?.monthLine == "This month: €1.50 · 175 tokens")
+        #expect(model.tokenUsage?.hintLine == "Reported by Mistral billing usage.")
+    }
+
+    @Test
+    func `zai hourly usage gets inline dashboard`() throws {
+        let now = try #require(Self.zaiDate("2023-11-15 12:00"))
+        let metadata = try #require(ProviderDefaults.metadata[.zai])
+        let usage = ZaiUsageSnapshot(
+            tokenLimit: nil,
+            timeLimit: nil,
+            planName: "Pro",
+            modelUsage: ZaiModelUsageData(
+                xTime: ["2023-11-14 12:00", "2023-11-15 12:00"],
+                modelDataList: [
+                    ZaiModelDataItem(modelName: "glm-4.5", tokensUsage: [100, 200]),
+                ]),
+            updatedAt: now)
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .zai,
+            metadata: metadata,
+            snapshot: usage.toUsageSnapshot(),
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.inlineUsageDashboard?.kpis.first?.value == "300")
+        #expect(model.inlineUsageDashboard?.points.map(\.label) == ["12", "12"])
+        #expect(Set(model.inlineUsageDashboard?.points.map(\.id) ?? []).count == 2)
+        #expect(model.inlineUsageDashboard?.detailLines.contains("Top model: glm-4.5") == true)
+    }
+
+    private static func zaiDate(_ text: String) -> Date? {
+        let formatter = DateFormatter()
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        formatter.dateFormat = "yyyy-MM-dd HH:mm"
+        return formatter.date(from: text)
+    }
+}
+
+struct FactoryMenuCardModelTests {
+    @Test
+    func `factory token rate billing uses time window labels`() throws {
+        let now = Date()
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 12, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 34, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 56, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: now,
+            identity: nil)
+        let metadata = try #require(ProviderDefaults.metadata[.factory])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .factory,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: true,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.metrics.map(\.title) == ["5-hour", "Weekly", "Monthly"])
+    }
+
+    @Test
+    func `factory legacy billing keeps pool labels`() throws {
+        let now = Date()
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 12, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 34, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: now,
+            identity: nil)
+        let metadata = try #require(ProviderDefaults.metadata[.factory])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .factory,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: true,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.metrics.map(\.title) == ["Standard", "Premium"])
+    }
+
+    @Test
+    func `factory extra usage balance renders as optional balance`() throws {
+        let now = Date()
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 12, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 34, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 56, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            providerCost: ProviderCostSnapshot(
+                used: 25,
+                limit: 0,
+                currencyCode: "USD",
+                period: "Extra usage balance",
+                updatedAt: now),
+            updatedAt: now,
+            identity: nil)
+        let metadata = try #require(ProviderDefaults.metadata[.factory])
+
+        let visible = UsageMenuCardView.Model.make(.init(
+            provider: .factory,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: true,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+        #expect(visible.providerCost?.title == "Extra usage")
+        #expect(visible.providerCost?.spendLine == "Balance: $25.00")
+        #expect(visible.providerCost?.percentUsed == nil)
+        #expect(visible.providerCost?.percentLine == nil)
+
+        let hidden = UsageMenuCardView.Model.make(.init(
+            provider: .factory,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: true,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: false,
+            hidePersonalInfo: false,
+            now: now))
+        #expect(hidden.providerCost == nil)
+    }
+}
+
+struct MiniMaxMenuCardModelTests {
     @Test
-    func buildsMetricsUsingRemainingPercent() throws {
+    func `minimax service metrics use quota card copy`() throws {
         let now = Date()
-        let identity = ProviderIdentitySnapshot(
-            providerID: .codex,
-            accountEmail: "codex@example.com",
-            accountOrganization: nil,
-            loginMethod: "Plus Plan")
+        let minimax = MiniMaxUsageSnapshot(
+            planName: "Max",
+            availablePrompts: nil,
+            currentPrompts: nil,
+            remainingPrompts: nil,
+            windowMinutes: nil,
+            usedPercent: nil,
+            resetsAt: nil,
+            updatedAt: now,
+            services: [
+                MiniMaxServiceUsage(
+                    serviceType: "text-generation",
+                    windowType: "5 hours",
+                    timeRange: "10:00-15:00(UTC+8)",
+                    usage: 2,
+                    limit: 10,
+                    percent: 20,
+                    resetsAt: now.addingTimeInterval(3600),
+                    resetDescription: "Resets in 1 hour"),
+            ])
         let snapshot = UsageSnapshot(
-            primary: RateWindow(
-                usedPercent: 22,
-                windowMinutes: 300,
-                resetsAt: now.addingTimeInterval(3000),
-                resetDescription: nil),
-            secondary: RateWindow(
-                usedPercent: 40,
-                windowMinutes: 10080,
-                resetsAt: now.addingTimeInterval(6000),
-                resetDescription: nil),
+            primary: RateWindow(usedPercent: 20, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            minimaxUsage: minimax,
             updatedAt: now,
-            identity: identity)
-        let metadata = try #require(ProviderDefaults.metadata[.codex])
-        let updatedSnap = try UsageSnapshot(
-            primary: snapshot.primary,
-            secondary: RateWindow(
-                usedPercent: #require(snapshot.secondary?.usedPercent),
-                windowMinutes: #require(snapshot.secondary?.windowMinutes),
-                resetsAt: now.addingTimeInterval(3600),
-                resetDescription: nil),
-            tertiary: snapshot.tertiary,
+            identity: ProviderIdentitySnapshot(
+                providerID: .minimax,
+                accountEmail: nil,
+                accountOrganization: nil,
+                loginMethod: "Max"))
+        let metadata = try #require(ProviderDefaults.metadata[.minimax])
+
+        let used = UsageMenuCardView.Model.make(.init(
+            provider: .minimax,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: true,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(used.metrics.first?.title == "Text Generation")
+        #expect(used.metrics.first?.detailLeftText == "Usage: 2 / 10")
+        #expect(used.metrics.first?.detailRightText == "Used 20%")
+        #expect(used.metrics.first?.detailText == "10:00-15:00(UTC+8)")
+        #expect(used.metrics.first?.percent == 20)
+        #expect(used.metrics.first?.cardStyle == true)
+    }
+
+    @Test
+    func `text generation badge uses real window type when multiple windows exist`() throws {
+        let now = Date()
+        let minimax = MiniMaxUsageSnapshot(
+            planName: "Max",
+            availablePrompts: nil,
+            currentPrompts: nil,
+            remainingPrompts: nil,
+            windowMinutes: nil,
+            usedPercent: nil,
+            resetsAt: nil,
             updatedAt: now,
-            identity: identity)
+            services: [
+                MiniMaxServiceUsage(
+                    serviceType: "text-generation",
+                    windowType: "Today",
+                    timeRange: "2026/05/16 00:00 - 2026/05/17 00:00",
+                    usage: 2,
+                    limit: 10,
+                    percent: 20,
+                    resetsAt: now.addingTimeInterval(3600),
+                    resetDescription: "Resets in 1 hour"),
+                MiniMaxServiceUsage(
+                    serviceType: "text-generation",
+                    windowType: "Weekly",
+                    timeRange: "05/11 00:00 - 05/18 00:00(UTC+8)",
+                    usage: 20,
+                    limit: 100,
+                    percent: 20,
+                    resetsAt: now.addingTimeInterval(7200),
+                    resetDescription: "Resets in 2 hours"),
+            ])
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 20, windowMinutes: 1440, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            minimaxUsage: minimax,
+            updatedAt: now,
+            identity: ProviderIdentitySnapshot(
+                providerID: .minimax,
+                accountEmail: nil,
+                accountOrganization: nil,
+                loginMethod: "Max"))
+        let metadata = try #require(ProviderDefaults.metadata[.minimax])
 
         let model = UsageMenuCardView.Model.make(.init(
-            provider: .codex,
+            provider: .minimax,
             metadata: metadata,
-            snapshot: updatedSnap,
-            credits: CreditsSnapshot(remaining: 12, events: [], updatedAt: now),
+            snapshot: snapshot,
+            credits: nil,
             creditsError: nil,
             dashboard: nil,
             dashboardError: nil,
             tokenSnapshot: nil,
             tokenError: nil,
-            account: AccountInfo(email: "codex@example.com", plan: "Plus Plan"),
+            account: AccountInfo(email: nil, plan: nil),
             isRefreshing: false,
             lastError: nil,
-            usageBarsShowUsed: false,
+            usageBarsShowUsed: true,
             resetTimeDisplayStyle: .countdown,
             tokenCostUsageEnabled: false,
             showOptionalCreditsAndExtraUsage: true,
             hidePersonalInfo: false,
             now: now))
 
-        #expect(model.providerName == "Codex")
         #expect(model.metrics.count == 2)
-        #expect(model.metrics.first?.percent == 78)
-        #expect(model.planText == "Plus")
-        #expect(model.subtitleText.hasPrefix("Updated"))
-        #expect(model.progressColor != Color.clear)
-        #expect(model.metrics[1].resetText?.isEmpty == false)
+        #expect(model.metrics[0].title == "Text Generation · Today")
+        #expect(model.metrics[1].title == "Text Generation · Weekly")
+    }
+}
+
+struct ClaudeMenuCardCostTests {
+    @Test
+    func `claude extra usage labels monthly denominator as cap`() throws {
+        let now = Date()
+        let metadata = try #require(ProviderDefaults.metadata[.claude])
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 0, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            tertiary: nil,
+            providerCost: ProviderCostSnapshot(
+                used: 5,
+                limit: 20,
+                currencyCode: "USD",
+                period: "Monthly cap",
+                updatedAt: now),
+            updatedAt: now,
+            identity: nil)
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .claude,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.providerCost?.spendLine == "Monthly cap: $5.00 / $20.00")
     }
+}
 
+struct MenuCardModelTests {
     @Test
-    func buildsMetricsUsingUsedPercentWhenEnabled() throws {
+    func `builds metrics using remaining percent`() throws {
         let now = Date()
         let identity = ProviderIdentitySnapshot(
             providerID: .codex,
@@ -90,77 +728,92 @@ struct MenuCardModelTests {
             updatedAt: now,
             identity: identity)
         let metadata = try #require(ProviderDefaults.metadata[.codex])
-
-        let dashboard = OpenAIDashboardSnapshot(
-            signedInEmail: "codex@example.com",
-            codeReviewRemainingPercent: 73,
-            creditEvents: [],
-            dailyBreakdown: [],
-            usageBreakdown: [],
-            creditsPurchaseURL: nil,
-            updatedAt: now)
+        let updatedSnap = try UsageSnapshot(
+            primary: snapshot.primary,
+            secondary: RateWindow(
+                usedPercent: #require(snapshot.secondary?.usedPercent),
+                windowMinutes: #require(snapshot.secondary?.windowMinutes),
+                resetsAt: now.addingTimeInterval(3600),
+                resetDescription: nil),
+            tertiary: snapshot.tertiary,
+            updatedAt: now,
+            identity: identity)
+        let codexProjection = CodexConsumerProjection.make(
+            surface: .liveCard,
+            context: CodexConsumerProjection.Context(
+                snapshot: updatedSnap,
+                rawUsageError: nil,
+                liveCredits: nil,
+                rawCreditsError: nil,
+                liveDashboard: nil,
+                rawDashboardError: nil,
+                dashboardAttachmentAuthorized: false,
+                dashboardRequiresLogin: false,
+                now: now))
 
         let model = UsageMenuCardView.Model.make(.init(
             provider: .codex,
             metadata: metadata,
-            snapshot: snapshot,
-            credits: nil,
+            snapshot: updatedSnap,
+            codexProjection: codexProjection,
+            credits: CreditsSnapshot(remaining: 12, events: [], updatedAt: now),
             creditsError: nil,
-            dashboard: dashboard,
+            dashboard: nil,
             dashboardError: nil,
             tokenSnapshot: nil,
             tokenError: nil,
             account: AccountInfo(email: "codex@example.com", plan: "Plus Plan"),
             isRefreshing: false,
             lastError: nil,
-            usageBarsShowUsed: true,
+            usageBarsShowUsed: false,
             resetTimeDisplayStyle: .countdown,
             tokenCostUsageEnabled: false,
             showOptionalCreditsAndExtraUsage: true,
             hidePersonalInfo: false,
+            quotaWarningThresholds: [.session: [50, 20], .weekly: [25, 0]],
             now: now))
 
-        #expect(model.metrics.first?.title == "Session")
-        #expect(model.metrics.first?.percent == 22)
-        #expect(model.metrics.first?.percentLabel.contains("used") == true)
-        #expect(model.metrics.contains { $0.title == "Code review" && $0.percent == 27 })
+        #expect(model.providerName == "Codex")
+        #expect(model.metrics.count == 2)
+        #expect(model.metrics.first?.percent == 78)
+        #expect(model.metrics.first?.warningMarkerPercents == [50, 20])
+        #expect(model.metrics[1].warningMarkerPercents == [25])
+        #expect(model.planText == "Plus")
+        #expect(model.subtitleText.hasPrefix("Updated"))
+        #expect(model.progressColor != Color.clear)
+        #expect(model.metrics[1].resetText?.isEmpty == false)
     }
 
     @Test
-    func showsCodeReviewMetricWhenDashboardPresent() throws {
+    func `claude model hides weekly when unavailable`() throws {
         let now = Date()
         let identity = ProviderIdentitySnapshot(
-            providerID: .codex,
-            accountEmail: "codex@example.com",
+            providerID: .claude,
+            accountEmail: nil,
             accountOrganization: nil,
-            loginMethod: nil)
+            loginMethod: "Max")
         let snapshot = UsageSnapshot(
-            primary: RateWindow(usedPercent: 0, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            primary: RateWindow(
+                usedPercent: 2,
+                windowMinutes: nil,
+                resetsAt: now.addingTimeInterval(3600),
+                resetDescription: nil),
             secondary: nil,
             tertiary: nil,
             updatedAt: now,
             identity: identity)
-        let metadata = try #require(ProviderDefaults.metadata[.codex])
-
-        let dashboard = OpenAIDashboardSnapshot(
-            signedInEmail: "codex@example.com",
-            codeReviewRemainingPercent: 73,
-            creditEvents: [],
-            dailyBreakdown: [],
-            usageBreakdown: [],
-            creditsPurchaseURL: nil,
-            updatedAt: now)
+        let metadata = try #require(ProviderDefaults.metadata[.claude])
         let model = UsageMenuCardView.Model.make(.init(
-            provider: .codex,
+            provider: .claude,
             metadata: metadata,
             snapshot: snapshot,
             credits: nil,
             creditsError: nil,
-            dashboard: dashboard,
+            dashboard: nil,
             dashboardError: nil,
             tokenSnapshot: nil,
             tokenError: nil,
-            account: AccountInfo(email: "codex@example.com", plan: nil),
+            account: AccountInfo(email: "codex@example.com", plan: "plus"),
             isRefreshing: false,
             lastError: nil,
             usageBarsShowUsed: false,
@@ -170,11 +823,13 @@ struct MenuCardModelTests {
             hidePersonalInfo: false,
             now: now))
 
-        #expect(model.metrics.contains { $0.title == "Code review" && $0.percent == 73 })
+        #expect(model.metrics.count == 1)
+        #expect(model.metrics.first?.title == "Session")
+        #expect(model.planText == "Max")
     }
 
     @Test
-    func claudeModelHidesWeeklyWhenUnavailable() throws {
+    func `claude model includes routines bar when present`() throws {
         let now = Date()
         let identity = ProviderIdentitySnapshot(
             providerID: .claude,
@@ -187,8 +842,26 @@ struct MenuCardModelTests {
                 windowMinutes: nil,
                 resetsAt: now.addingTimeInterval(3600),
                 resetDescription: nil),
-            secondary: nil,
-            tertiary: nil,
+            secondary: RateWindow(
+                usedPercent: 8,
+                windowMinutes: 10080,
+                resetsAt: now.addingTimeInterval(7200),
+                resetDescription: nil),
+            tertiary: RateWindow(
+                usedPercent: 16,
+                windowMinutes: 10080,
+                resetsAt: now.addingTimeInterval(7800),
+                resetDescription: nil),
+            extraRateWindows: [
+                NamedRateWindow(
+                    id: "claude-routines",
+                    title: "Daily Routines",
+                    window: RateWindow(
+                        usedPercent: 7,
+                        windowMinutes: 10080,
+                        resetsAt: now.addingTimeInterval(9200),
+                        resetDescription: nil)),
+            ],
             updatedAt: now,
             identity: identity)
         let metadata = try #require(ProviderDefaults.metadata[.claude])
@@ -212,13 +885,11 @@ struct MenuCardModelTests {
             hidePersonalInfo: false,
             now: now))
 
-        #expect(model.metrics.count == 1)
-        #expect(model.metrics.first?.title == "Session")
-        #expect(model.planText == "Max")
+        #expect(model.metrics.map(\.title) == ["Session", "Weekly", "Sonnet", "Daily Routines"])
     }
 
     @Test
-    func showsErrorSubtitleWhenPresent() throws {
+    func `shows error subtitle when present`() throws {
         let metadata = try #require(ProviderDefaults.metadata[.codex])
         let model = UsageMenuCardView.Model.make(.init(
             provider: .codex,
@@ -246,7 +917,7 @@ struct MenuCardModelTests {
     }
 
     @Test
-    func costSectionIncludesLast30DaysTokens() throws {
+    func `cost section includes last30 days tokens`() throws {
         let now = Date()
         let metadata = try #require(ProviderDefaults.metadata[.codex])
         let snapshot = UsageSnapshot(
@@ -283,10 +954,11 @@ struct MenuCardModelTests {
 
         #expect(model.tokenUsage?.monthLine.contains("456") == true)
         #expect(model.tokenUsage?.monthLine.contains("tokens") == true)
+        #expect(model.tokenUsage?.hintLine == "Estimated from local Codex logs for the selected account.")
     }
 
     @Test
-    func claudeModelDoesNotLeakCodexPlan() throws {
+    func `claude model does not leak codex plan`() throws {
         let metadata = try #require(ProviderDefaults.metadata[.claude])
         let model = UsageMenuCardView.Model.make(.init(
             provider: .claude,
@@ -313,46 +985,7 @@ struct MenuCardModelTests {
     }
 
     @Test
-    func hidesCodexCreditsWhenDisabled() throws {
-        let now = Date()
-        let identity = ProviderIdentitySnapshot(
-            providerID: .codex,
-            accountEmail: "codex@example.com",
-            accountOrganization: nil,
-            loginMethod: nil)
-        let snapshot = UsageSnapshot(
-            primary: RateWindow(usedPercent: 0, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
-            secondary: nil,
-            tertiary: nil,
-            updatedAt: now,
-            identity: identity)
-        let metadata = try #require(ProviderDefaults.metadata[.codex])
-
-        let model = UsageMenuCardView.Model.make(.init(
-            provider: .codex,
-            metadata: metadata,
-            snapshot: snapshot,
-            credits: CreditsSnapshot(remaining: 12, events: [], updatedAt: now),
-            creditsError: nil,
-            dashboard: nil,
-            dashboardError: nil,
-            tokenSnapshot: nil,
-            tokenError: nil,
-            account: AccountInfo(email: "codex@example.com", plan: nil),
-            isRefreshing: false,
-            lastError: nil,
-            usageBarsShowUsed: false,
-            resetTimeDisplayStyle: .countdown,
-            tokenCostUsageEnabled: false,
-            showOptionalCreditsAndExtraUsage: false,
-            hidePersonalInfo: false,
-            now: now))
-
-        #expect(model.creditsText == nil)
-    }
-
-    @Test
-    func hidesClaudeExtraUsageWhenDisabled() throws {
+    func `hides claude extra usage when disabled`() throws {
         let now = Date()
         let identity = ProviderIdentitySnapshot(
             providerID: .claude,
@@ -393,7 +1026,7 @@ struct MenuCardModelTests {
 
     @Test
     @MainActor
-    func openRouterModel_usesAPIKeyQuotaBarAndQuotaDetail() throws {
+    func `open router model uses API key quota bar and quota detail`() throws {
         let now = Date()
         let metadata = try #require(ProviderDefaults.metadata[.openrouter])
         let snapshot = OpenRouterUsageSnapshot(
@@ -439,7 +1072,7 @@ struct MenuCardModelTests {
     }
 
     @Test
-    func openRouterModel_withoutKeyLimitShowsTextOnlySummary() throws {
+    func `open router model without key limit shows text only summary`() throws {
         let now = Date()
         let metadata = try #require(ProviderDefaults.metadata[.openrouter])
         let snapshot = OpenRouterUsageSnapshot(
@@ -480,7 +1113,7 @@ struct MenuCardModelTests {
     }
 
     @Test
-    func openRouterModel_whenKeyFetchUnavailableShowsUnavailableNote() throws {
+    func `open router model when key fetch unavailable shows unavailable note`() throws {
         let now = Date()
         let metadata = try #require(ProviderDefaults.metadata[.openrouter])
         let snapshot = OpenRouterUsageSnapshot(
@@ -519,7 +1152,7 @@ struct MenuCardModelTests {
     }
 
     @Test
-    func hidesEmailWhenPersonalInfoHidden() throws {
+    func `hides email when personal info hidden`() throws {
         let now = Date()
         let identity = ProviderIdentitySnapshot(
             providerID: .codex,
@@ -561,7 +1194,7 @@ struct MenuCardModelTests {
     }
 
     @Test
-    func kiloModelSplitsPassAndActivityAndShowsFallbackNote() throws {
+    func `kilo model splits pass and activity and shows fallback note`() throws {
         let now = Date()
         let metadata = try #require(ProviderDefaults.metadata[.kilo])
         let snapshot = UsageSnapshot(
@@ -607,7 +1240,7 @@ struct MenuCardModelTests {
     }
 
     @Test
-    func kiloModelTreatsAutoTopUpOnlyLoginAsActivity() throws {
+    func `kilo model treats auto top up only login as activity`() throws {
         let now = Date()
         let metadata = try #require(ProviderDefaults.metadata[.kilo])
         let snapshot = UsageSnapshot(
@@ -646,7 +1279,7 @@ struct MenuCardModelTests {
     }
 
     @Test
-    func kiloModelDoesNotShowFallbackNoteWhenNotAutoToCLI() throws {
+    func `kilo model does not show fallback note when not auto to CLI`() throws {
         let now = Date()
         let metadata = try #require(ProviderDefaults.metadata[.kilo])
         let snapshot = UsageSnapshot(
@@ -713,7 +1346,7 @@ struct MenuCardModelTests {
     }
 
     @Test
-    func kiloModelShowsPrimaryDetailWhenResetDateMissing() throws {
+    func `kilo model shows primary detail when reset date missing`() throws {
         let now = Date()
         let metadata = try #require(ProviderDefaults.metadata[.kilo])
         let snapshot = UsageSnapshot(
@@ -757,7 +1390,7 @@ struct MenuCardModelTests {
     }
 
     @Test
-    func kiloModelKeepsZeroTotalEdgeStateVisible() throws {
+    func `kilo model keeps zero total edge state visible`() throws {
         let now = Date()
         let metadata = try #require(ProviderDefaults.metadata[.kilo])
         let snapshot = KiloUsageSnapshot(
@@ -796,7 +1429,7 @@ struct MenuCardModelTests {
     }
 
     @Test
-    func warpModelShowsPrimaryDetailWhenResetDateMissing() throws {
+    func `warp model shows primary detail when reset date missing`() throws {
         let now = Date()
         let identity = ProviderIdentitySnapshot(
             providerID: .warp,
@@ -839,4 +1472,50 @@ struct MenuCardModelTests {
         #expect(primary.resetText == nil)
         #expect(primary.detailText == "10/100 credits")
     }
+
+    @Test
+    func `mistral model surfaces monthly cost as primary detail text`() throws {
+        let now = Date()
+        let resetsAt = now.addingTimeInterval(3 * 24 * 60 * 60)
+        let identity = ProviderIdentitySnapshot(
+            providerID: .mistral,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: nil)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 0,
+                windowMinutes: nil,
+                resetsAt: resetsAt,
+                resetDescription: "€1.2345 this month"),
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: now,
+            identity: identity)
+        let metadata = try #require(ProviderDefaults.metadata[.mistral])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .mistral,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: true,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        let primary = try #require(model.metrics.first)
+        #expect(primary.detailText == "€1.2345 this month")
+        #expect(primary.resetText?.hasPrefix("Resets") == true)
+    }
 }
diff --git a/Tests/CodexBarTests/MenuCardOptionalUsageModelTests.swift b/Tests/CodexBarTests/MenuCardOptionalUsageModelTests.swift
new file mode 100644
index 000000000..7784c571d
--- /dev/null
+++ b/Tests/CodexBarTests/MenuCardOptionalUsageModelTests.swift
@@ -0,0 +1,97 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct MenuCardOptionalUsageModelTests {
+    @Test
+    func `hides codex credits when disabled`() throws {
+        let now = Date()
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "codex@example.com",
+            accountOrganization: nil,
+            loginMethod: nil)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 0, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: now,
+            identity: identity)
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+        let credits = CreditsSnapshot(remaining: 12, events: [], updatedAt: now)
+        let codexProjection = CodexConsumerProjection.make(
+            surface: .liveCard,
+            context: CodexConsumerProjection.Context(
+                snapshot: snapshot,
+                rawUsageError: nil,
+                liveCredits: credits,
+                rawCreditsError: nil,
+                liveDashboard: nil,
+                rawDashboardError: nil,
+                dashboardAttachmentAuthorized: true,
+                dashboardRequiresLogin: false,
+                now: now))
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: snapshot,
+            codexProjection: codexProjection,
+            credits: credits,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: "codex@example.com", plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: false,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.creditsText == nil)
+    }
+
+    @Test
+    func `claude model does not show obsolete peak hours note`() throws {
+        let now = Date()
+        let identity = ProviderIdentitySnapshot(
+            providerID: .claude,
+            accountEmail: "claude@example.com",
+            accountOrganization: nil,
+            loginMethod: nil)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 30, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: now,
+            identity: identity)
+        let metadata = try #require(ProviderDefaults.metadata[.claude])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .claude,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.usageNotes.isEmpty)
+    }
+}
diff --git a/Tests/CodexBarTests/MenuCardProviderRegressionTests.swift b/Tests/CodexBarTests/MenuCardProviderRegressionTests.swift
new file mode 100644
index 000000000..08bcc94ee
--- /dev/null
+++ b/Tests/CodexBarTests/MenuCardProviderRegressionTests.swift
@@ -0,0 +1,88 @@
+import CodexBarCore
+import Foundation
+import SwiftUI
+import Testing
+@testable import CodexBar
+
+struct MenuCardProviderRegressionTests {
+    @Test
+    func `elevenlabs progress color stays visible in light menus`() {
+        #expect(UsageMenuCardView.Model.progressColor(for: .elevenlabs) == Color(nsColor: .labelColor))
+    }
+
+    @Test
+    func `open router model shows daily and weekly key spend`() throws {
+        let now = Date()
+        let metadata = try #require(ProviderDefaults.metadata[.openrouter])
+        let snapshot = OpenRouterUsageSnapshot(
+            totalCredits: 50,
+            totalUsage: 45.3895596325,
+            balance: 4.6104403675,
+            usedPercent: 90.779119265,
+            keyLimit: 20,
+            keyUsage: 0.5,
+            keyUsageDaily: 0.12,
+            keyUsageWeekly: 0.74,
+            rateLimit: nil,
+            updatedAt: now).toUsageSnapshot()
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .openrouter,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.usageNotes == ["Today: $0.12 · This week: $0.74"])
+    }
+
+    @Test
+    func `copilot over quota usage keeps used percentage detail`() throws {
+        let now = Date()
+        let metadata = try #require(ProviderDefaults.metadata[.copilot])
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 115, windowMinutes: nil, resetsAt: nil, resetDescription: "115% used"),
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: now,
+            identity: nil)
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .copilot,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        let metric = try #require(model.metrics.first)
+        #expect(metric.percent == 0)
+        #expect(metric.percentLabel == "0% left")
+        #expect(metric.detailLeftText == "115% used")
+    }
+}
diff --git a/Tests/CodexBarTests/MenuCardQuotaWarningMarkerTests.swift b/Tests/CodexBarTests/MenuCardQuotaWarningMarkerTests.swift
new file mode 100644
index 000000000..58c3c28a2
--- /dev/null
+++ b/Tests/CodexBarTests/MenuCardQuotaWarningMarkerTests.swift
@@ -0,0 +1,123 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct MenuCardQuotaWarningMarkerTests {
+    @Test
+    func `quota warning marker geometry is inset and hairline`() {
+        let rect = UsageProgressBar.warningMarkerRect(
+            x: 50,
+            size: CGSize(width: 100, height: 6),
+            scale: 2)
+
+        #expect(rect.width == 1)
+        #expect(rect.height < 6)
+        #expect(rect.minY > 0)
+        #expect(abs(rect.midX - 50) <= 0.5)
+    }
+
+    @Test
+    func `omits quota warning markers for disabled windows`() throws {
+        let now = Date()
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: "Plus Plan")
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 20,
+                windowMinutes: 300,
+                resetsAt: nil,
+                resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: 40,
+                windowMinutes: 10080,
+                resetsAt: nil,
+                resetDescription: nil),
+            updatedAt: now,
+            identity: identity)
+        let codexProjection = CodexConsumerProjection.make(
+            surface: .liveCard,
+            context: CodexConsumerProjection.Context(
+                snapshot: snapshot,
+                rawUsageError: nil,
+                liveCredits: nil,
+                rawCreditsError: nil,
+                liveDashboard: nil,
+                rawDashboardError: nil,
+                dashboardAttachmentAuthorized: false,
+                dashboardRequiresLogin: false,
+                now: now))
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: snapshot,
+            codexProjection: codexProjection,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: false,
+            hidePersonalInfo: false,
+            quotaWarningThresholds: [.session: [50], .weekly: []],
+            now: now))
+
+        #expect(model.metrics.count == 2)
+        #expect(model.metrics.first?.warningMarkerPercents == [50])
+        #expect(model.metrics[1].warningMarkerPercents.isEmpty)
+    }
+
+    @Test
+    func `work day marker percents for 5-day week`() {
+        #expect(workDayMarkerPercents(workDays: 5, windowMinutes: 10080) == [20.0, 40.0, 60.0, 80.0])
+    }
+
+    @Test
+    func `work day marker percents for 4-day week`() {
+        #expect(workDayMarkerPercents(workDays: 4, windowMinutes: 10080) == [25.0, 50.0, 75.0])
+    }
+
+    @Test
+    func `work day marker percents for 7-day week`() {
+        let markers = workDayMarkerPercents(workDays: 7, windowMinutes: 10080)
+        #expect(markers.count == 6)
+        #expect(abs(markers[0] - 14.2857) < 0.001)
+        #expect(abs(markers[5] - 85.7143) < 0.001)
+    }
+
+    @Test
+    func `work day marker percents nil work days returns empty`() {
+        #expect(workDayMarkerPercents(workDays: nil, windowMinutes: 10080).isEmpty)
+    }
+
+    @Test
+    func `work day marker percents nil window minutes returns empty`() {
+        #expect(workDayMarkerPercents(workDays: 5, windowMinutes: nil).isEmpty)
+    }
+
+    @Test
+    func `work day marker percents non-weekly window returns empty`() {
+        #expect(workDayMarkerPercents(workDays: 5, windowMinutes: 300).isEmpty)
+        #expect(workDayMarkerPercents(workDays: 5, windowMinutes: 1440).isEmpty)
+    }
+
+    @Test
+    func `work day marker percents invalid work days returns empty`() {
+        #expect(workDayMarkerPercents(workDays: 1, windowMinutes: 10080).isEmpty)
+        #expect(workDayMarkerPercents(workDays: 0, windowMinutes: 10080).isEmpty)
+        #expect(workDayMarkerPercents(workDays: 8, windowMinutes: 10080).isEmpty)
+        #expect(workDayMarkerPercents(workDays: -1, windowMinutes: 10080).isEmpty)
+    }
+}
diff --git a/Tests/CodexBarTests/MenuCardSubtitleTests.swift b/Tests/CodexBarTests/MenuCardSubtitleTests.swift
new file mode 100644
index 000000000..8407c1c10
--- /dev/null
+++ b/Tests/CodexBarTests/MenuCardSubtitleTests.swift
@@ -0,0 +1,49 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct MenuCardSubtitleTests {
+    @Test
+    func `subtitle uses injected current time`() throws {
+        let updatedAt = Date(timeIntervalSinceReferenceDate: 0)
+        let now = updatedAt.addingTimeInterval(5 * 3600)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 22,
+                windowMinutes: 300,
+                resetsAt: now.addingTimeInterval(3000),
+                resetDescription: nil),
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: updatedAt,
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: "codex@example.com",
+                accountOrganization: nil,
+                loginMethod: "Plus Plan"))
+        let metadata = try #require(ProviderDefaults.metadata[.codex])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .codex,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: "codex@example.com", plan: "Plus Plan"),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.subtitleText == UsageFormatter.updatedString(from: updatedAt, now: now))
+    }
+}
diff --git a/Tests/CodexBarTests/MenuDescriptorAntigravityTests.swift b/Tests/CodexBarTests/MenuDescriptorAntigravityTests.swift
new file mode 100644
index 000000000..153425060
--- /dev/null
+++ b/Tests/CodexBarTests/MenuDescriptorAntigravityTests.swift
@@ -0,0 +1,60 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@MainActor
+struct MenuDescriptorAntigravityTests {
+    @Test
+    func `antigravity menu does not add unavailable notes for missing families`() throws {
+        let suite = "MenuDescriptorAntigravityTests-missing-gemini"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 10,
+                windowMinutes: nil,
+                resetsAt: Date().addingTimeInterval(3600),
+                resetDescription: nil),
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .antigravity,
+                accountEmail: nil,
+                accountOrganization: nil,
+                loginMethod: "Pro"))
+        store._setSnapshotForTesting(snapshot, provider: .antigravity)
+
+        let descriptor = MenuDescriptor.build(
+            provider: .antigravity,
+            store: store,
+            settings: settings,
+            account: AccountInfo(email: nil, plan: nil),
+            updateReady: false,
+            includeContextualActions: false)
+
+        let lines = descriptor.sections
+            .flatMap(
+                \.entries)
+            .compactMap { entry -> String? in
+                guard case let .text(text, _) = entry else { return nil }
+                return text
+            }
+
+        #expect(!lines.contains("Gemini Pro unavailable."))
+        #expect(!lines.contains("Gemini Flash unavailable."))
+    }
+}
diff --git a/Tests/CodexBarTests/MenuDescriptorCodexManagedFallbackTests.swift b/Tests/CodexBarTests/MenuDescriptorCodexManagedFallbackTests.swift
new file mode 100644
index 000000000..218bb0abc
--- /dev/null
+++ b/Tests/CodexBarTests/MenuDescriptorCodexManagedFallbackTests.swift
@@ -0,0 +1,181 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@MainActor
+struct MenuDescriptorCodexManagedFallbackTests {
+    @Test
+    func `codex account section prefers managed fallback over ambient account`() throws {
+        let suite = "MenuDescriptorCodexManagedFallbackTests"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore(),
+            codexCookieStore: InMemoryCookieHeaderStore(),
+            claudeCookieStore: InMemoryCookieHeaderStore(),
+            cursorCookieStore: InMemoryCookieHeaderStore(),
+            opencodeCookieStore: InMemoryCookieHeaderStore(),
+            factoryCookieStore: InMemoryCookieHeaderStore(),
+            minimaxCookieStore: InMemoryMiniMaxCookieStore(),
+            minimaxAPITokenStore: InMemoryMiniMaxAPITokenStore(),
+            kimiTokenStore: InMemoryKimiTokenStore(),
+            kimiK2TokenStore: InMemoryKimiK2TokenStore(),
+            augmentCookieStore: InMemoryCookieHeaderStore(),
+            ampCookieStore: InMemoryCookieHeaderStore(),
+            copilotTokenStore: InMemoryCopilotTokenStore(),
+            tokenAccountStore: InMemoryTokenAccountStore())
+        settings.statusChecksEnabled = false
+
+        let ambientHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        let managedHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        defer {
+            try? FileManager.default.removeItem(at: ambientHome)
+            try? FileManager.default.removeItem(at: managedHome)
+        }
+
+        try Self.writeCodexAuthFile(homeURL: ambientHome, email: "ambient@example.com", plan: "plus")
+        try Self.writeCodexAuthFile(homeURL: managedHome, email: "managed@example.com", plan: "enterprise")
+        settings.codexActiveSource = .managedAccount(id: UUID())
+        settings._test_activeManagedCodexRemoteHomePath = managedHome.path
+
+        let fetcher = UsageFetcher(environment: ["CODEX_HOME": ambientHome.path])
+        let store = UsageStore(
+            fetcher: fetcher,
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+                secondary: RateWindow(usedPercent: 20, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+                updatedAt: Date(),
+                identity: nil),
+            provider: .codex)
+
+        let descriptor = MenuDescriptor.build(
+            provider: .codex,
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updateReady: false,
+            includeContextualActions: false)
+
+        let lines = descriptor.sections
+            .flatMap(\.entries)
+            .compactMap { entry -> String? in
+                guard case let .text(text, _) = entry else { return nil }
+                return text
+            }
+
+        #expect(lines.contains("Account: managed@example.com"))
+        #expect(lines.contains("Plan: Enterprise"))
+        #expect(!lines.contains("Account: ambient@example.com"))
+        #expect(!lines.contains("Plan: Plus"))
+    }
+
+    @Test
+    func `codex weekly only window renders without session row`() throws {
+        let suite = "MenuDescriptorCodexManagedFallbackTests-weekly-only"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore(),
+            codexCookieStore: InMemoryCookieHeaderStore(),
+            claudeCookieStore: InMemoryCookieHeaderStore(),
+            cursorCookieStore: InMemoryCookieHeaderStore(),
+            opencodeCookieStore: InMemoryCookieHeaderStore(),
+            factoryCookieStore: InMemoryCookieHeaderStore(),
+            minimaxCookieStore: InMemoryMiniMaxCookieStore(),
+            minimaxAPITokenStore: InMemoryMiniMaxAPITokenStore(),
+            kimiTokenStore: InMemoryKimiTokenStore(),
+            kimiK2TokenStore: InMemoryKimiK2TokenStore(),
+            augmentCookieStore: InMemoryCookieHeaderStore(),
+            ampCookieStore: InMemoryCookieHeaderStore(),
+            copilotTokenStore: InMemoryCopilotTokenStore(),
+            tokenAccountStore: InMemoryTokenAccountStore())
+        settings.statusChecksEnabled = false
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(
+            fetcher: fetcher,
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: nil,
+                secondary: RateWindow(
+                    usedPercent: 20,
+                    windowMinutes: 10080,
+                    resetsAt: nil,
+                    resetDescription: "Apr 6, 2026"),
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "ratulanimation@gmail.com",
+                    accountOrganization: nil,
+                    loginMethod: "free")),
+            provider: .codex)
+
+        let descriptor = MenuDescriptor.build(
+            provider: .codex,
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updateReady: false,
+            includeContextualActions: false)
+
+        let lines = descriptor.sections
+            .flatMap(\.entries)
+            .compactMap { entry -> String? in
+                guard case let .text(text, _) = entry else { return nil }
+                return text
+            }
+
+        #expect(!lines.contains(where: { $0.hasPrefix("Session:") }))
+        #expect(lines.contains(where: { $0.hasPrefix("Weekly:") }))
+    }
+
+    private static func writeCodexAuthFile(homeURL: URL, email: String, plan: String) throws {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        let auth = [
+            "tokens": [
+                "accessToken": "access-token",
+                "refreshToken": "refresh-token",
+                "idToken": Self.fakeJWT(email: email, plan: plan),
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: auth)
+        try data.write(to: homeURL.appendingPathComponent("auth.json"))
+    }
+
+    private static func fakeJWT(email: String, plan: String) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        let payload = (try? JSONSerialization.data(withJSONObject: [
+            "email": email,
+            "chatgpt_plan_type": plan,
+        ])) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
+}
diff --git a/Tests/CodexBarTests/MenuDescriptorKiloTests.swift b/Tests/CodexBarTests/MenuDescriptorKiloTests.swift
index adf6f41d1..a3dba9cb3 100644
--- a/Tests/CodexBarTests/MenuDescriptorKiloTests.swift
+++ b/Tests/CodexBarTests/MenuDescriptorKiloTests.swift
@@ -4,10 +4,9 @@ import Testing
 @testable import CodexBar
 
 @MainActor
-@Suite
 struct MenuDescriptorKiloTests {
     @Test
-    func kiloCreditsDetailDoesNotRenderAsResetLine() throws {
+    func `kilo credits detail does not render as reset line`() throws {
         let suite = "MenuDescriptorKiloTests-kilo-detail"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -59,7 +58,7 @@ struct MenuDescriptorKiloTests {
     }
 
     @Test
-    func kiloPassDetailKeepsResetLineWhenResetDateExists() throws {
+    func `kilo pass detail keeps reset line when reset date exists`() throws {
         let suite = "MenuDescriptorKiloTests-kilo-pass-reset"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -115,7 +114,7 @@ struct MenuDescriptorKiloTests {
     }
 
     @Test
-    func kiloAutoTopUpOnlyRendersActivityWithoutPlanLabel() throws {
+    func `kilo auto top up only renders activity without plan label`() throws {
         let suite = "MenuDescriptorKiloTests-kilo-activity-only"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
diff --git a/Tests/CodexBarTests/MenuDescriptorOpenAIAPITests.swift b/Tests/CodexBarTests/MenuDescriptorOpenAIAPITests.swift
new file mode 100644
index 000000000..d45b96429
--- /dev/null
+++ b/Tests/CodexBarTests/MenuDescriptorOpenAIAPITests.swift
@@ -0,0 +1,92 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@MainActor
+struct MenuDescriptorOpenAIAPITests {
+    @Test
+    func `openai api admin usage appears in descriptor summaries`() throws {
+        let suite = "MenuDescriptorOpenAIAPITests-admin-summary"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings)
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let usage = OpenAIAPIUsageSnapshot(
+            daily: [
+                OpenAIAPIUsageSnapshot.DailyBucket(
+                    day: "2023-11-13",
+                    startTime: now.addingTimeInterval(-86400),
+                    endTime: now,
+                    costUSD: 5,
+                    requests: 8,
+                    inputTokens: 100,
+                    cachedInputTokens: 0,
+                    outputTokens: 50,
+                    totalTokens: 150,
+                    lineItems: [],
+                    models: [
+                        OpenAIAPIUsageSnapshot.ModelBreakdown(
+                            name: "gpt-5.2",
+                            requests: 8,
+                            inputTokens: 100,
+                            cachedInputTokens: 0,
+                            outputTokens: 50,
+                            totalTokens: 150),
+                    ]),
+                OpenAIAPIUsageSnapshot.DailyBucket(
+                    day: "2023-11-14",
+                    startTime: now,
+                    endTime: now.addingTimeInterval(86400),
+                    costUSD: 12.5,
+                    requests: 40,
+                    inputTokens: 1000,
+                    cachedInputTokens: 250,
+                    outputTokens: 500,
+                    totalTokens: 1500,
+                    lineItems: [],
+                    models: [
+                        OpenAIAPIUsageSnapshot.ModelBreakdown(
+                            name: "gpt-5.2-codex",
+                            requests: 40,
+                            inputTokens: 1000,
+                            cachedInputTokens: 250,
+                            outputTokens: 500,
+                            totalTokens: 1500),
+                    ]),
+            ],
+            updatedAt: now)
+        store._setSnapshotForTesting(usage.toUsageSnapshot(), provider: .openai)
+
+        let descriptor = MenuDescriptor.build(
+            provider: .openai,
+            store: store,
+            settings: settings,
+            account: AccountInfo(email: nil, plan: nil),
+            updateReady: false,
+            includeContextualActions: false)
+        let lines = descriptor.sections
+            .flatMap(\.entries)
+            .compactMap { entry -> String? in
+                guard case let .text(text, _) = entry else { return nil }
+                return text
+            }
+
+        #expect(lines.contains("Today: $12.50 · 1.5K tokens"))
+        #expect(lines.contains("7d: $17.50 · 48 requests"))
+        #expect(lines.contains("30d: $17.50 · 48 requests"))
+        #expect(lines.contains("Top model: gpt-5.2-codex"))
+        #expect(!lines.contains("No usage yet"))
+    }
+}
diff --git a/Tests/CodexBarTests/MiMoProviderTests.swift b/Tests/CodexBarTests/MiMoProviderTests.swift
new file mode 100644
index 000000000..411ed124b
--- /dev/null
+++ b/Tests/CodexBarTests/MiMoProviderTests.swift
@@ -0,0 +1,716 @@
+import Foundation
+import SwiftUI
+import Testing
+@testable import CodexBar
+@testable import CodexBarCore
+#if os(macOS)
+import SweetCookieKit
+#endif
+
+@Suite(.serialized)
+struct MiMoProviderTests {
+    private struct StubClaudeFetcher: ClaudeUsageFetching {
+        func loadLatestUsage(model _: String) async throws -> ClaudeUsageSnapshot {
+            throw ClaudeUsageError.parseFailed("stub")
+        }
+
+        func debugRawProbe(model _: String) async -> String {
+            "stub"
+        }
+
+        func detectVersion() -> String? {
+            nil
+        }
+    }
+
+    @Test
+    func `cookie header normalizer keeps required mimo cookies`() {
+        let raw = """
+        curl 'https://platform.xiaomimimo.com/api/v1/balance' \
+          -H 'Cookie: userId=123; api-platform_serviceToken=svc-token; ignored=value; api-platform_ph=ph-token'
+        """
+
+        let normalized = MiMoCookieHeader.normalizedHeader(from: raw)
+
+        #expect(normalized == "api-platform_ph=ph-token; api-platform_serviceToken=svc-token; userId=123")
+    }
+
+    @Test
+    func `cookie header normalizer rejects missing auth cookies`() {
+        let normalized = MiMoCookieHeader.normalizedHeader(from: "Cookie: userId=123")
+
+        #expect(normalized == nil)
+    }
+
+    @Test
+    func `cookie header builder keeps mimo auth cookies from one scope`() throws {
+        let cookies = try [
+            self.makeCookie(
+                name: "userId",
+                value: "root-user",
+                domain: "xiaomimimo.com",
+                expiresAt: Date(timeIntervalSince1970: 1_800_000_000)),
+            self.makeCookie(
+                name: "api-platform_serviceToken",
+                value: "platform-token",
+                domain: "platform.xiaomimimo.com",
+                expiresAt: Date(timeIntervalSince1970: 1_900_000_000)),
+            self.makeCookie(
+                name: "userId",
+                value: "platform-user",
+                domain: "platform.xiaomimimo.com",
+                expiresAt: Date(timeIntervalSince1970: 1_900_000_000)),
+            self.makeCookie(
+                name: "api-platform_ph",
+                value: "platform-ph",
+                domain: "platform.xiaomimimo.com",
+                expiresAt: Date(timeIntervalSince1970: 1_900_000_000)),
+        ]
+
+        let header = MiMoCookieHeader.header(from: cookies)
+
+        #expect(header == "api-platform_ph=platform-ph; api-platform_serviceToken=platform-token; userId=platform-user")
+    }
+
+    @Test
+    func `cookie header builder prefers more specific matching cookie`() throws {
+        let cookies = try [
+            self.makeCookie(
+                name: "userId",
+                value: "root-user",
+                domain: "xiaomimimo.com",
+                expiresAt: Date(timeIntervalSince1970: 1_900_000_000)),
+            self.makeCookie(
+                name: "userId",
+                value: "api-user",
+                domain: "platform.xiaomimimo.com",
+                path: "/api",
+                expiresAt: Date(timeIntervalSince1970: 1_800_000_000)),
+            self.makeCookie(
+                name: "api-platform_serviceToken",
+                value: "platform-token",
+                domain: ".xiaomimimo.com",
+                expiresAt: Date(timeIntervalSince1970: 1_900_000_000)),
+            self.makeCookie(
+                name: "irrelevant",
+                value: "ignored",
+                domain: "platform.xiaomimimo.com",
+                expiresAt: Date(timeIntervalSince1970: 1_900_000_000)),
+        ]
+
+        let header = MiMoCookieHeader.header(from: cookies)
+
+        #expect(header == "api-platform_serviceToken=platform-token; userId=api-user")
+    }
+
+    @Test
+    func `cookie header builder rejects partial path prefix matches`() throws {
+        let cookies = try [
+            self.makeCookie(
+                name: "userId",
+                value: "partial-path-user",
+                domain: "platform.xiaomimimo.com",
+                path: "/api/v1/bal",
+                expiresAt: Date(timeIntervalSince1970: 1_900_000_000)),
+            self.makeCookie(
+                name: "userId",
+                value: "valid-user",
+                domain: "platform.xiaomimimo.com",
+                path: "/api",
+                expiresAt: Date(timeIntervalSince1970: 1_800_000_000)),
+            self.makeCookie(
+                name: "api-platform_serviceToken",
+                value: "partial-path-token",
+                domain: "platform.xiaomimimo.com",
+                path: "/api/v1/bal",
+                expiresAt: Date(timeIntervalSince1970: 1_900_000_000)),
+            self.makeCookie(
+                name: "api-platform_serviceToken",
+                value: "valid-token",
+                domain: "platform.xiaomimimo.com",
+                path: "/api",
+                expiresAt: Date(timeIntervalSince1970: 1_800_000_000)),
+        ]
+
+        let header = MiMoCookieHeader.header(from: cookies)
+
+        #expect(header == "api-platform_serviceToken=valid-token; userId=valid-user")
+    }
+
+    @Test
+    func `cookie header builder accepts slash terminated path prefixes`() throws {
+        let cookies = try [
+            self.makeCookie(
+                name: "userId",
+                value: "slash-user",
+                domain: "platform.xiaomimimo.com",
+                path: "/api/",
+                expiresAt: Date(timeIntervalSince1970: 1_900_000_000)),
+            self.makeCookie(
+                name: "api-platform_serviceToken",
+                value: "slash-token",
+                domain: "platform.xiaomimimo.com",
+                path: "/api/",
+                expiresAt: Date(timeIntervalSince1970: 1_900_000_000)),
+        ]
+
+        let header = MiMoCookieHeader.header(from: cookies)
+
+        #expect(header == "api-platform_serviceToken=slash-token; userId=slash-user")
+    }
+
+    @Test
+    func `usage snapshot exposes balance through identity plan text`() {
+        let snapshot = MiMoUsageSnapshot(
+            balance: 25.51,
+            currency: "USD",
+            updatedAt: Date(timeIntervalSince1970: 1_742_771_200))
+
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.primary == nil)
+        #expect(usage.secondary == nil)
+        #expect(usage.loginMethod(for: .mimo) == "Balance: $25.51")
+    }
+
+    @Test
+    func `usage snapshot shows token plan as primary when available`() {
+        let resetDate = Date(timeIntervalSince1970: 1_778_025_599)
+        let snapshot = MiMoUsageSnapshot(
+            balance: 25.51,
+            currency: "USD",
+            planCode: "standard",
+            planPeriodEnd: resetDate,
+            planExpired: false,
+            tokenUsed: 10_100_158,
+            tokenLimit: 200_000_000,
+            tokenPercent: 0.0505,
+            updatedAt: Date(timeIntervalSince1970: 1_742_771_200))
+
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.primary != nil)
+        #expect(abs((usage.primary?.usedPercent ?? .nan) - 5.05) < 0.0001)
+        #expect(usage.primary?.resetDescription == "10,100,158 / 200,000,000 Credits")
+        #expect(usage.primary?.resetsAt == resetDate)
+        #expect(usage.loginMethod(for: .mimo) == "Standard")
+    }
+
+    @Test
+    func `usage snapshot falls back to balance when no token plan`() {
+        let snapshot = MiMoUsageSnapshot(
+            balance: 0,
+            currency: "USD",
+            planCode: nil,
+            planPeriodEnd: nil,
+            planExpired: false,
+            tokenUsed: 0,
+            tokenLimit: 0,
+            tokenPercent: 0,
+            updatedAt: Date(timeIntervalSince1970: 1_742_771_200))
+
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.primary == nil)
+        #expect(usage.loginMethod(for: .mimo) == "Balance: $0.00")
+    }
+
+    @Test
+    func `parses balance payload`() throws {
+        let now = Date(timeIntervalSince1970: 1_742_771_200)
+        let json = """
+        {
+          "code": 0,
+          "message": "",
+          "data": {
+            "balance": "25.51",
+            "frozenBalance": null,
+            "currency": "USD",
+            "overdraftLimit": null
+          }
+        }
+        """
+
+        let snapshot = try MiMoUsageFetcher.parseUsageSnapshot(from: Data(json.utf8), now: now)
+
+        #expect(snapshot.balance == 25.51)
+        #expect(snapshot.currency == "USD")
+        #expect(snapshot.updatedAt == now)
+    }
+
+    @Test
+    func `parses token plan detail payload`() throws {
+        let json = """
+        {
+          "code": 0,
+          "message": "",
+          "data": {
+            "planCode": "standard",
+            "currentPeriodEnd": "2026-05-04 23:59:59",
+            "expired": false
+          }
+        }
+        """
+
+        let detail = try MiMoUsageFetcher.parseTokenPlanDetail(from: Data(json.utf8))
+
+        #expect(detail.planCode == "standard")
+        #expect(detail.expired == false)
+        #expect(detail.periodEnd != nil)
+    }
+
+    @Test
+    func `parses token plan usage payload`() throws {
+        let json = """
+        {
+          "code": 0,
+          "message": "",
+          "data": {
+            "monthUsage": {
+              "percent": 0.0505,
+              "items": [
+                {
+                  "name": "month_total_token",
+                  "used": 10100158,
+                  "limit": 200000000,
+                  "percent": 0.0505
+                }
+              ]
+            }
+          }
+        }
+        """
+
+        let usage = try MiMoUsageFetcher.parseTokenPlanUsage(from: Data(json.utf8))
+
+        #expect(usage.used == 10_100_158)
+        #expect(usage.limit == 200_000_000)
+        #expect(usage.percent == 0.0505)
+    }
+
+    @Test
+    func `combined snapshot merges balance and token plan`() throws {
+        let now = Date(timeIntervalSince1970: 1_742_771_200)
+        let balanceJSON = """
+        {"code":0,"message":"","data":{"balance":"25.51","currency":"USD"}}
+        """
+        let detailJSON = """
+        {"code":0,"message":"","data":{"planCode":"standard","currentPeriodEnd":"2026-05-04 23:59:59","expired":false}}
+        """
+        let usageJSON = """
+        {
+          "code": 0,
+          "message": "",
+          "data": {
+            "monthUsage": {
+              "percent": 0.0505,
+              "items": [
+                {
+                  "name": "month_total_token",
+                  "used": 10100158,
+                  "limit": 200000000,
+                  "percent": 0.0505
+                }
+              ]
+            }
+          }
+        }
+        """
+
+        let snapshot = try MiMoUsageFetcher.parseCombinedSnapshot(
+            balanceData: Data(balanceJSON.utf8),
+            tokenDetailData: Data(detailJSON.utf8),
+            tokenUsageData: Data(usageJSON.utf8),
+            now: now)
+
+        #expect(snapshot.balance == 25.51)
+        #expect(snapshot.currency == "USD")
+        #expect(snapshot.planCode == "standard")
+        #expect(snapshot.tokenUsed == 10_100_158)
+        #expect(snapshot.tokenLimit == 200_000_000)
+        #expect(snapshot.tokenPercent == 0.0505)
+    }
+
+    @Test
+    func `fetch usage hits mimo balance endpoint with browser headers`() async throws {
+        let registered = URLProtocol.registerClass(MiMoStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(MiMoStubURLProtocol.self)
+            }
+            MiMoStubURLProtocol.handler = nil
+        }
+
+        let lock = NSLock()
+        var requestedPaths: [String] = []
+        MiMoStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            lock.withLock {
+                requestedPaths.append(url.path)
+            }
+            #expect(request.value(forHTTPHeaderField: "Cookie") == "api-platform_serviceToken=svc-token; userId=123")
+            #expect(request.value(forHTTPHeaderField: "Accept-Language") == "en-US,en;q=0.9")
+            #expect(request.value(forHTTPHeaderField: "x-timeZone") == "UTC+01:00")
+            #expect(request.value(forHTTPHeaderField: "Referer") == "https://platform.xiaomimimo.com/#/console/balance")
+            let body = """
+            {
+              "code": 0,
+              "message": "",
+              "data": {
+                "balance": "25.51",
+                "currency": "USD"
+              }
+            }
+            """
+            return Self.makeResponse(url: url, body: body)
+        }
+
+        let snapshot = try await MiMoUsageFetcher.fetchUsage(
+            cookieHeader: "Cookie: userId=123; api-platform_serviceToken=svc-token",
+            environment: ["MIMO_API_URL": "https://mimo.test/api/v1"],
+            now: Date(timeIntervalSince1970: 1_742_771_200))
+
+        #expect(snapshot.balance == 25.51)
+        #expect(snapshot.currency == "USD")
+        #expect(requestedPaths.contains("/api/v1/balance"))
+    }
+
+    @Test
+    @MainActor
+    func `provider detail plan row formats mimo as balance`() {
+        CodexBarLocalizationOverride.$appLanguage.withValue("en") {
+            let row = ProviderDetailView<Text>.planRow(provider: .mimo, planText: "Balance: $25.51")
+
+            #expect(row?.label == "Balance")
+            #expect(row?.value == "$25.51")
+        }
+    }
+
+    @Test(arguments: [UsageProvider.openrouter, .mimo])
+    @MainActor
+    func `menu descriptor renders balance providers without duplicate prefix`(provider: UsageProvider) throws {
+        let suite = "MiMoProviderTests-menu-balance-\(provider.rawValue)"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings)
+        store._setSnapshotForTesting(self.makeBalanceSnapshot(provider: provider), provider: provider)
+
+        let descriptor = MenuDescriptor.build(
+            provider: provider,
+            store: store,
+            settings: settings,
+            account: AccountInfo(email: nil, plan: nil),
+            updateReady: false,
+            includeContextualActions: false)
+
+        let lines = descriptor.sections
+            .flatMap(\.entries)
+            .compactMap { entry -> String? in
+                guard case let .text(text, _) = entry else { return nil }
+                return text
+            }
+
+        #expect(lines.contains("Balance: $25.51"))
+        #expect(!lines.contains("Balance: Balance: $25.51"))
+    }
+
+    @Test
+    func `mimo web strategy unavailable when cookie source is off`() async {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+        CookieHeaderCache.store(
+            provider: .mimo,
+            cookieHeader: "api-platform_serviceToken=svc-token; userId=123",
+            sourceLabel: "cached")
+        defer { CookieHeaderCache.clear(provider: .mimo) }
+
+        let strategy = MiMoWebFetchStrategy()
+        let context = self.makeContext(settings: ProviderSettingsSnapshot.make(
+            mimo: ProviderSettingsSnapshot.MiMoProviderSettings(
+                cookieSource: .off,
+                manualCookieHeader: nil)))
+
+        let available = await strategy.isAvailable(context)
+
+        #expect(available == false)
+    }
+
+    @Test
+    func `mimo manual mode does not report available from cached browser session`() async {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+        CookieHeaderCache.store(
+            provider: .mimo,
+            cookieHeader: "api-platform_serviceToken=svc-token; userId=123",
+            sourceLabel: "cached")
+        defer { CookieHeaderCache.clear(provider: .mimo) }
+
+        let strategy = MiMoWebFetchStrategy()
+        let context = self.makeContext(settings: ProviderSettingsSnapshot.make(
+            mimo: ProviderSettingsSnapshot.MiMoProviderSettings(
+                cookieSource: .manual,
+                manualCookieHeader: "Cookie: userId=123")))
+
+        let available = await strategy.isAvailable(context)
+
+        #expect(available == false)
+    }
+
+    @Test
+    func `mimo manual mode rejects invalid header instead of falling back to cached session`() async {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+        CookieHeaderCache.store(
+            provider: .mimo,
+            cookieHeader: "api-platform_serviceToken=svc-token; userId=123",
+            sourceLabel: "cached")
+        defer { CookieHeaderCache.clear(provider: .mimo) }
+
+        let strategy = MiMoWebFetchStrategy()
+        let context = self.makeContext(settings: ProviderSettingsSnapshot.make(
+            mimo: ProviderSettingsSnapshot.MiMoProviderSettings(
+                cookieSource: .manual,
+                manualCookieHeader: "Cookie: userId=123")))
+
+        await #expect(throws: MiMoSettingsError.invalidCookie) {
+            _ = try await strategy.fetch(context)
+        }
+    }
+
+    @Test
+    func `mimo web strategy retries imported sessions after decode failure`() async throws {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer { KeychainCacheStore.setTestStoreForTesting(false) }
+        let registered = URLProtocol.registerClass(MiMoStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(MiMoStubURLProtocol.self)
+            }
+            MiMoStubURLProtocol.handler = nil
+            MiMoCookieImporter.importSessionsOverrideForTesting = nil
+            CookieHeaderCache.clear(provider: .mimo)
+        }
+
+        CookieHeaderCache.clear(provider: .mimo)
+        CookieHeaderCache.store(provider: .mimo, cookieHeader: "invalid", sourceLabel: "invalid")
+
+        MiMoCookieImporter.importSessionsOverrideForTesting = { _, _ in
+            [
+                .init(
+                    cookieHeader: "api-platform_serviceToken=expired-token; userId=111",
+                    sourceLabel: "Expired Chrome"),
+                .init(
+                    cookieHeader: "api-platform_serviceToken=valid-token; userId=222",
+                    sourceLabel: "Active Chrome"),
+            ]
+        }
+
+        let lock = NSLock()
+        var requestedCookies: [String] = []
+        MiMoStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            let cookie = request.value(forHTTPHeaderField: "Cookie") ?? ""
+            lock.withLock {
+                requestedCookies.append(cookie)
+            }
+
+            if cookie.contains("expired-token") {
+                let response = HTTPURLResponse(
+                    url: url,
+                    statusCode: 200,
+                    httpVersion: "HTTP/1.1",
+                    headerFields: ["Content-Type": "text/html"])!
+                return (response, Data("<html>login</html>".utf8))
+            }
+
+            let body = """
+            {
+              "code": 0,
+              "message": "",
+              "data": {
+                "balance": "25.51",
+                "currency": "USD"
+              }
+            }
+            """
+            return Self.makeResponse(url: url, body: body)
+        }
+
+        let strategy = MiMoWebFetchStrategy()
+        let result = try await strategy
+            .fetch(self.makeContext(environment: ["MIMO_API_URL": "https://mimo.test/api/v1"]))
+
+        #expect(requestedCookies.count == 6)
+        #expect(requestedCookies.contains(where: { $0.contains("expired-token") }))
+        #expect(requestedCookies.contains(where: { $0.contains("valid-token") }))
+        #expect(result.usage.loginMethod(for: .mimo) == "Balance: $25.51")
+        #expect(CookieHeaderCache.load(provider: .mimo)?.sourceLabel == "Active Chrome")
+    }
+
+    #if os(macOS)
+    @Test
+    func `mimo importer merges profile stores before validating auth cookies`() {
+        let profile = BrowserProfile(id: "Default", name: "Default")
+        let primaryStore = BrowserCookieStore(
+            browser: .chrome,
+            profile: profile,
+            kind: .primary,
+            label: "Chrome Default",
+            databaseURL: nil)
+        let networkStore = BrowserCookieStore(
+            browser: .chrome,
+            profile: profile,
+            kind: .network,
+            label: "Chrome Default (Network)",
+            databaseURL: nil)
+        let expires = Date(timeIntervalSince1970: 1_900_000_000)
+
+        let sessions = MiMoCookieImporter.sessionInfos(from: [
+            BrowserCookieStoreRecords(store: primaryStore, records: [
+                BrowserCookieRecord(
+                    domain: "platform.xiaomimimo.com",
+                    name: "userId",
+                    path: "/",
+                    value: "123",
+                    expires: expires,
+                    isSecure: true,
+                    isHTTPOnly: false),
+            ]),
+            BrowserCookieStoreRecords(store: networkStore, records: [
+                BrowserCookieRecord(
+                    domain: "platform.xiaomimimo.com",
+                    name: "api-platform_serviceToken",
+                    path: "/",
+                    value: "token",
+                    expires: expires,
+                    isSecure: true,
+                    isHTTPOnly: true),
+            ]),
+        ])
+
+        #expect(sessions.count == 1)
+        #expect(sessions.first?.sourceLabel == "Chrome Default")
+        #expect(sessions.first?.cookieHeader == "api-platform_serviceToken=token; userId=123")
+    }
+    #endif
+
+    private static func makeResponse(
+        url: URL,
+        body: String,
+        statusCode: Int = 200) -> (HTTPURLResponse, Data)
+    {
+        let response = HTTPURLResponse(
+            url: url,
+            statusCode: statusCode,
+            httpVersion: "HTTP/1.1",
+            headerFields: ["Content-Type": "application/json"])!
+        return (response, Data(body.utf8))
+    }
+
+    private func makeBalanceSnapshot(provider: UsageProvider) -> UsageSnapshot {
+        let updatedAt = Date(timeIntervalSince1970: 1_742_771_200)
+        switch provider {
+        case .openrouter:
+            return OpenRouterUsageSnapshot(
+                totalCredits: 50,
+                totalUsage: 24.49,
+                balance: 25.51,
+                usedPercent: 49,
+                keyDataFetched: false,
+                keyLimit: nil,
+                keyUsage: nil,
+                rateLimit: nil,
+                updatedAt: updatedAt).toUsageSnapshot()
+        case .mimo:
+            return MiMoUsageSnapshot(
+                balance: 25.51,
+                currency: "USD",
+                updatedAt: updatedAt).toUsageSnapshot()
+        default:
+            Issue.record("Unexpected provider \(provider.rawValue)")
+            return UsageSnapshot(
+                primary: nil,
+                secondary: nil,
+                tertiary: nil,
+                updatedAt: updatedAt)
+        }
+    }
+
+    private func makeContext(
+        settings: ProviderSettingsSnapshot? = nil,
+        environment: [String: String] = [:]) -> ProviderFetchContext
+    {
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        return ProviderFetchContext(
+            runtime: .app,
+            sourceMode: .auto,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: environment,
+            settings: settings,
+            fetcher: UsageFetcher(environment: [:]),
+            claudeFetcher: StubClaudeFetcher(),
+            browserDetection: browserDetection)
+    }
+
+    private func makeCookie(
+        name: String,
+        value: String,
+        domain: String,
+        path: String = "/",
+        expiresAt: Date) throws -> HTTPCookie
+    {
+        let properties: [HTTPCookiePropertyKey: Any] = [
+            .name: name,
+            .value: value,
+            .domain: domain,
+            .path: path,
+            .expires: expiresAt,
+            .secure: "TRUE",
+        ]
+        return try #require(HTTPCookie(properties: properties))
+    }
+}
+
+final class MiMoStubURLProtocol: URLProtocol {
+    nonisolated(unsafe) static var handler: ((URLRequest) throws -> (HTTPURLResponse, Data))?
+
+    override static func canInit(with request: URLRequest) -> Bool {
+        request.url?.host == "mimo.test"
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        guard let handler = Self.handler else {
+            self.client?.urlProtocol(self, didFailWithError: URLError(.badServerResponse))
+            return
+        }
+
+        do {
+            let (response, data) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
+}
diff --git a/Tests/CodexBarTests/MiniMaxAPITokenFetchTests.swift b/Tests/CodexBarTests/MiniMaxAPITokenFetchTests.swift
index e427484f8..f1a69d37b 100644
--- a/Tests/CodexBarTests/MiniMaxAPITokenFetchTests.swift
+++ b/Tests/CodexBarTests/MiniMaxAPITokenFetchTests.swift
@@ -5,15 +5,12 @@ import Testing
 @Suite(.serialized)
 struct MiniMaxAPITokenFetchTests {
     @Test
-    func retriesChinaHostWhenGlobalRejectsToken() async throws {
-        let registered = URLProtocol.registerClass(MiniMaxAPITokenStubURLProtocol.self)
+    func `retries china host when global rejects token`() async throws {
         defer {
-            if registered {
-                URLProtocol.unregisterClass(MiniMaxAPITokenStubURLProtocol.self)
-            }
             MiniMaxAPITokenStubURLProtocol.handler = nil
             MiniMaxAPITokenStubURLProtocol.requests = []
         }
+        MiniMaxAPITokenStubURLProtocol.requests = []
 
         MiniMaxAPITokenStubURLProtocol.handler = { request in
             guard let url = request.url else { throw URLError(.badURL) }
@@ -45,7 +42,11 @@ struct MiniMaxAPITokenFetchTests {
         }
 
         let now = Date(timeIntervalSince1970: 1_700_000_000)
-        let snapshot = try await MiniMaxUsageFetcher.fetchUsage(apiToken: "sk-cp-test", region: .global, now: now)
+        let snapshot = try await MiniMaxUsageFetcher.fetchUsage(
+            apiToken: "sk-cp-test",
+            region: .global,
+            now: now,
+            session: Self.makeSession())
 
         #expect(snapshot.planName == "Max")
         #expect(MiniMaxAPITokenStubURLProtocol.requests.count == 2)
@@ -54,15 +55,12 @@ struct MiniMaxAPITokenFetchTests {
     }
 
     @Test
-    func preservesInvalidCredentialsWhenChinaRetryFailsTransport() async throws {
-        let registered = URLProtocol.registerClass(MiniMaxAPITokenStubURLProtocol.self)
+    func `preserves invalid credentials when china retry fails transport`() async throws {
         defer {
-            if registered {
-                URLProtocol.unregisterClass(MiniMaxAPITokenStubURLProtocol.self)
-            }
             MiniMaxAPITokenStubURLProtocol.handler = nil
             MiniMaxAPITokenStubURLProtocol.requests = []
         }
+        MiniMaxAPITokenStubURLProtocol.requests = []
 
         MiniMaxAPITokenStubURLProtocol.handler = { request in
             guard let url = request.url else { throw URLError(.badURL) }
@@ -78,7 +76,11 @@ struct MiniMaxAPITokenFetchTests {
 
         let now = Date(timeIntervalSince1970: 1_700_000_000)
         await #expect(throws: MiniMaxUsageError.invalidCredentials) {
-            _ = try await MiniMaxUsageFetcher.fetchUsage(apiToken: "sk-cp-test", region: .global, now: now)
+            _ = try await MiniMaxUsageFetcher.fetchUsage(
+                apiToken: "sk-cp-test",
+                region: .global,
+                now: now,
+                session: Self.makeSession())
         }
 
         #expect(MiniMaxAPITokenStubURLProtocol.requests.count == 2)
@@ -87,15 +89,12 @@ struct MiniMaxAPITokenFetchTests {
     }
 
     @Test
-    func doesNotRetryWhenRegionIsChinaMainland() async throws {
-        let registered = URLProtocol.registerClass(MiniMaxAPITokenStubURLProtocol.self)
+    func `does not retry when region is china mainland`() async throws {
         defer {
-            if registered {
-                URLProtocol.unregisterClass(MiniMaxAPITokenStubURLProtocol.self)
-            }
             MiniMaxAPITokenStubURLProtocol.handler = nil
             MiniMaxAPITokenStubURLProtocol.requests = []
         }
+        MiniMaxAPITokenStubURLProtocol.requests = []
 
         MiniMaxAPITokenStubURLProtocol.handler = { request in
             guard let url = request.url else { throw URLError(.badURL) }
@@ -124,12 +123,22 @@ struct MiniMaxAPITokenFetchTests {
         }
 
         let now = Date(timeIntervalSince1970: 1_700_000_000)
-        _ = try await MiniMaxUsageFetcher.fetchUsage(apiToken: "sk-cp-test", region: .chinaMainland, now: now)
+        _ = try await MiniMaxUsageFetcher.fetchUsage(
+            apiToken: "sk-cp-test",
+            region: .chinaMainland,
+            now: now,
+            session: Self.makeSession())
 
         #expect(MiniMaxAPITokenStubURLProtocol.requests.count == 1)
         #expect(MiniMaxAPITokenStubURLProtocol.requests.first?.url?.host == "api.minimaxi.com")
     }
 
+    private static func makeSession() -> URLSession {
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [MiniMaxAPITokenStubURLProtocol.self]
+        return URLSession(configuration: config)
+    }
+
     private static func makeResponse(
         url: URL,
         body: String,
diff --git a/Tests/CodexBarTests/MiniMaxLocalStorageImporterTests.swift b/Tests/CodexBarTests/MiniMaxLocalStorageImporterTests.swift
index d35b65024..e8a188d78 100644
--- a/Tests/CodexBarTests/MiniMaxLocalStorageImporterTests.swift
+++ b/Tests/CodexBarTests/MiniMaxLocalStorageImporterTests.swift
@@ -2,10 +2,9 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct MiniMaxLocalStorageImporterTests {
     @Test
-    func extractsAccessTokensFromJSONPreferringLongTokens() {
+    func `extracts access tokens from JSON preferring long tokens`() {
         let shortToken = String(repeating: "b", count: 24)
         let longToken = String(repeating: "a", count: 72)
         let payload = """
@@ -19,7 +18,7 @@ struct MiniMaxLocalStorageImporterTests {
     }
 
     @Test
-    func extractsGroupIDFromJSONString() {
+    func `extracts group ID from JSON string`() {
         let payload = """
         {"user":{"groupId":"98765"}}
         """
@@ -30,7 +29,7 @@ struct MiniMaxLocalStorageImporterTests {
     }
 
     @Test
-    func resolvesGroupIDFromJWTClaims() {
+    func `resolves group ID from JWT claims`() {
         let token = Self.makeJWT(payload: [
             "iss": "minimax",
             "group_id": "12345",
@@ -42,7 +41,7 @@ struct MiniMaxLocalStorageImporterTests {
     }
 
     @Test
-    func rejectsNonMiniMaxJWTsWithoutSignal() {
+    func `rejects non mini max JW ts without signal`() {
         let token = Self.makeJWT(payload: [
             "iss": "other",
             "pad": String(repeating: "y", count: 80),
diff --git a/Tests/CodexBarTests/MiniMaxLogRedactorTests.swift b/Tests/CodexBarTests/MiniMaxLogRedactorTests.swift
new file mode 100644
index 000000000..d37ed2251
--- /dev/null
+++ b/Tests/CodexBarTests/MiniMaxLogRedactorTests.swift
@@ -0,0 +1,105 @@
+import CodexBarCore
+import Foundation
+import Testing
+
+@Suite(.serialized)
+struct MiniMaxLogRedactorTests {
+    private static var miniMaxCpPlaceholder: String {
+        ["sk", "cp", "placeholder"].joined(separator: "-")
+    }
+
+    private static var miniMaxApiPlaceholder: String {
+        ["sk", "api", "placeholder"].joined(separator: "-")
+    }
+
+    @Test
+    func `sk-cp token is redacted`() {
+        let input = Self.miniMaxCpPlaceholder
+        let redacted = LogRedactor.redact(input)
+        #expect(redacted.contains("sk-cp-") == false)
+        #expect(redacted.contains("<redacted-minimax-token>"))
+        #expect(redacted.contains("placeholder") == false)
+    }
+
+    @Test
+    func `sk-api token is redacted`() {
+        let input = Self.miniMaxApiPlaceholder
+        let redacted = LogRedactor.redact(input)
+        #expect(redacted.contains("sk-api-") == false)
+        #expect(redacted.contains("<redacted-minimax-token>"))
+        #expect(redacted.contains("placeholder") == false)
+    }
+
+    @Test
+    func `cookie header is redacted`() {
+        let input = "Cookie: session=cookie-session-placeholder; token=\(Self.miniMaxCpPlaceholder)"
+        let redacted = LogRedactor.redact(input)
+        #expect(redacted.contains("session=cookie-session-placeholder") == false)
+        #expect(redacted.contains(Self.miniMaxCpPlaceholder) == false)
+        #expect(redacted.contains("Cookie: <redacted>"))
+    }
+
+    @Test
+    func `authorization header value is redacted`() {
+        // Short obvious placeholder, not JWT-like
+        let input = "Authorization: Bearer fake-bearer-token"
+        let redacted = LogRedactor.redact(input)
+        #expect(redacted.contains("fake-bearer-token") == false)
+        #expect(redacted.contains("Authorization:"))
+    }
+
+    @Test
+    func `bearer token is not present in raw form`() {
+        let input = "Authorization: bearer \(Self.miniMaxApiPlaceholder)"
+        let redacted = LogRedactor.redact(input)
+        #expect(redacted.contains(Self.miniMaxApiPlaceholder) == false)
+    }
+
+    @Test
+    func `email is redacted`() {
+        let input = "Contact: user@example.com"
+        let redacted = LogRedactor.redact(input)
+        #expect(redacted.contains("user@example.com") == false)
+        #expect(redacted.contains("<redacted-email>"))
+    }
+
+    @Test
+    func `minimax token in cookie is not present in raw form`() {
+        let input = "Cookie: session=session-placeholder; token=\(Self.miniMaxCpPlaceholder)"
+        let redacted = LogRedactor.redact(input)
+        #expect(redacted.contains("session=session-placeholder") == false)
+        #expect(redacted.contains(Self.miniMaxCpPlaceholder) == false)
+    }
+
+    @Test
+    func `redacted text no longer matches original token pattern`() {
+        let originalToken = Self.miniMaxCpPlaceholder
+        let input = "Token: \(originalToken)"
+        let redacted = LogRedactor.redact(input)
+
+        #expect(redacted.contains(originalToken) == false)
+        #expect(redacted.contains("<redacted-minimax-token>"))
+    }
+
+    @Test
+    func `minimax token with punctuation suffix is fully redacted`() {
+        let punctuatedToken = "\(Self.miniMaxApiPlaceholder).suffix-more"
+        let input = "Error: token=\(punctuatedToken)"
+        let redacted = LogRedactor.redact(input)
+
+        #expect(redacted.contains("sk-api-") == false)
+        #expect(redacted.contains("suffix-more") == false)
+        #expect(redacted.contains("<redacted-minimax-token>"))
+    }
+
+    @Test
+    func `authorization header minimax token leaves no suffix fragment`() {
+        let punctuatedToken = "\(Self.miniMaxCpPlaceholder)-part.two"
+        let input = "Authorization: Bearer \(punctuatedToken)"
+        let redacted = LogRedactor.redact(input)
+
+        #expect(redacted.contains("sk-cp-") == false)
+        #expect(redacted.contains("part.two") == false)
+        #expect(redacted.contains("Authorization: <redacted>"))
+    }
+}
diff --git a/Tests/CodexBarTests/MiniMaxMenuCardBillingTests.swift b/Tests/CodexBarTests/MiniMaxMenuCardBillingTests.swift
new file mode 100644
index 000000000..461c7f66a
--- /dev/null
+++ b/Tests/CodexBarTests/MiniMaxMenuCardBillingTests.swift
@@ -0,0 +1,103 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct MiniMaxMenuCardBillingTests {
+    @Test
+    func `minimax billing history renders inline dashboard`() throws {
+        let now = Date()
+        let billing = MiniMaxBillingSummary(
+            todayTokens: 1234,
+            last30DaysTokens: 5678,
+            todayCash: 1.5,
+            last30DaysCash: 4.25,
+            daily: [
+                MiniMaxBillingDay(day: "2026-05-16", tokens: 1111, cash: 2.75),
+                MiniMaxBillingDay(day: "2026-05-17", tokens: 1234, cash: 1.5),
+            ],
+            topMethods: [MiniMaxBillingBreakdown(name: "chat", tokens: 2345, cash: 4.25)],
+            topModels: [MiniMaxBillingBreakdown(name: "MiniMax-M1", tokens: 2345, cash: 4.25)],
+            updatedAt: now)
+        let minimax = MiniMaxUsageSnapshot(
+            planName: "Max",
+            availablePrompts: nil,
+            currentPrompts: nil,
+            remainingPrompts: nil,
+            windowMinutes: nil,
+            usedPercent: nil,
+            resetsAt: nil,
+            updatedAt: now,
+            services: [
+                MiniMaxServiceUsage(
+                    serviceType: "text-generation",
+                    windowType: "Today",
+                    timeRange: "2026/05/17 00:00 - 2026/05/18 00:00",
+                    usage: 2,
+                    limit: 10,
+                    percent: 20,
+                    resetsAt: now.addingTimeInterval(3600),
+                    resetDescription: "Resets in 1 hour"),
+            ],
+            billingSummary: billing)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 20, windowMinutes: 1440, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            minimaxUsage: minimax,
+            updatedAt: now,
+            identity: ProviderIdentitySnapshot(
+                providerID: .minimax,
+                accountEmail: nil,
+                accountOrganization: nil,
+                loginMethod: "Max"))
+        let metadata = try #require(ProviderDefaults.metadata[.minimax])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .minimax,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: true,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.inlineUsageDashboard?.accessibilityLabel == "MiniMax 30 day token usage trend")
+        #expect(model.inlineUsageDashboard?.kpis.first?.value == "1.2K")
+        #expect(model.inlineUsageDashboard?.points.count == 2)
+        #expect(model.usageNotes.contains("Last 30 days: 5.7K tokens"))
+
+        let hiddenModel = UsageMenuCardView.Model.make(.init(
+            provider: .minimax,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: true,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: false,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(hiddenModel.inlineUsageDashboard == nil)
+        #expect(!hiddenModel.usageNotes.contains("Last 30 days: 5.7K tokens"))
+    }
+}
diff --git a/Tests/CodexBarTests/MiniMaxMenuCardModelPlanTests.swift b/Tests/CodexBarTests/MiniMaxMenuCardModelPlanTests.swift
new file mode 100644
index 000000000..968962590
--- /dev/null
+++ b/Tests/CodexBarTests/MiniMaxMenuCardModelPlanTests.swift
@@ -0,0 +1,101 @@
+import CodexBarCore
+import Foundation
+import SwiftUI
+import Testing
+@testable import CodexBar
+
+struct MiniMaxMenuCardModelPlanTests {
+    @Test
+    func `minimax loginMethod maps to planText in MenuCardModel`() throws {
+        let now = Date()
+        let minimax = MiniMaxUsageSnapshot(
+            planName: "MiniMax Star",
+            availablePrompts: nil,
+            currentPrompts: nil,
+            remainingPrompts: nil,
+            windowMinutes: nil,
+            usedPercent: nil,
+            resetsAt: nil,
+            updatedAt: now)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 0, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            minimaxUsage: minimax,
+            updatedAt: now,
+            identity: ProviderIdentitySnapshot(
+                providerID: .minimax,
+                accountEmail: nil,
+                accountOrganization: nil,
+                loginMethod: "MiniMax Star"))
+        let metadata = try #require(ProviderDefaults.metadata[.minimax])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .minimax,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: true,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.planText == "MiniMax Star")
+    }
+
+    @Test
+    func `minimax nil loginMethod results in nil planText`() throws {
+        let now = Date()
+        let minimax = MiniMaxUsageSnapshot(
+            planName: nil,
+            availablePrompts: nil,
+            currentPrompts: nil,
+            remainingPrompts: nil,
+            windowMinutes: nil,
+            usedPercent: nil,
+            resetsAt: nil,
+            updatedAt: now)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 0, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            minimaxUsage: minimax,
+            updatedAt: now,
+            identity: ProviderIdentitySnapshot(
+                providerID: .minimax,
+                accountEmail: nil,
+                accountOrganization: nil,
+                loginMethod: nil))
+        let metadata = try #require(ProviderDefaults.metadata[.minimax])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .minimax,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: true,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.planText == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/MiniMaxProviderTests.swift b/Tests/CodexBarTests/MiniMaxProviderTests.swift
index ff9eb8397..1313c24e9 100644
--- a/Tests/CodexBarTests/MiniMaxProviderTests.swift
+++ b/Tests/CodexBarTests/MiniMaxProviderTests.swift
@@ -2,38 +2,106 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
+struct MiniMaxAPISettingsReaderTests {
+    @Test
+    func `api token prefers coding plan specific environment key`() {
+        let token = MiniMaxAPISettingsReader.apiToken(environment: [
+            "MINIMAX_API_KEY": "sk-api-standard",
+            "MINIMAX_CODING_API_KEY": "sk-cp-coding-plan",
+        ])
+
+        #expect(token == "sk-cp-coding-plan")
+        #expect(MiniMaxAPISettingsReader.apiKeyKind(token: token) == .codingPlan)
+    }
+
+    @Test
+    func `api token falls back to generic environment key`() {
+        let token = MiniMaxAPISettingsReader.apiToken(environment: [
+            "MINIMAX_API_KEY": "\"sk-api-standard\"",
+        ])
+
+        #expect(token == "sk-api-standard")
+        #expect(MiniMaxAPISettingsReader.apiKeyKind(token: token) == .standard)
+    }
+}
+
+struct MiniMaxProviderStrategyTests {
+    private struct StubClaudeFetcher: ClaudeUsageFetching {
+        func loadLatestUsage(model _: String) async throws -> ClaudeUsageSnapshot {
+            throw ClaudeUsageError.parseFailed("stub")
+        }
+
+        func debugRawProbe(model _: String) async -> String {
+            "stub"
+        }
+
+        func detectVersion() -> String? {
+            nil
+        }
+    }
+
+    @Test
+    func `browser cookie import is user initiated app only`() {
+        let appContext = self.makeContext(runtime: .app)
+        let cliContext = self.makeContext(runtime: .cli)
+
+        #expect(MiniMaxCodingPlanFetchStrategy.allowsBrowserCookieImport(context: appContext) == false)
+        #expect(MiniMaxCodingPlanFetchStrategy.allowsBrowserCookieImport(context: cliContext) == false)
+
+        ProviderInteractionContext.$current.withValue(.userInitiated) {
+            #expect(MiniMaxCodingPlanFetchStrategy.allowsBrowserCookieImport(context: appContext))
+            #expect(MiniMaxCodingPlanFetchStrategy.allowsBrowserCookieImport(context: cliContext) == false)
+        }
+    }
+
+    private func makeContext(runtime: ProviderRuntime) -> ProviderFetchContext {
+        let env: [String: String] = [:]
+        return ProviderFetchContext(
+            runtime: runtime,
+            sourceMode: .web,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: nil,
+            fetcher: UsageFetcher(environment: env),
+            claudeFetcher: StubClaudeFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0))
+    }
+}
+
 struct MiniMaxCookieHeaderTests {
     @Test
-    func normalizesRawCookieHeader() {
+    func `normalizes raw cookie header`() {
         let raw = "foo=bar; session=abc123"
         let normalized = MiniMaxCookieHeader.normalized(from: raw)
         #expect(normalized == "foo=bar; session=abc123")
     }
 
     @Test
-    func extractsFromCookieHeaderLine() {
+    func `extracts from cookie header line`() {
         let raw = "Cookie: foo=bar; session=abc123"
         let normalized = MiniMaxCookieHeader.normalized(from: raw)
         #expect(normalized == "foo=bar; session=abc123")
     }
 
     @Test
-    func extractsFromCurlHeader() {
+    func `extracts from curl header`() {
         let raw = "curl https://platform.minimax.io -H 'Cookie: foo=bar; session=abc123' -H 'accept: */*'"
         let normalized = MiniMaxCookieHeader.normalized(from: raw)
         #expect(normalized == "foo=bar; session=abc123")
     }
 
     @Test
-    func extractsFromCurlCookieFlag() {
+    func `extracts from curl cookie flag`() {
         let raw = "curl https://platform.minimax.io --cookie 'foo=bar; session=abc123'"
         let normalized = MiniMaxCookieHeader.normalized(from: raw)
         #expect(normalized == "foo=bar; session=abc123")
     }
 
     @Test
-    func extractsAuthAndGroupIDFromCurl() {
+    func `extracts auth and group ID from curl`() {
         let raw = """
         curl 'https://platform.minimax.io/v1/api/openplatform/coding_plan/remains?GroupId=123456' \
           -H 'authorization: Bearer token123' \
@@ -46,7 +114,7 @@ struct MiniMaxCookieHeaderTests {
     }
 
     @Test
-    func extractsAuthFromUppercaseHeader() {
+    func `extracts auth from uppercase header`() {
         let raw = """
         curl 'https://platform.minimax.io/v1/api/openplatform/coding_plan/remains?GROUP_ID=98765' \
           -H 'Authorization: Bearer token-abc' \
@@ -58,10 +126,140 @@ struct MiniMaxCookieHeaderTests {
     }
 }
 
-@Suite
 struct MiniMaxUsageParserTests {
     @Test
-    func parsesCodingPlanSnapshot() throws {
+    func `signed out check ignores login copy inside scripts`() {
+        let html = """
+        <html>
+          <head>
+            <script id="__NEXT_DATA__" type="application/json">
+              {
+                "props": {
+                  "pageProps": {
+                    "_nextI18Next": {
+                      "initialI18nStore": {
+                        "zh": {
+                          "common": {
+                            "landing_common_login": "登录",
+                            "login": "Log in"
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+            </script>
+          </head>
+          <body><div id="__next">Coding Plan</div></body>
+        </html>
+        """
+
+        #expect(!MiniMaxUsageFetcher._looksSignedOutForTesting(html: html))
+    }
+
+    @Test
+    func `signed out check still detects visible login copy`() {
+        let html = """
+        <html>
+          <head><script>{"landing_common_login":"登录"}</script></head>
+          <body><main><a>Log in</a></main></body>
+        </html>
+        """
+
+        #expect(MiniMaxUsageFetcher._looksSignedOutForTesting(html: html))
+    }
+
+    @Test
+    func `parses planName from concrete fields in remains response`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+
+        // 1. plan_name
+        let jsonPlanName = """
+        {
+          "base_resp": { "status_code": 0 },
+          "plan_name": "MiniMax Star",
+          "model_remains": [{"model_name": "abab6.5"}]
+        }
+        """
+        let snapshot1 = try MiniMaxUsageParser.parseCodingPlanRemains(data: Data(jsonPlanName.utf8), now: now)
+        #expect(snapshot1.planName == "MiniMax Star")
+
+        // 2. current_plan_title
+        let jsonCurrentPlan = """
+        {
+          "base_resp": { "status_code": 0 },
+          "current_plan_title": "Coding Plan Pro",
+          "model_remains": [{"model_name": "abab6.5"}]
+        }
+        """
+        let snapshot2 = try MiniMaxUsageParser.parseCodingPlanRemains(data: Data(jsonCurrentPlan.utf8), now: now)
+        #expect(snapshot2.planName == "Coding Plan Pro")
+
+        // 3. current_subscribe_title
+        let jsonSubscribe = """
+        {
+          "base_resp": { "status_code": 0 },
+          "current_subscribe_title": "Max",
+          "model_remains": [{"model_name": "abab6.5"}]
+        }
+        """
+        let snapshot3 = try MiniMaxUsageParser.parseCodingPlanRemains(data: Data(jsonSubscribe.utf8), now: now)
+        #expect(snapshot3.planName == "Max")
+
+        // 4. combo_title
+        let jsonCombo = """
+        {
+          "base_resp": { "status_code": 0 },
+          "combo_title": "Combo Star",
+          "model_remains": [{"model_name": "abab6.5"}]
+        }
+        """
+        let snapshot4 = try MiniMaxUsageParser.parseCodingPlanRemains(data: Data(jsonCombo.utf8), now: now)
+        #expect(snapshot4.planName == "Combo Star")
+
+        // 5. current_combo_card.title
+        let jsonComboCard = """
+        {
+          "base_resp": { "status_code": 0 },
+          "current_combo_card": { "title": "Card Title" },
+          "model_remains": [{"model_name": "abab6.5"}]
+        }
+        """
+        let snapshot5 = try MiniMaxUsageParser.parseCodingPlanRemains(data: Data(jsonComboCard.utf8), now: now)
+        #expect(snapshot5.planName == "Card Title")
+    }
+
+    @Test
+    func `toUsageSnapshot maps planName to loginMethod`() {
+        let now = Date()
+        let snapshot1 = MiniMaxUsageSnapshot(
+            planName: "MiniMax Star",
+            availablePrompts: nil,
+            currentPrompts: nil,
+            remainingPrompts: nil,
+            windowMinutes: nil,
+            usedPercent: nil,
+            resetsAt: nil,
+            updatedAt: now)
+        let usage1 = snapshot1.toUsageSnapshot()
+        #expect(usage1.identity?.loginMethod == "MiniMax Star")
+
+        let snapshot2 = MiniMaxUsageSnapshot(
+            planName: nil,
+            availablePrompts: nil,
+            currentPrompts: nil,
+            remainingPrompts: nil,
+            windowMinutes: nil,
+            usedPercent: nil,
+            resetsAt: nil,
+            updatedAt: now)
+        let usage2 = snapshot2.toUsageSnapshot()
+        #expect(usage2.identity?.loginMethod == nil)
+    }
+
+    @Test
+    func `parses coding plan snapshot`() throws {
         let now = Date(timeIntervalSince1970: 1_700_000_000)
         let html = """
         <div>Coding Plan</div>
@@ -85,7 +283,7 @@ struct MiniMaxUsageParserTests {
     }
 
     @Test
-    func parsesCodingPlanRemainsResponse() throws {
+    func `parses coding plan remains response`() throws {
         let now = Date(timeIntervalSince1970: 1_700_000_000)
         let start = 1_700_000_000_000
         let end = start + 5 * 60 * 60 * 1000
@@ -118,7 +316,159 @@ struct MiniMaxUsageParserTests {
     }
 
     @Test
-    func parsesCodingPlanRemainsFromDataWrapper() throws {
+    func `parses model remains services using used quota semantics`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let start = 1_700_000_000_000
+        let end = start + 5 * 60 * 60 * 1000
+        let json = """
+        {
+          "base_resp": { "status_code": 0 },
+          "current_subscribe_title": "Max",
+          "model_remains": [
+            {
+              "model_name": "M2.7-highspeed",
+              "current_interval_total_count": 1000,
+              "current_interval_usage_count": 250,
+              "start_time": \(start),
+              "end_time": \(end),
+              "remains_time": 240000
+            }
+          ]
+        }
+        """
+
+        let snapshot = try MiniMaxUsageParser.parseCodingPlanRemains(data: Data(json.utf8), now: now)
+        let service = try #require(snapshot.services?.first)
+
+        #expect(service.displayName == "Text Generation")
+        #expect(service.usage == 750)
+        #expect(service.remaining == 250)
+        #expect(service.limit == 1000)
+        #expect(service.percent == 75)
+        #expect(snapshot.toUsageSnapshot().primary?.usedPercent == 75)
+    }
+
+    @Test
+    func `text generation includes weekly window when provided`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let start = 1_700_000_000_000
+        let end = start + 5 * 60 * 60 * 1000
+        let weekStart = start - 2 * 24 * 60 * 60 * 1000
+        let weekEnd = weekStart + 7 * 24 * 60 * 60 * 1000
+        let json = """
+        {
+          "base_resp": { "status_code": 0 },
+          "model_remains": [
+            {
+              "model_name": "MiniMax-M1",
+              "current_interval_total_count": 1000,
+              "current_interval_usage_count": 250,
+              "start_time": \(start),
+              "end_time": \(end),
+              "current_weekly_total_count": 6000,
+              "current_weekly_usage_count": 5376,
+              "weekly_start_time": \(weekStart),
+              "weekly_end_time": \(weekEnd)
+            }
+          ]
+        }
+        """
+        let snapshot = try MiniMaxUsageParser.parseCodingPlanRemains(data: Data(json.utf8), now: now)
+        let services = try #require(snapshot.services)
+        #expect(services.count == 2)
+        #expect(services[0].serviceType == "Text Generation")
+        #expect(services[0].windowType == "5 hours")
+        #expect(services[1].serviceType == "Text Generation")
+        #expect(services[1].windowType == "Weekly")
+        #expect(services[1].usage == 624)
+        #expect(services[1].limit == 6000)
+        #expect(services[1].timeRange.contains("/"))
+        #expect(services[1].timeRange.contains("UTC+8"))
+        #expect(!services[1].timeRange.hasPrefix("10:00-10:00"))
+    }
+
+    @Test
+    func `legacy plan hides weekly when weekly total is missing or zero`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let start = 1_700_000_000_000
+        let end = start + 5 * 60 * 60 * 1000
+        let json = """
+        {
+          "base_resp": { "status_code": 0 },
+          "model_remains": [
+            {
+              "model_name": "MiniMax-M1",
+              "current_interval_total_count": 1000,
+              "current_interval_usage_count": 250,
+              "start_time": \(start),
+              "end_time": \(end),
+              "current_weekly_total_count": 0,
+              "current_weekly_usage_count": 0
+            }
+          ]
+        }
+        """
+        let snapshot = try MiniMaxUsageParser.parseCodingPlanRemains(data: Data(json.utf8), now: now)
+        let services = try #require(snapshot.services)
+        #expect(services.count == 1)
+        #expect(services[0].windowType == "5 hours")
+    }
+
+    @Test
+    func `parses multi service payload and utc offset reset`() throws {
+        var calendar = Calendar(identifier: .gregorian)
+        calendar.timeZone = try #require(TimeZone(secondsFromGMT: 8 * 3600))
+        let now = try #require(calendar.date(from: DateComponents(
+            year: 2026,
+            month: 3,
+            day: 25,
+            hour: 11,
+            minute: 0)))
+        let expectedReset = try #require(calendar.date(from: DateComponents(
+            year: 2026,
+            month: 3,
+            day: 25,
+            hour: 15,
+            minute: 0)))
+        let json = """
+        {
+          "data": {
+            "services": [
+              {
+                "service_type": "Text Generation",
+                "window_type": "5 hours",
+                "time_range": "10:00-15:00(UTC+8)",
+                "usage": 2,
+                "limit": 10
+              },
+              {
+                "service_type": "Image",
+                "window_type": "Today",
+                "time_range": "2026/03/25 00:00 - 2026/03/26 00:00",
+                "usage": "5",
+                "limit": "50",
+                "percent": "10"
+              }
+            ]
+          }
+        }
+        """
+
+        let snapshot = try MiniMaxUsageParser.parseCodingPlanRemains(data: Data(json.utf8), now: now)
+        let services = try #require(snapshot.services)
+
+        #expect(services.count == 2)
+        #expect(services[0].usage == 2)
+        #expect(services[0].remaining == 8)
+        #expect(services[0].percent == 20)
+        #expect(services[0].resetsAt == expectedReset)
+        #expect(services[1].usage == 5)
+        #expect(services[1].remaining == 45)
+        #expect(services[1].percent == 10)
+    }
+
+    @Test
+    func `parses coding plan remains from data wrapper`() throws {
         let now = Date(timeIntervalSince1970: 1_700_000_100)
         let start = 1_700_000_000_000
         let end = start + 5 * 60 * 60 * 1000
@@ -154,7 +504,7 @@ struct MiniMaxUsageParserTests {
     }
 
     @Test
-    func parsesCodingPlanFromNextData() throws {
+    func `parses coding plan from next data`() throws {
         let now = Date(timeIntervalSince1970: 1_700_000_000)
         let start = 1_700_000_000_000
         let end = start + 5 * 60 * 60 * 1000
@@ -198,7 +548,7 @@ struct MiniMaxUsageParserTests {
     }
 
     @Test
-    func parsesHTMLWithUsedPrefixAndResetTime() throws {
+    func `parses HTML with used prefix and reset time`() throws {
         var calendar = Calendar(identifier: .gregorian)
         calendar.timeZone = TimeZone(identifier: "UTC") ?? .current
         let now = try #require(calendar.date(from: DateComponents(year: 2025, month: 1, day: 1, hour: 10, minute: 0)))
@@ -226,7 +576,7 @@ struct MiniMaxUsageParserTests {
     }
 
     @Test
-    func throwsOnMissingCookieResponse() {
+    func `throws on missing cookie response`() {
         let json = """
         {
           "base_resp": { "status_code": 1004, "status_msg": "cookie is missing, log in again" }
@@ -239,7 +589,7 @@ struct MiniMaxUsageParserTests {
     }
 
     @Test
-    func throwsOnStringStatusCodeWhenLoggedOut() {
+    func `throws on string status code when logged out`() {
         let json = """
         {
           "base_resp": { "status_code": "1004", "status_msg": "login required" }
@@ -252,7 +602,7 @@ struct MiniMaxUsageParserTests {
     }
 
     @Test
-    func throwsOnErrorInDataWrapper() {
+    func `throws on error in data wrapper`() {
         let json = """
         {
           "data": {
@@ -265,12 +615,385 @@ struct MiniMaxUsageParserTests {
             try MiniMaxUsageParser.parseCodingPlanRemains(data: Data(json.utf8))
         }
     }
+
+    @Test
+    func `billing history aggregates records locally`() throws {
+        var calendar = Calendar(identifier: .gregorian)
+        calendar.timeZone = try #require(TimeZone(secondsFromGMT: 0))
+        let now = try #require(ISO8601DateFormatter().date(from: "2026-05-17T12:00:00Z"))
+        let json = """
+        {
+          "base_resp": { "status_code": 0 },
+          "consume_token_sum": 999999,
+          "total_cnt": 4,
+          "charge_records": [
+            {
+              "consume_token": 1000,
+              "consume_cash_after_voucher": 1.25,
+              "ymd": "2026-05-17",
+              "method": "chat",
+              "model": "MiniMax-M1"
+            },
+            {
+              "consume_token": "2000",
+              "consume_cash": "2.50",
+              "ymd": "2026-05-16",
+              "method": "chat",
+              "model": "MiniMax-M2"
+            },
+            {
+              "consume_input_token": 1200,
+              "consume_output_token": 1800,
+              "ymd": "2026-04-18",
+              "method": "audio",
+              "model": "speech-2.8"
+            },
+            {
+              "consume_token": 4000,
+              "ymd": "2026-04-17",
+              "method": "old",
+              "model": "ignored"
+            }
+          ]
+        }
+        """
+
+        let summary = try MiniMaxBillingHistoryParser.parse(
+            data: Data(json.utf8),
+            now: now,
+            calendar: calendar)
+
+        #expect(summary.todayTokens == 1000)
+        #expect(summary.last30DaysTokens == 6000)
+        #expect(summary.todayCash == 1.25)
+        #expect(summary.last30DaysCash == 3.75)
+        #expect(summary.daily.map(\.day) == ["2026-04-18", "2026-05-16", "2026-05-17"])
+        #expect(summary.topMethods.first?.name == "audio")
+        #expect(summary.topModels.first?.name == "speech-2.8")
+    }
+
+    @Test
+    func `billing history preserves date only days in local calendar`() throws {
+        var calendar = Calendar(identifier: .gregorian)
+        calendar.timeZone = try #require(TimeZone(secondsFromGMT: -7 * 60 * 60))
+        let now = try #require(ISO8601DateFormatter().date(from: "2026-05-17T12:00:00Z"))
+        let json = """
+        {
+          "base_resp": { "status_code": 0 },
+          "total_cnt": 1,
+          "charge_records": [
+            {
+              "consume_token": 1234,
+              "ymd": "2026-05-17",
+              "method": "chat",
+              "model": "MiniMax-M1"
+            }
+          ]
+        }
+        """
+
+        let summary = try MiniMaxBillingHistoryParser.parse(
+            data: Data(json.utf8),
+            now: now,
+            calendar: calendar)
+
+        #expect(summary.todayTokens == 1234)
+        #expect(summary.daily.map(\.day) == ["2026-05-17"])
+    }
+
+    @Test
+    func `billing history filters failed records`() throws {
+        var calendar = Calendar(identifier: .gregorian)
+        calendar.timeZone = try #require(TimeZone(secondsFromGMT: 0))
+        let now = try #require(ISO8601DateFormatter().date(from: "2026-05-17T12:00:00Z"))
+        let json = """
+        {
+          "base_resp": { "status_code": 0 },
+          "total_cnt": 5,
+          "charge_records": [
+            {
+              "consume_token": 1000,
+              "ymd": "2026-05-17",
+              "method": "chat",
+              "model": "MiniMax-M1",
+              "result": "SUCCESS"
+            },
+            {
+              "consume_token": 2000,
+              "ymd": "2026-05-17",
+              "method": "chat",
+              "model": "MiniMax-M1",
+              "result": "FAILED"
+            },
+            {
+              "consume_token": 3000,
+              "ymd": "2026-05-17",
+              "method": "chat",
+              "model": "MiniMax-M1",
+              "status": "fail"
+            },
+            {
+              "consume_token": 4000,
+              "ymd": "2026-05-17",
+              "method": "audio",
+              "model": "speech-2.8"
+            },
+            {
+              "consume_token": 5000,
+              "ymd": "2026-05-17",
+              "method": "video",
+              "model": "video-1",
+              "status": 0
+            }
+          ]
+        }
+        """
+
+        let summary = try MiniMaxBillingHistoryParser.parse(
+            data: Data(json.utf8),
+            now: now,
+            calendar: calendar)
+
+        // Only SUCCESS (1000) and missing/empty result status (4000) should be included.
+        // FAILED (2000), status "fail" (3000), and numeric status 0 (5000) should be skipped.
+        #expect(summary.todayTokens == 5000)
+        #expect(summary.last30DaysTokens == 5000)
+        #expect(summary.daily.map(\.day) == ["2026-05-17"])
+
+        // Top methods should aggregate only SUCCESS/missing records.
+        #expect(summary.topMethods.count == 2)
+        #expect(summary.topMethods[0].name == "audio")
+        #expect(summary.topMethods[0].tokens == 4000)
+        #expect(summary.topMethods[1].name == "chat")
+        #expect(summary.topMethods[1].tokens == 1000)
+    }
+
+    @Test
+    func `web usage fetch attaches billing history when available`() async throws {
+        let now = try #require(ISO8601DateFormatter().date(from: "2026-05-17T12:00:00Z"))
+        let transport = ProviderHTTPTransportStub { request in
+            let url = try #require(request.url)
+            if url.path.contains("coding-plan") {
+                return Self.httpResponse(
+                    url: url,
+                    body: Self.codingPlanJSON,
+                    contentType: "application/json")
+            }
+            #expect(url.path == "/account/amount")
+            #expect(url.query?.contains("aggregate=false") == true)
+            #expect(request.value(forHTTPHeaderField: "Cookie") == "HERTZ-SESSION=abc")
+            let body = """
+            {
+              "base_resp": { "status_code": 0 },
+              "total_cnt": 1,
+              "charge_records": [
+                {
+                  "consume_token": 1234,
+                  "ymd": "2026-05-17",
+                  "method": "chat",
+                  "model": "MiniMax-M1"
+                }
+              ]
+            }
+            """
+            return Self.httpResponse(url: url, body: body, contentType: "application/json")
+        }
+
+        let snapshot = try await MiniMaxUsageFetcher.fetchUsage(
+            cookieHeader: "HERTZ-SESSION=abc",
+            region: .global,
+            environment: [:],
+            session: transport,
+            now: now)
+
+        #expect(snapshot.currentPrompts == 2)
+        #expect(snapshot.billingSummary?.todayTokens == 1234)
+        #expect(snapshot.billingSummary?.last30DaysTokens == 1234)
+    }
+
+    @Test
+    func `web usage fetch keeps paginating billing history until 30 day cutoff`() async throws {
+        let now = try #require(ISO8601DateFormatter().date(from: "2026-05-17T12:00:00Z"))
+        let transport = ProviderHTTPTransportStub { request in
+            let url = try #require(request.url)
+            if url.path.contains("coding-plan") {
+                return Self.httpResponse(
+                    url: url,
+                    body: Self.codingPlanJSON,
+                    contentType: "application/json")
+            }
+            let page = URLComponents(url: url, resolvingAgainstBaseURL: false)?
+                .queryItems?
+                .first { $0.name == "page" }?
+                .value ?? "1"
+            let recordDay = page == "3" ? "2026-04-17" : "2026-05-17"
+            let records = (0..<100)
+                .map { _ in
+                    """
+                    {"consume_token":1,"ymd":"\(recordDay)","method":"chat","model":"MiniMax-M1"}
+                    """
+                }
+                .joined(separator: ",")
+            let body = """
+            {
+              "base_resp": { "status_code": 0 },
+              "total_cnt": 250,
+              "charge_records": [\(records)]
+            }
+            """
+            return Self.httpResponse(url: url, body: body, contentType: "application/json")
+        }
+
+        let snapshot = try await MiniMaxUsageFetcher.fetchUsage(
+            cookieHeader: "HERTZ-SESSION=abc",
+            region: .global,
+            environment: [:],
+            session: transport,
+            now: now)
+
+        let billingRequests = await transport.requests().filter { $0.url?.path == "/account/amount" }
+        #expect(billingRequests.count == 3)
+        #expect(snapshot.billingSummary?.last30DaysTokens == 200)
+    }
+
+    @Test
+    func `web usage fetch skips billing history when optional usage is disabled`() async throws {
+        let now = try #require(ISO8601DateFormatter().date(from: "2026-05-17T12:00:00Z"))
+        let transport = ProviderHTTPTransportStub { request in
+            let url = try #require(request.url)
+            #expect(url.path.contains("coding-plan"))
+            return Self.httpResponse(
+                url: url,
+                body: Self.codingPlanJSON,
+                contentType: "application/json")
+        }
+
+        let snapshot = try await MiniMaxUsageFetcher.fetchUsage(
+            cookieHeader: "HERTZ-SESSION=abc",
+            region: .global,
+            environment: [:],
+            includeBillingHistory: false,
+            session: transport,
+            now: now)
+
+        let requests = await transport.requests()
+        #expect(snapshot.currentPrompts == 2)
+        #expect(snapshot.billingSummary == nil)
+        #expect(requests.count == 1)
+    }
+
+    @Test
+    func `web usage fetch keeps quota when billing history is forbidden`() async throws {
+        let now = try #require(ISO8601DateFormatter().date(from: "2026-05-17T12:00:00Z"))
+        let transport = ProviderHTTPTransportStub { request in
+            let url = try #require(request.url)
+            if url.path.contains("coding-plan") {
+                return Self.httpResponse(
+                    url: url,
+                    body: Self.codingPlanJSON,
+                    contentType: "application/json")
+            }
+            return Self.httpResponse(url: url, body: "{}", statusCode: 403, contentType: "application/json")
+        }
+
+        let snapshot = try await MiniMaxUsageFetcher.fetchUsage(
+            cookieHeader: "HERTZ-SESSION=abc",
+            region: .global,
+            environment: [:],
+            session: transport,
+            now: now)
+
+        #expect(snapshot.currentPrompts == 2)
+        #expect(snapshot.billingSummary == nil)
+    }
+
+    @Test
+    func `web usage fetch preserves stale bearer failure during billing history`() async throws {
+        let now = try #require(ISO8601DateFormatter().date(from: "2026-05-17T12:00:00Z"))
+        let transport = ProviderHTTPTransportStub { request in
+            let url = try #require(request.url)
+            if url.path.contains("coding-plan") {
+                return Self.httpResponse(
+                    url: url,
+                    body: Self.codingPlanJSON,
+                    contentType: "application/json")
+            }
+            #expect(request.value(forHTTPHeaderField: "Authorization") == "Bearer stale")
+            return Self.httpResponse(url: url, body: "{}", statusCode: 403, contentType: "application/json")
+        }
+
+        await #expect(throws: MiniMaxUsageError.invalidCredentials) {
+            try await MiniMaxUsageFetcher.fetchUsage(
+                cookieHeader: "HERTZ-SESSION=abc",
+                authorizationToken: "stale",
+                region: .global,
+                environment: [:],
+                session: transport,
+                now: now)
+        }
+    }
+
+    @Test
+    func `web usage fetch preserves billing history cancellation`() async throws {
+        let now = try #require(ISO8601DateFormatter().date(from: "2026-05-17T12:00:00Z"))
+        let transport = ProviderHTTPTransportStub { request in
+            let url = try #require(request.url)
+            if url.path.contains("coding-plan") {
+                return Self.httpResponse(
+                    url: url,
+                    body: Self.codingPlanJSON,
+                    contentType: "application/json")
+            }
+            throw CancellationError()
+        }
+
+        await #expect(throws: CancellationError.self) {
+            try await MiniMaxUsageFetcher.fetchUsage(
+                cookieHeader: "HERTZ-SESSION=abc",
+                region: .global,
+                environment: [:],
+                session: transport,
+                now: now)
+        }
+    }
+
+    private static let codingPlanJSON = """
+    {
+      "base_resp": { "status_code": 0 },
+      "data": {
+        "plan_name": "Max",
+        "model_remains": [
+          {
+            "model_name": "MiniMax-M1",
+            "current_interval_total_count": 10,
+            "current_interval_usage_count": 8,
+            "start_time": 1779019200,
+            "end_time": 1779037200,
+            "remains_time": 3600
+          }
+        ]
+      }
+    }
+    """
+
+    private static func httpResponse(
+        url: URL,
+        body: String,
+        statusCode: Int = 200,
+        contentType: String) -> (Data, URLResponse)
+    {
+        let response = HTTPURLResponse(
+            url: url,
+            statusCode: statusCode,
+            httpVersion: "HTTP/1.1",
+            headerFields: ["Content-Type": contentType])!
+        return (Data(body.utf8), response)
+    }
 }
 
-@Suite
 struct MiniMaxAPIRegionTests {
     @Test
-    func defaultsToGlobalHosts() {
+    func `defaults to global hosts`() {
         let codingPlan = MiniMaxUsageFetcher.resolveCodingPlanURL(region: .global, environment: [:])
         let remains = MiniMaxUsageFetcher.resolveRemainsURL(region: .global, environment: [:])
         #expect(codingPlan.host == "platform.minimax.io")
@@ -278,7 +1001,7 @@ struct MiniMaxAPIRegionTests {
     }
 
     @Test
-    func usesChinaMainlandHosts() {
+    func `uses china mainland hosts`() {
         let codingPlan = MiniMaxUsageFetcher.resolveCodingPlanURL(region: .chinaMainland, environment: [:])
         let remains = MiniMaxUsageFetcher.resolveRemainsURL(region: .chinaMainland, environment: [:])
         #expect(codingPlan.host == "platform.minimaxi.com")
@@ -287,7 +1010,7 @@ struct MiniMaxAPIRegionTests {
     }
 
     @Test
-    func hostOverrideWinsForRemainsAndCodingPlan() {
+    func `host override wins for remains and coding plan`() {
         let env = [MiniMaxSettingsReader.hostKey: "api.minimaxi.com"]
         let codingPlan = MiniMaxUsageFetcher.resolveCodingPlanURL(region: .global, environment: env)
         let remains = MiniMaxUsageFetcher.resolveRemainsURL(region: .global, environment: env)
@@ -296,14 +1019,24 @@ struct MiniMaxAPIRegionTests {
     }
 
     @Test
-    func remainsUrlOverrideBeatsHost() {
+    func `billing history url uses account amount endpoint`() {
+        let url = MiniMaxUsageFetcher.resolveBillingHistoryURL(region: .chinaMainland, environment: [:], page: 2)
+        #expect(url.host == "platform.minimaxi.com")
+        #expect(url.path == "/account/amount")
+        #expect(url.query?.contains("page=2") == true)
+        #expect(url.query?.contains("limit=100") == true)
+        #expect(url.query?.contains("aggregate=false") == true)
+    }
+
+    @Test
+    func `remains url override beats host`() {
         let env = [MiniMaxSettingsReader.remainsURLKey: "https://platform.minimaxi.com/custom/remains"]
         let remains = MiniMaxUsageFetcher.resolveRemainsURL(region: .global, environment: env)
         #expect(remains.absoluteString == "https://platform.minimaxi.com/custom/remains")
     }
 
     @Test
-    func originUsesCodingPlanOverrideHost() {
+    func `origin uses coding plan override host`() {
         let env = [MiniMaxSettingsReader.codingPlanURLKey: "https://api.minimaxi.com/custom/path?cycle_type=3"]
         let codingPlan = MiniMaxUsageFetcher.resolveCodingPlanURL(region: .global, environment: env)
         let origin = MiniMaxUsageFetcher.originURL(from: codingPlan)
@@ -311,7 +1044,7 @@ struct MiniMaxAPIRegionTests {
     }
 
     @Test
-    func originStripsHostOverridePath() {
+    func `origin strips host override path`() {
         let env = [MiniMaxSettingsReader.hostKey: "https://api.minimaxi.com/custom/path"]
         let codingPlan = MiniMaxUsageFetcher.resolveCodingPlanURL(region: .global, environment: env)
         let origin = MiniMaxUsageFetcher.originURL(from: codingPlan)
diff --git a/Tests/CodexBarTests/MistralUsageParserTests.swift b/Tests/CodexBarTests/MistralUsageParserTests.swift
new file mode 100644
index 000000000..b38017536
--- /dev/null
+++ b/Tests/CodexBarTests/MistralUsageParserTests.swift
@@ -0,0 +1,400 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct MistralUsageParserTests {
+    // swiftlint:disable line_length
+
+    private static let novemberResponseJSON = """
+    {"completion":{"models":{"mistral-large-latest::mistral-large-2411":{"input":[{"usage_type":"usage","event_type":"api_tokens","billing_metric":"mistral-large-2411","billing_display_name":"mistral-large-latest","billing_group":"input","timestamp":"2025-11-14","value":11121,"value_paid":11121}],"output":[{"usage_type":"usage","event_type":"api_tokens","billing_metric":"mistral-large-2411","billing_display_name":"mistral-large-latest","billing_group":"output","timestamp":"2025-11-14","value":1115,"value_paid":1115}]},"mistral-small-latest::mistral-small-2506":{"input":[{"usage_type":"usage","event_type":"api_tokens","billing_metric":"mistral-small-2506","billing_display_name":"mistral-small-latest","billing_group":"input","timestamp":"2025-11-14","value":20,"value_paid":20},{"usage_type":"usage","event_type":"api_tokens","billing_metric":"mistral-small-2506","billing_display_name":"mistral-small-latest","billing_group":"input","timestamp":"2025-11-24","value":100,"value_paid":100}],"output":[{"usage_type":"usage","event_type":"api_tokens","billing_metric":"mistral-small-2506","billing_display_name":"mistral-small-latest","billing_group":"output","timestamp":"2025-11-14","value":500,"value_paid":500},{"usage_type":"usage","event_type":"api_tokens","billing_metric":"mistral-small-2506","billing_display_name":"mistral-small-latest","billing_group":"output","timestamp":"2025-11-24","value":2482,"value_paid":2482}]}}},"ocr":{"models":{}},"connectors":{"models":{}},"libraries_api":{"pages":{"models":{}},"tokens":{"models":{}}},"fine_tuning":{"training":{},"storage":{}},"audio":{"models":{}},"vibe_usage":0.0,"date":"2025-11-01T00:00:00Z","previous_month":"2025-10","next_month":"2025-12","start_date":"2025-11-01T00:00:00Z","end_date":"2025-11-30T23:59:59.999Z","currency":"EUR","currency_symbol":"\\u20ac","prices":[{"event_type":"api_tokens","billing_metric":"mistral-large-2411","billing_group":"input","price":"0.0000017000"},{"event_type":"api_tokens","billing_metric":"mistral-large-2411","billing_group":"output","price":"0.0000051000"},{"event_type":"api_tokens","billing_metric":"mistral-small-2506","billing_group":"input","price":"8.50E-8"},{"event_type":"api_tokens","billing_metric":"mistral-small-2506","billing_group":"output","price":"2.550E-7"}]}
+    """
+
+    private static let emptyResponseJSON = """
+    {"completion":{"models":{}},"ocr":{"models":{}},"connectors":{"models":{}},"libraries_api":{"pages":{"models":{}},"tokens":{"models":{}}},"fine_tuning":{"training":{},"storage":{}},"audio":{"models":{}},"vibe_usage":0.0,"date":"2026-02-01T00:00:00Z","previous_month":"2026-01","next_month":"2026-03","start_date":"2026-02-01T00:00:00Z","end_date":"2026-02-28T23:59:59.999Z","currency":"EUR","currency_symbol":"\\u20ac","prices":[]}
+    """
+
+    // swiftlint:enable line_length
+
+    @Test
+    func `parses response with usage data and computes token totals`() throws {
+        let data = try #require(Self.novemberResponseJSON.data(using: .utf8))
+        let snapshot = try MistralUsageFetcher.parseResponse(data: data, updatedAt: Date())
+
+        // mistral-large input: 11121, mistral-small input: 20+100=120
+        #expect(snapshot.totalInputTokens == 11121 + 120)
+        // mistral-large output: 1115, mistral-small output: 500+2482=2982
+        #expect(snapshot.totalOutputTokens == 1115 + 2982)
+        #expect(snapshot.totalCachedTokens == 0)
+        #expect(snapshot.modelCount == 2)
+        #expect(snapshot.currency == "EUR")
+        #expect(snapshot.currencySymbol == "€")
+        #expect(snapshot.daily.map(\.day) == ["2025-11-14", "2025-11-24"])
+        #expect(snapshot.daily.first?.totalTokens == 11121 + 1115 + 20 + 500)
+        #expect(snapshot.daily.first?.models.first?.name == "mistral-large-latest")
+    }
+
+    @Test
+    func `computes cost from tokens and prices`() throws {
+        let data = try #require(Self.novemberResponseJSON.data(using: .utf8))
+        let snapshot = try MistralUsageFetcher.parseResponse(data: data, updatedAt: Date())
+
+        // mistral-large-2411 input: 11121 * 0.0000017 = 0.0189057
+        // mistral-large-2411 output: 1115 * 0.0000051 = 0.0056865
+        // mistral-small-2506 input: 120 * 0.000000085 = 0.0000102
+        // mistral-small-2506 output: 2982 * 0.000000255 = 0.00076041
+        let expectedCost = 0.0189057 + 0.0056865 + 0.0000102 + 0.00076041
+        #expect(abs(snapshot.totalCost - expectedCost) < 0.0001)
+        #expect(snapshot.totalCost > 0)
+    }
+
+    @Test
+    func `parses empty response with no usage`() throws {
+        let data = try #require(Self.emptyResponseJSON.data(using: .utf8))
+        let snapshot = try MistralUsageFetcher.parseResponse(data: data, updatedAt: Date())
+
+        #expect(snapshot.totalInputTokens == 0)
+        #expect(snapshot.totalOutputTokens == 0)
+        #expect(snapshot.totalCost == 0)
+        #expect(snapshot.modelCount == 0)
+        #expect(snapshot.currency == "EUR")
+    }
+
+    @Test
+    func `daily spend keeps non token Mistral units out of token totals`() throws {
+        let json = """
+        {
+          "libraries_api": {
+            "pages": {
+              "models": {
+                "mistral-ocr-latest": {
+                  "input": [
+                    {
+                      "billing_metric": "pages",
+                      "billing_display_name": "OCR pages",
+                      "billing_group": "input",
+                      "timestamp": "2025-11-15",
+                      "value": 42,
+                      "value_paid": 42
+                    }
+                  ]
+                }
+              }
+            }
+          },
+          "currency": "EUR",
+          "currency_symbol": "€",
+          "prices": [
+            {
+              "billing_metric": "pages",
+              "billing_group": "input",
+              "price": "0.01"
+            }
+          ]
+        }
+        """
+        let snapshot = try MistralUsageFetcher.parseResponse(data: Data(json.utf8), updatedAt: Date())
+
+        #expect(abs(snapshot.totalCost - 0.42) < 0.0001)
+        #expect(snapshot.totalInputTokens == 0)
+        #expect(abs((snapshot.daily.first?.cost ?? 0) - 0.42) < 0.0001)
+        #expect(snapshot.daily.first?.totalTokens == 0)
+        #expect(abs((snapshot.daily.first?.models.first?.cost ?? 0) - 0.42) < 0.0001)
+        #expect(snapshot.daily.first?.models.first?.totalTokens == 0)
+    }
+
+    @Test
+    func `parses dates from response`() throws {
+        let data = try #require(Self.novemberResponseJSON.data(using: .utf8))
+        let snapshot = try MistralUsageFetcher.parseResponse(data: data, updatedAt: Date())
+
+        #expect(snapshot.startDate != nil)
+        #expect(snapshot.endDate != nil)
+
+        var calendar = Calendar(identifier: .gregorian)
+        calendar.timeZone = try #require(TimeZone(secondsFromGMT: 0))
+        if let start = snapshot.startDate {
+            #expect(calendar.component(.month, from: start) == 11)
+            #expect(calendar.component(.year, from: start) == 2025)
+        }
+    }
+
+    @Test
+    func `throws parseFailed for invalid JSON`() {
+        let data = Data("not json".utf8)
+        #expect(throws: MistralUsageError.self) {
+            try MistralUsageFetcher.parseResponse(data: data, updatedAt: Date())
+        }
+    }
+}
+
+struct MistralUsageSnapshotConversionTests {
+    @Test
+    func `converts cost into text only current month api spend`() {
+        let snapshot = MistralUsageSnapshot(
+            totalCost: 1.2345,
+            currency: "EUR",
+            currencySymbol: "€",
+            totalInputTokens: 10000,
+            totalOutputTokens: 5000,
+            totalCachedTokens: 0,
+            modelCount: 2,
+            startDate: nil,
+            endDate: Date(),
+            updatedAt: Date())
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary == nil)
+        #expect(usage.identity?.providerID == .mistral)
+        #expect(usage.identity?.loginMethod == "API spend: €1.2345 this month")
+        #expect(usage.providerCost == nil)
+    }
+
+    @Test
+    func `converts zero cost into zero spend text`() {
+        let snapshot = MistralUsageSnapshot(
+            totalCost: 0,
+            currency: "USD",
+            currencySymbol: "$",
+            totalInputTokens: 0,
+            totalOutputTokens: 0,
+            totalCachedTokens: 0,
+            modelCount: 0,
+            startDate: nil,
+            endDate: nil,
+            updatedAt: Date())
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary == nil)
+        #expect(usage.identity?.loginMethod == "API spend: $0.0000 this month")
+    }
+
+    @Test
+    func `converts billing usage into cost token snapshot`() {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let snapshot = MistralUsageSnapshot(
+            totalCost: 1.75,
+            currency: "eur",
+            currencySymbol: "€",
+            totalInputTokens: 300,
+            totalOutputTokens: 150,
+            totalCachedTokens: 50,
+            modelCount: 2,
+            daily: [
+                MistralDailyUsageBucket(
+                    day: "2023-11-14",
+                    cost: 1.5,
+                    inputTokens: 100,
+                    cachedTokens: 20,
+                    outputTokens: 50,
+                    models: [
+                        MistralDailyUsageBucket.ModelBreakdown(
+                            name: "mistral-large",
+                            cost: 1.5,
+                            inputTokens: 100,
+                            cachedTokens: 20,
+                            outputTokens: 50),
+                    ]),
+                MistralDailyUsageBucket(
+                    day: "2023-11-15",
+                    cost: 0.25,
+                    inputTokens: 200,
+                    cachedTokens: 30,
+                    outputTokens: 100,
+                    models: [
+                        MistralDailyUsageBucket.ModelBreakdown(
+                            name: "mistral-small",
+                            cost: 0.25,
+                            inputTokens: 200,
+                            cachedTokens: 30,
+                            outputTokens: 100),
+                    ]),
+            ],
+            startDate: nil,
+            endDate: nil,
+            updatedAt: now)
+
+        let cost = snapshot.toCostUsageTokenSnapshot(historyDays: 1)
+        #expect(cost.currencyCode == "EUR")
+        #expect(cost.historyLabel == "This month")
+        #expect(cost.historyDays == 2)
+        #expect(cost.sessionCostUSD == 0.25)
+        #expect(cost.sessionTokens == 330)
+        #expect(cost.last30DaysCostUSD == 1.75)
+        #expect(cost.last30DaysTokens == 500)
+        #expect(cost.daily.count == 2)
+        #expect(cost.daily.last?.modelsUsed == ["mistral-small"])
+    }
+
+    @Test
+    func `clamps negative billing adjustments in cost token snapshot`() {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let snapshot = MistralUsageSnapshot(
+            totalCost: -2,
+            currency: "EUR",
+            currencySymbol: "€",
+            totalInputTokens: 100,
+            totalOutputTokens: 25,
+            totalCachedTokens: 0,
+            modelCount: 1,
+            daily: [
+                MistralDailyUsageBucket(
+                    day: "2023-11-14",
+                    cost: -1.5,
+                    inputTokens: 100,
+                    cachedTokens: 0,
+                    outputTokens: 25,
+                    models: [
+                        MistralDailyUsageBucket.ModelBreakdown(
+                            name: "mistral-large",
+                            cost: -1.5,
+                            inputTokens: 100,
+                            cachedTokens: 0,
+                            outputTokens: 25),
+                    ]),
+            ],
+            startDate: nil,
+            endDate: nil,
+            updatedAt: now)
+
+        let cost = snapshot.toCostUsageTokenSnapshot()
+        #expect(cost.sessionCostUSD == 0)
+        #expect(cost.last30DaysCostUSD == 0)
+        #expect(cost.daily.first?.costUSD == 0)
+        #expect(cost.daily.first?.modelBreakdowns?.first?.costUSD == 0)
+    }
+
+    @Test
+    func `preserves net monthly cost when billing includes credits`() {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let snapshot = MistralUsageSnapshot(
+            totalCost: 8,
+            currency: "EUR",
+            currencySymbol: "€",
+            totalInputTokens: 100,
+            totalOutputTokens: 25,
+            totalCachedTokens: 0,
+            modelCount: 1,
+            daily: [
+                MistralDailyUsageBucket(
+                    day: "2023-11-14",
+                    cost: 10,
+                    inputTokens: 100,
+                    cachedTokens: 0,
+                    outputTokens: 25,
+                    models: []),
+                MistralDailyUsageBucket(
+                    day: "2023-11-15",
+                    cost: -2,
+                    inputTokens: 0,
+                    cachedTokens: 0,
+                    outputTokens: 0,
+                    models: []),
+            ],
+            startDate: nil,
+            endDate: nil,
+            updatedAt: now)
+
+        let cost = snapshot.toCostUsageTokenSnapshot()
+        #expect(cost.last30DaysCostUSD == 8)
+        #expect(cost.sessionCostUSD == 0)
+        #expect(cost.daily.map(\.costUSD) == [10, 0])
+    }
+}
+
+struct MistralStrategyTests {
+    private struct StubClaudeFetcher: ClaudeUsageFetching {
+        func loadLatestUsage(model _: String) async throws -> ClaudeUsageSnapshot {
+            throw ClaudeUsageError.parseFailed("stub")
+        }
+
+        func debugRawProbe(model _: String) async -> String {
+            "stub"
+        }
+
+        func detectVersion() -> String? {
+            nil
+        }
+    }
+
+    private func makeContext(
+        sourceMode: ProviderSourceMode = .auto,
+        settings: ProviderSettingsSnapshot? = nil,
+        env: [String: String] = [:]) -> ProviderFetchContext
+    {
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        return ProviderFetchContext(
+            runtime: .cli,
+            sourceMode: sourceMode,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: settings,
+            fetcher: UsageFetcher(environment: env),
+            claudeFetcher: StubClaudeFetcher(),
+            browserDetection: browserDetection)
+    }
+
+    @Test
+    func `strategy is unavailable when cookie source is off`() async {
+        let settings = ProviderSettingsSnapshot.make(
+            mistral: ProviderSettingsSnapshot.MistralProviderSettings(
+                cookieSource: .off,
+                manualCookieHeader: nil))
+        let context = self.makeContext(settings: settings)
+        let strategy = MistralWebFetchStrategy()
+
+        let available = await strategy.isAvailable(context)
+        #expect(available == false)
+    }
+
+    @Test
+    func `strategy is available when cookie source is auto`() async {
+        let settings = ProviderSettingsSnapshot.make(
+            mistral: ProviderSettingsSnapshot.MistralProviderSettings(
+                cookieSource: .auto,
+                manualCookieHeader: nil))
+        let context = self.makeContext(settings: settings)
+        let strategy = MistralWebFetchStrategy()
+
+        let available = await strategy.isAvailable(context)
+        #expect(available == true)
+    }
+
+    @Test
+    func `strategy is available when cookie source is manual`() async {
+        let settings = ProviderSettingsSnapshot.make(
+            mistral: ProviderSettingsSnapshot.MistralProviderSettings(
+                cookieSource: .manual,
+                manualCookieHeader: "ory_session_x=abc; csrftoken=xyz"))
+        let context = self.makeContext(settings: settings)
+        let strategy = MistralWebFetchStrategy()
+
+        let available = await strategy.isAvailable(context)
+        #expect(available == true)
+    }
+
+    @Test
+    func `strategy never falls back (single strategy provider)`() {
+        let strategy = MistralWebFetchStrategy()
+        let context = self.makeContext()
+        let shouldFallback = strategy.shouldFallback(
+            on: MistralUsageError.invalidCredentials,
+            context: context)
+        #expect(shouldFallback == false)
+    }
+
+    @Test
+    func `descriptor metadata is correct`() {
+        let descriptor = MistralProviderDescriptor.descriptor
+        #expect(descriptor.id == .mistral)
+        #expect(descriptor.metadata.displayName == "Mistral")
+        #expect(descriptor.metadata.cliName == "mistral")
+        #expect(descriptor.metadata.defaultEnabled == false)
+        #expect(descriptor.cli.name == "mistral")
+        #expect(descriptor.fetchPlan.sourceModes == [.auto, .web])
+        #expect(descriptor.branding.iconResourceName == "ProviderIcon-mistral")
+        #expect(descriptor.tokenCost.supportsTokenCost)
+    }
+}
diff --git a/Tests/CodexBarTests/ModelsDevPricingTests.swift b/Tests/CodexBarTests/ModelsDevPricingTests.swift
new file mode 100644
index 000000000..3a4d1807d
--- /dev/null
+++ b/Tests/CodexBarTests/ModelsDevPricingTests.swift
@@ -0,0 +1,592 @@
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+import Testing
+@testable import CodexBarCore
+
+struct ModelsDevPricingTests {
+    @Test
+    func `parses models dev subset`() throws {
+        let catalog = try Self.fixtureCatalog()
+
+        #expect(catalog.providers["openai"]?.name == "OpenAI")
+        #expect(catalog.providers["anthropic"]?.models["claude-sonnet-4-6"]?.cost?.cacheWrite == 3.75)
+        #expect(catalog.providers["anthropic"]?.models["claude-sonnet-4-6"]?.limit?.context == 1_000_000)
+    }
+
+    @Test
+    func `looks up pricing by provider and model`() throws {
+        let catalog = try Self.fixtureCatalog()
+
+        let openAI = try #require(catalog.pricing(providerID: "openai", modelID: "shared-model"))
+        let anthropic = try #require(catalog.pricing(providerID: "anthropic", modelID: "shared-model"))
+
+        #expect(openAI.pricing.inputCostPerToken == 1 / 1_000_000.0)
+        #expect(openAI.pricing.outputCostPerToken == 2 / 1_000_000.0)
+        #expect(anthropic.pricing.inputCostPerToken == 3 / 1_000_000.0)
+        #expect(anthropic.pricing.outputCostPerToken == 4 / 1_000_000.0)
+    }
+
+    @Test
+    func `does not fall back across providers`() throws {
+        let catalog = try Self.fixtureCatalog()
+
+        #expect(catalog.pricing(providerID: "openai", modelID: "claude-sonnet-4-6") == nil)
+        #expect(catalog.pricing(providerID: "anthropic", modelID: "gpt-4o-mini") == nil)
+    }
+
+    @Test
+    func `supports provider scoped alias normalization`() throws {
+        let catalog = try Self.fixtureCatalog()
+
+        let anthropic = try #require(catalog.pricing(
+            providerID: "anthropic",
+            modelID: "anthropic.us-east-1.claude-sonnet-4-6-v1:0"))
+        let vertex = try #require(catalog.pricing(
+            providerID: "google-vertex-anthropic",
+            modelID: "claude-sonnet-4-6"))
+
+        #expect(anthropic.normalizedModelID == "claude-sonnet-4-6")
+        #expect(vertex.normalizedModelID == "claude-sonnet-4-6@default")
+        #expect(vertex.pricing.inputCostPerToken == 3.1 / 1_000_000.0)
+    }
+
+    @Test
+    func `converts models dev per million token prices to per token prices`() throws {
+        let pricing = try #require(try Self.fixtureCatalog().pricing(
+            providerID: "anthropic",
+            modelID: "claude-sonnet-4-6")?
+            .pricing)
+
+        #expect(pricing.inputCostPerToken == 3 / 1_000_000.0)
+        #expect(pricing.outputCostPerToken == 15 / 1_000_000.0)
+        #expect(pricing.cacheReadInputCostPerToken == 0.3 / 1_000_000.0)
+        #expect(pricing.cacheCreationInputCostPerToken == 3.75 / 1_000_000.0)
+        #expect(pricing.thresholdTokens == 200_000)
+        #expect(pricing.inputCostPerTokenAboveThreshold == 6 / 1_000_000.0)
+        #expect(pricing.outputCostPerTokenAboveThreshold == 22.5 / 1_000_000.0)
+        #expect(pricing.cacheReadInputCostPerTokenAboveThreshold == 0.6 / 1_000_000.0)
+        #expect(pricing.cacheCreationInputCostPerTokenAboveThreshold == 7.5 / 1_000_000.0)
+    }
+
+    @Test
+    func `stale cache is still readable`() throws {
+        let root = try Self.cacheRoot()
+        let old = Date(timeIntervalSince1970: 1)
+        try ModelsDevCache.save(catalog: Self.fixtureCatalog(), fetchedAt: old, cacheRoot: root)
+
+        let load = ModelsDevCache.load(
+            now: Date(timeIntervalSince1970: 1 + ModelsDevCache.ttlSeconds + 1),
+            cacheRoot: root)
+
+        #expect(load.artifact != nil)
+        #expect(load.isStale)
+        #expect(load.error == nil)
+    }
+
+    @Test
+    func `pipeline lookup reads cached pricing`() throws {
+        let root = try Self.cacheRoot()
+        try ModelsDevCache.save(catalog: Self.fixtureCatalog(), fetchedAt: Date(), cacheRoot: root)
+
+        let lookup = try #require(ModelsDevPricingPipeline.lookup(
+            providerID: "openai",
+            modelID: "gpt-4o-mini",
+            cacheRoot: root))
+
+        #expect(lookup.pricing.inputCostPerToken == 0.15 / 1_000_000.0)
+    }
+
+    @Test
+    func `network failure preserves last valid cache`() async throws {
+        let root = try Self.cacheRoot()
+        let old = Date(timeIntervalSince1970: 1)
+        try ModelsDevCache.save(catalog: Self.fixtureCatalog(), fetchedAt: old, cacheRoot: root)
+
+        await ModelsDevPricingPipeline.refreshIfNeeded(
+            now: Date(timeIntervalSince1970: 1 + ModelsDevCache.ttlSeconds + 1),
+            cacheRoot: root,
+            client: ModelsDevClient(transport: MockTransport(result: .failure(MockError.failed))))
+
+        let lookup = try #require(ModelsDevPricingPipeline.lookup(
+            providerID: "openai",
+            modelID: "gpt-4o-mini",
+            cacheRoot: root))
+
+        #expect(lookup.pricing.inputCostPerToken == 0.15 / 1_000_000.0)
+    }
+
+    @Test
+    func `refresh preserves cache when fetched catalog drops cached provider`() async throws {
+        let root = try Self.cacheRoot()
+        let old = Date(timeIntervalSince1970: 1)
+        try ModelsDevCache.save(catalog: Self.fixtureCatalog(), fetchedAt: old, cacheRoot: root)
+
+        let partialCatalog = Data("""
+        {
+          "openai": { "id": 7, "models": [] },
+          "anthropic": {
+            "id": "anthropic",
+            "models": {
+              "shared-model": {
+                "id": "shared-model",
+                "cost": { "input": 99, "output": 99 }
+              }
+            }
+          }
+        }
+        """.utf8)
+        await ModelsDevPricingPipeline.refreshIfNeeded(
+            now: Date(timeIntervalSince1970: 1 + ModelsDevCache.ttlSeconds + 1),
+            cacheRoot: root,
+            client: ModelsDevClient(transport: MockTransport(
+                result: .success((partialCatalog, Self.response(status: 200))))))
+
+        let lookup = try #require(ModelsDevPricingPipeline.lookup(
+            providerID: "openai",
+            modelID: "gpt-4o-mini",
+            cacheRoot: root))
+
+        #expect(lookup.pricing.inputCostPerToken == 0.15 / 1_000_000.0)
+    }
+
+    @Test
+    func `refresh preserves cache when fetched catalog drops cached model`() async throws {
+        let root = try Self.cacheRoot()
+        let old = Date(timeIntervalSince1970: 1)
+        try ModelsDevCache.save(catalog: Self.fixtureCatalog(), fetchedAt: old, cacheRoot: root)
+
+        let partialCatalog = Data("""
+        {
+          "openai": {
+            "id": "openai",
+            "models": {
+              "shared-model": {
+                "id": "shared-model",
+                "cost": { "input": 99, "output": 99 }
+              }
+            }
+          },
+          "anthropic": {
+            "id": "anthropic",
+            "models": {
+              "shared-model": {
+                "id": "shared-model",
+                "cost": { "input": 99, "output": 99 }
+              }
+            }
+          },
+          "google-vertex-anthropic": {
+            "id": "google-vertex-anthropic",
+            "models": {
+              "claude-sonnet-4-6@default": {
+                "id": "claude-sonnet-4-6@default",
+                "cost": { "input": 99, "output": 99 }
+              }
+            }
+          }
+        }
+        """.utf8)
+        await ModelsDevPricingPipeline.refreshIfNeeded(
+            now: Date(timeIntervalSince1970: 1 + ModelsDevCache.ttlSeconds + 1),
+            cacheRoot: root,
+            client: ModelsDevClient(transport: MockTransport(
+                result: .success((partialCatalog, Self.response(status: 200))))))
+
+        let lookup = try #require(ModelsDevPricingPipeline.lookup(
+            providerID: "openai",
+            modelID: "gpt-4o-mini",
+            cacheRoot: root))
+
+        #expect(lookup.pricing.inputCostPerToken == 0.15 / 1_000_000.0)
+    }
+
+    @Test
+    func `refresh updates cache when fetched catalog renames model key but keeps id`() async throws {
+        let root = try Self.cacheRoot()
+        let old = Date(timeIntervalSince1970: 1)
+        try ModelsDevCache.save(catalog: Self.fixtureCatalog(), fetchedAt: old, cacheRoot: root)
+
+        let renamedCatalog = Data("""
+        {
+          "openai": {
+            "id": "openai",
+            "models": {
+              "gpt-4o-mini-renamed": {
+                "id": "gpt-4o-mini",
+                "cost": { "input": 99, "output": 99 }
+              },
+              "shared-model": {
+                "id": "shared-model",
+                "cost": { "input": 99, "output": 99 }
+              }
+            }
+          },
+          "anthropic": {
+            "id": "anthropic",
+            "models": {
+              "claude-sonnet-4-6": {
+                "id": "claude-sonnet-4-6",
+                "cost": { "input": 99, "output": 99 }
+              },
+              "shared-model": {
+                "id": "shared-model",
+                "cost": { "input": 99, "output": 99 }
+              }
+            }
+          },
+          "google-vertex-anthropic": {
+            "id": "google-vertex-anthropic",
+            "models": {
+              "claude-sonnet-4-6-renamed": {
+                "id": "claude-sonnet-4-6@default",
+                "cost": { "input": 99, "output": 99 }
+              }
+            }
+          }
+        }
+        """.utf8)
+        await ModelsDevPricingPipeline.refreshIfNeeded(
+            now: Date(timeIntervalSince1970: 1 + ModelsDevCache.ttlSeconds + 1),
+            cacheRoot: root,
+            client: ModelsDevClient(transport: MockTransport(
+                result: .success((renamedCatalog, Self.response(status: 200))))))
+
+        let lookup = try #require(ModelsDevPricingPipeline.lookup(
+            providerID: "openai",
+            modelID: "gpt-4o-mini",
+            cacheRoot: root))
+
+        #expect(lookup.normalizedModelID == "gpt-4o-mini")
+        #expect(lookup.pricing.inputCostPerToken == 99 / 1_000_000.0)
+    }
+
+    @Test
+    func `refresh preserves cache when fetched matching model is not priceable`() async throws {
+        let root = try Self.cacheRoot()
+        let old = Date(timeIntervalSince1970: 1)
+        try ModelsDevCache.save(catalog: Self.fixtureCatalog(), fetchedAt: old, cacheRoot: root)
+
+        let partialCatalog = Data("""
+        {
+          "openai": {
+            "id": "openai",
+            "models": {
+              "gpt-4o-mini": {
+                "id": "gpt-4o-mini",
+                "cost": { "input": 99 }
+              },
+              "shared-model": {
+                "id": "shared-model",
+                "cost": { "input": 99, "output": 99 }
+              }
+            }
+          },
+          "anthropic": {
+            "id": "anthropic",
+            "models": {
+              "claude-sonnet-4-6": {
+                "id": "claude-sonnet-4-6",
+                "cost": { "input": 99, "output": 99 }
+              },
+              "shared-model": {
+                "id": "shared-model",
+                "cost": { "input": 99, "output": 99 }
+              }
+            }
+          },
+          "google-vertex-anthropic": {
+            "id": "google-vertex-anthropic",
+            "models": {
+              "claude-sonnet-4-6@default": {
+                "id": "claude-sonnet-4-6@default",
+                "cost": { "input": 99, "output": 99 }
+              }
+            }
+          }
+        }
+        """.utf8)
+        await ModelsDevPricingPipeline.refreshIfNeeded(
+            now: Date(timeIntervalSince1970: 1 + ModelsDevCache.ttlSeconds + 1),
+            cacheRoot: root,
+            client: ModelsDevClient(transport: MockTransport(
+                result: .success((partialCatalog, Self.response(status: 200))))))
+
+        let lookup = try #require(ModelsDevPricingPipeline.lookup(
+            providerID: "openai",
+            modelID: "gpt-4o-mini",
+            cacheRoot: root))
+
+        #expect(lookup.pricing.inputCostPerToken == 0.15 / 1_000_000.0)
+    }
+
+    @Test
+    func `refresh updates cache when fetched catalog canonicalizes alias model id`() async throws {
+        let root = try Self.cacheRoot()
+        let old = Date(timeIntervalSince1970: 1)
+        try ModelsDevCache.save(catalog: Self.fixtureCatalog(), fetchedAt: old, cacheRoot: root)
+
+        let canonicalizedCatalog = Data("""
+        {
+          "openai": {
+            "id": "openai",
+            "models": {
+              "gpt-4o-mini": {
+                "id": "gpt-4o-mini",
+                "cost": { "input": 99, "output": 99 }
+              },
+              "shared-model": {
+                "id": "shared-model",
+                "cost": { "input": 99, "output": 99 }
+              }
+            }
+          },
+          "anthropic": {
+            "id": "anthropic",
+            "models": {
+              "claude-sonnet-4-6": {
+                "id": "claude-sonnet-4-6",
+                "cost": { "input": 99, "output": 99 }
+              },
+              "shared-model": {
+                "id": "shared-model",
+                "cost": { "input": 99, "output": 99 }
+              }
+            }
+          },
+          "google-vertex-anthropic": {
+            "id": "google-vertex-anthropic",
+            "models": {
+              "claude-sonnet-4-6": {
+                "id": "claude-sonnet-4-6",
+                "cost": { "input": 99, "output": 99 }
+              }
+            }
+          }
+        }
+        """.utf8)
+        await ModelsDevPricingPipeline.refreshIfNeeded(
+            now: Date(timeIntervalSince1970: 1 + ModelsDevCache.ttlSeconds + 1),
+            cacheRoot: root,
+            client: ModelsDevClient(transport: MockTransport(
+                result: .success((canonicalizedCatalog, Self.response(status: 200))))))
+
+        let defaultLookup = try #require(ModelsDevPricingPipeline.lookup(
+            providerID: "google-vertex-anthropic",
+            modelID: "claude-sonnet-4-6@default",
+            cacheRoot: root))
+        let baseLookup = try #require(ModelsDevPricingPipeline.lookup(
+            providerID: "google-vertex-anthropic",
+            modelID: "claude-sonnet-4-6",
+            cacheRoot: root))
+
+        #expect(defaultLookup.pricing.inputCostPerToken == 99 / 1_000_000.0)
+        #expect(baseLookup.pricing.inputCostPerToken == 99 / 1_000_000.0)
+    }
+
+    @Test
+    func `refresh preserves cache when fetched catalog only has different pinned snapshot`() async throws {
+        let root = try Self.cacheRoot()
+        let old = Date(timeIntervalSince1970: 1)
+        let cachedCatalog = try Self.catalog("""
+        {
+          "google-vertex-anthropic": {
+            "id": "google-vertex-anthropic",
+            "models": {
+              "claude-sonnet-4@20250101": {
+                "id": "claude-sonnet-4@20250101",
+                "cost": { "input": 3, "output": 15 }
+              }
+            }
+          }
+        }
+        """)
+        ModelsDevCache.save(catalog: cachedCatalog, fetchedAt: old, cacheRoot: root)
+
+        let fetchedCatalog = Data("""
+        {
+          "google-vertex-anthropic": {
+            "id": "google-vertex-anthropic",
+            "models": {
+              "claude-sonnet-4@20250201": {
+                "id": "claude-sonnet-4@20250201",
+                "cost": { "input": 99, "output": 99 }
+              }
+            }
+          }
+        }
+        """.utf8)
+        await ModelsDevPricingPipeline.refreshIfNeeded(
+            now: Date(timeIntervalSince1970: 1 + ModelsDevCache.ttlSeconds + 1),
+            cacheRoot: root,
+            client: ModelsDevClient(transport: MockTransport(
+                result: .success((fetchedCatalog, Self.response(status: 200))))))
+
+        let lookup = try #require(ModelsDevPricingPipeline.lookup(
+            providerID: "google-vertex-anthropic",
+            modelID: "claude-sonnet-4@20250101",
+            cacheRoot: root))
+
+        #expect(lookup.pricing.inputCostPerToken == 3 / 1_000_000.0)
+    }
+
+    @Test
+    func `refresh ignores unpriceable models in old cache continuity check`() async throws {
+        let root = try Self.cacheRoot()
+        let old = Date(timeIntervalSince1970: 1)
+        let cachedCatalog = try Self.catalog("""
+        {
+          "openai": {
+            "id": "openai",
+            "models": {
+              "gpt-4o-mini": {
+                "id": "gpt-4o-mini",
+                "cost": { "input": 0.15, "output": 0.6 }
+              },
+              "unpriced-preview": {
+                "id": "unpriced-preview"
+              }
+            }
+          }
+        }
+        """)
+        ModelsDevCache.save(catalog: cachedCatalog, fetchedAt: old, cacheRoot: root)
+
+        let fetchedCatalog = Data("""
+        {
+          "openai": {
+            "id": "openai",
+            "models": {
+              "gpt-4o-mini": {
+                "id": "gpt-4o-mini",
+                "cost": { "input": 99, "output": 99 }
+              }
+            }
+          }
+        }
+        """.utf8)
+        await ModelsDevPricingPipeline.refreshIfNeeded(
+            now: Date(timeIntervalSince1970: 1 + ModelsDevCache.ttlSeconds + 1),
+            cacheRoot: root,
+            client: ModelsDevClient(transport: MockTransport(
+                result: .success((fetchedCatalog, Self.response(status: 200))))))
+
+        let lookup = try #require(ModelsDevPricingPipeline.lookup(
+            providerID: "openai",
+            modelID: "gpt-4o-mini",
+            cacheRoot: root))
+
+        #expect(lookup.pricing.inputCostPerToken == 99 / 1_000_000.0)
+    }
+
+    @Test
+    func `fresh cache does not refresh`() async throws {
+        let root = try Self.cacheRoot()
+        try ModelsDevCache.save(catalog: Self.fixtureCatalog(), fetchedAt: Date(), cacheRoot: root)
+        let transport = TrackingTransport(result: .failure(MockError.failed))
+
+        await ModelsDevPricingPipeline.refreshIfNeeded(
+            now: Date(),
+            cacheRoot: root,
+            client: ModelsDevClient(transport: transport))
+
+        #expect(transport.calls == 0)
+    }
+
+    @Test
+    func `corrupt cache is ignored safely`() throws {
+        let root = try Self.cacheRoot()
+        let url = ModelsDevCache.cacheFileURL(cacheRoot: root)
+        try FileManager.default.createDirectory(at: url.deletingLastPathComponent(), withIntermediateDirectories: true)
+        try Data("not json".utf8).write(to: url)
+
+        let load = ModelsDevCache.load(cacheRoot: root)
+
+        #expect(load.artifact == nil)
+        #expect(load.isStale)
+        #expect(load.error == .invalidJSON)
+    }
+
+    @Test
+    func `client fetches with mock transport`() async throws {
+        let data = try Self.fixtureData()
+        let client = ModelsDevClient(transport: MockTransport(result: .success((data, Self.response(status: 200)))))
+
+        let catalog = try await client.fetchCatalog()
+
+        #expect(catalog.providers["google-vertex-anthropic"]?.models["claude-sonnet-4-6@default"]?.cost?.input == 3.1)
+    }
+
+    @Test
+    func `client reports http and json failures`() async throws {
+        let data = try Self.fixtureData()
+        let httpClient = ModelsDevClient(transport: MockTransport(result: .success((data, Self.response(status: 500)))))
+        let jsonClient = ModelsDevClient(transport: MockTransport(
+            result: .success((Data("not json".utf8), Self.response(status: 200)))))
+
+        await #expect(throws: ModelsDevClient.Error.httpStatus(500)) {
+            _ = try await httpClient.fetchCatalog()
+        }
+        await #expect(throws: ModelsDevClient.Error.invalidJSON) {
+            _ = try await jsonClient.fetchCatalog()
+        }
+    }
+
+    private static func fixtureData() throws -> Data {
+        let url = try #require(Bundle.module.url(
+            forResource: "models-dev-subset",
+            withExtension: "json",
+            subdirectory: "Fixtures"))
+        return try Data(contentsOf: url)
+    }
+
+    private static func fixtureCatalog() throws -> ModelsDevCatalog {
+        try JSONDecoder().decode(ModelsDevCatalog.self, from: self.fixtureData())
+    }
+
+    private static func catalog(_ json: String) throws -> ModelsDevCatalog {
+        try JSONDecoder().decode(ModelsDevCatalog.self, from: Data(json.utf8))
+    }
+
+    private static func cacheRoot() throws -> URL {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codexbar-modelsdev-tests-\(UUID().uuidString)", isDirectory: true)
+        try FileManager.default.createDirectory(at: root, withIntermediateDirectories: true)
+        return root
+    }
+
+    private static func response(status: Int) -> HTTPURLResponse {
+        HTTPURLResponse(
+            url: URL(string: "https://models.dev/api.json")!,
+            statusCode: status,
+            httpVersion: nil,
+            headerFields: nil)!
+    }
+}
+
+private enum MockError: Error {
+    case failed
+}
+
+private struct MockTransport: ModelsDevHTTPTransport {
+    let result: Result<(Data, URLResponse), Error>
+
+    func data(for _: URLRequest) async throws -> (Data, URLResponse) {
+        try self.result.get()
+    }
+}
+
+private final class TrackingTransport: ModelsDevHTTPTransport, @unchecked Sendable {
+    private(set) var calls = 0
+    let result: Result<(Data, URLResponse), Error>
+
+    init(result: Result<(Data, URLResponse), Error>) {
+        self.result = result
+    }
+
+    func data(for _: URLRequest) async throws -> (Data, URLResponse) {
+        self.calls += 1
+        return try self.result.get()
+    }
+}
diff --git a/Tests/CodexBarTests/MoonshotSettingsReaderTests.swift b/Tests/CodexBarTests/MoonshotSettingsReaderTests.swift
new file mode 100644
index 000000000..3188f5dd6
--- /dev/null
+++ b/Tests/CodexBarTests/MoonshotSettingsReaderTests.swift
@@ -0,0 +1,68 @@
+import CodexBarCore
+import Testing
+
+struct MoonshotSettingsReaderTests {
+    @Test
+    func `api key prefers MOONSHOT API KEY`() {
+        let env = [
+            "MOONSHOT_API_KEY": "primary-token",
+            "MOONSHOT_KEY": "fallback-token",
+        ]
+
+        #expect(MoonshotSettingsReader.apiKey(environment: env) == "primary-token")
+    }
+
+    @Test
+    func `api key strips quotes`() {
+        let env = ["MOONSHOT_KEY": "\"quoted-token\""]
+
+        #expect(MoonshotSettingsReader.apiKey(environment: env) == "quoted-token")
+    }
+
+    @Test
+    func `region parses china`() {
+        let env = ["MOONSHOT_REGION": "china"]
+
+        #expect(MoonshotSettingsReader.region(environment: env) == .china)
+    }
+
+    @Test
+    func `default settings snapshot does not mask environment region`() {
+        let settings = ProviderSettingsSnapshot.MoonshotProviderSettings()
+
+        #expect(settings.region == nil)
+    }
+
+    @Test
+    func `region defaults to international for unknown values`() {
+        let env = ["MOONSHOT_REGION": "moon"]
+
+        #expect(MoonshotSettingsReader.region(environment: env) == .international)
+    }
+}
+
+struct MoonshotProviderTokenResolverTests {
+    @Test
+    func `resolves from environment`() {
+        let env = ["MOONSHOT_API_KEY": "env-token"]
+        let resolution = ProviderTokenResolver.moonshotResolution(environment: env)
+
+        #expect(resolution?.token == "env-token")
+        #expect(resolution?.source == .environment)
+    }
+
+    @Test
+    func `uses kimi branding icon`() {
+        let branding = MoonshotProviderDescriptor.descriptor.branding
+
+        #expect(branding.iconStyle == .kimi)
+        #expect(branding.iconResourceName == "ProviderIcon-kimi")
+    }
+
+    @Test
+    func `dashboard url opens account console`() {
+        #expect(
+            MoonshotProviderDescriptor.descriptor.metadata.dashboardURL
+                == "https://platform.moonshot.ai/console/account")
+    }
+}
diff --git a/Tests/CodexBarTests/MoonshotUsageFetcherTests.swift b/Tests/CodexBarTests/MoonshotUsageFetcherTests.swift
new file mode 100644
index 000000000..7d69af2af
--- /dev/null
+++ b/Tests/CodexBarTests/MoonshotUsageFetcherTests.swift
@@ -0,0 +1,220 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct MoonshotUsageFetcherTests {
+    @Test
+    func `parses documented response`() throws {
+        let json = """
+        {
+          "code": 0,
+          "data": {
+            "available_balance": 49.58,
+            "voucher_balance": 50.00,
+            "cash_balance": 12.34
+          },
+          "scode": "0x0",
+          "status": true
+        }
+        """
+
+        let summary = try MoonshotUsageFetcher._parseSummaryForTesting(Data(json.utf8))
+
+        #expect(summary.availableBalance == 49.58)
+        #expect(summary.voucherBalance == 50.00)
+        #expect(summary.cashBalance == 12.34)
+
+        let usage = MoonshotUsageSnapshot(summary: summary).toUsageSnapshot()
+        #expect(usage.primary == nil)
+        #expect(usage.secondary == nil)
+        #expect(usage.loginMethod(for: .moonshot) == "Balance: $49.58")
+    }
+
+    @Test
+    func `negative cash balance is surfaced as deficit`() throws {
+        let json = """
+        {
+          "code": 0,
+          "data": {
+            "available_balance": 49.58,
+            "voucher_balance": 50.00,
+            "cash_balance": -0.42
+          },
+          "scode": "0x0",
+          "status": true
+        }
+        """
+
+        let summary = try MoonshotUsageFetcher._parseSummaryForTesting(Data(json.utf8))
+        let usage = MoonshotUsageSnapshot(summary: summary).toUsageSnapshot()
+
+        #expect(summary.cashBalance == -0.42)
+        #expect(usage.loginMethod(for: .moonshot)?.contains("in deficit") == true)
+    }
+
+    @Test
+    func `invalid root returns parse error`() {
+        let json = """
+        [{ "available_balance": 1 }]
+        """
+
+        #expect {
+            _ = try MoonshotUsageFetcher._parseSummaryForTesting(Data(json.utf8))
+        } throws: { error in
+            guard case MoonshotUsageError.parseFailed = error else { return false }
+            return true
+        }
+    }
+
+    @Test
+    func `api code failure returns api error`() {
+        let json = """
+        {
+          "code": 401,
+          "data": {
+            "available_balance": 0,
+            "voucher_balance": 0,
+            "cash_balance": 0
+          },
+          "scode": "unauthorized",
+          "status": false
+        }
+        """
+
+        #expect {
+            _ = try MoonshotUsageFetcher._parseSummaryForTesting(Data(json.utf8))
+        } throws: { error in
+            guard case let MoonshotUsageError.apiError(message) = error else { return false }
+            return message == "code 401, scode unauthorized"
+        }
+    }
+
+    @Test
+    func `international host uses moonshot ai`() {
+        let url = MoonshotUsageFetcher.resolveBalanceURL(region: .international)
+
+        #expect(url.absoluteString == "https://api.moonshot.ai/v1/users/me/balance")
+    }
+
+    @Test
+    func `china host uses moonshot cn`() {
+        let url = MoonshotUsageFetcher.resolveBalanceURL(region: .china)
+
+        #expect(url.absoluteString == "https://api.moonshot.cn/v1/users/me/balance")
+    }
+
+    @Test
+    func `fetch usage sends bearer token and bounded request`() async throws {
+        defer {
+            MoonshotStubURLProtocol.requests = []
+            MoonshotStubURLProtocol.handler = nil
+        }
+
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [MoonshotStubURLProtocol.self]
+        let session = URLSession(configuration: config)
+
+        MoonshotStubURLProtocol.requests = []
+        MoonshotStubURLProtocol.handler = { request in
+            let url = try #require(request.url)
+            #expect(url.absoluteString == "https://api.moonshot.cn/v1/users/me/balance")
+            #expect(request.httpMethod == "GET")
+            #expect(request.value(forHTTPHeaderField: "Authorization") == "Bearer live-token")
+            #expect(request.value(forHTTPHeaderField: "Accept") == "application/json")
+            #expect(request.timeoutInterval == 15)
+
+            let body = """
+            {
+              "code": 0,
+              "data": {
+                "available_balance": 9.87,
+                "voucher_balance": 1.23,
+                "cash_balance": 8.64
+              },
+              "scode": "0x0",
+              "status": true
+            }
+            """
+            let response = HTTPURLResponse(
+                url: url,
+                statusCode: 200,
+                httpVersion: nil,
+                headerFields: ["Content-Type": "application/json"])!
+            return (response, Data(body.utf8))
+        }
+
+        let snapshot = try await MoonshotUsageFetcher.fetchUsage(
+            apiKey: " live-token ",
+            region: .china,
+            session: session)
+
+        #expect(MoonshotStubURLProtocol.requests.count == 1)
+        #expect(snapshot.summary.availableBalance == 9.87)
+        #expect(snapshot.toUsageSnapshot().loginMethod(for: .moonshot) == "Balance: $9.87")
+    }
+
+    @Test
+    func `fetch usage surfaces http failure without leaking body`() async throws {
+        defer {
+            MoonshotStubURLProtocol.requests = []
+            MoonshotStubURLProtocol.handler = nil
+        }
+
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [MoonshotStubURLProtocol.self]
+        let session = URLSession(configuration: config)
+
+        MoonshotStubURLProtocol.requests = []
+        MoonshotStubURLProtocol.handler = { request in
+            let url = try #require(request.url)
+            let response = HTTPURLResponse(
+                url: url,
+                statusCode: 401,
+                httpVersion: nil,
+                headerFields: ["Content-Type": "application/json"])!
+            return (response, Data(#"{"error":"secret-ish provider body"}"#.utf8))
+        }
+
+        await #expect {
+            _ = try await MoonshotUsageFetcher.fetchUsage(
+                apiKey: "live-token",
+                session: session)
+        } throws: { error in
+            guard case let MoonshotUsageError.apiError(message) = error else { return false }
+            return message == "HTTP 401"
+        }
+    }
+}
+
+final class MoonshotStubURLProtocol: URLProtocol {
+    nonisolated(unsafe) static var requests: [URLRequest] = []
+    nonisolated(unsafe) static var handler: (@Sendable (URLRequest) throws -> (HTTPURLResponse, Data))?
+
+    override static func canInit(with _: URLRequest) -> Bool {
+        true
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        Self.requests.append(self.request)
+        guard let handler = Self.handler else {
+            self.client?.urlProtocol(self, didFailWithError: URLError(.badServerResponse))
+            return
+        }
+
+        do {
+            let (response, data) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
+}
diff --git a/Tests/CodexBarTests/OllamaUsageFetcherRetryMappingTests.swift b/Tests/CodexBarTests/OllamaUsageFetcherRetryMappingTests.swift
index ceff20813..cb42bccce 100644
--- a/Tests/CodexBarTests/OllamaUsageFetcherRetryMappingTests.swift
+++ b/Tests/CodexBarTests/OllamaUsageFetcherRetryMappingTests.swift
@@ -4,8 +4,115 @@ import Testing
 
 @Suite(.serialized)
 struct OllamaUsageFetcherRetryMappingTests {
+    private func makeContext(
+        sourceMode: ProviderSourceMode,
+        env: [String: String] = [:],
+        settings: ProviderSettingsSnapshot? = nil) -> ProviderFetchContext
+    {
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        return ProviderFetchContext(
+            runtime: .cli,
+            sourceMode: sourceMode,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: settings,
+            fetcher: UsageFetcher(),
+            claudeFetcher: ClaudeUsageFetcher(browserDetection: browserDetection),
+            browserDetection: browserDetection)
+    }
+
+    @Test
+    func `api key reader trims configured environment key`() {
+        let token = OllamaAPISettingsReader.apiKey(environment: ["OLLAMA_API_KEY": " 'ollama-test' "])
+
+        #expect(token == "ollama-test")
+    }
+
+    @Test
+    func `api tags response maps to API key identity`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let snapshot = try OllamaAPIUsageFetcher._parseTagsForTesting(
+            Data(#"{"models":[{"name":"gpt-oss:120b"}]}"#.utf8),
+            now: now)
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(snapshot.modelCount == 1)
+        #expect(usage.primary == nil)
+        #expect(usage.identity?.providerID == .ollama)
+        #expect(usage.identity?.loginMethod == "API key")
+        #expect(usage.updatedAt == now)
+    }
+
+    @Test
+    func `auto mode keeps web quota strategy before api key verification`() async {
+        let descriptor = OllamaProviderDescriptor.makeDescriptor()
+        let context = self.makeContext(
+            sourceMode: .auto,
+            env: ["OLLAMA_API_KEY": "ollama-test"],
+            settings: ProviderSettingsSnapshot.make(
+                ollama: .init(cookieSource: .auto, manualCookieHeader: nil)))
+
+        let strategies = await descriptor.fetchPlan.pipeline.resolveStrategies(context)
+
+        #expect(strategies.map(\.id) == ["ollama.web", "ollama.api"])
+    }
+
+    @Test
+    func `auto mode uses api only when ollama cookies are off`() async {
+        let descriptor = OllamaProviderDescriptor.makeDescriptor()
+        let context = self.makeContext(
+            sourceMode: .auto,
+            env: ["OLLAMA_API_KEY": "ollama-test"],
+            settings: ProviderSettingsSnapshot.make(
+                ollama: .init(cookieSource: .off, manualCookieHeader: nil)))
+
+        let strategies = await descriptor.fetchPlan.pipeline.resolveStrategies(context)
+
+        #expect(strategies.map(\.id) == ["ollama.api"])
+    }
+
+    @Test
+    func `web strategy falls back to api key in auto mode`() {
+        let context = self.makeContext(
+            sourceMode: .auto,
+            env: ["OLLAMA_API_KEY": "ollama-test"])
+        let strategy = OllamaStatusFetchStrategy()
+
+        #expect(strategy.shouldFallback(on: OllamaUsageError.parseFailed("missing"), context: context))
+    }
+
+    @Test
+    func `api fetch sends bearer token and rejects unauthorized key`() async throws {
+        let url = try #require(URL(string: "https://ollama.com/api/tags"))
+        let transport = ProviderHTTPTransportHandler { request in
+            #expect(request.url == url)
+            #expect(request.value(forHTTPHeaderField: "Authorization") == "Bearer ollama-test")
+            let response = HTTPURLResponse(
+                url: url,
+                statusCode: 401,
+                httpVersion: "HTTP/1.1",
+                headerFields: nil)!
+            return (Data("{}".utf8), response)
+        }
+
+        do {
+            _ = try await OllamaAPIUsageFetcher.fetchUsage(apiKey: "ollama-test", transport: transport)
+            Issue.record("Expected unauthorized API error")
+        } catch let error as OllamaUsageError {
+            guard case .apiUnauthorized = error else {
+                Issue.record("Expected apiUnauthorized, got \(error)")
+                return
+            }
+        } catch {
+            Issue.record("Expected OllamaUsageError.apiUnauthorized, got \(error)")
+        }
+    }
+
     @Test
-    func missingUsageShapeSurfacesPublicParseFailedMessage() async {
+    func `missing usage shape surfaces public parse failed message`() async {
         defer { OllamaRetryMappingStubURLProtocol.handler = nil }
 
         OllamaRetryMappingStubURLProtocol.handler = { request in
diff --git a/Tests/CodexBarTests/OllamaUsageFetcherTests.swift b/Tests/CodexBarTests/OllamaUsageFetcherTests.swift
index 8020638f8..e7dde89ff 100644
--- a/Tests/CodexBarTests/OllamaUsageFetcherTests.swift
+++ b/Tests/CodexBarTests/OllamaUsageFetcherTests.swift
@@ -2,24 +2,23 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct OllamaUsageFetcherTests {
     @Test
-    func attachesCookieForOllamaHosts() {
+    func `attaches cookie for ollama hosts`() {
         #expect(OllamaUsageFetcher.shouldAttachCookie(to: URL(string: "https://ollama.com/settings")))
         #expect(OllamaUsageFetcher.shouldAttachCookie(to: URL(string: "https://www.ollama.com")))
         #expect(OllamaUsageFetcher.shouldAttachCookie(to: URL(string: "https://app.ollama.com/path")))
     }
 
     @Test
-    func rejectsNonOllamaHosts() {
+    func `rejects non ollama hosts`() {
         #expect(!OllamaUsageFetcher.shouldAttachCookie(to: URL(string: "https://example.com")))
         #expect(!OllamaUsageFetcher.shouldAttachCookie(to: URL(string: "https://ollama.com.evil.com")))
         #expect(!OllamaUsageFetcher.shouldAttachCookie(to: nil))
     }
 
     @Test
-    func manualModeWithoutValidHeaderThrowsNoSessionCookie() {
+    func `manual mode without valid header throws no session cookie`() {
         do {
             _ = try OllamaUsageFetcher.resolveManualCookieHeader(
                 override: nil,
@@ -33,7 +32,7 @@ struct OllamaUsageFetcherTests {
     }
 
     @Test
-    func autoModeWithoutHeaderDoesNotForceManualError() throws {
+    func `auto mode without header does not force manual error`() throws {
         let resolved = try OllamaUsageFetcher.resolveManualCookieHeader(
             override: nil,
             manualCookieMode: false)
@@ -41,7 +40,7 @@ struct OllamaUsageFetcherTests {
     }
 
     @Test
-    func manualModeWithoutRecognizedSessionCookieThrowsNoSessionCookie() {
+    func `manual mode without recognized session cookie throws no session cookie`() {
         do {
             _ = try OllamaUsageFetcher.resolveManualCookieHeader(
                 override: "analytics_session_id=noise; theme=dark",
@@ -55,7 +54,7 @@ struct OllamaUsageFetcherTests {
     }
 
     @Test
-    func manualModeWithRecognizedSessionCookieAcceptsHeader() throws {
+    func `manual mode with recognized session cookie accepts header`() throws {
         let resolved = try OllamaUsageFetcher.resolveManualCookieHeader(
             override: "next-auth.session-token.0=abc; theme=dark",
             manualCookieMode: true)
@@ -63,7 +62,15 @@ struct OllamaUsageFetcherTests {
     }
 
     @Test
-    func retryPolicyRetriesOnlyForAuthErrors() {
+    func `manual mode accepts secure session cookie header`() throws {
+        let resolved = try OllamaUsageFetcher.resolveManualCookieHeader(
+            override: "__Secure-session=abc; theme=dark",
+            manualCookieMode: true)
+        #expect(resolved?.contains("__Secure-session=abc") == true)
+    }
+
+    @Test
+    func `retry policy retries only for auth errors`() {
         #expect(OllamaUsageFetcher.shouldRetryWithNextCookieCandidate(after: OllamaUsageError.invalidCredentials))
         #expect(OllamaUsageFetcher.shouldRetryWithNextCookieCandidate(after: OllamaUsageError.notLoggedIn))
         #expect(OllamaUsageFetcher.shouldRetryWithNextCookieCandidate(
@@ -77,12 +84,13 @@ struct OllamaUsageFetcherTests {
 
     #if os(macOS)
     @Test
-    func cookieImporterDefaultsToChromeFirst() {
+    func `cookie importer defaults to chrome first`() {
         #expect(OllamaCookieImporter.defaultPreferredBrowsers == [.chrome])
+        #expect(OllamaCookieImporter.defaultAllowFallbackBrowsers)
     }
 
     @Test
-    func cookieSelectorSkipsSessionLikeNoiseAndFindsRecognizedCookie() throws {
+    func `cookie selector skips session like noise and finds recognized cookie`() throws {
         let first = OllamaCookieImporter.SessionInfo(
             cookies: [Self.makeCookie(name: "analytics_session_id", value: "noise")],
             sourceLabel: "Profile A")
@@ -95,7 +103,7 @@ struct OllamaUsageFetcherTests {
     }
 
     @Test
-    func cookieSelectorThrowsWhenNoRecognizedSessionCookieExists() {
+    func `cookie selector throws when no recognized session cookie exists`() {
         let candidates = [
             OllamaCookieImporter.SessionInfo(
                 cookies: [Self.makeCookie(name: "analytics_session_id", value: "noise")],
@@ -116,7 +124,7 @@ struct OllamaUsageFetcherTests {
     }
 
     @Test
-    func cookieSelectorAcceptsChunkedNextAuthSessionTokenCookie() throws {
+    func `cookie selector accepts chunked next auth session token cookie`() throws {
         let candidate = OllamaCookieImporter.SessionInfo(
             cookies: [Self.makeCookie(name: "next-auth.session-token.0", value: "chunk0")],
             sourceLabel: "Profile C")
@@ -126,7 +134,17 @@ struct OllamaUsageFetcherTests {
     }
 
     @Test
-    func cookieSelectorKeepsRecognizedCandidatesInOrder() throws {
+    func `cookie selector accepts secure session cookie`() throws {
+        let candidate = OllamaCookieImporter.SessionInfo(
+            cookies: [Self.makeCookie(name: "__Secure-session", value: "auth")],
+            sourceLabel: "Profile D")
+
+        let selected = try OllamaCookieImporter.selectSessionInfo(from: [candidate])
+        #expect(selected.sourceLabel == "Profile D")
+    }
+
+    @Test
+    func `cookie selector keeps recognized candidates in order`() throws {
         let first = OllamaCookieImporter.SessionInfo(
             cookies: [Self.makeCookie(name: "session", value: "stale")],
             sourceLabel: "Chrome Profile A")
@@ -142,7 +160,7 @@ struct OllamaUsageFetcherTests {
     }
 
     @Test
-    func cookieSelectorDoesNotFallbackWhenFallbackDisabled() {
+    func `cookie selector does not fallback when fallback disabled`() {
         let preferred = [
             OllamaCookieImporter.SessionInfo(
                 cookies: [Self.makeCookie(name: "analytics_session_id", value: "noise")],
@@ -168,7 +186,7 @@ struct OllamaUsageFetcherTests {
     }
 
     @Test
-    func cookieSelectorFallsBackToNonChromeCandidateWhenFallbackEnabled() throws {
+    func `cookie selector falls back to non chrome candidate when fallback enabled`() throws {
         let preferred = [
             OllamaCookieImporter.SessionInfo(
                 cookies: [Self.makeCookie(name: "analytics_session_id", value: "noise")],
@@ -187,6 +205,21 @@ struct OllamaUsageFetcherTests {
         #expect(selected.sourceLabel == "Safari Profile")
     }
 
+    @Test
+    func `cookie selector can fall back to comet secure session cookie`() throws {
+        let fallback = [
+            OllamaCookieImporter.SessionInfo(
+                cookies: [Self.makeCookie(name: "__Secure-session", value: "auth")],
+                sourceLabel: "Comet Profile"),
+        ]
+
+        let selected = try OllamaCookieImporter.selectSessionInfoWithFallback(
+            preferredCandidates: [],
+            allowFallbackBrowsers: true,
+            loadFallbackCandidates: { fallback })
+        #expect(selected.sourceLabel == "Comet Profile")
+    }
+
     private static func makeCookie(
         name: String,
         value: String,
diff --git a/Tests/CodexBarTests/OllamaUsageParserTests.swift b/Tests/CodexBarTests/OllamaUsageParserTests.swift
index e01d167ae..bdec92606 100644
--- a/Tests/CodexBarTests/OllamaUsageParserTests.swift
+++ b/Tests/CodexBarTests/OllamaUsageParserTests.swift
@@ -2,10 +2,9 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct OllamaUsageParserTests {
     @Test
-    func parsesCloudUsageFromSettingsHTML() throws {
+    func `parses cloud usage from settings HTML`() throws {
         let now = Date(timeIntervalSince1970: 1_700_000_000)
         let html = """
         <div>
@@ -44,10 +43,12 @@ struct OllamaUsageParserTests {
         let usage = snapshot.toUsageSnapshot()
         #expect(usage.identity?.loginMethod == "free")
         #expect(usage.identity?.accountEmail == "user@example.com")
+        #expect(usage.primary?.windowMinutes == 5 * 60)
+        #expect(usage.secondary?.windowMinutes == 7 * 24 * 60)
     }
 
     @Test
-    func missingUsageThrowsParseFailed() {
+    func `missing usage throws parse failed`() {
         let html = "<html><body>No usage here. login status unknown.</body></html>"
 
         #expect {
@@ -59,7 +60,7 @@ struct OllamaUsageParserTests {
     }
 
     @Test
-    func classifiedParseMissingUsageReturnsTypedFailure() {
+    func `classified parse missing usage returns typed failure`() {
         let html = "<html><body>No usage here. login status unknown.</body></html>"
         let result = OllamaUsageParser.parseClassified(html: html)
 
@@ -72,7 +73,7 @@ struct OllamaUsageParserTests {
     }
 
     @Test
-    func signedOutThrowsNotLoggedIn() {
+    func `signed out throws not logged in`() {
         let html = """
         <html>
           <body>
@@ -94,7 +95,7 @@ struct OllamaUsageParserTests {
     }
 
     @Test
-    func classifiedParseSignedOutReturnsTypedFailure() {
+    func `classified parse signed out returns typed failure`() {
         let html = """
         <html>
           <body>
@@ -117,7 +118,7 @@ struct OllamaUsageParserTests {
     }
 
     @Test
-    func genericSignInTextWithoutAuthMarkersThrowsParseFailed() {
+    func `generic sign in text without auth markers throws parse failed`() {
         let html = """
         <html>
           <body>
@@ -137,7 +138,7 @@ struct OllamaUsageParserTests {
     }
 
     @Test
-    func parsesHourlyUsageAsPrimaryWindow() throws {
+    func `parses hourly usage as primary window`() throws {
         let now = Date(timeIntervalSince1970: 1_700_000_000)
         let html = """
         <div>
@@ -154,10 +155,39 @@ struct OllamaUsageParserTests {
 
         #expect(snapshot.sessionUsedPercent == 2.5)
         #expect(snapshot.weeklyUsedPercent == 4.2)
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.windowMinutes == nil)
+        #expect(usage.secondary?.windowMinutes == 7 * 24 * 60)
+    }
+
+    @Test
+    func `weekly usage parser finds reset timestamp in long usage block`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let filler = String(repeating: "<span class=\"grid-cell\"></span>", count: 40)
+        let html = """
+        <div>
+          <span>Session usage</span>
+          <span>0.1% used</span>
+          <span>Weekly usage</span>
+          <span>0.7% used</span>
+          \(filler)
+          <div class=\"local-time\" data-time=\"2026-02-02T00:00:00Z\">Resets in 2 days</div>
+        </div>
+        """
+
+        let snapshot = try OllamaUsageParser.parse(html: html, now: now)
+
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime]
+        let expectedWeekly = formatter.date(from: "2026-02-02T00:00:00Z")
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.resetsAt == nil)
+        #expect(usage.secondary?.resetsAt == expectedWeekly)
     }
 
     @Test
-    func parsesUsageWhenUsedIsCapitalized() throws {
+    func `parses usage when used is capitalized`() throws {
         let now = Date(timeIntervalSince1970: 1_700_000_000)
         let html = """
         <div>
diff --git a/Tests/CodexBarTests/OpenAIAPICreditBalanceTests.swift b/Tests/CodexBarTests/OpenAIAPICreditBalanceTests.swift
new file mode 100644
index 000000000..88860dd5f
--- /dev/null
+++ b/Tests/CodexBarTests/OpenAIAPICreditBalanceTests.swift
@@ -0,0 +1,217 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct OpenAIAPICreditBalanceTests {
+    private func makeContext(
+        apiKey: String = "sk-test",
+        usesAdminKey: Bool = false,
+        projectID: String? = nil,
+        selectedTokenAccountID: UUID? = nil,
+        historyDays: Int = 30) -> ProviderFetchContext
+    {
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        let apiKeyEnvironmentKey = usesAdminKey
+            ? OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey
+            : OpenAIAPISettingsReader.apiKeyEnvironmentKey
+        var env = [apiKeyEnvironmentKey: apiKey]
+        if let projectID {
+            env[OpenAIAPISettingsReader.projectIDEnvironmentKey] = projectID
+        }
+        return ProviderFetchContext(
+            runtime: .app,
+            sourceMode: .api,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: nil,
+            fetcher: UsageFetcher(environment: env),
+            claudeFetcher: ClaudeUsageFetcher(browserDetection: browserDetection),
+            browserDetection: browserDetection,
+            selectedTokenAccountID: selectedTokenAccountID,
+            costUsageHistoryDays: historyDays)
+    }
+
+    @Test
+    func `prefers admin key environment variable`() {
+        let token = OpenAIAPISettingsReader.apiKey(environment: [
+            "OPENAI_API_KEY": "sk-project",
+            "OPENAI_ADMIN_KEY": "sk-admin",
+        ])
+
+        #expect(token == "sk-admin")
+    }
+
+    @Test
+    func `parses credit grants balance`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let json = """
+        {
+          "object": "credit_summary",
+          "total_granted": 25.5,
+          "total_used": 7.25,
+          "total_available": 18.25,
+          "grants": {
+            "object": "list",
+            "data": [
+              {
+                "grant_amount": 10.0,
+                "used_amount": 1.0,
+                "effective_at": 1690000000,
+                "expires_at": 1800000000
+              }
+            ]
+          }
+        }
+        """
+
+        let snapshot = try OpenAIAPICreditBalanceFetcher._parseSnapshotForTesting(Data(json.utf8), now: now)
+
+        #expect(snapshot.totalGranted == 25.5)
+        #expect(snapshot.totalUsed == 7.25)
+        #expect(snapshot.totalAvailable == 18.25)
+        #expect(snapshot.nextGrantExpiry == Date(timeIntervalSince1970: 1_800_000_000))
+    }
+
+    @Test
+    func `maps balance to usage snapshot`() {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let balance = OpenAIAPICreditBalanceSnapshot(
+            totalGranted: 100,
+            totalUsed: 40,
+            totalAvailable: 60,
+            nextGrantExpiry: Date(timeIntervalSince1970: 1_800_000_000),
+            updatedAt: now)
+
+        let usage = balance.toUsageSnapshot()
+
+        #expect(usage.primary?.usedPercent == 40)
+        #expect(usage.primary?.resetDescription == "$60.00 available")
+        #expect(usage.providerCost?.used == 40)
+        #expect(usage.providerCost?.limit == 100)
+        #expect(usage.identity?.providerID == .openai)
+        #expect(usage.identity?.loginMethod == "API balance: $60.00")
+    }
+
+    @Test
+    func `falls back to legacy billing when admin usage rejects credentials`() async throws {
+        let strategy = OpenAIAPIBalanceFetchStrategy(
+            usageFetcher: { _, _ in
+                throw OpenAIAPIUsageError.apiError(endpoint: "costs", statusCode: 403)
+            },
+            balanceFetcher: { _ in
+                OpenAIAPICreditBalanceSnapshot(
+                    totalGranted: 100,
+                    totalUsed: 25,
+                    totalAvailable: 75,
+                    nextGrantExpiry: nil,
+                    updatedAt: Date(timeIntervalSince1970: 1_700_000_000))
+            })
+
+        let result = try await strategy.fetch(self.makeContext())
+
+        #expect(result.sourceLabel == "billing-api")
+        #expect(result.usage.identity?.loginMethod == "API balance: $75.00")
+    }
+
+    @Test
+    func `legacy API key without project ID falls back to legacy billing`() async throws {
+        let strategy = OpenAIAPIBalanceFetchStrategy(
+            usageFetcher: { credential, historyDays in
+                #expect(credential.apiKey == "sk-test")
+                #expect(credential.projectID == nil)
+                #expect(historyDays == 30)
+                throw OpenAIAPIUsageError.apiError(endpoint: "costs", statusCode: 403)
+            },
+            balanceFetcher: { apiKey in
+                #expect(apiKey == "sk-test")
+                return OpenAIAPICreditBalanceSnapshot(
+                    totalGranted: 100,
+                    totalUsed: 25,
+                    totalAvailable: 75,
+                    nextGrantExpiry: nil,
+                    updatedAt: Date(timeIntervalSince1970: 1_700_000_000))
+            })
+
+        let result = try await strategy.fetch(self.makeContext())
+
+        #expect(result.sourceLabel == "billing-api")
+        #expect(result.usage.identity?.loginMethod == "API balance: $75.00")
+        #expect(result.usage.identity?.accountOrganization == nil)
+    }
+
+    @Test
+    func `selected token account uses scrubbed final environment for legacy fallback`() async throws {
+        let accountID = UUID()
+        let strategy = OpenAIAPIBalanceFetchStrategy(
+            usageFetcher: { credential, historyDays in
+                #expect(credential.apiKey == "account-token")
+                #expect(credential.projectID == nil)
+                #expect(historyDays == 30)
+                throw OpenAIAPIUsageError.apiError(endpoint: "costs", statusCode: 403)
+            },
+            balanceFetcher: { apiKey in
+                #expect(apiKey == "account-token")
+                return OpenAIAPICreditBalanceSnapshot(
+                    totalGranted: 100,
+                    totalUsed: 25,
+                    totalAvailable: 75,
+                    nextGrantExpiry: nil,
+                    updatedAt: Date(timeIntervalSince1970: 1_700_000_000))
+            })
+
+        let result = try await strategy.fetch(self.makeContext(
+            apiKey: "account-token",
+            usesAdminKey: true,
+            selectedTokenAccountID: accountID))
+
+        #expect(result.sourceLabel == "billing-api")
+        #expect(result.usage.identity?.loginMethod == "API balance: $75.00")
+        #expect(result.usage.identity?.accountOrganization == nil)
+    }
+
+    @Test
+    func `preserves admin usage error when legacy fallback also fails`() async {
+        let usageFailure = OpenAIAPIUsageError.parseFailed(endpoint: "costs", message: "changed")
+        let strategy = OpenAIAPIBalanceFetchStrategy(
+            usageFetcher: { _, _ in throw usageFailure },
+            balanceFetcher: { _ in throw OpenAIAPICreditBalanceError.forbidden })
+
+        do {
+            _ = try await strategy.fetch(self.makeContext())
+            Issue.record("Expected admin usage failure")
+        } catch let error as OpenAIAPIUsageError {
+            #expect(error == usageFailure)
+        } catch {
+            Issue.record("Expected OpenAIAPIUsageError, got \(error)")
+        }
+    }
+
+    @Test
+    func `falls back to credit balance when admin usage endpoint is unavailable`() async throws {
+        let strategy = OpenAIAPIBalanceFetchStrategy(
+            usageFetcher: { credential, historyDays in
+                #expect(credential.apiKey == "sk-test")
+                #expect(credential.projectID == nil)
+                #expect(historyDays == 90)
+                throw OpenAIAPIUsageError.apiError(endpoint: "costs", statusCode: 500)
+            },
+            balanceFetcher: { apiKey in
+                #expect(apiKey == "sk-test")
+                return OpenAIAPICreditBalanceSnapshot(
+                    totalGranted: 100,
+                    totalUsed: 25,
+                    totalAvailable: 75,
+                    nextGrantExpiry: nil,
+                    updatedAt: Date(timeIntervalSince1970: 1_700_000_000))
+            })
+
+        let result = try await strategy.fetch(self.makeContext(historyDays: 90))
+
+        #expect(result.sourceLabel == "billing-api")
+        #expect(result.usage.providerCost?.used == 25)
+        #expect(result.usage.providerCost?.limit == 100)
+    }
+}
diff --git a/Tests/CodexBarTests/OpenAIAPIMenuCardModelTests.swift b/Tests/CodexBarTests/OpenAIAPIMenuCardModelTests.swift
new file mode 100644
index 000000000..b13eabe47
--- /dev/null
+++ b/Tests/CodexBarTests/OpenAIAPIMenuCardModelTests.swift
@@ -0,0 +1,166 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct OpenAIAPIMenuCardModelTests {
+    @Test
+    func `admin usage model shows summaries and spend without fake quota bars`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let metadata = try #require(ProviderDefaults.metadata[.openai])
+        let apiUsage = OpenAIAPIUsageSnapshot(
+            daily: [
+                OpenAIAPIUsageSnapshot.DailyBucket(
+                    day: "2023-11-14",
+                    startTime: now,
+                    endTime: now.addingTimeInterval(86400),
+                    costUSD: 12.5,
+                    requests: 40,
+                    inputTokens: 1000,
+                    cachedInputTokens: 250,
+                    outputTokens: 500,
+                    totalTokens: 1500,
+                    lineItems: [
+                        OpenAIAPIUsageSnapshot.LineItemBreakdown(name: "Text tokens", costUSD: 12.5),
+                    ],
+                    models: [
+                        OpenAIAPIUsageSnapshot.ModelBreakdown(
+                            name: "gpt-5.2",
+                            requests: 40,
+                            inputTokens: 1000,
+                            cachedInputTokens: 250,
+                            outputTokens: 500,
+                            totalTokens: 1500),
+                    ]),
+            ],
+            updatedAt: now)
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .openai,
+            metadata: metadata,
+            snapshot: apiUsage.toUsageSnapshot(),
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.metrics.isEmpty)
+        #expect(model.openAIAPIUsage != nil)
+        #expect(model.inlineUsageDashboard?.kpis.first?.value == "$12.50")
+        #expect(model.inlineUsageDashboard?.kpis.last?.title == "Requests")
+        #expect(model.inlineUsageDashboard?.kpis.last?.value == "40")
+        #expect(model.inlineUsageDashboard?.points.count == 1)
+        #expect(model.inlineUsageDashboard?.detailLines.contains("30d requests: 40 requests") == true)
+        #expect(model.providerCost == nil)
+        #expect(model.usageNotes.contains { $0.contains("Today: $12.50") })
+        #expect(model.usageNotes.contains("Top model: gpt-5.2"))
+        #expect(model.creditsText == nil)
+        #expect(model.planText == "Admin API")
+    }
+
+    @Test
+    func `admin usage dashboard ignores stale token snapshot after fallback refresh`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let metadata = try #require(ProviderDefaults.metadata[.openai])
+        let staleTokenSnapshot = CostUsageTokenSnapshot(
+            sessionTokens: 1500,
+            sessionCostUSD: 12.5,
+            last30DaysTokens: 1500,
+            last30DaysCostUSD: 12.5,
+            daily: [
+                CostUsageDailyReport.Entry(
+                    date: "2023-11-14",
+                    inputTokens: 1000,
+                    outputTokens: 500,
+                    totalTokens: 1500,
+                    costUSD: 12.5,
+                    modelsUsed: nil,
+                    modelBreakdowns: nil),
+            ],
+            updatedAt: now)
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .openai,
+            metadata: metadata,
+            snapshot: UsageSnapshot(
+                primary: nil,
+                secondary: nil,
+                updatedAt: now),
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: staleTokenSnapshot,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: true,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.inlineUsageDashboard == nil)
+        #expect(model.tokenUsage == nil)
+    }
+
+    @Test
+    func `admin usage model can show cost card summary`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let metadata = try #require(ProviderDefaults.metadata[.openai])
+        let apiUsage = OpenAIAPIUsageSnapshot(
+            daily: [
+                OpenAIAPIUsageSnapshot.DailyBucket(
+                    day: "2023-11-14",
+                    startTime: now,
+                    endTime: now.addingTimeInterval(86400),
+                    costUSD: 12.5,
+                    requests: 40,
+                    inputTokens: 1000,
+                    cachedInputTokens: 250,
+                    outputTokens: 500,
+                    totalTokens: 1500,
+                    lineItems: [],
+                    models: []),
+            ],
+            updatedAt: now)
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .openai,
+            metadata: metadata,
+            snapshot: apiUsage.toUsageSnapshot(),
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: apiUsage.toCostUsageTokenSnapshot(),
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: true,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(ProviderDescriptorRegistry.descriptor(for: .openai).tokenCost.supportsTokenCost)
+        #expect(model.tokenUsage?.sessionLine == "Today: $12.50 · 1.5K tokens")
+        #expect(model.tokenUsage?.monthLine == "Last 30 days: $12.50 · 1.5K tokens")
+        #expect(model.tokenUsage?.hintLine == "Reported by OpenAI Admin API organization usage.")
+    }
+}
diff --git a/Tests/CodexBarTests/OpenAIAPIProjectScopeTests.swift b/Tests/CodexBarTests/OpenAIAPIProjectScopeTests.swift
new file mode 100644
index 000000000..a8a0f3f51
--- /dev/null
+++ b/Tests/CodexBarTests/OpenAIAPIProjectScopeTests.swift
@@ -0,0 +1,334 @@
+import Foundation
+import Testing
+@testable import CodexBar
+@testable import CodexBarCLI
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct OpenAIAPIProjectScopeTests {
+    @Test
+    @MainActor
+    func `token account strips configured project in app environment builder`() {
+        let settings = Self.makeSettingsStore(suite: "OpenAIAPIProjectScopeTests-app")
+        settings.openAIAPIKey = "config-token"
+        settings.openAIAPIProjectID = "proj_config"
+        settings.addTokenAccount(provider: .openai, label: "Configured account", token: "first-account-token")
+        settings.addTokenAccount(provider: .openai, label: "Selected account", token: "selected-account-token")
+        let selectedAccount = settings.tokenAccounts(for: .openai)[1]
+
+        let env = ProviderRegistry.makeEnvironment(
+            base: [OpenAIAPISettingsReader.projectIDEnvironmentKey: "proj_env"],
+            provider: .openai,
+            settings: settings,
+            tokenOverride: TokenAccountOverride(provider: .openai, account: selectedAccount))
+
+        #expect(env[OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey] == "selected-account-token")
+        #expect(env[OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey] != "config-token")
+        #expect(env[OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey] != "first-account-token")
+        #expect(env[OpenAIAPISettingsReader.projectIDEnvironmentKey] == nil)
+    }
+
+    @Test
+    func `token account strips configured project in CLI environment builder`() throws {
+        let account = ProviderTokenAccount(
+            id: UUID(),
+            label: "Project account",
+            token: "account-token",
+            addedAt: Date().timeIntervalSince1970,
+            lastUsed: nil)
+        let accounts = ProviderTokenAccountData(version: 1, accounts: [account], activeIndex: 0)
+        let config = CodexBarConfig(
+            providers: [
+                ProviderConfig(
+                    id: .openai,
+                    apiKey: "config-token",
+                    workspaceID: "proj_config",
+                    tokenAccounts: accounts),
+            ])
+        let selection = TokenAccountCLISelection(label: nil, index: nil, allAccounts: false)
+        let tokenContext = try TokenAccountCLIContext(selection: selection, config: config, verbose: false)
+
+        let env = tokenContext.environment(
+            base: [OpenAIAPISettingsReader.projectIDEnvironmentKey: "proj_env"],
+            provider: .openai,
+            account: account)
+
+        #expect(env[OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey] == "account-token")
+        #expect(env[OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey] != "config-token")
+        #expect(env[OpenAIAPISettingsReader.projectIDEnvironmentKey] == nil)
+    }
+
+    @Test
+    @MainActor
+    func `configured app project scopes admin usage strategy`() async throws {
+        let settings = Self.makeSettingsStore(suite: "OpenAIAPIProjectScopeTests-configured-project")
+        settings.openAIAPIKey = "config-token"
+        settings.openAIAPIProjectID = "proj_config"
+        let env = ProviderRegistry.makeEnvironment(
+            base: [:],
+            provider: .openai,
+            settings: settings,
+            tokenOverride: nil)
+        let strategy = OpenAIAPIBalanceFetchStrategy(
+            usageFetcher: { credential, historyDays in
+                #expect(credential.apiKey == "config-token")
+                #expect(credential.projectID == "proj_config")
+                #expect(historyDays == 30)
+                return OpenAIAPIUsageSnapshot(
+                    daily: [],
+                    updatedAt: Date(timeIntervalSince1970: 1_700_000_000),
+                    projectID: credential.projectID)
+            },
+            balanceFetcher: { _ in
+                Issue.record("Configured project usage should not fetch legacy organization balance.")
+                return OpenAIAPICreditBalanceSnapshot(
+                    totalGranted: 100,
+                    totalUsed: 25,
+                    totalAvailable: 75,
+                    nextGrantExpiry: nil,
+                    updatedAt: Date(timeIntervalSince1970: 1_700_000_000))
+            })
+
+        let result = try await strategy.fetch(Self.makeContext(env: env))
+
+        #expect(result.sourceLabel == "admin-api:project")
+        #expect(result.usage.identity?.loginMethod == "Admin API: proj_config")
+        #expect(result.usage.identity?.accountOrganization == "Project: proj_config")
+    }
+
+    @Test
+    func `legacy API key environment can scope admin usage by project`() async throws {
+        let strategy = OpenAIAPIBalanceFetchStrategy(
+            usageFetcher: { credential, historyDays in
+                #expect(credential.apiKey == "sk-admin-legacy")
+                #expect(credential.projectID == "proj_legacy")
+                #expect(credential.usesAdminKey == false)
+                #expect(historyDays == 30)
+                return OpenAIAPIUsageSnapshot(
+                    daily: [],
+                    updatedAt: Date(timeIntervalSince1970: 1_700_000_000),
+                    projectID: credential.projectID)
+            },
+            balanceFetcher: { _ in
+                Issue.record("Legacy OPENAI_API_KEY project usage should not fetch unscoped balance.")
+                return OpenAIAPICreditBalanceSnapshot(
+                    totalGranted: 100,
+                    totalUsed: 25,
+                    totalAvailable: 75,
+                    nextGrantExpiry: nil,
+                    updatedAt: Date(timeIntervalSince1970: 1_700_000_000))
+            })
+
+        let result = try await strategy.fetch(Self.makeContext(
+            env: [
+                OpenAIAPISettingsReader.apiKeyEnvironmentKey: "sk-admin-legacy",
+                OpenAIAPISettingsReader.projectIDEnvironmentKey: "proj_legacy",
+            ]))
+
+        #expect(result.sourceLabel == "admin-api:project")
+        #expect(result.usage.identity?.loginMethod == "Admin API: proj_legacy")
+        #expect(result.usage.identity?.accountOrganization == "Project: proj_legacy")
+    }
+
+    @Test
+    func `ambient project with legacy API key preserves billing fallback`() async throws {
+        let strategy = OpenAIAPIBalanceFetchStrategy(
+            usageFetcher: { credential, historyDays in
+                #expect(credential.apiKey == "sk-ambient")
+                #expect(credential.projectID == "proj_ambient")
+                #expect(credential.usesAdminKey == false)
+                #expect(historyDays == 30)
+                throw OpenAIAPIUsageError.apiError(endpoint: "costs", statusCode: 403)
+            },
+            balanceFetcher: { apiKey in
+                #expect(apiKey == "sk-ambient")
+                return OpenAIAPICreditBalanceSnapshot(
+                    totalGranted: 100,
+                    totalUsed: 25,
+                    totalAvailable: 75,
+                    nextGrantExpiry: nil,
+                    updatedAt: Date(timeIntervalSince1970: 1_700_000_000))
+            })
+
+        let result = try await strategy.fetch(Self.makeContext(
+            env: [
+                OpenAIAPISettingsReader.apiKeyEnvironmentKey: "sk-ambient",
+                OpenAIAPISettingsReader.projectIDEnvironmentKey: "proj_ambient",
+            ]))
+
+        #expect(result.sourceLabel == "billing-api")
+        #expect(result.usage.identity?.loginMethod == "API balance: $75.00")
+        #expect(result.usage.identity?.accountOrganization == nil)
+    }
+
+    @Test
+    func `project filtered admin usage does not fall back on service failure`() async {
+        let usageFailure = OpenAIAPIUsageError.apiError(endpoint: "costs", statusCode: 500)
+        let strategy = OpenAIAPIBalanceFetchStrategy(
+            usageFetcher: { credential, historyDays in
+                #expect(credential.apiKey == "sk-test")
+                #expect(credential.projectID == "proj_abc")
+                #expect(credential.usesAdminKey == true)
+                #expect(historyDays == 30)
+                throw usageFailure
+            },
+            balanceFetcher: { _ in
+                Issue.record("Project-filtered usage must not fall back to organization balance.")
+                return OpenAIAPICreditBalanceSnapshot(
+                    totalGranted: 100,
+                    totalUsed: 25,
+                    totalAvailable: 75,
+                    nextGrantExpiry: nil,
+                    updatedAt: Date(timeIntervalSince1970: 1_700_000_000))
+            })
+
+        do {
+            _ = try await strategy.fetch(Self.makeContext(
+                env: [
+                    OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey: "sk-test",
+                    OpenAIAPISettingsReader.projectIDEnvironmentKey: "proj_abc",
+                ]))
+            Issue.record("Expected project-filtered admin usage failure.")
+        } catch let error as OpenAIAPIUsageError {
+            #expect(error == usageFailure)
+        } catch {
+            Issue.record("Expected OpenAIAPIUsageError, got \(error)")
+        }
+    }
+
+    @Test
+    func `project filtered admin usage does not fall back on credential rejection`() async {
+        let usageFailure = OpenAIAPIUsageError.apiError(endpoint: "costs", statusCode: 403)
+        let strategy = OpenAIAPIBalanceFetchStrategy(
+            usageFetcher: { credential, historyDays in
+                #expect(credential.apiKey == "sk-test")
+                #expect(credential.projectID == "proj_abc")
+                #expect(historyDays == 30)
+                throw usageFailure
+            },
+            balanceFetcher: { _ in
+                Issue.record("Project-filtered usage must fail closed instead of showing unscoped balance.")
+                return OpenAIAPICreditBalanceSnapshot(
+                    totalGranted: 100,
+                    totalUsed: 25,
+                    totalAvailable: 75,
+                    nextGrantExpiry: nil,
+                    updatedAt: Date(timeIntervalSince1970: 1_700_000_000))
+            })
+
+        do {
+            _ = try await strategy.fetch(Self.makeContext(
+                env: [
+                    OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey: "sk-test",
+                    OpenAIAPISettingsReader.projectIDEnvironmentKey: "proj_abc",
+                ]))
+            Issue.record("Expected project-filtered admin credential failure.")
+        } catch let error as OpenAIAPIUsageError {
+            #expect(error == usageFailure)
+        } catch {
+            Issue.record("Expected OpenAIAPIUsageError, got \(error)")
+        }
+    }
+
+    @Test
+    func `project filtered admin usage reports project source label`() async throws {
+        let strategy = OpenAIAPIBalanceFetchStrategy(
+            usageFetcher: { credential, _ in
+                #expect(credential.apiKey == "sk-test")
+                #expect(credential.projectID == "proj_abc")
+                return OpenAIAPIUsageSnapshot(
+                    daily: [],
+                    updatedAt: Date(timeIntervalSince1970: 1_700_000_000),
+                    projectID: credential.projectID)
+            },
+            balanceFetcher: { _ in
+                Issue.record("Project-filtered usage should not fetch legacy balance after admin usage succeeds.")
+                return OpenAIAPICreditBalanceSnapshot(
+                    totalGranted: 100,
+                    totalUsed: 25,
+                    totalAvailable: 75,
+                    nextGrantExpiry: nil,
+                    updatedAt: Date(timeIntervalSince1970: 1_700_000_000))
+            })
+
+        let result = try await strategy.fetch(Self.makeContext(
+            env: [
+                OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey: "sk-test",
+                OpenAIAPISettingsReader.projectIDEnvironmentKey: "proj_abc",
+            ]))
+
+        #expect(result.sourceLabel == "admin-api:project")
+        #expect(result.usage.identity?.loginMethod == "Admin API: proj_abc")
+        #expect(result.usage.identity?.accountOrganization == "Project: proj_abc")
+    }
+
+    @Test
+    func `project scope follows final environment even when selected account flag is present`() async throws {
+        let accountID = UUID()
+        let strategy = OpenAIAPIBalanceFetchStrategy(
+            usageFetcher: { credential, historyDays in
+                #expect(credential.apiKey == "sk-test")
+                #expect(credential.projectID == "proj_env")
+                #expect(historyDays == 30)
+                return OpenAIAPIUsageSnapshot(
+                    daily: [],
+                    updatedAt: Date(timeIntervalSince1970: 1_700_000_000),
+                    projectID: credential.projectID)
+            },
+            balanceFetcher: { _ in
+                Issue.record("Final project-scoped environments should not fetch legacy balance.")
+                return OpenAIAPICreditBalanceSnapshot(
+                    totalGranted: 100,
+                    totalUsed: 25,
+                    totalAvailable: 75,
+                    nextGrantExpiry: nil,
+                    updatedAt: Date(timeIntervalSince1970: 1_700_000_000))
+            })
+
+        let result = try await strategy.fetch(Self.makeContext(
+            env: [
+                OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey: "sk-test",
+                OpenAIAPISettingsReader.projectIDEnvironmentKey: "proj_env",
+            ],
+            selectedTokenAccountID: accountID))
+
+        #expect(result.sourceLabel == "admin-api:project")
+        #expect(result.usage.identity?.loginMethod == "Admin API: proj_env")
+        #expect(result.usage.identity?.accountOrganization == "Project: proj_env")
+    }
+
+    private static func makeContext(
+        env: [String: String],
+        selectedTokenAccountID: UUID? = nil,
+        historyDays: Int = 30) -> ProviderFetchContext
+    {
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        return ProviderFetchContext(
+            runtime: .app,
+            sourceMode: .api,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: nil,
+            fetcher: UsageFetcher(environment: env),
+            claudeFetcher: ClaudeUsageFetcher(browserDetection: browserDetection),
+            browserDetection: browserDetection,
+            selectedTokenAccountID: selectedTokenAccountID,
+            costUsageHistoryDays: historyDays)
+    }
+
+    @MainActor
+    private static func makeSettingsStore(suite: String) -> SettingsStore {
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore(),
+            tokenAccountStore: InMemoryTokenAccountStore())
+    }
+}
diff --git a/Tests/CodexBarTests/OpenAIAPIStatusMenuTests.swift b/Tests/CodexBarTests/OpenAIAPIStatusMenuTests.swift
new file mode 100644
index 000000000..002d2bd9c
--- /dev/null
+++ b/Tests/CodexBarTests/OpenAIAPIStatusMenuTests.swift
@@ -0,0 +1,53 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+extension StatusMenuTests {
+    @Test
+    func `open AI API usage submenu ignores stale token snapshot without current admin usage`() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.selectedMenuProvider = .openai
+
+        let registry = ProviderRegistry.shared
+        let metadata = try #require(registry.metadata[.openai])
+        settings.setProviderEnabled(provider: .openai, metadata: metadata, enabled: true)
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        store._setSnapshotForTesting(
+            UsageSnapshot(primary: nil, secondary: nil, updatedAt: now),
+            provider: .openai)
+        store._setTokenSnapshotForTesting(CostUsageTokenSnapshot(
+            sessionTokens: 123,
+            sessionCostUSD: 0.12,
+            last30DaysTokens: 123,
+            last30DaysCostUSD: 1.23,
+            daily: [
+                CostUsageDailyReport.Entry(
+                    date: "2025-12-23",
+                    inputTokens: nil,
+                    outputTokens: nil,
+                    totalTokens: 123,
+                    costUSD: 1.23,
+                    modelsUsed: nil,
+                    modelBreakdowns: nil),
+            ],
+            updatedAt: now), provider: .openai)
+
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        #expect(controller.makeOpenAIAPIUsageSubmenu(provider: .openai) == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/OpenAIAPIUsageFetcherTests.swift b/Tests/CodexBarTests/OpenAIAPIUsageFetcherTests.swift
new file mode 100644
index 000000000..df6f513b6
--- /dev/null
+++ b/Tests/CodexBarTests/OpenAIAPIUsageFetcherTests.swift
@@ -0,0 +1,376 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct OpenAIAPIUsageFetcherTests {
+    @Test
+    func `parses admin costs and completions usage into daily summaries`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let costs = """
+        {
+          "object": "page",
+          "data": [
+            {
+              "object": "bucket",
+              "start_time": 1700000000,
+              "end_time": 1700086400,
+              "results": [
+                {
+                  "object": "organization.costs.result",
+                  "amount": { "value": 12.50, "currency": "usd" },
+                  "line_item": "Text tokens"
+                },
+                {
+                  "object": "organization.costs.result",
+                  "amount": { "value": "2.25", "currency": "usd" },
+                  "line_item": "Web search tool calls"
+                }
+              ]
+            },
+            {
+              "object": "bucket",
+              "start_time": 1700086400,
+              "end_time": 1700172800,
+              "results": [
+                {
+                  "object": "organization.costs.result",
+                  "amount": { "value": 4.00, "currency": "usd" },
+                  "line_item": "Text tokens"
+                }
+              ]
+            }
+          ],
+          "has_more": false,
+          "next_page": null
+        }
+        """
+        let completions = """
+        {
+          "object": "page",
+          "data": [
+            {
+              "object": "bucket",
+              "start_time": 1700000000,
+              "end_time": 1700086400,
+              "results": [
+                {
+                  "object": "organization.usage.completions.result",
+                  "input_tokens": 1000,
+                  "input_cached_tokens": 250,
+                  "output_tokens": 500,
+                  "num_model_requests": 7,
+                  "model": "gpt-5.2"
+                },
+                {
+                  "object": "organization.usage.completions.result",
+                  "input_tokens": 300,
+                  "output_tokens": 200,
+                  "num_model_requests": 3,
+                  "model": "gpt-5.2-codex"
+                }
+              ]
+            },
+            {
+              "object": "bucket",
+              "start_time": 1700086400,
+              "end_time": 1700172800,
+              "results": [
+                {
+                  "object": "organization.usage.completions.result",
+                  "input_tokens": 200,
+                  "output_tokens": 100,
+                  "num_model_requests": 2,
+                  "model": "gpt-5.2"
+                }
+              ]
+            }
+          ],
+          "has_more": false,
+          "next_page": null
+        }
+        """
+
+        let snapshot = try OpenAIAPIUsageFetcher._parseSnapshotForTesting(
+            costs: Data(costs.utf8),
+            completions: Data(completions.utf8),
+            now: now,
+            historyDays: 90)
+
+        #expect(snapshot.historyDays == 90)
+        #expect(snapshot.historyWindowLabel == "90d")
+        #expect(snapshot.daily.count == 2)
+        #expect(snapshot.daily[0].costUSD == 14.75)
+        #expect(snapshot.daily[0].requests == 10)
+        #expect(snapshot.daily[0].totalTokens == 2000)
+        #expect(snapshot.daily[0].cachedInputTokens == 250)
+        #expect(snapshot.daily[0].lineItems.first?.name == "Text tokens")
+        #expect(snapshot.last30Days.costUSD == 18.75)
+        #expect(snapshot.last30Days.requests == 12)
+        #expect(snapshot.last30Days.totalTokens == 2300)
+        #expect(snapshot.topModels.first?.name == "gpt-5.2")
+        #expect(snapshot.topModels.first?.totalTokens == 1800)
+    }
+
+    @Test
+    func `admin usage fetch pages long history within endpoint bucket limit`() async throws {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let emptyPage = Data(#"{"object":"page","data":[],"has_more":false,"next_page":null}"#.utf8)
+        let transport = ProviderHTTPTransportStub { request in
+            let response = try HTTPURLResponse(
+                url: #require(request.url),
+                statusCode: 200,
+                httpVersion: nil,
+                headerFields: nil)!
+            return (emptyPage, response)
+        }
+
+        let snapshot = try await OpenAIAPIUsageFetcher.fetchUsage(
+            apiKey: "sk-test",
+            costsURL: #require(URL(string: "https://api.openai.test/v1/organization/costs")),
+            completionsURL: #require(URL(string: "https://api.openai.test/v1/organization/usage/completions")),
+            session: transport,
+            now: now,
+            historyDays: 90)
+
+        let requests = await transport.requests()
+        let limits = requests.compactMap { request -> Int? in
+            guard let url = request.url,
+                  let components = URLComponents(url: url, resolvingAgainstBaseURL: false),
+                  let raw = components.queryItems?.first(where: { $0.name == "limit" })?.value
+            else { return nil }
+            return Int(raw)
+        }
+
+        #expect(snapshot.historyDays == 90)
+        #expect(requests.count == 6)
+        #expect(limits == [31, 31, 28, 31, 31, 28])
+        #expect(limits.allSatisfy { $0 <= 31 })
+    }
+
+    @Test
+    func `admin usage filters costs and completions by project`() async throws {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let emptyPage = Data(#"{"object":"page","data":[],"has_more":false,"next_page":null}"#.utf8)
+        let transport = ProviderHTTPTransportStub { request in
+            let response = try HTTPURLResponse(
+                url: #require(request.url),
+                statusCode: 200,
+                httpVersion: nil,
+                headerFields: nil)!
+            return (emptyPage, response)
+        }
+
+        let snapshot = try await OpenAIAPIUsageFetcher.fetchUsage(
+            apiKey: "sk-test",
+            projectID: " proj_abc ",
+            costsURL: #require(URL(string: "https://api.openai.test/v1/organization/costs")),
+            completionsURL: #require(URL(string: "https://api.openai.test/v1/organization/usage/completions")),
+            session: transport,
+            now: now,
+            historyDays: 1)
+
+        let requests = await transport.requests()
+        let projectIDs = requests.compactMap { request -> String? in
+            guard let url = request.url,
+                  let components = URLComponents(url: url, resolvingAgainstBaseURL: false)
+            else { return nil }
+            return components.queryItems?.first(where: { $0.name == "project_ids" })?.value
+        }
+        let groupBys = requests.compactMap { request -> String? in
+            guard let url = request.url,
+                  let components = URLComponents(url: url, resolvingAgainstBaseURL: false)
+            else { return nil }
+            return components.queryItems?.first(where: { $0.name == "group_by" })?.value
+        }
+
+        #expect(snapshot.projectID == "proj_abc")
+        #expect(snapshot.toUsageSnapshot().identity?.accountOrganization == "Project: proj_abc")
+        #expect(requests.count == 2)
+        #expect(projectIDs == ["proj_abc", "proj_abc"])
+        #expect(groupBys == ["line_item", "model"])
+    }
+
+    @Test
+    func `admin usage retries transient completions failure once`() async throws {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let emptyPage = Data(#"{"object":"page","data":[],"has_more":false,"next_page":null}"#.utf8)
+        let completions = Data("""
+        {
+          "object": "page",
+          "data": [
+            {
+              "object": "bucket",
+              "start_time": 1700000000,
+              "end_time": 1700086400,
+              "results": [
+                {
+                  "object": "organization.usage.completions.result",
+                  "input_tokens": 10,
+                  "output_tokens": 5,
+                  "num_model_requests": 1,
+                  "model": "gpt-5.2"
+                }
+              ]
+            }
+          ],
+          "has_more": false,
+          "next_page": null
+        }
+        """.utf8)
+        let transport = OpenAIAdminUsageRetryScript(costs: emptyPage, completions: completions)
+
+        let snapshot = try await OpenAIAPIUsageFetcher.fetchUsage(
+            apiKey: "sk-test",
+            costsURL: #require(URL(string: "https://api.openai.test/v1/organization/costs")),
+            completionsURL: #require(URL(string: "https://api.openai.test/v1/organization/usage/completions")),
+            session: transport,
+            now: now,
+            historyDays: 1,
+            retryPolicy: ProviderHTTPRetryPolicy(maxRetries: 1, baseDelaySeconds: 0, maxDelaySeconds: 0))
+
+        #expect(snapshot.latestDay.totalTokens == 15)
+        #expect(snapshot.latestDay.requests == 1)
+        #expect(await transport.completionsRequestCount() == 2)
+    }
+
+    @Test
+    func `maps admin usage to openai usage snapshot`() {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let apiUsage = OpenAIAPIUsageSnapshot(
+            daily: [
+                OpenAIAPIUsageSnapshot.DailyBucket(
+                    day: "2023-11-14",
+                    startTime: now,
+                    endTime: now.addingTimeInterval(86400),
+                    costUSD: 8.5,
+                    requests: 42,
+                    inputTokens: 1000,
+                    cachedInputTokens: 400,
+                    outputTokens: 250,
+                    totalTokens: 1250,
+                    lineItems: [],
+                    models: []),
+            ],
+            updatedAt: now)
+
+        let usage = apiUsage.toUsageSnapshot()
+
+        #expect(usage.primary == nil)
+        #expect(usage.providerCost?.used == 8.5)
+        #expect(usage.providerCost?.limit == 0)
+        #expect(usage.providerCost?.period == "Last 30 days")
+        #expect(usage.openAIAPIUsage?.last30Days.requests == 42)
+        #expect(usage.identity?.loginMethod == "Admin API")
+    }
+
+    @Test
+    func `maps project scoped admin usage to cost token snapshot`() {
+        let now = Date(timeIntervalSince1970: 1_700_179_200)
+        let apiUsage = OpenAIAPIUsageSnapshot(
+            daily: [
+                OpenAIAPIUsageSnapshot.DailyBucket(
+                    day: "2023-11-13",
+                    startTime: now.addingTimeInterval(-86400),
+                    endTime: now,
+                    costUSD: 2.25,
+                    requests: 3,
+                    inputTokens: 300,
+                    cachedInputTokens: 100,
+                    outputTokens: 200,
+                    totalTokens: 500,
+                    lineItems: [],
+                    models: [
+                        OpenAIAPIUsageSnapshot.ModelBreakdown(
+                            name: "gpt-5.2",
+                            requests: 3,
+                            inputTokens: 300,
+                            cachedInputTokens: 100,
+                            outputTokens: 200,
+                            totalTokens: 500),
+                    ]),
+                OpenAIAPIUsageSnapshot.DailyBucket(
+                    day: "2023-11-14",
+                    startTime: now,
+                    endTime: now.addingTimeInterval(86400),
+                    costUSD: 8.5,
+                    requests: 42,
+                    inputTokens: 1000,
+                    cachedInputTokens: 400,
+                    outputTokens: 250,
+                    totalTokens: 1250,
+                    lineItems: [],
+                    models: [
+                        OpenAIAPIUsageSnapshot.ModelBreakdown(
+                            name: "gpt-5.2-codex",
+                            requests: 42,
+                            inputTokens: 1000,
+                            cachedInputTokens: 400,
+                            outputTokens: 250,
+                            totalTokens: 1250),
+                    ]),
+            ],
+            updatedAt: now,
+            historyDays: 7,
+            projectID: " proj_abc ")
+
+        let usage = apiUsage.toUsageSnapshot()
+        let snapshot = apiUsage.toCostUsageTokenSnapshot()
+
+        #expect(apiUsage.projectID == "proj_abc")
+        #expect(usage.identity?.loginMethod == "Admin API: proj_abc")
+        #expect(usage.identity?.accountOrganization == "Project: proj_abc")
+        #expect(snapshot.historyDays == 7)
+        #expect(snapshot.currencyCode == "USD")
+        #expect(snapshot.sessionCostUSD == 8.5)
+        #expect(snapshot.sessionTokens == 1250)
+        #expect(snapshot.sessionRequests == 42)
+        #expect(snapshot.last30DaysCostUSD == 10.75)
+        #expect(snapshot.last30DaysTokens == 1750)
+        #expect(snapshot.last30DaysRequests == 45)
+        #expect(snapshot.daily.count == 2)
+        #expect(snapshot.daily[1].cacheReadTokens == 400)
+        #expect(snapshot.daily[1].requestCount == 42)
+        #expect(snapshot.daily[1].modelBreakdowns?.first?.requestCount == 42)
+        #expect(snapshot.daily[1].modelBreakdowns?.first?.modelName == "gpt-5.2-codex")
+    }
+}
+
+private actor OpenAIAdminUsageRetryScript: ProviderHTTPTransport {
+    private let costs: Data
+    private let completions: Data
+    private var completionsRequests = 0
+
+    init(costs: Data, completions: Data) {
+        self.costs = costs
+        self.completions = completions
+    }
+
+    func completionsRequestCount() -> Int {
+        self.completionsRequests
+    }
+
+    func data(for request: URLRequest) throws -> (Data, URLResponse) {
+        let url = request.url ?? URL(string: "https://api.openai.test")!
+        if url.path.contains("/usage/completions") {
+            self.completionsRequests += 1
+            if self.completionsRequests == 1 {
+                return (Data(), HTTPURLResponse(
+                    url: url,
+                    statusCode: 503,
+                    httpVersion: "HTTP/1.1",
+                    headerFields: nil)!)
+            }
+            return (self.completions, HTTPURLResponse(
+                url: url,
+                statusCode: 200,
+                httpVersion: "HTTP/1.1",
+                headerFields: nil)!)
+        }
+
+        return (self.costs, HTTPURLResponse(
+            url: url,
+            statusCode: 200,
+            httpVersion: "HTTP/1.1",
+            headerFields: nil)!)
+    }
+}
diff --git a/Tests/CodexBarTests/OpenAIDashboardBrowserCookieImporterTests.swift b/Tests/CodexBarTests/OpenAIDashboardBrowserCookieImporterTests.swift
index cad959884..357d49f91 100644
--- a/Tests/CodexBarTests/OpenAIDashboardBrowserCookieImporterTests.swift
+++ b/Tests/CodexBarTests/OpenAIDashboardBrowserCookieImporterTests.swift
@@ -1,10 +1,10 @@
-import CodexBarCore
+import Foundation
 import Testing
+@testable import CodexBarCore
 
-@Suite
 struct OpenAIDashboardBrowserCookieImporterTests {
     @Test
-    func mismatchErrorMentionsSourceLabel() {
+    func `mismatch error mentions source label`() {
         let err = OpenAIDashboardBrowserCookieImporter.ImportError.noMatchingAccount(
             found: [
                 .init(sourceLabel: "Safari", email: "a@example.com"),
@@ -14,4 +14,16 @@ struct OpenAIDashboardBrowserCookieImporterTests {
         #expect(msg.contains("Safari=a@example.com"))
         #expect(msg.contains("Chrome=b@example.com"))
     }
+
+    @Test
+    func `timed out persistent validation keeps verified session`() {
+        #expect(OpenAIDashboardBrowserCookieImporter.shouldTrustVerifiedSession(
+            afterPersistFailure: URLError(.timedOut)))
+    }
+
+    @Test
+    func `non-timeout persistent validation failures are not trusted`() {
+        #expect(!OpenAIDashboardBrowserCookieImporter.shouldTrustVerifiedSession(
+            afterPersistFailure: OpenAIDashboardBrowserCookieImporter.ImportError.dashboardStillRequiresLogin))
+    }
 }
diff --git a/Tests/CodexBarTests/OpenAIDashboardFetcherCreditsWaitTests.swift b/Tests/CodexBarTests/OpenAIDashboardFetcherCreditsWaitTests.swift
index d8f0a7f4b..e75da4dc5 100644
--- a/Tests/CodexBarTests/OpenAIDashboardFetcherCreditsWaitTests.swift
+++ b/Tests/CodexBarTests/OpenAIDashboardFetcherCreditsWaitTests.swift
@@ -2,10 +2,9 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct OpenAIDashboardFetcherCreditsWaitTests {
     @Test
-    func waitsAfterScrollRequest() {
+    func `waits after scroll request`() {
         let now = Date()
         let shouldWait = OpenAIDashboardFetcher.shouldWaitForCreditsHistory(.init(
             now: now,
@@ -18,7 +17,7 @@ struct OpenAIDashboardFetcherCreditsWaitTests {
     }
 
     @Test
-    func waitsBrieflyWhenHeaderVisibleButTableEmpty() {
+    func `waits briefly when header visible but table empty`() {
         let now = Date()
         let visibleAt = now.addingTimeInterval(-1.0)
         let shouldWait = OpenAIDashboardFetcher.shouldWaitForCreditsHistory(.init(
@@ -32,7 +31,7 @@ struct OpenAIDashboardFetcherCreditsWaitTests {
     }
 
     @Test
-    func stopsWaitingAfterHeaderHasBeenVisibleLongEnough() {
+    func `stops waiting after header has been visible long enough`() {
         let now = Date()
         let visibleAt = now.addingTimeInterval(-3.0)
         let shouldWait = OpenAIDashboardFetcher.shouldWaitForCreditsHistory(.init(
@@ -46,7 +45,7 @@ struct OpenAIDashboardFetcherCreditsWaitTests {
     }
 
     @Test
-    func waitsBrieflyAfterFirstDashboardSignalEvenWhenHeaderNotPresentYet() {
+    func `waits briefly after first dashboard signal even when header not present yet`() {
         let now = Date()
         let startedAt = now.addingTimeInterval(-2.0)
         let shouldWait = OpenAIDashboardFetcher.shouldWaitForCreditsHistory(.init(
@@ -60,7 +59,7 @@ struct OpenAIDashboardFetcherCreditsWaitTests {
     }
 
     @Test
-    func stopsWaitingEventuallyWhenHeaderNeverAppears() {
+    func `stops waiting eventually when header never appears`() {
         let now = Date()
         let startedAt = now.addingTimeInterval(-7.0)
         let shouldWait = OpenAIDashboardFetcher.shouldWaitForCreditsHistory(.init(
@@ -74,14 +73,106 @@ struct OpenAIDashboardFetcherCreditsWaitTests {
     }
 
     @Test
-    func sanitizedTimeoutPreservesPositiveCallerDeadline() {
+    func `usage breakdown recovery waits briefly after chart classification error`() {
+        let now = Date()
+        let shouldWait = OpenAIDashboardFetcher.shouldWaitForUsageBreakdownRecovery(.init(
+            now: now,
+            errorFirstSeenAt: now.addingTimeInterval(-1.0)))
+        #expect(shouldWait == true)
+    }
+
+    @Test
+    func `usage breakdown recovery stops blocking partial snapshots`() {
+        let now = Date()
+        let shouldWait = OpenAIDashboardFetcher.shouldWaitForUsageBreakdownRecovery(.init(
+            now: now,
+            errorFirstSeenAt: now.addingTimeInterval(-5.0)))
+        #expect(shouldWait == false)
+    }
+
+    @Test
+    func `probe waits briefly after reaching usage route without email or dashboard signals`() {
+        let now = Date()
+        let shouldWait = OpenAIDashboardFetcher.shouldWaitForProbeReadiness(.init(
+            now: now,
+            usageRouteSeenAt: now.addingTimeInterval(-1.0),
+            dashboardSignalSeenAt: nil,
+            signedInEmail: nil,
+            hasDashboardSignal: false))
+        #expect(shouldWait == true)
+    }
+
+    @Test
+    func `probe waits briefly for email after dashboard signals appear`() {
+        let now = Date()
+        let shouldWait = OpenAIDashboardFetcher.shouldWaitForProbeReadiness(.init(
+            now: now,
+            usageRouteSeenAt: now.addingTimeInterval(-3.0),
+            dashboardSignalSeenAt: now.addingTimeInterval(-1.0),
+            signedInEmail: nil,
+            hasDashboardSignal: true))
+        #expect(shouldWait == true)
+    }
+
+    @Test
+    func `probe stops waiting once signed in email is available`() {
+        let now = Date()
+        let shouldWait = OpenAIDashboardFetcher.shouldWaitForProbeReadiness(.init(
+            now: now,
+            usageRouteSeenAt: now.addingTimeInterval(-0.2),
+            dashboardSignalSeenAt: now.addingTimeInterval(-0.2),
+            signedInEmail: "user@example.com",
+            hasDashboardSignal: true))
+        #expect(shouldWait == false)
+    }
+
+    @Test
+    func `probe handoff preserves page only after confirmed signed in email`() {
+        let result = OpenAIDashboardFetcher.ProbeResult(
+            href: "https://chatgpt.com/codex/cloud/settings/analytics#usage",
+            loginRequired: false,
+            workspacePicker: false,
+            cloudflareInterstitial: false,
+            signedInEmail: "user@example.com",
+            bodyText: "Credits remaining 42")
+
+        #expect(OpenAIDashboardFetcher.shouldPreserveLoadedPageAfterProbe(result))
+    }
+
+    @Test
+    func `probe handoff does not preserve timed out usage page without email`() {
+        let result = OpenAIDashboardFetcher.ProbeResult(
+            href: "https://chatgpt.com/codex/cloud/settings/analytics#usage",
+            loginRequired: false,
+            workspacePicker: false,
+            cloudflareInterstitial: false,
+            signedInEmail: nil,
+            bodyText: "Codex Analytics")
+
+        #expect(!OpenAIDashboardFetcher.shouldPreserveLoadedPageAfterProbe(result))
+    }
+
+    @Test
+    func `probe grace restarts after route reload resets readiness timestamps`() {
+        let now = Date()
+        let shouldWait = OpenAIDashboardFetcher.shouldWaitForProbeReadiness(.init(
+            now: now,
+            usageRouteSeenAt: now,
+            dashboardSignalSeenAt: nil,
+            signedInEmail: nil,
+            hasDashboardSignal: false))
+        #expect(shouldWait == true)
+    }
+
+    @Test
+    func `sanitized timeout preserves positive caller deadline`() {
         #expect(OpenAIDashboardFetcher.sanitizedTimeout(60) == 60)
         #expect(OpenAIDashboardFetcher.sanitizedTimeout(25) == 25)
         #expect(OpenAIDashboardFetcher.sanitizedTimeout(0.5) == 0.5)
     }
 
     @Test
-    func sanitizedTimeoutFallsBackForInvalidValues() {
+    func `sanitized timeout falls back for invalid values`() {
         #expect(OpenAIDashboardFetcher.sanitizedTimeout(0) == 1)
         #expect(OpenAIDashboardFetcher.sanitizedTimeout(-5) == 1)
         #expect(OpenAIDashboardFetcher.sanitizedTimeout(.infinity) == 1)
@@ -89,7 +180,7 @@ struct OpenAIDashboardFetcherCreditsWaitTests {
     }
 
     @Test
-    func deadlineStartsAtCallStartAndRemainingTimeoutShrinksFromThere() {
+    func `deadline starts at call start and remaining timeout shrinks from there`() {
         let start = Date(timeIntervalSinceReferenceDate: 1000)
         let deadline = OpenAIDashboardFetcher.deadline(startingAt: start, timeout: 15)
 
@@ -102,11 +193,122 @@ struct OpenAIDashboardFetcherCreditsWaitTests {
     }
 
     @Test
-    func remainingTimeoutDoesNotGoNegative() {
+    func `remaining timeout does not go negative`() {
         let deadline = Date(timeIntervalSinceReferenceDate: 2000)
         let remaining = OpenAIDashboardFetcher.remainingTimeout(
             until: deadline,
             now: deadline.addingTimeInterval(3))
         #expect(remaining == 0)
     }
+
+    @Test
+    func `usage route matcher accepts legacy settings route`() {
+        #expect(OpenAIDashboardFetcher.isUsageRoute("https://chatgpt.com/codex/settings/usage"))
+    }
+
+    @Test
+    func `usage route matcher accepts cloud settings route`() {
+        #expect(OpenAIDashboardFetcher.isUsageRoute("https://chatgpt.com/codex/cloud/settings/usage"))
+    }
+
+    @Test
+    func `usage route matcher accepts analytics route`() {
+        #expect(OpenAIDashboardFetcher.isUsageRoute("https://chatgpt.com/codex/cloud/settings/analytics"))
+    }
+
+    @Test
+    func `usage route matcher accepts analytics usage hash route`() {
+        #expect(OpenAIDashboardFetcher.isUsageRoute("https://chatgpt.com/codex/cloud/settings/analytics#usage"))
+    }
+
+    @Test
+    func `usage route matcher accepts trailing slash variants`() {
+        #expect(OpenAIDashboardFetcher.isUsageRoute("https://chatgpt.com/codex/settings/usage/"))
+        #expect(OpenAIDashboardFetcher.isUsageRoute("https://chatgpt.com/codex/cloud/settings/usage/"))
+        #expect(OpenAIDashboardFetcher.isUsageRoute("https://chatgpt.com/codex/cloud/settings/analytics/"))
+    }
+
+    @Test
+    func `usage route matcher rejects unrelated routes`() {
+        #expect(!OpenAIDashboardFetcher.isUsageRoute("https://chatgpt.com/"))
+        #expect(!OpenAIDashboardFetcher.isUsageRoute("https://chatgpt.com/codex"))
+        #expect(!OpenAIDashboardFetcher.isUsageRoute(nil))
+    }
+
+    @Test
+    func `dashboard requests prefer English localization`() throws {
+        let url = try #require(URL(string: "https://chatgpt.com/codex/cloud/settings/analytics#usage"))
+        let request = OpenAIDashboardFetcher.usageURLRequest(url: url)
+        #expect(request.value(forHTTPHeaderField: "Accept-Language") == "en-US,en;q=0.9")
+    }
+
+    @Test
+    func `usage api request carries cookies and English localization`() {
+        let request = OpenAIDashboardFetcher.dashboardUsageAPIRequest(cookieHeader: "a=b")
+        #expect(request.url?.absoluteString == "https://chatgpt.com/backend-api/wham/usage")
+        #expect(request.value(forHTTPHeaderField: "Cookie") == "a=b")
+        #expect(request.value(forHTTPHeaderField: "Accept") == "application/json")
+        #expect(request.value(forHTTPHeaderField: "Accept-Language") == "en-US,en;q=0.9")
+    }
+
+    @Test
+    func `identity api request carries cookies and English localization`() throws {
+        let url = try #require(URL(string: "https://chatgpt.com/backend-api/me"))
+        let request = OpenAIDashboardFetcher.dashboardIdentityAPIRequest(url: url, cookieHeader: "a=b")
+
+        #expect(request.url?.absoluteString == "https://chatgpt.com/backend-api/me")
+        #expect(request.value(forHTTPHeaderField: "Cookie") == "a=b")
+        #expect(request.value(forHTTPHeaderField: "Accept") == "application/json")
+        #expect(request.value(forHTTPHeaderField: "Accept-Language") == "en-US,en;q=0.9")
+    }
+
+    @Test
+    func `usage api data maps language independent rate limits and credits`() throws {
+        let json = """
+        {
+          "plan_type": "pro",
+          "rate_limit": {
+            "primary_window": {
+              "used_percent": 12,
+              "reset_at": 1700003600,
+              "limit_window_seconds": 18000
+            },
+            "secondary_window": {
+              "used_percent": 34,
+              "reset_at": 1700604800,
+              "limit_window_seconds": 604800
+            }
+          },
+          "credits": {
+            "has_credits": true,
+            "unlimited": false,
+            "balance": 42.5
+          }
+        }
+        """
+        let response = try CodexOAuthUsageFetcher._decodeUsageResponseForTesting(Data(json.utf8))
+        let data = OpenAIDashboardFetcher.dashboardAPIData(from: response)
+
+        #expect(data.primaryLimit?.usedPercent == 12)
+        #expect(data.primaryLimit?.windowMinutes == 300)
+        #expect(data.secondaryLimit?.usedPercent == 34)
+        #expect(data.secondaryLimit?.windowMinutes == 10080)
+        #expect(data.creditsRemaining == 42.5)
+        #expect(data.accountPlan == "pro")
+        #expect(data.hasUsageData)
+    }
+
+    @Test
+    func `find first email searches nested api payloads`() {
+        let json = """
+        {
+          "accounts": [
+            { "profile": { "name": "Test" } },
+            { "profile": { "email": "nested@example.com" } }
+          ]
+        }
+        """
+
+        #expect(OpenAIDashboardFetcher.findFirstEmail(inJSONData: Data(json.utf8)) == "nested@example.com")
+    }
 }
diff --git a/Tests/CodexBarTests/OpenAIDashboardModelsTests.swift b/Tests/CodexBarTests/OpenAIDashboardModelsTests.swift
new file mode 100644
index 000000000..b6547e14f
--- /dev/null
+++ b/Tests/CodexBarTests/OpenAIDashboardModelsTests.swift
@@ -0,0 +1,94 @@
+import CodexBarCore
+import Foundation
+import Testing
+
+struct OpenAIDashboardModelsTests {
+    @Test
+    func `removes skill usage services from usage breakdown`() {
+        let breakdown = [
+            OpenAIDashboardDailyBreakdown(
+                day: "2026-04-30",
+                services: [
+                    OpenAIDashboardServiceUsage(service: "Desktop App", creditsUsed: 10),
+                    OpenAIDashboardServiceUsage(service: "Skillusage:imagegen", creditsUsed: 7),
+                    OpenAIDashboardServiceUsage(service: " skillusage:github:github ", creditsUsed: 2),
+                ],
+                totalCreditsUsed: 19),
+            OpenAIDashboardDailyBreakdown(
+                day: "2026-04-29",
+                services: [
+                    OpenAIDashboardServiceUsage(service: "Skillusage:deep Research", creditsUsed: 3),
+                ],
+                totalCreditsUsed: 3),
+        ]
+
+        let filtered = OpenAIDashboardDailyBreakdown.removingSkillUsageServices(from: breakdown)
+
+        #expect(filtered == [
+            OpenAIDashboardDailyBreakdown(
+                day: "2026-04-30",
+                services: [
+                    OpenAIDashboardServiceUsage(service: "Desktop App", creditsUsed: 10),
+                ],
+                totalCreditsUsed: 10),
+        ])
+    }
+
+    @Test
+    func `snapshot initializer sanitizes usage breakdown`() {
+        let snapshot = OpenAIDashboardSnapshot(
+            signedInEmail: "codex@example.com",
+            codeReviewRemainingPercent: nil,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [
+                OpenAIDashboardDailyBreakdown(
+                    day: "2026-04-30",
+                    services: [
+                        OpenAIDashboardServiceUsage(service: "CLI", creditsUsed: 4),
+                        OpenAIDashboardServiceUsage(service: "Skillusage:pdf Renderer", creditsUsed: 6),
+                    ],
+                    totalCreditsUsed: 10),
+            ],
+            creditsPurchaseURL: nil,
+            updatedAt: Date(timeIntervalSince1970: 1_700_000_000))
+
+        #expect(snapshot.usageBreakdown == [
+            OpenAIDashboardDailyBreakdown(
+                day: "2026-04-30",
+                services: [
+                    OpenAIDashboardServiceUsage(service: "CLI", creditsUsed: 4),
+                ],
+                totalCreditsUsed: 4),
+        ])
+    }
+
+    @Test
+    func `snapshot decoder drops empty zero usage buckets`() throws {
+        let json = """
+        {
+          "signedInEmail": "codex@example.com",
+          "codeReviewRemainingPercent": null,
+          "creditEvents": [],
+          "dailyBreakdown": [],
+          "usageBreakdown": [
+            { "day": "2026-04-30", "services": [], "totalCreditsUsed": 0 },
+            { "day": "2026-04-29", "services": [], "totalCreditsUsed": 4 }
+          ],
+          "creditsPurchaseURL": null,
+          "updatedAt": "2026-04-30T19:27:07Z"
+        }
+        """
+        let decoder = JSONDecoder()
+        decoder.dateDecodingStrategy = .iso8601
+
+        let snapshot = try decoder.decode(OpenAIDashboardSnapshot.self, from: Data(json.utf8))
+
+        #expect(snapshot.usageBreakdown == [
+            OpenAIDashboardDailyBreakdown(
+                day: "2026-04-29",
+                services: [],
+                totalCreditsUsed: 4),
+        ])
+    }
+}
diff --git a/Tests/CodexBarTests/OpenAIDashboardNavigationDelegateTests.swift b/Tests/CodexBarTests/OpenAIDashboardNavigationDelegateTests.swift
index c1045f5da..0ee8e0e70 100644
--- a/Tests/CodexBarTests/OpenAIDashboardNavigationDelegateTests.swift
+++ b/Tests/CodexBarTests/OpenAIDashboardNavigationDelegateTests.swift
@@ -3,23 +3,46 @@ import Testing
 import WebKit
 @testable import CodexBarCore
 
-@Suite
+@Suite(.serialized)
 struct OpenAIDashboardNavigationDelegateTests {
-    @Test("ignores NSURLErrorCancelled")
-    func ignoresCancelledNavigationError() {
+    final class DelegateBox: @unchecked Sendable {
+        var delegate: NavigationDelegate?
+    }
+
+    @MainActor
+    private func waitForResult(
+        _ result: @escaping () -> Result<Void, Error>?,
+        timeout: TimeInterval = NavigationDelegate.postCommitSuccessDelay + 10.0) async -> Result<Void, Error>?
+    {
+        let deadline = Date().addingTimeInterval(timeout)
+        while Date() < deadline {
+            if let result = result() { return result }
+            try? await Task.sleep(nanoseconds: 50_000_000)
+        }
+        return result()
+    }
+
+    @Test
+    func `ignores NSURLErrorCancelled`() {
         let error = NSError(domain: NSURLErrorDomain, code: NSURLErrorCancelled)
         #expect(NavigationDelegate.shouldIgnoreNavigationError(error))
     }
 
-    @Test("does not ignore non-cancelled URL errors")
-    func doesNotIgnoreOtherURLErrors() {
+    @Test
+    func `ignores WebKit frame load interrupted by policy change`() {
+        let error = NSError(domain: "WebKitErrorDomain", code: 102)
+        #expect(NavigationDelegate.shouldIgnoreNavigationError(error))
+    }
+
+    @Test
+    func `does not ignore non-cancelled URL errors`() {
         let error = NSError(domain: NSURLErrorDomain, code: NSURLErrorTimedOut)
         #expect(!NavigationDelegate.shouldIgnoreNavigationError(error))
     }
 
     @MainActor
-    @Test("cancelled failure is ignored until finish")
-    func cancelledFailureIsIgnoredUntilFinish() {
+    @Test
+    func `cancelled failure is ignored until finish`() {
         let webView = WKWebView()
         var result: Result<Void, Error>?
         let delegate = NavigationDelegate { result = $0 }
@@ -37,8 +60,54 @@ struct OpenAIDashboardNavigationDelegateTests {
     }
 
     @MainActor
-    @Test("cancelled provisional failure is ignored until real failure")
-    func cancelledProvisionalFailureIsIgnoredUntilRealFailure() {
+    @Test
+    func `commit completes navigation successfully after grace period`() async {
+        let webView = WKWebView()
+        var result: Result<Void, Error>?
+        let box = DelegateBox()
+        box.delegate = NavigationDelegate { result = $0 }
+
+        box.delegate?.webView(webView, didCommit: nil)
+        #expect(result == nil)
+
+        let completed = await self.waitForResult { result }
+        box.delegate = nil
+
+        switch completed {
+        case .success?:
+            #expect(Bool(true))
+        default:
+            #expect(Bool(false))
+        }
+    }
+
+    @MainActor
+    @Test
+    func `post commit failure wins before delayed success`() async {
+        let webView = WKWebView()
+        var result: Result<Void, Error>?
+        let box = DelegateBox()
+        box.delegate = NavigationDelegate { result = $0 }
+
+        box.delegate?.webView(webView, didCommit: nil)
+        let timeout = NSError(domain: NSURLErrorDomain, code: NSURLErrorTimedOut)
+        box.delegate?.webView(webView, didFail: nil, withError: timeout)
+
+        let completed = await self.waitForResult { result }
+        box.delegate = nil
+
+        switch completed {
+        case let .failure(error as NSError)?:
+            #expect(error.domain == NSURLErrorDomain)
+            #expect(error.code == NSURLErrorTimedOut)
+        default:
+            #expect(Bool(false))
+        }
+    }
+
+    @MainActor
+    @Test
+    func `cancelled provisional failure is ignored until real failure`() {
         let webView = WKWebView()
         var result: Result<Void, Error>?
         let delegate = NavigationDelegate { result = $0 }
@@ -62,16 +131,43 @@ struct OpenAIDashboardNavigationDelegateTests {
     }
 
     @MainActor
-    @Test("navigation timeout fails with timed out error")
-    func navigationTimeoutFailsWithTimedOutError() async {
+    @Test
+    func `frame load interrupted provisional failure is ignored until finish`() {
+        let webView = WKWebView()
         var result: Result<Void, Error>?
         let delegate = NavigationDelegate { result = $0 }
 
-        delegate.armTimeout(seconds: 0.01)
-        try? await Task.sleep(for: .milliseconds(30))
+        delegate.webView(
+            webView,
+            didFailProvisionalNavigation: nil,
+            withError: NSError(domain: "WebKitErrorDomain", code: 102))
+        #expect(result == nil)
+
+        delegate.webView(webView, didFinish: nil)
+
+        switch result {
+        case .success?:
+            #expect(Bool(true))
+        default:
+            #expect(Bool(false))
+        }
+    }
+
+    @Test
+    func `navigation timeout fails with timed out error`() async {
+        let result = await withCheckedContinuation { (continuation: CheckedContinuation<Result<Void, Error>, Never>) in
+            Task { @MainActor in
+                let box = DelegateBox()
+                box.delegate = NavigationDelegate { result in
+                    continuation.resume(returning: result)
+                    box.delegate = nil
+                }
+                box.delegate?.armTimeout(seconds: 0.01)
+            }
+        }
 
         switch result {
-        case let .failure(error as URLError)?:
+        case let .failure(error as URLError):
             #expect(error.code == .timedOut)
         default:
             #expect(Bool(false))
diff --git a/Tests/CodexBarTests/OpenAIDashboardOffscreenHostTests.swift b/Tests/CodexBarTests/OpenAIDashboardOffscreenHostTests.swift
index 74d1de6a6..b39e5a571 100644
--- a/Tests/CodexBarTests/OpenAIDashboardOffscreenHostTests.swift
+++ b/Tests/CodexBarTests/OpenAIDashboardOffscreenHostTests.swift
@@ -2,10 +2,9 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct OpenAIDashboardOffscreenHostTests {
     @Test
-    func offscreenHostFrameOnlyIntersectsByASliver() {
+    func `offscreen host frame only intersects by A sliver`() {
         let visibleFrame = CGRect(x: 0, y: 0, width: 1000, height: 800)
         let frame = OpenAIDashboardFetcher.offscreenHostWindowFrame(for: visibleFrame)
         let intersection = frame.intersection(visibleFrame)
@@ -19,7 +18,7 @@ struct OpenAIDashboardOffscreenHostTests {
     }
 
     @Test
-    func offscreenHostAlphaValueIsNonZeroButTiny() {
+    func `offscreen host alpha value is non zero but tiny`() {
         let alpha = OpenAIDashboardFetcher.offscreenHostAlphaValue()
         #expect(alpha > 0)
         #expect(alpha <= 0.001)
diff --git a/Tests/CodexBarTests/OpenAIDashboardParserTests.swift b/Tests/CodexBarTests/OpenAIDashboardParserTests.swift
index c84391dfb..acb41ae82 100644
--- a/Tests/CodexBarTests/OpenAIDashboardParserTests.swift
+++ b/Tests/CodexBarTests/OpenAIDashboardParserTests.swift
@@ -3,10 +3,9 @@ import Foundation
 import Testing
 @testable import CodexBar
 
-@Suite
 struct OpenAIDashboardParserTests {
     @Test
-    func parsesSignedInEmailFromClientBootstrapHTML() {
+    func `parses signed in email from client bootstrap HTML`() {
         let html = """
         <html>
         <head></head>
@@ -22,26 +21,52 @@ struct OpenAIDashboardParserTests {
     }
 
     @Test
-    func parsesCodeReviewRemainingPercent_inline() {
+    func `parses code review remaining percent inline`() {
         let body = "Balance\nCode review 42% remaining\nCredits remaining 291"
         #expect(OpenAIDashboardParser.parseCodeReviewRemainingPercent(bodyText: body) == 42)
     }
 
     @Test
-    func parsesCodeReviewRemainingPercent_multiline() {
+    func `parses code review remaining percent multiline`() {
         let body = "Balance\nCode review\n100% remaining\nWeekly usage limit\n0% remaining"
         #expect(OpenAIDashboardParser.parseCodeReviewRemainingPercent(bodyText: body) == 100)
     }
 
     @Test
-    func parsesCreditsRemaining() {
+    func `parses code review limit with reset`() {
+        let body = """
+        Balance
+        Code review
+        42% remaining
+        Resets tomorrow at 2:15 PM
+        """
+        let limit = OpenAIDashboardParser.parseCodeReviewLimit(bodyText: body)
+        #expect(abs((limit?.usedPercent ?? 0) - 58) < 0.001)
+        #expect(limit?.resetDescription?.lowercased().contains("resets") == true)
+    }
+
+    @Test
+    func `parses core review limit with reset`() {
+        let body = """
+        Balance
+        Core review
+        42% remaining
+        Resets tomorrow at 2:15 PM
+        """
+        let limit = OpenAIDashboardParser.parseCodeReviewLimit(bodyText: body)
+        #expect(abs((limit?.usedPercent ?? 0) - 58) < 0.001)
+        #expect(limit?.resetDescription?.lowercased().contains("resets") == true)
+    }
+
+    @Test
+    func `parses credits remaining`() {
         let body = "Balance\nCredits remaining 1,234.56\nUsage"
         let value = OpenAIDashboardParser.parseCreditsRemaining(bodyText: body)
         #expect(abs((value ?? 0) - 1234.56) < 0.001)
     }
 
     @Test
-    func parsesRateLimits() {
+    func `parses rate limits`() {
         let body = """
         Usage limits
         5h limit
@@ -60,7 +85,18 @@ struct OpenAIDashboardParserTests {
     }
 
     @Test
-    func parsesPlanFromClientBootstrap() {
+    func `parses spaced five hour limit label`() {
+        let body = """
+        Limite 5 h
+        72 % restant
+        """
+        let limits = OpenAIDashboardParser.parseRateLimits(bodyText: body)
+        #expect(abs((limits.primary?.usedPercent ?? 0) - 28) < 0.001)
+        #expect(limits.primary?.windowMinutes == 300)
+    }
+
+    @Test
+    func `parses plan from client bootstrap`() {
         let html = """
         <html>
         <body>
@@ -74,7 +110,21 @@ struct OpenAIDashboardParserTests {
     }
 
     @Test
-    func parsesCreditEventsFromTableRows() {
+    func `parses prolite plan from client bootstrap`() {
+        let html = """
+        <html>
+        <body>
+        <script type="application/json" id="client-bootstrap">
+        {"session":{"user":{"email":"user@example.com"}},"planType":"prolite"}
+        </script>
+        </body>
+        </html>
+        """
+        #expect(OpenAIDashboardParser.parsePlanFromHTML(html: html) == "Pro 5x")
+    }
+
+    @Test
+    func `parses credit events from table rows`() {
         let rows: [[String]] = [
             ["Dec 18, 2025", "CLI", "397.205 credits"],
             ["Dec 17, 2025", "GitHub Code Review", "506.235 credits"],
@@ -88,7 +138,27 @@ struct OpenAIDashboardParserTests {
     }
 
     @Test
-    func buildsDailyBreakdownFromEvents() throws {
+    func `parses credit event amount with localized credit label`() {
+        let rows: [[String]] = [
+            ["Dec 18, 2025", "CLI", "397,205 crédits"],
+        ]
+        let events = OpenAIDashboardParser.parseCreditEvents(rows: rows)
+        #expect(events.count == 1)
+        #expect(abs((events.first?.creditsUsed ?? 0) - 397.205) < 0.0001)
+    }
+
+    @Test
+    func `parses credit event amount with english comma thousands`() {
+        let rows: [[String]] = [
+            ["Dec 18, 2025", "CLI", "1,234 credits"],
+        ]
+        let events = OpenAIDashboardParser.parseCreditEvents(rows: rows)
+        #expect(events.count == 1)
+        #expect(events.first?.creditsUsed == 1234)
+    }
+
+    @Test
+    func `builds daily breakdown from events`() throws {
         let calendar = Calendar(identifier: .gregorian)
         var components = DateComponents()
         components.calendar = calendar
@@ -116,7 +186,7 @@ struct OpenAIDashboardParserTests {
     }
 
     @Test
-    func decodesSnapshotWithoutUsageBreakdownField() throws {
+    func `decodes snapshot without usage breakdown field`() throws {
         let json = """
         {
           "signedInEmail": "user@example.com",
@@ -131,4 +201,50 @@ struct OpenAIDashboardParserTests {
         let snapshot = try decoder.decode(OpenAIDashboardSnapshot.self, from: Data(json.utf8))
         #expect(snapshot.usageBreakdown.isEmpty)
     }
+
+    @Test
+    func `weekly only dashboard usage projects into secondary slot`() {
+        let snapshot = OpenAIDashboardSnapshot(
+            signedInEmail: "user@example.com",
+            codeReviewRemainingPercent: nil,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            primaryLimit: RateWindow(
+                usedPercent: 25,
+                windowMinutes: 10080,
+                resetsAt: nil,
+                resetDescription: nil),
+            secondaryLimit: nil,
+            creditsRemaining: nil,
+            accountPlan: "pro",
+            updatedAt: Date(timeIntervalSince1970: 1_700_000_000))
+
+        let usage = snapshot.toUsageSnapshot(provider: .codex)
+
+        #expect(usage?.primary == nil)
+        #expect(usage?.secondary?.usedPercent == 25)
+        #expect(usage?.secondary?.windowMinutes == 10080)
+        #expect(usage?.identity?.providerID == .codex)
+        #expect(usage?.identity?.accountEmail == "user@example.com")
+    }
+
+    @Test
+    func `dashboard usage projection returns nil when all limits are absent`() {
+        let snapshot = OpenAIDashboardSnapshot(
+            signedInEmail: "user@example.com",
+            codeReviewRemainingPercent: nil,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            primaryLimit: nil,
+            secondaryLimit: nil,
+            creditsRemaining: nil,
+            accountPlan: "pro",
+            updatedAt: Date(timeIntervalSince1970: 1_700_000_000))
+
+        #expect(snapshot.toUsageSnapshot(provider: .codex) == nil)
+    }
 }
diff --git a/Tests/CodexBarTests/OpenAIDashboardScrapeScriptTests.swift b/Tests/CodexBarTests/OpenAIDashboardScrapeScriptTests.swift
new file mode 100644
index 000000000..56901c24b
--- /dev/null
+++ b/Tests/CodexBarTests/OpenAIDashboardScrapeScriptTests.swift
@@ -0,0 +1,236 @@
+#if os(macOS)
+import Foundation
+import Testing
+import WebKit
+@testable import CodexBarCore
+
+@MainActor
+@Suite(.serialized)
+struct OpenAIDashboardScrapeScriptTests {
+    @Test
+    func `scraper returns structured account fields without full html`() async throws {
+        if Self.shouldSkipOnCI() { return }
+
+        let webView = WKWebView(frame: .zero, configuration: WKWebViewConfiguration())
+        _ = webView.loadHTMLString(Self.bootstrapAccountHTML, baseURL: nil)
+        try await Self.waitForFixture(webView, elementID: "account-fixture")
+
+        let any = try await webView.evaluateJavaScript(openAIDashboardScrapeScript)
+        let dict = try #require(any as? [String: Any])
+
+        #expect(dict["bodyHTML"] == nil)
+        #expect(dict["signedInEmail"] as? String == "user@example.com")
+        #expect(dict["authStatus"] as? String == "logged_in")
+        #expect(dict["accountPlan"] as? String == "Pro 5x")
+    }
+
+    @Test
+    func `usage breakdown scraper ignores neighboring client charts`() async throws {
+        if Self.shouldSkipOnCI() { return }
+
+        let webView = WKWebView(frame: .zero, configuration: WKWebViewConfiguration())
+        _ = webView.loadHTMLString(Self.multiChartHTML, baseURL: nil)
+        try await Self.waitForFixture(webView)
+
+        let any = try await webView.evaluateJavaScript(openAIDashboardScrapeScript)
+        let dict = try #require(any as? [String: Any])
+        let debug = dict["usageBreakdownDebug"] as? String
+        let raw = try #require(dict["usageBreakdownJSON"] as? String, "debug: \(debug ?? "nil")")
+        let decoded = try JSONDecoder().decode([OpenAIDashboardDailyBreakdown].self, from: Data(raw.utf8))
+
+        #expect(decoded.count == 1)
+        #expect(decoded.first?.day == "2026-05-01")
+        #expect(decoded.first?.totalCreditsUsed == 30)
+        #expect((decoded.first?.services.map(\.service) ?? []) == ["Desktop", "CLI"])
+    }
+
+    @Test
+    func `usage breakdown scraper reports wrong chart instead of accepting it`() async throws {
+        if Self.shouldSkipOnCI() { return }
+
+        let webView = WKWebView(frame: .zero, configuration: WKWebViewConfiguration())
+        _ = webView.loadHTMLString(Self.clientOnlyChartHTML, baseURL: nil)
+        try await Self.waitForFixture(webView, elementID: "client-chart")
+
+        let any = try await webView.evaluateJavaScript(openAIDashboardScrapeScript)
+        let dict = try #require(any as? [String: Any])
+
+        #expect((dict["usageBreakdownJSON"] as? String) == nil)
+        #expect((dict["usageBreakdownError"] as? String)?.contains("Threads and turns by client") == true)
+    }
+
+    @Test
+    func `usage breakdown scraper rejects non english chart titles`() async throws {
+        if Self.shouldSkipOnCI() { return }
+
+        let webView = WKWebView(frame: .zero, configuration: WKWebViewConfiguration())
+        _ = webView.loadHTMLString(Self.localizedUsageChartHTML, baseURL: nil)
+        try await Self.waitForFixture(webView)
+
+        let any = try await webView.evaluateJavaScript(openAIDashboardScrapeScript)
+        let dict = try #require(any as? [String: Any])
+
+        #expect((dict["usageBreakdownJSON"] as? String) == nil)
+        #expect(
+            (dict["usageBreakdownError"] as? String)?
+                .contains("No English usage breakdown chart title found") == true)
+    }
+
+    private static func shouldSkipOnCI() -> Bool {
+        let env = ProcessInfo.processInfo.environment
+        return env["GITHUB_ACTIONS"] == "true" || env["CI"] == "true"
+    }
+
+    private static func waitForFixture(_ webView: WKWebView, elementID: String = "usage-chart") async throws {
+        let deadline = Date().addingTimeInterval(2)
+        while Date() < deadline {
+            let loaded = try? await webView.evaluateJavaScript(
+                "document.getElementById('\(elementID)') !== null") as? Bool
+            if loaded == true { return }
+            try await Task.sleep(for: .milliseconds(50))
+        }
+    }
+
+    private static let bootstrapAccountHTML = """
+    <html>
+    <body>
+      <div id="account-fixture">Usage limits</div>
+      <script type="application/json" id="__NEXT_DATA__">
+      {
+        "props": {
+          "pageProps": {
+            "user": {
+              "email": "next@example.com"
+            }
+          }
+        },
+        "planType": "pro"
+      }
+      </script>
+      <script type="application/json" id="client-bootstrap">
+      {
+        "authStatus": "logged_in",
+        "session": {
+          "user": {
+            "email": "user@example.com"
+          }
+        },
+        "subscription": {
+          "tier": "Codex Pro Lite"
+        }
+      }
+      </script>
+    </body>
+    </html>
+    """
+
+    private static let multiChartHTML = """
+    <html>
+    <body>
+      <section>
+        <h2>Usage breakdown</h2>
+        <div>
+          <h3>Personal usage</h3>
+        </div>
+        <span>Daily threads by client</span>
+        <svg class="recharts-surface">
+          <g class="recharts-bar-rectangle">
+            <path id="usage-chart" class="recharts-rectangle" d="M0 0H10V10Z"></path>
+          </g>
+        </svg>
+      </section>
+      <section>
+        <h2>Product activity</h2>
+        <button type="button">1,000 threads</button>
+        <button type="button">2,000 turns</button>
+        <span>Daily threads by client</span>
+        <svg class="recharts-surface">
+          <g class="recharts-bar-rectangle">
+            <path id="client-chart" class="recharts-rectangle" d="M0 0H10V10Z"></path>
+          </g>
+        </svg>
+      </section>
+      <section>
+        <h2>Tokens by model</h2>
+        <svg class="recharts-surface">
+          <g class="recharts-bar-rectangle">
+            <path id="model-chart" class="recharts-rectangle" d="M0 0H10V10Z"></path>
+          </g>
+        </svg>
+      </section>
+      <script>
+        document.getElementById('client-chart')['__reactProps$test'] = {
+          dataKey: 'values',
+          payload: {
+            day: '2026-05-01',
+            values: { cli: 1000, desktop: 2000 }
+          }
+        };
+        document.getElementById('usage-chart')['__reactProps$test'] = {
+          dataKey: 'values',
+          payload: {
+            day: '2026-05-01',
+            values: { cli: 10, desktop: 20 }
+          }
+        };
+        document.getElementById('model-chart')['__reactProps$test'] = {
+          dataKey: 'values',
+          payload: {
+            day: '2026-05-01',
+            values: { cli: 1000, desktop: 2000, vscode: 3000 }
+          }
+        };
+      </script>
+    </body>
+    </html>
+    """
+
+    private static let clientOnlyChartHTML = """
+    <html>
+    <body>
+      <section>
+        <h2>Threads and turns by client</h2>
+        <svg class="recharts-surface">
+          <g class="recharts-bar-rectangle">
+            <path id="client-chart" class="recharts-rectangle" d="M0 0H10V10Z"></path>
+          </g>
+        </svg>
+      </section>
+      <script>
+        document.getElementById('client-chart')['__reactProps$test'] = {
+          dataKey: 'values',
+          payload: {
+            day: '2026-05-01',
+            values: { cli: 1000, desktop: 2000 }
+          }
+        };
+      </script>
+    </body>
+    </html>
+    """
+
+    private static let localizedUsageChartHTML = """
+    <html>
+    <body>
+      <section>
+        <h2>Desglose de uso</h2>
+        <svg class="recharts-surface">
+          <g class="recharts-bar-rectangle">
+            <path id="usage-chart" class="recharts-rectangle" d="M0 0H10V10Z"></path>
+          </g>
+        </svg>
+      </section>
+      <script>
+        document.getElementById('usage-chart')['__reactProps$test'] = {
+          dataKey: 'values',
+          payload: {
+            day: '2026-05-01',
+            values: { cli: 10, desktop: 20 }
+          }
+        };
+      </script>
+    </body>
+    </html>
+    """
+}
+#endif
diff --git a/Tests/CodexBarTests/OpenAIDashboardSparkTests.swift b/Tests/CodexBarTests/OpenAIDashboardSparkTests.swift
new file mode 100644
index 000000000..45ad343f8
--- /dev/null
+++ b/Tests/CodexBarTests/OpenAIDashboardSparkTests.swift
@@ -0,0 +1,232 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+/// Dashboard-path coverage for Codex `additional_rate_limits` (e.g. GPT-5.3-Codex-Spark): the
+/// OpenAI web dashboard usage API decodes the same `wham/usage` JSON as the OAuth path, so Spark
+/// limits must survive the `dashboardAPIData -> DashboardSnapshotComponents -> OpenAIDashboardSnapshot
+/// -> fromAttachedDashboard -> UsageSnapshot.extraRateWindows` chain without disturbing the
+/// existing primary/weekly/credits/plan mapping.
+struct OpenAIDashboardSparkTests {
+    private static func response(from json: String) throws -> CodexUsageResponse {
+        try JSONDecoder().decode(CodexUsageResponse.self, from: Data(json.utf8))
+    }
+
+    @Test
+    func `dashboard api data maps additional spark limit into extra windows`() throws {
+        let json = """
+        {
+          "plan_type": "pro",
+          "rate_limit": {
+            "primary_window": { "used_percent": 22, "reset_at": 1766948068, "limit_window_seconds": 18000 },
+            "secondary_window": { "used_percent": 43, "reset_at": 1767407914, "limit_window_seconds": 604800 }
+          },
+          "additional_rate_limits": [
+            {
+              "limit_name": "GPT-5.3-Codex-Spark",
+              "metered_feature": "gpt_5_3_codex_spark",
+              "rate_limit": {
+                "primary_window": { "used_percent": 30, "reset_at": 1766948068, "limit_window_seconds": 18000 },
+                "secondary_window": { "used_percent": 100, "reset_at": 1767407914, "limit_window_seconds": 604800 }
+              }
+            }
+          ]
+        }
+        """
+        let response = try Self.response(from: json)
+        let apiData = OpenAIDashboardFetcher.dashboardAPIData(from: response)
+        // Primary/weekly/credits/plan continue to map exactly as before.
+        #expect(apiData.primaryLimit?.usedPercent == 22)
+        #expect(apiData.secondaryLimit?.usedPercent == 43)
+        #expect(apiData.accountPlan == "pro")
+        // Spark surfaces with stable ids/titles for the additional 5-hour and weekly windows.
+        #expect(apiData.extraRateWindows.count == 2)
+        let spark = try #require(apiData.extraRateWindows.first)
+        #expect(spark.id == "codex-spark")
+        #expect(spark.title == "Codex Spark 5-hour")
+        #expect(spark.window.usedPercent == 30)
+        #expect(spark.window.windowMinutes == 300)
+        #expect(spark.window.resetsAt != nil)
+        let weekly = try #require(apiData.extraRateWindows.last)
+        #expect(weekly.id == "codex-spark-weekly")
+        #expect(weekly.title == "Codex Spark Weekly")
+        #expect(weekly.window.usedPercent == 100)
+        #expect(weekly.window.windowMinutes == 10080)
+        #expect(weekly.window.resetsAt != nil)
+    }
+
+    @Test
+    func `dashboard api data has empty extra windows when additional limits are absent`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": { "used_percent": 22, "reset_at": 1766948068, "limit_window_seconds": 18000 }
+          }
+        }
+        """
+        let response = try Self.response(from: json)
+        let apiData = OpenAIDashboardFetcher.dashboardAPIData(from: response)
+        #expect(apiData.primaryLimit?.usedPercent == 22)
+        #expect(apiData.extraRateWindows.isEmpty)
+    }
+
+    @Test
+    func `dashboard api data tolerates non array additional limits while keeping primary`() throws {
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": { "used_percent": 22, "reset_at": 1766948068, "limit_window_seconds": 18000 }
+          },
+          "additional_rate_limits": "unexpected"
+        }
+        """
+        let response = try Self.response(from: json)
+        let apiData = OpenAIDashboardFetcher.dashboardAPIData(from: response)
+        #expect(apiData.primaryLimit?.usedPercent == 22)
+        #expect(apiData.extraRateWindows.isEmpty)
+    }
+
+    @Test
+    func `dashboard api data keeps valid spark when a malformed sibling is present`() throws {
+        // Lossy per-element decode (shared with the OAuth path via CodexUsageResponse) means a single
+        // malformed entry cannot discard its valid siblings.
+        let json = """
+        {
+          "rate_limit": {
+            "primary_window": { "used_percent": 22, "reset_at": 1766948068, "limit_window_seconds": 18000 }
+          },
+          "additional_rate_limits": [
+            "garbage-not-an-object",
+            {
+              "limit_name": "GPT-5.3-Codex-Spark",
+              "metered_feature": "gpt_5_3_codex_spark",
+              "rate_limit": {
+                "primary_window": { "used_percent": 30, "reset_at": 1766948068, "limit_window_seconds": 18000 }
+              }
+            },
+            42
+          ]
+        }
+        """
+        let response = try Self.response(from: json)
+        let apiData = OpenAIDashboardFetcher.dashboardAPIData(from: response)
+        #expect(apiData.primaryLimit?.usedPercent == 22)
+        #expect(apiData.extraRateWindows.count == 1)
+        #expect(apiData.extraRateWindows.first?.id == "codex-spark")
+        #expect(apiData.extraRateWindows.first?.window.usedPercent == 30)
+    }
+
+    @Test
+    func `dashboard snapshot exposes extra rate windows via to usage snapshot`() throws {
+        let now = Date(timeIntervalSince1970: 1_766_948_000)
+        let snapshot = OpenAIDashboardSnapshot(
+            signedInEmail: "codex@example.com",
+            codeReviewRemainingPercent: nil,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            primaryLimit: RateWindow(
+                usedPercent: 22,
+                windowMinutes: 300,
+                resetsAt: now.addingTimeInterval(3600),
+                resetDescription: nil),
+            secondaryLimit: RateWindow(
+                usedPercent: 43,
+                windowMinutes: 10080,
+                resetsAt: now.addingTimeInterval(6 * 24 * 60 * 60),
+                resetDescription: nil),
+            extraRateWindows: [
+                NamedRateWindow(
+                    id: "codex-spark",
+                    title: "Codex Spark 5-hour",
+                    window: RateWindow(
+                        usedPercent: 30,
+                        windowMinutes: 300,
+                        resetsAt: now.addingTimeInterval(60 * 60),
+                        resetDescription: nil)),
+                NamedRateWindow(
+                    id: "codex-spark-weekly",
+                    title: "Codex Spark Weekly",
+                    window: RateWindow(
+                        usedPercent: 100,
+                        windowMinutes: 10080,
+                        resetsAt: now.addingTimeInterval(6 * 24 * 60 * 60),
+                        resetDescription: nil)),
+            ],
+            updatedAt: now)
+
+        let usage = try #require(snapshot.toUsageSnapshot(provider: .codex))
+        // Primary/weekly behavior preserved.
+        #expect(usage.primary?.usedPercent == 22)
+        #expect(usage.secondary?.usedPercent == 43)
+        // Spark surfaces through UsageSnapshot.extraRateWindows for dashboard-source users.
+        let extras = try #require(usage.extraRateWindows)
+        #expect(extras.map(\.id) == ["codex-spark", "codex-spark-weekly"])
+        #expect(extras.first?.window.usedPercent == 30)
+        #expect(extras.last?.window.usedPercent == 100)
+    }
+
+    @Test
+    func `dashboard snapshot codable round trips extra rate windows`() throws {
+        let now = Date(timeIntervalSince1970: 1_766_948_000)
+        let snapshot = OpenAIDashboardSnapshot(
+            signedInEmail: nil,
+            codeReviewRemainingPercent: nil,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            extraRateWindows: [
+                NamedRateWindow(
+                    id: "codex-spark",
+                    title: "Codex Spark 5-hour",
+                    window: RateWindow(
+                        usedPercent: 30,
+                        windowMinutes: 300,
+                        resetsAt: now.addingTimeInterval(60 * 60),
+                        resetDescription: nil)),
+                NamedRateWindow(
+                    id: "codex-spark-weekly",
+                    title: "Codex Spark Weekly",
+                    window: RateWindow(
+                        usedPercent: 100,
+                        windowMinutes: 10080,
+                        resetsAt: now.addingTimeInterval(6 * 24 * 60 * 60),
+                        resetDescription: nil)),
+            ],
+            updatedAt: now)
+
+        let encoder = JSONEncoder()
+        encoder.dateEncodingStrategy = .iso8601
+        let decoder = JSONDecoder()
+        decoder.dateDecodingStrategy = .iso8601
+
+        let data = try encoder.encode(snapshot)
+        let decoded = try decoder.decode(OpenAIDashboardSnapshot.self, from: data)
+        #expect(decoded.extraRateWindows?.map(\.id) == ["codex-spark", "codex-spark-weekly"])
+        #expect(decoded.extraRateWindows?.first?.window.usedPercent == 30)
+        #expect(decoded.extraRateWindows?.last?.window.usedPercent == 100)
+    }
+
+    @Test
+    func `dashboard snapshot decoder preserves absence of extra rate windows`() throws {
+        // Older cached snapshots predate the field; decoding such payloads must yield nil and never
+        // throw, so existing dashboard caches keep working.
+        let json = """
+        {
+          "signedInEmail": "codex@example.com",
+          "codeReviewRemainingPercent": null,
+          "creditEvents": [],
+          "dailyBreakdown": [],
+          "usageBreakdown": [],
+          "creditsPurchaseURL": null,
+          "updatedAt": "2026-04-30T19:27:07Z"
+        }
+        """
+        let decoder = JSONDecoder()
+        decoder.dateDecodingStrategy = .iso8601
+        let snapshot = try decoder.decode(OpenAIDashboardSnapshot.self, from: Data(json.utf8))
+        #expect(snapshot.extraRateWindows == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/OpenAIDashboardWebViewCacheTests.swift b/Tests/CodexBarTests/OpenAIDashboardWebViewCacheTests.swift
index c53cb7394..fb88a4103 100644
--- a/Tests/CodexBarTests/OpenAIDashboardWebViewCacheTests.swift
+++ b/Tests/CodexBarTests/OpenAIDashboardWebViewCacheTests.swift
@@ -12,10 +12,16 @@ import WebKit
 @MainActor
 @Suite(.serialized)
 struct OpenAIDashboardWebViewCacheTests {
+    private func shouldSkipOnCI() -> Bool {
+        let env = ProcessInfo.processInfo.environment
+        return env["GITHUB_ACTIONS"] == "true" || env["CI"] == "true"
+    }
+
     // MARK: - Data Store Identity Tests
 
-    @Test("WKWebsiteDataStore should return same instance for same email")
-    func dataStoreReturnsSameInstance() {
+    @Test
+    func `WKWebsiteDataStore should return same instance for same email`() {
+        if self.shouldSkipOnCI() { return }
         OpenAIDashboardWebsiteDataStore.clearCacheForTesting()
 
         let store1 = OpenAIDashboardWebsiteDataStore.store(forAccountEmail: "test@example.com")
@@ -34,8 +40,9 @@ struct OpenAIDashboardWebViewCacheTests {
 
     // MARK: - WebView Reuse Tests
 
-    @Test("WebView should be cached after release, not destroyed")
-    func webViewCachedAfterRelease() async throws {
+    @Test
+    func `WebView should be cached after release, not destroyed`() async throws {
+        if self.shouldSkipOnCI() { return }
         let cache = OpenAIDashboardWebViewCache()
         let store = WKWebsiteDataStore.nonPersistent()
         let url = try #require(URL(string: "about:blank"))
@@ -67,8 +74,9 @@ struct OpenAIDashboardWebViewCacheTests {
         cache.clearAllForTesting()
     }
 
-    @Test("Different data stores should have separate cached WebViews")
-    func separateCachesPerDataStore() async throws {
+    @Test
+    func `Different data stores should have separate cached WebViews`() async throws {
+        if self.shouldSkipOnCI() { return }
         let cache = OpenAIDashboardWebViewCache()
         let store1 = WKWebsiteDataStore.nonPersistent()
         let store2 = WKWebsiteDataStore.nonPersistent()
@@ -98,53 +106,146 @@ struct OpenAIDashboardWebViewCacheTests {
 
     // MARK: - Idle Timeout / Pruning Tests
 
-    @Test("WebView should be pruned after idle timeout")
-    func webViewPrunedAfterIdleTimeout() async throws {
+    @Test
+    func `WebView should be pruned after idle timeout`() {
+        if self.shouldSkipOnCI() { return }
         let cache = OpenAIDashboardWebViewCache()
         let store = WKWebsiteDataStore.nonPersistent()
-        let url = try #require(URL(string: "about:blank"))
-
-        // Acquire and release
-        let lease = try await cache.acquire(
-            websiteDataStore: store,
-            usageURL: url,
-            logger: nil)
-        lease.release()
+        cache.cacheEntryForTesting(websiteDataStore: store)
 
         #expect(cache.hasCachedEntry(for: store), "Should be cached immediately after release")
 
-        // Simulate time passing beyond idle timeout (10 minutes + buffer)
-        let futureTime = Date().addingTimeInterval(11 * 60)
+        // Simulate time passing beyond the configured idle timeout.
+        let futureTime = Date().addingTimeInterval(cache.idleTimeoutForTesting + 5)
         cache.pruneForTesting(now: futureTime)
 
         #expect(!cache.hasCachedEntry(for: store), "Should be pruned after idle timeout")
         #expect(cache.entryCount == 0, "Should have no cached entries after prune")
     }
 
-    @Test("Recently used WebView should not be pruned")
-    func recentlyUsedWebViewNotPruned() async throws {
+    @Test
+    func `Recently used WebView should not be pruned`() {
+        if self.shouldSkipOnCI() { return }
+        let cache = OpenAIDashboardWebViewCache()
+        let store = WKWebsiteDataStore.nonPersistent()
+        cache.cacheEntryForTesting(websiteDataStore: store)
+
+        // Simulate time passing comfortably within the configured idle timeout.
+        let nearFutureTime = Date().addingTimeInterval(max(1, cache.idleTimeoutForTesting / 2))
+        cache.pruneForTesting(now: nearFutureTime)
+
+        #expect(cache.hasCachedEntry(for: store), "Should still be cached within idle timeout")
+        cache.clearAllForTesting()
+    }
+
+    @Test
+    func `Preserved page handoff is consumed only once`() {
+        if self.shouldSkipOnCI() { return }
+        let cache = OpenAIDashboardWebViewCache()
+        let store = WKWebsiteDataStore.nonPersistent()
+        cache.cacheEntryForTesting(websiteDataStore: store)
+        cache.markPreservedPageForTesting(
+            websiteDataStore: store,
+            expiresAt: Date().addingTimeInterval(cache.preservedPageHandoffTimeoutForTesting))
+
+        #expect(cache.hasPreservedPageForTesting(for: store), "Expected preserved page handoff to be armed")
+        #expect(cache.consumePreservedPageForTesting(websiteDataStore: store), "First acquire should reuse handoff")
+        #expect(
+            !cache.consumePreservedPageForTesting(websiteDataStore: store),
+            "Second acquire should not keep reusing preserved page")
+
+        cache.clearAllForTesting()
+    }
+
+    @Test
+    func `Expired preserved page is cleared before idle eviction`() {
+        if self.shouldSkipOnCI() { return }
+        let cache = OpenAIDashboardWebViewCache()
+        let store = WKWebsiteDataStore.nonPersistent()
+        cache.cacheEntryForTesting(websiteDataStore: store)
+        cache.markPreservedPageForTesting(
+            websiteDataStore: store,
+            expiresAt: Date().addingTimeInterval(1))
+
+        let afterExpiry = Date().addingTimeInterval(cache.preservedPageHandoffTimeoutForTesting + 1)
+        cache.pruneForTesting(now: afterExpiry)
+
+        #expect(!cache.hasPreservedPageForTesting(for: store), "Expired preserved page should be cleared")
+        #expect(cache.hasCachedEntry(for: store), "Entry should remain cached after page handoff expires")
+
+        cache.clearAllForTesting()
+    }
+
+    @Test
+    func `Preserved page expiry is scheduled without future cache activity`() async throws {
+        if self.shouldSkipOnCI() { return }
+        let cache = OpenAIDashboardWebViewCache()
+        let store = WKWebsiteDataStore.nonPersistent()
+        let webView = cache.cacheEntryForTesting(websiteDataStore: store)
+
+        _ = webView.loadHTMLString("<html><body>alive</body></html>", baseURL: nil)
+        try? await Task.sleep(for: .milliseconds(150))
+
+        cache.markPreservedPageForTesting(
+            websiteDataStore: store,
+            expiresAt: Date().addingTimeInterval(0.2))
+
+        #expect(cache.hasPreservedPageForTesting(for: store), "Expected preserved page handoff to be armed")
+
+        var bodyText: String?
+        let deadline = Date().addingTimeInterval(2)
+        repeat {
+            try? await Task.sleep(for: .milliseconds(100))
+            bodyText = try await webView.evaluateJavaScript(
+                "document.body ? String(document.body.innerText || '') : ''") as? String
+        } while (cache.hasPreservedPageForTesting(for: store) || bodyText?.isEmpty != true) && Date() < deadline
+
+        #expect(!cache.hasPreservedPageForTesting(for: store), "Expected scheduled expiry to clear preserved page")
+        #expect(bodyText?.isEmpty == true, "Expected scheduled expiry to detach the preserved page to about:blank")
+
+        cache.clearAllForTesting()
+    }
+
+    @Test
+    func `Reused page reset clears one shot scraper globals`() async throws {
+        if self.shouldSkipOnCI() { return }
         let cache = OpenAIDashboardWebViewCache()
         let store = WKWebsiteDataStore.nonPersistent()
         let url = try #require(URL(string: "about:blank"))
 
-        // Acquire and release
         let lease = try await cache.acquire(
             websiteDataStore: store,
             usageURL: url,
             logger: nil)
-        lease.release()
 
-        // Simulate time passing within idle timeout (5 minutes)
-        let nearFutureTime = Date().addingTimeInterval(5 * 60)
-        cache.pruneForTesting(now: nearFutureTime)
+        _ = try await lease.webView.evaluateJavaScript(
+            """
+            window.__codexbarDidScrollToCredits = true;
+            window.__codexbarUsageBreakdownJSON = '[{"day":"2026-04-19"}]';
+            window.__codexbarUsageBreakdownDebug = 'debug';
+            true;
+            """)
 
-        #expect(cache.hasCachedEntry(for: store), "Should still be cached within idle timeout")
+        #expect(await cache.resetReusablePageStateForTesting(lease.webView))
+
+        let reset = try await lease.webView.evaluateJavaScript(
+            """
+            typeof window.__codexbarDidScrollToCredits === 'undefined' &&
+            typeof window.__codexbarUsageBreakdownJSON === 'undefined' &&
+            typeof window.__codexbarUsageBreakdownDebug === 'undefined'
+            """) as? Bool
+
+        #expect(reset == true, "Expected one-shot scraper globals to be cleared before reuse")
+
+        lease.release()
+        cache.clearAllForTesting()
     }
 
     // MARK: - Eviction Tests
 
-    @Test("Evict should remove specific WebView from cache")
-    func evictRemovesSpecificWebView() async throws {
+    @Test
+    func `Evict should remove specific WebView from cache`() async throws {
+        if self.shouldSkipOnCI() { return }
         let cache = OpenAIDashboardWebViewCache()
         let store1 = WKWebsiteDataStore.nonPersistent()
         let store2 = WKWebsiteDataStore.nonPersistent()
@@ -168,10 +269,55 @@ struct OpenAIDashboardWebViewCacheTests {
         cache.clearAllForTesting()
     }
 
+    @Test
+    func `Evicted WebView should not be reused on next acquire`() async throws {
+        if self.shouldSkipOnCI() { return }
+        let cache = OpenAIDashboardWebViewCache()
+        let store = WKWebsiteDataStore.nonPersistent()
+        let url = try #require(URL(string: "about:blank"))
+
+        let lease1 = try await cache.acquire(websiteDataStore: store, usageURL: url, logger: nil)
+        let webView1 = lease1.webView
+        lease1.release()
+
+        cache.evict(websiteDataStore: store)
+
+        let lease2 = try await cache.acquire(websiteDataStore: store, usageURL: url, logger: nil)
+        let webView2 = lease2.webView
+
+        #expect(webView1 !== webView2, "Acquire after eviction should create a fresh WebView")
+
+        lease2.release()
+        cache.clearAllForTesting()
+    }
+
+    @Test
+    func `Evict all should remove every cached WebView`() async throws {
+        if self.shouldSkipOnCI() { return }
+        let cache = OpenAIDashboardWebViewCache()
+        let store1 = WKWebsiteDataStore.nonPersistent()
+        let store2 = WKWebsiteDataStore.nonPersistent()
+        let url = try #require(URL(string: "about:blank"))
+
+        let lease1 = try await cache.acquire(websiteDataStore: store1, usageURL: url, logger: nil)
+        lease1.release()
+        let lease2 = try await cache.acquire(websiteDataStore: store2, usageURL: url, logger: nil)
+        lease2.release()
+
+        #expect(cache.entryCount == 2, "Should have two cached entries")
+
+        cache.evictAll()
+
+        #expect(cache.entryCount == 0, "Evict all should remove every cached entry")
+        #expect(!cache.hasCachedEntry(for: store1), "First store should be evicted")
+        #expect(!cache.hasCachedEntry(for: store2), "Second store should be evicted")
+    }
+
     // MARK: - Busy WebView Tests
 
-    @Test("Busy WebView should create temporary WebView for concurrent access")
-    func busyWebViewCreatesTemporary() async throws {
+    @Test
+    func `Busy WebView should create temporary WebView for concurrent access`() async throws {
+        if self.shouldSkipOnCI() { return }
         let cache = OpenAIDashboardWebViewCache()
         let store = WKWebsiteDataStore.nonPersistent()
         let url = try #require(URL(string: "about:blank"))
@@ -205,8 +351,9 @@ struct OpenAIDashboardWebViewCacheTests {
 
     // MARK: - Network Traffic Regression Prevention
 
-    @Test("Multiple sequential fetches should reuse same WebView (network optimization)")
-    func sequentialFetchesReuseWebView() async throws {
+    @Test
+    func `Multiple sequential fetches should reuse same WebView (network optimization)`() async throws {
+        if self.shouldSkipOnCI() { return }
         let cache = OpenAIDashboardWebViewCache()
         let store = WKWebsiteDataStore.nonPersistent()
         let url = try #require(URL(string: "about:blank"))
@@ -239,8 +386,9 @@ struct OpenAIDashboardWebViewCacheTests {
 
     // MARK: - Integration Test with Real Data Store Factory
 
-    @Test("Sequential fetches with OpenAIDashboardWebsiteDataStore should reuse WebView")
-    func sequentialFetchesWithRealDataStoreFactory() async throws {
+    @Test
+    func `Sequential fetches with OpenAIDashboardWebsiteDataStore should reuse WebView`() async throws {
+        if self.shouldSkipOnCI() { return }
         OpenAIDashboardWebsiteDataStore.clearCacheForTesting()
         let cache = OpenAIDashboardWebViewCache()
         let url = try #require(URL(string: "about:blank"))
diff --git a/Tests/CodexBarTests/OpenAIWebAccountSwitchTests.swift b/Tests/CodexBarTests/OpenAIWebAccountSwitchTests.swift
index 7113583f5..b3a29b839 100644
--- a/Tests/CodexBarTests/OpenAIWebAccountSwitchTests.swift
+++ b/Tests/CodexBarTests/OpenAIWebAccountSwitchTests.swift
@@ -4,10 +4,9 @@ import Testing
 @testable import CodexBar
 
 @MainActor
-@Suite
 struct OpenAIWebAccountSwitchTests {
     @Test
-    func clearsDashboardWhenCodexEmailChanges() {
+    func `clears dashboard when codex email changes`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "OpenAIWebAccountSwitchTests-clears"),
             zaiTokenStore: NoopZaiTokenStore(),
@@ -36,7 +35,7 @@ struct OpenAIWebAccountSwitchTests {
     }
 
     @Test
-    func keepsDashboardWhenCodexEmailStaysSame() {
+    func `keeps dashboard when codex email stays same`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "OpenAIWebAccountSwitchTests-keeps"),
             zaiTokenStore: NoopZaiTokenStore(),
diff --git a/Tests/CodexBarTests/OpenAIWebRefreshGateTests.swift b/Tests/CodexBarTests/OpenAIWebRefreshGateTests.swift
new file mode 100644
index 000000000..eead8bb84
--- /dev/null
+++ b/Tests/CodexBarTests/OpenAIWebRefreshGateTests.swift
@@ -0,0 +1,113 @@
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct OpenAIWebRefreshGateTests {
+    @Test
+    func `Battery saver keeps background OpenAI web refreshes off`() {
+        let shouldRun = UsageStore.shouldRunOpenAIWebRefresh(.init(
+            accessEnabled: true,
+            batterySaverEnabled: true,
+            force: false))
+
+        #expect(shouldRun == false)
+    }
+
+    @Test
+    func `Disabling battery saver restores normal OpenAI web refreshes`() {
+        let shouldRun = UsageStore.shouldRunOpenAIWebRefresh(.init(
+            accessEnabled: true,
+            batterySaverEnabled: false,
+            force: false))
+
+        #expect(shouldRun == true)
+    }
+
+    @Test
+    func `Manual refresh still forces OpenAI web refreshes with battery saver enabled`() {
+        let shouldRun = UsageStore.shouldRunOpenAIWebRefresh(.init(
+            accessEnabled: true,
+            batterySaverEnabled: true,
+            force: true))
+
+        #expect(shouldRun == true)
+    }
+
+    @Test
+    func `Battery saver stale-submenu refresh respects the cooldown`() {
+        let shouldForce = UsageStore.forceOpenAIWebRefreshForStaleRequest(batterySaverEnabled: true)
+
+        #expect(shouldForce == false)
+    }
+
+    @Test
+    func `Normal stale-submenu refresh still forces when battery saver is off`() {
+        let shouldForce = UsageStore.forceOpenAIWebRefreshForStaleRequest(batterySaverEnabled: false)
+
+        #expect(shouldForce == true)
+    }
+
+    @Test
+    func `Recent successful dashboard refresh stays throttled`() {
+        let now = Date()
+
+        let shouldSkip = UsageStore.shouldSkipOpenAIWebRefresh(.init(
+            force: false,
+            accountDidChange: false,
+            lastError: nil,
+            lastSnapshotAt: now.addingTimeInterval(-60),
+            lastAttemptAt: now.addingTimeInterval(-60),
+            now: now,
+            refreshInterval: 300))
+
+        #expect(shouldSkip == true)
+    }
+
+    @Test
+    func `Recent failed dashboard refresh also stays throttled`() {
+        let now = Date()
+
+        let shouldSkip = UsageStore.shouldSkipOpenAIWebRefresh(.init(
+            force: false,
+            accountDidChange: false,
+            lastError: "login required",
+            lastSnapshotAt: nil,
+            lastAttemptAt: now.addingTimeInterval(-60),
+            now: now,
+            refreshInterval: 300))
+
+        #expect(shouldSkip == true)
+    }
+
+    @Test
+    func `Force refresh bypasses throttle after failures`() {
+        let now = Date()
+
+        let shouldSkip = UsageStore.shouldSkipOpenAIWebRefresh(.init(
+            force: true,
+            accountDidChange: false,
+            lastError: "login required",
+            lastSnapshotAt: nil,
+            lastAttemptAt: now.addingTimeInterval(-60),
+            now: now,
+            refreshInterval: 300))
+
+        #expect(shouldSkip == false)
+    }
+
+    @Test
+    func `Account switches bypass the prior-attempt cooldown`() {
+        let now = Date()
+
+        let shouldSkip = UsageStore.shouldSkipOpenAIWebRefresh(.init(
+            force: false,
+            accountDidChange: true,
+            lastError: "mismatch",
+            lastSnapshotAt: nil,
+            lastAttemptAt: now.addingTimeInterval(-60),
+            now: now,
+            refreshInterval: 300))
+
+        #expect(shouldSkip == false)
+    }
+}
diff --git a/Tests/CodexBarTests/OpenCodeGoLocalUsageReaderTests.swift b/Tests/CodexBarTests/OpenCodeGoLocalUsageReaderTests.swift
new file mode 100644
index 000000000..ca060b0a3
--- /dev/null
+++ b/Tests/CodexBarTests/OpenCodeGoLocalUsageReaderTests.swift
@@ -0,0 +1,299 @@
+#if os(macOS)
+
+import Foundation
+import SQLite3
+import Testing
+@testable import CodexBarCore
+
+struct OpenCodeGoLocalUsageReaderTests {
+    @Test
+    func `reads local OpenCode Go history into usage windows`() throws {
+        let env = try Self.makeEnvironment()
+        defer { try? FileManager.default.removeItem(at: env.root) }
+
+        try Self.writeAuth(to: env.authURL)
+        try Self.createDatabase(at: env.databaseURL)
+        try Self.insertMessage(
+            databaseURL: env.databaseURL,
+            createdMs: Self.ms("2026-03-06T11:00:00.000Z"),
+            cost: 3.0)
+        try Self.insertMessage(
+            databaseURL: env.databaseURL,
+            createdMs: Self.ms("2026-03-05T12:00:00.000Z"),
+            cost: 6.0)
+        try Self.insertMessage(
+            databaseURL: env.databaseURL,
+            createdMs: Self.ms("2026-02-25T07:53:16.000Z"),
+            cost: 2.0)
+
+        let reader = OpenCodeGoLocalUsageReader(authURL: env.authURL, databaseURL: env.databaseURL)
+        let snapshot = try reader.fetch(now: Date(timeIntervalSince1970: 1_772_798_400))
+
+        #expect(snapshot.rollingUsagePercent == 25)
+        #expect(snapshot.weeklyUsagePercent == 30)
+        #expect(snapshot.monthlyUsagePercent == 18.3)
+        #expect(snapshot.rollingResetInSec == 14400)
+        #expect(snapshot.weeklyResetInSec == 216_000)
+        #expect(snapshot.monthlyResetInSec == 1_626_796)
+    }
+
+    @Test
+    func `auth without history falls through to web strategy`() throws {
+        let env = try Self.makeEnvironment()
+        defer { try? FileManager.default.removeItem(at: env.root) }
+
+        try Self.writeAuth(to: env.authURL)
+
+        let reader = OpenCodeGoLocalUsageReader(authURL: env.authURL, databaseURL: env.databaseURL)
+
+        #expect(throws: OpenCodeGoLocalUsageError.historyUnavailable("database not found")) {
+            _ = try reader.fetch(now: Date(timeIntervalSince1970: 1_772_798_400))
+        }
+    }
+
+    @Test
+    func `auth with unreadable history falls through to web strategy`() throws {
+        let env = try Self.makeEnvironment()
+        defer { try? FileManager.default.removeItem(at: env.root) }
+
+        try Self.writeAuth(to: env.authURL)
+        var db: OpaquePointer?
+        guard sqlite3_open(env.databaseURL.path, &db) == SQLITE_OK else { throw SQLiteTestError.open }
+        sqlite3_close(db)
+
+        let reader = OpenCodeGoLocalUsageReader(authURL: env.authURL, databaseURL: env.databaseURL)
+
+        #expect(throws: OpenCodeGoLocalUsageError.self) {
+            _ = try reader.fetch(now: Date(timeIntervalSince1970: 1_772_798_400))
+        }
+    }
+
+    @Test
+    func `monthly window keeps original anchor after shorter month clamp`() throws {
+        let env = try Self.makeEnvironment()
+        defer { try? FileManager.default.removeItem(at: env.root) }
+
+        try Self.writeAuth(to: env.authURL)
+        try Self.createDatabase(at: env.databaseURL)
+        try Self.insertMessage(
+            databaseURL: env.databaseURL,
+            createdMs: Self.ms("2026-01-31T00:00:00.000Z"),
+            cost: 1.0)
+        try Self.insertMessage(
+            databaseURL: env.databaseURL,
+            createdMs: Self.ms("2026-03-29T10:00:00.000Z"),
+            cost: 6.0)
+
+        let reader = OpenCodeGoLocalUsageReader(authURL: env.authURL, databaseURL: env.databaseURL)
+        let now = Date(timeIntervalSince1970: TimeInterval(Self.ms("2026-03-29T12:00:00.000Z")) / 1000)
+        let snapshot = try reader.fetch(now: now)
+
+        #expect(snapshot.monthlyUsagePercent == 10)
+        #expect(snapshot.monthlyResetInSec == 129_600)
+    }
+
+    @Test
+    func `reads step finish parts when message only stores metadata`() throws {
+        let env = try Self.makeEnvironment()
+        defer { try? FileManager.default.removeItem(at: env.root) }
+
+        try Self.writeAuth(to: env.authURL)
+        try Self.createDatabase(at: env.databaseURL)
+        let messageID = try Self.insertMessage(
+            databaseURL: env.databaseURL,
+            createdMs: Self.ms("2026-03-06T11:00:00.000Z"),
+            cost: nil)
+        try Self.insertStepFinishPart(
+            databaseURL: env.databaseURL,
+            messageID: messageID,
+            createdMs: Self.ms("2026-03-06T11:00:00.000Z"),
+            cost: 3.0)
+
+        let reader = OpenCodeGoLocalUsageReader(authURL: env.authURL, databaseURL: env.databaseURL)
+        let snapshot = try reader.fetch(now: Date(timeIntervalSince1970: 1_772_798_400))
+
+        #expect(snapshot.rollingUsagePercent == 25)
+        #expect(snapshot.weeklyUsagePercent == 10)
+        #expect(snapshot.monthlyUsagePercent == 5)
+    }
+
+    @Test
+    func `does not double count step finish parts when message has cost`() throws {
+        let env = try Self.makeEnvironment()
+        defer { try? FileManager.default.removeItem(at: env.root) }
+
+        try Self.writeAuth(to: env.authURL)
+        try Self.createDatabase(at: env.databaseURL)
+        let messageID = try Self.insertMessage(
+            databaseURL: env.databaseURL,
+            createdMs: Self.ms("2026-03-06T11:00:00.000Z"),
+            cost: 3.0)
+        try Self.insertStepFinishPart(
+            databaseURL: env.databaseURL,
+            messageID: messageID,
+            createdMs: Self.ms("2026-03-06T11:00:00.000Z"),
+            cost: 3.0)
+
+        let reader = OpenCodeGoLocalUsageReader(authURL: env.authURL, databaseURL: env.databaseURL)
+        let snapshot = try reader.fetch(now: Date(timeIntervalSince1970: 1_772_798_400))
+
+        #expect(snapshot.rollingUsagePercent == 25)
+        #expect(snapshot.weeklyUsagePercent == 10)
+        #expect(snapshot.monthlyUsagePercent == 5)
+    }
+
+    @Test
+    func `missing auth and history is not detected`() throws {
+        let env = try Self.makeEnvironment()
+        defer { try? FileManager.default.removeItem(at: env.root) }
+
+        let reader = OpenCodeGoLocalUsageReader(authURL: env.authURL, databaseURL: env.databaseURL)
+
+        #expect(throws: OpenCodeGoLocalUsageError.notDetected) {
+            _ = try reader.fetch(now: Date(timeIntervalSince1970: 1_772_798_400))
+        }
+    }
+
+    private static func makeEnvironment() throws -> (root: URL, authURL: URL, databaseURL: URL) {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent("OpenCodeGoLocalUsageReaderTests-\(UUID().uuidString)", isDirectory: true)
+        let directory = root
+            .appendingPathComponent(".local", isDirectory: true)
+            .appendingPathComponent("share", isDirectory: true)
+            .appendingPathComponent("opencode", isDirectory: true)
+        try FileManager.default.createDirectory(at: directory, withIntermediateDirectories: true)
+        return (
+            root,
+            directory.appendingPathComponent("auth.json", isDirectory: false),
+            directory.appendingPathComponent("opencode.db", isDirectory: false))
+    }
+
+    private static func writeAuth(to url: URL) throws {
+        let data = Data(#"{"opencode-go":{"type":"api-key","key":"go-key"}}"#.utf8)
+        try data.write(to: url)
+    }
+
+    private static func createDatabase(at url: URL) throws {
+        var db: OpaquePointer?
+        guard sqlite3_open(url.path, &db) == SQLITE_OK else { throw SQLiteTestError.open }
+        defer { sqlite3_close(db) }
+        try Self.exec(
+            db: db,
+            sql: """
+                CREATE TABLE message (
+                  id TEXT PRIMARY KEY,
+                  session_id TEXT NOT NULL,
+                  data TEXT NOT NULL,
+                  time_created INTEGER,
+                  time_updated INTEGER
+                );
+                CREATE TABLE part (
+                  id TEXT PRIMARY KEY,
+                  message_id TEXT NOT NULL,
+                  session_id TEXT NOT NULL,
+                  data TEXT NOT NULL,
+                  time_created INTEGER,
+                  time_updated INTEGER
+                );
+            """)
+    }
+
+    @discardableResult
+    private static func insertMessage(databaseURL: URL, createdMs: Int64, cost: Double?) throws -> String {
+        var db: OpaquePointer?
+        guard sqlite3_open(databaseURL.path, &db) == SQLITE_OK else { throw SQLiteTestError.open }
+        defer { sqlite3_close(db) }
+
+        let messageID = UUID().uuidString
+        var payload: [String: Any] = [
+            "providerID": "opencode-go",
+            "role": "assistant",
+            "time": ["created": createdMs],
+        ]
+        if let cost {
+            payload["cost"] = cost
+        }
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let json = String(data: data, encoding: .utf8) ?? "{}"
+
+        var stmt: OpaquePointer?
+        guard sqlite3_prepare_v2(
+            db,
+            "INSERT INTO message (id, session_id, data, time_created, time_updated) VALUES (?, ?, ?, ?, ?)",
+            -1,
+            &stmt,
+            nil) == SQLITE_OK
+        else { throw SQLiteTestError.prepare }
+        defer { sqlite3_finalize(stmt) }
+
+        let transient = unsafeBitCast(-1, to: sqlite3_destructor_type.self)
+        sqlite3_bind_text(stmt, 1, messageID, -1, transient)
+        sqlite3_bind_text(stmt, 2, "session-1", -1, transient)
+        sqlite3_bind_text(stmt, 3, json, -1, transient)
+        sqlite3_bind_int64(stmt, 4, createdMs)
+        sqlite3_bind_int64(stmt, 5, createdMs)
+        guard sqlite3_step(stmt) == SQLITE_DONE else { throw SQLiteTestError.step }
+        return messageID
+    }
+
+    private static func insertStepFinishPart(
+        databaseURL: URL,
+        messageID: String,
+        createdMs: Int64,
+        cost: Double) throws
+    {
+        var db: OpaquePointer?
+        guard sqlite3_open(databaseURL.path, &db) == SQLITE_OK else { throw SQLiteTestError.open }
+        defer { sqlite3_close(db) }
+
+        let payload: [String: Any] = [
+            "type": "step-finish",
+            "cost": cost,
+            "tokens": ["input": 1, "output": 1, "total": 2],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let json = String(data: data, encoding: .utf8) ?? "{}"
+
+        var stmt: OpaquePointer?
+        guard sqlite3_prepare_v2(
+            db,
+            "INSERT INTO part (id, message_id, session_id, data, time_created, time_updated) VALUES (?, ?, ?, ?, ?, ?)",
+            -1,
+            &stmt,
+            nil) == SQLITE_OK
+        else { throw SQLiteTestError.prepare }
+        defer { sqlite3_finalize(stmt) }
+
+        let transient = unsafeBitCast(-1, to: sqlite3_destructor_type.self)
+        sqlite3_bind_text(stmt, 1, UUID().uuidString, -1, transient)
+        sqlite3_bind_text(stmt, 2, messageID, -1, transient)
+        sqlite3_bind_text(stmt, 3, "session-1", -1, transient)
+        sqlite3_bind_text(stmt, 4, json, -1, transient)
+        sqlite3_bind_int64(stmt, 5, createdMs)
+        sqlite3_bind_int64(stmt, 6, createdMs)
+        guard sqlite3_step(stmt) == SQLITE_DONE else { throw SQLiteTestError.step }
+    }
+
+    private static func exec(db: OpaquePointer?, sql: String) throws {
+        var message: UnsafeMutablePointer<CChar>?
+        guard sqlite3_exec(db, sql, nil, nil, &message) == SQLITE_OK else {
+            sqlite3_free(message)
+            throw SQLiteTestError.exec
+        }
+    }
+
+    private static func ms(_ iso: String) -> Int64 {
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        return Int64((formatter.date(from: iso)?.timeIntervalSince1970 ?? 0) * 1000)
+    }
+
+    private enum SQLiteTestError: Error {
+        case open
+        case prepare
+        case step
+        case exec
+    }
+}
+
+#endif
diff --git a/Tests/CodexBarTests/OpenCodeGoMenuCardModelTests.swift b/Tests/CodexBarTests/OpenCodeGoMenuCardModelTests.swift
new file mode 100644
index 000000000..a73d650b9
--- /dev/null
+++ b/Tests/CodexBarTests/OpenCodeGoMenuCardModelTests.swift
@@ -0,0 +1,89 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct OpenCodeGoMenuCardModelTests {
+    @Test
+    func `zen balance renders as optional balance`() throws {
+        let now = Date()
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 12, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 34, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            tertiary: nil,
+            providerCost: ProviderCostSnapshot(
+                used: 98.76,
+                limit: 0,
+                currencyCode: "USD",
+                period: "Zen balance",
+                updatedAt: now),
+            updatedAt: now,
+            identity: nil)
+        let metadata = try #require(ProviderDefaults.metadata[.opencodego])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .opencodego,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: true,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.providerCost?.title == "Zen balance")
+        #expect(model.providerCost?.spendLine == "Balance: $98.76")
+        #expect(model.providerCost?.percentUsed == nil)
+        #expect(model.providerCost?.percentLine == nil)
+    }
+
+    @Test
+    func `zen balance hides when optional usage is disabled`() throws {
+        let now = Date()
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            tertiary: nil,
+            providerCost: ProviderCostSnapshot(
+                used: 98.76,
+                limit: 0,
+                currencyCode: "USD",
+                period: "Zen balance",
+                updatedAt: now),
+            updatedAt: now,
+            identity: nil)
+        let metadata = try #require(ProviderDefaults.metadata[.opencodego])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .opencodego,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: true,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: false,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.providerCost == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/OpenCodeGoProviderStrategyTests.swift b/Tests/CodexBarTests/OpenCodeGoProviderStrategyTests.swift
new file mode 100644
index 000000000..4c4d4d398
--- /dev/null
+++ b/Tests/CodexBarTests/OpenCodeGoProviderStrategyTests.swift
@@ -0,0 +1,64 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct OpenCodeGoProviderStrategyTests {
+    private struct StubClaudeFetcher: ClaudeUsageFetching {
+        func loadLatestUsage(model _: String) async throws -> ClaudeUsageSnapshot {
+            throw ClaudeUsageError.parseFailed("stub")
+        }
+
+        func debugRawProbe(model _: String) async -> String {
+            "stub"
+        }
+
+        func detectVersion() -> String? {
+            nil
+        }
+    }
+
+    private func makeContext(sourceMode: ProviderSourceMode = .auto) -> ProviderFetchContext {
+        let env: [String: String] = [:]
+        return ProviderFetchContext(
+            runtime: .app,
+            sourceMode: sourceMode,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: nil,
+            fetcher: UsageFetcher(environment: env),
+            claudeFetcher: StubClaudeFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0))
+    }
+
+    @Test
+    func `auto source prefers web before local fallback`() async {
+        let descriptor = OpenCodeGoProviderDescriptor.makeDescriptor()
+        let strategies = await descriptor.fetchPlan.pipeline.resolveStrategies(self.makeContext())
+
+        #expect(strategies.map(\.id) == ["opencodego.web", "opencodego.local"])
+    }
+
+    @Test
+    func `web source does not include local fallback`() async {
+        let descriptor = OpenCodeGoProviderDescriptor.makeDescriptor()
+        let strategies = await descriptor.fetchPlan.pipeline.resolveStrategies(self.makeContext(sourceMode: .web))
+
+        #expect(strategies.map(\.id) == ["opencodego.web"])
+    }
+
+    @Test
+    func `web strategy falls back to local only for auth setup failures in auto mode`() {
+        let strategy = OpenCodeGoUsageFetchStrategy()
+        let autoContext = self.makeContext()
+        let webContext = self.makeContext(sourceMode: .web)
+
+        #expect(strategy.shouldFallback(on: OpenCodeGoSettingsError.missingCookie, context: autoContext))
+        #expect(strategy.shouldFallback(on: OpenCodeGoSettingsError.invalidCookie, context: autoContext))
+        #expect(strategy.shouldFallback(on: OpenCodeGoUsageError.invalidCredentials, context: autoContext))
+        #expect(!strategy.shouldFallback(on: OpenCodeGoUsageError.networkError("timeout"), context: autoContext))
+        #expect(!strategy.shouldFallback(on: OpenCodeGoSettingsError.missingCookie, context: webContext))
+    }
+}
diff --git a/Tests/CodexBarTests/OpenCodeGoUsageFetcherErrorTests.swift b/Tests/CodexBarTests/OpenCodeGoUsageFetcherErrorTests.swift
new file mode 100644
index 000000000..131bfddd1
--- /dev/null
+++ b/Tests/CodexBarTests/OpenCodeGoUsageFetcherErrorTests.swift
@@ -0,0 +1,578 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct OpenCodeGoUsageFetcherErrorTests {
+    @Test
+    func `dashboard URL uses normalized workspace ID`() {
+        #expect(
+            OpenCodeGoUsageFetcher.dashboardURL(workspaceID: "https://opencode.ai/workspace/wrk_abc123/go")
+                .absoluteString == "https://opencode.ai/workspace/wrk_abc123/go")
+        #expect(
+            OpenCodeGoUsageFetcher.dashboardURL(workspaceID: "workspace=wrk_def456")
+                .absoluteString == "https://opencode.ai/workspace/wrk_def456/go")
+        #expect(
+            OpenCodeGoUsageFetcher.dashboardURL(workspaceID: nil)
+                .absoluteString == "https://opencode.ai")
+    }
+
+    private struct UsageWindow {
+        let percent: Double
+        let resetInSec: Int
+    }
+
+    private func makeSession() -> URLSession {
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [OpenCodeGoStubURLProtocol.self]
+        return URLSession(configuration: config)
+    }
+
+    @Test
+    func `redirect guard allows only same-host https redirects`() {
+        #expect(OpenCodeGoUsageFetcher.allowsRedirect(
+            from: URL(string: "https://opencode.ai/_server"),
+            to: URL(string: "https://opencode.ai/workspace/wrk_TEST123/go")))
+
+        #expect(!OpenCodeGoUsageFetcher.allowsRedirect(
+            from: URL(string: "https://opencode.ai/_server"),
+            to: URL(string: "https://evil.example/steal")))
+
+        #expect(!OpenCodeGoUsageFetcher.allowsRedirect(
+            from: URL(string: "https://opencode.ai/_server"),
+            to: URL(string: "http://opencode.ai/insecure")))
+    }
+
+    @Test
+    func `extracts api error from detail field`() async throws {
+        defer {
+            OpenCodeGoStubURLProtocol.handler = nil
+        }
+
+        OpenCodeGoStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            let body = #"{"detail":"Workspace missing"}"#
+            return Self.makeResponse(url: url, body: body, statusCode: 500, contentType: "application/json")
+        }
+
+        do {
+            _ = try await OpenCodeGoUsageFetcher.fetchUsage(
+                cookieHeader: "auth=test",
+                timeout: 2,
+                workspaceIDOverride: "wrk_TEST123",
+                session: self.makeSession())
+            Issue.record("Expected OpenCodeGoUsageError.apiError")
+        } catch let error as OpenCodeGoUsageError {
+            switch error {
+            case let .apiError(message):
+                #expect(message.contains("HTTP 500"))
+                #expect(message.contains("Workspace missing"))
+            default:
+                Issue.record("Expected apiError, got: \(error)")
+            }
+        }
+    }
+
+    @Test
+    func `workspace get missing ids falls back to post before loading go page`() async throws {
+        defer {
+            OpenCodeGoStubURLProtocol.handler = nil
+        }
+
+        var methods: [String] = []
+        OpenCodeGoStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            methods.append(request.httpMethod ?? "GET")
+
+            let workspaceServerID = "def39973159c7f0483d8793a822b8dbb10d067e12c65455fcb4608459ba0234f"
+            if url.query?.contains(workspaceServerID) == true,
+               request.httpMethod?.uppercased() == "GET"
+            {
+                return Self.makeResponse(
+                    url: url,
+                    body: #"{"ok":true}"#,
+                    statusCode: 200,
+                    contentType: "application/json")
+            }
+
+            if url.path == "/_server",
+               request.httpMethod?.uppercased() == "POST",
+               request.value(forHTTPHeaderField: "X-Server-Id") == workspaceServerID
+            {
+                return Self.makeResponse(
+                    url: url,
+                    body: #"{"data":[{"id":"wrk_TEST123"}]}"#,
+                    statusCode: 200,
+                    contentType: "application/json")
+            }
+
+            return Self.makeResponse(
+                url: url,
+                body: Self.goUsagePageHTML(
+                    workspaceID: "wrk_TEST123",
+                    rolling: UsageWindow(percent: 22, resetInSec: 300),
+                    weekly: UsageWindow(percent: 44, resetInSec: 3600),
+                    monthly: UsageWindow(percent: 55, resetInSec: 7200)),
+                statusCode: 200,
+                contentType: "text/html")
+        }
+
+        let snapshot = try await OpenCodeGoUsageFetcher.fetchUsage(
+            cookieHeader: "auth=test",
+            timeout: 2,
+            session: self.makeSession())
+
+        #expect(snapshot.rollingUsagePercent == 22)
+        #expect(snapshot.weeklyUsagePercent == 44)
+        #expect(snapshot.monthlyUsagePercent == 55)
+        #expect(methods == ["GET", "POST", "GET", "GET"])
+    }
+
+    @Test
+    func `workspace get public actor error is treated as invalid credentials without post retry`() async throws {
+        defer {
+            OpenCodeGoStubURLProtocol.handler = nil
+        }
+
+        var methods: [String] = []
+        OpenCodeGoStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            methods.append(request.httpMethod ?? "GET")
+            let body = [
+                #";0x00000263;((self.$R=self.$R||{})["server-fn:test"]=[],"#,
+                #"($R=>$R[0]=Object.assign(new Error("actor of type \"public\" is not associated with an account"),"#,
+                #"{stack:"Error: actor of type \"public\" is not associated with an account"}))"#,
+                #"($R["server-fn:test"]))"#,
+            ].joined()
+            return Self.makeResponse(
+                url: url,
+                body: body,
+                statusCode: 200,
+                contentType: "text/javascript")
+        }
+
+        do {
+            _ = try await OpenCodeGoUsageFetcher.fetchUsage(
+                cookieHeader: "auth=test",
+                timeout: 2,
+                session: self.makeSession())
+            Issue.record("Expected OpenCodeGoUsageError.invalidCredentials")
+        } catch let error as OpenCodeGoUsageError {
+            switch error {
+            case .invalidCredentials:
+                break
+            default:
+                Issue.record("Expected invalidCredentials, got: \(error)")
+            }
+        }
+
+        #expect(methods == ["GET"])
+    }
+
+    @Test
+    func `go page missing usage fields returns parse failed without post retry`() async throws {
+        defer {
+            OpenCodeGoStubURLProtocol.handler = nil
+        }
+
+        var methods: [String] = []
+        OpenCodeGoStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            methods.append(request.httpMethod ?? "GET")
+            return Self.makeResponse(
+                url: url,
+                body: "<html><title>opencode</title><body>No usage yet</body></html>",
+                statusCode: 200,
+                contentType: "text/html")
+        }
+
+        do {
+            _ = try await OpenCodeGoUsageFetcher.fetchUsage(
+                cookieHeader: "auth=test",
+                timeout: 2,
+                workspaceIDOverride: "wrk_TEST123",
+                session: self.makeSession())
+            Issue.record("Expected OpenCodeGoUsageError.parseFailed")
+        } catch let error as OpenCodeGoUsageError {
+            switch error {
+            case let .parseFailed(message):
+                #expect(message.contains("Missing usage fields"))
+            default:
+                Issue.record("Expected parseFailed, got: \(error)")
+            }
+        }
+
+        #expect(methods == ["GET"])
+    }
+
+    @Test
+    func `normalizes workspace override from URL into go page path`() async throws {
+        defer {
+            OpenCodeGoStubURLProtocol.handler = nil
+        }
+
+        var observedPaths: [String] = []
+        OpenCodeGoStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            observedPaths.append(url.path)
+            return Self.makeResponse(
+                url: url,
+                body: Self.goUsagePageHTML(
+                    workspaceID: "wrk_URL123",
+                    rolling: UsageWindow(percent: 17, resetInSec: 600),
+                    weekly: UsageWindow(percent: 75, resetInSec: 7200),
+                    monthly: nil),
+                statusCode: 200,
+                contentType: "text/html")
+        }
+
+        _ = try await OpenCodeGoUsageFetcher.fetchUsage(
+            cookieHeader: "auth=test",
+            timeout: 2,
+            workspaceIDOverride: "https://opencode.ai/workspace/wrk_URL123/billing",
+            session: self.makeSession())
+
+        #expect(observedPaths == ["/workspace/wrk_URL123/go", "/workspace/wrk_URL123"])
+    }
+
+    @Test
+    func `fetcher attaches optional zen balance from workspace root`() async throws {
+        defer {
+            OpenCodeGoStubURLProtocol.handler = nil
+        }
+
+        OpenCodeGoStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            if url.path == "/workspace/wrk_TEST123" {
+                return Self.makeResponse(
+                    url: url,
+                    body: #"<html><body><h2>現在の残高 $98.76</h2></body></html>"#,
+                    statusCode: 200,
+                    contentType: "text/html")
+            }
+            return Self.makeResponse(
+                url: url,
+                body: Self.goUsagePageHTML(
+                    workspaceID: "wrk_TEST123",
+                    rolling: UsageWindow(percent: 17, resetInSec: 600),
+                    weekly: UsageWindow(percent: 75, resetInSec: 7200),
+                    monthly: nil),
+                statusCode: 200,
+                contentType: "text/html")
+        }
+
+        let snapshot = try await OpenCodeGoUsageFetcher.fetchUsage(
+            cookieHeader: "auth=test",
+            timeout: 2,
+            workspaceIDOverride: "wrk_TEST123",
+            session: self.makeSession())
+
+        #expect(snapshot.zenBalanceUSD == 98.76)
+        #expect(snapshot.toUsageSnapshot().providerCost?.period == "Zen balance")
+    }
+
+    @Test
+    func `optional zen balance helper uses normalized cookie and workspace override`() async throws {
+        defer {
+            OpenCodeGoStubURLProtocol.handler = nil
+        }
+
+        var observedCookie: String?
+        OpenCodeGoStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            observedCookie = request.value(forHTTPHeaderField: "Cookie")
+            #expect(url.path == "/workspace/wrk_TEST123")
+            return Self.makeResponse(
+                url: url,
+                body: #"<html><body><h2>現在の残高 $98.76</h2></body></html>"#,
+                statusCode: 200,
+                contentType: "text/html")
+        }
+
+        let balance = try await OpenCodeGoUsageFetcher.fetchOptionalZenBalance(
+            cookieHeader: "provider=google; auth=test",
+            timeout: 2,
+            workspaceIDOverride: "https://opencode.ai/workspace/wrk_TEST123/go",
+            session: self.makeSession())
+
+        #expect(balance == 98.76)
+        #expect(observedCookie == "auth=test")
+    }
+
+    @Test
+    func `optional zen balance failure does not fail subscription usage`() async throws {
+        defer {
+            OpenCodeGoStubURLProtocol.handler = nil
+        }
+
+        var rootTimeout: TimeInterval?
+        OpenCodeGoStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            if url.path == "/workspace/wrk_TEST123" {
+                rootTimeout = request.timeoutInterval
+                throw URLError(.timedOut)
+            }
+            return Self.makeResponse(
+                url: url,
+                body: Self.goUsagePageHTML(
+                    workspaceID: "wrk_TEST123",
+                    rolling: UsageWindow(percent: 17, resetInSec: 600),
+                    weekly: UsageWindow(percent: 75, resetInSec: 7200),
+                    monthly: nil),
+                statusCode: 200,
+                contentType: "text/html")
+        }
+
+        let snapshot = try await OpenCodeGoUsageFetcher.fetchUsage(
+            cookieHeader: "auth=test",
+            timeout: 60,
+            workspaceIDOverride: "wrk_TEST123",
+            session: self.makeSession())
+
+        #expect(snapshot.rollingUsagePercent == 17)
+        #expect(snapshot.zenBalanceUSD == nil)
+        #expect(rootTimeout == 5)
+    }
+
+    @Test
+    func `optional zen balance does not stall subscription usage`() async throws {
+        defer {
+            OpenCodeGoStubURLProtocol.handler = nil
+        }
+
+        OpenCodeGoStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            if url.path == "/workspace/wrk_TEST123" {
+                Thread.sleep(forTimeInterval: 1)
+                return Self.makeResponse(
+                    url: url,
+                    body: #"<html><body><h2>現在の残高 $98.76</h2></body></html>"#,
+                    statusCode: 200,
+                    contentType: "text/html")
+            }
+            return Self.makeResponse(
+                url: url,
+                body: Self.goUsagePageHTML(
+                    workspaceID: "wrk_TEST123",
+                    rolling: UsageWindow(percent: 17, resetInSec: 600),
+                    weekly: UsageWindow(percent: 75, resetInSec: 7200),
+                    monthly: nil),
+                statusCode: 200,
+                contentType: "text/html")
+        }
+
+        let start = ContinuousClock.now
+        let snapshot = try await OpenCodeGoUsageFetcher.fetchUsage(
+            cookieHeader: "auth=test",
+            timeout: 60,
+            workspaceIDOverride: "wrk_TEST123",
+            session: self.makeSession())
+        let elapsed = start.duration(to: ContinuousClock.now)
+
+        #expect(snapshot.rollingUsagePercent == 17)
+        #expect(snapshot.zenBalanceUSD == nil)
+        #expect(elapsed < .milliseconds(700))
+    }
+
+    @Test
+    func `optional zen balance can be skipped by settings`() async throws {
+        defer {
+            OpenCodeGoStubURLProtocol.handler = nil
+        }
+
+        var observedPaths: [String] = []
+        OpenCodeGoStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            observedPaths.append(url.path)
+            return Self.makeResponse(
+                url: url,
+                body: Self.goUsagePageHTML(
+                    workspaceID: "wrk_TEST123",
+                    rolling: UsageWindow(percent: 17, resetInSec: 600),
+                    weekly: UsageWindow(percent: 75, resetInSec: 7200),
+                    monthly: nil),
+                statusCode: 200,
+                contentType: "text/html")
+        }
+
+        let snapshot = try await OpenCodeGoUsageFetcher.fetchUsage(
+            cookieHeader: "auth=test",
+            timeout: 60,
+            workspaceIDOverride: "wrk_TEST123",
+            includeZenBalance: false,
+            session: self.makeSession())
+
+        #expect(snapshot.rollingUsagePercent == 17)
+        #expect(snapshot.zenBalanceUSD == nil)
+        #expect(observedPaths == ["/workspace/wrk_TEST123/go"])
+    }
+
+    @Test
+    func `optional zen balance cancellation propagates`() async throws {
+        defer {
+            OpenCodeGoStubURLProtocol.handler = nil
+        }
+
+        let rootStarted = AsyncStream<Void>.makeStream(of: Void.self)
+        OpenCodeGoStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            if url.path == "/workspace/wrk_TEST123" {
+                rootStarted.continuation.yield(())
+                Thread.sleep(forTimeInterval: 0.2)
+                return Self.makeResponse(
+                    url: url,
+                    body: #"<html><body><h2>現在の残高 $98.76</h2></body></html>"#,
+                    statusCode: 200,
+                    contentType: "text/html")
+            }
+            return Self.makeResponse(
+                url: url,
+                body: Self.goUsagePageHTML(
+                    workspaceID: "wrk_TEST123",
+                    rolling: UsageWindow(percent: 17, resetInSec: 600),
+                    weekly: UsageWindow(percent: 75, resetInSec: 7200),
+                    monthly: nil),
+                statusCode: 200,
+                contentType: "text/html")
+        }
+
+        let task = Task {
+            try await OpenCodeGoUsageFetcher.fetchUsage(
+                cookieHeader: "auth=test",
+                timeout: 60,
+                workspaceIDOverride: "wrk_TEST123",
+                session: self.makeSession())
+        }
+
+        let started = await withTaskGroup(of: Bool.self) { group in
+            group.addTask {
+                var iterator = rootStarted.stream.makeAsyncIterator()
+                return await iterator.next() != nil
+            }
+            group.addTask {
+                try? await Task.sleep(for: .seconds(2))
+                return false
+            }
+            let result = await group.next() ?? false
+            group.cancelAll()
+            return result
+        }
+        #expect(started)
+        task.cancel()
+
+        do {
+            _ = try await task.value
+            Issue.record("Expected cancellation to propagate.")
+        } catch is CancellationError {
+            // Expected.
+        } catch {
+            Issue.record("Expected CancellationError, got: \(error)")
+        }
+    }
+
+    @Test
+    func `fetcher sends only auth cookie to opencode host`() async throws {
+        defer {
+            OpenCodeGoStubURLProtocol.handler = nil
+        }
+
+        var observedCookie: String?
+        OpenCodeGoStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            observedCookie = request.value(forHTTPHeaderField: "Cookie")
+            return Self.makeResponse(
+                url: url,
+                body: Self.goUsagePageHTML(
+                    workspaceID: "wrk_TEST123",
+                    rolling: UsageWindow(percent: 17, resetInSec: 600),
+                    weekly: UsageWindow(percent: 75, resetInSec: 7200),
+                    monthly: nil),
+                statusCode: 200,
+                contentType: "text/html")
+        }
+
+        _ = try await OpenCodeGoUsageFetcher.fetchUsage(
+            cookieHeader: "provider=google; auth=test",
+            timeout: 2,
+            workspaceIDOverride: "wrk_TEST123",
+            session: self.makeSession())
+
+        #expect(observedCookie == "auth=test")
+    }
+
+    private static func goUsagePageHTML(
+        workspaceID: String,
+        rolling: UsageWindow,
+        weekly: UsageWindow,
+        monthly: UsageWindow?) -> String
+    {
+        let monthlyField: String? = if let monthly {
+            #"monthlyUsage:{status:"ok",resetInSec:\#(monthly.resetInSec),usagePercent:\#(monthly.percent)}"#
+        } else {
+            nil
+        }
+
+        let usageFields = [
+            #"rollingUsage:{status:"ok",resetInSec:\#(rolling.resetInSec),usagePercent:\#(rolling.percent)}"#,
+            #"weeklyUsage:{status:"ok",resetInSec:\#(weekly.resetInSec),usagePercent:\#(weekly.percent)}"#,
+            monthlyField,
+        ]
+            .compactMap(\.self)
+            .joined(separator: ",")
+
+        return """
+        <!DOCTYPE html>
+        <html>
+        <body>
+        <script>
+        _$HY.r["lite.subscription.get[\\"\(workspaceID)\\"]"]=$R[17]=$R[2]($R[18]={p:0,s:0,f:0});
+        $R[24]($R[18],$R[27]={mine:!0,useBalance:!1,\(usageFields)});
+        </script>
+        </body>
+        </html>
+        """
+    }
+
+    private static func makeResponse(
+        url: URL,
+        body: String,
+        statusCode: Int,
+        contentType: String) -> (HTTPURLResponse, Data)
+    {
+        let response = HTTPURLResponse(
+            url: url,
+            statusCode: statusCode,
+            httpVersion: "HTTP/1.1",
+            headerFields: ["Content-Type": contentType])!
+        return (response, Data(body.utf8))
+    }
+}
+
+final class OpenCodeGoStubURLProtocol: URLProtocol {
+    nonisolated(unsafe) static var handler: ((URLRequest) throws -> (HTTPURLResponse, Data))?
+
+    override static func canInit(with request: URLRequest) -> Bool {
+        request.url?.host == "opencode.ai"
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        guard let handler = Self.handler else {
+            self.client?.urlProtocol(self, didFailWithError: URLError(.badServerResponse))
+            return
+        }
+        do {
+            let (response, data) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
+}
diff --git a/Tests/CodexBarTests/OpenCodeGoUsageParserTests.swift b/Tests/CodexBarTests/OpenCodeGoUsageParserTests.swift
new file mode 100644
index 000000000..e11374747
--- /dev/null
+++ b/Tests/CodexBarTests/OpenCodeGoUsageParserTests.swift
@@ -0,0 +1,446 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct OpenCodeGoUsageParserTests {
+    @Test
+    func `parses workspace ids`() {
+        let text = ";0x00000089;((self.$R=self.$R||{})[\"codexbar\"]=[]," +
+            "($R=>$R[0]=[$R[1]={id:\"wrk_01K6AR1ZET89H8NB691FQ2C2VB\",name:\"Default\",slug:null}])" +
+            "($R[\"codexbar\"]))"
+        let ids = OpenCodeGoUsageFetcher.parseWorkspaceIDs(text: text)
+        #expect(ids == ["wrk_01K6AR1ZET89H8NB691FQ2C2VB"])
+    }
+
+    @Test
+    func `parses subscription usage from seroval response`() throws {
+        let text =
+            "$R[16]($R[30],$R[41]={rollingUsage:$R[42]={status:\"ok\",resetInSec:5944,usagePercent:17}," +
+            "weeklyUsage:$R[43]={status:\"ok\",resetInSec:278201,usagePercent:75}," +
+            "monthlyUsage:$R[44]={status:\"ok\",resetInSec:880201,usagePercent:91}});"
+        let now = Date(timeIntervalSince1970: 0)
+
+        let snapshot = try OpenCodeGoUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.rollingUsagePercent == 17)
+        #expect(snapshot.weeklyUsagePercent == 75)
+        #expect(snapshot.hasMonthlyUsage == true)
+        #expect(snapshot.monthlyUsagePercent == 91)
+        #expect(snapshot.rollingResetInSec == 5944)
+        #expect(snapshot.weeklyResetInSec == 278_201)
+        #expect(snapshot.monthlyResetInSec == 880_201)
+    }
+
+    @Test
+    func `parses zen balance from workspace page text`() {
+        let text = """
+        <main>
+        <h2>現在の残高 $1,234.56</h2>
+        <p>Claude Opus and GPT-5 models enabled</p>
+        </main>
+        """
+
+        #expect(OpenCodeGoUsageFetcher.parseZenBalance(text: text) == 1234.56)
+    }
+
+    @Test
+    func `parses zen balance from nested JSON`() throws {
+        let payload: [String: Any] = [
+            "data": [
+                "billing": [
+                    "balanceEnabled": true,
+                    "zenBalance": "1,042.75",
+                ],
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        #expect(OpenCodeGoUsageFetcher.parseZenBalance(text: text) == 1042.75)
+    }
+
+    @Test
+    func `zen balance parser ignores metadata before amount`() throws {
+        let payload: [String: Any] = [
+            "data": [
+                "billing": [
+                    "balanceUpdatedAt": 1_800_000_000,
+                    "balanceRefreshInterval": 60,
+                    "zenBalance": "42.50",
+                ],
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        #expect(OpenCodeGoUsageFetcher.parseZenBalance(text: text) == 42.50)
+    }
+
+    @Test
+    func `parses subscription usage from live go page hydration`() throws {
+        let rollingResetInSec = 17591
+        let weeklyResetInSec = 444_552
+        let monthlyResetInSec = 2_591_424
+        let text =
+            "_$HY.r[\"lite.subscription.get[\\\"wrk_LIVE123\\\"]\"]=$R[17]=$R[2]($R[18]={p:0,s:0,f:0});" +
+            "$R[24]($R[18],$R[27]={mine:!0,useBalance:!1," +
+            "rollingUsage:$R[28]={status:\"ok\",resetInSec:\(rollingResetInSec),usagePercent:0}," +
+            "weeklyUsage:$R[29]={status:\"ok\",resetInSec:\(weeklyResetInSec),usagePercent:0}," +
+            "monthlyUsage:$R[30]={status:\"ok\",resetInSec:\(monthlyResetInSec),usagePercent:0}});"
+        let now = Date(timeIntervalSince1970: 0)
+
+        let snapshot = try OpenCodeGoUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.rollingUsagePercent == 0)
+        #expect(snapshot.weeklyUsagePercent == 0)
+        #expect(snapshot.hasMonthlyUsage == true)
+        #expect(snapshot.monthlyUsagePercent == 0)
+        #expect(snapshot.rollingResetInSec == rollingResetInSec)
+        #expect(snapshot.weeklyResetInSec == weeklyResetInSec)
+        #expect(snapshot.monthlyResetInSec == monthlyResetInSec)
+    }
+
+    @Test
+    func `parses subscription from JSON with reset at and ratio percentages`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let rollingResetAt = now.addingTimeInterval(3600)
+        let monthlyResetAt = now.addingTimeInterval(86400)
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        let payload: [String: Any] = [
+            "usage": [
+                "rollingUsage": [
+                    "usagePercent": 0.25,
+                    "resetAt": formatter.string(from: rollingResetAt),
+                ],
+                "weeklyUsage": [
+                    "usagePercent": 75,
+                    "resetInSec": 7200,
+                ],
+                "monthlyUsage": [
+                    "usagePercent": 0.9,
+                    "resetAt": formatter.string(from: monthlyResetAt),
+                ],
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeGoUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.rollingUsagePercent == 25)
+        #expect(snapshot.weeklyUsagePercent == 75)
+        #expect(snapshot.hasMonthlyUsage == true)
+        #expect(snapshot.monthlyUsagePercent == 90)
+        #expect(snapshot.rollingResetInSec == 3600)
+        #expect(snapshot.weeklyResetInSec == 7200)
+        #expect(snapshot.monthlyResetInSec == 86400)
+    }
+
+    @Test
+    func `computes usage percent from totals and treats monthly as optional`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let payload: [String: Any] = [
+            "rollingUsage": [
+                "used": 25,
+                "limit": 100,
+                "resetInSec": 600,
+            ],
+            "weeklyUsage": [
+                "used": 50,
+                "limit": 200,
+                "resetInSec": 3600,
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeGoUsageFetcher.parseSubscription(text: text, now: now)
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(snapshot.rollingUsagePercent == 25)
+        #expect(snapshot.weeklyUsagePercent == 25)
+        #expect(snapshot.hasMonthlyUsage == false)
+        #expect(snapshot.monthlyUsagePercent == 0)
+        #expect(snapshot.monthlyResetInSec == 0)
+        #expect(usage.tertiary == nil)
+    }
+
+    @Test
+    func `snapshot exposes zen balance as provider cost`() {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let snapshot = OpenCodeGoUsageSnapshot(
+            hasMonthlyUsage: false,
+            rollingUsagePercent: 10,
+            weeklyUsagePercent: 20,
+            monthlyUsagePercent: 0,
+            rollingResetInSec: 600,
+            weeklyResetInSec: 3600,
+            monthlyResetInSec: 0,
+            zenBalanceUSD: 12.34,
+            updatedAt: now)
+
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.providerCost?.period == "Zen balance")
+        #expect(usage.providerCost?.used == 12.34)
+        #expect(usage.providerCost?.limit == 0)
+        #expect(usage.providerCost?.currencyCode == "USD")
+    }
+
+    @Test
+    func `zen balance parser ignores balance flags without amounts`() throws {
+        let payload: [String: Any] = [
+            "billing": [
+                "balanceEnabled": true,
+                "useBalance": false,
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        #expect(OpenCodeGoUsageFetcher.parseZenBalance(text: text) == nil)
+    }
+
+    @Test
+    func `parses subscription from nested candidate windows`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let payload: [String: Any] = [
+            "windows": [
+                "primaryWindow": [
+                    "used": 15,
+                    "limit": 100,
+                    "resetInSec": 600,
+                ],
+                "weeklyQuota": [
+                    "used": 80,
+                    "limit": 200,
+                    "resetInSec": 7200,
+                ],
+                "monthlyBucket": [
+                    "used": 90,
+                    "limit": 300,
+                    "resetInSec": 86400,
+                ],
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeGoUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.rollingUsagePercent == 15)
+        #expect(snapshot.weeklyUsagePercent == 40)
+        #expect(snapshot.hasMonthlyUsage == true)
+        #expect(snapshot.monthlyUsagePercent == 30)
+        #expect(snapshot.monthlyResetInSec == 86400)
+    }
+
+    @Test
+    func `candidate fallback does not fabricate weekly from non weekly windows`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let payload: [String: Any] = [
+            "windows": [
+                "primaryWindow": [
+                    "used": 15,
+                    "limit": 100,
+                    "resetInSec": 600,
+                ],
+                "monthlyBucket": [
+                    "used": 90,
+                    "limit": 300,
+                    "resetInSec": 86400,
+                ],
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        #expect(throws: OpenCodeGoUsageError.self) {
+            _ = try OpenCodeGoUsageFetcher.parseSubscription(text: text, now: now)
+        }
+    }
+
+    @Test
+    func `clamps invalid percentages`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let payload: [String: Any] = [
+            "rollingUsage": [
+                "usagePercent": 150,
+                "resetInSec": 60,
+            ],
+            "weeklyUsage": [
+                "usagePercent": -10,
+                "resetInSec": 120,
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeGoUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.rollingUsagePercent == 100)
+        #expect(snapshot.weeklyUsagePercent == 0)
+    }
+
+    @Test
+    func `parse subscription throws when required fields are missing`() {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let text = "{\"monthlyUsage\":{\"usagePercent\":50,\"resetInSec\":123}}"
+
+        #expect(throws: OpenCodeGoUsageError.self) {
+            _ = try OpenCodeGoUsageFetcher.parseSubscription(text: text, now: now)
+        }
+    }
+
+    @Test
+    func `renewsAt parses from ISO8601 renewAt key`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let renewAt = now.addingTimeInterval(86400 * 30)
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        let payload: [String: Any] = [
+            "rollingUsage": ["usagePercent": 10, "resetInSec": 600],
+            "weeklyUsage": ["usagePercent": 50, "resetInSec": 3600],
+            "monthlyUsage": ["usagePercent": 25, "resetInSec": 7200],
+            "renewAt": formatter.string(from: renewAt),
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeGoUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.renewsAt != nil)
+        #expect(snapshot.renewsAt == renewAt)
+    }
+
+    @Test
+    func `renewsAt parses from renew_at key`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let renewAt = now.addingTimeInterval(86400 * 30)
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        let payload: [String: Any] = [
+            "rollingUsage": ["usagePercent": 10, "resetInSec": 600],
+            "weeklyUsage": ["usagePercent": 50, "resetInSec": 3600],
+            "monthlyUsage": ["usagePercent": 25, "resetInSec": 7200],
+            "renew_at": formatter.string(from: renewAt),
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeGoUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.renewsAt != nil)
+        #expect(snapshot.renewsAt == renewAt)
+    }
+
+    @Test
+    func `renewsAt is nil when absent`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let payload: [String: Any] = [
+            "rollingUsage": ["usagePercent": 10, "resetInSec": 600],
+            "weeklyUsage": ["usagePercent": 50, "resetInSec": 3600],
+            "monthlyUsage": ["usagePercent": 25, "resetInSec": 7200],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeGoUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.renewsAt == nil)
+    }
+
+    @Test
+    func `top level renewAt is preserved for nested usage object`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let renewAt = now.addingTimeInterval(86400 * 30)
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        let payload: [String: Any] = [
+            "renewAt": formatter.string(from: renewAt),
+            "usage": [
+                "rollingUsage": ["usagePercent": 10, "resetInSec": 600],
+                "weeklyUsage": ["usagePercent": 50, "resetInSec": 3600],
+                "monthlyUsage": ["usagePercent": 25, "resetInSec": 7200],
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeGoUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.renewsAt == renewAt)
+    }
+
+    @Test
+    func `top level renew_at is preserved for nested usage object`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let renewAt = now.addingTimeInterval(86400 * 30)
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        let payload: [String: Any] = [
+            "renew_at": formatter.string(from: renewAt),
+            "usage": [
+                "rollingUsage": ["usagePercent": 10, "resetInSec": 600],
+                "weeklyUsage": ["usagePercent": 50, "resetInSec": 3600],
+                "monthlyUsage": ["usagePercent": 25, "resetInSec": 7200],
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeGoUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.renewsAt == renewAt)
+    }
+
+    @Test
+    func `child renewAt overrides parent renewAt`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let parentRenewAt = now.addingTimeInterval(86400 * 30)
+        let childRenewAt = now.addingTimeInterval(86400 * 45)
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        let payload: [String: Any] = [
+            "renewAt": formatter.string(from: parentRenewAt),
+            "usage": [
+                "renewAt": formatter.string(from: childRenewAt),
+                "rollingUsage": ["usagePercent": 10, "resetInSec": 600],
+                "weeklyUsage": ["usagePercent": 50, "resetInSec": 3600],
+                "monthlyUsage": ["usagePercent": 25, "resetInSec": 7200],
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeGoUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.renewsAt == childRenewAt)
+    }
+
+    @Test
+    func `toUsageSnapshot includes renewal NamedRateWindow when renewsAt present`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let renewAt = now.addingTimeInterval(86400 * 30)
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        let payload: [String: Any] = [
+            "rollingUsage": ["usagePercent": 10, "resetInSec": 600],
+            "weeklyUsage": ["usagePercent": 50, "resetInSec": 3600],
+            "monthlyUsage": ["usagePercent": 25, "resetInSec": 7200],
+            "renewAt": formatter.string(from: renewAt),
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeGoUsageFetcher.parseSubscription(text: text, now: now)
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.extraRateWindows != nil)
+        #expect(usage.extraRateWindows?.count == 1)
+        #expect(usage.extraRateWindows?[0].id == "renewal")
+        #expect(usage.extraRateWindows?[0].title == "Renews")
+        #expect(usage.extraRateWindows?[0].window.resetsAt == renewAt)
+    }
+}
diff --git a/Tests/CodexBarTests/OpenCodeUsageFetcherErrorTests.swift b/Tests/CodexBarTests/OpenCodeUsageFetcherErrorTests.swift
index d64ffb06b..c934d3520 100644
--- a/Tests/CodexBarTests/OpenCodeUsageFetcherErrorTests.swift
+++ b/Tests/CodexBarTests/OpenCodeUsageFetcherErrorTests.swift
@@ -4,13 +4,15 @@ import Testing
 
 @Suite(.serialized)
 struct OpenCodeUsageFetcherErrorTests {
+    private func makeSession() -> URLSession {
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [OpenCodeStubURLProtocol.self]
+        return URLSession(configuration: config)
+    }
+
     @Test
-    func extractsApiErrorFromUppercaseHTMLTitle() async throws {
-        let registered = URLProtocol.registerClass(OpenCodeStubURLProtocol.self)
+    func `extracts api error from uppercase HTML title`() async throws {
         defer {
-            if registered {
-                URLProtocol.unregisterClass(OpenCodeStubURLProtocol.self)
-            }
             OpenCodeStubURLProtocol.handler = nil
         }
 
@@ -24,7 +26,8 @@ struct OpenCodeUsageFetcherErrorTests {
             _ = try await OpenCodeUsageFetcher.fetchUsage(
                 cookieHeader: "auth=test",
                 timeout: 2,
-                workspaceIDOverride: "wrk_TEST123")
+                workspaceIDOverride: "wrk_TEST123",
+                session: self.makeSession())
             Issue.record("Expected OpenCodeUsageError.apiError")
         } catch let error as OpenCodeUsageError {
             switch error {
@@ -38,12 +41,8 @@ struct OpenCodeUsageFetcherErrorTests {
     }
 
     @Test
-    func extractsApiErrorFromDetailField() async throws {
-        let registered = URLProtocol.registerClass(OpenCodeStubURLProtocol.self)
+    func `extracts api error from detail field`() async throws {
         defer {
-            if registered {
-                URLProtocol.unregisterClass(OpenCodeStubURLProtocol.self)
-            }
             OpenCodeStubURLProtocol.handler = nil
         }
 
@@ -57,7 +56,8 @@ struct OpenCodeUsageFetcherErrorTests {
             _ = try await OpenCodeUsageFetcher.fetchUsage(
                 cookieHeader: "auth=test",
                 timeout: 2,
-                workspaceIDOverride: "wrk_TEST123")
+                workspaceIDOverride: "wrk_TEST123",
+                session: self.makeSession())
             Issue.record("Expected OpenCodeUsageError.apiError")
         } catch let error as OpenCodeUsageError {
             switch error {
@@ -71,12 +71,8 @@ struct OpenCodeUsageFetcherErrorTests {
     }
 
     @Test
-    func subscriptionGetNullSkipsPostAndReturnsGracefulError() async throws {
-        let registered = URLProtocol.registerClass(OpenCodeStubURLProtocol.self)
+    func `subscription get null skips post and returns graceful error`() async throws {
         defer {
-            if registered {
-                URLProtocol.unregisterClass(OpenCodeStubURLProtocol.self)
-            }
             OpenCodeStubURLProtocol.handler = nil
         }
 
@@ -103,7 +99,8 @@ struct OpenCodeUsageFetcherErrorTests {
             _ = try await OpenCodeUsageFetcher.fetchUsage(
                 cookieHeader: "auth=test",
                 timeout: 2,
-                workspaceIDOverride: "wrk_TEST123")
+                workspaceIDOverride: "wrk_TEST123",
+                session: self.makeSession())
             Issue.record("Expected OpenCodeUsageError.apiError")
         } catch let error as OpenCodeUsageError {
             switch error {
@@ -123,12 +120,8 @@ struct OpenCodeUsageFetcherErrorTests {
     }
 
     @Test
-    func subscriptionGetPayloadDoesNotFallbackToPost() async throws {
-        let registered = URLProtocol.registerClass(OpenCodeStubURLProtocol.self)
+    func `subscription get payload does not fallback to post`() async throws {
         defer {
-            if registered {
-                URLProtocol.unregisterClass(OpenCodeStubURLProtocol.self)
-            }
             OpenCodeStubURLProtocol.handler = nil
         }
 
@@ -149,7 +142,8 @@ struct OpenCodeUsageFetcherErrorTests {
         let snapshot = try await OpenCodeUsageFetcher.fetchUsage(
             cookieHeader: "auth=test",
             timeout: 2,
-            workspaceIDOverride: "wrk_TEST123")
+            workspaceIDOverride: "wrk_TEST123",
+            session: self.makeSession())
 
         #expect(snapshot.rollingUsagePercent == 17)
         #expect(snapshot.weeklyUsagePercent == 75)
@@ -157,12 +151,49 @@ struct OpenCodeUsageFetcherErrorTests {
     }
 
     @Test
-    func subscriptionGetMissingFieldsFallsBackToPost() async throws {
-        let registered = URLProtocol.registerClass(OpenCodeStubURLProtocol.self)
+    func `workspace get public actor error is treated as invalid credentials without post retry`() async throws {
         defer {
-            if registered {
-                URLProtocol.unregisterClass(OpenCodeStubURLProtocol.self)
+            OpenCodeStubURLProtocol.handler = nil
+        }
+
+        var methods: [String] = []
+        OpenCodeStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            methods.append(request.httpMethod ?? "GET")
+            let body = [
+                #";0x00000263;((self.$R=self.$R||{})["server-fn:test"]=[],"#,
+                #"($R=>$R[0]=Object.assign(new Error("actor of type \"public\" is not associated with an account"),"#,
+                #"{stack:"Error: actor of type \"public\" is not associated with an account"}))"#,
+                #"($R["server-fn:test"]))"#,
+            ].joined()
+            return Self.makeResponse(
+                url: url,
+                body: body,
+                statusCode: 200,
+                contentType: "text/javascript")
+        }
+
+        do {
+            _ = try await OpenCodeUsageFetcher.fetchUsage(
+                cookieHeader: "auth=test",
+                timeout: 2,
+                session: self.makeSession())
+            Issue.record("Expected OpenCodeUsageError.invalidCredentials")
+        } catch let error as OpenCodeUsageError {
+            switch error {
+            case .invalidCredentials:
+                break
+            default:
+                Issue.record("Expected invalidCredentials, got: \(error)")
             }
+        }
+
+        #expect(methods == ["GET"])
+    }
+
+    @Test
+    func `subscription get missing fields falls back to post`() async throws {
+        defer {
             OpenCodeStubURLProtocol.handler = nil
         }
 
@@ -195,13 +226,43 @@ struct OpenCodeUsageFetcherErrorTests {
         let snapshot = try await OpenCodeUsageFetcher.fetchUsage(
             cookieHeader: "auth=test",
             timeout: 2,
-            workspaceIDOverride: "wrk_TEST123")
+            workspaceIDOverride: "wrk_TEST123",
+            session: self.makeSession())
 
         #expect(snapshot.rollingUsagePercent == 22)
         #expect(snapshot.weeklyUsagePercent == 44)
         #expect(methods == ["GET", "POST"])
     }
 
+    @Test
+    func `fetcher sends only auth cookie to opencode host`() async throws {
+        defer {
+            OpenCodeStubURLProtocol.handler = nil
+        }
+
+        var observedCookie: String?
+        OpenCodeStubURLProtocol.handler = { request in
+            guard let url = request.url else { throw URLError(.badURL) }
+            observedCookie = request.value(forHTTPHeaderField: "Cookie")
+
+            let body = """
+            {
+              "rollingUsage": { "usagePercent": 17, "resetInSec": 600 },
+              "weeklyUsage": { "usagePercent": 75, "resetInSec": 7200 }
+            }
+            """
+            return Self.makeResponse(url: url, body: body, statusCode: 200, contentType: "application/json")
+        }
+
+        _ = try await OpenCodeUsageFetcher.fetchUsage(
+            cookieHeader: "provider=google; auth=test",
+            timeout: 2,
+            workspaceIDOverride: "wrk_TEST123",
+            session: self.makeSession())
+
+        #expect(observedCookie == "auth=test")
+    }
+
     private static func makeResponse(
         url: URL,
         body: String,
diff --git a/Tests/CodexBarTests/OpenCodeUsageParserTests.swift b/Tests/CodexBarTests/OpenCodeUsageParserTests.swift
index fe7e1a345..ab7359cb1 100644
--- a/Tests/CodexBarTests/OpenCodeUsageParserTests.swift
+++ b/Tests/CodexBarTests/OpenCodeUsageParserTests.swift
@@ -2,10 +2,9 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct OpenCodeUsageParserTests {
     @Test
-    func parsesWorkspaceIDs() {
+    func `parses workspace I ds`() {
         let text = ";0x00000089;((self.$R=self.$R||{})[\"codexbar\"]=[]," +
             "($R=>$R[0]=[$R[1]={id:\"wrk_01K6AR1ZET89H8NB691FQ2C2VB\",name:\"Default\",slug:null}])" +
             "($R[\"codexbar\"]))"
@@ -14,7 +13,7 @@ struct OpenCodeUsageParserTests {
     }
 
     @Test
-    func parsesSubscriptionUsage() throws {
+    func `parses subscription usage`() throws {
         let text = "$R[16]($R[30],$R[41]={rollingUsage:$R[42]={status:\"ok\",resetInSec:5944,usagePercent:17}," +
             "weeklyUsage:$R[43]={status:\"ok\",resetInSec:278201,usagePercent:75}});"
         let now = Date(timeIntervalSince1970: 0)
@@ -26,7 +25,7 @@ struct OpenCodeUsageParserTests {
     }
 
     @Test
-    func parsesSubscriptionFromJSONWithResetAt() throws {
+    func `parses subscription from JSON with reset at`() throws {
         let now = Date(timeIntervalSince1970: 1_700_000_000)
         let resetAt = now.addingTimeInterval(3600)
         let formatter = ISO8601DateFormatter()
@@ -55,7 +54,7 @@ struct OpenCodeUsageParserTests {
     }
 
     @Test
-    func parsesSubscriptionFromCandidateWindows() throws {
+    func `parses subscription from candidate windows`() throws {
         let now = Date(timeIntervalSince1970: 1_700_000_000)
         let payload: [String: Any] = [
             "windows": [
@@ -81,7 +80,7 @@ struct OpenCodeUsageParserTests {
     }
 
     @Test
-    func computesUsagePercentFromTotals() throws {
+    func `computes usage percent from totals`() throws {
         let now = Date(timeIntervalSince1970: 1_700_000_000)
         let payload: [String: Any] = [
             "rollingUsage": [
@@ -105,7 +104,7 @@ struct OpenCodeUsageParserTests {
     }
 
     @Test
-    func parseSubscriptionThrowsWhenFieldsMissing() {
+    func `parse subscription throws when fields missing`() {
         let now = Date(timeIntervalSince1970: 1_700_000_000)
         let text = "{\"ok\":true}"
 
@@ -113,4 +112,148 @@ struct OpenCodeUsageParserTests {
             _ = try OpenCodeUsageFetcher.parseSubscription(text: text, now: now)
         }
     }
+
+    @Test
+    func `renewsAt parses from ISO8601 renewAt key`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let renewAt = now.addingTimeInterval(86400 * 30)
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        let payload: [String: Any] = [
+            "rollingUsage": ["usagePercent": 10, "resetInSec": 600],
+            "weeklyUsage": ["usagePercent": 50, "resetInSec": 3600],
+            "renewAt": formatter.string(from: renewAt),
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.renewsAt != nil)
+        #expect(snapshot.renewsAt == renewAt)
+    }
+
+    @Test
+    func `renewsAt parses from renew_at key`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let renewAt = now.addingTimeInterval(86400 * 30)
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        let payload: [String: Any] = [
+            "rollingUsage": ["usagePercent": 10, "resetInSec": 600],
+            "weeklyUsage": ["usagePercent": 50, "resetInSec": 3600],
+            "renew_at": formatter.string(from: renewAt),
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.renewsAt != nil)
+        #expect(snapshot.renewsAt == renewAt)
+    }
+
+    @Test
+    func `renewsAt is nil when absent`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let payload: [String: Any] = [
+            "rollingUsage": ["usagePercent": 10, "resetInSec": 600],
+            "weeklyUsage": ["usagePercent": 50, "resetInSec": 3600],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.renewsAt == nil)
+    }
+
+    @Test
+    func `top level renewAt is preserved for nested usage object`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let renewAt = now.addingTimeInterval(86400 * 30)
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        let payload: [String: Any] = [
+            "renewAt": formatter.string(from: renewAt),
+            "usage": [
+                "rollingUsage": ["usagePercent": 10, "resetInSec": 600],
+                "weeklyUsage": ["usagePercent": 50, "resetInSec": 3600],
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.renewsAt == renewAt)
+    }
+
+    @Test
+    func `top level renew_at is preserved for nested usage object`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let renewAt = now.addingTimeInterval(86400 * 30)
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        let payload: [String: Any] = [
+            "renew_at": formatter.string(from: renewAt),
+            "usage": [
+                "rollingUsage": ["usagePercent": 10, "resetInSec": 600],
+                "weeklyUsage": ["usagePercent": 50, "resetInSec": 3600],
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.renewsAt == renewAt)
+    }
+
+    @Test
+    func `child renewAt overrides parent renewAt`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let parentRenewAt = now.addingTimeInterval(86400 * 30)
+        let childRenewAt = now.addingTimeInterval(86400 * 45)
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        let payload: [String: Any] = [
+            "renewAt": formatter.string(from: parentRenewAt),
+            "usage": [
+                "renewAt": formatter.string(from: childRenewAt),
+                "rollingUsage": ["usagePercent": 10, "resetInSec": 600],
+                "weeklyUsage": ["usagePercent": 50, "resetInSec": 3600],
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeUsageFetcher.parseSubscription(text: text, now: now)
+
+        #expect(snapshot.renewsAt == childRenewAt)
+    }
+
+    @Test
+    func `toUsageSnapshot includes renewal NamedRateWindow when renewsAt present`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let renewAt = now.addingTimeInterval(86400 * 30)
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        let payload: [String: Any] = [
+            "rollingUsage": ["usagePercent": 10, "resetInSec": 600],
+            "weeklyUsage": ["usagePercent": 50, "resetInSec": 3600],
+            "renewAt": formatter.string(from: renewAt),
+        ]
+        let data = try JSONSerialization.data(withJSONObject: payload)
+        let text = String(data: data, encoding: .utf8) ?? ""
+
+        let snapshot = try OpenCodeUsageFetcher.parseSubscription(text: text, now: now)
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.extraRateWindows != nil)
+        #expect(usage.extraRateWindows?.count == 1)
+        #expect(usage.extraRateWindows?[0].id == "renewal")
+        #expect(usage.extraRateWindows?[0].title == "Renews")
+        #expect(usage.extraRateWindows?[0].window.resetsAt == renewAt)
+    }
 }
diff --git a/Tests/CodexBarTests/OpenCodeWebCookieSupportTests.swift b/Tests/CodexBarTests/OpenCodeWebCookieSupportTests.swift
new file mode 100644
index 000000000..be73d4e50
--- /dev/null
+++ b/Tests/CodexBarTests/OpenCodeWebCookieSupportTests.swift
@@ -0,0 +1,19 @@
+import Testing
+@testable import CodexBarCore
+
+struct OpenCodeWebCookieSupportTests {
+    @Test
+    func `request cookie header keeps only opencode auth cookies`() {
+        let header = OpenCodeWebCookieSupport.requestCookieHeader(
+            from: "provider=google; auth=session123; theme=dark; __Host-auth=host456")
+
+        #expect(header == "auth=session123; __Host-auth=host456")
+    }
+
+    @Test
+    func `request cookie header returns nil when auth cookie is missing`() {
+        let header = OpenCodeWebCookieSupport.requestCookieHeader(from: "provider=google; theme=dark")
+
+        #expect(header == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/OpenRouterUsageStatsTests.swift b/Tests/CodexBarTests/OpenRouterUsageStatsTests.swift
index 25ec01bcf..c81141498 100644
--- a/Tests/CodexBarTests/OpenRouterUsageStatsTests.swift
+++ b/Tests/CodexBarTests/OpenRouterUsageStatsTests.swift
@@ -5,7 +5,7 @@ import Testing
 @Suite(.serialized)
 struct OpenRouterUsageStatsTests {
     @Test
-    func toUsageSnapshot_usesKeyQuotaForPrimaryWindow() {
+    func `to usage snapshot uses key quota for primary window`() {
         let snapshot = OpenRouterUsageSnapshot(
             totalCredits: 50,
             totalUsage: 45.3895596325,
@@ -25,7 +25,7 @@ struct OpenRouterUsageStatsTests {
     }
 
     @Test
-    func toUsageSnapshot_withoutValidKeyLimitOmitsPrimaryWindow() {
+    func `to usage snapshot without valid key limit omits primary window`() {
         let snapshot = OpenRouterUsageSnapshot(
             totalCredits: 50,
             totalUsage: 45.3895596325,
@@ -43,7 +43,7 @@ struct OpenRouterUsageStatsTests {
     }
 
     @Test
-    func toUsageSnapshot_whenNoLimitConfiguredOmitsPrimaryAndMarksNoLimit() {
+    func `to usage snapshot when no limit configured omits primary and marks no limit`() {
         let snapshot = OpenRouterUsageSnapshot(
             totalCredits: 50,
             totalUsage: 45.3895596325,
@@ -62,7 +62,7 @@ struct OpenRouterUsageStatsTests {
     }
 
     @Test
-    func sanitizers_redactSensitiveTokenShapes() {
+    func `sanitizers redact sensitive token shapes`() {
         let body = """
         {"error":"bad token sk-or-v1-abc123","token":"secret-token","authorization":"Bearer sk-or-v1-xyz789"}
         """
@@ -82,7 +82,7 @@ struct OpenRouterUsageStatsTests {
     }
 
     @Test
-    func non200FetchThrowsGenericHTTPErrorWithoutBodyDetails() async throws {
+    func `non200 fetch throws generic HTTP error without body details`() async throws {
         let registered = URLProtocol.registerClass(OpenRouterStubURLProtocol.self)
         defer {
             if registered {
@@ -114,7 +114,7 @@ struct OpenRouterUsageStatsTests {
     }
 
     @Test
-    func fetchUsage_setsCreditsTimeoutAndClientHeaders() async throws {
+    func `fetch usage sets credits timeout and client headers`() async throws {
         let registered = URLProtocol.registerClass(OpenRouterStubURLProtocol.self)
         defer {
             if registered {
@@ -133,7 +133,16 @@ struct OpenRouterUsageStatsTests {
                 let body = #"{"data":{"total_credits":100,"total_usage":40}}"#
                 return Self.makeResponse(url: url, body: body, statusCode: 200)
             case "/api/v1/key":
-                let body = #"{"data":{"limit":20,"usage":0.5,"rate_limit":{"requests":120,"interval":"10s"}}}"#
+                let body = #"""
+                {"data":{
+                  "limit":20,
+                  "usage":0.5,
+                  "usage_daily":0.12,
+                  "usage_weekly":0.74,
+                  "usage_monthly":4.56,
+                  "rate_limit":{"requests":120,"interval":"10s"}
+                }}
+                """#
                 return Self.makeResponse(url: url, body: body, statusCode: 200)
             default:
                 return Self.makeResponse(url: url, body: "{}", statusCode: 404)
@@ -153,13 +162,16 @@ struct OpenRouterUsageStatsTests {
         #expect(usage.keyDataFetched)
         #expect(usage.keyLimit == 20)
         #expect(usage.keyUsage == 0.5)
+        #expect(usage.keyUsageDaily == 0.12)
+        #expect(usage.keyUsageWeekly == 0.74)
+        #expect(usage.keyUsageMonthly == 4.56)
         #expect(usage.keyRemaining == 19.5)
         #expect(usage.keyUsedPercent == 2.5)
         #expect(usage.keyQuotaStatus == .available)
     }
 
     @Test
-    func fetchUsage_whenKeyEndpointFailsMarksQuotaUnavailable() async throws {
+    func `fetch usage when key endpoint fails marks quota unavailable`() async throws {
         let registered = URLProtocol.registerClass(OpenRouterStubURLProtocol.self)
         defer {
             if registered {
@@ -190,7 +202,7 @@ struct OpenRouterUsageStatsTests {
     }
 
     @Test
-    func usageSnapshot_roundTripPersistsOpenRouterUsageMetadata() throws {
+    func `usage snapshot round trip persists open router usage metadata`() throws {
         let openRouter = OpenRouterUsageSnapshot(
             totalCredits: 50,
             totalUsage: 45.3895596325,
@@ -199,6 +211,9 @@ struct OpenRouterUsageStatsTests {
             keyDataFetched: true,
             keyLimit: nil,
             keyUsage: nil,
+            keyUsageDaily: 0.12,
+            keyUsageWeekly: 0.74,
+            keyUsageMonthly: 4.56,
             rateLimit: nil,
             updatedAt: Date(timeIntervalSince1970: 1_739_841_600))
         let snapshot = openRouter.toUsageSnapshot()
@@ -209,6 +224,9 @@ struct OpenRouterUsageStatsTests {
 
         #expect(decoded.openRouterUsage?.keyDataFetched == true)
         #expect(decoded.openRouterUsage?.keyQuotaStatus == .noLimitConfigured)
+        #expect(decoded.openRouterUsage?.keyUsageDaily == 0.12)
+        #expect(decoded.openRouterUsage?.keyUsageWeekly == 0.74)
+        #expect(decoded.openRouterUsage?.keyUsageMonthly == 4.56)
     }
 
     private static func makeResponse(
diff --git a/Tests/CodexBarTests/PathBuilderTests.swift b/Tests/CodexBarTests/PathBuilderTests.swift
index 014dae6e0..7ac329e0c 100644
--- a/Tests/CodexBarTests/PathBuilderTests.swift
+++ b/Tests/CodexBarTests/PathBuilderTests.swift
@@ -1,12 +1,11 @@
-import CodexBarCore
 import Foundation
 import Testing
 @testable import CodexBar
+@testable import CodexBarCore
 
-@Suite
 struct PathBuilderTests {
     @Test
-    func mergesLoginShellPathWhenAvailable() {
+    func `merges login shell path when available`() {
         let seeded = PathBuilder.effectivePATH(
             purposes: [.rpc],
             env: ["PATH": "/custom/bin:/usr/bin"],
@@ -15,7 +14,7 @@ struct PathBuilderTests {
     }
 
     @Test
-    func fallsBackToExistingPathWhenNoLoginPath() {
+    func `falls back to existing path when no login path`() {
         let seeded = PathBuilder.effectivePATH(
             purposes: [.tty],
             env: ["PATH": "/custom/bin:/usr/bin"],
@@ -24,7 +23,7 @@ struct PathBuilderTests {
     }
 
     @Test
-    func usesFallbackWhenNoPathAvailable() {
+    func `uses fallback when no path available`() {
         let seeded = PathBuilder.effectivePATH(
             purposes: [.tty],
             env: [:],
@@ -33,7 +32,7 @@ struct PathBuilderTests {
     }
 
     @Test
-    func debugSnapshotAsyncMatchesSync() async {
+    func `debug snapshot async matches sync`() async {
         let env = [
             "CODEX_CLI_PATH": "/usr/bin/true",
             "CLAUDE_CLI_PATH": "/usr/bin/true",
@@ -46,7 +45,62 @@ struct PathBuilderTests {
     }
 
     @Test
-    func resolvesCodexFromEnvOverride() {
+    func `shell runner drains noisy stdout and stderr`() throws {
+        let script = """
+        i=0
+        while [ "$i" -lt 4000 ]; do
+          printf 'out-%04d\\n' "$i"
+          printf 'err-%04d\\n' "$i" >&2
+          i=$((i + 1))
+        done
+        printf '__CODEXBAR_DONE__\\n'
+        """
+        let data = try #require(ShellCommandLocator.test_runShellCommand(
+            shell: "/bin/sh",
+            arguments: ["-c", script],
+            timeout: 4.0))
+        let output = try #require(String(data: data, encoding: .utf8))
+
+        #expect(output.contains("out-3999"))
+        #expect(output.contains("__CODEXBAR_DONE__"))
+    }
+
+    @Test
+    func `shell runner terminates background children after normal exit`() throws {
+        let marker = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codexbar-shell-runner-\(UUID().uuidString)")
+            .path
+        let escapedMarker = Self.shellSingleQuoted(marker)
+        let script = """
+        (
+          trap '' TERM
+          touch \(escapedMarker)
+          while :; do sleep 1; done
+        ) &
+        printf '%s\\n' "$!"
+        """
+        let data = try #require(ShellCommandLocator.test_runShellCommand(
+            shell: "/bin/sh",
+            arguments: ["-c", script],
+            timeout: 2.0))
+        let pidText = try #require(String(data: data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines))
+        let pid = try #require(pid_t(pidText))
+
+        defer {
+            kill(pid, SIGKILL)
+            try? FileManager.default.removeItem(atPath: marker)
+        }
+
+        let deadline = Date().addingTimeInterval(2.0)
+        while kill(pid, 0) == 0, Date() < deadline {
+            usleep(50000 as useconds_t)
+        }
+
+        #expect(kill(pid, 0) != 0)
+    }
+
+    @Test
+    func `resolves codex from env override`() {
         let overridePath = "/custom/bin/codex"
         let fm = MockFileManager(executables: [overridePath])
 
@@ -59,7 +113,7 @@ struct PathBuilderTests {
     }
 
     @Test
-    func resolvesCodexFromLoginPath() {
+    func `resolves codex from login path`() {
         let fm = MockFileManager(executables: ["/login/bin/codex"])
         let resolved = BinaryLocator.resolveCodexBinary(
             env: ["PATH": "/env/bin"],
@@ -70,7 +124,7 @@ struct PathBuilderTests {
     }
 
     @Test
-    func resolvesCodexFromEnvPath() {
+    func `resolves codex from env path`() {
         let fm = MockFileManager(executables: ["/env/bin/codex"])
         let resolved = BinaryLocator.resolveCodexBinary(
             env: ["PATH": "/env/bin:/usr/bin"],
@@ -81,7 +135,213 @@ struct PathBuilderTests {
     }
 
     @Test
-    func resolvesCodexFromInteractiveShell() {
+    func `skips blocked codex path and falls back to signed app binary`() {
+        let blockedPath = "/usr/local/bin/codex"
+        let appPath = "/Applications/Codex.app/Contents/Resources/codex"
+        let fm = MockFileManager(executables: [blockedPath, appPath])
+        var checked: [String] = []
+
+        let resolved = BinaryLocator.resolveCodexBinary(
+            env: ["PATH": "/usr/local/bin"],
+            loginPATH: nil,
+            commandV: { _, _, _, _ in nil },
+            aliasResolver: { _, _, _, _, _ in nil },
+            launchCandidateFilter: { path, _ in
+                checked.append(path)
+                return path != blockedPath
+            },
+            fileManager: fm,
+            home: "/Users/test")
+
+        #expect(resolved == appPath)
+        #expect(checked == [blockedPath, appPath])
+    }
+
+    @Test
+    func `explicit codex override bypasses launch candidate fallback`() {
+        let overridePath = "/custom/bin/codex"
+        let appPath = "/Applications/Codex.app/Contents/Resources/codex"
+        let fm = MockFileManager(executables: [overridePath, appPath])
+        var checked: [String] = []
+
+        let resolved = BinaryLocator.resolveCodexBinary(
+            env: ["CODEX_CLI_PATH": overridePath],
+            loginPATH: nil,
+            launchCandidateFilter: { path, _ in
+                checked.append(path)
+                return false
+            },
+            fileManager: fm,
+            home: "/Users/test")
+
+        #expect(resolved == overridePath)
+        #expect(checked.isEmpty)
+    }
+
+    @Test
+    func `Codex CLI strategy availability uses filtered binary resolution`() {
+        let commandV: (String, String?, TimeInterval, FileManager) -> String? = { _, _, _, _ in nil }
+        let aliasResolver: (String, String?, TimeInterval, FileManager, String) -> String? = { _, _, _, _, _ in nil }
+
+        let unavailable = CodexCLIUsageStrategy.resolvedBinary(
+            env: ["PATH": "/missing/bin", "SHELL": "/bin/sh"],
+            loginPATH: nil,
+            commandV: commandV,
+            aliasResolver: aliasResolver,
+            fileManager: MockFileManager(executables: []),
+            home: "/home/test")
+        #expect(unavailable == nil)
+
+        let available = CodexCLIUsageStrategy.resolvedBinary(
+            env: ["PATH": "/tools/bin", "SHELL": "/bin/sh"],
+            loginPATH: nil,
+            commandV: commandV,
+            aliasResolver: aliasResolver,
+            fileManager: MockFileManager(executables: ["/tools/bin/codex"]),
+            home: "/home/test")
+        #expect(available == "/tools/bin/codex")
+    }
+
+    #if os(macOS)
+    @Test
+    func `Codex launch preflight allows quarantined notarized native binary`() {
+        let allowed = CodexLaunchPreflight.isLaunchCandidateAllowed(
+            path: "/Applications/Codex.app/Contents/Resources/codex",
+            fileManager: MockFileManager(executables: []),
+            hasExtendedAttribute: { _, name in name == "com.apple.quarantine" },
+            spctlAssessment: { _ in "accepted\nsource=Notarized Developer ID" },
+            isMachOExecutable: { _ in true })
+
+        #expect(allowed)
+    }
+
+    @Test
+    func `Codex launch preflight blocks malware attribute before assessment`() {
+        var assessed = false
+        let allowed = CodexLaunchPreflight.isLaunchCandidateAllowed(
+            path: "/Applications/Codex.app/Contents/Resources/codex",
+            fileManager: MockFileManager(executables: []),
+            hasExtendedAttribute: { _, name in name == "com.apple.malware" },
+            spctlAssessment: { _ in
+                assessed = true
+                return "accepted\nsource=Notarized Developer ID"
+            },
+            isMachOExecutable: { _ in true })
+
+        #expect(!allowed)
+        #expect(!assessed)
+    }
+
+    @Test
+    func `Codex launch preflight blocks quarantined script without native assessment`() {
+        let allowed = CodexLaunchPreflight.isLaunchCandidateAllowed(
+            path: "/opt/homebrew/bin/codex",
+            fileManager: MockFileManager(executables: []),
+            hasExtendedAttribute: { _, name in name == "com.apple.quarantine" },
+            spctlAssessment: { _ in nil },
+            isMachOExecutable: { _ in false })
+
+        #expect(!allowed)
+    }
+
+    @Test
+    func `Codex launch preflight blocks revoked assessment`() {
+        let allowed = CodexLaunchPreflight.isLaunchCandidateAllowed(
+            path: "/Applications/Codex.app/Contents/Resources/codex",
+            fileManager: MockFileManager(executables: []),
+            hasExtendedAttribute: { _, _ in false },
+            spctlAssessment: { _ in "rejected\nCSSMERR_TP_CERT_REVOKED" },
+            isMachOExecutable: { _ in true })
+
+        #expect(!allowed)
+    }
+
+    @Test
+    func `Codex launch preflight blocks generic Gatekeeper rejection`() {
+        let allowed = CodexLaunchPreflight.isLaunchCandidateAllowed(
+            path: "/opt/homebrew/bin/codex",
+            fileManager: MockFileManager(executables: []),
+            hasExtendedAttribute: { _, _ in false },
+            spctlAssessment: { _ in "rejected\nsource=no usable signature" },
+            isMachOExecutable: { _ in true })
+
+        #expect(!allowed)
+    }
+
+    @Test
+    func `Codex launch preflight allows valid signed command line binary assessment`() {
+        let allowed = CodexLaunchPreflight.isLaunchCandidateAllowed(
+            path: "/opt/homebrew/bin/codex",
+            fileManager: MockFileManager(executables: []),
+            hasExtendedAttribute: { _, name in name == "com.apple.quarantine" },
+            spctlAssessment: { path in "\(path): rejected (the code is valid but does not seem to be an app)" },
+            isMachOExecutable: { _ in true })
+
+        #expect(allowed)
+    }
+
+    @Test
+    func `Codex launch preflight blocks revoked assessment even with non app rejection text`() {
+        let allowed = CodexLaunchPreflight.isLaunchCandidateAllowed(
+            path: "/opt/homebrew/bin/codex",
+            fileManager: MockFileManager(executables: []),
+            hasExtendedAttribute: { _, name in name == "com.apple.quarantine" },
+            spctlAssessment: { _ in
+                """
+                rejected (the code is valid but does not seem to be an app)
+                CSSMERR_TP_CERT_REVOKED
+                """
+            },
+            isMachOExecutable: { _ in true })
+
+        #expect(!allowed)
+    }
+
+    @Test
+    func `Codex launch preflight ignores benign text in path when verdict is generic rejection`() {
+        let allowed = CodexLaunchPreflight.isLaunchCandidateAllowed(
+            path: "/tmp/code is valid but does not seem to be an app/codex",
+            fileManager: MockFileManager(executables: []),
+            hasExtendedAttribute: { _, name in name == "com.apple.quarantine" },
+            spctlAssessment: { path in "\(path): rejected\nsource=no usable signature" },
+            isMachOExecutable: { _ in true })
+
+        #expect(!allowed)
+    }
+
+    @Test
+    func `Codex launch preflight ignores benign text before verdict separator`() {
+        let allowed = CodexLaunchPreflight.isLaunchCandidateAllowed(
+            path: "/tmp/x: code is valid but does not seem to be an app/codex",
+            fileManager: MockFileManager(executables: []),
+            hasExtendedAttribute: { _, name in name == "com.apple.quarantine" },
+            spctlAssessment: { path in "\(path): rejected\nsource=no usable signature" },
+            isMachOExecutable: { _ in true })
+
+        #expect(!allowed)
+    }
+
+    @Test
+    func `Codex launch preflight ignores blocked words in accepted path and source fields`() {
+        let allowed = CodexLaunchPreflight.isLaunchCandidateAllowed(
+            path: "/tmp/rejected/quarantine/codex",
+            fileManager: MockFileManager(executables: []),
+            hasExtendedAttribute: { _, name in name == "com.apple.quarantine" },
+            spctlAssessment: { path in
+                """
+                \(path): accepted
+                source=revoked quarantine marker
+                origin=malware test fixture
+                """
+            },
+            isMachOExecutable: { _ in true })
+
+        #expect(allowed)
+    }
+    #endif
+
+    @Test
+    func `resolves codex from interactive shell`() {
         let fm = MockFileManager(executables: ["/shell/bin/codex"])
         let commandV: (String, String?, TimeInterval, FileManager) -> String? = { tool, shell, timeout, fileManager in
             #expect(tool == "codex")
@@ -101,7 +361,7 @@ struct PathBuilderTests {
     }
 
     @Test
-    func resolvesClaudeFromInteractiveShell() {
+    func `resolves claude from interactive shell`() {
         let fm = MockFileManager(executables: ["/shell/bin/claude"])
         let commandV: (String, String?, TimeInterval, FileManager) -> String? = { tool, shell, timeout, fileManager in
             #expect(tool == "claude")
@@ -121,7 +381,7 @@ struct PathBuilderTests {
     }
 
     @Test
-    func resolvesGeminiFromInteractiveShell() {
+    func `resolves gemini from interactive shell`() {
         let fm = MockFileManager(executables: ["/shell/bin/gemini"])
         let commandV: (String, String?, TimeInterval, FileManager) -> String? = { tool, shell, timeout, fileManager in
             #expect(tool == "gemini")
@@ -141,7 +401,7 @@ struct PathBuilderTests {
     }
 
     @Test
-    func resolvesClaudeFromLoginPath() {
+    func `resolves claude from login path`() {
         let fm = MockFileManager(executables: ["/login/bin/claude"])
         let resolved = BinaryLocator.resolveClaudeBinary(
             env: ["PATH": "/env/bin"],
@@ -152,7 +412,7 @@ struct PathBuilderTests {
     }
 
     @Test
-    func resolvesClaudeFromAliasWhenOtherLookupsFail() {
+    func `resolves claude from alias when other lookups fail`() {
         let aliasPath = "/home/test/.claude/local/bin/claude"
         let fm = MockFileManager(executables: [aliasPath])
         var aliasCalled = false
@@ -182,7 +442,7 @@ struct PathBuilderTests {
     }
 
     @Test
-    func resolvesCodexFromAliasWhenOtherLookupsFail() {
+    func `resolves codex from alias when other lookups fail`() {
         let aliasPath = "/home/test/.codex/bin/codex"
         let fm = MockFileManager(executables: [aliasPath])
         var aliasCalled = false
@@ -212,7 +472,134 @@ struct PathBuilderTests {
     }
 
     @Test
-    func skipsAliasWhenCommandVResolves() {
+    func `resolves claude from well-known cmux path when shell lookups fail`() {
+        let cmuxPath = "/Applications/cmux.app/Contents/Resources/bin/claude"
+        let fm = MockFileManager(executables: [cmuxPath])
+        let commandV: (String, String?, TimeInterval, FileManager) -> String? = { _, _, _, _ in nil }
+        let aliasResolver: (String, String?, TimeInterval, FileManager, String) -> String? = { _, _, _, _, _ in nil }
+
+        let resolved = BinaryLocator.resolveClaudeBinary(
+            env: ["SHELL": "/bin/zsh"],
+            loginPATH: nil,
+            commandV: commandV,
+            aliasResolver: aliasResolver,
+            fileManager: fm,
+            home: "/Users/test")
+        #expect(resolved == cmuxPath)
+    }
+
+    @Test
+    func `resolves claude from well-known home dir path`() {
+        let homePath = "/Users/test/.claude/bin/claude"
+        let fm = MockFileManager(executables: [homePath])
+        let commandV: (String, String?, TimeInterval, FileManager) -> String? = { _, _, _, _ in nil }
+        let aliasResolver: (String, String?, TimeInterval, FileManager, String) -> String? = { _, _, _, _, _ in nil }
+
+        let resolved = BinaryLocator.resolveClaudeBinary(
+            env: ["SHELL": "/bin/zsh"],
+            loginPATH: nil,
+            commandV: commandV,
+            aliasResolver: aliasResolver,
+            fileManager: fm,
+            home: "/Users/test")
+        #expect(resolved == homePath)
+    }
+
+    @Test
+    func `resolves claude from native installer path`() {
+        let nativePath = "/Users/test/.local/bin/claude"
+        let fm = MockFileManager(executables: [nativePath])
+        let commandV: (String, String?, TimeInterval, FileManager) -> String? = { _, _, _, _ in nil }
+        let aliasResolver: (String, String?, TimeInterval, FileManager, String) -> String? = { _, _, _, _, _ in nil }
+
+        let resolved = BinaryLocator.resolveClaudeBinary(
+            env: ["SHELL": "/bin/zsh"],
+            loginPATH: nil,
+            commandV: commandV,
+            aliasResolver: aliasResolver,
+            fileManager: fm,
+            home: "/Users/test")
+        #expect(resolved == nativePath)
+    }
+
+    @Test
+    func `prefers migrated local claude path over legacy home dir path`() {
+        let migratedPath = "/Users/test/.claude/local/claude"
+        let legacyPath = "/Users/test/.claude/bin/claude"
+        let fm = MockFileManager(executables: [migratedPath, legacyPath])
+        let commandV: (String, String?, TimeInterval, FileManager) -> String? = { _, _, _, _ in nil }
+        let aliasResolver: (String, String?, TimeInterval, FileManager, String) -> String? = { _, _, _, _, _ in nil }
+
+        let resolved = BinaryLocator.resolveClaudeBinary(
+            env: ["SHELL": "/bin/zsh"],
+            loginPATH: nil,
+            commandV: commandV,
+            aliasResolver: aliasResolver,
+            fileManager: fm,
+            home: "/Users/test")
+        #expect(resolved == migratedPath)
+    }
+
+    @Test
+    func `prefers user managed well-known path over cmux path`() {
+        let homePath = "/Users/test/.claude/bin/claude"
+        let cmuxPath = "/Applications/cmux.app/Contents/Resources/bin/claude"
+        let fm = MockFileManager(executables: [homePath, cmuxPath])
+        let commandV: (String, String?, TimeInterval, FileManager) -> String? = { _, _, _, _ in nil }
+        let aliasResolver: (String, String?, TimeInterval, FileManager, String) -> String? = { _, _, _, _, _ in nil }
+
+        let resolved = BinaryLocator.resolveClaudeBinary(
+            env: ["SHELL": "/bin/zsh"],
+            loginPATH: nil,
+            commandV: commandV,
+            aliasResolver: aliasResolver,
+            fileManager: fm,
+            home: "/Users/test")
+        #expect(resolved == homePath)
+    }
+
+    @Test
+    func `prefers homebrew arm path over usr local fallback`() {
+        let fm = MockFileManager(executables: [
+            "/opt/homebrew/bin/claude",
+            "/usr/local/bin/claude",
+        ])
+        let commandV: (String, String?, TimeInterval, FileManager) -> String? = { _, _, _, _ in nil }
+        let aliasResolver: (String, String?, TimeInterval, FileManager, String) -> String? = { _, _, _, _, _ in nil }
+
+        let resolved = BinaryLocator.resolveClaudeBinary(
+            env: ["SHELL": "/bin/zsh"],
+            loginPATH: nil,
+            commandV: commandV,
+            aliasResolver: aliasResolver,
+            fileManager: fm,
+            home: "/Users/test")
+        #expect(resolved == "/opt/homebrew/bin/claude")
+    }
+
+    @Test
+    func `prefers well-known paths over interactive shell lookup`() {
+        let shellPath = "/custom/bin/claude"
+        let cmuxPath = "/Applications/cmux.app/Contents/Resources/bin/claude"
+        let fm = MockFileManager(executables: [shellPath, cmuxPath])
+        var shellLookupCalled = false
+        let commandV: (String, String?, TimeInterval, FileManager) -> String? = { _, _, _, _ in
+            shellLookupCalled = true
+            return shellPath
+        }
+
+        let resolved = BinaryLocator.resolveClaudeBinary(
+            env: ["SHELL": "/bin/zsh"],
+            loginPATH: nil,
+            commandV: commandV,
+            fileManager: fm,
+            home: "/Users/test")
+        #expect(!shellLookupCalled)
+        #expect(resolved == cmuxPath)
+    }
+
+    @Test
+    func `skips alias when command V resolves`() {
         let path = "/shell/bin/claude"
         let fm = MockFileManager(executables: [path])
         var aliasCalled = false
@@ -235,6 +622,10 @@ struct PathBuilderTests {
         #expect(!aliasCalled)
         #expect(resolved == path)
     }
+
+    private static func shellSingleQuoted(_ value: String) -> String {
+        "'\(value.replacingOccurrences(of: "'", with: "'\\''"))'"
+    }
 }
 
 private final class MockFileManager: FileManager {
diff --git a/Tests/CodexBarTests/PerplexityCookieCacheTests.swift b/Tests/CodexBarTests/PerplexityCookieCacheTests.swift
new file mode 100644
index 000000000..a734d9edf
--- /dev/null
+++ b/Tests/CodexBarTests/PerplexityCookieCacheTests.swift
@@ -0,0 +1,203 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct PerplexityCookieCacheTests {
+    private static let testToken = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0.fake-test-token"
+    private static let testCookieName = PerplexityCookieHeader.defaultSessionCookieName
+
+    private struct StubClaudeFetcher: ClaudeUsageFetching {
+        func loadLatestUsage(model _: String) async throws -> ClaudeUsageSnapshot {
+            throw ClaudeUsageError.parseFailed("stub")
+        }
+
+        func debugRawProbe(model _: String) async -> String {
+            "stub"
+        }
+
+        func detectVersion() -> String? {
+            nil
+        }
+    }
+
+    // MARK: - Cache round-trip
+
+    @Test
+    func `cache round trip produces valid cookie override`() {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer {
+            CookieHeaderCache.clear(provider: .perplexity)
+            KeychainCacheStore.setTestStoreForTesting(false)
+        }
+
+        CookieHeaderCache.store(
+            provider: .perplexity,
+            cookieHeader: "\(Self.testCookieName)=\(Self.testToken)",
+            sourceLabel: "web")
+
+        let cached = CookieHeaderCache.load(provider: .perplexity)
+        #expect(cached != nil)
+        #expect(cached?.sourceLabel == "web")
+
+        let override = PerplexityCookieHeader.override(from: cached?.cookieHeader)
+        #expect(override?.name == Self.testCookieName)
+        #expect(override?.token == Self.testToken)
+    }
+
+    // MARK: - isAvailable returns true when cache has entry
+
+    @Test
+    func `is available returns true when cache populated`() {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer {
+            CookieHeaderCache.clear(provider: .perplexity)
+            KeychainCacheStore.setTestStoreForTesting(false)
+        }
+
+        // With no cache and no other sources, load should return nil
+        let beforeStore = CookieHeaderCache.load(provider: .perplexity)
+        #expect(beforeStore == nil)
+
+        // After storing, cache should be available
+        CookieHeaderCache.store(
+            provider: .perplexity,
+            cookieHeader: "\(Self.testCookieName)=\(Self.testToken)",
+            sourceLabel: "web")
+
+        let afterStore = CookieHeaderCache.load(provider: .perplexity)
+        #expect(afterStore != nil)
+    }
+
+    // MARK: - Cache cleared on invalidToken
+
+    @Test
+    func `cache cleared on invalid token`() {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer {
+            CookieHeaderCache.clear(provider: .perplexity)
+            KeychainCacheStore.setTestStoreForTesting(false)
+        }
+
+        CookieHeaderCache.store(
+            provider: .perplexity,
+            cookieHeader: "\(Self.testCookieName)=\(Self.testToken)",
+            sourceLabel: "web")
+
+        // Verify it's cached
+        #expect(CookieHeaderCache.load(provider: .perplexity) != nil)
+
+        // Simulate what fetch() does on invalidToken: clear the cache
+        CookieHeaderCache.clear(provider: .perplexity)
+
+        #expect(CookieHeaderCache.load(provider: .perplexity) == nil)
+    }
+
+    // MARK: - Cache NOT cleared on non-auth errors
+
+    @Test
+    func `cache not cleared on network error`() {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer {
+            CookieHeaderCache.clear(provider: .perplexity)
+            KeychainCacheStore.setTestStoreForTesting(false)
+        }
+
+        CookieHeaderCache.store(
+            provider: .perplexity,
+            cookieHeader: "\(Self.testCookieName)=\(Self.testToken)",
+            sourceLabel: "web")
+
+        // Simulate a networkError — cache should NOT be cleared
+        let error = PerplexityAPIError.networkError("timeout")
+        switch error {
+        case .invalidToken:
+            CookieHeaderCache.clear(provider: .perplexity)
+        default:
+            break // non-auth errors do not clear cache
+        }
+
+        #expect(CookieHeaderCache.load(provider: .perplexity) != nil)
+    }
+
+    @Test
+    func `cache not cleared on API error`() {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer {
+            CookieHeaderCache.clear(provider: .perplexity)
+            KeychainCacheStore.setTestStoreForTesting(false)
+        }
+
+        CookieHeaderCache.store(
+            provider: .perplexity,
+            cookieHeader: "\(Self.testCookieName)=\(Self.testToken)",
+            sourceLabel: "web")
+
+        // Simulate an apiError (e.g. HTTP 500) — cache should NOT be cleared
+        let error = PerplexityAPIError.apiError("HTTP 500")
+        switch error {
+        case .invalidToken:
+            CookieHeaderCache.clear(provider: .perplexity)
+        default:
+            break // non-auth errors do not clear cache
+        }
+
+        #expect(CookieHeaderCache.load(provider: .perplexity) != nil)
+    }
+
+    // MARK: - Bare token stored as default cookie name
+
+    @Test
+    func `bare token round trips with default cookie name`() {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer {
+            CookieHeaderCache.clear(provider: .perplexity)
+            KeychainCacheStore.setTestStoreForTesting(false)
+        }
+
+        // Store with default cookie name format
+        CookieHeaderCache.store(
+            provider: .perplexity,
+            cookieHeader: "\(Self.testCookieName)=\(Self.testToken)",
+            sourceLabel: "web")
+
+        let cached = CookieHeaderCache.load(provider: .perplexity)
+        let override = PerplexityCookieHeader.override(from: cached?.cookieHeader)
+        #expect(override?.name == Self.testCookieName)
+        #expect(override?.token == Self.testToken)
+    }
+
+    @Test
+    func `off mode ignores cached session cookie`() async {
+        KeychainCacheStore.setTestStoreForTesting(true)
+        defer {
+            CookieHeaderCache.clear(provider: .perplexity)
+            KeychainCacheStore.setTestStoreForTesting(false)
+        }
+
+        CookieHeaderCache.store(
+            provider: .perplexity,
+            cookieHeader: "\(Self.testCookieName)=cached-token",
+            sourceLabel: "web")
+
+        let strategy = PerplexityWebFetchStrategy()
+        let settings = ProviderSettingsSnapshot.make(
+            perplexity: ProviderSettingsSnapshot.PerplexityProviderSettings(
+                cookieSource: .off,
+                manualCookieHeader: nil))
+        let context = ProviderFetchContext(
+            runtime: .app,
+            sourceMode: .auto,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: [:],
+            settings: settings,
+            fetcher: UsageFetcher(environment: [:]),
+            claudeFetcher: StubClaudeFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0))
+
+        #expect(await strategy.isAvailable(context) == false)
+    }
+}
diff --git a/Tests/CodexBarTests/PerplexityCookieHeaderTests.swift b/Tests/CodexBarTests/PerplexityCookieHeaderTests.swift
new file mode 100644
index 000000000..39b7d2a52
--- /dev/null
+++ b/Tests/CodexBarTests/PerplexityCookieHeaderTests.swift
@@ -0,0 +1,89 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct PerplexityCookieHeaderTests {
+    @Test
+    func `bare token uses default session cookie name`() {
+        let override = PerplexityCookieHeader.override(from: "abc123")
+        #expect(override?.name == PerplexityCookieHeader.defaultSessionCookieName)
+        #expect(override?.token == "abc123")
+        #expect(override?.requestCookieNames == PerplexityCookieHeader.supportedSessionCookieNames)
+    }
+
+    @Test
+    func `extracts secure next auth session cookie from header`() {
+        let header = "foo=bar; __Secure-next-auth.session-token=token-a; baz=qux"
+        let override = PerplexityCookieHeader.override(from: header)
+        #expect(override?.name == "__Secure-next-auth.session-token")
+        #expect(override?.token == "token-a")
+    }
+
+    @Test
+    func `extracts auth JS session cookie from header`() {
+        let header = "foo=bar; __Secure-authjs.session-token=token-b; baz=qux"
+        let override = PerplexityCookieHeader.override(from: header)
+        #expect(override?.name == "__Secure-authjs.session-token")
+        #expect(override?.token == "token-b")
+    }
+
+    @Test
+    func `prefers auth JS session cookie when both names exist`() {
+        let header = """
+        __Secure-next-auth.session-token=legacy-token; __Secure-authjs.session-token=live-token
+        """
+        let override = PerplexityCookieHeader.override(from: header)
+        #expect(override?.name == "__Secure-authjs.session-token")
+        #expect(override?.token == "live-token")
+    }
+
+    @Test
+    func `reassembles chunked next auth session cookie from header`() {
+        let header = """
+        foo=bar; __Secure-next-auth.session-token.1=chunk-b; __Secure-next-auth.session-token.0=chunk-a
+        """
+        let override = PerplexityCookieHeader.override(from: header)
+        #expect(override?.name == "__Secure-next-auth.session-token")
+        #expect(override?.token == "chunk-achunk-b")
+    }
+
+    @Test
+    func `reassembles chunked auth JS session cookie from header`() {
+        let header = "foo=bar; authjs.session-token.0=chunk-a; authjs.session-token.1=chunk-b"
+        let override = PerplexityCookieHeader.override(from: header)
+        #expect(override?.name == "authjs.session-token")
+        #expect(override?.token == "chunk-achunk-b")
+    }
+
+    @Test
+    func `unsupported cookie header returns nil`() {
+        let override = PerplexityCookieHeader.override(from: "foo=bar; hello=world")
+        #expect(override == nil)
+    }
+
+    #if os(macOS)
+    @Test
+    func `importer session info reassembles chunked session cookies`() throws {
+        let cookies = try [
+            #require(self.makeCookie(name: "__Secure-authjs.session-token.0", value: "chunk-a")),
+            #require(self.makeCookie(name: "__Secure-authjs.session-token.1", value: "chunk-b")),
+        ]
+        let session = PerplexityCookieImporter.SessionInfo(cookies: cookies, sourceLabel: "Chrome")
+
+        #expect(session.sessionCookie?.name == "__Secure-authjs.session-token")
+        #expect(session.sessionCookie?.token == "chunk-achunk-b")
+    }
+    #endif
+
+    #if os(macOS)
+    private func makeCookie(name: String, value: String) -> HTTPCookie? {
+        HTTPCookie(properties: [
+            .domain: "www.perplexity.ai",
+            .path: "/",
+            .name: name,
+            .value: value,
+            .secure: "TRUE",
+        ])
+    }
+    #endif
+}
diff --git a/Tests/CodexBarTests/PerplexityProviderTests.swift b/Tests/CodexBarTests/PerplexityProviderTests.swift
new file mode 100644
index 000000000..b81a46844
--- /dev/null
+++ b/Tests/CodexBarTests/PerplexityProviderTests.swift
@@ -0,0 +1,397 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct PerplexityProviderTests {
+    private static let now = Date(timeIntervalSince1970: 1_740_000_000)
+
+    private final class LockedArray<Element>: @unchecked Sendable {
+        private let lock = NSLock()
+        private var values: [Element] = []
+
+        func append(_ value: Element) {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            self.values.append(value)
+        }
+
+        func snapshot() -> [Element] {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            return self.values
+        }
+    }
+
+    private final class LockedCounter: @unchecked Sendable {
+        private let lock = NSLock()
+        private var value: Int = 0
+
+        func increment() {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            self.value += 1
+        }
+
+        func snapshot() -> Int {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            return self.value
+        }
+    }
+
+    private struct StubClaudeFetcher: ClaudeUsageFetching {
+        func loadLatestUsage(model _: String) async throws -> ClaudeUsageSnapshot {
+            throw ClaudeUsageError.parseFailed("stub")
+        }
+
+        func debugRawProbe(model _: String) async -> String {
+            "stub"
+        }
+
+        func detectVersion() -> String? {
+            nil
+        }
+    }
+
+    private func makeContext(
+        settings: ProviderSettingsSnapshot?,
+        env: [String: String] = [:]) -> ProviderFetchContext
+    {
+        ProviderFetchContext(
+            runtime: .app,
+            sourceMode: .auto,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: settings,
+            fetcher: UsageFetcher(environment: env),
+            claudeFetcher: StubClaudeFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0))
+    }
+
+    private func stubSnapshot(now: Date = Self.now) -> PerplexityUsageSnapshot {
+        PerplexityUsageSnapshot(
+            response: PerplexityCreditsResponse(
+                balanceCents: 500,
+                renewalDateTs: now.addingTimeInterval(3600).timeIntervalSince1970,
+                currentPeriodPurchasedCents: 0,
+                creditGrants: [
+                    PerplexityCreditGrant(type: "recurring", amountCents: 1000, expiresAtTs: nil),
+                ],
+                totalUsageCents: 500),
+            now: now)
+    }
+
+    private func withIsolatedCacheStore<T>(operation: () async throws -> T) async rethrows -> T {
+        let service = "perplexity-provider-tests-\(UUID().uuidString)"
+        return try await KeychainCacheStore.withServiceOverrideForTesting(service) {
+            KeychainCacheStore.setTestStoreForTesting(true)
+            defer { KeychainCacheStore.setTestStoreForTesting(false) }
+            return try await operation()
+        }
+    }
+
+    @Test
+    func `off mode ignores environment session cookie`() async {
+        let strategy = PerplexityWebFetchStrategy()
+        let settings = ProviderSettingsSnapshot.make(
+            perplexity: ProviderSettingsSnapshot.PerplexityProviderSettings(
+                cookieSource: .off,
+                manualCookieHeader: nil))
+        let context = self.makeContext(
+            settings: settings,
+            env: ["PERPLEXITY_COOKIE": "authjs.session-token=env-token"])
+
+        #expect(await strategy.isAvailable(context) == false)
+    }
+
+    @Test
+    func `manual mode invalid cookie does not fall back to cache or environment`() async {
+        await self.withIsolatedCacheStore {
+            CookieHeaderCache.store(
+                provider: .perplexity,
+                cookieHeader: "\(PerplexityCookieHeader.defaultSessionCookieName)=cached-token",
+                sourceLabel: "web")
+
+            let strategy = PerplexityWebFetchStrategy()
+            let settings = ProviderSettingsSnapshot.make(
+                perplexity: ProviderSettingsSnapshot.PerplexityProviderSettings(
+                    cookieSource: .manual,
+                    manualCookieHeader: "foo=bar"))
+            let context = self.makeContext(
+                settings: settings,
+                env: ["PERPLEXITY_COOKIE": "authjs.session-token=env-token"])
+            let fetchOverride: @Sendable (String, String, Date) async throws -> PerplexityUsageSnapshot = { _, _, _ in
+                self.stubSnapshot()
+            }
+
+            do {
+                _ = try await PerplexityUsageFetcher.$fetchCreditsOverride.withValue(fetchOverride, operation: {
+                    try await strategy.fetch(context)
+                })
+                Issue.record("Expected invalid manual-cookie error instead of falling back to cache/environment")
+            } catch let error as PerplexityAPIError {
+                #expect(error == .invalidCookie)
+            } catch {
+                Issue.record("Expected PerplexityAPIError.invalidCookie, got \(error)")
+            }
+        }
+    }
+
+    @Test
+    func `environment token does not populate browser cookie cache`() async throws {
+        try await self.withIsolatedCacheStore {
+            PerplexityCookieImporter.invalidateImportSessionCache()
+            PerplexityCookieImporter.importSessionsOverrideForTesting = nil
+            PerplexityCookieImporter.importSessionOverrideForTesting = { _, _ in
+                throw PerplexityCookieImportError.noCookies
+            }
+            defer {
+                PerplexityCookieImporter.importSessionsOverrideForTesting = nil
+                PerplexityCookieImporter.importSessionOverrideForTesting = nil
+                PerplexityCookieImporter.invalidateImportSessionCache()
+            }
+
+            let strategy = PerplexityWebFetchStrategy()
+            let settings = ProviderSettingsSnapshot.make(
+                perplexity: ProviderSettingsSnapshot.PerplexityProviderSettings(
+                    cookieSource: .auto,
+                    manualCookieHeader: nil))
+            let context = self.makeContext(
+                settings: settings,
+                env: ["PERPLEXITY_COOKIE": "authjs.session-token=env-token"])
+            let fetchOverride: @Sendable (String, String, Date) async throws -> PerplexityUsageSnapshot = { _, _, _ in
+                self.stubSnapshot()
+            }
+
+            _ = try await PerplexityUsageFetcher.$fetchCreditsOverride.withValue(fetchOverride, operation: {
+                try await strategy.fetch(context)
+            })
+
+            #expect(CookieHeaderCache.load(provider: .perplexity) == nil)
+        }
+    }
+
+    @Test
+    func `manual token does not populate browser cookie cache`() async throws {
+        try await self.withIsolatedCacheStore {
+            let strategy = PerplexityWebFetchStrategy()
+            let settings = ProviderSettingsSnapshot.make(
+                perplexity: ProviderSettingsSnapshot.PerplexityProviderSettings(
+                    cookieSource: .manual,
+                    manualCookieHeader: "authjs.session-token=manual-token"))
+            let context = self.makeContext(settings: settings)
+            let fetchOverride: @Sendable (String, String, Date) async throws -> PerplexityUsageSnapshot = { _, _, _ in
+                self.stubSnapshot()
+            }
+
+            _ = try await PerplexityUsageFetcher.$fetchCreditsOverride.withValue(fetchOverride, operation: {
+                try await strategy.fetch(context)
+            })
+
+            #expect(CookieHeaderCache.load(provider: .perplexity) == nil)
+        }
+    }
+
+    @Test
+    func `bare environment token falls back to auth JS cookie name`() async throws {
+        try await self.withIsolatedCacheStore {
+            PerplexityCookieImporter.invalidateImportSessionCache()
+            PerplexityCookieImporter.importSessionsOverrideForTesting = nil
+            PerplexityCookieImporter.importSessionOverrideForTesting = { _, _ in
+                throw PerplexityCookieImportError.noCookies
+            }
+            defer {
+                PerplexityCookieImporter.importSessionsOverrideForTesting = nil
+                PerplexityCookieImporter.importSessionOverrideForTesting = nil
+                PerplexityCookieImporter.invalidateImportSessionCache()
+            }
+
+            let attemptedCookieNames = LockedArray<String>()
+            let strategy = PerplexityWebFetchStrategy()
+            let settings = ProviderSettingsSnapshot.make(
+                perplexity: ProviderSettingsSnapshot.PerplexityProviderSettings(
+                    cookieSource: .auto,
+                    manualCookieHeader: nil))
+            let context = self.makeContext(
+                settings: settings,
+                env: ["PERPLEXITY_SESSION_TOKEN": "env-token"])
+            let fetchOverride: @Sendable (String, String, Date) async throws
+                -> PerplexityUsageSnapshot = { token, cookieName, _ in
+                    #expect(token == "env-token")
+                    attemptedCookieNames.append(cookieName)
+                    if cookieName == "authjs.session-token" {
+                        return self.stubSnapshot()
+                    }
+                    throw PerplexityAPIError.invalidToken
+                }
+
+            _ = try await PerplexityUsageFetcher.$fetchCreditsOverride.withValue(fetchOverride, operation: {
+                try await strategy.fetch(context)
+            })
+
+            #expect(attemptedCookieNames.snapshot() == [
+                "__Secure-authjs.session-token",
+                "authjs.session-token",
+            ])
+        }
+    }
+
+    @Test
+    func `valid environment cookie wins after invalid browser session`() async throws {
+        try await self.withIsolatedCacheStore {
+            PerplexityCookieImporter.invalidateImportSessionCache()
+            PerplexityCookieImporter.importSessionsOverrideForTesting = nil
+            PerplexityCookieImporter.importSessionOverrideForTesting = { _, _ in
+                let cookie = try #require(HTTPCookie(properties: [
+                    .domain: "www.perplexity.ai",
+                    .path: "/",
+                    .name: PerplexityCookieHeader.defaultSessionCookieName,
+                    .value: "browser-token",
+                    .secure: "TRUE",
+                ]))
+                return PerplexityCookieImporter.SessionInfo(cookies: [cookie], sourceLabel: "Chrome")
+            }
+            defer {
+                PerplexityCookieImporter.importSessionsOverrideForTesting = nil
+                PerplexityCookieImporter.importSessionOverrideForTesting = nil
+                PerplexityCookieImporter.invalidateImportSessionCache()
+            }
+
+            let attemptedTokens = LockedArray<String>()
+            let strategy = PerplexityWebFetchStrategy()
+            let settings = ProviderSettingsSnapshot.make(
+                perplexity: ProviderSettingsSnapshot.PerplexityProviderSettings(
+                    cookieSource: .auto,
+                    manualCookieHeader: nil))
+            let context = self.makeContext(
+                settings: settings,
+                env: ["PERPLEXITY_COOKIE": "authjs.session-token=env-token"])
+            let fetchOverride: @Sendable (String, String, Date) async throws
+                -> PerplexityUsageSnapshot = { token, _, _ in
+                    attemptedTokens.append(token)
+                    if token == "browser-token" {
+                        throw PerplexityAPIError.invalidToken
+                    }
+                    if token == "env-token" {
+                        return self.stubSnapshot()
+                    }
+                    Issue.record("Unexpected token \(token)")
+                    throw PerplexityAPIError.invalidToken
+                }
+
+            _ = try await PerplexityUsageFetcher.$fetchCreditsOverride.withValue(fetchOverride, operation: {
+                try await strategy.fetch(context)
+            })
+
+            #expect(attemptedTokens.snapshot() == ["browser-token", "env-token"])
+        }
+    }
+
+    @Test
+    func `later browser session wins after earlier imported session fails auth`() async throws {
+        try await self.withIsolatedCacheStore {
+            PerplexityCookieImporter.invalidateImportSessionCache()
+            PerplexityCookieImporter.importSessionOverrideForTesting = nil
+            PerplexityCookieImporter.importSessionsOverrideForTesting = { _, _ in
+                let staleCookie = try #require(HTTPCookie(properties: [
+                    .domain: "www.perplexity.ai",
+                    .path: "/",
+                    .name: "__Secure-authjs.session-token",
+                    .value: "stale-browser-token",
+                    .secure: "TRUE",
+                ]))
+                let liveCookie = try #require(HTTPCookie(properties: [
+                    .domain: "www.perplexity.ai",
+                    .path: "/",
+                    .name: "__Secure-authjs.session-token",
+                    .value: "live-browser-token",
+                    .secure: "TRUE",
+                ]))
+                return [
+                    PerplexityCookieImporter.SessionInfo(cookies: [staleCookie], sourceLabel: "Chrome"),
+                    PerplexityCookieImporter.SessionInfo(cookies: [liveCookie], sourceLabel: "Safari"),
+                ]
+            }
+            defer {
+                PerplexityCookieImporter.importSessionsOverrideForTesting = nil
+                PerplexityCookieImporter.importSessionOverrideForTesting = nil
+                PerplexityCookieImporter.invalidateImportSessionCache()
+            }
+
+            let attemptedTokens = LockedArray<String>()
+            let strategy = PerplexityWebFetchStrategy()
+            let settings = ProviderSettingsSnapshot.make(
+                perplexity: ProviderSettingsSnapshot.PerplexityProviderSettings(
+                    cookieSource: .auto,
+                    manualCookieHeader: nil))
+            let context = self.makeContext(settings: settings)
+            let fetchOverride: @Sendable (String, String, Date) async throws
+                -> PerplexityUsageSnapshot = { token, _, _ in
+                    attemptedTokens.append(token)
+                    if token == "stale-browser-token" {
+                        throw PerplexityAPIError.invalidToken
+                    }
+                    if token == "live-browser-token" {
+                        return self.stubSnapshot()
+                    }
+                    Issue.record("Unexpected token \(token)")
+                    throw PerplexityAPIError.invalidToken
+                }
+
+            _ = try await PerplexityUsageFetcher.$fetchCreditsOverride.withValue(fetchOverride, operation: {
+                try await strategy.fetch(context)
+            })
+
+            #expect(attemptedTokens.snapshot() == ["stale-browser-token", "live-browser-token"])
+        }
+    }
+
+    @Test
+    func `auto mode reuses browser import between availability and fetch`() async throws {
+        try await self.withIsolatedCacheStore {
+            let importCount = LockedCounter()
+            PerplexityCookieImporter.invalidateImportSessionCache()
+            PerplexityCookieImporter.importSessionsOverrideForTesting = nil
+            PerplexityCookieImporter.importSessionOverrideForTesting = { _, _ in
+                importCount.increment()
+                let cookie = try #require(HTTPCookie(properties: [
+                    .domain: "www.perplexity.ai",
+                    .path: "/",
+                    .name: PerplexityCookieHeader.defaultSessionCookieName,
+                    .value: "browser-token",
+                    .secure: "TRUE",
+                ]))
+                return PerplexityCookieImporter.SessionInfo(cookies: [cookie], sourceLabel: "Chrome")
+            }
+            defer {
+                PerplexityCookieImporter.importSessionsOverrideForTesting = nil
+                PerplexityCookieImporter.importSessionOverrideForTesting = nil
+                PerplexityCookieImporter.invalidateImportSessionCache()
+            }
+
+            let strategy = PerplexityWebFetchStrategy()
+            let settings = ProviderSettingsSnapshot.make(
+                perplexity: ProviderSettingsSnapshot.PerplexityProviderSettings(
+                    cookieSource: .auto,
+                    manualCookieHeader: nil))
+            let context = self.makeContext(settings: settings)
+            let fetchOverride: @Sendable (String, String, Date) async throws
+                -> PerplexityUsageSnapshot = { token, _, _ in
+                    #expect(token == "browser-token")
+                    return self.stubSnapshot()
+                }
+
+            #expect(await strategy.isAvailable(context))
+
+            _ = try await PerplexityUsageFetcher.$fetchCreditsOverride.withValue(fetchOverride, operation: {
+                try await strategy.fetch(context)
+            })
+
+            #expect(importCount.snapshot() == 1)
+        }
+    }
+}
diff --git a/Tests/CodexBarTests/PerplexitySettingsReaderTests.swift b/Tests/CodexBarTests/PerplexitySettingsReaderTests.swift
new file mode 100644
index 000000000..2f7b1ff7a
--- /dev/null
+++ b/Tests/CodexBarTests/PerplexitySettingsReaderTests.swift
@@ -0,0 +1,38 @@
+import Testing
+@testable import CodexBarCore
+
+struct PerplexitySettingsReaderTests {
+    @Test
+    func `PERPLEXITY_COOKIE preserves the original supported cookie name`() {
+        let override = PerplexitySettingsReader.sessionCookieOverride(environment: [
+            "PERPLEXITY_COOKIE": "authjs.session-token=env-token",
+        ])
+
+        #expect(override?.name == "authjs.session-token")
+        #expect(override?.token == "env-token")
+        #expect(PerplexitySettingsReader.sessionToken(environment: [
+            "PERPLEXITY_COOKIE": "authjs.session-token=env-token",
+        ]) == "env-token")
+    }
+
+    @Test
+    func `PERPLEXITY_COOKIE reassembles chunked session cookies`() {
+        let override = PerplexitySettingsReader.sessionCookieOverride(environment: [
+            "PERPLEXITY_COOKIE": "authjs.session-token.0=chunk-a; authjs.session-token.1=chunk-b",
+        ])
+
+        #expect(override?.name == "authjs.session-token")
+        #expect(override?.token == "chunk-achunk-b")
+    }
+
+    @Test
+    func `PERPLEXITY_SESSION_TOKEN tries all supported cookie names`() {
+        let override = PerplexitySettingsReader.sessionCookieOverride(environment: [
+            "PERPLEXITY_SESSION_TOKEN": "env-token",
+        ])
+
+        #expect(override?.name == PerplexityCookieHeader.defaultSessionCookieName)
+        #expect(override?.token == "env-token")
+        #expect(override?.requestCookieNames == PerplexityCookieHeader.supportedSessionCookieNames)
+    }
+}
diff --git a/Tests/CodexBarTests/PerplexityUsageFetcherTests.swift b/Tests/CodexBarTests/PerplexityUsageFetcherTests.swift
new file mode 100644
index 000000000..0afd0cbcc
--- /dev/null
+++ b/Tests/CodexBarTests/PerplexityUsageFetcherTests.swift
@@ -0,0 +1,362 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct PerplexityUsageFetcherTests {
+    // Fixed "now" so expiry comparisons are deterministic
+    private static let now = Date(timeIntervalSince1970: 1_740_000_000) // Feb 20, 2026
+    private static let futureTs: TimeInterval = 1_750_000_000 // ~Jun 2025, after now
+    private static let pastTs: TimeInterval = 1_700_000_000 // ~Nov 2023, before now
+    private static let renewalTs: TimeInterval = 1_743_000_000 // ~Mar 26, 2026
+
+    // MARK: - JSON Parsing
+
+    @Test
+    func `parses full response with recurring and promotional credits`() throws {
+        let json = """
+        {
+          "balance_cents": 7250,
+          "renewal_date_ts": \(Self.renewalTs),
+          "current_period_purchased_cents": 0,
+          "credit_grants": [
+            { "type": "recurring", "amount_cents": 10000, "expires_at_ts": \(Self.futureTs) },
+            { "type": "promotional", "amount_cents": 20000, "expires_at_ts": \(Self.futureTs) }
+          ],
+          "total_usage_cents": 2750
+        }
+        """
+        let snapshot = try PerplexityUsageFetcher._parseResponseForTesting(Data(json.utf8), now: Self.now)
+
+        #expect(snapshot.recurringTotal == 10000)
+        #expect(snapshot.recurringUsed == 2750)
+        #expect(snapshot.promoTotal == 20000)
+        #expect(snapshot.promoUsed == 0)
+        #expect(snapshot.purchasedTotal == 0)
+        #expect(snapshot.purchasedUsed == 0)
+        #expect(snapshot.balanceCents == 7250)
+        #expect(snapshot.totalUsageCents == 2750)
+        #expect(abs(snapshot.renewalDate.timeIntervalSince1970 - Self.renewalTs) < 1)
+    }
+
+    @Test
+    func `waterfall attribution recurring then purchased then promo`() throws {
+        // Usage exceeds recurring, spills into purchased, then promo
+        let json = """
+        {
+          "balance_cents": 0,
+          "renewal_date_ts": \(Self.renewalTs),
+          "current_period_purchased_cents": 3000,
+          "credit_grants": [
+            { "type": "recurring",    "amount_cents": 5000, "expires_at_ts": \(Self.futureTs) },
+            { "type": "promotional",  "amount_cents": 4000, "expires_at_ts": \(Self.futureTs) }
+          ],
+          "total_usage_cents": 9000
+        }
+        """
+        let snapshot = try PerplexityUsageFetcher._parseResponseForTesting(Data(json.utf8), now: Self.now)
+
+        #expect(snapshot.recurringUsed == 5000) // recurring fully consumed
+        #expect(snapshot.purchasedUsed == 3000) // purchased fully consumed
+        #expect(snapshot.promoUsed == 1000) // 9000 - 5000 - 3000 = 1000 from promo
+    }
+
+    @Test
+    func `expired promotional grants are excluded`() throws {
+        let json = """
+        {
+          "balance_cents": 0,
+          "renewal_date_ts": \(Self.renewalTs),
+          "current_period_purchased_cents": 0,
+          "credit_grants": [
+            { "type": "recurring",   "amount_cents": 10000, "expires_at_ts": \(Self.futureTs) },
+            { "type": "promotional", "amount_cents": 5000,  "expires_at_ts": \(Self.pastTs) }
+          ],
+          "total_usage_cents": 1000
+        }
+        """
+        let snapshot = try PerplexityUsageFetcher._parseResponseForTesting(Data(json.utf8), now: Self.now)
+
+        #expect(snapshot.promoTotal == 0) // expired grant excluded
+        #expect(snapshot.promoUsed == 0)
+        #expect(snapshot.promoExpiration == nil)
+    }
+
+    @Test
+    func `empty credit grants produces zero recurring`() throws {
+        let json = """
+        {
+          "balance_cents": 0,
+          "renewal_date_ts": \(Self.renewalTs),
+          "current_period_purchased_cents": 0,
+          "credit_grants": [],
+          "total_usage_cents": 0
+        }
+        """
+        let snapshot = try PerplexityUsageFetcher._parseResponseForTesting(Data(json.utf8), now: Self.now)
+
+        #expect(snapshot.recurringTotal == 0)
+        #expect(snapshot.promoTotal == 0)
+        #expect(snapshot.purchasedTotal == 0)
+        #expect(snapshot.planName == nil)
+    }
+
+    @Test
+    func `malformed JSON throws parse failed`() {
+        let json = """
+        { "balance_cents": "not a number", "credit_grants": null }
+        """
+        #expect {
+            _ = try PerplexityUsageFetcher._parseResponseForTesting(Data(json.utf8), now: Self.now)
+        } throws: { error in
+            guard case PerplexityAPIError.parseFailed = error else { return false }
+            return true
+        }
+    }
+
+    // MARK: - Plan Name Inference
+
+    @Test
+    func `plan name inference`() throws {
+        func makeSnapshot(recurringCents: Double) throws -> PerplexityUsageSnapshot {
+            let json = """
+            {
+              "balance_cents": 0,
+              "renewal_date_ts": \(Self.renewalTs),
+              "current_period_purchased_cents": 0,
+              "credit_grants": [
+                { "type": "recurring", "amount_cents": \(recurringCents), "expires_at_ts": \(Self.futureTs) }
+              ],
+              "total_usage_cents": 0
+            }
+            """
+            return try PerplexityUsageFetcher._parseResponseForTesting(Data(json.utf8), now: Self.now)
+        }
+
+        #expect(try makeSnapshot(recurringCents: 0).planName == nil)
+        #expect(try makeSnapshot(recurringCents: 500).planName == "Pro")
+        #expect(try makeSnapshot(recurringCents: 1000).planName == "Pro")
+        #expect(try makeSnapshot(recurringCents: 10000).planName == "Max")
+    }
+
+    // MARK: - toUsageSnapshot
+
+    @Test
+    func `to usage snapshot always has secondary and tertiary`() throws {
+        let json = """
+        {
+          "balance_cents": 0,
+          "renewal_date_ts": \(Self.renewalTs),
+          "current_period_purchased_cents": 0,
+          "credit_grants": [
+            { "type": "recurring", "amount_cents": 10000, "expires_at_ts": \(Self.futureTs) }
+          ],
+          "total_usage_cents": 0
+        }
+        """
+        let snapshot = try PerplexityUsageFetcher._parseResponseForTesting(Data(json.utf8), now: Self.now)
+            .toUsageSnapshot()
+
+        // secondary and tertiary always present even when no promo/purchased credits
+        #expect(snapshot.secondary != nil)
+        #expect(snapshot.tertiary != nil)
+    }
+
+    @Test
+    func `to usage snapshot zero recurring bar is fully depleted`() throws {
+        let json = """
+        {
+          "balance_cents": 0,
+          "renewal_date_ts": \(Self.renewalTs),
+          "current_period_purchased_cents": 0,
+          "credit_grants": [],
+          "total_usage_cents": 0
+        }
+        """
+        let snapshot = try PerplexityUsageFetcher._parseResponseForTesting(Data(json.utf8), now: Self.now)
+            .toUsageSnapshot()
+        let primary = try #require(snapshot.primary)
+
+        // No recurring credits → bar renders as empty (100% used), not full (0% used)
+        #expect(primary.usedPercent == 100.0)
+    }
+
+    @Test
+    func `to usage snapshot omits primary when only fallback credits remain`() throws {
+        let json = """
+        {
+          "balance_cents": 6000,
+          "renewal_date_ts": \(Self.renewalTs),
+          "current_period_purchased_cents": 2000,
+          "credit_grants": [
+            { "type": "promotional", "amount_cents": 4000, "expires_at_ts": \(Self.futureTs) }
+          ],
+          "total_usage_cents": 0
+        }
+        """
+        let snapshot = try PerplexityUsageFetcher._parseResponseForTesting(Data(json.utf8), now: Self.now)
+            .toUsageSnapshot()
+
+        #expect(snapshot.primary == nil)
+        #expect(snapshot.secondary?.usedPercent == 0.0)
+        #expect(snapshot.tertiary?.usedPercent == 0.0)
+    }
+
+    @Test
+    func `to usage snapshot empty pools bars are fully depleted`() throws {
+        let json = """
+        {
+          "balance_cents": 0,
+          "renewal_date_ts": \(Self.renewalTs),
+          "current_period_purchased_cents": 0,
+          "credit_grants": [
+            { "type": "recurring", "amount_cents": 10000, "expires_at_ts": \(Self.futureTs) }
+          ],
+          "total_usage_cents": 0
+        }
+        """
+        let snapshot = try PerplexityUsageFetcher._parseResponseForTesting(Data(json.utf8), now: Self.now)
+            .toUsageSnapshot()
+        let secondary = try #require(snapshot.secondary)
+        let tertiary = try #require(snapshot.tertiary)
+
+        // Empty pools render as 100% used (empty bar) not 0% used (full bar)
+        #expect(secondary.usedPercent == 100.0)
+        #expect(tertiary.usedPercent == 100.0)
+    }
+
+    // MARK: - Purchased credits from credit_grants
+
+    @Test
+    func `purchased credits from credit grants array`() throws {
+        // Purchased credits appear as credit_grant type="purchased" instead of
+        // current_period_purchased_cents. The snapshot should pick them up.
+        let json = """
+        {
+          "balance_cents": 23065,
+          "renewal_date_ts": \(Self.renewalTs),
+          "current_period_purchased_cents": 0,
+          "credit_grants": [
+            { "type": "recurring",    "amount_cents": 10000, "expires_at_ts": \(Self.futureTs) },
+            { "type": "purchased",    "amount_cents": 40000 },
+            { "type": "promotional",  "amount_cents": 55000, "expires_at_ts": \(Self.futureTs) }
+          ],
+          "total_usage_cents": 81935
+        }
+        """
+        let snapshot = try PerplexityUsageFetcher._parseResponseForTesting(Data(json.utf8), now: Self.now)
+
+        #expect(snapshot.recurringTotal == 10000)
+        #expect(snapshot.purchasedTotal == 40000)
+        #expect(snapshot.promoTotal == 55000)
+
+        // Waterfall: recurring eats 10000, purchased eats 40000, promo eats 31935
+        #expect(snapshot.recurringUsed == 10000)
+        #expect(snapshot.purchasedUsed == 40000)
+        #expect(snapshot.promoUsed == 31935)
+    }
+
+    @Test
+    func `purchased credits prefer grants over field when both present`() throws {
+        // When both current_period_purchased_cents AND credit_grants type="purchased"
+        // are provided, the larger value wins.
+        let json = """
+        {
+          "balance_cents": 0,
+          "renewal_date_ts": \(Self.renewalTs),
+          "current_period_purchased_cents": 3000,
+          "credit_grants": [
+            { "type": "recurring",   "amount_cents": 5000, "expires_at_ts": \(Self.futureTs) },
+            { "type": "purchased",   "amount_cents": 8000 },
+            { "type": "promotional", "amount_cents": 4000, "expires_at_ts": \(Self.futureTs) }
+          ],
+          "total_usage_cents": 14000
+        }
+        """
+        let snapshot = try PerplexityUsageFetcher._parseResponseForTesting(Data(json.utf8), now: Self.now)
+
+        // Purchased should use max(8000, 3000) = 8000
+        #expect(snapshot.purchasedTotal == 8000)
+        // Waterfall: 5000 recurring + 8000 purchased + 1000 promo = 14000
+        #expect(snapshot.recurringUsed == 5000)
+        #expect(snapshot.purchasedUsed == 8000)
+        #expect(snapshot.promoUsed == 1000)
+    }
+
+    @Test
+    func `purchased credits from field when no grant type`() throws {
+        // Legacy path: current_period_purchased_cents is set but no "purchased" grant
+        let json = """
+        {
+          "balance_cents": 0,
+          "renewal_date_ts": \(Self.renewalTs),
+          "current_period_purchased_cents": 3000,
+          "credit_grants": [
+            { "type": "recurring",    "amount_cents": 5000, "expires_at_ts": \(Self.futureTs) },
+            { "type": "promotional",  "amount_cents": 4000, "expires_at_ts": \(Self.futureTs) }
+          ],
+          "total_usage_cents": 9000
+        }
+        """
+        let snapshot = try PerplexityUsageFetcher._parseResponseForTesting(Data(json.utf8), now: Self.now)
+
+        // Still picks up purchased from the top-level field
+        #expect(snapshot.purchasedTotal == 3000)
+        #expect(snapshot.recurringUsed == 5000)
+        #expect(snapshot.purchasedUsed == 3000)
+        #expect(snapshot.promoUsed == 1000)
+    }
+
+    @Test
+    func `real world max plan with all three pools`() throws {
+        // Real-world scenario: Max plan, 10k recurring + 40k purchased + 55k bonus
+        // Total 105,000 available, 23,065 remaining → 81,935 used
+        let json = """
+        {
+          "balance_cents": 23065,
+          "renewal_date_ts": \(Self.renewalTs),
+          "current_period_purchased_cents": 0,
+          "credit_grants": [
+            { "type": "recurring",    "amount_cents": 10000, "expires_at_ts": \(Self.futureTs) },
+            { "type": "purchased",    "amount_cents": 40000 },
+            { "type": "promotional",  "amount_cents": 55000, "expires_at_ts": \(Self.futureTs) }
+          ],
+          "total_usage_cents": 81935
+        }
+        """
+        let snapshot = try PerplexityUsageFetcher._parseResponseForTesting(Data(json.utf8), now: Self.now)
+        let usage = snapshot.toUsageSnapshot()
+
+        // Primary (recurring): fully consumed → 100%
+        let primary = try #require(usage.primary)
+        #expect(primary.usedPercent == 100.0)
+
+        // Tertiary (purchased): fully consumed → 100%
+        let tertiary = try #require(usage.tertiary)
+        #expect(tertiary.usedPercent == 100.0)
+
+        // Secondary (bonus): 31935/55000 ≈ 58.06% used → ~42% remaining
+        let secondary = try #require(usage.secondary)
+        let expectedPromoPercent = 31935.0 / 55000.0 * 100.0
+        #expect(abs(secondary.usedPercent - expectedPromoPercent) < 0.1)
+    }
+
+    @Test
+    func `to usage snapshot primary percent matches usage`() throws {
+        let json = """
+        {
+          "balance_cents": 0,
+          "renewal_date_ts": \(Self.renewalTs),
+          "current_period_purchased_cents": 0,
+          "credit_grants": [
+            { "type": "recurring", "amount_cents": 10000, "expires_at_ts": \(Self.futureTs) }
+          ],
+          "total_usage_cents": 2500
+        }
+        """
+        let snapshot = try PerplexityUsageFetcher._parseResponseForTesting(Data(json.utf8), now: Self.now)
+            .toUsageSnapshot()
+        let primary = try #require(snapshot.primary)
+
+        #expect(primary.usedPercent == 25.0)
+    }
+}
diff --git a/Tests/CodexBarTests/PiSessionCostScannerTests.swift b/Tests/CodexBarTests/PiSessionCostScannerTests.swift
new file mode 100644
index 000000000..1a063ce78
--- /dev/null
+++ b/Tests/CodexBarTests/PiSessionCostScannerTests.swift
@@ -0,0 +1,676 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct PiSessionCostScannerTests {
+    @Test
+    func `pi scanner maps assistant usage to codex and claude reports`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let codexDay = try env.makeLocalNoon(year: 2026, month: 4, day: 2)
+        let claudeDay = try env.makeLocalNoon(year: 2026, month: 4, day: 3)
+
+        let codexEntry: [String: Any] = [
+            "type": "message",
+            "timestamp": env.isoString(for: codexDay),
+            "message": [
+                "role": "assistant",
+                "provider": "openai-codex",
+                "model": "openai/gpt-5.4",
+                "timestamp": Int(codexDay.timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 120,
+                    "output": 30,
+                    "cacheRead": 10,
+                    "cacheWrite": 5,
+                    "totalTokens": 165,
+                ],
+            ],
+        ]
+        let claudeEntry: [String: Any] = [
+            "type": "message",
+            "timestamp": env.isoString(for: claudeDay),
+            "message": [
+                "role": "assistant",
+                "provider": "anthropic",
+                "model": "anthropic.foo.claude-sonnet-4-6-v1:0",
+                "timestamp": Int(claudeDay.timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 80,
+                    "output": 20,
+                    "cacheRead": 4,
+                    "cacheWrite": 6,
+                    "totalTokens": 110,
+                ],
+            ],
+        ]
+
+        _ = try env.writePiSessionFile(
+            relativePath: "nested/run-0/2026-04-02T10-00-00-000Z_test.jsonl",
+            contents: env.jsonl([codexEntry, claudeEntry]))
+
+        let options = PiSessionCostScanner.Options(
+            piSessionsRoot: env.piSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            refreshMinIntervalSeconds: 0)
+
+        let codexReport = PiSessionCostScanner.loadDailyReport(
+            provider: .codex,
+            since: codexDay,
+            until: claudeDay,
+            now: claudeDay,
+            options: options)
+        let expectedCodexCost = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.4",
+            inputTokens: 135,
+            cachedInputTokens: 10,
+            outputTokens: 30)
+        #expect(codexReport.data.count == 1)
+        #expect(codexReport.data.first?.date == "2026-04-02")
+        #expect(codexReport.data.first?.totalTokens == 165)
+        #expect(abs((codexReport.data.first?.costUSD ?? 0) - (expectedCodexCost ?? 0)) < 0.000001)
+        #expect(codexReport.data.first?.modelBreakdowns?.map(\.modelName) == ["gpt-5.4"])
+
+        let claudeReport = PiSessionCostScanner.loadDailyReport(
+            provider: .claude,
+            since: codexDay,
+            until: claudeDay,
+            now: claudeDay,
+            options: options)
+        let expectedClaudeCost = CostUsagePricing.claudeCostUSD(
+            model: "claude-sonnet-4-6",
+            inputTokens: 80,
+            cacheReadInputTokens: 4,
+            cacheCreationInputTokens: 6,
+            outputTokens: 20)
+        #expect(claudeReport.data.count == 1)
+        #expect(claudeReport.data.first?.date == "2026-04-03")
+        #expect(claudeReport.data.first?.totalTokens == 110)
+        #expect(abs((claudeReport.data.first?.costUSD ?? 0) - (expectedClaudeCost ?? 0)) < 0.000001)
+        #expect(claudeReport.data.first?.modelBreakdowns?.map(\.modelName) == ["claude-sonnet-4-6"])
+    }
+
+    @Test
+    func `pi scanner uses model change fallback and assistant timestamp day`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let sessionStart = try env.makeLocalNoon(year: 2026, month: 4, day: 1)
+        let assistantDay = try env.makeLocalNoon(year: 2026, month: 4, day: 2)
+
+        let modelChange: [String: Any] = [
+            "type": "model_change",
+            "timestamp": env.isoString(for: sessionStart),
+            "provider": "openai-codex",
+            "modelId": "openai/gpt-5.3-codex",
+        ]
+        let assistant: [String: Any] = [
+            "type": "message",
+            "timestamp": env.isoString(for: sessionStart),
+            "message": [
+                "role": "assistant",
+                "timestamp": Int(assistantDay.timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 20,
+                    "cacheRead": 2,
+                    "output": 20,
+                    "totalTokens": 42,
+                ],
+            ],
+        ]
+
+        _ = try env.writePiSessionFile(
+            relativePath: "2026-04-01T09-00-00-000Z_test.jsonl",
+            contents: env.jsonl([modelChange, assistant]))
+
+        let report = PiSessionCostScanner.loadDailyReport(
+            provider: .codex,
+            since: sessionStart,
+            until: assistantDay,
+            now: assistantDay,
+            options: PiSessionCostScanner.Options(
+                piSessionsRoot: env.piSessionsRoot,
+                cacheRoot: env.cacheRoot,
+                refreshMinIntervalSeconds: 0))
+
+        let expectedCost = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.3-codex",
+            inputTokens: 22,
+            cachedInputTokens: 2,
+            outputTokens: 20)
+        #expect(report.data.count == 1)
+        #expect(report.data.first?.date == "2026-04-02")
+        #expect(report.data.first?.totalTokens == 42)
+        #expect(abs((report.data.first?.costUSD ?? 0) - (expectedCost ?? 0)) < 0.000001)
+        #expect(report.data.first?.modelBreakdowns?.map(\.modelName) == ["gpt-5.3-codex"])
+    }
+
+    @Test
+    func `pi scanner refreshes appended file without duplicating existing usage`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 4, day: 4)
+        let firstTimestamp = Int(day.timeIntervalSince1970 * 1000)
+        let secondTimestamp = Int(day.addingTimeInterval(60).timeIntervalSince1970 * 1000)
+
+        let firstAssistant: [String: Any] = [
+            "type": "message",
+            "timestamp": env.isoString(for: day),
+            "message": [
+                "role": "assistant",
+                "provider": "openai-codex",
+                "model": "openai/gpt-5.4",
+                "timestamp": firstTimestamp,
+                "usage": [
+                    "input": 10,
+                    "output": 5,
+                    "totalTokens": 15,
+                ],
+            ],
+        ]
+        let secondAssistant: [String: Any] = [
+            "type": "message",
+            "timestamp": env.isoString(for: day),
+            "message": [
+                "role": "assistant",
+                "provider": "openai-codex",
+                "model": "gpt-5.4",
+                "timestamp": secondTimestamp,
+                "usage": [
+                    "input": 20,
+                    "output": 10,
+                    "totalTokens": 30,
+                ],
+            ],
+        ]
+
+        let url = try env.writePiSessionFile(
+            relativePath: "2026-04-04T10-00-00-000Z_test.jsonl",
+            contents: env.jsonl([firstAssistant]))
+
+        let options = PiSessionCostScanner.Options(
+            piSessionsRoot: env.piSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            refreshMinIntervalSeconds: 0)
+        let firstReport = PiSessionCostScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        let firstExpectedCost = CostUsagePricing.codexCostUSD(
+            model: "gpt-5.4",
+            inputTokens: 10,
+            cachedInputTokens: 0,
+            outputTokens: 5)
+        #expect(firstReport.data.count == 1)
+        #expect(firstReport.data.first?.totalTokens == 15)
+        #expect(abs((firstReport.data.first?.costUSD ?? 0) - (firstExpectedCost ?? 0)) < 0.000001)
+
+        try env.jsonl([firstAssistant, secondAssistant]).write(to: url, atomically: true, encoding: .utf8)
+
+        let secondReport = PiSessionCostScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: options)
+        let secondExpectedCost = (firstExpectedCost ?? 0) + (CostUsagePricing.codexCostUSD(
+            model: "gpt-5.4",
+            inputTokens: 20,
+            cachedInputTokens: 0,
+            outputTokens: 10) ?? 0)
+        #expect(secondReport.data.count == 1)
+        #expect(secondReport.data.first?.totalTokens == 45)
+        #expect(abs((secondReport.data.first?.costUSD ?? 0) - secondExpectedCost) < 0.000001)
+    }
+
+    @Test
+    func `pi scanner ignores explicit unsupported provider even with fallback context`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 4, day: 5)
+        let modelChange: [String: Any] = [
+            "type": "model_change",
+            "timestamp": env.isoString(for: day),
+            "provider": "openai-codex",
+            "modelId": "gpt-5.4",
+        ]
+        let unsupportedAssistant: [String: Any] = [
+            "type": "message",
+            "timestamp": env.isoString(for: day),
+            "message": [
+                "role": "assistant",
+                "provider": "openrouter",
+                "model": "gpt-5.4",
+                "timestamp": Int(day.timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 99,
+                    "output": 1,
+                    "totalTokens": 100,
+                ],
+            ],
+        ]
+        let fallbackAssistant: [String: Any] = [
+            "type": "message",
+            "timestamp": env.isoString(for: day.addingTimeInterval(60)),
+            "message": [
+                "role": "assistant",
+                "timestamp": Int(day.addingTimeInterval(60).timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 10,
+                    "output": 5,
+                    "totalTokens": 15,
+                ],
+            ],
+        ]
+
+        _ = try env.writePiSessionFile(
+            relativePath: "2026-04-05T10-00-00-000Z_test.jsonl",
+            contents: env.jsonl([modelChange, unsupportedAssistant, fallbackAssistant]))
+
+        let report = PiSessionCostScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: PiSessionCostScanner.Options(
+                piSessionsRoot: env.piSessionsRoot,
+                cacheRoot: env.cacheRoot,
+                refreshMinIntervalSeconds: 0))
+
+        #expect(report.data.count == 1)
+        #expect(report.data.first?.totalTokens == 15)
+        #expect(report.data.first?.modelBreakdowns?.map(\.modelName) == ["gpt-5.4"])
+    }
+
+    @Test
+    func `pi scanner force rescan bypasses stale same size metadata cache`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 4, day: 6)
+        let assistantOne: [String: Any] = [
+            "type": "message",
+            "timestamp": env.isoString(for: day),
+            "message": [
+                "role": "assistant",
+                "provider": "openai-codex",
+                "model": "gpt-5.4",
+                "timestamp": Int(day.timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 10,
+                    "output": 5,
+                    "totalTokens": 15,
+                ],
+            ],
+        ]
+        let assistantTwo: [String: Any] = [
+            "type": "message",
+            "timestamp": env.isoString(for: day),
+            "message": [
+                "role": "assistant",
+                "provider": "openai-codex",
+                "model": "gpt-5.4",
+                "timestamp": Int(day.timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 20,
+                    "output": 5,
+                    "totalTokens": 25,
+                ],
+            ],
+        ]
+
+        let firstContents = try env.jsonl([assistantOne])
+        let secondContents = try env.jsonl([assistantTwo])
+        #expect(firstContents.utf8.count == secondContents.utf8.count)
+
+        let url = try env.writePiSessionFile(
+            relativePath: "2026-04-06T10-00-00-000Z_test.jsonl",
+            contents: firstContents)
+        let originalModifiedAt = try #require(
+            FileManager.default.attributesOfItem(atPath: url.path)[.modificationDate] as? Date)
+
+        let cachedOptions = PiSessionCostScanner.Options(
+            piSessionsRoot: env.piSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            refreshMinIntervalSeconds: 0)
+        let firstReport = PiSessionCostScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: cachedOptions)
+        #expect(firstReport.data.first?.totalTokens == 15)
+
+        try secondContents.write(to: url, atomically: true, encoding: .utf8)
+        try FileManager.default.setAttributes([.modificationDate: originalModifiedAt], ofItemAtPath: url.path)
+
+        let staleReport = PiSessionCostScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: cachedOptions)
+        #expect(staleReport.data.first?.totalTokens == 15)
+
+        let refreshedReport = PiSessionCostScanner.loadDailyReport(
+            provider: .codex,
+            since: day,
+            until: day,
+            now: day,
+            options: PiSessionCostScanner.Options(
+                piSessionsRoot: env.piSessionsRoot,
+                cacheRoot: env.cacheRoot,
+                refreshMinIntervalSeconds: 0,
+                forceRescan: true))
+        #expect(refreshedReport.data.first?.totalTokens == 25)
+    }
+
+    @Test
+    func `pi scanner derives cost when explicit cost is absent`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 4, day: 7)
+        let assistant: [String: Any] = [
+            "type": "message",
+            "timestamp": env.isoString(for: day),
+            "message": [
+                "role": "assistant",
+                "provider": "anthropic",
+                "model": "claude-sonnet-4-6",
+                "timestamp": Int(day.timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 70,
+                    "cacheRead": 4,
+                    "cacheWrite": 6,
+                    "output": 19,
+                    "totalTokens": 99,
+                ],
+            ],
+        ]
+
+        _ = try env.writePiSessionFile(
+            relativePath: "2026-04-07T10-00-00-000Z_test.jsonl",
+            contents: env.jsonl([assistant]))
+
+        let report = PiSessionCostScanner.loadDailyReport(
+            provider: .claude,
+            since: day,
+            until: day,
+            now: day,
+            options: PiSessionCostScanner.Options(
+                piSessionsRoot: env.piSessionsRoot,
+                cacheRoot: env.cacheRoot,
+                refreshMinIntervalSeconds: 0))
+
+        let expectedCost = CostUsagePricing.claudeCostUSD(
+            model: "claude-sonnet-4-6",
+            inputTokens: 70,
+            cacheReadInputTokens: 4,
+            cacheCreationInputTokens: 6,
+            outputTokens: 19)
+        #expect(report.data.count == 1)
+        #expect(report.data.first?.totalTokens == 99)
+        #expect(abs((report.data.first?.costUSD ?? 0) - (expectedCost ?? 0)) < 0.000001)
+    }
+
+    @Test
+    func `pi scanner preserves per-message threshold pricing`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 9)
+        let model = "claude-sonnet-4-6"
+        let firstAssistant: [String: Any] = [
+            "type": "message",
+            "timestamp": env.isoString(for: day),
+            "message": [
+                "role": "assistant",
+                "provider": "anthropic",
+                "model": model,
+                "timestamp": Int(day.timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 150_000,
+                    "output": 0,
+                    "totalTokens": 150_000,
+                ],
+            ],
+        ]
+        let secondAssistant: [String: Any] = [
+            "type": "message",
+            "timestamp": env.isoString(for: day.addingTimeInterval(1)),
+            "message": [
+                "role": "assistant",
+                "provider": "anthropic",
+                "model": model,
+                "timestamp": Int(day.addingTimeInterval(1).timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 150_000,
+                    "output": 0,
+                    "totalTokens": 150_000,
+                ],
+            ],
+        ]
+
+        _ = try env.writePiSessionFile(
+            relativePath: "2026-05-09T10-00-00-000Z_threshold.jsonl",
+            contents: env.jsonl([firstAssistant, secondAssistant]))
+
+        let report = PiSessionCostScanner.loadDailyReport(
+            provider: .claude,
+            since: day,
+            until: day,
+            now: day,
+            options: PiSessionCostScanner.Options(
+                piSessionsRoot: env.piSessionsRoot,
+                cacheRoot: env.cacheRoot,
+                refreshMinIntervalSeconds: 0))
+        let expectedRequestCost = CostUsagePricing.claudeCostUSD(
+            model: model,
+            inputTokens: 150_000,
+            cacheReadInputTokens: 0,
+            cacheCreationInputTokens: 0,
+            outputTokens: 0,
+            modelsDevCacheRoot: env.cacheRoot) ?? 0
+        let aggregateCost = CostUsagePricing.claudeCostUSD(
+            model: model,
+            inputTokens: 300_000,
+            cacheReadInputTokens: 0,
+            cacheCreationInputTokens: 0,
+            outputTokens: 0,
+            modelsDevCacheRoot: env.cacheRoot) ?? 0
+        let expectedCost = expectedRequestCost * 2
+
+        #expect(report.data.count == 1)
+        #expect(report.data.first?.totalTokens == 300_000)
+        #expect(abs((report.data.first?.costUSD ?? 0) - expectedCost) < 0.000001)
+        #expect(abs((report.data.first?.costUSD ?? 0) - aggregateCost) > 0.000001)
+        #expect(abs((report.data.first?.modelBreakdowns?.first?.costUSD ?? 0) - expectedCost) < 0.000001)
+    }
+
+    @Test
+    func `pi scanner ignores v1 cache missing usage sample counts`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let day = try env.makeLocalNoon(year: 2026, month: 5, day: 10)
+        let model = "claude-sonnet-4-6"
+        let firstAssistant: [String: Any] = [
+            "type": "message",
+            "timestamp": env.isoString(for: day),
+            "message": [
+                "role": "assistant",
+                "provider": "anthropic",
+                "model": model,
+                "timestamp": Int(day.timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 150_000,
+                    "output": 0,
+                    "totalTokens": 150_000,
+                ],
+            ],
+        ]
+        let secondAssistant: [String: Any] = [
+            "type": "message",
+            "timestamp": env.isoString(for: day.addingTimeInterval(1)),
+            "message": [
+                "role": "assistant",
+                "provider": "anthropic",
+                "model": model,
+                "timestamp": Int(day.addingTimeInterval(1).timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 150_000,
+                    "output": 0,
+                    "totalTokens": 150_000,
+                ],
+            ],
+        ]
+
+        let fileURL = try env.writePiSessionFile(
+            relativePath: "2026-05-10T10-00-00-000Z_threshold.jsonl",
+            contents: env.jsonl([firstAssistant, secondAssistant]))
+        let attrs = try FileManager.default.attributesOfItem(atPath: fileURL.path)
+        let mtime = try #require(attrs[.modificationDate] as? Date)
+        let size = try #require((attrs[.size] as? NSNumber)?.int64Value)
+
+        let requestCost = CostUsagePricing.claudeCostUSD(
+            model: model,
+            inputTokens: 150_000,
+            cacheReadInputTokens: 0,
+            cacheCreationInputTokens: 0,
+            outputTokens: 0,
+            modelsDevCacheRoot: env.cacheRoot) ?? 0
+        let aggregateCost = CostUsagePricing.claudeCostUSD(
+            model: model,
+            inputTokens: 300_000,
+            cacheReadInputTokens: 0,
+            cacheCreationInputTokens: 0,
+            outputTokens: 0,
+            modelsDevCacheRoot: env.cacheRoot) ?? 0
+        let aggregatePacked = PiPackedUsage(
+            inputTokens: 300_000,
+            totalTokens: 300_000,
+            costNanos: Int64((aggregateCost * 1_000_000_000).rounded()),
+            costSampleCount: 2,
+            usageSampleCount: nil)
+        let dayKey = "2026-05-10"
+        let contributions = [
+            UsageProvider.claude.rawValue: [
+                dayKey: [
+                    model: aggregatePacked,
+                ],
+            ],
+        ]
+        let oldFileUsage = PiSessionFileUsage(
+            mtimeUnixMs: Int64(mtime.timeIntervalSince1970 * 1000),
+            size: size,
+            parsedBytes: size,
+            lastModelContext: nil,
+            contributions: contributions)
+        var oldCache = PiSessionCostCache(version: 1)
+        oldCache.lastScanUnixMs = Int64(day.timeIntervalSince1970 * 1000)
+        oldCache.scanSinceKey = dayKey
+        oldCache.scanUntilKey = dayKey
+        oldCache.daysByProvider = contributions
+        oldCache.files = [fileURL.path: oldFileUsage]
+        let oldCacheURL = env.cacheRoot
+            .appendingPathComponent("cost-usage", isDirectory: true)
+            .appendingPathComponent("pi-sessions-v1.json", isDirectory: false)
+        try FileManager.default.createDirectory(
+            at: oldCacheURL.deletingLastPathComponent(),
+            withIntermediateDirectories: true)
+        try JSONEncoder().encode(oldCache).write(to: oldCacheURL)
+
+        let report = PiSessionCostScanner.loadDailyReport(
+            provider: .claude,
+            since: day,
+            until: day,
+            now: day,
+            options: PiSessionCostScanner.Options(
+                piSessionsRoot: env.piSessionsRoot,
+                cacheRoot: env.cacheRoot,
+                refreshMinIntervalSeconds: 3600))
+
+        let expectedCost = requestCost * 2
+        #expect(report.data.count == 1)
+        #expect(report.data.first?.totalTokens == 300_000)
+        #expect(abs((report.data.first?.costUSD ?? 0) - expectedCost) < 0.000001)
+        #expect(abs((report.data.first?.costUSD ?? 0) - aggregateCost) > 0.000001)
+
+        let newCache = PiSessionCostCacheIO.load(cacheRoot: env.cacheRoot)
+        let rebuilt = newCache.daysByProvider[UsageProvider.claude.rawValue]?[dayKey]?[model]
+        #expect(newCache.version == 2)
+        #expect(rebuilt?.usageSampleCount == 2)
+        #expect(rebuilt?.costSampleCount == 2)
+    }
+
+    @Test
+    func `pi scanner reparses unchanged cached file when scan window expands`() throws {
+        let env = try CostUsageTestEnvironment()
+        defer { env.cleanup() }
+
+        let oldDay = try env.makeLocalNoon(year: 2026, month: 4, day: 2)
+        let newDay = try env.makeLocalNoon(year: 2026, month: 4, day: 8)
+        let oldAssistant: [String: Any] = [
+            "type": "message",
+            "timestamp": env.isoString(for: oldDay),
+            "message": [
+                "role": "assistant",
+                "provider": "openai-codex",
+                "model": "gpt-5.4",
+                "timestamp": Int(oldDay.timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 10,
+                    "output": 5,
+                    "totalTokens": 15,
+                ],
+            ],
+        ]
+        let newAssistant: [String: Any] = [
+            "type": "message",
+            "timestamp": env.isoString(for: newDay),
+            "message": [
+                "role": "assistant",
+                "provider": "openai-codex",
+                "model": "gpt-5.4",
+                "timestamp": Int(newDay.timeIntervalSince1970 * 1000),
+                "usage": [
+                    "input": 20,
+                    "output": 10,
+                    "totalTokens": 30,
+                ],
+            ],
+        ]
+
+        _ = try env.writePiSessionFile(
+            relativePath: "2026-04-08T10-00-00-000Z_test.jsonl",
+            contents: env.jsonl([oldAssistant, newAssistant]))
+
+        let options = PiSessionCostScanner.Options(
+            piSessionsRoot: env.piSessionsRoot,
+            cacheRoot: env.cacheRoot,
+            refreshMinIntervalSeconds: 3600)
+        let narrowReport = PiSessionCostScanner.loadDailyReport(
+            provider: .codex,
+            since: newDay,
+            until: newDay,
+            now: newDay,
+            options: options)
+        #expect(narrowReport.data.map(\.date) == ["2026-04-08"])
+        #expect(narrowReport.data.first?.totalTokens == 30)
+
+        let expandedReport = PiSessionCostScanner.loadDailyReport(
+            provider: .codex,
+            since: oldDay,
+            until: newDay,
+            now: newDay.addingTimeInterval(1),
+            options: options)
+        #expect(expandedReport.data.map(\.date) == ["2026-04-02", "2026-04-08"])
+        #expect(expandedReport.summary?.totalTokens == 45)
+    }
+}
diff --git a/Tests/CodexBarTests/PopupLocalizationTests.swift b/Tests/CodexBarTests/PopupLocalizationTests.swift
new file mode 100644
index 000000000..8389645f9
--- /dev/null
+++ b/Tests/CodexBarTests/PopupLocalizationTests.swift
@@ -0,0 +1,183 @@
+import CodexBarCore
+import Foundation
+import SwiftUI
+import Testing
+@testable import CodexBar
+
+@MainActor
+@Suite(.serialized)
+struct PopupLocalizationTests {
+    @Test
+    func `descriptor account labels use selected localization`() throws {
+        try CodexBarLocalizationOverride.$appLanguage.withValue("zh-Hant") {
+            let suite = "PopupLocalizationTests-descriptor"
+            let settings = try Self.makeSettingsStore(suite: suite)
+            let store = UsageStore(
+                fetcher: UsageFetcher(environment: [:]),
+                browserDetection: BrowserDetection(cacheTTL: 0),
+                settings: settings,
+                startupBehavior: .testing)
+            store._setSnapshotForTesting(
+                UsageSnapshot(
+                    primary: RateWindow(usedPercent: 12, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+                    secondary: nil,
+                    updatedAt: Date(),
+                    identity: ProviderIdentitySnapshot(
+                        providerID: .codex,
+                        accountEmail: "codex@example.com",
+                        accountOrganization: nil,
+                        loginMethod: "free")),
+                provider: .codex)
+
+            let descriptor = MenuDescriptor.build(
+                provider: .codex,
+                store: store,
+                settings: settings,
+                account: AccountInfo(email: nil, plan: nil),
+                updateReady: false,
+                includeContextualActions: false)
+
+            let lines = Self.textLines(from: descriptor)
+
+            #expect(lines.contains("帳號: codex@example.com"))
+            #expect(lines.contains("方案: Free"))
+            #expect(!lines.contains("Account: codex@example.com"))
+            #expect(!lines.contains("Plan: Free"))
+        }
+    }
+
+    @Test
+    func `inline dashboard labels use selected localization`() throws {
+        try CodexBarLocalizationOverride.$appLanguage.withValue("zh-Hant") {
+            let now = Date(timeIntervalSince1970: 1_700_179_200)
+            let metadata = try #require(ProviderDefaults.metadata[.openrouter])
+            let usage = OpenRouterUsageSnapshot(
+                totalCredits: 100,
+                totalUsage: 40,
+                balance: 60,
+                usedPercent: 40,
+                keyDataFetched: true,
+                keyLimit: 25,
+                keyUsage: 10,
+                keyUsageDaily: 1.25,
+                keyUsageWeekly: 7.5,
+                keyUsageMonthly: 18.75,
+                rateLimit: OpenRouterRateLimit(requests: 100, interval: "10s"),
+                updatedAt: now)
+
+            let model = UsageMenuCardView.Model.make(.init(
+                provider: .openrouter,
+                metadata: metadata,
+                snapshot: usage.toUsageSnapshot(),
+                credits: nil,
+                creditsError: nil,
+                dashboard: nil,
+                dashboardError: nil,
+                tokenSnapshot: nil,
+                tokenError: nil,
+                account: AccountInfo(email: nil, plan: nil),
+                isRefreshing: false,
+                lastError: nil,
+                usageBarsShowUsed: false,
+                resetTimeDisplayStyle: .countdown,
+                tokenCostUsageEnabled: false,
+                showOptionalCreditsAndExtraUsage: true,
+                hidePersonalInfo: false,
+                now: now))
+
+            let dashboard = try #require(model.inlineUsageDashboard)
+
+            #expect(dashboard.kpis.map(\.title) == ["餘額", "今天", "週", "月"])
+            #expect(dashboard.points.map(\.label) == ["今天", "週", "月"])
+            #expect(dashboard.detailLines.contains("速率限制: 100 / 10s"))
+        }
+    }
+
+    @Test
+    func `cookie source dynamic subtitles use selected localization`() {
+        CodexBarLocalizationOverride.$appLanguage.withValue("zh-Hant") {
+            let subtitle = ProviderCookieSourceUI.subtitle(
+                source: .manual,
+                keychainDisabled: false,
+                auto: "Automatically imports browser cookies.",
+                manual: "Paste a Cookie header or cURL capture from T3 Chat settings.",
+                off: "T3 Chat cookies are disabled.")
+            let disabledSubtitle = ProviderCookieSourceUI.subtitle(
+                source: .manual,
+                keychainDisabled: true,
+                auto: "Automatically imports browser cookies.",
+                manual: "Paste a Cookie header or cURL capture from T3 Chat settings.",
+                off: "T3 Chat cookies are disabled.")
+            let jsonBundleSubtitle = ProviderCookieSourceUI.subtitle(
+                source: .manual,
+                keychainDisabled: false,
+                auto: "Automatically imports browser cookies.",
+                manual: "Paste the localStorage JSON bundle from Windsurf session.",
+                off: "Windsurf cookies are disabled.")
+
+            #expect(subtitle.contains("貼上"))
+            #expect(!subtitle.contains("Paste a Cookie"))
+            #expect(disabledSubtitle.contains("鑰匙圈"))
+            #expect(!disabledSubtitle.contains("Keychain access"))
+            #expect(jsonBundleSubtitle.contains("來自 Windsurf session 的 localStorage JSON"))
+        }
+    }
+
+    @Test
+    func `provider organization entries preserve provider supplied text`() throws {
+        let settings = try Self.makeSettingsStore(suite: "PopupLocalizationTests-organizations")
+        settings.kiloKnownOrganizations = [
+            KiloOrganization(id: "org_cost", name: "Cost", role: "Today"),
+        ]
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        let context = ProviderSettingsContext(
+            provider: .kilo,
+            settings: settings,
+            store: store,
+            boolBinding: { keyPath in
+                Binding(
+                    get: { settings[keyPath: keyPath] },
+                    set: { settings[keyPath: keyPath] = $0 })
+            },
+            stringBinding: { keyPath in
+                Binding(
+                    get: { settings[keyPath: keyPath] },
+                    set: { settings[keyPath: keyPath] = $0 })
+            },
+            statusText: { _ in nil },
+            setStatusText: { _, _ in },
+            lastAppActiveRunAt: { _ in nil },
+            setLastAppActiveRunAt: { _, _ in },
+            requestConfirmation: { _ in })
+        let descriptor = try #require(KiloProviderImplementation().settingsOrganizations(context: context))
+        let orgEntry = try #require(descriptor.entries().first { $0.id == "org_cost" })
+
+        #expect(orgEntry.title == "Cost")
+        #expect(orgEntry.localizesTitle == false)
+        #expect(orgEntry.subtitle == "Today")
+        #expect(orgEntry.localizesSubtitle == false)
+    }
+
+    private static func makeSettingsStore(suite: String) throws -> SettingsStore {
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+        return settings
+    }
+
+    private static func textLines(from descriptor: MenuDescriptor) -> [String] {
+        descriptor.sections.flatMap(\.entries).compactMap { entry -> String? in
+            guard case let .text(text, _) = entry else { return nil }
+            return text
+        }
+    }
+}
diff --git a/Tests/CodexBarTests/PreferencesPaneSmokeTests.swift b/Tests/CodexBarTests/PreferencesPaneSmokeTests.swift
index bb6d8f43a..a7b19b7bd 100644
--- a/Tests/CodexBarTests/PreferencesPaneSmokeTests.swift
+++ b/Tests/CodexBarTests/PreferencesPaneSmokeTests.swift
@@ -4,10 +4,10 @@ import Testing
 @testable import CodexBar
 
 @MainActor
-@Suite
+@Suite(.serialized)
 struct PreferencesPaneSmokeTests {
     @Test
-    func buildsPreferencePanesWithDefaultSettings() {
+    func `builds preference panes with default settings`() {
         let settings = Self.makeSettingsStore(suite: "PreferencesPaneSmokeTests-default")
         let store = Self.makeUsageStore(settings: settings)
 
@@ -22,11 +22,11 @@ struct PreferencesPaneSmokeTests {
     }
 
     @Test
-    func buildsPreferencePanesWithToggledSettings() {
+    func `builds preference panes with toggled settings`() {
         let settings = Self.makeSettingsStore(suite: "PreferencesPaneSmokeTests-toggled")
         settings.menuBarShowsBrandIconWithPercent = true
         settings.menuBarShowsHighestUsage = true
-        settings.showAllTokenAccountsInMenu = true
+        settings.multiAccountMenuLayout = .stacked
         settings.hidePersonalInfo = true
         settings.resetTimesShowAbsolute = true
         settings.debugDisableKeychainAccess = true
@@ -44,6 +44,41 @@ struct PreferencesPaneSmokeTests {
         _ = AboutPane(updater: DisabledUpdaterController()).body
     }
 
+    @Test
+    func `overview provider limit text formats numeric limit as object argument`() {
+        let text = DisplayPane.overviewProviderLimitText(limit: 3)
+
+        #expect(text.contains("3"))
+        #expect(!text.contains("%@"))
+    }
+
+    @Test
+    func `language preference updates global localization resolver`() {
+        let previousLanguage = UserDefaults.standard.object(forKey: "appLanguage")
+        let previousAppleLanguages = UserDefaults.standard.object(forKey: "AppleLanguages")
+        defer {
+            if let previousLanguage {
+                UserDefaults.standard.set(previousLanguage, forKey: "appLanguage")
+            } else {
+                UserDefaults.standard.removeObject(forKey: "appLanguage")
+            }
+            if let previousAppleLanguages {
+                UserDefaults.standard.set(previousAppleLanguages, forKey: "AppleLanguages")
+            } else {
+                UserDefaults.standard.removeObject(forKey: "AppleLanguages")
+            }
+        }
+
+        let settings = Self.makeSettingsStore(suite: "PreferencesPaneSmokeTests-language")
+
+        settings.appLanguage = "zh-Hans"
+
+        #expect(UserDefaults.standard.string(forKey: "appLanguage") == "zh-Hans")
+        #expect(L("tab_general") == "通用")
+        #expect(L("quota_warning_notifications_title") == "配额预警通知")
+        #expect(L("show_provider_storage_usage_title") == "显示提供商存储用量")
+    }
+
     private static func makeSettingsStore(suite: String) -> SettingsStore {
         let defaults = UserDefaults(suiteName: suite)!
         defaults.removePersistentDomain(forName: suite)
diff --git a/Tests/CodexBarTests/ProviderCandidateRetryRunnerTests.swift b/Tests/CodexBarTests/ProviderCandidateRetryRunnerTests.swift
index 4632d1b95..efe66f1c8 100644
--- a/Tests/CodexBarTests/ProviderCandidateRetryRunnerTests.swift
+++ b/Tests/CodexBarTests/ProviderCandidateRetryRunnerTests.swift
@@ -1,7 +1,6 @@
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct ProviderCandidateRetryRunnerTests {
     private enum TestError: Error, Equatable {
         case retryable(Int)
@@ -9,7 +8,7 @@ struct ProviderCandidateRetryRunnerTests {
     }
 
     @Test
-    func retriesThenSucceeds() async throws {
+    func `retries then succeeds`() async throws {
         let candidates = [1, 2, 3]
         var attempted: [Int] = []
         var retried: [Int] = []
@@ -39,7 +38,7 @@ struct ProviderCandidateRetryRunnerTests {
     }
 
     @Test
-    func nonRetryableFailsImmediately() async {
+    func `non retryable fails immediately`() async {
         let candidates = [1, 2, 3]
         var attempted: [Int] = []
         var retried: [Int] = []
@@ -71,7 +70,7 @@ struct ProviderCandidateRetryRunnerTests {
     }
 
     @Test
-    func exhaustedRetryableThrowsLastError() async {
+    func `exhausted retryable throws last error`() async {
         let candidates = [1, 2]
         var attempted: [Int] = []
         var retried: [Int] = []
@@ -103,7 +102,7 @@ struct ProviderCandidateRetryRunnerTests {
     }
 
     @Test
-    func emptyCandidatesThrowsNoCandidates() async {
+    func `empty candidates throws no candidates`() async {
         do {
             let candidates: [Int] = []
             _ = try await ProviderCandidateRetryRunner.run(
diff --git a/Tests/CodexBarTests/ProviderChangelogLinkTests.swift b/Tests/CodexBarTests/ProviderChangelogLinkTests.swift
new file mode 100644
index 000000000..a1923a4ab
--- /dev/null
+++ b/Tests/CodexBarTests/ProviderChangelogLinkTests.swift
@@ -0,0 +1,79 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@MainActor
+struct ProviderChangelogLinkTests {
+    @Test
+    func `known CLI providers declare changelog URLs`() {
+        let metadata = ProviderDefaults.metadata
+
+        #expect(metadata[.codex]?.changelogURL == "https://github.com/openai/codex/releases")
+        #expect(metadata[.claude]?.changelogURL == "https://github.com/anthropics/claude-code/releases")
+        #expect(metadata[.gemini]?.changelogURL == "https://github.com/google-gemini/gemini-cli/releases")
+    }
+
+    @Test
+    func `provider menu hides changelog action until enabled`() {
+        let codexDescriptor = self.makeDescriptor(
+            provider: .codex,
+            suite: "ProviderChangelogLinkTests-codex-default")
+        #expect(!self.actionTitles(from: codexDescriptor).contains("Changelog"))
+    }
+
+    @Test
+    func `provider menu shows changelog action only when setting and URL are present`() {
+        let codexDescriptor = self.makeDescriptor(
+            provider: .codex,
+            suite: "ProviderChangelogLinkTests-codex",
+            changelogLinksEnabled: true)
+        #expect(self.actionTitles(from: codexDescriptor).contains("Changelog"))
+
+        let openRouterDescriptor = self.makeDescriptor(
+            provider: .openrouter,
+            suite: "ProviderChangelogLinkTests-openrouter",
+            changelogLinksEnabled: true)
+        #expect(!self.actionTitles(from: openRouterDescriptor).contains("Changelog"))
+    }
+
+    private func makeDescriptor(
+        provider: UsageProvider,
+        suite: String,
+        changelogLinksEnabled: Bool = false) -> MenuDescriptor
+    {
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+        settings.providerChangelogLinksEnabled = changelogLinksEnabled
+
+        let fetcher = UsageFetcher(environment: [:])
+        let store = UsageStore(
+            fetcher: fetcher,
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+
+        return MenuDescriptor.build(
+            provider: provider,
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updateReady: false,
+            includeContextualActions: true)
+    }
+
+    private func actionTitles(from descriptor: MenuDescriptor) -> [String] {
+        descriptor.sections
+            .flatMap(\.entries)
+            .compactMap { entry -> String? in
+                guard case let .action(title, _) = entry else { return nil }
+                return title
+            }
+    }
+}
diff --git a/Tests/CodexBarTests/ProviderConfigEnvironmentTests.swift b/Tests/CodexBarTests/ProviderConfigEnvironmentTests.swift
index 702a50843..c2bf3a36e 100644
--- a/Tests/CodexBarTests/ProviderConfigEnvironmentTests.swift
+++ b/Tests/CodexBarTests/ProviderConfigEnvironmentTests.swift
@@ -1,10 +1,9 @@
 import CodexBarCore
 import Testing
 
-@Suite
 struct ProviderConfigEnvironmentTests {
     @Test
-    func appliesAPIKeyOverrideForZai() {
+    func `applies API key override for zai`() {
         let config = ProviderConfig(id: .zai, apiKey: "z-token")
         let env = ProviderConfigEnvironment.applyAPIKeyOverride(
             base: [:],
@@ -15,7 +14,7 @@ struct ProviderConfigEnvironmentTests {
     }
 
     @Test
-    func appliesAPIKeyOverrideForWarp() {
+    func `applies API key override for warp`() {
         let config = ProviderConfig(id: .warp, apiKey: "w-token")
         let env = ProviderConfigEnvironment.applyAPIKeyOverride(
             base: [:],
@@ -30,7 +29,7 @@ struct ProviderConfigEnvironmentTests {
     }
 
     @Test
-    func appliesAPIKeyOverrideForOpenRouter() {
+    func `applies API key override for open router`() {
         let config = ProviderConfig(id: .openrouter, apiKey: "or-token")
         let env = ProviderConfigEnvironment.applyAPIKeyOverride(
             base: [:],
@@ -41,7 +40,304 @@ struct ProviderConfigEnvironmentTests {
     }
 
     @Test
-    func appliesAPIKeyOverrideForKilo() {
+    func `applies API key override for doubao`() {
+        let config = ProviderConfig(id: .doubao, apiKey: "db-token")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [:],
+            provider: .doubao,
+            config: config)
+
+        #expect(env[DoubaoSettingsReader.apiKeyEnvironmentKeys[0]] == "db-token")
+        #expect(ProviderTokenResolver.doubaoToken(environment: env) == "db-token")
+    }
+
+    func `applies API key override for moonshot`() {
+        let config = ProviderConfig(id: .moonshot, apiKey: "moon-token")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [:],
+            provider: .moonshot,
+            config: config)
+
+        let key = MoonshotSettingsReader.apiKeyEnvironmentKeys.first
+        #expect(key != nil)
+        guard let key else { return }
+
+        #expect(env[key] == "moon-token")
+    }
+
+    @Test
+    func `applies API key override for elevenlabs`() {
+        let config = ProviderConfig(id: .elevenlabs, apiKey: "xi-token")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [:],
+            provider: .elevenlabs,
+            config: config)
+
+        #expect(env[ElevenLabsSettingsReader.apiKeyEnvironmentKey] == "xi-token")
+        #expect(ProviderTokenResolver.elevenLabsToken(environment: env) == "xi-token")
+    }
+
+    @Test
+    func `applies API key override for groq`() {
+        let config = ProviderConfig(id: .groq, apiKey: "gsk-token")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [:],
+            provider: .groq,
+            config: config)
+
+        #expect(env[GroqSettingsReader.apiKeyEnvironmentKey] == "gsk-token")
+        #expect(ProviderTokenResolver.groqToken(environment: env) == "gsk-token")
+    }
+
+    @Test
+    func `applies LLM Proxy config overrides`() {
+        let config = ProviderConfig(
+            id: .llmproxy,
+            apiKey: "proxy-token",
+            enterpriseHost: "https://proxy.example.com")
+        let env = ProviderConfigEnvironment.applyProviderConfigOverrides(
+            base: [:],
+            provider: .llmproxy,
+            config: config)
+
+        #expect(env[LLMProxySettingsReader.apiKeyEnvironmentKey] == "proxy-token")
+        #expect(env[LLMProxySettingsReader.baseURLEnvironmentKey] == "https://proxy.example.com")
+        #expect(ProviderTokenResolver.llmProxyToken(environment: env) == "proxy-token")
+    }
+
+    @Test
+    func `openai config override uses preferred admin key environment`() {
+        let config = ProviderConfig(id: .openai, apiKey: "config-openai-token")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [
+                OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey: "env-admin-token",
+                OpenAIAPISettingsReader.apiKeyEnvironmentKey: "env-api-token",
+            ],
+            provider: .openai,
+            config: config)
+
+        #expect(env[OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey] == "config-openai-token")
+        #expect(env[OpenAIAPISettingsReader.apiKeyEnvironmentKey] == "env-api-token")
+        #expect(ProviderTokenResolver.openAIAPIToken(environment: env) == "config-openai-token")
+    }
+
+    @Test
+    func `openai config override applies project ID without replacing environment key`() {
+        let config = ProviderConfig(id: .openai, workspaceID: "proj_config")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [
+                OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey: "env-admin-token",
+            ],
+            provider: .openai,
+            config: config)
+
+        #expect(env[OpenAIAPISettingsReader.adminAPIKeyEnvironmentKey] == "env-admin-token")
+        #expect(env[OpenAIAPISettingsReader.projectIDEnvironmentKey] == "proj_config")
+        #expect(OpenAIAPISettingsReader.projectID(environment: env) == "proj_config")
+    }
+
+    @Test
+    func `applies Azure OpenAI config overrides`() {
+        let config = ProviderConfig(
+            id: .azureopenai,
+            apiKey: "config-azure-token",
+            workspaceID: "chat-prod",
+            enterpriseHost: "https://example-resource.openai.azure.com")
+        let env = ProviderConfigEnvironment.applyProviderConfigOverrides(
+            base: [
+                AzureOpenAISettingsReader.apiKeyEnvironmentKey: "env-azure-token",
+                AzureOpenAISettingsReader.endpointEnvironmentKey: "https://env-resource.openai.azure.com",
+                AzureOpenAISettingsReader.deploymentNameEnvironmentKey: "env-deployment",
+            ],
+            provider: .azureopenai,
+            config: config)
+
+        #expect(env[AzureOpenAISettingsReader.apiKeyEnvironmentKey] == "config-azure-token")
+        #expect(env[AzureOpenAISettingsReader.endpointEnvironmentKey] == "https://example-resource.openai.azure.com")
+        #expect(env[AzureOpenAISettingsReader.deploymentNameEnvironmentKey] == "chat-prod")
+        #expect(ProviderTokenResolver.azureOpenAIToken(environment: env) == "config-azure-token")
+        #expect(AzureOpenAISettingsReader.deploymentName(environment: env) == "chat-prod")
+    }
+
+    @Test
+    func `bedrock config maps AWS credential fields`() {
+        let config = ProviderConfig(
+            id: .bedrock,
+            apiKey: "AKIATEST",
+            secretKey: "secret",
+            cookieHeader: "legacy-cookie-secret",
+            region: "us-west-2")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [:],
+            provider: .bedrock,
+            config: config)
+
+        #expect(env[BedrockSettingsReader.accessKeyIDKey] == "AKIATEST")
+        #expect(env[BedrockSettingsReader.secretAccessKeyKey] == "secret")
+        #expect(env[BedrockSettingsReader.regionKeys[0]] == "us-west-2")
+        #expect(!env.values.contains("legacy-cookie-secret"))
+    }
+
+    @Test
+    func `bedrock config merges secret and region without replacing environment access key`() {
+        let config = ProviderConfig(
+            id: .bedrock,
+            apiKey: nil,
+            secretKey: "config-secret",
+            region: "eu-central-1")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [BedrockSettingsReader.accessKeyIDKey: "env-access"],
+            provider: .bedrock,
+            config: config)
+
+        #expect(env[BedrockSettingsReader.accessKeyIDKey] == "env-access")
+        #expect(env[BedrockSettingsReader.secretAccessKeyKey] == "config-secret")
+        #expect(env[BedrockSettingsReader.regionKeys[0]] == "eu-central-1")
+        #expect(BedrockSettingsReader.hasCredentials(environment: env))
+    }
+
+    @Test
+    func `bedrock merged static credentials win over inherited AWS_PROFILE`() {
+        let config = ProviderConfig(
+            id: .bedrock,
+            secretKey: "config-secret",
+            region: "eu-central-1")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [
+                BedrockSettingsReader.profileKey: "work",
+                BedrockSettingsReader.accessKeyIDKey: "env-access",
+            ],
+            provider: .bedrock,
+            config: config)
+
+        #expect(env[BedrockSettingsReader.accessKeyIDKey] == "env-access")
+        #expect(env[BedrockSettingsReader.secretAccessKeyKey] == "config-secret")
+        #expect(env[BedrockSettingsReader.regionKeys[0]] == "eu-central-1")
+        #expect(BedrockSettingsReader.authMode(environment: env) == .keys)
+    }
+
+    @Test
+    func `bedrock profile mode projects AWS_PROFILE without saved static keys`() {
+        let config = ProviderConfig(
+            id: .bedrock,
+            apiKey: "AKIATEST",
+            secretKey: "secret",
+            region: "eu-west-1",
+            awsProfile: "work",
+            awsAuthMode: "profile")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [:],
+            provider: .bedrock,
+            config: config)
+        #expect(env[BedrockSettingsReader.authModeKey] == "profile")
+        #expect(env[BedrockSettingsReader.profileKey] == "work")
+        #expect(env[BedrockSettingsReader.regionKeys[0]] == "eu-west-1")
+        #expect(env[BedrockSettingsReader.accessKeyIDKey] == nil)
+        #expect(env[BedrockSettingsReader.secretAccessKeyKey] == nil)
+    }
+
+    @Test
+    func `bedrock config without explicit mode preserves env profile inference`() {
+        let config = ProviderConfig(id: .bedrock, region: "us-east-1")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [BedrockSettingsReader.profileKey: "work"],
+            provider: .bedrock,
+            config: config)
+        #expect(env[BedrockSettingsReader.authModeKey] == nil)
+        #expect(env[BedrockSettingsReader.profileKey] == "work")
+        #expect(BedrockSettingsReader.authMode(environment: env) == .profile)
+    }
+
+    @Test
+    func `bedrock saved static keys survive base AWS_PROFILE when auth mode is unset`() {
+        let config = ProviderConfig(
+            id: .bedrock,
+            apiKey: "AKIASAVED",
+            secretKey: "saved-secret",
+            region: "us-east-1")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [BedrockSettingsReader.profileKey: "work"],
+            provider: .bedrock,
+            config: config)
+        // Upgrade path: saved keys win over an inherited AWS_PROFILE, no silent switch.
+        #expect(env[BedrockSettingsReader.accessKeyIDKey] == "AKIASAVED")
+        #expect(env[BedrockSettingsReader.secretAccessKeyKey] == "saved-secret")
+        #expect(BedrockSettingsReader.authMode(environment: env) == .keys)
+    }
+
+    @Test
+    func `bedrock profile mode preserves inherited static credentials for environment source profiles`() {
+        let config = ProviderConfig(id: .bedrock, awsProfile: "work", awsAuthMode: "profile")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [
+                BedrockSettingsReader.accessKeyIDKey: "AKIAINHERITED",
+                BedrockSettingsReader.secretAccessKeyKey: "inherited-secret",
+                BedrockSettingsReader.sessionTokenKey: "inherited-token",
+            ],
+            provider: .bedrock,
+            config: config)
+        #expect(env[BedrockSettingsReader.accessKeyIDKey] == "AKIAINHERITED")
+        #expect(env[BedrockSettingsReader.secretAccessKeyKey] == "inherited-secret")
+        #expect(env[BedrockSettingsReader.sessionTokenKey] == "inherited-token")
+        #expect(env[BedrockSettingsReader.profileKey] == "work")
+    }
+
+    @Test
+    func `bedrock env profile mode does not project saved static credentials`() {
+        let config = ProviderConfig(
+            id: .bedrock,
+            apiKey: "AKIASAVED",
+            secretKey: "saved-secret")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [
+                BedrockSettingsReader.authModeKey: "profile",
+                BedrockSettingsReader.profileKey: "work",
+            ],
+            provider: .bedrock,
+            config: config)
+
+        #expect(env[BedrockSettingsReader.authModeKey] == "profile")
+        #expect(env[BedrockSettingsReader.profileKey] == "work")
+        #expect(env[BedrockSettingsReader.accessKeyIDKey] == nil)
+        #expect(env[BedrockSettingsReader.secretAccessKeyKey] == nil)
+    }
+
+    @Test
+    func `bedrock keys mode still projects static credentials`() {
+        let config = ProviderConfig(
+            id: .bedrock,
+            apiKey: "AKIATEST",
+            secretKey: "secret",
+            region: "us-west-2",
+            awsAuthMode: "keys")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [:],
+            provider: .bedrock,
+            config: config)
+        #expect(env[BedrockSettingsReader.authModeKey] == "keys")
+        #expect(env[BedrockSettingsReader.accessKeyIDKey] == "AKIATEST")
+        #expect(env[BedrockSettingsReader.secretAccessKeyKey] == "secret")
+        #expect(env[BedrockSettingsReader.profileKey] == nil)
+    }
+
+    @Test
+    func `ignores legacy API key override for deepseek`() {
+        let config = ProviderConfig(id: .deepseek, apiKey: "ds-token")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [:],
+            provider: .deepseek,
+            config: config)
+
+        let key = DeepSeekSettingsReader.apiKeyEnvironmentKeys.first
+        #expect(key != nil)
+        guard let key else { return }
+
+        #expect(env[key] == nil)
+        #expect(ProviderTokenResolver.deepseekToken(environment: env) == nil)
+    }
+
+    @Test
+    func `applies API key override for kilo`() {
         let config = ProviderConfig(id: .kilo, apiKey: "kilo-token")
         let env = ProviderConfigEnvironment.applyAPIKeyOverride(
             base: [:],
@@ -53,7 +349,7 @@ struct ProviderConfigEnvironmentTests {
     }
 
     @Test
-    func openRouterConfigOverrideWinsOverEnvironmentToken() {
+    func `open router config override wins over environment token`() {
         let config = ProviderConfig(id: .openrouter, apiKey: "config-token")
         let env = ProviderConfigEnvironment.applyAPIKeyOverride(
             base: [OpenRouterSettingsReader.envKey: "env-token"],
@@ -65,7 +361,85 @@ struct ProviderConfigEnvironmentTests {
     }
 
     @Test
-    func leavesEnvironmentWhenAPIKeyMissing() {
+    func `deepseek config override leaves environment token alone`() {
+        let config = ProviderConfig(id: .deepseek, apiKey: "config-token")
+        let envKey = DeepSeekSettingsReader.apiKeyEnvironmentKeys[0]
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [envKey: "env-token"],
+            provider: .deepseek,
+            config: config)
+
+        #expect(env[envKey] == "env-token")
+        #expect(ProviderTokenResolver.deepseekToken(environment: env) == "env-token")
+    }
+
+    @Test
+    func `applies API key override for codebuff`() {
+        let config = ProviderConfig(id: .codebuff, apiKey: "cb-config-token")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [:],
+            provider: .codebuff,
+            config: config)
+
+        #expect(env[CodebuffSettingsReader.apiTokenKey] == "cb-config-token")
+        #expect(
+            ProviderTokenResolver.codebuffToken(environment: env, authFileURL: nil)
+                == "cb-config-token")
+    }
+
+    @Test
+    func `applies API key override for deepgram`() {
+        let config = ProviderConfig(id: .deepgram, apiKey: "dg-token")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [:],
+            provider: .deepgram,
+            config: config)
+
+        #expect(env[DeepgramSettingsReader.apiKeyEnvironmentKey] == "dg-token")
+        #expect(ProviderTokenResolver.deepgramResolution(
+            type: .apiKey,
+            environment: env)
+            == "dg-token")
+    }
+
+    @Test
+    func `applies Deepgram project ID override from provider config`() {
+        let config = ProviderConfig(id: .deepgram, workspaceID: "proj-123")
+        let env = ProviderConfigEnvironment.applyProviderConfigOverrides(
+            base: [:],
+            provider: .deepgram,
+            config: config)
+
+        #expect(env[DeepgramSettingsReader.projectIDEnvironmentKey] == "proj-123")
+    }
+
+    @Test
+    func `Deepgram project ID config overrides environment`() {
+        let config = ProviderConfig(id: .deepgram, workspaceID: "config-project")
+        let env = ProviderConfigEnvironment.applyProviderConfigOverrides(
+            base: [DeepgramSettingsReader.projectIDEnvironmentKey: "env-project"],
+            provider: .deepgram,
+            config: config)
+
+        #expect(env[DeepgramSettingsReader.projectIDEnvironmentKey] == "config-project")
+    }
+
+    @Test
+    func `codebuff config override leaves environment token alone`() {
+        let config = ProviderConfig(id: .codebuff, apiKey: "config-token")
+        let env = ProviderConfigEnvironment.applyAPIKeyOverride(
+            base: [CodebuffSettingsReader.apiTokenKey: "env-token"],
+            provider: .codebuff,
+            config: config)
+
+        #expect(env[CodebuffSettingsReader.apiTokenKey] == "env-token")
+        #expect(
+            ProviderTokenResolver.codebuffToken(environment: env, authFileURL: nil)
+                == "env-token")
+    }
+
+    @Test
+    func `leaves environment when API key missing`() {
         let config = ProviderConfig(id: .zai, apiKey: nil)
         let env = ProviderConfigEnvironment.applyAPIKeyOverride(
             base: [ZaiSettingsReader.apiTokenKey: "existing"],
diff --git a/Tests/CodexBarTests/ProviderDiagnosticExportTests.swift b/Tests/CodexBarTests/ProviderDiagnosticExportTests.swift
new file mode 100644
index 000000000..71065bdff
--- /dev/null
+++ b/Tests/CodexBarTests/ProviderDiagnosticExportTests.swift
@@ -0,0 +1,313 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct ProviderDiagnosticExportTests {
+    @Test
+    func `generic diagnostic export encodes safe provider envelope`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let export = ProviderDiagnosticExport(
+            timestamp: now,
+            provider: "openai",
+            displayName: "OpenAI",
+            source: "api",
+            sourceMode: "auto",
+            auth: ProviderDiagnosticAuthSummary(configured: true, modes: ["api"]),
+            usage: ProviderDiagnosticUsageSummary(from: UsageSnapshot(
+                primary: RateWindow(
+                    usedPercent: 25,
+                    windowMinutes: 300,
+                    resetsAt: now.addingTimeInterval(18000),
+                    resetDescription: "raw local text"),
+                secondary: nil,
+                updatedAt: now)),
+            fetchAttempts: [
+                ProviderDiagnosticFetchAttempt(
+                    kind: "api",
+                    wasAvailable: true,
+                    errorCategory: nil),
+            ],
+            error: nil,
+            settings: ProviderDiagnosticSettingsSummary(sourceMode: .auto),
+            details: nil)
+
+        let json = try self.json(export)
+
+        #expect(json.contains("\"provider\""))
+        #expect(json.contains("\"openai\""))
+        #expect(json.contains("\"auth\""))
+        #expect(json.contains("\"hasResetDescription\""))
+        #expect(!json.contains("sk-cp-"))
+        #expect(!json.contains("sk-api-"))
+        #expect(!json.contains("Bearer"))
+        #expect(!json.contains("raw local text"))
+        #expect(!json.contains("errorMessage"))
+        #expect(!json.contains("localizedDescription"))
+    }
+
+    @Test
+    func `raw error text never appears in encoded JSON`() throws {
+        let export = ProviderDiagnosticExport(
+            timestamp: Date(timeIntervalSince1970: 1_700_000_000),
+            provider: "minimax",
+            displayName: "MiniMax",
+            source: "failed",
+            sourceMode: "auto",
+            auth: ProviderDiagnosticAuthSummary(configured: true, modes: ["api"]),
+            usage: nil,
+            fetchAttempts: [
+                ProviderDiagnosticFetchAttempt(
+                    kind: "api",
+                    wasAvailable: true,
+                    errorCategory: "network"),
+            ],
+            error: ProviderDiagnosticError(
+                category: "network",
+                safeDescription: "Network error - check your connection"),
+            settings: ProviderDiagnosticSettingsSummary(sourceMode: .auto, apiRegion: "global"),
+            details: nil)
+
+        let json = try self.json(export)
+
+        #expect(!json.contains("connection refused"))
+        #expect(!json.contains("network probe"))
+        #expect(!json.contains("not safe to expose"))
+        #expect(!json.contains("localizedDescription"))
+        #expect(!json.contains("raw"))
+        #expect(!json.contains("errorMessage"))
+        #expect(json.contains("errorCategory"))
+        #expect(json.contains("\"network\""))
+    }
+
+    @Test
+    func `diagnostic error maps MiniMaxUsageError categories safely`() {
+        let networkError = MiniMaxUsageError.networkError("connection refused")
+        let invalidCreds = MiniMaxUsageError.invalidCredentials
+        let apiError = MiniMaxUsageError.apiError("HTTP 404")
+        let parseError = MiniMaxUsageError.parseFailed("unexpected")
+
+        let diagNetwork = ProviderDiagnosticError(from: networkError, authConfigured: true)
+        #expect(diagNetwork.category == "network")
+        #expect(!diagNetwork.safeDescription.contains("connection refused"))
+
+        let diagCreds = ProviderDiagnosticError(from: invalidCreds, authConfigured: true)
+        #expect(diagCreds.category == "auth")
+
+        let diagAPI = ProviderDiagnosticError(from: apiError, authConfigured: true)
+        #expect(diagAPI.category == "api")
+
+        let diagParse = ProviderDiagnosticError(from: parseError, authConfigured: true)
+        #expect(diagParse.category == "parse")
+    }
+
+    @Test
+    func `no available strategy maps missing auth to auth category`() {
+        let error = ProviderFetchError.noAvailableStrategy(.minimax)
+        let diag = ProviderDiagnosticError(from: error, authConfigured: false)
+
+        #expect(diag.category == "auth")
+        #expect(diag.safeDescription.contains("Authentication"))
+    }
+
+    @Test
+    func `available failed strategy does not imply auth is configured`() {
+        let outcome = ProviderFetchOutcome(
+            result: .failure(ProviderFetchError.noAvailableStrategy(.antigravity)),
+            attempts: [
+                ProviderFetchAttempt(
+                    strategyID: "antigravity.local",
+                    kind: .localProbe,
+                    wasAvailable: true,
+                    errorDescription: "unauthenticated local probe"),
+            ])
+
+        let summary = ProviderDiagnosticAuthSummary(configured: false, modes: []).resolved(with: outcome)
+
+        #expect(!summary.configured)
+        #expect(summary.modes.isEmpty)
+    }
+
+    @Test
+    func `fetch attempt error maps to safe category, never raw text`() {
+        let attemptWithRawError = ProviderFetchAttempt(
+            strategyID: "minimax.api",
+            kind: .apiToken,
+            wasAvailable: true,
+            errorDescription: "MiniMax API timeout after 30 seconds - connection refused for host platform.minimax.io")
+        let diagAttempt = ProviderDiagnosticFetchAttempt(from: attemptWithRawError)
+        #expect(diagAttempt.kind == "api")
+        #expect(diagAttempt.wasAvailable == true)
+        let errorCategoryOne = diagAttempt.errorCategory
+        #expect(errorCategoryOne == "network")
+        let cat1 = errorCategoryOne ?? ""
+        #expect(!cat1.contains("timeout"))
+        #expect(!cat1.contains("connection refused"))
+        #expect(!cat1.contains("platform.minimax.io"))
+
+        let attemptWithAuthError = ProviderFetchAttempt(
+            strategyID: "minimax.web",
+            kind: .web,
+            wasAvailable: false,
+            errorDescription: "invalid auth token cookie HERTZ-SESSION=abc123")
+        let diagAuthAttempt = ProviderDiagnosticFetchAttempt(from: attemptWithAuthError)
+        #expect(diagAuthAttempt.wasAvailable == false)
+        let errorCategoryTwo = diagAuthAttempt.errorCategory
+        #expect(errorCategoryTwo == "auth")
+        let cat2 = errorCategoryTwo ?? ""
+        #expect(!cat2.contains("HERTZ-SESSION"))
+    }
+
+    @Test
+    func `missing api key setup errors map to auth before api`() {
+        let category = ProviderDiagnosticFetchAttempt.errorCategoryLabel(
+            "Azure OpenAI API key not configured. Set AZURE_OPENAI_API_KEY.")
+
+        #expect(category == "auth")
+    }
+
+    @Test
+    func `MiniMax details map from MiniMaxUsageSnapshot correctly`() {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let snapshot = MiniMaxUsageSnapshot(
+            planName: "Max",
+            availablePrompts: 1000,
+            currentPrompts: 250,
+            remainingPrompts: 750,
+            windowMinutes: 300,
+            usedPercent: 25,
+            resetsAt: now.addingTimeInterval(18000),
+            updatedAt: now,
+            services: nil)
+
+        let details = MiniMaxDiagnosticDetails(from: snapshot)
+        #expect(details.planName == "Max")
+        #expect(details.availablePrompts == 1000)
+        #expect(details.currentPrompts == 250)
+        #expect(details.remainingPrompts == 750)
+        #expect(details.windowMinutes == 300)
+        #expect(details.usedPercent == 25)
+    }
+
+    @Test
+    func `service usage maps from MiniMaxServiceUsage correctly`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let service = MiniMaxServiceUsage(
+            serviceType: "Text Generation",
+            windowType: "5 hours",
+            timeRange: "10:00-15:00(UTC+8)",
+            usage: 750,
+            limit: 1000,
+            percent: 75,
+            resetsAt: now.addingTimeInterval(18000),
+            resetDescription: "5 hours")
+
+        let diagService = MiniMaxDiagnosticServiceUsage(from: service)
+        #expect(diagService.displayName == "Text Generation")
+        #expect(diagService.percent == 75)
+        #expect(diagService.windowType == "5 hours")
+        #expect(diagService.hasResetDescription == true)
+
+        let json = try self.json(diagService)
+        #expect(json.contains("hasResetDescription"))
+        #expect(!json.contains("resetDescription"))
+    }
+
+    @Test
+    func `builder creates generic safe diagnostic with error on failure`() {
+        let outcome = ProviderFetchOutcome(
+            result: .failure(MiniMaxUsageError.networkError("timeout")),
+            attempts: [
+                ProviderFetchAttempt(
+                    strategyID: "minimax.api",
+                    kind: .apiToken,
+                    wasAvailable: true,
+                    errorDescription: "timeout"),
+            ])
+
+        let diag = ProviderDiagnosticExportBuilder.build(.init(
+            provider: .minimax,
+            descriptor: ProviderDescriptorRegistry.descriptor(for: .minimax),
+            outcome: outcome,
+            sourceMode: .auto,
+            settings: nil,
+            auth: ProviderDiagnosticAuthSummary(configured: true, modes: ["apiToken"])))
+
+        #expect(diag.provider == "minimax")
+        #expect(diag.source == "failed")
+        #expect(diag.auth.configured == true)
+        #expect(diag.usage == nil)
+        #expect(diag.error != nil)
+        #expect(diag.error?.category == "network")
+        #expect(diag.fetchAttempts.count == 1)
+        #expect(diag.fetchAttempts[0].errorCategory == "network")
+    }
+
+    @Test
+    func `builder creates generic safe diagnostic with MiniMax details on success`() {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let snapshot = MiniMaxUsageSnapshot(
+            planName: "Max",
+            availablePrompts: 1000,
+            currentPrompts: 250,
+            remainingPrompts: 750,
+            windowMinutes: 300,
+            usedPercent: 25,
+            resetsAt: now.addingTimeInterval(18000),
+            updatedAt: now)
+
+        let result = ProviderFetchResult(
+            usage: UsageSnapshot(
+                primary: RateWindow(
+                    usedPercent: 25,
+                    windowMinutes: 300,
+                    resetsAt: now.addingTimeInterval(18000),
+                    resetDescription: nil),
+                secondary: nil,
+                tertiary: nil,
+                minimaxUsage: snapshot,
+                updatedAt: now),
+            credits: nil,
+            dashboard: nil,
+            sourceLabel: "api",
+            strategyID: "minimax.api",
+            strategyKind: .apiToken)
+
+        let outcome = ProviderFetchOutcome(
+            result: .success(result),
+            attempts: [
+                ProviderFetchAttempt(
+                    strategyID: "minimax.api",
+                    kind: .apiToken,
+                    wasAvailable: true,
+                    errorDescription: nil),
+            ])
+
+        let diag = ProviderDiagnosticExportBuilder.build(.init(
+            provider: .minimax,
+            descriptor: ProviderDescriptorRegistry.descriptor(for: .minimax),
+            outcome: outcome,
+            sourceMode: .auto,
+            settings: nil,
+            auth: ProviderDiagnosticAuthSummary(configured: true, modes: ["apiToken"])))
+
+        #expect(diag.provider == "minimax")
+        #expect(diag.source == "api")
+        #expect(diag.auth.configured == true)
+        #expect(diag.usage != nil)
+        #expect(diag.error == nil)
+
+        guard case let .minimax(details) = diag.details else {
+            Issue.record("Expected MiniMax diagnostic details")
+            return
+        }
+        #expect(details.planName == "Max")
+    }
+
+    private func json(_ value: some Encodable) throws -> String {
+        let encoder = JSONEncoder()
+        encoder.dateEncodingStrategy = .iso8601
+        encoder.outputFormatting = .prettyPrinted
+        let data = try encoder.encode(value)
+        return String(data: data, encoding: .utf8) ?? ""
+    }
+}
diff --git a/Tests/CodexBarTests/ProviderHTTPClientTests.swift b/Tests/CodexBarTests/ProviderHTTPClientTests.swift
new file mode 100644
index 000000000..c07b43e06
--- /dev/null
+++ b/Tests/CodexBarTests/ProviderHTTPClientTests.swift
@@ -0,0 +1,208 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct ProviderHTTPClientTests {
+    @Test
+    func `default client configuration fails blocked connections promptly`() {
+        let configuration = ProviderHTTPClient.defaultConfiguration()
+
+        #expect(configuration.timeoutIntervalForRequest == 30)
+        #expect(configuration.timeoutIntervalForResource == 90)
+        #if !os(Linux)
+        #expect(configuration.waitsForConnectivity == false)
+        #endif
+    }
+
+    @Test
+    func `client loads requests through an injected session`() async throws {
+        StubURLProtocol.requests = []
+        StubURLProtocol.handler = { request in
+            StubURLProtocol.requests.append(request)
+            let response = try HTTPURLResponse(
+                url: #require(request.url),
+                statusCode: 200,
+                httpVersion: "HTTP/1.1",
+                headerFields: ["Content-Type": "application/json"])!
+            return (Data(#"{"ok":true}"#.utf8), response)
+        }
+        defer {
+            StubURLProtocol.handler = nil
+            StubURLProtocol.requests = []
+        }
+
+        let configuration = URLSessionConfiguration.ephemeral
+        configuration.protocolClasses = [StubURLProtocol.self]
+        let client = ProviderHTTPClient(session: URLSession(configuration: configuration))
+        let request = try URLRequest(url: #require(URL(string: "https://example.com/status")))
+
+        let (data, response) = try await client.data(for: request)
+
+        let body = try #require(String(data: data, encoding: .utf8))
+        #expect(body == #"{"ok":true}"#)
+        #expect((response as? HTTPURLResponse)?.statusCode == 200)
+        #expect(StubURLProtocol.requests.count == 1)
+        #expect(StubURLProtocol.requests.first?.url?.host == "example.com")
+    }
+
+    @Test
+    func `response helper unwraps HTTP responses`() async throws {
+        let transport = ProviderHTTPTransportHandler { request in
+            let response = try HTTPURLResponse(
+                url: #require(request.url),
+                statusCode: 204,
+                httpVersion: "HTTP/1.1",
+                headerFields: ["X-Test": "ok"])!
+            return (Data("done".utf8), response)
+        }
+        let request = try URLRequest(url: #require(URL(string: "https://example.com/ok")))
+
+        let response = try await transport.response(for: request)
+
+        #expect(response.statusCode == 204)
+        #expect(response.response.value(forHTTPHeaderField: "X-Test") == "ok")
+        #expect(String(data: response.data, encoding: .utf8) == "done")
+    }
+
+    @Test
+    func `response helper rejects non HTTP responses`() async throws {
+        let transport = ProviderHTTPTransportHandler { request in
+            let response = URLResponse(
+                url: request.url ?? URL(string: "https://example.com/not-http")!,
+                mimeType: nil,
+                expectedContentLength: 0,
+                textEncodingName: nil)
+            return (Data(), response)
+        }
+        let request = try URLRequest(url: #require(URL(string: "https://example.com/not-http")))
+
+        await #expect(throws: URLError.self) {
+            _ = try await transport.response(for: request)
+        }
+    }
+
+    @Test
+    func `response helper retries transient HTTP status once`() async throws {
+        let script = ScriptedHTTPTransport(statusCodes: [503, 200])
+        let request = try URLRequest(url: #require(URL(string: "https://example.com/retry")))
+
+        let response = try await script.response(for: request, retryPolicy: .testOneRetry)
+
+        #expect(response.statusCode == 200)
+        #expect(await script.requestCount() == 2)
+    }
+
+    @Test
+    func `response helper retries transient URL error once`() async throws {
+        let script = ScriptedHTTPTransport(results: [
+            .failure(URLError(.timedOut)),
+            .success(200),
+        ])
+        let request = try URLRequest(url: #require(URL(string: "https://example.com/retry-error")))
+
+        let response = try await script.response(for: request, retryPolicy: .testOneRetry)
+
+        #expect(response.statusCode == 200)
+        #expect(await script.requestCount() == 2)
+    }
+
+    @Test
+    func `response helper does not retry non idempotent methods`() async throws {
+        let script = ScriptedHTTPTransport(statusCodes: [503, 200])
+        var request = try URLRequest(url: #require(URL(string: "https://example.com/post")))
+        request.httpMethod = "POST"
+
+        let response = try await script.response(for: request, retryPolicy: .testOneRetry)
+
+        #expect(response.statusCode == 503)
+        #expect(await script.requestCount() == 1)
+    }
+
+    @Test
+    func `response helper does not retry auth failures`() async throws {
+        let script = ScriptedHTTPTransport(statusCodes: [403, 200])
+        let request = try URLRequest(url: #require(URL(string: "https://example.com/forbidden")))
+
+        let response = try await script.response(for: request, retryPolicy: .testOneRetry)
+
+        #expect(response.statusCode == 403)
+        #expect(await script.requestCount() == 1)
+    }
+}
+
+extension ProviderHTTPRetryPolicy {
+    fileprivate static let testOneRetry = ProviderHTTPRetryPolicy(
+        maxRetries: 1,
+        baseDelaySeconds: 0,
+        maxDelaySeconds: 0)
+}
+
+private actor ScriptedHTTPTransport: ProviderHTTPTransport {
+    enum Result {
+        case success(Int)
+        case failure(URLError)
+    }
+
+    private var results: [Result]
+    private var requests: [URLRequest] = []
+
+    init(statusCodes: [Int]) {
+        self.results = statusCodes.map(Result.success)
+    }
+
+    init(results: [Result]) {
+        self.results = results
+    }
+
+    func requestCount() -> Int {
+        self.requests.count
+    }
+
+    func data(for request: URLRequest) throws -> (Data, URLResponse) {
+        self.requests.append(request)
+        let next = self.results.isEmpty ? .success(200) : self.results.removeFirst()
+        switch next {
+        case let .success(statusCode):
+            let response = HTTPURLResponse(
+                url: request.url ?? URL(string: "https://example.com")!,
+                statusCode: statusCode,
+                httpVersion: "HTTP/1.1",
+                headerFields: nil)!
+            return (Data(#"{"ok":true}"#.utf8), response)
+        case let .failure(error):
+            throw error
+        }
+    }
+}
+
+final class StubURLProtocol: URLProtocol {
+    nonisolated(unsafe) static var handler: ((URLRequest) throws -> (Data, URLResponse))?
+    nonisolated(unsafe) static var requests: [URLRequest] = []
+
+    override static func canInit(with request: URLRequest) -> Bool {
+        true
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        guard let handler = Self.handler else {
+            self.client?.urlProtocol(self, didFailWithError: URLError(.cannotLoadFromNetwork))
+            return
+        }
+
+        do {
+            let (data, response) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
+}
diff --git a/Tests/CodexBarTests/ProviderHTTPTransportStub.swift b/Tests/CodexBarTests/ProviderHTTPTransportStub.swift
new file mode 100644
index 000000000..1c01e75cc
--- /dev/null
+++ b/Tests/CodexBarTests/ProviderHTTPTransportStub.swift
@@ -0,0 +1,20 @@
+import Foundation
+@testable import CodexBarCore
+
+actor ProviderHTTPTransportStub: ProviderHTTPTransport {
+    private let handler: @Sendable (URLRequest) async throws -> (Data, URLResponse)
+    private var recordedRequests: [URLRequest] = []
+
+    init(handler: @escaping @Sendable (URLRequest) async throws -> (Data, URLResponse)) {
+        self.handler = handler
+    }
+
+    func requests() -> [URLRequest] {
+        self.recordedRequests
+    }
+
+    func data(for request: URLRequest) async throws -> (Data, URLResponse) {
+        self.recordedRequests.append(request)
+        return try await self.handler(request)
+    }
+}
diff --git a/Tests/CodexBarTests/ProviderIconResourcesTests.swift b/Tests/CodexBarTests/ProviderIconResourcesTests.swift
index 7ecbe7b26..53bcbf11f 100644
--- a/Tests/CodexBarTests/ProviderIconResourcesTests.swift
+++ b/Tests/CodexBarTests/ProviderIconResourcesTests.swift
@@ -3,10 +3,9 @@ import Foundation
 import Testing
 
 @MainActor
-@Suite
 struct ProviderIconResourcesTests {
     @Test
-    func providerIconSVGsExist() throws {
+    func `provider icon SV gs exist`() throws {
         let root = try Self.repoRoot()
         let resources = root.appending(path: "Sources/CodexBar/Resources", directoryHint: .isDirectory)
 
@@ -17,10 +16,21 @@ struct ProviderIconResourcesTests {
             "minimax",
             "cursor",
             "opencode",
+            "opencodego",
+            "alibaba",
             "gemini",
             "antigravity",
             "factory",
             "copilot",
+            "crof",
+            "commandcode",
+            "t3chat",
+            "kimi",
+            "bedrock",
+            "elevenlabs",
+            "groq",
+            "llmproxy",
+            "deepgram",
         ]
         for slug in slugs {
             let url = resources.appending(path: "ProviderIcon-\(slug).svg")
@@ -33,6 +43,16 @@ struct ProviderIconResourcesTests {
         }
     }
 
+    @Test
+    func `groq and grok provider icons are distinct`() throws {
+        let root = try Self.repoRoot()
+        let resources = root.appending(path: "Sources/CodexBar/Resources", directoryHint: .isDirectory)
+        let groq = try String(contentsOf: resources.appending(path: "ProviderIcon-groq.svg"), encoding: .utf8)
+        let grok = try String(contentsOf: resources.appending(path: "ProviderIcon-grok.svg"), encoding: .utf8)
+
+        #expect(groq != grok)
+    }
+
     private static func repoRoot() throws -> URL {
         var dir = URL(filePath: #filePath).deletingLastPathComponent()
         for _ in 0..<12 {
diff --git a/Tests/CodexBarTests/ProviderLabelMetadataCharacterizationTests.swift b/Tests/CodexBarTests/ProviderLabelMetadataCharacterizationTests.swift
new file mode 100644
index 000000000..9d3c01e9b
--- /dev/null
+++ b/Tests/CodexBarTests/ProviderLabelMetadataCharacterizationTests.swift
@@ -0,0 +1,63 @@
+import CodexBarCore
+import Testing
+
+struct ProviderLabelMetadataCharacterizationTests {
+    // MARK: - Label non-empty constraints
+
+    @Test
+    func `displayName is non-empty for all providers`() {
+        for descriptor in ProviderDescriptorRegistry.all {
+            #expect(
+                !descriptor.metadata.displayName.isEmpty,
+                "Provider \(descriptor.id.rawValue) has empty displayName.")
+        }
+    }
+
+    @Test
+    func `sessionLabel is non-empty for all providers`() {
+        for descriptor in ProviderDescriptorRegistry.all {
+            #expect(
+                !descriptor.metadata.sessionLabel.isEmpty,
+                "Provider \(descriptor.id.rawValue) has empty sessionLabel.")
+        }
+    }
+
+    // MARK: - Known empty weeklyLabel exceptions
+
+    @Test
+    func `weeklyLabel empty providers are explicitly characterized`() {
+        // Allowlist of providers known to have empty weeklyLabel on current main.
+        // If a new provider is added with empty weeklyLabel, this test fails and
+        // requires a deliberate decision to add it here — preventing silent regressions.
+        let knownEmptyWeeklyLabelProviders: Set<UsageProvider> = [.mistral]
+        for descriptor in ProviderDescriptorRegistry.all where descriptor.metadata.weeklyLabel.isEmpty {
+            #expect(
+                knownEmptyWeeklyLabelProviders.contains(descriptor.id),
+                "Provider \(descriptor.id.rawValue) has empty weeklyLabel and is not in the known exception list.")
+        }
+    }
+
+    // MARK: - Invariant: supportsOpus implies opusLabel
+
+    @Test
+    func `supportsOpus providers declare non-empty opusLabel`() {
+        for descriptor in ProviderDescriptorRegistry.all where descriptor.metadata.supportsOpus {
+            #expect(
+                descriptor.metadata.opusLabel != nil && !descriptor.metadata.opusLabel!.isEmpty,
+                "Provider \(descriptor.id.rawValue) has supportsOpus=true but opusLabel is nil or empty.")
+        }
+    }
+
+    // MARK: - opusLabel structural constraint
+
+    @Test
+    func `opusLabel is nil or non-empty`() {
+        for descriptor in ProviderDescriptorRegistry.all {
+            if let opusLabel = descriptor.metadata.opusLabel {
+                #expect(
+                    !opusLabel.isEmpty,
+                    "Provider \(descriptor.id.rawValue) has empty opusLabel string instead of nil.")
+            }
+        }
+    }
+}
diff --git a/Tests/CodexBarTests/ProviderMetadataStatusLinkTests.swift b/Tests/CodexBarTests/ProviderMetadataStatusLinkTests.swift
index c4f3f2367..3ca12b233 100644
--- a/Tests/CodexBarTests/ProviderMetadataStatusLinkTests.swift
+++ b/Tests/CodexBarTests/ProviderMetadataStatusLinkTests.swift
@@ -1,10 +1,9 @@
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct ProviderMetadataStatusLinkTests {
     @Test
-    func workspaceStatusLinkMatchesProductID() {
+    func `workspace status link matches product ID`() {
         for (provider, meta) in ProviderDefaults.metadata {
             guard let productID = meta.statusWorkspaceProductID else { continue }
             let expected = "https://www.google.com/appsstatus/dashboard/products/\(productID)/history"
@@ -13,4 +12,13 @@ struct ProviderMetadataStatusLinkTests {
                 "Expected \(provider.rawValue) statusLinkURL to be \(expected)")
         }
     }
+
+    @Test
+    func `kimi K2 metadata does not present legacy endpoint as official`() throws {
+        let meta = try #require(ProviderDefaults.metadata[.kimik2])
+
+        #expect(meta.displayName == "Kimi K2 (unofficial)")
+        #expect(meta.toggleTitle == "Show unofficial Kimi K2 usage")
+        #expect(meta.dashboardURL == nil)
+    }
 }
diff --git a/Tests/CodexBarTests/ProviderRegistryTests.swift b/Tests/CodexBarTests/ProviderRegistryTests.swift
index 9bb79053d..7206bda85 100644
--- a/Tests/CodexBarTests/ProviderRegistryTests.swift
+++ b/Tests/CodexBarTests/ProviderRegistryTests.swift
@@ -1,10 +1,9 @@
 import CodexBarCore
 import Testing
 
-@Suite
 struct ProviderRegistryTests {
     @Test
-    func descriptorRegistryIsCompleteAndDeterministic() {
+    func `descriptor registry is complete and deterministic`() {
         let descriptors = ProviderDescriptorRegistry.all
         let ids = descriptors.map(\.id)
 
@@ -19,7 +18,7 @@ struct ProviderRegistryTests {
     }
 
     @Test
-    func minimaxSortsAfterZaiInRegistry() {
+    func `minimax sorts after zai in registry`() {
         let ids = ProviderDescriptorRegistry.all.map(\.id)
         guard let zaiIndex = ids.firstIndex(of: .zai),
               let minimaxIndex = ids.firstIndex(of: .minimax)
diff --git a/Tests/CodexBarTests/ProviderSettingsDescriptorTests.swift b/Tests/CodexBarTests/ProviderSettingsDescriptorTests.swift
index 7a1654adb..43ae2fe0e 100644
--- a/Tests/CodexBarTests/ProviderSettingsDescriptorTests.swift
+++ b/Tests/CodexBarTests/ProviderSettingsDescriptorTests.swift
@@ -5,63 +5,16 @@ import Testing
 @testable import CodexBar
 
 @MainActor
-@Suite
 struct ProviderSettingsDescriptorTests {
     @Test
-    func toggleIDsAreUniqueAcrossProviders() throws {
-        let suite = "ProviderSettingsDescriptorTests-unique"
-        let defaults = try #require(UserDefaults(suiteName: suite))
-        defaults.removePersistentDomain(forName: suite)
-        let configStore = testConfigStore(suiteName: suite)
-        let settings = SettingsStore(
-            userDefaults: defaults,
-            configStore: configStore,
-            zaiTokenStore: NoopZaiTokenStore(),
-            syntheticTokenStore: NoopSyntheticTokenStore())
-        let store = UsageStore(
-            fetcher: UsageFetcher(environment: [:]),
-            browserDetection: BrowserDetection(cacheTTL: 0),
-            settings: settings)
-
-        var statusByID: [String: String] = [:]
-        var lastRunAtByID: [String: Date] = [:]
+    func `toggle I ds are unique across providers`() throws {
+        let fixture = try self.makeSettingsFixture(suite: "ProviderSettingsDescriptorTests-unique")
         var seenToggleIDs: Set<String> = []
         var seenActionIDs: Set<String> = []
         var seenPickerIDs: Set<String> = []
 
         for provider in UsageProvider.allCases {
-            let context = ProviderSettingsContext(
-                provider: provider,
-                settings: settings,
-                store: store,
-                boolBinding: { keyPath in
-                    Binding(
-                        get: { settings[keyPath: keyPath] },
-                        set: { settings[keyPath: keyPath] = $0 })
-                },
-                stringBinding: { keyPath in
-                    Binding(
-                        get: { settings[keyPath: keyPath] },
-                        set: { settings[keyPath: keyPath] = $0 })
-                },
-                statusText: { id in statusByID[id] },
-                setStatusText: { id, text in
-                    if let text {
-                        statusByID[id] = text
-                    } else {
-                        statusByID.removeValue(forKey: id)
-                    }
-                },
-                lastAppActiveRunAt: { id in lastRunAtByID[id] },
-                setLastAppActiveRunAt: { id, date in
-                    if let date {
-                        lastRunAtByID[id] = date
-                    } else {
-                        lastRunAtByID.removeValue(forKey: id)
-                    }
-                },
-                requestConfirmation: { _ in })
-
+            let context = fixture.settingsContext(provider: provider)
             let impl = try #require(ProviderCatalog.implementation(for: provider))
             let toggles = impl.settingsToggles(context: context)
             for toggle in toggles {
@@ -83,40 +36,24 @@ struct ProviderSettingsDescriptorTests {
     }
 
     @Test
-    func codexExposesUsageAndCookiePickers() throws {
-        let suite = "ProviderSettingsDescriptorTests-codex"
-        let defaults = try #require(UserDefaults(suiteName: suite))
-        defaults.removePersistentDomain(forName: suite)
-        let configStore = testConfigStore(suiteName: suite)
-        let settings = SettingsStore(
-            userDefaults: defaults,
-            configStore: configStore,
-            zaiTokenStore: NoopZaiTokenStore(),
-            syntheticTokenStore: NoopSyntheticTokenStore())
-        let store = UsageStore(
-            fetcher: UsageFetcher(environment: [:]),
-            browserDetection: BrowserDetection(cacheTTL: 0),
-            settings: settings)
+    func `openai exposes project id setting`() throws {
+        let fixture = try self.makeSettingsFixture(suite: "ProviderSettingsDescriptorTests-openai-project")
+        let context = fixture.settingsContext(provider: .openai)
 
-        let context = ProviderSettingsContext(
-            provider: .codex,
-            settings: settings,
-            store: store,
-            boolBinding: { keyPath in
-                Binding(
-                    get: { settings[keyPath: keyPath] },
-                    set: { settings[keyPath: keyPath] = $0 })
-            },
-            stringBinding: { keyPath in
-                Binding(
-                    get: { settings[keyPath: keyPath] },
-                    set: { settings[keyPath: keyPath] = $0 })
-            },
-            statusText: { _ in nil },
-            setStatusText: { _, _ in },
-            lastAppActiveRunAt: { _ in nil },
-            setLastAppActiveRunAt: { _, _ in },
-            requestConfirmation: { _ in })
+        let fields = OpenAIAPIProviderImplementation().settingsFields(context: context)
+        let project = try #require(fields.first(where: { $0.id == "openai-project-id" }))
+        project.binding.wrappedValue = "proj_abc"
+
+        #expect(project.title == "Project ID")
+        #expect(project.subtitle.contains(OpenAIAPISettingsReader.projectIDEnvironmentKey))
+        #expect(fixture.settings.openAIAPIProjectID == "proj_abc")
+        #expect(fixture.settings.providerConfig(for: .openai)?.sanitizedWorkspaceID == "proj_abc")
+    }
+
+    @Test
+    func `codex exposes usage and cookie pickers`() throws {
+        let fixture = try self.makeSettingsFixture(suite: "ProviderSettingsDescriptorTests-codex")
+        let context = fixture.settingsContext(provider: .codex)
 
         let pickers = CodexProviderImplementation().settingsPickers(context: context)
         let toggles = CodexProviderImplementation().settingsToggles(context: context)
@@ -126,44 +63,35 @@ struct ProviderSettingsDescriptorTests {
     }
 
     @Test
-    func claudeExposesUsageAndCookiePickers() throws {
-        let suite = "ProviderSettingsDescriptorTests-claude"
-        let defaults = try #require(UserDefaults(suiteName: suite))
-        defaults.removePersistentDomain(forName: suite)
-        let configStore = testConfigStore(suiteName: suite)
-        let settings = SettingsStore(
-            userDefaults: defaults,
-            configStore: configStore,
-            zaiTokenStore: NoopZaiTokenStore(),
-            syntheticTokenStore: NoopSyntheticTokenStore())
-        settings.debugDisableKeychainAccess = false
-        let store = UsageStore(
-            fetcher: UsageFetcher(environment: [:]),
-            browserDetection: BrowserDetection(cacheTTL: 0),
-            settings: settings)
+    func `codex exposes open AI web extras toggle as default off opt in`() throws {
+        let fixture = try self.makeSettingsFixture(suite: "ProviderSettingsDescriptorTests-codex-openai-toggle")
+        let context = fixture.settingsContext(provider: .codex)
+
+        let toggles = CodexProviderImplementation().settingsToggles(context: context)
+        let extrasToggle = try #require(toggles.first(where: { $0.id == "codex-openai-web-extras" }))
+        #expect(extrasToggle.binding.wrappedValue == false)
+        #expect(extrasToggle.subtitle.contains("Optional."))
+        #expect(extrasToggle.subtitle.contains("Turn this on"))
+
+        let batterySaverToggle = try #require(toggles.first(where: { $0.id == "codex-openai-web-battery-saver" }))
+        #expect(batterySaverToggle.binding.wrappedValue == false)
+        #expect(batterySaverToggle.isVisible?() == false)
+
+        fixture.settings.openAIWebAccessEnabled = true
+        #expect(batterySaverToggle.isVisible?() == true)
+    }
+
+    @Test
+    func `claude exposes usage and cookie pickers`() throws {
+        let fixture = try self.makeSettingsFixture(suite: "ProviderSettingsDescriptorTests-claude")
+        fixture.settings.debugDisableKeychainAccess = false
+        let context = fixture.settingsContext(provider: .claude)
 
-        let context = ProviderSettingsContext(
-            provider: .claude,
-            settings: settings,
-            store: store,
-            boolBinding: { keyPath in
-                Binding(
-                    get: { settings[keyPath: keyPath] },
-                    set: { settings[keyPath: keyPath] = $0 })
-            },
-            stringBinding: { keyPath in
-                Binding(
-                    get: { settings[keyPath: keyPath] },
-                    set: { settings[keyPath: keyPath] = $0 })
-            },
-            statusText: { _ in nil },
-            setStatusText: { _, _ in },
-            lastAppActiveRunAt: { _ in nil },
-            setLastAppActiveRunAt: { _, _ in },
-            requestConfirmation: { _ in })
         let pickers = ClaudeProviderImplementation().settingsPickers(context: context)
         #expect(pickers.contains(where: { $0.id == "claude-usage-source" }))
         #expect(pickers.contains(where: { $0.id == "claude-cookie-source" }))
+        let toggles = ClaudeProviderImplementation().settingsToggles(context: context)
+        #expect(!toggles.contains(where: { $0.id == "claude-peak-hours" }))
         let keychainPicker = try #require(pickers.first(where: { $0.id == "claude-keychain-prompt-policy" }))
         let optionIDs = Set(keychainPicker.options.map(\.id))
         #expect(optionIDs.contains(ClaudeOAuthKeychainPromptMode.never.rawValue))
@@ -173,43 +101,12 @@ struct ProviderSettingsDescriptorTests {
     }
 
     @Test
-    func claudePromptPolicyPickerHiddenWhenExperimentalReaderSelected() throws {
-        let suite = "ProviderSettingsDescriptorTests-claude-prompt-hidden-experimental"
-        let defaults = try #require(UserDefaults(suiteName: suite))
-        defaults.removePersistentDomain(forName: suite)
-        let configStore = testConfigStore(suiteName: suite)
-        let settings = SettingsStore(
-            userDefaults: defaults,
-            configStore: configStore,
-            zaiTokenStore: NoopZaiTokenStore(),
-            syntheticTokenStore: NoopSyntheticTokenStore())
-        settings.debugDisableKeychainAccess = false
-        settings.claudeOAuthKeychainReadStrategy = .securityCLI
-
-        let store = UsageStore(
-            fetcher: UsageFetcher(environment: [:]),
-            browserDetection: BrowserDetection(cacheTTL: 0),
-            settings: settings)
-
-        let context = ProviderSettingsContext(
-            provider: .claude,
-            settings: settings,
-            store: store,
-            boolBinding: { keyPath in
-                Binding(
-                    get: { settings[keyPath: keyPath] },
-                    set: { settings[keyPath: keyPath] = $0 })
-            },
-            stringBinding: { keyPath in
-                Binding(
-                    get: { settings[keyPath: keyPath] },
-                    set: { settings[keyPath: keyPath] = $0 })
-            },
-            statusText: { _ in nil },
-            setStatusText: { _, _ in },
-            lastAppActiveRunAt: { _ in nil },
-            setLastAppActiveRunAt: { _, _ in },
-            requestConfirmation: { _ in })
+    func `claude prompt policy picker hidden when experimental reader selected`() throws {
+        let fixture = try self.makeSettingsFixture(
+            suite: "ProviderSettingsDescriptorTests-claude-prompt-hidden-experimental")
+        fixture.settings.debugDisableKeychainAccess = false
+        fixture.settings.claudeOAuthKeychainReadStrategy = .securityCLIExperimental
+        let context = fixture.settingsContext(provider: .claude)
 
         let pickers = ClaudeProviderImplementation().settingsPickers(context: context)
         let keychainPicker = try #require(pickers.first(where: { $0.id == "claude-keychain-prompt-policy" }))
@@ -217,41 +114,10 @@ struct ProviderSettingsDescriptorTests {
     }
 
     @Test
-    func claudeKeychainPromptPolicyPickerDisabledWhenGlobalKeychainDisabled() throws {
-        let suite = "ProviderSettingsDescriptorTests-claude-keychain-disabled"
-        let defaults = try #require(UserDefaults(suiteName: suite))
-        defaults.removePersistentDomain(forName: suite)
-        let configStore = testConfigStore(suiteName: suite)
-        let settings = SettingsStore(
-            userDefaults: defaults,
-            configStore: configStore,
-            zaiTokenStore: NoopZaiTokenStore(),
-            syntheticTokenStore: NoopSyntheticTokenStore())
-        settings.debugDisableKeychainAccess = true
-        let store = UsageStore(
-            fetcher: UsageFetcher(environment: [:]),
-            browserDetection: BrowserDetection(cacheTTL: 0),
-            settings: settings)
-
-        let context = ProviderSettingsContext(
-            provider: .claude,
-            settings: settings,
-            store: store,
-            boolBinding: { keyPath in
-                Binding(
-                    get: { settings[keyPath: keyPath] },
-                    set: { settings[keyPath: keyPath] = $0 })
-            },
-            stringBinding: { keyPath in
-                Binding(
-                    get: { settings[keyPath: keyPath] },
-                    set: { settings[keyPath: keyPath] = $0 })
-            },
-            statusText: { _ in nil },
-            setStatusText: { _, _ in },
-            lastAppActiveRunAt: { _ in nil },
-            setLastAppActiveRunAt: { _, _ in },
-            requestConfirmation: { _ in })
+    func `claude keychain prompt policy picker disabled when global keychain disabled`() throws {
+        let fixture = try self.makeSettingsFixture(suite: "ProviderSettingsDescriptorTests-claude-keychain-disabled")
+        fixture.settings.debugDisableKeychainAccess = true
+        let context = fixture.settingsContext(provider: .claude)
 
         let pickers = ClaudeProviderImplementation().settingsPickers(context: context)
         let keychainPicker = try #require(pickers.first(where: { $0.id == "claude-keychain-prompt-policy" }))
@@ -261,16 +127,9 @@ struct ProviderSettingsDescriptorTests {
     }
 
     @Test
-    func claudeWebExtrasAutoDisablesWhenLeavingCLI() throws {
-        let suite = "ProviderSettingsDescriptorTests-claude-invariant"
-        let defaults = try #require(UserDefaults(suiteName: suite))
-        defaults.removePersistentDomain(forName: suite)
-        let configStore = testConfigStore(suiteName: suite)
-        let settings = SettingsStore(
-            userDefaults: defaults,
-            configStore: configStore,
-            zaiTokenStore: NoopZaiTokenStore(),
-            syntheticTokenStore: NoopSyntheticTokenStore())
+    func `claude web extras auto disables when leaving CLI`() throws {
+        let fixture = try self.makeSettingsFixture(suite: "ProviderSettingsDescriptorTests-claude-invariant")
+        let settings = fixture.settings
         settings.debugMenuEnabled = true
         settings.claudeUsageDataSource = .cli
         settings.claudeWebExtrasEnabled = true
@@ -280,48 +139,134 @@ struct ProviderSettingsDescriptorTests {
     }
 
     @Test
-    func kiloExposesUsageSourcePickerAndApiFieldOnly() throws {
-        let suite = "ProviderSettingsDescriptorTests-kilo"
+    func `kilo exposes usage source picker and api field only`() throws {
+        let fixture = try self.makeSettingsFixture(suite: "ProviderSettingsDescriptorTests-kilo")
+        let context = fixture.settingsContext(provider: .kilo)
+
+        let implementation = KiloProviderImplementation()
+        let toggles = implementation.settingsToggles(context: context)
+        let pickers = implementation.settingsPickers(context: context)
+        let fields = implementation.settingsFields(context: context)
+
+        #expect(toggles.isEmpty)
+        #expect(pickers.contains(where: { $0.id == "kilo-usage-source" }))
+        #expect(fields.contains(where: { $0.id == "kilo-api-key" }))
+    }
+
+    @Test
+    func `deepgram exposes api key and project id fields`() throws {
+        let fixture = try self.makeSettingsFixture(suite: "ProviderSettingsDescriptorTests-deepgram")
+        let context = fixture.settingsContext(provider: .deepgram)
+
+        let implementation = DeepgramProviderImplementation()
+        let fields = implementation.settingsFields(context: context)
+
+        #expect(fields.contains(where: { $0.id == "deepgram-api-key" }))
+        #expect(fields.contains(where: { $0.id == "deepgram-project-id" }))
+
+        // Basic presence checks for Deepgram settings fields (layout copied from OpenRouter)
+        _ = try #require(fields.first(where: { $0.id == "deepgram-project-id" }))
+        _ = try #require(fields.first(where: { $0.id == "deepgram-api-key" }))
+    }
+
+    @Test
+    func `alibaba presentation follows store source label`() throws {
+        let fixture = try self.makeSettingsFixture(suite: "ProviderSettingsDescriptorTests-alibaba-presentation")
+        let metadata = try #require(ProviderDescriptorRegistry.metadata[.alibaba])
+        let context = fixture.presentationContext(provider: .alibaba, metadata: metadata)
+
+        let detailLine = AlibabaCodingPlanProviderImplementation()
+            .presentation(context: context)
+            .detailLine(context)
+
+        #expect(detailLine == fixture.store.sourceLabel(for: .alibaba))
+    }
+
+    @Test
+    func `alibaba token plan settings expose cookie controls`() throws {
+        let fixture = try self.makeSettingsFixture(suite: "ProviderSettingsDescriptorTests-alibaba-token-plan-settings")
+        fixture.settings.alibabaTokenPlanCookieSource = .manual
+        let context = fixture.settingsContext(provider: .alibabatokenplan)
+        let implementation = AlibabaTokenPlanProviderImplementation()
+        let pickers = implementation.settingsPickers(context: context)
+        let fields = implementation.settingsFields(context: context)
+
+        #expect(pickers.contains(where: { $0.id == "alibaba-token-plan-cookie-source" }))
+        #expect(fields.contains(where: { $0.id == "alibaba-token-plan-cookie" }))
+        #expect(fields.first?.actions.contains(where: { $0.id == "alibaba-token-plan-open-dashboard" }) == true)
+    }
+
+    private func makeSettingsFixture(suite: String) throws -> ProviderSettingsFixture {
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
-        let configStore = testConfigStore(suiteName: suite)
         let settings = SettingsStore(
             userDefaults: defaults,
-            configStore: configStore,
+            configStore: testConfigStore(suiteName: suite),
             zaiTokenStore: NoopZaiTokenStore(),
             syntheticTokenStore: NoopSyntheticTokenStore())
         let store = UsageStore(
             fetcher: UsageFetcher(environment: [:]),
             browserDetection: BrowserDetection(cacheTTL: 0),
             settings: settings)
+        return ProviderSettingsFixture(settings: settings, store: store)
+    }
 
-        let context = ProviderSettingsContext(
-            provider: .kilo,
-            settings: settings,
-            store: store,
-            boolBinding: { keyPath in
-                Binding(
-                    get: { settings[keyPath: keyPath] },
-                    set: { settings[keyPath: keyPath] = $0 })
-            },
-            stringBinding: { keyPath in
-                Binding(
-                    get: { settings[keyPath: keyPath] },
-                    set: { settings[keyPath: keyPath] = $0 })
-            },
-            statusText: { _ in nil },
-            setStatusText: { _, _ in },
-            lastAppActiveRunAt: { _ in nil },
-            setLastAppActiveRunAt: { _, _ in },
-            requestConfirmation: { _ in })
+    private struct ProviderSettingsFixture {
+        let settings: SettingsStore
+        let store: UsageStore
+        private let state = ProviderSettingsContextState()
 
-        let implementation = KiloProviderImplementation()
-        let toggles = implementation.settingsToggles(context: context)
-        let pickers = implementation.settingsPickers(context: context)
-        let fields = implementation.settingsFields(context: context)
+        @MainActor
+        func settingsContext(provider: UsageProvider) -> ProviderSettingsContext {
+            let settings = self.settings
+            let store = self.store
+            let state = self.state
+            return ProviderSettingsContext(
+                provider: provider,
+                settings: settings,
+                store: store,
+                boolBinding: { keyPath in
+                    Binding(
+                        get: { settings[keyPath: keyPath] },
+                        set: { settings[keyPath: keyPath] = $0 })
+                },
+                stringBinding: { keyPath in
+                    Binding(
+                        get: { settings[keyPath: keyPath] },
+                        set: { settings[keyPath: keyPath] = $0 })
+                },
+                statusText: { id in state.statusByID[id] },
+                setStatusText: { id, text in
+                    if let text {
+                        state.statusByID[id] = text
+                    } else {
+                        state.statusByID.removeValue(forKey: id)
+                    }
+                },
+                lastAppActiveRunAt: { id in state.lastRunAtByID[id] },
+                setLastAppActiveRunAt: { id, date in
+                    if let date {
+                        state.lastRunAtByID[id] = date
+                    } else {
+                        state.lastRunAtByID.removeValue(forKey: id)
+                    }
+                },
+                requestConfirmation: { _ in },
+                runLoginFlow: {})
+        }
 
-        #expect(toggles.isEmpty)
-        #expect(pickers.contains(where: { $0.id == "kilo-usage-source" }))
-        #expect(fields.contains(where: { $0.id == "kilo-api-key" }))
+        @MainActor
+        func presentationContext(provider: UsageProvider, metadata: ProviderMetadata) -> ProviderPresentationContext {
+            ProviderPresentationContext(
+                provider: provider,
+                settings: self.settings,
+                store: self.store,
+                metadata: metadata)
+        }
+    }
+
+    private final class ProviderSettingsContextState {
+        var statusByID: [String: String] = [:]
+        var lastRunAtByID: [String: Date] = [:]
     }
 }
diff --git a/Tests/CodexBarTests/ProviderStorageFootprintTests.swift b/Tests/CodexBarTests/ProviderStorageFootprintTests.swift
new file mode 100644
index 000000000..0a903e95e
--- /dev/null
+++ b/Tests/CodexBarTests/ProviderStorageFootprintTests.swift
@@ -0,0 +1,410 @@
+import AppKit
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct ProviderStorageFootprintTests {
+    @Test
+    func `scanner sums nested regular files and skips symlink targets`() throws {
+        let root = try Self.makeTemporaryDirectory()
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let nested = root.appendingPathComponent("nested", isDirectory: true)
+        try FileManager.default.createDirectory(at: nested, withIntermediateDirectories: true)
+        try Data(repeating: 1, count: 5).write(to: root.appendingPathComponent("a.jsonl"))
+        try Data(repeating: 2, count: 7).write(to: nested.appendingPathComponent("b.jsonl"))
+
+        let external = try Self.makeTemporaryDirectory()
+        defer { try? FileManager.default.removeItem(at: external) }
+        let target = external.appendingPathComponent("outside.bin")
+        try Data(repeating: 3, count: 100).write(to: target)
+        let link = root.appendingPathComponent("linked.bin")
+        try FileManager.default.createSymbolicLink(at: link, withDestinationURL: target)
+
+        let footprint = ProviderStorageScanner().scan(provider: .codex, candidatePaths: [root.path])
+
+        #expect(footprint.totalBytes == 12)
+        #expect(footprint.paths == [root.path])
+        #expect(footprint.missingPaths.isEmpty)
+        #expect(footprint.components.map(\.name) == ["nested", "a.jsonl"])
+        #expect(footprint.components.map(\.totalBytes) == [7, 5])
+    }
+
+    @Test
+    func `scanner does not follow symlinked candidate roots`() throws {
+        let root = try Self.makeTemporaryDirectory()
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let target = root.appendingPathComponent("target", isDirectory: true)
+        try FileManager.default.createDirectory(at: target, withIntermediateDirectories: true)
+        try Data(repeating: 1, count: 64).write(to: target.appendingPathComponent("session.jsonl"))
+        let symlinkRoot = root.appendingPathComponent("codex-link", isDirectory: true)
+        try FileManager.default.createSymbolicLink(at: symlinkRoot, withDestinationURL: target)
+
+        let footprint = ProviderStorageScanner().scan(provider: .codex, candidatePaths: [symlinkRoot.path])
+
+        #expect(footprint.paths == [symlinkRoot.path])
+        #expect(footprint.totalBytes == 0)
+        #expect(footprint.components.isEmpty)
+    }
+
+    @Test
+    func `scanner records missing paths without failing`() throws {
+        let root = try Self.makeTemporaryDirectory()
+        let missing = root.appendingPathComponent("missing")
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let footprint = ProviderStorageScanner().scan(provider: .claude, candidatePaths: [missing.path])
+
+        #expect(footprint.totalBytes == 0)
+        #expect(footprint.paths.isEmpty)
+        #expect(footprint.missingPaths == [missing.path])
+    }
+
+    @Test
+    func `codex path catalog uses CODEX_HOME and managed homes`() {
+        let managed = ManagedCodexAccount(
+            id: UUID(),
+            email: "user@example.com",
+            managedHomePath: "/tmp/codex-managed-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: nil)
+
+        let paths = ProviderStoragePathCatalog.candidatePaths(
+            for: .codex,
+            environment: ["CODEX_HOME": "/tmp/codex-home"],
+            managedCodexAccounts: [managed])
+
+        #expect(paths == ["/tmp/codex-home", "/tmp/codex-managed-home"])
+    }
+
+    @Test
+    func `codex path catalog falls back to default home`() {
+        let paths = ProviderStoragePathCatalog.candidatePaths(for: .codex, environment: [:])
+        let expected = FileManager.default.homeDirectoryForCurrentUser
+            .appendingPathComponent(".codex", isDirectory: true)
+            .path
+
+        #expect(paths.first == expected)
+    }
+
+    @Test
+    func `claude recommendations use documented cleanup categories`() {
+        let root = "/Users/test/.claude"
+        let footprint = ProviderStorageFootprint(
+            provider: .claude,
+            totalBytes: 28,
+            paths: [root],
+            missingPaths: [],
+            unreadablePaths: [],
+            components: [
+                .init(path: "\(root)/projects", totalBytes: 10),
+                .init(path: "\(root)/file-history", totalBytes: 8),
+                .init(path: "\(root)/paste-cache", totalBytes: 6),
+                .init(path: "\(root)/settings.json", totalBytes: 4),
+            ],
+            updatedAt: Date(timeIntervalSince1970: 0))
+
+        let recommendations = footprint.cleanupRecommendations
+
+        #expect(recommendations.map(\.path) == [
+            "\(root)/projects",
+            "\(root)/file-history",
+            "\(root)/paste-cache",
+        ])
+        #expect(recommendations[0].consequence.contains("resume"))
+        #expect(recommendations.allSatisfy { $0.riskLevel == .manualCleanup })
+    }
+
+    @Test
+    func `codex recommendations stay under known homes and exclude auth and config`() {
+        let root = "/Users/test/.codex"
+        let footprint = ProviderStorageFootprint(
+            provider: .codex,
+            totalBytes: 51,
+            paths: [root],
+            missingPaths: [],
+            unreadablePaths: [],
+            components: [
+                .init(path: "\(root)/sessions", totalBytes: 20),
+                .init(path: "\(root)/archived_sessions", totalBytes: 15),
+                .init(path: "\(root)/log", totalBytes: 12),
+                .init(path: "\(root)/logs_2.sqlite", totalBytes: 11),
+                .init(path: "\(root)/cache", totalBytes: 10),
+                .init(path: "\(root)/shell_snapshots", totalBytes: 9),
+                .init(path: "\(root)/auth.json", totalBytes: 4),
+                .init(path: "\(root)/config.toml", totalBytes: 2),
+                .init(path: "/tmp/outside/sessions", totalBytes: 99),
+            ],
+            updatedAt: Date(timeIntervalSince1970: 0))
+
+        let recommendations = footprint.cleanupRecommendations
+
+        #expect(recommendations.map(\.path) == [
+            "\(root)/sessions",
+            "\(root)/archived_sessions",
+            "\(root)/cache",
+            "\(root)/log",
+            "\(root)/logs_2.sqlite",
+            "\(root)/shell_snapshots",
+        ])
+        #expect(recommendations.map(\.bytes) == [20, 15, 10, 12, 11, 9])
+    }
+
+    @Test
+    func `unknown provider storage returns no cleanup recommendations`() {
+        let footprint = ProviderStorageFootprint(
+            provider: .gemini,
+            totalBytes: 10,
+            paths: ["/Users/test/.gemini"],
+            missingPaths: [],
+            unreadablePaths: [],
+            components: [
+                .init(path: "/Users/test/.gemini/cache", totalBytes: 10),
+            ],
+            updatedAt: Date(timeIntervalSince1970: 0))
+
+        #expect(footprint.cleanupRecommendations.isEmpty)
+    }
+
+    @Test
+    @MainActor
+    func `overview row carries storage text outside provider detail model`() throws {
+        let now = Date()
+        let metadata = try #require(ProviderDefaults.metadata[.claude])
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 25,
+                windowMinutes: nil,
+                resetsAt: now.addingTimeInterval(3600),
+                resetDescription: nil),
+            secondary: nil,
+            updatedAt: now,
+            identity: nil)
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .claude,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        let overview = OverviewMenuCardRowView(model: model, storageText: "1.5 GB", width: 310)
+        let detail = UsageMenuCardView(model: model, width: 310)
+
+        #expect(overview.storageText == "1.5 GB")
+        #expect(detail.model.provider == UsageProvider.claude)
+    }
+
+    @Test
+    @MainActor
+    func `storage detail view exposes cleanup recommendations while overview remains number only`() throws {
+        let root = "/Users/test/.claude"
+        let footprint = ProviderStorageFootprint(
+            provider: .claude,
+            totalBytes: 10,
+            paths: [root],
+            missingPaths: [],
+            unreadablePaths: [],
+            components: [
+                .init(path: "\(root)/projects", totalBytes: 10),
+            ],
+            updatedAt: Date(timeIntervalSince1970: 0))
+        let detailView = StorageBreakdownMenuView(footprint: footprint, width: 310)
+        let metadata = try #require(ProviderDefaults.metadata[.claude])
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .claude,
+            metadata: metadata,
+            snapshot: nil,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: Date(timeIntervalSince1970: 0)))
+        let overview = OverviewMenuCardRowView(model: model, storageText: "10 B", width: 310)
+
+        #expect(detailView.cleanupRecommendations.map(\.path) == ["\(root)/projects"])
+        #expect(overview.storageText == "10 B")
+    }
+
+    @Test
+    @MainActor
+    func `storage detail view exposes copyable exact paths`() {
+        let root = "/Users/test/.claude"
+        let footprint = ProviderStorageFootprint(
+            provider: .claude,
+            totalBytes: 110,
+            paths: [root],
+            missingPaths: [],
+            unreadablePaths: [],
+            components: [
+                .init(path: "\(root)/projects", totalBytes: 100),
+                .init(path: "\(root)/file-history", totalBytes: 10),
+            ],
+            updatedAt: Date(timeIntervalSince1970: 0))
+        let detailView = StorageBreakdownMenuView(footprint: footprint, width: 310)
+
+        #expect(detailView.copyablePaths.contains("\(root)/projects"))
+        #expect(detailView.copyablePaths.contains("\(root)/file-history"))
+    }
+
+    @Test
+    @MainActor
+    func `storage path copy button writes exact path to pasteboard`() {
+        let path = "/Users/test/.claude/projects/example"
+        StoragePathCopyButton.copyToPasteboard(path)
+
+        #expect(NSPasteboard.general.string(forType: .string) == path)
+    }
+
+    @Test
+    @MainActor
+    func `manual storage refresh updates deleted provider data`() async throws {
+        let home = try Self.makeTemporaryDirectory()
+        defer { try? FileManager.default.removeItem(at: home) }
+
+        let codexHome = home.appendingPathComponent(".codex", isDirectory: true)
+        let sessions = codexHome.appendingPathComponent("sessions", isDirectory: true)
+        try FileManager.default.createDirectory(at: sessions, withIntermediateDirectories: true)
+        try Data(repeating: 1, count: 32).write(to: sessions.appendingPathComponent("session.jsonl"))
+
+        let suite = "ProviderStorageFootprintTests-storage-refresh-\(UUID().uuidString)"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        if let codexMetadata = ProviderDefaults.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMetadata, enabled: true)
+        }
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            environmentBase: ["CODEX_HOME": codexHome.path])
+        settings.providerStorageFootprintsEnabled = true
+        store.managedCodexAccountsForStorageOverride = []
+
+        await store.refreshStorageFootprintsForOverviewNow()
+        #expect(store.storageFootprint(for: .codex)?.totalBytes == 32)
+
+        try FileManager.default.removeItem(at: sessions)
+        await store.refreshStorageFootprintsForOverviewNow()
+
+        #expect(store.storageFootprint(for: .codex)?.totalBytes == 0)
+        #expect(store.storageFootprintText(for: .codex) == "No local data found")
+    }
+
+    @Test
+    @MainActor
+    func `storage refresh is opt in and clears stale footprints when disabled`() async throws {
+        let home = try Self.makeTemporaryDirectory()
+        defer { try? FileManager.default.removeItem(at: home) }
+
+        let codexHome = home.appendingPathComponent(".codex", isDirectory: true)
+        try FileManager.default.createDirectory(at: codexHome, withIntermediateDirectories: true)
+        try Data(repeating: 1, count: 16).write(to: codexHome.appendingPathComponent("session.jsonl"))
+
+        let suite = "ProviderStorageFootprintTests-storage-opt-in-\(UUID().uuidString)"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        if let codexMetadata = ProviderDefaults.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMetadata, enabled: true)
+        }
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            environmentBase: ["CODEX_HOME": codexHome.path])
+        store.managedCodexAccountsForStorageOverride = []
+
+        await store.refreshStorageFootprintsForOverviewNow()
+        #expect(store.storageFootprint(for: .codex) == nil)
+
+        settings.providerStorageFootprintsEnabled = true
+        await store.refreshStorageFootprintsForOverviewNow()
+        #expect(store.storageFootprint(for: .codex)?.totalBytes == 16)
+
+        settings.providerStorageFootprintsEnabled = false
+        await store.refreshStorageFootprintsForOverviewNow()
+        #expect(store.storageFootprint(for: .codex) == nil)
+        #expect(store.providerStorageFootprints.isEmpty)
+    }
+
+    @Test
+    @MainActor
+    func `forced scheduled storage refresh does not restart identical in flight scan`() throws {
+        let home = try Self.makeTemporaryDirectory()
+        defer { try? FileManager.default.removeItem(at: home) }
+
+        let codexHome = home.appendingPathComponent(".codex", isDirectory: true)
+        try FileManager.default.createDirectory(at: codexHome, withIntermediateDirectories: true)
+
+        let suite = "ProviderStorageFootprintTests-storage-in-flight-\(UUID().uuidString)"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            environmentBase: ["CODEX_HOME": codexHome.path])
+        settings.providerStorageFootprintsEnabled = true
+        store.storageRefreshGeneration = 41
+        store.storageRefreshInFlightSignature = "codex=\(codexHome.path)"
+        store.storageRefreshTask = Task.detached {
+            try? await Task.sleep(for: .seconds(30))
+        }
+        defer {
+            store.storageRefreshTask?.cancel()
+            store.storageRefreshTask = nil
+            store.storageRefreshInFlightSignature = nil
+        }
+
+        store.scheduleStorageFootprintRefresh(for: [.codex], force: true)
+
+        #expect(store.storageRefreshGeneration == 41)
+    }
+
+    private static func makeTemporaryDirectory() throws -> URL {
+        let url = FileManager.default.temporaryDirectory
+            .appendingPathComponent("ProviderStorageFootprintTests-\(UUID().uuidString)", isDirectory: true)
+        try FileManager.default.createDirectory(at: url, withIntermediateDirectories: true)
+        return url
+    }
+}
diff --git a/Tests/CodexBarTests/ProviderToggleStoreTests.swift b/Tests/CodexBarTests/ProviderToggleStoreTests.swift
index 6de1adfd7..ce4f812af 100644
--- a/Tests/CodexBarTests/ProviderToggleStoreTests.swift
+++ b/Tests/CodexBarTests/ProviderToggleStoreTests.swift
@@ -3,10 +3,9 @@ import Testing
 @testable import CodexBar
 
 @MainActor
-@Suite
 struct ProviderToggleStoreTests {
     @Test
-    func defaultsMatchMetadata() throws {
+    func `defaults match metadata`() throws {
         let defaults = try #require(UserDefaults(suiteName: "ProviderToggleStoreTests-defaults"))
         defaults.removePersistentDomain(forName: "ProviderToggleStoreTests-defaults")
         let store = ProviderToggleStore(userDefaults: defaults)
@@ -19,7 +18,7 @@ struct ProviderToggleStoreTests {
     }
 
     @Test
-    func persistsChanges() throws {
+    func `persists changes`() throws {
         let suite = "ProviderToggleStoreTests-persist"
         let defaultsA = try #require(UserDefaults(suiteName: suite))
         defaultsA.removePersistentDomain(forName: suite)
@@ -35,7 +34,7 @@ struct ProviderToggleStoreTests {
     }
 
     @Test
-    func purgesLegacyKeys() throws {
+    func `purges legacy keys`() throws {
         let suite = "ProviderToggleStoreTests-purge"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
diff --git a/Tests/CodexBarTests/ProviderTokenResolverTests.swift b/Tests/CodexBarTests/ProviderTokenResolverTests.swift
index fcfc5bd74..9477d0c31 100644
--- a/Tests/CodexBarTests/ProviderTokenResolverTests.swift
+++ b/Tests/CodexBarTests/ProviderTokenResolverTests.swift
@@ -2,10 +2,9 @@ import CodexBarCore
 import Foundation
 import Testing
 
-@Suite
 struct ProviderTokenResolverTests {
     @Test
-    func zaiResolutionUsesEnvironmentToken() {
+    func `zai resolution uses environment token`() {
         let env = [ZaiSettingsReader.apiTokenKey: "token"]
         let resolution = ProviderTokenResolver.zaiResolution(environment: env)
         #expect(resolution?.token == "token")
@@ -13,14 +12,14 @@ struct ProviderTokenResolverTests {
     }
 
     @Test
-    func copilotResolutionTrimsToken() {
+    func `copilot resolution trims token`() {
         let env = ["COPILOT_API_TOKEN": "  token  "]
         let resolution = ProviderTokenResolver.copilotResolution(environment: env)
         #expect(resolution?.token == "token")
     }
 
     @Test
-    func warpResolutionUsesEnvironmentToken() {
+    func `warp resolution uses environment token`() {
         let env = ["WARP_API_KEY": "wk-test-token"]
         let resolution = ProviderTokenResolver.warpResolution(environment: env)
         #expect(resolution?.token == "wk-test-token")
@@ -28,21 +27,35 @@ struct ProviderTokenResolverTests {
     }
 
     @Test
-    func warpResolutionTrimsToken() {
+    func `warp resolution trims token`() {
         let env = ["WARP_API_KEY": "  wk-token  "]
         let resolution = ProviderTokenResolver.warpResolution(environment: env)
         #expect(resolution?.token == "wk-token")
     }
 
     @Test
-    func warpResolutionReturnsNilWhenMissing() {
+    func `warp resolution returns nil when missing`() {
         let env: [String: String] = [:]
         let resolution = ProviderTokenResolver.warpResolution(environment: env)
         #expect(resolution == nil)
     }
 
     @Test
-    func kiloResolutionPrefersEnvironmentOverAuthFile() throws {
+    func `doubao resolution uses first supported environment token`() {
+        let env = ["ARK_API_KEY": "ark-token"]
+        let resolution = ProviderTokenResolver.doubaoResolution(environment: env)
+        #expect(resolution?.token == "ark-token")
+        #expect(resolution?.source == .environment)
+    }
+
+    @Test
+    func `doubao settings reader trims quoted token`() {
+        let env = ["DOUBAO_API_KEY": " 'doubao-token' "]
+        #expect(DoubaoSettingsReader.apiKey(environment: env) == "doubao-token")
+    }
+
+    @Test
+    func `kilo resolution prefers environment over auth file`() throws {
         let fileURL = try self.makeKiloAuthFile(contents: #"{"kilo":{"access":"file-token"}}"#)
         defer { try? FileManager.default.removeItem(at: fileURL.deletingLastPathComponent()) }
 
@@ -54,7 +67,7 @@ struct ProviderTokenResolverTests {
     }
 
     @Test
-    func kiloResolutionFallsBackToAuthFile() throws {
+    func `kilo resolution falls back to auth file`() throws {
         let fileURL = try self.makeKiloAuthFile(contents: #"{"kilo":{"access":"file-token"}}"#)
         defer { try? FileManager.default.removeItem(at: fileURL.deletingLastPathComponent()) }
 
@@ -65,7 +78,7 @@ struct ProviderTokenResolverTests {
     }
 
     @Test
-    func kiloResolutionReturnsNilForMalformedAuthFile() throws {
+    func `kilo resolution returns nil for malformed auth file`() throws {
         let fileURL = try self.makeKiloAuthFile(contents: #"{not-json}"#)
         defer { try? FileManager.default.removeItem(at: fileURL.deletingLastPathComponent()) }
 
@@ -81,4 +94,53 @@ struct ProviderTokenResolverTests {
         try contents.write(to: fileURL, atomically: true, encoding: .utf8)
         return fileURL
     }
+
+    @Test
+    func `codebuff resolution prefers environment over credentials file`() throws {
+        let fileURL = try self.makeCodebuffCredentialsFile(
+            contents: #"{"authToken":"file-token"}"#)
+        defer { try? FileManager.default.removeItem(at: fileURL.deletingLastPathComponent()) }
+
+        let env = [CodebuffSettingsReader.apiTokenKey: "env-token"]
+        let resolution = ProviderTokenResolver.codebuffResolution(
+            environment: env,
+            authFileURL: fileURL)
+
+        #expect(resolution?.token == "env-token")
+        #expect(resolution?.source == .environment)
+    }
+
+    @Test
+    func `codebuff resolution falls back to credentials file`() throws {
+        let fileURL = try self.makeCodebuffCredentialsFile(
+            contents: #"{"authToken":"file-token","fingerprintId":"fp"}"#)
+        defer { try? FileManager.default.removeItem(at: fileURL.deletingLastPathComponent()) }
+
+        let resolution = ProviderTokenResolver.codebuffResolution(
+            environment: [:],
+            authFileURL: fileURL)
+
+        #expect(resolution?.token == "file-token")
+        #expect(resolution?.source == .authFile)
+    }
+
+    @Test
+    func `codebuff resolution returns nil for malformed credentials file`() throws {
+        let fileURL = try self.makeCodebuffCredentialsFile(contents: #"{not-json}"#)
+        defer { try? FileManager.default.removeItem(at: fileURL.deletingLastPathComponent()) }
+
+        let resolution = ProviderTokenResolver.codebuffResolution(
+            environment: [:],
+            authFileURL: fileURL)
+        #expect(resolution == nil)
+    }
+
+    private func makeCodebuffCredentialsFile(contents: String) throws -> URL {
+        let directory = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        try FileManager.default.createDirectory(at: directory, withIntermediateDirectories: true)
+        let fileURL = directory.appendingPathComponent("credentials.json", isDirectory: false)
+        try contents.write(to: fileURL, atomically: true, encoding: .utf8)
+        return fileURL
+    }
 }
diff --git a/Tests/CodexBarTests/ProviderVersionDetectorTests.swift b/Tests/CodexBarTests/ProviderVersionDetectorTests.swift
new file mode 100644
index 000000000..331948deb
--- /dev/null
+++ b/Tests/CodexBarTests/ProviderVersionDetectorTests.swift
@@ -0,0 +1,25 @@
+import XCTest
+@testable import CodexBarCore
+
+final class ProviderVersionDetectorTests: XCTestCase {
+    func test_run_returnsFirstLineForSuccessfulCommand() {
+        let version = ProviderVersionDetector.run(
+            path: "/bin/sh",
+            args: ["-c", "printf 'gemini 1.2.3\\nextra\\n'"],
+            timeout: 1.0)
+
+        XCTAssertEqual(version, "gemini 1.2.3")
+    }
+
+    func test_run_returnsNilAfterTimeout() {
+        let start = Date()
+        let version = ProviderVersionDetector.run(
+            path: "/bin/sh",
+            args: ["-c", "sleep 5"],
+            timeout: 0.1)
+        let duration = Date().timeIntervalSince(start)
+
+        XCTAssertNil(version)
+        XCTAssertLessThan(duration, 2.0)
+    }
+}
diff --git a/Tests/CodexBarTests/ProvidersPaneCoverageTests.swift b/Tests/CodexBarTests/ProvidersPaneCoverageTests.swift
index e5ea668de..b2629ecea 100644
--- a/Tests/CodexBarTests/ProvidersPaneCoverageTests.swift
+++ b/Tests/CodexBarTests/ProvidersPaneCoverageTests.swift
@@ -1,13 +1,13 @@
 import CodexBarCore
 import Foundation
+import SwiftUI
 import Testing
 @testable import CodexBar
 
 @MainActor
-@Suite
 struct ProvidersPaneCoverageTests {
     @Test
-    func exercisesProvidersPaneViews() {
+    func `exercises providers pane views`() {
         let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests")
         let store = Self.makeUsageStore(settings: settings)
 
@@ -15,36 +15,349 @@ struct ProvidersPaneCoverageTests {
     }
 
     @Test
-    func openRouterMenuBarMetricPicker_showsOnlyAutomaticAndPrimary() {
-        let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-openrouter-picker")
+    func `claude token account descriptor shows organization field`() throws {
+        let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-claude-org-field")
         let store = Self.makeUsageStore(settings: settings)
         let pane = ProvidersPane(settings: settings, store: store)
 
-        let picker = pane._test_menuBarMetricPicker(for: .openrouter)
-        #expect(picker?.options.map(\.id) == [
+        let claudeDescriptor = try #require(pane._test_tokenAccountDescriptor(for: .claude))
+        #expect(claudeDescriptor.showsOrganizationField)
+
+        let copilotDescriptor = try #require(pane._test_tokenAccountDescriptor(for: .copilot))
+        #expect(!copilotDescriptor.showsOrganizationField)
+    }
+
+    @Test
+    func `open router menu bar metric picker shows only automatic and primary`() {
+        Self.withEnglishLocalization {
+            let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-openrouter-picker")
+            let store = Self.makeUsageStore(settings: settings)
+            let pane = ProvidersPane(settings: settings, store: store)
+
+            let picker = pane._test_menuBarMetricPicker(for: .openrouter)
+            #expect(picker?.options.map(\.id) == [
+                MenuBarMetricPreference.automatic.rawValue,
+                MenuBarMetricPreference.primary.rawValue,
+            ])
+            #expect(picker?.options.map(\.title) == [
+                "Automatic",
+                "Primary (API key limit)",
+            ])
+        }
+    }
+
+    @Test
+    func `deepseek menu bar metric picker shows balance only copy`() {
+        Self.withEnglishLocalization {
+            let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-deepseek-picker")
+            let store = Self.makeUsageStore(settings: settings)
+            let pane = ProvidersPane(settings: settings, store: store)
+
+            let picker = pane._test_menuBarMetricPicker(for: .deepseek)
+            #expect(picker?.options.map(\.id) == [
+                MenuBarMetricPreference.automatic.rawValue,
+            ])
+            #expect(picker?.subtitle == "Shows the DeepSeek balance in the menu bar.")
+        }
+    }
+
+    @Test
+    func `moonshot menu bar metric picker shows balance only copy`() {
+        Self.withEnglishLocalization {
+            let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-moonshot-picker")
+            let store = Self.makeUsageStore(settings: settings)
+            let pane = ProvidersPane(settings: settings, store: store)
+
+            let picker = pane._test_menuBarMetricPicker(for: .moonshot)
+            #expect(picker?.options.map(\.id) == [
+                MenuBarMetricPreference.automatic.rawValue,
+            ])
+            #expect(picker?.subtitle == "Shows the Moonshot / Kimi API balance in the menu bar.")
+        }
+    }
+
+    @Test
+    func `mistral menu bar metric picker shows spend only copy`() {
+        Self.withEnglishLocalization {
+            let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-mistral-picker")
+            let store = Self.makeUsageStore(settings: settings)
+            let pane = ProvidersPane(settings: settings, store: store)
+
+            let picker = pane._test_menuBarMetricPicker(for: .mistral)
+            #expect(picker?.options.map(\.id) == [
+                MenuBarMetricPreference.automatic.rawValue,
+            ])
+            #expect(picker?.subtitle == "Shows current-month Mistral API spend in the menu bar.")
+        }
+    }
+
+    @Test
+    func `kimi k2 menu bar metric picker shows credits only copy`() {
+        Self.withEnglishLocalization {
+            let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-kimik2-picker")
+            let store = Self.makeUsageStore(settings: settings)
+            let pane = ProvidersPane(settings: settings, store: store)
+
+            let picker = pane._test_menuBarMetricPicker(for: .kimik2)
+            #expect(picker?.options.map(\.id) == [
+                MenuBarMetricPreference.automatic.rawValue,
+            ])
+            #expect(picker?.subtitle == "Shows Kimi K2 API-key credits in the menu bar.")
+        }
+    }
+
+    @Test
+    func `cursor menu bar metric picker omits tertiary api lane when snapshot has no api metric`() {
+        let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-cursor-no-tertiary-picker")
+        let store = Self.makeUsageStore(settings: settings)
+        let pane = ProvidersPane(settings: settings, store: store)
+
+        let picker = pane._test_menuBarMetricPicker(for: .cursor)
+        let ids = picker?.options.map(\.id) ?? []
+        #expect(!ids.contains(MenuBarMetricPreference.tertiary.rawValue))
+    }
+
+    @Test
+    func `cursor menu bar metric picker includes tertiary api lane when snapshot has api metric`() {
+        Self.withEnglishLocalization {
+            let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-cursor-tertiary-picker")
+            let store = Self.makeUsageStore(settings: settings)
+            store._setSnapshotForTesting(
+                UsageSnapshot(
+                    primary: RateWindow(usedPercent: 12, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                    secondary: RateWindow(usedPercent: 34, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                    tertiary: RateWindow(usedPercent: 56, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                    updatedAt: Date()),
+                provider: .cursor)
+            let pane = ProvidersPane(settings: settings, store: store)
+
+            let picker = pane._test_menuBarMetricPicker(for: .cursor)
+            let ids = picker?.options.map(\.id) ?? []
+            #expect(ids.contains(MenuBarMetricPreference.tertiary.rawValue))
+            let tertiaryOption = picker?.options.first { $0.id == MenuBarMetricPreference.tertiary.rawValue }
+            #expect(tertiaryOption?.title == "Tertiary (API)")
+        }
+    }
+
+    @Test
+    func `cursor menu bar metric picker omits extra usage when on demand budget is missing`() {
+        let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-cursor-no-extra-usage-picker")
+        let store = Self.makeUsageStore(settings: settings)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(usedPercent: 12, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: RateWindow(usedPercent: 34, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                updatedAt: Date()),
+            provider: .cursor)
+        let pane = ProvidersPane(settings: settings, store: store)
+
+        let picker = pane._test_menuBarMetricPicker(for: .cursor)
+        let ids = picker?.options.map(\.id) ?? []
+        #expect(!ids.contains(MenuBarMetricPreference.extraUsage.rawValue))
+    }
+
+    @Test
+    func `cursor menu bar metric picker includes extra usage when on demand budget is available`() {
+        Self.withEnglishLocalization {
+            let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-cursor-extra-usage-picker")
+            let store = Self.makeUsageStore(settings: settings)
+            store._setSnapshotForTesting(
+                UsageSnapshot(
+                    primary: RateWindow(usedPercent: 12, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                    secondary: RateWindow(usedPercent: 34, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                    tertiary: RateWindow(usedPercent: 56, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                    providerCost: ProviderCostSnapshot(
+                        used: 15,
+                        limit: 100,
+                        currencyCode: "USD",
+                        updatedAt: Date()),
+                    updatedAt: Date()),
+                provider: .cursor)
+            let pane = ProvidersPane(settings: settings, store: store)
+
+            let picker = pane._test_menuBarMetricPicker(for: .cursor)
+            let ids = picker?.options.map(\.id) ?? []
+            #expect(ids.contains(MenuBarMetricPreference.extraUsage.rawValue))
+            let option = picker?.options.first { $0.id == MenuBarMetricPreference.extraUsage.rawValue }
+            #expect(option?.title == "Extra usage")
+        }
+    }
+
+    @Test
+    func `claude menu bar metric picker includes extra usage when spend limit is available`() {
+        let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-claude-extra-usage-picker")
+        let store = Self.makeUsageStore(settings: settings)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: nil,
+                secondary: nil,
+                providerCost: ProviderCostSnapshot(
+                    used: 67.03,
+                    limit: 1000,
+                    currencyCode: "USD",
+                    period: "Spend limit",
+                    updatedAt: Date()),
+                updatedAt: Date()),
+            provider: .claude)
+        let pane = ProvidersPane(settings: settings, store: store)
+
+        let picker = pane._test_menuBarMetricPicker(for: .claude)
+        let ids = picker?.options.map(\.id) ?? []
+        #expect(ids.contains(MenuBarMetricPreference.extraUsage.rawValue))
+    }
+
+    @Test
+    func `zai menu bar metric picker omits tertiary lane when snapshot has no 5-hour metric`() {
+        let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-zai-no-tertiary-picker")
+        let store = Self.makeUsageStore(settings: settings)
+        let pane = ProvidersPane(settings: settings, store: store)
+
+        let picker = pane._test_menuBarMetricPicker(for: .zai)
+        let ids = picker?.options.map(\.id) ?? []
+        #expect(ids == [
             MenuBarMetricPreference.automatic.rawValue,
             MenuBarMetricPreference.primary.rawValue,
-        ])
-        #expect(picker?.options.map(\.title) == [
-            "Automatic",
-            "Primary (API key limit)",
+            MenuBarMetricPreference.secondary.rawValue,
         ])
     }
 
     @Test
-    func providerDetailPlanRow_formatsOpenRouterAsBalance() {
-        let row = ProviderDetailView.planRow(provider: .openrouter, planText: "Balance: $4.61")
+    func `zai menu bar metric picker includes tertiary 5-hour lane when snapshot has it`() {
+        Self.withEnglishLocalization {
+            let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-zai-tertiary-picker")
+            let store = Self.makeUsageStore(settings: settings)
+            store._setSnapshotForTesting(
+                UsageSnapshot(
+                    primary: RateWindow(usedPercent: 12, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+                    secondary: RateWindow(usedPercent: 34, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                    tertiary: RateWindow(usedPercent: 56, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+                    updatedAt: Date()),
+                provider: .zai)
+            let pane = ProvidersPane(settings: settings, store: store)
 
-        #expect(row?.label == "Balance")
-        #expect(row?.value == "$4.61")
+            let picker = pane._test_menuBarMetricPicker(for: .zai)
+            let ids = picker?.options.map(\.id) ?? []
+            #expect(ids.contains(MenuBarMetricPreference.tertiary.rawValue))
+            let tertiaryOption = picker?.options.first { $0.id == MenuBarMetricPreference.tertiary.rawValue }
+            #expect(tertiaryOption?.title == "Tertiary (5-hour)")
+        }
     }
 
     @Test
-    func providerDetailPlanRow_keepsPlanLabelForNonOpenRouter() {
-        let row = ProviderDetailView.planRow(provider: .codex, planText: "Pro")
+    func `gemini menu bar metric picker omits tertiary lane`() {
+        let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-gemini-no-tertiary-picker")
+        let store = Self.makeUsageStore(settings: settings)
+        let pane = ProvidersPane(settings: settings, store: store)
+
+        let picker = pane._test_menuBarMetricPicker(for: .gemini)
+        let ids = picker?.options.map(\.id) ?? []
+        #expect(!ids.contains(MenuBarMetricPreference.tertiary.rawValue))
+    }
+
+    @Test
+    func `provider detail plan row formats open router as balance`() {
+        Self.withEnglishLocalization {
+            let row = ProviderDetailView<EmptyView>.planRow(provider: .openrouter, planText: "Balance: $4.61")
+
+            #expect(row?.label == "Balance")
+            #expect(row?.value == "$4.61")
+        }
+    }
+
+    @Test
+    func `provider detail plan row formats moonshot as balance`() {
+        Self.withEnglishLocalization {
+            let row = ProviderDetailView<EmptyView>.planRow(provider: .moonshot, planText: "Balance: $49.58")
+
+            #expect(row?.label == "Balance")
+            #expect(row?.value == "$49.58")
+        }
+    }
+
+    @Test
+    func `provider detail plan row keeps plan label for non open router`() {
+        Self.withEnglishLocalization {
+            let row = ProviderDetailView<EmptyView>.planRow(provider: .codex, planText: "Pro")
+
+            #expect(row?.label == "Plan")
+            #expect(row?.value == "Pro")
+        }
+    }
+
+    @Test
+    func `opencode manual cookie source hides cached browser trailing text`() {
+        let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-opencode-manual")
+        let store = Self.makeUsageStore(settings: settings)
+        settings.opencodeCookieSource = .manual
+        CookieHeaderCache.store(provider: .opencode, cookieHeader: "auth=cache", sourceLabel: "Chrome")
+        defer { CookieHeaderCache.clear(provider: .opencode) }
+
+        let pane = ProvidersPane(settings: settings, store: store)
+        let picker = pane._test_settingsPickers(for: .opencode).first { $0.id == "opencode-cookie-source" }
 
-        #expect(row?.label == "Plan")
-        #expect(row?.value == "Pro")
+        #expect(picker?.dynamicSubtitle?() == "Paste a Cookie header captured from the billing page.")
+        #expect(picker?.trailingText?() == nil)
+    }
+
+    @Test
+    func `opencode go manual cookie source hides cached browser trailing text`() {
+        let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-opencodego-manual")
+        let store = Self.makeUsageStore(settings: settings)
+        settings.opencodegoCookieSource = .manual
+        CookieHeaderCache.store(provider: .opencodego, cookieHeader: "auth=cache", sourceLabel: "Chrome")
+        defer { CookieHeaderCache.clear(provider: .opencodego) }
+
+        let pane = ProvidersPane(settings: settings, store: store)
+        let picker = pane._test_settingsPickers(for: .opencodego).first { $0.id == "opencodego-cookie-source" }
+
+        #expect(picker?.dynamicSubtitle?() == "Paste a Cookie header captured from the billing page.")
+        #expect(picker?.trailingText?() == nil)
+    }
+
+    @Test
+    func `codex providers pane uses managed account fallback instead of ambient account`() throws {
+        let settings = Self.makeSettingsStore(suite: "ProvidersPaneCoverageTests-codex-managed-fallback")
+        let ambientHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        let managedHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        defer {
+            try? FileManager.default.removeItem(at: ambientHome)
+            try? FileManager.default.removeItem(at: managedHome)
+        }
+
+        try Self.writeCodexAuthFile(homeURL: ambientHome, email: "ambient@example.com", plan: "plus")
+        try Self.writeCodexAuthFile(homeURL: managedHome, email: "managed@example.com", plan: "enterprise")
+        let managedAccountID = UUID()
+        settings.codexActiveSource = .managedAccount(id: managedAccountID)
+        settings._test_activeManagedCodexAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "managed@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: ["CODEX_HOME": ambientHome.path]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(usedPercent: 12, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+                secondary: RateWindow(usedPercent: 34, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+                updatedAt: Date(),
+                identity: nil),
+            provider: .codex)
+
+        let pane = ProvidersPane(settings: settings, store: store)
+        let model = pane._test_menuCardModel(for: .codex)
+
+        #expect(model.email == "managed@example.com")
+        #expect(model.planText == "Enterprise")
     }
 
     private static func makeSettingsStore(suite: String) -> SettingsStore {
@@ -78,4 +391,38 @@ struct ProvidersPaneCoverageTests {
             browserDetection: BrowserDetection(cacheTTL: 0),
             settings: settings)
     }
+
+    private static func withEnglishLocalization(perform body: () -> Void) {
+        CodexBarLocalizationOverride.$appLanguage.withValue("en", operation: body)
+    }
+
+    private static func writeCodexAuthFile(homeURL: URL, email: String, plan: String) throws {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        let auth = [
+            "tokens": [
+                "accessToken": "access-token",
+                "refreshToken": "refresh-token",
+                "idToken": Self.fakeJWT(email: email, plan: plan),
+            ],
+        ]
+        let data = try JSONSerialization.data(withJSONObject: auth)
+        try data.write(to: homeURL.appendingPathComponent("auth.json"))
+    }
+
+    private static func fakeJWT(email: String, plan: String) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        let payload = (try? JSONSerialization.data(withJSONObject: [
+            "email": email,
+            "chatgpt_plan_type": plan,
+        ])) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
 }
diff --git a/Tests/CodexBarTests/QuotaWarningNotificationLogicTests.swift b/Tests/CodexBarTests/QuotaWarningNotificationLogicTests.swift
new file mode 100644
index 000000000..b0bd32c7f
--- /dev/null
+++ b/Tests/CodexBarTests/QuotaWarningNotificationLogicTests.swift
@@ -0,0 +1,152 @@
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+struct QuotaWarningNotificationLogicTests {
+    @Test
+    func `quota warning copy includes current remaining and threshold`() {
+        Self.withAppLanguage("en") {
+            let copy = QuotaWarningNotificationLogic.notificationCopy(
+                providerName: "Codex",
+                window: .session,
+                threshold: 20,
+                currentRemaining: 12.4)
+
+            #expect(copy.title == "Codex session quota low")
+            #expect(copy.body == "12% left. Reached your 20% session warning threshold.")
+        }
+    }
+
+    @Test
+    func `quota warning copy clamps current remaining`() {
+        Self.withAppLanguage("en") {
+            let copy = QuotaWarningNotificationLogic.notificationCopy(
+                providerName: "Codex",
+                window: .weekly,
+                threshold: 50,
+                currentRemaining: -3)
+
+            #expect(copy.title == "Codex weekly quota low")
+            #expect(copy.body == "0% left. Reached your 50% weekly warning threshold.")
+        }
+    }
+
+    @Test
+    func `quota warning copy includes account when provided`() {
+        Self.withAppLanguage("en") {
+            let copy = QuotaWarningNotificationLogic.notificationCopy(
+                providerName: "Codex",
+                window: .session,
+                threshold: 50,
+                currentRemaining: 45,
+                accountDisplayName: "person@example.com")
+
+            #expect(copy.title == "Codex session quota low")
+            #expect(copy.body == "Account person@example.com. 45% left. Reached your 50% session warning threshold.")
+        }
+    }
+
+    @Test
+    func `quota warning copy follows Traditional Chinese app language`() {
+        Self.withAppLanguage("zh-Hant") {
+            let copy = QuotaWarningNotificationLogic.notificationCopy(
+                providerName: "Codex",
+                window: .session,
+                threshold: 50,
+                currentRemaining: 45,
+                accountDisplayName: "person@example.com")
+
+            #expect(copy.title == "Codex 工作階段配額偏低")
+            #expect(copy.body == "帳號 person@example.com。剩餘 45%。已達到 50% 工作階段提醒門檻。")
+        }
+    }
+
+    @Test
+    func `does nothing without crossing`() {
+        let crossed = QuotaWarningNotificationLogic.crossedThreshold(
+            previousRemaining: 60,
+            currentRemaining: 55,
+            thresholds: [50, 20],
+            alreadyFired: [])
+
+        #expect(crossed == nil)
+    }
+
+    @Test
+    func `detects downward crossing`() {
+        let crossed = QuotaWarningNotificationLogic.crossedThreshold(
+            previousRemaining: 55,
+            currentRemaining: 45,
+            thresholds: [50, 20],
+            alreadyFired: [])
+
+        #expect(crossed == 50)
+    }
+
+    @Test
+    func `skips already fired thresholds`() {
+        let crossed = QuotaWarningNotificationLogic.crossedThreshold(
+            previousRemaining: 55,
+            currentRemaining: 45,
+            thresholds: [50, 20],
+            alreadyFired: [50])
+
+        #expect(crossed == nil)
+    }
+
+    @Test
+    func `chooses most severe threshold when crossing several at once`() {
+        let crossed = QuotaWarningNotificationLogic.crossedThreshold(
+            previousRemaining: 80,
+            currentRemaining: 10,
+            thresholds: [50, 20],
+            alreadyFired: [])
+
+        #expect(crossed == 20)
+    }
+
+    @Test
+    func `startup below threshold warns once at most severe threshold`() {
+        let crossed = QuotaWarningNotificationLogic.crossedThreshold(
+            previousRemaining: nil,
+            currentRemaining: 10,
+            thresholds: [50, 20],
+            alreadyFired: [])
+
+        #expect(crossed == 20)
+    }
+
+    @Test
+    func `warning marks threshold and higher thresholds fired`() {
+        let fired = QuotaWarningNotificationLogic.firedThresholdsAfterWarning(
+            threshold: 20,
+            thresholds: [50, 20])
+
+        #expect(fired == [50, 20])
+    }
+
+    @Test
+    func `recovery clears only thresholds below current remaining`() {
+        let cleared = QuotaWarningNotificationLogic.thresholdsToClear(
+            currentRemaining: 30,
+            alreadyFired: [50, 20])
+
+        #expect(cleared == [20])
+    }
+
+    @Test
+    func `zero threshold does not post quota warning`() {
+        let crossed = QuotaWarningNotificationLogic.crossedThreshold(
+            previousRemaining: 10,
+            currentRemaining: 0,
+            thresholds: [10, 0],
+            alreadyFired: [10])
+
+        #expect(crossed == nil)
+        #expect(QuotaWarningNotificationLogic.firedThresholdsAfterWarning(threshold: 10, thresholds: [10, 0]) == [10])
+    }
+
+    private static func withAppLanguage(_ language: String, perform body: () -> Void) {
+        CodexBarLocalizationOverride.$appLanguage.withValue(language, operation: body)
+    }
+}
diff --git a/Tests/CodexBarTests/ResetTimeBackfillTests.swift b/Tests/CodexBarTests/ResetTimeBackfillTests.swift
new file mode 100644
index 000000000..7cdbf152f
--- /dev/null
+++ b/Tests/CodexBarTests/ResetTimeBackfillTests.swift
@@ -0,0 +1,122 @@
+import CodexBarCore
+import Foundation
+import XCTest
+
+final class ResetTimeBackfillTests: XCTestCase {
+    func test_backfillsMissingResetMetadataFromCachedWindow() {
+        let now = Date(timeIntervalSince1970: 1_800_000_000)
+        let reset = now.addingTimeInterval(3600)
+        let cached = RateWindow(
+            usedPercent: 50,
+            windowMinutes: 300,
+            resetsAt: reset,
+            resetDescription: "Resets in 1h",
+            nextRegenPercent: 9)
+        let fresh = RateWindow(
+            usedPercent: 62,
+            windowMinutes: nil,
+            resetsAt: nil,
+            resetDescription: nil,
+            nextRegenPercent: 4)
+
+        let result = fresh.backfillingResetTime(from: cached, now: now)
+
+        XCTAssertEqual(result.usedPercent, 62)
+        XCTAssertEqual(result.windowMinutes, 300)
+        XCTAssertEqual(result.resetsAt, reset)
+        XCTAssertEqual(result.resetDescription, "Resets in 1h")
+        XCTAssertEqual(result.nextRegenPercent, 4)
+    }
+
+    func test_skipsExpiredCachedReset() {
+        let now = Date(timeIntervalSince1970: 1_800_000_000)
+        let cached = RateWindow(
+            usedPercent: 50,
+            windowMinutes: 300,
+            resetsAt: now.addingTimeInterval(-60),
+            resetDescription: "Expired")
+        let fresh = RateWindow(usedPercent: 62, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
+
+        let result = fresh.backfillingResetTime(from: cached, now: now)
+
+        XCTAssertNil(result.resetsAt)
+        XCTAssertNil(result.windowMinutes)
+        XCTAssertNil(result.resetDescription)
+    }
+
+    func test_snapshotBackfillPreservesCurrentSnapshotFields() {
+        let now = Date(timeIntervalSince1970: 1_800_000_000)
+        let reset = now.addingTimeInterval(3600)
+        let identity = ProviderIdentitySnapshot(
+            providerID: .claude,
+            accountEmail: "peter@example.com",
+            accountOrganization: "Org",
+            loginMethod: "OAuth")
+        let cached = UsageSnapshot(
+            primary: RateWindow(usedPercent: 40, windowMinutes: 300, resetsAt: reset, resetDescription: "Soon"),
+            secondary: nil,
+            updatedAt: now.addingTimeInterval(-300),
+            identity: identity)
+        let extra = NamedRateWindow(
+            id: "overflow",
+            title: "Overflow",
+            window: RateWindow(
+                usedPercent: 12,
+                windowMinutes: nil,
+                resetsAt: nil,
+                resetDescription: nil,
+                nextRegenPercent: 2))
+        let fresh = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 66,
+                windowMinutes: nil,
+                resetsAt: nil,
+                resetDescription: nil,
+                nextRegenPercent: 7),
+            secondary: nil,
+            extraRateWindows: [extra],
+            cursorRequests: CursorRequestUsage(used: 10, limit: 50),
+            updatedAt: now,
+            identity: identity)
+
+        let result = fresh.backfillingResetTimes(from: cached, now: now)
+
+        XCTAssertEqual(result.primary?.resetsAt, reset)
+        XCTAssertEqual(result.primary?.usedPercent, 66)
+        XCTAssertEqual(result.primary?.nextRegenPercent, 7)
+        XCTAssertEqual(result.extraRateWindows?.first?.id, "overflow")
+        XCTAssertEqual(result.extraRateWindows?.first?.window.nextRegenPercent, 2)
+        XCTAssertEqual(result.cursorRequests?.used, 10)
+        XCTAssertEqual(result.identity?.accountEmail, "peter@example.com")
+    }
+
+    func test_snapshotBackfillSkipsDifferentAccounts() {
+        let now = Date(timeIntervalSince1970: 1_800_000_000)
+        let cached = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 40,
+                windowMinutes: 300,
+                resetsAt: now.addingTimeInterval(3600),
+                resetDescription: "Soon"),
+            secondary: nil,
+            updatedAt: now.addingTimeInterval(-300),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: "old@example.com",
+                accountOrganization: nil,
+                loginMethod: nil))
+        let fresh = UsageSnapshot(
+            primary: RateWindow(usedPercent: 66, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: now,
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: "new@example.com",
+                accountOrganization: nil,
+                loginMethod: nil))
+
+        let result = fresh.backfillingResetTimes(from: cached, now: now)
+
+        XCTAssertNil(result.primary?.resetsAt)
+    }
+}
diff --git a/Tests/CodexBarTests/SessionQuotaNotificationLogicTests.swift b/Tests/CodexBarTests/SessionQuotaNotificationLogicTests.swift
index 96cbcc52e..2c43d3179 100644
--- a/Tests/CodexBarTests/SessionQuotaNotificationLogicTests.swift
+++ b/Tests/CodexBarTests/SessionQuotaNotificationLogicTests.swift
@@ -1,36 +1,64 @@
 import Testing
 @testable import CodexBar
 
-@Suite
+@Suite(.serialized)
 struct SessionQuotaNotificationLogicTests {
     @Test
-    func doesNothingWithoutPreviousValue() {
+    func `does nothing without previous value`() {
         let transition = SessionQuotaNotificationLogic.transition(previousRemaining: nil, currentRemaining: 0)
         #expect(transition == .none)
     }
 
     @Test
-    func detectsDepletedTransition() {
+    func `detects depleted transition`() {
         let transition = SessionQuotaNotificationLogic.transition(previousRemaining: 12, currentRemaining: 0)
         #expect(transition == .depleted)
     }
 
     @Test
-    func detectsRestoredTransition() {
+    func `detects restored transition`() {
         let transition = SessionQuotaNotificationLogic.transition(previousRemaining: 0, currentRemaining: 5)
         #expect(transition == .restored)
     }
 
     @Test
-    func ignoresNonTransitions() {
+    func `ignores non transitions`() {
         #expect(SessionQuotaNotificationLogic.transition(previousRemaining: 0, currentRemaining: 0) == .none)
         #expect(SessionQuotaNotificationLogic.transition(previousRemaining: 10, currentRemaining: 10) == .none)
         #expect(SessionQuotaNotificationLogic.transition(previousRemaining: 10, currentRemaining: 9) == .none)
     }
 
     @Test
-    func treatsTinyPositiveRemainingAsDepleted() {
+    func `treats tiny positive remaining as depleted`() {
         let transition = SessionQuotaNotificationLogic.transition(previousRemaining: 0, currentRemaining: 0.00001)
         #expect(transition == .none)
     }
+
+    @Test
+    func `depleted notification copy follows Traditional Chinese app language`() {
+        Self.withAppLanguage("zh-Hant") {
+            let copy = SessionQuotaNotificationLogic.notificationCopy(
+                transition: .depleted,
+                providerName: "Codex")
+
+            #expect(copy.title == "Codex 工作階段已用完")
+            #expect(copy.body == "剩餘 0%。恢復可用時會再通知。")
+        }
+    }
+
+    @Test
+    func `restored notification copy follows Traditional Chinese app language`() {
+        Self.withAppLanguage("zh-Hant") {
+            let copy = SessionQuotaNotificationLogic.notificationCopy(
+                transition: .restored,
+                providerName: "Codex")
+
+            #expect(copy.title == "Codex 工作階段已恢復")
+            #expect(copy.body == "工作階段配額已恢復可用。")
+        }
+    }
+
+    private static func withAppLanguage(_ language: String, perform body: () -> Void) {
+        CodexBarLocalizationOverride.$appLanguage.withValue(language, operation: body)
+    }
 }
diff --git a/Tests/CodexBarTests/SettingsStoreAdditionalTests.swift b/Tests/CodexBarTests/SettingsStoreAdditionalTests.swift
index 7ec91584c..39f50263f 100644
--- a/Tests/CodexBarTests/SettingsStoreAdditionalTests.swift
+++ b/Tests/CodexBarTests/SettingsStoreAdditionalTests.swift
@@ -4,24 +4,59 @@ import Testing
 @testable import CodexBar
 
 @MainActor
-@Suite
 struct SettingsStoreAdditionalTests {
     @Test
-    func menuBarMetricPreferenceHandlesZaiAndAverage() {
+    func `menu bar metric preference handles zai and average`() {
         let settings = Self.makeSettingsStore(suite: "SettingsStoreAdditionalTests-metric")
 
+        #expect(settings.menuBarMetricPreference(for: .zai) == .automatic)
+
         settings.setMenuBarMetricPreference(.average, for: .zai)
-        #expect(settings.menuBarMetricPreference(for: .zai) == .primary)
+        #expect(settings.menuBarMetricPreference(for: .zai) == .automatic)
+
+        settings.setMenuBarMetricPreference(.secondary, for: .zai)
+        #expect(settings.menuBarMetricPreference(for: .zai) == .secondary)
+
+        settings.setMenuBarMetricPreference(.tertiary, for: .zai)
+        #expect(settings.menuBarMetricPreference(for: .zai) == .tertiary)
+        #expect(settings.menuBarMetricPreference(for: .zai, snapshot: nil) == .automatic)
+        #expect(settings.menuBarMetricSupportsTertiary(for: .zai, snapshot: nil) == false)
 
         settings.setMenuBarMetricPreference(.average, for: .codex)
         #expect(settings.menuBarMetricPreference(for: .codex) == .automatic)
 
         settings.setMenuBarMetricPreference(.average, for: .gemini)
         #expect(settings.menuBarMetricPreference(for: .gemini) == .average)
+
+        settings.setMenuBarMetricPreference(.tertiary, for: .codex)
+        #expect(settings.menuBarMetricPreference(for: .codex) == .automatic)
+
+        settings.setMenuBarMetricPreference(.tertiary, for: .cursor)
+        #expect(settings.menuBarMetricPreference(for: .cursor) == .tertiary)
+        #expect(settings.menuBarMetricPreference(for: .cursor, snapshot: nil) == .automatic)
+        #expect(settings.menuBarMetricSupportsTertiary(for: .cursor, snapshot: nil) == false)
+
+        settings.setMenuBarMetricPreference(.extraUsage, for: .cursor)
+        #expect(settings.menuBarMetricPreference(for: .cursor) == .extraUsage)
+        #expect(settings.menuBarMetricPreference(for: .cursor, snapshot: nil) == .automatic)
+        #expect(settings.menuBarMetricSupportsExtraUsage(for: .cursor, snapshot: nil) == false)
+
+        settings.setMenuBarMetricPreference(.extraUsage, for: .claude)
+        #expect(settings.menuBarMetricPreference(for: .claude) == .extraUsage)
+        #expect(settings.menuBarMetricPreference(for: .claude, snapshot: nil) == .automatic)
+        #expect(settings.menuBarMetricSupportsExtraUsage(for: .claude, snapshot: nil) == false)
+
+        settings.setMenuBarMetricPreference(.tertiary, for: .perplexity)
+        #expect(settings.menuBarMetricPreference(for: .perplexity) == .tertiary)
+        #expect(settings.menuBarMetricPreference(for: .perplexity, snapshot: nil) == .tertiary)
+        #expect(settings.menuBarMetricSupportsTertiary(for: .perplexity, snapshot: nil))
+
+        settings.setMenuBarMetricPreference(.tertiary, for: .gemini)
+        #expect(settings.menuBarMetricPreference(for: .gemini) == .automatic)
     }
 
     @Test
-    func menuBarMetricPreferenceRestrictsOpenRouterToAutomaticOrPrimary() {
+    func `menu bar metric preference restricts open router to automatic or primary`() {
         let settings = Self.makeSettingsStore(suite: "SettingsStoreAdditionalTests-openrouter-metric")
 
         settings.setMenuBarMetricPreference(.secondary, for: .openrouter)
@@ -32,10 +67,29 @@ struct SettingsStoreAdditionalTests {
 
         settings.setMenuBarMetricPreference(.primary, for: .openrouter)
         #expect(settings.menuBarMetricPreference(for: .openrouter) == .primary)
+
+        settings.setMenuBarMetricPreference(.tertiary, for: .openrouter)
+        #expect(settings.menuBarMetricPreference(for: .openrouter) == .automatic)
+
+        settings.setMenuBarMetricPreference(.extraUsage, for: .openrouter)
+        #expect(settings.menuBarMetricPreference(for: .openrouter) == .automatic)
+    }
+
+    @Test
+    func `menu bar metric preference restricts text only balance providers to automatic`() {
+        let settings = Self.makeSettingsStore(suite: "SettingsStoreAdditionalTests-text-only-metric")
+
+        for provider in [UsageProvider.deepseek, .mistral, .kimik2] {
+            settings.setMenuBarMetricPreference(.primary, for: provider)
+            #expect(settings.menuBarMetricPreference(for: provider) == .automatic)
+
+            settings.setMenuBarMetricPreference(.secondary, for: provider)
+            #expect(settings.menuBarMetricPreference(for: provider) == .automatic)
+        }
     }
 
     @Test
-    func minimaxAuthModeUsesStoredValues() {
+    func `minimax auth mode uses stored values`() {
         let settings = Self.makeSettingsStore(suite: "SettingsStoreAdditionalTests-minimax")
         settings.minimaxAPIToken = "sk-api-test-token"
         settings.minimaxCookieHeader = "cookie=value"
@@ -47,7 +101,7 @@ struct SettingsStoreAdditionalTests {
     }
 
     @Test
-    func tokenAccountsSetManualCookieSourceWhenRequired() {
+    func `token accounts set manual cookie source when required`() {
         let settings = Self.makeSettingsStore(suite: "SettingsStoreAdditionalTests-token-accounts")
 
         settings.addTokenAccount(provider: .claude, label: "Primary", token: "token-1")
@@ -57,7 +111,7 @@ struct SettingsStoreAdditionalTests {
     }
 
     @Test
-    func ollamaTokenAccountsSetManualCookieSourceWhenRequired() {
+    func `ollama token accounts set manual cookie source when required`() {
         let settings = Self.makeSettingsStore(suite: "SettingsStoreAdditionalTests-ollama-token-accounts")
 
         settings.addTokenAccount(provider: .ollama, label: "Primary", token: "session=token-1")
@@ -67,7 +121,7 @@ struct SettingsStoreAdditionalTests {
     }
 
     @Test
-    func detectsTokenCostUsageSourcesFromFilesystem() throws {
+    func `detects token cost usage sources from filesystem`() throws {
         let fm = FileManager.default
         let root = fm.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
         let sessions = root.appendingPathComponent("sessions", isDirectory: true)
diff --git a/Tests/CodexBarTests/SettingsStoreCoverageTests.swift b/Tests/CodexBarTests/SettingsStoreCoverageTests.swift
index b26289e4f..44a3e3e40 100644
--- a/Tests/CodexBarTests/SettingsStoreCoverageTests.swift
+++ b/Tests/CodexBarTests/SettingsStoreCoverageTests.swift
@@ -4,10 +4,9 @@ import Testing
 @testable import CodexBar
 
 @MainActor
-@Suite
 struct SettingsStoreCoverageTests {
     @Test
-    func providerOrderingAndCaching() throws {
+    func `provider ordering and caching`() throws {
         let suite = "SettingsStoreCoverageTests-ordering"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -37,7 +36,22 @@ struct SettingsStoreCoverageTests {
     }
 
     @Test
-    func menuBarMetricPreferencesAndDisplayModes() {
+    func `disabling selected provider clears menu selection`() throws {
+        let settings = Self.makeSettingsStore()
+        let metadata = ProviderRegistry.shared.metadata
+
+        try settings.setProviderEnabled(provider: .codex, metadata: #require(metadata[.codex]), enabled: true)
+        try settings.setProviderEnabled(provider: .claude, metadata: #require(metadata[.claude]), enabled: true)
+        settings.selectedMenuProvider = .claude
+
+        try settings.setProviderEnabled(provider: .claude, metadata: #require(metadata[.claude]), enabled: false)
+
+        #expect(settings.selectedMenuProvider == nil)
+        #expect(settings.enabledProvidersOrdered(metadataByProvider: metadata) == [.codex])
+    }
+
+    @Test
+    func `menu bar metric preferences and display modes`() {
         let settings = Self.makeSettingsStore()
 
         settings.setMenuBarMetricPreference(.average, for: .codex)
@@ -48,7 +62,7 @@ struct SettingsStoreCoverageTests {
         #expect(settings.menuBarMetricSupportsAverage(for: .gemini))
 
         settings.setMenuBarMetricPreference(.secondary, for: .zai)
-        #expect(settings.menuBarMetricPreference(for: .zai) == .primary)
+        #expect(settings.menuBarMetricPreference(for: .zai) == .secondary)
 
         settings.menuBarDisplayMode = .pace
         #expect(settings.menuBarDisplayMode == .pace)
@@ -61,7 +75,40 @@ struct SettingsStoreCoverageTests {
     }
 
     @Test
-    func tokenAccountMutationsApplySideEffects() {
+    func `multi account menu layout persists and bridges legacy show all token accounts`() throws {
+        let suite = "SettingsStoreCoverageTests-multi-account-layout"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+
+        let initial = Self.makeSettingsStore(userDefaults: defaults, configStore: configStore)
+        #expect(initial.multiAccountMenuLayout == .segmented)
+
+        initial.multiAccountMenuLayout = .stacked
+        #expect(defaults.string(forKey: "multiAccountMenuLayout") == MultiAccountMenuLayout.stacked.rawValue)
+        #expect(initial.showAllTokenAccountsInMenu)
+
+        let reloaded = Self.makeSettingsStore(userDefaults: defaults, configStore: configStore)
+        #expect(reloaded.multiAccountMenuLayout == .stacked)
+        reloaded.showAllTokenAccountsInMenu = false
+        #expect(reloaded.multiAccountMenuLayout == .segmented)
+    }
+
+    @Test
+    func `legacy show all token accounts migrates to stacked layout`() throws {
+        let suite = "SettingsStoreCoverageTests-legacy-token-account-layout"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        defaults.set(true, forKey: "showAllTokenAccountsInMenu")
+        let configStore = testConfigStore(suiteName: suite)
+
+        let settings = Self.makeSettingsStore(userDefaults: defaults, configStore: configStore)
+
+        #expect(settings.multiAccountMenuLayout == .stacked)
+    }
+
+    @Test
+    func `token account mutations apply side effects`() {
         let settings = Self.makeSettingsStore()
 
         settings.addTokenAccount(provider: .claude, label: "Primary", token: "token")
@@ -83,7 +130,159 @@ struct SettingsStoreCoverageTests {
     }
 
     @Test
-    func tokenCostUsageSourceDetection() throws {
+    func `token account update preserves identity and selection`() throws {
+        let settings = Self.makeSettingsStore()
+
+        settings.addTokenAccount(provider: .copilot, label: "Primary", token: "token-1")
+        settings.addTokenAccount(provider: .copilot, label: "Secondary", token: "token-2")
+        settings.setActiveTokenAccountIndex(0, for: .copilot)
+
+        let original = try #require(settings.selectedTokenAccount(for: .copilot))
+        settings.updateTokenAccount(
+            provider: .copilot,
+            accountID: original.id,
+            label: "Primary (Pro)",
+            token: "token-1b")
+
+        let updated = try #require(settings.selectedTokenAccount(for: .copilot))
+        #expect(updated.id == original.id)
+        #expect(updated.label == "Primary (Pro)")
+        #expect(updated.token == "token-1b")
+        #expect(settings.tokenAccounts(for: .copilot).count == 2)
+    }
+
+    @Test
+    func `copilot token accounts clear legacy api key fallback`() throws {
+        let settings = Self.makeSettingsStore()
+        settings.copilotAPIToken = "legacy-token"
+
+        settings.addTokenAccount(provider: .copilot, label: "Primary", token: "token-1")
+
+        #expect(settings.copilotAPIToken.isEmpty)
+        #expect(settings.copilotSettingsSnapshot(tokenOverride: nil).apiToken == "token-1")
+
+        settings.copilotAPIToken = "legacy-token"
+        let account = try #require(settings.selectedTokenAccount(for: .copilot))
+        settings.removeTokenAccount(provider: .copilot, accountID: account.id)
+
+        #expect(settings.tokenAccounts(for: .copilot).isEmpty)
+        #expect(settings.copilotAPIToken.isEmpty)
+        #expect(settings.copilotSettingsSnapshot(tokenOverride: nil).apiToken == nil)
+    }
+
+    @Test
+    func `copilot enterprise host persists in provider config`() throws {
+        let suite = "SettingsStoreCoverageTests-copilot-enterprise-host"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        let first = Self.makeSettingsStore(userDefaults: defaults, configStore: configStore)
+
+        first.copilotEnterpriseHost = "https://octocorp.ghe.com/login"
+        #expect(first.copilotEnterpriseHost == "https://octocorp.ghe.com/login")
+        #expect(first.copilotSettingsSnapshot(tokenOverride: nil).enterpriseHost == "octocorp.ghe.com")
+
+        let second = Self.makeSettingsStore(userDefaults: defaults, configStore: configStore)
+        #expect(second.copilotEnterpriseHost == "https://octocorp.ghe.com/login")
+
+        second.copilotEnterpriseHost = "github.com"
+        #expect(second.copilotEnterpriseHost == "github.com")
+        #expect(second.copilotSettingsSnapshot(tokenOverride: nil).enterpriseHost == nil)
+    }
+
+    @Test
+    func `removing another token account preserves active selection`() throws {
+        let settings = Self.makeSettingsStore()
+
+        settings.addTokenAccount(provider: .copilot, label: "A", token: "token-a")
+        settings.addTokenAccount(provider: .copilot, label: "B", token: "token-b")
+        settings.addTokenAccount(provider: .copilot, label: "C", token: "token-c")
+        settings.setActiveTokenAccountIndex(1, for: .copilot)
+
+        let activeBefore = try #require(settings.selectedTokenAccount(for: .copilot))
+        let accountToRemove = try #require(settings.tokenAccounts(for: .copilot).first)
+        settings.removeTokenAccount(provider: .copilot, accountID: accountToRemove.id)
+
+        let activeAfter = try #require(settings.selectedTokenAccount(for: .copilot))
+        #expect(activeAfter.id == activeBefore.id)
+        #expect(activeAfter.label == "B")
+        #expect(settings.tokenAccounts(for: .copilot).map(\.label) == ["B", "C"])
+    }
+
+    @Test
+    func `claude snapshot uses OAuth routing for OAuth token accounts`() {
+        let settings = Self.makeSettingsStore()
+        settings.addTokenAccount(provider: .claude, label: "OAuth", token: "Bearer sk-ant-oat-account-token")
+
+        let snapshot = settings.claudeSettingsSnapshot(tokenOverride: nil)
+
+        #expect(snapshot.usageDataSource == .auto)
+        #expect(snapshot.cookieSource == .off)
+        #expect(snapshot.manualCookieHeader?.isEmpty == true)
+    }
+
+    @Test
+    func `claude snapshot uses manual cookie routing for session key accounts`() {
+        let settings = Self.makeSettingsStore()
+        settings.addTokenAccount(provider: .claude, label: "Cookie", token: "sk-ant-session-token")
+
+        let snapshot = settings.claudeSettingsSnapshot(tokenOverride: nil)
+
+        #expect(snapshot.usageDataSource == .auto)
+        #expect(snapshot.cookieSource == .manual)
+        #expect(snapshot.manualCookieHeader == "sessionKey=sk-ant-session-token")
+    }
+
+    @Test
+    func `claude snapshot normalizes config manual cookie input through shared route`() {
+        let settings = Self.makeSettingsStore()
+        settings.claudeCookieSource = .manual
+        settings.claudeCookieHeader = "Cookie: sessionKey=sk-ant-session-token; foo=bar"
+
+        let snapshot = settings.claudeSettingsSnapshot(tokenOverride: nil)
+
+        #expect(snapshot.usageDataSource == .auto)
+        #expect(snapshot.cookieSource == .manual)
+        #expect(snapshot.manualCookieHeader == "sessionKey=sk-ant-session-token; foo=bar")
+    }
+
+    @Test
+    func `claude snapshot does not fall back to config cookie for malformed selected token account`() {
+        let settings = Self.makeSettingsStore()
+        settings.claudeCookieSource = .manual
+        settings.claudeCookieHeader = "Cookie: sessionKey=sk-ant-config-cookie"
+        settings.addTokenAccount(provider: .claude, label: "Malformed", token: "Cookie:")
+
+        let snapshot = settings.claudeSettingsSnapshot(tokenOverride: nil)
+
+        #expect(snapshot.cookieSource == .manual)
+        #expect(snapshot.manualCookieHeader?.isEmpty == true)
+    }
+
+    @Test
+    func `opencode go token accounts force manual cookie routing`() {
+        let settings = Self.makeSettingsStore()
+        settings.addTokenAccount(provider: .opencodego, label: "Go", token: "auth=go-cookie")
+
+        let snapshot = settings.opencodegoSettingsSnapshot(tokenOverride: nil)
+
+        #expect(settings.opencodegoCookieSource == .manual)
+        #expect(snapshot.cookieSource == .manual)
+        #expect(snapshot.manualCookieHeader == "auth=go-cookie")
+    }
+
+    @Test
+    func `opencode go snapshot preserves nil workspace id when settings are unset`() {
+        let settings = Self.makeSettingsStore()
+
+        let snapshot = settings.opencodegoSettingsSnapshot(tokenOverride: nil)
+
+        #expect(settings.opencodegoWorkspaceID.isEmpty)
+        #expect(snapshot.workspaceID == nil)
+    }
+
+    @Test
+    func `token cost usage source detection`() throws {
         let fileManager = FileManager.default
         let root = fileManager.temporaryDirectory.appendingPathComponent(
             "token-cost-\(UUID().uuidString)",
@@ -111,7 +310,7 @@ struct SettingsStoreCoverageTests {
     }
 
     @Test
-    func ensureTokenLoadersExecute() {
+    func `ensure token loaders execute`() {
         let settings = Self.makeSettingsStore()
 
         settings.ensureZaiAPITokenLoaded()
@@ -136,7 +335,7 @@ struct SettingsStoreCoverageTests {
     }
 
     @Test
-    func keychainDisableForcesManualCookieSources() throws {
+    func `keychain disable forces manual cookie sources`() throws {
         let suite = "SettingsStoreCoverageTests-keychain"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -154,13 +353,13 @@ struct SettingsStoreCoverageTests {
     }
 
     @Test
-    func claudeKeychainPromptMode_defaultsToOnlyOnUserAction() {
+    func `claude keychain prompt mode defaults to only on user action`() {
         let settings = Self.makeSettingsStore()
         #expect(settings.claudeOAuthKeychainPromptMode == .onlyOnUserAction)
     }
 
     @Test
-    func claudeKeychainPromptMode_persistsAcrossStoreReload() throws {
+    func `claude keychain prompt mode persists across store reload`() throws {
         let suite = "SettingsStoreCoverageTests-claude-keychain-prompt-mode"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -177,7 +376,7 @@ struct SettingsStoreCoverageTests {
     }
 
     @Test
-    func claudeKeychainPromptMode_invalidRawFallsBackToOnlyOnUserAction() throws {
+    func `claude keychain prompt mode invalid raw falls back to only on user action`() throws {
         let suite = "SettingsStoreCoverageTests-claude-keychain-prompt-mode-invalid"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -189,30 +388,30 @@ struct SettingsStoreCoverageTests {
     }
 
     @Test
-    func claudeKeychainReadStrategy_defaultsToSecurityFramework() {
+    func `claude keychain read strategy defaults to security CLI experimental`() {
         let settings = Self.makeSettingsStore()
-        #expect(settings.claudeOAuthKeychainReadStrategy == .securityFramework)
+        #expect(settings.claudeOAuthKeychainReadStrategy == .securityCLIExperimental)
     }
 
     @Test
-    func claudeKeychainReadStrategy_persistsAcrossStoreReload() throws {
+    func `claude keychain read strategy persists across store reload`() throws {
         let suite = "SettingsStoreCoverageTests-claude-keychain-read-strategy"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
         let configStore = testConfigStore(suiteName: suite)
 
         let first = Self.makeSettingsStore(userDefaults: defaults, configStore: configStore)
-        first.claudeOAuthKeychainReadStrategy = .securityCLI
+        first.claudeOAuthKeychainReadStrategy = .securityCLIExperimental
         #expect(
             defaults.string(forKey: "claudeOAuthKeychainReadStrategy")
-                == ClaudeOAuthKeychainReadStrategy.securityCLI.rawValue)
+                == ClaudeOAuthKeychainReadStrategy.securityCLIExperimental.rawValue)
 
         let second = Self.makeSettingsStore(userDefaults: defaults, configStore: configStore)
-        #expect(second.claudeOAuthKeychainReadStrategy == .securityCLI)
+        #expect(second.claudeOAuthKeychainReadStrategy == .securityCLIExperimental)
     }
 
     @Test
-    func claudeKeychainReadStrategy_invalidRawFallsBackToSecurityFramework() throws {
+    func `claude keychain read strategy invalid raw falls back to security framework`() throws {
         let suite = "SettingsStoreCoverageTests-claude-keychain-read-strategy-invalid"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -224,15 +423,98 @@ struct SettingsStoreCoverageTests {
     }
 
     @Test
-    func claudePromptFreeCredentialsToggle_mapsToReadStrategy() {
+    func `claude prompt free credentials toggle maps to read strategy`() {
         let settings = Self.makeSettingsStore()
-        #expect(settings.claudeOAuthPromptFreeCredentialsEnabled == false)
-
-        settings.claudeOAuthPromptFreeCredentialsEnabled = true
-        #expect(settings.claudeOAuthKeychainReadStrategy == .securityCLI)
+        #expect(settings.claudeOAuthPromptFreeCredentialsEnabled == true)
 
         settings.claudeOAuthPromptFreeCredentialsEnabled = false
         #expect(settings.claudeOAuthKeychainReadStrategy == .securityFramework)
+
+        settings.claudeOAuthPromptFreeCredentialsEnabled = true
+        #expect(settings.claudeOAuthKeychainReadStrategy == .securityCLIExperimental)
+    }
+
+    @Test
+    func `upsert antigravity oauth account adds and updates active token account`() throws {
+        let settings = Self.makeSettingsStore()
+        let first = AntigravityOAuthCredentials(
+            accessToken: "first-access",
+            refreshToken: "first-refresh",
+            expiryDate: Date(timeIntervalSince1970: 1_700_000_000),
+            email: "user@example.com")
+        let updated = AntigravityOAuthCredentials(
+            accessToken: "updated-access",
+            refreshToken: "first-refresh",
+            expiryDate: Date(timeIntervalSince1970: 1_700_000_100),
+            email: "user@example.com")
+
+        settings.upsertAntigravityOAuthAccount(first)
+        settings.upsertAntigravityOAuthAccount(updated)
+
+        let accounts = settings.tokenAccounts(for: .antigravity)
+        #expect(accounts.count == 1)
+        let account = try #require(accounts.first)
+        #expect(account.label == "user@example.com")
+        #expect(account.externalIdentifier == "user@example.com")
+        #expect(settings.selectedTokenAccount(for: .antigravity)?.id == account.id)
+
+        let decoded = try #require(AntigravityOAuthCredentialsStore.credentials(fromTokenAccountValue: account.token))
+        #expect(decoded.accessToken == "updated-access")
+    }
+
+    @Test
+    func `upsert antigravity oauth account does not merge missing email accounts by fallback label`() {
+        let settings = Self.makeSettingsStore()
+        let first = AntigravityOAuthCredentials(
+            accessToken: "first-access",
+            refreshToken: "first-refresh",
+            expiryDate: Date(timeIntervalSince1970: 1_700_000_000),
+            email: nil)
+        let second = AntigravityOAuthCredentials(
+            accessToken: "second-access",
+            refreshToken: "second-refresh",
+            expiryDate: Date(timeIntervalSince1970: 1_700_000_100),
+            email: nil)
+
+        settings.upsertAntigravityOAuthAccount(first)
+        settings.upsertAntigravityOAuthAccount(second)
+
+        let accounts = settings.tokenAccounts(for: .antigravity)
+        #expect(accounts.count == 2)
+        #expect(accounts.map(\.label) == ["Google Account 1", "Google Account 2"])
+        #expect(settings.selectedTokenAccount(for: .antigravity)?.id == accounts.last?.id)
+    }
+
+    @Test
+    func `weekly progress work days defaults to nil and persists across store reload`() throws {
+        let suite = "SettingsStoreCoverageTests-weekly-progress-work-days"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+
+        let fresh = Self.makeSettingsStore(userDefaults: defaults, configStore: configStore)
+        #expect(fresh.weeklyProgressWorkDays == nil)
+
+        fresh.weeklyProgressWorkDays = 5
+        #expect(defaults.object(forKey: "weeklyProgressWorkDays") as? Int == 5)
+
+        let reloaded = Self.makeSettingsStore(userDefaults: defaults, configStore: configStore)
+        #expect(reloaded.weeklyProgressWorkDays == 5)
+
+        fresh.weeklyProgressWorkDays = 4
+        #expect(reloaded.weeklyProgressWorkDays == 5)
+
+        let reloaded2 = Self.makeSettingsStore(userDefaults: defaults, configStore: configStore)
+        #expect(reloaded2.weeklyProgressWorkDays == 4)
+
+        reloaded2.weeklyProgressWorkDays = 7
+        let reloaded3 = Self.makeSettingsStore(userDefaults: defaults, configStore: configStore)
+        #expect(reloaded3.weeklyProgressWorkDays == 7)
+
+        reloaded3.weeklyProgressWorkDays = nil
+        #expect(defaults.object(forKey: "weeklyProgressWorkDays") == nil)
+        let reloaded4 = Self.makeSettingsStore(userDefaults: defaults, configStore: configStore)
+        #expect(reloaded4.weeklyProgressWorkDays == nil)
     }
 
     private static func makeSettingsStore(suiteName: String = "SettingsStoreCoverageTests") -> SettingsStore {
diff --git a/Tests/CodexBarTests/SettingsStoreTests.swift b/Tests/CodexBarTests/SettingsStoreTests.swift
index 04ca55516..7c3b70790 100644
--- a/Tests/CodexBarTests/SettingsStoreTests.swift
+++ b/Tests/CodexBarTests/SettingsStoreTests.swift
@@ -4,11 +4,29 @@ import Observation
 import Testing
 @testable import CodexBar
 
+@Suite(.serialized)
 @MainActor
-@Suite
+// swiftlint:disable:next type_body_length
 struct SettingsStoreTests {
+    private final class ObservationFlag: @unchecked Sendable {
+        private let lock = NSLock()
+        private var value = false
+
+        func set() {
+            self.lock.lock()
+            self.value = true
+            self.lock.unlock()
+        }
+
+        func get() -> Bool {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            return self.value
+        }
+    }
+
     @Test
-    func defaultRefreshFrequencyIsFiveMinutes() throws {
+    func `default refresh frequency is five minutes`() throws {
         let suite = "SettingsStoreTests-default"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -22,10 +40,29 @@ struct SettingsStoreTests {
 
         #expect(store.refreshFrequency == .fiveMinutes)
         #expect(store.refreshFrequency.seconds == 300)
+        #expect(defaults.string(forKey: "refreshFrequency") == RefreshFrequency.fiveMinutes.rawValue)
     }
 
     @Test
-    func persistsRefreshFrequencyAcrossInstances() throws {
+    func `repairs unrecognized refresh frequency raw value`() throws {
+        let suite = "SettingsStoreTests-invalid-refresh"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        defaults.set("legacyValue", forKey: "refreshFrequency")
+        let configStore = testConfigStore(suiteName: suite)
+
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        #expect(store.refreshFrequency == .fiveMinutes)
+        #expect(defaults.string(forKey: "refreshFrequency") == RefreshFrequency.fiveMinutes.rawValue)
+    }
+
+    @Test
+    func `persists refresh frequency across instances`() throws {
         let suite = "SettingsStoreTests-persist"
         let defaultsA = try #require(UserDefaults(suiteName: suite))
         defaultsA.removePersistentDomain(forName: suite)
@@ -50,7 +87,84 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func persistsSelectedMenuProviderAcrossInstances() throws {
+    func `weekly confetti setting defaults off and persists`() throws {
+        let suite = "SettingsStoreTests-weekly-confetti"
+        let defaultsA = try #require(UserDefaults(suiteName: suite))
+        defaultsA.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        let storeA = SettingsStore(
+            userDefaults: defaultsA,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        #expect(storeA.confettiOnWeeklyLimitResetsEnabled == false)
+        storeA.confettiOnWeeklyLimitResetsEnabled = true
+
+        let defaultsB = try #require(UserDefaults(suiteName: suite))
+        let storeB = SettingsStore(
+            userDefaults: defaultsB,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        #expect(storeB.confettiOnWeeklyLimitResetsEnabled == true)
+    }
+
+    @Test
+    func `provider storage setting defaults off and persists`() throws {
+        let suite = "SettingsStoreTests-provider-storage"
+        let defaultsA = try #require(UserDefaults(suiteName: suite))
+        defaultsA.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        let storeA = SettingsStore(
+            userDefaults: defaultsA,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        #expect(storeA.providerStorageFootprintsEnabled == false)
+        #expect(defaultsA.bool(forKey: "providerStorageFootprintsEnabled") == false)
+        storeA.providerStorageFootprintsEnabled = true
+
+        let defaultsB = try #require(UserDefaults(suiteName: suite))
+        let storeB = SettingsStore(
+            userDefaults: defaultsB,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        #expect(storeB.providerStorageFootprintsEnabled == true)
+    }
+
+    @Test
+    func `provider changelog links setting defaults off and persists`() throws {
+        let suite = "SettingsStoreTests-provider-changelog-links"
+        let defaultsA = try #require(UserDefaults(suiteName: suite))
+        defaultsA.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        let storeA = SettingsStore(
+            userDefaults: defaultsA,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        #expect(storeA.providerChangelogLinksEnabled == false)
+        #expect(defaultsA.bool(forKey: "providerChangelogLinksEnabled") == false)
+        storeA.providerChangelogLinksEnabled = true
+
+        let defaultsB = try #require(UserDefaults(suiteName: suite))
+        let storeB = SettingsStore(
+            userDefaults: defaultsB,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        #expect(storeB.providerChangelogLinksEnabled == true)
+    }
+
+    @Test
+    func `persists selected menu provider across instances`() throws {
         let suite = "SettingsStoreTests-selectedMenuProvider"
         let defaultsA = try #require(UserDefaults(suiteName: suite))
         defaultsA.removePersistentDomain(forName: suite)
@@ -74,7 +188,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func persistsMergedMenuLastSelectedWasOverviewAcrossInstances() throws {
+    func `persists merged menu last selected was overview across instances`() throws {
         let suite = "SettingsStoreTests-merged-last-overview"
         let defaultsA = try #require(UserDefaults(suiteName: suite))
         defaultsA.removePersistentDomain(forName: suite)
@@ -98,7 +212,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func mergedOverviewSelectedProvidersPersistsAndNormalizesAcrossInstances() throws {
+    func `merged overview selected providers persists and normalizes across instances`() throws {
         let suite = "SettingsStoreTests-merged-overview-selection"
         let defaultsA = try #require(UserDefaults(suiteName: suite))
         defaultsA.removePersistentDomain(forName: suite)
@@ -123,7 +237,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func mergedOverviewSelectedProvidersIgnoresInvalidRawValues() throws {
+    func `merged overview selected providers ignores invalid raw values`() throws {
         let suite = "SettingsStoreTests-merged-overview-invalid-raw"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -139,7 +253,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func resolvedMergedOverviewProvidersDefaultsToFirstThreeWhenSelectionEmpty() throws {
+    func `resolved merged overview providers defaults to first three when selection empty`() throws {
         let suite = "SettingsStoreTests-merged-overview-default-first-three"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -157,7 +271,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func resolvedMergedOverviewProvidersHonorsExplicitEmptySelection() throws {
+    func `resolved merged overview providers honors explicit empty selection`() throws {
         let suite = "SettingsStoreTests-merged-overview-explicit-empty"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -176,7 +290,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func resolvedMergedOverviewProvidersUsesProviderOrderNotSelectionOrder() throws {
+    func `resolved merged overview providers uses provider order not selection order`() throws {
         let suite = "SettingsStoreTests-merged-overview-order"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -195,7 +309,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func reconcileMergedOverviewSelectionRemovesUnavailableWithoutAutoFill() throws {
+    func `reconcile merged overview selection removes unavailable without auto fill`() throws {
         let suite = "SettingsStoreTests-merged-overview-reconcile"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -216,7 +330,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func reconcileMergedOverviewSelectionDoesNotClobberStoredPreferenceWhenThreeOrFewer() throws {
+    func `reconcile merged overview selection does not clobber stored preference when three or fewer`() throws {
         let suite = "SettingsStoreTests-merged-overview-three-or-fewer"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -237,7 +351,9 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func reconcileMergedOverviewSelectionIgnoresStaleSubsetWithoutPersistingAutoFillWhenThreeOrFewer() throws {
+    func `reconcile merged overview selection ignores stale subset without persisting auto fill when three or fewer`()
+        throws
+    {
         let suite = "SettingsStoreTests-merged-overview-three-or-fewer-subset"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -258,7 +374,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func mergedOverviewSelectionAllowsDeselectingProvidersWhenThreeOrFewer() throws {
+    func `merged overview selection allows deselecting providers when three or fewer`() throws {
         let suite = "SettingsStoreTests-merged-overview-deselect-three-or-fewer"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -282,7 +398,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func mergedOverviewSelectionAppliesWhenSameActiveSetIsReordered() throws {
+    func `merged overview selection applies when same active set is reordered`() throws {
         let suite = "SettingsStoreTests-merged-overview-ordered-context"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -306,7 +422,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func mergedOverviewSelectionAllowsDeselectingProvidersWhenMoreThanThreeActive() throws {
+    func `merged overview selection allows deselecting providers when more than three active`() throws {
         let suite = "SettingsStoreTests-merged-overview-deselect-subset"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -330,7 +446,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func reconcileMergedOverviewSelectionPreservesStoredSubsetWhenActiveDropsToThreeOrFewer() throws {
+    func `reconcile merged overview selection preserves stored subset when active drops to three or fewer`() throws {
         let suite = "SettingsStoreTests-merged-overview-preserve-subset-across-drop"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -364,7 +480,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func reconcileMergedOverviewSelectionClearsPreferenceWhenNoProvidersActive() throws {
+    func `reconcile merged overview selection clears preference when no providers active`() throws {
         let suite = "SettingsStoreTests-merged-overview-clear-on-empty-active"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -390,7 +506,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func persistsOpenCodeWorkspaceIDAcrossInstances() throws {
+    func `persists open code workspace ID across instances`() throws {
         let suite = "SettingsStoreTests-opencode-workspace"
         let defaultsA = try #require(UserDefaults(suiteName: suite))
         defaultsA.removePersistentDomain(forName: suite)
@@ -412,7 +528,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func defaultsSessionQuotaNotificationsToEnabled() throws {
+    func `defaults session quota notifications to enabled`() throws {
         let key = "sessionQuotaNotificationsEnabled"
         let suite = "SettingsStoreTests-sessionQuotaNotifications"
         let defaults = try #require(UserDefaults(suiteName: suite))
@@ -428,7 +544,145 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func defaultsClaudeUsageSourceToAuto() throws {
+    func `defaults quota warnings to disabled with global thresholds and sound`() throws {
+        let suite = "SettingsStoreTests-quota-warning-defaults"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        #expect(store.quotaWarningNotificationsEnabled == false)
+        #expect(store.quotaWarningThresholds == [50, 20])
+        #expect(store.quotaWarningWindowEnabled(.session) == true)
+        #expect(store.quotaWarningWindowEnabled(.weekly) == true)
+        #expect(store.quotaWarningSoundEnabled == true)
+        #expect(store.quotaWarningMarkersVisible == true)
+        #expect(defaults.array(forKey: "quotaWarningThresholds") as? [Int] == [50, 20])
+        #expect(defaults.object(forKey: "quotaWarningSessionEnabled") as? Bool == true)
+        #expect(defaults.object(forKey: "quotaWarningWeeklyEnabled") as? Bool == true)
+        #expect(defaults.bool(forKey: "quotaWarningSoundEnabled") == true)
+        #expect(defaults.object(forKey: "quotaWarningMarkersVisible") as? Bool == true)
+    }
+
+    @Test
+    func `global quota warning windows persist independently`() throws {
+        let suite = "SettingsStoreTests-quota-warning-window-enabled"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        store.setQuotaWarningWindowEnabled(.weekly, enabled: false)
+
+        #expect(store.quotaWarningWindowEnabled(.session) == true)
+        #expect(store.quotaWarningWindowEnabled(.weekly) == false)
+        #expect(defaults.object(forKey: "quotaWarningWeeklyEnabled") as? Bool == false)
+    }
+
+    @Test
+    func `sanitizes invalid quota warning thresholds from defaults`() throws {
+        let suite = "SettingsStoreTests-quota-warning-sanitize"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        defaults.set([120, 20, 20, -5, 50], forKey: "quotaWarningThresholds")
+        let configStore = testConfigStore(suiteName: suite)
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        #expect(store.quotaWarningThresholds == [99, 50, 20, 0])
+        #expect(defaults.array(forKey: "quotaWarningThresholds") as? [Int] == [99, 50, 20, 0])
+    }
+
+    @Test
+    func `quota warning threshold pair resolves blanks and clamps bounds`() {
+        #expect(QuotaWarningThresholds.resolved(upper: nil, lower: nil) == [50, 20])
+        #expect(QuotaWarningThresholds.resolved(upper: nil, lower: 10) == [50, 10])
+        #expect(QuotaWarningThresholds.resolved(upper: 10, lower: nil) == [10, 0])
+        #expect(QuotaWarningThresholds.resolved(upper: 120, lower: -5) == [99, 0])
+    }
+
+    @Test
+    func `provider quota warning override resolves before global thresholds`() throws {
+        let suite = "SettingsStoreTests-quota-warning-provider-override"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        store.quotaWarningThresholds = [50, 20]
+
+        #expect(store.resolvedQuotaWarningThresholds(provider: .codex, window: .session) == [50, 20])
+        store.setQuotaWarningThresholds(provider: .codex, window: .session, thresholds: [10])
+        #expect(store.resolvedQuotaWarningThresholds(provider: .codex, window: .session) == [10])
+        #expect(store.resolvedQuotaWarningThresholds(provider: .codex, window: .weekly) == [50, 20])
+
+        store.setQuotaWarningThresholds(provider: .codex, window: .session, thresholds: nil)
+        #expect(store.resolvedQuotaWarningThresholds(provider: .codex, window: .session) == [50, 20])
+    }
+
+    @Test
+    func `global quota warning thresholds resolve independently by window`() throws {
+        let suite = "SettingsStoreTests-quota-warning-window-thresholds"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        store.setQuotaWarningThresholds(.session, thresholds: [25])
+        store.setQuotaWarningThresholds(.weekly, thresholds: [75, 10])
+
+        #expect(store.quotaWarningThresholds(.session) == [25])
+        #expect(store.quotaWarningThresholds(.weekly) == [75, 10])
+        #expect(store.resolvedQuotaWarningThresholds(provider: .codex, window: .session) == [25])
+        #expect(store.resolvedQuotaWarningThresholds(provider: .codex, window: .weekly) == [75, 10])
+    }
+
+    @Test
+    func `provider quota warning windows override global enablement independently`() throws {
+        let suite = "SettingsStoreTests-quota-warning-provider-window-override"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        store.setQuotaWarningWindowEnabled(.weekly, enabled: false)
+        #expect(store.quotaWarningEnabled(provider: .codex, window: .weekly) == false)
+
+        store.setQuotaWarningWindowEnabled(provider: .codex, window: .weekly, enabled: true)
+        store.setQuotaWarningWindowEnabled(provider: .codex, window: .session, enabled: false)
+        #expect(store.quotaWarningEnabled(provider: .codex, window: .weekly) == true)
+        #expect(store.quotaWarningEnabled(provider: .codex, window: .session) == false)
+        #expect(store.hasQuotaWarningOverride(provider: .codex, window: .weekly) == true)
+        #expect(store.hasQuotaWarningOverride(provider: .codex, window: .session) == true)
+
+        store.setQuotaWarningWindowEnabled(provider: .codex, window: .weekly, enabled: nil)
+        #expect(store.quotaWarningEnabled(provider: .codex, window: .weekly) == false)
+    }
+
+    @Test
+    func `defaults claude usage source to auto`() throws {
         let suite = "SettingsStoreTests-claude-source"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -444,7 +698,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func defaultsCodexUsageSourceToAuto() throws {
+    func `defaults codex usage source to auto`() throws {
         let suite = "SettingsStoreTests-codex-source"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -460,7 +714,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func defaultsKiloUsageSourceToAuto() throws {
+    func `defaults kilo usage source to auto`() throws {
         let suite = "SettingsStoreTests-kilo-source"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -476,7 +730,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func persistsKiloUsageSourceAcrossInstances() throws {
+    func `persists kilo usage source across instances`() throws {
         let suite = "SettingsStoreTests-kilo-source-persist"
         let defaultsA = try #require(UserDefaults(suiteName: suite))
         defaultsA.removePersistentDomain(forName: suite)
@@ -500,7 +754,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func kiloExtrasOnlyApplyInAutoMode() throws {
+    func `kilo extras only apply in auto mode`() throws {
         let suite = "SettingsStoreTests-kilo-extras"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -523,7 +777,7 @@ struct SettingsStoreTests {
 
     @Test
     @MainActor
-    func applyExternalConfigDoesNotBroadcast() throws {
+    func `apply external config does not broadcast`() throws {
         let suite = "SettingsStoreTests-external-config"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -567,7 +821,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func persistsZaiAPIRegionAcrossInstances() throws {
+    func `persists zai API region across instances`() throws {
         let suite = "SettingsStoreTests-zai-region"
         let defaultsA = try #require(UserDefaults(suiteName: suite))
         defaultsA.removePersistentDomain(forName: suite)
@@ -589,7 +843,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func persistsMiniMaxAPIRegionAcrossInstances() throws {
+    func `persists mini max API region across instances`() throws {
         let suite = "SettingsStoreTests-minimax-region"
         let defaultsA = try #require(UserDefaults(suiteName: suite))
         defaultsA.removePersistentDomain(forName: suite)
@@ -611,13 +865,86 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func defaultsOpenAIWebAccessToEnabled() throws {
+    func `defaults open AI web access to disabled`() throws {
         let suite = "SettingsStoreTests-openai-web"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
         defaults.set(false, forKey: "debugDisableKeychainAccess")
         let configStore = testConfigStore(suiteName: suite)
 
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        #expect(store.openAIWebAccessEnabled == false)
+        #expect(defaults.bool(forKey: "openAIWebAccessEnabled") == false)
+        #expect(store.openAIWebBatterySaverEnabled == false)
+        #expect(defaults.bool(forKey: "openAIWebBatterySaverEnabled") == false)
+        #expect(store.codexCookieSource == .off)
+    }
+
+    @Test
+    func `infers open AI web access enabled for legacy configured codex cookies`() throws {
+        let suite = "SettingsStoreTests-openai-web-legacy"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        defaults.removeObject(forKey: "openAIWebAccessEnabled")
+        defaults.set(false, forKey: "debugDisableKeychainAccess")
+        let configStore = testConfigStore(suiteName: suite)
+        try configStore.save(CodexBarConfig(providers: [
+            ProviderConfig(id: .codex, cookieSource: .auto),
+        ]))
+
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        #expect(store.openAIWebAccessEnabled == true)
+        #expect(defaults.bool(forKey: "openAIWebAccessEnabled") == true)
+        #expect(store.openAIWebBatterySaverEnabled == false)
+        #expect(defaults.bool(forKey: "openAIWebBatterySaverEnabled") == false)
+        #expect(store.codexCookieSource == .auto)
+    }
+
+    @Test
+    func `imports legacy open AI web access defaults key`() throws {
+        let suite = "SettingsStoreTests-openai-web-legacy-key"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        defaults.removeObject(forKey: "openAIWebAccessEnabled")
+        defaults.set(false, forKey: "openAIWebAccess")
+        defaults.set(false, forKey: "debugDisableKeychainAccess")
+        let configStore = testConfigStore(suiteName: suite)
+        try configStore.save(CodexBarConfig(providers: [
+            ProviderConfig(id: .codex, cookieSource: .auto),
+        ]))
+
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        #expect(store.openAIWebAccessEnabled == false)
+        #expect(defaults.bool(forKey: "openAIWebAccessEnabled") == false)
+    }
+
+    @Test
+    func `infers open AI web access enabled for legacy codex config with implicit auto cookies`() throws {
+        let suite = "SettingsStoreTests-openai-web-legacy-implicit-auto"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        defaults.removeObject(forKey: "openAIWebAccessEnabled")
+        defaults.set(false, forKey: "debugDisableKeychainAccess")
+        let configStore = testConfigStore(suiteName: suite)
+        try configStore.save(CodexBarConfig(providers: [
+            ProviderConfig(id: .codex),
+        ]))
+
         let store = SettingsStore(
             userDefaults: defaults,
             configStore: configStore,
@@ -626,11 +953,62 @@ struct SettingsStoreTests {
 
         #expect(store.openAIWebAccessEnabled == true)
         #expect(defaults.bool(forKey: "openAIWebAccessEnabled") == true)
+        #expect(store.openAIWebBatterySaverEnabled == false)
+        #expect(defaults.bool(forKey: "openAIWebBatterySaverEnabled") == false)
+        #expect(store.codexCookieSource == .auto)
+    }
+
+    @Test
+    func `disabling open AI web access turns codex cookie source off`() throws {
+        let suite = "SettingsStoreTests-openai-web-toggle"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        defaults.set(false, forKey: "debugDisableKeychainAccess")
+        let configStore = testConfigStore(suiteName: suite)
+
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        store.codexCookieSource = .auto
         #expect(store.codexCookieSource == .auto)
+
+        store.openAIWebAccessEnabled = false
+        #expect(store.codexCookieSource == .off)
+        #expect(defaults.bool(forKey: "openAIWebAccessEnabled") == false)
+
+        store.openAIWebAccessEnabled = true
+        #expect(store.codexCookieSource == .auto)
+        #expect(defaults.bool(forKey: "openAIWebAccessEnabled") == true)
+    }
+
+    @Test
+    func `open AI web battery saver persists separately from extras availability`() throws {
+        let suite = "SettingsStoreTests-openai-web-battery-saver"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        defaults.set(false, forKey: "debugDisableKeychainAccess")
+        let configStore = testConfigStore(suiteName: suite)
+
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        #expect(store.openAIWebBatterySaverEnabled == false)
+
+        store.openAIWebBatterySaverEnabled = false
+        #expect(defaults.bool(forKey: "openAIWebBatterySaverEnabled") == false)
+
+        store.openAIWebAccessEnabled = true
+        #expect(store.openAIWebBatterySaverEnabled == false)
     }
 
     @Test
-    func menuObservationTokenUpdatesOnDefaultsChange() async throws {
+    func `menu observation token updates on defaults change`() async throws {
         let suite = "SettingsStoreTests-observation-defaults"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -642,24 +1020,83 @@ struct SettingsStoreTests {
             zaiTokenStore: NoopZaiTokenStore(),
             syntheticTokenStore: NoopSyntheticTokenStore())
 
-        var didChange = false
+        let didChange = ObservationFlag()
 
         withObservationTracking {
             _ = store.menuObservationToken
         } onChange: {
-            Task { @MainActor in
-                didChange = true
-            }
+            didChange.set()
         }
 
         store.statusChecksEnabled.toggle()
         try? await Task.sleep(nanoseconds: 50_000_000)
 
-        #expect(didChange == true)
+        #expect(didChange.get() == true)
     }
 
     @Test
-    func configBackedSettingsTriggerObservation() async throws {
+    func `menu observation token updates on per-window quota threshold changes`() async throws {
+        let suite = "SettingsStoreTests-observation-quota-threshold-windows"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        func expectObservation(
+            for window: QuotaWarningWindow,
+            thresholds: [Int]) async
+        {
+            let didChange = ObservationFlag()
+            withObservationTracking {
+                _ = store.menuObservationToken
+            } onChange: {
+                didChange.set()
+            }
+
+            store.setQuotaWarningThresholds(window, thresholds: thresholds)
+            try? await Task.sleep(nanoseconds: 50_000_000)
+
+            #expect(didChange.get() == true)
+        }
+
+        await expectObservation(for: .session, thresholds: [70, 30])
+        await expectObservation(for: .weekly, thresholds: [80, 40])
+    }
+
+    @Test
+    func `menu observation token updates on weekly progress work days changes`() async throws {
+        let suite = "SettingsStoreTests-observation-weekly-progress-work-days"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        let didChange = ObservationFlag()
+
+        withObservationTracking {
+            _ = store.menuObservationToken
+        } onChange: {
+            didChange.set()
+        }
+
+        store.weeklyProgressWorkDays = 5
+        try? await Task.sleep(nanoseconds: 50_000_000)
+
+        #expect(didChange.get() == true)
+    }
+
+    @Test
+    func `config backed settings trigger observation`() async throws {
         let suite = "SettingsStoreTests-observation-config"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -671,24 +1108,49 @@ struct SettingsStoreTests {
             zaiTokenStore: NoopZaiTokenStore(),
             syntheticTokenStore: NoopSyntheticTokenStore())
 
-        var didChange = false
+        let didChange = ObservationFlag()
 
         withObservationTracking {
             _ = store.codexCookieSource
         } onChange: {
-            Task { @MainActor in
-                didChange = true
-            }
+            didChange.set()
         }
 
         store.codexCookieSource = .manual
         try? await Task.sleep(nanoseconds: 50_000_000)
 
-        #expect(didChange == true)
+        #expect(didChange.get() == true)
     }
 
     @Test
-    func providerOrder_defaultsToAllCases() throws {
+    func `menu observation token updates on codex active source change`() async throws {
+        let suite = "SettingsStoreTests-observation-codex-active-source"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        let didChange = ObservationFlag()
+
+        withObservationTracking {
+            _ = store.menuObservationToken
+        } onChange: {
+            didChange.set()
+        }
+
+        store.codexActiveSource = .liveSystem
+        try? await Task.sleep(nanoseconds: 50_000_000)
+
+        #expect(didChange.get() == true)
+    }
+
+    @Test
+    func `provider order defaults to all cases`() throws {
         let suite = "SettingsStoreTests-providerOrder-default"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -704,7 +1166,7 @@ struct SettingsStoreTests {
     }
 
     @Test
-    func providerOrder_persistsAndAppendsNewProviders() throws {
+    func `provider order persists and appends new providers`() throws {
         let suite = "SettingsStoreTests-providerOrder-persist"
         let defaultsA = try #require(UserDefaults(suiteName: suite))
         defaultsA.removePersistentDomain(forName: suite)
@@ -723,30 +1185,9 @@ struct SettingsStoreTests {
             zaiTokenStore: NoopZaiTokenStore(),
             syntheticTokenStore: NoopSyntheticTokenStore())
 
-        #expect(storeA.orderedProviders() == [
-            .gemini,
-            .codex,
-            .claude,
-            .cursor,
-            .opencode,
-            .factory,
-            .antigravity,
-            .copilot,
-            .zai,
-            .minimax,
-            .kimi,
-            .kilo,
-            .kiro,
-            .vertexai,
-            .augment,
-            .jetbrains,
-            .kimik2,
-            .amp,
-            .ollama,
-            .synthetic,
-            .warp,
-            .openrouter,
-        ])
+        let legacyOrder: [UsageProvider] = [.gemini, .codex]
+        let appendedProviders = UsageProvider.allCases.filter { !legacyOrder.contains($0) }
+        #expect(storeA.orderedProviders() == legacyOrder + appendedProviders)
 
         // Move one provider; ensure it's persisted across instances.
         let antigravityIndex = try #require(storeA.orderedProviders().firstIndex(of: .antigravity))
@@ -761,4 +1202,47 @@ struct SettingsStoreTests {
 
         #expect(storeB.orderedProviders().first == .antigravity)
     }
+
+    @Test
+    func `setting alibaba API key enables provider`() throws {
+        let suite = "SettingsStoreTests-alibaba-enable-on-token"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        let metadata = try #require(ProviderDescriptorRegistry.metadata[.alibaba])
+        store.setProviderEnabled(provider: .alibaba, metadata: metadata, enabled: false)
+
+        store.alibabaCodingPlanAPIToken = "cpk-test-token"
+
+        #expect(store.isProviderEnabled(provider: .alibaba, metadata: metadata))
+    }
+
+    @Test
+    func `alibaba provider auto enables on startup when token exists`() throws {
+        let suite = "SettingsStoreTests-alibaba-auto-enable-startup"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+
+        let config = CodexBarConfig(providers: [
+            ProviderConfig(id: .alibaba, enabled: false, apiKey: "cpk-startup-token"),
+        ])
+        try configStore.save(config)
+
+        let store = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+
+        let metadata = try #require(ProviderDescriptorRegistry.metadata[.alibaba])
+        #expect(store.isProviderEnabled(provider: .alibaba, metadata: metadata))
+    }
 }
diff --git a/Tests/CodexBarTests/StatusItemAnimationCodexCreditsTests.swift b/Tests/CodexBarTests/StatusItemAnimationCodexCreditsTests.swift
new file mode 100644
index 000000000..eafebe544
--- /dev/null
+++ b/Tests/CodexBarTests/StatusItemAnimationCodexCreditsTests.swift
@@ -0,0 +1,61 @@
+import AppKit
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+@MainActor
+struct StatusItemAnimationCodexCreditsTests {
+    private func makeStatusBarForTesting() -> NSStatusBar {
+        let env = ProcessInfo.processInfo.environment
+        if env["GITHUB_ACTIONS"] == "true" || env["CI"] == "true" {
+            return .system
+        }
+        return NSStatusBar()
+    }
+
+    @Test
+    func `codex icon keeps credits only rendering when usage is missing`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "StatusItemAnimationTests-credits-only-icon"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.menuBarShowsBrandIconWithPercent = false
+
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        store._setSnapshotForTesting(nil, provider: .codex)
+        store.credits = CreditsSnapshot(remaining: 80, events: [], updatedAt: Date())
+
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        controller.applyIcon(for: .codex, phase: nil)
+
+        guard let image = controller.statusItems[.codex]?.button?.image else {
+            #expect(Bool(false))
+            return
+        }
+        let rep = image.representations.compactMap { $0 as? NSBitmapImageRep }.first(where: {
+            $0.pixelsWide == 36 && $0.pixelsHigh == 36
+        })
+        #expect(rep != nil)
+        guard let rep else { return }
+
+        let creditsOnlyAlpha = (rep.colorAt(x: 18, y: 17) ?? .clear).alphaComponent
+        #expect(creditsOnlyAlpha > 0.05)
+    }
+}
diff --git a/Tests/CodexBarTests/StatusItemAnimationSignatureTests.swift b/Tests/CodexBarTests/StatusItemAnimationSignatureTests.swift
new file mode 100644
index 000000000..fc064a9d3
--- /dev/null
+++ b/Tests/CodexBarTests/StatusItemAnimationSignatureTests.swift
@@ -0,0 +1,186 @@
+import AppKit
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+@MainActor
+struct StatusItemAnimationSignatureTests {
+    private func makeStatusBarForTesting() -> NSStatusBar {
+        let env = ProcessInfo.processInfo.environment
+        if env["GITHUB_ACTIONS"] == "true" || env["CI"] == "true" {
+            return .system
+        }
+        return NSStatusBar()
+    }
+
+    @Test
+    func `merged render signature changes when unified icon style changes`() throws {
+        let suite = "StatusItemAnimationSignatureTests-merged-style-signature"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .codex
+        settings.menuBarShowsBrandIconWithPercent = false
+        settings.syntheticAPIToken = "synthetic-test-token"
+
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        if let syntheticMeta = registry.metadata[.synthetic] {
+            settings.setProviderEnabled(provider: .synthetic, metadata: syntheticMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(usedPercent: 50, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date()),
+            provider: .codex)
+
+        #expect(store.enabledProvidersForDisplay() == [.codex, .synthetic])
+        #expect(store.enabledProviders() == [.codex, .synthetic])
+        #expect(store.iconStyle == .combined)
+        controller.applyIcon(phase: nil)
+        let combinedSignature = controller.lastAppliedMergedIconRenderSignature
+
+        if let syntheticMeta = registry.metadata[.synthetic] {
+            settings.setProviderEnabled(provider: .synthetic, metadata: syntheticMeta, enabled: false)
+        }
+
+        #expect(store.enabledProvidersForDisplay() == [.codex])
+        #expect(store.enabledProviders() == [.codex])
+        #expect(store.iconStyle == .codex)
+        controller.applyIcon(phase: nil)
+        let codexSignature = controller.lastAppliedMergedIconRenderSignature
+
+        #expect(combinedSignature != nil)
+        #expect(codexSignature != nil)
+        #expect(combinedSignature != codexSignature)
+        #expect(codexSignature?.contains("style=codex") == true)
+    }
+
+    @Test
+    func `merged icon follows overview provider order when first overview provider is loading`() {
+        let suite = "StatusItemAnimationSignatureTests-merged-overview-provider-order"
+        let defaults = UserDefaults(suiteName: suite)
+        defaults?.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults ?? .standard,
+            configStore: testConfigStore(suiteName: "StatusItemAnimationSignatureTests-merged-overview-provider-order"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .codex
+        settings.mergedMenuLastSelectedWasOverview = true
+        settings.menuBarShowsBrandIconWithPercent = false
+        settings.setProviderOrder([.cursor, .codex, .claude])
+
+        let registry = ProviderRegistry.shared
+        if let cursorMeta = registry.metadata[.cursor] {
+            settings.setProviderEnabled(provider: .cursor, metadata: cursorMeta, enabled: true)
+        }
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        if let claudeMeta = registry.metadata[.claude] {
+            settings.setProviderEnabled(provider: .claude, metadata: claudeMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 50, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+        store._setSnapshotForTesting(snapshot, provider: .claude)
+
+        #expect(store.enabledProvidersForDisplay().prefix(3) == [.cursor, .codex, .claude])
+        #expect(settings.resolvedMergedOverviewProviders(activeProviders: store.enabledProvidersForDisplay()) == [
+            .cursor,
+            .codex,
+            .claude,
+        ])
+
+        controller.applyIcon(phase: nil)
+
+        #expect(controller.lastAppliedMergedIconRenderSignature?.contains("provider=cursor") == true)
+    }
+
+    @Test
+    func `split provider icon skips unchanged render signature`() throws {
+        let suite = "StatusItemAnimationSignatureTests-split-provider-signature"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.menuBarShowsBrandIconWithPercent = false
+
+        if let codexMeta = ProviderRegistry.shared.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(usedPercent: 25, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date()),
+            provider: .codex)
+
+        #expect(controller.applyIcon(for: .codex, phase: nil) == false)
+        #expect(controller.applyIcon(for: .codex, phase: nil) == true)
+
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(usedPercent: 50, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date()),
+            provider: .codex)
+
+        #expect(controller.applyIcon(for: .codex, phase: nil) == false)
+    }
+}
diff --git a/Tests/CodexBarTests/StatusItemAnimationTests.swift b/Tests/CodexBarTests/StatusItemAnimationTests.swift
index 8bc69d465..ba9bc457d 100644
--- a/Tests/CodexBarTests/StatusItemAnimationTests.swift
+++ b/Tests/CodexBarTests/StatusItemAnimationTests.swift
@@ -4,7 +4,8 @@ import Testing
 @testable import CodexBar
 
 @MainActor
-@Suite
+@Suite(.serialized)
+// swiftlint:disable:next type_body_length
 struct StatusItemAnimationTests {
     private func maxAlpha(in rep: NSBitmapImageRep) -> CGFloat {
         var maxAlpha: CGFloat = 0
@@ -20,15 +21,13 @@ struct StatusItemAnimationTests {
     }
 
     private func makeStatusBarForTesting() -> NSStatusBar {
-        let env = ProcessInfo.processInfo.environment
-        if env["GITHUB_ACTIONS"] == "true" || env["CI"] == "true" {
-            return .system
-        }
-        return NSStatusBar()
+        // Use the real system status bar in tests. Creating standalone NSStatusBar instances
+        // has caused AppKit teardown crashes under swiftpm-testing-helper.
+        .system
     }
 
     @Test
-    func mergedIconLoadingAnimationTracksSelectedProviderOnly() {
+    func `merged icon loading animation tracks selected provider only`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "StatusItemAnimationTests-merged"),
             zaiTokenStore: NoopZaiTokenStore(),
@@ -42,9 +41,10 @@ struct StatusItemAnimationTests {
         if let codexMeta = registry.metadata[.codex] {
             settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
         }
-        if let claudeMeta = registry.metadata[.claude] {
-            settings.setProviderEnabled(provider: .claude, metadata: claudeMeta, enabled: true)
+        if let openRouterMeta = registry.metadata[.openrouter] {
+            settings.setProviderEnabled(provider: .openrouter, metadata: openRouterMeta, enabled: true)
         }
+        settings.openRouterAPIToken = "or-token"
         if let geminiMeta = registry.metadata[.gemini] {
             settings.setProviderEnabled(provider: .gemini, metadata: geminiMeta, enabled: false)
         }
@@ -58,6 +58,7 @@ struct StatusItemAnimationTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         let snapshot = UsageSnapshot(
             primary: RateWindow(usedPercent: 50, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
@@ -73,7 +74,7 @@ struct StatusItemAnimationTests {
     }
 
     @Test
-    func mergedIconLoadingAnimationDoesNotFlipLayoutWhenWeeklyHitsZero() {
+    func `merged icon loading animation does not flip layout when weekly hits zero`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "StatusItemAnimationTests-weekly"),
             zaiTokenStore: NoopZaiTokenStore(),
@@ -88,9 +89,10 @@ struct StatusItemAnimationTests {
         if let codexMeta = registry.metadata[.codex] {
             settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
         }
-        if let claudeMeta = registry.metadata[.claude] {
-            settings.setProviderEnabled(provider: .claude, metadata: claudeMeta, enabled: true)
+        if let openRouterMeta = registry.metadata[.openrouter] {
+            settings.setProviderEnabled(provider: .openrouter, metadata: openRouterMeta, enabled: true)
         }
+        settings.openRouterAPIToken = "or-token"
 
         let fetcher = UsageFetcher()
         let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
@@ -109,6 +111,7 @@ struct StatusItemAnimationTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         // Enter loading state: no data, no stale error.
         store._setSnapshotForTesting(nil, provider: .codex)
@@ -138,7 +141,7 @@ struct StatusItemAnimationTests {
     }
 
     @Test
-    func warpNoBonusLayoutIsPreservedInShowUsedModeWhenBonusIsExhausted() {
+    func `warp no bonus layout is preserved in show used mode when bonus is exhausted`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "StatusItemAnimationTests-warp-no-bonus-used"),
             zaiTokenStore: NoopZaiTokenStore(),
@@ -163,6 +166,7 @@ struct StatusItemAnimationTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         // Primary used=10%. Bonus exhausted: used=100% (remaining=0%).
         let snapshot = UsageSnapshot(
@@ -191,7 +195,7 @@ struct StatusItemAnimationTests {
     }
 
     @Test
-    func warpBonusLaneIsPreservedInShowUsedModeWhenBonusIsUnused() {
+    func `warp bonus lane is preserved in show used mode when bonus is unused`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "StatusItemAnimationTests-warp-unused-bonus-used"),
             zaiTokenStore: NoopZaiTokenStore(),
@@ -216,6 +220,7 @@ struct StatusItemAnimationTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         // Bonus exists but is unused: used=0% (remaining=100%).
         let snapshot = UsageSnapshot(
@@ -244,7 +249,139 @@ struct StatusItemAnimationTests {
     }
 
     @Test
-    func menuBarPercentUsesConfiguredMetric() {
+    func `open router without key limit uses meter icon when brand percent is disabled`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "StatusItemAnimationTests-openrouter-no-limit-meter"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.menuBarShowsBrandIconWithPercent = false
+
+        let registry = ProviderRegistry.shared
+        if let openRouterMeta = registry.metadata[.openrouter] {
+            settings.setProviderEnabled(provider: .openrouter, metadata: openRouterMeta, enabled: true)
+        }
+        settings.openRouterAPIToken = "or-token"
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let snapshot = OpenRouterUsageSnapshot(
+            totalCredits: 50,
+            totalUsage: 45,
+            balance: 5,
+            usedPercent: 90,
+            keyDataFetched: true,
+            keyLimit: nil,
+            keyUsage: nil,
+            rateLimit: nil,
+            updatedAt: Date()).toUsageSnapshot()
+
+        store._setSnapshotForTesting(snapshot, provider: .openrouter)
+        store._setErrorForTesting(nil, provider: .openrouter)
+
+        controller.applyIcon(for: .openrouter, phase: nil)
+
+        guard let image = controller.statusItems[.openrouter]?.button?.image else {
+            #expect(Bool(false))
+            return
+        }
+
+        #expect(image.size.width == 18)
+        #expect(image.size.height == 18)
+        #expect(snapshot.openRouterUsage?.keyQuotaStatus == .noLimitConfigured)
+        #expect(controller.statusItems[.openrouter]?.button?.title.isEmpty == true)
+        #expect(MenuBarDisplayText.percentText(window: snapshot.primary, showUsed: false) == nil)
+
+        // With no key limit, the primary bar has no fill — just the dim track.
+        // A brand logo would be fully opaque here; the track is not.
+        let rep = image.representations.compactMap { $0 as? NSBitmapImageRep }.first(where: {
+            $0.pixelsWide == 36 && $0.pixelsHigh == 36
+        })
+        #expect(rep != nil)
+        if let rep {
+            let alpha = (rep.colorAt(x: 8, y: 25) ?? .clear).alphaComponent
+            #expect(alpha < 0.5)
+        }
+    }
+
+    @Test
+    func `open router key data not fetched still uses meter icon when brand percent is disabled`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "StatusItemAnimationTests-openrouter-no-fetch-meter"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.menuBarShowsBrandIconWithPercent = false
+
+        let registry = ProviderRegistry.shared
+        if let openRouterMeta = registry.metadata[.openrouter] {
+            settings.setProviderEnabled(provider: .openrouter, metadata: openRouterMeta, enabled: true)
+        }
+        settings.openRouterAPIToken = "or-token"
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let snapshot = OpenRouterUsageSnapshot(
+            totalCredits: 50,
+            totalUsage: 45,
+            balance: 5,
+            usedPercent: 90,
+            keyDataFetched: false,
+            keyLimit: nil,
+            keyUsage: nil,
+            rateLimit: nil,
+            updatedAt: Date()).toUsageSnapshot()
+
+        store._setSnapshotForTesting(snapshot, provider: .openrouter)
+        store._setErrorForTesting(nil, provider: .openrouter)
+
+        controller.applyIcon(for: .openrouter, phase: nil)
+
+        guard let image = controller.statusItems[.openrouter]?.button?.image else {
+            #expect(Bool(false))
+            return
+        }
+
+        #expect(image.size.width == 18)
+        #expect(image.size.height == 18)
+        #expect(snapshot.openRouterUsage?.keyQuotaStatus == .unavailable)
+
+        // Even with no key data, OpenRouter still renders a meter rather than the brand logo.
+        // A brand logo would be fully opaque here; the unfilled track is not.
+        let rep = image.representations.compactMap { $0 as? NSBitmapImageRep }.first(where: {
+            $0.pixelsWide == 36 && $0.pixelsHigh == 36
+        })
+        #expect(rep != nil)
+        if let rep {
+            let alpha = (rep.colorAt(x: 8, y: 25) ?? .clear).alphaComponent
+            #expect(alpha < 0.5)
+        }
+    }
+
+    @Test
+    func `menu bar percent uses configured metric`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "StatusItemAnimationTests-metric"),
             zaiTokenStore: NoopZaiTokenStore())
@@ -268,6 +405,7 @@ struct StatusItemAnimationTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         let snapshot = UsageSnapshot(
             primary: RateWindow(usedPercent: 12, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
@@ -283,7 +421,7 @@ struct StatusItemAnimationTests {
     }
 
     @Test
-    func menuBarPercentAutomaticPrefersRateLimitForKimi() {
+    func `menu bar percent automatic prefers rate limit for kimi`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "StatusItemAnimationTests-kimi-automatic"),
             zaiTokenStore: NoopZaiTokenStore())
@@ -322,7 +460,7 @@ struct StatusItemAnimationTests {
     }
 
     @Test
-    func menuBarPercentUsesAverageForGemini() {
+    func `menu bar percent uses average for gemini`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "StatusItemAnimationTests-average"),
             zaiTokenStore: NoopZaiTokenStore())
@@ -346,6 +484,7 @@ struct StatusItemAnimationTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         let snapshot = UsageSnapshot(
             primary: RateWindow(usedPercent: 20, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
@@ -361,7 +500,370 @@ struct StatusItemAnimationTests {
     }
 
     @Test
-    func menuBarDisplayTextFormatsPercentAndPace() {
+    func `menu bar percent automatic keeps gemini primary over higher tertiary`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "StatusItemAnimationTests-gemini-automatic-primary"),
+            zaiTokenStore: NoopZaiTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .gemini
+        settings.setMenuBarMetricPreference(.automatic, for: .gemini)
+
+        let registry = ProviderRegistry.shared
+        if let geminiMeta = registry.metadata[.gemini] {
+            settings.setProviderEnabled(provider: .gemini, metadata: geminiMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 20, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 95, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(snapshot, provider: .gemini)
+        store._setErrorForTesting(nil, provider: .gemini)
+
+        let window = controller.menuBarMetricWindow(for: .gemini, snapshot: snapshot)
+
+        #expect(window?.usedPercent == 20)
+    }
+
+    @Test
+    func `menu bar percent automatic picks highest cursor lane including api`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "StatusItemAnimationTests-cursor-automatic-tertiary"),
+            zaiTokenStore: NoopZaiTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .cursor
+        settings.setMenuBarMetricPreference(.automatic, for: .cursor)
+
+        let registry = ProviderRegistry.shared
+        if let cursorMeta = registry.metadata[.cursor] {
+            settings.setProviderEnabled(provider: .cursor, metadata: cursorMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 25, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 90, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(snapshot, provider: .cursor)
+        store._setErrorForTesting(nil, provider: .cursor)
+
+        let window = controller.menuBarMetricWindow(for: .cursor, snapshot: snapshot)
+
+        #expect(window?.usedPercent == 90)
+    }
+
+    @Test
+    func `menu bar percent automatic falls back to purchased perplexity lane when bonus is exhausted`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "StatusItemAnimationTests-perplexity-automatic-purchased"),
+            zaiTokenStore: NoopZaiTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .perplexity
+        settings.setMenuBarMetricPreference(.automatic, for: .perplexity)
+
+        let registry = ProviderRegistry.shared
+        if let perplexityMeta = registry.metadata[.perplexity] {
+            settings.setProviderEnabled(provider: .perplexity, metadata: perplexityMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 20, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(snapshot, provider: .perplexity)
+        store._setErrorForTesting(nil, provider: .perplexity)
+
+        let window = controller.menuBarMetricWindow(for: .perplexity, snapshot: snapshot)
+
+        #expect(window?.usedPercent == 20)
+    }
+
+    @Test
+    func `menu bar percent automatic falls through after recurring perplexity credits are exhausted`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(
+                suiteName: "StatusItemAnimationTests-perplexity-automatic-recurring-exhausted"),
+            zaiTokenStore: NoopZaiTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .perplexity
+        settings.setMenuBarMetricPreference(.automatic, for: .perplexity)
+
+        let registry = ProviderRegistry.shared
+        if let perplexityMeta = registry.metadata[.perplexity] {
+            settings.setProviderEnabled(provider: .perplexity, metadata: perplexityMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 32, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(snapshot, provider: .perplexity)
+        store._setErrorForTesting(nil, provider: .perplexity)
+
+        let window = controller.menuBarMetricWindow(for: .perplexity, snapshot: snapshot)
+
+        #expect(window?.usedPercent == 32)
+    }
+
+    @Test
+    func `menu bar percent automatic prefers purchased perplexity credits before bonus`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(
+                suiteName: "StatusItemAnimationTests-perplexity-automatic-purchased-before-bonus"),
+            zaiTokenStore: NoopZaiTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .perplexity
+        settings.setMenuBarMetricPreference(.automatic, for: .perplexity)
+
+        let registry = ProviderRegistry.shared
+        if let perplexityMeta = registry.metadata[.perplexity] {
+            settings.setProviderEnabled(provider: .perplexity, metadata: perplexityMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 20, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 45, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(snapshot, provider: .perplexity)
+        store._setErrorForTesting(nil, provider: .perplexity)
+
+        let window = controller.menuBarMetricWindow(for: .perplexity, snapshot: snapshot)
+
+        #expect(window?.usedPercent == 45)
+    }
+
+    @Test
+    func `menu bar percent primary preference stays on recurring perplexity credits`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(
+                suiteName: "StatusItemAnimationTests-perplexity-primary-recurring-exhausted"),
+            zaiTokenStore: NoopZaiTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .perplexity
+        settings.setMenuBarMetricPreference(.primary, for: .perplexity)
+
+        let registry = ProviderRegistry.shared
+        if let perplexityMeta = registry.metadata[.perplexity] {
+            settings.setProviderEnabled(provider: .perplexity, metadata: perplexityMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 32, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(snapshot, provider: .perplexity)
+        store._setErrorForTesting(nil, provider: .perplexity)
+
+        let window = controller.menuBarMetricWindow(for: .perplexity, snapshot: snapshot)
+
+        #expect(window?.usedPercent == 100)
+    }
+
+    @Test
+    func `menu bar percent tertiary preference uses purchased perplexity lane`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "StatusItemAnimationTests-perplexity-tertiary-pref"),
+            zaiTokenStore: NoopZaiTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .perplexity
+        settings.setMenuBarMetricPreference(.tertiary, for: .perplexity)
+
+        let registry = ProviderRegistry.shared
+        if let perplexityMeta = registry.metadata[.perplexity] {
+            settings.setProviderEnabled(provider: .perplexity, metadata: perplexityMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 28, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(snapshot, provider: .perplexity)
+        store._setErrorForTesting(nil, provider: .perplexity)
+
+        let window = controller.menuBarMetricWindow(for: .perplexity, snapshot: snapshot)
+
+        #expect(window?.usedPercent == 28)
+    }
+
+    @Test
+    func `menu bar percent tertiary preference uses api lane for cursor`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "StatusItemAnimationTests-cursor-tertiary-pref"),
+            zaiTokenStore: NoopZaiTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .cursor
+        settings.setMenuBarMetricPreference(.tertiary, for: .cursor)
+
+        let registry = ProviderRegistry.shared
+        if let cursorMeta = registry.metadata[.cursor] {
+            settings.setProviderEnabled(provider: .cursor, metadata: cursorMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 20, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 72, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(snapshot, provider: .cursor)
+        store._setErrorForTesting(nil, provider: .cursor)
+
+        let window = controller.menuBarMetricWindow(for: .cursor, snapshot: snapshot)
+
+        #expect(window?.usedPercent == 72)
+    }
+
+    @Test
+    func `menu bar tertiary preference falls back to automatic when cursor api lane is missing`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "StatusItemAnimationTests-cursor-tertiary-missing-api"),
+            zaiTokenStore: NoopZaiTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .cursor
+        settings.setMenuBarMetricPreference(.tertiary, for: .cursor)
+
+        let registry = ProviderRegistry.shared
+        if let cursorMeta = registry.metadata[.cursor] {
+            settings.setProviderEnabled(provider: .cursor, metadata: cursorMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 72, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: nil,
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(snapshot, provider: .cursor)
+        store._setErrorForTesting(nil, provider: .cursor)
+
+        let window = controller.menuBarMetricWindow(for: .cursor, snapshot: snapshot)
+
+        #expect(window?.usedPercent == 72)
+    }
+
+    @Test
+    func `menu bar display text formats percent and pace`() {
         let now = Date(timeIntervalSince1970: 0)
         let percentWindow = RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
         let paceWindow = RateWindow(
@@ -393,53 +895,8 @@ struct StatusItemAnimationTests {
     }
 
     @Test
-    func menuBarDisplayTextUsesWeeklyPace() {
-        let now = Date(timeIntervalSince1970: 0)
-        // 300-minute window, 2h remaining => 3h elapsed, expected=60%, actual=30% => -30%
-        let paceWindow = RateWindow(
-            usedPercent: 30,
-            windowMinutes: 300,
-            resetsAt: now.addingTimeInterval(2 * 3600),
-            resetDescription: nil)
-
-        let weeklyPace = UsagePace.weekly(window: paceWindow, now: now, defaultWindowMinutes: 300)
-        let paceText = MenuBarDisplayText.paceText(pace: weeklyPace)
-
-        // Pace should produce a value (300-minute window)
-        #expect(paceText != nil)
-    }
-
-    @Test
-    func menuBarDisplayTextPassesPaceThrough() {
-        let now = Date(timeIntervalSince1970: 0)
+    func `menu bar display text falls back to percent when pace unavailable`() {
         let percentWindow = RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
-        let paceWindow = RateWindow(
-            usedPercent: 30,
-            windowMinutes: 300,
-            resetsAt: now.addingTimeInterval(2 * 3600),
-            resetDescription: nil)
-
-        let pace = UsagePace.weekly(window: paceWindow, now: now, defaultWindowMinutes: 300)
-        let bothResult = MenuBarDisplayText.displayText(
-            mode: .both,
-            percentWindow: percentWindow,
-            pace: pace,
-            showUsed: true)
-
-        // With pace available, both mode should show percent and pace
-        #expect(bothResult != nil)
-        #expect(bothResult?.contains("%") == true)
-    }
-
-    @Test
-    func menuBarDisplayTextHidesWhenPaceUnavailable() {
-        let now = Date(timeIntervalSince1970: 0)
-        let percentWindow = RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
-        let paceWindow = RateWindow(
-            usedPercent: 30,
-            windowMinutes: 10080,
-            resetsAt: now.addingTimeInterval(60 * 60 * 24 * 6),
-            resetDescription: nil)
 
         let pace = MenuBarDisplayText.displayText(
             mode: .pace,
@@ -451,46 +908,13 @@ struct StatusItemAnimationTests {
             showUsed: true)
 
         #expect(pace == nil)
-        #expect(both == nil)
+        // "Both" mode falls back to percent-only when pace is unavailable
+        #expect(both == "40%")
     }
 
     @Test
-    func timeWindowSettingsRoundTrip() {
-        // Clean slate for defaults check
-        UserDefaults.standard.removeObject(forKey: "menuBarPercentTimeWindow")
-        UserDefaults.standard.removeObject(forKey: "menuBarPaceTimeWindow")
-
-        let settings = SettingsStore(
-            configStore: testConfigStore(suiteName: "StatusItemAnimationTests-timewindow"),
-            zaiTokenStore: NoopZaiTokenStore())
-
-        // Defaults
-        #expect(settings.menuBarPercentTimeWindow == .session)
-        #expect(settings.menuBarPaceTimeWindow == .weekly)
-
-        // Set to non-default values
-        settings.menuBarPercentTimeWindow = .weekly
-        settings.menuBarPaceTimeWindow = .session
-
-        #expect(settings.menuBarPercentTimeWindow == .weekly)
-        #expect(settings.menuBarPaceTimeWindow == .session)
-
-        // Verify persisted in UserDefaults
-        let percentRaw = settings.userDefaults.string(forKey: "menuBarPercentTimeWindow")
-        let paceRaw = settings.userDefaults.string(forKey: "menuBarPaceTimeWindow")
-        #expect(percentRaw == "weekly")
-        #expect(paceRaw == "session")
-    }
-
-    @Test
-    func menuBarDisplayTextRequiresProvidedPaceForCodex() {
-        let now = Date(timeIntervalSince1970: 0)
+    func `menu bar display text falls back to percent when pace nil for codex`() {
         let percentWindow = RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
-        let paceWindow = RateWindow(
-            usedPercent: 30,
-            windowMinutes: 10080,
-            resetsAt: now.addingTimeInterval(60 * 60 * 24 * 6),
-            resetDescription: nil)
 
         let pace = MenuBarDisplayText.displayText(
             mode: .pace,
@@ -504,11 +928,12 @@ struct StatusItemAnimationTests {
             showUsed: true)
 
         #expect(pace == nil)
-        #expect(both == nil)
+        // "Both" mode falls back to percent-only when pace is unavailable
+        #expect(both == "40%")
     }
 
     @Test
-    func menuBarDisplayTextUsesCreditsWhenCodexWeeklyIsExhausted() {
+    func `menu bar display text uses credits when codex weekly is exhausted`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "StatusItemAnimationTests-credits-fallback"),
             zaiTokenStore: NoopZaiTokenStore())
@@ -554,7 +979,7 @@ struct StatusItemAnimationTests {
     }
 
     @Test
-    func menuBarDisplayTextUsesCreditsWhenCodexSessionIsExhausted() {
+    func `menu bar display text uses credits when codex session is exhausted`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "StatusItemAnimationTests-credits-fallback-session"),
             zaiTokenStore: NoopZaiTokenStore())
@@ -600,7 +1025,7 @@ struct StatusItemAnimationTests {
     }
 
     @Test
-    func menuBarDisplayTextShowsZeroPercentForKiloZeroTotalEdge() {
+    func `menu bar display text shows zero percent for kilo zero total edge`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "StatusItemAnimationTests-kilo-zero-edge"),
             zaiTokenStore: NoopZaiTokenStore(),
@@ -646,7 +1071,7 @@ struct StatusItemAnimationTests {
     }
 
     @Test
-    func brandImageWithStatusOverlayReturnsOriginalImageWhenNoIssue() {
+    func `brand image with status overlay returns original image when no issue`() {
         let brand = NSImage(size: NSSize(width: 16, height: 16))
         brand.isTemplate = true
 
@@ -656,13 +1081,13 @@ struct StatusItemAnimationTests {
     }
 
     @Test
-    func brandImageWithStatusOverlayDrawsIssueMark() throws {
+    func `brand image with status overlay draws issue mark`() throws {
         let size = NSSize(width: 16, height: 16)
-        let brand = NSImage(size: size, flipped: false) { rect in
-            NSColor.clear.setFill()
-            NSBezierPath(rect: rect).fill()
-            return true
-        }
+        let brand = NSImage(size: size)
+        brand.lockFocus()
+        NSColor.clear.setFill()
+        NSBezierPath(rect: NSRect(origin: .zero, size: size)).fill()
+        brand.unlockFocus()
         brand.isTemplate = true
 
         let baselineData = try #require(brand.tiffRepresentation)
diff --git a/Tests/CodexBarTests/StatusItemBalanceDisplayTests.swift b/Tests/CodexBarTests/StatusItemBalanceDisplayTests.swift
new file mode 100644
index 000000000..1f88a7230
--- /dev/null
+++ b/Tests/CodexBarTests/StatusItemBalanceDisplayTests.swift
@@ -0,0 +1,443 @@
+import AppKit
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+@MainActor
+struct StatusItemBalanceDisplayTests {
+    private func makeStatusBarForTesting() -> NSStatusBar {
+        let env = ProcessInfo.processInfo.environment
+        if env["GITHUB_ACTIONS"] == "true" || env["CI"] == "true" {
+            return .system
+        }
+        return NSStatusBar()
+    }
+
+    @Test
+    func `menu bar display text uses open router balance`() {
+        let settings = self.makeSettings(
+            suiteName: "StatusItemBalanceDisplayTests-openrouter-balance",
+            provider: .openrouter)
+        settings.setMenuBarMetricPreference(.automatic, for: .openrouter)
+        let (store, controller) = self.makeStoreAndController(settings: settings)
+        let snapshot = Self.openRouterSnapshot()
+
+        store._setSnapshotForTesting(snapshot, provider: .openrouter)
+        store._setErrorForTesting(nil, provider: .openrouter)
+
+        let displayText = controller.menuBarDisplayText(for: .openrouter, snapshot: snapshot)
+
+        #expect(displayText == "$12.34")
+    }
+
+    @Test
+    func `menu bar display text respects open router primary metric preference`() {
+        let settings = self.makeSettings(
+            suiteName: "StatusItemBalanceDisplayTests-openrouter-primary-metric",
+            provider: .openrouter)
+        settings.setMenuBarMetricPreference(.primary, for: .openrouter)
+        let (store, controller) = self.makeStoreAndController(settings: settings)
+        let snapshot = Self.openRouterSnapshot()
+
+        store._setSnapshotForTesting(snapshot, provider: .openrouter)
+        store._setErrorForTesting(nil, provider: .openrouter)
+
+        let displayText = controller.menuBarDisplayText(for: .openrouter, snapshot: snapshot)
+
+        #expect(displayText == "25%")
+    }
+
+    @Test
+    func `menu bar display text uses deepseek balance`() {
+        let settings = self.makeSettings(
+            suiteName: "StatusItemBalanceDisplayTests-deepseek-balance",
+            provider: .deepseek)
+        let (store, controller) = self.makeStoreAndController(settings: settings)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 0,
+                windowMinutes: nil,
+                resetsAt: nil,
+                resetDescription: "$9.32 (Paid: $9.32 / Granted: $0.00)"),
+            secondary: nil,
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(snapshot, provider: .deepseek)
+        store._setErrorForTesting(nil, provider: .deepseek)
+
+        let displayText = controller.menuBarDisplayText(for: .deepseek, snapshot: snapshot)
+
+        #expect(displayText == "$9.32")
+    }
+
+    @Test
+    func `menu bar display text uses moonshot balance`() {
+        let settings = self.makeSettings(
+            suiteName: "StatusItemBalanceDisplayTests-moonshot-balance",
+            provider: .moonshot)
+        let (store, controller) = self.makeStoreAndController(settings: settings)
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .moonshot,
+                accountEmail: nil,
+                accountOrganization: nil,
+                loginMethod: "Balance: $49.58 · $0.42 in deficit"))
+
+        store._setSnapshotForTesting(snapshot, provider: .moonshot)
+        store._setErrorForTesting(nil, provider: .moonshot)
+
+        let displayText = controller.menuBarDisplayText(for: .moonshot, snapshot: snapshot)
+
+        #expect(snapshot.primary == nil)
+        #expect(displayText == "$49.58")
+    }
+
+    @Test
+    func `menu bar display text uses mistral current month api spend`() {
+        let settings = self.makeSettings(
+            suiteName: "StatusItemBalanceDisplayTests-mistral-spend",
+            provider: .mistral)
+        let (store, controller) = self.makeStoreAndController(settings: settings)
+        let snapshot = MistralUsageSnapshot(
+            totalCost: 1.2345,
+            currency: "EUR",
+            currencySymbol: "€",
+            totalInputTokens: 10000,
+            totalOutputTokens: 5000,
+            totalCachedTokens: 0,
+            modelCount: 2,
+            startDate: nil,
+            endDate: nil,
+            updatedAt: Date()).toUsageSnapshot()
+
+        store._setSnapshotForTesting(snapshot, provider: .mistral)
+        store._setErrorForTesting(nil, provider: .mistral)
+
+        let displayText = controller.menuBarDisplayText(for: .mistral, snapshot: snapshot)
+
+        #expect(snapshot.primary == nil)
+        #expect(snapshot.identity?.loginMethod == "API spend: €1.2345 this month")
+        #expect(displayText == "€1.2345")
+    }
+
+    @Test
+    func `menu bar display text uses kimi k2 api key credits`() {
+        let settings = self.makeSettings(
+            suiteName: "StatusItemBalanceDisplayTests-kimik2-credits",
+            provider: .kimik2)
+        let (store, controller) = self.makeStoreAndController(settings: settings)
+        let snapshot = KimiK2UsageSummary(
+            consumed: 75,
+            remaining: 1234.5,
+            averageTokens: nil,
+            updatedAt: Date()).toUsageSnapshot()
+
+        store._setSnapshotForTesting(snapshot, provider: .kimik2)
+        store._setErrorForTesting(nil, provider: .kimik2)
+
+        let displayText = controller.menuBarDisplayText(for: .kimik2, snapshot: snapshot)
+
+        #expect(snapshot.primary == nil)
+        #expect(snapshot.identity?.loginMethod == "Credits: 1234.5 left")
+        #expect(displayText == "1234.5")
+    }
+
+    @Test
+    func `kiro menu bar automatic uses credits left`() {
+        let settings = self.makeSettings(
+            suiteName: "StatusItemBalanceDisplayTests-kiro-automatic",
+            provider: .kiro)
+        settings.kiroMenuBarDisplayMode = .automatic
+        let (store, controller) = self.makeStoreAndController(settings: settings)
+        let snapshot = Self.kiroSnapshot()
+
+        store._setSnapshotForTesting(snapshot, provider: .kiro)
+        store._setErrorForTesting(nil, provider: .kiro)
+
+        let displayText = controller.menuBarDisplayText(for: .kiro, snapshot: snapshot)
+
+        #expect(displayText == "49.83")
+    }
+
+    @Test
+    func `kiro menu bar credits and percent combines values`() {
+        let settings = self.makeSettings(
+            suiteName: "StatusItemBalanceDisplayTests-kiro-both",
+            provider: .kiro)
+        settings.kiroMenuBarDisplayMode = .creditsAndPercent
+        let (store, controller) = self.makeStoreAndController(settings: settings)
+        let snapshot = Self.kiroSnapshot()
+
+        store._setSnapshotForTesting(snapshot, provider: .kiro)
+        store._setErrorForTesting(nil, provider: .kiro)
+
+        let displayText = controller.menuBarDisplayText(for: .kiro, snapshot: snapshot)
+
+        #expect(displayText == "49.83 · 0%")
+    }
+
+    @Test
+    func `kiro menu bar hidden suppresses text value`() {
+        let settings = self.makeSettings(
+            suiteName: "StatusItemBalanceDisplayTests-kiro-hidden",
+            provider: .kiro)
+        settings.kiroMenuBarDisplayMode = .hidden
+        let (store, controller) = self.makeStoreAndController(settings: settings)
+        let snapshot = Self.kiroSnapshot()
+
+        store._setSnapshotForTesting(snapshot, provider: .kiro)
+        store._setErrorForTesting(nil, provider: .kiro)
+
+        let displayText = controller.menuBarDisplayText(for: .kiro, snapshot: snapshot)
+
+        #expect(displayText == nil)
+    }
+
+    @Test
+    func `kiro menu bar used and total formats credits`() {
+        let settings = self.makeSettings(
+            suiteName: "StatusItemBalanceDisplayTests-kiro-used-total",
+            provider: .kiro)
+        settings.kiroMenuBarDisplayMode = .usedAndTotal
+        let (store, controller) = self.makeStoreAndController(settings: settings)
+        let snapshot = Self.kiroSnapshot()
+
+        store._setSnapshotForTesting(snapshot, provider: .kiro)
+        store._setErrorForTesting(nil, provider: .kiro)
+
+        let displayText = controller.menuBarDisplayText(for: .kiro, snapshot: snapshot)
+
+        #expect(displayText == "0.17 / 50")
+    }
+
+    @Test
+    func `kiro menu bar overage credits mode shows overage credits when exhausted`() {
+        let settings = self.makeSettings(
+            suiteName: "StatusItemBalanceDisplayTests-kiro-overage-credits",
+            provider: .kiro)
+        settings.kiroMenuBarDisplayMode = .overageCreditsWhenExhausted
+        let (store, controller) = self.makeStoreAndController(settings: settings)
+        let snapshot = Self.exhaustedKiroSnapshot()
+
+        store._setSnapshotForTesting(snapshot, provider: .kiro)
+        store._setErrorForTesting(nil, provider: .kiro)
+
+        let displayText = controller.menuBarDisplayText(for: .kiro, snapshot: snapshot)
+
+        #expect(displayText == "40.29 over")
+    }
+
+    @Test
+    func `kiro menu bar overage cost mode shows cost when exhausted`() {
+        let settings = self.makeSettings(
+            suiteName: "StatusItemBalanceDisplayTests-kiro-overage-cost",
+            provider: .kiro)
+        settings.kiroMenuBarDisplayMode = .overageCostWhenExhausted
+        let (store, controller) = self.makeStoreAndController(settings: settings)
+        let snapshot = Self.exhaustedKiroSnapshot()
+
+        store._setSnapshotForTesting(snapshot, provider: .kiro)
+        store._setErrorForTesting(nil, provider: .kiro)
+
+        let displayText = controller.menuBarDisplayText(for: .kiro, snapshot: snapshot)
+
+        #expect(displayText == "$1.61 over")
+    }
+
+    @Test
+    func `kiro menu bar overage credits and cost mode shows both when exhausted`() {
+        let settings = self.makeSettings(
+            suiteName: "StatusItemBalanceDisplayTests-kiro-overage-both",
+            provider: .kiro)
+        settings.kiroMenuBarDisplayMode = .overageCreditsAndCostWhenExhausted
+        let (store, controller) = self.makeStoreAndController(settings: settings)
+        let snapshot = Self.exhaustedKiroSnapshot()
+
+        store._setSnapshotForTesting(snapshot, provider: .kiro)
+        store._setErrorForTesting(nil, provider: .kiro)
+
+        let displayText = controller.menuBarDisplayText(for: .kiro, snapshot: snapshot)
+
+        #expect(displayText == "40.29 · $1.61")
+    }
+
+    @Test
+    func `kiro menu bar overage mode keeps credits left before exhaustion`() {
+        let settings = self.makeSettings(
+            suiteName: "StatusItemBalanceDisplayTests-kiro-overage-not-exhausted",
+            provider: .kiro)
+        settings.kiroMenuBarDisplayMode = .overageCreditsAndCostWhenExhausted
+        let (store, controller) = self.makeStoreAndController(settings: settings)
+        let snapshot = Self.kiroSnapshot()
+
+        store._setSnapshotForTesting(snapshot, provider: .kiro)
+        store._setErrorForTesting(nil, provider: .kiro)
+
+        let displayText = controller.menuBarDisplayText(for: .kiro, snapshot: snapshot)
+
+        #expect(displayText == "49.83")
+    }
+
+    @Test
+    func `kiro menu bar overage mode ignores disabled overage values`() {
+        let settings = self.makeSettings(
+            suiteName: "StatusItemBalanceDisplayTests-kiro-overage-disabled",
+            provider: .kiro)
+        settings.kiroMenuBarDisplayMode = .overageCreditsAndCostWhenExhausted
+        let (store, controller) = self.makeStoreAndController(settings: settings)
+        let snapshot = Self.exhaustedKiroSnapshot(overagesStatus: "Disabled")
+
+        store._setSnapshotForTesting(snapshot, provider: .kiro)
+        store._setErrorForTesting(nil, provider: .kiro)
+
+        let displayText = controller.menuBarDisplayText(for: .kiro, snapshot: snapshot)
+
+        #expect(displayText == "0")
+    }
+
+    @Test
+    func `kiro managed plan display falls back to percent`() {
+        let settings = self.makeSettings(
+            suiteName: "StatusItemBalanceDisplayTests-kiro-managed",
+            provider: .kiro)
+        settings.kiroMenuBarDisplayMode = .automatic
+        settings.usageBarsShowUsed = false
+        let (store, controller) = self.makeStoreAndController(settings: settings)
+        let snapshot = KiroUsageSnapshot(
+            planName: "Q Developer Pro",
+            creditsUsed: 0,
+            creditsTotal: 0,
+            creditsPercent: 0,
+            bonusCreditsUsed: nil,
+            bonusCreditsTotal: nil,
+            bonusExpiryDays: nil,
+            resetsAt: nil,
+            updatedAt: Date()).toUsageSnapshot()
+
+        store._setSnapshotForTesting(snapshot, provider: .kiro)
+        store._setErrorForTesting(nil, provider: .kiro)
+
+        let displayText = controller.menuBarDisplayText(for: .kiro, snapshot: snapshot)
+
+        #expect(displayText == "100%")
+    }
+
+    @Test
+    func `mistral primary window is nil even when billing end date is set`() {
+        let endDate = Date(timeIntervalSinceNow: 3600)
+        let snapshot = MistralUsageSnapshot(
+            totalCost: 0.5,
+            currency: "USD",
+            currencySymbol: "$",
+            totalInputTokens: 1000,
+            totalOutputTokens: 500,
+            totalCachedTokens: 0,
+            modelCount: 1,
+            startDate: nil,
+            endDate: endDate,
+            updatedAt: Date()).toUsageSnapshot()
+
+        // Mistral doesn't expose a reset time — primary is always nil.
+        #expect(snapshot.primary == nil)
+    }
+
+    @Test
+    func `button title spacing only applies when image is present`() {
+        #expect(StatusItemController.buttonTitle("42%", hasImage: true) == " 42%")
+        #expect(StatusItemController.buttonTitle("42%", hasImage: false) == "42%")
+        #expect(StatusItemController.buttonTitle(nil, hasImage: true).isEmpty)
+        #expect(StatusItemController.buttonTitle("", hasImage: true).isEmpty)
+    }
+
+    private func makeSettings(suiteName: String, provider: UsageProvider) -> SettingsStore {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: suiteName),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = provider
+        settings.menuBarDisplayMode = .both
+        settings.usageBarsShowUsed = true
+
+        let registry = ProviderRegistry.shared
+        if let metadata = registry.metadata[provider] {
+            settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: true)
+        }
+        return settings
+    }
+
+    private func makeStoreAndController(settings: SettingsStore) -> (UsageStore, StatusItemController) {
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        return (store, controller)
+    }
+
+    private static func openRouterSnapshot() -> UsageSnapshot {
+        OpenRouterUsageSnapshot(
+            totalCredits: 50,
+            totalUsage: 37.66,
+            balance: 12.34,
+            usedPercent: 75.32,
+            keyLimit: 20,
+            keyUsage: 5,
+            rateLimit: nil,
+            updatedAt: Date()).toUsageSnapshot()
+    }
+
+    private static func kiroSnapshot() -> UsageSnapshot {
+        KiroUsageSnapshot(
+            planName: "KIRO FREE",
+            accountEmail: "person@example.com",
+            authMethod: "Google",
+            creditsUsed: 0.17,
+            creditsTotal: 50,
+            creditsPercent: 0,
+            bonusCreditsUsed: 45.53,
+            bonusCreditsTotal: 2000,
+            bonusExpiryDays: 19,
+            overagesStatus: "Disabled",
+            manageURL: "https://app.kiro.dev/account/usage",
+            contextUsage: KiroContextUsageSnapshot(
+                totalPercentUsed: 1.3,
+                contextFilesPercent: 0.5,
+                toolsPercent: 0.8,
+                kiroResponsesPercent: 0,
+                promptsPercent: 0),
+            resetsAt: Date(),
+            updatedAt: Date()).toUsageSnapshot()
+    }
+
+    private static func exhaustedKiroSnapshot(overagesStatus: String = "Enabled billed at $0.04 per request")
+        -> UsageSnapshot
+    {
+        KiroUsageSnapshot(
+            planName: "KIRO FREE",
+            accountEmail: "person@example.com",
+            authMethod: "Google",
+            creditsUsed: 50,
+            creditsTotal: 50,
+            creditsPercent: 100,
+            bonusCreditsUsed: nil,
+            bonusCreditsTotal: nil,
+            bonusExpiryDays: nil,
+            overagesStatus: overagesStatus,
+            overageCreditsUsed: 40.29,
+            estimatedOverageCostUSD: 1.61,
+            manageURL: "https://app.kiro.dev/account/usage",
+            resetsAt: Date(),
+            updatedAt: Date()).toUsageSnapshot()
+    }
+}
diff --git a/Tests/CodexBarTests/StatusItemControllerMenuTests.swift b/Tests/CodexBarTests/StatusItemControllerMenuTests.swift
index 976a0d965..9e3f2d3de 100644
--- a/Tests/CodexBarTests/StatusItemControllerMenuTests.swift
+++ b/Tests/CodexBarTests/StatusItemControllerMenuTests.swift
@@ -1,30 +1,66 @@
+import AppKit
 import CodexBarCore
 import Foundation
 import Testing
 @testable import CodexBar
 
-@Suite
 struct StatusItemControllerMenuTests {
-    private func makeSnapshot(primary: RateWindow?, secondary: RateWindow?) -> UsageSnapshot {
-        UsageSnapshot(primary: primary, secondary: secondary, updatedAt: Date())
+    @MainActor
+    private final class RecordingUpdater: UpdaterProviding {
+        var automaticallyChecksForUpdates = false
+        var automaticallyDownloadsUpdates = false
+        let isAvailable = true
+        let unavailableReason: String? = nil
+        let updateStatus = UpdateStatus(isUpdateReady: true)
+        var checkForUpdatesCount = 0
+        var installUpdateCount = 0
+
+        func checkForUpdates(_ sender: Any?) {
+            _ = sender
+            self.checkForUpdatesCount += 1
+        }
+
+        func installUpdate() {
+            self.installUpdateCount += 1
+        }
+    }
+
+    private func makeSnapshot(
+        primary: RateWindow?,
+        secondary: RateWindow?,
+        tertiary: RateWindow? = nil,
+        providerCost: ProviderCostSnapshot? = nil)
+        -> UsageSnapshot
+    {
+        UsageSnapshot(
+            primary: primary,
+            secondary: secondary,
+            tertiary: tertiary,
+            providerCost: providerCost,
+            updatedAt: Date())
     }
 
     @Test
-    func cursorSwitcherFallsBackToSecondaryWhenPlanExhaustedAndShowingRemaining() {
+    func `cursor switcher falls back to on demand budget when plan exhausted and showing remaining`() {
         let primary = RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
         let secondary = RateWindow(usedPercent: 36, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
-        let snapshot = self.makeSnapshot(primary: primary, secondary: secondary)
+        let providerCost = ProviderCostSnapshot(
+            used: 12,
+            limit: 200,
+            currencyCode: "USD",
+            updatedAt: Date())
+        let snapshot = self.makeSnapshot(primary: primary, secondary: secondary, providerCost: providerCost)
 
         let percent = StatusItemController.switcherWeeklyMetricPercent(
             for: .cursor,
             snapshot: snapshot,
             showUsed: false)
 
-        #expect(percent == 64)
+        #expect(percent == 94)
     }
 
     @Test
-    func cursorSwitcherUsesPrimaryWhenShowingUsed() {
+    func `cursor switcher uses primary when showing used`() {
         let primary = RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
         let secondary = RateWindow(usedPercent: 36, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
         let snapshot = self.makeSnapshot(primary: primary, secondary: secondary)
@@ -38,7 +74,7 @@ struct StatusItemControllerMenuTests {
     }
 
     @Test
-    func cursorSwitcherKeepsPrimaryWhenRemainingIsPositive() {
+    func `cursor switcher keeps primary when remaining is positive`() {
         let primary = RateWindow(usedPercent: 20, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
         let secondary = RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
         let snapshot = self.makeSnapshot(primary: primary, secondary: secondary)
@@ -52,57 +88,77 @@ struct StatusItemControllerMenuTests {
     }
 
     @Test
-    func openRouterBrandFallbackEnabledWhenNoKeyLimitConfigured() {
-        let snapshot = OpenRouterUsageSnapshot(
-            totalCredits: 50,
-            totalUsage: 45,
-            balance: 5,
-            usedPercent: 90,
-            keyDataFetched: true,
-            keyLimit: nil,
-            keyUsage: nil,
-            rateLimit: nil,
-            updatedAt: Date()).toUsageSnapshot()
-
-        #expect(StatusItemController.shouldUseOpenRouterBrandFallback(
-            provider: .openrouter,
-            snapshot: snapshot))
-        #expect(MenuBarDisplayText.percentText(window: snapshot.primary, showUsed: false) == nil)
+    func `cursor switcher does not treat auto lane as extra remaining quota`() {
+        let primary = RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
+        let secondary = RateWindow(usedPercent: 36, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
+        let snapshot = self.makeSnapshot(primary: primary, secondary: secondary)
+
+        let percent = StatusItemController.switcherWeeklyMetricPercent(
+            for: .cursor,
+            snapshot: snapshot,
+            showUsed: false)
+
+        #expect(percent == 0)
+    }
+
+    @Test
+    func `perplexity switcher falls back after recurring credits are exhausted`() {
+        let primary = RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
+        let secondary = RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
+        let tertiary = RateWindow(usedPercent: 24, windowMinutes: nil, resetsAt: nil, resetDescription: nil)
+        let snapshot = self.makeSnapshot(primary: primary, secondary: secondary, tertiary: tertiary)
+
+        let percent = StatusItemController.switcherWeeklyMetricPercent(
+            for: .perplexity,
+            snapshot: snapshot,
+            showUsed: false)
+
+        #expect(percent == 76)
     }
 
     @Test
-    func openRouterBrandFallbackDisabledWhenKeyQuotaFetchUnavailable() {
-        let snapshot = OpenRouterUsageSnapshot(
-            totalCredits: 50,
-            totalUsage: 45,
-            balance: 5,
-            usedPercent: 90,
-            keyDataFetched: false,
-            keyLimit: nil,
-            keyUsage: nil,
-            rateLimit: nil,
-            updatedAt: Date()).toUsageSnapshot()
-
-        #expect(!StatusItemController.shouldUseOpenRouterBrandFallback(
-            provider: .openrouter,
-            snapshot: snapshot))
+    @MainActor
+    func `menu card width stays at base width when menu accessories are present`() {
+        let shortcutMenu = NSMenu()
+        let refreshItem = NSMenuItem(title: "Refresh", action: nil, keyEquivalent: "r")
+        shortcutMenu.addItem(refreshItem)
+        #expect(ceil(shortcutMenu.size.width) < 310)
+
+        let submenuMenu = NSMenu()
+        let parentItem = NSMenuItem(title: "Session", action: nil, keyEquivalent: "")
+        parentItem.submenu = NSMenu(title: "Session")
+        submenuMenu.addItem(parentItem)
+        #expect(ceil(submenuMenu.size.width) < 310)
     }
 
     @Test
-    func openRouterBrandFallbackDisabledWhenKeyQuotaAvailable() {
-        let snapshot = OpenRouterUsageSnapshot(
-            totalCredits: 50,
-            totalUsage: 45,
-            balance: 5,
-            usedPercent: 90,
-            keyLimit: 20,
-            keyUsage: 2,
-            rateLimit: nil,
-            updatedAt: Date()).toUsageSnapshot()
-
-        #expect(!StatusItemController.shouldUseOpenRouterBrandFallback(
-            provider: .openrouter,
-            snapshot: snapshot))
-        #expect(snapshot.primary?.usedPercent == 10)
+    @MainActor
+    func `update menu action installs prepared update instead of checking again`() throws {
+        let suite = "StatusItemControllerMenuTests-\(UUID().uuidString)"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let updater = RecordingUpdater()
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: updater,
+            preferencesSelection: PreferencesSelection(),
+            statusBar: .system)
+
+        controller.installUpdate()
+
+        #expect(updater.installUpdateCount == 1)
+        #expect(updater.checkForUpdatesCount == 0)
     }
 }
diff --git a/Tests/CodexBarTests/StatusItemControllerShutdownTests.swift b/Tests/CodexBarTests/StatusItemControllerShutdownTests.swift
new file mode 100644
index 000000000..73a427366
--- /dev/null
+++ b/Tests/CodexBarTests/StatusItemControllerShutdownTests.swift
@@ -0,0 +1,71 @@
+import AppKit
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+@MainActor
+@Suite(.serialized)
+struct StatusItemControllerShutdownTests {
+    @Test
+    func `app shutdown closes tracked menus and removes status items`() {
+        StatusItemController.menuCardRenderingEnabled = false
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        defer {
+            StatusItemController.menuCardRenderingEnabled = !SettingsStore.isRunningTests
+            StatusItemController.resetMenuRefreshEnabledForTesting()
+        }
+
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        let registry = ProviderRegistry.shared
+        if let codexMetadata = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMetadata, enabled: true)
+        }
+        if let claudeMetadata = registry.metadata[.claude] {
+            settings.setProviderEnabled(provider: .claude, metadata: claudeMetadata, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: .system)
+
+        let menu = controller.makeMenu()
+        controller.menuWillOpen(menu)
+        let key = ObjectIdentifier(menu)
+        controller.menuRefreshTasks[key] = Task { try? await Task.sleep(for: .seconds(30)) }
+
+        #expect(controller.openMenus[key] === menu)
+        #expect(controller.statusItem.menu != nil)
+
+        controller.prepareForAppShutdown()
+        controller.prepareForAppShutdown()
+
+        #expect(controller.hasPreparedForAppShutdown)
+        #expect(controller.openMenus.isEmpty)
+        #expect(controller.menuRefreshTasks.isEmpty)
+        #expect(controller.providerSwitcherShortcutEventMonitor == nil)
+        #expect(controller.statusItem.menu == nil)
+        #expect(controller.statusItems.isEmpty)
+        #expect(controller.providerMenus.isEmpty)
+        #expect(controller.mergedMenu == nil)
+    }
+
+    private func makeSettings() -> SettingsStore {
+        let suite = "StatusItemControllerShutdownTests-\(UUID().uuidString)"
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+    }
+}
diff --git a/Tests/CodexBarTests/StatusItemControllerSplitLifecycleTests.swift b/Tests/CodexBarTests/StatusItemControllerSplitLifecycleTests.swift
new file mode 100644
index 000000000..86d247d9d
--- /dev/null
+++ b/Tests/CodexBarTests/StatusItemControllerSplitLifecycleTests.swift
@@ -0,0 +1,238 @@
+import AppKit
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+@MainActor
+@Suite(.serialized)
+struct StatusItemControllerSplitLifecycleTests {
+    private func disableMenuCardsForTesting() {
+        StatusItemController.menuCardRenderingEnabled = false
+        StatusItemController.setMenuRefreshEnabledForTesting(false)
+    }
+
+    private func makeStatusBarForTesting() -> NSStatusBar {
+        .system
+    }
+
+    private func makeSettings() -> SettingsStore {
+        let suite = "StatusItemControllerSplitLifecycleTests-\(UUID().uuidString)"
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+    }
+
+    private func containsHostingView(_ view: NSView) -> Bool {
+        if String(describing: type(of: view)).contains("NSHostingView") {
+            return true
+        }
+        return view.subviews.contains { self.containsHostingView($0) }
+    }
+
+    private func makeSplitController() throws -> (SettingsStore, StatusItemController) {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.providerDetectionCompleted = true
+
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            if let metadata = registry.metadata[provider] {
+                settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: false)
+            }
+        }
+        try settings.setProviderEnabled(provider: .codex, metadata: #require(registry.metadata[.codex]), enabled: true)
+        try settings.setProviderEnabled(
+            provider: .claude,
+            metadata: #require(registry.metadata[.claude]),
+            enabled: true)
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        return (settings, controller)
+    }
+
+    @Test
+    func `merged mode removes split provider status items`() throws {
+        let (settings, controller) = try self.makeSplitController()
+        defer { controller.releaseStatusItemsForTesting() }
+
+        #expect(controller.statusItems[.codex] != nil)
+        #expect(controller.statusItems[.claude] != nil)
+
+        settings.mergeIcons = true
+        controller.handleProviderConfigChange(reason: "test")
+
+        #expect(controller.statusItem.isVisible == true)
+        #expect(controller.statusItems.isEmpty)
+    }
+
+    @Test
+    func `menu bar icons stay appkit hosted`() throws {
+        let (settings, controller) = try self.makeSplitController()
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let codexButton = try #require(controller.statusItems[.codex]?.button)
+        #expect(codexButton.image != nil)
+        #expect(!self.containsHostingView(codexButton))
+
+        settings.mergeIcons = true
+        controller.handleProviderConfigChange(reason: "test")
+
+        let mergedButton = try #require(controller.statusItem.button)
+        #expect(mergedButton.image != nil)
+        #expect(!self.containsHostingView(mergedButton))
+    }
+
+    @Test
+    func `status items publish stable non persistent manager identity`() throws {
+        let (_, controller) = try self.makeSplitController()
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let codexButton = try #require(controller.statusItems[.codex]?.button)
+        let claudeButton = try #require(controller.statusItems[.claude]?.button)
+
+        #expect(!controller.statusItem.autosaveName.hasPrefix("CodexBar."))
+        #expect(controller.statusItems[.codex]?.autosaveName.hasPrefix("CodexBar.") == false)
+        #expect(controller.statusItems[.claude]?.autosaveName.hasPrefix("CodexBar.") == false)
+        #expect(controller.statusItem.button?.accessibilityIdentifier() == "CodexBar.StatusItem")
+        #expect(codexButton.accessibilityIdentifier() == "CodexBar.StatusItem.codex")
+        #expect(claudeButton.accessibilityIdentifier() == "CodexBar.StatusItem.claude")
+        #expect(controller.statusItem.button?.accessibilityTitle() == "CodexBar")
+        #expect(codexButton.accessibilityTitle() == "CodexBar")
+        #expect(claudeButton.accessibilityTitle() == "CodexBar")
+    }
+
+    @Test
+    func `status item defaults repair removes stale hidden Control Center keys once`() throws {
+        let suite = "StatusItemControllerSplitLifecycleTests-repair-\(UUID().uuidString)"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        defaults.set(false, forKey: "NSStatusItem VisibleCC Item-0")
+        defaults.set(0, forKey: "NSStatusItem VisibleCC Item-12")
+        defaults.set(false, forKey: "NSStatusItem VisibleCC codexbar-merged")
+        defaults.set(true, forKey: "NSStatusItem VisibleCC Item-1")
+        defaults.set(false, forKey: "NSStatusItem VisibleCC com.apple.clock")
+        defer {
+            defaults.removePersistentDomain(forName: suite)
+        }
+
+        let repairedKeys = MenuBarStatusItemDefaultsRepair.repairHiddenVisibilityDefaultsIfNeeded(defaults: defaults)
+
+        #expect(repairedKeys == [
+            "NSStatusItem VisibleCC Item-0",
+            "NSStatusItem VisibleCC Item-12",
+            "NSStatusItem VisibleCC codexbar-merged",
+        ])
+        #expect(defaults.object(forKey: "NSStatusItem VisibleCC Item-0") == nil)
+        #expect(defaults.object(forKey: "NSStatusItem VisibleCC Item-12") == nil)
+        #expect(defaults.object(forKey: "NSStatusItem VisibleCC codexbar-merged") == nil)
+        #expect(defaults.bool(forKey: "NSStatusItem VisibleCC Item-1"))
+        #expect(defaults.object(forKey: "NSStatusItem VisibleCC com.apple.clock") != nil)
+
+        defaults.set(false, forKey: "NSStatusItem VisibleCC Item-2")
+        #expect(MenuBarStatusItemDefaultsRepair.repairHiddenVisibilityDefaultsIfNeeded(defaults: defaults).isEmpty)
+        #expect(defaults.object(forKey: "NSStatusItem VisibleCC Item-2") != nil)
+    }
+
+    @Test
+    func `non destructive visibility refresh preserves split provider status items`() throws {
+        let (_, controller) = try self.makeSplitController()
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let oldCodexItem = try #require(controller.statusItems[.codex])
+        let oldClaudeItem = try #require(controller.statusItems[.claude])
+        let oldCodexButton = try #require(oldCodexItem.button)
+
+        controller.refreshExistingStatusItemsForVisibilityRecovery()
+
+        let newCodexItem = try #require(controller.statusItems[.codex])
+        let newClaudeItem = try #require(controller.statusItems[.claude])
+        #expect(newCodexItem === oldCodexItem)
+        #expect(newClaudeItem === oldClaudeItem)
+        #expect(newCodexItem.button === oldCodexButton)
+        #expect(!newCodexItem.autosaveName.hasPrefix("CodexBar."))
+        #expect(newCodexItem.button?.accessibilityIdentifier() == "CodexBar.StatusItem.codex")
+    }
+
+    @Test
+    func `non destructive visibility refresh preserves merged status item`() throws {
+        let (settings, controller) = try self.makeSplitController()
+        defer { controller.releaseStatusItemsForTesting() }
+
+        settings.mergeIcons = true
+        controller.handleProviderConfigChange(reason: "test")
+        let oldMergedItem = controller.statusItem
+        let oldMergedButton = try #require(controller.statusItem.button)
+
+        controller.refreshExistingStatusItemsForVisibilityRecovery()
+
+        #expect(controller.statusItem === oldMergedItem)
+        #expect(controller.statusItem.button === oldMergedButton)
+        #expect(!controller.statusItem.autosaveName.hasPrefix("CodexBar."))
+        #expect(controller.statusItem.button?.accessibilityIdentifier() == "CodexBar.StatusItem")
+    }
+
+    @Test
+    func `recreation produces immediately healthy snapshots for synchronous guidance check`() throws {
+        // verifyScreenChangeRecoveryIfNeeded does a synchronous re-check immediately after
+        // the single recreation to decide whether to show macOS 26 Allow-in-Menu-Bar guidance.
+        // AppKit must materialise the button and window before returning from
+        // recreateStatusItemsForVisibilityRecovery, so the item must not appear blocked at
+        // that point. Only a genuine system-level block would leave it blocked — which is
+        // exactly the case where guidance is useful.
+        let (_, controller) = try self.makeSplitController()
+        defer { controller.releaseStatusItemsForTesting() }
+
+        controller.recreateStatusItemsForVisibilityRecovery()
+
+        let allItems = [controller.statusItem] + Array(controller.statusItems.values)
+        let snapshots = MenuBarVisibilityWatcher.visibilitySnapshots(allItems)
+        #expect(!MenuBarVisibilityWatcher.hasAnyBlockedVisibleSnapshot(snapshots))
+    }
+
+    @Test
+    func `visibility recovery recreates split provider status items`() throws {
+        let (_, controller) = try self.makeSplitController()
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let oldCodexItem = try #require(controller.statusItems[.codex])
+        controller.recreateStatusItemsForVisibilityRecovery()
+
+        let newCodexItem = try #require(controller.statusItems[.codex])
+        #expect(newCodexItem !== oldCodexItem)
+        #expect(!newCodexItem.autosaveName.hasPrefix("CodexBar."))
+        #expect(newCodexItem.button?.accessibilityIdentifier() == "CodexBar.StatusItem.codex")
+    }
+
+    @Test
+    func `visibility recovery renders replacement merged status item`() throws {
+        let (settings, controller) = try self.makeSplitController()
+        defer { controller.releaseStatusItemsForTesting() }
+
+        settings.mergeIcons = true
+        controller.handleProviderConfigChange(reason: "test")
+        let renderedSignature = try #require(controller.lastAppliedMergedIconRenderSignature)
+
+        controller.lastAppliedMergedIconRenderSignature = renderedSignature
+        controller.recreateStatusItemsForVisibilityRecovery()
+
+        let mergedButton = try #require(controller.statusItem.button)
+        #expect(mergedButton.image != nil)
+        #expect(!controller.statusItem.autosaveName.hasPrefix("CodexBar."))
+        #expect(mergedButton.accessibilityIdentifier() == "CodexBar.StatusItem")
+    }
+}
diff --git a/Tests/CodexBarTests/StatusItemExtraUsageMetricTests.swift b/Tests/CodexBarTests/StatusItemExtraUsageMetricTests.swift
new file mode 100644
index 000000000..3ef14df71
--- /dev/null
+++ b/Tests/CodexBarTests/StatusItemExtraUsageMetricTests.swift
@@ -0,0 +1,160 @@
+import AppKit
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+@MainActor
+struct StatusItemExtraUsageMetricTests {
+    private func makeStatusBarForTesting() -> NSStatusBar {
+        let env = ProcessInfo.processInfo.environment
+        if env["GITHUB_ACTIONS"] == "true" || env["CI"] == "true" {
+            return .system
+        }
+        return NSStatusBar()
+    }
+
+    @Test
+    func `menu bar extra usage preference uses cursor on demand budget`() {
+        let (store, controller) = self.makeCursorController(suiteName: "StatusItemExtraUsageMetricTests-budget")
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 20, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 72, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            providerCost: ProviderCostSnapshot(
+                used: 15,
+                limit: 100,
+                currencyCode: "USD",
+                updatedAt: Date()),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(snapshot, provider: .cursor)
+        store._setErrorForTesting(nil, provider: .cursor)
+
+        let window = controller.menuBarMetricWindow(for: .cursor, snapshot: snapshot)
+
+        #expect(window?.usedPercent == 15)
+    }
+
+    @Test
+    func `menu bar extra usage preference falls back to automatic when cursor on demand budget is missing`() {
+        let (store, controller) = self.makeController(
+            suiteName: "StatusItemExtraUsageMetricTests-missing-budget",
+            provider: .cursor)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 72, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: nil,
+            providerCost: nil,
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(snapshot, provider: .cursor)
+        store._setErrorForTesting(nil, provider: .cursor)
+
+        let window = controller.menuBarMetricWindow(for: .cursor, snapshot: snapshot)
+
+        #expect(window?.usedPercent == 72)
+    }
+
+    @Test
+    func `menu bar extra usage preference shows currency spend text for cursor when provider cost exists`() {
+        let (store, controller) = self.makeController(
+            suiteName: "StatusItemExtraUsageMetricTests-cursor-spend-text",
+            provider: .cursor)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 20, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 72, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            providerCost: ProviderCostSnapshot(
+                used: 12.34,
+                limit: 100,
+                currencyCode: "USD",
+                updatedAt: Date()),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(snapshot, provider: .cursor)
+        store._setErrorForTesting(nil, provider: .cursor)
+
+        let displayText = controller.menuBarDisplayText(for: .cursor, snapshot: snapshot)
+
+        #expect(displayText == "$12.34")
+    }
+
+    @Test
+    func `menu bar extra usage preference shows currency spend text for claude when provider cost exists`() {
+        let (store, controller) = self.makeController(
+            suiteName: "StatusItemExtraUsageMetricTests-claude-spend-text",
+            provider: .claude)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 42, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            tertiary: nil,
+            providerCost: ProviderCostSnapshot(
+                used: 88.8,
+                limit: 200,
+                currencyCode: "USD",
+                period: "Monthly",
+                updatedAt: Date()),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(snapshot, provider: .claude)
+        store._setErrorForTesting(nil, provider: .claude)
+
+        let displayText = controller.menuBarDisplayText(for: .claude, snapshot: snapshot)
+
+        #expect(displayText == "$88.80")
+    }
+
+    @Test
+    func `menu bar extra usage preference falls back to existing percent text when provider cost is unavailable`() {
+        let (store, controller) = self.makeController(
+            suiteName: "StatusItemExtraUsageMetricTests-fallback-percent",
+            provider: .cursor)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 72, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: nil,
+            providerCost: nil,
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(snapshot, provider: .cursor)
+        store._setErrorForTesting(nil, provider: .cursor)
+
+        let displayText = controller.menuBarDisplayText(for: .cursor, snapshot: snapshot)
+
+        #expect(displayText == "72%")
+    }
+
+    private func makeCursorController(suiteName: String) -> (UsageStore, StatusItemController) {
+        self.makeController(suiteName: suiteName, provider: .cursor)
+    }
+
+    private func makeController(suiteName: String, provider: UsageProvider) -> (UsageStore, StatusItemController) {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: suiteName),
+            zaiTokenStore: NoopZaiTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = provider
+        settings.menuBarDisplayMode = .percent
+        settings.usageBarsShowUsed = true
+        settings.setMenuBarMetricPreference(.extraUsage, for: provider)
+
+        let registry = ProviderRegistry.shared
+        if let metadata = registry.metadata[provider] {
+            settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        return (store, controller)
+    }
+}
diff --git a/Tests/CodexBarTests/StatusItemIconObservationSignatureTests.swift b/Tests/CodexBarTests/StatusItemIconObservationSignatureTests.swift
new file mode 100644
index 000000000..6660c264e
--- /dev/null
+++ b/Tests/CodexBarTests/StatusItemIconObservationSignatureTests.swift
@@ -0,0 +1,89 @@
+import AppKit
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+@MainActor
+@Suite(.serialized)
+struct StatusItemIconObservationSignatureTests {
+    private func makeController(suiteName: String) -> (SettingsStore, UsageStore, StatusItemController) {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: suiteName),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = true
+        settings.refreshFrequency = .manual
+        settings.menuBarShowsBrandIconWithPercent = false
+        settings.mergeIcons = true
+
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        store._setSnapshotForTesting(Self.makeSnapshot(provider: .codex, email: "icon@example.com"), provider: .codex)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: .system)
+        return (settings, store, controller)
+    }
+
+    @Test
+    func `store icon observation signature ignores refresh and status metadata churn`() {
+        let (_, store, controller) = self.makeController(
+            suiteName: "StatusItemIconObservationSignatureTests-refresh-metadata")
+        defer { controller.releaseStatusItemsForTesting() }
+
+        store.statuses[.codex] = ProviderStatus(
+            indicator: .none,
+            description: "initial",
+            updatedAt: Date(timeIntervalSince1970: 10))
+        let baseline = controller.storeIconObservationSignature()
+
+        store.isRefreshing = true
+        store.statuses[.codex] = ProviderStatus(
+            indicator: .none,
+            description: "same indicator, newer timestamp",
+            updatedAt: Date(timeIntervalSince1970: 20))
+
+        #expect(controller.storeIconObservationSignature() == baseline)
+    }
+
+    @Test
+    func `store icon observation signature changes when status indicator changes`() {
+        let (_, store, controller) = self.makeController(
+            suiteName: "StatusItemIconObservationSignatureTests-status-indicator")
+        defer { controller.releaseStatusItemsForTesting() }
+
+        store.statuses[.codex] = ProviderStatus(
+            indicator: .none,
+            description: "initial",
+            updatedAt: Date(timeIntervalSince1970: 10))
+        let baseline = controller.storeIconObservationSignature()
+
+        store.statuses[.codex] = ProviderStatus(
+            indicator: .major,
+            description: "major outage",
+            updatedAt: Date(timeIntervalSince1970: 20))
+
+        #expect(controller.storeIconObservationSignature() != baseline)
+    }
+
+    private static func makeSnapshot(provider: UsageProvider, email: String) -> UsageSnapshot {
+        UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 20, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date(timeIntervalSince1970: 100),
+            identity: ProviderIdentitySnapshot(
+                providerID: provider,
+                accountEmail: email,
+                accountOrganization: nil,
+                loginMethod: "plus"))
+    }
+}
diff --git a/Tests/CodexBarTests/StatusItemPurchaseURLTests.swift b/Tests/CodexBarTests/StatusItemPurchaseURLTests.swift
new file mode 100644
index 000000000..58d126e37
--- /dev/null
+++ b/Tests/CodexBarTests/StatusItemPurchaseURLTests.swift
@@ -0,0 +1,49 @@
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct StatusItemPurchaseURLTests {
+    @Test
+    @MainActor
+    func `purchase URL accepts ChatGPT hosts`() {
+        #expect(
+            StatusItemController.sanitizedCreditsPurchaseURL("https://chatgpt.com/settings/billing")
+                == "https://chatgpt.com/settings/billing")
+        #expect(
+            StatusItemController
+                .sanitizedCreditsPurchaseURL("https://chatgpt.com/usage/credits?token=secret#fragment")
+                == "https://chatgpt.com/usage/credits")
+        #expect(
+            StatusItemController.sanitizedCreditsPurchaseURL("https://team.chatgpt.com/settings/billing")
+                == "https://team.chatgpt.com/settings/billing")
+    }
+
+    @Test
+    @MainActor
+    func `purchase URL rejects lookalike hosts`() {
+        #expect(
+            StatusItemController
+                .sanitizedCreditsPurchaseURL("https://chatgpt.com.evil.example/settings/billing") == nil)
+        #expect(
+            StatusItemController.sanitizedCreditsPurchaseURL("https://evil-chatgpt.com/settings/billing")
+                == nil)
+        #expect(
+            StatusItemController.sanitizedCreditsPurchaseURL("https://notchatgpt.com/settings/billing")
+                == nil)
+    }
+
+    @Test
+    @MainActor
+    func `purchase URL rejects non HTTPS and unrelated paths`() {
+        #expect(
+            StatusItemController.sanitizedCreditsPurchaseURL("http://chatgpt.com/settings/billing")
+                == nil)
+        #expect(
+            StatusItemController.sanitizedCreditsPurchaseURL("https://chatgpt.com/backend-api/accounts")
+                == nil)
+        #expect(
+            StatusItemController.sanitizedCreditsPurchaseURL("https://chatgpt.com/backend-api/settings-token")
+                == nil)
+        #expect(StatusItemController.sanitizedCreditsPurchaseURL("not a url") == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/StatusItemQuotaWarningFlashTests.swift b/Tests/CodexBarTests/StatusItemQuotaWarningFlashTests.swift
new file mode 100644
index 000000000..abf10e6d4
--- /dev/null
+++ b/Tests/CodexBarTests/StatusItemQuotaWarningFlashTests.swift
@@ -0,0 +1,98 @@
+import AppKit
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+@MainActor
+@Suite(.serialized)
+struct StatusItemQuotaWarningFlashTests {
+    private func makeStatusBarForTesting() -> NSStatusBar {
+        NSStatusBar.system
+    }
+
+    @Test
+    func `quota warning flash state lasts for configured duration`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "StatusItemQuotaWarningFlashTests-duration"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let now = Date()
+        controller.startQuotaWarningFlash(provider: .codex, postedAt: now)
+
+        #expect(controller.quotaWarningFlashActive(provider: .codex, now: now.addingTimeInterval(59)) == true)
+        #expect(controller.quotaWarningFlashActive(provider: .codex, now: now.addingTimeInterval(61)) == false)
+    }
+
+    @Test
+    func `quota warning flash image draws non template red overlay`() throws {
+        let size = NSSize(width: 16, height: 16)
+        let base = NSImage(size: size)
+        base.lockFocus()
+        NSColor.black.setFill()
+        NSBezierPath(rect: NSRect(origin: .zero, size: size)).fill()
+        base.unlockFocus()
+        base.isTemplate = true
+
+        let output = StatusItemController.quotaWarningFlashImage(base: base)
+        let outputData = try #require(output.tiffRepresentation)
+        let outputRep = try #require(NSBitmapImageRep(data: outputData))
+        let center = try #require(outputRep.colorAt(x: 8, y: 8))
+
+        #expect(output.isTemplate == false)
+        #expect(center.redComponent > center.blueComponent)
+    }
+
+    @Test
+    func `merged icon render signature includes quota warning flash for selected provider`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "StatusItemQuotaWarningFlashTests-merged"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .codex
+        settings.menuBarShowsBrandIconWithPercent = false
+
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        if let openRouterMeta = registry.metadata[.openrouter] {
+            settings.setProviderEnabled(provider: .openrouter, metadata: openRouterMeta, enabled: true)
+        }
+        settings.openRouterAPIToken = "or-token"
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 50, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        controller.startQuotaWarningFlash(provider: .codex)
+
+        #expect(controller.lastAppliedMergedIconRenderSignature?.contains("warningFlash=1") == true)
+    }
+}
diff --git a/Tests/CodexBarTests/StatusMenuCodexSwitcherPresentationTests.swift b/Tests/CodexBarTests/StatusMenuCodexSwitcherPresentationTests.swift
new file mode 100644
index 000000000..cf65a2102
--- /dev/null
+++ b/Tests/CodexBarTests/StatusMenuCodexSwitcherPresentationTests.swift
@@ -0,0 +1,279 @@
+import AppKit
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+@MainActor
+struct StatusMenuCodexSwitcherPresentationTests {
+    private func disableMenuCardsForTesting() {
+        StatusItemController.menuCardRenderingEnabled = false
+        StatusItemController.setMenuRefreshEnabledForTesting(false)
+    }
+
+    private func makeSettings() -> SettingsStore {
+        let suite = "StatusMenuCodexSwitcherPresentationTests-\(UUID().uuidString)"
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+    }
+
+    private func makeManagedAccountStoreURL(accounts: [ManagedCodexAccount]) throws -> URL {
+        let storeURL = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+        let store = FileManagedCodexAccountStore(fileURL: storeURL)
+        try store.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: accounts))
+        return storeURL
+    }
+
+    private func enableOnlyCodex(_ settings: SettingsStore) {
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            guard let metadata = registry.metadata[provider] else { continue }
+            settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: provider == .codex)
+        }
+    }
+
+    private func representedIDs(in menu: NSMenu) -> [String] {
+        menu.items.compactMap { $0.representedObject as? String }
+    }
+
+    private func snapshot(email: String, percent: Double = 12) -> UsageSnapshot {
+        UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: percent,
+                windowMinutes: 300,
+                resetsAt: Date().addingTimeInterval(300),
+                resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: percent,
+                windowMinutes: 10080,
+                resetsAt: Date().addingTimeInterval(86400),
+                resetDescription: nil),
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: email,
+                accountOrganization: nil,
+                loginMethod: "Plus"))
+    }
+
+    @Test
+    func `codex account ordering keeps workspace groups contiguous`() {
+        let teamActive = CodexVisibleAccount(
+            id: "team-a-active",
+            email: "active@example.com",
+            workspaceLabel: "Team A",
+            workspaceAccountID: "team-a",
+            storedAccountID: UUID(),
+            selectionSource: .managedAccount(id: UUID()),
+            isActive: true,
+            isLive: false,
+            canReauthenticate: true,
+            canRemove: true)
+        let teamHighQuota = CodexVisibleAccount(
+            id: "team-b-high-quota",
+            email: "high@example.com",
+            workspaceLabel: "Team B",
+            workspaceAccountID: "team-b",
+            storedAccountID: UUID(),
+            selectionSource: .managedAccount(id: UUID()),
+            isActive: false,
+            isLive: false,
+            canReauthenticate: true,
+            canRemove: true)
+        let teamSibling = CodexVisibleAccount(
+            id: "team-a-sibling",
+            email: "sibling@example.com",
+            workspaceLabel: "Team A",
+            workspaceAccountID: "team-a",
+            storedAccountID: UUID(),
+            selectionSource: .managedAccount(id: UUID()),
+            isActive: false,
+            isLive: false,
+            canReauthenticate: true,
+            canRemove: true)
+        let accounts = [teamActive, teamHighQuota, teamSibling]
+        let snapshots = [
+            CodexAccountUsageSnapshot(
+                account: teamActive,
+                snapshot: self.snapshot(email: teamActive.email, percent: 95),
+                error: nil,
+                sourceLabel: "test"),
+            CodexAccountUsageSnapshot(
+                account: teamHighQuota,
+                snapshot: self.snapshot(email: teamHighQuota.email, percent: 10),
+                error: nil,
+                sourceLabel: "test"),
+            CodexAccountUsageSnapshot(
+                account: teamSibling,
+                snapshot: self.snapshot(email: teamSibling.email, percent: 20),
+                error: nil,
+                sourceLabel: "test"),
+        ]
+
+        let ordered = CodexAccountPresentationOrdering.orderedAccounts(
+            accounts,
+            snapshots: snapshots,
+            activeVisibleAccountID: teamActive.id)
+
+        #expect(ordered.map(\.id) == ["team-a-active", "team-a-sibling", "team-b-high-quota"])
+        #expect(ordered.codexWorkspaceSections().map(\.title) == ["Team A", "Team B"])
+        #expect(ordered.codexWorkspaceSections().first?.accounts.map(\.id) == ["team-a-active", "team-a-sibling"])
+    }
+
+    @Test
+    func `codex stacked menu orders by quota and groups workspaces`() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.multiAccountMenuLayout = .stacked
+        self.enableOnlyCodex(settings)
+
+        let lowID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let highID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-222222222222"))
+        let low = ManagedCodexAccount(
+            id: lowID,
+            email: "low@example.com",
+            workspaceLabel: "Team Low",
+            workspaceAccountID: "team-low",
+            managedHomePath: "/tmp/low-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let high = ManagedCodexAccount(
+            id: highID,
+            email: "high@example.com",
+            workspaceLabel: "Team High",
+            workspaceAccountID: "team-high",
+            managedHomePath: "/tmp/high-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let storeURL = try self.makeManagedAccountStoreURL(accounts: [low, high])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "active@example.com",
+            workspaceLabel: "Personal",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings.codexActiveSource = .liveSystem
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        store.codexAccountSnapshots = settings.codexVisibleAccountProjection.visibleAccounts.map { account in
+            let usedPercent = switch account.email {
+            case "high@example.com":
+                10.0
+            case "low@example.com":
+                80.0
+            default:
+                95.0
+            }
+            return CodexAccountUsageSnapshot(
+                account: account,
+                snapshot: self.snapshot(email: account.email, percent: usedPercent),
+                error: nil,
+                sourceLabel: "test")
+        }
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: .system)
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let display = try #require(controller.codexAccountMenuDisplay(for: .codex))
+        #expect(display.accounts.map(\.email) == ["active@example.com", "high@example.com", "low@example.com"])
+        #expect(display.workspaceSections.map(\.title) == ["Personal", "Team High", "Team Low"])
+
+        let menu = controller.makeMenu(for: .codex)
+        controller.menuWillOpen(menu)
+        #expect(self.representedIDs(in: menu).count(where: { $0.hasPrefix("codexWorkspace-") }) == 3)
+    }
+
+    @Test
+    func `codex stacked menu surfaces account health labels`() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.multiAccountMenuLayout = .stacked
+        self.enableOnlyCodex(settings)
+
+        let managedAccountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let managedAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let storeURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings.codexActiveSource = .liveSystem
+
+        let visibleAccount = try #require(settings.codexVisibleAccountProjection.visibleAccounts
+            .first { $0.email == "managed@example.com" })
+
+        #expect(CodexAccountHealth.status(for: visibleAccount, error: "401 Unauthorized")
+            .label == "Needs re-auth")
+    }
+
+    @Test
+    func `codex account snapshot store hydrates current visible accounts`() {
+        let fileURL = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+        defer { try? FileManager.default.removeItem(at: fileURL) }
+
+        let account = CodexVisibleAccount(
+            id: "active@example.com",
+            email: "active@example.com",
+            storedAccountID: nil,
+            selectionSource: .liveSystem,
+            isActive: true,
+            isLive: true,
+            canReauthenticate: true,
+            canRemove: false)
+        let store = FileCodexAccountUsageSnapshotStore(fileURL: fileURL)
+        store.store([
+            CodexAccountUsageSnapshot(
+                account: account,
+                snapshot: self.snapshot(email: account.email, percent: 17),
+                error: nil,
+                sourceLabel: "test"),
+        ])
+
+        let hydrated = store.load(for: [account])
+
+        #expect(hydrated.map(\.id) == [account.id])
+        #expect(hydrated.first?.snapshot?.primary?.usedPercent == 17)
+        #expect(hydrated.first?.account.email == account.email)
+    }
+}
diff --git a/Tests/CodexBarTests/StatusMenuCodexSwitcherTests.swift b/Tests/CodexBarTests/StatusMenuCodexSwitcherTests.swift
new file mode 100644
index 000000000..4ad6ce803
--- /dev/null
+++ b/Tests/CodexBarTests/StatusMenuCodexSwitcherTests.swift
@@ -0,0 +1,1320 @@
+import AppKit
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@Suite(.serialized)
+@MainActor
+struct StatusMenuCodexSwitcherTests {
+    private func disableMenuCardsForTesting() {
+        StatusItemController.menuCardRenderingEnabled = false
+        StatusItemController.setMenuRefreshEnabledForTesting(false)
+    }
+
+    private func makeSettings() -> SettingsStore {
+        let suite = "StatusMenuCodexSwitcherTests-\(UUID().uuidString)"
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+    }
+
+    private func makeStatusBarForTesting() -> NSStatusBar {
+        .system
+    }
+
+    private func enableOnlyCodex(_ settings: SettingsStore) {
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            guard let metadata = registry.metadata[provider] else { continue }
+            settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: provider == .codex)
+        }
+    }
+
+    private func makeManagedAccountStoreURL(accounts: [ManagedCodexAccount]) throws -> URL {
+        let storeURL = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+        let store = FileManagedCodexAccountStore(fileURL: storeURL)
+        try store.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: accounts))
+        return storeURL
+    }
+
+    private func actionLabels(in descriptor: MenuDescriptor) -> [String] {
+        descriptor.sections.flatMap(\.entries).compactMap { entry in
+            guard case let .action(label, _) = entry else { return nil }
+            return label
+        }
+    }
+
+    private func representedIDs(in menu: NSMenu) -> [String] {
+        menu.items.compactMap { $0.representedObject as? String }
+    }
+
+    private func snapshot(email: String, percent: Double = 12) -> UsageSnapshot {
+        UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: percent,
+                windowMinutes: 300,
+                resetsAt: Date().addingTimeInterval(300),
+                resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: percent,
+                windowMinutes: 10080,
+                resetsAt: Date().addingTimeInterval(86400),
+                resetDescription: nil),
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: email,
+                accountOrganization: nil,
+                loginMethod: "Plus"))
+    }
+
+    private func selectCodexVisibleAccountForStatusMenu(
+        id: String,
+        settings: SettingsStore,
+        store: UsageStore) -> Task<Void, Never>?
+    {
+        guard settings.selectCodexVisibleAccount(id: id) else { return nil }
+        _ = store.prepareCodexAccountScopedRefreshIfNeeded()
+        return Task { @MainActor in
+            await store.refreshCodexAccountScopedState(allowDisabled: true)
+        }
+    }
+
+    private func installBlockingCodexProvider(on store: UsageStore, blocker: BlockingStatusMenuCodexFetchStrategy) {
+        let baseSpec = store.providerSpecs[.codex]!
+        store.providerSpecs[.codex] = Self.makeCodexProviderSpec(baseSpec: baseSpec) {
+            try await blocker.awaitResult()
+        }
+    }
+
+    private static func makeCodexProviderSpec(
+        baseSpec: ProviderSpec,
+        loader: @escaping @Sendable () async throws -> UsageSnapshot) -> ProviderSpec
+    {
+        let baseDescriptor = baseSpec.descriptor
+        let strategy = StatusMenuTestCodexFetchStrategy(loader: loader)
+        let descriptor = ProviderDescriptor(
+            id: .codex,
+            metadata: baseDescriptor.metadata,
+            branding: baseDescriptor.branding,
+            tokenCost: baseDescriptor.tokenCost,
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .cli, .oauth],
+                pipeline: ProviderFetchPipeline { _ in [strategy] }),
+            cli: baseDescriptor.cli)
+        return ProviderSpec(
+            style: baseSpec.style,
+            isEnabled: baseSpec.isEnabled,
+            descriptor: descriptor,
+            makeFetchContext: baseSpec.makeFetchContext)
+    }
+
+    @Test
+    func `codex menu shows account switcher and add account action for multiple visible accounts`() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        self.enableOnlyCodex(settings)
+
+        let managedAccountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let managedAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let storeURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings.codexActiveSource = .liveSystem
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let projection = settings.codexVisibleAccountProjection
+        let descriptor = MenuDescriptor.build(
+            provider: .codex,
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updateReady: false)
+
+        #expect(projection.visibleAccounts.map(\.email) == ["live@example.com", "managed@example.com"])
+        #expect(projection.activeVisibleAccountID == "live@example.com")
+        let actionLabels = self.actionLabels(in: descriptor)
+        #expect(actionLabels.contains("Add Account..."))
+        #expect(actionLabels.contains("Switch Account...") == false)
+    }
+
+    @Test
+    func `codex menu hides account switcher when only one visible account exists`() {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        self.enableOnlyCodex(settings)
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "solo@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        defer { settings._test_liveSystemCodexAccount = nil }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let descriptor = MenuDescriptor.build(
+            provider: .codex,
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updateReady: false)
+
+        #expect(settings.codexVisibleAccountProjection.visibleAccounts.map(\.email) == ["solo@example.com"])
+        #expect(self.actionLabels(in: descriptor).contains("Add Account..."))
+    }
+
+    @Test
+    func `codex segmented multi account layout shows account switcher`() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.multiAccountMenuLayout = .segmented
+        self.enableOnlyCodex(settings)
+
+        let managedAccountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let managedAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let storeURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings.codexActiveSource = .liveSystem
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu(for: .codex)
+        controller.menuWillOpen(menu)
+
+        #expect(menu.items.compactMap { $0.view as? CodexAccountSwitcherView }.first != nil)
+        #expect(self.representedIDs(in: menu).filter { $0.hasPrefix("menuCard") } == ["menuCard"])
+    }
+
+    @Test
+    func `merged codex menu smart refresh keeps account switcher visible`() throws {
+        self.disableMenuCardsForTesting()
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        defer { StatusItemController.setMenuRefreshEnabledForTesting(false) }
+
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .codex
+        settings.multiAccountMenuLayout = .segmented
+
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            guard let metadata = registry.metadata[provider] else { continue }
+            settings.setProviderEnabled(
+                provider: provider,
+                metadata: metadata,
+                enabled: provider == .codex || provider == .claude)
+        }
+
+        let managedAccountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let managedAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let storeURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings.codexActiveSource = .liveSystem
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu()
+        controller.menuWillOpen(menu)
+
+        #expect(menu.items.count(where: { $0.view is CodexAccountSwitcherView }) == 1)
+
+        controller.menuContentVersion &+= 1
+        controller.refreshOpenMenusIfNeeded()
+
+        #expect(menu.items.count(where: { $0.view is CodexAccountSwitcherView }) == 1)
+
+        settings._test_liveSystemCodexAccount = nil
+        controller.menuContentVersion &+= 1
+        controller.refreshOpenMenusIfNeeded()
+
+        #expect(menu.items.count(where: { $0.view is CodexAccountSwitcherView }) == 1)
+
+        controller.menuDidClose(menu)
+        controller.menuContentVersion &+= 1
+        controller.menuWillOpen(menu)
+
+        #expect(menu.items.count(where: { $0.view is CodexAccountSwitcherView }) == 0)
+    }
+
+    @Test
+    func `codex menu can select preserved switcher row during transient account projection`() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        self.enableOnlyCodex(settings)
+
+        let managedAccountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let managedAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let storeURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings.codexActiveSource = .managedAccount(id: managedAccountID)
+
+        let liveAccount = try #require(settings.codexVisibleAccountProjection.visibleAccounts
+            .first { $0.selectionSource == .liveSystem })
+        settings._test_liveSystemCodexAccount = nil
+
+        #expect(settings.codexVisibleAccountProjection.visibleAccounts.map(\.email) == ["managed@example.com"])
+        settings.selectDisplayedCodexVisibleAccount(liveAccount)
+        #expect(settings.codexActiveSource == .liveSystem)
+    }
+
+    @Test
+    func `codex stacked multi account layout shows account cards`() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.multiAccountMenuLayout = .stacked
+        self.enableOnlyCodex(settings)
+
+        let managedAccountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let managedAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let storeURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings.codexActiveSource = .liveSystem
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let projection = settings.codexVisibleAccountProjection
+        store.codexAccountSnapshots = projection.visibleAccounts.enumerated().map { index, account in
+            CodexAccountUsageSnapshot(
+                account: account,
+                snapshot: self.snapshot(email: account.email, percent: Double(10 + index)),
+                error: nil,
+                sourceLabel: "test")
+        }
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu(for: .codex)
+        controller.menuWillOpen(menu)
+
+        #expect(menu.items.compactMap { $0.view as? CodexAccountSwitcherView }.first == nil)
+        #expect(self.representedIDs(in: menu).filter { $0.hasPrefix("menuCard") } == ["menuCard-0", "menuCard-1"])
+    }
+
+    @Test
+    func `codex stacked multi account layout shows account cards before per account snapshots load`() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.multiAccountMenuLayout = .stacked
+        self.enableOnlyCodex(settings)
+
+        let managedAccountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let managedAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let storeURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings.codexActiveSource = .liveSystem
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        store._setSnapshotForTesting(self.snapshot(email: "live@example.com"), provider: .codex)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu(for: .codex)
+        controller.menuWillOpen(menu)
+
+        #expect(menu.items.compactMap { $0.view as? CodexAccountSwitcherView }.first == nil)
+        #expect(self.representedIDs(in: menu).filter { $0.hasPrefix("menuCard") } == ["menuCard-0", "menuCard-1"])
+    }
+
+    @Test
+    func `codex switcher suppresses personal labels while preserving team workspace tooltips`() {
+        let accounts = [
+            CodexVisibleAccount(
+                id: "live:provider:account-personal",
+                email: "pl.fr@yandex.com",
+                workspaceLabel: "Personal",
+                workspaceAccountID: "account-personal",
+                storedAccountID: nil,
+                selectionSource: .liveSystem,
+                isActive: true,
+                isLive: true,
+                canReauthenticate: true,
+                canRemove: false),
+            CodexVisibleAccount(
+                id: "managed:aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
+                email: "pl.fr@yandex.com",
+                workspaceLabel: "IDconcepts",
+                workspaceAccountID: "account-team",
+                storedAccountID: UUID(),
+                selectionSource: .managedAccount(id: UUID()),
+                isActive: false,
+                isLive: false,
+                canReauthenticate: true,
+                canRemove: true),
+        ]
+
+        let view = CodexAccountSwitcherView(
+            accounts: accounts,
+            selectedAccountID: accounts.first?.id,
+            width: 220,
+            onSelect: { _ in })
+
+        let titles = view._test_buttonTitles()
+        let toolTips = view._test_buttonToolTips()
+
+        #expect(titles.count == 2)
+        #expect(titles[0] != titles[1])
+        #expect(titles.allSatisfy { $0.lowercased().contains("pl.") })
+        #expect(titles[0].contains("|") == false)
+        #expect(titles[0].lowercased().contains("pers") == false)
+        #expect(titles[1].lowercased().contains("id"))
+        #expect(toolTips == accounts.map(\.menuDisplayName))
+        #expect(accounts[0].displayName == "pl.fr@yandex.com — Personal")
+        #expect(accounts[0].menuDisplayName == "pl.fr@yandex.com")
+    }
+
+    @Test
+    func `codex switcher reports fixed menu width for long account labels`() {
+        let accounts = [
+            CodexVisibleAccount(
+                id: "live:provider:account-personal",
+                email: "managed-account-with-a-very-long-name@example.com",
+                workspaceLabel: nil,
+                workspaceAccountID: "account-managed",
+                storedAccountID: nil,
+                selectionSource: .liveSystem,
+                isActive: true,
+                isLive: true,
+                canReauthenticate: true,
+                canRemove: false),
+            CodexVisibleAccount(
+                id: "managed:aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
+                email: "steipete-with-a-very-long-label@gmail.com",
+                workspaceLabel: nil,
+                workspaceAccountID: "account-gmail",
+                storedAccountID: UUID(),
+                selectionSource: .managedAccount(id: UUID()),
+                isActive: false,
+                isLive: false,
+                canReauthenticate: true,
+                canRemove: true),
+        ]
+
+        let view = CodexAccountSwitcherView(
+            accounts: accounts,
+            selectedAccountID: accounts.first?.id,
+            width: 310,
+            onSelect: { _ in })
+
+        #expect(view.frame.width == 310)
+        #expect(view.intrinsicContentSize.width == 310)
+        #expect(view.fittingSize.width == 310)
+    }
+
+    @Test
+    func `codex switcher middle truncates long account emails`() {
+        let accounts = [
+            CodexVisibleAccount(
+                id: "live:provider:account-personal",
+                email: "local-person-with-an-extremely-long-name@example.com",
+                workspaceLabel: nil,
+                workspaceAccountID: "account-managed",
+                storedAccountID: nil,
+                selectionSource: .liveSystem,
+                isActive: true,
+                isLive: true,
+                canReauthenticate: true,
+                canRemove: false),
+            CodexVisibleAccount(
+                id: "managed:aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
+                email: "second-person-with-an-extremely-long-name@example.com",
+                workspaceLabel: nil,
+                workspaceAccountID: "account-gmail",
+                storedAccountID: UUID(),
+                selectionSource: .managedAccount(id: UUID()),
+                isActive: false,
+                isLive: false,
+                canReauthenticate: true,
+                canRemove: true),
+        ]
+
+        let view = CodexAccountSwitcherView(
+            accounts: accounts,
+            selectedAccountID: accounts.first?.id,
+            width: 220,
+            onSelect: { _ in })
+        let titles = view._test_buttonTitles()
+
+        #expect(titles.count == 2)
+        #expect(titles[0].hasPrefix("local"))
+        #expect(titles[0].contains("…"))
+        #expect(titles[0].hasSuffix(".com"))
+        #expect(titles[1].hasPrefix("second"))
+        #expect(titles[1].contains("…"))
+        #expect(titles[1].hasSuffix(".com"))
+    }
+
+    @Test
+    func `codex account switcher passes the selected displayed account`() throws {
+        let managedID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let accounts = [
+            CodexVisibleAccount(
+                id: "live@example.com",
+                email: "live@example.com",
+                storedAccountID: nil,
+                selectionSource: .liveSystem,
+                isActive: true,
+                isLive: true,
+                canReauthenticate: true,
+                canRemove: false),
+            CodexVisibleAccount(
+                id: "managed@example.com",
+                email: "managed@example.com",
+                storedAccountID: managedID,
+                selectionSource: .managedAccount(id: managedID),
+                isActive: false,
+                isLive: false,
+                canReauthenticate: true,
+                canRemove: true),
+        ]
+        var selectedAccount: CodexVisibleAccount?
+        let view = CodexAccountSwitcherView(
+            accounts: accounts,
+            selectedAccountID: accounts.first?.id,
+            width: 220,
+            onSelect: { selectedAccount = $0 })
+
+        view._test_selectAccount(id: "managed@example.com")
+
+        #expect(selectedAccount == accounts[1])
+    }
+
+    @Test
+    func `codex menu switcher selection activates the visible managed account`() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        self.enableOnlyCodex(settings)
+
+        let managedAccountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let managedAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let storeURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings.codexActiveSource = .liveSystem
+
+        #expect(settings.selectCodexVisibleAccount(id: "managed@example.com"))
+
+        #expect(settings.codexActiveSource == .managedAccount(id: managedAccountID))
+    }
+
+    @Test
+    func `codex menu switcher clears stale account state on the first click`() async throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.costUsageEnabled = false
+        settings.codexCookieSource = .off
+        self.enableOnlyCodex(settings)
+
+        let managedAccountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let managedAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let storeURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings.codexActiveSource = .liveSystem
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        store._test_codexCreditsLoaderOverride = {
+            CreditsSnapshot(remaining: 0, events: [], updatedAt: Date())
+        }
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(usedPercent: 30, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "live@example.com",
+                    accountOrganization: nil,
+                    loginMethod: "Pro")),
+            provider: .codex)
+        store.lastCodexAccountScopedRefreshGuard = store
+            .currentCodexAccountScopedRefreshGuard(preferCurrentSnapshot: false)
+
+        let blocker = BlockingStatusMenuCodexFetchStrategy()
+        self.installBlockingCodexProvider(on: store, blocker: blocker)
+
+        let refreshTask = try #require(
+            self.selectCodexVisibleAccountForStatusMenu(
+                id: "managed@example.com",
+                settings: settings,
+                store: store))
+
+        await blocker.waitUntilStarted()
+        #expect(settings.codexActiveSource == .managedAccount(id: managedAccountID))
+        #expect(store.snapshots[.codex] == nil)
+
+        await blocker.resume(with: .success(
+            UsageSnapshot(
+                primary: RateWindow(usedPercent: 9, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "managed@example.com",
+                    accountOrganization: nil,
+                    loginMethod: "Pro"))))
+        for _ in 0..<10 where store.snapshots[.codex]?.accountEmail(for: .codex) != "managed@example.com" {
+            try? await Task.sleep(for: .milliseconds(20))
+        }
+        await refreshTask.value
+        #expect(store.snapshots[.codex]?.accountEmail(for: .codex) == "managed@example.com")
+    }
+
+    @Test
+    func `codex account state disables add account while managed authentication is in flight`() async throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        self.enableOnlyCodex(settings)
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        defer { settings._test_liveSystemCodexAccount = nil }
+
+        let root = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: true)
+        defer { try? FileManager.default.removeItem(at: root) }
+
+        let runner = BlockingManagedCodexLoginRunnerForStatusMenuTests()
+        let service = ManagedCodexAccountService(
+            store: InMemoryManagedCodexAccountStoreForStatusMenuTests(),
+            homeFactory: TestManagedCodexHomeFactoryForStatusMenuTests(root: root),
+            loginRunner: runner,
+            identityReader: StubManagedCodexIdentityReaderForStatusMenuTests(email: "managed@example.com"),
+            workspaceResolver: StubManagedCodexWorkspaceResolverForStatusMenuTests())
+        let coordinator = ManagedCodexAccountCoordinator(service: service)
+        let authTask = Task { try await coordinator.authenticateManagedAccount() }
+        await runner.waitUntilStarted()
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let pane = ProvidersPane(
+            settings: settings,
+            store: store,
+            managedCodexAccountCoordinator: coordinator)
+        let state = try #require(pane._test_codexAccountsSectionState())
+
+        #expect(state.canAddAccount == false)
+        #expect(state.isAuthenticatingManagedAccount)
+        #expect(state.addAccountTitle == "Adding Account…")
+
+        await runner.resume()
+        _ = try await authTask.value
+    }
+
+    @Test
+    func `codex account state disables add account when managed store is unreadable`() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        self.enableOnlyCodex(settings)
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings._test_unreadableManagedCodexAccountStore = true
+        defer {
+            settings._test_liveSystemCodexAccount = nil
+            settings._test_unreadableManagedCodexAccountStore = false
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let pane = ProvidersPane(settings: settings, store: store)
+        let state = try #require(pane._test_codexAccountsSectionState())
+
+        #expect(state.hasUnreadableManagedAccountStore)
+        #expect(state.canAddAccount == false)
+    }
+
+    @Test
+    func `codex menu switcher can select managed row when same email rows split by identity`() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        self.enableOnlyCodex(settings)
+
+        let managedHome = FileManager.default.temporaryDirectory.appendingPathComponent(
+            UUID().uuidString,
+            isDirectory: true)
+        let managedAccountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-222222222222"))
+        let managedAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "same@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        try Self.writeCodexAuthFile(
+            homeURL: managedHome,
+            email: "same@example.com",
+            plan: "pro",
+            accountID: "account-managed")
+        let storeURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+            try? FileManager.default.removeItem(at: managedHome)
+        }
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "SAME@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date(),
+            identity: .emailOnly(normalizedEmail: "same@example.com"))
+        settings.codexActiveSource = .liveSystem
+
+        let projection = settings.codexVisibleAccountProjection
+        #expect(projection.visibleAccounts.count == 2)
+        let managedVisibleAccount = try #require(projection.visibleAccounts
+            .first { $0.storedAccountID == managedAccountID })
+
+        #expect(settings.selectCodexVisibleAccount(id: managedVisibleAccount.id))
+        #expect(settings.codexActiveSource == .managedAccount(id: managedAccountID))
+    }
+}
+
+extension StatusMenuCodexSwitcherTests {
+    @Test
+    func `codex account switcher swallows child button hit testing for first click`() throws {
+        let managedID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let accounts = [
+            CodexVisibleAccount(
+                id: "live@example.com",
+                email: "live@example.com",
+                storedAccountID: nil,
+                selectionSource: .liveSystem,
+                isActive: true,
+                isLive: true,
+                canReauthenticate: true,
+                canRemove: false),
+            CodexVisibleAccount(
+                id: "managed@example.com",
+                email: "managed@example.com",
+                storedAccountID: managedID,
+                selectionSource: .managedAccount(id: managedID),
+                isActive: false,
+                isLive: false,
+                canReauthenticate: true,
+                canRemove: true),
+        ]
+        let view = CodexAccountSwitcherView(
+            accounts: accounts,
+            selectedAccountID: accounts.first?.id,
+            width: 220,
+            onSelect: { _ in })
+
+        #expect(view.acceptsFirstMouse(for: nil) == true)
+        #expect(view._test_hitTestSwallowsChildButton(id: "managed@example.com") == true)
+        #expect(view._test_toolTipAfterHitTest(id: "managed@example.com") == "managed@example.com")
+    }
+
+    @Test
+    func `codex account switcher routes runtime click path to selected account`() throws {
+        let managedID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let accounts = [
+            CodexVisibleAccount(
+                id: "live@example.com",
+                email: "live@example.com",
+                storedAccountID: nil,
+                selectionSource: .liveSystem,
+                isActive: true,
+                isLive: true,
+                canReauthenticate: true,
+                canRemove: false),
+            CodexVisibleAccount(
+                id: "managed@example.com",
+                email: "managed@example.com",
+                storedAccountID: managedID,
+                selectionSource: .managedAccount(id: managedID),
+                isActive: false,
+                isLive: false,
+                canReauthenticate: true,
+                canRemove: true),
+        ]
+        var selectedAccount: CodexVisibleAccount?
+        let view = CodexAccountSwitcherView(
+            accounts: accounts,
+            selectedAccountID: accounts.first?.id,
+            width: 220,
+            onSelect: { selectedAccount = $0 })
+
+        #expect(view._test_simulateRuntimeClick(id: "managed@example.com") == true)
+        #expect(selectedAccount == accounts[1])
+    }
+
+    @Test
+    func `codex account switcher runtime click resolves second row buttons`() throws {
+        let managedID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let secondManagedID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-222222222222"))
+        let accounts = [
+            CodexVisibleAccount(
+                id: "live@example.com",
+                email: "live@example.com",
+                storedAccountID: nil,
+                selectionSource: .liveSystem,
+                isActive: true,
+                isLive: true,
+                canReauthenticate: true,
+                canRemove: false),
+            CodexVisibleAccount(
+                id: "managed@example.com",
+                email: "managed@example.com",
+                storedAccountID: managedID,
+                selectionSource: .managedAccount(id: managedID),
+                isActive: false,
+                isLive: false,
+                canReauthenticate: true,
+                canRemove: true),
+            CodexVisibleAccount(
+                id: "team@example.com",
+                email: "team@example.com",
+                storedAccountID: secondManagedID,
+                selectionSource: .managedAccount(id: secondManagedID),
+                isActive: false,
+                isLive: false,
+                canReauthenticate: true,
+                canRemove: true),
+            CodexVisibleAccount(
+                id: "second-row@example.com",
+                email: "second-row@example.com",
+                storedAccountID: nil,
+                selectionSource: .liveSystem,
+                isActive: false,
+                isLive: true,
+                canReauthenticate: true,
+                canRemove: false),
+        ]
+        var selectedAccount: CodexVisibleAccount?
+        let view = CodexAccountSwitcherView(
+            accounts: accounts,
+            selectedAccountID: accounts.first?.id,
+            width: 220,
+            onSelect: { selectedAccount = $0 })
+
+        #expect(view._test_simulateRuntimeClick(id: "second-row@example.com") == true)
+        #expect(selectedAccount == accounts[3])
+    }
+}
+
+@MainActor
+extension StatusMenuCodexSwitcherTests {
+    @Test
+    func `codex account switch defers open menu rebuild until after switcher action`() async throws {
+        self.disableMenuCardsForTesting()
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        defer { StatusItemController.setMenuRefreshEnabledForTesting(false) }
+
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .codex
+        settings.multiAccountMenuLayout = .segmented
+
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            guard let metadata = registry.metadata[provider] else { continue }
+            settings.setProviderEnabled(
+                provider: provider,
+                metadata: metadata,
+                enabled: provider == .codex || provider == .claude)
+        }
+
+        let managedAccountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let managedAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let storeURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings.codexActiveSource = .liveSystem
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        store._setSnapshotForTesting(self.snapshot(email: "live@example.com", percent: 11), provider: .codex)
+        store.lastCodexAccountScopedRefreshGuard = store.currentCodexAccountScopedRefreshGuard(
+            preferCurrentSnapshot: false)
+        let blocker = BlockingStatusMenuCodexFetchStrategy()
+        self.installBlockingCodexProvider(on: store, blocker: blocker)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu()
+        controller.menuWillOpen(menu)
+        let switcher = try #require(menu.items.compactMap { $0.view as? CodexAccountSwitcherView }.first)
+        let managedVisibleAccount = try #require(settings.codexVisibleAccountProjection.visibleAccounts
+            .first { $0.storedAccountID == managedAccountID })
+
+        var rebuildCount = 0
+        controller._test_openMenuRebuildObserver = { _ in
+            rebuildCount += 1
+        }
+        defer { controller._test_openMenuRebuildObserver = nil }
+
+        switcher._test_selectAccount(id: managedVisibleAccount.id)
+
+        #expect(rebuildCount == 0)
+        for _ in 0..<20 where rebuildCount == 0 {
+            await Task.yield()
+        }
+        #expect(rebuildCount == 1)
+
+        await blocker.waitUntilStarted()
+        await blocker.resume(with: .success(self.snapshot(email: "managed@example.com", percent: 17)))
+    }
+
+    @Test
+    func `codex stacked refresh discards selected outcome when visible selection changes mid flight`() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.multiAccountMenuLayout = .stacked
+        self.enableOnlyCodex(settings)
+
+        let managedAccountID = try #require(UUID(uuidString: "AAAAAAAA-BBBB-CCCC-DDDD-111111111111"))
+        let managedAccount = ManagedCodexAccount(
+            id: managedAccountID,
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-home",
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let storeURL = try self.makeManagedAccountStoreURL(accounts: [managedAccount])
+        defer {
+            settings._test_managedCodexAccountStoreURL = nil
+            settings._test_liveSystemCodexAccount = nil
+            try? FileManager.default.removeItem(at: storeURL)
+        }
+
+        settings._test_managedCodexAccountStoreURL = storeURL
+        settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date())
+        settings.codexActiveSource = .liveSystem
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        store._setSnapshotForTesting(self.snapshot(email: "managed@example.com", percent: 77), provider: .codex)
+
+        let projection = settings.codexVisibleAccountProjection
+        let originalVisibleAccountID = projection.activeVisibleAccountID
+        let originalSelectionSource = originalVisibleAccountID.flatMap {
+            projection.source(forVisibleAccountID: $0)
+        }
+        #expect(store.codexVisibleSelectionStillMatches(
+            originalVisibleAccountID: originalVisibleAccountID,
+            originalSelectionSource: originalSelectionSource))
+
+        #expect(settings.selectCodexVisibleAccount(id: "managed@example.com"))
+
+        #expect(settings.codexActiveSource == .managedAccount(id: managedAccountID))
+        #expect(store.codexVisibleSelectionStillMatches(
+            originalVisibleAccountID: originalVisibleAccountID,
+            originalSelectionSource: originalSelectionSource) == false)
+        #expect(store.snapshots[.codex]?.accountEmail(for: .codex) == "managed@example.com")
+        #expect(store.snapshots[.codex]?.primary?.usedPercent == 77)
+    }
+
+    private static func writeCodexAuthFile(
+        homeURL: URL,
+        email: String,
+        plan: String,
+        accountID: String? = nil) throws
+    {
+        try FileManager.default.createDirectory(at: homeURL, withIntermediateDirectories: true)
+        var tokens: [String: Any] = [
+            "accessToken": "access-token",
+            "refreshToken": "refresh-token",
+            "idToken": Self.fakeJWT(email: email, plan: plan, accountID: accountID),
+        ]
+        if let accountID {
+            tokens["account_id"] = accountID
+        }
+        let auth = ["tokens": tokens]
+        let data = try JSONSerialization.data(withJSONObject: auth)
+        try data.write(to: homeURL.appendingPathComponent("auth.json"))
+    }
+
+    private static func fakeJWT(email: String, plan: String, accountID: String? = nil) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        var payloadObject: [String: Any] = [
+            "email": email,
+            "chatgpt_plan_type": plan,
+        ]
+        if let accountID {
+            payloadObject["https://api.openai.com/auth"] = [
+                "chatgpt_account_id": accountID,
+            ]
+        }
+        let payload = (try? JSONSerialization.data(withJSONObject: payloadObject)) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
+}
+
+private struct StatusMenuTestCodexFetchStrategy: ProviderFetchStrategy {
+    let loader: @Sendable () async throws -> UsageSnapshot
+
+    var id: String {
+        "status-menu-test-codex"
+    }
+
+    var kind: ProviderFetchKind {
+        .cli
+    }
+
+    func isAvailable(_: ProviderFetchContext) async -> Bool {
+        true
+    }
+
+    func fetch(_: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let snapshot = try await self.loader()
+        return self.makeResult(usage: snapshot, sourceLabel: "status-menu-test-codex")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+}
+
+private actor BlockingStatusMenuCodexFetchStrategy {
+    private var waiters: [CheckedContinuation<Result<UsageSnapshot, Error>, Never>] = []
+    private var startedWaiters: [(count: Int, continuation: CheckedContinuation<Void, Never>)] = []
+    private var startCount = 0
+
+    func awaitResult() async throws -> UsageSnapshot {
+        let result = await withCheckedContinuation { continuation in
+            self.waiters.append(continuation)
+            self.startCount += 1
+            self.resumeStartedWaitersIfReady()
+        }
+        return try result.get()
+    }
+
+    func waitUntilStarted() async {
+        await self.waitForStartCount(1)
+    }
+
+    func waitForStartCount(_ count: Int) async {
+        if self.startCount >= count { return }
+        await withCheckedContinuation { continuation in
+            self.startedWaiters.append((count, continuation))
+        }
+    }
+
+    func resume(with result: Result<UsageSnapshot, Error>) {
+        self.waiters.forEach { $0.resume(returning: result) }
+        self.waiters.removeAll()
+    }
+
+    private func resumeStartedWaitersIfReady() {
+        let readyWaiters = self.startedWaiters.filter { self.startCount >= $0.count }
+        self.startedWaiters.removeAll { self.startCount >= $0.count }
+        readyWaiters.forEach { $0.continuation.resume() }
+    }
+}
+
+private actor BlockingManagedCodexLoginRunnerForStatusMenuTests: ManagedCodexLoginRunning {
+    private var waiters: [CheckedContinuation<CodexLoginRunner.Result, Never>] = []
+    private var startedWaiters: [CheckedContinuation<Void, Never>] = []
+    private var didStart = false
+
+    func run(homePath _: String, timeout _: TimeInterval) async -> CodexLoginRunner.Result {
+        await withCheckedContinuation { continuation in
+            self.waiters.append(continuation)
+            self.didStart = true
+            self.startedWaiters.forEach { $0.resume() }
+            self.startedWaiters.removeAll()
+        }
+    }
+
+    func waitUntilStarted() async {
+        if self.didStart { return }
+        await withCheckedContinuation { continuation in
+            self.startedWaiters.append(continuation)
+        }
+    }
+
+    func resume() {
+        let result = CodexLoginRunner.Result(outcome: .success, output: "ok")
+        self.waiters.forEach { $0.resume(returning: result) }
+        self.waiters.removeAll()
+    }
+}
+
+private final class InMemoryManagedCodexAccountStoreForStatusMenuTests: ManagedCodexAccountStoring,
+@unchecked Sendable {
+    private var snapshot = ManagedCodexAccountSet(version: 1, accounts: [])
+
+    func loadAccounts() throws -> ManagedCodexAccountSet {
+        self.snapshot
+    }
+
+    func storeAccounts(_ accounts: ManagedCodexAccountSet) throws {
+        self.snapshot = accounts
+    }
+
+    func ensureFileExists() throws -> URL {
+        FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString)
+    }
+}
+
+private struct StubManagedCodexWorkspaceResolverForStatusMenuTests: ManagedCodexWorkspaceResolving {
+    func resolveWorkspaceIdentity(
+        homePath _: String,
+        providerAccountID _: String) async -> CodexOpenAIWorkspaceIdentity?
+    {
+        nil
+    }
+}
+
+private struct TestManagedCodexHomeFactoryForStatusMenuTests: ManagedCodexHomeProducing {
+    let root: URL
+
+    func makeHomeURL() -> URL {
+        self.root.appendingPathComponent(UUID().uuidString, isDirectory: true)
+    }
+
+    func validateManagedHomeForDeletion(_ url: URL) throws {
+        try ManagedCodexHomeFactory(root: self.root).validateManagedHomeForDeletion(url)
+    }
+}
+
+private struct StubManagedCodexIdentityReaderForStatusMenuTests: ManagedCodexIdentityReading {
+    let email: String
+
+    func loadAccountIdentity(homePath _: String) throws -> CodexAuthBackedAccount {
+        CodexAuthBackedAccount(
+            identity: CodexIdentityResolver.resolve(accountId: nil, email: self.email),
+            email: self.email,
+            plan: "Pro")
+    }
+}
diff --git a/Tests/CodexBarTests/StatusMenuCostMenuCardTests.swift b/Tests/CodexBarTests/StatusMenuCostMenuCardTests.swift
new file mode 100644
index 000000000..b1f73389a
--- /dev/null
+++ b/Tests/CodexBarTests/StatusMenuCostMenuCardTests.swift
@@ -0,0 +1,46 @@
+import Testing
+@testable import CodexBar
+
+@MainActor
+@Suite(.serialized)
+struct StatusMenuCostMenuCardTests {
+    @Test
+    func `cost menu fallback keeps visible details in attributed title`() {
+        let tokenUsage = UsageMenuCardView.Model.TokenUsageSection(
+            sessionLine: "Today: $74.83 - 87M tokens",
+            monthLine: "Last 30 days: $4,279.64 - 5.7B tokens",
+            hintLine: "Costs are estimated from local usage.",
+            errorLine: "Cost refresh failed.",
+            errorCopyText: nil)
+
+        let visibleLines = StatusItemController.costMenuVisibleDetailLines(tokenUsage: tokenUsage)
+        #expect(visibleLines == [
+            "Today: $74.83 - 87M tokens",
+            "Last 30 days: $4,279.64 - 5.7B tokens",
+            "Cost refresh failed.",
+        ])
+
+        let fallbackTitle = StatusItemController.costMenuFallbackAttributedTitle(visibleDetailLines: visibleLines)
+        #expect(fallbackTitle.string.contains("Cost"))
+        #expect(fallbackTitle.string.contains("Today: $74.83 - 87M tokens"))
+        #expect(fallbackTitle.string.contains("Last 30 days: $4,279.64 - 5.7B tokens"))
+        #expect(fallbackTitle.string.contains("Cost refresh failed."))
+    }
+
+    @Test
+    func `cost menu tooltip preserves hint and error details`() {
+        let tokenUsage = UsageMenuCardView.Model.TokenUsageSection(
+            sessionLine: "Today: $1.00",
+            monthLine: "Last 30 days: $9.00",
+            hintLine: "Costs are estimated from local usage.",
+            errorLine: "Cost refresh failed.",
+            errorCopyText: nil)
+
+        #expect(StatusItemController.costMenuTooltipLines(tokenUsage: tokenUsage) == [
+            "Today: $1.00",
+            "Last 30 days: $9.00",
+            "Costs are estimated from local usage.",
+            "Cost refresh failed.",
+        ])
+    }
+}
diff --git a/Tests/CodexBarTests/StatusMenuHighlightTests.swift b/Tests/CodexBarTests/StatusMenuHighlightTests.swift
new file mode 100644
index 000000000..96fccbb56
--- /dev/null
+++ b/Tests/CodexBarTests/StatusMenuHighlightTests.swift
@@ -0,0 +1,55 @@
+import AppKit
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+@MainActor
+extension StatusMenuTests {
+    final class HighlightProbeView: NSView, MenuCardHighlighting {
+        private(set) var states: [Bool] = []
+
+        func setHighlighted(_ highlighted: Bool) {
+            self.states.append(highlighted)
+        }
+    }
+
+    @Test
+    func `menu highlight updates only previous and current custom rows`() {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        let store = self.makeCodexStore(settings: settings, dashboardAuthorized: false)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: UsageFetcher().loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = NSMenu()
+        let firstView = HighlightProbeView()
+        let secondView = HighlightProbeView()
+        let thirdView = HighlightProbeView()
+        let first = NSMenuItem()
+        first.view = firstView
+        first.isEnabled = true
+        let second = NSMenuItem()
+        second.view = secondView
+        second.isEnabled = true
+        let third = NSMenuItem()
+        third.view = thirdView
+        third.isEnabled = true
+        menu.addItem(first)
+        menu.addItem(second)
+        menu.addItem(third)
+
+        controller.menu(menu, willHighlight: first)
+        controller.menu(menu, willHighlight: second)
+        controller.menu(menu, willHighlight: second)
+
+        #expect(firstView.states == [true, false])
+        #expect(secondView.states == [true])
+        #expect(thirdView.states.isEmpty)
+    }
+}
diff --git a/Tests/CodexBarTests/StatusMenuHostedSubmenuRefreshTests.swift b/Tests/CodexBarTests/StatusMenuHostedSubmenuRefreshTests.swift
new file mode 100644
index 000000000..845c2ab6c
--- /dev/null
+++ b/Tests/CodexBarTests/StatusMenuHostedSubmenuRefreshTests.swift
@@ -0,0 +1,127 @@
+import AppKit
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+@MainActor
+@Suite(.serialized)
+struct StatusMenuHostedSubmenuRefreshTests {
+    @Test
+    func `open parent menu defers data rebuild until next open`() throws {
+        let previousMenuCardRendering = StatusItemController.menuCardRenderingEnabled
+        let previousMenuRefresh = StatusItemController.menuRefreshEnabled
+        StatusItemController.menuCardRenderingEnabled = true
+        StatusItemController.setMenuRefreshEnabledForTesting(false)
+        defer {
+            StatusItemController.menuCardRenderingEnabled = previousMenuCardRendering
+            StatusItemController.setMenuRefreshEnabledForTesting(previousMenuRefresh)
+        }
+
+        let settings = Self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .claude
+        settings.costUsageEnabled = true
+        Self.enableOnlyClaude(settings)
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        Self.seedClaudeSnapshots(in: store)
+
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: .system)
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu()
+        controller.menuWillOpen(menu)
+        let parentKey = ObjectIdentifier(menu)
+        controller.openMenus[parentKey] = menu
+        controller.menuVersions[parentKey] = controller.menuContentVersion
+
+        let costItem = try #require(menu.items.first { ($0.representedObject as? String) == "menuCardCost" })
+        #expect(costItem.view == nil)
+        let submenu = try #require(costItem.submenu)
+        let submenuAction = try #require(costItem.action)
+        #expect(NSStringFromSelector(submenuAction) == "submenuAction:")
+        #expect((costItem.target as? NSMenu) === submenu)
+        #expect(submenu.items.first?.representedObject as? String == StatusItemController.costHistoryChartID)
+        #expect(submenu.minimumWidth >= StatusItemController.menuCardBaseWidth)
+        #expect(submenu.items.first?.view == nil)
+
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        controller.menuWillOpen(submenu)
+        let submenuKey = ObjectIdentifier(submenu)
+        #expect(controller.openMenus[submenuKey] === submenu)
+        #expect(submenu.items.first?.view != nil)
+
+        let oldParentVersion = try #require(controller.menuVersions[parentKey])
+        controller.menuContentVersion &+= 1
+        controller.refreshOpenMenusIfNeeded()
+        #expect(controller.menuVersions[parentKey] == oldParentVersion)
+
+        controller.menuDidClose(submenu)
+        #expect(controller.openMenus[submenuKey] == nil)
+
+        #expect(controller.menuVersions[parentKey] == oldParentVersion)
+        controller.menuDidClose(menu)
+        controller.menuWillOpen(menu)
+        #expect(controller.menuVersions[parentKey] == controller.menuContentVersion)
+    }
+
+    private static func makeSettings() -> SettingsStore {
+        let suite = "StatusMenuHostedSubmenuRefreshTests-\(UUID().uuidString)"
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+    }
+
+    private static func enableOnlyClaude(_ settings: SettingsStore) {
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: false)
+        }
+        if let claudeMeta = registry.metadata[.claude] {
+            settings.setProviderEnabled(provider: .claude, metadata: claudeMeta, enabled: true)
+        }
+    }
+
+    private static func seedClaudeSnapshots(in store: UsageStore) {
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            tertiary: nil,
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: "user@example.com",
+                accountOrganization: nil,
+                loginMethod: "Team"))
+        store._setSnapshotForTesting(snapshot, provider: .claude)
+        store._setTokenSnapshotForTesting(CostUsageTokenSnapshot(
+            sessionTokens: 123,
+            sessionCostUSD: 0.12,
+            last30DaysTokens: 123,
+            last30DaysCostUSD: 1.23,
+            daily: [
+                CostUsageDailyReport.Entry(
+                    date: "2025-12-23",
+                    inputTokens: nil,
+                    outputTokens: nil,
+                    totalTokens: 123,
+                    costUSD: 1.23,
+                    modelsUsed: nil,
+                    modelBreakdowns: nil),
+            ],
+            updatedAt: Date()), provider: .claude)
+    }
+}
diff --git a/Tests/CodexBarTests/StatusMenuLocalizationRefreshTests.swift b/Tests/CodexBarTests/StatusMenuLocalizationRefreshTests.swift
new file mode 100644
index 000000000..4a78b364c
--- /dev/null
+++ b/Tests/CodexBarTests/StatusMenuLocalizationRefreshTests.swift
@@ -0,0 +1,134 @@
+import AppKit
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+@MainActor
+@Suite(.serialized)
+struct StatusMenuLocalizationRefreshTests {
+    @Test
+    func `open merged menu refreshes localized switcher and cost title when language changes`() async {
+        let previousLanguage = UserDefaults.standard.object(forKey: "appLanguage")
+        let previousAppleLanguages = UserDefaults.standard.object(forKey: "AppleLanguages")
+        defer {
+            if let previousLanguage {
+                UserDefaults.standard.set(previousLanguage, forKey: "appLanguage")
+            } else {
+                UserDefaults.standard.removeObject(forKey: "appLanguage")
+            }
+            if let previousAppleLanguages {
+                UserDefaults.standard.set(previousAppleLanguages, forKey: "AppleLanguages")
+            } else {
+                UserDefaults.standard.removeObject(forKey: "AppleLanguages")
+            }
+        }
+
+        Self.disableMenuCardsForTesting()
+        let settings = Self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.switcherShowsIcons = false
+        settings.selectedMenuProvider = .codex
+        settings.costUsageEnabled = true
+
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            guard let metadata = registry.metadata[provider] else { continue }
+            let shouldEnable = provider == .codex || provider == .claude
+            settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: shouldEnable)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        store._setTokenSnapshotForTesting(CostUsageTokenSnapshot(
+            sessionTokens: 123,
+            sessionCostUSD: 0.12,
+            last30DaysTokens: 123,
+            last30DaysCostUSD: 1.23,
+            daily: [
+                CostUsageDailyReport.Entry(
+                    date: "2025-12-23",
+                    inputTokens: nil,
+                    outputTokens: nil,
+                    totalTokens: 123,
+                    costUSD: 1.23,
+                    modelsUsed: nil,
+                    modelBreakdowns: nil),
+            ],
+            updatedAt: Date()), provider: .codex)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: Self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu()
+        CodexBarLocalizationOverride.$appLanguage.withValue("es") {
+            controller.menuWillOpen(menu)
+        }
+        controller.openMenus[ObjectIdentifier(menu)] = menu
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        defer { StatusItemController.resetMenuRefreshEnabledForTesting() }
+
+        #expect(Self.switcherButtons(in: menu).first?.title == "Resumen")
+        #expect(menu.items.first(where: { $0.representedObject as? String == "menuCardCost" })?.title == "Coste")
+
+        let initialSwitcher = menu.items.first?.view as? ProviderSwitcherView
+        let initialSwitcherID = initialSwitcher.map(ObjectIdentifier.init)
+        var rebuildCount = 0
+        controller._test_openMenuRebuildObserver = { _ in
+            rebuildCount += 1
+        }
+        defer { controller._test_openMenuRebuildObserver = nil }
+
+        CodexBarLocalizationOverride.$appLanguage.withValue("en") {
+            settings.appLanguage = "en"
+            controller.handleProviderConfigChange(reason: "appLanguage")
+        }
+
+        for _ in 0..<100 where rebuildCount == 0 {
+            await Task.yield()
+            try? await Task.sleep(for: .milliseconds(10))
+        }
+
+        #expect(rebuildCount == 1)
+        let updatedSwitcher = menu.items.first?.view as? ProviderSwitcherView
+        #expect(Self.switcherButtons(in: menu).first?.title == "Overview")
+        #expect(menu.items.first(where: { $0.representedObject as? String == "menuCardCost" })?.title == "Cost")
+        if let initialSwitcherID, let updatedSwitcher {
+            #expect(initialSwitcherID != ObjectIdentifier(updatedSwitcher))
+        }
+    }
+
+    private static func disableMenuCardsForTesting() {
+        StatusItemController.menuCardRenderingEnabled = false
+        StatusItemController.setMenuRefreshEnabledForTesting(false)
+    }
+
+    private static func makeStatusBarForTesting() -> NSStatusBar {
+        .system
+    }
+
+    private static func makeSettings() -> SettingsStore {
+        let suite = "StatusMenuLocalizationRefreshTests-\(UUID().uuidString)"
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+    }
+
+    private static func switcherButtons(in menu: NSMenu) -> [NSButton] {
+        guard let switcherView = menu.items.first?.view as? ProviderSwitcherView else { return [] }
+        return switcherView.subviews
+            .compactMap { $0 as? NSButton }
+            .sorted { $0.tag < $1.tag }
+    }
+}
diff --git a/Tests/CodexBarTests/StatusMenuOpenRefreshTests.swift b/Tests/CodexBarTests/StatusMenuOpenRefreshTests.swift
new file mode 100644
index 000000000..aeec4c1c8
--- /dev/null
+++ b/Tests/CodexBarTests/StatusMenuOpenRefreshTests.swift
@@ -0,0 +1,198 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+extension StatusMenuTests {
+    @Test
+    func `store observation marks open menu stale without rebuilding during tracking`() async {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+
+        let store = self.makeCodexStore(settings: settings, dashboardAuthorized: false)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: UsageFetcher().loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu()
+        controller.menuWillOpen(menu)
+        let key = ObjectIdentifier(menu)
+        controller.openMenus[key] = menu
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        defer { StatusItemController.resetMenuRefreshEnabledForTesting() }
+
+        let openedVersion = controller.menuVersions[key]
+        var rebuildCount = 0
+        controller._test_openMenuRebuildObserver = { _ in
+            rebuildCount += 1
+        }
+
+        let now = Date()
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(
+                    usedPercent: 33,
+                    windowMinutes: 300,
+                    resetsAt: now.addingTimeInterval(1800),
+                    resetDescription: nil),
+                secondary: nil,
+                tertiary: nil,
+                updatedAt: now,
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "codex@example.com",
+                    accountOrganization: nil,
+                    loginMethod: "Plus Plan")),
+            provider: .codex)
+
+        for _ in 0..<20 where controller.menuContentVersion == openedVersion {
+            await Task.yield()
+        }
+
+        #expect(controller.menuContentVersion != openedVersion)
+        #expect(controller.menuVersions[key] == openedVersion)
+        #expect(rebuildCount == 0)
+    }
+
+    @Test
+    func `explicit store actions refresh a visible open menu`() async {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+
+        let store = self.makeCodexStore(settings: settings, dashboardAuthorized: false)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: UsageFetcher().loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu()
+        controller.menuWillOpen(menu)
+        let key = ObjectIdentifier(menu)
+        controller.openMenus[key] = menu
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        defer { StatusItemController.resetMenuRefreshEnabledForTesting() }
+
+        let openedVersion = controller.menuVersions[key]
+        var rebuildCount = 0
+        controller._test_openMenuRebuildObserver = { _ in
+            rebuildCount += 1
+        }
+        defer { controller._test_openMenuRebuildObserver = nil }
+
+        controller.refreshOpenMenusAfterExplicitStoreAction()
+        for _ in 0..<20 where rebuildCount == 0 {
+            await Task.yield()
+        }
+
+        #expect(controller.menuContentVersion != openedVersion)
+        #expect(rebuildCount == 1)
+        #expect(controller.menuVersions[key] != openedVersion)
+    }
+
+    @Test
+    func `repeated explicit store actions coalesce to one open menu rebuild`() async {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+
+        let store = self.makeCodexStore(settings: settings, dashboardAuthorized: false)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: UsageFetcher().loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu()
+        controller.menuWillOpen(menu)
+        let key = ObjectIdentifier(menu)
+        controller.openMenus[key] = menu
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        defer { StatusItemController.resetMenuRefreshEnabledForTesting() }
+
+        var rebuildCount = 0
+        controller._test_openMenuRebuildObserver = { _ in
+            rebuildCount += 1
+        }
+        defer { controller._test_openMenuRebuildObserver = nil }
+
+        controller.refreshOpenMenusAfterExplicitStoreAction()
+        controller.refreshOpenMenusAfterExplicitStoreAction()
+        controller.refreshOpenMenusAfterExplicitStoreAction()
+
+        for _ in 0..<20 where rebuildCount == 0 {
+            await Task.yield()
+        }
+
+        #expect(rebuildCount == 1)
+        #expect(controller.menuVersions[key] == controller.menuContentVersion)
+    }
+
+    @Test
+    func `plain open menu refresh preserves pending switcher hosted submenu cleanup`() async {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+
+        let store = self.makeCodexStore(settings: settings, dashboardAuthorized: false)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: UsageFetcher().loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu()
+        controller.menuWillOpen(menu)
+        let menuKey = ObjectIdentifier(menu)
+        controller.openMenus[menuKey] = menu
+
+        let submenu = controller.makeHostedSubviewPlaceholderMenu(
+            chartID: StatusItemController.usageBreakdownChartID,
+            provider: .codex)
+        let submenuKey = ObjectIdentifier(submenu)
+        controller.openMenus[submenuKey] = submenu
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        defer { StatusItemController.resetMenuRefreshEnabledForTesting() }
+
+        var rebuildCount = 0
+        controller._test_openMenuRebuildObserver = { _ in
+            rebuildCount += 1
+        }
+        defer { controller._test_openMenuRebuildObserver = nil }
+
+        controller.deferSwitcherMenuRebuildIfStillVisible(menu, provider: .codex)
+        controller.refreshOpenMenuIfStillVisible(menu, provider: .codex)
+
+        for _ in 0..<20 where rebuildCount == 0 {
+            await Task.yield()
+        }
+
+        #expect(controller.openMenus[submenuKey] == nil)
+        #expect(rebuildCount == 1)
+        #expect(controller.menuVersions[menuKey] == controller.menuContentVersion)
+    }
+}
diff --git a/Tests/CodexBarTests/StatusMenuOverviewSubmenuTests.swift b/Tests/CodexBarTests/StatusMenuOverviewSubmenuTests.swift
new file mode 100644
index 000000000..6b90c164e
--- /dev/null
+++ b/Tests/CodexBarTests/StatusMenuOverviewSubmenuTests.swift
@@ -0,0 +1,64 @@
+import AppKit
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+extension StatusMenuTests {
+    @Test
+    func `overview rows expose provider detail submenus`() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .openai
+        settings.mergedMenuLastSelectedWasOverview = true
+
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            guard let metadata = registry.metadata[provider] else { continue }
+            let shouldEnable = provider == .openai || provider == .codex
+            settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: shouldEnable)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let usage = OpenAIAPIUsageSnapshot(
+            daily: [
+                OpenAIAPIUsageSnapshot.DailyBucket(
+                    day: "2023-11-14",
+                    startTime: now,
+                    endTime: now.addingTimeInterval(86400),
+                    costUSD: 9,
+                    requests: 12,
+                    inputTokens: 100,
+                    cachedInputTokens: 0,
+                    outputTokens: 50,
+                    totalTokens: 150,
+                    lineItems: [],
+                    models: []),
+            ],
+            updatedAt: now)
+        store._setSnapshotForTesting(usage.toUsageSnapshot(), provider: .openai)
+
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu()
+        controller.menuWillOpen(menu)
+
+        let openAIRow = try #require(menu.items.first {
+            ($0.representedObject as? String) == "overviewRow-openai"
+        })
+        #expect(openAIRow.submenu?.items.contains {
+            ($0.representedObject as? String) == StatusItemController.costHistoryChartID
+        } == true)
+    }
+}
diff --git a/Tests/CodexBarTests/StatusMenuPersistentRefreshTests.swift b/Tests/CodexBarTests/StatusMenuPersistentRefreshTests.swift
new file mode 100644
index 000000000..dc5208375
--- /dev/null
+++ b/Tests/CodexBarTests/StatusMenuPersistentRefreshTests.swift
@@ -0,0 +1,196 @@
+import AppKit
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+private final class RefreshShortcutRecorder: StatusItemMenuPersistentActionDelegate {
+    var refreshCount = 0
+    var settingsCount = 0
+    var quitCount = 0
+    var navigationDirections: [StatusItemMenuProviderNavigationDirection] = []
+
+    func performPersistentRefreshAction() {
+        self.refreshCount += 1
+    }
+
+    func performPersistentSettingsAction() {
+        self.settingsCount += 1
+    }
+
+    func performPersistentQuitAction() {
+        self.quitCount += 1
+    }
+
+    func performProviderNavigation(_ direction: StatusItemMenuProviderNavigationDirection) {
+        self.navigationDirections.append(direction)
+    }
+}
+
+@MainActor
+private final class UpdateReadyUpdater: UpdaterProviding {
+    var automaticallyChecksForUpdates = false
+    var automaticallyDownloadsUpdates = false
+    let isAvailable = true
+    let unavailableReason: String? = nil
+    let updateStatus = UpdateStatus(isUpdateReady: true)
+
+    func checkForUpdates(_: Any?) {}
+    func installUpdate() {}
+}
+
+@MainActor
+@Suite(.serialized)
+struct StatusMenuPersistentRefreshTests {
+    private func makeSettings() -> SettingsStore {
+        let suite = "StatusMenuPersistentRefreshTests-\(UUID().uuidString)"
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+    }
+
+    private func makeController(
+        settings: SettingsStore,
+        updater: UpdaterProviding = DisabledUpdaterController()) -> StatusItemController
+    {
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        return StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: updater,
+            preferencesSelection: PreferencesSelection(),
+            statusBar: .system)
+    }
+
+    @Test
+    func `refresh menu item is view backed so mouse activation keeps the menu open`() throws {
+        let settings = self.makeSettings()
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+
+        let controller = self.makeController(settings: settings)
+
+        let menu = controller.makeMenu(for: .codex)
+        controller.menuWillOpen(menu)
+
+        let refreshItem = try #require(menu.items.first { $0.title == "Refresh" })
+        #expect(refreshItem.action == nil)
+        #expect(refreshItem.target == nil)
+        #expect(refreshItem.view != nil)
+        #expect(refreshItem.keyEquivalent == "r")
+        #expect(refreshItem.keyEquivalentModifierMask == [.command])
+    }
+
+    @Test
+    func `meta menu actions use the same stable row implementation`() throws {
+        let settings = self.makeSettings()
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+
+        let controller = self.makeController(settings: settings, updater: UpdateReadyUpdater())
+        let menu = controller.makeMenu(for: .codex)
+        controller.menuWillOpen(menu)
+
+        for title in ["Update ready, restart now?", "Refresh", "Settings...", "About CodexBar", "Quit"] {
+            let item = try #require(menu.items.first { $0.title == title })
+            #expect(item.view is PersistentMenuActionItemView)
+            #expect(item.view?.frame.height == PersistentMenuActionItemView.rowHeight)
+            if title == "Refresh" {
+                #expect(item.action == nil)
+                #expect(item.target == nil)
+            } else {
+                #expect(item.action != nil)
+                #expect(item.target === controller)
+            }
+        }
+    }
+
+    @Test
+    func `refresh menu item view keeps fixed metrics while highlighted`() {
+        let views = [
+            PersistentMenuActionItemView(
+                title: "Refresh",
+                systemImageName: "arrow.clockwise",
+                shortcutText: "⌘R",
+                width: 320,
+                onClick: {}),
+            PersistentMenuActionItemView(
+                title: "Settings...",
+                systemImageName: "gearshape",
+                shortcutText: "⌘,",
+                width: 320,
+                onClick: {}),
+            PersistentMenuActionItemView(
+                title: "About CodexBar",
+                systemImageName: "info.circle",
+                shortcutText: nil,
+                width: 320,
+                onClick: {}),
+            PersistentMenuActionItemView(
+                title: "Quit",
+                systemImageName: nil,
+                shortcutText: nil,
+                width: 320,
+                onClick: {}),
+        ]
+
+        for view in views {
+            self.assertStableMetrics(view)
+        }
+    }
+
+    private func assertStableMetrics(_ view: PersistentMenuActionItemView) {
+        #expect(view.frame.height == PersistentMenuActionItemView.rowHeight)
+        #expect(view.intrinsicContentSize.height == PersistentMenuActionItemView.rowHeight)
+        #expect(view.fittingSize.height == PersistentMenuActionItemView.rowHeight)
+
+        view.setFrameSize(NSSize(width: 360, height: 44))
+        #expect(view.frame.width == 360)
+        #expect(view.frame.height == PersistentMenuActionItemView.rowHeight)
+
+        view.setHighlighted(true)
+        #expect(view.frame.height == PersistentMenuActionItemView.rowHeight)
+        #expect(view.intrinsicContentSize.height == PersistentMenuActionItemView.rowHeight)
+        #expect(view.fittingSize.height == PersistentMenuActionItemView.rowHeight)
+
+        view.setHighlighted(false)
+        #expect(view.frame.height == PersistentMenuActionItemView.rowHeight)
+        #expect(view.intrinsicContentSize.height == PersistentMenuActionItemView.rowHeight)
+        #expect(view.fittingSize.height == PersistentMenuActionItemView.rowHeight)
+    }
+
+    @Test
+    func `status item menu intercepts persistent shortcuts without native item selection`() throws {
+        let menu = StatusItemMenu()
+        let recorder = RefreshShortcutRecorder()
+        menu.persistentActionDelegate = recorder
+
+        #expect(try menu.performKeyEquivalent(with: self.keyEvent("r", keyCode: 15)) == true)
+        #expect(try menu.performKeyEquivalent(with: self.keyEvent(",", keyCode: 43)) == true)
+        #expect(try menu.performKeyEquivalent(with: self.keyEvent("q", keyCode: 12)) == true)
+
+        #expect(recorder.refreshCount == 1)
+        #expect(recorder.settingsCount == 1)
+        #expect(recorder.quitCount == 1)
+    }
+
+    private func keyEvent(_ characters: String, keyCode: UInt16) throws -> NSEvent {
+        try #require(NSEvent.keyEvent(
+            with: .keyDown,
+            location: .zero,
+            modifierFlags: [.command],
+            timestamp: 0,
+            windowNumber: 0,
+            context: nil,
+            characters: characters,
+            charactersIgnoringModifiers: characters,
+            isARepeat: false,
+            keyCode: keyCode))
+    }
+}
diff --git a/Tests/CodexBarTests/StatusMenuSwitcherClickTests.swift b/Tests/CodexBarTests/StatusMenuSwitcherClickTests.swift
new file mode 100644
index 000000000..9fe93b78d
--- /dev/null
+++ b/Tests/CodexBarTests/StatusMenuSwitcherClickTests.swift
@@ -0,0 +1,655 @@
+import AppKit
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+@MainActor
+@Suite(.serialized)
+struct StatusMenuSwitcherClickTests {
+    private func makeStatusBarForTesting() -> NSStatusBar {
+        // Use the real system status bar in tests. Creating standalone NSStatusBar instances
+        // has caused AppKit teardown crashes under swiftpm-testing-helper.
+        .system
+    }
+
+    private func makeSettings() -> SettingsStore {
+        let suite = "StatusMenuSwitcherClickTests-\(UUID().uuidString)"
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+    }
+
+    private func makeInstalledSwitcherShortcutMonitor() -> (controller: StatusItemController, menu: StatusItemMenu) {
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            guard let metadata = registry.metadata[provider] else { continue }
+            let shouldEnable = provider == .codex || provider == .claude
+            settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: shouldEnable)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let menu = StatusItemMenu()
+        let switcher = ProviderSwitcherView(
+            providers: [.codex, .claude],
+            selected: .provider(.codex),
+            includesOverview: true,
+            width: 320,
+            showsIcons: false,
+            iconProvider: { _ in NSImage() },
+            weeklyRemainingProvider: { _ in nil },
+            onSelect: { _ in })
+        let switcherItem = NSMenuItem()
+        switcherItem.view = switcher
+        menu.addItem(switcherItem)
+        menu.addItem(.separator())
+
+        controller.installProviderSwitcherShortcutMonitorIfNeeded(for: menu)
+        return (controller, menu)
+    }
+
+    @Test
+    func `merged switcher routes runtime clicks after overview round-trip`() throws {
+        // Regression test for #867: after Provider → Overview, subsequent runtime clicks on a
+        // sub-provider tab dropped through NSButton's tracking and never updated state.
+        let previousMenuCardRendering = StatusItemController.menuCardRenderingEnabled
+        let previousMenuRefresh = StatusItemController.menuRefreshEnabled
+        StatusItemController.menuCardRenderingEnabled = false
+        StatusItemController.setMenuRefreshEnabledForTesting(false)
+        defer {
+            StatusItemController.menuCardRenderingEnabled = previousMenuCardRendering
+            StatusItemController.setMenuRefreshEnabledForTesting(previousMenuRefresh)
+        }
+
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .claude
+        settings.mergedMenuLastSelectedWasOverview = false
+
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            guard let metadata = registry.metadata[provider] else { continue }
+            let shouldEnable = provider == .codex || provider == .claude
+            settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: shouldEnable)
+        }
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let menu = controller.makeMenu()
+        controller.menuWillOpen(menu)
+
+        // Step 1: provider → Overview via the runtime click path.
+        let switcher1 = try #require(menu.items.first?.view as? ProviderSwitcherView)
+        #expect(switcher1._test_simulateRuntimeClick(buttonTag: 0))
+        #expect(settings.mergedMenuLastSelectedWasOverview == true)
+
+        // Step 2: Overview → provider via the runtime click path. Tag 2 is the second provider
+        // (claude) since tag 0 is Overview and tag 1 is the first provider.
+        let switcher2 = try #require(menu.items.first?.view as? ProviderSwitcherView)
+        #expect(switcher2._test_simulateRuntimeClick(buttonTag: 2))
+        #expect(settings.mergedMenuLastSelectedWasOverview == false)
+        #expect(settings.selectedMenuProvider == .claude)
+
+        // Step 3: provider → Overview again.
+        let switcher3 = try #require(menu.items.first?.view as? ProviderSwitcherView)
+        #expect(switcher3._test_simulateRuntimeClick(buttonTag: 0))
+        #expect(settings.mergedMenuLastSelectedWasOverview == true)
+
+        // Step 4: Overview → other provider. This is the click that previously got dropped.
+        let switcher4 = try #require(menu.items.first?.view as? ProviderSwitcherView)
+        #expect(switcher4._test_simulateRuntimeClick(buttonTag: 1))
+        #expect(settings.mergedMenuLastSelectedWasOverview == false)
+        #expect(settings.selectedMenuProvider == .codex)
+    }
+
+    @Test
+    func `merged switcher switches provider while overview chart submenu is open`() async throws {
+        let previousMenuCardRendering = StatusItemController.menuCardRenderingEnabled
+        let previousMenuRefresh = StatusItemController.menuRefreshEnabled
+        StatusItemController.menuCardRenderingEnabled = false
+        StatusItemController.setMenuRefreshEnabledForTesting(false)
+        defer {
+            StatusItemController.menuCardRenderingEnabled = previousMenuCardRendering
+            StatusItemController.setMenuRefreshEnabledForTesting(previousMenuRefresh)
+        }
+
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .openai
+        settings.mergedMenuLastSelectedWasOverview = true
+
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            guard let metadata = registry.metadata[provider] else { continue }
+            let shouldEnable = provider == .openai || provider == .claude
+            settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: shouldEnable)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let usage = OpenAIAPIUsageSnapshot(
+            daily: [
+                OpenAIAPIUsageSnapshot.DailyBucket(
+                    day: "2023-11-14",
+                    startTime: now,
+                    endTime: now.addingTimeInterval(86400),
+                    costUSD: 9,
+                    requests: 12,
+                    inputTokens: 100,
+                    cachedInputTokens: 0,
+                    outputTokens: 50,
+                    totalTokens: 150,
+                    lineItems: [],
+                    models: []),
+            ],
+            updatedAt: now)
+        store._setSnapshotForTesting(usage.toUsageSnapshot(), provider: .openai)
+
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu()
+        controller.menuWillOpen(menu)
+        controller.openMenus[ObjectIdentifier(menu)] = menu
+
+        let openAIRow = try #require(menu.items.first {
+            ($0.representedObject as? String) == "overviewRow-openai"
+        })
+        let submenu = try #require(openAIRow.submenu)
+        controller.openMenus[ObjectIdentifier(submenu)] = submenu
+
+        var rebuildCount = 0
+        controller._test_openMenuRebuildObserver = { _ in
+            rebuildCount += 1
+        }
+        defer { controller._test_openMenuRebuildObserver = nil }
+
+        let switcher = try #require(menu.items.first?.view as? ProviderSwitcherView)
+        #expect(switcher._test_simulateRuntimeClick(buttonTag: 2))
+        for _ in 0..<100 where rebuildCount == 0 {
+            await Task.yield()
+            try? await Task.sleep(for: .milliseconds(10))
+        }
+
+        #expect(settings.mergedMenuLastSelectedWasOverview == false)
+        #expect(settings.selectedMenuProvider == .claude)
+        #expect(rebuildCount == 1)
+        #expect(controller.openMenus[ObjectIdentifier(submenu)] == nil)
+
+        let ids = menu.items.compactMap { $0.representedObject as? String }
+        #expect(ids.contains("menuCard"))
+        #expect(ids.contains(where: { $0.hasPrefix("overviewRow-") }) == false)
+    }
+
+    @Test
+    func `merged switcher handles left and right arrow keyboard navigation`() async throws {
+        let previousMenuCardRendering = StatusItemController.menuCardRenderingEnabled
+        let previousMenuRefresh = StatusItemController.menuRefreshEnabled
+        StatusItemController.menuCardRenderingEnabled = false
+        StatusItemController.setMenuRefreshEnabledForTesting(false)
+        defer {
+            StatusItemController.menuCardRenderingEnabled = previousMenuCardRendering
+            StatusItemController.setMenuRefreshEnabledForTesting(previousMenuRefresh)
+        }
+
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .codex
+        settings.mergedMenuLastSelectedWasOverview = false
+
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            guard let metadata = registry.metadata[provider] else { continue }
+            let shouldEnable = provider == .codex || provider == .claude
+            settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: shouldEnable)
+        }
+        settings.setMergedOverviewProviderSelection(
+            provider: .codex,
+            isSelected: false,
+            activeProviders: [.codex, .claude])
+        settings.setMergedOverviewProviderSelection(
+            provider: .claude,
+            isSelected: false,
+            activeProviders: [.codex, .claude])
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let menu = try #require(controller.makeMenu() as? StatusItemMenu)
+        controller.menuWillOpen(menu)
+        #expect(menu.items.first?.view is ProviderSwitcherView)
+
+        #expect(try menu.performKeyEquivalent(with: Self.arrowKeyEvent(keyCode: 124)) == true)
+        await Task.yield()
+        #expect(settings.mergedMenuLastSelectedWasOverview == false)
+        #expect(settings.selectedMenuProvider == .claude)
+
+        #expect(try menu.performKeyEquivalent(with: Self.arrowKeyEvent(keyCode: 123)) == true)
+        await Task.yield()
+        #expect(settings.mergedMenuLastSelectedWasOverview == false)
+        #expect(settings.selectedMenuProvider == .codex)
+    }
+
+    @Test
+    func `merged switcher handles command number shortcuts in visible order`() async throws {
+        let previousMenuCardRendering = StatusItemController.menuCardRenderingEnabled
+        let previousMenuRefresh = StatusItemController.menuRefreshEnabled
+        StatusItemController.menuCardRenderingEnabled = false
+        StatusItemController.setMenuRefreshEnabledForTesting(false)
+        defer {
+            StatusItemController.menuCardRenderingEnabled = previousMenuCardRendering
+            StatusItemController.setMenuRefreshEnabledForTesting(previousMenuRefresh)
+        }
+
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .codex
+        settings.mergedMenuLastSelectedWasOverview = false
+
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            guard let metadata = registry.metadata[provider] else { continue }
+            let shouldEnable = provider == .codex || provider == .claude || provider == .cursor
+            settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: shouldEnable)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = try #require(controller.makeMenu() as? StatusItemMenu)
+        controller.menuWillOpen(menu)
+        #expect(menu.items.first?.view is ProviderSwitcherView)
+
+        #expect(try controller.handleProviderSwitcherShortcut(Self.commandKeyEvent("3", keyCode: 20), menu: menu))
+        await Task.yield()
+        #expect(settings.mergedMenuLastSelectedWasOverview == false)
+        #expect(settings.selectedMenuProvider == .claude)
+
+        #expect(try controller.handleProviderSwitcherShortcut(Self.commandKeyEvent("1", keyCode: 18), menu: menu))
+        await Task.yield()
+        #expect(settings.mergedMenuLastSelectedWasOverview == true)
+        #expect(settings.selectedMenuProvider == .claude)
+
+        #expect(try !controller.handleProviderSwitcherShortcut(Self.commandKeyEvent("9", keyCode: 25), menu: menu))
+        await Task.yield()
+        #expect(settings.mergedMenuLastSelectedWasOverview == true)
+        #expect(settings.selectedMenuProvider == .claude)
+    }
+
+    @Test
+    func `provider shortcut monitor is removed when tracked menu closes after switcher rebuild`() {
+        let previousMenuRefresh = StatusItemController.menuRefreshEnabled
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        defer {
+            StatusItemController.setMenuRefreshEnabledForTesting(previousMenuRefresh)
+        }
+
+        let (controller, menu) = self.makeInstalledSwitcherShortcutMonitor()
+        defer { controller.releaseStatusItemsForTesting() }
+
+        #expect(controller.providerSwitcherShortcutEventMonitor != nil)
+        #expect(controller.providerSwitcherShortcutMenuID == ObjectIdentifier(menu))
+
+        menu.removeAllItems()
+        controller.menuDidClose(menu)
+
+        #expect(controller.providerSwitcherShortcutEventMonitor == nil)
+        #expect(controller.providerSwitcherShortcutMenuID == nil)
+    }
+
+    @Test
+    func `switcher shortcut monitor is removed from direct close cleanup`() {
+        let previousMenuRefresh = StatusItemController.menuRefreshEnabled
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        defer {
+            StatusItemController.setMenuRefreshEnabledForTesting(previousMenuRefresh)
+        }
+
+        let (controller, menu) = self.makeInstalledSwitcherShortcutMonitor()
+        defer { controller.releaseStatusItemsForTesting() }
+
+        #expect(controller.providerSwitcherShortcutEventMonitor != nil)
+        #expect(controller.providerSwitcherShortcutMenuID == ObjectIdentifier(menu))
+
+        controller.forgetClosedMenu(menu)
+
+        #expect(controller.providerSwitcherShortcutEventMonitor == nil)
+        #expect(controller.providerSwitcherShortcutMenuID == nil)
+    }
+
+    @Test
+    func `switcher hover styling keeps layout stable`() {
+        let view = ProviderSwitcherView(
+            providers: [.codex, .claude, .cursor, .factory, .zai, .minimax, .alibaba],
+            selected: .provider(.codex),
+            includesOverview: true,
+            width: 300,
+            showsIcons: true,
+            iconProvider: { _ in NSImage(size: NSSize(width: 16, height: 16)) },
+            weeklyRemainingProvider: { _ in nil },
+            onSelect: { _ in })
+
+        let initialSize = view.intrinsicContentSize
+        let initialFrames = view._test_buttonFrames()
+
+        view._test_setHoveredButtonTag(3)
+        view._test_setHoveredButtonTag(6)
+        view._test_setHoveredButtonTag(nil as Int?)
+
+        #expect(view.intrinsicContentSize == initialSize)
+        #expect(view._test_buttonFrames() == initialFrames)
+    }
+
+    @Test
+    func `switcher quota indicator preserves remaining percentage`() throws {
+        let view = ProviderSwitcherView(
+            providers: [.claude, .grok],
+            selected: .provider(.claude),
+            includesOverview: false,
+            width: 180,
+            showsIcons: true,
+            iconProvider: { _ in NSImage(size: NSSize(width: 16, height: 16)) },
+            weeklyRemainingProvider: { provider in
+                switch provider {
+                case .claude:
+                    5
+                case .grok:
+                    95
+                default:
+                    nil
+                }
+            },
+            onSelect: { _ in })
+
+        let fillRatios = view._test_quotaIndicatorFillRatios()
+        #expect(fillRatios.count == 2)
+        let lowRemainingRatio = try #require(fillRatios.first)
+        let highRemainingRatio = try #require(fillRatios.last)
+        #expect(lowRemainingRatio < highRemainingRatio)
+    }
+
+    @Test
+    func `switcher quota indicator refresh updates fill ratios`() throws {
+        var claudeRemaining = 5.0
+        var grokRemaining = 95.0
+        let view = ProviderSwitcherView(
+            providers: [.claude, .grok],
+            selected: .provider(.claude),
+            includesOverview: false,
+            width: 180,
+            showsIcons: true,
+            iconProvider: { _ in NSImage(size: NSSize(width: 16, height: 16)) },
+            weeklyRemainingProvider: { provider in
+                switch provider {
+                case .claude:
+                    claudeRemaining
+                case .grok:
+                    grokRemaining
+                default:
+                    nil
+                }
+            },
+            onSelect: { _ in })
+
+        let initialRatios = view._test_quotaIndicatorFillRatios()
+        let initialLow = try #require(initialRatios.first)
+        let initialHigh = try #require(initialRatios.last)
+
+        claudeRemaining = 80
+        grokRemaining = 12
+        view.updateQuotaIndicators()
+
+        let updatedRatios = view._test_quotaIndicatorFillRatios()
+        let updatedLow = try #require(updatedRatios.first)
+        let updatedHigh = try #require(updatedRatios.last)
+        #expect(updatedLow > initialLow)
+        #expect(updatedHigh < initialHigh)
+    }
+
+    @Test
+    func `switcher quota indicator renders zero remaining empty`() {
+        var grokRemaining = 50.0
+        let view = ProviderSwitcherView(
+            providers: [.claude, .grok],
+            selected: .provider(.claude),
+            includesOverview: false,
+            width: 180,
+            showsIcons: true,
+            iconProvider: { _ in NSImage(size: NSSize(width: 16, height: 16)) },
+            weeklyRemainingProvider: { provider in
+                switch provider {
+                case .claude:
+                    100
+                case .grok:
+                    grokRemaining
+                default:
+                    nil
+                }
+            },
+            onSelect: { _ in })
+
+        grokRemaining = 0
+        view.updateQuotaIndicators()
+        view.updateConstraintsForSubtreeIfNeeded()
+        view.layoutSubtreeIfNeeded()
+
+        let fillRatios = view._test_quotaIndicatorFillRatios()
+        let fillFrames = view._test_quotaIndicatorFillFrames()
+        #expect(fillRatios.last == 0)
+        #expect(fillFrames.last?.width == 0)
+    }
+
+    @Test
+    func `switcher quota indicator disappears when remaining becomes unavailable`() throws {
+        var grokRemaining: Double? = 50
+        let noQuotaView = ProviderSwitcherView(
+            providers: [.claude, .grok],
+            selected: .provider(.claude),
+            includesOverview: false,
+            width: 180,
+            showsIcons: true,
+            iconProvider: { _ in NSImage(size: NSSize(width: 16, height: 16)) },
+            weeklyRemainingProvider: { _ in nil },
+            onSelect: { _ in })
+        let view = ProviderSwitcherView(
+            providers: [.claude, .grok],
+            selected: .provider(.claude),
+            includesOverview: false,
+            width: 180,
+            showsIcons: true,
+            iconProvider: { _ in NSImage(size: NSSize(width: 16, height: 16)) },
+            weeklyRemainingProvider: { provider in
+                switch provider {
+                case .claude:
+                    100
+                case .grok:
+                    grokRemaining
+                default:
+                    nil
+                }
+            },
+            onSelect: { _ in })
+        #expect(view._test_quotaIndicatorFillRatios().count == 2)
+        let noQuotaHeight = try #require(noQuotaView._test_buttonFittingSizes().last?.height)
+        let quotaHeight = try #require(view._test_buttonFittingSizes().last?.height)
+        #expect(quotaHeight > noQuotaHeight)
+
+        grokRemaining = nil
+        view.updateQuotaIndicators()
+
+        #expect(view._test_quotaIndicatorFillRatios().count == 1)
+        let removedQuotaHeight = try #require(view._test_buttonFittingSizes().last?.height)
+        #expect(removedQuotaHeight == noQuotaHeight)
+    }
+
+    @Test
+    func `text only switcher quota bars reserve title space`() throws {
+        let providers: [UsageProvider] = [.claude, .grok]
+        let textOnlyWithoutQuota = ProviderSwitcherView(
+            providers: providers,
+            selected: .provider(.claude),
+            includesOverview: false,
+            width: 180,
+            showsIcons: false,
+            iconProvider: { _ in NSImage(size: NSSize(width: 16, height: 16)) },
+            weeklyRemainingProvider: { _ in nil },
+            onSelect: { _ in })
+        let textOnlyWithQuota = ProviderSwitcherView(
+            providers: providers,
+            selected: .provider(.claude),
+            includesOverview: false,
+            width: 180,
+            showsIcons: false,
+            iconProvider: { _ in NSImage(size: NSSize(width: 16, height: 16)) },
+            weeklyRemainingProvider: { _ in 50 },
+            onSelect: { _ in })
+
+        let withoutQuotaHeight = try #require(textOnlyWithoutQuota._test_buttonFittingSizes().first?.height)
+        let withQuotaHeight = try #require(textOnlyWithQuota._test_buttonFittingSizes().first?.height)
+        #expect(withQuotaHeight > withoutQuotaHeight)
+    }
+
+    @Test
+    func `multi row switcher quota bars stay inside bounds`() {
+        let view = ProviderSwitcherView(
+            providers: [.codex, .claude, .cursor, .factory, .zai, .minimax, .alibaba],
+            selected: .provider(.codex),
+            includesOverview: true,
+            width: 300,
+            showsIcons: true,
+            iconProvider: { _ in NSImage(size: NSSize(width: 16, height: 16)) },
+            weeklyRemainingProvider: { _ in 50 },
+            onSelect: { _ in })
+        view.updateConstraintsForSubtreeIfNeeded()
+        view.layoutSubtreeIfNeeded()
+
+        for frame in view._test_buttonFrames() {
+            #expect(frame.minY >= 0)
+            #expect(frame.maxY <= view.bounds.maxY)
+        }
+    }
+
+    private static func arrowKeyEvent(keyCode: UInt16) throws -> NSEvent {
+        try #require(NSEvent.keyEvent(
+            with: .keyDown,
+            location: .zero,
+            modifierFlags: [],
+            timestamp: 0,
+            windowNumber: 0,
+            context: nil,
+            characters: "",
+            charactersIgnoringModifiers: "",
+            isARepeat: false,
+            keyCode: keyCode))
+    }
+
+    private static func commandKeyEvent(_ characters: String, keyCode: UInt16) throws -> NSEvent {
+        try #require(NSEvent.keyEvent(
+            with: .keyDown,
+            location: .zero,
+            modifierFlags: [.command],
+            timestamp: 0,
+            windowNumber: 0,
+            context: nil,
+            characters: characters,
+            charactersIgnoringModifiers: characters,
+            isARepeat: false,
+            keyCode: keyCode))
+    }
+
+    @Test
+    func `multi-row switcher uses compact height and stays inside bounds`() {
+        // 14 providers + Overview forces the four-row path and includes multi-word titles.
+        let view = ProviderSwitcherView(
+            providers: [
+                .codex,
+                .claude,
+                .cursor,
+                .factory,
+                .zai,
+                .minimax,
+                .alibaba,
+                .opencodego,
+                .grok,
+                .groq,
+                .gemini,
+                .openrouter,
+                .perplexity,
+                .kiro,
+            ],
+            selected: .provider(.codex),
+            includesOverview: true,
+            width: 300,
+            showsIcons: true,
+            iconProvider: { _ in NSImage(size: NSSize(width: 16, height: 16)) },
+            weeklyRemainingProvider: { _ in 50 },
+            onSelect: { _ in })
+        view.updateConstraintsForSubtreeIfNeeded()
+        view.layoutSubtreeIfNeeded()
+
+        // All buttons must stay within switcher bounds (no vertical overflow).
+        for frame in view._test_buttonFrames() {
+            #expect(frame.minY >= 0)
+            #expect(frame.maxY <= view.bounds.maxY)
+        }
+
+        #expect(view._test_rowCount() == 4)
+        #expect(view._test_rowHeight() == 44)
+        #expect(view.bounds.height == 188)
+    }
+}
diff --git a/Tests/CodexBarTests/StatusMenuSwitcherRefreshTests.swift b/Tests/CodexBarTests/StatusMenuSwitcherRefreshTests.swift
new file mode 100644
index 000000000..4d71f58e1
--- /dev/null
+++ b/Tests/CodexBarTests/StatusMenuSwitcherRefreshTests.swift
@@ -0,0 +1,103 @@
+import AppKit
+import CodexBarCore
+import Testing
+@testable import CodexBar
+
+@MainActor
+@Suite(.serialized)
+struct StatusMenuSwitcherRefreshTests {
+    @Test
+    func `merged provider switch rebuilds stale width switcher rows`() async throws {
+        let previousMenuCardRendering = StatusItemController.menuCardRenderingEnabled
+        StatusItemController.menuCardRenderingEnabled = false
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        defer {
+            StatusItemController.menuCardRenderingEnabled = previousMenuCardRendering
+            StatusItemController.resetMenuRefreshEnabledForTesting()
+        }
+
+        let settings = Self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .codex
+        Self.enableCodexAndClaude(settings)
+
+        let activeProviders: [UsageProvider] = [.codex, .claude]
+        _ = settings.setMergedOverviewProviderSelection(
+            provider: .codex,
+            isSelected: false,
+            activeProviders: activeProviders)
+        _ = settings.setMergedOverviewProviderSelection(
+            provider: .claude,
+            isSelected: false,
+            activeProviders: activeProviders)
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        store.isRefreshing = true
+        defer { store.isRefreshing = false }
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: .system)
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu()
+        controller.menuWillOpen(menu)
+        #expect(controller.openMenus[ObjectIdentifier(menu)] === menu)
+
+        let initialSwitcher = try #require(menu.items.first?.view as? ProviderSwitcherView)
+        initialSwitcher.frame.size.width = 250
+
+        var rebuildCount = 0
+        controller._test_openMenuRebuildObserver = { _ in
+            rebuildCount += 1
+        }
+        defer { controller._test_openMenuRebuildObserver = nil }
+
+        let nextProviderButton = try #require(Self.switcherButtons(in: menu).first { $0.state == .off })
+        #expect(initialSwitcher._test_simulateRuntimeClick(buttonTag: nextProviderButton.tag) == true)
+
+        for _ in 0..<100 where rebuildCount == 0 {
+            await Task.yield()
+            try? await Task.sleep(for: .milliseconds(10))
+        }
+
+        #expect(rebuildCount == 1)
+        let updatedSwitcher = try #require(menu.items.first?.view as? ProviderSwitcherView)
+        #expect(updatedSwitcher.frame.width == 310)
+        #expect(Self.switcherButtons(in: menu).first { $0.tag == nextProviderButton.tag }?.state == .on)
+    }
+
+    private static func makeSettings() -> SettingsStore {
+        let suite = "StatusMenuSwitcherRefreshTests-\(UUID().uuidString)"
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        defaults.set(true, forKey: "providerDetectionCompleted")
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+    }
+
+    private static func enableCodexAndClaude(_ settings: SettingsStore) {
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            guard let metadata = registry.metadata[provider] else { continue }
+            let shouldEnable = provider == .codex || provider == .claude
+            settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: shouldEnable)
+        }
+    }
+
+    private static func switcherButtons(in menu: NSMenu) -> [NSButton] {
+        guard let switcherView = menu.items.first?.view as? ProviderSwitcherView else { return [] }
+        return switcherView.subviews
+            .compactMap { $0 as? NSButton }
+            .sorted { $0.tag < $1.tag }
+    }
+}
diff --git a/Tests/CodexBarTests/StatusMenuTests.swift b/Tests/CodexBarTests/StatusMenuTests.swift
index 3f04c3ff7..cd4e5e913 100644
--- a/Tests/CodexBarTests/StatusMenuTests.swift
+++ b/Tests/CodexBarTests/StatusMenuTests.swift
@@ -4,22 +4,20 @@ import Testing
 @testable import CodexBar
 
 @MainActor
-@Suite
+@Suite(.serialized)
 struct StatusMenuTests {
-    private func disableMenuCardsForTesting() {
+    func disableMenuCardsForTesting() {
         StatusItemController.menuCardRenderingEnabled = false
-        StatusItemController.menuRefreshEnabled = false
+        StatusItemController.setMenuRefreshEnabledForTesting(false)
     }
 
-    private func makeStatusBarForTesting() -> NSStatusBar {
-        let env = ProcessInfo.processInfo.environment
-        if env["GITHUB_ACTIONS"] == "true" || env["CI"] == "true" {
-            return .system
-        }
-        return NSStatusBar()
+    func makeStatusBarForTesting() -> NSStatusBar {
+        // Use the real system status bar in tests. Creating standalone NSStatusBar instances
+        // has caused AppKit teardown crashes under swiftpm-testing-helper.
+        .system
     }
 
-    private func makeSettings() -> SettingsStore {
+    func makeSettings() -> SettingsStore {
         let suite = "StatusMenuTests-\(UUID().uuidString)"
         let defaults = UserDefaults(suiteName: suite)!
         defaults.removePersistentDomain(forName: suite)
@@ -31,6 +29,44 @@ struct StatusMenuTests {
             syntheticTokenStore: NoopSyntheticTokenStore())
     }
 
+    func makeCodexStore(settings: SettingsStore, dashboardAuthorized: Bool) -> UsageStore {
+        let now = Date()
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(
+                    usedPercent: 22,
+                    windowMinutes: 300,
+                    resetsAt: now.addingTimeInterval(1800),
+                    resetDescription: nil),
+                secondary: nil,
+                tertiary: nil,
+                updatedAt: now,
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "codex@example.com",
+                    accountOrganization: nil,
+                    loginMethod: "Plus Plan")),
+            provider: .codex)
+        store.openAIDashboard = OpenAIDashboardSnapshot(
+            signedInEmail: "other@example.com",
+            codeReviewRemainingPercent: 88,
+            codeReviewLimit: RateWindow(
+                usedPercent: 12,
+                windowMinutes: nil,
+                resetsAt: now.addingTimeInterval(3600),
+                resetDescription: nil),
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            updatedAt: now)
+        store.openAIDashboardAttachmentAuthorized = dashboardAuthorized
+        store.openAIDashboardRequiresLogin = false
+        return store
+    }
+
     private func switcherButtons(in menu: NSMenu) -> [NSButton] {
         guard let switcherView = menu.items.first?.view as? ProviderSwitcherView else { return [] }
         return switcherView.subviews
@@ -43,7 +79,93 @@ struct StatusMenuTests {
     }
 
     @Test
-    func remembersProviderWhenMenuOpens() {
+    func `alibaba dashboard action follows selected region`() {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.providerDetectionCompleted = true
+        settings.alibabaCodingPlanAPIRegion = .chinaMainland
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        #expect(controller.dashboardURL(for: .alibaba) == AlibabaCodingPlanAPIRegion.chinaMainland.dashboardURL)
+    }
+
+    @Test
+    func `opencode go dashboard action follows configured workspace`() {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.opencodegoWorkspaceID = "https://opencode.ai/workspace/wrk_abc123/go"
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        #expect(controller.dashboardURL(for: .opencodego)?
+            .absoluteString == "https://opencode.ai/workspace/wrk_abc123/go")
+    }
+
+    @Test
+    func `claude subscription dashboard action opens usage page`() {
+        for plan in ["Claude Pro", "Claude Team"] {
+            self.disableMenuCardsForTesting()
+            let settings = self.makeSettings()
+            settings.statusChecksEnabled = false
+            settings.refreshFrequency = .manual
+
+            let fetcher = UsageFetcher()
+            let store = UsageStore(
+                fetcher: fetcher,
+                browserDetection: BrowserDetection(cacheTTL: 0),
+                settings: settings)
+            store._setSnapshotForTesting(
+                UsageSnapshot(
+                    primary: RateWindow(
+                        usedPercent: 12,
+                        windowMinutes: 300,
+                        resetsAt: nil,
+                        resetDescription: nil),
+                    secondary: nil,
+                    tertiary: nil,
+                    updatedAt: Date(),
+                    identity: ProviderIdentitySnapshot(
+                        providerID: .claude,
+                        accountEmail: nil,
+                        accountOrganization: nil,
+                        loginMethod: plan)),
+                provider: .claude)
+            let controller = StatusItemController(
+                store: store,
+                settings: settings,
+                account: fetcher.loadAccountInfo(),
+                updater: DisabledUpdaterController(),
+                preferencesSelection: PreferencesSelection(),
+                statusBar: self.makeStatusBarForTesting())
+
+            #expect(controller.dashboardURL(for: .claude)?.absoluteString == "https://claude.ai/settings/usage")
+        }
+    }
+
+    @Test
+    func `remembers provider when menu opens`() {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
@@ -70,6 +192,7 @@ struct StatusMenuTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         let claudeMenu = controller.makeMenu()
         controller.menuWillOpen(claudeMenu)
@@ -87,7 +210,7 @@ struct StatusMenuTests {
     }
 
     @Test
-    func mergedMenuOpenDoesNotPersistResolvedProviderWhenSelectionIsNil() {
+    func `merged menu open does not persist resolved provider when selection is nil`() {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
@@ -96,16 +219,12 @@ struct StatusMenuTests {
         settings.selectedMenuProvider = nil
 
         let registry = ProviderRegistry.shared
-        var enabledProviders: [UsageProvider] = []
+        let selectedProviders: Set<UsageProvider> = [.codex, .claude]
         for provider in UsageProvider.allCases {
             guard let metadata = registry.metadata[provider] else { continue }
-            let shouldEnable = enabledProviders.count < 2
+            let shouldEnable = selectedProviders.contains(provider)
             settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: shouldEnable)
-            if shouldEnable {
-                enabledProviders.append(provider)
-            }
         }
-        #expect(enabledProviders.count == 2)
 
         let fetcher = UsageFetcher()
         let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
@@ -116,6 +235,7 @@ struct StatusMenuTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         let expectedResolved = store.enabledProviders().first ?? .codex
         #expect(store.enabledProviders().count > 1)
@@ -128,13 +248,102 @@ struct StatusMenuTests {
     }
 
     @Test
-    func mergedMenuRefreshUsesResolvedEnabledProviderWhenPersistedSelectionIsDisabled() {
+    func `shortcut closes tracked menu instead of queueing another open`() {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let menu = controller.makeMenu()
+        controller.menuWillOpen(menu)
+        let key = ObjectIdentifier(menu)
+        controller.openMenus[key] = menu
+        #expect(controller.openMenus[key] != nil)
+
+        #expect(controller.closeOpenMenusFromShortcutIfNeeded() == true)
+        #expect(controller.openMenus.isEmpty)
+        #expect(controller.menuRefreshTasks.isEmpty)
+        #expect(controller.closeOpenMenusFromShortcutIfNeeded() == false)
+    }
+
+    @Test
+    func `open menu defers store data refresh until next open`() async {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+
+        let store = self.makeCodexStore(settings: settings, dashboardAuthorized: false)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: UsageFetcher().loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let menu = controller.makeMenu()
+        controller.menuWillOpen(menu)
+        let key = ObjectIdentifier(menu)
+        controller.openMenus[key] = menu
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        defer { StatusItemController.resetMenuRefreshEnabledForTesting() }
+        let openedVersion = controller.menuVersions[key]
+
+        let now = Date()
+        store._setSnapshotForTesting(
+            UsageSnapshot(
+                primary: RateWindow(
+                    usedPercent: 11,
+                    windowMinutes: 300,
+                    resetsAt: now.addingTimeInterval(1800),
+                    resetDescription: nil),
+                secondary: nil,
+                tertiary: nil,
+                updatedAt: now,
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "codex@example.com",
+                    accountOrganization: nil,
+                    loginMethod: "Plus Plan")),
+            provider: .codex)
+
+        for _ in 0..<50 where controller.menuContentVersion == openedVersion {
+            await Task.yield()
+        }
+
+        let staleVersion = controller.menuContentVersion
+        controller.refreshOpenMenusIfNeeded()
+
+        #expect(controller.menuContentVersion != openedVersion)
+        #expect(controller.menuVersions[key] == openedVersion)
+
+        controller.menuDidClose(menu)
+        controller.menuWillOpen(menu)
+        #expect(controller.menuVersions[key] == staleVersion)
+    }
+
+    @Test
+    func `merged menu refresh uses resolved enabled provider when selection is cleared`() {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
         settings.refreshFrequency = .manual
         settings.mergeIcons = true
         settings.selectedMenuProvider = .codex
+        settings.openAIWebAccessEnabled = true
 
         let registry = ProviderRegistry.shared
         if let codexMeta = registry.metadata[.codex] {
@@ -166,6 +375,7 @@ struct StatusMenuTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         let expectedResolved = store.enabledProviders().first ?? .codex
         #expect(store.enabledProviders().count > 1)
@@ -185,7 +395,7 @@ struct StatusMenuTests {
         controller.menuWillOpen(menu)
 
         #expect(controller.lastMenuProvider == expectedResolved)
-        #expect(settings.selectedMenuProvider == .codex)
+        #expect(settings.selectedMenuProvider == nil)
         #expect(hasOpenAIWebSubmenus(menu) == false)
 
         controller.menuContentVersion &+= 1
@@ -195,7 +405,123 @@ struct StatusMenuTests {
     }
 
     @Test
-    func openMergedMenuRebuildsSwitcherWhenUsageBarsModeChanges() {
+    func `delayed menu refresh skips when refresh disabled during delay`() async {
+        StatusItemController.menuCardRenderingEnabled = false
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        StatusItemController.setMenuOpenRefreshDelayForTesting(.milliseconds(50))
+        defer {
+            StatusItemController.resetMenuOpenRefreshDelayForTesting()
+            StatusItemController.resetMenuRefreshEnabledForTesting()
+        }
+
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        var delayedRefreshWakeCount = 0
+
+        await withStatusItemControllerForTesting(
+            store: store,
+            settings: settings,
+            fetcher: fetcher,
+            statusBar: self.makeStatusBarForTesting())
+        { controller in
+            controller.onDelayedMenuRefreshAttemptForTesting = {
+                delayedRefreshWakeCount += 1
+            }
+            let menu = controller.makeMenu()
+            controller.menuWillOpen(menu)
+            StatusItemController.setMenuRefreshEnabledForTesting(false)
+            try? await Task.sleep(for: .milliseconds(180))
+        }
+
+        #expect(delayedRefreshWakeCount == 0)
+    }
+
+    @Test
+    func `login state callbacks do not attach menus after release`() {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        controller.releaseStatusItemsForTesting()
+        #expect(controller.statusItem.menu == nil)
+        #expect(controller.statusItems.isEmpty)
+
+        controller.activeLoginProvider = .codex
+        let loginTask = Task<Void, Never> {}
+        controller.loginTask = loginTask
+        loginTask.cancel()
+        controller.loginTask = nil
+        controller.activeLoginProvider = nil
+
+        #expect(controller.statusItem.menu == nil)
+        #expect(controller.statusItems.isEmpty)
+    }
+
+    @Test
+    func `display only dashboard does not show code review in status menu card`() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+
+        let fetcher = UsageFetcher()
+        let store = self.makeCodexStore(settings: settings, dashboardAuthorized: false)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let model = try #require(controller.menuCardModel(for: .codex))
+        #expect(model.metrics.contains { $0.id == "code-review" } == false)
+    }
+
+    @Test
+    func `display only dashboard does not show code review in providers pane`() {
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+
+        let store = self.makeCodexStore(settings: settings, dashboardAuthorized: false)
+        let pane = ProvidersPane(settings: settings, store: store)
+
+        let model = pane._test_menuCardModel(for: .codex)
+        #expect(model.metrics.contains { $0.id == "code-review" } == false)
+    }
+
+    @Test
+    func `attached dashboard still shows code review in providers pane`() {
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+
+        let store = self.makeCodexStore(settings: settings, dashboardAuthorized: true)
+        let pane = ProvidersPane(settings: settings, store: store)
+
+        let model = pane._test_menuCardModel(for: .codex)
+        #expect(model.metrics.contains { $0.id == "code-review" && $0.percent == 88 })
+    }
+
+    @Test
+    func `open merged menu rebuilds switcher when usage bars mode changes`() async {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
@@ -226,6 +552,9 @@ struct StatusMenuTests {
 
         let menu = controller.makeMenu()
         controller.menuWillOpen(menu)
+        controller.openMenus[ObjectIdentifier(menu)] = menu
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        defer { StatusItemController.resetMenuRefreshEnabledForTesting() }
 
         let initialSwitcher = menu.items.first?.view as? ProviderSwitcherView
         #expect(initialSwitcher != nil)
@@ -233,6 +562,11 @@ struct StatusMenuTests {
 
         settings.usageBarsShowUsed = true
         controller.handleProviderConfigChange(reason: "usageBarsShowUsed")
+        for _ in 0..<20
+            where initialSwitcherID == (menu.items.first?.view as? ProviderSwitcherView).map(ObjectIdentifier.init)
+        {
+            await Task.yield()
+        }
 
         let updatedSwitcher = menu.items.first?.view as? ProviderSwitcherView
         #expect(updatedSwitcher != nil)
@@ -242,7 +576,7 @@ struct StatusMenuTests {
     }
 
     @Test
-    func mergedSwitcherIncludesOverviewTabWhenMultipleProvidersEnabled() {
+    func `merged switcher includes overview tab when multiple providers enabled`() {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
@@ -272,13 +606,13 @@ struct StatusMenuTests {
         controller.menuWillOpen(menu)
 
         let buttons = self.switcherButtons(in: menu)
-        #expect(buttons.count == store.enabledProviders().count + 1)
+        #expect(buttons.count == store.enabledProvidersForDisplay().count + 1)
         #expect(buttons.contains(where: { $0.tag == 0 }))
         #expect(buttons.first(where: { $0.state == .on })?.tag == 2)
     }
 
     @Test
-    func mergedSwitcherOverviewSelectionPersistsWithoutOverwritingProviderSelection() {
+    func `merged switcher overview selection persists without overwriting provider selection`() {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
@@ -323,7 +657,7 @@ struct StatusMenuTests {
     }
 
     @Test
-    func openMenuRebuildsSwitcherWhenOverviewAvailabilityChanges() {
+    func `open menu rebuilds switcher when overview availability changes`() {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
@@ -361,6 +695,9 @@ struct StatusMenuTests {
 
         let menu = controller.makeMenu()
         controller.menuWillOpen(menu)
+        controller.openMenus[ObjectIdentifier(menu)] = menu
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        defer { StatusItemController.resetMenuRefreshEnabledForTesting() }
 
         let initialButtons = self.switcherButtons(in: menu)
         #expect(initialButtons.count == activeProviders.count)
@@ -370,14 +707,15 @@ struct StatusMenuTests {
             isSelected: true,
             activeProviders: activeProviders)
         controller.menuContentVersion &+= 1
-        controller.refreshOpenMenusIfNeeded()
+        controller.menuDidClose(menu)
+        controller.menuWillOpen(menu)
 
         let updatedButtons = self.switcherButtons(in: menu)
         #expect(updatedButtons.count == activeProviders.count + 1)
     }
 
     @Test
-    func overviewTabOmitsContextualProviderActions() {
+    func `overview tab omits contextual provider actions`() {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
@@ -411,13 +749,72 @@ struct StatusMenuTests {
         #expect(!titles.contains("Switch Account..."))
         #expect(!titles.contains("Usage Dashboard"))
         #expect(!titles.contains("Status Page"))
+        #expect(titles.contains("Refresh"))
         #expect(titles.contains("Settings..."))
         #expect(titles.contains("About CodexBar"))
         #expect(titles.contains("Quit"))
+
+        let refreshItem = menu.items.first { $0.title == "Refresh" }
+        #expect(refreshItem != nil)
+        #expect(refreshItem?.keyEquivalent == "r")
+        #expect(refreshItem?.keyEquivalentModifierMask == [.command])
+
+        let settingsItem = menu.items.first { $0.title == "Settings..." }
+        #expect(settingsItem != nil)
+        #expect(settingsItem?.keyEquivalent == ",")
+        #expect(settingsItem?.keyEquivalentModifierMask == [.command])
+
+        let quitItem = menu.items.first { $0.title == "Quit" }
+        #expect(quitItem != nil)
+        #expect(quitItem?.keyEquivalent == "q")
+        #expect(quitItem?.keyEquivalentModifierMask == [.command])
+    }
+}
+
+@MainActor
+extension StatusMenuTests {
+    @Test
+    func `status blurb uses wrapped view-backed menu item`() {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = true
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            guard let metadata = registry.metadata[provider] else { continue }
+            settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: provider == .codex)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let statusText = "An SSL error has occurred and a secure connection to the server cannot be made."
+        store.statuses[.codex] = ProviderStatus(
+            indicator: .critical,
+            description: statusText,
+            updatedAt: nil)
+
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let menu = controller.makeMenu(for: .codex)
+        controller.menuWillOpen(menu)
+
+        let statusItem = menu.items.first(where: { $0.toolTip == statusText })
+        #expect(statusItem != nil)
+        #expect(statusItem?.view != nil)
+        #expect(statusItem?.title.isEmpty == true)
+        #expect(statusItem?.view?.frame.width == 310)
     }
 
     @Test
-    func providerToggleUpdatesStatusItemVisibility() {
+    func `provider toggle updates status item visibility`() {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
@@ -445,6 +842,7 @@ struct StatusMenuTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         #expect(controller.statusItems[.claude]?.isVisible == true)
 
@@ -452,11 +850,56 @@ struct StatusMenuTests {
             settings.setProviderEnabled(provider: .claude, metadata: claudeMeta, enabled: false)
         }
         controller.handleProviderConfigChange(reason: "test")
-        #expect(controller.statusItems[.claude]?.isVisible == false)
+        #expect(controller.statusItems[.claude] == nil)
+    }
+
+    @Test
+    func `provider config changes preserve status item instances`() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.providerDetectionCompleted = true
+
+        let registry = ProviderRegistry.shared
+        try settings.setProviderEnabled(provider: .codex, metadata: #require(registry.metadata[.codex]), enabled: true)
+        try settings.setProviderEnabled(
+            provider: .claude,
+            metadata: #require(registry.metadata[.claude]),
+            enabled: true)
+        try settings.setProviderEnabled(
+            provider: .gemini,
+            metadata: #require(registry.metadata[.gemini]),
+            enabled: false)
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let codexItem = try #require(controller.statusItems[.codex])
+        #expect(!controller.statusItem.autosaveName.hasPrefix("codexbar-"))
+        #expect(!codexItem.autosaveName.hasPrefix("codexbar-"))
+
+        try settings.setProviderEnabled(
+            provider: .gemini,
+            metadata: #require(registry.metadata[.gemini]),
+            enabled: true)
+        controller.handleProviderConfigChange(reason: "test")
+
+        #expect(controller.statusItems[.codex] === codexItem)
+        #expect(controller.statusItems[.codex]?.autosaveName.hasPrefix("codexbar-") == false)
+        #expect(controller.statusItems[.gemini]?.autosaveName.hasPrefix("codexbar-") == false)
     }
 
     @Test
-    func hidesOpenAIWebSubmenusWhenNoHistory() {
+    func `hides open AI web submenus when no history`() {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
@@ -493,6 +936,7 @@ struct StatusMenuTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         let menu = controller.makeMenu()
         controller.menuWillOpen(menu)
@@ -502,7 +946,169 @@ struct StatusMenuTests {
     }
 
     @Test
-    func showsOpenAIWebSubmenusWhenHistoryExists() throws {
+    func `hides open AI web submenus when open AI web extras disabled`() {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .codex
+        settings.openAIWebAccessEnabled = false
+
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        if let claudeMeta = registry.metadata[.claude] {
+            settings.setProviderEnabled(provider: .claude, metadata: claudeMeta, enabled: false)
+        }
+        if let geminiMeta = registry.metadata[.gemini] {
+            settings.setProviderEnabled(provider: .gemini, metadata: geminiMeta, enabled: false)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let event = CreditEvent(date: Date(), service: "CLI", creditsUsed: 1)
+        let breakdown = OpenAIDashboardSnapshot.makeDailyBreakdown(from: [event], maxDays: 30)
+        store.openAIDashboard = OpenAIDashboardSnapshot(
+            signedInEmail: "user@example.com",
+            codeReviewRemainingPercent: 100,
+            creditEvents: [event],
+            dailyBreakdown: breakdown,
+            usageBreakdown: breakdown,
+            creditsPurchaseURL: nil,
+            updatedAt: Date())
+
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let menu = controller.makeMenu()
+        controller.menuWillOpen(menu)
+        let titles = Set(menu.items.map(\.title))
+        #expect(!titles.contains("Credits history"))
+        #expect(!titles.contains("Usage breakdown"))
+    }
+
+    @Test
+    func `hosted chart submenu matches widened parent menu width`() {
+        let previousMenuCardRendering = StatusItemController.menuCardRenderingEnabled
+        let previousMenuRefresh = StatusItemController.menuRefreshEnabled
+        StatusItemController.menuCardRenderingEnabled = true
+        StatusItemController.setMenuRefreshEnabledForTesting(false)
+        defer {
+            StatusItemController.menuCardRenderingEnabled = previousMenuCardRendering
+            StatusItemController.setMenuRefreshEnabledForTesting(previousMenuRefresh)
+        }
+
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let event = CreditEvent(date: Date(), service: "CLI", creditsUsed: 1)
+        let breakdown = OpenAIDashboardSnapshot.makeDailyBreakdown(from: [event], maxDays: 30)
+        store.openAIDashboard = OpenAIDashboardSnapshot(
+            signedInEmail: "user@example.com",
+            codeReviewRemainingPercent: 100,
+            creditEvents: [event],
+            dailyBreakdown: breakdown,
+            usageBreakdown: breakdown,
+            creditsPurchaseURL: nil,
+            updatedAt: Date())
+
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let parentMenu = NSMenu()
+        parentMenu.autoenablesItems = false
+        let wideItem = NSMenuItem(title: String(repeating: "W", count: 60), action: nil, keyEquivalent: "")
+        parentMenu.addItem(wideItem)
+
+        let submenu = controller.makeHostedSubviewPlaceholderMenu(chartID: StatusItemController.usageBreakdownChartID)
+        let submenuItem = NSMenuItem(title: "Usage breakdown", action: nil, keyEquivalent: "")
+        submenuItem.submenu = submenu
+        parentMenu.addItem(submenuItem)
+
+        let parentWidth = ceil(parentMenu.size.width)
+        #expect(parentWidth > 310)
+
+        controller.hydrateHostedSubviewMenuIfNeeded(submenu)
+
+        let chartItem = submenu.items.first
+        #expect(chartItem?.representedObject as? String == StatusItemController.usageBreakdownChartID)
+        #expect(chartItem?.view != nil)
+        #expect(abs((chartItem?.view?.frame.width ?? 0) - parentWidth) <= 0.5)
+    }
+
+    @Test
+    func `hosted storage submenu is height capped and scroll enabled`() {
+        let previousMenuCardRendering = StatusItemController.menuCardRenderingEnabled
+        let previousMenuRefresh = StatusItemController.menuRefreshEnabled
+        StatusItemController.menuCardRenderingEnabled = true
+        StatusItemController.setMenuRefreshEnabledForTesting(false)
+        defer {
+            StatusItemController.menuCardRenderingEnabled = previousMenuCardRendering
+            StatusItemController.setMenuRefreshEnabledForTesting(previousMenuRefresh)
+        }
+
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.providerStorageFootprintsEnabled = true
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let root = "/Users/test/.claude"
+        store.providerStorageFootprints[.claude] = ProviderStorageFootprint(
+            provider: .claude,
+            totalBytes: 1_756_000_000,
+            paths: [root],
+            missingPaths: [],
+            unreadablePaths: [],
+            components: [
+                .init(path: "\(root)/projects", totalBytes: 1_500_000_000),
+                .init(path: "\(root)/file-history", totalBytes: 103_000_000),
+                .init(path: "\(root)/telemetry", totalBytes: 51_000_000),
+                .init(path: "\(root)/plugins", totalBytes: 33_000_000),
+                .init(path: "\(root)/history.jsonl", totalBytes: 3_800_000),
+                .init(path: "\(root)/shell-snapshots", totalBytes: 1_500_000),
+                .init(path: "\(root)/plans", totalBytes: 1_100_000),
+                .init(path: "\(root)/paste-cache", totalBytes: 541_000),
+                .init(path: "\(root)/session-env", totalBytes: 208_000),
+                .init(path: "\(root)/todos", totalBytes: 6700),
+            ],
+            updatedAt: Date(timeIntervalSince1970: 0))
+
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let submenu = NSMenu()
+        let didAppend = controller.appendStorageBreakdownItem(to: submenu, provider: .claude, width: 310)
+
+        #expect(didAppend)
+        let item = submenu.items.first
+        #expect(item?.isEnabled == true)
+        #expect((item?.view?.frame.height ?? 0) <= 620)
+    }
+
+    @Test
+    func `shows open AI web submenus when history exists`() throws {
         self.disableMenuCardsForTesting()
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "StatusMenuTests-history"),
@@ -512,6 +1118,7 @@ struct StatusMenuTests {
         settings.refreshFrequency = .manual
         settings.mergeIcons = true
         settings.selectedMenuProvider = .codex
+        settings.openAIWebAccessEnabled = true
 
         let registry = ProviderRegistry.shared
         if let codexMeta = registry.metadata[.codex] {
@@ -546,6 +1153,8 @@ struct StatusMenuTests {
             usageBreakdown: breakdown,
             creditsPurchaseURL: nil,
             updatedAt: Date())
+        store.openAIDashboardAttachmentAuthorized = true
+        store.openAIDashboardRequiresLogin = false
 
         let controller = StatusItemController(
             store: store,
@@ -554,6 +1163,7 @@ struct StatusMenuTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         let menu = controller.makeMenu()
         controller.menuWillOpen(menu)
@@ -568,7 +1178,60 @@ struct StatusMenuTests {
     }
 
     @Test
-    func showsCreditsBeforeCostInCodexMenuCardSections() throws {
+    func `shows open AI API usage chart submenu without codex web history`() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.selectedMenuProvider = .openai
+
+        let registry = ProviderRegistry.shared
+        let metadata = try #require(registry.metadata[.openai])
+        settings.setProviderEnabled(provider: .openai, metadata: metadata, enabled: true)
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let usage = OpenAIAPIUsageSnapshot(
+            daily: [
+                OpenAIAPIUsageSnapshot.DailyBucket(
+                    day: "2023-11-14",
+                    startTime: now,
+                    endTime: now.addingTimeInterval(86400),
+                    costUSD: 9,
+                    requests: 12,
+                    inputTokens: 100,
+                    cachedInputTokens: 0,
+                    outputTokens: 50,
+                    totalTokens: 150,
+                    lineItems: [],
+                    models: []),
+            ],
+            updatedAt: now)
+        store._setSnapshotForTesting(usage.toUsageSnapshot(), provider: .openai)
+
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu(for: .openai)
+        controller.menuWillOpen(menu)
+        let usageItem = menu.items.first { ($0.representedObject as? String) == "menuCardUsage" }
+
+        #expect(usageItem?.submenu?.items
+            .contains { ($0.representedObject as? String) == StatusItemController.costHistoryChartID } == true)
+        #expect(menu.items.contains { ($0.representedObject as? String) == "menuCardHeader" } == false)
+        #expect(menu.items.contains { ($0.representedObject as? String) == "menuCardExtraUsage" } == false)
+    }
+
+    @Test
+    func `shows credits before cost in codex menu card sections`() throws {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
@@ -599,6 +1262,8 @@ struct StatusMenuTests {
             usageBreakdown: [],
             creditsPurchaseURL: nil,
             updatedAt: Date())
+        store.openAIDashboardAttachmentAuthorized = true
+        store.openAIDashboardRequiresLogin = false
         store._setTokenSnapshotForTesting(CostUsageTokenSnapshot(
             sessionTokens: 123,
             sessionCostUSD: 0.12,
@@ -623,6 +1288,7 @@ struct StatusMenuTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         let menu = controller.makeMenu()
         controller.menuWillOpen(menu)
@@ -635,7 +1301,66 @@ struct StatusMenuTests {
     }
 
     @Test
-    func showsExtraUsageForClaudeWhenUsingMenuCardSections() {
+    func `hosted cost submenu preserves provider context after empty hydration`() {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.costUsageEnabled = true
+
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+
+        let submenu = controller.makeHostedSubviewPlaceholderMenu(
+            chartID: StatusItemController.costHistoryChartID,
+            provider: .codex)
+        #expect(submenu.autoenablesItems == false)
+        #expect(submenu.items.first?.isEnabled == true)
+
+        controller.hydrateHostedSubviewMenuIfNeeded(submenu)
+        #expect(submenu.items.count == 1)
+        #expect(submenu.items.first?.title == "No data available")
+        #expect(submenu.items.first?.toolTip == UsageProvider.codex.rawValue)
+
+        store._setTokenSnapshotForTesting(CostUsageTokenSnapshot(
+            sessionTokens: 123,
+            sessionCostUSD: 0.12,
+            last30DaysTokens: 123,
+            last30DaysCostUSD: 1.23,
+            daily: [
+                CostUsageDailyReport.Entry(
+                    date: "2025-12-23",
+                    inputTokens: nil,
+                    outputTokens: nil,
+                    totalTokens: 123,
+                    costUSD: 1.23,
+                    modelsUsed: nil,
+                    modelBreakdowns: nil),
+            ],
+            updatedAt: Date()), provider: .codex)
+
+        controller.hydrateHostedSubviewMenuIfNeeded(submenu)
+        #expect(submenu.items.count == 1)
+        #expect(submenu.items.first?.title != "No data available")
+        #expect(submenu.items.first?.representedObject as? String == StatusItemController.costHistoryChartID)
+        #expect(submenu.items.first?.isEnabled == true)
+    }
+
+    @Test
+    func `shows extra usage for claude when using menu card sections`() {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
@@ -701,6 +1426,7 @@ struct StatusMenuTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         let menu = controller.makeMenu()
         controller.menuWillOpen(menu)
@@ -709,7 +1435,7 @@ struct StatusMenuTests {
     }
 
     @Test
-    func showsVertexCostWhenUsageErrorPresent() {
+    func `shows vertex cost when usage error present`() {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
@@ -756,6 +1482,7 @@ struct StatusMenuTests {
             updater: DisabledUpdaterController(),
             preferencesSelection: PreferencesSelection(),
             statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
 
         let menu = controller.makeMenu()
         controller.menuWillOpen(menu)
@@ -766,7 +1493,7 @@ struct StatusMenuTests {
 
 extension StatusMenuTests {
     @Test
-    func overviewTabRendersOverviewRowsForAllActiveProvidersWhenThreeOrFewer() {
+    func `overview tab renders overview rows for all active providers when three or fewer`() {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
@@ -805,7 +1532,7 @@ extension StatusMenuTests {
     }
 
     @Test
-    func overviewTabHonorsStoredSubsetWhenThreeOrFewer() {
+    func `overview tab honors stored subset when three or fewer`() {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
@@ -848,7 +1575,7 @@ extension StatusMenuTests {
     }
 
     @Test
-    func overviewTabWithExplicitEmptySelectionIsHiddenAndShowsProviderDetail() {
+    func `overview tab with explicit empty selection is hidden and shows provider detail`() {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
@@ -883,7 +1610,7 @@ extension StatusMenuTests {
 
         let ids = self.representedIDs(in: menu)
         let switcherButtons = self.switcherButtons(in: menu)
-        #expect(switcherButtons.count == store.enabledProviders().count)
+        #expect(switcherButtons.count == store.enabledProvidersForDisplay().count)
         #expect(switcherButtons.contains(where: { $0.title == "Overview" }) == false)
         #expect(switcherButtons.contains(where: { $0.state == .on && $0.tag == 0 }))
         #expect(ids.contains("menuCard"))
@@ -893,9 +1620,9 @@ extension StatusMenuTests {
     }
 
     @Test
-    func overviewRowsKeepMenuItemActionInRenderedMode() throws {
+    func `overview rows keep menu item action in rendered mode`() throws {
         StatusItemController.menuCardRenderingEnabled = true
-        StatusItemController.menuRefreshEnabled = false
+        StatusItemController.setMenuRefreshEnabledForTesting(false)
         defer { self.disableMenuCardsForTesting() }
 
         let settings = self.makeSettings()
@@ -933,7 +1660,7 @@ extension StatusMenuTests {
     }
 
     @Test
-    func selectingOverviewRowSwitchesToProviderDetail() throws {
+    func `selecting overview row switches to provider detail`() throws {
         self.disableMenuCardsForTesting()
         let settings = self.makeSettings()
         settings.statusChecksEnabled = false
diff --git a/Tests/CodexBarTests/StatusMenuTokenAccountSwitcherTests.swift b/Tests/CodexBarTests/StatusMenuTokenAccountSwitcherTests.swift
new file mode 100644
index 000000000..49053cc93
--- /dev/null
+++ b/Tests/CodexBarTests/StatusMenuTokenAccountSwitcherTests.swift
@@ -0,0 +1,423 @@
+import AppKit
+import CodexBarCore
+import Foundation
+import XCTest
+@testable import CodexBar
+
+@MainActor
+final class StatusMenuTokenAccountSwitcherTests: XCTestCase {
+    private func disableMenuCardsForTesting() {
+        StatusItemController.menuCardRenderingEnabled = false
+        StatusItemController.setMenuRefreshEnabledForTesting(false)
+    }
+
+    private func makeStatusBarForTesting() -> NSStatusBar {
+        let env = ProcessInfo.processInfo.environment
+        if env["GITHUB_ACTIONS"] == "true" || env["CI"] == "true" {
+            return .system
+        }
+        return NSStatusBar()
+    }
+
+    private func makeSettings() -> SettingsStore {
+        let suite = "StatusMenuTokenAccountSwitcherTests-\(UUID().uuidString)"
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore(),
+            tokenAccountStore: InMemoryTokenAccountStore())
+        settings.providerDetectionCompleted = true
+        return settings
+    }
+
+    private func enableOnlyClaude(_ settings: SettingsStore) {
+        self.enableOnly(.claude, settings)
+    }
+
+    private func enableOnly(_ enabledProvider: UsageProvider, _ settings: SettingsStore) {
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            guard let metadata = registry.metadata[provider] else { continue }
+            settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: provider == enabledProvider)
+        }
+    }
+
+    private func representedIDs(in menu: NSMenu) -> [String] {
+        menu.items.compactMap { $0.representedObject as? String }
+    }
+
+    private func installBlockingClaudeProvider(on store: UsageStore, blocker: BlockingTokenAccountFetchStrategy) {
+        let baseSpec = store.providerSpecs[.claude]!
+        store.providerSpecs[.claude] = Self.makeClaudeProviderSpec(baseSpec: baseSpec) {
+            try await blocker.awaitResult()
+        }
+    }
+
+    private static func makeClaudeProviderSpec(
+        baseSpec: ProviderSpec,
+        loader: @escaping @Sendable () async throws -> UsageSnapshot) -> ProviderSpec
+    {
+        let baseDescriptor = baseSpec.descriptor
+        let strategy = StatusMenuTokenAccountFetchStrategy(loader: loader)
+        let descriptor = ProviderDescriptor(
+            id: .claude,
+            metadata: baseDescriptor.metadata,
+            branding: baseDescriptor.branding,
+            tokenCost: baseDescriptor.tokenCost,
+            fetchPlan: ProviderFetchPlan(
+                sourceModes: [.auto, .cli, .oauth],
+                pipeline: ProviderFetchPipeline { _ in [strategy] }),
+            cli: baseDescriptor.cli)
+        return ProviderSpec(
+            style: baseSpec.style,
+            isEnabled: baseSpec.isEnabled,
+            descriptor: descriptor,
+            makeFetchContext: baseSpec.makeFetchContext)
+    }
+
+    private func snapshot(percent: Double = 12) -> UsageSnapshot {
+        UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: percent,
+                windowMinutes: 300,
+                resetsAt: Date().addingTimeInterval(300),
+                resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: "claude@example.com",
+                accountOrganization: nil,
+                loginMethod: "OAuth"))
+    }
+
+    func test_tokenAccountMenuSelectionRefreshesProviderWhileGlobalRefreshIsActive() async throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        self.enableOnlyClaude(settings)
+        settings.addTokenAccount(provider: .claude, label: "Primary", token: "Bearer sk-ant-oat-primary")
+        settings.addTokenAccount(provider: .claude, label: "Secondary", token: "Bearer sk-ant-oat-secondary")
+        settings.setActiveTokenAccountIndex(0, for: .claude)
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let blocker = BlockingTokenAccountFetchStrategy()
+        self.installBlockingClaudeProvider(on: store, blocker: blocker)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let refreshTask = Task { @MainActor in
+            await store.refresh()
+        }
+        await blocker.waitUntilStarted(count: 1)
+        XCTAssertTrue(store.isRefreshing)
+
+        let menu = controller.makeMenu()
+        defer { withExtendedLifetime(menu) {} }
+        controller.menuWillOpen(menu)
+        let switcher = try XCTUnwrap(menu.items.compactMap { $0.view as? TokenAccountSwitcherView }.first)
+
+        let selectionTask = try XCTUnwrap(switcher._test_select(index: 1))
+        await blocker.waitUntilStarted(count: 2)
+        XCTAssertEqual(settings.tokenAccountsData(for: .claude)?.clampedActiveIndex(), 1)
+
+        await blocker.resumeAll(with: .success(self.snapshot(percent: 17)))
+        await selectionTask.value
+        await refreshTask.value
+        let startedCallCount = await blocker.startedCallCount()
+        XCTAssertGreaterThanOrEqual(startedCallCount, 2)
+    }
+
+    func test_multiAccountSegmentedLayoutShowsCopilotSwitcher() throws {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.multiAccountMenuLayout = .segmented
+        self.enableOnly(.copilot, settings)
+        settings.addTokenAccount(provider: .copilot, label: "Primary", token: "gh_primary")
+        settings.addTokenAccount(provider: .copilot, label: "Secondary", token: "gh_secondary")
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu(for: .copilot)
+        controller.menuWillOpen(menu)
+
+        _ = try XCTUnwrap(menu.items.compactMap { $0.view as? TokenAccountSwitcherView }.first)
+        XCTAssertEqual(self.representedIDs(in: menu).filter { $0.hasPrefix("menuCard") }, ["menuCard"])
+    }
+
+    func test_multiAccountStackedLayoutShowsCopilotCards() {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.multiAccountMenuLayout = .stacked
+        self.enableOnly(.copilot, settings)
+        settings.addTokenAccount(provider: .copilot, label: "Primary", token: "gh_primary")
+        settings.addTokenAccount(provider: .copilot, label: "Secondary", token: "gh_secondary")
+        let accounts = settings.tokenAccounts(for: .copilot)
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        store.accountSnapshots[.copilot] = accounts.enumerated().map { index, account in
+            TokenAccountUsageSnapshot(
+                account: account,
+                snapshot: self.snapshot(percent: Double(10 + index)),
+                error: nil,
+                sourceLabel: "test")
+        }
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu(for: .copilot)
+        controller.menuWillOpen(menu)
+
+        XCTAssertNil(menu.items.compactMap { $0.view as? TokenAccountSwitcherView }.first)
+        XCTAssertEqual(self.representedIDs(in: menu).filter { $0.hasPrefix("menuCard") }, ["menuCard-0", "menuCard-1"])
+    }
+
+    func test_multiAccountStackedRefreshStartsAccountFetchesConcurrently() async {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.multiAccountMenuLayout = .stacked
+        self.enableOnlyClaude(settings)
+        settings.addTokenAccount(provider: .claude, label: "Primary", token: "Bearer sk-ant-oat-primary")
+        settings.addTokenAccount(provider: .claude, label: "Secondary", token: "Bearer sk-ant-oat-secondary")
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let blocker = BlockingTokenAccountFetchStrategy()
+        self.installBlockingClaudeProvider(on: store, blocker: blocker)
+
+        let refreshTask = Task { @MainActor in
+            await store.refreshProvider(.claude)
+        }
+
+        await blocker.waitUntilStarted(count: 2)
+        let startedBeforeResume = await blocker.startedCallCount()
+        XCTAssertEqual(startedBeforeResume, 2)
+
+        await blocker.resumeAll(with: .success(self.snapshot(percent: 17)))
+        await refreshTask.value
+        XCTAssertEqual(store.accountSnapshots[.claude]?.count, 2)
+    }
+
+    func test_multiAccountStackedLayoutIgnoresStaleSnapshotsAndKeepsMenuCapped() {
+        self.disableMenuCardsForTesting()
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = false
+        settings.multiAccountMenuLayout = .stacked
+        self.enableOnly(.copilot, settings)
+        for index in 0..<8 {
+            settings.addTokenAccount(provider: .copilot, label: "Account \(index)", token: "gh_\(index)")
+        }
+        settings.setActiveTokenAccountIndex(7, for: .copilot)
+        let accounts = settings.tokenAccounts(for: .copilot)
+        let staleAccounts = (0..<2).map { index in
+            ProviderTokenAccount(
+                id: UUID(),
+                label: "Removed \(index)",
+                token: "stale_\(index)",
+                addedAt: TimeInterval(index),
+                lastUsed: nil)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let staleSnapshots = staleAccounts.enumerated().map { index, account in
+            TokenAccountUsageSnapshot(
+                account: account,
+                snapshot: self.snapshot(percent: Double(70 + index)),
+                error: nil,
+                sourceLabel: "stale")
+        }
+        let currentSnapshots = accounts.enumerated().map { index, account in
+            TokenAccountUsageSnapshot(
+                account: account,
+                snapshot: self.snapshot(percent: Double(10 + index)),
+                error: nil,
+                sourceLabel: "current")
+        }
+        store.accountSnapshots[.copilot] = staleSnapshots + currentSnapshots
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu(for: .copilot)
+        controller.menuWillOpen(menu)
+
+        XCTAssertNil(menu.items.compactMap { $0.view as? TokenAccountSwitcherView }.first)
+        XCTAssertEqual(
+            self.representedIDs(in: menu).filter { $0.hasPrefix("menuCard") },
+            ["menuCard-0", "menuCard-1", "menuCard-2", "menuCard-3", "menuCard-4", "menuCard-5"])
+    }
+
+    func test_tokenAccountSwitchDefersOpenMenuRebuildUntilAfterSwitcherAction() async throws {
+        self.disableMenuCardsForTesting()
+        StatusItemController.setMenuRefreshEnabledForTesting(true)
+        defer { StatusItemController.setMenuRefreshEnabledForTesting(false) }
+
+        let settings = self.makeSettings()
+        settings.statusChecksEnabled = false
+        settings.refreshFrequency = .manual
+        settings.mergeIcons = true
+        settings.selectedMenuProvider = .claude
+        settings.multiAccountMenuLayout = .segmented
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            guard let metadata = registry.metadata[provider] else { continue }
+            settings.setProviderEnabled(
+                provider: provider,
+                metadata: metadata,
+                enabled: provider == .claude || provider == .codex)
+        }
+        settings.addTokenAccount(provider: .claude, label: "Primary", token: "Bearer sk-ant-oat-primary")
+        settings.addTokenAccount(provider: .claude, label: "Secondary", token: "Bearer sk-ant-oat-secondary")
+        settings.setActiveTokenAccountIndex(0, for: .claude)
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+        let blocker = BlockingTokenAccountFetchStrategy()
+        self.installBlockingClaudeProvider(on: store, blocker: blocker)
+        let controller = StatusItemController(
+            store: store,
+            settings: settings,
+            account: fetcher.loadAccountInfo(),
+            updater: DisabledUpdaterController(),
+            preferencesSelection: PreferencesSelection(),
+            statusBar: self.makeStatusBarForTesting())
+        defer { controller.releaseStatusItemsForTesting() }
+
+        let menu = controller.makeMenu()
+        controller.menuWillOpen(menu)
+        let switcher = try XCTUnwrap(menu.items.compactMap { $0.view as? TokenAccountSwitcherView }.first)
+
+        var rebuildCount = 0
+        controller._test_openMenuRebuildObserver = { _ in
+            rebuildCount += 1
+        }
+        defer { controller._test_openMenuRebuildObserver = nil }
+
+        let selectionTask = try XCTUnwrap(switcher._test_select(index: 1))
+
+        XCTAssertEqual(rebuildCount, 0)
+        for _ in 0..<20 where rebuildCount == 0 {
+            await Task.yield()
+        }
+        XCTAssertEqual(rebuildCount, 1)
+
+        await blocker.waitUntilStarted(count: 1)
+        await blocker.resumeAll(with: .success(self.snapshot(percent: 17)))
+        await selectionTask.value
+    }
+}
+
+private struct StatusMenuTokenAccountFetchStrategy: ProviderFetchStrategy {
+    let loader: @Sendable () async throws -> UsageSnapshot
+
+    var id: String {
+        "status-menu-token-account-test"
+    }
+
+    var kind: ProviderFetchKind {
+        .cli
+    }
+
+    func isAvailable(_: ProviderFetchContext) async -> Bool {
+        true
+    }
+
+    func fetch(_: ProviderFetchContext) async throws -> ProviderFetchResult {
+        let snapshot = try await self.loader()
+        return self.makeResult(usage: snapshot, sourceLabel: "status-menu-token-account-test")
+    }
+
+    func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
+        false
+    }
+}
+
+private actor BlockingTokenAccountFetchStrategy {
+    private var waiters: [CheckedContinuation<Result<UsageSnapshot, Error>, Never>] = []
+    private var startedWaiters: [(count: Int, continuation: CheckedContinuation<Void, Never>)] = []
+    private var resolvedResult: Result<UsageSnapshot, Error>?
+    private var startedCount = 0
+
+    func awaitResult() async throws -> UsageSnapshot {
+        if let resolvedResult {
+            self.startedCount += 1
+            self.resumeStartedWaiters()
+            return try resolvedResult.get()
+        }
+        let result = await withCheckedContinuation { continuation in
+            self.waiters.append(continuation)
+            self.startedCount += 1
+            self.resumeStartedWaiters()
+        }
+        return try result.get()
+    }
+
+    func waitUntilStarted(count: Int) async {
+        if self.startedCount >= count { return }
+        await withCheckedContinuation { continuation in
+            self.startedWaiters.append((count: count, continuation: continuation))
+        }
+    }
+
+    func startedCallCount() -> Int {
+        self.startedCount
+    }
+
+    func resumeAll(with result: Result<UsageSnapshot, Error>) {
+        self.resolvedResult = result
+        self.waiters.forEach { $0.resume(returning: result) }
+        self.waiters.removeAll()
+    }
+
+    private func resumeStartedWaiters() {
+        let ready = self.startedWaiters.filter { self.startedCount >= $0.count }
+        self.startedWaiters.removeAll { self.startedCount >= $0.count }
+        ready.forEach { $0.continuation.resume() }
+    }
+}
diff --git a/Tests/CodexBarTests/StatusProbeTests.swift b/Tests/CodexBarTests/StatusProbeTests.swift
index b999019e4..dde1026a4 100644
--- a/Tests/CodexBarTests/StatusProbeTests.swift
+++ b/Tests/CodexBarTests/StatusProbeTests.swift
@@ -3,10 +3,9 @@ import Foundation
 import Testing
 @testable import CodexBar
 
-@Suite
 struct StatusProbeTests {
     @Test
-    func parseCodexStatus() throws {
+    func `parse codex status`() throws {
         let sample = """
         Model: gpt
         Credits: 980 credits
@@ -20,20 +19,55 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parseCodexStatusWithAnsiAndResets() throws {
+    func `parse codex status with ansi and resets`() throws {
+        let now = try #require(
+            Calendar(identifier: .gregorian).date(from: DateComponents(
+                timeZone: TimeZone.current,
+                year: 2026,
+                month: 11,
+                day: 26,
+                hour: 8,
+                minute: 0)))
         let sample = """
         \u{001B}[38;5;245mCredits:\u{001B}[0m 557 credits
         5h limit: [█████     ] 50% left (resets 09:01)
         Weekly limit: [███████   ] 85% left (resets 04:01 on 27 Nov)
         """
-        let snap = try CodexStatusProbe.parse(text: sample)
+        let snap = try CodexStatusProbe.parse(text: sample, now: now)
         #expect(snap.credits == 557)
         #expect(snap.fiveHourPercentLeft == 50)
         #expect(snap.weeklyPercentLeft == 85)
+        #expect(snap.fiveHourResetsAt == Calendar(identifier: .gregorian).date(from: DateComponents(
+            timeZone: TimeZone.current,
+            year: 2026,
+            month: 11,
+            day: 26,
+            hour: 9,
+            minute: 1)))
+        #expect(snap.weeklyResetsAt == Calendar(identifier: .gregorian).date(from: DateComponents(
+            timeZone: TimeZone.current,
+            year: 2026,
+            month: 11,
+            day: 27,
+            hour: 4,
+            minute: 1)))
+    }
+
+    @Test
+    func `parse codex status with weekly only line`() throws {
+        let sample = """
+        Model: gpt
+        Credits: 980 credits
+        Weekly limit: [##] 25% left
+        """
+        let snap = try CodexStatusProbe.parse(text: sample)
+        #expect(snap.credits == 980)
+        #expect(snap.fiveHourPercentLeft == nil)
+        #expect(snap.weeklyPercentLeft == 25)
     }
 
     @Test
-    func parseClaudeStatus() throws {
+    func `parse claude status`() throws {
         let sample = """
         Settings: Status   Config   Usage (tab to cycle)
 
@@ -64,7 +98,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parseClaudeStatusWithANSI() throws {
+    func `parse claude status with ANSI`() throws {
         let sample = """
         \u{001B}[35mCurrent session\u{001B}[0m
         40% used  (Resets 11am)
@@ -86,7 +120,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parseClaudeStatusLegacyOpusLabel() throws {
+    func `parse claude status legacy opus label`() throws {
         let sample = """
         Current session
         12% used  (Resets 11am)
@@ -107,7 +141,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parseClaudeStatusRemainingKeyword() throws {
+    func `parse claude status remaining keyword`() throws {
         let sample = """
         Current session
         12% remaining (Resets 11am)
@@ -120,7 +154,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parseClaudeStatusEnterpriseSessionOnly() throws {
+    func `parse claude status enterprise session only`() throws {
         let sample = """
         Current session
         █                                                  2% used
@@ -134,7 +168,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parseClaudeStatusResetMappings_withCRLineEndings() throws {
+    func `parse claude status reset mappings with CR line endings`() throws {
         let sample =
             "Current  session\r" +
             "██████████████████████████████████████████████████  17% used\r" +
@@ -156,7 +190,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parseClaudeStatusResetMappings_doesNotPromoteWeeklyResetToSession() throws {
+    func `parse claude status reset mappings does not promote weekly reset to session`() throws {
         let sample = """
         Current session
         ██████████████████████████████████████████████████  17% used
@@ -172,7 +206,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parseClaudeStatusWithPlanAndAnsiNoise() throws {
+    func `parse claude status with plan and ansi noise`() throws {
         let sample = """
         Settings: Status   Config   Usage
 
@@ -197,7 +231,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parseClaudeStatusWithExtraUsageSection() throws {
+    func `parse claude status with extra usage section`() throws {
         let sample = """
         Settings:  Status   Config   Usage  (tab to cycle)
 
@@ -225,7 +259,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parseClaudeStatus_ignoresStatusBarContextPercent() throws {
+    func `parse claude status ignores status bar context percent`() throws {
         let sample = """
         Claude Code v2.1.29
         22:47 |  | Opus 4.5 | default | ░░░░░░░░░░ 0%  ◯ /ide for Visual Studio Code
@@ -254,7 +288,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parseClaudeStatus_loadingPanelDoesNotReportZeroPercent() {
+    func `parse claude status loading panel surfaces loading stall`() {
         let sample = """
         Claude Code v2.1.29
         22:47 |  | Opus 4.5 | default | ░░░░░░░░░░ 0%  ◯ /ide for Visual Studio Code
@@ -267,7 +301,8 @@ struct StatusProbeTests {
         do {
             _ = try ClaudeStatusProbe.parse(text: sample)
             #expect(Bool(false), "Parsing should fail while /usage is still loading")
-        } catch ClaudeStatusProbeError.parseFailed {
+        } catch let ClaudeStatusProbeError.parseFailed(message) {
+            #expect(message.lowercased().contains("loading"))
             return
         } catch ClaudeStatusProbeError.timedOut {
             return
@@ -277,7 +312,34 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parseClaudeStatus_statusOnlyOutputDoesNotFallbackToZero() {
+    func `parse claude retained usage panel classifies latest loading panel`() {
+        let sample = """
+        Settings:  Status   Config   Usage  (tab to cycle)
+        Current session
+        ███████▌15%used
+        Resets 11:30pm (Asia/Calcutta)
+
+        Current week (all models)
+        █▌ 3% used
+        Resets Feb 12 at 1:30pm (Asia/Calcutta)
+
+        Settings:  Status   Config   Usage  (tab to cycle)
+        Loading usage data…
+        Esc to cancel
+        """
+
+        do {
+            _ = try ClaudeStatusProbe.parse(text: sample)
+            #expect(Bool(false), "Parsing should fail while the latest /usage panel is still loading")
+        } catch let ClaudeStatusProbeError.parseFailed(message) {
+            #expect(message.lowercased().contains("loading"))
+        } catch {
+            #expect(Bool(false), "Unexpected error: \(error)")
+        }
+    }
+
+    @Test
+    func `parse claude status status only output does not fallback to zero`() {
         let sample = """
         Claude Code v2.1.32
         01:07 |  | Opus 4.6 | default | ░░░░░░░░░░ 0% left
@@ -298,7 +360,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parseClaudeStatus_placeholderUsageWindowDoesNotUseStatusBarPercent() {
+    func `parse claude status placeholder usage window does not use status bar percent`() {
         let sample = """
         Claude Code v2.1.32
         01:07 |  | Opus 4.6 | default | ░░░░░░░░░░ 0% left
@@ -321,7 +383,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parseClaudeStatus_compactMarkersStillParse() throws {
+    func `parse claude status compact markers still parse`() throws {
         let sample = """
         Settings:StatusConfigUsage(←/→ortabtocycle)
         Loadingusagedata…
@@ -340,10 +402,12 @@ struct StatusProbeTests {
         #expect(snap.sessionPercentLeft == 94)
         #expect(snap.weeklyPercentLeft == 96)
         #expect(snap.opusPercentLeft == 99)
+        #expect(snap.secondaryResetDescription == "ResetsFeb12at1:29pm(Asia/Calcutta)")
+        #expect(snap.opusResetDescription == "ResetsFeb12at1:29pm(Asia/Calcutta)")
     }
 
     @Test
-    func parseClaudeStatusWithBracketPlanNoiseNoEsc() throws {
+    func `parse claude status with bracket plan noise no esc`() throws {
         let sample = """
         Login method: [22m Claude Max Account
         Account: user@example.com
@@ -362,7 +426,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func surfacesClaudeTokenExpired() {
+    func `surfaces claude token expired`() {
         let sample = """
         Settings:  Status   Config   Usage
 
@@ -385,7 +449,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func surfacesClaudeRateLimited_compactUsageError() {
+    func `surfaces claude rate limited compact usage error`() {
         let sample = """
         Settings:StatusConfigUsage(←/→ortabtocycle)
         Error:Failedtoloadusagedata:{"error":{"message":"Ratelimited.Pleasetryagainlater.","type":"rate_limit_error"}}
@@ -404,7 +468,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func surfacesClaudeFolderTrustPrompt() {
+    func `surfaces claude folder trust prompt`() {
         let sample = """
         Do you trust the files in this folder?
 
@@ -424,7 +488,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func surfacesClaudeFolderTrustPrompt_withCRLFAndSpaces() {
+    func `surfaces claude folder trust prompt with CRLF and spaces`() {
         let sample = "Do you trust the files in this folder?\r\n\r\n/Users/example/My Project\r\n"
 
         do {
@@ -439,7 +503,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func surfacesClaudeFolderTrustPrompt_withoutFolderPath() {
+    func `surfaces claude folder trust prompt without folder path`() {
         let sample = """
         Do you trust the files in this folder?
         """
@@ -457,7 +521,78 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parsesClaudeResetTimeOnly() throws {
+    func `surfaces claude subscription notice without quota data`() {
+        let sample = """
+        You are currently using your subscription to power your Claude Code usage
+        """
+
+        do {
+            _ = try ClaudeStatusProbe.parse(text: sample)
+            #expect(Bool(false), "Parsing should fail for subscription notice without quota data")
+        } catch let ClaudeStatusProbeError.parseFailed(message) {
+            let lower = message.lowercased()
+            #expect(lower.contains("subscription"))
+            #expect(!lower.contains("still loading"))
+        } catch {
+            #expect(Bool(false), "Unexpected error: \(error)")
+        }
+    }
+
+    @Test
+    func `parse claude status subscription notice is distinct from loading stall`() {
+        let subscriptionOnly = "You are currently using your subscription to power your Claude Code usage"
+        let loadingOnly = """
+        Settings:  Status   Config   Usage  (tab to cycle)
+        Loading usage data…
+        Esc to cancel
+        """
+
+        do {
+            _ = try ClaudeStatusProbe.parse(text: subscriptionOnly)
+            #expect(Bool(false), "Subscription notice should fail parsing")
+        } catch let ClaudeStatusProbeError.parseFailed(subMessage) {
+            #expect(!subMessage.lowercased().contains("still loading"))
+        } catch {
+            #expect(Bool(false), "Unexpected error for subscription: \(error)")
+        }
+
+        do {
+            _ = try ClaudeStatusProbe.parse(text: loadingOnly)
+            #expect(Bool(false), "Loading panel should fail parsing")
+        } catch let ClaudeStatusProbeError.parseFailed(loadMessage) {
+            #expect(loadMessage.lowercased().contains("loading"))
+        } catch {
+            #expect(Bool(false), "Unexpected error for loading: \(error)")
+        }
+    }
+
+    @Test
+    func `parse claude status mixed loading and subscription notice surfaces subscription error`() {
+        // PTY capture containing both an intermediate "Loading usage data…" panel and the final
+        // Claude CLI 2.1.148 subscription notice. The subscription error must be surfaced, not
+        // the still-loading stall, so the UI shows the precise subscription message.
+        let mixedCapture = """
+        Settings:  Status   Config   Usage  (tab to cycle)
+        Loading usage data…
+        Esc to cancel
+
+        You are currently using your subscription to power your Claude Code usage
+        """
+
+        do {
+            _ = try ClaudeStatusProbe.parse(text: mixedCapture)
+            #expect(Bool(false), "Parsing should fail for mixed loading+subscription capture")
+        } catch let ClaudeStatusProbeError.parseFailed(message) {
+            let lower = message.lowercased()
+            #expect(lower.contains("subscription"))
+            #expect(!lower.contains("still loading"))
+        } catch {
+            #expect(Bool(false), "Unexpected error for mixed capture: \(error)")
+        }
+    }
+
+    @Test
+    func `parses claude reset time only`() throws {
         let now = Date(timeIntervalSince1970: 1_733_690_000)
         let parsed = ClaudeStatusProbe.parseResetDate(from: "Resets 12:59pm (Europe/Helsinki)", now: now)
         let tz = try #require(TimeZone(identifier: "Europe/Helsinki"))
@@ -471,7 +606,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parsesClaudeResetDateAndTime() throws {
+    func `parses claude reset date and time`() throws {
         let now = Date(timeIntervalSince1970: 1_733_690_000)
         let parsed = ClaudeStatusProbe.parseResetDate(from: "Resets Dec 9, 8:59am (Europe/Helsinki)", now: now)
         var calendar = Calendar(identifier: .gregorian)
@@ -487,7 +622,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parsesClaudeResetWithDotSeparatedTime() throws {
+    func `parses claude reset with dot separated time`() throws {
         let now = Date(timeIntervalSince1970: 1_733_690_000)
         let parsed = ClaudeStatusProbe.parseResetDate(from: "Resets Dec 9 at 5.27am (UTC)", now: now)
         var calendar = Calendar(identifier: .gregorian)
@@ -497,7 +632,7 @@ struct StatusProbeTests {
     }
 
     @Test
-    func parsesClaudeResetWithCompactTimes() throws {
+    func `parses claude reset with compact times`() throws {
         let now = Date(timeIntervalSince1970: 1_733_690_000)
         let parsedTimeOnly = ClaudeStatusProbe.parseResetDate(from: "Resets 1pm (UTC)", now: now)
         var calendar = Calendar(identifier: .gregorian)
@@ -521,7 +656,17 @@ struct StatusProbeTests {
     }
 
     @Test
-    func liveCodexStatus() async throws {
+    func `parses claude reset with compact date and time no spaces`() throws {
+        let now = Date(timeIntervalSince1970: 1_773_097_200) // Mar 10, 2026 12:00:00 UTC
+        let parsed = ClaudeStatusProbe.parseResetDate(from: "ResetsMar13at12:30pm(Asia/Calcutta)", now: now)
+        var calendar = Calendar(identifier: .gregorian)
+        calendar.timeZone = try #require(TimeZone(identifier: "Asia/Calcutta"))
+        let expected = calendar.date(from: DateComponents(year: 2026, month: 3, day: 13, hour: 12, minute: 30))
+        #expect(parsed == expected)
+    }
+
+    @Test
+    func `live codex status`() async throws {
         guard ProcessInfo.processInfo.environment["LIVE_CODEX_STATUS"] == "1" else { return }
 
         let probe = CodexStatusProbe()
diff --git a/Tests/CodexBarTests/StepFunUsageFetcherTests.swift b/Tests/CodexBarTests/StepFunUsageFetcherTests.swift
new file mode 100644
index 000000000..2c1ee8503
--- /dev/null
+++ b/Tests/CodexBarTests/StepFunUsageFetcherTests.swift
@@ -0,0 +1,799 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct StepFunSettingsReaderTests {
+    @Test
+    func `reads STEPFUN_TOKEN`() {
+        let env = ["STEPFUN_TOKEN": "some-oasis-token-value"]
+        #expect(StepFunSettingsReader.token(environment: env) == "some-oasis-token-value")
+    }
+
+    @Test
+    func `reads STEPFUN_USERNAME`() {
+        let env = ["STEPFUN_USERNAME": "user@example.com"]
+        #expect(StepFunSettingsReader.username(environment: env) == "user@example.com")
+    }
+
+    @Test
+    func `reads STEPFUN_PASSWORD`() {
+        let env = ["STEPFUN_PASSWORD": "secret123"]
+        #expect(StepFunSettingsReader.password(environment: env) == "secret123")
+    }
+
+    @Test
+    func `trims whitespace from token`() {
+        let env = ["STEPFUN_TOKEN": "  some-token  "]
+        #expect(StepFunSettingsReader.token(environment: env) == "some-token")
+    }
+
+    @Test
+    func `strips double quotes from token`() {
+        let env = ["STEPFUN_TOKEN": "\"some-token\""]
+        #expect(StepFunSettingsReader.token(environment: env) == "some-token")
+    }
+
+    @Test
+    func `strips single quotes from token`() {
+        let env = ["STEPFUN_TOKEN": "'some-token'"]
+        #expect(StepFunSettingsReader.token(environment: env) == "some-token")
+    }
+
+    @Test
+    func `returns nil when no env vars present`() {
+        #expect(StepFunSettingsReader.token(environment: [:]) == nil)
+        #expect(StepFunSettingsReader.username(environment: [:]) == nil)
+        #expect(StepFunSettingsReader.password(environment: [:]) == nil)
+    }
+
+    @Test
+    func `returns nil for empty values`() {
+        let env = ["STEPFUN_TOKEN": "", "STEPFUN_USERNAME": "", "STEPFUN_PASSWORD": ""]
+        #expect(StepFunSettingsReader.token(environment: env) == nil)
+        #expect(StepFunSettingsReader.username(environment: env) == nil)
+        #expect(StepFunSettingsReader.password(environment: env) == nil)
+    }
+
+    @Test
+    func `returns nil for whitespace-only values`() {
+        let env = ["STEPFUN_TOKEN": "   "]
+        #expect(StepFunSettingsReader.token(environment: env) == nil)
+    }
+}
+
+struct StepFunProviderTokenResolverTests {
+    @Test
+    func `resolves token from environment`() {
+        let env = ["STEPFUN_TOKEN": "my-test-token"]
+        let resolution = ProviderTokenResolver.stepfunResolution(environment: env)
+        #expect(resolution?.token == "my-test-token")
+        #expect(resolution?.source == .environment)
+    }
+
+    @Test
+    func `returns nil when token absent`() {
+        let resolution = ProviderTokenResolver.stepfunResolution(environment: [:])
+        #expect(resolution == nil)
+    }
+}
+
+struct StepFunUsageFetcherParsingTests {
+    @Test
+    func `parses real API response format with string timestamps and integer rates`() throws {
+        // This matches the actual StepFun API response format:
+        // - timestamps as strings (e.g. "1777528800")
+        // - rates can be integers (e.g. 1) or floats (e.g. 0.99781543)
+        let json = """
+        {
+            "status": 1,
+            "desc": "",
+            "five_hour_usage_left_rate": 1,
+            "five_hour_usage_reset_time": "1777528800",
+            "weekly_usage_left_rate": 0.99781543,
+            "weekly_usage_reset_time": "1777899600"
+        }
+        """
+        let data = Data(json.utf8)
+        let snapshot = try StepFunUsageFetcher._parseSnapshotForTesting(data)
+
+        #expect(snapshot.fiveHourUsageLeftRate == 1.0)
+        #expect(snapshot.weeklyUsageLeftRate > 0.997 && snapshot.weeklyUsageLeftRate < 0.998)
+    }
+
+    @Test
+    func `parses response with float rates and integer timestamps`() throws {
+        let json = """
+        {
+            "status": 1,
+            "five_hour_usage_left_rate": 0.75,
+            "weekly_usage_left_rate": 0.5,
+            "five_hour_usage_reset_time": 1746000000,
+            "weekly_usage_reset_time": 1746500000
+        }
+        """
+        let data = Data(json.utf8)
+        let snapshot = try StepFunUsageFetcher._parseSnapshotForTesting(data)
+
+        #expect(snapshot.fiveHourUsageLeftRate == 0.75)
+        #expect(snapshot.weeklyUsageLeftRate == 0.5)
+    }
+
+    @Test
+    func `throws on failed API status`() {
+        let json = """
+        {
+            "status": 0,
+            "message": "Unauthorized",
+            "five_hour_usage_left_rate": 0.75,
+            "weekly_usage_left_rate": 0.5,
+            "five_hour_usage_reset_time": "1746000000",
+            "weekly_usage_reset_time": "1746500000"
+        }
+        """
+        let data = Data(json.utf8)
+        #expect(throws: StepFunUsageError.self) {
+            try StepFunUsageFetcher._parseSnapshotForTesting(data)
+        }
+    }
+
+    @Test
+    func `throws on missing fields`() {
+        let json = """
+        {
+            "status": 1
+        }
+        """
+        let data = Data(json.utf8)
+        #expect(throws: StepFunUsageError.self) {
+            try StepFunUsageFetcher._parseSnapshotForTesting(data)
+        }
+    }
+
+    @Test
+    func `throws on invalid JSON`() {
+        let data = Data("not json".utf8)
+        #expect(throws: StepFunUsageError.self) {
+            try StepFunUsageFetcher._parseSnapshotForTesting(data)
+        }
+    }
+
+    @Test
+    func `snapshot maps to UsageSnapshot correctly`() throws {
+        let json = """
+        {
+            "status": 1,
+            "five_hour_usage_left_rate": 0.8,
+            "weekly_usage_left_rate": 0.6,
+            "five_hour_usage_reset_time": "1746000000",
+            "weekly_usage_reset_time": "1746500000"
+        }
+        """
+        let data = Data(json.utf8)
+        let snapshot = try StepFunUsageFetcher._parseSnapshotForTesting(data)
+        let usage = snapshot.toUsageSnapshot()
+
+        // Five-hour window: 20% used (1.0 - 0.8)
+        let primaryUsed = usage.primary?.usedPercent ?? 0
+        #expect(primaryUsed > 19.9 && primaryUsed < 20.1)
+
+        // Weekly window: 40% used (1.0 - 0.6)
+        let secondaryUsed = usage.secondary?.usedPercent ?? 0
+        #expect(secondaryUsed > 39.9 && secondaryUsed < 40.1)
+        #expect(usage.secondary?.windowMinutes == 10080)
+
+        // Identity
+        #expect(usage.identity?.providerID == .stepfun)
+        #expect(usage.identity?.loginMethod == "password")
+    }
+
+    @Test
+    func `clamps used percent to 0-100 range`() throws {
+        let json = """
+        {
+            "status": 1,
+            "five_hour_usage_left_rate": 0.0,
+            "weekly_usage_left_rate": 1,
+            "five_hour_usage_reset_time": "1746000000",
+            "weekly_usage_reset_time": "1746500000"
+        }
+        """
+        let data = Data(json.utf8)
+        let snapshot = try StepFunUsageFetcher._parseSnapshotForTesting(data)
+        let usage = snapshot.toUsageSnapshot()
+
+        // 0% remaining → 100% used
+        #expect(usage.primary?.usedPercent == 100.0)
+        // 100% remaining → 0% used (integer 1 parsed as 1.0)
+        #expect(usage.secondary?.usedPercent == 0.0)
+    }
+}
+
+struct StepFunTokenNormalizerTests {
+    @Test
+    func `extracts Oasis-Token from cookie header`() {
+        let input = "Oasis-Token=abc123...def456; Oasis-Webid=someid"
+        #expect(StepFunTokenNormalizer.normalize(input) == "abc123...def456")
+    }
+
+    @Test
+    func `returns raw value when not a cookie header`() {
+        let input = "abc123...def456"
+        #expect(StepFunTokenNormalizer.normalize(input) == "abc123...def456")
+    }
+
+    @Test
+    func `returns empty for empty string`() {
+        #expect(StepFunTokenNormalizer.normalize("").isEmpty)
+    }
+
+    @Test
+    func `trims whitespace`() {
+        #expect(StepFunTokenNormalizer.normalize("  token123  ") == "token123")
+    }
+}
+
+@Suite(.serialized)
+struct StepFunTokenRefreshTests {
+    private struct StubClaudeFetcher: ClaudeUsageFetching {
+        func loadLatestUsage(model _: String) async throws -> ClaudeUsageSnapshot {
+            throw ClaudeUsageError.parseFailed("stub")
+        }
+
+        func debugRawProbe(model _: String) async -> String {
+            "stub"
+        }
+
+        func detectVersion() -> String? {
+            nil
+        }
+    }
+
+    @Test
+    func `refresh token returns combined token pair`() async throws {
+        try await self.withStubProtocol { recorder in
+            StepFunStubURLProtocol.handler = { request in
+                #expect(request.url?.path.contains("RefreshToken") == true)
+                #expect(request.value(forHTTPHeaderField: "Oasis-Token") == "old-access...old-refresh")
+                #expect(request.value(forHTTPHeaderField: "Cookie")?.contains("old-access...old-refresh") == true)
+                recorder.recordRefreshCall()
+                return Self.jsonResponse(
+                    for: request,
+                    body: """
+                    {
+                        "accessToken": {"raw": "new-access"},
+                        "refreshToken": {"raw": "new-refresh"}
+                    }
+                    """)
+            }
+
+            let token = try await StepFunUsageFetcher.refreshToken(token: "old-access...old-refresh")
+            #expect(token == "new-access...new-refresh")
+            #expect(recorder.refreshCallCount == 1)
+        }
+    }
+
+    @Test
+    func `manual token auth failure refreshes token account and retries usage`() async throws {
+        let accountID = UUID()
+        let updateRecorder = StepFunTokenUpdateRecorder()
+
+        try await self.withStubProtocol { recorder in
+            StepFunStubURLProtocol.handler = { request in
+                let path = request.url?.path ?? ""
+                if path.contains("QueryStepPlanRateLimit") {
+                    let call = recorder.recordUsageCall()
+                    if call == 1 {
+                        #expect(request.value(forHTTPHeaderField: "Cookie")?
+                            .contains("old-access...old-refresh") == true)
+                        return Self.jsonResponse(for: request, statusCode: 401, body: #"{"error":"unauthorized"}"#)
+                    }
+
+                    #expect(request.value(forHTTPHeaderField: "Cookie")?.contains("new-access...new-refresh") == true)
+                    return Self.usageResponse(for: request)
+                }
+
+                if path.contains("RefreshToken") {
+                    recorder.recordRefreshCall()
+                    #expect(request.value(forHTTPHeaderField: "Oasis-Token") == "old-access...old-refresh")
+                    return Self.jsonResponse(
+                        for: request,
+                        body: """
+                        {
+                            "accessToken": {"raw": "new-access"},
+                            "refreshToken": {"raw": "new-refresh"}
+                        }
+                        """)
+                }
+
+                if path.contains("GetStepPlanStatus") {
+                    return Self.jsonResponse(
+                        for: request,
+                        body: #"{"status":1,"subscription":{"name":"Plus","plan_type":1,"status":1}}"#)
+                }
+
+                return Self.jsonResponse(for: request, statusCode: 404, body: #"{"error":"unexpected"}"#)
+            }
+
+            let settings = ProviderSettingsSnapshot.make(
+                stepfun: ProviderSettingsSnapshot.StepFunProviderSettings(
+                    cookieSource: .manual,
+                    manualToken: "old-access...old-refresh"))
+            let context = self.makeContext(
+                settings: settings,
+                selectedTokenAccountID: accountID,
+                tokenUpdater: { provider, updatedAccountID, token in
+                    #expect(provider == .stepfun)
+                    #expect(updatedAccountID == accountID)
+                    await updateRecorder.record(token)
+                })
+
+            let result = try await StepFunWebFetchStrategy().fetch(context)
+
+            #expect(result.usage.identity?.loginMethod == "Plus")
+            #expect(recorder.usageCallCount == 2)
+            #expect(recorder.refreshCallCount == 1)
+            let updatedToken = await updateRecorder.recordedToken()
+            #expect(updatedToken == "new-access...new-refresh")
+        }
+    }
+
+    @Test
+    func `manual token auth failure refreshes settings token and retries usage`() async throws {
+        let updateRecorder = StepFunTokenUpdateRecorder()
+
+        try await self.withStubProtocol { recorder in
+            StepFunStubURLProtocol.handler = { request in
+                let path = request.url?.path ?? ""
+                if path.contains("QueryStepPlanRateLimit") {
+                    let call = recorder.recordUsageCall()
+                    if call == 1 {
+                        return Self.jsonResponse(for: request, statusCode: 401, body: #"{"error":"unauthorized"}"#)
+                    }
+
+                    #expect(request.value(forHTTPHeaderField: "Cookie")?.contains("new-access...new-refresh") == true)
+                    return Self.usageResponse(for: request)
+                }
+
+                if path.contains("RefreshToken") {
+                    recorder.recordRefreshCall()
+                    return Self.jsonResponse(
+                        for: request,
+                        body: """
+                        {
+                            "accessToken": {"raw": "new-access"},
+                            "refreshToken": {"raw": "new-refresh"}
+                        }
+                        """)
+                }
+
+                if path.contains("GetStepPlanStatus") {
+                    return Self.jsonResponse(
+                        for: request,
+                        body: #"{"status":1,"subscription":{"name":"Plus","plan_type":1,"status":1}}"#)
+                }
+
+                return Self.jsonResponse(for: request, statusCode: 404, body: #"{"error":"unexpected"}"#)
+            }
+
+            let settings = ProviderSettingsSnapshot.make(
+                stepfun: ProviderSettingsSnapshot.StepFunProviderSettings(
+                    cookieSource: .manual,
+                    manualToken: "old-access...old-refresh"))
+            let context = self.makeContext(
+                settings: settings,
+                manualTokenUpdater: { provider, token in
+                    #expect(provider == .stepfun)
+                    await updateRecorder.record(token)
+                })
+
+            _ = try await StepFunWebFetchStrategy().fetch(context)
+
+            #expect(recorder.usageCallCount == 2)
+            #expect(recorder.refreshCallCount == 1)
+            let updatedToken = await updateRecorder.recordedToken()
+            #expect(updatedToken == "new-access...new-refresh")
+        }
+    }
+
+    @Test
+    func `stale cached token falls back to configured env token`() async throws {
+        CookieHeaderCache.store(provider: .stepfun, cookieHeader: "stale-access...stale-refresh", sourceLabel: "test")
+        defer { CookieHeaderCache.clear(provider: .stepfun) }
+
+        try await self.withStubProtocol { recorder in
+            StepFunStubURLProtocol.handler = { request in
+                let path = request.url?.path ?? ""
+                if path.contains("QueryStepPlanRateLimit") {
+                    let call = recorder.recordUsageCall()
+                    if call == 1 {
+                        #expect(request.value(forHTTPHeaderField: "Cookie")?
+                            .contains("stale-access...stale-refresh") == true)
+                        return Self.jsonResponse(for: request, statusCode: 401, body: #"{"error":"unauthorized"}"#)
+                    }
+
+                    #expect(request.value(forHTTPHeaderField: "Cookie")?.contains("env-access...env-refresh") == true)
+                    return Self.usageResponse(for: request)
+                }
+
+                if path.contains("RefreshToken") {
+                    recorder.recordRefreshCall()
+                    return Self.jsonResponse(for: request, statusCode: 401, body: #"{"error":"expired"}"#)
+                }
+
+                if path.contains("GetStepPlanStatus") {
+                    return Self.jsonResponse(
+                        for: request,
+                        body: #"{"status":1,"subscription":{"name":"Plus","plan_type":1,"status":1}}"#)
+                }
+
+                return Self.jsonResponse(for: request, statusCode: 404, body: #"{"error":"unexpected"}"#)
+            }
+
+            let settings = ProviderSettingsSnapshot.make(
+                stepfun: ProviderSettingsSnapshot.StepFunProviderSettings(cookieSource: .auto))
+            let context = self.makeContext(
+                settings: settings,
+                env: ["STEPFUN_TOKEN": "env-access...env-refresh"])
+
+            _ = try await StepFunWebFetchStrategy().fetch(context)
+
+            #expect(recorder.usageCallCount == 2)
+            #expect(recorder.refreshCallCount == 1)
+            #expect(CookieHeaderCache.load(provider: .stepfun) == nil)
+        }
+    }
+
+    @Test
+    func `stale cached and env tokens fall back to env login credentials`() async throws {
+        CookieHeaderCache.store(provider: .stepfun, cookieHeader: "stale-access...stale-refresh", sourceLabel: "test")
+        defer { CookieHeaderCache.clear(provider: .stepfun) }
+
+        try await self.withStubProtocol { recorder in
+            StepFunStubURLProtocol.handler = { request in
+                let path = request.url?.path ?? ""
+                if path.isEmpty || path == "/" {
+                    return Self.jsonResponse(
+                        for: request,
+                        body: "{}",
+                        headers: ["Set-Cookie": "INGRESSCOOKIE=ingress-cookie; Path=/"])
+                }
+
+                if path.contains("RegisterDevice") {
+                    return Self.jsonResponse(
+                        for: request,
+                        body: """
+                        {
+                            "accessToken": {"raw": "anon-access"},
+                            "refreshToken": {"raw": "anon-refresh"}
+                        }
+                        """)
+                }
+
+                if path.contains("SignInByPassword") {
+                    return Self.jsonResponse(
+                        for: request,
+                        body: """
+                        {
+                            "accessToken": {"raw": "login-access"},
+                            "refreshToken": {"raw": "login-refresh"}
+                        }
+                        """)
+                }
+
+                if path.contains("QueryStepPlanRateLimit") {
+                    let call = recorder.recordUsageCall()
+                    if call == 1 {
+                        #expect(request.value(forHTTPHeaderField: "Cookie")?
+                            .contains("stale-access...stale-refresh") == true)
+                        return Self.jsonResponse(for: request, statusCode: 401, body: #"{"error":"unauthorized"}"#)
+                    }
+                    if call == 2 {
+                        #expect(request.value(forHTTPHeaderField: "Cookie")?
+                            .contains("env-access...env-refresh") == true)
+                        return Self.jsonResponse(for: request, statusCode: 401, body: #"{"error":"unauthorized"}"#)
+                    }
+
+                    #expect(request.value(forHTTPHeaderField: "Cookie")?
+                        .contains("login-access...login-refresh") == true)
+                    return Self.usageResponse(for: request)
+                }
+
+                if path.contains("RefreshToken") {
+                    recorder.recordRefreshCall()
+                    return Self.jsonResponse(for: request, statusCode: 401, body: #"{"error":"expired"}"#)
+                }
+
+                if path.contains("GetStepPlanStatus") {
+                    return Self.jsonResponse(
+                        for: request,
+                        body: #"{"status":1,"subscription":{"name":"Plus","plan_type":1,"status":1}}"#)
+                }
+
+                return Self.jsonResponse(for: request, statusCode: 404, body: #"{"error":"unexpected"}"#)
+            }
+
+            let settings = ProviderSettingsSnapshot.make(
+                stepfun: ProviderSettingsSnapshot.StepFunProviderSettings(cookieSource: .auto))
+            let context = self.makeContext(
+                settings: settings,
+                env: [
+                    "STEPFUN_TOKEN": "env-access...env-refresh",
+                    "STEPFUN_USERNAME": "user@example.com",
+                    "STEPFUN_PASSWORD": "password",
+                ])
+
+            _ = try await StepFunWebFetchStrategy().fetch(context)
+
+            #expect(recorder.usageCallCount == 3)
+            #expect(recorder.refreshCallCount == 1)
+            #expect(CookieHeaderCache.load(provider: .stepfun)?.cookieHeader == "login-access...login-refresh")
+        }
+    }
+
+    @Test
+    func `post refresh non auth usage failure is not rewritten as auth guidance`() async throws {
+        try await self.withStubProtocol { recorder in
+            StepFunStubURLProtocol.handler = { request in
+                let path = request.url?.path ?? ""
+                if path.contains("QueryStepPlanRateLimit") {
+                    let call = recorder.recordUsageCall()
+                    if call == 1 {
+                        return Self.jsonResponse(for: request, statusCode: 401, body: #"{"error":"unauthorized"}"#)
+                    }
+                    return Self.jsonResponse(for: request, statusCode: 500, body: #"{"error":"temporary"}"#)
+                }
+
+                if path.contains("RefreshToken") {
+                    recorder.recordRefreshCall()
+                    return Self.jsonResponse(
+                        for: request,
+                        body: """
+                        {
+                            "accessToken": {"raw": "new-access"},
+                            "refreshToken": {"raw": "new-refresh"}
+                        }
+                        """)
+                }
+
+                return Self.jsonResponse(for: request, statusCode: 404, body: #"{"error":"unexpected"}"#)
+            }
+
+            let settings = ProviderSettingsSnapshot.make(
+                stepfun: ProviderSettingsSnapshot.StepFunProviderSettings(
+                    cookieSource: .manual,
+                    manualToken: "old-access...old-refresh"))
+            let context = self.makeContext(settings: settings)
+
+            do {
+                _ = try await StepFunWebFetchStrategy().fetch(context)
+                Issue.record("Expected post-refresh usage failure")
+            } catch let StepFunUsageError.apiError(message) {
+                #expect(message == "HTTP 500")
+            } catch {
+                Issue.record("Expected StepFunUsageError.apiError, got \(error)")
+            }
+
+            #expect(recorder.usageCallCount == 2)
+            #expect(recorder.refreshCallCount == 1)
+        }
+    }
+
+    @Test
+    func `manual token refresh failure does not fall back to ambient env credentials`() async throws {
+        try await self.withStubProtocol { recorder in
+            StepFunStubURLProtocol.handler = { request in
+                let path = request.url?.path ?? ""
+                if path.contains("QueryStepPlanRateLimit") {
+                    _ = recorder.recordUsageCall()
+                    return Self.jsonResponse(for: request, statusCode: 401, body: #"{"error":"unauthorized"}"#)
+                }
+
+                if path.contains("RefreshToken") {
+                    recorder.recordRefreshCall()
+                    return Self.jsonResponse(for: request, statusCode: 401, body: #"{"error":"expired"}"#)
+                }
+
+                Issue.record("Manual token recovery should not call login endpoint: \(path)")
+                return Self.jsonResponse(for: request, statusCode: 404, body: #"{"error":"unexpected"}"#)
+            }
+
+            let settings = ProviderSettingsSnapshot.make(
+                stepfun: ProviderSettingsSnapshot.StepFunProviderSettings(
+                    cookieSource: .manual,
+                    manualToken: "old-access...old-refresh"))
+            let context = self.makeContext(
+                settings: settings,
+                env: [
+                    "STEPFUN_USERNAME": "someone@example.com",
+                    "STEPFUN_PASSWORD": "secret",
+                ])
+
+            do {
+                _ = try await StepFunWebFetchStrategy().fetch(context)
+                Issue.record("Expected manual token auth failure")
+            } catch let StepFunUsageError.apiError(message) {
+                #expect(message.contains("Refresh the Oasis-Token"))
+            } catch {
+                Issue.record("Expected StepFunUsageError.apiError, got \(error)")
+            }
+
+            #expect(recorder.usageCallCount == 1)
+            #expect(recorder.refreshCallCount == 1)
+        }
+    }
+
+    @Test
+    func `non auth token wording does not trigger refresh recovery`() async throws {
+        try await self.withStubProtocol { recorder in
+            StepFunStubURLProtocol.handler = { request in
+                let path = request.url?.path ?? ""
+                if path.contains("QueryStepPlanRateLimit") {
+                    _ = recorder.recordUsageCall()
+                    return Self.jsonResponse(
+                        for: request,
+                        body: #"{"status":0,"message":"token plan status temporarily unavailable"}"#)
+                }
+
+                Issue.record("Non-auth usage error should not call recovery endpoint: \(path)")
+                return Self.jsonResponse(for: request, statusCode: 404, body: #"{"error":"unexpected"}"#)
+            }
+
+            let settings = ProviderSettingsSnapshot.make(
+                stepfun: ProviderSettingsSnapshot.StepFunProviderSettings(
+                    cookieSource: .manual,
+                    manualToken: "old-access...old-refresh"))
+            let context = self.makeContext(settings: settings)
+
+            do {
+                _ = try await StepFunWebFetchStrategy().fetch(context)
+                Issue.record("Expected provider API error")
+            } catch let StepFunUsageError.apiError(message) {
+                #expect(message == "token plan status temporarily unavailable")
+            } catch {
+                Issue.record("Expected StepFunUsageError.apiError, got \(error)")
+            }
+
+            #expect(recorder.usageCallCount == 1)
+            #expect(recorder.refreshCallCount == 0)
+        }
+    }
+
+    private func makeContext(
+        settings: ProviderSettingsSnapshot?,
+        env: [String: String] = [:],
+        selectedTokenAccountID: UUID? = nil,
+        tokenUpdater: ProviderFetchContext.TokenAccountTokenUpdater? = nil,
+        manualTokenUpdater: ProviderFetchContext.ProviderManualTokenUpdater? = nil) -> ProviderFetchContext
+    {
+        ProviderFetchContext(
+            runtime: .app,
+            sourceMode: .auto,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: env,
+            settings: settings,
+            fetcher: UsageFetcher(environment: [:]),
+            claudeFetcher: StubClaudeFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            selectedTokenAccountID: selectedTokenAccountID,
+            tokenAccountTokenUpdater: tokenUpdater,
+            providerManualTokenUpdater: manualTokenUpdater)
+    }
+
+    private func withStubProtocol(
+        _ body: (StepFunRequestRecorder) async throws -> Void) async throws
+    {
+        let recorder = StepFunRequestRecorder()
+        let registered = URLProtocol.registerClass(StepFunStubURLProtocol.self)
+        defer {
+            if registered {
+                URLProtocol.unregisterClass(StepFunStubURLProtocol.self)
+            }
+            StepFunStubURLProtocol.handler = nil
+        }
+        try await body(recorder)
+    }
+
+    private static func usageResponse(for request: URLRequest) -> (HTTPURLResponse, Data) {
+        self.jsonResponse(
+            for: request,
+            body: """
+            {
+                "status": 1,
+                "five_hour_usage_left_rate": 0.8,
+                "weekly_usage_left_rate": 0.6,
+                "five_hour_usage_reset_time": "1777528800",
+                "weekly_usage_reset_time": "1777899600"
+            }
+            """)
+    }
+
+    private static func jsonResponse(
+        for request: URLRequest,
+        statusCode: Int = 200,
+        body: String,
+        headers: [String: String] = ["Content-Type": "application/json"]) -> (HTTPURLResponse, Data)
+    {
+        let response = HTTPURLResponse(
+            url: request.url!,
+            statusCode: statusCode,
+            httpVersion: nil,
+            headerFields: headers)!
+        return (response, Data(body.utf8))
+    }
+}
+
+private actor StepFunTokenUpdateRecorder {
+    private var token: String?
+
+    func record(_ token: String) {
+        self.token = token
+    }
+
+    func recordedToken() -> String? {
+        self.token
+    }
+}
+
+private final class StepFunRequestRecorder: @unchecked Sendable {
+    private let lock = NSLock()
+    private var usageCalls = 0
+    private var refreshCalls = 0
+
+    var usageCallCount: Int {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        return self.usageCalls
+    }
+
+    var refreshCallCount: Int {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        return self.refreshCalls
+    }
+
+    func recordUsageCall() -> Int {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        self.usageCalls += 1
+        return self.usageCalls
+    }
+
+    func recordRefreshCall() {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        self.refreshCalls += 1
+    }
+}
+
+private final class StepFunStubURLProtocol: URLProtocol {
+    nonisolated(unsafe) static var handler: (@Sendable (URLRequest) throws -> (HTTPURLResponse, Data))?
+
+    override static func canInit(with request: URLRequest) -> Bool {
+        request.url?.host == "platform.stepfun.com"
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        guard let handler = Self.handler else {
+            self.client?.urlProtocol(self, didFailWithError: URLError(.badServerResponse))
+            return
+        }
+
+        do {
+            let (response, data) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
+}
diff --git a/Tests/CodexBarTests/SubprocessRunnerTests.swift b/Tests/CodexBarTests/SubprocessRunnerTests.swift
index 116d5da5d..9767b3221 100644
--- a/Tests/CodexBarTests/SubprocessRunnerTests.swift
+++ b/Tests/CodexBarTests/SubprocessRunnerTests.swift
@@ -2,10 +2,9 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct SubprocessRunnerTests {
     @Test
-    func readsLargeStdoutWithoutDeadlock() async throws {
+    func `reads large stdout without deadlock`() async throws {
         let result = try await SubprocessRunner.run(
             binary: "/usr/bin/python3",
             arguments: ["-c", "print('x' * 1_000_000)"],
@@ -16,4 +15,150 @@ struct SubprocessRunnerTests {
         #expect(result.stdout.count >= 1_000_000)
         #expect(result.stderr.isEmpty)
     }
+
+    /// Regression test for #474: a hung subprocess must be killed and throw `.timedOut`
+    /// instead of blocking indefinitely.
+    ///
+    /// This test was previously deleted (commit 3961770) because `waitUntilExit()` blocked
+    /// the cooperative thread pool, starving the timeout task. The fix moves blocking calls
+    /// to `DispatchQueue.global()`, making this test reliable.
+    @Test
+    func `throws timed out when process hangs`() async throws {
+        let start = Date()
+        do {
+            _ = try await SubprocessRunner.run(
+                binary: "/bin/sleep",
+                arguments: ["5"],
+                environment: ProcessInfo.processInfo.environment,
+                timeout: 1,
+                label: "hung-process-test")
+            Issue.record("Expected SubprocessRunnerError.timedOut but no error was thrown")
+        } catch let error as SubprocessRunnerError {
+            guard case let .timedOut(label) = error else {
+                Issue.record("Expected .timedOut, got \(error)")
+                return
+            }
+            #expect(label == "hung-process-test")
+        } catch {
+            Issue.record("Expected SubprocessRunnerError.timedOut, got unexpected error: \(error)")
+        }
+
+        let elapsed = Date().timeIntervalSince(start)
+        // Must complete in well under 5s (the sleep duration). Allow generous bound for CI.
+        #expect(elapsed < 3, "Timeout should fire in ~1s, not wait for process to exit naturally")
+    }
+
+    /// Multiple concurrent hung subprocesses must all time out independently, proving that
+    /// one blocked subprocess does not starve the timeout mechanism of others.
+    /// This is the core scenario that caused the original permanent-refresh-stall bug.
+    @Test
+    func `concurrent hung processes all time out`() async {
+        let start = Date()
+        let count = 8
+
+        await withTaskGroup(of: Void.self) { group in
+            for i in 0..<count {
+                group.addTask {
+                    do {
+                        _ = try await SubprocessRunner.run(
+                            binary: "/bin/sleep",
+                            arguments: ["30"],
+                            environment: ProcessInfo.processInfo.environment,
+                            timeout: 2,
+                            label: "concurrent-hung-\(i)")
+                        Issue.record("Expected .timedOut for concurrent-hung-\(i)")
+                    } catch let error as SubprocessRunnerError {
+                        guard case .timedOut = error else {
+                            Issue.record("Expected .timedOut for concurrent-hung-\(i), got \(error)")
+                            return
+                        }
+                    } catch {
+                        Issue.record("Unexpected error for concurrent-hung-\(i): \(error)")
+                    }
+                }
+            }
+        }
+
+        let elapsed = Date().timeIntervalSince(start)
+        // Under release-load parallel tests the runner can be CPU-starved, but it should still finish far before
+        // the natural sleep exit and below a serial 8 * 2s timeout chain.
+        #expect(
+            elapsed < 15,
+            "All \(count) concurrent timeouts should fire in ~2s, took \(elapsed)s")
+    }
+
+    /// Stress-test the timeout race guard: with very short timeouts, the exit-code task
+    /// and the timeout task race tightly, exercising the KillFlag synchronization path.
+    @Test
+    func `timeout race stress`() async {
+        for i in 0..<20 {
+            do {
+                _ = try await SubprocessRunner.run(
+                    binary: "/bin/sleep",
+                    arguments: ["1"],
+                    environment: ProcessInfo.processInfo.environment,
+                    timeout: 0.1,
+                    label: "race-stress-\(i)")
+                Issue.record("Expected .timedOut for iteration \(i)")
+            } catch let error as SubprocessRunnerError {
+                guard case .timedOut = error else {
+                    Issue.record("Expected .timedOut, got \(error) at iteration \(i)")
+                    continue
+                }
+            } catch {
+                Issue.record("Unexpected error at iteration \(i): \(error)")
+            }
+        }
+    }
+
+    @Test
+    func `cancellation terminates hung process promptly`() async throws {
+        let start = Date()
+        let task = Task {
+            try await SubprocessRunner.run(
+                binary: "/bin/sleep",
+                arguments: ["10"],
+                environment: ProcessInfo.processInfo.environment,
+                timeout: 30,
+                label: "cancelled-hung-process")
+        }
+
+        try await Task.sleep(for: .milliseconds(100))
+        task.cancel()
+
+        do {
+            _ = try await task.value
+            Issue.record("Expected CancellationError but subprocess completed")
+        } catch is CancellationError {
+            // Expected: cancellation should tear down the child process immediately.
+        } catch {
+            Issue.record("Expected CancellationError, got \(error)")
+        }
+
+        let elapsed = Date().timeIntervalSince(start)
+        #expect(elapsed < 5, "Cancelled subprocess should not wait for timeout or natural exit")
+    }
+
+    /// Verify that many concurrent SubprocessRunner calls complete without starving each other.
+    @Test
+    func `concurrent calls do not starve`() async throws {
+        try await withThrowingTaskGroup(of: SubprocessResult.self) { group in
+            for i in 0..<20 {
+                group.addTask {
+                    try await SubprocessRunner.run(
+                        binary: "/bin/sleep",
+                        arguments: ["0.2"],
+                        environment: ProcessInfo.processInfo.environment,
+                        timeout: 10,
+                        label: "concurrent-\(i)")
+                }
+            }
+
+            var count = 0
+            for try await _ in group {
+                count += 1
+            }
+            #expect(count == 20, "All 20 concurrent calls should complete")
+        }
+    }
 }
diff --git a/Tests/CodexBarTests/SubscriptionDetectionTests.swift b/Tests/CodexBarTests/SubscriptionDetectionTests.swift
index f08821b8f..1a0a5afa9 100644
--- a/Tests/CodexBarTests/SubscriptionDetectionTests.swift
+++ b/Tests/CodexBarTests/SubscriptionDetectionTests.swift
@@ -2,12 +2,11 @@ import Foundation
 import Testing
 @testable import CodexBar
 
-@Suite
 struct SubscriptionDetectionTests {
     // MARK: - Subscription plans should be detected
 
     @Test
-    func detectsMaxPlan() {
+    func `detects max plan`() {
         #expect(UsageStore.isSubscriptionPlan("Claude Max") == true)
         #expect(UsageStore.isSubscriptionPlan("Max") == true)
         #expect(UsageStore.isSubscriptionPlan("claude max") == true)
@@ -15,41 +14,47 @@ struct SubscriptionDetectionTests {
     }
 
     @Test
-    func detectsProPlan() {
+    func `detects pro plan`() {
         #expect(UsageStore.isSubscriptionPlan("Claude Pro") == true)
         #expect(UsageStore.isSubscriptionPlan("Pro") == true)
         #expect(UsageStore.isSubscriptionPlan("pro") == true)
     }
 
     @Test
-    func detectsUltraPlan() {
+    func `detects ultra plan`() {
         #expect(UsageStore.isSubscriptionPlan("Claude Ultra") == true)
         #expect(UsageStore.isSubscriptionPlan("Ultra") == true)
         #expect(UsageStore.isSubscriptionPlan("ultra") == true)
     }
 
     @Test
-    func detectsTeamPlan() {
+    func `detects team plan`() {
         #expect(UsageStore.isSubscriptionPlan("Claude Team") == true)
         #expect(UsageStore.isSubscriptionPlan("Team") == true)
         #expect(UsageStore.isSubscriptionPlan("team") == true)
     }
 
+    @Test
+    func `enterprise plan does not count as subscription`() {
+        #expect(UsageStore.isSubscriptionPlan("Claude Enterprise") == false)
+        #expect(UsageStore.isSubscriptionPlan("Enterprise") == false)
+    }
+
     // MARK: - Non-subscription plans should return false
 
     @Test
-    func nilLoginMethodReturnsFalse() {
+    func `nil login method returns false`() {
         #expect(UsageStore.isSubscriptionPlan(nil) == false)
     }
 
     @Test
-    func emptyLoginMethodReturnsFalse() {
+    func `empty login method returns false`() {
         #expect(UsageStore.isSubscriptionPlan("") == false)
         #expect(UsageStore.isSubscriptionPlan("   ") == false)
     }
 
     @Test
-    func unknownPlanReturnsFalse() {
+    func `unknown plan returns false`() {
         #expect(UsageStore.isSubscriptionPlan("API") == false)
         #expect(UsageStore.isSubscriptionPlan("Free") == false)
         #expect(UsageStore.isSubscriptionPlan("Unknown") == false)
@@ -57,7 +62,7 @@ struct SubscriptionDetectionTests {
     }
 
     @Test
-    func apiKeyUsersReturnFalse() {
+    func `api key users return false`() {
         // API users typically don't have a login method or have non-subscription identifiers
         #expect(UsageStore.isSubscriptionPlan("api_key") == false)
         #expect(UsageStore.isSubscriptionPlan("console") == false)
diff --git a/Tests/CodexBarTests/SyntheticMenuCardTests.swift b/Tests/CodexBarTests/SyntheticMenuCardTests.swift
new file mode 100644
index 000000000..df7d00951
--- /dev/null
+++ b/Tests/CodexBarTests/SyntheticMenuCardTests.swift
@@ -0,0 +1,107 @@
+import CodexBarCore
+import Foundation
+import SwiftUI
+import Testing
+@testable import CodexBar
+
+struct SyntheticMenuCardTests {
+    private static func makeModel(
+        primary: RateWindow?,
+        secondary: RateWindow? = nil,
+        providerCost: ProviderCostSnapshot? = nil,
+        now: Date) throws -> UsageMenuCardView.Model
+    {
+        let identity = ProviderIdentitySnapshot(
+            providerID: .synthetic,
+            accountEmail: nil,
+            accountOrganization: nil,
+            loginMethod: nil)
+        let snapshot = UsageSnapshot(
+            primary: primary,
+            secondary: secondary,
+            tertiary: nil,
+            providerCost: providerCost,
+            updatedAt: now,
+            identity: identity)
+        let metadata = try #require(ProviderDefaults.metadata[.synthetic])
+        return UsageMenuCardView.Model.make(.init(
+            provider: .synthetic,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+    }
+
+    @Test
+    func `rolling regen text uses parsed tickPercent not hardcoded fallback`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let primary = RateWindow(
+            usedPercent: 50,
+            windowMinutes: 300,
+            resetsAt: now.addingTimeInterval(900),
+            resetDescription: nil,
+            nextRegenPercent: 2)
+        let model = try Self.makeModel(primary: primary, now: now)
+        let metric = try #require(model.metrics.first)
+        // 50% used / 2% per tick = 25 ticks to full.
+        #expect(metric.detailRightText == "Full in ~25 regens")
+        #expect(metric.detailLeftText == "52% after next regen")
+    }
+
+    @Test
+    func `rolling regen omits Synthetic-specific text when tickPercent is missing`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let primary = RateWindow(
+            usedPercent: 50,
+            windowMinutes: 300,
+            resetsAt: now.addingTimeInterval(900),
+            resetDescription: nil,
+            nextRegenPercent: nil)
+        let model = try Self.makeModel(primary: primary, now: now)
+        let metric = try #require(model.metrics.first)
+        // Without nextRegenPercent we no longer assert a regen-specific label;
+        // the renderer must not fabricate ticks-to-full from a guessed rate.
+        #expect(metric.detailRightText?.contains("regen") != true)
+    }
+
+    @Test
+    func `weekly regen text near full reports both labels consistently`() throws {
+        let now = Date(timeIntervalSince1970: 1_700_000_000)
+        let secondary = RateWindow(
+            usedPercent: 1,
+            windowMinutes: 10080,
+            resetsAt: now.addingTimeInterval(3600),
+            resetDescription: nil)
+        let cost = ProviderCostSnapshot(
+            used: 0.36,
+            limit: 36,
+            currencyCode: "USD",
+            period: "Weekly",
+            resetsAt: now.addingTimeInterval(3600),
+            nextRegenAmount: 0.72,
+            updatedAt: now)
+        let model = try Self.makeModel(
+            primary: nil,
+            secondary: secondary,
+            providerCost: cost,
+            now: now)
+        let weekly = try #require(model.metrics.first(where: { $0.id == "secondary" }))
+        // used=$0.36 / nextRegen=$0.72 = 0.5 ticks → between 0.1 and 1.5 → "Full in ~1 regen".
+        #expect(weekly.detailRightText == "Full in ~1 regen")
+        // remaining 99% + 2% next regen caps at 100% → "100% after next regen".
+        #expect(weekly.detailLeftText == "100% after next regen")
+    }
+}
diff --git a/Tests/CodexBarTests/SyntheticProviderTests.swift b/Tests/CodexBarTests/SyntheticProviderTests.swift
index aad33712b..abe9765b0 100644
--- a/Tests/CodexBarTests/SyntheticProviderTests.swift
+++ b/Tests/CodexBarTests/SyntheticProviderTests.swift
@@ -2,25 +2,23 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct SyntheticSettingsReaderTests {
     @Test
-    func apiKeyReadsFromEnvironment() {
+    func `api key reads from environment`() {
         let token = SyntheticSettingsReader.apiKey(environment: ["SYNTHETIC_API_KEY": "abc123"])
         #expect(token == "abc123")
     }
 
     @Test
-    func apiKeyStripsQuotes() {
+    func `api key strips quotes`() {
         let token = SyntheticSettingsReader.apiKey(environment: ["SYNTHETIC_API_KEY": "\"token-xyz\""])
         #expect(token == "token-xyz")
     }
 }
 
-@Suite
 struct SyntheticUsageSnapshotTests {
     @Test
-    func mapsUsageSnapshotWindows() throws {
+    func `maps usage snapshot windows`() throws {
         let json = """
         {
           "plan": "Starter",
@@ -41,7 +39,7 @@ struct SyntheticUsageSnapshotTests {
     }
 
     @Test
-    func parsesSubscriptionQuota() throws {
+    func `parses subscription quota`() throws {
         let json = """
         {
           "subscription": {
@@ -63,4 +61,167 @@ struct SyntheticUsageSnapshotTests {
         #expect(usage.primary?.resetsAt == expectedReset)
         #expect(usage.loginMethod(for: .synthetic) == nil)
     }
+
+    @Test
+    func `parses nested subscription pack quota`() throws {
+        let json = """
+        {
+          "subscription": {
+            "packs": 2,
+            "rateLimit": {
+              "messages": 1000,
+              "requests": 250,
+              "period": "5hr",
+              "resetsAt": "2026-04-16T18:00:00Z"
+            }
+          }
+        }
+        """
+        let data = try #require(json.data(using: .utf8))
+        let snapshot = try SyntheticUsageParser.parse(data: data, now: Date(timeIntervalSince1970: 123))
+        let usage = snapshot.toUsageSnapshot()
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime]
+        let expectedReset = try #require(formatter.date(from: "2026-04-16T18:00:00Z"))
+
+        #expect(usage.primary?.usedPercent == 25)
+        #expect(usage.primary?.windowMinutes == 300)
+        #expect(usage.primary?.resetsAt == expectedReset)
+    }
+
+    @Test
+    func `parses live root level rolling and weekly quotas`() throws {
+        let json = """
+        {
+          "subscription": {
+            "limit": 750,
+            "requests": 0,
+            "renewsAt": "2026-04-17T08:35:49.493Z"
+          },
+          "weeklyTokenLimit": {
+            "nextRegenAt": "2026-04-17T05:19:30.000Z",
+            "percentRemaining": 98.05884722222223,
+            "maxCredits": "$36.00",
+            "remainingCredits": "$35.30",
+            "nextRegenCredits": "$0.72"
+          },
+          "rollingFiveHourLimit": {
+            "nextTickAt": "2026-04-17T03:44:11.000Z",
+            "tickPercent": 0.05,
+            "remaining": 750,
+            "max": 750,
+            "limited": false
+          },
+          "search": {
+            "hourly": {
+              "limit": 250,
+              "requests": 2,
+              "renewsAt": "2026-04-17T04:30:01.494Z"
+            }
+          }
+        }
+        """
+        let data = try #require(json.data(using: .utf8))
+        let snapshot = try SyntheticUsageParser.parse(data: data, now: Date(timeIntervalSince1970: 123))
+        let usage = snapshot.toUsageSnapshot()
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime]
+        let fractionalFormatter = ISO8601DateFormatter()
+        fractionalFormatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        let expectedPrimaryReset = try #require(formatter.date(from: "2026-04-17T03:44:11Z"))
+        let expectedSecondaryReset = try #require(formatter.date(from: "2026-04-17T05:19:30Z"))
+        let expectedTertiaryReset = try #require(fractionalFormatter.date(from: "2026-04-17T04:30:01.494Z"))
+
+        #expect(usage.primary?.usedPercent == 0)
+        #expect(usage.primary?.resetsAt == expectedPrimaryReset)
+        #expect(usage.primary?.resetDescription == nil)
+        #expect(abs((usage.secondary?.usedPercent ?? 0) - 1.9411527777777715) < 0.001)
+        #expect(usage.secondary?.resetsAt == expectedSecondaryReset)
+        #expect(usage.secondary?.resetDescription == nil)
+        #expect(usage.tertiary?.usedPercent == 0.8)
+        #expect(usage.tertiary?.resetsAt == expectedTertiaryReset)
+        #expect(usage.providerCost?.limit == 36)
+        #expect(abs((usage.providerCost?.used ?? 0) - 0.7) < 0.0001)
+        #expect(usage.providerCost?.nextRegenAmount == 0.72)
+    }
+
+    @Test
+    func `parses rolling lane tickPercent into primary nextRegenPercent`() throws {
+        let json = """
+        {
+          "rollingFiveHourLimit": {
+            "nextTickAt": "2026-04-17T03:44:11.000Z",
+            "tickPercent": 0.05,
+            "remaining": 750,
+            "max": 750,
+            "limited": false
+          }
+        }
+        """
+        let data = try #require(json.data(using: .utf8))
+        let snapshot = try SyntheticUsageParser.parse(data: data, now: Date(timeIntervalSince1970: 123))
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.nextRegenPercent == 5.0)
+    }
+
+    @Test
+    func `omits nextRegenPercent when rolling lane lacks tickPercent`() throws {
+        let json = """
+        {
+          "rollingFiveHourLimit": {
+            "nextTickAt": "2026-04-17T03:44:11.000Z",
+            "remaining": 750,
+            "max": 750
+          }
+        }
+        """
+        let data = try #require(json.data(using: .utf8))
+        let snapshot = try SyntheticUsageParser.parse(data: data, now: Date(timeIntervalSince1970: 123))
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.nextRegenPercent == nil)
+    }
+
+    @Test
+    func `parses time string suffixes covering minutes hours and days`() {
+        #expect(SyntheticUsageParser.windowMinutes(fromText: "5min") == 5)
+        #expect(SyntheticUsageParser.windowMinutes(fromText: "5m") == 5)
+        #expect(SyntheticUsageParser.windowMinutes(fromText: "5hr") == 300)
+        #expect(SyntheticUsageParser.windowMinutes(fromText: "5h") == 300)
+        #expect(SyntheticUsageParser.windowMinutes(fromText: "5hours") == 300)
+        #expect(SyntheticUsageParser.windowMinutes(fromText: "2days") == 2880)
+        #expect(SyntheticUsageParser.windowMinutes(fromText: "2d") == 2880)
+        #expect(SyntheticUsageParser.windowMinutes(fromText: "1 hour") == 60)
+        #expect(SyntheticUsageParser.windowMinutes(fromText: "junk") == nil)
+        #expect(SyntheticUsageParser.windowMinutes(fromText: "") == nil)
+    }
+
+    @Test
+    func `preserves slot identity when rolling lane is missing`() throws {
+        let json = """
+        {
+          "weeklyTokenLimit": {
+            "nextRegenAt": "2026-04-17T05:19:30.000Z",
+            "percentRemaining": 98.0,
+            "maxCredits": "$36.00",
+            "remainingCredits": "$35.30",
+            "nextRegenCredits": "$0.72"
+          },
+          "search": {
+            "hourly": {
+              "limit": 250,
+              "requests": 2,
+              "renewsAt": "2026-04-17T04:30:01.494Z"
+            }
+          }
+        }
+        """
+        let data = try #require(json.data(using: .utf8))
+        let snapshot = try SyntheticUsageParser.parse(data: data, now: Date(timeIntervalSince1970: 123))
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(usage.primary == nil)
+        #expect(abs((usage.secondary?.usedPercent ?? 0) - 2.0) < 0.001)
+        #expect(usage.tertiary?.usedPercent == 0.8)
+        #expect(usage.providerCost?.limit == 36)
+    }
 }
diff --git a/Tests/CodexBarTests/T3ChatUsageFetcherTests.swift b/Tests/CodexBarTests/T3ChatUsageFetcherTests.swift
new file mode 100644
index 000000000..83e69ef33
--- /dev/null
+++ b/Tests/CodexBarTests/T3ChatUsageFetcherTests.swift
@@ -0,0 +1,295 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct T3ChatUsageFetcherTests {
+    private struct StubClaudeFetcher: ClaudeUsageFetching {
+        func loadLatestUsage(model _: String) async throws -> ClaudeUsageSnapshot {
+            throw ClaudeUsageError.parseFailed("stub")
+        }
+
+        func debugRawProbe(model _: String) async -> String {
+            "stub"
+        }
+
+        func detectVersion() -> String? {
+            nil
+        }
+    }
+
+    private static let now = Date(timeIntervalSince1970: 1_778_000_000)
+    // 2026-05-21T12:23:36Z, the usage-window reset that must not drive overage reset display.
+    private static let billingNextResetMilliseconds = 1_779_366_216_920
+    // 2026-06-06T16:23:29Z, the subscription period end used for overage reset display.
+    private static let subscriptionPeriodEndSeconds = 1_780_763_009
+    private static let subscriptionPeriodEndMilliseconds = Self.subscriptionPeriodEndSeconds * 1000
+
+    private static let sampleResponse = [
+        #"{"json":{"0":[[0],[null,0,0]]}}"#,
+        #"{"json":[0,0,[[{"result":0}],["result",0,1]]]}"#,
+        #"{"json":[1,0,[[{"data":0}],["data",0,2]]]}"#,
+        #"{"json":[2,0,[[{"subTier":"pro","subscription":{"# +
+            #""productId":"pro","productName":"pro","status":"active","# +
+            #""currentPeriodStart":1778084609000,"currentPeriodEnd":1780763009000,"# +
+            #""canceledAt":null,"trialEndsAt":null},"lifetimeBalance":0,"usageBand":"max","# +
+            #""billingNextResetAt":1779366216920,"usageFourHourPercentage":12.5,"# +
+            #""usageMonthPercentage":34.25,"usageFourHourNextResetAt":1779366216920,"# +
+            #""usagePeriodPercentage":44,"usageWindowNextResetAt":1779366216920}]]]}"#,
+    ].joined(separator: "\n")
+
+    @Test
+    func `parses customer data from json lines response`() throws {
+        let snapshot = try T3ChatUsageParser.parseJSONLines(Self.sampleResponse, now: Self.now)
+
+        #expect(snapshot.customerData.subTier == "pro")
+        #expect(snapshot.customerData.usageBand == "max")
+        #expect(snapshot.customerData.usageFourHourPercentage == 12.5)
+        #expect(snapshot.customerData.usageMonthPercentage == 34.25)
+        #expect(snapshot.customerData.subscription?.status == "active")
+    }
+
+    @Test
+    func `maps customer data to base and overage windows`() throws {
+        let usage = try T3ChatUsageParser.parseJSONLines(Self.sampleResponse, now: Self.now)
+            .toUsageSnapshot()
+
+        #expect(usage.primary?.usedPercent == 12.5)
+        #expect(usage.primary?.windowMinutes == 240)
+        #expect(usage.primary?.resetDescription == "Base - max")
+        #expect(usage.secondary?.usedPercent == 34.25)
+        #expect(usage.secondary?.resetDescription == "Overage")
+        #expect(usage.secondary?.resetsAt.map { Int($0.timeIntervalSince1970) } == Self.subscriptionPeriodEndSeconds)
+        #expect(usage.identity?.providerID == .t3chat)
+        #expect(usage.identity?.loginMethod == "Pro")
+    }
+
+    @Test
+    func `falls back to usage period percentage when month percentage is absent`() throws {
+        let response = """
+        {"json":[2,0,[[{"subTier":"free","usageFourHourPercentage":5,"usagePeriodPercentage":65}]]]}
+        """
+        let usage = try T3ChatUsageParser.parseJSONLines(response, now: Self.now)
+            .toUsageSnapshot()
+
+        #expect(usage.primary?.usedPercent == 5)
+        #expect(usage.secondary?.usedPercent == 65)
+    }
+
+    @Test
+    func `overage reset ignores billing next reset`() throws {
+        let response = Self.customerDataResponse(
+            #"{"usageMonthPercentage":20,"billingNextResetAt":\#(Self.billingNextResetMilliseconds)}"#)
+        let usage = try T3ChatUsageParser.parseJSONLines(response, now: Self.now)
+            .toUsageSnapshot()
+
+        #expect(usage.secondary?.usedPercent == 20)
+        #expect(usage.secondary?.resetsAt == nil)
+    }
+
+    @Test
+    func `overage reset uses subscription current period end`() throws {
+        let currentPeriodEnd = Self.subscriptionPeriodEndMilliseconds
+        let response = Self.customerDataResponse(
+            #"{"usageMonthPercentage":20,"subscription":{"currentPeriodEnd":\#(currentPeriodEnd)}}"#)
+        let usage = try T3ChatUsageParser.parseJSONLines(response, now: Self.now)
+            .toUsageSnapshot()
+
+        #expect(usage.secondary?.usedPercent == 20)
+        #expect(usage.secondary?.resetsAt.map { Int($0.timeIntervalSince1970) } == Self.subscriptionPeriodEndSeconds)
+    }
+
+    @Test
+    func `fetch sends trpc headers and cookie`() async throws {
+        let stub = ProviderHTTPTransportStub { request in
+            #expect(request.url?.host == "t3.chat")
+            #expect(request.url?.path == "/api/trpc/getCustomerData")
+            #expect(request.value(forHTTPHeaderField: "Cookie") == "session=abc")
+            #expect(request.value(forHTTPHeaderField: "trpc-accept") == "application/jsonl")
+            #expect(request.value(forHTTPHeaderField: "x-trpc-source") == "web-client")
+            #expect(request.value(forHTTPHeaderField: "Sec-Fetch-Site") == "same-origin")
+            #expect(request.url?.query?.contains("batch=1") == true)
+            let response = HTTPURLResponse(
+                url: request.url!,
+                statusCode: 200,
+                httpVersion: nil,
+                headerFields: nil)!
+            return (Data(Self.sampleResponse.utf8), response)
+        }
+
+        let snapshot = try await T3ChatUsageFetcher.fetchCustomerData(
+            cookieHeader: "session=abc",
+            now: Self.now,
+            transport: stub)
+
+        #expect(snapshot.customerData.planName == "Pro")
+    }
+
+    @Test
+    func `full curl capture forwards browser fingerprint headers`() async throws {
+        let curl = """
+        curl 'https://t3.chat/api/trpc/getCustomerData?batch=1&input=ignored' \\
+          -H 'User-Agent: Mozilla/5.0 Firefox/151.0' \\
+          --header "Referer: https://t3.chat/settings/customization" \\
+          -H 'trpc-accept: application/jsonl' \\
+          -H 'x-trpc-source: web-client' \\
+          -H 'x-trpc-batch: true' \\
+          -H 'X-Deployment-Id: dpl_test' \\
+          -H 'x-client-context: eyJjbGllbnQiOnsidmVyc2lvbiI6IjEuMTIuNCJ9fQ==' \\
+          -H 'Cookie: session=abc'
+        """
+        let stub = ProviderHTTPTransportStub { request in
+            #expect(request.value(forHTTPHeaderField: "Cookie") == "session=abc")
+            #expect(request.value(forHTTPHeaderField: "User-Agent") == "Mozilla/5.0 Firefox/151.0")
+            #expect(request.value(forHTTPHeaderField: "Referer") == "https://t3.chat/settings/customization")
+            #expect(request.value(forHTTPHeaderField: "X-Deployment-Id") == "dpl_test")
+            #expect(request.value(forHTTPHeaderField: "x-client-context") ==
+                "eyJjbGllbnQiOnsidmVyc2lvbiI6IjEuMTIuNCJ9fQ==")
+            let response = HTTPURLResponse(
+                url: request.url!,
+                statusCode: 200,
+                httpVersion: nil,
+                headerFields: nil)!
+            return (Data(Self.sampleResponse.utf8), response)
+        }
+
+        let fetcher = T3ChatUsageFetcher(browserDetection: BrowserDetection(cacheTTL: 0))
+        _ = try await fetcher.fetch(
+            cookieHeaderOverride: curl,
+            now: Self.now,
+            transport: stub)
+    }
+
+    @Test
+    func `curl capture forwards ansi quoted and equals header forms`() async throws {
+        let curl = """
+        curl 'https://t3.chat/api/trpc/getCustomerData?batch=1&input=ignored' \\
+          --header=$'User-Agent: Browser\\'s Agent' \\
+          --header 'X-Deployment-Id: dpl_test' \\
+          -H 'Cookie: session=abc'
+        """
+        let stub = ProviderHTTPTransportStub { request in
+            #expect(request.value(forHTTPHeaderField: "Cookie") == "session=abc")
+            #expect(request.value(forHTTPHeaderField: "User-Agent") == "Browser's Agent")
+            #expect(request.value(forHTTPHeaderField: "X-Deployment-Id") == "dpl_test")
+            let response = HTTPURLResponse(
+                url: request.url!,
+                statusCode: 200,
+                httpVersion: nil,
+                headerFields: nil)!
+            return (Data(Self.sampleResponse.utf8), response)
+        }
+
+        let fetcher = T3ChatUsageFetcher(browserDetection: BrowserDetection(cacheTTL: 0))
+        _ = try await fetcher.fetch(
+            cookieHeaderOverride: curl,
+            now: Self.now,
+            transport: stub)
+    }
+
+    @Test
+    func `full curl capture extracts cookie from long header form`() async throws {
+        let curl = """
+        curl 'https://t3.chat/api/trpc/getCustomerData?batch=1&input=ignored' \\
+          --compressed \\
+          --header "Referer: https://t3.chat/settings/customization" \\
+          --header "Cookie: session=abc; cf_clearance=token" \\
+          --header "X-Deployment-Id: dpl_test"
+        """
+        let stub = ProviderHTTPTransportStub { request in
+            #expect(request.value(forHTTPHeaderField: "Cookie") == "session=abc; cf_clearance=token")
+            #expect(request.value(forHTTPHeaderField: "Referer") == "https://t3.chat/settings/customization")
+            #expect(request.value(forHTTPHeaderField: "X-Deployment-Id") == "dpl_test")
+            let response = HTTPURLResponse(
+                url: request.url!,
+                statusCode: 200,
+                httpVersion: nil,
+                headerFields: nil)!
+            return (Data(Self.sampleResponse.utf8), response)
+        }
+
+        let fetcher = T3ChatUsageFetcher(browserDetection: BrowserDetection(cacheTTL: 0))
+        _ = try await fetcher.fetch(
+            cookieHeaderOverride: curl,
+            now: Self.now,
+            transport: stub)
+    }
+
+    @Test
+    func `manual strategy accepts full curl capture`() async {
+        let curl = """
+        curl 'https://t3.chat/api/trpc/getCustomerData?batch=1&input=ignored' \\
+          --header "Referer: https://t3.chat/settings/customization" \\
+          --header "Cookie: session=abc; cf_clearance=token" \\
+          --header "X-Deployment-Id: dpl_test"
+        """
+        let settings = ProviderSettingsSnapshot.make(
+            t3chat: ProviderSettingsSnapshot.T3ChatProviderSettings(
+                cookieSource: .manual,
+                manualCookieHeader: curl))
+
+        #expect(await T3ChatWebFetchStrategy().isAvailable(Self.makeContext(settings: settings)))
+    }
+
+    @Test
+    func `unauthorized response is invalid credentials`() async throws {
+        let stub = ProviderHTTPTransportStub { request in
+            let response = HTTPURLResponse(
+                url: request.url!,
+                statusCode: 401,
+                httpVersion: nil,
+                headerFields: nil)!
+            return (Data("unauthorized".utf8), response)
+        }
+
+        await #expect {
+            _ = try await T3ChatUsageFetcher.fetchCustomerData(
+                cookieHeader: "session=abc",
+                now: Self.now,
+                transport: stub)
+        } throws: { error in
+            guard case T3ChatUsageError.invalidCredentials = error else { return false }
+            return true
+        }
+    }
+
+    @Test
+    func `vercel challenge response asks for full curl capture`() async throws {
+        let stub = ProviderHTTPTransportStub { request in
+            let response = HTTPURLResponse(
+                url: request.url!,
+                statusCode: 429,
+                httpVersion: nil,
+                headerFields: ["x-vercel-mitigated": "challenge"])!
+            return (Data("checkpoint".utf8), response)
+        }
+
+        await #expect {
+            _ = try await T3ChatUsageFetcher.fetchCustomerData(
+                cookieHeader: "session=abc",
+                now: Self.now,
+                transport: stub)
+        } throws: { error in
+            guard case T3ChatUsageError.vercelChallenge = error else { return false }
+            return true
+        }
+    }
+
+    private static func customerDataResponse(_ customerDataJSON: String) -> String {
+        #"{"json":[2,0,[[\#(customerDataJSON)]]]}"# + "\n"
+    }
+
+    private static func makeContext(settings: ProviderSettingsSnapshot) -> ProviderFetchContext {
+        ProviderFetchContext(
+            runtime: .app,
+            sourceMode: .auto,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: [:],
+            settings: settings,
+            fetcher: UsageFetcher(environment: [:]),
+            claudeFetcher: StubClaudeFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0))
+    }
+}
diff --git a/Tests/CodexBarTests/TTYCommandRunnerTests.swift b/Tests/CodexBarTests/TTYCommandRunnerTests.swift
index be4bc1958..d39040690 100644
--- a/Tests/CodexBarTests/TTYCommandRunnerTests.swift
+++ b/Tests/CodexBarTests/TTYCommandRunnerTests.swift
@@ -4,8 +4,25 @@ import Testing
 
 @Suite(.serialized)
 struct TTYCommandRunnerEnvTests {
+    private final class CallbackCounter: @unchecked Sendable {
+        private let lock = NSLock()
+        private var count = 0
+
+        func increment() {
+            self.lock.lock()
+            self.count += 1
+            self.lock.unlock()
+        }
+
+        func value() -> Int {
+            self.lock.lock()
+            defer { self.lock.unlock() }
+            return self.count
+        }
+    }
+
     @Test
-    func shutdownFenceDrainsTrackedTTYProcesses() {
+    func `shutdown fence drains tracked TTY processes`() {
         TTYCommandRunner._test_resetTrackedProcesses()
         defer { TTYCommandRunner._test_resetTrackedProcesses() }
 
@@ -19,7 +36,20 @@ struct TTYCommandRunnerEnvTests {
     }
 
     @Test
-    func trackedProcessHelpersIgnoreInvalidPID() {
+    func `cached CLI sessions share shutdown tracking`() {
+        TTYCommandRunner._test_resetTrackedProcesses()
+        defer { TTYCommandRunner._test_resetTrackedProcesses() }
+
+        #expect(TTYCommandRunner.registerActiveProcessForAppShutdown(pid: 3001, binary: "codex"))
+        TTYCommandRunner.updateActiveProcessGroupForAppShutdown(pid: 3001, processGroup: 3001)
+        #expect(TTYCommandRunner._test_trackedProcessCount() == 1)
+
+        TTYCommandRunner.unregisterActiveProcessForAppShutdown(pid: 3001)
+        #expect(TTYCommandRunner._test_trackedProcessCount() == 0)
+    }
+
+    @Test
+    func `tracked process helpers ignore invalid PID`() {
         TTYCommandRunner._test_resetTrackedProcesses()
         defer { TTYCommandRunner._test_resetTrackedProcesses() }
 
@@ -28,7 +58,7 @@ struct TTYCommandRunnerEnvTests {
     }
 
     @Test
-    func shutdownFenceRejectsNewRegistrations() {
+    func `shutdown fence rejects new registrations`() {
         TTYCommandRunner._test_resetTrackedProcesses()
         defer { TTYCommandRunner._test_resetTrackedProcesses() }
 
@@ -41,7 +71,7 @@ struct TTYCommandRunnerEnvTests {
     }
 
     @Test
-    func shutdownResolverSkipsHostProcessGroupFallback() {
+    func `shutdown resolver skips host process group fallback`() {
         let hostGroup: pid_t = 4242
         let targets: [(pid: pid_t, binary: String, processGroup: pid_t?)] = [
             (pid: 100, binary: "codex", processGroup: nil),
@@ -63,7 +93,44 @@ struct TTYCommandRunnerEnvTests {
     }
 
     @Test
-    func preservesEnvironmentAndSetsTerm() {
+    func `descendant resolver walks process tree once`() {
+        let children: [pid_t: [pid_t]] = [
+            100: [101, 102],
+            101: [103],
+            102: [103],
+            103: [100],
+        ]
+
+        let descendants = TTYProcessTreeTerminator.descendantPIDs(of: 100) { children[$0] ?? [] }
+
+        #expect(Set(descendants) == Set([101, 102, 103]))
+        #expect(descendants.count == 3)
+    }
+
+    @Test
+    func `process tree termination signals escaped descendants`() {
+        let children: [pid_t: [pid_t]] = [
+            100: [101, 102],
+            102: [103],
+        ]
+        var signaled: [(pid: pid_t, signal: Int32)] = []
+
+        TTYProcessTreeTerminator.terminateProcessTree(
+            rootPID: 100,
+            processGroup: 200,
+            signal: 15,
+            childResolver: { children[$0] ?? [] },
+            signalSender: { pid, signal in
+                signaled.append((pid: pid, signal: signal))
+            })
+
+        #expect(Set(signaled.map(\.pid)) == Set([100, 101, 102, 103, -200]))
+        #expect(signaled.allSatisfy { $0.signal == 15 })
+        #expect(signaled.last?.pid == 100)
+    }
+
+    @Test
+    func `preserves environment and sets term`() {
         let baseEnv: [String: String] = [
             "PATH": "/custom/bin",
             "HOME": "/Users/tester",
@@ -83,7 +150,7 @@ struct TTYCommandRunnerEnvTests {
     }
 
     @Test
-    func backfillsHomeWhenMissing() {
+    func `backfills home when missing`() {
         let merged = TTYCommandRunner.enrichedEnvironment(
             baseEnv: ["PATH": "/custom/bin"],
             loginPATH: nil,
@@ -93,7 +160,7 @@ struct TTYCommandRunnerEnvTests {
     }
 
     @Test
-    func preservesExistingTermAndCustomVars() {
+    func `preserves existing term and custom vars`() {
         let merged = TTYCommandRunner.enrichedEnvironment(
             baseEnv: [
                 "PATH": "/custom/bin",
@@ -111,7 +178,25 @@ struct TTYCommandRunnerEnvTests {
     }
 
     @Test
-    func setsWorkingDirectoryWhenProvided() throws {
+    func `codex status probe uses non persistent thread storage`() {
+        let stateHome = URL(fileURLWithPath: "/tmp/codexbar status \"state\"", isDirectory: true)
+        let args = CodexStatusProbeIsolation.codexArguments(stateHome: stateHome)
+
+        #expect(args.starts(with: ["-s", "read-only", "-a", "untrusted"]))
+        #expect(args.contains("history.persistence=\"none\""))
+        #expect(args.contains("experimental_thread_store={type=\"in_memory\",id=\"codexbar-status\"}"))
+        #expect(args.contains("sqlite_home=\"/tmp/codexbar status \\\"state\\\"\""))
+    }
+
+    @Test
+    func `codex status probe avoids root working directory when home exists`() {
+        let home = "/Users/tester"
+        let workingDirectory = CodexStatusProbeIsolation.workingDirectory(environment: ["HOME": home])
+        #expect(workingDirectory?.path == home)
+    }
+
+    @Test
+    func `sets working directory when provided`() throws {
         let fm = FileManager.default
         let dir = fm.temporaryDirectory.appendingPathComponent("codexbar-tty-\(UUID().uuidString)", isDirectory: true)
         try fm.createDirectory(at: dir, withIntermediateDirectories: true)
@@ -123,7 +208,56 @@ struct TTYCommandRunnerEnvTests {
     }
 
     @Test
-    func autoRespondsToTrustPrompt() throws {
+    func `claude runner keeps normal working directory by default`() throws {
+        let runner = TTYCommandRunner()
+        let fakeClaude = try Self.makeFakeClaudeCLI()
+        let result = try runner.run(
+            binary: fakeClaude.path,
+            send: "",
+            options: .init(timeout: 3, stopOnSubstrings: ["deep-link-enabled"]))
+        let clean = result.text.replacingOccurrences(of: "\r", with: "")
+
+        #expect(clean.contains("deep-link-enabled"))
+    }
+
+    @Test
+    func `claude runner uses probe directory with deep link registration disabled when requested`() throws {
+        let runner = TTYCommandRunner()
+        let fakeClaude = try Self.makeFakeClaudeCLI()
+        let result = try runner.run(
+            binary: fakeClaude.path,
+            send: "",
+            options: .init(
+                timeout: 3,
+                stopOnSubstrings: ["deep-link-disabled"],
+                useClaudeProbeWorkingDirectory: true))
+        let clean = result.text.replacingOccurrences(of: "\r", with: "")
+
+        #expect(clean.contains("deep-link-disabled"))
+    }
+
+    @Test
+    func `claude runner uses probe directory for versioned CLI override`() throws {
+        let runner = TTYCommandRunner()
+        let fakeClaude = try Self.makeFakeClaudeCLI(fileName: "2.1.114")
+        var env = ProcessInfo.processInfo.environment
+        env["CLAUDE_CLI_PATH"] = fakeClaude.path
+
+        let result = try runner.run(
+            binary: fakeClaude.path,
+            send: "",
+            options: .init(
+                timeout: 3,
+                baseEnvironment: env,
+                stopOnSubstrings: ["deep-link-disabled"],
+                useClaudeProbeWorkingDirectory: true))
+        let clean = result.text.replacingOccurrences(of: "\r", with: "")
+
+        #expect(clean.contains("deep-link-disabled"))
+    }
+
+    @Test
+    func `auto responds to trust prompt`() throws {
         let fm = FileManager.default
         let dir = fm.temporaryDirectory.appendingPathComponent("codexbar-tty-\(UUID().uuidString)", isDirectory: true)
         try fm.createDirectory(at: dir, withIntermediateDirectories: true)
@@ -150,7 +284,7 @@ struct TTYCommandRunnerEnvTests {
             binary: scriptURL.path,
             send: "",
             options: .init(
-                timeout: 6,
+                timeout: 15,
                 // Use LF for portability: some PTY/termios setups do not translate CR → NL for shell reads.
                 sendOnSubstrings: ["trust the files in this folder?": "y\n"],
                 stopOnSubstrings: ["accepted", "rejected"],
@@ -159,8 +293,118 @@ struct TTYCommandRunnerEnvTests {
         #expect(result.text.contains("accepted"))
     }
 
+    private static func makeFakeClaudeCLI(fileName: String = "claude") throws -> URL {
+        let fm = FileManager.default
+        let dir = fm.temporaryDirectory.appendingPathComponent("codexbar-tty-\(UUID().uuidString)", isDirectory: true)
+        try fm.createDirectory(at: dir, withIntermediateDirectories: true)
+        let scriptURL = dir.appendingPathComponent(fileName)
+        let script = """
+        #!/bin/sh
+        settings="$PWD/.claude/settings.local.json"
+        if [ -f "$settings" ] \
+          && grep -q '"disableDeepLinkRegistration"' "$settings" \
+          && grep -q '"disable"' "$settings"; then
+          echo "deep-link-disabled"
+        else
+          echo "deep-link-enabled"
+        fi
+        """
+        try script.write(to: scriptURL, atomically: true, encoding: .utf8)
+        try fm.setAttributes([.posixPermissions: 0o755], ofItemAtPath: scriptURL.path)
+        return scriptURL
+    }
+
+    @Test
+    func `post-exit drain processes trailing chunk through callback path`() {
+        let callbackCounter = CallbackCounter()
+        var reads: [TTYCommandRunner.DrainReadResult] = [
+            .wouldBlock,
+            .wouldBlock,
+            .data(Data("https://example.com/auth".utf8)),
+            .closed,
+        ]
+
+        TTYCommandRunner.drainRemainingOutput(
+            until: Date().addingTimeInterval(1),
+            readChunk: {
+                if reads.isEmpty { return .closed }
+                return reads.removeFirst()
+            },
+            processChunk: { data in
+                if data.range(of: Data("https://".utf8)) != nil {
+                    callbackCounter.increment()
+                }
+            },
+            sleep: { _ in })
+
+        #expect(callbackCounter.value() == 1)
+    }
+
+    @Test
+    func `post-exit drain keeps harvesting after late success marker`() {
+        var readCount = 0
+        var processedChunks: [String] = []
+        var reads: [TTYCommandRunner.DrainReadResult] = [
+            .data(Data("accepted".utf8)),
+            .wouldBlock,
+            .data(Data(" trailing".utf8)),
+            .closed,
+        ]
+
+        TTYCommandRunner.drainRemainingOutput(
+            until: Date().addingTimeInterval(1),
+            readChunk: {
+                readCount += 1
+                if reads.isEmpty { return .closed }
+                return reads.removeFirst()
+            },
+            processChunk: { data in
+                processedChunks.append(String(bytes: data, encoding: .utf8) ?? "")
+            },
+            sleep: { _ in })
+
+        #expect(readCount == 4)
+        #expect(processedChunks == ["accepted", " trailing"])
+    }
+
+    @Test
+    func `post-exit drain stops once the PTY reports closure`() {
+        var readCount = 0
+
+        TTYCommandRunner.drainRemainingOutput(
+            until: Date().addingTimeInterval(1),
+            readChunk: {
+                readCount += 1
+                return .closed
+            },
+            processChunk: { _ in },
+            sleep: { _ in })
+
+        #expect(readCount == 1)
+    }
+
+    @Test
+    func `interrupted drain reads are treated as retryable`() {
+        let result = TTYCommandRunner.drainReadResult(for: Data(), terminalRead: -1, errno: EINTR)
+        if case .wouldBlock = result {
+            #expect(Bool(true))
+        } else {
+            Issue.record("Expected interrupted read to remain retryable during drain")
+        }
+    }
+
+    @Test
+    func `EOF beats stale would-block errno during drain classification`() {
+        let result = TTYCommandRunner.drainReadResult(for: Data(), terminalRead: 0, errno: EAGAIN)
+        if case .closed = result {
+            #expect(Bool(true))
+        } else {
+            Issue.record("Expected EOF reads to stop draining even if errno still holds EAGAIN")
+        }
+    }
+
     @Test
-    func stopsWhenOutputIsIdle() throws {
+    func `stops when output is idle`() throws {
         let fm = FileManager.default
         let dir = fm.temporaryDirectory.appendingPathComponent("codexbar-tty-\(UUID().uuidString)", isDirectory: true)
         try fm.createDirectory(at: dir, withIntermediateDirectories: true)
@@ -195,7 +439,7 @@ struct TTYCommandRunnerEnvTests {
     }
 
     @Test
-    func rollingBufferDetectsNeedleAcrossBoundary() {
+    func `rolling buffer detects needle across boundary`() {
         var scanner = TTYCommandRunner.RollingBuffer(maxNeedle: 6)
         let needle = Data("hello".utf8)
         let first = scanner.append(Data("he".utf8))
@@ -205,7 +449,7 @@ struct TTYCommandRunnerEnvTests {
     }
 
     @Test
-    func lowercasedASCIIOnlyTouchesAscii() {
+    func `lowercased ASCII only touches ascii`() {
         let data = Data("UpDaTe".utf8)
         let lowered = TTYCommandRunner.lowercasedASCII(data)
         #expect(String(data: lowered, encoding: .utf8) == "update")
diff --git a/Tests/CodexBarTests/TTYIntegrationTests.swift b/Tests/CodexBarTests/TTYIntegrationTests.swift
index adf59bccb..dca1536fa 100644
--- a/Tests/CodexBarTests/TTYIntegrationTests.swift
+++ b/Tests/CodexBarTests/TTYIntegrationTests.swift
@@ -6,7 +6,10 @@ import Testing
 @Suite(.serialized)
 struct TTYIntegrationTests {
     @Test
-    func codexRPCUsageLive() async throws {
+    func `codex RPC usage live`() async throws {
+        guard ProcessInfo.processInfo.environment["LIVE_CODEX_TTY"] == "1" else {
+            return
+        }
         let fetcher = UsageFetcher()
         do {
             let snapshot = try await fetcher.loadLatestUsage()
@@ -23,7 +26,7 @@ struct TTYIntegrationTests {
     }
 
     @Test
-    func claudeTTYUsageProbeLive() async throws {
+    func `claude TTY usage probe live`() async throws {
         guard ProcessInfo.processInfo.environment["LIVE_CLAUDE_TTY"] == "1" else {
             return
         }
@@ -55,4 +58,85 @@ struct TTYIntegrationTests {
 
         if !shouldAssert { return }
     }
+
+    @Test
+    func `claude pty usage waits for values after session label`() async throws {
+        let cli = try Self.makeSlowUsageClaudeCLI()
+        defer { Task { await ClaudeCLISession.shared.reset() } }
+
+        let snapshot = try await ClaudeCLISession.withIsolatedSessionForTesting {
+            try await ClaudeStatusProbe(claudeBinary: cli.path, timeout: 8).fetch()
+        }
+
+        #expect(snapshot.sessionPercentLeft == 93)
+        #expect(snapshot.weeklyPercentLeft == 79)
+    }
+
+    @Test
+    func `claude pty usage stops on subscription notice`() async throws {
+        let cli = try Self.makeSubscriptionNoticeClaudeCLI()
+        defer { Task { await ClaudeCLISession.shared.reset() } }
+
+        do {
+            try await ClaudeCLISession.withIsolatedSessionForTesting {
+                _ = try await ClaudeStatusProbe(claudeBinary: cli.path, timeout: 3).fetch()
+            }
+            #expect(Bool(false), "Subscription notice should fail parsing")
+        } catch let ClaudeStatusProbeError.parseFailed(message) {
+            #expect(message.lowercased().contains("subscription"))
+        } catch {
+            #expect(Bool(false), "Unexpected error: \(error)")
+        }
+    }
+
+    private static func makeSlowUsageClaudeCLI() throws -> URL {
+        let dir = FileManager.default.temporaryDirectory
+            .appendingPathComponent("CodexBarTTYTests-\(UUID().uuidString)", isDirectory: true)
+        try FileManager.default.createDirectory(at: dir, withIntermediateDirectories: true)
+        let url = dir.appendingPathComponent("claude")
+        let script = """
+        #!/bin/sh
+        while IFS= read -r line; do
+          case "$line" in
+            *"/usage"*)
+              printf '%s\\n' 'Settings  Status  Config  Usage'
+              printf '%s\\n' 'Current session'
+              sleep 4
+              printf '%s\\n' '93% left'
+              printf '%s\\n' 'Current week (all models)'
+              printf '%s\\n' '79% left'
+              ;;
+            *"/status"*)
+              printf '%s\\n' 'Account: slow-usage@example.com'
+              ;;
+          esac
+        done
+        """
+        try script.write(to: url, atomically: true, encoding: .utf8)
+        try FileManager.default.setAttributes([.posixPermissions: 0o755], ofItemAtPath: url.path)
+        return url
+    }
+
+    private static func makeSubscriptionNoticeClaudeCLI() throws -> URL {
+        let dir = FileManager.default.temporaryDirectory
+            .appendingPathComponent("CodexBarTTYTests-\(UUID().uuidString)", isDirectory: true)
+        try FileManager.default.createDirectory(at: dir, withIntermediateDirectories: true)
+        let url = dir.appendingPathComponent("claude")
+        let script = """
+        #!/bin/sh
+        while IFS= read -r line; do
+          case "$line" in
+            *"/usage"*)
+              printf '%s\\n' 'You are currently using your subscription to power your Claude Code usage'
+              ;;
+            *"/status"*)
+              printf '%s\\n' 'Account: subscription@example.com'
+              ;;
+          esac
+        done
+        """
+        try script.write(to: url, atomically: true, encoding: .utf8)
+        try FileManager.default.setAttributes([.posixPermissions: 0o755], ofItemAtPath: url.path)
+        return url
+    }
 }
diff --git a/Tests/CodexBarTests/TestStores.swift b/Tests/CodexBarTests/TestStores.swift
index 7d8e27491..185248593 100644
--- a/Tests/CodexBarTests/TestStores.swift
+++ b/Tests/CodexBarTests/TestStores.swift
@@ -1,6 +1,9 @@
 import CodexBarCore
 import Foundation
 @testable import CodexBar
+#if os(macOS)
+import AppKit
+#endif
 
 final class InMemoryCookieHeaderStore: CookieHeaderStoring, @unchecked Sendable {
     var value: String?
@@ -132,3 +135,57 @@ func testConfigStore(suiteName: String, reset: Bool = true) -> CodexBarConfigSto
     }
     return CodexBarConfigStore(fileURL: url)
 }
+
+#if os(macOS)
+@MainActor
+@discardableResult
+func withStatusItemControllerForTesting<T>(
+    store: UsageStore,
+    settings: SettingsStore,
+    fetcher: UsageFetcher,
+    statusBar: NSStatusBar = .system,
+    operation: (StatusItemController) throws -> T) rethrows -> T
+{
+    let controller = StatusItemController(
+        store: store,
+        settings: settings,
+        account: fetcher.loadAccountInfo(),
+        updater: DisabledUpdaterController(),
+        preferencesSelection: PreferencesSelection(),
+        statusBar: statusBar)
+    defer { controller.releaseStatusItemsForTesting() }
+    return try operation(controller)
+}
+
+@MainActor
+@discardableResult
+func withStatusItemControllerForTesting<T>(
+    store: UsageStore,
+    settings: SettingsStore,
+    fetcher: UsageFetcher,
+    statusBar: NSStatusBar = .system,
+    operation: (StatusItemController) async throws -> T) async rethrows -> T
+{
+    let controller = StatusItemController(
+        store: store,
+        settings: settings,
+        account: fetcher.loadAccountInfo(),
+        updater: DisabledUpdaterController(),
+        preferencesSelection: PreferencesSelection(),
+        statusBar: statusBar)
+    defer { controller.releaseStatusItemsForTesting() }
+    return try await operation(controller)
+}
+#endif
+
+func testPlanUtilizationHistoryStore(suiteName: String, reset: Bool = true) -> PlanUtilizationHistoryStore {
+    let sanitized = suiteName.replacingOccurrences(of: "/", with: "-")
+    let base = FileManager.default.temporaryDirectory
+        .appendingPathComponent("codexbar-tests", isDirectory: true)
+        .appendingPathComponent(sanitized, isDirectory: true)
+    let url = base.appendingPathComponent("history", isDirectory: true)
+    if reset {
+        try? FileManager.default.removeItem(at: url)
+    }
+    return PlanUtilizationHistoryStore(directoryURL: url)
+}
diff --git a/Tests/CodexBarTests/TextParsingTests.swift b/Tests/CodexBarTests/TextParsingTests.swift
index 812adbe02..ad4d07d25 100644
--- a/Tests/CodexBarTests/TextParsingTests.swift
+++ b/Tests/CodexBarTests/TextParsingTests.swift
@@ -1,17 +1,16 @@
 import CodexBarCore
 import Testing
 
-@Suite
 struct TextParsingTests {
     @Test
-    func stripANSICodesRemovesCursorVisibilityCSI() {
+    func `strip ANSI codes removes cursor visibility CSI`() {
         let input = "\u{001B}[?25hhello\u{001B}[0m"
         let stripped = TextParsing.stripANSICodes(input)
         #expect(stripped == "hello")
     }
 
     @Test
-    func firstNumberParsesDecimalSeparators() {
+    func `first number parses decimal separators`() {
         let dotDecimal = TextParsing.firstNumber(pattern: #"Credits:\s*([0-9][0-9., ]*)"#, text: "Credits: 54.72")
         #expect(dotDecimal == 54.72)
 
diff --git a/Tests/CodexBarTests/TokenAccountEnvironmentPrecedenceTests.swift b/Tests/CodexBarTests/TokenAccountEnvironmentPrecedenceTests.swift
index cb36b24ae..14dfe6392 100644
--- a/Tests/CodexBarTests/TokenAccountEnvironmentPrecedenceTests.swift
+++ b/Tests/CodexBarTests/TokenAccountEnvironmentPrecedenceTests.swift
@@ -4,11 +4,11 @@ import Testing
 @testable import CodexBar
 @testable import CodexBarCLI
 
+@Suite(.serialized)
 @MainActor
-@Suite
 struct TokenAccountEnvironmentPrecedenceTests {
     @Test
-    func tokenAccountEnvironmentOverridesConfigAPIKey_inAppEnvironmentBuilder() {
+    func `token account environment overrides config API key in app environment builder`() {
         let settings = Self.makeSettingsStore(suite: "TokenAccountEnvironmentPrecedenceTests-app")
         settings.zaiAPIToken = "config-token"
         settings.addTokenAccount(provider: .zai, label: "Account 1", token: "account-token")
@@ -25,7 +25,22 @@ struct TokenAccountEnvironmentPrecedenceTests {
     }
 
     @Test
-    func tokenAccountEnvironmentOverridesConfigAPIKey_inCLIEnvironmentBuilder() throws {
+    func `deepseek token account injects environment in app environment builder`() {
+        let settings = Self.makeSettingsStore(suite: "TokenAccountEnvironmentPrecedenceTests-deepseek-app")
+        settings.addTokenAccount(provider: .deepseek, label: "Account 1", token: "account-token")
+
+        let env = ProviderRegistry.makeEnvironment(
+            base: ["FOO": "bar"],
+            provider: .deepseek,
+            settings: settings,
+            tokenOverride: nil)
+
+        #expect(env["FOO"] == "bar")
+        #expect(env[DeepSeekSettingsReader.apiKeyEnvironmentKey] == "account-token")
+    }
+
+    @Test
+    func `token account environment overrides config API key in CLI environment builder`() throws {
         let config = CodexBarConfig(
             providers: [
                 ProviderConfig(id: .zai, apiKey: "config-token"),
@@ -46,7 +61,24 @@ struct TokenAccountEnvironmentPrecedenceTests {
     }
 
     @Test
-    func ollamaTokenAccountSelectionForcesManualCookieSourceInCLISettingsSnapshot() throws {
+    func `deepseek token account injects environment in CLI environment builder`() throws {
+        let config = CodexBarConfig(providers: [])
+        let selection = TokenAccountCLISelection(label: nil, index: nil, allAccounts: false)
+        let tokenContext = try TokenAccountCLIContext(selection: selection, config: config, verbose: false)
+        let account = ProviderTokenAccount(
+            id: UUID(),
+            label: "Account 1",
+            token: "account-token",
+            addedAt: Date().timeIntervalSince1970,
+            lastUsed: nil)
+
+        let env = tokenContext.environment(base: [:], provider: .deepseek, account: account)
+
+        #expect(env[DeepSeekSettingsReader.apiKeyEnvironmentKey] == "account-token")
+    }
+
+    @Test
+    func `ollama token account selection forces manual cookie source in CLI settings snapshot`() throws {
         let accounts = ProviderTokenAccountData(
             version: 1,
             accounts: [
@@ -76,7 +108,534 @@ struct TokenAccountEnvironmentPrecedenceTests {
     }
 
     @Test
-    func applyAccountLabelInAppPreservesSnapshotFields() {
+    func `stepfun CLI snapshot reads manual token from region field`() throws {
+        let config = CodexBarConfig(
+            providers: [
+                ProviderConfig(
+                    id: .stepfun,
+                    region: "Oasis-Token=manual-token; Oasis-Webid=web"),
+            ])
+        let selection = TokenAccountCLISelection(label: nil, index: nil, allAccounts: false)
+        let tokenContext = try TokenAccountCLIContext(selection: selection, config: config, verbose: false)
+        let snapshot = try #require(tokenContext.settingsSnapshot(for: .stepfun, account: nil))
+        let stepfunSettings = try #require(snapshot.stepfun)
+
+        #expect(stepfunSettings.cookieSource == .manual)
+        #expect(stepfunSettings.manualToken == "Oasis-Token=manual-token; Oasis-Webid=web")
+    }
+
+    @Test
+    func `stepfun CLI token account overrides region manual token`() throws {
+        let account = ProviderTokenAccount(
+            id: UUID(),
+            label: "StepFun",
+            token: "account-token",
+            addedAt: Date().timeIntervalSince1970,
+            lastUsed: nil)
+        let config = CodexBarConfig(
+            providers: [
+                ProviderConfig(
+                    id: .stepfun,
+                    region: "manual-token",
+                    tokenAccounts: ProviderTokenAccountData(
+                        version: 1,
+                        accounts: [account],
+                        activeIndex: 0)),
+            ])
+        let selection = TokenAccountCLISelection(label: nil, index: nil, allAccounts: false)
+        let tokenContext = try TokenAccountCLIContext(selection: selection, config: config, verbose: false)
+        let resolvedAccount = try #require(tokenContext.resolvedAccounts(for: .stepfun).first)
+        let snapshot = try #require(tokenContext.settingsSnapshot(for: .stepfun, account: resolvedAccount))
+        let stepfunSettings = try #require(snapshot.stepfun)
+
+        #expect(stepfunSettings.cookieSource == .manual)
+        #expect(stepfunSettings.manualToken == "account-token")
+    }
+
+    @Test
+    func `claude OAuth token account overrides environment in app environment builder`() {
+        let settings = Self.makeSettingsStore(suite: "TokenAccountEnvironmentPrecedenceTests-claude-app")
+        settings.addTokenAccount(provider: .claude, label: "OAuth", token: "Bearer sk-ant-oat-account-token")
+
+        let env = ProviderRegistry.makeEnvironment(
+            base: ["FOO": "bar"],
+            provider: .claude,
+            settings: settings,
+            tokenOverride: nil)
+
+        #expect(env["FOO"] == "bar")
+        #expect(env[ClaudeOAuthCredentialsStore.environmentTokenKey] == "sk-ant-oat-account-token")
+    }
+
+    @Test
+    func `claude session account strips ambient admin api credentials in app environment builder`() {
+        let settings = Self.makeSettingsStore(suite: "TokenAccountEnvironmentPrecedenceTests-claude-admin-strip-app")
+        settings.claudeAdminAPIKey = "sk-ant-admin-config"
+        settings.addTokenAccount(provider: .claude, label: "Session", token: "sk-ant-session-token")
+
+        let env = ProviderRegistry.makeEnvironment(
+            base: [
+                "FOO": "bar",
+                ClaudeAdminAPISettingsReader.alternateAdminAPIKeyEnvironmentKey: "sk-ant-admin-base",
+                ClaudeOAuthCredentialsStore.environmentTokenKey: "sk-ant-oat-base",
+            ],
+            provider: .claude,
+            settings: settings,
+            tokenOverride: nil)
+
+        #expect(env["FOO"] == "bar")
+        #expect(env[ClaudeAdminAPISettingsReader.adminAPIKeyEnvironmentKey] == nil)
+        #expect(env[ClaudeAdminAPISettingsReader.alternateAdminAPIKeyEnvironmentKey] == nil)
+        #expect(env[ClaudeOAuthCredentialsStore.environmentTokenKey] == nil)
+    }
+
+    @Test
+    func `claude session key selection carries organization id in app settings snapshot`() throws {
+        let settings = Self.makeSettingsStore(suite: "TokenAccountEnvironmentPrecedenceTests-claude-org-app")
+        settings.addTokenAccount(
+            provider: .claude,
+            label: "Team",
+            token: "sk-ant-session-token",
+            organizationID: " org-team ")
+
+        let snapshot = ProviderRegistry.makeSettingsSnapshot(settings: settings, tokenOverride: nil)
+        let claudeSettings = try #require(snapshot.claude)
+
+        #expect(claudeSettings.manualCookieHeader == "sessionKey=sk-ant-session-token")
+        #expect(claudeSettings.organizationID == "org-team")
+    }
+
+    @Test
+    func `claude OAuth token selection forces OAuth in CLI settings snapshot`() throws {
+        let accounts = ProviderTokenAccountData(
+            version: 1,
+            accounts: [
+                ProviderTokenAccount(
+                    id: UUID(),
+                    label: "Primary",
+                    token: "Bearer sk-ant-oat-account-token",
+                    addedAt: 0,
+                    lastUsed: nil),
+            ],
+            activeIndex: 0)
+        let config = CodexBarConfig(
+            providers: [
+                ProviderConfig(
+                    id: .claude,
+                    cookieSource: .auto,
+                    tokenAccounts: accounts),
+            ])
+        let selection = TokenAccountCLISelection(label: nil, index: nil, allAccounts: false)
+        let tokenContext = try TokenAccountCLIContext(selection: selection, config: config, verbose: false)
+        let account = try #require(tokenContext.resolvedAccounts(for: .claude).first)
+        let snapshot = try #require(tokenContext.settingsSnapshot(for: .claude, account: account))
+        let claudeSettings = try #require(snapshot.claude)
+
+        #expect(claudeSettings.usageDataSource == .oauth)
+        #expect(claudeSettings.cookieSource == .off)
+        #expect(claudeSettings.manualCookieHeader == nil)
+    }
+
+    @Test
+    func `claude OAuth token selection injects environment override in CLI`() throws {
+        let accounts = ProviderTokenAccountData(
+            version: 1,
+            accounts: [
+                ProviderTokenAccount(
+                    id: UUID(),
+                    label: "Primary",
+                    token: "Bearer sk-ant-oat-account-token",
+                    addedAt: 0,
+                    lastUsed: nil),
+            ],
+            activeIndex: 0)
+        let config = CodexBarConfig(
+            providers: [
+                ProviderConfig(id: .claude, tokenAccounts: accounts),
+            ])
+        let selection = TokenAccountCLISelection(label: nil, index: nil, allAccounts: false)
+        let tokenContext = try TokenAccountCLIContext(selection: selection, config: config, verbose: false)
+        let account = try #require(tokenContext.resolvedAccounts(for: .claude).first)
+
+        let env = tokenContext.environment(base: ["FOO": "bar"], provider: .claude, account: account)
+
+        #expect(env["FOO"] == "bar")
+        #expect(env[ClaudeOAuthCredentialsStore.environmentTokenKey] == "sk-ant-oat-account-token")
+    }
+
+    @Test
+    func `claude session account strips ambient admin api credentials in CLI environment builder`() throws {
+        let accounts = ProviderTokenAccountData(
+            version: 1,
+            accounts: [
+                ProviderTokenAccount(
+                    id: UUID(),
+                    label: "Primary",
+                    token: "sk-ant-session-token",
+                    addedAt: 0,
+                    lastUsed: nil),
+            ],
+            activeIndex: 0)
+        let config = CodexBarConfig(
+            providers: [
+                ProviderConfig(
+                    id: .claude,
+                    apiKey: "sk-ant-admin-config",
+                    tokenAccounts: accounts),
+            ])
+        let selection = TokenAccountCLISelection(label: nil, index: nil, allAccounts: false)
+        let tokenContext = try TokenAccountCLIContext(selection: selection, config: config, verbose: false)
+        let account = try #require(tokenContext.resolvedAccounts(for: .claude).first)
+
+        let env = tokenContext.environment(
+            base: [
+                "FOO": "bar",
+                ClaudeAdminAPISettingsReader.alternateAdminAPIKeyEnvironmentKey: "sk-ant-admin-base",
+                ClaudeOAuthCredentialsStore.environmentTokenKey: "sk-ant-oat-base",
+            ],
+            provider: .claude,
+            account: account)
+
+        #expect(env["FOO"] == "bar")
+        #expect(env[ClaudeAdminAPISettingsReader.adminAPIKeyEnvironmentKey] == nil)
+        #expect(env[ClaudeAdminAPISettingsReader.alternateAdminAPIKeyEnvironmentKey] == nil)
+        #expect(env[ClaudeOAuthCredentialsStore.environmentTokenKey] == nil)
+    }
+
+    @Test
+    func `claude OAuth token selection promotes auto source mode in CLI`() throws {
+        let account = ProviderTokenAccount(
+            id: UUID(),
+            label: "Primary",
+            token: "Bearer sk-ant-oat-account-token",
+            addedAt: 0,
+            lastUsed: nil)
+        let config = CodexBarConfig(providers: [ProviderConfig(id: .claude)])
+        let tokenContext = try TokenAccountCLIContext(
+            selection: TokenAccountCLISelection(label: nil, index: nil, allAccounts: false),
+            config: config,
+            verbose: false)
+
+        let effectiveSourceMode = tokenContext.effectiveSourceMode(
+            base: .auto,
+            provider: .claude,
+            account: account)
+
+        #expect(effectiveSourceMode == .oauth)
+    }
+
+    @Test
+    func `claude OAuth token selection reroutes explicit CLI source to OAuth in CLI`() throws {
+        let account = ProviderTokenAccount(
+            id: UUID(),
+            label: "Primary",
+            token: "Bearer sk-ant-oat-account-token",
+            addedAt: 0,
+            lastUsed: nil)
+        let config = CodexBarConfig(providers: [ProviderConfig(id: .claude)])
+        let tokenContext = try TokenAccountCLIContext(
+            selection: TokenAccountCLISelection(label: nil, index: nil, allAccounts: false),
+            config: config,
+            verbose: false)
+
+        let effectiveSourceMode = tokenContext.effectiveSourceMode(
+            base: .cli,
+            provider: .claude,
+            account: account)
+
+        #expect(effectiveSourceMode == .oauth)
+    }
+
+    @Test
+    func `claude session key selection reroutes explicit CLI source to Web in CLI`() throws {
+        let account = ProviderTokenAccount(
+            id: UUID(),
+            label: "Primary",
+            token: "sk-ant-session-token",
+            addedAt: 0,
+            lastUsed: nil)
+        let config = CodexBarConfig(providers: [ProviderConfig(id: .claude)])
+        let tokenContext = try TokenAccountCLIContext(
+            selection: TokenAccountCLISelection(label: nil, index: nil, allAccounts: false),
+            config: config,
+            verbose: false)
+
+        let effectiveSourceMode = tokenContext.effectiveSourceMode(
+            base: .cli,
+            provider: .claude,
+            account: account)
+
+        #expect(effectiveSourceMode == .web)
+    }
+
+    @Test
+    func `claude all accounts reroutes explicit CLI source per selected credential in CLI`() throws {
+        let accounts = ProviderTokenAccountData(
+            version: 1,
+            accounts: [
+                ProviderTokenAccount(
+                    id: UUID(),
+                    label: "OAuth",
+                    token: "Bearer sk-ant-oat-account-token",
+                    addedAt: 0,
+                    lastUsed: nil),
+                ProviderTokenAccount(
+                    id: UUID(),
+                    label: "Session",
+                    token: "sk-ant-session-token",
+                    addedAt: 0,
+                    lastUsed: nil),
+            ],
+            activeIndex: 0)
+        let config = CodexBarConfig(
+            providers: [
+                ProviderConfig(id: .claude, tokenAccounts: accounts),
+            ])
+        let tokenContext = try TokenAccountCLIContext(
+            selection: TokenAccountCLISelection(label: nil, index: nil, allAccounts: true),
+            config: config,
+            verbose: false)
+
+        let resolved = try tokenContext.resolvedAccounts(for: .claude)
+        #expect(resolved.map(\.label) == ["OAuth", "Session"])
+
+        let oauth = try #require(resolved.first)
+        let oauthSnapshot = try #require(tokenContext.settingsSnapshot(for: .claude, account: oauth)?.claude)
+        #expect(tokenContext.effectiveSourceMode(base: .cli, provider: .claude, account: oauth) == .oauth)
+        #expect(oauthSnapshot.usageDataSource == .oauth)
+        #expect(tokenContext.environment(base: [:], provider: .claude, account: oauth)[
+            ClaudeOAuthCredentialsStore.environmentTokenKey,
+        ] == "sk-ant-oat-account-token")
+
+        let session = try #require(resolved.dropFirst().first)
+        let sessionSnapshot = try #require(tokenContext.settingsSnapshot(for: .claude, account: session)?.claude)
+        #expect(tokenContext.effectiveSourceMode(base: .cli, provider: .claude, account: session) == .web)
+        #expect(sessionSnapshot.cookieSource == .manual)
+        #expect(sessionSnapshot.manualCookieHeader == "sessionKey=sk-ant-session-token")
+    }
+
+    @Test
+    func `codex all accounts selection exposes visible managed accounts and scopes CLI homes`() throws {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-cli-all-accounts-\(UUID().uuidString)", isDirectory: true)
+        let ambientHome = root.appendingPathComponent("ambient", isDirectory: true)
+        let firstHome = root.appendingPathComponent("first", isDirectory: true)
+        let secondHome = root.appendingPathComponent("second", isDirectory: true)
+        try FileManager.default.createDirectory(at: ambientHome, withIntermediateDirectories: true)
+        try FileManager.default.createDirectory(at: firstHome, withIntermediateDirectories: true)
+        try FileManager.default.createDirectory(at: secondHome, withIntermediateDirectories: true)
+        let storeURL = root.appendingPathComponent("managed-codex-accounts.json")
+        let firstID = UUID()
+        let secondID = UUID()
+        let accounts = ManagedCodexAccountSet(version: FileManagedCodexAccountStore.currentVersion, accounts: [
+            ManagedCodexAccount(
+                id: firstID,
+                email: "FIRST@EXAMPLE.COM",
+                workspaceLabel: "Team",
+                managedHomePath: firstHome.path,
+                createdAt: 0,
+                updatedAt: 0,
+                lastAuthenticatedAt: nil),
+            ManagedCodexAccount(
+                id: secondID,
+                email: "second@example.com",
+                workspaceLabel: "Personal",
+                managedHomePath: secondHome.path,
+                createdAt: 0,
+                updatedAt: 0,
+                lastAuthenticatedAt: nil),
+        ])
+        try FileManagedCodexAccountStore(fileURL: storeURL).storeAccounts(accounts)
+        let config = CodexBarConfig(providers: [
+            ProviderConfig(id: .codex, codexActiveSource: .managedAccount(id: secondID)),
+        ])
+        let context = try TokenAccountCLIContext(
+            selection: TokenAccountCLISelection(label: nil, index: nil, allAccounts: true),
+            config: config,
+            verbose: false,
+            baseEnvironment: ["CODEX_HOME": ambientHome.path],
+            managedCodexAccountStoreURL: storeURL)
+
+        let projection = context.visibleCodexAccounts()
+        #expect(projection.visibleAccounts.map(\.menuDisplayName) == [
+            "first@example.com — Team",
+            "second@example.com",
+        ])
+        #expect(projection.visibleAccounts.map(\.selectionSource) == [
+            .managedAccount(id: firstID),
+            .managedAccount(id: secondID),
+        ])
+        #expect(projection.visibleAccounts.first { $0.email == "second@example.com" }?.isActive == true)
+
+        let firstEnv = context.environment(
+            base: ["CODEX_HOME": ambientHome.path],
+            provider: .codex,
+            account: nil,
+            codexActiveSourceOverride: .managedAccount(id: firstID))
+        #expect(firstEnv["CODEX_HOME"] == firstHome.path)
+
+        let liveEnv = context.environment(
+            base: ["CODEX_HOME": ambientHome.path],
+            provider: .codex,
+            account: nil,
+            codexActiveSourceOverride: .liveSystem)
+        #expect(liveEnv["CODEX_HOME"] == ambientHome.path)
+
+        let firstFetcher = context.fetcher(
+            base: UsageFetcher(environment: ["CODEX_HOME": ambientHome.path]),
+            provider: .codex,
+            env: firstEnv)
+        #expect(Self.codexHomePath(from: firstFetcher) == firstHome.path)
+
+        let nonCodexBaseFetcher = UsageFetcher(environment: ["CODEX_HOME": ambientHome.path])
+        let nonCodexFetcher = context.fetcher(base: nonCodexBaseFetcher, provider: .claude, env: firstEnv)
+        #expect(Self.codexHomePath(from: nonCodexFetcher) == ambientHome.path)
+
+        let labeled = try context.applyCodexVisibleAccountLabel(
+            UsageSnapshot(primary: nil, secondary: nil, updatedAt: Date()),
+            account: #require(projection.visibleAccounts.first))
+        let identity = try #require(labeled.identity(for: .codex))
+        #expect(identity.accountEmail == "first@example.com")
+        #expect(identity.accountOrganization == "Team")
+    }
+
+    @Test
+    func `claude ambient explicit CLI source remains CLI in CLI`() throws {
+        let config = CodexBarConfig(providers: [ProviderConfig(id: .claude)])
+        let tokenContext = try TokenAccountCLIContext(
+            selection: TokenAccountCLISelection(label: nil, index: nil, allAccounts: false),
+            config: config,
+            verbose: false)
+
+        let effectiveSourceMode = tokenContext.effectiveSourceMode(
+            base: .cli,
+            provider: .claude,
+            account: nil)
+
+        #expect(effectiveSourceMode == .cli)
+    }
+
+    @Test
+    func `claude session key selection stays in manual cookie mode in CLI settings snapshot`() throws {
+        let accounts = ProviderTokenAccountData(
+            version: 1,
+            accounts: [
+                ProviderTokenAccount(
+                    id: UUID(),
+                    label: "Primary",
+                    token: "sk-ant-session-token",
+                    addedAt: 0,
+                    lastUsed: nil),
+            ],
+            activeIndex: 0)
+        let config = CodexBarConfig(
+            providers: [
+                ProviderConfig(
+                    id: .claude,
+                    cookieSource: .auto,
+                    tokenAccounts: accounts),
+            ])
+        let selection = TokenAccountCLISelection(label: nil, index: nil, allAccounts: false)
+        let tokenContext = try TokenAccountCLIContext(selection: selection, config: config, verbose: false)
+        let account = try #require(tokenContext.resolvedAccounts(for: .claude).first)
+        let snapshot = try #require(tokenContext.settingsSnapshot(for: .claude, account: account))
+        let claudeSettings = try #require(snapshot.claude)
+
+        #expect(claudeSettings.usageDataSource == .auto)
+        #expect(claudeSettings.cookieSource == .manual)
+        #expect(claudeSettings.manualCookieHeader == "sessionKey=sk-ant-session-token")
+    }
+
+    @Test
+    func `claude session key selection carries organization id in CLI settings snapshot`() throws {
+        let accounts = ProviderTokenAccountData(
+            version: 1,
+            accounts: [
+                ProviderTokenAccount(
+                    id: UUID(),
+                    label: "Team",
+                    token: "sk-ant-session-token",
+                    addedAt: 0,
+                    lastUsed: nil,
+                    organizationID: " org-team "),
+            ],
+            activeIndex: 0)
+        let config = CodexBarConfig(
+            providers: [
+                ProviderConfig(
+                    id: .claude,
+                    tokenAccounts: accounts),
+            ])
+        let selection = TokenAccountCLISelection(label: nil, index: nil, allAccounts: false)
+        let tokenContext = try TokenAccountCLIContext(selection: selection, config: config, verbose: false)
+        let account = try #require(tokenContext.resolvedAccounts(for: .claude).first)
+        let snapshot = try #require(tokenContext.settingsSnapshot(for: .claude, account: account))
+        let claudeSettings = try #require(snapshot.claude)
+
+        #expect(claudeSettings.organizationID == "org-team")
+    }
+
+    @Test
+    func `claude token account organization id uses organizationId JSON key`() throws {
+        let json = """
+        {
+          "id": "00000000-0000-0000-0000-000000000001",
+          "label": "Team",
+          "token": "sk-ant-session-token",
+          "addedAt": 0,
+          "lastUsed": null,
+          "organizationId": "org-team"
+        }
+        """
+        let account = try JSONDecoder().decode(ProviderTokenAccount.self, from: Data(json.utf8))
+        let encoded = try JSONSerialization.jsonObject(with: JSONEncoder().encode(account)) as? [String: Any]
+
+        #expect(account.organizationID == "org-team")
+        #expect(encoded?["organizationId"] as? String == "org-team")
+        #expect(encoded?["organizationID"] == nil)
+    }
+
+    @Test
+    func `claude config manual cookie uses shared route in CLI settings snapshot`() throws {
+        let config = CodexBarConfig(
+            providers: [
+                ProviderConfig(
+                    id: .claude,
+                    cookieHeader: "Cookie: sessionKey=sk-ant-session-token; foo=bar"),
+            ])
+        let selection = TokenAccountCLISelection(label: nil, index: nil, allAccounts: false)
+        let tokenContext = try TokenAccountCLIContext(selection: selection, config: config, verbose: false)
+        let snapshot = try #require(tokenContext.settingsSnapshot(for: .claude, account: nil))
+        let claudeSettings = try #require(snapshot.claude)
+
+        #expect(claudeSettings.usageDataSource == .auto)
+        #expect(claudeSettings.cookieSource == .manual)
+        #expect(claudeSettings.manualCookieHeader == "sessionKey=sk-ant-session-token; foo=bar")
+    }
+
+    @Test
+    func `claude config manual cookie does not promote auto source mode in CLI`() throws {
+        let config = CodexBarConfig(
+            providers: [
+                ProviderConfig(
+                    id: .claude,
+                    cookieHeader: "Cookie: sessionKey=sk-ant-session-token"),
+            ])
+        let tokenContext = try TokenAccountCLIContext(
+            selection: TokenAccountCLISelection(label: nil, index: nil, allAccounts: false),
+            config: config,
+            verbose: false)
+
+        let effectiveSourceMode = tokenContext.effectiveSourceMode(
+            base: .auto,
+            provider: .claude,
+            account: nil)
+
+        #expect(effectiveSourceMode == .auto)
+    }
+
+    @Test
+    func `apply account label in app preserves snapshot fields`() {
         let settings = Self.makeSettingsStore(suite: "TokenAccountEnvironmentPrecedenceTests-apply-app")
         let store = Self.makeUsageStore(settings: settings)
         let snapshot = Self.makeSnapshotWithAllFields(provider: .zai)
@@ -95,7 +654,7 @@ struct TokenAccountEnvironmentPrecedenceTests {
     }
 
     @Test
-    func applyAccountLabelInCLIPreservesSnapshotFields() throws {
+    func `apply account label in CLI preserves snapshot fields`() throws {
         let context = try TokenAccountCLIContext(
             selection: TokenAccountCLISelection(label: nil, index: nil, allAccounts: false),
             config: CodexBarConfig(providers: []),
@@ -115,7 +674,139 @@ struct TokenAccountEnvironmentPrecedenceTests {
         #expect(labeled.identity?.accountEmail == "CLI Account")
     }
 
-    private static func makeSettingsStore(suite: String) -> SettingsStore {
+    @Test
+    func `codex known owners match between app and CLI for live system only`() throws {
+        let ambientHome = Self.makeTempCodexHome(
+            email: "live@example.com",
+            plan: "pro",
+            accountId: "acct-live")
+        defer { try? FileManager.default.removeItem(at: ambientHome) }
+
+        let appSettings = Self.makeSettingsStore(suite: "TokenAccountEnvironmentPrecedenceTests-codex-live-only")
+        appSettings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: ambientHome.path,
+            observedAt: Date(),
+            identity: .providerAccount(id: "acct-live"))
+        defer { appSettings._test_liveSystemCodexAccount = nil }
+        let appStore = Self.makeUsageStore(settings: appSettings)
+
+        try Self.withCLIKnownOwnerFixtures(
+            ambientHome: ambientHome,
+            managedAccounts: [])
+        { managedStoreURL in
+            let rawCLIOwners = try Self.codexCLIKnownOwners(
+                ambientHome: ambientHome,
+                managedStoreURL: managedStoreURL)
+            let cliOwners = try #require(rawCLIOwners)
+            let appOwners = appStore.codexDashboardKnownOwnerCandidates()
+
+            #expect(Self.knownOwnerMultiset(appOwners) == Self.knownOwnerMultiset(cliOwners))
+        }
+    }
+
+    @Test
+    func `codex known owners match between app and CLI when managed and live identities are the same`() throws {
+        let ambientHome = Self.makeTempCodexHome(
+            email: "shared@example.com",
+            plan: "pro",
+            accountId: "acct-shared")
+        let managedHome = Self.makeTempCodexHome(
+            email: "shared@example.com",
+            plan: "pro",
+            accountId: "acct-shared")
+        defer {
+            try? FileManager.default.removeItem(at: ambientHome)
+            try? FileManager.default.removeItem(at: managedHome)
+        }
+
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "shared@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let appSettings = Self.makeSettingsStore(suite: "TokenAccountEnvironmentPrecedenceTests-codex-same-identity")
+        appSettings._test_activeManagedCodexAccount = managedAccount
+        appSettings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "shared@example.com",
+            codexHomePath: ambientHome.path,
+            observedAt: Date(),
+            identity: .providerAccount(id: "acct-shared"))
+        defer {
+            appSettings._test_activeManagedCodexAccount = nil
+            appSettings._test_liveSystemCodexAccount = nil
+        }
+        let appStore = Self.makeUsageStore(settings: appSettings)
+
+        try Self.withCLIKnownOwnerFixtures(
+            ambientHome: ambientHome,
+            managedAccounts: [managedAccount])
+        { managedStoreURL in
+            let rawCLIOwners = try Self.codexCLIKnownOwners(
+                ambientHome: ambientHome,
+                managedStoreURL: managedStoreURL)
+            let cliOwners = try #require(rawCLIOwners)
+            let appOwners = appStore.codexDashboardKnownOwnerCandidates()
+
+            #expect(Self.knownOwnerMultiset(appOwners) == Self.knownOwnerMultiset(cliOwners))
+        }
+    }
+
+    @Test
+    func `codex known owners match between app and CLI when managed and live identities differ`() throws {
+        let ambientHome = Self.makeTempCodexHome(
+            email: "live@example.com",
+            plan: "pro",
+            accountId: "acct-live")
+        let managedHome = Self.makeTempCodexHome(
+            email: "managed@example.com",
+            plan: "pro",
+            accountId: "acct-managed")
+        defer {
+            try? FileManager.default.removeItem(at: ambientHome)
+            try? FileManager.default.removeItem(at: managedHome)
+        }
+
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: managedHome.path,
+            createdAt: 1,
+            updatedAt: 2,
+            lastAuthenticatedAt: 3)
+        let appSettings = Self
+            .makeSettingsStore(suite: "TokenAccountEnvironmentPrecedenceTests-codex-different-identities")
+        appSettings._test_activeManagedCodexAccount = managedAccount
+        appSettings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: ambientHome.path,
+            observedAt: Date(),
+            identity: .providerAccount(id: "acct-live"))
+        defer {
+            appSettings._test_activeManagedCodexAccount = nil
+            appSettings._test_liveSystemCodexAccount = nil
+        }
+        let appStore = Self.makeUsageStore(settings: appSettings)
+
+        try Self.withCLIKnownOwnerFixtures(
+            ambientHome: ambientHome,
+            managedAccounts: [managedAccount])
+        { managedStoreURL in
+            let rawCLIOwners = try Self.codexCLIKnownOwners(
+                ambientHome: ambientHome,
+                managedStoreURL: managedStoreURL)
+            let cliOwners = try #require(rawCLIOwners)
+            let appOwners = appStore.codexDashboardKnownOwnerCandidates()
+
+            #expect(Self.knownOwnerMultiset(appOwners) == Self.knownOwnerMultiset(cliOwners))
+        }
+    }
+}
+
+extension TokenAccountEnvironmentPrecedenceTests {
+    fileprivate static func makeSettingsStore(suite: String) -> SettingsStore {
         let defaults = UserDefaults(suiteName: suite)!
         defaults.removePersistentDomain(forName: suite)
         let configStore = testConfigStore(suiteName: suite)
@@ -140,14 +831,98 @@ struct TokenAccountEnvironmentPrecedenceTests {
             tokenAccountStore: InMemoryTokenAccountStore())
     }
 
-    private static func makeUsageStore(settings: SettingsStore) -> UsageStore {
+    fileprivate static func makeUsageStore(settings: SettingsStore) -> UsageStore {
         UsageStore(
             fetcher: UsageFetcher(environment: [:]),
             browserDetection: BrowserDetection(cacheTTL: 0),
             settings: settings)
     }
 
-    private static func makeSnapshotWithAllFields(provider: UsageProvider) -> UsageSnapshot {
+    fileprivate static func codexCLIKnownOwners(
+        ambientHome: URL,
+        managedStoreURL: URL) throws -> [CodexDashboardKnownOwnerCandidate]?
+    {
+        let context = try TokenAccountCLIContext(
+            selection: TokenAccountCLISelection(label: nil, index: nil, allAccounts: false),
+            config: CodexBarConfig(providers: [ProviderConfig(id: .codex)]),
+            verbose: false,
+            baseEnvironment: ["CODEX_HOME": ambientHome.path],
+            managedCodexAccountStoreURL: managedStoreURL)
+        return context.settingsSnapshot(for: .codex, account: nil)?.codex?.dashboardAuthorityKnownOwners
+    }
+
+    fileprivate static func codexHomePath(from fetcher: UsageFetcher) -> String? {
+        guard let environment = Mirror(reflecting: fetcher).children.first(where: { $0.label == "environment" })?
+            .value as? [String: String]
+        else {
+            return nil
+        }
+        return environment["CODEX_HOME"]
+    }
+
+    fileprivate static func knownOwnerMultiset(
+        _ owners: [CodexDashboardKnownOwnerCandidate]) -> [CodexDashboardKnownOwnerCandidate: Int]
+    {
+        owners.reduce(into: [:]) { counts, owner in
+            counts[owner, default: 0] += 1
+        }
+    }
+
+    fileprivate static func makeTempCodexHome(email: String, plan: String, accountId: String) -> URL {
+        let home = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-known-owner-\(UUID().uuidString)", isDirectory: true)
+        try? FileManager.default.createDirectory(at: home, withIntermediateDirectories: true)
+        let credentials = CodexOAuthCredentials(
+            accessToken: "access-token",
+            refreshToken: "refresh-token",
+            idToken: self.fakeJWT(email: email, plan: plan, accountId: accountId),
+            accountId: accountId,
+            lastRefresh: Date())
+        try? CodexOAuthCredentialsStore.save(credentials, env: ["CODEX_HOME": home.path])
+        return home
+    }
+
+    fileprivate static func fakeJWT(email: String, plan: String, accountId: String) -> String {
+        let header = (try? JSONSerialization.data(withJSONObject: ["alg": "none"])) ?? Data()
+        let payload = (try? JSONSerialization.data(withJSONObject: [
+            "email": email,
+            "chatgpt_plan_type": plan,
+            "https://api.openai.com/auth": [
+                "chatgpt_plan_type": plan,
+                "chatgpt_account_id": accountId,
+            ],
+        ])) ?? Data()
+
+        func base64URL(_ data: Data) -> String {
+            data.base64EncodedString()
+                .replacingOccurrences(of: "=", with: "")
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+        }
+
+        return "\(base64URL(header)).\(base64URL(payload))."
+    }
+
+    fileprivate static func withCLIKnownOwnerFixtures<T>(
+        ambientHome: URL,
+        managedAccounts: [ManagedCodexAccount],
+        operation: (URL) throws -> T) throws -> T
+    {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codex-known-owner-store-\(UUID().uuidString)", isDirectory: true)
+        let managedStoreURL = root.appendingPathComponent("managed-codex-accounts.json", isDirectory: false)
+        let fileManager = FileManager.default
+        defer { try? fileManager.removeItem(at: root) }
+
+        let managedStore = FileManagedCodexAccountStore(fileURL: managedStoreURL)
+        try managedStore.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: managedAccounts))
+
+        return try operation(managedStoreURL)
+    }
+
+    fileprivate static func makeSnapshotWithAllFields(provider: UsageProvider) -> UsageSnapshot {
         let now = Date(timeIntervalSince1970: 1_700_000_000)
         let reset = Date(timeIntervalSince1970: 1_700_003_600)
         let tokenLimit = ZaiLimitEntry(
@@ -203,7 +978,7 @@ struct TokenAccountEnvironmentPrecedenceTests {
             identity: identity)
     }
 
-    private static func expectSnapshotFieldsPreserved(before: UsageSnapshot, after: UsageSnapshot) {
+    fileprivate static func expectSnapshotFieldsPreserved(before: UsageSnapshot, after: UsageSnapshot) {
         #expect(after.primary?.usedPercent == before.primary?.usedPercent)
         #expect(after.secondary?.usedPercent == before.secondary?.usedPercent)
         #expect(after.tertiary?.usedPercent == before.tertiary?.usedPercent)
diff --git a/Tests/CodexBarTests/TokenAccountStoreTests.swift b/Tests/CodexBarTests/TokenAccountStoreTests.swift
index e1cbbce24..9a252219f 100644
--- a/Tests/CodexBarTests/TokenAccountStoreTests.swift
+++ b/Tests/CodexBarTests/TokenAccountStoreTests.swift
@@ -3,8 +3,8 @@ import Foundation
 import Testing
 @testable import CodexBar
 
-@Test("ProviderTokenAccountData encoding")
-func providerTokenAccountDataEncoding() throws {
+@Test
+func `ProviderTokenAccountData encoding`() throws {
     let now = Date().timeIntervalSince1970
     let account = ProviderTokenAccount(
         id: UUID(),
@@ -26,8 +26,8 @@ func providerTokenAccountDataEncoding() throws {
     #expect(decoded.activeIndex == 0)
 }
 
-@Test("FileTokenAccountStore round trip")
-func fileTokenAccountStoreRoundTrip() throws {
+@Test
+func `FileTokenAccountStore round trip`() throws {
     let tempDir = FileManager.default.temporaryDirectory
     let fileURL = tempDir.appendingPathComponent("codexbar-token-accounts-test.json")
     defer { try? FileManager.default.removeItem(at: fileURL) }
diff --git a/Tests/CodexBarTests/UpdateChannelTests.swift b/Tests/CodexBarTests/UpdateChannelTests.swift
index c5ee1f9c9..c93ed2398 100644
--- a/Tests/CodexBarTests/UpdateChannelTests.swift
+++ b/Tests/CodexBarTests/UpdateChannelTests.swift
@@ -1,22 +1,21 @@
 import Testing
 @testable import CodexBar
 
-@Suite
 struct UpdateChannelTests {
     @Test
-    func defaultChannelFromStableVersion() {
+    func `default channel from stable version`() {
         #expect(UpdateChannel.defaultChannel(for: "1.2.3") == .stable)
     }
 
     @Test
-    func defaultChannelFromPrereleaseVersion() {
+    func `default channel from prerelease version`() {
         #expect(UpdateChannel.defaultChannel(for: "1.2.3-beta.1") == .beta)
         #expect(UpdateChannel.defaultChannel(for: "1.2.3-rc.1") == .beta)
         #expect(UpdateChannel.defaultChannel(for: "1.2.3-alpha") == .beta)
     }
 
     @Test
-    func allowedSparkleChannels() {
+    func `allowed sparkle channels`() {
         #expect(UpdateChannel.stable.allowedSparkleChannels == [""])
         #expect(UpdateChannel.beta.allowedSparkleChannels == ["", UpdateChannel.sparkleBetaChannel])
     }
diff --git a/Tests/CodexBarTests/UsageColorLevelTests.swift b/Tests/CodexBarTests/UsageColorLevelTests.swift
new file mode 100644
index 000000000..125e28249
--- /dev/null
+++ b/Tests/CodexBarTests/UsageColorLevelTests.swift
@@ -0,0 +1,45 @@
+import AppKit
+import Testing
+@testable import CodexBar
+
+struct UsageColorLevelTests {
+    private func redComponent(_ color: NSColor?) -> CGFloat? {
+        guard let resolved = color?.usingColorSpace(.sRGB) else { return nil }
+        var r: CGFloat = 0
+        resolved.getRed(&r, green: nil, blue: nil, alpha: nil)
+        return r
+    }
+
+    @Test
+    func nilUsageReturnsNoTint() {
+        #expect(UsageColorLevel.tintColor(for: nil) == nil)
+    }
+
+    @Test
+    func highUsageIsSystemRed() {
+        #expect(UsageColorLevel.tintColor(for: 90) == .systemRed)
+        #expect(UsageColorLevel.tintColor(for: 100) == .systemRed)
+        // Values above 100 are clamped and still red.
+        #expect(UsageColorLevel.tintColor(for: 250) == .systemRed)
+    }
+
+    @Test
+    func rednessIncreasesWithUsage() throws {
+        let low = try #require(self.redComponent(UsageColorLevel.tintColor(for: 10)))
+        let mid = try #require(self.redComponent(UsageColorLevel.tintColor(for: 80)))
+        let high = try #require(self.redComponent(UsageColorLevel.tintColor(for: 95)))
+        #expect(low < mid)
+        #expect(mid <= high)
+    }
+
+    @Test
+    func lowUsageIsGreenDominant() throws {
+        let color = try #require(UsageColorLevel.tintColor(for: 0)?.usingColorSpace(.sRGB))
+        var r: CGFloat = 0
+        var g: CGFloat = 0
+        var b: CGFloat = 0
+        color.getRed(&r, green: &g, blue: &b, alpha: nil)
+        #expect(g > r)
+        #expect(g > b)
+    }
+}
diff --git a/Tests/CodexBarTests/UsageFormatterTests.swift b/Tests/CodexBarTests/UsageFormatterTests.swift
index 072b299df..873591d41 100644
--- a/Tests/CodexBarTests/UsageFormatterTests.swift
+++ b/Tests/CodexBarTests/UsageFormatterTests.swift
@@ -3,32 +3,120 @@ import Foundation
 import Testing
 @testable import CodexBar
 
-@Suite
+@Suite(.serialized)
 struct UsageFormatterTests {
+    private static let usageFormatterLocalizationKeys: [String] = [
+        "%@ left",
+        "Resets %@",
+        "Resets in %@",
+        "Resets now",
+        "Updated %@",
+        "Updated %@h ago",
+        "Updated %@m ago",
+        "Updated just now",
+        "usage_percent_suffix_left",
+        "usage_percent_suffix_used",
+    ]
+
     @Test
-    func formatsUsageLine() {
+    func `formats usage line`() {
+        UsageFormatter.clearLocalizationProvider()
+        UsageFormatter.clearLocaleProvider()
         let line = UsageFormatter.usageLine(remaining: 25, used: 75, showUsed: false)
         #expect(line == "25% left")
     }
 
     @Test
-    func formatsUsageLineShowUsed() {
+    func `formats usage line show used`() {
+        UsageFormatter.clearLocalizationProvider()
+        UsageFormatter.clearLocaleProvider()
         let line = UsageFormatter.usageLine(remaining: 25, used: 75, showUsed: true)
         #expect(line == "75% used")
     }
 
     @Test
-    func relativeUpdatedRecent() {
+    func `usage line respects injected localization provider`() {
+        UsageFormatter.setLocalizationProvider { key in
+            switch key {
+            case "usage_percent_suffix_left": "剩余"
+            case "usage_percent_suffix_used": "已使用"
+            default: key
+            }
+        }
+        defer { UsageFormatter.clearLocalizationProvider() }
+
+        #expect(UsageFormatter.usageLine(remaining: 22, used: 78, showUsed: false) == "22% 剩余")
+        #expect(UsageFormatter.usageLine(remaining: 22, used: 78, showUsed: true) == "78% 已使用")
+    }
+
+    @Test
+    func `default locale fallback matches stable en US POSIX behavior`() {
+        UsageFormatter.clearLocalizationProvider()
+        UsageFormatter.clearLocaleProvider()
+
+        let now = Date(timeIntervalSince1970: 1_710_048_000)
+        let old = now.addingTimeInterval(-(26 * 3600))
+
+        let defaultOutput = UsageFormatter.updatedString(from: old, now: now)
+        UsageFormatter.setLocaleProvider { Locale(identifier: "en_US_POSIX") }
+        let injectedStableOutput = UsageFormatter.updatedString(from: old, now: now)
+        UsageFormatter.clearLocaleProvider()
+
+        #expect(defaultOutput == injectedStableOutput)
+    }
+
+    @Test
+    func `injected zh Hans locale applies app language formatting`() {
+        UsageFormatter.setLocalizationProvider { key in
+            switch key {
+            case "Updated %@":
+                "更新于 %@"
+            default:
+                key
+            }
+        }
+        UsageFormatter.setLocaleProvider { Locale(identifier: "zh-Hans") }
+        defer {
+            UsageFormatter.clearLocalizationProvider()
+            UsageFormatter.clearLocaleProvider()
+        }
+
+        let now = Date(timeIntervalSince1970: 1_710_048_000)
+        let old = now.addingTimeInterval(-(26 * 3600))
+        let output = UsageFormatter.updatedString(from: old, now: now)
+
+        #expect(output.hasPrefix("更新于 "))
+    }
+
+    @Test
+    func `clearing locale provider returns to stable default behavior`() {
+        UsageFormatter.clearLocalizationProvider()
+        UsageFormatter.clearLocaleProvider()
+
+        let now = Date(timeIntervalSince1970: 1_710_048_000)
+        let old = now.addingTimeInterval(-(26 * 3600))
+        let baseline = UsageFormatter.updatedString(from: old, now: now)
+
+        UsageFormatter.setLocaleProvider { Locale(identifier: "fr_FR") }
+        _ = UsageFormatter.updatedString(from: old, now: now)
+        UsageFormatter.clearLocaleProvider()
+
+        let restored = UsageFormatter.updatedString(from: old, now: now)
+        #expect(restored == baseline)
+    }
+
+    @Test
+    func `relative updated recent`() {
         let now = Date()
         let fiveHoursAgo = now.addingTimeInterval(-5 * 3600)
         let text = UsageFormatter.updatedString(from: fiveHoursAgo, now: now)
-        #expect(text.contains("Updated"))
-        // Check for relative time format (varies by locale: "ago" in English, "전" in Korean, etc.)
-        #expect(text.contains("5") || text.lowercased().contains("hour") || text.contains("시간"))
+        #expect(text.hasPrefix("Updated ") || text.hasPrefix("更新"))
+        #expect(text.contains("5"))
+        #expect(text.lowercased().contains("ago") || text.contains("前"))
     }
 
     @Test
-    func absoluteUpdatedOld() {
+    func `absolute updated old`() {
         let now = Date()
         let dayAgo = now.addingTimeInterval(-26 * 3600)
         let text = UsageFormatter.updatedString(from: dayAgo, now: now)
@@ -37,42 +125,42 @@ struct UsageFormatterTests {
     }
 
     @Test
-    func resetCountdown_minutes() {
+    func `reset countdown minutes`() {
         let now = Date(timeIntervalSince1970: 1_000_000)
         let reset = now.addingTimeInterval(10 * 60 + 1)
         #expect(UsageFormatter.resetCountdownDescription(from: reset, now: now) == "in 11m")
     }
 
     @Test
-    func resetCountdown_hoursAndMinutes() {
+    func `reset countdown hours and minutes`() {
         let now = Date(timeIntervalSince1970: 1_000_000)
         let reset = now.addingTimeInterval(3 * 3600 + 31 * 60)
         #expect(UsageFormatter.resetCountdownDescription(from: reset, now: now) == "in 3h 31m")
     }
 
     @Test
-    func resetCountdown_daysAndHours() {
+    func `reset countdown days and hours`() {
         let now = Date(timeIntervalSince1970: 1_000_000)
         let reset = now.addingTimeInterval((26 * 3600) + 10)
         #expect(UsageFormatter.resetCountdownDescription(from: reset, now: now) == "in 1d 2h")
     }
 
     @Test
-    func resetCountdown_exactHour() {
+    func `reset countdown exact hour`() {
         let now = Date(timeIntervalSince1970: 1_000_000)
         let reset = now.addingTimeInterval(60 * 60)
         #expect(UsageFormatter.resetCountdownDescription(from: reset, now: now) == "in 1h")
     }
 
     @Test
-    func resetCountdown_pastDate() {
+    func `reset countdown past date`() {
         let now = Date(timeIntervalSince1970: 1_000_000)
         let reset = now.addingTimeInterval(-10)
         #expect(UsageFormatter.resetCountdownDescription(from: reset, now: now) == "now")
     }
 
     @Test
-    func resetLineUsesCountdownWhenResetsAtIsAvailable() {
+    func `reset line uses countdown when resets at is available`() {
         let now = Date(timeIntervalSince1970: 1_000_000)
         let reset = now.addingTimeInterval(10 * 60 + 1)
         let window = RateWindow(usedPercent: 0, windowMinutes: nil, resetsAt: reset, resetDescription: "Resets soon")
@@ -81,7 +169,7 @@ struct UsageFormatterTests {
     }
 
     @Test
-    func resetLineFallsBackToProvidedDescription() {
+    func `reset line falls back to provided description`() {
         let window = RateWindow(
             usedPercent: 0,
             windowMinutes: nil,
@@ -94,22 +182,39 @@ struct UsageFormatterTests {
     }
 
     @Test
-    func modelDisplayNameStripsTrailingDates() {
+    func `model display name strips trailing dates`() {
         #expect(UsageFormatter.modelDisplayName("claude-opus-4-5-20251101") == "claude-opus-4-5")
         #expect(UsageFormatter.modelDisplayName("gpt-4o-2024-08-06") == "gpt-4o")
         #expect(UsageFormatter.modelDisplayName("Claude Opus 4.5 2025 1101") == "Claude Opus 4.5")
         #expect(UsageFormatter.modelDisplayName("claude-sonnet-4-5") == "claude-sonnet-4-5")
+        #expect(UsageFormatter.modelDisplayName("gpt-5.3-codex-spark") == "gpt-5.3-codex-spark")
+    }
+
+    @Test
+    func `model cost detail uses research preview label`() {
+        #expect(
+            UsageFormatter.modelCostDetail("gpt-5.3-codex-spark", costUSD: 0, totalTokens: nil) == "Research Preview")
+        #expect(UsageFormatter.modelCostDetail("gpt-5.2-codex", costUSD: 0.42, totalTokens: nil) == "$0.42")
     }
 
     @Test
-    func cleanPlanMapsOAuthToOllama() {
+    func `model cost detail includes token counts when present`() {
+        #expect(UsageFormatter.modelCostDetail("gpt-5.2-codex", costUSD: 0.42, totalTokens: 1200) == "$0.42 · 1.2K")
+        #expect(
+            UsageFormatter.modelCostDetail("gpt-5.3-codex-spark", costUSD: 0, totalTokens: 1500)
+                == "Research Preview · 1.5K")
+        #expect(UsageFormatter.modelCostDetail("custom-model", costUSD: nil, totalTokens: 987) == "987")
+    }
+
+    @Test
+    func `clean plan maps O auth to ollama`() {
         #expect(UsageFormatter.cleanPlanName("oauth") == "Ollama")
     }
 
     // MARK: - Currency Formatting
 
     @Test
-    func currencyStringFormatsUSDCorrectly() {
+    func `currency string formats USD correctly`() {
         // Should produce "$54.72" without space after symbol
         let result = UsageFormatter.currencyString(54.72, currencyCode: "USD")
         #expect(result == "$54.72")
@@ -117,7 +222,7 @@ struct UsageFormatterTests {
     }
 
     @Test
-    func currencyStringHandlesLargeValues() {
+    func `currency string handles large values`() {
         let result = UsageFormatter.currencyString(1234.56, currencyCode: "USD")
         // For USD, we use direct string formatting with thousand separators
         #expect(result == "$1,234.56")
@@ -125,26 +230,26 @@ struct UsageFormatterTests {
     }
 
     @Test
-    func currencyStringHandlesVeryLargeValues() {
+    func `currency string handles very large values`() {
         let result = UsageFormatter.currencyString(1_234_567.89, currencyCode: "USD")
         #expect(result == "$1,234,567.89")
     }
 
     @Test
-    func currencyStringHandlesNegativeValues() {
+    func `currency string handles negative values`() {
         // Negative sign should come before the dollar sign: -$54.72 (not $-54.72)
         let result = UsageFormatter.currencyString(-54.72, currencyCode: "USD")
         #expect(result == "-$54.72")
     }
 
     @Test
-    func currencyStringHandlesNegativeLargeValues() {
+    func `currency string handles negative large values`() {
         let result = UsageFormatter.currencyString(-1234.56, currencyCode: "USD")
         #expect(result == "-$1,234.56")
     }
 
     @Test
-    func usdStringMatchesCurrencyString() {
+    func `usd string matches currency string`() {
         // usdString should produce identical output to currencyString for USD
         #expect(UsageFormatter.usdString(54.72) == UsageFormatter.currencyString(54.72, currencyCode: "USD"))
         #expect(UsageFormatter.usdString(-1234.56) == UsageFormatter.currencyString(-1234.56, currencyCode: "USD"))
@@ -152,13 +257,13 @@ struct UsageFormatterTests {
     }
 
     @Test
-    func currencyStringHandlesZero() {
+    func `currency string handles zero`() {
         let result = UsageFormatter.currencyString(0, currencyCode: "USD")
         #expect(result == "$0.00")
     }
 
     @Test
-    func currencyStringHandlesNonUSDCurrencies() {
+    func `currency string handles non USD currencies`() {
         // FormatStyle handles all currencies with proper symbols
         let eur = UsageFormatter.currencyString(54.72, currencyCode: "EUR")
         #expect(eur == "€54.72")
@@ -172,7 +277,7 @@ struct UsageFormatterTests {
     }
 
     @Test
-    func currencyStringHandlesSmallValues() {
+    func `currency string handles small values`() {
         // Values smaller than 0.01 should round to $0.00
         let tiny = UsageFormatter.currencyString(0.001, currencyCode: "USD")
         #expect(tiny == "$0.00")
@@ -187,7 +292,7 @@ struct UsageFormatterTests {
     }
 
     @Test
-    func currencyStringHandlesBoundaryValues() {
+    func `currency string handles boundary values`() {
         // Just under 1000 (no comma)
         let under1k = UsageFormatter.currencyString(999.99, currencyCode: "USD")
         #expect(under1k == "$999.99")
@@ -202,8 +307,60 @@ struct UsageFormatterTests {
     }
 
     @Test
-    func creditsStringFormatsCorrectly() {
+    func `credits string formats correctly`() {
         let result = UsageFormatter.creditsString(from: 42.5)
         #expect(result == "42.5 left")
     }
+
+    @Test
+    func `byte count string formats binary units`() {
+        #expect(UsageFormatter.byteCountString(0) == "0 B")
+        #expect(UsageFormatter.byteCountString(512) == "512 B")
+        #expect(UsageFormatter.byteCountString(1536) == "1.5 KB")
+        #expect(UsageFormatter.byteCountString(10 * 1024) == "10 KB")
+        #expect(UsageFormatter.byteCountString(5 * 1024 * 1024) == "5 MB")
+        #expect(UsageFormatter.byteCountString(Int64(1536 * 1024 * 1024)) == "1.5 GB")
+    }
+
+    @Test
+    func `usage formatter localization keys exist in en and zh Hans with matching placeholders`() throws {
+        let root = URL(fileURLWithPath: #filePath)
+            .deletingLastPathComponent()
+            .deletingLastPathComponent()
+            .deletingLastPathComponent()
+
+        let enURL = root.appendingPathComponent("Sources/CodexBar/Resources/en.lproj/Localizable.strings")
+        let zhURL = root.appendingPathComponent("Sources/CodexBar/Resources/zh-Hans.lproj/Localizable.strings")
+
+        let en = try Self.readStringsTable(at: enURL)
+        let zh = try Self.readStringsTable(at: zhURL)
+
+        for key in Self.usageFormatterLocalizationKeys {
+            let enValue = try #require(en[key], "Missing en key: \(key)")
+            let zhValue = try #require(zh[key], "Missing zh-Hans key: \(key)")
+            #expect(
+                Self.placeholderTokens(in: enValue) == Self.placeholderTokens(in: zhValue),
+                "Placeholder mismatch for key '\(key)': en='\(enValue)' zh='\(zhValue)'")
+        }
+    }
+
+    private static func readStringsTable(at url: URL) throws -> [String: String] {
+        guard let dict = NSDictionary(contentsOf: url) as? [String: String] else {
+            throw NSError(
+                domain: "UsageFormatterTests",
+                code: 1,
+                userInfo: [NSLocalizedDescriptionKey: "Failed to parse strings file at \(url.path)"])
+        }
+        return dict
+    }
+
+    private static func placeholderTokens(in value: String) -> [String] {
+        guard let regex = try? NSRegularExpression(pattern: "%(?:\\d+\\$)?[@dDuUxXfFeEgGcCsSpaA]") else {
+            return []
+        }
+        let nsRange = NSRange(value.startIndex..<value.endIndex, in: value)
+        return regex
+            .matches(in: value, options: [], range: nsRange)
+            .compactMap { Range($0.range, in: value).map { String(value[$0]) } }
+    }
 }
diff --git a/Tests/CodexBarTests/UsagePaceTests.swift b/Tests/CodexBarTests/UsagePaceTests.swift
index c64cf808c..0de92b098 100644
--- a/Tests/CodexBarTests/UsagePaceTests.swift
+++ b/Tests/CodexBarTests/UsagePaceTests.swift
@@ -2,10 +2,9 @@ import CodexBarCore
 import Foundation
 import Testing
 
-@Suite
 struct UsagePaceTests {
     @Test
-    func weeklyPace_computesDeltaAndEta() {
+    func `weekly pace computes delta and eta`() {
         let now = Date(timeIntervalSince1970: 0)
         let window = RateWindow(
             usedPercent: 50,
@@ -27,7 +26,7 @@ struct UsagePaceTests {
     }
 
     @Test
-    func weeklyPace_marksLastsToResetWhenUsageIsLow() {
+    func `weekly pace marks lasts to reset when usage is low`() {
         let now = Date(timeIntervalSince1970: 0)
         let window = RateWindow(
             usedPercent: 5,
@@ -46,7 +45,7 @@ struct UsagePaceTests {
     }
 
     @Test
-    func weeklyPace_hidesWhenResetMissingOrOutsideWindow() {
+    func `weekly pace hides when reset missing or outside window`() {
         let now = Date(timeIntervalSince1970: 0)
         let missing = RateWindow(
             usedPercent: 10,
@@ -64,9 +63,22 @@ struct UsagePaceTests {
     }
 
     @Test
-    func sessionPace_computesDeltaAndEtaFor5HourWindow() {
+    func `weekly pace hides when usage exists but no elapsed`() {
+        let now = Date(timeIntervalSince1970: 0)
+        let window = RateWindow(
+            usedPercent: 12,
+            windowMinutes: 10080,
+            resetsAt: now.addingTimeInterval(7 * 24 * 3600),
+            resetDescription: nil)
+
+        let pace = UsagePace.weekly(window: window, now: now)
+
+        #expect(pace == nil)
+    }
+
+    @Test
+    func `session pace computes delta and eta for five hour window`() {
         let now = Date(timeIntervalSince1970: 0)
-        // 300-minute (5-hour) window, 2 hours remaining => 3 hours elapsed
         let window = RateWindow(
             usedPercent: 50,
             windowMinutes: 300,
@@ -77,25 +89,9 @@ struct UsagePaceTests {
 
         #expect(pace != nil)
         guard let pace else { return }
-        // elapsed = 3h of 5h => expected = 60%
         #expect(abs(pace.expectedUsedPercent - 60.0) < 0.01)
-        // delta = 50 - 60 = -10 => behind (in reserve)
         #expect(abs(pace.deltaPercent - -10.0) < 0.01)
         #expect(pace.stage == .behind)
         #expect(pace.willLastToReset == true)
     }
-
-    @Test
-    func weeklyPace_hidesWhenUsageExistsButNoElapsed() {
-        let now = Date(timeIntervalSince1970: 0)
-        let window = RateWindow(
-            usedPercent: 12,
-            windowMinutes: 10080,
-            resetsAt: now.addingTimeInterval(7 * 24 * 3600),
-            resetDescription: nil)
-
-        let pace = UsagePace.weekly(window: window, now: now)
-
-        #expect(pace == nil)
-    }
 }
diff --git a/Tests/CodexBarTests/UsagePaceTextTests.swift b/Tests/CodexBarTests/UsagePaceTextTests.swift
index 7d6b2f010..2fc4cc1ef 100644
--- a/Tests/CodexBarTests/UsagePaceTextTests.swift
+++ b/Tests/CodexBarTests/UsagePaceTextTests.swift
@@ -3,10 +3,24 @@ import Foundation
 import Testing
 @testable import CodexBar
 
-@Suite
 struct UsagePaceTextTests {
+    private static let localizedKeys: [String] = [
+        "Pace: %@",
+        "Pace: %@ · %@",
+        "On pace",
+        "%d%% in deficit",
+        "%d%% in reserve",
+        "Lasts until reset",
+        "Projected empty now",
+        "Projected empty in %@",
+        "Runs out now",
+        "Runs out in %@",
+        "≈ %d%% run-out risk",
+        "%@ · %@",
+    ]
+
     @Test
-    func weeklyPaceDetail_providesLeftRightLabels() throws {
+    func `weekly pace detail provides left right labels`() throws {
         let now = Date(timeIntervalSince1970: 0)
         let window = RateWindow(
             usedPercent: 50,
@@ -22,7 +36,7 @@ struct UsagePaceTextTests {
     }
 
     @Test
-    func weeklyPaceDetail_reportsLastsUntilReset() throws {
+    func `weekly pace detail reports lasts until reset`() throws {
         let now = Date(timeIntervalSince1970: 0)
         let window = RateWindow(
             usedPercent: 10,
@@ -38,7 +52,7 @@ struct UsagePaceTextTests {
     }
 
     @Test
-    func weeklyPaceSummary_formatsSingleLineText() throws {
+    func `weekly pace summary formats single line text`() throws {
         let now = Date(timeIntervalSince1970: 0)
         let window = RateWindow(
             usedPercent: 50,
@@ -53,7 +67,7 @@ struct UsagePaceTextTests {
     }
 
     @Test
-    func weeklyPaceDetail_formatsRoundedRiskWhenAvailable() {
+    func `weekly pace detail formats rounded risk when available`() {
         let now = Date(timeIntervalSince1970: 0)
         let pace = UsagePace(
             stage: .ahead,
@@ -72,7 +86,7 @@ struct UsagePaceTextTests {
     // MARK: - Session pace (5-hour window)
 
     @Test
-    func sessionPaceDetail_providesLeftRightLabels() {
+    func `session pace detail provides left right labels`() {
         let now = Date(timeIntervalSince1970: 0)
         // 300-minute window, 2h remaining => 3h elapsed out of 5h
         // expected = 60%, actual = 80% => 20% ahead (in deficit)
@@ -86,12 +100,12 @@ struct UsagePaceTextTests {
 
         #expect(detail != nil)
         #expect(detail?.leftLabel == "20% in deficit")
-        #expect(detail?.rightLabel != nil)
+        #expect(detail?.rightLabel == "Projected empty in 45m")
         #expect(detail?.stage == .farAhead)
     }
 
     @Test
-    func sessionPaceDetail_reportsLastsUntilReset() {
+    func `session pace detail reports lasts until reset`() {
         let now = Date(timeIntervalSince1970: 0)
         // 300-minute window, 2h remaining => 3h elapsed
         // expected = 60%, actual = 10% => far behind (in reserve)
@@ -109,7 +123,7 @@ struct UsagePaceTextTests {
     }
 
     @Test
-    func sessionPaceSummary_formatsSingleLineText() {
+    func `session pace summary formats single line text`() {
         let now = Date(timeIntervalSince1970: 0)
         let window = RateWindow(
             usedPercent: 80,
@@ -119,12 +133,40 @@ struct UsagePaceTextTests {
 
         let summary = UsagePaceText.sessionSummary(provider: .claude, window: window, now: now)
 
-        #expect(summary != nil)
-        #expect(summary?.hasPrefix("Pace:") == true)
+        #expect(summary == "Pace: 20% in deficit · Projected empty in 45m")
+    }
+
+    @Test
+    func `session pace detail supports Ollama five hour window`() {
+        let now = Date(timeIntervalSince1970: 0)
+        let window = RateWindow(
+            usedPercent: 80,
+            windowMinutes: 300,
+            resetsAt: now.addingTimeInterval(2 * 3600),
+            resetDescription: nil)
+
+        let detail = UsagePaceText.sessionDetail(provider: .ollama, window: window, now: now)
+
+        #expect(detail?.leftLabel == "20% in deficit")
+        #expect(detail?.rightLabel == "Projected empty in 45m")
     }
 
     @Test
-    func sessionPaceDetail_hidesForUnsupportedProvider() {
+    func `session pace detail hides Ollama window without explicit duration`() {
+        let now = Date(timeIntervalSince1970: 0)
+        let window = RateWindow(
+            usedPercent: 80,
+            windowMinutes: nil,
+            resetsAt: now.addingTimeInterval(2 * 3600),
+            resetDescription: nil)
+
+        let detail = UsagePaceText.sessionDetail(provider: .ollama, window: window, now: now)
+
+        #expect(detail == nil)
+    }
+
+    @Test
+    func `session pace detail hides for unsupported provider`() {
         let now = Date(timeIntervalSince1970: 0)
         let window = RateWindow(
             usedPercent: 50,
@@ -138,7 +180,7 @@ struct UsagePaceTextTests {
     }
 
     @Test
-    func sessionPaceDetail_hidesWhenResetIsMissing() {
+    func `session pace detail hides when reset is missing`() {
         let now = Date(timeIntervalSince1970: 0)
         let window = RateWindow(
             usedPercent: 50,
@@ -150,4 +192,46 @@ struct UsagePaceTextTests {
 
         #expect(detail == nil)
     }
+
+    @Test
+    func `usage pace text localization keys exist in en and zh Hans with matching placeholders`() throws {
+        let root = URL(fileURLWithPath: #filePath)
+            .deletingLastPathComponent()
+            .deletingLastPathComponent()
+            .deletingLastPathComponent()
+
+        let enURL = root.appendingPathComponent("Sources/CodexBar/Resources/en.lproj/Localizable.strings")
+        let zhURL = root.appendingPathComponent("Sources/CodexBar/Resources/zh-Hans.lproj/Localizable.strings")
+
+        let en = try Self.readStringsTable(at: enURL)
+        let zh = try Self.readStringsTable(at: zhURL)
+
+        for key in Self.localizedKeys {
+            let enValue = try #require(en[key], "Missing en key: \(key)")
+            let zhValue = try #require(zh[key], "Missing zh-Hans key: \(key)")
+            #expect(
+                Self.placeholderTokens(in: enValue) == Self.placeholderTokens(in: zhValue),
+                "Placeholder mismatch for key '\(key)': en='\(enValue)' zh='\(zhValue)'")
+        }
+    }
+
+    private static func readStringsTable(at url: URL) throws -> [String: String] {
+        guard let dict = NSDictionary(contentsOf: url) as? [String: String] else {
+            throw NSError(
+                domain: "UsagePaceTextTests",
+                code: 1,
+                userInfo: [NSLocalizedDescriptionKey: "Failed to parse strings file at \(url.path)"])
+        }
+        return dict
+    }
+
+    private static func placeholderTokens(in value: String) -> [String] {
+        guard let regex = try? NSRegularExpression(pattern: "%(?:\\d+\\$)?[@dDuUxXfFeEgGcCsSpaA]") else {
+            return []
+        }
+        let nsRange = NSRange(value.startIndex..<value.endIndex, in: value)
+        return regex
+            .matches(in: value, options: [], range: nsRange)
+            .compactMap { Range($0.range, in: value).map { String(value[$0]) } }
+    }
 }
diff --git a/Tests/CodexBarTests/UsageStoreCoverageTests.swift b/Tests/CodexBarTests/UsageStoreCoverageTests.swift
index 037a7180c..f771e0bc8 100644
--- a/Tests/CodexBarTests/UsageStoreCoverageTests.swift
+++ b/Tests/CodexBarTests/UsageStoreCoverageTests.swift
@@ -4,10 +4,9 @@ import Testing
 @testable import CodexBar
 
 @MainActor
-@Suite
 struct UsageStoreCoverageTests {
     @Test
-    func providerWithHighestUsageAndIconStyle() throws {
+    func `provider with highest usage and icon style`() throws {
         let settings = Self.makeSettingsStore(suite: "UsageStoreCoverageTests-highest")
         let store = Self.makeUsageStore(settings: settings)
         let metadata = ProviderRegistry.shared.metadata
@@ -50,7 +49,7 @@ struct UsageStoreCoverageTests {
     }
 
     @Test
-    func sourceLabelAddsOpenAIWeb() {
+    func `source label adds open AI web`() {
         let settings = Self.makeSettingsStore(suite: "UsageStoreCoverageTests-source")
         settings.debugDisableKeychainAccess = false
         settings.codexUsageDataSource = .oauth
@@ -72,7 +71,7 @@ struct UsageStoreCoverageTests {
     }
 
     @Test
-    func sourceLabelUsesConfiguredKiloSource() {
+    func `source label uses configured kilo source`() {
         let settings = Self.makeSettingsStore(suite: "UsageStoreCoverageTests-kilo-source")
         settings.kiloUsageDataSource = .api
 
@@ -81,7 +80,20 @@ struct UsageStoreCoverageTests {
     }
 
     @Test
-    func providerWithHighestUsagePrefersKimiRateLimitWindow() throws {
+    func `permission prompt errors are detected for notifications`() {
+        let errors: [LocalizedTestError] = [
+            LocalizedTestError("Waiting for folder trust prompt"),
+            LocalizedTestError("Permission prompt is waiting in the CLI"),
+        ]
+
+        for error in errors {
+            #expect(UsageStore.isPermissionPromptWaiting(error))
+        }
+        #expect(!UsageStore.isPermissionPromptWaiting(LocalizedTestError("network timeout")))
+    }
+
+    @Test
+    func `provider with highest usage prefers kimi rate limit window`() throws {
         let settings = Self.makeSettingsStore(suite: "UsageStoreCoverageTests-kimi-highest")
         let store = Self.makeUsageStore(settings: settings)
         let metadata = ProviderRegistry.shared.metadata
@@ -109,7 +121,7 @@ struct UsageStoreCoverageTests {
     }
 
     @Test
-    func providerAvailabilityAndSubscriptionDetection() {
+    func `provider availability and subscription detection`() {
         let zaiStore = InMemoryZaiTokenStore(value: "zai-token")
         let syntheticStore = InMemorySyntheticTokenStore(value: "synthetic-token")
         let settings = Self.makeSettingsStore(
@@ -135,10 +147,288 @@ struct UsageStoreCoverageTests {
     }
 
     @Test
-    func statusIndicatorsAndFailureGate() {
+    func `background refresh only tracks enabled providers`() throws {
+        let settings = Self.makeSettingsStore(suite: "UsageStoreCoverageTests-background-refresh")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+
+        let metadata = ProviderRegistry.shared.metadata
+        for provider in UsageProvider.allCases {
+            try settings.setProviderEnabled(
+                provider: provider,
+                metadata: #require(metadata[provider]),
+                enabled: false)
+        }
+        try settings.setProviderEnabled(provider: .codex, metadata: #require(metadata[.codex]), enabled: true)
+
+        let store = Self.makeUsageStore(settings: settings)
+        let staleSnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 25, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        store._setSnapshotForTesting(staleSnapshot, provider: .claude)
+        store._setErrorForTesting("stale", provider: .claude)
+        store.statuses[.claude] = ProviderStatus(indicator: .major, description: "Outage", updatedAt: Date())
+
+        #expect(store.enabledProviders() == [.codex])
+
+        store.clearDisabledProviderState(enabledProviders: Set(store.enabledProvidersForDisplay()))
+
+        #expect(store.snapshot(for: .claude) == nil)
+        #expect(store.errors[.claude] == nil)
+        #expect(store.statuses[.claude] == nil)
+    }
+
+    @Test
+    func `cleanup preserves enabled but unavailable provider state`() throws {
+        let settings = Self.makeSettingsStore(suite: "UsageStoreCoverageTests-preserve-unavailable")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+
+        let metadata = ProviderRegistry.shared.metadata
+        for provider in UsageProvider.allCases {
+            try settings.setProviderEnabled(
+                provider: provider,
+                metadata: #require(metadata[provider]),
+                enabled: false)
+        }
+        try settings.setProviderEnabled(
+            provider: .synthetic,
+            metadata: #require(metadata[.synthetic]),
+            enabled: true)
+
+        let store = Self.makeUsageStore(settings: settings)
+        let staleSnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 25, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        store._setSnapshotForTesting(staleSnapshot, provider: .synthetic)
+        store._setErrorForTesting("stale", provider: .synthetic)
+        store.statuses[.synthetic] = ProviderStatus(indicator: .major, description: "Outage", updatedAt: Date())
+
+        #expect(store.enabledProviders().isEmpty)
+        #expect(store.enabledProvidersForDisplay() == [.synthetic])
+
+        store.clearDisabledProviderState(enabledProviders: Set(store.enabledProvidersForDisplay()))
+
+        #expect(store.snapshot(for: .synthetic) != nil)
+        #expect(store.errors[.synthetic] == "stale")
+        #expect(store.statuses[.synthetic]?.indicator == .major)
+    }
+
+    @Test
+    func `background work excludes enabled but unavailable providers`() throws {
+        let settings = Self.makeSettingsStore(suite: "UsageStoreCoverageTests-background-unavailable")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+
+        let metadata = ProviderRegistry.shared.metadata
+        for provider in UsageProvider.allCases {
+            try settings.setProviderEnabled(
+                provider: provider,
+                metadata: #require(metadata[provider]),
+                enabled: false)
+        }
+        try settings.setProviderEnabled(
+            provider: .synthetic,
+            metadata: #require(metadata[.synthetic]),
+            enabled: true)
+
+        let store = Self.makeUsageStore(settings: settings)
+
+        #expect(store.enabledProvidersForDisplay() == [.synthetic])
+        #expect(store.enabledProviders().isEmpty)
+        #expect(store.enabledProvidersForBackgroundWork().isEmpty)
+    }
+
+    @Test
+    func `visible unavailable provider gets explicit user facing state`() throws {
+        let settings = Self.makeSettingsStore(suite: "UsageStoreCoverageTests-unavailable-message")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+
+        let metadata = ProviderRegistry.shared.metadata
+        for provider in UsageProvider.allCases {
+            try settings.setProviderEnabled(
+                provider: provider,
+                metadata: #require(metadata[provider]),
+                enabled: false)
+        }
+        try settings.setProviderEnabled(
+            provider: .synthetic,
+            metadata: #require(metadata[.synthetic]),
+            enabled: true)
+
+        let store = Self.makeUsageStore(settings: settings)
+
+        #expect(store.errors[.synthetic] == nil)
+        #expect(store.enabledProvidersForDisplay() == [.synthetic])
+        #expect(store.isProviderAvailable(.synthetic) == false)
+        #expect(store.userFacingError(for: .synthetic) == SyntheticSettingsError.missingToken.errorDescription)
+        #expect(store.unavailableMessage(for: .synthetic) == SyntheticSettingsError.missingToken.errorDescription)
+    }
+
+    @Test
+    func `refresh clears enabled but unavailable cached state`() async throws {
+        let settings = Self.makeSettingsStore(suite: "UsageStoreCoverageTests-background-cleanup")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+
+        let metadata = ProviderRegistry.shared.metadata
+        for provider in UsageProvider.allCases {
+            try settings.setProviderEnabled(
+                provider: provider,
+                metadata: #require(metadata[provider]),
+                enabled: false)
+        }
+        try settings.setProviderEnabled(
+            provider: .synthetic,
+            metadata: #require(metadata[.synthetic]),
+            enabled: true)
+
+        let store = Self.makeUsageStore(settings: settings)
+        let cachedSnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 25, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        store._setSnapshotForTesting(cachedSnapshot, provider: .synthetic)
+        let account = ProviderTokenAccount(id: UUID(), label: "Account", token: "token", addedAt: 0, lastUsed: nil)
+        store.accountSnapshots[.synthetic] = [
+            TokenAccountUsageSnapshot(account: account, snapshot: cachedSnapshot, error: nil, sourceLabel: "api"),
+        ]
+        store._setTokenSnapshotForTesting(
+            CostUsageTokenSnapshot(
+                sessionTokens: 10,
+                sessionCostUSD: 1.23,
+                last30DaysTokens: 100,
+                last30DaysCostUSD: 4.56,
+                daily: [],
+                updatedAt: Date()),
+            provider: .synthetic)
+
+        #expect(store.enabledProvidersForDisplay() == [.synthetic])
+        #expect(store.enabledProviders().isEmpty)
+        #expect(store.enabledProvidersForBackgroundWork().isEmpty)
+
+        await store.refresh()
+        #expect(store.snapshot(for: .synthetic) == nil)
+        #expect((store.accountSnapshots[.synthetic] ?? []).isEmpty)
+        #expect(store.tokenSnapshots[.synthetic] == nil)
+        #expect(store.enabledProvidersForBackgroundWork().isEmpty)
+    }
+
+    @Test
+    func `refresh clears enabled but unavailable failure state`() async throws {
+        let settings = Self.makeSettingsStore(suite: "UsageStoreCoverageTests-background-failure-cleanup")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+
+        let metadata = ProviderRegistry.shared.metadata
+        for provider in UsageProvider.allCases {
+            try settings.setProviderEnabled(
+                provider: provider,
+                metadata: #require(metadata[provider]),
+                enabled: false)
+        }
+        try settings.setProviderEnabled(
+            provider: .synthetic,
+            metadata: #require(metadata[.synthetic]),
+            enabled: true)
+
+        let store = Self.makeUsageStore(settings: settings)
+        store._setErrorForTesting("stale", provider: .synthetic)
+        store.statuses[.synthetic] = ProviderStatus(indicator: .major, description: "Outage", updatedAt: Date())
+        store.tokenErrors[.synthetic] = "token stale"
+
+        #expect(store.enabledProvidersForDisplay() == [.synthetic])
+        #expect(store.enabledProviders().isEmpty)
+        #expect(store.enabledProvidersForBackgroundWork().isEmpty)
+
+        await store.refresh()
+
+        #expect(store.errors[.synthetic] == nil)
+        #expect(store.tokenErrors[.synthetic] == nil)
+        #expect(store.statuses[.synthetic] == nil)
+        #expect(store.enabledProvidersForBackgroundWork().isEmpty)
+    }
+
+    @Test
+    func `widget snapshot projects provider derived token usage`() async throws {
+        let settings = Self.makeSettingsStore(suite: "UsageStoreCoverageTests-widget-provider-cost")
+        let store = Self.makeUsageStore(settings: settings)
+        let day = MistralDailyUsageBucket(
+            day: "2026-05-26",
+            cost: 1.2,
+            inputTokens: 10,
+            cachedTokens: 0,
+            outputTokens: 5,
+            models: [])
+        store._setSnapshotForTesting(MistralUsageSnapshot(
+            totalCost: 9,
+            currency: "eur",
+            currencySymbol: "€",
+            totalInputTokens: 10,
+            totalOutputTokens: 5,
+            totalCachedTokens: 0,
+            modelCount: 1,
+            daily: [day],
+            startDate: nil,
+            endDate: nil,
+            updatedAt: Date()).toUsageSnapshot(), provider: .mistral)
+
+        var widgetSnapshots: [WidgetSnapshot] = []
+        store._test_widgetSnapshotSaveOverride = { widgetSnapshots.append($0) }
+        defer { store._test_widgetSnapshotSaveOverride = nil }
+
+        store.persistWidgetSnapshot(reason: "provider-cost")
+        await store.widgetSnapshotPersistTask?.value
+
+        let mistralEntry = try #require(widgetSnapshots.last?.entries.first { $0.provider == .mistral })
+        #expect(mistralEntry.tokenUsage?.currencyCode == "EUR")
+        #expect(mistralEntry.tokenUsage?.sessionLabel == "Latest billing day")
+        #expect(mistralEntry.tokenUsage?.last30DaysLabel == "This month")
+        #expect(mistralEntry.tokenUsage?.last30DaysCostUSD == 9)
+    }
+
+    @Test
+    func `unavailable provider with only cached status gets single cleanup pass`() async throws {
+        let settings = Self.makeSettingsStore(suite: "UsageStoreCoverageTests-background-status-cleanup")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = true
+
+        let metadata = ProviderRegistry.shared.metadata
+
+        for provider in UsageProvider.allCases {
+            try settings.setProviderEnabled(
+                provider: provider,
+                metadata: #require(metadata[provider]),
+                enabled: false)
+        }
+        try settings.setProviderEnabled(
+            provider: .synthetic,
+            metadata: #require(metadata[.synthetic]),
+            enabled: true)
+
+        let store = Self.makeUsageStore(settings: settings)
+        store.statuses[.synthetic] = ProviderStatus(indicator: .major, description: "Outage", updatedAt: Date())
+
+        #expect(store.enabledProvidersForDisplay() == [.synthetic])
+        #expect(store.enabledProviders().isEmpty)
+        #expect(store.enabledProvidersForBackgroundWork().isEmpty)
+
+        await store.refresh()
+
+        #expect(store.statuses[.synthetic] == nil)
+        #expect(store.enabledProvidersForBackgroundWork().isEmpty)
+    }
+
+    @Test
+    func `status indicators and failure gate`() {
         #expect(!ProviderStatusIndicator.none.hasIssue)
         #expect(ProviderStatusIndicator.maintenance.hasIssue)
-        #expect(ProviderStatusIndicator.unknown.label == "Status unknown")
+        CodexBarLocalizationOverride.$appLanguage.withValue("en") {
+            #expect(ProviderStatusIndicator.unknown.label == "Status unknown")
+        }
 
         var gate = ConsecutiveFailureGate()
         let first = gate.shouldSurfaceError(onFailureWithPriorData: true)
@@ -152,6 +442,35 @@ struct UsageStoreCoverageTests {
         #expect(gate.streak == 0)
     }
 
+    @Test
+    func `token account error message ignores cancellation`() {
+        let settings = Self.makeSettingsStore(suite: "UsageStoreCoverageTests-token-account-cancel")
+        let store = Self.makeUsageStore(settings: settings)
+
+        #expect(store.tokenAccountErrorMessage(CancellationError()) == nil)
+        #expect(store.tokenAccountErrorMessage(ProviderFetchError.noAvailableStrategy(.copilot)) != nil)
+    }
+
+    @Test
+    func `isPreservableNetworkTransportError classifies transport failures correctly`() {
+        #expect(UsageStore.isPreservableNetworkTransportError(
+            NSError(domain: NSURLErrorDomain, code: NSURLErrorCannotFindHost)))
+        #expect(UsageStore.isPreservableNetworkTransportError(
+            NSError(domain: NSURLErrorDomain, code: NSURLErrorCannotConnectToHost)))
+        #expect(UsageStore.isPreservableNetworkTransportError(
+            NSError(domain: NSURLErrorDomain, code: NSURLErrorDNSLookupFailed)))
+        #expect(UsageStore.isPreservableNetworkTransportError(
+            NSError(domain: NSURLErrorDomain, code: NSURLErrorTimedOut)))
+        #expect(UsageStore.isPreservableNetworkTransportError(
+            NSError(domain: NSURLErrorDomain, code: NSURLErrorNotConnectedToInternet)))
+        #expect(UsageStore.isPreservableNetworkTransportError(
+            NSError(domain: NSURLErrorDomain, code: NSURLErrorNetworkConnectionLost)))
+        #expect(UsageStore.isPreservableNetworkTransportError(
+            NSError(domain: NSURLErrorDomain, code: NSURLErrorCancelled)))
+        #expect(!UsageStore.isPreservableNetworkTransportError(
+            NSError(domain: NSCocoaErrorDomain, code: 0)))
+    }
+
     private static func makeSettingsStore(
         suite: String,
         zaiTokenStore: any ZaiTokenStoring = NoopZaiTokenStore(),
@@ -162,7 +481,7 @@ struct UsageStoreCoverageTests {
         defaults.removePersistentDomain(forName: suite)
         let configStore = testConfigStore(suiteName: suite)
 
-        return SettingsStore(
+        let settings = SettingsStore(
             userDefaults: defaults,
             configStore: configStore,
             zaiTokenStore: zaiTokenStore,
@@ -180,13 +499,16 @@ struct UsageStoreCoverageTests {
             ampCookieStore: InMemoryCookieHeaderStore(),
             copilotTokenStore: InMemoryCopilotTokenStore(),
             tokenAccountStore: InMemoryTokenAccountStore())
+        settings.providerDetectionCompleted = true
+        return settings
     }
 
     private static func makeUsageStore(settings: SettingsStore) -> UsageStore {
         UsageStore(
             fetcher: UsageFetcher(environment: [:]),
             browserDetection: BrowserDetection(cacheTTL: 0),
-            settings: settings)
+            settings: settings,
+            environmentBase: [:])
     }
 }
 
@@ -221,3 +543,15 @@ private final class InMemorySyntheticTokenStore: SyntheticTokenStoring, @uncheck
         self.value = token
     }
 }
+
+private struct LocalizedTestError: LocalizedError {
+    let message: String
+
+    init(_ message: String) {
+        self.message = message
+    }
+
+    var errorDescription: String? {
+        self.message
+    }
+}
diff --git a/Tests/CodexBarTests/UsageStoreHighestUsageTests.swift b/Tests/CodexBarTests/UsageStoreHighestUsageTests.swift
index c75944d63..49a353234 100644
--- a/Tests/CodexBarTests/UsageStoreHighestUsageTests.swift
+++ b/Tests/CodexBarTests/UsageStoreHighestUsageTests.swift
@@ -4,10 +4,9 @@ import Testing
 @testable import CodexBar
 
 @MainActor
-@Suite
 struct UsageStoreHighestUsageTests {
     @Test
-    func selectsHighestUsageAmongEnabledProviders() {
+    func `selects highest usage among enabled providers`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "UsageStoreHighestUsageTests-selects"),
             zaiTokenStore: NoopZaiTokenStore(),
@@ -44,7 +43,7 @@ struct UsageStoreHighestUsageTests {
     }
 
     @Test
-    func skipsFullyUsedProviders() {
+    func `skips fully used providers`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "UsageStoreHighestUsageTests-skips"),
             zaiTokenStore: NoopZaiTokenStore(),
@@ -81,7 +80,7 @@ struct UsageStoreHighestUsageTests {
     }
 
     @Test
-    func automaticMetricUsesSecondaryForKimiWhenRankingHighestUsage() {
+    func `automatic metric uses secondary for kimi when ranking highest usage`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "UsageStoreHighestUsageTests-kimi-automatic"),
             zaiTokenStore: NoopZaiTokenStore(),
@@ -119,7 +118,86 @@ struct UsageStoreHighestUsageTests {
     }
 
     @Test
-    func automaticMetricKeepsCopilotMostConstrainedRanking() {
+    func `automatic metric uses antigravity tertiary when leading lanes are missing`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "UsageStoreHighestUsageTests-antigravity-tertiary"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.setMenuBarMetricPreference(.automatic, for: .antigravity)
+
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        if let antigravityMeta = registry.metadata[.antigravity] {
+            settings.setProviderEnabled(provider: .antigravity, metadata: antigravityMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+
+        let codexSnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 70, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        let antigravitySnapshot = UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            tertiary: RateWindow(usedPercent: 85, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(codexSnapshot, provider: .codex)
+        store._setSnapshotForTesting(antigravitySnapshot, provider: .antigravity)
+
+        let highest = store.providerWithHighestUsage()
+        #expect(highest?.provider == .antigravity)
+        #expect(highest?.usedPercent == 85)
+    }
+
+    @Test
+    func `automatic metric uses zai 5-hour token lane when ranking highest usage`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "UsageStoreHighestUsageTests-zai-automatic-tertiary"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.setMenuBarMetricPreference(.automatic, for: .zai)
+        settings.addTokenAccount(provider: .zai, label: "Primary", token: "zai-token")
+
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        if let zaiMeta = registry.metadata[.zai] {
+            settings.setProviderEnabled(provider: .zai, metadata: zaiMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+
+        let codexSnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 70, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        let zaiSnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 15, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 10, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 90, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(codexSnapshot, provider: .codex)
+        store._setSnapshotForTesting(zaiSnapshot, provider: .zai)
+
+        let highest = store.providerWithHighestUsage()
+        #expect(highest?.provider == .zai)
+        #expect(highest?.usedPercent == 90)
+    }
+
+    @Test
+    func `automatic metric keeps copilot most constrained ranking`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "UsageStoreHighestUsageTests-copilot-automatic"),
             zaiTokenStore: NoopZaiTokenStore(),
@@ -157,7 +235,7 @@ struct UsageStoreHighestUsageTests {
     }
 
     @Test
-    func automaticMetricDoesNotExcludePartiallyAvailableCopilotAtHundredPercent() {
+    func `automatic metric does not exclude partially available copilot at hundred percent`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "UsageStoreHighestUsageTests-copilot-partial-100"),
             zaiTokenStore: NoopZaiTokenStore(),
@@ -195,7 +273,7 @@ struct UsageStoreHighestUsageTests {
     }
 
     @Test
-    func automaticMetricExcludesCopilotWhenBothLanesAreExhausted() {
+    func `automatic metric excludes copilot when both lanes are exhausted`() {
         let settings = SettingsStore(
             configStore: testConfigStore(suiteName: "UsageStoreHighestUsageTests-copilot-both-100"),
             zaiTokenStore: NoopZaiTokenStore(),
@@ -231,4 +309,277 @@ struct UsageStoreHighestUsageTests {
         #expect(highest?.provider == .codex)
         #expect(highest?.usedPercent == 80)
     }
+
+    @Test
+    func `automatic metric uses tertiary when it is most constrained for cursor`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "UsageStoreHighestUsageTests-cursor-tertiary"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.setMenuBarMetricPreference(.automatic, for: .cursor)
+
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        if let cursorMeta = registry.metadata[.cursor] {
+            settings.setProviderEnabled(provider: .cursor, metadata: cursorMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+
+        let codexSnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 50, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        let cursorSnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 20, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 95, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(codexSnapshot, provider: .codex)
+        store._setSnapshotForTesting(cursorSnapshot, provider: .cursor)
+
+        let highest = store.providerWithHighestUsage()
+        #expect(highest?.provider == .cursor)
+        #expect(highest?.usedPercent == 95)
+    }
+
+    @Test
+    func `automatic metric keeps perplexity in highest usage when purchased credits remain`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "UsageStoreHighestUsageTests-perplexity-purchased"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.setMenuBarMetricPreference(.automatic, for: .perplexity)
+
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        if let perplexityMeta = registry.metadata[.perplexity] {
+            settings.setProviderEnabled(provider: .perplexity, metadata: perplexityMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+
+        let codexSnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 15, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        let perplexitySnapshot = UsageSnapshot(
+            primary: nil,
+            secondary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 45, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(codexSnapshot, provider: .codex)
+        store._setSnapshotForTesting(perplexitySnapshot, provider: .perplexity)
+
+        let highest = store.providerWithHighestUsage()
+        #expect(highest?.provider == .perplexity)
+        #expect(highest?.usedPercent == 45)
+    }
+
+    @Test
+    func `automatic metric ignores exhausted recurring perplexity lane when fallback remains`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "UsageStoreHighestUsageTests-perplexity-recurring-exhausted"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.setMenuBarMetricPreference(.automatic, for: .perplexity)
+
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        if let perplexityMeta = registry.metadata[.perplexity] {
+            settings.setProviderEnabled(provider: .perplexity, metadata: perplexityMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+
+        let codexSnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 25, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        let perplexitySnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(codexSnapshot, provider: .codex)
+        store._setSnapshotForTesting(perplexitySnapshot, provider: .perplexity)
+
+        let highest = store.providerWithHighestUsage()
+        #expect(highest?.provider == .perplexity)
+        #expect(highest?.usedPercent == 40)
+    }
+
+    @Test
+    func `automatic metric prefers purchased perplexity credits before bonus in highest usage`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "UsageStoreHighestUsageTests-perplexity-purchased-before-bonus"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.setMenuBarMetricPreference(.automatic, for: .perplexity)
+
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        if let perplexityMeta = registry.metadata[.perplexity] {
+            settings.setProviderEnabled(provider: .perplexity, metadata: perplexityMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+
+        let codexSnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 30, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        let perplexitySnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 20, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 45, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(codexSnapshot, provider: .codex)
+        store._setSnapshotForTesting(perplexitySnapshot, provider: .perplexity)
+
+        let highest = store.providerWithHighestUsage()
+        #expect(highest?.provider == .perplexity)
+        #expect(highest?.usedPercent == 45)
+    }
+
+    @Test
+    func `primary metric keeps exhausted recurring perplexity lane in highest usage selection`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "UsageStoreHighestUsageTests-perplexity-primary-exhausted"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.setMenuBarMetricPreference(.primary, for: .perplexity)
+
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        if let perplexityMeta = registry.metadata[.perplexity] {
+            settings.setProviderEnabled(provider: .perplexity, metadata: perplexityMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+
+        let codexSnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 25, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        let perplexitySnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(codexSnapshot, provider: .codex)
+        store._setSnapshotForTesting(perplexitySnapshot, provider: .perplexity)
+
+        let highest = store.providerWithHighestUsage()
+        #expect(highest?.provider == .codex)
+        #expect(highest?.usedPercent == 25)
+    }
+
+    @Test
+    func `automatic metric excludes cursor when all opus lanes are exhausted`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "UsageStoreHighestUsageTests-cursor-all-100"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.setMenuBarMetricPreference(.automatic, for: .cursor)
+
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        if let cursorMeta = registry.metadata[.cursor] {
+            settings.setProviderEnabled(provider: .cursor, metadata: cursorMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+
+        let codexSnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 80, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        let cursorSnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(codexSnapshot, provider: .codex)
+        store._setSnapshotForTesting(cursorSnapshot, provider: .cursor)
+
+        let highest = store.providerWithHighestUsage()
+        #expect(highest?.provider == .codex)
+        #expect(highest?.usedPercent == 80)
+    }
+
+    @Test
+    func `cursor highest usage keeps provider when saved tertiary falls back to automatic`() {
+        let settings = SettingsStore(
+            configStore: testConfigStore(suiteName: "UsageStoreHighestUsageTests-cursor-missing-tertiary"),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.setMenuBarMetricPreference(.tertiary, for: .cursor)
+
+        let registry = ProviderRegistry.shared
+        if let codexMeta = registry.metadata[.codex] {
+            settings.setProviderEnabled(provider: .codex, metadata: codexMeta, enabled: true)
+        }
+        if let cursorMeta = registry.metadata[.cursor] {
+            settings.setProviderEnabled(provider: .cursor, metadata: cursorMeta, enabled: true)
+        }
+
+        let fetcher = UsageFetcher()
+        let store = UsageStore(fetcher: fetcher, browserDetection: BrowserDetection(cacheTTL: 0), settings: settings)
+
+        let codexSnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        let cursorSnapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 100, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 60, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: nil,
+            updatedAt: Date())
+
+        store._setSnapshotForTesting(codexSnapshot, provider: .codex)
+        store._setSnapshotForTesting(cursorSnapshot, provider: .cursor)
+
+        let highest = store.providerWithHighestUsage()
+        #expect(highest?.provider == .cursor)
+        #expect(highest?.usedPercent == 100)
+    }
 }
diff --git a/Tests/CodexBarTests/UsageStoreManualTokenRefreshTests.swift b/Tests/CodexBarTests/UsageStoreManualTokenRefreshTests.swift
new file mode 100644
index 000000000..014ce6716
--- /dev/null
+++ b/Tests/CodexBarTests/UsageStoreManualTokenRefreshTests.swift
@@ -0,0 +1,204 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+private actor TokenRefreshGate {
+    private var didStart = false
+    private var didFinish = false
+    private var released = false
+    private var startWaiters: [CheckedContinuation<Void, Never>] = []
+    private var releaseWaiters: [CheckedContinuation<Void, Never>] = []
+    private(set) var calls: [(provider: UsageProvider, force: Bool)] = []
+
+    func start(provider: UsageProvider, force: Bool) {
+        self.didStart = true
+        self.calls.append((provider, force))
+        let waiters = self.startWaiters
+        self.startWaiters.removeAll()
+        waiters.forEach { $0.resume() }
+    }
+
+    func waitForStart() async {
+        if self.didStart { return }
+        await withCheckedContinuation { continuation in
+            self.startWaiters.append(continuation)
+        }
+    }
+
+    func waitForRelease() async {
+        if self.released { return }
+        await withCheckedContinuation { continuation in
+            self.releaseWaiters.append(continuation)
+        }
+    }
+
+    func release() {
+        self.released = true
+        let waiters = self.releaseWaiters
+        self.releaseWaiters.removeAll()
+        waiters.forEach { $0.resume() }
+    }
+
+    func finish() {
+        self.didFinish = true
+    }
+
+    func hasFinished() -> Bool {
+        self.didFinish
+    }
+}
+
+private actor CompletionFlag {
+    private var completed = false
+
+    func markCompleted() {
+        self.completed = true
+    }
+
+    func isCompleted() -> Bool {
+        self.completed
+    }
+}
+
+private actor TokenRefreshRecorder {
+    private(set) var calls: [(provider: UsageProvider, force: Bool)] = []
+
+    func record(provider: UsageProvider, force: Bool) {
+        self.calls.append((provider, force))
+    }
+}
+
+@MainActor
+@Suite(.serialized)
+struct UsageStoreManualTokenRefreshTests {
+    @Test
+    func `manual refresh waits for token-cost refresh before completing`() async {
+        let store = Self.makeStore()
+        let gate = TokenRefreshGate()
+        let completion = CompletionFlag()
+        store._test_providerRefreshOverride = { _ in }
+        store._test_tokenUsageRefreshOverride = { provider, force in
+            await gate.start(provider: provider, force: force)
+            await gate.waitForRelease()
+            await gate.finish()
+        }
+
+        let task = Task { @MainActor in
+            await store.refresh(forceTokenUsage: true)
+            await completion.markCompleted()
+        }
+
+        await gate.waitForStart()
+        #expect(await completion.isCompleted() == false)
+        #expect(await gate.hasFinished() == false)
+
+        await gate.release()
+        await task.value
+
+        #expect(await completion.isCompleted())
+        #expect(await gate.hasFinished())
+        #expect(await gate.calls.map(\.provider) == [.codex])
+        #expect(await gate.calls.map(\.force) == [true])
+    }
+
+    @Test
+    func `manual refresh drains scheduled token-cost refresh before forced pass`() async {
+        let store = Self.makeStore()
+        let scheduledGate = TokenRefreshGate()
+        let forcedGate = TokenRefreshGate()
+        let recorder = TokenRefreshRecorder()
+        let completion = CompletionFlag()
+        store._test_providerRefreshOverride = { _ in }
+        store._test_tokenUsageRefreshOverride = { provider, force in
+            await recorder.record(provider: provider, force: force)
+            if force {
+                await forcedGate.start(provider: provider, force: force)
+                await forcedGate.waitForRelease()
+                await forcedGate.finish()
+            } else {
+                await scheduledGate.start(provider: provider, force: force)
+                await scheduledGate.waitForRelease()
+                await scheduledGate.finish()
+            }
+        }
+
+        await store.refresh(forceTokenUsage: false)
+        await scheduledGate.waitForStart()
+
+        let task = Task { @MainActor in
+            await store.refresh(forceTokenUsage: true)
+            await completion.markCompleted()
+        }
+
+        try? await Task.sleep(for: .milliseconds(50))
+        #expect(await completion.isCompleted() == false)
+
+        await scheduledGate.release()
+        await forcedGate.waitForStart()
+        #expect(await completion.isCompleted() == false)
+
+        await forcedGate.release()
+        await task.value
+
+        #expect(await completion.isCompleted())
+        #expect(await scheduledGate.hasFinished())
+        #expect(await forcedGate.hasFinished())
+        #expect(await recorder.calls.map(\.provider) == [.codex, .codex])
+        #expect(await recorder.calls.map(\.force) == [false, true])
+    }
+
+    @Test
+    func `regular refresh schedules token-cost refresh without waiting`() async {
+        let store = Self.makeStore()
+        let gate = TokenRefreshGate()
+        store._test_providerRefreshOverride = { _ in }
+        store._test_tokenUsageRefreshOverride = { provider, force in
+            await gate.start(provider: provider, force: force)
+            await gate.waitForRelease()
+            await gate.finish()
+        }
+
+        await store.refresh(forceTokenUsage: false)
+        #expect(await gate.hasFinished() == false)
+
+        await gate.release()
+        try? await Task.sleep(for: .milliseconds(50))
+        let calls = await gate.calls
+        if !calls.isEmpty {
+            #expect(calls.map(\.provider) == [.codex])
+            #expect(calls.map(\.force) == [false])
+            #expect(await gate.hasFinished())
+        }
+    }
+
+    private static func makeStore() -> UsageStore {
+        let suite = "UsageStoreManualTokenRefreshTests-\(UUID().uuidString)"
+        let defaults = UserDefaults(suiteName: suite)!
+        defaults.removePersistentDomain(forName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.costUsageEnabled = true
+        settings.openAIWebAccessEnabled = false
+        settings.codexCookieSource = .off
+        settings.providerDetectionCompleted = true
+
+        let registry = ProviderRegistry.shared
+        for provider in UsageProvider.allCases {
+            guard let metadata = registry.metadata[provider] else { continue }
+            settings.setProviderEnabled(provider: provider, metadata: metadata, enabled: provider == .codex)
+        }
+
+        return UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing,
+            environmentBase: [:])
+    }
+}
diff --git a/Tests/CodexBarTests/UsageStorePathDebugTests.swift b/Tests/CodexBarTests/UsageStorePathDebugTests.swift
index a73a8b3eb..856fc178c 100644
--- a/Tests/CodexBarTests/UsageStorePathDebugTests.swift
+++ b/Tests/CodexBarTests/UsageStorePathDebugTests.swift
@@ -4,10 +4,9 @@ import Testing
 @testable import CodexBar
 
 @MainActor
-@Suite
 struct UsageStorePathDebugTests {
     @Test
-    func refreshPathDebugInfoPopulatesSnapshot() async throws {
+    func `refresh path debug info populates snapshot`() async throws {
         let suite = "UsageStorePathDebugTests-path"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -30,4 +29,27 @@ struct UsageStorePathDebugTests {
         #expect(store.pathDebugInfo != .empty)
         #expect(store.pathDebugInfo.effectivePATH.isEmpty == false)
     }
+
+    @Test
+    func `deepseek debug log includes selected token account`() async throws {
+        let suite = "UsageStorePathDebugTests-deepseek-debug-token-account"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+        let configStore = testConfigStore(suiteName: suite)
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            zaiTokenStore: NoopZaiTokenStore())
+        settings.addTokenAccount(provider: .deepseek, label: "Primary", token: "sk-deepseek-test")
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            startupBehavior: .testing,
+            environmentBase: [:])
+
+        let debugLog = await store.debugLog(for: UsageProvider.deepseek)
+
+        #expect(debugLog == "DEEPSEEK_API_KEY=present source=settings-token-account")
+    }
 }
diff --git a/Tests/CodexBarTests/UsageStorePlanUtilizationClaudeIdentityTests.swift b/Tests/CodexBarTests/UsageStorePlanUtilizationClaudeIdentityTests.swift
new file mode 100644
index 000000000..2ccc89a23
--- /dev/null
+++ b/Tests/CodexBarTests/UsageStorePlanUtilizationClaudeIdentityTests.swift
@@ -0,0 +1,244 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct UsageStorePlanUtilizationClaudeIdentityTests {
+    @MainActor
+    @Test
+    func `selected token account chooses matching bucket`() throws {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        store.settings.addTokenAccount(provider: .claude, label: "Alice", token: "alice-token")
+        store.settings.addTokenAccount(provider: .claude, label: "Bob", token: "bob-token")
+        let accounts = store.settings.tokenAccounts(for: .claude)
+        let alice = try #require(accounts.first)
+        let bob = try #require(accounts.last)
+        let aliceKey = try #require(
+            UsageStore._planUtilizationTokenAccountKeyForTesting(provider: .claude, account: alice))
+        let bobKey = try #require(
+            UsageStore._planUtilizationTokenAccountKeyForTesting(provider: .claude, account: bob))
+
+        store.settings.setActiveTokenAccountIndex(0, for: .claude)
+        store.planUtilizationHistory[.claude] = PlanUtilizationHistoryBuckets(accounts: [
+            aliceKey: [planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 20),
+            ])],
+            bobKey: [planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: Date(timeIntervalSince1970: 1_700_086_400), usedPercent: 50),
+            ])],
+        ])
+
+        #expect(store.planUtilizationHistory(for: .claude) == [
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 20),
+            ]),
+        ])
+
+        store.settings.setActiveTokenAccountIndex(1, for: .claude)
+        #expect(store.planUtilizationHistory(for: .claude) == [
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: Date(timeIntervalSince1970: 1_700_086_400), usedPercent: 50),
+            ]),
+        ])
+    }
+
+    @MainActor
+    @Test
+    func `fetched non selected accounts persist into separate claude buckets`() async throws {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        store.settings.addTokenAccount(provider: .claude, label: "Alice", token: "alice-token")
+        store.settings.addTokenAccount(provider: .claude, label: "Bob", token: "bob-token")
+        let accounts = store.settings.tokenAccounts(for: .claude)
+        let alice = try #require(accounts.first)
+        let bob = try #require(accounts.last)
+        let bobKey = try #require(
+            UsageStore._planUtilizationTokenAccountKeyForTesting(provider: .claude, account: bob))
+
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 20, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 30, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: "bob@example.com",
+                accountOrganization: nil,
+                loginMethod: "max"))
+
+        await store.recordFetchedTokenAccountPlanUtilizationHistory(
+            provider: .claude,
+            samples: [(account: bob, snapshot: snapshot)],
+            selectedAccount: alice)
+
+        let buckets = try #require(store.planUtilizationHistory[.claude])
+        let histories = try #require(buckets.accounts[bobKey])
+        #expect(findSeries(histories, name: .session, windowMinutes: 300)?.entries.last?.usedPercent == 10)
+        #expect(findSeries(histories, name: .weekly, windowMinutes: 10080)?.entries.last?.usedPercent == 20)
+        #expect(findSeries(histories, name: .opus, windowMinutes: 10080)?.entries.last?.usedPercent == 30)
+    }
+
+    @MainActor
+    @Test
+    func `first resolved claude token account adopts unscoped history`() throws {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        store.settings.addTokenAccount(provider: .claude, label: "Alice", token: "alice-token")
+        let alice = try #require(store.settings.tokenAccounts(for: .claude).first)
+        let aliceKey = try #require(
+            UsageStore._planUtilizationTokenAccountKeyForTesting(provider: .claude, account: alice))
+        let bootstrap = planSeries(name: .session, windowMinutes: 300, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 15),
+        ])
+        store.planUtilizationHistory[.claude] = PlanUtilizationHistoryBuckets(unscoped: [bootstrap])
+        store.settings.setActiveTokenAccountIndex(0, for: .claude)
+
+        let history = store.planUtilizationHistory(for: .claude)
+        let buckets = try #require(store.planUtilizationHistory[.claude])
+
+        #expect(history == [bootstrap])
+        #expect(buckets.unscoped.isEmpty)
+        #expect(buckets.accounts[aliceKey] == [bootstrap])
+    }
+
+    @MainActor
+    @Test
+    func `claude history without identity falls back to last resolved account`() async {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 20, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: "alice@example.com",
+                accountOrganization: nil,
+                loginMethod: "max"))
+        store._setSnapshotForTesting(snapshot, provider: .claude)
+
+        await store.recordPlanUtilizationHistorySample(
+            provider: .claude,
+            snapshot: snapshot,
+            now: Date(timeIntervalSince1970: 1_700_000_000))
+
+        let identitylessSnapshot = UsageSnapshot(
+            primary: snapshot.primary,
+            secondary: snapshot.secondary,
+            updatedAt: snapshot.updatedAt)
+        store._setSnapshotForTesting(identitylessSnapshot, provider: .claude)
+
+        let history = store.planUtilizationHistory(for: .claude)
+        #expect(findSeries(history, name: .session, windowMinutes: 300)?.entries.last?.usedPercent == 10)
+        #expect(findSeries(history, name: .weekly, windowMinutes: 10080)?.entries.last?.usedPercent == 20)
+    }
+
+    @Test
+    func `same claude email separates team and personal plan history keys`() throws {
+        let team = UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: "person@example.com",
+                accountOrganization: "Team Org",
+                loginMethod: "Claude Team"))
+        let max = UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: "person@example.com",
+                accountOrganization: nil,
+                loginMethod: "Claude Max"))
+
+        let teamKey = try #require(UsageStore._planUtilizationAccountKeyForTesting(provider: .claude, snapshot: team))
+        let maxKey = try #require(UsageStore._planUtilizationAccountKeyForTesting(provider: .claude, snapshot: max))
+
+        #expect(teamKey != maxKey)
+    }
+
+    @Test
+    func `claude email only identity keeps legacy history key`() throws {
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: "person@example.com",
+                accountOrganization: nil,
+                loginMethod: nil))
+
+        let identityKey = try #require(
+            UsageStore._planUtilizationAccountKeyForTesting(provider: .claude, snapshot: snapshot))
+        let legacyKey = try #require(
+            UsageStore._legacyClaudePlanUtilizationEmailAccountKeyForTesting(snapshot: snapshot))
+
+        #expect(identityKey == legacyKey)
+    }
+
+    @Test
+    func `claude compact and branded plan labels share history key`() throws {
+        let compact = UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: "person@example.com",
+                accountOrganization: nil,
+                loginMethod: "Max"))
+        let branded = UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: "person@example.com",
+                accountOrganization: nil,
+                loginMethod: "Claude Max"))
+
+        let compactKey = try #require(
+            UsageStore._planUtilizationAccountKeyForTesting(provider: .claude, snapshot: compact))
+        let brandedKey = try #require(
+            UsageStore._planUtilizationAccountKeyForTesting(provider: .claude, snapshot: branded))
+
+        #expect(compactKey == brandedKey)
+    }
+
+    @MainActor
+    @Test
+    func `new claude email discriminator adopts legacy email history`() throws {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        let snapshot = UsageSnapshot(
+            primary: nil,
+            secondary: nil,
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: "person@example.com",
+                accountOrganization: "Team Org",
+                loginMethod: "Claude Team"))
+        let legacyKey = try #require(
+            UsageStore._legacyClaudePlanUtilizationEmailAccountKeyForTesting(snapshot: snapshot))
+        let accountKey = try #require(
+            UsageStore._planUtilizationAccountKeyForTesting(provider: .claude, snapshot: snapshot))
+        let legacyWeekly = planSeries(name: .weekly, windowMinutes: 10080, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 42),
+        ])
+        store.planUtilizationHistory[.claude] = PlanUtilizationHistoryBuckets(
+            preferredAccountKey: legacyKey,
+            accounts: [
+                legacyKey: [legacyWeekly],
+            ])
+        store._setSnapshotForTesting(snapshot, provider: .claude)
+
+        let history = store.planUtilizationHistory(for: .claude)
+        let buckets = try #require(store.planUtilizationHistory[.claude])
+
+        #expect(history == [legacyWeekly])
+        #expect(buckets.accounts[legacyKey] == nil)
+        #expect(buckets.accounts[accountKey] == [legacyWeekly])
+        #expect(buckets.preferredAccountKey == accountKey)
+    }
+}
diff --git a/Tests/CodexBarTests/UsageStorePlanUtilizationCodexOwnershipTests.swift b/Tests/CodexBarTests/UsageStorePlanUtilizationCodexOwnershipTests.swift
new file mode 100644
index 000000000..cdd97b835
--- /dev/null
+++ b/Tests/CodexBarTests/UsageStorePlanUtilizationCodexOwnershipTests.swift
@@ -0,0 +1,582 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct UsageStorePlanUtilizationCodexOwnershipTests {
+    @MainActor
+    @Test
+    func `codex plan history aliases pre-upgrade codex email hash bucket into canonical email hash`() throws {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        let snapshot = UsageStorePlanUtilizationTests.makeSnapshot(provider: .codex, email: "alice@example.com")
+        let canonicalKey = try #require(
+            UsageStore._planUtilizationAccountKeyForTesting(
+                provider: .codex,
+                snapshot: snapshot))
+        let legacyEmailHash = UsageStore._codexLegacyPlanUtilizationEmailHashKeyForTesting(
+            normalizedEmail: "alice@example.com")
+        let weekly = planSeries(name: .weekly, windowMinutes: 10080, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 20),
+        ])
+
+        store.planUtilizationHistory[.codex] = PlanUtilizationHistoryBuckets(accounts: [
+            legacyEmailHash: [weekly],
+        ])
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+
+        let history = store.planUtilizationHistory(for: .codex)
+        let buckets = try #require(store.planUtilizationHistory[.codex])
+
+        #expect(buckets.preferredAccountKey == canonicalKey)
+        #expect(history == [weekly])
+        #expect(buckets.accounts[canonicalKey] == [weekly])
+        #expect(buckets.accounts[legacyEmailHash] == nil)
+    }
+
+    @MainActor
+    @Test
+    func `codex strict continuity adopts unscoped only when there is one owner`() throws {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        let snapshot = UsageStorePlanUtilizationTests.makeSnapshot(provider: .codex, email: "alice@example.com")
+        let canonicalKey = try #require(
+            UsageStore._planUtilizationAccountKeyForTesting(
+                provider: .codex,
+                snapshot: snapshot))
+        let legacyEmailHash = UsageStore._codexLegacyPlanUtilizationEmailHashKeyForTesting(
+            normalizedEmail: "alice@example.com")
+        let bootstrap = planSeries(name: .session, windowMinutes: 300, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_699_913_600), usedPercent: 15),
+        ])
+        let weekly = planSeries(name: .weekly, windowMinutes: 10080, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 20),
+        ])
+
+        store.planUtilizationHistory[.codex] = PlanUtilizationHistoryBuckets(
+            unscoped: [bootstrap],
+            accounts: [
+                legacyEmailHash: [weekly],
+            ])
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+
+        let history = store.planUtilizationHistory(for: .codex)
+        let buckets = try #require(store.planUtilizationHistory[.codex])
+
+        #expect(buckets.preferredAccountKey == canonicalKey)
+        #expect(history == [bootstrap, weekly])
+        #expect(buckets.unscoped.isEmpty)
+        #expect(buckets.accounts[canonicalKey] == [bootstrap, weekly])
+        #expect(buckets.accounts[legacyEmailHash] == nil)
+    }
+
+    @MainActor
+    @Test
+    func `codex strict continuity ignores later unrelated owners outside the unscoped period`() throws {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        let snapshot = UsageStorePlanUtilizationTests.makeSnapshot(provider: .codex, email: "alice@example.com")
+        let canonicalKey = try #require(
+            UsageStore._planUtilizationAccountKeyForTesting(
+                provider: .codex,
+                snapshot: snapshot))
+        let legacyEmailHash = UsageStore._codexLegacyPlanUtilizationEmailHashKeyForTesting(
+            normalizedEmail: "alice@example.com")
+        let laterOtherKey = "codex:v1:provider-account:acct-later"
+        let bootstrap = planSeries(name: .session, windowMinutes: 300, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_699_913_600), usedPercent: 15),
+        ])
+        let weekly = planSeries(name: .weekly, windowMinutes: 10080, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 20),
+        ])
+        let laterWeekly = planSeries(name: .weekly, windowMinutes: 10080, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_701_900_000), usedPercent: 35),
+        ])
+
+        store.planUtilizationHistory[.codex] = PlanUtilizationHistoryBuckets(
+            unscoped: [bootstrap],
+            accounts: [
+                legacyEmailHash: [weekly],
+                laterOtherKey: [laterWeekly],
+            ])
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+
+        let history = store.planUtilizationHistory(for: .codex)
+        let buckets = try #require(store.planUtilizationHistory[.codex])
+
+        #expect(buckets.preferredAccountKey == canonicalKey)
+        #expect(history == [bootstrap, weekly])
+        #expect(buckets.unscoped.isEmpty)
+        #expect(buckets.accounts[canonicalKey] == [bootstrap, weekly])
+        #expect(buckets.accounts[laterOtherKey] == [laterWeekly])
+    }
+
+    @MainActor
+    @Test
+    func `codex real fixture carries local opaque weekly continuity into provider account`() throws {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        let formatter = ISO8601DateFormatter()
+        let providerAccountKey = try #require(CodexHistoryOwnership.canonicalKey(for: .providerAccount(
+            id: "0c2a5eef-a612-45bb-9796-9aa83ce1bed7")))
+        let legacyEmailHash = UsageStore._codexLegacyPlanUtilizationEmailHashKeyForTesting(
+            normalizedEmail: "ratulsarna@gmail.com")
+        let canonicalEmailHashKey = CodexHistoryOwnership.canonicalEmailHashKey(for: "ratulsarna@gmail.com")
+        let opaqueKey = "3e31a7fdc57ea26c62fd7061d25dcab74a91b0da2d8f514b07e99aad800ee897"
+        let weeklyResetAt = try #require(ISO8601DateFormatter().date(from: "2026-04-08T07:57:12Z"))
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: 12,
+                windowMinutes: 10080,
+                resetsAt: weeklyResetAt,
+                resetDescription: nil),
+            updatedAt: weeklyResetAt,
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: "ratulsarna@gmail.com",
+                accountOrganization: nil,
+                loginMethod: "plus"))
+
+        store.planUtilizationHistory[.codex] = try UsageStorePlanUtilizationTests.loadPlanUtilizationFixture(
+            named: "codex-plan-utilization-real-migration.json")
+        store.settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "ratulsarna@gmail.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: weeklyResetAt,
+            identity: .providerAccount(id: "0c2a5eef-a612-45bb-9796-9aa83ce1bed7"))
+        defer { store.settings._test_liveSystemCodexAccount = nil }
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+
+        let history = store.planUtilizationHistory(for: .codex)
+        let buckets = try #require(store.planUtilizationHistory[.codex])
+        let weekly = try #require(findSeries(history, name: .weekly, windowMinutes: 10080))
+        let session = try #require(findSeries(history, name: .session, windowMinutes: 300))
+        let expectedOldestWeekly = try #require(formatter.date(from: "2026-03-23T09:55:44Z"))
+        let expectedNewestWeekly = try #require(formatter.date(from: "2026-04-01T20:33:41Z"))
+
+        #expect(buckets.preferredAccountKey == providerAccountKey)
+        #expect(weekly.entries.first?.capturedAt == expectedOldestWeekly)
+        #expect(weekly.entries.last?.capturedAt == expectedNewestWeekly)
+        #expect(session.entries.first?.capturedAt == expectedOldestWeekly)
+        #expect(buckets.accounts[providerAccountKey] == history)
+        #expect(buckets.accounts[opaqueKey] == nil)
+        #expect(buckets.accounts[legacyEmailHash] == nil)
+        #expect(buckets.accounts[canonicalEmailHashKey] == nil)
+    }
+
+    @MainActor
+    @Test
+    func `codex real fixture keeps opaque history separate when multiple opaque candidates could match`() throws {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        let formatter = ISO8601DateFormatter()
+        let providerAccountKey = try #require(CodexHistoryOwnership.canonicalKey(for: .providerAccount(
+            id: "0c2a5eef-a612-45bb-9796-9aa83ce1bed7")))
+        let originalOpaqueKey = "3e31a7fdc57ea26c62fd7061d25dcab74a91b0da2d8f514b07e99aad800ee897"
+        let duplicateOpaqueKey = "legacy-codex-opaque-duplicate"
+        let weeklyResetAt = try #require(ISO8601DateFormatter().date(from: "2026-04-08T07:57:12Z"))
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: 12,
+                windowMinutes: 10080,
+                resetsAt: weeklyResetAt,
+                resetDescription: nil),
+            updatedAt: weeklyResetAt,
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: "ratulsarna@gmail.com",
+                accountOrganization: nil,
+                loginMethod: "plus"))
+
+        var fixture = try UsageStorePlanUtilizationTests.loadPlanUtilizationFixture(
+            named: "codex-plan-utilization-real-migration.json")
+        fixture.accounts[duplicateOpaqueKey] = fixture.accounts[originalOpaqueKey]
+        store.planUtilizationHistory[.codex] = fixture
+        store.settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "ratulsarna@gmail.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: weeklyResetAt,
+            identity: .providerAccount(id: "0c2a5eef-a612-45bb-9796-9aa83ce1bed7"))
+        defer { store.settings._test_liveSystemCodexAccount = nil }
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+
+        let history = store.planUtilizationHistory(for: .codex)
+        let buckets = try #require(store.planUtilizationHistory[.codex])
+        let weekly = try #require(findSeries(history, name: .weekly, windowMinutes: 10080))
+        let expectedNonOpaqueStart = try #require(formatter.date(from: "2026-03-28T06:50:16Z"))
+
+        #expect(buckets.preferredAccountKey == providerAccountKey)
+        #expect(weekly.entries.first?.capturedAt == expectedNonOpaqueStart)
+        #expect(buckets.accounts[originalOpaqueKey] != nil)
+        #expect(buckets.accounts[duplicateOpaqueKey] != nil)
+    }
+
+    @MainActor
+    @Test
+    func `codex real fixture keeps opaque history separate when overlapping non target owner exists`() throws {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        let formatter = ISO8601DateFormatter()
+        let providerAccountKey = try #require(CodexHistoryOwnership.canonicalKey(for: .providerAccount(
+            id: "0c2a5eef-a612-45bb-9796-9aa83ce1bed7")))
+        let opaqueKey = "3e31a7fdc57ea26c62fd7061d25dcab74a91b0da2d8f514b07e99aad800ee897"
+        let overlappingOtherKey = "codex:v1:provider-account:acct-other"
+        let weeklyResetAt = try #require(formatter.date(from: "2026-04-08T07:57:12Z"))
+        let expectedNonOpaqueStart = try #require(formatter.date(from: "2026-03-28T06:50:16Z"))
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: 12,
+                windowMinutes: 10080,
+                resetsAt: weeklyResetAt,
+                resetDescription: nil),
+            updatedAt: weeklyResetAt,
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: "ratulsarna@gmail.com",
+                accountOrganization: nil,
+                loginMethod: "plus"))
+
+        let overlappingCapturedAt = try #require(formatter.date(from: "2026-03-30T12:00:00Z"))
+        var fixture = try UsageStorePlanUtilizationTests.loadPlanUtilizationFixture(
+            named: "codex-plan-utilization-real-migration.json")
+        fixture.accounts[overlappingOtherKey] = [
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(
+                    at: overlappingCapturedAt,
+                    usedPercent: 35,
+                    resetsAt: weeklyResetAt),
+            ]),
+        ]
+        store.planUtilizationHistory[.codex] = fixture
+        store.settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "ratulsarna@gmail.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: weeklyResetAt,
+            identity: .providerAccount(id: "0c2a5eef-a612-45bb-9796-9aa83ce1bed7"))
+        defer { store.settings._test_liveSystemCodexAccount = nil }
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+
+        let history = store.planUtilizationHistory(for: .codex)
+        let buckets = try #require(store.planUtilizationHistory[.codex])
+        let weekly = try #require(findSeries(history, name: .weekly, windowMinutes: 10080))
+
+        #expect(buckets.preferredAccountKey == providerAccountKey)
+        #expect(weekly.entries.first?.capturedAt == expectedNonOpaqueStart)
+        #expect(buckets.accounts[opaqueKey] != nil)
+        #expect(buckets.accounts[overlappingOtherKey] != nil)
+    }
+
+    @MainActor
+    @Test
+    func `codex opaque recovery uses normalized dashboard weekly reset when snapshot has only session window`() throws {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        let formatter = ISO8601DateFormatter()
+        let providerAccountKey = try #require(CodexHistoryOwnership.canonicalKey(for: .providerAccount(
+            id: "0c2a5eef-a612-45bb-9796-9aa83ce1bed7")))
+        let opaqueKey = "3e31a7fdc57ea26c62fd7061d25dcab74a91b0da2d8f514b07e99aad800ee897"
+        let weeklyResetAt = try #require(formatter.date(from: "2026-04-08T07:57:12Z"))
+        let expectedOpaqueStart = try #require(formatter.date(from: "2026-03-23T09:55:44Z"))
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: weeklyResetAt,
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: "ratulsarna@gmail.com",
+                accountOrganization: nil,
+                loginMethod: "plus"))
+
+        store.planUtilizationHistory[.codex] = try UsageStorePlanUtilizationTests.loadPlanUtilizationFixture(
+            named: "codex-plan-utilization-real-migration.json")
+        store.openAIDashboard = OpenAIDashboardSnapshot(
+            signedInEmail: "ratulsarna@gmail.com",
+            codeReviewRemainingPercent: nil,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            primaryLimit: RateWindow(
+                usedPercent: 12,
+                windowMinutes: 10080,
+                resetsAt: weeklyResetAt,
+                resetDescription: nil),
+            secondaryLimit: nil,
+            creditsRemaining: nil,
+            accountPlan: "plus",
+            updatedAt: weeklyResetAt)
+        store.openAIDashboardAttachmentAuthorized = true
+        store.settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "ratulsarna@gmail.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: weeklyResetAt,
+            identity: .providerAccount(id: "0c2a5eef-a612-45bb-9796-9aa83ce1bed7"))
+        defer { store.settings._test_liveSystemCodexAccount = nil }
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+
+        let history = store.planUtilizationHistory(for: .codex)
+        let buckets = try #require(store.planUtilizationHistory[.codex])
+        let weekly = try #require(findSeries(history, name: .weekly, windowMinutes: 10080))
+
+        #expect(buckets.preferredAccountKey == providerAccountKey)
+        #expect(weekly.entries.first?.capturedAt == expectedOpaqueStart)
+        #expect(buckets.accounts[opaqueKey] == nil)
+    }
+
+    @MainActor
+    @Test
+    func `codex display only dashboard does not drive opaque recovery when snapshot has only session window`() throws {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        let formatter = ISO8601DateFormatter()
+        let providerAccountKey = try #require(CodexHistoryOwnership.canonicalKey(for: .providerAccount(
+            id: "0c2a5eef-a612-45bb-9796-9aa83ce1bed7")))
+        let opaqueKey = "3e31a7fdc57ea26c62fd7061d25dcab74a91b0da2d8f514b07e99aad800ee897"
+        let weeklyResetAt = try #require(formatter.date(from: "2026-04-08T07:57:12Z"))
+        let expectedNonOpaqueStart = try #require(formatter.date(from: "2026-03-28T06:50:16Z"))
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: weeklyResetAt,
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: "ratulsarna@gmail.com",
+                accountOrganization: nil,
+                loginMethod: "plus"))
+
+        store.planUtilizationHistory[.codex] = try UsageStorePlanUtilizationTests.loadPlanUtilizationFixture(
+            named: "codex-plan-utilization-real-migration.json")
+        store.openAIDashboard = OpenAIDashboardSnapshot(
+            signedInEmail: "ratulsarna@gmail.com",
+            codeReviewRemainingPercent: nil,
+            creditEvents: [],
+            dailyBreakdown: [],
+            usageBreakdown: [],
+            creditsPurchaseURL: nil,
+            primaryLimit: RateWindow(
+                usedPercent: 12,
+                windowMinutes: 10080,
+                resetsAt: weeklyResetAt,
+                resetDescription: nil),
+            secondaryLimit: nil,
+            creditsRemaining: nil,
+            accountPlan: "plus",
+            updatedAt: weeklyResetAt)
+        store.openAIDashboardAttachmentAuthorized = false
+        store.settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "ratulsarna@gmail.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: weeklyResetAt,
+            identity: .providerAccount(id: "0c2a5eef-a612-45bb-9796-9aa83ce1bed7"))
+        defer { store.settings._test_liveSystemCodexAccount = nil }
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+
+        let history = store.planUtilizationHistory(for: .codex)
+        let buckets = try #require(store.planUtilizationHistory[.codex])
+        let weekly = try #require(findSeries(history, name: .weekly, windowMinutes: 10080))
+
+        #expect(buckets.preferredAccountKey == providerAccountKey)
+        #expect(weekly.entries.first?.capturedAt == expectedNonOpaqueStart)
+        #expect(buckets.accounts[opaqueKey] != nil)
+    }
+
+    @MainActor
+    @Test
+    func `codex adjacent managed and live accounts veto unscoped adoption`() throws {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let snapshot = UsageStorePlanUtilizationTests.makeSnapshot(provider: .codex, email: managedAccount.email)
+        let canonicalKey = try #require(
+            UsageStore._planUtilizationAccountKeyForTesting(
+                provider: .codex,
+                snapshot: snapshot))
+        let legacyEmailHash = UsageStore._codexLegacyPlanUtilizationEmailHashKeyForTesting(
+            normalizedEmail: managedAccount.email)
+        let bootstrap = planSeries(name: .session, windowMinutes: 300, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_699_913_600), usedPercent: 15),
+        ])
+        let weekly = planSeries(name: .weekly, windowMinutes: 10080, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 20),
+        ])
+
+        store.planUtilizationHistory[.codex] = PlanUtilizationHistoryBuckets(
+            unscoped: [bootstrap],
+            accounts: [
+                legacyEmailHash: [weekly],
+            ])
+        store.settings._test_activeManagedCodexAccount = managedAccount
+        store.settings.codexActiveSource = .managedAccount(id: managedAccount.id)
+        store.settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "live@example.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date(),
+            identity: .providerAccount(id: "live-acct"))
+        defer {
+            store.settings._test_activeManagedCodexAccount = nil
+            store.settings._test_liveSystemCodexAccount = nil
+            store.settings.codexActiveSource = .liveSystem
+        }
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+
+        let history = store.planUtilizationHistory(for: .codex)
+        let buckets = try #require(store.planUtilizationHistory[.codex])
+
+        #expect(history == [weekly])
+        #expect(buckets.unscoped == [bootstrap])
+        #expect(buckets.accounts[canonicalKey] == [weekly])
+    }
+
+    @MainActor
+    @Test
+    func `codex extra saved managed accounts do not veto active account adoption`() throws {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        let activeManagedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let inactiveManagedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "other@example.com",
+            managedHomePath: "/tmp/other-codex-home",
+            createdAt: 2,
+            updatedAt: 2,
+            lastAuthenticatedAt: 2)
+        let managedStoreURL = try #require(store.settings._test_managedCodexAccountStoreURL)
+        let managedStore = FileManagedCodexAccountStore(fileURL: managedStoreURL)
+        try managedStore.storeAccounts(ManagedCodexAccountSet(
+            version: FileManagedCodexAccountStore.currentVersion,
+            accounts: [activeManagedAccount, inactiveManagedAccount]))
+        let snapshot = UsageStorePlanUtilizationTests.makeSnapshot(provider: .codex, email: activeManagedAccount.email)
+        let canonicalKey = try #require(
+            UsageStore._planUtilizationAccountKeyForTesting(
+                provider: .codex,
+                snapshot: snapshot))
+        let legacyEmailHash = UsageStore._codexLegacyPlanUtilizationEmailHashKeyForTesting(
+            normalizedEmail: activeManagedAccount.email)
+        let bootstrap = planSeries(name: .session, windowMinutes: 300, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_699_913_600), usedPercent: 15),
+        ])
+        let weekly = planSeries(name: .weekly, windowMinutes: 10080, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 20),
+        ])
+
+        store.planUtilizationHistory[.codex] = PlanUtilizationHistoryBuckets(
+            unscoped: [bootstrap],
+            accounts: [
+                legacyEmailHash: [weekly],
+            ])
+        store.settings._test_activeManagedCodexAccount = activeManagedAccount
+        store.settings.codexActiveSource = .managedAccount(id: activeManagedAccount.id)
+        defer {
+            store.settings._test_activeManagedCodexAccount = nil
+            store.settings.codexActiveSource = .liveSystem
+        }
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+
+        let history = store.planUtilizationHistory(for: .codex)
+        let buckets = try #require(store.planUtilizationHistory[.codex])
+
+        #expect(history == [bootstrap, weekly])
+        #expect(buckets.unscoped.isEmpty)
+        #expect(buckets.accounts[canonicalKey] == [bootstrap, weekly])
+    }
+
+    @MainActor
+    @Test
+    func `codex inactive managed accounts do not veto live opaque recovery`() throws {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        let formatter = ISO8601DateFormatter()
+        let providerAccountKey = try #require(CodexHistoryOwnership.canonicalKey(for: .providerAccount(
+            id: "0c2a5eef-a612-45bb-9796-9aa83ce1bed7")))
+        let managedAccount = ManagedCodexAccount(
+            id: UUID(),
+            email: "managed@example.com",
+            managedHomePath: "/tmp/managed-codex-home",
+            createdAt: 1,
+            updatedAt: 1,
+            lastAuthenticatedAt: 1)
+        let opaqueKey = "3e31a7fdc57ea26c62fd7061d25dcab74a91b0da2d8f514b07e99aad800ee897"
+        let weeklyResetAt = try #require(formatter.date(from: "2026-04-08T07:57:12Z"))
+        let expectedOpaqueStart = try #require(formatter.date(from: "2026-03-23T09:55:44Z"))
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: 12,
+                windowMinutes: 10080,
+                resetsAt: weeklyResetAt,
+                resetDescription: nil),
+            updatedAt: weeklyResetAt,
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: "ratulsarna@gmail.com",
+                accountOrganization: nil,
+                loginMethod: "plus"))
+
+        store.planUtilizationHistory[.codex] = try UsageStorePlanUtilizationTests.loadPlanUtilizationFixture(
+            named: "codex-plan-utilization-real-migration.json")
+        store.settings._test_activeManagedCodexAccount = managedAccount
+        store.settings.codexActiveSource = .liveSystem
+        store.settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: "ratulsarna@gmail.com",
+            codexHomePath: "/Users/test/.codex",
+            observedAt: weeklyResetAt,
+            identity: .providerAccount(id: "0c2a5eef-a612-45bb-9796-9aa83ce1bed7"))
+        defer {
+            store.settings._test_activeManagedCodexAccount = nil
+            store.settings._test_liveSystemCodexAccount = nil
+        }
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+
+        let history = store.planUtilizationHistory(for: .codex)
+        let buckets = try #require(store.planUtilizationHistory[.codex])
+        let weekly = try #require(findSeries(history, name: .weekly, windowMinutes: 10080))
+
+        #expect(buckets.preferredAccountKey == providerAccountKey)
+        #expect(weekly.entries.first?.capturedAt == expectedOpaqueStart)
+        #expect(buckets.accounts[opaqueKey] == nil)
+    }
+
+    @MainActor
+    @Test
+    func `codex provider account continuity absorbs matching email scoped history`() throws {
+        let store = UsageStorePlanUtilizationTests.makeStore()
+        let normalizedEmail = "alice@example.com"
+        let snapshot = UsageStorePlanUtilizationTests.makeSnapshot(provider: .codex, email: normalizedEmail)
+        let providerAccountKey = try #require(
+            CodexHistoryOwnership.canonicalKey(for: .providerAccount(id: "live-acct")))
+        let canonicalEmailHashKey = CodexHistoryOwnership.canonicalEmailHashKey(for: normalizedEmail)
+        let legacyEmailHash = UsageStore._codexLegacyPlanUtilizationEmailHashKeyForTesting(
+            normalizedEmail: normalizedEmail)
+        let session = planSeries(name: .session, windowMinutes: 300, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_699_913_600), usedPercent: 15),
+        ])
+        let weekly = planSeries(name: .weekly, windowMinutes: 10080, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 20),
+        ])
+
+        store.planUtilizationHistory[.codex] = PlanUtilizationHistoryBuckets(accounts: [
+            canonicalEmailHashKey: [session],
+            legacyEmailHash: [weekly],
+        ])
+        store.settings._test_liveSystemCodexAccount = ObservedSystemCodexAccount(
+            email: normalizedEmail,
+            codexHomePath: "/Users/test/.codex",
+            observedAt: Date(),
+            identity: .providerAccount(id: "live-acct"))
+        defer { store.settings._test_liveSystemCodexAccount = nil }
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+
+        let history = store.planUtilizationHistory(for: .codex)
+        let buckets = try #require(store.planUtilizationHistory[.codex])
+
+        #expect(buckets.preferredAccountKey == providerAccountKey)
+        #expect(history == [session, weekly])
+        #expect(buckets.accounts[providerAccountKey] == [session, weekly])
+        #expect(buckets.accounts[canonicalEmailHashKey] == nil)
+        #expect(buckets.accounts[legacyEmailHash] == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/UsageStorePlanUtilizationDerivedChartTests.swift b/Tests/CodexBarTests/UsageStorePlanUtilizationDerivedChartTests.swift
new file mode 100644
index 000000000..96327c78a
--- /dev/null
+++ b/Tests/CodexBarTests/UsageStorePlanUtilizationDerivedChartTests.swift
@@ -0,0 +1,55 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct UsageStorePlanUtilizationDerivedChartTests {
+    @MainActor
+    @Test
+    func `chart uses requested native series without cross series selection`() {
+        let firstBoundary = Date(timeIntervalSince1970: 1_710_000_000)
+        let secondBoundary = firstBoundary.addingTimeInterval(7 * 24 * 60 * 60)
+        let histories = [
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: firstBoundary.addingTimeInterval(-30 * 60), usedPercent: 20, resetsAt: firstBoundary),
+            ]),
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: firstBoundary.addingTimeInterval(-30 * 60), usedPercent: 62, resetsAt: firstBoundary),
+                planEntry(at: secondBoundary.addingTimeInterval(-30 * 60), usedPercent: 48, resetsAt: secondBoundary),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            selectedSeriesRawValue: "weekly:10080",
+            histories: histories,
+            provider: .codex,
+            referenceDate: secondBoundary)
+
+        #expect(model.selectedSeries == "weekly:10080")
+        #expect(model.usedPercents == [62, 48])
+    }
+
+    @MainActor
+    @Test
+    func `chart exposes claude opus as separate native tab`() {
+        let boundary = Date(timeIntervalSince1970: 1_710_000_000)
+        let histories = [
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: boundary.addingTimeInterval(-30 * 60), usedPercent: 10, resetsAt: boundary),
+            ]),
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: boundary.addingTimeInterval(-30 * 60), usedPercent: 20, resetsAt: boundary),
+            ]),
+            planSeries(name: .opus, windowMinutes: 10080, entries: [
+                planEntry(at: boundary.addingTimeInterval(-30 * 60), usedPercent: 30, resetsAt: boundary),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            histories: histories,
+            provider: .claude,
+            referenceDate: boundary)
+
+        #expect(model.visibleSeries == ["session:300", "weekly:10080", "opus:10080"])
+    }
+}
diff --git a/Tests/CodexBarTests/UsageStorePlanUtilizationExactFitResetTests.swift b/Tests/CodexBarTests/UsageStorePlanUtilizationExactFitResetTests.swift
new file mode 100644
index 000000000..ac6d69f3f
--- /dev/null
+++ b/Tests/CodexBarTests/UsageStorePlanUtilizationExactFitResetTests.swift
@@ -0,0 +1,227 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct UsageStorePlanUtilizationExactFitResetTests {
+    @MainActor
+    @Test
+    func `weekly chart uses reset date as bar date`() {
+        let firstBoundary = Date(timeIntervalSince1970: 1_710_000_000)
+        let secondBoundary = firstBoundary.addingTimeInterval(7 * 24 * 60 * 60)
+        let thirdBoundary = secondBoundary.addingTimeInterval(7 * 24 * 60 * 60)
+        let histories = [
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: firstBoundary.addingTimeInterval(-30 * 60), usedPercent: 62, resetsAt: firstBoundary),
+                planEntry(at: secondBoundary.addingTimeInterval(-30 * 60), usedPercent: 48, resetsAt: secondBoundary),
+                planEntry(at: thirdBoundary.addingTimeInterval(-30 * 60), usedPercent: 20, resetsAt: thirdBoundary),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            selectedSeriesRawValue: "weekly:10080",
+            histories: histories,
+            provider: .codex,
+            referenceDate: thirdBoundary)
+
+        #expect(model.usedPercents == [62, 48, 20])
+        #expect(model.pointDates == [
+            formattedBoundary(firstBoundary),
+            formattedBoundary(secondBoundary),
+            formattedBoundary(thirdBoundary),
+        ])
+    }
+
+    @MainActor
+    @Test
+    func `chart keeps maximum usage for each effective period`() {
+        let firstBoundary = Date(timeIntervalSince1970: 1_710_000_000)
+        let secondBoundary = firstBoundary.addingTimeInterval(5 * 60 * 60)
+        let histories = [
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: firstBoundary.addingTimeInterval(-50 * 60), usedPercent: 22, resetsAt: firstBoundary),
+                planEntry(
+                    at: firstBoundary.addingTimeInterval(-20 * 60),
+                    usedPercent: 61,
+                    resetsAt: firstBoundary.addingTimeInterval(75)),
+                planEntry(at: secondBoundary.addingTimeInterval(-30 * 60), usedPercent: 18, resetsAt: secondBoundary),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            selectedSeriesRawValue: "session:300",
+            histories: histories,
+            provider: .codex,
+            referenceDate: secondBoundary)
+
+        #expect(model.usedPercents == [61, 18])
+        #expect(model.pointDates == [
+            formattedBoundary(firstBoundary.addingTimeInterval(75)),
+            formattedBoundary(secondBoundary),
+        ])
+    }
+
+    @MainActor
+    @Test
+    func `chart prefers reset backed entry when usage ties within period`() {
+        let boundary = Date(timeIntervalSince1970: 1_710_000_000)
+        let histories = [
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: boundary.addingTimeInterval(-55 * 60), usedPercent: 48),
+                planEntry(at: boundary.addingTimeInterval(-20 * 60), usedPercent: 48, resetsAt: boundary),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            selectedSeriesRawValue: "session:300",
+            histories: histories,
+            provider: .codex,
+            referenceDate: boundary)
+
+        #expect(model.usedPercents == [48])
+        #expect(model.pointDates == [formattedBoundary(boundary)])
+    }
+
+    @MainActor
+    @Test
+    func `chart adds synthetic current bar when current period has no observation`() {
+        let firstBoundary = Date(timeIntervalSince1970: 1_710_000_000)
+        let currentBoundary = firstBoundary.addingTimeInterval(10 * 60 * 60)
+        let referenceDate = currentBoundary.addingTimeInterval(-30 * 60)
+        let histories = [
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: firstBoundary.addingTimeInterval(-30 * 60), usedPercent: 62, resetsAt: firstBoundary),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            selectedSeriesRawValue: "session:300",
+            histories: histories,
+            provider: .codex,
+            referenceDate: referenceDate)
+
+        #expect(model.usedPercents == [62, 0, 0])
+        #expect(model.pointDates == [
+            formattedBoundary(firstBoundary),
+            formattedBoundary(firstBoundary.addingTimeInterval(5 * 60 * 60)),
+            formattedBoundary(currentBoundary),
+        ])
+    }
+
+    @MainActor
+    @Test
+    func `weekly chart shows zero bars for missing reset periods`() {
+        let firstBoundary = Date(timeIntervalSince1970: 1_710_000_000)
+        let secondBoundary = firstBoundary.addingTimeInterval(7 * 24 * 60 * 60)
+        let fourthBoundary = secondBoundary.addingTimeInterval(14 * 24 * 60 * 60)
+        let histories = [
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: firstBoundary.addingTimeInterval(-30 * 60), usedPercent: 62, resetsAt: firstBoundary),
+                planEntry(at: secondBoundary.addingTimeInterval(-30 * 60), usedPercent: 48, resetsAt: secondBoundary),
+                planEntry(at: fourthBoundary.addingTimeInterval(-30 * 60), usedPercent: 20, resetsAt: fourthBoundary),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            selectedSeriesRawValue: "weekly:10080",
+            histories: histories,
+            provider: .codex,
+            referenceDate: fourthBoundary)
+
+        #expect(model.usedPercents == [62, 48, 0, 20])
+    }
+
+    @MainActor
+    @Test
+    func `weekly chart starts axis labels from first bar`() {
+        let firstBoundary = Date(timeIntervalSince1970: 1_710_000_000)
+        let secondBoundary = firstBoundary.addingTimeInterval(7 * 24 * 60 * 60)
+        let thirdBoundary = secondBoundary.addingTimeInterval(7 * 24 * 60 * 60)
+        let fourthBoundary = thirdBoundary.addingTimeInterval(7 * 24 * 60 * 60)
+        let histories = [
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: firstBoundary.addingTimeInterval(-30 * 60), usedPercent: 62, resetsAt: firstBoundary),
+                planEntry(at: secondBoundary.addingTimeInterval(-30 * 60), usedPercent: 48, resetsAt: secondBoundary),
+                planEntry(at: thirdBoundary.addingTimeInterval(-30 * 60), usedPercent: 20, resetsAt: thirdBoundary),
+                planEntry(at: fourthBoundary.addingTimeInterval(-30 * 60), usedPercent: 15, resetsAt: fourthBoundary),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            selectedSeriesRawValue: "weekly:10080",
+            histories: histories,
+            provider: .codex,
+            referenceDate: fourthBoundary)
+
+        #expect(model.axisIndexes == [0])
+    }
+
+    @MainActor
+    @Test
+    func `weekly chart keeps observed current boundary when reset times drift slightly`() {
+        let firstBoundary = Date(timeIntervalSince1970: 1_710_000_055)
+        let secondBoundary = firstBoundary.addingTimeInterval(7 * 24 * 60 * 60 + 88)
+        let histories = [
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: firstBoundary.addingTimeInterval(-30 * 60), usedPercent: 62, resetsAt: firstBoundary),
+                planEntry(at: secondBoundary.addingTimeInterval(-30 * 60), usedPercent: 33, resetsAt: secondBoundary),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            selectedSeriesRawValue: "weekly:10080",
+            histories: histories,
+            provider: .codex,
+            referenceDate: secondBoundary.addingTimeInterval(-60))
+
+        #expect(model.usedPercents == [62, 33])
+    }
+
+    @MainActor
+    @Test
+    func `weekly chart prefers reset backed history over legacy synthetic points`() {
+        let legacyCapturedAt = Date(timeIntervalSince1970: 1_742_100_000)
+        let firstBoundary = Date(timeIntervalSince1970: 1_742_356_855) // 2026-03-18T17:00:55Z
+        let secondBoundary = Date(timeIntervalSince1970: 1_742_961_343) // 2026-03-25T17:02:23Z
+        let histories = [
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: legacyCapturedAt, usedPercent: 57),
+                planEntry(at: firstBoundary.addingTimeInterval(-60 * 60), usedPercent: 73, resetsAt: firstBoundary),
+                planEntry(at: secondBoundary.addingTimeInterval(-60 * 60), usedPercent: 35, resetsAt: secondBoundary),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            selectedSeriesRawValue: "weekly:10080",
+            histories: histories,
+            provider: .codex,
+            referenceDate: secondBoundary.addingTimeInterval(-60))
+
+        #expect(model.usedPercents == [73, 35])
+    }
+
+    @MainActor
+    @Test
+    func `chart keeps legacy history before first reset backed boundary`() {
+        let firstLegacyCapturedAt = Date(timeIntervalSince1970: 1_739_692_800) // 2026-02-23T07:00:00Z
+        let secondLegacyCapturedAt = firstLegacyCapturedAt.addingTimeInterval(7 * 24 * 60 * 60)
+        let firstBoundary = secondLegacyCapturedAt.addingTimeInterval(7 * 24 * 60 * 60 + 55)
+        let secondBoundary = firstBoundary.addingTimeInterval(7 * 24 * 60 * 60)
+        let histories = [
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: firstLegacyCapturedAt, usedPercent: 20),
+                planEntry(at: secondLegacyCapturedAt, usedPercent: 40),
+                planEntry(at: firstBoundary.addingTimeInterval(-60 * 60), usedPercent: 73, resetsAt: firstBoundary),
+                planEntry(at: secondBoundary.addingTimeInterval(-60 * 60), usedPercent: 35, resetsAt: secondBoundary),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            selectedSeriesRawValue: "weekly:10080",
+            histories: histories,
+            provider: .claude,
+            referenceDate: secondBoundary.addingTimeInterval(-60))
+
+        #expect(model.usedPercents == [20, 40, 73, 35])
+    }
+}
diff --git a/Tests/CodexBarTests/UsageStorePlanUtilizationResetCoalescingTests.swift b/Tests/CodexBarTests/UsageStorePlanUtilizationResetCoalescingTests.swift
new file mode 100644
index 000000000..076f20b5f
--- /dev/null
+++ b/Tests/CodexBarTests/UsageStorePlanUtilizationResetCoalescingTests.swift
@@ -0,0 +1,279 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct UsageStorePlanUtilizationResetCoalescingTests {
+    @Test
+    func `near canonical codex windows merge into canonical history series`() throws {
+        let base = Date(timeIntervalSince1970: 1_700_000_000)
+        let existing = [
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: base, usedPercent: 20),
+            ]),
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: base, usedPercent: 40),
+            ]),
+        ]
+        let incoming = [
+            planSeries(name: .session, windowMinutes: 299, entries: [
+                planEntry(at: base.addingTimeInterval(3600), usedPercent: 30),
+            ]),
+            planSeries(name: .weekly, windowMinutes: 10079, entries: [
+                planEntry(at: base.addingTimeInterval(3600), usedPercent: 50),
+            ]),
+        ]
+
+        let updated = try #require(
+            UsageStore._updatedPlanUtilizationHistoriesForTesting(
+                existingHistories: existing,
+                samples: incoming))
+
+        #expect(updated.map { "\($0.name.rawValue):\($0.windowMinutes)" } == ["session:300", "weekly:10080"])
+        #expect(findSeries(updated, name: .session, windowMinutes: 300)?.entries.map(\.usedPercent) == [20, 30])
+        #expect(findSeries(updated, name: .weekly, windowMinutes: 10080)?.entries.map(\.usedPercent) == [40, 50])
+    }
+
+    @Test
+    func `same hour entry backfills missing reset metadata`() throws {
+        let calendar = Calendar(identifier: .gregorian)
+        let hourStart = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone(secondsFromGMT: 0),
+            year: 2026,
+            month: 3,
+            day: 17,
+            hour: 9)))
+        let existing = planEntry(
+            at: hourStart.addingTimeInterval(10 * 60),
+            usedPercent: 20)
+        let incoming = planEntry(
+            at: hourStart.addingTimeInterval(45 * 60),
+            usedPercent: 30,
+            resetsAt: hourStart.addingTimeInterval(30 * 60))
+
+        let updated = try #require(
+            UsageStore._updatedPlanUtilizationEntriesForTesting(
+                existingEntries: [existing],
+                entry: incoming))
+
+        #expect(updated.count == 1)
+        #expect(updated[0].capturedAt == incoming.capturedAt)
+        #expect(updated[0].usedPercent == 30)
+        #expect(updated[0].resetsAt == incoming.resetsAt)
+    }
+
+    @Test
+    func `same hour later higher usage without reset metadata keeps promoted reset boundary`() throws {
+        let calendar = Calendar(identifier: .gregorian)
+        let hourStart = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone(secondsFromGMT: 0),
+            year: 2026,
+            month: 3,
+            day: 17,
+            hour: 9)))
+        let first = planEntry(
+            at: hourStart.addingTimeInterval(10 * 60),
+            usedPercent: 40)
+        let second = planEntry(
+            at: hourStart.addingTimeInterval(25 * 60),
+            usedPercent: 8,
+            resetsAt: hourStart.addingTimeInterval(30 * 60))
+        let third = planEntry(
+            at: hourStart.addingTimeInterval(50 * 60),
+            usedPercent: 22)
+
+        let initial = try #require(
+            UsageStore._updatedPlanUtilizationEntriesForTesting(
+                existingEntries: [],
+                entry: first))
+        let promoted = try #require(
+            UsageStore._updatedPlanUtilizationEntriesForTesting(
+                existingEntries: initial,
+                entry: second))
+        let updated = try #require(
+            UsageStore._updatedPlanUtilizationEntriesForTesting(
+                existingEntries: promoted,
+                entry: third))
+
+        #expect(updated.count == 1)
+        #expect(updated[0].capturedAt == third.capturedAt)
+        #expect(updated[0].usedPercent == third.usedPercent)
+        #expect(updated[0].resetsAt == second.resetsAt)
+    }
+
+    @Test
+    func `same hour zero usage with drifting reset coalesces to latest entry`() throws {
+        let calendar = Calendar(identifier: .gregorian)
+        let hourStart = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone(secondsFromGMT: 0),
+            year: 2026,
+            month: 3,
+            day: 20,
+            hour: 0)))
+        let existing = planEntry(
+            at: hourStart.addingTimeInterval(14 * 60),
+            usedPercent: 0,
+            resetsAt: hourStart.addingTimeInterval(5 * 60 * 60 + 14 * 60 + 2))
+        let incoming = planEntry(
+            at: hourStart.addingTimeInterval(23 * 60),
+            usedPercent: 0,
+            resetsAt: hourStart.addingTimeInterval(5 * 60 * 60 + 14 * 60 + 3))
+
+        let updated = try #require(
+            UsageStore._updatedPlanUtilizationEntriesForTesting(
+                existingEntries: [existing],
+                entry: incoming))
+
+        #expect(updated.count == 1)
+        #expect(updated[0] == incoming)
+    }
+
+    @Test
+    func `same hour reset times within two minutes still keep single hourly peak`() throws {
+        let calendar = Calendar(identifier: .gregorian)
+        let hourStart = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone(secondsFromGMT: 0),
+            year: 2026,
+            month: 3,
+            day: 20,
+            hour: 0)))
+        let existing = planEntry(
+            at: hourStart.addingTimeInterval(21 * 60),
+            usedPercent: 10,
+            resetsAt: hourStart.addingTimeInterval(3 * 60 * 60))
+        let incoming = planEntry(
+            at: hourStart.addingTimeInterval(55 * 60),
+            usedPercent: 10,
+            resetsAt: hourStart.addingTimeInterval(3 * 60 * 60 + 1))
+
+        let updated = try #require(
+            UsageStore._updatedPlanUtilizationEntriesForTesting(
+                existingEntries: [existing],
+                entry: incoming))
+
+        #expect(updated.count == 1)
+        #expect(updated[0].capturedAt == incoming.capturedAt)
+        #expect(updated[0].usedPercent == 10)
+        #expect(updated[0].resetsAt == incoming.resetsAt)
+    }
+
+    @Test
+    func `same hour usage drop without meaningful reset still keeps single hourly peak`() throws {
+        let calendar = Calendar(identifier: .gregorian)
+        let hourStart = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone(secondsFromGMT: 0),
+            year: 2026,
+            month: 3,
+            day: 20,
+            hour: 0)))
+        let existing = planEntry(
+            at: hourStart.addingTimeInterval(15 * 60),
+            usedPercent: 40,
+            resetsAt: hourStart.addingTimeInterval(3 * 60 * 60))
+        let incoming = planEntry(
+            at: hourStart.addingTimeInterval(45 * 60),
+            usedPercent: 5,
+            resetsAt: hourStart.addingTimeInterval(3 * 60 * 60 + 30))
+
+        let updated = try #require(
+            UsageStore._updatedPlanUtilizationEntriesForTesting(
+                existingEntries: [existing],
+                entry: incoming))
+
+        #expect(updated.count == 1)
+        #expect(updated[0].capturedAt == existing.capturedAt)
+        #expect(updated[0].usedPercent == existing.usedPercent)
+        #expect(updated[0].resetsAt == incoming.resetsAt)
+    }
+
+    @Test
+    func `same hour reset keeps peak before reset and latest peak after reset`() throws {
+        let calendar = Calendar(identifier: .gregorian)
+        let hourStart = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone(secondsFromGMT: 0),
+            year: 2026,
+            month: 3,
+            day: 20,
+            hour: 0)))
+        let initial = [
+            planEntry(
+                at: hourStart.addingTimeInterval(5 * 60),
+                usedPercent: 40,
+                resetsAt: hourStart.addingTimeInterval(3 * 60 * 60)),
+            planEntry(
+                at: hourStart.addingTimeInterval(20 * 60),
+                usedPercent: 12,
+                resetsAt: hourStart.addingTimeInterval(8 * 60 * 60)),
+        ]
+        let incoming = planEntry(
+            at: hourStart.addingTimeInterval(45 * 60),
+            usedPercent: 18,
+            resetsAt: hourStart.addingTimeInterval(8 * 60 * 60))
+
+        let updated = try #require(
+            UsageStore._updatedPlanUtilizationEntriesForTesting(
+                existingEntries: initial,
+                entry: incoming))
+
+        #expect(updated.count == 2)
+        #expect(updated[0].usedPercent == 40)
+        #expect(updated[1].usedPercent == 18)
+        #expect(updated[1].resetsAt == incoming.resetsAt)
+    }
+
+    @Test
+    func `newer reset within hour replaces earlier post reset record`() throws {
+        let calendar = Calendar(identifier: .gregorian)
+        let hourStart = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone(secondsFromGMT: 0),
+            year: 2026,
+            month: 3,
+            day: 20,
+            hour: 0)))
+        let initial = [
+            planEntry(
+                at: hourStart.addingTimeInterval(5 * 60),
+                usedPercent: 40,
+                resetsAt: hourStart.addingTimeInterval(3 * 60 * 60)),
+            planEntry(
+                at: hourStart.addingTimeInterval(20 * 60),
+                usedPercent: 12,
+                resetsAt: hourStart.addingTimeInterval(8 * 60 * 60)),
+        ]
+        let incoming = planEntry(
+            at: hourStart.addingTimeInterval(50 * 60),
+            usedPercent: 3,
+            resetsAt: hourStart.addingTimeInterval(10 * 60 * 60))
+
+        let updated = try #require(
+            UsageStore._updatedPlanUtilizationEntriesForTesting(
+                existingEntries: initial,
+                entry: incoming))
+
+        #expect(updated.count == 2)
+        #expect(updated[0].usedPercent == 40)
+        #expect(updated[1] == incoming)
+    }
+
+    @Test
+    func `merged histories keep series separated by stable name`() throws {
+        let existing = [
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 20),
+            ]),
+        ]
+        let incoming = [
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 40),
+            ]),
+        ]
+
+        let updated = try #require(
+            UsageStore._updatedPlanUtilizationHistoriesForTesting(
+                existingHistories: existing,
+                samples: incoming))
+
+        #expect(findSeries(updated, name: .session, windowMinutes: 300) != nil)
+        #expect(findSeries(updated, name: .weekly, windowMinutes: 10080) != nil)
+    }
+}
diff --git a/Tests/CodexBarTests/UsageStorePlanUtilizationTests.swift b/Tests/CodexBarTests/UsageStorePlanUtilizationTests.swift
new file mode 100644
index 000000000..aa3207f6d
--- /dev/null
+++ b/Tests/CodexBarTests/UsageStorePlanUtilizationTests.swift
@@ -0,0 +1,1256 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+// swiftlint:disable:next type_body_length
+struct UsageStorePlanUtilizationTests {
+    @Test
+    func `coalesces changed usage within hour into single entry`() throws {
+        let calendar = Calendar(identifier: .gregorian)
+        let hourStart = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone(secondsFromGMT: 0),
+            year: 2026,
+            month: 3,
+            day: 17,
+            hour: 10)))
+        let first = planEntry(at: hourStart, usedPercent: 10)
+        let second = planEntry(at: hourStart.addingTimeInterval(25 * 60), usedPercent: 35)
+
+        let initial = try #require(
+            UsageStore._updatedPlanUtilizationEntriesForTesting(
+                existingEntries: [],
+                entry: first))
+        let updated = try #require(
+            UsageStore._updatedPlanUtilizationEntriesForTesting(
+                existingEntries: initial,
+                entry: second))
+
+        #expect(updated.count == 1)
+        #expect(updated.last == second)
+    }
+
+    @Test
+    func `changed reset boundary within hour appends new entry`() throws {
+        let calendar = Calendar(identifier: .gregorian)
+        let hourStart = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone(secondsFromGMT: 0),
+            year: 2026,
+            month: 3,
+            day: 17,
+            hour: 10)))
+        let first = planEntry(
+            at: hourStart.addingTimeInterval(5 * 60),
+            usedPercent: 82,
+            resetsAt: hourStart.addingTimeInterval(30 * 60))
+        let second = planEntry(
+            at: hourStart.addingTimeInterval(35 * 60),
+            usedPercent: 4,
+            resetsAt: hourStart.addingTimeInterval(5 * 60 * 60))
+
+        let initial = try #require(
+            UsageStore._updatedPlanUtilizationEntriesForTesting(
+                existingEntries: [],
+                entry: first))
+        let updated = try #require(
+            UsageStore._updatedPlanUtilizationEntriesForTesting(
+                existingEntries: initial,
+                entry: second))
+
+        #expect(updated.count == 2)
+        #expect(updated[0] == first)
+        #expect(updated[1] == second)
+    }
+
+    @Test
+    func `first known reset boundary within hour replaces earlier provisional peak even when usage drops`() throws {
+        let calendar = Calendar(identifier: .gregorian)
+        let hourStart = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone(secondsFromGMT: 0),
+            year: 2026,
+            month: 3,
+            day: 17,
+            hour: 10)))
+        let first = planEntry(
+            at: hourStart.addingTimeInterval(5 * 60),
+            usedPercent: 82,
+            resetsAt: nil)
+        let second = planEntry(
+            at: hourStart.addingTimeInterval(35 * 60),
+            usedPercent: 4,
+            resetsAt: hourStart.addingTimeInterval(5 * 60 * 60))
+
+        let initial = try #require(
+            UsageStore._updatedPlanUtilizationEntriesForTesting(
+                existingEntries: [],
+                entry: first))
+        let updated = try #require(
+            UsageStore._updatedPlanUtilizationEntriesForTesting(
+                existingEntries: initial,
+                entry: second))
+
+        #expect(updated.count == 1)
+        #expect(updated[0] == second)
+    }
+
+    @Test
+    func `trims entry history to retention limit`() throws {
+        let maxSamples = UsageStore._planUtilizationMaxSamplesForTesting
+        let base = Date(timeIntervalSince1970: 1_700_000_000)
+        var entries: [PlanUtilizationHistoryEntry] = []
+
+        for offset in 0..<maxSamples {
+            entries.append(planEntry(
+                at: base.addingTimeInterval(Double(offset) * 3600),
+                usedPercent: Double(offset % 100)))
+        }
+
+        let appended = planEntry(
+            at: base.addingTimeInterval(Double(maxSamples) * 3600),
+            usedPercent: 50)
+
+        let updated = try #require(
+            UsageStore._updatedPlanUtilizationEntriesForTesting(
+                existingEntries: entries,
+                entry: appended))
+
+        #expect(updated.count == maxSamples)
+        #expect(updated.first?.capturedAt == entries[1].capturedAt)
+        #expect(updated.last == appended)
+    }
+
+    @MainActor
+    @Test
+    func `native chart shows visible series tabs only`() {
+        let histories = [
+            planSeries(name: .session, windowMinutes: 0, entries: [
+                planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 90),
+            ]),
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 20),
+            ]),
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: Date(timeIntervalSince1970: 1_700_086_400), usedPercent: 48),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            histories: histories,
+            provider: .codex)
+
+        #expect(model.visibleSeries == ["session:300", "weekly:10080"])
+        #expect(model.selectedSeries == "session:300")
+    }
+
+    @MainActor
+    @Test
+    func `native chart folds near canonical codex windows into single tabs`() {
+        let histories = [
+            planSeries(name: .session, windowMinutes: 299, entries: [
+                planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 20),
+            ]),
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: Date(timeIntervalSince1970: 1_700_003_600), usedPercent: 30),
+            ]),
+            planSeries(name: .weekly, windowMinutes: 10079, entries: [
+                planEntry(at: Date(timeIntervalSince1970: 1_700_086_400), usedPercent: 40),
+            ]),
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: Date(timeIntervalSince1970: 1_700_172_800), usedPercent: 50),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            histories: histories,
+            provider: .codex)
+
+        #expect(model.visibleSeries == ["session:300", "weekly:10080"])
+        #expect(model.selectedSeries == "session:300")
+    }
+
+    @MainActor
+    @Test
+    func `claude history tabs match current snapshot bars`() {
+        let histories = [
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 20),
+            ]),
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: Date(timeIntervalSince1970: 1_700_086_400), usedPercent: 48),
+            ]),
+            planSeries(name: .opus, windowMinutes: 10080, entries: [
+                planEntry(at: Date(timeIntervalSince1970: 1_700_086_400), usedPercent: 12),
+            ]),
+        ]
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 3, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 10, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            tertiary: nil,
+            updatedAt: Date(timeIntervalSince1970: 1_700_086_400),
+            identity: nil)
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            histories: histories,
+            provider: .claude,
+            snapshot: snapshot)
+
+        #expect(model.visibleSeries == ["session:300", "weekly:10080"])
+        #expect(model.selectedSeries == "session:300")
+    }
+
+    @MainActor
+    @Test
+    func `session chart uses native reset boundaries and fills missing windows`() throws {
+        let calendar = Calendar(identifier: .gregorian)
+        let firstBoundary = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone.current,
+            year: 2026,
+            month: 3,
+            day: 4,
+            hour: 10)))
+        let thirdBoundary = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone.current,
+            year: 2026,
+            month: 3,
+            day: 4,
+            hour: 20)))
+        let histories = [
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: firstBoundary.addingTimeInterval(-30 * 60), usedPercent: 62, resetsAt: firstBoundary),
+                planEntry(at: thirdBoundary.addingTimeInterval(-30 * 60), usedPercent: 20, resetsAt: thirdBoundary),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            selectedSeriesRawValue: "session:300",
+            histories: histories,
+            provider: .codex,
+            referenceDate: thirdBoundary)
+
+        #expect(model.pointCount == 3)
+        #expect(model.usedPercents == [62, 0, 20])
+        #expect(model.pointDates == [
+            formattedBoundary(firstBoundary),
+            formattedBoundary(firstBoundary.addingTimeInterval(5 * 60 * 60)),
+            formattedBoundary(thirdBoundary),
+        ])
+    }
+
+    @MainActor
+    @Test
+    func `session chart labels only day changes`() throws {
+        let calendar = Calendar(identifier: .gregorian)
+        let firstBoundary = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone.current,
+            year: 2026,
+            month: 3,
+            day: 4,
+            hour: 20)))
+        let thirdBoundary = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone.current,
+            year: 2026,
+            month: 3,
+            day: 5,
+            hour: 6)))
+        let histories = [
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: firstBoundary.addingTimeInterval(-30 * 60), usedPercent: 62, resetsAt: firstBoundary),
+                planEntry(at: thirdBoundary.addingTimeInterval(-30 * 60), usedPercent: 20, resetsAt: thirdBoundary),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            selectedSeriesRawValue: "session:300",
+            histories: histories,
+            provider: .codex,
+            referenceDate: thirdBoundary)
+
+        #expect(model.axisIndexes == [0])
+    }
+
+    @MainActor
+    @Test
+    func `session chart labels every second day change`() throws {
+        let calendar = Calendar(identifier: .gregorian)
+        let firstBoundary = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone.current,
+            year: 2026,
+            month: 3,
+            day: 4,
+            hour: 20)))
+        let secondBoundary = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone.current,
+            year: 2026,
+            month: 3,
+            day: 5,
+            hour: 6)))
+        let thirdBoundary = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone.current,
+            year: 2026,
+            month: 3,
+            day: 6,
+            hour: 6)))
+        let fourthBoundary = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone.current,
+            year: 2026,
+            month: 3,
+            day: 7,
+            hour: 6)))
+        let histories = [
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: firstBoundary.addingTimeInterval(-30 * 60), usedPercent: 62, resetsAt: firstBoundary),
+                planEntry(at: secondBoundary.addingTimeInterval(-30 * 60), usedPercent: 20, resetsAt: secondBoundary),
+                planEntry(at: thirdBoundary.addingTimeInterval(-30 * 60), usedPercent: 35, resetsAt: thirdBoundary),
+                planEntry(at: fourthBoundary.addingTimeInterval(-30 * 60), usedPercent: 18, resetsAt: fourthBoundary),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            selectedSeriesRawValue: "session:300",
+            histories: histories,
+            provider: .codex,
+            referenceDate: fourthBoundary)
+
+        #expect(model.axisIndexes == [0])
+    }
+
+    @MainActor
+    @Test
+    func `session chart drops trailing day label when it would clip at chart edge`() throws {
+        let calendar = Calendar(identifier: .gregorian)
+        let firstBoundary = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone.current,
+            year: 2026,
+            month: 3,
+            day: 4,
+            hour: 20)))
+        let secondBoundary = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone.current,
+            year: 2026,
+            month: 3,
+            day: 5,
+            hour: 6)))
+        let thirdBoundary = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone.current,
+            year: 2026,
+            month: 3,
+            day: 6,
+            hour: 6)))
+        let fourthBoundary = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone.current,
+            year: 2026,
+            month: 3,
+            day: 7,
+            hour: 20)))
+        let histories = [
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: firstBoundary.addingTimeInterval(-30 * 60), usedPercent: 62, resetsAt: firstBoundary),
+                planEntry(at: secondBoundary.addingTimeInterval(-30 * 60), usedPercent: 20, resetsAt: secondBoundary),
+                planEntry(at: thirdBoundary.addingTimeInterval(-30 * 60), usedPercent: 35, resetsAt: thirdBoundary),
+                planEntry(at: fourthBoundary.addingTimeInterval(-30 * 60), usedPercent: 18, resetsAt: fourthBoundary),
+            ]),
+        ]
+
+        let model = PlanUtilizationHistoryChartMenuView._modelSnapshotForTesting(
+            selectedSeriesRawValue: "session:300",
+            histories: histories,
+            provider: .codex,
+            referenceDate: fourthBoundary)
+
+        #expect(model.axisIndexes == [0, 10])
+    }
+
+    @MainActor
+    @Test
+    func `detail line shows used and wasted without provenance copy`() {
+        let boundary = Date(timeIntervalSince1970: 1_710_000_000)
+        let histories = [
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: boundary.addingTimeInterval(-30 * 60), usedPercent: 48, resetsAt: boundary),
+            ]),
+        ]
+
+        let detail = PlanUtilizationHistoryChartMenuView._detailLineForTesting(
+            selectedSeriesRawValue: "session:300",
+            histories: histories,
+            provider: .codex,
+            referenceDate: boundary.addingTimeInterval(-1))
+
+        #expect(detail.contains("48% used"))
+        #expect(!detail.contains("Provider-reported"))
+        #expect(!detail.contains("Estimated"))
+        #expect(!detail.contains("wasted"))
+    }
+
+    @MainActor
+    @Test
+    func `detail line shows dash for missing window`() {
+        let boundary = Date(timeIntervalSince1970: 1_710_000_000)
+        let histories = [
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: boundary.addingTimeInterval(-30 * 60), usedPercent: 48, resetsAt: boundary),
+            ]),
+        ]
+
+        let detail = PlanUtilizationHistoryChartMenuView._detailLineForTesting(
+            selectedSeriesRawValue: "session:300",
+            histories: histories,
+            provider: .codex,
+            referenceDate: boundary.addingTimeInterval(5 * 60 * 60))
+
+        #expect(detail.contains(": -"))
+    }
+
+    @MainActor
+    @Test
+    func `detail line keeps zero percent for observed zero usage`() {
+        let boundary = Date(timeIntervalSince1970: 1_710_000_000)
+        let histories = [
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: boundary.addingTimeInterval(-30 * 60), usedPercent: 0, resetsAt: boundary),
+            ]),
+        ]
+
+        let detail = PlanUtilizationHistoryChartMenuView._detailLineForTesting(
+            selectedSeriesRawValue: "session:300",
+            histories: histories,
+            provider: .codex,
+            referenceDate: boundary.addingTimeInterval(-1))
+
+        #expect(detail.contains("0% used"))
+        #expect(!detail.contains(": -"))
+    }
+
+    @MainActor
+    @Test
+    func `detail line uses lowercase am pm for session hover`() {
+        let previousLanguage = UserDefaults.standard.object(forKey: "appLanguage")
+        UserDefaults.standard.set("en", forKey: "appLanguage")
+        defer {
+            if let previousLanguage {
+                UserDefaults.standard.set(previousLanguage, forKey: "appLanguage")
+            } else {
+                UserDefaults.standard.removeObject(forKey: "appLanguage")
+            }
+        }
+
+        let boundary = Date(timeIntervalSince1970: 1_710_048_000) // Mar 11, 2024 1:20 pm UTC
+        let histories = [
+            planSeries(name: .session, windowMinutes: 300, entries: [
+                planEntry(at: boundary.addingTimeInterval(-30 * 60), usedPercent: 48, resetsAt: boundary),
+            ]),
+        ]
+
+        let detail = PlanUtilizationHistoryChartMenuView._detailLineForTesting(
+            selectedSeriesRawValue: "session:300",
+            histories: histories,
+            provider: .codex,
+            referenceDate: boundary.addingTimeInterval(-1))
+
+        #expect(detail.contains(" am") || detail.contains(" pm"))
+        #expect(!detail.contains("PM"))
+        #expect(!detail.contains("AM"))
+    }
+
+    @MainActor
+    @Test
+    func `detail line uses lowercase am pm for weekly hover`() {
+        let previousLanguage = UserDefaults.standard.object(forKey: "appLanguage")
+        UserDefaults.standard.set("en", forKey: "appLanguage")
+        defer {
+            if let previousLanguage {
+                UserDefaults.standard.set(previousLanguage, forKey: "appLanguage")
+            } else {
+                UserDefaults.standard.removeObject(forKey: "appLanguage")
+            }
+        }
+
+        let boundary = Date(timeIntervalSince1970: 1_710_048_000) // Mar 11, 2024 1:20 pm UTC
+        let histories = [
+            planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                planEntry(at: boundary.addingTimeInterval(-30 * 60), usedPercent: 48, resetsAt: boundary),
+            ]),
+        ]
+
+        let detail = PlanUtilizationHistoryChartMenuView._detailLineForTesting(
+            selectedSeriesRawValue: "weekly:10080",
+            histories: histories,
+            provider: .codex,
+            referenceDate: boundary.addingTimeInterval(-1))
+
+        #expect(detail.contains(" am") || detail.contains(" pm"))
+        #expect(!detail.contains("PM"))
+        #expect(!detail.contains("AM"))
+    }
+
+    @Test
+    func `chart empty state shows series specific message`() {
+        let text = PlanUtilizationHistoryChartMenuView._emptyStateTextForTesting(title: "Session")
+        #expect(text == "No session utilization data yet.")
+    }
+
+    @Test
+    func `chart empty state shows series specific message when not refreshing`() {
+        let text = PlanUtilizationHistoryChartMenuView._emptyStateTextForTesting(title: "Weekly")
+        #expect(text == "No weekly utilization data yet.")
+    }
+
+    @MainActor
+    @Test
+    func `plan history selects current account bucket`() throws {
+        let store = Self.makeStore()
+        let aliceSnapshot = Self.makeSnapshot(provider: .codex, email: "alice@example.com")
+        let bobSnapshot = Self.makeSnapshot(provider: .codex, email: "bob@example.com")
+        let aliceKey = try #require(
+            UsageStore._planUtilizationAccountKeyForTesting(
+                provider: .codex,
+                snapshot: aliceSnapshot))
+        let bobKey = try #require(
+            UsageStore._planUtilizationAccountKeyForTesting(
+                provider: .codex,
+                snapshot: bobSnapshot))
+
+        let bootstrap = planSeries(name: .session, windowMinutes: 300, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_699_913_600), usedPercent: 90),
+        ])
+        let aliceWeekly = planSeries(name: .weekly, windowMinutes: 10080, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 20),
+        ])
+        let bobWeekly = planSeries(name: .weekly, windowMinutes: 10080, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_700_086_400), usedPercent: 50),
+        ])
+
+        store.planUtilizationHistory[.codex] = PlanUtilizationHistoryBuckets(
+            unscoped: [bootstrap],
+            accounts: [
+                aliceKey: [aliceWeekly],
+                bobKey: [bobWeekly],
+            ])
+
+        store._setSnapshotForTesting(aliceSnapshot, provider: .codex)
+        let aliceHistory = store.planUtilizationHistory(for: .codex)
+        #expect(store.planUtilizationHistory[.codex]?.preferredAccountKey == aliceKey)
+        #expect(aliceHistory == [aliceWeekly])
+        #expect(store.planUtilizationHistory[.codex]?.unscoped == [bootstrap])
+
+        store._setSnapshotForTesting(bobSnapshot, provider: .codex)
+        let bobHistory = store.planUtilizationHistory(for: .codex)
+        #expect(store.planUtilizationHistory[.codex]?.preferredAccountKey == bobKey)
+        #expect(bobHistory == [bobWeekly])
+    }
+
+    @MainActor
+    @Test
+    func `plan utilization menu hides while refreshing without current snapshot`() throws {
+        let store = Self.makeStore()
+        let claudeKey = try #require(
+            UsageStore._planUtilizationAccountKeyForTesting(
+                provider: .claude,
+                snapshot: Self.makeSnapshot(provider: .claude, email: "alice@example.com")))
+        let weekly = planSeries(name: .weekly, windowMinutes: 10080, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 64),
+        ])
+        store.planUtilizationHistory[.claude] = PlanUtilizationHistoryBuckets(
+            preferredAccountKey: claudeKey,
+            accounts: [
+                claudeKey: [weekly],
+            ])
+        store.refreshingProviders.insert(.claude)
+        store._setSnapshotForTesting(nil, provider: .claude)
+
+        #expect(store.shouldShowRefreshingMenuCard(for: .claude))
+        #expect(store.shouldHidePlanUtilizationMenuItem(for: .claude))
+    }
+
+    @MainActor
+    @Test
+    func `plan utilization menu stays visible with stored snapshot even during refresh`() throws {
+        let store = Self.makeStore()
+        let codexSnapshot = Self.makeSnapshot(provider: .codex, email: "alice@example.com")
+        let codexKey = try #require(
+            UsageStore._planUtilizationAccountKeyForTesting(
+                provider: .codex,
+                snapshot: codexSnapshot))
+        let weekly = planSeries(name: .weekly, windowMinutes: 10080, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 64),
+        ])
+        store.planUtilizationHistory[.codex] = PlanUtilizationHistoryBuckets(
+            preferredAccountKey: codexKey,
+            accounts: [
+                codexKey: [weekly],
+            ])
+        store.refreshingProviders.insert(.codex)
+        store._setSnapshotForTesting(codexSnapshot, provider: .codex)
+
+        #expect(!store.shouldShowRefreshingMenuCard(for: .codex))
+        #expect(!store.shouldHidePlanUtilizationMenuItem(for: .codex))
+        let histories = store.planUtilizationHistory(for: .codex)
+        #expect(store.planUtilizationHistory[.codex]?.preferredAccountKey == codexKey)
+        #expect(histories == [weekly])
+    }
+
+    @MainActor
+    @Test
+    func `codex plan utilization menu hides during provider only refresh without snapshot`() {
+        let store = Self.makeStore()
+        store.refreshingProviders.insert(.codex)
+        store._setSnapshotForTesting(nil, provider: .codex)
+
+        #expect(store.shouldShowRefreshingMenuCard(for: .codex))
+        #expect(store.shouldHidePlanUtilizationMenuItem(for: .codex))
+    }
+
+    @MainActor
+    @Test
+    func `record plan history persists named series from snapshot`() async {
+        let store = Self.makeStore()
+        let primaryReset = Date(timeIntervalSince1970: 1_710_000_000)
+        let secondaryReset = Date(timeIntervalSince1970: 1_710_086_400)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 110,
+                windowMinutes: 300,
+                resetsAt: primaryReset,
+                resetDescription: "5h"),
+            secondary: RateWindow(
+                usedPercent: -20,
+                windowMinutes: 10080,
+                resetsAt: secondaryReset,
+                resetDescription: "7d"),
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: "alice@example.com",
+                accountOrganization: nil,
+                loginMethod: "plus"))
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+
+        await store.recordPlanUtilizationHistorySample(
+            provider: .codex,
+            snapshot: snapshot,
+            now: Date(timeIntervalSince1970: 1_700_000_000))
+
+        let histories = store.planUtilizationHistory(for: .codex)
+        #expect(findSeries(histories, name: .session, windowMinutes: 300)?.entries.last?.usedPercent == 100)
+        #expect(findSeries(histories, name: .session, windowMinutes: 300)?.entries.last?.resetsAt == primaryReset)
+        #expect(findSeries(histories, name: .weekly, windowMinutes: 10080)?.entries.last?.usedPercent == 0)
+        #expect(findSeries(histories, name: .weekly, windowMinutes: 10080)?.entries.last?.resetsAt == secondaryReset)
+    }
+
+    @MainActor
+    @Test
+    func `record plan history skips invalid zero minute windows`() async {
+        let store = Self.makeStore()
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 25,
+                windowMinutes: 0,
+                resetsAt: Date(timeIntervalSince1970: 1_710_000_000),
+                resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: 44,
+                windowMinutes: 10080,
+                resetsAt: Date(timeIntervalSince1970: 1_710_086_400),
+                resetDescription: nil),
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: "alice@example.com",
+                accountOrganization: nil,
+                loginMethod: "plus"))
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+
+        await store.recordPlanUtilizationHistorySample(
+            provider: .codex,
+            snapshot: snapshot,
+            now: Date(timeIntervalSince1970: 1_700_000_000))
+
+        let histories = store.planUtilizationHistory(for: .codex)
+        #expect(findSeries(histories, name: .session, windowMinutes: 0) == nil)
+        #expect(findSeries(histories, name: .weekly, windowMinutes: 10080)?.entries.last?.usedPercent == 44)
+    }
+
+    @MainActor
+    @Test
+    func `record plan history keeps semantic codex lanes when durations drift`() async {
+        let store = Self.makeStore()
+        let primaryReset = Date(timeIntervalSince1970: 1_710_000_000)
+        let secondaryReset = Date(timeIntervalSince1970: 1_710_086_400)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(
+                usedPercent: 18,
+                windowMinutes: 360,
+                resetsAt: primaryReset,
+                resetDescription: "6h"),
+            secondary: RateWindow(
+                usedPercent: 42,
+                windowMinutes: 11040,
+                resetsAt: secondaryReset,
+                resetDescription: "7.67d"),
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .codex,
+                accountEmail: "alice@example.com",
+                accountOrganization: nil,
+                loginMethod: "plus"))
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+
+        await store.recordPlanUtilizationHistorySample(
+            provider: .codex,
+            snapshot: snapshot,
+            now: Date(timeIntervalSince1970: 1_700_000_000))
+
+        let histories = store.planUtilizationHistory(for: .codex)
+        #expect(findSeries(histories, name: .session, windowMinutes: 360)?.entries.last?.usedPercent == 18)
+        #expect(findSeries(histories, name: .session, windowMinutes: 360)?.entries.last?.resetsAt == primaryReset)
+        #expect(findSeries(histories, name: .weekly, windowMinutes: 11040)?.entries.last?.usedPercent == 42)
+        #expect(findSeries(histories, name: .weekly, windowMinutes: 11040)?.entries.last?.resetsAt == secondaryReset)
+    }
+
+    @MainActor
+    @Test
+    func `record plan history stores claude opus as separate series`() async {
+        let store = Self.makeStore()
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 20, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 30, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: "alice@example.com",
+                accountOrganization: nil,
+                loginMethod: "max"))
+        store._setSnapshotForTesting(snapshot, provider: .claude)
+
+        await store.recordPlanUtilizationHistorySample(
+            provider: .claude,
+            snapshot: snapshot,
+            now: Date(timeIntervalSince1970: 1_700_000_000))
+
+        let histories = store.planUtilizationHistory(for: .claude)
+        #expect(findSeries(histories, name: .session, windowMinutes: 300)?.entries.last?.usedPercent == 10)
+        #expect(findSeries(histories, name: .weekly, windowMinutes: 10080)?.entries.last?.usedPercent == 20)
+        #expect(findSeries(histories, name: .opus, windowMinutes: 10080)?.entries.last?.usedPercent == 30)
+    }
+
+    @MainActor
+    @Test
+    func `weekly quota celebration posts when weekly usage resets to zero`() async {
+        let store = Self.makeStore()
+        let accountLabel = "reset-zero@example.com"
+        let recorder = WeeklyLimitResetEventRecorder(provider: .claude, accountLabel: accountLabel)
+        defer { recorder.invalidate() }
+
+        let before = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 99, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date(timeIntervalSince1970: 1_700_000_000),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: accountLabel,
+                accountOrganization: nil,
+                loginMethod: "max"))
+        let after = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 0, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date(timeIntervalSince1970: 1_700_003_600),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: accountLabel,
+                accountOrganization: nil,
+                loginMethod: "max"))
+
+        await store.recordPlanUtilizationHistorySample(provider: .claude, snapshot: before, now: before.updatedAt)
+        await store.recordPlanUtilizationHistorySample(provider: .claude, snapshot: after, now: after.updatedAt)
+
+        let events = recorder.events
+        #expect(events.count == 1)
+        #expect(events[0].provider == .claude)
+        #expect(events[0].accountLabel == accountLabel)
+        #expect(events[0].usedPercent == 0)
+    }
+
+    @MainActor
+    @Test
+    func `weekly quota celebration posts when reset lands mid hour without history split`() async {
+        let store = Self.makeStore()
+        let accountLabel = "mid-hour-reset@example.com"
+        let recorder = WeeklyLimitResetEventRecorder(provider: .claude, accountLabel: accountLabel)
+        defer { recorder.invalidate() }
+
+        let before = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: 40,
+                windowMinutes: 10080,
+                resetsAt: Date(timeIntervalSince1970: 1_700_100_000),
+                resetDescription: nil),
+            updatedAt: Date(timeIntervalSince1970: 1_700_000_000),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: accountLabel,
+                accountOrganization: nil,
+                loginMethod: "max"))
+        let after = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(
+                usedPercent: 0,
+                windowMinutes: 10080,
+                resetsAt: Date(timeIntervalSince1970: 1_700_100_030),
+                resetDescription: nil),
+            updatedAt: Date(timeIntervalSince1970: 1_700_001_800),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: accountLabel,
+                accountOrganization: nil,
+                loginMethod: "max"))
+
+        await store.recordPlanUtilizationHistorySample(provider: .claude, snapshot: before, now: before.updatedAt)
+        await store.recordPlanUtilizationHistorySample(provider: .claude, snapshot: after, now: after.updatedAt)
+
+        let histories = store.planUtilizationHistory(for: .claude)
+        #expect(findSeries(histories, name: .weekly, windowMinutes: 10080)?.entries.count == 1)
+        #expect(findSeries(histories, name: .weekly, windowMinutes: 10080)?.entries.last?.usedPercent == 40)
+        let events = recorder.events
+        #expect(events.count == 1)
+        #expect(events[0].usedPercent == 0)
+    }
+
+    @MainActor
+    @Test
+    func `weekly quota celebration ignores first seen reset sample`() async {
+        let store = Self.makeStore()
+        let accountLabel = "first-seen-reset@example.com"
+        let recorder = WeeklyLimitResetEventRecorder(provider: .claude, accountLabel: accountLabel)
+        defer { recorder.invalidate() }
+
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 0, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date(timeIntervalSince1970: 1_700_000_000),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: accountLabel,
+                accountOrganization: nil,
+                loginMethod: "max"))
+
+        await store.recordPlanUtilizationHistorySample(provider: .claude, snapshot: snapshot, now: snapshot.updatedAt)
+
+        #expect(recorder.events.isEmpty)
+    }
+
+    @MainActor
+    @Test
+    func `weekly quota celebration fires once across repeated low samples`() async {
+        let store = Self.makeStore()
+        let accountLabel = "repeated-low@example.com"
+        let recorder = WeeklyLimitResetEventRecorder(provider: .claude, accountLabel: accountLabel)
+        defer { recorder.invalidate() }
+
+        let before = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 60, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date(timeIntervalSince1970: 1_700_000_000),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: accountLabel,
+                accountOrganization: nil,
+                loginMethod: "max"))
+        let firstLow = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 1, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date(timeIntervalSince1970: 1_700_001_800),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: accountLabel,
+                accountOrganization: nil,
+                loginMethod: "max"))
+        let secondLow = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 0, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date(timeIntervalSince1970: 1_700_002_100),
+            identity: ProviderIdentitySnapshot(
+                providerID: .claude,
+                accountEmail: accountLabel,
+                accountOrganization: nil,
+                loginMethod: "max"))
+
+        await store.recordPlanUtilizationHistorySample(provider: .claude, snapshot: before, now: before.updatedAt)
+        await store.recordPlanUtilizationHistorySample(provider: .claude, snapshot: firstLow, now: firstLow.updatedAt)
+        await store.recordPlanUtilizationHistorySample(provider: .claude, snapshot: secondLow, now: secondLow.updatedAt)
+
+        let events = recorder.events
+        #expect(events.count == 1)
+        #expect(events[0].usedPercent == 1)
+    }
+
+    @MainActor
+    @Test
+    func `weekly quota celebration posts for generic provider weekly lane`() async {
+        let store = Self.makeStore()
+        let accountLabel = "zai-reset-org"
+        let recorder = WeeklyLimitResetEventRecorder(provider: .zai, accountLabel: accountLabel)
+        defer { recorder.invalidate() }
+
+        let before = UsageSnapshot(
+            primary: RateWindow(usedPercent: 92, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 15, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date(timeIntervalSince1970: 1_700_000_000),
+            identity: ProviderIdentitySnapshot(
+                providerID: .zai,
+                accountEmail: nil,
+                accountOrganization: accountLabel,
+                loginMethod: "pro"))
+        let after = UsageSnapshot(
+            primary: RateWindow(usedPercent: 0, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 15, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date(timeIntervalSince1970: 1_700_003_600),
+            identity: ProviderIdentitySnapshot(
+                providerID: .zai,
+                accountEmail: nil,
+                accountOrganization: accountLabel,
+                loginMethod: "pro"))
+
+        await store.recordPlanUtilizationHistorySample(provider: .zai, snapshot: before, now: before.updatedAt)
+        await store.recordPlanUtilizationHistorySample(provider: .zai, snapshot: after, now: after.updatedAt)
+
+        let events = recorder.events
+        #expect(events.count == 1)
+        #expect(events[0].provider == .zai)
+        #expect(events[0].accountLabel == accountLabel)
+        #expect(events[0].usedPercent == 0)
+    }
+
+    @MainActor
+    @Test
+    func `concurrent plan history writes coalesce within single hour bucket per series`() async throws {
+        let store = Self.makeStore()
+        let snapshot = Self.makeSnapshot(provider: .codex, email: "alice@example.com")
+        store._setSnapshotForTesting(snapshot, provider: .codex)
+        let calendar = Calendar(identifier: .gregorian)
+        let hourStart = try #require(calendar.date(from: DateComponents(
+            timeZone: TimeZone(secondsFromGMT: 0),
+            year: 2026,
+            month: 3,
+            day: 17,
+            hour: 10)))
+        let writeTimes = [
+            hourStart.addingTimeInterval(5 * 60),
+            hourStart.addingTimeInterval(25 * 60),
+            hourStart.addingTimeInterval(45 * 60),
+        ]
+
+        await withTaskGroup(of: Void.self) { group in
+            for writeTime in writeTimes {
+                group.addTask {
+                    await store.recordPlanUtilizationHistorySample(
+                        provider: .codex,
+                        snapshot: snapshot,
+                        now: writeTime)
+                }
+            }
+        }
+
+        let histories = try #require(store.planUtilizationHistory[.codex]?.accounts.values.first)
+        #expect(findSeries(histories, name: .session, windowMinutes: 300)?.entries.count == 1)
+        #expect(findSeries(histories, name: .weekly, windowMinutes: 10080)?.entries.count == 1)
+    }
+
+    @Test
+    func `runtime does not load unsupported plan history file`() throws {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let directoryURL = root
+            .appendingPathComponent("com.steipete.codexbar", isDirectory: true)
+            .appendingPathComponent("history", isDirectory: true)
+        let providerURL = directoryURL.appendingPathComponent("codex.json")
+        let store = PlanUtilizationHistoryStore(directoryURL: directoryURL)
+        try FileManager.default.createDirectory(
+            at: directoryURL,
+            withIntermediateDirectories: true)
+
+        let unsupportedJSON = """
+        {
+          "version": 999,
+          "unscoped": [],
+          "accounts": {}
+        }
+        """
+        try Data(unsupportedJSON.utf8).write(to: providerURL, options: Data.WritingOptions.atomic)
+
+        let loaded = store.load()
+        #expect(loaded.isEmpty)
+    }
+
+    @Test
+    func `store drops invalid zero minute and empty histories when loading and saving`() throws {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let directoryURL = root
+            .appendingPathComponent("com.steipete.codexbar", isDirectory: true)
+            .appendingPathComponent("history", isDirectory: true)
+        let providerURL = directoryURL.appendingPathComponent("codex.json")
+        let store = PlanUtilizationHistoryStore(directoryURL: directoryURL)
+        try FileManager.default.createDirectory(
+            at: directoryURL,
+            withIntermediateDirectories: true)
+
+        let validUnscoped = planSeries(name: .session, windowMinutes: 300, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 12),
+        ])
+        let validAccount = planSeries(name: .weekly, windowMinutes: 10080, entries: [
+            planEntry(at: Date(timeIntervalSince1970: 1_700_086_400), usedPercent: 64),
+        ])
+        let document = PersistedFixtureDocument(
+            version: 1,
+            preferredAccountKey: "alice",
+            unscoped: [
+                planSeries(name: .session, windowMinutes: 0, entries: [
+                    planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 99),
+                ]),
+                planSeries(name: .weekly, windowMinutes: 10080, entries: []),
+                validUnscoped,
+            ],
+            accounts: [
+                "alice": [
+                    planSeries(name: .session, windowMinutes: 0, entries: [
+                        planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 88),
+                    ]),
+                    validAccount,
+                ],
+                "empty": [
+                    planSeries(name: .weekly, windowMinutes: 10080, entries: []),
+                ],
+            ])
+        let encoder = JSONEncoder()
+        encoder.dateEncodingStrategy = .iso8601
+        try encoder.encode(document).write(to: providerURL, options: Data.WritingOptions.atomic)
+
+        let loaded = store.load()
+        let loadedBuckets = try #require(loaded[.codex])
+        #expect(loadedBuckets.unscoped == [validUnscoped])
+        #expect(loadedBuckets.accounts == ["alice": [validAccount]])
+
+        store.save(loaded)
+
+        let decoder = JSONDecoder()
+        decoder.dateDecodingStrategy = .iso8601
+        let rewritten = try decoder.decode(PersistedFixtureDocument.self, from: Data(contentsOf: providerURL))
+        #expect(rewritten.unscoped == [validUnscoped])
+        #expect(rewritten.accounts == ["alice": [validAccount]])
+    }
+
+    @Test
+    func `store round trips account buckets with series entries`() {
+        let root = FileManager.default.temporaryDirectory
+            .appendingPathComponent(UUID().uuidString, isDirectory: true)
+        let directoryURL = root
+            .appendingPathComponent("com.steipete.codexbar", isDirectory: true)
+            .appendingPathComponent("history", isDirectory: true)
+        let store = PlanUtilizationHistoryStore(directoryURL: directoryURL)
+        let buckets = PlanUtilizationHistoryBuckets(
+            preferredAccountKey: "alice",
+            unscoped: [
+                planSeries(name: .session, windowMinutes: 300, entries: [
+                    planEntry(at: Date(timeIntervalSince1970: 1_699_913_600), usedPercent: 50),
+                ]),
+            ],
+            accounts: [
+                "alice": [
+                    planSeries(name: .session, windowMinutes: 300, entries: [
+                        planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 10),
+                    ]),
+                    planSeries(name: .weekly, windowMinutes: 10080, entries: [
+                        planEntry(at: Date(timeIntervalSince1970: 1_700_000_000), usedPercent: 20),
+                    ]),
+                ],
+            ])
+
+        store.save([.codex: buckets])
+        let loaded = store.load()
+
+        #expect(loaded == [.codex: buckets])
+    }
+}
+
+extension UsageStorePlanUtilizationTests {
+    private struct PersistedFixtureDocument: Codable {
+        let version: Int
+        let preferredAccountKey: String?
+        let unscoped: [PlanUtilizationSeriesHistory]
+        let accounts: [String: [PlanUtilizationSeriesHistory]]
+    }
+
+    private struct FixtureDocument: Decodable {
+        let preferredAccountKey: String?
+        let unscoped: [PlanUtilizationSeriesHistory]
+        let accounts: [String: [PlanUtilizationSeriesHistory]]
+    }
+
+    @MainActor
+    static func makeStore() -> UsageStore {
+        let suiteName = "UsageStorePlanUtilizationTests-\(UUID().uuidString)"
+        guard let defaults = UserDefaults(suiteName: suiteName) else {
+            fatalError("Failed to create isolated UserDefaults suite for tests")
+        }
+        defaults.removePersistentDomain(forName: suiteName)
+        let configStore = testConfigStore(suiteName: suiteName)
+        let planHistoryStore = testPlanUtilizationHistoryStore(suiteName: suiteName)
+        let temporaryRoot = FileManager.default.temporaryDirectory.standardizedFileURL.path
+        let managedStoreURL = FileManager.default.temporaryDirectory
+            .appendingPathComponent("\(suiteName)-managed-codex-accounts.json")
+        precondition(configStore.fileURL.standardizedFileURL.path.hasPrefix(temporaryRoot))
+        precondition(configStore.fileURL.standardizedFileURL != CodexBarConfigStore.defaultURL().standardizedFileURL)
+        if let historyURL = planHistoryStore.directoryURL?.standardizedFileURL {
+            precondition(historyURL.path.hasPrefix(temporaryRoot))
+        }
+        let managedStore = FileManagedCodexAccountStore(fileURL: managedStoreURL)
+        try? FileManager.default.removeItem(at: managedStoreURL)
+        do {
+            try managedStore.storeAccounts(ManagedCodexAccountSet(
+                version: FileManagedCodexAccountStore.currentVersion,
+                accounts: []))
+        } catch {
+            fatalError("Failed to seed isolated managed Codex account store: \(error)")
+        }
+        let isolatedSettings = SettingsStore(
+            userDefaults: defaults,
+            configStore: configStore,
+            tokenAccountStore: InMemoryTokenAccountStore())
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: isolatedSettings,
+            planUtilizationHistoryStore: planHistoryStore,
+            startupBehavior: .testing)
+        isolatedSettings._test_managedCodexAccountStoreURL = managedStoreURL
+        isolatedSettings.codexActiveSource = .liveSystem
+        store.planUtilizationHistory = [:]
+        return store
+    }
+
+    static func makeSnapshot(provider: UsageProvider, email: String) -> UsageSnapshot {
+        UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: 300, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 20, windowMinutes: 10080, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: provider,
+                accountEmail: email,
+                accountOrganization: nil,
+                loginMethod: "plus"))
+    }
+
+    static func loadPlanUtilizationFixture(named name: String) throws -> PlanUtilizationHistoryBuckets {
+        let fixtureURL = URL(fileURLWithPath: #filePath)
+            .deletingLastPathComponent()
+            .appendingPathComponent("Fixtures", isDirectory: true)
+            .appendingPathComponent(name, isDirectory: false)
+        let data = try Data(contentsOf: fixtureURL)
+        let decoder = JSONDecoder()
+        decoder.dateDecodingStrategy = .iso8601
+        let document = try decoder.decode(FixtureDocument.self, from: data)
+        return PlanUtilizationHistoryBuckets(
+            preferredAccountKey: document.preferredAccountKey,
+            unscoped: document.unscoped,
+            accounts: document.accounts)
+    }
+}
+
+func planEntry(at capturedAt: Date, usedPercent: Double, resetsAt: Date? = nil) -> PlanUtilizationHistoryEntry {
+    PlanUtilizationHistoryEntry(capturedAt: capturedAt, usedPercent: usedPercent, resetsAt: resetsAt)
+}
+
+func planSeries(
+    name: PlanUtilizationSeriesName,
+    windowMinutes: Int,
+    entries: [PlanUtilizationHistoryEntry]) -> PlanUtilizationSeriesHistory
+{
+    PlanUtilizationSeriesHistory(name: name, windowMinutes: windowMinutes, entries: entries)
+}
+
+func findSeries(
+    _ histories: [PlanUtilizationSeriesHistory],
+    name: PlanUtilizationSeriesName,
+    windowMinutes: Int) -> PlanUtilizationSeriesHistory?
+{
+    histories.first { $0.name == name && $0.windowMinutes == windowMinutes }
+}
+
+private final class WeeklyLimitResetEventRecorder: @unchecked Sendable {
+    struct Event {
+        let provider: UsageProvider
+        let accountLabel: String?
+        let usedPercent: Double
+    }
+
+    private let provider: UsageProvider
+    private let accountLabel: String?
+    private let lock = NSLock()
+    private var observedEvents: [Event] = []
+    private var token: NSObjectProtocol?
+
+    init(provider: UsageProvider, accountLabel: String?) {
+        self.provider = provider
+        self.accountLabel = accountLabel
+        self.token = NotificationCenter.default.addObserver(
+            forName: .codexbarWeeklyLimitReset,
+            object: nil,
+            queue: nil)
+        { [weak self] notification in
+            guard let self,
+                  let event = notification.object as? WeeklyLimitResetEvent
+            else {
+                return
+            }
+
+            let recorded = MainActor.assumeIsolated { () -> Event? in
+                guard event.provider == self.provider,
+                      event.accountLabel == self.accountLabel
+                else {
+                    return nil
+                }
+                return Event(
+                    provider: event.provider,
+                    accountLabel: event.accountLabel,
+                    usedPercent: event.usedPercent)
+            }
+            guard let recorded else { return }
+
+            self.lock.lock()
+            self.observedEvents.append(recorded)
+            self.lock.unlock()
+        }
+    }
+
+    var events: [Event] {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        return self.observedEvents
+    }
+
+    var count: Int {
+        self.lock.lock()
+        defer { self.lock.unlock() }
+        return self.observedEvents.count
+    }
+
+    func invalidate() {
+        guard let token else { return }
+        NotificationCenter.default.removeObserver(token)
+        self.token = nil
+    }
+
+    deinit {
+        self.invalidate()
+    }
+}
+
+func formattedBoundary(_ date: Date) -> String {
+    let formatter = DateFormatter()
+    formatter.locale = Locale(identifier: "en_US_POSIX")
+    formatter.timeZone = TimeZone.current
+    formatter.dateFormat = "yyyy-MM-dd HH:mm"
+    return formatter.string(from: date)
+}
diff --git a/Tests/CodexBarTests/UsageStoreSessionQuotaTransitionTests.swift b/Tests/CodexBarTests/UsageStoreSessionQuotaTransitionTests.swift
index 73af6fca3..1798b8eb4 100644
--- a/Tests/CodexBarTests/UsageStoreSessionQuotaTransitionTests.swift
+++ b/Tests/CodexBarTests/UsageStoreSessionQuotaTransitionTests.swift
@@ -1,26 +1,40 @@
-import CodexBarCore
 import Foundation
 import Testing
 @testable import CodexBar
+@testable import CodexBarCore
 
 @MainActor
-@Suite
 struct UsageStoreSessionQuotaTransitionTests {
+    private func makeSettings(suiteName: String) -> SettingsStore {
+        let defaults = UserDefaults(suiteName: suiteName)!
+        defaults.removePersistentDomain(forName: suiteName)
+        return SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suiteName),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+    }
+
     @MainActor
     final class SessionQuotaNotifierSpy: SessionQuotaNotifying {
         private(set) var posts: [(transition: SessionQuotaTransition, provider: UsageProvider)] = []
+        private(set) var quotaWarningPosts: [(
+            event: QuotaWarningEvent,
+            provider: UsageProvider,
+            soundEnabled: Bool)] = []
 
         func post(transition: SessionQuotaTransition, provider: UsageProvider, badge _: NSNumber?) {
             self.posts.append((transition: transition, provider: provider))
         }
+
+        func postQuotaWarning(event: QuotaWarningEvent, provider: UsageProvider, soundEnabled: Bool) {
+            self.quotaWarningPosts.append((event: event, provider: provider, soundEnabled: soundEnabled))
+        }
     }
 
     @Test
-    func copilotSwitchFromPrimaryToSecondaryResetsBaseline() {
-        let settings = SettingsStore(
-            configStore: testConfigStore(suiteName: "UsageStoreSessionQuotaTransitionTests-primary-secondary"),
-            zaiTokenStore: NoopZaiTokenStore(),
-            syntheticTokenStore: NoopSyntheticTokenStore())
+    func `copilot switch from primary to secondary resets baseline`() {
+        let settings = self.makeSettings(suiteName: "UsageStoreSessionQuotaTransitionTests-primary-secondary")
         settings.refreshFrequency = .manual
         settings.statusChecksEnabled = false
         settings.sessionQuotaNotificationsEnabled = true
@@ -48,11 +62,8 @@ struct UsageStoreSessionQuotaTransitionTests {
     }
 
     @Test
-    func copilotSwitchFromSecondaryToPrimaryResetsBaseline() {
-        let settings = SettingsStore(
-            configStore: testConfigStore(suiteName: "UsageStoreSessionQuotaTransitionTests-secondary-primary"),
-            zaiTokenStore: NoopZaiTokenStore(),
-            syntheticTokenStore: NoopSyntheticTokenStore())
+    func `copilot switch from secondary to primary resets baseline`() {
+        let settings = self.makeSettings(suiteName: "UsageStoreSessionQuotaTransitionTests-secondary-primary")
         settings.refreshFrequency = .manual
         settings.statusChecksEnabled = false
         settings.sessionQuotaNotificationsEnabled = true
@@ -78,4 +89,465 @@ struct UsageStoreSessionQuotaTransitionTests {
 
         #expect(notifier.posts.isEmpty)
     }
+
+    @Test
+    func `claude weekly primary fallback does not emit session quota notifications`() {
+        let settings = self.makeSettings(suiteName: "UsageStoreSessionQuotaTransitionTests-claude-weekly")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.sessionQuotaNotificationsEnabled = true
+
+        let notifier = SessionQuotaNotifierSpy()
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            sessionQuotaNotifier: notifier)
+
+        let baseline = UsageSnapshot(
+            primary: RateWindow(usedPercent: 20, windowMinutes: 7 * 24 * 60, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        store.handleSessionQuotaTransition(provider: .claude, snapshot: baseline)
+
+        let depleted = UsageSnapshot(
+            primary: RateWindow(usedPercent: 100, windowMinutes: 7 * 24 * 60, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        store.handleSessionQuotaTransition(provider: .claude, snapshot: depleted)
+
+        #expect(notifier.posts.isEmpty)
+    }
+
+    @Test
+    func `claude spend limit fallback does not emit session or quota warning notifications`() throws {
+        let settings = self.makeSettings(suiteName: "UsageStoreSessionQuotaTransitionTests-claude-spend-limit")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.sessionQuotaNotificationsEnabled = true
+        settings.quotaWarningNotificationsEnabled = true
+        settings.quotaWarningThresholds = [50, 20]
+
+        let notifier = SessionQuotaNotifierSpy()
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            sessionQuotaNotifier: notifier)
+        let json = """
+        {
+          "extra_usage": {
+            "is_enabled": true,
+            "monthly_limit": 600,
+            "used_credits": 434.43,
+            "utilization": 72,
+            "currency": "USD"
+          }
+        }
+        """
+        let claude = try ClaudeUsageFetcher._mapOAuthUsageForTesting(
+            Data(json.utf8),
+            subscriptionType: "enterprise")
+        let snapshot = ClaudeOAuthFetchStrategy._snapshotForTesting(from: claude)
+
+        store.handleSessionQuotaTransition(provider: .claude, snapshot: snapshot)
+        store.handleQuotaWarningTransitions(provider: .claude, snapshot: snapshot)
+
+        #expect(snapshot.primary == nil)
+        #expect(snapshot.providerCost?.period == "Spend limit")
+        #expect(notifier.posts.isEmpty)
+        #expect(notifier.quotaWarningPosts.isEmpty)
+    }
+
+    @Test
+    func `claude five hour primary still emits session quota notifications`() {
+        let settings = self.makeSettings(suiteName: "UsageStoreSessionQuotaTransitionTests-claude-session")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.sessionQuotaNotificationsEnabled = true
+
+        let notifier = SessionQuotaNotifierSpy()
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            sessionQuotaNotifier: notifier)
+
+        let baseline = UsageSnapshot(
+            primary: RateWindow(usedPercent: 20, windowMinutes: 5 * 60, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        store.handleSessionQuotaTransition(provider: .claude, snapshot: baseline)
+
+        let depleted = UsageSnapshot(
+            primary: RateWindow(usedPercent: 100, windowMinutes: 5 * 60, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        store.handleSessionQuotaTransition(provider: .claude, snapshot: depleted)
+
+        #expect(notifier.posts.map(\.provider) == [.claude])
+    }
+
+    @Test
+    func `quota warning disabled does not post`() {
+        let settings = self.makeSettings(suiteName: "UsageStoreSessionQuotaTransitionTests-warning-disabled")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.quotaWarningNotificationsEnabled = false
+
+        let notifier = SessionQuotaNotifierSpy()
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            sessionQuotaNotifier: notifier)
+
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 90, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: nil,
+            updatedAt: Date())
+        store.handleQuotaWarningTransitions(provider: .codex, snapshot: snapshot)
+
+        #expect(notifier.quotaWarningPosts.isEmpty)
+    }
+
+    @Test
+    func `quota warning posts once per downward threshold crossing`() {
+        let settings = self.makeSettings(suiteName: "UsageStoreSessionQuotaTransitionTests-warning-once")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.quotaWarningNotificationsEnabled = true
+        settings.quotaWarningThresholds = [50, 20]
+        settings.setQuotaWarningWindowEnabled(.session, enabled: true)
+        settings.setQuotaWarningWindowEnabled(.weekly, enabled: true)
+
+        let notifier = SessionQuotaNotifierSpy()
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            sessionQuotaNotifier: notifier)
+
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "person@example.com",
+                    accountOrganization: nil,
+                    loginMethod: nil)))
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 55, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "person@example.com",
+                    accountOrganization: nil,
+                    loginMethod: nil)))
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 60, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date(),
+                identity: ProviderIdentitySnapshot(
+                    providerID: .codex,
+                    accountEmail: "person@example.com",
+                    accountOrganization: nil,
+                    loginMethod: nil)))
+
+        #expect(notifier.quotaWarningPosts.count == 1)
+        #expect(notifier.quotaWarningPosts.first?.event.window == .session)
+        #expect(notifier.quotaWarningPosts.first?.event.threshold == 50)
+        #expect(notifier.quotaWarningPosts.first?.event.accountDisplayName == "person@example.com")
+    }
+
+    @Test
+    func `quota warning omits account when personal info is hidden`() {
+        let settings = self.makeSettings(suiteName: "UsageStoreSessionQuotaTransitionTests-warning-account-hidden")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.hidePersonalInfo = true
+        settings.quotaWarningNotificationsEnabled = true
+        settings.quotaWarningThresholds = [50]
+        settings.setQuotaWarningWindowEnabled(.session, enabled: true)
+
+        let notifier = SessionQuotaNotifierSpy()
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            sessionQuotaNotifier: notifier)
+        let identity = ProviderIdentitySnapshot(
+            providerID: .codex,
+            accountEmail: "person@example.com",
+            accountOrganization: nil,
+            loginMethod: nil)
+
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date(),
+                identity: identity))
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 55, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date(),
+                identity: identity))
+
+        #expect(notifier.quotaWarningPosts.count == 1)
+        #expect(notifier.quotaWarningPosts.first?.event.accountDisplayName == nil)
+    }
+
+    @Test
+    func `hidden quota warning markers do not disable warning notifications`() {
+        let settings = self.makeSettings(suiteName: "UsageStoreSessionQuotaTransitionTests-warning-markers-hidden")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.quotaWarningNotificationsEnabled = true
+        settings.quotaWarningMarkersVisible = false
+        settings.quotaWarningThresholds = [50, 20]
+        settings.setQuotaWarningWindowEnabled(.session, enabled: true)
+        settings.setQuotaWarningWindowEnabled(.weekly, enabled: true)
+
+        let notifier = SessionQuotaNotifierSpy()
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            sessionQuotaNotifier: notifier)
+
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date()))
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 55, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date()))
+
+        #expect(notifier.quotaWarningPosts.count == 1)
+        #expect(notifier.quotaWarningPosts.first?.event.threshold == 50)
+    }
+
+    @Test
+    func `quota warning crossing multiple thresholds posts most severe only`() {
+        let settings = self.makeSettings(suiteName: "UsageStoreSessionQuotaTransitionTests-warning-severe")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.quotaWarningNotificationsEnabled = true
+        settings.quotaWarningThresholds = [50, 20]
+        settings.setQuotaWarningWindowEnabled(.session, enabled: true)
+        settings.setQuotaWarningWindowEnabled(.weekly, enabled: true)
+
+        let notifier = SessionQuotaNotifierSpy()
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            sessionQuotaNotifier: notifier)
+
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 10, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date()))
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 85, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date()))
+
+        #expect(notifier.quotaWarningPosts.map(\.event.threshold) == [20])
+    }
+
+    @Test
+    func `quota warning recovers and can fire again`() {
+        let settings = self.makeSettings(suiteName: "UsageStoreSessionQuotaTransitionTests-warning-recover")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.quotaWarningNotificationsEnabled = true
+        settings.quotaWarningThresholds = [50]
+        settings.setQuotaWarningWindowEnabled(.session, enabled: true)
+        settings.setQuotaWarningWindowEnabled(.weekly, enabled: true)
+
+        let notifier = SessionQuotaNotifierSpy()
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            sessionQuotaNotifier: notifier)
+
+        for used in [40, 55, 10, 55] {
+            store.handleQuotaWarningTransitions(
+                provider: .codex,
+                snapshot: UsageSnapshot(
+                    primary: RateWindow(
+                        usedPercent: Double(used),
+                        windowMinutes: nil,
+                        resetsAt: nil,
+                        resetDescription: nil),
+                    secondary: nil,
+                    updatedAt: Date()))
+        }
+
+        #expect(notifier.quotaWarningPosts.map(\.event.threshold) == [50, 50])
+    }
+
+    @Test
+    func `quota warning provider override beats global thresholds`() {
+        let settings = self.makeSettings(suiteName: "UsageStoreSessionQuotaTransitionTests-warning-override")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.quotaWarningNotificationsEnabled = true
+        settings.quotaWarningThresholds = [50]
+        settings.setQuotaWarningWindowEnabled(.session, enabled: true)
+        settings.setQuotaWarningWindowEnabled(.weekly, enabled: true)
+        settings.setQuotaWarningThresholds(provider: .codex, window: .session, thresholds: [10])
+
+        let notifier = SessionQuotaNotifierSpy()
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            sessionQuotaNotifier: notifier)
+
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date()))
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 95, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date()))
+
+        #expect(notifier.quotaWarningPosts.map(\.event.threshold) == [10])
+    }
+
+    @Test
+    func `quota warning session only config ignores weekly crossings`() {
+        let settings = self.makeSettings(suiteName: "UsageStoreSessionQuotaTransitionTests-warning-session-only")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.quotaWarningNotificationsEnabled = true
+        settings.quotaWarningThresholds = [50]
+        settings.setQuotaWarningWindowEnabled(.session, enabled: true)
+        settings.setQuotaWarningWindowEnabled(.weekly, enabled: false)
+
+        let notifier = SessionQuotaNotifierSpy()
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            sessionQuotaNotifier: notifier)
+
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                updatedAt: Date()))
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 60, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: RateWindow(usedPercent: 60, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                updatedAt: Date()))
+
+        #expect(notifier.quotaWarningPosts.map(\.event.window) == [.session])
+    }
+
+    @Test
+    func `quota warning weekly only config ignores session crossings`() {
+        let settings = self.makeSettings(suiteName: "UsageStoreSessionQuotaTransitionTests-warning-weekly-only")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.quotaWarningNotificationsEnabled = true
+        settings.quotaWarningThresholds = [50]
+        settings.setQuotaWarningWindowEnabled(.session, enabled: false)
+        settings.setQuotaWarningWindowEnabled(.weekly, enabled: true)
+
+        let notifier = SessionQuotaNotifierSpy()
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            sessionQuotaNotifier: notifier)
+
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                updatedAt: Date()))
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 60, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: RateWindow(usedPercent: 60, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                updatedAt: Date()))
+
+        #expect(notifier.quotaWarningPosts.map(\.event.window) == [.weekly])
+    }
+
+    @Test
+    func `disabling quota warning window clears fired state`() {
+        let settings = self
+            .makeSettings(suiteName: "UsageStoreSessionQuotaTransitionTests-warning-disabled-clears-state")
+        settings.refreshFrequency = .manual
+        settings.statusChecksEnabled = false
+        settings.quotaWarningNotificationsEnabled = true
+        settings.quotaWarningThresholds = [50]
+
+        let notifier = SessionQuotaNotifierSpy()
+        let store = UsageStore(
+            fetcher: UsageFetcher(),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings,
+            sessionQuotaNotifier: notifier)
+
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 40, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date()))
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 60, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date()))
+
+        settings.setQuotaWarningWindowEnabled(.session, enabled: false)
+        store.handleQuotaWarningTransitions(
+            provider: .codex,
+            snapshot: UsageSnapshot(
+                primary: RateWindow(usedPercent: 60, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+                secondary: nil,
+                updatedAt: Date()))
+
+        #expect(notifier.quotaWarningPosts.count == 1)
+        #expect(store.quotaWarningState[UsageStore.QuotaWarningStateKey(provider: .codex, window: .session)] == nil)
+    }
 }
diff --git a/Tests/CodexBarTests/UsageStoreWidgetSnapshotTests.swift b/Tests/CodexBarTests/UsageStoreWidgetSnapshotTests.swift
new file mode 100644
index 000000000..dcc797800
--- /dev/null
+++ b/Tests/CodexBarTests/UsageStoreWidgetSnapshotTests.swift
@@ -0,0 +1,50 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+@MainActor
+struct UsageStoreWidgetSnapshotTests {
+    @Test
+    func `widget snapshot includes antigravity tertiary usage row`() async throws {
+        let suite = "UsageStoreWidgetSnapshotTests-antigravity-tertiary"
+        let defaults = try #require(UserDefaults(suiteName: suite))
+        defaults.removePersistentDomain(forName: suite)
+
+        let settings = SettingsStore(
+            userDefaults: defaults,
+            configStore: testConfigStore(suiteName: suite),
+            zaiTokenStore: NoopZaiTokenStore(),
+            syntheticTokenStore: NoopSyntheticTokenStore())
+        settings.statusChecksEnabled = false
+
+        let store = UsageStore(
+            fetcher: UsageFetcher(environment: [:]),
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            settings: settings)
+        let snapshot = UsageSnapshot(
+            primary: RateWindow(usedPercent: 10, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            secondary: RateWindow(usedPercent: 20, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            tertiary: RateWindow(usedPercent: 30, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
+            updatedAt: Date(),
+            identity: ProviderIdentitySnapshot(
+                providerID: .antigravity,
+                accountEmail: nil,
+                accountOrganization: nil,
+                loginMethod: "Pro"))
+
+        store._setSnapshotForTesting(snapshot, provider: .antigravity)
+
+        var widgetSnapshots: [WidgetSnapshot] = []
+        store._test_widgetSnapshotSaveOverride = { widgetSnapshots.append($0) }
+        defer { store._test_widgetSnapshotSaveOverride = nil }
+
+        store.persistWidgetSnapshot(reason: "antigravity-tertiary-test")
+        await store.widgetSnapshotPersistTask?.value
+
+        let entry = try #require(widgetSnapshots.last?.entries.first { $0.provider == .antigravity })
+        #expect(entry.usageRows?.map(\.id) == ["primary", "secondary", "tertiary"])
+        #expect(entry.usageRows?.map(\.title) == ["Claude", "Gemini Pro", "Gemini Flash"])
+        #expect(entry.usageRows?.compactMap(\.percentLeft) == [90, 80, 70])
+    }
+}
diff --git a/Tests/CodexBarTests/UserFacingLocalizationCoverageTests.swift b/Tests/CodexBarTests/UserFacingLocalizationCoverageTests.swift
new file mode 100644
index 000000000..b6545f074
--- /dev/null
+++ b/Tests/CodexBarTests/UserFacingLocalizationCoverageTests.swift
@@ -0,0 +1,112 @@
+import Foundation
+import Testing
+
+struct UserFacingLocalizationCoverageTests {
+    @Test
+    func `selected user-facing UI surfaces avoid raw English literals`() throws {
+        let root = URL(fileURLWithPath: #filePath)
+            .deletingLastPathComponent()
+            .deletingLastPathComponent()
+            .deletingLastPathComponent()
+
+        let forbiddenMarkersByFile: [String: [String]] = [
+            "Sources/CodexBar/CostHistoryChartMenuView.swift": [
+                ".value(\"Day\"",
+                ".value(\"Cost\"",
+                ".value(\"Cap start\"",
+                ".value(\"Cap end\"",
+            ],
+            "Sources/CodexBar/CreditsHistoryChartMenuView.swift": [
+                ".value(\"Day\"",
+                ".value(\"Credits used\"",
+                ".value(\"Cap start\"",
+                ".value(\"Cap end\"",
+                "Text(\"Total (30d):",
+                "\\(total) credits",
+                "\\(used) credits",
+            ],
+            "Sources/CodexBar/PlanUtilizationHistoryChartMenuView.swift": [
+                ".value(\"Series\"",
+                ".value(\"Capacity Start\"",
+                ".value(\"Capacity End\"",
+                ".value(\"Utilization Start\"",
+                ".value(\"Utilization End\"",
+            ],
+            "Sources/CodexBar/PreferencesCodexAccountsSection.swift": [
+                "?? \"No system account\"",
+                "return \"Adding Account…\"",
+                "return \"Add Account\"",
+                "return \"Re-authenticating…\"",
+                "return \"Re-auth\"",
+                "ProviderSettingsSection(title: \"Accounts\")",
+                "Text(\"Active\")",
+                "Text(\"Choose which Codex account CodexBar should follow.\")",
+                "Text(\"Account\")",
+                "Text(\"No Codex accounts detected yet.\")",
+                "Text(\"System\")",
+                "Text(\"The default Codex account on this Mac.\")",
+                "Text(\"(System)\")",
+                "Button(\"Remove\")",
+            ],
+            "Sources/CodexBar/PreferencesProviderDetailView.swift": [
+                ".help(\"Refresh\")",
+                "accessibilityLabel: \"Usage used\"",
+            ],
+            "Sources/CodexBar/PreferencesProviderErrorView.swift": [
+                ".help(\"Copy error\")",
+            ],
+            "Sources/CodexBar/PreferencesProviderSettingsRows.swift": [
+                "Text(self.title)",
+                "Text(self.toggle.title)",
+                "Text(self.toggle.subtitle)",
+                "Button(action.title)",
+                "Text(self.picker.title)",
+                "Text(option.title)",
+                "Text(trimmedTitle)",
+                "Text(trimmedSubtitle)",
+                "Text(self.descriptor.title)",
+                "Text(self.descriptor.subtitle)",
+                "Text(\"No token accounts yet.\")",
+                "Button(\"Remove\")",
+                "TextField(\"Label\"",
+                "Button(\"Add\")",
+                "TextField(\"Org ID (optional)\"",
+                ".help(\"Optional organization ID for accounts linked to multiple Anthropic organizations.\")",
+                "Button(\"Open token file\")",
+                "Button(\"Reload\")",
+                "Text(\"No organizations loaded. Click Refresh after setting your API key.\")",
+                "Button(\"Refresh organizations\")",
+            ],
+            "Sources/CodexBar/PreferencesProviderSidebarView.swift": [
+                ".help(\"Drag to reorder\")",
+                "\"Disabled —",
+                ".accessibilityLabel(\"Reorder\")",
+            ],
+            "Sources/CodexBar/StatusItemController+UsageHistoryMenu.swift": [
+                "Text(\"Subscription Utilization\")",
+            ],
+            "Sources/CodexBar/StatusItemController+CostMenuCard.swift": [
+                "static let costMenuTitle",
+            ],
+            "Sources/CodexBar/UsageBreakdownChartMenuView.swift": [
+                ".value(\"Day\"",
+                ".value(\"Credits used\"",
+                ".value(\"Service\"",
+                ".value(\"Cap start\"",
+                ".value(\"Cap end\"",
+            ],
+        ]
+
+        var violations: [String] = []
+        for (relativePath, markers) in forbiddenMarkersByFile.sorted(by: { $0.key < $1.key }) {
+            let source = try String(contentsOf: root.appendingPathComponent(relativePath), encoding: .utf8)
+            for marker in markers where source.contains(marker) {
+                violations.append("\(relativePath): \(marker)")
+            }
+        }
+
+        #expect(
+            violations.isEmpty,
+            "Raw user-facing localization markers remain:\n\(violations.joined(separator: "\n"))")
+    }
+}
diff --git a/Tests/CodexBarTests/VeniceSettingsReaderTests.swift b/Tests/CodexBarTests/VeniceSettingsReaderTests.swift
new file mode 100644
index 000000000..bc44a0645
--- /dev/null
+++ b/Tests/CodexBarTests/VeniceSettingsReaderTests.swift
@@ -0,0 +1,73 @@
+import CodexBarCore
+import Testing
+
+struct VeniceSettingsReaderTests {
+    @Test
+    func `reads VENICE_API_KEY`() {
+        let env = ["VENICE_API_KEY": "ven-abc123"]
+        #expect(VeniceSettingsReader.apiKey(environment: env) == "ven-abc123")
+    }
+
+    @Test
+    func `falls back to VENICE_KEY`() {
+        let env = ["VENICE_KEY": "ven-fallback"]
+        #expect(VeniceSettingsReader.apiKey(environment: env) == "ven-fallback")
+    }
+
+    @Test
+    func `VENICE_API_KEY takes priority over VENICE_KEY`() {
+        let env = ["VENICE_API_KEY": "ven-primary", "VENICE_KEY": "ven-secondary"]
+        #expect(VeniceSettingsReader.apiKey(environment: env) == "ven-primary")
+    }
+
+    @Test
+    func `trims whitespace`() {
+        let env = ["VENICE_API_KEY": "  ven-trimmed  "]
+        #expect(VeniceSettingsReader.apiKey(environment: env) == "ven-trimmed")
+    }
+
+    @Test
+    func `strips double quotes`() {
+        let env = ["VENICE_API_KEY": "\"ven-quoted\""]
+        #expect(VeniceSettingsReader.apiKey(environment: env) == "ven-quoted")
+    }
+
+    @Test
+    func `strips single quotes`() {
+        let env = ["VENICE_KEY": "'ven-single'"]
+        #expect(VeniceSettingsReader.apiKey(environment: env) == "ven-single")
+    }
+
+    @Test
+    func `returns nil when no key present`() {
+        #expect(VeniceSettingsReader.apiKey(environment: [:]) == nil)
+    }
+
+    @Test
+    func `returns nil for empty key`() {
+        let env = ["VENICE_API_KEY": ""]
+        #expect(VeniceSettingsReader.apiKey(environment: env) == nil)
+    }
+
+    @Test
+    func `returns nil for whitespace-only key`() {
+        let env = ["VENICE_API_KEY": "   "]
+        #expect(VeniceSettingsReader.apiKey(environment: env) == nil)
+    }
+}
+
+struct VeniceProviderTokenResolverTests {
+    @Test
+    func `resolves from environment`() {
+        let env = ["VENICE_API_KEY": "ven-resolve-test"]
+        let resolution = ProviderTokenResolver.veniceResolution(environment: env)
+        #expect(resolution?.token == "ven-resolve-test")
+        #expect(resolution?.source == .environment)
+    }
+
+    @Test
+    func `returns nil when key absent`() {
+        let resolution = ProviderTokenResolver.veniceResolution(environment: [:])
+        #expect(resolution == nil)
+    }
+}
diff --git a/Tests/CodexBarTests/VeniceUsageFetcherTests.swift b/Tests/CodexBarTests/VeniceUsageFetcherTests.swift
new file mode 100644
index 000000000..fc226997c
--- /dev/null
+++ b/Tests/CodexBarTests/VeniceUsageFetcherTests.swift
@@ -0,0 +1,297 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct VeniceUsageFetcherTests {
+    @Test
+    func `parses DIEM balance response`() throws {
+        let json = """
+        {
+          "canConsume": true,
+          "consumptionCurrency": "DIEM",
+          "balances": {
+            "diem": 90.50,
+            "usd": null
+          },
+          "diemEpochAllocation": 100.0
+        }
+        """
+        let snapshot = try VeniceUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        #expect(snapshot.canConsume == true)
+        #expect(snapshot.consumptionCurrency == "DIEM")
+        #expect(snapshot.diemBalance == 90.50)
+        #expect(snapshot.usdBalance == nil)
+        #expect(snapshot.diemEpochAllocation == 100.0)
+    }
+
+    @Test
+    func `parses USD balance response`() throws {
+        let json = """
+        {
+          "canConsume": true,
+          "consumptionCurrency": "USD",
+          "balances": {
+            "diem": null,
+            "usd": 25.75
+          },
+          "diemEpochAllocation": null
+        }
+        """
+        let snapshot = try VeniceUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        #expect(snapshot.canConsume == true)
+        #expect(snapshot.consumptionCurrency == "USD")
+        #expect(snapshot.diemBalance == nil)
+        #expect(snapshot.usdBalance == 25.75)
+        #expect(snapshot.diemEpochAllocation == nil)
+    }
+
+    @Test
+    func `parses string-encoded balances and allocation`() throws {
+        let json = """
+        {
+          "canConsume": true,
+          "consumptionCurrency": "DIEM",
+          "balances": {
+            "diem": "90.50",
+            "usd": "25.75"
+          },
+          "diemEpochAllocation": "100.0"
+        }
+        """
+        let snapshot = try VeniceUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        #expect(snapshot.diemBalance == 90.50)
+        #expect(snapshot.usdBalance == 25.75)
+        #expect(snapshot.diemEpochAllocation == 100.0)
+    }
+
+    @Test
+    func `parses both DIEM and USD present`() throws {
+        let json = """
+        {
+          "canConsume": true,
+          "consumptionCurrency": "BUNDLED_CREDITS",
+          "balances": {
+            "diem": 50.0,
+            "usd": 10.0
+          },
+          "diemEpochAllocation": 100.0
+        }
+        """
+        let snapshot = try VeniceUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        #expect(snapshot.diemBalance == 50.0)
+        #expect(snapshot.usdBalance == 10.0)
+    }
+
+    @Test
+    func `uses DIEM allocation progress for bundled credits currency`() throws {
+        let json = """
+        {
+          "canConsume": true,
+          "consumptionCurrency": "BUNDLED_CREDITS",
+          "balances": {
+            "diem": 50.0,
+            "usd": 10.0
+          },
+          "diemEpochAllocation": 100.0
+        }
+        """
+        let snapshot = try VeniceUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.resetDescription?.contains("DIEM 50.00 / 100.00") == true)
+        #expect(usage.primary?.usedPercent == 50.0)
+    }
+
+    @Test
+    func `uses USD display when consumptionCurrency is USD and both balances exist`() throws {
+        let json = """
+        {
+          "canConsume": true,
+          "consumptionCurrency": "USD",
+          "balances": {
+            "diem": 50.0,
+            "usd": 12.34
+          },
+          "diemEpochAllocation": 100.0
+        }
+        """
+        let snapshot = try VeniceUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.resetDescription == "$12.34 USD remaining")
+        #expect(usage.primary?.usedPercent == 0)
+    }
+
+    @Test
+    func `handles canConsume=false`() throws {
+        let json = """
+        {
+          "canConsume": false,
+          "consumptionCurrency": "USD",
+          "balances": {
+            "diem": null,
+            "usd": 100.0
+          },
+          "diemEpochAllocation": null
+        }
+        """
+        let snapshot = try VeniceUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.usedPercent == 100)
+        #expect(usage.primary?.resetDescription == "Balance unavailable for API calls")
+    }
+
+    @Test
+    func `displays DIEM with epoch allocation`() throws {
+        let json = """
+        {
+          "canConsume": true,
+          "consumptionCurrency": "DIEM",
+          "balances": {
+            "diem": 75.0,
+            "usd": null
+          },
+          "diemEpochAllocation": 100.0
+        }
+        """
+        let snapshot = try VeniceUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.resetDescription?.contains("DIEM 75.00 / 100.00") == true)
+        #expect(usage.primary?.usedPercent == 25.0)
+    }
+
+    @Test
+    func `displays DIEM without allocation`() throws {
+        let json = """
+        {
+          "canConsume": true,
+          "consumptionCurrency": "DIEM",
+          "balances": {
+            "diem": 50.0,
+            "usd": null
+          },
+          "diemEpochAllocation": null
+        }
+        """
+        let snapshot = try VeniceUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.resetDescription?.contains("DIEM 50.00 remaining") == true)
+        #expect(usage.primary?.usedPercent == 0)
+    }
+
+    @Test
+    func `displays USD balance`() throws {
+        let json = """
+        {
+          "canConsume": true,
+          "consumptionCurrency": "USD",
+          "balances": {
+            "diem": null,
+            "usd": 15.50
+          },
+          "diemEpochAllocation": null
+        }
+        """
+        let snapshot = try VeniceUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.resetDescription?.contains("$15.50") == true)
+        #expect(usage.primary?.usedPercent == 0)
+    }
+
+    @Test
+    func `handles zero balances`() throws {
+        let json = """
+        {
+          "canConsume": true,
+          "consumptionCurrency": "USD",
+          "balances": {
+            "diem": 0.0,
+            "usd": 0.0
+          },
+          "diemEpochAllocation": null
+        }
+        """
+        let snapshot = try VeniceUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.resetDescription == "No Venice API balance available")
+        #expect(usage.primary?.usedPercent == 100)
+    }
+
+    @Test
+    func `handles null balances with canConsume=true`() throws {
+        let json = """
+        {
+          "canConsume": true,
+          "consumptionCurrency": null,
+          "balances": {
+            "diem": null,
+            "usd": null
+          },
+          "diemEpochAllocation": null
+        }
+        """
+        let snapshot = try VeniceUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.resetDescription == "No Venice API balance available")
+        #expect(usage.primary?.usedPercent == 100)
+    }
+
+    @Test
+    func `identity uses venice provider ID`() throws {
+        let json = """
+        {
+          "canConsume": true,
+          "consumptionCurrency": "DIEM",
+          "balances": {
+            "diem": 90.0,
+            "usd": null
+          },
+          "diemEpochAllocation": 100.0
+        }
+        """
+        let snapshot = try VeniceUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.identity?.providerID == .venice)
+        #expect(usage.identity?.accountEmail == nil)
+        #expect(usage.identity?.accountOrganization == nil)
+    }
+
+    @Test
+    func `throws on malformed JSON`() {
+        let json = "[{ \"canConsume\": true }]"
+        #expect {
+            _ = try VeniceUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        } throws: { error in
+            guard case VeniceUsageError.parseFailed = error else { return false }
+            return true
+        }
+    }
+
+    @Test
+    func `throws on invalid JSON`() {
+        let json = "{ invalid json }"
+        #expect {
+            _ = try VeniceUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        } throws: { error in
+            guard case VeniceUsageError.parseFailed = error else { return false }
+            return true
+        }
+    }
+
+    @Test
+    func `clamps used percent to 0-100 range`() throws {
+        // Negative used percent should be clamped to 0
+        let json = """
+        {
+          "canConsume": true,
+          "consumptionCurrency": "DIEM",
+          "balances": {
+            "diem": 150.0,
+            "usd": null
+          },
+          "diemEpochAllocation": 100.0
+        }
+        """
+        let snapshot = try VeniceUsageFetcher._parseSnapshotForTesting(Data(json.utf8))
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.usedPercent == 0)
+    }
+}
diff --git a/Tests/CodexBarTests/VertexAIOAuthCredentialsTests.swift b/Tests/CodexBarTests/VertexAIOAuthCredentialsTests.swift
new file mode 100644
index 000000000..9527fdb3c
--- /dev/null
+++ b/Tests/CodexBarTests/VertexAIOAuthCredentialsTests.swift
@@ -0,0 +1,82 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct VertexAIOAuthCredentialsTests {
+    @Test
+    func `service account credentials from GOOGLE_APPLICATION_CREDENTIALS use gcloud token`() async throws {
+        let fileURL = try Self.writeServiceAccountCredentials()
+        defer { try? FileManager.default.removeItem(at: fileURL.deletingLastPathComponent()) }
+        let env = ["GOOGLE_APPLICATION_CREDENTIALS": fileURL.path]
+
+        #expect(VertexAIOAuthCredentialsStore.hasCredentials(environment: env))
+
+        let override: @Sendable ([String: String]) async throws -> String = { environment in
+            #expect(environment["GOOGLE_APPLICATION_CREDENTIALS"] == fileURL.path)
+            return "ya29.service-account\n"
+        }
+        let credentials = try await VertexAIOAuthCredentialsStore.$gcloudAccessTokenOverrideForTesting.withValue(
+            override)
+        {
+            try await VertexAIOAuthCredentialsStore.loadForFetch(environment: env)
+        }
+
+        #expect(credentials.accessToken == "ya29.service-account")
+        #expect(credentials.projectId == "service-project")
+        #expect(credentials.email == "codexbar@test.iam.gserviceaccount.com")
+        #expect(!credentials.needsRefresh)
+    }
+
+    @Test
+    func `user ADC credentials still parse from CLOUDSDK_CONFIG`() throws {
+        let configDir = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codexbar-vertex-\(UUID().uuidString)", isDirectory: true)
+        try FileManager.default.createDirectory(at: configDir, withIntermediateDirectories: true)
+        defer { try? FileManager.default.removeItem(at: configDir) }
+
+        let credentialsURL = configDir.appendingPathComponent("application_default_credentials.json")
+        let credentialsJSON = """
+        {
+          "client_id": "client-id",
+          "client_secret": "client-secret",
+          "refresh_token": "refresh-token"
+        }
+        """
+        try credentialsJSON.write(to: credentialsURL, atomically: true, encoding: .utf8)
+
+        let configurationsDir = configDir
+            .appendingPathComponent("configurations", isDirectory: true)
+        try FileManager.default.createDirectory(at: configurationsDir, withIntermediateDirectories: true)
+        try "project = configured-project\n".write(
+            to: configurationsDir.appendingPathComponent("config_default"),
+            atomically: true,
+            encoding: .utf8)
+
+        let env = ["CLOUDSDK_CONFIG": configDir.path]
+        let credentials = try VertexAIOAuthCredentialsStore.load(environment: env)
+
+        #expect(credentials.refreshToken == "refresh-token")
+        #expect(credentials.projectId == "configured-project")
+    }
+
+    private static func writeServiceAccountCredentials() throws -> URL {
+        let directory = FileManager.default.temporaryDirectory
+            .appendingPathComponent("codexbar-vertex-\(UUID().uuidString)", isDirectory: true)
+        try FileManager.default.createDirectory(at: directory, withIntermediateDirectories: true)
+        let fileURL = directory.appendingPathComponent("service-account.json")
+        let json = """
+        {
+          "type": "service_account",
+          "project_id": "service-project",
+          "private_key_id": "key-id",
+          "private_key": "-----BEGIN PRIVATE KEY-----\\nabc\\n-----END PRIVATE KEY-----\\n",
+          "client_email": "codexbar@test.iam.gserviceaccount.com",
+          "client_id": "1234567890",
+          "token_uri": "https://oauth2.googleapis.com/token"
+        }
+        """
+        try json.write(to: fileURL, atomically: true, encoding: .utf8)
+        return fileURL
+    }
+}
diff --git a/Tests/CodexBarTests/WarpUsageFetcherTests.swift b/Tests/CodexBarTests/WarpUsageFetcherTests.swift
index 9fb74999c..7d9bf1fc5 100644
--- a/Tests/CodexBarTests/WarpUsageFetcherTests.swift
+++ b/Tests/CodexBarTests/WarpUsageFetcherTests.swift
@@ -2,10 +2,9 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct WarpUsageFetcherTests {
     @Test
-    func parsesSnapshotAndAggregatesBonusCredits() throws {
+    func `parses snapshot and aggregates bonus credits`() throws {
         let json = """
         {
           "data": {
@@ -66,7 +65,7 @@ struct WarpUsageFetcherTests {
     }
 
     @Test
-    func graphQLErrorsThrowAPIError() {
+    func `graph QL errors throw API error`() {
         let json = """
         {
           "errors": [
@@ -84,7 +83,7 @@ struct WarpUsageFetcherTests {
     }
 
     @Test
-    func nullUnlimitedAndStringNumericsParseSafely() throws {
+    func `null unlimited and string numerics parse safely`() throws {
         let json = """
         {
           "data": {
@@ -112,7 +111,7 @@ struct WarpUsageFetcherTests {
     }
 
     @Test
-    func unexpectedTypenameReturnsParseError() {
+    func `unexpected typename returns parse error`() {
         let json = """
         {
           "data": {
@@ -132,7 +131,7 @@ struct WarpUsageFetcherTests {
     }
 
     @Test
-    func missingRequestLimitInfoReturnsParseError() {
+    func `missing request limit info returns parse error`() {
         let json = """
         {
           "data": {
@@ -153,7 +152,7 @@ struct WarpUsageFetcherTests {
     }
 
     @Test
-    func invalidRootReturnsParseError() {
+    func `invalid root returns parse error`() {
         let json = """
         [{ "data": {} }]
         """
@@ -167,7 +166,7 @@ struct WarpUsageFetcherTests {
     }
 
     @Test
-    func toUsageSnapshotOmitsSecondaryWhenNoBonusCredits() {
+    func `to usage snapshot omits secondary when no bonus credits`() {
         let source = WarpUsageSnapshot(
             requestLimit: 100,
             requestsUsed: 10,
@@ -184,7 +183,7 @@ struct WarpUsageFetcherTests {
     }
 
     @Test
-    func toUsageSnapshotKeepsBonusWindowWhenBonusExists() throws {
+    func `to usage snapshot keeps bonus window when bonus exists`() throws {
         let source = WarpUsageSnapshot(
             requestLimit: 100,
             requestsUsed: 10,
@@ -202,7 +201,7 @@ struct WarpUsageFetcherTests {
     }
 
     @Test
-    func toUsageSnapshotUnlimitedPrimaryDoesNotShowResetDate() throws {
+    func `to usage snapshot unlimited primary does not show reset date`() throws {
         let source = WarpUsageSnapshot(
             requestLimit: 0,
             requestsUsed: 0,
@@ -221,7 +220,7 @@ struct WarpUsageFetcherTests {
     }
 
     @Test
-    func apiErrorSummaryIncludesPlainTextBodies() {
+    func `api error summary includes plain text bodies`() {
         // Regression: Warp edge returns 429 with a non-JSON body ("Rate exceeded.") when User-Agent is missing/wrong.
         let summary = WarpUsageFetcher._apiErrorSummaryForTesting(
             statusCode: 429,
diff --git a/Tests/CodexBarTests/WebKitTeardownTests.swift b/Tests/CodexBarTests/WebKitTeardownTests.swift
index f824620bc..b3d4dac15 100644
--- a/Tests/CodexBarTests/WebKitTeardownTests.swift
+++ b/Tests/CodexBarTests/WebKitTeardownTests.swift
@@ -3,13 +3,12 @@ import AppKit
 import Testing
 @testable import CodexBarCore
 
-@Suite
 @MainActor
 struct WebKitTeardownTests {
     final class Owner {}
 
     @Test
-    func scheduleCleanupRegistersOwner() {
+    func `schedule cleanup registers owner`() {
         let owner = Owner()
         WebKitTeardown.resetForTesting()
         WebKitTeardown.scheduleCleanup(owner: owner, window: nil, webView: nil)
diff --git a/Tests/CodexBarTests/WidgetSnapshotTests.swift b/Tests/CodexBarTests/WidgetSnapshotTests.swift
index 6be63f89e..d431e7eb6 100644
--- a/Tests/CodexBarTests/WidgetSnapshotTests.swift
+++ b/Tests/CodexBarTests/WidgetSnapshotTests.swift
@@ -2,23 +2,29 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct WidgetSnapshotTests {
     @Test
-    func widgetSnapshotRoundTrip() throws {
+    func `widget snapshot round trip`() throws {
         let entry = WidgetSnapshot.ProviderEntry(
             provider: .codex,
             updatedAt: Date(),
             primary: RateWindow(usedPercent: 10, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
             secondary: RateWindow(usedPercent: 20, windowMinutes: nil, resetsAt: nil, resetDescription: nil),
             tertiary: nil,
+            usageRows: [
+                WidgetSnapshot.WidgetUsageRowSnapshot(id: "session", title: "Session", percentLeft: 90),
+                WidgetSnapshot.WidgetUsageRowSnapshot(id: "weekly", title: "Weekly", percentLeft: 80),
+            ],
             creditsRemaining: 123.4,
             codeReviewRemainingPercent: 80,
             tokenUsage: WidgetSnapshot.TokenUsageSummary(
                 sessionCostUSD: 12.3,
                 sessionTokens: 1200,
                 last30DaysCostUSD: 456.7,
-                last30DaysTokens: 9800),
+                last30DaysTokens: 9800,
+                currencyCode: "eur",
+                sessionLabel: "Latest billing day",
+                last30DaysLabel: "This month"),
             dailyUsage: [
                 WidgetSnapshot.DailyUsagePoint(dayKey: "2025-12-20", totalTokens: 1200, costUSD: 12.3),
             ])
@@ -39,11 +45,15 @@ struct WidgetSnapshotTests {
         #expect(decoded.entries.count == 1)
         #expect(decoded.entries.first?.provider == .codex)
         #expect(decoded.entries.first?.tokenUsage?.sessionTokens == 1200)
+        #expect(decoded.entries.first?.tokenUsage?.currencyCode == "EUR")
+        #expect(decoded.entries.first?.tokenUsage?.sessionLabel == "Latest billing day")
+        #expect(decoded.entries.first?.tokenUsage?.last30DaysLabel == "This month")
+        #expect(decoded.entries.first?.usageRows?.map(\.id) == ["session", "weekly"])
         #expect(decoded.enabledProviders == [.codex, .claude])
     }
 
     @Test
-    func widgetSnapshotRoundTripPreservesKiloProvider() throws {
+    func `widget snapshot round trip preserves kilo provider`() throws {
         let entry = WidgetSnapshot.ProviderEntry(
             provider: .kilo,
             updatedAt: Date(),
@@ -80,7 +90,7 @@ struct WidgetSnapshotTests {
     }
 
     @Test
-    func widgetSnapshotRoundTripPreservesKiloZeroTotalEdgeState() throws {
+    func `widget snapshot round trip preserves kilo zero total edge state`() throws {
         let now = Date()
         let kiloSnapshot = KiloUsageSnapshot(
             creditsUsed: 0,
@@ -121,4 +131,76 @@ struct WidgetSnapshotTests {
         #expect(decoded.entries.first?.primary?.resetDescription == "0/0 credits")
         #expect(decoded.enabledProviders == [.kilo])
     }
+
+    @Test
+    func `widget snapshot decodes legacy payload without usage rows`() throws {
+        let json = """
+        {
+          "entries": [
+            {
+              "provider": "codex",
+              "updatedAt": "2026-04-04T06:30:00Z",
+              "primary": null,
+              "secondary": {
+                "usedPercent": 25,
+                "windowMinutes": 10080,
+                "resetsAt": null,
+                "resetDescription": null
+              },
+              "tertiary": null,
+              "creditsRemaining": null,
+              "codeReviewRemainingPercent": null,
+              "tokenUsage": null,
+              "dailyUsage": []
+            }
+          ],
+          "enabledProviders": ["codex"],
+          "generatedAt": "2026-04-04T06:30:00Z"
+        }
+        """
+
+        let decoder = JSONDecoder()
+        decoder.dateDecodingStrategy = .iso8601
+        let decoded = try decoder.decode(WidgetSnapshot.self, from: Data(json.utf8))
+
+        #expect(decoded.entries.count == 1)
+        #expect(decoded.entries.first?.usageRows == nil)
+        #expect(decoded.entries.first?.secondary?.usedPercent == 25)
+    }
+
+    @Test
+    func `widget snapshot decodes legacy token usage as usd`() throws {
+        let json = """
+        {
+          "entries": [
+            {
+              "provider": "codex",
+              "updatedAt": "2026-04-04T06:30:00Z",
+              "primary": null,
+              "secondary": null,
+              "tertiary": null,
+              "creditsRemaining": null,
+              "codeReviewRemainingPercent": null,
+              "tokenUsage": {
+                "sessionCostUSD": 1.25,
+                "sessionTokens": 1200,
+                "last30DaysCostUSD": 9.50,
+                "last30DaysTokens": 4200
+              },
+              "dailyUsage": []
+            }
+          ],
+          "generatedAt": "2026-04-04T06:30:00Z"
+        }
+        """
+
+        let decoder = JSONDecoder()
+        decoder.dateDecodingStrategy = .iso8601
+        let decoded = try decoder.decode(WidgetSnapshot.self, from: Data(json.utf8))
+
+        #expect(decoded.entries.first?.tokenUsage?.currencyCode == "USD")
+        #expect(decoded.entries.first?.tokenUsage?.sessionLabel == "Today")
+        #expect(decoded.entries.first?.tokenUsage?.last30DaysLabel == "30d")
+        #expect(decoded.enabledProviders == [.codex])
+    }
 }
diff --git a/Tests/CodexBarTests/WindsurfDevinSessionImporterTests.swift b/Tests/CodexBarTests/WindsurfDevinSessionImporterTests.swift
new file mode 100644
index 000000000..6d9a6ed72
--- /dev/null
+++ b/Tests/CodexBarTests/WindsurfDevinSessionImporterTests.swift
@@ -0,0 +1,72 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct WindsurfDevinSessionImporterTests {
+    @Test
+    func `defaults to Chrome before fallback Chromium browsers`() {
+        #expect(WindsurfDevinSessionImporter.defaultPreferredBrowsers == [.chrome])
+        #expect(!WindsurfDevinSessionImporter.fallbackBrowsers.contains(.chrome))
+        #expect(WindsurfDevinSessionImporter.fallbackBrowsersExcluding([.chrome, .edge]).first == .chromeBeta)
+        #expect(!WindsurfDevinSessionImporter.fallbackBrowsersExcluding([.chrome, .edge]).contains(.edge))
+    }
+
+    @Test
+    func `decodes quoted local storage strings`() {
+        #expect(WindsurfDevinSessionImporter
+            .decodedStorageValue(#""devin-session-token$abc""#) == "devin-session-token$abc")
+        #expect(WindsurfDevinSessionImporter.decodedStorageValue("auth1_xyz") == "auth1_xyz")
+    }
+
+    @Test
+    func `builds session only when all local storage keys exist`() {
+        let storage = [
+            "devin_session_token": "devin-session-token$abc",
+            "devin_auth1_token": "auth1_xyz",
+            "devin_account_id": "account-123",
+            "devin_primary_org_id": "org-456",
+        ]
+
+        let session = WindsurfDevinSessionImporter.session(from: storage, sourceLabel: "Chrome Default")
+
+        #expect(session?.session.sessionToken == "devin-session-token$abc")
+        #expect(session?.session.auth1Token == "auth1_xyz")
+        #expect(session?.session.accountID == "account-123")
+        #expect(session?.session.primaryOrgID == "org-456")
+        #expect(session?.sourceLabel == "Chrome Default")
+    }
+
+    @Test
+    func `deduplicates repeated session tokens while preserving first source`() {
+        let sessions = [
+            WindsurfDevinSessionImporter.SessionInfo(
+                session: WindsurfDevinSessionAuth(
+                    sessionToken: "devin-session-token$abc",
+                    auth1Token: "auth1_xyz",
+                    accountID: "account-123",
+                    primaryOrgID: "org-456"),
+                sourceLabel: "Chrome Default"),
+            WindsurfDevinSessionImporter.SessionInfo(
+                session: WindsurfDevinSessionAuth(
+                    sessionToken: "devin-session-token$abc",
+                    auth1Token: "auth1_other",
+                    accountID: "account-999",
+                    primaryOrgID: "org-999"),
+                sourceLabel: "Chrome Profile 1"),
+            WindsurfDevinSessionImporter.SessionInfo(
+                session: WindsurfDevinSessionAuth(
+                    sessionToken: "devin-session-token$def",
+                    auth1Token: "auth1_def",
+                    accountID: "account-456",
+                    primaryOrgID: "org-789"),
+                sourceLabel: "Chrome Profile 2"),
+        ]
+
+        let deduplicated = WindsurfDevinSessionImporter.deduplicateSessions(sessions)
+
+        #expect(deduplicated.count == 2)
+        #expect(deduplicated[0].sourceLabel == "Chrome Default")
+        #expect(deduplicated[0].session.sessionToken == "devin-session-token$abc")
+        #expect(deduplicated[1].session.sessionToken == "devin-session-token$def")
+    }
+}
diff --git a/Tests/CodexBarTests/WindsurfProviderTests.swift b/Tests/CodexBarTests/WindsurfProviderTests.swift
new file mode 100644
index 000000000..c0b9dd54c
--- /dev/null
+++ b/Tests/CodexBarTests/WindsurfProviderTests.swift
@@ -0,0 +1,55 @@
+import Testing
+@testable import CodexBarCore
+
+struct WindsurfProviderTests {
+    private func makeContext(
+        sourceMode: ProviderSourceMode,
+        settings: ProviderSettingsSnapshot? = nil) -> ProviderFetchContext
+    {
+        let browserDetection = BrowserDetection(cacheTTL: 0)
+        return ProviderFetchContext(
+            runtime: .app,
+            sourceMode: sourceMode,
+            includeCredits: false,
+            webTimeout: 1,
+            webDebugDumpHTML: false,
+            verbose: false,
+            env: [:],
+            settings: settings,
+            fetcher: UsageFetcher(),
+            claudeFetcher: ClaudeUsageFetcher(browserDetection: browserDetection),
+            browserDetection: browserDetection)
+    }
+
+    @Test
+    func `local probe is unavailable in explicit web mode`() async {
+        let strategy = WindsurfLocalFetchStrategy()
+
+        #expect(await strategy.isAvailable(self.makeContext(sourceMode: .web)) == false)
+        #expect(await strategy.isAvailable(self.makeContext(sourceMode: .auto)))
+        #expect(await strategy.isAvailable(self.makeContext(sourceMode: .cli)))
+    }
+
+    @Test
+    func `web mode with cookies off does not fall back to local probe`() async {
+        let settings = ProviderSettingsSnapshot.make(
+            windsurf: .init(
+                usageDataSource: .web,
+                cookieSource: .off,
+                manualCookieHeader: nil))
+        let context = self.makeContext(sourceMode: .web, settings: settings)
+
+        let outcome = await WindsurfProviderDescriptor.descriptor.fetchPlan.fetchOutcome(
+            context: context,
+            provider: .windsurf)
+
+        guard case let .failure(error) = outcome.result else {
+            Issue.record("Expected web-only Windsurf fetch to fail when cookies are off")
+            return
+        }
+
+        #expect(error is ProviderFetchError)
+        #expect(outcome.attempts.map(\.strategyID) == ["windsurf.web", "windsurf.local"])
+        #expect(outcome.attempts.map(\.wasAvailable) == [false, false])
+    }
+}
diff --git a/Tests/CodexBarTests/WindsurfStatusProbeTests.swift b/Tests/CodexBarTests/WindsurfStatusProbeTests.swift
new file mode 100644
index 000000000..42524a9e7
--- /dev/null
+++ b/Tests/CodexBarTests/WindsurfStatusProbeTests.swift
@@ -0,0 +1,330 @@
+import CodexBarCore
+import Foundation
+import SQLite3
+import Testing
+
+struct WindsurfStatusProbeTests {
+    // MARK: - Helper
+
+    private static func decode(_ json: String) throws -> WindsurfCachedPlanInfo {
+        try JSONDecoder().decode(WindsurfCachedPlanInfo.self, from: Data(json.utf8))
+    }
+
+    // MARK: - JSON Decoding
+
+    @Test
+    func `decodes full plan info`() throws {
+        let info = try Self.decode("""
+        {
+          "planName": "Pro",
+          "startTimestamp": 1771610750000,
+          "endTimestamp": 1774029950000,
+          "usage": {
+            "messages": 50000,
+            "usedMessages": 35650,
+            "remainingMessages": 14350,
+            "flowActions": 150000,
+            "usedFlowActions": 0,
+            "remainingFlowActions": 150000
+          },
+          "quotaUsage": {
+            "dailyRemainingPercent": 9,
+            "weeklyRemainingPercent": 54,
+            "dailyResetAtUnix": 1774080000,
+            "weeklyResetAtUnix": 1774166400
+          }
+        }
+        """)
+
+        #expect(info.planName == "Pro")
+        #expect(info.startTimestamp == 1_771_610_750_000)
+        #expect(info.endTimestamp == 1_774_029_950_000)
+        #expect(info.usage?.messages == 50000)
+        #expect(info.usage?.usedMessages == 35650)
+        #expect(info.usage?.remainingMessages == 14350)
+        #expect(info.usage?.flowActions == 150_000)
+        #expect(info.usage?.usedFlowActions == 0)
+        #expect(info.usage?.remainingFlowActions == 150_000)
+        #expect(info.quotaUsage?.dailyRemainingPercent == 9)
+        #expect(info.quotaUsage?.weeklyRemainingPercent == 54)
+        #expect(info.quotaUsage?.dailyResetAtUnix == 1_774_080_000)
+        #expect(info.quotaUsage?.weeklyResetAtUnix == 1_774_166_400)
+    }
+
+    @Test
+    func `decodes minimal plan info`() throws {
+        let info = try Self.decode("""
+        {"planName": "Free"}
+        """)
+
+        #expect(info.planName == "Free")
+        #expect(info.usage == nil)
+        #expect(info.quotaUsage == nil)
+        #expect(info.endTimestamp == nil)
+    }
+
+    @Test
+    func `decodes empty object`() throws {
+        let info = try Self.decode("{}")
+
+        #expect(info.planName == nil)
+        #expect(info.usage == nil)
+        #expect(info.quotaUsage == nil)
+    }
+
+    // MARK: - toUsageSnapshot Conversion
+
+    @Test
+    func `converts full plan to usage snapshot`() throws {
+        let info = try Self.decode("""
+        {
+          "planName": "Pro",
+          "startTimestamp": 1771610750000,
+          "endTimestamp": 1774029950000,
+          "usage": {
+            "messages": 50000, "usedMessages": 35650, "remainingMessages": 14350,
+            "flowActions": 150000, "usedFlowActions": 0, "remainingFlowActions": 150000
+          },
+          "quotaUsage": {
+            "dailyRemainingPercent": 9, "weeklyRemainingPercent": 54,
+            "dailyResetAtUnix": 1774080000, "weeklyResetAtUnix": 1774166400
+          }
+        }
+        """)
+
+        let snapshot = info.toUsageSnapshot()
+
+        // Primary = daily: usedPercent = 100 - 9 = 91
+        #expect(snapshot.primary?.usedPercent == 91)
+        #expect(snapshot.primary?.resetsAt != nil)
+
+        // Secondary = weekly: usedPercent = 100 - 54 = 46
+        #expect(snapshot.secondary?.usedPercent == 46)
+        #expect(snapshot.secondary?.resetsAt != nil)
+
+        // Identity
+        #expect(snapshot.identity?.providerID == .windsurf)
+        #expect(snapshot.identity?.loginMethod == "Pro")
+        #expect(snapshot.identity?.accountOrganization != nil)
+    }
+
+    @Test
+    func `converts minimal plan to usage snapshot`() throws {
+        let info = try Self.decode("""
+        {"planName": "Free"}
+        """)
+
+        let snapshot = info.toUsageSnapshot()
+
+        // Without quotaUsage, primary and secondary should be nil
+        #expect(snapshot.primary == nil)
+        #expect(snapshot.secondary == nil)
+        #expect(snapshot.identity?.loginMethod == "Free")
+        #expect(snapshot.identity?.accountOrganization == nil)
+    }
+
+    @Test
+    func `converts usage counts when quota usage is absent`() throws {
+        let info = try Self.decode("""
+        {
+          "planName": "Pro",
+          "usage": {
+            "messages": 50000,
+            "usedMessages": 1200,
+            "remainingMessages": 48800,
+            "flowActions": 150000,
+            "usedFlowActions": 0,
+            "remainingFlowActions": 150000,
+            "flexCredits": 123700,
+            "usedFlexCredits": 0,
+            "remainingFlexCredits": 123700
+          }
+        }
+        """)
+
+        let snapshot = info.toUsageSnapshot()
+
+        #expect(snapshot.primary?.usedPercent == 2.4)
+        #expect(snapshot.primary?.resetDescription == "1200 / 50000 messages")
+        #expect(snapshot.secondary?.usedPercent == 0)
+        #expect(snapshot.secondary?.resetDescription == "0 / 150000 flow actions")
+    }
+
+    @Test
+    func `usage counts infer used amount from remaining`() throws {
+        let info = try Self.decode("""
+        {
+          "planName": "Pro",
+          "usage": {
+            "messages": 100,
+            "remainingMessages": 25
+          }
+        }
+        """)
+
+        let snapshot = info.toUsageSnapshot()
+
+        #expect(snapshot.primary?.usedPercent == 75)
+        #expect(snapshot.primary?.resetDescription == "75 / 100 messages")
+        #expect(snapshot.secondary == nil)
+    }
+
+    @Test
+    func `daily at zero remaining shows 100 percent used`() throws {
+        let info = try Self.decode("""
+        {
+          "planName": "Pro",
+          "quotaUsage": {"dailyRemainingPercent": 0, "weeklyRemainingPercent": 100}
+        }
+        """)
+
+        let snapshot = info.toUsageSnapshot()
+
+        #expect(snapshot.primary?.usedPercent == 100)
+        #expect(snapshot.secondary?.usedPercent == 0)
+    }
+
+    @Test
+    func `weekly at full remaining shows 0 percent used`() throws {
+        let info = try Self.decode("""
+        {
+          "planName": "Pro",
+          "quotaUsage": {"dailyRemainingPercent": 100, "weeklyRemainingPercent": 100}
+        }
+        """)
+
+        let snapshot = info.toUsageSnapshot()
+
+        #expect(snapshot.primary?.usedPercent == 0)
+        #expect(snapshot.secondary?.usedPercent == 0)
+    }
+
+    @Test
+    func `reset dates are correctly converted from unix timestamps`() throws {
+        let info = try Self.decode("""
+        {
+          "planName": "Pro",
+          "quotaUsage": {
+            "dailyRemainingPercent": 50, "weeklyRemainingPercent": 50,
+            "dailyResetAtUnix": 1774080000, "weeklyResetAtUnix": 1774166400
+          }
+        }
+        """)
+
+        let snapshot = info.toUsageSnapshot()
+
+        #expect(snapshot.primary?.resetsAt == Date(timeIntervalSince1970: 1_774_080_000))
+        #expect(snapshot.secondary?.resetsAt == Date(timeIntervalSince1970: 1_774_166_400))
+    }
+
+    @Test
+    func `end timestamp converts to expiry description`() throws {
+        let futureMs = Int64(Date().addingTimeInterval(86400 * 30).timeIntervalSince1970 * 1000)
+        let info = try Self.decode("""
+        {"planName": "Pro", "endTimestamp": \(futureMs)}
+        """)
+
+        let snapshot = info.toUsageSnapshot()
+
+        #expect(snapshot.identity?.accountOrganization?.hasPrefix("Expires ") == true)
+    }
+
+    // MARK: - Probe Database Decoding
+
+    @Test
+    func `probe decodes UTF-8 JSON blob`() throws {
+        let dbURL = try Self.makeTemporaryDatabase(
+            jsonData: Data(#"{"planName":"UTF-8 Pro"}"#.utf8))
+        defer { try? FileManager.default.removeItem(at: dbURL.deletingLastPathComponent()) }
+
+        let info = try WindsurfStatusProbe(dbPath: dbURL.path).fetch()
+
+        #expect(info.planName == "UTF-8 Pro")
+    }
+
+    @Test
+    func `probe decodes UTF-16LE JSON blob`() throws {
+        let jsonData = try #require(#"{"planName":"UTF-16 Pro"}"#.data(using: .utf16LittleEndian))
+        let dbURL = try Self.makeTemporaryDatabase(jsonData: jsonData)
+        defer { try? FileManager.default.removeItem(at: dbURL.deletingLastPathComponent()) }
+
+        let info = try WindsurfStatusProbe(dbPath: dbURL.path).fetch()
+
+        #expect(info.planName == "UTF-16 Pro")
+    }
+
+    // MARK: - Probe Error Cases
+
+    @Test
+    func `probe throws dbNotFound for missing file`() {
+        let probe = WindsurfStatusProbe(dbPath: "/nonexistent/path/state.vscdb")
+
+        #expect(throws: WindsurfStatusProbeError.self) {
+            _ = try probe.fetch()
+        }
+    }
+
+    private static func makeTemporaryDatabase(jsonData: Data) throws -> URL {
+        let directory = FileManager.default.temporaryDirectory
+            .appendingPathComponent("windsurf-status-probe-\(UUID().uuidString)", isDirectory: true)
+        try FileManager.default.createDirectory(at: directory, withIntermediateDirectories: true)
+        let dbURL = directory.appendingPathComponent("state.vscdb")
+
+        var db: OpaquePointer?
+        guard sqlite3_open(dbURL.path, &db) == SQLITE_OK else {
+            throw TestSQLiteError.openFailed(String(cString: sqlite3_errmsg(db)))
+        }
+        defer { sqlite3_close(db) }
+
+        try self.execute(
+            """
+            CREATE TABLE ItemTable(
+                key TEXT PRIMARY KEY,
+                value BLOB
+            );
+            """,
+            db: db)
+
+        var stmt: OpaquePointer?
+        guard sqlite3_prepare_v2(
+            db,
+            "INSERT INTO ItemTable(key, value) VALUES('windsurf.settings.cachedPlanInfo', ?);",
+            -1,
+            &stmt,
+            nil) == SQLITE_OK
+        else {
+            throw TestSQLiteError.prepareFailed(String(cString: sqlite3_errmsg(db)))
+        }
+        defer { sqlite3_finalize(stmt) }
+
+        let transient = unsafeBitCast(-1, to: sqlite3_destructor_type.self)
+        let bindResult = jsonData.withUnsafeBytes { buffer in
+            sqlite3_bind_blob(stmt, 1, buffer.baseAddress, Int32(jsonData.count), transient)
+        }
+        guard bindResult == SQLITE_OK else {
+            throw TestSQLiteError.bindFailed(String(cString: sqlite3_errmsg(db)))
+        }
+        guard sqlite3_step(stmt) == SQLITE_DONE else {
+            throw TestSQLiteError.stepFailed(String(cString: sqlite3_errmsg(db)))
+        }
+
+        return dbURL
+    }
+
+    private static func execute(_ sql: String, db: OpaquePointer?) throws {
+        var errorMessage: UnsafeMutablePointer<CChar>?
+        guard sqlite3_exec(db, sql, nil, nil, &errorMessage) == SQLITE_OK else {
+            defer { sqlite3_free(errorMessage) }
+            let message = errorMessage.map { String(cString: $0) } ?? "unknown error"
+            throw TestSQLiteError.execFailed(message)
+        }
+    }
+
+    private enum TestSQLiteError: Error {
+        case openFailed(String)
+        case execFailed(String)
+        case prepareFailed(String)
+        case bindFailed(String)
+        case stepFailed(String)
+    }
+}
diff --git a/Tests/CodexBarTests/WindsurfWebFetcherTests.swift b/Tests/CodexBarTests/WindsurfWebFetcherTests.swift
new file mode 100644
index 000000000..c6f3e571a
--- /dev/null
+++ b/Tests/CodexBarTests/WindsurfWebFetcherTests.swift
@@ -0,0 +1,474 @@
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+@Suite(.serialized)
+struct WindsurfWebFetcherTests {
+    private struct ResponseFixture {
+        let planName: String
+        let dailyRemaining: Int
+        let weeklyRemaining: Int
+        let planEndUnix: Int64
+        let dailyResetUnix: Int64
+        let weeklyResetUnix: Int64
+    }
+
+    private func makeSession() -> URLSession {
+        let config = URLSessionConfiguration.ephemeral
+        config.protocolClasses = [WindsurfWebFetcherStubURLProtocol.self]
+        return URLSession(configuration: config)
+    }
+
+    @Test
+    func `manual devin session sends protobuf request and auth headers`() async throws {
+        defer {
+            WindsurfWebFetcherStubURLProtocol.requests = []
+            WindsurfWebFetcherStubURLProtocol.handler = nil
+        }
+
+        WindsurfWebFetcherStubURLProtocol.requests = []
+        WindsurfWebFetcherStubURLProtocol.handler = { request in
+            let url = try #require(request.url)
+            #expect(url.host == "windsurf.com")
+            #expect(request.httpMethod == "POST")
+            #expect(request.value(forHTTPHeaderField: "Content-Type") == "application/proto")
+            #expect(request.value(forHTTPHeaderField: "Connect-Protocol-Version") == "1")
+            #expect(request.value(forHTTPHeaderField: "Origin") == "https://windsurf.com")
+            #expect(request.value(forHTTPHeaderField: "Referer") == "https://windsurf.com/profile")
+            #expect(request.value(forHTTPHeaderField: "x-auth-token") == "devin-session-token$abc")
+            #expect(request.value(forHTTPHeaderField: "x-devin-session-token") == "devin-session-token$abc")
+            #expect(request.value(forHTTPHeaderField: "x-devin-auth1-token") == "auth1_xyz")
+            #expect(request.value(forHTTPHeaderField: "x-devin-account-id") == "account-123")
+            #expect(request.value(forHTTPHeaderField: "x-devin-primary-org-id") == "org-456")
+
+            let body = try WindsurfPlanStatusProtoCodec.decodeRequest(Self.requestBodyData(from: request))
+            #expect(body.authToken == "devin-session-token$abc")
+            #expect(body.includeTopUpStatus == true)
+
+            return Self.makeResponse(
+                url: url,
+                body: Self.makePlanStatusResponse(ResponseFixture(
+                    planName: "Pro",
+                    dailyRemaining: 68,
+                    weeklyRemaining: 84,
+                    planEndUnix: 1_777_888_000,
+                    dailyResetUnix: 1_777_900_000,
+                    weeklyResetUnix: 1_778_000_000)),
+                contentType: "application/proto",
+                statusCode: 200)
+        }
+
+        let manualSession = """
+        {
+          "devin_session_token": "devin-session-token$abc",
+          "devin_auth1_token": "auth1_xyz",
+          "devin_account_id": "account-123",
+          "devin_primary_org_id": "org-456"
+        }
+        """
+
+        let snapshot = try await WindsurfWebFetcher.fetchUsage(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            cookieSource: .manual,
+            manualSessionInput: manualSession,
+            timeout: 2,
+            session: self.makeSession())
+
+        #expect(WindsurfWebFetcherStubURLProtocol.requests.count == 1)
+        #expect(snapshot.identity?.providerID == .windsurf)
+        #expect(snapshot.identity?.loginMethod == "Pro")
+        #expect(snapshot.primary?.usedPercent == 32)
+        #expect(snapshot.secondary?.usedPercent == 16)
+    }
+
+    @Test
+    func `auto session import retries next profile after auth failure`() async throws {
+        defer {
+            WindsurfDevinSessionImporter.importSessionsOverrideForTesting = nil
+            WindsurfDevinSessionImporter.importPreferredSessionsOverrideForTesting = nil
+            WindsurfDevinSessionImporter.importFallbackSessionsOverrideForTesting = nil
+            WindsurfWebFetcherStubURLProtocol.requests = []
+            WindsurfWebFetcherStubURLProtocol.handler = nil
+        }
+
+        WindsurfDevinSessionImporter.importPreferredSessionsOverrideForTesting = { _, _ in
+            [
+                WindsurfDevinSessionImporter.SessionInfo(
+                    session: WindsurfDevinSessionAuth(
+                        sessionToken: "stale-token",
+                        auth1Token: "stale-auth1",
+                        accountID: "stale-account",
+                        primaryOrgID: "stale-org"),
+                    sourceLabel: "Chrome Default"),
+                WindsurfDevinSessionImporter.SessionInfo(
+                    session: WindsurfDevinSessionAuth(
+                        sessionToken: "fresh-token",
+                        auth1Token: "fresh-auth1",
+                        accountID: "fresh-account",
+                        primaryOrgID: "fresh-org"),
+                    sourceLabel: "Chrome Profile 1"),
+            ]
+        }
+
+        WindsurfWebFetcherStubURLProtocol.requests = []
+        WindsurfWebFetcherStubURLProtocol.handler = { request in
+            let url = try #require(request.url)
+            let token = request.value(forHTTPHeaderField: "x-devin-session-token")
+
+            if token == "stale-token" {
+                return Self.makeResponse(
+                    url: url,
+                    body: Data("unauthorized".utf8),
+                    contentType: "text/plain",
+                    statusCode: 401)
+            }
+
+            #expect(token == "fresh-token")
+            return Self.makeResponse(
+                url: url,
+                body: Self.makePlanStatusResponse(ResponseFixture(
+                    planName: "Teams",
+                    dailyRemaining: 75,
+                    weeklyRemaining: 90,
+                    planEndUnix: 1_777_888_000,
+                    dailyResetUnix: 1_777_900_000,
+                    weeklyResetUnix: 1_778_000_000)),
+                contentType: "application/proto",
+                statusCode: 200)
+        }
+
+        let snapshot = try await WindsurfWebFetcher.fetchUsage(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            cookieSource: .auto,
+            timeout: 2,
+            session: self.makeSession())
+
+        #expect(WindsurfWebFetcherStubURLProtocol.requests.count == 2)
+        #expect(snapshot.identity?.loginMethod == "Teams")
+        #expect(snapshot.primary?.usedPercent == 25)
+        #expect(snapshot.secondary?.usedPercent == 10)
+    }
+
+    @Test
+    func `auto session import tries fallback browsers after preferred sessions fail`() async throws {
+        defer {
+            WindsurfDevinSessionImporter.importSessionsOverrideForTesting = nil
+            WindsurfDevinSessionImporter.importPreferredSessionsOverrideForTesting = nil
+            WindsurfDevinSessionImporter.importFallbackSessionsOverrideForTesting = nil
+            WindsurfWebFetcherStubURLProtocol.requests = []
+            WindsurfWebFetcherStubURLProtocol.handler = nil
+        }
+
+        WindsurfDevinSessionImporter.importPreferredSessionsOverrideForTesting = { _, _ in
+            [
+                WindsurfDevinSessionImporter.SessionInfo(
+                    session: WindsurfDevinSessionAuth(
+                        sessionToken: "stale-chrome-token",
+                        auth1Token: "stale-auth1",
+                        accountID: "stale-account",
+                        primaryOrgID: "stale-org"),
+                    sourceLabel: "Chrome Default"),
+            ]
+        }
+        WindsurfDevinSessionImporter.importFallbackSessionsOverrideForTesting = { _, _ in
+            [
+                WindsurfDevinSessionImporter.SessionInfo(
+                    session: WindsurfDevinSessionAuth(
+                        sessionToken: "fresh-edge-token",
+                        auth1Token: "fresh-auth1",
+                        accountID: "fresh-account",
+                        primaryOrgID: "fresh-org"),
+                    sourceLabel: "Microsoft Edge Default"),
+            ]
+        }
+
+        WindsurfWebFetcherStubURLProtocol.requests = []
+        WindsurfWebFetcherStubURLProtocol.handler = { request in
+            let url = try #require(request.url)
+            let token = request.value(forHTTPHeaderField: "x-devin-session-token")
+
+            if token == "stale-chrome-token" {
+                return Self.makeResponse(
+                    url: url,
+                    body: Data("unauthorized".utf8),
+                    contentType: "text/plain",
+                    statusCode: 401)
+            }
+
+            #expect(token == "fresh-edge-token")
+            return Self.makeResponse(
+                url: url,
+                body: Self.makePlanStatusResponse(ResponseFixture(
+                    planName: "Teams",
+                    dailyRemaining: 64,
+                    weeklyRemaining: 80,
+                    planEndUnix: 1_777_888_000,
+                    dailyResetUnix: 1_777_900_000,
+                    weeklyResetUnix: 1_778_000_000)),
+                contentType: "application/proto",
+                statusCode: 200)
+        }
+
+        let snapshot = try await WindsurfWebFetcher.fetchUsage(
+            browserDetection: BrowserDetection(cacheTTL: 0),
+            cookieSource: .auto,
+            timeout: 2,
+            session: self.makeSession())
+
+        #expect(WindsurfWebFetcherStubURLProtocol.requests.count == 2)
+        #expect(snapshot.identity?.loginMethod == "Teams")
+        #expect(snapshot.primary?.usedPercent == 36)
+        #expect(snapshot.secondary?.usedPercent == 20)
+    }
+
+    @Test
+    func `manual mode with empty session does not fall back to imported session`() async {
+        defer {
+            WindsurfDevinSessionImporter.importSessionsOverrideForTesting = nil
+            WindsurfDevinSessionImporter.importPreferredSessionsOverrideForTesting = nil
+            WindsurfDevinSessionImporter.importFallbackSessionsOverrideForTesting = nil
+            WindsurfWebFetcherStubURLProtocol.requests = []
+            WindsurfWebFetcherStubURLProtocol.handler = nil
+        }
+
+        WindsurfDevinSessionImporter.importSessionsOverrideForTesting = { _, _ in
+            [
+                WindsurfDevinSessionImporter.SessionInfo(
+                    session: WindsurfDevinSessionAuth(
+                        sessionToken: "auto-token",
+                        auth1Token: "auto-auth1",
+                        accountID: "auto-account",
+                        primaryOrgID: "auto-org"),
+                    sourceLabel: "Chrome Default"),
+            ]
+        }
+        WindsurfWebFetcherStubURLProtocol.requests = []
+
+        await #expect {
+            _ = try await WindsurfWebFetcher.fetchUsage(
+                browserDetection: BrowserDetection(cacheTTL: 0),
+                cookieSource: .manual,
+                manualSessionInput: "   \n",
+                timeout: 2,
+                session: self.makeSession())
+        } throws: { error in
+            guard case let WindsurfWebFetcherError.invalidManualSession(message) = error else { return false }
+            return message == "empty input"
+        }
+        #expect(WindsurfWebFetcherStubURLProtocol.requests.isEmpty)
+    }
+
+    @Test
+    func `manual key value session input is accepted`() throws {
+        let parsed = try WindsurfWebFetcher.parseManualSessionInput(
+            """
+            devin_session_token=devin-session-token$abc
+            devin_auth1_token=auth1_xyz
+            devin_account_id=account-123
+            devin_primary_org_id=org-456
+            """)
+
+        #expect(parsed.sessionToken == "devin-session-token$abc")
+        #expect(parsed.auth1Token == "auth1_xyz")
+        #expect(parsed.accountID == "account-123")
+        #expect(parsed.primaryOrgID == "org-456")
+    }
+
+    @Test
+    func `manual JSON camelCase aliases are accepted`() throws {
+        let parsed = try WindsurfWebFetcher.parseManualSessionInput(
+            """
+            {
+              "devinSessionToken": "devin-session-token$abc",
+              "devinAuth1Token": "auth1_xyz",
+              "devinAccountId": "account-123",
+              "devinPrimaryOrgId": "org-456"
+            }
+            """)
+
+        #expect(parsed.sessionToken == "devin-session-token$abc")
+        #expect(parsed.auth1Token == "auth1_xyz")
+        #expect(parsed.accountID == "account-123")
+        #expect(parsed.primaryOrgID == "org-456")
+    }
+
+    @Test
+    func `manual session input rejects empty string`() {
+        #expect {
+            try WindsurfWebFetcher.parseManualSessionInput("   \n")
+        } throws: { error in
+            guard case let WindsurfWebFetcherError.invalidManualSession(message) = error else { return false }
+            return message == "empty input"
+        }
+    }
+
+    @Test
+    func `manual session input rejects invalid text`() {
+        #expect {
+            try WindsurfWebFetcher.parseManualSessionInput("not a valid session bundle")
+        } throws: { error in
+            guard case let WindsurfWebFetcherError.invalidManualSession(message) = error else { return false }
+            return message.contains("expected JSON")
+        }
+    }
+
+    @Test
+    func `manual session input rejects missing required fields`() {
+        #expect {
+            try WindsurfWebFetcher.parseManualSessionInput(
+                """
+                {
+                  "devin_session_token": "devin-session-token$abc",
+                  "devin_auth1_token": "auth1_xyz",
+                  "devin_account_id": "account-123"
+                }
+                """)
+        } throws: { error in
+            guard case let WindsurfWebFetcherError.invalidManualSession(message) = error else { return false }
+            return message.contains("expected JSON")
+        }
+    }
+
+    private static func makeResponse(
+        url: URL,
+        body: Data,
+        contentType: String,
+        statusCode: Int) -> (HTTPURLResponse, Data)
+    {
+        let response = HTTPURLResponse(
+            url: url,
+            statusCode: statusCode,
+            httpVersion: "HTTP/1.1",
+            headerFields: ["Content-Type": contentType])!
+        return (response, body)
+    }
+
+    private static func requestBodyData(from request: URLRequest) -> Data {
+        if let data = request.httpBody {
+            return data
+        }
+
+        guard let stream = request.httpBodyStream else {
+            return Data()
+        }
+
+        stream.open()
+        defer { stream.close() }
+
+        var data = Data()
+        let bufferSize = 4096
+        let buffer = UnsafeMutablePointer<UInt8>.allocate(capacity: bufferSize)
+        defer { buffer.deallocate() }
+
+        while stream.hasBytesAvailable {
+            let count = stream.read(buffer, maxLength: bufferSize)
+            if count <= 0 {
+                break
+            }
+            data.append(buffer, count: count)
+        }
+
+        return data
+    }
+
+    private static func makePlanStatusResponse(_ fixture: ResponseFixture) -> Data {
+        let planInfo = self.message([
+            self.stringField(2, fixture.planName),
+        ])
+
+        let planStatus = self.message([
+            self.messageField(1, planInfo),
+            self.messageField(3, self.timestamp(seconds: fixture.planEndUnix)),
+            self.varintField(14, UInt64(fixture.dailyRemaining)),
+            self.varintField(15, UInt64(fixture.weeklyRemaining)),
+            self.varintField(17, UInt64(fixture.dailyResetUnix)),
+            self.varintField(18, UInt64(fixture.weeklyResetUnix)),
+        ])
+
+        return self.message([
+            self.messageField(1, planStatus),
+        ])
+    }
+
+    private static func timestamp(seconds: Int64) -> Data {
+        self.message([
+            self.varintField(1, UInt64(seconds)),
+        ])
+    }
+
+    private static func message(_ fields: [Data]) -> Data {
+        fields.reduce(into: Data()) { partialResult, field in
+            partialResult.append(field)
+        }
+    }
+
+    private static func stringField(_ number: Int, _ value: String) -> Data {
+        self.lengthDelimitedField(number, Data(value.utf8))
+    }
+
+    private static func messageField(_ number: Int, _ value: Data) -> Data {
+        self.lengthDelimitedField(number, value)
+    }
+
+    private static func lengthDelimitedField(_ number: Int, _ value: Data) -> Data {
+        var data = Data()
+        data.append(self.fieldKey(number, wireType: 2))
+        data.append(self.varint(UInt64(value.count)))
+        data.append(value)
+        return data
+    }
+
+    private static func varintField(_ number: Int, _ value: UInt64) -> Data {
+        var data = Data()
+        data.append(self.fieldKey(number, wireType: 0))
+        data.append(self.varint(value))
+        return data
+    }
+
+    private static func fieldKey(_ number: Int, wireType: UInt64) -> Data {
+        self.varint(UInt64((number << 3) | Int(wireType)))
+    }
+
+    private static func varint(_ value: UInt64) -> Data {
+        var remaining = value
+        var data = Data()
+        while remaining >= 0x80 {
+            data.append(UInt8((remaining & 0x7F) | 0x80))
+            remaining >>= 7
+        }
+        data.append(UInt8(remaining))
+        return data
+    }
+}
+
+final class WindsurfWebFetcherStubURLProtocol: URLProtocol {
+    nonisolated(unsafe) static var requests: [URLRequest] = []
+    nonisolated(unsafe) static var handler: (@Sendable (URLRequest) throws -> (HTTPURLResponse, Data))?
+
+    override static func canInit(with _: URLRequest) -> Bool {
+        true
+    }
+
+    override static func canonicalRequest(for request: URLRequest) -> URLRequest {
+        request
+    }
+
+    override func startLoading() {
+        Self.requests.append(self.request)
+        guard let handler = Self.handler else {
+            self.client?.urlProtocol(self, didFailWithError: URLError(.badServerResponse))
+            return
+        }
+
+        do {
+            let (response, data) = try handler(self.request)
+            self.client?.urlProtocol(self, didReceive: response, cacheStoragePolicy: .notAllowed)
+            self.client?.urlProtocol(self, didLoad: data)
+            self.client?.urlProtocolDidFinishLoading(self)
+        } catch {
+            self.client?.urlProtocol(self, didFailWithError: error)
+        }
+    }
+
+    override func stopLoading() {}
+}
diff --git a/Tests/CodexBarTests/ZaiAvailabilityTests.swift b/Tests/CodexBarTests/ZaiAvailabilityTests.swift
index 6ce229589..408317121 100644
--- a/Tests/CodexBarTests/ZaiAvailabilityTests.swift
+++ b/Tests/CodexBarTests/ZaiAvailabilityTests.swift
@@ -4,10 +4,9 @@ import Testing
 @testable import CodexBar
 
 @MainActor
-@Suite
 struct ZaiAvailabilityTests {
     @Test
-    func enablesZaiWhenTokenExistsInStore() throws {
+    func `enables zai when token exists in store`() throws {
         let suite = "ZaiAvailabilityTests-token"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
@@ -31,7 +30,7 @@ struct ZaiAvailabilityTests {
     }
 
     @Test
-    func enablesZaiWhenTokenExistsInTokenAccounts() throws {
+    func `enables zai when token exists in token accounts`() throws {
         let suite = "ZaiAvailabilityTests-token-accounts"
         let defaults = try #require(UserDefaults(suiteName: suite))
         defaults.removePersistentDomain(forName: suite)
diff --git a/Tests/CodexBarTests/ZaiMenuCardTests.swift b/Tests/CodexBarTests/ZaiMenuCardTests.swift
new file mode 100644
index 000000000..4433fdf9f
--- /dev/null
+++ b/Tests/CodexBarTests/ZaiMenuCardTests.swift
@@ -0,0 +1,70 @@
+import CodexBarCore
+import Foundation
+import Testing
+@testable import CodexBar
+
+struct ZaiMenuCardTests {
+    @Test
+    func `zai metrics titles are Tokens MCP and 5-hour when session token limit present`() throws {
+        let now = Date()
+        let zai = ZaiUsageSnapshot(
+            tokenLimit: ZaiLimitEntry(
+                type: .tokensLimit,
+                unit: .weeks,
+                number: 1,
+                usage: nil,
+                currentValue: nil,
+                remaining: nil,
+                percentage: 9,
+                usageDetails: [],
+                nextResetTime: nil),
+            sessionTokenLimit: ZaiLimitEntry(
+                type: .tokensLimit,
+                unit: .hours,
+                number: 5,
+                usage: 1000,
+                currentValue: 750,
+                remaining: 250,
+                percentage: 25,
+                usageDetails: [],
+                nextResetTime: nil),
+            timeLimit: ZaiLimitEntry(
+                type: .timeLimit,
+                unit: .minutes,
+                number: 1,
+                usage: 100,
+                currentValue: 50,
+                remaining: 50,
+                percentage: 50,
+                usageDetails: [],
+                nextResetTime: nil),
+            planName: "pro",
+            updatedAt: now)
+        let snapshot = zai.toUsageSnapshot()
+        let metadata = try #require(ProviderDefaults.metadata[.zai])
+
+        let model = UsageMenuCardView.Model.make(.init(
+            provider: .zai,
+            metadata: metadata,
+            snapshot: snapshot,
+            credits: nil,
+            creditsError: nil,
+            dashboard: nil,
+            dashboardError: nil,
+            tokenSnapshot: nil,
+            tokenError: nil,
+            account: AccountInfo(email: nil, plan: nil),
+            isRefreshing: false,
+            lastError: nil,
+            usageBarsShowUsed: false,
+            resetTimeDisplayStyle: .countdown,
+            tokenCostUsageEnabled: false,
+            showOptionalCreditsAndExtraUsage: true,
+            hidePersonalInfo: false,
+            now: now))
+
+        #expect(model.metrics.map(\.title) == ["Tokens", "MCP", "5-hour"])
+        let tertiary = try #require(model.metrics.first(where: { $0.title == "5-hour" }))
+        #expect(tertiary.detailText == "750 / 1K (250 remaining)")
+    }
+}
diff --git a/Tests/CodexBarTests/ZaiProviderTests.swift b/Tests/CodexBarTests/ZaiProviderTests.swift
index c4184396a..64c1bdbfa 100644
--- a/Tests/CodexBarTests/ZaiProviderTests.swift
+++ b/Tests/CodexBarTests/ZaiProviderTests.swift
@@ -2,38 +2,36 @@ import Foundation
 import Testing
 @testable import CodexBarCore
 
-@Suite
 struct ZaiSettingsReaderTests {
     @Test
-    func apiTokenReadsFromEnvironment() {
+    func `api token reads from environment`() {
         let token = ZaiSettingsReader.apiToken(environment: ["Z_AI_API_KEY": "abc123"])
         #expect(token == "abc123")
     }
 
     @Test
-    func apiTokenStripsQuotes() {
+    func `api token strips quotes`() {
         let token = ZaiSettingsReader.apiToken(environment: ["Z_AI_API_KEY": "\"token-xyz\""])
         #expect(token == "token-xyz")
     }
 
     @Test
-    func apiHostReadsFromEnvironment() {
+    func `api host reads from environment`() {
         let host = ZaiSettingsReader.apiHost(environment: [ZaiSettingsReader.apiHostKey: " open.bigmodel.cn "])
         #expect(host == "open.bigmodel.cn")
     }
 
     @Test
-    func quotaURLInfersScheme() {
+    func `quota URL infers scheme`() {
         let url = ZaiSettingsReader
             .quotaURL(environment: [ZaiSettingsReader.quotaURLKey: "open.bigmodel.cn/api/coding"])
         #expect(url?.absoluteString == "https://open.bigmodel.cn/api/coding")
     }
 }
 
-@Suite
 struct ZaiUsageSnapshotTests {
     @Test
-    func mapsUsageSnapshotWindows() {
+    func `maps usage snapshot windows`() {
         let reset = Date(timeIntervalSince1970: 123)
         let tokenLimit = ZaiLimitEntry(
             type: .tokensLimit,
@@ -69,11 +67,13 @@ struct ZaiUsageSnapshotTests {
         #expect(usage.primary?.resetDescription == "5 hours window")
         #expect(usage.secondary?.usedPercent == 20)
         #expect(usage.secondary?.resetDescription == "30 days window")
+        #expect(usage.tertiary == nil)
         #expect(usage.zaiUsage?.tokenLimit?.usage == 100)
+        #expect(usage.zaiUsage?.sessionTokenLimit == nil)
     }
 
     @Test
-    func mapsUsageSnapshotWindowsWithMissingFields() {
+    func `maps usage snapshot windows with missing fields`() {
         let reset = Date(timeIntervalSince1970: 123)
         let tokenLimit = ZaiLimitEntry(
             type: .tokensLimit,
@@ -101,7 +101,7 @@ struct ZaiUsageSnapshotTests {
     }
 
     @Test
-    func mapsUsageSnapshotWindowsWithMissingRemainingUsesCurrentValue() {
+    func `maps usage snapshot windows with missing remaining uses current value`() {
         let reset = Date(timeIntervalSince1970: 123)
         let tokenLimit = ZaiLimitEntry(
             type: .tokensLimit,
@@ -125,7 +125,7 @@ struct ZaiUsageSnapshotTests {
     }
 
     @Test
-    func mapsUsageSnapshotWindowsWithMissingCurrentValueUsesRemaining() {
+    func `maps usage snapshot windows with missing current value uses remaining`() {
         let reset = Date(timeIntervalSince1970: 123)
         let tokenLimit = ZaiLimitEntry(
             type: .tokensLimit,
@@ -149,7 +149,7 @@ struct ZaiUsageSnapshotTests {
     }
 
     @Test
-    func mapsUsageSnapshotWindowsWithMissingRemainingAndCurrentValueFallsBackToPercentage() {
+    func `maps usage snapshot windows with missing remaining and current value falls back to percentage`() {
         let reset = Date(timeIntervalSince1970: 123)
         let tokenLimit = ZaiLimitEntry(
             type: .tokensLimit,
@@ -173,10 +173,9 @@ struct ZaiUsageSnapshotTests {
     }
 }
 
-@Suite
 struct ZaiUsageParsingTests {
     @Test
-    func emptyBodyReturnsParseFailed() {
+    func `empty body returns parse failed`() {
         #expect {
             _ = try ZaiUsageFetcher.parseUsageSnapshot(from: Data())
         } throws: { error in
@@ -186,7 +185,7 @@ struct ZaiUsageParsingTests {
     }
 
     @Test
-    func parsesUsageResponse() throws {
+    func `parses usage response`() throws {
         let json = """
         {
           "code": 200,
@@ -228,10 +227,53 @@ struct ZaiUsageParsingTests {
         #expect(snapshot.tokenLimit?.usage == 40_000_000)
         #expect(snapshot.timeLimit?.usageDetails.first?.modelCode == "search-prime")
         #expect(snapshot.tokenLimit?.percentage == 34.0)
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.secondary?.windowMinutes == nil)
+        #expect(usage.secondary?.resetDescription == "Monthly")
+    }
+
+    @Test
+    func `zai mcp time limit displays monthly instead of one minute window`() throws {
+        let json = """
+        {
+          "code": 200,
+          "msg": "Operation successful",
+          "data": {
+            "limits": [
+              {
+                "type": "TIME_LIMIT",
+                "unit": 5,
+                "number": 1,
+                "usage": 100,
+                "currentValue": 50,
+                "remaining": 50,
+                "percentage": 50,
+                "usageDetails": []
+              },
+              {
+                "type": "TOKENS_LIMIT",
+                "unit": 3,
+                "number": 5,
+                "percentage": 34,
+                "nextResetTime": 1768507567547
+              }
+            ]
+          },
+          "success": true
+        }
+        """
+
+        let snapshot = try ZaiUsageFetcher.parseUsageSnapshot(from: Data(json.utf8))
+        let usage = snapshot.toUsageSnapshot()
+
+        #expect(snapshot.timeLimit?.windowDescription == "1 minute")
+        #expect(usage.secondary?.windowMinutes == nil)
+        #expect(usage.secondary?.resetDescription == "Monthly")
     }
 
     @Test
-    func missingDataReturnsApiError() {
+    func `missing data returns api error`() {
         let json = """
         { "code": 1001, "msg": "Authorization Token Missing", "success": false }
         """
@@ -245,7 +287,7 @@ struct ZaiUsageParsingTests {
     }
 
     @Test
-    func successWithoutDataReturnsParseFailed() {
+    func `success without data returns parse failed`() {
         let json = """
         { "code": 200, "msg": "Operation successful", "success": true }
         """
@@ -259,7 +301,7 @@ struct ZaiUsageParsingTests {
     }
 
     @Test
-    func successWithoutLimitsParsesEmptyUsage() throws {
+    func `success without limits parses empty usage`() throws {
         let json = """
         {
           "code": 200,
@@ -277,7 +319,7 @@ struct ZaiUsageParsingTests {
     }
 
     @Test
-    func parsesNewSchemaWithMissingTokenLimitFields() throws {
+    func `parses new schema with missing token limit fields`() throws {
         let json = """
         {
           "code": 200,
@@ -323,29 +365,248 @@ struct ZaiUsageParsingTests {
     }
 }
 
-@Suite
+struct ZaiHourlyUsageTests {
+    @Test
+    func `model usage parser decodes hourly model payload`() throws {
+        let json = """
+        {
+          "code": 200,
+          "msg": "success",
+          "success": true,
+          "data": {
+            "x_time": ["2026-05-14 08:00", "2026-05-14 09:00"],
+            "modelDataList": [
+              { "modelName": "glm-4.6", "tokensUsage": [100, null] },
+              { "modelName": "glm-4.5", "tokensUsage": [50, 25] }
+            ]
+          }
+        }
+        """
+
+        let usage = try ZaiUsageFetcher.parseModelUsage(from: Data(json.utf8))
+
+        #expect(usage.xTime == ["2026-05-14 08:00", "2026-05-14 09:00"])
+        #expect(usage.modelNames == ["glm-4.6", "glm-4.5"])
+        #expect(usage.modelDataList[0].tokensUsage == [100, nil])
+        #expect(usage.modelDataList[1].tokensUsage == [50, 25])
+    }
+
+    @Test
+    func `today hourly bars filter earlier days and skip empty hours`() {
+        let reference = Self.localDate(year: 2026, month: 5, day: 14, hour: 12)
+        let yesterday = Calendar.current.date(byAdding: .day, value: -1, to: reference) ?? reference
+        let modelData = ZaiModelUsageData(
+            xTime: [
+                Self.hourString(yesterday),
+                "2026-05-14 08:00",
+                "2026-05-14 09:00",
+            ],
+            modelDataList: [
+                ZaiModelDataItem(modelName: "glm-4.6", tokensUsage: [999, 100, 0]),
+                ZaiModelDataItem(modelName: "glm-4.5", tokensUsage: [0, 50, nil]),
+            ])
+
+        let bars = ZaiHourlyBars.from(modelData: modelData, range: .today(referenceDate: reference), now: reference)
+
+        #expect(bars.map(\.label) == ["08"])
+        #expect(bars.first?.totalTokens == 150)
+        #expect(bars.first?.segments.count == 2)
+    }
+
+    @Test
+    func `last 24 hour bars filter data outside trailing window`() {
+        let reference = Self.localDate(year: 2026, month: 5, day: 14, hour: 12)
+        let old = Calendar.current.date(byAdding: .hour, value: -25, to: reference) ?? reference
+        let inWindow = Calendar.current.date(byAdding: .hour, value: -23, to: reference) ?? reference
+        let modelData = ZaiModelUsageData(
+            xTime: [
+                Self.hourString(old),
+                Self.hourString(inWindow),
+                Self.hourString(reference),
+            ],
+            modelDataList: [
+                ZaiModelDataItem(modelName: "glm-4.6", tokensUsage: [10, 20, 30]),
+            ])
+
+        let bars = ZaiHourlyBars.from(modelData: modelData, range: .last24h, now: reference)
+
+        #expect(bars.map(\.label) == [Self.hourLabel(inWindow), Self.hourLabel(reference)])
+        #expect(bars.map(\.totalTokens) == [20, 30])
+    }
+
+    private static func localDate(year: Int, month: Int, day: Int, hour: Int) -> Date {
+        Calendar.current.date(from: DateComponents(year: year, month: month, day: day, hour: hour)) ?? Date()
+    }
+
+    private static func hourString(_ date: Date) -> String {
+        let formatter = DateFormatter()
+        formatter.dateFormat = "yyyy-MM-dd HH:mm"
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        return formatter.string(from: date)
+    }
+
+    private static func hourLabel(_ date: Date) -> String {
+        let formatter = DateFormatter()
+        formatter.dateFormat = "HH"
+        formatter.locale = Locale(identifier: "en_US_POSIX")
+        return formatter.string(from: date)
+    }
+}
+
+struct ZaiThreeLimitTests {
+    @Test
+    func `parses three limit entries into session weekly and mcp slots`() throws {
+        let json = """
+        {
+          "code": 200,
+          "msg": "操作成功",
+          "data": {
+            "limits": [
+              {
+                "type": "TOKENS_LIMIT",
+                "unit": 3,
+                "number": 5,
+                "percentage": 25,
+                "nextResetTime": 1775020168897
+              },
+              {
+                "type": "TOKENS_LIMIT",
+                "unit": 6,
+                "number": 1,
+                "percentage": 9,
+                "nextResetTime": 1775588029998
+              },
+              {
+                "type": "TIME_LIMIT",
+                "unit": 5,
+                "number": 1,
+                "usage": 1000,
+                "currentValue": 224,
+                "remaining": 776,
+                "percentage": 22,
+                "nextResetTime": 1777575229998,
+                "usageDetails": [
+                  { "modelCode": "search-prime", "usage": 210 },
+                  { "modelCode": "web-reader", "usage": 14 }
+                ]
+              }
+            ],
+            "level": "pro"
+          },
+          "success": true
+        }
+        """
+
+        let snapshot = try ZaiUsageFetcher.parseUsageSnapshot(from: Data(json.utf8))
+
+        // Weekly token limit (unit:6=weeks, longer window) → tokenLimit (primary)
+        #expect(snapshot.tokenLimit?.unit == .weeks)
+        #expect(snapshot.tokenLimit?.number == 1)
+        #expect(snapshot.tokenLimit?.percentage == 9.0)
+        #expect(snapshot.tokenLimit?.windowMinutes == 10080)
+
+        // 5-hour token limit (unit:3=hours, number:5 → 300 min) → sessionTokenLimit (tertiary)
+        #expect(snapshot.sessionTokenLimit?.unit == .hours)
+        #expect(snapshot.sessionTokenLimit?.number == 5)
+        #expect(snapshot.sessionTokenLimit?.percentage == 25.0)
+        #expect(snapshot.sessionTokenLimit?.windowMinutes == 300)
+
+        // MCP time limit → timeLimit (secondary)
+        #expect(snapshot.timeLimit?.usage == 1000)
+        #expect(snapshot.timeLimit?.usageDetails.first?.modelCode == "search-prime")
+
+        // UsageSnapshot slot mapping
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary?.usedPercent == 9.0)
+        #expect(usage.primary?.windowMinutes == 10080)
+        #expect(usage.secondary != nil) // MCP
+        #expect(usage.tertiary?.usedPercent == 25.0)
+        #expect(usage.tertiary?.windowMinutes == 300)
+    }
+
+    @Test
+    func `unit 6 maps to weeks with correct window minutes`() {
+        let entry = ZaiLimitEntry(
+            type: .tokensLimit,
+            unit: .weeks,
+            number: 1,
+            usage: nil,
+            currentValue: nil,
+            remaining: nil,
+            percentage: 9,
+            usageDetails: [],
+            nextResetTime: nil)
+        #expect(entry.windowMinutes == 10080)
+        #expect(entry.windowDescription == "1 week")
+        #expect(entry.windowLabel == "1 week window")
+    }
+
+    @Test
+    func `two limit entries remain backward compatible`() throws {
+        let json = """
+        {
+          "code": 200,
+          "msg": "Operation successful",
+          "data": {
+            "limits": [
+              {
+                "type": "TIME_LIMIT",
+                "unit": 5,
+                "number": 1,
+                "usage": 100,
+                "currentValue": 50,
+                "remaining": 50,
+                "percentage": 50,
+                "usageDetails": []
+              },
+              {
+                "type": "TOKENS_LIMIT",
+                "unit": 3,
+                "number": 5,
+                "percentage": 34,
+                "nextResetTime": 1768507567547
+              }
+            ]
+          },
+          "success": true
+        }
+        """
+
+        let snapshot = try ZaiUsageFetcher.parseUsageSnapshot(from: Data(json.utf8))
+
+        #expect(snapshot.tokenLimit != nil)
+        #expect(snapshot.sessionTokenLimit == nil)
+        #expect(snapshot.timeLimit != nil)
+
+        let usage = snapshot.toUsageSnapshot()
+        #expect(usage.primary != nil)
+        #expect(usage.secondary != nil)
+        #expect(usage.tertiary == nil)
+    }
+}
+
 struct ZaiAPIRegionTests {
     @Test
-    func defaultsToGlobalEndpoint() {
+    func `defaults to global endpoint`() {
         let url = ZaiUsageFetcher.resolveQuotaURL(region: .global, environment: [:])
         #expect(url.absoluteString == "https://api.z.ai/api/monitor/usage/quota/limit")
     }
 
     @Test
-    func usesBigModelRegionWhenSelected() {
+    func `uses big model region when selected`() {
         let url = ZaiUsageFetcher.resolveQuotaURL(region: .bigmodelCN, environment: [:])
         #expect(url.absoluteString == "https://open.bigmodel.cn/api/monitor/usage/quota/limit")
     }
 
     @Test
-    func quotaUrlEnvironmentOverrideWins() {
+    func `quota url environment override wins`() {
         let env = [ZaiSettingsReader.quotaURLKey: "https://open.bigmodel.cn/api/coding/paas/v4"]
         let url = ZaiUsageFetcher.resolveQuotaURL(region: .global, environment: env)
         #expect(url.absoluteString == "https://open.bigmodel.cn/api/coding/paas/v4")
     }
 
     @Test
-    func apiHostEnvironmentAppendsQuotaPath() {
+    func `api host environment appends quota path`() {
         let env = [ZaiSettingsReader.apiHostKey: "open.bigmodel.cn"]
         let url = ZaiUsageFetcher.resolveQuotaURL(region: .global, environment: env)
         #expect(url.absoluteString == "https://open.bigmodel.cn/api/monitor/usage/quota/limit")
diff --git a/TestsLinux/OpenAIDashboardParserLinuxTests.swift b/TestsLinux/OpenAIDashboardParserLinuxTests.swift
new file mode 100644
index 000000000..06f7417bd
--- /dev/null
+++ b/TestsLinux/OpenAIDashboardParserLinuxTests.swift
@@ -0,0 +1,60 @@
+import CodexBarCore
+import Foundation
+import Testing
+
+/// Cross-platform tests for the OpenAI dashboard text parser.
+///
+/// The dashboard renders reset countdowns like "Resets Wednesday at 3pm". The parser
+/// converts a textual weekday into the next occurrence of that weekday so it can be
+/// formatted into a concrete `Date`. These tests pin down full-weekday-name coverage
+/// because the underlying regex previously missed "Wednesday" and "Saturday" (their
+/// abbreviations were not long enough to combine with the optional "day" suffix).
+@Suite
+struct OpenAIDashboardParserLinuxTests {
+    private static func fixedNow() -> Date {
+        var calendar = Calendar(identifier: .gregorian)
+        calendar.timeZone = TimeZone(secondsFromGMT: 0)!
+        // 2026-05-21 is a Thursday in the Gregorian calendar; using a fixed anchor keeps
+        // the test deterministic regardless of when it executes.
+        return calendar.date(from: DateComponents(year: 2026, month: 5, day: 21))!
+    }
+
+    private static func body(forWeekday weekday: String) -> String {
+        """
+        5h limit
+        50% remaining
+        Resets \(weekday)
+        """
+    }
+
+    @Test
+    func parsesResetLineForEveryFullWeekdayName() {
+        let now = Self.fixedNow()
+        for weekday in ["Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday"] {
+            let result = OpenAIDashboardParser.parseRateLimits(
+                bodyText: Self.body(forWeekday: weekday),
+                now: now)
+            #expect(
+                result.primary?.resetsAt != nil,
+                "Expected a parsed resetsAt for weekday \(weekday)")
+        }
+    }
+
+    @Test
+    func parsesResetLineForLowercaseWednesday() {
+        let now = Self.fixedNow()
+        let result = OpenAIDashboardParser.parseRateLimits(
+            bodyText: Self.body(forWeekday: "wednesday"),
+            now: now)
+        #expect(result.primary?.resetsAt != nil)
+    }
+
+    @Test
+    func parsesResetLineForLowercaseSaturday() {
+        let now = Self.fixedNow()
+        let result = OpenAIDashboardParser.parseRateLimits(
+            bodyText: Self.body(forWeekday: "saturday"),
+            now: now)
+        #expect(result.primary?.resetsAt != nil)
+    }
+}
diff --git a/TestsLinux/SettingsReaderQuoteUnwrapTrapTests.swift b/TestsLinux/SettingsReaderQuoteUnwrapTrapTests.swift
new file mode 100644
index 000000000..91c0e1e7a
--- /dev/null
+++ b/TestsLinux/SettingsReaderQuoteUnwrapTrapTests.swift
@@ -0,0 +1,75 @@
+import CodexBarCore
+import Foundation
+import Testing
+
+/// Regression tests for a copy-pasted quote-unwrap helper that traps on length-1 input.
+///
+/// 32 provider settings readers (plus `CodexBarConfig` and `CLIConfigCommand`) share a
+/// `cleaned(_:)` helper of the form:
+///
+///     if (value.hasPrefix("\"") && value.hasSuffix("\"")) ||
+///         (value.hasPrefix("'") && value.hasSuffix("'"))
+///     {
+///         value.removeFirst()
+///         value.removeLast()
+///     }
+///
+/// For a value of length 1 (the single character `"` or `'`), both `hasPrefix` and
+/// `hasSuffix` return true, `removeFirst()` empties the string, and `removeLast()` then
+/// traps with "Can't remove last element from empty collection." This is reachable from
+/// a misconfigured env var (e.g. `ALIBABA_TOKEN_PLAN_COOKIE='"'`) and from quoted JSON
+/// values in `~/.codexbar/config.json`, both of which are user-controllable.
+///
+/// These tests exercise two representative public readers — Alibaba Token Plan (the
+/// newest addition in #1098) and the Ollama API key reader (added in #1087) — by
+/// passing the trap-inducing single-quote inputs and asserting the readers return nil
+/// instead of crashing. The patch swaps `removeFirst()/removeLast()` for
+/// `String(value.dropFirst().dropLast())`, which is empty-safe.
+@Suite
+struct SettingsReaderQuoteUnwrapTrapTests {
+    @Test
+    func alibabaTokenPlanCookieHeader_returnsNilForLoneDoubleQuoteValue() {
+        let env = [AlibabaTokenPlanSettingsReader.cookieHeaderKey: "\""]
+        #expect(AlibabaTokenPlanSettingsReader.cookieHeader(environment: env) == nil)
+    }
+
+    @Test
+    func alibabaTokenPlanCookieHeader_returnsNilForLoneApostropheValue() {
+        let env = [AlibabaTokenPlanSettingsReader.cookieHeaderKey: "'"]
+        #expect(AlibabaTokenPlanSettingsReader.cookieHeader(environment: env) == nil)
+    }
+
+    @Test
+    func alibabaTokenPlanCookieHeader_unwrapsProperlyDoubleQuotedValue() {
+        let env = [AlibabaTokenPlanSettingsReader.cookieHeaderKey: "\"abc=def\""]
+        #expect(AlibabaTokenPlanSettingsReader.cookieHeader(environment: env) == "abc=def")
+    }
+
+    @Test
+    func alibabaTokenPlanCookieHeader_unwrapsProperlySingleQuotedValue() {
+        let env = [AlibabaTokenPlanSettingsReader.cookieHeaderKey: "'abc=def'"]
+        #expect(AlibabaTokenPlanSettingsReader.cookieHeader(environment: env) == "abc=def")
+    }
+
+    @Test
+    func ollamaAPIKey_returnsNilForLoneDoubleQuoteValue() {
+        for key in OllamaAPISettingsReader.apiKeyEnvironmentKeys {
+            let env = [key: "\""]
+            #expect(OllamaAPISettingsReader.apiKey(environment: env) == nil)
+        }
+    }
+
+    @Test
+    func ollamaAPIKey_returnsNilForLoneApostropheValue() {
+        for key in OllamaAPISettingsReader.apiKeyEnvironmentKeys {
+            let env = [key: "'"]
+            #expect(OllamaAPISettingsReader.apiKey(environment: env) == nil)
+        }
+    }
+
+    @Test
+    func ollamaAPIKey_unwrapsProperlyQuotedValue() {
+        let env = [OllamaAPISettingsReader.apiKeyEnvironmentKeys[0]: "\"sk-token\""]
+        #expect(OllamaAPISettingsReader.apiKey(environment: env) == "sk-token")
+    }
+}
diff --git a/VISION.md b/VISION.md
new file mode 100644
index 000000000..ec6c5ec89
--- /dev/null
+++ b/VISION.md
@@ -0,0 +1,20 @@
+# Vision
+
+CodexBar is the menu bar control surface for AI provider limits, credits, spend, status, and reset windows. It should keep adding useful provider coverage while preserving fast refreshes, privacy-first local data handling, and shared provider-driven UI instead of one-off surfaces.
+
+## Merge by Default
+
+- Performance improvements, unless they add too much complexity.
+- Bug fixes with clear cause and bounded risk.
+- New model/provider support that follows existing descriptor, strategy, settings, and test patterns.
+- Small UI or UX tweaks.
+- Documentation fixes.
+
+## Needs Sign-Off
+
+- New features.
+- Package, dependency, or toolchain changes.
+- Broad refactors or architecture changes.
+- Changes that add meaningful maintenance complexity.
+- Behavior changes that affect provider auth, data storage, releases, or user privacy.
+- Provider additions that need new host APIs, bespoke UI, broad filesystem access, or unclear auth/privacy behavior.
diff --git a/WidgetExtension/CodexBarWidgetExtension.xcodeproj/project.pbxproj b/WidgetExtension/CodexBarWidgetExtension.xcodeproj/project.pbxproj
new file mode 100644
index 000000000..83a8c7f52
--- /dev/null
+++ b/WidgetExtension/CodexBarWidgetExtension.xcodeproj/project.pbxproj
@@ -0,0 +1,352 @@
+// !$*UTF8*$!
+{
+	archiveVersion = 1;
+	classes = {
+	};
+	objectVersion = 77;
+	objects = {
+
+/* Begin PBXBuildFile section */
+		0972D036B563954337344F35 /* CodexBarWidgetBundle.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50E5C7D39315A8DA5DC9D18A /* CodexBarWidgetBundle.swift */; };
+		49DB3749D8E8748409CDC4FE /* CodexBarWidgetProvider.swift in Sources */ = {isa = PBXBuildFile; fileRef = 549C61629C144C190B18EAD9 /* CodexBarWidgetProvider.swift */; };
+		6F12082A467310EEDD1F3439 /* WidgetKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E430B27E4F28973A5E77EA3F /* WidgetKit.framework */; };
+		7A3A654DC5A5B85C9C41EA02 /* CodexBarCore in Frameworks */ = {isa = PBXBuildFile; productRef = 140C60DAC1DE9A8AE19E58FE /* CodexBarCore */; };
+		7F0E34471853E41206F690FB /* SwiftUI.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 02F15F392AF9D502F0503F8F /* SwiftUI.framework */; };
+		882A41814588292DD631F525 /* CodexBarWidgetViews.swift in Sources */ = {isa = PBXBuildFile; fileRef = 84672F595D2C0B83323E2C54 /* CodexBarWidgetViews.swift */; };
+/* End PBXBuildFile section */
+
+/* Begin PBXFileReference section */
+		02F15F392AF9D502F0503F8F /* SwiftUI.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = SwiftUI.framework; path = System/Library/Frameworks/SwiftUI.framework; sourceTree = SDKROOT; };
+		50E5C7D39315A8DA5DC9D18A /* CodexBarWidgetBundle.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CodexBarWidgetBundle.swift; sourceTree = "<group>"; };
+		549C61629C144C190B18EAD9 /* CodexBarWidgetProvider.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CodexBarWidgetProvider.swift; sourceTree = "<group>"; };
+		84672F595D2C0B83323E2C54 /* CodexBarWidgetViews.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CodexBarWidgetViews.swift; sourceTree = "<group>"; };
+		9FA0A78FB7CA1D877E7BA54B /* codexbar */ = {isa = PBXFileReference; lastKnownFileType = folder; name = codexbar; path = ..; sourceTree = SOURCE_ROOT; };
+		E430B27E4F28973A5E77EA3F /* WidgetKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = WidgetKit.framework; path = System/Library/Frameworks/WidgetKit.framework; sourceTree = SDKROOT; };
+		E7789C4095C40CF60759F2B7 /* CodexBarWidgetExtension.appex */ = {isa = PBXFileReference; explicitFileType = "wrapper.app-extension"; includeInIndex = 0; path = CodexBarWidgetExtension.appex; sourceTree = BUILT_PRODUCTS_DIR; };
+/* End PBXFileReference section */
+
+/* Begin PBXFrameworksBuildPhase section */
+		F5F0F061CD72D02EB841D35C /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				7A3A654DC5A5B85C9C41EA02 /* CodexBarCore in Frameworks */,
+				7F0E34471853E41206F690FB /* SwiftUI.framework in Frameworks */,
+				6F12082A467310EEDD1F3439 /* WidgetKit.framework in Frameworks */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXFrameworksBuildPhase section */
+
+/* Begin PBXGroup section */
+		4FAD1E2FCD6C4AC65D308ABC /* Packages */ = {
+			isa = PBXGroup;
+			children = (
+				9FA0A78FB7CA1D877E7BA54B /* codexbar */,
+			);
+			name = Packages;
+			sourceTree = "<group>";
+		};
+		74E0E4CB8C1E1700BE59E54D = {
+			isa = PBXGroup;
+			children = (
+				B37422CB8DFAAFC8B3B8C1B6 /* CodexBarWidget */,
+				4FAD1E2FCD6C4AC65D308ABC /* Packages */,
+				CEE79B6AB070A55FA0FB7E12 /* Frameworks */,
+				B7E03090CEF29F6B74205FAE /* Products */,
+			);
+			sourceTree = "<group>";
+		};
+		B37422CB8DFAAFC8B3B8C1B6 /* CodexBarWidget */ = {
+			isa = PBXGroup;
+			children = (
+				50E5C7D39315A8DA5DC9D18A /* CodexBarWidgetBundle.swift */,
+				549C61629C144C190B18EAD9 /* CodexBarWidgetProvider.swift */,
+				84672F595D2C0B83323E2C54 /* CodexBarWidgetViews.swift */,
+			);
+			name = CodexBarWidget;
+			path = ../Sources/CodexBarWidget;
+			sourceTree = "<group>";
+		};
+		B7E03090CEF29F6B74205FAE /* Products */ = {
+			isa = PBXGroup;
+			children = (
+				E7789C4095C40CF60759F2B7 /* CodexBarWidgetExtension.appex */,
+			);
+			name = Products;
+			sourceTree = "<group>";
+		};
+		CEE79B6AB070A55FA0FB7E12 /* Frameworks */ = {
+			isa = PBXGroup;
+			children = (
+				02F15F392AF9D502F0503F8F /* SwiftUI.framework */,
+				E430B27E4F28973A5E77EA3F /* WidgetKit.framework */,
+			);
+			name = Frameworks;
+			sourceTree = "<group>";
+		};
+/* End PBXGroup section */
+
+/* Begin PBXNativeTarget section */
+		E9AFBF11687E131ED1AD113A /* CodexBarWidgetExtension */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 0BDFA2A2ECD62489A63741CF /* Build configuration list for PBXNativeTarget "CodexBarWidgetExtension" */;
+			buildPhases = (
+				7FB8FE18C057D477EA90DD38 /* Sources */,
+				F5F0F061CD72D02EB841D35C /* Frameworks */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+			);
+			name = CodexBarWidgetExtension;
+			packageProductDependencies = (
+				140C60DAC1DE9A8AE19E58FE /* CodexBarCore */,
+			);
+			productName = CodexBarWidgetExtension;
+			productReference = E7789C4095C40CF60759F2B7 /* CodexBarWidgetExtension.appex */;
+			productType = "com.apple.product-type.app-extension";
+		};
+/* End PBXNativeTarget section */
+
+/* Begin PBXProject section */
+		31A080B4D7A0849832821889 /* Project object */ = {
+			isa = PBXProject;
+			attributes = {
+				BuildIndependentTargetsInParallel = YES;
+				LastUpgradeCheck = 1430;
+				TargetAttributes = {
+				};
+			};
+			buildConfigurationList = A17A8A4315AD7DBD4D417FCA /* Build configuration list for PBXProject "CodexBarWidgetExtension" */;
+			developmentRegion = en;
+			hasScannedForEncodings = 0;
+			knownRegions = (
+				Base,
+				en,
+			);
+			mainGroup = 74E0E4CB8C1E1700BE59E54D;
+			minimizedProjectReferenceProxies = 1;
+			packageReferences = (
+				B0BE8F0E2917CB6B2EDF1826 /* XCLocalSwiftPackageReference ".." */,
+			);
+			preferredProjectObjectVersion = 77;
+			productRefGroup = B7E03090CEF29F6B74205FAE /* Products */;
+			projectDirPath = "";
+			projectRoot = "";
+			targets = (
+				E9AFBF11687E131ED1AD113A /* CodexBarWidgetExtension */,
+			);
+		};
+/* End PBXProject section */
+
+/* Begin PBXSourcesBuildPhase section */
+		7FB8FE18C057D477EA90DD38 /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				0972D036B563954337344F35 /* CodexBarWidgetBundle.swift in Sources */,
+				49DB3749D8E8748409CDC4FE /* CodexBarWidgetProvider.swift in Sources */,
+				882A41814588292DD631F525 /* CodexBarWidgetViews.swift in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXSourcesBuildPhase section */
+
+/* Begin XCBuildConfiguration section */
+		4A864C1BFFF710E1A519CCF5 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_SEARCH_USER_PATHS = NO;
+				CLANG_ANALYZER_NONNULL = YES;
+				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
+				CLANG_CXX_LANGUAGE_STANDARD = "gnu++14";
+				CLANG_CXX_LIBRARY = "libc++";
+				CLANG_ENABLE_MODULES = YES;
+				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_ENABLE_OBJC_WEAK = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
+				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
+				CLANG_WARN_CONSTANT_CONVERSION = YES;
+				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
+				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
+				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
+				CLANG_WARN_EMPTY_BODY = YES;
+				CLANG_WARN_ENUM_CONVERSION = YES;
+				CLANG_WARN_INFINITE_RECURSION = YES;
+				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
+				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
+				CLANG_WARN_SUSPICIOUS_MOVE = YES;
+				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
+				CLANG_WARN_UNREACHABLE_CODE = YES;
+				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
+				COPY_PHASE_STRIP = NO;
+				DEBUG_INFORMATION_FORMAT = dwarf;
+				ENABLE_STRICT_OBJC_MSGSEND = YES;
+				ENABLE_TESTABILITY = YES;
+				GCC_C_LANGUAGE_STANDARD = gnu11;
+				GCC_DYNAMIC_NO_PIC = NO;
+				GCC_NO_COMMON_BLOCKS = YES;
+				GCC_OPTIMIZATION_LEVEL = 0;
+				GCC_PREPROCESSOR_DEFINITIONS = (
+					"$(inherited)",
+					"DEBUG=1",
+				);
+				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
+				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
+				GCC_WARN_UNDECLARED_SELECTOR = YES;
+				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
+				GCC_WARN_UNUSED_FUNCTION = YES;
+				GCC_WARN_UNUSED_VARIABLE = YES;
+				MACOSX_DEPLOYMENT_TARGET = 14.0;
+				MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
+				MTL_FAST_MATH = YES;
+				ONLY_ACTIVE_ARCH = YES;
+				PRODUCT_NAME = "$(TARGET_NAME)";
+				SDKROOT = macosx;
+				SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG;
+				SWIFT_OPTIMIZATION_LEVEL = "-Onone";
+				SWIFT_VERSION = 5.0;
+			};
+			name = Debug;
+		};
+		76EC15BB9FE2307D815E380E /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_SEARCH_USER_PATHS = NO;
+				CLANG_ANALYZER_NONNULL = YES;
+				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
+				CLANG_CXX_LANGUAGE_STANDARD = "gnu++14";
+				CLANG_CXX_LIBRARY = "libc++";
+				CLANG_ENABLE_MODULES = YES;
+				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_ENABLE_OBJC_WEAK = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
+				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
+				CLANG_WARN_CONSTANT_CONVERSION = YES;
+				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
+				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
+				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
+				CLANG_WARN_EMPTY_BODY = YES;
+				CLANG_WARN_ENUM_CONVERSION = YES;
+				CLANG_WARN_INFINITE_RECURSION = YES;
+				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
+				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
+				CLANG_WARN_SUSPICIOUS_MOVE = YES;
+				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
+				CLANG_WARN_UNREACHABLE_CODE = YES;
+				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
+				COPY_PHASE_STRIP = NO;
+				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
+				ENABLE_NS_ASSERTIONS = NO;
+				ENABLE_STRICT_OBJC_MSGSEND = YES;
+				GCC_C_LANGUAGE_STANDARD = gnu11;
+				GCC_NO_COMMON_BLOCKS = YES;
+				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
+				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
+				GCC_WARN_UNDECLARED_SELECTOR = YES;
+				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
+				GCC_WARN_UNUSED_FUNCTION = YES;
+				GCC_WARN_UNUSED_VARIABLE = YES;
+				MACOSX_DEPLOYMENT_TARGET = 14.0;
+				MTL_ENABLE_DEBUG_INFO = NO;
+				MTL_FAST_MATH = YES;
+				PRODUCT_NAME = "$(TARGET_NAME)";
+				SDKROOT = macosx;
+				SWIFT_COMPILATION_MODE = wholemodule;
+				SWIFT_OPTIMIZATION_LEVEL = "-O";
+				SWIFT_VERSION = 5.0;
+			};
+			name = Release;
+		};
+		7B3A3941F0FAA0B4ADAB8760 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				APPLICATION_EXTENSION_API_ONLY = YES;
+				CODE_SIGNING_ALLOWED = NO;
+				COMBINE_HIDPI_IMAGES = YES;
+				ENABLE_APP_SANDBOX = YES;
+				ENABLE_DEBUG_DYLIB = NO;
+				INFOPLIST_FILE = Info.plist;
+				INFOPLIST_KEY_CodexBarTeamID = "$(CODEXBAR_TEAM_ID)";
+				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks @executable_path/../../../../Frameworks";
+				MACOSX_DEPLOYMENT_TARGET = 14.0;
+				PRODUCT_BUNDLE_IDENTIFIER = "$(CODEXBAR_WIDGET_BUNDLE_ID)";
+				PRODUCT_NAME = CodexBarWidget;
+				SDKROOT = macosx;
+				SWIFT_VERSION = 6.0;
+			};
+			name = Debug;
+		};
+		88E6F58603FDA13ED00BF91D /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				APPLICATION_EXTENSION_API_ONLY = YES;
+				CODE_SIGNING_ALLOWED = NO;
+				COMBINE_HIDPI_IMAGES = YES;
+				ENABLE_APP_SANDBOX = YES;
+				ENABLE_DEBUG_DYLIB = NO;
+				INFOPLIST_FILE = Info.plist;
+				INFOPLIST_KEY_CodexBarTeamID = "$(CODEXBAR_TEAM_ID)";
+				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks @executable_path/../../../../Frameworks";
+				MACOSX_DEPLOYMENT_TARGET = 14.0;
+				PRODUCT_BUNDLE_IDENTIFIER = "$(CODEXBAR_WIDGET_BUNDLE_ID)";
+				PRODUCT_NAME = CodexBarWidget;
+				SDKROOT = macosx;
+				SWIFT_VERSION = 6.0;
+			};
+			name = Release;
+		};
+/* End XCBuildConfiguration section */
+
+/* Begin XCConfigurationList section */
+		0BDFA2A2ECD62489A63741CF /* Build configuration list for PBXNativeTarget "CodexBarWidgetExtension" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				7B3A3941F0FAA0B4ADAB8760 /* Debug */,
+				88E6F58603FDA13ED00BF91D /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Debug;
+		};
+		A17A8A4315AD7DBD4D417FCA /* Build configuration list for PBXProject "CodexBarWidgetExtension" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				4A864C1BFFF710E1A519CCF5 /* Debug */,
+				76EC15BB9FE2307D815E380E /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Debug;
+		};
+/* End XCConfigurationList section */
+
+/* Begin XCLocalSwiftPackageReference section */
+		B0BE8F0E2917CB6B2EDF1826 /* XCLocalSwiftPackageReference ".." */ = {
+			isa = XCLocalSwiftPackageReference;
+			relativePath = ..;
+		};
+/* End XCLocalSwiftPackageReference section */
+
+/* Begin XCSwiftPackageProductDependency section */
+		140C60DAC1DE9A8AE19E58FE /* CodexBarCore */ = {
+			isa = XCSwiftPackageProductDependency;
+			productName = CodexBarCore;
+		};
+/* End XCSwiftPackageProductDependency section */
+	};
+	rootObject = 31A080B4D7A0849832821889 /* Project object */;
+}
diff --git a/WidgetExtension/CodexBarWidgetExtension.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/WidgetExtension/CodexBarWidgetExtension.xcodeproj/project.xcworkspace/contents.xcworkspacedata
new file mode 100644
index 000000000..919434a62
--- /dev/null
+++ b/WidgetExtension/CodexBarWidgetExtension.xcodeproj/project.xcworkspace/contents.xcworkspacedata
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Workspace
+   version = "1.0">
+   <FileRef
+      location = "self:">
+   </FileRef>
+</Workspace>
diff --git a/WidgetExtension/Info.plist b/WidgetExtension/Info.plist
new file mode 100644
index 000000000..bf7636ef9
--- /dev/null
+++ b/WidgetExtension/Info.plist
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>$(DEVELOPMENT_LANGUAGE)</string>
+	<key>CFBundleDisplayName</key>
+	<string>CodexBar</string>
+	<key>CFBundleExecutable</key>
+	<string>$(EXECUTABLE_NAME)</string>
+	<key>CFBundleIdentifier</key>
+	<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>CodexBarWidget</string>
+	<key>CFBundlePackageType</key>
+	<string>XPC!</string>
+	<key>CFBundleShortVersionString</key>
+	<string>$(MARKETING_VERSION)</string>
+	<key>CFBundleVersion</key>
+	<string>$(CURRENT_PROJECT_VERSION)</string>
+	<key>CodexBarTeamID</key>
+	<string>$(CODEXBAR_TEAM_ID)</string>
+	<key>LSMinimumSystemVersion</key>
+	<string>14.0</string>
+	<key>NSExtension</key>
+	<dict>
+		<key>NSExtensionPointIdentifier</key>
+		<string>com.apple.widgetkit-extension</string>
+	</dict>
+</dict>
+</plist>
diff --git a/WidgetExtension/project.yml b/WidgetExtension/project.yml
new file mode 100644
index 000000000..269c830c3
--- /dev/null
+++ b/WidgetExtension/project.yml
@@ -0,0 +1,42 @@
+name: CodexBarWidgetExtension
+options:
+  deploymentTarget:
+    macOS: "14.0"
+packages:
+  CodexBar:
+    path: ..
+targets:
+  CodexBarWidgetExtension:
+    type: app-extension
+    platform: macOS
+    deploymentTarget: "14.0"
+    sources:
+      - path: ../Sources/CodexBarWidget
+    dependencies:
+      - package: CodexBar
+        product: CodexBarCore
+      - sdk: SwiftUI.framework
+      - sdk: WidgetKit.framework
+    info:
+      path: Info.plist
+      properties:
+        CFBundleDisplayName: CodexBar
+        CFBundleName: CodexBarWidget
+        CFBundlePackageType: XPC!
+        CFBundleShortVersionString: "$(MARKETING_VERSION)"
+        CFBundleVersion: "$(CURRENT_PROJECT_VERSION)"
+        CodexBarTeamID: "$(CODEXBAR_TEAM_ID)"
+        LSMinimumSystemVersion: "14.0"
+        NSExtension:
+          NSExtensionPointIdentifier: com.apple.widgetkit-extension
+    settings:
+      base:
+        APPLICATION_EXTENSION_API_ONLY: true
+        CODE_SIGNING_ALLOWED: false
+        ENABLE_DEBUG_DYLIB: false
+        ENABLE_APP_SANDBOX: true
+        INFOPLIST_KEY_CodexBarTeamID: "$(CODEXBAR_TEAM_ID)"
+        LD_RUNPATH_SEARCH_PATHS: "$(inherited) @executable_path/../Frameworks @executable_path/../../../../Frameworks"
+        PRODUCT_BUNDLE_IDENTIFIER: "$(CODEXBAR_WIDGET_BUNDLE_ID)"
+        PRODUCT_NAME: CodexBarWidget
+        SWIFT_VERSION: "6.0"
diff --git a/appcast.xml b/appcast.xml
index c7bc8f030..c0df2ebba 100644
--- a/appcast.xml
+++ b/appcast.xml
@@ -2,234 +2,98 @@
 <rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0">
     <channel>
         <title>CodexBar</title>
-        <item sparkle:channel="beta">
-            <title>0.18.0-beta.3</title>
-            <pubDate>Fri, 13 Feb 2026 18:57:54 +0100</pubDate>
-            <link>https://raw.githubusercontent.com/steipete/CodexBar/main/appcast.xml</link>
-            <sparkle:version>51</sparkle:version>
-            <sparkle:shortVersionString>0.18.0-beta.3</sparkle:shortVersionString>
-            <sparkle:minimumSystemVersion>14.0</sparkle:minimumSystemVersion>
-            <description><![CDATA[<h2>CodexBar 0.18.0-beta.3</h2>
-<h3>Highlights</h3>
-<ul>
-<li>Claude OAuth/keychain flows were reworked across a series of follow-up PRs to reduce prompt storms, stabilize background behavior, surface a setting to control prompt policy and make failure modes deterministic (#245, #305, #308, #309, #364). Thanks @manikv12!</li>
-<li>Claude: harden Claude Code PTY capture for <code>/usage</code> and <code>/status</code> (prompt automation, safer command palette confirmation, partial UTF-8 handling, and parsing guards against status-bar context meters) (#320).</li>
-<li>New provider: Warp (credits + add-on credits) (#352). Thanks @Kathie-yu!</li>
-<li>Provider correctness fixes landed for Cursor plan parsing and MiniMax region routing (#240, #234, #344). Thanks @robinebers and @theglove44!</li>
-<li>Menu bar animation behavior was hardened in merged mode and fallback mode (#283, #291). Thanks @vignesh07 and @Ilakiancs!</li>
-<li>CI/tooling reliability improved via pinned lint tools, deterministic macOS test execution, and PTY timing test stabilization plus Node 24-ready GitHub Actions upgrades (#292, #312, #290).</li>
-</ul>
-<h3>Claude OAuth & Keychain</h3>
-<ul>
-<li>Claude OAuth creds are cached in CodexBar Keychain to reduce repeated prompts.</li>
-<li>Prompts can still appear when Claude OAuth credentials are expired, invalid, or missing and re-auth is required.</li>
-<li>In Auto mode, background refresh keeps prompts suppressed; interactive prompts are limited to user actions (menu open or manual refresh).</li>
-<li>OAuth-only mode remains strict (no silent Web/CLI fallback); Auto mode may do one delegated CLI refresh + one OAuth retry before falling back.</li>
-<li>Preferences now expose a Claude Keychain prompt policy (Never / Only on user action / Always allow prompts) under Providers → Claude; if global Keychain access is disabled in Advanced, this control remains visible but inactive.</li>
-</ul>
-<h3>Provider & Usage Fixes</h3>
-<ul>
-<li>Warp: add Warp provider support (credits + add-on credits), configurable via Settings or <code>WARP_API_KEY</code>/<code>WARP_TOKEN</code> (#352). Thanks @Kathie-yu!</li>
-<li>Cursor: compute usage against <code>plan.limit</code> rather than <code>breakdown.total</code> to avoid incorrect limit interpretation (#240). Thanks @robinebers!</li>
-<li>MiniMax: correct API region URL selection to route requests to the expected regional endpoint (#234). Thanks @theglove44!</li>
-<li>MiniMax: always show the API region picker and retry the China endpoint when the global host rejects the token to avoid upgrade regressions for users without a persisted region (#344). Thanks @apoorvdarshan!</li>
-<li>Claude: add Opus 4.6 pricing so token cost scanning tracks USD consumed correctly (#348). Thanks @arandaschimpf!</li>
-<li>z.ai: handle quota responses with missing token-limit fields, avoid incorrect used-percent calculations, and harden empty-response behavior with safer logging (#346). Thanks @MohamedMohana and @halilertekin!</li>
-<li>z.ai: fix provider visibility in the menu when enabled with token-account credentials (availability now considers the effective fetch environment).</li>
-<li>Amp: detect login redirects during usage fetch and fail fast when the session is invalid (#339). Thanks @JosephDoUrden!</li>
-<li>Resource loading: fix app bundle lookup path to avoid "could not load resource bundle" startup failures (#223). Thanks @validatedev!</li>
-<li>OpenAI Web dashboard: keep WebView instances cached for reuse to reduce repeated network fetch overhead; tests were updated to avoid network-dependent flakes (#284). Thanks @vignesh07!</li>
-<li>Token-account precedence: selected token account env injection now correctly overrides provider config <code>apiKey</code> values in app and CLI environments. Thanks @arvindcr4!</li>
-<li>Claude: make Claude CLI probing more resilient by scoping auto-input to the active subcommand and trimming to the latest Usage panel before parsing to avoid false matches from earlier screen fragments (#320).</li>
-</ul>
-<h3>Menu Bar & UI Behavior</h3>
-<ul>
-<li>Prevent fallback-provider loading animation loops (battery/CPU drain when no providers are enabled) (#283). Thanks @vignesh07!</li>
-<li>Prevent status overlay rendering for disabled providers while in merged mode (#291). Thanks @Ilakiancs!</li>
-</ul>
-<h3>CI, Tooling & Test Stability</h3>
-<ul>
-<li>Pin SwiftFormat/SwiftLint versions and harden lint installer behavior (version drift + temp-file leak fixes) (#292).</li>
-<li>Use more deterministic macOS CI test settings (including non-parallel paths where needed) and align runner/toolchain behavior for stability (#292).</li>
-<li>Stabilize PTY command timing tests to reduce CI flakiness (#312).</li>
-<li>Upgrade <code>actions/checkout</code> to v6 and <code>actions/github-script</code> to v8 for Node 24 compatibility in <code>upstream-monitor.yml</code> (#290). Thanks @salmanmkc!</li>
-<li>Tests: add TaskLocal-based keychain/cache overrides so keychain gating and KeychainCacheStore test stores do not leak across concurrent test execution (#320).</li>
-</ul>
-<h3>Docs & Maintenance</h3>
-<ul>
-<li>Update docs for Claude data fetch behavior and keychain troubleshooting notes.</li>
-<li>Update MIT license year.</li>
-</ul>
-<p><a href="https://github.com/steipete/CodexBar/blob/main/CHANGELOG.md">View full changelog</a></p>
-]]></description>
-            <enclosure url="https://github.com/steipete/CodexBar/releases/download/v0.18.0-beta.3/CodexBar-0.18.0-beta.3.zip" length="23436028" type="application/octet-stream" sparkle:edSignature="mb72DHg5xz+AY/DrCDPhpkWaRa24NwcYXnW5lKuYBzlF5kMAsqTZGaG82KWPY8su8J5bJ5wtOMjVdzPCJWjvAw=="/>
-        </item>
-        <item sparkle:channel="beta">
-            <title>0.18.0-beta.2</title>
-            <pubDate>Wed, 21 Jan 2026 08:42:37 +0000</pubDate>
+        <item>
+            <title>0.31.0</title>
+            <pubDate>Thu, 28 May 2026 23:11:46 +0100</pubDate>
             <link>https://raw.githubusercontent.com/steipete/CodexBar/main/appcast.xml</link>
-            <sparkle:version>50</sparkle:version>
-            <sparkle:shortVersionString>0.18.0-beta.2</sparkle:shortVersionString>
+            <sparkle:version>73</sparkle:version>
+            <sparkle:shortVersionString>0.31.0</sparkle:shortVersionString>
             <sparkle:minimumSystemVersion>14.0</sparkle:minimumSystemVersion>
-            <description><![CDATA[<h2>CodexBar 0.18.0-beta.2</h2>
-<h3>Highlights</h3>
+            <description><![CDATA[<h2>CodexBar 0.31.0</h2>
+<h3>Changed</h3>
 <ul>
-<li>OpenAI web dashboard refresh cadence now follows 5× the base refresh interval.</li>
-<li>OpenAI web dashboard WebView is torn down after each scrape to reduce idle CPU.</li>
-<li>Codex settings now include a toggle to disable OpenAI web extras.</li>
+<li>Docs: update the Homebrew install command to use the official <code>codexbar</code> cask now that it supports Intel Macs (#1189). Thanks @SSakutaro!</li>
+<li>Tests: document and audit that routine validation must not trigger macOS Keychain prompts.</li>
+<li>Localization: localize popup panels and provider settings UI across supported languages (#1181). Thanks @jack24254029!</li>
+<li>Localization: complete Brazilian Portuguese coverage so pt-BR no longer falls back to English for new UI strings (#1188). Thanks @ManuzimFerreira!</li>
 </ul>
-<h3>Providers</h3>
+<h3>Added</h3>
 <ul>
-<li>Providers: add Dia browser support across cookie import and profile detection (#209). Thanks @validatedev!</li>
-<li>Codex: include archived session logs in local token cost scanning and dedupe by session id.</li>
-<li>Claude: harden CLI /usage parsing and avoid ANTHROPIC_* env interference during probes.</li>
+<li>AWS Bedrock: support resolving usage and cost-history credentials from a named AWS profile via the AWS CLI (#1190). Thanks @oleksandr-soldatov!</li>
+<li>Codex: show Codex Spark model-specific usage as an optional extra quota lane (#1195, fixes #1177). Thanks @LeoLin990405!</li>
+<li>Localization: add Swedish as a selectable app language (#1186). Thanks @yeager!</li>
 </ul>
-<h3>Menu & Menu Bar</h3>
+<h3>Fixed</h3>
 <ul>
-<li>Menu: opening OpenAI web submenus triggers a refresh when the data is stale.</li>
-<li>Menu: fix usage line labels to honor “Show usage as used”.</li>
-<li>Debug: add a toggle to keep Codex/Claude CLI sessions alive between probes.</li>
-<li>Debug: add a button to reset CLI probe sessions.</li>
-<li>App icon: use the classic icon on macOS 15 and earlier while keeping Liquid Glass for macOS 26+ (#178). Thanks @zerone0x!</li>
+<li>Cost history: make token-cost JSONL scans cancellation-aware so quitting, forced refreshes, and account switches can stop stale scans sooner.</li>
+<li>Codex: show Spark 5-hour and weekly usage as separate quota lanes in Codex breakdowns (#1201).</li>
+<li>Codex: show captured <code>codex login</code> output when managed Add Account fails so users can recover from account-selection or OAuth failures (#1199). Thanks @chapati23!</li>
+<li>Claude: hide the obsolete Design quota lane now that Claude Design shares the main Claude usage limit (#1197).</li>
+<li>Menu bar: coalesce visible-menu rebuilds and reduce hover highlight work so the dropdown stays responsive on macOS 26.5 (#1196).</li>
 </ul>
 <p><a href="https://github.com/steipete/CodexBar/blob/main/CHANGELOG.md">View full changelog</a></p>
 ]]></description>
-            <enclosure url="https://github.com/steipete/CodexBar/releases/download/v0.18.0-beta.2/CodexBar-0.18.0-beta.2.zip" length="22498811" type="application/octet-stream" sparkle:edSignature="Zcy1PnvfyNQnpFvuydwnIQ+lUh1wGF46p92MyVeVAa/z441erCIHZ9bKH4QDlc9cB/QsTkYfk3CvE0lHTu5CCA=="/>
+            <enclosure url="https://github.com/steipete/CodexBar/releases/download/v0.31.0/CodexBar-macos-universal-0.31.0.zip" length="44654410" type="application/octet-stream" sparkle:edSignature="5QrkHnDb0Rc90o8qybk6S0p7TseVZiQ1zDaoLCmEQyUfODN/oqRfnDvPVKcYOLHa9P5NzMM5alxnkrMp9dbEBQ=="/>
         </item>
-        <item sparkle:channel="beta">
-            <title>0.18.0-beta.1</title>
-            <pubDate>Sun, 18 Jan 2026 23:09:38 +0000</pubDate>
+        <item>
+            <title>0.30.1</title>
+            <pubDate>Thu, 28 May 2026 07:56:49 +0100</pubDate>
             <link>https://raw.githubusercontent.com/steipete/CodexBar/main/appcast.xml</link>
-            <sparkle:version>49</sparkle:version>
-            <sparkle:shortVersionString>0.18.0-beta.1</sparkle:shortVersionString>
+            <sparkle:version>72</sparkle:version>
+            <sparkle:shortVersionString>0.30.1</sparkle:shortVersionString>
             <sparkle:minimumSystemVersion>14.0</sparkle:minimumSystemVersion>
-            <description><![CDATA[<h2>CodexBar 0.18.0-beta.1</h2>
-<h3>Highlights</h3>
-<ul>
-<li>New providers: OpenCode (web usage), Vertex AI, Kiro, Kimi, Kimi K2, Augment, Amp, Synthetic.</li>
-<li>Provider source controls: usage source pickers for Codex/Claude, manual cookie headers, cookie caching with source/timestamp.</li>
-<li>Menu bar upgrades: display mode picker (percent/pace/both), auto-select near limit, absolute reset times, pace summary line.</li>
-<li>CLI/config revamp: config-backed provider settings, JSON-only errors, config validate/dump.</li>
-</ul>
-<h3>Providers</h3>
-<ul>
-<li>OpenCode: add web usage provider with workspace override + Chrome-first cookie import (#188). Thanks @anthnykr!</li>
-<li>OpenCode: refresh provider logo (#190). Thanks @anthnykr!</li>
-<li>Vertex AI: add provider with quota-based usage from gcloud ADC. Thanks @bahag-chaurasiak!</li>
-<li>Vertex AI: token costs are shown via the Claude provider (same local logs).</li>
-<li>Vertex AI: harden quota usage parsing for edge-case responses.</li>
-<li>Kiro: add CLI-based usage provider via kiro-cli. Thanks @neror!</li>
-<li>Kiro: clean up provider wiring and show plan name in the menu.</li>
-<li>Kiro: harden CLI idle handling to avoid partial usage snapshots (#145). Thanks @chadneal!</li>
-<li>Kimi: add usage provider with cookie-based API token stored in Keychain (#146). Thanks @rehanchrl!</li>
-<li>Kimi K2: add API-key usage provider for credit totals (#147). Thanks @0-CYBERDYNE-SYSTEMS-0!</li>
-<li>Augment: add provider with browser-cookie usage tracking.</li>
-<li>Augment: prefer Auggie CLI usage with web fallback, plus session refresh + recovery tools (#142). Thanks @bcharleson!</li>
-<li>Amp: add provider with Amp Free usage tracking (#167). Thanks @duailibe!</li>
-<li>Synthetic: add API-key usage provider with quota snapshots (#171). Thanks @monotykamary!</li>
-<li>JetBrains AI: include IDEs missing quota files, expand custom paths, and add Android Studio base paths (#194). Thanks @steipete!</li>
-<li>Cursor: support legacy request-based plans and show individual on-demand usage (#125) — thanks @vltansky</li>
-<li>Cursor: avoid Intel crash when opening login and harden WebKit teardown. Thanks @meghanto!</li>
-<li>Cursor: load stored session cookies before reads to make relaunches deterministic.</li>
-<li>z.ai: add BigModel CN region option for API endpoint selection (#140). Thanks @nailuoGG!</li>
-<li>MiniMax: add China mainland region option + host overrides (#143). Thanks @nailuoGG!</li>
-<li>MiniMax: support API token or cookie auth; API token takes precedence and hides cookie UI (#149). Thanks @aonsyed!</li>
-<li>Gemini: prefer loadCodeAssist project IDs for quota fetches (#172). Thanks @lolwierd!</li>
-<li>Gemini: honor loadCodeAssist project IDs for quota + support Nix CLI layout (#184). Thanks @HaukeSchnau!</li>
-<li>Claude: fix OAuth “Extra usage” spend/limit units when the API returns minor currency units (#97).</li>
-<li>Claude: rescale extra usage costs when plan hints are missing and prefer web plan hints for extras (#181). Thanks @jorda0mega!</li>
-<li>Usage formatting: fix currency parsing/formatting on non-US locales (e.g., pt-BR). Thanks @mneves75!</li>
-</ul>
-<h3>Provider Sources & Security</h3>
+            <description><![CDATA[<h2>CodexBar 0.30.1</h2>
+<h3>Changed</h3>
 <ul>
-<li>Providers: cache browser cookies in Keychain (per provider) and show cached source/time in settings.</li>
-<li>Codex/Claude/Cursor/Factory/MiniMax: cookie sources now include Manual (paste a Cookie header) in addition to Automatic.</li>
-<li>Codex/Claude/Cursor/Factory/MiniMax: skip cookie imports from browsers without usable cookie stores (profile/cookie DB) to avoid unnecessary Keychain prompts.</li>
-<li>Providers: suppress repeated Chromium Keychain prompts after access denied and honor disabled Keychain access.</li>
+<li>CLI: make <code>codexbar diagnose</code> use a generic safe provider diagnostic export for all providers, with MiniMax details attached only as provider-specific metadata.</li>
 </ul>
-<h3>Preferences & Settings</h3>
+<h3>Fixed</h3>
 <ul>
-<li>Preferences: swap provider refresh button and enable toggle order.</li>
-<li>Preferences: animate settings width and widen Providers on selection.</li>
-<li>Preferences: shrink default settings size and reduce overall height.</li>
-<li>Preferences: move “Hide personal information” to Advanced.</li>
-<li>Providers: shorten fetch subtitle to relative time only.</li>
-<li>Preferences: soften provider sidebar background and stabilize drag reordering.</li>
-<li>Preferences: restrict provider drag handle to handle-only.</li>
-<li>Preferences: move provider refresh timing to a dedicated second line.</li>
-<li>Preferences: tighten provider usage metrics spacing.</li>
-<li>Preferences: show refresh timing inline in provider detail subtitle.</li>
-<li>Preferences: move “Access OpenAI via web” into Providers → Codex.</li>
-<li>Preferences: add usage source pickers for Codex + Claude with auto fallback.</li>
-<li>Preferences: add cookie source pickers with contextual helper text for the selected mode.</li>
-<li>Preferences: move “Disable Keychain access” to Advanced and require manual cookies when enabled.</li>
-<li>Preferences: add per-provider menu bar metric picker (#185) — thanks @HaukeSchnau</li>
-<li>Preferences: tighten provider rows (inline pickers, compact layout, inline refresh + auto-source status).</li>
-<li>Preferences: remove the “experimental” label from Antigravity.</li>
-</ul>
-<h3>Menu & Menu Bar</h3>
-<ul>
-<li>Menu: add a toggle to show reset times as absolute clock values (instead of countdowns).</li>
-<li>Menu: show an “Open Terminal” action when Claude OAuth fails.</li>
-<li>Menu: add “Hide personal information” toggle and redact emails in menu UI (#137). Thanks @t3dotgg!</li>
-<li>Menu: keep a pace summary line alongside the visual marker (#155). Thanks @antons!</li>
-<li>Menu: reduce provider-switch flicker and avoid redundant menu card sizing for faster opens (#132). Thanks @ibehnam!</li>
-<li>Menu: keep background refresh on open without forcing token usage (#158). Thanks @weequan93!</li>
-<li>Menu: Cursor switcher shows On-Demand remaining when Plan is exhausted in show-remaining mode (#193). Thanks @vltansky!</li>
-<li>Menu: avoid single-letter wraps in provider switcher titles.</li>
-<li>Menu: widen provider switcher buttons to avoid clipped titles.</li>
-<li>Menu bar: rebuild provider status items on reorder so icons update correctly.</li>
-<li>Menu bar: optional auto-select provider closest to its rate limit and keep switcher progress visible (#159). Thanks @phillco!</li>
-<li>Menu bar: add display mode picker for percent/pace/both in the menu bar icon (#169). Thanks @PhilETaylor!</li>
-<li>Menu bar: fix combined loading indicator flicker during loading animation (incl. debug replay).</li>
-<li>Menu bar: prevent blink updates from clobbering the loading animation.</li>
-</ul>
-<h3>CLI & Config</h3>
-<ul>
-<li>CLI: respect the reset time display setting.</li>
-<li>CLI: add pink accents, usage bars, and weekly pace lines to text output.</li>
-<li>CLI: add config-backed provider settings, <code>--json-only</code>, and <code>--source api</code> for key-based providers.</li>
-<li>CLI: add <code>config validate</code>/<code>config dump</code> commands and per-provider JSON error payloads.</li>
-<li>CLI/App: move provider secrets + ordering to <code>~/.codexbar/config.json</code> (no Keychain persistence).</li>
-<li>Providers: resolve API tokens from config/env only (no Keychain fallback).</li>
-</ul>
-<h3>Dev & Tests</h3>
-<ul>
-<li>Dev: move Chromium profile discovery into SweetCookieKit (adds Helium net.imput.helium). Thanks @hhushhas!</li>
-<li>Dev: bump SweetCookieKit to 0.2.0.</li>
-<li>Dev: migrate stored Keychain items to reduce rebuild prompts.</li>
-<li>Dev: move path debug snapshot off the main thread and debounce refreshes to avoid startup hitches (#131). Thanks @ibehnam!</li>
-<li>Tests: expand Kiro CLI coverage.</li>
-<li>Tests: stabilize Claude PTY integration cleanup and reset CLI sessions after probes.</li>
-<li>Tests: kill leaked codex app-server after tests.</li>
-<li>Tests: add regression coverage for merged loading icon layout stability.</li>
-<li>Tests: cover config validation and JSON-only CLI errors.</li>
-<li>Build: stabilize Swift test runtime.</li>
+<li>Settings: add trailing breathing room to provider-sidebar controls (#1183). Thanks @Yuxin-Qiao!</li>
+<li>Claude: treat OAuth usage HTTP 429s as rate limits, preserve cached credentials, and back off background retries while still allowing manual refresh (#1179). Thanks @LeoLin990405!</li>
+<li>Menu bar: stop repeated display-change status-item recreation from corrupting Control Center or confusing menu bar managers (#1176, fixes #1175). Thanks @diazdesandi!</li>
 </ul>
 <p><a href="https://github.com/steipete/CodexBar/blob/main/CHANGELOG.md">View full changelog</a></p>
 ]]></description>
-            <enclosure url="https://github.com/steipete/CodexBar/releases/download/v0.18.0-beta.1/CodexBar-0.18.0-beta.1.zip" length="18538687" type="application/octet-stream" sparkle:edSignature="gXM4bz3B7CNXqWKpISJIWkZTCIGN98xowWYB5Qzgi0KL8UdhreIxdqthJ+Q/+ZbC9LG9ubNgth4y10zDfUPGBQ=="/>
+            <enclosure url="https://github.com/steipete/CodexBar/releases/download/v0.30.1/CodexBar-macos-universal-0.30.1.zip" length="44308521" type="application/octet-stream" sparkle:edSignature="cfxg8FT6uZzaLb/BVogBkANw6pBeja7Ib6sTd6VcYFqTq9FpmvJ0loeVbfkbSXanIuL7lFs2GEJeWPLQRqjJCQ=="/>
         </item>
         <item>
-            <title>0.17.0</title>
-            <pubDate>Wed, 31 Dec 2025 23:12:24 +0100</pubDate>
+            <title>0.30.0</title>
+            <pubDate>Wed, 27 May 2026 07:04:18 +0100</pubDate>
             <link>https://raw.githubusercontent.com/steipete/CodexBar/main/appcast.xml</link>
-            <sparkle:version>48</sparkle:version>
-            <sparkle:shortVersionString>0.17.0</sparkle:shortVersionString>
+            <sparkle:version>71</sparkle:version>
+            <sparkle:shortVersionString>0.30.0</sparkle:shortVersionString>
             <sparkle:minimumSystemVersion>14.0</sparkle:minimumSystemVersion>
-            <description><![CDATA[<h2>CodexBar 0.17.0</h2>
-<ul>
-<li>New providers: MiniMax.</li>
-<li>Keychain: show a preflight explanation before macOS prompts for OAuth tokens or cookie decryption.</li>
-<li>Providers: defer z.ai + Copilot Keychain reads until the user interacts with the token field.</li>
-<li>Menu bar: avoid status item menu reattachment and layout flips during refresh to reduce icon flicker.</li>
-<li>Dev: align SweetCookieKit local-storage tests with Swift Testing.</li>
-<li>Charts: align hover selection bands with visible bars in credits + usage breakdown history.</li>
-<li>About: fix website link in the About panel. Thanks @felipeorlando!</li>
+            <description><![CDATA[<h2>CodexBar 0.30.0</h2>
+<h3>Added</h3>
+<ul>
+<li>MiniMax: add a redacted diagnostic CLI export for safe issue reports (#1128). Thanks @Yuxin-Qiao!</li>
+<li>Antigravity: show the complete per-model quota breakdown alongside the existing summary lanes (#1139). Thanks @guhyun9454!</li>
+<li>Widget: show tertiary usage rows for providers that expose a third quota lane (#1160). Thanks @LeoLin990405!</li>
+<li>DeepSeek: show optional web-session usage and cost summaries alongside the balance card (#1166). Thanks @Yuxin-Qiao!</li>
+<li>OpenAI: scope Admin API usage to the configured project and keep token accounts from inheriting stale project filters (#1168). Thanks @mstallone!</li>
+</ul>
+<h3>Fixed</h3>
+<ul>
+<li>App shutdown: detach status items, close tracked menus, and cancel menu tasks before quit so Dock autohide stays responsive on macOS 26.5 (#1174). Thanks @jskoiz!</li>
+<li>Widgets: package the macOS widget as a real Xcode app-extension target so WidgetKit descriptors load on macOS 26.5 (#1095). Thanks @jamesjlopez!</li>
+<li>Menu: render quota-warning markers as subtle inset ticks instead of full-height bars (#1149).</li>
+<li>Codex: show sign-in guidance when the Codex CLI is logged out instead of reporting a temporary usage outage (#1171, fixes #1170). Thanks @jskoiz!</li>
+<li>Menu bar: clear stale hidden macOS status-item visibility defaults once before creating CodexBar items (#1169).</li>
+<li>StepFun: refresh expired Oasis tokens and persist recovered manual sessions. Thanks @LeoLin990405!</li>
+<li>Release: prevent manual CLI artifact builds from publishing or clobbering release assets (#1154). Thanks @jskoiz!</li>
+<li>Cost history: route OpenAI and Mistral API spend through the shared cost-history cards, including OpenAI request counts (#1163). Thanks @LeoLin990405!</li>
+<li>Menu: keep provider switcher Cmd-number and arrow shortcuts working while the open menu is tracking events (#1157, fixes #1156 and #1144). Thanks @anirudhvee!</li>
+<li>Codex: prevent fork token replay from overcounting corrected cumulative session totals (#1164). Thanks @xx205!</li>
+<li>Alibaba Token Plan: update usage refreshes to the Bailian subscription-summary endpoint (#1142). Thanks @YanxinXue!</li>
+<li>Ollama: show pace projections for documented 5-hour session and 7-day weekly usage windows (#1136). Thanks @bdamokos!</li>
+<li>Localization: polish Simplified Chinese wording and add notification strings (#1165). Thanks @fanfanci!</li>
+<li>Localization: improve Traditional Chinese wording and localize notification copy (#1158). Thanks @jack24254029!</li>
+<li>Localization: improve Simplified Chinese visible menu, dashboard, and usage labels (#1145). Thanks @Yuxin-Qiao!</li>
 </ul>
 <p><a href="https://github.com/steipete/CodexBar/blob/main/CHANGELOG.md">View full changelog</a></p>
 ]]></description>
-            <enclosure url="https://github.com/steipete/CodexBar/releases/download/v0.17.0/CodexBar-0.17.0.zip" length="14296774" type="application/octet-stream" sparkle:edSignature="8n//nfQb9cz3hyoc/4+eitFvGl/FJrruUS99aIfqHwgtXhi1V4he9dKh7zKNt78mcP6raJGg+Ha5yHgglfSTDQ=="/>
+            <enclosure url="https://github.com/steipete/CodexBar/releases/download/v0.30.0/CodexBar-macos-universal-0.30.0.zip" length="43980302" type="application/octet-stream" sparkle:edSignature="em2+xZpRZvRphUFRWr0t389BLckIwZZr8e8MV65H97gzq6hbPiVe3P5E+4HFMUtlUncrRKYrhSIQo4C6WGZ0Aw=="/>
         </item>
         <item>
             <title>0.14.0</title>
@@ -272,4 +136,4 @@
             <enclosure url="https://github.com/steipete/CodexBar/releases/download/v0.12.0/CodexBar-0.12.0.zip" length="4888386" type="application/octet-stream" sparkle:edSignature="tQMHO/RNAbvwRHXYnLAkNV2ksiV722qR8fEYzcbipgetacfPnwnLJ0Pe/lAiZ03PBmj3BkisHb74GosUlSV+DQ=="/>
         </item>
     </channel>
-</rss>
+</rss>
\ No newline at end of file
diff --git a/docs/DEVELOPMENT.md b/docs/DEVELOPMENT.md
index 072cd9e7f..4a687f423 100644
--- a/docs/DEVELOPMENT.md
+++ b/docs/DEVELOPMENT.md
@@ -13,9 +13,12 @@ read_when:
 ### Building and Running
 
 ```bash
-# Full build, test, package, and launch (recommended)
+# Full build, package, and launch (recommended)
 ./Scripts/compile_and_run.sh
 
+# Also run swift test before packaging/relaunching
+./Scripts/compile_and_run.sh --test
+
 # Just build and package (no tests)
 ./Scripts/package_app.sh
 
@@ -26,7 +29,7 @@ read_when:
 ### Development Workflow
 
 1. **Make code changes** in `Sources/CodexBar/`
-2. **Run** `./Scripts/compile_and_run.sh` to rebuild and launch
+2. **Run** `./Scripts/compile_and_run.sh --test` to test, rebuild, and launch
 3. **Check logs** in Console.app (filter by "codexbar")
 4. **Optional file log**: enable Debug → Logging → "Enable file logging" to write
    `~/Library/Logs/CodexBar/CodexBar.log` (verbosity defaults to "Verbose")
@@ -37,7 +40,9 @@ read_when:
 You'll see **one keychain prompt per stored credential** on the first launch. This is a **one-time migration** that converts existing keychain items to use `kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly`.
 
 ### Subsequent Rebuilds
-**Zero prompts!** The migration flag is stored in UserDefaults, so future rebuilds won't prompt.
+The migration flag is stored in UserDefaults, so migrated CodexBar-owned items should not prompt again. Ad-hoc
+signing can still prompt for other keychain surfaces; use `./Scripts/compile_and_run.sh --clear-adhoc-keychain`
+when you intentionally want to reset ad-hoc keychain state.
 
 ### Why This Happens
 - Ad-hoc signed development builds change code signature on every rebuild
@@ -50,28 +55,20 @@ You'll see **one keychain prompt per stored credential** on the first launch. Th
 defaults delete com.steipete.codexbar KeychainMigrationV1Completed
 ```
 
-## Auto-Refresh for Augment Cookies
+## Augment Cookie Refresh
 
 ### How It Works
-CodexBar automatically refreshes Augment cookies from your browser:
-
-1. **Automatic Import**: On every usage refresh, CodexBar imports fresh cookies from your browser
-2. **Browser Priority**: Chrome → Arc → Safari → Firefox → Brave (configurable)
-3. **Session Detection**: Looks for Auth0/NextAuth session cookies
-4. **Fallback**: If import fails, uses last known good cookies from keychain
+CodexBar checks Augment through the provider fetch pipeline. Auto mode tries the Augment CLI first, then the
+browser-cookie web path. The web path reuses cached cookies when possible and imports from supported browsers when
+the cache is missing or rejected.
 
 ### Refresh Frequency
 - Default: Every 5 minutes (configurable in Preferences → General)
-- Minimum: 30 seconds
-- Cookie import happens automatically on each refresh
+- Minimum: 1 minute
+- Cookie import happens automatically when cached cookies need refresh
 
 ### Supported Browsers
-- Chrome
-- Arc
-- Safari
-- Firefox
-- Brave
-- Edge
+- Safari, Chrome variants, Edge variants, Brave, Arc variants, Dia, and Firefox.
 
 ### Manual Cookie Override
 If automatic import fails:
@@ -102,20 +99,18 @@ CodexBar/
 ## Common Tasks
 
 ### Add a New Provider
-1. Create `Sources/CodexBar/Providers/YourProvider/`
-2. Implement `ProviderImplementation` protocol
-3. Add to `ProviderRegistry.swift`
-4. Add icon to `Resources/ProviderIcon-yourprovider.svg`
+1. Add a `UsageProvider` case in `Sources/CodexBarCore/Providers/Providers.swift`
+2. Add core descriptor/fetcher wiring under `Sources/CodexBarCore/Providers/YourProvider/`
+3. Add app-side implementation under `Sources/CodexBar/Providers/YourProvider/`
+4. Register the implementation in `ProviderImplementationRegistry`
+5. Add icon assets such as `Resources/ProviderIcon-yourprovider.svg`
 
 ### Debug Cookie Issues
-```bash
-# Enable verbose logging
-export CODEXBAR_LOG_LEVEL=debug
-./Scripts/compile_and_run.sh
-
-# Check logs in Console.app
-# Filter: subsystem:com.steipete.codexbar category:augment-cookie
-```
+1. Enable Debug → Logging → "Enable file logging" or raise verbosity in the app settings.
+2. Reproduce with `./Scripts/compile_and_run.sh`.
+3. Check logs in Console.app:
+   - Filter: `subsystem:com.steipete.codexbar category:augment`
+   - Importer messages include the `[augment-cookie]` prefix
 
 ### Run Tests Only
 ```bash
@@ -133,13 +128,13 @@ swiftlint --strict
 ### Local Development Build
 ```bash
 ./Scripts/package_app.sh
-# Creates: CodexBar.app (ad-hoc signed)
+# Creates: CodexBar.app (Developer ID by default; set CODEXBAR_SIGNING=adhoc for ad-hoc signing)
 ```
 
 ### Release Build (Notarized)
 ```bash
 ./Scripts/sign-and-notarize.sh
-# Creates: CodexBar-arm64.zip (notarized for distribution)
+# Creates: CodexBar-<version>.zip and CodexBar-<version>.dSYM.zip
 ```
 
 See `docs/RELEASING.md` for full release process.
@@ -162,11 +157,11 @@ defaults read com.steipete.codexbar KeychainMigrationV1Completed
 # Should output: 1
 
 # Check migration logs
-log show --predicate 'category == "KeychainMigration"' --last 5m
+log show --predicate 'category == "keychain-migration"' --last 5m
 ```
 
 ### Cookies Not Refreshing
-1. Check browser is supported (Chrome, Arc, Safari, Firefox, Brave)
+1. Check the browser is supported by the Augment provider metadata
 2. Verify you're logged into Augment in that browser
 3. Check Preferences → Providers → Augment → Cookie source is "Automatic"
 4. Enable debug logging and check Console.app
@@ -181,12 +176,13 @@ log show --predicate 'category == "KeychainMigration"' --last 5m
 
 ### Cookie Management
 - Automatic browser import via SweetCookieKit
-- Keychain storage for persistence
+- Keychain cache for some imported browser cookies and OAuth/device-flow credentials
+- `~/.codexbar/config.json` for provider settings, manual cookies, and stored API keys
 - Manual override for debugging
-- Auto-refresh on every usage poll
+- Browser-cookie import when cached sessions need refresh
 
 ### Usage Polling
 - Background timer (configurable frequency)
 - Parallel provider fetches
-- Exponential backoff on errors
-- Widget snapshot for iOS widget
+- First failure can be suppressed when prior data exists
+- WidgetKit snapshot for macOS widgets
diff --git a/docs/DEVELOPMENT_SETUP.md b/docs/DEVELOPMENT_SETUP.md
index 1e9fe34ce..48343efe9 100644
--- a/docs/DEVELOPMENT_SETUP.md
+++ b/docs/DEVELOPMENT_SETUP.md
@@ -8,15 +8,24 @@ read_when:
 
 # Development Setup Guide
 
-## Keychain Permission Prompts
+## Reducing Keychain Permission Prompts
 
-As of v0.18.0-beta.3-jl.2, CodexBar defaults to reading Claude credentials via `/usr/bin/security` CLI, which **does not trigger keychain prompts**. No special setup is needed.
-
-If you've switched to the Security.framework reader (via Preferences), you may see prompts like:
+When developing CodexBar, you may see frequent keychain permission prompts like:
 
 > **CodexBar wants to access key "Claude Code-credentials" in your keychain.**
 
-This happens because each rebuild creates a new code signature, and macOS treats it as a "different" app. To reduce these prompts with the Security.framework reader:
+This happens because each rebuild creates a new code signature, and macOS treats it as a "different" app.
+That can affect both CodexBar-owned entries (`com.steipete.CodexBar`, `com.steipete.codexbar.cache`) and
+third-party items such as `Claude Code-credentials`, so an ad-hoc-signed rebuild can keep re-triggering
+password/keychain approval dialogs even after you previously chose **Always Allow**.
+
+### Quick Fix (Temporary)
+
+When the prompt appears, click **"Always Allow"** instead of just "Allow". This grants access to the current build.
+
+### Permanent Fix (Recommended)
+
+Use a stable development certificate that doesn't change between rebuilds:
 
 #### 1. Create Development Certificate
 
@@ -95,6 +104,13 @@ This script:
 5. Launches `CodexBar.app`
 6. Verifies it stays running
 
+When the script falls back to ad-hoc signing, it preserves CodexBar-owned keychain state by default.
+That means you may still see keychain prompts for existing CodexBar cache entries, but allowing those prompts keeps the
+cached browser/OAuth state available across normal rebuilds.
+If you want a clean reset of CodexBar-owned keychain state for an ad-hoc build, run
+`./Scripts/compile_and_run.sh --clear-adhoc-keychain` before relaunching.
+Third-party keychain items still need stable signing if you want macOS to remember **Always Allow** across rebuilds.
+
 ### Quick Build (No Tests)
 
 ```bash
@@ -129,7 +145,7 @@ pkill -x CodexBar || pkill -f CodexBar.app || true
 
 ### "Permission denied" when accessing keychain
 
-With the default `/usr/bin/security` CLI reader, this should not happen. If using the Security.framework reader, make sure you clicked **"Always Allow"** or set up the development certificate (see above).
+Make sure you clicked **"Always Allow"** or set up the development certificate (see above).
 
 ### Multiple app bundles keep appearing
 
diff --git a/docs/FORK_QUICK_START.md b/docs/FORK_QUICK_START.md
index 3f60c9f87..23cdb9c4e 100644
--- a/docs/FORK_QUICK_START.md
+++ b/docs/FORK_QUICK_START.md
@@ -57,11 +57,9 @@ cd /Users/steipete/Projects/codexbar && open -n /Users/steipete/Projects/codexba
 
 ### Release
 ```bash
-# Sign and notarize (keep in foreground!)
-./Scripts/sign-and-notarize.sh
-
-# Create appcast
-./Scripts/make_appcast.sh <zip> <feed-url>
+# Edit .mac-release.env first: MAC_RELEASE_REPO, feed URL, download URL,
+# bundle id, and Sparkle public/signing key must point at your fork.
+./Scripts/release.sh
 
 # See full release process
 cat docs/RELEASING.md
diff --git a/docs/FORK_ROADMAP.md b/docs/FORK_ROADMAP.md
index 0c73db976..bf52353de 100644
--- a/docs/FORK_ROADMAP.md
+++ b/docs/FORK_ROADMAP.md
@@ -118,7 +118,7 @@ This document outlines the development roadmap for the CodexBar fork maintained
 
 **Files to Create:**
 - `Scripts/sync_upstream.sh`
-- `docs/UPSTREAM_SYNC.md`
+- `docs/UPSTREAM_STRATEGY.md`
 - `.github/workflows/upstream-sync-check.yml`
 
 ---
@@ -228,5 +228,5 @@ This document outlines the development roadmap for the CodexBar fork maintained
 - [Augment Provider](augment.md) - Augment-specific documentation
 - [Development Guide](DEVELOPMENT.md) - Build and test instructions
 - [Provider Authoring](provider.md) - How to create new providers
-- [Upstream Sync](UPSTREAM_SYNC.md) - Syncing with original repository (TBD)
+- [Upstream Strategy](UPSTREAM_STRATEGY.md) - Syncing with original repository
 - [Quotio Analysis](QUOTIO_ANALYSIS.md) - Feature comparison (TBD)
diff --git a/docs/ISSUE_LABELING.md b/docs/ISSUE_LABELING.md
new file mode 100644
index 000000000..8e0ba964a
--- /dev/null
+++ b/docs/ISSUE_LABELING.md
@@ -0,0 +1,199 @@
+---
+summary: "Issue labeling policy for triage, prioritization, and backlog hygiene."
+read_when:
+  - Triageing GitHub issues
+  - Adding or updating issue labels
+  - Organizing the backlog
+---
+
+# Issue labeling guide
+
+This repo uses labels to make the issue tracker easier to scan by:
+
+- **type** — what kind of issue is this?
+- **priority** — how urgent is it?
+- **area** — what subsystem is affected?
+- **provider** — which provider/service is involved?
+- **workflow state** — what kind of follow-up is needed?
+
+The goal is not to perfectly label everything. The goal is to make open issues easy to sort into:
+
+- what is broken now,
+- what needs maintainer attention,
+- what is accepted backlog,
+- and what belongs to a specific provider or subsystem.
+
+## Labeling rules
+
+For most open issues, aim to apply:
+
+- **1 type label**
+- **1 priority label**
+- **1 workflow label**
+- **1 area label**
+- **0–1 provider labels**
+
+That means most issues should end up with **3–5 labels max**.
+
+## Type labels
+
+Use the existing GitHub-style labels:
+
+- `bug` — broken behavior, crash, mismatch, false negative, bad parsing, auth failure
+- `enhancement` — feature request, UX improvement, support for a new workflow
+- `documentation` — docs, onboarding, missing setup guidance
+- `question` — only for issues that are primarily asking for clarification or support
+
+Avoid using `question` as a generic fallback when the issue is actually a bug or feature request.
+
+## Priority labels
+
+- `priority:high` — crashes, install failures, auth/account breakage, provider unusable, severe resource issues
+- `priority:medium` — real issue or good feature request, but not urgent
+- `priority:low` — minor polish, optional UX improvements, long-tail backlog
+
+## Workflow labels
+
+- `needs-triage` — new issue that has not been categorized yet
+- `needs-repro` — needs logs, screenshots, exact steps, or a current repro
+- `needs-design` — valid request, but needs a product/UX decision before implementation
+- `blocked-upstream` — likely caused or limited by upstream provider behavior
+- `accepted` — intentionally kept open as part of the backlog/roadmap
+
+## Area labels
+
+- `area:auth-keychain` — keychain prompts, login state, token refresh, account switching
+- `area:install-distribution` — Homebrew, packaging, launch/install failures, binary detection
+- `area:usage-accuracy` — usage %, reset windows, plan parsing, cost/token math
+- `area:performance` — CPU, battery, memory, background sessions/process churn
+- `area:ui-ux` — menu bar behavior, settings, copy, visual layout, interaction polish
+- `area:widget` — widget registration, app groups, widget gallery visibility
+- `area:docs-onboarding` — setup docs, onboarding docs, missing instructions
+- `area:notifications` — threshold alerts, prompt waiting, quota notifications
+- `area:export-integration` — Prometheus, HTTP server mode, external integrations
+- `area:accounts` — multiple accounts, account discovery, account switching UX
+
+## Provider labels
+
+Only apply one when a provider is clearly the main subject:
+
+- `provider:claude`
+- `provider:codex`
+- `provider:cursor`
+- `provider:copilot`
+- `provider:gemini`
+- `provider:alibaba`
+- `provider:factory`
+- `provider:antigravity`
+- `provider:opencode`
+- `provider:zai`
+- `provider:openrouter`
+
+Not every issue needs a provider label.
+
+## Close-time labels
+
+These are mostly useful when resolving issues, not as backlog-organizing labels:
+
+- `duplicate`
+- `invalid`
+- `wontfix`
+- `stale`
+
+## Recommended minimum viable label set
+
+If starting from a sparse tracker, add these first:
+
+### Priority
+- `priority:high`
+- `priority:medium`
+- `priority:low`
+
+### Workflow
+- `needs-triage`
+- `needs-repro`
+- `needs-design`
+- `accepted`
+
+### Area
+- `area:auth-keychain`
+- `area:install-distribution`
+- `area:usage-accuracy`
+- `area:performance`
+- `area:ui-ux`
+- `area:widget`
+- `area:docs-onboarding`
+
+### Provider
+- `provider:claude`
+- `provider:codex`
+- `provider:cursor`
+- `provider:copilot`
+
+This smaller set already gives most of the value.
+
+## Examples
+
+### Example 1 — severe Claude keychain issue
+Issue: repeated Claude keychain prompts, user can’t keep the app running normally.
+
+Suggested labels:
+- `bug`
+- `priority:high`
+- `area:auth-keychain`
+- `provider:claude`
+
+### Example 2 — roadmap feature
+Issue: multiple account support.
+
+Suggested labels:
+- `enhancement`
+- `priority:high`
+- `area:accounts`
+- `needs-design`
+
+### Example 3 — needs better repro
+Issue: generic usage mismatch with unclear screenshots and no exact values.
+
+Suggested labels:
+- `bug`
+- `priority:medium`
+- `area:usage-accuracy`
+- `needs-repro`
+
+### Example 4 — accepted backlog UI request
+Issue: show burn rate / pacing indicators.
+
+Suggested labels:
+- `enhancement`
+- `priority:medium`
+- `area:usage-accuracy`
+- `accepted`
+
+## Suggested rollout
+
+1. **Create the new labels**
+2. **Backfill the top-priority open issues first**
+   - all `priority:high` bugs
+   - major roadmap items
+   - maintainer-triage issues
+3. **Apply labels to new issues at intake**
+4. **Backfill older backlog issues gradually**
+
+## Practical guidance
+
+- Prefer **fewer, clearer labels** over many vague labels.
+- Do not label everything `question`.
+- Do not use both `needs-repro` and `accepted` on the same issue unless there is a strong reason.
+- If an issue is provider-specific, add the provider label early.
+- If an issue is obviously real and intended to stay open, add `accepted` so it doesn’t look abandoned.
+
+## Current workflow-specific labels
+
+These already exist and should stay scoped to their current purpose:
+
+- `upstream-sync`
+- `needs-review`
+- `changes requested`
+
+They should not replace the general issue triage labels above.
diff --git a/docs/KEYCHAIN_FIX.md b/docs/KEYCHAIN_FIX.md
index 94948b42d..3c96f05ef 100644
--- a/docs/KEYCHAIN_FIX.md
+++ b/docs/KEYCHAIN_FIX.md
@@ -45,15 +45,10 @@ Load order for credentials:
 2. In-memory cache.
 3. CodexBar keychain cache (`com.steipete.codexbar.cache`, account `oauth.claude`).
 4. `~/.claude/.credentials.json`.
-5. Claude CLI keychain service: `Claude Code-credentials` — read via `/usr/bin/security` CLI by default (prompt-free), with Security.framework as fallback.
+5. Claude CLI keychain service: `Claude Code-credentials` (promptable fallback).
 
-Keychain read strategy:
-- **Default: `/usr/bin/security` CLI** (`ClaudeOAuthKeychainReadStrategy.securityCLI`). The CLI binary is permanently in the keychain item's ACL (added by Claude Code during login), so reads never trigger macOS keychain prompts — even after app rebuilds or updates.
-- **Override: Security.framework** (`ClaudeOAuthKeychainReadStrategy.securityFramework`). Available via user preference. Uses `SecItemCopyMatching`, which requires the calling binary to be in the keychain ACL — invalidated on every rebuild, causing recurring prompts.
-- Strategy is stored in UserDefaults key `claudeOAuthKeychainReadStrategy`.
-
-Prompt mitigation (Security.framework fallback path only):
-- Non-interactive keychain probes use `KeychainNoUIQuery` (`LAContext.interactionNotAllowed` + `kSecUseAuthenticationUIFail`).
+Prompt mitigation:
+- Non-interactive keychain probes use `KeychainNoUIQuery` with `LAContext.interactionNotAllowed`.
 - Pre-alert is shown only when preflight suggests interaction may be required.
 - Denials are cooled down in the background via `claudeOAuthKeychainDeniedUntil`
   (`ClaudeOAuthKeychainAccessGate`). User actions (menu open / manual refresh) clear this cooldown.
@@ -61,14 +56,11 @@ Prompt mitigation (Security.framework fallback path only):
 - Background cache-sync-on-change also performs non-interactive Claude keychain probes (`syncWithClaudeKeychainIfChanged`)
   and can update cached OAuth data when the token changes.
 
-### Why two Claude keychain prompts could happen on startup (Security.framework path only)
-> **Note:** With the default `/usr/bin/security` CLI reader, keychain prompts do not occur. This section only applies
-> when the user has explicitly switched to the Security.framework reader.
-
+### Why two Claude keychain prompts can still happen on startup
 When CodexBar does not have usable OAuth credentials in its own cache (`com.steipete.codexbar.cache` / `oauth.claude`),
 bootstrap falls through to Claude CLI keychain reads.
 
-Under the Security.framework path, the flow can perform up to two interactive reads in one bootstrap call:
+Current flow can perform up to two interactive reads in one bootstrap call:
 1. Interactive read of the newest discovered keychain candidate.
 2. If that does not return usable data, interactive legacy service-level fallback read.
 
@@ -88,6 +80,9 @@ This is OS/keychain ACL behavior, not a `ThisDeviceOnly` migration issue.
 - Browser-imported Claude session cookies are cached in keychain service `com.steipete.codexbar.cache`.
 - Account key is `cookie.claude`.
 - Cache writes use `kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly`.
+- Users can clear browser-cookie cache entries from **Preferences → Debug → Caches** or with
+  `codexbar cache clear --cookies`. `--provider <id>` scopes cookie clearing to one provider and includes scoped
+  Codex managed-account cookie keys.
 
 ## What still uses `ThisDeviceOnly`
 
diff --git a/docs/RELEASING.md b/docs/RELEASING.md
index 0fdf6585f..5c245d3a6 100644
--- a/docs/RELEASING.md
+++ b/docs/RELEASING.md
@@ -21,14 +21,15 @@ SwiftPM-only; package/sign/notarize manually (no Xcode project). Sparkle feed is
 - Sparkle key probe runs up front; appcast entry + signature verified automatically after generation.
 - Release notes are extracted directly from the current changelog section and passed to the GitHub release (no manual notes flag needed).
 - Sparkle appcast notes are generated as HTML from the same changelog section and embedded into the appcast entry.
-- Requires tools/env on PATH: `swiftformat`, `swiftlint`, `swift`, `sign_update`, `generate_appcast`, `gh`, `python3`, `zip`, `curl`, plus `APP_STORE_CONNECT_*` and `SPARKLE_PRIVATE_KEY_FILE`.
+- Requires tools/env on PATH: `swiftformat`, `swiftlint`, `swift`, `sign_update`, `generate_keys`, `generate_appcast`, `gh`, `python3`, `zip`, `curl`, plus `APP_STORE_CONNECT_*`. `SPARKLE_PRIVATE_KEY_FILE` is only needed when overriding the default Keychain Sparkle key.
 
 ## Prereqs
 - Xcode 26+ installed at `/Applications/Xcode.app` (for ictool/iconutil and SDKs).
 - Developer ID Application cert installed: `Developer ID Application: Peter Steinberger (Y5PE65HELJ)`.
 - ASC API creds in env: `APP_STORE_CONNECT_API_KEY_P8`, `APP_STORE_CONNECT_KEY_ID`, `APP_STORE_CONNECT_ISSUER_ID`.
-- Sparkle keys: public key already in Info.plist; private key path set via `SPARKLE_PRIVATE_KEY_FILE` when generating appcast.
+- Sparkle keys: public key expectation is in `.mac-release.env`; CodexBar still uses the older shared AGCY key, so the manifest includes the local Dropbox fallback path. `SPARKLE_PRIVATE_KEY_FILE` overrides it.
 - Ensure shell has release env vars loaded (usually `source ~/.profile`) before running `Scripts/release.sh`.
+- Shared release helper: `Scripts/mac-release` resolves `MAC_RELEASE_TOOL`, sibling `../agent-scripts`, or `~/Projects/agent-scripts`.
 
 ## Icon (glass .icon → .icns)
 ```
@@ -45,7 +46,7 @@ What it does:
 - Packages `CodexBar.app` with Info.plist and Icon.icns
 - Embeds Sparkle.framework, Updater, Autoupdate, XPCs
 - Codesigns **everything** with runtime + timestamp (deep) and adds rpath
-- Zips to `CodexBar-<version>.zip`
+- Zips to `CodexBar-macos-universal-<version>.zip`
 - Submits to notarytool, waits, staples, validates
 
 Gotchas fixed:
@@ -55,28 +56,24 @@ Gotchas fixed:
 - Manual sanity check before uploading: `find CodexBar.app -name '._*'` should return nothing; then `spctl --assess --type execute --verbose CodexBar.app` and `codesign --verify --deep --strict --verbose CodexBar.app` should both pass on the packaged bundle.
 
 ## Appcast (Sparkle)
-After notarization:
+After notarization, or let `Scripts/release.sh` do this:
 ```
-SPARKLE_PRIVATE_KEY_FILE=/path/to/ed25519-priv.key \
-./Scripts/make_appcast.sh CodexBar-0.1.0.zip \
+./Scripts/make_appcast.sh CodexBar-macos-universal-0.1.0.zip \
   https://raw.githubusercontent.com/steipete/CodexBar/main/appcast.xml
-Generates HTML release notes from `CHANGELOG.md` (via `Scripts/changelog-to-html.sh`) and embeds them into the appcast entry.
 ```
+Generates HTML release notes from `CHANGELOG.md` (via `Scripts/changelog-to-html.sh`) and embeds them into the appcast entry.
 Uploads not handled automatically—commit/publish appcast + zip to the feed location (GitHub Releases/raw URL).
 
 ## Tag & release
 ```
-git tag v<version>
-./Scripts/make_appcast.sh ...
-# upload zip + appcast to Releases
-# then create GitHub release (gh release create v<version> ...)
+./Scripts/release.sh
 ```
 
 ## Homebrew (Cask)
 CodexBar ships a Homebrew **Cask** in `../homebrew-tap`. When installed via Homebrew, CodexBar disables Sparkle and the app
 must be updated via `brew`.
 
-After publishing the GitHub release, update the tap cask + Linux CLI formula (see `docs/releasing-homebrew.md`).
+After publishing the GitHub release, `.github/workflows/release-cli.yml` builds the CLI tarballs, uploads `CodexBarCLI-v<version>-{macos-arm64,macos-x86_64,linux-aarch64,linux-x86_64}.tar.gz` plus checksums, then dispatches the Homebrew tap update for both the CLI formula and app cask. If the final dispatch is rate-limited, the tarballs and app zip may still be present; rerun or manually update the tap formula/cask from the published assets.
 
 ## Checklist (quick)
 - [ ] Read both this file and `~/Projects/agent-scripts/docs/RELEASING-MAC.md`; resolve any conflicts toward CodexBar’s specifics.
@@ -84,15 +81,16 @@ After publishing the GitHub release, update the tap cask + Linux CLI formula (se
 - [ ] `swiftformat`, `swiftlint`, `swift test` (zero warnings/errors)
 - [ ] `./Scripts/build_icon.sh` if icon changed
 - [ ] `./Scripts/sign-and-notarize.sh`
-- [ ] Generate Sparkle appcast with private key
-  - Sparkle ed25519 private key path: `/Users/steipete/Library/CloudStorage/Dropbox/Backup/Sparkle/sparkle-private-key-KEEP-SECURE.txt` (primary) and `/Users/steipete/Library/CloudStorage/Dropbox/Backup/Sparkle-VibeTunnel/sparkle-private-key-KEEP-SECURE.txt` (older backup)
+- [ ] Generate Sparkle appcast via `Scripts/release.sh` or `Scripts/make_appcast.sh`; use `SPARKLE_PRIVATE_KEY_FILE` only if overriding Keychain signing.
   - Upload the dSYM archive alongside the app zip on the GitHub release; the release script now automates this and will fail if it’s missing.
-  - After publishing the release, run `Scripts/check-release-assets.sh <tag>` to confirm both the app zip and dSYM zip are present on GitHub.
-  - Generate the appcast + HTML release notes: `./Scripts/make_appcast.sh CodexBar-<ver>.zip https://raw.githubusercontent.com/steipete/CodexBar/main/appcast.xml`
+  - After publishing the release and the Release CLI workflow finishes, run `Scripts/check-release-assets.sh <tag>` to confirm the app zip, dSYM zip, CLI tarballs, and CLI checksums are present on GitHub.
+  - Generate the appcast + HTML release notes: `./Scripts/make_appcast.sh CodexBar-macos-universal-<ver>.zip https://raw.githubusercontent.com/steipete/CodexBar/main/appcast.xml`
   - Beta channel: prefix the command with `SPARKLE_CHANNEL=beta` to tag the entry.
-  - Verify the enclosure signature + size: `SPARKLE_PRIVATE_KEY_FILE=... ./Scripts/verify_appcast.sh <ver>`
+  - Verify the enclosure signature + size: `./Scripts/verify_appcast.sh <ver>`
 - [ ] Upload zip + appcast to feed; publish tag + GitHub release so Sparkle URL is live (avoid 404)
-- [ ] Homebrew tap: update `../homebrew-tap/Casks/codexbar.rb` (url + sha256) and `../homebrew-tap/Formula/codexbar.rb` (Linux CLI tarball urls + sha256), then verify:
+- [ ] Homebrew tap: wait for the Release CLI workflow to update `../homebrew-tap/Casks/codexbar.rb` (app zip url + sha256) and `../homebrew-tap/Formula/codexbar.rb` (CLI tarball urls + sha256), then verify:
+  - `gh run watch <release-cli-run-id> --exit-status`
+  - `Scripts/check-release-assets.sh v<version>`
   - `brew uninstall --cask codexbar || true`
   - `brew untap steipete/tap || true; brew tap steipete/tap`
   - `brew install --cask steipete/tap/codexbar && open -a CodexBar`
@@ -100,7 +98,7 @@ After publishing the GitHub release, update the tap cask + Linux CLI formula (se
 - [ ] Changelog sanity: single top-level title, no duplicate version sections, versions strictly descending with no repeats
 - [ ] Release pages: title format `CodexBar <version>`, notes as Markdown list (no stray blank lines)
 - [ ] Changelog/release notes are user-facing: avoid internal-only bullets (build numbers, script bumps) and keep entries concise
-- [ ] Download uploaded `CodexBar-<ver>.zip`, unzip via `ditto`, run, and verify signature (`spctl -a -t exec -vv CodexBar.app` + `stapler validate`)
+- [ ] Download uploaded `CodexBar-macos-universal-<ver>.zip`, unzip via `ditto`, run, and verify signature (`spctl -a -t exec -vv CodexBar.app` + `stapler validate`)
 - [ ] Confirm `appcast.xml` points to the new zip/version and renders the HTML release notes (not escaped tags)
 - [ ] Verify on GitHub Releases: assets present (zip, appcast), release notes match changelog, version/tag correct
 - [ ] Open the appcast URL in browser to confirm the new entry is visible and enclosure URL is reachable
diff --git a/docs/abacus.md b/docs/abacus.md
new file mode 100644
index 000000000..c4f9893ae
--- /dev/null
+++ b/docs/abacus.md
@@ -0,0 +1,67 @@
+---
+summary: "Abacus AI provider: browser cookie auth for ChatLLM/RouteLLM compute credit tracking."
+read_when:
+  - Adding or modifying the Abacus AI provider
+  - Debugging Abacus cookie imports or API responses
+  - Adjusting Abacus usage display or credit formatting
+---
+
+# Abacus AI Provider
+
+The Abacus AI provider tracks ChatLLM/RouteLLM compute credit usage via browser cookie authentication.
+
+## Features
+
+- **Monthly credit gauge**: Shows credits used vs. plan total with pace tick indicator.
+- **Reserve/deficit estimate**: Projected credit usage through the billing cycle.
+- **Reset timing**: Displays the next billing date from the Abacus billing API.
+- **Subscription tiers**: Detects Basic and Pro plans.
+- **Cookie auth**: Automatic browser cookie import (Safari, Chrome, Firefox) or manual cookie header.
+
+## Setup
+
+1. Open **Settings → Providers**
+2. Enable **Abacus AI**
+3. Log in to [apps.abacus.ai](https://apps.abacus.ai) in your browser
+4. Cookie import happens automatically on the next refresh
+
+### Manual cookie mode
+
+1. In **Settings → Providers → Abacus AI**, set Cookie source to **Manual**
+2. Open your browser DevTools on `apps.abacus.ai`, copy the `Cookie:` header from any API request
+3. Paste the header into the cookie field in CodexBar
+
+## How it works
+
+Two API endpoints are fetched concurrently using browser session cookies:
+
+- `GET https://apps.abacus.ai/api/_getOrganizationComputePoints` — returns `totalComputePoints` and `computePointsLeft` (values are in credit units, no conversion needed).
+- `POST https://apps.abacus.ai/api/_getBillingInfo` — returns `nextBillingDate` (ISO 8601) and `currentTier` (plan name).
+
+Cookie domains: `abacus.ai`, `apps.abacus.ai`. Session cookies are validated before use (anonymous/marketing-only cookie sets are skipped). Valid cookies are cached in Keychain and reused until the session expires.
+
+The billing cycle window is set to 30 days for pace calculation.
+
+## CLI
+
+```bash
+codexbar usage --provider abacusai --verbose
+```
+
+## Troubleshooting
+
+### "No Abacus AI session found"
+
+Log in to [apps.abacus.ai](https://apps.abacus.ai) in a supported browser (Safari, Chrome, Firefox), then refresh CodexBar.
+
+### "Abacus AI session expired"
+
+Re-login to Abacus AI. The cached cookie will be cleared automatically and a fresh one imported on the next refresh.
+
+### "Unauthorized"
+
+Your session cookies may be invalid. Log out and back in to Abacus AI, or paste a fresh `Cookie:` header in manual mode.
+
+### Credits show 0
+
+Verify that your Abacus AI account has an active subscription with compute credits allocated.
diff --git a/docs/alibaba-coding-plan.md b/docs/alibaba-coding-plan.md
new file mode 100644
index 000000000..480204803
--- /dev/null
+++ b/docs/alibaba-coding-plan.md
@@ -0,0 +1,73 @@
+---
+summary: "Alibaba Coding Plan provider data sources: browser-session baseline, secondary API mode, and honest quota fallback behavior."
+read_when:
+  - Debugging Alibaba Coding Plan API key handling or quota parsing
+  - Updating Alibaba Coding Plan endpoints or region behavior
+  - Adjusting Alibaba Coding Plan provider UI/menu behavior
+---
+
+# Alibaba Coding Plan provider
+
+Alibaba Coding Plan supports both browser-session and API-key paths, but the supported baseline is browser-session fetching from the Model Studio/Bailian console. API mode remains secondary and may still be limited by account/region behavior.
+
+## Cookie sources (web mode)
+1) Automatic browser import (Model Studio/Bailian cookies).
+2) Manual cookie header from Settings.
+3) Environment variable `ALIBABA_CODING_PLAN_COOKIE`.
+
+When the RPC endpoint returns `ConsoleNeedLogin`, CodexBar treats that as a console-session requirement. In API mode it is surfaced as an explicit API-path limitation; in `auto` mode fallback remains observable through the fetch-attempt chain.
+
+## Token sources (fallback order)
+1) Config token (`~/.codexbar/config.json` -> `providers[].apiKey` for provider `alibaba`).
+2) Environment variables, checked in order:
+   - `ALIBABA_CODING_PLAN_API_KEY`
+   - `ALIBABA_QWEN_API_KEY`
+   - `DASHSCOPE_API_KEY`
+
+## Region + endpoint behavior
+- International host: `https://modelstudio.console.alibabacloud.com`
+- China mainland host: `https://bailian.console.aliyun.com`
+- Quota request path:
+  - `POST /data/api.json?action=zeldaEasy.broadscope-bailian.codingPlan.queryCodingPlanInstanceInfoV2&product=broadscope-bailian&api=queryCodingPlanInstanceInfoV2`
+- Region is selected in Preferences -> Providers -> Alibaba Coding Plan -> Gateway region.
+- Auto fallback behavior:
+  - If International fails with credential/host-style API errors, CodexBar retries China mainland once.
+
+### CN API-key limitation (known)
+- In some China mainland accounts/environments, the current Alibaba `/data/api.json` coding-plan endpoint can still return console-login-required responses (`ConsoleNeedLogin`) even when an API key is configured.
+- In that case, API-key mode may not be functionally available for that account/endpoint, and web session mode is required.
+- CodexBar now surfaces this as an API error in API mode (instead of a cookie-login-required message) so the limitation is explicit.
+
+## Overrides
+- Override host base: `ALIBABA_CODING_PLAN_HOST`
+  - Example: `ALIBABA_CODING_PLAN_HOST=modelstudio.console.alibabacloud.com`
+- Override full quota URL: `ALIBABA_CODING_PLAN_QUOTA_URL`
+  - Example: `ALIBABA_CODING_PLAN_QUOTA_URL=https://example.com/data/api.json?action=...`
+
+## Request headers
+- `Authorization: Bearer <api_key>`
+- `x-api-key: <api_key>`
+- `X-DashScope-API-Key: <api_key>`
+- `Content-Type: application/json`
+- `Accept: application/json`
+
+## Parsing + mapping
+- Plan name (best effort):
+  - `codingPlanInstanceInfos[].planName` / `instanceName` / `packageName`
+- Quota windows (from `codingPlanQuotaInfo`):
+  - `per5HourUsedQuota` + `per5HourTotalQuota` + `per5HourQuotaNextRefreshTime` -> primary (5-hour)
+  - `perWeekUsedQuota` + `perWeekTotalQuota` + `perWeekQuotaNextRefreshTime` -> secondary (weekly)
+  - `perBillMonthUsedQuota` + `perBillMonthTotalQuota` + `perBillMonthQuotaNextRefreshTime` -> tertiary (monthly)
+- Each window maps to `usedPercent = used / total * 100` (bounded to valid range).
+- If the payload proves the plan is active but does not expose defensible quota counters, CodexBar preserves the visible plan state without manufacturing a normal quantitative quota window.
+- If neither real counters nor a defensible active-plan fallback signal exist, parsing fails explicitly instead of degrading to fake `0%` usage.
+
+## Dashboard links
+- International console: `https://modelstudio.console.alibabacloud.com/ap-southeast-1/?tab=globalset#/efm/coding_plan`
+- China mainland console: `https://bailian.console.aliyun.com/cn-beijing/?tab=model#/efm/coding_plan`
+
+## Key files
+- `Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanProviderDescriptor.swift`
+- `Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanUsageFetcher.swift`
+- `Sources/CodexBarCore/Providers/Alibaba/AlibabaCodingPlanUsageSnapshot.swift`
+- `Sources/CodexBar/Providers/Alibaba/AlibabaCodingPlanProviderImplementation.swift`
diff --git a/docs/alibaba-token-plan.md b/docs/alibaba-token-plan.md
new file mode 100644
index 000000000..1d8884605
--- /dev/null
+++ b/docs/alibaba-token-plan.md
@@ -0,0 +1,61 @@
+---
+summary: "Alibaba Token Plan provider notes: Bailian cookie auth, subscription summary endpoint, and setup."
+read_when:
+  - Adding or modifying the Alibaba Token Plan provider
+  - Debugging Alibaba Token Plan cookie import or subscription summary fetching
+  - Explaining Alibaba Token Plan setup and limitations to users
+---
+
+# Alibaba Token Plan Provider
+
+The Alibaba Token Plan provider tracks Bailian token-plan credits from the Alibaba Cloud console.
+
+## Features
+
+- **Token-plan usage display**: Shows used, total, and remaining token-plan credits when Bailian returns quota totals.
+- **Cookie-based auth**: Uses browser cookies or a pasted `Cookie:` header.
+- **Expiry awareness**: Shows the nearest token-plan expiration date as the reset time when the subscription summary includes it.
+
+## Setup
+
+1. Open **Settings -> Providers**
+2. Enable **Alibaba Token Plan**
+3. Leave **Cookie source** on **Auto** (recommended)
+
+### Manual cookie import (optional)
+
+1. Open `https://bailian.console.aliyun.com/cn-beijing?tab=plan#/efm/subscription/token-plan`
+2. Copy a `Cookie:` header from your browser's Network tab
+3. Paste it into **Alibaba Token Plan -> Cookie source -> Manual**
+
+## How it works
+
+- Fetches `POST https://bailian.console.aliyun.com/data/api.json?action=GetSubscriptionSummary&product=BssOpenAPI-V3&_tag=`
+- Sends form-encoded fields for `product=BssOpenAPI-V3`, `action=GetSubscriptionSummary`, `region=cn-beijing`, and `params={"ProductCode":"sfm_tokenplanteams_dp_cn"}`
+- Uses Alibaba/Bailian login cookies, with `sec_token` added when it can be resolved from the dashboard page
+- Parses `TotalValue`, `TotalSurplusValue`, `TotalCount`, and `NearestExpireDate` from the subscription summary response
+- Supports `ALIBABA_TOKEN_PLAN_HOST` and `ALIBABA_TOKEN_PLAN_QUOTA_URL` for testing endpoint overrides
+
+## Limitations
+
+- Alibaba Token Plan currently supports the Bailian web-cookie path only
+- API-key auth, token cost summaries, and automatic status polling are not supported
+- The default endpoint is the China mainland Bailian token-plan subscription summary
+
+## Troubleshooting
+
+### "No Alibaba Token Plan session cookies found in browsers"
+
+Log in at `https://bailian.console.aliyun.com/cn-beijing?tab=plan#/efm/subscription/token-plan` in Chrome, then refresh CodexBar.
+
+### "Alibaba Token Plan cookie header is invalid"
+
+The pasted header is empty or not a valid Cookie header. Re-copy the request from the Token Plan page after logging in again.
+
+### "Alibaba Token Plan login required"
+
+Your Bailian session is stale. Sign out and back in on the Bailian console, then refresh CodexBar.
+
+### Empty subscription summary
+
+If Bailian returns `TotalCount: 0`, CodexBar keeps the provider visible but does not show a quota window because the account has no active token-plan subscription summary to graph.
diff --git a/docs/antigravity.md b/docs/antigravity.md
index ab99af30f..5ba4978da 100644
--- a/docs/antigravity.md
+++ b/docs/antigravity.md
@@ -1,14 +1,32 @@
 ---
-summary: "Antigravity provider notes: local LSP probing, port discovery, quota parsing, and UI mapping."
+summary: "Antigravity provider notes: OAuth usage, multi-account switching, local LSP probing, and quota parsing."
 read_when:
   - Adding or modifying the Antigravity provider
   - Debugging Antigravity port detection or quota parsing
   - Adjusting Antigravity menu labels or model mapping
+  - Working with Antigravity OAuth or account switching
 ---
 
 # Antigravity provider
 
-Antigravity is a local-only provider. We talk directly to the Antigravity language server running on the same machine.
+Antigravity supports local IDE probing and Google OAuth-backed remote usage. The OAuth path can store multiple Google accounts through the shared token-account switcher.
+
+## OAuth account switching
+
+- Login still uses Antigravity's Google OAuth client, discovered from `Antigravity.app` or overridden with `ANTIGRAVITY_OAUTH_CLIENT_ID` and `ANTIGRAVITY_OAUTH_CLIENT_SECRET`.
+- A successful login writes the latest shared credentials to `~/.codexbar/antigravity/oauth_creds.json` and upserts a token-account entry for the Google account.
+- Each token-account entry stores serialized `AntigravityOAuthCredentials` and is injected into remote fetches through `ANTIGRAVITY_OAUTH_CREDENTIALS_JSON`.
+- When a token account is selected, the OAuth fetcher uses that account before falling back to the shared credentials file.
+- The menu action is labeled `Add Account...`; switching between saved accounts uses the existing segmented/stacked token-account menu UI.
+
+## Remote OAuth data sources
+
+- `POST https://cloudcode-pa.googleapis.com/v1internal:loadCodeAssist`
+- `POST https://cloudcode-pa.googleapis.com/v1internal:onboardUser`
+- `POST https://cloudcode-pa.googleapis.com/v1internal:fetchAvailableModels`
+- `POST https://cloudcode-pa.googleapis.com/v1internal:retrieveUserQuota`
+
+## Local data sources + fallback order
 
 ## Data sources + fallback order
 
diff --git a/docs/augment.md b/docs/augment.md
index b7f5fcdc9..0790ebdd6 100644
--- a/docs/augment.md
+++ b/docs/augment.md
@@ -79,9 +79,9 @@ When the CLI is unavailable or not authenticated, CodexBar falls back to browser
 
 The provider includes an automatic session keepalive system:
 
-- **Check Interval**: Every 5 minutes
+- **Check Interval**: Every 1 minute
 - **Refresh Buffer**: Refreshes 5 minutes before cookie expiration
-- **Rate Limiting**: Minimum 2 minutes between refresh attempts
+- **Rate Limiting**: Minimum 1 minute between refresh attempts
 - **Session Cookies**: Refreshed every 30 minutes (no expiration date)
 
 This ensures your session stays active without manual intervention.
@@ -170,7 +170,7 @@ This prevents cookies from other subdomains being sent to the API.
 
 ### Session Refresh Mechanism
 
-1. Keepalive checks cookie expiration every 5 minutes
+1. Keepalive checks cookie expiration every 1 minute
 2. If expiration is within 5 minutes, triggers refresh
 3. Pings `/api/auth/session` to trigger cookie update
 4. Waits 1 second for browser to update cookies
diff --git a/docs/bedrock.md b/docs/bedrock.md
new file mode 100644
index 000000000..6cb6d7fa4
--- /dev/null
+++ b/docs/bedrock.md
@@ -0,0 +1,112 @@
+---
+summary: "AWS Bedrock provider: Cost Explorer credentials, budget tracking, and usage display."
+read_when:
+  - Setting up AWS Bedrock usage tracking
+  - Debugging Bedrock Cost Explorer fetches
+  - Updating Bedrock credentials, region, or budget handling
+---
+
+# AWS Bedrock provider
+
+CodexBar reads AWS Cost Explorer for Bedrock spend and can compare the current month against an optional budget.
+
+## Authentication
+
+CodexBar supports two authentication modes, selected in Preferences → Providers → AWS Bedrock → Authentication.
+
+### Access keys (default)
+
+Provide static AWS credentials through Settings or the environment inherited by CodexBar/the CLI:
+
+```bash
+export AWS_ACCESS_KEY_ID="..."
+export AWS_SECRET_ACCESS_KEY="..."
+export AWS_REGION="us-east-1"
+```
+
+Optional:
+
+```bash
+export AWS_SESSION_TOKEN="..."
+export CODEXBAR_BEDROCK_BUDGET="250"
+```
+
+### AWS profile
+
+Resolve credentials from a named profile in `~/.aws/config` / `~/.aws/credentials` instead of pasting keys. Set the
+profile name in Settings (or via `AWS_PROFILE`). CodexBar shells out to the AWS CLI
+(`aws configure export-credentials --profile <name>`), so this works with **SSO**, **assume-role**,
+`credential_process`, and MFA-cached profiles — not just static credentials.
+
+Requirements:
+
+- AWS CLI v2 on your `PATH` (CodexBar also checks `/opt/homebrew/bin/aws`, `/usr/local/bin/aws`, and `~/.local/bin/aws`).
+  Override the location with `AWS_CLI_PATH` if it lives elsewhere.
+- For SSO profiles, an active session (`aws sso login --profile <name>`). Credentials are resolved fresh on each
+  refresh; the AWS CLI caches the SSO token, so this does not re-prompt unless the session has expired.
+
+The profile's region is read automatically (`aws configure get region`); leave the Region field blank to use it, or set
+`AWS_REGION` / the Region field to override.
+
+Relevant environment variables:
+
+```bash
+export CODEXBAR_BEDROCK_AUTH_MODE="profile"   # set automatically by Settings; "keys" or "profile"
+export AWS_PROFILE="work"
+export AWS_CLI_PATH="/opt/homebrew/bin/aws"   # optional override
+```
+
+The AWS identity (from either mode) must have permission to call Cost Explorer APIs, including `ce:GetCostAndUsage`.
+
+## Data source
+
+- Service: AWS Cost Explorer.
+- Region: `AWS_REGION` or `AWS_DEFAULT_REGION`, defaulting to `us-east-1`.
+- Usage: current-month Bedrock spend and historical daily cost buckets.
+- Budget: `CODEXBAR_BEDROCK_BUDGET`, when set to a positive dollar amount.
+- Test override: `CODEXBAR_BEDROCK_API_URL` replaces the Cost Explorer endpoint.
+
+## Display
+
+- Shows month-to-date Bedrock spend.
+- Shows budget progress when a budget is configured.
+- Reuses the shared inline dashboard for daily cost history when enough buckets are available.
+
+## CLI
+
+```bash
+codexbar --provider bedrock --source api
+codexbar --provider bedrock --format json --pretty
+```
+
+## Troubleshooting
+
+### "No AWS Bedrock cost data available"
+
+- Confirm the credentials are visible to CodexBar.
+- Confirm the AWS account has Cost Explorer enabled.
+- Confirm the IAM principal can call `ce:GetCostAndUsage`.
+- If using temporary credentials, include `AWS_SESSION_TOKEN`.
+- In profile mode, confirm the AWS CLI is installed (or set `AWS_CLI_PATH`) and that the profile name is correct.
+
+### "AWS profile session expired"
+
+The profile's SSO/temporary session has expired. Run `aws sso login --profile <name>` (or refresh the underlying
+credentials) and retry.
+
+### "AWS CLI not found"
+
+Profile mode requires AWS CLI v2. Install it (e.g. `brew install awscli`) or point CodexBar at the binary with
+`AWS_CLI_PATH`.
+
+### Wrong region
+
+Set `AWS_REGION` or `AWS_DEFAULT_REGION`. Bedrock usage is regional, but Cost Explorer itself is account-level; CodexBar still needs a signing region for the request.
+
+## Key files
+
+- `Sources/CodexBarCore/Providers/Bedrock/BedrockProviderDescriptor.swift`
+- `Sources/CodexBarCore/Providers/Bedrock/BedrockSettingsReader.swift`
+- `Sources/CodexBarCore/Providers/Bedrock/BedrockProfileCredentialProvider.swift`
+- `Sources/CodexBarCore/Providers/Bedrock/BedrockUsageStats.swift`
+- `Sources/CodexBarCore/Providers/Bedrock/BedrockAWSSigner.swift`
diff --git a/docs/claude-comparison-since-0.18.0beta2.md b/docs/claude-comparison-since-0.18.0beta2.md
index b2797a7fa..6d7f665bc 100644
--- a/docs/claude-comparison-since-0.18.0beta2.md
+++ b/docs/claude-comparison-since-0.18.0beta2.md
@@ -14,7 +14,7 @@ Focus areas:
 ## High-level Changes
 
 - OAuth moved from "load token and fail if expired" to "auto-refresh when expired".
-- Claude keychain reads now use stricter non-interactive probes (`kSecUseAuthenticationUIFail`) before any promptable path.
+- Claude keychain reads now use stricter non-interactive probes (`LAContext.interactionNotAllowed`) before any promptable path.
 - New Claude keychain prompt cooldown gate: 6-hour suppression after denial.
 - New OAuth refresh failure gate:
   - `invalid_grant` => terminal block until auth fingerprint changes.
diff --git a/docs/claude.md b/docs/claude.md
index 22737efd9..ecafe1786 100644
--- a/docs/claude.md
+++ b/docs/claude.md
@@ -9,18 +9,43 @@ read_when:
 
 # Claude provider
 
-Claude supports three usage data paths plus local cost usage. Source selection is automatic unless debug override is set.
+Claude supports three usage data paths plus local cost usage. The main provider pipeline uses runtime-specific
+automatic selection, but the codebase still has multiple active Claude `.auto` decision sites while the refactor is
+pending. For the exact current-state parity contract, see
+[docs/refactor/claude-current-baseline.md](refactor/claude-current-baseline.md).
+
+When an Anthropic Admin API key is configured, Claude can also show organization-level spend/messages/tokens in the
+same inline dashboard pattern used by the OpenAI API provider.
 
 ## Data sources + selection order
 
 ### Default selection (debug menu disabled)
-1) OAuth API (if Claude CLI credentials include `user:profile` scope).
-2) CLI PTY (`claude`), if OAuth is unavailable or fails.
-3) Web API (browser cookies, `sessionKey`), if OAuth + CLI are unavailable or fail.
+- If an Admin API key is configured, the Admin API strategy is used for Claude API spend/usage.
+- App runtime main pipeline: OAuth API → CLI PTY → Web API.
+- CLI runtime main pipeline: Web API → CLI PTY.
+- Explicit picker modes (OAuth/Web/CLI) bypass automatic fallback.
+- A lower-level direct Claude fetcher still contains a separate `.auto` order. That inconsistency is tracked in
+  [docs/refactor/claude-current-baseline.md](refactor/claude-current-baseline.md).
 
 Usage source picker:
 - Preferences → Providers → Claude → Usage source (Auto/OAuth/Web/CLI).
 
+Admin API key setup:
+- Preferences → Providers → Claude → Admin API key, stored in `~/.codexbar/config.json`.
+- CLI/env: `printf '%s' "$ANTHROPIC_ADMIN_KEY" | codexbar config set-api-key --provider claude --stdin`.
+- Token accounts can also hold `sk-ant-admin...` keys; they route to the Admin API instead of cookie/OAuth usage.
+- Environment fallback: `ANTHROPIC_ADMIN_KEY`.
+
+## Admin API
+- Key prefix: `sk-ant-admin...`.
+- Endpoints:
+  - `/v1/organizations/cost_report`
+  - `/v1/organizations/usage_report/messages`
+- Output:
+  - Today/7d/30d spend and message/token summaries.
+  - Inline 30-day dashboard chart when daily buckets are present.
+  - Identity login method: `Admin API`.
+
 ## Keychain prompt policy (Claude OAuth)
 - Preferences → Providers → Claude → Keychain prompt policy.
 - Options:
@@ -37,8 +62,9 @@ Usage source picker:
 
 ## OAuth API (preferred)
 - Credentials:
-  - Keychain service: `Claude Code-credentials` (primary on macOS).
+  - CodexBar OAuth cache when available.
   - File fallback: `~/.claude/.credentials.json`.
+  - Claude CLI Keychain bootstrap/repair fallback: `Claude Code-credentials`.
 - Requires `user:profile` scope (CLI tokens with only `user:inference` cannot call usage).
 - Endpoint:
   - `GET https://api.anthropic.com/api/oauth/usage`
@@ -47,18 +73,24 @@ Usage source picker:
   - `anthropic-beta: oauth-2025-04-20`
 - Mapping:
   - `five_hour` → session window.
-  - `seven_day` → weekly window.
+  - `seven_day` → weekly window; also becomes the primary fallback when `five_hour` is absent or has no utilization.
   - `seven_day_sonnet` / `seven_day_opus` → model-specific weekly window.
+  - `seven_day_routines` / `seven_day_cowork` → Daily Routines extra window.
+  - Claude Design/Omelette keys are ignored because Claude Design shares the main Claude usage limit.
   - `extra_usage` → Extra usage cost (monthly spend/limit).
-- Plan inference: `rate_limit_tier` from credentials maps to Max/Pro/Team/Enterprise.
+- Successful OAuth login enables Claude and selects OAuth as the usage source.
+- Plan inference: `subscriptionType` is preferred when present; `rate_limit_tier` falls back to
+  Max/Pro/Team/Enterprise.
 
 ## Web API (cookies)
 - Preferences → Providers → Claude → Cookie source (Automatic or Manual).
 - Manual mode accepts a `Cookie:` header from a claude.ai request.
 - Multi-account manual tokens: add entries to `~/.codexbar/config.json` (`tokenAccounts`) and set Claude cookies to
   Manual. The menu can show all accounts stacked or a switcher bar (Preferences → Advanced → Display).
-- Claude token accounts accept either `sessionKey` cookies or OAuth access tokens (`sk-ant-oat...`). OAuth tokens use
-  the Anthropic OAuth usage endpoint; to force cookie mode, paste `sessionKey=<value>` or a full `Cookie:` header.
+- Claude token accounts accept either `sessionKey` cookies or OAuth access tokens (`sk-ant-oat...`). OAuth-token
+  accounts route to the OAuth path and disable cookie mode; session-key or cookie-header accounts stay in manual
+  cookie mode. The exact edge-routing rules are documented in
+  [docs/refactor/claude-current-baseline.md](refactor/claude-current-baseline.md).
 - Cookie source order:
   1) Safari: `~/Library/Cookies/Cookies.binarycookies`
   2) Chrome/Chromium forks: `~/Library/Application Support/Google/Chrome/*/Cookies`
@@ -75,12 +107,15 @@ Usage source picker:
   - `GET https://claude.ai/api/account` → email + plan hints.
 - Outputs:
   - Session + weekly + model-specific percent used.
+  - Daily Routines extra window when returned by the usage API.
   - Extra usage spend/limit (if enabled).
   - Account email + inferred plan.
 
 ## CLI PTY (fallback)
 - Runs `claude` in a PTY session (`ClaudeCLISession`).
 - Default behavior: exit after each probe; Debug → "Keep CLI sessions alive" keeps it running between probes.
+- Probe working directory: `~/Library/Application Support/CodexBar/ClaudeProbe` with local Claude settings that disable
+  deep-link URL handler registration during headless probes.
 - Command flow:
   1) Start CLI with `--allowed-tools ""` (no tools).
   2) Auto-respond to first-run prompts (trust files, workspace, telemetry).
@@ -94,17 +129,23 @@ Usage source picker:
 
 ## Cost usage (local log scan)
 - Source roots:
-  - `$CLAUDE_CONFIG_DIR` (comma-separated), each root uses `<root>/projects`.
-  - Fallback roots:
-    - `~/.config/claude/projects`
-    - `~/.claude/projects`
-- Files: `**/*.jsonl` under the project roots.
+  - Native Claude logs:
+    - `$CLAUDE_CONFIG_DIR` (comma-separated), each root uses `<root>/projects`.
+    - Fallback roots:
+      - `~/.config/claude/projects`
+      - `~/.claude/projects`
+  - Supported pi sessions:
+    - `~/.pi/agent/sessions/**/*.jsonl`
+- Files: `**/*.jsonl` under the native project roots plus supported pi session files.
 - Parsing:
-  - Lines with `type: "assistant"` and `message.usage`.
+  - Native Claude logs parse lines with `type: "assistant"` and `message.usage`.
   - Uses per-model token counts (input, cache read/create, output).
   - Deduplicates streaming chunks by `message.id + requestId` (usage is cumulative per chunk).
+  - pi sessions attribute `anthropic` assistant usage to Claude and bucket it by assistant-turn timestamp, so a single pi
+    session can contribute to multiple models/days.
 - Cache:
-  - `~/Library/Caches/CodexBar/cost-usage/claude-v1.json`
+  - Native + merged provider cache: `~/Library/Caches/CodexBar/cost-usage/claude-v2.json`
+  - pi session cache: `~/Library/Caches/CodexBar/cost-usage/pi-sessions-v1.json`
 
 ## Key files
 - OAuth: `Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/*`
@@ -112,4 +153,6 @@ Usage source picker:
 - CLI PTY: `Sources/CodexBarCore/Providers/Claude/ClaudeStatusProbe.swift`,
   `Sources/CodexBarCore/Providers/Claude/ClaudeCLISession.swift`
 - Cost usage: `Sources/CodexBarCore/CostUsageFetcher.swift`,
+  `Sources/CodexBarCore/PiSessionCostScanner.swift`,
+  `Sources/CodexBarCore/PiSessionCostCache.swift`,
   `Sources/CodexBarCore/Vendored/CostUsage/*`
diff --git a/docs/cli-configuration.md b/docs/cli-configuration.md
new file mode 100644
index 000000000..cdd060826
--- /dev/null
+++ b/docs/cli-configuration.md
@@ -0,0 +1,101 @@
+---
+summary: "CodexBar CLI configuration commands for provider toggles, API keys, and isolated config files."
+read_when:
+  - Using codexbar config from scripts or CI
+  - Enabling or disabling providers without opening Settings
+  - Storing provider API keys from the command line
+---
+
+# CLI configuration
+
+`codexbar config` edits the same `~/.codexbar/config.json` file used by the app's Settings → Providers pane.
+The CLI writes the file with `0600` permissions.
+
+## Providers
+
+List persistent provider toggles:
+
+```bash
+codexbar config providers
+codexbar config providers --json --pretty
+```
+
+Enable or disable a provider:
+
+```bash
+codexbar config enable --provider grok
+codexbar config disable --provider cursor
+```
+
+These are persistent app/CLI settings. They are different from `codexbar usage --provider grok`, which is a one-shot
+command override and does not edit config.
+
+If every provider is disabled, `codexbar usage` with no `--provider` prints no text output, and
+`codexbar usage --json` prints `[]`. Passing `--provider <name>` still fetches that provider for the one command.
+
+## API keys
+
+API keys are stored under the provider entry in config:
+
+```bash
+printf '%s' "$ELEVENLABS_API_KEY" | codexbar config set-api-key --provider elevenlabs --stdin
+```
+
+`set-api-key` enables the provider by default. Add `--no-enable` when you only want to save the key:
+
+```bash
+printf '%s' "$OPENROUTER_API_KEY" | codexbar config set-api-key --provider openrouter --stdin --no-enable
+```
+
+Useful examples:
+
+```bash
+printf '%s' "$OPENAI_ADMIN_KEY" | codexbar config set-api-key --provider openai --stdin
+printf '%s' "$ANTHROPIC_ADMIN_KEY" | codexbar config set-api-key --provider claude --stdin
+printf '%s' "$DEEPGRAM_API_KEY" | codexbar config set-api-key --provider deepgram --stdin
+printf '%s' "$GROQ_API_KEY" | codexbar config set-api-key --provider groq --stdin
+printf '%s' "$LLM_PROXY_API_KEY" | codexbar config set-api-key --provider llmproxy --stdin
+printf '%s' "$Z_AI_API_KEY" | codexbar config set-api-key --provider zai --stdin
+```
+
+Only providers that consume config-backed API keys accept this command. Admin API providers may require a key with
+organization/usage permissions, not a normal inference key. Browser/OAuth providers such as Grok use their own provider
+sessions instead of an xAI API key for CodexBar's billing view, so enable them with
+`codexbar config enable --provider grok`.
+
+LLM Proxy also needs a base URL. Use `LLM_PROXY_BASE_URL` for CLI runs, or add `"enterpriseHost"` to the provider entry
+in `~/.codexbar/config.json`.
+
+## Isolated config files
+
+For tests, demos, and CI, point CodexBar at a temporary config file:
+
+```bash
+export CODEXBAR_CONFIG=/tmp/codexbar-config.json
+codexbar config enable --provider grok
+codexbar config providers --json --pretty
+```
+
+The override applies to both reads and writes for the current process environment.
+
+## Cost history window
+
+The app setting controls the menu's local cost-history window. For one-off CLI reports, pass `--days`:
+
+```bash
+codexbar cost --provider codex --days 90
+codexbar cost --provider claude --days 180 --format json --pretty
+```
+
+The accepted range is 1...365 days.
+
+## Validation
+
+After hand-editing config:
+
+```bash
+codexbar config validate
+codexbar config dump --pretty
+```
+
+`dump` prints normalized config, including providers omitted from a hand-written file.
diff --git a/docs/cli.md b/docs/cli.md
index a13c8f830..c9a010152 100644
--- a/docs/cli.md
+++ b/docs/cli.md
@@ -8,21 +8,23 @@ read_when:
 
 # CodexBar CLI
 
-A lightweight Commander-based CLI that mirrors the menubar app’s data paths (Codex web/RPC → PTY fallback; Claude web by default with CLI fallback and OAuth debug).
+A lightweight Commander-based CLI that mirrors the menu bar app’s provider fetchers and config file.
 Use it when you need usage numbers in scripts, CI, or dashboards without UI.
 
 ## Install
 - In the app: **Preferences → Advanced → Install CLI**. This symlinks `CodexBarCLI` to `/usr/local/bin/codexbar` and `/opt/homebrew/bin/codexbar`.
-- From the repo: `./bin/install-codexbar-cli.sh` (same symlink targets).
+- From the repo, after installing `CodexBar.app` in `/Applications`: `./bin/install-codexbar-cli.sh` (same symlink targets).
 - Manual: `ln -sf "/Applications/CodexBar.app/Contents/Helpers/CodexBarCLI" /usr/local/bin/codexbar`.
 
-### Linux install
-- Homebrew (Linuxbrew, Linux only): `brew install steipete/tap/codexbar`.
-- Download `CodexBarCLI-v<tag>-linux-<arch>.tar.gz` from GitHub Releases (x86_64 + aarch64).
-- Extract; run `./codexbar` (symlink) or `./CodexBarCLI`.
+### Release tarball install (macOS/Linux)
+- Homebrew formula (Linux today): `brew install steipete/tap/codexbar`.
+- Download release tarballs from GitHub Releases:
+  - macOS: `CodexBarCLI-v<tag>-macos-arm64.tar.gz`, `CodexBarCLI-v<tag>-macos-x86_64.tar.gz`
+  - Linux: `CodexBarCLI-v<tag>-linux-aarch64.tar.gz`, `CodexBarCLI-v<tag>-linux-x86_64.tar.gz`
+- Extract and run `./codexbar` (symlink) or `./CodexBarCLI`.
 
 ```
-tar -xzf CodexBarCLI-v0.17.0-linux-x86_64.tar.gz
+tar -xzf CodexBarCLI-v0.17.0-macos-x86_64.tar.gz
 ./codexbar --version
 ./codexbar usage --format json --pretty
 ```
@@ -39,29 +41,43 @@ See `docs/configuration.md` for the schema.
 ## Command
 - `codexbar` defaults to the `usage` command.
   - `--format text|json` (default: text).
-- `codexbar cost` prints local token cost usage (Claude + Codex) without web/CLI access.
+- `codexbar cost` prints local token cost usage for Claude + Codex without web/CLI access.
   - `--format text|json` (default: text).
   - `--refresh` ignores cached scans.
+- `codexbar serve` starts a foreground localhost-only HTTP server for usage and cost JSON.
+  - `--port <port>` defaults to `8080`.
+  - `--refresh-interval <seconds>` defaults to `60` and controls the in-memory response cache TTL.
+  - v1 binds to `127.0.0.1` only and rejects non-loopback `Host` headers. It does not expose remote bind, auth, CORS, TLS, or daemon mode.
+  - Endpoints: `GET /health`, `GET /usage`, `GET /usage?provider=<id|both|all>`, `GET /cost`, `GET /cost?provider=<id|both|all>`.
+  - Codex usage responses include every visible Codex account, matching the menu bar switcher.
+- `codexbar cache clear` clears local CodexBar caches.
+  - `--cookies` removes cached browser-cookie headers from the CodexBar Keychain cache.
+  - `--cookies --provider <id>` removes browser-cookie cache entries for that provider, including managed Codex account scopes.
+  - `--cost` removes local cost-usage scan caches.
+  - `--all` clears both cookies and cost caches. `--provider` is cookie-only and cannot be combined with `--cost` or `--all`.
 - `--provider <id|both|all>` (default: enabled providers in config; falls back to defaults when missing).
   - Provider IDs live in the config file (see `docs/configuration.md`).
-  - `--account <label>` / `--account-index <n>` / `--all-accounts` (token accounts from config; requires a single provider).
+  - With three or more providers enabled, the default stays scoped to enabled providers; use `--provider all` to query
+    every registered provider.
+  - `--account <label>` / `--account-index <n>` / `--all-accounts` (token accounts from config, or all visible Codex accounts for Codex; requires a single provider).
   - `--no-credits` (hide Codex credits in text output).
   - `--pretty` (pretty-print JSON).
   - `--status` (fetch provider status pages and include them in output).
   - `--antigravity-plan-debug` (debug: print Antigravity planInfo fields to stderr).
 - `--source <auto|web|cli|oauth|api>` (default: `auto`).
-    - `auto` (macOS only): uses browser cookies for Codex + Claude, with CLI fallback only when cookies are missing.
-    - `web` (macOS only): web-only; no CLI fallback.
-    - `cli`: CLI-only (Codex RPC → PTY fallback; Claude PTY).
-    - `oauth`: Claude OAuth only (debug); no fallback. Not supported for Codex.
-    - `api`: API key flow when the provider supports it (z.ai, Gemini, Copilot, Kilo, Kimi K2, MiniMax, Warp, OpenRouter, Synthetic).
-    - Output `source` reflects the strategy actually used (`openai-web`, `web`, `oauth`, `api`, `local`, or provider CLI label).
+    - `auto`: provider-specific fallback order from `docs/providers.md`.
+    - `web` (macOS only): web-only where that provider exposes an explicit web source; no CLI/API fallback.
+    - `cli`: CLI/local-helper source where the provider exposes one (for example Codex RPC/PTy, Claude PTY, Kilo CLI fallback, Kiro CLI, local probes).
+    - `oauth`: OAuth-backed source where supported (Codex, Claude, Vertex AI).
+    - `api`: API-key/token flow when the provider supports it (OpenAI, Claude Admin API, z.ai, Gemini, Alibaba, Copilot, Kilo, Kimi K2, MiniMax, Ollama, Warp, OpenRouter, ElevenLabs, Deepgram, Synthetic, DeepSeek, Moonshot, Doubao, Codebuff, Crof, Venice, AWS Bedrock).
+    - Output `source` reflects the strategy actually used (`openai-web`, `web`, `oauth`, `api`, `local`, `cli`, or provider CLI label).
     - Codex web: OpenAI web dashboard (usage limits, credits remaining, code review remaining, usage breakdown).
         - `--web-timeout <seconds>` (default: 60)
         - `--web-debug-dump-html` (writes HTML snapshots to `/tmp` when data is missing)
     - Claude web: claude.ai API (session + weekly usage, plus account metadata when available).
+    - Command Code web: commandcode.ai browser session cookies for monthly credit usage.
     - Kilo auto: app.kilo.ai API first, then CLI auth fallback (`~/.local/share/kilo/auth.json`) on missing/unauthorized API credentials.
-    - Linux: `web/auto` are not supported; CLI prints an error and exits non-zero.
+    - Linux: web-backed `auto`/`web` modes are not supported; CLI prints an error and exits non-zero for providers that require browser/WebKit access.
 - Global flags: `-h/--help`, `-V/--version`, `-v/--verbose`, `--no-color`, `--log-level <trace|verbose|debug|info|warning|error|critical>`, `--json-output`, `--json-only`.
   - `--json-output`: JSONL logs on stderr (machine-readable).
   - `--json-only`: suppress non-JSON output; errors become JSON payloads.
@@ -79,6 +95,12 @@ Account selection flags require a single provider (`--provider claude`, etc.).
 For Claude, token accounts accept either `sessionKey` cookies or OAuth access tokens (`sk-ant-oat...`).
 OAuth usage requires the `user:profile` scope; inference-only tokens will return an error.
 
+### Codex accounts
+For Codex, `--all-accounts` and `codexbar serve` enumerate the same visible accounts as the app switcher:
+managed Codex accounts from `managed-codex-accounts.json` plus the live system account when present.
+Each fetch is scoped to that account's Codex home before the normal Codex web/OAuth/CLI strategy runs, and JSON
+payloads include the visible account label in `account`.
+
 ### Cost JSON payload
 `codexbar cost --format json` emits an array of payloads (one per provider).
 - `provider`, `source`, `updatedAt`
@@ -91,21 +113,31 @@ OAuth usage requires the `user:profile` scope; inference-only tokens will return
 ```
 codexbar                          # text, respects app toggles
 codexbar --provider claude        # force Claude
-codexbar --provider all           # query all providers (honors your logins/toggles)
+codexbar --provider all           # query all registered providers
 codexbar --format json --pretty   # machine output
 codexbar --format json --provider both
-codexbar cost                     # local cost usage (last 30 days + today)
+codexbar cost                     # local cost usage (default 30-day window + today)
+codexbar cost --days 90           # choose a 1...365 day cost window
 codexbar cost --provider claude --format json --pretty
+codexbar serve --port 8080        # localhost HTTP JSON server
 COPILOT_API_TOKEN=... codexbar --provider copilot --format json --pretty
 codexbar --status                 # include status page indicator/description
+codexbar --provider codex --source oauth --format json --pretty
 codexbar --provider codex --source web --format json --pretty
+codexbar --provider codex --all-accounts --format json --pretty
 codexbar --provider claude --account steipete@gmail.com
 codexbar --provider claude --all-accounts --format json --pretty
 codexbar --json-only --format json --pretty
 codexbar --provider gemini --source api --format json --pretty
 KILO_API_KEY=... codexbar --provider kilo --source api --format json --pretty
+MOONSHOT_API_KEY=... codexbar --provider moonshot --source api --format json --pretty
 codexbar config validate --format json --pretty
 codexbar config dump --pretty
+printf '%s' "$OPENAI_ADMIN_KEY" | codexbar config set-api-key --provider openai --stdin
+codexbar config enable --provider grok
+codexbar cache clear --cookies
+codexbar cache clear --cookies --provider claude
+codexbar cache clear --all --format json --pretty
 ```
 
 ### Sample output (text)
@@ -187,14 +219,18 @@ Note: Using CLI fallback
 
 ## Notes
 - CLI uses the config file for enabled providers, ordering, and secrets.
+- CLI binary discovery checks explicit overrides, captured login PATH, inherited PATH, and known install paths before falling back to an interactive shell probe.
 - Reset lines follow the in-app reset time display setting when available (default: countdown).
 - Text output uses ANSI colors when stdout is a rich TTY; disable with `--no-color` or `NO_COLOR`/`TERM=dumb`.
 - Copilot CLI queries require an API token via config `apiKey` or `COPILOT_API_TOKEN`.
-- Prefer Codex RPC first, then PTY fallback; Claude defaults to web with CLI fallback when cookies are missing.
+- OpenAI API charts require an Admin API key for organization costs/usage. Normal API keys can only use the legacy balance fallback.
+- Claude Admin API charts require an Anthropic Admin API key (`sk-ant-admin...` or `ANTHROPIC_ADMIN_KEY`).
+- Codex CLI `auto` tries the OpenAI web dashboard, then Codex CLI RPC/PTy; the app’s Codex `auto` path prefers OAuth when credentials are present, then CLI.
+- Claude CLI `auto` tries web, then CLI PTY; the app’s Claude `auto` path prefers OAuth, then CLI, then web.
 - Kilo text output splits identity into `Plan:` and `Activity:` lines; in `--source auto`, resolved CLI fetches add
   `Note: Using CLI fallback`.
 - Kilo auto-mode failures include a fallback-attempt summary line in text mode (API attempt then CLI attempt).
-- OpenAI web requires a signed-in `chatgpt.com` session in Safari, Chrome, or Firefox. No passwords are stored; CodexBar reuses cookies.
+- OpenAI web requires a signed-in `chatgpt.com` session in a supported browser or a manual cookie header. No passwords are stored; CodexBar reuses cookies.
 - Safari cookie import may require granting CodexBar Full Disk Access (System Settings → Privacy & Security → Full Disk Access).
 - The `openaiDashboard` JSON field is normally sourced from the app’s cached dashboard snapshot; `--source auto|web` refreshes it live via WebKit using a per-account cookie store.
 - Future: optional `--from-cache` flag to read the menubar app’s persisted snapshot (if/when that file lands).
diff --git a/docs/codebuff.md b/docs/codebuff.md
new file mode 100644
index 000000000..a1737024f
--- /dev/null
+++ b/docs/codebuff.md
@@ -0,0 +1,72 @@
+---
+summary: "Codebuff provider data sources: API token, CLI credentials file, credit balance, and weekly rate limits."
+read_when:
+  - Debugging Codebuff credential resolution or usage parsing
+  - Updating Codebuff credit balance or weekly rate-limit display
+  - Adjusting Codebuff provider UI/menu behavior
+---
+
+# Codebuff
+
+CodexBar surfaces [Codebuff](https://www.codebuff.com) credit balance and
+weekly rate limits next to your other AI providers.
+
+## Data sources
+
+- `POST https://www.codebuff.com/api/v1/usage` — current credit usage,
+  remaining balance, auto top-up state, and the next quota reset date.
+- `GET  https://www.codebuff.com/api/user/subscription` — subscription tier,
+  billing period end, and the weekly rate-limit window (`weeklyUsed` /
+  `weeklyLimit`) when CodexBar is using the CLI credentials-file session token.
+
+Both endpoints use a Bearer token. Codebuff credentials come from the
+environment, the normal CodexBar config file, or the official CLI credentials
+file; the Codebuff provider does not write a separate Keychain credential.
+
+## Authentication
+
+CodexBar resolves the Codebuff API token in this order:
+
+1. `CODEBUFF_API_KEY` environment variable (takes precedence so CI overrides
+   work). API-key tokens fetch credit balance only.
+2. The per-provider API key stored in Settings → Providers → Codebuff (saved
+   in `~/.codexbar/config.json` via the normal CodexBar config flow). API-key
+   tokens fetch credit balance only.
+3. `~/.config/manicode/credentials.json` — the file the official `codebuff`
+   CLI (formerly `manicode`) writes after `codebuff login`. CodexBar reads
+   `default.authToken`, falling back to top-level `authToken`, and uses that
+   session token for both credit balance and subscription metadata.
+
+If none of those is available, Codebuff shows the “missing token” error.
+
+## Credit window mapping
+
+- **Primary row** — credit balance (`usage / quota`), with the "next quota
+  reset" date if provided.
+- **Secondary row** — weekly rate-limit window (`weeklyUsed / weeklyLimit`)
+  shown with a 7-day window.
+
+The account panel shows the Codebuff tier (e.g. "Pro"), remaining balance,
+and whether auto top-up is enabled.
+
+## Troubleshooting
+
+- Run `codebuff login` to refresh `~/.config/manicode/credentials.json`.
+- Override the API base with `CODEBUFF_API_URL` for staging environments.
+- Verify your token works manually:
+
+  ```sh
+  curl -s -X POST -H "Authorization: Bearer $CODEBUFF_API_KEY" \
+    -H 'Content-Type: application/json' -d '{"fingerprintId":"codexbar-usage"}' \
+    https://www.codebuff.com/api/v1/usage
+  ```
+
+## Related files
+
+- `Sources/CodexBarCore/Providers/Codebuff/` — descriptor, fetcher, snapshot,
+  settings reader, error types.
+- `Sources/CodexBar/Providers/Codebuff/` — settings store bridge + macOS
+  settings pane implementation.
+- `Tests/CodexBarTests/CodebuffSettingsReaderTests.swift`,
+  `CodebuffUsageFetcherTests.swift`, and the Codebuff extensions in
+  `ProviderTokenResolverTests.swift`.
diff --git a/docs/codex.md b/docs/codex.md
index c7250939a..7dfeb2245 100644
--- a/docs/codex.md
+++ b/docs/codex.md
@@ -1,38 +1,47 @@
 ---
-summary: "Codex provider data sources: OpenAI web dashboard, Codex CLI RPC/PTY, credits, and local cost usage."
+summary: "Codex provider data sources: OpenAI web dashboard, Codex CLI RPC, credits, and local cost usage."
 read_when:
   - Debugging Codex usage/credits parsing
   - Updating OpenAI dashboard scraping or cookie import
-  - Changing Codex CLI RPC/PTY behavior
+  - Changing Codex CLI RPC or diagnostic PTY behavior
   - Reviewing local cost usage scanning
 ---
 
 # Codex provider
 
-Codex has four usage data paths (OAuth API, web dashboard, CLI RPC, CLI PTY) plus a local cost-usage scanner.
+Codex has three automatic usage data paths (OAuth API, web dashboard, CLI RPC) plus a manual CLI PTY diagnostic parser and a local cost-usage scanner.
 The OAuth API is the default app source when credentials are available; web access is optional for dashboard extras.
 
 ## Data sources + fallback order
 
 ### App default selection (debug menu disabled)
 1) OAuth API (auth.json credentials).
-2) CLI RPC, with CLI PTY fallback when needed.
-3) If OpenAI cookies are enabled (Automatic or Manual), dashboard extras load in parallel and the source label becomes
-   `primary + openai-web`.
+2) CLI RPC through `codex app-server`.
+3) If OpenAI web extras are enabled and a matching OpenAI web session is available (Automatic or Manual cookies),
+   dashboard extras load as a separate follow-up refresh and the source label becomes `primary + openai-web`.
 
 Usage source picker:
 - Preferences → Providers → Codex → Usage source (Auto/OAuth/CLI).
 
 ### CLI default selection (`--source auto`)
 1) OpenAI web dashboard (when available).
-2) Codex CLI RPC, with CLI PTY fallback when needed.
+2) Codex CLI RPC through `codex app-server`.
 
 ### OAuth API (preferred for the app)
 - Reads OAuth tokens from `~/.codex/auth.json` (or `$CODEX_HOME/auth.json`).
 - Refreshes access tokens when `last_refresh` is older than 8 days.
 - Calls `GET https://chatgpt.com/backend-api/wham/usage` (default) with `Authorization: Bearer <token>`.
+- `rate_limit.primary_window` / `secondary_window` map to the session/weekly lanes.
+- `additional_rate_limits[]` (model-specific limits such as GPT-5.3-Codex-Spark) map to named
+  `UsageSnapshot.extraRateWindows` entries (Spark uses a stable `codex-spark` id / `Codex Spark` title).
+  When the field is absent, the snapshot is unchanged.
 
-### OpenAI web dashboard (optional)
+### OpenAI web dashboard (optional, off by default)
+- Enable it in Preferences -> Providers -> Codex -> OpenAI web extras.
+- It exists for dashboard-only extras such as code review remaining, usage breakdown, and credits history.
+- It is intentionally opt-in because it loads `chatgpt.com` in a hidden WebView and can materially increase battery or network usage.
+- OpenAI web battery saver is a separate toggle. When enabled, routine background/settings-driven refreshes are reduced, but explicit manual refreshes still run.
+- OpenAI web battery saver currently defaults to off.
 - Preferences → Providers → Codex → OpenAI cookies (Automatic or Manual).
 - URL: `https://chatgpt.com/codex/settings/usage`.
 - Uses an off-screen `WKWebView` with a per-account `WKWebsiteDataStore`.
@@ -62,26 +71,33 @@ Usage source picker:
 - Errors surfaced:
   - Login required or Cloudflare interstitial.
 
-### Codex CLI RPC (default CLI fallback)
+### Codex CLI RPC (automatic CLI source)
 - Launches local RPC server: `codex -s read-only -a untrusted app-server`.
 - JSON-RPC over stdin/stdout:
   - `initialize` (client name/version)
   - `account/read`
   - `account/rateLimits/read`
+- RPC reads are bounded: initialization has a longer startup budget, and normal requests have a shorter per-method
+  timeout. On timeout, CodexBar terminates the child `codex app-server` process so the stdout reader unwinds instead
+  of leaving refresh stuck indefinitely.
 - Provides:
   - Usage windows (primary + secondary) with reset timestamps.
   - Credits snapshot (balance, hasCredits, unlimited).
   - Account identity (email + plan type) when available.
+- App-server errors are terminal for the CLI strategy, except when Codex includes a recoverable `wham/usage` JSON body in the error text.
+- If macOS blocks or quarantines the `codex` executable, CodexBar records the launch failure and skips background CLI
+  launches for 30 minutes. Use a manual refresh after reinstalling or unblocking `codex` to retry immediately.
+- If managed Codex account login fails after macOS moved `codex` to Trash, first confirm `codex --version` works in
+  Terminal. Check `which -a codex` for stale duplicate installs, then run
+  `npm install -g --include=optional @openai/codex@latest` before retrying Add Account.
 
-### Codex CLI PTY fallback (`/status`)
-- Runs `codex` in a PTY via `TTYCommandRunner`.
-- Default behavior: exit after each probe; Debug → "Keep CLI sessions alive" keeps it running between probes.
-- Sends `/status`, parses the rendered screen:
+### Codex CLI PTY diagnostics (`/status`)
+- Manual/debug parser only; automatic background refresh and `CodexBarCLI usage --source cli` do not launch bare Codex TUI.
+- Kept for explicit diagnostics/parser coverage because bare `codex` TUI can start interactive auth and open browser tabs.
+- Parses rendered `/status` output:
   - `Credits:` line
   - `5h limit` line → percent + reset text
   - `Weekly limit` line → percent + reset text
-- Retry once with a larger terminal size on parse failure (short retry window).
-- Do not retry on timeout; timed-out probes fail fast and wait for the next refresh cycle.
 - Detects update prompts and surfaces a "CLI update needed" error.
 
 ## Account identity resolution (for web matching)
@@ -93,23 +109,32 @@ Usage source picker:
 ## Credits
 - Web dashboard fills credits only when OAuth/CLI do not provide them.
 - CLI RPC: `account/rateLimits/read` → credits balance.
-- CLI PTY fallback: parse `Credits:` from `/status`.
+- CLI PTY diagnostics can still parse `Credits:` from saved/manual `/status` output.
 
 ## Cost usage (local log scan)
 - Source files:
-  - `~/.codex/sessions/YYYY/MM/DD/*.jsonl`
-  - `~/.codex/archived_sessions/*.jsonl` (flat; date inferred from filename when present)
-  - Or `$CODEX_HOME/sessions/...` + `$CODEX_HOME/archived_sessions/...` if `CODEX_HOME` is set.
+  - Native Codex logs:
+    - `~/.codex/sessions/YYYY/MM/DD/*.jsonl`
+    - `~/.codex/archived_sessions/*.jsonl` (flat; date inferred from filename when present)
+    - Or `$CODEX_HOME/sessions/...` + `$CODEX_HOME/archived_sessions/...` if `CODEX_HOME` is set.
+  - Supported pi sessions:
+    - `~/.pi/agent/sessions/**/*.jsonl`
 - Scanner:
-  - Parses `event_msg` token_count entries and `turn_context` model markers.
-  - Computes input/cached/output token deltas and per-model cost.
+  - Native Codex logs parse `event_msg` token_count entries and `turn_context` model markers; when both are present,
+    `turn_context` is authoritative for the model bucket.
+  - pi sessions count assistant-message usage rows and attribute `openai-codex` assistant usage to Codex.
+  - pi assistant usage is bucketed by assistant-turn timestamp, so mixed-model pi sessions can contribute to multiple
+    days/models correctly.
 - Cache:
-  - `~/Library/Caches/CodexBar/cost-usage/codex-v1.json`
-- Window: last 30 days (rolling), with a 60s minimum refresh interval.
+  - Native + merged provider cache: `~/Library/Caches/CodexBar/cost-usage/codex-v2.json`
+  - pi session cache: `~/Library/Caches/CodexBar/cost-usage/pi-sessions-v1.json`
+- Window: configurable 1-365 day rolling history, with a 60s minimum refresh interval.
 
 ## Key files
 - Web: `Sources/CodexBarCore/OpenAIWeb/*`
-- CLI RPC + PTY: `Sources/CodexBarCore/UsageFetcher.swift`,
+- CLI RPC + diagnostic PTY parser: `Sources/CodexBarCore/UsageFetcher.swift`,
   `Sources/CodexBarCore/Providers/Codex/CodexStatusProbe.swift`
 - Cost usage: `Sources/CodexBarCore/CostUsageFetcher.swift`,
+  `Sources/CodexBarCore/PiSessionCostScanner.swift`,
+  `Sources/CodexBarCore/PiSessionCostCache.swift`,
   `Sources/CodexBarCore/Vendored/CostUsage/*`
diff --git a/docs/command-code.md b/docs/command-code.md
new file mode 100644
index 000000000..046c2f3d8
--- /dev/null
+++ b/docs/command-code.md
@@ -0,0 +1,47 @@
+---
+summary: "Command Code provider notes: browser cookie authentication and monthly credit parsing."
+read_when:
+  - Debugging Command Code cookie import or usage parsing
+  - Updating Command Code billing or credit display
+  - Adjusting Command Code provider UI/menu behavior
+---
+
+# Command Code
+
+CodexBar surfaces [Command Code](https://commandcode.ai) monthly USD credits next
+to your other AI coding providers.
+
+## Data source
+
+- `https://api.commandcode.ai` billing endpoints, authenticated with the
+  signed-in Command Code web session.
+- The provider reads monthly credit usage, plan allowance, remaining credits,
+  and billing-cycle reset timing when the account data is available.
+
+## Authentication
+
+Command Code support uses browser cookies or a manually pasted cookie header.
+
+1. Sign in to `https://commandcode.ai` in a supported browser.
+2. Open Settings -> Providers -> Command Code.
+3. Enable Command Code and leave Cookie source on Automatic, or switch to Manual
+   and paste a `Cookie:` header/cURL capture from Command Code.
+
+Automatic import looks for better-auth session cookies from `commandcode.ai`
+and `www.commandcode.ai`. If automatic import cannot find a session, use the
+manual cookie field.
+
+## Display
+
+- The menu bar item and provider card use the Command Code icon and label.
+- The primary row shows monthly credits used/remaining.
+- Widgets do not expose Command Code in the provider picker yet.
+
+## Related files
+
+- `Sources/CodexBarCore/Providers/CommandCode/` - descriptor, cookie import,
+  billing fetcher, snapshot mapping, and plan catalog.
+- `Sources/CodexBar/Providers/CommandCode/` - settings store bridge and
+  provider settings UI.
+- `Tests/CodexBarTests/CommandCode*Tests.swift` - parser, cookie, settings,
+  and icon coverage.
diff --git a/docs/configuration.md b/docs/configuration.md
index fecfd198a..8d463652e 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -8,13 +8,14 @@ read_when:
 
 # Configuration
 
-CodexBar reads a single JSON config file for CLI and app settings.
-Secrets (API keys, cookies, tokens) live here; Keychain is not used.
+CodexBar reads a single JSON config file for CLI and app provider settings.
+API keys, manual cookie headers, source selection, ordering, and token accounts live here. Keychain is still used for runtime cookie caches, browser Safe Storage access, and provider OAuth/device-flow credentials where those flows require it.
 
 ## Location
 - `~/.codexbar/config.json`
+- Override for scripts/tests: set `CODEXBAR_CONFIG=/path/to/config.json`.
 - The directory is created if missing.
-- Permissions are forced to `0600` on macOS and Linux.
+- Permissions are set to `0600` whenever CodexBar writes the file on macOS and Linux.
 
 ## Root shape
 ```json
@@ -28,6 +29,7 @@ Secrets (API keys, cookies, tokens) live here; Keychain is not used.
       "cookieSource": "auto",
       "cookieHeader": null,
       "apiKey": null,
+      "enterpriseHost": null,
       "region": null,
       "workspaceID": null,
       "tokenAccounts": null
@@ -44,14 +46,92 @@ All provider fields are optional unless noted.
 - `source`: preferred source mode.
   - `auto|web|cli|oauth|api`
   - `auto` uses provider-specific fallback order (see `docs/providers.md`).
-  - `api` uses provider API key flow (when supported).
-- `apiKey`: raw API token for providers that support direct API usage.
+  - `api` uses the provider's API-backed mode; only some providers consume the `apiKey` field.
+- `apiKey`: raw API token for providers that support config-backed direct API usage.
+- `enterpriseHost`: provider-specific API host/base URL override. Today this is used by Azure OpenAI, Copilot, and LLM Proxy.
 - `cookieSource`: cookie selection policy.
   - `auto` (browser import), `manual` (use `cookieHeader`), `off` (disable cookies)
 - `cookieHeader`: raw cookie header value (e.g. `key=value; other=...`).
 - `region`: provider-specific region (e.g. `zai`, `minimax`).
-- `workspaceID`: provider-specific workspace ID (e.g. `opencode`).
-- `tokenAccounts`: multi-account tokens for a provider.
+- `workspaceID`: provider-specific workspace/deployment/project ID (e.g. Azure OpenAI deployment, OpenAI API project,
+  `opencode`).
+- `tokenAccounts`: multi-account tokens for providers in `TokenAccountSupportCatalog`.
+
+## Manual cookies
+Use manual cookies when automatic browser import is unavailable, disabled, or too noisy for your setup.
+The app and CLI both read the same `~/.codexbar/config.json`, so a manual cookie saved in the UI is also used by
+`codexbar`, and a cookie written by tooling is shown in the app after reload.
+
+`cookieHeader` expects the HTTP `Cookie:` request header value for the provider origin, not a raw Netscape cookie
+export. In browser DevTools, open the Network tab, select a request for the provider site, and copy the request
+header named `Cookie`. You can paste either the full `Cookie: name=value; other=value` string or just
+`name=value; other=value`.
+
+If you have a Netscape export, convert each non-comment row to `name=value` and join values with `; `. Do not paste
+the raw `# Netscape HTTP Cookie File` text into `cookieHeader`.
+
+Example placeholder config:
+
+```json
+{
+  "version": 1,
+  "providers": [
+    {
+      "id": "example-provider",
+      "enabled": true,
+      "cookieSource": "manual",
+      "cookieHeader": "session=<REDACTED>; other=<REDACTED>"
+    }
+  ]
+}
+```
+
+Validate after editing:
+
+```bash
+codexbar config validate
+codexbar usage --provider example-provider --verbose
+```
+
+CLI shortcuts:
+
+```bash
+codexbar config providers
+codexbar config enable --provider grok
+codexbar config disable --provider cursor
+printf '%s' "$ELEVENLABS_API_KEY" | codexbar config set-api-key --provider elevenlabs --stdin
+printf '%s' "$OPENAI_ADMIN_KEY" | codexbar config set-api-key --provider openai --stdin
+printf '%s' "$GROQ_API_KEY" | codexbar config set-api-key --provider groq --stdin
+printf '%s' "$LLM_PROXY_API_KEY" | codexbar config set-api-key --provider llmproxy --stdin
+```
+
+OpenAI API project scoping uses `workspaceID` in config. This maps to `OPENAI_PROJECT_ID` for Admin API usage and is
+only applied to the configured OpenAI key, not to selected OpenAI token accounts:
+
+```json
+{
+  "id": "openai",
+  "enabled": true,
+  "apiKey": "<OPENAI_ADMIN_KEY>",
+  "workspaceID": "proj_..."
+}
+```
+
+LLM Proxy also needs a base URL. Set `enterpriseHost` in config or `LLM_PROXY_BASE_URL` in the process environment:
+
+```json
+{
+  "id": "llmproxy",
+  "enabled": true,
+  "apiKey": "<REDACTED>",
+  "enterpriseHost": "https://proxy.example.com"
+}
+```
+
+See [CLI configuration](cli-configuration.md) for scripting examples and output formats.
+
+Manual cookies are secrets. Keep `~/.codexbar/config.json` private, leave its permissions at `0600`, never commit it,
+and never paste real cookie values or readable DevTools screenshots into public issues.
 
 ### tokenAccounts
 ```json
@@ -72,7 +152,7 @@ All provider fields are optional unless noted.
 
 ## Provider IDs
 Current IDs (see `Sources/CodexBarCore/Providers/Providers.swift`):
-`codex`, `claude`, `cursor`, `opencode`, `factory`, `gemini`, `antigravity`, `copilot`, `zai`, `minimax`, `kimi`, `kilo`, `kiro`, `vertexai`, `augment`, `jetbrains`, `kimik2`, `amp`, `ollama`, `synthetic`, `warp`, `openrouter`.
+`codex`, `openai`, `azureopenai`, `claude`, `cursor`, `opencode`, `opencodego`, `alibaba`, `factory`, `gemini`, `antigravity`, `copilot`, `zai`, `minimax`, `manus`, `kimi`, `kilo`, `kiro`, `vertexai`, `augment`, `jetbrains`, `kimik2`, `moonshot`, `amp`, `ollama`, `synthetic`, `warp`, `openrouter`, `elevenlabs`, `windsurf`, `perplexity`, `mimo`, `doubao`, `abacus`, `mistral`, `deepseek`, `codebuff`, `crof`, `venice`, `commandcode`, `stepfun`, `bedrock`, `grok`, `groq`, `llmproxy`, `deepgram`.
 
 ## Ordering
 The order of `providers` controls display/order in the app and CLI. Reorder the array to change ordering.
diff --git a/docs/copilot.md b/docs/copilot.md
index f6e44f95a..23f19a016 100644
--- a/docs/copilot.md
+++ b/docs/copilot.md
@@ -16,12 +16,18 @@ Copilot uses GitHub OAuth device flow and the Copilot internal usage API. No bro
      - `POST https://github.com/login/device/code`
    - Token polling:
      - `POST https://github.com/login/oauth/access_token`
+   - Optional enterprise host:
+     - set Copilot `enterpriseHost` in `~/.codexbar/config.json` or the provider settings UI
+     - CodexBar normalizes values such as `https://octocorp.ghe.com/login` to `octocorp.ghe.com`
+     - device flow uses `https://<enterpriseHost>/login/...`
    - Scope: `read:user`.
    - Token stored in config:
      - `~/.codexbar/config.json` → `providers[].apiKey` for `copilot`
+      - token accounts use `providers[].tokenAccounts`
 
 2) **Usage fetch**
    - `GET https://api.github.com/copilot_internal/user`
+   - With an enterprise host, the API host is `api.<enterpriseHost>`.
    - Headers:
      - `Authorization: token <github_oauth_token>`
      - `Accept: application/json`
diff --git a/docs/crof.md b/docs/crof.md
new file mode 100644
index 000000000..59fd9b72f
--- /dev/null
+++ b/docs/crof.md
@@ -0,0 +1,42 @@
+---
+summary: "Crof provider data source: API key + usage_api request quota."
+read_when:
+  - Adding or tweaking Crof usage parsing
+  - Updating Crof API key handling
+  - Documenting Crof reset behavior
+---
+
+# Crof provider
+
+Crof is API-only. CodexBar reads `GET https://crof.ai/usage_api/` with a
+Bearer token and displays the returned request quota and dollar credit balance.
+
+## Data sources
+
+1. **API key** supplied via `CROF_API_KEY`, `CROFAI_API_KEY`, or Settings →
+   Providers → Crof. Settings values are stored in `~/.codexbar/config.json`.
+2. **Usage endpoint**
+   - `GET https://crof.ai/usage_api/`
+   - Request headers: `Authorization: Bearer <api key>`, `Accept: application/json`
+   - Response fields: `credits`, `requests_plan`, `usable_requests`
+
+## Usage details
+
+- The primary row shows request quota with the exact usable request count on the right.
+  The visible remaining percent is floored so partially used quotas like `998/1000`
+  do not round up to `100% left`.
+- Crof support said quota reset is around midnight Central time; CodexBar models this
+  as the next `America/Chicago` midnight so daylight saving time maps to GMT-5 when
+  appropriate.
+- The secondary row shows the current Crof dollar balance, floored to cents so tiny
+  microcent-level burns never overstate the remaining balance.
+- Reset timing is inferred until Crof exposes reset metadata in the usage API.
+- The provider icon is SVG and CodexBar renders it as a template image so it
+  matches the other monochrome provider icons.
+- Dashboard: `https://crof.ai/dashboard`.
+
+## Related files
+
+- `Sources/CodexBarCore/Providers/Crof/`
+- `Sources/CodexBar/Providers/Crof/`
+- `Tests/CodexBarTests/CrofUsageFetcherTests.swift`
diff --git a/docs/deepgram.md b/docs/deepgram.md
new file mode 100644
index 000000000..dab71656b
--- /dev/null
+++ b/docs/deepgram.md
@@ -0,0 +1,108 @@
+---
+summary: "Deepgram provider: API key setup, project discovery, and usage-breakdown metrics."
+read_when:
+  - Debugging Deepgram API key or project selection
+  - Updating Deepgram usage parsing or menu display
+  - Explaining Deepgram setup to users
+---
+
+# Deepgram Provider
+
+[Deepgram](https://deepgram.com) is a speech AI platform that provides APIs for speech-to-text, text-to-speech, audio intelligence, and related voice features.
+
+## Authentication
+
+Deepgram uses API key authentication. Get your API key from the [Deepgram Console](https://console.deepgram.com).
+
+The API key must have access to the project you want to query. For usage data, the key also needs the `usage:read` scope for that project.
+
+### Environment Variables
+
+Set the `DEEPGRAM_API_KEY` environment variable:
+
+```bash
+export DEEPGRAM_API_KEY="dg_..."
+```
+
+Optionally set a Deepgram project ID:
+
+```bash
+export DEEPGRAM_PROJECT_ID="your-project-uuid"
+```
+
+If `DEEPGRAM_PROJECT_ID` is omitted, CodexBar calls Deepgram's project list endpoint and aggregates usage across all projects visible to the API key.
+
+### Settings
+
+You can also configure the API key and optional project ID in CodexBar Settings → Providers → Deepgram.
+
+### CLI config
+
+```bash
+printf '%s' "$DEEPGRAM_API_KEY" | codexbar config set-api-key --provider deepgram --stdin
+```
+
+## Data Source
+
+The Deepgram provider fetches summarized usage data from the Deepgram Management API.
+
+1. **Projects API** (`/v1/projects`): Lists projects visible to the API key when no project ID is configured.
+2. **Usage Breakdown API** (`/v1/projects/{PROJECT_ID}/usage/breakdown`): Returns summarized project usage over a date range. The response includes fields such as `start`, `end`, `resolution`, and `results`.
+
+Each usage result may include:
+
+* `start`
+* `end`
+* `hours`
+* `total_hours`
+* `agent_hours`
+* `tokens_in`
+* `tokens_out`
+* `tts_characters`
+* `requests`
+
+Deepgram's usage breakdown endpoint supports querying with `start` and `end` date parameters. The response includes summarized usage results for the selected period.
+
+## Display
+
+The Deepgram menu card shows:
+
+* **Usage notes**: Request count, total audio hours, total billable hours, agent hours, token totals, and TTS characters when returned by Deepgram
+* **Identity**: Project name, project ID, or aggregated project count
+
+Deepgram does not currently provide a credit balance through this provider. The provider displays usage, not remaining credits.
+
+## CLI Usage
+
+```bash
+codexbar --provider deepgram
+codexbar -p dg  # alias
+```
+
+## Environment Variables
+
+* **DEEPGRAM_API_KEY**: Your Deepgram API key. Required.
+* **DEEPGRAM_PROJECT_ID**: Optional Deepgram project UUID. Leave unset to aggregate all visible projects.
+* **DEEPGRAM_API_URL**: Override the base API URL. Optional, defaults to https://api.deepgram.com/v1.
+
+## Permissions
+
+The API key must have permission to read usage data for the configured project.
+
+If the key is valid but lacks the correct scope, Deepgram may return an error like:
+
+```text
+INSUFFICIENT_PERMISSIONS
+Your account does not have the required scope to perform that action for this project.
+Check that your account has the 'usage:read' scope for this project.
+```
+
+In that case, create or update a Deepgram API key with the `usage:read` scope for the target project.
+
+## Notes
+
+* Deepgram usage data is project-scoped.
+* The project ID should be the project UUID, not just the project display name.
+* The provider uses `Authorization: Token <API_KEY>` for requests.
+* This provider currently reports usage metrics, not credit balance or per-request cost.
+* Summarized usage data is not limited to 90 days, while console logs are limited to 90 days.
diff --git a/docs/deepseek.md b/docs/deepseek.md
new file mode 100644
index 000000000..1db239ed3
--- /dev/null
+++ b/docs/deepseek.md
@@ -0,0 +1,39 @@
+---
+summary: "DeepSeek provider data sources: API key + balance endpoint."
+read_when:
+  - Adding or tweaking DeepSeek balance parsing
+  - Updating API key handling
+  - Documenting new provider behavior
+---
+
+# DeepSeek provider
+
+DeepSeek is API-only. Balance is reported by `GET https://api.deepseek.com/user/balance`,
+so CodexBar only needs a valid API key to show your remaining credit balance.
+
+## Data sources
+
+1. **API key** supplied via `DEEPSEEK_API_KEY` / `DEEPSEEK_KEY`, or selected from DeepSeek token accounts in `~/.codexbar/config.json`.
+2. **Balance endpoint**
+   - `GET https://api.deepseek.com/user/balance`
+   - Request headers: `Authorization: Bearer <api key>`, `Accept: application/json`
+   - Response contains `is_available`, and a `balance_infos` array with per-currency entries
+     (`total_balance`, `granted_balance`, `topped_up_balance`).
+
+## Usage details
+
+- The menu card shows total balance with the paid vs. granted breakdown:
+  e.g. `$50.00 (Paid: $40.00 / Granted: $10.00)`.
+- The API separates granted balance from topped-up balance; CodexBar labels these as granted vs. paid credit.
+- When multiple currencies are present, USD is shown preferentially.
+- If total balance is zero, CodexBar shows an add-credits message. If balance is nonzero but `is_available` is false, it shows "Balance unavailable for API calls".
+- There is no session or weekly window — DeepSeek does not expose per-window quota via API.
+- Token-account selection injects the selected key into the fetch environment; otherwise CodexBar reads `DEEPSEEK_API_KEY` / `DEEPSEEK_KEY`.
+
+## Key files
+
+- `Sources/CodexBarCore/Providers/DeepSeek/DeepSeekProviderDescriptor.swift` (descriptor + fetch strategy)
+- `Sources/CodexBarCore/Providers/DeepSeek/DeepSeekUsageFetcher.swift` (HTTP client + JSON parser)
+- `Sources/CodexBarCore/Providers/DeepSeek/DeepSeekSettingsReader.swift` (env var resolution)
+- `Sources/CodexBar/Providers/DeepSeek/DeepSeekProviderImplementation.swift` (provider activation and token-account visibility)
+- `Sources/CodexBarCore/TokenAccountSupportCatalog+Data.swift` (DeepSeek token-account injection)
diff --git a/docs/doubao.md b/docs/doubao.md
new file mode 100644
index 000000000..40c7cfa2d
--- /dev/null
+++ b/docs/doubao.md
@@ -0,0 +1,22 @@
+---
+summary: "Doubao provider notes: API-key auth and Volcengine Ark request-limit tracking."
+read_when:
+  - Adding or modifying the Doubao provider
+  - Debugging Doubao API-key setup
+  - Explaining Doubao usage display
+---
+
+# Doubao Provider
+
+Doubao tracks Volcengine Ark request-limit headers by probing the chat-completions endpoint with a configured API key.
+
+## Setup
+1. Enable **Doubao** in Settings → Providers.
+2. Paste an API key in the provider settings, or set `ARK_API_KEY`, `VOLCENGINE_API_KEY`, or `DOUBAO_API_KEY`.
+3. Refresh provider usage.
+
+## Behavior
+- Endpoint: `POST https://ark.cn-beijing.volces.com/api/coding/v3/chat/completions`
+- Probe models: `doubao-seed-2.0-code`, `doubao-1.5-pro-32k`, `doubao-lite-32k`
+- Reads `x-ratelimit-remaining-requests`, `x-ratelimit-limit-requests`, and `x-ratelimit-reset-requests` when returned.
+- If the key is valid but rate-limit headers are missing, CodexBar shows the key as active and links to the dashboard for details.
diff --git a/docs/elevenlabs.md b/docs/elevenlabs.md
new file mode 100644
index 000000000..dae8b14b4
--- /dev/null
+++ b/docs/elevenlabs.md
@@ -0,0 +1,63 @@
+---
+summary: "ElevenLabs provider notes: API key setup and subscription usage fields."
+read_when:
+  - Adding or modifying the ElevenLabs provider
+  - Debugging ElevenLabs API keys or subscription usage parsing
+  - Adjusting ElevenLabs credit or voice-slot labels
+---
+
+# ElevenLabs Provider
+
+The ElevenLabs provider reads subscription usage from the ElevenLabs API using an API key.
+
+## Features
+
+- Character credit usage from the current subscription period.
+- Reset timing when the API returns `next_character_count_reset_unix`.
+- Voice slot and professional voice slot usage when those fields are present.
+- Plan/status text from the subscription response.
+
+## Setup
+
+### CLI
+
+Store the API key without opening Settings:
+
+```bash
+printf '%s' "$ELEVENLABS_API_KEY" | codexbar config set-api-key --provider elevenlabs --stdin
+```
+
+This trims the piped key, writes it to `~/.codexbar/config.json` with restrictive permissions, and enables ElevenLabs by default. Use `--no-enable` to save the key without enabling the provider.
+
+### Settings
+
+1. Open **Settings -> Providers**
+2. Enable **ElevenLabs**
+3. Open `https://elevenlabs.io/app/settings/api-keys`
+4. Create or copy an API key
+5. Paste the key into CodexBar's ElevenLabs provider settings
+
+### Environment Variables
+
+CodexBar also accepts these environment variables:
+
+- `ELEVENLABS_API_KEY`
+- `XI_API_KEY`
+
+For tests or self-hosted/proxy setups, override the API base URL with `ELEVENLABS_API_URL`.
+
+## How It Works
+
+- Endpoint: `GET https://api.elevenlabs.io/v1/user/subscription`
+- Auth header: `xi-api-key`
+- Fields used: `character_count`, `character_limit`, `voice_slots_used`, `voice_limit`, `professional_voice_slots_used`, `professional_voice_limit`, `tier`, `status`, `next_character_count_reset_unix`
+
+## Troubleshooting
+
+### "Missing ElevenLabs API key"
+
+Set the key with `codexbar config set-api-key --provider elevenlabs --stdin`, add it in **Settings -> Providers -> ElevenLabs**, set `ELEVENLABS_API_KEY`, or configure an ElevenLabs token account.
+
+### "ElevenLabs API error"
+
+Confirm the API key is valid and that the current network can reach `api.elevenlabs.io`.
diff --git a/docs/grok.md b/docs/grok.md
new file mode 100644
index 000000000..37da32c90
--- /dev/null
+++ b/docs/grok.md
@@ -0,0 +1,147 @@
+---
+summary: "Grok provider data sources: ACP JSON-RPC, grok.com billing fallback, OAuth credentials, and local session signals."
+read_when:
+  - Debugging Grok billing/usage parsing
+  - Updating `grok agent stdio` JSON-RPC integration
+  - Adjusting `~/.grok/auth.json` credential reading
+---
+
+# Grok provider
+
+Grok uses xAI's official Grok Build CLI (`grok`, released 2026-05-14). Usage data is
+fetched via the ACP JSON-RPC `x.ai/billing` extension method over `grok agent stdio`
+when available, then via grok.com's billing gRPC-web endpoint using the signed-in
+browser session when the CLI surface does not expose billing.
+
+## Data sources + fallback order
+
+1) **`~/.grok/auth.json` (primary; always works for SuperGrok subscribers)**
+   - Reads `email`, `team_id`, `first_name`/`last_name`, plan-hint (`auth_mode`)
+     for the identity row in the menu.
+2) **`grok agent stdio` ACP JSON-RPC** (best-effort, currently disabled in grok 0.1.210)
+   - We spawn `grok agent stdio` and call `initialize` + `x.ai/billing` (no params).
+   - **Known limitation:** in grok 0.1.210 the `x.ai/billing` extension method
+     is only wired in the interactive TUI; the agent-stdio surface returns
+     `-32601 Method not found`. The provider degrades silently to identity-only
+     when this happens. When xAI exposes billing on the agent protocol, no
+     code change is required.
+   - One non-obvious quirk: grok's ACP parser does not unescape `\/` in method
+     names. `Foundation.JSONSerialization.data` defaults to escaping forward
+     slashes, so payloads must be re-encoded with `\/` → `/` before being
+     written to stdin or grok will silently drop them (12s client-side
+     timeout instead of the expected error response).
+3) **grok.com billing gRPC-web fallback** (best-effort)
+   - POSTs an empty gRPC-web protobuf request to
+     `https://grok.com/grok_api_v2.GrokBuildBilling/GetGrokCreditsConfig`.
+   - Uses grok.com browser session cookies. CodexBar imports Chrome only by
+     default to avoid unrelated browser Keychain prompts.
+   - CLI/test runtime does not import browser cookies unless
+     `CODEXBAR_ALLOW_BROWSER_COOKIE_IMPORT=1` is set.
+   - `~/.grok/auth.json` is still used for identity and as a last best-effort
+     bearer probe, but the production grok.com billing endpoint currently
+     authenticates browser sessions.
+   - Parses the returned protobuf enough to recover used percent and
+     reset timestamp. This keeps billing visible when `grok agent stdio` returns
+     `Method not found`.
+4) **Local session signals** (informational fallback)
+   - Walks `~/.grok/sessions/<encoded-cwd>/<session-id>/signals.json` files (last 30 days).
+   - Aggregates `totalTokensBeforeCompaction`, `contextTokensUsed`, `modelsUsed`,
+     and the most recent session timestamp.
+
+## OAuth credentials
+
+- File: `~/.grok/auth.json` (path overridable via `GROK_HOME`).
+- Top-level keys are OIDC scope URLs. CodexBar prefers entries under
+  `https://auth.x.ai::<client-id>` (SuperGrok), falling back to
+  `https://accounts.x.ai/sign-in` (legacy session).
+- Required fields per entry: `key` (bearer token), `refresh_token`, `expires_at`,
+  `auth_mode`, `email`, `team_id`, `user_id`, `first_name`/`last_name`.
+- Tokens are issued by `grok login` and expire after ~7 days; refresh is handled by
+  the CLI itself (CodexBar does not refresh; it just reads the cached credential).
+
+## JSON-RPC contract
+
+- Transport: stdin/stdout, newline-delimited JSON-RPC 2.0 (no Content-Length framing).
+- `initialize` params:
+  ```json
+  {
+    "protocolVersion": "1",
+    "clientCapabilities": {
+      "fs": { "readTextFile": false, "writeTextFile": false },
+      "terminal": false
+    }
+  }
+  ```
+- `x.ai/billing` result shape (all monetary values are `{ val: <cents> }`):
+  ```json
+  {
+    "billingCycle": {
+      "billingPeriodStart": "2026-05-01T00:00:00Z",
+      "billingPeriodEnd": "2026-06-01T00:00:00Z"
+    },
+    "monthlyLimit": { "val": 99900 },
+    "onDemandCap": { "val": 0 },
+    "on_demand_enabled": false,
+    "disabledByConfig": false,
+    "usage": {
+      "includedUsed": { "val": 12345 },
+      "onDemandUsed": { "val": 0 },
+      "totalUsed": { "val": 12345 }
+    }
+  }
+  ```
+- Auth errors surface as JSON-RPC errors with the message
+  `"Authentication required to fetch billing data. Run 'grok login' to authenticate."`.
+- Timeouts: 8s for `initialize`, 12s for `x.ai/billing`. CodexBar terminates the
+  child `grok` process on timeout to avoid leaking subprocesses.
+
+## Mapping to `UsageSnapshot`
+
+- **Primary window** = credit usage (against the subscription/included limit):
+  - CLI RPC: `usedPercent` = `usage.totalUsed.val / monthlyLimit.val * 100`;
+    `resetsAt` = `billingCycle.billingPeriodEnd`.
+  - grok.com fallback: `usedPercent` and `resetsAt` parsed from the gRPC-web
+    billing protobuf.
+  - The UI label for the live usage bar is dynamic: "Weekly" or "Monthly"
+    when `resetsAt` matches a common cycle, falling back to the registered
+    "Credits" label otherwise. Settings and history views continue to use
+    "Credits" as the stable metric name.
+- **Identity**:
+  - `accountEmail` from credential `email`.
+  - `accountOrganization` from credential `team_id`.
+  - `loginMethod` = "SuperGrok" for OIDC, otherwise the raw `auth_mode`.
+
+## Local fallback (`~/.grok/sessions/`)
+
+Each session directory contains `signals.json` with fields like:
+
+```json
+{
+  "turnCount": 1,
+  "contextTokensUsed": 2968,
+  "contextWindowTokens": 512000,
+  "totalTokensBeforeCompaction": 0,
+  "modelsUsed": ["grok-build"],
+  "primaryModelId": "grok-build",
+  "sessionDurationSeconds": 47
+}
+```
+
+CodexBar aggregates these into a `GrokLocalSessionSummary` (session count, total
+tokens, last session time, primary model) and exposes it for diagnostics even when
+the RPC path is unavailable.
+
+## Status
+
+xAI has not exposed a Statuspage-style status feed yet. The "View Status" link
+points to `https://status.x.ai`.
+
+## Key files
+
+- `Sources/CodexBarCore/Providers/Grok/GrokProviderDescriptor.swift`
+- `Sources/CodexBarCore/Providers/Grok/GrokAuth.swift`
+- `Sources/CodexBarCore/Providers/Grok/GrokRPCClient.swift`
+- `Sources/CodexBarCore/Providers/Grok/GrokWebBillingFetcher.swift`
+- `Sources/CodexBarCore/Providers/Grok/GrokStatusProbe.swift`
+- `Sources/CodexBarCore/Providers/Grok/GrokLocalSessionScanner.swift`
+- `Sources/CodexBar/Providers/Grok/GrokProviderImplementation.swift`
diff --git a/docs/groqcloud.md b/docs/groqcloud.md
new file mode 100644
index 000000000..fd5a875c2
--- /dev/null
+++ b/docs/groqcloud.md
@@ -0,0 +1,31 @@
+---
+summary: "GroqCloud provider setup and Prometheus metrics usage source."
+read_when:
+  - Configuring GroqCloud usage tracking
+  - Debugging GroqCloud request or token-rate display
+---
+
+# GroqCloud
+
+CodexBar's GroqCloud provider is separate from the xAI Grok provider. It uses a GroqCloud API key and the Enterprise
+Prometheus metrics API.
+
+## Setup
+
+Store the key in the shared app/CLI config:
+
+```bash
+printf '%s' "$GROQ_API_KEY" | codexbar config set-api-key --provider groq --stdin
+```
+
+Or set `GROQ_API_KEY` in the process environment. `GROQ_API_URL` can override the default `https://api.groq.com/v1`
+base URL for private gateways.
+
+## Menu display
+
+- Primary: requests per minute.
+- Secondary: tokens per minute.
+- Tertiary: prompt cache hits per minute when the metric exists.
+- Dashboard link: GroqCloud metrics dashboard.
+
+If the key lacks Prometheus metrics access, CodexBar shows the API error instead of guessing from unrelated endpoints.
diff --git a/docs/index.html b/docs/index.html
index 5c662d2ab..0447ee92d 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -3,174 +3,323 @@
   <head>
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
-    <title>CodexBar</title>
+    <title>CodexBar — every AI coding limit in your menu bar</title>
     <meta
       name="description"
-      content="Tiny macOS menu bar app that keeps your Codex, Claude Code, Cursor, Gemini, Antigravity, Droid (Factory), Copilot, and z.ai limits visible."
+      content="A tiny macOS menu bar app that tracks AI coding-provider usage windows, credits, costs, and resets across 40+ providers — Codex, OpenAI, Claude, Cursor, Gemini, Copilot, Grok, and more."
     />
-    <meta name="theme-color" content="#0b1016" />
+    <meta name="theme-color" content="#0a0a0c" />
     <link rel="canonical" href="https://codexbar.app/" />
 
     <meta property="og:title" content="CodexBar" />
     <meta
       property="og:description"
-      content="Tiny macOS menu bar app that keeps your Codex, Claude Code, Cursor, Gemini, Antigravity, Droid (Factory), Copilot, and z.ai limits visible."
+      content="Track usage windows, credits, and resets across 40+ AI coding providers from your macOS menu bar."
     />
     <meta property="og:type" content="website" />
     <meta property="og:url" content="https://codexbar.app/" />
-    <meta property="og:image" content="https://codexbar.app/codexbar.png" />
+    <meta property="og:image" content="https://codexbar.app/social.png" />
+    <meta property="og:image:width" content="1200" />
+    <meta property="og:image:height" content="630" />
+    <meta name="twitter:image" content="https://codexbar.app/social.png" />
     <meta name="twitter:card" content="summary_large_image" />
 
     <link rel="icon" href="./icon.png" type="image/png" />
     <link rel="apple-touch-icon" href="./icon.png" />
-    <link rel="stylesheet" href="./site.css?v=a1b2c3d" />
+    <script>
+      (function () {
+        try {
+          var queryTheme = new URLSearchParams(location.search).get('theme');
+          var theme = queryTheme === 'light' || queryTheme === 'dark'
+            ? queryTheme
+            : localStorage.getItem('codexbar-theme');
+          if (theme === 'light' || theme === 'dark') document.documentElement.dataset.theme = theme;
+        } catch (_) {}
+      })();
+    </script>
+    <link rel="stylesheet" href="./site.css?v=8" />
   </head>
   <body>
-    <main class="wrap">
-      <header class="top" data-animate="1">
-        <a class="brand" href="https://github.com/steipete/CodexBar" aria-label="CodexBar on GitHub">
-          <span class="name">
-            <h1 class="title">CodexBar</h1>
-            <p class="tagline">Codex, Claude Code, Cursor, Gemini, Antigravity, Droid, Copilot, z.ai limits.</p>
-          </span>
-        </a>
-        <nav class="links" aria-label="Links">
-          <a class="btn primary" href="https://github.com/steipete/CodexBar/releases/latest">Download</a>
-          <a class="btn ghost" href="https://github.com/steipete/CodexBar">Source</a>
-        </nav>
-      </header>
+    <div class="backdrop" aria-hidden="true">
+      <span class="plane p1"></span>
+      <span class="plane p2"></span>
+      <span class="trace t1"></span>
+      <span class="trace t2"></span>
+      <span class="trace t3"></span>
+      <span class="trace t4"></span>
+    </div>
+    <header class="masthead">
+      <a class="brand" href="./" aria-label="CodexBar">
+        <img class="mark" src="./icon.png" alt="" width="28" height="28" />
+        <span class="wordmark">CodexBar</span>
+      </a>
+      <nav class="nav" aria-label="Primary">
+        <a class="nav-link" href="https://github.com/steipete/CodexBar/blob/main/docs/providers.md">Docs</a>
+        <a class="nav-link" href="https://github.com/steipete/CodexBar">Source</a>
+        <button class="theme-toggle" type="button" aria-label="Switch color theme" aria-pressed="false" title="Switch color theme">
+          <svg class="sun" width="16" height="16" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" aria-hidden="true">
+            <circle cx="8" cy="8" r="2.75" />
+            <path d="M8 1.5v1.25M8 13.25v1.25M1.5 8h1.25M13.25 8h1.25M3.4 3.4l.9.9M11.7 11.7l.9.9M12.6 3.4l-.9.9M4.3 11.7l-.9.9" />
+          </svg>
+          <svg class="moon" width="16" height="16" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true">
+            <path d="M13.2 10.1A5.8 5.8 0 0 1 5.9 2.8a6 6 0 1 0 7.3 7.3Z" />
+          </svg>
+        </button>
+        <a class="btn primary" href="https://github.com/steipete/CodexBar/releases/latest">Download</a>
+      </nav>
+    </header>
 
-      <section class="hero" aria-label="Overview">
-        <div class="copy" data-animate="2">
-          <div class="badges" aria-label="Highlights">
-            <span class="badge">macOS 14+</span>
-            <span class="badge">Apple Silicon + Intel</span>
-            <span class="badge">Free &amp; open source</span>
-            <span class="badge">No passwords stored</span>
-          </div>
-          <div class="hero-heading">
-            <img class="hero-icon" src="./icon.png" alt="" aria-hidden="true" width="40" height="40" />
-            <div>
-              <h2>Stay ahead of resets.</h2>
-              <p>
-                CodexBar keeps session + weekly limits (and credits) in the menu bar, so you know when you're safe to ship.
-              </p>
-            </div>
-          </div>
-          <p class="requirement">Requirements: macOS 14+ (Apple Silicon + Intel).</p>
-          <div class="cta">
-            <a class="btn primary" href="https://github.com/steipete/CodexBar/releases/latest">Download latest</a>
-            <a class="btn" href="https://github.com/steipete/CodexBar">View on GitHub</a>
-          </div>
-          <p class="brew-line">
-            Homebrew: <code id="brew-cmd">brew install --cask steipete/tap/codexbar</code>
-            <button class="copy-btn" onclick="copyBrew()" aria-label="Copy to clipboard" title="Copy to clipboard">
-              <svg class="icon-copy" width="16" height="16" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
-                <rect x="5" y="5" width="9" height="9" rx="1.5"/>
-                <path d="M5 11H3.5A1.5 1.5 0 012 9.5v-7A1.5 1.5 0 013.5 1h7A1.5 1.5 0 0112 2.5V5"/>
+    <main>
+      <section class="lede">
+        <h1>Every AI coding limit, <span class="grad">in your menu&nbsp;bar.</span></h1>
+        <p class="dek">
+          CodexBar tracks usage windows, credit balances, and reset countdowns across the providers you actually pay for —
+          one status item each, or merge them into one.
+        </p>
+        <div class="actions">
+          <a class="btn primary lg" href="https://github.com/steipete/CodexBar/releases/latest">Download for macOS</a>
+          <div class="brew" role="group" aria-label="Homebrew install command">
+            <code id="brew-cmd">brew install --cask steipete/tap/codexbar</code>
+            <button class="brew-copy" type="button" aria-label="Copy to clipboard" title="Copy">
+              <svg class="ic" width="14" height="14" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true">
+                <rect x="5" y="5" width="9" height="9" rx="1.5" />
+                <path d="M5 11H3.5A1.5 1.5 0 0 1 2 9.5v-7A1.5 1.5 0 0 1 3.5 1h7A1.5 1.5 0 0 1 12 2.5V5" />
               </svg>
-              <svg class="icon-check" width="16" height="16" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
-                <polyline points="3 8 6 11 13 4"/>
+              <svg class="ok" width="14" height="14" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true">
+                <polyline points="3 8 6 11 13 4" />
               </svg>
             </button>
-          </p>
-          <p class="brew-line">Linuxbrew (CLI only): <code>brew install steipete/tap/codexbar</code></p>
-          <p class="note">
-            GitHub Releases builds update via Sparkle. Homebrew installs update via <code>brew upgrade</code>.
-          </p>
-          <script>
-            function copyBrew() {
-              const cmd = document.getElementById('brew-cmd').textContent;
-              navigator.clipboard.writeText(cmd).then(() => {
-                document.querySelector('.copy-btn').classList.add('copied');
-                setTimeout(() => document.querySelector('.copy-btn').classList.remove('copied'), 1500);
-              });
-            }
-          </script>
-          <ul class="bullets" aria-label="What it does">
-            <li>One status item per provider (Codex, Claude, Cursor, Gemini, Antigravity, Droid, Copilot, z.ai, Kilo).</li>
-            <li>Session + weekly bars with reset times and optional credits.</li>
-            <li>Web-backed limits via browser cookies (Codex, Claude, Cursor, Droid).</li>
-            <li>Two-bar icon: session on top, weekly on bottom, dimmed on errors.</li>
-            <li>Minimal UI, no Dock icon.</li>
-          </ul>
-        </div>
-        <figure class="shot hero-shot" data-animate="3">
-          <img src="./codexbar.png" alt="CodexBar menu bar popover showing session and weekly usage." />
-          <figcaption>Menu card shows session + weekly usage, resets, and credits when available.</figcaption>
-        </figure>
-      </section>
-
-      <section class="details" aria-label="Details" data-animate="4">
-        <div class="card">
-          <h3>Install &amp; updates</h3>
-          <p>
-            Download from GitHub Releases or install via Homebrew. Sparkle updates are enabled on GitHub builds only.
-          </p>
-        </div>
-        <div class="card">
-          <h3>Providers</h3>
-          <p>
-            Codex · Claude Code · Cursor · Gemini · Antigravity · Droid · Copilot · z.ai · Kilo<br />
-            Open to new providers — see the <a href="https://github.com/steipete/CodexBar/blob/main/docs/provider.md">provider guide</a>.
-          </p>
-        </div>
-        <div class="card">
-          <h3>Privacy</h3>
-          <p>
-            Reuses existing browser cookies (Safari/Chrome/Firefox) for dashboard access — no passwords stored. When cookies
-            are missing, CodexBar falls back to local CLI output. Audit notes in
-            <a href="https://github.com/steipete/CodexBar/issues/12">issue #12</a>.
-          </p>
-        </div>
-      </section>
-
-      <section class="details" aria-label="Features" data-animate="5">
-        <div class="card">
-          <h3>Usage tracking</h3>
-          <p>
-            Session + weekly meters with reset countdowns, plus optional credits and code review limits.
-          </p>
-        </div>
-        <div class="card">
-          <h3>Status + widgets</h3>
-          <p>
-            Provider status polling with incident badges, plus a WidgetKit snapshot that mirrors the menu card.
-          </p>
-        </div>
-        <div class="card">
-          <h3>CLI + automation</h3>
-          <p>
-            Bundled <code>codexbar</code> CLI for scripts and CI, with Linux CLI builds on GitHub Releases.
-          </p>
+          </div>
         </div>
+        <p class="fineprint">Free &amp; open source · macOS 14+ · Universal on GitHub Releases · Apple Silicon via Homebrew</p>
       </section>
 
-      <section class="details permissions" aria-label="Permissions" data-animate="6">
-        <div class="card">
-          <h3>macOS permissions</h3>
-          <p>
-            Full Disk Access only for Safari cookies, Keychain access for tokens, and Files &amp; Folders prompts when
-            provider CLIs access project directories.
-          </p>
-        </div>
+      <section class="providers" aria-labelledby="providers-h">
+        <header class="section-head">
+          <h2 id="providers-h">40+ providers, one menu bar</h2>
+          <p>Popular providers become status items with their own usage windows, reset countdowns, charts, and provider menus.</p>
+        </header>
+        <ul class="grid">
+        <li><a class="provider" style="--brand:#49A3B0" href="https://github.com/steipete/CodexBar/blob/main/docs/codex.md">
+          <img class="chip-logo no-bg" src="./logos/codex.svg" data-dark-src="./logos/codex-dark.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Codex</span><span class="auth">OAuth</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#CC7C5E" href="https://github.com/steipete/CodexBar/blob/main/docs/claude.md">
+          <img class="chip-logo" src="./logos/claude.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Claude</span><span class="auth">OAuth</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#1A1A1A" href="https://github.com/steipete/CodexBar/blob/main/docs/cursor.md">
+          <img class="chip-logo" src="./logos/cursor.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Cursor</span><span class="auth">Cookies</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#3B82F6" href="https://github.com/steipete/CodexBar/blob/main/docs/opencode.md">
+          <img class="chip-logo preserve-color" src="./logos/opencode.svg" data-dark-src="./logos/opencode-dark.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">OpenCode</span><span class="auth">Cookies + Go</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#FF6A00" href="https://github.com/steipete/CodexBar/blob/main/docs/alibaba-coding-plan.md">
+          <img class="chip-logo" src="./logos/alibaba.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Alibaba</span><span class="auth">Cookies</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#AB87EA" href="https://github.com/steipete/CodexBar/blob/main/docs/gemini.md">
+          <img class="chip-logo" src="./logos/gemini.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Gemini</span><span class="auth">OAuth</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#60BA7E" href="https://github.com/steipete/CodexBar/blob/main/docs/antigravity.md">
+          <img class="chip-logo" src="./logos/antigravity.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Antigravity</span><span class="auth">Local</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#FF6B35" href="https://github.com/steipete/CodexBar/blob/main/docs/factory.md">
+          <img class="chip-logo no-bg" src="./logos/droid.svg" data-dark-src="./logos/droid-dark.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Droid</span><span class="auth">Cookies</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#A855F7" href="https://github.com/steipete/CodexBar/blob/main/docs/copilot.md">
+          <img class="chip-logo" src="./logos/copilot.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Copilot</span><span class="auth">Device flow</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#E85A6A" href="https://github.com/steipete/CodexBar/blob/main/docs/zai.md">
+          <img class="chip-logo no-bg" src="./logos/zai.svg" data-dark-src="./logos/zai-dark.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">z.ai</span><span class="auth">API key</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#FE6060" href="https://github.com/steipete/CodexBar/blob/main/docs/minimax.md">
+          <img class="chip-logo" src="./logos/minimax.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">MiniMax</span><span class="auth">API key</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#FE603C" href="https://github.com/steipete/CodexBar/blob/main/docs/kimi.md">
+          <img class="chip-logo" src="./logos/kimi.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Kimi</span><span class="auth">Token</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#4C00FF" href="https://github.com/steipete/CodexBar/blob/main/docs/kimi-k2.md">
+          <img class="chip-logo" src="./logos/kimi-k2.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Kimi K2</span><span class="auth">Legacy API</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#f8f676" href="https://github.com/steipete/CodexBar/blob/main/docs/kilo.md">
+          <img class="chip-logo no-bg" src="./logos/kilo.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Kilo</span><span class="auth">API key</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#FF9900;--ink:#0a0a0c" href="https://github.com/steipete/CodexBar/blob/main/docs/kiro.md">
+          <img class="chip-logo no-bg" src="./logos/kiro.svg" data-dark-src="./logos/kiro-dark.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Kiro</span><span class="auth">CLI</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#4285F4" href="https://github.com/steipete/CodexBar/blob/main/docs/vertexai.md">
+          <img class="chip-logo" src="./logos/vertex-ai.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Vertex AI</span><span class="auth">gcloud</span></span>
+        </a></li>
+        <li><a class="provider logo-dark" style="--brand:#6366F1" href="https://github.com/steipete/CodexBar/blob/main/docs/augment.md">
+          <img class="chip-logo" src="./logos/augment.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Augment</span><span class="auth">CLI</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#DC2626" href="https://github.com/steipete/CodexBar/blob/main/docs/amp.md">
+          <img class="chip-logo" src="./logos/amp.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Amp</span><span class="auth">Cookies</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#888888" href="https://github.com/steipete/CodexBar/blob/main/docs/ollama.md">
+          <img class="chip-logo" src="./logos/ollama.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Ollama</span><span class="auth">API key + Cookies</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#141414" href="https://github.com/steipete/CodexBar/blob/main/docs/providers.md#fetch-strategies-current">
+          <img class="chip-logo" src="./logos/synthetic.svg" data-dark-src="./logos/synthetic-dark.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Synthetic</span><span class="auth">API key</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#FF3399" href="https://github.com/steipete/CodexBar/blob/main/docs/jetbrains.md">
+          <img class="chip-logo" src="./logos/jetbrains-ai.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">JetBrains AI</span><span class="auth">Local</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#7B68EE" href="https://github.com/steipete/CodexBar/blob/main/docs/warp.md">
+          <img class="chip-logo" src="./logos/warp.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Warp</span><span class="auth">API key</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#EAEAE6;--ink:#0a0a0c" href="https://github.com/steipete/CodexBar/blob/main/docs/elevenlabs.md">
+          <img class="chip-logo" src="./logos/elevenlabs.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">ElevenLabs</span><span class="auth">API key</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#6467F2" href="https://github.com/steipete/CodexBar/blob/main/docs/openrouter.md">
+          <img class="chip-logo" src="./logos/openrouter.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">OpenRouter</span><span class="auth">API key</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#20B2AA" href="https://github.com/steipete/CodexBar/blob/main/docs/providers.md#fetch-strategies-current">
+          <img class="chip-logo" src="./logos/perplexity.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Perplexity</span><span class="auth">Cookies</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#38BDF8" href="https://github.com/steipete/CodexBar/blob/main/docs/abacus.md">
+          <img class="chip-logo no-bg" src="./logos/abacus-ai.png" data-dark-src="./logos/abacus-ai-dark.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Abacus AI</span><span class="auth">Cookies</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#FF500F" href="https://github.com/steipete/CodexBar/blob/main/docs/providers.md#fetch-strategies-current">
+          <img class="chip-logo" src="./logos/mistral.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Mistral</span><span class="auth">Cookies</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#527DF0" href="https://github.com/steipete/CodexBar/blob/main/docs/deepseek.md">
+          <img class="chip-logo" src="./logos/deepseek.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">DeepSeek</span><span class="auth">API key</span></span>
+        </a></li>
+        <li><a class="provider" style="--brand:#44C800;--ink:#0a0a0c" href="https://github.com/steipete/CodexBar/blob/main/docs/codebuff.md">
+          <img class="chip-logo no-bg" src="./logos/codebuff.png" data-dark-src="./logos/codebuff-dark.svg" alt="" width="20" height="20" /><span class="meta"><span class="name">Codebuff</span><span class="auth">API key</span></span>
+        </a></li>
+        <li><a class="provider add" href="https://github.com/steipete/CodexBar/blob/main/docs/provider.md">
+          <span class="chip">+</span><span class="meta"><span class="name">Your provider</span><span class="auth">Authoring guide</span></span>
+        </a></li>
+        </ul>
       </section>
 
-      <section class="links-row" aria-label="Docs links" data-animate="7">
-        <a class="link-pill" href="https://github.com/steipete/CodexBar/blob/main/docs/providers.md">Docs</a>
-        <a class="link-pill" href="https://github.com/steipete/CodexBar/blob/main/docs/cli.md">CLI</a>
-        <a class="link-pill" href="https://github.com/steipete/CodexBar/blob/main/docs/provider.md">Provider guide</a>
+      <section class="showcase">
+      <figure class="shot">
+        <img src="./codexbar.png" alt="CodexBar menu bar popover showing provider tiles with usage bars, reset countdowns, and credit details." />
+      </figure>
+      <div class="features">
+        <article>
+          <h3>Resets you can plan around</h3>
+          <p>Per-provider session, weekly, and monthly windows with countdowns to the next reset — no more guessing whether to start a long task.</p>
+        </article>
+        <article>
+          <h3>Credits, spend, and cost scans</h3>
+          <p>Credit balances and monthly spend where the provider exposes them, plus configurable local cost scans for Codex and Claude.</p>
+        </article>
+        <article>
+          <h3>Status &amp; incidents</h3>
+          <p>Provider status polling surfaces incident badges in the menu and an indicator overlay on the bar icon.</p>
+        </article>
+        <article>
+          <h3>CLI &amp; widgets</h3>
+          <p>WidgetKit widgets for supported providers and a bundled <code>codexbar</code> CLI for scripts and CI — macOS and Linux builds on every release.</p>
+        </article>
+      </div>
       </section>
 
-      <footer class="foot" data-animate="8">
+      <section class="detail">
+      <article class="block">
+        <h3>Install &amp; updates</h3>
+        <p>
+          Universal app via <a href="https://github.com/steipete/CodexBar/releases/latest">GitHub Releases</a> with Sparkle auto-updates, or
+          <code>brew install --cask steipete/tap/codexbar</code> for Apple Silicon (updates via <code>brew upgrade</code>).
+        </p>
+      </article>
+      <article class="block">
+        <h3>CLI</h3>
+        <p>
+          A bundled <code>codexbar</code> binary plus standalone tarballs for macOS and Linux on each release. On Linux:
+          <code>brew install steipete/tap/codexbar</code>.
+        </p>
+      </article>
+      <article class="block">
+        <h3>Privacy</h3>
         <p>
-          Built by <a href="https://steipete.me">Peter Steinberger</a> •
-          <a href="https://github.com/steipete/CodexBar/blob/main/CHANGELOG.md">Changelog</a> •
-          <a href="https://github.com/steipete/CodexBar/blob/main/LICENSE">MIT</a> •
-          <a href="https://codexbar.app">codexbar.app</a> •
-          <a href="https://trimmy.app">trimmy.app</a>
+          Reuses existing provider sessions — OAuth, device flow, API keys, browser cookies, local files — so no passwords are stored.
+          Audit notes in <a href="https://github.com/steipete/CodexBar/issues/12">issue #12</a>.
         </p>
-      </footer>
+      </article>
+      <article class="block">
+        <h3>macOS permissions</h3>
+        <p>
+          Full Disk Access for Safari cookies, Keychain access for cookie decryption and OAuth flows, and Files &amp; Folders prompts
+          when provider helpers read project directories.
+        </p>
+      </article>
+      </section>
     </main>
+
+    <footer class="foot">
+      <p>
+        Built by <a href="https://steipete.me">Peter Steinberger</a> ·
+        <a href="https://github.com/steipete/CodexBar/blob/main/CHANGELOG.md">Changelog</a> ·
+        <a href="https://github.com/steipete/CodexBar/blob/main/LICENSE">MIT</a> ·
+        <a href="https://trimmy.app">trimmy.app</a>
+      </p>
+    </footer>
+
+    <script>
+      (function () {
+        var root = document.documentElement;
+        var toggle = document.querySelector('.theme-toggle');
+        var metaTheme = document.querySelector('meta[name="theme-color"]');
+        var media = window.matchMedia('(prefers-color-scheme: dark)');
+        function queryTheme() {
+          try {
+            var value = new URLSearchParams(location.search).get('theme');
+            return value === 'light' || value === 'dark' ? value : null;
+          } catch (_) {
+            return null;
+          }
+        }
+        function storedTheme() {
+          try { return localStorage.getItem('codexbar-theme'); } catch (_) { return null; }
+        }
+        function effectiveTheme() {
+          return root.dataset.theme || (media.matches ? 'dark' : 'light');
+        }
+        function updateThemeImages(theme) {
+          document.querySelectorAll('img[data-dark-src]').forEach(function (img) {
+            if (!img.dataset.lightSrc) img.dataset.lightSrc = img.getAttribute('src');
+            img.setAttribute('src', theme === 'dark' ? img.dataset.darkSrc : img.dataset.lightSrc);
+          });
+        }
+        function updateThemeUI() {
+          var theme = effectiveTheme();
+          updateThemeImages(theme);
+          if (toggle) {
+            toggle.setAttribute('aria-pressed', theme === 'dark' ? 'true' : 'false');
+            toggle.setAttribute('aria-label', theme === 'dark' ? 'Switch to light theme' : 'Switch to dark theme');
+            toggle.title = theme === 'dark' ? 'Switch to light theme' : 'Switch to dark theme';
+          }
+          if (metaTheme) metaTheme.setAttribute('content', theme === 'dark' ? '#0a0a0c' : '#fbfbfc');
+        }
+        if (toggle) {
+          toggle.addEventListener('click', function () {
+            var next = effectiveTheme() === 'dark' ? 'light' : 'dark';
+            root.dataset.theme = next;
+            try { localStorage.setItem('codexbar-theme', next); } catch (_) {}
+            updateThemeUI();
+          });
+        }
+        if (media.addEventListener) {
+          media.addEventListener('change', function () {
+            if (!queryTheme() && !storedTheme()) updateThemeUI();
+          });
+        }
+        updateThemeUI();
+
+        var btn = document.querySelector('.brew-copy');
+        if (!btn) return;
+        btn.addEventListener('click', function () {
+          var text = document.getElementById('brew-cmd').textContent;
+          if (!navigator.clipboard) return;
+          navigator.clipboard.writeText(text).then(function () {
+            btn.classList.add('copied');
+            setTimeout(function () { btn.classList.remove('copied'); }, 1500);
+          });
+        });
+      })();
+    </script>
   </body>
 </html>
diff --git a/docs/kilo.md b/docs/kilo.md
index b8a6fa2b0..6425bedec 100644
--- a/docs/kilo.md
+++ b/docs/kilo.md
@@ -35,3 +35,20 @@ Kilo supports API and CLI-backed auth. Source mode can be `auto`, `api`, or `cli
 - Missing API token: set `KILO_API_KEY` or provider `apiKey`.
 - Missing CLI session file: run `kilo login` to create `~/.local/share/kilo/auth.json`.
 - Unauthorized API token (401/403): refresh `KILO_API_KEY` or rerun `kilo login`.
+
+## Organizations
+
+CodexBar can show usage for any Kilo organization the API key belongs to.
+
+- Open Preferences → Providers → Kilo, set the API key, then click **Refresh
+  organizations**.
+- Toggle the organizations you want to display alongside Personal. Personal is
+  always shown.
+- When at least one organization is enabled, the menu renders one Kilo card per
+  enabled scope.
+- The CodexBar fetcher sends the standard `X-KILOCODE-ORGANIZATIONID` header on
+  every usage call to scope the response to that organization.
+- CLI source mode (`auth.json`): the header is applied to CLI-resolved tokens
+  as well. If a CLI token isn't authorized for the chosen organization, that
+  card surfaces an unauthorized error while Personal and other enabled scopes
+  continue to render normally.
diff --git a/docs/kimi-k2.md b/docs/kimi-k2.md
index a40aa3566..a94beb777 100644
--- a/docs/kimi-k2.md
+++ b/docs/kimi-k2.md
@@ -8,13 +8,18 @@ read_when:
 
 # Kimi K2 provider
 
-Kimi K2 is API-only. Usage is reported by the credit counter behind `GET https://kimi-k2.ai/api/user/credits`,
-so CodexBar only needs a valid API key to pull your remaining balance and usage.
+> This is a legacy, unofficial provider for the `kimi-k2.ai` credit endpoint.
+> For the official Kimi API account and billing surface, use the Moonshot / Kimi
+> API provider instead.
+
+Kimi K2 is API-only. Usage is reported by the credit counter behind
+`GET https://kimi-k2.ai/api/user/credits`, so CodexBar only needs a valid API
+key for that legacy endpoint to pull your remaining balance and usage.
 
 ## Data sources + fallback order
 
 1) **API key** stored in `~/.codexbar/config.json` or supplied via `KIMI_K2_API_KEY` / `KIMI_API_KEY` / `KIMI_KEY`.
-   CodexBar stores the key in config after you paste it in Preferences → Providers → Kimi K2.
+   CodexBar stores the key in config after you paste it in Preferences → Providers → Kimi K2 (unofficial).
 2) **Credit endpoint**
    - `GET https://kimi-k2.ai/api/user/credits`
    - Request headers: `Authorization: Bearer <api key>`, `Accept: application/json`
diff --git a/docs/llm-proxy.md b/docs/llm-proxy.md
new file mode 100644
index 000000000..49ce39eaf
--- /dev/null
+++ b/docs/llm-proxy.md
@@ -0,0 +1,41 @@
+---
+summary: "LLM Proxy provider setup and quota-stats usage source."
+read_when:
+  - Configuring LLM Proxy usage tracking
+  - Debugging aggregate proxy quota or provider breakdown display
+---
+
+# LLM Proxy
+
+CodexBar reads aggregate usage from an LLM-API-Key-Proxy compatible `/v1/quota-stats` endpoint.
+
+## Setup
+
+Store the API key:
+
+```bash
+printf '%s' "$LLM_PROXY_API_KEY" | codexbar config set-api-key --provider llmproxy --stdin
+```
+
+Set the base URL with `LLM_PROXY_BASE_URL`, or add `enterpriseHost` to the provider config:
+
+```json
+{
+  "id": "llmproxy",
+  "enabled": true,
+  "apiKey": "<REDACTED>",
+  "enterpriseHost": "https://proxy.example.com"
+}
+```
+
+The base URL may point at either the service root or `/v1`; CodexBar normalizes both to `/v1/quota-stats`.
+
+## Menu display
+
+- Primary: lowest remaining quota group, rendered as percent used.
+- Secondary: total requests.
+- Tertiary: total tokens.
+- Extra rows: top provider summaries by request count.
+- Cost: approximate spend when the proxy reports `approx_cost`.
+
+`quota_groups` may be either an array or a keyed object; CodexBar accepts both shapes.
diff --git a/docs/llms.txt b/docs/llms.txt
new file mode 100644
index 000000000..c30878b31
--- /dev/null
+++ b/docs/llms.txt
@@ -0,0 +1,12 @@
+# CodexBar
+
+CodexBar shows AI coding-provider usage limits, credits, costs, and reset windows in the macOS menu bar.
+
+Canonical documentation:
+- CodexBar — every AI coding limit in your menu bar: https://codexbar.app/ - A tiny macOS menu bar app that tracks AI coding-provider usage windows, credits, costs, and resets across 40+ providers — Codex, OpenAI, Claude, Cursor, Gemini, Copilot, Grok, and more.
+
+Source: https://github.com/steipete/CodexBar
+
+Guidance for agents:
+- Prefer the canonical documentation URLs above over README excerpts or package metadata.
+- Fetch only the pages needed for the current task; this is an index, not a full-site corpus.
diff --git a/docs/logos/abacus-ai-dark.svg b/docs/logos/abacus-ai-dark.svg
new file mode 100644
index 000000000..468bb3dfe
--- /dev/null
+++ b/docs/logos/abacus-ai-dark.svg
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="100" height="100" viewBox="0 0 100 100" fill="none" xmlns="http://www.w3.org/2000/svg">
+    <!-- Abacus AI logo: stylized vertical lines with dots -->
+    <g transform="translate(15, 10)">
+        <!-- Vertical lines -->
+        <rect x="0" y="0" width="4" height="80" rx="2" fill="white"/>
+        <rect x="17.5" y="0" width="4" height="80" rx="2" fill="white"/>
+        <rect x="35" y="0" width="4" height="80" rx="2" fill="white"/>
+        <rect x="52.5" y="0" width="4" height="80" rx="2" fill="white"/>
+        <rect x="66" y="0" width="4" height="80" rx="2" fill="white"/>
+        <!-- Dots on the lines (beads on an abacus) -->
+        <circle cx="2" cy="20" r="7" fill="white"/>
+        <circle cx="19.5" cy="45" r="7" fill="white"/>
+        <circle cx="37" cy="30" r="7" fill="white"/>
+        <circle cx="54.5" cy="60" r="7" fill="white"/>
+        <circle cx="68" cy="40" r="7" fill="white"/>
+    </g>
+</svg>
diff --git a/docs/logos/abacus-ai.png b/docs/logos/abacus-ai.png
new file mode 100644
index 000000000..46572923b
Binary files /dev/null and b/docs/logos/abacus-ai.png differ
diff --git a/docs/logos/alibaba.svg b/docs/logos/alibaba.svg
new file mode 100644
index 000000000..bb458d7ed
--- /dev/null
+++ b/docs/logos/alibaba.svg
@@ -0,0 +1 @@
+<svg height="1em" style="flex:none;line-height:1" viewBox="0 0 24 24" width="1em" xmlns="http://www.w3.org/2000/svg"><title>Alibaba</title><path d="M24 14.014c-2.8 1.512-5.62 2.896-8.759 3.524-.7.139-1.476.139-2.187.043-.678-.085-1.017-.682-.776-1.31.23-.585.536-1.181.93-1.671.852-1.065 1.814-2.034 2.678-3.088a15.75 15.75 0 001.422-2.054c.306-.511.164-1.129-.372-1.384-.897-.437-1.859-.745-2.81-1.075-.11-.043-.274.074-.492.149.273.244.47.425.743.67-2.821.48-5.49 1.16-8.08 2.098-.012.053-.033.095-.023.117.383.585.208 1.032-.35 1.394a2.365 2.365 0 00-.568.522c1.706.5 3.226.213 4.68-.735-.087-.127-.175-.244-.262-.372.546.096.874.394.918.862.011.107-.054.213-.087.32-.077-.086-.175-.17-.24-.267-.045-.064-.056-.138-.088-.245-1.728 1.15-3.587 1.438-5.632.842 0 .404-.022.745.011 1.075.022.287-.098.415-.36.564-.591.362-1.204.735-1.696 1.214-.59.585-.371 1.299.427 1.597.907.34 1.859.35 2.81.234 1.126-.139 2.23-.32 3.456-.49-1.433.67-2.844 1.14-4.33 1.33-1.04.14-2.078.214-3.106-.084-1.476-.415-2.133-1.501-1.75-2.96.361-1.363 1.236-2.449 2.176-3.45 3.139-3.332 7.108-5.024 11.7-5.365 1.072-.074 2.155.064 3.16.511 1.411.639 2.002 1.99 1.313 3.354-.448.905-1.072 1.735-1.695 2.555-.612.809-1.301 1.554-1.946 2.331-.186.234-.361.48-.503.745-.274.5-.088.83.492.778 1.213-.118 2.45-.213 3.62-.511 1.716-.437 3.389-1.054 5.084-1.597.175-.043.339-.107.492-.17z" fill="#FF6003" fill-rule="evenodd"></path></svg>
\ No newline at end of file
diff --git a/docs/logos/amp.svg b/docs/logos/amp.svg
new file mode 100644
index 000000000..f8f9d31c0
--- /dev/null
+++ b/docs/logos/amp.svg
@@ -0,0 +1 @@
+<svg viewBox="0 0 281 124" fill="#1A1A1A" xmlns="http://www.w3.org/2000/svg"><path d="M236.014 0C260.431 9.71106e-05 280.602 17.4115 280.603 44.7432C280.602 73.5337 260.065 94.1657 233.52 94.166C224.158 94.166 215.639 92.4222 208.63 88.4902C202.886 85.2698 198.203 80.6054 194.919 74.3379L188.115 121.822L187.946 123.016H174.214L174.448 121.423L191.772 2.49414H205.372L203.937 11.3369C212.143 3.86078 223.2 0.000153635 236.014 0ZM47.082 0.154297C56.4435 0.154297 65.0012 1.8991 72.0488 5.84863C77.8222 9.08305 82.5323 13.7713 85.8271 20.085L88.1201 3.69238L88.2861 2.49316H101.863L89.1611 90.6328L88.9873 91.8262H75.4092L76.7227 82.8555C68.5854 90.4564 57.3981 94.3231 44.5889 94.3232C20.1709 94.3232 0.000167223 76.9087 0 49.5771C0.000149745 20.7854 20.54 0.154871 47.082 0.154297ZM116.234 90.6357L116.061 91.8271H102.485L115.351 3.68555L115.521 2.49414H129.083L116.234 90.6357ZM140.673 90.6357L140.499 91.8271H126.924L139.789 3.68555L139.96 2.49414H153.521L140.673 90.6357ZM177.958 2.49414L165.108 90.6357L164.935 91.8271H151.36L164.225 3.68555L164.396 2.49414H177.958ZM48.4854 11.9844C27.8638 11.985 14.0133 28.3799 14.0127 48.9521C14.0127 57.7907 16.8094 66.1771 22.3145 72.334C27.7973 78.4657 36.0631 82.4932 47.2402 82.4932C67.8534 82.4925 81.7122 65.9487 81.7129 45.3682C81.7129 35.4076 78.2493 27.0792 72.4131 21.2441C66.5794 15.4088 58.2871 11.9844 48.4854 11.9844ZM233.362 11.8291C212.749 11.8297 198.89 28.3716 198.89 48.9521C198.89 58.9123 202.356 67.2403 208.189 73.0742C214.023 78.9107 222.315 82.3358 232.116 82.3359C252.738 82.3355 266.589 65.9407 266.59 45.3682C266.59 36.5296 263.795 28.1424 258.29 21.9863C252.807 15.8551 244.542 11.8291 233.362 11.8291Z"/></svg>
\ No newline at end of file
diff --git a/docs/logos/antigravity.svg b/docs/logos/antigravity.svg
new file mode 100644
index 000000000..3ed10ab65
--- /dev/null
+++ b/docs/logos/antigravity.svg
@@ -0,0 +1 @@
+<svg height="1em" style="flex:none;line-height:1" viewBox="0 0 24 24" width="1em" xmlns="http://www.w3.org/2000/svg"><title>Antigravity</title><mask height="23" id="lobe-icons-antigravity-0-_R_0_" maskUnits="userSpaceOnUse" width="24" x="0" y="1"><path d="M21.751 22.607c1.34 1.005 3.35.335 1.508-1.508C17.73 15.74 18.904 1 12.037 1 5.17 1 6.342 15.74.815 21.1c-2.01 2.009.167 2.511 1.507 1.506 5.192-3.517 4.857-9.714 9.715-9.714 4.857 0 4.522 6.197 9.714 9.715z" fill="#fff"></path></mask><g mask="url(#lobe-icons-antigravity-0-_R_0_)"><g filter="url(#lobe-icons-antigravity-1-_R_0_)"><path d="M-1.018-3.992c-.408 3.591 2.686 6.89 6.91 7.37 4.225.48 7.98-2.043 8.387-5.633.408-3.59-2.686-6.89-6.91-7.37-4.225-.479-7.98 2.043-8.387 5.633z" fill="#FFE432"></path></g><g filter="url(#lobe-icons-antigravity-2-_R_0_)"><path d="M15.269 7.747c1.058 4.557 5.691 7.374 10.348 6.293 4.657-1.082 7.575-5.653 6.516-10.21-1.058-4.556-5.691-7.374-10.348-6.292-4.657 1.082-7.575 5.653-6.516 10.21z" fill="#FC413D"></path></g><g filter="url(#lobe-icons-antigravity-3-_R_0_)"><path d="M-12.443 10.804c1.338 4.703 7.36 7.11 13.453 5.378 6.092-1.733 9.947-6.95 8.61-11.652C8.282-.173 2.26-2.58-3.833-.848-9.925.884-13.78 6.1-12.443 10.804z" fill="#00B95C"></path></g><g filter="url(#lobe-icons-antigravity-4-_R_0_)"><path d="M-12.443 10.804c1.338 4.703 7.36 7.11 13.453 5.378 6.092-1.733 9.947-6.95 8.61-11.652C8.282-.173 2.26-2.58-3.833-.848-9.925.884-13.78 6.1-12.443 10.804z" fill="#00B95C"></path></g><g filter="url(#lobe-icons-antigravity-5-_R_0_)"><path d="M-7.608 14.703c3.352 3.424 9.126 3.208 12.896-.483 3.77-3.69 4.108-9.459.756-12.883C2.69-2.087-3.083-1.871-6.853 1.82c-3.77 3.69-4.108 9.458-.755 12.883z" fill="#00B95C"></path></g><g filter="url(#lobe-icons-antigravity-6-_R_0_)"><path d="M9.932 27.617c1.04 4.482 5.384 7.303 9.7 6.3 4.316-1.002 6.971-5.448 5.93-9.93-1.04-4.483-5.384-7.304-9.7-6.301-4.316 1.002-6.971 5.448-5.93 9.93z" fill="#3186FF"></path></g><g filter="url(#lobe-icons-antigravity-7-_R_0_)"><path d="M2.572-8.185C.392-3.329 2.778 2.472 7.9 4.771c5.122 2.3 11.042.227 13.222-4.63 2.18-4.855-.205-10.656-5.327-12.955-5.122-2.3-11.042-.227-13.222 4.63z" fill="#FBBC04"></path></g><g filter="url(#lobe-icons-antigravity-8-_R_0_)"><path d="M-3.267 38.686c-5.277-2.072 3.742-19.117 5.984-24.83 2.243-5.712 8.34-8.664 13.616-6.592 5.278 2.071 11.533 13.482 9.29 19.195-2.242 5.713-23.613 14.298-28.89 12.227z" fill="#3186FF"></path></g><g filter="url(#lobe-icons-antigravity-9-_R_0_)"><path d="M28.71 17.471c-1.413 1.649-5.1.808-8.236-1.878-3.135-2.687-4.531-6.201-3.118-7.85 1.412-1.649 5.1-.808 8.235 1.878s4.532 6.2 3.119 7.85z" fill="#749BFF"></path></g><g filter="url(#lobe-icons-antigravity-10-_R_0_)"><path d="M18.163 9.077c5.81 3.93 12.502 4.19 14.946.577 2.443-3.612-.287-9.727-6.098-13.658-5.81-3.931-12.502-4.19-14.946-.577-2.443 3.612.287 9.727 6.098 13.658z" fill="#FC413D"></path></g><g filter="url(#lobe-icons-antigravity-11-_R_0_)"><path d="M-.915 2.684c-1.44 3.473-.97 6.967 1.05 7.804 2.02.837 4.824-1.3 6.264-4.772 1.44-3.473.97-6.967-1.05-7.804-2.02-.837-4.824 1.3-6.264 4.772z" fill="#FFEE48"></path></g></g><defs><filter color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse" height="17.587" id="lobe-icons-antigravity-1-_R_0_" width="19.838" x="-3.288" y="-11.917"><feFlood flood-opacity="0" result="BackgroundImageFix"></feFlood><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"></feBlend><feGaussianBlur result="effect1_foregroundBlur_977_115" stdDeviation="1.117"></feGaussianBlur></filter><filter color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse" height="38.565" id="lobe-icons-antigravity-2-_R_0_" width="38.9" x="4.251" y="-13.493"><feFlood flood-opacity="0" result="BackgroundImageFix"></feFlood><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"></feBlend><feGaussianBlur result="effect1_foregroundBlur_977_115" stdDeviation="5.4"></feGaussianBlur></filter><filter color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse" height="36.517" id="lobe-icons-antigravity-3-_R_0_" width="40.955" x="-21.889" y="-10.592"><feFlood flood-opacity="0" result="BackgroundImageFix"></feFlood><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"></feBlend><feGaussianBlur result="effect1_foregroundBlur_977_115" stdDeviation="4.591"></feGaussianBlur></filter><filter color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse" height="36.517" id="lobe-icons-antigravity-4-_R_0_" width="40.955" x="-21.889" y="-10.592"><feFlood flood-opacity="0" result="BackgroundImageFix"></feFlood><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"></feBlend><feGaussianBlur result="effect1_foregroundBlur_977_115" stdDeviation="4.591"></feGaussianBlur></filter><filter color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse" height="36.595" id="lobe-icons-antigravity-5-_R_0_" width="36.632" x="-19.099" y="-10.278"><feFlood flood-opacity="0" result="BackgroundImageFix"></feFlood><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"></feBlend><feGaussianBlur result="effect1_foregroundBlur_977_115" stdDeviation="4.591"></feGaussianBlur></filter><filter color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse" height="34.087" id="lobe-icons-antigravity-6-_R_0_" width="33.533" x=".981" y="8.758"><feFlood flood-opacity="0" result="BackgroundImageFix"></feFlood><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"></feBlend><feGaussianBlur result="effect1_foregroundBlur_977_115" stdDeviation="4.363"></feGaussianBlur></filter><filter color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse" height="35.276" id="lobe-icons-antigravity-7-_R_0_" width="35.978" x="-6.143" y="-21.659"><feFlood flood-opacity="0" result="BackgroundImageFix"></feFlood><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"></feBlend><feGaussianBlur result="effect1_foregroundBlur_977_115" stdDeviation="3.954"></feGaussianBlur></filter><filter color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse" height="46.523" id="lobe-icons-antigravity-8-_R_0_" width="45.114" x="-11.96" y="-.46"><feFlood flood-opacity="0" result="BackgroundImageFix"></feFlood><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"></feBlend><feGaussianBlur result="effect1_foregroundBlur_977_115" stdDeviation="3.531"></feGaussianBlur></filter><filter color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse" height="24.054" id="lobe-icons-antigravity-9-_R_0_" width="25.094" x="10.485" y=".58"><feFlood flood-opacity="0" result="BackgroundImageFix"></feFlood><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"></feBlend><feGaussianBlur result="effect1_foregroundBlur_977_115" stdDeviation="3.159"></feGaussianBlur></filter><filter color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse" height="30.007" id="lobe-icons-antigravity-10-_R_0_" width="33.508" x="5.833" y="-12.467"><feFlood flood-opacity="0" result="BackgroundImageFix"></feFlood><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"></feBlend><feGaussianBlur result="effect1_foregroundBlur_977_115" stdDeviation="2.669"></feGaussianBlur></filter><filter color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse" height="26.151" id="lobe-icons-antigravity-11-_R_0_" width="22.194" x="-8.355" y="-8.876"><feFlood flood-opacity="0" result="BackgroundImageFix"></feFlood><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"></feBlend><feGaussianBlur result="effect1_foregroundBlur_977_115" stdDeviation="3.303"></feGaussianBlur></filter></defs></svg>
\ No newline at end of file
diff --git a/docs/logos/augment.svg b/docs/logos/augment.svg
new file mode 100644
index 000000000..5e81dd27b
--- /dev/null
+++ b/docs/logos/augment.svg
@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="512" height="512" fill="none">
+  <path fill="#ffffff" d="M78.844 464.762c-8.453 0-15.573-1.451-21.359-4.339-5.77-2.888-10.144-7.289-13.076-13.095-2.932-5.807-4.436-12.912-4.436-21.255v-86.028c0-10.605-2.125-18.321-6.329-23.135-4.234-4.798-11.742-7.334-22.507-7.579-3.35 0-6.034-1.253-8.066-3.804C1.008 303.005 0 300.087 0 296.832c0-3.53 1.008-6.448 3.071-8.725 2.048-2.277 4.762-3.53 8.066-3.774 10.765-.26 18.273-2.781 22.507-7.579 4.235-4.798 6.329-12.392 6.329-22.752v-86.028c0-12.637 3.35-22.249 10.005-28.804 6.654-6.555 16.287-9.856 28.866-9.856H181.5c3.862 0 7.042 1.146 9.617 3.408 2.559 2.277 3.862 5.195 3.862 8.694 0 3.301-1.086 6.128-3.257 8.542-2.172 2.414-5.057 3.622-8.671 3.622H87.732c-5.413 0-9.508 1.39-12.316 4.171-2.823 2.781-4.234 7.075-4.234 12.912v86.425c0 7.579-1.551 14.455-4.623 20.644-3.07 6.204-7.181 11.063-12.316 14.623-5.134 3.53-11.137 5.302-18.07 5.302v-1.528c6.933 0 12.936 1.773 18.07 5.303 5.135 3.529 9.245 8.404 12.316 14.623 3.072 6.188 4.623 13.064 4.623 20.643v86.808c0 5.837 1.411 10.115 4.234 12.911 2.823 2.812 6.934 4.172 12.316 4.172h95.318c3.583 0 6.468 1.207 8.671 3.606 2.202 2.414 3.257 5.257 3.257 8.542s-1.272 6.097-3.862 8.511c-2.575 2.414-5.771 3.606-9.617 3.606H78.844v-.092ZM330.501 464.768c-3.862 0-7.042-1.207-9.617-3.606-2.575-2.414-3.863-5.256-3.863-8.511 0-3.255 1.086-6.128 3.258-8.542 2.171-2.414 5.057-3.606 8.671-3.606h95.317c5.414 0 9.509-1.36 12.316-4.171 2.823-2.781 4.235-7.075 4.235-12.912v-86.808c0-7.579 1.551-14.455 4.622-20.643 3.071-6.204 7.182-11.063 12.316-14.623 5.134-3.53 11.137-5.303 18.071-5.303v1.528c-6.934 0-12.937-1.772-18.071-5.302-5.134-3.53-9.245-8.404-12.316-14.623-3.071-6.189-4.622-13.065-4.622-20.644v-86.425c0-5.807-1.412-10.1-4.235-12.912-2.823-2.781-6.933-4.171-12.316-4.171H328.95c-3.583 0-6.469-1.208-8.671-3.622-2.172-2.384-3.258-5.241-3.258-8.542 0-3.529 1.272-6.417 3.863-8.694 2.559-2.277 5.755-3.407 9.617-3.407h102.654c12.58 0 22.181 3.3 28.867 9.855 6.685 6.556 10.005 16.167 10.005 28.804v86.028c0 10.36 2.125 17.969 6.328 22.752 4.235 4.798 11.742 7.334 22.507 7.579 3.351.244 6.034 1.497 8.066 3.774 2.063 2.277 3.071 5.195 3.071 8.725 0 3.301-1.008 6.189-3.071 8.695-2.032 2.521-4.762 3.804-8.066 3.804-10.765.245-18.257 2.781-22.507 7.579-4.234 4.798-6.328 12.5-6.328 23.135v86.028c0 8.358-1.474 15.418-4.437 21.255-2.962 5.837-7.305 10.176-13.076 13.095-5.785 2.888-12.905 4.339-21.359 4.339H330.501v.092Z"/>
+  <path fill="#ffffff" d="M356.885 329.738c18.691 0 33.846-14.929 33.846-33.342 0-18.412-15.155-33.341-33.846-33.341-18.691 0-33.846 14.929-33.846 33.341 0 18.413 15.155 33.342 33.846 33.342ZM167.305 329.738c18.691 0 33.846-14.929 33.846-33.342 0-18.412-15.155-33.341-33.846-33.341-18.691 0-33.846 14.929-33.846 33.341 0 18.413 15.155 33.342 33.846 33.342ZM244.477 32.846l-2.59 68.135c0 3.82-3.661 5.73-10.983 5.73-7.321 0-10.982-1.91-10.982-5.73-.651-16.976-1.178-30.148-1.613-39.484-.217-9.55-.434-16.35-.651-20.384-.217-4.034-.326-6.479-.326-7.32v-1.268c0-4.874 4.529-7.319 13.572-7.319 9.044 0 13.573 2.552 13.573 7.64Zm54.941 0-2.59 68.135c0 3.82-3.661 5.73-10.982 5.73-7.322 0-10.982-1.91-10.982-5.73-.652-16.976-1.179-30.148-1.613-39.484-.218-9.55-.435-16.35-.652-20.384-.217-4.034-.326-6.479-.326-7.32v-1.268c0-4.874 4.53-7.319 13.573-7.319s13.572 2.552 13.572 7.64Z"/>
+</svg>
\ No newline at end of file
diff --git a/docs/logos/claude.svg b/docs/logos/claude.svg
new file mode 100644
index 000000000..62dc0db12
--- /dev/null
+++ b/docs/logos/claude.svg
@@ -0,0 +1 @@
+<svg height="1em" style="flex:none;line-height:1" viewBox="0 0 24 24" width="1em" xmlns="http://www.w3.org/2000/svg"><title>Claude</title><path d="M4.709 15.955l4.72-2.647.08-.23-.08-.128H9.2l-.79-.048-2.698-.073-2.339-.097-2.266-.122-.571-.121L0 11.784l.055-.352.48-.321.686.06 1.52.103 2.278.158 1.652.097 2.449.255h.389l.055-.157-.134-.098-.103-.097-2.358-1.596-2.552-1.688-1.336-.972-.724-.491-.364-.462-.158-1.008.656-.722.881.06.225.061.893.686 1.908 1.476 2.491 1.833.365.304.145-.103.019-.073-.164-.274-1.355-2.446-1.446-2.49-.644-1.032-.17-.619a2.97 2.97 0 01-.104-.729L6.283.134 6.696 0l.996.134.42.364.62 1.414 1.002 2.229 1.555 3.03.456.898.243.832.091.255h.158V9.01l.128-1.706.237-2.095.23-2.695.08-.76.376-.91.747-.492.584.28.48.685-.067.444-.286 1.851-.559 2.903-.364 1.942h.212l.243-.242.985-1.306 1.652-2.064.73-.82.85-.904.547-.431h1.033l.76 1.129-.34 1.166-1.064 1.347-.881 1.142-1.264 1.7-.79 1.36.073.11.188-.02 2.856-.606 1.543-.28 1.841-.315.833.388.091.395-.328.807-1.969.486-2.309.462-3.439.813-.042.03.049.061 1.549.146.662.036h1.622l3.02.225.79.522.474.638-.079.485-1.215.62-1.64-.389-3.829-.91-1.312-.329h-.182v.11l1.093 1.068 2.006 1.81 2.509 2.33.127.578-.322.455-.34-.049-2.205-1.657-.851-.747-1.926-1.62h-.128v.17l.444.649 2.345 3.521.122 1.08-.17.353-.608.213-.668-.122-1.374-1.925-1.415-2.167-1.143-1.943-.14.08-.674 7.254-.316.37-.729.28-.607-.461-.322-.747.322-1.476.389-1.924.315-1.53.286-1.9.17-.632-.012-.042-.14.018-1.434 1.967-2.18 2.945-1.726 1.845-.414.164-.717-.37.067-.662.401-.589 2.388-3.036 1.44-1.882.93-1.086-.006-.158h-.055L4.132 18.56l-1.13.146-.487-.456.061-.746.231-.243 1.908-1.312-.006.006z" fill="#D97757" fill-rule="nonzero"></path></svg>
\ No newline at end of file
diff --git a/docs/logos/codebuff-dark.svg b/docs/logos/codebuff-dark.svg
new file mode 100644
index 000000000..6d5f9e455
--- /dev/null
+++ b/docs/logos/codebuff-dark.svg
@@ -0,0 +1,4 @@
+<svg width="100" height="100" viewBox="0 0 100 100" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path fill-rule="evenodd" clip-rule="evenodd" d="M50 8L12 28V72L50 92L88 72V28L50 8ZM50 22.5L74 35.25V64.75L50 77.5L26 64.75V35.25L50 22.5Z" fill="#44FF00"/>
+  <path d="M50 40L61 46V54L50 60L39 54V46L50 40Z" fill="#44FF00"/>
+</svg>
diff --git a/docs/logos/codebuff.png b/docs/logos/codebuff.png
new file mode 100644
index 000000000..47b4b7bee
Binary files /dev/null and b/docs/logos/codebuff.png differ
diff --git a/docs/logos/codebuff.svg b/docs/logos/codebuff.svg
new file mode 100644
index 000000000..5791738f4
--- /dev/null
+++ b/docs/logos/codebuff.svg
@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none">
+  <rect width="24" height="24" rx="4" fill="#44C800"/>
+  <path d="M7 8l-3 4 3 4M17 8l3 4-3 4M14 6l-4 12" stroke="#fff" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
diff --git a/docs/logos/codex-dark.svg b/docs/logos/codex-dark.svg
new file mode 100644
index 000000000..0d789fb75
--- /dev/null
+++ b/docs/logos/codex-dark.svg
@@ -0,0 +1,3 @@
+<svg width="100" height="100" viewBox="0 0 100 100" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M83.7733 42.8087C84.6678 40.1149 84.9771 37.2613 84.6807 34.4385C84.3843 31.6156 83.489 28.8885 82.0544 26.4394C77.6908 18.8436 68.9203 14.9365 60.3548 16.7725C57.9831 14.1344 54.9591 12.1668 51.5864 11.0673C48.2137 9.96772 44.611 9.77498 41.1402 10.5084C37.6694 11.2418 34.4527 12.8755 31.8132 15.2455C29.1736 17.6155 27.204 20.6383 26.1024 24.0103C23.3212 24.5806 20.6938 25.738 18.3958 27.405C16.0977 29.0721 14.1819 31.2104 12.7765 33.6772C8.36538 41.2609 9.3669 50.8267 15.2527 57.3327C14.3549 60.0251 14.0424 62.8782 14.3361 65.7012C14.6298 68.5241 15.523 71.2518 16.9558 73.7017C21.325 81.3002 30.1011 85.207 38.6712 83.3686C40.5554 85.4904 42.8707 87.1858 45.4623 88.3416C48.0539 89.4975 50.8622 90.0871 53.6999 90.0713C62.4793 90.079 70.2575 84.4114 72.9393 76.0515C75.7201 75.4802 78.347 74.3225 80.6449 72.6555C82.9427 70.9886 84.8587 68.8507 86.2649 66.3846C90.6227 58.8145 89.6172 49.3005 83.7733 42.8087ZM53.6999 84.8356C50.1955 84.8411 46.801 83.6129 44.1116 81.3661L44.5848 81.098L60.5123 71.9043C60.9087 71.6718 61.2379 71.3402 61.4674 70.942C61.6969 70.5439 61.8189 70.0929 61.8215 69.6333V47.1769L68.5553 51.072C68.6225 51.1063 68.6694 51.1707 68.6814 51.2456V69.854C68.6641 78.1208 61.9667 84.8183 53.6999 84.8356ZM21.4977 71.0843C19.7402 68.0497 19.1092 64.4925 19.7156 61.0386L20.1885 61.3225L36.1321 70.5165C36.5266 70.748 36.9757 70.87 37.4331 70.87C37.8905 70.87 38.3396 70.748 38.7341 70.5165L58.21 59.2883V67.0628C58.2081 67.1031 58.1973 67.1424 58.1782 67.1779C58.1591 67.2134 58.1322 67.2441 58.0996 67.2678L41.9671 76.5722C34.798 80.7022 25.6388 78.2463 21.4977 71.0843ZM17.3026 36.3898C19.0723 33.3357 21.8655 31.0062 25.1878 29.8138V48.7376C25.1818 49.1949 25.2986 49.6453 25.5261 50.042C25.7535 50.4387 26.0833 50.7671 26.4809 50.9928L45.8622 62.1739L39.1283 66.069C39.0919 66.0883 39.0513 66.0984 39.0101 66.0984C38.9689 66.0984 38.9283 66.0883 38.8919 66.069L22.7908 56.7809C15.6359 52.6337 13.1822 43.4816 17.3026 36.3112V36.3898ZM72.624 49.2426L53.1792 37.9512L59.8976 34.0718C59.9341 34.0524 59.9747 34.0423 60.016 34.0423C60.0573 34.0423 60.0979 34.0524 60.1344 34.0718L76.2355 43.3761C78.6973 44.7966 80.7043 46.8882 82.0221 49.4065C83.3398 51.9249 83.914 54.7661 83.6775 57.5985C83.4411 60.431 82.4038 63.1377 80.6867 65.4027C78.9696 67.6677 76.6436 69.3975 73.9803 70.3901V51.466C73.9663 51.0096 73.834 50.5647 73.5962 50.1749C73.3584 49.7851 73.0234 49.4638 72.624 49.2426ZM79.3261 39.1657L78.8529 38.8815L62.9411 29.6089C62.5442 29.376 62.0924 29.2532 61.6322 29.2532C61.172 29.2532 60.7202 29.376 60.3233 29.6089L40.8629 40.8374V33.0628C40.8587 33.0233 40.8654 32.9834 40.882 32.9473C40.8987 32.9113 40.9248 32.8803 40.9575 32.8579L57.0586 23.5692C59.5263 22.1476 62.3478 21.458 65.193 21.5811C68.0382 21.7042 70.7896 22.6348 73.1253 24.2642C75.461 25.8936 77.2845 28.1543 78.3825 30.782C79.4806 33.4097 79.8077 36.2957 79.3257 39.1025V39.1657H79.3261ZM37.1888 52.9484L30.455 49.069C30.4213 49.0487 30.3925 49.0212 30.3707 48.9884C30.3488 48.9557 30.3345 48.9186 30.3286 48.8797V30.3188C30.3323 27.4714 31.1466 24.6839 32.6761 22.2822C34.2057 19.8805 36.3874 17.9639 38.9661 16.7564C41.5448 15.549 44.4139 15.1005 47.2381 15.4636C50.0622 15.8267 52.7247 16.9862 54.9141 18.8067L54.4409 19.0748L38.5134 28.2686C38.117 28.5011 37.7879 28.8327 37.5584 29.2308C37.329 29.629 37.207 30.0799 37.2045 30.5395L37.1888 52.9487V52.9484ZM40.8472 45.0632L49.5209 40.0643L58.21 45.0635V55.0615L49.5523 60.0608L40.8632 55.0615L40.8472 45.0632Z" fill="white"/>
+</svg>
diff --git a/docs/logos/codex.svg b/docs/logos/codex.svg
new file mode 100644
index 000000000..c77ccfdd9
--- /dev/null
+++ b/docs/logos/codex.svg
@@ -0,0 +1 @@
+<svg height="1em" style="flex:none;line-height:1" viewBox="0 0 24 24" width="1em" xmlns="http://www.w3.org/2000/svg"><title>Codex</title><path d="M19.503 0H4.496A4.496 4.496 0 000 4.496v15.007A4.496 4.496 0 004.496 24h15.007A4.496 4.496 0 0024 19.503V4.496A4.496 4.496 0 0019.503 0z" fill="#fff"></path><path d="M9.064 3.344a4.578 4.578 0 012.285-.312c1 .115 1.891.54 2.673 1.275.01.01.024.017.037.021a.09.09 0 00.043 0 4.55 4.55 0 013.046.275l.047.022.116.057a4.581 4.581 0 012.188 2.399c.209.51.313 1.041.315 1.595a4.24 4.24 0 01-.134 1.223.123.123 0 00.03.115c.594.607.988 1.33 1.183 2.17.289 1.425-.007 2.71-.887 3.854l-.136.166a4.548 4.548 0 01-2.201 1.388.123.123 0 00-.081.076c-.191.551-.383 1.023-.74 1.494-.9 1.187-2.222 1.846-3.711 1.838-1.187-.006-2.239-.44-3.157-1.302a.107.107 0 00-.105-.024c-.388.125-.78.143-1.204.138a4.441 4.441 0 01-1.945-.466 4.544 4.544 0 01-1.61-1.335c-.152-.202-.303-.392-.414-.617a5.81 5.81 0 01-.37-.961 4.582 4.582 0 01-.014-2.298.124.124 0 00.006-.056.085.085 0 00-.027-.048 4.467 4.467 0 01-1.034-1.651 3.896 3.896 0 01-.251-1.192 5.189 5.189 0 01.141-1.6c.337-1.112.982-1.985 1.933-2.618.212-.141.413-.251.601-.33.215-.089.43-.164.646-.227a.098.098 0 00.065-.066 4.51 4.51 0 01.829-1.615 4.535 4.535 0 011.837-1.388zm3.482 10.565a.637.637 0 000 1.272h3.636a.637.637 0 100-1.272h-3.636zM8.462 9.23a.637.637 0 00-1.106.631l1.272 2.224-1.266 2.136a.636.636 0 101.095.649l1.454-2.455a.636.636 0 00.005-.64L8.462 9.23z" fill="url(#lobe-icons-codex-_R_0_)"></path><defs><linearGradient gradientUnits="userSpaceOnUse" id="lobe-icons-codex-_R_0_" x1="12" x2="12" y1="3" y2="21"><stop stop-color="#B1A7FF"></stop><stop offset=".5" stop-color="#7A9DFF"></stop><stop offset="1" stop-color="#3941FF"></stop></linearGradient></defs></svg>
\ No newline at end of file
diff --git a/docs/logos/copilot.svg b/docs/logos/copilot.svg
new file mode 100644
index 000000000..dd11956e0
--- /dev/null
+++ b/docs/logos/copilot.svg
@@ -0,0 +1 @@
+<svg fill="#1F2328" fill-rule="evenodd" height="1em" style="flex:none;line-height:1" viewBox="0 0 24 24" width="1em" xmlns="http://www.w3.org/2000/svg"><title>GithubCopilot</title><path d="M19.245 5.364c1.322 1.36 1.877 3.216 2.11 5.817.622 0 1.2.135 1.592.654l.73.964c.21.278.323.61.323.955v2.62c0 .339-.173.669-.453.868C20.239 19.602 16.157 21.5 12 21.5c-4.6 0-9.205-2.583-11.547-4.258-.28-.2-.452-.53-.453-.868v-2.62c0-.345.113-.679.321-.956l.73-.963c.392-.517.974-.654 1.593-.654l.029-.297c.25-2.446.81-4.213 2.082-5.52 2.461-2.54 5.71-2.851 7.146-2.864h.198c1.436.013 4.685.323 7.146 2.864zm-7.244 4.328c-.284 0-.613.016-.962.05-.123.447-.305.85-.57 1.108-1.05 1.023-2.316 1.18-2.994 1.18-.638 0-1.306-.13-1.851-.464-.516.165-1.012.403-1.044.996a65.882 65.882 0 00-.063 2.884l-.002.48c-.002.563-.005 1.126-.013 1.69.002.326.204.63.51.765 2.482 1.102 4.83 1.657 6.99 1.657 2.156 0 4.504-.555 6.985-1.657a.854.854 0 00.51-.766c.03-1.682.006-3.372-.076-5.053-.031-.596-.528-.83-1.046-.996-.546.333-1.212.464-1.85.464-.677 0-1.942-.157-2.993-1.18-.266-.258-.447-.661-.57-1.108-.32-.032-.64-.049-.96-.05zm-2.525 4.013c.539 0 .976.426.976.95v1.753c0 .525-.437.95-.976.95a.964.964 0 01-.976-.95v-1.752c0-.525.437-.951.976-.951zm5 0c.539 0 .976.426.976.95v1.753c0 .525-.437.95-.976.95a.964.964 0 01-.976-.95v-1.752c0-.525.437-.951.976-.951zM7.635 5.087c-1.05.102-1.935.438-2.385.906-.975 1.037-.765 3.668-.21 4.224.405.394 1.17.657 1.995.657h.09c.649-.013 1.785-.176 2.73-1.11.435-.41.705-1.433.675-2.47-.03-.834-.27-1.52-.63-1.813-.39-.336-1.275-.482-2.265-.394zm6.465.394c-.36.292-.6.98-.63 1.813-.03 1.037.24 2.06.675 2.47.968.957 2.136 1.104 2.776 1.11h.044c.825 0 1.59-.263 1.995-.657.555-.556.765-3.187-.21-4.224-.45-.468-1.335-.804-2.385-.906-.99-.088-1.875.058-2.265.394zM12 7.615c-.24 0-.525.015-.84.044.03.16.045.336.06.526l-.001.159a2.94 2.94 0 01-.014.25c.225-.022.425-.027.612-.028h.366c.187 0 .387.006.612.028-.015-.146-.015-.277-.015-.409.015-.19.03-.365.06-.526a9.29 9.29 0 00-.84-.044z"></path></svg>
\ No newline at end of file
diff --git a/docs/logos/cursor.svg b/docs/logos/cursor.svg
new file mode 100644
index 000000000..e4135e124
--- /dev/null
+++ b/docs/logos/cursor.svg
@@ -0,0 +1 @@
+<svg fill="#1A1A1A" fill-rule="evenodd" height="1em" style="flex:none;line-height:1" viewBox="0 0 24 24" width="1em" xmlns="http://www.w3.org/2000/svg"><title>Cursor</title><path d="M22.106 5.68L12.5.135a.998.998 0 00-.998 0L1.893 5.68a.84.84 0 00-.419.726v11.186c0 .3.16.577.42.727l9.607 5.547a.999.999 0 00.998 0l9.608-5.547a.84.84 0 00.42-.727V6.407a.84.84 0 00-.42-.726zm-.603 1.176L12.228 22.92c-.063.108-.228.064-.228-.061V12.34a.59.59 0 00-.295-.51l-9.11-5.26c-.107-.062-.063-.228.062-.228h18.55c.264 0 .428.286.296.514z"></path></svg>
\ No newline at end of file
diff --git a/docs/logos/deepseek.svg b/docs/logos/deepseek.svg
new file mode 100644
index 000000000..185c108b4
--- /dev/null
+++ b/docs/logos/deepseek.svg
@@ -0,0 +1 @@
+<svg fill="#5786FE" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>DeepSeek</title><path d="M23.748 4.651c-.254-.124-.364.113-.512.233-.051.04-.094.09-.137.137-.372.397-.806.657-1.373.626-.829-.046-1.537.214-2.163.848-.133-.782-.575-1.248-1.247-1.548-.352-.155-.708-.311-.955-.65-.172-.24-.219-.509-.305-.774-.055-.16-.11-.323-.293-.35-.2-.031-.278.136-.356.276-.313.572-.434 1.202-.422 1.84.027 1.436.633 2.58 1.838 3.393.137.094.172.187.129.323-.082.28-.18.553-.266.833-.055.179-.137.218-.328.14a5.5 5.5 0 0 1-1.737-1.179c-.857-.828-1.631-1.743-2.597-2.46a12 12 0 0 0-.689-.47c-.985-.957.13-1.743.387-1.836.27-.098.094-.433-.778-.428-.872.003-1.67.295-2.687.685a3 3 0 0 1-.465.136 9.6 9.6 0 0 0-2.883-.101c-1.885.21-3.39 1.1-4.497 2.622C.082 8.776-.231 10.854.152 13.02c.403 2.284 1.568 4.175 3.36 5.653 1.857 1.533 3.997 2.284 6.438 2.14 1.482-.085 3.132-.284 4.994-1.86.47.234.962.328 1.78.398.629.058 1.235-.031 1.705-.129.735-.155.684-.836.418-.961-2.155-1.004-1.682-.595-2.112-.926 1.095-1.295 2.768-3.598 3.284-6.733.05-.346.115-.834.108-1.114-.004-.171.035-.238.23-.257a4.2 4.2 0 0 0 1.545-.475c1.397-.763 1.96-2.016 2.093-3.517.02-.23-.004-.467-.247-.588M11.58 18.168c-2.088-1.642-3.101-2.183-3.52-2.16-.39.024-.32.472-.234.763.09.288.207.487.371.74.114.167.192.416-.113.603-.673.416-1.842-.14-1.897-.168-1.361-.801-2.5-1.86-3.301-3.306-.775-1.393-1.225-2.888-1.299-4.482-.02-.385.094-.522.477-.592a4.7 4.7 0 0 1 1.53-.038c2.131.311 3.946 1.264 5.467 2.774.868.86 1.525 1.887 2.202 2.89.72 1.066 1.494 2.082 2.48 2.915.348.291.626.513.892.677-.802.09-2.14.109-3.055-.615zm1.001-6.44a.306.306 0 0 1 .415-.287.3.3 0 0 1 .113.074.3.3 0 0 1 .086.214c0 .17-.136.307-.308.307a.303.303 0 0 1-.306-.307m3.11 1.596c-.2.081-.4.151-.591.16a1.25 1.25 0 0 1-.798-.254c-.274-.23-.47-.358-.551-.758a1.7 1.7 0 0 1 .015-.588c.07-.327-.007-.537-.238-.727-.188-.156-.426-.199-.689-.199a.6.6 0 0 1-.254-.078.253.253 0 0 1-.114-.358 1 1 0 0 1 .192-.21c.356-.202.767-.136 1.146.016.352.144.618.408 1.001.782.392.451.462.576.685.915.176.264.336.536.446.848.066.194-.02.353-.25.45"/></svg>
\ No newline at end of file
diff --git a/docs/logos/droid-dark.svg b/docs/logos/droid-dark.svg
new file mode 100644
index 000000000..f7807d8ab
--- /dev/null
+++ b/docs/logos/droid-dark.svg
@@ -0,0 +1,3 @@
+<svg width="100" height="100" viewBox="0 0 100 100" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M67.8515 23.9286C67.6213 23.8754 67.4147 23.7483 67.2635 23.5667C67.1123 23.385 67.0247 23.1589 67.0141 22.9227C67.0083 22.7678 67.0368 22.6135 67.0978 22.471C69.2044 17.4703 70.1341 13.4692 68.6328 11.7944C64.6604 7.35158 48.7249 16.1873 43.643 19.1813C43.507 19.2603 43.3558 19.3098 43.1993 19.3266C43.0429 19.3435 42.8846 19.3272 42.7348 19.279C42.585 19.2308 42.4471 19.1516 42.3298 19.0466C42.2126 18.9416 42.1188 18.8132 42.0544 18.6696C39.919 13.6801 37.6739 10.2082 35.3976 10.0585C29.366 9.65537 24.5026 26.8938 23.0799 32.5123C23.0423 32.6645 22.9714 32.8064 22.8723 32.9279C22.7733 33.0494 22.6486 33.1474 22.5071 33.2149C22.3649 33.2852 22.2094 33.3245 22.0508 33.3303C21.8923 33.3361 21.7343 33.3083 21.5873 33.2486C16.4593 31.1932 12.3547 30.2871 10.6387 31.751C6.0823 35.6248 15.1427 51.166 18.2115 56.1218C18.3338 56.3213 18.3866 56.5557 18.3618 56.7885C18.3369 57.0212 18.2359 57.2392 18.0742 57.4084C17.9651 57.522 17.8333 57.6112 17.6874 57.6705C12.5718 59.7534 9.01383 61.9424 8.85658 64.1626C8.446 70.0443 26.1213 74.7867 31.8845 76.1745C32.0392 76.2127 32.1794 76.2805 32.3051 76.3779C32.4275 76.4739 32.5279 76.5952 32.5994 76.7334C32.6709 76.8717 32.7118 77.0236 32.7194 77.1791C32.7253 77.334 32.6967 77.4883 32.6358 77.6309C30.5292 82.6316 29.5994 86.6339 31.1007 88.3074C35.0731 92.7515 51.0112 83.9157 56.0917 80.9231C56.2975 80.8022 56.5364 80.75 56.7738 80.774C57.0112 80.798 57.2347 80.897 57.4121 81.0566C57.5267 81.1622 57.6181 81.2906 57.6804 81.4335C59.8157 86.4217 62.0596 89.8936 64.3372 90.0446C70.3687 90.4465 75.2322 73.2092 76.6524 67.5895C76.6911 67.4385 76.7627 67.2979 76.862 67.1777C76.9619 67.0551 77.0871 66.9554 77.229 66.8856C77.371 66.8159 77.5263 66.7775 77.6845 66.7733C77.8429 66.7678 78.0007 66.7959 78.1475 66.8557C83.2754 68.9112 87.3788 69.816 89.0961 68.3533C93.6525 64.4783 84.5908 48.9358 81.5208 43.9801C81.399 43.7805 81.3465 43.5463 81.3716 43.3138C81.3966 43.0814 81.4978 42.8637 81.6593 42.6946C81.7685 42.5811 81.9003 42.4918 82.0462 42.4326C87.1629 40.3484 90.7222 38.1594 90.8757 35.9393C91.2888 30.0575 73.6123 25.3151 67.8503 23.9299M60.9289 18.2915C62.0896 20.3182 56.1142 33.8239 51.6689 43.27C51.593 43.4283 51.4712 43.56 51.3194 43.6481C51.1655 43.7368 50.9885 43.7772 50.8114 43.7641C50.6343 43.751 50.4652 43.6849 50.326 43.5745C50.1899 43.4646 50.0899 43.3163 50.039 43.1489C48.2431 37.0076 46.1927 29.7904 43.9975 23.6653C43.9112 23.4249 43.9156 23.1613 44.01 22.924C44.1055 22.685 44.2829 22.4877 44.5104 22.3674C49.9916 19.4471 59.3715 15.5708 60.9289 18.2915ZM34.6613 19.9638C36.9488 20.5965 42.5161 34.2657 46.2226 44.01C46.2845 44.1733 46.2937 44.3518 46.2489 44.5206C46.2041 44.6893 46.1077 44.8399 45.973 44.951C45.8369 45.065 45.6696 45.1355 45.4929 45.1533C45.3163 45.1711 45.1383 45.1354 44.9821 45.0508C39.2551 41.9496 32.5771 38.2568 26.583 35.4388C26.3498 35.3293 26.1631 35.1404 26.0564 34.9059C25.9507 34.6743 25.933 34.4121 26.0065 34.1684C27.7711 28.329 31.5862 19.1151 34.6613 19.9638ZM17.2992 39.2577C19.3759 38.127 33.2261 43.9539 42.9105 48.2869C43.0727 48.3593 43.2087 48.4791 43.2986 48.6288C43.3885 48.778 43.4296 48.9514 43.4162 49.125C43.4028 49.2987 43.3355 49.4637 43.2237 49.5973C43.1099 49.733 42.9576 49.8309 42.7869 49.8781C36.4908 51.629 29.089 53.6295 22.8066 55.7698C22.5603 55.8535 22.2925 55.8491 22.0491 55.7573C21.808 55.6665 21.6066 55.4937 21.48 55.2694C18.4911 49.923 14.5087 40.7765 17.2992 39.2577ZM19.014 64.8752C19.6617 62.6438 33.6803 57.2125 43.6717 53.5996C43.8386 53.5406 44.0192 53.5323 44.1909 53.5755C44.3625 53.6188 44.5175 53.7119 44.6364 53.8429C44.7518 53.9734 44.8235 54.1366 44.8416 54.3097C44.8597 54.4829 44.8233 54.6574 44.7375 54.8089C41.5577 60.3936 37.7713 66.9069 34.8809 72.7512C34.7662 72.9824 34.5728 73.1651 34.3355 73.2666C34.0963 73.3703 33.8285 73.3875 33.578 73.3153C27.5914 71.6056 18.1404 67.8741 19.014 64.8752ZM38.8008 81.8079C37.6402 79.7824 43.6168 66.2754 48.0609 56.8306C48.1368 56.6723 48.2585 56.5406 48.4104 56.4525C48.5645 56.3646 48.7413 56.3247 48.9183 56.3378C49.0952 56.3509 49.2643 56.4165 49.4038 56.5261C49.5397 56.6357 49.6397 56.7835 49.6908 56.9504C51.4867 63.0905 53.5384 70.3102 55.7323 76.4353C55.8183 76.6753 55.8138 76.9384 55.7198 77.1753C55.6237 77.4141 55.4459 77.6109 55.2181 77.7307C49.7382 80.6448 40.3571 84.5285 38.8071 81.8079H38.8008ZM65.0698 80.1356C62.7785 79.5041 57.2112 65.8324 53.5059 56.0881C53.4438 55.9246 53.4344 55.7458 53.4792 55.5768C53.524 55.4078 53.6206 55.2571 53.7555 55.1458C53.892 55.0319 54.0596 54.9618 54.2366 54.9444C54.4135 54.927 54.5916 54.9633 54.7477 55.0485C60.4722 58.1485 67.1527 61.8438 73.1455 64.6618C73.3814 64.7716 73.5686 64.9613 73.6734 65.1934C73.779 65.4255 73.7963 65.6882 73.7221 65.9322C71.9587 71.7803 68.1436 80.9867 65.0698 80.1356ZM82.4318 60.8392C80.3539 61.9711 66.505 56.143 56.8193 51.8087C56.6586 51.7369 56.5233 51.6181 56.4312 51.468C56.341 51.3188 56.2997 51.145 56.3131 50.9712C56.3266 50.7973 56.394 50.632 56.5061 50.4983C56.6198 50.3626 56.7722 50.2647 56.9429 50.2175C63.2402 48.4678 70.6396 46.4673 76.9219 44.327C77.169 44.2427 77.4378 44.2471 77.682 44.3395C77.9237 44.4304 78.1256 44.6036 78.2523 44.8287C81.2387 50.1726 85.2211 59.3216 82.4318 60.8392ZM80.7183 35.2229C80.0681 37.4568 66.0507 42.8856 56.0593 46.4998C55.8922 46.559 55.7114 46.5675 55.5395 46.5242C55.3676 46.4809 55.2124 46.3877 55.0933 46.2564C54.9777 46.1256 54.9059 45.9619 54.8879 45.7882C54.87 45.6145 54.907 45.4396 54.9935 45.288C58.1721 39.7045 61.9585 33.19 64.8489 27.3456C64.9639 27.1149 65.1572 26.9327 65.3943 26.8314C65.6336 26.7282 65.9014 26.7114 66.1518 26.784C72.1384 28.5025 81.5894 32.224 80.7183 35.2229Z" fill="white"/>
+</svg>
diff --git a/docs/logos/droid.svg b/docs/logos/droid.svg
new file mode 100644
index 000000000..38aad643a
--- /dev/null
+++ b/docs/logos/droid.svg
@@ -0,0 +1,8 @@
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" xmlns:xlink="http://www.w3.org/1999/xlink" width="508" height="508"><svg width="508" height="508" viewBox="0 0 508 508" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_7026_10735)">
+<rect width="508" height="508" fill="#020202"></rect>
+<path d="M321.997 150.712C321.401 150.568 320.844 150.299 320.363 149.925C319.883 149.551 319.491 149.08 319.215 148.544C318.938 148.008 318.783 147.42 318.76 146.821C318.738 146.22 318.848 145.624 319.084 145.07C327.226 125.716 330.819 110.23 325.021 103.747C309.666 86.5471 248.085 120.749 228.451 132.333C227.925 132.642 227.337 132.837 226.728 132.903C226.118 132.969 225.501 132.906 224.918 132.719C224.336 132.531 223.801 132.223 223.351 131.815C222.902 131.407 222.548 130.909 222.313 130.356C214.06 111.043 205.384 97.6094 196.589 97.0268C173.279 95.4688 154.491 162.187 148.991 183.932C148.844 184.515 148.57 185.06 148.188 185.528C147.805 185.998 147.323 186.381 146.775 186.651C146.227 186.921 145.626 187.072 145.012 187.094C144.399 187.116 143.788 187.009 143.221 186.778C123.406 178.825 107.545 175.316 100.914 180.98C83.305 195.978 118.315 256.126 130.175 275.304C130.492 275.816 130.692 276.391 130.76 276.987C130.829 277.582 130.765 278.186 130.573 278.755C130.381 279.325 130.065 279.847 129.647 280.286C129.228 280.725 128.718 281.07 128.15 281.298C108.384 289.359 94.6306 297.834 94.0272 306.424C92.439 329.192 160.74 347.544 183.01 352.916C183.605 353.061 184.16 353.33 184.64 353.704C185.118 354.077 185.509 354.548 185.785 355.083C186.061 355.618 186.215 356.205 186.237 356.803C186.26 357.402 186.151 357.998 185.916 358.551C177.773 377.905 174.181 393.398 179.979 399.874C195.334 417.074 256.921 382.877 276.556 371.293C277.081 370.984 277.67 370.789 278.28 370.722C278.889 370.655 279.507 370.717 280.09 370.905C280.673 371.093 281.207 371.402 281.657 371.81C282.106 372.219 282.46 372.717 282.694 373.271C290.947 392.578 299.616 406.012 308.417 406.601C331.728 408.153 350.516 341.44 356.009 319.688C356.157 319.106 356.432 318.562 356.816 318.094C357.2 317.625 357.682 317.243 358.231 316.974C358.779 316.705 359.381 316.554 359.995 316.533C360.608 316.511 361.219 316.619 361.786 316.85C381.601 324.803 397.455 328.304 404.093 322.648C421.702 307.65 386.684 247.495 374.825 228.317C374.51 227.804 374.312 227.229 374.245 226.634C374.177 226.039 374.242 225.436 374.434 224.868C374.626 224.299 374.941 223.777 375.358 223.338C375.775 222.899 376.284 222.552 376.85 222.323C396.623 214.261 410.376 205.786 410.973 197.196C412.568 174.428 344.26 156.078 321.997 150.712ZM295.254 128.885C299.734 136.73 276.646 189 259.474 225.561C259.186 226.172 258.715 226.682 258.121 227.024C257.528 227.365 256.842 227.521 256.155 227.47C255.468 227.419 254.814 227.164 254.28 226.739C253.746 226.314 253.358 225.739 253.169 225.093C246.234 201.322 238.306 173.392 229.824 149.683C229.491 148.752 229.508 147.736 229.871 146.817C230.235 145.897 230.921 145.133 231.808 144.662C252.989 133.363 289.234 118.358 295.254 128.885ZM193.746 135.355C202.589 137.807 224.103 190.714 238.424 228.426C238.664 229.056 238.699 229.742 238.527 230.393C238.354 231.044 237.983 231.627 237.461 232.065C236.939 232.503 236.292 232.775 235.608 232.844C234.923 232.913 234.234 232.775 233.632 232.45C211.501 220.453 185.694 206.159 162.529 195.253C161.622 194.823 160.901 194.093 160.493 193.192C160.085 192.292 160.018 191.279 160.303 190.335C167.12 167.736 181.865 132.069 193.746 135.355ZM126.652 210.04C134.676 205.664 188.197 228.216 225.621 244.989C226.248 245.269 226.771 245.73 227.12 246.31C227.47 246.889 227.629 247.56 227.577 248.23C227.524 248.901 227.264 249.54 226.828 250.062C226.393 250.582 225.805 250.962 225.143 251.147C200.813 257.921 172.211 265.664 147.937 273.949C146.985 274.272 145.946 274.255 145.007 273.9C144.067 273.545 143.286 272.876 142.805 272.011C131.257 251.322 115.867 215.92 126.652 210.04ZM133.275 309.188C135.779 300.551 189.952 279.537 228.562 265.548C229.207 265.315 229.91 265.28 230.576 265.448C231.243 265.617 231.84 265.98 232.288 266.49C232.736 266.999 233.015 267.631 233.085 268.299C233.155 268.968 233.015 269.641 232.682 270.23C220.392 291.846 205.758 317.053 194.592 339.672C194.156 340.561 193.409 341.269 192.486 341.668C191.563 342.068 190.525 342.134 189.557 341.853C166.42 335.235 129.905 320.792 133.275 309.188ZM209.739 374.722C205.252 366.884 228.347 314.608 245.519 278.054C245.806 277.442 246.279 276.931 246.872 276.59C247.465 276.249 248.151 276.093 248.838 276.144C249.525 276.194 250.179 276.45 250.713 276.875C251.247 277.3 251.634 277.874 251.824 278.521C258.759 302.285 266.686 330.222 275.169 353.932C275.499 354.862 275.481 355.877 275.117 356.795C274.752 357.713 274.064 358.475 273.178 358.945C252.004 370.223 215.752 385.256 209.76 374.722H209.739ZM311.247 368.252C302.397 365.807 280.883 312.894 266.562 275.182C266.322 274.55 266.285 273.862 266.458 273.21C266.63 272.559 267.003 271.974 267.526 271.536C268.049 271.097 268.697 270.826 269.382 270.758C270.068 270.69 270.759 270.83 271.361 271.157C293.485 283.154 319.299 297.455 342.457 308.362C343.366 308.789 344.089 309.519 344.497 310.42C344.905 311.321 344.971 312.335 344.683 313.28C337.872 335.912 323.128 371.544 311.247 368.252ZM378.341 293.566C370.31 297.949 316.795 275.391 279.365 258.618C278.738 258.338 278.215 257.877 277.866 257.297C277.516 256.718 277.357 256.047 277.409 255.377C277.461 254.706 277.722 254.067 278.158 253.546C278.593 253.025 279.181 252.646 279.843 252.461C304.18 245.687 332.775 237.943 357.049 229.658C358.003 229.335 359.043 229.353 359.984 229.709C360.925 230.065 361.706 230.737 362.188 231.603C373.729 252.285 389.119 287.693 378.341 293.566ZM371.718 194.419C369.207 203.063 315.041 224.077 276.431 238.066C275.784 238.3 275.08 238.335 274.413 238.167C273.746 237.999 273.148 237.635 272.698 237.124C272.249 236.613 271.972 235.98 271.903 235.31C271.833 234.641 271.975 233.966 272.311 233.377C284.594 211.768 299.228 186.554 310.394 163.935C310.833 163.048 311.58 162.343 312.502 161.945C313.425 161.546 314.462 161.481 315.429 161.76C338.566 168.413 375.081 182.815 371.718 194.419Z" fill="#FAFAFA"></path>
+</g>
+</svg><style>@media (prefers-color-scheme: light) { :root { filter: none; } }
+@media (prefers-color-scheme: dark) { :root { filter: none; } }
+</style></svg>
\ No newline at end of file
diff --git a/docs/logos/elevenlabs.svg b/docs/logos/elevenlabs.svg
new file mode 100644
index 000000000..ce9145e07
--- /dev/null
+++ b/docs/logos/elevenlabs.svg
@@ -0,0 +1,4 @@
+<svg viewBox="0 0 32 32" fill="#0a0a0c" xmlns="http://www.w3.org/2000/svg">
+  <path d="M7 6h4v20H7V6Zm7 0h4v20h-4V6Zm7 0h4v20h-4V6Z"/>
+  <path d="M3.5 15h25v2h-25v-2Z" opacity=".35"/>
+</svg>
diff --git a/docs/logos/gemini.svg b/docs/logos/gemini.svg
new file mode 100644
index 000000000..62681dfa7
--- /dev/null
+++ b/docs/logos/gemini.svg
@@ -0,0 +1 @@
+<svg height="1em" style="flex:none;line-height:1" viewBox="0 0 24 24" width="1em" xmlns="http://www.w3.org/2000/svg"><title>Gemini</title><path d="M20.616 10.835a14.147 14.147 0 01-4.45-3.001 14.111 14.111 0 01-3.678-6.452.503.503 0 00-.975 0 14.134 14.134 0 01-3.679 6.452 14.155 14.155 0 01-4.45 3.001c-.65.28-1.318.505-2.002.678a.502.502 0 000 .975c.684.172 1.35.397 2.002.677a14.147 14.147 0 014.45 3.001 14.112 14.112 0 013.679 6.453.502.502 0 00.975 0c.172-.685.397-1.351.677-2.003a14.145 14.145 0 013.001-4.45 14.113 14.113 0 016.453-3.678.503.503 0 000-.975 13.245 13.245 0 01-2.003-.678z" fill="#3186FF"></path><path d="M20.616 10.835a14.147 14.147 0 01-4.45-3.001 14.111 14.111 0 01-3.678-6.452.503.503 0 00-.975 0 14.134 14.134 0 01-3.679 6.452 14.155 14.155 0 01-4.45 3.001c-.65.28-1.318.505-2.002.678a.502.502 0 000 .975c.684.172 1.35.397 2.002.677a14.147 14.147 0 014.45 3.001 14.112 14.112 0 013.679 6.453.502.502 0 00.975 0c.172-.685.397-1.351.677-2.003a14.145 14.145 0 013.001-4.45 14.113 14.113 0 016.453-3.678.503.503 0 000-.975 13.245 13.245 0 01-2.003-.678z" fill="url(#lobe-icons-gemini-0-_R_0_)"></path><path d="M20.616 10.835a14.147 14.147 0 01-4.45-3.001 14.111 14.111 0 01-3.678-6.452.503.503 0 00-.975 0 14.134 14.134 0 01-3.679 6.452 14.155 14.155 0 01-4.45 3.001c-.65.28-1.318.505-2.002.678a.502.502 0 000 .975c.684.172 1.35.397 2.002.677a14.147 14.147 0 014.45 3.001 14.112 14.112 0 013.679 6.453.502.502 0 00.975 0c.172-.685.397-1.351.677-2.003a14.145 14.145 0 013.001-4.45 14.113 14.113 0 016.453-3.678.503.503 0 000-.975 13.245 13.245 0 01-2.003-.678z" fill="url(#lobe-icons-gemini-1-_R_0_)"></path><path d="M20.616 10.835a14.147 14.147 0 01-4.45-3.001 14.111 14.111 0 01-3.678-6.452.503.503 0 00-.975 0 14.134 14.134 0 01-3.679 6.452 14.155 14.155 0 01-4.45 3.001c-.65.28-1.318.505-2.002.678a.502.502 0 000 .975c.684.172 1.35.397 2.002.677a14.147 14.147 0 014.45 3.001 14.112 14.112 0 013.679 6.453.502.502 0 00.975 0c.172-.685.397-1.351.677-2.003a14.145 14.145 0 013.001-4.45 14.113 14.113 0 016.453-3.678.503.503 0 000-.975 13.245 13.245 0 01-2.003-.678z" fill="url(#lobe-icons-gemini-2-_R_0_)"></path><defs><linearGradient gradientUnits="userSpaceOnUse" id="lobe-icons-gemini-0-_R_0_" x1="7" x2="11" y1="15.5" y2="12"><stop stop-color="#08B962"></stop><stop offset="1" stop-color="#08B962" stop-opacity="0"></stop></linearGradient><linearGradient gradientUnits="userSpaceOnUse" id="lobe-icons-gemini-1-_R_0_" x1="8" x2="11.5" y1="5.5" y2="11"><stop stop-color="#F94543"></stop><stop offset="1" stop-color="#F94543" stop-opacity="0"></stop></linearGradient><linearGradient gradientUnits="userSpaceOnUse" id="lobe-icons-gemini-2-_R_0_" x1="3.5" x2="17.5" y1="13.5" y2="12"><stop stop-color="#FABC12"></stop><stop offset=".46" stop-color="#FABC12" stop-opacity="0"></stop></linearGradient></defs></svg>
\ No newline at end of file
diff --git a/docs/logos/jetbrains-ai.svg b/docs/logos/jetbrains-ai.svg
new file mode 100644
index 000000000..8734b4987
--- /dev/null
+++ b/docs/logos/jetbrains-ai.svg
@@ -0,0 +1 @@
+<svg viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="g" x1="0.5" y1="0" x2="0.5" y2="1"><stop offset="0%" stop-color="#B97AF7"/><stop offset="100%" stop-color="#6B4FD8"/></linearGradient></defs><path fill="url(#g)" d="M11.64 18c1.48 0 3.12-.3 4.58-.88.54-.22.78-.42.78-.88 0-.38-.4-.84-1.18-.52-1.28.54-2.82.78-4.18.78-4.98 0-8.14-2.32-8.14-5.46 0-2.5 2.18-4.28 5.08-4.28 2.4 0 4.08 1 4.08 2.24 0 1.08-1.1 1.6-2.64 1l.34-1.02C7.96 8 5.98 9.12 5.98 11c0 2.1 2.32 3.5 5.52 3.5 3.76 0 6.5-2.32 6.5-5.54C18 4.94 14.2 2 8.36 2c-1.48 0-3.12.26-4.58.88-.52.22-.78.48-.78.86 0 .46.46.84 1.18.54C5.46 3.74 7 3.5 8.36 3.5c4.98 0 8.14 2.32 8.14 5.46 0 2.5-2.18 4.28-5.08 4.28-2.4 0-4.08-1-4.08-2.24 0-1.08 1.1-1.6 2.64-1l-.34 1.02c2.4.98 4.38-.14 4.38-2.02 0-2.1-2.32-3.5-5.52-3.5C4.74 5.5 2 7.82 2 11.04 2 15.06 5.8 18 11.64 18"/></svg>
\ No newline at end of file
diff --git a/docs/logos/kilo.svg b/docs/logos/kilo.svg
new file mode 100644
index 000000000..74c381b1d
--- /dev/null
+++ b/docs/logos/kilo.svg
@@ -0,0 +1 @@
+<svg fill="#f8f676" fill-rule="evenodd" height="1em" style="flex:none;line-height:1" viewBox="0 0 24 24" width="1em" xmlns="http://www.w3.org/2000/svg"><title>Kilo Code</title><path d="M0 0v24h24V0H0zm22.222 22.222H1.778V1.778h20.444v20.444zm-7.555-4.964h2.222v1.778h-2.794L12.89 17.83v-2.794h1.778v2.222zm4 0h-1.778v-2.222h-2.222v-1.778h2.793l1.207 1.207v2.793zm-7.556-2.591H9.333v-1.778h1.778v1.778zm-5.778-1.778h1.778v4h4v1.778H6.54L5.333 17.46V12.89zm13.334-3.556v1.778h-5.778V9.333h1.987V7.111h-1.987V5.333h2.558l1.206 1.207v2.793h2.014zm-11.556-2h2.222l1.778 1.778v2H9.333v-2H7.111v2H5.333V5.333h1.778v2zm4 0H9.333v-2h1.778v2z"></path></svg>
\ No newline at end of file
diff --git a/docs/logos/kimi-k2.svg b/docs/logos/kimi-k2.svg
new file mode 100644
index 000000000..45b894ba5
--- /dev/null
+++ b/docs/logos/kimi-k2.svg
@@ -0,0 +1 @@
+<svg fill="#FE603C" fill-rule="evenodd" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>Kimi</title><path d="M21.846 0a1.923 1.923 0 110 3.846H20.15a.226.226 0 01-.227-.226V1.923C19.923.861 20.784 0 21.846 0z"></path><path d="M11.065 11.199l7.257-7.2c.137-.136.06-.41-.116-.41H14.3a.164.164 0 00-.117.051l-7.82 7.756c-.122.12-.302.013-.302-.179V3.82c0-.127-.083-.23-.185-.23H3.186c-.103 0-.186.103-.186.23V19.77c0 .128.083.23.186.23h2.69c.103 0 .186-.102.186-.23v-3.25c0-.069.025-.135.069-.178l2.424-2.406a.158.158 0 01.205-.023l6.484 4.772a7.677 7.677 0 003.453 1.283c.108.012.2-.095.2-.23v-3.06c0-.117-.07-.212-.164-.227a5.028 5.028 0 01-2.027-.807l-5.613-4.064c-.117-.078-.132-.279-.028-.381z"></path></svg>
diff --git a/docs/logos/kimi.svg b/docs/logos/kimi.svg
new file mode 100644
index 000000000..45b894ba5
--- /dev/null
+++ b/docs/logos/kimi.svg
@@ -0,0 +1 @@
+<svg fill="#FE603C" fill-rule="evenodd" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>Kimi</title><path d="M21.846 0a1.923 1.923 0 110 3.846H20.15a.226.226 0 01-.227-.226V1.923C19.923.861 20.784 0 21.846 0z"></path><path d="M11.065 11.199l7.257-7.2c.137-.136.06-.41-.116-.41H14.3a.164.164 0 00-.117.051l-7.82 7.756c-.122.12-.302.013-.302-.179V3.82c0-.127-.083-.23-.185-.23H3.186c-.103 0-.186.103-.186.23V19.77c0 .128.083.23.186.23h2.69c.103 0 .186-.102.186-.23v-3.25c0-.069.025-.135.069-.178l2.424-2.406a.158.158 0 01.205-.023l6.484 4.772a7.677 7.677 0 003.453 1.283c.108.012.2-.095.2-.23v-3.06c0-.117-.07-.212-.164-.227a5.028 5.028 0 01-2.027-.807l-5.613-4.064c-.117-.078-.132-.279-.028-.381z"></path></svg>
diff --git a/docs/logos/kiro-dark.svg b/docs/logos/kiro-dark.svg
new file mode 100644
index 000000000..6dfa798de
--- /dev/null
+++ b/docs/logos/kiro-dark.svg
@@ -0,0 +1,19 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
+ "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
+<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
+ width="48.000000pt" height="48.000000pt" viewBox="0 0 48.000000 48.000000"
+ preserveAspectRatio="xMidYMid meet">
+<metadata>
+Created by potrace 1.16, written by Peter Selinger 2001-2019
+</metadata>
+<g transform="translate(0.000000,48.000000) scale(0.100000,-0.100000)"
+fill="#ffffff" stroke="none">
+<path d="M175 367 c-25 -25 -35 -45 -40 -83 -3 -27 -10 -59 -16 -72 -15 -37
+-11 -63 10 -69 12 -3 21 -15 23 -32 2 -20 9 -27 30 -29 15 -2 36 2 48 8 13 7
+20 7 20 0 0 -13 36 -13 62 1 32 17 58 86 58 157 0 103 -38 152 -118 152 -36 0
+-50 -6 -77 -33z m93 -86 c3 -16 -1 -22 -10 -19 -7 3 -15 15 -16 27 -3 16 1 22
+10 19 7 -3 15 -15 16 -27z m52 4 c0 -26 -14 -33 -25 -15 -9 14 1 40 15 40 5 0
+10 -11 10 -25z"/>
+</g>
+</svg>
diff --git a/docs/logos/kiro.svg b/docs/logos/kiro.svg
new file mode 100644
index 000000000..5fe3cf684
--- /dev/null
+++ b/docs/logos/kiro.svg
@@ -0,0 +1,11 @@
+<svg width="1200" height="1200" viewBox="0 0 1200 1200" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="1200" height="1200" rx="260" fill="#9046FF"/>
+<mask id="mask0_1106_4856" style="mask-type:luminance" maskUnits="userSpaceOnUse" x="272" y="202" width="655" height="796">
+<path d="M926.578 202.793H272.637V997.857H926.578V202.793Z" fill="white"/>
+</mask>
+<g mask="url(#mask0_1106_4856)">
+<path d="M398.554 818.914C316.315 1001.03 491.477 1046.74 620.672 940.156C658.687 1059.66 801.052 970.473 852.234 877.795C964.787 673.567 919.318 465.357 907.64 422.374C827.637 129.443 427.623 128.946 358.8 423.865C342.651 475.544 342.402 534.18 333.458 595.051C328.986 625.86 325.507 645.488 313.83 677.785C306.873 696.424 297.68 712.819 282.773 740.645C259.915 783.881 269.604 867.113 387.87 823.883L399.051 818.914H398.554Z" fill="white"/>
+<path d="M636.123 549.353C603.328 549.353 598.359 510.097 598.359 486.742C598.359 465.623 602.086 448.977 609.293 438.293C615.504 428.852 624.697 424.131 636.123 424.131C647.555 424.131 657.492 428.852 664.447 438.541C672.398 449.474 676.623 466.12 676.623 486.742C676.623 525.998 661.471 549.353 636.375 549.353H636.123Z" fill="black"/>
+<path d="M771.24 549.353C738.445 549.353 733.477 510.097 733.477 486.742C733.477 465.623 737.203 448.977 744.41 438.293C750.621 428.852 759.814 424.131 771.24 424.131C782.672 424.131 792.609 428.852 799.564 438.541C807.516 449.474 811.74 466.12 811.74 486.742C811.74 525.998 796.588 549.353 771.492 549.353H771.24Z" fill="black"/>
+</g>
+</svg>
diff --git a/docs/logos/minimax.svg b/docs/logos/minimax.svg
new file mode 100644
index 000000000..b1b0a6a2d
--- /dev/null
+++ b/docs/logos/minimax.svg
@@ -0,0 +1 @@
+<svg fill="#E73562" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>MiniMax</title><path d="M11.43 3.92a.86.86 0 1 0-1.718 0v14.236a1.999 1.999 0 0 1-3.997 0V9.022a.86.86 0 1 0-1.718 0v3.87a1.999 1.999 0 0 1-3.997 0V11.49a.57.57 0 0 1 1.139 0v1.404a.86.86 0 0 0 1.719 0V9.022a1.999 1.999 0 0 1 3.997 0v9.134a.86.86 0 0 0 1.719 0V3.92a1.998 1.998 0 1 1 3.996 0v11.788a.57.57 0 1 1-1.139 0zm10.572 3.105a2 2 0 0 0-1.999 1.997v7.63a.86.86 0 0 1-1.718 0V3.923a1.999 1.999 0 0 0-3.997 0v16.16a.86.86 0 0 1-1.719 0V18.08a.57.57 0 1 0-1.138 0v2a1.998 1.998 0 0 0 3.996 0V3.92a.86.86 0 0 1 1.719 0v12.73a1.999 1.999 0 0 0 3.996 0V9.023a.86.86 0 1 1 1.72 0v6.686a.57.57 0 0 0 1.138 0V9.022a2 2 0 0 0-1.998-1.997"/></svg>
\ No newline at end of file
diff --git a/docs/logos/mistral.svg b/docs/logos/mistral.svg
new file mode 100644
index 000000000..00ee1b9e5
--- /dev/null
+++ b/docs/logos/mistral.svg
@@ -0,0 +1 @@
+<svg fill="#FA520F" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>Mistral AI</title><path d="M17.143 3.429v3.428h-3.429v3.429h-3.428V6.857H6.857V3.43H3.43v13.714H0v3.428h10.286v-3.428H6.857v-3.429h3.429v3.429h3.429v-3.429h3.428v3.429h-3.428v3.428H24v-3.428h-3.43V3.429z"/></svg>
\ No newline at end of file
diff --git a/docs/logos/ollama.svg b/docs/logos/ollama.svg
new file mode 100644
index 000000000..432f73e73
--- /dev/null
+++ b/docs/logos/ollama.svg
@@ -0,0 +1 @@
+<svg fill="#000000" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>Ollama</title><path d="M16.361 10.26a.894.894 0 0 0-.558.47l-.072.148.001.207c0 .193.004.217.059.353.076.193.152.312.291.448.24.238.51.3.872.205a.86.86 0 0 0 .517-.436.752.752 0 0 0 .08-.498c-.064-.453-.33-.782-.724-.897a1.06 1.06 0 0 0-.466 0zm-9.203.005c-.305.096-.533.32-.65.639a1.187 1.187 0 0 0-.06.52c.057.309.31.59.598.667.362.095.632.033.872-.205.14-.136.215-.255.291-.448.055-.136.059-.16.059-.353l.001-.207-.072-.148a.894.894 0 0 0-.565-.472 1.02 1.02 0 0 0-.474.007Zm4.184 2c-.131.071-.223.25-.195.383.031.143.157.288.353.407.105.063.112.072.117.136.004.038-.01.146-.029.243-.02.094-.036.194-.036.222.002.074.07.195.143.253.064.052.076.054.255.059.164.005.198.001.264-.03.169-.082.212-.234.15-.525-.052-.243-.042-.28.087-.355.137-.08.281-.219.324-.314a.365.365 0 0 0-.175-.48.394.394 0 0 0-.181-.033c-.126 0-.207.03-.355.124l-.085.053-.053-.032c-.219-.13-.259-.145-.391-.143a.396.396 0 0 0-.193.032zm.39-2.195c-.373.036-.475.05-.654.086-.291.06-.68.195-.951.328-.94.46-1.589 1.226-1.787 2.114-.04.176-.045.234-.045.53 0 .294.005.357.043.524.264 1.16 1.332 2.017 2.714 2.173.3.033 1.596.033 1.896 0 1.11-.125 2.064-.727 2.493-1.571.114-.226.169-.372.22-.602.039-.167.044-.23.044-.523 0-.297-.005-.355-.045-.531-.288-1.29-1.539-2.304-3.072-2.497a6.873 6.873 0 0 0-.855-.031zm.645.937a3.283 3.283 0 0 1 1.44.514c.223.148.537.458.671.662.166.251.26.508.303.82.02.143.01.251-.043.482-.08.345-.332.705-.672.957a3.115 3.115 0 0 1-.689.348c-.382.122-.632.144-1.525.138-.582-.006-.686-.01-.853-.042-.57-.107-1.022-.334-1.35-.68-.264-.28-.385-.535-.45-.946-.03-.192.025-.509.137-.776.136-.326.488-.73.836-.963.403-.269.934-.46 1.422-.512.187-.02.586-.02.773-.002zm-5.503-11a1.653 1.653 0 0 0-.683.298C5.617.74 5.173 1.666 4.985 2.819c-.07.436-.119 1.04-.119 1.503 0 .544.064 1.24.155 1.721.02.107.031.202.023.208a8.12 8.12 0 0 1-.187.152 5.324 5.324 0 0 0-.949 1.02 5.49 5.49 0 0 0-.94 2.339 6.625 6.625 0 0 0-.023 1.357c.091.78.325 1.438.727 2.04l.13.195-.037.064c-.269.452-.498 1.105-.605 1.732-.084.496-.095.629-.095 1.294 0 .67.009.803.088 1.266.095.555.288 1.143.503 1.534.071.128.243.393.264.407.007.003-.014.067-.046.141a7.405 7.405 0 0 0-.548 1.873c-.062.417-.071.552-.071.991 0 .56.031.832.148 1.279L3.42 24h1.478l-.05-.091c-.297-.552-.325-1.575-.068-2.597.117-.472.25-.819.498-1.296l.148-.29v-.177c0-.165-.003-.184-.057-.293a.915.915 0 0 0-.194-.25 1.74 1.74 0 0 1-.385-.543c-.424-.92-.506-2.286-.208-3.451.124-.486.329-.918.544-1.154a.787.787 0 0 0 .223-.531c0-.195-.07-.355-.224-.522a3.136 3.136 0 0 1-.817-1.729c-.14-.96.114-2.005.69-2.834.563-.814 1.353-1.336 2.237-1.475.199-.033.57-.028.776.01.226.04.367.028.512-.041.179-.085.268-.19.374-.431.093-.215.165-.333.36-.576.234-.29.46-.489.822-.729.413-.27.884-.467 1.352-.561.17-.035.25-.04.569-.04.319 0 .398.005.569.04a4.07 4.07 0 0 1 1.914.997c.117.109.398.457.488.602.034.057.095.177.132.267.105.241.195.346.374.43.14.068.286.082.503.045.343-.058.607-.053.943.016 1.144.23 2.14 1.173 2.581 2.437.385 1.108.276 2.267-.296 3.153-.097.15-.193.27-.333.419-.301.322-.301.722-.001 1.053.493.539.801 1.866.708 3.036-.062.772-.26 1.463-.533 1.854a2.096 2.096 0 0 1-.224.258.916.916 0 0 0-.194.25c-.054.109-.057.128-.057.293v.178l.148.29c.248.476.38.823.498 1.295.253 1.008.231 2.01-.059 2.581a.845.845 0 0 0-.044.098c0 .006.329.009.732.009h.73l.02-.074.036-.134c.019-.076.057-.3.088-.516.029-.217.029-1.016 0-1.258-.11-.875-.295-1.57-.597-2.226-.032-.074-.053-.138-.046-.141.008-.005.057-.074.108-.152.376-.569.607-1.284.724-2.228.031-.26.031-1.378 0-1.628-.083-.645-.182-1.082-.348-1.525a6.083 6.083 0 0 0-.329-.7l-.038-.064.131-.194c.402-.604.636-1.262.727-2.04a6.625 6.625 0 0 0-.024-1.358 5.512 5.512 0 0 0-.939-2.339 5.325 5.325 0 0 0-.95-1.02 8.097 8.097 0 0 1-.186-.152.692.692 0 0 1 .023-.208c.208-1.087.201-2.443-.017-3.503-.19-.924-.535-1.658-.98-2.082-.354-.338-.716-.482-1.15-.455-.996.059-1.8 1.205-2.116 3.01a6.805 6.805 0 0 0-.097.726c0 .036-.007.066-.015.066a.96.96 0 0 1-.149-.078A4.857 4.857 0 0 0 12 3.03c-.832 0-1.687.243-2.456.698a.958.958 0 0 1-.148.078c-.008 0-.015-.03-.015-.066a6.71 6.71 0 0 0-.097-.725C8.997 1.392 8.337.319 7.46.048a2.096 2.096 0 0 0-.585-.041Zm.293 1.402c.248.197.523.759.682 1.388.03.113.06.244.069.292.007.047.026.152.041.233.067.365.098.76.102 1.24l.002.475-.12.175-.118.178h-.278c-.324 0-.646.041-.954.124l-.238.06c-.033.007-.038-.003-.057-.144a8.438 8.438 0 0 1 .016-2.323c.124-.788.413-1.501.696-1.711.067-.05.079-.049.157.013zm9.825-.012c.17.126.358.46.498.888.28.854.36 2.028.212 3.145-.019.14-.024.151-.057.144l-.238-.06a3.693 3.693 0 0 0-.954-.124h-.278l-.119-.178-.119-.175.002-.474c.004-.669.066-1.19.214-1.772.157-.623.434-1.185.68-1.382.078-.062.09-.063.159-.012z"/></svg>
\ No newline at end of file
diff --git a/docs/logos/opencode-dark.svg b/docs/logos/opencode-dark.svg
new file mode 100644
index 000000000..ff40ad792
--- /dev/null
+++ b/docs/logos/opencode-dark.svg
@@ -0,0 +1,6 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 54 42" fill="none">
+  <path d="M18 30H6V18H18V30Z" fill="#4B4646"/>
+  <path d="M18 12H6V30H18V12ZM24 36H0V6H24V36Z" fill="#F1ECEC"/>
+  <path d="M54 30H36V18H54V30Z" fill="#4B4646"/>
+  <path d="M54 12H36V30H54V36H30V6H54V12Z" fill="#F1ECEC"/>
+</svg>
diff --git a/docs/logos/opencode.svg b/docs/logos/opencode.svg
new file mode 100644
index 000000000..e215d428c
--- /dev/null
+++ b/docs/logos/opencode.svg
@@ -0,0 +1,6 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 54 42" fill="none">
+  <path d="M18 30H6V18H18V30Z" fill="#CFCECD"/>
+  <path d="M18 12H6V30H18V12ZM24 36H0V6H24V36Z" fill="#211E1E"/>
+  <path d="M54 30H36V18H54V30Z" fill="#CFCECD"/>
+  <path d="M54 12H36V30H54V36H30V6H54V12Z" fill="#211E1E"/>
+</svg>
diff --git a/docs/logos/openrouter.svg b/docs/logos/openrouter.svg
new file mode 100644
index 000000000..c3ce7aab3
--- /dev/null
+++ b/docs/logos/openrouter.svg
@@ -0,0 +1 @@
+<svg fill="#94A3B8" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>OpenRouter</title><path d="M16.778 1.844v1.919q-.569-.026-1.138-.032-.708-.008-1.415.037c-1.93.126-4.023.728-6.149 2.237-2.911 2.066-2.731 1.95-4.14 2.75-.396.223-1.342.574-2.185.798-.841.225-1.753.333-1.751.333v4.229s.768.108 1.61.333c.842.224 1.789.575 2.185.799 1.41.798 1.228.683 4.14 2.75 2.126 1.509 4.22 2.11 6.148 2.236.88.058 1.716.041 2.555.005v1.918l7.222-4.168-7.222-4.17v2.176c-.86.038-1.611.065-2.278.021-1.364-.09-2.417-.357-3.979-1.465-2.244-1.593-2.866-2.027-3.68-2.508.889-.518 1.449-.906 3.822-2.59 1.56-1.109 2.614-1.377 3.978-1.466.667-.044 1.418-.017 2.278.02v2.176L24 6.014Z"/></svg>
\ No newline at end of file
diff --git a/docs/logos/perplexity.svg b/docs/logos/perplexity.svg
new file mode 100644
index 000000000..42968a82e
--- /dev/null
+++ b/docs/logos/perplexity.svg
@@ -0,0 +1 @@
+<svg fill="#1FB8CD" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>Perplexity</title><path d="M22.3977 7.0896h-2.3106V.0676l-7.5094 6.3542V.1577h-1.1554v6.1966L4.4904 0v7.0896H1.6023v10.3976h2.8882V24l6.932-6.3591v6.2005h1.1554v-6.0469l6.9318 6.1807v-6.4879h2.8882V7.0896zm-3.4657-4.531v4.531h-5.355l5.355-4.531zm-13.2862.0676 4.8691 4.4634H5.6458V2.6262zM2.7576 16.332V8.245h7.8476l-6.1149 6.1147v1.9723H2.7576zm2.8882 5.0404v-3.8852h.0001v-2.6488l5.7763-5.7764v7.0111l-5.7764 5.2993zm12.7086.0248-5.7766-5.1509V9.0618l5.7766 5.7766v6.5588zm2.8882-5.0652h-1.733v-1.9723L13.3948 8.245h7.8478v8.087z"/></svg>
\ No newline at end of file
diff --git a/docs/logos/synthetic-dark.svg b/docs/logos/synthetic-dark.svg
new file mode 100644
index 000000000..b50f4da2c
--- /dev/null
+++ b/docs/logos/synthetic-dark.svg
@@ -0,0 +1,14 @@
+<svg width="100" height="100" viewBox="0 0 54 54" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M27.8517 26.3314C27.8439 26.1451 27.8371 25.9303 27.8337 25.692C27.8203 24.7571 27.8545 23.4581 28.0457 22.0052C28.4322 19.0688 29.4394 15.6521 31.8222 13.2693C34.205 10.8867 37.6212 9.87992 40.5575 9.49344C42.0107 9.30219 43.3101 9.26734 44.245 9.28076C44.4829 9.28417 44.6968 9.29231 44.883 9.30009C44.8908 9.48595 44.8975 9.69933 44.901 9.93676C44.9144 10.8716 44.8795 12.171 44.6883 13.6242C44.3018 16.5605 43.2958 19.9773 40.9131 22.3602C38.5303 24.743 35.1129 25.7495 32.1765 26.136C30.7234 26.3272 29.4246 26.3614 28.4897 26.348C28.2518 26.3446 28.0378 26.3392 27.8517 26.3314Z" stroke="white" stroke-width="2.5"/>
+<path d="M27.8916 27.1592C28.0179 27.0219 28.165 26.8653 28.3311 26.6943C28.9826 26.0238 29.9253 25.1295 31.0879 24.2373C33.4375 22.4342 36.5658 20.7305 39.9355 20.7305C43.3051 20.7306 46.4327 22.4343 48.7822 24.2373C49.945 25.1296 50.8885 26.0238 51.54 26.6943C51.7059 26.865 51.8514 27.022 51.9775 27.1592C51.8516 27.2961 51.7055 27.4518 51.54 27.6221C50.8885 28.2926 49.945 29.1868 48.7822 30.0791C46.4327 31.8821 43.3052 33.5868 39.9355 33.5869C36.5657 33.5869 33.4375 31.8822 31.0879 30.0791C29.9252 29.1868 28.9826 28.2926 28.3311 27.6221C28.1652 27.4514 28.0177 27.2963 27.8916 27.1592Z" stroke="white" stroke-width="2.5"/>
+<path d="M27.4459 27.6915C27.6323 27.6837 27.8471 27.677 28.0854 27.6736C29.0202 27.6602 30.3192 27.6943 31.7721 27.8856C34.7085 28.272 38.1253 29.2793 40.5081 31.6621C42.8906 34.0448 43.8974 37.4611 44.2839 40.3973C44.4752 41.8505 44.51 43.1499 44.4966 44.0848C44.4932 44.3228 44.485 44.5367 44.4773 44.7229C44.2914 44.7306 44.078 44.7374 43.8406 44.7408C42.9057 44.7542 41.6063 44.7194 40.1531 44.5281C37.2168 44.1417 33.8 43.1356 31.4172 40.753C29.0343 38.3701 28.0278 34.9528 27.6413 32.0163C27.4501 30.5633 27.4159 29.2644 27.4294 28.3296C27.4328 28.0916 27.4381 27.8777 27.4459 27.6915Z" stroke="white" stroke-width="2.5"/>
+<path d="M26.916 28.1289C27.0533 28.2552 27.2099 28.4023 27.3809 28.5684C28.0514 29.2199 28.9457 30.1626 29.8379 31.3252C31.641 33.6748 33.3447 36.8031 33.3447 40.1728C33.3446 43.5424 31.6409 46.67 29.8379 49.0195C28.9456 50.1823 28.0514 51.1258 27.3809 51.7773C27.2102 51.9432 27.0532 52.0887 26.916 52.2148C26.7791 52.0889 26.6234 51.9428 26.4531 51.7773C25.7826 51.1258 24.8884 50.1823 23.9961 49.0195C22.1931 46.67 20.4884 43.5426 20.4883 40.1728C20.4883 36.803 22.193 33.6748 23.9961 31.3252C24.8884 30.1625 25.7826 29.2199 26.4531 28.5684C26.6238 28.4025 26.7789 28.255 26.916 28.1289Z" stroke="white" stroke-width="2.5"/>
+<path d="M26.2147 27.691C26.2225 27.8774 26.2293 28.0922 26.2327 28.3305C26.2461 29.2653 26.2119 30.5643 26.0207 32.0172C25.6342 34.9536 24.627 38.3704 22.2442 40.7532C19.8614 43.1357 16.4452 44.1425 13.5089 44.529C12.0557 44.7203 10.7563 44.7551 9.82145 44.7417C9.58349 44.7383 9.36957 44.7301 9.1834 44.7224C9.17564 44.5365 9.16886 44.3231 9.16545 44.0857C9.15203 43.1508 9.18689 41.8514 9.37813 40.3982C9.76458 37.4619 10.7706 34.0451 13.1533 31.6623C15.5361 29.2795 18.9535 28.2729 21.8899 27.8865C23.343 27.6952 24.6419 27.6611 25.5767 27.6745C25.8146 27.6779 26.0286 27.6833 26.2147 27.691Z" stroke="white" stroke-width="2.5"/>
+<path d="M25.7021 27.1602C25.5759 27.2974 25.4288 27.4541 25.2627 27.625C24.6111 28.2955 23.6684 29.1899 22.5059 30.082C20.1562 31.8851 17.028 33.5889 13.6582 33.5889C10.2886 33.5887 7.16105 31.885 4.81153 30.082C3.64873 29.1897 2.70529 28.2955 2.05372 27.625C1.88786 27.4543 1.74236 27.2973 1.61622 27.1602C1.74215 27.0232 1.88824 26.8676 2.05372 26.6973C2.70527 26.0267 3.64874 25.1326 4.81153 24.2402C7.16108 22.4372 10.2885 20.7326 13.6582 20.7324C17.0281 20.7324 20.1562 22.4371 22.5059 24.2402C23.6686 25.1325 24.6112 26.0268 25.2627 26.6973C25.4285 26.8679 25.576 27.023 25.7021 27.1602Z" stroke="white" stroke-width="2.5"/>
+<path d="M25.7338 25.9813C25.5474 25.9891 25.3326 25.9959 25.0943 25.9993C24.1595 26.0127 22.8605 25.9785 21.4076 25.7873C18.4712 25.4008 15.0544 24.3936 12.6716 22.0108C10.2891 19.628 9.28226 16.2118 8.89579 13.2755C8.70453 11.8223 8.66969 10.5229 8.6831 9.58806C8.68652 9.35009 8.69466 9.13618 8.70244 8.95C8.8883 8.94224 9.10168 8.93546 9.33911 8.93205C10.274 8.91863 11.5734 8.95349 13.0266 9.14473C15.9629 9.53118 19.3797 10.5372 21.7625 12.9199C24.1454 15.3027 25.1519 18.7201 25.5383 21.6565C25.7296 23.1096 25.7638 24.4085 25.7503 25.3433C25.7469 25.5812 25.7415 25.7952 25.7338 25.9813Z" stroke="white" stroke-width="2.5"/>
+<path d="M26.9121 25.7031C26.7748 25.5769 26.6182 25.4298 26.4473 25.2637C25.7768 24.6121 24.8824 23.6694 23.9902 22.5068C22.1872 20.1572 20.4834 17.029 20.4834 13.6592C20.4835 10.2896 22.1873 7.16203 23.9902 4.8125C24.8826 3.6497 25.7767 2.70627 26.4473 2.05469C26.618 1.88883 26.775 1.74333 26.9121 1.61719C27.049 1.74312 27.2047 1.88921 27.375 2.05469C28.0455 2.70624 28.9397 3.64971 29.832 4.8125C31.6351 7.16206 33.3397 10.2895 33.3398 13.6592C33.3398 17.029 31.6351 20.1572 29.832 22.5068C28.9398 23.6695 28.0455 24.6121 27.375 25.2637C27.2043 25.4295 27.0492 25.577 26.9121 25.7031Z" stroke="white" stroke-width="2.5"/>
+<g transform="translate(21.7222 21.7222) scale(0.5555556)">
+<path d="M8.56067 1.3799L10.4618 1.34671C10.5492 1.34522 10.6286 1.38935 10.6747 1.45923L10.7093 1.53774L11.045 2.92076C11.1559 3.37707 11.4798 3.75232 11.9152 3.92819C12.3419 4.10041 12.8251 4.0605 13.2183 3.82145L14.3036 3.16178C14.3771 3.11703 14.4662 3.1144 14.5407 3.14983L14.6099 3.19745L15.9965 4.57385C16.0577 4.63461 16.0825 4.72126 16.0659 4.80217L16.035 4.88085L15.4788 5.80573C15.2386 6.20505 15.1867 6.68631 15.3299 7.12299L15.4034 7.30728C15.5966 7.71593 15.9524 8.02086 16.3793 8.15073L16.5666 8.19532L17.4238 8.34639C17.5414 8.36729 17.628 8.46852 17.6302 8.58794L17.6642 10.533C17.6662 10.6479 17.5891 10.7499 17.478 10.7794L16.3785 11.0721C15.9508 11.1859 15.5956 11.4767 15.399 11.8666L15.3249 12.0398C15.1648 12.4858 15.2187 12.9804 15.4714 13.3812L16.0028 14.2246C16.0497 14.2991 16.0532 14.3908 16.0168 14.4666L15.9672 14.5358L14.5394 15.9448C14.4825 16.0008 14.4038 16.025 14.3277 16.0139L14.2531 15.9908L13.2136 15.4747C12.8594 15.2989 12.4528 15.2697 12.0801 15.388L11.9219 15.4474C11.5639 15.6067 11.2838 15.8977 11.1361 16.2562L11.0812 16.4134L10.7617 17.5217C10.7312 17.6271 10.6352 17.7006 10.5255 17.7026L8.58735 17.7364C8.46855 17.7385 8.36456 17.6565 8.33878 17.5405L8.08316 16.3817L8.03422 16.2078C7.91462 15.8694 7.67485 15.5859 7.36105 15.4118L7.19756 15.3345L7.04329 15.2815C6.73077 15.1941 6.39776 15.2128 6.0968 15.3342L5.94955 15.4032L4.77293 16.0371C4.6979 16.0774 4.60969 16.0756 4.53755 16.0373L4.47222 15.9877L3.13752 14.5596C3.0776 14.4954 3.05736 14.4064 3.07873 14.3252L3.11353 14.2484L3.7373 13.3331C3.98342 12.9717 4.04895 12.5208 3.923 12.109L3.85746 11.9353L3.78169 11.7911C3.61486 11.5129 3.35814 11.2998 3.05423 11.1865L2.89807 11.1374L1.49728 10.7907C1.38749 10.7635 1.30969 10.6659 1.30755 10.5528L1.27503 8.6898C1.27334 8.58474 1.33722 8.49154 1.43207 8.45363L1.47385 8.44118L2.69615 8.18641C3.14512 8.09283 3.52318 7.80066 3.72943 7.39873L3.80738 7.2196C3.94662 6.83155 3.92084 6.40585 3.73992 6.04091L3.6523 5.8891L3.04806 4.9581C2.98255 4.85725 2.99751 4.72403 3.08453 4.64101L4.58516 3.20932C4.67146 3.12699 4.80459 3.11666 4.90217 3.18523L5.71797 3.75897C6.12951 4.04818 6.65895 4.11193 7.1274 3.92874C7.53749 3.76829 7.85309 3.43752 7.99657 3.02769L8.04812 2.84707L8.32092 1.57747C8.34533 1.46387 8.44449 1.38193 8.56067 1.3799Z" fill="white" stroke="white" stroke-width="1.5"/>
+<circle cx="9.46694" cy="9.5416" r="2.53895" transform="rotate(-1 9.46694 9.5416)" fill="white" stroke="white" stroke-width="1.5"/>
+</g>
+</svg>
diff --git a/docs/logos/synthetic.svg b/docs/logos/synthetic.svg
new file mode 100644
index 000000000..87dfcb738
--- /dev/null
+++ b/docs/logos/synthetic.svg
@@ -0,0 +1,12 @@
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" xmlns:xlink="http://www.w3.org/1999/xlink" width="1000" height="1000"><g clip-path="url(#SvgjsClipPath1024)"><rect width="1000" height="1000" fill="#ffffff"></rect><g transform="matrix(14.814814814814815,0,0,14.814814814814815,100,100)"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" xmlns:xlink="http://www.w3.org/1999/xlink" width="54" height="54"><svg width="54" height="54" viewBox="0 0 54 54" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M27.8517 26.3314C27.8439 26.1451 27.8371 25.9303 27.8337 25.692C27.8203 24.7571 27.8545 23.4581 28.0457 22.0052C28.4322 19.0688 29.4394 15.6521 31.8222 13.2693C34.205 10.8867 37.6212 9.87992 40.5575 9.49344C42.0107 9.30219 43.3101 9.26734 44.245 9.28076C44.4829 9.28417 44.6968 9.29231 44.883 9.30009C44.8908 9.48595 44.8975 9.69933 44.901 9.93676C44.9144 10.8716 44.8795 12.171 44.6883 13.6242C44.3018 16.5605 43.2958 19.9773 40.9131 22.3602C38.5303 24.743 35.1129 25.7495 32.1765 26.136C30.7234 26.3272 29.4246 26.3614 28.4897 26.348C28.2518 26.3446 28.0378 26.3392 27.8517 26.3314Z" stroke="black" stroke-width="2"></path>
+<path d="M27.8916 27.1592C28.0179 27.0219 28.165 26.8653 28.3311 26.6943C28.9826 26.0238 29.9253 25.1295 31.0879 24.2373C33.4375 22.4342 36.5658 20.7305 39.9355 20.7305C43.3051 20.7306 46.4327 22.4343 48.7822 24.2373C49.945 25.1296 50.8885 26.0238 51.54 26.6943C51.7059 26.865 51.8514 27.022 51.9775 27.1592C51.8516 27.2961 51.7055 27.4518 51.54 27.6221C50.8885 28.2926 49.945 29.1868 48.7822 30.0791C46.4327 31.8821 43.3052 33.5868 39.9355 33.5869C36.5657 33.5869 33.4375 31.8822 31.0879 30.0791C29.9252 29.1868 28.9826 28.2926 28.3311 27.6221C28.1652 27.4514 28.0177 27.2963 27.8916 27.1592Z" stroke="black" stroke-width="2"></path>
+<path d="M27.4459 27.6915C27.6323 27.6837 27.8471 27.677 28.0854 27.6736C29.0202 27.6602 30.3192 27.6943 31.7721 27.8856C34.7085 28.272 38.1253 29.2793 40.5081 31.6621C42.8906 34.0448 43.8974 37.4611 44.2839 40.3973C44.4752 41.8505 44.51 43.1499 44.4966 44.0848C44.4932 44.3228 44.485 44.5367 44.4773 44.7229C44.2914 44.7306 44.078 44.7374 43.8406 44.7408C42.9057 44.7542 41.6063 44.7194 40.1531 44.5281C37.2168 44.1417 33.8 43.1356 31.4172 40.753C29.0343 38.3701 28.0278 34.9528 27.6413 32.0163C27.4501 30.5633 27.4159 29.2644 27.4294 28.3296C27.4328 28.0916 27.4381 27.8777 27.4459 27.6915Z" stroke="black" stroke-width="2"></path>
+<path d="M26.916 28.1289C27.0533 28.2552 27.2099 28.4023 27.3809 28.5684C28.0514 29.2199 28.9457 30.1626 29.8379 31.3252C31.641 33.6748 33.3447 36.8031 33.3447 40.1728C33.3446 43.5424 31.6409 46.67 29.8379 49.0195C28.9456 50.1823 28.0514 51.1258 27.3809 51.7773C27.2102 51.9432 27.0532 52.0887 26.916 52.2148C26.7791 52.0889 26.6234 51.9428 26.4531 51.7773C25.7826 51.1258 24.8884 50.1823 23.9961 49.0195C22.1931 46.67 20.4884 43.5426 20.4883 40.1728C20.4883 36.803 22.193 33.6748 23.9961 31.3252C24.8884 30.1625 25.7826 29.2199 26.4531 28.5684C26.6238 28.4025 26.7789 28.255 26.916 28.1289Z" stroke="black" stroke-width="2"></path>
+<path d="M26.2147 27.691C26.2225 27.8774 26.2293 28.0922 26.2327 28.3305C26.2461 29.2653 26.2119 30.5643 26.0207 32.0172C25.6342 34.9536 24.627 38.3704 22.2442 40.7532C19.8614 43.1357 16.4452 44.1425 13.5089 44.529C12.0557 44.7203 10.7563 44.7551 9.82145 44.7417C9.58349 44.7383 9.36957 44.7301 9.1834 44.7224C9.17564 44.5365 9.16886 44.3231 9.16545 44.0857C9.15203 43.1508 9.18689 41.8514 9.37813 40.3982C9.76458 37.4619 10.7706 34.0451 13.1533 31.6623C15.5361 29.2795 18.9535 28.2729 21.8899 27.8865C23.343 27.6952 24.6419 27.6611 25.5767 27.6745C25.8146 27.6779 26.0286 27.6833 26.2147 27.691Z" stroke="black" stroke-width="2"></path>
+<path d="M25.7021 27.1602C25.5759 27.2974 25.4288 27.4541 25.2627 27.625C24.6111 28.2955 23.6684 29.1899 22.5059 30.082C20.1562 31.8851 17.028 33.5889 13.6582 33.5889C10.2886 33.5887 7.16105 31.885 4.81153 30.082C3.64873 29.1897 2.70529 28.2955 2.05372 27.625C1.88786 27.4543 1.74236 27.2973 1.61622 27.1602C1.74215 27.0232 1.88824 26.8676 2.05372 26.6973C2.70527 26.0267 3.64874 25.1326 4.81153 24.2402C7.16108 22.4372 10.2885 20.7326 13.6582 20.7324C17.0281 20.7324 20.1562 22.4371 22.5059 24.2402C23.6686 25.1325 24.6112 26.0268 25.2627 26.6973C25.4285 26.8679 25.576 27.023 25.7021 27.1602Z" stroke="black" stroke-width="2"></path>
+<path d="M25.7338 25.9813C25.5474 25.9891 25.3326 25.9959 25.0943 25.9993C24.1595 26.0127 22.8605 25.9785 21.4076 25.7873C18.4712 25.4008 15.0544 24.3936 12.6716 22.0108C10.2891 19.628 9.28226 16.2118 8.89579 13.2755C8.70453 11.8223 8.66969 10.5229 8.6831 9.58806C8.68652 9.35009 8.69466 9.13618 8.70244 8.95C8.8883 8.94224 9.10168 8.93546 9.33911 8.93205C10.274 8.91863 11.5734 8.95349 13.0266 9.14473C15.9629 9.53118 19.3797 10.5372 21.7625 12.9199C24.1454 15.3027 25.1519 18.7201 25.5383 21.6565C25.7296 23.1096 25.7638 24.4085 25.7503 25.3433C25.7469 25.5812 25.7415 25.7952 25.7338 25.9813Z" stroke="black" stroke-width="2"></path>
+<path d="M26.9121 25.7031C26.7748 25.5769 26.6182 25.4298 26.4473 25.2637C25.7768 24.6121 24.8824 23.6694 23.9902 22.5068C22.1872 20.1572 20.4834 17.029 20.4834 13.6592C20.4835 10.2896 22.1873 7.16203 23.9902 4.8125C24.8826 3.6497 25.7767 2.70627 26.4473 2.05469C26.618 1.88883 26.775 1.74333 26.9121 1.61719C27.049 1.74312 27.2047 1.88921 27.375 2.05469C28.0455 2.70624 28.9397 3.64971 29.832 4.8125C31.6351 7.16206 33.3397 10.2895 33.3398 13.6592C33.3398 17.029 31.6351 20.1572 29.832 22.5068C28.9398 23.6695 28.0455 24.6121 27.375 25.2637C27.2043 25.4295 27.0492 25.577 26.9121 25.7031Z" stroke="black" stroke-width="2"></path>
+<path d="M25.5607 19.3789L27.4618 19.3457C27.5492 19.3442 27.6286 19.3884 27.6747 19.4583L27.7093 19.5368L28.045 20.9198C28.1559 21.3761 28.4798 21.7513 28.9152 21.9272C29.3419 22.0994 29.8251 22.0595 30.2183 21.8205L31.3036 21.1608C31.3771 21.116 31.4662 21.1134 31.5407 21.1488L31.6099 21.1965L32.9965 22.5729C33.0577 22.6336 33.0825 22.7203 33.0659 22.8012L33.035 22.8799L32.4788 23.8048C32.2386 24.2041 32.1867 24.6853 32.3299 25.122L32.4034 25.3063C32.5966 25.715 32.9524 26.0199 33.3793 26.1498L33.5666 26.1943L34.4238 26.3454C34.5414 26.3663 34.628 26.4675 34.6302 26.587L34.6642 28.532C34.6662 28.6469 34.5891 28.7489 34.478 28.7784L33.3785 29.0711C32.9508 29.1849 32.5956 29.4757 32.399 29.8657L32.3249 30.0389C32.1648 30.4848 32.2187 30.9794 32.4714 31.3803L33.0028 32.2237C33.0497 32.2981 33.0532 32.3898 33.0168 32.4656L32.9672 32.5349L31.5394 33.9438C31.4825 33.9998 31.4038 34.0241 31.3277 34.0129L31.2531 33.9898L30.2136 33.4737C29.8594 33.298 29.4528 33.2687 29.0801 33.387L28.9219 33.4464C28.5639 33.6057 28.2838 33.8968 28.1361 34.2552L28.0812 34.4124L27.7617 35.5207C27.7312 35.6261 27.6352 35.6996 27.5255 35.7016L25.5874 35.7354C25.4685 35.7375 25.3646 35.6555 25.3388 35.5396L25.0832 34.3808L25.0342 34.2068C24.9146 33.8684 24.6748 33.5849 24.361 33.4108L24.1976 33.3335L24.0433 33.2806C23.7308 33.1931 23.3978 33.2118 23.0968 33.3332L22.9495 33.4022L21.7729 34.0361C21.6979 34.0764 21.6097 34.0746 21.5375 34.0363L21.4722 33.9867L20.1375 32.5586C20.0776 32.4944 20.0574 32.4054 20.0787 32.3242L20.1135 32.2474L20.7373 31.3321C20.9834 30.9707 21.049 30.5199 20.923 30.108L20.8575 29.9343L20.7817 29.7901C20.6149 29.5119 20.3581 29.2988 20.0542 29.1855L19.8981 29.1365L18.4973 28.7898C18.3875 28.7625 18.3097 28.6649 18.3075 28.5518L18.275 26.6888C18.2733 26.5838 18.3372 26.4906 18.4321 26.4527L18.4738 26.4402L19.6961 26.1854C20.1451 26.0918 20.5232 25.7997 20.7294 25.3977L20.8074 25.2186C20.9466 24.8306 20.9208 24.4049 20.7399 24.0399L20.6523 23.8881L20.0481 22.9571C19.9825 22.8563 19.9975 22.723 20.0845 22.64L21.5852 21.2083C21.6715 21.126 21.8046 21.1157 21.9022 21.1843L22.718 21.758C23.1295 22.0472 23.659 22.111 24.1274 21.9278C24.5375 21.7673 24.8531 21.4365 24.9966 21.0267L25.0481 20.8461L25.3209 19.5765C25.3453 19.4629 25.4445 19.3809 25.5607 19.3789Z" fill="white" stroke="black" stroke-width="1.5"></path>
+<circle cx="26.4669" cy="27.5406" r="2.53895" transform="rotate(-1 26.4669 27.5406)" fill="white" stroke="black" stroke-width="1.5"></circle>
+</svg></svg></g></g><defs><clipPath id="SvgjsClipPath1024"><rect width="1000" height="1000" x="0" y="0" rx="250" ry="250"></rect></clipPath></defs></svg>
\ No newline at end of file
diff --git a/docs/logos/vertex-ai.svg b/docs/logos/vertex-ai.svg
new file mode 100644
index 000000000..1a6a483ab
--- /dev/null
+++ b/docs/logos/vertex-ai.svg
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg id="Standard_product_Icon" data-name="Standard product Icon" xmlns="http://www.w3.org/2000/svg" version="1.1" viewBox="0 0 512 512">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: none;
+      }
+
+      .cls-1, .cls-2, .cls-3, .cls-4, .cls-5 {
+        stroke-width: 0px;
+      }
+
+      .cls-2 {
+        fill: #34a853;
+      }
+
+      .cls-3 {
+        fill: #4285f4;
+      }
+
+      .cls-4 {
+        fill: #ea4335;
+      }
+
+      .cls-5 {
+        fill: #fbbc04;
+      }
+    </style>
+  </defs>
+  <g id="bounding_box" data-name="bounding box">
+    <rect id="bounding_box-2" data-name="bounding box-2" class="cls-1" width="512" height="512"/>
+  </g>
+  <g id="art_layer" data-name="art layer">
+    <path class="cls-4" d="M128,249c-8.8,0-16-7.2-16-16v-105c0-8.8,7.2-16,16-16s16,7.2,16,16v105c0,8.8-7.2,16-16,16Z"/>
+    <path class="cls-5" d="M256,464c-3,0-6-.8-8.6-2.5l-176-112c-7.5-4.7-9.7-14.6-4.9-22.1,4.8-7.5,14.6-9.6,22.1-4.9l167.4,106.5,167.4-106.5c7.5-4.7,17.3-2.5,22.1,4.9,4.7,7.5,2.5,17.3-4.9,22.1l-176,112c-2.6,1.7-5.6,2.5-8.6,2.5h0Z"/>
+    <path class="cls-2" d="M256,394c-8.8,0-16-7.2-16-16v-73.1c0-8.8,7.2-16,16-16s16,7.2,16,16v73.1c0,8.8-7.2,16-16,16Z"/>
+    <circle class="cls-4" cx="128" cy="64" r="16"/>
+    <circle class="cls-4" cx="128" cy="297" r="16"/>
+    <path class="cls-3" d="M384.2,314c-8.8,0-16-7.1-16-16l-.2-106c0-8.8,7.1-16,16-16h0c8.8,0,16,7.1,16,16l.2,106c0,8.8-7.1,16-16,16h0Z"/>
+    <circle class="cls-3" cx="384" cy="64" r="16"/>
+    <circle class="cls-3" cx="384" cy="128" r="16"/>
+    <path class="cls-5" d="M320,225c-8.8,0-16-7.2-16-16v-103c0-8.8,7.2-16,16-16s16,7.2,16,16v103c0,8.8-7.2,16-16,16Z"/>
+    <circle class="cls-2" cx="256" cy="177" r="16"/>
+    <circle class="cls-2" cx="256" cy="241" r="16"/>
+    <circle class="cls-5" cx="320" cy="273" r="16"/>
+    <circle class="cls-5" cx="320" cy="337" r="16"/>
+    <path class="cls-5" d="M192,225c-8.8,0-16-7.2-16-16v-103c0-8.8,7.2-16,16-16s16,7.2,16,16v103c0,8.8-7.2,16-16,16Z"/>
+    <circle class="cls-5" cx="192" cy="273" r="16"/>
+    <circle class="cls-5" cx="192" cy="337" r="16"/>
+  </g>
+</svg>
\ No newline at end of file
diff --git a/docs/logos/warp.svg b/docs/logos/warp.svg
new file mode 100644
index 000000000..8b12c8341
--- /dev/null
+++ b/docs/logos/warp.svg
@@ -0,0 +1 @@
+<svg fill="#01A4FF" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>Warp</title><path d="M12.035 2.723h9.253A2.712 2.712 0 0 1 24 5.435v10.529a2.712 2.712 0 0 1-2.712 2.713H8.047Zm-1.681 2.6L6.766 19.677h5.598l-.399 1.6H2.712A2.712 2.712 0 0 1 0 18.565V8.036a2.712 2.712 0 0 1 2.712-2.712Z"/></svg>
\ No newline at end of file
diff --git a/docs/logos/zai-dark.svg b/docs/logos/zai-dark.svg
new file mode 100644
index 000000000..902655208
--- /dev/null
+++ b/docs/logos/zai-dark.svg
@@ -0,0 +1,5 @@
+<svg width="100" height="100" viewBox="0 0 100 100" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M52.3767 10.0721L45.8028 19.4273C44.7914 20.8938 43.072 21.804 41.2516 21.804H5.34765V10.0215C5.29708 10.0721 52.3767 10.0721 52.3767 10.0721Z" fill="white"/>
+<path d="M97.0291 10.0722L40.5942 90.0216H2.97095L59.4058 10.0722H97.0291Z" fill="white"/>
+<path d="M47.6233 90.0215L54.2478 80.6157C55.2592 79.1492 56.9785 78.2389 58.799 78.2389H94.6524V90.0215H47.6233Z" fill="white"/>
+</svg>
diff --git a/docs/logos/zai.svg b/docs/logos/zai.svg
new file mode 100644
index 000000000..4f511bd72
--- /dev/null
+++ b/docs/logos/zai.svg
@@ -0,0 +1,219 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 25.3.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 30 30" style="enable-background:new 0 0 30 30;" xml:space="preserve">
+<style type="text/css">
+	.st0{opacity:0.3;fill:#E2E4E7;}
+	.st1{opacity:0.8;fill:#E2E4E7;stroke:#FFFFFF;stroke-width:5;stroke-miterlimit:10;}
+	.st2{fill:url(#SVGID_1_);}
+	.st3{fill:none;stroke:#E0E4E9;stroke-width:0.25;stroke-miterlimit:10;}
+	.st4{fill:none;}
+	.st5{fill:#9DA1A5;}
+	.st6{fill-rule:evenodd;clip-rule:evenodd;fill:none;}
+	.st7{fill-rule:evenodd;clip-rule:evenodd;fill:#DFE2E7;}
+	.st8{fill-rule:evenodd;clip-rule:evenodd;fill:#CDD4DA;}
+	.st9{fill-rule:evenodd;clip-rule:evenodd;fill:#B3BCC7;}
+	.st10{fill-rule:evenodd;clip-rule:evenodd;fill:#9DAAB7;}
+	.st11{fill-rule:evenodd;clip-rule:evenodd;fill:#8698A8;}
+	.st12{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_2_);}
+	.st13{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_3_);}
+	.st14{fill:#1F63EC;}
+	.st15{fill:#2D2D2D;}
+	.st16{fill:none;stroke:#E0E4E9;stroke-width:0.5;stroke-miterlimit:10;}
+	.st17{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_4_);}
+	.st18{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_5_);}
+	.st19{fill:none;stroke:#677380;stroke-width:0.5;stroke-miterlimit:10;}
+	.st20{fill:none;stroke:url(#SVGID_6_);stroke-width:2;stroke-miterlimit:10;}
+	.st21{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_7_);}
+	.st22{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_8_);}
+	.st23{fill:#FFFFFF;}
+	.st24{fill-rule:evenodd;clip-rule:evenodd;fill:#2D2D2D;}
+	.st25{clip-path:url(#SVGID_10_);}
+	.st26{clip-path:url(#SVGID_12_);}
+	.st27{fill:url(#SVGID_13_);}
+	.st28{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_14_);}
+	.st29{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_15_);}
+	.st30{clip-path:url(#SVGID_17_);}
+	.st31{clip-path:url(#SVGID_19_);}
+	.st32{fill:url(#SVGID_20_);}
+	.st33{fill:none;stroke:url(#SVGID_21_);stroke-width:2;stroke-miterlimit:10;}
+	.st34{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_22_);}
+	.st35{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_23_);}
+	.st36{clip-path:url(#SVGID_25_);}
+	.st37{clip-path:url(#SVGID_27_);}
+	.st38{fill:url(#SVGID_28_);}
+	.st39{clip-path:url(#SVGID_30_);}
+	.st40{clip-path:url(#SVGID_32_);}
+	.st41{fill:url(#SVGID_33_);}
+	.st42{fill-rule:evenodd;clip-rule:evenodd;fill:#126EF6;}
+	.st43{fill-rule:evenodd;clip-rule:evenodd;fill:#FFFFFF;}
+	.st44{clip-path:url(#SVGID_35_);}
+	.st45{clip-path:url(#SVGID_37_);}
+	.st46{fill:url(#SVGID_38_);}
+	.st47{fill-rule:evenodd;clip-rule:evenodd;fill:#9DA1A5;}
+	.st48{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_39_);}
+	.st49{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_40_);}
+	.st50{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_41_);}
+	.st51{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_42_);}
+	.st52{fill:none;stroke:url(#SVGID_43_);stroke-width:2;stroke-miterlimit:10;}
+	.st53{fill-rule:evenodd;clip-rule:evenodd;fill:none;stroke:#E0E4E9;stroke-width:0.5;stroke-miterlimit:10;}
+	.st54{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_44_);}
+	.st55{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_45_);}
+	.st56{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_46_);}
+	.st57{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_47_);}
+	.st58{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_48_);}
+	.st59{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_49_);}
+	.st60{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_50_);}
+	.st61{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_51_);}
+	.st62{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_52_);}
+	.st63{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_53_);}
+	.st64{clip-path:url(#SVGID_55_);}
+	.st65{clip-path:url(#SVGID_57_);}
+	.st66{fill:url(#SVGID_58_);}
+	.st67{clip-path:url(#SVGID_60_);}
+	.st68{clip-path:url(#SVGID_62_);}
+	.st69{fill:url(#SVGID_63_);}
+	.st70{fill:none;stroke:url(#SVGID_64_);stroke-width:2;stroke-miterlimit:10;}
+	.st71{clip-path:url(#SVGID_66_);}
+	.st72{clip-path:url(#SVGID_68_);}
+	.st73{fill:url(#SVGID_69_);}
+	.st74{clip-path:url(#SVGID_71_);}
+	.st75{clip-path:url(#SVGID_73_);}
+	.st76{fill:url(#SVGID_74_);}
+	.st77{clip-path:url(#SVGID_76_);}
+	.st78{clip-path:url(#SVGID_78_);}
+	.st79{fill:url(#SVGID_79_);}
+	.st80{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_80_);}
+	.st81{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_81_);}
+	.st82{clip-path:url(#SVGID_83_);}
+	.st83{clip-path:url(#SVGID_85_);}
+	.st84{fill:url(#SVGID_86_);}
+	.st85{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_87_);}
+	.st86{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_88_);}
+	.st87{clip-path:url(#SVGID_90_);}
+	.st88{clip-path:url(#SVGID_92_);}
+	.st89{fill:url(#SVGID_93_);}
+	.st90{fill:none;stroke:url(#SVGID_94_);stroke-width:2;stroke-miterlimit:10;}
+	.st91{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_95_);}
+	.st92{fill-rule:evenodd;clip-rule:evenodd;fill:url(#SVGID_96_);}
+	.st93{clip-path:url(#SVGID_98_);}
+	.st94{clip-path:url(#SVGID_100_);}
+	.st95{fill:url(#SVGID_101_);}
+	.st96{clip-path:url(#SVGID_103_);}
+	.st97{clip-path:url(#SVGID_105_);}
+	.st98{fill:url(#SVGID_106_);}
+	.st99{clip-path:url(#SVGID_108_);}
+	.st100{clip-path:url(#SVGID_110_);}
+	.st101{fill:url(#SVGID_111_);}
+	.st102{fill:#FFFFFF;stroke:#B3BCC7;stroke-width:0.275;stroke-miterlimit:10;}
+	.st103{clip-path:url(#SVGID_113_);}
+	.st104{fill:#FDD138;}
+	.st105{fill:#FCA62F;}
+	.st106{fill:#FB7927;}
+	.st107{fill:#F44B22;}
+	.st108{fill:#D81915;}
+	.st109{fill:#2D2D2D;stroke:#FFFFFF;stroke-width:0.3354;stroke-miterlimit:10;}
+	.st110{fill:none;stroke:#65727F;stroke-width:2;stroke-miterlimit:10;}
+	.st111{fill:none;stroke:#65727F;stroke-width:0.75;stroke-miterlimit:10;}
+	.st112{fill:url(#SVGID_114_);}
+	.st113{fill:#D06C50;}
+	.st114{fill:#2D2D2D;stroke:#B3BCC7;stroke-width:0.275;stroke-miterlimit:10;}
+	.st115{opacity:0.2;}
+	.st116{fill:none;stroke:#677380;stroke-width:0.3564;stroke-miterlimit:10;}
+	.st117{fill:none;stroke:#677380;stroke-width:0.3564;stroke-miterlimit:10;stroke-dasharray:1.0212,1.0212;}
+	.st118{fill:none;stroke:#677380;stroke-width:0.3564;stroke-miterlimit:10;stroke-dasharray:1.0205,1.0205;}
+	.st119{opacity:0.2;fill:none;}
+	.st120{fill:none;stroke:#677380;stroke-width:0.3689;stroke-miterlimit:10;}
+	.st121{fill:none;stroke:#677380;stroke-width:0.3689;stroke-miterlimit:10;stroke-dasharray:1.0509,1.0509;}
+	.st122{opacity:0.3;fill:#1F63EC;}
+	.st123{fill:#2D2D2D;stroke:#FFFFFF;stroke-width:0.3162;stroke-miterlimit:10;}
+	.st124{fill:#FFFFFF;stroke:#B3BCC7;stroke-width:0.3162;stroke-miterlimit:10;}
+	.st125{clip-path:url(#SVGID_118_);}
+	.st126{fill:url(#SVGID_119_);}
+	.st127{fill:none;stroke:#DFE2E7;stroke-width:0.75;stroke-miterlimit:10;}
+	.st128{fill:#9DA1A5;stroke:#FFFFFF;stroke-miterlimit:10;}
+	.st129{fill:url(#SVGID_120_);}
+	.st130{fill:none;stroke:#677380;stroke-width:0.75;stroke-miterlimit:10;}
+	.st131{opacity:0.4;}
+	.st132{clip-path:url(#SVGID_122_);}
+	.st133{clip-path:url(#SVGID_124_);}
+	.st134{fill:url(#SVGID_125_);}
+	.st135{fill:none;stroke:#8392A3;stroke-width:0.35;stroke-miterlimit:10;}
+	.st136{fill:none;stroke:#8392A3;stroke-width:0.35;stroke-miterlimit:10;stroke-dasharray:0.9951,0.9951;}
+	.st137{fill:none;stroke:#8392A3;stroke-width:0.35;stroke-miterlimit:10;stroke-dasharray:1.004,1.004;}
+	.st138{fill:none;stroke:url(#SVGID_126_);stroke-width:1.5;stroke-miterlimit:10;}
+	.st139{fill:url(#SVGID_127_);}
+	.st140{fill:none;stroke:#DDE0E4;stroke-width:0.35;stroke-miterlimit:10;}
+	.st141{fill:#2D2D2D;stroke:#A9B3BE;stroke-width:0.275;stroke-miterlimit:10;}
+	.st142{fill-rule:evenodd;clip-rule:evenodd;fill:#126EF4;}
+	.st143{fill:#FFFFFF;stroke:#B1BAC4;stroke-width:0.275;stroke-miterlimit:10;}
+	.st144{fill:#CE6C50;}
+	.st145{fill:#5B5B5B;}
+	.st146{fill:#8392A3;}
+	.st147{fill:none;stroke:url(#SVGID_128_);stroke-width:1.5;stroke-miterlimit:10;}
+	.st148{fill:url(#SVGID_129_);}
+	.st149{fill:none;stroke:#B5BDC4;stroke-width:0.7;stroke-miterlimit:10;}
+	.st150{opacity:0.6;fill:none;stroke:#78838E;stroke-width:0.35;stroke-miterlimit:10;}
+	.st151{opacity:0.2;fill:none;stroke:#8392A3;stroke-width:0.35;stroke-miterlimit:10;stroke-dasharray:1,1;}
+	.st152{fill:none;stroke:#DDE0E4;stroke-width:0.75;stroke-miterlimit:10;}
+	.st153{fill:none;stroke:#8392A3;stroke-width:0.5;stroke-miterlimit:10;}
+	.st154{opacity:0.2;fill:none;stroke:#677380;stroke-width:0.3564;stroke-miterlimit:10;stroke-dasharray:1.0182,1.0182;}
+	.st155{fill:none;stroke:#DDE0E4;stroke-width:0.765;stroke-miterlimit:10;}
+	.st156{fill:url(#SVGID_130_);}
+	.st157{fill:url(#SVGID_131_);}
+	.st158{fill:#B1BAC4;}
+	.st159{fill:#CBD1D8;}
+	.st160{fill:#0B1B2B;}
+	.st161{fill:#91D119;}
+	.st162{opacity:0.7;}
+	.st163{fill:#FFFFFF;stroke:#000000;stroke-width:0.4418;stroke-miterlimit:10;}
+	.st164{fill:none;stroke:#939CAA;stroke-width:0.2209;stroke-miterlimit:10;}
+	.st165{fill:none;stroke:#FFFFFF;stroke-width:3.0924;stroke-miterlimit:10;}
+	.st166{fill:url(#SVGID_132_);}
+	.st167{fill:none;stroke:url(#SVGID_133_);stroke-width:1.714;stroke-miterlimit:10;}
+	.st168{fill:url(#SVGID_134_);}
+	.st169{fill:url(#SVGID_135_);}
+	.st170{fill:url(#SVGID_136_);}
+	.st171{fill:url(#SVGID_137_);}
+	.st172{fill:url(#SVGID_138_);}
+	.st173{fill:url(#SVGID_139_);}
+	.st174{fill:url(#SVGID_140_);}
+	.st175{fill:url(#SVGID_141_);}
+	.st176{fill:url(#SVGID_142_);}
+	.st177{fill:url(#SVGID_143_);}
+	.st178{fill:url(#SVGID_144_);}
+	.st179{fill:none;stroke:#1F63EC;stroke-width:4;stroke-miterlimit:10;}
+	.st180{fill:none;stroke:#0B1B2B;stroke-width:4;stroke-miterlimit:10;}
+	.st181{fill:none;stroke:#677380;stroke-width:0.3989;stroke-miterlimit:10;}
+	.st182{fill:none;stroke:#677380;stroke-width:0.3989;stroke-miterlimit:10;stroke-dasharray:1.14,1.14;}
+	.st183{fill:#257AF1;}
+	.st184{opacity:0.3;fill:#FFFFFF;}
+	.st185{fill:none;stroke:#98A5B2;stroke-width:4;stroke-miterlimit:10;}
+	.st186{fill:none;stroke:#65727F;stroke-width:0.3989;stroke-miterlimit:10;}
+	.st187{fill:none;stroke:#65727F;stroke-width:0.3989;stroke-miterlimit:10;stroke-dasharray:1.14,1.14;}
+	.st188{fill:none;stroke:#DDDFE4;stroke-width:0.75;stroke-miterlimit:10;}
+	.st189{fill:#9A9EA2;}
+	.st190{fill-rule:evenodd;clip-rule:evenodd;fill:#3267AC;}
+	.st191{fill:#FFFFFF;stroke:#AFB8C3;stroke-width:0.275;stroke-miterlimit:10;}
+	.st192{fill:#C5694E;}
+	.st193{fill:#8192A2;}
+	.st194{fill:#2D2D2D;stroke:#FFFFFF;stroke-width:0.6317;stroke-miterlimit:10;}
+</style>
+<g id="图层_2">
+</g>
+<g id="图层_1">
+	<path class="st194" d="M24.51,28.51H5.49c-2.21,0-4-1.79-4-4V5.49c0-2.21,1.79-4,4-4h19.03c2.21,0,4,1.79,4,4v19.03
+		C28.51,26.72,26.72,28.51,24.51,28.51z"/>
+	<g>
+		<g>
+			<g>
+				<g>
+					<path class="st23" d="M15.47,7.1l-1.3,1.85c-0.2,0.29-0.54,0.47-0.9,0.47h-7.1V7.09C6.16,7.1,15.47,7.1,15.47,7.1z"/>
+					<polygon class="st23" points="24.3,7.1 13.14,22.91 5.7,22.91 16.86,7.1 					"/>
+					<path class="st23" d="M14.53,22.91l1.31-1.86c0.2-0.29,0.54-0.47,0.9-0.47h7.09v2.33H14.53z"/>
+				</g>
+			</g>
+		</g>
+	</g>
+</g>
+</svg>
diff --git a/docs/manus.md b/docs/manus.md
new file mode 100644
index 000000000..7ee919846
--- /dev/null
+++ b/docs/manus.md
@@ -0,0 +1,73 @@
+---
+summary: "Manus provider: browser session_id cookie auth for credit balance, monthly credits, and daily refresh tracking."
+read_when:
+  - Adding or modifying the Manus provider
+  - Debugging Manus cookie imports or API responses
+  - Adjusting Manus usage display or credit formatting
+---
+
+# Manus Provider
+
+The Manus provider tracks credit usage on [manus.im](https://manus.im) via browser `session_id` cookie authentication.
+
+## Features
+
+- **Monthly credit gauge**: Shows Pro monthly credits used vs. plan total (`proMonthlyCredits` − `periodicCredits`).
+- **Daily refresh gauge**: Shows daily refresh credits used vs. max refresh allotment, with reset timing.
+- **Balance display**: Total credits available, shown in the menu identity line.
+- **Cookie auth**: Automatic browser cookie import (Safari, Chrome, Firefox) or manual cookie header.
+- **Env var support**: `MANUS_SESSION_TOKEN` (raw token) or `MANUS_COOKIE` (full cookie header) for CLI/headless usage.
+
+## Setup
+
+1. Open **Settings → Providers**
+2. Enable **Manus**
+3. Log in to [manus.im](https://manus.im) in your browser
+4. Cookie import happens automatically on the next refresh
+
+### Manual cookie mode
+
+1. In **Settings → Providers → Manus**, set Cookie source to **Manual**
+2. Open your browser DevTools on `manus.im`, copy the `Cookie:` header from any API request (must contain `session_id=...`)
+3. Paste the header into the cookie field in CodexBar
+
+### Environment variables (CLI / headless)
+
+- `MANUS_SESSION_TOKEN`: the raw `session_id` value.
+- `MANUS_COOKIE`: a full cookie header; the provider extracts `session_id` from it.
+
+Either works; raw-token form is preferred when only one value is needed.
+
+## How it works
+
+A single API endpoint is fetched with a bearer token derived from the `session_id` cookie value:
+
+- `POST https://api.manus.im/user.v1.UserService/GetAvailableCredits` — returns credit fields including `totalCredits`, `freeCredits`, `periodicCredits`, `proMonthlyCredits`, `refreshCredits`, `maxRefreshCredits`, `nextRefreshTime`, and `refreshInterval`.
+
+Cookie domain: `manus.im`. Valid `session_id` cookies are cached in Keychain and reused until the session expires.
+
+The response parser tolerates both a direct object and common envelope shapes (`data` / `result` / `response` / `availableCredits`). Payloads missing all expected credit fields are rejected as a parse error rather than surfacing a misleading zero-credit snapshot.
+
+## Token accounts
+
+Manus supports multiple accounts via the standard token-account mechanism. Add entries to `~/.codexbar/config.json` (`tokenAccounts`) with the full `Cookie:` header (containing `session_id=...`), then switch between accounts from the menu.
+
+## CLI
+
+```bash
+codexbar usage --provider manus --verbose
+```
+
+## Troubleshooting
+
+### "No Manus session token provided"
+
+Log in to [manus.im](https://manus.im) in a supported browser (Safari, Chrome, Firefox), then refresh CodexBar. Alternatively, set `MANUS_SESSION_TOKEN` or `MANUS_COOKIE`, or paste a cookie header in manual mode.
+
+### "Invalid Manus session token"
+
+Your session has expired or been revoked. Log out and back in to Manus, or paste a fresh `Cookie:` header in manual mode.
+
+### "Response missing expected credits fields"
+
+The API returned a 200 response that doesn't look like a credits payload (often an error object). Re-login to Manus; if it persists, the upstream response schema may have changed.
diff --git a/docs/mimo.md b/docs/mimo.md
new file mode 100644
index 000000000..be6fb0636
--- /dev/null
+++ b/docs/mimo.md
@@ -0,0 +1,55 @@
+---
+summary: "Xiaomi MiMo provider notes: cookie auth, balance endpoint, and setup."
+read_when:
+  - Adding or modifying the Xiaomi MiMo provider
+  - Debugging MiMo cookie import or balance fetching
+  - Explaining MiMo setup and limitations to users
+---
+
+# Xiaomi MiMo Provider
+
+The Xiaomi MiMo provider tracks your current balance from the Xiaomi MiMo console.
+
+## Features
+
+- **Balance display**: Shows the current MiMo balance as provider identity text.
+- **Cookie-based auth**: Uses browser cookies or a pasted `Cookie:` header.
+- **Near-real-time updates**: Balance usually reflects within a few minutes.
+
+## Setup
+
+1. Open **Settings → Providers**
+2. Enable **Xiaomi MiMo**
+3. Leave **Cookie source** on **Auto** (recommended)
+
+### Manual cookie import (optional)
+
+1. Open `https://platform.xiaomimimo.com/#/console/balance`
+2. Copy a `Cookie:` header from your browser’s Network tab
+3. Paste it into **Xiaomi MiMo → Cookie source → Manual**
+
+## How it works
+
+- Fetches `GET https://platform.xiaomimimo.com/api/v1/balance`
+- Requires the `api-platform_serviceToken` and `userId` cookies
+- Accepts optional MiMo cookies like `api-platform_ph` and `api-platform_slh` when present
+- Supports `MIMO_API_URL` to override the base API URL for testing
+
+## Limitations
+
+- MiMo currently exposes **balance only**
+- Token cost, status polling, debug log output, and widgets are not supported yet
+
+## Troubleshooting
+
+### “No Xiaomi MiMo browser session found”
+
+Log in at `https://platform.xiaomimimo.com/#/console/balance` in Chrome, then refresh CodexBar.
+
+### “Xiaomi MiMo requires the api-platform_serviceToken and userId cookies”
+
+The pasted header or imported browser session is missing required cookies. Re-copy the request from the balance page after logging in again.
+
+### “Xiaomi MiMo browser session expired”
+
+Your MiMo login is stale. Sign out and back in on the MiMo site, then refresh CodexBar.
diff --git a/docs/minimax.md b/docs/minimax.md
index 6b7b7d647..15bb3ecbc 100644
--- a/docs/minimax.md
+++ b/docs/minimax.md
@@ -1,5 +1,5 @@
 ---
-summary: "MiniMax provider data sources: API token or browser cookies + coding plan remains API."
+summary: "MiniMax provider data sources: Coding Plan tokens, browser cookies, and web-session parsing."
 read_when:
   - Debugging MiniMax usage parsing
   - Updating MiniMax cookie handling or coding plan scraping
@@ -8,49 +8,33 @@ read_when:
 
 # MiniMax provider
 
-MiniMax supports API tokens or web sessions. Usage is fetched from the Coding Plan remains API using
-either a Bearer API token or a session cookie header.
+MiniMax supports Coding Plan API tokens or web sessions. Web-session mode uses MiniMax browser/session state and
+falls back across the provider's supported web requests when needed.
 
-## Data sources + fallback order
+## Data sources
 
-1) **API token** (preferred)
-   - Set in Preferences → Providers → MiniMax (stored in `~/.codexbar/config.json`) or `MINIMAX_API_KEY`.
-   - When present, MiniMax uses the API token and ignores cookies entirely.
+1) **Coding Plan API token**
+   - Set in Preferences → Providers → MiniMax (stored in `~/.codexbar/config.json`), `MINIMAX_CODING_API_KEY`,
+     or `MINIMAX_API_KEY`.
+   - When both environment variables are present, `MINIMAX_CODING_API_KEY` wins so a standard `sk-api-*` key does
+     not mask a coding-plan `sk-cp-*` key.
+   - Auto mode can fall back to the web/cookie path when API-token credentials are rejected or the global endpoint
+     returns 404.
 
-2) **Cached cookie header** (automatic, only when no API token)
-   - Keychain cache: `com.steipete.codexbar.cache` (account `cookie.minimax`).
+2) **Cached/imported browser session** (automatic web path)
+   - Uses CodexBar's standard cookie cache and browser import flow.
 
 3) **Browser cookie import** (automatic)
-   - Cookie order from provider metadata (default: Safari → Chrome → Firefox).
-   - Merges Chromium profile cookies across the primary + Network stores before attempting a request.
-   - Tries each browser source until the Coding Plan API accepts the cookies.
-   - Domain filters: `platform.minimax.io`, `minimax.io`.
-
-4) **Browser local storage access token** (Chromium-based)
-   - Reads `access_token` (and related tokens) from Chromium local storage (LevelDB) to authorize the remains API.
-   - If decoding fails, falls back to a text-entry scan for `minimax.io` keys/values and filters for MiniMax JWT claims.
-   - Used automatically; no UI field.
-   - Also extracts `GroupId` when present (appends query param).
-
-5) **Manual session cookie header** (optional override)
+   - Uses provider metadata for browser order and MiniMax domain filters.
+   - Chromium browser storage can supplement imported cookies with access-token context when available.
+
+4) **Manual session cookie header** (optional web-path override)
    - Stored in `~/.codexbar/config.json` via Preferences → Providers → MiniMax (Cookie source → Manual).
    - Accepts a raw `Cookie:` header or a full "Copy as cURL" string.
-   - When a cURL string is pasted, MiniMax extracts the cookie header plus `Authorization: Bearer …` and
-     `GroupId=…` for the remains API.
-   - CLI/runtime env: `MINIMAX_COOKIE` or `MINIMAX_COOKIE_HEADER`.
-
-## Endpoints
-- API token endpoint: `https://api.minimax.io/v1/coding_plan/remains`
-  - Requires `Authorization: Bearer <api_token>`.
-- Global host (cookies): `https://platform.minimax.io`
-- China mainland host: `https://platform.minimaxi.com`
-- `GET {host}/user-center/payment/coding-plan`
-  - HTML parse for "Available usage" and plan name.
-- `GET {host}/v1/api/openplatform/coding_plan/remains`
-  - Fallback when HTML parsing fails.
-  - Sent with a `Referer` to the Coding Plan page.
-  - Adds `Authorization: Bearer <access_token>` when available.
-  - Adds `GroupId` query param when known.
+   - Low-level no-settings runtime can read `MINIMAX_COOKIE` or `MINIMAX_COOKIE_HEADER`.
+
+## Requests
+- Web sessions use the global host or China mainland host.
 - Region picker in Providers settings toggles the host; environment overrides:
   - `MINIMAX_HOST=platform.minimaxi.com`
   - `MINIMAX_CODING_PLAN_URL=...` (full URL override)
@@ -62,25 +46,46 @@ either a Bearer API token or a session cookie header.
 - Copy the `Cookie` request header (or use “Copy as cURL” and paste the whole line).
 - Paste into Preferences → Providers → MiniMax only if automatic import fails.
 
-## Notes
-- Cookies alone often return status 1004 (“cookie is missing, log in again”); the remains API expects a Bearer token.
-- MiniMax stores `access_token` in Chromium local storage (LevelDB). Some entries serialize the storage key without a scheme
-  (ex: `minimax.io`), so origin matching must account for host-only keys.
-- Raw JWT scan fallback remains as a safety net if Chromium key formats change.
-- If local storage keys don’t decode (some Chrome builds), the MiniMax-specific text scan avoids a full raw-byte scan.
-
-## Cookie file paths
-- Safari: `~/Library/Cookies/Cookies.binarycookies`
-- Chrome/Chromium forks: `~/Library/Application Support/Google/Chrome/*/Cookies`
-- Firefox: `~/Library/Application Support/Firefox/Profiles/*/cookies.sqlite`
-
 ## Snapshot mapping
-- Primary: percent used from `model_remains` (used/total) or HTML "Available usage".
-- Window: derived from `start_time`/`end_time` or HTML duration text.
-- Reset: derived from `remains_time` (fallback to `end_time`) or HTML "Resets in …".
-- Plan/tier: best-effort from response fields or HTML title.
+- Primary usage, reset timing, and plan/tier are derived from Coding Plan response fields or page text.
+- Web-session billing history, when available, is mapped into the shared inline usage dashboard:
+  - 30-day token trend.
+  - Top model and top method breakdowns.
+  - Summary rows for recent billing-history totals.
+
+If the billing-history endpoint is unavailable but normal Coding Plan quota data is present, CodexBar still shows the
+quota card and omits the chart instead of treating the whole provider as failed.
 
 ## Key files
 - `Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift`
 - `Sources/CodexBarCore/Providers/MiniMax/MiniMaxProviderDescriptor.swift`
 - `Sources/CodexBar/Providers/MiniMax/MiniMaxProviderImplementation.swift`
+
+## CLI diagnose command
+
+The generic `diagnose` command performs a real provider diagnostic invocation and emits a safe, redacted JSON export
+for issue reporting and verification. MiniMax adds a provider-specific `details` block with safe usage metadata.
+
+### Usage
+```
+codexbar diagnose --provider minimax --format json --pretty
+```
+
+### Output
+- Structural diagnostic JSON with provider, source/source mode, auth summary, usage summary, fetch attempts, and error categories.
+- All sensitive fields (API tokens, cookies, emails, auth headers) are redacted via `LogRedactor`.
+- Errors are mapped to safe categories (`network`, `auth`, `api`, `parse`) with user-friendly descriptions.
+- No raw API responses, raw error messages, tokens, cookies, emails, account IDs, org IDs, or billing history.
+
+### What is excluded from output
+- Raw API tokens (`sk-cp-*`, `sk-api-*`) and authorization headers
+- Cookie header values
+- Email addresses
+- Account IDs, org IDs
+- Raw error messages (replaced with safe category-based descriptions)
+- Raw HTTP responses or request bodies
+- Billing history details
+
+### Exit codes
+- `0`: Diagnostic completed successfully (even if provider auth is not configured)
+- `1`: Unknown error or invalid arguments
diff --git a/docs/model-pricing.md b/docs/model-pricing.md
new file mode 100644
index 000000000..0cec29517
--- /dev/null
+++ b/docs/model-pricing.md
@@ -0,0 +1,34 @@
+# Model pricing metadata
+
+CodexBar has an additive models.dev pricing pipeline for future cost lookup work. Existing hardcoded pricing remains unchanged for now.
+
+## Source and cache
+
+- Source API: `https://models.dev/api.json`
+- No API key is required.
+- Local cache: `~/Library/Caches/CodexBar/model-pricing/models-dev-v1.json`
+- TTL: 24 hours
+
+The pipeline lets future scanner code read the last valid cache synchronously with `ModelsDevPricingPipeline.lookup` and refresh stale metadata separately with `ModelsDevPricingPipeline.refreshIfNeeded`. If a refresh fails, the last valid cache remains usable.
+
+## Lookup rules
+
+Pricing is scoped by provider id and model id. This prevents two providers with the same model id or display name from sharing pricing accidentally.
+
+Planned local source mapping:
+
+- Codex/OpenAI logs: models.dev provider id `openai`
+- Claude logs: models.dev provider id `anthropic`
+- Vertex AI Claude logs: models.dev provider id `google-vertex-anthropic`
+
+The first integration PR only adds the parser, client, cache, provider-scoped lookup, and tests. It does not route live cost calculations through models.dev yet.
+
+## Units
+
+models.dev publishes costs as USD per 1M tokens. CodexBar converts those to USD per token in the metadata layer:
+
+```text
+perToken = modelsDevCost / 1_000_000
+```
+
+When models.dev includes `cost.context_over_200k`, CodexBar parses those values as the above-200k-token pricing lane and converts them with the same per-1M-token rule.
diff --git a/docs/moonshot.md b/docs/moonshot.md
new file mode 100644
index 000000000..b57ce8a93
--- /dev/null
+++ b/docs/moonshot.md
@@ -0,0 +1,50 @@
+---
+summary: "Moonshot / Kimi API provider data sources: API key + balance endpoint."
+read_when:
+  - Adding or tweaking Moonshot balance parsing
+  - Updating Moonshot / Kimi API key handling
+  - Documenting Moonshot / Kimi API provider behavior
+---
+
+# Moonshot / Kimi API provider
+
+Moonshot / Kimi API is API-only. Balance is reported by `GET /v1/users/me/balance`,
+so CodexBar only needs a valid API key to show the current account balance.
+
+## Rationale
+
+Kimi API docs use the Moonshot API surface for current Kimi models: examples read
+`MOONSHOT_API_KEY` and call `https://api.moonshot.ai/v1`, including the Kimi K2.6
+quickstart. This provider is therefore named after the account and billing surface,
+not a specific Kimi model version.
+
+The existing `Kimi K2` provider remains separate because it targets the legacy
+`kimi-k2.ai` credit endpoint. Migrating or deprecating that provider should be a
+separate cleanup so existing user settings are not silently repointed.
+
+## Data sources
+
+1. **API key** stored in `~/.codexbar/config.json` or supplied via `MOONSHOT_API_KEY` / `MOONSHOT_KEY`.
+   CodexBar stores the key in config after you paste it in Settings → Providers → Moonshot / Kimi API.
+2. **Region**
+   - International: `https://api.moonshot.ai/v1/users/me/balance`
+   - China mainland: `https://api.moonshot.cn/v1/users/me/balance`
+   - Configure with Settings → Providers → Moonshot → API region or `MOONSHOT_REGION`.
+3. **Balance endpoint**
+   - Request headers: `Authorization: Bearer <api key>`, `Accept: application/json`
+   - Response contains `available_balance`, `voucher_balance`, and `cash_balance`.
+
+## Usage details
+
+- The menu card shows the available balance.
+- If `cash_balance` is negative, the card also surfaces the deficit.
+- There is no session or weekly window — Moonshot / Kimi API does not expose per-window quota via API.
+- Settings config takes precedence over environment variables when both are present.
+
+## Key files
+
+- `Sources/CodexBarCore/Providers/Moonshot/MoonshotProviderDescriptor.swift` (descriptor + fetch strategy)
+- `Sources/CodexBarCore/Providers/Moonshot/MoonshotUsageFetcher.swift` (HTTP client + JSON parser)
+- `Sources/CodexBarCore/Providers/Moonshot/MoonshotSettingsReader.swift` (env var resolution)
+- `Sources/CodexBar/Providers/Moonshot/MoonshotProviderImplementation.swift` (settings field + activation logic)
+- `Sources/CodexBar/Providers/Moonshot/MoonshotSettingsStore.swift` (SettingsStore extension)
diff --git a/docs/ollama.md b/docs/ollama.md
index 5be112746..aec630650 100644
--- a/docs/ollama.md
+++ b/docs/ollama.md
@@ -1,5 +1,5 @@
 ---
-summary: "Ollama provider notes: settings scrape, cookie auth, and Cloud Usage parsing."
+summary: "Ollama provider notes: API key auth, settings scrape, cookie auth, and Cloud Usage parsing."
 read_when:
   - Adding or modifying the Ollama provider
   - Debugging Ollama cookie import or settings parsing
@@ -8,20 +8,24 @@ read_when:
 
 # Ollama Provider
 
-The Ollama provider scrapes the **Plan & Billing** page to extract Cloud Usage limits for session and weekly windows.
+The Ollama provider can verify Ollama Cloud API-key access and scrape the **Plan & Billing** page to extract Cloud
+Usage limits for session and weekly windows.
 
 ## Features
 
 - **Plan badge**: Reads the plan tier (Free/Pro/Max) from the Cloud Usage header.
 - **Session + weekly usage**: Parses the percent-used values shown in the usage bars.
 - **Reset timestamps**: Uses the `data-time` attribute on the “Resets in …” elements.
-- **Browser cookie auth**: No API keys required.
+- **API key auth**: Verifies direct `https://ollama.com/api` access with `OLLAMA_API_KEY` or a configured key.
+- **Browser cookie auth**: Required for Cloud Usage quota windows because Ollama does not expose those limits through
+  the documented API.
 
 ## Setup
 
 1. Open **Settings → Providers**.
 2. Enable **Ollama**.
-3. Leave **Cookie source** on **Auto** (recommended, imports Chrome cookies by default).
+3. For API-key mode, paste an API key from `https://ollama.com/settings/keys` or set `OLLAMA_API_KEY`.
+4. For quota bars, leave **Cookie source** on **Auto** (recommended, imports Chrome cookies by default).
 
 ### Manual cookie import (optional)
 
@@ -31,7 +35,8 @@ The Ollama provider scrapes the **Plan & Billing** page to extract Cloud Usage l
 
 ## How it works
 
-- Fetches `https://ollama.com/settings` using browser cookies.
+- API-key mode fetches `https://ollama.com/api/tags` with `Authorization: Bearer <key>` to verify Cloud API access.
+- Cookie mode fetches `https://ollama.com/settings` using browser cookies.
 - Parses:
   - Plan badge under **Cloud Usage**.
   - **Session usage** and **Weekly usage** percentages.
diff --git a/docs/openai.md b/docs/openai.md
new file mode 100644
index 000000000..6db22965d
--- /dev/null
+++ b/docs/openai.md
@@ -0,0 +1,61 @@
+---
+summary: "OpenAI API provider: Admin API key usage/cost graphs and legacy balance fallback."
+read_when:
+  - Updating OpenAI API Platform usage or cost display
+  - Debugging OPENAI_ADMIN_KEY or OPENAI_API_KEY behavior
+---
+
+# OpenAI API provider
+
+CodexBar's OpenAI API provider targets the API Platform organization dashboard, not ChatGPT/Codex subscription limits.
+
+## Data sources
+
+1. Preferred: `OPENAI_ADMIN_KEY` or configured key with Admin API access.
+   - `GET https://api.openai.com/v1/organization/costs`
+   - `GET https://api.openai.com/v1/organization/usage/completions`
+   - Daily buckets use `bucket_width=1d`, costs are grouped by `line_item`, and completion usage is grouped by `model`.
+   - Optional project scoping comes from `OPENAI_PROJECT_ID` or `providers[].workspaceID` for `openai`.
+     Project-scoped requests add `project_ids=<project>` to both Admin API endpoints.
+2. Fallback: legacy `GET https://api.openai.com/v1/dashboard/billing/credit_grants` for normal API keys that cannot access organization usage.
+
+## Setup
+
+Store a key in the shared app/CLI config:
+
+```bash
+printf '%s' "$OPENAI_ADMIN_KEY" | codexbar config set-api-key --provider openai --stdin
+```
+
+Settings → Providers → OpenAI writes the same `~/.codexbar/config.json` field. `OPENAI_ADMIN_KEY` is preferred over
+`OPENAI_API_KEY` because it unlocks organization costs and usage; a normal API key only supports the legacy balance
+fallback.
+
+To scope Admin API usage to a project, set the OpenAI Project ID field in Settings or add `workspaceID` to the `openai`
+provider config:
+
+```json
+{
+  "id": "openai",
+  "apiKey": "<OPENAI_ADMIN_KEY>",
+  "workspaceID": "proj_..."
+}
+```
+
+Project scoping is tied to the configured Admin API key. Selected OpenAI token accounts intentionally scrub
+`OPENAI_PROJECT_ID`/`workspaceID` so one account cannot inherit another account's project filter. Project-scoped Admin
+API failures do not fall back to the legacy billing endpoint, because that endpoint is not project-filtered.
+
+## Menu display
+
+- Admin API data renders inline Today/7d/configured-window KPIs plus a compact spend chart.
+- The inline usage card opens a hosted chart submenu with daily spend, token, and request trends plus selected-day detail.
+- Top model and top spend labels come from the configured completion/cost buckets when the Admin API returns them.
+- Legacy balance data keeps the older available/used credit summary and does not show organization graphs.
+- Project-scoped Admin API data labels the account as `Admin API: <project>` and the organization line as
+  `Project: <project>`.
+
+## Notes
+
+- Costs are the source of truth for financial totals. Token usage and cost buckets can differ slightly from dashboard billing reconciliation.
+- Admin API keys are organization-scoped and cannot be used for normal model inference.
diff --git a/docs/openrouter.md b/docs/openrouter.md
index a0d7985e3..38a023c18 100644
--- a/docs/openrouter.md
+++ b/docs/openrouter.md
@@ -1,3 +1,11 @@
+---
+summary: "OpenRouter provider: API key credits, rate limits, and daily/weekly/monthly spend."
+read_when:
+  - Debugging OpenRouter API key usage or spend parsing
+  - Updating OpenRouter credits or key-limit display
+  - Explaining OpenRouter setup and environment variables
+---
+
 # OpenRouter Provider
 
 [OpenRouter](https://openrouter.ai) is a unified API that provides access to multiple AI models from different providers (OpenAI, Anthropic, Google, Meta, and more) through a single endpoint.
@@ -18,19 +26,27 @@ export OPENROUTER_API_KEY="sk-or-v1-..."
 
 You can also configure the API key in CodexBar Settings → Providers → OpenRouter.
 
+### CLI config
+
+```bash
+printf '%s' "$OPENROUTER_API_KEY" | codexbar config set-api-key --provider openrouter --stdin
+```
+
 ## Data Source
 
 The OpenRouter provider fetches usage data from two API endpoints:
 
 1. **Credits API** (`/api/v1/credits`): Returns total credits purchased and total usage. The balance is calculated as `total_credits - total_usage`.
 
-2. **Key API** (`/api/v1/key`): Returns rate limit information for your API key.
+2. **Key API** (`/api/v1/key`): Returns rate limit information plus current daily, weekly, and monthly spend for your API key.
 
 ## Display
 
 The OpenRouter menu card shows:
 
-- **Primary meter**: Credit usage percentage (how much of your purchased credits have been used)
+- **Primary meter**: API key limit usage when the key has a configured limit
+- **Spend notes**: Daily, weekly, and monthly API key spend when OpenRouter returns those fields
+- **Spend chart**: Day/week/month spend can reuse the shared inline dashboard when enough history is available
 - **Balance**: Displayed in the identity section as "Balance: $X.XX"
 
 ## CLI Usage
diff --git a/docs/packaging.md b/docs/packaging.md
index ec058fcda..16e998152 100644
--- a/docs/packaging.md
+++ b/docs/packaging.md
@@ -11,11 +11,11 @@ read_when:
 - `Scripts/package_app.sh`: builds host arch by default; set `ARCHES="arm64 x86_64"` for universal. Verifies slices.
 - `Scripts/compile_and_run.sh`: uses host arch; pass `--release-universal` or `--release-arches="arm64 x86_64"` for release packaging.
 - `Scripts/sign-and-notarize.sh`: signs, notarizes, staples, zips (accepts `ARCHES` for universal).
-- `Scripts/make_appcast.sh`: generates Sparkle appcast and embeds HTML release notes.
+- `Scripts/make_appcast.sh`: wrapper around the shared `mac-release make-appcast` helper; app metadata comes from `.mac-release.env`.
 - `Scripts/changelog-to-html.sh`: converts the per-version changelog section to HTML for Sparkle.
 
 ## Bundle contents
-- `CodexBarWidget.appex` bundled with app-group entitlements.
+- `CodexBarWidget.appex` is built by `WidgetExtension/CodexBarWidgetExtension.xcodeproj` as a real macOS app extension, then bundled with app-group entitlements.
 - `CodexBarCLI` copied to `CodexBar.app/Contents/Helpers/` for symlinking.
 - SwiftPM resource bundles (e.g. `KeyboardShortcuts_KeyboardShortcuts.bundle`) copied into `Contents/Resources` (required for `KeyboardShortcuts.Recorder`).
 
diff --git a/docs/providers.md b/docs/providers.md
index 99da2542d..18f523522 100644
--- a/docs/providers.md
+++ b/docs/providers.md
@@ -1,5 +1,5 @@
 ---
-summary: "Provider data sources and parsing overview (Codex, Claude, Gemini, Antigravity, Cursor, Droid/Factory, z.ai, Copilot, Kimi, Kilo, Kimi K2, Kiro, Warp, Vertex AI, Augment, Amp, Ollama, JetBrains AI, OpenRouter)."
+summary: "Provider data sources and parsing overview for every registered CodexBar provider."
 read_when:
   - Adding or modifying provider fetch/parsing
   - Adjusting provider labels, toggles, or metadata
@@ -8,68 +8,120 @@ read_when:
 
 # Providers
 
+CodexBar currently registers 48 provider IDs. Some companies expose multiple surfaces, such as Codex vs OpenAI API or
+OpenCode vs OpenCode Go, because the auth source and quota shape differ.
+
 ## Fetch strategies (current)
-Legend: web (browser cookies/WebView), cli (RPC/PTy), oauth (API), api token, local probe, web dashboard.
-Source labels (CLI/header): `openai-web`, `web`, `oauth`, `api`, `local`, plus provider-specific CLI labels (e.g. `codex-cli`, `claude`).
+Legend: web (browser cookies/WebView), cli (RPC/PTy or provider CLI), oauth (provider OAuth), api token, local probe, web dashboard.
+Source labels (CLI/header): `openai-web`, `web`, `oauth`, `api`, `local`, `cli`, plus provider-specific CLI labels (e.g. `codex-cli`, `claude`).
 
 Cookie-based providers expose a Cookie source picker (Automatic or Manual) in Settings → Providers.
-Browser cookie imports are cached in Keychain (`com.steipete.codexbar.cache`, account `cookie.<provider>`) and reused
-until the session is invalid, to avoid repeated Keychain prompts.
+Some browser cookie imports are cached in Keychain and reused until the session is invalid. API keys, manual cookie
+headers, source selection, provider ordering, and token accounts are stored in `~/.codexbar/config.json`.
 
 | Provider | Strategies (ordered for auto) |
 | --- | --- |
-| Codex | Web dashboard (`openai-web`) → CLI RPC/PTy (`codex-cli`); app uses CLI usage + optional dashboard scrape. |
-| Claude | App Auto: OAuth API (`oauth`) → CLI PTY (`claude`) → Web API (`web`). CLI Auto: Web API (`web`) → CLI PTY (`claude`). |
-| Gemini | OAuth API via Gemini CLI credentials (`api`). |
+| Codex | App Auto: OAuth API (`oauth`) → CLI RPC/PTy (`codex-cli`). CLI Auto: Web dashboard (`openai-web`) → CLI RPC/PTy (`codex-cli`). |
+| OpenAI | Admin API key (`api`) for organization spend/usage; legacy API-key balance fallback. |
+| Azure OpenAI | API key + endpoint + deployment probe (`api`) for deployment status validation. |
+| Claude | Admin API key (`api`) when configured; otherwise App Auto: OAuth API (`oauth`) → CLI PTY (`claude`) → Web API (`web`). CLI Auto: Web API (`web`) → CLI PTY (`claude`). |
+| Gemini | OAuth-backed API via Gemini CLI credentials (`api`). |
 | Antigravity | Local LSP/HTTP probe (`local`). |
 | Cursor | Web API via cookies → stored WebKit session (`web`). |
 | OpenCode | Web dashboard via cookies (`web`). |
+| OpenCode Go | Web dashboard via cookies (`web`); optional workspace ID. |
+| Alibaba Coding Plan | Console RPC via web cookies (auto/manual) with API key fallback (`web`, `api`). |
+| Alibaba Token Plan | Bailian subscription summary API via browser or manual cookies (`web`). |
 | Droid/Factory | Web cookies → stored tokens → local storage → WorkOS cookies (`web`). |
-| z.ai | API token (Keychain/env) → quota API (`api`). |
-| MiniMax | Manual cookie header (Keychain/env) → browser cookies (+ local storage access token) → coding plan page (HTML) with remains API fallback (`web`). |
-| Kimi | API token (JWT from `kimi-auth` cookie) → usage API (`api`). |
-| Kilo | API token (`KILO_API_KEY`) → usage API (`api`); auto falls back to CLI session auth (`cli`). |
-| Copilot | API token (device flow/env) → copilot_internal API (`api`). |
-| Kimi K2 | API key (Keychain/env) → credit endpoint (`api`). |
+| z.ai | API token from config/env → quota API (`api`). |
+| Manus | Browser `session_id` cookie (auto/manual/env) → credits API (`web`). |
+| MiniMax | Manual/browser session via Coding Plan web path (`web`), or Coding Plan API token (`api`). |
+| Kimi | Auth token from `kimi-auth` cookie/manual token/env → usage API (`web`). |
+| Kilo | API token from config/env → usage API (`api`); auto falls back to CLI session auth (`cli`). |
+| Copilot | Device-flow/env/config token → `copilot_internal` API (`api`). |
+| Kimi K2 (unofficial) | API key from config/env → legacy credit endpoint (`api`). |
 | Kiro | CLI command via `kiro-cli chat --no-interactive "/usage"` (`cli`). |
 | Vertex AI | Google ADC OAuth (gcloud) → Cloud Monitoring quota usage (`oauth`). |
+| Augment | `auggie` CLI first, then browser-cookie web fallback (`cli`, `web`). |
 | JetBrains AI | Local XML quota file (`local`). |
 | Amp | Web settings page via browser cookies (`web`). |
+| T3 Chat | Web tRPC customer-data endpoint via browser cookies (`web`). |
 | Warp | API token (config/env) → GraphQL request limits (`api`). |
-| Ollama | Web settings page via browser cookies (`web`). |
+| ElevenLabs | API key from config/env → subscription usage API (`api`). |
+| Windsurf | Web session bundle from browser localStorage (`web`) → local SQLite cache (`local`). |
+| Ollama | API key verifies Cloud API access (`api`); browser cookies expose Cloud quota windows (`web`). |
+| Synthetic | API key from config/env → quota API (`api`). |
 | OpenRouter | API token (config, overrides env) → credits API (`api`). |
+| Perplexity | Browser cookies/manual cookie/env session token → credits API (`web`). |
+| Xiaomi MiMo | Browser cookies → balance/token plan endpoints (`web`). |
+| Doubao | API key from config/env → Volcengine Ark chat-completions probe (`api`). |
+| Abacus AI | Browser cookies → compute points + billing API (`web`). |
+| Mistral | Console billing API via Ory Kratos session cookies (`web`). |
+| DeepSeek | API key from env or token accounts → balance endpoint (`api`). |
+| Moonshot | API key from config/env → balance endpoint (`api`). |
+| Codebuff | API token from config/env or `codebuff login` credentials → usage API (`api`). |
+| Crof | API key from config/env → credit balance + requests quota API (`api`). |
+| Venice | API key from config/env → DIEM/USD balance API (`api`). |
+| Command Code | Web billing API via Command Code session cookies (`web`). |
+| StepFun | Username/password login or manual Oasis token (`web`). |
+| AWS Bedrock | AWS credentials → Cost Explorer usage and budget tracking (`api`). |
+| Grok | `grok agent stdio` JSON-RPC `x.ai/billing` (`cli`) → grok.com billing gRPC-web via Chrome session cookies (`web`); local `~/.grok/sessions` signals as fallback. |
+| GroqCloud | API key → Prometheus metrics API for request/token/cache-hit rates (`api`). |
+| LLM Proxy | API key + base URL → `/v1/quota-stats` aggregate proxy usage (`api`). |
+| Deepgram | API key → project discovery and usage breakdown API (`api`). |
 
 ## Codex
-- Web dashboard (when enabled): `https://chatgpt.com/codex/settings/usage` via WebView + browser cookies.
+- App Auto: OAuth API first; falls back to CLI only when OAuth credentials are missing or auth/refresh is invalid.
+- Web dashboard (optional, off by default): `https://chatgpt.com/codex/settings/usage` via WebView + browser cookies.
+- Battery saver toggle (currently off by default): reduces routine OpenAI web refreshes but still allows explicit manual refreshes.
 - CLI RPC default: `codex ... app-server` JSON-RPC (`account/read`, `account/rateLimits/read`).
-- CLI PTY fallback: `/status` scrape.
-- Local cost usage: scans `~/.codex/sessions/**/*.jsonl` (last 30 days).
+- CLI PTY: manual diagnostics/parser coverage only; automatic refresh does not launch bare Codex TUI.
+- Local cost usage: scans `CODEX_HOME` (or `~/.codex`) `sessions` and sibling `archived_sessions` JSONL files for the configured history window.
 - Status: Statuspage.io (OpenAI).
 - Details: `docs/codex.md`.
 
+## OpenAI
+- API key from `~/.codexbar/config.json`, `OPENAI_ADMIN_KEY`, or `OPENAI_API_KEY`.
+- Admin API keys are preferred and fetch organization costs plus completion usage for inline Today/7d/configured-window dashboards.
+- Normal API keys fall back to the legacy credit-grants balance endpoint when organization usage is unavailable.
+- Details: `docs/openai.md`.
+
+## Azure OpenAI
+- API key, endpoint, and deployment from `~/.codexbar/config.json` or `AZURE_OPENAI_API_KEY`, `AZURE_OPENAI_ENDPOINT`, and `AZURE_OPENAI_DEPLOYMENT_NAME`.
+- Validates the configured deployment with a minimal chat-completions request; it does not expose Azure spend or quota history.
+- Use `AZURE_OPENAI_API_VERSION` to override the API version. Set it to `v1` for Azure's OpenAI-compatible v1 API path.
+- Status: Azure status page link.
+
 ## Claude
+- Admin API: `sk-ant-admin...` key in Settings/config, token accounts, or `ANTHROPIC_ADMIN_KEY`.
+- Admin API shows organization spend/messages summaries with the same inline dashboard pattern as OpenAI API.
 - App Auto: OAuth API (`oauth`) → CLI PTY (`claude`) → Web API (`web`).
 - CLI Auto: Web API (`web`) → CLI PTY (`claude`).
-- Local cost usage: scans `~/.config/claude/projects/**/*.jsonl` (last 30 days).
+- Local cost usage: scans `CLAUDE_CONFIG_DIR` when set, otherwise `~/.config/claude/projects` and `~/.claude/projects` JSONL files for the configured history window.
 - Status: Statuspage.io (Anthropic).
 - Details: `docs/claude.md`.
 
 ## z.ai
-- API token from Keychain or `Z_AI_API_KEY` env var.
-- Quota endpoint: `https://api.z.ai/api/monitor/usage/quota/limit` (global) or `https://open.bigmodel.cn/api/monitor/usage/quota/limit` (BigModel CN); override with `Z_AI_API_HOST` or `Z_AI_QUOTA_URL`.
+- API token from `~/.codexbar/config.json` (`providers[].apiKey`) or `Z_AI_API_KEY` env var.
+- Supports global and BigModel CN quota hosts; override with `Z_AI_API_HOST` or `Z_AI_QUOTA_URL`.
 - Status: none yet.
 - Details: `docs/zai.md`.
 
+## Manus
+- Session token via browser `session_id` cookie, manual Settings entry, `MANUS_SESSION_TOKEN`, or `MANUS_COOKIE`.
+- Credits endpoint: `POST https://api.manus.im/user.v1.UserService/GetAvailableCredits`.
+- Auto mode prefers cached/browser cookies before env fallback; manual mode accepts either a bare `session_id` value or a full Cookie header.
+- Status: none yet.
+
 ## MiniMax
-- Session cookie header from Keychain or `MINIMAX_COOKIE`/`MINIMAX_COOKIE_HEADER` env var.
-- Hosts: `platform.minimax.io` (global) or `platform.minimaxi.com` (China mainland) via region picker or `MINIMAX_HOST`; full overrides via `MINIMAX_CODING_PLAN_URL` / `MINIMAX_REMAINS_URL`.
-- `GET {host}/v1/api/openplatform/coding_plan/remains`.
+- Coding Plan API token or web session from configured/manual/browser sources.
+- Supports global and China mainland hosts via provider region settings and environment overrides.
+- Web-session billing history can render 30-day token charts plus top model/method breakdowns when MiniMax exposes it.
 - Status: none yet.
 - Details: `docs/minimax.md`.
 
 ## Kimi
 - Auth token (JWT from `kimi-auth` cookie) via manual entry or `KIMI_AUTH_TOKEN` env var.
-- `POST https://www.kimi.com/apiv2/kimi.gateway.billing.v1.BillingService/GetUsages`.
 - Shows weekly quota and 5-hour rate limit (300 minutes).
 - Status: none yet.
 - Details: `docs/kimi.md`.
@@ -78,14 +130,13 @@ until the session is invalid, to avoid repeated Keychain prompts.
 - API token from `~/.codexbar/config.json` (`providers[].apiKey`) or `KILO_API_KEY`.
 - Auto mode tries API first and falls back to CLI auth when API credentials are missing or unauthorized.
 - CLI auth source: `~/.local/share/kilo/auth.json` (`kilo.access`), typically created by `kilo login`.
-- Usage endpoint: `https://app.kilo.ai/api/trpc`.
 - Status: none yet.
 - Details: `docs/kilo.md`.
 
-## Kimi K2
-- API key via Settings (Keychain) or `KIMI_K2_API_KEY`/`KIMI_API_KEY` env var.
-- `GET https://kimi-k2.ai/api/user/credits`.
-- Shows credit usage based on consumed/remaining totals.
+## Kimi K2 (unofficial)
+- API key via `~/.codexbar/config.json` or `KIMI_K2_API_KEY`/`KIMI_API_KEY` env var.
+- Shows credit usage from the legacy `kimi-k2.ai` consumed/remaining totals.
+- Use Moonshot / Kimi API for the official Kimi API account and billing surface.
 - Status: none yet.
 - Details: `docs/kimi-k2.md`.
 
@@ -110,10 +161,33 @@ until the session is invalid, to avoid repeated Keychain prompts.
 
 ## OpenCode
 - Web dashboard via browser cookies (`opencode.ai`).
-- `POST https://opencode.ai/_server` (workspaces + subscription usage).
 - Status: none yet.
 - Details: `docs/opencode.md`.
 
+## OpenCode Go
+- Web dashboard via browser cookies (`opencode.ai`).
+- Uses the workspace Go page/server data for rolling 5-hour, weekly, and optional monthly usage windows.
+- Optional workspace ID comes from `~/.codexbar/config.json` (`providers[].workspaceID`) or `CODEXBAR_OPENCODEGO_WORKSPACE_ID`.
+- Status: none yet.
+- Details: `docs/opencode.md`.
+
+## Alibaba Coding Plan
+- Web mode uses Alibaba console RPC with form payload + `sec_token`.
+- Cookie sources: browser import (`auto`) or manual header (`cookieSource: manual`).
+- API key fallback from Settings (`providers[].apiKey`) or `ALIBABA_CODING_PLAN_API_KEY` env var.
+- Region hosts: international (`ap-southeast-1`) and China mainland (`cn-beijing`).
+- Host overrides: `ALIBABA_CODING_PLAN_HOST` or `ALIBABA_CODING_PLAN_QUOTA_URL`.
+- Status: `https://status.aliyun.com` (link only, no auto-polling).
+- Details: `docs/alibaba-coding-plan.md`.
+
+## Alibaba Token Plan
+- Web mode posts to the Bailian `GetSubscriptionSummary` endpoint with form-encoded params and optional `sec_token`.
+- Cookie sources: browser import (`auto`), manual Cookie header, or `ALIBABA_TOKEN_PLAN_COOKIE`.
+- Default quota URL: `https://bailian.console.aliyun.com/data/api.json?action=GetSubscriptionSummary&product=BssOpenAPI-V3`.
+- Host overrides: `ALIBABA_TOKEN_PLAN_HOST` or `ALIBABA_TOKEN_PLAN_QUOTA_URL`.
+- Status: `https://status.aliyun.com` (link only, no auto-polling).
+- Details: `docs/alibaba-token-plan.md`.
+
 ## Droid (Factory)
 - Web API via Factory cookies, bearer tokens, and WorkOS refresh tokens.
 - Multiple fallback strategies (cookies → stored tokens → local storage → WorkOS cookies).
@@ -122,6 +196,7 @@ until the session is invalid, to avoid repeated Keychain prompts.
 
 ## Copilot
 - GitHub device flow OAuth token + `api.github.com/copilot_internal/user`.
+- Supports multiple token accounts and account switching from provider settings/menu surfaces.
 - Status: Statuspage.io (GitHub).
 - Details: `docs/copilot.md`.
 
@@ -134,17 +209,25 @@ until the session is invalid, to avoid repeated Keychain prompts.
 
 ## Warp
 - API token from Settings or `WARP_API_KEY` / `WARP_TOKEN` env var.
-- GraphQL credit limits: `https://app.warp.dev/graphql/v2?op=GetRequestLimitInfo`.
 - Shows monthly credits usage and next refresh time.
 - Status: none yet.
 - Details: `docs/warp.md`.
 
+## ElevenLabs
+- API key from Settings, token accounts, `ELEVENLABS_API_KEY`, or `XI_API_KEY`.
+- Reads `GET /v1/user/subscription` from `api.elevenlabs.io`.
+- Shows character credit usage, reset timing, and voice slot usage when available.
+- Override the API base URL with `ELEVENLABS_API_URL`.
+- Status: `https://status.elevenlabs.io` (link only, no auto-polling).
+- Details: `docs/elevenlabs.md`.
+
 ## Vertex AI
 - OAuth credentials from `gcloud auth application-default login` (ADC).
 - Quota usage via Cloud Monitoring `consumer_quota` metrics for `aiplatform.googleapis.com`.
-- Token cost: scans `~/.claude/projects/` logs filtered to Vertex AI-tagged entries.
+- Token cost: uses the Claude local-log scanner filtered to Vertex AI-tagged entries.
 - Requires Cloud Monitoring API access in the current project.
 - Details: `docs/vertexai.md`.
+
 ## JetBrains AI
 - Local XML quota file from IDE configuration directory.
 - Auto-detects installed JetBrains IDEs; uses most recently used.
@@ -152,24 +235,147 @@ until the session is invalid, to avoid repeated Keychain prompts.
 - Status: none (no status page).
 - Details: `docs/jetbrains.md`.
 
+## Augment
+- Auto mode tries the `auggie` CLI first.
+- Web fallback uses browser cookies, with manual cookie header support.
+- Tracks credit usage and account/subscription data where available.
+- Status: none yet.
+- Details: `docs/augment.md`.
+
 ## Amp
 - Web settings page (`https://ampcode.com/settings`) via browser cookies.
 - Parses Amp Free usage from the settings HTML.
 - Status: none yet.
 - Details: `docs/amp.md`.
 
+## T3 Chat
+- Web tRPC endpoint (`https://t3.chat/api/trpc/getCustomerData`) via browser cookies.
+- Parses JSONL response lines and extracts customer data from the embedded tRPC payload.
+- Shows the 4-hour Base bucket and monthly Overage bucket documented in the T3 Chat FAQ.
+- Status: none yet.
+
 ## Ollama
 - Web settings page (`https://ollama.com/settings`) via browser cookies.
 - Parses Cloud Usage plan badge, session/weekly usage, and reset timestamps.
 - Status: none yet.
 - Details: `docs/ollama.md`.
 
+## Synthetic
+- API key from `~/.codexbar/config.json` (`providers[].apiKey`) or `SYNTHETIC_API_KEY`.
+- Shows rolling five-hour, weekly token, search-hourly, and cost/credit quota lanes when present.
+- Status: none yet.
+
 ## OpenRouter
-- API token from `~/.codexbar/config.json` (`providerConfig.openrouter.apiKey`) or `OPENROUTER_API_KEY` env var.
-- Credits endpoint: `https://openrouter.ai/api/v1/credits` (returns total credits purchased and usage).
-- Key info endpoint: `https://openrouter.ai/api/v1/key` (returns rate limit info).
+- API token from `~/.codexbar/config.json` (`providers[].apiKey`) or `OPENROUTER_API_KEY` env var.
+- Reads credits and key rate-limit info from OpenRouter APIs.
+- Shows daily, weekly, and monthly API-key spend when `/api/v1/key` returns those fields.
 - Override base URL with `OPENROUTER_API_URL` env var.
 - Status: `https://status.openrouter.ai` (link only, no auto-polling yet).
 - Details: `docs/openrouter.md`.
 
+## Perplexity
+- Browser session cookie from automatic import, manual header/token, or `PERPLEXITY_SESSION_TOKEN` / `PERPLEXITY_COOKIE`.
+- Tracks recurring credits, bonus/promotional credits, purchased credits, and renewal date when present.
+- Status: `https://status.perplexity.com/` (link only, no auto-polling).
+
+## Xiaomi MiMo
+- Browser cookies from automatic import or manual `Cookie:` header.
+- Reads balance and token-plan usage from `platform.xiaomimimo.com`.
+- Status: none yet.
+- Details: `docs/mimo.md`.
+
+## Doubao
+- API key via `ARK_API_KEY`, `VOLCENGINE_API_KEY`, `DOUBAO_API_KEY`, or provider config.
+- Probes Volcengine Ark chat completions and reads request rate-limit headers when present.
+- Status: none yet.
+- Details: `docs/doubao.md`.
+
+## Abacus AI
+- Browser cookies (`abacus.ai`, `apps.abacus.ai`) via automatic import or manual header.
+- Reads organization compute points and billing data.
+- Shows monthly credit gauge with pace tick and reserve/deficit estimate.
+- Status: none yet.
+- Details: `docs/abacus.md`.
+
+## Mistral
+- Session cookie (`ory_session_*`) from browser auto-import or manual `Cookie:` header.
+- CSRF token (`csrftoken` cookie) sent as `X-CSRFTOKEN` header.
+- Domain: `admin.mistral.ai`.
+- Reads monthly usage and pricing from the Mistral billing API.
+- Cost is computed client-side from token counts and response pricing.
+- Resets at end of calendar month.
+- Status: `https://status.mistral.ai` (link only, no auto-polling).
+
+## DeepSeek
+- API key via `DEEPSEEK_API_KEY` / `DEEPSEEK_KEY` env var or DeepSeek token accounts.
+- Shows total balance with paid vs. granted breakdown; USD preferred when multiple currencies present.
+- Status: `https://status.deepseek.com` (link only, no auto-polling).
+- Details: `docs/deepseek.md`.
+
+## Moonshot / Kimi API
+- API key via `MOONSHOT_API_KEY` / `MOONSHOT_KEY` env var or provider config.
+- Reads `GET /v1/users/me/balance` from the selected Moonshot region.
+- Region: international (`api.moonshot.ai`) or China mainland (`api.moonshot.cn`), configurable in Settings or `MOONSHOT_REGION`.
+- Shows available balance; negative cash balance is surfaced as a deficit.
+- Status: none yet.
+- Details: `docs/moonshot.md`.
+
+## Venice
+- API key via `VENICE_API_KEY` / `VENICE_KEY` env var or Venice token accounts.
+- Shows current DIEM or USD balance; DIEM epoch allocation progress when available.
+- Status: none yet.
+- Details: `docs/venice.md`.
+
+## Codebuff
+- API token from `~/.codexbar/config.json`, `CODEBUFF_API_KEY`, or `~/.config/manicode/credentials.json` created by `codebuff login`.
+- Reads usage and subscription data from Codebuff APIs.
+- Shows credit balance, weekly rate limit, reset timing, subscription status, and auto-top-up flag when present.
+- Override base URL with `CODEBUFF_API_URL`.
+- Status: none yet.
+- Details: `docs/codebuff.md`.
+
+## Crof
+- API key from `~/.codexbar/config.json`, `CROF_API_KEY`, or `CROFAI_API_KEY`.
+- Reads `credits`, `requests_plan`, and `usable_requests` from `GET https://crof.ai/usage_api/`.
+- Shows request quota as the primary usage window and dollar credits as the secondary row.
+- Infers the daily request reset from midnight America/Chicago until the usage API exposes reset metadata.
+- Status: none yet.
+- Details: `docs/crof.md`.
+
+## Command Code
+- Browser session cookies from automatic import or manual `Cookie:` header.
+- Reads monthly USD credits and billing-cycle usage from `api.commandcode.ai`.
+- Automatic import looks for better-auth session cookies from `commandcode.ai` / `www.commandcode.ai`.
+- Status: none yet.
+- Details: `docs/command-code.md`.
+
+## Grok
+- `grok agent stdio` (ACP) JSON-RPC `x.ai/billing` method; requires `grok login` (SuperGrok OAuth/OIDC).
+- Reads cached credentials from `~/.grok/auth.json` for identity (email, team).
+- Falls back to grok.com's billing gRPC-web endpoint via Chrome session cookies when the CLI does not expose billing.
+- CLI/test runs do not import browser cookies unless `CODEXBAR_ALLOW_BROWSER_COOKIE_IMPORT=1` is set.
+- Local fallback aggregates `~/.grok/sessions/**/signals.json` token counts when the RPC is unavailable.
+- Status: link only to `https://status.x.ai` (no auto-polling yet).
+- Details: `docs/grok.md`.
+
+## AWS Bedrock
+- AWS credentials from `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and optional `AWS_SESSION_TOKEN`.
+- Region from `AWS_REGION` / `AWS_DEFAULT_REGION`, defaulting to `us-east-1`.
+- Reads AWS Cost Explorer for Bedrock spend and can compare usage against `CODEXBAR_BEDROCK_BUDGET`.
+- Override Cost Explorer base URL with `CODEXBAR_BEDROCK_API_URL` for tests.
+- Details: `docs/bedrock.md`.
+
+## Deepgram
+- API key from config or `DEEPGRAM_API_KEY`.
+- Optional project ID from provider settings or `DEEPGRAM_PROJECT_ID`; otherwise aggregates all visible projects.
+- Reads Deepgram usage breakdowns for audio hours, agent hours, token totals, TTS characters, and requests.
+- Details: `docs/deepgram.md`.
+
+## StepFun
+- Username/password login or manual Oasis-Token.
+- Reads Step Plan 5-hour and weekly rate-limit windows from `platform.stepfun.com`.
+- Shows subscription plan name when the Step Plan status API returns one.
+- Status: none yet.
+- Details: `docs/stepfun.md`.
+
 See also: `docs/provider.md` for architecture notes.
diff --git a/docs/refactor/claude-current-baseline.md b/docs/refactor/claude-current-baseline.md
new file mode 100644
index 000000000..bedeca386
--- /dev/null
+++ b/docs/refactor/claude-current-baseline.md
@@ -0,0 +1,155 @@
+---
+summary: "Current Claude behavior baseline before vNext refactor work."
+read_when:
+  - Planning Claude refactor tickets
+  - Changing Claude runtime/source selection
+  - Changing Claude OAuth prompt or cooldown behavior
+  - Changing Claude token-account routing
+---
+
+# Claude current baseline
+
+This document is the current-state parity reference for Claude behavior in CodexBar.
+
+Use it when later tickets need to preserve or intentionally change Claude behavior. When the refactor plan,
+summary docs, and running code disagree, treat current code plus characterization coverage as authoritative, and use
+this document as the human-readable summary of that current state.
+
+## Scope of this baseline
+
+This baseline captures the current behavior surface that later refactor work must preserve unless a future ticket
+changes it intentionally:
+
+- runtime/source-mode selection,
+- prompt and cooldown behavior that affects Claude OAuth repair flows,
+- token-account routing at the app and CLI edges,
+- provider siloing and web-enrichment rules,
+- the current relationship between the public Claude doc and the vNext refactor plan.
+
+## Active behavior owners
+
+Current Claude behavior is defined by several active owners, not one central planner:
+
+- `Sources/CodexBarCore/Providers/Claude/ClaudeProviderDescriptor.swift`
+  owns the main provider-pipeline strategy order and fallback rules.
+- `Sources/CodexBarCore/Providers/Claude/ClaudeUsageFetcher.swift`
+  still owns a separate direct `.auto` path, delegated refresh, prompt/cooldown handling, and web-extra enrichment.
+- `Sources/CodexBar/Providers/Claude/ClaudeSettingsStore.swift`
+  owns app-side token-account routing into cookie or OAuth behavior.
+- `Sources/CodexBarCLI/TokenAccountCLI.swift`
+  owns CLI-side token-account routing and effective source-mode overrides.
+- `Sources/CodexBarCore/TokenAccountSupport.swift`
+  owns the current string heuristics that distinguish Claude OAuth access tokens from cookie/session-key inputs.
+
+## Current runtime and source-mode behavior
+
+### Main provider pipeline
+
+The generic provider pipeline currently resolves Claude strategies in this order:
+
+| Runtime | Selected mode | Ordered strategies | Fallback behavior |
+| --- | --- | --- | --- |
+| app | auto | `oauth -> cli -> web` | OAuth can fall through to CLI/Web. CLI can fall through to Web only when Web is available. Web is terminal. |
+| app | oauth | `oauth` | No fallback. |
+| app | cli | `cli` | No fallback. |
+| app | web | `web` | No fallback. |
+| cli | auto | `web -> cli` | Web can fall through to CLI. CLI is terminal. |
+| cli | oauth | `oauth` | No fallback. |
+| cli | cli | `cli` | No fallback. |
+| cli | web | `web` | No fallback. |
+
+This behavior is owned by `Sources/CodexBarCore/Providers/Claude/ClaudeProviderDescriptor.swift`
+through `ProviderFetchPlan` and `ProviderFetchPipeline`.
+
+### Other active `.auto` decision sites
+
+The codebase still contains multiple active `.auto` decision sites:
+
+| Owner | Current behavior |
+| --- | --- |
+| `ClaudeProviderDescriptor.resolveUsageStrategy(...)` | Chooses `oauth`, then `cli`, then `web`, with final `cli` fallback when none are available. |
+| `ClaudeUsageFetcher.loadLatestUsage(.auto)` | Chooses `oauth`, then `web`, then `cli`, with final `oauth` fallback. |
+
+This inconsistency is intentional to record here. RAT-107 directly characterizes the active direct-fetcher branches it
+can reach cleanly in tests and records the remaining current-state behavior without reconciling it.
+
+## Prompt and cooldown baseline
+
+Current behavior that later refactor work must preserve:
+
+- The default Claude keychain prompt mode is `onlyOnUserAction`.
+- Prompt policy is only applicable when the Claude OAuth read strategy is `securityFramework`.
+- User-initiated interaction clears a prior Claude keychain cooldown denial before retrying availability or repair.
+- Startup bootstrap prompting is allowed only when all of these are true:
+  - runtime is app,
+  - interaction is background,
+  - refresh phase is startup,
+  - prompt mode is `onlyOnUserAction`,
+  - no cached Claude credentials exist.
+- Background delegated refresh is blocked when prompt policy is `onlyOnUserAction` and the caller did not explicitly
+  allow background delegated refresh.
+- Prompt mode `never` blocks delegated refresh attempts.
+- Expired credential owner behavior remains owner-specific:
+  - `.claudeCLI`: delegated refresh path,
+  - `.codexbar`: direct refresh path,
+  - `.environment`: no auto-refresh.
+
+## Token-account routing baseline
+
+Accepted Claude token-account input shapes today:
+
+- raw OAuth access token with `sk-ant-oat...` prefix,
+- `Bearer sk-ant-oat...` input,
+- raw session key,
+- full cookie header.
+
+Current routing rules:
+
+- OAuth-token-shaped inputs are not treated as cookies.
+- Cookie/header-shaped inputs are any value that already contains `Cookie:` or `=`.
+- App-side Claude snapshot behavior:
+  - OAuth token account keeps the usage source setting as-is, disables cookie mode (`.off`), clears the manual cookie
+    header, and relies on environment-token injection.
+  - Session-key or cookie-header account keeps the usage source setting as-is, forces manual cookie mode, and
+    normalizes raw session keys into `sessionKey=<value>`.
+- CLI-side Claude token-account behavior:
+  - OAuth token account changes the effective source mode from `auto` to `oauth`, disables cookie mode, omits a
+    manual cookie header, and injects `CODEXBAR_CLAUDE_OAUTH_TOKEN`.
+  - Session-key or cookie-header account stays in cookie/manual mode.
+
+## Siloing and web-enrichment baseline
+
+Claude Web enrichment is cost-only when the primary source is OAuth or CLI:
+
+- Web extras may populate `providerCost` when it is missing.
+- Web extras must not replace `accountEmail`, `accountOrganization`, or `loginMethod` from the primary source.
+- Snapshot identity remains provider-scoped to Claude.
+
+This behavior is implemented in `Sources/CodexBarCore/Providers/Claude/ClaudeUsageFetcher.swift`
+inside `applyWebExtrasIfNeeded`.
+
+## Documentation contract
+
+- [docs/claude.md](../claude.md) is the summary doc for contributors who want an overview.
+- This file is the exact current-state baseline for contributor and refactor parity work.
+- [claude-provider-vnext-locked.md](claude-provider-vnext-locked.md)
+  is the future refactor plan and should cite this file for present behavior.
+
+## Characterization coverage
+
+Stable automated coverage for this baseline lives in:
+
+- `Tests/CodexBarTests/ClaudeBaselineCharacterizationTests.swift`
+- `Tests/CodexBarTests/ClaudeOAuthFetchStrategyAvailabilityTests.swift`
+- `Tests/CodexBarTests/ClaudeUsageTests.swift`
+- `Tests/CodexBarTests/TokenAccountEnvironmentPrecedenceTests.swift`
+- `Tests/CodexBarTests/SettingsStoreCoverageTests.swift`
+
+`ClaudeUsageTests.swift` now directly characterizes the reachable `ClaudeUsageFetcher(.auto)` branches for:
+
+- OAuth when OAuth, Web, and CLI all appear available,
+- Web before CLI when OAuth is unavailable,
+
+The successful CLI-selected branch and the CLI-failure-to-OAuth fallback remain documented from code inspection plus
+surrounding Claude probe/regression coverage, because the current CLI-availability decision is sourced from process-wide
+binary discovery with no stable test seam that would keep RAT-107 in scope.
diff --git a/docs/refactor/claude-provider-vnext-locked.md b/docs/refactor/claude-provider-vnext-locked.md
new file mode 100644
index 000000000..8576cf8ba
--- /dev/null
+++ b/docs/refactor/claude-provider-vnext-locked.md
@@ -0,0 +1,356 @@
+---
+summary: "Locked implementation plan for Claude provider vNext: resolved source-selection contracts, typed credential rules, siloing guarantees, and phase gates."
+supersedes: "Initial vNext draft (removed)"
+created: "2026-02-18"
+status: "Locked for implementation"
+---
+
+# Claude provider vNext (locked plan)
+
+This is the implementation-locked vNext plan.
+
+It preserves the original architecture direction, but removes ambiguity in behavior-critical areas before refactor work starts.
+
+Current-state parity reference for present behavior:
+
+- [docs/refactor/claude-current-baseline.md](claude-current-baseline.md)
+
+Use the baseline doc for present behavior. This vNext plan defines what the refactor should preserve and how it should
+be staged; it is not the sole source of truth for current implementation details, and RAT-107 does not re-approve the
+rest of the future architecture below.
+
+## Assessment snapshot
+
+- **Approach score:** `8.4/10`.
+- **Why not 9+ yet:** the original plan left runtime ordering, token-account credential typing behavior, and compatibility mapping under-specified.
+- **How this doc closes the gap:** explicit contracts + resolved decisions + phase exit gates + risk checklist.
+- **Validated gap coverage in this version:** explicit `.auto` inconsistency handling, `ClaudeUsageFetcher` decomposition, stronger parity gates, TaskLocal-to-DI migration, and OAuth decomposition sub-phases.
+
+## Locked behavioral contracts
+
+These behaviors are **non-negotiable** during refactor unless this doc is explicitly updated.
+
+### 1) Runtime + source-mode contract
+
+`ClaudeSourcePlanner` must reproduce this matrix exactly:
+
+| Runtime | Selected mode | Ordered attempts | Fallback rules |
+| --- | --- | --- | --- |
+| app | auto | oauth -> cli -> web | oauth fallback allowed; cli fallback to web only when web available; web terminal |
+| app | oauth | oauth | no fallback |
+| app | cli | cli | no fallback |
+| app | web | web | no fallback |
+| cli | auto | web -> cli | web fallback allowed to cli; cli terminal |
+| cli | oauth | oauth | no fallback |
+| cli | cli | cli | no fallback |
+| cli | web | web | no fallback |
+
+Notes:
+- `sourceLabel` remains the final step label for successful fetch output.
+- Planner diagnostics must include ordered steps and inclusion reasons.
+- Planner output must feed the existing generic provider fetch pipeline; do not introduce a second Claude-only
+  execution stack alongside `ProviderFetchPlan` / `ProviderFetchPipeline`.
+
+### 1a) `.auto` inconsistency characterization contract (must-do before reconciliation)
+
+Current code has three `.auto` decision sites with inconsistent app ordering:
+
+- Strategy pipeline resolve order (app): `oauth -> cli -> web`.
+- `resolveUsageStrategy` helper order: `oauth -> cli -> web -> cli fallback`.
+- `ClaudeUsageFetcher.loadLatestUsage(.auto)` order: `oauth -> web -> cli -> oauth fallback`.
+
+Phase 0 must characterize these paths with tests where they are reachable through stable seams, and otherwise defer to
+the baseline doc before deleting any path.
+Phase 2 must reconcile this into planner-only source selection.
+
+### 2) Prompt/cooldown contract
+
+The planner must use one explicit `ClaudePromptDecision` equivalent, but outcome parity with current behavior is required:
+
+- User-initiated actions can clear prior keychain cooldown denial.
+- Startup bootstrap prompt is only allowed when all are true:
+  - runtime is app
+  - interaction is background
+  - refresh phase is startup
+  - prompt mode is `onlyOnUserAction`
+  - no cached credentials
+- Background delegated refresh is blocked when:
+  - prompt policy is `onlyOnUserAction`
+  - caller does not explicitly allow background delegated refresh
+- Prompt mode `never` blocks delegated refresh attempts.
+
+### 3) Credential typing + routing contract
+
+Typed credentials must be introduced at the settings snapshot edge, with behavior parity:
+
+- `ClaudeManualCredential.sessionKey`
+- `ClaudeManualCredential.cookieHeader`
+- `ClaudeManualCredential.oauthAccessToken`
+
+Accepted Claude token-account inputs must continue to work:
+
+- Raw OAuth token (including `Bearer ...` input)
+- Raw session key
+- Full cookie header
+
+Routing parity requirements:
+
+- OAuth token account values must route to OAuth path (not cookie mode).
+- Cookie/session-key account values must route to web cookie path.
+- CLI token-account behavior must remain consistent in both app and `CodexBarCLI`.
+- Scope note: current string heuristics are mostly edge-routing logic, not deep OAuth credential decoding internals.
+
+### 4) Ownership and refresh contract
+
+Credential owner behavior must remain identical:
+
+- `.claudeCLI` expired credentials: delegated refresh path.
+- `.codexbar` expired credentials: direct refresh endpoint path.
+- `.environment` expired credentials: no auto-refresh.
+
+Refresh failure-gate semantics must remain unchanged.
+
+### 5) Provider siloing + enrichment contract
+
+Hard invariant:
+
+- Never merge Claude Web identity into OAuth/CLI snapshots.
+- Web extras may enrich **cost only**.
+- Snapshot identity must always remain provider-scoped to `.claude` when persisted/displayed.
+
+### 6) Plan inference compatibility contract
+
+Canonical plan inference can live behind the existing `loginMethod` compatibility surface, but outward
+compatibility must be preserved:
+
+- Existing detectable plans continue mapping to display strings:
+  - `Claude Max`
+  - `Claude Pro`
+  - `Claude Team`
+  - `Claude Enterprise`
+- Subscription detection behavior must remain compatible with current UI logic, including existing `Ultra` detection
+  semantics until that behavior is explicitly changed.
+
+### 7) Documentation + diagnostics contract
+
+- During refactor, characterization coverage plus
+  [docs/refactor/claude-current-baseline.md](claude-current-baseline.md)
+  are the source of truth when docs and code disagree.
+- `docs/claude.md` must be updated as part of Phase 0 after characterization lands so it no longer presents divergent
+  runtime ordering as settled behavior.
+- Debug surfaces must consume planner-derived diagnostics instead of recomputing Claude source decisions separately.
+
+## Resolved decisions (from open questions)
+
+### Web identity fill-ins
+
+- **Decision:** do not use Web identity to fill missing OAuth/CLI identity fields.
+- **Allowed:** Web cost enrichment only.
+
+### CLI runtime fallback ordering
+
+- **Decision:** keep current CLI ordering in `auto`: `web -> cli`.
+- Planner must encode this explicitly and not rely on incidental strategy ordering.
+
+### Startup bootstrap prompt in `onlyOnUserAction`
+
+- **Decision:** keep support exactly under the startup bootstrap constraints listed above.
+- Any expansion/restriction requires explicit doc update and tests.
+
+### Runtime policy unification timing
+
+- **Decision:** do not unify app and CLI `auto` ordering before this refactor.
+- First consolidate to one planner implementation with current runtime-specific behavior preserved.
+- Any runtime-policy unification is a separate, explicit behavior-change follow-up.
+
+### Planner integration timing
+
+- **Decision:** `ClaudeSourcePlanner` must be integrated into the existing provider descriptor / fetch pipeline rather
+  than added as a parallel orchestration layer.
+- Reuse current `ProviderFetchContext` / `ProviderFetchPlan` plumbing where possible.
+
+### Dependency seam timing
+
+- **Decision:** introduce dependency-container seams for newly extracted planner/executor components as they are
+  created.
+- Full TaskLocal cleanup can remain later, but new components should not deepen TaskLocal coupling.
+
+## Locked migration plan with exit gates
+
+### Phase 0: Baseline lock
+
+Deliverables:
+- Add `docs/refactor/claude-current-baseline.md` as the current-state behavior reference.
+- Add/refresh characterization tests for runtime/source matrix and prompt-decision parity.
+- Add explicit characterization tests for existing `.auto` decision paths where they are reachable through stable seams,
+  and defer remaining current-state details to the baseline doc until later reconciliation.
+- Update `docs/claude.md` after tests land so documented ordering matches characterized behavior.
+
+Exit gate:
+- Behavior matrix tests pass for app and cli runtimes.
+- `.auto` characterization coverage plus the baseline doc record current divergence explicitly without forcing new
+  production seams in Phase 0.
+- `docs/claude.md` no longer contradicts characterized runtime/source behavior.
+
+### Phase 1: Canonical plan resolver
+
+Deliverables:
+- Introduce `ClaudePlan` + one resolver used by OAuth/Web/CLI mapping and downstream UI consumers.
+
+Exit gate:
+- Plan mapping tests cover tier/billing/status-derived hints, compatibility display strings, and current UI subscription
+  detection compatibility.
+
+### Phase 1b: Typed credentials at the snapshot edge
+
+Deliverables:
+- Parse manual Claude credentials once at the app + CLI snapshot edges into a typed model.
+- Remove duplicated edge-routing heuristics for OAuth-vs-cookie decisions across settings snapshots and token-account
+  CLI code.
+
+Exit gate:
+- Token account parity tests pass for app + CLI.
+- Snapshot-edge routing no longer duplicates Claude OAuth-token detection logic in multiple call sites.
+
+### Phase 2: Single source planner
+
+Deliverables:
+- Introduce `ClaudeSourcePlanner` + explicit `ClaudeFetchPlan`.
+- Integrate planner outputs into the existing provider pipeline / descriptor flow.
+- Remove duplicate `.auto` policy branches from lower layers.
+- Reconcile and remove `ClaudeUsageFetcher` internal `.auto` source selection.
+- Move debug/diagnostic surfaces to planner-derived attempt ordering instead of helper-specific recomputation.
+
+Exit gate:
+- One authoritative planner path for mode/runtime ordering.
+- Fallback attempt logs still show expected sequence and source labels.
+- No surviving `.auto` source-order logic outside planner.
+- No surviving debug-only source-order recomputation outside planner diagnostics.
+- Old-vs-new planner parity tests pass before old branches are removed.
+
+### Phase 2b: `ClaudeUsageFetcher` decomposition
+
+Deliverables:
+- Split `ClaudeUsageFetcher` into smaller executor-focused components.
+- Extract delegated OAuth retry/recovery flow into dedicated units.
+- Remove embedded prompt-policy/source-selection ownership from fetcher; keep it execution-only.
+
+Exit gate:
+- Fetcher no longer owns source-selection policy.
+- Delegated OAuth retry behavior is covered by dedicated tests and remains parity-compatible.
+
+### Phase 3: Test injection cleanup
+
+Deliverables:
+- Prefer dependency seams on extracted units instead of adding new TaskLocal-only override points.
+ - Avoid expanding TaskLocal-only test hooks while decomposition work lands.
+
+Exit gate:
+- New fetcher tests rely on explicit dependency seams where practical.
+
+### Phase 4: OAuth decomposition
+
+Deliverables (sub-phases):
+
+- **Phase 4a (repository extraction):**
+  - Extract IO + caching + owner/source loading into repository surface.
+  - Keep prompt-gate semantics unchanged.
+- **Phase 4b (refresher extraction):**
+  - Extract network refresh + failure gating to refresher component.
+  - Keep owner-based refresh behavior unchanged.
+- **Phase 4c (delegated controller extraction):**
+  - Extract delegated CLI touch + keychain-change observation + cooldown behavior.
+  - Keep delegated retry outcomes unchanged.
+
+Exit gate:
+- Existing OAuth delegated refresh / prompt policy / cooldown suites pass without behavior deltas at each sub-phase.
+- Owner semantics parity remains intact across all sub-phases (`claudeCLI`, `codexbar`, `environment`).
+
+### Phase 5: Test injection migration (TaskLocal -> DI)
+
+Deliverables:
+- Move test injection from TaskLocal-heavy overrides to `ClaudeFetchDependencies` and explicit protocol stubs.
+- Keep compatibility shims temporarily where needed, then remove them.
+
+Exit gate:
+- Core planner/executor tests run without TaskLocal injection dependencies.
+- Legacy TaskLocal-only override surfaces are either removed or isolated to compatibility adapters with deletion TODOs.
+
+### Phase 6: Web decomposition (optional)
+
+Deliverables:
+- Separate cookie acquisition from web usage client.
+- Keep probe tooling isolated behind debug/tool surface.
+
+Exit gate:
+- Web parsing and account mapping tests remain green.
+
+## Implementation PR plan (stacked)
+
+Use this sequence to keep each PR reviewable without turning the rollout into unnecessary PR overhead.
+
+| PR | Title | Scope | Primary risks | Must-pass gate before merge |
+| --- | --- | --- | --- | --- |
+| PR-01 | Baseline characterization + doc correction | Lock current matrix behavior, characterize `.auto` paths through stable seams, defer remaining lower-level current-state details to the baseline doc, characterize prompt bootstrap/cooldown and token-account routing, then update docs to match reality. | R1, R2, R5, R6, R10 | No production behavior changes; characterization suites green; docs no longer contradict tests or the baseline. |
+| PR-02 | Canonical plan resolver | Introduce `ClaudePlan` and central resolver; map OAuth/Web/CLI/UI compatibility through one model while preserving current `loginMethod` projections. | R8 | Plan compatibility tests green (`Max/Pro/Team/Enterprise` + current subscription compatibility). |
+| PR-03 | Typed credentials at the edge | Parse manual credentials once (`sessionKey`, `cookieHeader`, `oauthAccessToken`) in app + CLI snapshot shaping. | R6 | Token-account routing parity tests green in app + CLI contexts. |
+| PR-04 | Source planner introduction + cutover | Add `ClaudeSourcePlanner`, prove parity against old path, then remove duplicate `.auto` selection branches once parity is proven. | R1, R5, R10 | One `.auto` authority remains; attempt/source-label diagnostics remain parity-compatible. |
+| PR-05 | `ClaudeUsageFetcher` decomposition | Split fetcher into execution/retry-focused units; remove embedded source-selection ownership. | R2, R10 | Delegated OAuth retry/recovery tests green with no behavior deltas. |
+| PR-06 | OAuth decomposition | Extract repository, refresher, and delegated-controller seams from `ClaudeOAuthCredentialsStore` while preserving owner semantics. | R3, R4, R7, R9 | Cache/fingerprint/prompt/owner suites green (`claudeCLI`, `codexbar`, `environment`). |
+| PR-07 (optional) | TaskLocal -> DI migration | Move remaining tests and seams to `ClaudeFetchDependencies`, keep temporary compat adapters, then remove. | R9 | Core planner/executor tests run without TaskLocal globals. |
+| PR-08 (optional) | Web decomposition | Split cookie acquisition from web usage client and keep tooling isolated. | R8, R10 | Web parsing/account mapping suites remain green. |
+
+Stacking rules:
+
+1. Keep each PR scoped to one risk cluster and one merge gate.
+2. Do not remove old branches until a prior PR has old-vs-new parity tests in CI.
+3. If a PR intentionally changes behavior, update this locked doc in the same PR and call it out in summary.
+4. Prefer 6 core PRs unless parity risk forces a temporary split; do not fragment the rollout further without a
+   concrete rollback or reviewability reason.
+
+## Mandatory test additions
+
+Add these test groups before or during Phases 1-3, then extend for later phases:
+
+1. Planner matrix tests:
+   - `(runtime x selected mode x interaction x refresh phase x availability)` -> exact step order + fallback.
+2. `.auto` divergence characterization tests:
+   - Lock current behavior of strategy pipeline vs `resolveUsageStrategy` helper vs fetcher-direct `.auto`.
+   - Use as guardrails while consolidating to planner-only logic.
+3. Typed credential parsing tests:
+   - OAuth token, bearer token, session key, cookie header, malformed strings.
+4. Cross-provider identity isolation tests:
+   - Ensure `.claude` identity does not leak via snapshot scoping/merging.
+5. Source-label and attempt diagnostics tests:
+   - Validate final source label and attempt list parity.
+6. CLI token-account parity tests:
+   - `TokenAccountCLIContext` and app settings snapshot behavior match for OAuth-vs-cookie routing.
+7. Old-vs-new parity tests:
+   - Compare old path and planner path outputs before branch removals in Phase 2 and Phase 2b.
+8. DI migration tests:
+   - Ensure new dependency container can drive planner/executor tests without TaskLocal globals.
+
+## Risk checklist (implementation review)
+
+Use these risk IDs in refactor PR checklists/reviews.
+
+| Risk ID | Severity | Risk | Detail |
+| --- | --- | --- | --- |
+| R1 | Critical | Auto-ordering reconciliation | Three `.auto` paths are inconsistent today. Characterize strategy pipeline vs `resolveUsageStrategy` helper vs fetcher-direct `.auto` before deleting any path. |
+| R2 | High | Prompt policy consolidation | Prompt policy exists across strategy availability, fetcher flow, and credentials store gates. Preserve startup bootstrap constraints exactly to avoid prompt storms or silent OAuth suppression. |
+| R3 | High | `ClaudeOAuthCredentialsStore` decomposition | Large lock-protected state + layered caches + fingerprint invalidation + security calls. Splits can break cache coherence, invalidation timing, or prompt gating order. |
+| R4 | High | Owner semantics drift | Preserve exact owner-to-refresh mapping: `.claudeCLI` delegated, `.codexbar` direct refresh, `.environment` no refresh. |
+| R5 | Medium | CLI runtime parity | Preserve runtime-specific policy: CLI `auto` remains `web -> cli`; OAuth is available only when explicitly selected as `sourceMode=.oauth`. Do not accidentally default CLI runtime to app ordering. |
+| R6 | Medium | Token-account OAuth-vs-cookie misrouting | Keep routing parity for OAuth token vs session key vs full cookie header, including `Bearer sk-ant-oat...` normalization. |
+| R7 | Medium | Cache invalidation regressions | Preserve credentials file/keychain fingerprint semantics and stale-cache guards during repository extraction. |
+| R8 | Low-Medium | Plan inference heuristic drift | Preserve web-specific plan inference fallback (`billing_type` + `rate_limit_tier`) when unifying plan resolution. |
+| R9 | Medium | Strict concurrency / `@Sendable` regressions | Maintain thread-safe behavior from current NSLock-based state while moving to DI/decomposed components under Swift 6 strict concurrency. |
+| R10 | Low | Debug/diagnostic drift | Keep source labels, attempt sequences, and debug output aligned with real planner decisions after consolidation. |
+
+## Change-control rule
+
+Any refactor PR that intentionally changes one of the locked contracts above must:
+
+1. Update this document.
+2. Add/adjust tests proving the new behavior.
+3. Call out the behavior change explicitly in the PR summary.
diff --git a/docs/refactor/cli.md b/docs/refactor/cli.md
index 0eadaa702..f849cc887 100644
--- a/docs/refactor/cli.md
+++ b/docs/refactor/cli.md
@@ -73,7 +73,6 @@ read_when:
    - Config validation (bad region/source/apiKey field).
    - SettingsStore order/toggle invariants still pass.
 8. **Verification**
-   - `swift test`, `swiftformat Sources Tests`, `swiftlint --strict`, `pnpm check`.
+   - `swift test`, `swiftformat Sources Tests`, `swiftlint --strict`, `make check`.
    - `./Scripts/compile_and_run.sh`.
    - CLI e2e: `codexbar --json-only ...`, `codexbar config validate`.
-
diff --git a/docs/refresh-loop.md b/docs/refresh-loop.md
index 58cb7c545..1426ce242 100644
--- a/docs/refresh-loop.md
+++ b/docs/refresh-loop.md
@@ -15,6 +15,9 @@ read_when:
 - Background refresh runs off-main and updates `UsageStore` (usage + credits + optional web scrape).
 - Manual “Refresh now” always available in the menu.
 - Stale/error states dim the icon and surface status in-menu.
+- Optional provider-storage scans run only when “Show provider storage usage” is enabled. They are scheduled in the
+  background, coalesced/throttled during automatic refreshes, and forced by manual refresh without blocking the usage
+  refresh path.
 
 ## Optional future
 - Auto-seed a log if none exists via `codex exec --skip-git-repo-check --json "ping"` (currently not executed).
diff --git a/docs/releasing-homebrew.md b/docs/releasing-homebrew.md
index 4bbfaf69c..8f2078b96 100644
--- a/docs/releasing-homebrew.md
+++ b/docs/releasing-homebrew.md
@@ -14,20 +14,29 @@ Homebrew is for the UI app via Cask. When installed via Homebrew, CodexBar disab
 - Access to the tap repo: `../homebrew-tap`.
 
 ## 1) Release CodexBar normally
-Follow `docs/RELEASING.md` to publish `CodexBar-<version>.zip` to GitHub Releases.
+Follow `docs/RELEASING.md` to publish `CodexBar-macos-universal-<version>.zip` to GitHub Releases.
 
-## 2) Update the Homebrew tap cask
-In `../homebrew-tap`, add/update the cask at `Casks/codexbar.rb`:
-- `url` points at the GitHub release asset: `.../releases/download/v<version>/CodexBar-<version>.zip`
+## 2) Let the Release CLI workflow update the tap
+After the GitHub release is published, `.github/workflows/release-cli.yml` builds the standalone CLI assets and dispatches `steipete/homebrew-tap`'s `update-formula.yml`. That tap workflow updates both:
+- `Casks/codexbar.rb` for the app zip.
+- `Formula/codexbar.rb` for the standalone CLI tarballs.
+
+If dispatch fails or is rate-limited, update the files manually.
+
+## 2a) Manual cask update
+In `../homebrew-tap`, update the cask at `Casks/codexbar.rb`:
+- `url` points at the GitHub release asset: `.../releases/download/v<version>/CodexBar-macos-universal-<version>.zip`
 - Update `sha256` to match that zip.
 - Keep `depends_on arch: :arm64` and `depends_on macos: ">= :sonoma"` (CodexBar is macOS 14+).
 
-## 2b) Update the Homebrew tap formula (Linux CLI)
-In `../homebrew-tap`, add/update the formula at `Formula/codexbar.rb`:
+## 2b) Manual formula update
+In `../homebrew-tap`, update the formula at `Formula/codexbar.rb`:
 - `url` points at the GitHub release assets:
-  - `.../releases/download/v<version>/CodexBarCLI-v<version>-linux-aarch64.tar.gz`
-  - `.../releases/download/v<version>/CodexBarCLI-v<version>-linux-x86_64.tar.gz`
-- Update both `sha256` values to match those tarballs.
+  - macOS: `.../releases/download/v<version>/CodexBarCLI-v<version>-macos-arm64.tar.gz`
+  - macOS: `.../releases/download/v<version>/CodexBarCLI-v<version>-macos-x86_64.tar.gz`
+  - Linux: `.../releases/download/v<version>/CodexBarCLI-v<version>-linux-aarch64.tar.gz`
+  - Linux: `.../releases/download/v<version>/CodexBarCLI-v<version>-linux-x86_64.tar.gz`
+- Update all `sha256` values to match those tarballs.
 
 ## 3) Verify install
 ```sh
diff --git a/docs/site.css b/docs/site.css
index bf335d072..d1a522c39 100644
--- a/docs/site.css
+++ b/docs/site.css
@@ -1,30 +1,79 @@
 :root {
-  color-scheme: light dark;
-  --bg: #070b12;
-  --panel: rgba(14, 18, 28, 0.78);
-  --panel-solid: #0e121c;
-  --text: rgba(241, 246, 255, 0.92);
-  --muted: rgba(187, 198, 218, 0.78);
-  --line: rgba(255, 255, 255, 0.1);
-  --accent: #3ff0d6;
-  --accent2: #2d5bff;
-  --shadow: rgba(0, 0, 0, 0.42);
-  --radius: 18px;
-  --radius-sm: 14px;
-}
-
-@media (prefers-color-scheme: light) {
-  :root {
-    --bg: #f8fbff;
-    --panel: rgba(255, 255, 255, 0.74);
-    --panel-solid: #ffffff;
-    --text: rgba(11, 16, 22, 0.92);
-    --muted: rgba(56, 70, 88, 0.75);
-    --line: rgba(11, 16, 22, 0.1);
-    --shadow: rgba(11, 16, 22, 0.12);
+  color-scheme: light;
+  --bg: #fbfbfc;
+  --bg-elev: #ffffff;
+  --bg-elev-2: #f3f4f6;
+  --ink-1: #0a0a0c;
+  --ink-2: #5b6068;
+  --ink-3: #8a8f97;
+  --line: rgba(0, 0, 0, 0.08);
+  --line-strong: rgba(0, 0, 0, 0.18);
+  --link: #0066cc;
+  --structure-line: rgba(10, 10, 12, 0.045);
+  --structure-line-strong: rgba(10, 10, 12, 0.1);
+  --structure-accent-hot: rgba(255, 106, 0, 0.12);
+  --structure-accent-cool: rgba(0, 191, 165, 0.1);
+  --logo-chip-bg: #ffffff;
+  --logo-chip-line: rgba(0, 0, 0, 0.08);
+  --logo-image-filter: none;
+  --logo-chip-shadow: 0 1px 0 rgba(255, 255, 255, 0.34), inset 0 0 0 1px rgba(0, 0, 0, 0.04);
+  --theme-toggle-bg: #101116;
+  --theme-toggle-ink: #ffffff;
+  --radius: 8px;
+  --radius-sm: 7px;
+}
+
+@media (prefers-color-scheme: dark) {
+  :root:not([data-theme]) {
+    --bg: #0a0a0c;
+    --bg-elev: #131418;
+    --bg-elev-2: #1c1d22;
+    --ink-1: #f0f0f3;
+    --ink-2: #97a0aa;
+    --ink-3: #6b7280;
+    --line: rgba(255, 255, 255, 0.09);
+    --line-strong: rgba(255, 255, 255, 0.2);
+    --link: #6ea8ff;
+    --structure-line: rgba(255, 255, 255, 0.035);
+    --structure-line-strong: rgba(255, 255, 255, 0.095);
+    --structure-accent-hot: rgba(255, 106, 0, 0.14);
+    --structure-accent-cool: rgba(0, 191, 165, 0.12);
+    --logo-chip-bg: #101116;
+    --logo-chip-line: rgba(255, 255, 255, 0.14);
+    --logo-image-filter: brightness(0) invert(1) saturate(0.86) contrast(1.12);
+    --logo-chip-shadow: 0 1px 0 rgba(255, 255, 255, 0.08), inset 0 0 0 1px rgba(255, 255, 255, 0.08);
+    --theme-toggle-bg: #ffffff;
+    --theme-toggle-ink: #0a0a0c;
   }
 }
 
+:root[data-theme="dark"] {
+  color-scheme: dark;
+  --bg: #0a0a0c;
+  --bg-elev: #131418;
+  --bg-elev-2: #1c1d22;
+  --ink-1: #f0f0f3;
+  --ink-2: #97a0aa;
+  --ink-3: #6b7280;
+  --line: rgba(255, 255, 255, 0.09);
+  --line-strong: rgba(255, 255, 255, 0.2);
+  --link: #6ea8ff;
+  --structure-line: rgba(255, 255, 255, 0.035);
+  --structure-line-strong: rgba(255, 255, 255, 0.095);
+  --structure-accent-hot: rgba(255, 106, 0, 0.14);
+  --structure-accent-cool: rgba(0, 191, 165, 0.12);
+  --logo-chip-bg: #101116;
+  --logo-chip-line: rgba(255, 255, 255, 0.14);
+  --logo-image-filter: brightness(0) invert(1) saturate(0.86) contrast(1.12);
+  --logo-chip-shadow: 0 1px 0 rgba(255, 255, 255, 0.08), inset 0 0 0 1px rgba(255, 255, 255, 0.08);
+  --theme-toggle-bg: #ffffff;
+  --theme-toggle-ink: #0a0a0c;
+}
+
+:root[data-theme="light"] {
+  color-scheme: light;
+}
+
 * {
   box-sizing: border-box;
 }
@@ -34,472 +83,808 @@ body {
   min-height: 100%;
 }
 
+html {
+  background: var(--bg);
+}
+
 body {
   margin: 0;
-  font: 16px/1.55 ui-sans-serif, "Avenir Next", Avenir, "Segoe UI", "Helvetica Neue", sans-serif;
-  color: var(--text);
+  font-family: -apple-system, BlinkMacSystemFont, "SF Pro Text", "Segoe UI", "Helvetica Neue", sans-serif;
+  font-size: 16px;
+  line-height: 1.5;
+  color: var(--ink-1);
+  background: var(--bg);
+  -webkit-font-smoothing: antialiased;
+  text-rendering: optimizeLegibility;
+  position: relative;
+  overflow-x: hidden;
+}
+
+h1,
+h2,
+h3,
+p {
+  overflow-wrap: break-word;
+}
+
+.backdrop {
+  position: fixed;
+  inset: 0;
+  z-index: 0;
+  overflow: hidden;
+  pointer-events: none;
+  contain: strict;
+}
+
+.backdrop::before {
+  content: "";
+  position: absolute;
+  inset: -20% -10%;
   background:
-    radial-gradient(1100px 800px at 15% 10%, rgba(63, 240, 214, 0.18), transparent 58%),
-    radial-gradient(950px 780px at 85% 20%, rgba(45, 91, 255, 0.18), transparent 60%),
-    radial-gradient(900px 700px at 40% 95%, rgba(63, 240, 214, 0.06), transparent 60%),
-    repeating-linear-gradient(90deg, rgba(255, 255, 255, 0.04), rgba(255, 255, 255, 0.04) 1px, transparent 1px, transparent 72px),
-    var(--bg);
+    linear-gradient(115deg, transparent 0 42%, var(--structure-accent-hot) 42% 42.35%, transparent 42.35% 100%),
+    linear-gradient(115deg, transparent 0 58%, var(--structure-accent-cool) 58% 58.3%, transparent 58.3% 100%);
+  opacity: 0.42;
+  transform: skewY(-4deg);
 }
 
-html {
+.backdrop .plane,
+.backdrop .trace {
+  position: absolute;
+  display: block;
+}
+
+.backdrop .plane {
+  border: 1px solid var(--structure-line-strong);
+  border-radius: 18px;
+  box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.06);
+  opacity: 0.32;
+}
+
+.backdrop .p1 {
+  width: 780px;
+  height: 300px;
+  left: max(24px, calc(50% - 720px));
+  top: 128px;
+  transform: rotate(-2deg);
+}
+
+.backdrop .p2 {
+  width: 580px;
+  height: 360px;
+  right: max(24px, calc(50% - 760px));
+  top: 460px;
+  transform: rotate(3deg);
+}
+
+.backdrop .trace {
+  height: 1px;
+  background: linear-gradient(90deg, transparent, var(--structure-line-strong), transparent);
+  opacity: 0.36;
+}
+
+.backdrop .trace::before,
+.backdrop .trace::after {
+  content: "";
+  position: absolute;
+  top: -3px;
+  width: 7px;
+  height: 7px;
+  border: 1px solid var(--structure-line-strong);
+  border-radius: 2px;
   background: var(--bg);
 }
 
-a,
-a:visited {
-  color: inherit;
+.backdrop .trace::before {
+  left: 18%;
+}
+
+.backdrop .trace::after {
+  right: 12%;
+}
+
+.backdrop .t1 {
+  width: 58vw;
+  left: -6vw;
+  top: 260px;
+  transform: rotate(-12deg);
+}
+
+.backdrop .t2 {
+  width: 44vw;
+  right: -4vw;
+  top: 210px;
+  transform: rotate(14deg);
+}
+
+.backdrop .t3 {
+  width: 52vw;
+  left: 10vw;
+  top: 660px;
+  transform: rotate(7deg);
+}
+
+.backdrop .t4 {
+  width: 38vw;
+  right: 10vw;
+  top: 910px;
+  transform: rotate(-9deg);
+}
+
+body::before {
+  content: "";
+  position: fixed;
+  inset: 0;
+  z-index: 0;
+  pointer-events: none;
+  background-image:
+    linear-gradient(var(--structure-line) 1px, transparent 1px),
+    linear-gradient(90deg, var(--structure-line) 1px, transparent 1px),
+    linear-gradient(var(--structure-line-strong) 1px, transparent 1px),
+    linear-gradient(90deg, var(--structure-line-strong) 1px, transparent 1px);
+  background-size: 32px 32px, 32px 32px, 128px 128px, 128px 128px;
+  background-position: 50% 0, 50% 0, 50% 0, 50% 0;
+  -webkit-mask-image: linear-gradient(180deg, rgba(0, 0, 0, 1), rgba(0, 0, 0, 0.7) 70%, rgba(0, 0, 0, 0.45));
+          mask-image: linear-gradient(180deg, rgba(0, 0, 0, 1), rgba(0, 0, 0, 0.7) 70%, rgba(0, 0, 0, 0.45));
+}
+
+body::after {
+  content: "";
+  position: fixed;
+  inset: 0;
+  z-index: 0;
+  pointer-events: none;
+  background-image:
+    repeating-linear-gradient(135deg, transparent 0 56px, var(--structure-line) 56px 57px, transparent 57px 112px),
+    radial-gradient(circle at center, var(--structure-line-strong) 1px, transparent 1.6px);
+  background-size: auto, 96px 96px;
+  background-position: 0 0, 50% 0;
+  -webkit-mask-image: linear-gradient(180deg, rgba(0, 0, 0, 0.48), rgba(0, 0, 0, 0.24) 78%, transparent);
+          mask-image: linear-gradient(180deg, rgba(0, 0, 0, 0.48), rgba(0, 0, 0, 0.24) 78%, transparent);
 }
 
 a {
+  color: inherit;
   text-decoration: none;
 }
 
 a:hover {
   text-decoration: underline;
+  text-decoration-thickness: 1px;
+  text-underline-offset: 3px;
 }
 
 code {
-  font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", monospace;
-  font-size: 0.95em;
+  font-family: ui-monospace, "SF Mono", Menlo, Consolas, monospace;
+  font-size: 0.92em;
 }
 
-.wrap {
-  max-width: 1020px;
-  margin: 0 auto;
-  padding: 46px 22px 34px;
+.masthead,
+.lede,
+.providers,
+.showcase,
+.detail,
+.foot {
+  position: relative;
+  z-index: 1;
+  width: 100%;
+  max-width: 1080px;
+  margin-left: auto;
+  margin-right: auto;
+  padding-left: 24px;
+  padding-right: 24px;
 }
 
-.top {
+.masthead {
   display: flex;
   align-items: center;
   justify-content: space-between;
-  gap: 18px;
-  margin-bottom: 28px;
+  padding-top: 22px;
+  padding-bottom: 22px;
 }
 
 .brand {
-  display: flex;
+  display: inline-flex;
   align-items: center;
-  gap: 14px;
-  min-width: 240px;
+  gap: 10px;
+  font-weight: 600;
+  font-size: 16px;
+  letter-spacing: 0;
 }
 
-.name {
-  display: flex;
-  flex-direction: column;
-  gap: 2px;
+.brand:hover {
+  text-decoration: none;
 }
 
-.title {
-  margin: 0;
-  font-family: ui-serif, "New York", "Iowan Old Style", Palatino, serif;
-  font-size: 22px;
-  letter-spacing: 0.1px;
+.mark {
+  width: 28px;
+  height: 28px;
+  border-radius: 7px;
 }
 
-.tagline {
-  margin: 0;
-  color: var(--muted);
-  font-size: 13.5px;
+.nav {
+  display: flex;
+  align-items: center;
+  gap: 22px;
+  font-size: 14px;
 }
 
-.mark {
-  width: 44px;
-  height: 44px;
-  border-radius: 13px;
-  border: 0;
-  box-shadow: none;
-  background: transparent;
-  object-fit: cover;
-  filter: drop-shadow(0 12px 24px rgba(0, 0, 0, 0.35));
+.nav a {
+  color: var(--ink-2);
 }
 
-.brand:hover .mark {
-  filter: drop-shadow(0 16px 34px rgba(0, 0, 0, 0.42));
+.nav a:hover {
+  color: var(--ink-1);
+  text-decoration: none;
 }
 
-.links {
-  display: flex;
-  gap: 10px;
+.theme-toggle {
+  width: 36px;
+  height: 36px;
+  padding: 0;
+  border: 1px solid var(--line-strong);
+  border-radius: 999px;
+  display: inline-grid;
+  place-items: center;
+  color: var(--theme-toggle-ink);
+  background: var(--theme-toggle-bg);
+  cursor: pointer;
+  transition: transform 140ms ease, border-color 140ms ease, background 140ms ease, color 140ms ease;
 }
 
-.btn {
-  padding: 10px 14px;
-  border-radius: 13px;
-  border: 0;
-  background: color-mix(in srgb, var(--panel-solid) 32%, transparent);
-  box-shadow: 0 10px 28px var(--shadow);
-  transition: transform 160ms ease, background 160ms ease, box-shadow 160ms ease;
-  white-space: nowrap;
+.theme-toggle:hover {
+  transform: translateY(-1px);
+  border-color: var(--ink-2);
 }
 
-.btn:hover {
-  transform: translateY(-1px);
-  text-decoration: none;
-  background: color-mix(in srgb, var(--panel-solid) 52%, transparent);
-  box-shadow: 0 14px 34px var(--shadow);
+.theme-toggle .sun,
+.theme-toggle .moon {
+  grid-area: 1 / 1;
+  transition: opacity 140ms ease, transform 140ms ease;
 }
 
-.btn.primary {
-  background: linear-gradient(135deg, rgba(63, 240, 214, 0.65), rgba(45, 91, 255, 0.62));
-  background-clip: padding-box;
-  box-shadow: 0 12px 30px color-mix(in srgb, var(--accent) 25%, var(--shadow));
+.theme-toggle .sun {
+  opacity: 1;
+  transform: scale(1);
 }
 
-.btn.ghost {
-  background: transparent;
-  box-shadow: none;
-  color: color-mix(in srgb, var(--text) 86%, var(--muted));
+.theme-toggle .moon {
+  opacity: 0;
+  transform: scale(0.72) rotate(-12deg);
 }
 
-.btn.ghost:hover {
-  background: color-mix(in srgb, var(--panel-solid) 28%, transparent);
-  box-shadow: 0 10px 24px var(--shadow);
+:root[data-theme="dark"] .theme-toggle .sun,
+:root:not([data-theme]) .theme-toggle[aria-pressed="true"] .sun {
+  opacity: 0;
+  transform: scale(0.72) rotate(12deg);
 }
 
-.hero {
-  display: grid;
-  grid-template-columns: minmax(0, 1.05fr) minmax(0, 0.9fr);
-  gap: 26px;
+:root[data-theme="dark"] .theme-toggle .moon,
+:root:not([data-theme]) .theme-toggle[aria-pressed="true"] .moon {
+  opacity: 1;
+  transform: scale(1);
+}
+
+.btn {
+  display: inline-flex;
   align-items: center;
-  padding: 24px 26px;
-  border: 1px solid var(--line);
-  border-radius: var(--radius);
-  background: var(--panel);
-  backdrop-filter: blur(12px);
-  box-shadow: 0 18px 60px var(--shadow);
-  position: relative;
-  overflow: hidden;
+  justify-content: center;
+  gap: 8px;
+  padding: 8px 14px;
+  border-radius: 999px;
+  border: 1px solid var(--line-strong);
+  background: var(--bg-elev);
+  font-size: 14px;
+  font-weight: 500;
+  color: var(--ink-1);
+  white-space: nowrap;
+  transition: background 140ms ease, border-color 140ms ease, transform 140ms ease, color 140ms ease;
 }
 
-.copy {
-  position: relative;
-  z-index: 1;
+.btn:hover {
+  background: var(--bg-elev-2);
+  border-color: var(--ink-2);
+  text-decoration: none;
 }
 
-.hero-heading {
-  display: flex;
-  gap: 14px;
-  align-items: flex-start;
+.btn.primary {
+  background: var(--ink-1);
+  color: var(--bg);
+  border-color: var(--ink-1);
 }
 
-.hero-icon {
-  width: 40px;
-  height: 40px;
-  border-radius: 12px;
-  filter: drop-shadow(0 12px 24px rgba(0, 0, 0, 0.35));
+.btn.primary:hover {
+  background: color-mix(in srgb, var(--ink-1) 86%, transparent);
+  border-color: var(--ink-1);
+  color: var(--bg);
 }
 
-.hero::before {
-  content: "";
-  position: absolute;
-  inset: -1px;
-  background:
-    radial-gradient(600px 320px at 10% 15%, rgba(63, 240, 214, 0.18), transparent 55%),
-    radial-gradient(520px 300px at 92% 18%, rgba(45, 91, 255, 0.18), transparent 55%);
-  pointer-events: none;
-  opacity: 0.9;
+.btn.lg {
+  padding: 11px 20px;
+  font-size: 15px;
 }
 
-.copy h2 {
-  margin: 0 0 8px;
-  font-family: ui-serif, "New York", "Iowan Old Style", Palatino, serif;
-  font-size: 34px;
-  letter-spacing: -0.3px;
-  line-height: 1.12;
-  position: relative;
+.lede {
+  padding-top: 56px;
+  padding-bottom: 64px;
 }
 
-.copy p {
-  margin: 0 0 10px;
-  color: var(--muted);
+.lede h1 {
+  margin: 0 0 18px;
+  font-size: 60px;
+  line-height: 1.04;
+  letter-spacing: -0.01em;
+  font-weight: 600;
+  max-width: 18ch;
 }
 
-.requirement {
-  margin: 6px 0 0;
-  color: color-mix(in srgb, var(--text) 92%, var(--muted));
-  font-size: 13.5px;
+.lede h1 .grad {
+  background-image: linear-gradient(100deg, #ff6a00 0%, #ff3399 32%, #6e5aff 62%, #00bfa5 100%);
+  -webkit-background-clip: text;
+  background-clip: text;
+  color: transparent;
+  background-size: 200% 100%;
+  animation: hue-slide 14s ease-in-out infinite;
 }
 
-.badges {
-  display: flex;
-  flex-wrap: wrap;
-  gap: 8px;
-  margin-bottom: 10px;
-  position: relative;
+@keyframes hue-slide {
+  0%, 100% { background-position: 0% 50%; }
+  50% { background-position: 100% 50%; }
 }
 
-.badge {
-  font-size: 12px;
-  padding: 6px 10px;
-  border-radius: 999px;
-  border: 1px solid var(--line);
-  background: color-mix(in srgb, var(--panel-solid) 14%, transparent);
-  color: color-mix(in srgb, var(--text) 86%, var(--muted));
-  letter-spacing: 0.2px;
+.lede .dek {
+  margin: 0;
+  font-size: 19px;
+  line-height: 1.5;
+  color: var(--ink-2);
+  max-width: 60ch;
 }
 
-.cta {
+.lede .actions {
   display: flex;
-  gap: 10px;
   flex-wrap: wrap;
-  margin-top: 14px;
-  position: relative;
+  gap: 12px;
+  margin: 28px 0 14px;
+  align-items: center;
 }
 
-.brew-line {
-  display: flex;
+.brew {
+  display: inline-flex;
   align-items: center;
-  gap: 8px;
-  flex-wrap: wrap;
+  gap: 4px;
+  padding: 6px 6px 6px 14px;
+  border: 1px solid var(--line-strong);
+  border-radius: 999px;
+  background: var(--bg-elev);
+  font-size: 13.5px;
+  max-width: 100%;
+  overflow: hidden;
 }
 
-.brew-line code {
-  background: color-mix(in srgb, var(--panel-solid) 40%, transparent);
-  padding: 4px 8px;
-  border-radius: 6px;
-  border: 1px solid var(--line);
+.brew code {
+  background: none;
+  padding: 0;
+  min-width: 0;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
 }
 
-.copy-btn {
+.brew-copy {
   display: inline-flex;
   align-items: center;
   justify-content: center;
   width: 28px;
   height: 28px;
   padding: 0;
-  border: 1px solid var(--line);
-  border-radius: 6px;
-  background: color-mix(in srgb, var(--panel-solid) 30%, transparent);
-  color: var(--muted);
+  margin: 0;
+  border: 0;
+  background: transparent;
+  border-radius: 999px;
+  color: var(--ink-2);
   cursor: pointer;
-  transition: background 160ms ease, color 160ms ease, border-color 160ms ease;
+  flex-shrink: 0;
+  transition: background 140ms ease, color 140ms ease;
 }
 
-.copy-btn:hover {
-  background: color-mix(in srgb, var(--panel-solid) 60%, transparent);
-  color: var(--text);
-  border-color: color-mix(in srgb, var(--accent) 32%, var(--line));
+.brew-copy:hover {
+  background: var(--bg-elev-2);
+  color: var(--ink-1);
 }
 
-.copy-btn .icon-check {
+.brew-copy .ok {
   display: none;
-  color: var(--accent);
 }
 
-.copy-btn.copied .icon-copy {
+.brew-copy.copied .ic {
   display: none;
 }
 
-.copy-btn.copied .icon-check {
-  display: block;
+.brew-copy.copied .ok {
+  display: inline;
+  color: #16a34a;
 }
 
-.copy-btn.copied {
-  border-color: var(--accent);
-  color: var(--accent);
+.fineprint {
+  margin: 6px 0 0;
+  font-size: 13px;
+  color: var(--ink-3);
 }
 
-.bullets {
-  margin: 14px 0 0;
-  padding: 0 0 0 18px;
-  color: var(--muted);
-  font-size: 13.5px;
-  position: relative;
+.section-head {
+  margin: 0 0 22px;
+  display: flex;
+  align-items: baseline;
+  justify-content: space-between;
+  gap: 18px;
+  flex-wrap: wrap;
 }
 
-.bullets li {
-  margin: 6px 0;
+.section-head h2 {
+  margin: 0;
+  font-size: 28px;
+  font-weight: 600;
+  letter-spacing: 0;
 }
 
-.note {
-  margin: 10px 0 0;
-  color: var(--muted);
-  font-size: 13px;
+.section-head p {
+  margin: 0;
+  color: var(--ink-2);
+  font-size: 14.5px;
+  max-width: 48ch;
 }
 
-.shot {
+.providers {
+  padding-bottom: 64px;
+}
+
+.grid {
+  list-style: none;
   margin: 0;
-  position: relative;
-  z-index: 1;
+  padding: 0;
+  display: grid;
+  grid-template-columns: repeat(auto-fill, minmax(190px, 1fr));
+  gap: 8px;
 }
 
-.shot img {
-  width: 100%;
-  height: auto;
-  border-radius: var(--radius-sm);
+.grid > li {
+  margin: 0;
+}
+
+.provider {
+  --ink: #ffffff;
+  position: relative;
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  padding: 12px;
   border: 1px solid var(--line);
-  box-shadow: 0 18px 60px var(--shadow);
-  background: color-mix(in srgb, var(--panel-solid) 92%, transparent);
-  transform: perspective(900px) rotateY(-6deg) rotateX(2deg);
-  transition: transform 220ms ease, box-shadow 220ms ease;
+  border-radius: var(--radius);
+  background: color-mix(in srgb, var(--bg-elev) 82%, transparent);
+  backdrop-filter: blur(8px) saturate(140%);
+  -webkit-backdrop-filter: blur(8px) saturate(140%);
+  text-decoration: none;
+  color: var(--ink-1);
+  min-height: 64px;
+  transition: transform 140ms ease, border-color 140ms ease, box-shadow 140ms ease, background 140ms ease;
 }
 
-.hero-shot {
-  margin: 0;
-  justify-self: end;
+.provider:hover {
+  text-decoration: none;
+  transform: translateY(-1px);
+  border-color: color-mix(in srgb, var(--brand, var(--line-strong)) 55%, var(--line-strong));
+  box-shadow: 0 6px 18px color-mix(in srgb, var(--brand, transparent) 18%, transparent);
 }
 
-.hero-shot img {
-  max-width: 300px;
-  margin-left: auto;
+.provider:has(.chip-logo)::before {
+  content: "";
+  width: 38px;
+  height: 38px;
+  border-radius: var(--radius-sm);
+  flex: 0 0 38px;
+  background: var(--logo-chip-bg);
+  border: 1px solid var(--logo-chip-line);
+  box-shadow: var(--logo-chip-shadow);
+  transition: background 140ms ease, border-color 140ms ease, box-shadow 140ms ease;
 }
 
-.hero-shot figcaption {
-  max-width: 300px;
-  text-align: center;
-  margin-left: auto;
+.provider.logo-dark::before {
+  background: #101116;
+  border-color: rgba(0, 0, 0, 0.14);
 }
 
-.shot figcaption {
-  margin-top: 8px;
-  color: var(--muted);
-  font-size: 12.5px;
-  text-align: center;
+:root[data-theme="dark"] .provider.logo-dark::before {
+  background: var(--logo-chip-bg);
+  border-color: var(--logo-chip-line);
 }
 
-.shot img:hover {
-  transform: perspective(900px) rotateY(-2deg) rotateX(0deg) translateY(-2px);
-  box-shadow: 0 24px 80px var(--shadow);
+@media (prefers-color-scheme: dark) {
+  :root:not([data-theme]) .provider.logo-dark::before {
+    background: var(--logo-chip-bg);
+    border-color: var(--logo-chip-line);
+  }
 }
 
-.details {
+.provider .chip {
+  width: 38px;
+  height: 38px;
+  border-radius: var(--radius-sm);
   display: grid;
-  grid-template-columns: repeat(3, 1fr);
-  gap: 14px;
-  margin-top: 14px;
+  place-items: center;
+  background: var(--brand, var(--bg-elev-2));
+  color: var(--ink, #fff);
+  font-weight: 700;
+  font-size: 17px;
+  letter-spacing: 0;
+  flex-shrink: 0;
+  box-shadow:
+    inset 0 1px 0 rgba(255, 255, 255, 0.18),
+    inset 0 -1px 0 rgba(0, 0, 0, 0.12);
+}
+
+.provider .chip-logo {
+  position: absolute;
+  left: 18px;
+  top: 50%;
+  width: 26px;
+  height: 26px;
+  transform: translateY(-50%);
+  border-radius: var(--radius-sm);
+  flex-shrink: 0;
+  object-fit: contain;
+  background: transparent;
+  border: 0;
+  filter: var(--logo-image-filter);
+  padding: 0;
+  box-shadow: none;
+  transition: filter 140ms ease;
 }
 
-.details.permissions {
-  grid-template-columns: 1fr;
+.provider .chip-logo.no-bg {
+  background: transparent;
+  padding: 0;
 }
 
-.card {
-  border: 1px solid var(--line);
-  border-radius: var(--radius);
-  padding: 14px 14px 12px;
-  background: var(--panel);
-  backdrop-filter: blur(10px);
-  box-shadow: 0 14px 40px var(--shadow);
+.provider .chip-logo.preserve-color {
+  filter: none;
 }
 
-.card h3 {
-  margin: 0 0 6px;
-  font-size: 13px;
-  letter-spacing: 0.2px;
-  text-transform: uppercase;
-  color: color-mix(in srgb, var(--text) 88%, var(--muted));
+.provider .meta {
+  display: flex;
+  flex-direction: column;
+  min-width: 0;
 }
 
-.card p {
-  margin: 0;
-  color: var(--muted);
-  font-size: 13.5px;
+.provider .name {
+  font-size: 14px;
+  font-weight: 500;
+  line-height: 1.2;
+  color: var(--ink-1);
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
 }
 
-.foot {
-  margin-top: 22px;
-  text-align: center;
-  color: var(--muted);
-  font-size: 13px;
+.provider .auth {
+  font-size: 12px;
+  color: var(--ink-2);
+  margin-top: 3px;
+  letter-spacing: 0;
 }
 
-.links-row {
-  margin-top: 14px;
-  display: flex;
-  gap: 10px;
-  flex-wrap: wrap;
-  justify-content: center;
+.provider.add {
+  border-style: dashed;
+  background: transparent;
 }
 
-.link-pill {
-  padding: 8px 12px;
-  border-radius: 999px;
+.provider.add:hover {
+  border-color: var(--ink-2);
+  box-shadow: none;
+}
+
+.provider.add .chip {
+  background: transparent;
+  color: var(--ink-2);
+  box-shadow: inset 0 0 0 1px var(--line-strong);
+  font-weight: 400;
+  font-size: 22px;
+}
+
+.showcase {
+  display: grid;
+  grid-template-columns: 1.05fr 1fr;
+  gap: 48px;
+  align-items: center;
+  padding-top: 8px;
+  padding-bottom: 64px;
+}
+
+.showcase .shot {
+  margin: 0;
+}
+
+.showcase .shot img {
+  width: 100%;
+  height: auto;
+  border-radius: var(--radius);
   border: 1px solid var(--line);
-  background: color-mix(in srgb, var(--panel-solid) 24%, transparent);
-  font-size: 13px;
+  box-shadow: 0 18px 50px rgba(0, 0, 0, 0.18);
+  background: var(--bg-elev);
 }
 
-.foot a {
-  text-decoration: underline;
-  text-decoration-color: color-mix(in srgb, var(--muted) 45%, transparent);
+.showcase .features {
+  display: grid;
+  grid-template-columns: 1fr;
+  gap: 20px;
 }
 
-[data-animate] {
-  opacity: 0;
-  transform: translateY(10px);
-  animation: rise 680ms cubic-bezier(0.2, 0.9, 0.2, 1) forwards;
-  animation-delay: calc(var(--d, 0) * 90ms);
+.showcase .features article {
+  padding-left: 14px;
+  border-left: 2px solid var(--line);
 }
 
-[data-animate="1"] {
-  --d: 1;
+.showcase .features article h3 {
+  margin: 0 0 4px;
+  font-size: 15px;
+  font-weight: 600;
 }
 
-[data-animate="2"] {
-  --d: 2;
+.showcase .features article p {
+  margin: 0;
+  color: var(--ink-2);
+  font-size: 14.5px;
+  line-height: 1.5;
 }
 
-[data-animate="3"] {
-  --d: 3;
+.detail {
+  display: grid;
+  grid-template-columns: repeat(2, 1fr);
+  gap: 12px;
+  padding-bottom: 56px;
 }
 
-[data-animate="4"] {
-  --d: 4;
+.detail .block {
+  border: 1px solid var(--line);
+  border-radius: var(--radius);
+  padding: 18px;
+  background: color-mix(in srgb, var(--bg-elev) 82%, transparent);
+  backdrop-filter: blur(8px) saturate(140%);
+  -webkit-backdrop-filter: blur(8px) saturate(140%);
 }
 
-[data-animate="5"] {
-  --d: 5;
+.detail .block h3 {
+  margin: 0 0 6px;
+  font-size: 14px;
+  font-weight: 600;
 }
 
-[data-animate="6"] {
-  --d: 6;
+.detail .block p {
+  margin: 0;
+  color: var(--ink-2);
+  font-size: 14px;
+  line-height: 1.5;
 }
 
-[data-animate="7"] {
-  --d: 7;
+.detail .block code,
+.lede .brew code {
+  background: var(--bg-elev-2);
+  padding: 2px 6px;
+  border-radius: 5px;
 }
 
-[data-animate="8"] {
-  --d: 8;
+.lede .brew code {
+  background: none;
+  padding: 0;
 }
 
-@keyframes rise {
-  to {
-    opacity: 1;
-    transform: translateY(0);
-  }
+.lede a,
+.showcase a,
+.detail a,
+.foot a {
+  color: var(--link);
+  text-decoration: underline;
+  text-decoration-color: color-mix(in srgb, var(--link) 35%, transparent);
+  text-underline-offset: 2px;
 }
 
-@media (prefers-reduced-motion: reduce) {
-  [data-animate] {
-    animation: none;
-    opacity: 1;
-    transform: none;
-  }
-  .btn,
-  .shot img {
-    transition: none;
-  }
+.lede a:hover,
+.showcase a:hover,
+.detail a:hover,
+.foot a:hover {
+  text-decoration-color: var(--link);
+}
+
+.foot {
+  padding-top: 22px;
+  padding-bottom: 36px;
+  margin-top: 8px;
+  border-top: 1px solid var(--line);
+  text-align: center;
+  color: var(--ink-3);
+  font-size: 13px;
 }
 
-@media (max-width: 860px) {
-  .top {
+.foot p {
+  margin: 0;
+}
+
+@media (max-width: 720px) {
+  .masthead,
+  .lede,
+  .providers,
+  .showcase,
+  .detail,
+  .foot {
+    padding-left: 18px;
+    padding-right: 18px;
+  }
+  .masthead {
+    padding-top: 16px;
+    padding-bottom: 16px;
+  }
+  .nav {
+    gap: 8px;
+  }
+  .nav-link {
+    display: none;
+  }
+  .theme-toggle {
+    width: 34px;
+    height: 34px;
+  }
+  .nav .btn {
+    padding-left: 12px;
+    padding-right: 12px;
+  }
+  .lede {
+    padding-top: 28px;
+    padding-bottom: 40px;
+  }
+  .lede h1 {
+    font-size: 32px;
+    max-width: 11ch;
+  }
+  .lede .dek {
+    font-size: 16px;
+    max-width: 30ch;
+  }
+  .section-head h2 {
+    font-size: 23px;
+  }
+  .section-head p {
+    max-width: 30ch;
+  }
+  .lede .actions {
     flex-direction: column;
-    align-items: flex-start;
+    align-items: stretch;
+  }
+  .lede .actions .btn {
+    width: 100%;
+  }
+  .brew {
+    width: 100%;
+  }
+  .grid {
+    grid-template-columns: 1fr;
   }
-  .hero {
+  .showcase {
     grid-template-columns: 1fr;
+    gap: 28px;
   }
-  .details {
+  .detail {
     grid-template-columns: 1fr;
   }
-  .shot img {
+}
+
+@media (prefers-reduced-motion: reduce) {
+  .btn,
+  .provider {
+    transition: none;
+  }
+  .provider:hover,
+  .btn:hover {
     transform: none;
   }
+  .lede h1 .grad {
+    animation: none;
+  }
 }
diff --git a/docs/social.html b/docs/social.html
new file mode 100644
index 000000000..9d2a19bae
--- /dev/null
+++ b/docs/social.html
@@ -0,0 +1,241 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>CodexBar social card</title>
+    <style>
+      html, body { margin: 0; padding: 0; }
+      body {
+        width: 1200px;
+        height: 630px;
+        font-family: -apple-system, BlinkMacSystemFont, "SF Pro Text", "Inter", sans-serif;
+        background: #0a0a0c;
+        color: #f0f0f3;
+        overflow: hidden;
+        position: relative;
+        -webkit-font-smoothing: antialiased;
+      }
+
+      /* Aurora layer — static radial blobs matching the site */
+      .aurora {
+        position: absolute;
+        inset: 0;
+        z-index: 0;
+        overflow: hidden;
+      }
+      .blob {
+        position: absolute;
+        border-radius: 50%;
+        filter: blur(70px);
+      }
+      .b1 { width: 640px; height: 640px; left: -120px; top: -160px;
+            background: radial-gradient(circle at 50% 50%, #ff7a1a 0%, rgba(255,122,26,0) 60%);
+            opacity: 0.85; }
+      .b2 { width: 620px; height: 620px; right: -120px; top: -120px;
+            background: radial-gradient(circle at 50% 50%, #6e5aff 0%, rgba(110,90,255,0) 60%);
+            opacity: 0.85; }
+      .b3 { width: 520px; height: 520px; left: 380px; top: 240px;
+            background: radial-gradient(circle at 50% 50%, #16d3b4 0%, rgba(22,211,180,0) 60%);
+            opacity: 0.55; }
+      .b4 { width: 460px; height: 460px; right: 80px; top: 320px;
+            background: radial-gradient(circle at 50% 50%, #ff3d8b 0%, rgba(255,61,139,0) 60%);
+            opacity: 0.55; }
+
+      /* Dot grid with radial mask */
+      .grid-bg {
+        position: absolute;
+        inset: 0;
+        z-index: 1;
+        pointer-events: none;
+        background-image:
+          linear-gradient(rgba(255, 255, 255, 0.05) 1px, transparent 1px),
+          linear-gradient(90deg, rgba(255, 255, 255, 0.05) 1px, transparent 1px);
+        background-size: 28px 28px;
+        background-position: -1px -1px;
+        -webkit-mask-image: radial-gradient(ellipse 90% 80% at 50% 0%, black, transparent 78%);
+                mask-image: radial-gradient(ellipse 90% 80% at 50% 0%, black, transparent 78%);
+      }
+
+      /* Subtle noise texture */
+      .noise {
+        position: absolute;
+        inset: 0;
+        z-index: 2;
+        pointer-events: none;
+        opacity: 0.35;
+        mix-blend-mode: soft-light;
+        background-image: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' width='160' height='160'><filter id='n'><feTurbulence type='fractalNoise' baseFrequency='0.9' numOctaves='2' stitchTiles='stitch'/><feColorMatrix values='0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.55 0'/></filter><rect width='100%25' height='100%25' filter='url(%23n)'/></svg>");
+      }
+
+      .frame {
+        position: relative;
+        z-index: 3;
+        padding: 44px 56px 40px;
+        height: 100%;
+        display: flex;
+        flex-direction: column;
+        gap: 20px;
+        box-sizing: border-box;
+      }
+
+      .top {
+        display: flex;
+        align-items: center;
+        justify-content: space-between;
+      }
+      .brand {
+        display: flex;
+        align-items: center;
+        gap: 12px;
+        font-size: 19px;
+        font-weight: 600;
+        letter-spacing: 0;
+      }
+      .brand img { width: 32px; height: 32px; border-radius: 8px; }
+      .url {
+        font-size: 15px;
+        color: #b6bdc6;
+        letter-spacing: 0.04em;
+        text-transform: lowercase;
+        padding: 6px 14px;
+        border: 1px solid rgba(255, 255, 255, 0.14);
+        border-radius: 999px;
+        background: rgba(255, 255, 255, 0.04);
+      }
+
+      h1 {
+        margin: 0;
+        font-size: 60px;
+        line-height: 1.02;
+        letter-spacing: -0.028em;
+        font-weight: 600;
+        max-width: 22ch;
+      }
+      h1 .grad {
+        background-image: linear-gradient(100deg, #ff7a1a 0%, #ff3d8b 32%, #6e5aff 62%, #16d3b4 100%);
+        -webkit-background-clip: text;
+                background-clip: text;
+        color: transparent;
+      }
+      .sub {
+        margin: 12px 0 0;
+        font-size: 20px;
+        color: #b6bdc6;
+        letter-spacing: -0.005em;
+      }
+      .sub strong { color: #f0f0f3; font-weight: 600; }
+      .sub .dot { color: #5b6068; padding: 0 10px; }
+
+      .grid {
+        list-style: none;
+        margin: 0;
+        padding: 0;
+        display: grid;
+        grid-template-columns: repeat(8, 1fr);
+        gap: 8px;
+        align-content: end;
+      }
+      .grid li { margin: 0; }
+
+      .tile {
+        --ink: #fff;
+        display: flex;
+        align-items: center;
+        gap: 8px;
+        padding: 7px 9px;
+        border: 1px solid rgba(255, 255, 255, 0.08);
+        border-radius: 10px;
+        background: rgba(19, 20, 24, 0.72);
+        height: 50px;
+        backdrop-filter: blur(6px) saturate(140%);
+        -webkit-backdrop-filter: blur(6px) saturate(140%);
+        box-shadow: 0 1px 0 rgba(255, 255, 255, 0.04) inset;
+      }
+      .chip {
+        width: 34px;
+        height: 34px;
+        border-radius: 8px;
+        display: grid;
+        place-items: center;
+        background: var(--brand);
+        color: var(--ink);
+        font-weight: 700;
+        font-size: 17px;
+        letter-spacing: -0.02em;
+        flex-shrink: 0;
+        box-shadow:
+          inset 0 1px 0 rgba(255, 255, 255, 0.22),
+          inset 0 -1px 0 rgba(0, 0, 0, 0.18);
+      }
+      .name {
+        font-size: 13px;
+        font-weight: 500;
+        line-height: 1.15;
+        color: #f0f0f3;
+        white-space: nowrap;
+        overflow: hidden;
+        text-overflow: ellipsis;
+      }
+    </style>
+  </head>
+  <body>
+    <div class="aurora">
+      <span class="blob b1"></span>
+      <span class="blob b2"></span>
+      <span class="blob b3"></span>
+      <span class="blob b4"></span>
+    </div>
+    <div class="grid-bg"></div>
+    <div class="noise"></div>
+
+    <div class="frame">
+      <div class="top">
+        <div class="brand">
+          <img src="./icon.png" alt="" />
+          <span>CodexBar</span>
+        </div>
+        <div class="url">codexbar.app</div>
+      </div>
+
+      <div>
+        <h1>Every AI coding limit, <span class="grad">in your menu&nbsp;bar.</span></h1>
+        <p class="sub"><strong>40+ providers</strong><span class="dot">·</span>usage windows, credits, resets<span class="dot">·</span>one status item each, or merged.</p>
+      </div>
+
+      <ul class="grid">
+        <li><div class="tile" style="--brand:#49A3B0"><div class="chip">C</div><div class="name">Codex</div></div></li>
+        <li><div class="tile" style="--brand:#CC7C5E"><div class="chip">C</div><div class="name">Claude</div></div></li>
+        <li><div class="tile" style="--brand:#1A1A1A"><div class="chip">C</div><div class="name">Cursor</div></div></li>
+        <li><div class="tile" style="--brand:#3B82F6"><div class="chip">O</div><div class="name">OpenCode</div></div></li>
+        <li><div class="tile" style="--brand:#FF6A00"><div class="chip">A</div><div class="name">Alibaba</div></div></li>
+        <li><div class="tile" style="--brand:#AB87EA"><div class="chip">G</div><div class="name">Gemini</div></div></li>
+        <li><div class="tile" style="--brand:#60BA7E"><div class="chip">A</div><div class="name">Antigravity</div></div></li>
+
+        <li><div class="tile" style="--brand:#FF6B35"><div class="chip">D</div><div class="name">Droid</div></div></li>
+        <li><div class="tile" style="--brand:#A855F7"><div class="chip">C</div><div class="name">Copilot</div></div></li>
+        <li><div class="tile" style="--brand:#E85A6A"><div class="chip">z</div><div class="name">z.ai</div></div></li>
+        <li><div class="tile" style="--brand:#FE6060"><div class="chip">M</div><div class="name">MiniMax</div></div></li>
+        <li><div class="tile" style="--brand:#FE603C"><div class="chip">K</div><div class="name">Kimi</div></div></li>
+        <li><div class="tile" style="--brand:#4C00FF"><div class="chip">K</div><div class="name">Kimi K2 Legacy</div></div></li>
+        <li><div class="tile" style="--brand:#F27027"><div class="chip">K</div><div class="name">Kilo</div></div></li>
+        <li><div class="tile" style="--brand:#FF9900;--ink:#0a0a0c"><div class="chip">K</div><div class="name">Kiro</div></div></li>
+
+        <li><div class="tile" style="--brand:#4285F4"><div class="chip">V</div><div class="name">Vertex AI</div></div></li>
+        <li><div class="tile" style="--brand:#6366F1"><div class="chip">A</div><div class="name">Augment</div></div></li>
+        <li><div class="tile" style="--brand:#DC2626"><div class="chip">A</div><div class="name">Amp</div></div></li>
+        <li><div class="tile" style="--brand:#888888"><div class="chip">O</div><div class="name">Ollama</div></div></li>
+        <li><div class="tile" style="--brand:#141414"><div class="chip">S</div><div class="name">Synthetic</div></div></li>
+        <li><div class="tile" style="--brand:#FF3399"><div class="chip">J</div><div class="name">JetBrains AI</div></div></li>
+        <li><div class="tile" style="--brand:#7B68EE"><div class="chip">W</div><div class="name">Warp</div></div></li>
+        <li><div class="tile" style="--brand:#EAEAE6;--ink:#0a0a0c"><div class="chip">E</div><div class="name">ElevenLabs</div></div></li>
+        <li><div class="tile" style="--brand:#6467F2"><div class="chip">O</div><div class="name">OpenRouter</div></div></li>
+
+        <li><div class="tile" style="--brand:#20B2AA"><div class="chip">P</div><div class="name">Perplexity</div></div></li>
+        <li><div class="tile" style="--brand:#38BDF8"><div class="chip">A</div><div class="name">Abacus AI</div></div></li>
+        <li><div class="tile" style="--brand:#FF500F"><div class="chip">M</div><div class="name">Mistral</div></div></li>
+        <li><div class="tile" style="--brand:#527DF0"><div class="chip">D</div><div class="name">DeepSeek</div></div></li>
+        <li><div class="tile" style="--brand:#44C800;--ink:#0a0a0c"><div class="chip">C</div><div class="name">Codebuff</div></div></li>
+      </ul>
+    </div>
+  </body>
+</html>
diff --git a/docs/social.png b/docs/social.png
new file mode 100644
index 000000000..9a0012bac
Binary files /dev/null and b/docs/social.png differ
diff --git a/docs/solutions/performance-issues/openai-web-extras-default-off-codexbar-20260307.md b/docs/solutions/performance-issues/openai-web-extras-default-off-codexbar-20260307.md
new file mode 100644
index 000000000..8636edb3f
--- /dev/null
+++ b/docs/solutions/performance-issues/openai-web-extras-default-off-codexbar-20260307.md
@@ -0,0 +1,67 @@
+---
+module: CodexBar
+date: 2026-03-07
+problem_type: performance_issue
+component: tooling
+symptoms:
+  - "Hidden chatgpt.com web content could spike to extremely high Energy Impact values in Activity Monitor"
+  - "CodexBar battery usage stayed abnormally high even when the app appeared idle"
+  - "Users did not realize optional OpenAI web extras were enabled by default"
+root_cause: wrong_api
+resolution_type: config_change
+severity: high
+tags: [codexbar, battery-drain, openai-web, webview, chatgpt, defaults]
+---
+
+# Troubleshooting: Default OpenAI Web Extras Off
+
+## Problem
+CodexBar exposed optional OpenAI dashboard extras through a hidden `chatgpt.com` WebView, but the feature was enabled by default. That created a mismatch between user expectations for a lightweight menu bar app and the real cost of running a hidden single-page web app in the background.
+
+## Environment
+- Module: CodexBar
+- Affected component: Codex OpenAI web extras
+- Date: 2026-03-07
+
+## Symptoms
+- Activity Monitor showed extreme energy usage attributed to `https://chatgpt.com` under the CodexBar process tree.
+- Users observed battery drain that was out of proportion to the visible work the app was doing.
+- The optional setting existed, but it was easy to miss, so affected users often did not know they could disable it.
+
+## What Didn't Work
+
+**Attempted solution 1:** Throttle failed OpenAI dashboard refresh attempts and evict cached WebViews more aggressively.
+- **Why it failed:** This reduced the runaway failure loop, but it did not change the product default. Users could still pay the cost of a hidden ChatGPT dashboard without explicitly opting into it.
+
+**Attempted solution 2:** Keep the feature enabled by default and rely on a visible opt-out toggle.
+- **Why it failed:** The battery and network cost was too high for a background utility. An opt-out-only design still left many users exposed to behavior they did not expect or understand.
+
+## Solution
+Change OpenAI web extras to be off by default for new installs while preserving existing explicit configurations.
+
+**Code changes**
+- `SettingsStore` now defaults `openAIWebAccessEnabled` to `false` when no prior preference exists.
+- `SettingsStore` now defaults `openAIWebBatterySaverEnabled` to `false`; users can still opt into reduced routine OpenAI web refreshes separately.
+- Existing users with an explicit Codex cookie configuration are inferred as enabled so upgrades do not silently break working setups.
+- The Codex settings copy now describes the feature as optional and warns about battery and network cost.
+- Documentation now labels the OpenAI web dashboard path as optional and off by default.
+
+## Why This Works
+The root problem was not that the app had a toggle. The root problem was that an optional feature with heavyweight implementation details was enabled by default.
+
+The OpenAI web extras path uses a hidden `WKWebView` against `chatgpt.com` to gather dashboard-only data. That mechanism is fundamentally more expensive than the main Codex data paths, which already provide the normal information users expect from the app: session usage, weekly usage, reset timers, account identity, plan label, and normal credits remaining.
+
+Making the feature opt-in aligns the default behavior with the actual technical cost:
+1. The normal Codex card continues to work without the hidden ChatGPT dashboard.
+2. Users only incur the WebView cost if they deliberately choose the extra dashboard data.
+3. Existing users with a configured Codex web setup keep their behavior on upgrade instead of being silently broken.
+
+## Prevention
+- Do not default-enable optional features that load heavyweight hidden web content in a background utility.
+- If a feature depends on a hidden SPA or WebView, require explicit user opt-in unless it is essential to core functionality.
+- Prefer direct API or cookie-backed HTTP requests over hidden browser automation for background data collection.
+- Surface the operational cost of optional features in the settings copy, not only in debug notes or issue threads.
+
+## Related Issues
+- See also: [perf-energy-issue-139-simulation-report-2026-02-19.md](../../perf-energy-issue-139-simulation-report-2026-02-19.md)
+- See also: [perf-energy-issue-139-main-fix-validation-2026-02-19.md](../../perf-energy-issue-139-main-fix-validation-2026-02-19.md)
diff --git a/docs/sparkle.md b/docs/sparkle.md
index 5aeed10d1..3f43c0bc3 100644
--- a/docs/sparkle.md
+++ b/docs/sparkle.md
@@ -17,7 +17,7 @@ read_when:
 - Channels: stable vs beta are served from the same appcast. Beta items are tagged with `sparkle:channel="beta"`; About → Update Channel controls `allowedChannels`.
 
 ## Release flow
-1) Build & notarize as usual (`./Scripts/sign-and-notarize.sh`), producing notarized `CodexBar-<ver>.zip`.
+1) Build & notarize as usual (`./Scripts/sign-and-notarize.sh`), producing notarized `CodexBar-macos-universal-<ver>.zip`.
 2) Generate appcast entry with Sparkle `generate_appcast` using the Ed25519 private key; HTML release notes come from `CHANGELOG.md` via `Scripts/changelog-to-html.sh`. For beta releases: set `SPARKLE_CHANNEL=beta` to tag the entry.
 3) Upload `appcast.xml` + zip to GitHub Releases (feed URL stays stable).
 4) Tag/release.
diff --git a/docs/stepfun.md b/docs/stepfun.md
new file mode 100644
index 000000000..cba78d33d
--- /dev/null
+++ b/docs/stepfun.md
@@ -0,0 +1,57 @@
+---
+summary: "StepFun provider data sources: username + password login for Step Plan rate limits and subscription plan name."
+read_when:
+  - Adding or tweaking StepFun rate limit parsing
+  - Updating StepFun login flow
+  - Documenting new provider behavior
+---
+
+# StepFun provider
+
+StepFun (阶跃星辰) is a web-based provider. Usage data comes from the Step Plan rate limit API,
+authenticated via an Oasis-Token obtained through a username + password login flow.
+
+## Data sources
+
+1. **Authentication** — Three methods (in priority order):
+   - **Auto mode**: Username + password entered in Settings → Providers → StepFun.
+     CodexBar performs a 3-step login flow to obtain an Oasis-Token:
+       1. `GET https://platform.stepfun.com` → `INGRESSCOOKIE`
+       2. `POST …/RegisterDevice` → anonymous token
+       3. `POST …/SignInByPassword` → authenticated Oasis-Token
+     The token is cached in Keychain-backed `CookieHeaderCache` and reused until it expires.
+   - **Manual mode**: Paste an Oasis-Token directly in Settings → Providers → StepFun.
+   - **Environment variables**: `STEPFUN_USERNAME` + `STEPFUN_PASSWORD`, or `STEPFUN_TOKEN`.
+
+2. **Rate limit endpoint**
+   - `POST https://platform.stepfun.com/api/step.openapi.devcenter.Dashboard/QueryStepPlanRateLimit`
+   - Request headers: `Cookie: Oasis-Token=<token>`, `Content-Type: application/json`
+   - Response fields:
+     - `five_hour_usage_left_rate` — remaining fraction for the 5-hour window (e.g. `0.99781543`)
+     - `weekly_usage_left_rate` — remaining fraction for the weekly window
+     - `five_hour_usage_reset_time` — reset timestamp (string or integer)
+     - `weekly_usage_reset_time` — reset timestamp (string or integer)
+
+3. **Plan status endpoint**
+   - `POST https://platform.stepfun.com/api/step.openapi.devcenter.Dashboard/GetStepPlanStatus`
+   - Same auth headers as above
+   - Response → `subscription.name` → plan name (e.g. "Plus", "Mini")
+   - If this request fails, usage data is still displayed without a plan name.
+
+## Usage details
+
+- **Primary window** (top bar): 5-hour rate limit (300 minutes).
+- **Secondary window** (bottom bar): weekly rate limit (10 080 minutes).
+- `usedPercent` is computed as `(1.0 - left_rate) × 100`.
+- Plan name is shown as the `loginMethod` label in the menu card (e.g. "Plus").
+- When auth source is set to **Off**, no background refreshes occur.
+- Token expiry triggers automatic re-login (cache is cleared and the 3-step flow runs again).
+
+## Key files
+
+- `Sources/CodexBarCore/Providers/StepFun/StepFunProviderDescriptor.swift` (descriptor + web fetch strategy)
+- `Sources/CodexBarCore/Providers/StepFun/StepFunUsageFetcher.swift` (login flow + HTTP client + JSON parser)
+- `Sources/CodexBarCore/Providers/StepFun/StepFunSettingsReader.swift` (env var resolution)
+- `Sources/CodexBar/Providers/StepFun/StepFunProviderImplementation.swift` (settings fields + activation logic)
+- `Sources/CodexBar/Providers/StepFun/StepFunSettingsStore.swift` (SettingsStore extension)
+- `Tests/CodexBarTests/StepFunUsageFetcherTests.swift` (22 test cases)
diff --git a/docs/superpowers/plans/2026-05-11-kilo-organization-selection.md b/docs/superpowers/plans/2026-05-11-kilo-organization-selection.md
new file mode 100644
index 000000000..2df89078b
--- /dev/null
+++ b/docs/superpowers/plans/2026-05-11-kilo-organization-selection.md
@@ -0,0 +1,1482 @@
+# Kilo Organization Selection Implementation Plan
+
+> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
+
+**Goal:** Let CodexBar users opt in to one or more Kilo organizations from Preferences → Providers → Kilo. Enabled orgs render as stacked cards alongside their personal account in the Kilo menu.
+
+**Architecture:** Add `KiloUsageScope` and `KiloOrganization` types in `CodexBarCore`. Inject `X-KILOCODE-ORGANIZATIONID` header in `KiloUsageFetcher` when a scope is `.organization`. Persist known orgs and enabled-ids in `ProviderConfig` JSON. Mirror the existing tokenAccounts pattern in `UsageStore` to fan out a fetch per enabled scope and store stacked snapshots. Render via the existing stacked-snapshot menu pipeline by surfacing a Kilo-scoped accounts adapter.
+
+**Tech Stack:** Swift 6, SwiftUI, Swift Testing (`@Test`), `swift build` / `swift test` / `make check`, GitHub CLI for PR.
+
+**Spec:** `docs/superpowers/specs/2026-05-11-kilo-organization-selection-design.md`
+
+---
+
+## Pre-flight (lead-only — do BEFORE dispatching tasks)
+
+- [ ] **Step 0.1: Confirm clean working tree on `main`**
+
+```bash
+git status
+```
+
+Expected output: `nothing to commit, working tree clean` on branch `main` (the spec commit `c24e58a4` is already in).
+
+- [ ] **Step 0.2: Create feature branch**
+
+```bash
+git switch -c feat/kilo-organization-selection
+```
+
+- [ ] **Step 0.3: Verify Swift toolchain and tests baseline**
+
+```bash
+swift build 2>&1 | tail -5
+swift test --filter KiloUsageFetcherTests 2>&1 | tail -10
+```
+
+Expected: build succeeds, KiloUsageFetcher tests pass.
+
+---
+
+## Task 1: Add `KiloOrganization` data type
+
+**Files:**
+- Create: `Sources/CodexBarCore/Providers/Kilo/KiloOrganization.swift`
+- Create: `Tests/CodexBarTests/KiloOrganizationTests.swift`
+
+- [ ] **Step 1.1: Write the failing test**
+
+Create `Tests/CodexBarTests/KiloOrganizationTests.swift`:
+
+```swift
+import Foundation
+import Testing
+@testable import CodexBarCore
+
+struct KiloOrganizationTests {
+    @Test
+    func `decodes from canonical Kilo profile payload`() throws {
+        let json = #"""
+        { "id": "org_123", "name": "Acme Corp", "role": "owner" }
+        """#
+        let data = Data(json.utf8)
+        let org = try JSONDecoder().decode(KiloOrganization.self, from: data)
+        #expect(org.id == "org_123")
+        #expect(org.name == "Acme Corp")
+        #expect(org.role == "owner")
+    }
+
+    @Test
+    func `decodes when role missing`() throws {
+        let json = #"""
+        { "id": "org_xyz", "name": "No Role Org" }
+        """#
+        let data = Data(json.utf8)
+        let org = try JSONDecoder().decode(KiloOrganization.self, from: data)
+        #expect(org.role == nil)
+    }
+
+    @Test
+    func `equality covers all stored fields`() {
+        let a = KiloOrganization(id: "org_1", name: "A", role: "member")
+        let b = KiloOrganization(id: "org_1", name: "A", role: "member")
+        let differentRole = KiloOrganization(id: "org_1", name: "A", role: "owner")
+        #expect(a == b)
+        #expect(a != differentRole)
+    }
+}
+```
+
+- [ ] **Step 1.2: Run test to verify it fails**
+
+```bash
+swift test --filter KiloOrganizationTests 2>&1 | tail -10
+```
+
+Expected: compile error "cannot find 'KiloOrganization' in scope".
+
+- [ ] **Step 1.3: Create the type**
+
+Create `Sources/CodexBarCore/Providers/Kilo/KiloOrganization.swift`:
+
+```swift
+import Foundation
+
+public struct KiloOrganization: Codable, Sendable, Equatable, Hashable, Identifiable {
+    public let id: String
+    public let name: String
+    public let role: String?
+
+    public init(id: String, name: String, role: String? = nil) {
+        self.id = id
+        self.name = name
+        self.role = role
+    }
+}
+```
+
+- [ ] **Step 1.4: Run tests, verify pass**
+
+```bash
+swift test --filter KiloOrganizationTests 2>&1 | tail -10
+```
+
+Expected: all 3 tests pass.
+
+- [ ] **Step 1.5: Commit**
+
+```bash
+git add Sources/CodexBarCore/Providers/Kilo/KiloOrganization.swift \
+        Tests/CodexBarTests/KiloOrganizationTests.swift
+git commit -m "feat(kilo): add KiloOrganization model"
+```
+
+---
+
+## Task 2: Add `KiloUsageScope` enum
+
+**Files:**
+- Create: `Sources/CodexBarCore/Providers/Kilo/KiloUsageScope.swift`
+- Modify: `Tests/CodexBarTests/KiloOrganizationTests.swift`
+
+- [ ] **Step 2.1: Append failing tests**
+
+Append to `Tests/CodexBarTests/KiloOrganizationTests.swift`:
+
+```swift
+struct KiloUsageScopeTests {
+    @Test
+    func `personal scope identifier is stable`() {
+        let scope: KiloUsageScope = .personal
+        #expect(scope.scopeIdentifier == "personal")
+    }
+
+    @Test
+    func `organization scope identifier prefixes id`() {
+        let scope: KiloUsageScope = .organization(id: "org_42", name: "Acme")
+        #expect(scope.scopeIdentifier == "org:org_42")
+    }
+
+    @Test
+    func `organizationID is nil for personal`() {
+        #expect(KiloUsageScope.personal.organizationID == nil)
+    }
+
+    @Test
+    func `organizationID returns id for organization`() {
+        let scope: KiloUsageScope = .organization(id: "org_42", name: "Acme")
+        #expect(scope.organizationID == "org_42")
+    }
+
+    @Test
+    func `displayName falls back to Personal for personal`() {
+        #expect(KiloUsageScope.personal.displayName == "Personal")
+    }
+
+    @Test
+    func `displayName uses org name for organization`() {
+        let scope: KiloUsageScope = .organization(id: "org_42", name: "Acme")
+        #expect(scope.displayName == "Acme")
+    }
+}
+```
+
+- [ ] **Step 2.2: Run test, verify it fails**
+
+```bash
+swift test --filter KiloUsageScopeTests 2>&1 | tail -10
+```
+
+Expected: compile error "cannot find 'KiloUsageScope' in scope".
+
+- [ ] **Step 2.3: Create the type**
+
+Create `Sources/CodexBarCore/Providers/Kilo/KiloUsageScope.swift`:
+
+```swift
+import Foundation
+
+public enum KiloUsageScope: Sendable, Hashable, Equatable {
+    case personal
+    case organization(id: String, name: String)
+
+    public var scopeIdentifier: String {
+        switch self {
+        case .personal:
+            "personal"
+        case let .organization(id, _):
+            "org:\(id)"
+        }
+    }
+
+    public var organizationID: String? {
+        switch self {
+        case .personal:
+            nil
+        case let .organization(id, _):
+            id
+        }
+    }
+
+    public var displayName: String {
+        switch self {
+        case .personal:
+            "Personal"
+        case let .organization(_, name):
+            name
+        }
+    }
+}
+```
+
+- [ ] **Step 2.4: Run tests, verify pass**
+
+```bash
+swift test --filter KiloUsageScopeTests 2>&1 | tail -10
+```
+
+Expected: all 6 tests pass.
+
+- [ ] **Step 2.5: Commit**
+
+```bash
+git add Sources/CodexBarCore/Providers/Kilo/KiloUsageScope.swift \
+        Tests/CodexBarTests/KiloOrganizationTests.swift
+git commit -m "feat(kilo): add KiloUsageScope enum"
+```
+
+---
+
+## Task 3: Inject org header in `KiloUsageFetcher.fetchUsage`
+
+**Files:**
+- Modify: `Sources/CodexBarCore/Providers/Kilo/KiloUsageFetcher.swift`
+- Modify: `Tests/CodexBarTests/KiloUsageFetcherTests.swift`
+
+- [ ] **Step 3.1: Append failing test for header injection**
+
+Append the following inside `struct KiloUsageFetcherTests` in `Tests/CodexBarTests/KiloUsageFetcherTests.swift`:
+
+```swift
+    @Test
+    func `request builder adds org header for organization scope`() throws {
+        let baseURL = try #require(URL(string: "https://kilo.example/trpc"))
+        let request = try KiloUsageFetcher._buildRequestForTesting(
+            baseURL: baseURL,
+            apiKey: "test-token",
+            scope: .organization(id: "org_42", name: "Acme"))
+        #expect(request.value(forHTTPHeaderField: "X-KILOCODE-ORGANIZATIONID") == "org_42")
+        #expect(request.value(forHTTPHeaderField: "Authorization") == "Bearer test-token")
+    }
+
+    @Test
+    func `request builder omits org header for personal scope`() throws {
+        let baseURL = try #require(URL(string: "https://kilo.example/trpc"))
+        let request = try KiloUsageFetcher._buildRequestForTesting(
+            baseURL: baseURL,
+            apiKey: "test-token",
+            scope: .personal)
+        #expect(request.value(forHTTPHeaderField: "X-KILOCODE-ORGANIZATIONID") == nil)
+        #expect(request.value(forHTTPHeaderField: "Authorization") == "Bearer test-token")
+    }
+```
+
+- [ ] **Step 3.2: Run test, verify it fails**
+
+```bash
+swift test --filter KiloUsageFetcherTests 2>&1 | tail -15
+```
+
+Expected: compile error — `_buildRequestForTesting` not found.
+
+- [ ] **Step 3.3: Refactor `KiloUsageFetcher` to accept scope and extract request builder**
+
+In `Sources/CodexBarCore/Providers/Kilo/KiloUsageFetcher.swift`:
+
+Replace the existing `public static func fetchUsage(apiKey:environment:)` signature (around line 258) with the scoped version, and extract the request building into a testable helper. The new code:
+
+```swift
+    public static func fetchUsage(
+        apiKey: String,
+        scope: KiloUsageScope = .personal,
+        environment: [String: String] = ProcessInfo.processInfo.environment) async throws -> KiloUsageSnapshot
+    {
+        guard !apiKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty else {
+            throw KiloUsageError.missingCredentials
+        }
+
+        let baseURL = KiloSettingsReader.apiURL(environment: environment)
+        let request = try self.makeRequest(baseURL: baseURL, apiKey: apiKey, scope: scope)
+
+        let data: Data
+        let response: URLResponse
+        do {
+            (data, response) = try await URLSession.shared.data(for: request)
+        } catch {
+            throw KiloUsageError.networkError(error.localizedDescription)
+        }
+
+        guard let httpResponse = response as? HTTPURLResponse else {
+            throw KiloUsageError.networkError("Invalid response")
+        }
+
+        if let mapped = self.statusError(for: httpResponse.statusCode) {
+            throw mapped
+        }
+
+        guard httpResponse.statusCode == 200 else {
+            throw KiloUsageError.apiError(httpResponse.statusCode)
+        }
+
+        return try self.parseSnapshot(data: data)
+    }
+
+    static func _buildRequestForTesting(
+        baseURL: URL,
+        apiKey: String,
+        scope: KiloUsageScope) throws -> URLRequest
+    {
+        try self.makeRequest(baseURL: baseURL, apiKey: apiKey, scope: scope)
+    }
+
+    private static func makeRequest(
+        baseURL: URL,
+        apiKey: String,
+        scope: KiloUsageScope) throws -> URLRequest
+    {
+        let batchURL = try self.makeBatchURL(baseURL: baseURL)
+        var request = URLRequest(url: batchURL)
+        request.httpMethod = "GET"
+        request.timeoutInterval = 15
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        if let orgId = scope.organizationID {
+            request.setValue(orgId, forHTTPHeaderField: "X-KILOCODE-ORGANIZATIONID")
+        }
+        return request
+    }
+```
+
+Then delete the old inline `var request = URLRequest(url: batchURL)` setup that lived in `fetchUsage` (it's now in `makeRequest`).
+
+- [ ] **Step 3.4: Run tests, verify pass**
+
+```bash
+swift test --filter KiloUsageFetcherTests 2>&1 | tail -15
+```
+
+Expected: all KiloUsageFetcher tests pass (existing + 2 new).
+
+- [ ] **Step 3.5: Commit**
+
+```bash
+git add Sources/CodexBarCore/Providers/Kilo/KiloUsageFetcher.swift \
+        Tests/CodexBarTests/KiloUsageFetcherTests.swift
+git commit -m "feat(kilo): scope KiloUsageFetcher.fetchUsage with org header"
+```
+
+---
+
+## Task 4: Add `fetchOrganizations` to `KiloUsageFetcher`
+
+**Files:**
+- Modify: `Sources/CodexBarCore/Providers/Kilo/KiloUsageFetcher.swift`
+- Modify: `Tests/CodexBarTests/KiloUsageFetcherTests.swift`
+
+- [ ] **Step 4.1: Append failing parse tests**
+
+Append inside `struct KiloUsageFetcherTests`:
+
+```swift
+    @Test
+    func `parseOrganizations decodes tRPC array shape`() throws {
+        let json = #"""
+        [
+          {
+            "result": {
+              "data": {
+                "json": [
+                  { "id": "org_1", "name": "Alpha", "role": "owner" },
+                  { "id": "org_2", "name": "Beta", "role": "member" }
+                ]
+              }
+            }
+          }
+        ]
+        """#
+        let orgs = try KiloUsageFetcher._parseOrganizationsForTesting(Data(json.utf8))
+        #expect(orgs.count == 2)
+        #expect(orgs[0].id == "org_1")
+        #expect(orgs[0].name == "Alpha")
+        #expect(orgs[0].role == "owner")
+        #expect(orgs[1].id == "org_2")
+        #expect(orgs[1].role == "member")
+    }
+
+    @Test
+    func `parseOrganizations decodes profile REST shape`() throws {
+        let json = #"""
+        {
+          "user": { "email": "test@example.com" },
+          "organizations": [
+            { "id": "org_42", "name": "Gamma" }
+          ]
+        }
+        """#
+        let orgs = try KiloUsageFetcher._parseOrganizationsForTesting(Data(json.utf8))
+        #expect(orgs.count == 1)
+        #expect(orgs[0].id == "org_42")
+        #expect(orgs[0].role == nil)
+    }
+
+    @Test
+    func `parseOrganizations returns empty for no orgs`() throws {
+        let json = #"""
+        { "user": { "email": "x@y" }, "organizations": [] }
+        """#
+        let orgs = try KiloUsageFetcher._parseOrganizationsForTesting(Data(json.utf8))
+        #expect(orgs.isEmpty)
+    }
+```
+
+- [ ] **Step 4.2: Run, verify fail**
+
+```bash
+swift test --filter KiloUsageFetcherTests 2>&1 | tail -10
+```
+
+Expected: compile error — `_parseOrganizationsForTesting` undefined.
+
+- [ ] **Step 4.3: Add organization fetching logic**
+
+Append to `Sources/CodexBarCore/Providers/Kilo/KiloUsageFetcher.swift` (inside the `KiloUsageFetcher` struct):
+
+```swift
+    public static func fetchOrganizations(
+        apiKey: String,
+        environment: [String: String] = ProcessInfo.processInfo.environment) async throws -> [KiloOrganization]
+    {
+        guard !apiKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty else {
+            throw KiloUsageError.missingCredentials
+        }
+
+        let baseURL = KiloSettingsReader.apiURL(environment: environment)
+        let trpcRequest = try self.makeOrgListTRPCRequest(baseURL: baseURL, apiKey: apiKey)
+
+        do {
+            let (data, response) = try await URLSession.shared.data(for: trpcRequest)
+            guard let httpResponse = response as? HTTPURLResponse else {
+                throw KiloUsageError.networkError("Invalid response")
+            }
+            if httpResponse.statusCode == 404 {
+                return try await self.fetchOrganizationsRESTFallback(apiKey: apiKey)
+            }
+            if let mapped = self.statusError(for: httpResponse.statusCode) {
+                throw mapped
+            }
+            return try self.parseOrganizations(data: data)
+        } catch let error as KiloUsageError {
+            throw error
+        } catch {
+            throw KiloUsageError.networkError(error.localizedDescription)
+        }
+    }
+
+    static func _parseOrganizationsForTesting(_ data: Data) throws -> [KiloOrganization] {
+        try self.parseOrganizations(data: data)
+    }
+
+    private static func makeOrgListTRPCRequest(
+        baseURL: URL,
+        apiKey: String) throws -> URLRequest
+    {
+        let endpoint = baseURL.appendingPathComponent("user.getOrganizations")
+        let inputData = try JSONSerialization.data(
+            withJSONObject: ["0": ["json": NSNull()]] as [String: Any])
+        guard let inputString = String(data: inputData, encoding: .utf8),
+              var components = URLComponents(url: endpoint, resolvingAgainstBaseURL: false) else {
+            throw KiloUsageError.parseFailed("Invalid org list endpoint")
+        }
+        components.queryItems = [
+            URLQueryItem(name: "batch", value: "1"),
+            URLQueryItem(name: "input", value: inputString),
+        ]
+        guard let url = components.url else {
+            throw KiloUsageError.parseFailed("Invalid org list endpoint")
+        }
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.timeoutInterval = 15
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        return request
+    }
+
+    private static func fetchOrganizationsRESTFallback(apiKey: String) async throws -> [KiloOrganization] {
+        guard let url = URL(string: "https://api.kilo.ai/api/profile") else {
+            throw KiloUsageError.parseFailed("Invalid REST fallback URL")
+        }
+        var request = URLRequest(url: url)
+        request.httpMethod = "GET"
+        request.timeoutInterval = 15
+        request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+
+        let (data, response) = try await URLSession.shared.data(for: request)
+        guard let httpResponse = response as? HTTPURLResponse else {
+            throw KiloUsageError.networkError("Invalid response")
+        }
+        if let mapped = self.statusError(for: httpResponse.statusCode) {
+            throw mapped
+        }
+        guard httpResponse.statusCode == 200 else {
+            throw KiloUsageError.apiError(httpResponse.statusCode)
+        }
+        return try self.parseOrganizations(data: data)
+    }
+
+    private static func parseOrganizations(data: Data) throws -> [KiloOrganization] {
+        guard let root = try? JSONSerialization.jsonObject(with: data) else {
+            throw KiloUsageError.parseFailed("Invalid JSON")
+        }
+
+        // tRPC batch shape: [ { result: { data: { json: [orgs] } } } ]
+        if let entries = root as? [[String: Any]],
+           let first = entries.first,
+           let resultObject = first["result"] as? [String: Any]
+        {
+            if let dataObject = resultObject["data"] as? [String: Any],
+               let payload = dataObject["json"] as? [[String: Any]]
+            {
+                return self.decodeOrganizations(payload)
+            }
+            if let payload = resultObject["data"] as? [[String: Any]] {
+                return self.decodeOrganizations(payload)
+            }
+        }
+
+        // REST profile shape: { user: ..., organizations: [orgs] }
+        if let dictionary = root as? [String: Any] {
+            if let orgs = dictionary["organizations"] as? [[String: Any]] {
+                return self.decodeOrganizations(orgs)
+            }
+            // Some single-procedure tRPC shapes flatten to { result: { data: { json: { organizations: [...] }}}}
+            if let resultObject = dictionary["result"] as? [String: Any],
+               let dataObject = resultObject["data"] as? [String: Any]
+            {
+                if let payload = dataObject["json"] as? [[String: Any]] {
+                    return self.decodeOrganizations(payload)
+                }
+                if let payload = dataObject["json"] as? [String: Any],
+                   let orgs = payload["organizations"] as? [[String: Any]]
+                {
+                    return self.decodeOrganizations(orgs)
+                }
+            }
+        }
+
+        return []
+    }
+
+    private static func decodeOrganizations(_ raw: [[String: Any]]) -> [KiloOrganization] {
+        raw.compactMap { item -> KiloOrganization? in
+            guard let id = item["id"] as? String, !id.isEmpty else { return nil }
+            let name = (item["name"] as? String).map {
+                $0.trimmingCharacters(in: .whitespacesAndNewlines)
+            } ?? id
+            let role = (item["role"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines)
+            let normalizedRole = (role?.isEmpty ?? true) ? nil : role
+            return KiloOrganization(id: id, name: name.isEmpty ? id : name, role: normalizedRole)
+        }
+    }
+```
+
+- [ ] **Step 4.4: Run tests, verify pass**
+
+```bash
+swift test --filter KiloUsageFetcherTests 2>&1 | tail -15
+```
+
+Expected: all 3 new parse tests pass plus prior tests.
+
+- [ ] **Step 4.5: Commit**
+
+```bash
+git add Sources/CodexBarCore/Providers/Kilo/KiloUsageFetcher.swift \
+        Tests/CodexBarTests/KiloUsageFetcherTests.swift
+git commit -m "feat(kilo): add fetchOrganizations with REST fallback"
+```
+
+---
+
+## Task 5: Extend `ProviderConfig` with `kiloOrganizations`
+
+**Files:**
+- Modify: `Sources/CodexBarCore/Config/CodexBarConfig.swift`
+- Tests: covered indirectly via Task 6 SettingsStore tests.
+
+- [ ] **Step 5.1: Add fields to `ProviderConfig`**
+
+In `Sources/CodexBarCore/Config/CodexBarConfig.swift`, inside `public struct ProviderConfig`:
+
+After the existing `public var quotaWarnings: QuotaWarningConfig?` line, add:
+
+```swift
+    public var kiloKnownOrganizations: [KiloOrganization]?
+    public var kiloEnabledOrganizationIDs: [String]?
+```
+
+Then extend the `init` signature with these matching parameters (defaulted to `nil`) and assign them in the body. Match the existing init ordering pattern — add the two new parameters at the bottom of the init parameter list:
+
+```swift
+    public init(
+        id: UsageProvider,
+        enabled: Bool? = nil,
+        source: ProviderSourceMode? = nil,
+        extrasEnabled: Bool? = nil,
+        apiKey: String? = nil,
+        cookieHeader: String? = nil,
+        cookieSource: ProviderCookieSource? = nil,
+        region: String? = nil,
+        workspaceID: String? = nil,
+        enterpriseHost: String? = nil,
+        tokenAccounts: ProviderTokenAccountData? = nil,
+        codexActiveSource: CodexActiveSource? = nil,
+        quotaWarnings: QuotaWarningConfig? = nil,
+        kiloKnownOrganizations: [KiloOrganization]? = nil,
+        kiloEnabledOrganizationIDs: [String]? = nil)
+    {
+        self.id = id
+        self.enabled = enabled
+        self.source = source
+        self.extrasEnabled = extrasEnabled
+        self.apiKey = apiKey
+        self.cookieHeader = cookieHeader
+        self.cookieSource = cookieSource
+        self.region = region
+        self.workspaceID = workspaceID
+        self.enterpriseHost = enterpriseHost
+        self.tokenAccounts = tokenAccounts
+        self.codexActiveSource = codexActiveSource
+        self.quotaWarnings = quotaWarnings
+        self.kiloKnownOrganizations = kiloKnownOrganizations
+        self.kiloEnabledOrganizationIDs = kiloEnabledOrganizationIDs
+    }
+```
+
+The implicit `Codable` conformance will pick up the new optional fields automatically.
+
+- [ ] **Step 5.2: Build to verify schema compiles**
+
+```bash
+swift build 2>&1 | tail -5
+```
+
+Expected: build succeeds.
+
+- [ ] **Step 5.3: Commit**
+
+```bash
+git add Sources/CodexBarCore/Config/CodexBarConfig.swift
+git commit -m "feat(kilo): persist kilo organizations in ProviderConfig"
+```
+
+---
+
+## Task 6: Extend `SettingsStore` with Kilo orgs accessors
+
+**Files:**
+- Modify: `Sources/CodexBar/Providers/Kilo/KiloSettingsStore.swift`
+- Create: `Tests/CodexBarTests/KiloSettingsStoreTests.swift`
+
+- [ ] **Step 6.1: Write failing tests**
+
+Create `Tests/CodexBarTests/KiloSettingsStoreTests.swift`:
+
+```swift
+import Foundation
+import Testing
+@testable import CodexBar
+@testable import CodexBarCore
+
+@MainActor
+struct KiloSettingsStoreTests {
+    private func makeSettings() -> SettingsStore {
+        let env = ProviderConfigEnvironment(
+            configFileURL: FileManager.default.temporaryDirectory.appendingPathComponent(
+                "kilo-org-settings-test-\(UUID().uuidString).json"),
+            environment: [:])
+        return SettingsStore(providerConfigEnvironment: env)
+    }
+
+    @Test
+    func `defaults to empty known organizations and empty enabled ids`() {
+        let settings = self.makeSettings()
+        #expect(settings.kiloKnownOrganizations.isEmpty)
+        #expect(settings.kiloEnabledOrganizationIDs.isEmpty)
+    }
+
+    @Test
+    func `setting known organizations persists them`() {
+        let settings = self.makeSettings()
+        let orgs = [
+            KiloOrganization(id: "org_1", name: "Alpha", role: "owner"),
+            KiloOrganization(id: "org_2", name: "Beta", role: "member"),
+        ]
+        settings.kiloKnownOrganizations = orgs
+        #expect(settings.kiloKnownOrganizations == orgs)
+    }
+
+    @Test
+    func `setting enabled org ids persists them`() {
+        let settings = self.makeSettings()
+        settings.kiloEnabledOrganizationIDs = ["org_1", "org_2"]
+        #expect(settings.kiloEnabledOrganizationIDs == ["org_1", "org_2"])
+    }
+
+    @Test
+    func `setKiloKnownOrganizations prunes stale enabled ids`() {
+        let settings = self.makeSettings()
+        settings.kiloKnownOrganizations = [
+            KiloOrganization(id: "org_1", name: "Alpha", role: nil),
+            KiloOrganization(id: "org_2", name: "Beta", role: nil),
+        ]
+        settings.kiloEnabledOrganizationIDs = ["org_1", "org_2"]
+        settings.setKiloKnownOrganizationsPruningEnabled(
+            [KiloOrganization(id: "org_2", name: "Beta", role: nil)])
+        #expect(settings.kiloKnownOrganizations.map(\.id) == ["org_2"])
+        #expect(settings.kiloEnabledOrganizationIDs == ["org_2"])
+    }
+}
+```
+
+- [ ] **Step 6.2: Run, verify fail**
+
+```bash
+swift test --filter KiloSettingsStoreTests 2>&1 | tail -10
+```
+
+Expected: compile error — missing properties.
+
+- [ ] **Step 6.3: Add accessors to `KiloSettingsStore`**
+
+Append to `Sources/CodexBar/Providers/Kilo/KiloSettingsStore.swift`:
+
+```swift
+extension SettingsStore {
+    var kiloKnownOrganizations: [KiloOrganization] {
+        get { self.configSnapshot.providerConfig(for: .kilo)?.kiloKnownOrganizations ?? [] }
+        set {
+            self.updateProviderConfig(provider: .kilo) { entry in
+                entry.kiloKnownOrganizations = newValue.isEmpty ? nil : newValue
+            }
+        }
+    }
+
+    var kiloEnabledOrganizationIDs: [String] {
+        get { self.configSnapshot.providerConfig(for: .kilo)?.kiloEnabledOrganizationIDs ?? [] }
+        set {
+            let cleaned = Array(LinkedHashSet(newValue
+                .map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
+                .filter { !$0.isEmpty }))
+            self.updateProviderConfig(provider: .kilo) { entry in
+                entry.kiloEnabledOrganizationIDs = cleaned.isEmpty ? nil : cleaned
+            }
+            self.logProviderModeChange(
+                provider: .kilo,
+                field: "enabledOrganizations",
+                value: cleaned.joined(separator: ","))
+        }
+    }
+
+    func setKiloKnownOrganizationsPruningEnabled(_ orgs: [KiloOrganization]) {
+        self.kiloKnownOrganizations = orgs
+        let validIDs = Set(orgs.map(\.id))
+        let pruned = self.kiloEnabledOrganizationIDs.filter { validIDs.contains($0) }
+        if pruned != self.kiloEnabledOrganizationIDs {
+            self.kiloEnabledOrganizationIDs = pruned
+        }
+    }
+
+    func kiloIsOrganizationEnabled(_ orgID: String) -> Bool {
+        self.kiloEnabledOrganizationIDs.contains(orgID)
+    }
+
+    func setKiloOrganization(_ orgID: String, enabled: Bool) {
+        var current = self.kiloEnabledOrganizationIDs
+        if enabled {
+            guard !current.contains(orgID) else { return }
+            current.append(orgID)
+        } else {
+            current.removeAll { $0 == orgID }
+        }
+        self.kiloEnabledOrganizationIDs = current
+    }
+}
+
+// Small order-preserving set used to dedupe enabled IDs without sorting.
+private struct LinkedHashSet<Element: Hashable>: Sequence {
+    private var seen: Set<Element> = []
+    private var ordered: [Element] = []
+
+    init<S: Sequence>(_ sequence: S) where S.Element == Element {
+        for element in sequence where self.seen.insert(element).inserted {
+            self.ordered.append(element)
+        }
+    }
+
+    func makeIterator() -> IndexingIterator<[Element]> {
+        self.ordered.makeIterator()
+    }
+}
+```
+
+- [ ] **Step 6.4: Run tests, verify pass**
+
+```bash
+swift test --filter KiloSettingsStoreTests 2>&1 | tail -10
+```
+
+Expected: all 4 tests pass.
+
+- [ ] **Step 6.5: Commit**
+
+```bash
+git add Sources/CodexBar/Providers/Kilo/KiloSettingsStore.swift \
+        Tests/CodexBarTests/KiloSettingsStoreTests.swift
+git commit -m "feat(kilo): settings accessors for known + enabled organizations"
+```
+
+---
+
+## Task 7: Wire scoped fetching into Kilo strategies
+
+**Files:**
+- Modify: `Sources/CodexBarCore/Providers/Kilo/KiloProviderDescriptor.swift`
+- Modify: `Sources/CodexBar/UsageStore+Refresh.swift`
+- Create: `Sources/CodexBar/Providers/Kilo/UsageStore+KiloOrgRefresh.swift`
+
+The `ProviderFetchStrategy` returns one `UsageSnapshot`, so we keep the existing strategy returning the personal scope. Org snapshots are fanned out at the UsageStore layer, mirroring `refreshTokenAccounts`.
+
+- [ ] **Step 7.1: Add scope-aware overload to the AP strategies (no-op call path so they still build)**
+
+This task does NOT change `KiloAPIFetchStrategy.fetch`. The strategy continues to fetch the personal scope. The fan-out is added at the UsageStore layer below. Skip directly to step 7.2.
+
+- [ ] **Step 7.2: Add a Kilo scope account adapter**
+
+The codebase already has `TokenAccountUsageSnapshot` for stacked rendering. We mirror that for Kilo scopes.
+
+Create `Sources/CodexBar/Providers/Kilo/UsageStore+KiloOrgRefresh.swift`:
+
+```swift
+import CodexBarCore
+import Foundation
+
+struct KiloScopeSnapshot: Identifiable, Equatable {
+    let id: String // KiloUsageScope.scopeIdentifier
+    let scope: KiloUsageScope
+    let snapshot: UsageSnapshot?
+    let errorMessage: String?
+    let sourceLabel: String?
+
+    static func == (lhs: KiloScopeSnapshot, rhs: KiloScopeSnapshot) -> Bool {
+        lhs.id == rhs.id
+            && lhs.snapshot?.updatedAt == rhs.snapshot?.updatedAt
+            && lhs.errorMessage == rhs.errorMessage
+            && lhs.sourceLabel == rhs.sourceLabel
+    }
+}
+
+extension UsageStore {
+    var kiloEnabledScopes: [KiloUsageScope] {
+        var scopes: [KiloUsageScope] = [.personal]
+        let enabled = self.settings.kiloEnabledOrganizationIDs
+        guard !enabled.isEmpty else { return scopes }
+        let knownByID = Dictionary(
+            uniqueKeysWithValues: self.settings.kiloKnownOrganizations.map { ($0.id, $0) })
+        for id in enabled {
+            if let org = knownByID[id] {
+                scopes.append(.organization(id: org.id, name: org.name))
+            }
+        }
+        return scopes
+    }
+
+    func shouldFanOutKiloScopes() -> Bool {
+        self.kiloEnabledScopes.count > 1
+    }
+
+    func refreshKiloScopes() async {
+        let scopes = self.kiloEnabledScopes
+        guard scopes.count > 1 else {
+            await MainActor.run { self.kiloScopeSnapshots = [] }
+            return
+        }
+        let apiKey = self.settings.configSnapshot.providerConfig(for: .kilo)?.sanitizedAPIKey
+            ?? ProcessInfo.processInfo.environment[KiloSettingsReader.apiTokenKey]
+        guard let resolvedKey = apiKey, !resolvedKey.isEmpty else {
+            await MainActor.run {
+                self.kiloScopeSnapshots = scopes.map {
+                    KiloScopeSnapshot(
+                        id: $0.scopeIdentifier,
+                        scope: $0,
+                        snapshot: nil,
+                        errorMessage: "Kilo API credentials missing.",
+                        sourceLabel: nil)
+                }
+            }
+            return
+        }
+
+        let env = ProcessInfo.processInfo.environment
+        let results: [KiloScopeSnapshot] = await withTaskGroup(of: KiloScopeSnapshot.self) { group in
+            for scope in scopes {
+                group.addTask {
+                    do {
+                        let raw = try await KiloUsageFetcher.fetchUsage(
+                            apiKey: resolvedKey,
+                            scope: scope,
+                            environment: env)
+                        var snapshot = raw.toUsageSnapshot()
+                        snapshot = snapshot.replacingIdentityOrganization(scope.displayName)
+                        return KiloScopeSnapshot(
+                            id: scope.scopeIdentifier,
+                            scope: scope,
+                            snapshot: snapshot,
+                            errorMessage: nil,
+                            sourceLabel: "api")
+                    } catch {
+                        return KiloScopeSnapshot(
+                            id: scope.scopeIdentifier,
+                            scope: scope,
+                            snapshot: nil,
+                            errorMessage: (error as? LocalizedError)?.errorDescription
+                                ?? error.localizedDescription,
+                            sourceLabel: nil)
+                    }
+                }
+            }
+            var collected: [KiloScopeSnapshot] = []
+            for await result in group {
+                collected.append(result)
+            }
+            return collected
+        }
+
+        // Preserve the order from `scopes` (personal first, then enabled orgs in order).
+        let resultByID = Dictionary(uniqueKeysWithValues: results.map { ($0.id, $0) })
+        let ordered = scopes.compactMap { resultByID[$0.scopeIdentifier] }
+
+        await MainActor.run {
+            self.kiloScopeSnapshots = ordered
+        }
+    }
+}
+
+extension UsageSnapshot {
+    fileprivate func replacingIdentityOrganization(_ org: String) -> UsageSnapshot {
+        let baseIdentity = self.identity
+        let newIdentity = ProviderIdentitySnapshot(
+            providerID: baseIdentity?.providerID ?? .kilo,
+            accountEmail: baseIdentity?.accountEmail,
+            accountOrganization: org,
+            loginMethod: baseIdentity?.loginMethod)
+        return UsageSnapshot(
+            primary: self.primary,
+            secondary: self.secondary,
+            tertiary: self.tertiary,
+            providerCost: self.providerCost,
+            updatedAt: self.updatedAt,
+            identity: newIdentity)
+    }
+}
+```
+
+- [ ] **Step 7.3: Add the `kiloScopeSnapshots` stored property to `UsageStore`**
+
+In `Sources/CodexBar/UsageStore.swift`, find the closest place where Codex-related published properties live (e.g. near `codexAccountSnapshots`) and add:
+
+```swift
+    @Published var kiloScopeSnapshots: [KiloScopeSnapshot] = []
+```
+
+Choose a location adjacent to existing per-provider stacked snapshot arrays. The exact line is around `codexAccountSnapshots: [CodexAccountUsageSnapshot] = []` — add directly below it.
+
+- [ ] **Step 7.4: Invoke fan-out from `refreshProvider`**
+
+In `Sources/CodexBar/UsageStore+Refresh.swift`, find the existing `tokenAccounts` fan-out block in `refreshProvider`:
+
+```swift
+        let tokenAccounts = self.tokenAccounts(for: provider)
+        if self.shouldFetchAllTokenAccounts(provider: provider, accounts: tokenAccounts) {
+            await self.refreshTokenAccounts(provider: provider, accounts: tokenAccounts)
+            return
+        }
+```
+
+Insert directly above it (before line 55):
+
+```swift
+        if provider == .kilo, self.shouldFanOutKiloScopes() {
+            await self.refreshKiloScopes()
+            // Continue to also fetch the personal snapshot through the regular path
+            // so the existing single-card render keeps working when only personal is shown.
+            // The presence of multi-element kiloScopeSnapshots triggers stacked rendering.
+        }
+```
+
+- [ ] **Step 7.5: Reset `kiloScopeSnapshots` when Kilo is disabled or single-scope**
+
+Inside the existing disabled-provider branch of `refreshProvider` (the block that runs when `!spec.isEnabled()`), add inside the `MainActor.run`:
+
+```swift
+                if provider == .kilo {
+                    self.kiloScopeSnapshots = []
+                }
+```
+
+Also at the start of the regular fetch path (just before `let fetchContext = spec.makeFetchContext()`), add:
+
+```swift
+        if provider == .kilo, !self.shouldFanOutKiloScopes() {
+            await MainActor.run { self.kiloScopeSnapshots = [] }
+        }
+```
+
+- [ ] **Step 7.6: Build to confirm wiring compiles**
+
+```bash
+swift build 2>&1 | tail -15
+```
+
+Expected: succeeds. If `UsageSnapshot.replacingIdentityOrganization` clashes with an existing extension, rename to `withAccountOrganization` and update the call site.
+
+- [ ] **Step 7.7: Commit**
+
+```bash
+git add Sources/CodexBar/UsageStore.swift \
+        Sources/CodexBar/UsageStore+Refresh.swift \
+        Sources/CodexBar/Providers/Kilo/UsageStore+KiloOrgRefresh.swift
+git commit -m "feat(kilo): fan out usage fetch per enabled scope"
+```
+
+---
+
+## Task 8: Surface scope snapshots in menu rendering
+
+**Files:**
+- Modify: `Sources/CodexBar/StatusItemController+MenuCardModel.swift` (or the file that produces Kilo menu rows)
+- Modify: `Sources/CodexBar/MenuDescriptor.swift` if needed
+
+The menu currently renders one Kilo card. Add a branch: when `kiloScopeSnapshots` has 2+ entries, render one card per scope.
+
+- [ ] **Step 8.1: Locate the Kilo menu-row producer**
+
+```bash
+grep -n "case \\.kilo" Sources/CodexBar/StatusItemController*.swift Sources/CodexBar/Menu*.swift 2>&1 | head -15
+```
+
+This points at the rendering site. Open whichever file produces the per-provider row group for Kilo.
+
+- [ ] **Step 8.2: Insert scope-fan-out in the Kilo row builder**
+
+At the location that produces the Kilo `MenuCardModel` (or the equivalent NSMenu items), guard:
+
+```swift
+if !self.kiloScopeSnapshots.isEmpty, self.kiloScopeSnapshots.count > 1 {
+    return self.kiloScopeSnapshots.map { scope -> MenuCardModel in
+        self.makeKiloMenuCard(
+            snapshot: scope.snapshot,
+            errorMessage: scope.errorMessage,
+            sourceLabel: scope.sourceLabel,
+            scopeName: scope.scope.displayName)
+    }
+}
+```
+
+If a helper named `makeKiloMenuCard(...)` does not exist, factor the existing inline Kilo card construction into one, taking the four parameters above. Reuse the same code path used by Claude's stacked tokenAccount rendering as a structural reference.
+
+- [ ] **Step 8.3: Verify visually using CLI snapshot test (no UI required)**
+
+```bash
+swift test --filter CLIRendererTests 2>&1 | tail -15
+swift test --filter MenuCardModelTests 2>&1 | tail -15
+```
+
+Existing tests must continue to pass.
+
+- [ ] **Step 8.4: Build**
+
+```bash
+swift build 2>&1 | tail -5
+```
+
+Expected: success.
+
+- [ ] **Step 8.5: Commit**
+
+```bash
+git add Sources/CodexBar/StatusItemController+MenuCardModel.swift \
+        Sources/CodexBar/MenuDescriptor.swift
+git commit -m "feat(kilo): render one menu card per enabled scope"
+```
+
+---
+
+## Task 9: Preferences pane — Organizations section
+
+**Files:**
+- Modify: `Sources/CodexBar/Providers/Kilo/KiloProviderImplementation.swift`
+- Possibly modify: `Sources/CodexBar/PreferencesProviderDetailView.swift` and `Sources/CodexBarCore/Providers/ProviderDescriptor.swift` if a new descriptor variant is needed.
+
+If a multi-toggle descriptor is not yet supported, surface the org list using a `ProviderSettingsFieldDescriptor.kind = .info`-style wrapper combined with action buttons, OR add a new descriptor variant. Pick the minimum needed.
+
+- [ ] **Step 9.1: Add an org-section descriptor type**
+
+Search first to see whether the existing `ProviderSettingsFieldDescriptor` already has a list/toggle kind:
+
+```bash
+grep -n "enum Kind\|case info\|case toggleList\|case checkboxList" \
+    Sources/CodexBarCore/Providers/ProviderDescriptor.swift \
+    Sources/CodexBar/PreferencesProviderDetailView.swift 2>&1 | head -20
+```
+
+If a toggle-list kind exists, reuse it. Otherwise, add a new `ProviderSettingsOrganizationsDescriptor` in `Sources/CodexBarCore/Providers/ProviderDescriptor.swift`:
+
+```swift
+public struct ProviderSettingsOrganizationsDescriptor: Sendable {
+    public let id: String
+    public let title: String
+    public let subtitle: String?
+    public let entries: () -> [Entry]
+    public let onToggle: @MainActor (String, Bool) -> Void
+    public let onRefresh: @MainActor () async -> RefreshOutcome
+    public let canRefresh: () -> Bool
+
+    public struct Entry: Sendable, Identifiable {
+        public let id: String
+        public let title: String
+        public let subtitle: String?
+        public let isEnabled: Bool
+        public let isLocked: Bool
+
+        public init(id: String, title: String, subtitle: String?, isEnabled: Bool, isLocked: Bool) {
+            self.id = id
+            self.title = title
+            self.subtitle = subtitle
+            self.isEnabled = isEnabled
+            self.isLocked = isLocked
+        }
+    }
+
+    public struct RefreshOutcome: Sendable {
+        public let success: Bool
+        public let errorMessage: String?
+
+        public init(success: Bool, errorMessage: String? = nil) {
+            self.success = success
+            self.errorMessage = errorMessage
+        }
+    }
+
+    public init(
+        id: String,
+        title: String,
+        subtitle: String?,
+        entries: @escaping () -> [Entry],
+        onToggle: @escaping @MainActor (String, Bool) -> Void,
+        onRefresh: @escaping @MainActor () async -> RefreshOutcome,
+        canRefresh: @escaping () -> Bool)
+    {
+        self.id = id
+        self.title = title
+        self.subtitle = subtitle
+        self.entries = entries
+        self.onToggle = onToggle
+        self.onRefresh = onRefresh
+        self.canRefresh = canRefresh
+    }
+}
+```
+
+Then add an optional `settingsOrganizations:` slot to whatever protocol `ProviderImplementation` exposes (e.g. add `func settingsOrganizations(context: ProviderSettingsContext) -> ProviderSettingsOrganizationsDescriptor?`). Default the protocol method to `nil`.
+
+- [ ] **Step 9.2: Implement `settingsOrganizations` in `KiloProviderImplementation`**
+
+In `Sources/CodexBar/Providers/Kilo/KiloProviderImplementation.swift`:
+
+```swift
+    @MainActor
+    func settingsOrganizations(
+        context: ProviderSettingsContext) -> ProviderSettingsOrganizationsDescriptor?
+    {
+        ProviderSettingsOrganizationsDescriptor(
+            id: "kilo-organizations",
+            title: "Organizations",
+            subtitle: "Show usage for organizations you belong to. Personal account is always shown.",
+            entries: {
+                var entries: [ProviderSettingsOrganizationsDescriptor.Entry] = [
+                    .init(
+                        id: "personal",
+                        title: "Personal account",
+                        subtitle: nil,
+                        isEnabled: true,
+                        isLocked: true),
+                ]
+                for org in context.settings.kiloKnownOrganizations {
+                    entries.append(
+                        .init(
+                            id: org.id,
+                            title: org.name,
+                            subtitle: org.role,
+                            isEnabled: context.settings.kiloIsOrganizationEnabled(org.id),
+                            isLocked: false))
+                }
+                return entries
+            },
+            onToggle: { orgID, enabled in
+                guard orgID != "personal" else { return }
+                context.settings.setKiloOrganization(orgID, enabled: enabled)
+            },
+            onRefresh: {
+                let apiKey = context.settings.kiloAPIToken.isEmpty
+                    ? ProcessInfo.processInfo.environment[KiloSettingsReader.apiTokenKey] ?? ""
+                    : context.settings.kiloAPIToken
+                guard !apiKey.isEmpty else {
+                    return .init(success: false,
+                        errorMessage: "Set the Kilo API key first.")
+                }
+                do {
+                    let orgs = try await KiloUsageFetcher.fetchOrganizations(apiKey: apiKey)
+                    context.settings.setKiloKnownOrganizationsPruningEnabled(orgs)
+                    return .init(success: true)
+                } catch let error as LocalizedError {
+                    return .init(success: false,
+                        errorMessage: error.errorDescription ?? "Failed to load organizations.")
+                } catch {
+                    return .init(success: false,
+                        errorMessage: error.localizedDescription)
+                }
+            },
+            canRefresh: {
+                !context.settings.kiloAPIToken.isEmpty
+                    || !(ProcessInfo.processInfo.environment[KiloSettingsReader.apiTokenKey] ?? "").isEmpty
+            })
+    }
+```
+
+- [ ] **Step 9.3: Render the new descriptor in `PreferencesProviderDetailView`**
+
+In `Sources/CodexBar/PreferencesProviderDetailView.swift`, follow the existing pattern used by `settingsTokenAccounts`. Add a stored property `settingsOrganizations: ProviderSettingsOrganizationsDescriptor?`, source it from the provider implementation, and render it as a SwiftUI section under the API key:
+
+```swift
+if let descriptor = self.settingsOrganizations {
+    Section(descriptor.title) {
+        if let subtitle = descriptor.subtitle {
+            Text(subtitle).font(.caption).foregroundStyle(.secondary)
+        }
+        ForEach(descriptor.entries(), id: \.id) { entry in
+            Toggle(isOn: Binding(
+                get: { entry.isEnabled },
+                set: { newValue in descriptor.onToggle(entry.id, newValue) }))
+            {
+                VStack(alignment: .leading, spacing: 2) {
+                    Text(entry.title)
+                    if let subtitle = entry.subtitle {
+                        Text(subtitle).font(.caption).foregroundStyle(.secondary)
+                    }
+                }
+            }
+            .disabled(entry.isLocked)
+        }
+        HStack {
+            Button("Refresh organizations") {
+                Task {
+                    let result = await descriptor.onRefresh()
+                    if !result.success, let message = result.errorMessage {
+                        self.kiloOrganizationsErrorMessage = message
+                    } else {
+                        self.kiloOrganizationsErrorMessage = nil
+                    }
+                }
+            }
+            .disabled(!descriptor.canRefresh())
+            Spacer()
+            if let message = self.kiloOrganizationsErrorMessage {
+                Text(message).font(.caption).foregroundStyle(.red)
+            }
+        }
+    }
+}
+```
+
+Add `@State private var kiloOrganizationsErrorMessage: String?` near other `@State` properties in the view.
+
+- [ ] **Step 9.4: Build and verify**
+
+```bash
+swift build 2>&1 | tail -10
+```
+
+Expected: success. If type mismatches arise, follow them and align signatures.
+
+- [ ] **Step 9.5: Commit**
+
+```bash
+git add Sources/CodexBarCore/Providers/ProviderDescriptor.swift \
+        Sources/CodexBar/Providers/Kilo/KiloProviderImplementation.swift \
+        Sources/CodexBar/PreferencesProviderDetailView.swift
+git commit -m "feat(kilo): Preferences organizations section with refresh + toggles"
+```
+
+---
+
+## Task 10: Update Kilo docs
+
+**Files:**
+- Modify: `docs/kilo.md`
+
+- [ ] **Step 10.1: Add a "Organizations" section**
+
+Append to `docs/kilo.md`:
+
+```markdown
+## Organizations
+
+CodexBar can show usage for any Kilo organization the API key belongs to.
+
+- Open Preferences → Providers → Kilo, set the API key, then click **Refresh
+  organizations**.
+- Toggle the organizations you want to display alongside Personal. Personal is
+  always shown.
+- When at least one organization is enabled, the menu renders one Kilo card per
+  enabled scope.
+- The CodexBar fetcher sends the standard `X-KILOCODE-ORGANIZATIONID` header on
+  every usage call to scope the response to that organization.
+- CLI source mode (`auth.json`): the header is applied to CLI-resolved tokens
+  as well. If a CLI token isn't authorized for the chosen organization, that
+  card surfaces an unauthorized error while Personal and other enabled scopes
+  continue to render normally.
+```
+
+- [ ] **Step 10.2: Commit**
+
+```bash
+git add docs/kilo.md
+git commit -m "docs(kilo): document organization selection"
+```
+
+---
+
+## Task 11: Repo-wide validation
+
+- [ ] **Step 11.1: Run the full unit test suite**
+
+```bash
+swift test 2>&1 | tail -30
+```
+
+Expected: all tests pass. If new failures appear in unrelated tests (network-flaky, etc.), record and rerun.
+
+- [ ] **Step 11.2: Run `make check`**
+
+```bash
+make check 2>&1 | tail -30
+```
+
+Expected: swiftformat + swiftlint clean. Fix any reported issues by applying suggestions inline and re-running.
+
+- [ ] **Step 11.3: Build release config to ensure no debug-only types leaked**
+
+```bash
+swift build -c release 2>&1 | tail -10
+```
+
+Expected: success.
+
+- [ ] **Step 11.4: Commit any lint/format fixups**
+
+```bash
+git status
+git diff --stat
+git add -A
+git commit -m "chore: swiftformat/swiftlint fixups for kilo orgs work"
+```
+
+(Skip if no diff.)
+
+---
+
+## Task 12: Open the PR (lead-only — runs after all build tasks land)
+
+- [ ] **Step 12.1: Ensure a fork exists for `noefabris`**
+
+```bash
+gh repo view noefabris/CodexBar --json url 2>&1 | head -5
+```
+
+If 404, fork:
+
+```bash
+gh repo fork steipete/CodexBar --remote=false --clone=false
+```
+
+- [ ] **Step 12.2: Add fork as a remote (if missing) and push**
+
+```bash
+git remote get-url fork 2>/dev/null || git remote add fork https://github.com/noefabris/CodexBar.git
+git push -u fork feat/kilo-organization-selection
+```
+
+- [ ] **Step 12.3: Create the PR**
+
+```bash
+gh pr create \
+  --repo steipete/CodexBar \
+  --base main \
+  --head noefabris:feat/kilo-organization-selection \
+  --title "Add Kilo organization selection (usage stacking)" \
+  --body "$(cat <<'EOF'
+## Summary
+- Adds Kilo organization selection to Preferences → Providers → Kilo.
+- Refresh button fetches `user.getOrganizations` (with `/api/profile` REST fallback).
+- Each enabled organization is fetched in parallel with the personal account using the standard `X-KILOCODE-ORGANIZATIONID` header.
+- The Kilo menu now stacks one card per enabled scope (Personal + each chosen org), reusing the existing multi-snapshot rendering pattern.
+
+## Design doc
+- `docs/superpowers/specs/2026-05-11-kilo-organization-selection-design.md`
+- `docs/superpowers/plans/2026-05-11-kilo-organization-selection.md`
+
+## Test plan
+- [x] `swift test` passes
+- [x] `make check` clean
+- [x] `swift build -c release` succeeds
+- [ ] Manual: launch app, set Kilo API key, hit Refresh organizations, toggle orgs, observe stacked menu cards
+- [ ] Manual: revoke org permission and confirm only that scope errors out
+
+🤖 Generated with [Claude Code](https://claude.com/claude-code)
+EOF
+)"
+```
+
+Capture the printed PR URL.
+
+- [ ] **Step 12.4: Report the PR URL back to the user**
+
+---
+
+## Self-review checklist
+
+- [x] Each spec section has at least one task implementing it.
+- [x] Task 4 covers both tRPC and REST org-discovery shapes (spec §2).
+- [x] Task 7 fan-out covers both API and CLI source modes — the strategy resolves the token, then `refreshKiloScopes` reuses the same API key transport.
+- [x] Persistence covered by Task 5 + 6.
+- [x] UI section covered by Task 9.
+- [x] Menu rendering covered by Task 8.
+- [x] Tests written before implementation per TDD in Tasks 1–6.
+- [x] No placeholders ("TBD", "fill in later", etc.).
+- [x] Types stay consistent: `KiloOrganization`, `KiloUsageScope`, `KiloScopeSnapshot` referenced consistently across tasks.
+- [x] Out-of-scope items from spec (menu switcher, multi-key auth, widget) intentionally absent.
+
+If during execution any task uncovers an actual gap not covered above (e.g. existing tests that mock `KiloUsageFetcher.fetchUsage(apiKey:environment:)` without `scope`), update them to use `scope: .personal` explicitly — keep the default-parameter migration path even though tests typically pass it explicitly.
diff --git a/docs/superpowers/specs/2026-05-11-kilo-organization-selection-design.md b/docs/superpowers/specs/2026-05-11-kilo-organization-selection-design.md
new file mode 100644
index 000000000..20e09e9db
--- /dev/null
+++ b/docs/superpowers/specs/2026-05-11-kilo-organization-selection-design.md
@@ -0,0 +1,148 @@
+# Kilo Organization Selection & Usage — Design
+
+**Status:** approved
+**Date:** 2026-05-11
+**Owner:** noefabris
+
+## Problem
+
+The Kilo provider in CodexBar always queries the personal account. Users who belong to one or more Kilo organizations cannot see organization-level credits, KiloPass usage, or plan info. Kilo's own clients (VS Code extension, CLI) let users pick "Personal" or any organization they belong to and route requests with an `X-KILOCODE-ORGANIZATIONID` header.
+
+Goal: let CodexBar users opt in to seeing one or more Kilo organizations alongside their personal account.
+
+## Non-goals
+
+- Menu-bar org switcher. Selection lives in Preferences only.
+- Editing org membership from CodexBar (read-only consumer of Kilo's org list).
+- Per-org auth (CodexBar reuses the same API key/CLI session; Kilo's gateway scopes via header).
+- Replacing the existing single-account `Personal` flow when no orgs are configured.
+
+## Constraints / context
+
+- Kilo gateway accepts `X-KILOCODE-ORGANIZATIONID: <orgId>` to scope any authenticated request. Documented at `kilo.ai/docs/gateway/authentication`.
+- Profile endpoint shape (from `Kilo-Org/kilocode` `packages/kilo-gateway/src/api/profile.ts`):
+  `GET /api/profile` → `{ user: { email, name }, organizations: [{ id, name, role }] }`.
+- CodexBar's Kilo provider currently calls `https://app.kilo.ai/api/trpc` with procedures `user.getCreditBlocks`, `kiloPass.getState`, `user.getAutoTopUpPaymentMethod`. The `X-KILOCODE-ORGANIZATIONID` header is transport-level and must work for the same procedures.
+- Existing CodexBar patterns to reuse:
+  - `ProviderIdentitySnapshot.accountOrganization` for rendering the org name in a card.
+  - Stacked multi-snapshot rendering used by Claude tokenAccounts (Preferences → Advanced → Display).
+  - `~/.codexbar/config.json` per-provider entry for persisted state.
+
+## User stories
+
+1. **As a user with no orgs**, the Kilo card looks exactly as it does today. No new UI noise.
+2. **As a user with one or more orgs**, I can open Preferences → Providers → Kilo, hit "Refresh organizations", see my org list, and tick the orgs I want to monitor. Each enabled org appears as its own card stacked with Personal in the menu.
+3. **As a user whose API key isn't set**, the Organizations section explains I need the key first and the Refresh button is disabled.
+4. **As a user using CLI source mode**, org selection still works — the header is sent on every fetch regardless of where the bearer token came from.
+
+## Architecture
+
+### Data model
+
+- `KiloOrganization` (Sendable, Codable, Equatable) in `Sources/CodexBarCore/Providers/Kilo/`:
+  - `id: String`
+  - `name: String`
+  - `role: String?` (optional; treated as display-only)
+- `KiloUsageScope` (Sendable, Hashable) in same module:
+  - `.personal`
+  - `.organization(id: String, name: String)`
+  - A `scopeIdentifier` computed property: `"personal"` or `"org:<id>"` used as the snapshot map key.
+- `KiloUsageSnapshot` gains `scope: KiloUsageScope` (default `.personal` keeps existing call sites compiling).
+
+### API layer (`KiloUsageFetcher`)
+
+- Existing `fetchUsage(apiKey:environment:)` becomes:
+  `fetchUsage(apiKey:scope:environment:)` with `scope: KiloUsageScope = .personal`.
+  - When `.organization(id, _)`: set request header `X-KILOCODE-ORGANIZATIONID: id` on the existing tRPC batch URLRequest. Everything else unchanged.
+- New `fetchOrganizations(apiKey:environment:)` → `[KiloOrganization]`:
+  - Primary: tRPC batch call to `user.getOrganizations` against `https://app.kilo.ai/api/trpc`. Parse the same payload-context shape as other procedures (defensive against schema drift).
+  - Fallback: if tRPC returns 404 / endpoint not found, fall back to `GET https://api.kilo.ai/api/profile` and read `data.organizations`. Both endpoints are part of the documented Kilo Gateway.
+  - Returns `[]` (not error) when the user has no orgs.
+  - Maps `401/403 → KiloUsageError.unauthorized`, `404 → endpointNotFound`, etc., using the existing `statusError(for:)`.
+
+### Settings
+
+`SettingsStore` extension (new file `SettingsStore+Kilo.swift` or extend `KiloSettingsStore.swift`):
+
+- `kiloKnownOrganizations: [KiloOrganization]` — cache of organizations last fetched. Survives restart.
+- `kiloEnabledOrganizationIDs: Set<String>` — which orgs the user wants to fetch + render.
+- Personal scope is implicit: always enabled, can't be toggled off.
+
+Persistence:
+- Add `organizations: [KiloOrganization]?` and `enabledOrganizationIds: [String]?` to the Kilo provider's entry in `~/.codexbar/config.json`.
+- Mutators write through `updateProviderConfig(provider: .kilo)`.
+
+### Refresh / UsageStore
+
+- `UsageStore`'s Kilo refresh path computes the active scope list: `[.personal] + enabled orgs from kiloKnownOrganizations`.
+- Fan-out using a `TaskGroup`, one child per scope, each calling `KiloUsageFetcher.fetchUsage(apiKey:scope:)`.
+- Per-scope failures isolated: a 403 on one org sets that scope's error state but does not affect personal or other orgs.
+- Snapshots stored in a new dictionary `kiloScopedSnapshots: [String: KiloUsageSnapshot]` keyed by `scope.scopeIdentifier`, alongside the existing single-snapshot field. When `kiloScopedSnapshots` has more than one entry the menu uses stacked rendering; otherwise existing single-card rendering.
+
+### UI — Preferences → Providers → Kilo
+
+- New section header "Organizations" placed below the API key field.
+- Row 1 (always): `Personal account` with a disabled-on checkbox.
+- Rows 2..N: each known organization with a togglable checkbox `[✓] <Org name> — <role>`.
+- Empty state when `kiloKnownOrganizations` is empty: "No organizations loaded. Click Refresh after setting your API key."
+- "Refresh organizations" button:
+  - Disabled when API key is empty.
+  - Calls `KiloUsageFetcher.fetchOrganizations(apiKey:)` on a background task.
+  - On success: writes to `kiloKnownOrganizations`, prunes `kiloEnabledOrganizationIDs` entries that no longer exist.
+  - On 401/403: surface inline error "API key unauthorized. Refresh or update it."
+  - On network error: surface inline error.
+
+### Menu rendering
+
+- The Kilo card renderer reads `kiloScopedSnapshots`. When count > 1, render each as a stacked card using the same vertical layout already used by Claude's stacked tokenAccount snapshots.
+- Each scope's card sets `ProviderIdentitySnapshot.accountOrganization`:
+  - `.personal` → `"Personal"`
+  - `.organization(_, name)` → `name`
+- Existing credit/pass/plan rows render unchanged inside each card.
+
+### Errors / edge cases
+
+| Case | Behavior |
+| --- | --- |
+| User has no orgs | Personal scope only. Org section shows empty state. No fan-out. |
+| API key missing | Refresh button disabled. Existing missing-credentials error still surfaces on usage fetch. |
+| Org refresh fails (401/403) | Inline error in Preferences; keep cached list. |
+| Org usage fetch returns 403 | That org's card shows a small error label; personal + other orgs render normally. |
+| Org removed on Kilo side | Next Refresh drops it from `kiloKnownOrganizations`; if it was in `kiloEnabledOrganizationIDs` it is silently pruned. |
+| CLI source mode | Header sent same way. If the resolved CLI bearer can't scope to that org, it 403s — handled by the per-scope error case above. |
+| Source = `auto` | Org scope follows the same auto fallback; failures inside the scope respect the fallback chain. |
+| Multiple orgs enabled | Concurrent fetch; per-scope timeouts isolated. |
+
+## Testing
+
+- Unit tests (in `Tests/CodexBarTests`):
+  - `KiloUsageFetcherTests`:
+    - Header injection: `.organization(id, _)` → request contains `X-KILOCODE-ORGANIZATIONID: id`. `.personal` → no header.
+    - `fetchOrganizations` parses both tRPC shape and `/api/profile` REST shape.
+    - 401/403 → `.unauthorized`.
+  - `KiloSettingsStoreTests`:
+    - Round-trip of `kiloKnownOrganizations` and `kiloEnabledOrganizationIDs` through config.json.
+    - Pruning of stale IDs when known list shrinks.
+  - `UsageStore+KiloRefreshTests`:
+    - Fan-out runs N scopes, per-scope error isolation.
+    - Single-scope path unchanged when no orgs enabled.
+- CLI snapshot test (`Tests/CodexBarTests/CLIRendererTests` or similar): `codexbar-cli kilo` shows one section per active scope when orgs are enabled.
+- Run `make check` and `swift test` before handoff.
+
+## Migration / compatibility
+
+- `KiloUsageSnapshot.scope` defaults to `.personal` — all existing call sites compile unchanged.
+- Config additions are optional — old configs continue to load as personal-only.
+- No new dependencies.
+
+## Open items (verify during build)
+
+- Confirm `https://app.kilo.ai/api/trpc/user.getOrganizations` exists. If not, the REST fallback to `https://api.kilo.ai/api/profile` is the path of record.
+- Confirm the tRPC procedures honor `X-KILOCODE-ORGANIZATIONID`. Documented for gateway; spot-check during integration.
+
+## Out of scope
+
+- Menu-bar org switcher UI.
+- Per-org token storage / multiple API keys for the same provider.
+- CLI command for org switching (`codexbar-cli` consumes the same settings).
+- Widget rendering changes for multi-scope (widget continues to show personal scope).
diff --git a/docs/ui.md b/docs/ui.md
index 3c9c7c3bf..b0c0c1746 100644
--- a/docs/ui.md
+++ b/docs/ui.md
@@ -10,25 +10,33 @@ read_when:
 ## Menu bar
 - LSUIElement app: no Dock icon; status item uses custom NSImage.
 - Merge Icons toggle combines providers into one status item with a switcher.
+- Provider status items use stable autosave names and are reused across provider toggles so macOS can preserve icon
+  positions.
 - When Overview has selected providers, the switcher includes an Overview tab that renders up to 3 provider rows.
 - Overview row order follows provider order; selecting a row jumps to that provider detail card.
+- The global open-menu keyboard shortcut toggles the currently tracked menu closed before opening a new one.
 
 ## Icon rendering
 - 18×18 template image.
-- Top bar = 5-hour window; bottom hairline = weekly window.
+- Bar windows are provider/style-specific primary and secondary windows.
 - Fill represents percent remaining by default; “Show usage as used” flips to percent used.
-- Dimmed when last refresh failed; status overlays render incident indicators.
-- Advanced: menu bar can show provider branding icons with a percent label instead of critter bars.
+- Renderer/critter icons dim when last refresh failed and can render incident indicators; brand display mode uses provider branding plus title text.
+- Loading animation runs at a bounded frame rate and has a hard continuous-duration ceiling so provider hangs cannot keep
+  the menu bar redrawing forever.
+- Display → Menu bar: menu bar can show provider branding icons with a percent label instead of critter bars.
 
 ## Menu card
-- Session + weekly rows with resets (countdown by default; optional absolute clock display).
-- Codex-only: Credits + “Buy Credits…” in-card action.
-- Web-only rows (when OpenAI cookies are enabled): code review remaining, usage breakdown submenu.
+- Provider-specific rows with resets (countdown by default; optional absolute clock display). Primary, secondary,
+  tertiary, and extra windows render when the provider snapshot has data for them.
+- Codex credits can add a separate “Buy Credits…” menu action.
+- Codex OpenAI web extras: code review remaining and usage breakdown render when dashboard data is attached.
 - Token accounts: optional account switcher bar or stacked account cards (up to 6) when multiple manual tokens exist.
+- Provider storage usage is opt-in from Advanced settings. When enabled, overview rows and provider detail cards can show
+  local provider-owned storage totals, with a submenu for path breakdowns and copyable paths.
 
 ## Pace tracking
 
-Pace compares your actual usage against an even-consumption budget that would spread your allowance evenly across the reset window.
+Pace compares your actual usage against the expected consumption rate for the current window. Most providers use an even-consumption budget; Codex can use historical pace data when historical tracking is available.
 
 - **On pace** – usage matches the expected rate.
 - **X% in deficit** – you're consuming faster than the even rate; at this pace you'll run out before the window resets.
@@ -36,18 +44,20 @@ Pace compares your actual usage against an even-consumption budget that would sp
 
 When usage is in deficit, the right-hand label shows an estimated "Runs out in …" countdown. When usage will last until the reset, it shows "Lasts until reset".
 
-Pace is calculated for Codex and Claude weekly windows only and is hidden when less than 3% of the window has elapsed.
+Pace is calculated for any provider window with enough reset timing data and is hidden when less than 3% of the
+window has elapsed.
 
 ## Preferences notes
 - Advanced: “Disable Keychain access” turns off browser cookie import; paste Cookie headers manually in Providers.
+- Advanced: “Show provider storage usage” enables background scans of known provider-owned local paths; CodexBar only
+  reports sizes and cleanup ideas, it does not delete files.
 - Display: “Overview tab providers” controls which providers appear in Merge Icons → Overview (up to 3).
 - If no providers are selected for Overview, the Overview tab is hidden.
-- Providers → Claude: “Keychain prompt policy” controls Claude OAuth prompt behavior (Never / Only on user action /
-  Always allow prompts).
-- When “Disable Keychain access” is enabled in Advanced, the Claude keychain prompt policy remains visible but is
-  inactive.
+- Providers → Claude: “Avoid Keychain prompts” uses the prompt-free Security CLI reader when available.
+- The lower-level “Keychain prompt policy” picker only appears when the Security.framework reader is active.
 
 ## Widgets (high level)
-- Widget entries mirror the menu card; detailed pipeline in `docs/widgets.md`.
+- Widgets render shared usage snapshots for the supported widget families and
+  provider picker; detailed pipeline in `docs/widgets.md`.
 
 See also: `docs/widgets.md`.
diff --git a/docs/venice.md b/docs/venice.md
new file mode 100644
index 000000000..b1db45bcb
--- /dev/null
+++ b/docs/venice.md
@@ -0,0 +1,40 @@
+# Venice
+
+[Venice](https://venice.ai) is an AI inference platform that provides API access to various language models.
+
+## Setup
+
+1. Sign up or log in at https://venice.ai
+2. Navigate to your API settings at https://venice.ai/settings/api
+3. Create or retrieve your API key
+4. In CodexBar, add your Venice API key via:
+   - Preferences > Providers > Venice, OR
+   - Set the environment variable `VENICE_API_KEY` or `VENICE_KEY`
+
+## Balance Query
+
+CodexBar fetches your current Venice API balance using the `/api/v1/billing/balance` endpoint.
+
+### Balance Types
+
+- **DIEM**: Venice's native credits (if epoch allocation is configured)
+- **USD**: Dollar balance if available
+- **Consumption Currency**: Indicates which currency is active for current billing
+
+### Display
+
+CodexBar shows:
+- Current remaining balance (DIEM or USD)
+- Epoch allocation progress (if applicable)
+- "Balance unavailable" if consumption is temporarily disabled
+
+## Troubleshooting
+
+**No balance showing?**
+- Verify your API key is correct
+- Check network connectivity
+- Ensure your Venice account has an active balance
+
+**API rate limiting?**
+- CodexBar caches balance data and updates every 30 seconds
+- If you hit rate limits, wait a moment before refreshing
diff --git a/docs/widgets.md b/docs/widgets.md
index 8fbff0f27..bb916e3ba 100644
--- a/docs/widgets.md
+++ b/docs/widgets.md
@@ -11,11 +11,26 @@ read_when:
 ## Snapshot pipeline
 - `WidgetSnapshotStore` writes compact JSON snapshots to the app-group container.
 - Widgets read the snapshot and render usage/credits/history states.
+- The app writes snapshots after the main refresh pipeline and token-usage refreshes; narrow single-provider refresh paths may wait for the next snapshot write.
+- If no snapshot is available, widgets fall back to preview/empty data.
 
 ## Extension
 - `Sources/CodexBarWidget` contains timeline + views.
+- `WidgetExtension/CodexBarWidgetExtension.xcodeproj` builds those sources as the packaged macOS WidgetKit app extension.
 - Keep data shape in sync with `WidgetSnapshot` in the main app.
 
+## Widget types
+- **CodexBar Switcher** (`CodexBarSwitcherWidget`): static provider switcher widget, small/medium/large.
+- **CodexBar Usage** (`CodexBarUsageWidget`): configurable provider usage widget, small/medium/large.
+- **CodexBar History** (`CodexBarHistoryWidget`): configurable usage-history chart, medium/large.
+- **CodexBar Metric** (`CodexBarCompactWidget`): compact credits/today-cost/30-day-cost widget, small only.
+
+## Provider picker support
+The configurable provider widgets currently expose:
+Codex, Claude, Gemini, Alibaba, Antigravity, z.ai, Copilot, MiniMax, Kilo, OpenCode, and OpenCode Go.
+
+Providers without a `ProviderChoice` case can still be present in the app snapshot, but they are not selectable from the widget configuration UI yet.
+
 ## Visibility troubleshooting (macOS 14+)
 When widgets do not appear in the gallery at all, the issue is almost always
 registration, signing, or daemon caching (not SwiftUI code).
@@ -24,6 +39,7 @@ registration, signing, or daemon caching (not SwiftUI code).
 ```
 APP="/Applications/CodexBar.app"
 WAPPEX="$APP/Contents/PlugIns/CodexBarWidget.appex"
+WIDGET_ID="com.steipete.codexbar.widget" # debug builds use com.steipete.codexbar.debug.widget
 
 ls -la "$WAPPEX" "$WAPPEX/Contents" "$WAPPEX/Contents/MacOS"
 ```
@@ -31,18 +47,18 @@ ls -la "$WAPPEX" "$WAPPEX/Contents" "$WAPPEX/Contents/MacOS"
 ### 2) PlugInKit registration (pkd)
 ```
 pluginkit -m -p com.apple.widgetkit-extension -v | grep -i codexbar || true
-pluginkit -m -p com.apple.widgetkit-extension -i com.steipete.codexbar.widget -vv
+pluginkit -m -p com.apple.widgetkit-extension -i "$WIDGET_ID" -vv
 ```
 Notes:
 - `+` = elected to use, `-` = ignored (PlugInKit elections).
 - If missing or ignored, force-add and re-elect:
 ```
 pluginkit -a "$WAPPEX"
-pluginkit -e use -p com.apple.widgetkit-extension -i com.steipete.codexbar.widget
+pluginkit -e use -p com.apple.widgetkit-extension -i "$WIDGET_ID"
 ```
 - Check for duplicates (old installs or version precedence):
 ```
-pluginkit -m -D -p com.apple.widgetkit-extension -i com.steipete.codexbar.widget -vv
+pluginkit -m -D -p com.apple.widgetkit-extension -i "$WIDGET_ID" -vv
 ```
 If multiple paths appear, delete older installs and bump `CFBundleVersion`.
 
@@ -68,7 +84,7 @@ log stream --style compact --predicate '(process == "pkd" OR process == "chronod
 ```
 
 ### 6) Packaging sanity checks
-- Widget bundle id should be `com.steipete.codexbar.widget`.
+- Widget bundle id should be `com.steipete.codexbar.widget` for release and `com.steipete.codexbar.debug.widget` for debug.
 - `NSExtensionPointIdentifier` must be `com.apple.widgetkit-extension`.
 - Bundle folder name should match: `CodexBarWidget.appex`.
 
diff --git a/docs/windsurf.md b/docs/windsurf.md
new file mode 100644
index 000000000..da2cec8a5
--- /dev/null
+++ b/docs/windsurf.md
@@ -0,0 +1,168 @@
+---
+summary: "Windsurf provider data sources: browser localStorage session import, local SQLite cache, and GetPlanStatus protobuf API."
+read_when:
+  - Debugging Windsurf usage fetch
+  - Updating Windsurf web session import or API handling
+  - Adjusting Windsurf provider UI/menu behavior
+---
+
+# Windsurf provider
+
+Windsurf supports two data sources: a web API backed by the current website session, and a local SQLite cache.
+
+## Data sources + fallback order
+
+Usage source picker:
+- Preferences → Providers → Windsurf → Usage source (Auto / Web API / Local).
+
+### Auto mode (default)
+1) **Web API** (preferred) — real-time data from windsurf.com.
+2) **Local SQLite cache** (fallback) — reads from Windsurf's `state.vscdb`.
+
+### Web API fetch order
+1) **Manual session bundle** (when Cookie source = Manual).
+2) **Browser localStorage import** — extracts the active `devin_*` session values from Chromium browsers.
+
+### Local SQLite cache
+- File: `~/Library/Application Support/Windsurf/User/globalStorage/state.vscdb`.
+- Key: `windsurf.settings.cachedPlanInfo` in `ItemTable`.
+- Newer cache shapes may omit `quotaUsage` but include `usage` counters. In that case CodexBar derives
+  usage windows from `usedMessages/messages` and `usedFlowActions/flowActions`.
+- Limitation: only updates when Windsurf is launched; can be significantly stale.
+
+## Cookie source settings
+
+Preferences → Providers → Windsurf → Cookie source:
+
+- **Automatic** (default): imports the active Windsurf session bundle from Chromium browser localStorage.
+- **Manual**: paste a JSON bundle with `devin_session_token`, `devin_auth1_token`, `devin_account_id`, and `devin_primary_org_id`.
+- **Off**: disables web API access entirely; only local SQLite cache is used.
+
+### How to get a manual session bundle
+
+1. Open [windsurf.com/profile](https://windsurf.com/profile) in Chrome or Edge and sign in.
+2. Open Developer Tools (`F12` or `Cmd+Option+I`).
+3. Go to the **Console** tab.
+4. Paste the following JavaScript and press Enter:
+
+```javascript
+(() => {
+  const keys = [
+    "devin_session_token",
+    "devin_auth1_token",
+    "devin_account_id",
+    "devin_primary_org_id",
+  ];
+
+  const read = (key) => {
+    const value = localStorage.getItem(key);
+    if (!value) return null;
+    try {
+      return JSON.parse(value);
+    } catch {
+      return value;
+    }
+  };
+
+  const payload = Object.fromEntries(keys.map((key) => [key, read(key)]));
+  const missing = keys.filter((key) => !payload[key]);
+
+  if (missing.length > 0) {
+    console.log("Missing Windsurf session keys:", missing.join(", "));
+    return;
+  }
+
+  const json = JSON.stringify(payload, null, 2);
+  console.log(json);
+  if (typeof copy === "function") {
+    copy(json);
+    console.log("Copied Windsurf session bundle to clipboard.");
+  }
+})();
+```
+
+5. Copy the JSON output.
+6. In CodexBar: Providers → Windsurf → Cookie source → Manual → paste the JSON bundle.
+
+## Authentication flow (Automatic mode)
+
+```text
+Browser localStorage (leveldb on disk)
+    ↓ extract devin_session_token / devin_auth1_token / devin_account_id / devin_primary_org_id
+POST https://windsurf.com/_backend/.../GetPlanStatus
+    ↓ headers: x-auth-token + x-devin-*
+    ↓ protobuf body: { auth_token, include_top_up_status: true }
+UsageSnapshot (daily/weekly quota %)
+```
+
+## Browser session extraction
+
+- **Browsers scanned**: Chrome, Edge, Brave, Arc, Vivaldi, Chromium, and compatible Chromium forks.
+- **Local storage path**: `~/Library/Application Support/<Browser>/<Profile>/Local Storage/leveldb/`
+- **Origin**: `https://windsurf.com`
+- **Required keys**:
+  - `devin_session_token`
+  - `devin_auth1_token`
+  - `devin_account_id`
+  - `devin_primary_org_id`
+
+## API endpoint
+
+### GetPlanStatus (ConnectRPC over protobuf)
+- `POST https://windsurf.com/_backend/exa.seat_management_pb.SeatManagementService/GetPlanStatus`
+- Headers:
+  - `Content-Type: application/proto`
+  - `Connect-Protocol-Version: 1`
+  - `Origin: https://windsurf.com`
+  - `Referer: https://windsurf.com/profile`
+  - `x-auth-token: <devin_session_token>`
+  - `x-devin-session-token: <devin_session_token>`
+  - `x-devin-auth1-token: <devin_auth1_token>`
+  - `x-devin-account-id: <devin_account_id>`
+  - `x-devin-primary-org-id: <devin_primary_org_id>`
+- Protobuf request fields:
+  - `1 auth_token: string`
+  - `2 include_top_up_status: bool`
+- Parsed response fields used by CodexBar:
+  - `plan_status.plan_info.plan_name`
+  - `plan_status.plan_end`
+  - `plan_status.daily_quota_remaining_percent`
+  - `plan_status.weekly_quota_remaining_percent`
+  - `plan_status.daily_quota_reset_at_unix`
+  - `plan_status.weekly_quota_reset_at_unix`
+
+## Snapshot mapping
+- Web primary: daily usage percent (`100 - daily_quota_remaining_percent`).
+- Web secondary: weekly usage percent (`100 - weekly_quota_remaining_percent`).
+- Local primary: daily quota percent when present; otherwise message usage (`usedMessages/messages`).
+- Local secondary: weekly quota percent when present; otherwise flow-action usage (`usedFlowActions/flowActions`).
+- Reset: daily/weekly reset timestamps (Unix seconds), when available.
+- Plan: `plan_status.plan_info.plan_name`.
+- Expiry: `plan_status.plan_end`.
+
+## Troubleshooting
+
+### "No Windsurf web session found in Chromium localStorage"
+- Sign in to [windsurf.com](https://windsurf.com) in Chrome, Edge, or another Chromium browser.
+- Grant Full Disk Access to CodexBar (System Settings → Privacy & Security → Full Disk Access).
+- Try Manual mode and paste the JSON session bundle directly.
+
+### "Invalid Windsurf session payload"
+- The manual value must include all four keys: `devin_session_token`, `devin_auth1_token`, `devin_account_id`, and `devin_primary_org_id`.
+- Re-run the console snippet on a logged-in `windsurf.com` page.
+
+### "Windsurf API call failed: HTTP 401"
+- The imported browser session is stale or invalid.
+- Refresh the Windsurf page in your browser and try again.
+- If using Manual mode, paste a fresh JSON bundle.
+
+### Stale data with Local mode
+- The local SQLite cache only updates when Windsurf is launched. Switch to Auto or Web API mode for real-time data.
+
+## Key files
+- `Sources/CodexBarCore/Providers/Windsurf/WindsurfStatusProbe.swift` (local SQLite)
+- `Sources/CodexBarCore/Providers/Windsurf/WindsurfDevinSessionImporter.swift` (Chromium localStorage extraction)
+- `Sources/CodexBarCore/Providers/Windsurf/WindsurfWebFetcher.swift` (protobuf request + response parsing)
+- `Sources/CodexBarCore/Providers/Windsurf/WindsurfProviderDescriptor.swift` (fetch strategies)
+- `Sources/CodexBar/Providers/Windsurf/WindsurfProviderImplementation.swift` (settings UI)
+- `Sources/CodexBar/Providers/Windsurf/WindsurfSettingsStore.swift` (settings persistence)
diff --git a/package.json b/package.json
deleted file mode 100644
index f7a987506..000000000
--- a/package.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "name": "codexbar",
-  "private": true,
-  "scripts": {
-    "start": "./Scripts/compile_and_run.sh",
-    "start:debug": "./Scripts/compile_and_run.sh",
-    "start:release": "sh -c './Scripts/package_app.sh release && (pkill -x CodexBar || pkill -f CodexBar.app || true) && cd /Users/steipete/Projects/codexbar && open -n /Users/steipete/Projects/codexbar/CodexBar.app'",
-    "lint": "./Scripts/lint.sh lint",
-    "format": "./Scripts/lint.sh format",
-    "check": "./Scripts/lint.sh lint",
-    "docs:list": "node Scripts/docs-list.mjs",
-    "build": "swift build",
-    "test": "swift test",
-    "test:tty": "swift test --filter TTYIntegrationTests",
-    "test:live": "LIVE_TEST=1 swift test --filter LiveAccountTests",
-    "release": "./Scripts/package_app.sh release",
-    "restart": "pnpm start",
-    "stop": "pkill -x CodexBar || pkill -f CodexBar.app || true"
-  }
-}
diff --git a/version.env b/version.env
index 529133131..c2d46a56d 100644
--- a/version.env
+++ b/version.env
@@ -1,2 +1,2 @@
-MARKETING_VERSION=0.18.0-beta.3-jl.4
-BUILD_NUMBER=54
+MARKETING_VERSION=0.31.1-jl.1
+BUILD_NUMBER=75