Add Rovo Dev provider with monthly credit tracking

[sameemcodes]

Summary

Adds Rovo Dev as a new CodexBar provider, tracking monthly credit usage for Atlassian's AI coding agent.

What's new

• UsageProvider.rovodev + IconStyle.rovodev enum cases
• RovoDevSettingsReader — reads ROVODEV_API_TOKEN, ROVODEV_EMAIL, ROVODEV_API_URL env vars + ~/.rovodev/config.yml billing site
• RovoDevUsageFetcher — Basic auth (email:apiToken) against https://api.atlassian.com/rovodev/v3/credits/check; parses monthlyUsed/monthlyTotal with daily fallback; surfaces status (OK, RATE_LIMITED, USER_BLOCKED)
• RovoDevProviderDescriptor — api-only fetch strategy; resolves credentials from env vars or token accounts
• RovoDevProviderImplementation — settings fields for Atlassian email + API token with link to id.atlassian.com
• RovoDevSettingsStore — rovoDevAPIToken (→ apiKey) + rovoDevEmail (→ workspaceID)
• ProviderConfigEnvironment — applyRovoDevOverrides injects both ROVODEV_API_TOKEN and ROVODEV_EMAIL into fetch env
• ProviderTokenResolver: rovoDevToken() + rovoDevResolution()
• LogCategories: rovoDevUsage log category
• UsageStore: debug log entry for rovodev
• 14 unit tests: settings reader, JSON parser, URL builder, snapshot conversion, error cases
• docs/rovodev.md: full setup guide, how it works, credential resolution order, troubleshooting
• docs/providers.md: summary table row + detailed entry

Auth approach

HTTP Basic auth: base64(email:apiToken) — the same Atlassian API token used with acli rovodev auth login. No OAuth flow needed.

Credential resolution order

1. ROVODEV_API_TOKEN + ROVODEV_EMAIL environment variables
2. Settings UI (email + API token in Preferences → Providers → Rovo Dev)
3. Token accounts (label = email, token = API token)

Plans supported

Plan	Credits
Rovo Dev Free	350 credits / user / month / site
Rovo Dev Standard	2,000 credits / user / month

Commands run

swift build  # 0 new errors
swiftformat --lint Sources/CodexBarCore/Providers/RovoDev/ Sources/CodexBar/Providers/RovoDev/ Tests/CodexBarTests/RovoDevUsageFetcherTests.swift  # 0/6 files require formatting

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed June 2, 2026, 7:05 AM ET / 11:05 UTC.

Summary
The branch adds Rovo Dev as a disabled-by-default provider with enum and registry wiring, settings/env credential projection, Basic-auth usage fetching, icons, docs, and parser-focused tests.

Reproducibility: not applicable. as a bug reproduction; this is a new provider feature. Source inspection confirms current main has no Rovo Dev provider and PR head adds the new fetch/config path.

Review metrics: 2 noteworthy metrics.

• Diff surface: 18 files, +832/-1. The provider addition spans core provider/config code, app settings, assets, docs, and tests, so review needs to cover integration and auth behavior, not only parsing.
• Proof coverage: 1 copied endpoint response, 0 provider-path outputs. The available proof helps parser confidence but does not demonstrate the actual CodexBar fetch path after the latest fixes.

Merge readiness
Overall: 🦪 silver shellfish
Proof: 🦪 silver shellfish
Patch quality: 🐚 platinum hermit
Result: blocked until stronger real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P1] Add redacted terminal output, logs, screenshot, recording, or copied live output from the latest CodexBar provider path showing a successful Rovo Dev monthly-credit fetch.
• Update the PR body so the credential-resolution section matches the current implementation and docs, which no longer support token accounts for this provider.

Proof guidance:

• [P1] Needs stronger real behavior proof before merge: The copied live JSON is useful parser evidence, but it does not show the latest CodexBar provider path successfully fetching monthly credits with configured Rovo Dev credentials. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

• [P1] Merging adds a new email plus API-token auth provider against an endpoint without public contract evidence; the posted live JSON validates one blocked response shape, not a successful monthly-credit fetch through CodexBar on the latest branch.

Maintainer options:

1. Require provider-path proof (recommended)
   Ask for redacted terminal output, logs, screenshot, recording, or copied live output from the latest CodexBar provider path showing Rovo Dev credentials resolving and monthly credits fetched.
2. Accept endpoint-contract risk
   Maintainers could merge based on parser tests and the copied endpoint response, but they would own the risk that paid-account monthly-credit responses differ from the tested shape.

Next step before merge

• [P1] The remaining blocker is contributor-supplied real behavior proof and maintainer sign-off for a new auth provider, not a narrow automated code repair.

Security
Cleared: No concrete dependency, CI, release, supply-chain, or secret-leak regression was found; the remaining concern is auth-correctness proof for the new provider.

Review details

Best possible solution:

Land after maintainer sign-off and redacted output from the latest CodexBar provider path shows a real monthly-credit fetch, keeping the provider disabled by default.

Do we have a high-confidence way to reproduce the issue?

Not applicable as a bug reproduction; this is a new provider feature. Source inspection confirms current main has no Rovo Dev provider and PR head adds the new fetch/config path.

Is this the best way to solve the issue?

Unclear until provider-path proof is added. The implementation follows the existing descriptor, strategy, settings, and test shape, but the endpoint/auth contract should be proven through CodexBar before merge.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 55c0a105002f.

Label changes

Label changes:

• add P2: This is a normal-priority new provider improvement with limited blast radius because the provider is disabled by default, but auth proof is still needed before merge.
• add rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🦪 silver shellfish and patch quality is 🐚 platinum hermit.
• remove rating: 🧂 unranked krab: Current PR rating is rating: 🦪 silver shellfish, so this older rating label is no longer current.
• remove P1: Current review triage priority is P2, so this older priority label is no longer current.
• remove merge-risk: 🚨 availability: Current PR review merge-risk labels are merge-risk: 🚨 auth-provider.

Label justifications:

• P2: This is a normal-priority new provider improvement with limited blast radius because the provider is disabled by default, but auth proof is still needed before merge.
• merge-risk: 🚨 auth-provider: The PR introduces a new Basic-auth credential flow and provider routing path without successful after-fix CodexBar provider-path proof.
• rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🦪 silver shellfish and patch quality is 🐚 platinum hermit.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: The copied live JSON is useful parser evidence, but it does not show the latest CodexBar provider path successfully fetching monthly credits with configured Rovo Dev credentials. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Evidence reviewed

What I checked:

• Repository policy read: AGENTS.md was read fully; its guidance affected this review by avoiding live provider probes that could touch real credentials and by preferring parser/stub inspection for provider behavior. (AGENTS.md:1, 55c0a105002f)
• Current main does not already implement Rovo Dev: A current-main search for Rovo/Rovo Dev/Atlassian provider symbols returned no matches, so the requested provider work is not already implemented on main. (55c0a105002f)
• PR provider fetch path: PR head defines a Rovo Dev descriptor with .auto and .api source modes and a RovoDevAPIFetchStrategy that fetches through RovoDevUsageFetcher using credentials from the fetch environment. (Sources/CodexBarCore/Providers/RovoDev/RovoDevProviderDescriptor.swift:36, 59881604749c)
• PR credential projection: PR head projects apiKey and workspaceID into ROVODEV_API_TOKEN and ROVODEV_EMAIL, matching the settings store's token/email storage design. (Sources/CodexBarCore/Config/ProviderConfigEnvironment.swift:121, 59881604749c)
• Previous blockers addressed: The latest PR head includes .rovodev in ProviderDescriptorRegistry and CodexBarConfigValidator.workspaceIDProviders, matching the contributor's second-pass fix comment. (Sources/CodexBarCore/Providers/ProviderDescriptor.swift:101, 59881604749c)
• Proof remains insufficient: The contributor posted a redacted live endpoint JSON with USER_BLOCKED, but not a successful after-fix CodexBar provider-path fetch of monthly credits on latest head. (59881604749c)

Likely related people:

• steipete: Recent provider additions and provider registry/config history repeatedly route through this account, including Deepgram, expanded provider tracking, and config API key CLI work on the central files touched by this PR. (role: recent provider/config area contributor; confidence: high; commits: 9a369ad8e0f1, d715648cf23d, 23a89fb02a08; files: Sources/CodexBarCore/Providers/ProviderDescriptor.swift, Sources/CodexBarCore/Config/ProviderConfigEnvironment.swift, Sources/CodexBar/Providers/Shared/ProviderImplementationRegistry.swift)
• mstallone: Co-authored recent OpenAI project scoping work that touched workspaceID and provider config environment behavior, which is directly adjacent to Rovo Dev's email-as-workspaceID design. (role: adjacent config contributor; confidence: medium; commits: 807d07d0c4d2; files: Sources/CodexBarCore/Config/CodexBarConfigValidation.swift, Sources/CodexBarCore/Config/ProviderConfigEnvironment.swift, Tests/CodexBarTests/ConfigValidationTests.swift)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0a08870478

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Fix unresolved tokenAccounts access

In the inspected ProviderFetchContext definition (Sources/CodexBarCore/Providers/ProviderFetchPlan.swift), there is no tokenAccounts property—only selectedTokenAccountID and environment/settings fields—so adding this fallback makes the new Rovo Dev provider fail to compile as soon as this strategy is built. The selected account is already projected through the environment in the app/CLI fetch context, so this needs to resolve through the existing token-account/environment path or add the missing context support.

Useful? React with 👍 / 👎.

[sameemcodes]

Fixed in commit 4ddda02.

ProviderFetchContext has no tokenAccounts property — you are correct. Credentials are resolved exclusively from context.env, which is populated by ProviderConfigEnvironment.applyRovoDevOverrides (injecting ROVODEV_API_TOKEN + ROVODEV_EMAIL from the settings-stored values). Simplified resolveCredentials to a single guard reading from context.env, and removed the isAvailable tokenAccounts fallback from the implementation as well. Zero new compile errors after the fix.

[sameemcodes]

Clawsweeper review fixes (commit 743a83e)

[P1] Fixed — ProviderImplementationRegistry missing case

Added case .rovodev: RovoDevProviderImplementation() to makeImplementation(for:). Without this the switch was non-exhaustive and the app target would fail to compile.

[P2] Fixed — supportsAPIKeyOverride now returns true for .rovodev

Added .rovodev to directAPIKeyEnvironmentKey returning RovoDevSettingsReader.apiTokenEnvironmentKey. The documented CLI path codexbar config set-api-key --provider rovodev --stdin now works correctly.

[P2] Fixed — removed unsupported token-account credential claim from docs

Token accounts cannot carry two separate credentials (email + API token), so they are not a valid auth path. Docs now state this explicitly and direct users to env vars or Settings.

---

Live API proof (redacted)

Hit https://api.atlassian.com/rovodev/v3/credits/check with Basic auth during development to validate the parser:

{
  "status": "USER_BLOCKED",
  "message": "Sorry, you are blocked from accessing the Rovo API...",
  "balance": {
    "dailyUsed": 0,
    "dailyTotal": null,
    "dailyRemaining": null,
    "monthlyUsed": null,
    "monthlyTotal": null,
    "monthlyRemaining": null
  },
  "modelUsages": {
    "Claude Haiku 4.5": 91295,
    "Claude Sonnet 4.6": 2394221
  },
  "retryAfterSeconds": null,
  "isInternal": true,
  "accountType": "ANONYMOUS"
}

Note: USER_BLOCKED / isInternal: true is expected for internal Atlassian accounts which use ASAP auth rather than API token Basic auth. A regular paid user account would return status: "OK" with monthly credit fields populated. The parser handles all status variants and null-safe monthly→daily fallback correctly.

Build: zero new compile errors after all fixes (swift build clean excluding pre-existing KeyboardShortcuts macro issue).
Tests: RovoDevUsageFetcherTests parser tests validate the response shape against the live JSON above.
Format: swiftformat passes on all changed files.

[sameemcodes]

Clawsweeper second-pass fixes (commit 5988160)

[P1] Fixed — descriptor registered in ProviderDescriptorRegistry

Added .rovodev: RovoDevProviderDescriptor.descriptor to the descriptors dict in ProviderDescriptor.swift. Without this, bootstrap iterates .rovodev from UsageProvider.allCases and hits preconditionFailure("Missing ProviderDescriptor for rovodev") before the app can start.

[P2] Fixed — .rovodev added to CodexBarConfigValidator.workspaceIDProviders

Added .rovodev to the workspaceIDProviders array in CodexBarConfigValidation.swift. Email is stored in workspaceID for this two-credential provider (email + API token). Without this fix, a valid Rovo Dev config reports a spurious workspace_unused validation warning.

All 6 commits now pass swift build with zero new errors.

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Superseded
• Detail: A newer re-review for this item started before this run finished, so GitHub cancelled this older run. Check the latest ClawSweeper run for the current result.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26815148422
• Updated: 2026-06-02T11:00:10.050Z

[sameemcodes]

@clawsweeper re-review

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26815392177
• Updated: 2026-06-02T11:06:31.612Z