feat: Add Xiaomi MiMo prepaid balance provider

[AdrianSimionov]

Adds a new .mimobalance provider (Alibaba-style separate provider pattern) that shows MiMo prepaid API balance with Paid/Granted breakdown.

• Fetches /api/v1/balance endpoint for cashBalance and giftBalance
• Shows total balance in menubar (e.g. $9.60)
• Menu card displays Paid/Granted breakdown like DeepSeek
• Uses cookie-based auth, reusing MiMo cookie importer
• Separate provider so users can enable balance independently from token plan

[clawsweeper]

Codex review: needs changes before merge. Reviewed June 5, 2026, 1:25 AM ET / 05:25 UTC.

Summary
Adds a disabled-by-default Xiaomi MiMo Balance provider that fetches prepaid balance with shared MiMo cookie auth, displays paid/granted balance in the app, and wires CLI, widget exclusions, docs, and parser tests.

Reproducibility: yes. for the review finding: source inspection shows the docs use mimobalance, while CLI provider selection resolves only descriptor names and aliases, where this PR registers mimo-balance and xiaomi-mimo-balance. I did not run the CLI because this pass is read-only.

Review metrics: 2 noteworthy metrics.

• Provider surface: 1 provider added across 22 files. The change touches app registration, core descriptors/fetching, CLI, widget exclusions, docs, and tests, so maintainer review should treat it as a provider addition rather than a parser-only patch.
• Diff size: +635/-16. The patch is moderate in size and spans auth, display, and documentation surfaces that green parser tests alone do not fully settle.

Merge readiness
Overall: 🦐 gold shrimp
Proof: 🦞 diamond lobster ✨ media proof bonus
Patch quality: 🦐 gold shrimp
Result: needs maintainer review before merge.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P2] Fix the documented CLI provider argument or add mimobalance as a tested alias.
• [P2] Have maintainers explicitly accept the shared MiMo cookie-auth behavior before merge.

Risk before merge

• [P1] The PR adds a new provider that reads MiMo browser-cookie auth and shares the existing .mimo settings/cache, so mistakes here show up as auth failures or setup confusion rather than isolated UI polish.
• [P1] This read-only review did not run Swift tests or make check; final merge should rely on CI or maintainer-run checks.

Maintainer options:

1. Fix the CLI name mismatch first (recommended)
   Update the CLI example to mimo-balance or add and test mimobalance as an accepted alias so the documented path works before maintainer review finishes.
2. Accept the shared-cookie provider surface
   After the CLI mismatch is fixed, maintainers can intentionally accept that the new balance provider reads and caches MiMo browser-cookie auth through the existing .mimo settings/cache.
3. Pause if the provider split is not wanted
   If maintainers do not want a separate balance provider sharing MiMo auth state, pause or close this branch and keep balance/token-plan behavior in the existing provider.

Copy recommended automerge instruction

@clawsweeper automerge

Special instructions:
Fix the MiMo Balance CLI documentation/alias mismatch: either change docs/mimo.md to show `codexbar usage --provider mimo-balance`, or add `mimobalance` as an accepted alias in the provider descriptor with focused CLI parsing coverage; do not change the shared MiMo cookie behavior.

Next step before merge

• [P2] A narrow automated repair can fix the CLI docs/alias mismatch; the auth-provider surface still needs maintainer acceptance before merge.

Security
Cleared: No new dependency, workflow, or broad permission change was found; the intended cookie-auth expansion is tracked as auth-provider merge risk.

Review findings

• [P2] Use an executable MiMo Balance CLI name — docs/mimo.md:50

Review details

Best possible solution:

Fix the CLI docs or alias mismatch, then have maintainers explicitly accept the new disabled-by-default provider and shared MiMo cookie-auth behavior.

Do we have a high-confidence way to reproduce the issue?

Yes for the review finding: source inspection shows the docs use mimobalance, while CLI provider selection resolves only descriptor names and aliases, where this PR registers mimo-balance and xiaomi-mimo-balance. I did not run the CLI because this pass is read-only.

Is this the best way to solve the issue?

Not quite yet: the provider implementation follows existing MiMo and balance-provider patterns, but the documented CLI path must match the registered CLI name or alias before merge. The shared-cookie provider behavior also needs maintainer sign-off because it changes auth-provider surface.

Full review comments:

• [P2] Use an executable MiMo Balance CLI name — docs/mimo.md:50
  The new docs tell users to run codexbar usage --provider mimobalance, but CLI parsing only accepts descriptor CLI names and aliases. This descriptor registers mimo-balance and xiaomi-mimo-balance, so the documented command is rejected unless the docs use mimo-balance or the descriptor adds mimobalance as an alias.
  Confidence: 0.9

Overall correctness: patch is incorrect
Overall confidence: 0.86

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 65e39f4dcb3a.

Label changes

Label changes:

• add rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🦞 diamond lobster and patch quality is 🦐 gold shrimp.
• add status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (screenshot): The contributor provided a screenshot showing the after-change MiMo Balance menu bar value and menu card paid/granted breakdown; no contributor action is needed for proof.
• remove status: 👀 ready for maintainer look: Current PR status label is status: ⏳ waiting on author.
• remove rating: 🐚 platinum hermit: Current PR rating is rating: 🦐 gold shrimp, so this older rating label is no longer current.

Label justifications:

• P2: This is a normal-priority provider addition with a concrete docs/CLI mismatch and limited blast radius because the new provider is disabled by default.
• merge-risk: 🚨 auth-provider: Merging adds a new provider that reads MiMo browser-cookie auth and shares the existing MiMo cookie settings/cache.
• rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🦞 diamond lobster and patch quality is 🦐 gold shrimp.
• status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (screenshot): The contributor provided a screenshot showing the after-change MiMo Balance menu bar value and menu card paid/granted breakdown; no contributor action is needed for proof.
• proof: sufficient: Contributor real behavior proof is sufficient. The contributor provided a screenshot showing the after-change MiMo Balance menu bar value and menu card paid/granted breakdown; no contributor action is needed for proof.
• proof: 📸 screenshot: Contributor real behavior proof includes screenshot evidence. The contributor provided a screenshot showing the after-change MiMo Balance menu bar value and menu card paid/granted breakdown; no contributor action is needed for proof.

Evidence reviewed

Acceptance criteria:

• [P1] swift test --filter CLIEntryTests.
• [P1] swift test --filter MiMoProviderTests.
• [P1] make check.
• [P1] rg -n "mimo-balance|mimobalance|Xiaomi MiMo Balance" README.md docs/mimo.md docs/providers.md docs/configuration.md.

What I checked:

• AGENTS.md read: Read the full 45-line repository AGENTS.md and applied its provider/auth review guidance and read-only/no-keychain validation constraints. (AGENTS.md:1, 65e39f4dcb3a)
• Current main lacks the new provider: Current main has Xiaomi MiMo support but no mimobalance provider surface; the new provider is not already implemented on main. (Sources/CodexBarCore/Providers/Providers.swift:39, 65e39f4dcb3a)
• PR registers CLI name and aliases: The PR registers the MiMo Balance CLI name as mimo-balance and aliases only xiaomi-mimo-balance. (Sources/CodexBarCore/Providers/MiMo/MiMoBalanceProviderDescriptor.swift:52, 1123d45fb658)
• CLI parser uses descriptor names and aliases: Provider selection resolves only ProviderDescriptorRegistry.cliNameMap, which is built from descriptor CLI names and aliases rather than raw enum IDs. (Sources/CodexBarCLI/CLIOptions.swift:93, 1123d45fb658)
• CLI map source: cliNameMap inserts descriptor.cli.name and each descriptor.cli.aliases entry, confirming that mimobalance is rejected unless documented differently or added as an alias. (Sources/CodexBarCore/Providers/ProviderDescriptor.swift:152, 1123d45fb658)
• Documented command mismatch: The newly added MiMo docs currently tell users to run codexbar usage --provider mimobalance, which does not match the registered CLI name or aliases. (docs/mimo.md:50, 1123d45fb658)

Likely related people:

• Peter Steinberger: Current-main blame and path history for the existing MiMo provider, settings, docs, and tests all point to the v0.32.4 import commit authored by Peter Steinberger in this checkout. (role: feature-history owner; confidence: medium; commits: 723734ef3422; files: Sources/CodexBarCore/Providers/MiMo/MiMoProviderDescriptor.swift, Sources/CodexBarCore/Providers/MiMo/MiMoUsageFetcher.swift, Sources/CodexBar/Providers/MiMo/MiMoProviderImplementation.swift)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[AdrianSimionov]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26994289079
• Updated: 2026-06-05T03:58:34.546Z

[AdrianSimionov]

Behavior proof: MiMo Balance provider successfully fetching and displaying prepaid balance with paid/granted breakdown. Balance shows $9.60 total (Paid: $9.60 / Granted: $0.00).

@clawsweeper re-review

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26993706959
• Updated: 2026-06-05T03:39:23.206Z

[AdrianSimionov]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26994860354
• Updated: 2026-06-05T04:17:54.436Z

[AdrianSimionov]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26995549081
• Updated: 2026-06-05T04:41:48.828Z

[AdrianSimionov]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26996205645
• Updated: 2026-06-05T05:01:53.566Z

[AdrianSimionov]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26997008643
• Updated: 2026-06-05T05:26:27.887Z