Add Alibaba Coding Plan provider with web/API support

[jnd0]

Summary

• Add a new Alibaba provider (displayed as Alibaba / CLI alibaba-coding-plan) with full registry wiring, settings UI, icon, docs, and test coverage.
• Implement Alibaba Coding Plan usage fetching via console RPC web flow (cookie session + sec_token + form-encoded params) with API-key fallback, intl/cn region handling, and resilient payload parsing for nested DataV2 structures.
• Fix a root-cause bug in CookieHeaderNormalizer where -b regex matching could trigger inside cookie values (e.g. ...-Br...), truncating manual Cookie headers and causing false ConsoleNeedLogin failures.

What changed

• New provider implementation
  • Added Alibaba provider core + app integration:
    • Sources/CodexBarCore/Providers/Alibaba/*
    • Sources/CodexBar/Providers/Alibaba/*
  • Registered provider in descriptor/implementation registries and enums:
    • UsageProvider.alibaba, IconStyle.alibaba
    • provider descriptor + settings snapshot + token resolver + env override wiring.
• Fetch strategy + parsing
  • Added web strategy (auto/manual cookie) and API strategy.
  • Implemented console RPC request shape for intl/cn:
    • host/action/product/api query pattern (bailian-*-cs* host)
    • form body: params, region, sec_token
    • cornerstoneParam fields to mirror console calls.
  • Added SEC token resolution from dashboard HTML and /tool/user/info.json fallback.
  • Added robust response parsing for nested wrappers (data.DataV2.data.data) and quota fields.
  • Added conservative reset-date normalization for the 5-hour window to avoid immediate “resets now” churn when backend returns near-now timestamps.
  • Tightened inactive-plan behavior: synthetic fallback windows are no longer emitted for explicitly inactive statuses (e.g. EXPIRED).
• Settings / UX
  • Added Alibaba settings fields/pickers (region, cookie source, manual cookie, API key).
  • Auto-enable provider when Alibaba token already exists at startup or when API key is set.
  • Ensured availability gating does not hide .auto cookie setups.
  • Added provider icon + docs (docs/alibaba-coding-plan.md, docs/providers.md).
• Bug fix included in this PR
  • CookieHeaderNormalizer now anchors --cookie/-b pattern matching to command boundaries so cookie-value substrings no longer get misparsed.

Testing

• swift test --filter AlibabaCodingPlan

• ./Scripts/compile_and_run.sh

• Manual validation against a live Alibaba Coding Plan account:

  • verified successful usage fetch (5-hour / weekly / monthly windows)
  • validated intl console RPC request/response alignment.

  Visual representation:

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: eb2cd354ea

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Treat auto-cookie Alibaba setups as available

This availability check only returns true for API tokens, env cookies, or manual-cookie mode, so users who enable Alibaba with the default .auto cookie source and rely on browser cookie import are filtered out by enabledProviders() and never fetched. In that common setup the new web flow cannot run unless users also set an API key or manual cookie, which breaks the provider’s advertised auto web mode.

Useful? React with 👍 / 👎.

[jnd0]

Addressed in 55d90b2: removed the strict app-side availability gate so Alibaba no longer gets filtered out for default .auto cookie mode. Auto-import setups now remain available and can fetch via web strategy as intended.

[chatgpt-codex-connector]

Require active status before creating fallback quota window

The fallback guard accepts any non-nil instanceInfo (|| instanceInfo != nil), so payloads with inactive plans (for example status: EXPIRED) still produce a synthetic fiveHourUsedQuota=0/fiveHourTotalQuota=100 snapshot when quota fields are missing. That reports an active-looking quota window for inactive plans instead of failing parsing, which can show incorrect usage state.

Useful? React with 👍 / 👎.

[jnd0]

Addressed in 55d90b2: fallback now only synthesizes a quota window for active/valid (or unspecified) status, and no longer does so for explicitly inactive statuses like EXPIRED.

[jnd0]

Follow-up pushed in 352ea6b with final UX polish based on live validation:\n\n- keep countdown reset text (e.g. ) for Alibaba windows\n- show request usage detail under each bar ()\n- normalize 5-hour reset timestamps when backend returns near-now/stale values so we avoid incorrect \n- improve auto cookie import reliability for Alibaba by prioritizing Safari and filtering for authenticated cookie sets\n\nRe-tested with a live Alibaba Coding Plan account; menu now shows stable countdowns + request usage values across 5-hour/weekly/monthly windows.

[jnd0]

Follow-up pushed in 352ea6b with final UX polish based on live validation:

• keep countdown reset text (for example: Resets in 5h) for Alibaba windows
• show request usage detail under each bar (used / total used)
• normalize 5-hour reset timestamps when backend returns near-now/stale values so we avoid incorrect reset-now behavior
• improve auto cookie import reliability for Alibaba by prioritizing Safari and filtering for authenticated cookie sets

Re-tested with a live Alibaba Coding Plan account; menu now shows stable countdowns plus request usage values across 5-hour, weekly, and monthly windows.