Add Kimi usage TUI command

[ooojustin]

Changes

• Adds /kimi:usage as a TUI slash command.
• Reuses persisted Kimi OAuth credentials, including refresh handling.
• Fetches subscription usage from Kimi's /coding/v1/usages endpoint.
• Renders weekly and rolling-window limits in a compact TUI modal.
• Adds focused parser and auth-refresh test coverage.

Preview

---

Summary by cubic

Adds a TUI slash command /kimi:usage to show Kimi Code subscription usage using stored OAuth with a safe, multi-session refresh. It renders weekly and 5h limits in a compact modal with progress bars and reset hints.

• New Features

  • TUI command /kimi:usage fetches usage and displays weekly and 5h limits with progress bars, reset hints (including “reset now”), and loading/empty states (esc to close).
  • Reuses stored Kimi OAuth with a lock-based refresh that includes per-owner heartbeats, stale-lock cleanup, and clearer invalid_grant guidance; exposed ensureFreshStoredAuth and added focused parser and auth-refresh tests.

• Dependencies

  • Added @opentui/core and @opentui/solid; enabled tsx/Solid JSX in tsconfig.
  • Exposed a new ./tui package export.

^{Written for commit 0b7142f. Summary will update on new commits.}

[cubic-dev-ai]

5 issues found across 12 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="src/auth-refresh.ts">

<violation number="1" location="src/auth-refresh.ts:64">
P2: Swallows all lock-state filesystem errors and turns them into a generic timeout, hiding real path/permission failures.</violation>

<violation number="2" location="src/auth-refresh.ts:75">
P1: Refresh lock is not owner-safe; stale lock deletion and unconditional cleanup can remove another process’s active lock and break mutual exclusion.</violation>
</file>

<file name="src/tui.tsx">

<violation number="1" location="src/tui.tsx:123">
P2: Async dialog flow has no cancellation/staleness guard, so older or dismissed requests can still replace the UI when they finish.</violation>
</file>

<file name="src/usage.ts">

<violation number="1" location="src/usage.ts:81">
P2: Immediate-reset countdown values are dropped because `0` is treated as absent.</violation>
</file>

<file name="package.json">

<violation number="1" location="package.json:50">
P1: Exported TUI entrypoint depends on packages that are only in devDependencies, so consumers can hit module-resolution failures.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

2 issues found across 7 files (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="src/auth-refresh.ts">

<violation number="1" location="src/auth-refresh.ts:61">
P1: Rewriting the owner file in place can corrupt it during cleanup, causing `ownsLock()` to return false and skip removing the refresh lock directory.</violation>

<violation number="2" location="src/auth-refresh.ts:133">
P2: Uncaught lock cleanup errors can make a successful refresh fail.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}