Add token-protected dashboard snapshots to the CLI server

[jethac]

Summary

• Add a typed dashboard snapshot payload for CodexBar provider, session, account, and app state.
• Extend codexbar serve with a token-protected dashboard snapshot endpoint.
• Add configurable dashboard identity exposure modes:
  • none: omit account identity fields
  • redacted: redact sensitive identity values while preserving useful account context such as domains/plans
  • full: include full identity values for trusted local/private deployments
• Document the dashboard API, authentication behavior, CLI flags, identity modes, and example requests.

Rationale

• This lets CodexBar act as the local source of truth for lightweight dashboard hardware.
• Low-powered clients can fetch a compact, already-normalized snapshot instead of reimplementing provider probing, account parsing, session tracking, privacy policy, and auth logic themselves.
• Keeping the aggregation in CodexBar also avoids duplicating sensitive provider/account handling across small devices or local display projects.

Implementation notes

• Adds dashboard payload models and snapshot aggregation logic.
• Adds bearer-token authentication for dashboard API requests.
• Keeps protected dashboard responses unavailable without a valid token.
• Covers payload construction, identity redaction, routing, auth handling, and endpoint behavior with XCTest.
• Uses inert placeholder tokens in docs/examples instead of real or secret-looking credentials.

Commands run

• swift test
  • Passed: 2709 tests
• make check
  • Passed
  • Runs pinned swiftformat Sources Tests --lint
  • Runs pinned swiftlint --strict
  • SwiftLint result: 0 violations across 918 files
• git diff --check upstream/main...HEAD
  • Passed

Screenshots/GIFs

• Not applicable; this is CLI/API behavior with no UI changes.

Reference

• No linked issue.

Contribution notes

• No CONTRIBUTING.md or pull request template was found.
• Followed repository guidance from AGENTS.md.
• Branch is based on upstream main at d715648c.
• Published branch contains three scoped commits:
  • docs: add dashboard snapshot API reference
  • feat(cli): add dashboard snapshot payload builder
  • feat(cli): serve token-protected dashboard snapshots

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 08a598e122

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Reject huge refresh intervals before Int conversion

When a user passes a very large but finite --refresh-interval (for example 1e300), decodeServeRefreshInterval accepts it, but the first dashboard snapshot converts it with Int(refreshInterval.rounded(...)); Swift traps on out-of-range Double to Int conversion, killing the server instead of reporting an argument error. Clamp or reject values above the representable range before these conversions.

Useful? React with 👍 / 👎.

[jethac]

Noted and fixed!