feat(providers): Add StepFun provider

[tevenfeng]

Summary

Adds StepFun (阶跃星辰) as a new web-based provider that monitors Step Plan rate limits via the platform.stepfun.com API.

Authentication

StepFun uses a username + password login flow to obtain an Oasis-Token session:

1. Auto mode (default): Enter username/password in Settings UI → app automatically performs the 3-step login flow:

   • Fetch INGRESSCOOKIE from platform homepage
   • RegisterDevice → get anonymous token
   • SignInByPassword → get authenticated Oasis-Token
   • Token cached in Keychain-backed CookieHeaderCache for reuse
   • On token expiry (API error), automatically clears cache and re-authenticates

2. Manual mode: Directly paste an Oasis-Token from a browser session

3. Environment variables: STEPFUN_USERNAME + STEPFUN_PASSWORD, or STEPFUN_TOKEN

Usage Data

Window	API Field	Maps To
5-hour session	five_hour_usage_left_rate	Primary RateWindow (300 min)
Weekly	weekly_usage_left_rate	Secondary RateWindow (10080 min)

Reset times are displayed from five_hour_usage_reset_time / weekly_usage_reset_time.

Files Added

• Sources/CodexBarCore/Providers/StepFun/ — descriptor, usage fetcher, settings reader
• Sources/CodexBar/Providers/StepFun/ — app implementation, settings store
• Sources/CodexBar/Resources/ProviderIcon-stepfun.svg — provider icon
• Tests/CodexBarTests/StepFunUsageFetcherTests.swift — 22 test cases

Files Modified

• Providers.swift — added case stepfun to UsageProvider / IconStyle
• ProviderDescriptor.swift — registered StepFun descriptor
• ProviderImplementationRegistry.swift — added implementation factory
• ProviderTokenResolver.swift — added stepfunResolution()
• ProviderSettingsSnapshot.swift — added StepFunProviderSettings
• TokenAccountSupportCatalog+Data.swift — added token account support
• Widget files, CLI, CostUsageScanner, UsageStore — added .stepfun cases

Testing

• 22 unit tests covering settings reader, token resolver, API response parsing, and token normalization
• API response parser handles both string ("1777528800") and integer timestamps, and both integer (1) and float (0.99781543) rate values
• Build and full test suite pass

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c5a383ea14

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[gitguardian]

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
While these secrets were previously flagged, we no longer have a reference to the
specific commits where they were detected. Once a secret has been leaked into a git
repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

---

^{_{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}}