Skip to content

feat(provider): add minimax provider for MiniMax Token Plan models#126

Merged
steipete merged 3 commits into
openclaw:mainfrom
ferminquant:feat/minimax-provider
Jun 10, 2026
Merged

feat(provider): add minimax provider for MiniMax Token Plan models#126
steipete merged 3 commits into
openclaw:mainfrom
ferminquant:feat/minimax-provider

Conversation

@ferminquant

@ferminquant ferminquant commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds a rewritten minimax provider for map, review, revalidate, and provider check operations. The provider is intentionally read-only: fix fails before provider network or filesystem side effects with unsupported-provider and exit code 2.

Closes #125.

Maintainer Notes

  • Default endpoint: https://api.minimax.io/v1
  • Default model: MiniMax-M3
  • Required credential: MINIMAX_API_KEY
  • Optional overrides: MINIMAX_BASE_URL, MINIMAX_MODEL, CLAWPATCH_MINIMAX_TIMEOUT_MS, CLAWPATCH_PROVIDER_TIMEOUT_MS
  • Request transport uses undici with timeout-sized dispatchers instead of Node's default fetch dispatcher.
  • MINIMAX_BASE_URL is normalized and rejects URL credentials; non-loopback HTTP is rejected.
  • MiniMax chat responses are schema-validated locally. The request does not send response_format.json_schema because the current MiniMax M-series chat docs do not document that compatibility.
  • Provider errors are classified into auth, quota/rate-limit, malformed output, unsupported operation, and generic provider failures without exposing auth headers or raw response bodies.
  • Package smoke now installs packed clawpatch plus packed runtime dependency artifacts, avoiding source-directory dependency installs that run dependency prepare scripts without dev dependencies.

Verification

Local checks on the rewritten PR branch:

pnpm typecheck
pnpm lint
pnpm format:check
pnpm test
pnpm build
pnpm pack:smoke

Results:

Vitest: 825 passed, 1 skipped
pack:smoke: packaged CLI smoke mapped 13 features, 3 CUDA

Autoreview:

autoreview clean: no accepted/actionable findings reported

GitHub Actions on head 05fba5cfe77873e243a16f583a07211519b2473f:

CI: success
CodeQL: success
Dependency Review: success
Security Gate: Secret Scanning: success

Live MiniMax proof is not included in this landing because this maintainer environment does not have MINIMAX_API_KEY set and no targeted 1Password item or field was provided. Per maintainer clarification, mocked fetch/source/test proof is sufficient to merge; publishing a release remains blocked until a redacted live /models check plus one schema-valid supported operation is run against the exact released commit.

@ferminquant ferminquant requested a review from a team as a code owner June 8, 2026 05:18
@clawsweeper

clawsweeper Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Codex review: needs changes before merge. Reviewed June 8, 2026, 2:18 PM ET / 18:18 UTC.

Summary
Adds a built-in MiniMax HTTP provider for map, review, and revalidate, rejects fix as unsupported, documents/tests the provider, and adds undici dispatcher timeout handling.

Reproducibility: not applicable. this is a feature PR, not a bug report. Source inspection shows current main lacks MiniMax provider dispatch and docs, while the PR body provides live terminal proof for the proposed behavior.

Review metrics: 2 noteworthy metrics.

  • Provider surface: 1 provider added; 3 operations supported; fix unsupported. The diff expands provider routing and credential configuration rather than only adding docs or tests.
  • Runtime package surface: 1 dependency added; 7 files changed; +575/-3. The new provider adds undici as a runtime dependency and updates the lockfile, which maintainers should notice before merge.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • Remove the CHANGELOG.md entry and keep release-note context in the PR body or commit message.
  • Update docs/providers.md so the MiniMax timeout default matches the 30-minute runtime default.

Risk before merge

  • [P1] Merging makes MINIMAX_API_KEY, MINIMAX_BASE_URL, MINIMAX_MODEL, MiniMax-M3, and the MiniMax Bearer-auth HTTP path a supported core provider contract.
  • [P2] The PR adds a runtime undici dependency and a 30-minute provider timeout; proof now covers the long-response path, but maintainers still need to accept that dependency and default behavior.

Maintainer options:

  1. Accept MiniMax as a core provider
    A maintainer can approve the new MiniMax env vars, endpoint/model defaults, no-fix limitation, remote trust model, and dependency before merge.
  2. Clean the branch before approval
    Remove the release-owned changelog entry and correct the timeout docs so the branch matches the implemented 30-minute default.
  3. Keep MiniMax outside core
    If service-specific HTTP providers should not become clawpatch core surface, pause or close this PR and continue the decision in feat(provider): add minimax provider for MiniMax Token Plan models #125.

Next step before merge

  • [P2] The remaining code-review findings are narrow docs/release-note cleanups that automation can repair; maintainer review still owns the core provider acceptance decision.

Security
Cleared: No concrete security or supply-chain defect was found; the new dependency is declared and locked, and the API key is only used for the intended MiniMax Bearer-auth request path.

Review findings

  • [P3] Update MiniMax timeout docs — docs/providers.md:385-386
  • [P3] Remove the release-owned changelog entry — CHANGELOG.md:5
Review details

Best possible solution:

Land the provider only if maintainers accept MiniMax as core, after removing the release-owned changelog edit and syncing the timeout docs; otherwise keep the linked feature request as the product-decision record.

Do we have a high-confidence way to reproduce the issue?

Not applicable: this is a feature PR, not a bug report. Source inspection shows current main lacks MiniMax provider dispatch and docs, while the PR body provides live terminal proof for the proposed behavior.

Is this the best way to solve the issue?

Unclear until maintainer approval: the implementation is a narrow direct HTTP provider with useful proof, but accepting a new core MiniMax auth/provider surface is the remaining product decision.

Full review comments:

  • [P3] Update MiniMax timeout docs — docs/providers.md:385-386
    The provider default is now 1_800_000 ms after the undici fix, but the docs added here still say 300 seconds by default. Users following this page would expect a five-minute default while the runtime waits thirty minutes, so update the docs to 30 minutes or 1_800_000 ms.
    Confidence: 0.89
  • [P3] Remove the release-owned changelog entry — CHANGELOG.md:5
    This PR adds a 0.5.1 changelog bullet, but release notes are release-owned for normal OpenClaw PRs. Keep this release-note context in the PR body or commit message and leave CHANGELOG.md to the release process.
    Confidence: 0.9

Overall correctness: patch is correct
Overall confidence: 0.82

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against d5e764d12a82.

Label changes

Label changes:

  • add proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes copied live terminal output for the final supported operations and a latest-head 818 second MiniMax run beyond the old 300 second undici timeout cliff.
  • add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
  • add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes copied live terminal output for the final supported operations and a latest-head 818 second MiniMax run beyond the old 300 second undici timeout cliff.
  • remove rating: 🦐 gold shrimp: Current PR rating is rating: 🐚 platinum hermit, so this older rating label is no longer current.
  • remove status: 📣 needs proof: Current PR status label is status: 👀 ready for maintainer look.

Label justifications:

  • P2: This is a normal-priority provider enhancement with limited blast radius but real auth/provider ownership implications.
  • merge-risk: 🚨 auth-provider: The PR adds a new provider name, API-key env var, endpoint override, model default, and external Bearer-auth request path.
  • rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
  • status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes copied live terminal output for the final supported operations and a latest-head 818 second MiniMax run beyond the old 300 second undici timeout cliff.
  • proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes copied live terminal output for the final supported operations and a latest-head 818 second MiniMax run beyond the old 300 second undici timeout cliff.
Evidence reviewed

Acceptance criteria:

  • [P1] pnpm format:check.
  • [P1] pnpm typecheck.
  • [P1] pnpm test src/provider.test.ts.

What I checked:

  • Repository policy read: AGENTS.md was read fully; its provider testing and conservative secret-bearing provider guidance informed this review. (AGENTS.md:1, d5e764d12a82)
  • Current main lacks MiniMax dispatch: Current main providerByName lists existing providers and throws unsupported-provider without a minimax case. (src/provider.ts:262, d5e764d12a82)
  • Current docs lack MiniMax: Current main provider docs list the existing providers without MiniMax. (docs/providers.md:17, d5e764d12a82)
  • PR adds provider dispatch and timeout implementation: The PR head adds providerByName("minimax") and sets the MiniMax default timeout to 1_800_000 ms with a custom undici dispatcher. (src/provider.ts:276, 894826cf4eb2)
  • Docs timeout mismatch: The PR docs still say the MiniMax timeout is 300 seconds by default, which conflicts with the PR code and changelog text saying 30 minutes. (docs/providers.md:385, 894826cf4eb2)
  • Release-owned changelog edit: The PR adds a 0.5.1 changelog bullet that should be handled by release ownership rather than a normal feature branch. (CHANGELOG.md:5, 894826cf4eb2)

Likely related people:

  • Peter Steinberger: Local blame and release history point to the v0.5.0 commit as the strongest current-main routing signal for src/provider.ts, README provider docs, and docs/providers.md. (role: current provider/docs area author; confidence: high; commits: d407835d91c7, 1fbd2cee7ecf; files: src/provider.ts, README.md, docs/providers.md)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. P2 Normal priority bug or improvement with limited blast radius. merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. labels Jun 8, 2026
ferminquant added a commit to ferminquant/clawpatch that referenced this pull request Jun 8, 2026
… exit codes

Addresses ClawSweeper review feedback on PR openclaw#126:

1. Make minimax.fix throw `unsupported-provider` (code 2). The chat-
   completions API has no tool or filesystem access, so fix() could
   only return a FixPlanOutput but never edit the worktree. Per
   docs/patching.md, fix() must produce real edits; we refuse early
   with a clear message rather than record a no-op patch attempt.
   The error message names the providers that do support fix
   (codex, acpx, claude, opencode, pi) for discoverability.

2. Map HTTP failures to documented provider exit codes via a new
   `minimaxExitCode(status)` helper:
   - 401, 403 -> 4 (provider-auth)
   - 429      -> 5 (provider-quota)
   - other    -> 1 (generic provider-failure)
   Used in both `runMinimaxJson` and `provider.check()`.

3. Expose minimaxExitCode via `__testing` and add 4 unit tests
   covering the dispatch (401/403/429/other). Add 1 test asserting
   `provider.fix()` rejects with `unsupported-provider` and exit code 2.

4. Update README provider entry to document the supported operation
   set (map, review, revalidate) and the explicit fix limitation.

Tests: 151/151 passing (was 146/146).
Verification: pnpm typecheck && pnpm lint && pnpm format:check &&
pnpm test src/provider.test.ts && pnpm build all clean.

Closes review blockers on PR openclaw#126.
@ferminquant

Copy link
Copy Markdown
Contributor Author

@clawsweeper re-review

@clawsweeper

clawsweeper Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@clawsweeper clawsweeper Bot added rating: 🌊 off-meta tidepool PR readiness rating does not apply to this item. and removed rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. labels Jun 8, 2026
@ferminquant

Copy link
Copy Markdown
Contributor Author

@clawsweeper re-review

@clawsweeper

clawsweeper Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

Re-review progress:

@clawsweeper clawsweeper Bot added proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. and removed rating: 🌊 off-meta tidepool PR readiness rating does not apply to this item. labels Jun 8, 2026
ferminquant added a commit to ferminquant/clawpatch that referenced this pull request Jun 8, 2026
Addresses ClawSweeper review feedback on PR openclaw#126:

- Add `minimax` to the "Provider names today" list in
  docs/providers.md (alphabetical, after `grok`)
- Add a new `## MiniMax` section that documents:
  - Setup (env vars, model listing via `clawpatch doctor`)
  - Provider selection (`--provider minimax`, env-var override)
  - HTTP transport details (Bearer auth, base URL override)
  - Operation set: supports `map`, `review`, `revalidate`;
    `fix` is intentionally unsupported (exit code 2)
  - Structured output via `response_format.json_schema`
  - HTTP failure exit code mapping (401/403 -> 4, 429 -> 5, other -> 1)
  - Timeout knobs (`CLAWPATCH_MINIMAX_TIMEOUT_MS`,
    `CLAWPATCH_PROVIDER_TIMEOUT_MS`)
  - Permission caveat (remote API, same trust model as other
    read-only providers)
- Update the closing summary paragraph to note that `minimax` is a
  direct HTTP integration, distinct from the local-CLI providers
  (`grok`, `opencode`, `pi`, `cursor`) and the ACP route (`acpx`)

This brings the public docs into sync with the README provider entry
and the actual provider dispatch surface.

No code changes; no new tests needed.
Verification: pnpm typecheck && pnpm lint && pnpm format:check &&
pnpm test src/provider.test.ts all pass (151/151).
@ferminquant

Copy link
Copy Markdown
Contributor Author

@clawsweeper re-review

@clawsweeper

clawsweeper Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

@clawsweeper clawsweeper Bot added rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. and removed proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. labels Jun 8, 2026
@clawsweeper clawsweeper Bot added status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. and removed status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. labels Jun 8, 2026
Co-authored-by: Fermin Quant <ferminquant@gmail.com>
@steipete steipete force-pushed the feat/minimax-provider branch from 894826c to 3e02467 Compare June 10, 2026 22:40
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedundici@​6.26.09710010098100

View full report

@steipete steipete merged commit 7252f73 into openclaw:main Jun 10, 2026
8 checks passed
@steipete

Copy link
Copy Markdown
Contributor

Landed in 7252f7300f348629d77c6ba18575fae2938edd31.

Verification before merge:

pnpm typecheck
pnpm lint
pnpm format:check
pnpm test
pnpm build
pnpm pack:smoke

Local results:

Vitest: 825 passed, 1 skipped
pack:smoke: packaged CLI smoke mapped 13 features, 3 CUDA

Autoreview closeout:

autoreview clean: no accepted/actionable findings reported

Required GitHub Actions on head 05fba5cfe77873e243a16f583a07211519b2473f were all green:

CI: success
CodeQL: success
Dependency Review: success
Security Gate: Secret Scanning: success

Live MiniMax proof remains release-only blocked in this environment: exact MINIMAX_API_KEY check returned missing, and no targeted 1Password item or field was provided. Per maintainer clarification, that did not block merge; it blocks publishing a release until a redacted live /models check plus one schema-valid supported operation is run against the exact release commit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. P2 Normal priority bug or improvement with limited blast radius. proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat(provider): add minimax provider for MiniMax Token Plan models

2 participants