Skip to content

MiniMax: Token Plan recharge credits and web session enrichment#1981

Open
Yuxin-Qiao wants to merge 3 commits into
steipete:mainfrom
Yuxin-Qiao:feat/minimax-credit-web-session
Open

MiniMax: Token Plan recharge credits and web session enrichment#1981
Yuxin-Qiao wants to merge 3 commits into
steipete:mainfrom
Yuxin-Qiao:feat/minimax-credit-web-session

Conversation

@Yuxin-Qiao

Copy link
Copy Markdown
Contributor

Summary

Split from #1821 (PR A).

  • Fetch token_plan_credit recharge balance when a web session cookie is available
  • MiniMax Agent desktop cookie import and MiniMaxWebEnrichmentResolver for API-token refreshes
  • Menu credits row, pointsBalance diagnostics, and reset-time parsing fixes
  • Docs: docs/minimax.md

Test plan

  • make check
  • swift test --filter MiniMaxTokenPlanCredit
  • swift test --filter MiniMaxWebEnrichment
  • swift test --filter MiniMaxDesktopCookie

Stack

  • PR B (usage dashboard): feat/minimax-usage-dashboard
  • PR C (quota utilization): feat/minimax-quota-utilization

Made with Cursor

Add token_plan_credit enrichment for cookie-backed refreshes, MiniMax Agent
desktop cookie import, API-token web enrichment resolver, and menu credit display.

Co-authored-by: Cursor <cursoragent@cursor.com>
@clawsweeper

clawsweeper Bot commented Jul 8, 2026

Copy link
Copy Markdown

Codex review: needs changes before merge. Reviewed July 8, 2026, 12:36 AM ET / 04:36 UTC.

Summary
The branch adds MiniMax web-session token-plan credit enrichment, MiniMax Agent desktop cookie import, API-token web enrichment, menu and diagnostic points-balance fields, reset-time parsing fixes, docs, and tests.

Reproducibility: yes. The review blockers are source-reproducible on the current PR head by inspecting the token-cost path, MiniMax enrichment paths, Keychain access path, tests/docs, and unchanged review-commented code.

Review metrics: 2 noteworthy metrics.

  • Changed surface: 31 files, +2,476/-168. The PR spans provider auth/enrichment, UI, diagnostics, docs, and tests, so parser-only review is insufficient.
  • Sensitive additions: 5 MiniMax auth/enrichment files added. New desktop-cookie import and web-enrichment paths affect credential handling and provider routing before merge.

Root-cause cluster
Relationship: canonical
Canonical: #1981
Summary: This PR is the split landing candidate for the token-credit and web-session portion of the broader MiniMax work; the original broad PR was closed in favor of this split stack, while the dashboard and utilization PRs are adjacent follow-ups.

Members:

Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything.

Merge readiness
Overall: 🦪 silver shellfish
Proof: 🦞 diamond lobster ✨ media proof bonus
Patch quality: 🦪 silver shellfish
Result: blocked by patch quality or review findings.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • [P2] Repair the concrete review findings on this PR branch.
  • After repairs, get maintainer sign-off on automatic MiniMax Agent and web-session credential enrichment.

Risk before merge

  • [P1] Automatic MiniMax Agent desktop cookie import and API-token web-session enrichment change provider credential discovery and should not merge without explicit maintainer approval of that auth/privacy boundary.
  • [P1] MiniMax token-cost support is enabled before the cost refresh path can load or project MiniMax cost snapshots, which can surface unsupported-provider errors to users.
  • [P1] The PR advertises and tests console usage-summary enrichment, but production code currently never fetches the usage-summary endpoint.
  • [P1] Encrypted MiniMax Agent cookie import still reaches Keychain reads without honoring the repository-wide Keychain opt-out.
  • [P1] The release-owned changelog edit should be removed before normal feature merge.

Maintainer options:

  1. Repair blockers before boundary review (recommended)
    Fix the unsupported token-cost routing, platform import guard, Keychain opt-out, usage-summary mismatch, credit overwrite, group-less credit handling, and changelog edit before asking for final auth-boundary approval.
  2. Reduce the credential surface
    Remove automatic MiniMax Agent/browser enrichment or gate it behind an explicit opt-in while keeping manual/env cookie enrichment as the lower-risk path.
  3. Pause this MiniMax stack
    Keep this split stack waiting if maintainers are not ready to accept automatic local cookie-store enrichment in CodexBar core.

Next step before merge

  • [P2] A repair lane can address the concrete source blockers, but final merge still needs maintainer approval for the MiniMax credential boundary.

Maintainer decision needed

  • Question: Should CodexBar accept automatic MiniMax Agent desktop cookie import and API-token web-session enrichment in core after the source blockers are fixed?
  • Rationale: The implementation reads local MiniMax cookie storage and merges web-session credentials into provider refreshes, which VISION.md classifies as provider auth, data storage, and privacy-sensitive behavior needing sign-off.
  • Likely owner: steipete — steipete has the strongest current-main ownership signal for MiniMax provider, cost/menu, and auth-adjacent behavior and is the repository owner.
  • Options:
    • Approve after targeted repairs (recommended): Fix the concrete source blockers, keep the automatic MiniMax web-session enrichment behavior, and merge only after maintainer sign-off on the credential boundary.
    • Narrow credential discovery: Keep explicit manual/env cookies but make MiniMax Agent and browser-derived enrichment opt-in or remove it from this PR.
    • Pause the split stack: Hold this PR and dependent MiniMax dashboard/utilization work until maintainers decide whether this credential surface belongs in core.

Security
Needs attention: The diff still has a concrete Keychain boundary issue in MiniMax Agent encrypted-cookie import.

Review findings

  • [P2] Keep MiniMax token cost disabled until fetch is wired — Sources/CodexBarCore/Providers/MiniMax/MiniMaxProviderDescriptor.swift:31
  • [P2] Wrap macOS-only crypto imports — Tests/CodexBarTests/MiniMaxDesktopCookieImporterTests.swift:1-4
  • [P2] Honor the Keychain opt-out before Agent decryption — Sources/CodexBarCore/Providers/MiniMax/MiniMaxDesktopCookieImporter.swift:88
Review details

Best possible solution:

Land a narrowed branch that fixes the source blockers, keeps release notes out of CHANGELOG.md, and has explicit maintainer sign-off for automatic MiniMax Agent/web-session enrichment.

Do we have a high-confidence way to reproduce the issue?

Yes. The review blockers are source-reproducible on the current PR head by inspecting the token-cost path, MiniMax enrichment paths, Keychain access path, tests/docs, and unchanged review-commented code.

Is this the best way to solve the issue?

No. The feature direction is useful and backed by linked proof, but the current branch needs targeted repairs and maintainer sign-off on the credential boundary before it is the narrowest maintainable solution.

Full review comments:

  • [P2] Keep MiniMax token cost disabled until fetch is wired — Sources/CodexBarCore/Providers/MiniMax/MiniMaxProviderDescriptor.swift:31
    This still sets supportsTokenCost to true, but MiniMax is not projected from provider snapshots and CostUsageFetcher.loadTokenSnapshot rejects every provider except Codex, Claude, Vertex AI, and Bedrock. Keep this false or wire the MiniMax cost loader/projection in the same PR so users do not get unsupported-provider errors.
    Confidence: 0.92
  • [P2] Wrap macOS-only crypto imports — Tests/CodexBarTests/MiniMaxDesktopCookieImporterTests.swift:1-4
    CommonCrypto and SQLite3 are imported before the #if os(macOS) guard, so a non-macOS SwiftPM test build can fail while parsing imports for tests that are meant to be skipped. Put the platform or canImport guard around the imports as well as the test type.
    Confidence: 0.9
  • [P2] Honor the Keychain opt-out before Agent decryption — Sources/CodexBarCore/Providers/MiniMax/MiniMaxDesktopCookieImporter.swift:88
    Encrypted MiniMax Agent rows still call derivedKeys() here, which reaches KeychainSecurity.copyMatching, even when KeychainAccessGate.isDisabled is true. Skip encrypted Agent import or return no decryption keys while the gate is disabled so user/admin Keychain opt-outs are respected.
    Confidence: 0.93
  • [P2] Fetch or remove the advertised usage-summary request — Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift:445-448
    The PR adds tokenPlanUsageSummaryURL, docs, and tests expecting /backend/account/token_plan/usage_summary, but this method returns immediately after token-plan credit enrichment and no production code fetches that endpoint. Either fetch it here or keep usage-summary API/docs/tests in the dependent dashboard PR.
    Confidence: 0.9
  • [P2] Use the dedicated MiniMax credit balance when fetched — Sources/CodexBarCore/Providers/MiniMax/MiniMaxSubscriptionMetadata.swift:294
    When the remains snapshot already has a fallback pointsBalance but lacks an expiry, this path fetches the dedicated credit endpoint and then preserves the old balance via withPointsBalanceIfMissing. The dedicated token_plan_credit value should replace stale or fallback balances when the fetch succeeds.
    Confidence: 0.88
  • [P2] Accept group-less MiniMax credit payloads deliberately — Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher+WebEnrichment.swift:29-42
    A valid credit response with a parsed balance but no credit_packages_details leaves credit.groupIDs empty, so API-token enrichment never marks web data as received and drops the balance. Accept group-less responses when no group can be verified, or surface them as an explicit unverifiable state instead of silently ignoring them.
    Confidence: 0.86
  • [P3] Remove the release-owned changelog entry — CHANGELOG.md:7
    Repository policy keeps CHANGELOG.md owned by the release flow for normal PRs. Keep the user-visible release note in the PR body or commit message and leave the changelog for release handling.
    Confidence: 0.88

Overall correctness: patch is incorrect
Overall confidence: 0.92

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against aa401f1d8b74.

Label changes

Label justifications:

  • P2: This is a normal-priority provider enhancement with limited blast radius, but several concrete merge blockers remain.
  • merge-risk: 🚨 compatibility: The diff changes token-cost support and release/test behavior in ways that can break existing settings or nonstandard validation paths.
  • merge-risk: 🚨 auth-provider: The diff changes MiniMax API-token fallback, cookie-session enrichment, cached sessions, and provider routing behavior.
  • merge-risk: 🚨 security-boundary: The diff introduces automatic MiniMax Agent cookie-store decryption and web-session credential use with an unresolved Keychain opt-out blocker.
  • rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🦞 diamond lobster and patch quality is 🦪 silver shellfish.
  • status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (linked_artifact): Sufficient linked proof: the split PR links back to the original MiniMax PR with redacted live CLI output, endpoint sanity output, and screenshots showing after-fix recharge-credit/web-session behavior.
  • proof: sufficient: Contributor real behavior proof is sufficient. Sufficient linked proof: the split PR links back to the original MiniMax PR with redacted live CLI output, endpoint sanity output, and screenshots showing after-fix recharge-credit/web-session behavior.
Evidence reviewed

Security concerns:

  • [medium] MiniMax Agent cookie import bypasses Keychain opt-out — Sources/CodexBarCore/Providers/MiniMax/MiniMaxDesktopCookieImporter.swift:88
    Encrypted desktop-cookie rows trigger derivedKeys() and then KeychainSecurity.copyMatching without first checking KeychainAccessGate.isDisabled, so the user/admin Keychain access opt-out is not consistently enforced.
    Confidence: 0.93

Acceptance criteria:

  • [P1] swift build.
  • [P1] swift test --filter MiniMaxTokenPlanCreditTests.
  • [P1] swift test --filter MiniMaxWebEnrichmentResolverTests.
  • [P1] swift test --filter MiniMaxDesktopCookieImporterTests.
  • [P1] swift test --filter MiniMaxCurrentTokenPlanResponseTests.

What I checked:

Likely related people:

  • steipete: Current-main blame and history show recent ownership of MiniMax provider descriptor/fetch paths, MiniMax billing summaries, quota diagnostics, and adjacent cost/menu behavior. (role: feature owner and likely decision owner; confidence: high; commits: a83a83fa4131, af202b462bdf, 7ffad6b5a4bf; files: Sources/CodexBarCore/Providers/MiniMax/MiniMaxProviderDescriptor.swift, Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift, Sources/CodexBar/MenuCardView+Costs.swift)
  • Yuxin-Qiao: Recent current-main commits added or fixed MiniMax token-plan display, diagnostics, billing record filtering, and remains-to-used mapping, in addition to authoring this PR. (role: recent MiniMax contributor; confidence: high; commits: d00c6c0f523d, bde4290fe771, 78c8c0b2bd08; files: Sources/CodexBarCore/Providers/MiniMax, Tests/CodexBarTests/MiniMaxProviderTests.swift, Sources/CodexBarCore/Providers/ProviderDiagnosticExport.swift)
  • XWind: History shows XWind introduced multi-service MiniMax usage support and token-plan quota handling that this PR extends. (role: introduced and maintained MiniMax quota behavior; confidence: medium; commits: 77b7367c9bd7, 65a41cbee9b3, 90368202df70; files: Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift, Sources/CodexBarCore/Providers/MiniMax, Tests/CodexBarTests/MiniMaxProviderTests.swift)
  • Hinotobi: The endpoint override security hardening commit is directly adjacent to this PR's new MiniMax endpoint override surface. (role: adjacent security contributor; confidence: medium; commits: 1bb6d107664a; files: Sources/CodexBarCore/Providers/MiniMax/MiniMaxSettingsReader.swift, Sources/CodexBarCore/Providers/MiniMax/MiniMaxTokenPlanCreditFetcher.swift)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.
Review history (2 earlier review cycles)
  • reviewed 2026-07-08T03:38:11.004Z sha 4e3e744 :: needs changes before merge. :: [P2] Honor the Keychain opt-out before Agent decryption | [P2] Keep the Codex no-data credits state hidden | [P3] Remove the release-owned changelog entry
  • reviewed 2026-07-08T03:53:26.651Z sha 4232e48 :: needs changes before merge. :: [P2] Keep MiniMax token cost disabled until fetch is wired | [P2] Wrap macOS-only crypto imports | [P2] Honor the Keychain opt-out before Agent decryption | [P2] Restore the Codex no-data credit suppression | [P3] Remove the release-owned changelog entry

@clawsweeper clawsweeper Bot added proof: sufficient Contributor real behavior proof is sufficient. rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action. P2 Normal priority bug or improvement with limited blast radius. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. labels Jul 8, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

return L(metadata.creditsHint)

P2 Badge Restore Codex no-data credit suppression

When Codex has no credits snapshot and no credits error yet (for example at startup before the optional credits refresh completes), this fallback now returns the generic creditsHint as creditsText because the Codex-specific nil guard was removed. That makes the menu show “Credits unavailable; keep Codex running to refresh.” as an active credits row even though there is no failure or balance to report; keep suppressing the Codex no-data case until credits or error is present.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

tokenCost: ProviderTokenCostConfig(
supportsTokenCost: false,
noDataMessage: { "MiniMax cost summary is not supported." }),
supportsTokenCost: true,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep MiniMax token cost disabled until fetch is wired

When MiniMax is enabled and the global token-cost history setting is on, setting supportsTokenCost to true sends the provider through UsageStore.refreshTokenUsage (Sources/CodexBar/UsageStore.swift:1495) instead of being ignored. I checked the token-cost paths: MiniMax is not projected from the provider snapshot in UsageStore+TokenCost.swift, and CostUsageFetcher.loadTokenSnapshot currently only allows Codex, Claude, Vertex AI, and Bedrock before throwing unsupportedProvider (Sources/CodexBarCore/CostUsageFetcher.swift:119). As a result, users will see/log “Cost summary is not supported for minimax” rather than a MiniMax usage summary; keep this false or add the MiniMax loader in the same change.

Useful? React with 👍 / 👎.

@@ -0,0 +1,182 @@
import CommonCrypto

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Wrap macOS-only crypto import

In non-macOS SwiftPM test builds this import is parsed before the #if os(macOS) around the test type, and CommonCrypto is not available as a module there, so the whole CodexBarTests target fails to compile even though these tests are meant to be skipped. Put the platform/canImport guard around the imports as well as the struct.

Useful? React with 👍 / 👎.

Co-authored-by: Cursor <cursoragent@cursor.com>
@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. and removed rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. labels Jul 8, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4232e48791

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +445 to +448
return try await self.attachingTokenPlanCreditIfAvailable(
to: enrichedSnapshot,
context: context,
groupID: groupID)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Fetch MiniMax usage summary before returning

In the MiniMax web fetch path, especially when includeBillingHistory == false, this now returns immediately after credit enrichment; no code ever calls MiniMaxAPIRegion.tokenPlanUsageSummaryURL. Fresh evidence beyond the existing token-cost finding is the new MiniMaxProviderTests assertion for /backend/account/token_plan/usage_summary, which this path cannot satisfy, so make check fails and no usage summary is collected for users. Add that fetch before returning, or stop expecting/advertising it.

Useful? React with 👍 / 👎.

region: context.region,
environment: context.environment,
transport: context.transport)
return snapshot.withPointsBalanceIfMissing(credit.balance, expiresAt: credit.expiresAt)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Use the fetched MiniMax credit balance

When the coding-plan/remains payload already contains a pointsBalance but no expiry, this path still fetches the dedicated token_plan_credit endpoint, then calls withPointsBalanceIfMissing, which preserves the older balance and only fills the expiry. That means the production web-session path does not actually replace a stale or fallback balance with the dedicated recharge-credit value, despite the new helper/test implying the dedicated endpoint should win.

Useful? React with 👍 / 👎.

Comment on lines +29 to +36
if let resolvedGroupID,
!credit.groupIDs.isEmpty,
credit.groupIDs.contains(resolvedGroupID)
{
enriched = enriched.withPointsBalanceFromDedicatedEndpoint(
credit.balance,
expiresAt: credit.expiresAt)
receivedWebData = true

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Accept group-less MiniMax credit payloads

For API-token enrichment, a valid token_plan_credit response that has a balance but omits credit_packages_details never enters either branch because credit.groupIDs is empty, so the balance is dropped and the web session is later reported as unavailable. This affects explicit/manual or desktop cookies when the endpoint returns one of the parser-supported balance fallback shapes; apply the balance when no group IDs are supplied, or otherwise mark the response as unverifiable instead of ignoring it.

Useful? React with 👍 / 👎.

Keep optional credits hidden when Codex has no credits snapshot so Buy Credits
remains available without rendering an error-only credits section.

Co-authored-by: Cursor <cursoragent@cursor.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. P2 Normal priority bug or improvement with limited blast radius. proof: sufficient Contributor real behavior proof is sufficient. rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant