feat: add MiniMax OAuth plugin (#4521) (thanks @Maosghoul)

2026-05-08 09:31:25 +00:00 · 2026-01-31 12:42:45 +01:00
parent b9b94715fa
commit 1287328b6f
21 changed files with 795 additions and 38 deletions
--- a/src/agents/auth-profiles/constants.ts
+++ b/src/agents/auth-profiles/constants.ts
@@ -7,6 +7,7 @@ export const LEGACY_AUTH_FILENAME = "auth.json";
 export const CLAUDE_CLI_PROFILE_ID = "anthropic:claude-cli";
 export const CODEX_CLI_PROFILE_ID = "openai-codex:codex-cli";
 export const QWEN_CLI_PROFILE_ID = "qwen-portal:qwen-cli";
+export const MINIMAX_CLI_PROFILE_ID = "minimax-portal:minimax-cli";

 export const AUTH_STORE_LOCK_OPTIONS = {
  retries: {
--- a/src/agents/auth-profiles/external-cli-sync.ts
+++ b/src/agents/auth-profiles/external-cli-sync.ts
@@ -1,8 +1,12 @@
-import { readQwenCliCredentialsCached } from "../cli-credentials.js";
+import {
+  readQwenCliCredentialsCached,
+  readMiniMaxCliCredentialsCached,
+} from "../cli-credentials.js";
 import {
  EXTERNAL_CLI_NEAR_EXPIRY_MS,
  EXTERNAL_CLI_SYNC_TTL_MS,
  QWEN_CLI_PROFILE_ID,
+  MINIMAX_CLI_PROFILE_ID,
  log,
 } from "./constants.js";
 import type { AuthProfileCredential, AuthProfileStore, OAuthCredential } from "./types.js";
@@ -33,7 +37,7 @@ function isExternalProfileFresh(cred: AuthProfileCredential | undefined, now: nu
  if (cred.type !== "oauth" && cred.type !== "token") {
    return false;
  }
-  if (cred.provider !== "qwen-portal") {
+  if (cred.provider !== "qwen-portal" && cred.provider !== "minimax-portal") {
    return false;
  }
  if (typeof cred.expires !== "number") {
@@ -42,8 +46,43 @@ function isExternalProfileFresh(cred: AuthProfileCredential | undefined, now: nu
  return cred.expires > now + EXTERNAL_CLI_NEAR_EXPIRY_MS;
 }

+/** Sync external CLI credentials into the store for a given provider. */
+function syncExternalCliCredentialsForProvider(
+  store: AuthProfileStore,
+  profileId: string,
+  provider: string,
+  readCredentials: () => OAuthCredential | null,
+  now: number,
+): boolean {
+  const existing = store.profiles[profileId];
+  const shouldSync =
+    !existing || existing.provider !== provider || !isExternalProfileFresh(existing, now);
+  const creds = shouldSync ? readCredentials() : null;
+  if (!creds) {
+    return false;
+  }
+
+  const existingOAuth = existing?.type === "oauth" ? existing : undefined;
+  const shouldUpdate =
+    !existingOAuth ||
+    existingOAuth.provider !== provider ||
+    existingOAuth.expires <= now ||
+    creds.expires > existingOAuth.expires;
+
+  if (shouldUpdate && !shallowEqualOAuthCredentials(existingOAuth, creds)) {
+    store.profiles[profileId] = creds;
+    log.info(`synced ${provider} credentials from external cli`, {
+      profileId,
+      expires: new Date(creds.expires).toISOString(),
+    });
+    return true;
+  }
+
+  return false;
+}
+
 /**
- * Sync OAuth credentials from external CLI tools (Qwen Code CLI) into the store.
+ * Sync OAuth credentials from external CLI tools (Qwen Code CLI, MiniMax CLI) into the store.
 *
 * Returns true if any credentials were updated.
 */
@@ -79,5 +118,18 @@ export function syncExternalCliCredentials(store: AuthProfileStore): boolean {
    }
  }

+  // Sync from MiniMax Portal CLI
+  if (
+    syncExternalCliCredentialsForProvider(
+      store,
+      MINIMAX_CLI_PROFILE_ID,
+      "minimax-portal",
+      () => readMiniMaxCliCredentialsCached({ ttlMs: EXTERNAL_CLI_SYNC_TTL_MS }),
+      now,
+    )
+  ) {
+    mutated = true;
+  }
+
  return mutated;
 }
--- a/src/agents/cli-credentials.ts
+++ b/src/agents/cli-credentials.ts
@@ -14,6 +14,7 @@ const log = createSubsystemLogger("agents/auth-profiles");
 const CLAUDE_CLI_CREDENTIALS_RELATIVE_PATH = ".claude/.credentials.json";
 const CODEX_CLI_AUTH_FILENAME = "auth.json";
 const QWEN_CLI_CREDENTIALS_RELATIVE_PATH = ".qwen/oauth_creds.json";
+const MINIMAX_CLI_CREDENTIALS_RELATIVE_PATH = ".minimax/oauth_creds.json";

 const CLAUDE_CLI_KEYCHAIN_SERVICE = "Claude Code-credentials";
 const CLAUDE_CLI_KEYCHAIN_ACCOUNT = "Claude Code";
@@ -27,11 +28,13 @@ type CachedValue<T> = {
 let claudeCliCache: CachedValue<ClaudeCliCredential> | null = null;
 let codexCliCache: CachedValue<CodexCliCredential> | null = null;
 let qwenCliCache: CachedValue<QwenCliCredential> | null = null;
+let minimaxCliCache: CachedValue<MiniMaxCliCredential> | null = null;

 export function resetCliCredentialCachesForTest(): void {
  claudeCliCache = null;
  codexCliCache = null;
  qwenCliCache = null;
+  minimaxCliCache = null;
 }

 export type ClaudeCliCredential =
@@ -66,6 +69,14 @@ export type QwenCliCredential = {
  expires: number;
 };

+export type MiniMaxCliCredential = {
+  type: "oauth";
+  provider: "minimax-portal";
+  access: string;
+  refresh: string;
+  expires: number;
+};
+
 type ClaudeCliFileOptions = {
  homeDir?: string;
 };
@@ -102,6 +113,11 @@ function resolveQwenCliCredentialsPath(homeDir?: string) {
  return path.join(baseDir, QWEN_CLI_CREDENTIALS_RELATIVE_PATH);
 }

+function resolveMiniMaxCliCredentialsPath(homeDir?: string) {
+  const baseDir = homeDir ?? resolveUserPath("~");
+  return path.join(baseDir, MINIMAX_CLI_CREDENTIALS_RELATIVE_PATH);
+}
+
 function computeCodexKeychainAccount(codexHome: string) {
  const hash = createHash("sha256").update(codexHome).digest("hex");
  return `cli|${hash.slice(0, 16)}`;
@@ -200,6 +216,36 @@ function readQwenCliCredentials(options?: { homeDir?: string }): QwenCliCredenti
  };
 }

+function readMiniMaxCliCredentials(options?: { homeDir?: string }): MiniMaxCliCredential | null {
+  const credPath = resolveMiniMaxCliCredentialsPath(options?.homeDir);
+  const raw = loadJsonFile(credPath);
+  if (!raw || typeof raw !== "object") {
+    return null;
+  }
+  const data = raw as Record<string, unknown>;
+  const accessToken = data.access_token;
+  const refreshToken = data.refresh_token;
+  const expiresAt = data.expiry_date;
+
+  if (typeof accessToken !== "string" || !accessToken) {
+    return null;
+  }
+  if (typeof refreshToken !== "string" || !refreshToken) {
+    return null;
+  }
+  if (typeof expiresAt !== "number" || !Number.isFinite(expiresAt)) {
+    return null;
+  }
+
+  return {
+    type: "oauth",
+    provider: "minimax-portal",
+    access: accessToken,
+    refresh: refreshToken,
+    expires: expiresAt,
+  };
+}
+
 function readClaudeCliKeychainCredentials(
  execSyncImpl: ExecSyncFn = execSync,
 ): ClaudeCliCredential | null {
@@ -539,3 +585,25 @@ export function readQwenCliCredentialsCached(options?: {
  }
  return value;
 }
+
+export function readMiniMaxCliCredentialsCached(options?: {
+  ttlMs?: number;
+  homeDir?: string;
+}): MiniMaxCliCredential | null {
+  const ttlMs = options?.ttlMs ?? 0;
+  const now = Date.now();
+  const cacheKey = resolveMiniMaxCliCredentialsPath(options?.homeDir);
+  if (
+    ttlMs > 0 &&
+    minimaxCliCache &&
+    minimaxCliCache.cacheKey === cacheKey &&
+    now - minimaxCliCache.readAt < ttlMs
+  ) {
+    return minimaxCliCache.value;
+  }
+  const value = readMiniMaxCliCredentials({ homeDir: options?.homeDir });
+  if (ttlMs > 0) {
+    minimaxCliCache = { value, readAt: now, cacheKey };
+  }
+  return value;
+}
--- a/src/agents/model-auth.ts
+++ b/src/agents/model-auth.ts
@@ -277,6 +277,10 @@ export function resolveEnvApiKey(provider: string): EnvApiKeyResult | null {
    return pick("QWEN_OAUTH_TOKEN") ?? pick("QWEN_PORTAL_API_KEY");
  }

+  if (normalized === "minimax-portal") {
+    return pick("MINIMAX_OAUTH_TOKEN") ?? pick("MINIMAX_API_KEY");
+  }
+
  if (normalized === "kimi-coding") {
    return pick("KIMI_API_KEY") ?? pick("KIMICODE_API_KEY");
  }
--- a/src/agents/models-config.providers.ts
+++ b/src/agents/models-config.providers.ts
@@ -18,10 +18,12 @@ type ModelsConfig = NonNullable<OpenClawConfig["models"]>;
 export type ProviderConfig = NonNullable<ModelsConfig["providers"]>[string];

 const MINIMAX_API_BASE_URL = "https://api.minimax.chat/v1";
+const MINIMAX_PORTAL_BASE_URL = "https://api.minimax.io/anthropic";
 const MINIMAX_DEFAULT_MODEL_ID = "MiniMax-M2.1";
 const MINIMAX_DEFAULT_VISION_MODEL_ID = "MiniMax-VL-01";
 const MINIMAX_DEFAULT_CONTEXT_WINDOW = 200000;
 const MINIMAX_DEFAULT_MAX_TOKENS = 8192;
+const MINIMAX_OAUTH_PLACEHOLDER = "minimax-oauth";
 // Pricing: MiniMax doesn't publish public rates. Override in models.json for accurate costs.
 const MINIMAX_API_COST = {
  input: 15,
@@ -285,6 +287,24 @@ function buildMinimaxProvider(): ProviderConfig {
  };
 }

+function buildMinimaxPortalProvider(): ProviderConfig {
+  return {
+    baseUrl: MINIMAX_PORTAL_BASE_URL,
+    api: "anthropic-messages",
+    models: [
+      {
+        id: MINIMAX_DEFAULT_MODEL_ID,
+        name: "MiniMax M2.1",
+        reasoning: false,
+        input: ["text"],
+        cost: MINIMAX_API_COST,
+        contextWindow: MINIMAX_DEFAULT_CONTEXT_WINDOW,
+        maxTokens: MINIMAX_DEFAULT_MAX_TOKENS,
+      },
+    ],
+  };
+}
+
 function buildMoonshotProvider(): ProviderConfig {
  return {
    baseUrl: MOONSHOT_BASE_URL,
@@ -389,6 +409,14 @@ export async function resolveImplicitProviders(params: {
    providers.minimax = { ...buildMinimaxProvider(), apiKey: minimaxKey };
  }

+  const minimaxOauthProfile = listProfilesForProvider(authStore, "minimax-portal");
+  if (minimaxOauthProfile.length > 0) {
+    providers["minimax-portal"] = {
+      ...buildMinimaxPortalProvider(),
+      apiKey: MINIMAX_OAUTH_PLACEHOLDER,
+    };
+  }
+
  const moonshotKey =
    resolveEnvApiKeyVarName("moonshot") ??
    resolveApiKeyFromProfiles({ provider: "moonshot", store: authStore });