Skip to content

MiniMax: Token Plan recharge credits and web session enrichment#1981

Closed
Yuxin-Qiao wants to merge 7 commits into
steipete:mainfrom
Yuxin-Qiao:feat/minimax-credit-web-session
Closed

MiniMax: Token Plan recharge credits and web session enrichment#1981
Yuxin-Qiao wants to merge 7 commits into
steipete:mainfrom
Yuxin-Qiao:feat/minimax-credit-web-session

Conversation

@Yuxin-Qiao

Copy link
Copy Markdown
Contributor

Summary

Split from #1821 (PR A).

  • Fetch token_plan_credit recharge balance when a web session cookie is available
  • MiniMax Agent desktop cookie import and MiniMaxWebEnrichmentResolver for API-token refreshes
  • Menu credits row, pointsBalance diagnostics, and reset-time parsing fixes
  • Docs: docs/minimax.md

Test plan

  • make check
  • swift test --filter MiniMaxTokenPlanCredit
  • swift test --filter MiniMaxWebEnrichment
  • swift test --filter MiniMaxDesktopCookie

Stack

  • PR B (usage dashboard): feat/minimax-usage-dashboard
  • PR C (quota utilization): feat/minimax-quota-utilization

Made with Cursor

Add token_plan_credit enrichment for cookie-backed refreshes, MiniMax Agent
desktop cookie import, API-token web enrichment resolver, and menu credit display.

Co-authored-by: Cursor <cursoragent@cursor.com>
@clawsweeper

clawsweeper Bot commented Jul 8, 2026

Copy link
Copy Markdown

Codex review: needs changes before merge. Reviewed July 8, 2026, 11:28 AM ET / 15:28 UTC.

Summary
The branch adds MiniMax token-plan recharge-credit enrichment from web-session cookies, MiniMax Agent desktop cookie import, API-token web enrichment, menu and diagnostic credit display, reset parsing fixes, docs, and tests.

Reproducibility: yes. for the review findings by source inspection: the latest head still has the relevant imports, guards, and branch conditions in changed MiniMax files. I did not run live MiniMax or Keychain probes because repository policy directs provider/parser validation through stubs unless explicitly requested.

Review metrics: 2 noteworthy metrics.

  • Provider surface touched: 31 files changed, +2564/-170. The PR changes MiniMax fetching, cookie import, diagnostics, menu display, docs, and tests, so provider correctness review is needed before merge.
  • New credential source: 1 desktop cookie importer added. Reading MiniMax Agent cookies and Safe Storage keys changes the credential boundary beyond ordinary parser work.

Root-cause cluster
Relationship: canonical
Canonical: #1981
Summary: This PR is the canonical split for MiniMax recharge-credit and web-session enrichment; the original umbrella PR was closed unmerged, while the usage dashboard and quota utilization PRs are adjacent follow-up splits.

Members:

Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything.

Merge readiness
Overall: 🦪 silver shellfish
Proof: 🦞 diamond lobster
Patch quality: 🦪 silver shellfish
Result: blocked by patch quality or review findings.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • [P2] Fix the MiniMax cost-support toggle or add the actual MiniMax cost loader path.
  • Honor disabled Keychain access before MiniMax desktop Safe Storage lookup.
  • Make direct web and API enrichment apply only verified credits while accepting deliberately safe group-less or single-group responses.

Risk before merge

  • [P1] MiniMax users with token-cost display enabled can be routed into an unsupported-provider cost path rather than the intended MiniMax no-data or summary behavior.
  • [P1] The new MiniMax Agent desktop cookie importer can still perform Safe Storage Keychain reads when the app-level Keychain access gate is disabled.
  • [P1] Credit enrichment can display an unverified or mismatched web-session balance, while the API enrichment path can drop valid balances from MiniMax Agent or manual cookies that lack a local group ID.

Maintainer options:

  1. Repair provider and credential boundaries first (recommended)
    Fix token-cost routing, Keychain opt-out enforcement, credit group verification/acceptance, and split-specific docs before merge.
  2. Accept current MiniMax risk
    Maintainers could intentionally merge the current behavior, but users may see unsupported cost errors and credential-boundary surprises.
  3. Pause desktop-cookie import
    If automatic MiniMax Agent cookie access is not an accepted product boundary, narrow this PR to manual/browser-session credit enrichment before merge.
Copy recommended automerge instruction
@clawsweeper automerge

Special instructions:
Keep the MiniMax credit-only scope; set supportsTokenCost false unless a MiniMax cost snapshot loader is added; guard MiniMaxDesktopCookieImporter Safe Storage lookup with KeychainAccessGate; verify returned credit group IDs before merging direct web credits; accept only deliberately safe group-less or single-group API enrichment; remove usage-summary docs and the CHANGELOG entry; add focused stub tests without live provider or Keychain-prompt validation.

Next step before merge

  • [P2] The remaining blockers are concrete file-level repairs that an automated repair lane can attempt, though final merge still needs maintainer approval for the MiniMax Agent credential boundary.

Maintainer decision needed

  • Question: Should CodexBar accept MiniMax Agent desktop cookies as an automatic enrichment source once this PR honors the Keychain gate and verifies credit group ownership?
  • Rationale: The file-level repairs are concrete, but reading another desktop app's cookie database and Safe Storage key is a credential-boundary and product-consent choice that should be explicit before merge.
  • Likely owner: Peter Steinberger — He has the strongest current MiniMax provider history and is the best routing candidate for the credential-source product boundary.
  • Options:
    • Accept after boundary fixes (recommended): Keep MiniMax Agent as an automatic source, but require KeychainAccessGate enforcement, group verification, and clear docs before merge.
    • Manual and browser only: Remove MiniMax Agent desktop import from this PR and rely on existing manual, cached, or user-initiated browser-cookie paths.
    • Make desktop import opt-in: Add an explicit user setting before using MiniMax Agent cookies, trading convenience for clearer consent.

Security
Needs attention: The diff introduces MiniMax web-cookie and desktop Safe Storage access, and the disabled-Keychain gate plus credit account/group verification are not consistently enforced.

Review findings

  • [P2] Wrap macOS-only test imports — Tests/CodexBarTests/MiniMaxDesktopCookieImporterTests.swift:1-3
  • [P2] Keep MiniMax token cost disabled until fetch is wired — Sources/CodexBarCore/Providers/MiniMax/MiniMaxProviderDescriptor.swift:31
  • [P2] Honor disabled Keychain access before Safe Storage lookup — Sources/CodexBarCore/Providers/MiniMax/MiniMaxDesktopCookieImporter.swift:177
Review details

Best possible solution:

Land the credit-only enrichment after token-cost routing, Keychain gating, group-safe credit merging, and split-specific docs/changelog handling are repaired; defer usage-summary dashboard claims to the follow-up PR.

Do we have a high-confidence way to reproduce the issue?

Yes for the review findings by source inspection: the latest head still has the relevant imports, guards, and branch conditions in changed MiniMax files. I did not run live MiniMax or Keychain probes because repository policy directs provider/parser validation through stubs unless explicitly requested.

Is this the best way to solve the issue?

No; the credit-only split is a better shape than the closed umbrella PR, but the current patch still has bounded correctness, docs, and credential-boundary blockers.

Full review comments:

  • [P2] Wrap macOS-only test imports — Tests/CodexBarTests/MiniMaxDesktopCookieImporterTests.swift:1-3
    CommonCrypto and SQLite3 are imported before the #if os(macOS) guard, so non-macOS SwiftPM builds parse those modules before skipping the test type. Move the platform or canImport guard above the macOS-only imports as well as the struct.
    Confidence: 0.93
  • [P2] Keep MiniMax token cost disabled until fetch is wired — Sources/CodexBarCore/Providers/MiniMax/MiniMaxProviderDescriptor.swift:31
    Setting supportsTokenCost to true sends MiniMax through token-cost refresh, but CostUsageFetcher.loadTokenSnapshot still rejects MiniMax and provider-snapshot projection only handles OpenAI and Mistral. Keep this false or add the MiniMax cost loader in the same change.
    Confidence: 0.96
  • [P2] Honor disabled Keychain access before Safe Storage lookup — Sources/CodexBarCore/Providers/MiniMax/MiniMaxDesktopCookieImporter.swift:177
    Encrypted MiniMax desktop cookies still derive Safe Storage keys through KeychainSecurity.copyMatching without checking KeychainAccessGate.isDisabled. Add the same early opt-out guard used by the other cookie importers before building or issuing the query.
    Confidence: 0.94
  • [P2] Verify and replace direct web credit balances — Sources/CodexBarCore/Providers/MiniMax/MiniMaxSubscriptionMetadata.swift:294
    The direct web-session path fetches CreditSnapshot but ignores returned groupIDs and only calls withPointsBalanceIfMissing, so a different group's balance can be merged and a stale fallback balance can beat the dedicated endpoint. Check returned groups when present and let the verified dedicated balance replace fallback data.
    Confidence: 0.91
  • [P2] Accept verifiable API credits without local group IDs — Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher+WebEnrichment.swift:29-41
    API-token enrichment only applies credit when a local resolved group ID exists and matches a non-empty returned set. MiniMax Agent or manual cookies can lack minimax_group_id_v2, so a successful credit response may leave receivedWebData false; accept a deliberately safe single-group or group-less response, or report it as explicitly unverifiable.
    Confidence: 0.88
  • [P2] Remove usage-summary claims from this credit split — docs/minimax.md:68-71
    This split no longer fetches /backend/account/token_plan/usage_summary, and MiniMax: usage summary dashboard UI #1982 owns that work, but these docs still describe usage-summary enrichment and pricing projection as part of this PR. Remove or defer those claims so docs match the credit-only behavior being merged.
    Confidence: 0.89
  • [P3] Remove the release-owned changelog entry — CHANGELOG.md:7
    This contributor PR edits CHANGELOG.md directly even though repository policy treats release notes as release-owned. Keep the release context in the PR body and let the release flow update the changelog.
    Confidence: 0.8

Overall correctness: patch is incorrect
Overall confidence: 0.9

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against aa401f1d8b74.

Label changes

Label justifications:

  • P2: The remaining defects affect a MiniMax-specific provider feature and can be fixed in a bounded follow-up on this PR.
  • merge-risk: 🚨 compatibility: MiniMax is marked as supporting token-cost usage even though the shared cost fetcher still rejects the provider.
  • merge-risk: 🚨 auth-provider: The PR adds API-token plus web-cookie enrichment and still has account/group matching gaps that can misclassify or drop web sessions.
  • merge-risk: 🚨 security-boundary: The PR introduces a desktop cookie and Safe Storage import path that does not consistently honor the app's Keychain access gate.
  • rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🦞 diamond lobster and patch quality is 🦪 silver shellfish.
  • status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (live_output): The linked umbrella PR includes redacted live CLI output showing API quota plus web-session pointsBalance: 20000 and provider cost for the MiniMax credit path.
  • proof: sufficient: Contributor real behavior proof is sufficient. The linked umbrella PR includes redacted live CLI output showing API quota plus web-session pointsBalance: 20000 and provider cost for the MiniMax credit path.
Evidence reviewed

Security concerns:

  • [medium] Keychain opt-out is bypassed for MiniMax Safe Storage — Sources/CodexBarCore/Providers/MiniMax/MiniMaxDesktopCookieImporter.swift:177
    Encrypted MiniMax desktop cookies can trigger a Safe Storage keychain lookup even when app-level Keychain access is disabled, violating the expected credential-access boundary.
    Confidence: 0.94
  • [medium] Credit balance can cross account or group boundaries — Sources/CodexBarCore/Providers/MiniMax/MiniMaxSubscriptionMetadata.swift:294
    The direct web path merges token-plan credit without checking returned group IDs, while API enrichment inconsistently drops otherwise valid group-less responses; this can show another group's balance or misreport a valid session.
    Confidence: 0.88

Acceptance criteria:

  • [P1] swift test --filter MiniMaxTokenPlanCredit.
  • [P1] swift test --filter MiniMaxWebEnrichment.
  • [P1] swift test --filter MiniMaxDesktopCookie.
  • [P1] swift test --filter MiniMaxProvider.
  • [P1] make check.

What I checked:

  • Repository policy read: AGENTS.md was read fully; its guidance on focused SwiftPM validation, avoiding live Keychain/provider probes unless explicitly requested, provider data siloing, and release-owned changelog handling affected this review. (AGENTS.md:1, aa401f1d8b74)
  • No maintainer notes found: The checkout has no .agents/maintainer-notes/ files matching this provider or PR surface. (aa401f1d8b74)
  • Current main lacks the central feature: A current-main search found no token_plan_credit, MiniMaxDesktopCookieImporter, MiniMaxWebEnrichmentResolver, pointsBalanceExpiresAt, tokenPlanCreditURL, or usage_summary implementation, so this PR is not obsolete on main. (aa401f1d8b74)
  • Token-cost routing remains unsupported: The PR sets MiniMax supportsTokenCost to true, while CostUsageFetcher.loadTokenSnapshot still rejects any provider except Codex, Claude, Vertex AI, or Bedrock, and provider-snapshot projection still only handles OpenAI and Mistral. (Sources/CodexBarCore/Providers/MiniMax/MiniMaxProviderDescriptor.swift:31, 3f42c35b4d4a)
  • Shared cost fetcher excludes MiniMax: The token-cost loader guard still throws unsupportedProvider for MiniMax. (Sources/CodexBarCore/CostUsageFetcher.swift:122, 3f42c35b4d4a)
  • Keychain gate is bypassed in the new importer: MiniMaxDesktopCookieImporter.safeStoragePassword applies a no-UI query and calls KeychainSecurity.copyMatching without first checking KeychainAccessGate.isDisabled; the Alibaba importer on main shows the established early guard pattern. (Sources/CodexBarCore/Providers/MiniMax/MiniMaxDesktopCookieImporter.swift:177, 3f42c35b4d4a)

Likely related people:

  • Peter Steinberger: He has the heaviest MiniMax provider history in this checkout and authored recent MiniMax token-plan fallback, region retry, provider descriptor, and billing work. (role: recent area contributor and likely decision owner; confidence: high; commits: a83a83fa4131, 7ffad6b5a4bf, d6e225af364a; files: Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift, Sources/CodexBarCore/Providers/MiniMax/MiniMaxProviderDescriptor.swift, Sources/CodexBarCore/Providers/MiniMax/MiniMaxSubscriptionMetadata.swift)
  • Yuxin-Qiao: Beyond proposing this PR, prior merged history shows MiniMax token-plan display and quota-card work across the same fetcher and tests. (role: prior MiniMax feature contributor; confidence: medium; commits: d00c6c0f523d, 645ca833df31, 5e38f6beb98d; files: Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift, Tests/CodexBarTests/MiniMaxProviderTests.swift, Tests/CodexBarTests/MiniMaxCurrentTokenPlanResponseTests.swift)
  • Hinotobi: Authored provider endpoint-override hardening that touched MiniMax settings, subscription metadata, usage fetching, and tests. (role: provider security contributor; confidence: medium; commits: 1bb6d107664a; files: Sources/CodexBarCore/Providers/MiniMax/MiniMaxSettingsReader.swift, Sources/CodexBarCore/Providers/MiniMax/MiniMaxSubscriptionMetadata.swift, Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift)
  • XWind: Authored several MiniMax token-plan quota and fallback fixes in the same parser/fetcher path. (role: MiniMax token-plan contributor; confidence: medium; commits: 20d2ebe991c1, bfff3dfe494a, 65a41cbee9b3; files: Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift, Tests/CodexBarTests/MiniMaxProviderTests.swift)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.
Review history (6 earlier review cycles)
  • reviewed 2026-07-08T03:38:11.004Z sha 4e3e744 :: needs changes before merge. :: [P2] Honor the Keychain opt-out before Agent decryption | [P2] Keep the Codex no-data credits state hidden | [P3] Remove the release-owned changelog entry
  • reviewed 2026-07-08T03:53:26.651Z sha 4232e48 :: needs changes before merge. :: [P2] Keep MiniMax token cost disabled until fetch is wired | [P2] Wrap macOS-only crypto imports | [P2] Honor the Keychain opt-out before Agent decryption | [P2] Restore the Codex no-data credit suppression | [P3] Remove the release-owned changelog entry
  • reviewed 2026-07-08T04:36:38.467Z sha 45599ee :: needs changes before merge. :: [P2] Keep MiniMax token cost disabled until fetch is wired | [P2] Wrap macOS-only crypto imports | [P2] Honor the Keychain opt-out before Agent decryption | [P2] Fetch or remove the advertised usage-summary request | [P2] Use the dedicated MiniMax credit balance when fetched | [P2] Accept group-less MiniMax credit payloads deliberately
  • reviewed 2026-07-08T06:09:05.172Z sha 814add1 :: needs changes before merge. :: [P2] Keep MiniMax token cost disabled until fetch is wired | [P2] Wrap macOS-only test imports | [P2] Honor the Keychain opt-out before Agent import | [P2] Fetch or remove usage-summary enrichment | [P2] Let dedicated credit replace fallback balances | [P2] Handle group-less credit payloads deliberately
  • reviewed 2026-07-08T13:44:34.871Z sha 2b6d15e :: needs changes before merge. :: [P2] Wrap macOS-only test imports | [P2] Keep MiniMax token cost disabled until fetch is wired | [P2] Honor disabled Keychain access before Safe Storage lookup | [P2] Verify and replace direct web credit balances | [P2] Accept verifiable API credits without local group IDs | [P2] Remove usage-summary claims from this credit split
  • reviewed 2026-07-08T15:15:21.522Z sha 0f39934 :: needs changes before merge. :: [P2] Wrap macOS-only test imports | [P2] Keep MiniMax token cost disabled until fetch is wired | [P2] Honor disabled Keychain access before Safe Storage lookup | [P2] Verify and replace direct web credit balances | [P2] Accept verifiable API credits without local group IDs | [P2] Remove usage-summary claims from this credit split

@clawsweeper clawsweeper Bot added proof: sufficient Contributor real behavior proof is sufficient. rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action. P2 Normal priority bug or improvement with limited blast radius. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. labels Jul 8, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

return L(metadata.creditsHint)

P2 Badge Restore Codex no-data credit suppression

When Codex has no credits snapshot and no credits error yet (for example at startup before the optional credits refresh completes), this fallback now returns the generic creditsHint as creditsText because the Codex-specific nil guard was removed. That makes the menu show “Credits unavailable; keep Codex running to refresh.” as an active credits row even though there is no failure or balance to report; keep suppressing the Codex no-data case until credits or error is present.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

tokenCost: ProviderTokenCostConfig(
supportsTokenCost: false,
noDataMessage: { "MiniMax cost summary is not supported." }),
supportsTokenCost: true,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep MiniMax token cost disabled until fetch is wired

When MiniMax is enabled and the global token-cost history setting is on, setting supportsTokenCost to true sends the provider through UsageStore.refreshTokenUsage (Sources/CodexBar/UsageStore.swift:1495) instead of being ignored. I checked the token-cost paths: MiniMax is not projected from the provider snapshot in UsageStore+TokenCost.swift, and CostUsageFetcher.loadTokenSnapshot currently only allows Codex, Claude, Vertex AI, and Bedrock before throwing unsupportedProvider (Sources/CodexBarCore/CostUsageFetcher.swift:119). As a result, users will see/log “Cost summary is not supported for minimax” rather than a MiniMax usage summary; keep this false or add the MiniMax loader in the same change.

Useful? React with 👍 / 👎.

@@ -0,0 +1,182 @@
import CommonCrypto

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Wrap macOS-only crypto import

In non-macOS SwiftPM test builds this import is parsed before the #if os(macOS) around the test type, and CommonCrypto is not available as a module there, so the whole CodexBarTests target fails to compile even though these tests are meant to be skipped. Put the platform/canImport guard around the imports as well as the struct.

Useful? React with 👍 / 👎.

Co-authored-by: Cursor <cursoragent@cursor.com>
@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. and removed rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. labels Jul 8, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4232e48791

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +445 to +448
return try await self.attachingTokenPlanCreditIfAvailable(
to: enrichedSnapshot,
context: context,
groupID: groupID)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Fetch MiniMax usage summary before returning

In the MiniMax web fetch path, especially when includeBillingHistory == false, this now returns immediately after credit enrichment; no code ever calls MiniMaxAPIRegion.tokenPlanUsageSummaryURL. Fresh evidence beyond the existing token-cost finding is the new MiniMaxProviderTests assertion for /backend/account/token_plan/usage_summary, which this path cannot satisfy, so make check fails and no usage summary is collected for users. Add that fetch before returning, or stop expecting/advertising it.

Useful? React with 👍 / 👎.

region: context.region,
environment: context.environment,
transport: context.transport)
return snapshot.withPointsBalanceIfMissing(credit.balance, expiresAt: credit.expiresAt)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Use the fetched MiniMax credit balance

When the coding-plan/remains payload already contains a pointsBalance but no expiry, this path still fetches the dedicated token_plan_credit endpoint, then calls withPointsBalanceIfMissing, which preserves the older balance and only fills the expiry. That means the production web-session path does not actually replace a stale or fallback balance with the dedicated recharge-credit value, despite the new helper/test implying the dedicated endpoint should win.

Useful? React with 👍 / 👎.

Comment on lines +29 to +36
if let resolvedGroupID,
!credit.groupIDs.isEmpty,
credit.groupIDs.contains(resolvedGroupID)
{
enriched = enriched.withPointsBalanceFromDedicatedEndpoint(
credit.balance,
expiresAt: credit.expiresAt)
receivedWebData = true

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Accept group-less MiniMax credit payloads

For API-token enrichment, a valid token_plan_credit response that has a balance but omits credit_packages_details never enters either branch because credit.groupIDs is empty, so the balance is dropped and the web session is later reported as unavailable. This affects explicit/manual or desktop cookies when the endpoint returns one of the parser-supported balance fallback shapes; apply the balance when no group IDs are supplied, or otherwise mark the response as unverifiable instead of ignoring it.

Useful? React with 👍 / 👎.

Yuxin-Qiao and others added 2 commits July 8, 2026 12:23
Keep optional credits hidden when Codex has no credits snapshot so Buy Credits
remains available without rendering an error-only credits section.

Co-authored-by: Cursor <cursoragent@cursor.com>
Drop usage_summary host expectations that belong to the dashboard follow-up PR.

Co-authored-by: Cursor <cursoragent@cursor.com>
@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. and removed rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. labels Jul 8, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 814add198c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

KeychainNoUIQuery.apply(to: &query)

var result: AnyObject?
let status = KeychainSecurity.copyMatching(query as CFDictionary, &result)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Honor disabled Keychain access for MiniMax cookies

When the user has disabled Keychain access and the MiniMax desktop cookie DB contains encrypted values, importSession() still reaches this SecItemCopyMatching call to derive the Safe Storage key. The query is non-interactive, but it bypasses the app's KeychainAccessGate setting and performs the keychain read that setting is supposed to suppress; return nil before building/issuing the query when KeychainAccessGate.isDisabled, as the other cookie importers do.

Useful? React with 👍 / 👎.

region: context.region,
environment: context.environment,
transport: context.transport)
return snapshot.withPointsBalanceIfMissing(credit.balance, expiresAt: credit.expiresAt)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Verify MiniMax credit groups before merging

When this web fetch has a resolved group ID but token_plan_credit returns package group IDs for a different group, the balance is still merged into the quota snapshot because credit.groupIDs is ignored here. That can attach another MiniMax account/group's points balance to the displayed usage; the API-token enrichment path treats the same condition as accountMismatch, so this path should skip or reject the credit when the returned groups do not include the resolved group.

Useful? React with 👍 / 👎.

Comment on lines +29 to +31
if let resolvedGroupID,
!credit.groupIDs.isEmpty,
credit.groupIDs.contains(resolvedGroupID)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Apply verified credits when no local group ID exists

For API-token refreshes that use MiniMax Agent or a simple manual/env cookie without minimax_group_id_v2, resolvedGroupID is nil, so a successful token_plan_credit response with normal credit_packages_details falls through both branches: no balance is merged, receivedWebData stays false, and the valid web session is later reported as unavailable. Either accept a safely verifiable single returned group or report an explicit unverifiable/mismatch state instead of dropping the fetched credit.

Useful? React with 👍 / 👎.

Credit PR enrichment only hits token_plan_credit; usage_summary belongs to
the dashboard follow-up.

Co-authored-by: Cursor <cursoragent@cursor.com>
@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. and removed rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. labels Jul 8, 2026
When token plan subscription is not active but `points_balance` exists,
do not treat the response as a blocking API error; keep rendering credits.

Co-authored-by: Cursor <cursoragent@cursor.com>

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0f399347ef

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +919 to +920
if tokenPlanInactiveMessage, hasPointsBalance {
MiniMaxUsageFetcher.log.debug("MiniMax coding plan status ignored: \(status) \(message)")

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Return a credit-only snapshot for inactive token plans

When MiniMax returns an inactive-token-plan response that has points_balance but no model_remains entries, this branch only suppresses the API error; execution then falls through to the modelRemains guard below and throws parseFailed, so users still lose the remaining credits display for the no-active-subscription case. Return a credit-only snapshot or bypass the quota guard for this partial payload.

Useful? React with 👍 / 👎.

Keep empty-quota snapshots when Token Plan is inactive so recharge credit
enrichment can still run instead of blocking the whole MiniMax refresh.

Co-authored-by: Cursor <cursoragent@cursor.com>
@Yuxin-Qiao

Copy link
Copy Markdown
Contributor Author

Closing for now — need to revisit the approach; current changes need more work before merge.

@Yuxin-Qiao Yuxin-Qiao closed this Jul 8, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3f42c35b4d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +927 to +931
return MiniMaxUsageSnapshot(
planName: self.parsePlanName(data: payload.data),
availablePrompts: nil,
currentPrompts: nil,
remainingPrompts: nil,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Avoid synthesizing quota for credit-only MiniMax plans

When MiniMax reports an inactive/no-quota token plan with only points_balance, this new branch returns a successful snapshot with all quota fields nil. Fresh evidence after the earlier inactive-plan issue is that MiniMaxUsageSnapshot.toUsageSnapshot() still falls through its single-service fallback and creates a primary RateWindow with usedPercent defaulting to 0, so the menu/status can show a full/empty “Prompts” quota even though no quota lane was reported. Return a snapshot without a primary quota window for this credit-only case, or mark it as unavailable/placeholder before rendering.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. P2 Normal priority bug or improvement with limited blast radius. proof: sufficient Contributor real behavior proof is sufficient. rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant